配置如下:interface GigabitEthernet0/1
port link-mode route
nat outbound 2002
ip address *.*.*.* *.*.*.*
acl number 2002
rule 0 permit
zone name Untrust id 4
priority 5
import interface GigabitEthernet0/1
import interface GigabitEthernet0/2
import interface GigabitEthernet0/3
import interface GigabitEthernet0/4
interzone source Trust destination Untrust
rule 0 permit
source-ip any_address
destination-ip any_address
service any_service
rule enable
interzone source Untrust destination Trust
rule 0 permit
source-ip any_address
destination-ip any_address
service any_service
rule enable