需求:Remote作为分公司拨入ASA为边界的公司总部,且分公司内部的Inside2要与总公司内部的Inside1互访。PC为员工在家办公使用接入内网配置:ASA红字为新版本需要添加的ikev1字段t
.
需求:
Remote作为分公司拨入ASA为边界的公司总部,且分公司内部的Inside2要与总公司内部的Inside1互访。
PC为员工在家办公使用接入内网
配置:
ASA
红字为新版本需要添加的ikev1字段
.tunnel-group remote type remote-accesstunnel-group remote general-attributes
address-pool remote
tunnel-group remote ipsec-attributes
ikev1 pre-shared-key remote.!..username blcoffe password blcoffe..!..crypto ikev1 enable Outside
crypto ikev1 policy 10
authentication pre-share
encryption 3des
hash md5
group 2
!..crypto ipsec ikev1 transform-set cisco esp-des esp-md5-hmac.crypto dynamic-map dymap 10 set ikev1transform-set cisco
.crypto dynamic-map dymap 10 set reverse-route..!
crypto map cisco 10 ipsec-isakmp dynamic dymap
crypto map cisco interface Outside
Remote
crypto ipsec client ez*** remote
connect manual
group remote key cisco
mode network-plus
peer 202.100.1.1
手工拨入:
Remote#crypto ipsec client ez*** connect
*Mar 1 01:15:40.615: EZ×××(remote): Pending XAuth Request, Please enter the following command:
*Mar 1 01:15:40.615: EZ×××: crypto ipsec client ez*** xauth
Remote#crypto ipsec client ez*** xauth
Username: remote
Password:
注意配置ez***硬件客户端一定要在接口指定好
interface FastEthernet0/1
crypto ipsec client ez*** remote inside
interface FastEthernet0/0
crypto ipsec client ez*** remote outside
切不可配置上就着急测试,测试时最好在Inside2的位置测试,如果在remote路由器测试ping要加上源接口,如ping 10.1.1.1 so f0/1
...