ASA Version 7.0(8)
. Y$ O6 ~# w5 Z/ B }! V!
' {* W3 U) c8 t( J" B: H; Lhostname ciscoasa0 v; a0 c8 q" ?- ]& z/ l: m- Y: Q
domain-name default.domain.invalid
+ J* O; [. Y: o6 U% Y# m% Eenable password 8Ry2YjIyt7RRXU24 encrypted
W) C% ?# F0 [7 L6 Y# C1 E3 X0 Bpasswd 2KFQnbNIdI.2KYOU encrypted
7 G' L& w0 z) t( V# Onames
7 J% X$ [2 f9 k8 H" ldns-guard
n# x+ T! G4 j/ I: v!8 X) C6 ?# S% q! \% G8 ~/ T
interface Ethernet0/0
& n* j/ k! v/ c6 g nameif inside2 s9 ]% i; f+ j1 q) n# P c8 p$ V
security-level 100
2 B5 i5 u+ L4 @ ip address 192.168.0.1 255.255.255.0
7 q5 t, }' a, F4 Z5 t!! W. T( L+ z& |
interface Ethernet0/1
+ c7 z$ }# E/ E( U. L5 t3 E nameif outside
R5 f; { f5 ^, \; y security-level 0! a( T# C; `+ b+ V
ip address 222.178.X.X 255.255.255.252
" R' b6 \- ^$ S!
2 R& i+ Z; w5 ?0 vinterface Ethernet0/2$ t8 n0 p8 e! \" i( ~
shutdown: m" Z( V$ g; n& E4 T7 d% W
no nameif
# H+ y5 O9 _' @0 K) f& c no security-level0 B- Z1 t* u1 V) ^& C% a
no ip address: H; _/ O( @) c! O- ~- g9 [
!
3 d* E6 H0 e/ G$ yinterface Management0/02 L7 P4 l- r0 ^+ P6 x \
nameif management- U3 ~2 I4 N8 i/ ]8 W6 A
security-level 100
/ z8 m5 w; k$ L7 S0 H" n3 ~$ f ip address 192.168.1.1 255.255.255.0
y# l: ?! u, s# H9 V management-only* \! d6 [: t4 V6 E
!
2 X/ \! l: a! b t% l/ d7 rftp mode passive
" t# W0 b. y: |! Gsame-security-traffic permit intra-interface9 a" O& L. L2 L4 W+ C
access-list 111 extended permit ip any any 0 s# }* A) K$ M) ~' y$ N
access-list no-nat extended permit ip 192.168.0.0 255.255.255.0 192.168.10.0 255.255.255.0
4 O- P+ o2 [+ R6 G1 ]0 I5 ^) N- y2 Oaccess-list vpnclient_splitTunnelAcl standard permit 192.168.0.0 255.255.255.0
0 S' p f5 G$ R2 Kpager lines 245 q3 p' a! U; q; L4 |* g0 m' q: Z
logging asdm informational% A% w" n! D" @
mtu inside 1500
( m9 |: E" ~- E5 ~mtu outside 1500 f# q6 G4 k& t# g+ G4 r
mtu management 1500
7 _) R5 x5 D0 |: }: o& _ip local pool vpnpool 192.168.10.100-192.168.10.199 mask 255.255.255.0
- h. u; L3 c+ g+ Aasdm image disk0:/asdm-508.bin
3 h# T4 U+ E% i& w# Gno asdm history enable
7 s! Z( Q) i7 F5 v2 |) Xarp timeout 14400
; B F* T0 s: ? Uglobal (outside) 1 interface
8 X7 E3 S8 H2 A6 snat (inside) 0 access-list no-nat8 i, W" P, L; g, ^: i$ ~# e/ i
nat (inside) 1 0.0.0.0 0.0.0.02 c) M! g/ E2 S- |
static (inside,outside) tcp interface 5900 192.168.0.210 5900 netmask 255.255.255.255
0 P h! Q; O7 `+ w2 i, ]8 Istatic (inside,outside) tcp interface 1433 192.168.0.143 1433 netmask 255.255.255.255
7 i$ B8 p; g9 `static (inside,outside) tcp interface 1434 192.168.0.143 1434 netmask 255.255.255.255
/ n6 j. O d7 X$ x- Z- B1 Fstatic (inside,outside) tcp interface 2425 192.168.0.143 2425 netmask 255.255.255.255 9 [7 H) h& H5 a7 F. a2 I Y
static (inside,outside) tcp interface 2426 192.168.0.143 2426 netmask 255.255.255.255
$ B1 n$ j ?) I: y) _. \ l4 G$ Zstatic (inside,outside) tcp interface 2427 192.168.0.143 2427 netmask 255.255.255.255
' `, u7 p5 Y, _% d. Ostatic (inside,outside) tcp interface 2428 192.168.0.143 2428 netmask 255.255.255.255 # F$ o, M6 ]; w1 j! _( ?
static (inside,outside) tcp interface 2429 192.168.0.143 2429 netmask 255.255.255.255 # j. F! _0 Q4 s* Z4 R
static (inside,outside) tcp interface 5800 192.168.0.210 5800 netmask 255.255.255.255
# b& j/ Q" J+ e" G$ \1 X6 c+ {/ S) Caccess-group 111 in interface outside% I l, j1 Y6 H
route outside 0.0.0.0 0.0.0.0 222.178.X.X 1
/ M; \ j$ S. k9 i- i0 {9 `3 u# |timeout xlate 3:00:003 j3 R( @: J# Y: w/ ?7 |
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:028 X9 X4 a1 k. r" }# j" A9 N3 K
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:008 ^3 ]8 L* h( b5 e$ e0 T* M
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
6 ^; N: Y+ i* @1 b0 t6 @, Ntimeout uauth 0:05:00 absolute" ?" d: a: T+ S8 I4 g2 g: |. d# D
group-policy DfltGrpPolicy attributes8 w2 H B, N$ g s
banner none
2 X7 h7 j* t! E1 V4 G) h6 U wins-server none
7 w: Q/ q2 n/ G% G9 V dns-server none* G7 ~* Z6 g% m U+ g4 D
dhcp-network-scope none
5 I/ ]& l/ z6 D! b& B vpn-access-hours none" v- g0 n$ F( S( Y
vpn-simultaneous-logins 3
8 ^! r; F: u# I3 G! w vpn-idle-timeout 301 G E: V, F" a( |* T
vpn-session-timeout none
3 ]2 P2 ~) \6 p ?# \+ V5 O) N# x6 U9 K vpn-filter none: J1 @ Z5 g; X3 I5 ?7 j! R
vpn-tunnel-protocol IPSec webvpn
' Y! D+ R9 _- h3 Y: F7 w A password-storage disable( Q% Z" M- k/ S: J8 r, y
ip-comp disable! U) s3 B( A- p0 e. m/ |
re-xauth disable
' L# \, p- c6 B* a | group-lock none" R& n4 B$ E' R H0 C
pfs disable
" y7 P4 u, X4 I* x ipsec-udp disable- i" O* u/ ~& f5 _" y2 p
ipsec-udp-port 10000
0 g( E$ C- }) }6 t split-tunnel-policy tunnelall
8 N# b4 Z3 T. f8 L, E u split-tunnel-network-list none
7 I# j- i8 h$ c! c4 X3 V default-domain none" `# k; B( k( i, e) [
split-dns none: Q% U6 y _3 w; {
secure-unit-authentication disable j. G, e% Q1 Z8 H
user-authentication disable! G. S( G. W) c1 Z0 N4 E
user-authentication-idle-timeout 30
$ f: X! [. `8 f8 ^* R ip-phone-bypass disable
1 e: \4 y' ]7 |9 I leap-bypass disable w% J+ ~* W& w% u3 c
nem disable; M3 E9 ^0 x+ Y) |5 S6 }9 |) Y/ J
backup-servers keep-client-config
$ |# S! @$ |, G9 y% v client-firewall none) J' r) t0 L- D* w2 ]4 \; V. Q
client-access-rule none F4 m, q% [' J O5 I" A# p9 r
webvpn
1 p; g. G$ {7 q) b, N functions url-entry+ ^8 a$ P& c# f( h9 _
port-forward-name value Application Access
; w& _4 B8 \9 V: m: v: v+ w3 ^group-policy vpnclient internal
2 m1 m" G6 g# }3 V/ R. B+ o/ d* Z. Zgroup-policy vpnclient attributes
. C1 q! S) `7 e- ]* G dns-server value 61.128.128.67
4 @$ e8 l/ q7 f* b6 o vpn-tunnel-protocol IPSec % B, r z; a9 v
split-tunnel-policy tunnelspecified
* E) i& j: ~$ A* |) u3 W split-tunnel-network-list value vpnclient_splitTunnelAcl
7 W6 F/ \# g) q6 C8 W webvpn
. h' Z& ^' ~% e' w$ o& M3 K) D5 Z3 nusername admin11 password 2oVCF4GkSvYRaajj encrypted
6 _- Q9 Q6 E4 ~: H+ M6 }! S2 tusername admin11 attributes
4 g. V9 U/ b2 t5 | vpn-group-policy vpnclient
1 P7 B9 b9 x, E' P9 m webvpn) c/ h8 {) P. n7 J/ C8 h$ J
username cisco password 3USUcOPFUiMCO4Jk encrypted privilege 153 l7 b7 n7 q+ s; @7 a, a- P
aaa authentication ssh console LOCAL
2 K* U! c- t7 K: Q. o3 N. ]' laaa authentication enable console LOCAL
# M9 R6 `! i( D& p" Y9 Kaaa authentication http console LOCAL 7 K, {$ \. W" t# h9 l n( d; T
aaa authentication serial console LOCAL
' b2 [( |% b. J3 A( H' waaa authentication telnet console LOCAL % s; S! A' u3 {8 L5 W4 A
http server enable. e" I# U/ T0 I. V: f$ B' l% `
http 192.168.0.0 255.255.255.0 inside# ~) D$ _# B0 ~
http 0.0.0.0 0.0.0.0 inside' \2 X s7 G& @% `% Z% v
http 0.0.0.0 0.0.0.0 outside
1 [* `! N5 F; B& d+ Mhttp 192.168.1.0 255.255.255.0 management
4 w5 B' ^5 U7 ~- u5 N: ]no snmp-server location
# `* |/ J# O o1 n% w3 lno snmp-server contact
) q. W. z5 d" o5 [snmp-server enable traps snmp authentication linkup linkdown coldstart3 T: e3 R9 R* q1 C( ]
crypto ipsec transform-set vpnset esp-des esp-md5-hmac
6 y% Q* ]3 Z6 g: O6 c6 hcrypto ipsec security-association lifetime seconds 28800
) m0 H6 N/ H! W3 i' H- V; c/ Z3 ncrypto ipsec security-association lifetime kilobytes 4608000
+ ?( U$ [; w1 }% s7 Jcrypto dynamic-map outside-dyn-map 10 set transform-set vpnset% K+ h2 G+ K* T3 h& F& \& S' t
crypto dynamic-map outside-dyn-map 10 set security-association lifetime seconds 2880008 E, ~- b7 k- F+ U7 P% ~' e& Y
crypto dynamic-map outside-dyn-map 10 set security-association lifetime kilobytes 4608000
9 F1 ]3 E, }7 wcrypto dynamic-map outside-dyn-map 10 set reverse-route
, s" z& {0 C4 ^! _7 a! hcrypto map outside_map 65535 set security-association lifetime seconds 28800
" q9 w8 d, W$ [# r! a. {crypto map outside_map 65535 set security-association lifetime kilobytes 46080008 [, y3 s% v" _2 Z w5 r7 o
crypto map ESP-DES-MD5 20 set security-association lifetime seconds 28800
6 u& t5 g( J: ~$ E( Rcrypto map ESP-DES-MD5 20 set security-association lifetime kilobytes 4608000
; J( M7 Q% ~ Dcrypto map mymap 10 set security-association lifetime seconds 28800 n, P: @2 s* N: p
crypto map mymap 10 set security-association lifetime kilobytes 4608000$ a! f- a" w9 m7 g" }, t
crypto map outside-map 10 ipsec-isakmp dynamic outside-dyn-map; |3 c# ?" H( ?4 H' S9 s w* g5 S
crypto map outside-map interface outside
y7 |7 z% T! i1 c3 Cisakmp identity address
8 v( {! N2 h7 q5 d6 xisakmp enable outside# `; C. o4 B) {# x4 q9 z
isakmp policy 1 authentication pre-share
8 E& i" g H% L4 Wisakmp policy 1 encryption des
, _3 A$ t) U" t; s: R5 ?( risakmp policy 1 hash md5) P1 j* E, C9 ?' M4 I* Q
isakmp policy 1 group 2
5 x- @! e# S& e2 |* r( P2 v# disakmp policy 1 lifetime 86400
0 \7 R7 @ T3 k R7 }+ a/ }isakmp nat-traversal 20' J* a- @$ b8 ]8 P2 c& }7 g
tunnel-group DefaultL2LGroup ipsec-attributes
7 w$ H* J8 L) Z6 e y* n pre-shared-key *8 E9 Y0 L1 {, J8 l, F7 A
tunnel-group vpnclient type ipsec-ra
; w* T: c' [' G/ _tunnel-group vpnclient general-attributes# U9 t& Z9 ~# Z) w- L' P
address-pool vpnpool
+ z$ Y) `% d* U4 m$ x default-group-policy vpnclient
- K' U S, \5 I3 ptunnel-group vpnclient ipsec-attributes
- S: ^$ E1 i g. ~% `) ] q9 q pre-shared-key *
2 @, l: i/ d: o+ `( L' Ktunnel-group-map default-group cisco
6 F! U" w8 l7 p0 \& y* j1 Etelnet 192.168.0.0 255.255.255.0 inside
7 h9 c9 A- L. ptelnet timeout 5
8 y9 G7 {! r1 w2 d: z- Ossh 0.0.0.0 0.0.0.0 inside5 w1 |7 k- G |4 a- ^
ssh 0.0.0.0 0.0.0.0 outside
- s. w" H& \+ }, Z8 r. Cssh timeout 60! d* H' B7 d2 q3 T/ a$ }) N. [
console timeout 0
+ A3 G1 D; n( W5 z2 h# i; qdhcpd address 192.168.0.2-192.168.0.254 inside- f/ }; L. N1 N% R6 a
dhcpd address 192.168.1.2-192.168.1.254 management
6 p0 p6 x/ ^& o) A! n& W2 {dhcpd dns 61.128.128.68 61.128.192.68
( }* k4 c- s9 H! p: D1 Fdhcpd lease 36001 \9 T$ j+ k* b8 y) y
dhcpd ping_timeout 50/ @0 W& S- H2 @
dhcpd enable inside
: n/ D; x1 d. k! K+ qdhcpd enable management; J+ t8 k. z* s; z% `1 j
!0 O) Q. ?3 N$ d2 h T+ W
class-map inspection_default0 l0 M1 V+ b+ S4 u3 c- a2 [$ e
match default-inspection-traffic
7 V: I7 n0 ~3 U!( l9 K; ]8 N7 D* o: g: T: R% x3 L4 T2 ?4 x
!
# k! x9 _2 J9 c+ {7 f3 ]policy-map global_policy# G& d" j6 l; r& t" f+ k9 l& X& T, r3 R
class inspection_default
1 G) }* C# n. }& O inspect dns maximum-length 512 % G( [+ ]& l4 q! W$ Y- v9 j
inspect ftp : N1 P# L( ?8 \$ _4 w. S
inspect h323 h225 : h2 m3 y9 {/ U/ ~1 ?# t) p
inspect h323 ras
' H& r/ P' e w4 Y8 A$ Y! P$ c( L inspect rsh $ O8 O J6 @! H0 A3 W) z! j \
inspect rtsp
2 K9 z) I) n* O* F6 U, K% {; @ inspect esmtp 0 C9 m$ J1 \4 ~
inspect sqlnet
! M0 D- a( C, k6 t inspect skinny
( H, @4 O; R; V, I4 t) [" j$ f* [ inspect sunrpc ; D' [! F O0 ]; O J8 A
inspect xdmcp
" S) E% [. } `9 L inspect sip - j5 { V' l: I3 @3 E+ V! h
inspect netbios
4 U- ^% H" X' _& K5 } inspect tftp
1 B d/ O0 m3 X/ `4 M!: q2 }3 f9 S; [) M" c9 g6 G( w3 W2 W
service-policy global_policy global
, M( E" d9 u& Dclient-update enable' p, k( u, E* _* c
Cryptochecksum:aef2b202fd891d6f72ef70a222d07ad7, Y- l8 @: P' q* q
: end! R7 x! P5 E6 u7 H+ K0 g
3 |0 `$ _2 l3 v1 t( k请问下楼上的师傅QQ号是多少. 能否找你私下聊一下, 主要就是这个VPN的问题个. |
所有IT类厂商认证考试题库下载
【新盟教育】2023最新华为HCIA全套视频合集【网工基础全覆盖】---国sir公开课合集
【新盟教育】网工小白必看的!2023最新版华为认证HCIA Datacom零基础全套实战课
原创_超融合自动化运维工具cvTools
重量级~~30多套JAVA就业班全套 视频教程(请尽快下载,链接失效后不补)
链接已失效【超过几百G】EVE 国内和国外镜像 全有了 百度群分享
某linux大佬,积累多年的电子书(约300本)
乾颐堂现任明教教主Python完整版
乾颐堂 教主技术进化论 2018-2019年 最新31-50期合集视频(各种最新技术杂谈视频)
Python学习视频 0起点视频 入门到项目实战篇 Python3.5.2视频教程 共847集 能学102天
约21套Python视频合集 核心基础视频教程(共310G,已压缩)
最新20180811录制 IT爱好者-清风羽毛 - 网络安全IPSec VPN实验指南视频教程
最新20180807录制EVE开机自启动虚拟路由器并桥接物理网卡充当思科路由器
