fw100防火墙sslvpn功能

我上传了附件，你看一下，换了最新版本，反而拨号不成功了

不是windows系统？防火墙把服务关了重开一下试试。

防火墙我一直是关的，很奇怪，用旧版本的就可以正常拿到ip，新版本的拨号都不成功了

fw100把sslvpn网关那个服务关了再开一下。拨号的这台设备重启一下。

重启了，服务也重新关了再开了，我把配置上来，你看看

nat address-group 1 address 1.192.147.34 1.192.147.34 # nat address-group 171 address 171.8.6.154 171.8.6.154 # object-group service 8000 0 service tcp destination eq 8000 # interface GigabitEthernet1/0/1 port link-mode route description Internet ip address 171.8.6.154 255.255.255.0 ip address 1.192.147.34 255.255.255.0 sub nat outbound 3000 address-group 1 nat server protocol tcp global 171.8.6.154 83 inside 172.16.1.253 83 nat server protocol tcp global 171.8.6.154 88 inside 172.16.1.253 80 nat server protocol tcp global 171.8.6.154 554 inside 172.16.1.253 554 nat server protocol tcp global 171.8.6.154 559 inside 172.16.1.253 559 nat server protocol tcp global 171.8.6.154 655 inside 172.16.1.253 655 nat server protocol tcp global 171.8.6.154 1935 inside 172.16.1.253 1935 nat server protocol tcp global 171.8.6.154 4001 inside 172.16.1.253 4001 nat server protocol tcp global 171.8.6.154 4433 inside 172.16.1.253 4433 nat server protocol tcp global 171.8.6.154 5062 inside 172.16.1.253 5062 nat server protocol tcp global 171.8.6.154 5100 5899 inside 172.16.1.253 5100 5899 nat server protocol tcp global 171.8.6.154 6008 6009 inside 172.16.1.253 6008 6009 nat server protocol tcp global 171.8.6.154 6304 inside 172.16.1.253 6304 nat server protocol tcp global 171.8.6.154 6720 inside 172.16.1.253 6720 nat server protocol tcp global 171.8.6.154 7018 inside 172.16.1.253 7018 nat server protocol tcp global 171.8.6.154 7087 inside 172.16.1.253 7087 nat server protocol tcp global 171.8.6.154 7099 inside 172.16.1.253 7099 nat server protocol tcp global 171.8.6.154 7100 inside 172.16.1.253 7100 nat server protocol tcp global 171.8.6.154 7302 inside 172.16.1.253 7302 nat server protocol tcp global 171.8.6.154 7314 inside 172.16.1.253 7314 nat server protocol tcp global 171.8.6.154 7660 inside 172.16.1.253 7660 nat server protocol tcp global 171.8.6.154 7661 inside 172.16.1.253 7661 nat server protocol tcp global 171.8.6.154 8001 inside 172.16.1.253 8001 nat server protocol tcp global 171.8.6.154 8030 inside 172.16.1.253 8030 nat server protocol tcp global 171.8.6.154 8064 inside 172.16.1.253 8064 nat server protocol tcp global 171.8.6.154 8173 inside 172.16.1.253 8173 nat server protocol tcp global 171.8.6.154 8601 8603 inside 172.16.1.253 8601 nat server protocol tcp global 171.8.6.154 15000 16999 inside 172.16.1.253 15000 16999 nat server protocol tcp global 171.8.6.154 17000 inside 172.16.1.253 17000 nat server protocol tcp global 171.8.6.154 20000 21999 inside 172.16.1.253 20000 21999 nat server protocol udp global 171.8.6.154 123 inside 172.16.1.253 123 nat server protocol udp global 171.8.6.154 4433 inside 172.16.1.253 4433 nat server protocol udp global 171.8.6.154 5060 inside 172.16.1.253 5060 nat server protocol udp global 171.8.6.154 5100 5899 inside 172.16.1.253 5100 5899 nat server protocol udp global 171.8.6.154 7100 inside 172.16.1.253 7100 nat server protocol udp global 171.8.6.154 7110 inside 172.16.1.253 7110 nat server protocol udp global 171.8.6.154 7660 inside 172.16.1.253 7660 nat server protocol udp global 171.8.6.154 7661 inside 172.16.1.253 7661 nat server protocol udp global 171.8.6.154 15000 16999 inside 172.16.1.253 15000 16999 nat server protocol udp global 171.8.6.154 20000 21999 inside 172.16.1.253 20000 21999 undo dhcp select server # interface GigabitEthernet1/0/14 port link-mode route description NeiWang ip address 172.16.1.254 255.255.255.0 # interface SSLVPN-AC0 ip address 172.16.2.1 255.255.255.0 # object-policy ip Any-Any rule 0 pass # object-policy ip Local-SSLVPN rule 0 pass # object-policy ip Local-Untrust rule 0 pass # object-policy ip SSLVPN-Local rule 0 pass # object-policy ip SSLVPN-Trust rule 0 pass # object-policy ip Trust-SSLVPN rule 0 pass # object-policy ip Untrust-Local rule 0 pass # security-zone name Local # security-zone name Trust import interface GigabitEthernet1/0/14 # security-zone name DMZ # security-zone name Untrust import interface GigabitEthernet1/0/1 # security-zone name Management import interface GigabitEthernet1/0/0 # security-zone name SSLVPN import interface SSLVPN-AC0 # zone-pair security source Any destination Any object-policy apply ip Any-Any # zone-pair security source Local destination SSLVPN object-policy apply ip Local-SSLVPN # zone-pair security source Local destination Untrust object-policy apply ip Local-Untrust # zone-pair security source SSLVPN destination Local object-policy apply ip SSLVPN-Local # zone-pair security source SSLVPN destination Trust object-policy apply ip SSLVPN-Trust # zone-pair security source Trust destination SSLVPN object-policy apply ip Trust-SSLVPN # zone-pair security source Untrust destination Local object-policy apply ip Untrust-Local # ip route-static 0.0.0.0 0 1.192.147.1 ip route-static 0.0.0.0 0 171.8.6.1 # 、 acl advanced 3000 rule 5 permit ip source 172.16.1.0 0.0.0.255 # acl advanced 3999 rule 0 permit ip destination 172.16.1.0 0.0.0.255 # local-user user1 class network password cipher $c$3$qVAuaoYW/PyeUap5uT0wUj2fdzDZsYpz service-type sslvpn authorization-attribute user-role network-operator authorization-attribute sslvpn-policy-group SSLVPNZIYUAN # sslvpn ip address-pool ssvpn 172.16.2.2 172.16.2.254 # sslvpn gateway vpngat ip address 171.8.6.154 port 8000 service enable # sslvpn context sslvpn gateway vpngat ip-tunnel interface SSLVPN-AC0 ip-tunnel address-pool ssvpn mask 255.255.255.0 ip-tunnel dns-server primary 114.114.114.144 port-forward 8001 port-forward 8080 ip-route-list neiwang include 172.16.1.0 255.255.255.0 policy-group SSLVPNZIYUAN filter ip-tunnel 3999 ip-tunnel access-route ip-route-list neiwang service enable #

好了好了，感谢，版本的问题，谢谢