ASA Version 7.0(8) / {7 @2 M7 [) B5 c# \& N
!
5 v* U' o& Z6 ]7 w; Khostname ciscoasa- G( P# `- J1 J; _% J! e
domain-name default.domain.invalid8 A% p$ W4 o+ {3 X( a, U
enable password 8Ry2YjIyt7RRXU24 encrypted6 L5 [& Q4 z7 [1 d @3 C
passwd 2KFQnbNIdI.2KYOU encrypted; F A" _3 H# j
names
8 F0 K+ @4 S( I1 P4 m7 @2 Q) kdns-guard
. [, v- Z( ]* ~6 ?1 H!
$ D: }7 ~4 G; G% h0 \4 tinterface Ethernet0/02 z$ L4 Q7 [" Y
nameif inside6 U$ [3 l- h: s0 w& ?8 ^% S
security-level 1007 {' c8 [9 Z0 g. e0 a9 } r
ip address 192.168.0.1 255.255.255.0 9 h, F3 ?1 H/ p' r$ d \
!: S6 X1 m4 v" n" n4 h1 z7 o- y
interface Ethernet0/1
I5 \3 a9 B2 x+ R8 Y1 z9 | nameif outside
5 G6 @6 P( T* X3 B2 c5 F security-level 0- R% n! g% T a. z0 Z2 }
ip address 222.178.X.X 255.255.255.252
4 u t" X& X4 I2 s!
& E- a! p @) ^2 Tinterface Ethernet0/2
& B1 A2 ]( A @9 j. E shutdown
- ~- n3 Q' v2 K, f6 T& i# \ no nameif4 E) t& T* y1 t1 z
no security-level3 S! A5 Z5 L3 R" k7 [
no ip address
: @( { ]) ~ Z7 M!, G5 {/ z) B. o4 q [! T# ?
interface Management0/0) Z& h, G% D, u M" P3 z1 {
nameif management
. Q- f- O' `" d' ^% o* m2 P+ l security-level 100
, y3 k6 T" X; F# ?1 A( ] D ip address 192.168.1.1 255.255.255.0
0 H, f, O; |! L& H9 r) V1 s; h management-only6 u4 O- G# q/ b* O* U& r4 H
!$ W: ^4 v+ o% l6 f8 X
ftp mode passive0 R9 ~! s: p$ T# b
same-security-traffic permit intra-interface) A, g k& ~ H. Y# h
access-list 111 extended permit ip any any + s& a* D* {7 ^( m4 o, N! F
access-list no-nat extended permit ip 192.168.0.0 255.255.255.0 192.168.10.0 255.255.255.0
4 c: ~# e1 ]# Jaccess-list vpnclient_splitTunnelAcl standard permit 192.168.0.0 255.255.255.0
$ f; Q) r9 U, spager lines 245 [! n0 Y& C8 u0 f) U7 w1 L/ c5 q
logging asdm informational4 h4 ?* P- z& `6 D( P- U3 K
mtu inside 1500
" l- L# H7 n. e. D- Emtu outside 1500( ]+ z1 E$ r' Q* H7 h: e
mtu management 1500
6 J8 T/ Y h# a% f& i8 Cip local pool vpnpool 192.168.10.100-192.168.10.199 mask 255.255.255.0& g. t2 V1 s S
asdm image disk0:/asdm-508.bin
+ C3 J! H; j- p5 Vno asdm history enable
- f" p" G+ x* T% e! [* i+ ]arp timeout 14400
3 [ V& s a# D1 N. pglobal (outside) 1 interface' U4 P) Q: g$ r0 Q& j5 y) l0 O
nat (inside) 0 access-list no-nat& n8 T5 ^$ P# S; R; q6 t; }' W
nat (inside) 1 0.0.0.0 0.0.0.0
4 R7 \: }2 w; `3 g6 u$ Lstatic (inside,outside) tcp interface 5900 192.168.0.210 5900 netmask 255.255.255.255
% Y$ E- U0 Y) g* \! G& U4 |static (inside,outside) tcp interface 1433 192.168.0.143 1433 netmask 255.255.255.255
: h5 @4 q; q+ j Z8 z/ Ustatic (inside,outside) tcp interface 1434 192.168.0.143 1434 netmask 255.255.255.255
! H4 B/ f. j/ U/ k( L+ ^static (inside,outside) tcp interface 2425 192.168.0.143 2425 netmask 255.255.255.255 7 y9 U" K% E1 E$ B
static (inside,outside) tcp interface 2426 192.168.0.143 2426 netmask 255.255.255.255 * z# _. F+ c H$ f! X
static (inside,outside) tcp interface 2427 192.168.0.143 2427 netmask 255.255.255.255
- M6 J/ P4 u' n6 qstatic (inside,outside) tcp interface 2428 192.168.0.143 2428 netmask 255.255.255.255 3 i) ?. P( P2 m& K0 F$ X
static (inside,outside) tcp interface 2429 192.168.0.143 2429 netmask 255.255.255.255 g+ z I# X; m8 O; ?! j2 Q1 X ? U
static (inside,outside) tcp interface 5800 192.168.0.210 5800 netmask 255.255.255.255 ; j# e3 {4 F; q7 l$ W; _* j3 k
access-group 111 in interface outside+ q' t f6 Z" ?) J9 K* o p
route outside 0.0.0.0 0.0.0.0 222.178.X.X 1
6 ~. M- M8 [. d$ u' stimeout xlate 3:00:00
$ O7 Y9 Q' l8 u( ?, ~; C- Ftimeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
) @! M/ p& t. x* d; V" A& ^* Ltimeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00/ b+ e) _ P+ f0 f# ]5 W
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:002 y2 M% H) t( B* Z9 R# {
timeout uauth 0:05:00 absolute! h& Z- b, g. f8 i
group-policy DfltGrpPolicy attributes
2 R% P0 ]& d h4 ~2 I, r3 k; V banner none
/ ~; k7 i) K5 J- t7 Z* ]6 X% Q wins-server none9 E+ p' {# U1 W+ Y8 [
dns-server none% ~# y# U8 _0 f, i
dhcp-network-scope none
! k2 [' J) E. j: v; E vpn-access-hours none
3 n0 j; Z; c: P6 S! [ vpn-simultaneous-logins 3
2 U& Y: j+ I7 ?4 `' q I- W# L! h! C vpn-idle-timeout 30$ o/ T( X/ V2 G$ C* M% Q
vpn-session-timeout none
$ Z* f6 }1 F2 Q5 A0 S3 T vpn-filter none
4 e: B( O/ v2 @, j3 V' M! } vpn-tunnel-protocol IPSec webvpn
& W/ P2 Z" s. t9 j. K$ w# r5 S$ k) K password-storage disable
) J* [8 _- N4 W! E; W$ ?! e ip-comp disable
5 L7 g0 Y2 b2 q! u4 L3 \# } re-xauth disable
' L' e! w% v; C3 l! U: M group-lock none
# _& y' X, k7 \; ~. B* v- N pfs disable
B, W2 }0 h, X ipsec-udp disable9 L( h6 L1 P D2 X L
ipsec-udp-port 10000, `2 v% {8 e6 f7 X! z9 C
split-tunnel-policy tunnelall
$ ], c0 j! i! A; }' h7 z. j split-tunnel-network-list none
3 F8 a, T3 W1 E default-domain none8 `1 j. W; a# ^: e
split-dns none
1 V/ j. a# f0 l- m& v% L$ @9 U! C secure-unit-authentication disable3 D1 L, c: H7 |; k a
user-authentication disable$ X$ n: N+ T' U" j$ B
user-authentication-idle-timeout 30" {% {; m6 ?, p3 \+ w3 n# h7 Q
ip-phone-bypass disable# }. y: T9 H1 a" w* I0 t; t0 e
leap-bypass disable' {" d$ \$ H) u+ z1 |3 _1 b$ v! }
nem disable
) f G6 I; y( i. U2 D% R$ m3 Q backup-servers keep-client-config
! i" m% T) x! U client-firewall none
; Q8 h6 Z6 e% k/ w+ m" x client-access-rule none# W% M; d4 X8 v% B8 c
webvpn7 V4 n& @ }1 ]' |: Y
functions url-entry
9 `8 ?( A' [# }/ d port-forward-name value Application Access
2 i) ?& h" _# Z& k3 I* Y% _! ygroup-policy vpnclient internal M0 a% [1 a% u5 j" w
group-policy vpnclient attributes9 [2 A+ J9 z2 v) d1 y. V2 |
dns-server value 61.128.128.67% T: ^: p+ h- P' {) l5 x
vpn-tunnel-protocol IPSec s5 ]: Q8 S m4 ?# {2 s. I
split-tunnel-policy tunnelspecified1 j8 H K3 Z) @
split-tunnel-network-list value vpnclient_splitTunnelAcl
8 t- ]5 V; v7 ]( x webvpn. y" V! x# o) |4 z2 G3 U
username admin11 password 2oVCF4GkSvYRaajj encrypted; B: W( B1 J3 U! C: ^& V
username admin11 attributes
8 @& e, o! B3 v vpn-group-policy vpnclient! B( u9 v) Q1 P. U# P
webvpn
2 T* U4 U* D4 E, [; uusername cisco password 3USUcOPFUiMCO4Jk encrypted privilege 15
" \6 v/ Q2 \ N; I- e+ yaaa authentication ssh console LOCAL + J8 G. {" K G$ U* v- ]
aaa authentication enable console LOCAL
0 I0 c. p' U( w! baaa authentication http console LOCAL + v/ Q1 S p: u& ~
aaa authentication serial console LOCAL 4 P9 O0 O( x, K4 H P; T: F$ m
aaa authentication telnet console LOCAL
# O, E7 O" g/ l3 f( whttp server enable8 `2 Y( k6 S8 s* ]5 _; F
http 192.168.0.0 255.255.255.0 inside
# v1 _' j$ c8 j2 h# n u' p1 Lhttp 0.0.0.0 0.0.0.0 inside
# ^9 f0 Z# C- [4 Shttp 0.0.0.0 0.0.0.0 outside
. [# m" F" v7 F" uhttp 192.168.1.0 255.255.255.0 management
/ j5 o6 M7 W5 f) `) G: cno snmp-server location
, D6 E a4 S* N Y pno snmp-server contact
+ F+ W' N' S3 f; Fsnmp-server enable traps snmp authentication linkup linkdown coldstart* t; ?, T) u& o$ K' Y" H8 g# h
crypto ipsec transform-set vpnset esp-des esp-md5-hmac
3 g' Z. w3 W2 R" fcrypto ipsec security-association lifetime seconds 28800( }6 M. N, e: L, y) s2 l) M1 ^
crypto ipsec security-association lifetime kilobytes 46080000 P3 C+ O# ]4 v
crypto dynamic-map outside-dyn-map 10 set transform-set vpnset
$ B+ C; D6 Q6 z. ?% Lcrypto dynamic-map outside-dyn-map 10 set security-association lifetime seconds 288000$ P8 g! W# a: W* v, u% n0 a! E
crypto dynamic-map outside-dyn-map 10 set security-association lifetime kilobytes 4608000+ e5 G9 s. V% ~% @7 \
crypto dynamic-map outside-dyn-map 10 set reverse-route' f$ w% F | J) M+ O+ E; j
crypto map outside_map 65535 set security-association lifetime seconds 28800
2 K- s1 {6 u& bcrypto map outside_map 65535 set security-association lifetime kilobytes 4608000
t f' ~* H l1 Wcrypto map ESP-DES-MD5 20 set security-association lifetime seconds 28800
$ r6 s1 _4 O0 M/ W1 Z; o+ [% Mcrypto map ESP-DES-MD5 20 set security-association lifetime kilobytes 4608000+ i( S9 s6 r z, y$ {* v8 L
crypto map mymap 10 set security-association lifetime seconds 28800
" n) a+ X \; _) c7 E Z& Jcrypto map mymap 10 set security-association lifetime kilobytes 4608000% S% y" ?6 @0 v* L* z; l
crypto map outside-map 10 ipsec-isakmp dynamic outside-dyn-map( m/ p% c+ ]$ S: ~+ F. ^' b' X
crypto map outside-map interface outside
% O# I- x& D( M$ Iisakmp identity address
) v8 }# P# [9 O0 l9 ~7 tisakmp enable outside1 p; s; @) P! \* y& ?
isakmp policy 1 authentication pre-share: n5 s& c8 s6 ^. s
isakmp policy 1 encryption des
! h) j5 J# @7 ^1 f( Pisakmp policy 1 hash md5) {7 A- w% t" t
isakmp policy 1 group 2
' B- s; n" d0 r$ H ^& i2 lisakmp policy 1 lifetime 86400
+ W, M8 H9 \ t. yisakmp nat-traversal 20
/ B+ y/ _5 T8 D2 a. ttunnel-group DefaultL2LGroup ipsec-attributes
7 Q" f7 C. U* A- @ pre-shared-key *+ l5 H" q6 c0 o; m/ z8 ^
tunnel-group vpnclient type ipsec-ra
' s) a3 H0 M$ k6 m; @! Ptunnel-group vpnclient general-attributes2 O% h& ~! r' }9 C" U) w; o
address-pool vpnpool% ^$ M- p7 e( g* M9 M, T: l: u) Y
default-group-policy vpnclient
- r: w7 x0 R) u! a3 ttunnel-group vpnclient ipsec-attributes
$ k8 V8 z' ~" u) B( N0 G4 U pre-shared-key *
- N* Q7 |0 w, `5 Gtunnel-group-map default-group cisco k9 x; O1 N- p, Z' g
telnet 192.168.0.0 255.255.255.0 inside9 Y! E" S: g! d5 ^
telnet timeout 59 k" c2 R; Z( {4 B+ D
ssh 0.0.0.0 0.0.0.0 inside
8 g2 i1 D5 Z3 ]& H" S/ l2 Bssh 0.0.0.0 0.0.0.0 outside1 h) @0 U% Q/ }
ssh timeout 60
* n8 z# T ?4 aconsole timeout 0# e+ ^' R/ ~: z! B$ [3 B
dhcpd address 192.168.0.2-192.168.0.254 inside
7 G% ^" S$ s# f1 ldhcpd address 192.168.1.2-192.168.1.254 management
) s7 c s. y( K0 V2 K4 @dhcpd dns 61.128.128.68 61.128.192.68
* P0 E7 {, |+ E( fdhcpd lease 3600
3 S7 A2 n+ K- Q' y$ P& n. S( tdhcpd ping_timeout 50
9 g# O4 f: V6 l& T; w3 pdhcpd enable inside- G2 a& `( v) R, S+ {, N
dhcpd enable management! ^ @6 K, r# i' x6 G9 M5 c3 k0 X
!
; O9 F z$ {5 w G2 i& Sclass-map inspection_default0 e' J: ~) ^& Z% A' g
match default-inspection-traffic
% | K5 `. ` Y7 P!
. u8 @, E! p- |7 \, i0 }& f!2 w8 s8 T' M: P( Z7 {0 h6 W
policy-map global_policy3 U' O0 c9 o% p8 _
class inspection_default
& a& g, S6 Q) }7 i* r( J7 A( ^ inspect dns maximum-length 512
- _+ n; n* t. J- N) @ inspect ftp
6 u, W7 N: B3 B9 ?! m inspect h323 h225
" Y4 I Q* B; R: ?* l3 T inspect h323 ras ) c3 S; C2 k8 r( B
inspect rsh 6 b' H1 N& V/ Z4 d
inspect rtsp
9 ]6 [ B, p5 E9 V/ q! D inspect esmtp 2 e2 J! Y# Y' y4 x/ r2 A* n
inspect sqlnet
0 A+ Z, S8 [3 h3 e* g inspect skinny ! X0 N4 u7 T4 Z, w) |: K- M" L2 v' c
inspect sunrpc / v/ ?& j9 V* n/ `
inspect xdmcp
3 N( H+ i% l. n' s& \" }9 { k inspect sip
9 B8 Y; a2 c' A6 h inspect netbios
8 u% A" H6 p, Z% ], Y: r+ K inspect tftp
: k" I7 o# c$ x- h2 n!+ a2 D3 a1 c8 w4 n* h$ f1 E
service-policy global_policy global
5 k% Z# i( q/ Y- Hclient-update enable
+ C4 _9 T, z9 U. B& eCryptochecksum:aef2b202fd891d6f72ef70a222d07ad7
. @# Z! V3 L3 r- L1 L% M: V: end% v" c+ P+ y' U- }$ t
9 x' N+ _- N A5 a5 i7 X请问下楼上的师傅QQ号是多少. 能否找你私下聊一下, 主要就是这个VPN的问题个. |
所有IT类厂商认证考试题库下载
【新盟教育】2023最新华为HCIA全套视频合集【网工基础全覆盖】---国sir公开课合集
【新盟教育】网工小白必看的!2023最新版华为认证HCIA Datacom零基础全套实战课
原创_超融合自动化运维工具cvTools
重量级~~30多套JAVA就业班全套 视频教程(请尽快下载,链接失效后不补)
链接已失效【超过几百G】EVE 国内和国外镜像 全有了 百度群分享
某linux大佬,积累多年的电子书(约300本)
乾颐堂现任明教教主Python完整版
乾颐堂 教主技术进化论 2018-2019年 最新31-50期合集视频(各种最新技术杂谈视频)
Python学习视频 0起点视频 入门到项目实战篇 Python3.5.2视频教程 共847集 能学102天
约21套Python视频合集 核心基础视频教程(共310G,已压缩)
最新20180811录制 IT爱好者-清风羽毛 - 网络安全IPSec VPN实验指南视频教程
最新20180807录制EVE开机自启动虚拟路由器并桥接物理网卡充当思科路由器
