zoukankan      html  css  js  c++  java

  • Gre封装

    在防火墙上连  云时,可以用g0/0/0

    在防火墙上不连 云时,一定不用0/0/0 !!!!!!!!!

    交换机什么都不配置。

    FW2:

    interface GigabitEthernet0/0/0
     undo shutdown
     ip address 192.168.1.254 255.255.255.0
     service-manage http permit
     service-manage https permit
     service-manage ping permit
     service-manage ssh permit
     service-manage snmp permit
     service-manage telnet permit
    #
    interface GigabitEthernet1/0/0
     undo shutdown
     ip address 1.1.1.1 255.255.255.0
     service-manage http permit
     service-manage https permit
     service-manage ping permit
     service-manage ssh permit
     service-manage snmp permit
     service-manage telnet permit

    interface Tunnel0
     ip address 10.1.1.1 255.255.255.0
     tunnel-protocol gre
     source 1.1.1.1
     destination 1.1.1.2

    firewall zone trust

    set priority 85

     add interface GigabitEthernet0/0/0


    firewall zone untrust
     set priority 5
     add interface GigabitEthernet1/0/0
     add interface Tunnel0

    ip route-static 192.168.2.0 255.255.255.0 Tunnel0

    security-policy
     default action permit

    FW1:

    interface GigabitEthernet0/0/0

     undo shutdown
     ip address 1.1.1.2 255.255.255.0
     service-manage http permit
     service-manage https permit
     service-manage ping permit
     service-manage ssh permit
     service-manage snmp permit
     service-manage telnet permit
    #
    interface GigabitEthernet1/0/0
     undo shutdown
     ip address 192.168.2.254 255.255.255.0
     service-manage http permit
     service-manage https permit
     service-manage ping permit
     service-manage ssh permit
     service-manage snmp permit
     service-manage telnet permit

    interface Tunnel0

     ip address 10.1.1.2 255.255.255.0
     tunnel-protocol gre
     source 1.1.1.2
     destination 1.1.1.1

    firewall zone trust
     set priority 85
     add interface GigabitEthernet1/0/0
    #
    firewall zone untrust
     set priority 5
     add interface GigabitEthernet0/0/0
     add interface Tunnel0

    ip route-static 192.168.1.0 255.255.255.0 Tunnel0

    把所有的策略都打开:

    security-policy
     default action permit

    FW2:

    把大的策略关闭,此时是ping不通的;

    则写明细策略,会ping通

    security-policy
     rule name trust_untrust
      source-zone trust
      destination-zone untrust
      source-address 192.168.1.0 mask 255.255.255.0
      destination-address 192.168.2.0 mask 255.255.255.0
      service icmp
      action permit
     rule name untrust_local
      source-zone untrust
      destination-zone local
      source-address 1.1.1.0 mask 255.255.255.0
      destination-address 1.1.1.0 mask 255.255.255.0
      service gre
      service icmp
      action permit

    FW1:

     

    把大的策略关闭,此时是ping不通的;

    则写明细策略,会ping通

    同FW2一样,写成明细策略

    GRE也可以使用动态协议。比如:ospf
  • 相关阅读:
    linux_java_同时启动三个项目脚本
    Python 项目-飞机大战_02.飞机大战-2
    Python 项目-飞机大战_01.飞机大战-1
    Mysql为什么要使用视图?
    Python语法基础_10.加强练习
    Python语法基础_09.面向对象3、异常、模块
    crontab--设置周期性被执行的指令
    面试者应向公司问什么问题?
    简单的触发黑名单阻断演示 control+c
    SetConsoleCtrlHandler演示
  • 原文地址:https://www.cnblogs.com/mqqq/p/11449413.html
Copyright © 2011-2022 走看看