魔女团新闻

VRRP+NAT案例

韵味老鸟 2024-06-17 07:16:35

VRRP+NAT案例

配置：

#PC1

IP：192.168.137.10

GW：192.168.137.1

#PC2

IP：192.168.30.10

GW：192.168.30.2

#SW1(internet)

sysname Internet

interface Vlan-interface1

ip address 192.168.137.1 255.255.255.0

#SW2

sysname SW

interface Vlan-interface1

ip address 192.168.30.254 255.255.255.0

telnet server enable

line vty 0 4

authentication-mode scheme

user-role network-admin

quit

local-user admin

password simple gh2023meng

service-type telnet

authorization-attribute user-role network-admin

ip route-static 0.0.0.0 0 192.168.30.2

#FW1

sysname FW1

nat address-group 1

address 192.168.137.3 192.168.137.3

interface GigabitEthernet1/0/2

port link-mode route

combo enable copper

ip address 10.1.1.1 255.255.255.252

interface GigabitEthernet1/0/3

port link-mode route

combo enable copper

ip address 192.168.30.1 255.255.255.0

vrrp vrid 1 virtual-ip 192.168.30.2 active

interface GigabitEthernet1/0/1

port link-mode route

combo enable copper

shutdown

ip address 192.168.137.2 255.255.255.0

vrrp vrid 1 virtual-ip 192.168.137.3 active

vrrp vrid 2 virtual-ip 192.168.137.4 active

nat outbound address-group 1

nat server global 192.168.137.4 inside 192.168.30.254 rule ServerRule_1

security-zone name Trust

import interface GigabitEthernet1/0/3

security-zone name Untrust

import interface GigabitEthernet1/0/1

ip route-static 0.0.0.0 0 192.168.137.1

security-policy ip

rule 0 name permit-all

action pass

remote-backup group

data-channel interface GigabitEthernet1/0/2

local-ip 10.1.1.1

remote-ip 10.1.1.2

device-role primary

#FW2

sysname FW2

telnet server enable

nat address-group 1

address 192.168.137.3 192.168.137.3

interface GigabitEthernet1/0/2

port link-mode route

combo enable copper

ip address 10.1.1.2 255.255.255.252

interface GigabitEthernet1/0/3

port link-mode route

combo enable copper

ip address 192.168.30.3 255.255.255.0

vrrp vrid 1 virtual-ip 192.168.30.2 standby

interface GigabitEthernet1/0/1

port link-mode route

combo enable copper

ip address 192.168.137.5 255.255.255.0

vrrp vrid 1 virtual-ip 192.168.137.3 standby

vrrp vrid 2 virtual-ip 192.168.137.4 standby

nat outbound address-group 1

nat server global 192.168.137.4 inside 192.168.30.254 rule ServerRule_1

security-zone name Trust

import interface GigabitEthernet1/0/3

security-zone name Untrust

import interface GigabitEthernet1/0/1

ip route-static 0.0.0.0 0 192.168.137.1

security-policy ip

rule 0 name permit-all

action pass

remote-backup group

data-channel interface GigabitEthernet1/0/2

local-ip 10.1.1.2

remote-ip 10.1.1.1

device-role secondary

0 阅读：0