SSLVPN登录成功后可以访问IP资源也能访问如3389等端口远程,同一台设备IP地址可以ping通,但是就是不能访问80端口8080,443等设备web界面。
对齐方式 靠左 居中 靠右
(0)
您好,请知:
1、以下是SSL VPN的关键配置点,请参考:
SSL VPN关键配置点:
[SSL_VPN]acl advanced 3000
[SSL_VPN-acl-ipv4-adv-3000]rule 0 permit tcp source any destination any
[SSL_VPN-acl-ipv4-adv-3000]quit
[SSL_VPN]sslvpn gateway james
[SSL_VPN-sslvpn-gateway-james] ip address 10.0.0.5
[SSL_VPN-sslvpn-gateway-james]service enable
[SSL_VPN-sslvpn-gateway-james]quit
[SSL_VPN]sslvpn context james
[SSL_VPN-sslvpn-context-james]gateway james domain james
[SSL_VPN-sslvpn-context-james]url-list S5820
[SSL_VPN-sslvpn-context-james-url-list-S5820] heading web
[SSL_VPN-sslvpn-context-james-url-list-S5820]url S5820-https url-value https://10.0.0.1
[SSL_VPN-sslvpn-context-james-url-list-S5820]url S5820-http url-value http://10.0.0.1
[SSL_VPN-sslvpn-context-james-url-list-S5820]quit
[SSL_VPN-sslvpn-context-james] policy-group url
[SSL_VPN-sslvpn-context-james-policy-group-url]resources url-list S5820
[SSL_VPN-sslvpn-context-james-policy-group-url]filter web-access acl 3000
[SSL_VPN-sslvpn-context-james-policy-group-url]service enable
[SSL_VPN-sslvpn-context-james]quit
[SSL_VPN]local-user james class network
New local user added.
[SSL_VPN-luser-network-james]password simple james
[SSL_VPN-luser-network-james]service-type sslvpn
[SSL_VPN-luser-network-james]authorization-attribute user-role network-operator
[SSL_VPN-luser-network-james]authorization-attribute sslvpn-policy-group url
[SSL_VPN-luser-network-james]quit
需注意[SSL_VPN-sslvpn-context-james-policy-group-url]filter web-access acl 3000 中放通安全策略
2、请确认防火墙已经放通了相应的安全策略、域间策略。
3、请确认服务器到SSL VPN网关的路由可达。
4、请确认登陆的用户已调用了SSL VPN策略。
[SSL_VPN-luser-network-james]authorization-attribute sslvpn-policy-group url
(0)
没看懂你这个那些是重点呀
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
抄袭了我的内容
×
原文链接或出处
诽谤我
×
对根叔社区有害的内容
×
不规范转载
×
举报说明