H3CTE安全试验整理Word文档格式.docx
- 文档编号:22565281
- 上传时间:2023-02-04
- 格式:DOCX
- 页数:21
- 大小:95.33KB
H3CTE安全试验整理Word文档格式.docx
《H3CTE安全试验整理Word文档格式.docx》由会员分享,可在线阅读,更多相关《H3CTE安全试验整理Word文档格式.docx(21页珍藏版)》请在冰豆网上搜索。
10..1Headquarters-VPDN-LNS21
10..2LAC-VPDN22
1ISP
[ISP]discur
Nowcreateconfiguration...
Currentconfiguration
!
version1.74
firewallenable
sysnameISP
interfaceAux0
asyncmodeflow
link-protocolppp
interfaceEthernet0
ipaddress20.0.0.1255.255.255.0
interfaceSerial0
ipaddress202.0.0.1255.255.255.252
interfaceSerial1
clockDTECLK3
ipaddress202.0.0.5255.255.255.252
interfaceSerial2
ipaddress202.0.0.9255.255.255.252
interfaceSerial3
ipaddress202.0.0.13255.255.255.252
return
2Headquarters
[Headquarters]discur
undologintelnet
local-userftpservice-typeftppasswordsimpleftp
local-uservpdnuser@service-typeppppasswordsimplevpdnuser
local-userwin2000@service-typeppppasswordsimplewin2000
l2tpenable
ippool110.0.5.310.0.5.254
info-centerconsole
aaa-enable
aaaauthentication-schemepppdefaultlocal
aaaauthentication-schemelogindefaultlocal
aaaaccounting-schemeoptional
sysnameHeadquarters
ftp-serverenable
undoidle-timeout
ikepre-shared-keyHeadquartersandbranch2remote10.0.4.6
ikepre-shared-keyHeadquartersandbranch1remote10.0.4.2
acl1match-orderauto//NAT
rulenormalpermitsource10.0.0.00.255.255.255
rulenormaldenysourceany
acl101match-orderauto
rulenormalpermitipsource10.0.0.00.255.255.255destination10.0.0.00.255.255.255
rulenormaldenyipsourceanydestinationany
acl102match-orderauto
ipsecproposalToBranch1
ipsecproposalToBranch2
ipsecpolicyToBranch11isakmp
securityacl101
proposalToBranch1
tunnelremote10.0.4.2
ipsecpolicyToBranch22isakmp
securityacl102
proposalToBranch2
tunnelremote10.0.4.6
ipaddress10.0.0.1255.255.255.0
ospfenablearea0.0.0.0
clockDTECLK1
ipaddress202.0.0.2255.255.255.252
natoutbound1interface//NAT
interfaceTunnel1
link-protocoltunnel
ipaddress10.0.4.1255.255.255.252
ospfpeer10.0.4.2
ipsecpolicyToBranch1应用ipsecpolicy
source202.0.0.2
destination202.0.0.6
interfaceTunnel2
ipaddress10.0.4.5255.255.255.252
ospfpeer10.0.4.6
ipsecpolicyToBranch2应用ipsecpolicy
destination202.0.0.10
interfaceVirtual-Template1
pppauthentication-modepap
remoteaddresspool1
ipaddress10.0.5.1255.255.255.0
undoipfast-forwarding
l2tp-group1
allowl2tpvirtual-template1remotevpdnlac
mandatory-chap
tunnelnamevpdnlns
tunnelpasswordsimplevpdnlab
quit
ospfenable
iproute-static0.0.0.00.0.0.0Serial0preference60
iproute-static10.0.7.0255.255.255.010.0.5.3preference60
3branch1
[branch1]discur
undologincon
ttyenable
sysnamebranch1
ikepre-shared-keyHeadquartersandbranch1remote10.0.4.1
acl101match-orderauto
acl102match-orderauto//限制B1与B2互访
rulenormalpermitipsource10.0.1.00.0.0.255destination10.0.0.00.0.0.255
rulenormalpermitospfsourceanydestinationany
rulenormalpermitudpsourceanysource-portequal500destinationanydestination-portequal500
rulenormalpermit50sourceanydestinationany
ipsecproposalToHeadquarters
ipsecpolicyToHeadquarters1isakmp
proposalToHeadquarters
tunnelremote10.0.4.1
ipaddress10.0.1.1255.255.255.0
ipaddress202.0.0.6255.255.255.252
interfaceTunnel0
ipaddress10.0.4.2255.255.255.252
firewallpacket-filter102outbound//控制B1和B2互访
ospfpeer10.0.4.1
ipsecpolicyToHeadquarters
source202.0.0.6
destination202.0.0.2
iproute-static0.0.0.00.0.0.0Tunnel1preference60
iproute-static202.0.0.2255.255.255.255Serial0preference60
4branch2
[branch2]discur
sysnamebranch2
ikepre-shared-keyHeadquartersandbranch2remote10.0.4.5
ipsecpolicyToHeadquarters2isakmp
tunnelremote10.0.4.5
ipaddress10.0.2.1255.255.255.0
ipaddress202.0.0.10255.255.255.252
ipaddress10.0.4.6255.255.255.252
ospfpeer10.0.4.5
source202.0.0.10
5LAC
[LAC]discur
local-uservpdnuser@service-typeppppasswordsimplevpdnuser
local-userwin2000@service-typeppppasswordsimplewin2000
l2tpmatch-orderdomain
l2tpdomainsuffix-separator@
sysnameLAC
ipaddress10.0.8.1255.255.255.0
ipaddress202.0.0.14255.255.255.252
pppauthentication-modepap//L2TP拨号
interfaceSerial2//VPDN拨号
physical-modeasync
modem
asyncmodeprotocol
pppauthentication-modepap
//这个接口是不是需要地址?
startl2tpip202.0.0.2domain
tunnelnamevpdnlac
6vpdnuser
[vpdnuser]discur
version1.44
sysnamevpdnuser
ipaddress10.0.7.1255.255.255.0
pppchapuservpdnuser@
pppchappasswordsimplevpdnuser
ppppaplocal-uservpdnuser@passwordsimplevpdnuser
ipaddressppp-negotiate//和谁协商?
interfaceBri0
dialerenable-circular
完成上述配置之后,可以用组网需求描述中介绍的方法来验证一下是否达到了网络需求。
7GRE+IPSec-B1
7.1.1Headquarters-Branch1
//对端TunnelIP
tunnelremote10.0.4.2
iproute-static0.0.0.00.0.0.0Serial0preference60
7.1.2Branch1
8GRE+IPSec-B2
8.1.1Headquarters-Branch2
ikepre-shared-keyHeadquartersandbranch2remote10.0.4.6
acl1match-orderauto
ipsecproposal
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- H3CTE 安全 试验 整理