转载请注明:本文出自www.xuexizu.com 配置脚本root@ITAA# show | no-more ## Last changed: 2002-01-09 05:10:52 UTCvers
.
转载请注明:本文出自www.xuexizu.com
配置脚本
..root@ITAA# show | no-more ..## Last changed: 2002-01-09 05:10:52 UTC..version 12.1X46-D10.2;..system {.. host-name ITAA;.. root-authentication {.. encrypted-password "$1$G5/tL57r$/.BmhuyouGi7l2DlQv.8X0"; ## SECRET-DATA.. }.. name-server {.. 208.67.222.222;.. 208.67.220.220;.. }.. services {.. ssh;.. telnet;.. xnm-clear-text;.. web-management {.. http {.. interface vlan.0;.. }.. https {.. system-generated-certificate;.. interface vlan.0;.. }.. }.. dhcp {.. router {.. 192.168.1.1;.. }.. pool 192.168.1.0/24 {.. address-range low 192.168.1.2 high 192.168.1.254;.. }.. propagate-settings fe-0/0/0.0;.. }.. }.. syslog {.. archive size 100k files 3;.. user * {.. any emergency;.. }.. file messages {.. any critical;.. authorization info;.. }.. file interactive-commands {.. interactive-commands error;.. }.. }.. max-configurations-on-flash 5;.. max-configuration-rollbacks 5;.. license {.. autoupdate {.. url https://ae1.juniper.net/junos/key_retrieval;.. }.. }..}..interfaces {.. fe-0/0/0 {.. unit 0 {.. family inet {.. address 100.1.1.1/24;.. }.. }.. }.. fe-0/0/1 {.. unit 0 {.. family ethernet-switching {.. vlan {.. members vlan-trust;.. }.. }.. }.. }.. fe-0/0/2 {.. unit 0 {.. family ethernet-switching {.. vlan {.. members vlan-trust;.. }.. }.. }.. }.. fe-0/0/3 {.. unit 0 {.. family ethernet-switching {.. vlan {.. members vlan-trust;.. }.. }.. }.. }.. fe-0/0/4 {.. unit 0 {.. family ethernet-switching {.. vlan {.. members vlan-trust;.. }.. }.. }.. }.. fe-0/0/5 {.. unit 0 {.. family ethernet-switching {.. vlan {.. members vlan-trust;.. }.. }.. }.. }.. fe-0/0/6 {.. unit 0 {.. family ethernet-switching {.. vlan {.. members vlan-trust;.. }.. }.. }.. }.. fe-0/0/7 {.. unit 0 {.. family ethernet-switching {.. vlan {.. members vlan-trust;.. }.. }.. }.. }.. vlan {.. unit 0 {.. family inet {.. address 192.168.1.1/24;.. }.. }.. }..}..routing-options {.. static {.. route 0.0.0.0/0 next-hop 100.1.1.254;.. }..}..protocols {.. stp;..}..security {.. ike {.. policy client-***-ike-pol {.. mode aggressive;.. proposal-set standard;.. pre-shared-key ascii-text "$9$LWxx-w4aUji.vW"; ## SECRET-DATA.. }.. gateway client-***-gw {.. ike-policy client-***-ike-pol;.. dynamic {.. hostname itaadyn***;.. connections-limit 2;.. ike-user-type group-ike-id;.. }.. external-interface fe-0/0/0.0;.. xauth access-profile client-***-access-profile;.. }.. }.. ipsec {.. policy client-***-ipsec-pol {.. proposal-set standard;.. }.. *** client-*** {.. ike {.. gateway client-***-gw;.. ipsec-policy client-***-ipsec-pol;.. }.. }.. }.. dynamic-*** {.. access-profile client-***-access-profile;.. clients {.. all {.. remote-protected-resources {.. 192.168.1.0/24;.. }.. remote-exceptions {.. 0.0.0.0/0;.. }.. ipsec-*** client-***;.. user {.. itaa;.. }.. }.. }.. }.. nat {.. source {.. rule-set trust-to-untrust {.. from zone trust;.. to zone untrust;.. rule source-nat-rule {.. match {.. source-address 0.0.0.0/0;.. }.. then {.. source-nat {.. interface;.. }.. }.. }.. }.. }.. proxy-arp {.. interface vlan.0 {.. address {.. 192.168.1.192/30;.. }.. }.. }.. }.. policies {.. from-zone trust to-zone untrust {.. policy trust-to-untrust {.. match {.. source-address any;.. destination-address any;.. application any;.. }.. then {.. permit;.. }.. }.. }.. from-zone untrust to-zone trust {.. policy client-***-access {.. match {.. source-address any;.. destination-address any;.. application any;.. }.. then {.. permit {.. tunnel {.. ipsec-*** client-***;.. }.. }.. }.. }.. }.. }.. zones {.. security-zone trust {.. host-inbound-traffic {.. system-services {.. all;.. }.. protocols {.. all;.. }.. }.. interfaces {.. vlan.0;.. }.. }.. security-zone untrust {.. interfaces {.. fe-0/0/0.0 {.. host-inbound-traffic {.. system-services {.. ike;.. https;.. ping;.. }.. }.. }.. }.. }.. }..}..access {.. profile client-***-access-profile {.. client itaa {.. firewall-user {.. password "$9$Y3gaUk.5Qz6Vw.PTQn6lKv"; ## SECRET-DATA.. }.. }.. address-assignment {.. pool client-***-pool;.. }.. }.. address-assignment {.. pool client-***-pool {.. family inet {.. network 192.168.1.192/30;.. xauth-attributes {.. primary-dns 8.8.8.8/32;.. }.. }.. }.. }.. firewall-authentication {.. web-authentication {.. default-profile client-***-access-profile;.. }.. }..}..vlans {.. vlan-trust {.. vlan-id 3;.. l3-interface vlan.0;.. }..}....[edit]..........root@ITAA# run show security dynamic-*** client version ..Junos Pulse 4.0.2.34169....[edit]..root@ITAA# run show system license usage .. Licenses Licenses Licenses Expiry.. Feature name used installed needed .. dynamic-*** 1 2 0 permanent.. ax411-wlan-ap 0 2 0 permanent....[edit]..root@ITAA# run show security ike security-associations ..Index State Initiator cookie Responder cookie Mode Remote Address ..5147891 UP 4562194f6fbb0890 8ed18385b01ec19a Aggressive 100.1.1.254 ....root@ITAA# run show security ipsec security-associations .. Total active tunnels: 1.. ID Algorithm SPI Life:sec/kb Mon lsys Port Gateway .. <268173313 ESP:aes-cbc-128/sha1 5dcb207b 2756/ 500000 - root 51757 100.1.1.254 .. >268173313 ESP:aes-cbc-128/sha1 6e86077d 2756/ 500000 - root 51757 100.1.1.254 ....[edit]..root@ITAA# run show security ipsec statistics ..ESP Statistics:.. Encrypted bytes: 1500.. Decrypted bytes: 1500.. Encrypted packets: 10.. Decrypted packets: 10..AH Statistics:.. Input bytes: 0.. Output bytes: 0.. Input packets: 0.. Output packets: 0..Errors:.. AH authentication failures: 0, Replay errors: 0.. ESP authentication failures: 0, ESP decryption failures: 0.. Bad headers: 0, Bad trailers: 0..