Has done Settings:
1, have do NAT firewall R1, lan1 all users can normal Internet access,
2, for the common layer 2 switch, there is no division of VLAN, LAN1 PC for the user to the Internet, LAN2 for the server, about 5,
3, the firewall on the R2 already do NAT, lan2 all server can normal Internet access, lan2 can PING the server of LAN1 PC,
4, firewall R1 on port mapping has been completed, for example:
NAT protocol TCP server 8 global interface GigabitEthernet0/0/1 7777 inside
192.168.1.99 3389 (assuming the server IP LAN2 were 192.168.1.99)
NAT protocol TCP server 9 global interface GigabitEthernet0/0/1 25 inside
192.168.1.100 25
Etc.
5, in addition to the default route on R1 firewall IP route -static 0.0.0.0 0.0.0.0 1.1.1.2 (default routing)
Adds a static route: IP route - static 192.168.1.0 255.255.255.0 192.168.0.249:
Questions as follows: 1, the server in LAN2 can PING LAN1 of PC, but PC can't PING of LAN1 LAN2 in server, whether I setting of static routing has a problem?
2, how to make the network users in the normal access LAN2 service?
3, R1 for huawei USG2205 R2 for huawei USG5310.
Please the teacher, the great god glad, thank you!
CodePudding user response:
Just look at your figure understand,Question 1: your lan1 users to access the server, you must do on R2 routing, you do have a purpose in R1? And not treated with R1? Should be a IP route -static 192.168.0.0 255.255.255.0 192.168.1.0 such a route,
As for the second my understanding is that users need to use VPN dial-up networks outside come in, to see you to the network users which segment, again on R2 routing points to allow access to the server should be ok for the
I'm not very understand, is also a beginner, this is his own opinion about the, hope to useful, if you have not forgive me, thank you
CodePudding user response:
Thank you for your reply,1 I went to give it a try,
2, before the two outer segment, now need to merge, save a fiber, didn't change before the user access services directly with http://ip: port, you can directly access the service, without VPN dial-up, after as shown in the changes, you mean now you need to do port mapping in R2, do not used in R1, right? But there is a problem, do not do the mapping on the R1, outside net users seem to use IP: http://the network port to access it,
All in all, thank you for your answer!
CodePudding user response:
Can use port mappingCodePudding user response:
1. The main section is 0, 1 piece by using NAT is the secondary route, the equivalent of all converted into 0.1 0.249 this address2. If you want to achieve 0 and 1, you need to need not NAT R2, with the default routing threw to 0.1, R1 written receipt routing,
3. If the R2 with NAT, need external access LAN2, need to do two port mapping, R2 to map server to 0.249 for the first time this address, the second R1 will be mapped to the public network address
0.249If the network into just the second, I wrote to R1 will server map directly to the public
CodePudding user response:
On the border router to do port mappingCodePudding user response:
Port mapping or border routing above a VPNCodePudding user response:
The reverse proxy Nginx