zoukankan      html  css  js  c++  java

  • Gre封装

    在防火墙上连  云时,可以用g0/0/0

    在防火墙上不连 云时,一定不用0/0/0 !!!!!!!!!

    交换机什么都不配置。

    FW2:

    interface GigabitEthernet0/0/0
     undo shutdown
     ip address 192.168.1.254 255.255.255.0
     service-manage http permit
     service-manage https permit
     service-manage ping permit
     service-manage ssh permit
     service-manage snmp permit
     service-manage telnet permit
    #
    interface GigabitEthernet1/0/0
     undo shutdown
     ip address 1.1.1.1 255.255.255.0
     service-manage http permit
     service-manage https permit
     service-manage ping permit
     service-manage ssh permit
     service-manage snmp permit
     service-manage telnet permit

    interface Tunnel0
     ip address 10.1.1.1 255.255.255.0
     tunnel-protocol gre
     source 1.1.1.1
     destination 1.1.1.2

    firewall zone trust

    set priority 85

     add interface GigabitEthernet0/0/0


    firewall zone untrust
     set priority 5
     add interface GigabitEthernet1/0/0
     add interface Tunnel0

    ip route-static 192.168.2.0 255.255.255.0 Tunnel0

    security-policy
     default action permit

    FW1:

    interface GigabitEthernet0/0/0

     undo shutdown
     ip address 1.1.1.2 255.255.255.0
     service-manage http permit
     service-manage https permit
     service-manage ping permit
     service-manage ssh permit
     service-manage snmp permit
     service-manage telnet permit
    #
    interface GigabitEthernet1/0/0
     undo shutdown
     ip address 192.168.2.254 255.255.255.0
     service-manage http permit
     service-manage https permit
     service-manage ping permit
     service-manage ssh permit
     service-manage snmp permit
     service-manage telnet permit

    interface Tunnel0

     ip address 10.1.1.2 255.255.255.0
     tunnel-protocol gre
     source 1.1.1.2
     destination 1.1.1.1

    firewall zone trust
     set priority 85
     add interface GigabitEthernet1/0/0
    #
    firewall zone untrust
     set priority 5
     add interface GigabitEthernet0/0/0
     add interface Tunnel0

    ip route-static 192.168.1.0 255.255.255.0 Tunnel0

    把所有的策略都打开:

    security-policy
     default action permit

    FW2:

    把大的策略关闭,此时是ping不通的;

    则写明细策略,会ping通

    security-policy
     rule name trust_untrust
      source-zone trust
      destination-zone untrust
      source-address 192.168.1.0 mask 255.255.255.0
      destination-address 192.168.2.0 mask 255.255.255.0
      service icmp
      action permit
     rule name untrust_local
      source-zone untrust
      destination-zone local
      source-address 1.1.1.0 mask 255.255.255.0
      destination-address 1.1.1.0 mask 255.255.255.0
      service gre
      service icmp
      action permit

    FW1:

     

    把大的策略关闭,此时是ping不通的;

    则写明细策略,会ping通

    同FW2一样,写成明细策略

    GRE也可以使用动态协议。比如:ospf
  • 相关阅读:
    Ubuntu下将python从2.7升级到3.5
    Python:IOError: image file is truncated 的解决办法
    Google Hack
    Python:将utf-8格式的文件转换成gbk格式的文件
    Python:字符编码详解
    IIS下使用appcmd批量搭建网站
    C#:注册机的实现【提供源代码下载】
    C#:实现快捷键自定义设置
    C#:如何解决WebBrowser.DocumentCompleted事件的多次调用
    C#:WebBrowser中伪造referer,为何对流量统计器无效?
  • 原文地址:https://www.cnblogs.com/mqqq/p/11449413.html
Copyright © 2011-2022 走看看