防火墙linux防火墙设置
linux防火墙设置 时间:2021-04-14 阅读:()
知赵彪2007-11-28发表SecPath防火墙和Eudemon防火墙实现IPSEC互通的典型配置SecPath防火墙和Eudemon防火墙实现IPSEC互通的典型配置一、组网需求:SecPath防火墙和Eudemon防火墙做IPSECVPN互通.
二、组网图三、配置信息1.
SecPathF1000-A的主要配置#sysnameSecPathF1000-A#ikelocal-namefenzhi#firewallpacket-filterenablefirewallpacket-filterdefaultpermit#ikepeer1exchange-modeaggressivepre-shared-key123id-typenameremote-namezhongxinremote-address202.
38.
1.
1nattraversal#ipsecproposal1#ipsecpolicypol11isakmpsecurityacl3000ike-peer1proposal1#aclnumber3000rule0permitipsource192.
168.
2.
00.
0.
0.
255destination192.
168.
1.
00.
0.
0.
255#interfaceGigabitEthernet0/0ipaddress202.
38.
1.
2255.
255.
255.
0ipsecpolicypol1#interfaceGigabitEthernet0/1ipaddress192.
168.
2.
1255.
255.
255.
0#firewallzonetrustaddinterfaceGigabitEthernet0/1setpriority85#firewallzoneuntrustaddinterfaceGigabitEthernet0/0setpriority5#iproute-static0.
0.
0.
00.
0.
0.
0202.
38.
1.
1preference60#2.
Eudemon200的主要配置#sysnameEudemon200#ikelocal-namezhongxin#firewallpacket-filterdefaultpermitinterzonelocaltrustdirectioninboundfirewallpacket-filterdefaultpermitinterzonelocaltrustdirectionoutboundfirewallpacket-filterdefaultpermitinterzonelocaluntrustdirectioninboundfirewallpacket-filterdefaultpermitinterzonelocaluntrustdirectionoutboundfirewallpacket-filterdefaultpermitinterzonelocalDMZdirectioninboundfirewallpacket-filterdefaultpermitinterzonelocalDMZdirectionoutboundfirewallpacket-filterdefaultpermitinterzonetrustuntrustdirectioninboundfirewallpacket-filterdefaultpermitinterzonetrustuntrustdirectionoutboundfirewallpacket-filterdefaultpermitinterzonetrustDMZdirectioninboundfirewallpacket-filterdefaultpermitinterzonetrustDMZdirectionoutboundfirewallpacket-filterdefaultpermitinterzoneDMZuntrustdirectioninboundfirewallpacket-filterdefaultpermitinterzoneDMZuntrustdirectionoutbound#natalgenableftpnatalgenablednsnatalgenableicmpnatalgenablenetbiosundonatalgenableh323undonatalgenablehwccundonatalgenableilsundonatalgenablepptpundonatalgenableqqundonatalgenablemsnundonatalgenableuser-define#firewallstatisticsystemenable#ikepeer1exchange-modeaggressivepre-shared-key123local-id-typenameremote-namefenzhinattraversal#ipsecproposal1#ipsecpolicy-templatetemp1ike-peer1proposal1#ipsecpolicypol11isakmptemplatetemp#interfaceEthernet0/0/0ipaddress202.
38.
1.
1255.
255.
255.
0ipsecpolicypol1#interfaceEthernet0/0/1ipaddress192.
168.
1.
1255.
255.
255.
0#firewallzonetrustaddinterfaceEthernet0/0/1setpriority85#firewallzoneuntrustaddinterfaceEthernet0/0/0setpriority5#iproute-static0.
0.
0.
00.
0.
0.
0202.
38.
1.
2#四、配置关键点略.
二、组网图三、配置信息1.
SecPathF1000-A的主要配置#sysnameSecPathF1000-A#ikelocal-namefenzhi#firewallpacket-filterenablefirewallpacket-filterdefaultpermit#ikepeer1exchange-modeaggressivepre-shared-key123id-typenameremote-namezhongxinremote-address202.
38.
1.
1nattraversal#ipsecproposal1#ipsecpolicypol11isakmpsecurityacl3000ike-peer1proposal1#aclnumber3000rule0permitipsource192.
168.
2.
00.
0.
0.
255destination192.
168.
1.
00.
0.
0.
255#interfaceGigabitEthernet0/0ipaddress202.
38.
1.
2255.
255.
255.
0ipsecpolicypol1#interfaceGigabitEthernet0/1ipaddress192.
168.
2.
1255.
255.
255.
0#firewallzonetrustaddinterfaceGigabitEthernet0/1setpriority85#firewallzoneuntrustaddinterfaceGigabitEthernet0/0setpriority5#iproute-static0.
0.
0.
00.
0.
0.
0202.
38.
1.
1preference60#2.
Eudemon200的主要配置#sysnameEudemon200#ikelocal-namezhongxin#firewallpacket-filterdefaultpermitinterzonelocaltrustdirectioninboundfirewallpacket-filterdefaultpermitinterzonelocaltrustdirectionoutboundfirewallpacket-filterdefaultpermitinterzonelocaluntrustdirectioninboundfirewallpacket-filterdefaultpermitinterzonelocaluntrustdirectionoutboundfirewallpacket-filterdefaultpermitinterzonelocalDMZdirectioninboundfirewallpacket-filterdefaultpermitinterzonelocalDMZdirectionoutboundfirewallpacket-filterdefaultpermitinterzonetrustuntrustdirectioninboundfirewallpacket-filterdefaultpermitinterzonetrustuntrustdirectionoutboundfirewallpacket-filterdefaultpermitinterzonetrustDMZdirectioninboundfirewallpacket-filterdefaultpermitinterzonetrustDMZdirectionoutboundfirewallpacket-filterdefaultpermitinterzoneDMZuntrustdirectioninboundfirewallpacket-filterdefaultpermitinterzoneDMZuntrustdirectionoutbound#natalgenableftpnatalgenablednsnatalgenableicmpnatalgenablenetbiosundonatalgenableh323undonatalgenablehwccundonatalgenableilsundonatalgenablepptpundonatalgenableqqundonatalgenablemsnundonatalgenableuser-define#firewallstatisticsystemenable#ikepeer1exchange-modeaggressivepre-shared-key123local-id-typenameremote-namefenzhinattraversal#ipsecproposal1#ipsecpolicy-templatetemp1ike-peer1proposal1#ipsecpolicypol11isakmptemplatetemp#interfaceEthernet0/0/0ipaddress202.
38.
1.
1255.
255.
255.
0ipsecpolicypol1#interfaceEthernet0/0/1ipaddress192.
168.
1.
1255.
255.
255.
0#firewallzonetrustaddinterfaceEthernet0/0/1setpriority85#firewallzoneuntrustaddinterfaceEthernet0/0/0setpriority5#iproute-static0.
0.
0.
00.
0.
0.
0202.
38.
1.
2#四、配置关键点略.
MineServer:洛杉矶CN2 GIA VPS/512MB内存/20GB NVME/800GB流量/200Mbps/KVM,58元/季
mineserver怎么样?mineserver是一家国人商家,主要提供香港CN2 KVM VPS、香港CMI KVM VPS、日本CN2 KVM VPS、洛杉矶cn2 gia端口转发等服务,之前介绍过几次,最近比较活跃。这家新推出了洛杉矶CN2 GIA VPS,512MB内存/20GB NVME/800GB流量/200Mbps/KVM,58元/季,并且进行了带宽升级,同时IP更改为美国IP。点击...
阿里云香港 16核32G 20M 999元/月
阿里云香港配置图提速啦是成立于2012年的十分老牌的一个商家这次给大家评测的是 阿里云香港 16核32G 20M 这款产品,单单说价格上就是十分的离谱原价8631元/月的现价只要 999元 而且还有个8折循环优惠。废话不多说直接进入正题。优惠时间 2021年8月20日-2021年9月20日 优惠码 wn789 8折优惠阿里云香港BGP专线 16核32G 10M带宽 优惠购买 399元购买链接阿里云...
BuyVM迈阿密KVM上线,AMD Ryzen 3900X+NVMe硬盘$2/月起
BuyVM在昨天宣布上线了第四个数据中心产品:迈阿密,基于KVM架构的VPS主机,采用AMD Ryzen 3900X CPU,DDR4内存,NVMe硬盘,1Gbps带宽,不限制流量方式,最低$2/月起,支持Linux或者Windows操作系统。这是一家成立于2010年的国外主机商,提供基于KVM架构的VPS产品,数据中心除了新上的迈阿密外还包括美国拉斯维加斯、新泽西和卢森堡等,主机均为1Gbps带...
linux防火墙设置为你推荐
-
phpweb破解怎样破解握手包sns平台SNS分类及代表性网站有哪些outlookexpressoutlook Express是什么啊?怎么用啊?360邮箱免费注册360账号-电子邮箱怎么填写?163yeah网易的163,126,yeah邮箱有什么不同?美要求解锁iPhone美版iphone6解锁怎么操作?internetexplorer无法打开Internet Explorer 无法打开?重庆电信dnsPSP上网急救!重庆电信的DNS是多少啊?123456hdAPP上面带有HD是啥意思discuz伪静态DZ怎么开启全站伪静态