问题描述:
V5配置替换成V7
组网及组网描述:
- 附件下载: 50-40.txt
- 2022-10-19提问
- 举报
-
(0)
最佳答案
#
version 5.20, Release 2105P02, Standard
#
sysname MSR50-40
#
clock timezone #Web#0#02 add 00:00:00
#
l2tp enable
#
ike local-name msr50-40
#
firewall enable
#
nat address-group 1 114.242.124.200 114.242.124.207
undo nat alg sip
#
domain default enable system
#
dns proxy enable
#
dar p2p signature-file cfa0:/p2p_default.mtd
#
job 1
#
acl number 2000
rule 1 permit
acl number 2001
rule 0 deny source 192.168.1.64 0.0.0.63
rule 1 deny source 192.168.1.128 0.0.0.63
rule 2 deny source 192.168.1.192 0.0.0.63
rule 3 permit
#
acl number 3000
description to_interface:G0/2
rule 1 permit ip source 192.168.20.0 0.0.0.255 destination 172.16.17.0 0.0.0.255
rule 2 permit ip source 192.168.2.0 0.0.0.255 destination 172.16.17.0 0.0.0.255
rule 3 permit ip source 192.168.112.0 0.0.0.255 destination 172.16.17.0 0.0.0.255
rule 4 permit ip source 192.168.114.0 0.0.0.255 destination 172.16.17.0 0.0.0.255
rule 10 permit ip
acl number 3001
rule 0 deny ip logging
acl number 3002
description to_interface:G0/1
rule 1 deny ip source 172.16.17.0 0.0.0.255 destination 192.168.8.0 0.0.0.255
rule 100 permit ip
acl number 3003
rule 0 deny tcp source-port eq 3077
rule 100 permit ip
acl number 3004
#
vlan 1
#
radius scheme system
#
domain rjl
access-limit disable
state active
idle-cut disable
self-service-url disable
ip pool 0 192.168.10.10 192.168.10.20
domain sf
access-limit disable
state active
idle-cut disable
self-service-url disable
ip pool 1 192.168.11.10 192.168.11.20
domain system
authentication ppp local
access-limit disable
state active
idle-cut disable
self-service-url disable
ip pool 0 192.168.2.10 192.168.2.20
domain xcrl
access-limit disable
state active
idle-cut disable
self-service-url disable
ip pool 1 192.168.9.10 192.168.9.30
#
public-key peer 192.168.1.250
public-key-code begin
30819F300D06
public-key-code end
peer-public-key end
#
ike proposal 1
encryption-algorithm 3des-cbc
dh group2
authentication-algorithm md5
#
ike proposal 2
#
ike dpd 100000
#
ike peer l2tp
exchange-mode aggressive
pre-shared-key simple 123
id-type name
remote-name l2tp
nat traversal
#
ike peer lns
exchange-mode aggressive
proposal 2
pre-shared-key cipher txqibLBo69Z5Cft7
id-type name
remote-name xcrl
local-name msr50-40
nat traversal
#
ike peer northsoft
proposal 1yXxN+I=
remote-address 124.95.129.118
nat traversal
#
ipsec proposal l2tp
esp authentication-algorithm sha1
esp encryption-algorithm 3des
#
ipsec proposal lns
#
ipsec proposal northsoft
esp encryption-algorithm 3des
#
ipsec policy-template lns1 1
connection-name lns.1
ike-peer lns
proposal lns
#
ipsec policy-template lns1 2
ike-peer l2tp
proposal l2tp
#
ipsec policy lns 1 isakmp template lns1
#
ipsec policy lns 2 isakmp
connection-name northsoft
security acl 3006
ike-peer northsoft
proposal northsoft
undo policy enable
#
tunnel-policy xcrl
#
user-group system
#
interface Cellular0/0
async mode protocol
link-protocol ppp
#
interface Ethernet0/0
port link-mode route
ip address 10.1.1.1 255.255.255.0
#
interface Ethernet7/0
port link-mode route
ip address 15.12.252.158 255.255.255.252
#
interface Ethernet7/1
port link-mode route
ip address 172.20.5.78 255.255.255.252
#
interface Virtual-Template1
ppp authentication-mode chap
remote address pool
ip address 192.168.2.1 255.255.255.0
#
interface NULL0
#
interface LoopBack99
#
interface GigabitEthernet0/0
port link-mode route
description to_internet
firewall packet-filter 3003 outbound
nat outbound 3010
nat server protocol udp global 114.242.124.203 any inside 192.168.113.13 any
nat server protocol tcp global 114.242.124.204 22 inside 192.168.113.48 22
nat server protocol tcp global 114.242.124.204 3306 inside 192.168.113.48 3306
nat server protocol tcp global 114.242.124.204 10000 inside 192.168.113.48 10000
nat server protocol tcp global 114.242.124.204 9192 inside 192.168.113.48 9192
nat server protocol tcp global 114.242.124.201 any inside 192.168.111.10 any
nat server protocol udp global 114.242.124.201 any inside 192.168.111.10 any
nat server protocol udp global 114.242.124.205 1188 inside 192.168.112.20 1188
nat server protocol tcp global 114.242.124.204 8086 inside 192.168.113.14 8086
nat server protocol tcp global 114.242.124.204 ftp inside 192.168.113.14 ftp
nat server protocol tcp global 114.242.124.204 8085 inside 192.168.113.14 8085
nat server protocol udp global 114.242.124.204 8086 inside 192.168.113.14 8086
nat server protocol tcp global 114.242.124.204 8087 inside 192.168.113.14 8087
nat server protocol udp global 114.242.124.204 8087 inside 192.168.113.14 8087
nat server protocol tcp global 114.242.124.203 any inside 192.168.113.13 any
nat server protocol tcp global 114.242.124.204 8088 inside 192.168.113.14 8088
nat server protocol tcp global 114.242.124.204 8080 inside 192.168.8.80 8080
nat server protocol tcp global 114.242.124.207 1433 inside 192.168.20.55 1433
nat server protocol tcp global 114.242.124.207 8080 inside 192.168.113.25 8080
nat server protocol tcp global 114.242.124.207 8090 inside 192.168.113.25 8090
nat server protocol udp global 114.242.124.205 80 inside 192.168.112.20 80
nat server protocol udp global 61.51.122.54 7061 inside 192.168.113.70 5060
nat server protocol udp global 61.51.122.54 8811 inside 192.168.113.70 8111
nat server protocol udp global 61.51.122.54 10000 inside 192.168.113.70 10000
nat server protocol udp global 61.51.122.54 10001 inside 192.168.113.70 10001
nat server protocol udp global 61.51.122.54 10002 inside 192.168.113.70 10002
ip address 61.51.122.54 255.255.255.252
ipsec no-nat-process enable
ipsec policy lns
ip flow-ordering internal
#
interface GigabitEthernet0/1
port link-mode route
nat outbound
ip address 192.168.14.2 255.255.255.252
#
interface GigabitEthernet0/2
port link-mode route
firewall packet-filter 3000 inbound
ip address 192.168.1.250 255.255.255.0
ip policy-based-route dianxintong
#
interface Encrypt11/0
#
interface Encrypt12/0
#
interface Tunnel0
ip address 192.168.170.114 255.255.255.252
source GigabitEthernet0/0
destination 114.247.23.87
#
interface Tunnel1
ip address 192.168.170.118 255.255.255.252
source GigabitEthernet0/0
destination 114.247.10.246
#
nqa entry admin voice
type voice
destination ip 192.168.113.20
destination port 5060
#
policy-based-route dianxintong permit node 1
if-match acl 3004
apply ip-address next-hop 192.168.14.1 track 1
#
#
voice-setup
#
sip
#
sip-server
#
call-rule-set
#
call-route
#
dial-program
#
aaa-client
#
gk-client
#
dhcp-snooping
#
ip route-static 0.0.0.0 0.0.0.0 GigabitEthernet0/1 219.238.10.233 preference 80
ip route-static 0.0.0.0 0.0.0.0 61.51.122.53 track 1
#
info-center loghost 124.65.193.6
#
snmp-agent
snmp-agent local-engineid 800063A2033CE5A61836BD
snmp-agent community read public
snmp-agent sys-info contact 308274424@qq.com
snmp-agent sys-info location Tongzhou,AL
snmp-agent sys-info version all
#
nqa server enable
nqa server udp-echo 192.168.113.20 5060
#
ntp-service refclock-master 2
#
ssh server enable
ssh user admin service-type stelnet authentication-type password
ssh client authentication server 192.168.1.250 assign publickey 192.168.1.250
#
nat dns-map domain ***.*** protocol tcp ip 114.242.124.206 port 8080
nat dns-map domain ***.*** protocol tcp ip 114.242.124.207 port www
nat dns-map domain ***.*** protocol tcp ip 114.242.124.205 port 8080
nat dns-map domain ***.*** protocol tcp ip 114.242.124.205 port www
#
ip flow-ordering stat-interval 10
#
load xml-configuration
#
load tr069-configuration
#
user-interface con 0
authentication-mode scheme
user-interface tty 13
authentication-mode scheme
user-interface aux 0
authentication-mode scheme
user-interface vty 0 4
authentication-mode scheme
user privilege level 3
protocol inbound ssh
#
return
这是配置
- 2022-10-19回答
- 评论(0)
- 举报
-
(0)
暂无评论
编辑答案
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
- 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
- 3. 是哪家企业?(营业执照,单位登记证明等证件)
- 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
抄袭了我的内容
×
原文链接或出处
诽谤我
×
- 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
对根叔社区有害的内容
×
不规范转载
×
举报说明
暂无评论