SecPath F100-M-SI无法使用SSLVPN,配置如下请大神指教
- 0关注
- 0收藏,166浏览
问题描述:
配置如下:
#
version 5.20, Release 5142P02
#
sysname FW
#
undo voice vlan mac-address 00e0-bb00-0000
#
ike local-name msr
#
interzone policy default by-priority
#
domain default enable system
#
telnet server enable
#
ip http acl 2030
#
undo alg all
#
session synchronization enable
#
password-recovery enable
#
acl number 2000 match-order auto
rule 0 permit
#
acl number 3009
rule 1 permit ip source 168.8.100.0 0.0.0.255 destination 168.7.100.0 0.0.0.255
#
vlan 1
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
pki entity cs3250
common-name H3C
#
pki domain cs3250
certificate request from ca
certificate request entity cs3250
crl check disable
#
pki domain default
crl check disable
#
ike proposal 30
encryption-algorithm 3des-cbc
dh group2
sa duration 28800
#
ike peer 30
exchange-mode aggressive
pre-shared-key cipher $c$3$U2Fyb9HqrC0AGIPBlrc0UGLhXptovjQi
id-type name
remote-name er
remote-address msr dynamic
nat traversal
#
ipsec transform-set 30
encapsulation-mode tunnel
transform esp
esp authentication-algorithm sha1
esp encryption-algorithm 3des
#
ipsec policy 30 10 isakmp
security acl 3009
ike-peer 30
transform-set 30
sa duration traffic-based 28800
#
ipsec policy 30 30 isakmp
security acl 3009
ike-peer 30
sa duration traffic-based 1843200
sa duration time-based 3600
#
user-group system
group-attribute allow-guest
#
local-user admin
password cipher $c$3$dIkdn2OLeJEqHX6PWIDjD1ngwjkvndMfxuvS
authorization-attribute level 3
service-type telnet
service-type web
#
ssl server-policy access-policy
pki-domain cs3250
#
interface NULL0
#
interface LoopBack0
ip address 168.8.100.254 255.255.255.255
#
interface GigabitEthernet0/0
port link-mode route
ip address 192.168.0.1 255.255.255.0
undo dhcp select server global-pool
#
interface GigabitEthernet0/1
port link-mode route
nat outbound 2000
nat server protocol udp global 111.17.222.215 82 inside 168.8.100.202 82
nat server protocol udp global 111.17.222.215 9091 inside 168.8.100.202 9091
nat server protocol udp global 111.17.222.215 8080 inside 168.8.100.202 8080
nat server protocol udp global 111.17.222.215 7777 inside 168.8.100.202 7777
nat server protocol udp global 111.17.222.215 21 inside 168.8.100.202 21
nat server protocol udp global 111.17.222.215 1082 inside 168.8.100.202 1082
nat server protocol tcp global 111.17.222.215 82 inside 168.8.100.202 82
nat server protocol tcp global 111.17.222.215 9091 inside 168.8.100.202 9091
nat server protocol tcp global 111.17.222.215 8080 inside 168.8.100.202 8080
nat server protocol tcp global 111.17.222.215 7777 inside 168.8.100.202 7777
nat server protocol tcp global 111.17.222.215 ftp inside 168.8.100.202 ftp
nat server protocol tcp global 111.17.222.215 1082 inside 168.8.100.202 1082
nat server protocol tcp global 111.17.222.215 7776 inside 168.8.100.202 7776
nat server protocol udp global 111.17.222.215 7776 inside 168.8.100.202 7776
nat server protocol tcp global 111.17.222.215 8089 inside 168.8.100.202 8089
nat server protocol udp global 111.17.222.215 8089 inside 168.8.100.202 8089
nat server protocol udp global 111.17.222.215 4242 inside 168.8.100.209 4242
nat server protocol tcp global 111.17.222.215 4242 inside 168.8.100.209 4242
nat server protocol tcp global 111.17.222.215 4243 inside 168.8.100.209 4243
nat server protocol udp global 111.17.222.215 4243 inside 168.8.100.209 4243
nat server protocol udp global 111.17.222.215 9191 inside 168.8.100.209 8080
nat server protocol tcp global 111.17.222.215 9191 inside 168.8.100.209 8080
nat server protocol udp global 111.17.222.215 4244 inside 168.8.100.209 4244
nat server protocol tcp global 111.17.222.215 4244 inside 168.8.100.209 4244
nat server protocol tcp global 111.17.222.215 4245 inside 168.8.100.209 4245
nat server protocol udp global 111.17.222.215 4245 inside 168.8.100.209 4245
nat server protocol tcp global 111.17.222.215 9192 inside 168.8.100.210 9191
nat server protocol udp global 111.17.222.215 7778 inside 10.11.13.15 7778
nat server protocol tcp global 111.17.222.215 8088 inside 10.11.13.15 8088
nat server protocol udp global 111.17.222.215 8088 inside 10.11.13.15 8088
nat server protocol tcp global 111.17.222.215 9090 inside 10.11.13.15 9090
nat server protocol udp global 111.17.222.215 9090 inside 10.11.13.15 9090
nat server protocol tcp global 111.17.222.215 7070 inside 10.11.13.15 7070
nat server protocol udp global 111.17.222.215 7070 inside 10.11.13.15 7070
nat server protocol udp global 111.17.222.215 88 inside 10.11.13.15 88
nat server protocol udp global 111.17.222.215 89 inside 10.11.13.15 89
nat server protocol tcp global 111.17.222.215 5222 inside 10.11.13.15 5222
nat server protocol udp global 111.17.222.215 5222 inside 10.11.13.15 5222
nat server protocol tcp global 111.17.222.215 7778 inside 10.11.13.15 7778
nat server protocol tcp global 111.17.222.215 88 inside 10.11.13.15 88
nat server protocol tcp global 111.17.222.215 89 inside 10.11.13.15 89
nat server protocol tcp global 111.17.222.215 11002 inside 10.11.13.220 11002
nat server protocol udp global 111.17.222.215 11002 inside 10.11.13.220 11002
nat server protocol tcp global 111.17.222.215 11003 inside 10.11.13.220 11003
nat server protocol udp global 111.17.222.215 11003 inside 10.11.13.220 11003
nat server protocol tcp global 111.17.222.215 10003 inside 10.11.13.220 10003
nat server protocol udp global 111.17.222.215 10003 inside 10.11.13.220 10003
nat server protocol tcp global 111.17.222.215 10004 inside 10.11.13.220 10004
nat server protocol udp global 111.17.222.215 10004 inside 10.11.13.220 10004
nat server protocol tcp global 111.17.222.215 10005 inside 10.11.13.220 10005
nat server protocol udp global 111.17.222.215 10005 inside 10.11.13.220 10005
nat server protocol tcp global 111.17.222.215 10006 inside 10.11.13.220 10006
nat server protocol udp global 111.17.222.215 10006 inside 10.11.13.220 10006
nat server protocol tcp global 111.17.222.215 10007 inside 10.11.13.220 10007
nat server protocol udp global 111.17.222.215 10007 inside 10.11.13.220 10007
nat server protocol tcp global 111.17.222.215 8787 inside 10.11.13.222 8787
nat server protocol udp global 111.17.222.215 8787 inside 10.11.13.222 8787
nat server protocol tcp global 111.17.222.215 18080 inside 10.11.13.222 18080
nat server protocol udp global 111.17.222.215 18080 inside 10.11.13.222 18080
nat server protocol tcp global 111.17.222.215 8081 inside 10.11.13.208 8081
nat server protocol udp global 111.17.222.215 8081 inside 10.11.13.208 8081
nat server protocol tcp global 111.17.222.215 8091 inside 10.11.13.208 8091
nat server protocol udp global 111.17.222.215 8091 inside 10.11.13.208 8091
nat server protocol tcp global 111.17.222.215 8090 inside 10.11.13.208 8090
nat server protocol udp global 111.17.222.215 8090 inside 10.11.13.208 8090
nat server protocol tcp global 111.17.222.215 8083 inside 10.11.32.50 8083
nat server protocol udp global 111.17.222.215 8083 inside 10.11.32.50 8083
nat server protocol tcp global 111.17.222.215 8084 inside 10.11.32.50 8084
nat server protocol udp global 111.17.222.215 8084 inside 10.11.32.50 8084
ip address 111.17.222.215 255.255.255.240
undo dhcp select server global-pool
ipsec policy 30
#
interface GigabitEthernet0/2
port link-mode route
undo dhcp select server global-pool
#
interface GigabitEthernet0/3
port link-mode route
undo dhcp select server global-pool
#
interface GigabitEthernet0/4
port link-mode route
undo dhcp select server global-pool
#
interface GigabitEthernet0/5
port link-mode route
nat outbound 2000
nat server protocol udp global 111.17.222.215 82 inside 168.8.100.202 82
nat server protocol udp global 111.17.222.215 9091 inside 168.8.100.202 9091
nat server protocol udp global 111.17.222.215 8080 inside 168.8.100.202 8080
nat server protocol udp global 111.17.222.215 7777 inside 168.8.100.202 7777
nat server protocol udp global 111.17.222.215 21 inside 168.8.100.202 21
nat server protocol udp global 111.17.222.215 1082 inside 168.8.100.202 1082
nat server protocol tcp global 111.17.222.215 82 inside 168.8.100.202 82
nat server protocol tcp global 111.17.222.215 9091 inside 168.8.100.202 9091
nat server protocol tcp global 111.17.222.215 8080 inside 168.8.100.202 8080
nat server protocol tcp global 111.17.222.215 7777 inside 168.8.100.202 7777
nat server protocol tcp global 111.17.222.215 ftp inside 168.8.100.202 ftp
nat server protocol udp global 111.17.222.215 8089 inside 168.8.100.202 8089
nat server protocol tcp global 111.17.222.215 8089 inside 168.8.100.202 8089
nat server protocol udp global 111.17.222.215 4242 inside 168.8.100.209 4242
nat server protocol tcp global 111.17.222.215 4242 inside 168.8.100.209 4242
nat server protocol tcp global 111.17.222.215 4243 inside 168.8.100.209 4243
nat server protocol udp global 111.17.222.215 4243 inside 168.8.100.209 4243
nat server protocol tcp global 111.17.222.215 9191 inside 168.8.100.209 8080
nat server protocol udp global 111.17.222.215 9191 inside 168.8.100.209 8080
nat server protocol tcp global 111.17.222.215 4244 inside 168.8.100.210 4244
nat server protocol udp global 111.17.222.215 4244 inside 168.8.100.210 4244
nat server protocol udp global 111.17.222.215 4245 inside 168.8.100.209 4245
nat server protocol tcp global 111.17.222.215 4245 inside 168.8.100.209 4245
nat server protocol tcp global 111.17.222.215 9192 inside 168.8.100.210 9191
nat server protocol tcp global 111.17.222.215 7778 inside 10.11.13.15 7778
nat server protocol udp global 111.17.222.215 7778 inside 10.11.13.15 7778
nat server protocol tcp global 111.17.222.215 8088 inside 10.11.13.15 8088
nat server protocol tcp global 111.17.222.215 9090 inside 10.11.13.15 9090
nat server protocol udp global 111.17.222.215 9090 inside 10.11.13.15 9090
nat server protocol tcp global 111.17.222.215 7070 inside 10.11.13.15 7070
nat server protocol udp global 111.17.222.215 7070 inside 10.11.13.15 7070
nat server protocol tcp global 111.17.222.215 5222 inside 10.11.13.15 5222
nat server protocol udp global 111.17.222.215 5222 inside 10.11.13.15 5222
nat server protocol tcp global 111.17.222.215 88 inside 10.11.13.15 88
nat server protocol udp global 111.17.222.215 88 inside 10.11.13.15 88
nat server protocol tcp global 111.17.222.215 89 inside 10.11.13.15 89
nat server protocol udp global 111.17.222.215 89 inside 10.11.13.15 89
nat server protocol udp global 111.17.222.215 8088 inside 10.11.13.15 8088
nat server protocol tcp global 111.17.222.215 11002 inside 10.11.13.220 11002
nat server protocol udp global 111.17.222.215 11002 inside 10.11.13.220 11002
nat server protocol tcp global 111.17.222.215 11003 inside 10.11.13.220 11003
nat server protocol udp global 111.17.222.215 11003 inside 10.11.13.220 11003
nat server protocol tcp global 111.17.222.215 10003 inside 10.11.13.220 10003
nat server protocol udp global 111.17.222.215 10003 inside 10.11.13.220 10003
nat server protocol tcp global 111.17.222.215 10004 inside 10.11.13.220 10004
nat server protocol udp global 111.17.222.215 10004 inside 10.11.13.220 10004
nat server protocol tcp global 111.17.222.215 10005 inside 10.11.13.220 10005
nat server protocol udp global 111.17.222.215 10005 inside 10.11.13.220 10005
nat server protocol tcp global 111.17.222.215 10006 inside 10.11.13.220 10006
nat server protocol udp global 111.17.222.215 10006 inside 10.11.13.220 10006
nat server protocol tcp global 111.17.222.215 10007 inside 10.11.13.220 10007
nat server protocol udp global 111.17.222.215 10007 inside 10.11.13.220 10007
nat server protocol tcp global 111.17.222.215 8787 inside 10.11.13.222 8787
nat server protocol udp global 111.17.222.215 8787 inside 10.11.13.222 8787
nat server protocol tcp global 111.17.222.215 18080 inside 10.11.13.222 18080
nat server protocol udp global 111.17.222.215 18080 inside 10.11.13.222 18080
nat server protocol tcp global 111.17.222.215 8081 inside 10.11.13.208 8081
nat server protocol udp global 111.17.222.215 8081 inside 10.11.13.208 8081
nat server protocol tcp global 111.17.222.215 8091 inside 10.11.13.208 8091
nat server protocol udp global 111.17.222.215 8091 inside 10.11.13.208 8091
nat server protocol tcp global 111.17.222.215 8090 inside 10.11.13.208 8090
nat server protocol udp global 111.17.222.215 8090 inside 10.11.13.208 8090
nat server protocol tcp global 111.17.222.215 8083 inside 10.11.32.50 8083
nat server protocol udp global 111.17.222.215 8083 inside 10.11.32.50 8083
nat server protocol tcp global 111.17.222.215 8084 inside 10.11.32.50 8084
nat server protocol udp global 111.17.222.215 8084 inside 10.11.32.50 8084
ip address 10.28.1.2 255.255.255.252
ipsec policy 30
#
vd Root id 1
#
zone name Management id 0
priority 100
import interface GigabitEthernet0/0
zone name Local id 1
priority 100
zone name Trust id 2
priority 85
import interface GigabitEthernet0/5
zone name DMZ id 3
priority 50
zone name Untrust id 4
priority 5
import interface GigabitEthernet0/1
switchto vd Root
zone name Management id 0
ip virtual-reassembly
zone name Local id 1
ip virtual-reassembly
zone name Trust id 2
ip virtual-reassembly
zone name DMZ id 3
ip virtual-reassembly
zone name Untrust id 4
ip virtual-reassembly
interzone source Local destination Untrust
interzone source Trust destination Untrust
rule 0 permit
source-ip any_address
destination-ip any_address
service any_service
rule enable
interzone source Untrust destination Local
rule 0 deny
source-ip any_address
destination-ip any_address
service telnet
rule enable
interzone source Untrust destination Trust
rule 0 permit
source-ip any_address
destination-ip any_address
service any_service
rule enable
content-filtering url-hostname-entry 1
url-hostname fix-string mail.163.com
content-filtering email-address-entry 2
email-address mail@qq.com
#
ssl-vpn server-policy access-policy port 64443
ssl-vpn enable
#
ip route-static 0.0.0.0 0.0.0.0 111.17.222.209
ip route-static 10.11.0.0 255.255.0.0 10.28.1.1
ip route-static 168.8.100.0 255.255.255.0 10.28.1.1
ip route-static 192.168.1.0 255.255.255.0 10.28.1.1
#
dhcp enable
#
load xml-configuration
#
load tr069-configuration
#
user-interface con 0
user-interface vty 0 4
authentication-mode scheme
#
return
- 2024-03-09提问
- 举报
-
(0)
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
- 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
- 3. 是哪家企业?(营业执照,单位登记证明等证件)
- 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
抄袭了我的内容
×
原文链接或出处
诽谤我
×
- 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
对根叔社区有害的内容
×
不规范转载
×
举报说明
暂无评论