ASA Version 7.0(8) % ^9 p9 ]8 b* X
!& a2 j" o9 m0 F: \( w g* `
hostname ciscoasa
- C) ~( Z% ~1 b+ udomain-name default.domain.invalid$ U& `- P! D- a# ]7 y2 Z& R
enable password 8Ry2YjIyt7RRXU24 encrypted: V1 x* v; N& d, l
passwd 2KFQnbNIdI.2KYOU encrypted1 W C2 b; Y0 S3 d! q" B# T& e
names" R' m. j( V; {$ o* M
dns-guard& X5 \1 I2 Z' U/ o
!
* y) {3 `' A$ m- J! i; Yinterface Ethernet0/09 Z" `: h7 I# k2 y+ \* x& a6 n' ^- x
nameif inside# Q0 r1 x8 r$ z' z G; J0 T# [- C
security-level 100
/ u8 J6 ~1 {7 N( L ip address 192.168.0.1 255.255.255.0 ! q7 p6 F, d! w t8 q
!5 \3 m0 m; Q, Y5 m d# y9 t
interface Ethernet0/1) Y* _" D5 ~ `: g* c) Y0 G& j3 ]
nameif outside
1 Z# I* Z/ j. F: d$ @4 U- { security-level 0
# i0 _/ q1 X$ g! P7 [( S ip address 222.178.X.X 255.255.255.252
5 m' \4 F! w! s$ D! G" S!
6 a1 |7 _2 K' A! W. Ointerface Ethernet0/2
% w; K2 d1 I/ w) i, [: p* k3 G shutdown# |+ l6 K; K8 J
no nameif; i* N! T# g* ^- M: m
no security-level
$ ~; @% W4 j5 [# G no ip address7 w6 `4 Z! n. x; b2 b
!
0 @; m; E i; S# c9 einterface Management0/0
) L2 L& ~3 H# U5 |5 d2 N/ I5 c nameif management1 e: c' T( O9 G1 \- }0 |
security-level 100( }. c i7 U, g$ [' V5 ?
ip address 192.168.1.1 255.255.255.0
& Z% M5 d) l4 z% w3 ^+ u( F management-only# K" ? O/ ~# S2 c% F
!
) Q2 W1 i, V0 s5 P5 Eftp mode passive6 }. I Y* y! u9 |- f5 |
same-security-traffic permit intra-interface
, v3 W5 u4 z' W1 xaccess-list 111 extended permit ip any any
2 c3 m: \9 i& N" aaccess-list no-nat extended permit ip 192.168.0.0 255.255.255.0 192.168.10.0 255.255.255.0 1 T( m _+ p, ^7 B1 B0 |
access-list vpnclient_splitTunnelAcl standard permit 192.168.0.0 255.255.255.0
9 e- ~ |: f, n. v3 E Gpager lines 24: Z4 Z( U3 W& ?$ Q# V: K; }7 N
logging asdm informational
0 {+ @1 T2 M- U7 |0 Ymtu inside 1500
9 o8 ]4 r( e2 M# I: h5 zmtu outside 1500
9 `* k7 ?* @* V: w7 L! kmtu management 1500
/ {, O- |9 H9 m s# Q4 Hip local pool vpnpool 192.168.10.100-192.168.10.199 mask 255.255.255.0
- A( X1 a& Z; ?" J2 pasdm image disk0:/asdm-508.bin
& a5 e- t$ K1 p C, Gno asdm history enable7 B% s2 Y, H5 z7 ? m. C' R8 c
arp timeout 14400
$ m4 ~; D9 i- y# `' U0 h' o( Kglobal (outside) 1 interface
" w, u! K2 E+ D3 Vnat (inside) 0 access-list no-nat: ]$ c1 w2 H0 y S1 |1 R/ h
nat (inside) 1 0.0.0.0 0.0.0.0
' o, B0 T5 Z6 q1 [! u* }, G0 Rstatic (inside,outside) tcp interface 5900 192.168.0.210 5900 netmask 255.255.255.255
) q* S; i1 i6 ?6 J; o2 Z5 \static (inside,outside) tcp interface 1433 192.168.0.143 1433 netmask 255.255.255.255
, n; N/ M* z4 |1 n; Gstatic (inside,outside) tcp interface 1434 192.168.0.143 1434 netmask 255.255.255.255 ( J; u" n4 ~% `* ?9 I" R9 J- \ a
static (inside,outside) tcp interface 2425 192.168.0.143 2425 netmask 255.255.255.255 ( n4 n4 m/ _, q( x) v! E5 @! t
static (inside,outside) tcp interface 2426 192.168.0.143 2426 netmask 255.255.255.255 ' w6 a* }, K& D. H1 N
static (inside,outside) tcp interface 2427 192.168.0.143 2427 netmask 255.255.255.255 ) U9 y m, y7 @' s* W/ t" h
static (inside,outside) tcp interface 2428 192.168.0.143 2428 netmask 255.255.255.255
/ ], m+ \- c# Estatic (inside,outside) tcp interface 2429 192.168.0.143 2429 netmask 255.255.255.255 # f# B% s. y( \% ?% Q
static (inside,outside) tcp interface 5800 192.168.0.210 5800 netmask 255.255.255.255
7 v# P; G: |% o! L3 H$ c1 y! Z1 Caccess-group 111 in interface outside A6 p: I$ k2 o
route outside 0.0.0.0 0.0.0.0 222.178.X.X 1+ r: p) \$ T) l, v: W6 P" \8 t
timeout xlate 3:00:00
# \4 ?5 z7 w4 Y0 e) q, d1 d, a. btimeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02# C7 P3 y! `: t% [# I+ X
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00) P2 e/ }8 d' q; y& ?
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00" [$ p& p+ d4 d$ w/ \
timeout uauth 0:05:00 absolute' l. f2 |7 h$ N- m2 C3 L8 T( Y1 d; j
group-policy DfltGrpPolicy attributes
4 X& ^9 [# t% {& y3 @ banner none
) }! D' W8 {$ Y" C7 ]( L- ?+ {4 V. r wins-server none
% n0 H: {8 q# e dns-server none
0 M# ?5 @5 O1 |& e* e3 z) J2 f7 J dhcp-network-scope none
4 f' r6 P. J4 A1 r: s' o7 l vpn-access-hours none
& W1 s8 b+ P' h) F2 | vpn-simultaneous-logins 3
) [( B0 U( ~3 b) a* ^. t* o% m: g vpn-idle-timeout 30
. T$ A0 f& d6 v9 x vpn-session-timeout none
2 I% ?) K3 E) ~ vpn-filter none
* v! S' |+ }$ o% j5 D% U' q& k vpn-tunnel-protocol IPSec webvpn
5 r' N1 o5 F6 V; U7 M. W, D* j& i password-storage disable4 M& A" o7 G8 ?5 I* ~# b
ip-comp disable
3 x5 v1 m6 R# p; j6 V' @$ @9 @ re-xauth disable
+ F- U8 d- i9 d group-lock none
0 q+ H* S2 a& n9 g0 I1 P/ U pfs disable
8 @; l5 K& N2 K1 r. J3 x0 E ipsec-udp disable
- R% [2 O: ~" e+ h: n# h ipsec-udp-port 10000
& S+ W0 e- k! T. G2 ^/ X3 E3 g split-tunnel-policy tunnelall
9 i# R: H) {5 E, g! o8 l split-tunnel-network-list none
. a' y' W9 v% [; n default-domain none' }* W7 W, N' V; R9 g# b0 i
split-dns none4 K1 }/ f+ n9 |/ H$ C9 S
secure-unit-authentication disable/ E9 b; ^4 Z4 m* l8 y
user-authentication disable9 h# Q5 D' w2 h% q0 H/ W5 {) Z
user-authentication-idle-timeout 30; I J6 b2 i+ T) _; ]0 ^
ip-phone-bypass disable
( o0 r& V/ ]" }3 [( n# t' r, W leap-bypass disable- n7 W" v& @7 W' e$ R3 V3 B
nem disable
' _' W/ _5 z, {) z( J backup-servers keep-client-config
/ k. }, \8 ~/ _: G. r client-firewall none
4 P/ |! B8 q6 a+ A4 C; n! T client-access-rule none
# N# w4 }2 T' t webvpn
" }# K/ k7 y: l0 E functions url-entry! }/ v. D: G9 ]: m7 P# P
port-forward-name value Application Access1 d/ {6 m# d- K% C6 _& ~
group-policy vpnclient internal0 A% B" T1 ?) I f
group-policy vpnclient attributes }( R1 Z# o1 H. x4 h# q
dns-server value 61.128.128.67
; ~' x% D) V' i& s& U# U" e vpn-tunnel-protocol IPSec # x# R9 A& ?0 N- D* N9 [
split-tunnel-policy tunnelspecified
% v% h5 e% e$ R) T2 H( W split-tunnel-network-list value vpnclient_splitTunnelAcl! d5 p* F8 e8 n3 F1 z# F! ^
webvpn
, {( V5 E; [5 G3 \* Y! k1 `username admin11 password 2oVCF4GkSvYRaajj encrypted) f# C( c, f( p
username admin11 attributes
8 T8 E6 \ D3 r7 I* m vpn-group-policy vpnclient
8 ~- X& o( D, T/ V) Y: } webvpn
$ O! {/ F4 X/ W- {" C Gusername cisco password 3USUcOPFUiMCO4Jk encrypted privilege 15
" x( l7 k6 b- L+ p2 Q7 W3 Eaaa authentication ssh console LOCAL x1 j1 q- `& F9 M
aaa authentication enable console LOCAL ' l3 V! J: F) z; R
aaa authentication http console LOCAL + F6 n- b0 B% H6 L t& H. G
aaa authentication serial console LOCAL
* b# ~( ~5 [5 x+ z1 w9 u2 b+ jaaa authentication telnet console LOCAL : Q9 B% b, @: F3 A
http server enable
- S f5 g' n8 \' |5 A, M& T0 Ehttp 192.168.0.0 255.255.255.0 inside/ B3 L! ^4 [: B% c; A5 y3 ]! N* F
http 0.0.0.0 0.0.0.0 inside
. }: F1 U( p5 ?5 p6 {# x& nhttp 0.0.0.0 0.0.0.0 outside
+ N+ O- ~, ]! B: f3 X# i, i% Mhttp 192.168.1.0 255.255.255.0 management
* X. Z5 j/ Q$ w$ K& Z( p, C' Q: [no snmp-server location
' d0 J' A0 l' [3 m6 W. c, ano snmp-server contact+ f3 x. f4 e, f. G% g; X, t
snmp-server enable traps snmp authentication linkup linkdown coldstart& Q0 x6 l* o# x# |
crypto ipsec transform-set vpnset esp-des esp-md5-hmac ' n3 g) Q! e6 U+ W
crypto ipsec security-association lifetime seconds 28800- E. ^! v' z" e6 }' ^0 m% ^/ _
crypto ipsec security-association lifetime kilobytes 4608000
4 c- C7 p. C2 v' |, Lcrypto dynamic-map outside-dyn-map 10 set transform-set vpnset
+ X5 z2 V: p' lcrypto dynamic-map outside-dyn-map 10 set security-association lifetime seconds 288000
4 p* q8 S$ ^4 k2 S$ g, }crypto dynamic-map outside-dyn-map 10 set security-association lifetime kilobytes 4608000
' g1 i9 G2 m- M X0 G! gcrypto dynamic-map outside-dyn-map 10 set reverse-route' R* k+ k: `9 a N( `9 M' B) I
crypto map outside_map 65535 set security-association lifetime seconds 28800& a! ~9 R! L' R8 F. K7 H( G$ c2 }
crypto map outside_map 65535 set security-association lifetime kilobytes 4608000
4 i8 s" o! n+ kcrypto map ESP-DES-MD5 20 set security-association lifetime seconds 28800
; T5 @& N/ w/ K2 x1 P" v9 Zcrypto map ESP-DES-MD5 20 set security-association lifetime kilobytes 4608000
, }4 f" {! [# h7 t7 p. M7 kcrypto map mymap 10 set security-association lifetime seconds 28800
) [- F" F4 f( Rcrypto map mymap 10 set security-association lifetime kilobytes 46080009 _6 |/ _: S' O( a
crypto map outside-map 10 ipsec-isakmp dynamic outside-dyn-map
V; x7 f" ^0 ncrypto map outside-map interface outside
# l: U. q: k; Q- l' l5 m; Yisakmp identity address . {* |9 h5 C6 U* P. Y
isakmp enable outside
: O6 b8 {- y$ S, Sisakmp policy 1 authentication pre-share
; H* R9 `1 `6 oisakmp policy 1 encryption des
; R4 \+ ?/ P9 _9 k; Sisakmp policy 1 hash md5
) f0 v7 M1 B8 S3 oisakmp policy 1 group 2
2 V5 e9 y( [6 V& p3 B4 y7 y( \isakmp policy 1 lifetime 86400
6 _* C. t- F- aisakmp nat-traversal 20
s8 e. F1 @; }# A8 ^: j# ctunnel-group DefaultL2LGroup ipsec-attributes0 o: u0 i) B$ z
pre-shared-key *
9 q3 O- N' E# R7 S) ktunnel-group vpnclient type ipsec-ra* [4 t, _# i% K4 F* P7 b
tunnel-group vpnclient general-attributes
; H+ s9 c. l3 z' P7 ]; e! r$ a- F3 E address-pool vpnpool. G4 j& g: V |$ Z7 J$ y
default-group-policy vpnclient0 x- t, ]7 z& ?8 |$ e9 [
tunnel-group vpnclient ipsec-attributes2 U9 O8 A+ z& n$ m2 ~
pre-shared-key *
; m: @% Z9 }3 J0 Ytunnel-group-map default-group cisco' F d1 h; I3 Y7 X! K$ j$ d
telnet 192.168.0.0 255.255.255.0 inside
& f9 ^ W4 w1 Y! d8 Otelnet timeout 59 \( c; Z2 V$ j# D4 }5 ]
ssh 0.0.0.0 0.0.0.0 inside
# V' m8 F- G) a$ q* H: r3 Ossh 0.0.0.0 0.0.0.0 outside
% {- y2 l6 g) `, b9 v3 {7 hssh timeout 60; ~; c: k: G5 h* j" ^
console timeout 0
. l' \$ c$ {; i/ v) r: L' Zdhcpd address 192.168.0.2-192.168.0.254 inside1 n& r( z$ t$ Q P, e+ Y( N5 o
dhcpd address 192.168.1.2-192.168.1.254 management
& Z" F- ~$ S1 H& }! |% l7 _3 Pdhcpd dns 61.128.128.68 61.128.192.68; F% [0 a- U5 s; }& M Z8 H
dhcpd lease 3600
6 A+ c8 X, |/ P) |5 j- kdhcpd ping_timeout 50# n: t! M& w9 g# Z
dhcpd enable inside
. e, o: {7 t" C- d, Pdhcpd enable management
) s; X5 N9 j4 J* {!+ O2 H1 f: |7 ]6 X! w; J$ }
class-map inspection_default
) j1 b# ^7 P3 S9 m5 ^8 e match default-inspection-traffic8 |% [% W" I4 d1 w2 [5 u
!
& G! b. @" }. Z! [4 s; U) k!
& ^$ @4 y4 t: H% m. hpolicy-map global_policy
9 P) ^2 h) q9 W$ z) c" s. n class inspection_default$ m6 I# U3 J8 I; D! o( \
inspect dns maximum-length 512
4 N$ ^: L' p8 G& s- b inspect ftp & i" e, r- ?6 v, k/ E- `! K2 l! s0 P
inspect h323 h225
, [0 b: ^( R& o3 M inspect h323 ras
/ G& _* y" K/ T3 h inspect rsh % W4 Y* b3 d3 X; }
inspect rtsp 3 G" E$ P) S F. L& q: Y, m* t6 P2 W
inspect esmtp % b: z$ i9 f0 I5 N0 C: x. k2 g! ]. D
inspect sqlnet 2 V- W+ x$ M4 b0 Q5 H) M* C5 P
inspect skinny
, n t: s3 H# R; P7 w* I* m. Z0 b inspect sunrpc
e2 `, N9 V6 k+ j inspect xdmcp / c4 ]7 u& \" i
inspect sip + i" N. e0 s4 ]/ Y1 P5 ]; L: }
inspect netbios # o. O7 o8 c6 U
inspect tftp ( Z6 R7 q9 _8 i) }: r& ]) j# [
!1 z: D! b* U3 A& l! Y `# F) g
service-policy global_policy global. w& C. C1 Q7 B5 c @8 v+ l7 X6 e6 O
client-update enable" U3 ^# R& C( R, Q1 {+ w5 o
Cryptochecksum:aef2b202fd891d6f72ef70a222d07ad7- P+ y3 S% d$ ?: O# Y( m
: end% x3 ?& ]0 `& U _$ E4 g8 ?) S
9 a/ p1 }. z: ^9 t: d9 N请问下楼上的师傅QQ号是多少. 能否找你私下聊一下, 主要就是这个VPN的问题个. |
所有IT类厂商认证考试题库下载
【新盟教育】2023最新华为HCIA全套视频合集【网工基础全覆盖】---国sir公开课合集
【新盟教育】网工小白必看的!2023最新版华为认证HCIA Datacom零基础全套实战课
原创_超融合自动化运维工具cvTools
重量级~~30多套JAVA就业班全套 视频教程(请尽快下载,链接失效后不补)
链接已失效【超过几百G】EVE 国内和国外镜像 全有了 百度群分享
某linux大佬,积累多年的电子书(约300本)
乾颐堂现任明教教主Python完整版
乾颐堂 教主技术进化论 2018-2019年 最新31-50期合集视频(各种最新技术杂谈视频)
Python学习视频 0起点视频 入门到项目实战篇 Python3.5.2视频教程 共847集 能学102天
约21套Python视频合集 核心基础视频教程(共310G,已压缩)
最新20180811录制 IT爱好者-清风羽毛 - 网络安全IPSec VPN实验指南视频教程
最新20180807录制EVE开机自启动虚拟路由器并桥接物理网卡充当思科路由器
