JUNIPER双线拨号***配置
以下配置是JUNIPER双线拨号***配置:set clock timezone 0
set vrouter trust-vr sharable
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
unset auto-route-export
exit
set alg appleichat enable
unset alg appleichat re-assembly enable
set alg sctp enable
set auth-server "Local"> set auth-server "Local" server-name "Local"
set auth default auth server "Local"
set auth radius accounting port 1646
set admin name "netscreen"
set admin password "nKVUM2rwMUzPcrkG5sWIHdCtqkAibn"
set admin auth web timeout 10
set admin auth server "Local"
set admin format dos
set zone "Trust" vrouter "trust-vr"
set zone "Untrust" vrouter "trust-vr"
set zone "DMZ" vrouter "trust-vr"
set zone "VLAN" vrouter "trust-vr"
set zone "Untrust-Tun" vrouter "trust-vr"
set zone "Trust" tcp-rst
set zone "Untrust" block
unset zone "Untrust" tcp-rst
set zone "MGT" block
unset zone "V1-Trust" tcp-rst
unset zone "V1-Untrust" tcp-rst
set zone "DMZ" tcp-rst
unset zone "V1-DMZ" tcp-rst
unset zone "VLAN" tcp-rst
set zone "Untrust" screen tear-drop
set zone "Untrust" screen syn-flood
set zone "Untrust" screen ping-death
set zone "Untrust" screen ip-filter-src
set zone "Untrust" screen land
set zone "V1-Untrust" screen tear-drop
set zone "V1-Untrust" screen syn-flood
set zone "V1-Untrust" screen ping-death
set zone "V1-Untrust" screen ip-filter-src
set zone "V1-Untrust" screen land
set interface "ethernet0/0" zone "Trust"
set interface "ethernet0/1" zone "DMZ"
set interface "ethernet0/2" zone "Untrust"
set interface "ethernet0/3" zone "Trust"
set interface "ethernet0/4" zone "Untrust"
set interface ethernet0/0 ip 192.168.1.1/24
set interface ethernet0/0 nat
unset interface vlan1 ip
set interface ethernet0/2 ip 公网IP
set interface ethernet0/2 route
set interface ethernet0/3 ip 192.168.0.1/24
set interface ethernet0/3 nat
set interface ethernet0/4 ip 公网IP
set interface ethernet0/4 route
set interface "ethernet0/2" pmtu ipv4
set interface "ethernet0/3" pmtu ipv4
set interface "ethernet0/4" pmtu ipv4
unset interface vlan1 bypass-others-ipsec
unset interface vlan1 bypass-non-ip
set interface ethernet0/0 ip manageable
set interface ethernet0/2 ip manageable
set interface ethernet0/3 ip manageable
set interface ethernet0/4 ip manageable
set interface ethernet0/2 manage ping
set interface ethernet0/2 manage ssh
set interface ethernet0/2 manage telnet
set interface ethernet0/2 manage snmp
set interface ethernet0/2 manage ssl
set interface ethernet0/2 manage web
set interface ethernet0/2 manage> unset interface ethernet0/3 manage ssl
set interface ethernet0/4 manage ping
set interface ethernet0/4 manage ssh
set interface ethernet0/4 manage telnet
set interface ethernet0/4 manage snmp
set interface ethernet0/4 manage ssl
set interface ethernet0/4 manage web
set interface ethernet0/3 dhcp server service
set interface ethernet0/3 dhcp server enable
set interface ethernet0/3 dhcp server option lease 1440000
set interface ethernet0/3 dhcp server option gateway 192.168.0.1
set interface ethernet0/3 dhcp server option netmask 255.255.255.0
set interface ethernet0/3 dhcp server option dns1 202.101.172.35
set interface ethernet0/3 dhcp server option dns2 202.101.172.47
unset interface ethernet0/3 dhcp server config next-server-ip
unset interface ethernet0/3 dhcp server config updatable
set flow all-tcp-mss 1304
unset flow no-tcp-seq-check
set flow tcp-syn-check
unset flow tcp-syn-bit-check
set flow reverse-route clear-text prefer
set flow reverse-route tunnel always
set pki authority default scep mode "auto"
set pki x509 default cert-path partial
set ippool "L2TP_Pool" 10.0.0.1 10.0.0.250
set ippool "财务地址组" 192.168.0.190 192.168.0.210
set user "csf" uid 9
set user "csf" type l2tp
set user "csf" password "6+qJLYZaNYsgZLsSaGCuds3kIKnHz7z7iw=="
unset user "csf" type auth
set user "csf" "enable"
set user "fbs" uid 10
set user "fbs" type l2tp
set user "fbs" remote ippool "L2TP_Pool"
set user "fbs" password "UllUKVbwNncfG6sU7MCceBi8Qkn5DWhJIw=="
unset user "fbs" type auth
set user "fbs" "enable"
set user "shange" uid 1
set user "shange" type l2tp
set user "shange" remote ippool "L2TP_Pool"
set user "shange" password "at4Ph9AQNTMQVCsRE3CpZhMNudn3UfNNCg=="
unset user "shange" type auth
set user "shange" "enable"
set user "test" uid 2
set user "test" type l2tp
set user "test" password "uW0V9qXVNNFgmfs95ACVnvidmvn59wO/6g=="
unset user "test" type auth
set user "test" "enable"
set user "tyl" uid 8
set user "tyl" type l2tp
set user "tyl" password "LZwdJlsANPJ9GUsYSuCh+EjW0Hn77DAWhg=="
unset user "tyl" type auth
set user "tyl" "enable"
set user "wenyiguan" uid 7
set user "wenyiguan" type l2tp
set user "wenyiguan" remote ippool "L2TP_Pool"
set user "wenyiguan" password "YTpo/vFuNYQ85/s+YKCBKriBmvnmuZREeQ=="
unset user "wenyiguan" type auth
set user "wenyiguan" "enable"
set user-group "L2TP_Group"> set user-group "L2TP_Group" user "@#¥"
set crypto-policy
exit
set ike respond-bad-spi 1
set ike ikev2 ike-sa-soft-lifetime 60
unset ike ikeid-enumeration
unset ike dos-protection
unset ipsec access-session enable
set ipsec access-session maximum 5000
set ipsec access-session upper-threshold 0
set ipsec access-session lower-threshold 0
set ipsec access-session dead-p2-sa-timeout 0
unset ipsec access-session log-error
unset ipsec access-session info-exch-connected
unset ipsec access-session use-error-log
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
exit
set l2tp default dns1 202.101.172.35
set l2tp default dns2 202.101.172.46
set l2tp default ippool "L2TP_Pool"
set l2tp "L2TP_Tunnel"> set l2tp "L2TP_Tunnel" remote-setting ippool "L2TP_Pool"
set l2tp "L2TP_Tunnel" auth server "Local" user-group "L2TP_Group"
set url protocol websense
exit
set policy>
set policy> exit
set policy>
set policy> exit
set pppoe name "PPPOE"
set pppoe name "PPPOE" username "宽带账号" password "t2f97XW+NI9uqgs1NYC5B+rRrwnEfqu4bQ=="
set pppoe name "PPPOE" interface ethernet0/2
set pppoe name "PPPoE2"
set pppoe name "PPPoE2" username "宽带账号" password "zEYhFTRGN+I93csLvOCU5mF3bfn8ckzorw=="
set pppoe name "PPPoE2" interface ethernet0/4
set nsmgmt bulkcli reboot-timeout 60
set ssh version v2
set config lock timeout 5
unset license-key auto-update
set telnet client enable
set snmp port listen 161
set snmp port trap 162
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
set source-routing enable
unset add-default-route
set route source 192.168.0.190/32 interface ethernet0/4
set route source 192.168.0.191/32 interface ethernet0/4
exit
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
exit
-------------------------------------------------------------------
set route source 192.168.0.190/32 interface ethernet0/4
set route source 192.168.0.191/32 interface ethernet0/4
根据策略源地址来写路由!
页:
[1]