多平台统一管理软件接口,如何实现多平台统一管理软件接口
627
2022-10-07
Ciscoasa ipsec ikev2(ciscoasa5520路由器)
Ciscoasa ipsec ikev2(ciscoasa5520路由器)
------------------IKEV2-----------------------------1.基本上网配置interfaceGigabitEthernet0 ---------配置外网口,定义接口nameif outsidesecurity-level 0ip address 101.1.1.100 255.255.255.0interfaceGigabitEthernet1 -----------配置内网扣,定义接口nameif insidesecurity-level 100ip address 192.168.1.1 255.255.255.02、定义objectobject network inside_network -------------需要上互联网的subsubnet 192.168.1.0 255.255.255.0object network local_network ----------定义本端网络subnet 192.168.1.0 255.255.255.0object network remote_network---------定义远端网络subnet 172.16.1.0 255.255.255.03、定义ACLaccess-list 100 extended permit ip any any ------定义any any互联网ACLaccess-list 110 extended permit ip object local_network object remote_network -----定义感兴趣流量4、配置NATobjectnetwork inside_network -------配置PATnat (inside,outside) dynamic interface access-group 100 in interface inside -------将ACL 100应用到inside接口nat (inside,outside) source static local_network local_network destination static remote_network remote_network /拒绝流量被NAT5、配置默认路由route outside 0.0.0.0 0.0.0.0 101.1.1.16、配置IPSEC-6.1 IPSEC-第一阶段ike配置crypto ikev2 policy 10 ---------定义ikev2策略encryption aes-256integrity sha256 md5group 2prf sha256 md5lifetime seconds 86400
tunnel-group 201.1.1.100 type ipsec-l2l ------定义隧道,类型为ipsec-l2ltunnel-group 201.1.1.100 ipsec-attributes ikev2 remote-authentication pre-shared-key cisco ------配置预共享密钥为ciscoikev2 local-authentication pre-shared-key cisco
6.2 IPSEC-***第二阶段ipsec配置crypto ipsec ikev2 ipsec-proposal cisco -------定义ipsec转换集protocol esp encryption aes-256protocol esp integrity md5
6.3 定义map映射绑定策略与ipsec转换集crypto map cisco 10 match address 110 -----定义crypto map,绑定***感兴趣流ACL 110crypto map cisco 10 set peer 201.1.1.100-------指定peer对等体公网IP地址crypto map cisco 10 set ikev2 ipsec-proposal cisco ------调用刚才创建的ipsec转换集cryptomap cisco interface outside -------将map应用到outside接口
6.4 开启ikev2策略到outside接口crypto ikev2 enable outside
版权声明:本文内容由网络用户投稿,版权归原作者所有,本站不拥有其著作权,亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容,请联系我们jiasou666@gmail.com 处理,核实后本网站将在24小时内删除侵权内容。
相关文章
发表评论
暂时没有评论,来抢沙发吧~