配置防火墙 g0/0/2 端口添加至 trust 域,g0/0/1 端口添加至 untrust 域。配置 trust 域到untrust 域规则,放行内部地址 172.16.105.0/24 网段。配置 NAT 规则,匹配内部地址172.16.105.0/24 网段,使用 g0/0/1 端口的地址进行转换。
[SRG]firewall zone trust //防火墙信任区域
[SRG-zone-trust]add interface GigabitEthernet 0/0/2
[SRG-zone-trust]quit
[SRG]firewall zone untrust
[SRG-zone-untrust]add interface GigabitEthernet 0/0/1
[SRG-zone-untrust]quit
[SRG]policy interzone trust untrust outbound
[SRG-policy-interzone-trust-untrust-outbound]policy 0
[SRG-policy-interzone-trust-untrust-outbound-0]action permit
[SRG-policy-interzone-trust-untrust-outbound-0]policy source 172.16.105.0 0.255.255.255
[SRG-policy-interzone-trust-untrust-outbound-0]quit
[SRG-policy-interzone-trust-untrust-outbound]quit
[SRG]nat-policy interzone trust untrust outbound
[SRG-nat-policy-interzone-trust-untrust-outbound]policy 1
[SRG-nat-policy-interzone-trust-untrust-outbound-1]action source-nat
[SRG-nat-policy-interzone-trust-untrust-outbound-1]policy source 172.16.105.0 0.255.255.255
[SRG-nat-policy-interzone-trust-untrust-outbound-1]easy-ip GigabitEthernet 0/0/1
这个怎么弄啊?求教程。
按照步骤做就可以。