当前位置:文档之家 › 华为usg2210防火墙配置实例

华为usg2210防火墙配置实例

  • 格式:doc
  • 大小:60.50 KB
  • 文档页数:15

下载文档原格式

  / 15
  1. 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
  2. 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
  3. 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。

display current-configuration

detect h323

d

09:29:14 2016/03/17

detect qq

#

sysname USG2200

detect

#s

l2tp enabledetect netbi

undo l2tp domain suffix-separator @

undo tunnel authentic

#i

ike dpd interval 10

allow l2tp

#i

firewall packet-filter default permit interzone local trust direction inbound unicast

undo synchronization

#

firewall packet-filter default permit interzone local trust direction outbound

local-user user2

firewall packet-filter default permit interzone local untrust direction inbound

local-user user3 password cipher %$%$`;WkNM${E;O=5--=%y

firewall packet-filter default permit interzone local untrust direction outboundal-user user3 service-type ppp local-user use

authentication-mode vpndb

#

nat server 1 protocol udp global 218.56.104.*** any inside 192.100.7.73 anyheme test.scm

authorization-mode vpndb

#

ip df-unreachables enableaccounting-scheme default

domain dot1x

firewall ipv6 statistic system enable

authentication-scheme test.sc

#

dns resolve

firewall defend syn-flood enable

firewall defend arp-flood enable

firewall defend sip-flood enable

firewall defend udp-flood fingerprint-hit destination-max-rate 5

firewall defend udp-flood fingerprint-hit source-max-rate 3

firewall defend sip-flood port range 1 65535

#

firewall statistic system enable

#

pki certificate access-control-policy default permit

#

dns proxy enable

#

license-server domain

#

web-manager enable

web-manager security enable port 8443

#

user-manage web-authentication security port 8888

#

#

radius-server template test.tpl

#

#

ldap-server template test.tpl

ldap-server authentication base-dn dc=my-domain,dc=com ldap-server group-filter ou

ldap-server authentication-filter (objectclass=*) ldap-server user-filter cn

ldap-server server-type ad-ldap

#

acl number 2001

rule 5 permit source 192.100.7.0 0.0.0.255 rule 10 permit source 10.10.10.0 0.0.0.255

acl number 3000

rule 5 permit udp source-port eq 1701 rule 10 permit udp destination-port eq 1701 #

acl number 3001

#

ike proposal 1

encryption-algorithm 3des-cbc

dh group2 group1

integrity-algorithm aes-xcbc-96 hmac-sha1-96 hmac-md5-96 #

ike peer ike20111583362

exchange-mode auto

ike negotiate compatible

pre-shared-key %$%$sEPH;hfv{*71&V3Zc:QS^C:1%$%$ ike-proposal 1

remote-id-type none

#

ipsec proposal prop20111583362

encapsulation-mode auto

esp authentication-algorithm sha1

esp encryption-algorithm 3des

#

ipsec policy-template tpl20111583362 1 security acl 3000

security acl public-ip-transparent

ike-peer ike20111583362

alias celue1

scenario point-to-multipoint l2tp-user-access proposal prop20111583362

local-address applied-interface

sa duration traffic-based 1843200

sa duration time-based 3600

#

ipsec policy ipsec2011158331 10000 isakmp template tpl #

interface Cellular0/1/0

link-protocol ppp

#

相关主题