dialer-rule 20 ip permit
interface Dialer1
link-protocol ppp
ppp chap user user
ppp chap password cipher 1234abcd..
ppp pap local-user user password cipher 1234abcd..
ppp ipcp dns admit-any
alias Dialer1
ip address ppp-negotiate
dialer user test
dialer-group 20 /须确保命令dialer-group中的参数group-number和dialer-rule中的参数group-number保持一致
dialer bundle 1
interface GigabitEthernet 0/0/0
pppoe-client dial-bundle-number 1
[USG] firewall zone untrust
[USG-zone-untrust] add interface GigabitEthernet 0/0/0
[USG-zone-untrust] add interface dialer 1
[USG-zone-untrust] quit
[USG] firewall zone trust
[USG-zone-trust] add interface vlanif 1
[USG-zone-trust] add interface Ethernet 6/0/0
[USG-zone-trust] add interface Ethernet 6/0/1
[USG-zone-trust] quit
# 域间配置NAT和包过滤。
[USG] policy interzone trust untrust outbound
[USG-policy-interzone-trust-untrust-outbound] policy 0
[USG-policy-interzone-trust-untrust-outbound-0] policy source 10.1.1.0 0.0.0.255
[USG-policy-interzone-trust-untrust-outbound-0] action permit
[USG-policy-interzone-trust-untrust-outbound-0] quit
[USG-policy-interzone-trust-untrust-outbound] quit
[USG] nat-policy interzone trust untrust outbound
[USG-nat-policy-interzone-trust-untrust-outbound] policy 1
[USG-nat-policy-interzone-trust-untrust-outbound-1] action source-nat
[USG-nat-policy-interzone-trust-untrust-outbound-1] policy source 10.1.1.0 0.0.0.255
[USG-nat-policy-interzone-trust-untrust-outbound-1] easy-ip dialer 1
[USG-nat-policy-interzone-trust-untrust-outbound-1] quit
[USG-nat-policy-interzone-trust-untrust-outbound] quit
[USG] dns proxy enable /配置DNS代理
[USG] dns server unnumbered interface dialer 1
[USG] ip route-static 0.0.0.0 0.0.0.0 Dialer 1 /配置静态路由。
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
