internal and external network access to the DMZ host via public network IP

Demand:

The company DMZ area Web server to provide Web services inside and outside the network, requires the use of public network IP access, so as to achieve internal and external network transparency;

650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M01/8A/F1/wKiom1g_ue3QfJtVAAbDGonZfrs822.jpg-wh_500x0-wm_3 -wmp_4-s_1098089400.jpg "title=" small fish Technology topology map. jpg "alt=" wkiom1g_ue3qfjtvaabdgonzfrs822.jpg-wh_50 "/>

Get ready:

Firewall external network interface IP 2.2.2.2/29, intranet interface ip 10.2.255.253/24,DMZ interface IP 10.1.100.1/24

Web Server IP 10.1.100.87/24, mapping public network IP 2.2.2.3

Switch IP 10.2.255.254

Intranet Network Segment 10.2.0.0/16

The H3C firewall is configured as follows

ACL number 2000

Rule 2 Permit Source 10.2.0 0.0.255.255

#

VLAN 255

#

Interface vlan-interface255

NAT server Protocol TCP global 2.2.2.3 inside 10.1.100.87 80

IP address 10.2.255.253 255.255.255.0

#

Interface GIGABITETHERNET0/2

Port Link-mode Route

IP address 10.1.100.1 255.255.255.0

#

Interface GIGABITETHERNET0/4

Port Link-mode Route

Description to Wan

Nat outbound Static

Nat Outbound 2000

IP address 2.2.2.2 255.255.255.248

Undo DHCP Select Server Global-pool

IPSec Policy Ipsecpolicy1

#

#

Zone name Local ID 1

Priority 100

Zone name Trust ID 2

Priority 85

Import Interface vlan-interface255

Zone name DMZ ID 3

Priority 50

Import Interface GIGABITETHERNET0/2

Zone name untrust ID 4

Priority 5

Import Interface GIGABITETHERNET0/4

This article is from the "Yanhuan" blog, make sure to keep this source http://yanhuan.blog.51cto.com/1761673/1878449

internal and external network access to the DMZ host via public network IP