ASA 实现SSLVPN访问
三种操作模式:
2. 瘦客户端模式。
大s承认已怀三胎3. 胖客户端模式。
服务器端为ASA的SSL VPN配置:
5. 启用WebVPN和SSLVPN: webvpn
enable outside
svc image disk0:/sslclient-win-1.1.3.173.pkg
svc enable
6. 定义地址池:ip local pool vpn_pool 192.168.1.10-192.168.1.100
8. 定义组策略:group-policy vpn_policy internal
group-policy vpn_policy attributes
柯震东爸爸 vpn-tunnel-protocol webvpn svc
split-tunnel-policy tunnelspecified
split-tunnel-network-list value 100
webvpn
svc ask enable
9. 建立隧道组:tunnel-group vpn_group type webvpn
tunnel-group vpn_group general-attributes
address-pool vpn_pool
default-group-policy vpn_policy
exit
春节发红包的吉利数字 tunnel-group vpn_group webvpn-attributes
group-alias groups enable
面试 自我介绍 exit
webvpn
tunnel-group-list enable
服务器端为路由器的SSL VPN配置:
10. 安装SVC软件:format flash:
copy tftp flash:
webvpn install svc flash:/sslclient-win-1.1.3.173.pkg
11. 定义3A:aaa new-model
aaa authentication login vpn_authen local
username cisco password cisco金晨工作室声明
狮子王212. 启用WebVPN,产生自签名证书:webvpn gateway vpn_gateway
ip address 200.1.1.1 port 443
inservice
13. 定义IP地址池:ip local pool vpn_pool 192.168.1.10 192.168.1.100
interface loopback 0
ip address 192.168.1.254 255.255.255.0
14. 建立WebVPN环境:webvpn context vpn_context
gateway vpn_gateway domain domainname
aaa authentication list vpn_authen
inservice
15. 定义组策略:webvpn context vpn_context
policy group vpn_policy
functions svc-enabled
svc address-pool vpn_pool
svc split include 10.10.1.0 255.255.255.0
exit
default-group-policy vpn_policy
16. 相关命令:show webvpn session context all
发布评论