{"id":11865,"date":"2023-04-04T22:47:50","date_gmt":"2023-04-05T05:47:50","guid":{"rendered":"https:\/\/www.xh86.me\/?p=11865"},"modified":"2023-04-04T22:47:50","modified_gmt":"2023-04-05T05:47:50","slug":"%e6%80%9d%e7%a7%91asa%e9%98%b2%e7%81%ab%e5%a2%99ssl-vpn%e9%85%8d%e7%bd%ae","status":"publish","type":"post","link":"https:\/\/www.xh86.me\/?p=11865","title":{"rendered":"\u601d\u79d1ASA\u9632\u706b\u5899SSL VPN\u914d\u7f6e"},"content":{"rendered":"<p>\u4ee5\u4e0b\u662f\u4e00\u4e2a\u601d\u79d1ASA\u9632\u706b\u5899SSL VPN\u7684\u914d\u7f6e\u793a\u4f8b\uff0c\u5305\u62ec\u6dfb\u52a0\u7528\u6237admin\u5bc6\u7801admin\u548c\u5141\u8bb8\u8bbf\u95ee\u5185\u7f51\u6240\u6709\u8d44\u6e90\uff0c\u4f60\u9700\u8981\u6839\u636e\u4f60\u7684\u5177\u4f53\u9700\u6c42\u8fdb\u884c\u4fee\u6539\u548c\u9002\u914d\uff1a<\/p>\n<p>! \u914d\u7f6e\u7528\u6237\u548c\u7528\u6237\u7ec4<br \/>\nusername admin password admin<br \/>\naaa authentication http console LOCAL<br \/>\ntunnel-group-list enable<\/p>\n<p>! \u914d\u7f6eSSL VPN<br \/>\nwebvpn<br \/>\nenable outside<br \/>\nanyconnect image disk0:\/anyconnect-win-4.9.00086-k9.pkg 1<br \/>\nanyconnect enable<br \/>\ntunnel-group-list enable<br \/>\nanyconnect-essentials<br \/>\nanyconnect ssl keepalive 30<br \/>\nanyconnect ssl dtls enable<br \/>\ngroup-policy SSL_VPN_Group internal<br \/>\ngroup-policy SSL_VPN_Group attributes<br \/>\ndns-server value 10.1.1.1<br \/>\nvpn-tunnel-protocol ssl-client<br \/>\nsplit-tunnel-policy tunnelspecified<br \/>\nsplit-tunnel-network-list value SSL_VPN_Access_List<br \/>\ndefault-domain value mycompany.com<br \/>\nwebvpn<br \/>\nanyconnect keep-installer installed<br \/>\nanyconnect ask enable default anyconnect timeout 5<br \/>\nanyconnect ssl keepalive 60<br \/>\nanyconnect ssl compression deflate<br \/>\nsvc split include 192.168.1.0 255.255.255.0<br \/>\nsvc split include 10.1.1.0 255.255.255.0<br \/>\nsvc split exclude 192.168.1.100<br \/>\ntunnel-group SSL_VPN type remote-access<br \/>\ntunnel-group SSL_VPN general-attributes<br \/>\naddress-pool SSL_VPN_Pool<br \/>\nauthentication-server-group LOCAL<br \/>\ndefault-group-policy SSL_VPN_Group<br \/>\ntunnel-group SSL_VPN webvpn-attributes<br \/>\ngroup-alias SSL_VPN enable<br \/>\nauthentication certificate<br \/>\ngroup-url https:\/\/vpn.mycompany.com\/SSL_VPN_Group enable<br \/>\n\u4ee5\u4e0a\u793a\u4f8b\u914d\u7f6e\u4e86\u4e00\u4e2aSSL VPN\uff0c\u5e76\u6dfb\u52a0\u4e86\u7528\u6237admin\u5bc6\u7801admin\u3002\u5176\u4e2d\uff0c\u5148\u914d\u7f6e\u4e86\u7528\u6237\u540d\u548c\u5bc6\u7801\uff0c\u7136\u540e\u914d\u7f6e\u4e86WebVPN\uff0c\u5e76\u542f\u7528\u4e86AnyConnect\u5ba2\u6237\u7aef\uff0c\u8bbe\u7f6e\u4e86AnyConnect\u5ba2\u6237\u7aef\u7684\u7248\u672c\u548c\u542f\u7528\u72b6\u6001\uff0c\u5e76\u8bbe\u7f6e\u4e86AnyConnect\u7684\u8d85\u65f6\u548cDTLS\u529f\u80fd\u3002\u63a5\u4e0b\u6765\uff0c\u914d\u7f6e\u4e86\u7ec4\u7b56\u7565\u548c\u5176\u5c5e\u6027\uff0c\u5305\u62ecDNS\u670d\u52a1\u5668\u3001VPN\u96a7\u9053\u534f\u8bae\u3001\u5206\u9694\u96a7\u9053\u7f51\u7edc\u3001\u9ed8\u8ba4\u57df\u548cWebVPN\u914d\u7f6e\u3002\u7136\u540e\uff0c\u914d\u7f6e\u4e86SSL VPN\u7684\u96a7\u9053\u7ec4\u548c\u5176\u5c5e\u6027\uff0c\u5305\u62ec\u5730\u5740\u6c60\u3001\u8ba4\u8bc1\u670d\u52a1\u5668\u7ec4\u3001\u9ed8\u8ba4\u7ec4\u7b56\u7565\u548cWebVPN\u5c5e\u6027\u3002\u6700\u540e\uff0c\u901a\u8fc7\u914d\u7f6egroup-url\u548cgroup-alias\uff0c\u542f\u7528\u4e86SSL VPN\u7ec4\u522b\u3002<\/p>\n<p>\u6ce8\u610f\uff1a\u8fd9\u53ea\u662f\u4e00\u4e2a\u793a\u4f8b\uff0c\u5b9e\u9645\u7684\u914d\u7f6e\u53ef\u80fd\u56e0\u7f51\u7edc\u62d3\u6251\u548c\u5177\u4f53\u9700\u6c42\u800c\u6709\u6240\u4e0d\u540c\uff0c\u56e0\u6b64\u8bf7\u6839\u636e\u5b9e\u9645\u60c5\u51b5\u8fdb\u884c\u4fee\u6539\u548c\u9002\u914d\u3002\u540c\u65f6\uff0c\u914d\u7f6e\u4e4b\u524d\u8bf7\u5907\u4efd\u73b0\u6709\u914d\u7f6e\uff0c\u4ee5\u514d\u610f\u5916\u4e22\u5931\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u4ee5\u4e0b\u662f\u4e00\u4e2a\u601d\u79d1ASA\u9632\u706b\u5899SSL VPN\u7684\u914d\u7f6e\u793a\u4f8b\uff0c\u5305\u62ec\u6dfb\u52a0\u7528\u6237admin\u5bc6\u7801admin\u548c\u5141\u8bb8\u8bbf\u95ee\u5185\u7f51\u6240\u6709\u8d44\u6e90 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8,2],"tags":[],"class_list":["post-11865","post","type-post","status-publish","format-standard","hentry","category-cisco","category-network"],"_links":{"self":[{"href":"https:\/\/www.xh86.me\/index.php?rest_route=\/wp\/v2\/posts\/11865","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.xh86.me\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.xh86.me\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.xh86.me\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.xh86.me\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=11865"}],"version-history":[{"count":1,"href":"https:\/\/www.xh86.me\/index.php?rest_route=\/wp\/v2\/posts\/11865\/revisions"}],"predecessor-version":[{"id":11866,"href":"https:\/\/www.xh86.me\/index.php?rest_route=\/wp\/v2\/posts\/11865\/revisions\/11866"}],"wp:attachment":[{"href":"https:\/\/www.xh86.me\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=11865"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.xh86.me\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=11865"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.xh86.me\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=11865"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}