Python 官方文档:入门教程 => 点击学习
(3)Customer end: Juniper SRX Firewall (policy based ×××)Phase 1set security ike proposal ike-phase1-proposal authenticat
(3)Customer end: Juniper SRX Firewall (policy based ×××)
Phase 1
set security ike proposal ike-phase1-proposal authentication-method pre-shared-keys
set security ike proposal ike-phase1-proposal dh-group group2
set security ike proposal ike-phase1-proposal authentication-alGorithm md5
set security ike proposal ike-phase1-proposal encryption-algorithm 3Des-cbc
set security ike policy ike-phase1-policy mode main
set security ike policy ike-phase1-policy proposals ike-phase1-proposal
set security ike policy ike-phase1-policy pre-shared-key ascii-text "$9$OmpvBhyleWx-wvWjkq.5TRhSylMLxN-bsKvJG"
set security ike gateway SL ike-policy ike-phase1-policy
set security ike gateway SL address x.x.x.x
set security ike gateway SL external-interface ge-0/0/0.0
2. Phase 2
set security ipsec proposal ipsec-phase2-proposal authentication-algorithm hMac-md5-96
set security ipsec proposal ipsec-phase2-proposal encryption-algorithm 3des-cbc
set security ipsec policy ipsec-phase2-policy perfect-forward-secrecy keys group2
set security ipsec policy ipsec-phase2-policy proposals ipsec-phase2-proposal
set security ipsec *** SL××× ike gateway SL
set security ipsec *** SL××× ike proxy-identity local 192.168.109.0/24
set security ipsec *** SL××× ike proxy-identity remote 10.66.24.0/26
set security ipsec *** SL××× ike proxy-identity service any
set security ipsec *** SL××× ike ipsec-policy ipsec-phase2-policy
3. Security Policy (Inbound)
set security policies from-zone trust to-zone untrust policy outbound_*** match source-address local_network
set security policies from-zone trust to-zone untrust policy outbound_*** match destination-address SL-net
set security policies from-zone trust to-zone untrust policy outbound_*** match application any
set security policies from-zone trust to-zone untrust policy outbound_*** then permit tunnel ipsec-*** SL×××
set security policies from-zone trust to-zone untrust policy outbound_*** then count
4. Security Policy (Outbound)
set security policies from-zone untrust to-zone trust policy inbound_*** match source-address SL-net
set security policies from-zone untrust to-zone trust policy inbound_*** match destination-address local_network
set security policies from-zone untrust to-zone trust policy inbound_*** match application any
set security policies from-zone untrust to-zone trust policy inbound_*** then permit tunnel ipsec-*** SL×××
set security policies from-zone untrust to-zone trust policy inbound_*** then count
5.Routing
set routing-options static route 0.0.0.0/0 next-hop 10.1.1.1
--结束END--
本文标题: IPSec in IBM SoftLay
本文链接: https://www.lsjlt.com/news/183402.html(转载时请注明来源链接)
有问题或投稿请发送至: 邮箱/279061341@qq.com QQ/279061341
下载Word文档到电脑,方便收藏和打印~
2024-03-01
2024-03-01
2024-03-01
2024-02-29
2024-02-29
2024-02-29
2024-02-29
2024-02-29
2024-02-29
2024-02-29
回答
回答
回答
回答
回答
回答
回答
回答
回答
回答
0