- 论坛徽章:
- 0
|
本帖最后由 RootZero_cu 于 2013-01-25 01:32 编辑
网络构架.
三条ISP线路,三个公网地址.三个内网,三个内网网段.三个内网每一个使用一个固定的ISP线路上INTER
即192.168.10.0通过1.1.1.42这个地址上网,192.168.20.0通过1.1.1.38这个地址上网,192.168.50.0通过1.1.1.34这个地址上网
我的配置如下..请高人帮忙看一下.
sysname USG5100
#
l2tp domain suffix-separator @
#
new-connection alarm threshold 20000
#
firewall packet-filter default permit interzone local trust direction inbound
firewall packet-filter default permit interzone local trust direction outbound
firewall packet-filter default permit interzone local untrust direction outbound
firewall packet-filter default permit interzone local dmz direction outbound
firewall packet-filter default permit interzone local f1_lan direction outbound
firewall packet-filter default permit interzone local f2tof4_lan direction outbound
firewall packet-filter default permit interzone local f5tof8_lan direction outbound
firewall packet-filter default permit interzone local f1_internet direction outbound
firewall packet-filter default permit interzone local f2tof4_internet direction outbound
firewall packet-filter default permit interzone local f5tof8_internet direction outbound
firewall packet-filter default permit interzone f1_lan f1_internet direction inbound
firewall packet-filter default permit interzone f1_lan f1_internet direction outbound
firewall packet-filter default permit interzone f2tof4_lan f2tof4_internet direction inbound
firewall packet-filter default permit interzone f2tof4_lan f2tof4_internet direction outbound
firewall packet-filter default permit interzone f5tof8_lan f5tof8_internet direction inbound
firewall packet-filter default permit interzone f5tof8_lan f5tof8_internet direction outbound
#
ip df-unreachables enable
#
firewall ipv6 session link-state check
firewall ipv6 statistic system enable
#
dns resolve
dns server 211.138.75.123
dns server 8.8.8.8
#
firewall statistic system enable
#
dns proxy enable
#
interface GigabitEthernet0/0/0
description To_F5toF8-Internet
ip address 1.1.1.34 255.255.255.252
#
interface GigabitEthernet0/0/1
description To_F2toF4_Internet
ip address 1.1.1.38 255.255.255.252
#
interface GigabitEthernet0/0/2
description To_F1_Internet
ip address 1.1.1.42 255.255.255.252
#
interface GigabitEthernet0/0/3
#
interface GigabitEthernet0/0/3.1
vlan-type dot1q 10
description To_F1_LAN
ip address 192.168.10.1 255.255.255.0
#
interface GigabitEthernet0/0/3.2
vlan-type dot1q 20
description To_F2toF4_LAN
ip address 192.168.20.1 255.255.255.0
#
interface GigabitEthernet0/0/3.5
vlan-type dot1q 50
description To_F5toF8_LAN
ip address 192.168.50.1 255.255.255.0
#
firewall zone name f1_lan
set priority 71
detect ftp
detect rtsp
detect mms
detect mgcp
detect sip
detect pptp
detect sqlnet
detect h323
detect qq
detect msn
detect dns
detect ils
detect netbios
add interface GigabitEthernet0/0/3.1
#
firewall zone name f2tof4_lan
set priority 72
detect ftp
detect rtsp
detect mms
detect mgcp
detect sip
detect pptp
detect sqlnet
detect h323
detect qq
detect dns
detect ils
detect netbios
add interface GigabitEthernet0/0/3.2
#
firewall zone name f5tof8_lan
set priority 75
detect ftp
detect rtsp
detect mms
detect mgcp
detect sip
detect pptp
detect sqlnet
detect h323
detect qq
detect dns
detect ils
detect netbios
add interface GigabitEthernet0/0/3.5
#
firewall zone name f1_internet
set priority 11
detect ftp
detect rtsp
detect mms
detect mgcp
detect sip
detect pptp
detect sqlnet
detect h323
detect qq
detect dns
detect ils
detect netbios
add interface GigabitEthernet0/0/2
#
firewall zone name f2tof4_internet
set priority 12
detect ftp
detect rtsp
detect mms
detect mgcp
detect sip
detect pptp
detect sqlnet
detect h323
detect qq
detect dns
detect ils
detect netbios
add interface GigabitEthernet0/0/1
#
firewall zone name f5tof8_internet
set priority 15
detect ftp
detect rtsp
detect mms
detect mgcp
detect sip
detect pptp
detect sqlnet
detect h323
detect qq
detect dns
detect ils
detect netbios
add interface GigabitEthernet0/0/0
#
ip route-static 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0 1.1.1.33
ip route-static 0.0.0.0 0.0.0.0 GigabitEthernet0/0/1 1.1.1.37
ip route-static 0.0.0.0 0.0.0.0 GigabitEthernet0/0/2 1.1.1.41
#
policy interzone f1_lan f1_internet outbound
policy 1
action permit
policy source 192.168.10.0 0.0.0.255
#
policy interzone f2tof4_lan f2tof4_internet outbound
policy 1
action permit
policy source 192.168.20.0 0.0.0.255
#
policy interzone f5tof8_lan f5tof8_internet outbound
policy 1
action permit
policy source 192.168.50.0 0.0.0.255
#
nat-policy interzone f1_lan f1_internet outbound
policy 1
action source-nat
policy source 192.168.10.0 0.0.0.255
easy-ip GigabitEthernet0/0/2
#
nat-policy interzone f2tof4_lan f2tof4_internet outbound
policy 1
action source-nat
policy source 192.168.20.0 0.0.0.255
easy-ip GigabitEthernet0/0/1
#
nat-policy interzone f5tof8_lan f5tof8_internet outbound
policy 1
action source-nat
policy source 192.168.50.0 0.0.0.255
easy-ip GigabitEthernet0/0/0
#
我不知道这样对不对.帮忙看一下. |
|
免费注册
发表于 2013-01-25 01:27