Professional Documents
Culture Documents
Hub 1
Hub 1
INTERFACE
======================
config system interface
edit "port1"
set mode static
set ip 192.168.1.100/24
set allowaccess ping https http ssh ftm
set alias "WAN1"
set role wan
next
edit "port3"
set mode static
set ip 10.1.0.1/24
set allowaccess ping
set alias lan
set role lan
next
end
======================
STATIC
======================
config router static
edit 1
set dst 0.0.0.0 0.0.0.0
set gateway 192.168.1.1
set device port1
next
end
======================
PHASE-1
======================
config vpn ipsec phase1-interface
edit "H1-to-S1"
set type dynamic
set interface "port1"
set proposal des-md5
set peertype any
set net-device disable
set add-route disable
set psksecret sample
set auto-discovery-sender enable
set dpd-retryinterval 5
set dpd on-idle
end
======================
VPN INTERFACE
======================
config system interface
edit "H1-to-S1"
set vdom root
set ip 172.16.1.1 255.255.255.255
set remote-ip 172.16.1.254/24
set interface port1
set type tunnel
next
end
======================
PHASE-2
======================
config vpn ipsec phase2-interface
edit "H1-to-S1"
set phase1name "H1-to-S1"
set proposal des-md5
set keepalive enable
next
end
======================
ROUTE MAP
======================
====================
BGP
====================
======================
STATIC
======================
config router static
edit 3
set dst 10.1.1.0 0.0.0.0
set device "H1-to-S1"
next
edit 4
set dst 10.1.1.0 255.255.255.0
set distance 254
set blackhole enable
next
end
======================
FIREWALL ADDRESS
======================
======================
FIREWALL POLICY
======================