一 创建用户的组和能通过对资源
sslvpn context SSLVPN
gateway SSLVPN domain nanchang
ip-tunnel interface SSLVPN-AC1
ip-tunnel address-pool sslvpnpool mask 255.255.255.0
ip-tunnel log connection-close
ip-tunnel log address-alloc-release
ip-route-list 1
include 1.1.5.0 255.255.255.252
include 2.4.2.0 255.255.255.252
policy-group 1
filter ip-tunnel acl 3000
ip-tunnel access-route ip-route-list 1
ip-tunnel address-pool sslvpnpool mask 255.255.255.0
timeout idle 10
log user-login enable
log resource-access enable brief
force-logout max-onlines enable
service enable
二 创建用户的账号密码
#
local-user Szjt_aqhb class network
password cipher $c$3$BCdjJO7CQAhkWMO0teusdqpMW8XgbMmZjLjY+T6/Sa0=
service-type sslvpn
authorization-attribute user-role network-admin
authorization-attribute user-role network-operator
authorization-attribute sslvpn-policy-group 5
#
local-user Szjt_aqhb_aqhb class network
password cipher $c$3$j9Rf1QxFY5wlafXIL2EW3L1aoNoYlZae6YtXj/Tjt44=
service-type sslvpn
authorization-attribute user-role network-admin
authorization-attribute user-role network-operator
authorization-attribute sslvpn-policy-group 13
#
三 SSL-VPN 查询手册
[FW1]display sslvpn context
Context name: SSLVPN
Operation state: Up
AAA domain: Not specified
Certificate authentication: Disabled
Password authentication: Enabled
Authentication use: All
SMS auth type: Not configured
Urlmasking: Disabled
Code verification: Disabled
Default policy group: Not configured
Associated SSL VPN gateway: SSLVPN
Domain name: nanchang
Maximum users allowed: 1048575
VPN instance: Not configured
Idle timeout: 10 min
Authentication server-type: aaa
Password changing: Enabled
