版權(quán)說明:本文檔由用戶提供并上傳,收益歸屬內(nèi)容提供方,若內(nèi)容存在侵權(quán),請進行舉報或認領(lǐng)
文檔簡介
1、要求:通過配置華為防火墻實現(xiàn)本地 telnet 服務(wù)器能夠通過 NAT 上網(wǎng).并且,訪問電信網(wǎng)絡(luò) 鏈路時走電信,訪問網(wǎng)通鏈路時走網(wǎng)通.具體配置如下:華為 USG 2000Username:adminPassword:Admin123S G2205BSR>syste m -view USG2 2 05BSR s y s n a m e h u awei hu a w ei i nt e r f ace G i gab i tEthernet 0 / 0/0 批注 canhong1: 默認用戶名和密碼批注 canhong2: 進入配置 模式批注 canhong3: 命名批注 canhong4
2、: 進入接口huawei-GigabitEthernet0/0/0description #conn to dianxin link# huawei-GigabitEthernet0/0/0ip address 202.100.1.1 255.255.255.0 huawei-GigabitEthernet0/0/0undo shutdownhuawei-GigabitEthernet0/0/0quit批注 canhong5: 對接口描 述批注 canhong6: 配置 IP批注 canhong7: 啟用接口 批注 canhong8: 退出接口模式huaweiinterface Gigabit
3、Ethernet 0/0/1huawei-GigabitEthernet0/0/1description #conn to yidong link# huawei-GigabitEthernet0/0/1ip address 202.200.1.1 255.255.255.0 huawei-GigabitEthernet0/0/1undo shutdownhuawei-GigabitEthernet0/0/1quithuaweiinterface Vlanif 1huawei-Vlanif1description #conn to local# huawei-Vlanif1ip address
4、 192.168.1.1 255.255.255.0 huawei-Vlanif1undo shutdownhuawei-Vlanif1quithuaweifirewall zone trusthuawei-zone-trustundo add interface GigabitEthernet 0/0/0批注 canhong9: 進入信認區(qū)域,信認區(qū)域默認安全等級 為 85huawei-zone-trustundo add interface GigabitEthernet 0/0/1huawei-zone-trustadd interface Vlanif 1 huaweifirewall
5、 zone name Dianxin huawei-zone-dianxinset priority 4huawei-zone-dianxinadd interface GigabitEthernet 0/0/0huawei-zone-dianxinquit批注 canhong10: 默認G0/0/0 和 G0/0/1 屬于信認區(qū) 域,由于本實驗,這兩個接口連 接外網(wǎng),應(yīng)把這兩個接口從信 認區(qū)域移出,加入到非信認區(qū) 域中.批注 canhong11: 把VLANIF 1 加入信認區(qū)域批注 canhong12: 重新建個 新的區(qū)域,命名為 dianxin,設(shè) 置安全等級為 4,并把 G0/0/0
6、加入該區(qū)域huaweifirewall zone name Yidonghuawei-zone-yidongset priority 3huawei-zone-yidongadd interface GigabitEthernet 0/0/1 huawei-zone-yidongquithuaweiacl number 2000huawei-acl-basic-2000rule 10 permit source .1.0 0.0.0.255批注 canhong13: 重新建個新的區(qū)域,命名為 yidong,設(shè)置 安全等級為 3,并把 G0/0/1 加 入該區(qū)域批注 canhong14: 配置一
7、個 ACL 2000, 設(shè)置規(guī)則允許內(nèi) 網(wǎng) 192.168.1.0 的網(wǎng)段huawei-acl-basic-2000quithuaweifirewall interzone trust dianxinhuawei-interzone-trust-dianxinpacket-filter 2000 outboundhuawei-interzone-trust-dianxinnat outbound 2000 interface GigabitEthernet 0/0/0 huawei-interzone-trust-dianxinquit批注 canhong15: 進入信認區(qū)域和 dianxin
8、批注 canhong16: 包過濾的 出口方向應(yīng)用 ACL 2000批注 canhong17: ACL 2000與接口 G0/0/0 做 PAThuaweifirewall interzone trust yidonghuawei-interzone-trust-yidongnat outbound 2000 interface GigabitEthernet 0/0/1 huawei-interzone-trust-yidongquithuaweiuser-interface vty 0 4批注 canhong18: 同上批注 canhong19: 進入接口 VTY, 啟用驗證模式為密碼 模
9、式huawei-ui-vty0-4authentication-mode passwordhuawei-ui-vty0-4quithuaweiip route-static 0.0.0.0 0.0.0.0 202.1批注 canhong20: 配置默認路由到達電信.huaweiip route-static 27.8.0.0 2548.0.0 202.200.1.2huaweiip route-static 0.1.2huaweiip route-static 222.160.0.0 255.252.0.0 20批注 canhong21: 配置明細路由到網(wǎng)通的路由,約有 683條明細路由.hu
10、awei firewall packet-filter default permit interzone local dianxin direction inboundhuawei firewall packet-filter default permit interzone local dianxin direction outboundhuawei firewall packet-filter default permit interzone trust dianxin direction inboundhuawei firewall packet-filter default permi
11、t interzone trust dianxin direction outboundhuawei firewall packet-filter default permit interzone local yidong direction inboundhuawei firewall packet-filter default permit interzone local yidong direction outboundhuawei firewall packet-filter default permit interzone trust yidong direction inbound
12、huawei firewall packet-filter default permit interzone trust yidong direction outbound如圖:電信網(wǎng)絡(luò)、網(wǎng)通網(wǎng)絡(luò)和 telnet 服務(wù)器配置 略!驗證:內(nèi)網(wǎng) 192.168.1.2 分別 PING 電信與網(wǎng)通. inside#ping 202.10.2Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 202.100.1.2, timeout is 2 seconds:!Success rate is 100 percent (5/5,
13、 round-trip min/avg/max = 4/4/4 ms inside#ping 202.20.2Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 202.200.1.2, timeout is 2 seconds:!批注 canhong22: 配置包過濾,允許 dianxin 、yidong 與 local 、trust 之間的入方向和 出方向。沒有允許的話,則外 網(wǎng)無法 PING 通防火墻的出接 口。a w e i > d i splay fi r e w a ll session t a b
14、l e 11:38:23 2010/11/06Current total sessions: 3icmp VPN: public -> public192.168.1.2:320.1.1:23088->202.100.1.2:3tcp VPN: public -> public 192.168.:1024->192.168.1.2:23 icmp VPN: public -> public192.168.1.2:420.1.1:43288->202.200.1.2:4驗證成功!huaweidisplay current-configuration11:54:
15、30 2010/11/06#acl number 2000rule 10 permit source 192.168.1.0 0.0.0.255批注 canhong23: 查看 NAT轉(zhuǎn)換列表批注 canhong24: 查看當(dāng)前 配置#sysname huawei#super password level 3 cipher S*H+DFHFSQ=QMAF4<1!#web-manager enable#info-center timestamp debugging date#firewall packet-filter default permit interzone local trus
16、t direction inbound firewall packet-filter default permit interzone local trust direction outbound firewall packet-filter default permit interzone local untrust direction inboundfirewall packet-filter default permit interzone local dmz direction inbound firewall packet-filter default permit interzon
17、e local dmz direction outbound firewall packet-filter default permit interzone local vzone direction inbound firewall packet-filter default permit interzone local vzone direction outbound firewall packet-filter default permit interzone local dianxin direction inbound firewall packet-filter default p
18、ermit interzone local dianxin direction outbound firewall packet-filter default permit interzone local yidong direction inbound firewall packet-filter default permit interzone local yidong direction outbound firewall packet-filter default permit interzone trust untrust direction inbound firewall pac
19、ket-filter default permit interzone trust untrust direction outbound firewall packet-filter default permit interzone trust dmz direction inbound firewall packet-filter default permit interzone trust dmz direction outbound firewall packet-filter default permit interzone trust vzone direction inbound
20、firewall packet-filter default permit interzone trust vzone direction outbound firewall packet-filter default permit interzone trust dianxin direction inbound firewall packet-filter default permit interzone trust dianxin direction outbound firewall packet-filter default permit interzone trust yidong
21、 direction inbound firewall packet-filter default permit interzone trust yidong direction outbound firewall packet-filter default permit interzone dmz untrust direction inbound firewall packet-filter default permit interzone dmz untrust direction outbound firewall packet-filter default permit interz
22、one untrust vzone direction inbound firewall packet-filter default permit interzone untrust vzone direction outbound firewall packet-filter default permit interzone dmz vzone direction inbound firewall packet-filter default permit interzone dmz vzone direction outbound#dhcp enable#firewall statistic
23、 system enable#vlan 1#interface Cellular0/1/0 link-protocol ppp#interface Vlanif1description #conn to local#ip address 192.168.1.1 #interface Ethernet1/0/0 port link-type access#interface Ethernet1/0/1 port link-type access#interface Ethernet1/0/2 port link-type access#interface Ethernet1/0/3 port l
24、ink-type access#interface Ethernet1/0/4 port link-type access#interface GigabitEthernet0/0/0 description #conn to dianxin link# ip address 202.100.1.1 #interface GigabitEthernet0/0/1 description #conn to yidong link# ip address 202.200.1.1 #interface NULL0#firewall zone local set priority 100#firewall zone trust set priority 85add interface Vlanif1#firewall zone untrust set priority 5#firewall zone dmz set priority 50#firewall zone vzone set priority 0#firewall zone name dianxin set priority 4add interface GigabitEthernet0/0/0#firewall zone name yidong s
溫馨提示
- 1. 本站所有資源如無特殊說明,都需要本地電腦安裝OFFICE2007和PDF閱讀器。圖紙軟件為CAD,CAXA,PROE,UG,SolidWorks等.壓縮文件請下載最新的WinRAR軟件解壓。
- 2. 本站的文檔不包含任何第三方提供的附件圖紙等,如果需要附件,請聯(lián)系上傳者。文件的所有權(quán)益歸上傳用戶所有。
- 3. 本站RAR壓縮包中若帶圖紙,網(wǎng)頁內(nèi)容里面會有圖紙預(yù)覽,若沒有圖紙預(yù)覽就沒有圖紙。
- 4. 未經(jīng)權(quán)益所有人同意不得將文件中的內(nèi)容挪作商業(yè)或盈利用途。
- 5. 人人文庫網(wǎng)僅提供信息存儲空間,僅對用戶上傳內(nèi)容的表現(xiàn)方式做保護處理,對用戶上傳分享的文檔內(nèi)容本身不做任何修改或編輯,并不能對任何下載內(nèi)容負責(zé)。
- 6. 下載文件中如有侵權(quán)或不適當(dāng)內(nèi)容,請與我們聯(lián)系,我們立即糾正。
- 7. 本站不保證下載資源的準確性、安全性和完整性, 同時也不承擔(dān)用戶因使用這些下載資源對自己和他人造成任何形式的傷害或損失。
最新文檔
- 2024年職業(yè)技能:醫(yī)院統(tǒng)計學(xué)人員知識考試題與答案
- 人力資源政策對能源行業(yè)綠色轉(zhuǎn)型影響的研究
- 股權(quán)激勵對公司高層管理人員行為的影響
- 江蘇省南通市海安市十校聯(lián)考2023-2024學(xué)年中考適應(yīng)性考試數(shù)學(xué)試題含解析
- unit3(基礎(chǔ)作業(yè))2024-2025學(xué)年六年級上冊 英語 人教版
- 2023年鹽城市婦幼保健院招聘衛(wèi)生類專業(yè)技術(shù)人員考試試題及答案
- 2023年鐵門關(guān)市人民醫(yī)院招聘筆試真題
- 2023年淮南鳳臺縣重點工程建設(shè)服務(wù)中心招聘考試試題及答案
- 2023年亳州市婦幼保健院招聘考試試題及答案
- 2024年黔西南客運上崗證模擬考試題
- 2024年秋季人教新目標版七年級上冊英語全冊教學(xué)課件(新教材)
- 2023-2024學(xué)年云南省云大附中高三(最后沖刺)語文試卷含解析
- python程序設(shè)計教學(xué)教案
- 《加州旅館》老鷹樂隊原版多吉他完整版吉他六線譜(共7頁)
- 莫高窟旅游業(yè)帶來的影響
- GB∕T 12719-2021 礦區(qū)水文地質(zhì)工程地質(zhì)勘查規(guī)范
- 8.2太原天網(wǎng)系統(tǒng)運行維護方案
- 基于圓概率誤差的定位精度評定辦法
- 四上Unit3alet'slearn教學(xué)設(shè)計
- 燕窩品鑒會策劃方案
- 絞肉機操作規(guī)程
評論
0/150
提交評論