[Eudemon]dis cur<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
#
acl number 3001
rule 0 permit ip
#
sysname Eudemon
#
l2tp enable
#
firewall packet-filter default permit interzone local trust direction inbound
firewall packet-filter default permit interzone local trust direction outbound
firewall packet-filter default permit interzone local untrust direction inbound
firewall packet-filter default permit interzone local untrust direction outbound
firewall packet-filter default permit interzone trust untrust direction inbound
firewall packet-filter default permit interzone trust untrust direction outbound
#
nat server protocol tcp global 61.167.117.162 www inside 10.65.240.47 www
nat server protocol tcp global 61.167.117.162 9100 inside 10.65.240.47 9100
nat server protocol udp global 61.167.117.162 any inside 10.65.240.47 any
nat server protocol tcp global 61.167.117.163 www inside 10.65.240.48 www
nat server protocol tcp global 61.167.117.163 8011 inside 10.65.240.48 8011
nat server protocol tcp global 61.167.117.163 8012 inside 10.65.240.48 8012
nat server protocol tcp global 61.167.117.163 8013 inside 10.65.240.48 8013
nat server protocol tcp global 61.167.117.163 8014 inside 10.65.240.48 8014
nat server protocol tcp global 61.167.117.163 8015 inside 10.65.240.48 8015
nat server protocol icmp global 61.167.117.162 inside 10.65.240.47
nat server protocol icmp global 61.167.117.163 inside 10.65.240.48
#
bypass switch-back auto
#
firewall statistic system enable
#
interface Aux0
async mode flow
link-protocol ppp
#
interface Ethernet0/0/0
ip address 10.65.240.44 255.255.128.0
#
interface Ethernet0/0/1
ip address 61.167.117.239 255.255.255.0
#
interface Virtual-Template1
ppp authentication-mode chap
ip address 192.168.130.1 255.255.255.0
remote address pool 1
#
interface NULL0
#
firewall zone local
set priority 100
#
firewall zone trust
set priority 85
add interface Ethernet0/0/0
#
firewall zone untrust
set priority 5
add interface Ethernet0/0/1
add interface Virtual-Template1
#
firewall zone dmz
set priority 50
#
firewall zone vzone
set priority 0
#
firewall interzone local untrust
packet-filter 3001 inbound
packet-filter 3001 outbound
#
l2tp-group 1
undo tunnel authentication
allow l2tp virtual-template 1
tunnel name lns
#
aaa
local-user cisco password simple 73o211
local-user cisco service-type ppp
local-user datapart password simple catv2006
local-user datapart service-type telnet
local-user datapart level 3
ip pool 1 192.168.130.10 192.168.130.50
#
authentication-scheme default
authentication-scheme datapart
authentication-mode local aaa
#
authorization-scheme default
#
accounting-scheme default
#
domain default
#
#
slb
#
ip route-static 0.0.0.0 0.0.0.0 61.167.117.252
#
user-interface con 0
user-interface aux 0
authentication-mode none
user-interface vty 0 4
authentication-mode aaa
#
return
转载于:https://blog.51cto.com/sunrc/323661