ip local pool ***pool 1.1.1.1-1.1.1.100 mask 255.255.255.0
isakmp policy 10
authentication pre-share
encryption des
hash md5
group 2
lifetime 86400
exit
isakmp enable outside
crypto ipsec transform-set ***set esp-des esp-md5-hmac
crypto dynamic-map outside-dyn-map 10 set transform-set ***set
crypto dynamic-map outside-dyn-map 10 set reverse-route
crypto dynamic-map outside-dyn-map 10 set security-association lifetime seconds 288000
crypto map outside-map 10 ipsec-isakmp dynamic outside-dyn-map
crypto map outside-map interface outside
crypto isakmp nat-traversal
sysopt connection permit-ipsec
group-policy ciscoasa internal
group-policy ciscoasa attributes
dns-server value 202.106.0.20
***-tunnel-protocol ipsec
default-domain value cisco.com
exit
tunnel-group ciscoasa type remote-access
tunnel-group ciscoasa ipsec-attributes
pre-shared-key ciscoasa
exit
tunnel-group ciscoasa general-attributes
authentication-server-group LOCAL
default-group-policy ciscoasa
address-pool ***pool
exit
username cisco password cisco
username cisco attributes
***-group-policy ciscoasa
exit
access-list nonat extended permit ip 192.168.1.0 255.255.255.0 1.1.1.0 255.255.255.0
nat (inside) 0 access-list nonat
access-list ciscoasa_splitTunnelAcl standard permit 192.168.1.0 255.255.255.0
group-policy ciscoasa attributes
split-tunnel-policy tunnelspecified
split-tunnel-network-list value ciscoasa_splitTunnelAcl
end
转载于:https://blog.51cto.com/439017543/963182