第一次配置juiper.docVIP

第一次配置juniper-SSG140 (2010-04-27 10:10:43) 标签： juniper it 简述环境： 1.双ISP，两个服务器6.6和6.8对外开放17991端口 2.trust-vr和untrust-vr同在，zone untrust被修改到untrust-vr中 3.6.6 VIP 180的地址，6.8 MIP 221的地址，应用源路由 其实东西也不多，不过没配过的我开始真不知道如何配置juniper的地址转换 set clock ntpset clock timezone 8set clock dst recurring start-weekday 2 0 3 02:00 end-weekday 1 0 11 02:00set vrouter trust-vr sharableset vrouter untrust-vrexitset vrouter trust-vrunset auto-route-exportexit ------------------------------------------------------------------------------ 若防火墙里没有你所用的服务就自己加吧-------------------------------------------------------------------------------------------------set service 17991 protocol tcp src-port 0-65535 dst-port 17991-17991set service 3389 protocol tcp src-port 0-65535 dst-port 3389-3389set alg appleichat enableunset alg appleichat re-assembly enableset alg sctp enableset auth-server Local id 0set auth-server Local server-name Localset auth default auth server Localset auth radius accounting port 1646set admin name netscreenset admin password nJqNNxrLGyrLc0lEtsCBqfDtDMA/Pnset admin user hongyuan password nNnfG0rrJIWDcc8EysvMuSCt+LBiDn privilege all ----------------------------------------------------------------------------------------- 如果要添加管理ip，别忘了添加内部网段地址，第一次我只加了远端的公网地址，导致内部要配置却进不去，只能console了。--------------------------------------------------------------------------------------------------set admin manager-ip 192.168.6.0 255.255.255.0set admin manager-ip 114.255.150.140 255.255.255.255set admin manager-ip 219.141.171.130 255.255.255.255set admin auth web timeout 10set admin auth server Localset admin format dosset zone Trust vrouter trust-vr ------------------------------------------------------------------------------------------------- Untrust默认是在 trust-vr里的，我给改了--------------------------------------------------------------------------------------------------set zone Untrust vrouter untrust-vrset zone DMZ vrouter trust-vrset zone VLAN vrouter trust-vrset