设为首页收藏本站language→→ 语言切换
开启辅助访问 切换到宽版

鸿鹄论坛

 找回密码
 论坛注册

QQ登录

先注册再绑定QQ

鸿鹄论坛»鸿鹄论坛 ≡□≡思科认证≡□≡ CCNA求助答疑 ASA 5505和ASA5515点对点VPN
返回列表 发新帖
查看: 683|回复: 0
收起左侧

[求助] ASA 5505和ASA5515点对点VPN

[复制链接]
dakaiyan
发表于 2017-12-15 11:52:06 | 显示全部楼层 |阅读模式
1、ASA5515配置:
access-list vpn extended permit ip 172.31.15.0 255.255.255.0 192.168.15.0 255.255.255.0
access-list vpn extended permit icmp 172.31.15.0 255.255.255.0 192.168.15.0 255.255.255.0


route outside 0.0.0.0 0.0.0.0 2.2.2.1 1
route inside 172.31.15.0 255.255.255.0 172.16.0.1 1


crypto ipsec ikev1 transform-set ESP-AES-SHA esp-aes esp-sha-hmac
crypto ipsec security-association pmtu-aging infinite
crypto map vpn_map 1 match address vpn
crypto map vpn_map 1 set peer 1.1.1.2
crypto map vpn_map 1 set ikev1 transform-set ESP-AES-SHA
crypto map vpn_map interface outside


crypto ikev1 enable outside
crypto ikev1 policy 10
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400


tunnel-group 1.1.1.2 type ipsec-l2l
tunnel-group 1.1.1.2 ipsec-attributes
ikev1 pre-shared-key *****


2、ASA5505配置:
access-list vpn extended permit ip 192.168.15.0 255.255.255.0 172.31.15.0 255.255.255.0
access-list vpn extended permit icmp 192.168.15.0 255.255.255.0 172.31.15.0 255.255.255.0
access-list nonat extended permit ip 192.168.15.0 255.255.255.0 172.31.15.0 255.255.255.0


global (outside) 1 interface
nat (inside) 0 access-list nonat
nat (inside) 1 192.168.15.0 255.255.255.0


global (outside) 1 interface
nat (inside) 0 access-list nonat
nat (inside) 1 192.168.15.0 255.255.255.0
route outside 0.0.0.0 0.0.0.0 1.1.1.1 1
route inside 192.168.15.0 255.255.255.0 172.16.0.1 1


crypto ipsec transform-set ESP-AES-SHA esp-aes esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map vpn_map 1 match address vpn
crypto map vpn_map 1 set peer 2.2.2.2
crypto map vpn_map 1 set transform-set ESP-AES-SHA
crypto map vpn_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400


tunnel-group 2.2.2.2 type ipsec-l2l
tunnel-group 2.2.2.2 ipsec-attributes
pre-shared-key *****


以上配置后,ASA5505中,show crypto isakmp sa
   Active SA: 1
    Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)
Total IKE SA: 1

1   IKE Peer: 2.2.2.2
    Type    : L2L             Role    : initiator
    Rekey   : no              State   : MM_ACTIVE
1.png
回复

使用道具 举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 论坛注册

本版积分规则

QQ|Archiver|手机版|小黑屋|sitemap|鸿鹄论坛 ( 京ICP备14027439号 )  

GMT+8, 2024-4-27 04:09 , Processed in 0.052849 second(s), 9 queries , Redis On.  

  Powered by Discuz!

  © 2001-2024 HH010.COM

快速回复 返回顶部 返回列表