juniper srx做好基于目的地址池的映射后外网可以telnet a.a.a.a 22(a.a.a.a为公网IP),但是内网不能telnet a.a.a.a 22。具体解决方法:
/*/源地址转换的配置
主要用于当数据包的目标地址为192.168.1.251的时候,trust区域会先做一个NAT转换成接口地址,然后服务器会把数据包返回给防火墙的trust,而不会走向untrust的接口
set security nat source rule-set src-nat from zone trust
set security nat source rule-set src-nat to zone trust
set security nat source rule-set src-nat rule src match source-address 192.168.100.140/32
set security nat source rule-set src-nat rule src match destination-address 192.168.1.151/32
set security nat source rule-set src-nat rule src then source-nat interface
如果是静态一对一的映射,需加如下语句:
set security nat static rule-set static-nat from zone trust
转载于:https://blog.51cto.com/2526575/625898
3857
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
