拓扑图:
目的:PC1和PC2相互ping通。
配置命令:
FW1:
//添加端口IP
[SRG-GigabitEthernet0/0/0]interface GigabitEthernet0/0/1
[SRG-GigabitEthernet0/0/1]ip add 192.168.1.1 24
[SRG]inter g0/0/2
[SRG-GigabitEthernet0/0/2]ip add 10.0.0.1 24
//做静态路由使得连通
[SRG]ip route-static 0.0.0.0 0 10.0.0.2
//进入区域
[SRG]firewall zone trust
//将接口划入相应区域
[SRG-zone-trust]add interface GigabitEthernet 0/0/1
[SRG]firewall zone untrust
[SRG-zone-untrust]add interface GigabitEthernet 0/0/2
//策略
[SRG]firewall packet-filter default permit interzone trust untrust direction outbound
Warning:Setting the default packet filtering to permit poses security risks. You are advised to configure the security policy based on the actual data flows. Are you sure you want to continue?[Y/N]y
[SRG]firewall packet-filter default permit interzone untrust trust direction inbound
Warning:Setting the default packet filtering to permit poses security risks. You are advised to configure the security policy based on the actual data flows. Are you sure you want to continue?[Y/N]y
FW2:
[SRG]inter g0/0/1
[SRG-GigabitEthernet0/0/1]ip add 192.168.2.1 24
[SRG-GigabitEthernet0/0/1]
[SRG]inter g0/0/2
[SRG-GigabitEthernet0/0/2]ip add 10.0.0.2 24
[SRG]ip route-static 0.0.0.0 0 10.0.0.1
[SRG]firewall zone untrust
[SRG-zone-untrust]add interface GigabitEthernet 0/0/2
[SRG]firewall zone trust
[SRG-zone-trust]add interface GigabitEthernet 0/0/1
[SRG]firewall packet-filter default permit interzone trust untrust direction inbound
Warning:Setting the default packet filtering to permit poses security risks. You are advised to configure the security policy based on the actual data flows. Are you sure you want to continue?[Y/N]y
[SRG]firewall packet-filter default permit interzone untrust trust direction outbound
Warning:Setting the default packet filtering to permit poses security risks. You are advised to configure the security policy based on the actual data flows. Are you sure you want to continue?[Y/N]y
结果:
扫一扫
4209
到【灌水乐园】发言
