4966| 63
|
H3C安全认证技术文档 H3CSE-Security安全认证培训实验指导(FW-VPN+V1.00) |
H3C安全认证技术文档 H3CSE-Security安全认证培训实验指导(FW-VPN+V1.00) 文档节选: 目 录 1 《部署安全防火墙系统》实验指导..............................................................................4 1.1 防火墙运行模式、ACL、ZONE实验指导........................................................................4 1.2 SecPath防火墙NAT/NAT server实验指导.......................................................................4 1.3 SecPath防火墙ASPF实验指导........................................................................................7 1.4 SecPath防火墙动态黑名单实验指导...............................................................................7 1.5 SecPath防火墙邮件主题过滤实验指导..........................................................................11 1.6 SecPath防火墙邮件收件人过滤实验指导......................................................................15 1.7 SecPath防火墙网页地址过滤实验指导..........................................................................19 1.8 SecPath防火墙网页内容过滤实验指导..........................................................................24 2 《构建安全VPN网络》实验指导.................................................................................29 2.1 H3C iNode 客户端L2TP VPN实验指导.........................................................................29 2.2 H3C SecPath GRE VPN实验指导.................................................................................34 2.3 H3C SecPath IPSecVPN主模式实验指导.....................................................................40 2.4 H3C SecPath IPSec VPN野蛮模式NAT穿越实验指导..................................................40 2.5 H3C iNode客户端L2TP over IPSec VPN实验指导........................................................40 2.6 H3C SecPath DVPN实验指导.......................................................................................47 2.7 H3C SecPath OSPF over GRE over IPSec实验指导....................................................47 1 《部署安全防火墙系统》实验指导 1.1 防火墙运行模式、ACL、ZONE实验指导 请参考:课本P335 13.3.1~13.3.5 1.2 SecPath防火墙NAT/NAT server实验指导 1、组网需求: 服务器放在DMZ区域,普通用户在trust区域。服务器提供FTP服务,普通用户能上公网。服务器要提供服务,在外网口作NAT SERVER;普通用户要上网,在外网口作NAT。 2、组网图:(以SecPathF100-A为例): Untrust trust DMZ Eth0/0:192.0.3.1/24 Eth1/1:202.0.0.1/24 Eth1/0:192.0.1.1/2 3、典型配置(以SecPathF100-A为例): [H3C]dis cu # sysname H3C # FTP server enable # dvpn service enable #firewall packet-filter enable firewall packet-filter default permit //包过滤缺省规则设置为permit # firewall statistic system enable # radius scheme system # domain system # interface Aux0 async mode flow # interface Ethernet0/0 //trust区域内网口 ip address 192.0.3.1 255.255.255.0 # interface Ethernet1/0 //DMZ区域服务区网口 ip address 192.0.1.1 255.255.255.0 # interface Ethernet1/1 //外网口 ip address 202.0.0.1 255.255.255.0 nat outbound 2000 //NAT转换,trust区域能访问internet nat server protocol tcp global 202.0.0.100 ftp inside 192.0.1.100 ftp # //NATServer将DMZ区域服务器映射为公网地址供外网访问 interface Ethernet1/2 # interface NULL0 # acl number 2000
购买主题
已有 1 人购买
本主题需向作者支付 6 金币 才能浏览
| |
发表于 2014-3-19 20:57:41
|
显示全部楼层
| ||
发表于 2014-3-27 04:45:26
|
显示全部楼层
| ||
发表于 2014-4-3 12:47:22
|
显示全部楼层
| ||
发表于 2014-4-7 06:31:22
|
显示全部楼层
| ||
发表于 2014-4-8 12:49:33
|
显示全部楼层
| ||
发表于 2015-1-5 12:43:48
|
显示全部楼层
| ||
发表于 2015-1-18 20:09:31
|
显示全部楼层
| ||
发表于 2015-1-26 11:25:18
|
显示全部楼层
| ||