IT运维管理,创造商业价值!
中国IT运维网首页 | 资讯中心 | 运维管理 | 信息安全 | CIO视界 | 云计算 | 最佳案例 | 运维资源 | 专题策划 | 知识库 | 论坛

secpath 1800F典型组网案例

2007年04月29日
/

需求:

1、透明模式

2、NAT+多出口</P>

3、进行P2P限制


#
acl number 2000
rule 0 permit
acl number 2001
rule 0 permit
#
acl number 3000
de***ion "policy route"
rule 0 permit ip source 60.2.1.100 0
acl number 3001
rule 0 permit ip source 192.168.1.0 0.0.0.255
#
sysname Eudemon
#
firewall packet-filter default permit interzone local trust direction inbound
firewall packet-filter default permit interzone local trust direction outbound
firewall packet-filter default permit interzone local untrust direction inbound
firewall packet-filter default permit interzone local untrust direction outbound
firewall packet-filter default permit interzone local DMZ direction inbound
firewall packet-filter default permit interzone local DMZ direction outbound
firewall packet-filter default permit interzone local edu direction inbound
firewall packet-filter default permit interzone local edu direction outbound
firewall packet-filter default permit interzone trust untrust direction inbound
firewall packet-filter default permit interzone trust untrust direction outbound
firewall packet-filter default permit interzone trust DMZ direction inbound
firewall packet-filter default permit interzone trust DMZ direction outbound
firewall packet-filter default permit interzone trust edu direction inbound
firewall packet-filter default permit interzone trust edu direction outbound
firewall packet-filter default permit interzone DMZ untrust direction inbound
firewall packet-filter default permit interzone DMZ untrust direction outbound
firewall packet-filter default permit interzone edu untrust direction inbound
firewall packet-filter default permit interzone edu untrust direction outbound
firewall packet-filter default permit interzone DMZ edu direction inbound
firewall packet-filter default permit interzone DMZ edu direction outbound
#
nat address-group 0 70.1.1.1 70.1.1.5
#
firewall mode route
#
firewall statistic system enable
firewall p2p-car default-permit
firewall p2p-car cir 10000
firewall p2p-car cir 20000 1 bb
firewall p2p-car cir 20000 2 bb
#
traffic classifier edu_route_cls
if-match acl 3000
#
traffic behavior edu_route_behav
remark ip-nexthop 60.1.1.100 output-interface Ethernet4/0/1
#
qos policy edu_route_qos
classifier edu_route_cls behavior edu_route_behav
#
interface Aux0
async mode flow
link-protocol ppp
#
interface Ethernet0/0/0
#
interface Ethernet0/0/1
#
interface Ethernet4/0/0
de***ion text "intranet"
ip address 60.2.1.1 255.255.255.0
#
interface Ethernet4/0/1
de***ion "edu"
ip address 60.1.1.1 255.255.255.0
#
interface Ethernet4/0/2
de***ion "telecom"
ip address 70.1.1.1 255.255.255.0
#
interface Ethernet4/0/3
#
interface Ethernet4/0/4
#
interface Ethernet4/0/5
#
interface Ethernet4/0/6
#
interface Ethernet4/0/7
#
interface GigabitEthernet1/0/0
#
interface GigabitEthernet2/0/0
#
interface NULL0
#
time-range bb 00:00 to 24:00 daily
#
firewall zone local
set priority 100
#
firewall zone trust
set priority 85
qos apply policy edu_route_qos outbound
add interface Ethernet4/0/0
#
firewall zone untrust
set priority 5
add interface Ethernet4/0/2
#
firewall zone DMZ
set priority 50
#
firewall zone name edu
set priority 6
add interface Ethernet4/0/1
#
firewall interzone local trust
#
firewall interzone local untrust
#
firewall interzone local DMZ
#
firewall interzone local edu
#
firewall interzone trust untrust
packet-filter 2000 outbound
nat outbound 2001 address-group 0
detect ftp
detect h323
detect sip
detect pptp
detect hwcc
detect http
detect netbios
detect rtsp
detect qq
detect msn
#
firewall interzone trust DMZ
#
firewall interzone trust edu
p2p-car 3001
packet-filter 2000 outbound
detect ftp
detect h323
detect sip
detect pptp
detect hwcc
detect http
detect netbios
detect rtsp
detect qq
detect msn
#
firewall interzone DMZ untrust
#
firewall interzone edu untrust
#
firewall interzone DMZ edu
#
aaa
authentication-scheme default
#
authorization-scheme default
#
accounting-scheme default
#
domain default
#
ip route-static 0.0.0.0 0.0.0.0 70.1.1.100
#
user-interface con 0
user-interface aux 0
user-interface vty 0 4
#
return


发表评论请到:http://bbs.cnitom.com

相关阅读

图文热点

UTM安全革命:谁说鱼与熊掌不能兼得?
UTM安全革命:谁说鱼与熊掌不能兼得?随着市场和技术的发展,很多用户发现自己采购的UTM产品很象是瑞士军刀仅限于单功...
UTM革命:“一键配置”轻松搞定网关安全
UTM革命:“一键配置”轻松搞定网关安全发布时间:2009-9-14 15:09:33 UTM 革命:一键配置搞定网关安全 摘要:联想网御 P...

本类热点