华为ENSP模拟器模拟防火墙的源NAT实验

1、一、建立实验拓扑，准备好实验环境

1、首先安装华为eNSP模拟器

2、打开模拟器

2、二、配置模拟器

1、打开模拟器添加两台电脑和一台防火墙

2、配置防火墙的接口地址

在这里我用的CRT连接模拟器的防火墙

配置如下

<SRG>sys

22:05:35  2017/02/02

Enter system view, return user view with Ctrl+Z.

[SRG]int g0/0/1

22:05:44  2017/02/02

[SRG-GigabitEthernet0/0/1]

[SRG-GigabitEthernet0/0/1]

[SRG-GigabitEthernet0/0/1]ip add 192.168.1.1 255.255.255.0

22:06:09  2017/02/02

[SRG-GigabitEthernet0/0/1]dis th

22:06:12  2017/02/02

#

interface GigabitEthernet0/0/1

 ip address 192.168.1.1 255.255.255.0 

#

return

[SRG-GigabitEthernet0/0/1]quit

22:06:28  2017/02/02

[SRG]int g0/0/2

22:06:33  2017/02/02

[SRG-GigabitEthernet0/0/2]ip add 2.2.2.1 255.255.255.0

22:06:47  2017/02/02

[SRG-GigabitEthernet0/0/2]dis th

22:06:50  2017/02/02

#

interface GigabitEthernet0/0/2

 ip address 2.2.2.1 255.255.255.0 

#

return

[SRG-GigabitEthernet0/0/2]quit

22:06:54  2017/02/02

[SRG]                           

3、三、配置防火墙的安全区域

[USG]firewall zone trust 

[USG-zone-trust]add interface GigabitEthernet 1/0/0 

[USG-zone-trust]quit

[USG]firewall zone untrust   

[USG-zone-untrust]add interface GigabitEthernet 1/0/1

[USG-zone-untrust]quit

4、四、配置防火墙的域间包过滤

[USG] security-policy

[USG-policy-security] rule name source_nat

[USG-policy-security-rule-source_nat] source-addresss 192.168.1.0 24

[USG-policy-security-rule-source_nat] source-zone trust 

[USG-policy-security-rule-source_nat] destination-zone untrust

[USG-policy-security-rule-source_nat] action permit 

5、五、配置防火墙的NAT

[USG] nat address-group 1

[USG-nat-address-group-1] section 2.2.2.2 2.2.2.5

[USG] nat-policy 

[USG-policy-nat] rule name source_nat

[USG-policy-nat-rule-source_nat] destination-address 2.2.2.10 24

[USG-policy-nat-rule-source_nat] source-address 192.168.1.0 24

[USG-policy-nat-rule-source_nat] source-zone trust

[USG-policy-nat-rule-source_nat] destination-zone untrust

[USG-policy-nat-rule-source_nat] action nat address-group 1

6、六、检查结果

ping两台电脑的地址是否能通信