華為防火牆NAT配置訪問外網

最後更新：2014-09-16 來源：互聯網

上載者：User

創建阿里雲帳戶，並獲得超過 40 款產品的免費試用版；而企業帳戶則可以享有總值 $1200 的免費試用版。立即註冊！

標籤：華為防火牆

650) this.width=650;" src="http://s3.51cto.com/wyfs02/M00/49/A0/wKioL1QW40DARF4WAAFejdzzg7c946.jpg" title="11.jpg" alt="wKioL1QW40DARF4WAAFejdzzg7c946.jpg" />

AR1類比外網，配置一個IP，在配置一個LoopBack地址，AR1的配置如下：

interface GigabitEthernet0/0/0
ip address 100.100.100.1 255.255.255.0
#
interface LoopBack1
ip address 200.200.200.1 255.255.255.0

USG的配置如下：

#配置內網介面，開啟DHCP

interface GigabitEthernet0/0/0
ip address 192.168.10.1 255.255.255.0
dhcp select interface
dhcp server gateway-list 192.168.10.1
dhcp server dns-list 8.8.8.8

#將GigabitEthernet0/0/0加入到Trust地區

firewall zone trust
add interface GigabitEthernet0/0/0

#配置外網介面

interface GigabitEthernet0/0/1
ip address 100.100.100.2 255.255.255.0
#將GigabitEthernet0/0/1加入到Untrust地區

firewall zone untrust
add interface GigabitEthernet0/0/1

#開啟域間包過濾規則，

policy interzone trust untrust outbound
policy 0
action permit
policy source 192.168.10.0 0.0.0.255
#配置預設路由，確保區域網路使用者訪問Internet路由可達

ip route-static 0.0.0.0 0.0.0.0 100.100.100.1

#配置NAT，實現區域網路使用者能夠訪問Internet

nat-policy interzone trust untrust outbound
policy 1
action source-nat
policy source 192.168.10.0 0.0.0.255
easy-ip GigabitEthernet0/0/1

驗證結果：

#PC1可以ping通100.100.100.1和200.200.200.1

PC>ping 100.100.100.1
Ping 100.100.100.1: 32 data bytes, Press Ctrl_C to break
From 100.100.100.1: bytes=32 seq=1 ttl=254 time=47 ms
From 100.100.100.1: bytes=32 seq=2 ttl=254 time=31 ms
From 100.100.100.1: bytes=32 seq=3 ttl=254 time=47 ms
From 100.100.100.1: bytes=32 seq=4 ttl=254 time=31 ms
From 100.100.100.1: bytes=32 seq=5 ttl=254 time=31 ms

--- 100.100.100.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 31/37/47 ms

PC>ping 200.200.200.1
Ping 200.200.200.1: 32 data bytes, Press Ctrl_C to break
From 200.200.200.1: bytes=32 seq=1 ttl=254 time=62 ms
From 200.200.200.1: bytes=32 seq=2 ttl=254 time=46 ms
From 200.200.200.1: bytes=32 seq=3 ttl=254 time=47 ms
From 200.200.200.1: bytes=32 seq=4 ttl=254 time=47 ms
From 200.200.200.1: bytes=32 seq=5 ttl=254 time=63 ms

--- 200.200.200.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 46/53/63 ms

#防火牆上的會話

<SRG>display firewall session table
13:15:06 2014/03/18
Current Total Sessions : 3
icmp VPN:public --> public 192.168.10.2:29142[100.100.100.2:2065]-->200.200.200.1:2048
icmp VPN:public --> public 192.168.10.2:29398[100.100.100.2:2066]-->200.200.200.1:2048
icmp VPN:public --> public 192.168.10.2:29654[100.100.100.2:2067]-->200.200.200.1:2048

本文出自 “『Dream ◆ IT』→小韋” 部落格，請務必保留此出處http://itxiaowei.blog.51cto.com/5081959/1553021

華為防火牆NAT配置訪問外網

本文章原先以中文撰寫並發佈於 aliyun.com，亦設英文版本，僅作資訊用途。本網站不對文章的準確性，完整性或可靠性或其任何翻譯作出任何明示或暗示的陳述或保證。如對該文章有任何疑慮或投訴，請傳送電郵至 info-contact@alibabacloud.com 並提供相關疑慮或投訴的詳細說明。職員會於 5 個工作天內與您聯絡，一經驗證之後，即會刪除該侵權內容。

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More