1. The firewall source nat configuration
configures the corresponding security zone
[FW1]firewall zone trust
[FW1-zone-trust]add interface g1/0/1
[FW1]firewall zone untrust
[FW1-zone-untrust]add interface g1/0/4
[FW1]firewall zone dmz
[FW1-zone-dmz]add interface g1/0/0
configure the forwarding policy between the trust zone and the untrust zone
[FW1-policy-security]rule name policy_sec
[FW1-policy-security-rule-policy_sec ]source-zone trust
[FW1-policy-security-rule-policy_sec] destination-zone untrust
[FW1-policy-security-rule-policy_sec] action permit
configure nat address pool and address
[FW1] nat address-group natpool
[FW1- address-group-natpool]section 2.2.2.2 2.2.2.5
Configure nat policy
[FW1]nat-policy
[FW1-policy-nat]rule name source_nat
[FW1-policy-nat-rule-source_nat]destination-zone untrust
[FW1-policy-nat-rule-source_nat]source-zone trust
[FW1-policy-nat-rule-source_nat]action source-nat address-group natpool
从PC1 ping PC2验证
查看nat转换情况
2.配置NAT server的源NAT转换
[FW1]security-policy
[FW1-policy-security]rule name biderectinal_nat
[FW1-policy-security-rule-bidectinal_nat]source-zone untrust
[FW1-policy-security-rule-bidectinal_nat]destination-zone dmz
[FW1-policy-security-rule-bidectinal_nat]action permit
[FW1-policy-security-rule-bidectinal_nat]service ftp
配置NAT server
[FW1]nat server ftpserver protocol tcp global 40.1.1.2 ftp inside 10.1.1.100 ftp
配置NAT地址池
[FW1]nat address-group natpool2
[FW1-address-group-natpool2]section 10.1.1.10 10.1.1.20 The
NAT ALG function is applied between the DMZ and the untrust zone, so that the server can provide FTP services to the outside world normally (by default it is enabled globally and can be omitted)
[FW1]firewall interzone dmz untrust
[FW1-interzone-dmz-untrust] detect ftp
configure the NAT policy between DMZ and untrust, the source address range, and bind the address pool 2 bind
[FW1]nat-policy
[FW1-policy-nat]rule name biderectional_nat
[FW1-policy-nat-rule-biderectional_nat]destination-zone dmz
[FW1-policy-nat-rule-biderectional_nat]source-zone untrust
[FW1-policy-nat-rule-biderectional_nat]source-address 40.1.1.0 24
[FW1 -policy-nat-rule-biderectional_nat]action source-nat address-group natpool2
view the corresponding situation of nat server
The nat configuration of the firewall
Guess you like
Origin blog.51cto.com/13699905/2641940
Recommended
Ranking