How to use the single-machine card to achieve the company's internal and external network access

In a project I am going to implement, there are two sets of network systems within a company to achieve physical isolation of the internal and external network, and employees to access the internal and external network using a dual-NIC Isolator to switch to achieve a different network. With the progress of business and technology, users need a set of desktop cloud system, using desktop cloud to build the internal and external network, the front-end use of the cloud terminal all-in-one machine to connect Desktop cloud Server landing desktop access. This creates a lot of problems:

1, because the user in the beginning of the desktop cloud system will be deployment of each cloud terminal location only a network cable, not like other companies to use inside and outside the network are in each terminal before the cloth two network cable to switch different networks.

2, the cloud terminal all-in-one machine is also only a network port, can not realize the dual network port isolation access inside and outside the network.

Here I think that is not like the general internal and external network access to adopt a physical isolation scheme, then I only use the network logic isolation scheme pull (a different VLAN, using ACLs to isolate the internal and external network). In this project, I use Hyper-converged server system, Vmware Horizon6, Gigabit Core switch,  Gigabit Access switch, extranet firewall, Web Firewall, IPS, cloud terminal All-in-one machine, and other software and hardware devices, the system's partial topology diagram is as follows:

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M02/80/DF/wKiom1dEICOgvIVDAAElTWU5GZU754.png "title=" QQ picture 20160524173340.png "Width=" "height=" 568 "border=" 0 "hspace=" 0 "vspace=" 0 "style=" width:500px;height:568px; " alt= "Wkiom1deicogvivdaaeltwu5gzu754.png"/>

in the above topology diagram can be seen in the cloud terminal all-in-one and gigabit access between the switch is the use of Super Five network cable connection, hyper-converged server system and Gigabit switch between the use of SFP + multimode module to achieve connectivity, on the gigabit core switch on an electric port connected to the intranet optical line , an electrical port connected to the external network firewall out of the Internet network, the external network firewall and the core switch between the transparent deployment of an IPS, between the access switch and the core switch between the deployment of a Web firewall (for intranet users, to protect the Web site).

In order to better in the implementation process without problems, I set up an experimental environment to go through, my experimental topology diagram is as follows:

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M02/80/DD/wKioL1dEJUeBf4NmAACnRITqQGU488.jpg "title=" Drawing 1.jpg "Width=" "height=" 519 "border=" 0 "hspace=" 0 "vspace=" 0 "style=" WIDTH:700PX;HEIGHT:519PX; "alt=" Wkiol1dejuebf4nmaacnritqqgu488.jpg "/>

1, in the topology diagram I have to simplify the IPs and web firewalls, do not hinder the simulation of the real process.

2, I use the VMware Workstation software to install a WIN2008 R2 system to simulate the internal and external desktop system.

3. I then use the VMware Workstation software to install a WinXP system to simulate the end user.

4, I use ENSP to simulate the core, access to the switch system.

5, I use the VMware Workstation Software Installation Panabit to simulate the firewall system, using the Sisu network function.

6, in the function to achieve, the end user can be normal access to the internal and external desktop cloud, while the internal and external network desktop cloud can not access each other (to achieve the internal and external network logic isolation).

7, the external desktop cloud can be normal Internet, need to intranet desktop cloud not on the Internet.

 ENSP Network topology map is as follows:

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M02/80/DE/wKioL1dEKRexlBJeAAKM9mGNkLM155.png "title=" 1.png " Width= "height=" 372 "border=" 0 "hspace=" 0 "vspace=" 0 "style=" width:700px;height:372px; "alt=" Wkiol1dekrexlbjeaakm9mgnklm155.png "/>

1. Create VLANs 17, 20, 50, 100, respectively, on the core switch

2. Set the gateway for each VLAN to 254, respectively

3, VLAN50 can access VLAN17, 20,vlan17 and VLAN20 cannot access each other

4, VLAN17 can access the external network, the rest of the VLAN denied access to the external network

5, extranet Desktop cloud VM is access to VMware Workstation virtual network VMnet1

6, intranet Desktop cloud VM is access to VMware Workstation virtual network VMnet2

7. The end user is connected to the VMware Workstation virtual network VMnet3

8, Panabit is access to the VMware Workstation virtual network VMnet4

9, panabit another network card bridge on the native physical network card

where the access switch is configured as follows:

#

sysname SW2 #重命名为SW2

#

VLAN Batch #建立VLAN17 20 50 100

#

Interface GIGABITETHERNET0/0/1

Port Link-type Trunk

Port Trunk Allow-pass VLAN 2 to 4094 #进入G0/0/1 interface, do trunk mode, allow all VLANs through

#

Interface GIGABITETHERNET0/0/2

Port Link-type Access

Port default VLAN #进入G0/0/2 interface, do access mode, enter VLAN50

#

The core switches are configured as follows:

sysname SW1

[Sw1]vlan Batch #创建不同的VLAN

[Sw1]interface g0/0/1 #进入G00/0/1 Mouth

[Sw1-gigabitethernet0/0/1]port link-type Access

[Sw1-gigabitethernet0/0/1]port Default VLAN #化入VLAN17

[Sw1-gigabitethernet0/0/1]qu

[Sw1]interface g0/0/2 #进入G00/0/2 Mouth

[Sw1-gigabitethernet0/0/2]port link-type Access

[Sw1-gigabitethernet0/0/2]port Default VLAN #化入VLAN20

[Sw1-gigabitethernet0/0/2]qu

[Sw1]interface g0/0/3 #进入G00/0/3 Mouth

[Sw1-gigabitethernet0/0/3]port Link-type Trunk

[Sw1-gigabitethernet0/0/3]port trunk Allow-pass VLAN all #建TRUNK, allowing all VLANs to pass through

[Sw1-gigabitethernet0/0/3]qu

[Sw1]interface VLAN 17

[Sw1-vlanif17]ip address 172.16.17.254 255.255.255.0 #指定VLAN17的网关

[Sw1-vlanif17]qu

[Sw1]interface VLAN 20

[Sw1-vlanif20]ip address 192.168.20.254 255.255.255.0 #指定VLAN20的网关

[Sw1-vlanif20]qu

[Sw1]interface VLAN 50

[Sw1-vlanif50]ip address 192.168.50.254 255.255.255.0 #指定VLAN50的网关

[Sw1-vlanif50]qu

[Sw1]interface VLAN 100

[Sw1-vlanif100]ip address 10.10.10.254 255.255.255.0 #指定VLAN100的IP地址

[Sw1-vlanif100]qu

[Sw1]acl number #配置VLAN17到VLAN20的访问规则

[Sw1-acl-adv-3000]rule deny IP source 172.16.17.0 0.0.0.255 destination 192.168.

20.0 0.0.0.255

[Sw1-acl-adv-3000]qu

[Sw1]traffic classifier c_vlan17 # Configuring stream classification C_vlan17, classifying packets matching ACL 3000

[Sw1-classifier-c_vlan17]if-match ACL 3000

[Sw1-classifier-c_vlan17]qu

[sw1]traffic Behavior b_vlan17 # Config popular for b_vlan17, action for reject message through

[Sw1-behavior-b_vlan17]deny

[Sw1-behavior-b_vlan17]qu

[SW1] Traffic Policy p_vlan17 # Configuring a stream strategy p_vlan17, associating stream classification c_vlan17 with popularity for b_vlan17

[SW1-TRAFFICPOLICY-P_VLAN17] classifier c_vlan17 behavior b_vlan17

[trafficpolicy-p_market] Qui

[Sw1]interface G0/0/1 # applies the stream policy p_vlan17 to the GE0/0/1 interface

[Sw1-gigabitethernet0/0/1]traffic-policy p_vlan17 Inbound

[Sw1-gigabitethernet0/0/1]qu

[Sw1]interface g0/0/24

[Sw1-gigabitethernet0/0/24]port link-type Access

[Sw1-gigabitethernet0/0/24]port Default VLAN #化入VLAN100

[Sw1-gigabitethernet0/0/24]qu

[Sw1]ip route-static 0.0.0.0 0.0.0.0 10.10.10.10 #配置默认路由到外网防火墙

<sw1>save

After the configuration of the switch is fully configured, I then install the WIN2008 R2, WinXP system in the VMware Workstation, this process is very simple I will no longer describe the process, just explain how to connect the system to different networks to do the experiment.

1, the WinXP access to the VMNET3 network

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/80/E8/wKiom1dEL3SRU-5SAAWbIvihFFM210.png "title=" 2.png " Width= "height=" 449 "border=" 0 "hspace=" 0 "vspace=" 0 "style=" WIDTH:700PX;HEIGHT:449PX; "alt=" Wkiom1del3sru-5saawbivihffm210.png "/>

2. Set the IP address of the WinXP to 192.168.50.3, the gateway is 192.168.50.254.

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M00/80/E6/wKioL1dEMMbATGxQAAQh0edYaMU589.png "title=" 3.png " Width= "height=" 446 "border=" 0 "hspace=" 0 "vspace=" 0 "style=" width:700px;height:446px; "alt=" Wkiol1demmbatgxqaaqh0edyamu589.png "/>

3, Ping the command to see if you can ping the gateway.

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M01/80/E6/wKioL1dEMQeAfrAuAAlV8OUnoCY525.png "title=" 4.png " Width= "height=" 429 "border=" 0 "hspace=" 0 "vspace=" 0 "style=" WIDTH:700PX;HEIGHT:429PX; "alt=" Wkiol1demqeafrauaalv8ounocy525.png "/>

4, first put WIN2008 R2 access VMNET1 Network

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M02/80/E8/wKiom1dEMHeRrnx9AAIMsQl1ryg787.png "title=" 5.png " Width= "height=" 504 "border=" 0 "hspace=" 0 "vspace=" 0 "style=" width:700px;height:504px; "alt=" Wkiom1demherrnx9aaimsql1ryg787.png "/>

5, set the IP address of the WIN2008 R2 to 172.16.17.2, the gateway is 172.16.17.254.

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M00/80/E8/wKiom1dEMMjjztAfAAHhILsAw_I895.png "width=" 700 " height= "429" title= "6.png" alt= "Wkiom1demmjjztafaahhilsaw_i895.png"/>

6, Ping the command to see if you can ping the gateway.

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M00/80/E8/wKiom1dEMS6Txw9qAAEOkZR4a68180.png "title=" 7.png " Width= "height=" 409 "border=" 0 "hspace=" 0 "vspace=" 0 "style=" WIDTH:700PX;HEIGHT:409PX; "alt=" Wkiom1dems6txw9qaaeokzr4a68180.png "/>

7, install the IIS service in WIN2008 R2 system, then turn on the default website, because it is very simple I do not introduce here. Enter 172.16.17.2 in the WinXP system with IE browser to see if you can open the default Web site. If it can be said from the cloud terminal to access the external desktop cloud system normally.

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M01/80/E8/wKiom1dEMivjixr1AAmGigj_8bI897.png "title=" 8.png " Width= "height=" 435 "border=" 0 "hspace=" 0 "vspace=" 0 "style=" width:700px;height:435px; "alt=" Wkiom1demivjixr1aamgigj_8bi897.png "/>

8, then we then put the WIN2008 R2 system into the VMNET2 network, simulating the intranet desktop cloud system

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M01/80/E6/wKioL1dEM3rC8S2LAAG9YCg4WVk428.png "title=" 9.png " Width= "height=" 493 "border=" 0 "hspace=" 0 "vspace=" 0 "style=" width:700px;height:493px; "alt=" Wkiol1dem3rc8s2laag9ycg4wvk428.png "/>

9, change the IP address of the WIN2008 R2 to 192.168.20.2, the gateway is 192.168.20.254

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M00/80/E8/wKiom1dEMtnS92SaAAGCWu_mqGQ444.png "title=" 10.png "Width=" "height=" 446 "border=" 0 "hspace=" 0 "vspace=" 0 "style=" width:700px;height:446px; "alt=" Wkiom1demtns92saaagcwu_mqgq444.png "/>

10, Ping the command to see if you can ping the gateway.

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M00/80/E6/wKioL1dENAWxV2eMAAFBuBMuaDE540.png "title=" 11.png "Width=" "height=" 435 "border=" 0 "hspace=" 0 "vspace=" 0 "style=" width:700px;height:435px; "alt=" Wkiol1denawxv2emaafbubmuade540.png "/>

11, to WinXP system, with IE browser input 192.168.20.2 see if you can open the default Web site. If can be said from the cloud terminal can access the Intranet desktop cloud system. Test the extranet Desktop cloud system in the same way 172.16.17.2 can also open the site, which is not repeated here. The complete test indicates that the cloud terminal is able to access the internal and external network system respectively.

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/80/E8/wKiom1dEM37jkTqyAAnbDl2REuY920.png "title=" 12.png "Width=" "height=" 479 "border=" 0 "hspace=" 0 "vspace=" 0 "style=" WIDTH:700PX;HEIGHT:479PX; "alt=" Wkiom1dem37jktqyaanbdl2reuy920.png "/>

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M02/80/E7/wKioL1dEOMWTuEqsAAnhsHt98zw322.png "title=" 25.png "Width=" "height=" 479 "border=" 0 "hspace=" 0 "vspace=" 0 "style=" WIDTH:700PX;HEIGHT:479PX; "alt=" Wkiol1deomwtueqsaanhsht98zw322.png "/>

12, because I only WIN2008 and XP two systems, so I WinXP access to VMNET1, to simulate the next extranet desktop cloud system

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/80/E6/wKioL1dENUDyA2WKAAXOfDhwKn4542.png "title=" 13.png "Width=" "height=" 479 "border=" 0 "hspace=" 0 "vspace=" 0 "style=" WIDTH:700PX;HEIGHT:479PX; "alt=" Wkiol1denudya2wkaaxofdhwkn4542.png "/>

13, I changed the IP address of WinXP to 172.16.17.3, the Gateway is 172.16.17.254

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M02/80/E8/wKiom1dENLWhy2SHAAUaumyV64k484.png "title=" 14.png "Width=" "height=" 483 "border=" 0 "hspace=" 0 "vspace=" 0 "style=" width:700px;height:483px; "alt=" Wkiom1denlwhy2shaauaumyv64k484.png "/>

14, then use the ping command, to PING192.168.20.2, to test to see if I do ACL on the core switch can rise to refuse internal and external network visits function. If you cannot ping the general rule indicates that the internal and external network isolation function has been established.

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M02/80/E8/wKiom1dENWzCMff7AAqJ8UnuV6s276.png "title=" 16.png "Width=" "height=" 479 "border=" 0 "hspace=" 0 "vspace=" 0 "style=" WIDTH:700PX;HEIGHT:479PX; "alt=" Wkiom1denwzcmff7aaqj8unuv6s276.png "/>

15, and then to the WIN2008 R2 system to PING172.16.17.3, if not ping general said that has played the internal and external network isolation function.

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M01/80/E7/wKioL1dEN7CTAyk5AAHdO5GjcD4638.png "title=" 17.png "Width=" "height=" 409 "border=" 0 "hspace=" 0 "vspace=" 0 "style=" WIDTH:700PX;HEIGHT:409PX; "alt=" Wkiol1den7ctayk5aahdo5gjcd4638.png "/>

16, here I use panabit software to simulate the firewall, the real realization of the Internet on the internal device functions. Install the panabit in VMware Workstation first. In the panabit system I used three NICs, the first block to access the VMNET3 network, when the management interface. The second block accesses the VMNET4 network and connects to the core switch. The third NIC connects to the VMNET0 network, bridges to my physical NIC, and simulates the Internet.

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M01/80/E8/wKiom1dEOY3ziaxCAAG3eewAO2g187.jpg "title=" QQ picture 20160524192157.jpg "Width=" "height=" 443 "border=" 0 "hspace=" 0 "vspace=" 0 "style=" WIDTH:700PX;HEIGHT:443PX; " alt= "Wkiom1deoy3ziaxcaag3eewao2g187.jpg"/>

17, enter the system after entering the user name root and password Panaos.

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M01/80/E7/wKioL1dEOYrxMx7rAADKFMnbT7s713.png "title=" 33.png "Width=" "height=" 363 "border=" 0 "hspace=" 0 "vspace=" 0 "style=" width:700px;height:363px; "alt=" Wkiol1deoyrxmx7raadkfmnbt7s713.png "/>

17, use Ifconfig to view three network card address, with ifconfig le0 192.168.50.10 255.255.255.0 command to the management Network port device IP address.

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/80/E7/wKioL1dEPJDxaf3wAAHcy_zdM4U566.png "title=" QQ picture 20160524193124.png "Width=" "height=" 393 "border=" 0 "hspace=" 0 "vspace=" 0 "style=" WIDTH:700PX;HEIGHT:393PX; " alt= "Wkiol1depjdxaf3waahcy_zdm4u566.png"/>

18, in their own physical machine browser input 192.168.50.10 address, to the Web management panabit.

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M01/80/E8/wKiom1dEO_ezwdtoAAKaFOSDWd8073.png "title=" 35.png "Width=" "height=" 393 "border=" 0 "hspace=" 0 "vspace=" 0 "style=" width:700px;height:393px; "alt=" Wkiom1deo_ Ezwdtoaakafosdwd8073.png "/>

19. Click here to continue browsing this website, enter user name admin, password Panaos

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M01/80/E7/wKioL1dEPTyxhMAfAAFzoI4DG-0361.png "title=" 36.png "Width=" "height=" 376 "border=" 0 "hspace=" 0 "vspace=" 0 "style=" width:700px;height:376px; "alt=" Wkiol1deptyxhmafaafzoi4dg-0361.png "/>

20, enter the page, I entered the system maintenance-upgrade system, the patch to play well.

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M00/80/E7/wKioL1dEPcOhMQDiAAJdFm5aUrs042.png "style=" width : 700px;height:393px; "title=" 38.png "width=" "height=" 393 "border=" 0 "hspace=" 0 "vspace=" 0 "alt=" Wkiol1depcohmqdiaajdfm5aurs042.png "/>

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M01/80/E8/wKiom1dEPNeRH7DFAAFJAxCT1ig651.png "style=" width : 700px;height:393px; "title=" 39.png "width=" "height=" 393 "border=" 0 "hspace=" 0 "vspace=" 0 "alt=" Wkiom1depnerh7dfaafjaxct1ig651.png "/>

21, enter the system maintenance-management interface, set up the interface address, and submit.

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/80/E7/wKioL1dEP7PQrnKpAAKUnf4LOSQ161.png "title=" QQ picture 20160524194425.png "Width=" "height=" 393 "border=" 0 "hspace=" 0 "vspace=" 0 "style=" WIDTH:700PX;HEIGHT:393PX; " alt= "Wkiol1dep7pqrnkpaakunf4losq161.png"/>

22, enter the system maintenance-data interface, respectively, the remaining two NIC access inside and outside the network, and submit.

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/80/E7/wKioL1dEQAug6FCZAAKvNqsW764316.png "title=" QQ picture 20160524194442.png "Width=" "height=" 393 "border=" 0 "hspace=" 0 "vspace=" 0 "style=" WIDTH:700PX;HEIGHT:393PX; " alt= "Wkiol1deqaug6fczaakvnqsw764316.png"/>

23. Go to Application routing-interface line, set LAN interface and WAN interface respectively

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M01/80/E7/wKioL1dEPm6i9P-WAANeqesojok721.png "title=" 40.png "Width=" "height=" 393 "border=" 0 "hspace=" 0 "vspace=" 0 "style=" width:700px;height:393px; "alt=" Wkiol1depm6i9p-waaneqesojok721.png "/>

24, click LAN interface-Add, set interface name INSIDE,IP address 10.10.10.10, netmask 255.255.255.0, the rest of the default does not change.

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/80/E7/wKioL1dEPyDShfr5AANG5QwqHmI336.png "title=" 41.png "Width=" "height=" 393 "border=" 0 "hspace=" 0 "vspace=" 0 "style=" width:700px;height:393px; "alt=" Wkiol1depydshfr5aang5qwqhmi336.png "/>

25, click Wan Interface-Add, set interface name OUTSIDE,IP address 192.168.1.200, gateway to 192.168.1.1 (this is my home light cat address), DNS is also 192.168.1.1.

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M00/80/E7/wKioL1dEQXKxAvh-AAKXh2BdoK0236.png "title=" QQ picture 20160524195048.png "Width=" "height=" 393 "border=" 0 "hspace=" 0 "vspace=" 0 "style=" WIDTH:700PX;HEIGHT:393PX; " alt= "Wkiol1deqxkxavh-aakxh2bdok0236.png"/>

26, click on the application routing-Policy routing, set up a good intranet network access policy, source address 172.16.17.0/24 (outside the cloud address), do NAT out of the net.

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M00/80/E9/wKiom1dEQVSxnWPzAAHwkHCjBcs339.png "title=" 54.png "Width=" "height=" 376 "border=" 0 "hspace=" 0 "vspace=" 0 "style=" width:700px;height:376px; "alt=" Wkiom1deqvsxnwpzaahwkhcjbcs339.png "/>

27, the WinXP access to VMNET2, analog intranet desktop cloud, PING192.168.1.1, see whether the Internet, open the Web page also cannot access. It realizes the function that intranet desktop cloud can't be on the internet.

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M01/80/E7/wKioL1dEQ3rwqCkhAALodhLEFU8285.png "style=" width : 700px;height:464px; "title=" 56.png "width=" "height=" 464 "border=" 0 "hspace=" 0 "vspace=" 0 "alt=" Wkiol1deq3rwqckhaalodhlefu8285.png "/>

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M02/80/E9/wKiom1dEQovg8h2vAANBvWREFg0703.png "style=" width : 700px;height:479px; "title=" 57.png "width=" "height=" 479 "border=" 0 "hspace=" 0 "vspace=" 0 "alt=" Wkiom1deqovg8h2vaanbvwrefg0703.png "/>

28, the WIN2008 R2 access VMNET1, analog outside the desktop cloud, PING192.168.1.1, to see whether the Internet, open the Web page can visit Baidu. Enables the Internet desktop cloud to be able to function on the web.

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M02/80/E7/wKioL1dERAnQI4i6AAF-txxarSc085.png "style=" width : 700px;height:407px; "title=" 58.png "width=" "height=" 407 "border=" 0 "hspace=" 0 "vspace=" 0 "alt=" Wkiol1deranqi4i6aaf-txxarsc085.png "/>

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/80/E9/wKiom1dEQxmyp9gUAAF2xaAAtzQ321.png "style=" width : 700px;height:414px; "title=" 59.png "width=" "height=" 414 "border=" 0 "hspace=" 0 "vspace=" 0 "alt=" Wkiom1deqxmyp9guaaf2xaaatzq321.png "/>

29, I finally tested another function, that is, in the Internet to access the function of the intranet server, first put WIN2008 R2 access VMNET1, set the IP address 172.16.17.2, the gateway is 172.16.17.254, DNS is 192.168.1.1. On Panabit, route-port mappings are applied, as shown in:

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M01/80/E9/wKiom1dERHmRk32eAAMu-RlfJB0688.png "title=" 60.png "Width=" "height=" 393 "border=" 0 "hspace=" 0 "vspace=" 0 "style=" width:700px;height:393px; "alt=" Wkiom1derhmrk32eaamu-rlfjb0688.png "/>

30, then on the physical machine, using IE browser input IP address 192.168.1.200 (equivalent to the public network address), the results can be normal access, functional test normal.

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M01/80/E9/wKiom1dERO2QdC2uAAZJaBC6Je8647.png "title=" 62.png "Width=" "height=" 376 "border=" 0 "hspace=" 0 "vspace=" 0 "style=" width:700px;height:376px; "alt=" Wkiom1dero2qdc2uaazjabc6je8647.png "/>

Finally, all the experiments and results are done, the functions are all realized, of course, some people may use better methods and practices, I just give you a reference, I hope to be able to you in the future project projects to be helpful.

How to use the single-machine card to achieve the company's internal and external network access