In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-02-23 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)06/01 Report--
Experiment 1: configure No-Pat
1. Basic configuration:
2. R1 enables the Telnet function:
[R1] user-interface vty 0 4
[R1-ui-vty0-4] authentication-mode password?
Please press ENTER to execute command
[R1-ui-vty0-4] authentication-mode password
Please configure the login password (maximum length 16): cisco
[R1-ui-vty0-4] user privilege level 15
3. Configure the inter-Zone policy from Trust to Untrust:
[SRG] policy interzone trust untrust outbound
[SRG-policy-interzone-trust-untrust-outbound] policy create-mode auto-sort enable
[SRG-policy-interzone-trust-untrust-outbound] policy 5
[SRG-policy-interzone-trust-untrust-outbound-5] policy source 192.168.1.0 mask 24
[SRG-policy-interzone-trust-untrust-outbound-5] policy destination 202.100.1.0 mask 24
[SRG-policy-interzone-trust-untrust-outbound-5] policy service service-set telnet
[SRG-policy-interzone-trust-untrust-outbound-5] policy service service-set icmp
[SRG-policy-interzone-trust-untrust-outbound-5] action permit
4. The address of NAT is not translated before deployment:
Telnet 202.100.1.1
Login authentication
Password:cisco
5. Configure no-pat:
[SRG] nat address-group 1 202.100.1.10 202.100.1.20 / / create an address group
[SRG] nat-policy interzone trust untrust outbound / / create a NAT policy between Zone
[SRG-nat-policy-interzone-trust-untrust-outbound] policy 0
[SRG-nat-policy-interzone-trust-untrust-outbound-0] policy source 192.168.1.0 mask 24 / / Source address segment to be converted
[SRG-nat-policy-interzone-trust-untrust-outbound-0] address-group 1 no-pat / / translated address group and does not translate to port
[SRG-nat-policy-interzone-trust-untrust-outbound-0] action source-nat / / perform source conversion action
Test:
Telnet 202.100.1.1
View firewall session translation:
[SRG] display firewall session table verbose / / source port 50573, the translated port is still 50573
View the firewall Map:
[SRG] display firewall server-map
Experiment 2: configure PAT, port translation with external address pool
[SRG-nat-policy-interzone-trust-untrust-outbound-0] undo address-group
[SRG-nat-policy-interzone-trust-untrust-outbound-0] address-group 1
Test:
Telnet 202.100.1.1
[SRG] display firewall session table verbose
III. Experiment 3: configure Easy-IP to convert 192.168.1.2 to USG's g0Uniplet0 interface address.
[SRG] nat-policy interzone trust untrust outbound
[SRG-nat-policy-interzone-trust-untrust-outbound-1] policy 0
[SRG-nat-policy-interzone-trust-untrust-outbound-0] undo address-group
[SRG-nat-policy-interzone-trust-untrust-outbound-0] easy-ip GigabitEthernet 0/0/0
Test:
[SRG] display firewall session table verbose
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
