ASA Remote Access endpoint DMZ interface
Inviato: ven 08 ott , 2010 9:35 am
Salve gente,
ho un ASA 5510 con 3 interfacce inside/dmz/outside.
La dmz è pubblica, mentre la outside collegata al router di accesso internet ha indirizzamento privato.
Avrei quindi intenzione di configurare una vpn remote access con endpoint l'interfaccia dmz pubblica (isakmp enable dmz)... ma pur avendo applicato le regole in entrata sulla outside, non riesco a implementarla.
Con le acl mi sono tenuto largo giusto per il test.
Idee/Suggerimenti ?
Grazie
isakmp enable dmz
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map dmz_dyn_map 20 set transform-set ESP-3DES-SHA
crypto dynamic-map dmz_dyn_map 20 set security-association lifetime seconds 28800
crypto dynamic-map dmz_dyn_map 20 set security-association lifetime kilobytes 4608000
crypto map dmz_map 65535 ipsec-isakmp dynamic dmz_dyn_map
crypto map dmz_map interface dmz
access-list outside_access_in extended permit ip any interface dmz log
access-list outside_access_in extended permit udp any interface dmz log
access-list outside_access_in extended permit tcp any interface dmz log
access-list vpn_splitTunnelAcl standard permit any
access-group outside_access_in in interface outside
group-policy vpn internal
group-policy vpn attributes
split-tunnel-network-list value vpn_splitTunnelAcl
username client attributes
vpn-group-policy vpn
tunnel-group vpn type ipsec-ra
tunnel-group vpn general-attributes
default-group-policy vpn
tunnel-group vpn ipsec-attributes
ho un ASA 5510 con 3 interfacce inside/dmz/outside.
La dmz è pubblica, mentre la outside collegata al router di accesso internet ha indirizzamento privato.
Avrei quindi intenzione di configurare una vpn remote access con endpoint l'interfaccia dmz pubblica (isakmp enable dmz)... ma pur avendo applicato le regole in entrata sulla outside, non riesco a implementarla.
Con le acl mi sono tenuto largo giusto per il test.
Idee/Suggerimenti ?
Grazie
isakmp enable dmz
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map dmz_dyn_map 20 set transform-set ESP-3DES-SHA
crypto dynamic-map dmz_dyn_map 20 set security-association lifetime seconds 28800
crypto dynamic-map dmz_dyn_map 20 set security-association lifetime kilobytes 4608000
crypto map dmz_map 65535 ipsec-isakmp dynamic dmz_dyn_map
crypto map dmz_map interface dmz
access-list outside_access_in extended permit ip any interface dmz log
access-list outside_access_in extended permit udp any interface dmz log
access-list outside_access_in extended permit tcp any interface dmz log
access-list vpn_splitTunnelAcl standard permit any
access-group outside_access_in in interface outside
group-policy vpn internal
group-policy vpn attributes
split-tunnel-network-list value vpn_splitTunnelAcl
username client attributes
vpn-group-policy vpn
tunnel-group vpn type ipsec-ra
tunnel-group vpn general-attributes
default-group-policy vpn
tunnel-group vpn ipsec-attributes
