日日操夜夜添-日日操影院-日日草夜夜操-日日干干-精品一区二区三区波多野结衣-精品一区二区三区高清免费不卡

組網(wǎng)及規(guī)劃：

華為USG6000作為邊界網(wǎng)關(guān)實(shí)現(xiàn)企業(yè)內(nèi)部網(wǎng)絡(luò)出口，防火墻實(shí)現(xiàn)內(nèi)部網(wǎng)絡(luò)NAT功能實(shí)現(xiàn)訪問Inte.NET功能

實(shí)現(xiàn)公司財(cái)務(wù)部門訪問內(nèi)網(wǎng)服務(wù)器。

辦公網(wǎng)絡(luò)不能訪問內(nèi)網(wǎng)服務(wù)器，

辦公室及財(cái)務(wù)部均可以訪問外網(wǎng)。

外部網(wǎng)絡(luò)可以通過NatServer實(shí)現(xiàn)外部網(wǎng)絡(luò)通過8080端口訪問內(nèi)網(wǎng)服務(wù)器80端口。

網(wǎng)絡(luò)規(guī)劃：辦公網(wǎng)地址段：192.168.10.0/24 VLAN：10

財(cái)務(wù)地址段：192.168.20.0/24 VLAN：20

服務(wù)器地址段：192.168.200.0/24

運(yùn)營商固定IP地址：202.1.1.1/24

網(wǎng)絡(luò)組網(wǎng)見下圖：

 

 

辦公接入交換機(jī)配置：

sysname BanGong

#

vlan batch 10

#

interface Eth-Trunk1

port link-type trunk

port trunk allow-pass vlan 10

#

interface GigabitEthernet0/0/1

port link-type access

port default vlan 10

interface GigabitEthernet0/0/23

eth-trunk 1

#

interface GigabitEthernet0/0/24

eth-trunk 1

財(cái)務(wù)接入交換機(jī)配置：

sysname CaiWu

#

vlan batch 20

interface Eth-Trunk1

port link-type trunk

port trunk allow-pass vlan 20

#

interface GigabitEthernet0/0/1

port link-type access

port default vlan 20

interface GigabitEthernet0/0/23

eth-trunk 1

#

interface GigabitEthernet0/0/24

eth-trunk 1

#

核心交換機(jī)配置：

sysname SW

#

undo info-center enable

#

vlan batch 10 20 100

#

interface Vlanif10

ip address 192.168.10.254 255.255.255.0

#

interface Vlanif20

ip address 192.168.20.254 255.255.255.0

#

interface Vlanif100

ip address 192.168.100.1 255.255.255.0

#

interface Eth-Trunk1

port link-type trunk

port trunk allow-pass vlan 10

#

interface Eth-Trunk2

port link-type trunk

port trunk allow-pass vlan 20

#

interface GigabitEthernet0/0/1

port link-type access

port default vlan 100

#

 

interface GigabitEthernet0/0/21

eth-trunk 2

#

interface GigabitEthernet0/0/22

eth-trunk 2

#

interface GigabitEthernet0/0/23

eth-trunk 1

#

interface GigabitEthernet0/0/24

eth-trunk 1

#

ip route-static 0.0.0.0 0.0.0.0 192.168.100.2

#

防火墻配置：

acl number 2000

rule 5 permit source 192.168.10.0 0.0.0.255

#

interface GigabitEthernet0/0/0

undo shutdown

ip address 202.1.1.1 255.255.255.0

#

interface GigabitEthernet1/0/0

undo shutdown

ip address 192.168.100.2 255.255.255.0

#

interface GigabitEthernet1/0/1

undo shutdown

ip address 192.168.200.254 255.255.255.0

#

firewall zone local

set priority 100

#

firewall zone trust

set priority 85

add interface GigabitEthernet1/0/0

#

firewall zone untrust

set priority 5

add interface GigabitEthernet0/0/0

#

firewall zone dmz

set priority 50

add interface GigabitEthernet1/0/1

#

ip route-static 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0 202.1.1.2

ip route-static 192.168.10.0 255.255.255.0 192.168.100.1

ip route-static 192.168.20.0 255.255.255.0 192.168.100.1

#

nat server 0 protocol tcp global 202.1.1.1 8080 inside 192.168.200.1 www

#

security-policy

rule name policy_ses_1

source-zone trust

destination-zone untrust

source-address 192.168.10.0 mask 255.255.255.0

action permit

rule name policy_ses_2

source-zone trust

destination-zone dmz

source-address 192.168.20.0 mask 255.255.255.0

action permit

rule name policy_ses_3

source-zone trust

destination-zone untrust

source-address 192.168.20.0 mask 255.255.255.0

action permit

rule name Untrust_DMA

source-zone untrust

destination-zone dmz

destination-address 192.168.200.1 mask 255.255.255.255

action permit

#

nat-policy

rule name policy_nat_1

source-zone trust

egress-interface GigabitEthernet0/0/0

source-address 192.168.10.0 mask 255.255.255.0

action source-nat easy-ip

rule name policy_nat_2

source-zone trust

egress-interface GigabitEthernet0/0/0

source-address 192.168.20.0 mask 255.255.255.0

action source-nat easy-ip

驗(yàn)證配置：辦公PC可以訪問Internet，不能訪內(nèi)網(wǎng)問服務(wù)器。

 

 

 

財(cái)務(wù)PC:可以訪問Internet，也可以訪問內(nèi)網(wǎng)服務(wù)器。

 

 

外網(wǎng)PC可以通過NATSERVER實(shí)現(xiàn)訪問內(nèi)網(wǎng)服務(wù)器：