华为 SecPath防火墙配置PPPoE Server
SecPath
防火墙PPPoE Server典型配置
一、
组网需求:
PC
通过PPPOE拨号上网,公司内部WEB服务器、邮件服务器和FTP服务器需要映射到公网。
二、 组网图
SecPath1000F
:版本为Version 3.40, ESS 1604P01;
SecPath100F
:版本为Version 3.40, Release 1210P01;
Server
:Windows 2003,安装了WEB、MAIL和FTP服务;
PC
:Windows XP,PPPOE-Client。
三、
配置步骤
1.
SecPath1000F
的主要配置
#
sysname Company
#
firewall packet-filter enable
firewall packet-filter default permit
#
interface GigabitEthernet0/0
ip address 202.38.1.1 255.255.255.0
//
配置
NAT Server
nat server protocol tcp global 202.38.1.100 www inside 172.16.1.100 www
nat server protocol tcp global 202.38.1.100 ftp inside 172.16.1.100 ftp
nat server protocol tcp global 202.38.1.100 pop3 inside 172.16.1.100 pop3
nat server protocol tcp global 202.38.1.100 smtp inside 172.16.1.100 smtp
#
interface GigabitEthernet0/1
ip address 172.16.1.1 255.255.255.0
#
firewall zone untrust
add interface GigabitEthernet0/0
set priority 5
#
firewall zone DMZ
add interface GigabitEthernet0/1
set priority 50
#
ip route-static 0.0.0.0 0.0.0.0 202.38.1.2 //
配置默认路由
#
2.
SecPath100F
的主要配置
#
sysname ISP
#
firewall packet-filter enable
firewall packet-filter default permit
#
domain system //
定义地址池
ip pool 1 210.222.34.10 210.222.34.20
#
local-user
zhaobiao
//
创建
PPPOE
帐号
password simple 123
service-type ppp
#
acl number 2000
rule 0 permit
#
interface Virtual-Template1 //
创建虚模板
ppp authentication-mode chap
ip address 210.222.34.1 255.255.255.0
remote address pool 1
#
interface Ethernet0/0 //
配置
PPPOE-Server
pppoe-server bind Virtual-Template 1
#
interface Ethernet1/0
ip address 202.38.1.2 255.255.255.0
nat outbound 2000
#
firewall zone untrust
add interface Ethernet0/0
add interface Ethernet1/0
add interface Virtual-Template1
set priority 5
#
ip route-static 0.0.0.0 0.0.0.0 202.38.1.1 //
配置默认路由
#
3.
PC
的配置和验证