配置NAT server
检验:
dis firewall session table dis firewall server-map
拓扑图:
第一步:配置接口ip
第二步:配置安全区域
[FWl firewall zone dmz [FW-zone-dmzl add interface GigabitEthernet 0/0/2 [FW-zone-dmz] quit [FWl firewall zone untrustFW-zone-untrust, add interface GigabitEthernet 0/0/1 [FW-zone-untrustl quit
第三步:配置安全策略
[FW] security-policy [FW-policy-security] rule name policy1 [FW-policy-security-rule-policy1l source-zone untrustIFW-policy-security-rule-policy1l destination-zone dmz [FW-policy-security-rule-policy1] destination-address 172.16.1.10 24 [FW-policy-security-rule-policy1l action permit [FW-policy-security-rule-policy1l quit
第四步:配置NAT Server
[FW] nat server policy_ftp protocol tcp global 192.168.1.10 ftp inside 172.16.1.10 ftp unr-route
第五步:开通FTP协议的NAT ACL
[FW] firewall interzone dmz untrust [FW-interzone-dmz-untrustl detect ftp [FW-interzone-dmz-untrustl quit
第六步:配置静态路由
[FWl] ip route-static 0.0.0.0 0.0.0.0 192.
标签:zone,FW,rule,SERVER,NAT,policy,security,dmz From: https://www.cnblogs.com/hbdgw/p/18124489