防火墙linux防火墙设置
linux防火墙设置 时间:2021-04-14 阅读:()
知赵彪2007-11-28发表SecPath防火墙和Eudemon防火墙实现IPSEC互通的典型配置SecPath防火墙和Eudemon防火墙实现IPSEC互通的典型配置一、组网需求:SecPath防火墙和Eudemon防火墙做IPSECVPN互通.
二、组网图三、配置信息1.
SecPathF1000-A的主要配置#sysnameSecPathF1000-A#ikelocal-namefenzhi#firewallpacket-filterenablefirewallpacket-filterdefaultpermit#ikepeer1exchange-modeaggressivepre-shared-key123id-typenameremote-namezhongxinremote-address202.
38.
1.
1nattraversal#ipsecproposal1#ipsecpolicypol11isakmpsecurityacl3000ike-peer1proposal1#aclnumber3000rule0permitipsource192.
168.
2.
00.
0.
0.
255destination192.
168.
1.
00.
0.
0.
255#interfaceGigabitEthernet0/0ipaddress202.
38.
1.
2255.
255.
255.
0ipsecpolicypol1#interfaceGigabitEthernet0/1ipaddress192.
168.
2.
1255.
255.
255.
0#firewallzonetrustaddinterfaceGigabitEthernet0/1setpriority85#firewallzoneuntrustaddinterfaceGigabitEthernet0/0setpriority5#iproute-static0.
0.
0.
00.
0.
0.
0202.
38.
1.
1preference60#2.
Eudemon200的主要配置#sysnameEudemon200#ikelocal-namezhongxin#firewallpacket-filterdefaultpermitinterzonelocaltrustdirectioninboundfirewallpacket-filterdefaultpermitinterzonelocaltrustdirectionoutboundfirewallpacket-filterdefaultpermitinterzonelocaluntrustdirectioninboundfirewallpacket-filterdefaultpermitinterzonelocaluntrustdirectionoutboundfirewallpacket-filterdefaultpermitinterzonelocalDMZdirectioninboundfirewallpacket-filterdefaultpermitinterzonelocalDMZdirectionoutboundfirewallpacket-filterdefaultpermitinterzonetrustuntrustdirectioninboundfirewallpacket-filterdefaultpermitinterzonetrustuntrustdirectionoutboundfirewallpacket-filterdefaultpermitinterzonetrustDMZdirectioninboundfirewallpacket-filterdefaultpermitinterzonetrustDMZdirectionoutboundfirewallpacket-filterdefaultpermitinterzoneDMZuntrustdirectioninboundfirewallpacket-filterdefaultpermitinterzoneDMZuntrustdirectionoutbound#natalgenableftpnatalgenablednsnatalgenableicmpnatalgenablenetbiosundonatalgenableh323undonatalgenablehwccundonatalgenableilsundonatalgenablepptpundonatalgenableqqundonatalgenablemsnundonatalgenableuser-define#firewallstatisticsystemenable#ikepeer1exchange-modeaggressivepre-shared-key123local-id-typenameremote-namefenzhinattraversal#ipsecproposal1#ipsecpolicy-templatetemp1ike-peer1proposal1#ipsecpolicypol11isakmptemplatetemp#interfaceEthernet0/0/0ipaddress202.
38.
1.
1255.
255.
255.
0ipsecpolicypol1#interfaceEthernet0/0/1ipaddress192.
168.
1.
1255.
255.
255.
0#firewallzonetrustaddinterfaceEthernet0/0/1setpriority85#firewallzoneuntrustaddinterfaceEthernet0/0/0setpriority5#iproute-static0.
0.
0.
00.
0.
0.
0202.
38.
1.
2#四、配置关键点略.
二、组网图三、配置信息1.
SecPathF1000-A的主要配置#sysnameSecPathF1000-A#ikelocal-namefenzhi#firewallpacket-filterenablefirewallpacket-filterdefaultpermit#ikepeer1exchange-modeaggressivepre-shared-key123id-typenameremote-namezhongxinremote-address202.
38.
1.
1nattraversal#ipsecproposal1#ipsecpolicypol11isakmpsecurityacl3000ike-peer1proposal1#aclnumber3000rule0permitipsource192.
168.
2.
00.
0.
0.
255destination192.
168.
1.
00.
0.
0.
255#interfaceGigabitEthernet0/0ipaddress202.
38.
1.
2255.
255.
255.
0ipsecpolicypol1#interfaceGigabitEthernet0/1ipaddress192.
168.
2.
1255.
255.
255.
0#firewallzonetrustaddinterfaceGigabitEthernet0/1setpriority85#firewallzoneuntrustaddinterfaceGigabitEthernet0/0setpriority5#iproute-static0.
0.
0.
00.
0.
0.
0202.
38.
1.
1preference60#2.
Eudemon200的主要配置#sysnameEudemon200#ikelocal-namezhongxin#firewallpacket-filterdefaultpermitinterzonelocaltrustdirectioninboundfirewallpacket-filterdefaultpermitinterzonelocaltrustdirectionoutboundfirewallpacket-filterdefaultpermitinterzonelocaluntrustdirectioninboundfirewallpacket-filterdefaultpermitinterzonelocaluntrustdirectionoutboundfirewallpacket-filterdefaultpermitinterzonelocalDMZdirectioninboundfirewallpacket-filterdefaultpermitinterzonelocalDMZdirectionoutboundfirewallpacket-filterdefaultpermitinterzonetrustuntrustdirectioninboundfirewallpacket-filterdefaultpermitinterzonetrustuntrustdirectionoutboundfirewallpacket-filterdefaultpermitinterzonetrustDMZdirectioninboundfirewallpacket-filterdefaultpermitinterzonetrustDMZdirectionoutboundfirewallpacket-filterdefaultpermitinterzoneDMZuntrustdirectioninboundfirewallpacket-filterdefaultpermitinterzoneDMZuntrustdirectionoutbound#natalgenableftpnatalgenablednsnatalgenableicmpnatalgenablenetbiosundonatalgenableh323undonatalgenablehwccundonatalgenableilsundonatalgenablepptpundonatalgenableqqundonatalgenablemsnundonatalgenableuser-define#firewallstatisticsystemenable#ikepeer1exchange-modeaggressivepre-shared-key123local-id-typenameremote-namefenzhinattraversal#ipsecproposal1#ipsecpolicy-templatetemp1ike-peer1proposal1#ipsecpolicypol11isakmptemplatetemp#interfaceEthernet0/0/0ipaddress202.
38.
1.
1255.
255.
255.
0ipsecpolicypol1#interfaceEthernet0/0/1ipaddress192.
168.
1.
1255.
255.
255.
0#firewallzonetrustaddinterfaceEthernet0/0/1setpriority85#firewallzoneuntrustaddinterfaceEthernet0/0/0setpriority5#iproute-static0.
0.
0.
00.
0.
0.
0202.
38.
1.
2#四、配置关键点略.
Vinahost - 越南VPS主机商月6美元 季付以上赠送时长最多半年
Vinahost,这个主机商还是第一次介绍到,翻看商家的介绍信息,是一家成立于2008年的老牌越南主机商,业务涵盖网站设计、域名、SSL证书、电子邮箱、虚拟主机、越南VPS、云计算、越南服务器出租以及设备托管等,机房主要在越南胡志明市的Viettle和VNPT数据中心,其中VNPT数据中心对于国内是三网直连,速度优。类似很多海外主机商一样,希望拓展自己的业务,必须要降价优惠或者增加机房迎合需求用户...
Sharktech$129/月,1Gbps不限流量,E5-2678v3(24核48线程)
Sharktech最近洛杉矶和丹佛低价配置大部分都无货了,只有荷兰机房还有少量库存,商家又提供了两款洛杉矶特价独立服务器,价格不错,CPU/内存/硬盘都是高配,1-10Gbps带宽不限流量最低129美元/月起。鲨鱼机房(Sharktech)我们也叫它SK机房,是一家成立于2003年的老牌国外主机商,提供的产品包括独立服务器租用、VPS主机等,自营机房在美国洛杉矶、丹佛、芝加哥和荷兰阿姆斯特丹等,主...
wordpress投资主题模版 白银黄金贵金属金融投资网站主题
wordpress投资主题模版是一套适合白银、黄金、贵金属投资网站主题模板,绿色大气金融投资类网站主题,专业高级自适应多设备企业CMS建站主题 完善的外贸企业建站功能模块 + 高效通用的后台自定义设置,简洁大气的网站风格设计 + 更利于SEO搜索优化和站点收录排名!点击进入:wordpress投资主题模版安装环境:运行环境:PHP 7.0+, MYSQL 5.6 ( 最低主机需求 )最新兼容:完美...
linux防火墙设置为你推荐
-
重庆网络公司一九互联重庆畅融科技有限公司怎么样?重庆电信断网为什么重庆电信沙坪坝天星桥这网络老是掉线滴滴估值500亿滴滴流水每天280元一个月下来能赚 多少银花珠树晓来看下雪喝酒的诗句2828商机网28商机网适合年轻人做的项目??青岛网通测速中国联通宽带,青岛地区咋样,与网通有啥区别123456hdAPP上面带有HD是啥意思oa办公软件价格一套OA办公系统多少钱免费代理加盟免费加盟代销怎么回事,能具体介绍下么discuz伪静态DZ怎么开启全站伪静态