Cisco EZVPN的初始配置

hostname xxxx

enable password 8RXRXIyt7RUURy2YRXURXUjIyt7RRRXRXUIyt7RUXU24 
encrypted names 
 
 ======================配置接口IP====================================== 
interface E0/0 
nameif inside  
security-level 100  
ip address 10.1.1.1 255.255.255.0 !  
interface E0/1 
nameif outside s
ecurity-level 0  
ip address 222.222.222.1 255.255.255.0  
 
=======================定义内外网数据流ACL======================== 
access-list INSIDE_IN extended permit icmp any any 
access-list INSIDE_IN extended permit IP any any 
access-list OUTSIDE_IN extended permit icmp any any  
access-list NO_NAT extended permit ip 10.1.1.0 255.255.255.0 192.168.1.0 255.255.0.0  
access-list NO_NAT extended permit ip 192.168.1.0 255.255.255.0 10.1.1.0 255.255.255.0
 
  ======================定义分配拨号用户地址池=========================== 
ip local pool vpnpool  192.168.1.100-192.168.1.199  
 
======================NAT转换语句================================= 
global (outside) 1 interface  
nat (inside) 0 access-list NO-NAT
nat (inside) 1 10.1.1.0 255.255.255.0  
 
======================路由========================================== 
route outside 0.0.0.0 0.0.0.0 222.222.222.2 1  
 
========================应用ACL到接口============================== 
access-group INSIDE_IN in interface inside 
access-group OUTSIDE_IN in interface outside  
 
========================定义加密算法及加密图===================== 
crypto ipsec transform-set ESP esp-des esp-md5-hmac  
crypto dynamic-map outside_dyn_map 10 set transform-set ESP 
crypto dynamic-map outside_dyn_map 10 set reverse-route  
crypto map outsidemap 10 ipsec-isakmp dynamic outside_dyn_map 
crypto map outsidemap interface outside 
crypto isakmp enable outside 
crypto isakmp policy 1 
authentication pre-share 
encryption des 
hash md5 
group 2  
 
=======================定义策略组===================== 
service-policy global_policy global 
group-policy MYGROUP internal 
group-policy MYGROUP attributes 
vpn-tunnel-protocol IPSec  
 
=====================配置用户和密码================== 
username cisco password cisco  
 
============定义隧道组并应用拨号地址池,定义共享密钥================== 
tunnel-group hivpn type ipsec-ra  
tunnel-group hivpn general-attributes 
address-pool vpnpool  
default-group-policy MYGROUP  
tunnel-group hivpn ipsec-attributes 
pre-shared-key cisco 
prompt hostname context 
Cryptochecksum:d4fe4080014deada00b8e2d2952fb69b 
: end 
ciscoasa# 
posted @ 2021-12-13 16:08  天海沙  阅读(267)  评论(0)    收藏  举报