Easy VPN with an PIX 515E as the Server and ASA 5505 as the Client (NEM) Configuration Example

来源:本站原创 Linux 超过660 views围观 0条评论

5429370825788692275[1]

ASA 5505 – Easy VPN Remote Hardware Client

ciscoasa#write terminal

:

ASA Version 8.0(2)

!

hostname ciscoasa

enable password 8Ry2YjIyt7RRXU24 encrypted

names

!

interface Vlan1

nameif inside

security-level 100

ip address 172.16.1.1 255.255.255.0

!

interface Vlan2

nameif outside

security-level 0

ip address 10.10.10.1 255.255.255.0

!

interface Ethernet0/0

switchport access vlan 2

!

interface Ethernet0/1

!

!— Output Suppressed

!

interface Ethernet0/7

shutdown

!

passwd 2KFQnbNIdI.2KYOU encrypted

boot system disk0:/asa802-k8.bin

ftp mode passive

pager lines 24

mtu inside 1500

mtu outside 1500

no failover

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-602.bin

no asdm history enable

arp timeout 14400

!— Set the standard NAT configuration. 

!— Easy VPN provides the NAT exceptions needed.

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

route outside 0.0.0.0 0.0.0.0 10.10.10.2 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout uauth 0:05:00 absolute

dynamic-access-policy-record DfltAccessPolicy

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

telnet timeout 5

ssh timeout 5

console timeout 0

!— Easy VPN Client Configuration —!

!— Specify the IP address of the VPN server.

vpnclient server 10.20.20.1

!— This example uses network extension mode.

vpnclient mode network-extension-mode

!— Specify the group name and the pre-shared key.

vpnclient vpngroup mytunnel password ********

!— Specify the authentication username and password.

vpnclient username cisco password ********

!— In order to enable the device as hardware vpnclient, use this command.

vpnclient enable

threat-detection basic-threat

threat-detection statistics access-list

!

class-map inspection_default

match default-inspection-traffic

!

!— Output suppressed

!

service-policy global_policy global

prompt hostname context

Cryptochecksum:dfcc004fbc2988e4370226f8d592b205

: end

文章出自:CCIE那点事 http://www.jdccie.com/ 版权所有。本站文章除注明出处外,皆为作者原创文章,可自由引用,但请注明来源。 禁止全文转载。
本文链接:http://www.jdccie.com/?p=189转载请注明转自CCIE那点事
如果喜欢:点此订阅本站
  • 相关文章
  • 为您推荐
  • 各种观点

暂时还木有人评论,坐等沙发!
发表评论

您必须 [ 登录 ] 才能发表留言!