本站已运行

攻城狮论坛

搜索
立即注册用户登录
123456下一页
返回列表 发新帖
作者: 当当
查看: 4621|回复: 58

more +今日重磅推荐Recommend No.1

所有IT类厂商认证考试题库下载所有IT类厂商认证考试题库下载

more +随机图赏Gallery

【新盟教育】2023最新华为HCIA全套视频合集【网工基础全覆盖】---国sir公开课合集【新盟教育】2023最新华为HCIA全套视频合集【网工基础全覆盖】---国sir公开课合集
【新盟教育】网工小白必看的!2023最新版华为认证HCIA Datacom零基础全套实战课【新盟教育】网工小白必看的!2023最新版华为认证HCIA Datacom零基础全套实战课
原创_超融合自动化运维工具cvTools原创_超融合自动化运维工具cvTools
重量级~~30多套JAVA就业班全套 视频教程(请尽快下载,链接失效后不补)重量级~~30多套JAVA就业班全套 视频教程(请尽快下载,链接失效后不补)
链接已失效【超过几百G】EVE 国内和国外镜像 全有了 百度群分享链接已失效【超过几百G】EVE 国内和国外镜像 全有了 百度群分享
某linux大佬,积累多年的电子书(约300本)某linux大佬,积累多年的电子书(约300本)
乾颐堂现任明教教主Python完整版乾颐堂现任明教教主Python完整版
乾颐堂 教主技术进化论 2018-2019年 最新31-50期合集视频(各种最新技术杂谈视频)乾颐堂 教主技术进化论 2018-2019年 最新31-50期合集视频(各种最新技术杂谈视频)
Python学习视频 0起点视频 入门到项目实战篇 Python3.5.2视频教程 共847集 能学102天Python学习视频 0起点视频 入门到项目实战篇 Python3.5.2视频教程 共847集 能学102天
约21套Python视频合集 核心基础视频教程(共310G,已压缩)约21套Python视频合集 核心基础视频教程(共310G,已压缩)
最新20180811录制 IT爱好者-清风羽毛 - 网络安全IPSec VPN实验指南视频教程最新20180811录制 IT爱好者-清风羽毛 - 网络安全IPSec VPN实验指南视频教程
最新20180807录制EVE开机自启动虚拟路由器并桥接物理网卡充当思科路由器最新20180807录制EVE开机自启动虚拟路由器并桥接物理网卡充当思科路由器

[安全] 请求帮助:思科ASA 5520和华为eudemon 300建立L2L vpn不通

  [复制链接]
peinile [Lv4 初露锋芒] 发表于 2013-6-19 04:37:41 | 显示全部楼层
开通VIP 免金币+免回帖+批量下载+无广告
如何确认ipsec sa建立起来了?
CCNA考试 官方正规报名 仅需1500元
回复 支持 反对

使用道具 举报

gyf200311 [Lv5 不断成长] 发表于 2013-6-19 05:33:34 | 显示全部楼层
这是华为的配置:
* \8 y9 E$ o' Q- K6 d#3 U' W5 U2 Q& \  @, z
acl number 2000. @# d* T9 T/ M* {; O5 s
rule 0 permit source 172.16.14.1 09 N3 [% a: l! m3 v' b* u
rule 1 permit source 172.16.1.0 0.0.0.255$ u' V9 g5 K. R, V. u9 B6 I. G1 n
rule 3 permit source 172.16.2.1 0
) v9 G0 X/ G' s* @5 B6 @0 G rule 4 permit source 172.16.2.13 0
1 j  E' r( _! k2 L3 V rule 5 permit source 172.16.10.0 0.0.0.255
6 e7 G1 @7 R, h" ~$ W rule 6 permit source 172.16.16.2 0$ n7 }+ z" n- o6 a
rule 7 permit source 172.16.2.2 0
" e' i8 j% d- j/ J; ~5 e5 k+ \/ m rule 8 permit source 172.16.14.50 05 Z9 e1 p  }) _& P; B
rule 10 deny! Z0 u2 o+ Q3 M3 f& K) U3 `& F
acl number 20013 p. `3 S* b' ]
rule 0 permit source 172.16.12.51 0+ z) E# O; h8 _* B! v
rule 5 deny
5 B! N4 [% I8 U/ n. Iacl number 2002$ W3 _8 ?! o; ^0 F3 j
rule 0 permit source 172.16.12.61 0
3 ^4 h7 V( \$ v5 X: v6 ^0 E rule 5 deny
3 t  N4 ~+ i% n  M$ Eacl number 2003* |( a6 E, s- B- o# }
rule 0 permit source 172.15.10.4 07 B& q  S" d9 \8 t! r
rule 5 deny# ]; L* e9 J0 v/ @& j5 o
#) d) \- Q( ~0 g* ?" P# q' }, S) T
acl number 3000
/ O9 \9 y+ J. I6 [7 T: z  p/ c* Q! _ description dmz-trust9 C& ^) y, B# s
rule 0 permit tcp source 172.16.12.61 0 destination 172.16.10.71 0 destination-port eq 4008
) Y$ z  q) \9 e/ |. P1 N rule 1 permit tcp source 172.16.12.61 0 destination 172.16.10.71 0 destination-port eq 8898& ?2 r+ q# P7 I  ?5 o
rule 2 permit tcp source 172.16.12.61 0 destination 172.16.10.71 0 destination-port eq 8868
$ T) I/ ?% S" u. ]* _5 { rule 3 permit tcp source 172.16.12.61 0 destination 172.16.10.71 0 destination-port eq 88587 l, k2 Z- S1 m! E/ m: H5 X
rule 4 permit tcp source 172.16.12.61 0 destination 172.16.14.155 0 destination-port eq 4008, g9 k3 S% ~3 O" l) {' J
rule 5 permit tcp source 172.16.12.61 0 destination 172.16.14.155 0 destination-port eq 8898
) {( W# o, u( W5 n8 D  m$ F rule 6 permit tcp source 172.16.12.61 0 destination 172.16.14.155 0 destination-port eq 88685 S2 y- d. K3 t' X2 M
rule 7 permit tcp source 172.16.12.61 0 destination 172.16.14.155 0 destination-port eq 88585 \3 `+ l" Z( C! D7 F
rule 8 permit tcp source 172.16.12.51 0 destination 172.16.10.71 0 destination-port eq 4003/ l& J4 o# g2 n: e7 t6 X* r( F
rule 9 permit tcp source 172.16.12.61 0 destination 172.16.10.71 0 destination-port eq ftp
! @# {- L. B1 ^0 |) ?' } rule 10 permit tcp source 172.16.12.61 0 destination 172.16.10.51 0 destination-port eq ftp' E/ h9 j$ C- H) ]; B6 V
rule 11 permit tcp source 172.16.12.61 0 destination 172.16.14.155 0 destination-port eq ftp: a0 o8 M# f/ |# m. Q" l  k
rule 12 permit tcp source 172.16.12.51 0 destination 172.16.14.155 0 destination-port eq ftp
! ^' R; [; x: A5 ~$ l9 c) i2 x rule 13 permit tcp source 172.16.12.51 0 destination 172.16.10.71 0 destination-port eq ftp/ Y8 a8 o! ^8 w/ y. a& M( G
rule 14 permit tcp source 172.16.12.51 0 destination 172.16.10.51 0 destination-port eq ftp  X/ T$ G4 g% ~% I% V2 M
rule 15 permit tcp source 172.16.12.51 0 destination 172.16.14.155 0 destination-port eq 4003$ L% P1 C" t0 l5 b
rule 16 permit ospf
8 N0 U2 `/ S) d) ?: V, F rule 17 permit tcp source 172.16.12.51 0 destination 172.16.10.101 0 destination-port eq 8) k7 |" K' ^4 k9 S% L9 x# T; I* R
rule 18 deny tcp+ n, ^2 g: ?5 n
acl number 3001
$ ?) [9 {) E  S# O5 V( Y description For Untrust-dmz3 Y6 A! g* u, l, ]
rule 0 permit tcp source 172.16.20.0 0.0.0.255 destination 172.16.12.51 0 destination-port eq 5000# K% K8 x4 @/ I& y5 D' G8 D
rule 5 permit icmp
% ?9 d: [0 A. `! f' E! X rule 10 permit ospf                     
7 `3 |$ r: p1 R2 N1 G+ V rule 15 deny tcp source 172.16.20.0 0.0.0.255
0 |3 m) ^7 B; @& H# Z9 l- Vacl number 30024 _# O/ i# U/ k4 ~! w+ e
description To_Yinlian
6 n# j/ r, `- G& W# g. c rule 0 permit ip source 9.234.21.63 0 destination 144.234.97.33 0: ?% s% s' Q7 }5 \9 _
rule 5 permit ip source 9.234.21.64 0 destination 144.234.97.33 0: q* d4 }0 C& W
rule 10 permit ip source 9.234.21.66 0 destination 144.234.97.33 0
7 ^( [2 G# n; S: e7 T7 H  q1 Y rule 15 deny ip  }' U- Y- C$ I' S2 M8 T" \" U& `
acl number 30033 U5 V( O. z: j! p$ i: N. \! u
description for Untrust-Trust
0 h8 F; g0 [/ c$ F9 v rule 0 permit ip source 10.78.72.70 0 destination 172.15.10.4 0
* u  @: g+ ?/ w rule 1 permit ip source 172.16.2.26 0 destination 172.16.10.111 0
, W$ }& b( \/ }0 \. P3 p' }% n* u+ O rule 2 permit ip source 172.16.2.26 0 destination 172.16.14.1 0
8 X6 v4 L  b' B- f0 q" `5 s; c: ~0 i rule 3 permit ip source 10.78.72.153 0 destination 172.15.10.4 00 L$ L! d8 S1 T1 S4 M
rule 4 permit ip source 10.78.72.157 0 destination 172.15.10.4 0
* L. v$ g$ e6 {. p  G4 X6 z- J rule 5 permit ip source 192.168.100.43 0 destination 172.15.10.4 07 S3 d6 n6 i6 L, E
rule 6 permit ip source 10.16.2.7 0 destination 172.15.10.4 0
5 M+ p# p& E/ V$ Z rule 7 permit ip source 10.16.2.5 0 destination 172.15.10.4 0# u) U, t8 {8 o0 a& n
rule 8 permit ip source 10.16.2.6 0 destination 172.15.10.4 04 d! D$ F. [6 [5 l) I! ?
rule 9 permit ip source 10.16.2.8 0 destination 172.15.10.4 0
3 W1 e  v+ A1 M! y: H rule 11 permit ip source 10.139.25.26 0 destination 172.15.10.4 00 x7 [0 `3 |9 X2 O* `7 n/ S3 o7 b; I6 N
rule 13 permit ip source 10.143.10.183 0 destination 172.15.10.4 0
9 z& w  X2 o! ^3 r( r7 Y* ] rule 50 deny ip6 E/ J; a, H- R$ J' G. O4 Z9 u
acl number 3004                           
8 h) ~+ t! o# i1 E) U/ r9 m rule 0 permit ip source 172.16.1.7 0 destination 172.16.10.111 0
9 u3 g- u& J4 W/ A( H9 I8 [8 Sacl number 3005
9 m' a: D0 [4 p* d description TO_dudubao+ r( S$ v& j+ y
rule 0 permit tcp destination 172.15.10.4 0 destination-port eq 6868
1 F3 x! ~9 c# S/ M rule 1 permit tcp destination 172.15.10.4 0 destination-port eq ftp-data; m( s) a! e, U* \& Y8 X6 C
rule 2 permit tcp destination 172.15.10.4 0 destination-port eq ftp
" c$ N8 V# z! b" d2 S' dacl number 3006
. {  s/ L0 `5 @/ G4 n2 b rule 0 permit ip source 172.16.12.0 0.0.0.255 destination 10.0.1.0 0.0.0.255
1 f/ R* P7 }0 c# T6 V- f  zacl number 3007
( ~8 O$ k) i/ p! e0 K$ e1 E9 Z rule 0 deny ip source 172.16.12.0 0.0.0.255 destination 10.0.1.0 0.0.0.255! T. h, }9 P4 M; M: T
rule 1 permit ip source 172.16.12.0 0.0.0.255
5 t2 B) D0 g8 t$ e  l, D, C#
- q3 {; v0 Q; |1 v0 X2 T& g sysname NB_Eudemon300-A
' ?/ O3 _( Y' z# v5 D7 Q3 S6 V- j  [#6 y2 u2 z) ~/ `3 Z) A, k; D
super password level 3 cipher '._1D9P1YCQ=^Q`MAF4<1!!
- F: V* H* y: X#
) J# C4 R' S6 r# a' Z: b; h8 X info-center loghost 172.16.10.192
( q) w; E1 x" Q! C info-center loghost 172.16.10.111
/ u- c* Q! A' x#
. C% ~9 ]- Y3 e: d hrp enable8 @5 T! o  s( H8 H
hrp interface Ethernet2/0/7
0 d0 N: w+ D/ f! m! Q* w#
7 [# ]+ t4 f+ X: ?4 A# h- x6 W3 i1 Z router id 172.16.1.3                     
7 _2 B( I0 Y( m% D* B#
/ x5 j2 }1 G% D+ J0 ?! f9 B! d firewall packet-filter default permit interzone local trust direction inbound
/ v0 ?( _( j) k3 {+ ~3 D firewall packet-filter default permit interzone local trust direction outbound4 e4 X- T! b. q0 m* N, E8 X! o+ J
firewall packet-filter default permit interzone local untrust direction inbound
( O$ _. I. E: K" ` firewall packet-filter default permit interzone local untrust direction outbound! {0 ]' z! T2 P; V# K6 N* A* z7 U: X
firewall packet-filter default permit interzone local dmz direction inbound9 i# L6 R, g1 P7 y( F+ i
firewall packet-filter default permit interzone local dmz direction outbound$ E9 b- W8 L5 l8 N# J' K+ v' O2 K& c. ~
firewall packet-filter default permit interzone local hrp direction inbound( s! b& \( I0 h1 `" Z& S
firewall packet-filter default permit interzone local hrp direction outbound1 O3 a7 a% Z$ o
firewall packet-filter default permit interzone local gprs direction inbound* Y+ J9 i2 Z% O5 S
firewall packet-filter default permit interzone local gprs direction outbound9 F4 L" }- h0 Y  ]& E9 U; M: y
firewall packet-filter default permit interzone local dudubao direction inbound& X# c2 M9 e. Z/ |
firewall packet-filter default permit interzone local dudubao direction outbound
9 T" G+ h1 S( ^0 }, @. i- v6 } firewall packet-filter default permit interzone trust untrust direction outbound
* @' J2 H- [: X firewall packet-filter default permit interzone trust dmz direction inbound6 A9 y9 J" W5 X& D, Y$ a
firewall packet-filter default permit interzone trust dmz direction outbound& g# H3 `( U0 ]7 D$ Y
firewall packet-filter default permit interzone trust gprs direction inbound: \  M* \  r$ {$ g/ P( ]
firewall packet-filter default permit interzone trust gprs direction outbound
; w0 `! R/ Y& y' r; T firewall packet-filter default permit interzone trust dudubao direction inbound: a3 o# Z7 h2 v6 I: O* \  \& T
firewall packet-filter default permit interzone trust dudubao direction outbound1 X: ^$ M2 \+ `" }6 G
firewall packet-filter default permit interzone dmz untrust direction inbound
& m! M! X" K+ L firewall packet-filter default permit interzone dmz untrust direction outbound
& J  m0 h6 m- L% m5 i( X, j8 i firewall packet-filter default permit interzone dmz gprs direction inbound
& y4 U% ~2 ]) k firewall packet-filter default permit interzone dmz gprs direction outbound2 M- \# p% |. W2 a2 U# f
firewall packet-filter default permit interzone dmz dudubao direction inbound' C1 N0 i. Y( L: ^
firewall packet-filter default permit interzone dmz dudubao direction outbound
  \0 l6 V5 }8 @  s#
3 a5 w$ `1 i- ~8 f nat address-group 3 145.234.97.33 145.234.97.33: P! l7 O; R1 Q6 @, k
nat address-group 5 144.234.97.33 144.234.97.33
8 d. }, x$ y5 F& |  E/ j& P nat server zone gprs  global 144.234.97.33 inside 172.16.12.61
+ x" ?! y# x3 d#
9 _3 M- O6 m: `+ f( V- e* w/ s bypass switch-back auto$ O' O7 a/ o6 x9 x8 ]+ S; r! L
#
% |9 l" w' o4 g. b/ {5 K- P firewall mode route+ D4 E6 i: t% O# j0 N" ?* h0 _5 c
#! Z# _: P4 A& X3 p) H
firewall defend ip-spoofing enable
- z/ s& ]1 p# F  u firewall defend land enable" u8 l/ B) d. M  G
firewall defend smurf enable) {3 k+ C, {# u) m
firewall defend fraggle enable( P& Y- F- r1 Z$ u% q- B
firewall defend winnuke enable7 a0 d& Q7 T& c. R1 y% i
firewall defend syn-flood enable% ?) x8 T: X# j3 K
firewall defend udp-flood enable
- [  F, z+ m: q% \0 X6 G% S: W firewall defend icmp-redirect enable* W* z# d3 ]/ f
firewall defend icmp-unreachable enable7 Z* }# ~% m7 l" l- A+ P' v% N
firewall defend ip-sweep enable         
# `: V% G9 d& p) q. B% V6 }: W$ S  S firewall defend port-scan enable! B4 U' q; f! f5 \* P
firewall defend route-record enable  L+ n$ Y* h0 m
firewall defend ping-of-death enable6 m) W; ^  i5 k, \1 j" P' N
firewall defend teardrop enable5 ^$ c, L6 j# _
firewall defend tcp-flag enable
5 B& J1 K; y. q8 t# q firewall defend large-icmp enable
$ [, _2 q* F4 n& c( g4 r( a# b#
1 o; Y: m3 W+ }# _ firewall statistic system enable( W3 P" A) O  y, c+ S1 l
#% X4 N) o# ^4 F: t
ike proposal 1
9 X0 j$ s8 Q8 Q) \- ?! B#
) I! |6 P* M3 W  Fike peer a& O' D$ K+ g1 y
pre-shared-key cnnbtk2 p# J' i4 |4 H+ K' y  B
ike-proposal 1$ |' V3 k4 _5 z6 w; T! m" o
remote-address 119.57.5.5
% _& x6 A% m4 r, J" v#
" F) Z9 g0 }; n4 u. f8 |8 Ripsec proposal tran1
. v3 a- ?8 P/ h; ]  w2 W#
' |& z# M: J( L+ P/ A6 f/ l% Kipsec policy map1 1 isakmp! ]+ Y. G, \' G! t& q8 B' j
security acl 30060 K, u' x4 U! a* f6 [6 R7 c/ ]
pfs dh-group2
9 M. Q$ X, U* D) T ike-peer a3 |( `  O, F7 X" C3 ?
proposal tran1                           
$ S1 O% L( Q# L9 Z% s  P local-address 60.12.194.14
5 q/ O: F/ {1 K, Q#
/ Y9 d: F$ f" w( hinterface Aux0
* ^8 n/ Q0 d& S- c( d async mode flow2 s. s. ]3 J5 c  \1 h
link-protocol ppp$ G; H' P7 q# d& v0 F% D: [% ]
#
7 t: v6 O) r' a: g1 i: d& \+ H  jinterface Ethernet0/0/0
. [- {8 l( H4 O+ d5 t/ H" C0 C#
+ |7 @1 f: ?; ^4 U2 T5 @( Einterface Ethernet0/0/1- b! t9 n0 e- W  K5 ?+ k
#. E0 D5 a+ ?& X
interface Ethernet2/0/0
, Y% j- I% ?* G7 y  E description To_S5624-A(1/0/24); |0 c9 u7 j# |! b' ]' c( Q
ip address 172.16.2.9 255.255.255.252; {: V$ \3 s% H6 C
ospf cost 100; G) |, I  C/ V( K; `  b# _
#- @! t. H6 Y1 s3 K4 K6 M
interface Ethernet2/0/1
* L$ I2 Q8 w8 ?& i description To_Yinlian
. R* e3 l2 h# A: |8 ^ ip address 145.234.132.154 255.255.255.252' \& u. C: C0 G- y- q) ]$ C# b6 I
#( O9 a. j% T9 t$ S, x1 g
interface Ethernet2/0/2& ]$ T$ l, L5 ~! @! R6 J
description To_S6506R_A(7/0/48)
2 p: |4 A1 A: J5 n/ F5 _! J  ~; e ip address 172.16.2.2 255.255.255.252
& O: S* A/ B& i: Y/ j3 f ospf cost 100                           
' u1 V& K! n4 q- Q1 Q- E; W, L#3 _" R" c" z8 X) E+ g+ Z# e& R
interface Ethernet2/0/35 M4 ^7 P1 P" G5 v3 M
description To-dudubao
6 R. m2 }* N& |  F, S5 L6 r, s; } ip address 60.12.194.14 255.255.255.240
5 c$ t: p6 }. d; `! O ipsec policy map1) l" O' M7 }' ~. c  ]3 Y
#9 o. D4 j; I' @0 f' K
interface Ethernet2/0/4" i3 A+ ~# I) E8 Z9 p6 S8 Y. h
#+ M$ a6 y& L! H+ |5 {$ k4 [$ C
interface Ethernet2/0/5
0 B! b- w) q& u% e#
2 U) S3 k, S2 D# ]" H1 x, ~interface Ethernet2/0/6
8 d0 w+ y8 l6 K$ n! e#
, S& q/ {- s; Q' _  A- G1 _interface Ethernet2/0/7' N  O" h# p3 g1 p  d% n5 V8 A
description To_Eudemon300-B_E2/0/72 f9 l! {6 D8 f1 S1 [. q$ d
ip address 172.16.2.201 255.255.255.248
: f4 M* f# a# {5 F  n vrrp vrid 1 virtual-ip 172.16.2.203
. v& k. C) A* ?# I" n- Y vrrp vrid 1 priority 150) T2 r' H* o, e! N0 D
vrrp vrid 1 preempt-mode timer delay 60
& X& G0 Y% E0 ~' l$ m% ~ vrrp vrid 2 virtual-ip 172.16.2.204
: s7 ?( f7 K$ i; [: }! x#
, c6 {5 }0 {+ t" }) X  l" {interface GigabitEthernet1/0/0- [, _( ^# F( r2 L# t) F6 @
shutdown                                 , N% k8 ^7 F8 n
#
! s' e9 e* ]" A0 M( f5 P+ M0 ginterface GigabitEthernet1/0/1/ e3 D- Q' O0 E0 d7 a) K  t
description To_S5624-B(1/0/25)
2 R( D3 g& N! Z( A5 c- Q$ w; h ip address 172.16.2.25 255.255.255.252
( V8 X, T6 V' d9 _& i ospf cost 500( C6 D( o" g' `2 T
## M' f# {9 o2 I: c0 O5 C4 L
interface NULL0& |  z& a7 \4 j
#
. f  B' f; O: m5 b7 u+ tinterface LoopBack0
+ N; U0 P4 K0 o: M$ y: E ip address 172.16.1.3 255.255.255.255
7 a! ^# i' O# x5 j" O2 t#
/ A' K2 J6 E0 `$ X9 u, {firewall zone local
5 [& Z9 j" c. K" K* @, r% h9 z set priority 100
6 g6 X; h7 R  [! u( ~% |#
( ]2 Q9 m4 V' e# y2 {; _; T4 k: ?firewall zone trust- g; \, l" w+ Z" h3 z, S" p) Q
set priority 85
0 O. n6 y! ?/ B* I  @! D detect ftp( _6 e5 w9 \* s9 {
add interface Ethernet2/0/2
6 ?) t0 P/ z! I# R: t3 e3 d#' U4 t3 x4 S+ t# ?# @$ ]4 C0 N
firewall zone untrust3 e4 i" M* L* W$ U% F' [5 S# [" L& h
set priority 5
* Y: b. F) L3 r; Q detect ftp                               ( r" X8 b. j, N3 \. W# Q
add interface GigabitEthernet1/0/1
: A) f1 [4 t2 N## K$ o; N& |) |" p5 U
firewall zone dmz
& n; V5 W- j. u2 ^3 S set priority 50
! }8 }4 t# R" x1 J add interface Ethernet2/0/03 o9 l) [- C' s3 A. o
#: D1 a! p" {0 u" F9 [7 L' O& j
firewall zone name hrp, j' l1 g' A) V0 Z1 @7 W
set priority 40
5 C0 ]6 K* r( M0 X& t add interface Ethernet2/0/7
6 d3 `5 _* b1 w. g' o#
4 O* J" W3 d+ ~' vfirewall zone name gprs: n8 _$ H. c: T1 |
set priority 49 C+ \3 }! f( [5 [, ^2 p- j. Q
detect ftp8 G, K8 F; i& M# c8 p2 Y8 k
add interface Ethernet2/0/1
. P  C, y8 ~. r* G! \/ q% j#
- M+ _/ n$ b- R5 [9 t* H2 kfirewall zone name dudubao) c  ^+ u) n" h; h
set priority 3
$ e! l$ w4 {4 l6 X9 D! v: A' y1 R detect ftp
1 c+ p5 |6 }+ X: @! v add interface Ethernet2/0/3+ j) z# C; d( `4 m
#6 s+ M; J9 X7 j6 ], G
firewall interzone local trust& S1 r3 l* }$ [( E6 g& g
#
! e; g1 p$ V& wfirewall interzone local untrust         
$ Q9 h0 y" \. W6 k$ J## v6 Z$ ]9 x0 H
firewall interzone local dmz
* v6 T5 w+ }& z2 D5 Q#, X% f' z) ?" N* L
firewall interzone local hrp% F) v; T& C/ V) ]* O1 t5 s! z
#$ L: o& B4 y$ k  d& }
firewall interzone local gprs8 B4 X; x$ n" z2 l
#% n) Y; g# i" N, f7 q
firewall interzone local dudubao" ]5 h6 g- t2 V# C
#5 d+ a$ S' D. N% T9 |
firewall interzone trust untrust
0 ]% @6 l! e* ]4 a( U packet-filter 3003 inbound* {0 n3 P( q6 n4 I* X) @0 y* u
detect ftp, n, L1 }5 M5 \$ R7 T) e
#9 W, s( W. I* B* s" |. X1 Z5 U
firewall interzone trust dmz, R% i% {9 a. X
#* N# V; Z. l1 C7 e
firewall interzone trust hrp
% B% b5 d5 _3 ]" u; D$ E#
. \- j. J  A; _# H8 Y9 n6 f9 Dfirewall interzone trust gprs
) Z, S( f% M. B nat outbound 2003 address-group 3
, w7 c1 s* n, x6 A8 V detect ftp
6 D; k9 l$ z$ v9 v- T, R* k#
/ [5 [0 g, u3 v! @2 O2 l+ Jfirewall interzone trust dudubao
2 k4 _+ f7 q6 T packet-filter 3005 inbound               ' F" _9 S4 l9 H4 ^. {
detect ftp% z) d" b; b8 ^% F) j2 {8 _: {
#
+ j3 o, F9 X  ~firewall interzone dmz untrust
" Q8 N% D4 S9 U1 E  ]9 `- _#
5 i" \! e6 V+ @* l8 x3 Zfirewall interzone hrp untrust, o& T/ [" Q4 {% @
#
: X. U# {1 B1 y1 b3 kfirewall interzone untrust gprs
, d& k% s% Q, B; z/ a#
8 E4 l4 R: T" N9 ~0 W. Ofirewall interzone untrust dudubao
9 v, P/ h7 D/ c  E) E8 Y#
1 W5 l& Y/ A4 O, Qfirewall interzone dmz hrp1 [* J7 s) Q& w2 d9 ]/ d0 E' R7 P
#
" R+ M. n# k2 m3 |1 j% Pfirewall interzone dmz gprs! `3 y8 v" V/ o5 F- U3 t
packet-filter 3002 inbound
# A5 Z6 |2 @: L; O nat outbound 2002 address-group 55 ]4 S- B2 u3 a" x1 h9 Y
detect ftp
/ B% B; U2 U/ V- \, F! l#
& c+ G; p  q* O7 W2 Tfirewall interzone dmz dudubao* }7 v# ~8 b" l. Q% A. S
packet-filter 3006 outbound- D$ q; T3 Y, X! t% m+ T! K- B
#
& s0 n& p5 O* d- B: g' pfirewall interzone hrp gprs
: a* U5 L. M5 E; T4 v+ C#+ Z- Z& d1 b# t, [0 S3 k
firewall interzone hrp dudubao            
$ D: V- b+ u2 p  m( m2 i: g1 E#
7 I& A1 G: e4 K! {8 g& Rfirewall interzone gprs dudubao
9 `  S7 ^: t. ?2 ~#) n2 n7 z/ f5 @# f9 C0 J: y6 o9 T: B
vrrp group 1" c, I) O- a3 q8 ~8 h& h
add interface Ethernet2/0/7 vrrp vrid 1 data2 r2 p- r1 t5 j" N
vrrp-group enable
4 F2 }# e' y2 l5 B! x vrrp-group priority 105
5 T; M+ S1 ?. E. N' m vrrp-group preempt delay 60' y% \! S* D, C# A$ n5 M: J
undo vrrp-group group-send
8 D0 h% C' k* c" h1 R3 G3 Nvrrp group 27 ~6 d, D- c) o
add interface Ethernet2/0/7 vrrp vrid 2 data" F4 w2 X4 {4 t3 I& j
vrrp-group enable5 o' I+ Z6 I7 ^+ _+ a% H& p' M* q
undo vrrp-group preempt
; U% u  `5 Y- k, Z' r0 W( K( D% e undo vrrp-group group-send5 [0 ]7 X" ^  n* A( A
#
3 h; p# J/ U0 X2 a" Laaa
0 b& P( @5 Y) a. S8 r local-user huawei password cipher 1_`%CO&$8@7&quot;+C5`;6XL!!!9 z- {5 A2 t) A( K4 }
local-user huawei service-type terminal telnet ssh  e2 c; h4 u9 h' x
local-user huawei level 14 d: ?* _. f% n4 t! k6 ]
authentication-scheme default
& b1 b1 U# h, {, Y1 [- z5 H9 i#
3 R* P' [4 c" W$ G3 M2 T+ l  N: ? authorization-scheme default
  E* d; V/ _5 {5 i#                                         / b6 b( q& I- z( A- `
accounting-scheme default
/ G- y4 v+ F! K5 [#0 S: h& E' [: @: }
domain default. Q9 z% ~$ X4 M
#- I/ ?* s1 a8 r0 X- Z1 R
#7 h; {. R1 N) e" }
ospf 1
" @) _& N- D, N3 I import-route static' w# E' U' A( `8 L- u
area 0.0.0.0
7 Z, N9 b# d$ r. Z* ^+ K  network 172.16.1.3 0.0.0.0
$ h; n3 Q0 H: f/ C" _: P3 I% j; H  network 172.16.2.0 0.0.0.3
8 r/ R2 Q8 o( w- m  network 172.16.2.8 0.0.0.3
0 H* b+ b# j9 I) V0 ]  network 172.16.2.24 0.0.0.3
9 X1 t1 d; [5 L. E% F3 d#
" I1 Q- Y8 m# \, |  }& o ip route-static 9.234.21.0 255.255.255.0 145.234.132.153
. O: Y4 a( N# N0 U! Z& G ip route-static 10.0.1.0 255.255.255.0 60.12.194.1290 d* M& ~* m" t  G$ f
ip route-static 61.14.10.218 255.255.255.255 60.12.194.129
' H. }% Y# ~+ p. k; d ip route-static 119.57.5.0 255.255.255.0 60.12.194.129
5 d4 ]. ]9 y/ n8 q$ c2 J ip route-static 172.15.10.4 255.255.255.255 172.16.2.1% W% K; j# T* D8 d) i6 A( [- M
ip route-static 221.136.75.25 255.255.255.255 60.12.194.129
+ W' K1 W* F+ B  b& |#
4 o# _' y  ~5 v" g* q& ]" M- m snmp-agent
! p8 p6 f. g5 `0 T- p2 y. c snmp-agent local-engineid 000007DB7F00000100001BEE9 H3 K  }. o: {: N  W
snmp-agent community read  nbcardro      
5 k# P( y8 I( Z2 _- v7 A snmp-agent sys-info version all
3 V: O5 A& |7 V" r! `( h# e#
, G2 d  F' T( t, G: m ssh server timeout 30
: n6 l" a* t1 L1 Q% o+ K3 b0 d* p ssh server rekey-interval 24: V/ |! q/ Q) U9 r
ssh user huawei authentication-type password
. k/ s3 ]8 w( W$ j2 v4 A#+ m2 s/ t) N0 @6 m( E. p
user-interface con 02 z! _# P3 `# I6 [8 I3 |
authentication-mode aaa
; ]' T. j7 s2 W! f& R& |user-interface aux 0& ?. s6 [5 C, H4 y- I3 ]& `' b
authentication-mode none
# Y4 @5 Z. g1 q$ S  i, Puser-interface vty 0 4
& A" I' R9 Z2 t acl 2000 inbound
- p9 @1 _2 F1 q authentication-mode aaa
- q: ~" a7 c0 q4 C7 z8 | idle-timeout 5 0
. w0 S$ p% x$ a; o. s9 b1 q#
/ Y# l& Y' ~% Z6 {return

2000人 活跃的 IT技术 & CCNA/CCNP 题库/战报/备考交流QQ群 2258097
回复 支持 反对

使用道具 举报

honey8064 [Lv8 技术精悍] 发表于 2013-6-19 06:24:03 | 显示全部楼层
帮看看
回复 支持 反对

使用道具 举报

bumingxin [Lv4 初露锋芒] 发表于 2013-6-19 07:29:47 | 显示全部楼层
帮看看172.16.12.71到达60.12.194.140的路由有什么问题?
回复 支持 反对

使用道具 举报

xsdlng [Lv4 初露锋芒] 发表于 2013-6-19 07:31:32 | 显示全部楼层
sh crypto ipsec sa detail
9 b( Y& T5 q  x3 {. h. B$ K8 v% }$ x, X0 m& n4 n4 p
Crypto map tag: mymap, seq num: 20, local addr: 119.57.5.5. B9 c9 C- b2 ~+ ?

( Z: q: a! g  l/ w' ]8 N# `- _      access-list outside_20_cryptomap permit ip host 10.0.1.17 172.16.12.0 255.255.255.0 ; G* i  A/ r* v3 U6 P8 s
      local ident (addr/mask/prot/port): (10.0.1.17/255.255.255.255/0/0); x" W1 k: k& c& y) l
      remote ident (addr/mask/prot/port): (172.16.12.0/255.255.255.0/0/0)! \7 }& j: L5 r: D5 n
      current_peer: 60.12.194.14
. z+ c# @# B& j  I# b& @2 D/ J              , x- n" m! S! \- d3 s) q
      #pkts encaps: 18, #pkts encrypt: 18, #pkts digest: 187 @( _* Z2 v0 q2 C( \1 B) u
      #pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0      #pkts compressed: 0, #pkts decompressed: 0
# K& v3 k% K' Q* s) Y, }" ]  z      #pkts not compressed: 18, #pkts comp failed: 0, #pkts decomp failed: 0" ?2 C, [. A$ ~: v# y3 ]+ a' \
      #pkts no sa (send): 0, #pkts invalid sa (rcv): 0! p# F( t& V" V" c3 w. K) F
      #pkts encaps failed (send): 0, #pkts decaps failed (rcv): 0
# |: Z1 O1 D# F: I% _6 n      #pkts invalid prot (rcv): 0, #pkts verify failed: 0) S; Y1 M8 M" q
      #pkts invalid identity (rcv): 0, #pkts invalid len (rcv): 09 Q5 a  b8 U6 k& V7 i5 s+ o
      #pkts replay rollover (send): 0, #pkts replay rollover (rcv): 0
( E+ V: ^  ]" C, l  I! ]$ l' B2 ]      #pkts replay failed (rcv): 0. ~1 H, h$ i( }: v, ?' z/ m- r/ N
      #pkts min mtu frag failed (send): 0, #pkts bad frag offset (rcv): 0
* e) Y9 w& I1 J1 P3 ]8 G4 R) t      #pkts internal err (send): 0, #pkts internal err (rcv): 0) H2 X" Q) S# @

" i, }  |) M& @' s% `5 d      local crypto endpt.: 119.57.5.5, remote crypto endpt.: 60.12.194.14' L# h9 o% U: ^

+ m$ o3 ~& j6 {6 M4 S6 n% l: O      path mtu 1500, ipsec overhead 58, media mtu 1500* l% s% a7 K, p$ o4 Q! x8 }! a
      current outbound spi: ED424D37
" p  @  r' I7 Z+ U; l
, `" R( z6 e) M" r2 H    inbound esp sas:
6 R+ T/ n' }# h' e- |( H: \+ {      spi: 0xFE26B574 (4263949684)
, a, a7 A% D, A1 ^' C) @         transform: esp-des esp-md5-hmac none 4 R+ R$ ^+ n2 E, `; G) O
         in use settings ={L2L, Tunnel, PFS Group 2, }
6 O% e6 k1 b3 l5 `$ B) Z         slot: 0, conn_id: 26, crypto-map: mymap
6 X+ X1 {  U% _" g8 m$ _7 G# x         sa timing: remaining key lifetime (kB/sec): (1710000/3582)
# U% \9 I" G& C) D' ^* Q% F# T         IV size: 8 bytes
9 B0 @6 G3 M5 y3 D% ]$ z  @! M, |         replay detection support: Y! x4 n! n. g1 r6 }7 }
    outbound esp sas:2 ?' y. b: i0 W6 ]7 v' M
      spi: 0xED424D37 (3980545335)
* ~! }3 J9 U& M         transform: esp-des esp-md5-hmac none
% I9 j! F, m2 G2 I4 P% m         in use settings ={L2L, Tunnel, PFS Group 2, }
$ c! P" h; b& Q: L2 ?1 F         slot: 0, conn_id: 26, crypto-map: mymap% t; ]1 ]0 p# y+ z
         sa timing: remaining key lifetime (kB/sec): (1709998/3580): v( t; t* w9 v( B5 x9 k1 Q
         IV size: 8 bytes( i+ A# Z8 _3 B4 G
         replay detection support: Y
回复 支持 反对

使用道具 举报

mjf1125 [Lv8 技术精悍] 发表于 2014-3-22 20:49:39 | 显示全部楼层
真是 收益 匪浅
回复 支持 反对

使用道具 举报

isslee [Lv8 技术精悍] 发表于 2014-3-25 13:12:46 | 显示全部楼层
看帖回帖是美德!:lol
回复 支持 反对

使用道具 举报

润土 [Lv8 技术精悍] 发表于 2014-3-26 10:05:32 | 显示全部楼层
这是什么东东啊
回复 支持 反对

使用道具 举报

该用户不存在 [VIP@钻石] 发表于 2014-3-26 12:04:40 | 显示全部楼层
我抢、我抢、我抢沙发~
回复 支持 反对

使用道具 举报

dtdonald [Lv8 技术精悍] 发表于 2014-3-26 22:35:41 | 显示全部楼层
好好 学习了 确实不错
回复 支持 反对

使用道具 举报

下一页 »
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

QQ|无图浏览|手机版|网站地图|攻城狮论坛

GMT+8, 2025-6-15 09:30 , Processed in 0.112165 second(s), 10 queries , Gzip On, MemCache On.

Powered by Discuz! X3.4 © 2001-2013 Comsenz Inc.

Designed by ARTERY.cn