Some things are not often forgotten. Remember to take a look at them when you are free and make progress together.
H3C Configuration
IP address and MAC address of the bound Interface
[H3C-GigabitEthernet1/0/7] user-bind IP-address 172.162.20 Mac-address 001a-a0fc-72a2
Syslog output to the specified server (note that the switch time must be set to synchronize with the log server time)
[H3C] Info-center enable
[H3C] Info-center loghost 172.162.68 channel loghost
[H3C] Info-center source default channel loghost debug state off log state off Trap State off
[H3C] Info-center loghost 172.162.68 facility local7
[H3C] Info-center source default channel loghost Log Level informational
Vronat NAT configuration instances
Nat address-group 1 61.155.59.115 61.155.59.119 // define the address pool
ACL number 3000 // define the access control list
Rule 1 permit IP
Interface ethernet0/0 // Internet
IP address 61.155.59.114 255.255.255.240
Nat outbound 3000 address-group 1 // set it to an external Nat interface and Access Control
Nat server protocol TCP global 61.155.59.116 WWW inside 172.17.50.116 WWW
Interface ethernet0/1 // Intranet
IP address 172.16.50.254 255.255.255.0
Configuration of ruijie Router
Access-List 1 permit any
Interface fastethernet 1/0
IP address 222.189.206.70 255.255.255.248
Ip nat outside //
No shut
Exit
!
Interface fastethernet 1/1
IP address 172.16.0.254 255.255.255.0
Ip nat inside //
No shut
Exit
!
Ip nat inside source list 1 interface fastethernet 1/0 overload // Nat Translation
Wangyu firewall configuration focus
1. In routing mode, in addition to adding static routes, add security rulesNatPermitted rules
2. Add a package to the security rule in the bridge mode.FilteringXu's rules
3. Key Points of VPN configuration
1) First add the endpoint and then add a tunnel. Select the IKE component in the endpoint3des-md5-dh5.
TunnelIPSecAlgorithmComponent selection aes128-md5
For example
then, you must add the rules to allow Ike rules, you also need to specify a packet filtering routing rule so that the packet to be routed to the VPN goes through the VPN tunnel
these are the key points of the VPN.
4. IP ing and port ing considerations
1) the source address is generally any
2) the public address is a public IP address
3) generally, no conversion is performed.
4) The Public IP address is mapped to the IP address mapped to the Intranet. For example,
5) in the security rules, you must move the IP ing and port ing rule to the top rule.
The following is a move operation. Select one and move it.