ASA-1配置

: Saved
:
ASA Version 8.0(2)
!
hostname ASA-1
enable password 8Ry2YjIyt7RRXU24 encrypted
names
!
interface Ethernet0/0
 nameif outside
 security-level 0
 ip address 61.67.1.1 255.255.255.0
!
interface Ethernet0/1
 nameif inside
 security-level 100
 ip address 192.168.1.254 255.255.255.0
!
interface Ethernet0/2
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet0/3
 shutdown     
 no nameif    
 no security-level
 no ip address
!             
interface Ethernet0/4
 shutdown     
 no nameif    
 no security-level
 no ip address
!             
interface Ethernet0/5
 shutdown     
 no nameif    
 no security-level
 no ip address
!             
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
access-list out-to-in extended permit icmp any any echo
access-list out-to-in extended permit icmp any any echo-reply
access-list IPSEC extended permit ip 192.168.1.0 255.255.255.0 172.16.1.0 255.255.255.0
pager lines 24
mtu outside 1500
mtu inside 1500
no failover   
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list IPSEC
nat (inside) 1 192.168.1.0 255.255.255.0
access-group out-to-in in interface outside
route outside 0.0.0.0 0.0.0.0 61.67.1.2 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set IPSEC esp-des esp-md5-hmac
crypto map IPSEC 1 match address IPSEC
crypto map IPSEC 1 set peer 202.112.1.1
crypto map IPSEC 1 set transform-set IPSEC
crypto map IPSEC interface outside
crypto isakmp enable outside
crypto isakmp policy 1
 authentication pre-share
 encryption des
 hash md5     
 group 2      
 lifetime 86400
crypto isakmp policy 65535
 authentication pre-share
 encryption 3des
 hash sha     
 group 2      
 lifetime 86400
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
!             
class-map inspection_default
 match default-inspection-traffic
!             
!             
policy-map type inspect dns preset_dns_map
 parameters   
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny  
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip  
  inspect xdmcp
!             
service-policy global_policy global
tunnel-group 202.112.1.1 type ipsec-l2l
tunnel-group 202.112.1.1 ipsec-attributes
 pre-shared-key *
tunnel-group IPSEC type ipsec-l2l
tunnel-group IPSEC ipsec-attributes
 pre-shared-key *
prompt hostname context
Cryptochecksum:d41d8cd98f00b204e9800998ecf8427e
: end

ASA-2配置:

: Saved
:
ASA Version 8.0(2)
!
hostname ASA-2
enable password 8Ry2YjIyt7RRXU24 encrypted
names
!
interface Ethernet0/0
 nameif outside
 security-level 0
 ip address 202.112.1.1 255.255.255.0
!
interface Ethernet0/1
 nameif inside
 security-level 100
 ip address 172.16.1.254 255.255.255.0
!
interface Ethernet0/2
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet0/3
 shutdown     
 no nameif    
 no security-level
 no ip address
!             
interface Ethernet0/4
 shutdown     
 no nameif    
 no security-level
 no ip address
!             
interface Ethernet0/5
 shutdown     
 no nameif    
 no security-level
 no ip address
!             
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
access-list out-to-in extended permit icmp any any echo
access-list out-to-in extended permit icmp any any echo-reply
access-list IPSEC extended permit ip 172.16.1.0 255.255.255.0 192.168.1.0 255.255.255.0
pager lines 24
mtu outside 1500
mtu inside 1500
no failover   
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list IPSEC
nat (inside) 1 172.16.1.0 255.255.255.0
access-group out-to-in in interface outside
route outside 0.0.0.0 0.0.0.0 202.112.1.2 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set IPSEC esp-des esp-md5-hmac
crypto map IPSEC 1 match address IPSEC
crypto map IPSEC 1 set peer 61.67.1.1
crypto map IPSEC 1 set transform-set IPSEC
crypto map IPSEC interface outside
crypto isakmp enable outside
crypto isakmp policy 1
 authentication pre-share
 encryption des
 hash md5     
 group 2      
 lifetime 86400
crypto isakmp policy 65535
 authentication pre-share
 encryption 3des
 hash sha     
 group 2      
 lifetime 86400
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
!             
class-map inspection_default
 match default-inspection-traffic
!             
!             
policy-map type inspect dns preset_dns_map
 parameters   
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny  
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip  
  inspect xdmcp
!             
service-policy global_policy global
tunnel-group 61.67.1.1 type ipsec-l2l
tunnel-group 61.67.1.1 ipsec-attributes
 pre-shared-key *
tunnel-group IPSEC type ipsec-l2l
tunnel-group IPSEC ipsec-attributes
 pre-shared-key *
prompt hostname context
Cryptochecksum:d41d8cd98f00b204e9800998ecf8427e
: end

ASA IPSEC VPN配置的更多相关文章

  1. IPSEC VPN配置实例

    TL-R400VPN应用——IPSEC VPN配置实例 TL-ER6120是TP-LINK专为企业应用而开发的VPN路由器,具备强大的数据处理能力,并且支持丰富的软件功能,包括VPN.IP/MAC 地 ...

  2. cisco路由器IPSEC VPN配置(隧道模式)

    拓扑如下: R1配置hostname R1enable password cisco  crypto isakmp policy 1        #创建IKE协商策略,编号为1 encr 3des  ...

  3. windows7 自带l2tp/ipsec VPN客户端连接Cisco ASA

    搞了半天,最后发现其实很简单,在ASA默认配置的基础上,把所有crypto ipsec ikev1 transform-set 加上mode transport,然后把tunnel-group Def ...

  4. Azure Site to Site VPN 配置手册

    目录 1    Azure Site to Site VPN配置前的准备    1 1.1    设备兼容    1 1.2    网络要求和注意事项    1 2    配置Azure site t ...

  5. 跨云应用部署第一步:使用IPSEC VPN连接AWS中国版和Windows Azure中国版

    随着公有云的普及,越来越多的客户将关键应用迁移到云端.但是事实证明,没有哪家云服务提供商可以提供100%的SLA,无论是例行维护还是意外中断服务,对于客户的关键应用而言,都会受到不同程度的影响.此外, ...

  6. 利用开源软件strongSwan实现支持IKEv2的企业级IPsec VPN,并结合FreeRadius实现AAA协议(下篇)

    续篇—— 利用开源软件strongSwan实现支持IKEv2的企业级IPsec VPN,并结合FreeRadius实现AAA协议(上篇) 上篇文章写了如何构建一个支持IKEv2的VPN,本篇记录的是如 ...

  7. 架设基于StrongSwan的L2tp/IPSec VPN服务器

    架设基于StrongSwan的L2tp/IPSec VPN服务器 参考: http://agit8.turbulent.ca/bwp/2011/01/setting-up-a-vpn-server-w ...

  8. PPTPD/L2TP/IPSec VPN一键安装包 For CentOS 6

    一.一键安装PPTPD VPN 本教程适用于Openv VPS.Xen VPS或者KVM VPS. 1.首先运行如下命令: cat /dev/net/tun 返回的必须是: cat: /dev/net ...

  9. 如何在 Debian / Ubuntu 服务器上架设 L2TP / IPSec VPN

    本站的 Rio 最近在一台 Ubuntu 和一台 Debian 主机上配置了 L2TP / IPSec VPN,并在自己的博客上做了记录.原文以英文写就,我把它大致翻译了一下,结合我和 Rio 在设置 ...

随机推荐

  1. hdu1503

    #include<iostream> #include<cstdio> #include<cstdlib> #include<cstring> #inc ...

  2. IIS中asp网站播放flv视频技术

    播放flv视频文件需要使用flvplayer.swf程序(32K). HTML嵌入代码: <div id="FlashFile"> <object type=&q ...

  3. kettle 数据迁移 (转)

    最近在公司搞一个项目重构迁移问题,旧项目一直在线上跑,重构的项目则还没上线.重构之后数据库表结构,字段,类型等都有变化,而且重构的数据库由oracl改为mysql.这样就设计到数据迁移问题,别人推荐下 ...

  4. Godiva_百度百科

    Godiva_百度百科 北京 三里屯 北京市朝阳区三里屯路19号院10号楼一层S10-13单元及二层S10-22单元 100027 北京朝阳大悦城北京市朝阳区朝阳北路101号朝阳大悦城1号商业楼1F- ...

  5. web前端网页开发一般过程

    看见很多新手同学前端开发,效率比较慢.总是拿起代码就敲,不分析,没有逻辑,反而使效率变慢.所谓磨刀不误砍柴工,有一个良好的过程,才是最主要的: 1.分析平面效果图,在草稿纸上画出基本结构图 2.建立项 ...

  6. Swift - 使用socket进行通信(附聊天室样例)

    在Swift开发中,如果我们需要保持客服端和服务器的长连接进行双向的数据通信,使用socket是一种很好的解决方案. 下面通过一个聊天室的样例来演示socket通信,这里我们使用了一个封装好的sock ...

  7. NM_CUSTOMDRAW 消息

    When the control first starts to paint itself, in response to a WM_PAINT, you receive a NM_CUSTOMDRA ...

  8. 键盘皇者 RealForce 104Pro独家评测

    http://tech.sina.cn/?sa=t84d20738943v44&page=2&pwt=rest2&vt=4&from=mbaidu&clickt ...

  9. libuv 初窥--转

    过年了,人都走光了,结果一个人活也干不了.所以我便想找点东西玩玩. 今天想试一下 libev 写点代码.原本在我那台 ubuntu 机器上一点问题都没有,可在 windows 机上用 mingw 编译 ...

  10. Swift语言Auto Layout入门教程:上篇

    原文:Beginning Auto Layout Tutorial in Swift: Part 1/2,译者:@TurtleFromMars 开始用自动布局约束的方式思考吧! 更新记录:该教程由Br ...