- 论坛徽章:
- 0
|
这是我netscreen208的配置,现在ping 134.134.33.58ping不通了,本来是可以的突然不行了,检查半天也不知道是什么原因,麻烦各位帮忙看看
ns208-> get config
Total Config size 2280:
set clock timezone 0
set vrouter trust-vr sharable
unset vrouter "trust-vr" auto-route-export
set auth-server "Local" id 0
set auth-server "Local" server-name "Local"
set auth default auth server "Local"
set admin name "netscreen"
set admin password "nKVUM2rwMUzPcrkG5sWIHdCtqkAibn"
set admin auth timeout 10
set admin auth server "Local"
set admin format dos
set zone "Trust" vrouter "trust-vr"
set zone "Untrust" vrouter "trust-vr"
set zone "DMZ" vrouter "trust-vr"
set zone "VLAN" vrouter "trust-vr"
set zone "Trust" tcp-rst
set zone "Untrust" block
unset zone "Untrust" tcp-rst
set zone "MGT" block
set zone "DMZ" tcp-rst
set zone "VLAN" block
--- more ---
set zone "VLAN" tcp-rst
set zone "Untrust" screen tear-drop
set zone "Untrust" screen syn-flood
set zone "Untrust" screen ping-death
set zone "Untrust" screen ip-filter-src
set zone "Untrust" screen land
set zone "V1-Untrust" screen tear-drop
set zone "V1-Untrust" screen syn-flood
set zone "V1-Untrust" screen ping-death
set zone "V1-Untrust" screen ip-filter-src
set zone "V1-Untrust" screen land
set interface "ethernet1" zone "Trust"
set interface "ethernet2" zone "DMZ"
set interface "ethernet3" zone "Untrust"
unset interface vlan1 ip
set interface ethernet1 ip 10.1.1.208/24
set interface ethernet1 nat
set interface ethernet3 ip 134.134.33.57/26
set interface ethernet3 route
unset interface vlan1 bypass-others-ipsec
unset interface vlan1 bypass-non-ip
set interface ethernet1 ip manageable
--- more ---
set interface ethernet3 ip manageable
set interface ethernet3 manage telnet
set interface "ethernet3" mip 134.134.33.58 host 10.1.1.52 netmask 255.255.255.255 vrouter "trust-vr"
set hostname ns208
set ike respond-bad-spi 1
set policy id 1 name "NAT-src" from "Trust" to "Untrust" "Any" "Any" "ANY" nat src permit
set policy id 2 name "97-to-app2" from "Untrust" to "Trust" "Any" "Any" "ANY" permit
set pki authority default scep mode "auto"
set pki x509 default cert-path partial
set ssh version v2
set config lock timeout 5
set snmp port listen 161
set snmp port trap 162
set vrouter "untrust-vr"
set route 0.0.0.0/0 interface ethernet3 gateway 134.134.33.1
exit
set vrouter "trust-vr"
unset add-default-route
set route 0.0.0.0/0 vrouter "untrust-vr"
exit |
|