ASA-1配置

: Saved
:
ASA Version 8.0(2)
!
hostname ASA-1
enable password 8Ry2YjIyt7RRXU24 encrypted
names
!
interface Ethernet0/0
?nameif outside
?security-level 0
?ip address 61.67.1.1 255.255.255.0
!
interface Ethernet0/1
?nameif inside
?security-level 100
?ip address 192.168.1.254 255.255.255.0
!
interface Ethernet0/2
?shutdown
?no nameif
?no security-level
?no ip address
!
interface Ethernet0/3
?shutdown??? ?
?no nameif?? ?
?no security-level
?no ip address
!??????????? ?
interface Ethernet0/4
?shutdown??? ?
?no nameif?? ?
?no security-level
?no ip address
!??????????? ?
interface Ethernet0/5
?shutdown??? ?
?no nameif?? ?
?no security-level
?no ip address
!??????????? ?
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
access-list out-to-in extended permit icmp any any echo
access-list out-to-in extended permit icmp any any echo-reply
access-list IPSEC extended permit ip 192.168.1.0 255.255.255.0 172.16.1.0 255.255.255.0
pager lines 24
mtu outside 1500
mtu inside 1500
no failover? ?
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list IPSEC
nat (inside) 1 192.168.1.0 255.255.255.0
access-group out-to-in in interface outside
route outside 0.0.0.0 0.0.0.0 61.67.1.2 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set IPSEC esp-des esp-md5-hmac
crypto map IPSEC 1 match address IPSEC
crypto map IPSEC 1 set peer 202.112.1.1
crypto map IPSEC 1 set transform-set IPSEC
crypto map IPSEC interface outside
crypto isakmp enable outside
crypto isakmp policy 1
?authentication pre-share
?encryption des
?hash md5??? ?
?group 2???? ?
?lifetime 86400
crypto isakmp policy 65535
?authentication pre-share
?encryption 3des
?hash sha??? ?
?group 2???? ?
?lifetime 86400
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
!??????????? ?
class-map inspection_default
?match default-inspection-traffic
!??????????? ?
!??????????? ?
policy-map type inspect dns preset_dns_map
?parameters? ?
? message-length maximum 512
policy-map global_policy
?class inspection_default
? inspect dns preset_dns_map
? inspect ftp
? inspect h323 h225
? inspect h323 ras
? inspect netbios
? inspect rsh
? inspect rtsp
? inspect skinny ?
? inspect esmtp
? inspect sqlnet
? inspect sunrpc
? inspect tftp
? inspect sip ?
? inspect xdmcp
!??????????? ?
service-policy global_policy global
tunnel-group 202.112.1.1 type ipsec-l2l
tunnel-group 202.112.1.1 ipsec-attributes
?pre-shared-key *
tunnel-group IPSEC type ipsec-l2l
tunnel-group IPSEC ipsec-attributes
?pre-shared-key *
prompt hostname context
Cryptochecksum:d41d8cd98f00b204e9800998ecf8427e
: end

ASA-2配置：

: Saved
:
ASA Version 8.0(2)
!
hostname ASA-2
enable password 8Ry2YjIyt7RRXU24 encrypted
names
!
interface Ethernet0/0
?nameif outside
?security-level 0
?ip address 202.112.1.1 255.255.255.0
!
interface Ethernet0/1
?nameif inside
?security-level 100
?ip address 172.16.1.254 255.255.255.0
!
interface Ethernet0/2
?shutdown
?no nameif
?no security-level
?no ip address
!
interface Ethernet0/3
?shutdown??? ?
?no nameif?? ?
?no security-level
?no ip address
!??????????? ?
interface Ethernet0/4
?shutdown??? ?
?no nameif?? ?
?no security-level
?no ip address
!??????????? ?
interface Ethernet0/5
?shutdown??? ?
?no nameif?? ?
?no security-level
?no ip address
!??????????? ?
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
access-list out-to-in extended permit icmp any any echo
access-list out-to-in extended permit icmp any any echo-reply
access-list IPSEC extended permit ip 172.16.1.0 255.255.255.0 192.168.1.0 255.255.255.0
pager lines 24
mtu outside 1500
mtu inside 1500
no failover? ?
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list IPSEC
nat (inside) 1 172.16.1.0 255.255.255.0
access-group out-to-in in interface outside
route outside 0.0.0.0 0.0.0.0 202.112.1.2 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set IPSEC esp-des esp-md5-hmac
crypto map IPSEC 1 match address IPSEC
crypto map IPSEC 1 set peer 61.67.1.1
crypto map IPSEC 1 set transform-set IPSEC
crypto map IPSEC interface outside
crypto isakmp enable outside
crypto isakmp policy 1
?authentication pre-share
?encryption des
?hash md5??? ?
?group 2???? ?
?lifetime 86400
crypto isakmp policy 65535
?authentication pre-share
?encryption 3des
?hash sha??? ?
?group 2???? ?
?lifetime 86400
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
!??????????? ?
class-map inspection_default
?match default-inspection-traffic
!??????????? ?
!??????????? ?
policy-map type inspect dns preset_dns_map
?parameters? ?
? message-length maximum 512
policy-map global_policy
?class inspection_default
? inspect dns preset_dns_map
? inspect ftp
? inspect h323 h225
? inspect h323 ras
? inspect netbios
? inspect rsh
? inspect rtsp
? inspect skinny ?
? inspect esmtp
? inspect sqlnet
? inspect sunrpc
? inspect tftp
? inspect sip ?
? inspect xdmcp
!??????????? ?
service-policy global_policy global
tunnel-group 61.67.1.1 type ipsec-l2l
tunnel-group 61.67.1.1 ipsec-attributes
?pre-shared-key *
tunnel-group IPSEC type ipsec-l2l
tunnel-group IPSEC ipsec-attributes
?pre-shared-key *
prompt hostname context
Cryptochecksum:d41d8cd98f00b204e9800998ecf8427e
: end?

轉載于:https://blog.51cto.com/zhangjialin/1673383

總結

以上是生活随笔為你收集整理的ASA IPSEC ***配置的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。