思科ASA5510防火墙 SSL VPN配置
! hostname cisco enable password 2OU enable names ! interface Ethernet0/0 nameif outside security-level 0 ip address 211.148.X.X 255.255.255.240 ! interface E ..!
hostname cisco
enable password 2OU enable
names
!
interface Ethernet0/0
nameif outside
security-level 0
ip address 211.148.X.X 255.255.255.240
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 192.168.1.39 255.255.252.0
!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif management
security-level 100
ip address 10.10.10.254 255.255.255.0
management-only
!
passwd 2KFQnbNIdI.2KYOU enable
ftp mode passive
clock timezone HKST 8
access-list no_nat extended permit ip any 192.168.5.0 255.255.255.0
pager lines 24
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu management 1500
ip local pool vpnclientpool 192.168.5.1-192.168.5.254 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-603.bin
no asdm history enable
arp timeout 14400
nat (inside) 0 access-list no_nat
route outside 0.0.0.0 0.0.0.0 211.148.142.85 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 10.10.10.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ca trustpoint localtrust
enrollment self
fqdn x.y.com
subject-name CN=211.148.X.X
ip-address 211.148.X.X
keypair sslvpnkey
crl configure
crypto ca certificate chain localtrust
certificate 31
30820222 3082018b a0030201 02020131 300d0609 2a864886 f70d0101 04050030
57311830 16060355 0403130f 3231312e 3134382e 3134322e 31333931 3b301b06
092a8648 86f70d01 0902160e 6b646761 73612e6b 64672e63 6f6d301c 06092a86
4886f70d 01090813 0f323131 2e313438 2e313432 2e313339 301e170d 31313033
31303134 33373338 5a170d32 31303330 37313433 3733385a 30573118 30160603
55040313 0f323131 2e313438 2e313432 2e313339 313b301b 06092a86 4886f70d
01090216 0e6b6467 6173612e 6b64672e 636f6d30 1c06092a 864886f7 0d010908
130f3231 312e3134 382e3134 322e3133 3930819f 300d0609 2a864886 f70d0101
01050003 818d0030 81890281 8100d0da e7d62022 fb09db57 3fa1d975 58f4e3cd
ff506eaf 554c5938 b08d0379 1579766b 94f70213 6bb50044 57bb64df 027599ce
43127e6d 157c2ee7 d73ddf6b c08e7b54 10556af6 eef9b83d 69cc03f2 49df2edb
229d4404 6324d2d3 b031014b 0780139a 68d4bce5 6cb1f61c 28bad07b 67a9ded7
2a987d5a 5b0413d7 92d313e3 e17f0203 01000130 0d06092a 864886f7 0d010104
05000381 81003084 ef79b180 9a3ccb5b 49960864 db561f82 5e0d4f28 9913310e
f1c1cdde 6b24dbb3 d58d7ec3 fa912887 f90fa48d a2abc329 739c5419 3c83bfb3
68f820aa a452e982 5eed6657 b4b20a97 a55760a8 ac1248e4 62c97807 e69c4aca
c4c99c1e 8852c833 f42d96df e38be6d0 7baff03a b8be99c3 1e65f0ac eb32f7e1
a51f241e 625a
quit
no crypto isakmp nat-traversal
no vpn-addr-assign aaa
no vpn-addr-assign dhcp
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
ssl trust-point localtrust outside
webvpn
enable outside
svc image disk0:/sslclient-win-1.1.4.179-anyconnect.pkg 1
svc enable
group-policy sslvpn_gp01 internal
group-policy sslvpn_gp01 attributes
dns-server value 192.168.1.3
vpn-tunnel-protocol svc
default-domain value kdg.com
address-pools value vpnclientpool
webvpn
svc keep-installer installed
svc ask enable default svc
username test01 password iFBLEO4jejJz4.OK encrypted
username test01 attributes
vpn-group-policy sslvpn_gp01
service-type remote-access
tunnel-group sslclient_tg01 type remote-access
tunnel-group sslclient_tg01 general-attributes
default-group-policy sslvpn_gp01
tunnel-group sslclient_tg01 webvpn-attributes
group-alias SSL_VPN_01 enable
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:2b4a1598043d89d336495e3ba775394f
不错,学习了 {:6_267:}{:6_267:}{:6_267:}{:6_267:} {:6_267:}{:6_267:} {:6_278:}看不懂啊,有说明的不?谢谢! 太棒了,感谢楼主 太棒了,感谢楼主 Thanks for your information. Thanks for your information.
Thanks for your information.
页:
[1]