1. Trang chủ
  2. » Công Nghệ Thông Tin

CẤU HÌNH ASA VPN SSL ANYCONNECT

4 140 7

Đang tải... (xem toàn văn)

THÔNG TIN TÀI LIỆU

Thông tin cơ bản

Định dạng
Số trang 4
Dung lượng 71,7 KB

Nội dung

CẤU HÌNH ASA VPN SSL ANYCONNECT Link video: https://www.youtube.com/playlist?list=PLUG4qYgahz4c0-GwDbksOn3W_QYG7kp3f TASK 1: Đặt IP cho interface ASA interface GigabitEthernet0/0 nameif inside security-level 100 ip address 192.168.1.1 255.255.255.0 no shutdown ! interface GigabitEthernet0/1 nameif outside security-level ip address 200.200.200.1 255.255.255.252 no shutdown #######Route ngoài######### route outside 0.0.0.0 0.0.0.0 200.200.200.2 TASK 2: ENABLE SSL VPN ###Bật tính vpn ssl#### webvpn #####Chỉ Gói down client họ connect##### anyconnect image flash:/anyconnect-win-4.1.08005-k9.pkg ****lấy từ lệnh show flash: firewall ra******* #####cho phép gọi đến IP outside để VPN###### enable outside ####mở tính anyconnect kết nối##### anyconnect enable #####cho phép traffic VPN từ vào#### sysopt connection permit-vpn #######Tạo POOL IP gán cho user VPN########## ip local pool VPN_POOL 192.168.10.100-192.168.10.200 mask 255.255.255.0 #######Chỉ dải mạng LAN mà user VPN gọi vào########## access-list ALLOW-ACCESS-LAN standard permit 192.168.1.0 255.255.255.0 #######Tạo policy áp đặt cho người kết nối VPN######## group-policy ANYCONNECT_POLICY internal group-policy ANYCONNECT_POLICY attributes vpn-tunnel-protocol ssl-client ssl-clientless split-tunnel-policy tunnelspecified split-tunnel-network-list value ALLOW-ACCESS-LAN dns-server value 8.8.8.8 exit #######Tạo tunnel vpn gắn với policy vừa tạo########## tunnel-group MY_TUNNEL type remote-access tunnel-group MY_TUNNEL general-attributes default-group-policy ANYCONNECT_POLICY address-pool VPN_POOL exit tunnel-group MY_TUNNEL webvpn-attributes group-alias ONLINE_STAFF enable webvpn tunnel-group-list enable #######Tạo account######### username hainm password hainm username hainm attributes service-type remote-access ####Verify ASA###### ciscoasa# show vpn-sessiondb anyconnect Session Type: AnyConnect Username : hainm Index Assigned IP : 192.168.10.100 : 11 Public IP : 100.100.100.2 Protocol : Clientless SSL-Tunnel DTLS-Tunnel License : AnyConnect Premium Encryption : Clientless: (1)AES256 SSL-Tunnel: (1)AES-GCM-256 DTLS-Tunnel: (1)AES256 Hashing : Clientless: (1)SHA1 SSL-Tunnel: (1)SHA384 DTLS-Tunnel: (1)SHA1 Bytes Tx : 865255 Bytes Rx Group Policy : ANYCONNECT_POLICY : 532441 Tunnel Group : MY_TUNNEL Login Time : 02:50:58 UTC Thu Oct 2021 Duration : 0h:52m:50s Inactivity : 0h:00m:00s VLAN Mapping : N/A VLAN : none Audt Sess ID : c0a801010000b000615e6092 Security Grp : none ...TASK 2: ENABLE SSL VPN ###Bật tính vpn ssl# ### webvpn #####Chỉ Gói down client họ connect##### anyconnect image flash: /anyconnect- win-4.1.08005-k9.pkg ****lấy từ lệnh... outside để VPN# ##### enable outside ####mở tính anyconnect kết nối##### anyconnect enable #####cho phép traffic VPN từ vào#### sysopt connection permit -vpn #######Tạo POOL IP gán cho user VPN# #########... #######Tạo policy áp đặt cho người kết nối VPN# ####### group-policy ANYCONNECT_ POLICY internal group-policy ANYCONNECT_ POLICY attributes vpn- tunnel-protocol ssl- client ssl- clientless split-tunnel-policy

Ngày đăng: 07/10/2021, 10:52

TỪ KHÓA LIÊN QUAN

TÀI LIỆU CÙNG NGƯỜI DÙNG

TÀI LIỆU LIÊN QUAN

w