Scribd Logo
Hochladen

Willkommen bei Scribd!

  • Juniper

    Hochgeladen von

    alexs7122
    10 Ansichten2 Seiten

    Copyright

    © © All Rights Reserved

    Verfügbare Formate

    DOCX, PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden

    Copyright:

    © All Rights Reserved
    Als DOCX, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    10 Ansichten2 Seiten

    Juniper

    Hochgeladen von

    alexs7122

    Copyright:

    © All Rights Reserved
    Als DOCX, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 2

    set interfaces ge-0/0/0 unit 0 family inet address 1.2.3.4/28 ( ) set routing-options static route 0/0 next-hop 1.2.3.

    1 ( ) set system services web-management http interface vlan.0 set system services ssh
    set interfaces interface-range interfaces-trust member-range ge-0/0/1 to ge-0/0/7 set interfaces interface-range interfaces-trust unit 0 family ethernet-switching vlan members vlan-trustset vlans vlan-trust vlan-id 3 set vlans vlan-trust l3-interface vlan.0set interfaces vlan unit 0 family inet address 192.168.1.1/24 set system name-server 8.8.8.8 set system services dhcp router 192.168.1.1 set system services dhcp pool 192.168.1.0/24 address-range low 192.168.1.2 set system services dhcp pool 192.168.1.0/24 address-range high 192.168.1.100 set system services dhcp propagate-settings vlan.0 set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services ping set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services ssh set security zones security-zone trust host-inbound-traffic system-services all set security zones security-zone trust host-inbound-traffic protocols all set security zones security-zone trust interfaces vlan.0 set security policies from-zone source-address any set security policies from-zone destination-address any set security policies from-zone application any set security policies from-zone permit set security policies from-zone address any set security policies from-zone destination-address any set security policies from-zone application any set security policies from-zone trust to-zone untrust policy trust-to-untrust match trust to-zone untrust policy trust-to-untrust match trust to-zone untrust policy trust-to-untrust match trust to-zone untrust policy trust-to-untrust then trust to-zone trust policy trust-to-trust match sourcetrust to-zone trust policy trust-to-trust match trust to-zone trust policy trust-to-trust match trust to-zone trust policy trust-to-trust then permit

    set security nat source rule-set trust-to-untrust from zone trust set security nat source rule-set trust-to-untrust to zone untrust set security nat source rule-set trust-to-untrust rule source-nat-rule match source-address 0.0.0.0/0 set security nat source rule-set trust-to-untrust rule source-nat-rule then source-nat interface set security zones security-zone untrust screen untrust-screen set security screen ids-option untrust-screen icmp ping-death set security screen ids-option untrust-screen ip source-route-optiont set security screen ids-option untrust-screen ip tear-drop set security screen ids-option untrust-screen tcp syn-flood alarm-threshold 1024 set security screen ids-option untrust-screen tcp syn-flood attack-threshold 200 set security screen ids-option untrust-screen tcp syn-flood source-threshold 1024 set security screen ids-option untrust-screen tcp syn-flood destination-threshold 2048 set security screen ids-option untrust-screen tcp syn-flood timeout 20 set security screen ids-option untrust-screen tcp land

    set interfaces st0 unit 0 family inet address 10.11.11.10/24 set routing-options static route 0.0.0.0/0 next-hop 1.1.1.1 set routing-options static route 192.168.168.0/24 next-hop st0.0

    set security zones security-zone untrust interfaces ge-0/0/3.0 set security zones security-zone untrust host-inbound-traffic system-services ike set security zones security-zone trust interfaces ge-0/0/0.0 set security zones security-zone trust host-inbound-traffic system-services all set security zones security-zone vpn-chicago interfaces st0.0 set security address-book book1 address sunnyvale 10.10.10.0/24 set security address-book book1 attach zone trust set security address-book book2 address chicago 192.168.168.0/24 set security address-book book2 attach zone untrust set security ike proposal ike-phase1-proposal authentication-method pre-shared-keys set security ike proposal ike-phase1-proposal dh-group group2 set security ike proposal ike-phase1-proposal authentication-algorithm sha1 set security ike proposal ike-phase1-proposal encryption-algorithm aes-128-cbc set security ike policy ike-phase1-policy mode main set security ike policy ike-phase1-policy proposals ike-phase1-proposal set security ike policy ike-phase1-policy pre-shared-key ascii-text 395psksecr3t set security ike gateway gw-chicago external-interface ge-0/0/3.0 set security ike gateway gw-chicago ike-policy ike-phase1-policy set security ike gateway gw-chicago address 2.2.2.2 set security ipsec proposal ipsec-phase2-proposal protocol esp set security ipsec proposal ipsec-phase2-proposal authentication-algorithm hmac-sha1-96 set security ipsec proposal ipsec-phase2-proposal encryption-algorithm aes-128-cbc set security ipsec policy ipsec-phase2-policy proposals ipsec-phase2-proposal set security ipsec policy ipsec-phase2-policy perfect-forward-secrecy keys group2 set security ipsec vpn ike-vpn-chicago ike gateway gw-chicago set security ipsec vpn ike-vpn-chicago ike ipsec-policy ipsec-phase2-policy set security ipsec vpn ike-vpn-chicago bind-interface st0.0 set security policies from-zone trust to-zone vpn-chicago policy vpn-tr-chi match source-address sunnyvale set security policies from-zone trust to-zone vpn-chicago policy vpn-tr-chi match destination-address chicago set security policies from-zone trust to-zone vpn-chicago policy vpn-tr-chi match application any set security policies from-zone trust to-zone vpn-chicago policy vpn-tr-chi then permit set security policies from-zone vpn-chicago to-zone trust policy vpn-chi-tr match source-address chicago set security policies from-zone vpn-chicago to-zone trust policy vpn-chi-tr match destination-address sunnyvale set security policies from-zone vpn-chicago to-zone trust policy vpn-chi-tr match application any set security policies from-zone vpn-chicago to-zone trust policy vpn-chi-tr then permit

    Das könnte Ihnen auch gefallen