防火墙linux防火墙设置
linux防火墙设置 时间:2021-04-14 阅读:()
知赵彪2007-11-28发表SecPath防火墙和Eudemon防火墙实现IPSEC互通的典型配置SecPath防火墙和Eudemon防火墙实现IPSEC互通的典型配置一、组网需求:SecPath防火墙和Eudemon防火墙做IPSECVPN互通.
二、组网图三、配置信息1.
SecPathF1000-A的主要配置#sysnameSecPathF1000-A#ikelocal-namefenzhi#firewallpacket-filterenablefirewallpacket-filterdefaultpermit#ikepeer1exchange-modeaggressivepre-shared-key123id-typenameremote-namezhongxinremote-address202.
38.
1.
1nattraversal#ipsecproposal1#ipsecpolicypol11isakmpsecurityacl3000ike-peer1proposal1#aclnumber3000rule0permitipsource192.
168.
2.
00.
0.
0.
255destination192.
168.
1.
00.
0.
0.
255#interfaceGigabitEthernet0/0ipaddress202.
38.
1.
2255.
255.
255.
0ipsecpolicypol1#interfaceGigabitEthernet0/1ipaddress192.
168.
2.
1255.
255.
255.
0#firewallzonetrustaddinterfaceGigabitEthernet0/1setpriority85#firewallzoneuntrustaddinterfaceGigabitEthernet0/0setpriority5#iproute-static0.
0.
0.
00.
0.
0.
0202.
38.
1.
1preference60#2.
Eudemon200的主要配置#sysnameEudemon200#ikelocal-namezhongxin#firewallpacket-filterdefaultpermitinterzonelocaltrustdirectioninboundfirewallpacket-filterdefaultpermitinterzonelocaltrustdirectionoutboundfirewallpacket-filterdefaultpermitinterzonelocaluntrustdirectioninboundfirewallpacket-filterdefaultpermitinterzonelocaluntrustdirectionoutboundfirewallpacket-filterdefaultpermitinterzonelocalDMZdirectioninboundfirewallpacket-filterdefaultpermitinterzonelocalDMZdirectionoutboundfirewallpacket-filterdefaultpermitinterzonetrustuntrustdirectioninboundfirewallpacket-filterdefaultpermitinterzonetrustuntrustdirectionoutboundfirewallpacket-filterdefaultpermitinterzonetrustDMZdirectioninboundfirewallpacket-filterdefaultpermitinterzonetrustDMZdirectionoutboundfirewallpacket-filterdefaultpermitinterzoneDMZuntrustdirectioninboundfirewallpacket-filterdefaultpermitinterzoneDMZuntrustdirectionoutbound#natalgenableftpnatalgenablednsnatalgenableicmpnatalgenablenetbiosundonatalgenableh323undonatalgenablehwccundonatalgenableilsundonatalgenablepptpundonatalgenableqqundonatalgenablemsnundonatalgenableuser-define#firewallstatisticsystemenable#ikepeer1exchange-modeaggressivepre-shared-key123local-id-typenameremote-namefenzhinattraversal#ipsecproposal1#ipsecpolicy-templatetemp1ike-peer1proposal1#ipsecpolicypol11isakmptemplatetemp#interfaceEthernet0/0/0ipaddress202.
38.
1.
1255.
255.
255.
0ipsecpolicypol1#interfaceEthernet0/0/1ipaddress192.
168.
1.
1255.
255.
255.
0#firewallzonetrustaddinterfaceEthernet0/0/1setpriority85#firewallzoneuntrustaddinterfaceEthernet0/0/0setpriority5#iproute-static0.
0.
0.
00.
0.
0.
0202.
38.
1.
2#四、配置关键点略.
二、组网图三、配置信息1.
SecPathF1000-A的主要配置#sysnameSecPathF1000-A#ikelocal-namefenzhi#firewallpacket-filterenablefirewallpacket-filterdefaultpermit#ikepeer1exchange-modeaggressivepre-shared-key123id-typenameremote-namezhongxinremote-address202.
38.
1.
1nattraversal#ipsecproposal1#ipsecpolicypol11isakmpsecurityacl3000ike-peer1proposal1#aclnumber3000rule0permitipsource192.
168.
2.
00.
0.
0.
255destination192.
168.
1.
00.
0.
0.
255#interfaceGigabitEthernet0/0ipaddress202.
38.
1.
2255.
255.
255.
0ipsecpolicypol1#interfaceGigabitEthernet0/1ipaddress192.
168.
2.
1255.
255.
255.
0#firewallzonetrustaddinterfaceGigabitEthernet0/1setpriority85#firewallzoneuntrustaddinterfaceGigabitEthernet0/0setpriority5#iproute-static0.
0.
0.
00.
0.
0.
0202.
38.
1.
1preference60#2.
Eudemon200的主要配置#sysnameEudemon200#ikelocal-namezhongxin#firewallpacket-filterdefaultpermitinterzonelocaltrustdirectioninboundfirewallpacket-filterdefaultpermitinterzonelocaltrustdirectionoutboundfirewallpacket-filterdefaultpermitinterzonelocaluntrustdirectioninboundfirewallpacket-filterdefaultpermitinterzonelocaluntrustdirectionoutboundfirewallpacket-filterdefaultpermitinterzonelocalDMZdirectioninboundfirewallpacket-filterdefaultpermitinterzonelocalDMZdirectionoutboundfirewallpacket-filterdefaultpermitinterzonetrustuntrustdirectioninboundfirewallpacket-filterdefaultpermitinterzonetrustuntrustdirectionoutboundfirewallpacket-filterdefaultpermitinterzonetrustDMZdirectioninboundfirewallpacket-filterdefaultpermitinterzonetrustDMZdirectionoutboundfirewallpacket-filterdefaultpermitinterzoneDMZuntrustdirectioninboundfirewallpacket-filterdefaultpermitinterzoneDMZuntrustdirectionoutbound#natalgenableftpnatalgenablednsnatalgenableicmpnatalgenablenetbiosundonatalgenableh323undonatalgenablehwccundonatalgenableilsundonatalgenablepptpundonatalgenableqqundonatalgenablemsnundonatalgenableuser-define#firewallstatisticsystemenable#ikepeer1exchange-modeaggressivepre-shared-key123local-id-typenameremote-namefenzhinattraversal#ipsecproposal1#ipsecpolicy-templatetemp1ike-peer1proposal1#ipsecpolicypol11isakmptemplatetemp#interfaceEthernet0/0/0ipaddress202.
38.
1.
1255.
255.
255.
0ipsecpolicypol1#interfaceEthernet0/0/1ipaddress192.
168.
1.
1255.
255.
255.
0#firewallzonetrustaddinterfaceEthernet0/0/1setpriority85#firewallzoneuntrustaddinterfaceEthernet0/0/0setpriority5#iproute-static0.
0.
0.
00.
0.
0.
0202.
38.
1.
2#四、配置关键点略.
BlueHost主机商年中618活动全场低至五折
BlueHost 主机商在以前做外贸网站的时候还是经常会用到的,想必那时候有做外贸网站或者是选择海外主机的时候还是较多会用BlueHost主机商的。只不过这些年云服务器流行且性价比较高,于是大家可选择商家变多,但是BlueHost在外贸主机用户群中可选的还是比较多的。这次年中618活动大促来袭,毕竟BLUEHOST商家目前中文公司设立在上海,等后面有机会也过去看看。他们也会根据我们的国内年中促销发...
杭州王小玉网-美国CERA 2核8G内存19.9元/月,香港,日本E3/16G/20M CN2带宽150元/月,美国宿主机1500元,国内宿主机1200元
官方网站:点击访问王小玉网络官网活动方案:买美国云服务器就选MF.0220.CN 实力 强 强 强!!!杭州王小玉网络 旗下 魔方资源池 “我亏本你引流活动 ” mf.0220.CNCPU型号内存硬盘美国CERA机房 E5 2696v2 2核心8G30G总硬盘1个独立IP19.9元/月 续费同价mf.0220.CN 购买湖北100G防御 E5 2690v2 4核心4G...
恒创新客(317元)香港云服务器 2M带宽 三网CN2线路直连
恒创科技也有暑期的活动,其中香港服务器也有一定折扣,当然是针对新用户的,如果我们还没有注册过或者可以有办法注册到新用户的,可以买他们家的香港服务器活动价格,2M带宽香港云服务器317元。对于一般用途还是够用的。 活动链接:恒创暑期活动爆款活动均是针对新用户的。1、云服务器仅限首次购买恒创科技产品的新用户。1 核 1G 实例规格,单个账户限购 1台;其他活动机型,单个账户限购 3 台(必须在一个订单...
linux防火墙设置为你推荐
-
腾讯社交效果广告linesns扁豆网易yeahphpwindPHPWind 都有什么功能空间文章空间的文章被人推荐有什么好处dell服务器bios设置dell R410服务器 bios设置参数如何恢复出厂设置?申请支付宝账户如何申请支付宝账户银花珠树晓来看用黄皮比喻心酸的诗句科创板首批名单江苏北人的机器人在同行中的评价怎么样?3g手机有哪些什么样的手机属于3G手机?