Thanked everybody first a great god
Problem: unable to open the end 10.0.0.6 this service end
On the tip:
HTTP Status 404 -/CCDS
Type Status report
The message/CCDS
Description The requested resource is not available.
Apache Tomcat/7.0.86
Telecom local network environment: cat, TP router, huawei USG6000 firewall
Router: 20.23.202.1
Firewall: 0 interface management
1 mouth outside net 20.23.202.135 TP the router
2 mouth Intranet 10.0.19.1 by internal network switch
On the network environment
Telecommunications optical fiber, huawei USG6000 firewall
To end the IP: 20.24.202.1
To end the internal server 10.0.0.6
I operate steps:
1, according to the USG6000 wizard for the DHCP configuration Internet connection,
Set up the Internet 0/0/1, the
Set the network interface 0/0/2,
Set the DHCP
Set up after the completion of the test can interface 2 network computer on the network, open the web page,
2, set the IPSEC
Set strategy, security policy, allowing both ends network can access Intranet to end devices, allowing access for IP network DuanGong ends itself, a total of four strategies;
Set the network - static routing;
Set up the network - IPSEC
3, the configuration of NAT
Set strategy, security strategy,
Set up strategy, NAT, configure NAT address pool, configuration source NAT;
After the match is still unable to open the application server end 10.0.0.6
On the tip
HTTP Status 404 -/CCDS
Type Status report
The message/CCDS
Description The requested resource is not available.
Apache Tomcat/7.0.86
Where there is no matching is excuse me?
Detailed configuration is as follows:
! Software Version V500R001C60SPC500
! The Last configuration was saved at the end of the 2019-08-12 07:30:31 UTC
#
Sysname USG6300
#
L2tp domain suffix - the separator @
#
Authentication - profile name portal_authen_default
#
Ipsec sha2 compatible enable
#
Undo the factory - the configuration prohibit
#
Undo Telnet server enable
Undo Telnet ipv6 server enable
#
Clock timezone Beijing add 08:00:00
#
Firewall detect FTP
#
Firewall defend the action the discard
#
The log type traffic enable
The log type, the syslog enable
The log type, the policy enable
#
Undo dataflow enable
#
Undo the sa force - detection enable
#
Isp name "China mobile" set filename China - mobile. CSV
Isp name "China unicom" set filename China - unicom. CSV
Isp name "China telecom" set filename China - telecom. CSV
Isp name "China educationnet set filename" China - educationnet. CSV
#
User - the manage web - authentication security port 8887
The password policy -
Level high
User - the manage single sign - on AD
User - the manage single sign - on the TSM
User - the manage single sign - on the radius
User - the manage auto - sync online - user
Page - setting
User - the manage security version tlsv1.1 tlsv1.2
#
Firewall ids authentication type aes256
#
Web - manager security version tlsv1.1 tlsv1.2
Web - manager enable
Web - manager security enable
#
Firewall dataplane to manageplane application - apperceive the default - the action drop
#
DNS resolve
The DNS server unnumbered interface GigabitEthernet0/0/1
DNS proxy enable
#
DHCP enable
#
Update the schedule ips - SDB daily o
Update the schedule av - SDB daily o
Update the schedule sa - SDB daily o
Update the schedule of CNC daily o
Update the schedule file - reputation daily o
#
Ike DPD type periodic
#
IP VPN - instance default
Ipv4 font-family
#
Time - range worktime
Period - range 08:00:00 to 18:00:00 working - day
#
The acl number 3000
Rule 5 permit IP source 10.0.19.0 0.0.0.255 destination 10.0.0.0 0.0.0.255
#
Ipsec proposal prop12814327690
Esp authentication algorithm md5 -
Esp encryption algorithm des -
#
Ike proposal default
Aes encryption algorithm aes - 256 aes - 192-128
Dh group14
Authentication - algorithm sha2 sha2 sha2-512-384-256
The authentication method the pre - share
Integrity - algorithm hmac - sha2-256
PRF hmac - sha2-256
Ike proposal 1
Encryption algorithm des -
Dh group1
Authentication - algorithm sha1
The authentication method the pre - share
Integrity - algorithm hmac - sha1-96
PRF hmac - sha1
#
Ike peer ike12814327690
Exchange - mode aggressive
The pre - Shared - key # % ^ % uwy ~ O2GExL & lt;/[: ` Mpm wMY_4 & gt; 0 l - xPSPrDB2Xj + & gt; 2% % ^ #
Ike - proposal 1
Remote - address 20.24.202.1
#
Ipsec policy ipsec1281432772 1 isakmp
Security acl 3000
Ike - peer ike12814327690
Proposal prop12814327690
Tunnel local applied - interface
Alias policy_1
Sa the trigger mode auto -
Sa duration traffic - -based 1843200
Sa duration time - -based 3600
#
Web - auth - server default
The port 50100
#
Portal - access - profile name default
#
Aaa
The authentication scheme - the default
The authentication scheme - admin_local
The authentication scheme - admin_radius_local
The authentication scheme - admin_hwtacacs_local
The authentication scheme - admin_ad_local
The authentication scheme - admin_ldap_local
The authentication scheme - admin_radius
The authentication scheme - admin_hwtacacs
The authentication scheme - admin_ad
The authentication scheme - admin_ldap
Authorization - scheme default
Accounting - scheme default
Domain default
Service -type internetaccess SSL VPN - l2tp Ike
The Internet - access mode password
nullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnull