NetscreenJuniper防火墙VPN配置说明(3)

来源：网络收集时间：2020-06-08 下载这篇文档手机版

说明：文章内容仅供预览，部分内容可能不全，需要完整文档或者需要复制内容，请下载word后使用。下载word有问题请添加微信号:或QQ：处理（尽可能给您提供完整文档），感谢您的支持与谅解。

set address \

set address \set address \set address \set address \set address \set address \set address \set address \set address \set group address \

set group address \ set group address \ set group address \set group address \

set group address \

set group address \ set group address \

set ike gateway \for 192.168.0.0/19\address 61.51.110.10 Main outgoing-interface \

set ike gateway \\set ike gateway \

set ike gateway \set ike respond-bad-spi 1 unset ikeikeid-enumeration unset ike dos-protection

unset ipsec access-session enable

set ipsec access-session maximum 5000 set ipsec access-session upper-threshold 0 set ipsec access-session lower-threshold 0 set ipsec access-session dead-p2-sa-timeout 0 unset ipsec access-session log-error

unset ipsec access-session info-exch-connected

unset ipsec access-session use-error-log

set vpn \sec-level compatible

set vpn \

set vpn \sec-level compatible

set vpn \

set url protocol websense exit

set policy id 16 from \ \

set policy id 16

exit

set policy id 15 from \ \ set policy id 15 exit

set policy id 14 from \ \ set policy id 14

exit

set policy id 13 from \ \ set policy id 13 exit

set policy id 10 from \ \ set policy id 10 exit

set policy id 5 from \ \ set policy id 5

exit

set policy id 11 from \ \ set policy id 11

exit

set policy id 12 from \ \ set policy id 12 exit

set syslog config \

set syslog config \set syslog src-interface ethernet2 set syslog enable

unset log module system level warning destination syslog unset log module system level notification destination syslog unset log module system level information destination syslog unset log module system level debugging destination syslog set nsmgmtbulkcli reboot-timeout 60 set ssh version v2 set ssh enable

set config lock timeout 5

set snmp community \ traffic version v2c

set snmp host \set snmp host \set snmp name \set snmp port listen 161 set snmp port trap 162 set vrouter \exit

set vrouter \

unset add-default-route

set route 172.16.12.0/24 interface ethernet2 gateway 172.16.1.1 preference 20 set route 0.0.0.0/0 interface ethernet1 gateway 211.144.149.1 preference 20 set route 172.16.4.0/24 interface ethernet2 gateway 172.16.1.1 preference 20 set route 172.16.6.1/24 interface ethernet2 gateway 172.16.1.1 preference 20 set route 172.16.7.1/24 interface ethernet2 gateway 172.16.1.1 preference 20 set route 172.16.5.0/24 interface ethernet2 gateway 172.16.1.1 preference 20 set route 172.16.8.0/24 interface ethernet2 gateway 172.16.1.1 preference 20 set route 172.16.10.0/24 interface ethernet2 gateway 172.16.1.1 preference 20 set route 172.16.11.0/24 interface ethernet2 gateway 172.16.1.1 preference 20 set route 172.16.13.0/24 interface ethernet2 gateway 172.16.1.1 preference 20 set route 172.16.14.0/24 interface ethernet2 gateway 172.16.1.1 preference 20 set route 172.16.15.0/24 interface ethernet2 gateway 172.16.1.1 preference 20 set route 192.168.0.0/19 interface tunnel.1 set route 10.10.10.0/24 interface tunnel.2 exit

set vrouter \exit

5.3. Netscreen5GT

set clock timezone 7

set vrouter trust-vr sharable set vrouter \exit

set vrouter \

unset auto-route-export exit

set service \protocol tcpsrc-port 10001-10001 dst-port 10001-10001 set service \set service \set service \set service \set service \set service \set service \set service \set service \set service \

set service \set service \set service \set service \

set service \set service \set service \set auth-server \

set auth-server \set auth default auth server \set auth radius accounting port 1646

set admin name \

set admin password \set admin port 8000 set admin auth timeout 10 set admin auth server \set admin format dos

set zone \set zone \set zone \set zone id 100 \

set zone \

set zone \set zone \set zone %unset zone \set zone \set zone %unset zone \

unset zone \

set zone \set zone \set zone \set zone \set zone \

set zone \set zone \set zone \set zone \set zone \set interface \set interface \set interface %unset interface vlan1 ip

set interface trust ip 192.168.20.253/24 set interface trust nat

set interface untrustip 61.51.110.10/32 set interface untrustnat

set interface tunnel.1 ip unnumbered interface untrust

set interface untrust bandwidth egress mbw 2000 ingress mbw 2000 unset interface vlan1 bypass-others-ipsec unset interface vlan1 bypass-non-ip set interface trust ip manageable set interface untrustip manageable set interface untrust manage ping set interface untrust manage ssh set interface untrust manage telnet set interface untrust manage web

set interface untrust monitor track-ipip 192.168.0.8 unset interface untrust monitor track-ip dynamic

set interface untrustvipuntrust 80 \set interface untrustvipuntrust 873 \set interface untrustvipuntrust 199 \set interface untrustvipuntrust 5222 \set pak-poll p1queue pak-threshold 96 set pak-poll p2queue pak-threshold 32 set flow tcp-mss

set flow all-tcp-mss 1304 unset flow no-tcp-seq-check

set flow tcp-syn-check

set pki authority default scep mode \set pki x509 default cert-path partial

set dns host dns1 202.106.0.20 src-interface untrust set dns host dns2 0.0.0.0 set dns host dns3 0.0.0.0 set dns proxy

set dns proxy enable

set dns server-select domain testoff outgoing-interface untrust primary-server 202.106.0.20

set address \

set address \set address \set address \set address \set address \set address \set address \set address \set address \

set address \set address \

百度搜索“77cn”或“免费范文网”即可找到本站免费阅读全部范文。收藏本站方便下次阅读，免费范文网，提供经典小说教育文库NetscreenJuniper防火墙VPN配置说明(3)在线全文阅读。

NetscreenJuniper防火墙VPN配置说明(3).doc 将本文的Word文档下载到电脑，方便复制、编辑、收藏和打印下载失败或者文档不完整，请联系客服人员解决！

下载这篇word文档

本文链接：https://www.77cn.com.cn/wenku/jiaoyu/1100969.html（转载请注明文章来源）

上一篇：海南大学法学院文件
下一篇：海西环铁路XHZQ-6标崖城车站悬臂式挡墙防护工程施工方案