In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-02-24 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)06/01 Report--
Experiment with ASA Firewall IPSEC
The steps of the experiment:
1. First configure the ip address on R1 and R2, and configure the default route on R1 and R3.
two。 Configure ASA1 and ASA 2
First, ASA1 initializes
Then change the name and configure the interface name and IP address as well as default and static routes
First turn on ISAKMP/IKE
In the first stage of configuration, the security policy (priority is 1, note: the smaller the number, the larger the number)
Define five elements: define encryption (encryption), define hash authentication (hash), define authentication (authentcation), define DH encryption strength (group), define life cycle (lifetime)
Crypto isakmp key abc123 address 20.1.1.2 / / pre-shared key / /
Access-list 110permit ip 192.168.10.0255.255.255.0 192.168.20.0255.255.255.0 / / Traffic of interest in configuration / /
Crypto ipsec transform-set benet esp-aes esp-sha-hmac / / configuring transfer sets / /
And then establish a session.
Crypto map benetmap 1 set peer 20.1.1.2 / / first define the name and priority, and then call / /
Crypto map benetmap 1 set transform-set benet / / configuring the transfer set / /
Crypto map benetmap 1 match address 110 / / matching ACL//
Crypto map benetmap interface outside / / Last application port / /
Then ASA2 initializes
Then change the name and configure the interface name and IP address as well as default and static routes
First turn on ISAKMP/IKE
In the first stage of configuration, the security policy (priority is 1, note: the smaller the number, the larger the number)
Define five elements: define encryption (encryption), define hash authentication (hash), define authentication (authentcation), define DH encryption strength (group), define life cycle (lifetime)
Crypto isakmp key abc123 address 10.1.1.2 / / pre-shared key / /
Access-list 110permit ip 192.168.20.0255.255.255.0 192.168.10.0255.255.255.0 / / Traffic of interest in configuration / /
Crypto ipsec transform-set benet esp-aes esp-sha-hmac / / configuring transfer sets / /
And then establish a session.
Crypto map benetmap 1 set peer 10.1.1.2 / / first define the name and priority, and then call / /
Crypto map benetmap 1 set transform-set benet / / configuring the transfer set / /
Crypto map benetmap 1 match address 110 / / matching ACL//
Crypto map benetmap interface outside / / Last application port / /
Finally, configure the ip address on VPC, and then C2 can't get through under C1ping.
Actual completion
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
