
<Donzhi_VPN>dis cu
[V200R007C00SPC900]
#
 sysname Donzhi_VPN
#
 drop illegal-mac alarm
#
 l2tp enable
#
ipv6
#
dns resolve
dns server 202.96.128.166
dns server 202.96.134.133
dns proxy enable
#
vlan batch 61 200
#
ipsec remote traffic-identical accept
#
 lldp enable
#
dhcp enable
#
bfd
#
pki realm default
 enrollment self-signed
#
ssl policy default_policy type server
 pki-realm default
#
acl number 2008
 rule 5 permit
acl name virtual-template1 2999
 rule 5 permit
#
acl number 3000
 rule 5 permit ip source 172.18.16.0 0.0.0.255 destination 192.168.100.0 0.0.0.255
acl number 3001
 rule 5 permit ip source 192.168.0.0 0.0.255.255 destination 172.16.35.0 0.0.0.255
 rule 10 permit ip source 192.168.0.0 0.0.255.255 destination 172.16.30.0 0.0.0.255
 rule 15 permit ip source 192.168.0.0 0.0.255.255 destination 172.16.40.0 0.0.0.255
acl name c_GigabitEthernet0/0/8_1 3999
 rule 5 permit ip source 0.0.0.0 255.255.255.0 destination 0.0.0.0 255.255.255.0
#
ipsec proposal rtb
 esp authentication-algorithm sha2-256
 esp encryption-algorithm aes-256
ipsec proposal prop1
 esp authentication-algorithm sha2-256
 esp encryption-algorithm aes-128
ipsec proposal testjb
 esp authentication-algorithm sha2-256
 esp encryption-algorithm aes-256
#
ike proposal 1
 encryption-algorithm aes-cbc-256
 dh group2
 authentication-algorithm sha2-256
 prf hmac-sha2-256
#
ike proposal 5
 encryption-algorithm aes-cbc-256
 dh group14
 authentication-algorithm sha2-256
 prf hmac-sha2-256
#
ike peer testjb v1
 pre-shared-key cipher %^%##`D;E|*DMCF}.;@a,V59\K2t(`0idBdLVD<))l&1%^%#
 ike-proposal 1
ike peer qunda v1
 pre-shared-key cipher %^%#YC(i4./&5%[HD0MZzbLV&8bp>ox0zQx-wg12A;ST%^%#
 ike-proposal 5
ike peer rut1 v2
 pre-shared-key cipher %^%#0F:F1o7IKG$.@Y7bpnp"G&D7+0@OQ0yI5]~~}3g%%^%#
 ike-proposal 5
#
ipsec policy-template qunda1 2
 ike-peer qunda
 proposal rtb
 route inject dynamic
ipsec policy-template temp 1
 ike-peer rut1
 proposal prop1
ipsec policy-template testjb_PT 1
 ike-peer testjb
 proposal testjb
 sa duration traffic-based 10240
 sa duration time-based 120
 route inject dynamic
#
ipsec policy qunda 2 isakmp template qunda1
ipsec policy testjb 1 isakmp template testjb_PT
#
ip pool l2tpLns1
 gateway-list 18.18.18.1
 network 18.18.18.0 mask 255.255.255.0
#
ip pool l2tpLns2
 gateway-list 29.29.29.1
 network 29.29.29.0 mask 255.255.255.240
#
aaa
 authentication-scheme default
 authentication-scheme lmt
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 domain aaa.com
 undo local-user admin
 local-user hulei password cipher %^%#)9p8NhfoHI_M*](ermlYA*=CR02-y52JD-/Z;M8%%^%#
 local-user hulei privilege level 0
 local-user hulei service-type ppp
 local-user chenlu password cipher %^%#`MLn;;Y18(1[{iUn~JaAg*BC,]\V~1TM}~Mv5EZ!%^%#
 local-user chenlu privilege level 0
 local-user chenlu service-type ppp
 local-user liuxin password cipher %^%#L".u%r|+d,g;+86q6QH(UfV:Sx;I>,@PK@9;}TdJ%^%#
 local-user liuxin privilege level 0
 local-user liuxin service-type ppp
 local-user zhaoke password cipher %^%#q];AOqTJD<zky#ZNAK!/g!W\QpP1["0]`$Ny^MV"%^%#
 local-user zhaoke privilege level 0
 local-user zhaoke service-type ppp
 local-user admin01 password irreversible-cipher %^%#t91!-A:0y,9&,L9nq)1)acv|TH$eD*0>MMEdPf`4Yv\$Z.gblL,Kn`Tf~I]X%^%# idle-timeout 0 0
 local-user admin01 privilege level 15
 local-user admin01 service-type telnet terminal ssh ftp x25-pad http
 local-user dzadmin password irreversible-cipher %^%#6%)XDs`}5HyHLC9vm+42#ue*AWL5cKStIe6\P])R@eE*22a6n&iIYI*nvT)I%^%#
 local-user dzadmin privilege level 15
 local-user dzadmin service-type telnet terminal ssh ftp x25-pad http
 local-user f4admin password cipher %^%#{(yJ+(Mb:Ly]xb;v!l=DZzqZ5A>!57k{S,$"aB@'%^%#
 local-user f4admin privilege level 0
 local-user f4admin service-type ppp web bind 8021x sslvpn
 local-user nanshan password cipher %^%#]5xaAxXTy29veK=HG9KA_Q;)NI$!)0pL,m;}TUX"%^%#
 local-user nanshan privilege level 0
 local-user nanshan service-type ppp web bind 8021x sslvpn
 local-user sichang password cipher %^%#K]<,9D7rDY45@eFecMH<O5%'N({y_:{u)`%vd[mI%^%#
 local-user sichang privilege level 0
 local-user sichang service-type ppp sslvpn
 local-user yangfen password cipher %^%#@l.nKjzguVxjrRM-hC"&^U(MYt}Ha-YSV'&kOM+E%^%#
 local-user yangfen privilege level 0
 local-user yangfen service-type ppp
 local-user yangjie password cipher %^%#^vC#AAEfY)18'R;(,Vm/yDta.b9eJ*&3e^!<3j1:%^%#
 local-user yangjie privilege level 0
 local-user yangjie service-type ppp
 local-user yongyou password cipher %^%#UR,l$GASbKZo*IWAUc5GIAu@:*GODS~!a#Hf!D,S%^%#
 local-user yongyou privilege level 0
 local-user yongyou service-type ppp
 local-user lijiping password cipher %^%#%2,PP`+,bJ2^4*6`d=L9d;aD9+Pic/:R+|:z1Jk=%^%#
 local-user lijiping privilege level 0
 local-user lijiping service-type ppp
 local-user weilimin password cipher %^%#(:bqR.Uw}Dhdh-F$,Y{0^JvPY@b^U.i[$(X93v7U%^%#
 local-user weilimin privilege level 0
 local-user weilimin service-type ppp
 local-user liulidong password cipher %^%#2r^PWofI>GnG6dA:8eg0;6s~E[+3!GiJ*7A|ZI^=%^%#
 local-user liulidong privilege level 0
 local-user liulidong service-type ppp
 local-user yanxiaolu password cipher %^%#""Mx:^YnvT6PvG9U-=aHj~tW"BY`rVA/E+ICB'oH%^%#
 local-user yanxiaolu privilege level 0
 local-user yanxiaolu service-type ppp
 local-user huanglijun password cipher %^%#(q%G9Xuf_AsX2OQ^\=40e:[[S4<YWA\'G1H6XZ=0%^%#
 local-user huanglijun privilege level 0
 local-user huanglijun service-type ppp
 local-user maxiaoting password cipher %^%#.DYwK!#0_,ITT`!ealECu8H>/tz04<b\o~<]-,f>%^%#
 local-user maxiaoting privilege level 0
 local-user maxiaoting service-type ppp
 local-user chenxiaojun password cipher %^%#]v3h(_E`+G./#+ZzdrFGlI3\NKn&rAi(p[P:I4@S%^%#
 local-user chenxiaojun privilege level 0
 local-user chenxiaojun service-type ppp
 local-user duanchisong password cipher %^%#ELf{@f<H-<Lve`W6wfY6QCc9LxVbG6CsJ;;OoK]%%^%#
 local-user duanchisong privilege level 0
 local-user duanchisong service-type ppp
 local-user jiangyudong password cipher %^%#D^.9'}![VWY-d"AL-*L%n2,#,Q<p\MiMlMPD6n7A%^%#
 local-user jiangyudong privilege level 0
 local-user jiangyudong service-type ppp
 local-user wangxiaojie password cipher %^%#Rm}`RNQ@+*gF(4C.D\C0-j+5:={5A!p6=.Q;AY]L%^%#
 local-user wangxiaojie privilege level 0
 local-user wangxiaojie service-type ppp
 local-user liugengsheng password cipher %^%#E`/8P${U(=WB~RY.q:oMf!r&A.H-o&c4J>H[N.A0%^%#
 local-user liugengsheng privilege level 0
 local-user liugengsheng service-type ppp
 local-user zhoutianxing password cipher %^%#4|U7>]zsXWgL;00Y0A}4`<({Kzd9+,|_dyVo^kHI%^%#
 local-user zhoutianxing privilege level 0
 local-user zhoutianxing service-type ppp
#
firewall zone Local
 priority 16
#
 nat alg dns enable
 nat alg ftp enable
 nat alg rtsp enable
 nat alg sip enable
 nat alg pptp enable
#
interface Dialer1
 link-protocol ppp
#
interface Vlanif61
 ip address 192.168.61.1 255.255.255.252
#
interface Vlanif200
 ip address 172.18.16.1 255.255.255.0
 nat outbound 2999
#
interface Virtual-Template1
 ppp authentication-mode pap
 remote address pool l2tpLns1
 ip address 18.18.18.1 255.255.255.0
#
interface Virtual-Template2
 ppp authentication-mode pap
 remote address pool l2tpLns2
 ip address 29.29.29.1 255.255.255.240
#
interface GigabitEthernet0/0/0
 port hybrid pvid vlan 200
 undo port hybrid vlan 1
 port hybrid untagged vlan 200
#
interface GigabitEthernet0/0/1
 port hybrid pvid vlan 200
 undo port hybrid vlan 1
 port hybrid untagged vlan 200
#
interface GigabitEthernet0/0/2
 port hybrid pvid vlan 200
 undo port hybrid vlan 1
 port hybrid untagged vlan 200
#
interface GigabitEthernet0/0/3
 port hybrid pvid vlan 200
 undo port hybrid vlan 1
 port hybrid untagged vlan 200
#
interface GigabitEthernet0/0/4
 port hybrid pvid vlan 200
 undo port hybrid vlan 1
 port hybrid untagged vlan 200
#
interface GigabitEthernet0/0/5
 port hybrid pvid vlan 200
 undo port hybrid vlan 1
 port hybrid untagged vlan 200
#
interface GigabitEthernet0/0/6
 port hybrid pvid vlan 200
 undo port hybrid vlan 1
 port hybrid untagged vlan 200
#
interface GigabitEthernet0/0/7
 port hybrid pvid vlan 200
 undo port hybrid vlan 1
 port hybrid untagged vlan 200
#
interface GigabitEthernet0/0/8
 description vpn
 tcp adjust-mss 1200
 ip address 183.62.165.123 255.255.255.248
 ipsec policy testjb
#
interface GigabitEthernet0/0/9
 ip address 192.168.1.1 255.255.255.0
 port media type fiber
   undo negotiation auto
 combo-port fiber
#
interface GigabitEthernet0/0/10
 description VirtualPort
#
interface Cellular0/0/0
#
interface Cellular0/0/1
#
interface NULL0
#
l2tp-group 1
 undo tunnel authentication
 allow l2tp virtual-template 2
 tunnel name donzhi
#
l2tp-group 2
 undo tunnel authentication
 allow l2tp virtual-template 1 remote adminvpn
 tunnel name lac2
#
ospf 1
#
 ftp server enable
 set default ftp-directory flash:
#
 info-center timestamp log format-date
#
 snmp-agent local-engineid 800007DB0328A6DBAE19C9
 snmp-agent community read %^%#SdRSO7y,X3=4Yi5`U6sK'C4AZK`;XR*={:F_C%#PWm(~Y>k]}J(,&*=oaG64cyWFI]QO_'SWmh9Uw3!+%^%#
 snmp-agent sys-info version all
 snmp-agent target-host trap-hostname snmp192.168.100.245 address 192.168.100.245 udp-port 161 trap-paramsname snmp192.168.100.245
 snmp-agent target-host trap-paramsname snmp192.168.100.245 v2c securityname %^%#V@JL3KU0D3ALRt1SnHr"dz}0%Q!]!LHfNp6`N>rU%^%#
 snmp-agent trap enable
 snmp-agent
#
 telnet server enable
#
 http secure-server ssl-policy default_policy
 http server enable
 http secure-server enable
#
ip route-static 0.0.0.0 0.0.0.0 GigabitEthernet0/0/8 183.62.165.126
ip route-static 10.10.0.0 255.255.0.0 172.18.16.2
ip route-static 10.100.0.0 255.255.0.0 Virtual-Template1
ip route-static 172.16.44.0 255.255.255.0 Virtual-Template2
ip route-static 172.18.0.0 255.255.0.0 172.18.16.2
ip route-static 172.18.30.0 255.255.255.0 18.18.18.254
ip route-static 172.18.32.0 255.255.240.0 Virtual-Template1
ip route-static 172.19.16.0 255.255.255.0 Virtual-Template1
ip route-static 192.168.0.0 255.255.0.0 172.18.16.2
ip route-static 192.168.1.0 255.255.255.0 Virtual-Template2 29.29.29.13 preference 50
ip route-static 192.168.1.0 255.255.255.0 Virtual-Template1 preference 40
ip route-static 192.168.10.0 255.255.255.0 172.18.16.2
#
user-interface con 0
 authentication-mode aaa
user-interface vty 0
 authentication-mode aaa
 user privilege level 15
 idle-timeout 0 0
user-interface vty 1 4
 authentication-mode aaa
#
wlan ac
#
ops
#
autostart
#
return
<Donzhi_VPN>