代码语言:javascript复制
#从windows CA 中导出CA及申请服务器证书
pki import domain zm der ca filename certnew.cer
pki import domain zm p12 local filename ssl.pfx
#
radius scheme zm
primary authentication 192.168.9.2
key authentication simple 123123
user-name-format without-domain
#
pki domain zm
public-key rsa signature name zm
undo crl check enable
#
ssl server-policy zm
pki-domain zm
#
ssl*** gateway zm
ip address 1.2.3.4
ssl server-policy zm
service enable
#
interface SSL×××-AC1
ip address 10.200.200.1 255.255.255.224
#
ssl*** ip address-pool zm 10.200.200.2 10.200.200.30
#
security-zone name Trust
import interface SSL×××-AC1
#
ssl*** context zm
gateway zm
ip-tunnel interface SSL×××-AC1
ip-tunnel address-pool zm mask 27
ip-route-list zm
include 192.168.0.0 255.255.0.0
policy-group zm
filter ip-tunnel 3000
ip-tunnel access-route ip-route-list zm
aaa domain zm
service enable
#
user-group ***user
authorization-attribute ssl***-policy-group ***user
#
domain zm
# authorization-attribute user-group ***user
authentication ssl*** ldap-scheme zm
authorization ssl*** none
accounting ssl*** none
#
