标签:policy
1.NAT-Src with PAT Enabled
CLI:
set int eth1 zone trust
set int eth1 ip 10.1.1.1/24
set int eth1 nat
set int eth3 zone untrust
set int eth3 ip 1.1.1.1/24
set int eth3 route
set int eth3 dip 5 1.1.1.30 1.1.1.30
set policy from trust to untrust any any any nat src dip-id 5 permit log
2.NAT-Src with PAT Disabled
CLI:
set int eth1 zone trust
set int eth1 ip 10.1.1.1/24
set int eth1 nat
set int eth3 zone untrust
set int eth3 ip 1.1.1.1/24
set int eth3 route
set int eth3 dip 6 1.1.1.50 1.1.1.150 fix-port
set policy from trust to untrust any any any nat src dip-ip 6 permit log
3.NAT-Src with Address Shifting
CLI:
set int eth1 zone trust
set int eth1 ip 10.1.1.1/24
set int eth1 nat
set int eth3 zone untrust
set int eth3 ip 1.1.1.1/24
set int eth3 ip route
set int eth3 dip 10 shift-from 10.1.1.11 to 1.1.1.101 1.1.1.105
set address trust host1 10.1.1.11/32
set address trust host2 10.1.1.12/32
set address trust host3 10.1.1.13/32
set address trust host4 10.1.1.14/32
set address trust host5 10.1.1.15/32
set group address trust group1 add host1
set group address trust group1 add host2
set group address trust group1 add host3
set group address trust group1 add host4
set group address trust group1 add host5
set policy from trust to untrust group1 any any nat src dip-id 10 permit log
3.NAT-Src Without DIP
CLI :
set int eth1 zone trust
set int eth1 ip 10.1.1.1/24
set int eth1 nat
set int eth3 zone untrust
set int eth3 ip 1.1.1.1/24
set int eth3 route
set policy from trust to untrust any any any nat src permit log
本文出自 “CHJ农民工” 博客,请务必保留此出处http://3155099.blog.51cto.com/3145099/1611600
标签:policy
原文地址:http://3155099.blog.51cto.com/3145099/1611600
