设为首页收藏本站
切换到窄版

博威---云架构决胜云计算

 找回密码
 注册

QQ登录

只需一步,快速开始

搜索
博威---云架构决胜云计算»广场 云计算 华为技术 成功在ASA5550上配置SSL VPN+隧道分离+LDAP认证!!
返回列表 发新帖
查看: 1857|回复: 1

成功在ASA5550上配置SSL VPN+隧道分离+LDAP认证!!

[复制链接]
发表于 2009-8-24 10:18:26 | 显示全部楼层 |阅读模式
成功在ASA5550上配置SSL VPN+隧道分离+LDAP认证!!
ASA Version 8.0(3)

interface GigabitEthernet0/0

nameif outside

security-level 0

ip address 221.xxx.xxx.xxx 255.255.255.xxx
!
interface GigabitEthernet0/1

nameif inside

security-level 100

ip address 172.16.36.10 255.255.255.128
!
access-list vpn-test standard permit 10.8.0.0 255.255.0.0
access-list vpn-test standard permit 172.16.0.0 255.240.0.0
access-list vpn-test standard permit 192.168.0.0 255.255.0.0
ip local pool vpn-test 172.18.0.2-172.18.63.254
ip local pool vpn-test1 172.18.64.2-172.18.127.254
ip local pool sslvpn01 172.18.128.1-172.18.128.254
ip local pool sslvpn02 172.18.129.1-172.18.129.254
route outside 0.0.0.0 0.0.0.0 221.xxx.xxx.xxx 1
route inside 10.8.0.0 255.255.0.0 172.16.36.1 1
route inside 172.16.0.0 255.240.0.0 172.16.36.1 1
route inside 192.168.0.0 255.255.0.0 172.16.36.1 1

ldap attribute-map vpntest

map-name
memberOf IETF-Radius-Class

map-value memberOf CN=vpngroup1,CN=Users,DC=xxx,DC=ad sslvpn01

map-value memberOf CN=vpngroup2,CN=Users,DC=xxx,DC=ad sslvpn02
aaa-server xxx-LDAP protocol ldap
aaa-server xxx-LDAP host 172.16.41.53

ldap-base-dn DC=xxx,DC=ad

ldap-scope subtree

ldap-naming-attribute sAMAccountName
ldap-login-password *

ldap-login-dn CN=vpn,CN=Users,DC=xxx,DC=ad

server-type microsoft

ldap-attribute-map vpntest
nac-policy DfltGrpPolicy-nac-framework-create nac-framework

reval-period 36000

sq-period 300
webvpn

enable outside

svc image disk0:/anyconnect-win-2.2.0136-k9.pkg 1

svc enable

tunnel-group-list enable

group-policy DfltGrpPolicy attributes

dns-server value 172.16.35.20

vpn-tunnel-protocol svc

split-tunnel-policy tunnelspecified

split-tunnel-network-list value vpn-test

address-pools value vpn-test

webvpn

svc ask none default svc

customization value DfltCustomization

file-entry disable

file-browsing disable

group-policy GroupPolicy1 internal
group-policy GroupPolicy1 attributes

dns-server value 172.16.35.20

vpn-tunnel-protocol svc

split-tunnel-policy tunnelspecified

split-tunnel-network-list value vpn-test

address-pools value vpn-test1

webvpn

svc keep-installer installed

svc rekey time 30

svc rekey method ssl

svc ask none default svc

username cisco123 password ffIRPGpDSOJh9YLq encrypted privilege 15

tunnel-group DefaultRAGroup general-attributes

authentication-server-group xxx-LDAP

tunnel-group DefaultWEBVPNGroup general-attributes

address-pool vpn-test

authentication-server-group xxx-LDAP

tunnel-group sslvpn type remote-access
tunnel-group sslvpn general-attributes

address-pool vpn-test

authentication-server-group xxx-LDAP
tunnel-group sslvpn webvpn-attributes

group-alias LDAP-server enable

tunnel-group TestGroup1 type remote-access
tunnel-group TestGroup1 general-attributes

address-pool vpn-test1

default-group-policy GroupPolicy1
tunnel-group TestGroup1 webvpn-attributes

group-alias Local-server enable
!

: end
ciscoasa#
回复

使用道具 举报

pagary
发表于 2009-9-4 15:43:28 | 显示全部楼层
感謝分享!!
回复 支持 反对

使用道具 举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 注册

本版积分规则

小黑屋|手机版|Archiver|boway Inc. ( 冀ICP备10011147号 )

GMT+8, 2024-5-14 17:13 , Processed in 0.087617 second(s), 16 queries .

Powered by Discuz! X3.4

Copyright © 2001-2021, Tencent Cloud.

快速回复 返回顶部 返回列表