Object-policy实验解析
实验拓扑图
IP地址规划:
接口
G0/0
G0/1
G0/2
掩码
防火墙
192.168.1.1/29
192.168.0.1/24
192.168.2.1/30
SERVER
192.168.2.1
255.255.255.252
PC
192.168.1.2
192.168.1.3
255.255.255.248
说明:此实验用路由器模拟PC。路由器复用IP的方法。路由器模拟pc需要配置默认路由哈
1. 基础配置
配置正确的ip地址,防火墙配置相关区域 打通trust和untrust区域到local区域
1. 利用object-policy 打通从trust 到untrust区域,实现用192.168.1.2可以telnet服务器
192.168.1.3可以ping同服务器
Ping测试:
telnet测试
基础配置 小编自己的学习笔记,有可能有错误或者有遗漏。仅供学习参考。 [H3C]object-group ip address pc [H3C-obj-grp-ip-pc]network host address 192.168.1.2 [H3C-obj-grp-ip-pc]quit [H3C]object-group ip address pc1 [H3C-obj-grp-ip-pc1]network host address 192.168.1.3 [H3C]object-group ip address server [H3C-obj-grp-ip-server]network host address 192.168.2.2 [H3C]object-group service tel [H3C-obj-grp-service-tel]service tcp destination eq 23 [H3C]object-group service icmp [H3C-obj-grp-service-icmp]service icmp [H3C]object-policy ip xp [H3C-object-policy-ip-xp]rule pass source-ip pc destination-ip server service tel [H3C-object-policy-ip-xp]rule pass source-ip pc1 destination-ip server service icmp [H3C]zone-pair security source trust destination untrust [H3C-zone-pair-security-Trust-Untrust]object-policy apply ip xp