ASA防火墙上配置Easy ***<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />

 

1、创建用户名和密码

Username wjc password 123

 

2、创建ACL和地址池

Ip local pool ***-pool 192.168.1.1-192.168.1.10

Access-list 100 permit i<?xml:namespace prefix = st1 ns = "urn:schemas-microsoft-com:office:smarttags" />p 10.10.1.0 0.0.0.255 any

 

3、创建组策略

Group-plicy ***-group-policy internal

Group-policy ***-group-policy attributes

Split-tunnel-policy tunnelspecified

Split-tunnel-network-list value 100

 

4、创建隧道组

Tunnel-group ***-tunnel-group ipsec-ra

Tunnel-group ***-tunnel-group general-attributes

Address-pool ***-pool

Default-group-policy ***-group-policy

Tunnel-group ***-tunnel-group ipsec-attributes

        Pre-shared-key groupkey

 

5、创建IKE协商

Crypto isakmp enable outside

Crypto isakmp policy 1

        Encryption aes

        Hash sha

        Authentication pre-share

        Group 2

        Exit

 

6、创建数据连接的传输集

Crypto ipsec transform-set ***-set esp-aes esp-sha-hmac

 

7、创建动态MAP

Crypto dynamic-map ***-dymap 1 set transform-set ***-set

 

8、创建静态MAP

Crypto map ***-map 1 dynamic ***-dymap

 

9、应用静态MAP

Crypto map ***-map interface outside