1.创建公有地址组
nat address-group ag11
mode no-pat global
route enable
smart-nopat 120.1.1.104
section 0 120.1.1.101 120.1.1.103
2.创建NAT策略绑定地址组
nat-policy
rule name 192_168_1_0_nat
source-zone trust
destination-zone untrust
source-address 192.168.1.0 mask 255.255.255.0
action source-nat address-group ag11
3.内网客户机连通性测试后查看防火墙会话表和server-map表
display firewall session table all
icmp VPN: public --> public 192.168.1.1:13892[120.1.1.101:13892] --> 80.1.1.1:2048
icmp VPN: public --> public 192.168.1.3:14148[120.1.1.103:14148] --> 80.1.1.1:2048
icmp VPN: public --> public 192.168.1.2:14148[120.1.1.102:14148] --> 80.1.1.1:2048
icmp VPN: public --> public 192.168.1.4:256[120.1.1.104:2048] --> 80.1.1.1:2048
display firewall server-map
2023-07-27 11:16:24.250
Current Total Server-map : 6
Type: No-Pat Reverse, ANY -> 120.1.1.102[192.168.1.2], Zone:---
Protocol: ANY, TTL:---, Left-Time:---, Pool: 2, Section: 0
Vpn: public
Type: No-Pat Reverse, ANY -> 120.1.1.101[192.168.1.1], Zone:---
Protocol: ANY, TTL:---, Left-Time:---, Pool: 2, Section: 0
Vpn: public
Type: No-Pat Reverse, ANY -> 120.1.1.103[192.168.1.3], Zone:---
Protocol: ANY, TTL:---, Left-Time:---, Pool: 2, Section: 0
Vpn: public
Type: No-Pat, 192.168.1.2[120.1.1.102] -> ANY, Zone:---
Protocol: ANY, TTL:360, Left-Time:360, Pool: 2, Section: 0
Vpn: public
Type: No-Pat, 192.168.1.1[120.1.1.101] -> ANY, Zone:---
Protocol: ANY, TTL:360, Left-Time:358, Pool: 2, Section: 0
Vpn: public
Type: No-Pat, 192.168.1.3[120.1.1.103] -> ANY, Zone:---
Protocol: ANY, TTL:360, Left-Time:359, Pool: 2, Section: 0
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
请登录后查看评论内容