H3CL2TP-IPSEC办公网典型组网方案

30117557
3 ℃
2020-01-10

整理文档很辛苦，赏杯茶钱您下走！

还剩 ... 页未读，继续阅读 >>

免费阅读已结束，点击下载阅读编辑剩下 ... 页

阅读已结束，您可以下载文档离线阅读编辑

资源描述

H3CL2TP-IPSEC办公网典型组网方案【一个ETHERNET口对多个分部】【拓扑图+详细配置】网络拓扑图:各设备详细配置：BM_WUYUAN_AR1831的配置discu#sysnameBM_WUYUAN_AR1831#ikelocal-namecnc#undoipoptionsource-routing#dialer-rule1ippermit#ikepeercncexchange-modeaggressivepre-shared-keycncid-typenameremote-namezxremote-address60.0.0.1nattraversal#ipsecproposalcnc#ipsecpolicycnc1isakmpsecurityacl3000ike-peercncproposalcnc#dhcpserverip-pool1network10.70.65.0mask255.255.255.240gateway-list10.70.65.1dns-list202.99.224.8202.99.224.68#interfaceBri3/0link-protocolppp#interfaceDialer0link-protocolpppppppaplocal-userwy12345kdxwl@service2m.nmpasswordsimplexwl9600mtu1450ipaddressppp-negotiatedialeruserwy12345kdxwl@service2m.nmdialer-group1dialerbundle1natoutbound3100ipsecpolicycnc#interfaceEthernet1/0ipaddress10.70.65.1255.255.255.240#interfaceAtm2/0pvc0/32mapbridgeVirtual-Ethernet0#interfaceVirtual-Ethernet0pppoe-clientdial-bundle-number1#interfaceNULL0#interfaceLoopBack0#aclnumber3000rule0permitipsource10.70.64.00.0.0.255destination10.70.65.00.0.0.15rule1permitipsource10.70.65.00.0.0.15destination10.70.64.00.0.0.255aclnumber3100rule0denyipdestination10.70.64.00.0.0.255rule1permitipsource10.70.65.00.0.0.15#iproute-static0.0.0.00.0.0.0Dialer0preference60#user-interfacecon0user-interfacevty04userprivilegelevel3setauthenticationpasswordcipherN`C55QK`=/Q=^Q`MAF41!!#returnBM_WUYUAN_AR1831BM_BANGONWAN_EUDEMON200的配置......................Savethecurrentconfigurationtothedevicesuccessfully.BM_BANGONWAN_EUDEMON200BM_BANGONWAN_EUDEMON200discu#sysnameBM_BANGONWAN_EUDEMON200#superpasswordlevel3cipherN`C55QK`=/Q=^Q`MAF41!!#natalgenableftpnatalgenablednsnatalgenableicmpnatalgenablenetbiosundonatalgenableh323undonatalgenablehwccundonatalgenableilsundonatalgenablepptpundonatalgenableqqundonatalgenablemsnundonatalgenableuser-defineundonatalgenablesip#firewallmodetransparentfirewallsystem-ip10.70.64.253255.255.255.0#firewallstatisticsystemenable#interfaceAux0asyncmodeflowlink-protocolppp#interfaceEthernet0/0/0#interfaceEthernet0/0/1#interfaceEthernet1/0/0#interfaceEthernet1/0/1#interfaceNULL0#interfaceLoopBack0#aclnumber3000rule5permitipsource10.70.64.00.0.0.255rule10permitipsource10.70.65.00.0.0.255rule15permitipsource192.168.0.00.0.0.255rule20denyip#firewallzonelocalsetpriority100#firewallzonetrustaddinterfaceEthernet0/0/0addinterfaceEthernet1/0/0setpriority85#firewallzoneuntrustaddinterfaceEthernet0/0/1addinterfaceEthernet1/0/1setpriority5#firewallzoneDMZsetpriority50#firewallinterzonelocaltrustpacket-filter3000inboundpacket-filter3000outbound#firewallinterzonelocaluntrust#firewallinterzonelocalDMZ#firewallinterzonetrustuntrustpacket-filter3000inboundpacket-filter3000outbound#firewallinterzonetrustDMZ#firewallinterzoneDMZuntrust#aaaauthentication-schemedefault#authorization-schemedefault#accounting-schemedefault#domaindefault##user-interfacecon0user-interfaceaux0user-interfacevty04userprivilegelevel3setauthenticationpasswordcipherN`C55QK`=/Q=^Q`MAF41!!#returnBM_BANGONWAN_EUDEMON200BM_BANGONWAN_P1的配置discu#sysnameBM_BANGONWAN_P1#ikelocal-namep1#undoipoptionsource-routing#dialer-rule1ippermit#ikepeerp1exchange-modeaggressivepre-shared-keycncid-typenameremote-namezxremote-address61.138.72.234nattraversal#ipsecproposalp1#ipsecpolicyp11isakmpsecurityacl3000ike-peerp1proposalp1#dhcpserverip-pool1network10.70.65.96mask255.255.255.240gateway-list10.70.65.97dns-list202.99.224.8202.99.224.68#interfaceBri3/0link-protocolppp#interfaceDialer0link-protocolpppppppaplocal-userlhkdwtkf1123451@service1m.nmpasswordsimple8810181mtu1450ipaddressppp-negotiatedialeruserlhkdwtkf1123451@service1m.nmdialer-group1dialerbundle1natoutbound3100ipsecpolicyp1#interfaceEthernet1/0ipaddress10.70.65.97255.255.255.240#interfaceAtm2/0pvc0/32mapbridgeVirtual-Ethernet0#interfaceVirtual-Ethernet0pppoe-clientdial-bundle-number1#interfaceNULL0#aclnumber3000rule0permitipsource10.70.64.00.0.0.255destination10.70.65.960.0.0.15rule1permitipsource10.70.65.960.0.0.15destination10.70.64.00.0.0.255aclnumber3100rule0denyipdestination10.70.64.00.0.0.255rule1permitipsource10.70.65.960.0.0.15#iproute-static0.0.0.00.0.0.0Dialer0preference60#user-interfacecon0user-interfacevty04#returnBM_BANGONWAN_P1BM_BANGONWAN_P2的配置discu#sysnameBM_BANGONWAN_P2#ikelocal-namep2#ipoptionsource-routing#dialer-rule1ippermit#ikepeerdkexchange-modeaggressivepre-shared-keycncid-typenameremote-namezxremote-address60.0.0.1nattraversal#ipsecproposaldk#ipsecpolicydk1isakmpsecurityacl3010ike-peerdkproposaldk#dhcpserverip-pool1network10.70.65.112mask255.255.255.240gateway-list10.70.65.113dns-list202.99.224.8202.99.224.68#interfaceBri3/0link-protocolppp#interfaceDialer0link-protocolpppppppaplocal-userlhkdtxf123gs@service2m.nmpasswordsimple8270054mtu1450ipaddressppp-negotiatedialeruserlhkdtxf123gs@service2m.nmdialer-group1dialerbundle1natoutbound3001ipsecpolicydk#interfaceEthernet1/0ipaddress10.70.65.113255.255.255.240#interfaceAtm2/0pvc0/32mapbridgeVirtual-Ethernet0#interfaceVirtual-Ethernet0pppoe-clientdial-bundle-number1#interfaceNULL0#interfaceLoopBack0