- PHP Token 认证机制实现
- PHP PDO预处理条件查询
- JavaScript 默认值设置方法
- Promise 的基本使用方法
- 完整支持TRUNCATE TABLE和其他SQL语句的导入方案
- Jquery+ajax返回的数据类型为script,且含有多个变量
- PHP类使用详解
- jQuery AJAX success 回调中的返回值处理
- PHP解压缩Gzip文件方法总结
- JavaScript Promise 用法详解
- PHP PDO 导出指定表数据(导入前清空表)
- PHP 中使用 try-catch 捕获错误信息
- JavaScript数组求平均值方法总结
- MySQL 5.7 忘记 root 密码解决方法
- HTML 图片异步加载
- 根据某数组,在另一个数组中检索并输出对应值
- 用Javascript为图片img添加onclick事件
- 图解Windows Installer制作软件安装包
- 轻型数据库SQLite结合PHP的研发
- 在没有MySQL支持的虚拟主机,在PHP中使用文本数据库
- PHP之glob函数
- DIY服务器硬盘RAID选用
- PHP代码优化及PHP相关问题总结
- Windows操作系统发展历史二
- 用PHP函数解决SQL injection
- ISP如何在网内部署BGP路由协议
- Div+CSS:absolute与relative
- Photoshop CS3:为美女刷出亮白牙齿
- PHP CURL 发送和接收XML数据
- 采集cz88.net免费代理的小程序
- Fireworks打造热力四射手机广告
- 记录搜索蜘蛛爬行记录的Asp代码
H3C secpath防火墙IPSEC+L2TP配置案例
组网:内网--SECPATH F100-C防火墙---SECPATH F100-S防火墙--PC机(安装INODE客户端),PC机要采用IPSEC+L2TP的方式拨到F100-C防火墙上,访问内网资源。
<A>dis cu
#
sysname A
#
super password level 3 cipher I!]2">*=$\'T=[[6AH];";Q!!
#
l2tp enable
#
ike local-name server
#
firewall packet-filter enable
firewall packet-filter default permit
#
firewall statistic system enable
#
radius scheme system
server-type huawei
#
domain system
ip pool 0 192.168.128.1 192.168.128.253
#
local-user l2tp
password simple l2tp
service-type ppp
#
ike peer qzrb
exchange-mode aggressive
pre-shared-key quidway
id-type name
remote-name client
nat traversal
#
ipsec proposal qzrb
#
ipsec policy-template temp 1
ike-peer qzrb
proposal qzrb
#
ipsec policy qzrb 1 isakmp template temp
#
acl number 2002
rule 0 permit source 192.168.245.0 0.0.0.255
#
interface Virtual-Template0
ppp authentication-mode pap
ip address 192.168.128.254 255.255.255.0
remote address pool
#
interface Aux0
async mode flow
#
interface GigabitEthernet0/0
duplex full
ip address 61.130.55.82 255.255.255.248
nat outbound 2002
ipsec policy qzrb
#
interface GigabitEthernet0/1
speed 1000
duplex full
ip address 192.168.254.1 255.255.255.252
#
interface Encrypt2/0
#
interface NULL0
#
interface LoopBack0
#
firewall zone local
set priority 100
#
firewall zone trust
add interface GigabitEthernet0/1
add interface Virtual-Template0
set priority 85
#
firewall zone untrust
add interface GigabitEthernet0/0
set priority 5
#
firewall zone DMZ
set priority 50
#
firewall interzone local trust
#
firewall interzone local untrust
#
firewall interzone local DMZ
#
firewall interzone trust untrust
#
firewall interzone trust DMZ
#
firewall interzone DMZ untrust
#
l2tp-group 1
undo tunnel authentication
mandatory-lcp
allow l2tp virtual-template 0
#
ip route-static 0.0.0.0 0.0.0.0 61.130.55.81 preference 60
#
user-interface con 0
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
user privilege level 1
protocol inbound telnet
#
return
<A>
<B>dis cu
#
sysname B
#
firewall packet-filter enable
firewall packet-filter default permit
#
insulate
#
firewall statistic system enable
#
radius scheme system
server-type huawei
#
domain system
#
acl number 2002
rule 0 permit source 192.168.245.0 0.0.0.255
#
interface Aux0
async mode flow
#
interface Ethernet0/0
ip address 61.130.55.81 255.255.255.248
nat outbound 2002
#
interface Ethernet0/1
ip address 192.168.254.2 255.255.255.252
#
interface Ethernet0/2
#
interface Ethernet0/3
#
interface Ethernet1/0
#
interface Ethernet1/1
#
interface Ethernet1/2
#
interface NULL0
#
firewall zone local
set priority 100
#
firewall zone trust
add interface Ethernet0/1
set priority 85
#
firewall zone untrust
add interface Ethernet0/0
set priority 5
#
firewall zone DMZ
set priority 50
#
firewall interzone local trust
#
firewall interzone local untrust
#
firewall interzone local DMZ
#
firewall interzone trust untrust
#
firewall interzone trust DMZ
#
firewall interzone DMZ untrust
#
ip route-static 0.0.0.0 0.0.0.0 61.130.55.82 preference 60
#
user-interface con 0
user-interface aux 0
user-interface vty 0 4
#
return
<B>