ensp防火墙配置
小型局域网的相关配置在我这条博客中可以查考一下:https://blog.csdn.net/miss_miss6/article/details/105608443
这里就没有再去完成之前局域网的配置了只有FW1和AR3的相关配置
拓扑图
cloud
pc1
FW1配置
<SRG>system-view
[SRG]firewall zone trust
[SRG-zone-trust]add interface GigabitEthernet 0/0/2
[SRG-zone-trust]quit
[SRG]firewall zone untrust
[SRG-zone-untrust]add interface GigabitEthernet 0/0/1
[SRG-zone-untrust]quit
[SRG]int G 0/0/2
[SRG-GigabitEthernet0/0/2]ip address 192.168.5.1 24
[SRG]interface GigabitEthernet 0/0/1
[SRG-GigabitEthernet0/0/1]ip address 192.168.10.9 24
[SRG-GigabitEthernet0/0/1]quit
[SRG]ip route-static 0.0.0.0 0 192.168.10.1
[SRG]policy interzone trust untrust outbound
[SRG-policy-interzone-trust-untrust-outbound]policy 0
[SRG-policy-interzone-trust-untrust-outbound-0]action permit
[SRG-policy-interzone-trust-untrust-outbound-0]policy source 192.168.0.0 0.0.255.255 ##允许192.168.0.0网段出外网
[SRG-policy-interzone-trust-untrust-outbound-0]quit
[SRG-policy-interzone-trust-untrust-outbound]quit
[SRG]nat-policy interzone trust untrust outbound
[SRG-nat-policy-interzone-trust-untrust-outbound]policy 1
[SRG-nat-policy-interzone-trust-untrust-outbound-1]action source-nat
[SRG-nat-policy-interzone-trust-untrust-outbound-1]policy source 192.168.0.0 0.0.255.255
[SRG-nat-policy-interzone-trust-untrust-outbound-1]easy-ip GigabitEthernet 0/0/1
[SRG-nat-policy-interzone-trust-untrust-outbound-1]quit
[SRG-nat-policy-interzone-trust-untrust-outbound]quit
[SRG]ospf 1
[SRG-ospf-1]default-route-advertise always cost 200 type 1
[SRG-ospf-1]area 0
[SRG-ospf-1-area-0.0.0.0]network 192.168.5.0 0.0.0.255
AR3配置之前博客的也要
<Huawei>system-view
[Huawei]int G 0/0/2
[Huawei-GigabitEthernet0/0/2]ip address 192.168.5.2 24
[Huawei-GigabitEthernet0/0/2]quit
[Huawei]ospf 1
[Huawei-ospf-1]area 0
[Huawei-ospf-1-area-0.0.0.0]network 192.168.5.0 0.0.0.255
查看
[Huawei-ospf-1-area-0.0.0.0]display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 18 Routes : 18
Destination/Mask Proto Pre Cost Flags NextHop Interface
0.0.0.0/0 O_ASE 150 201 D 192.168.5.1 GigabitEthernet
0/0/2
10.0.5.0/24 OSPF 10 3 D 172.16.3.1 GigabitEthernet
0/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
172.16.2.0/24 Direct 0 0 D 172.16.2.2 GigabitEthernet
0/0/1
172.16.2.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
172.16.2.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
172.16.3.0/24 Direct 0 0 D 172.16.3.2 GigabitEthernet
0/0/0
172.16.3.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
172.16.3.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
172.16.4.0/24 OSPF 10 2 D 172.16.3.1 GigabitEthernet
0/0/0
192.168.3.0/24 OSPF 10 2 D 172.16.2.1 GigabitEthernet
0/0/1
192.168.5.0/24 Direct 0 0 D 192.168.5.2 GigabitEthernet
0/0/2
192.168.5.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/2
192.168.5.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/2
192.168.9.0/24 OSPF 10 2 D 172.16.2.1 GigabitEthernet
0/0/1
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
同样给他在主机上添加路由
C:\WINDOWS\system32>route add 192.168.3.0 mask 255.255.255.0 192.168.10.9
操作完成!
C:\WINDOWS\system32>route add 192.168.9.0 mask 255.255.255.0 192.168.10.9
操作完成!
C:\WINDOWS\system32>route add 10.0.5.0 mask 255.255.255.0 192.168.10.9
操作完成!
使用pc机和AR3ping外网
pc机可以ping通,AR3不可即完成
PC
PC>ping 192.168.10.1
Ping 192.168.10.1: 32 data bytes, Press Ctrl_C to break
From 192.168.10.1: bytes=32 seq=1 ttl=125 time=109 ms
From 192.168.10.1: bytes=32 seq=2 ttl=125 time=78 ms
From 192.168.10.1: bytes=32 seq=3 ttl=125 time=78 ms
--- 192.168.10.1 ping statistics ---
3 packet(s) transmitted
3 packet(s) received
0.00% packet loss
round-trip min/avg/max = 78/88/109 ms
AR3
[Huawei]ping 192.168.10.1
PING 192.168.10.1: 56 data bytes, press CTRL_C to break
Request time out
Request time out
Request time out
Request time out
Request time out
--- 192.168.10.1 ping statistics ---
5 packet(s) transmitted
0 packet(s) received
100.00% packet loss
