Maqaalkan waxaan jeclaan lahaa inaan ku bixiyo tilmaamo tallaabo-tallaabo ah oo ku saabsan sida aad si dhakhso leh u geyn karto nidaamka ugu miisaanka badan xilligan. Helitaanka fog ee VPN helitaanka ku salaysan AnyConnect iyo Cisco ASA - Kutlada Isku dheeli tirka culeyska VPN.
Hordhac: Shirkado badan oo adduunka ah, xaaladda hadda jirta ee COVID-19 awgeed, ayaa dadaal ugu jira sidii ay shaqaalahooda ugu wareejin lahaayeen shaqo fog. Sababo la xiriira u gudubka baahsan ee shaqada fog, culeyska saaran albaabada VPN ee jira ee shirkadaha ayaa si aad ah u kordheysa waxaana loo baahan yahay awood aad u dhaqso badan oo lagu cabbiro iyaga. Dhanka kale, shirkado badan ayaa lagu qasbay inay si degdeg ah u bartaan fikradda shaqada fog ee eber.
Si looga caawiyo ganacsiyada inay si dhakhso leh u hirgeliyaan gelitaanka VPN ee habboon, sugan, iyo la cabbiri karo ee shaqaalaha, Cisco waxay siisaa ilaa 13-usbuuc shatiyo sifada qani ku ah macmiilka AnyConnect SSL-VPN. .
.
Waxaan u diyaariyey tilmaamo tallaabo-tallaabo ah ikhtiyaarka fudud ee lagu geynayo kooxda Isku-dheellitirka-qaadista VPN sida tignoolajiyada VPN ee la cabbiri karo.
Tusaalaha hoose wuxuu noqon doonaa mid aad u fudud marka loo eego aragtida xaqiijinta iyo oggolaanshaha algorithms ee la isticmaalo, laakiin waxay noqon doontaa ikhtiyaarka wanaagsan ee bilawga degdega ah (taas oo ah wax ay dad badani hadda ka maqan yihiin) iyada oo suurtagal ah in si qoto dheer loola qabsado baahiyahaaga inta lagu jiro habka dirista.
Xog kooban: Isku-dheelitirka VPN Technology Cluster maaha mid guul-darraystay ama shaqo kooxeed dareenkeeda asalka ah; tignoolajiyadani waxay isku dari kartaa noocyo kala duwan oo ASA ah (oo leh xaddidaadyo gaar ah) si loo buuxiyo dheelitirka isku xirka Helitaanka fog ee VPN. Ma jiro wax isku-dubarid ah oo fadhiyada iyo isku xidhka u dhexeeya qanjidhada kooxdan oo kale, laakiin waxa suurtogal ah in si toos ah loogu shubo isku-dheellitirka isku xirka VPN iyo hubinta dulqaadka cilada ee xidhiidhada VPN ilaa ugu yaraan hal nood firfircoon uu ku sii jiro kooxda. Culayska kooxda ayaa si toos ah isku dheeli tiran iyadoo ku xidhan culayska shaqada ee qanjidhada tirada fadhiyada VPN.
U dulqaadashada cilladaha qanjidhada kooxeed ee gaarka ah (haddii loo baahdo), waxaad isticmaali kartaa fayl-gare, markaa xidhiidhka firfircoon waxa lagu farsamayn doonaa noodhka koowaad ee faylalka. Faylka-kordhintu maaha shuruud lagama maarmaan u ah xaqiijinta u-dulqaadashada khaladka gudaha kutlada Load-Balancing; haddii ay dhacdo cillad-beelka, kutlada lafteedu waxay u wareejin doontaa fadhiga isticmaalaha nood kale oo nool, laakiin iyada oo aan la ilaalin heerka xidhiidhka, taas oo ah waxa saxda ah. faylalka ayaa bixiya. Sidaa darteed, labadan tignoolajiyada waa la isku dari karaa haddii loo baahdo.
Kooxda isku dheelli tirka VPN waxay ka koobnaan kartaa in ka badan laba noodood.
Kutlada Load-Balancing VPN waxaa lagu taageeraa ASA 5512-X iyo wixii ka sareeya.
Maaddaama ASA kasta oo ka tirsan kooxda VPN Load-Balancing ay tahay unug madax-bannaan marka la eego habaynta, waxaanu si gaar ah u fulinaa dhammaan tillaabooyinka qaabaynta aalad kasta.
Topology-ga macquulka ah ee tusaalaha la bixiyay waa:
Gelintii Hore:
-
Waxaan geynnaa tusaalooyinka ASAv ee qaababka aan u baahanahay (ASAv5/10/30/50) sawirka.
-
Waxa aanu ku meelaynaynaa gudaha/Dbadda interfaces isla VLAN-ka (Ka baxsan VLAN-keeda, gudaha gudaha u gaar ah, laakiin ku dhex badan kooxda dhexdeeda, eeg topology), waxa muhiim ah in interfaces-yada isku nooc ah ay ku yaalaan isla qaybta L2.
-
Shatiyada:
- Waqtiga rakibaadda, ASAv ma yeelan doonto wax shati ah waxayna ku koobnaan doontaa 100kbit/sek.
- Si aad u rakibto shatiga, waxaad u baahan tahay inaad ku abuurto calaamad akoonkaaga Smart-Account: -> Shatiga Software-ka casriga ah
- Daaqada furmo, dhagsii badhanka Calaamad cusub
- Hubi in goobta ku taal daaqadda furmo ay firfircoon tahay oo sanduuqa jeeggu la saxo Oggolow shaqeynta ay maamusho dhoofinta... La'aanteed goobtan firfircoon, ma awoodid inaad isticmaasho hawlaha sirta ah ee xooggan iyo, si waafaqsan, VPN. Haddii goobtani aanay shaqayn, fadlan la xidhiidh kooxda akoonkaaga si aad u codsato hawl gal
- Kadib riix badhanka Abuur Token, calaamad ayaa la abuuri doonaa taas oo aan u isticmaali doono si aan u helno shatiga ASAv, nuqul ka samee:
- Aynu ku celino tillaabooyinka C,D,E ee ASAv kasta oo la geeyo.
- Si loo fududeeyo nuqul ka samaynta calaamada, aynu si ku meel gaadh ah u awoodno telnet. Aynu habaynno ASA kasta (tusaale hoose waxa uu tusayaa habaynta ASA-1). telnet ka dibadda ma shaqeeyo, haddii aad runtii u baahan tahay, u beddel heerka amniga ilaa 100 una beddel dibadda, ka dibna dib u beddel.
! ciscoasa(config)# int gi0/0 ciscoasa(config)# nameif outside ciscoasa(config)# ip address 192.168.31.30 255.255.255.0 ciscoasa(config)# no shut ! ciscoasa(config)# int gi0/1 ciscoasa(config)# nameif inside ciscoasa(config)# ip address 192.168.255.2 255.255.255.0 ciscoasa(config)# no shut ! ciscoasa(config)# telnet 0 0 inside ciscoasa(config)# username admin password cisco priv 15 ciscoasa(config)# ena password cisco ciscoasa(config)# aaa authentication telnet console LOCAL ! ciscoasa(config)# route outside 0 0 192.168.31.1 ! ciscoasa(config)# wr !- Si aad isaga diiwaan geliso calaamadda Smart-Account Cloud, waa inaad bixisa galitaanka Internetka ee ASA, .
Marka la soo koobo, ASA ayaa loo baahan yahay:
- Helitaanka internetka ee HTTPS;
- waqti-is-waafajin (si sax ah iyada oo loo marayo NTP);
- Adeegga DNS ee diiwaangashan;
- Waxaan u sii maraynaa telnet ASA oo aanu samaynay dejin si aanu u dhaqaajino shatiga iyada oo loo marayo Smart-Account.
! ciscoasa(config)# clock set 19:21:00 Mar 18 2020 ciscoasa(config)# clock timezone MSK 3 ciscoasa(config)# ntp server 192.168.99.136 ! ciscoasa(config)# dns domain-lookup outside ciscoasa(config)# DNS server-group DefaultDNS ciscoasa(config-dns-server-group)# name-server 192.168.99.132 ! ! ΠΡΠΎΠ²Π΅ΡΠΈΠΌ ΡΠ°Π±ΠΎΡΡ DNS: ! ciscoasa(config-dns-server-group)# ping ya.ru Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 87.250.250.242, timeout is 2 seconds: !!!!! ! ! ΠΡΠΎΠ²Π΅ΡΠΈΠΌ ΡΠΈΠ½Ρ ΡΠΎΠ½ΠΈΠ·Π°ΡΠΈΡ NTP: ! ciscoasa(config)# show ntp associations address ref clock st when poll reach delay offset disp *~192.168.99.136 91.189.94.4 3 63 64 1 36.7 1.85 17.5 * master (synced), # master (unsynced), + selected, - candidate, ~ configured ! ! Π£ΡΡΠ°Π½ΠΎΠ²ΠΈΠΌ ΠΊΠΎΠ½ΡΠΈΠ³ΡΡΠ°ΡΠΈΡ Π½Π°ΡΠ΅ΠΉ ASAv Π΄Π»Ρ Smart-Licensing (Π² ΡΠΎΠΎΡΠ²Π΅ΡΡΡΠ²ΠΈΠΈ Ρ ΠΠ°ΡΠΈΠΌ ΠΏΡΠΎΡΠΈΠ»Π΅ΠΌ, Π² ΠΌΠΎΠ΅ΠΌ ΡΠ»ΡΡΠ°Π΅ 100Π Π΄Π»Ρ ΠΏΡΠΈΠΌΠ΅ΡΠ°) ! ciscoasa(config)# license smart ciscoasa(config-smart-lic)# feature tier standard ciscoasa(config-smart-lic)# throughput level 100M ! ! Π ΡΠ»ΡΡΠ°Π΅ Π½Π΅ΠΎΠ±Ρ ΠΎΠ΄ΠΈΠΌΠΎΡΡΠΈ ΠΌΠΎΠΆΠ½ΠΎ Π½Π°ΡΡΡΠΎΠΈΡΡ Π΄ΠΎΡΡΡΠΏ Π² ΠΠ½ΡΠ΅ΡΠ½Π΅Ρ ΡΠ΅ΡΠ΅Π· ΠΏΡΠΎΠΊΡΠΈ ΠΈΡΠΏΠΎΠ»ΡΠ·ΡΠΉΡΠ΅ ΡΠ»Π΅Π΄ΡΡΡΠΈΠΉ Π±Π»ΠΎΠΊ ΠΊΠΎΠΌΠ°Π½Π΄: !call-home ! http-proxy ip_address port port ! ! ΠΠ°Π»Π΅Π΅ ΠΌΡ Π²ΡΡΠ°Π²Π»ΡΠ΅ΠΌ ΡΠΊΠΎΠΏΠΈΡΠΎΠ²Π°Π½Π½ΡΠΉ ΠΈΠ· ΠΏΠΎΡΡΠ°Π»Π° Smart-Account ΡΠΎΠΊΠ΅Π½ (<token>) ΠΈ ΡΠ΅Π³ΠΈΡΡΡΠΈΡΡΠ΅ΠΌ Π»ΠΈΡΠ΅Π½Π·ΠΈΡ ! ciscoasa(config)# end ciscoasa# license smart register idtoken <token>- Waxa aanu hubinay in qalabku si guul leh u diiwaan gashtay shatiga iyo siraynta fursadaha la heli karo:
-
Habaynta aasaasiga ah ee SSL-VPN irid kasta
- Marka xigta, waxaan ku habeyneynaa gelitaanka SSH iyo ASDM:
ciscoasa(config)# ssh ver 2 ciscoasa(config)# aaa authentication ssh console LOCAL ciscoasa(config)# aaa authentication http console LOCAL ciscoasa(config)# hostname vpn-demo-1 vpn-demo-1(config)# domain-name ashes.cc vpn-demo-1(config)# cry key gen rsa general-keys modulus 4096 vpn-demo-1(config)# ssh 0 0 inside vpn-demo-1(config)# http 0 0 inside ! ! ΠΠΎΠ΄Π½ΠΈΠΌΠ΅ΠΌ ΡΠ΅ΡΠ²Π΅Ρ HTTPS Π΄Π»Ρ ASDM Π½Π° ΠΏΠΎΡΡΡ 445 ΡΡΠΎΠ±Ρ Π½Π΅ ΠΏΠ΅ΡΠ΅ΡΠ΅ΠΊΠ°ΡΡΡΡ Ρ SSL-VPN ΠΏΠΎΡΡΠ°Π»ΠΎΠΌ ! vpn-demo-1(config)# http server enable 445 !- Si ASDM u shaqeyso, waa inaad marka hore ka soo dejiso cisco.com, xaaladdeyda waa faylka soo socda:
- Si uu macmiilka AnyConnect u shaqeeyo, waxaad u baahan tahay inaad soo dejiso sawirka ASA kasta ee macmiil kasta oo OS ah oo la isticmaalo (loo qorsheeyay in la isticmaalo Linux/Windows/MAC), waxaad u baahan doontaa fayl leh Xirmada Gelitaanka Headend Cinwaanka:
- Faylasha la soo dejiyay waxaa la soo gelin karaa, tusaale ahaan, server-ka FTP waxaana lagu shubi karaa ASA kasta:
- Waxaan u habeyneynaa ASDM iyo shahaadada Is- Saxiixa ee SSL-VPN (waxaa lagu talinayaa in la isticmaalo shahaado la aamini karo xagga wax soo saarka). FQDN-ka la aasaasay ee kutlada Virtual Address (vpn-demo.ashes.cc), iyo sidoo kale FQDN kasta oo la xidhiidha ciwaanka dibadda ee qanjidhada koox kasta waa in lagu xalliyaa aagga DNS ee dibadeed ciwaanka IP-ga ee interface-ka DIBADDA (ama Ciwaanka khariidadda lagu sameeyay haddii udp/443 gudbinta dekedda la isticmaalo (DTLS) iyo tcp/443(TLS)). Macluumaad faahfaahsan oo ku saabsan shuruudaha shahaadada ayaa lagu qeexay qaybta Xaqiijinta Shahaadada dukumeenti
! vpn-demo-1(config)# crypto ca trustpoint SELF vpn-demo-1(config-ca-trustpoint)# enrollment self vpn-demo-1(config-ca-trustpoint)# fqdn vpn-demo.ashes.cc vpn-demo-1(config-ca-trustpoint)# subject-name cn=*.ashes.cc, ou=ashes-lab, o=ashes, c=ru vpn-demo-1(config-ca-trustpoint)# serial-number vpn-demo-1(config-ca-trustpoint)# crl configure vpn-demo-1(config-ca-crl)# cry ca enroll SELF % The fully-qualified domain name in the certificate will be: vpn-demo.ashes.cc Generate Self-Signed Certificate? [yes/no]: yes vpn-demo-1(config)# ! vpn-demo-1(config)# sh cry ca certificates Certificate Status: Available Certificate Serial Number: 4d43725e Certificate Usage: General Purpose Public Key Type: RSA (4096 bits) Signature Algorithm: SHA256 with RSA Encryption Issuer Name: serialNumber=9A439T02F95 hostname=vpn-demo.ashes.cc cn=*.ashes.cc ou=ashes-lab o=ashes c=ru Subject Name: serialNumber=9A439T02F95 hostname=vpn-demo.ashes.cc cn=*.ashes.cc ou=ashes-lab o=ashes c=ru Validity Date: start date: 00:16:17 MSK Mar 19 2020 end date: 00:16:17 MSK Mar 17 2030 Storage: config Associated Trustpoints: SELF CA Certificate Status: Available Certificate Serial Number: 0509 Certificate Usage: General Purpose Public Key Type: RSA (4096 bits) Signature Algorithm: SHA1 with RSA Encryption Issuer Name: cn=QuoVadis Root CA 2 o=QuoVadis Limited c=BM Subject Name: cn=QuoVadis Root CA 2 o=QuoVadis Limited c=BM Validity Date: start date: 21:27:00 MSK Nov 24 2006 end date: 21:23:33 MSK Nov 24 2031 Storage: config Associated Trustpoints: _SmartCallHome_ServerCA- Si aad u hubiso shaqada ASDM, ha ilaawin inaad qeexdo dekedda, tusaale ahaan:
- Aynu fulino goobaha tunnel-ka aasaasiga ah:
- Waxaan ka dhigi doonaa shabakada shirkadda in la heli karo iyada oo loo marayo tunnel ah, oo si toos ah ugu xidhi internetka (ma aha habka ugu ammaansan ee maqnaanshaha tillaabooyinka ammaanka ee martigeliyaha isku xira, waxaa suurtagal ah in la dhex galo iyada oo loo marayo martida cudurka iyo soo saarka xogta shirkadda, doorasho. tunnelall siyaasadda qaybsan-tunnel waxay u oggolaan doontaa dhammaan taraafikada martida loo yahay inay galaan tunnelka. Si kastaba ha ahaatee Qayb-Tunnel waxay suurtogal ka dhigtaa in la nafiso albaabka VPN oo aan la socodsiin taraafikada internetka ee martida loo yahay)
- Waxaan soo saari doonaa martigaliyayaasha tunnelka ciwaanno ka socda subnetka 192.168.20.0/24 ( barkad ka kooban 10 ilaa 30 ciwaan (node ββ#1)). Nood kasta oo ka mid ah kooxda waa inuu lahaadaa barkad VPN u gaar ah.
- Aynu ku samayno xaqiijinta aasaasiga ah isticmaale maxalli ah oo lagu abuuray ASA (Tani laguma talinayo, tani waa habka ugu fudud), way fiicantahay in la sameeyo aqoonsiga iyada oo loo marayo LDAP/RADIUS, ama ka sii fiican, xidhid Xaqiijinta Qodobbada Badan (MFA)tusaale ahaan Cisco DUO.
! vpn-demo-1(config)# ip local pool vpn-pool 192.168.20.10-192.168.20.30 mask 255.255.255.0 ! vpn-demo-1(config)# access-list split-tunnel standard permit 192.168.0.0 255.255.0.0 ! vpn-demo-1(config)# group-policy SSL-VPN-GROUP-POLICY internal vpn-demo-1(config)# group-policy SSL-VPN-GROUP-POLICY attributes vpn-demo-1(config-group-policy)# vpn-tunnel-protocol ssl-client vpn-demo-1(config-group-policy)# split-tunnel-policy tunnelspecified vpn-demo-1(config-group-policy)# split-tunnel-network-list value split-tunnel vpn-demo-1(config-group-policy)# dns-server value 192.168.99.132 vpn-demo-1(config-group-policy)# default-domain value ashes.cc vpn-demo-1(config)# tunnel-group DefaultWEBVPNGroup general-attributes vpn-demo-1(config-tunnel-general)# default-group-policy SSL-VPN-GROUP-POLICY vpn-demo-1(config-tunnel-general)# address-pool vpn-pool ! vpn-demo-1(config)# username dkazakov password cisco vpn-demo-1(config)# username dkazakov attributes vpn-demo-1(config-username)# service-type remote-access ! vpn-demo-1(config)# ssl trust-point SELF vpn-demo-1(config)# webvpn vpn-demo-1(config-webvpn)# enable outside vpn-demo-1(config-webvpn)# anyconnect image disk0:/anyconnect-win-4.8.03036-webdeploy-k9.pkg vpn-demo-1(config-webvpn)# anyconnect enable !- (ikhtiyaar)Tusaalaha kore, waxaan isticmaalnay isticmaale maxalli ah oo ku yaal dab-damiska si loo xaqiijiyo isticmaalayaasha fog, taas oo dabcan aan faa'iido yar lahayn marka laga reebo shaybaarka. Waxaan ku siin doonaa tusaale ah sida ugu dhaqsaha badan loo waafajiyo habaynta si loo xaqiijiyo RADIUS server, loo isticmaalo tusaale ahaan Injiinka Adeegyada Aqoonsiga Cisco:
vpn-demo-1(config-aaa-server-group)# dynamic-authorization vpn-demo-1(config-aaa-server-group)# interim-accounting-update vpn-demo-1(config-aaa-server-group)# aaa-server RADIUS (outside) host 192.168.99.134 vpn-demo-1(config-aaa-server-host)# key cisco vpn-demo-1(config-aaa-server-host)# exit vpn-demo-1(config)# tunnel-group DefaultWEBVPNGroup general-attributes vpn-demo-1(config-tunnel-general)# authentication-server-group RADIUS !Isku dhafkan ayaa suurtageliyay in aan si dhaqso ah loogu dhexgelin nidaamka xaqiijinta iyo adeegga tusaha AD, laakiin sidoo kale in la kala saaro in kumbiyuutarka ku xiran yahay AD, la fahmo in uu yahay qalab shirkad ama mid shakhsi ah, iyo in la qiimeeyo xaaladda ku xiran. qalab.
- Aynu habaynno Transparent NAT si taraafikada u dhaxaysa macmiilka iyo ilaha shabakada ee shabakada shirkada aan la faragelin:
vpn-demo-1(config-network-object)# subnet 192.168.20.0 255.255.255.0 ! vpn-demo-1(config)# nat (inside,outside) source static any any destination static vpn-users vpn-users no-proxy-arp- (ikhtiyaar): Si aan macaamiisheena ugu bandhigno internetka iyada oo loo marayo ASA (marka la isticmaalayo tunnelall fursadaha) adoo isticmaalaya PAT, oo sidoo kale ka baxa isla interface ka baxsan halka ay ku xiran yihiin, waxaad u baahan tahay inaad sameyso dejinta soo socota
vpn-demo-1(config-network-object)# nat (outside,outside) source dynamic vpn-users interface vpn-demo-1(config)# nat (inside,outside) source dynamic any interface vpn-demo-1(config)# same-security-traffic permit intra-interface !- Aad bay muhiim u tahay marka la isticmaalayo koox si ay awood ugu siiso shabakada gudaha inay fahmaan ASA si ay ugu celiso taraafikada isticmaalayaasha; taas awgeed waxaa lagama maarmaan ah in dib loo qaybiyo dariiqyada / 32 ciwaannada la siiyay macaamiisha.
Waqtigan xaadirka ah, wali ma aanaan habeynin kutlada, laakiin waxaan horey u haysanay albaabada VPN oo aad si gaar ah ugu xiri karto FQDN ama IP.
Waxaan ku aragnaa macmiilka ku xiran miiska dajinta ee ASA ugu horeysay:
Si ay dhammaan kutladayada VPN iyo dhammaan shabakadaha shirkadu u ogaadaan dariiqa loo maro macmiilkayaga, waxaanu dib u qaybin doonaa horgalaha macmiilka borotokoolka jihaynta firfircoon, tusaale ahaan OSPF:
! vpn-demo-1(config)# route-map RMAP-VPN-REDISTRIBUTE permit 1 vpn-demo-1(config-route-map)# match ip address VPN-REDISTRIBUTE ! vpn-demo-1(config)# router ospf 1 vpn-demo-1(config-router)# network 192.168.255.0 255.255.255.0 area 0 vpn-demo-1(config-router)# log-adj-changes vpn-demo-1(config-router)# redistribute static metric 5000 subnets route-map RMAP-VPN-REDISTRIBUTEHadda waxaan haysanaa waddo macaamiishu ka soo gasho albaabka labaad ee ASA-2 iyo isticmaaleyaasha ku xidhan albaabbada VPN ee kala duwan ee kutlada dhexdeeda waxay si toos ah ula xidhiidhi karaan talefoonka shirkadda, sida soo celinta taraafikada agabka uu codsaday isticmaaluhu wuu iman doonaa. Albaabka VPN ee la rabo:
-
Aan u gudubno samaynta kutlada-Dhaqaajinta-Load-Balancing.
Ciwaanka 192.168.31.40 waxa loo isticmaali doona sidii Virtual IP (VIP - dhammaan macaamiisha VPN marka hore way ku xidhi doonaan), ciwaankan Cluster Master-ka waxa uu u rogi doonaa qandho kooxeed yar oo raran. Ha ilaawin inaad isdiiwaangeliso u gudbi oo dib u celi diiwaanada DNS labadaba ciwaanka dibadda/FQDN ee noodhka koox kasta, iyo VIP.
vpn-demo-1(config)# vpn load-balancing vpn-demo-1(config-load-balancing)# interface lbpublic outside vpn-demo-1(config-load-balancing)# interface lbprivate inside vpn-demo-1(config-load-balancing)# priority 10 vpn-demo-1(config-load-balancing)# cluster ip address 192.168.31.40 vpn-demo-1(config-load-balancing)# cluster port 4000 vpn-demo-1(config-load-balancing)# redirect-fqdn enable vpn-demo-1(config-load-balancing)# cluster key cisco vpn-demo-1(config-load-balancing)# cluster encryption vpn-demo-1(config-load-balancing)# cluster port 9023 vpn-demo-1(config-load-balancing)# participate vpn-demo-1(config-load-balancing)#- Waxaan ku hubinaa shaqada kooxda laba macaamiil oo isku xidhan:
- Aynu ka dhigno waayo-aragnimada macmiilka mid ku habboon oo si toos ah loo soo dejiyo AnyConnect profile iyada oo la adeegsanayo ASDM.
Waxaan u magacawnaa astaanta si habboon, waxaanan ku xidhiidhinnaa siyaasaddayada kooxda:
Xidhiidhka macmiilka ee xiga ka dib, profile-kan si toos ah ayaa loo soo dejin doonaa oo loogu rakibi doonaa macmiilka AnyConnect, markaa haddii aad u baahan tahay inaad ku xidho, waxaad u baahan tahay oo kaliya inaad ka doorato liiska:
Tan iyo markii aan isticmaalnay ASDM waxaan ku abuurnay astaantan hal ASA oo keliya, ha ilaawin inaad ku celiso tillaabooyinka ASAs haray ee kutlada.
ΠΡΠ²ΠΎΠ΄: Markaa, waxaanu si degdeg ah u geynay koox ka kooban dhawr albaab oo VPN ah oo leh miisaan si toos ah isu dheelitiraya. Ku darida qanjidhada cusub ee kutlada waa sahlan tahay, gaarista miisaan toosan oo sahlan iyadoo la dirayo mashiinada farsamada ASAv cusub ama isticmaalaya ASAs hardware. Macmiilka AnyConnect sifadiisu qani ku tahay ayaa si weyn u wanaajin kara awoodahaaga isku xidhka fog ee sugan adoo isticmaalaya Joogitaanka (qiimaynta gobolka), sida ugu waxtarka badan ee loo isticmaalo iyada oo lala kaashanayo kontoroolka gelitaanka dhexe iyo nidaamka xisaabaadka Matoorka Adeegyada Aqoonsiga.
Source: www.habr.com