Demand:
The company DMZ area Web server to provide Web services inside and outside the network, requires the use of public network IP access, so as to achieve internal and external network transparency;
650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M01/8A/F1/wKiom1g_ue3QfJtVAAbDGonZfrs822.jpg-wh_500x0-wm_3 -wmp_4-s_1098089400.jpg "title=" small fish Technology topology map. jpg "alt=" wkiom1g_ue3qfjtvaabdgonzfrs822.jpg-wh_50 "/>
Get ready:
Firewall external network interface IP 2.2.2.2/29, intranet interface ip 10.2.255.253/24,DMZ interface IP 10.1.100.1/24
Web Server IP 10.1.100.87/24, mapping public network IP 2.2.2.3
Switch IP 10.2.255.254
Intranet Network Segment 10.2.0.0/16
The H3C firewall is configured as follows
ACL number 2000
Rule 2 Permit Source 10.2.0 0.0.255.255
#
VLAN 255
#
Interface vlan-interface255
NAT server Protocol TCP global 2.2.2.3 inside 10.1.100.87 80
IP address 10.2.255.253 255.255.255.0
#
Interface GIGABITETHERNET0/2
Port Link-mode Route
IP address 10.1.100.1 255.255.255.0
#
Interface GIGABITETHERNET0/4
Port Link-mode Route
Description to Wan
Nat outbound Static
Nat Outbound 2000
IP address 2.2.2.2 255.255.255.248
Undo DHCP Select Server Global-pool
IPSec Policy Ipsecpolicy1
#
#
Zone name Local ID 1
Priority 100
Zone name Trust ID 2
Priority 85
Import Interface vlan-interface255
Zone name DMZ ID 3
Priority 50
Import Interface GIGABITETHERNET0/2
Zone name untrust ID 4
Priority 5
Import Interface GIGABITETHERNET0/4
This article is from the "Yanhuan" blog, make sure to keep this source http://yanhuan.blog.51cto.com/1761673/1878449
internal and external network access to the DMZ host via public network IP