ASA-1配置

: Saved
:
ASA Version 8.0(2)
!
hostname ASA-1
enable password 8Ry2YjIyt7RRXU24 encrypted
names
!
interface Ethernet0/0
 nameif outside
 security-level 0
 ip address 61.67.1.1 255.255.255.0
!
interface Ethernet0/1
 nameif inside
 security-level 100
 ip address 192.168.1.254 255.255.255.0
!
interface Ethernet0/2
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet0/3
 shutdown     
 no nameif    
 no security-level
 no ip address
!             
interface Ethernet0/4
 shutdown     
 no nameif    
 no security-level
 no ip address
!             
interface Ethernet0/5
 shutdown     
 no nameif    
 no security-level
 no ip address
!             
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
access-list out-to-in extended permit icmp any any echo
access-list out-to-in extended permit icmp any any echo-reply
access-list IPSEC extended permit ip 192.168.1.0 255.255.255.0 172.16.1.0 255.255.255.0
pager lines 24
mtu outside 1500
mtu inside 1500
no failover   
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list IPSEC
nat (inside) 1 192.168.1.0 255.255.255.0
access-group out-to-in in interface outside
route outside 0.0.0.0 0.0.0.0 61.67.1.2 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set IPSEC esp-des esp-md5-hmac
crypto map IPSEC 1 match address IPSEC
crypto map IPSEC 1 set peer 202.112.1.1
crypto map IPSEC 1 set transform-set IPSEC
crypto map IPSEC interface outside
crypto isakmp enable outside
crypto isakmp policy 1
 authentication pre-share
 encryption des
 hash md5     
 group 2      
 lifetime 86400
crypto isakmp policy 65535
 authentication pre-share
 encryption 3des
 hash sha     
 group 2      
 lifetime 86400
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
!             
class-map inspection_default
 match default-inspection-traffic
!             
!             
policy-map type inspect dns preset_dns_map
 parameters   
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny  
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip  
  inspect xdmcp
!             
service-policy global_policy global
tunnel-group 202.112.1.1 type ipsec-l2l
tunnel-group 202.112.1.1 ipsec-attributes
 pre-shared-key *
tunnel-group IPSEC type ipsec-l2l
tunnel-group IPSEC ipsec-attributes
 pre-shared-key *
prompt hostname context
Cryptochecksum:d41d8cd98f00b204e9800998ecf8427e
: end

ASA-2配置:

: Saved
:
ASA Version 8.0(2)
!
hostname ASA-2
enable password 8Ry2YjIyt7RRXU24 encrypted
names
!
interface Ethernet0/0
 nameif outside
 security-level 0
 ip address 202.112.1.1 255.255.255.0
!
interface Ethernet0/1
 nameif inside
 security-level 100
 ip address 172.16.1.254 255.255.255.0
!
interface Ethernet0/2
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet0/3
 shutdown     
 no nameif    
 no security-level
 no ip address
!             
interface Ethernet0/4
 shutdown     
 no nameif    
 no security-level
 no ip address
!             
interface Ethernet0/5
 shutdown     
 no nameif    
 no security-level
 no ip address
!             
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
access-list out-to-in extended permit icmp any any echo
access-list out-to-in extended permit icmp any any echo-reply
access-list IPSEC extended permit ip 172.16.1.0 255.255.255.0 192.168.1.0 255.255.255.0
pager lines 24
mtu outside 1500
mtu inside 1500
no failover   
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list IPSEC
nat (inside) 1 172.16.1.0 255.255.255.0
access-group out-to-in in interface outside
route outside 0.0.0.0 0.0.0.0 202.112.1.2 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set IPSEC esp-des esp-md5-hmac
crypto map IPSEC 1 match address IPSEC
crypto map IPSEC 1 set peer 61.67.1.1
crypto map IPSEC 1 set transform-set IPSEC
crypto map IPSEC interface outside
crypto isakmp enable outside
crypto isakmp policy 1
 authentication pre-share
 encryption des
 hash md5     
 group 2      
 lifetime 86400
crypto isakmp policy 65535
 authentication pre-share
 encryption 3des
 hash sha     
 group 2      
 lifetime 86400
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
!             
class-map inspection_default
 match default-inspection-traffic
!             
!             
policy-map type inspect dns preset_dns_map
 parameters   
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny  
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip  
  inspect xdmcp
!             
service-policy global_policy global
tunnel-group 61.67.1.1 type ipsec-l2l
tunnel-group 61.67.1.1 ipsec-attributes
 pre-shared-key *
tunnel-group IPSEC type ipsec-l2l
tunnel-group IPSEC ipsec-attributes
 pre-shared-key *
prompt hostname context
Cryptochecksum:d41d8cd98f00b204e9800998ecf8427e
: end

ASA IPSEC VPN配置的更多相关文章

  1. IPSEC VPN配置实例

    TL-R400VPN应用——IPSEC VPN配置实例 TL-ER6120是TP-LINK专为企业应用而开发的VPN路由器,具备强大的数据处理能力,并且支持丰富的软件功能,包括VPN.IP/MAC 地 ...

  2. cisco路由器IPSEC VPN配置(隧道模式)

    拓扑如下: R1配置hostname R1enable password cisco  crypto isakmp policy 1        #创建IKE协商策略,编号为1 encr 3des  ...

  3. windows7 自带l2tp/ipsec VPN客户端连接Cisco ASA

    搞了半天,最后发现其实很简单,在ASA默认配置的基础上,把所有crypto ipsec ikev1 transform-set 加上mode transport,然后把tunnel-group Def ...

  4. Azure Site to Site VPN 配置手册

    目录 1    Azure Site to Site VPN配置前的准备    1 1.1    设备兼容    1 1.2    网络要求和注意事项    1 2    配置Azure site t ...

  5. 跨云应用部署第一步:使用IPSEC VPN连接AWS中国版和Windows Azure中国版

    随着公有云的普及,越来越多的客户将关键应用迁移到云端.但是事实证明,没有哪家云服务提供商可以提供100%的SLA,无论是例行维护还是意外中断服务,对于客户的关键应用而言,都会受到不同程度的影响.此外, ...

  6. 利用开源软件strongSwan实现支持IKEv2的企业级IPsec VPN,并结合FreeRadius实现AAA协议(下篇)

    续篇—— 利用开源软件strongSwan实现支持IKEv2的企业级IPsec VPN,并结合FreeRadius实现AAA协议(上篇) 上篇文章写了如何构建一个支持IKEv2的VPN,本篇记录的是如 ...

  7. 架设基于StrongSwan的L2tp/IPSec VPN服务器

    架设基于StrongSwan的L2tp/IPSec VPN服务器 参考: http://agit8.turbulent.ca/bwp/2011/01/setting-up-a-vpn-server-w ...

  8. PPTPD/L2TP/IPSec VPN一键安装包 For CentOS 6

    一.一键安装PPTPD VPN 本教程适用于Openv VPS.Xen VPS或者KVM VPS. 1.首先运行如下命令: cat /dev/net/tun 返回的必须是: cat: /dev/net ...

  9. 如何在 Debian / Ubuntu 服务器上架设 L2TP / IPSec VPN

    本站的 Rio 最近在一台 Ubuntu 和一台 Debian 主机上配置了 L2TP / IPSec VPN,并在自己的博客上做了记录.原文以英文写就,我把它大致翻译了一下,结合我和 Rio 在设置 ...

随机推荐

  1. C# 中 双问号??的用法

    int? x = null;int y = x ?? -1; 这里的y不能为null,但是等于x,x为null时赋值给y会报错.?? 可以在x==null时对y赋值-1 更多相关资料:https:// ...

  2. Javascript 正确用法 二

    好的,废话不多说,接着上篇来. 变量(variables) 始终使用 var keyword来定义变量,假设不这样将会导致 变量全局化,造成污染. //bad superPower = new Sup ...

  3. Windows Azure入门教学系列 (五):使用Queue Storage

    本文是Windows Azure入门教学的第五篇文章. 本文将会介绍如何使用Queue Storage.Queue Storage提供给我们一个云端的队列.我们可以用Queue Storage来进行进 ...

  4. Zend Studio安装和使用

    Zend Studio安装和使用 工欲利其事必先利其器 1.ZendStudio 下载 下载地址:http://www.zend.com.安装就和典型的windows软件安装一样.直接next,nex ...

  5. Python中的继承

    继承: 面向对象程序语言的一个重要特点是继承.继承提供了在已存在类的基础上创建新类的方法.继承的子类 拥有被继承的父类的所有方法,在此基础上,子类还可以添加自己的专有方法.继承是类的强有力的特点.一些 ...

  6. sed正则表达式

    sed的正则匹配如何实现非贪婪? sed的正则用的是BREs/EREs,不支持非贪婪模式.当然有一些方法可以实现非贪婪,比如: $ echo abcOabcdOabc | sed 's/.*O//' ...

  7. Qt之生成Window资源文件(.rc 文件)

    简述 qmake 可以随意地自动生成一个适当填充的 Windows 资源文件.本节主要讲解如何用 qmake 处理一个 Windows 资源文件,并将其链接到一个可执行应用程序(EXE)或动态链接库( ...

  8. Effective C++:规定12:不要忘了复制的对象时,它的每一个组成部分

    (一个) 继承制度的声明: class Date {...}; class Customer { public: ... private: string name; Date lastTransact ...

  9. 《c陷阱与缺陷》笔记--移位运算

    #include <stdio.h> int main(void){ int a = 2; a >> 32; a >> -1; a << 32; a & ...

  10. setjmp和longjmp函数使用详解

    源地址:http://blog.csdn.net/zhuanshenweiliu/article/details/41961975 非局部跳转语句---setjmp和longjmp函数.非局部指的是, ...