Cisco ASA5505 µÎ´ëÀÇ ipsec vpn Åͳθµ ±¸¼º ¿À·ù ÇØ°á ¹®ÀÇ

ºñÁê¾ó   
   Á¶È¸ 927   Ãßõ 1    

 안녕Ȣ16;세요!~2cpu 회원님들

현1116; Cisco ASA5505 2대/196; VPN 터널링1012; Ȣ16;고 1080;lj16;데 터널1060; 형성.104;1648; 않아서 고수님들1032; 도움1060; 1208;실합니다.

ASA5505 6156;웨Ǻ12; 버1260;1008; 8.2 1077;니다.

현1116; 테스트 1473;1064; 설1221;값1077;니다.

asa5505 1



ASA Version 8.2(1) 

!

hostname ciscoasa

enable password 8Ry2YjIyt7RRXU24 encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

names

!

interface Vlan1

 nameif inside

 security-level 100

 ip address 192.168.1.1 255.255.255.0 

!

interface Vlan2

 nameif outside

 security-level 0

 ip address 192.168.100.1 255.255.255.252 

!

interface Ethernet0/0

 switchport access vlan 2

!

interface Ethernet0/1

!

interface Ethernet0/2

!             

interface Ethernet0/3

!

interface Ethernet0/4

!

interface Ethernet0/5

!

interface Ethernet0/6

!

interface Ethernet0/7

!

ftp mode passive

access-list VPN-ACL extended permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0 

pager lines 24

mtu inside 1500

mtu outside 1500

icmp unreachable rate-limit 1 burst-size 1

no asdm history enable

arp timeout 14400

nat (inside) 0 access-list VPN-ACL

route outside 192.168.2.0 255.255.255.0 192.168.100.2 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

dynamic-access-policy-record DfltAccessPolicy

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec transform-set MYSET esp-aes esp-sha-hmac 

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

crypto map MYMAP 10 match address VPN-ACL

crypto map MYMAP 10 set peer 192.168.100.2 

crypto map MYMAP 10 set transform-set MYSET

crypto map MYMAP interface outside

crypto isakmp enable outside

crypto isakmp policy 10

 authentication pre-share

 encryption aes

 hash sha

 group 2

 lifetime 86400

crypto isakmp policy 65535

 authentication pre-share

 encryption 3des

 hash sha     

 group 2

 lifetime 86400

telnet timeout 5

ssh timeout 5

console timeout 0


threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

tunnel-group 192.168.100.2 type ipsec-l2l

tunnel-group 192.168.100.2 ipsec-attributes

 pre-shared-key *

!

class-map inspection_default

 match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

 parameters

  message-length maximum 512

policy-map global_policy

 class inspection_default

  inspect dns preset_dns_map 

  inspect ftp 

  inspect h323 h225 

  inspect h323 ras 

  inspect netbios 

  inspect rsh 

  inspect rtsp 

  inspect skinny  

  inspect esmtp 

  inspect sqlnet 

  inspect sunrpc 

  inspect tftp 

  inspect sip  

  inspect xdmcp 

!

service-policy global_policy global

prompt hostname context 

Cryptochecksum:a9832c4ee44a0094481064e38465f0be

: end

ciscoasa(config)#  



---------------------------------------------------------------------


asa5505 2번


ASA Version 8.2(1) 

!

hostname ciscoasa

enable password 8Ry2YjIyt7RRXU24 encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

names

!

interface Vlan1

 nameif inside

 security-level 100

 ip address 192.168.2.1 255.255.255.0 

!

interface Vlan2

 nameif outside

 security-level 0

 ip address 192.168.100.2 255.255.255.252 

!

interface Ethernet0/0

 switchport access vlan 2

!

interface Ethernet0/1

!

interface Ethernet0/2

!             

interface Ethernet0/3

!

interface Ethernet0/4

!

interface Ethernet0/5

!

interface Ethernet0/6

!

interface Ethernet0/7

!

ftp mode passive

access-list VPN-ACL extended permit ip 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0 

pager lines 24

mtu inside 1500

mtu outside 1500

icmp unreachable rate-limit 1 burst-size 1

no asdm history enable

arp timeout 14400

nat (inside) 0 access-list VPN-ACL

route outside 192.168.1.0 255.255.255.0 192.168.100.1 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

dynamic-access-policy-record DfltAccessPolicy

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec transform-set MYSET esp-aes esp-sha-hmac 

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

crypto map MYMAP 10 match address VPN-ACL

crypto map MYMAP 10 set peer 192.168.100.1 

crypto map MYMAP 10 set transform-set MYSET

crypto map MYMAP interface outside

crypto isakmp enable outside

crypto isakmp policy 10

 authentication pre-share

 encryption aes

 hash sha

 group 2

 lifetime 86400

crypto isakmp policy 65535

 authentication pre-share

 encryption 3des

 hash sha     

 group 2

 lifetime 86400

telnet timeout 5

ssh timeout 5

console timeout 0


threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

tunnel-group 192.168.100.1 type ipsec-l2l

tunnel-group 192.168.100.1 ipsec-attributes

 pre-shared-key *

!

class-map inspection_default

 match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

 parameters

  message-length maximum 512

policy-map global_policy

 class inspection_default

  inspect dns preset_dns_map 

  inspect ftp 

  inspect h323 h225 

  inspect h323 ras 

  inspect netbios 

  inspect rsh 

  inspect rtsp 

  inspect skinny  

  inspect esmtp 

  inspect sqlnet 

  inspect sunrpc 

  inspect tftp 

  inspect sip  

  inspect xdmcp 

!

service-policy global_policy global

prompt hostname context 

Cryptochecksum:e042bd486d274815d78c4f7b7acf880f

: end

ciscoasa(config)# 


ciscoasa(config)#  ping 192.168.1.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

ciscoasa(config)#  ping 192.168.2.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds:

?????

Success rate is 0 percent (0/5)

ciscoasa(config)#  ping 192.168.100

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.0.100, timeout is 2 seconds:

No route to host 192.168.0.100


Success rate is 0 percent (0/1)

ciscoasa(config)#  ping 192.168.100.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.100.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

ciscoasa(config)#  ping 192.168.100.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.100.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/10 ms
·Î±×ÀÎ ÇÏ½Ã¸é ´ñ±ÛÀ» ³²±æ ¼ö ÀÖ½À´Ï´Ù


³×Æ®¿÷
¾²±â
Á¦¸ñPage 1/96
03-06   506   ÃÊÄÚ¼ÛÀÌ00
03-04   826   °í¼¼»ï
03-01   708   staru2
02-27   928   ºñÁê¾ó
02-20   1627   ±×¾Æ¾Æ¾Æ
02-09   2048   ¸¶¿î1
01-28   2863   HQLee
01-26   2798   ¸Å´Ï¾Æ1
01-24   2384   °¡Ã÷
01-22   3015   ±èȲÁß
01-20   2374   ¾Æ¸§´ÙÀ½ÆÄÆÄ
01-17   1986   À¯µ¿ÈÆ
01-13   2449   ¸¼ÀºÇÏ´Ã12
01-13   2253   ¼ÛÁÖȯ
01-11   1909   ¼ÛÁÖȯ
01-09   2557   À²ÀºÄ¿
01-02   2470   º¹ÁÖ¸Ó´Ï
2024-12   2694   Ŭ·¡½Ä
2024-12   3034   »É¶ì
2024-12   4455   ggacgung
¸ñ·Ï
¾²±â