配置外网用户利用SSL VPN访问企业内网的综合示例

胡振宇 · 发表于 2015-11-20 12:50:59

sysname Router
#
pki entity a  //配置PKI实体
country CN
common-name hello
#
pki realm admin //配置PKI域
ca id ca_a
enrollment-url http://10.2.1.9:8080/certsrv/mscep/mscep.dll ra
entity a
#
ssl policy adminserver type server  //配置服务器型SSL策略，并将该SSL策略与HTTPS服务器相关联
pki-realm admin
#
ip pool market_pool  //配置IP地址池
network 10.139.30.0 mask 255.255.255.0
#
aaa //创建远程用户的用户信息
domain default
local-user rose password cipher %@%@kTj:CWY!"FaF$C>LDl)PpwG>%@%@             //密码rose123456
local-user wangjun password cipher %@%@'=k[+Qag$N&"mi@\+{;

Lx{%@%@          //密码wangjun654321
local-user zhanghong password cipher %@%@.c$O5Rs~nD:4~W*Vyq\;QMdI%@%@       //密码zhanghong123456
local-user huwei password cipher %@%@|VwJ:a+\(S6D9d:O!r|BQNHo%@%@          //密码huwei654321
local-user jack password cipher %@%@v4DM,GExS"C[5313oIc,QOcA%@%@          //密码jack123456
local-user john password cipher %@%@[G`6IS`%)V6c)"/>id%$QPoR%@%@          //密码john654321
#
interface Ethernet 2/0/0
ip address 1.1.1.1 255.255.255.0
#
interface Ethernet 1/0/0
ip address 10.138.10.254 255.255.255.0
#
sslvpn gateway market  //创建虚拟网关market
intranet interface Ethernet 1/0/0
bind domain default  //AAA域和用户信息
enable
service-type web-proxy resource market_web-proxy  //配置Web代理业务，实现市场人员访问Web服务器
  link http://10.138.10.1:80/
service-type port-forwarding resource market_port-forwarding1  //配置端口转发业务
  server ip-address 10.138.10.3 port 995
  description market-email
service-type port-forwarding resource market_port-forwarding1  //配置端口转发业务
  server ip-address 10.138.10.21 port 3389
  description market-deskshare
service-type ip-forwarding resource market_ip-forwarding  //配置网络扩展业务
  bind ip-pool market_pool
  route-mode split
  route-split ip address 10.138.10.64 mask 27
#  //创建虚拟网关customer，配置基本功能，包括内外网接口、AAA域和用户信息
sslvpn gateway customer intranet interface Ethernet 1/0/0
bind domain default
enable
service-type port-forwarding resource customer_port-forwarding  //配置端口转发业务
  server ip-address 10.138.10.3 port 995
  description custom-email
service-type port-forwarding resource customer_port-forwarding  //配置端口转发业务
  server ip-address 10.138.10.2 port 23
  description custom-telnet
#  //配置虚拟网关company，并配置基本功能，包括内外网接口、AAA域和用户信息
sslvpn gateway company
intranet interface Ethernet 1/0/0
bind domain default
enable
service-type web-proxy resource company_web-proxy  //配置Web代理业务
  link http://10.138.10.1:80/

		自动登录	找回密码
密码			注册通行证