SSL VPN(WebVPN)安裝配置教程
當前位置:點晴教程→知識管理交流
→『 技術文檔交流 』
R1#dir R1# 說明:本實驗已經(jīng)將SSL ××× client模塊(sslclient-win-1.1.0.154.pkg)上傳至路由器,如果需要,可以通過以下地址進行下載: http://www.china-ccie.com/download/sslclient/sslclient.rar
R1(config)#webvpn install svc disk0:sslclient-win-1.1.0.154.pkg SSL××× Package SSL-×××-Client : installed successfully
R1(config)#ip local pool ccie 100.1.1.100 100.1.1.200 說明:自動分配給用戶的地址范圍是100.1.1.100 -100.1.1.200。
R1(config)#int loopback 100 R1(config-if)#ip add 100.1.1.1 255.255.255.0 R1(config-if)#exit 說明:當?shù)刂烦夭皇亲陨碇边B網(wǎng)段時,必須創(chuàng)建同網(wǎng)段的loopback接口。
R1(config)#webvpn gateway chinaccie % Generating 1024 bit RSA keys, keys will be non-exportable...[OK] R1(config-webvpn-gateway)# *Nov 7 22:44:58.159: %SSH-5-ENABLED: SSH 1.99 has been enabled *Nov 7 22:44:59.315: %PKI-4-NOAUTOSAVE: Configuration was modified. Issue "write memory" to save new certificate R1(config-webvpn-gateway)#ip address 12.1.1.1 port 443 R1(config-webvpn-gateway)#inservice R1(config-webvpn-gateway)#exit 說明:定義標識名字,開啟的地址,端口等等。
R1(config)#webvpn context cisco R1(config-webvpn-context)#gateway chinaccie domain cisco R1(config-webvpn-context)#inservice *Nov 7 22:46:41.651: %SSL×××-5-UPDOWN: sslvpn context : cisco changed state to UP R1(config-webvpn-context)#policy group mygroup R1(config-webvpn-group)#functions svc-enabled R1(config-webvpn-group)#svc address-pool ccie R1(config-webvpn-group)#exit R1(config-webvpn-context)#default-group-policy mygroup R1(config-webvpn-context)#exit 說明:定義用戶組策略,地址池等等。
R1(config)#username chinaccie password chinaccie 1.配置基礎網(wǎng)絡環(huán)境 (1)配置ASA: ciscoasa(config)# int e0/0 ciscoasa(config-if)# ip add 12.1.1.1 255.255.255.0 ciscoasa(config-if)# nameif outside INFO: Security level for "outside" set to 0 by default. ciscoasa(config-if)# no shutdown ciscoasa(config-if)# exit ciscoasa(config)# int e0/1 ciscoasa(config-if)# ip add 10.1.1.1 255.255.255.0 ciscoasa(config-if)# nameif inside INFO: Security level for "inside" set to 100 by default. ciscoasa(config-if)# no shutdown ciscoasa(config-if)# exit ciscoasa(config)# route inside 4.4.4.4 255.255.255.255 10.1.1.4 ciscoasa(config)# route outside 0 0 12.1.1.2 ciscoasa(config)# 說明:配置ASA的接口地址,并寫指向R4的Loopback地址4.4.4.4的路由,同時寫默認路由指向Internet(路由器R2),地址12.1.1.2 說明:本實驗已經(jīng)將SSL ××× client模塊(anyconnect-win-2.3.0185-k9.pkg)上傳至ASA,如果需要,可以通過以下地址進行下載: http://www.china-ccie.com/download/sslclient/anyconnect-win-2.3.0185-k9.rar (2)開啟SSL ×××并安裝client模塊: ciscoasa(config)# webvpn ciscoasa(config-webvpn)# enable outside INFO: Web××× and DTLS are enabled on 'outside'. ciscoasa(config-webvpn)# svc p_w_picpath disk0:/anyconnect-win-2.3.0185-k9.pkg ciscoasa(config-webvpn)# svc enable ciscoasa(config-webvpn)# tunnel-group-list enable ciscoasa(config-webvpn)# exit (3)配置自動分配給用戶的地址池: ciscoasa(config)# ip local pool ccie 100.1.1.100-100.1.1.200 mask 255.255.255.0 (4)定義隧道分離網(wǎng)段: ciscoasa(config)# access-list split-ssl extended permit ip 10.1.1.0 255.255.255.0 any ciscoasa(config)# access-list split-ssl extended permit ip 4.4.4.4 255.255.255.255 any (5)定義組策略屬性: ciscoasa(config)# group-policy SSLCLientPolicy internal ciscoasa(config)# group-policy SSLCLientPolicy attributes ciscoasa(config-group-policy)# address-pools value ccie ciscoasa(config-group-policy)# dns-server value 202.96.209.133 ciscoasa(config-group-policy)# default-domain value cisco.com ciscoasa(config-group-policy)# vpn-tunnel-protocol svc ciscoasa(config-group-policy)# split-tunnel-policy tunnelspecified ciscoasa(config-group-policy)# split-tunnel-network-list value split-ssl ciscoasa(config-group-policy)# exit (6)定義隧道策略屬性: ciscoasa(config)# tunnel-group mygroup type remote-access ciscoasa(config)# tunnel-group mygroup general-attributes ciscoasa(config-tunnel-general)# default-group-policy SSLCLientPolicy ciscoasa(config-tunnel-general)# tunnel-group mygroup webvpn-attributes ciscoasa(config-tunnel-webvpn)# group-alias mygroup enable ciscoasa(config-tunnel-webvpn)# exit (7)定義用來認證的賬戶: ciscoasa(config)# username chinaccie password chinaccie 該文章在 2024/3/5 11:51:27 編輯過 |
關鍵字查詢
相關文章
正在查詢... 
|
400 186 1886
、將SSL ××× client模塊傳至路由器:
、安裝SSL ××× client模塊:
、配置自動分配給用戶的地址池:
、為地址池網(wǎng)段創(chuàng)建loopback:
、配置SSL ×××參數(shù):
、定義其它參數(shù),以及組策略:
、定義用來認證的賬戶: