EzvpnonASA

EzvpnonASA 拓扑 : PC/64.1.1.1-------64.1.1.10/Internet/202.1.1.10------202.1.1.1/ASA/10.1.1.1------10.1.1.100/Server ===================== 初始化配置 ========================== ASA: inte0/0 nameifoutside ipadd202.1.1.1255.255.255.0 nosh in

Ezvpn on ASA

拓扑:

PC/64.1.1.1-------64.1.1.10/Internet/202.1.1.10------202.1.1.1/ASA/10.1.1.1------10.1.1.100/Server

=====================初始化配置==========================

ASA:

int e0/0

nameif outside

ip add 202.1.1.1 255.255.255.0

no sh

int e0/1

nameif inside

ip add 10.1.1.1 255.255.255.0

no sh

route outside 0 0 202.1.1.10 //配置默认路由

access-list out permit icmp any any echo-reply

access-group out in interface outside

在做下面配置前，请保证PC能PING通Server

===================ASA配置==============================

crypto isakmp enable outside

crypto isakmp policy 10

authentication pre-share

encryption 3des

hash md5

group 2

crypto ipsec transform-set cisco esp-des esp-md5-hmac

crypto dynamic-map dymap 10 set transform-set cisco //启用动态map关联转换集

crypto map cisco 10 ipsec-isakmp dynamic dymap //静态MAP关联动态MAP

crypto map cisco interface outside //在接口调用静态MAP

username cisco password cisco123 //创建用户帐号和密码

ip local pool ippool 172.16.1.1-172.16.1.100 //定义一个地址池

tunnel-group ipsecgroup type remote-access //定义组类型为远程访问VPN

tunnel-group ipsecgroup ipsec-attributes //ipsecgroup的密码为cisco

pre-shared-key cisco

tunnel-group ipsecgroup general-attributes //调用地址池

address-pool ippool

(Optional)

username cisco attributes

password-storage enable //可保存密码

实现隧道分割

group-policy user-group-policy internal //定义一个组

group-policy user-group-policy attributes

split-tunnel-policy tunnelspecified //隧道分割

split-tunnel-network-list value split //感兴趣流

exit

access-list split permit ip 10.1.1.0 255.255.255.0 any //感兴趣流

group-policy user-group-policy attributes

backup-servers 1.1.1.1 //配置备份Server

banner value Welcome to user-group-policy //定义一个banner

username cisco attributes //进入用户属性

vpn-group-policy user-group-policy //关联刚刚创建的组

forest” 博客，转载请与作者联系！