H3C F00C防火墙配置IPSEC VPN+PPPOE.docx
《H3C F00C防火墙配置IPSEC VPN+PPPOE.docx》由会员分享,可在线阅读,更多相关《H3C F00C防火墙配置IPSEC VPN+PPPOE.docx(13页珍藏版)》请在冰豆网上搜索。
H3CF00C防火墙配置IPSECVPN+PPPOE
[GGGXNanNing]discur
#
sysnameGGGXNanNing
#
clocktimezonebeijingadd08:
00:
00
#
ikelocal-nameGGGXNanNing
#
firewallpacket-filterenable
firewallpacket-filterdefaultpermit
#
insulate
#
dialer-rule1ippermit
#
firewallstatisticsystemenable
#
DNSresolve
DNSserver219.141.136.10
DNSserver219.150.32.132
DNSserver221.5.88.88
DNS-proxyenable
#
radiusschemesystem
server-typeextended
#
domainsystem
#
local-useradmin
passwordcipher%=H"2a4C5);Q=^Q`MAF4<1!
!
service-typetelnetterminal
level3
service-typeftp
local-usercroco
passwordcipher%=H"2a4C5);Q=^Q`MAF4<1!
!
service-typetelnet
level3
local-usergonggu
passwordsimplegg2009
service-typetelnetterminal
level3
local-userlibin
passwordcipher-[Z17,-WZX;Q=^Q`MAF4<1!
!
service-typetelnet
level3
#
ikedpd1
#
ikepeerg_bjdc
exchange-modeaggressive
pre-shared-keygonggu
id-typename
remote-namebjdc
remote-address219.141.188.57
nattraversal
dpd1
#
ikepeerg_shenzhen
exchange-modeaggressive
pre-shared-keygonggu
id-typename
remote-nameshenzhen
remote-address121.35.247.177
nattraversal
dpd1
#
ipsecproposalesp-md5-des
#
ipsecpolicyikepol1isakmp
securityacl3000
pfsdh-group1
ike-peerg_bjdc
proposalesp-md5-des
#
ipsecpolicyikepol2isakmp
securityacl3001
pfsdh-group1
ike-peerg_shenzhen
proposalesp-md5-des
#
dhcpserverip-poollan
network10.80.151.0mask255.255.255.0
gateway-list10.80.151.254
dns-list10.2.1.110.2.1.261.139.2.69
#
aclnumber3000
rule10permitipsource10.80.151.00.0.0.255destination10.0.0.00.63.255.25
5logging
rule20denyiplogging
aclnumber3001
rule10permitipsource10.80.151.00.0.0.255destination10.80.0.00.0.127.25
5logging
rule20denyiplogging
aclnumber3002
rule10denyipsource10.80.151.00.0.0.255destination10.0.0.00.63.255.255
logging
rule20denyipsource10.80.151.00.0.0.255destination10.80.0.00.0.127.255
logging
rule30permitipsource10.80.151.00.0.0.255
#
interfaceAux0
asyncmodeflow
#
interfaceDialer1
link-protocolppp
0771*******
mtu1400
tcpmss1300
ipaddressppp-negotiate
dialeruserfh
dialer-group1
dialerbundle1
natoutbound3002
ipsecpolicyikepol
#
interfaceEthernet0/0
ipaddress10.80.151.254255.255.255.0
#
interfaceEthernet0/1
#
interfaceEthernet0/2
#
interfaceEthernet0/3
#
interfaceEthernet0/4
speed10
duplexfull
pppoe-clientdial-bundle-number1
mtu1370
tcpmss1340
ipaddressdhcp-alloc
#
interfaceEncrypt1/0
#
interfaceNULL0
#
firewallzonelocal
setpriority100
#
firewallzonetrust
addinterfaceEthernet0/0
setpriority85
#
firewallzoneuntrust
addinterfaceEthernet0/4
addinterfaceDialer1
setpriority5
#
firewallzoneDMZ
setpriority50
#
firewallinterzonelocaltrust
#
firewallinterzonelocaluntrust
#
firewallinterzonelocalDMZ
#
firewallinterzonetrustuntrust
#
firewallinterzonetrustDMZ
#
firewallinterzoneDMZuntrust
#
ddns-server3322.org
ddnsusernameguangxi01
ddnspassword88888888
ddnsdomainnameguangxi01.3322.org
ddnssource-interfaceDialer1
#
FTPserverenable
#
dhcpserverforbidden-ip10.80.151.20010.80.151.254
#
iproute-static0.0.0.00.0.0.0Dialer1preference60
#
user-interfacecon0
user-interfaceaux0
user-interfacevty04
authentication-modescheme
#
return
[GGGXNanNing]
********************************************************************************
*Copyright(c)2004-2009HangzhouH3CTechnologiesCo.,Ltd.Allrightsreserve
d.*
*Withouttheowner'spriorwrittenconsent,*
*nodecompilingorreverse-engineeringshallbeallowed.*
********************************************************************************
Userinterfacecon0isavailable.
PleasepressENTER.
%Nov917:
03:
55:
7562010GGGXNanNingSHELL/4/LOGIN:
Consoleloginfromcon0
discur
#
sysnameGGGXNanNing
#
clocktimezonebeijingadd08:
00:
00
#
ikelocal-nameGGGXNanNing
#
firewallpacket-filterenable
firewallpacket-filterdefaultpermit
#
insulate
#
dialer-rule1ippermit
#
firewallstatisticsystemenable
#
DNSresolve
DNSserver219.141.136.10
DNSserver219.150.32.132
DNSserver221.5.88.88
DNS-proxyenable
#
radiusschemesystem
server-typeextended
#
domainsystem
#
local-useradmin
passwordcipher%=H"2a4C5);Q=^Q`MAF4<1!
!
service-typetelnetterminal
level3
service-typeftp
local-usercroco
passwordcipher%=H"2a4C5);Q=^Q`MAF4<1!
!
service-typetelnet
level3
local-usergonggu
passwordsimplegg2009
service-typetelnetterminal
level3
local-userlibin
passwordcipher-[Z17,-WZX;Q=^Q`MAF4<1!
!
service-typetelnet
level3
#
ikedpd1
#
ikepeerg_bjdc
exchange-modeaggressive
pre-shared-keygonggu
id-typename
remote-namebjdc
remote-address219.141.188.57
nattraversal
dpd1
#
ikepeerg_shenzhen
exchange-modeaggressive
pre-shared-keygonggu
id-typename
remote-nameshenzhen
remote-address121.35.247.177
nattraversal
dpd1
#
ipsecproposalesp-md5-des
#
ipsecpolicyikepol1isakmp
securityacl3000
pfsdh-group1
ike-peerg_bjdc
proposalesp-md5-des
#
ipsecpolicyikepol2isakmp
securityacl3001
pfsdh-group1
ike-peerg_shenzhen
proposalesp-md5-des
#
dhcpserverip-poollan
network10.80.151.0mask255.255.255.0
gateway-list10.80.151.254
dns-list10.2.1.110.2.1.261.139.2.69
#
aclnumber3000
rule10permitipsource10.80.151.00.0.0.255destination10.0.0.00.63.255.25
5logging
rule20denyiplogging
aclnumber3001
rule10permitipsource10.80.151.00.0.0.255destination10.80.0.00.0.127.25
5logging
rule20denyiplogging
aclnumber3002
rule10denyipsource10.80.151.00.0.0.255destination10.0.0.00.63.255.255
logging
rule20denyipsource10.80.151.00.0.0.255destination10.80.0.00.0.127.255
logging
rule30permitipsource10.80.151.00.0.0.255
#
interfaceAux0
asyncmodeflow
#
interfaceDialer1
link-protocolppp
0771*******
mtu1400
tcpmss1300
ipaddressppp-negotiate
dialeruserfh
dialer-group1
dialerbundle1
natoutbound3002
ipsecpolicyikepol
#
interfaceEthernet0/0
ipaddress10.80.151.254255.255.255.0
#
interfaceEthernet0/1
#
interfaceEthernet0/2
#
interfaceEthernet0/3
#
interfaceEthernet0/4
speed10
duplexfull
pppoe-clientdial-bundle-number1
mtu1370
tcpmss1340
ipaddressdhcp-alloc
#
interfaceEncrypt1/0
#
interfaceNULL0
#
firewallzonelocal
setpriority100
#
firewallzonetrust
addinterfaceEthernet0/0
setpriority85
#
firewallzoneuntrust
addinterfaceEthernet0/4
addinterfaceDialer1
setpriority5
#
firewallzoneDMZ
setpriority50
#
firewallinterzonelocaltrust
#
firewallinterzonelocaluntrust
#
firewallinterzonelocalDMZ
#
firewallinterzonetrustuntrust
#
firewallinterzonetrustDMZ
#
firewallinterzoneDMZuntrust
#
ddns-server3322.org
ddnsusernameguangxi01
ddnspassword88888888
ddnsdomainnameguangxi01.3322.org
ddnssource-interfaceDialer1
#
FTPserverenable
#
dhcpserverforbidden-ip10.80.151.20010.80.151.254
#
iproute-static0.0.0.00.0.0.0Dialer1preference60
#
user-interfacecon0
user-interfaceaux0
user-interfacevty04
authentication-modescheme
#
return