Aktuelle Version vom 16. Februar 2016, 11:23 Uhr

Cisco Asa ISAKMP Phase1

Cisco Asa ISAKMP Phase1

Configuring an Address Pool

ciscoasa(config)# ip local pool vpn-roadwarrior-pool 172.28.28.10-172.28.28.30 mask 255.255.255.0

User anlegen

ciscoasa(config)# username thomas password oimel
ciscoasa(config)# username david password suxer
ciscoasa(config)# username janning password schmeich

Transformset

ciscoasa(config)# crypto ipsec ikev1 transform-set AES256-MD5 esp-aes-256 esp-md5-hmac

Typ der Tunnelgruppe festlegen

ciscoasa(config)# tunnel-group vpn-roadwarrior type remote-access

Attribute der Tunnelgruppe festlegen

ciscoasa(config)# tunnel-group vpn-roadwarrior general-attributes

Addresspool zuweisen

ciscoasa(config-tunnel-general)# address-pool vpn-roadwarrior-pool

PSK festlegen

ciscoasa(config)# tunnel-group vpn-roadwarrior ipsec-attributes
ciscoasa(config-tunnel-ipsec)# ikev1 pre-shared-key sau-geheim

Zusammenfassen dyn-vpn-roadwarrior Transformset AES256-MD5

bezogen auf Policy 10 aus Cisco Asa ISAKMP Phase1

ciscoasa(config)# crypto dynamic-map dyn-vpn-roadwarrior 10 set ikev1 transform-set AES256-MD5

Enables Reverse Route Injection

ciscoasa(config)# crypto dynamic-map dyn-vpn-roadwarrior 10 set reverse-route

Creates a crypto map entry that uses a dynamic crypto

ciscoasa(config)# crypto map my-vpn-roadwarrior-map 10 ipsec-isakmp dynamic dyn-vpn-roadwarrior

Anwenden der crypto map auf das outside interface

ciscoasa(config)# crypto map my-vpn-roadwarrior-map interface if-outside

Vpn pool aus nat nehmen

Festlegen der Ausnahme

object network no-nat-roadwarrior
subnet 172.28.28.0 255.255.255.0

Ausnahme anwenden

nat (if-inside,if-outside) source static obj-lan obj-lan destination static no-nat-roadwarrior no-nat-roadwarrior

Copy and Paste

configure terminal
ip local pool vpn-roadwarrior-pool 172.28.28.10-172.28.28.30 mask 255.255.255.0
username thomas password oimel
username david password suxer 
username janning password schmeich
crypto ipsec ikev1 transform-set AES256-MD5 esp-aes-256 esp-md5-hmac
tunnel-group vpn-roadwarrior type remote-access
tunnel-group vpn-roadwarrior general-attributes 
address-pool vpn-roadwarrior-pool
exit
tunnel-group vpn-roadwarrior ipsec-attributes 
ikev1 pre-shared-key sau-geheim
exit
crypto dynamic-map dyn-vpn-roadwarrior 10 set ikev1 transform-set AES256-MD5
crypto dynamic-map dyn-vpn-roadwarrior 10 set reverse-route
crypto map my-vpn-roadwarrior-map 10 ipsec-isakmp dynamic dyn-vpn-roadwarrior
crypto map my-vpn-roadwarrior-map interface if-outside
object network no-nat-roadwarrior
 subnet 172.28.28.0 255.255.255.0
 nat (if-inside,if-outside) source static obj-lan obj-lan destination static no-nat-roadwarrior no-nat-roadwarrior
exit

@@ Zeile 19: / Zeile 19: @@
 *ciscoasa(config-tunnel-ipsec)# ikev1 pre-shared-key sau-geheim
-=Zusammenfassen dyn-vpn-roadwarrior Transformset AES256-MD5 und Policy [[Cisco Asa ISAKMP Phase1]]=
+=Zusammenfassen dyn-vpn-roadwarrior Transformset AES256-MD5 =
+;bezogen auf Policy 10 aus [[Cisco Asa ISAKMP Phase1]]
 *ciscoasa(config)# crypto dynamic-map dyn-vpn-roadwarrior 10 set ikev1 transform-set AES256-MD5
+=Enables Reverse Route Injection=
+*ciscoasa(config)# crypto dynamic-map dyn-vpn-roadwarrior 10 set reverse-route
+=Creates a crypto map entry that uses a dynamic crypto=
+*ciscoasa(config)# crypto map my-vpn-roadwarrior-map 10 ipsec-isakmp dynamic dyn-vpn-roadwarrior
+=Anwenden der crypto map auf das outside interface=
+*ciscoasa(config)# crypto map my-vpn-roadwarrior-map interface if-outside
-hostname(config)# crypto dynamic-map dyn1 1 set ikev1 transform-set FirstSet
+=Vpn pool aus nat nehmen=
+==Festlegen der Ausnahme==
-hostname(config)# crypto dynamic-map dyn1 1 set reverse-route
+*object network no-nat-roadwarrior
+*subnet 172.28.28.0 255.255.255.0
-hostname(config)# crypto map mymap 1 ipsec-isakmp dynamic dyn1
+==Ausnahme anwenden==
+*nat (if-inside,if-outside) source static obj-lan obj-lan destination static no-nat-roadwarrior no-nat-roadwarrior
-hostname(config)# crypto map mymap interface outside
+=Copy and Paste=
+<pre>
-hostname(config)# write memory
+configure terminal
+ip local pool vpn-roadwarrior-pool 172.28.28.10-172.28.28.30 mask 255.255.255.0
+username thomas password oimel
+username david password suxer
+username janning password schmeich
+crypto ipsec ikev1 transform-set AES256-MD5 esp-aes-256 esp-md5-hmac
+tunnel-group vpn-roadwarrior type remote-access
+tunnel-group vpn-roadwarrior general-attributes
+address-pool vpn-roadwarrior-pool
+exit
+tunnel-group vpn-roadwarrior ipsec-attributes
+ikev1 pre-shared-key sau-geheim
+exit
+crypto dynamic-map dyn-vpn-roadwarrior 10 set ikev1 transform-set AES256-MD5
+crypto dynamic-map dyn-vpn-roadwarrior 10 set reverse-route
+crypto map my-vpn-roadwarrior-map 10 ipsec-isakmp dynamic dyn-vpn-roadwarrior
+crypto map my-vpn-roadwarrior-map interface if-outside
+object network no-nat-roadwarrior
+ subnet 172.28.28.0 255.255.255.0
+ nat (if-inside,if-outside) source static obj-lan obj-lan destination static no-nat-roadwarrior no-nat-roadwarrior
+exit
+</pre>
+=Quellen=
 *http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/vpn_remote_access.html
+*http://www.databasemart.com/HowTo/Cisco_VPN_Remote_Access_Setup_ASA5500.aspx

CISCO ASA REMOTE ACCESS: Unterschied zwischen den Versionen

Aktuelle Version vom 16. Februar 2016, 11:23 Uhr

Inhaltsverzeichnis

Cisco Asa ISAKMP Phase1

Configuring an Address Pool

User anlegen

Transformset

Typ der Tunnelgruppe festlegen

Attribute der Tunnelgruppe festlegen

Addresspool zuweisen

PSK festlegen

Zusammenfassen dyn-vpn-roadwarrior Transformset AES256-MD5

Enables Reverse Route Injection

Creates a crypto map entry that uses a dynamic crypto

Anwenden der crypto map auf das outside interface

Vpn pool aus nat nehmen

Festlegen der Ausnahme

Ausnahme anwenden

Copy and Paste

Quellen

Navigationsmenü

Suche