防火墙linux防火墙设置
linux防火墙设置 时间:2021-04-14 阅读:()
知赵彪2007-11-28发表SecPath防火墙和Eudemon防火墙实现IPSEC互通的典型配置SecPath防火墙和Eudemon防火墙实现IPSEC互通的典型配置一、组网需求:SecPath防火墙和Eudemon防火墙做IPSECVPN互通.
二、组网图三、配置信息1.
SecPathF1000-A的主要配置#sysnameSecPathF1000-A#ikelocal-namefenzhi#firewallpacket-filterenablefirewallpacket-filterdefaultpermit#ikepeer1exchange-modeaggressivepre-shared-key123id-typenameremote-namezhongxinremote-address202.
38.
1.
1nattraversal#ipsecproposal1#ipsecpolicypol11isakmpsecurityacl3000ike-peer1proposal1#aclnumber3000rule0permitipsource192.
168.
2.
00.
0.
0.
255destination192.
168.
1.
00.
0.
0.
255#interfaceGigabitEthernet0/0ipaddress202.
38.
1.
2255.
255.
255.
0ipsecpolicypol1#interfaceGigabitEthernet0/1ipaddress192.
168.
2.
1255.
255.
255.
0#firewallzonetrustaddinterfaceGigabitEthernet0/1setpriority85#firewallzoneuntrustaddinterfaceGigabitEthernet0/0setpriority5#iproute-static0.
0.
0.
00.
0.
0.
0202.
38.
1.
1preference60#2.
Eudemon200的主要配置#sysnameEudemon200#ikelocal-namezhongxin#firewallpacket-filterdefaultpermitinterzonelocaltrustdirectioninboundfirewallpacket-filterdefaultpermitinterzonelocaltrustdirectionoutboundfirewallpacket-filterdefaultpermitinterzonelocaluntrustdirectioninboundfirewallpacket-filterdefaultpermitinterzonelocaluntrustdirectionoutboundfirewallpacket-filterdefaultpermitinterzonelocalDMZdirectioninboundfirewallpacket-filterdefaultpermitinterzonelocalDMZdirectionoutboundfirewallpacket-filterdefaultpermitinterzonetrustuntrustdirectioninboundfirewallpacket-filterdefaultpermitinterzonetrustuntrustdirectionoutboundfirewallpacket-filterdefaultpermitinterzonetrustDMZdirectioninboundfirewallpacket-filterdefaultpermitinterzonetrustDMZdirectionoutboundfirewallpacket-filterdefaultpermitinterzoneDMZuntrustdirectioninboundfirewallpacket-filterdefaultpermitinterzoneDMZuntrustdirectionoutbound#natalgenableftpnatalgenablednsnatalgenableicmpnatalgenablenetbiosundonatalgenableh323undonatalgenablehwccundonatalgenableilsundonatalgenablepptpundonatalgenableqqundonatalgenablemsnundonatalgenableuser-define#firewallstatisticsystemenable#ikepeer1exchange-modeaggressivepre-shared-key123local-id-typenameremote-namefenzhinattraversal#ipsecproposal1#ipsecpolicy-templatetemp1ike-peer1proposal1#ipsecpolicypol11isakmptemplatetemp#interfaceEthernet0/0/0ipaddress202.
38.
1.
1255.
255.
255.
0ipsecpolicypol1#interfaceEthernet0/0/1ipaddress192.
168.
1.
1255.
255.
255.
0#firewallzonetrustaddinterfaceEthernet0/0/1setpriority85#firewallzoneuntrustaddinterfaceEthernet0/0/0setpriority5#iproute-static0.
0.
0.
00.
0.
0.
0202.
38.
1.
2#四、配置关键点略.
二、组网图三、配置信息1.
SecPathF1000-A的主要配置#sysnameSecPathF1000-A#ikelocal-namefenzhi#firewallpacket-filterenablefirewallpacket-filterdefaultpermit#ikepeer1exchange-modeaggressivepre-shared-key123id-typenameremote-namezhongxinremote-address202.
38.
1.
1nattraversal#ipsecproposal1#ipsecpolicypol11isakmpsecurityacl3000ike-peer1proposal1#aclnumber3000rule0permitipsource192.
168.
2.
00.
0.
0.
255destination192.
168.
1.
00.
0.
0.
255#interfaceGigabitEthernet0/0ipaddress202.
38.
1.
2255.
255.
255.
0ipsecpolicypol1#interfaceGigabitEthernet0/1ipaddress192.
168.
2.
1255.
255.
255.
0#firewallzonetrustaddinterfaceGigabitEthernet0/1setpriority85#firewallzoneuntrustaddinterfaceGigabitEthernet0/0setpriority5#iproute-static0.
0.
0.
00.
0.
0.
0202.
38.
1.
1preference60#2.
Eudemon200的主要配置#sysnameEudemon200#ikelocal-namezhongxin#firewallpacket-filterdefaultpermitinterzonelocaltrustdirectioninboundfirewallpacket-filterdefaultpermitinterzonelocaltrustdirectionoutboundfirewallpacket-filterdefaultpermitinterzonelocaluntrustdirectioninboundfirewallpacket-filterdefaultpermitinterzonelocaluntrustdirectionoutboundfirewallpacket-filterdefaultpermitinterzonelocalDMZdirectioninboundfirewallpacket-filterdefaultpermitinterzonelocalDMZdirectionoutboundfirewallpacket-filterdefaultpermitinterzonetrustuntrustdirectioninboundfirewallpacket-filterdefaultpermitinterzonetrustuntrustdirectionoutboundfirewallpacket-filterdefaultpermitinterzonetrustDMZdirectioninboundfirewallpacket-filterdefaultpermitinterzonetrustDMZdirectionoutboundfirewallpacket-filterdefaultpermitinterzoneDMZuntrustdirectioninboundfirewallpacket-filterdefaultpermitinterzoneDMZuntrustdirectionoutbound#natalgenableftpnatalgenablednsnatalgenableicmpnatalgenablenetbiosundonatalgenableh323undonatalgenablehwccundonatalgenableilsundonatalgenablepptpundonatalgenableqqundonatalgenablemsnundonatalgenableuser-define#firewallstatisticsystemenable#ikepeer1exchange-modeaggressivepre-shared-key123local-id-typenameremote-namefenzhinattraversal#ipsecproposal1#ipsecpolicy-templatetemp1ike-peer1proposal1#ipsecpolicypol11isakmptemplatetemp#interfaceEthernet0/0/0ipaddress202.
38.
1.
1255.
255.
255.
0ipsecpolicypol1#interfaceEthernet0/0/1ipaddress192.
168.
1.
1255.
255.
255.
0#firewallzonetrustaddinterfaceEthernet0/0/1setpriority85#firewallzoneuntrustaddinterfaceEthernet0/0/0setpriority5#iproute-static0.
0.
0.
00.
0.
0.
0202.
38.
1.
2#四、配置关键点略.
CloudCone:洛杉矶MC机房KVM月付1.99美元起,支持支付宝/PayPal
CloudCone是一家成立于2017年的国外VPS主机商,提供独立服务器租用和VPS主机,其中VPS基于KVM架构,多个不同系列,譬如常规VPS、大硬盘VPS等等,数据中心在洛杉矶MC机房。商家2021年Flash Sale活动继续,最低每月1.99美元,支持7天退款到账户,支持使用PayPal或者支付宝付款,先充值后下单的方式。下面列出几款VPS主机配置信息。CPU:1core内存:768MB...
ProfitServer折优惠西班牙vps,荷兰vps,德国vps,5折优惠,不限制流量
profitserver正在对德国vps(法兰克福)、西班牙vps(马德里)、荷兰vps(杜廷赫姆)这3处数据中心内的VPS进行5折优惠促销。所有VPS基于KVM虚拟,纯SSD阵列,自带一个IPv4,不限制流量,在后台支持自定义ISO文件,方便大家折腾!此外还有以下数据中心:俄罗斯(多机房)、捷克、保加利亚、立陶宛、新加坡、美国(洛杉矶、锡考克斯、迈阿密)、瑞士、波兰、乌克兰,VPS和前面的一样性...
VPS云服务器GT线路,KVM虚vps消息CloudCone美国洛杉矶便宜年付VPS云服务器补货14美元/年
近日CloudCone发布了最新的补货消息,针对此前新年闪购年付便宜VPS云服务器计划方案进行了少量补货,KVM虚拟架构,美国洛杉矶CN2 GT线路,1Gbps带宽,最低3TB流量,仅需14美元/年,有需要国外便宜美国洛杉矶VPS云服务器的朋友可以尝试一下。CloudCone怎么样?CloudCone服务器好不好?CloudCone值不值得购买?CloudCone是一家成立于2017年的美国服务器...
linux防火墙设置为你推荐
-
单位企业2019支付宝五福支付宝5褔过了开奖时间怎么办conn.aspconn.asp 在哪打开?应该怎样打开?163yeahyeah邮箱和163邮箱的区别在哪里 那个好用人人视频总部基地落户重庆迁户口入重庆大飞资讯单仁资讯集团怎么样爱买网超艾比安高达厉害吗,今天在网上看到的万代的果断入手了,168贵吗,不知道这款高达厉不厉害电子商务世界世界前十大电子商务企业名字35互联在中国哪家服务商提供的企业邮箱好呢?discuz7 2discuz X2.5帖子中图片位置 discuz X2.5论坛中发布帖子,上传图片,图片的位置全部都在文章下面