20090905_天清汉马USG系列_NAT配置指南_V3.0

北京启明星辰信息安全技术有限公司 http://www.venustech.com.cn
ii
天清汉马 USG－NAT 配置指南
1 2 3
4
5
目 录 版本信息..................................................................................................................................... 1 技术简介..................................................................................................................................... 1 常见组网方案与配置.................................................................................................................2 3.1 源 NAT 转换.............................................................................................................. 2 3.1.1 多对一.................................................................................................................2 3.1.1.1. 建立内部地址对象............................................................................ 2 3.1.1.2. 建立 NAT 表项.................................................................................. 3 3.1.1.3. 建立相关安全策略............................................................................ 3 3.1.2 多对多.................................................................................................................4 3.1.2.1. 建立内部地址对象............................................................................ 4 3.1.2.2. 建立 NAT 地址池.............................................................................. 5 3.1.2.3. 建立 NAT 表项.................................................................................. 5 3.1.2.4. 建立相关安全策略............................................................................ 5 3.1.2.5. 注意事项............................................................................................ 6 3.2 目的地址转换.............................................................................................................6 3.2.1 目的端口转换.................................................................................................... 7 3.2.1.1. 建立地址对象.................................................................................... 7 3.2.1.2. 建立 NAT 地址池.............................................................................. 8 3.2.1.3. 建立 NAT 表项.................................................................................. 8 3.2.1.4. 建立相关安全策略............................................................................ 9 3.2.1.5. 注意事项.......................................................................................... 10 3.2.2 目的地址转换.................................................................................................. 10 3.2.2.1. 建立地址对象.................................................................................. 10 3.2.2.2. 建立 NAT 地址池............................................................................ 11 3.2.2.3. 建立 NAT 表项................................................................................ 11 3.2.2.4. 建立相关安全策略.......................................................................... 12 3.2.2.5. 注意事项.......................................................................................... 13 3.2.3 静态 NAT 转换................................................................................................ 13 3.2.3.1. 建立内部服务器地址...................................................................... 13 3.2.3.2. 建立 NAT 表项................................................................................ 13 3.2.3.3. 建立相关安全策略.......................................................................... 14 3.2.3.4. 注意事项.......................................................................................... 14 特殊网络拓扑解决方案...........................................................................................................15 4.1 常见 DNAT 应用方案一......................................................................................... 15 4.2 常见 DNAT 应用方案二......................................................................................... 16 与其他相关模块配合使用.......................................................................................................16 5.1 NAT 与 IPSEC 隧道共同使用................................................................................ 16 5.1.1 注意事项...........................................................................................................17 5.2 源 NAT 与 L2TP（L2TP+IPSEC）........................................................................17 5.2.1 注意事项...........................................................................................................17 5.3 目的 NAT 与 L2TP.................................................................................................. 18 5.3.1 注意事项...........................................................................................................18 5.4 目的 NAT 与 L2TP+IPSEC..................................................................................... 18
天清汉马 USG－NAT 配置指南
天清汉马 USG 一体化安全网关
NAT 配置指南
(V 3.0)
北京启明星辰信息安全技术有限公司 Beijing Venustech Cybervision Co.,Ltd. 二零零九年九月
北京启明星Biblioteka Baidu信息安全技术有限公司 http://www.venustech.com.cn i
天清汉马 USG－NAT 配置指南
版权声明
启明星辰公司版权所有，并保留对本手册及本声明的最终解释权和修改权。 本手册的版权归启明星辰公司所有。未得到启明星辰公司书面许可，任何人 不得以任何方式或形式对本手册内的任何部分进行复制、摘录、备份、修改、传 播、翻译成其他语言、将其部分或全部用于商业用途。
免责声明
本手册依据现有信息制作，其内容如有更改，恕不另行通知。启明星辰公司 在编写该手册的时候已尽最大努力保证其内容准确可靠， 但启明星辰公司不对本 手册中的遗漏、不准确或错误导致的损失和损害承担责任。
User’s Manual Copyright and Disclaimer
Copyright Copyright Venus Info Tech Inc. All rights reserved. The copyright of this document is owned by Venus Info Tech Inc. Without the prior written permission obtained from Venus Info Tech Inc., this document shall not be reproduced and excerpted in any form or by any means, stored in a retrieval system, modified, distributed and translated into other languages, applied for a commercial purpose in whole or in part. Disclaimer This document and the information contained herein is provided on an “AS IS”basis. Venus Info Tech Inc. may make improvement or changes in this document, at any time and without notice and as it sees fit. The information in this document was prepared by Venus Info Tech Inc. with reasonable care and is believed to be accurate. However, Venus Info Tech Inc. shall not assume responsibility for losses or damages resulting from any omissions, inaccuracies, or errors contained herein.