jiwenxi 发表于 2012-3-17 14:10:49

H3C F100-C配置问题, 上不了网

本帖最后由 jiwenxi 于 2012-3-17 14:25 编辑

现有一台H3C 100-c的防火墙,配置如下:
display current-configuration
#
sysname H3C
#
l2tp enable
l2tpmoreexam enable
#
firewall packet-filter enable
firewall packet-filter default permit
#
insulate
#
firewall statistic system enable
#
radius scheme system
server-type extended
#
domain system
ip pool 1 192.168.3.2 192.168.3.100
domain vpn
authentication local
authorization none
accounting none
ip pool 0 192.168.2.2 192.168.2.100
#
local-user admin                        
password simple admin
service-type telnet terminal
level 3
service-type ftp
service-type ppp
#
acl number 2000
rule 1 permit source 192.168.1.0 0.0.0.255
rule 10 deny
#
interface Virtual-Template0
ppp authentication-mode pap
#
interface Virtual-Template1
ppp authentication-mode pap
#
interface Virtual-Template2
ppp authentication-mode pap
#
interface Virtual-Template3
ppp authentication-mode pap
#
interface Virtual-Template4
ppp authentication-mode pap domain vpn   
ppp access-control enable
ip address 192.168.2.1 255.255.255.0
remote address pool
#
interface Aux0
async mode flow
#
interface Ethernet0/0
description WCN_INTERFACE_WAN
ip address 118.114.X.X 255.255.255.0
nat outbound 2000
nat server protocol tcp global 118.114.242.208 88 inside 192.168.1.190 88
#
interface Ethernet0/1
ip address 192.168.0.1 255.255.255.0
#
interface Ethernet0/2
description WCN_INTERFACE_LAN
ip address 192.168.1.1 255.255.255.0
#
interface Ethernet0/3
#
interface Ethernet0/4
#                                       
interface Encrypt1/0
#
interface NULL0
#
firewall zone local
set priority 100
#
firewall zone trust
add interface Ethernet0/1
add interface Ethernet0/2
add interface Virtual-Template0
add interface Virtual-Template4
set priority 85
#
firewall zone untrust
add interface Ethernet0/0
set priority 5
#
firewall zone DMZ
set priority 50
#
firewall interzone local trust
#
firewall interzone local untrust         
#
firewall interzone local DMZ
#
firewall interzone trust untrust
#
firewall interzone trust DMZ
#
firewall interzone DMZ untrust
#
l2tp-group 1
undo tunnel authentication
allow l2tp virtual-template 4
#
l2tp-group 4
mandatory-lcp
allow l2tp virtual-template 4 remote vpn
tunnel password simple admin
tunnel name vpn
#
FTP server enable
#
ip route-static 0.0.0.0 0.0.0.0 118.114.X.1 preference 60
#
user-interface con 0                     
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
#
return


电信给的固定IP
118.114.X.X
255.255.255.0
118.114.X.1
61.139.2.69,
原来用户用的TPlink路由器,我把E0/0设成外网,E0/2设成内网,PC连接E0/2并设成1.X网段地址测试,就是访问不了外网,请问哪里配错了吗?
用笔记本直连外网口配置静态IP都能通

wangx2009 发表于 2012-3-17 14:13:49

你这个配置有问题{:6_267:}{:6_267:}{:6_267:}{:6_267:}

jiwenxi 发表于 2012-3-17 14:19:34

本帖最后由 jiwenxi 于 2012-3-17 14:24 编辑

请问哪里有问题呢,从防火墙上直接ping电信网关都不通,是不是路由写的有问题?

jiwenxi 发表于 2012-3-17 14:29:43

wangx2009 发表于 2012-3-17 14:13 static/image/common/back.gif
你这个配置有问题

请问路由怎么写呢

wangx2009 发表于 2012-3-17 14:55:41

jiwenxi 发表于 2012-3-17 14:29 http://bbs.hh010.com/static/image/common/back.gif
请问路由怎么写呢

你改一下试试a
cl number 2000
rule 1 permit source 192.168.0.0 0.0.255.255
rule 10 deny

c4919654 发表于 2012-3-21 02:36:59

{:6_264:}{:6_264:}

txfzzz 发表于 2013-12-4 10:55:34

{:6_267:}
页: [1]
查看完整版本: H3C F100-C配置问题, 上不了网