SSL VPN over ASA
1、启用SSL VPN访问:
webvpn
enable outside
svc image disk0:/anyconnect-win-2.4.1012-k9.pkg 1
svc enable
tunnel-group-list enable
2、建立SSL VPN拨号地址池:
ip local pool SSLClientPool 10.1.2.55-10.1.2.59 mask 255.255.255.0
3、创建组策略:
group-policy SSLVPNPolicy internal
group-policy SSLVPNPolicy attributes
dns-server value 10.1.2.35 10.1.2.140
vpn-tunnel-protocol svc webvpn
default-domain value Antec-Beijing.com
webvpn
url-list none
svc keep-installer installed
svc ask enable
4、创建连接配置文件和隧道组:
tunnel-group SSLVPNProfile type remote-access
tunnel-group SSLVPNProfile general-attributes
address-pool SSLClientPool
default-group-policy SSLVPNPolicy
tunnel-group SSLVPNProfile webvpn-attributes
group-alias SSLVPNClient enable
5、配置用户账户:
username chris password bjitQWE123 encrypted privilege 0
username chris attributes
vpn-group-policy SSLVPNPolicy
service-type remote-access
6、配置隧道分离:
access-list SplitTunnelList standard permit 10.1.2.0 255.255.255.0
group-policy SSLVPNPolicy attributes
split-tunnel-policy tunnelspecified
split-tunnel-network-list value SplitTunnelList
7、配置NAT免除:
access-list inside_nat0_outbound extended permit ip 10.1.2.0 255.255.255.0 10.1.2.0 255.255.255.0
nat (inside) 0 access-list inside_nat0_outbound
本文出自 “银凯的博客” 博客,请务必保留此出处http://yinkai.blog.51cto.com/3813923/1572158
郑重声明:本站内容如果来自互联网及其他传播媒体,其版权均属原媒体及文章作者所有。转载目的在于传递更多信息及用于网络分享,并不代表本站赞同其观点和对其真实性负责,也不构成任何其他建议。
