esr-100, проброс портов
Добавлено: 24 май 2023 17:48
Здравствуйте уважаемые гуру! Только начал изучать сей агрегат, пытаюсь пробросить rdp(3389) порт до 192.168.0.20 сервера, что-то не выходит( Помогите разобраться чего не хватает...
object-group service vpn
port-range 3389
exit
object-group network uplink
ip address-range ххх.ххх.ххх.ххх
exit
object-group network server
ip address-range 192.168.0.20
exit
vlan 2,150
exit
security zone trusted
exit
security zone untrusted
exit
interface gigabitethernet 1/0/1
security-zone untrusted
switchport forbidden default-vlan
switchport access vlan 2
ip address ххх.ххх.ххх.ххх
exit
interface gigabitethernet 1/0/2
security-zone bars
ip address xxx.xxx.xxx.xxx
exit
interface gigabitethernet 1/0/3
security-zone trusted
ip address 192.168.0.1/24
exit
interface gigabitethernet 1/0/3.150
exit
interface gigabitethernet 1/0/4
security-zone trusted
ip address 10.0.0.2/30
exit
security zone-pair trusted untrusted
rule 1
action permit
match protocol any
match source-address any
match destination-address any
enable
exit
exit
security zone-pair trusted trusted
rule 1
action permit
match protocol any
match source-address any
match destination-address any
enable
exit
exit
security zone-pair trusted self
rule 1
action permit
match protocol tcp
match source-address any
match destination-address any
match source-port any
match destination-port telnet
enable
exit
rule 10
action permit
match protocol tcp
match source-address any
match destination-address any
match source-port any
match destination-port ssh
enable
exit
rule 20
action permit
match protocol icmp
match source-address any
match destination-address any
enable
exit
rule 30
action permit
match protocol udp
match source-address any
match destination-address any
match source-port any
exit
exit
security zone-pair untrusted trusted
rule 1
action permit
match protocol tcp
match source-address any
match destination-address server
match source-port any
match destination-port vpn
enable
exit
exit
nat destination
pool server
ip address 192.168.0.20
ip port 3389
exit
ruleset natstv
from zone untrusted
rule 1
match protocol tcp
match destination-address uplink
match destination-port vpn
action destination-nat pool server
enable
exit
exit
exit
nat source
ruleset factory
to zone untrusted
rule 10
description "replace 'source ip' by outgoing interface ip address"
match protocol any
match source-address any
match destination-address any
action source-nat interface
enable
exit
exit
ruleset bars
to zone bars
rule 20
match protocol any
match source-address any
match destination-address any
action source-nat interface
enable
exit
exit
exit
Очень надеюсь на вашу помощь! Заранее спасибо!
object-group service vpn
port-range 3389
exit
object-group network uplink
ip address-range ххх.ххх.ххх.ххх
exit
object-group network server
ip address-range 192.168.0.20
exit
vlan 2,150
exit
security zone trusted
exit
security zone untrusted
exit
interface gigabitethernet 1/0/1
security-zone untrusted
switchport forbidden default-vlan
switchport access vlan 2
ip address ххх.ххх.ххх.ххх
exit
interface gigabitethernet 1/0/2
security-zone bars
ip address xxx.xxx.xxx.xxx
exit
interface gigabitethernet 1/0/3
security-zone trusted
ip address 192.168.0.1/24
exit
interface gigabitethernet 1/0/3.150
exit
interface gigabitethernet 1/0/4
security-zone trusted
ip address 10.0.0.2/30
exit
security zone-pair trusted untrusted
rule 1
action permit
match protocol any
match source-address any
match destination-address any
enable
exit
exit
security zone-pair trusted trusted
rule 1
action permit
match protocol any
match source-address any
match destination-address any
enable
exit
exit
security zone-pair trusted self
rule 1
action permit
match protocol tcp
match source-address any
match destination-address any
match source-port any
match destination-port telnet
enable
exit
rule 10
action permit
match protocol tcp
match source-address any
match destination-address any
match source-port any
match destination-port ssh
enable
exit
rule 20
action permit
match protocol icmp
match source-address any
match destination-address any
enable
exit
rule 30
action permit
match protocol udp
match source-address any
match destination-address any
match source-port any
exit
exit
security zone-pair untrusted trusted
rule 1
action permit
match protocol tcp
match source-address any
match destination-address server
match source-port any
match destination-port vpn
enable
exit
exit
nat destination
pool server
ip address 192.168.0.20
ip port 3389
exit
ruleset natstv
from zone untrusted
rule 1
match protocol tcp
match destination-address uplink
match destination-port vpn
action destination-nat pool server
enable
exit
exit
exit
nat source
ruleset factory
to zone untrusted
rule 10
description "replace 'source ip' by outgoing interface ip address"
match protocol any
match source-address any
match destination-address any
action source-nat interface
enable
exit
exit
ruleset bars
to zone bars
rule 20
match protocol any
match source-address any
match destination-address any
action source-nat interface
enable
exit
exit
exit
Очень надеюсь на вашу помощь! Заранее спасибо!