Juniper防火墙VPN:、
基于路由的站点到站点的VPN,自动密钥:
1.接口:
set int e1 zone trust
set int e1 ip 10.1.1.1/24
set int e1 nat
set int e3 zone untrust
set int e3 ip 202.20.20.2/24
set int tunnel.1 zone untrust
set int tunnel.1 ip unnumbered int e3
2.地址:
set address trust trust_lan 10.1.1.0/24
set address untrust fenbu_offices 10.2.2.0/24
3.vpn
set ike gateway to_fenbu addrss 202.10.10.2 main outgoing-intface int e3 preshare asd123 proposal pre-g2-3des-sha
set vpn zong-fen gateway to_fenbu sec-level compatible
set vpn zong-fen bind int tunnel.1
set vpn zong-fen proxy-id locl-ip 10.1.1.0/24 remote 10.2.2.0/24 any
4.路由:
set vroute trust-vr route 0.0.0.0/0 int e3 gateway 202.20.20.1
set vroute trust-vr route 10.2.2.0/24 int tunnel.1
5.策略:
set policy from trust to untrust any any any permit
set policy from trust to untrust trust_lan fenbu_offices any permit
set policy form untrust to trust fenbu_offices trust_lan any permit
基于路由的站点到站点的VPN,动态对等方:
(总部)
1.接口
set int e1 zone trust
set int e1 ip 10.1.1.1/24
set int e1 nat
set int e3 zone untrust
set int e3 ip 1.1.1.1/24
set int tunnel.1 zone untrust
set int tunnel.1 unnumber int e3
2.地址
set address trust trust_lan 10.1.1.0/24
set address untrust fenbu_offices 10.2.2.0/24
3.vpn
set ike gateway to_fenbu dynamic aggrivess outgoing-intface e3 preshare asd123 proposal pre-g2-3des-sha(对方是动态IP)
set ike gateway to_fenbu address 1.1.1.1 local-id aggrivess outgoing-intface e3 preshare asd123 proposal pre-g2-3des-sha(对方是静态IP)
set vpn zong_fen gateway to_fenbu tunnel sec-level compatible
set vpn zong_fen bind int tunnel.1
set vpn zong_fen proxy-id local-ip 10.1.1.o/24 remote 10.2.2.0/24 any
4.路由
set vroute trust-vr route 0.0.0.0/0 int e3 gateway 1.1.1.2
set vroute trust-vr route 10.2.2.0/24 int tunnel.1
5.策略
set policy from trust to untrust any any any permit
set policy from trust to untrust trust_lan fenbu_offices any permit
set policy from untrust to trust fenbu_offices trust_lan any permit
基于策略的VPN站点到站点的VPN,自动密钥
1,接口
set int e1 zone trust
set int e1 10.1.1.1/24
set int e1 nat
set int e3 zone untrust
set int e3 ip 1.1.1.1/24
2.地址
set address trust trust_lan 10.1.1.0/24
set address untrust fenbu_offices 10.2.2.0/24
3.VPN
set ike gateway to_fengbu address 2.2.2.2 main outgoing-intface e3 preshare asd123 proposal pre-g2-3des-sha
set vpn zongbu_fenbu gateway to_fengbu sec-level compatible
4.路由
set route 0.0.0.0/0 int e3 gateway 1.1.1.254
5.策略
set policy from trust to untrust any any permit
set policy from trust to untrust trust_lan fenbu_offices any tunnel vpn zongbu_fenbu
set policy from untrust to trust fenbu_offices trust_lan any tunnel vpn zongbu_fenbu
基于策略的站点到站点的VPN,动态对等方
1.接口
set int e1 zone trust
set int e1 ip 10.1.1.1/24
set int e1 nat
set int e3 zone untrust
set int e3 ip 1.1.1.1/24
2.地址
set address trust trust_lan 10.1.1.0/24
set address untrust fenbu_offices 10.2.2.0/24
3.VPN
set ike gateway to_fenbu dynamic aggrissive outgoing-intface e3 preshar asd123 proposal pre-g2-3des-sha(对方是动态IP)
set ike gateway to_fenbu address 2.2.2.2 local-id aggrissive outgoing-intface e3 asd123 proposal pre-g2-3des-sha(对方是静态IP)
set VPN zong_fenbu gateway to_fenbu sec-level compatible
4.路由
set route 0.0.0.0/0 int e3 gateway 1.1.1.254
5.策略
set policy from trust to untrust any any any permit
set policy from trust to untrust trust_lan fenbu_offices any tunnel vpn zong_fenbu
set policy from untrust to trust fenbu_offices trust_lan any tunnel vpn zong_fenbu
阅读(1001) | 评论(0) | 转发(0) |
