《H3C F100C防火墙配置IPSEC VPN+PPPOE》由会员分享,可在线阅读,更多相关《H3C F100C防火墙配置IPSEC VPN+PPPOE(10页珍藏版)》请在金锄头文库上搜索。
1、GGGXNanNingdis cur# sysname GGGXNanNing# clock timezone beijing add 08:00:00# ike local-name GGGXNanNing# firewall packet-filter enable firewall packet-filter default permit# insulate# dialer-rule 1 ip permit# firewall statistic system enable# DNS resolve DNS server 219.141.136.10 DNS server 219.150
2、.32.132 DNS server 221.5.88.88 DNS-proxy enable#radius scheme system server-type extended#domain system#local-user admin password cipher %=H2a4C5);Q=QMAF41! service-type telnet terminal level 3 service-type ftplocal-user croco password cipher %=H2a4C5);Q=QMAF41! service-type telnet level 3local-user
3、 gonggu password simple gg2009 service-type telnet terminal level 3local-user libin password cipher -Z17,-WZX;Q=QMAF41! service-type telnet level 3#ike dpd 1#ike peer g_bjdc exchange-mode aggressive pre-shared-key gonggu id-type name remote-name bjdc remote-address 219.141.188.57 nat traversal dpd 1
4、#ike peer g_shenzhen exchange-mode aggressive pre-shared-key gonggu id-type name remote-name shenzhen remote-address 121.35.247.177 nat traversal dpd 1#ipsec proposal esp-md5-des#ipsec policy ikepol 1 isakmp security acl 3000 pfs dh-group1 ike-peer g_bjdc proposal esp-md5-des#ipsec policy ikepol 2 i
5、sakmp security acl 3001 pfs dh-group1 ike-peer g_shenzhen proposal esp-md5-des#dhcp server ip-pool lan network 10.80.151.0 mask 255.255.255.0 gateway-list 10.80.151.254 dns-list 10.2.1.1 10.2.1.2 61.139.2.69#acl number 3000 rule 10 permit ip source 10.80.151.0 0.0.0.255 destination 10.0.0.0 0.63.255
6、.255 logging rule 20 deny ip loggingacl number 3001 rule 10 permit ip source 10.80.151.0 0.0.0.255 destination 10.80.0.0 0.0.127.255 logging rule 20 deny ip loggingacl number 3002 rule 10 deny ip source 10.80.151.0 0.0.0.255 destination 10.0.0.0 0.63.255.255logging rule 20 deny ip source 10.80.151.0
7、 0.0.0.255 destination 10.80.0.0 0.0.127.255logging rule 30 permit ip source 10.80.151.0 0.0.0.255#interface Aux0 async mode flow#interface Dialer1 link-protocol ppp ppp pap local-user 07715384406 password simple 11111111 mtu 1400 tcp mss 1300 ip address ppp-negotiate dialer user fh dialer-group 1 d
8、ialer bundle 1 nat outbound 3002 ipsec policy ikepol#interface Ethernet0/0 ip address 10.80.151.254 255.255.255.0#interface Ethernet0/1#interface Ethernet0/2#interface Ethernet0/3#interface Ethernet0/4 speed 10 duplex full pppoe-client dial-bundle-number 1 mtu 1370 tcp mss 1340 ip address dhcp-alloc
9、#interface Encrypt1/0#interface NULL0#firewall zone local set priority 100#firewall zone trust add interface Ethernet0/0 set priority 85#firewall zone untrust add interface Ethernet0/4 add interface Dialer1 set priority 5#firewall zone DMZ set priority 50#firewall interzone local trust#firewall inte
10、rzone local untrust#firewall interzone local DMZ#firewall interzone trust untrust#firewall interzone trust DMZ#firewall interzone DMZ untrust#ddns-server 3322.org ddns username guangxi01 ddns password 88888888 ddns domainname guangxi01.3322.org ddns source-interface Dialer1# FTP server enable# dhcp
11、server forbidden-ip 10.80.151.200 10.80.151.254# ip route-static 0.0.0.0 0.0.0.0 Dialer 1 preference 60#user-interface con 0user-interface aux 0user-interface vty 0 4 authentication-mode scheme#returnGGGXNanNing* Copyright(c) 2004-2009 Hangzhou H3C Technologies Co., Ltd. All rights reserved.* Withou
12、t the owners prior written consent, * no decompiling or reverse-engineering shall be allowed. *User interface con0 is available.Please press ENTER.%Nov 9 17:03:55:756 2010 GGGXNanNing SHELL/4/LOGIN: Console login from con0dis cur# sysname GGGXNanNing# clock timezone beijing add 08:00:00# ike local-n
13、ame GGGXNanNing# firewall packet-filter enable firewall packet-filter default permit# insulate# dialer-rule 1 ip permit# firewall statistic system enable# DNS resolve DNS server 219.141.136.10 DNS server 219.150.32.132 DNS server 221.5.88.88 DNS-proxy enable#radius scheme system server-type extended#domain system#local-user admin password cipher %=H2a4C5);Q=QMAF41! service-type telnet terminal level 3 service-type ftplocal-user croco password cipher %=H2a4C5);Q=QMAF41! service-type telnet level 3local-user gonggu password simple gg2009 service-type telnet
