NAT Server

NAT Server

拓扑

配置

配置基本参数

FW：
	interface GigabitEthernet0/0/0
 		undo shutdown
 		ip address 192.168.1.254 255.255.255.0
	#
	interface GigabitEthernet1/0/0
 		undo shutdown
 		ip address 200.200.200.1 255.255.255.252

划分安全区域

FW：
    firewall zone dmz
 		set priority 50
 		add interface GigabitEthernet0/0/0
	#
	firewall zone untrust
 		set priority 5
 		add interface GigabitEthernet1/0/0

配置安全策略，允许外部网络用户访问内部服务器

FW：
	security-policy
 		rule name server
  			source-zone untrust
  			destination-zone dmz
  			destination-address 192.168.1.1 32
  			action permit

配置NAT Server功能

FW：
    nat server web protocol tcp global  200.200.200.1 8080 inside  192.168.1.1 www

验证

[FW]display  firewall session table  
2023-12-09 16:16:30.170 
 Current Total Sessions : 1
 http  VPN: public --> public  200.200.200.2:2059 --> 200.200.200.1:8080[192.168.1.1:80]