安全防御第二次作业_实验

二、复现当天课程中的NAT演示实验包括源NAT、server nat、域内双向NAT、域间双向NAT，以及双机热备实验，练习课堂IPS配置实验。

配接口IP 

 

 

 PC1

 Client1

 server2

 server1 开启ftp

 client2

 新建安全策略

 NAT策略

源地址转换为地址池中的地址 

修改NAT策略

 

 新建NAT策略

 双向转换

 

 

双机热备实验

PC1 

 SW1

[sw1]vlan 2
[sw1-vlan2]vlan 3
[sw1-vlan3]q
[sw1]int vlan2
[sw1-Vlanif2]ip add 10.1.1.1 24
[sw1-Vlanif2]q
[sw1]int g0/0/3
[sw1-GigabitEthernet0/0/3]port link-type access 		
[sw1-GigabitEthernet0/0/3]port default vlan 2
[sw1-GigabitEthernet0/0/3]q
[sw1]int g0/0/1
[sw1-GigabitEthernet0/0/1]port link-type access 	
[sw1-GigabitEthernet0/0/1]port default vlan 3
[sw1-GigabitEthernet0/0/1]int g0/0/2	
[sw1-GigabitEthernet0/0/2]port link-type access 	
[sw1-GigabitEthernet0/0/2]port default vlan 3
[sw1-GigabitEthernet0/0/2]q
[sw1]ip route-static 0.0.0.0 0 10.1.2.254
[sw1]int vlan 3
[sw1-Vlanif3]ip add 10.1.2.1 24

PC2

 SW2

[sw2]vlan 2
[sw2-vlan2]vlan 3
[sw2-vlan3]q
[sw2]int g0/0/3
[sw2-GigabitEthernet0/0/3]port link-type access 
[sw2-GigabitEthernet0/0/3]port default vlan 2
[sw2-GigabitEthernet0/0/3]q

[sw2]int vlan 2
[sw2-Vlanif2]ip add 100.1.2.1 24
[sw2-Vlanif2]q
[sw2]int g0/0/1	
[sw2-GigabitEthernet0/0/1]port link-type access 
[sw2-GigabitEthernet0/0/1]port default vlan 3
[sw2-GigabitEthernet0/0/1]int g0/0/2	
[sw2-GigabitEthernet0/0/2]port link-type access 
[sw2-GigabitEthernet0/0/2]port default vlan 3
[sw2-GigabitEthernet0/0/2]q
[sw2]int vlan 3
[sw2-Vlanif3]ip add 100.1.1.1 24

[sw2]ip route-static 0.0.0.0 0 100.1.1.254

FW1

 

 FW2

 

 策略

 

  

 配置双机热备

 

 

 

负载结构

 

 SW2

[sw2]vlan 4
[sw2-vlan4]q

[sw2]int vlan 4
[sw2-Vlanif4]ip add 100.1.4.1 24

[sw2]int g0/0/4	
[sw2-GigabitEthernet0/0/4]port link-type access 
[sw2-GigabitEthernet0/0/4]port default vlan 4
[sw2]ip route-static 10.1.4.0 24 100.1.1.251

SW1

[sw1]vlan 4
[sw1-Vlanif4]ip add 10.1.4.1 24
[sw1-Vlanif4]q
[sw1]int g0/0/4
[sw1-GigabitEthernet0/0/4]port link-type access 
[sw1-GigabitEthernet0/0/4]port default vlan 4
[sw1]ip route-static 100.1.4.0 24 10.1.2.251

 

PC3 PC4

 

 

 

 

 IPS