3.4 防火墙源NAT-Smart-NAT

1.创建公有地址组

nat address-group ag11 
 mode no-pat global
 route enable
 smart-nopat 120.1.1.104
 section 0 120.1.1.101 120.1.1.103

2.创建NAT策略绑定地址组

nat-policy
 rule name 192_168_1_0_nat
  source-zone trust
  destination-zone untrust
  source-address 192.168.1.0 mask 255.255.255.0
  action source-nat address-group ag11

3.内网客户机连通性测试后查看防火墙会话表和server-map表

display firewall session table all

icmp  VPN: public --> public  192.168.1.1:13892[120.1.1.101:13892] --> 80.1.1.1:2048
 icmp  VPN: public --> public  192.168.1.3:14148[120.1.1.103:14148] --> 80.1.1.1:2048
 icmp  VPN: public --> public  192.168.1.2:14148[120.1.1.102:14148] --> 80.1.1.1:2048
 icmp  VPN: public --> public  192.168.1.4:256[120.1.1.104:2048] --> 80.1.1.1:2048

display firewall server-map       
2023-07-27 11:16:24.250 
 Current Total Server-map : 6
 Type: No-Pat Reverse, ANY -> 120.1.1.102[192.168.1.2],  Zone:---
 Protocol: ANY, TTL:---, Left-Time:---,  Pool: 2, Section: 0
 Vpn: public

 Type: No-Pat Reverse, ANY -> 120.1.1.101[192.168.1.1],  Zone:---
 Protocol: ANY, TTL:---, Left-Time:---,  Pool: 2, Section: 0
 Vpn: public

 Type: No-Pat Reverse, ANY -> 120.1.1.103[192.168.1.3],  Zone:---
 Protocol: ANY, TTL:---, Left-Time:---,  Pool: 2, Section: 0
 Vpn: public

 Type: No-Pat,  192.168.1.2[120.1.1.102] -> ANY,  Zone:---
 Protocol: ANY, TTL:360, Left-Time:360,  Pool: 2, Section: 0
 Vpn: public

 Type: No-Pat,  192.168.1.1[120.1.1.101] -> ANY,  Zone:---
 Protocol: ANY, TTL:360, Left-Time:358,  Pool: 2, Section: 0
 Vpn: public

 Type: No-Pat,  192.168.1.3[120.1.1.103] -> ANY,  Zone:---
 Protocol: ANY, TTL:360, Left-Time:359,  Pool: 2, Section: 0
© 版权声明
THE END
喜欢就支持一下吧
点赞12 分享
评论 抢沙发
头像
欢迎您留下宝贵的见解!
提交
头像

昵称

取消
昵称

    请登录后查看评论内容