ASA-1配置

: Saved
:
ASA Version 8.0(2)
!
hostname ASA-1
enable password 8Ry2YjIyt7RRXU24 encrypted
names
!
interface Ethernet0/0
 nameif outside
 security-level 0
 ip address 61.67.1.1 255.255.255.0
!
interface Ethernet0/1
 nameif inside
 security-level 100
 ip address 192.168.1.254 255.255.255.0
!
interface Ethernet0/2
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet0/3
 shutdown     
 no nameif    
 no security-level
 no ip address
!             
interface Ethernet0/4
 shutdown     
 no nameif    
 no security-level
 no ip address
!             
interface Ethernet0/5
 shutdown     
 no nameif    
 no security-level
 no ip address
!             
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
access-list out-to-in extended permit icmp any any echo
access-list out-to-in extended permit icmp any any echo-reply
access-list IPSEC extended permit ip 192.168.1.0 255.255.255.0 172.16.1.0 255.255.255.0
pager lines 24
mtu outside 1500
mtu inside 1500
no failover   
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list IPSEC
nat (inside) 1 192.168.1.0 255.255.255.0
access-group out-to-in in interface outside
route outside 0.0.0.0 0.0.0.0 61.67.1.2 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set IPSEC esp-des esp-md5-hmac
crypto map IPSEC 1 match address IPSEC
crypto map IPSEC 1 set peer 202.112.1.1
crypto map IPSEC 1 set transform-set IPSEC
crypto map IPSEC interface outside
crypto isakmp enable outside
crypto isakmp policy 1
 authentication pre-share
 encryption des
 hash md5     
 group 2      
 lifetime 86400
crypto isakmp policy 65535
 authentication pre-share
 encryption 3des
 hash sha     
 group 2      
 lifetime 86400
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
!             
class-map inspection_default
 match default-inspection-traffic
!             
!             
policy-map type inspect dns preset_dns_map
 parameters   
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny  
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip  
  inspect xdmcp
!             
service-policy global_policy global
tunnel-group 202.112.1.1 type ipsec-l2l
tunnel-group 202.112.1.1 ipsec-attributes
 pre-shared-key *
tunnel-group IPSEC type ipsec-l2l
tunnel-group IPSEC ipsec-attributes
 pre-shared-key *
prompt hostname context
Cryptochecksum:d41d8cd98f00b204e9800998ecf8427e
: end

ASA-2配置:

: Saved
:
ASA Version 8.0(2)
!
hostname ASA-2
enable password 8Ry2YjIyt7RRXU24 encrypted
names
!
interface Ethernet0/0
 nameif outside
 security-level 0
 ip address 202.112.1.1 255.255.255.0
!
interface Ethernet0/1
 nameif inside
 security-level 100
 ip address 172.16.1.254 255.255.255.0
!
interface Ethernet0/2
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet0/3
 shutdown     
 no nameif    
 no security-level
 no ip address
!             
interface Ethernet0/4
 shutdown     
 no nameif    
 no security-level
 no ip address
!             
interface Ethernet0/5
 shutdown     
 no nameif    
 no security-level
 no ip address
!             
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
access-list out-to-in extended permit icmp any any echo
access-list out-to-in extended permit icmp any any echo-reply
access-list IPSEC extended permit ip 172.16.1.0 255.255.255.0 192.168.1.0 255.255.255.0
pager lines 24
mtu outside 1500
mtu inside 1500
no failover   
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list IPSEC
nat (inside) 1 172.16.1.0 255.255.255.0
access-group out-to-in in interface outside
route outside 0.0.0.0 0.0.0.0 202.112.1.2 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set IPSEC esp-des esp-md5-hmac
crypto map IPSEC 1 match address IPSEC
crypto map IPSEC 1 set peer 61.67.1.1
crypto map IPSEC 1 set transform-set IPSEC
crypto map IPSEC interface outside
crypto isakmp enable outside
crypto isakmp policy 1
 authentication pre-share
 encryption des
 hash md5     
 group 2      
 lifetime 86400
crypto isakmp policy 65535
 authentication pre-share
 encryption 3des
 hash sha     
 group 2      
 lifetime 86400
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
!             
class-map inspection_default
 match default-inspection-traffic
!             
!             
policy-map type inspect dns preset_dns_map
 parameters   
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny  
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip  
  inspect xdmcp
!             
service-policy global_policy global
tunnel-group 61.67.1.1 type ipsec-l2l
tunnel-group 61.67.1.1 ipsec-attributes
 pre-shared-key *
tunnel-group IPSEC type ipsec-l2l
tunnel-group IPSEC ipsec-attributes
 pre-shared-key *
prompt hostname context
Cryptochecksum:d41d8cd98f00b204e9800998ecf8427e
: end

ASA IPSEC VPN配置的更多相关文章

  1. IPSEC VPN配置实例

    TL-R400VPN应用——IPSEC VPN配置实例 TL-ER6120是TP-LINK专为企业应用而开发的VPN路由器,具备强大的数据处理能力,并且支持丰富的软件功能,包括VPN.IP/MAC 地 ...

  2. cisco路由器IPSEC VPN配置(隧道模式)

    拓扑如下: R1配置hostname R1enable password cisco  crypto isakmp policy 1        #创建IKE协商策略,编号为1 encr 3des  ...

  3. windows7 自带l2tp/ipsec VPN客户端连接Cisco ASA

    搞了半天,最后发现其实很简单,在ASA默认配置的基础上,把所有crypto ipsec ikev1 transform-set 加上mode transport,然后把tunnel-group Def ...

  4. Azure Site to Site VPN 配置手册

    目录 1    Azure Site to Site VPN配置前的准备    1 1.1    设备兼容    1 1.2    网络要求和注意事项    1 2    配置Azure site t ...

  5. 跨云应用部署第一步:使用IPSEC VPN连接AWS中国版和Windows Azure中国版

    随着公有云的普及,越来越多的客户将关键应用迁移到云端.但是事实证明,没有哪家云服务提供商可以提供100%的SLA,无论是例行维护还是意外中断服务,对于客户的关键应用而言,都会受到不同程度的影响.此外, ...

  6. 利用开源软件strongSwan实现支持IKEv2的企业级IPsec VPN,并结合FreeRadius实现AAA协议(下篇)

    续篇—— 利用开源软件strongSwan实现支持IKEv2的企业级IPsec VPN,并结合FreeRadius实现AAA协议(上篇) 上篇文章写了如何构建一个支持IKEv2的VPN,本篇记录的是如 ...

  7. 架设基于StrongSwan的L2tp/IPSec VPN服务器

    架设基于StrongSwan的L2tp/IPSec VPN服务器 参考: http://agit8.turbulent.ca/bwp/2011/01/setting-up-a-vpn-server-w ...

  8. PPTPD/L2TP/IPSec VPN一键安装包 For CentOS 6

    一.一键安装PPTPD VPN 本教程适用于Openv VPS.Xen VPS或者KVM VPS. 1.首先运行如下命令: cat /dev/net/tun 返回的必须是: cat: /dev/net ...

  9. 如何在 Debian / Ubuntu 服务器上架设 L2TP / IPSec VPN

    本站的 Rio 最近在一台 Ubuntu 和一台 Debian 主机上配置了 L2TP / IPSec VPN,并在自己的博客上做了记录.原文以英文写就,我把它大致翻译了一下,结合我和 Rio 在设置 ...

随机推荐

  1. 程序启动报错:ORA-12505;PL/SQL却可以登录的解决方法

    一.异常{ ORA-12505, TNS:listener does not currently know of SID given in connect descriptor The Connect ...

  2. ajax动态加载的图标

    http://www.ajaxload.info/ 这个网站可以动态生成ajax加载样式的小图片,git格式,挺不错推荐给大家

  3. 重操JS旧业第十一弹:BOM对象

    BOM对象即浏览器内置对象,现今流行的浏览器内核有Safri,Firefox,Chrome,Opera,IE其中IE的兼容性是最蛋疼的在10及其过后还好点,但是现在IE基本上淘汰,而国内像360这种垃 ...

  4. overflow:hidden与position:absolute

    在做一个下拉框的动画效果中遇到了这个bug,记录一下. 在写下拉框的动画的时候,一般我们的做法都是把下拉框的外盒子设为overflow:hidden,然后设下外层盒子高度,之后通过js慢慢的改变高度从 ...

  5. Hadoop 2.x从零基础到挑战百万年薪第一季

    鉴于目前大数据Hadoop 2.x被企业广泛使用,在实际的企业项目中需要更加深入的灵活运用,并且Hadoop 2.x是大数据平台处理 的框架的基石,尤其在海量数据的存储HDFS.分布式资源管理和任务调 ...

  6. 也谈基于NodeJS的全栈式开发(基于NodeJS的前后端分离)

    前言 为了解决传统Web开发模式带来的各种问题,我们进行了许多尝试,但由于前/后端的物理鸿沟,尝试的方案都大同小异.痛定思痛,今天我们重新思考了“前后端”的定义,引入前端同学都熟悉的NodeJS,试图 ...

  7. Linux chmod权限管理需要小心的地方

    档案的权限管理和简单,比如chmod 775 /tmp/test.sh 另外使用chmod +w /tmp/test.sh,会给档案的拥有者,群组,其他人的权限都加上了可编辑.这样就有安全隐患了.所以 ...

  8. Leetcode:find_minimum_in_rotated_sorted_array

    一.     题目 给定一个排好序的数组.数组可能是单调递增,也可能有一个变换. (i.e., 0 1 2 4 5 6 7 might become 4 5 6 7 0 1 2) 要求找出最小的数. ...

  9. twitter分享问题(四)—— Unknown error(api v1过度到V1.1产生)

    unknow error! 今天为了使用GA(谷歌分析)追踪twitter分享,又测试了一下twitter分享功能,发现又出问题(使用sharekit分享).就是“unknow error”,之前也碰 ...

  10. AllocateHWnd的作用,以及它在控件里的使用

    有TTimer,TDragObject,TClipboard用到了这个函数,具体分析,待续...