SSL vpn 配置 后客户端登陆后也获取到对应的IP地址,但业务不同,是否还缺少什么配置。
防火墙的配置如下
[H3C]display curr
# version 5.20, Release 3732
# sysname H3C
# undo voice vlan mac-address 00e0-bb00-0000
# nat address-group 1 10.1.1.1 10.1.1.250 level 1
# domain default enable system
# telnet server enable
# ip ttl-expires enable ip unreachables enable
# undo alg dns
undo alg rtsp
undo alg h323
undo alg sip
undo alg sqlnet
undo alg pptp
undo alg ils
undo alg nbt
undo alg msn
undo alg qq
undo alg tftp
undo alg sccp
undo alg gtp
# session synchronization enable
# password-recovery enable
# blacklist enable blacklist ip 182.118.33.7 blacklist ip 220.181.158.218
# vlan 1
# vlan 2
# vlan 251
# domain system access-limit disable
# pki entity boss common-name BOSS
# pki domain default crl check disable
# user-group system group-attribute allow-guest
# local-user admin password cipher $c$3$fo/cPui8tCAqxC/ch0zMGhtBQ69kcFU6 authorization-attribute level 3 service-type telnet service-type web local-user jscnyc password cipher $c$3$z8LPnXxiQn+odsF4WJpaBC+VA1ZCkJ5CNWI3cM1YxQ== authorization-attribute level 3 service-type telnet service-type web
# ssl server-policy access-policy pki-domain default
# interface NULL0
# interface Vlan-interface2
ip address 172.19.132.15 255.255.255.192
# interface GigabitEthernet0/0
port link-mode route
ip address 172.19.170.189 255.255.255.224
# interface GigabitEthernet0/1
port link-mode route
ip address 172.19.131.165 255.255.255.248
# interface GigabitEthernet0/3
port link-mode route
# interface GigabitEthernet0/4
port link-mode route
# interface GigabitEthernet0/5
port link-mode route
# interface GigabitEthernet0/6
port link-mode route
# interface GigabitEthernet0/7
port link-mode route
# interface GigabitEthernet0/8
port link-mode route
# interface GigabitEthernet0/9
port link-mode route
# interface GigabitEthernet0/10
port link-mode route
# interface GigabitEthernet0/11
port link-mode route
# interface GigabitEthernet0/2
port link-mode bridge
port access vlan 251
# vd Root id 1
# zone name Management id 0
priority 100
import interface GigabitEthernet0/1
zone name Local id 1
priority 100
zone name Trust id 2
priority 85
import interface GigabitEthernet0/0
zone name DMZ id 3
priority 50
zone name Untrust id 4
priority 5
zone name VLAN251 id 6
priority 50
import interface GigabitEthernet0/2 vlan 251
zone name guanliVLAN id 7
priority 10
import interface Vlan-interface2
zone name shangliankou id 8
priority 90
switchto vd Root object service 8080
service tcp source-port 8080 destination-port 8080
zone name Management id 0
ip virtual-reassembly
zone name Local id 1
ip virtual-reassembly
zone name Trust id 2
ip virtual-reassembly
zone name DMZ id 3
ip virtual-reassembly
zone name Untrust id 4
ip virtual-reassembly
zone name VLAN251 id 6
ip virtual-reassembly
zone name guanliVLAN id 7
ip virtual-reassembly
zone name shangliankou id 8
ip virtual-reassembly
interzone source Local destination Untrust
interzone source Trust destination Untrust
interzone source Untrust destination Local
interzone source Untrust destination Trust
interzone source VLAN251 destination shangliankou
rule 0
permit logging
comment 暂时打开外联
source-ip any_address
destination-ip any_address
service any_service interzone source shangliankou destination VLAN251
rule 0 permit logging
source-ip any_address
destination-ip any_address
service http rule enable
# ssl-vpn server-policy access-policy ssl-vpn enable
# ip route-static 0.0.0.0 0.0.0.0 172.19.132.62
ip route-static 0.0.0.0 0.0.0.0 172.19.131.166
ip route-static 172.30.0.0 255.254.0.0 172.19.170.190
# dhcp enable
# ip https ssl-server-policy access-policy
# load xml-configuration
# load tr069-configuration
# user-interface con 0 user-interface vty 0 4 authentication-mode scheme
# return
(0)
最佳答案
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
抄袭了我的内容
×
原文链接或出处
诽谤我
×
对根叔社区有害的内容
×
不规范转载
×
举报说明
暂无评论