FAQ-USG6300能否从根墙通过virtualif接口地址登录到虚墙

发布时间:  2016-09-20 浏览次数:  627 下载次数:  0
问题描述

Q:虚墙与根墙之间的virtualif接口可以配置ip地址,能否通过此地址实现虚墙与根墙的互相登录?

处理过程

虚墙:

interface Virtualif2

 ip address 101.101.101.1 255.255.255.0

ip route-static 101.101.101.2 255.255.255.255 public

firewall zone untrust

 set priority 5

 add interface Virtualif2     

security-policy

 default action permit

 

根墙:

interface Virtualif0

 ip address 101.101.101.2 255.255.255.0

ip route-static 101.101.101.1 255.255.255.255 vpn-instance 123

firewall zone trust

 set priority 85

add interface Virtualif0

security-policy

 default action permit

 

根到虚:

<fw1>ping 101.101.101.1

17:49:38  2016/08/29

  PING 101.101.101.1: 56  data bytes, press CTRL_C to break

    Reply from 101.101.101.1: bytes=56 Sequence=1 ttl=255 time=1 ms

    Reply from 101.101.101.1: bytes=56 Sequence=2 ttl=255 time=1 ms

    Reply from 101.101.101.1: bytes=56 Sequence=3 ttl=255 time=1 ms

    Reply from 101.101.101.1: bytes=56 Sequence=4 ttl=255 time=1 ms

    Reply from 101.101.101.1: bytes=56 Sequence=5 ttl=255 time=1 ms

 

  --- 101.101.101.1 ping statistics ---

    5 packet(s) transmitted

    5 packet(s) received

    0.00% packet loss

round-trip min/avg/max = 1/1/1 ms

 

 

虚到根:

[fw1-123]ping 101.101.101.2

17:50:14  2016/08/29

  PING 101.101.101.2: 56  data bytes, press CTRL_C to break

    Reply from 101.101.101.2: bytes=56 Sequence=1 ttl=255 time=1 ms

    Reply from 101.101.101.2: bytes=56 Sequence=2 ttl=255 time=1 ms

    Reply from 101.101.101.2: bytes=56 Sequence=3 ttl=255 time=1 ms

    Reply from 101.101.101.2: bytes=56 Sequence=4 ttl=255 time=1 ms

    Reply from 101.101.101.2: bytes=56 Sequence=5 ttl=255 time=1 ms

 

  --- 101.101.101.2 ping statistics ---

    5 packet(s) transmitted

    5 packet(s) received

    0.00% packet loss

    round-trip min/avg/max = 1/1/1 ms

 

telnet测试:

<fw1>telnet 101.101.101.1

17:50:58  2016/08/29

Trying 101.101.101.1 ...

Press CTRL+T to abort

Connected to 101.101.101.1 ...

***********************************************************

*           All rights reserved 2014-2016                 *

*       Without the owner's prior written consent,        *

* no decompiling or reverse-engineering shall be allowed. *

* Notice:                                                 *

*      This is a private communication system.            *

*   Unauthorized access or use may lead to prosecution.   *

***********************************************************

 

Warning: Telnet is not a secure protocol, and it is recommended to use Stelnet.

 

Login authentication

解决方案
A:经测试,根墙与虚墙之间可以使用virtualif地址互相登录

END