- 浏览: 182014 次
- 性别:
- 来自: 沈阳
文章分类
最新评论
-
Cash:
今日测试微信服务器,搭建tomcat8.0.9时,发布的ser ...
Tomcat 主机部署 -
Cash:
追加网通ip段:在网上没有公布出来222.128.0.0 25 ...
双ISP出口用到的ip地址表
接口启用ISAKMP:
crypto isakmp enable outside
crypto isakmp enable outside2
创建ISAKMP策略:
crypto isakmp policy 1
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 43200
定义组策略1:
group-policy vpnclient_policy internal
group-policy vpnclient_policy attributes
dns-server value 10.75.131.65 219.148.204.66
group-lock value it@lncrland
split-tunnel-policy tunnelspecified
split-tunnel-network-list value vpn-split-tunnel
定义组策略2:
group-policy ipsec_vpn_policy internal
group-policy ipsec_vpn_policy attributes
dns-server value 10.75.131.65 219.148.204.66
group-lock value lncrland
split-tunnel-policy tunnelspecified
split-tunnel-network-list value vpn-split-tunnel
定义radius服务器:
aaa-server ipsec_vpn_auth protocol radius
aaa-server ipsec_vpn_auth (inside) host 10.75.131.199
key *****
定义地址池:
ip local pool ipsec_vpn_pool 10.75.133.1-10.75.133.254 mask 255.255.254.0
ip local pool it_vpn_pool 10.75.132.101-10.75.132.255 mask 255.255.254.0
定义隧道分离内容:
access-list vpn-split-tunnel standard permit 172.17.0.0 255.255.0.0
access-list vpn-split-tunnel standard permit 172.16.0.0 255.255.0.0
access-list vpn-split-tunnel standard permit 10.0.0.0 255.0.0.0
access-list vpn-split-tunnel standard permit 192.200.40.0 255.255.255.0
access-list vpn-split-tunnel standard permit 172.20.0.0 255.255.0.0
access-list vpn-split-tunnel standard permit 172.18.0.0 255.255.0.0
access-list vpn-split-tunnel standard permit 172.19.0.0 255.255.0.0
access-list vpn-split-tunnel standard permit 172.21.0.0 255.255.0.0
定义隧道组(连接配置文件)1:
tunnel-group it@lncrland type remote-access
tunnel-group it@lncrland general-attributes
address-pool it_vpn_pool
authentication-server-group ipsec_vpn_auth LOCAL
default-group-policy vpnclient_policy
tunnel-group it@lncrland ipsec-attributes
pre-shared-key *****
定义隧道组(连接配置文件)2:
tunnel-group lncrland type remote-access
tunnel-group lncrland general-attributes
address-pool ipsec_vpn_pool
authentication-server-group ipsec_vpn_auth LOCAL
default-group-policy ipsec_vpn_policy
tunnel-group lncrland ipsec-attributes
pre-shared-key *****
!
定义ipsec策略:
crypto ipsec transform-set FirstSet esp-3des esp-md5-hmac
定义动态加密集:
crypto dynamic-map dyn1 1 set transform-set FirstSet
crypto dynamic-map dyn1 1 set reverse-route
定义静态加密集:
crypto map mymap 1 ipsec-isakmp dynamic dyn1
应用静态加密集:
crypto map mymap interface outside
crypto map mymap interface outside2
排故命令:
show vpn-sessiondb detail
crypto isakmp enable outside
crypto isakmp enable outside2
创建ISAKMP策略:
crypto isakmp policy 1
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 43200
定义组策略1:
group-policy vpnclient_policy internal
group-policy vpnclient_policy attributes
dns-server value 10.75.131.65 219.148.204.66
group-lock value it@lncrland
split-tunnel-policy tunnelspecified
split-tunnel-network-list value vpn-split-tunnel
定义组策略2:
group-policy ipsec_vpn_policy internal
group-policy ipsec_vpn_policy attributes
dns-server value 10.75.131.65 219.148.204.66
group-lock value lncrland
split-tunnel-policy tunnelspecified
split-tunnel-network-list value vpn-split-tunnel
定义radius服务器:
aaa-server ipsec_vpn_auth protocol radius
aaa-server ipsec_vpn_auth (inside) host 10.75.131.199
key *****
定义地址池:
ip local pool ipsec_vpn_pool 10.75.133.1-10.75.133.254 mask 255.255.254.0
ip local pool it_vpn_pool 10.75.132.101-10.75.132.255 mask 255.255.254.0
定义隧道分离内容:
access-list vpn-split-tunnel standard permit 172.17.0.0 255.255.0.0
access-list vpn-split-tunnel standard permit 172.16.0.0 255.255.0.0
access-list vpn-split-tunnel standard permit 10.0.0.0 255.0.0.0
access-list vpn-split-tunnel standard permit 192.200.40.0 255.255.255.0
access-list vpn-split-tunnel standard permit 172.20.0.0 255.255.0.0
access-list vpn-split-tunnel standard permit 172.18.0.0 255.255.0.0
access-list vpn-split-tunnel standard permit 172.19.0.0 255.255.0.0
access-list vpn-split-tunnel standard permit 172.21.0.0 255.255.0.0
定义隧道组(连接配置文件)1:
tunnel-group it@lncrland type remote-access
tunnel-group it@lncrland general-attributes
address-pool it_vpn_pool
authentication-server-group ipsec_vpn_auth LOCAL
default-group-policy vpnclient_policy
tunnel-group it@lncrland ipsec-attributes
pre-shared-key *****
定义隧道组(连接配置文件)2:
tunnel-group lncrland type remote-access
tunnel-group lncrland general-attributes
address-pool ipsec_vpn_pool
authentication-server-group ipsec_vpn_auth LOCAL
default-group-policy ipsec_vpn_policy
tunnel-group lncrland ipsec-attributes
pre-shared-key *****
!
定义ipsec策略:
crypto ipsec transform-set FirstSet esp-3des esp-md5-hmac
定义动态加密集:
crypto dynamic-map dyn1 1 set transform-set FirstSet
crypto dynamic-map dyn1 1 set reverse-route
定义静态加密集:
crypto map mymap 1 ipsec-isakmp dynamic dyn1
应用静态加密集:
crypto map mymap interface outside
crypto map mymap interface outside2
排故命令:
show vpn-sessiondb detail
发表评论
-
ospf重分发默认路由无法进入路由表问题
2020-11-12 17:30 1103机房内设备升级改造,核心交换机与3台互联网路由器对接,中间 ... -
javascript 自动填写用户已输入的用户名及密码
2013-01-17 15:22 4600<!DOCTYPE html PUBLIC " ... -
H3C Spanning Tree
2012-12-21 10:07 1728stp mode stp stp instance 1 ... -
关于ASA5520的radius认证remote vpn用户配置延时
2012-08-17 13:53 2441近日对ciscovpn认证服务器进行迁移发现ASA5520配置 ... -
windows2008R2 NPS导致dhcp无法分派地址
2012-08-16 16:36 3359近几天正在考虑将nps在windows2008r2系统(已部署 ... -
双ISP出口用到的ip地址表
2012-08-14 16:59 1343中国电信ip段 http://bgp.he.net/AS413 ... -
ciscoRV042对接cisco2951,日志
2012-08-07 13:12 2741在2951上的ike策略10无法与RV042的策略匹配,需要手 ... -
静态路由重分发进入ospf的深入学习
2012-05-03 11:29 4993路由器与三层交换机已形成ospf邻居关系, 现在要将与此台 ... -
ip地址分类,英文文章,说的很透彻
2012-05-03 09:08 1383Network Address Range: Class A ... -
H3C MSR50-40 路由器,关闭web管理
2012-01-09 16:56 1329[MSR50-40] undo ip http enable ... -
路由器接口参数及意义
2011-12-21 20:33 1499router#sh int fa0/0 FastEtherne ... -
cisco设备telnet显示console日志信息
2011-12-20 21:55 1372全局模式下输入命令:terminal monitor -
FTP 被动、主动模式解析
2011-12-10 19:52 802Technical background What dis ... -
关于MSTP线路的Qos拥塞控制问题!
2011-10-08 23:05 1614mstp线路为用户接入提供超过2Mbps的接入速度,为sdh提 ... -
cisco路由器密码重置
2011-09-21 11:40 1153when the router is starting to ... -
windows2003中文版,windows2008R2英文版,dhcp服务器迁移
2011-07-19 16:20 17981)windows2003 netsh dhcp se ... -
IIS页面访问问题
2011-07-07 20:45 1086(转) “您未被授权查看该页,您不具备使用所提供的凭 ... -
常用端口号
2011-06-27 21:58 1055List of TCP and UDP port number ... -
关于cisco 4507R的主控板卡冗余
2011-06-24 11:30 1975切换主处理板卡:redundancy force−switch ... -
ASA5200的NAT旁路访问DMZ区域!
2011-04-26 22:39 1948最近开始搞cisco ASA设备,发现在nat的acl中无法使 ...
相关推荐
ASA5520_端口映射配置,非常详细,有事例讲解清晰!
CISCO ASA 5520配置手册.htm
cisco asa5520 基本配置!
cisco ASA5520 IOS+ASDM asa841-k8.bin asa842-k8.bin asdm-701.bin asdm-641.bin
CISCO ASA5520 IOS ASDM完整包。ASA5520ios恢复。asdm启用。asa841-k8.bin-asa924-k8.bin五个版本ios和asdm-641.binasdm-701.binasdm-781.bin三个版本。含教程。亲测可用。
* rommon #5> PORT=GigabitEthernet0/0(设置 ASA5520 设备的 GE 口) * rommon #6> sync(保存设置) * rommon #7> ping 192.168.0.2(测试与 PC 机的连通性) * rommon #8> tftpdnld(执行 IOS 恢复) 四、TFTP ...
ASA5520-1: ciscoasa> en Password: ciscoasa# conf t ciscoasa(config)# hostname ASA5520 ASA5520(config)# int g0/0 ASA5520(config-if)# nameif outside INFO: Security level for "outside" set to 0 by ...
思科防火墙的详细配置资料,根据公司的需要为客户配置思科防火墙asa5520.
以上是基于给定配置文件内容的关键知识点总结,这些配置覆盖了ASA防火墙的基本配置、安全策略制定、地址转换以及高级安全功能(如IPsec和SSL)等方面。对于实际操作Cisco ASA设备的人来说,理解这些配置及其作用至关...
ASA5520防火墙双机配置详解 本文将详细介绍ASA5520防火墙的安装配置过程,包括超级终端连接防火墙、防火墙提供的四种管理访问模式、基本配置步骤、配置防火墙的名称、口令、网卡等。 一、超级终端连接防火墙 首先...
ASA5520服务器发布基本配置
asa 5520 操作手册 asa 5520 操作手册
Cisco ASA 5520 IOS Cisco ASA 5520 IOS
ASa5520的具体配置说明,可以方便的为你提供所需要的配置及说明
ASA5520的升级文件,将原始版本升级到917版本的中间版本,验证升级包有效。
这是一个关于CISCO网络设备中ASA 5520防火墙的一个配置实例!
升级顺序才能完成升级,最好不要跳级,否则容易丢失配置或者License So the upgrade step should be 7.0->7.1->7.2->8.2->8.4(6)->9.1x 所以,必须升级到8.2,也就是asa821-k8.bin,再升级到8.4(6),也就是asa846....
ASA5520系列防火墙的软件,版本为917,升级前需要将ASA的软件版本升级到847以上,否则会因版本跨度过大导致升级失败。