网上搜不到ASA5505动态图加密***配置具体案例文档,发表一个。

asa5505 ios-825 动态***配置
ASA5505
总部配置

ASA Version 8.2(5)

!

hostname C-FW

enable password aMoTHvjlJ2eSVOPB encrypted

passwd aMoTHvjlJ2eSVOPB encrypted

!

interface Ethernet0/0

 switchport access vlan 10

!

interface Ethernet0/1

 switchport access vlan 20

!

interface Vlan10

 nameif outside

 security-level 0

 ip address 192.168.9.59 255.255.255.0

!

interface Vlan20

 nameif inside

 security-level 100

 ip address 191.168.1.1 255.255.255.0

!

object-group network local

 network-object 191.168.1.0 255.255.255.0

object-group network remote

 network-object 191.168.2.0 255.255.255.0

access-list 101 extended permit ip any any

access-list 101 extended permit icmp any any

access-list *** extended permit ip object-group local object-group remote

access-list nonat extended permit ip object-group local object-group remote

global (outside) 1 interface

nat (inside) 0 access-list nonat

nat (inside) 1 0.0.0.0 0.0.0.0

access-group 101 in interface outside

route outside 0.0.0.0 0.0.0.0 192.168.9.1 1

crypto ipsec transform-set spring esp-des esp-sha-hmac

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

crypto dynamic-map dm*** 10 set transform-set spring

crypto map ***map 9 match address ***

crypto map ***map 10 ipsec-isakmp dynamic dm***

crypto map ***map interface outside

crypto isakmp enable outside

crypto isakmp policy 10

 authentication pre-share

 encryption 3des

 hash sha

 group 2

 lifetime 86400

telnet 0.0.0.0 0.0.0.0 inside

 

tunnel-group DefaultL2LGroup ipsec-attributes

 pre-shared-key *****

!

 

ASA5505分部配置

ASA Version 8.2(5)

!

hostname apartment

enable password aMoTHvjlJ2eSVOPB encrypted

passwd aMoTHvjlJ2eSVOPB encrypted

names

!

interface Ethernet0/0

 switchport access vlan 10

!

interface Ethernet0/1

 switchport access vlan 20

!

!

interface Vlan10

 nameif outside

 security-level 0

 ip address 192.168.210.112 255.255.255.0

!

interface Vlan20

 nameif inside

 security-level 100

 ip address 191.168.2.1 255.255.255.0

!

object-group network local-lan

 network-object 191.168.2.0 255.255.255.0

object-group network remote-lan

 network-object 191.168.1.0 255.255.255.0

access-list ***acl extended permit ip object-group local-lan object-group remote-lan

access-list nonat extended permit ip object-group local-lan object-group remote-lan

access-list wan extended permit ip any any

access-list wan extended permit icmp any any

global (outside) 1 interface

nat (inside) 0 access-list nonat

nat (inside) 1 0.0.0.0 0.0.0.0

access-group wan in interface outside

route outside 0.0.0.0 0.0.0.0 192.168.210.1 1

crypto ipsec transform-set spring esp-des esp-sha-hmac

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

crypto map ***map 10 match address ***acl

crypto map ***map 10 set peer 192.168.9.59

crypto map ***map 10 set transform-set spring

crypto map ***map interface outside

crypto isakmp enable outside

crypto isakmp policy 10

 authentication pre-share

 encryption 3des

 hash sha

 group 2

 lifetime 86400

telnet 0.0.0.0 0.0.0.0 outside

ssh 0.0.0.0 0.0.0.0 outside

ssh version 2

!

username spring password y7hhCuJ3JPnu5JRZ encrypted

tunnel-group 192.168.9.59 type ipsec-l2l

tunnel-group 192.168.9.59 ipsec-attributes

 pre-shared-key *****

!