码迷,mamicode.com
首页 > 系统相关 > 详细

ciscoasa ipsec ikev1

时间:2020-10-14 19:55:41      阅读:35      评论:0      收藏:0      [点我收藏+]

标签:阶段   ikev1   key   拒绝   attr   -shared   out   tin   enable   

----------------IKEv1---------------------------
NAT配置忽略
//定义网络
object-group network LOCAL_CMB_***
network-object 172.29.41.0 255.255.255.0
network-object 172.29.46.0 255.255.255.0
object-group network REMOTE_CMB_***
network-object 172.16.20.0 255.255.255.0
//放行***流量
access-list ingate extended permit ip object-group LOCAL_CMB_*** object-group REMOTE_CMB_***
//定义感兴趣流
access-list 111 extended permit ip object-group LOCAL_CMB_*** object-group REMOTE_CMB_***
//拒绝***流量备NAT
nat (inside,outside) source static LOCAL_CMB_*** LOCAL_CMB_*** destination static REMOTE_CMB_*** REMOTE_CMB_***
//***配置
----IPsec第一阶段配置
crypto ikev1 policy 100
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
tunnel-group 120.133.238.152 type ipsec-l2l
tunnel-group 120.133.238.152 ipsec-attributes
ikev1 pre-shared-key 123456
----IPsec第二阶段配置
crypto ipsec ikev1 transform-set CMB-*** esp-3des esp-md5-hmac
----配置map
crypto map CMB-*** 100 match address 100
crypto map CMB-*** 100 set pfs
crypto map CMB-*** 100 set peer 120.133.238.152
crypto map CMB-*** 100 set ikev1 transform-set CMB_***
crypto map CMB-*** interface outside
crypto ikev1 enable outside

ciscoasa ipsec ikev1

标签:阶段   ikev1   key   拒绝   attr   -shared   out   tin   enable   

原文地址:https://blog.51cto.com/13251917/2541559

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!