Scribd Logo
Carica

Benvenuto in Scribd!

  • Capacitacion Juniper Pymes PDF

    Caricato da

    Carlos Alberto Perdomo Polania
    115 visualizzazioni9 pagine
    SRX_100_LOWMEM board revision major:0, minor:0, serial #: AT0612AF0730 OCTEON CN5020-SCP pass 1.1, Core clock: 500 MHz, DDR clock: 266 MHz (532 MHz data rate) flash: 4 MB USB: scanning bus for devices. 3 usb Device(s) found scanning bus for storage devices. 1 storage Device(s). Done BIST check passed Press space to abort autoboot in 1

    Descrizione originale:

    Titolo originale

    CAPACITACION JUNIPER PYMES.PDF

    Copyright

    © © All Rights Reserved

    Formati disponibili

    PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    SRX_100_LOWMEM board revision major:0, minor:0, serial #: AT0612AF0730 OCTEON CN5020-SCP pass 1.1, Core clock: 500 MHz, DDR clock: 266 MHz (532 MHz data rate) flash: 4 MB USB: scanning bus for devices. 3 usb Device(s) found scanning bus for storage devices. 1 storage Device(s). Done BIST check passed Press space to abort autoboot in 1

    Copyright:

    © All Rights Reserved
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    115 visualizzazioni9 pagine

    Capacitacion Juniper Pymes PDF

    Caricato da

    Carlos Alberto Perdomo Polania
    SRX_100_LOWMEM board revision major:0, minor:0, serial #: AT0612AF0730 OCTEON CN5020-SCP pass 1.1, Core clock: 500 MHz, DDR clock: 266 MHz (532 MHz data rate) flash: 4 MB USB: scanning bus for devices. 3 usb Device(s) found scanning bus for storage devices. 1 storage Device(s). Done BIST check passed Press space to abort autoboot in 1

    Copyright:

    © All Rights Reserved
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 9

    CAPACITACION PYMES ROUTERS JUNIPER SRX100B.

    PRUEBAS LABORATORIO JUNIPER PASO A PASO

    1. ESTABLECER PASSWORD ESTANDAR

    Arranque.El arranque normal del puede tomar hasta 3 minu:


    U-Boot 1.1.6-JNPR-2.0 (Build time: Nov 17 2010 - 07:04:52)
    SRX_100_LOWMEM board revision major:0, minor:0, serial #:
    AT0612AF0730
    OCTEON CN5020-SCP pass 1.1, Core clock: 500 MHz, DDR clock: 266 MHz (532
    Mhz data rate) DRAM: 512 MB
    Starting Memory POST...
    Checking datalines... OK
    Checking address lines...
    OK
    Checking 512K memory for U-Boot...
    OK. Running U-Boot CRC Test... OK.
    Flash: 4 MB
    USB: scanning bus for devices... 3 USB Device(s) found
    scanning bus for storage devices... 1 Storage Device(s) found
    Clearing DRAM....... done
    BIST check passed.
    Boot Media: nand-flash usb
    Net: pic init done (err = 0)octeth0
    POST Passed
    Press SPACE to abort autoboot in 1 seconds Punto de aborto autoboot quedando el equipo con prompt =>
    ELF file is 32 bit
    Loading .text @ 0x8f000078 (244960 bytes)
    Loading .rodata @ 0x8f03bd58 (13940 bytes)
    Loading .rodata.str1.4 @ 0x8f03f3cc (16648 bytes)
    Loading set_Xcommand_set @ 0x8f0434d4 (100
    bytes) Loading .rodata.cst4 @ 0x8f043538 (20
    bytes)
    Loading .data @ 0x8f044000 (5608 bytes)
    Loading .data.rel.ro @ 0x8f0455e8 (120
    bytes) Loading .data.rel @ 0x8f045660
    (136 bytes) Clearing .bss @ 0x8f0456e8
    (11656 bytes)
    ## Starting application at 0x8f000078 ...
    Consoles: U-Boot console
    Found compatible API, ver. 2.0
    FreeBSD/MIPS U-Boot bootstrap loader, Revision 2.0
    (builder@warth.juniper.net, Wed Nov 17 07:07:32 UTC
    2010) Memory: 512MB
    [0]Booting from nand-flash slice 1
    Un-Protected 1
    sectors writing to
    flash... Protected 1
    sectors
    Loading /boot/defaults/loader.conf
    /kernel data=0xa78f68+0xddf50 syms=[0x4+0x83830+0x4+0xbdbbf]

    CAPACITACION PYMES ROUTERS JUNIPER SRX100B.

    Hit [Enter] to boot immediately, or space bar for command prompt. Termina proceso autoboot. Se
    puede abortar aqu para entrar a proceso de restauracin password del usuario root. Quedara el
    equipo en prompt loader>. Ejecutar commando boot s en dado caso.
    loader> boot -s
    Enter full pathname of shell or 'recovery' for root password recovery or RETURN for
    /bin/sh: recovery
    root@srxB % cli
    root@srxB> configure

    [edit]
    gestion# delete
    This will delete the entire configuration
    Delete everything under this level? [yes,no] (no) yes
    [edit]
    gestion # set system root-authentication plain-text-password
    New password: TmX85col
    Retype new password: TmX85col

    gestion # set system login user gestion authentication plain-text-password


    New password: TmX85col
    Retype new password: TmX85col

    2. CONFIGURACION DEFAULT
    set system login user gestion class super-user
    set system login user gestion uid 2000
    set system services ssh
    set system services telnet
    set system services xnm-clear-text
    set system services web-management http interface vlan.0
    set system services web-management https system-generated-certificate
    set system services web-management https interface vlan.0

    CAPACITACION PYMES ROUTERS JUNIPER SRX100B.

    3. CONFIGURACION SERVICIOS PYMES


    1.
    2.
    3.
    4.

    INTERNET IP PUBLICA + DHCP CON IP PRIVADA


    INTERNET IP PUBLICA + DHCP CON IP PRIVADA + TELEF. BASICA (GAOKE IAD).
    INTERNET IP PUBLICA + DHCP CON IP PRIVADA + TRONCAL SIP ETHERNET CON AUDIOCODEC.
    INTERNET IP PUBLICA + DHCP CON IP PRIVADA + TRONCAL SIP CENTRALIZADA.

    SE DEBE TENER EN CUENTA QUE LA INFORMACION DE DIRECCIONAMIENTO ESTA SUJETA A LA PRE


    CONFIGURACION DE CADA SERVICIO, EN COLOR ROJO SE RESALTAN LOS PARAMETROS A CAMBIAR

    1.

    CONFIGURACION INTERNET IP PUBLICA + DHCP CON IP PRIVADA

    set system services dhcp router 192.168.1.1


    set system services dhcp pool 192.168.1.0/24 address-range low 192.168.1.2
    set system services dhcp pool 192.168.1.0/24 address-range high 192.168.1.254
    set system services dhcp pool 192.168.1.0/24 maximum-lease-time 2419200
    set system services dhcp pool 192.168.1.0/24 default-lease-time 1209600
    set system services dhcp pool 192.168.1.0/24 name-server 200.26.137.135
    set system services dhcp pool 192.168.1.0/24 name-server 200.14.207.210
    set system services dhcp propagate-settings vlan.3
    set system syslog archive files 3
    set system syslog user * any emergency
    set system syslog file messages any critical
    set system syslog file messages authorization info
    set system syslog file interactive-commands interactive-commands error
    set system max-configurations-on-flash 5
    set system max-configuration-rollbacks 5
    set interfaces fe-0/0/0 unit 0 family ethernet-switching vlan members PRIVADA
    set interfaces fe-0/0/1 unit 0 family ethernet-switching vlan members PRIVADA
    set interfaces fe-0/0/2 unit 0 family ethernet-switching vlan members PUBLICA
    set interfaces fe-0/0/3 unit 0 family ethernet-switching vlan members PUBLICA
    set interfaces fe-0/0/7 description WAN_CLARO
    set interfaces fe-0/0/7 vlan-tagging
    set interfaces fe-0/0/7 unit 1197 vlan-id 1197
    set interfaces fe-0/0/7 unit 1197 family inet address 10.175.127.180/21
    set interfaces vlan unit 0 family inet address 192.168.1.1/24
    set interfaces vlan unit 100 family inet address 190.85.189.49/29
    set routing-options static route 0.0.0.0/0 next-hop 10.175.127.254
    set protocols stp
    set security screen ids-option untrust-screen icmp ping-death
    set security screen ids-option untrust-screen ip source-route-option
    set security screen ids-option untrust-screen ip tear-drop
    set security screen ids-option untrust-screen tcp syn-flood alarm-threshold 1024
    set security screen ids-option untrust-screen tcp syn-flood attack-threshold 200
    set security screen ids-option untrust-screen tcp syn-flood source-threshold 1024
    set security screen ids-option untrust-screen tcp syn-flood destination-threshold 2048
    set security screen ids-option untrust-screen tcp syn-flood timeout 20
    set security screen ids-option untrust-screen tcp land
    set security nat source pool NAT address 190.85.189.49/29
    set security nat source rule-set ONETOONE from zone LAN
    set security nat source rule-set ONETOONE to zone WAN
    set security nat source rule-set ONETOONE rule RULENAT match source-address 192.168.1.0/24
    set security nat source rule-set ONETOONE rule RULENAT then source-nat pool NAT
    set security policies from-zone LAN to-zone WAN policy SALIDA match source-address any
    set security policies from-zone LAN to-zone WAN policy SALIDA match destination-address any
    set security policies from-zone LAN to-zone WAN policy SALIDA match application any
    set security policies from-zone LAN to-zone WAN policy SALIDA then permit
    set security policies from-zone WAN to-zone LAN policy ENTRADA match source-address any

    CAPACITACION PYMES ROUTERS JUNIPER SRX100B.

    set security policies from-zone WAN to-zone LAN policy ENTRADA match destination-address any
    set security policies from-zone WAN to-zone LAN policy ENTRADA match application any
    set security policies from-zone WAN to-zone LAN policy ENTRADA then permit
    set security zones security-zone LAN host-inbound-traffic system-services all
    set security zones security-zone LAN host-inbound-traffic protocols all
    set security zones security-zone LAN interfaces vlan.0
    set security zones security-zone LAN interfaces vlan.100
    set security zones security-zone WAN host-inbound-traffic system-services all
    set security zones security-zone WAN interfaces fe-0/0/7.1197
    set vlans PRIVADA vlan-id 3
    set vlans PRIVADA l3-interface vlan.0
    set vlans PUBLICA vlan-id 100
    set vlans PUBLICA l3-interface vlan.100

    2.

    INTERNET IP PUBLICA + DHCP CON IP PRIVADA + TELEF. BASICA (GAOKE IAD).

    set system services dhcp router 192.168.1.1


    set system services dhcp pool 192.168.1.0/24 address-range low 192.168.1.2
    set system services dhcp pool 192.168.1.0/24 address-range high 192.168.1.254
    set system services dhcp pool 192.168.1.0/24 maximum-lease-time 2419200
    set system services dhcp pool 192.168.1.0/24 default-lease-time 1209600
    set system services dhcp pool 192.168.1.0/24 name-server 200.26.137.135
    set system services dhcp pool 192.168.1.0/24 name-server 200.14.207.210
    set system services dhcp propagate-settings vlan.3
    set system syslog archive files 3
    set system syslog user * any emergency
    set system syslog file messages any critical
    set system syslog file messages authorization info
    set system syslog file interactive-commands interactive-commands error
    set system max-configurations-on-flash 5
    set system max-configuration-rollbacks 5
    set interfaces fe-0/0/0 unit 0 family ethernet-switching vlan members PRIVADA
    set interfaces fe-0/0/1 unit 0 family ethernet-switching vlan members PRIVADA
    set interfaces fe-0/0/2 unit 0 family ethernet-switching vlan members PUBLICA
    set interfaces fe-0/0/3 unit 0 family ethernet-switching vlan members PUBLICA
    set interfaces fe-0/0/4 unit 0 family ethernet-switching vlan members TELEFONIA
    set interfaces fe-0/0/7 description WAN_CLARO
    set interfaces fe-0/0/7 vlan-tagging
    set interfaces fe-0/0/7 unit 78 vlan-id 78
    set interfaces fe-0/0/7 unit 78 family inet address 10.152.52.93/21
    set interfaces fe-0/0/7 unit 79 vlan-id 79
    set interfaces fe-0/0/7 unit 79 family inet address 10.177.51.157/21
    set interfaces vlan unit 0 family inet address 192.168.1.1/24
    set interfaces vlan unit 100 family inet address 181.48.158.105/29
    set interfaces vlan unit 200 family inet address 10.8.200.33/29
    set routing-options static route 0.0.0.0/0 next-hop 10.177.48.1
    set routing-options static route 172.31.0.0/16 next-hop 10.152.48.1
    set routing-options static route 10.0.0.0/8 next-hop 10.152.48.1
    set protocols stp
    set security screen ids-option untrust-screen icmp ping-death
    set security screen ids-option untrust-screen ip source-route-option
    set security screen ids-option untrust-screen ip tear-drop
    set security screen ids-option untrust-screen tcp syn-flood alarm-threshold 1024
    set security screen ids-option untrust-screen tcp syn-flood attack-threshold 200
    set security screen ids-option untrust-screen tcp syn-flood source-threshold 1024
    set security screen ids-option untrust-screen tcp syn-flood destination-threshold 2048
    set security screen ids-option untrust-screen tcp syn-flood timeout 20
    set security screen ids-option untrust-screen tcp land

    CAPACITACION PYMES ROUTERS JUNIPER SRX100B.

    set security nat source pool NAT address 181.48.158.105/29


    set security nat source rule-set ONETOONE from zone LAN
    set security nat source rule-set ONETOONE to zone WAN
    set security nat source rule-set ONETOONE rule RULENAT match source-address 192.168.1.0/24
    set security nat source rule-set ONETOONE rule RULENAT then source-nat pool NAT
    set security policies from-zone LAN to-zone WAN policy SALIDA match source-address any
    set security policies from-zone LAN to-zone WAN policy SALIDA match destination-address any
    set security policies from-zone LAN to-zone WAN policy SALIDA match application any
    set security policies from-zone LAN to-zone WAN policy SALIDA then permit
    set security policies from-zone WAN to-zone LAN policy ENTRADA match source-address any
    set security policies from-zone WAN to-zone LAN policy ENTRADA match destination-address any
    set security policies from-zone WAN to-zone LAN policy ENTRADA match application any
    set security policies from-zone WAN to-zone LAN policy ENTRADA then permit
    set security zones security-zone LAN host-inbound-traffic system-services all
    set security zones security-zone LAN host-inbound-traffic protocols all
    set security zones security-zone LAN interfaces vlan.0
    set security zones security-zone LAN interfaces vlan.100
    set security zones security-zone LAN interfaces vlan.200
    set security zones security-zone LAN interfaces fe-0/0/0.0
    set security zones security-zone WAN host-inbound-traffic system-services all
    set security zones security-zone WAN interfaces fe-0/0/7.79
    set security zones security-zone WAN interfaces fe-0/0/7.78
    set vlans PRIVADA vlan-id 3
    set vlans PRIVADA l3-interface vlan.0
    set vlans PUBLICA vlan-id 100
    set vlans PUBLICA l3-interface vlan.100
    set vlans TELEFONIA vlan-id 200
    set vlans TELEFONIA l3-interface vlan.200
    CONFIGURACION GAOKE DE TELEFONIA
    MG6002W#show ip
    WAN
    Data Port IP Address............: 138.0.60.1
    Data Port Net Mask..............: 255.255.0.0
    Data Port MAC Address...........: 00:0e:b4:07:30:a0
    Voice Port IP Address............: 10.8.200.34
    Voice Port Net Mask..............: 255.255.255.248
    Voice Port MAC Address...........: 00:0e:b4:07:30:a1
    Whether To Use the Voice Default Gateway:yes
    VOICE Default Gateway Address.......:10.8.200.33
    MG6002W#show nat-server
    Mode of network interface(0--1WAN4LAN,1--4WAN1LAN):0
    NAT Server:Data and voice transmit with different net port
    Interface type of NAT server: Data net port
    MG6002W#show vlan
    Enable voice VLAN ..........: NO
    Enable WAN VLAN ............: NO
    LAN Port 1 Configuration:
    Network Mode ...............: route
    LAN Port 2 Configuration:
    Network Mode ...............: route
    LAN Port 3 Configuration:
    Network Mode ...............: route
    LAN Port 4 Configuration:
    Network Mode ...............: route

    CAPACITACION PYMES ROUTERS JUNIPER SRX100B.

    3.

    INTERNET IP PUBLICA + DHCP CON IP PRIVADA + TRONCAL SIP ETHERNET CON AUDIOCODEC.

    set system services dhcp router 192.168.1.1


    set system services dhcp pool 192.168.1.0/24 address-range low 192.168.1.2
    set system services dhcp pool 192.168.1.0/24 address-range high 192.168.1.254
    set system services dhcp pool 192.168.1.0/24 maximum-lease-time 2419200
    set system services dhcp pool 192.168.1.0/24 default-lease-time 1209600
    set system services dhcp pool 192.168.1.0/24 name-server 200.26.137.135
    set system services dhcp pool 192.168.1.0/24 name-server 200.14.207.210
    set system services dhcp propagate-settings vlan.3
    set system syslog archive files 3
    set system syslog user * any emergency
    set system syslog file messages any critical
    set system syslog file messages authorization info
    set system syslog file interactive-commands interactive-commands error
    set system max-configurations-on-flash 5
    set system max-configuration-rollbacks 5
    set interfaces fe-0/0/0 unit 0 family ethernet-switching vlan members PRIVADA
    set interfaces fe-0/0/1 unit 0 family ethernet-switching vlan members PRIVADA
    set interfaces fe-0/0/2 unit 0 family ethernet-switching vlan members PUBLICA
    set interfaces fe-0/0/3 unit 0 family ethernet-switching vlan members PUBLICA
    set interfaces fe-0/0/4 unit 0 family ethernet-switching vlan members PLANTA
    set interfaces fe-0/0/5 unit 0 family ethernet-switching vlan members AUDIOCODEC
    set interfaces fe-0/0/7 description WAN_CLARO
    set interfaces fe-0/0/7 vlan-tagging
    set interfaces fe-0/0/7 unit 1197 vlan-id 1197
    set interfaces fe-0/0/7 unit 1197 family inet address 10.175.127.180/21
    set interfaces fe-0/0/7 unit 1198 vlan-id 1198
    set interfaces fe-0/0/7 unit 1198 family inet address 10.170.127.155/21
    set interfaces vlan unit 0 family inet address 192.168.1.1/24
    set interfaces vlan unit 100 family inet address 190.85.189.49/29
    set interfaces vlan unit 200 family inet address 10.8.35.33/29
    set interfaces vlan unit 300 family inet address 192.168.150.1/29
    set routing-options static route 0.0.0.0/0 next-hop 10.175.127.254
    set routing-options static route 172.31.0.0/16 next-hop 10.170.120.1
    set routing-options static route 10.0.0.0/8 next-hop 10.170.120.1
    set protocols stp
    set security screen ids-option untrust-screen icmp ping-death
    set security screen ids-option untrust-screen ip source-route-option
    set security screen ids-option untrust-screen ip tear-drop
    set security screen ids-option untrust-screen tcp syn-flood alarm-threshold 1024
    set security screen ids-option untrust-screen tcp syn-flood attack-threshold 200
    set security screen ids-option untrust-screen tcp syn-flood source-threshold 1024
    set security screen ids-option untrust-screen tcp syn-flood destination-threshold 2048
    set security screen ids-option untrust-screen tcp syn-flood timeout 20
    set security screen ids-option untrust-screen tcp land
    set security nat source pool NAT address 190.85.189.49/29
    set security nat source rule-set ONETOONE from zone LAN
    set security nat source rule-set ONETOONE to zone WAN
    set security nat source rule-set ONETOONE rule RULENAT match source-address 192.168.1.0/24
    set security nat source rule-set ONETOONE rule RULENAT then source-nat pool NAT
    set security policies from-zone LAN to-zone WAN policy SALIDA match source-address any
    set security policies from-zone LAN to-zone WAN policy SALIDA match destination-address any
    set security policies from-zone LAN to-zone WAN policy SALIDA match application any
    set security policies from-zone LAN to-zone WAN policy SALIDA then permit
    set security policies from-zone WAN to-zone LAN policy ENTRADA match source-address any
    set security policies from-zone WAN to-zone LAN policy ENTRADA match destination-address any

    CAPACITACION PYMES ROUTERS JUNIPER SRX100B.

    set security policies from-zone WAN to-zone LAN policy ENTRADA match application any
    set security policies from-zone WAN to-zone LAN policy ENTRADA then permit
    set security policies from-zone AUDIOCODEC to-zone PLANTA policy ENTRADA match source-address any
    set security policies from-zone AUDIOCODEC to-zone PLANTA policy ENTRADA match destination-address any
    set security policies from-zone AUDIOCODEC to-zone PLANTA policy ENTRADA match application any
    set security policies from-zone AUDIOCODEC to-zone PLANTA policy ENTRADA then permit
    set security policies from-zone PLANTA to-zone AUDIOCODEC policy SALIDA match source-address any
    set security policies from-zone PLANTA to-zone AUDIOCODEC policy SALIDA match destination-address any
    set security policies from-zone PLANTA to-zone AUDIOCODEC policy SALIDA match application any
    set security policies from-zone PLANTA to-zone AUDIOCODEC policy SALIDA then permit
    set security policies from-zone WAN to-zone AUDIOCODEC policy ENTRADA match source-address any
    set security policies from-zone WAN to-zone AUDIOCODEC policy ENTRADA match destination-address any
    set security policies from-zone WAN to-zone AUDIOCODEC policy ENTRADA match application any
    set security policies from-zone WAN to-zone AUDIOCODEC policy ENTRADA then permit
    set security policies from-zone AUDIOCODEC to-zone WAN policy SALIDA match source-address any
    set security policies from-zone AUDIOCODEC to-zone WAN policy SALIDA match destination-address any
    set security policies from-zone AUDIOCODEC to-zone WAN policy SALIDA match application any
    set security policies from-zone AUDIOCODEC to-zone WAN policy SALIDA then permit
    set security zones security-zone LAN host-inbound-traffic system-services all
    set security zones security-zone LAN host-inbound-traffic protocols all
    set security zones security-zone LAN interfaces vlan.0
    set security zones security-zone LAN interfaces vlan.100
    set security zones security-zone LAN interfaces fe-0/0/0.0
    set security zones security-zone WAN host-inbound-traffic system-services all
    set security zones security-zone WAN host-inbound-traffic protocols all
    set security zones security-zone WAN interfaces fe-0/0/7.1197
    set security zones security-zone WAN interfaces fe-0/0/7.1198
    set security zones security-zone AUDIOCODEC host-inbound-traffic system-services all
    set security zones security-zone AUDIOCODEC host-inbound-traffic protocols all
    set security zones security-zone AUDIOCODEC interfaces vlan.200
    set security zones security-zone AUDIOCODEC interfaces fe-0/0/5.0
    set security zones security-zone PLANTA host-inbound-traffic system-services all
    set security zones security-zone PLANTA host-inbound-traffic protocols all
    set security zones security-zone PLANTA interfaces vlan.300
    set security zones security-zone PLANTA interfaces fe-0/0/4.0
    set vlans AUDIOCODEC vlan-id 200
    set vlans AUDIOCODEC l3-interface vlan.200
    set vlans PLANTA vlan-id 300
    set vlans PLANTA l3-interface vlan.300
    set vlans PRIVADA vlan-id 3
    set vlans PRIVADA l3-interface vlan.0
    set vlans PUBLICA vlan-id 100
    set vlans PUBLICA l3-interface vlan.100

    CAPACITACION PYMES ROUTERS JUNIPER SRX100B.

    4.

    INTERNET IP PUBLICA + DHCP CON IP PRIVADA + TRONCAL SIP CENTRALIZADA.

    set system services dhcp router 192.168.1.1


    set system services dhcp pool 192.168.1.0/24 address-range low 192.168.1.2
    set system services dhcp pool 192.168.1.0/24 address-range high 192.168.1.254
    set system services dhcp pool 192.168.1.0/24 maximum-lease-time 2419200
    set system services dhcp pool 192.168.1.0/24 default-lease-time 1209600
    set system services dhcp pool 192.168.1.0/24 name-server 200.26.137.135
    set system services dhcp pool 192.168.1.0/24 name-server 200.14.207.210
    set system services dhcp propagate-settings vlan.3
    set system syslog archive files 3
    set system syslog user * any emergency
    set system syslog file messages any critical
    set system syslog file messages authorization info
    set system syslog file interactive-commands interactive-commands error
    set system max-configurations-on-flash 5
    set system max-configuration-rollbacks 5
    set interfaces fe-0/0/0 unit 0 family ethernet-switching vlan members PRIVADA
    set interfaces fe-0/0/1 unit 0 family ethernet-switching vlan members PRIVADA
    set interfaces fe-0/0/2 unit 0 family ethernet-switching vlan members PUBLICA
    set interfaces fe-0/0/3 unit 0 family ethernet-switching vlan members PUBLICA
    set interfaces fe-0/0/4 unit 0 family ethernet-switching vlan members SIP-CENTRALIZADO
    set interfaces fe-0/0/7 description WAN_CLARO
    set interfaces fe-0/0/7 vlan-tagging
    set interfaces fe-0/0/7 unit 78 vlan-id 78
    set interfaces fe-0/0/7 unit 78 family inet address 10.152.52.93/21
    set interfaces fe-0/0/7 unit 79 vlan-id 79
    set interfaces fe-0/0/7 unit 79 family inet address 10.177.51.157/21
    set interfaces vlan unit 0 family inet address 192.168.1.1/24
    set interfaces vlan unit 100 family inet address 181.48.158.105/29
    set interfaces vlan unit 200 family inet address 10.7.233.153/30
    set routing-options static route 0.0.0.0/0 next-hop 10.177.48.1
    set routing-options static route 10.7.224.0/24 next-hop 10.152.48.1
    set protocols stp
    set security screen ids-option untrust-screen icmp ping-death
    set security screen ids-option untrust-screen ip source-route-option
    set security screen ids-option untrust-screen ip tear-drop
    set security screen ids-option untrust-screen tcp syn-flood alarm-threshold 1024
    set security screen ids-option untrust-screen tcp syn-flood attack-threshold 200
    set security screen ids-option untrust-screen tcp syn-flood source-threshold 1024
    set security screen ids-option untrust-screen tcp syn-flood destination-threshold 2048
    set security screen ids-option untrust-screen tcp syn-flood timeout 20
    set security screen ids-option untrust-screen tcp land
    set security nat source pool NAT address 181.48.158.105/29
    set security nat source rule-set ONETOONE from zone LAN
    set security nat source rule-set ONETOONE to zone WAN
    set security nat source rule-set ONETOONE rule RULENAT match source-address 192.168.1.0/24
    set security nat source rule-set ONETOONE rule RULENAT then source-nat pool NAT
    set security policies from-zone LAN to-zone WAN policy SALIDA match source-address any
    set security policies from-zone LAN to-zone WAN policy SALIDA match destination-address any
    set security policies from-zone LAN to-zone WAN policy SALIDA match application any
    set security policies from-zone LAN to-zone WAN policy SALIDA then permit
    set security policies from-zone WAN to-zone LAN policy ENTRADA match source-address any
    set security policies from-zone WAN to-zone LAN policy ENTRADA match destination-address any
    set security policies from-zone WAN to-zone LAN policy ENTRADA match application any
    set security policies from-zone WAN to-zone LAN policy ENTRADA then permit
    set security policies from-zone SIP-CENTRALIZADO to-zone WAN policy SALIDA match source-address any
    set security policies from-zone SIP-CENTRALIZADO to-zone WAN policy SALIDA match destination-address any

    CAPACITACION PYMES ROUTERS JUNIPER SRX100B.

    set security policies from-zone SIP-CENTRALIZADO to-zone WAN policy SALIDA match application any
    set security policies from-zone SIP-CENTRALIZADO to-zone WAN policy SALIDA then permit
    set security policies from-zone WAN to-zone SIP-CENTRALIZADO policy ENTRADA match source-address any
    set security policies from-zone WAN to-zone SIP-CENTRALIZADO policy ENTRADA match destination-address any
    set security policies from-zone WAN to-zone SIP-CENTRALIZADO policy ENTRADA match application any
    set security policies from-zone WAN to-zone SIP-CENTRALIZADO policy ENTRADA then permit
    set security zones security-zone LAN host-inbound-traffic system-services all
    set security zones security-zone LAN host-inbound-traffic protocols all
    set security zones security-zone LAN interfaces vlan.0
    set security zones security-zone LAN interfaces vlan.100
    set security zones security-zone LAN interfaces fe-0/0/0.0
    set security zones security-zone WAN host-inbound-traffic system-services all
    set security zones security-zone WAN host-inbound-traffic protocols all
    set security zones security-zone WAN interfaces fe-0/0/7.79
    set security zones security-zone WAN interfaces fe-0/0/7.78
    set security zones security-zone SIP-CENTRALIZADO host-inbound-traffic system-services all
    set security zones security-zone SIP-CENTRALIZADO host-inbound-traffic protocols all
    set security zones security-zone SIP-CENTRALIZADO interfaces vlan.200
    set security zones security-zone SIP-CENTRALIZADO interfaces fe-0/0/4.0
    set vlans PRIVADA vlan-id 3
    set vlans PRIVADA l3-interface vlan.0
    set vlans PUBLICA vlan-id 100
    set vlans PUBLICA l3-interface vlan.100
    set vlans SIP-CENTRALIZADO vlan-id 200
    set vlans SIP-CENTRALIZADO l3-interface vlan.200

    Potrebbero piacerti anche