[cisco-ttl] vpn-certificate authentication sorunu

From: erkan erdem (erbugercetin_1_at_yahoo.com)
Date: Fri May 21 2004 - 06:56:33 GMT

  • Next message: Ilker Temir: "Re: [cisco-ttl] IOS kodlarinin calinmasi ne demek?"

    merhaba arkadaşlar,
    Aşağıda vpn için firewallda yaptığım bir konfigurasyon var.Vpn client radius serverdan authentication sağlıyor.ben certificate authentication yapmak istiyorum. Bunun için firewallda, IAS da ne gibi değişiklikler yapmam gerekli?
     
    aaa-server partnerauth protocol radius
    aaa-server radius protocol radius
    aaa-server partnerauth (inside) host 10.0.0.3 12345 timeout 5
    isakmp policy 8 encr 3des
    isakmp policy 8 hash md5
    isakmp policy 8 authentication pre-share
    isakmp policy 8 group 2
    crypto ipsec transform-set strong-des esp-3des esp-sha-hmac
    crypto dynamic-map cisco 4 set transform-set strong-des
    crypto map partner-map 20 ipsec-isakmp dynamic cisco
    crypto map partner-map interface outside
    crypto map partner-map client authentication partnerauth
    crypto map partner-map client configuration address initiate
    isakmp key 12345 address 0.0.0.0 netmask 0.0.0.0
    access-list 80 permit ip 10.0.0.0 255.255.255.0 10.1.1.0 255.255.255.0
    nat (inside) 0 access-list 80
    ip local pool dealer 10.1.1.1-10.1.1.254
    vpngroup vpnuser address-pool dealer
    vpngroup vpnuser dns-server 10.0.0.2
    vpngroup vpnuser wins-server 10.0.0.2
    vpngroup vpnuser default-domain ekin.com
    vpngroup svpnuser split-tunnel 80
    vpngroup vpnuser idle-time 1800
     

                    
    ---------------------------------
    Do you Yahoo!?
    Yahoo! Domains - Claim yours for only $14.70/year



    This archive was generated by hypermail 2.1.5 : Fri May 21 2004 - 10:57:14 GMT