天亮了说晚安's Blog

本文转自：https://www.cisco.com/c/en/us/td/docs/security/asa/asa98/configuration/vpn/asa-98-vpn-config/vpn-easyvpn.html Chapter: Easy VPN Chapter Contents This chapter describes how to configure any ASA as an Easy VPN Server, and the Cisco ASA with FirePOWER- 5506-X, 5506W-X, 5506H-X, and 5508-X models as an Easy VPN Remote hardware client. About Easy VPNConfigure Easy VPN RemoteConfigure Easy VPN ServerFeature History for Easy VPN About Easy VPN Cisco Ezvpn greatly simplifies configuration and deployment of VPN for remote offices and mobile workers. Cisco Easy VPN offers flexibility, scalability, and ease of use for site-to-site and remote-access VPNs. It implements the Cisco Unity Client protocol, allowing administrators to define most VPN parameters on the Easy VPN Server, simplifying the Easy VPN Remote configuration. The Cisco ASA with FirePOWER models 5506-X, 5506W-X, 5506H-X, and 5508-X support Easy VPN Remote as a hardware client that initiates the VPN ......Read More

本文转自：https://www.cisco.com/c/en/us/td/docs/security/asa/asa98/configuration/vpn/asa-98-vpn-config/vpn-hostscan.html Chapter: AnyConnect HostScan Chapter Contents The AnyConnect Posture Module provides the AnyConnect Secure Mobility Client the ability to identify the operating system, anti-malware and firewall software installed on the host. The HostScan application gathers this information. Posture assessment requires HostScan to be installed on the host. Prerequisites for HostScanLicensing for HostScanHostScan PackagingInstall or Upgrade HostScanEnable or Disable HostScanView the HostScan Version Enabled on the ASAUninstall HostScanAssign AnyConnect Feature Modules to Group PoliciesHostScan Related Documentation Prerequisites for HostScan The AnyConnect Secure Mobility Client with the posture module requires these minimum ASA components: ASA 8.4ASDM 6.4 These AnyConnect features require that you install the posture module. SCEP authenticationAnyConn......Read More

本文转自：https://www.cisco.com/c/en/us/td/docs/security/asa/asa98/configuration/vpn/asa-98-vpn-config/vpn-anyconnect.html Chapter: AnyConnect VPN Client Connections Chapter Contents This section describes how to configure AnyConnect VPN Client Connections. About the AnyConnect VPN ClientLicensing Requirements for AnyConnectConfigure AnyConnect ConnectionsMonitor AnyConnect ConnectionsLog Off AnyConnect VPN SessionsFeature History for AnyConnect Connections About the AnyConnect VPN Client The Cisco AnyConnect Secure Mobility Client provides secure SSL and IPsec/IKEv2 connections to the ASA for remote users. Without a previously-installed client, remote users enter the IP address in their browser of an interface configured to accept SSL or IPsec/IKEv2 VPN connections. Unless the ASA is configured to redirect http:// requests to https://, users must enter the URL in the form https://<address>. After entering the URL, the browser connects to that interface a......Read More

本文转自：https://www.cisco.com/c/en/us/td/docs/security/asa/asa98/configuration/vpn/asa-98-vpn-config/vpn-site2site.html Chapter: LAN-to-LAN IPsec VPNs Chapter Contents A LAN-to-LAN VPN connects networks in different geographic locations. You can create LAN-to-LAN IPsec connections with Cisco peers and with third-party peers that comply with all relevant standards. These peers can have any mix of inside and outside addresses using IPv4 and IPv6 addressing. This chapter describes how to build a LAN-to-LAN VPN connection. Summary of the ConfigurationConfigure Site-to-Site VPN in Multi-Context ModeConfigure InterfacesConfigure ISAKMP Policy and Enable ISAKMP on the Outside InterfaceCreate an IKEv1 Transform SetCreate an IKEv2 ProposalConfigure an ACLDefine a Tunnel GroupCreate a Crypto Map and Applying It To an Interface Summary of the Configuration This section provides a summary of the example LAN-to-LAN configuration this chapter describes. Later sections p......Read More

本文转自：https://www.cisco.com/c/en/us/td/docs/security/asa/asa98/configuration/vpn/asa-98-vpn-config/vpn-remote-access.html Chapter: Remote Access IPsec VPNs Chapter Contents About Remote Access IPsec VPNsLicensing Requirements for Remote Access IPsec VPNs for 3.1Restrictions for IPsec VPNConfigure Remote Access IPsec VPNsConfiguration Examples for Remote Access IPsec VPNsConfiguration Examples for Standards-Based IPSec IKEv2 Remote Access VPN in Multiple-Context ModeConfiguration Examples for AnyConnect IPSec IKEv2 Remote Access VPN in Multiple-Context ModeFeature History for Remote Access VPNs About Remote Access IPsec VPNs Remote access VPNs allow users to connect to a central site through a secure connection over a TCP/IP network. The Internet Security Association and Key Management Protocol, also called IKE, is the negotiation protocol that lets the IPsec client on the remote PC and the ASA agree on how to build an IPsec Security Association. Each ISAKMP negot......Read More

本文转自：https://www.cisco.com/c/en/us/td/docs/security/asa/asa98/configuration/vpn/asa-98-vpn-config/vpn-addresses.html Chapter: IP Addresses for VPNs Chapter Contents Configure an IP Address Assignment PolicyConfigure Local IP Address PoolsConfigure AAA AddressingConfigure DHCP Addressing Configure an IP Address Assignment Policy The ASA can use one or more of the following methods for assigning IP addresses to remote access clients. If you configure more than one address assignment method, the ASA searches each of the options until it finds an IP address. By default, all methods are enabled. aaa Retrieves addresses from an external authentication, authorization, and accounting server on a per-user basis. If you are using an authentication server that has IP addresses configured, we recommend using this method. This method is available for IPv4 and IPv6 assignment policies.dhcp Obtains IP addresses from a DHCP server. If you want to use DHCP, you must......Read More

本文转自：https://www.cisco.com/c/en/us/td/docs/security/asa/asa98/configuration/vpn/asa-98-vpn-config/vpn-groups.html Chapter: Connection Profiles, Group Policies, and Users Chapter Contents This chapter describes how to configure VPN connection profiles (formerly called “tunnel groups”), group policies, and users. This chapter includes the following sections. Overview of Connection Profiles, Group Policies, and UsersConnection ProfilesConfigure Connection ProfilesGroup PoliciesUse of a Zone Labs Integrity ServerConfigure User Attributes Overview of Connection Profiles, Group Policies, and Users Groups and users are core concepts in managing the security of virtual private networks (VPNs) and in configuring the ASA. They specify attributes that determine user access to and use of the VPN. A group is a collection of users treated as a single entity. Users get their attributes from group policies. A connection profile identifies......Read More

本文转自：https://www.cisco.com/c/en/us/td/docs/security/asa/asa98/configuration/vpn/asa-98-vpn-config/vpn-params.html Chapter: General VPN Parameters Chapter Contents The ASA implementation of virtual private networking includes useful features that do not fit neatly into categories. This chapter describes some of these features. Guidelines and LimitationsConfigure IPsec to Bypass ACLsPermitting Intra-Interface Traffic (Hairpinning)Setting Maximum Active IPsec or SSL VPN SessionsUse Client Update to Ensure Acceptable IPsec Client Revision LevelsImplement NAT-Assigned IP to Public IP ConnectionConfigure VPN Session LimitsUsing an Identify Certificate When NegotiatingConfigure the Pool of Cryptographic CoresConfigure Dynamic Split TunnelingViewing Active VPN SessionsAbout ISE Policy EnforcementConfigure Advanced SSL SettingsPersistent IPsec Tunneled Flows Guidelines and Limitations This section includes the guidelines and limitations for this feature. Context Mo......Read More

本文转自：https://www.cisco.com/c/en/us/td/docs/security/asa/asa98/configuration/vpn/asa-98-vpn-config/vpn-ha.html Chapter: High Availability Options Chapter Contents High Availability OptionsVPN Load Balancing High Availability Options Load balancing and Failover are high-availability features that function differently and have different requirements. In some circumstances you may use multiple capabilities in your deployment. The following sections describe these features. Refer to the appropriate release of the ASA General Operations CLI Configuration Guide for details on Failover. Load Balancing details are included here. VPN Load BalancingFailover VPN Load Balancing VPN load balancing is a mechanism for equitably distributing remote-access VPN traffic among the devices in a VPN load-balancing group. It is based on simple distribution of traffic without taking into account throughput or other factors. A VPN load-balancing group consists of ......Read More