私网用户通过Easy IP访问Internet

示例图

一、实验目的

1.私网用户通过Easy IP访问Internet

二、注意事项

1.easy-ip 没有 Server-map 表

三、Easy IP（出接口地址方式）

1.出接口地址方式是利用出接口的公网 IP 做源 NAT 转换。同时转换 IP 和端口

四、简单配置

sysname FW1
#
interface GigabitEthernet1/0/1
 undo shutdown
 ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet1/0/2
 undo shutdown
 ip address 1.1.1.1 255.255.255.0
#
firewall zone local
 set priority 100
#
firewall zone trust
 set priority 85
 add interface GigabitEthernet1/0/1
#
firewall zone untrust
 set priority 5
 add interface GigabitEthernet1/0/2
#
firewall zone dmz
 set priority 50
#
security-policy
 rule name policy1
  source-zone trust
  destination-zone untrust
  source-address 10.1.1.0 mask 255.255.255.0
  action permit
#
nat-policy
 rule name policy_nat1
  source-zone trust
  destination-zone untrust
  source-address 10.1.1.0 mask 255.255.255.0
  action source-nat easy-ip
#
return  

AR1

sysname AR1
#
interface GigabitEthernet0/0/0
 ip address 1.1.1.254 255.255.255.0 
#
ip route-static 0.0.0.0 0.0.0.0 1.1.1.1
#
return