首页 科技问答 N2v4EG,msr3610+VPN连不上,外网正常。

N2v4EG,msr3610+VPN连不上,外网正常。

科技问答 192
1676733183,CRM论坛(CRMbbs.com)——一个让用户更懂CRM的垂直性行业内容平台,CRM论坛致力于互联网、客户管理、销售管理、SCRM私域流量内容输出5年。 如果您有好的内容,欢迎向我们投稿,共建CRM多元化生态体系,创建CRM客户管理一体化生态解决方案。内容来源:知了社区

问题描述:

# version 7.1.064, Release 0615P15 

# sysname H3C 

# clock timezone Beijing add 08:00:00 clock protocol none 

# telnet server enable 

# dhcp enable dhcp server always-broadcast 

# dns proxy enable 

# password-recovery enable 

# vlan 1 

# vlan 10 

# dhcp server ip-pool lan1 

 gateway-list 192.168.238.1 

 network 192.168.238.0 mask 255.255.255.128 

 address range 192.168.238.2 192.168.238.126 

 dns-list

# controller Cellular0/0 

# interface Virtual-Template0 

# interface NULL0 

# interface GigabitEthernet0/0 port link-mode route ip address 192.168.238.1 255.255.255.128 tcp mss 1280 

# interface GigabitEthernet0/1 port link-mode route 

# interface GigabitEthernet0/2 port link-mode route combo enable copper 

# interface GigabitEthernet0/3 

 port link-mode route 

 description Multiple_Line 

 bandwidth 100000 

 combo enable copper 

 ip address 42.176.179.45 255.255.255.0 

 dns server

 dns server

 nat outbound 

 ipsec apply policy DIDI 

# interface GigabitEthernet0/4 

 port link-mode route 

# interface GigabitEthernet0/5 

 port link-mode route

 # security-zone name Local 

# security-zone name Trust 

# security-zone name DMZ 

# security-zone name Untrust 

# security-zone name Management 

# scheduler logfile size 16 

# line class console user-role network-admin 

# line class tty user-role network-operator 

# line class usb user-role network-admin 

# line class vty user-role network-operator 

# line con 0 user-role network-admin 

# line vty 0 63 authentication-mode scheme user-role network-operator 

# ip route-static 0.0.0.0 0 GigabitEthernet0/3 42.176.179.1 

# ssh server enable sftp server enable scp server enable

# acl advanced 3999 

 rule 0 permit ip source 192.168.238.0 0.0.0.127 destination 10.91.130.0 0.0.0.255 

 rule 5 permit ip source 192.168.238.0 0.0.0.127 destination 10.91.131.0 0.0.0.255 

rule 10 permit ip source 192.168.238.0 0.0.0.127 destination 10.91.132.0 0.0.0.255  

rule 15 permit ip source 192.168.238.0 0.0.0.127 destination 10.91.133.0 0.0.0.255  

rule

rule 25 permit ip source 192.168.238.0 0.0.0.127 destination 10.85.128.0 0.0.0.255 

# password-control enable 

 undo password-control aging enable 

 undo password-control history enable 

 password-control length 6 

 password-control login-attempt 3 exceed lock-time 10 

 password-control update-interval 0 

 password-control login idle-time 0 

 password-control complexity user-name check 

# domain system 

# domain default enable system 

# role name level-0 description Predefined level-0 role 

# role name level-1 description Predefined level-1 role

 # role name level-2 description Predefined level-2 role 

# role name level-3 description Predefined level-3 role 

# role name level-4 description Predefined level-4 role 

# role name level-5 description Predefined level-5 role 

# role name level-6 description Predefined level-6 role 

# role name level-7 description Predefined level-7 role 

# role name level-8 description Predefined level-8 role 

# role name level-9 description Predefined level-9 role 

# role name level-10 description Predefined level-10 role 

# role name level-11 description Predefined level-11 role 

# role name level-12 description Predefined level-12 role 

# role name level-13 description Predefined level-13 role 

# role name level-14 description Predefined level-14 role 

# user-group system 

# local-user admin class manage service-type ssh telnet terminal http https 

 authorization-attribute user-role network-admin 

# ipsec transform-set DIDI 

 esp encryption-algorithm 3des-cbc 

 esp authentication-algorithm sha1 pfs dh-group2 

# ipsec policy DIDI 65535 isakmp 

 transform-set DIDI 

 security acl 3999 

 remote-address 114.247.106.82 

 ike-profile DIDI 

 sa duration time-based 3600 

 sa duration traffic-based 1843

# ike profile DIDI 

 keychain DIDI 

 dpd interval 10 on-demand 

 local-identity address 42.176.179.45 

 match remote identity address 114.247.106.82 255.255.255.255 

 proposal 65535 

# ike proposal 65535 encryption-algorithm 3des-cbc 

 dh group2 

# ike keychain DIDI 

pre-shared-key address 114.247.106.82 255.255.255.255 key cipher $c$3$vd4S9WVnSj6nn6n5BtmMFv4a/2r0DO0srd4L1g== 

# ip http enable 

# wlan global-configuration 

# wlan ap-group default-group 

# cloud-management server domain oasis.h3c.com 

return


组网及组网描述:


8小时前提问

看上去,外网口 nat outbound后面没有拒绝感兴趣流,应该nat outbound后会跟acl,acl的内容是拒绝了感兴趣流,然后允许其他通过

8小时前回答

暂无


这个路由器WEB界面子网掩码让填的是反掩码,所以按反掩码填的。

8小时前回答

暂无

你正在,msr3610+VPN连不上,外网正常。

console

相关推荐

热门文章

广告

文章目录

    标签列表

    扫码二维码

    本站内容源自互联网,如有内容侵犯了您的权益,请联系删除相关内容。

    Copyright © 2019-2023 CRM论坛. All Rights Reserved. |文章投稿|关于CRM论坛|豫ICP备17017144号
    Theme By CATBEI