云题海 - 专业文章范例文档资料分享平台

文档分类

当前位置:首页 > 配置SRX Dyamic VPN(version 2)

配置SRX Dyamic VPN(version 2)

  • 62 次阅读
  • 3 次下载
  • 2025/6/20 3:03:15

establish-tunnels on-traffic; } }

注意:调试IPSEC PHASE I和PHASE II阶段的协商。 set security ike traceoptions file IKE set security ike traceoptions file size 4m set security ike traceoptions flag all

Step4 Dynamic VPN configuration –动态VPN的配置实例

root# show security dynamic-vpn access-profile ACS_Radius; clients {

client1 {

remote-protected-resources { 192.168.3.0/24; }

remote-exceptions { 0.0.0.0/0; }

ipsec-vpn dynamic-vpn-test; user {

luhongc; } }

client2 {

remote-protected-resources { 192.168.3.0/24; }

remote-exceptions { 0.0.0.0/0; }

ipsec-vpn dynamic-vpntest1; user {

vpntest1; vpntest2; vpntest3; vpntest4; vpntest5; } }

}

Step5 policy configuration-策略配置

策略配置:从untrust区域到trust区域的策略

root# show security policies from-zone untrust to-zone trust policy vpn-policy { match {

source-address any; destination-address any; application any; }

then {

permit { tunnel {

ipsec-vpn dynamic-vpn-test; } } log {

session-init; session-close; } } }

policy vpn-test1-policy { match {

source-address any; destination-address any; application any; }

then {

permit { tunnel {

ipsec-vpn dynamic-vpntest1; } } log {

session-init; session-close; } } }

[edit]

Juniper SRX240上面Dynamic VPN的完整配置如下所示: [edit]

root# show

## Last changed: 2010-04-12 10:45:23 UTC version 9.6R2.11; system {

root-authentication {

encrypted-password \ }

services { ssh;

web-management { http {

interface [ ge-0/0/0.0 ge-0/0/15.0 ]; }

https {

system-generated-certificate;

interface [ ge-0/0/15.0 ge-0/0/0.0 ge-0/0/1.0 ]; } } }

syslog {

user * {

any emergency; }

file messages { any critical;

authorization info; }

file interactive-commands {

interactive-commands error; } }

max-configurations-on-flash 5; max-configuration-rollbacks 5; license {

autoupdate {

url https://ae1.juniper.net/junos/key_retrieval; } }

processes {

general-authentication-service { traceoptions { flag all; } } } }

interfaces {

traceoptions {

file TEST size 4m; }

ge-0/0/0 {

unit 0 { family inet {

address 218.17.165.49/26; } } }

ge-0/0/1 { unit 0 {

family inet {

address 220.249.253.134/27; } } }

ge-0/0/8 { unit 0 {

family inet {

address 60.60.60.2/24; } } }

ge-0/0/15 { unit 0 {

family inet {

address 192.168.3.252/24; }

} } }

routing-options { static {

route 0.0.0.0/0 next-hop 218.17.165.62;

搜索更多关于: 配置SRX Dyamic VPN(version 2) 的文档
  • 收藏
  • 违规举报
  • 版权认领
下载文档10.00 元 加入VIP免费下载
推荐下载
本文作者:...

共分享92篇相关文档

文档简介:

establish-tunnels on-traffic; } } 注意:调试IPSEC PHASE I和PHASE II阶段的协商。 set security ike traceoptions file IKE set security ike traceoptions file size 4m set security ike traceoptions flag all Step4 Dynamic VPN configuration –动态VPN的配置实例 root# show security dynamic-vpn access-profile ACS_Radius; clients { client1 { remote-p

相关文档

相关推荐

× 游客快捷下载通道(下载后可以自由复制和排版)
单篇付费下载
限时特价:10 元/份 原价:20元
微信支付并下载
微信支付并下载
VIP包月下载
特价:29 元/月 原价:99元
低至 0.3 元/份 每月下载150
全站内容免费自由复制
马上升级VIP
VIP包月下载
特价:29 元/月 原价:99元
低至 0.3 元/份 每月下载150
全站内容免费自由复制
马上升级VIP
注:下载文档有可能“只有目录或者内容不全”等情况,请下载之前注意辨别,如果您已付费且无法下载或内容有问题,请联系我们协助你处理。
微信:fanwen365 QQ:370150219
Copyright © 云题海 All Rights Reserved. 苏ICP备16052595号-3 网站地图 客服QQ:370150219 邮箱:370150219@qq.com