博远动画长期承接各类flash动画制作设计!

新疆flash动画制作,网站制作,程序开发

44317016(微信同号) 13565936697
博远动画工作室--专业flash动画制作,交互课件动画制作,产品演示动画制作,动画课件等各类动画制作。
当前位置:主页 > 新闻资讯>思科ASA5500防火墙VPN配置教程测试
博远动画flash动画工作室长期承接各类flash动画,我们给客户的是高端的视觉体验,优质的售后服务...

思科ASA5500防火墙VPN配置教程测试


很多人咨询过我,问ipsec vpn到底如何配置


常见的vpn配置为cisco思科防火墙和juniper防火墙进行配置。


QQ截图20190407235921.jpg

ASA1-----------IPSEC  VPN  Site---site-------ASA2   

验证通过!!!!!!!!!
以下标了各个疑难点,没有标注的属于超简单问题,请自行百度,如果还有问题,请联系QQ:44317016或18160686404

ASA1的配置:

asa1# show run

 

ASA Version 8.0(2)

!

hostname asa1

 

 

interface Ethernet0/0

 nameif inside

 security-level 100

 ip address 192.168.10.1 255.255.255.0

!

interface Ethernet0/1

 nameif outside

 security-level 0

 ip address 202.1.1.1 255.255.255.252

!

 

access-list 100 extended permit icmp any any

access-list 100 extended permit ip any any

access-list ipsec_vpn extended permit ip 192.168.10.0 255.255.255.0 192.168.20.0 255.255.255.0

 

 

nat-control

global (outside) 1 interface

nat (inside) 0 access-list ipsec_vpn       //匹配vpn的流量不做nat

nat (inside) 1 0.0.0.0 0.0.0.0             //内网nat流量

access-group 100 in interface outside

route outside 0.0.0.0 0.0.0.0 202.1.1.2 

 

 

crypto ipsec transform-set my_trans esp-3des esp-md5-hmac    //定义my_trans

crypto map vpn_to_test 10 match address ipsec_vpn            //关联兴趣流ACL

crypto map vpn_to_test 10 set peer 202.1.1.2                 //定义peer地址

crypto map vpn_to_test 10 set transform-set my_trans        //关联my_trans

crypto map vpn_to_test interface outside

crypto isakmp enable outside

crypto isakmp policy 10

 authentication pre-share

 encryption 3des

 hash md5

 group 2

 lifetime 86400

 

 

tunnel-group 202.1.1.2 type ipsec-l2l              //创建通道指向对端IP

tunnel-group 202.1.1.2 ipsec-attributes

 pre-shared-key cisco  //这里是密码,两端需要一致

 

 

 ------------------------------

 ASA2的配置:

asa1# show run

 

ASA Version 8.0(2)

!

hostname asa1

 

 

interface Ethernet0/0

 nameif inside

 security-level 100

 ip address 192.168.20.1 255.255.255.0

!

interface Ethernet0/1

 nameif outside

 security-level 0

 ip address 202.1.1.2 255.255.255.252

!

 

access-list 100 extended permit icmp any any

access-list 100 extended permit ip any any

access-list ipsec_vpn extended permit ip 192.168.20.0 255.255.255.0 192.168.10.0 255.255.255.0           //定义感兴趣流

 

 

nat-control

global (outside) 1 interface

nat (inside) 0 access-list ipsec_vpn       //匹配vpn的流量不做nat

nat (inside) 1 0.0.0.0 0.0.0.0             //内网nat流量

access-group 100 in interface outside

route outside 0.0.0.0 0.0.0.0 202.1.1.1 

 

 

crypto ipsec transform-set my_trans esp-3des esp-md5-hmac    //定义my_trans

crypto map vpn_to_test 10 match address ipsec_vpn            //关联兴趣流ACL

crypto map vpn_to_test 10 set peer 202.1.1.1                //定义peer地址

crypto map vpn_to_test 10 set transform-set my_trans         //关联my_trans

crypto map vpn_to_test interface outside

crypto isakmp enable outside

crypto isakmp policy 10

 authentication pre-share

 encryption 3des

 hash md5

 group 2

 lifetime 86400

 

 

tunnel-group 202.1.1.1 type ipsec-l2l         //创建通道指向对端IP

tunnel-group 202.1.1.1 ipsec-attributes

 pre-shared-key cisco  //这里是密码,两端需要一致

 

如果遇到技术问题,请尽快联系本站QQ:44317016 我们会尽快帮您解决
上一篇: 基础网络设备都包含哪些设备?
下一篇: vm虚拟机不能桥接的原因

新疆博远云创网络科技有限公司—专业flash动画制作