NetscreenJuniper防火墙VPN配置说明(2)

unset interface vlan1 bypass-others-ipsec unset interface vlan1 bypass-non-ip set interface ethernet1 ip manageable set interface ethernet2 ip manageable set interface ethernet1 manage ssh

set interface ethernet1 manage ssl

set interface ethernet1 vip 211.144.149.11 25 \set interface ethernet1 vip 211.144.149.11 + 80 \set interface ethernet1 vip 211.144.149.11 + 110 \set interface ethernet1 vip 211.144.149.12 80 \set interface ethernet1 vip 211.144.149.13 80 \set interface ethernet1 vip 211.144.149.14 80 \

set interface \mip 211.144.149.6 host 172.16.1.25 netmask 255.255.255.255 vr \

unset flow no-tcp-seq-check set flow tcp-syn-check

set address \set address \set address \set address \set address \

set address \set address \set address \

set address \set address \set ike respond-bad-spi 1

unset ikeikeid-enumeration unset ike dos-protection

unset ipsec access-session enable

set ipsec access-session maximum 5000

set ipsec access-session upper-threshold 0 set ipsec access-session lower-threshold 0 set ipsec access-session dead-p2-sa-timeout 0 unset ipsec access-session log-error

unset ipsec access-session info-exch-connected unset ipsec access-session use-error-log set url protocol websense exit

set policy id 1 name \from \to \\\

set policy id 1

set service \exit

set policy id 3 name \permit

set policy id 3

set src-address \set src-address \

exit

set policy id 5 from \to \\\permit log

set policy id 5

set service \set service \exit

set policy id 6 from \to \\\permit log

set policy id 6 exit

set policy id 7 from \to \\\permit

set policy id 7

exit

set policy id 8 from \to \\\permit log

set policy id 8 exit set policy id 9 from \to \\\permit

set policy id 9 exit

set policy id 10 from \to \\\

set policy id 10

exit

set policy id 11 from \to \ \\

set policy id 11

exit

set policy id 12 name \\

set policy id 12 exit

set pki authority default scep mode \set pki x509 default cert-path partial

set syslog config \

set syslog config \set syslog src-interface ethernet2

set syslog enable

unset log module system level notification destination syslog unset log module system level information destination syslog unset log module system level debugging destination syslog set nsmgmtbulkcli reboot-timeout 60 set ssh version v2 set ssh enable

set config lock timeout 5

set snmp community \set snmp host \trap v2

set snmp host \192.168.21.102 255.255.255.255 src-interface ethernet2 trap v2

set snmp name \

set snmp port listen 161 set snmp port trap 162 set vrouter \exit

set vrouter \

unset add-default-route

set route 172.16.12.0/24 interface ethernet2 gateway 172.16.1.1 preference 20 set route 0.0.0.0/0 interface ethernet1 gateway 211.144.149.1 preference 20 set route 192.168.0.0/16 interface ethernet2 gateway 172.16.1.3 preference 20 set route 172.16.4.14/32 interface ethernet2 gateway 172.16.1.1 preference 20 exit

set vrouter \exit

set vrouter \exit

5.2.Netscreen50B

set clock timezone 7 set vrouter trust-vr sharable set vrouter \exit

set vrouter %unset auto-route-export

exit

set service \ set service \ set auth-server \

set auth-server \set auth default auth server \set auth radius accounting port 1646

set admin name \

set admin password \ set admin auth timeout 10 set admin auth server \set admin format dos

set zone \set zone \set zone \set zone \set zone \set zone \set zone \ unset zone \set zone \ set zone \set zone \

unset zone \

set zone \set zone \set zone \set zone \set zone \set zone \set zone \set zone \set zone \set zone \set zone \set zone \set zone \

set zone \

set zone \set zone \set zone \set zone \set zone \set zone \set zone \set zone \set zone \set zone \

set zone \set zone \

set zone \

set zone \

set zone \

set zone \set zone \set zone \set zone \set zone \set zone \

set zone \set zone \set zone \set zone \set zone \set zone \set interface \set interface \set interface \set interface \set interface %unset interface vlan1 ip

set interface ethernet1 ip 211.144.149.3/25

set interface ethernet1 route

set interface ethernet2 ip 172.16.1.3/24 set interface ethernet2 nat

set interface tunnel.1 ip unnumbered interface ethernet1 set interface tunnel.2 ip unnumbered interface ethernet1 unset interface vlan1 bypass-others-ipsec unset interface vlan1 bypass-non-ip

set interface ethernet1 manage-ip 211.144.149.1 set interface ethernet1 ip manageable set interface ethernet2 ip manageable set interface ethernet1 manage ping set interface ethernet1 manage ssh set interface ethernet1 manage ssl set interface ethernet1 manage web unset interface ethernet2 manage ssh unset flow no-tcp-seq-check

set flow tcp-syn-check

set pki authority default scep mode \

set pki x509 default cert-path partial

set address \

set address \

set address \set address \