NetScreen NS-25/50 Boot Loader Version 3.0.0 (Checksum: D1C6421F)
Copyright (c) 1997-2003 NetScreen Technologies, Inc.
Total physical memory: 128MB
    Test - Pass
    Initialization - Done
Model Number: NS-50
Hit any key to run loader
Hit any key to run loader
Hit any key to run loader
Hit any key to run loader
Loading default system p_w_picpath from on-board flash disk...
Ignore p_w_picpath authentication!
Start loading...
.........................................................................................................
Done.
 
Juniper Networks, Inc
Copyright, 1997-2006
Version 5.4.0r11.0
Load Manufacture Information ... Done
Load NVRAM Information ... (5.4.0)Done
Install module init vectors
Verify ACL register default value (at hw reset) ... Done
Verify ACL register read/write ... Done
Verify ACL rule read/write ... Done
Verify ACL rule search ... Done
MD5("a") = 0cc175b9 c0f1b6a8 31c399e2 69772661
MD5("abc") = 90015098 3cd24fb0 d6963f7d 28e17f72
MD5("message digest") = f96b697d 7cb7938d 525a2f31 aaf161d0
Verify DES register read/write ... Done
Install modules (00e40000,01a81198) ...
load dns table . Done
Initializing DI 1.1.0-ns
System config (1702 bytes) loaded
.
Done.
Load System Configuration ...................................................................................................Warning: Outgoing Dial-Up policy is configured without an matching incoming policy.
OK if a matching incoming policy is configured later.
......Warning: Outgoing Dial-Up policy is configured without an matching incoming policy.
OK if a matching incoming policy is configured later.
.................................Done
system init done..
login: System change state to Active(1)
默认:netscreen/netscreen
ns50-> get ?           
address              show address book                                     
admin                show admin information                                          
alarm                show alarm info                                   
alg                  application layer gateway information                                                         
alg-portnum          get ALG port num                                    
alias                get alias definitions                                         
arp                  show ARP entries                                    
asp                  asp                       
attack               show attacks                                
auth                 show authentication information                                                   
auth-server          authentication server settings                                                  
clock                show system clock                                     
config               show system configuration                                             
console              show console parameters                                           
counter              show counters                                 
di                   get deep inspection parameters                                                  
dip                  show all dips in a vsys or root                                                   
dip-in               show incoming dip table info                                                
dns                  show dns info                                 
domain               show domain name                                    
dot1x                display IEEE802.1X global configuration                                                           
envar                show environment variables                                              
event                show event messages                                       
file                 show file information                                         
firewall             show firewall protection information                                                        
gate                 show gate info                                  
group                show groups                               
group-expression     group expressions details                                             
hostname             show host name                                  
igmp                 IGMP                        
ike                  get IKE info                                
infranet             Infranet Controller configuration                                                     
interface            show interfaces                                   
ip                   get ip parameters                                     
ip-classification    Show IP classification                                          
ippool               get ippool info                                   
ipsec                get ipsec information                                         
l2tp                 get l2tp information                                        
lance                show driver info                                    
license-key          get license key info                                        
log                  show log info                                 
mac-learn            show mac learning table                                           
memory               show memory info                                    
mip                  show all mips in a vsys or root                                                   
multicast-group-policy mu                       
nrtp                 show nrtp information                                         
nsmgmt               show NSM agent status/configuration                                                       
nsrp                 show nsrp info                                  
ntp                  get ntp parameters                                      
os                   show task information                                         
password-policy      password policy                                   
performance          get performance info                                        
pim                  show global PIM-SM information                                                  
pki                  show the pki settings                                         
policy               show policy                               
ppp                  get PPP settings                                    
pppoe                show pppoe configuration and stat                                                   
proxy-id             *** proxy-id setting                                        
rm                   show resource management info                                                 
route                show routes in a vrouter                                            
sa                   show security association                                             
sa-filter            config debug message per SA filter                                                      
scheduler            show scheduler                                  
scp                  show SCP status                                   
service              show service book                                     
session              show all sessions                                     
snmp                 show SNMP information
snmpwalk             snmp walk
socket               show socket info
ssh                  show SSH status
ssl                  show ssl info
syslog               show syslog information
system               show system info
tech-support         show tech support information
timer                show timer info
traffic-shaping      show traffic shaping info
url                  show url filter information
user                 show user
user-group           user group settings
vip                  show virtual IP info
***                  show *** session
***-group            Keyword for showing *** group setup
***monitor           show *** monitor parameters
vrouter              show virtual router info
webauth              webauth settings
webtrends            show webtrends information
xauth                get xauth information
xlate                show xlate ctx info
zone                 configure zone
ns50-> get
 
配置文件
set clock dst-off
set clock timezone 8
set vrouter trust-vr sharable
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
unset auto-route-export
exit
set auth-server "Local" id 0
set auth-server "Local" server-name "Local"
set auth default auth server "Local"
set auth radius accounting port 1646
set admin name "netscreen"
set admin password "nKVUM2rwMUzPcrkG5sWIHdCtqkAibn"
set admin auth timeout 10
set admin auth server "Local"
set admin format dos
set zone "Trust" vrouter "trust-vr"
set zone "Untrust" vrouter "trust-vr"
set zone "DMZ" vrouter "trust-vr"
set zone "VLAN" vrouter "trust-vr"
set zone "Untrust-Tun" vrouter "trust-vr"
set zone "Trust" tcp-rst
set zone "Untrust" block
unset zone "Untrust" tcp-rst
set zone "MGT" block
set zone "DMZ" tcp-rst
set zone "VLAN" block
unset zone "VLAN" tcp-rst
set zone "Untrust" screen tear-drop
set zone "Untrust" screen syn-flood
set zone "Untrust" screen ping-death
set zone "Untrust" screen ip-filter-src
set zone "Untrust" screen land
set zone "V1-Untrust" screen tear-drop
set zone "V1-Untrust" screen syn-flood
set zone "V1-Untrust" screen ping-death
set zone "V1-Untrust" screen ip-filter-src
set zone "V1-Untrust" screen land
set interface "ethernet1" zone "Trust"
set interface "ethernet2" zone "DMZ"
set interface "ethernet3" zone "Untrust"
unset interface vlan1 ip
set interface ethernet1 ip 192.168.2.254/24
set interface ethernet1 nat
set interface ethernet3 ip 58.246.5.62/29
set interface ethernet3 route
unset interface vlan1 bypass-others-ipsec
unset interface vlan1 bypass-non-ip
set interface ethernet1 ip manageable
set interface ethernet3 ip manageable
set interface ethernet3 manage ping
set interface ethernet3 manage telnet
set interface ethernet3 manage web
unset flow no-tcp-seq-check
set flow tcp-syn-check
set pki authority default scep mode "auto"
set pki x509 default cert-path partial
set address "Trust" "192.168.2.0/24" 192.168.2.0 255.255.255.0
set address "Trust" "lic_svr" 192.168.2.202 255.255.255.255
set address "Untrust" "192.168.220.0/24" 192.168.220.0 255.255.255.0
set user "user1" uid 4
set user "user1" ike-id u-fqdn "user1@ssipex.com" share-limit 1
set user "user1" type  ike
set user "user1" "enable"
set user "user2" uid 5
set user "user2" ike-id u-fqdn "user2@ssipex.com" share-limit 1
set user "user2" type  ike
set user "user2" "enable"
set user-group "***_grp" id 3
set user-group "***_grp" user "user1"
set ike p1-proposal "TO-WG" preshare group2 esp 3des sha-1 minute 480
set ike p2-proposal "TO-WG2" group2 esp 3des sha-1 minute 60
set ike gateway "TO-WG" address 58.32.236.46 Main outgoing-interface "ethernet3" preshare "j4EBhpkuN+Y0qIs8PUCObOhSDgn1CCeNyw==" proposal "pre-g2-3des-sha"
set ike gateway  "TO-WG" nat-traversal
set ike gateway "TO-WG" nat-traversal udp-checksum
set ike gateway "TO-WG" nat-traversal keepalive-frequency 5
set ike gateway "user1_p1" dialup "***_grp" Aggr outgoing-interface "ethernet3" seed-preshare "V03Ya1RJNTHCa/slP9CLOtSkgmnBAxvFwA==" proposal "pre-g2-des-md5"
unset ike gateway "user1_p1" nat-traversal
set ike gateway "user2_p1" dialup "user2" Aggr outgoing-interface "ethernet3" preshare "/DdbMdKHNmQ3k***fjCUqHPGP/nfScp4ZQ==" proposal "pre-g2-3des-sha"
unset ike gateway "user2_p1" nat-traversal
set ike respond-bad-spi 1
unset ike ikeid-enumeration
unset ike dos-protection
unset ipsec access-session enable
set ipsec access-session maximum 5000
set ipsec access-session upper-threshold 0
set ipsec access-session lower-threshold 0
set ipsec access-session dead-p2-sa-timeout 0
unset ipsec access-session log-error
unset ipsec access-session info-exch-connected
unset ipsec access-session use-error-log
set *** "TO-WG-×××" gateway "TO-WG" no-replay tunnel idletime 0 proposal "nopfs-esp-3des-sha"
set *** "user1_p2" gateway "user1_p1" replay tunnel idletime 0 proposal "g2-esp-des-md5"
set *** "user2_p2" gateway "user2_p1" replay tunnel idletime 0 proposal "g2-esp-3des-sha"
set ***-group id 1
set url protocol websense
exit
set policy id 8 name "user2" from "Trust" to "Untrust"  "192.168.2.0/24" "Dial-Up ×××" "ANY" tunnel *** "user2_p2" id 12 pair-policy 7
set policy id 8
exit
set policy id 7 name "user2" from "Untrust" to "Trust"  "Dial-Up ×××" "192.168.2.0/24" "ANY" tunnel *** "user2_p2" id 12 pair-policy 8
set policy id 7
exit
set policy id 6 name "user1" from "Trust" to "Untrust"  "192.168.2.0/24" "Dial-Up ×××" "ANY" tunnel *** "user1_p2" id 11 pair-policy 5
set policy id 6
exit
set policy id 5 name "user1" from "Untrust" to "Trust"  "Dial-Up ×××" "192.168.2.0/24" "ANY" tunnel *** "user1_p2" id 11 pair-policy 6
set policy id 5
exit
set policy id 4 from "Untrust" to "Trust"  "192.168.220.0/24" "192.168.2.0/24" "ANY" tunnel *** "TO-WG-×××" id 4 pair-policy 3 log
set policy id 4
set log session-init
exit
set policy id 3 from "Trust" to "Untrust"  "192.168.2.0/24" "192.168.220.0/24" "ANY" tunnel *** "TO-WG-×××" id 4 pair-policy 4 log
set policy id 3
set log session-init
exit
set policy id 1 from "Trust" to "Untrust"  "Any" "Any" "ANY" permit log
set policy id 1
exit
set nsmgmt bulkcli reboot-timeout 60
set nsmgmt bulkcli reboot-wait 0
set ssh version v2
set config lock timeout 5
set snmp port listen 161
set snmp port trap 162
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
unset add-default-route
set route 10.1.1.0/24 interface ethernet1 gateway 192.168.2.202
set route 0.0.0.0/0 interface ethernet3 gateway 58.246.5.57
exit
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
exit