Juniper NetScreen-500使用手册（一）(6)

Juniper NetScreen-500使用手册（一） 内部公开

ns-500-> get config get config

Total Config size 3060: set clock timezone 0 set vrouter trust-vr sharable

unset vrouter \set auth-server \

set auth-server \set auth default auth server \set admin name \

set admin password \set admin scs password disable username cisco set admin auth timeout 10 set admin auth server \set admin format dos

set zone \set zone \set zone \set zone \set zone \set zone %unset zone \set zone \set zone \set zone \

set zone \set zone \set zone \

2004-11-01

华为三康机密，未经许可不得扩散

第26页, 共42页

Juniper NetScreen-500使用手册（一） 内部公开

set zone \set zone \set zone \set zone \set zone \set zone \set zone \set interface \set interface \set interface \set interface ethernet1/1 ip 10.1.1.1/24 set interface ethernet1/1 nat

set interface ethernet3/1 ip 12.1.1.1/24 set interface ethernet3/1 route unset interface vlan1 ip

set interface mgt ip 10.153.102.187/23

set interface tunnel.1 ip unnumbered interface ethernet3/1 unset interface vlan1 bypass-others-ipsec unset interface vlan1 bypass-non-ip set interface ethernet1/1 ip manageable set interface ethernet3/1 ip manageable set interface ethernet3/1 manage ping set console timeout 0 set hostname ns-500

set address \set address \

set ike gateway \\

2004-11-01

华为三康机密，未经许可不得扩散

第27页, 共42页

Juniper NetScreen-500使用手册（一） 内部公开

\

unset ike gateway \set ike respond-bad-spi 1

set vpn \compatible

set vpn \set pki authority default scep mode \set pki x509 default cert-path partial

set policy id 3 name \ \\

set policy id 2 name \ \\

set policy id 1 from \ \

set vpn \set ssh version v2 set config lock timeout 5 set snmp port listen 161 set snmp port trap 162 set vrouter \exit

set vrouter %unset add-default-route

set route 0.0.0.0/0 interface ethernet3/1 exit

4.4.2 Quidway SecPath-1000 配置

dis cur

2004-11-01

华为三康机密，未经许可不得扩散

第28页, 共42页

Juniper NetScreen-500使用手册（一） 内部公开

#

sysname SecPath-1000 #

ike local-name SecPath-1000 #

ike peer peer

exchange-mode aggressive pre-shared-key vpn id-type name

remote-name NetScreen-500 remote-address 12.1.1.1 #

ipsec proposal vpn #

ipsec policy vpnmap 10 isakmp security acl 3000 ike-peer peer proposal vpn #

interface Aux0 async mode flow link-protocol ppp #

interface GigabitEthernet0/0 speed 100 duplex full

ip address 12.1.1.2 255.255.255.0 ipsec policy vpnmap

2004-11-01

华为三康机密，未经许可不得扩散

第29页, 共42页

Juniper NetScreen-500使用手册（一） 内部公开

#

interface GigabitEthernet0/1 speed 100 duplex full

ip address 20.2.2.2 255.255.255.0 #

interface NULL0 #

acl number 3000

rule 0 permit ip source 20.2.2.2 0 destination 10.1.1.1 0 rule 1 deny ip #

ip route-static 10.1.1.0 255.255.255.0 12.1.1.1 preference 60 #

user-interface con 0 user-interface aux 0 user-interface vty 0 4 # return

4.4.3 Juniper NetScreen-500 显示

ns-500-> ns-500-> ping ping

Target IP address: Target IP address:20.2.2.2 20.2.2.2

2004-11-01

华为三康机密，未经许可不得扩散

第30页, 共42页