HCIE 小文档(日更)
main
菜单
本页目录

1731916846385.png

配置客户端的IP地址

虚拟防火墙创建

sys

vsys enable

vsys name A
assign int g1/0/4
q
vsys name B
assign int g1/0/1
q

虚拟防火墙A&B的策略与Virtual-if接口等操作

switch vsys B
sys
int virtual-if 2
ip add 2.2.2.2 32

firewall zone trust
add int g1/0/1
add interface Virtual-if 2

sec
rule name ALL
action permit

int g1/0/1
ip add 10.10.30.254 24
service-manage all permit

ret
sys
switch vsys A
sys
int virtual-if 1
ip add 1.1.1.1 32

firewall zone trust
add int g1/0/4
add interface Virtual-if 1

sec
rule name ALL
action permit

int g1/0/4
ip add 10.10.20.254 24
service-manage all permit

最后添加两边的路由,即可实现实验目的

ret
sys
ip route-static VPN-instance A 10.10.30.0 24 VPN-instance B
ip route-static VPN-instance B 10.10.20.0 24 VPN-instance A
上一篇 DAY 8 to 9 虚拟防火墙与虚拟防火墙通信
下一篇 两虚拟防火墙跨根系统互访