JUNIPER双线拨号***配置

a616652325

　　以下配置是JUNIPER双线拨号***配置：
　　set clock timezone 0
　　set vrouter trust-vr sharable
　　set vrouter "untrust-vr"
　　exit
　　set vrouter "trust-vr"
　　unset auto-route-export
　　exit
　　set alg appleichat enable
　　unset alg appleichat re-assembly enable
　　set alg sctp enable

　　set auth-server "Local">　　set auth-server "Local" server-name "Local"
　　set auth default auth server "Local"
　　set auth radius accounting port 1646
　　set admin name "netscreen"
　　set admin password "nKVUM2rwMUzPcrkG5sWIHdCtqkAibn"
　　set admin auth web timeout 10
　　set admin auth server "Local"
　　set admin format dos
　　set zone "Trust" vrouter "trust-vr"
　　set zone "Untrust" vrouter "trust-vr"
　　set zone "DMZ" vrouter "trust-vr"
　　set zone "VLAN" vrouter "trust-vr"
　　set zone "Untrust-Tun" vrouter "trust-vr"
　　set zone "Trust" tcp-rst
　　set zone "Untrust" block
　　unset zone "Untrust" tcp-rst
　　set zone "MGT" block
　　unset zone "V1-Trust" tcp-rst
　　unset zone "V1-Untrust" tcp-rst
　　set zone "DMZ" tcp-rst
　　unset zone "V1-DMZ" tcp-rst
　　unset zone "VLAN" tcp-rst
　　set zone "Untrust" screen tear-drop
　　set zone "Untrust" screen syn-flood
　　set zone "Untrust" screen ping-death
　　set zone "Untrust" screen ip-filter-src
　　set zone "Untrust" screen land
　　set zone "V1-Untrust" screen tear-drop
　　set zone "V1-Untrust" screen syn-flood
　　set zone "V1-Untrust" screen ping-death
　　set zone "V1-Untrust" screen ip-filter-src
　　set zone "V1-Untrust" screen land
　　set interface "ethernet0/0" zone "Trust"
　　set interface "ethernet0/1" zone "DMZ"
　　set interface "ethernet0/2" zone "Untrust"
　　set interface "ethernet0/3" zone "Trust"
　　set interface "ethernet0/4" zone "Untrust"
　　set interface ethernet0/0 ip 192.168.1.1/24
　　set interface ethernet0/0 nat
　　unset interface vlan1 ip
　　set interface ethernet0/2 ip 公网IP
　　set interface ethernet0/2 route
　　set interface ethernet0/3 ip 192.168.0.1/24
　　set interface ethernet0/3 nat
　　set interface ethernet0/4 ip 公网IP
　　set interface ethernet0/4 route
　　set interface "ethernet0/2" pmtu ipv4
　　set interface "ethernet0/3" pmtu ipv4
　　set interface "ethernet0/4" pmtu ipv4
　　unset interface vlan1 bypass-others-ipsec
　　unset interface vlan1 bypass-non-ip
　　set interface ethernet0/0 ip manageable
　　set interface ethernet0/2 ip manageable
　　set interface ethernet0/3 ip manageable
　　set interface ethernet0/4 ip manageable
　　set interface ethernet0/2 manage ping
　　set interface ethernet0/2 manage ssh
　　set interface ethernet0/2 manage telnet
　　set interface ethernet0/2 manage snmp
　　set interface ethernet0/2 manage ssl
　　set interface ethernet0/2 manage web

　　set interface ethernet0/2 manage>　　unset interface ethernet0/3 manage ssl
　　set interface ethernet0/4 manage ping
　　set interface ethernet0/4 manage ssh
　　set interface ethernet0/4 manage telnet
　　set interface ethernet0/4 manage snmp
　　set interface ethernet0/4 manage ssl
　　set interface ethernet0/4 manage web
　　set interface ethernet0/3 dhcp server service
　　set interface ethernet0/3 dhcp server enable
　　set interface ethernet0/3 dhcp server option lease 1440000
　　set interface ethernet0/3 dhcp server option gateway 192.168.0.1
　　set interface ethernet0/3 dhcp server option netmask 255.255.255.0
　　set interface ethernet0/3 dhcp server option dns1 202.101.172.35
　　set interface ethernet0/3 dhcp server option dns2 202.101.172.47
　　unset interface ethernet0/3 dhcp server config next-server-ip
　　unset interface ethernet0/3 dhcp server config updatable
　　set flow all-tcp-mss 1304
　　unset flow no-tcp-seq-check
　　set flow tcp-syn-check
　　unset flow tcp-syn-bit-check
　　set flow reverse-route clear-text prefer
　　set flow reverse-route tunnel always
　　set pki authority default scep mode "auto"
　　set pki x509 default cert-path partial
　　set ippool "L2TP_Pool" 10.0.0.1 10.0.0.250
　　set ippool "财务地址组" 192.168.0.190 192.168.0.210
　　set user "csf" uid 9
　　set user "csf" type l2tp
　　set user "csf" password "6+qJLYZaNYsgZLsSaGCuds3kIKnHz7z7iw=="
　　unset user "csf" type auth
　　set user "csf" "enable"
　　set user "fbs" uid 10
　　set user "fbs" type l2tp
　　set user "fbs" remote ippool "L2TP_Pool"
　　set user "fbs" password "UllUKVbwNncfG6sU7MCceBi8Qkn5DWhJIw=="
　　unset user "fbs" type auth
　　set user "fbs" "enable"
　　set user "shange" uid 1
　　set user "shange" type l2tp
　　set user "shange" remote ippool "L2TP_Pool"
　　set user "shange" password "at4Ph9AQNTMQVCsRE3CpZhMNudn3UfNNCg=="
　　unset user "shange" type auth
　　set user "shange" "enable"
　　set user "test" uid 2
　　set user "test" type l2tp
　　set user "test" password "uW0V9qXVNNFgmfs95ACVnvidmvn59wO/6g=="
　　unset user "test" type auth
　　set user "test" "enable"
　　set user "tyl" uid 8
　　set user "tyl" type l2tp
　　set user "tyl" password "LZwdJlsANPJ9GUsYSuCh+EjW0Hn77DAWhg=="
　　unset user "tyl" type auth
　　set user "tyl" "enable"
　　set user "wenyiguan" uid 7
　　set user "wenyiguan" type l2tp
　　set user "wenyiguan" remote ippool "L2TP_Pool"
　　set user "wenyiguan" password "YTpo/vFuNYQ85/s+YKCBKriBmvnmuZREeQ=="
　　unset user "wenyiguan" type auth
　　set user "wenyiguan" "enable"

　　set user-group "L2TP_Group">　　set user-group "L2TP_Group" user "@#￥"
　　set crypto-policy
　　exit
　　set ike respond-bad-spi 1
　　set ike ikev2 ike-sa-soft-lifetime 60
　　unset ike ikeid-enumeration
　　unset ike dos-protection
　　unset ipsec access-session enable
　　set ipsec access-session maximum 5000
　　set ipsec access-session upper-threshold 0
　　set ipsec access-session lower-threshold 0
　　set ipsec access-session dead-p2-sa-timeout 0
　　unset ipsec access-session log-error
　　unset ipsec access-session info-exch-connected
　　unset ipsec access-session use-error-log
　　set vrouter "untrust-vr"
　　exit
　　set vrouter "trust-vr"
　　exit
　　set l2tp default dns1 202.101.172.35
　　set l2tp default dns2 202.101.172.46
　　set l2tp default ippool "L2TP_Pool"

　　set l2tp "L2TP_Tunnel">　　set l2tp "L2TP_Tunnel" remote-setting ippool "L2TP_Pool"
　　set l2tp "L2TP_Tunnel" auth server "Local" user-group "L2TP_Group"
　　set url protocol websense
　　exit

　　set policy>
　　set policy>　　exit

　　set policy>
　　set policy>　　exit
　　set pppoe name "PPPOE"
　　set pppoe name "PPPOE" username "宽带账号" password "t2f97XW+NI9uqgs1NYC5B+rRrwnEfqu4bQ=="
　　set pppoe name "PPPOE" interface ethernet0/2
　　set pppoe name "PPPoE2"
　　set pppoe name "PPPoE2" username "宽带账号" password "zEYhFTRGN+I93csLvOCU5mF3bfn8ckzorw=="
　　set pppoe name "PPPoE2" interface ethernet0/4
　　set nsmgmt bulkcli reboot-timeout 60
　　set ssh version v2
　　set config lock timeout 5
　　unset license-key auto-update
　　set telnet client enable
　　set snmp port listen 161
　　set snmp port trap 162
　　set vrouter "untrust-vr"
　　exit
　　set vrouter "trust-vr"
　　set source-routing enable
　　unset add-default-route
　　set route source 192.168.0.190/32 interface ethernet0/4
　　set route source 192.168.0.191/32 interface ethernet0/4
　　exit
　　set vrouter "untrust-vr"
　　exit
　　set vrouter "trust-vr"
　　exit
　　-------------------------------------------------------------------
　　set route source 192.168.0.190/32 interface ethernet0/4
　　set route source 192.168.0.191/32 interface ethernet0/4
　　根据策略源地址来写路由！