在
ASA
防火墙上配置
Easy ***<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
1、
创建用户名和密码
Username wjc password 123
2、
创建
ACL
和地址池
Ip local pool ***-pool 192.168.1.1-192.168.1.10
Access-list 100 permit i<?xml:namespace prefix = st1 ns = "urn:schemas-microsoft-com:office:smarttags" />p 10.10.1.0 0.0.0.255 any
3、
创建组策略
Group-plicy ***-group-policy internal
Group-policy ***-group-policy attributes
Split-tunnel-policy tunnelspecified
Split-tunnel-network-list value 100
4、
创建隧道组
Tunnel-group ***-tunnel-group ipsec-ra
Tunnel-group ***-tunnel-group general-attributes
Address-pool ***-pool
Default-group-policy ***-group-policy
Tunnel-group ***-tunnel-group ipsec-attributes
Pre-shared-key groupkey
5、
创建
IKE
协商
Crypto isakmp enable outside
Crypto isakmp policy 1
Encryption aes
Hash sha
Authentication pre-share
Group 2
Exit
6、
创建数据连接的传输集
Crypto ipsec transform-set ***-set esp-aes esp-sha-hmac
7、
创建动态
MAP
Crypto dynamic-map ***-dymap 1 set transform-set ***-set
8、
创建静态
MAP
Crypto map ***-map 1 dynamic ***-dymap
9、
应用静态
MAP
Crypto map ***-map interface outside
转载于:https://blog.51cto.com/01011/410990