ASA防火墙上配置Easy Vpn
 
1、创建用户名和密码
Username wjc password 123
 
2、创建ACL和地址池
Ip local pool vpn-pool 192.168.1.1-192.168.1.10
Access-list 100 permit ip 10.10.1.0 0.0.0.255 any
 
3、创建组策略
Group-plicy vpn-group-policy internal
Group-policy vpn-group-policy attributes
Split-tunnel-policy tunnelspecified
Split-tunnel-network-list value 100
 
4、创建隧道组
Tunnel-group vpn-tunnel-group ipsec-ra
Tunnel-group vpn-tunnel-group general-attributes
Address-pool vpn-pool
Default-group-policy vpn-group-policy
Tunnel-group vpn-tunnel-group ipsec-attributes
        Pre-shared-key groupkey
 
5、创建IKE协商
Crypto isakmp enable outside
Crypto isakmp policy 1
        Encryption aes
        Hash sha
        Authentication pre-share
        Group 2
        Exit
 
6、创建数据连接的传输集
Crypto ipsec transform-set vpn-set esp-aes esp-sha-hmac
 
7、创建动态MAP
Crypto dynamic-map vpn-dymap 1 set transform-set vpn-set
 
8、创建静态MAP
Crypto map vpn-map 1 dynamic vpn-dymap
 
9、应用静态MAP
Crypto map vpn-map interface outside