netscreen配置

HA口是交叉线连接

修改接口IP
-> set interface eth3 ip 10.1.1.1/23
-> set interface eth3 manage-ip 10.1.1.3

修改路由表
-> set vrouter trust-vr route 0.0.0.0/0 vrouter untrust-vr
-> set vrouter trust-vr route 10.10.0.0/16 interface ethernet1 gateway 10.1.1.2
-> set vrouter trust-vr route 10.20.0.0/16 interface ethernet1 gateway 10.1.1.3
修改策略
-> set policy from trust to dmz any any any permit
-> set policy from trust to untrust any any any permit
-> set policy from dmz to trust 10.1.1.5/32 any any permit
-> set policy from untrust to trust <addressname> any any permit

-> save

如何登录另一个路由器?

 

posted on 2010-10-20 14:16  IT老友  阅读(340)  评论(0编辑  收藏  举报

导航