大家好,欢迎来到IT知识分享网。
首先规划和配置IP地址
在防火墙开启DHCP服务,创建地址池,并关联到防火墙的内部端口
[SRG]dhcp server ip-pool 188
[SRG-dhcp-188]network 192.168.1.0 mask 24
[SRG-dhcp-188]gateway-list 192.168.1.1
[SRG-dhcp-188]qu
然后在pc1上ipconfig,已经可以自动获得IP地址
在AR1上配置telnet服务器
[Huawei]ip route-static 0.0.0.0 0.0.0.0 192.168.1.1
[Huawei]user-interface vty 0 4
[Huawei-ui-vty0-4]authentication-mode password
Please configure the login password (maximum length 16):tel123
[Huawei-ui-vty0-4]qu
AR3配置
[Huawei]ip route-static 0.0.0.0 0.0.0.0 202.101.10.1
AR4配置
[Huawei]ip route-static 0.0.0.0 0.0.0.0 192.168.2.1
AR2配置
[Huawei]rip
[Huawei-rip-1]version 2
[Huawei-rip-1]network 202.101.12.0
[Huawei-rip-1]network 202.101.10.0
[Huawei-rip-1]network 202.101.15.0
防火墙配置
[SRG]ip route-static 0.0.0.0 0.0.0.0 202.101.12.2
[SRG]firewall zone trust
[SRG-zone-trust]add in g0/0/1
[SRG-zone-trust]qu
[SRG]firewall zone untrust
[SRG-zone-untrust]add in g0/0/0
[SRG-zone-untrust]qu
[SRG]policy interzone local untrust inbound
[SRG-policy-interzone-local-untrust-inbound]policy 1
[SRG-policy-interzone-local-untrust-inbound-1]action permit
[SRG-policy-interzone-local-untrust-inbound-1]policy service service-set icmp
[SRG-policy-interzone-local-untrust-inbound-1]policy service service-set telnet
[SRG-policy-interzone-local-untrust-inbound-1]policy service service-set ftp
[SRG-policy-interzone-local-untrust-inbound-1]policy service service-set http
[SRG-policy-interzone-local-untrust-inbound-1]qu
[SRG-policy-interzone-local-untrust-inbound]qu
[SRG]firewall packet-filter default permit interzone trust untrust direction out bound ##开启trust到untrust的默认行为为允许
Warning:Setting the default packet filtering to permit poses security risks. You
are advised to configure the security policy based on the actual data flows. Ar
e you sure you want to continue?[Y/N]y
[SRG]nat address-group 1 202.101.12.1 202.101.12.1
[SRG]nat-policy interzone trust untrust outbound
[SRG-nat-policy-interzone-trust-untrust-outbound]policy 1
[SRG-nat-policy-interzone-trust-untrust-outbound-1]action source-nat
[SRG-nat-policy-interzone-trust-untrust-outbound-1]policy source 192.168.1.0 mask 24
[SRG-nat-policy-interzone-trust-untrust-outbound-1]address-group 1
[SRG-nat-policy-interzone-trust-untrust-outbound-1]qu
[SRG-nat-policy-interzone-trust-untrust-outbound]qu
[SRG]nat server 0 protocol tcp global interface GigabitEthernet 0/0/0 2323 inside 192.168.1.23 telnet
[SRG]nat server 1 protocol tcp global interface GigabitEthernet 0/0/1 ftp inside 192.168.1.21 ftp
[SRG]nat server 2 protocol tcp global 202.101.12.1 www inside 192.168.1.80 www
[SRG]policy interzone trust untrust inbound
[SRG-policy-interzone-trust-untrust-inbound]policy 1
[SRG-policy-interzone-trust-untrust-inbound-1]action permit
[SRG-policy-interzone-trust-untrust-inbound-1]policy service service-set telnet
[SRG-policy-interzone-trust-untrust-inbound-1]policy service service-set ftp
[SRG-policy-interzone-trust-untrust-inbound-1]policy service service-set http
[SRG-policy-interzone-trust-untrust-inbound-1]policy destination 192.168.1.23 0
[SRG-policy-interzone-trust-untrust-inbound-1]policy destination 192.168.1.21 0
[SRG-policy-interzone-trust-untrust-inbound-1]policy destination 192.168.1.80 0
[SRG-policy-interzone-trust-untrust-inbound-1]qu
[SRG-policy-interzone-trust-untrust-inbound]qu
AR3配置
[Huawei]acl 2001
[Huawei-acl-basic-2001]rule 5 permit source 192.168.2.0 0.0.0.255
[Huawei-acl-basic-2001]qu
[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]nat outbound 2001
AR5配置
[Huawei]ip route-static 0.0.0.0 0.0.0.0 202.101.15.1
防火墙配置
[SRG]policy interzone trust untrust inbound
[SRG-policy-interzone-trust-untrust-inbound]policy 1
[SRG-policy-interzone-trust-untrust-inbound-1]policy source 202.101.10.2 0
[SRG-policy-interzone-trust-untrust-inbound-1]qu
[SRG-policy-interzone-trust-untrust-inbound]qu
免责声明:本站所有文章内容,图片,视频等均是来源于用户投稿和互联网及文摘转载整编而成,不代表本站观点,不承担相关法律责任。其著作权各归其原作者或其出版社所有。如发现本站有涉嫌抄袭侵权/违法违规的内容,侵犯到您的权益,请在线联系站长,一经查实,本站将立刻删除。 本文来自网络,若有侵权,请联系删除,如若转载,请注明出处:https://yundeesoft.com/32043.html
