NAT穿越场景

文章目录

• [GRE NAT穿越](#GRE NAT穿越)

🏡作者主页：点击！

🤖Datacom专栏：点击！

⏰️创作时间：2026年06月29日11点00分

GRE NAT穿越

FW1

sys
sys FW1
firewall zone trust
add inter g0/0/0

inter g0/0/0
ip ad 12.1.1.1 24
service-m p p 

ip route-s 0.0.0.0 0 12.1.1.2

interface tunnel 1 
ip add 100.1.1.1 30
tunnel-protocol gre
source 12.1.1.1
destination 100.1.103.3
service-manage ping permit

firewall zone dmz
add interface tunnel 1

security-policy
default action permit
y

FW2

sys
sys FW2
firewall zone trust
add inter g0/0/0
add inter g1/0/0

inter g0/0/0
ip ad 12.1.1.2 24
service-m p p 
inter g1/0/0
ip ad 100.1.102.2 24
service-m p p 

ip route-s 0.0.0.0 0 100.1.102.1

nat server protocol 47 global 100.1.102.100 inside 12.1.1.1

security-policy
default action permit
y

display firewall server-map

AR1

sys 
sys AR1

inter g0/0/0
ip ad 100.1.102.1 24
inter g0/0/1
ip ad 100.1.103.1 24

FW3

sys
sys FW3
firewall zone trust
add inter g0/0/0

interface g0/0/0
ip ad 100.1.103.3 24
service-m p p 

ip route-s 0.0.0.0 0 100.1.103.1

interface tunnel 1 
ip add 100.1.1.2 30
tunnel-protocol gre
source 100.1.103.3
destination 100.1.102.100
service-manage ping permit

firewall zone dmz
add interface tunnel 1

security-policy
default action permit
y