Mam oto taką konfigurację (poniżej). Niestety w tym przypadku wiele stron mi nie działa odpowiednio: www.microsoft.com, www.mozilla.org czy AKTYWACJA OFFICE 365.
Czy może być to problem z , no właśnie z czym ?
Kod: Zaznacz cały
Entering configuration mode
Users currently editing the configuration:
root terminal p0 (pid 4900) on since 2014-04-24 16:51:45 EEST, idle 00:43:40
[edit]
[edit]
root@FW-BY#
[edit]
root@FW-aa# show
## Last changed: 2014-04-24 13:04:32 EEST
version 12.1X44.5;
system {
host-name FW-aa;
domain-name tt.local;
time-zone Europe/Minsk;
root-authentication {
encrypted-password "$1$y.kskXIkIoAWBmFf07n3gjMwayxW0"; ## SECRET-DATA
}
name-server {
208.67.222.222;
208.67.220.220;
}
login {
user monitor {
uid 2000;
class read-only;
authentication {
encrypted-password "$1$.6MhSugBkkxbv3yuNALhJZ2UcEPTOB0"; ## SECRET-DATA
}
}
}
services {
ssh;
telnet;
xnm-clear-text;
web-management {
http {
interface vlan.0;
}
https {
system-generated-certificate;
interface [ vlan.0 ge-0/0/0.0 ];
}
}
}
syslog {
archive size 100k files 3;
user * {
any emergency;
}
file messages {
any critical;
authorization info;
}
file interactive-commands {
interactive-commands error;
}
}
max-configurations-on-flash 5;
max-configuration-rollbacks 5;
license {
autoupdate {
url https://ae1.juniper.net/junos/key_retrieval;
}
}
}
interfaces {
ge-0/0/0 {
unit 0 {
family inet {
address 192.168.2.200/24;
}
}
}
ge-0/0/1 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
fe-0/0/2 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
fe-0/0/3 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
fe-0/0/4 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
fe-0/0/5 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
fe-0/0/6 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
fe-0/0/7 {
unit 0 {
encapsulation ppp-over-ether;
}
}
pp0 {
unit 0 {
ppp-options {
chap {
default-chap-secret "$9$Hk5z/CuRhyOkkdbYJZ.mfQ/A"; ## SECRET-DATA
local-name 412829;
passive;
}
}
pppoe-options {
underlying-interface fe-0/0/7.0;
idle-timeout 0;
auto-reconnect 3;
client;
}
family inet {
mtu 1492;
negotiate-address;
}
}
}
st0 {
unit 0 {
family inet;
}
unit 1 {
family inet;
}
unit 2 {
family inet;
}
unit 3 {
family inet;
}
unit 4 {
family inet;
}
unit 5 {
family inet;
}
unit 6 {
family inet;
}
}
vlan {
unit 0 {
family inet {
address 10.20.0.193/28;
}
}
}
}
routing-options {
static {
route 10.49.8.0/22 next-hop 10.20.0.194;
route 10.50.0.0/16 next-hop st0.0;
route 10.40.0.0/16 next-hop st0.1;
route 192.168.33.0/24 next-hop st0.2;
route 192.168.40.0/24 next-hop st0.3;
route 192.168.60.0/24 next-hop st0.4;
route 10.41.0.0/16 next-hop st0.5;
route 10.46.0.0/16 next-hop st0.6;
route 0.0.0.0/0 next-hop pp0.0;
}
}
protocols {
stp;
}
security {
ike
}
gateway gw_to_POL {
ike-policy ike_aa_to_POL;
address 81.210.12.77;
}
ipsec {
policy ipsec_to_POL {
proposal-set compatible;
vpn to_POL {
bind-interface st0.0;
ike {
gateway gw_to_POL;
proxy-identity {
local 10.49.8.0/22;
remote 10.50.0.0/16;
service any;
}
ipsec-policy ipsec_to_POL;
}
establish-tunnels immediately;
}
vpn to_POL2 {
bind-interface st0.1;
ike {
gateway gw_to_POL;
proxy-identity {
local 10.49.8.0/22;
remote 10.40.0.0/16;
service any;
}
ipsec-policy ipsec_to_POL;
}
establish-tunnels immediately;
}
vpn to_POL3 {
bind-interface st0.2;
ike {
gateway gw_to_POL;
proxy-identity {
local 10.49.8.0/22;
remote 192.168.33.0/24;
service any;
}
ipsec-policy ipsec_to_POL;
}
establish-tunnels immediately;
}
vpn to_POL4 {
bind-interface st0.3;
ike {
gateway gw_to_POL;
proxy-identity {
local 10.49.8.0/22;
remote 192.168.40.0/24;
service any;
}
ipsec-policy ipsec_to_POL;
}
establish-tunnels immediately;
}
vpn to_POL5 {
bind-interface st0.4;
ike {
gateway gw_to_POL;
proxy-identity {
local 10.49.8.0/22;
remote 192.168.60.0/24;
service any;
}
ipsec-policy ipsec_to_POL;
}
establish-tunnels immediately;
}
vpn to_POL6 {
bind-interface st0.5;
ike {
gateway gw_to_POL;
proxy-identity {
local 10.49.8.0/22;
remote 10.41.0.0/16;
service any;
}
ipsec-policy ipsec_to_POL;
}
establish-tunnels immediately;
}
}
screen {
ids-option untrust-screen {
icmp {
ping-death;
}
ip {
source-route-option;
tear-drop;
}
tcp {
syn-flood {
alarm-threshold 1024;
attack-threshold 200;
source-threshold 1024;
destination-threshold 2048;
timeout 20;
}
land;
}
}
}
nat {
source {
rule-set trust-to-untrust {
from zone trust;
to zone untrust;
rule siec_10_49_8_0 {
match {
source-address 10.49.8.0/24;
}
then {
source-nat {
interface;
}
}
}
rule siec_10_49_9_0 {
match {
source-address 10.49.9.0/24;
}
then {
source-nat {
interface;
}
}
}
rule siec_10_49_10_0 {
match {
source-address 10.49.10.0/24;
}
then {
source-nat {
interface;
}
}
}
rule siec_10_49_11_0 {
match {
source-address 10.49.11.0/24;
}
then {
source-nat {
interface;
}
}
}
rule siec_10_20_0_192 {
match {
source-address 10.20.0.192/28;
}
then {
source-nat {
interface;
}
}
}
}
}
}
policies {
from-zone trust to-zone untrust {
policy trust-to-untrust {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone trust to-zone trust {
policy trust-to-trust {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
}
zones {
security-zone trust {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
vlan.0;
st0.0;
st0.1;
st0.2;
st0.3;
st0.4;
st0.5;
st0.6;
}
}
security-zone untrust {
screen untrust-screen;
host-inbound-traffic {
system-services {
ike;
ssh;
ping;
https;
}
}
interfaces {
ge-0/0/0.0;
pp0.0;
}
}
}
}
vlans {
vlan-trust {
vlan-id 3;
l3-interface vlan.0;
}
}
[edit]