做了NAT,带源PING不能,大神帮忙看看
本帖最后由 yhao81 于 2018-4-15 14:37 编辑接口配置, lo0加入trust,ge0/0/0加入untrust,不列出命令set interfaces ge-0/0/0 unit 0 family inetaddress 203.0.113.63/24set interfaces lo0 unit 0 family inet address 2.2.2.2/32NAT source接口配置,从JUNIPER官网拷贝set security nat source rule-set rs1 from zonetrustset security nat source rule-set rs1 to zoneuntrustset security nat source rule-set rs1 rule r1match source-address 0.0.0.0/0set security nat source rule-set rs1 rule r1match destination-address 0.0.0.0/0set security nat source rule-set rs1 rule r1then source-nat interface junos2ping 202.1.103.1可PING通ping 202.1.103.1 source 2.2.2.2 带源ping不通!为什么? Show security flow session 显示没有转换成功!为什么?Session ID: 136, Policy name:self-traffic-policy/1, Timeout: 50, ValidIn: 2.2.2.2/1--> 203.0.113.1/16905;icmp, If: .local..0, Pkts: 1, Bytes: 84Out: 203.0.113.1/16905 --> 2.2.2.2/1;icmp,If: ge-0/0/0.0, Pkts: 0, Bytes: 0
自己结个贴
从trunst to untrust 策略、NAT都没有问题。 trust 接口是不会被NAT的
trust 连接一台设备,或主机,从设备上或主机上发起。 自己结个贴
从trunst to untrust 策略、NAT都没有问题。 trust 接口是不会被NAT的
trust 连接一台设备,或主机,从设备上或主机上发起。
页:
[1]