ASA-1配置

: Saved
:
ASA Version 8.0(2)
!
hostname ASA-1
enable password 8Ry2YjIyt7RRXU24 encrypted
names
!
interface Ethernet0/0
 nameif outside
 security-level 0
 ip address 61.67.1.1 255.255.255.0
!
interface Ethernet0/1
 nameif inside
 security-level 100
 ip address 192.168.1.254 255.255.255.0
!
interface Ethernet0/2
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet0/3
 shutdown     
 no nameif    
 no security-level
 no ip address
!             
interface Ethernet0/4
 shutdown     
 no nameif    
 no security-level
 no ip address
!             
interface Ethernet0/5
 shutdown     
 no nameif    
 no security-level
 no ip address
!             
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
access-list out-to-in extended permit icmp any any echo
access-list out-to-in extended permit icmp any any echo-reply
access-list IPSEC extended permit ip 192.168.1.0 255.255.255.0 172.16.1.0 255.255.255.0
pager lines 24
mtu outside 1500
mtu inside 1500
no failover   
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list IPSEC
nat (inside) 1 192.168.1.0 255.255.255.0
access-group out-to-in in interface outside
route outside 0.0.0.0 0.0.0.0 61.67.1.2 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set IPSEC esp-des esp-md5-hmac
crypto map IPSEC 1 match address IPSEC
crypto map IPSEC 1 set peer 202.112.1.1
crypto map IPSEC 1 set transform-set IPSEC
crypto map IPSEC interface outside
crypto isakmp enable outside
crypto isakmp policy 1
 authentication pre-share
 encryption des
 hash md5     
 group 2      
 lifetime 86400
crypto isakmp policy 65535
 authentication pre-share
 encryption 3des
 hash sha     
 group 2      
 lifetime 86400
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
!             
class-map inspection_default
 match default-inspection-traffic
!             
!             
policy-map type inspect dns preset_dns_map
 parameters   
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny  
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip  
  inspect xdmcp
!             
service-policy global_policy global
tunnel-group 202.112.1.1 type ipsec-l2l
tunnel-group 202.112.1.1 ipsec-attributes
 pre-shared-key *
tunnel-group IPSEC type ipsec-l2l
tunnel-group IPSEC ipsec-attributes
 pre-shared-key *
prompt hostname context
Cryptochecksum:d41d8cd98f00b204e9800998ecf8427e
: end

ASA-2配置:

: Saved
:
ASA Version 8.0(2)
!
hostname ASA-2
enable password 8Ry2YjIyt7RRXU24 encrypted
names
!
interface Ethernet0/0
 nameif outside
 security-level 0
 ip address 202.112.1.1 255.255.255.0
!
interface Ethernet0/1
 nameif inside
 security-level 100
 ip address 172.16.1.254 255.255.255.0
!
interface Ethernet0/2
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet0/3
 shutdown     
 no nameif    
 no security-level
 no ip address
!             
interface Ethernet0/4
 shutdown     
 no nameif    
 no security-level
 no ip address
!             
interface Ethernet0/5
 shutdown     
 no nameif    
 no security-level
 no ip address
!             
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
access-list out-to-in extended permit icmp any any echo
access-list out-to-in extended permit icmp any any echo-reply
access-list IPSEC extended permit ip 172.16.1.0 255.255.255.0 192.168.1.0 255.255.255.0
pager lines 24
mtu outside 1500
mtu inside 1500
no failover   
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list IPSEC
nat (inside) 1 172.16.1.0 255.255.255.0
access-group out-to-in in interface outside
route outside 0.0.0.0 0.0.0.0 202.112.1.2 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set IPSEC esp-des esp-md5-hmac
crypto map IPSEC 1 match address IPSEC
crypto map IPSEC 1 set peer 61.67.1.1
crypto map IPSEC 1 set transform-set IPSEC
crypto map IPSEC interface outside
crypto isakmp enable outside
crypto isakmp policy 1
 authentication pre-share
 encryption des
 hash md5     
 group 2      
 lifetime 86400
crypto isakmp policy 65535
 authentication pre-share
 encryption 3des
 hash sha     
 group 2      
 lifetime 86400
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
!             
class-map inspection_default
 match default-inspection-traffic
!             
!             
policy-map type inspect dns preset_dns_map
 parameters   
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny  
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip  
  inspect xdmcp
!             
service-policy global_policy global
tunnel-group 61.67.1.1 type ipsec-l2l
tunnel-group 61.67.1.1 ipsec-attributes
 pre-shared-key *
tunnel-group IPSEC type ipsec-l2l
tunnel-group IPSEC ipsec-attributes
 pre-shared-key *
prompt hostname context
Cryptochecksum:d41d8cd98f00b204e9800998ecf8427e
: end

ASA IPSEC VPN配置的更多相关文章

  1. IPSEC VPN配置实例

    TL-R400VPN应用——IPSEC VPN配置实例 TL-ER6120是TP-LINK专为企业应用而开发的VPN路由器,具备强大的数据处理能力,并且支持丰富的软件功能,包括VPN.IP/MAC 地 ...

  2. cisco路由器IPSEC VPN配置(隧道模式)

    拓扑如下: R1配置hostname R1enable password cisco  crypto isakmp policy 1        #创建IKE协商策略,编号为1 encr 3des  ...

  3. windows7 自带l2tp/ipsec VPN客户端连接Cisco ASA

    搞了半天,最后发现其实很简单,在ASA默认配置的基础上,把所有crypto ipsec ikev1 transform-set 加上mode transport,然后把tunnel-group Def ...

  4. Azure Site to Site VPN 配置手册

    目录 1    Azure Site to Site VPN配置前的准备    1 1.1    设备兼容    1 1.2    网络要求和注意事项    1 2    配置Azure site t ...

  5. 跨云应用部署第一步:使用IPSEC VPN连接AWS中国版和Windows Azure中国版

    随着公有云的普及,越来越多的客户将关键应用迁移到云端.但是事实证明,没有哪家云服务提供商可以提供100%的SLA,无论是例行维护还是意外中断服务,对于客户的关键应用而言,都会受到不同程度的影响.此外, ...

  6. 利用开源软件strongSwan实现支持IKEv2的企业级IPsec VPN,并结合FreeRadius实现AAA协议(下篇)

    续篇—— 利用开源软件strongSwan实现支持IKEv2的企业级IPsec VPN,并结合FreeRadius实现AAA协议(上篇) 上篇文章写了如何构建一个支持IKEv2的VPN,本篇记录的是如 ...

  7. 架设基于StrongSwan的L2tp/IPSec VPN服务器

    架设基于StrongSwan的L2tp/IPSec VPN服务器 参考: http://agit8.turbulent.ca/bwp/2011/01/setting-up-a-vpn-server-w ...

  8. PPTPD/L2TP/IPSec VPN一键安装包 For CentOS 6

    一.一键安装PPTPD VPN 本教程适用于Openv VPS.Xen VPS或者KVM VPS. 1.首先运行如下命令: cat /dev/net/tun 返回的必须是: cat: /dev/net ...

  9. 如何在 Debian / Ubuntu 服务器上架设 L2TP / IPSec VPN

    本站的 Rio 最近在一台 Ubuntu 和一台 Debian 主机上配置了 L2TP / IPSec VPN,并在自己的博客上做了记录.原文以英文写就,我把它大致翻译了一下,结合我和 Rio 在设置 ...

随机推荐

  1. 基于visual Studio2013解决面试题之1105字符串压缩

     题目

  2. Codeforces Round #254 (Div. 2)D(预计)

    D. DZY Loves FFT time limit per test 1 second memory limit per test 256 megabytes input standard inp ...

  3. PHP 的解压缩ZipArchive中的extractTo()方法 LINUX+nginx环境中解压zip时文件丢失的问题

    在项目中要用ZipArchive解压ZIP文件,起初測试环境在WINDOWS平台中,測试通过,换到 LINUX+nginx 的环境中时 就出问题了(ZIP包中有文件和目录一共3百多个文件,大部分是带汉 ...

  4. C#.Net操作XML方法二

    上面那篇博客,在上面那面博客中是通过System.Xml命名空间中的类来实现对XML文件的创建.删除和改动等操作.接下来再介绍一种方法,在整个的操作过程中,仅仅只是换了个类而已,没什么大惊小怪的. D ...

  5. Javascript 正确用法 二

    好的,废话不多说,接着上篇来. 变量(variables) 始终使用 var keyword来定义变量,假设不这样将会导致 变量全局化,造成污染. //bad superPower = new Sup ...

  6. C#中System.Globalization.DateTimeFormatInfo.InvariantInfo怎么用

    原文  C#中System.Globalization.DateTimeFormatInfo.InvariantInfo怎么用 在开发的时候,碰到下面这样一个问题: 在程序中显示当前系统时间,但是有一 ...

  7. CSS中的!important属性用法

    关于CSS的运用技巧有很多, 今天主要探讨一下CSS中 !important 这个属性的用法.在CSS的使用中,遇到最多的问题就是不同浏览器之间的兼容问题. 由于IE并不严格执行W3C标准, 而又几乎 ...

  8. hdu4708

    Rotation Lock Puzzle Time Limit: 2000/1000 MS (Java/Others)    Memory Limit: 32768/32768 K (Java/Oth ...

  9. Basic4android:多功能的Android应用软件快速开发平台

    Basic4android 是目前最简单.最强大的Android平台快速应用开发工具. ( "Basic4android is the simplest and most powerful ...

  10. 怎样手势的判断android GestureDetector在android开发中

    import android.app.Activity; import android.os.Bundle; import android.util.Log; import android.view. ...