帮助我们改善您的体验。

让我们了解您的想法。

您是否能抽出两分钟的时间完成一份问卷调查?

close
keyboard_arrow_left
list Table of Contents

机器翻译对您有帮助吗?

starstarstarstarstar
Go to English page
免责声明:

我们将使用第三方机器翻译软件翻译本页面。瞻博网络虽已做出相当大的努力提供高质量译文,但无法保证其准确性。如果对译文信息的准确性有任何疑问,请参阅英文版本. 可下载的 PDF 仅提供英文版.

为下一代服务配置两次静态 NAT44

date_range 06-Dec-23

为两次静态 NAT44 配置源池和目标池

要为两次静态 NAT44 配置源池和目标池,请执行以下操作:

  1. 创建源池。
    content_copy zoom_out_map
    user@host# edit services nat source pool nat-pool-name
    
  2. 定义源地址转换为的地址或子网。
    content_copy zoom_out_map
    [edit services nat source pool nat-pool-name]
    user@host# set address address-prefix
    

    content_copy zoom_out_map
    [edit services nat source pool nat-pool-name]
    user@host# set address address-prefix to address address-prefix
    
  3. 通过指定原始源地址范围的基址,配置原始源地址范围到源池中地址范围的一对一静态移动。
    content_copy zoom_out_map
    [edit services nat source pool nat-pool-name]
    user@host# set host-address-base ip-address
    

    例如,如果主机地址基数为 198.51.100.30,而 NAT 池使用的范围是 203.0.113.10 到 203.0.113.20,则 198.51.100.30 表示 203.0.113.10,198.51.100.31 表示 203.0.113.11,依此类推。

  4. 创建目标池。不要使用与源池相同的名称。
    content_copy zoom_out_map
    user@host# edit services nat destination pool nat-pool-name
    
  5. 定义目标地址转换为的地址或子网。
    content_copy zoom_out_map
    [edit services nat destination pool nat-pool-name]
    user@host# set address address-prefix
    
  6. 要允许 NAT 池的 IP 地址与其他服务集中使用的池中的 IP 地址重叠,请配置 allow-overlapping-pools
    content_copy zoom_out_map
    [edit services nat]
    user@host# set allow-overlapping-pools
    

为两次静态 NAT44 配置 NAT 规则

要为两次静态 NAT44 配置源和目标 NAT 规则:

  1. 配置源 NAT 规则名称。
    content_copy zoom_out_map
    [edit services nat source]
    user@host# set rule-set rule-set-name rule rule-name
    
  2. 指定 NAT 规则集适用的流量方向。
    content_copy zoom_out_map
    [edit services nat source rule-set rule-set-name]
    user@host# set match-direction (in | out | in-out)
    
  3. 指定由源 NAT 规则转换的地址。

    要指定一个地址或前缀值:

    content_copy zoom_out_map
    [edit services nat source rule-set rule-set-name rule rule-name]
    user@host# set match source-address address
    

    要指定地址范围,请使用所需的地址范围配置通讯簿全局地址,并将全局地址分配给 NAT 规则:

    content_copy zoom_out_map
    [edit services address-book global]
    user@host# set address address-name range-address lower-limit to upper-limit
    [edit services nat source rule-set rule-set-name rule rule-name]
    user@host# set match source-address-name address-name
    

    要指定任何单播地址:

    content_copy zoom_out_map
    [edit services nat source rule-set rule-set-name rule rule-name]
    user@host# set match source-address any-unicast
    
  4. 指定源 NAT 规则适用的一个或多个应用程序协议。规则中列出的申请数量不得超过 3072 个。
    content_copy zoom_out_map
    [edit services nat source rule-set rule-set-name rule rule-name]
    user@host# set match application [application-name]
    
  5. 指定包含转换流量地址的源 NAT 池。
    content_copy zoom_out_map
    [edit services nat source rule-set rule-set-name rule rule-name]
    user@host# set then source-nat pool nat-pool-name
    
  6. 配置当流量与 NAT 规则条件匹配时生成系统日志。
    content_copy zoom_out_map
    [edit services nat source rule-set rule-set-name rule rule-name then]
    user@host# set syslog
    
  7. 配置目标 NAT 规则名称。
    content_copy zoom_out_map
    [edit services nat destination]
    user@host# set rule-set rule-set-name rule rule-name
    
  8. 指定目标 NAT 规则集适用的流量方向。
    content_copy zoom_out_map
    [edit services nat destination rule-set rule-set-name]
    user@host# set match-direction (in | out | in-out)
    
  9. 指定目标 NAT 规则适用到的流量的目标地址。
    content_copy zoom_out_map
    [edit services nat destination rule-set rule-set-name rule rule-name]
    user@host# set match destination-address address
    

    要指定地址范围,请使用所需的地址范围配置通讯簿全局地址,并将全局地址分配给 NAT 规则:

    content_copy zoom_out_map
    [edit services address-book global]
    user@host# set address address-name range-address lower-limit to upper-limit
     [edit services nat destination rule-set rule-set-name rule rule-name]
    user@host# set match destination-address-name address-name
    

    要指定任何单播地址:

    content_copy zoom_out_map
    [edit services nat destination rule-set rule-set-name rule rule-name]
    user@host# set match destination-address any-unicast
    
  10. 指定应用目标 NAT 规则的一个或多个应用程序协议。规则中列出的申请数量不得超过 3072 个。
    content_copy zoom_out_map
    [edit services nat source rule-set rule-set-name rule rule-name]
    user@host# set match application [application-name]
    
  11. 指定包含转换流量的目标地址的目标 NAT 池。
    content_copy zoom_out_map
    [edit services nat destination rule-set rule-set-name rule rule-name]
    user@host# set then destination-nat pool nat-pool-name
    
  12. 当流量与目标 NAT 规则匹配条件匹配时,配置系统日志的生成。
    content_copy zoom_out_map
    [edit services nat destination rule-set rule-set-name rule rule-name then]
    user@host# set syslog
    

将服务集配置为两次静态 NAT44

要为两次静态 NAT44 配置服务集:

  1. 定义服务集。
    content_copy zoom_out_map
    [edit services]
    user@host# edit service-set service-set-name
    
  2. 配置接口服务(需要单个服务接口)或下一跃点服务(需要内部和外部服务接口)。
    content_copy zoom_out_map
    [edit services service-set service-set-name]
    user@host# set interface-service service-interface interface-name
    

    content_copy zoom_out_map
    [edit services service-set service-set-name]
    user@host# set next-hop-service inside-service-interface interface-name outside-service-interface interface-name
    
  3. 指定要与服务集一起使用的 NAT 规则集。包括源 NAT 规则集和目标 NAT 规则集。
    content_copy zoom_out_map
    [edit services service-set service-set-name]
    user@host# set nat-rule-sets rule-set-name
    
external-footer-nav