zoukankan      html  css  js  c++  java

  • Gre封装

    在防火墙上连  云时,可以用g0/0/0

    在防火墙上不连 云时,一定不用0/0/0 !!!!!!!!!

    交换机什么都不配置。

    FW2:

    interface GigabitEthernet0/0/0
     undo shutdown
     ip address 192.168.1.254 255.255.255.0
     service-manage http permit
     service-manage https permit
     service-manage ping permit
     service-manage ssh permit
     service-manage snmp permit
     service-manage telnet permit
    #
    interface GigabitEthernet1/0/0
     undo shutdown
     ip address 1.1.1.1 255.255.255.0
     service-manage http permit
     service-manage https permit
     service-manage ping permit
     service-manage ssh permit
     service-manage snmp permit
     service-manage telnet permit

    interface Tunnel0
     ip address 10.1.1.1 255.255.255.0
     tunnel-protocol gre
     source 1.1.1.1
     destination 1.1.1.2

    firewall zone trust

    set priority 85

     add interface GigabitEthernet0/0/0


    firewall zone untrust
     set priority 5
     add interface GigabitEthernet1/0/0
     add interface Tunnel0

    ip route-static 192.168.2.0 255.255.255.0 Tunnel0

    security-policy
     default action permit

    FW1:

    interface GigabitEthernet0/0/0

     undo shutdown
     ip address 1.1.1.2 255.255.255.0
     service-manage http permit
     service-manage https permit
     service-manage ping permit
     service-manage ssh permit
     service-manage snmp permit
     service-manage telnet permit
    #
    interface GigabitEthernet1/0/0
     undo shutdown
     ip address 192.168.2.254 255.255.255.0
     service-manage http permit
     service-manage https permit
     service-manage ping permit
     service-manage ssh permit
     service-manage snmp permit
     service-manage telnet permit

    interface Tunnel0

     ip address 10.1.1.2 255.255.255.0
     tunnel-protocol gre
     source 1.1.1.2
     destination 1.1.1.1

    firewall zone trust
     set priority 85
     add interface GigabitEthernet1/0/0
    #
    firewall zone untrust
     set priority 5
     add interface GigabitEthernet0/0/0
     add interface Tunnel0

    ip route-static 192.168.1.0 255.255.255.0 Tunnel0

    把所有的策略都打开:

    security-policy
     default action permit

    FW2:

    把大的策略关闭,此时是ping不通的;

    则写明细策略,会ping通

    security-policy
     rule name trust_untrust
      source-zone trust
      destination-zone untrust
      source-address 192.168.1.0 mask 255.255.255.0
      destination-address 192.168.2.0 mask 255.255.255.0
      service icmp
      action permit
     rule name untrust_local
      source-zone untrust
      destination-zone local
      source-address 1.1.1.0 mask 255.255.255.0
      destination-address 1.1.1.0 mask 255.255.255.0
      service gre
      service icmp
      action permit

    FW1:

     

    把大的策略关闭,此时是ping不通的;

    则写明细策略,会ping通

    同FW2一样,写成明细策略

    GRE也可以使用动态协议。比如:ospf
  • 相关阅读:
    Eclipse中配置约束
    c++ 虚函数
    cocos3 menu
    cocos3 封装一个ball
    cocos3 内存管理机制
    cocos3 多文件拆分cocos
    cocos3 labelttf
    cocos3 messagebox
    cocos3 log
    cocos3 director sprite scene之间的关系
  • 原文地址:https://www.cnblogs.com/mqqq/p/11449413.html
Copyright © 2011-2022 走看看