|
 | 作者: kitten2003 [kitten2003]
 论坛用户 |
登录 |
| 现有两个异地局域网(相距30公里左右),均通过电信接入10M光纤,如何设置和配置可以使两个局域网内之间可以互相访问(等同于一个局域网),可以象在一个局域网内那样文件共享等?需要哪些网络设备,怎样设置? |
| 地主 发表时间: 02/14 16:14 |
 | 回复: chiruwn [chiruwn]  论坛用户 |
登录 |
|
可以做个vpn(虚拟专有网络) |
| B1层 发表时间: 02/14 16:15 |
| 回复: kitten2003 [kitten2003] 论坛用户 |
登录 |
|
能不能详细介绍一些。 xueping_l@sohu.com |
| B2层 发表时间: 02/14 16:26 |
 | 回复: Achieve [achieve]  版主 |
登录 |
|
原创VPN作品: set auth-server "Local" id 0 set auth-server "Local" server-name "Local" set auth default auth server "Local" set clock "timezone" 0 set admin format dos set admin name "*******" set admin password nFTfEorTIfHAcfrJasVMfyMt71LhWn set admin user "guest" password "nIC2F0rmIg1BcEAA8sjEWIOt18NgRn" privilege "read-only" set admin auth timeout 10 set admin auth server "Local" set vrouter trust-vr sharable unset vrouter "trust-vr" auto-route-export set zone "Trust" vrouter "trust-vr" set zone "Untrust" vrouter "trust-vr" set zone "DMZ" vrouter "trust-vr" set zone "Trust" tcp-rst set zone "Untrust" block unset zone "Untrust" tcp-rst set zone "DMZ" tcp-rst set zone "MGT" block set zone "MGT" tcp-rst set zone Untrust screen tear-drop set zone Untrust screen syn-flood set zone Untrust screen ping-death set zone Untrust screen ip-filter-src set zone Untrust screen land set zone V1-Untrust screen tear-drop set zone V1-Untrust screen syn-flood set zone V1-Untrust screen ping-death set zone V1-Untrust screen ip-filter-src set zone V1-Untrust screen land set interface "ethernet1" zone "Trust" set interface "ethernet2" zone "DMZ" set interface "ethernet3" zone "Untrust" set interface "ethernet4" zone "Untrust" set interface "tunnel.1" zone "Untrust" set interface "tunnel.2" zone "Untrust" set interface "tunnel.3" zone "Untrust" set interface "tunnel.4" zone "Untrust" unset interface vlan1 ip set interface ethernet1 ip 192.168.10.1/24 set interface ethernet1 nat set interface ethernet3 ip 10.10.10.1/24 set interface ethernet3 route set interface ethernet4 ip 218.13.170.44/32 set interface ethernet4 route set interface tunnel.1 ip unnumbered interface ethernet4 set interface tunnel.2 ip unnumbered interface ethernet3 set interface tunnel.3 ip unnumbered interface ethernet3 set interface tunnel.4 ip unnumbered interface ethernet4 set interface ethernet4 gateway 218.13.168.1 unset interface vlan1 bypass-others-ipsec unset interface vlan1 bypass-non-ip set interface vlan1 ip manageable set interface ethernet1 ip manageable set interface ethernet2 ip manageable set interface ethernet3 ip manageable set interface ethernet4 ip manageable set interface ethernet3 manage ping set interface ethernet3 manage telnet set interface ethernet3 manage web set interface ethernet4 manage ping set interface ethernet4 manage telnet set interface ethernet4 manage web set flow all-tcp-mss 1304 set hostname ns25 set address "Untrust" "123.123.123.0/24" 123.123.123.0 255.255.255.0 set address "Untrust" "128.128.128.0/24" 128.128.128.0 255.255.255.0 set address "Untrust" "131.131.131.0/24" 131.131.131.0 255.255.255.0 set address "Untrust" "192.168.20.0/24" 192.168.20.0 255.255.255.0 set address "Untrust" "192.168.30.0/24" 192.168.30.0 255.255.255.0 set address "Untrust" "192.168.40.0/24" 192.168.40.0 255.255.255.0 set snmp name "ns25" set ike gateway "To_gaoyao" address 218.15.244.139 Aggr local-id "yyc@4vic.com" outgoing-interface "ethernet4" preshare "4vic4vic" sec-level compatible set ike gateway "2chang" address 10.10.10.2 Main outgoing-interface "ethernet3" preshare "123" sec-level compatible set ike gateway "fazhan_R910" address 61.142.204.9 Main local-id "9988" outgoing-interface "ethernet4" preshare "3207" sec-level compatible set ike policy-checking set ike respond-bad-spi 1 set vpn "To_gaoyao" id 1 gateway "To_gaoyao" replay tunnel idletime 0 sec-level compatible set vpn "To_gaoyao" id 2 bind interface tunnel.1 set vpn "to 2chang" id 3 gateway "2chang" replay tunnel idletime 0 sec-level compatible set vpn "to 2chang" id 4 bind interface tunnel.2 set vpn "to 1chang" id 5 manual 4000 4000 gateway 10.10.10.3 outgoing-interface "ethernet3" esp des password 3207 auth sha-1 password 3207 set vpn "to 1chang" id 0 bind interface tunnel.3 set vpn "to fazhan_R910" id 6 gateway "fazhan_R910" no-replay tunnel idletime 0 sec-level compatible set vpn "to fazhan_R910" id 7 bind interface tunnel.4 set ike id-mode subnet set ike gateway "To_gaoyao" heartbeat hello 5 set ike gateway "To_gaoyao" heartbeat reconnect 60 set ike gateway "2chang" heartbeat hello 5 set ike gateway "2chang" heartbeat reconnect 60 set xauth lifetime 480 set xauth default auth server Local set vpn "To_gaoyao" proxy-id local-ip 0.0.0.0/24 remote-ip 0.0.0.0/24 ANY set policy id 1 from "Trust" to "Untrust" "Any" "192.168.20.0/24" "ANY" Permit set policy id 0 from "Trust" to "Untrust" "Any" "131.131.131.0/24" "ANY" Permit log set policy id 6 from "Trust" to "Untrust" "Any" "192.168.30.0/24" "ANY" Permit set policy id 2 from "Untrust" to "Trust" "192.168.20.0/24" "Any" "ANY" Permit set policy id 8 from "Untrust" to "Trust" "131.131.131.0/24" "Any" "ANY" Permit set policy id 7 from "Untrust" to "Trust" "192.168.30.0/24" "Any" "ANY" Permit set policy id 3 from "Untrust" to "Untrust" "Any" "Any" "ANY" Permit set policy id 4 from "Trust" to "Untrust" "Any" "Any" "ANY" Permit set policy id 4 disable set policy id 5 from "Untrust" to "Trust" "Any" "Any" "ANY" Permit set policy id 5 disable set policy id 9 from "Trust" to "Untrust" "Any" "192.168.40.0/24" "ANY" Permit set policy id 10 from "Untrust" to "Trust" "192.168.40.0/24" "Any" "ANY" Permit set policy id 11 from "Trust" to "Untrust" "Any" "128.128.128.0/24" "ANY" Permit set policy id 12 from "Untrust" to "Trust" "128.128.128.0/24" "Any" "ANY" Permit set policy id 13 from "Trust" to "Untrust" "Any" "123.123.123.0/24" "ANY" Permit set policy id 14 from "Untrust" to "Trust" "123.123.123.0/24" "Any" "ANY" Permit unset global-pro policy-manager primary outgoing-interface unset global-pro policy-manager secondary outgoing-interface set pppoe username "nhnzgdx@163.gd" password "381350" set pppoe interface ethernet4 set pki authority default scep mode "auto" set pki x509 default cert-path "partial" set dns host dns1 202.96.128.68 set dns host dns2 202.96.128.143 set vrouter "untrust-vr" exit set vrouter "trust-vr" unset add-default-route set route 192.168.20.0/24 interface tunnel.1 set route 131.131.131.0/24 interface tunnel.2 set route 192.168.30.0/24 interface tunnel.3 set route 123.123.123.0/24 interface tunnel.2 set route 128.128.128.0/24 interface tunnel.2 set route 132.132.132.0/24 interface tunnel.2 set route 192.168.40.0/24 interface tunnel.4 exit [此贴被 Achieve(achieve) 在 02月14日18时37分 编辑过] |
| B3层 发表时间: 2003-02-14 18:02:36 |
 | 回复: quickly [quickly]  论坛用户 |
登录 |
|
请问一下什么是vpn啊 谢谢 |
| B4层 发表时间: 03/23 19:41 |
 | 回复: joyo [joyo] 论坛用户 |
登录 |
|
没有这么麻烦啦,楼上的打了这么一大堆,人家见了就害怕,吓唬人吗! win2000就带这个功能,配置很简单的,用win2000的帮助查一下“VPN”就可以了。 |
| B5层 发表时间: 03/23 22:30 |
| 回复: joyo [joyo] 论坛用户 |
登录 |
|
没有这么麻烦啦,楼上的打了这么一大堆,人家见了就害怕,吓唬人吗! win2000就带这个功能,配置很简单的,用win2000的帮助查一下“VPN”就可以了。 |
| B6层 发表时间: 03/23 22:30 |
| 回复: Achieve [achieve] 版主 |
登录 |
|
楼上的! 你有没有做过vpn,光听人家说自己不动手不行。 你知道什么叫lan-to-lan,什么叫dial-to-lan, 吓唬到你不要紧,重要的是你怎么不问问为什么打那么多,都是什么意思, 2000可以做多少事情? 给你说一下,是给你长见识,怎么能浅尝辄止呢? 对不起,不是批评你,算我自言自语! |
| B7层 发表时间: 03/25 11:59 |
|
20CN网络安全小组版权所有
Copyright © 2000-2010 20CN Security Group. All Rights Reserved.
论坛程序编写:NetDemon
粤ICP备05087286号
论坛: 系统集成
标题: 如何使两个异地局域网互联