2023年6月25日发(作者：)

display current-configuration

detect h323

d

09:29:14 2016/03/17

detect qq

#

sysname USG2200

detect

#s

l2tp enabledetect netbi

undo l2tp domain suffix-separator @

undo tunnel authentic

#i

ike dpd interval 10

allow l2tp

#i

firewall packet-filter default permit interzone local trust direction

inbound unicast

undo synchronization

#

firewall packet-filter default permit interzone local trust direction

outbound

local-user user2

firewall packet-filter default permit interzone local untrust direction

inbound

local-user user3 password cipher %$%$`;WkNM${E;O=5--=%y

firewall packet-filter default permit interzone local untrust direction

outboundal-user user3 service-type ppp

local-user use

authentication-mode vpndb

#

nat server 1 protocol udp global 218.56.104.*** any inside 192.100.7.73

anyheme

authorization-mode vpndb

#

ip df-unreachables enableaccounting-scheme default

#

firewall ipv6 session link-state checkfault domain dot1x

firewall ipv6 statistic system enable

authentication-scheme

#

dns resolve

firewall defend syn-flood enable

firewall defend arp-flood enable

firewall defend sip-flood enable

firewall defend udp-flood fingerprint-hit destination-max-rate 5

firewall defend udp-flood fingerprint-hit source-max-rate 3

firewall defend sip-flood port range 1 65535

#

firewall statistic system enable

#

pki certificate access-control-policy default permit

#

dns proxy enable

#

license-server domain

#

web-manager enable

web-manager security enable port 8443

#

user-manage web-authentication security port 8888

#

#

radius-server template

#

#

ldap-server template

ldap-server authentication base-dn dc=my-domain,dc=com

ldap-server group-filter ou

ldap-server authentication-filter (objectclass=*)

ldap-server user-filter cn

ldap-server server-type ad-ldap

#

acl number 2001

rule 5 permit source 192.100.7.0 0.0.0.255

rule 10 permit source 10.10.10.0 0.0.0.255

rule 15 permit source 192.168.0.0 0.0.0.255

# acl number 3000

rule 5 permit udp source-port eq 1701

rule 10 permit udp destination-port eq 1701

#

acl number 3001

#

ike proposal 1

encryption-algorithm 3des-cbc

dh group2 group1

integrity-algorithm aes-xcbc-96 hmac-sha1-96 hmac-md5-96

#

ike peer ike2

exchange-mode auto

ike negotiate compatible

pre-shared-key %$%$sEPH;hfv{*71&V3Zc:QS^C:1%$%$

ike-proposal 1

remote-id-type none

#

ipsec proposal prop2

encapsulation-mode auto

esp authentication-algorithm sha1

esp encryption-algorithm 3des

#

ipsec policy-template tpl2 1

security acl 3000

security acl public-ip-transparent

ike-peer ike2

alias celue1

scenario point-to-multipoint l2tp-user-access

proposal prop2

local-address applied-interface

sa duration traffic-based 1843200

sa duration time-based 3600

#

ipsec policy ipsec2011158331 10000 isakmp template tpl

#

interface Cellular0/1/0

link-protocol ppp

#

interface Cellular0/1/1

link-protocol ppp #

interface Virtual-Template0

ppp authentication-mode chap pap

alias L2TP_LNS_0

remote address pool

#

interface GigabitEthernet0/0/0

ip address 10.10.10.1 255.255.255.0

#

interface GigabitEthernet0/0/1

ip address 218.56.104.*** 255.255.255.252

ipsec policy ipsec2011158331 auto-neg

nat enable

detect ftp

#

interface NULL0

alias NULL0

#

firewall zone local

set priority 100

#

firewall zone trust

set priority 85

detect ftp

detect rtspentication

detect mms

Us

detect mgcp

Username

detect sipsername:

detect pptpme:admin

detect sqlnetword:*

detect h323n failed!

detect qq

Use

detect msn

Usernam

detect dns P

detect ils*****

detect netbiosICE:This is a p

add interface GigabitEthernet0/0/0

#

firewall zone untrustccess or use may lead

set priority 5

detect ftp

detect rtsp

Warn

detect mmsefault auth

detect mgcpthod and pas

detect sipsole.

detect pptp

detect sqlnet

detect h323G2200>

detect qqor the sak

detect msny, please m

detect dnsiginal pass

detect ilsuser.

detect netbios

add interface GigabitEthernet0/0/1

display cyrrent-c

#f

firewall zone dmz

set priority 50 ^

detect ftp

Erro

detect rtspmeter found

detect mmsion.

detect mgcp

detect sip

detect ftp

09

detect rtsp03/17

detect mms

#

sysnam

detect mgcp detect sipble

detect pptpp domain suf

detect sqlnet

detect h323

#

detect qqterval 10

detect dns

#

detect ilsket-filter

detect netbiosnterzone local

#u

firewall zone name us2

set priority 66

detect ftp

fir

detect rtspfilter defau

detect mmsterzone loc

detect mgcpction outbou

detect sip

detect pptp

detect sqlnet

detect h323packet-filte

detect qqermit inte

detect dnsuntrust dir

detect ilsnd

detect netbios

#

firewall interzone local trust

detect dns

detect ils

detect netbios

firew

#l

firewall interzone local untrusterzone local dmz direction outbo

detect ftp

detect mms

detect mgcp detect pptpwall packet-

detect siplt permit i

detect sqlnetus1 direction

detect h323

detect rtsp

detect qq

detect msn

firewall

detect dnsr default p

detect ilsone local u

detect netbiosbound

#

firewall interzone local dmz

detect ftpall packet-

detect mmslt permit i

detect mgcpt untrust di

detect pptpnd

detect sip

detect sqlnet

detect h323

firewal

detect rtsper default p

detect qqzone

detect msn

detect

detect mms

firewal

detect mgcper default p

detect pptpne trust dmz

detect siputbound

detect sqlnet

detect h323

detect rtsp

firewa

detect qqilter defa

detect dnsnterzone dm

detect ilsrection inb

detect netbios

#

firewall interzone local us2

firewall detect ftpr default p

detect mmsone dmz unt

detect mgcpn outbound

detect pptp

detect sip

detect sqlnet

detect h323r 0 protocol

detect rtsp18.56.104.18

detect qqe 192.100.

detect dns

detect ils

detect netbios

#

firewall interzone trust untrustlobal 218.56.104.*** any inside

detect ftp any

detect mms

detect mgcp

detect pptp

#

detect siphables enab

detect sqlnet

#

detect h323v6 session

detect r

firewall defend http-flood

detect ftp

detect mms

firewa

detect mgcpt-scan enabl

detect pptp

detect sipewall defen

detect sqlnetle

detect h323

firew

detect rtspmp-flood ena

detect qq

detect msn

firewal

detect dns-flood enab detect ils

detect netbioswall defend syn

#l

firewall interzone trust us1

firewall defen

detect ftpenable

detect mms

detect mgcp defend sip-

detect pptp

detect sip

fir

detect sqlnetp-flood finger

detect h323tination-max

detect rtsp

detect qq

detect dns

detect ilsdefend udp-

detect netbiost-hit source-ma

#r

firewall interzone trust us2

detect ftpwall defend

detect mmsort range 1

detect mgcp

detect pptp

detec

detect ils

detect netbios

#

#s

firewall interzone dmz untrust

license-server domain

detect ftp

detect mms

#

detect mgcp enable

detect pptp

web-manager

detect sipable port 8

detect sqlnet

detect h323 user-manag

detect rtspication secu

detect qq888

detect msn

detect dns

#

detect ilsrver templa

detect netbios

#

firewall interzone us1 untrustlate

detect ftp

ldap-serv

detect mmsation base-

detect mgcpin,dc=com

detect pptp

detect sip

detect sqlneter group-filte

detect h323

detect rtsp-server auth

detect qqfilter (ob

detect dns

detect ils

detect netbios

ldap-server u

#r

firewall interzone us2 untrust

ldap-server server-typ

detect ftp

detect m

#5

firewall interzone us1 dmz

#

acl n

detect ftp

detect mmsermit udp s

detect mgcp 1701

detect pptp

detect sip 10 permit

detect sqlnet-port eq 1701

detect h323 detect rtsp

#

acl

detect qq1

detect dnse proposal

detect ils

encryp

detect netbiosdes-cbc

#

firewall interzone us2 dmzup2 group1

detect ftp-algorithm

detect mmshmac-sha1-9

detect mgcp

detect pptp

detect sip

#

detect sqlnet111583362

detect h323

excha

detect rtsp

detect qqe negotiat

detect dns

detect ils

pre-sha

detect netbios;hfv{*71&V3Zc:Q

#C

firewall interzone us2 us1

detect

detect ils

detect netbiosp encryption-al

#r

#h

l2tp-group 1

undo tunnel authenticationtemplate tpl2 1

allow l2tp virtual-template 0

security acl 3000

#

bgp 2

#ur

ipv4-family unicastnsparent undo synchronization

ike-peer ike20111583

#2

aaa

local-user user2 password cipher %$%$c'D=2Et9!4PN)9O{Ix*S,d[R%$%$tipoint

l2tp-user-access

local-user user2 service-type ppp

local-addres

local-user user2 level 0

local-user user3 password cipher %$%$`;WkNM${E;O=5--=%y)-;SJ%$%$

sa duration time-based 3600

#

ips

local-user user3 service-type pppkmp template tpl

local-user user3

local-user user5 password cipher %$%$mkyG076$a8C'6T6lJN)FG"vm%$%$

remote address pool

#

interfa

local-user user5 service-type ppp

ip address 10.

local-user user5 level 0

local-user user1 password cipher %$%$#P{Q0BpNp"yz9!2LK54Bag^U%$%$

ip address 218.56.104.*** 255.255.255.252

local-user user1 service-type pppy ipsec2011158331 auto-neg

local-user user1 level 0

nat enable

local-user huawei password cipher %$%$-a$}Vs@0k&S}SpNMuu/E6eS%$%$ULL0

#

firewall zone local

set pri

local-user huawei password valid-days 999 trust

set priority 85

local-user huawei serv ftp

de

authentication-scheme

detect sip

authentication-mode vpndb

detect sqlnet

#de authorization-scheme defaultqq

detect msn

authorization-scheme ect ils

detect

authorization-mode vpndbinterface GigabitEthernet0/

#

accounting-scheme default

#

firewall zone dm

#

domain defaultet priority 50

domain dot1x

detect ftp

domain rtsp

authentication-scheme mgcp

detect sip

detect mms

d

ip route-static 192.100.7.0 255.255.255.0 10.10.10.2 pptp

detect sqlnet

dete

#

banner enable

detect qq

#

v-gateway test 218.56.104.*** private

detect netbios

#

firewall zone

#a

user-interface con 0

set priorit

user-interface tty 2 3etect ftp

modem both

user-interface vty 0 4

detect mgcp

authentication-mode aaa

detect pptp

protocol inbound all

detect h32 #

ip address-set sslvpn type objectetect dns

detect ils

address 0 11.50.1.0 mask 24

#

firewall int

#z

sa l

#a

slbust

#

cwmp

#

detect h32

policy 1

detec

action permit

detect qq

policy source 1.5.1.0 mask 24 detect dns

detect

policy destination 1.5.2.0 mask 24

#

firewall interzone local

policy 0

action permittect ftp

policy source 1.4.1.0 mask 24ect mgcp

detect pp

policy destination 1.3.1.0 mask 24

detect sqlnet

detec

#h

nat-policy interzone trust untrust outboundtect qq

detect msn

network-extension enable

network-extension point-to-point enable

network-extension netpool 10.5.5.50 10.5.5.150 255.255.255.0

network-extension mode manual

network-extension manual-route 10.5.5.0 255.255.255.0

network-extension manual-route 124.0.0.0 255.0.0.0 network-extension manual-route 119.0.0.0 255.0.0.0

network-extension manual-route 183.0.0.0 255.0.0.0

network-extension manual-route 111.0.0.0 255.0.0.0

network-extension manual-route 1.0.0.0 255.0.0.0

network-extension manual-route 11.0.0.0 255.0.0.0

network-extension manual-route 12.0.0.0 255.0.0.0

network-extension manual-route 13.0.0.0 255.0.0.0

network-extension manual-route 14.0.0.0 255.0.0.0

network-extension manual-route 15.0.0.0 255.0.0.0

network-extension manual-route 16.0.0.0 255.0.0.0

network-extension manual-route 17.0.0.0 255.0.0.0

network-extension manual-route 18.0.0.0 255.0.0.0

network-extension manual-route 19.0.0.0 255.0.0.0

network-extension manual-route 20.0.0.0 255.0.0.0

security

policy-default-action permit user-src-ip

policy-default-action permit user-dst-ip

policy-default-action permit user-url

policy-default-action permit vt-src-ip

password-setting password-intension low 8 high 31 digits 1 letters 2 mix

password-setting safe-policy 1

password-setting lifetime 0 alarm 0

certification cert-anonymous cert-field user-filter subject cn

group-filter su

bject cn

certification cert-anonymous filter-policy permit-all

certification cert-challenge cert-field user-filter subject cn

certification user-cert-filter key-usage any

#****END****#

#

return