...
В итоге получаем конфигурацию следующего вида:
| Блок кода |
|---|
ip vrf kids |
...
exit |
...
security zone trusted |
...
exit |
...
security zone untrusted |
...
exit |
...
security zone trust-kids |
...
ip vrf forwarding kids |
...
exit |
...
security zone untrust-kids |
...
ip vrf forwarding kids |
...
exit |
...
interface gigabitethernet 1/0/1 |
...
security-zone untrusted |
...
ip address 185.16.15.2/30 |
...
exit |
...
interface gigabitethernet 1/0/2 |
...
ip vrf forwarding kids |
...
security-zone untrust-kids |
...
ip address 185.16.20.2/30 |
...
exit |
...
interface gigabitethernet 1/0/3 |
...
security-zone trusted |
...
ip address 192.168.1.1/24 |
...
exit |
...
interface gigabitethernet 1/0/4 |
...
ip vrf forwarding kids |
...
security-zone trust-kids |
...
ip address 192.168.2.1/24 |
...
exit |
...
security zone-pair trusted untrusted |
...
rule 1 |
...
action permit |
...
enable |
...
exit |
...
exit |
...
security zone-pair trusted trusted |
...
rule 1 |
...
action permit |
...
enable |
...
exit |
...
exit |
...
security zone-pair trust-kids untrust-kids |
...
rule 1 |
...
action permit |
...
enable |
...
exit |
...
exit |
...
security zone-pair trust-kids trust-kids |
...
rule 1 |
...
action permit |
...
enable |
...
exit |
...
exit |
...
security zone-pair trusted self |
...
rule 1 |
...
action permit |
...
enable |
...
exit |
...
exit |
...
security zone-pair trust-kids self |
...
rule 1 |
...
action permit |
...
enable |
...
exit |
...
exit |
...
nat source |
...
ruleset factory |
...
to zone untrusted |
...
rule 10 |
...
action source-nat interface |
...
enable |
...
exit |
...
exit |
...
ruleset kids |
...
ip vrf forwarding kids |
...
to zone untrust-kids |
...
rule 10 |
...
action source-nat interface |
...
enable |
...
exit |
...
exit |
...
exit |
...
ip route 0.0.0.0/0 185.16.15.1 |
...
ip route vrf kids 0.0.0.0/0 185.16.20.1 |