AR1模拟外网，配置一个IP，在配置一个LoopBack地址，AR1的配置如下：
interface GigabitEthernet0/0/0
 ip address 100.100.100.1 255.255.255.0 
#
interface LoopBack1
 ip address 200.200.200.2 255.255.255.0 
USG的配置如下：
#配置内网接口，开启DHCP
interface GigabitEthernet0/0/0
 ip address 192.168.10.1 255.255.255.0
 dhcp select interface
 dhcp server gateway-list 192.168.10.1
 dhcp server dns-list 202.96.134.133
#将GigabitEthernet0/0/0加入到Trust区域
firewall zone trust
 add interface GigabitEthernet0/0/0
#配置外网接口
interface GigabitEthernet0/0/1
 ip address 100.100.100.2 255.255.255.0
#将GigabitEthernet0/0/1加入到Untrust区域
firewall zone untrust
 add interface GigabitEthernet0/0/1
#开启域间包过滤规则，
policy interzone trust untrust outbound
 policy 0
  action permit
  policy source 192.168.10.0 0.0.0.255
#配置缺省路由，确保局域网用户访问Internet路由可达
 ip route-static 0.0.0.0 0.0.0.0 100.100.100.1
#配置NAT，实现局域网用户能够访问Internet
nat-policy interzone trust untrust outbound
 policy 1
  action source-nat
  policy source 192.168.10.0 0.0.0.255
  easy-ip GigabitEthernet0/0/1


验证结果：
#PC1可以ping通100.100.100.1和200.200.200.2


PC>ping 100.100.100.1
Ping 100.100.100.1: 32 data bytes, Press Ctrl_C to break
From 100.100.100.1: bytes=32 seq=1 ttl=254 time=47 ms
From 100.100.100.1: bytes=32 seq=2 ttl=254 time=31 ms
From 100.100.100.1: bytes=32 seq=3 ttl=254 time=47 ms
From 100.100.100.1: bytes=32 seq=4 ttl=254 time=31 ms
From 100.100.100.1: bytes=32 seq=5 ttl=254 time=31 ms


--- 100.100.100.1 ping statistics ---
  5 packet(s) transmitted
  5 packet(s) received
  0.00% packet loss
  round-trip min/avg/max = 31/37/47 ms


#防火墙上的会话
[fw1]display firewall session table
05:03:04  2015/11/28
 Current Total Sessions : 3
  icmp  VPN:public --> public 192.168.10.2:34487[100.100.100.2:2053]-->200.200.20
0.1:2048
  icmp  VPN:public --> public 192.168.10.2:34743[100.100.100.2:2054]-->200.200.20
0.1:2048
  icmp  VPN:public --> public 192.168.10.2:34999[100.100.100.2:2055]-->200.200.20
0.1:2048
[fw1]