CISCO IPSEC對接AZURE雲實例記錄(點到點-靜態)

原創

2018-09-12 05:42

本地環境：
CISCO ASA5525

Cisco Adaptive Security Appliance Software Version 9.7(1)4 
Firepower Extensible Operating System Version 2.1(1.66)
Device Manager Version 7.7(1)151
Hardware:   ASA5525, 8192 MB RAM, CPU Lynnfield 2394 MHz, 1 CPU (4 cores)
            ASA: 4192 MB RAM, 1 CPU (1 core)

對端環境AZURE雲

配置代碼

crypto ikev1 enable outside //打開ikev1並應用在outsdie接口

    object-group network ***-pat
 network-object 192.160.51.0 255.255.255.0
 network-object 192.160.99.0 255.255.255.0      //定義本地子網
object-group network ***-azure-local
 network-object 192.168.0.0 255.255.0.0            //定義對端子網

 access-list ***-acl extended permit ip object-group ***-pat object-group ***-azure-local  //匹配感興趣流量

 nat (inside,outside) 1 source static ***-pat ***-pat destination static ***-azure-local ***-azure-local
 //創建NAT 轉換列表

 crypto ikev1 policy 5
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 28800
//配置ikev1

crypto ipsec ikev1 transform-set myset esp-aes-256 esp-sha-hmac 
crypto ipsec security-association lifetime seconds 3600
crypto ipsec security-association lifetime kilobytes 102400000
crypto ipsec security-association pmtu-aging infinite
//創建加密集合

tunnel-group azure-ip type ipsec-l2l
tunnel-group azure-ip ipsec-attributes
 ikev1 pre-shared-key *****
 //隧道配置  注：azure-ip=對端ip地址，配置時要替換

crypto map mymap 1 match address ***-acl
crypto map mymap 1 set peer azure-ip
crypto map mymap 1 set ikev1 transform-set myset
crypto map mymap interface outside
//創建加密映射

發表評論

所有評論

還沒有人評論，想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.

CISCO IPSEC對接AZURE雲實例記錄(點到點-靜態)

python gdal 安裝使用（Windows， python 3.6.8）

CISCO IPSEC對接AZURE雲實例記錄(點到點-靜態)

Mac下配置sublime實現LaTeX

https://yachay.unat.edu.pe/blog/index.php?comment_area=format_blog&comment_component=blog&comment_co

linux以太網驅動總結