本站已运行

攻城狮论坛

搜索
立即注册用户登录
123456下一页
返回列表 发新帖
作者: 当当
查看: 5216|回复: 58

more +今日重磅推荐Recommend No.1

所有IT类厂商认证考试题库下载所有IT类厂商认证考试题库下载

more +随机图赏Gallery

【新盟教育】2023最新华为HCIA全套视频合集【网工基础全覆盖】---国sir公开课合集【新盟教育】2023最新华为HCIA全套视频合集【网工基础全覆盖】---国sir公开课合集
【新盟教育】网工小白必看的!2023最新版华为认证HCIA Datacom零基础全套实战课【新盟教育】网工小白必看的!2023最新版华为认证HCIA Datacom零基础全套实战课
原创_超融合自动化运维工具cvTools原创_超融合自动化运维工具cvTools
重量级~~30多套JAVA就业班全套 视频教程(请尽快下载,链接失效后不补)重量级~~30多套JAVA就业班全套 视频教程(请尽快下载,链接失效后不补)
链接已失效【超过几百G】EVE 国内和国外镜像 全有了 百度群分享链接已失效【超过几百G】EVE 国内和国外镜像 全有了 百度群分享
某linux大佬,积累多年的电子书(约300本)某linux大佬,积累多年的电子书(约300本)
乾颐堂现任明教教主Python完整版乾颐堂现任明教教主Python完整版
乾颐堂 教主技术进化论 2018-2019年 最新31-50期合集视频(各种最新技术杂谈视频)乾颐堂 教主技术进化论 2018-2019年 最新31-50期合集视频(各种最新技术杂谈视频)
Python学习视频 0起点视频 入门到项目实战篇 Python3.5.2视频教程 共847集 能学102天Python学习视频 0起点视频 入门到项目实战篇 Python3.5.2视频教程 共847集 能学102天
约21套Python视频合集 核心基础视频教程(共310G,已压缩)约21套Python视频合集 核心基础视频教程(共310G,已压缩)
最新20180811录制 IT爱好者-清风羽毛 - 网络安全IPSec VPN实验指南视频教程最新20180811录制 IT爱好者-清风羽毛 - 网络安全IPSec VPN实验指南视频教程
最新20180807录制EVE开机自启动虚拟路由器并桥接物理网卡充当思科路由器最新20180807录制EVE开机自启动虚拟路由器并桥接物理网卡充当思科路由器

[安全] 请求帮助:思科ASA 5520和华为eudemon 300建立L2L vpn不通

  [复制链接]
peinile [Lv4 初露锋芒] 发表于 2013-6-19 04:37:41 | 显示全部楼层
开通VIP 免金币+免回帖+批量下载+无广告
如何确认ipsec sa建立起来了?
CCNA考试 官方正规报名 仅需1500元
回复 支持 反对

使用道具 举报

gyf200311 [Lv5 不断成长] 发表于 2013-6-19 05:33:34 | 显示全部楼层
这是华为的配置:: r% m2 f- e- X- q( m5 I
#' J4 y0 `, r( O- t+ e+ I1 P
acl number 2000! K- v# S4 Y- x$ _+ B$ m+ B
rule 0 permit source 172.16.14.1 0! r0 c; ?3 S0 R% H* W& E
rule 1 permit source 172.16.1.0 0.0.0.255
! F1 w# T) {- t$ x rule 3 permit source 172.16.2.1 06 g) d/ b  G; V+ S% Y( O- P
rule 4 permit source 172.16.2.13 0: w! n1 h; W+ O' `' W5 W
rule 5 permit source 172.16.10.0 0.0.0.255
0 u) `% v( t" s( c" L0 E) { rule 6 permit source 172.16.16.2 0
  D5 u7 ]/ n. G6 q rule 7 permit source 172.16.2.2 0( N% [: H& |  w$ J
rule 8 permit source 172.16.14.50 0
' R7 o0 d: G( v0 B6 w7 Y7 w% ] rule 10 deny" f0 w! M- c( |2 [1 I0 s$ S
acl number 2001
  B7 T! E. F+ y rule 0 permit source 172.16.12.51 08 s, C5 o, M7 `% p% H& A3 U
rule 5 deny2 f/ @: f+ \' @3 U9 L" C' W- V
acl number 2002
6 @# _1 p4 k5 F' O1 I7 ] rule 0 permit source 172.16.12.61 0
& A1 y6 ?/ m. M# U5 I rule 5 deny
7 w! e# }3 n" \( A1 \, sacl number 2003, q8 |. \& t5 K6 J" [
rule 0 permit source 172.15.10.4 02 E$ P" W4 Z" v0 v) W% J* p! t
rule 5 deny
1 @" S2 y) k; k3 L  W#7 D' E, O7 A* ], Y' C
acl number 3000! o/ m- U5 S. U: m
description dmz-trust
' ^; R+ Y& e: A( m9 W7 L rule 0 permit tcp source 172.16.12.61 0 destination 172.16.10.71 0 destination-port eq 4008% p" K, o# `/ x7 p8 q
rule 1 permit tcp source 172.16.12.61 0 destination 172.16.10.71 0 destination-port eq 8898) B, p) P- ]" y& T  W6 ^6 Q2 K, U. q$ {
rule 2 permit tcp source 172.16.12.61 0 destination 172.16.10.71 0 destination-port eq 8868% v1 n2 ~2 J9 j/ ]6 m5 ?+ Z
rule 3 permit tcp source 172.16.12.61 0 destination 172.16.10.71 0 destination-port eq 8858+ z' v3 Z  Z3 k" w2 c9 A& ^
rule 4 permit tcp source 172.16.12.61 0 destination 172.16.14.155 0 destination-port eq 40086 |' t7 G3 A( c: Y; n$ U( R
rule 5 permit tcp source 172.16.12.61 0 destination 172.16.14.155 0 destination-port eq 8898
) D$ G& w6 E% @2 \' d( J rule 6 permit tcp source 172.16.12.61 0 destination 172.16.14.155 0 destination-port eq 8868+ `- M+ K6 ]" D; o8 o# n* }
rule 7 permit tcp source 172.16.12.61 0 destination 172.16.14.155 0 destination-port eq 8858
6 f) w2 M  k& ^! Y) o7 G3 _% v- i4 } rule 8 permit tcp source 172.16.12.51 0 destination 172.16.10.71 0 destination-port eq 40034 s) X- f9 G' b- M+ v7 ^
rule 9 permit tcp source 172.16.12.61 0 destination 172.16.10.71 0 destination-port eq ftp
" g. p# _# f; d. x- u: ? rule 10 permit tcp source 172.16.12.61 0 destination 172.16.10.51 0 destination-port eq ftp" V4 |! a* ~$ [& Q; a" N% |
rule 11 permit tcp source 172.16.12.61 0 destination 172.16.14.155 0 destination-port eq ftp0 b. N  u6 E% R# V
rule 12 permit tcp source 172.16.12.51 0 destination 172.16.14.155 0 destination-port eq ftp: i3 V. t3 l" ?" c! H! g- I- p1 D9 p
rule 13 permit tcp source 172.16.12.51 0 destination 172.16.10.71 0 destination-port eq ftp
# X8 b9 p. j, Y" S# X, G' e# F" u$ [ rule 14 permit tcp source 172.16.12.51 0 destination 172.16.10.51 0 destination-port eq ftp; W  B! u; |& D" a
rule 15 permit tcp source 172.16.12.51 0 destination 172.16.14.155 0 destination-port eq 4003/ g2 X5 E+ W' i; o6 C  @
rule 16 permit ospf
- J1 i1 G1 Q, m! Y/ B5 e rule 17 permit tcp source 172.16.12.51 0 destination 172.16.10.101 0 destination-port eq 8
# [$ n& s$ j- y. h/ N rule 18 deny tcp
* B! z. L# p6 G( E5 {* J: L' vacl number 30013 X+ Q4 f2 i" |' s6 ?; F
description For Untrust-dmz
0 O: t* v5 T: I rule 0 permit tcp source 172.16.20.0 0.0.0.255 destination 172.16.12.51 0 destination-port eq 5000: z2 y) w% j0 E
rule 5 permit icmp1 R: G4 M8 ?/ q( x) [
rule 10 permit ospf                     
9 m1 z3 {! f  k( m9 M# j' O/ t, j" ?* v/ U rule 15 deny tcp source 172.16.20.0 0.0.0.2551 v2 I5 L) q3 @' e4 W1 O6 i
acl number 3002
: o: x* T$ E4 f9 q- N5 C7 ^; h description To_Yinlian, y/ N! ]+ R7 F" C
rule 0 permit ip source 9.234.21.63 0 destination 144.234.97.33 0
$ f- L4 _5 N. w# o6 c4 K; f5 M rule 5 permit ip source 9.234.21.64 0 destination 144.234.97.33 01 Y5 {' {' {5 u
rule 10 permit ip source 9.234.21.66 0 destination 144.234.97.33 01 A# S7 m3 N  ?9 Z/ x) L( V# O
rule 15 deny ip
9 Y5 E. L( [6 \/ b7 vacl number 3003
! Y  s( V* D5 I$ @ description for Untrust-Trust
) U: {9 z# Q; @1 K. K9 t$ ] rule 0 permit ip source 10.78.72.70 0 destination 172.15.10.4 08 Q+ V( j6 j; q5 c) e) }
rule 1 permit ip source 172.16.2.26 0 destination 172.16.10.111 0& u* t9 S; r. S4 a
rule 2 permit ip source 172.16.2.26 0 destination 172.16.14.1 0
4 N4 k8 D$ y: Z/ z* ~7 Y' \$ u: Y8 k3 Z rule 3 permit ip source 10.78.72.153 0 destination 172.15.10.4 0
+ q  e3 l4 @. j, B  H0 O% D rule 4 permit ip source 10.78.72.157 0 destination 172.15.10.4 02 t, t  v9 w: C2 f
rule 5 permit ip source 192.168.100.43 0 destination 172.15.10.4 07 Y& ^% L. X2 N0 J
rule 6 permit ip source 10.16.2.7 0 destination 172.15.10.4 0
, T. F. j4 l/ ?3 l2 \5 }/ t3 H rule 7 permit ip source 10.16.2.5 0 destination 172.15.10.4 0
2 b# f9 p) D2 ~; t' M/ Y rule 8 permit ip source 10.16.2.6 0 destination 172.15.10.4 0
1 Z% l, q0 [8 b, r9 e/ l rule 9 permit ip source 10.16.2.8 0 destination 172.15.10.4 03 W) \0 {7 r8 p
rule 11 permit ip source 10.139.25.26 0 destination 172.15.10.4 0
9 r& h, s1 y$ W, X% } rule 13 permit ip source 10.143.10.183 0 destination 172.15.10.4 0( o: a) U- q3 y: K+ U
rule 50 deny ip
4 v) ]$ {& J4 L1 U2 \& P4 yacl number 3004                           / W) J0 W$ ^6 _$ [0 ^9 @* N
rule 0 permit ip source 172.16.1.7 0 destination 172.16.10.111 0
: [5 E$ k/ I8 u& |  ]acl number 3005
2 v& [  H+ T3 ^1 Q, u" q description TO_dudubao
) ?* [2 V" K  Y# P2 N- ? rule 0 permit tcp destination 172.15.10.4 0 destination-port eq 6868
/ [) e7 {- x8 h. ] rule 1 permit tcp destination 172.15.10.4 0 destination-port eq ftp-data& |$ @: \' j5 G3 Y: ]) g1 Y
rule 2 permit tcp destination 172.15.10.4 0 destination-port eq ftp
( P6 L9 [' E* @' Dacl number 30068 ], C+ v+ g- K
rule 0 permit ip source 172.16.12.0 0.0.0.255 destination 10.0.1.0 0.0.0.2555 ^  r0 p% i6 r/ T+ w3 G
acl number 30070 h# N/ x, \, F0 l
rule 0 deny ip source 172.16.12.0 0.0.0.255 destination 10.0.1.0 0.0.0.255* ~5 r, y8 U, l' P4 I
rule 1 permit ip source 172.16.12.0 0.0.0.2557 t5 A$ }* D0 H# F
#
. K. ?3 t$ Z: R% h5 t: { sysname NB_Eudemon300-A
! n, i7 J& b+ z8 J' {#2 H+ Z: C. \6 O1 A/ c" D' j, e
super password level 3 cipher '._1D9P1YCQ=^Q`MAF4<1!!
  v2 f: m" m3 ~! ~#0 D: r' R- f/ S/ n9 A- b  s& F4 z
info-center loghost 172.16.10.192+ z4 F7 o" L/ q) m8 i
info-center loghost 172.16.10.1119 R( f4 x. N) `- ~" c
#
. g& Z1 P3 L1 \& m# X hrp enable. m7 g/ ?$ O, l% z
hrp interface Ethernet2/0/7
9 U# K1 s! [2 t6 Y#  K& v3 k  x+ j4 Q( y+ O
router id 172.16.1.3                     
4 ^9 y& F2 u. l7 p3 Y$ K+ A# g#
- g- d% ~! l' T2 o# d0 d4 G1 j. P+ c firewall packet-filter default permit interzone local trust direction inbound' R$ P' [' l: o8 C( O$ v7 b
firewall packet-filter default permit interzone local trust direction outbound
; ~. e$ R# M8 J5 B firewall packet-filter default permit interzone local untrust direction inbound
) ?9 I* Z4 d- t% t7 l7 k firewall packet-filter default permit interzone local untrust direction outbound- ~4 U- i. V+ H3 M5 _9 F; D& H
firewall packet-filter default permit interzone local dmz direction inbound( P; E+ I1 S+ B% g- x1 v
firewall packet-filter default permit interzone local dmz direction outbound6 J: P6 q  V$ {. c3 s' w' z' Q5 v
firewall packet-filter default permit interzone local hrp direction inbound
' u3 a1 c: z% S firewall packet-filter default permit interzone local hrp direction outbound
, v9 Z6 f3 i* Z9 `# A firewall packet-filter default permit interzone local gprs direction inbound
9 c) r5 R' K8 ~2 S* l2 ~: M$ R firewall packet-filter default permit interzone local gprs direction outbound- i9 }3 \! S& ?( a& m
firewall packet-filter default permit interzone local dudubao direction inbound' O9 j3 c# Y" v3 N9 E0 ^2 Q
firewall packet-filter default permit interzone local dudubao direction outbound1 C. C: T0 r* \9 X. l6 m5 P  ?
firewall packet-filter default permit interzone trust untrust direction outbound
, b. I4 B' x& E4 M+ Y7 ` firewall packet-filter default permit interzone trust dmz direction inbound% G, m6 d( @4 i1 v
firewall packet-filter default permit interzone trust dmz direction outbound
$ t( D' d# ^3 d8 g firewall packet-filter default permit interzone trust gprs direction inbound' `$ l6 F" z* u1 ^
firewall packet-filter default permit interzone trust gprs direction outbound
  e' P% ]) _; G5 S1 I+ f4 J# i firewall packet-filter default permit interzone trust dudubao direction inbound6 |8 k  M2 F8 A& r
firewall packet-filter default permit interzone trust dudubao direction outbound
  n6 f, n3 f, `: s& k$ U firewall packet-filter default permit interzone dmz untrust direction inbound4 t% x& Z0 S, m$ Z4 X
firewall packet-filter default permit interzone dmz untrust direction outbound
- b  P1 D3 H, x/ S firewall packet-filter default permit interzone dmz gprs direction inbound
3 g" R- t' a" p firewall packet-filter default permit interzone dmz gprs direction outbound. D2 Y* R! b6 \  H% [: e
firewall packet-filter default permit interzone dmz dudubao direction inbound6 A! J8 `* H3 e- o5 `
firewall packet-filter default permit interzone dmz dudubao direction outbound
  M( c) g$ k% g4 V  r* M( h3 H#
. W6 N/ _: }3 R+ @& V7 Y: R nat address-group 3 145.234.97.33 145.234.97.33
+ L% x. n2 L4 I" t/ K nat address-group 5 144.234.97.33 144.234.97.33
$ o/ ]! |7 k% ^$ {5 `" M nat server zone gprs  global 144.234.97.33 inside 172.16.12.61  ^* _4 O0 \6 K- K3 q
#
6 f3 O. [( N! q, E bypass switch-back auto0 r6 Y, a. j3 T2 w2 f/ W* M5 f
#6 b' J7 l( i- W7 [: }* _- ?" _
firewall mode route
" |( _$ _, `3 M' c#
3 [% l, d! `( `/ j" o2 K firewall defend ip-spoofing enable
, n5 ~* }" O! f firewall defend land enable
# n1 t. Y( p+ o: x3 v0 w firewall defend smurf enable
% T9 N: ]6 S* P  m( s firewall defend fraggle enable
3 t' @! S7 f4 F; Y( h; H5 l firewall defend winnuke enable' O, V" O* V: A  I# z
firewall defend syn-flood enable9 M, S5 r3 a2 l- T
firewall defend udp-flood enable
. U/ ?' Z" D( V% R$ {6 r firewall defend icmp-redirect enable0 x5 A/ r! Q5 E1 v
firewall defend icmp-unreachable enable
1 v3 b7 O& p4 u$ u  e, T& D( c firewall defend ip-sweep enable          7 T0 p7 L5 i, R
firewall defend port-scan enable
# W* Z7 z, `7 z# D, z firewall defend route-record enable4 Y8 `2 O; ~# n, o- F
firewall defend ping-of-death enable5 x- u' @* M7 r
firewall defend teardrop enable
. p" I' ^( d* L& `, y: A firewall defend tcp-flag enable4 e9 C! K& o7 n0 a% \! V# [8 u6 [
firewall defend large-icmp enable3 \- e( B& K9 R( z
#
. {2 M. o: _1 O( o& H6 S3 \) u3 i) s firewall statistic system enable! v5 y' Y3 U- g. e
#
( _* q" R: h" C4 t+ ?( iike proposal 1, z4 N* s, |6 c; i
#
, o$ s9 W2 N8 q* [8 q) M# j0 ^ike peer a) Q9 C1 g/ K, L1 |
pre-shared-key cnnbtk$ z% ~( Q1 k6 S4 ^
ike-proposal 11 ?2 T0 n& e. y% M% J8 r; J, L4 `
remote-address 119.57.5.5) [4 r5 ~) _% J. ]& M0 M8 P
#
" Y6 w. u) U7 ~ipsec proposal tran1
! j8 h( K+ T$ h/ R- L7 E6 N#
7 B0 d- U4 `& S  b! Uipsec policy map1 1 isakmp
4 q2 u) b- R. i4 l3 k$ n security acl 3006
0 N; A4 ?: v( ?) m pfs dh-group2
* z( h# K% `6 J ike-peer a8 r( a; ]& b/ s, L
proposal tran1                           9 X/ V, J6 X- ~6 J
local-address 60.12.194.14
% i1 t) T' _4 X& ^5 k#
5 \: _0 o: G# linterface Aux0
1 f& g1 t6 r1 r/ O& W; r' u async mode flow$ n4 h% H+ \: H" e
link-protocol ppp2 K! P0 |: [  b* h
#' G- Q5 P+ [+ Y2 {8 Y* q
interface Ethernet0/0/0  N8 \6 Q. T. S0 E" r2 W
#  k0 `4 w& |  t8 a/ S4 e$ D- Q
interface Ethernet0/0/1
! x0 ^% _- z5 c( m( M#' E6 Q7 @& K( g) \6 n
interface Ethernet2/0/0) j) C# ]3 _" |6 Y: W6 B" s. N* P9 r
description To_S5624-A(1/0/24)4 s; u7 C6 |) m  Z$ \
ip address 172.16.2.9 255.255.255.252) e  A" O0 q/ q. j# v% m9 C# k
ospf cost 100
" `, Y# O' m( `- a6 {+ f#
% R; W2 Z3 H4 V( V* ^% {% }- Zinterface Ethernet2/0/1  |7 \' x# w; A' l( q$ a8 l
description To_Yinlian; s: \( V  b$ {1 p1 }* Q' f0 s
ip address 145.234.132.154 255.255.255.252
9 W, r: a3 m* |$ z9 u9 ^0 A5 [#* Q* n- A; D8 O! T- M5 `; J$ D  |
interface Ethernet2/0/29 i( u2 ?% S6 V1 ?
description To_S6506R_A(7/0/48)
3 ^* x  I0 G/ j0 m/ q" [: t' F ip address 172.16.2.2 255.255.255.252
. C+ e  A: F9 ~ ospf cost 100                           
  `  y5 }2 u1 T$ r#
8 m2 h" a' F* z) b% M% vinterface Ethernet2/0/3# I* V6 ~5 k+ p/ Y6 e4 x) ~
description To-dudubao7 E7 f; U0 b, Z) d7 m4 ^$ Z
ip address 60.12.194.14 255.255.255.240
: m# q$ W" B' D, X/ m& l" q" J ipsec policy map1
# n1 ^% L$ b( [5 Y* ]. a#
# a8 F% X5 q/ ~( Cinterface Ethernet2/0/45 s, C! k5 _0 H% l, o
#3 }) a8 i1 Y2 `$ f
interface Ethernet2/0/5
6 q+ p& `; g$ |' M4 K& G, }#
+ Y# o1 A( A- u9 T3 Rinterface Ethernet2/0/6
* g( \2 s* G  C; E- e! r$ {4 f#) `: p% Y* D) u6 h
interface Ethernet2/0/7
: ?) ?- X2 R  u2 d/ |* j' S, G description To_Eudemon300-B_E2/0/7! @5 Y3 u2 x+ J4 s
ip address 172.16.2.201 255.255.255.248
8 F4 G( j" i$ L! S0 L% }) r vrrp vrid 1 virtual-ip 172.16.2.2036 l3 j+ b/ C+ l5 ^; k* F: N
vrrp vrid 1 priority 150
9 |) [/ A  X# Y1 j vrrp vrid 1 preempt-mode timer delay 606 n* c  y- {3 V
vrrp vrid 2 virtual-ip 172.16.2.204
3 V: L* O) C& S6 C. k$ Z5 A) w3 L#; ~( L5 O8 O9 J
interface GigabitEthernet1/0/0( g6 q+ V/ e* c% b5 }: G
shutdown                                 6 u: ?$ l) [. A6 C( D2 E
#3 u# K( ?1 ~/ A0 }
interface GigabitEthernet1/0/1
, D/ c& W% F7 B: x6 y: G  D8 q description To_S5624-B(1/0/25)) s* a* a! A# F; B
ip address 172.16.2.25 255.255.255.252/ b5 p8 w) w5 s/ \# @( i( F
ospf cost 5007 j6 e, |+ n9 n- z" w
#
- }& U  F9 K' x  i& P! Ninterface NULL0
8 _: i4 O7 u. @! ?#
" p6 W* b( d5 ?, |- l; \3 C8 E) tinterface LoopBack08 ^7 }2 Q8 G; ~3 |4 m
ip address 172.16.1.3 255.255.255.255
5 ^( A- z; a# v/ [* s0 K- \6 M, i1 p#/ e  u8 E* \2 d+ q
firewall zone local
+ w7 j7 l: f) V  S6 m set priority 100
, |9 {* b2 E& L. C6 M# C#" i0 F% ?: ?5 t6 o, i3 q4 i
firewall zone trust3 N& P9 k3 d( J- h6 l7 e
set priority 858 A- l2 p+ j3 Y9 e( G5 y# p) m7 f! x
detect ftp
# Z/ _2 c/ @# i6 X8 ? add interface Ethernet2/0/2
/ n# _6 A) b+ {) `1 N- [#" ]4 _# Q! O( h- R( [
firewall zone untrust
: z1 _: r4 K/ O4 }7 E) ` set priority 5) f0 U* W8 b( I8 a4 n* Q0 V
detect ftp                              
% ]' S. v; \* H0 @1 Z add interface GigabitEthernet1/0/1$ q) {+ N' o/ L0 T0 ^/ W) V# x
#! v* w2 _5 {. C: ^) l4 C- G# e, M. \
firewall zone dmz0 u" U8 j1 o! u# u2 \" |0 N0 B
set priority 50; t" D$ \# D' V. x$ i3 @
add interface Ethernet2/0/0
, W9 e+ S' Q' B#
- j) Z( o4 q4 W- `. vfirewall zone name hrp$ ^$ o$ P% U" D" r& R7 @+ D+ [
set priority 40
# }) E! y& m% T! k' _' }5 o add interface Ethernet2/0/7+ s" w" C) {# J/ ^8 [5 O
#
, W  W4 A  d, O6 ]+ bfirewall zone name gprs
  ~5 j! |3 G- x set priority 4
7 |1 E3 k3 }8 |  g) ? detect ftp4 G  V& Y- a: M1 s7 s! v
add interface Ethernet2/0/1: w  ?) O( a2 P+ _' z
#
' }4 k" S4 J) l  h: o! k. Y/ Z' Lfirewall zone name dudubao
  c; I- t! T7 ^0 d4 b. W0 k set priority 3" V, J! ^2 j9 T$ {% u3 }, E" A
detect ftp, v% K4 p$ g% r  g* Q; W+ h
add interface Ethernet2/0/34 J' b8 \* z  T0 t7 H0 ^
#. |4 K. @( q) Q( H6 e. T7 n
firewall interzone local trust, v! `* [; f9 s) @8 _3 |: h
#
8 D; ]5 V( Y& E. Zfirewall interzone local untrust          ; D7 |5 Q+ p7 j$ d5 S2 {2 H
#
7 K- t9 g$ t4 D( cfirewall interzone local dmz
/ U5 q0 c. @3 w#) [( v( m/ h. T5 O" p# |$ G) u6 b* P
firewall interzone local hrp( _+ R+ K) _/ m8 _
#
1 K/ o( m' A; p9 {9 t) }4 f( Mfirewall interzone local gprs
+ Z# E% p1 a" \1 K  P0 N$ e& m3 U#
* e" T$ x) K8 k& S  Jfirewall interzone local dudubao  H! @1 B1 ], P3 _8 Q/ T6 q
#* x: b, p4 ]" Y- w; \9 H, o
firewall interzone trust untrust- O' n! d% Z+ o# Y0 f3 w3 P; t0 h4 }4 n
packet-filter 3003 inbound1 Z. [9 E, R5 T* b
detect ftp
8 j4 l1 ]# x9 s6 |* h#
# ?% s( x/ S, s' \6 a8 d: L2 w* Z' Hfirewall interzone trust dmz0 b; {/ h% V. G, R1 t
#
" p/ f; V  I2 R/ R3 O6 Vfirewall interzone trust hrp2 i6 ~' t6 O; a* u4 N
#) x; L# n# `2 ~3 g' ^) T5 M
firewall interzone trust gprs7 ?5 Y' Z/ r0 z1 F6 j0 F, J
nat outbound 2003 address-group 3# D1 Q2 W5 h% [1 g: C5 b8 p
detect ftp
5 v0 u) ?/ U- }#. c' |9 D. R2 e% O  i6 i
firewall interzone trust dudubao# s, z( }- `. I- W4 B- E0 T0 S. m% J
packet-filter 3005 inbound               # h+ _; g7 R  n0 |2 O9 Q' ^. Q3 ~) z
detect ftp+ l( W7 \' C6 l2 c' ]. [/ }
#% @8 U  I. m% i
firewall interzone dmz untrust
1 A9 K# ?5 \- u1 a#
4 g7 J* d0 g9 H; h9 R5 qfirewall interzone hrp untrust
; z4 A6 \% ^# o" @- ]#9 U5 B8 G! M7 E+ a. S6 t( b
firewall interzone untrust gprs
( B) S* P' m3 y( ?$ @  v& |% n## W, j  l' k" l* b, E6 E4 q
firewall interzone untrust dudubao
; s2 Y1 i, U7 E: g- s+ i#& k" u7 Z) T( |, q: Q( V
firewall interzone dmz hrp
) y; p# @$ d) R7 c  U4 e#* T' D  n  O6 t: }/ ^9 _
firewall interzone dmz gprs& B, u# B  U# L" v! w! H
packet-filter 3002 inbound
4 D  g) L7 H$ {1 K" j% y, n nat outbound 2002 address-group 50 `" L( f  [2 n# g- D/ F- A7 P
detect ftp
0 F+ o7 v' E1 u1 x8 `/ k3 v#+ }$ S0 p" x  c5 R7 z& s" p- t3 u
firewall interzone dmz dudubao" F. U4 ]/ L8 R+ f( `: j" M
packet-filter 3006 outbound0 N" G- T- m) H% z2 }+ P6 D( N1 L! C
#$ _1 ~( v3 |9 T6 w! x" F
firewall interzone hrp gprs
6 s( k; o5 I3 [# Y6 o5 U! W#
) j; r9 j+ }, G$ C  y9 J- ?& T. mfirewall interzone hrp dudubao            
8 I6 X; R* y" g" N/ H3 y#; J# c6 C6 [' S1 @8 F
firewall interzone gprs dudubao
7 p9 n& J+ G' ]! X$ Y" g+ x: Z* Q#
4 z1 m1 `  F& |% mvrrp group 1
$ F+ y) r0 F+ ^3 O4 M' l2 r add interface Ethernet2/0/7 vrrp vrid 1 data4 S* B7 D8 k+ R7 h
vrrp-group enable9 X& @1 n, X: I: y# g8 I( k. Q% V
vrrp-group priority 105
$ f6 ]7 e- o# i- h) m vrrp-group preempt delay 60. t' v( j* u- T! S7 W
undo vrrp-group group-send+ H6 a! x) f% T5 X: F
vrrp group 2+ l5 x+ F: f7 r5 c* G( e9 P
add interface Ethernet2/0/7 vrrp vrid 2 data
- R" K2 G: U' p' a4 A! s# E vrrp-group enable: W! r3 t; q1 M7 E9 |
undo vrrp-group preempt
4 K! T/ z5 v1 U3 ?1 a& y6 X undo vrrp-group group-send0 z: O( ?7 ^/ h4 C1 l: o5 W
#4 c' X+ ]& I' V, [" `6 N( l
aaa
/ `3 E) i" l/ N+ F local-user huawei password cipher 1_`%CO&$8@7&quot;+C5`;6XL!!!
- ?+ w8 s1 i; V7 n; w$ d6 P* g local-user huawei service-type terminal telnet ssh3 t% f  a+ w) _4 |% R/ j" _( i
local-user huawei level 12 o/ X% ^& w3 w, f
authentication-scheme default4 @2 V/ L1 x5 {$ H' B# D" r: d# Z
#  K4 k* U3 v8 ?/ e2 \
authorization-scheme default
% ]) H' s8 Y( |; t# A' R, h#                                         & B2 l( ]0 z+ Z/ N, D% i
accounting-scheme default
. g  Z& \. q$ c4 q" `3 ?#
  x9 o3 U. d1 ?$ P1 n( |# e0 J domain default+ e3 ~2 z/ z# S; X; r/ P
#4 f& _7 v4 @) z% `1 v' n
#2 d! ~! k/ R: f
ospf 1( {3 [- g1 v- _1 N4 Y
import-route static
8 j! w$ {" a3 z9 f area 0.0.0.0
# p* ]& d% T, w9 r9 h+ M$ F  network 172.16.1.3 0.0.0.0
, }8 ?; Q/ V" D% R+ G1 G8 y! ?  network 172.16.2.0 0.0.0.3
% y# D3 B5 b* b* A# Z  network 172.16.2.8 0.0.0.3
* g% ^- I8 b1 b& F: S  network 172.16.2.24 0.0.0.3& k/ C1 w. r- [4 C* u+ K2 G- @
#0 ^5 j9 `7 a+ A5 l8 x; ~7 h$ a4 d
ip route-static 9.234.21.0 255.255.255.0 145.234.132.153  h/ w  G  j) D. |8 J7 u* P' O
ip route-static 10.0.1.0 255.255.255.0 60.12.194.129( O3 E& z! C. y: M3 Z$ }
ip route-static 61.14.10.218 255.255.255.255 60.12.194.1297 v0 a  n' ]% \  C
ip route-static 119.57.5.0 255.255.255.0 60.12.194.129
5 Y+ v) N, T) H6 ^" y8 _ ip route-static 172.15.10.4 255.255.255.255 172.16.2.1
! W6 m9 {6 g% v ip route-static 221.136.75.25 255.255.255.255 60.12.194.129' E, F( y; @  H, U  a: E) b
#1 C! ~& d$ i9 c" q4 \* b
snmp-agent2 j+ T  P+ l1 }# e
snmp-agent local-engineid 000007DB7F00000100001BEE; O1 \% X9 _$ ~, T) F( |0 P3 C
snmp-agent community read  nbcardro      
3 s& x/ T: o, {: T% H snmp-agent sys-info version all. r9 \. G$ ?; s# n
#
: m, \/ }8 S8 y ssh server timeout 30
6 l! n0 V9 w( M ssh server rekey-interval 24: x( u5 ]. a5 D8 {
ssh user huawei authentication-type password+ l+ j0 u0 h- }+ _+ |
#
( ?  P6 h3 r9 k) F2 M* A" quser-interface con 0
6 J6 W! X4 \7 P! ~" ?! Q, e5 ^ authentication-mode aaa
' v6 K# }9 B# luser-interface aux 07 |) N+ s3 T# b# f8 X3 f
authentication-mode none' a' C6 f8 Q6 I2 G: Z
user-interface vty 0 4
( Q& |* i8 y9 R  x4 P4 g' V acl 2000 inbound0 @4 M' f( G% K$ P" C# R
authentication-mode aaa
' h8 i7 U# n/ p/ r" V- ^. f idle-timeout 5 0  c" Q; {% h9 v9 ?% m3 H
#( ^( Z1 \' f9 y! x  @+ l$ _
return

2000人 活跃的 IT技术 & CCNA/CCNP 题库/战报/备考交流QQ群 2258097
回复 支持 反对

使用道具 举报

honey8064 [Lv8 技术精悍] 发表于 2013-6-19 06:24:03 | 显示全部楼层
帮看看
回复 支持 反对

使用道具 举报

bumingxin [Lv4 初露锋芒] 发表于 2013-6-19 07:29:47 | 显示全部楼层
帮看看172.16.12.71到达60.12.194.140的路由有什么问题?
回复 支持 反对

使用道具 举报

xsdlng [Lv4 初露锋芒] 发表于 2013-6-19 07:31:32 | 显示全部楼层
sh crypto ipsec sa detail
6 d0 U' ]* r: ]/ p: V$ p6 i8 `( @9 n9 w' F3 V1 {
Crypto map tag: mymap, seq num: 20, local addr: 119.57.5.5
2 }( {$ r, B7 p! A( T3 ]$ U' N. _# R% L4 R0 g( f; q: ?
      access-list outside_20_cryptomap permit ip host 10.0.1.17 172.16.12.0 255.255.255.0
5 s8 j( q/ o5 Y# i  F! r' s      local ident (addr/mask/prot/port): (10.0.1.17/255.255.255.255/0/0)3 H$ v: E* ]2 D* |0 S
      remote ident (addr/mask/prot/port): (172.16.12.0/255.255.255.0/0/0)
! m2 M& y' W; y! k& O      current_peer: 60.12.194.14
1 H+ h) o4 ]' B- s              
$ U2 A2 R2 j' k0 C' f; u; k- ~      #pkts encaps: 18, #pkts encrypt: 18, #pkts digest: 18/ R9 a3 X- d% m- }' M0 [4 @* @
      #pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0      #pkts compressed: 0, #pkts decompressed: 0
% D  Z* ~% }" c: U5 _0 U0 E0 @      #pkts not compressed: 18, #pkts comp failed: 0, #pkts decomp failed: 0
3 T1 v; M' L& ^$ d      #pkts no sa (send): 0, #pkts invalid sa (rcv): 0" l6 ~0 m2 T# X! R" f) Q- M
      #pkts encaps failed (send): 0, #pkts decaps failed (rcv): 0
% O# I9 n5 t1 @      #pkts invalid prot (rcv): 0, #pkts verify failed: 0
* b. O) x- w( e# I' {! a  B      #pkts invalid identity (rcv): 0, #pkts invalid len (rcv): 0
4 D  t# {7 K% [$ I      #pkts replay rollover (send): 0, #pkts replay rollover (rcv): 0: n' k3 Y: Z1 Z1 Z* g6 |, u
      #pkts replay failed (rcv): 0! s4 w0 M1 _" W* \- e5 w
      #pkts min mtu frag failed (send): 0, #pkts bad frag offset (rcv): 07 k. u+ q9 \* o4 p$ {  d
      #pkts internal err (send): 0, #pkts internal err (rcv): 0& @' r9 Q+ V! [* Z

: B  f! \" K+ d: {      local crypto endpt.: 119.57.5.5, remote crypto endpt.: 60.12.194.14
/ @' @8 @4 T& v( ^# {( |2 i- v' D* p2 p& \" m
      path mtu 1500, ipsec overhead 58, media mtu 15000 X! {! w, m' ~7 @
      current outbound spi: ED424D37
2 ?/ h. j4 m; @/ c) E- n: s4 Z4 m0 |
    inbound esp sas:$ C. e. q+ N; ~
      spi: 0xFE26B574 (4263949684)
3 q; Y; Q  D" c5 Y: q5 g# c         transform: esp-des esp-md5-hmac none & Q8 p* g8 ^1 P* ]" o  g3 g
         in use settings ={L2L, Tunnel, PFS Group 2, }8 u5 q9 s- c. ^$ y+ L! T( [" o! y
         slot: 0, conn_id: 26, crypto-map: mymap9 h: Z. `4 M3 L3 ~
         sa timing: remaining key lifetime (kB/sec): (1710000/3582)
' d( {( q! v3 ^6 M         IV size: 8 bytes+ N) K5 m& _1 K1 v* f4 u/ b: ?6 P
         replay detection support: Y
4 O  ~% w. B+ Y5 D# @    outbound esp sas:0 @; @6 }- [' t8 L4 i$ O, ]
      spi: 0xED424D37 (3980545335)
& O% n& i; |# q- {+ f7 j5 s& d' h         transform: esp-des esp-md5-hmac none / ?  I8 q. Y0 S1 ~& l$ b8 R
         in use settings ={L2L, Tunnel, PFS Group 2, }
  n6 q" c, z  h% Q: e         slot: 0, conn_id: 26, crypto-map: mymap9 @8 r5 \" H6 Z( n: E* h
         sa timing: remaining key lifetime (kB/sec): (1709998/3580)" V. m" W3 C' v
         IV size: 8 bytes$ e6 n9 I" @" u& k2 E* u: @
         replay detection support: Y
回复 支持 反对

使用道具 举报

mjf1125 [Lv8 技术精悍] 发表于 2014-3-22 20:49:39 | 显示全部楼层
真是 收益 匪浅
回复 支持 反对

使用道具 举报

isslee [Lv8 技术精悍] 发表于 2014-3-25 13:12:46 | 显示全部楼层
看帖回帖是美德!:lol
回复 支持 反对

使用道具 举报

润土 [Lv8 技术精悍] 发表于 2014-3-26 10:05:32 | 显示全部楼层
这是什么东东啊
回复 支持 反对

使用道具 举报

该用户不存在 [VIP@钻石] 发表于 2014-3-26 12:04:40 | 显示全部楼层
我抢、我抢、我抢沙发~
回复 支持 反对

使用道具 举报

dtdonald [Lv8 技术精悍] 发表于 2014-3-26 22:35:41 | 显示全部楼层
好好 学习了 确实不错
回复 支持 反对

使用道具 举报

下一页 »
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

QQ|无图浏览|手机版|网站地图|攻城狮论坛

GMT+8, 2026-3-17 01:21 , Processed in 0.113317 second(s), 9 queries , Gzip On, MemCache On.

Powered by Discuz! X3.4 © 2001-2013 Comsenz Inc.

Designed by ARTERY.cn