Shulou(Shulou.com)06/01 Report--

The first step, basic configuration (interface address, area, routing)

The second step, security policy (open the corresponding address)

The third step, do source address translation

Step 4: create an address pool (nat address-group 1 123.126.109.1 123.126.109.1 is the public network address)

Step 5, Port Mapping

Step 6: do NAT in the domain

Pay attention to the difference from SNAT, the strategy direction is different.

Nat-policy zone trust

Policy 1

Action source-nat

Policy source 192.168.1.0 mask 24 matches all private network hosts ip that need to be accessed through the public network

Policy destination 192.168.100.100 mask 32 matches the server address

After address-group 1 matches, the source address is translated into the address in this pool

Configure without no-reverse parameter

1. When a public network user accesses the server, the device can convert the public network address of the server into a private network address.

2. At the same time, when the server accesses the public network actively, the device can also translate the private network address of the server into the public network address.

After configuring the parameter no-reverse

1. The device only converts the public network address into the private network address, but cannot convert the private network address into the public network address. The nat policy of outbound needs to be implemented when the internal server actively accesses the external network.

In the case of double egress, NAT Server deployment is configured with no-reverse, which is divided into two sources.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.