NetScreen-5XT(Elite)

NetScreen-5XT(Elite)をGetしたので、現用BBRのLinksysとリプレイスしておきました。

とりあえず初期Configの設定を終え、LAN内からInternet接続が出来るように設定しておきました。

Remote Management Console login: netscreen password: ns5xt-> set console page 0 ns5xt-> ns5xt-> get config Total Config size 3710: set clock timezone 0 set vrouter trust-vr sharable set vrouter "untrust-vr" exit set vrouter "trust-vr" unset auto-route-export exit set auth-server "Local" id 0 set auth-server "Local" server-name "Local" set auth default auth server "Local" set auth radius accounting port 1646 set admin name "********" set admin password "**********************" set admin auth timeout 10 set admin auth server "Local" set admin format dos set zone "Trust" vrouter "trust-vr" set zone "Untrust" vrouter "trust-vr" set zone "VLAN" vrouter "trust-vr" set zone "Untrust-Tun" vrouter "trust-vr" set zone "Trust" tcp-rst set zone "Untrust" block unset zone "Untrust" tcp-rst set zone "MGT" block set zone "VLAN" block unset zone "VLAN" tcp-rst set zone "Untrust" screen tear-drop set zone "Untrust" screen syn-flood set zone "Untrust" screen ping-death set zone "Untrust" screen ip-filter-src set zone "Untrust" screen land set zone "V1-Untrust" screen tear-drop set zone "V1-Untrust" screen syn-flood set zone "V1-Untrust" screen ping-death set zone "V1-Untrust" screen ip-filter-src set zone "V1-Untrust" screen land set interface "trust" zone "Trust" set interface "untrust" zone "Untrust" unset interface vlan1 ip set interface trust ip 192.168.***.1/24 set interface trust nat set interface untrust ip ***.***.***.***/32 set interface untrust route set interface trust proxy dns unset interface vlan1 bypass-others-ipsec unset interface vlan1 bypass-non-ip set interface trust manage-ip 192.168.***.254 set interface trust ip manageable set interface untrust ip manageable set interface trust dhcp server service set interface trust dhcp server auto set interface trust dhcp server option gateway 192.168.***.1 set interface trust dhcp server option netmask 255.255.255.0 set interface trust dhcp server option dns1 ***.***.***.*** set interface trust dhcp server option dns2 ***.***.***.*** set interface trust dhcp server option dns3 ***.***.***.*** set interface trust dhcp server ip 192.168.***.100 to 192.168.***.199 set flow tcp-mss set flow all-tcp-mss 1304 unset flow no-tcp-seq-check set flow tcp-syn-check set console page 0 set hostname ns5xt set pki authority default scep mode "auto" set pki x509 default cert-path partial set dns host dns1 0.0.0.0 set dns host dns2 0.0.0.0 set dns proxy set dns proxy enable set dns server-select domain * primary-server ***.***.***.*** secondary-server ***.***.***.*** tertiary-server ***.***.***.*** failover set dns ddns set dns ddns enable set ike respond-bad-spi 1 unset ike ikeid-enumeration unset ipsec access-session enable set ipsec access-session maximum 5000 set ipsec access-session upper-threshold 0 set ipsec access-session lower-threshold 0 set ipsec access-session dead-p2-sa-timeout 0 unset ipsec access-session log-error unset ipsec access-session info-exch-connected unset ipsec access-session use-error-log set policy id 1 from "Trust" to "Untrust"  "Any" "Any" "ANY" permit set policy id 1 exit set pppoe name "Wat-net" set pppoe name "Wat-net" username "netscreen@juniper.net" password "*********************************" set pppoe name "Wat-net" idle 0 set pppoe name "Wat-net" static-ip set pppoe name "Wat-net" interface untrust set pppoe name "Wat-net" auto-connect 10 set nsmgmt bulkcli reboot-timeout 60 set ssh version v2 set config lock timeout 5 set modem speed 115200 set modem retry 3 set modem interval 10 set modem idle-time 10 set snmp port listen 161 set snmp port trap 162 set vrouter "untrust-vr" exit set vrouter "trust-vr" unset add-default-route exit set vrouter "untrust-vr" exit set vrouter "trust-vr" exit ns5xt->

少しずつ設定を作りこんで行こうと思います。