[Quidway]dis cu
#
sysname Quidway
#
l2tp enable
#
local-user admin password simple admin
local-user admin service-type telnet
local-user admin level 3
local-user vpdnuser password simple user
local-user vpdnuser service-type ppp
local-user vpdnuser1 password simple user1
local-user vpdnuser1 service-type ppp
local-user vpdnuser2 password simple user2
local-user vpdnuser2 service-type ppp
local-user vpdnuser3 password simple user3
local-user vpdnuser3 service-type ppp
local-user vpdnuser4 password simple user4
local-user vpdnuser4 service-type ppp
local-user vpdnuser5 password simple user5
local-user vpdnuser5 service-type ppp
local-user vpdnuser6 password simple user6
local-user vpdnuser6 service-type ppp
local-user vpdnuser7 password simple user7
local-user vpdnuser7 service-type ppp
local-user vpdnuser8 password simple user8
local-user vpdnuser8 service-type ppp
local-user vpdnuser9 password simple user9
local-user vpdnuser9 service-type ppp
local-user vpdnuser10 password simple user10
local-user vpdnuser10 service-type ppp
local-user quidway password simple guofeng
local-user quidway service-type terminal telnet
local-user quidway level 3
#
ip pool 1 192.168.1.2 192.168.1.100
#
aaa enable
#
#
firewall enable
#
isp domain sina.com.cn
dns primary 202.102.192.68
dns secondary 202.102.199.68
#
interface Virtual-Template1
ppp authentication-mode pap
ip address 192.168.1.1 255.255.255.0
remote address pool 1
#
interface Aux0
async mode flow
link-protocol ppp
#
interface Ethernet0/0
ip address 218.22.38.xx 255.255.255.0
firewall packet-filter 3001 inbound
firewall packet-filter 3001 outbound
nat outbound 2001
nat server protocol tcp global 218.22.38.210 www inside 192.168.0.59 www
#
interface Ethernet0/1
ip address 192.168.0.2 255.255.255.0
#
interface NULL0
#
acl number 2001
rule 0 permit source 192.168.0.0 0.0.0.255
#
acl number 3001
rule 0 deny tcp destination-port eq 135
rule 1 deny tcp destination-port eq 139
rule 2 deny tcp destination-port eq 4444
rule 3 deny tcp destination-port eq 5554
rule 4 deny udp destination-port eq tftp
rule 6 deny tcp source-port eq 5554 destination-port eq 9995
rule 7 deny tcp source-port eq 5554 destination-port eq 9996
rule 9 deny tcp destination-port eq 136
rule 10 deny tcp destination-port eq 138
rule 13 deny udp destination-port eq 135
rule 14 deny udp destination-port eq 136
rule 15 deny udp destination-port eq 389
rule 16 deny udp destination-port eq 445
rule 17 deny tcp destination-port eq 4899
rule 18 deny tcp destination-port eq sunrpc
rule 19 deny tcp destination-port eq 6588
rule 20 deny tcp destination-port eq 1978
rule 21 deny tcp destination-port eq 593
rule 22 deny tcp destination-port eq 3389
rule 23 deny tcp destination-port eq 137
rule 24 deny udp destination-port eq snmp
rule 26 deny tcp destination-port eq 445
rule 27 deny tcp destination-port eq 2745
rule 28 deny tcp destination-port eq 1080
rule 29 deny tcp destination-port eq 6129
rule 30 deny tcp destination-port eq 3127
rule 31 deny tcp destination-port eq 3128
rule 32 deny udp destination-port eq netbios-dgm
rule 33 deny udp destination-port eq netbios-ns
rule 34 deny tcp destination-port eq 5800
rule 35 deny tcp destination-port eq 6667
rule 36 deny tcp destination-port eq 1025
rule 38 deny tcp destination-port eq 1068
rule 39 deny tcp destination-port eq 9995
rule 40 deny udp destination-port eq netbios-ssn
rule 41 deny tcp destination-port eq 539
rule 42 deny udp destination-port eq 539
rule 43 deny udp destination-port eq 1434
rule 44 deny udp destination-port eq 593
#
l2tp-group 1
undo tunnel authentication
mandatory-lcp
allow l2tp virtual-template 1
#
ip route-static 0.0.0.0 0.0.0.0 218.22.38.209 preference 60
#
snmp-agent
snmp-agent local-engineid 000007DB7F000001000075A7
snmp-agent sys-info version v3
#
user-interface con 0
authentication-mode local
user-interface aux 0
user-interface vty 0 4
authentication-mode local
#
return
WINDOWS客户端需要配置禁用IPSEC加密:
修改注册表:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Parameters
下修改ProhibitIPSec,值为,1.
|