SSG520 l2tp配置

最新推荐文章于 2023-08-28 13:48:14 发布
最新推荐文章于 2023-08-28 13:48:14 发布
阅读量1.1k 收藏
点赞数
文章标签: 服务器 华为
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/jekc2008/article/details/126526468
版权


SSG520-> get config
Total Config size 21147:
unset key protection enable
set clock timezone 0
set vrouter trust-vr sharable
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
unset auto-route-export
exit
set service "RDP" protocol tcp src-port 5208-5208 dst-port 5208-5208
set service " dvr-min-01 " protocol tcp src-port 810-810 dst-port 810-810
set service " dvr-min-02 " protocol tcp src-port 811-811 dst-port 811-811
set service " jw-sql " protocol tcp src-port 56433-56433 dst-port 56433-56433
set service " DB_01 " protocol tcp src-port 1433-1433 dst-port 1433-1433
set service "k3_01_5872" protocol tcp src-port 5872-5872 dst-port 5872-5872
set service "k3_01_web" protocol tcp src-port 82-82 dst-port 82-82
set service "jew_web" protocol tcp src-port 8688-8688 dst-port 8688-8688
set service "k03_RDP" protocol tcp src-port 3389-3389 dst-port 3389-3389
set service "k03_RDP" + udp src-port 3389-3389 dst-port 3389-3389
set service "K303_Web" protocol tcp src-port 83-83 dst-port 83-83
set service "K303_Data" protocol tcp src-port 5874-5874 dst-port 5874-5874
set service "OA8899" protocol tcp src-port 8899-8899 dst-port 8899-8899
set service "OA89" protocol tcp src-port 89-89 dst-port 89-89
set service "K302_RY" protocol tcp src-port 88-88 dst-port 88-88
set service "DATA_K302" protocol tcp src-port 5871-5871 dst-port 5871-5871
set service "5873" protocol tcp src-port 5873-5873 dst-port 5873-5873
set service "5870" protocol tcp src-port 5870-5870 dst-port 5870-5870
set service "K303_3390" protocol tcp src-port 3390-3390 dst-port 3390-3390
set service "K303_3390" + udp src-port 3390-3390 dst-port 3390-3390
set service "crmsrv" protocol tcp src-port 3379-3379 dst-port 3379-3379
set service "crm01" protocol tcp src-port 5000-5000 dst-port 5000-5000
set service "crm02" protocol tcp src-port 5000-5000 dst-port 3379-3379
set service "crm03" protocol tcp src-port 5006-5006 dst-port 5006-5006
set service "crm04" protocol tcp src-port 5008-5008 dst-port 5008-5008
set service "java01" protocol tcp src-port 8070-8070 dst-port 8070-8070
set service "java02" protocol tcp src-port 8050-8050 dst-port 8050-8050
set service "java03" protocol tcp src-port 8090-8090 dst-port 8090-8090
set service "56431" protocol tcp src-port 56431-56431 dst-port 56431-56431
set service "56432" protocol tcp src-port 56432-56432 dst-port 56432-56432
set service "33690" protocol tcp src-port 33690-33690 dst-port 3690-3690
set service "web2012" protocol tcp src-port 33901-33901 dst-port 33901-33901
set alg pptp enable
set alg appleichat enable
unset alg appleichat re-assembly enable
set alg sctp enable
set auth-server "Local" id 0
set auth-server "Local" server-name "Local"
set auth default auth server "Local"
set auth radius accounting port 1646
set admin name "root"
set admin password "nCu0MnryF/EDcgxOts1K+1PtTcJRhn"
set admin port 8080
set admin http redirect
set admin auth web timeout 10
set admin auth server "Local"
set admin format dos
set zone "Trust" vrouter "trust-vr"
set zone "Untrust" vrouter "trust-vr"
set zone "DMZ" vrouter "trust-vr"
set zone "VLAN" vrouter "trust-vr"
set zone "Untrust-Tun" vrouter "trust-vr"
set zone "Trust" tcp-rst
set zone "Untrust" block
unset zone "Untrust" tcp-rst
set zone "MGT" block
unset zone "V1-Trust" tcp-rst
unset zone "V1-Untrust" tcp-rst
set zone "DMZ" tcp-rst
unset zone "V1-DMZ" tcp-rst
unset zone "VLAN" tcp-rst
set zone "Untrust" screen tear-drop
set zone "Untrust" screen syn-flood
set zone "Untrust" screen ping-death
set zone "Untrust" screen ip-filter-src
set zone "Untrust" screen land
set zone "V1-Untrust" screen tear-drop
set zone "V1-Untrust" screen syn-flood
set zone "V1-Untrust" screen ping-death
set zone "V1-Untrust" screen ip-filter-src
set zone "V1-Untrust" screen land
set interface "ethernet0/0" zone "Trust"
set interface "ethernet0/1" zone "DMZ"
set interface "ethernet0/2" zone "Untrust"
set interface "ethernet0/3" zone "Untrust"
set interface ethernet0/0 ip 172.20.1.5/24
set interface ethernet0/0 nat
unset interface vlan1 ip
set interface ethernet0/2 ip 61.144.211.235/29
set interface ethernet0/2 nat
set interface ethernet0/3 ip 14.154.207.151/32
set interface ethernet0/3 route
unset interface vlan1 bypass-others-ipsec
unset interface vlan1 bypass-non-ip
set interface ethernet0/0 ip manageable
set interface ethernet0/2 ip manageable
set interface ethernet0/3 ip manageable
set interface ethernet0/2 manage ping
set interface vlan1 manage mtrace
set interface ethernet0/2 vip interface-ip 3390 "K303_3390" 172.20.0.134
set interface ethernet0/2 vip interface-ip 83 "K303_Web" 172.20.0.133
set interface ethernet0/2 vip interface-ip 5870 "5870" 172.20.0.133
set interface ethernet0/2 vip interface-ip 5871 "DATA_K302" 172.20.0.133
set interface ethernet0/2 vip interface-ip 5872 "k3_01_5872" 172.20.0.133
set interface ethernet0/2 vip interface-ip 5873 "5873" 172.20.0.133
set interface ethernet0/2 vip interface-ip 8090 "java03" 172.20.0.95
set interface ethernet0/2 vip interface-ip 8070 "java01" 172.20.0.95
set interface ethernet0/2 vip interface-ip 5000 "crm02" 172.20.0.35
set interface ethernet0/2 vip interface-ip 5006 "crm03" 172.20.0.35
set interface ethernet0/2 vip interface-ip 5008 "crm04" 172.20.0.35
set interface ethernet0/2 vip interface-ip 56431 "56431" 172.20.0.63
set interface ethernet0/2 vip interface-ip 56432 "56432" 172.20.0.62
set interface ethernet0/2 vip interface-ip 33901 "web2012" 172.20.0.63
set interface ethernet0/3 disable
set flow all-tcp-mss 1304
unset flow no-tcp-seq-check
set flow tcp-syn-check
unset flow tcp-syn-bit-check
set flow reverse-route clear-text prefer
set flow reverse-route tunnel always
set domain derier.com.cn
set pki authority default scep mode "auto"
set pki x509 default cert-path partial
set dns host dns1 8.8.8.8
set dns host dns2 4.4.4.4
set dns host dns3 172.20.0.20
set address "Trust" "0.0.0.0/0" 0.0.0.0 0.0.0.0
set address "Trust" "USER_400" 172.20.2.133 255.255.255.255
set address "Untrust" "0.0.0.0/0" 0.0.0.0 0.0.0.0
set address "Untrust" "PUR_URL" www.taobao.com
set ippool "vpn_ippool" 172.16.250.20 172.16.250.100
set user "admin" uid 22
set user "admin" type l2tp
set user "admin" remote ippool "vpn_ippool"
set user "admin" remote ipaddr "172.16.250.20"
set user "admin" remote dns1 "172.20.0.20"
set user "admin" remote dns2 "172.20.0.10"
set user "admin" remote wins1 "172.20.0.20"
set user "admin" remote wins2 "172.20.0.10"
set user "admin" password "9/m1xuhRNqGtV1sAJMC4Q41V7xnXIQgZaQ=="
unset user "admin" type auth
set user "admin" "enable"
set user "futian" uid 32
set user "futian" type l2tp
set user "futian" remote ippool "vpn_ippool"
set user "futian" remote ipaddr "172.16.250.73"
set user "futian" remote dns1 "172.20.0.10"
set user "futian" remote dns2 "172.20.0.20"
set user "futian" remote wins1 "172.20.0.10"
set user "futian" remote wins2 "172.20.0.20"
set user "futian" password "v89PC9rtN9eVfMsJPgC21GyUP8n/VQ1u9Q=="
unset user "futian" type auth
set user "futian" "enable"
set user "jinjian" uid 21
set user "jinjian" type l2tp
set user "jinjian" remote ippool "vpn_ippool"
set user "jinjian" remote ipaddr "172.16.250.21"
set user "jinjian" remote dns1 "172.20.0.20"
set user "jinjian" remote dns2 "172.20.0.10"
set user "jinjian" remote wins1 "172.20.0.20"
set user "jinjian" remote wins2 "172.20.0.10"
set user "jinjian" password "pmKAI+euNjx1cmskgaCvM6WO/In5ptJ35Q=="
unset user "jinjian" type auth
set user "jinjian" "enable"
set user "liuping" uid 27
set user "liuping" type l2tp
set user "liuping" remote ippool "vpn_ippool"
set user "liuping" remote ipaddr "172.16.250.43"
set user "liuping" remote dns1 "172.20.0.20"
set user "liuping" remote dns2 "172.20.0.10"
set user "liuping" remote wins1 "172.20.0.20"
set user "liuping" remote wins2 "172.20.0.10"
set user "liuping" password "dFC7q+QjNvaryyss2KCSfWdyFxn5o0ECvg=="
unset user "liuping" type auth
set user "liuping" "enable"
set user "nbmd" uid 31
set user "nbmd" type l2tp
set user "nbmd" remote ippool "vpn_ippool"
set user "nbmd" remote ipaddr "172.16.250.72"
set user "nbmd" remote dns1 "172.20.0.20"
set user "nbmd" remote dns2 "172.20.0.10"
set user "nbmd" remote wins1 "172.20.0.20"
set user "nbmd" remote wins2 "172.20.0.10"
set user "nbmd" password "CIyUmDZqN+pnL9sRskCxg3+aUAnRVBGXfg=="
unset user "nbmd" type auth
set user "nbmd" "enable"
set user "nbrx" uid 29
set user "nbrx" type l2tp
set user "nbrx" remote ippool "vpn_ippool"
set user "nbrx" remote ipaddr "172.16.250.45"
set user "nbrx" remote dns1 "172.20.0.20"
set user "nbrx" remote dns2 "172.20.0.10"
set user "nbrx" remote wins1 "172.20.0.20"
set user "nbrx" remote wins2 "172.20.0.10"
set user "nbrx" password "Sl18BNzoNPWeqJswfGCz8bfz8hnFarEXVA=="
unset user "nbrx" type auth
set user "nbrx" "enable"
set user "nbrx01" uid 30
set user "nbrx01" type l2tp
set user "nbrx" remote ippool "vpn_ippool"
set user "nbrx" remote ipaddr "172.16.250.46"set user "nbrx01" remote dns1 "172.20.0.20"
set user "nbrx01" remote dns2 "172.20.0.10"
set user "nbrx01" remote wins1 "172.20.0.20"
set user "nbrx01" remote wins2 "172.20.0.10"
set user "nbrx01" password "QgJLNhO1NVVLRusUdZClqwqh5fnh0HKcvA=="
unset user "nbrx01" type auth
set user "nbrx01" "enable"
set user "user001" uid 25
set user "user001" type l2tp
set user "user001" remote ippool "vpn_ippool"
set user "user001" remote ipaddr "172.16.250.70"
set user "user001" remote dns1 "172.20.0.20"
set user "user001" remote dns2 "8.8.8.8"
set user "user001" remote wins1 "172.20.0.20"
set user "user001" remote wins2 "8.8.8.8"
set user "user001" password "eJ+eUmp5NsOE56suymC+gZIUbdnVcq+sQw=="
unset user "user001" type auth
set user "user001" "enable"
set user "user002" uid 26
set user "user002" type l2tp
set user "user002" remote ippool "vpn_ippool"
set user "user002" remote ipaddr "172.16.250.71"
set user "user002" remote dns1 "172.20.0.20"
set user "user002" remote dns2 "172.20.0.10"
set user "user002" remote wins1 "172.20.0.20"
set user "user002" remote wins2 "172.20.0.10"
set user "user002" password "L6XunppJNbzN9RsdhYC3plWwMCnI66HodQ=="
unset user "user002" type auth
set user "user002" "enable"
set user "vpn001" uid 10
set user "vpn001" type l2tp
set user "vpn001" remote ippool "vpn_ippool"
set user "vpn001" remote ipaddr "172.16.250.31"
set user "vpn001" remote dns1 "172.20.0.20"
set user "vpn001" remote dns2 "172.20.0.10"
set user "vpn001" remote wins1 "172.20.0.20"
set user "vpn001" remote wins2 "172.20.0.10"
set user "vpn001" password "A+sgOa2qN6M/E3sGYQCw674djdnS60X4Iw=="
unset user "vpn001" type auth
set user "vpn001" "enable"
set user "vpn002" uid 11
set user "vpn002" type l2tp
set user "vpn002" remote ippool "vpn_ippool"
set user "vpn002" remote ipaddr "172.16.250.32"
set user "vpn002" remote dns1 "172.20.0.20"
set user "vpn002" remote dns2 "172.20.0.10"
set user "vpn002" remote wins1 "172.20.0.20"
set user "vpn002" remote wins2 "172.20.0.10"
set user "vpn002" password "KqyJfDgwNjll/Hs48zCW98WYvCngTd4x9g=="
unset user "vpn002" type auth
set user "vpn002" "enable"
set user "vpn003" uid 12
set user "vpn003" type l2tp
set user "vpn003" remote ippool "vpn_ippool"
set user "vpn003" remote ipaddr "172.16.250.33"
set user "vpn003" remote dns1 "172.20.0.20"
set user "vpn003" remote dns2 "172.20.0.10"
set user "vpn003" remote wins1 "172.20.0.20"
set user "vpn003" remote wins2 "172.20.0.10"
set user "vpn003" password "TFm2h0BINiGedhsg8XCHdEDMVInLn/j/vw=="
unset user "vpn003" type auth
set user "vpn003" "enable"
set user "vpn004" uid 13
set user "vpn004" type l2tp
set user "vpn004" remote ippool "vpn_ippool"
set user "vpn004" remote ipaddr "172.16.250.34"
set user "vpn004" remote dns1 "172.20.0.20"
set user "vpn004" remote dns2 "172.20.0.10"
set user "vpn004" remote wins1 "172.20.0.20"
set user "vpn004" remote wins2 "172.20.0.10"
set user "vpn004" password "lwTlKsbDN7PNZrsFydCzpvSFnUnzZHh5PQ=="
unset user "vpn004" type auth
set user "vpn004" "enable"
set user "vpn005" uid 14
set user "vpn005" type l2tp
set user "vpn005" remote ippool "vpn_ippool"
set user "vpn005" remote ipaddr "172.16.250.31"
set user "vpn005" remote dns1 "172.20.0.20"
set user "vpn005" remote dns2 "172.20.0.10"
set user "vpn005" remote wins1 "172.20.0.20"
set user "vpn005" remote wins2 "172.20.0.10"
set user "vpn005" password "fBQbgeLcNeV//OsXp8Cj0YVh9Tn4IspYIA=="
unset user "vpn005" type auth
set user "vpn005" "enable"
set user "vpn006" uid 15
set user "vpn006" type l2tp
set user "vpn006" remote ippool "vpn_ippool"
set user "vpn006" remote ipaddr "172.16.250.36"
set user "vpn006" remote dns1 "172.20.0.20"
set user "vpn006" remote dns2 "172.20.0.10"
set user "vpn006" remote wins1 "172.20.0.20"
set user "vpn006" remote wins2 "172.20.0.10"
set user "vpn006" password "PH3S8NcQNnRAyzsY5vCPiXEInenRQx2zPA=="
unset user "vpn006" type auth
set user "vpn006" "enable"
set user "vpn007" uid 16
set user "vpn007" type l2tp
set user "vpn007" remote ippool "vpn_ippool"
set user "vpn007" remote ipaddr "172.16.250.37"
set user "vpn007" remote dns1 "172.20.0.20"
set user "vpn007" remote dns2 "172.20.0.10"
set user "vpn007" remote wins1 "172.20.0.20"
set user "vpn007" remote wins2 "172.20.0.10"
set user "vpn007" password "bqU1GkyANsR29psjZrCpoiyOi0n4eBovqg=="
unset user "vpn007" type auth
set user "vpn007" "enable"
set user "vpn008" uid 17
set user "vpn008" type l2tp
set user "vpn008" remote ipaddr "172.16.250.38"
set user "vpn008" remote dns1 "172.20.0.20"
set user "vpn008" remote dns2 "172.20.0.10"
set user "vpn008" remote wins1 "172.20.0.20"
set user "vpn008" remote wins2 "172.20.0.10"
set user "vpn008" password "T5tnKaJ1NYhMnlsWMKCJsnZQP6n227RedA=="
unset user "vpn008" type auth
set user "vpn008" "enable"
set user "vpn009" uid 18
set user "vpn009" type l2tp
set user "vpn009" remote ippool "vpn_ippool"
set user "vpn009" remote ipaddr "172.16.250.39"
set user "vpn009" remote dns1 "172.20.0.20"
set user "vpn009" remote dns2 "172.20.0.10"
set user "vpn009" remote wins1 "172.20.0.20"
set user "vpn009" remote wins2 "172.20.0.10"
set user "vpn009" password "FYOrLk2kNpIhn2sdRDCIyT1NyenCPtXFPA=="
unset user "vpn009" type auth
set user "vpn009" "enable"
set user "vpn010" uid 19
set user "vpn010" type l2tp
set user "vpn010" remote ippool "vpn_ippool"
set user "vpn010" remote ipaddr "172.16.250.40"
set user "vpn010" remote dns1 "172.20.0.20"
set user "vpn010" remote dns2 "172.20.0.10"
set user "vpn010" remote wins1 "172.20.0.20"
set user "vpn010" remote wins2 "172.20.0.10"
set user "vpn010" password "Iofh+SL0N3hXcGsGdtC3je2RRSneNC07GA=="
unset user "vpn010" type auth
set user "vpn010" "enable"
set user "vpn011" uid 20
set user "vpn011" type l2tp
set user "vpn011" remote ippool "vpn_ippool"
set user "vpn011" remote ipaddr "172.16.250.41"
set user "vpn011" remote dns1 "172.20.0.20"
set user "vpn011" remote dns2 "172.20.0.10"
set user "vpn011" remote wins1 "172.20.0.20"
set user "vpn011" remote wins2 "172.20.0.10"
set user "vpn011" password "2CUXDiwGNm9CaQsJEoCDnMaspun8Z5z9pA=="
unset user "vpn011" type auth
set user "vpn011" "enable"
set user "vpn012" uid 24
set user "vpn012" type l2tp
set user "vpn012" remote ippool "vpn_ippool"
set user "vpn012" remote ipaddr "172.16.250.42"
set user "vpn012" remote dns1 "172.20.0.20"
set user "vpn012" remote dns2 "172.20.0.10"
set user "vpn012" remote wins1 "172.20.0.20"
set user "vpn012" remote wins2 "172.20.0.10"
set user "vpn012" password "pTtHWkdiNv2/VVs8kSCz7PhafVnjcDmyYQ=="
unset user "vpn012" type auth
set user "vpn012" "enable"
set user "zhangzihan" uid 28
set user "zhangzihan" type l2tp
set user "zhangzihan" remote ippool "vpn_ippool"
set user "zhangzihan" remote ipaddr "172.16.250.44"
set user "zhangzihan" remote dns1 "172.20.0.20"
set user "zhangzihan" remote dns2 "172.20.0.10"
set user "zhangzihan" remote wins1 "172.20.0.20"
set user "zhangzihan" remote wins2 "172.20.0.10"
set user "zhangzihan" password "UFqzTxwpN3o2DSs4HoCQi/QU5MnICFUgCwDkL0Z+/1uQu/UZ
qAMjdDQ="
unset user "zhangzihan" type auth
set user "zhangzihan" "enable"
set user-group "Vpn Group" id 1
set user-group "Vpn Group" user "admin"
set user-group "Vpn Group" user "futian"
set user-group "Vpn Group" user "jinjian"
set user-group "Vpn Group" user "liuping"
set user-group "Vpn Group" user "nbmd"
set user-group "Vpn Group" user "nbrx"
set user-group "Vpn Group" user "nbrx01"
set user-group "Vpn Group" user "user001"
set user-group "Vpn Group" user "user002"
set user-group "Vpn Group" user "vpn001"
set user-group "Vpn Group" user "vpn002"
set user-group "Vpn Group" user "vpn003"
set user-group "Vpn Group" user "vpn004"
set user-group "Vpn Group" user "vpn005"
set user-group "Vpn Group" user "vpn006"
set user-group "Vpn Group" user "vpn007"
set user-group "Vpn Group" user "vpn008"
set user-group "Vpn Group" user "vpn009"
set user-group "Vpn Group" user "vpn010"
set user-group "Vpn Group" user "vpn011"
set user-group "Vpn Group" user "vpn012"
set user-group "Vpn Group" user "zhangzihan"
set crypto-policy
exit
set ike gateway "der" address 183.16.195.110 Main local-id "1" outgoing-interfac
e "ethernet0/2" preshare "dBd6edTyNOmP/6s4gbCjmH0K2YneEX/FpQ==" sec-level standa
rd
set ike respond-bad-spi 1
set ike ikev2 ike-sa-soft-lifetime 60
unset ike ikeid-enumeration
unset ike dos-protection
unset ipsec access-session enable
set ipsec access-session maximum 5000
set ipsec access-session upper-threshold 0
set ipsec access-session lower-threshold 0
set ipsec access-session dead-p2-sa-timeout 0
unset ipsec access-session log-error
unset ipsec access-session info-exch-connected
unset ipsec access-session use-error-log
set vpn "DER" gateway "der" no-replay tunnel idletime 0 sec-level standard
set l2tp default dns1 172.20.0.20
set l2tp default dns2 8.8.8.8
set l2tp default ippool "vpn_ippool"
set l2tp default wins1 172.20.0.20
set l2tp default wins2 8.8.8.8
set l2tp "l2tp-vpn" id 1 outgoing-interface ethernet0/2 keepalive 60
set l2tp "l2tp-vpn" remote-setting ippool "vpn_ippool" dns1 172.20.0.20 dns2 172
.20.0.10 wins1 172.20.0.20 wins2 172.20.0.10
set l2tp "l2tp-vpn" auth server "Local" user-group "Vpn Group"
set l2tp "L2TP-200" id 2 outgoing-interface ethernet0/3 keepalive 60
set l2tp "L2TP-200" remote-setting ippool "vpn_ippool" dns1 172.20.0.20 dns2 172
.20.0.10 wins1 172.20.0.20 wins2 172.20.0.10
set l2tp "L2TP-200" auth server "Local" user-group "Vpn Group"
set url protocol websense
exit
set vpn "DER" proxy-id check
set policy id 1 from "Trust" to "Untrust"  "Any" "Any" "ANY" permit
set policy id 1
exit
set policy id 2 from "Untrust" to "Trust"  "Dial-Up VPN" "Any" "ANY" nat src tun
nel l2tp "l2tp-vpn" log
set policy id 2
set log session-init
exit
set policy id 7 from "Untrust" to "Trust"  "0.0.0.0/0" "0.0.0.0/0" "ANY" permit
set policy id 7
exit
set policy id 11 from "Untrust" to "Untrust"  "Any" "Any" "ANY" permit
set policy id 11
exit
set policy id 12 from "Untrust" to "Global"  "0.0.0.0/0" "Any" "ANY" permit
set policy id 12
exit
set policy id 13 name "Dial VPN200" from "Untrust" to "Trust"  "Dial-Up VPN" "An
y" "ANY" tunnel l2tp "L2TP-200" log
set policy id 13
exit
set pppoe name "WAN2"
set pppoe name "WAN2" username "0755XXXX@163.gd" password "z+/8AllFNwp125s2l
hCsiQ0HVCn513A4SA=="
set pppoe name "WAN2" ppp lcp-echo-retries 10
set pppoe name "WAN2" ppp lcp-echo-timeout 180
set pppoe name "WAN200"
set pppoe name "WAN200" username "0755XXXX@163.gd" password "6fsSOQs0NIZxFfs
L/ICs43B+gFnUuWRA7Q=="
set pppoe name "WAN200" interface ethernet0/3
set pppoe name "WAN200" ppp lcp-echo-retries 10
set pppoe name "WAN200" ppp lcp-echo-timeout 180
set pppoe name "WAN100"
set pppoe name "WAN100" username "0755XXXX@163.gd" password "p7iB7njbNgQRScs
uMJChLbRltQnVYHWqbQ=="
set pppoe name "WAN100" ppp lcp-echo-retries 10
set pppoe name "WAN100" ppp lcp-echo-timeout 180
set nsmgmt bulkcli reboot-timeout 60
set ssh version v2
set ssh enable
set config lock timeout 5
unset license-key auto-update
set telnet client enable
set ssl port 5443
set snmp port listen 161
set snmp port trap 162
set snmpv3 local-engine id "JN12336D0ADA"
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
unset add-default-route
set route 172.20.0.0/20 interface ethernet0/0 gateway 172.20.1.2
set route 0.0.0.0/0 interface ethernet0/2 gateway 61.XXXXXXXXX description "DF
"
set access-list extended 10 src-ip 172.20.5.0/24 dst-ip 0.0.0.0/0 src-port 1-655
35 dst-port 1-65535 protocol any tos 10 entry 10
set match-group name 10
set match-group 10 ext-acl 10 match-entry 10
set action-group name 10
set action-group 10 next-interface ethernet0/3 action-entry 10
set pbr policy name 10
set pbr policy 10 match-group 10 action-group 10 10
set pbr 10
exit
set interface ethernet0/0 pbr 10
set zone Trust pbr 10
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
exit
SSG520->

 

jekc868
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 打赏
    打赏
  • 0
    评论
netscreen 防火墙OS (ssg500.6.1.0r6.0)适用SSG520&550&520M&550M
05-17
netscreen 防火墙 操作系统 OS 升级文件 适用SSG520&550&520M&550M
Juniper-SSG系列-L2TP-***配置实例
weixin_34101784的博客
06-12 827
首先先把思路理清,然后我们再开始进行配置。步骤:ip-pooluser-locallocal-groupl2tp-default settingtunnelpolicyuntrust-trust在做之前,一定切记,不要把分配给×××用户的虚拟地址和内网trust区域的server-ip地址冲突<<<<<<<<<<&l...
JUNIPER双线拨号×××配置
weixin_34249678的博客
02-15 497
以下配置是JUNIPER双线拨号×××配置: set clock timezone 0 set vrouter trust-vr sharable set vrouter "untrust-vr" exit set vrouter "trust-vr" unset auto-route-export exit set alg appleichat enable...
南京呼叫中心防火墙配置(备份)
weixin_30740295的博客
08-03 267
set clock timezone 0set vrouter trust-vr sharableset vrouter "untrust-vr"exitset vrouter "trust-vr"unset auto-route-exportexitset service "RDP-8888" protocol tcp src-port 1-65535 dst-port 8888-8888 se...
juniper配置文档
06-20
JUNIPER配置如下: set clock timezone 8 set clock dst recurring start-weekday 2 0 3 02:00 end-weekday 1 0 11 02:00 set vrouter trust-vr sharable set vrouter "untrust-vr"
juniper ssg5 简易配置手册
08-29
《Juniper SSG5简易配置手册》旨在帮助用户快速熟悉并掌握Juniper SSG5设备的配置和操作。本文将详细解析配置过程中的关键步骤,包括设备登录、时间设置、接口配置、授权管理、接口服务设定、设备命名与域设置、默认...
Juniper_SSG_5新手配置手册.pdf
12-20
Juniper SSG5 新手配置PDF手册
Juniper SSG 550M 520M Software 6.3.0r23 软件
10-10
Juniper SSG 500 系列升级软件 6.3.0r23。 MD5: b312b84730f3d9899a46d905838d92f8 SHA1: 28c5a254ceda1b819a1625ac66216836369df95d 升级前需要更新Image Authentication Key 升级说明: ...
JuniperSSG5防火墙中文版配置手册范本.pdf
05-25
JuniperSSG5防火墙中文版配置手册范本.pdfJuniperSSG5防火墙中文版配置手册范本.pdfJuniperSSG5防火墙中文版配置手册范本.pdfJuniperSSG5防火墙中文版配置手册范本.pdfJuniperSSG5防火墙中文版配置手册范本.pdf
Juniper SSG 140配置案例
11-26
Juniper SSG 140配置简单方法,写得很清楚,对防火墙的认识可以有一定的帮助!
juniper ssg 常用命令
weixin_30757793的博客
06-30 2194
netscreen juniper ssg操作命令 2013年4月10日 命令行下取得配置信息 get config 命令行下取得相应时间设置 get clock set vrouter trust-vr sharable 设置虑拟路由器trust-vr可以为其他VSYS系统共享 set vrouter "untrust-vr"...
Juniper SSG 防火墙
潇峰的博客
08-25 1080
win10无法登陆SSG进行WEB UI管理故障描述:尝试登录SSG设备时,无法无法刷出页面,但是设备时可以ping通的(内部接口),可以Telnet上设备,就是无法通过网页登录。深入测试:win7的系统可以登录,win10的不行,浏览器报协议版本或加密算法不支持。故障分析:这种情况下,可能是由于防火墙的加密算法的问题。 1、con到设备:SSG320M-> get ssh ...
Juniper Netscreen 防火墙支持IPV6 配置
IT民工专栏
06-17 1947
原文链接:Juniper Netscreen 防火墙支持IPV6 配置(http://devops.weiminginfo.com/network/1155.html) 版本升级 Juniper 官方建议升级至screenOS 6.3.0以后版本,升级步骤详见另一篇文章http://devops.weiminginfo.com/network/1148.html 配置步骤 1.开启ipv6...
全新Juniper SSG140基础配置
最新发布
a635161812的博客
08-28 2904
​记录一个新设备的配置参考文章juniper防火墙配置手册wktsJuniper SRX详细配置手册(含注释)Juniper ssg 550m 基本设置,双线路接入,策略路由及线路监测单台Junipr SSG双ISP接入juniper Netscreen防火墙策略路由配置e0/2-10.1.165.211-代理10.1.180.3-210.83.222.85。
Juniper Firewall多进单出配制实例
weixin_33730836的博客
07-26 260
Technorati 标签: juniper,多进单出,配置实例,firewall Juniper firewall多進單出配置。想法是這樣的用一台firewall將這幾條ISP線路都接入,再通過一個trunk口出來,通過一台L2 switch劃分出幾個VLAN,分別對應不同的ISP線路。這樣做的好處就不多说了,最起码省了在firewall上使用的端口吧,嘎嘎。可能你會擔心端口帶寬問題。試驗用的...
Juniper Netscreen Policy-based S2S Virtual-Private-Network Setup
weixin_47485680的博客
02-24 419
Step by step to show how to setup policy based s2s vpn for Juniper Netscreen SSG520
Juniper SSG520 防火墙MIP配置
weixin_34408624的博客
09-07 723
MIP 是“一对一”的双向地址翻译(转换)过程。通常的情况是:有若干个公网IP地址,又存在若干的对外提供网络服务的服务器服务器使用私有IP地址), 为了实现互联网用户访问这些服务器,可在Internet出口的防火墙上建立公网IP地址与服务器私有IP地址之间的一对一映射(MIP),并通过策略实 现对服务器所提供服务进行访问控制。 我们用10.17.100.250...
Auth0 和 Authing,谁是身份云的高脚杯
Authing的博客
08-26 1180
当使用 Serverless 开发应用程序时,我一直在探索无服务器身份认证的可能性,当我对比了 Auth0 和 Authing 后非常激动:我发现自己需要做的工作非常少,而且可以解决很多麻烦! 我虽然不是安全专家,但是实现过一些不同的身份认证系统,我遇到了很多挑战,我花费了很多时间弄清楚如何把这件事做的更好。幸运的是,我发现了一些做身份管理和身份认证的 SaaS 平台,有时也被称为 IDaaS 服务。我非常建议用这类服务,而不是自己构建身份认证解决方案。 身份认证是通过使用用户名、密码等登录方..
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包

打赏作者

jekc868

你的鼓励将是我创作的最大动力

¥1 ¥2 ¥4 ¥6 ¥10 ¥20
扫码支付:¥1
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值