欢迎来到天天文库
浏览记录
ID:51383977
大小:112.00 KB
页数:7页
时间:2020-03-23
《网络安全与防护全套配套课件迟恩宇实验5ASA防火墙IPSec与VPN的配置.doc》由会员上传分享,免费在线阅读,更多相关内容在教育资源-天天文库。
1、国家高等职业教育网络技术专业教学资源库PIX防火墙PIX防火墙安全典型案例实验五ASA防火墙IPSec与VPN的配置实验五ASA防火墙IPSec与VPN的配置一、实验目的通过该实验掌握ASA防火墙IPSec与VPN的配置。二、实验任务l配置ASA防火墙IPSecl配置ASA防火墙VPNl验证实验结果三、实验设备ASA5505防火墙两台,CISCO2950交换机两台,控制线一根,网络连接线若干,PC机若干,Sniffer软件一套四、实验拓扑图及内容VPN的基本配置执行下列步骤:1.确定一个预先共享的密钥(保密密码)2.为SA协商过程配置IK
2、E。3.配置IPSec。内网R2上的配置是:interfaceFastEthernet0/0ipaddress10.1.1.1255.255.255.0duplexautospeedauto!noiphttpservernoiphttpsecure-serveriproute0.0.0.00.0.0.010.1.1.2防火墙FW1上的配置是:fw1#shrun:Saved:PIXVersion7.2(1)!hostnamefw1enablepassword8Ry2YjIyt7RRXU24encryptednames!interfaceEt
3、hernet0nameifoutsidesecurity-level0ipaddress192.168.2.1255.255.255.0!interfaceEthernet1nameifinsidesecurity-level100ipaddress10.1.1.2255.255.255.0!interfaceEthernet2shutdownnonameifnosecurity-levelnoipaddress!interfaceEthernet3shutdownnonameifnosecurity-levelnoipaddress!i
4、nterfaceEthernet4shutdownnonameifnosecurity-levelnoipaddress!passwd2KFQnbNIdI.2KYOUencryptedftpmodepassiveaccess-list101extendedpermiticmpanyanypagerlines24mtuoutside1500mtuinside1500nofailovernoasdmhistoryenablearptimeout14400global(outside)11192.168.2.74netmask255.255.2
5、55.255routeoutside0.0.0.00.0.0.0192.168.2.41timeoutxlate3:00:00timeoutconn1:00:00half-closed0:10:00udp0:02:00icmp0:00:02timeoutsunrpc0:10:00h3230:05:00h2251:00:00mgcp0:05:00mgcp-pat0:05:00timeoutsip0:30:00sip_media0:02:00sip-invite0:03:00sip-disconnect0:02:00timeoutuauth0
6、:05:00absolutenosnmp-serverlocationnosnmp-servercontactsnmp-serverenabletrapssnmpauthenticationlinkuplinkdowncoldstartcryptoipsectransform-setfw2esp-desesp-nonecryptomappix12matchaddress101cryptomappix12setpeer192.168.2.4cryptomappix12settransform-setfw2cryptomappixinterf
7、aceoutsidecryptoisakmpidentityaddresscryptoisakmpenableoutsidecryptoisakmppolicy12authenticationpre-shareencryption3deshashshagroup2lifetime86400cryptoisakmppolicy65535authenticationpre-shareencryption3deshashshagroup2lifetime86400tunnel-group192.168.2.4typeipsec-l2ltunne
8、l-group192.168.2.4ipsec-attributespre-shared-key*telnettimeout5sshtimeout5consoletimeout0!!promp
此文档下载收益归作者所有