¶ 拓扑
###ASA位置用CSR1000V替换###
¶ CSR1000V配置
¶ http server 开启 客户端无法拨入
hostname CSR1000V
!
!
enable secret cisco
!
aaa new-model
!
aaa authentication login sslvpn local
aaa authorization network sslvpn local
!
crypto key generate rsa general-keys label ssl modulus 2048
!
crypto pki trustpoint sslvpn-trustpoint
enrollment selfsigned
subject-name CN=202.100.1.254
revocation-check none
rsakeypair ssl
!
crypto pki enroll sslvpn-trustpoint
!
username admin privilege 15 password 0 Cisc0123
!
crypto vpn anyconnect bootflash:/anyconnect-win-webdeploy-k9.pkg sequence 1
!
crypto ssl proposal sslvpn-proposal
protection rsa-3des-ede-sha1 rsa-rc4128-md5 rsa-aes128-sha1 rsa-aes256-sha1
!
ip local pool SSL-POOL 10.100.100.1 10.100.100.100
!
ip access-list standard sslvpn-tunnel
permit 10.1.1.0 0.0.0.255
!
username ssluser password cisco
!
crypto ssl authorization policy sslvpn-auth
pool SSL-POOL
dns 10.1.1.100
def-domain qytang.com
route set access-list sslvpn-tunnel
!
crypto ssl policy sslvpn-policy
ssl proposal sslvpn-proposal
pki trustpoint sslvpn-trustpoint sign
ip address local 202.100.1.254 port 443
no shutdown
!
crypto ssl profile sslvpn-porfile
match policy sslvpn-policy
aaa authentication user-pass list sslvpn
aaa authorization group user-pass list sslvpn sslvpn-auth
authentication remote user-pass
max-users 100
no shutdown
!¶ 验证
