Sophos 2 cisco asa: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
David (Diskussion | Beiträge) (Die Seite wurde neu angelegt: „=interfaces einrichten= configure terminal interface Vlan2 ip address 192.168.244.185 255.255.248.0 nameif if-outside interface Vlan1 …“) |
David (Diskussion | Beiträge) |
||
| Zeile 14: | Zeile 14: | ||
name-server 192.168.240.200 | name-server 192.168.240.200 | ||
end | end | ||
| + | |||
| + | |||
| + | configure terminal | ||
| + | access-list acl-asa-toc extended permit ip 10.20.170.0 255.255.255.0 10.20.0.0 255.255.0.0 | ||
| + | crypto isakmp identity address | ||
| + | crypto isakmp enable if-outside | ||
| + | crypto ipsec transform-set AES256-MD5 esp-aes-256 esp-md5-hmac | ||
| + | crypto map vpn-asa-toc 10 match address acl-asa-toc | ||
| + | crypto map vpn-asa-toc 10 set pfs group5 | ||
| + | crypto map vpn-asa-toc 10 set peer 192.168.244.130 | ||
| + | crypto map vpn-asa-toc 10 set ikev1 transform-set AES256-MD5 | ||
| + | crypto map vpn-asa-toc interface if-outside | ||
| + | tunnel-group 192.168.244.130 type ipsec-l2l | ||
| + | tunnel-group 192.168.244.130 ipsec-attributes | ||
| + | pre-shared-key streng-geheim | ||
| + | object network no-nat | ||
| + | subnet 10.20.0.0 255.255.0.0 | ||
| + | nat (if-inside,if-outside) source static obj-lan obj-lan destination static no-nat no-nat | ||
Version vom 18. März 2016, 10:11 Uhr
interfaces einrichten
configure terminal
interface Vlan2 ip address 192.168.244.185 255.255.248.0 nameif if-outside interface Vlan1 nameif if-inside ip address 10.20.170.1 255.255.255.0 route if-outside 0.0.0.0 0.0.0.0 192.168.240.100 domain-name xinux.org dns domain-lookup if-outside dns server-group DefaultDNS name-server 192.168.240.200 end
configure terminal access-list acl-asa-toc extended permit ip 10.20.170.0 255.255.255.0 10.20.0.0 255.255.0.0 crypto isakmp identity address crypto isakmp enable if-outside crypto ipsec transform-set AES256-MD5 esp-aes-256 esp-md5-hmac crypto map vpn-asa-toc 10 match address acl-asa-toc crypto map vpn-asa-toc 10 set pfs group5 crypto map vpn-asa-toc 10 set peer 192.168.244.130 crypto map vpn-asa-toc 10 set ikev1 transform-set AES256-MD5 crypto map vpn-asa-toc interface if-outside tunnel-group 192.168.244.130 type ipsec-l2l tunnel-group 192.168.244.130 ipsec-attributes pre-shared-key streng-geheim object network no-nat subnet 10.20.0.0 255.255.0.0 nat (if-inside,if-outside) source static obj-lan obj-lan destination static no-nat no-nat