ASAEZ-VPN+Radius认证

1.概述ASA防火墙配置EZVPN并通过RADIUS服务器做验证，防火墙版本为新版本，9.1(2)。2.拓扑图3.ASA配置（(粗体字为名称)）1.配置IKEV1（第一阶段）cryptoikev1enableoutsidecryptoikev1policy10authenticationpre-shareencryption3deshashmd5group2lifetime864002.配置ipsec（第二阶段）cryptoipsecikev1transform-setFirstSetesp-3desesp-md5-hmaccryptodynamic-mapdyn11setikev1transform-setFirstSetcryptodynamic-mapdyn11setreverse-routecryptomapmymap1ipsec-isakmpdynamicdyn1cryptomapmymapinterfaceoutside3定义pooliplocalpoolezvpn_pool10.10.9.1-10.10.9.254mask255.255.255.04配置访问策略access-list101extendedpermitip10.10.10.0255.255.255.010.10.9.0255.255.255.0access-list101extendedpermitip10.10.9.0255.255.255.010.10.10.0255.255.255.05.定义group-policygroup-policyezvpn-policyinternalgroup-policyezvpn-policyattributessplit-tunnel-policytunnelspecifiedsplit-tunnel-network-listvalue101address-poolsvalueezvpn_pool6配置AAA服务器aaa-serverRadius_serverprotocolradiusaaa-serverRadius_server(inside)host10.10.8.100（radius服务器地址）keycisco7配置tunnel-group，关联地址pool和radius服务器tunnel-groupezvpngroupipsec-attributesikev1pre-shared-keycisco123tunnel-groupezvpngrouptyperemote-accesstunnel-groupezvpngroupgeneral-attributesaddress-poolezvpn_poolauthentication-server-groupRadius_serverauthentication-server-group(inside)Radius_serverpassword-management8做隧道分离objectnetworklocal-vpn-trafficsubnet10.10.10.0255.255.255.0objectnetworkremote-vpn-trafficsubnet10.10.9.0255.255.255.0nat(inside,outside)sourcestaticlocal-vpn-trafficlocal-vpn-trafficdestinationstaticremote-vpn-trafficremote-vpn-traffic9配置脚本ASAEZVPN.txt