我要评论
[fw-nat-policy-interzone-trust-untrust-outbound-0]policysource 10.0.2.0 0.0.0.2
55
14:14:26 2014/07/08
[fw-nat-policy-interzone-trust-untrust-outbound-0]actionsource-nat
14:14:37 2014/07/08
[fw-nat-policy-interzone-trust-untrust-outbound-0]easy-ipg0/0/0
14:14:51 2014/07/08
[fw-nat-policy-interzone-trust-untrust-outbound-0]q
配置完成后,验证trust区域与untrust区域之间的访问是否正常。
<r2>ping 10.0.1.1
ping 10.0.1.1: 56 data bytes,press ctrl_c to break
request time out
request time out
request time out
request time out
request time out
---10.0.1.1 ping statistics ---
5packet(s) transmitted
0packet(s) received
100.00% packet loss
<r2>ping -a 10.0.2.2 10.0.1.1
ping 10.0.1.1: 56 data bytes,press ctrl_c to break
reply from 10.0.1.1: bytes=56 sequence=1 ttl=254 time=220 ms
reply from 10.0.1.1: bytes=56 sequence=2 ttl=254 time=100 ms
reply from 10.0.1.1: bytes=56 sequence=3 ttl=254 time=100 ms
reply from 10.0.1.1: bytes=56 sequence=4 ttl=254 time=120 ms
reply from 10.0.1.1: bytes=56 sequence=5 ttl=254 time=440 ms
---10.0.1.1 ping statistics ---
5packet(s) transmitted
5packet(s) received
0.00% packet loss
round-trip min/avg/max = 100/196/440 ms
注意,这里直接测试与10.0.1.1之间的连通性,显示不通。使用扩展ping,指定了发送数据包的源地址是10.0.2.2后,实现了连通性。原因是,直接发送数据包到10.0.1.1时,数据包的源地址到10.0.1.1时,数据包的源地址为10.0.20.2,该地址不属于nat转换的客户端地址范围。
步骤六.将内网服务器10.0.3.3发布出去
配置内网服务器10.0.3.3的telnet服务,映射到地址10.0.10.20
[fw]nat server protocol tcp global10.0.10.20 telnet inside 10.0.3.3 telnet
在r3上开启telnet功能,并在r1上测试,测试时需要注意,对外发布的地址为10.0.10.20,所以r1对10.0.3.3访问时,访问的目标地址为10.0.10.20。
[r3]user-interface vty 0 4
[r3-ui-vty0-4]authentication-mode password
please configure the login password(maximum length 16):16
[r3-ui-vty0-4]set authentication password ?
cipher set the password withcipher text
[r3-ui-vty0-4]set authentication passwordcip
[r3-ui-vty0-4]set authentication passwordcipher huawei
[r3-ui-vty0-4]user privilege level 3
[r3-ui-vty0-4]q
<r1>telnet 10.0.10.20
press ctrl_] to quit telnet mode
trying 10.0.10.20 ...
connected to 10.0.10.20 ...
login authentication
本文出自 “思科实验linux” 博客,请务必保留此出处http://1054054.blog.51cto.com/1044054/1437509
您可能感兴趣的文章:
如您对本文有疑问或者有任何想说的,请点击进行留言回复,万千网友为您解惑!
网友评论