配置SRX Dyamic VPN(version 2) 下载本文

route 220.249.253.0/24 next-hop 220.249.253.129; route 211.139.188.0/24 next-hop 220.249.253.129; route 124.160.0.0/24 next-hop 220.249.253.129; route 222.248.234.0/24 next-hop 220.249.253.129; } }

security { ike {

traceoptions {

file IKE size 4m; flag all; flag ike; }

proposal phase1-proposal {

authentication-method pre-shared-keys; dh-group group2;

authentication-algorithm md5; encryption-algorithm des-cbc; lifetime-seconds 86400; }

proposal cnc-ike-proposal {

authentication-method pre-shared-keys; dh-group group2;

authentication-algorithm md5; encryption-algorithm des-cbc; lifetime-seconds 86400; }

policy ike-policy {

mode aggressive;

proposals phase1-proposal;

pre-shared-key ascii-text \SECRET-DATA }

policy cnc-ike-policy { mode aggressive;

proposals cnc-ike-proposal; pre-shared-key ascii-text \SECRET-DATA }

gateway ike-gateway1 { ike-policy ike-policy;

dynamic hostname vpntest12; external-interface ge-0/0/0.0; xauth access-profile ACS_Radius;

## ## }

gateway vpn-test1-gw {

ike-policy cnc-ike-policy;

dynamic hostname vpntest11; external-interface ge-0/0/1.0; xauth access-profile ACS_Radius; }

gateway ike-vpntest5 { ike-policy ike-policy;

dynamic hostname vpntest5; external-interface ge-0/0/0.0; xauth access-profile ACS_Radius; }

gateway ike-vpntest4 { ike-policy ike-policy;

dynamic hostname vpntest4; external-interface ge-0/0/0.0; xauth access-profile ACS_Radius; }

gateway ike-vpntest3 { ike-policy ike-policy;

dynamic hostname vpntest3; external-interface ge-0/0/0.0; xauth access-profile ACS_Radius; }

gateway ike-vpntest2 { ike-policy ike-policy;

dynamic hostname vpntest2; external-interface ge-0/0/0.0; xauth access-profile ACS_Radius; }

gateway ike-vpntest1 { ike-policy ike-policy;

dynamic hostname vpntest1; external-interface ge-0/0/0.0; xauth access-profile ACS_Radius; }

gateway ike-s_huatai01 { ike-policy ike-policy;

dynamic hostname s_huatai01; external-interface ge-0/0/0.0; xauth access-profile ACS_Radius; }

gateway ike-s_dongfang01 {

ike-policy ike-policy;

dynamic hostname s_dongfang01; external-interface ge-0/0/0.0; xauth access-profile ACS_Radius; }

gateway ike-s_xiangcai01 { ike-policy ike-policy;

dynamic hostname s_xiangcai01; external-interface ge-0/0/0.0; xauth access-profile ACS_Radius; }

gateway ike-s_shenywg01 { ike-policy ike-policy;

dynamic hostname s_shenywg01; external-interface ge-0/0/0.0; xauth access-profile ACS_Radius; }

gateway ike-s_aijian01 { ike-policy ike-policy;

dynamic hostname s_aijian01; external-interface ge-0/0/0.0; xauth access-profile ACS_Radius; }

gateway ike-s_dongwu01 { ike-policy ike-policy;

dynamic hostname s_dongwu01; external-interface ge-0/0/0.0; xauth access-profile ACS_Radius; }

gateway ike-s_caitong01 { ike-policy ike-policy;

dynamic hostname s_caitong01; external-interface ge-0/0/0.0; xauth access-profile ACS_Radius; }

gateway ike-s_zhongxjt01 { ike-policy ike-policy;

dynamic hostname s_zhongxjt01; external-interface ge-0/0/0.0; xauth access-profile ACS_Radius; }

gateway ike-s_zheshang01 { ike-policy ike-policy;

dynamic hostname s_zheshang01;

external-interface ge-0/0/0.0; xauth access-profile ACS_Radius; }

gateway ike-s_hongyuan01 { ike-policy ike-policy;

dynamic hostname s_hongyuan01; external-interface ge-0/0/0.0; xauth access-profile ACS_Radius; }

gateway ike-f_yimin01 { ike-policy ike-policy;

dynamic hostname f_yimin01; external-interface ge-0/0/0.0; xauth access-profile ACS_Radius; }

gateway ike-f_changxin01 { ike-policy ike-policy;

dynamic hostname f_changxin01; external-interface ge-0/0/0.0; xauth access-profile ACS_Radius; } }

ipsec {

proposal phase2-proposal { protocol esp;

authentication-algorithm hmac-sha1-96; encryption-algorithm 3des-cbc; }

proposal cnc-ipsec-proposal { protocol esp;

authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; }

policy ipsec-policy {

perfect-forward-secrecy { keys group2; }

proposals phase2-proposal; }

policy cnc-ipsec-policy {

perfect-forward-secrecy { keys group2; }

proposals cnc-ipsec-proposal;