ASA 5500 serial Configuration Examples for Remote Access IPsec VPN

  ASA 5545 9.0的配置命令

  (IKEv1)

  hostname(config)# interface ethernet0

  hostname(config-if)# ip address 10.10.4.200 255.255.0.0

  hostname(config-if)# nameif outside

  hostname(config-if)# no shutdown

  hostname(config)# crypto ikev1 policy 1

  hostname(config-ikev1-policy)# authentication pre-share

  hostname(config-ikev1-policy)# encryption 3des

  hostname(config-ikev1-policy)# hash sha

  hostname(config-ikev1-policy)# group 2

  hostname(config-ikev1-policy)# lifetime 43200

  hostname(config)# crypto ikev1 enable outside

  hostname(config)# ip local pool testpool192.168.0.10-192.168.0.15

  hostname(config)# username testuser password 12345678

  hostname(config)# crypto ipsec ikev1 transform-set FirstSetesp-3des esp-sha-hmac

  hostname(config)# tunnel-group testgroup type remote-access

  hostname(config)# tunnel-group testgroup general-attributes

  hostname(config-general)# address-pool testpool

  hostname(config)# tunnel-group testgroup ipsec-attributes

  hostname(config-ipsec)# ikev1 pre-shared-key 44kkaol59636jnfx

  hostname(config)# crypto dynamic-map dyn1 1 set ikev1 transform-setFirstSet

  hostname(config)# crypto dynamic-map dyn1 1 set reverse-route

  hostname(config)# crypto map mymap 1 ipsec-isakmp dynamicdyn1

  hostname(config)# crypto map mymap interface outside

  hostname(config)# write memory

  (IKEv2)

  hostname(config)# interface ethernet0

  hostname(config-if)# ip address 10.10.4.200 255.255.0.0

  hostname(config-if)# nameif outside

  hostname(config-if)# no shutdown

  hostname(config)# crypto ikev2 policy 1

  hostname(config-ikev2-policy)# authentication pre-share

  hostname(config-ikev2-policy)# group 2

  hostname(config-ikev2-policy)# integrity sha

  hostname(config-ikev2-policy)# lifetime 43200

  hostname(config-ikev2-policy)# prf sha

  hostname(config)# crypto ikev2 outside

  hostname(config)# ip local pool testpool192.168.0.10-192.168.0.15

  hostname(config)# username testuser password 12345678

  hostname(config)# crypto ipsec ikev2 ipsec-proposal FirstSet

  hostname(config-ipsec-proposal)# protocol esp encryption 3desaes

  hostname(config)# tunnel-group testgroup type remote-access

  hostname(config)# tunnel-group testgroup general-attributes

  hostname(config-general)# address-pool testpool

  hostname(config)# tunnel-group testgroup webvpn-attributes

  hostname(config-webvpn)# authentication aaa certificate

  hostname(config)# crypto dynamic-map dyn1 1 set ikev2ipsec-proposal FirstSet

  hostname(config)# crypto dynamic-map dyn1 1 set reverse-route

  hostname(config)# crypto map mymap 1 ipsec-isakmp dynamicdyn1

  hostname(config)# crypto map mymap interface outside

  hostname(config)# write memory

 

发表评论

邮箱地址不会被公开。 必填项已用*标注