Juniper NetScreen 基于源NAT转换
1.NAT-Src with PAT Enabled
CLI:
set int eth1 zone trust
set int eth1 ip 10.1.1.1/24
set int eth1 nat
set int eth3 zone untrust
set int eth3 ip 1.1.1.1/24
set int eth3 route
set int eth3 dip 5 1.1.1.30 1.1.1.30
set policy from trust to untrust any any any nat src dip-id 5 permit log
2.NAT-Src with PAT Disabled
CLI:
set int eth1 zone trust
set int eth1 ip 10.1.1.1/24
set int eth1 nat
set int eth3 zone untrust
set int eth3 ip 1.1.1.1/24
set int eth3 route
set int eth3 dip 6 1.1.1.50 1.1.1.150 fix-port
set policy from trust to untrust any any any nat src dip-ip 6 permit log
3.NAT-Src with Address Shifting
CLI:
set int eth1 zone trust
set int eth1 ip 10.1.1.1/24
set int eth1 nat
set int eth3 zone untrust
set int eth3 ip 1.1.1.1/24
set int eth3 ip route
set int eth3 dip 10 shift-from 10.1.1.11 to 1.1.1.101 1.1.1.105
set address trust host1 10.1.1.11/32
set address trust host2 10.1.1.12/32
set address trust host3 10.1.1.13/32
set address trust host4 10.1.1.14/32
set address trust host5 10.1.1.15/32
set group address trust group1 add host1
set group address trust group1 add host2
set group address trust group1 add host3
set group address trust group1 add host4
set group address trust group1 add host5
set policy from trust to untrust group1 any any nat src dip-id 10 permit log
3.NAT-Src Without DIP
CLI :
set int eth1 zone trust
set int eth1 ip 10.1.1.1/24
set int eth1 nat
set int eth3 zone untrust
set int eth3 ip 1.1.1.1/24
set int eth3 route
set policy from trust to untrust any any any nat src permit log
本文出自 “CHJ农民工” 博客,请务必保留此出处http://3155099.blog.51cto.com/3145099/1611600
郑重声明:本站内容如果来自互联网及其他传播媒体,其版权均属原媒体及文章作者所有。转载目的在于传递更多信息及用于网络分享,并不代表本站赞同其观点和对其真实性负责,也不构成任何其他建议。