侧边栏壁纸
博主头像
落叶人生博主等级

走进秋风,寻找秋天的落叶

  • 累计撰写 130562 篇文章
  • 累计创建 28 个标签
  • 累计收到 9 条评论
标签搜索

目 录CONTENT

文章目录
系统/网络安全

ASA-to-ROUTE(静态ip)上配置IPsec ×××

2023-05-14 星期日 / 0 评论 / 0 点赞 / 87 阅读 / 2951 字

ASA端的配置ciscoasa(config)# int e0/0ciscoasa(config-if)# ip address 10.100.1.1 255.255.255.0ciscoasa(co

.

ASA端的配置
ciscoasa(config)# int e0/0
ciscoasa(config-if)# ip address 10.100.1.1 255.255.255.0
ciscoasa(config-if)# no shut
ciscoasa(config-if)# nameif inside
INFO: Security level for "inside" set to 100 by default.
ciscoasa(config)# int e0/1
ciscoasa(config-if)# ip add 11.11.11.11 255.255.255.0
ciscoasa(config-if)# no shut
ciscoasa(config-if)# nameif outside
ciscoasa(config)# crypto isakmp policy 1
ciscoasa(config-isakmp-policy)# encryption des
ciscoasa(config-isakmp-policy)# hash md5
ciscoasa(config-isakmp-policy)# authenticationpre-share

认证方式为Pre-Shared Keys (PSK)
ciscoasa(config-isakmp-policy)# group 2 密钥算法(Diffie-Hellman)为group 2
ciscoasa(config-isakmp-policy)# exit
在ASA上定义认证标识
ciscoasa(config)# tunnel-group 12.12.12.12 type ipsec-l2l
ciscoasa(config)# tunnel-group 12.12.12.12 ipsec-attributes
ciscoasa(config-tunnel-ipsec)# pre-shared-key cisco
ciscoasa(config-tunnel-ipsec)# exit

ciscoasa(config)# access-list *** permit ip 10.100.1.0255.255.255.0 10.1.1.0 255.255.255.0
在ASA上配置IPsec transform:
ciscoasa(config)# crypto ipsec transform-set quidway esp-desesp-md5-hmac
ciscoasa(config)# crypto map mymap1 match address ***
ciscoasa(config)# crypto map mymap1 set peer 12.12.12.12
ciscoasa(config)# crypto map mymap1 set transform-set quidway
在ASA上启用策略
crypto map mymap interface outside
crypto isakmp enable outside

路由器上的配置
R1(config)#int f0/0
R1(config-if)#ip add 12.12.12.12 255.255.255.0
R1(config-if)#no sh
R1(config-if)#exit
R1(config)#int f0/1
R1(config-if)#ip add 10.1.1.1 255.255.255.0
R1(config-if)#no sh
R1(config-if)#exit
R1(config)#access-list 102 permit ip 10.1.1.0 0.0.0.255 10.100.1.00.0.0.255
R1(config)#crypto isakmp policy 1
R1(config-isakmp)#encryption des
R1(config-isakmp)#hash md5
R1(config-isakmp)#authentication pre-share
R1(config-isakmp)#group 2
R1(config-isakmp)#exit
R1(config)#crypto isakmp key 0 cisco address11.11.11.11
R1(config)#crypto ipsec transform-set *** esp-desesp-md5-hmac
R1(cfg-crypto-trans)#exit
R1(config)#crypto map mymap 1 ipsec-isakmp
R1(config-crypto-map)#set peer 11.11.11.11
R1(config-crypto-map)#set transform-set ***
R1(config-crypto-map)#match address 102
R1(config-crypto-map)#exit
R1(config)#int f0/1
R1(config-if)#crypto map mymap
R1(config-if)#exit


.

赞一下 返回首页
本文链接: https://www.qiuyue.org/internet/system/64590.html
广告 广告

评论区