• 全部
  • 经验案例
  • 典型配置
  • 技术公告
  • FAQ
  • 漏洞说明
  • 全部
  • 全部
  • 大数据引擎
  • 知了引擎
产品线
搜索
取消
案例类型
发布者
是否解决
是否官方
时间
搜索引擎
匹配模式
高级搜索

SecPath F100-M-SI无法使用SSLVPN,配置如下请大神指教

2024-03-09提问
  • 0关注
  • 0收藏,488浏览
粉丝:0人 关注:0人

问题描述:

配置如下:

#

 version 5.20, Release 5142P02

#

 sysname FW

#

 undo voice vlan mac-address 00e0-bb00-0000

#

 ike local-name msr

#

 interzone policy default by-priority

#

 domain default enable system 

#

 telnet server enable 

#

 ip http acl 2030 

#

 undo alg all

#

session synchronization enable

#

 password-recovery enable

#

acl number 2000 match-order auto

 rule 0 permit 

#

acl number 3009

 rule 1 permit ip source 168.8.100.0 0.0.0.255 destination 168.7.100.0 0.0.0.255 

#

vlan 1

#

domain system 

 access-limit disable

 state active 

 idle-cut disable 

 self-service-url disable 

#

pki entity cs3250

  common-name H3C

#

pki domain cs3250

  certificate request from ca

  certificate request entity cs3250

  crl check disable

#

pki domain default

  crl check disable

#

ike proposal 30

 encryption-algorithm 3des-cbc

 dh group2

 sa duration 28800

#

ike peer 30

 exchange-mode aggressive

 pre-shared-key cipher $c$3$U2Fyb9HqrC0AGIPBlrc0UGLhXptovjQi

 id-type name

 remote-name er

 remote-address msr dynamic

 nat traversal

#

ipsec transform-set 30

 encapsulation-mode tunnel

 transform esp

 esp authentication-algorithm sha1

 esp encryption-algorithm 3des

#

ipsec policy 30 10 isakmp

 security acl 3009 

 ike-peer 30

 transform-set 30

 sa duration traffic-based 28800

#

ipsec policy 30 30 isakmp

 security acl 3009 

 ike-peer 30

 sa duration traffic-based 1843200

 sa duration time-based 3600

#

user-group system

 group-attribute allow-guest

#

local-user admin

 password cipher $c$3$dIkdn2OLeJEqHX6PWIDjD1ngwjkvndMfxuvS

 authorization-attribute level 3

 service-type telnet

 service-type web

#

ssl server-policy access-policy

 pki-domain cs3250

#

interface NULL0

#

interface LoopBack0

 ip address 168.8.100.254 255.255.255.255 

#

interface GigabitEthernet0/0

 port link-mode route

 ip address 192.168.0.1 255.255.255.0 

 undo dhcp select server global-pool

#

interface GigabitEthernet0/1

 port link-mode route

 nat outbound 2000

 nat server protocol udp global 111.17.222.215 82 inside 168.8.100.202 82

 nat server protocol udp global 111.17.222.215 9091 inside 168.8.100.202 9091

 nat server protocol udp global 111.17.222.215 8080 inside 168.8.100.202 8080

 nat server protocol udp global 111.17.222.215 7777 inside 168.8.100.202 7777

 nat server protocol udp global 111.17.222.215 21 inside 168.8.100.202 21

 nat server protocol udp global 111.17.222.215 1082 inside 168.8.100.202 1082

 nat server protocol tcp global 111.17.222.215 82 inside 168.8.100.202 82

 nat server protocol tcp global 111.17.222.215 9091 inside 168.8.100.202 9091

 nat server protocol tcp global 111.17.222.215 8080 inside 168.8.100.202 8080

 nat server protocol tcp global 111.17.222.215 7777 inside 168.8.100.202 7777

 nat server protocol tcp global 111.17.222.215 ftp inside 168.8.100.202 ftp

 nat server protocol tcp global 111.17.222.215 1082 inside 168.8.100.202 1082

 nat server protocol tcp global 111.17.222.215 7776 inside 168.8.100.202 7776

 nat server protocol udp global 111.17.222.215 7776 inside 168.8.100.202 7776

 nat server protocol tcp global 111.17.222.215 8089 inside 168.8.100.202 8089

 nat server protocol udp global 111.17.222.215 8089 inside 168.8.100.202 8089

 nat server protocol udp global 111.17.222.215 4242 inside 168.8.100.209 4242

 nat server protocol tcp global 111.17.222.215 4242 inside 168.8.100.209 4242

 nat server protocol tcp global 111.17.222.215 4243 inside 168.8.100.209 4243

 nat server protocol udp global 111.17.222.215 4243 inside 168.8.100.209 4243

 nat server protocol udp global 111.17.222.215 9191 inside 168.8.100.209 8080

 nat server protocol tcp global 111.17.222.215 9191 inside 168.8.100.209 8080

 nat server protocol udp global 111.17.222.215 4244 inside 168.8.100.209 4244

 nat server protocol tcp global 111.17.222.215 4244 inside 168.8.100.209 4244

 nat server protocol tcp global 111.17.222.215 4245 inside 168.8.100.209 4245

 nat server protocol udp global 111.17.222.215 4245 inside 168.8.100.209 4245

 nat server protocol tcp global 111.17.222.215 9192 inside 168.8.100.210 9191

 nat server protocol udp global 111.17.222.215 7778 inside 10.11.13.15 7778

 nat server protocol tcp global 111.17.222.215 8088 inside 10.11.13.15 8088

 nat server protocol udp global 111.17.222.215 8088 inside 10.11.13.15 8088

 nat server protocol tcp global 111.17.222.215 9090 inside 10.11.13.15 9090

 nat server protocol udp global 111.17.222.215 9090 inside 10.11.13.15 9090

 nat server protocol tcp global 111.17.222.215 7070 inside 10.11.13.15 7070

 nat server protocol udp global 111.17.222.215 7070 inside 10.11.13.15 7070

 nat server protocol udp global 111.17.222.215 88 inside 10.11.13.15 88

 nat server protocol udp global 111.17.222.215 89 inside 10.11.13.15 89

 nat server protocol tcp global 111.17.222.215 5222 inside 10.11.13.15 5222

 nat server protocol udp global 111.17.222.215 5222 inside 10.11.13.15 5222

 nat server protocol tcp global 111.17.222.215 7778 inside 10.11.13.15 7778

 nat server protocol tcp global 111.17.222.215 88 inside 10.11.13.15 88

 nat server protocol tcp global 111.17.222.215 89 inside 10.11.13.15 89

 nat server protocol tcp global 111.17.222.215 11002 inside 10.11.13.220 11002

 nat server protocol udp global 111.17.222.215 11002 inside 10.11.13.220 11002

 nat server protocol tcp global 111.17.222.215 11003 inside 10.11.13.220 11003

 nat server protocol udp global 111.17.222.215 11003 inside 10.11.13.220 11003

 nat server protocol tcp global 111.17.222.215 10003 inside 10.11.13.220 10003

 nat server protocol udp global 111.17.222.215 10003 inside 10.11.13.220 10003

 nat server protocol tcp global 111.17.222.215 10004 inside 10.11.13.220 10004

 nat server protocol udp global 111.17.222.215 10004 inside 10.11.13.220 10004

 nat server protocol tcp global 111.17.222.215 10005 inside 10.11.13.220 10005

 nat server protocol udp global 111.17.222.215 10005 inside 10.11.13.220 10005

 nat server protocol tcp global 111.17.222.215 10006 inside 10.11.13.220 10006

 nat server protocol udp global 111.17.222.215 10006 inside 10.11.13.220 10006

 nat server protocol tcp global 111.17.222.215 10007 inside 10.11.13.220 10007

 nat server protocol udp global 111.17.222.215 10007 inside 10.11.13.220 10007

 nat server protocol tcp global 111.17.222.215 8787 inside 10.11.13.222 8787

 nat server protocol udp global 111.17.222.215 8787 inside 10.11.13.222 8787

 nat server protocol tcp global 111.17.222.215 18080 inside 10.11.13.222 18080

 nat server protocol udp global 111.17.222.215 18080 inside 10.11.13.222 18080

 nat server protocol tcp global 111.17.222.215 8081 inside 10.11.13.208 8081

 nat server protocol udp global 111.17.222.215 8081 inside 10.11.13.208 8081

 nat server protocol tcp global 111.17.222.215 8091 inside 10.11.13.208 8091

 nat server protocol udp global 111.17.222.215 8091 inside 10.11.13.208 8091

 nat server protocol tcp global 111.17.222.215 8090 inside 10.11.13.208 8090

 nat server protocol udp global 111.17.222.215 8090 inside 10.11.13.208 8090

 nat server protocol tcp global 111.17.222.215 8083 inside 10.11.32.50 8083

 nat server protocol udp global 111.17.222.215 8083 inside 10.11.32.50 8083

 nat server protocol tcp global 111.17.222.215 8084 inside 10.11.32.50 8084

 nat server protocol udp global 111.17.222.215 8084 inside 10.11.32.50 8084

 ip address 111.17.222.215 255.255.255.240 

 undo dhcp select server global-pool

 ipsec policy 30

#

interface GigabitEthernet0/2

 port link-mode route

 undo dhcp select server global-pool

#

interface GigabitEthernet0/3

 port link-mode route

 undo dhcp select server global-pool

#

interface GigabitEthernet0/4

 port link-mode route

 undo dhcp select server global-pool

#

interface GigabitEthernet0/5

 port link-mode route

 nat outbound 2000

 nat server protocol udp global 111.17.222.215 82 inside 168.8.100.202 82

 nat server protocol udp global 111.17.222.215 9091 inside 168.8.100.202 9091

 nat server protocol udp global 111.17.222.215 8080 inside 168.8.100.202 8080

 nat server protocol udp global 111.17.222.215 7777 inside 168.8.100.202 7777

 nat server protocol udp global 111.17.222.215 21 inside 168.8.100.202 21

 nat server protocol udp global 111.17.222.215 1082 inside 168.8.100.202 1082

 nat server protocol tcp global 111.17.222.215 82 inside 168.8.100.202 82

 nat server protocol tcp global 111.17.222.215 9091 inside 168.8.100.202 9091

 nat server protocol tcp global 111.17.222.215 8080 inside 168.8.100.202 8080

 nat server protocol tcp global 111.17.222.215 7777 inside 168.8.100.202 7777

 nat server protocol tcp global 111.17.222.215 ftp inside 168.8.100.202 ftp

 nat server protocol udp global 111.17.222.215 8089 inside 168.8.100.202 8089

 nat server protocol tcp global 111.17.222.215 8089 inside 168.8.100.202 8089

 nat server protocol udp global 111.17.222.215 4242 inside 168.8.100.209 4242

 nat server protocol tcp global 111.17.222.215 4242 inside 168.8.100.209 4242

 nat server protocol tcp global 111.17.222.215 4243 inside 168.8.100.209 4243

 nat server protocol udp global 111.17.222.215 4243 inside 168.8.100.209 4243

 nat server protocol tcp global 111.17.222.215 9191 inside 168.8.100.209 8080

 nat server protocol udp global 111.17.222.215 9191 inside 168.8.100.209 8080

 nat server protocol tcp global 111.17.222.215 4244 inside 168.8.100.210 4244

 nat server protocol udp global 111.17.222.215 4244 inside 168.8.100.210 4244

 nat server protocol udp global 111.17.222.215 4245 inside 168.8.100.209 4245

 nat server protocol tcp global 111.17.222.215 4245 inside 168.8.100.209 4245

 nat server protocol tcp global 111.17.222.215 9192 inside 168.8.100.210 9191

 nat server protocol tcp global 111.17.222.215 7778 inside 10.11.13.15 7778

 nat server protocol udp global 111.17.222.215 7778 inside 10.11.13.15 7778

 nat server protocol tcp global 111.17.222.215 8088 inside 10.11.13.15 8088

 nat server protocol tcp global 111.17.222.215 9090 inside 10.11.13.15 9090

 nat server protocol udp global 111.17.222.215 9090 inside 10.11.13.15 9090

 nat server protocol tcp global 111.17.222.215 7070 inside 10.11.13.15 7070

 nat server protocol udp global 111.17.222.215 7070 inside 10.11.13.15 7070

 nat server protocol tcp global 111.17.222.215 5222 inside 10.11.13.15 5222

 nat server protocol udp global 111.17.222.215 5222 inside 10.11.13.15 5222

 nat server protocol tcp global 111.17.222.215 88 inside 10.11.13.15 88

 nat server protocol udp global 111.17.222.215 88 inside 10.11.13.15 88

 nat server protocol tcp global 111.17.222.215 89 inside 10.11.13.15 89

 nat server protocol udp global 111.17.222.215 89 inside 10.11.13.15 89

 nat server protocol udp global 111.17.222.215 8088 inside 10.11.13.15 8088

 nat server protocol tcp global 111.17.222.215 11002 inside 10.11.13.220 11002

 nat server protocol udp global 111.17.222.215 11002 inside 10.11.13.220 11002

 nat server protocol tcp global 111.17.222.215 11003 inside 10.11.13.220 11003

 nat server protocol udp global 111.17.222.215 11003 inside 10.11.13.220 11003

 nat server protocol tcp global 111.17.222.215 10003 inside 10.11.13.220 10003

 nat server protocol udp global 111.17.222.215 10003 inside 10.11.13.220 10003

 nat server protocol tcp global 111.17.222.215 10004 inside 10.11.13.220 10004

 nat server protocol udp global 111.17.222.215 10004 inside 10.11.13.220 10004

 nat server protocol tcp global 111.17.222.215 10005 inside 10.11.13.220 10005

 nat server protocol udp global 111.17.222.215 10005 inside 10.11.13.220 10005

 nat server protocol tcp global 111.17.222.215 10006 inside 10.11.13.220 10006

 nat server protocol udp global 111.17.222.215 10006 inside 10.11.13.220 10006

 nat server protocol tcp global 111.17.222.215 10007 inside 10.11.13.220 10007

 nat server protocol udp global 111.17.222.215 10007 inside 10.11.13.220 10007

 nat server protocol tcp global 111.17.222.215 8787 inside 10.11.13.222 8787

 nat server protocol udp global 111.17.222.215 8787 inside 10.11.13.222 8787

 nat server protocol tcp global 111.17.222.215 18080 inside 10.11.13.222 18080

 nat server protocol udp global 111.17.222.215 18080 inside 10.11.13.222 18080

 nat server protocol tcp global 111.17.222.215 8081 inside 10.11.13.208 8081

 nat server protocol udp global 111.17.222.215 8081 inside 10.11.13.208 8081

 nat server protocol tcp global 111.17.222.215 8091 inside 10.11.13.208 8091

 nat server protocol udp global 111.17.222.215 8091 inside 10.11.13.208 8091

 nat server protocol tcp global 111.17.222.215 8090 inside 10.11.13.208 8090

 nat server protocol udp global 111.17.222.215 8090 inside 10.11.13.208 8090

 nat server protocol tcp global 111.17.222.215 8083 inside 10.11.32.50 8083

 nat server protocol udp global 111.17.222.215 8083 inside 10.11.32.50 8083

 nat server protocol tcp global 111.17.222.215 8084 inside 10.11.32.50 8084

 nat server protocol udp global 111.17.222.215 8084 inside 10.11.32.50 8084

 ip address 10.28.1.2 255.255.255.252 

 ipsec policy 30

#

vd Root id 1

#

zone name Management id 0

 priority 100

 import interface GigabitEthernet0/0

zone name Local id 1

 priority 100

zone name Trust id 2

 priority 85

 import interface GigabitEthernet0/5

zone name DMZ id 3

 priority 50

zone name Untrust id 4

 priority 5

 import interface GigabitEthernet0/1

switchto vd Root

 zone name Management id 0

 ip virtual-reassembly

 zone name Local id 1

 ip virtual-reassembly

 zone name Trust id 2

 ip virtual-reassembly

 zone name DMZ id 3

 ip virtual-reassembly

 zone name Untrust id 4

 ip virtual-reassembly

 interzone source Local destination Untrust

 interzone source Trust destination Untrust

  rule 0 permit 

   source-ip any_address

   destination-ip any_address

   service any_service

   rule enable

 interzone source Untrust destination Local

  rule 0 deny 

   source-ip any_address

   destination-ip any_address

   service telnet

   rule enable

 interzone source Untrust destination Trust

  rule 0 permit 

   source-ip any_address

   destination-ip any_address

   service any_service

   rule enable

 content-filtering url-hostname-entry 1

  url-hostname fix-string mail.163.com

 content-filtering email-address-entry 2

  email-address mail@qq.com

#

 ssl-vpn server-policy access-policy port 64443

 ssl-vpn enable

#

 ip route-static 0.0.0.0 0.0.0.0 111.17.222.209

 ip route-static 10.11.0.0 255.255.0.0 10.28.1.1

 ip route-static 168.8.100.0 255.255.255.0 10.28.1.1

 ip route-static 192.168.1.0 255.255.255.0 10.28.1.1

#

 dhcp enable 

#

 load xml-configuration 

#

 load tr069-configuration

#

user-interface con 0

user-interface vty 0 4

 authentication-mode scheme

#

return

最佳答案

粉丝:6人 关注:1人

5.20的墙都停维护了,之前朋友打400续保然后免费换了个新的7.20的

暂无评论

1 个回答
Xcheng 九段
粉丝:121人 关注:3人

sslvpn配置不全,无法判断。


建议仔细检查配置和设备状态,可通过debug或dis等命令进一步分析确认下并处理


另外此系列产品已停止技术支持,建议考虑采购新设备替换

或联系采购渠道H3C认证代理商沟通相关事宜。

暂无评论

编辑答案

你正在编辑答案

如果你要对问题或其他回答进行点评或询问,请使用评论功能。

分享扩散:

提出建议

    +

亲~登录后才可以操作哦!

确定

亲~检测到您登陆的账号未在http://hclhub.h3c.com进行注册

注册后可访问此模块

跳转hclhub

你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作

举报

×

侵犯我的权益 >
对根叔社区有害的内容 >
辱骂、歧视、挑衅等(不友善)

侵犯我的权益

×

泄露了我的隐私 >
侵犯了我企业的权益 >
抄袭了我的内容 >
诽谤我 >
辱骂、歧视、挑衅等(不友善)
骚扰我

泄露了我的隐私

×

您好,当您发现根叔知了上有泄漏您隐私的内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到pub.zhiliao@h3c.com 邮箱,我们会尽快处理。
  • 1. 您认为哪些内容泄露了您的隐私?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)

侵犯了我企业的权益

×

您好,当您发现根叔知了上有关于您企业的造谣与诽谤、商业侵权等内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到 pub.zhiliao@h3c.com 邮箱,我们会在审核后尽快给您答复。
  • 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
  • 3. 是哪家企业?(营业执照,单位登记证明等证件)
  • 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
我们认为知名企业应该坦然接受公众讨论,对于答案中不准确的部分,我们欢迎您以正式或非正式身份在根叔知了上进行澄清。

抄袭了我的内容

×

原文链接或出处

诽谤我

×

您好,当您发现根叔知了上有诽谤您的内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到pub.zhiliao@h3c.com 邮箱,我们会尽快处理。
  • 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
我们认为知名企业应该坦然接受公众讨论,对于答案中不准确的部分,我们欢迎您以正式或非正式身份在根叔知了上进行澄清。

对根叔社区有害的内容

×

垃圾广告信息
色情、暴力、血腥等违反法律法规的内容
政治敏感
不规范转载 >
辱骂、歧视、挑衅等(不友善)
骚扰我
诱导投票

不规范转载

×

举报说明