思科ASA5510防火墙 SSL VPN配置

luckyboss

! hostname cisco enable password 2OU enable names ! interface Ethernet0/0 nameif outside security-level 0 ip address 211.148.X.X 255.255.255.240 ! interface E ..
!
hostname cisco
enable password 2OU enable
names
!
interface Ethernet0/0
nameif outside
security-level 0
ip address 211.148.X.X 255.255.255.240  
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 192.168.1.39 255.255.252.0  
!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/3

shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif management
security-level 100
ip address 10.10.10.254 255.255.255.0  
management-only
!
passwd 2KFQnbNIdI.2KYOU enable
ftp mode passive
clock timezone HKST 8
access-list no_nat extended permit ip any 192.168.5.0 255.255.255.0  
pager lines 24
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu management 1500
ip local pool vpnclientpool 192.168.5.1-192.168.5.254 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-603.bin
no asdm history enable
arp timeout 14400
nat (inside) 0 access-list no_nat
route outside 0.0.0.0 0.0.0.0 211.148.142.85 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 10.10.10.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ca trustpoint localtrust
enrollment self
fqdn x.y.com
subject-name CN=211.148.X.X
ip-address 211.148.X.X
keypair sslvpnkey
crl configure
crypto ca certificate chain localtrust
certificate 31
    30820222 3082018b a0030201 02020131 300d0609 2a864886 f70d0101 04050030  
    57311830 16060355 0403130f 3231312e 3134382e 3134322e 31333931 3b301b06  
    092a8648 86f70d01 0902160e 6b646761 73612e6b 64672e63 6f6d301c 06092a86  
    4886f70d 01090813 0f323131 2e313438 2e313432 2e313339 301e170d 31313033  
    31303134 33373338 5a170d32 31303330 37313433 3733385a 30573118 30160603  
    55040313 0f323131 2e313438 2e313432 2e313339 313b301b 06092a86 4886f70d  
    01090216 0e6b6467 6173612e 6b64672e 636f6d30 1c06092a 864886f7 0d010908  
    130f3231 312e3134 382e3134 322e3133 3930819f 300d0609 2a864886 f70d0101  
    01050003 818d0030 81890281 8100d0da e7d62022 fb09db57 3fa1d975 58f4e3cd  
    ff506eaf 554c5938 b08d0379 1579766b 94f70213 6bb50044 57bb64df 027599ce  
    43127e6d 157c2ee7 d73ddf6b c08e7b54 10556af6 eef9b83d 69cc03f2 49df2edb  
    229d4404 6324d2d3 b031014b 0780139a 68d4bce5 6cb1f61c 28bad07b 67a9ded7  
    2a987d5a 5b0413d7 92d313e3 e17f0203 01000130 0d06092a 864886f7 0d010104  
    05000381 81003084 ef79b180 9a3ccb5b 49960864 db561f82 5e0d4f28 9913310e  
    f1c1cdde 6b24dbb3 d58d7ec3 fa912887 f90fa48d a2abc329 739c5419 3c83bfb3  
    68f820aa a452e982 5eed6657 b4b20a97 a55760a8 ac1248e4 62c97807 e69c4aca  
    c4c99c1e 8852c833 f42d96df e38be6d0 7baff03a b8be99c3 1e65f0ac eb32f7e1  
    a51f241e 625a
  quit
no crypto isakmp nat-traversal
no vpn-addr-assign aaa
no vpn-addr-assign dhcp
telnet timeout 5
ssh timeout 5
console timeout 0

threat-detection basic-threat
threat-detection statistics access-list
ssl trust-point localtrust outside
webvpn
enable outside
svc image disk0:/sslclient-win-1.1.4.179-anyconnect.pkg 1
svc enable
group-policy sslvpn_gp01 internal
group-policy sslvpn_gp01 attributes
dns-server value 192.168.1.3
vpn-tunnel-protocol svc  
default-domain value kdg.com
address-pools value vpnclientpool
webvpn
  svc keep-installer installed
  svc ask enable default svc
username test01 password iFBLEO4jejJz4.OK encrypted
username test01 attributes
vpn-group-policy sslvpn_gp01
service-type remote-access
tunnel-group sslclient_tg01 type remote-access
tunnel-group sslclient_tg01 general-attributes
default-group-policy sslvpn_gp01
tunnel-group sslclient_tg01 webvpn-attributes

group-alias SSL_VPN_01 enable
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
  message-length maximum 512
policy-map global_policy
class inspection_default
  inspect dns preset_dns_map  
  inspect ftp  
  inspect h323 h225  
  inspect h323 ras  
  inspect rsh  
  inspect rtsp  
  inspect esmtp  
  inspect sqlnet  
  inspect skinny   
  inspect sunrpc  
  inspect xdmcp  
  inspect sip   
  inspect netbios  
  inspect tftp  
!
service-policy global_policy global
prompt hostname context  
Cryptochecksum:2b4a1598043d89d336495e3ba775394f

/cy熊哥哥/cy

不错，学习了

有一诱惑叫黑夜

zim519

独侠

看不懂啊，有说明的不？谢谢！

shaoyung

别叫我小胖

太棒了，感谢楼主

别叫我小胖

太棒了，感谢楼主

phil

Thanks for your information.

a969220642

Thanks for your information.

peilixiaoyao

Thanks for your information.