CISCO ASA REMOTE ACCESS: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Thomas (Diskussion | Beiträge) |
Thomas (Diskussion | Beiträge) |
||
| Zeile 1: | Zeile 1: | ||
=Cisco Asa ISAKMP Phase1= | =Cisco Asa ISAKMP Phase1= | ||
*[[Cisco Asa ISAKMP Phase1]] | *[[Cisco Asa ISAKMP Phase1]] | ||
| + | =Configuring an Address Pool= | ||
| + | *ciscoasa(config)# ip local pool vpn-roadwarrior-pool 172.28.28.10-172.28.28.30 mask 255.255.255.0 | ||
| + | =User anlegen= | ||
| + | *ciscoasa(config)# username thomas password oimel | ||
| + | *ciscoasa(config)# username david password suxer | ||
| + | *ciscoasa(config)# username janning password schmeich | ||
| + | =Transformset= | ||
| + | *ciscoasa(config)# crypto ipsec ikev1 transform-set AES256-MD5 esp-aes-256 esp-md5-hmac | ||
| + | =Typ der Tunnelgruppe festlegen= | ||
| + | *ciscoasa(config)# tunnel-group vpn-roadwarrior type remote-access | ||
| + | =Attribute der Tunnelgruppe festlegen= | ||
| + | *ciscoasa(config)# tunnel-group vpn-roadwarrior general-attributes | ||
| + | ==Addresspool zuweisen== | ||
| + | *ciscoasa(config-tunnel-general)# address-pool vpn-roadwarrior-pool | ||
| + | =PSK festlegen= | ||
| + | *ciscoasa(config)# tunnel-group vpn-roadwarrior ipsec-attributes | ||
| + | *ciscoasa(config-tunnel-ipsec)# ikev1 pre-shared-key sau-geheim | ||
| + | =Zusammenfassen unter dyn-vpn-roadwarrior der Transformset AES256-MD5 und die Policy aus [[Cisco Asa ISAKMP Phase1]]= | ||
| + | *ciscoasa(config)# crypto dynamic-map dyn-vpn-roadwarrior 10 set ikev1 transform-set AES256-MD5 | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
hostname(config)# crypto dynamic-map dyn1 1 set ikev1 transform-set FirstSet | hostname(config)# crypto dynamic-map dyn1 1 set ikev1 transform-set FirstSet | ||
Version vom 15. Februar 2016, 14:39 Uhr
Cisco Asa ISAKMP Phase1
Configuring an Address Pool
- ciscoasa(config)# ip local pool vpn-roadwarrior-pool 172.28.28.10-172.28.28.30 mask 255.255.255.0
User anlegen
- ciscoasa(config)# username thomas password oimel
- ciscoasa(config)# username david password suxer
- ciscoasa(config)# username janning password schmeich
Transformset
- ciscoasa(config)# crypto ipsec ikev1 transform-set AES256-MD5 esp-aes-256 esp-md5-hmac
Typ der Tunnelgruppe festlegen
- ciscoasa(config)# tunnel-group vpn-roadwarrior type remote-access
Attribute der Tunnelgruppe festlegen
- ciscoasa(config)# tunnel-group vpn-roadwarrior general-attributes
Addresspool zuweisen
- ciscoasa(config-tunnel-general)# address-pool vpn-roadwarrior-pool
PSK festlegen
- ciscoasa(config)# tunnel-group vpn-roadwarrior ipsec-attributes
- ciscoasa(config-tunnel-ipsec)# ikev1 pre-shared-key sau-geheim
Zusammenfassen unter dyn-vpn-roadwarrior der Transformset AES256-MD5 und die Policy aus Cisco Asa ISAKMP Phase1
- ciscoasa(config)# crypto dynamic-map dyn-vpn-roadwarrior 10 set ikev1 transform-set AES256-MD5
hostname(config)# crypto dynamic-map dyn1 1 set ikev1 transform-set FirstSet
hostname(config)# crypto dynamic-map dyn1 1 set reverse-route
hostname(config)# crypto map mymap 1 ipsec-isakmp dynamic dyn1
hostname(config)# crypto map mymap interface outside
hostname(config)# write memory