CiscoASA防火墙做点对多点 VPN 的注意事项首先我们来回顾一下配置VPN的步骤: 1. 创建一个IP地址池用于客户端通过VPN隧道连接。此外,创建一个基本用户才能访问的 VPN 。命令如下: ASANYHQ(config)#ip local pool vpnpool 192.168.4.10-192.168.4.100 ASANYHQ(config)#username toway password X2IJM9lm578rgFmR encrypted 2. 编写ACL,将走VPN隧道的流量不做NAT。命令如下: ASANYHQ(config)#access-list nonat extended permit ip 192.168.0.0 255.255.254.0 192.168.100.0 255.255.255.0 ASANYHQ(config)#access-list nonat extended permit ip 192.168.0.0 255.255.254.0 192.168.4.0 255.255.255.0 ASANYHQ(config)#access-list nonat extended permit ip 192.168.0.0 255.255.254.0 192.168.102.0 255.255.255.0 ASANYHQ(config)#access-list nonat extended permit ip 192.168.110.0 255.255.255.0 192.168.0.0 255.255.254.0 [...]
Sunday, May 29, 2011
CiscoASA防火墙做点对多点 VPN 的注意事项
CiscoASA防火墙做点对多点 VPN 的注意事项首先我们来回顾一下配置VPN的步骤: 1. 创建一个IP地址池用于客户端通过VPN隧道连接。此外,创建一个基本用户才能访问的 VPN 。命令如下: ASANYHQ(config)#ip local pool vpnpool 192.168.4.10-192.168.4.100 ASANYHQ(config)#username toway password X2IJM9lm578rgFmR encrypted 2. 编写ACL,将走VPN隧道的流量不做NAT。命令如下: ASANYHQ(config)#access-list nonat extended permit ip 192.168.0.0 255.255.254.0 192.168.100.0 255.255.255.0 ASANYHQ(config)#access-list nonat extended permit ip 192.168.0.0 255.255.254.0 192.168.4.0 255.255.255.0 ASANYHQ(config)#access-list nonat extended permit ip 192.168.0.0 255.255.254.0 192.168.102.0 255.255.255.0 ASANYHQ(config)#access-list nonat extended permit ip 192.168.110.0 255.255.255.0 192.168.0.0 255.255.254.0 [...]
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment