CISCO ASA L2L VPN PSK: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Thomas (Diskussion | Beiträge) |
Thomas (Diskussion | Beiträge) |
||
| Zeile 21: | Zeile 21: | ||
=Zusammenfassen= | =Zusammenfassen= | ||
| − | |||
*ciscoasa(config)# crypto map vpn-asa-toc 10 match address acl-asa-toc | *ciscoasa(config)# crypto map vpn-asa-toc 10 match address acl-asa-toc | ||
| − | + | ==PFS und Diffie-Hellman-Gruppe 5== | |
*ciscoasa(config)# crypto map vpn-asa-toc 10 set pfs group5 | *ciscoasa(config)# crypto map vpn-asa-toc 10 set pfs group5 | ||
| − | + | ==Peer setzen== | |
*ciscoasa(config)# crypto map vpn-asa-toc 10 set peer 192.168.252.5 | *ciscoasa(config)# crypto map vpn-asa-toc 10 set peer 192.168.252.5 | ||
| − | + | ==Transformset zuordnen== | |
*ciscoasa(config)# crypto map vpn-asa-toc 10 set ikev1 transform-set AES256-MD5 | *ciscoasa(config)# crypto map vpn-asa-toc 10 set ikev1 transform-set AES256-MD5 | ||
| − | + | ==Vpn Interface freischalten== | |
| − | |||
*ciscoasa(config)# crypto map vpn-asa-toc interface if-outside | *ciscoasa(config)# crypto map vpn-asa-toc interface if-outside | ||
| − | + | ==Netz zu Netz Vpn== | |
| − | |||
*ciscoasa(config)# tunnel-group 192.168.252.5 type ipsec-l2l | *ciscoasa(config)# tunnel-group 192.168.252.5 type ipsec-l2l | ||
| − | + | ==Ipsec Attribute== | |
*ciscoasa(config)# tunnel-group 192.168.252.5 ipsec-attributes | *ciscoasa(config)# tunnel-group 192.168.252.5 ipsec-attributes | ||
| − | + | ==PSK festlegen== | |
*ciscoasa(config-tunnel-ipsec)# pre-shared-key streng-geheim | *ciscoasa(config-tunnel-ipsec)# pre-shared-key streng-geheim | ||
=Links= | =Links= | ||
*http://www.petenetlive.com/KB/Article/0000050 | *http://www.petenetlive.com/KB/Article/0000050 | ||
Version vom 11. Februar 2016, 14:49 Uhr
Accessliste anlegen
- ciscoasa(config)# access-list acl-asa-toc extended permit ip 172.18.122.0 255.255.255.0 192.168.122.0 255.255.255.0
Phase 1
ciscoasa(config)# crypto isakmp policy 10
Authentifizierung mit PSK
- ciscoasa(config-ikev1-policy)# authentication pre-share
Verschlüsselung
- ciscoasa(config-ikev1-policy)# encryption aes-256
Hash Algorithmus
- ciscoasa(config-ikev1-policy)# hash md5
Diffie-Hellmann-Gruppe
- ciscoasa(config-ikev1-policy)# group 5
Lifetime
- ciscoasa(config-ikev1-policy)# lifetime 28800
Festlegen das die IP als ID funkiert
- ciscoasa(config)# crypto isakmp identity address
isakmp auf outside interface freischalten
- ciscoasa(config)# crypto isakmp enable if-outside
Transformset festlegen
- ciscoasa(config)# crypto ipsec transform-set AES256-MD5 esp-aes-256 esp-md5-hmac
Zusammenfassen
- ciscoasa(config)# crypto map vpn-asa-toc 10 match address acl-asa-toc
PFS und Diffie-Hellman-Gruppe 5
- ciscoasa(config)# crypto map vpn-asa-toc 10 set pfs group5
Peer setzen
- ciscoasa(config)# crypto map vpn-asa-toc 10 set peer 192.168.252.5
Transformset zuordnen
- ciscoasa(config)# crypto map vpn-asa-toc 10 set ikev1 transform-set AES256-MD5
Vpn Interface freischalten
- ciscoasa(config)# crypto map vpn-asa-toc interface if-outside
Netz zu Netz Vpn
- ciscoasa(config)# tunnel-group 192.168.252.5 type ipsec-l2l
Ipsec Attribute
- ciscoasa(config)# tunnel-group 192.168.252.5 ipsec-attributes
PSK festlegen
- ciscoasa(config-tunnel-ipsec)# pre-shared-key streng-geheim