cisco asa5520 和H3C SecPath做IPSEC VPN问题

发布网友 发布时间：2024-08-18 21:14

我来回答

共2个回答

热心网友 时间：2024-10-02 02:26

你哪些看不懂呢

热心网友 时间：2024-10-02 02:26

这个是总部H3C SecPath设备的配置命令,
因为输入字数超过了,所以我用小号 补充问题！

#
sysname zongbu
#
l2tp enable
#
ike local-name zongbu
#
firewall packet-filter enable
firewall packet-filter default permit
#
insulate
#
firewall statistic system enable
#
radius scheme system
server-type extended
#
domain l2tp
ip pool 1 192.168.188.2 192.168.188.30
domain system
#
local-user admin
password simple *******
service-type telnet
level 3
local-user dini
password simple *********
service-type telnet
level 3
local-user dini001
password simple *******
service-type ppp
local-user dini002
password simple *******
service-type ppp
local-user dini003
password simple *******
service-type ppp
#
ike proposal 1
#
ike dpd 1
#
ike peer fz
exchange-mode aggressive
pre-shared-key ****************
id-type name
remote-name fenzhi
nat traversal
dpd 1
#
ipsec proposal 1
#
ipsec policy fz 10 isakmp
security acl 3001
ike-peer fz
proposal 1
#
acl number 3000
rule 0 deny ip source 192.168.10.0 0.0.0.255 destination 192.168.1.0 0.0.0.255
rule 1 permit ip source 192.168.10.17 0
rule 2 permit ip source 192.168.10.18 0
rule 4 permit ip source 192.168.10.19 0
rule 5 permit ip source 192.168.10.20 0
rule 7 permit ip source 192.168.10.16 0
rule 9 permit ip source 192.168.10.15 0
rule 10 permit ip source 192.168.10.21 0
rule 12 permit ip source 192.168.10.14 0
rule 14 permit ip source 192.168.10.13 0
rule 15 permit ip source 192.168.10.22 0
rule 17 permit ip source 192.168.10.12 0
rule 19 permit ip source 192.168.10.11 0
rule 20 permit ip source 192.168.10.23 0
rule 22 permit ip source 192.168.10.10 0
rule 24 permit ip source 192.168.10.9 0
rule 25 permit ip source 192.168.10.24 0
rule 27 permit ip source 192.168.10.8 0
rule 29 permit ip source 192.168.10.7 0
rule 30 permit ip source 192.168.10.25 0
rule 32 permit ip source 192.168.10.6 0
rule 34 permit ip source 192.168.10.5 0
rule 35 permit ip source 192.168.10.26 0
rule 37 permit ip source 192.168.10.4 0
rule 39 permit ip source 192.168.10.3 0
rule 40 permit ip source 192.168.10.27 0
rule 42 permit ip source 192.168.10.2 0
rule 45 permit ip source 192.168.10.28 0
rule 46 permit ip source 192.168.10.29 0
rule 47 permit ip source 192.168.10.30 0
rule 48 permit ip source 192.168.188.0 0.0.0.255
rule 50 deny ip
acl number 3001
rule 0 permit ip source 192.168.10.0 0.0.0.255 destination 192.168.1.0 0.0.0.255
acl number 3002
#
interface Virtual-Template0
ppp authentication-mode pap domain l2tp
ppp pap local-user test password simple test
ip address 192.168.188.1 255.255.255.0
remote address pool 1
#
interface Aux0
async mode flow
#
interface Ethernet0/0
ip address 192.168.10.1 255.255.255.0
firewall packet-filter 3001 outbound
#
interface Ethernet0/1
#
interface Ethernet0/2
#
interface Ethernet0/3
#
interface Ethernet1/0
ip address 1.85.4.162 255.255.255.248
firewall packet-filter 3001 outbound
nat outbound 3000
nat server protocol tcp global 1.85.4.162 11901 inside 192.168.10.28 11901
nat server protocol tcp global 1.85.4.162 11902 inside 192.168.10.28 11902
nat server protocol udp global 1.85.4.162 11901 inside 192.168.10.28 11901
nat server protocol udp global 1.85.4.162 11902 inside 192.168.10.28 11902
nat server protocol tcp global 1.85.4.162 9000 inside 192.168.10.27 9000
ipsec policy fz
#
interface Ethernet1/1
#
interface Ethernet1/2
#
interface Encrypt2/0
#
interface NULL0
#
firewall zone local
set priority 100
#
firewall zone trust
add interface Ethernet0/0
add interface Ethernet0/1
add interface Ethernet0/2
add interface Ethernet0/3
add interface Ethernet1/0
add interface Virtual-Template0
set priority 85
#
firewall zone untrust
set priority 5
#
firewall zone DMZ
set priority 50
#
firewall interzone local trust
#
firewall interzone local untrust
#
firewall interzone local DMZ
#
firewall interzone trust untrust
#
firewall interzone trust DMZ
#
firewall interzone DMZ untrust
#
l2tp-group 1
undo tunnel authentication
mandatory-lcp
allow l2tp virtual-template 0
#
ip route-static 0.0.0.0 0.0.0.0 1.85.4.161 preference 60
#
user-interface con 0
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
#
return