zoukankan      html  css  js  c++  java
  • Gre封装

    在防火墙上连  云时,可以用g0/0/0

    在防火墙上不连 云时,一定不用0/0/0 !!!!!!!!!

    交换机什么都不配置。

    FW2:

    interface GigabitEthernet0/0/0
     undo shutdown
     ip address 192.168.1.254 255.255.255.0
     service-manage http permit
     service-manage https permit
     service-manage ping permit
     service-manage ssh permit
     service-manage snmp permit
     service-manage telnet permit
    #
    interface GigabitEthernet1/0/0
     undo shutdown
     ip address 1.1.1.1 255.255.255.0
     service-manage http permit
     service-manage https permit
     service-manage ping permit
     service-manage ssh permit
     service-manage snmp permit
     service-manage telnet permit

    interface Tunnel0
     ip address 10.1.1.1 255.255.255.0
     tunnel-protocol gre
     source 1.1.1.1
     destination 1.1.1.2

    firewall zone trust

    set priority 85

     add interface GigabitEthernet0/0/0


    firewall zone untrust
     set priority 5
     add interface GigabitEthernet1/0/0
     add interface Tunnel0

    ip route-static 192.168.2.0 255.255.255.0 Tunnel0

    security-policy
     default action permit

    FW1:

    interface GigabitEthernet0/0/0

     undo shutdown
     ip address 1.1.1.2 255.255.255.0
     service-manage http permit
     service-manage https permit
     service-manage ping permit
     service-manage ssh permit
     service-manage snmp permit
     service-manage telnet permit
    #
    interface GigabitEthernet1/0/0
     undo shutdown
     ip address 192.168.2.254 255.255.255.0
     service-manage http permit
     service-manage https permit
     service-manage ping permit
     service-manage ssh permit
     service-manage snmp permit
     service-manage telnet permit

    interface Tunnel0

     ip address 10.1.1.2 255.255.255.0
     tunnel-protocol gre
     source 1.1.1.2
     destination 1.1.1.1

    firewall zone trust
     set priority 85
     add interface GigabitEthernet1/0/0
    #
    firewall zone untrust
     set priority 5
     add interface GigabitEthernet0/0/0
     add interface Tunnel0

    ip route-static 192.168.1.0 255.255.255.0 Tunnel0

    把所有的策略都打开:

    security-policy
     default action permit

    FW2:

    把大的策略关闭,此时是ping不通的;

    则写明细策略,会ping通

    security-policy
     rule name trust_untrust
      source-zone trust
      destination-zone untrust
      source-address 192.168.1.0 mask 255.255.255.0
      destination-address 192.168.2.0 mask 255.255.255.0
      service icmp
      action permit
     rule name untrust_local
      source-zone untrust
      destination-zone local
      source-address 1.1.1.0 mask 255.255.255.0
      destination-address 1.1.1.0 mask 255.255.255.0
      service gre
      service icmp
      action permit

    FW1:

     

    把大的策略关闭,此时是ping不通的;

    则写明细策略,会ping通

    同FW2一样,写成明细策略

    GRE也可以使用动态协议。比如:ospf

  • 相关阅读:
    SQL Server 数据库镜像
    SQL Server跨服务器查询
    doi
    通过Http接口及SolrNet 两种方法基于Solr5.5.1 实现CURD
    调整SQLServer最大服务器内存参数后实例停止且无法启动
    在windows server 2012/2016上,任务管理器性能页面增加磁盘监控的办法
    Windows Server 2016 启用完整版任务管理器
    solr如何让全词匹配结果在最前面
    C#的两种类据类型:值类型和引用类型
    Web of Science API
  • 原文地址:https://www.cnblogs.com/mqqq/p/11449413.html
Copyright © 2011-2022 走看看