关键词不能为空

当前您在: 主页 > 英语 >

NetscreenJuniper防火墙VPN配置说明

作者:高考题库网
来源:https://www.bjmy2z.cn/gaokao
2021-03-02 20:47
tags:

-

2021年3月2日发(作者:aggressor)


目录




1.



概述


.................................................. .................................................. .................................................. .............2



2.



设备型号及连接说明



.


............................................. .................................................. ....................................2



2.1.



设备型号



.


.................................................. .................................................. ............................................2

< p>


3.



需求说明


....................... .................................................. .................................................. ...............................2



4.



配置说明


....................... .................................................. .................................................. ...............................2



4.1.



N


ETSCREEN


208


配置说明


.. .................................................. .................................................. ...................2



4.2.



N


ETSCREEN


50B


配置说明(国研机房)



.


...................... .................................................. .....................4



4.3.



N


ETSCREEN


5


GT


配置说明(办 公网)


.................................... .................................................. ..............4



5.



配置附表


....................... .................................................. .................................................. ...............................4



5.1.



N


ETSCREEN


208


................. .................................................. .................................................. .......................4



5.2.



N


ETSCREEN


50B


................. .................................................. .................................................. .......................8



5.3.



N


ETSCREEN


5GT


................. .................................................. .................................................. .....................13




NetscreenJuniper


防火墙


V PN


配置说明




1.



概述



此文档主要是描述国研机房及办公网防火墙以下几点:



型号说明



安装和配置说明



应用策略说明



VPN


连接说明



2.



设备型号及连接说明



2.1.


设备型号



公司总共的防火墙设备列表



设备名称



型号



网络防火墙


Nescreen208


网络防火墙


Netscreen 50B


网络防火墙


Netscreen 5GT


设备名称



型号



网络防火墙


Nescreen208


网络防火墙


Netscreen 50B


网络防火墙


Netscreen 5GT


数量



1


2


2


数量



1






IDC


主过滤防火墙



IDC


办公区


VPN


端设备< /p>



办公网


VPN


端设备



概述



IDC


主过滤防火墙



IDC


办公网


VPN


端设备



概述



机房连接使用的防火墙设备列表




3.



需求说明



我们的防火墙主要有两个大的用途:



1.将内部的


Web


服务器向外提供映射及

IDC


服务器出局访问



2.


VPN


互通



在上 面的列表中,


netscreen208


主要用向外映射


WEB


服务器及控制


IDC

< br>服务器出局访问



50B


主要用 于与办公网


5GT



VPN

< p>
互通




4.



配置说明



4.1.

< br>Netscreen208


配置说明



映射说明:



set interface ethernet1 vip 211.144.149.11 25





#映射


25


端口



set interface ethernet1 vip 211.144.149.11 + 80




#映射


80


端口



set interface ethernet1 vip 211.144.149.11 + 110



< p>
#映射


110


端口



set


interface


ethernet1


vip


211.144.149.12


80



172.16.1.21



#映射


80


端口网站




set


interface


ethernet1


vip


211.144.149.13


80



172.16.1.23




#映射


80


端口网站




set interface ethernet1 vip 211.144.149.14 80






#映射


80


端口网站




策略说明:




set policy id 1 name





set policy id 1


set service


exit


#内网所有出局


80



icmp


访问均可




set policy id 3 name





set policy id 3


set src-address


set src- address


exit



#允许 内网地址


network(172.16.12.9)


网管服务 器及


network2(172.16.12.8)


邮件服务器 全部访


问出局




set policy id 5 from





set policy id 5


set service


set service


exit



#允许外部访问


VIP(211.144.149.11)mail/web


服务




set policy id 6 from





set policy id 6


exit


#允许外部访问


VIP(211.144.149.12)web


服务




set policy id 7 from





set policy id 7


exit


#允许外部访问


VIP(2 11.144.149.13)web


服务




set policy id 8 from





set policy id 8


exit


#允许外部访问


VIP(211.144.149.14)web


服务

< br>



set policy id 9 from





set policy id 9


exit


#暂时不生效



set policy id 10 from





set policy id 10


exit


#暂时不生效




set policy id


11 from




permit



set policy id 11


exit


#暂时不生效,以后用于主从


DNS


服务器




set policy id 12 name


rust




log



set policy id 12




4.2.



N


etscreen50B


配置说明(国研机房)



50B


主要是用于跟办公网的

VPN


通信,主要是用于


VPN


策 略



详细配置说明相对较复杂,我们只在附表中给出配置文件。


< /p>


4.3.


Netscreen5gt


配置 说明(办公网)



5GT


主要是用于跟 国研机房的


VPN


通信,主要是用于


V PN


策略



详细配置说明相对较复杂,我们只在附表中给出配置文件。




5.



配置附表



5.1.


Netscreen208



set clock timezone 7



set vrouter trust-vr sharable


set vrouter


exit


set vrouter


unset auto- route-export


exit


set service


set auth-server


set auth-server


set auth default auth server


set auth radius accounting port 1646


set admin name


set admin password


set admin port 8000


set admin auth timeout 10


set admin auth server


set admin format dos


set zone


set zone


set zone


set zone


set zone


set zone


set zone


unset zone


set zone


set zone


set zone


unset zone


unset zone


unset zone


unset zone


unset zone


unset zone


set zone


set zone


set zone


set zone


set zone


set zone


set zone


set zone


set interface


set interface


set interface


unset interface vlan1 ip


set interface ethernet1 ip 211.144.149.2/25


set interface ethernet1 route


set interface ethernet2 ip 172.16.1.2/24


set interface ethernet2 nat


unset interface vlan1 bypass-others-ipsec


unset interface vlan1 bypass-non-ip


set interface ethernet1 ip manageable


set interface ethernet2 ip manageable


set interface ethernet1 manage ssh


set interface ethernet1 manage ssl


set interface ethernet1 vip 211.144.149.11 25


set interface ethernet1 vip 211.144.149.11 + 80


set interface ethernet1 vip 211.144.149.11 + 110


set interface ethernet1 vip 211.144.149.12 80


set interface ethernet1 vip 211.144.149.13 80


set interface ethernet1 vip 211.144.149.14 80


set


interface



mip


211.144.149.6


host


172.16.1.25


netmask


255.255.255.255 vr


unset flow no-tcp-seq-check


set flow tcp-syn- check


set address


set address


set address


set address


set address


set address


set address


set address


set address


set address


set ike respond-bad-spi 1


unset ikeikeid-enumeration


unset ike dos-protection


unset ipsec access-session enable


set ipsec access-session maximum 5000


set ipsec access-session upper- threshold 0


set ipsec access-session lower-threshold 0


set ipsec access- session dead-p2-sa-timeout 0


unset ipsec access-session log-error


unset ipsec access-session info-exch-connected


unset ipsec access-session use-error- log


set url protocol websense


exit


set


policy


id


1


name



from



to





set policy id 1


set service


exit


set policy id 3 name


permit


set policy id 3


set src- address


set src-address


exit


set


policy


id


5


from



to





permit log


set policy id 5


set service


set service


exit


set


policy


id


6


from



to





permit log


set policy id 6


exit


set


policy


id


7


from



to





permit


set policy id 7


exit


set


policy


id


8


from



to





permit log


set policy id 8


exit


set


policy


id


9


from



to





permit


set policy id 9


exit


set


policy


id


10


from



to





set policy id 10


exit


set


policy


id


11


from



to






set policy id 11


exit


set policy id 12 name



set policy id 12


exit


set pki authority default scep mode


set pki x509 default cert-path partial


set syslog config


set syslog config


set syslog src-interface ethernet2


set syslog enable


unset log module system level notification destination syslog


unset log module system level information destination syslog


unset log module system level debugging destination syslog


set nsmgmtbulkcli reboot-timeout 60


set ssh version v2


set ssh enable


set config lock timeout 5


set snmp community


set snmp host


trap v2


set


snmp


host



192.168.21.102


255.255.255.255


src- interface


ethernet2 trap v2


set snmp name


set snmp port listen 161


set snmp port trap 162


set vrouter


exit


set vrouter


unset add- default-route


set


route


172.16.12.0/24


interface


ethernet2


gateway


172.16.1.1


preference


20



set route 0.0.0.0/0 interface ethernet1 gateway 211.144.149.1 preference 20


set


route


192.168.0.0/16


interface


ethernet2


gateway


172.16.1.3


preference


20


set


route


172.16.4.14/32


interface


ethernet2


gateway


172.16.1.1


preference


20



exit


set vrouter


exit


set vrouter


exit



5.2.


Netscreen50B



set clock timezone 7


set vrouter trust-vr sharable


set vrouter


exit


set vrouter


unset auto-route-export


exit


set service



set service



set auth-server


set auth-server


set auth default auth server


set auth radius accounting port 1646


set admin name


set admin password



set admin auth timeout 10


set admin auth server


set admin format dos


set zone


set zone


set zone


set zone


set zone


set zone


set zone



unset zone


set zone



set zone


set zone



unset zone


set zone


set zone


set zone


set zone


set zone


set zone


set zone


set zone


set zone


set zone


set zone


set zone


set zone


set zone


set zone


set zone


set zone


set zone


set zone


set zone


set zone


set zone


set zone


set zone


set zone


set zone


set zone

-


-


-


-


-


-


-


-



本文更新与2021-03-02 20:47,由作者提供,不代表本网站立场,转载请注明出处:https://www.bjmy2z.cn/gaokao/693012.html

返回列表:英语

NetscreenJuniper防火墙VPN配置说明的相关文章

  • 余华爱情经典语录,余华爱情句子

    余华的经典语录——余华《第七天》40、我不怕死,一点都不怕,只怕再也不能看见你——余华《第七天》4可是我再也没遇到一个像福贵这样令我难忘的人了,对自己的经历如此清楚,

    语文

  • 心情低落的图片压抑,心情低落的图片发朋友圈

    心情压抑的图片(心太累没人理解的说说带图片)1、有时候很想找个人倾诉一下,却又不知从何说起,最终是什么也不说,只想快点睡过去,告诉自己,明天就好了。有时候,突然会觉得

    语文

  • 经典古训100句图片大全,古训名言警句

    古代经典励志名言100句译:好的药物味苦但对治病有利;忠言劝诫的话听起来不顺耳却对人的行为有利。3良言一句三冬暖,恶语伤人六月寒。喷泉的高度不会超过它的源头;一个人的事

    语文

  • 关于青春奋斗的名人名言鲁迅,关于青年奋斗的名言鲁迅

    鲁迅名言名句大全励志1、世上本没有路,走的人多了自然便成了路。下面是我整理的鲁迅先生的名言名句大全,希望对你有所帮助!当生存时,还是将遭践踏,将遭删刈,直至于死亡而

    语文

  • 三国群英单机版手游礼包码,三国群英手机单机版攻略

    三国群英传7五神兽洞有什么用那是多一个武将技能。青龙飞升召唤出东方的守护兽,神兽之一的青龙。玄武怒流召唤出北方的守护兽,神兽之一的玄武。白虎傲啸召唤出西方的守护兽,

    语文

  • 不收费的情感挽回专家电话,情感挽回免费咨询

    免费的情感挽回机构(揭秘情感挽回机构骗局)1、牛牛(化名)向上海市公安局金山分局报案,称自己为了挽回与女友的感情,被一家名为“实花教育咨询”的情感咨询机构诈骗4万余元。

    语文
NetscreenJuniper防火墙VPN配置说明随机文章
NetscreenJuniper防火墙VPN配置说明热门标签