security-zone name Trust //安全域
import interface GigabitEthernet1/0/1 //把接口加入安全域
object-policy ip manage //创建对象策略
rule pass //规则动作
zone-pair security source trust destination local //域间应用
object-policy apply ip manage
IPSec VPN
ipsec transform-set vpn1_IPv4_1
protocol ah-esp
esp encryption-algorithm aes-cbc-256
esp authentication-algorithm sha512
ah authentication-algorithm sha512
#
ipsec policy-template vpn1 1
transform-set vpn1_IPv4_1
local-address 1.1.1.1
ike-profile vpn1_IPv4_1
sa duration time-based 86400
#
ipsec policy vpn1 1 isakmp template vpn1
#
ike profile vpn1_IPv4_1
keychain vpn1_IPv4_1
dpd interval 10 periodic
match remote identity address 0.0.0.0 0.0.0.0
match local address GigabitEthernet1/0/0
#
ike proposal 1
#
ike keychain vpn1_IPv4_1
match local address GigabitEthernet1/0/0
pre-shared-key address 0.0.0.0 0.0.0.0 key cipher $c$3$yTnoadzlYTdCQ/rwfYYMMDmc8qLJ+sccQUkq
重置密码
按 Ctrl+B 进入bootware界面
|<1> Boot System |
|<2> Enter Serial SubMenu |
|<3> Enter Ethernet SubMenu |
|<4> File Control |
|<5> Restore to Factory Default Configuration |
|<6> Skip Current System Configuration |
|<7> BootWare Operation Menu |
|<8> Skip Authentication for Console Login |
|<9> Storage Device Operation |
|<0> Reboot
<8> Skip Authentication for Console Login
<0> Reboot
undo password-recovery enable
<6> Skip Current System Configuration
<0> Reboot
ftp 192.168.0.2
put startup.cfg
password simple admin
display default-configuration
display saved-configuration
more startup.cfg
SecPathF1000升级
display boot-loader
boot-loader file flash:/F1030.ipe all main
===========================<EXTEND-BOOTWARE MENU>===========================
|<1> Boot System |
|<2> Enter Serial SubMenu |
|<3> Enter Ethernet SubMenu |
|<4> File Control |
|<5> Restore to Factory Default Configuration |
|<6> Skip Current System Configuration |
|<7> BootWare Operation Menu |
|<8> Skip Authentication for Console Login |
|<9> Storage Device Operation |
|<0> Reboot |
============================================================================