SSLvpn拨号失败
- 0关注
- 1收藏,1173浏览
问题描述:
SSLvpn拨号失败,想请问一下是哪里配置出了问题
组网及组网描述:
设置列表
- 有序列表
- 无序列表
对齐方式
- 靠左
- 居中
- 靠右
SSLVPN做在防火墙上
防火墙配置:
[FW1]dis cu
# interface GigabitEthernet1/0/0
port link-mode route
combo enable copper
ip address 133.68.34.17 255.255.255.252
# interface GigabitEthernet1/0/1
port link-mode route
combo enable copper
ip address 192.168.1.1 255.255.255.252
# interface SSLVPN-AC1
ip address 10.20.255.1 255.255.255.192
# security-zone name Local
# security-zone name
Trust import interface GigabitEthernet1/0/1
import interface SSLVPN-AC1
# security-zone name DMZ
# security-zone name Untrust
import interface GigabitEthernet1/0/0
# security-zone name Management
# ip route-static 0.0.0.0 0 133.68.34.18
ip route-static 192.168.10.0 24 192.168.1.2
# acl advanced 3000
rule 0 permit ip source 10.20.255.0 0.0.0.192 destination 192.168.10.0 0.0.0.255
# # local-user admin class manage
password hash $h$6$UbIhNnPevyKUwfpm$LqR3+yg1IjNct39MkOR0H0iQXLkYB3jMqM4vbAeoXOhbabIIFnjJPEGR00YiYA1Sz4LiY3FmEdru2fOLMb1shQ==
service-type telnet terminal http
authorization-attribute user-role level-3 authorization-attribute user-role network-admin
authorization-attribute user-role network-operator
# local-user admin class network
password cipher $c$3$R+JVUzxOjiAnfSihiWCPKJKfYZjeZ8ushao=
service-type sslvpn
authorization-attribute user-role network-admin
authorization-attribute user-role network-operator
# local-user root class network
password cipher $c$3$FjsmETB5oh/TSxsScMr0DNc9S9LpZrIJHEA=
service-type sslvpn authorization-attribute user-role network-admin
authorization-attribute user-role network-operator
authorization-attribute sslvpn-policy-group group1
# local-user sslvpnuser class network
password cipher $c$3$2jX0VH3AuSbqbkr/Xc3o6mK98JcwlyjCuw==
service-type sslvpn
authorization-attribute user-role network-operator
authorization-attribute sslvpn-policy-group group1
# ip http enable ip https enable
# sslvpn ip address-pool pool 10.20.255.2 10.20.255.63
# sslvpn gateway gw ip address 133.68.34.17 port 4430
service enable
# sslvpn context vpn
gateway gw
ip-tunnel interface SSLVPN-AC1
ip-tunnel address-pool vpn mask 255.255.255.192
ip-route-list rt include 192.168.10.0 255.255.255.0
policy-group group1
filter ip-tunnel acl 3000
ip-tunnel access-route ip-route-list rt
service enable
# security-policy ip
rule 0 name 0
action pass
# return
连接物理网卡的路由器配置:
[Inter]dis cu
# interface GigabitEthernet0/0
port link-mode route
combo enable copper
ip address 172.16.1.1 255.255.255.0
# interface GigabitEthernet0/1
port link-mode route
combo enable copper
ip address 133.68.34.18 255.255.255.252
nat outbound 2000
#acl basic 2000
rule 0 permit source 172.16.1.0 0.0.0.255
# return
- 2022-01-13提问
- 举报
-
(0)
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
- 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
- 3. 是哪家企业?(营业执照,单位登记证明等证件)
- 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
抄袭了我的内容
×
原文链接或出处
诽谤我
×
- 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
对根叔社区有害的内容
×
不规范转载
×
举报说明
防火墙策略是全放通的