NAT-SERVER

配置NAT server 

检验：

dis firewall session table
dis firewall server-map

 

拓扑图：

 

第一步：配置接口ip

第二步：配置安全区域

[FWl firewall zone dmz
[FW-zone-dmzl add interface GigabitEthernet 0/0/2
[FW-zone-dmz] quit
[FWl firewall zone untrustFW-zone-untrust, add interface GigabitEthernet 0/0/1
[FW-zone-untrustl quit

 

第三步：配置安全策略

[FW] security-policy
[FW-policy-security] rule name policy1
[FW-policy-security-rule-policy1l source-zone untrustIFW-policy-security-rule-policy1l destination-zone dmz
[FW-policy-security-rule-policy1] destination-address 172.16.1.10 24
[FW-policy-security-rule-policy1l action permit
[FW-policy-security-rule-policy1l quit

 

第四步：配置NAT Server

[FW] nat server policy_ftp protocol tcp global 192.168.1.10 ftp inside 172.16.1.10 ftp unr-route

 

第五步：开通FTP协议的NAT ACL

[FW] firewall interzone dmz untrust
[FW-interzone-dmz-untrustl detect ftp
[FW-interzone-dmz-untrustl quit

 

第六步：配置静态路由

[FWl] ip route-static 0.0.0.0 0.0.0.0 192.