第一范文网 - 专业文章范例文档资料分享平台

配置SRX Dyamic VPN(version 2)

来源:用户分享 时间:2025/5/21 9:48:23 本文由loading 分享 下载这篇文档手机版
说明:文章内容仅供预览,部分内容可能不全,需要完整文档或者需要复制内容,请下载word后使用。下载word有问题请添加微信号:xxxxxxx或QQ:xxxxxx 处理(尽可能给您提供完整文档),感谢您的支持与谅解。

具体配置过程如下所示:

step1: Access configuration

定义Web登录的用户名和密码以及定义RADIUS服务器。此处的web-authentication是采用RADIUS服务器进行认证的。 root# show access

profile ACS_Radius { //定义RADIUS认证服务器,用于进行用户名和密码的认证 authentication-order radius; radius-server {

60.60.60.1 secret \/CtOIE\ } }

profile dynamic_vpn { //定义本地认证数据库,包括用户名和密码 client luhongc { firewall-user {

password \/t1RSM87uO87-V4oz369uOIEclvW\ ## SECRET-DATA } }

client vpntest1 { firewall-user {

password \ ## SECRET-DATA } } }

firewall-authentication { web-authentication {

default-profile ACS_Radius; //此处用RADIUS进行WEB登录认证,也可以使用本地认证dynamic_vpn banner {

success \ } } }

注意:如果WEB认证出现问题,需要设置DEBUG来排错。

set system processes general-authentication-service traceoptions flag all 查看LOG信息:

root# run show log authd

Step2 HTTPS configuration - HTTPS配置

root# show system services web-management https system-generated-certificate;

interface [ ge-0/0/15.0 ge-0/0/0.0 ];

step3 IKE/IPSEC configuration

注意:需要为每一个Remote Access VPN拔号用户设置一个IKE GATEWAY(Phase I)和VPN(Phase II)。现在客户这边准备5个测试用户:分别为vpntest1,vpntest2,vpntest3, vpntest4, vpntest5

IKE Phase I configuration: IKE Phase I配置 root# show security ike traceoptions {

file IKE size 4m; flag all; }

proposal phase1-proposal {

authentication-method pre-shared-keys; dh-group group2;

authentication-algorithm md5; encryption-algorithm des-cbc; lifetime-seconds 86400; }

policy ike-policy {

mode aggressive;

proposals phase1-proposal;

pre-shared-key ascii-text \}

gateway ike-gateway1 { ike-policy ike-policy;

dynamic hostname luhongc; external-interface ge-0/0/0.0; xauth access-profile ACS_Radius; }

gateway ike-vpntest5 {

ike-policy ike-policy;

dynamic hostname vpntest5; external-interface ge-0/0/0.0; xauth access-profile ACS_Radius; }

gateway ike-vpntest4 { ike-policy ike-policy;

dynamic hostname vpntest4; external-interface ge-0/0/0.0; xauth access-profile ACS_Radius; }

gateway ike-vpntest3 { ike-policy ike-policy;

dynamic hostname vpntest3; external-interface ge-0/0/0.0; xauth access-profile ACS_Radius; }

gateway ike-vpntest2 { ike-policy ike-policy;

dynamic hostname vpntest2; external-interface ge-0/0/0.0; xauth access-profile ACS_Radius; }

gateway ike-vpntest1 { ike-policy ike-policy;

dynamic hostname vpntest1; external-interface ge-0/0/0.0; xauth access-profile ACS_Radius; }

IPsec(Phase 2) configuration: 定义IPSEC VPN Phase 2的参数 root# show security ipsec traceoptions { flag all; }

proposal phase2-proposal { protocol esp;

authentication-algorithm hmac-sha1-96; encryption-algorithm 3des-cbc; }

policy ipsec-policy {

perfect-forward-secrecy { keys group2; }

proposals phase2-proposal; }

vpn dynamic-vpn-test { ike {

gateway ike-gateway1; ipsec-policy ipsec-policy; }

establish-tunnels on-traffic; }

vpn dynamic-vpntest1 { ike {

gateway vpn-test1-gw; ipsec-policy ipsec-policy; }

establish-tunnels on-traffic; }

vpn dynamic-vpntest2 { ike {

gateway ike-vpntest2; ipsec-policy ipsec-policy; }

establish-tunnels on-traffic; }

vpn dynamic-vpntest3 { ike {

gateway ike-vpntest3; ipsec-policy ipsec-policy; }

establish-tunnels on-traffic; }

vpn dynamic-vpntest4 { ike {

gateway ike-vpntest4; ipsec-policy ipsec-policy; }

establish-tunnels on-traffic; }

vpn dynamic-vpntest5 { ike {

gateway ike-vpntest5; ipsec-policy ipsec-policy; }

搜索更多关于: 配置SRX Dyamic VPN(version 2) 的文档
配置SRX Dyamic VPN(version 2).doc 将本文的Word文档下载到电脑,方便复制、编辑、收藏和打印
本文链接:https://www.diyifanwen.net/c1nzcp837xm3bj0x6hx0q_2.html(转载请注明文章来源)
热门推荐
Copyright © 2012-2023 第一范文网 版权所有 免责声明 | 联系我们
声明 :本网站尊重并保护知识产权,根据《信息网络传播权保护条例》,如果我们转载的作品侵犯了您的权利,请在一个月内通知我们,我们会及时删除。
客服QQ:xxxxxx 邮箱:xxxxxx@qq.com
渝ICP备2023013149号
Top