ASA_VPN(IPSec)配置讲义.ppt

* * * * * * * * * * * * * * * * * * * * * * * IPSec VPN配置--ASDM IPSec VPN配置--ASDM IPSec VPN配置--ASDM IPSec VPN配置--ASDM IPSec VPN配置--ASDM 2 3 1 IPSec VPN配置--ASDM IPSec VPN配置--ASDM IPSec VPN配置--ASDM 1 2 IPSec VPN配置--ASDM 1 2 IPSec VPN配置--ASDM IPSec VPN配置--ASDM IPSec VPN配置—CLI—基本内容配置 ASA1(config)# interface GigabitEthernet0/0 ASA1(config-if)# nameif outside ASA1(config-if)# ip address ASA1(config-if)# no sh ASA1(config-iff)# interface GigabitEthernet0/1 ASA1(config-if)# nameif inside ASA1(config-if)# ip address ASA1(config-if)# no sh ASA1(config-if)#exit ASA1(config)# http server enable ASA1(config)# http 0 0 inside IPSec VPN配置—CLI—基本内容配置 ASA1(config)# access-list data extended permit ip ASA1(config)# access-list data extended permit ip ASA1(config)# access-list nat0 extended permit ip ASA1(config)# access-list nat0 extended permit ip ASA1(config)# access-list nat0 extended permit ip ASA1(config)# route outside 0 0 ASA1(config)# nat (inside) 0 access-list nat0 IPSec VPN配置—CLI—IKE配置 ASA1(config)# crypto isakmp policy 10 //定义IKE策略 ASA1(config-isakmp-policy)# authentication pre-share //定义认证方式 ASA1(config-isakmp-policy)# encryption des //定义加密算法 ASA1(config-isakmp-policy)# hash sha //定义验证数据完整性 ASA1(config-isakmp-policy)# group 2 ASA1(config-isakmp-policy)# exit ASA1(config)# isakmp key cisco address ASA1(config)# crypto isakmp enable outside //在outside接口上开启IKE L2L VPN两端的IKE参数必须一致,不然无法完成第一阶段的IKE通道的建立 IPSec VPN配置—CLI—IPSec配置 //配置IPsec参数,定义遂道中数据的加密方式.配置数据转换集名字为mytrans 两端参数一致 ASA1(config)# crypto ipsec transform-set mytrans esp-des // 将前面定义的感兴趣数据data应用到加密图 ASA1(config)# crypto map mymap 1 match address data //指定要建立VPN遂道的对端IP地址 ASA1(config)# crypto map mymap 1 set peer //将转换集mytrans应用到加密图中 ASA1(config)# crypto map mymap 1 set transform-set mytrans //将加密图应用到outside的接口上 ASA1(config)# crypto map mymap 1 interface outside IT 服务 创新 谢 谢! * * *