[Quidway]discu
#
sysnameQuidway
#
l2tpenable
#
local-useradminpasswordsimpleadmin
local-useradminservice-typetelnet
local-useradminlevel3
local-uservpdnuserpasswordsimpleuser
local-uservpdnuserservice-typeppp
local-uservpdnuser1passwordsimpleuser1
local-uservpdnuser1service-typeppp
local-uservpdnuser2passwordsimpleuser2
local-uservpdnuser2service-typeppp
local-uservpdnuser3passwordsimpleuser3
local-uservpdnuser3service-typeppp
local-uservpdnuser4passwordsimpleuser4
local-uservpdnuser4service-typeppp
local-uservpdnuser5passwordsimpleuser5
local-uservpdnuser5service-typeppp
local-uservpdnuser6passwordsimpleuser6
local-uservpdnuser6service-typeppp
local-uservpdnuser7passwordsimpleuser7
local-uservpdnuser7service-typeppp
local-uservpdnuser8passwordsimpleuser8
local-uservpdnuser8service-typeppp
local-uservpdnuser9passwordsimpleuser9
local-uservpdnuser9service-typeppp
local-uservpdnuser10passwordsimpleuser10
local-uservpdnuser10service-typeppp
local-userquidwaypasswordsimpleguofeng
local-userquidwayservice-typeterminaltelnet
local-userquidwaylevel3
#
ippool1192.168.1.2192.168.1.100
#
aaaenable
#
iphost61.172.201.239
#
firewallenable
#
ispdomainsina.com.cn
dnsprimary202.102.192.68
dnssecondary202.102.199.68
#
interfaceVirtual-Template1
pppauthentication-modepap
ipaddress192.168.1.1255.255.255.0
remoteaddresspool1
#
interfaceAux0
asyncmodeflow
link-protocolppp
#
interfaceEthernet0/0
ipaddress218.22.38.xx255.255.255.0
firewallpacket-filter3001inbound
firewallpacket-filter3001outbound
natoutbound2001
natserverprotocoltcpglobal218.22.38.210wwwinside192.168.0.59www
#
interfaceEthernet0/1
ipaddress192.168.0.2255.255.255.0
#
interfaceNULL0
#
aclnumber2001
rule0permitsource192.168.0.00.0.0.255
#
aclnumber3001
rule0denytcpdestination-porteq135
rule1denytcpdestination-porteq139
rule2denytcpdestination-porteq4444
rule3denytcpdestination-porteq5554
rule4denyudpdestination-porteqtftp
rule6denytcpsource-porteq5554destination-porteq9995
rule7denytcpsource-porteq5554destination-porteq9996
rule9denytcpdestination-porteq136
rule10denytcpdestination-porteq138
rule13denyudpdestination-porteq135
rule14denyudpdestination-porteq136
rule15denyudpdestination-porteq389
rule16denyudpdestination-porteq445
rule17denytcpdestination-porteq4899
rule18denytcpdestination-porteqsunrpc
rule19denytcpdestination-porteq6588
rule20denytcpdestination-porteq1978
rule21denytcpdestination-porteq593
rule22denytcpdestination-porteq3389
rule23denytcpdestination-porteq137
rule24denyudpdestination-porteqsnmp
rule26denytcpdestination-porteq445
rule27denytcpdestination-porteq2745
rule28denytcpdestination-porteq1080
rule29denytcpdestination-porteq6129
rule30denytcpdestination-porteq3127
rule31denytcpdestination-porteq3128
rule32denyudpdestination-porteqnetbios-dgm
rule33denyudpdestination-porteqnetbios-ns
rule34denytcpdestination-porteq5800
rule35denytcpdestination-porteq6667
rule36denytcpdestination-porteq1025
rule38denytcpdestination-porteq1068
rule39denytcpdestination-porteq9995
rule40denyudpdestination-porteqnetbios-ssn
rule41denytcpdestination-porteq539
rule42denyudpdestination-porteq539
rule43denyudpdestination-porteq1434
rule44denyudpdestination-porteq593
#
l2tp-group1
undotunnelauthentication
mandatory-lcp
allowl2tpvirtual-template1
#
iproute-static0.0.0.00.0.0.0218.22.38.209preference60
#
snmp-agent
snmp-agentlocal-engineid000007DB7F000001000075A7
snmp-agentsys-infoversionv3
#
user-interfacecon0
authentication-modelocal
user-interfaceaux0
user-interfacevty04
authentication-modelocal
#
return
WINDOWS客户端需要配置禁用IPSEC加密:
修改注册表:HKEY_LOCAL_MACHINE“SYSTEM“CurrentControlSet“Services“RasMan“Parameters
下修改ProhibitIPSec,值为,1.
如果没有此键,请自行创建
【编辑推荐】
