1、启用SSL ×××访问:web***enable outsidesvc p_w_picpath disk0:/anyconnect-win-2.4.1012-k9.pkg 1svc enablet
.
1、启用SSL ×××访问:
web***
enable outside
svc p_w_picpath disk0:/anyconnect-win-2.4.1012-k9.pkg 1
svc enable
tunnel-group-list enable
2、建立SSL ×××拨号地址池:
ip local pool SSLClientPool 10.1.2.55-10.1.2.59 mask 255.255.255.0
3、创建组策略:
group-policy SSL×××Policy internal
group-policy SSL×××Policy attributes
dns-server value 10.1.2.35 10.1.2.140
***-tunnel-protocol svc web***
default-domain value Antec-Beijing.com
web***
url-list none
svc keep-installer installed
svc ask enable
4、创建连接配置文件和隧道组:
tunnel-group SSL×××Profile type remote-access
tunnel-group SSL×××Profile general-attributes
address-pool SSLClientPool
default-group-policy SSL×××Policy
tunnel-group SSL×××Profile web***-attributes
group-alias SSL×××Client enable
5、配置用户账户:
username chris password bjitQWE123 encrypted privilege 0
username chris attributes
***-group-policy SSL×××Policy
service-type remote-access
6、配置隧道分离:
access-list SplitTunnelList standard permit 10.1.2.0 255.255.255.0
group-policy SSL×××Policy attributes
split-tunnel-policy tunnelspecified
split-tunnel-network-list value SplitTunnelList
7、配置NAT免除:
access-list inside_nat0_outbound extended permit ip 10.1.2.0 255.255.255.0 10.1.2.0 255.255.255.0
nat (inside) 0 access-list inside_nat0_outbound
