ASA5520+windows 2008R2 NPS系統集成要點在於,需要使nps的radius認證成功後返回參數Class的值與ASA中已配置好的2個策略組:vpnclient_policy 和 ipsec_vpn_policy名稱一致。
windows NPS配置重點如下:
配置windows 2008R2的Network Policies項目,
添加第一條策略ASA5520-vpn-it,重點是將settings裏面的standard添加返回參數attributes name值爲“Class” ,value值爲 “OU=vpnclient_policy;”
添加第二條策略ASA5520,重點是將settings裏面的standard添加返回參數attributes name值爲“Class” ,value值爲 “OU=ipsec_vpn_policy;”
ASA配置重點如下:
定義2個策略組:vpnclient_policy 和 ipsec_vpn_policy
group-policy vpnclient_policy internal
group-policy vpnclient_policy attributes
dns-server value 10.75.131.65 219.148.204.66
group-lock value it@lncrland
split-tunnel-policy tunnelspecified
split-tunnel-network-list value vpn-split-tunnel
group-policy ipsec_vpn_policy internal
group-policy ipsec_vpn_policy attributes
dns-server value 10.75.131.65 219.148.204.66
group-lock value lncrland
split-tunnel-policy tunnelspecified
split-tunnel-network-list value vpn-split-tunnel
定義2個通道組:it@lncrland 和 lncrland
tunnel-group it@lncrland type remote-access
tunnel-group it@lncrland general-attributes
address-pool it_vpn_pool
authentication-server-group ipsec_vpn_auth LOCAL
default-group-policy vpnclient_policy
tunnel-group it@lncrland ipsec-attributes
pre-shared-key *****
tunnel-group lncrland type remote-access
tunnel-group lncrland general-attributes
address-pool ipsec_vpn_pool
authentication-server-group ipsec_vpn_auth LOCAL
default-group-policy ipsec_vpn_policy
tunnel-group lncrland ipsec-attributes
pre-shared-key *****
!
ASA5520+windows 2008R2 NPS系統集成實現ipsec vpn用戶分權認證
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章