Cisco Cisco Identity Services Engine 1.3 Folheto

安全访问操作指南

ip-comp disable

re-xauth disable

group-lock none

pfs disable

ipsec-udp-port 10000

split-tunnel-policy tunnelall

split-tunnel-network-list none

default-domain value test.ocm

backup-servers keep-client-config

webvpn

anyconnect ssl rekey method ssl

anyconnect modules value dart,iseposture

anyconnect profiles value vpnlisting type user

dynamic-access-policy-record DfltAccessPolicy

username sampg password n4q2SM5y13X3ysFc encrypted privilege 15

username admin password ezv7202P8kRjcMXI encrypted privilege 15

tunnel-group npf-sjvpn type remote-access

tunnel-group npf-sjvpn general-attributes

address-pool user-dhcp-pool

authentication-server-group RADIUS-SERVERS

accounting-server-group RADIUS-SERVERS

default-group-policy CISCOVPN

tunnel-group npf-sjvpn webvpn-attributes

group-alias SAMPG-IPSEC-VPN disable

group-alias SAMPG-SSL-VPN enable

tunnel-group npf-sjvpn ipsec-attributes

ikev1 pre-shared-key *****

class-map inspection_default

match default-inspection-traffic

policy-map type inspect dns preset_dns_map

parameters

message-length maximum client auto

message-length maximum 512

policy-map global_policy

class inspection_default

inspect dns preset_dns_map

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp

inspect ip-options

inspect icmp

service-policy global_policy interface outside

prompt hostname priority state

no call-home reporting anonymous

Cryptochecksum:f75d25311e04e6a83e7e2b0b4d5ce1b1

: end

第

22 页