Eudemon防火墙静态nat+l2tp ***

[Eudemon]dis cur<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />

#

acl number 3001

 rule 0 permit ip

#

 sysname Eudemon

#

 l2tp enable

#

 firewall packet-filter default permit interzone local trust direction inbound

 firewall packet-filter default permit interzone local trust direction outbound

 firewall packet-filter default permit interzone local untrust direction inbound

 firewall packet-filter default permit interzone local untrust direction outbound

 firewall packet-filter default permit interzone trust untrust direction inbound

 firewall packet-filter default permit interzone trust untrust direction outbound

#

 nat server protocol tcp global 61.167.117.162 www inside 10.65.240.47 www

 nat server protocol tcp global 61.167.117.162 9100 inside 10.65.240.47 9100

 nat server protocol udp global 61.167.117.162 any inside 10.65.240.47 any

 nat server protocol tcp global 61.167.117.163 www inside 10.65.240.48 www

 nat server protocol tcp global 61.167.117.163 8011 inside 10.65.240.48 8011

 nat server protocol tcp global 61.167.117.163 8012 inside 10.65.240.48 8012

 nat server protocol tcp global 61.167.117.163 8013 inside 10.65.240.48 8013

 nat server protocol tcp global 61.167.117.163 8014 inside 10.65.240.48 8014

 nat server protocol tcp global 61.167.117.163 8015 inside 10.65.240.48 8015

 nat server protocol icmp global 61.167.117.162 inside 10.65.240.47

 nat server protocol icmp global 61.167.117.163 inside 10.65.240.48

#

 bypass switch-back auto

#

 firewall statistic system enable

#

interface Aux0

 async mode flow

 link-protocol ppp

#

interface Ethernet0/0/0

 ip address 10.65.240.44 255.255.128.0

#

interface Ethernet0/0/1

 ip address 61.167.117.239 255.255.255.0

#

interface Virtual-Template1

 ppp authentication-mode chap

 ip address 192.168.130.1 255.255.255.0

 remote address pool 1

#

interface NULL0                           

#

firewall zone local

 set priority 100

#

firewall zone trust

 set priority 85

 add interface Ethernet0/0/0

#

firewall zone untrust

 set priority 5

 add interface Ethernet0/0/1

 add interface Virtual-Template1

#

firewall zone dmz

 set priority 50

#

firewall zone vzone

 set priority 0

#

firewall interzone local untrust

 packet-filter 3001 inbound

 packet-filter 3001 outbound             

#

l2tp-group 1

 undo tunnel authentication

 allow l2tp virtual-template 1

 tunnel name lns

#

aaa

 local-user cisco password simple 73o211

 local-user cisco service-type ppp

 local-user datapart password simple catv2006

 local-user datapart service-type telnet

 local-user datapart level 3

 ip pool 1 192.168.130.10 192.168.130.50

#

 authentication-scheme default

 authentication-scheme datapart

  authentication-mode  local  aaa

#

 authorization-scheme default

#

 accounting-scheme default

#

 domain default                          

#

#

 slb

#

 ip route-static 0.0.0.0 0.0.0.0 61.167.117.252

#

user-interface con 0

user-interface aux 0

 authentication-mode none

user-interface vty 0 4

 authentication-mode aaa

#

return

转载于:https://blog.51cto.com/sunrc/323661