关于如何设置Juniper MIP 设置方法

2018-08-28 19:03 2024，加油阅读(800) 评论(0) 编辑收藏举报

实验目的：

MIP

内网地址10.10.0.201/32

公网地址 218.17.153.237

全端口转发

设置规则

set security nat static rule-set 20 rule 201 match destionation-address 218.17.153.237/32

set security nat static rule-set 20 rule 201 then static-nat prefix 10.10.0.201/32

NAT

#srx_admin# set security nat destionation pool 111 address 10.10.0.201/32

#srx_admin# Set security nat destionation rule-set 1 from zone Ten-cdma-10-M

#srx_admin# set secuit nat destionation ruleset 1 rule 111 match soruce-address 0.0.0.0/0

#srx_admin# Set security nat destionation ruleset 1 rule 111 match destionation-address 218.17.153.237./32

#srx_admin# Set security nat destionation rule-set 1rule 11 then destionation-nat pool 11

srx_admin# Set security nat proxy-arp interface ge0/0/2 address 218.17.153.237/32

策略

srx_admin# Set security polices from-zone Ten-cdma-10-M to-zone inside policy MAIL match souce-address any

srx_admin# Set security polices from-zone Ten-cdma-10-M to-zone inside policy MAIL match destionation-address 10.10.0.201/32

srx_admin# Set security polices from-zone Ten-cdma-10-M t to-zone inside policy MAIL match application any

Set security polices from-zone Ten-cdma-10-M to zone inside policy MAIL then permit

Insert security policies from-zone Ten-10M-CDMA to-zone Inside policy MAIL before policy dy-vpn (策略前置)

刷新页面返回顶部

Alex001