juniper SRX Remoat ***配置
Dynamic ***//最新远程***解决方案,默认2个授权!xp-------srx-----inside1
set system services web-management https system-generated-certificate
set security zones security-zone Outside interface fe-0/0/0.0 host-inbound-traffic ssh
set security zones security-zone Outside interface fe-0/0/0.0 host-inbound-traffic ike
set security zones security-zone Outside interface fe-0/0/0.0 host-inbound-traffic ping
set security zones security-zone Outside interface fe-0/0/0.0 host-inbound-traffic https
edit access address-assignment pool dyn-***-address-pool
edit family inet
set network 123.1.1.0/24
edit range d***-range
set low 123.1.1.100
set high 123.1.1.200
set xauth-attributes primary-dns 8.8.8.8/32
配置Access Profile
edit profile dyn-***-access-profile
set client remoteuser firewall-user password cisco
set address-assignment pool dyn-***-address-pool
set firewall-authentication web-authentication default-profile dyn-***-access-profile
配置第一阶段策略:
edit security ike policy ike-dyn-***-policy
set mode aggressive
set proposal-set standard//调用系统标准的proposal
set pre-shared-key ascii-text cisco
edit gaeway dyn-***-local-gw
set ike-policy ike-dyn-***-policy
edit dynamic
set hostname dy***
set connection-limit 10
set ike-user-type group-ike-id //所有的用户都用相同的用户ID!
up
up
set external-interface fe-0/0/0.0
set xauth access-profile dyn-***-access-profile
配置第二阶段策略:
edit ipsec policy ipsec-dyn-***-policy
set proposal-set standard
up
edit *** dyn-*** ike
set gatway dyn-***-local-gw
set ipsec psec-dyn-***-policy
配置Dynamic ***策略!
edit dynamic-***
set access-profile dyn-***-access-profile
edit clients all
set remote-protected-resources 10/8//类似隧道分割10.0.0.0/8
set remote-exceptions 0/0
set ipsec-*** dyn-***//把***关联
set user remoteuser //把相应的用户关联!
配置Security Policy//放行***流量
edit security policies from-zone Outside to-zone Inside1 policy dyv-***-policy
set match source-address any
set match destination-address any
set match application any
set then permit tunnel ipsec-*** dyn-***
commit//提交!!!
----------------------------------------------
show security ike security-associations
show security ike active-peer
show security ipsec security-associations
show security dynamic-*** users
页:
[1]