本站已运行
-
作者: 蓝天泪
查看: 854|回复: 14
主题标签Tag
more +今日重磅推荐Recommend No.1
所有IT类厂商认证考试题库下载more +社区更新Forums
- EVE镜像全套 84G
- CCIE思科运营商SP高级实验拓扑模拟器Dynamips
- EVE-NG收集的全套资料,你想要的都有。
- Unetlab/Superlab 模拟器的又一神器现身 0.8.5-90 汉化版 有兴趣的朋友可以搞一搞
- dynamips安装使用手把手视频教程--by网络刀客
- 华为esightV300R007C00SPC300 windows版64位
- 30G 超强模拟器eve-ng完整安装程序v2.0.3.60+30个QEMU+新手上路攻略
- 华为 eNSP V100R003C00SPC200T 网络模拟器
- 思科CCNA最佳模拟器 Cisco Packet Tracer 6.1 for Windows 教师版
- 红头发CCNP经典视频全套完整版(路由+交换+远程接入+排错)(共73集)路由21-23
more +随机图赏Gallery
【新盟教育】2023最新华为HCIA全套视频合集【网工基础全覆盖】---国sir公开课合集
【新盟教育】网工小白必看的!2023最新版华为认证HCIA Datacom零基础全套实战课
原创_超融合自动化运维工具cvTools
重量级~~30多套JAVA就业班全套 视频教程(请尽快下载,链接失效后不补)
链接已失效【超过几百G】EVE 国内和国外镜像 全有了 百度群分享
某linux大佬,积累多年的电子书(约300本)
乾颐堂现任明教教主Python完整版
乾颐堂 教主技术进化论 2018-2019年 最新31-50期合集视频(各种最新技术杂谈视频)
Python学习视频 0起点视频 入门到项目实战篇 Python3.5.2视频教程 共847集 能学102天
约21套Python视频合集 核心基础视频教程(共310G,已压缩)
最新20180811录制 IT爱好者-清风羽毛 - 网络安全IPSec VPN实验指南视频教程
最新20180807录制EVE开机自启动虚拟路由器并桥接物理网卡充当思科路由器
[配置案例] ASA5510与Router建立IPSEC Dynamic VPN.pdf
[复制链接]
|
 思科防火墙对接VPN案例
ASA5510与Router建立IPSEC Dynamic VPN.pdf 
路由器配置: 路由器上网配置不作解释,但是有一点需要注意,感兴趣流的配置需要在nat 中deny,后放行才行。 ip nat inside source list nat interface Dialer1 overload //PAT 配置 ip access-list extended nat deny ip 192.168.0.0 0.0.255.255 188.188.188.0 0.0.0.255 //先将感兴趣流 拒绝,不让它走NAT permit ip any any //放行上网流量 VPN 配置: crypto isakmp policy 1 encr 3des hash sha authentication pre-share group 2 crypto isakmp key cisco123 address 157.255.21.33(ASA 防火墙固定公网 地址) crypto ipsec transform-set ccie esp-3des esp-sha-hmac //配置转换集 crypto map l2l 1 ipsec-isakmp set peer 157.255.21.33 set transform set transformset transform set transform set transform -set set ccie match address match address match address match address match address match address match address match address 100100100 interface Dialer1interface Dialer1interface Dialer1interface Dialer1interface Dialer1interface Dialer1 interface Dialer1 interface Dialer1interface Dialer1 crypto map l2l crypto map l2l crypto map l2lcrypto map l2lcrypto map l2lcrypto map l2l crypto map l2lcrypto map l2l // 在接口上应用此映射 access access -list list list list 100 permit ip permit ip permit ip permit ip permit ip permit ip permit ip 192.168.0.0192.168.0.0192.168.0.0192.168.0.0192.168.0.0192.168.0.0192.168.0.0192.168.0.0192.168.0.0192.168.0.0 (本地 IP 段) 0.0.255.255 0.0.255.255 0.0.255.255 0.0.255.255 0.0.255.255 0.0.255.255 0.0.255.255 0.0.255.255 0.0.255.255 0.0.255.255 188.188.188.0 188.188.188.0 188.188.188.0 188.188.188.0 188.188.188.0 188.188.188.0 188.188.188.0 188.188.188.0 188.188.188.0 188.188.188.0 188.188.188.0 (远端 (远端 IP 段) 0.0.0.2550.0.0.255 0.0.0.255 0.0.0.255 0.0.0.2550.0.0.255 // 感兴趣流 ASA 配置 ASAASA 上网配置不作解释,在有 上网配置不作解释,在有 NATNATNAT的防火墙上,需要配置 的防火墙上,需要配置 NATNATNAT旁路。 NATNATNAT旁路配置 (不能让这部分流量走 (不能让这部分流量走 NATNATNAT) object network inside_offices_networkobject network inside_offices_object network inside_offices_networkobject network inside_offices_object network inside_offices_networkobject network inside_offices_networkobject network inside_offices_networkobject network inside_offices_object network inside_offices_networkobject network inside_offices_object network inside_offices_networkobject network inside_offices_networkobject network inside_offices_networkobject network inside_offices_object network inside_offices_networkobject network inside_offices_object network inside_offices_object network inside_offices_networkobject network inside_offices_object network inside_offices_networkobject network inside_offices_networkobject network inside_offices_object network inside_offices_subnet 188.188.188.0 255.255.255.0 subnet 188.188.188.0 255.255.255.0subnet 188.188.188.0 255.255.255.0 subnet 188.188.188.0 255.255.255.0subnet 188.188.188.0 255.255.255.0subnet 188.188.188.0 255.255.255.0 subnet 188.188.188.0 255.255.255.0subnet 188.188.188.0 255.255.255.0subnet 188.188.188.0 255.255.255.0 subnet 188.188.188.0 255.255.255.0subnet 188.188.188.0 255.255.255.0subnet 188.188.188.0 255.255.255.0 subnet 188.188.188.0 255.255.255.0subnet 188.188.188.0 255.255.255.0subnet 188.188.188.0 255.255.255.0subnet 188.188.188.0 255.255.255.0subnet 188.188.188.0 255.255.255.0subnet 188.188.188.0 255.255.255.0subnet 188.188.188.0 255.255.255.0subnet 188.188.188.0 255.255.255.0subnet 188.188.188.0 255.255.255.0subnet 188.188.188.0 255.255.255.0subnet 188.188.188.0 255.255.255.0subnet 188.188.188.0 255.255.255.0subnet 188.188.188.0 255.255.255.0subnet 188.188.188.0 255.255.255.0 object network vpnobject network vpn object network vpnobject network vpn object network vpnobject network vpnobject network vpnobject network vpn object network vpnobject network vpn object network vpnobject network vpnobject network vpn subnet 192.168.0.0 255.255.0.0 subnet 192.168.0.0 255.255.0.0subnet 192.168.0.0 255.255.0.0 subnet 192.168.0.0 255.255.0.0subnet 192.168.0.0 255.255.0.0subnet 192.168.0.0 255.255.0.0 subnet 192.168.0.0 255.255.0.0subnet 192.168.0.0 255.255.0.0subnet 192.168.0.0 255.255.0.0 subnet 192.168.0.0 255.255.0.0subnet 192.168.0.0 255.255.0.0subnet 192.168.0.0 255.255.0.0subnet 192.168.0.0 255.255.0.0subnet 192.168.0.0 255.255.0.0subnet 192.168.0.0 255.255.0.0subnet 192.168.0.0 255.255.0.0 subnet 192.168.0.0 255.255.0.0subnet 192.168.0.0 255.255.0.0subnet 192.168.0.0 255.255.0.0 subnet 192.168.0.0 255.255.0.0 nat nat nat (inside,outside) source static inside_offices_network (inside,outside) source static inside_offices_network (inside,outside) source static inside_offices_network (inside,outside) source static inside_offices_network (inside,outside) source static inside_offices_network (inside,outside) source static inside_offices_network (inside,outside) source static inside_offices_network (inside,outside) source static inside_offices_network (inside,outside) source static inside_offices_network (inside,outside) source static inside_offices_network (inside,outside) source static inside_offices_network (inside,outside) source static inside_offices_network (inside,outside) source static inside_offices_network (inside,outside) source static inside_offices_network (inside,outside) source static inside_offices_network (inside,outside) source static inside_offices_network (inside,outside) source static inside_offices_network (inside,outside) source static inside_offices_network (inside,outside) source static inside_offices_network (inside,outside) source static inside_offices_network (inside,outside) source static inside_offices_network (inside,outside) source static inside_offices_network (inside,outside) source static inside_offices_network (inside,outside) source static inside_offices_network (inside,outside) source static inside_offices_network (inside,outside) source static inside_offices_network (inside,outside) source static inside_offices_network (inside,outside) source static inside_offices_network (inside,outside) source static inside_offices_network (inside,outside) source static inside_offices_network (inside,outside) source static inside_offices_network (inside,outside) source static inside_offices_network (inside,outside) source static inside_offices_network (inside,outside) source static inside_offices_network inside_offices_network destination static vpn vpninside_offices_network destination static vpn vpninside_offices_network destination static vpn inside_offices_network destination static vpn vpninside_offices_network destination static vpn vpninside_offices_network destination static vpn inside_offices_network destination static vpn vpninside_offices_network destination static vpn inside_offices_network destination static vpn vpninside_offices_network destination static vpn inside_offices_network destination static vpn vpninside_offices_network destination static vpn vpninside_offices_network destination static vpn vpninside_offices_network destination static vpn vpninside_offices_network destination static vpn inside_offices_network destination static vpn inside_offices_network destination static vpn vpninside_offices_network destination static vpn vpninside_offices_network destination static vpn inside_offices_network destination static vpn vpninside_offices_network destination static vpn vpninside_offices_network destination static vpn vpninside_offices_network destination static vpn vpninside_offices_network destination static vpn inside_offices_network destination static vpn inside_offices_network destination static vpn vpninside_offices_network destination static vpn inside_offices_network destination static vpn vpninside_offices_network destination static vpn inside_offices_network destination static vpn vpninside_offices_network destination static vpn vpninside_offices_network destination static vpn VPNVPN 配置: crypto ikev1 policy 1 crypto ikev1 policy 1 crypto ikev1 policy 1crypto ikev1 policy 1crypto ikev1 policy 1crypto ikev1 policy 1crypto ikev1 policy 1crypto ikev1 policy 1crypto ikev1 policy 1crypto ikev1 policy 1crypto ikev1 policy 1 crypto ikev1 policy 1crypto ikev1 policy 1crypto ikev1 policy 1 crypto ikev1 policy 1 authentication pre authentication preauthentication pre authentication preauthentication preauthentication preauthentication preauthentication pre authentication pre-share share encryption 3desencryption 3desencryption 3des encryption 3des encryption 3desencryption 3desencryption 3desencryption 3desencryption 3des encryption 3des hash shahash sha hash shahash shahash sha group 2 group 2group 2group 2group 2group 2 lifetime 86400lifetime 86400lifetime 86400 lifetime 86400 lifetime 86400lifetime 86400lifetime 86400lifetime 86400lifetime 86400lifetime 86400lifetime 86400lifetime 86400 crypto ipsec ikev1 transform crypto ipsec ikev1 transform crypto ipsec ikev1 transformcrypto ipsec ikev1 transformcrypto ipsec ikev1 transformcrypto ipsec ikev1 transform crypto ipsec ikev1 transformcrypto ipsec ikev1 transformcrypto ipsec ikev1 transformcrypto ipsec ikev1 transformcrypto ipsec ikev1 transformcrypto ipsec ikev1 transformcrypto ipsec ikev1 transform crypto ipsec ikev1 transformcrypto ipsec ikev1 transformcrypto ipsec ikev1 transform crypto ipsec ikev1 transform -set set ccie espesp -3des esp3des esp 3des esp 3des esp -sha -hmac hmac hmac hmac crypto dynamic crypto dynamic crypto dynamiccrypto dynamiccrypto dynamic crypto dynamic crypto dynamic-map dymap 1 set ikev1 transformmap dymap 1 set ikev1 transform map dymap 1 set ikev1 transformmap dymap 1 set ikev1 transform map dymap 1 set ikev1 transform map dymap 1 set ikev1 transformmap dymap 1 set ikev1 transform map dymap 1 set ikev1 transformmap dymap 1 set ikev1 transformmap dymap 1 set ikev1 transformmap dymap 1 set ikev1 transformmap dymap 1 set ikev1 transformmap dymap 1 set ikev1 transformmap dymap 1 set ikev1 transformmap dymap 1 set ikev1 transform map dymap 1 set ikev1 transform map dymap 1 set ikev1 transform -set set ccie crypto dynamic crypto dynamic crypto dynamiccrypto dynamiccrypto dynamic crypto dynamic crypto dynamic-map dymap 1 set reversemap dymap 1 set reverse map dymap 1 set reversemap dymap 1 set reverse map dymap 1 set reverse map dymap 1 set reversemap dymap 1 set reverse map dymap 1 set reversemap dymap 1 set reversemap dymap 1 set reversemap dymap 1 set reversemap dymap 1 set reversemap dymap 1 set reversemap dymap 1 set reverse -routerouterouterouteroute crypto map crypto map crypto map crypto map crypto map crypto map mymapmymap mymap 10 ipsec10 ipsec10 ipsec10 ipsec10 ipsec -isakmp dynamic isakmp dynamic isakmp dynamic isakmp dynamic isakmp dynamic isakmp dynamic isakmp dynamic isakmp dynamic dymap dymap crypto map crypto map crypto map crypto map crypto map crypto map mymapmymap mymap interface outsideinterface outsideinterface outsideinterface outsideinterface outsideinterface outside interface outsideinterface outsideinterface outside interface outsideinterface outside crypto ikev1 enable outside crypto ikev1 enable outside crypto ikev1 enable outsidecrypto ikev1 enable outsidecrypto ikev1 enable outsidecrypto ikev1 enable outsidecrypto ikev1 enable outsidecrypto ikev1 enable outsidecrypto ikev1 enable outsidecrypto ikev1 enable outsidecrypto ikev1 enable outsidecrypto ikev1 enable outsidecrypto ikev1 enable outside crypto ikev1 enable outsidecrypto ikev1 enable outsidecrypto ikev1 enable outsidecrypto ikev1 enable outsidecrypto ikev1 enable outside crypto ikev1 enable outsidecrypto ikev1 enable outside sysopt connection per sysopt connection persysopt connection per sysopt connection persysopt connection persysopt connection persysopt connection per sysopt connection persysopt connection persysopt connection persysopt connection persysopt connection per sysopt connection permitmitmit-vpnvpn // 默认自动放行 默认自动放行 VPNVPN 解密后所有流量 tunnel tunneltunneltunnel-group DefaultL2LGroup ipsec group DefaultL2LGroup ipsecgroup DefaultL2LGroup ipsecgroup DefaultL2LGroup ipsecgroup DefaultL2LGroup ipsecgroup DefaultL2LGroup ipsec group DefaultL2LGroup ipsec group DefaultL2LGroup ipsecgroup DefaultL2LGroup ipsec group DefaultL2LGroup ipsecgroup DefaultL2LGroup ipsecgroup DefaultL2LGroup ipsecgroup DefaultL2LGroup ipsecgroup DefaultL2LGroup ipsecgroup DefaultL2LGroup ipsecgroup DefaultL2LGroup ipsec group DefaultL2LGroup ipsecgroup DefaultL2LGroup ipsec -attributes attributes attributesattributes attributesattributesattributes ikev1 preikev1 preikev1 preikev1 preikev1 preikev1 preikev1 pre ikev1 pre-shared sharedshared-key key key cisco123 cisco123 cisco123cisco123cisco123cisco123 附 链接:https://pan.baidu.com/s/1i4X2hHb 密码:
购买主题
已有 1 人购买
本主题需向作者支付 20 金币 才能浏览
|
相关帖子
 |
| |
| |
| |
| |
| |
| |
| |
