Cisco Cisco Identity Services Engine 1.3 Dépliant
安全访问操作指南
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 120
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 130
authentication crack
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 140
authentication rsa-sig
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 150
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
telnet timeout 5
no ssh stricthostkeycheck
ssh 0.0.0.0 0.0.0.0 inside
ssh timeout 30
ssh key-exchange group dh-group1-sha1
console timeout 0
management-access inside
!
tls-proxy maximum-session 200
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 171.68.38.65 source inside prefer
ntp server 10.81.254.202 source inside
ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1
ssl trust-point ciscoca outside
ssl trust-point ASDM_Launcher_Access_TrustPoint_28 inside
ssl trust-point ASDM_Launcher_Access_TrustPoint_28 inside vpnlb-ip
group-policy DfltGrpPolicy attributes
dns-server value 10.10.10.10
vpn-idle-timeout 1440
vpn-session-timeout 28800
vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec ssl-client
ipsec-udp enable
default-domain value test.ocm
webvpn
anyconnect ssl rekey time 300
anyconnect ssl rekey method ssl
anyconnect profiles value vpnlisting type user
group-policy CISCOVPN internal
group-policy CISCOVPN attributes
dns-server value 10.10.10.10
dhcp-network-scope none
vpn-access-hours none
vpn-simultaneous-logins 2
vpn-idle-timeout 1440
vpn-session-timeout none
vpn-filter none
vpn-tunnel-protocol ikev1 ikev2 ssl-client
password-storage disable
©2015 思科系统公司
第
21 页