ASA8.4的变化主要在NAT和×××,几乎是完全变了。今天我就给大家介绍一下ASA8.4的Anyconnect3.0,这个版本的Anyconnect既能支持DTLS也能支持IKEv2的IPSec ×××。配置比较复杂,而且有些部分必须使用ASDM来配置,所以在本文最后有相关配套录像!本次录像只是让大家了解Anyconnect3.0的基本特点和配置。如果大家希望了解详细部分,还需要继续关注CCNP Security ××× v1.0课程。

本次试验拓扑:
 

现任明教教主ASA8.4 ×××试验系列三:全新的Anyconnect3.0_第1张图片




配置脚本:
----------------------产生证书---------------------------
crypto key generate rsa label asa.yeslab.net modulus 1024

crypto ca trustpoint localtrustpoint
enrollment self
fqdn asa.yeslab.net
subject-name cn=asa.yeslab.net
keypair asa.yeslab.net
crl configure

ssl trust-point localtrustpoint
---------------------anyconnect配置---------------------------
web***
enable Outside
no anyconnect-essentials
anyconnect p_w_picpath disk0:/anyconnect-win-3.0.1047-k9.pkg 1
anyconnect profiles yeslab-prof disk0:/yeslab-prof.xml
anyconnect enable

ip local pool ippool 123.1.1.100-123.1.1.200

group-policy yeslab internal
group-policy yeslab attributes
***-tunnel-protocol ikev2 ssl-client ssl-clientless
address-pools value ippool
web***
anyconnect profiles value yeslab-prof type user

username cisco password cisco
username cisco attributes
***-group-policy yeslab

---------------------------IKEv2配置-----------------------------------
crypto ikev2 enable Outside client-services port 443
crypto ikev2 remote-access trustpoint localtrustpoint
crypto ikev2 policy 10
crypto ipsec ikev2 ipsec-proposal ikev2-p

crypto dynamic-map dymap 100 set ikev2 ipsec-proposal ikev2-p
crypto map cisco 1000 ipsec-isakmp dynamic dymap
crypto map cisco interface Outside

在线视频:
酷六(推荐)
http://v.ku6.com/show/rSG36uwIBf8o-Hw5.html
土豆
http://www.tudou.com/programs/view/XKilk8vmsBY/