EzvpnonASA 拓扑 : PC/64.1.1.1-------64.1.1.10/Internet/202.1.1.10------202.1.1.1/ASA/10.1.1.1------10.1.1.100/Server ===================== 初始化配置 ========================== ASA: inte0/0 nameifoutside ipadd202.1.1.1255.255.255.0 nosh in
Ezvpn on ASA
拓扑 :
PC/64.1.1.1-------64.1.1.10/Internet/202.1.1.10------202.1.1.1/ASA/10.1.1.1------10.1.1.100/Server
===================== 初始化配置 ==========================
ASA:
int e0/0
nameif outside
ip add 202.1.1.1 255.255.255.0
no sh
int e0/1
nameif inside
ip add 10.1.1.1 255.255.255.0
no sh
route outside 0 0 202.1.1.10 // 配置默认路由
access-list out permit icmp any any echo-reply
access-group out in interface outside
在做下面配置前,请保证 PC 能 PING 通 Server
===================ASA 配置 ==============================
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash md5
group 2
crypto ipsec transform-set cisco esp-des esp-md5-hmac
crypto dynamic-map dymap 10 set transform-set cisco // 启用动态 map 关联转换集
crypto map cisco 10 ipsec-isakmp dynamic dymap // 静态 MAP 关联动态 MAP
crypto map cisco interface outside // 在接口调用静态 MAP
username cisco password cisco123 // 创建用户帐号和密码
ip local pool ippool 172.16.1.1-172.16.1.100 // 定义一个地址池
tunnel-group ipsecgroup type remote-access // 定义组类型为远程访问 VPN
tunnel-group ipsecgroup ipsec-attributes //ipsecgroup 的密码为 cisco
pre-shared-key cisco
tunnel-group ipsecgroup general-attributes // 调用地址池
address-pool ippool
650) this.width=650;" border="0" alt="" src="http://cdn.verydemo.com/upload/2013_06_01/13700525762420.jpg" />
650) this.width=650;" border="0" alt="" src="http://cdn.verydemo.com/upload/2013_06_01/13700525763121.jpg" />
(Optional)
username cisco attributes
password-storage enable // 可保存密码
实现隧道分割
group-policy user-group-policy internal // 定义一个组
group-policy user-group-policy attributes
split-tunnel-policy tunnelspecified // 隧道分割
split-tunnel-network-list value split // 感兴趣流
exi t
access-list split permit ip 10.1.1.0 255.255.255.0 any // 感兴趣流
650) this.width=650;" border="0" alt="" src="http://cdn.verydemo.com/upload/2013_06_01/13700525763812.jpg" />
group-policy user-group-policy attributes
backup-servers 1.1.1.1 // 配置备份 Server
banner value Welcome to user-group-policy // 定义一个 banner
650) this.width=650;" border="0" alt="" src="http://cdn.verydemo.com/upload/2013_06_01/13700525764503.jpg" />
650) this.width=650;" border="0" alt="" src="http://cdn.verydemo.com/upload/2013_06_01/13700525765194.jpg" />
username cisco attributes // 进入用户属性
vpn-group-policy user-group-policy // 关联刚刚创建的组
forest” 博客,转载请与作者联系!