In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-01-19 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)06/01 Report--
Specific principles and parameters can be referred to: https://blog.51cto.com/14227204/2449696
I'm not going to elaborate here. The principle is roughly the same, so I'll just open it up.
1. The environment is as follows:
2. Start the configuration (configure the interface IP by yourself)
The ASA configuration is as follows:
Ciscoasa > enPassword:ciscoasa# conf tciscoasa (config) # int e 0/0ciscoasa (config-if) # nameif insideINFO: Security level for "inside" set to 100 by default.ciscoasa (config-if) # ip add 192.168.0.1ciscoasa (config-if) # no shutdownciscoasa (config-if) # exitciscoasa (config) # int e 0/1ciscoasa (config-if) # nameif outsideINFO: Security level for "outside" set to 0 by default.ciscoasa (config-if) # ip add 200.0.0.2ciscoasa (config-if) # No shutdownciscoasa (config) # route outside 00 200.0.0.1 # 0 means AAA in 0.0.0.0 # ASA is enabled by default So there is no need to manually enable ciscoasa (config) # username zhangsan password 123123 # configure AAA authenticated user ciscoasa (config) # crypto isakmp enable outside # enable IKE negotiation # stage 1: specify the relevant parameters for the management connection Encryption algorithms such as ciscoasa (config) # crypto isakmp policy 10 ciscoasa (config-isakmp-policy) # encryption 3desciscoasa (config-isakmp-policy) # hash sha ciscoasa (config-isakmp-policy) # authentication pre-shareciscoasa (config-isakmp-policy) # group 2ciscoasa (config-isakmp-policy) # exitciscoasa (config) # ip local pool test-pool 192.168.1.200-192.168.1.210 # create address pool ciscoasa (config) # access-list split- Acl permit ip 192.168.0.0 255.255.255.0 any # write AClciscoasa (config) # group-policy test-group internalciscoasa (config) # group-policy test-group attributesciscoasa (config-group-policy) # split-tunnel-policy tunnelspecifiedciscoasa (config-group-policy) # split-tunnel-network-list value split-aclciscoasa (config-group-policy) # exitciscoasa (config) # tunnel-group test1-group type ipsec-raciscoasa (config) # tunnel-group test1-group general-attributesciscoasa (config- Tunnel-general) # address-pool test-pool # address pool created by the application ciscoasa (config-tunnel-general) # default-group-policy test-groupciscoasa (config-tunnel-general) # exitciscoasa (config) # tunnel-group test1-group ipsec-attributesciscoasa (config-tunnel-ipsec) # pre-shared-key 321321 # configure group key ciscoasa (config-tunnel-ipsec) # exitciscoasa (config) # crypto ipsec transform-set test-set esp- 3des esp-sha-hmacciscoasa (config) # crypto dynamic-map test-dymap 1 set transform-set test-setciscoasa (config) # crypto map test-stamap 1000 ipsec-isakmp dynamic test-dymapciscoasa (config) # crypto map test-stamap int outside # apply to the interface
For client installation, please refer to: https://blog.51cto.com/14227204/2449696 (second half)
3. Verification
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
