IPSec in IBM SoftLay
发布时间:2019-07-05 09:54:43编辑:auto阅读(1646)
Phase 1
(3)Customer end: Juniper SRX Firewall (policy based ×××)
set security ike proposal ike-phase1-proposal authentication-method pre-shared-keys
set security ike proposal ike-phase1-proposal dh-group group2
set security ike proposal ike-phase1-proposal authentication-algorithm md5
set security ike proposal ike-phase1-proposal encryption-algorithm 3des-cbc
set security ike policy ike-phase1-policy mode main
set security ike policy ike-phase1-policy proposals ike-phase1-proposal
set security ike policy ike-phase1-policy pre-shared-key ascii-text "$9$OmpvBhyleWx-wvWjkq.5TRhSylMLxN-bsKvJG"
set security ike gateway SL ike-policy ike-phase1-policy
set security ike gateway SL address x.x.x.x
set security ike gateway SL external-interface ge-0/0/0.0
2. Phase 2
set security ipsec proposal ipsec-phase2-proposal authentication-algorithm hmac-md5-96
set security ipsec proposal ipsec-phase2-proposal encryption-algorithm 3des-cbc
set security ipsec policy ipsec-phase2-policy perfect-forward-secrecy keys group2
set security ipsec policy ipsec-phase2-policy proposals ipsec-phase2-proposal
set security ipsec *** SL××× ike gateway SL
set security ipsec *** SL××× ike proxy-identity local 192.168.109.0/24
set security ipsec *** SL××× ike proxy-identity remote 10.66.24.0/26
set security ipsec *** SL××× ike proxy-identity service any
set security ipsec *** SL××× ike ipsec-policy ipsec-phase2-policy
3. Security Policy (Inbound)
set security policies from-zone trust to-zone untrust policy outbound_*** match source-address local_network
set security policies from-zone trust to-zone untrust policy outbound_*** match destination-address SL-net
set security policies from-zone trust to-zone untrust policy outbound_*** match application any
set security policies from-zone trust to-zone untrust policy outbound_*** then permit tunnel ipsec-*** SL×××
set security policies from-zone trust to-zone untrust policy outbound_*** then count
4. Security Policy (Outbound)
set security policies from-zone untrust to-zone trust policy inbound_*** match source-address SL-net
set security policies from-zone untrust to-zone trust policy inbound_*** match destination-address local_network
set security policies from-zone untrust to-zone trust policy inbound_*** match application any
set security policies from-zone untrust to-zone trust policy inbound_*** then permit tunnel ipsec-*** SL×××
set security policies from-zone untrust to-zone trust policy inbound_*** then count
5.Routing
set routing-options static route 0.0.0.0/0 next-hop 10.1.1.1
上一篇: Windows XP Service P
下一篇: django之sqlite3常见错误
- openvpn linux客户端使用
48210
- H3C基本命令大全
46964
- openvpn windows客户端使用
37871
- H3C IRF原理及 配置
35162
- Python exit()函数
29683
- openvpn mac客户端使用
26346
- python全系列官方中文文档
25285
- 1.常用turtle功能函数
20304
- python 获取网卡实时流量
19976
- python 获取Linux和Windows硬件信息
18433
- aiohttp异步爬虫
58°
- python3-scipy-ndimage平滑
6065°
- python3-scikit-image平滑去噪
6776°
- python3-PIL非线性噪声平滑
6263°
- python3-Scipy-ndimage进行盒核与高斯核平滑比较
6236°
- python3-PIL高斯模糊滤波器平滑
7358°
- python3-PIL基于盒模糊核均值化平滑
6184°
- python3-PIL线性噪声平滑
6315°
- python3-scikit-image直方图匹配
6787°
- python3-scikit-image对比拉伸和直方图均衡化
6793°
- 姓名:Run
- 职业:谜
- 邮箱:383697894@qq.com
- 定位:上海 · 松江
