juniper SRX Remoat ***配置

 

Dynamic ×××  //最新遠程×××解決方案，默認2個受權！ xp-------srx-----inside1 set system services web-management https system-generated-certificate set security zones security-zone Outside interface fe-0/0/0.0 host-inbound-traffic ssh set security zones security-zone Outside interface fe-0/0/0.0 host-inbound-traffic ike set security zones security-zone Outside interface fe-0/0/0.0 host-inbound-traffic ping set security zones security-zone Outside interface fe-0/0/0.0 host-inbound-traffic https edit access address-assignment pool dyn-***-address-pool edit family inet set network 123.1.1.0/24 edit range d***-range set low 123.1.1.100 set high 123.1.1.200 set xauth-attributes primary-dns 8.8.8.8/32   配置Access Profile edit profile dyn-***-access-profile set client remoteuser firewall-user password cisco set address-assignment pool dyn-***-address-pool set firewall-authentication web-authentication default-profile dyn-***-access-profile   配置第一階段策略： edit security ike policy ike-dyn-***-policy set mode aggressive set proposal-set standard  //調用系統標準的proposal set pre-shared-key ascii-text cisco edit gaeway dyn-***-local-gw set ike-policy ike-dyn-***-policy edit dynamic set hostname dy*** set connection-limit 10 set ike-user-type group-ike-id    //全部的用戶都用相同的用戶ID！ up up set external-interface fe-0/0/0.0 set xauth access-profile dyn-***-access-profile   配置第二階段策略： edit ipsec policy ipsec-dyn-***-policy set proposal-set standard  up edit *** dyn-*** ike set gatway dyn-***-local-gw set ipsec psec-dyn-***-policy   配置Dynamic ×××策略！ edit dynamic-*** set access-profile dyn-***-access-profile edit clients all set remote-protected-resources 10/8  //相似隧道分割10.0.0.0/8 set remote-exceptions 0/0 set ipsec-*** dyn-***  //把×××關聯 set user remoteuser   //把相應的用戶關聯！   配置Security Policy  //放行×××流量 edit security policies from-zone Outside to-zone Inside1 policy dyv-***-policy set match source-address any set match destination-address any set match application any set then permit tunnel ipsec-*** dyn-*** commit  //提交！！！ ---------------------------------------------- show security ike security-associations show security ike active-peer show security ipsec security-associations show security dynamic-*** users