天下网吧 >> 网吧方案 >> 方案实例 >> 正文

ASA5510配置 远程访问VPN

    1、网络拓扑图

 
    
    网络拓扑图
   
    2、ASA具体配置
   
    部分已经省略
   
    ASA5510# show run
   
    : Saved
   
    :
   
    ASA Version 7.2(3)
   
    !
   
    hostname ASA5510
   
    domain-name zqy.com
   
    enable password oQMJ3TXqSC.skFhg encrypted
   
    names
   
    !
   
    interface Ethernet0/0
   
    nameif outside
   
    security-level 0
   
    ip address …… 255.255.255.252
   
    !
   
    interface Ethernet0/1
   
    nameif dmz
   
    security-level 50
   
    ip address 192.168.100.254 255.255.255.0
   
    !
   
    interface Ethernet0/2
   
    nameif inside2
   
    security-level 100
   
    ip address 10.0.0.5 255.255.255.252
   
    !
   
    interface Management0/0
   
    shutdown
   
    no nameif
   
    no security-level
   
    no ip address
   
    management-only
   
    !
   
    passwd 2KFQnbNIdI.2KYOU encrypted
   
    ftp mode passive
   
    clock timezone HKST 8
   
    dns server-group DefaultDNS
   
    domain-name zqy.com
   
    same-security-traffic permit inter-interface
   
    same-security-traffic permit intra-interface
   
    access-list in-out-nat extended deny ip host 192.168.1.188 any
   
    access-list in-out-nat extended permit ip 192.168.1.0 255.255.255.0 any
   
    ……这是省略一万字
   
    ip local pool ezvpn_pool 172.16.10.100-172.16.10.200 mask 255.255.255.0
   
    no failover
   
    nat-control
   
    global (outside) ……
   
    nat (dmz) 1 0.0.0.0 0.0.0.0
   
    nat (inside2) 1 0.0.0.0 0.0.0.0
   
    static (inside2,outside) ……
   
    ……省略一万字
   
    access-group out-in in interface outside
   
    access-group dmz-out-nat in interface dmz
   
    access-group in-out-nat in interface inside2
   
    route outside ……
   
    !
   
    aaa-server vpn_radius protocol radius
   
    aaa-server vpn_radius (inside2) host 192.168.1.7
   
    timeout 5
   
    key ASA5510
   
    aaa authentication enable console vpn_radius
   
    aaa accounting enable console vpn_radius
   
    crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
   
    crypto dynamic-map outside_dyn_map 20 set pfs
   
    crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
   
    crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
   
    crypto map outside_map interface outside
   
    crypto isakmp enable outside
   
    crypto isakmp policy 10
   
    authentication pre-share
   
    encryption 3des
   
    hash sha
   
    group 2
   
    lifetime 86400
   
    console timeout 0
   
    !
   
    group-policy vpngroup internal
   
    group-policy vpngroup attributes
   
    wins-server value 172.16.10.100 172.16.10.100
   
    dns-server value 192.168.1.13 192.168.1.14
   
    vpn-tunnel-protocol IPSec
   
    split-tunnel-policy tunnelspecified
   
    split-tunnel-network-list value ezvpn_splitTunnelAcl
   
    default-domain value ipgchina.com
   
    username zqy password O0qvlbgGwBBckWRt encrypted privilege 15
   
    tunnel-group vpngroup type ipsec-ra
   
    tunnel-group vpngroup general-attributes
   
    address-pool ezvpn_pool
   
    authentication-server-group vpn_radius
   
    default-group-policy vpngroup
   
    tunnel-group vpngroup ipsec-attributes
   
    pre-shared-key *
   
    smtp-server 192.168.0.155 192.168.0.156
   
    prompt hostname context
   
    Cryptochecksum:e53fcc41c616ae28c746da88e6d1e65a
   
    : end

本文来源:天下网吧 作者:网吧方案

声明
声明:本站所发表的文章、评论及图片仅代表作者本人观点,与本站立场无关。若文章侵犯了您的相关权益,请及时与我们联系,我们会及时处理,感谢您对本站的支持!联系Email:support@txwb.com,系统开号,技术支持,服务联系QQ:1175525021本站所有有注明来源为天下网吧或天下网吧论坛的原创作品,各位转载时请注明来源链接!
天下网吧·网吧天下