Cisco Cisco Identity Services Engine 1.3 전단

 

 

 

安全访问操作指南

 encryption 3des 

 hash sha 

 group 2 

 lifetime 86400 

crypto ikev1 policy 120 

 authentication pre-share 

 encryption 3des 

 hash sha 

 group 2 

 lifetime 86400 

crypto ikev1 policy 130 

 authentication crack 

 encryption des 

hash sha 

 group 2 

 lifetime 86400 

crypto ikev1 policy 140 

 authentication rsa-sig 

 encryption des 

 hash sha 

 group 2 

 lifetime 86400 

crypto ikev1 policy 150 

 authentication pre-share 

 encryption des 

 hash sha 

 group 2 

 lifetime 86400 

telnet timeout 5 

no ssh stricthostkeycheck 

ssh 0.0.0.0 0.0.0.0 inside 

ssh timeout 30 

ssh key-exchange group dh-group1-sha1 

console timeout 0 

management-access inside 

! 

tls-proxy maximum-session 200 

! 

threat-detection basic-threat 

threat-detection statistics access-list 

no threat-detection statistics tcp-intercept 

ntp server 171.68.38.65 source inside prefer 

ntp server 10.81.254.202 source inside 

ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1 

ssl trust-point ciscoca outside 

ssl trust-point ASDM_Launcher_Access_TrustPoint_28 inside 

ssl trust-point ASDM_Launcher_Access_TrustPoint_28 inside vpnlb-ip 

 

group-policy DfltGrpPolicy attributes 

 dns-server value 10.10.10.10 

 vpn-idle-timeout 1440 

 vpn-session-timeout 28800 

 vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec ssl-client  

 ipsec-udp enable 

 default-domain value test.ocm 

 webvpn 

  anyconnect ssl rekey time 300 

  anyconnect ssl rekey method ssl 

  anyconnect profiles value vpnlisting type user 

group-policy CISCOVPN internal 

group-policy CISCOVPN attributes 

dns-server value 10.10.10.10  

 dhcp-network-scope none 

 vpn-access-hours none 

 vpn-simultaneous-logins 2 

 vpn-idle-timeout 1440 

 vpn-session-timeout none 

 vpn-filter none 

 vpn-tunnel-protocol ikev1 ikev2 ssl-client  

 password-storage disable               

 

 
 

©2015 思科系统公司 

第

21 页