实战 | F1060路由模式典型组网配置案例(静态路由)
实战 | F1060路由模式典型组网配置案例(静态路由)
网络技术联盟站
发布于 2020-05-14 22:04:31
发布于 2020-05-14 22:04:31
组网及说明
组网说明:
本案例采用H3C HCL模拟器的F1060防火墙来模拟防火墙路由模式的典型部署。为了实现PC之间能够相互通信,因此需要分别在R1、R2、FW1采用三层互联,同时FW1采用路由模式,最终实现PC之间能够相互PING通。
配置步骤
1、按照网络拓扑图正确配置IP地址
2、R1、FW1、R2之间采用三层互联
3、R1、FW1、R2之间采用静态路由协议实现互通。
配置关键点
R1:
<H3C>sys
System View: return to User View with Ctrl+Z.
[H3C]sysname R1
[R1]int gi 0/0
[R1-GigabitEthernet0/0]ip address 192.168.1.1 24
[R1-GigabitEthernet0/0]quit
[R1]int gi 0/1
[R1-GigabitEthernet0/1]des <connect to FW1>
[R1-GigabitEthernet0/1]ip address 10.0.0.1 30
[R1-GigabitEthernet0/1]quit
[R1]int loopback 0
[R1-LoopBack0]ip address 1.1.1.1 32
[R1-LoopBack0]quit
[R1]ip route-static 0.0.0.0 0.0.0.0 10.0.0.2R2:
<H3C>sys
System View: return to User View with Ctrl+Z.
[H3C]sysname R2
[R2]int gi 0/0
[R2-GigabitEthernet0/0]ip address 172.16.1.1 24
[R2-GigabitEthernet0/0]quit
[R2]int gi 0/1
[R2-GigabitEthernet0/1]des <connect to FW1>
[R2-GigabitEthernet0/1]ip address 10.0.0.5 30
[R2-GigabitEthernet0/1]quit
[R2]int loopback 0
[R2-LoopBack0]ip address 3.3.3.3 32
[R2-LoopBack0]quit
[R2]ip route-static 0.0.0.0 0.0.0.0 10.0.0.6FW1:
<H3C>sys
System View: return to User View with Ctrl+Z.
[H3C]sysname FW1
[FW1]acl basic 2002
[FW1-acl-ipv4-basic-2002]rule 0 permit source any
[FW1-acl-ipv4-basic-2002]quit
[FW1]
[FW1]zone-pair security source trust destination untrust
[FW1-zone-pair-security-Trust-Untrust]packet-filter 2002
[FW1-zone-pair-security-Trust-Untrust]quit
[FW1]
[FW1]zone-pair security source untrust destination trust
[FW1-zone-pair-security-Untrust-Trust]packet-filter 2002
[FW1-zone-pair-security-Untrust-Trust]quit
[FW1]
[FW1]zone-pair security source trust destination local
[FW1-zone-pair-security-Trust-Local]packet-filter 2002
[FW1-zone-pair-security-Trust-Local]quit
[FW1]
[FW1]zone-pair security source local destination trust
[FW1-zone-pair-security-Local-Trust]packet-filter 2002
[FW1-zone-pair-security-Local-Trust]quit
[FW1]
[FW1]zone-pair security source untrust destination local
[FW1-zone-pair-security-Untrust-Local]packet-filter 2002
[FW1-zone-pair-security-Untrust-Local]quit
[FW1]
[FW1]zone-pair security source local destination untrust
[FW1-zone-pair-security-Local-Untrust]packet-filter 2002
[FW1-zone-pair-security-Local-Untrust]quit
[FW1]
[FW1]zone-pair security source trust destination trust
[FW1-zone-pair-security-Trust-Trust]packet-filter 2002
[FW1-zone-pair-security-Trust-Trust]quit
[FW1]
[FW1]zone-pair security source untrust destination untrust
[FW1-zone-pair-security-Untrust-Untrust]packet-filter 2002
[FW1-zone-pair-security-Untrust-Untrust]quit
[FW1]int loopback 0
[FW1-LoopBack0]ip address 2.2.2.2 32
[FW1-LoopBack0]quit
[FW1]int gi 1/0/2
[FW1-GigabitEthernet1/0/2]des <connect to R1>
[FW1-GigabitEthernet1/0/2]ip address 10.0.0.2 30
[FW1-GigabitEthernet1/0/2]quit
[FW1]int gi 1/0/3
[FW1-GigabitEthernet1/0/3]des <connect to R2>
[FW1-GigabitEthernet1/0/3]ip address 10.0.0.6 30
[FW1-GigabitEthernet1/0/3]quit
[FW1]security-zone name Trust
[FW1-security-zone-Trust]import interface GigabitEthernet 1/0/2
[FW1-security-zone-Trust]import interface loopback 0
[FW1-security-zone-Trust]quit
[FW1]security-zone name Untrust
[FW1-security-zone-Untrust]import interface GigabitEthernet 1/0/3
[FW1-security-zone-Untrust]quit
[FW1]ip route-static 192.168.1.0 255.255.255.0 10.0.0.1
[FW1]ip route-static 172.16.1.0 255.255.255.0 10.0.0.5测试:
PC都填写IP地址:
PC之间可以相互PING通:
分别查看R1、R2、FW1的路由表:
至此,F1060路由模式典型组网配置案例(静态路由)已完成!
本文参与 腾讯云自媒体分享计划,分享自微信公众号。
原始发表:2020-05-14,如有侵权请联系 cloudcommunity@tencent.com 删除
评论
登录后参与评论
推荐阅读
目录