远程用户-------internet-------F100 采用l2tp方式
sysname XXXX //设备名称
#
l2tp enable // 开启l2tp 功能
#
firewall packet-filter enable
firewall packet-filter default permit
#
undo connection-limit enable
connection-limit default deny
connection-limit default amount upper-limit 50 lower-limit 20
#
firewall statistic system enable
#
radius scheme system
server-type extended
#
domain system
ip pool 1 192.1.2.2 192.1.2.10
#
local-user admin
password cipher .]@USE=B,53Q=^Q`MAF4<1!!
service-type telnet terminal
level 3
#
l2tp enable // 开启l2tp 功能
#
firewall packet-filter enable
firewall packet-filter default permit
#
undo connection-limit enable
connection-limit default deny
connection-limit default amount upper-limit 50 lower-limit 20
#
firewall statistic system enable
#
radius scheme system
server-type extended
#
domain system
ip pool 1 192.1.2.2 192.1.2.10
#
local-user admin
password cipher .]@USE=B,53Q=^Q`MAF4<1!!
service-type telnet terminal
level 3
local-user xxx
//
配置拨号用户
password simple 123456
service-type ppp
interface Virtual-Template1 // 配置虚拟接口模板1 及其验证方式
ppp authentication-mode pap
ip address 192.168.2.1 255.255.255.0
remote address pool 1
#
interface Ethernet1/0
ip address 172.16.2.2 255.255.255.252
#
interface Ethernet2/0
speed 10
duplex half
ip address 60.6.3.136 255.255.255.0
#
interface NULL0
#
firewall zone local
set priority 100
#
firewall zone trust //把虚拟接口模板添加进入安全域<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
add interface Ethernet1/0
add interface Virtual-Template1
set priority 85
#
firewall zone untrust
add interface Ethernet2/0
set priority 5
#
firewall zone DMZ
set priority 50
#
firewall interzone local trust
#
firewall interzone local untrust
#
firewall interzone local DMZ
#
firewall interzone trust untrust
#
firewall interzone trust DMZ
#
firewall interzone DMZ untrust
#
l2tp-group 1 //配置l2tp组 1
undo tunnel authentication //取消隧道验证
allow l2tp virtual-template 1 //配置使用名字的方式发起l2tp连接
#
FTP server enable
#
telnet source-interface Ethernet1/0
#
undo dhcp enable
#
ip route-static 0.0.0.0 0.0.0.0 60.6.3.1 preference 60 //配置静态默认路由
ip route-static 192.1.100.0 255.255.255.0 172.16.2.1 preference 60 //配置到内网静态路由
ip route-static 192.2.100.0 255.255.255.0 172.16.2.1 preference 60 //配置到内网静态路由
#
user-interface con 0
user-interface vty 0 4
authentication-mode scheme
#
return
password simple 123456
service-type ppp
interface Virtual-Template1 // 配置虚拟接口模板1 及其验证方式
ppp authentication-mode pap
ip address 192.168.2.1 255.255.255.0
remote address pool 1
#
interface Ethernet1/0
ip address 172.16.2.2 255.255.255.252
#
interface Ethernet2/0
speed 10
duplex half
ip address 60.6.3.136 255.255.255.0
#
interface NULL0
#
firewall zone local
set priority 100
#
firewall zone trust //把虚拟接口模板添加进入安全域<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
add interface Ethernet1/0
add interface Virtual-Template1
set priority 85
#
firewall zone untrust
add interface Ethernet2/0
set priority 5
#
firewall zone DMZ
set priority 50
#
firewall interzone local trust
#
firewall interzone local untrust
#
firewall interzone local DMZ
#
firewall interzone trust untrust
#
firewall interzone trust DMZ
#
firewall interzone DMZ untrust
#
l2tp-group 1 //配置l2tp组 1
undo tunnel authentication //取消隧道验证
allow l2tp virtual-template 1 //配置使用名字的方式发起l2tp连接
#
FTP server enable
#
telnet source-interface Ethernet1/0
#
undo dhcp enable
#
ip route-static 0.0.0.0 0.0.0.0 60.6.3.1 preference 60 //配置静态默认路由
ip route-static 192.1.100.0 255.255.255.0 172.16.2.1 preference 60 //配置到内网静态路由
ip route-static 192.2.100.0 255.255.255.0 172.16.2.1 preference 60 //配置到内网静态路由
#
user-interface con 0
user-interface vty 0 4
authentication-mode scheme
#
return
转载于:https://blog.51cto.com/hbxtyzh/77350
6650
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
