ASA Version 7.0(8)
0 k- L' O! ^! I!7 S' G" H$ F6 I- D' e, [3 R
hostname ciscoasa9 Q" k N+ ]0 X% }
domain-name default.domain.invalid" _: }# S9 F1 y# s7 D7 K# e
enable password 8Ry2YjIyt7RRXU24 encrypted0 V% ?5 Z1 i. `
passwd 2KFQnbNIdI.2KYOU encrypted! n- n) m. ^/ Q" r8 {
names
7 V2 z6 G/ F( s9 |8 Qdns-guard
% _ a+ F+ c" q% q. Y: B!* L& a; h& g8 y! c1 f8 x
interface Ethernet0/02 C3 D& `7 B5 w/ O! H1 F
nameif inside1 U+ V0 z) q1 o6 C1 o) u v
security-level 100; l7 j$ _- w, [) K& y* e3 g# E
ip address 192.168.0.1 255.255.255.0 # f$ u5 R3 N, x# J
!, b! B0 g5 y0 ]' |. s$ A
interface Ethernet0/1( i8 }4 R7 J7 t7 ?2 [
nameif outside
: r/ @( A+ B& ]/ z9 N$ x security-level 0! T4 H* Q3 Y$ u" M; }% S. a
ip address 222.178.X.X 255.255.255.252 ) y. Z2 k" i( j/ a8 B
!$ B) G I+ F( C! p( K* _& c% U( h, e
interface Ethernet0/2, f2 _" y8 P4 y- t
shutdown. p+ Y$ n& C6 @, }- |
no nameif* [' y6 O/ ^5 y. d, R X
no security-level5 }: Y; A E9 Y
no ip address$ ]" }2 x( ~* k# k+ D: z
!
9 V g. a: w7 P$ M# Iinterface Management0/0$ y. {7 Q/ P* j, @" ~
nameif management) h$ U; {6 C y! l6 [& _
security-level 100
. X+ Y' t8 w, C7 |" f. ]0 ~ ip address 192.168.1.1 255.255.255.0
, L) E5 W: L8 c- Y management-only
- z6 ?; Z" U/ {!) v+ U7 Q$ a# D; b6 I$ h) O: M
ftp mode passive
6 v. Q( r: _- G% O3 Y! csame-security-traffic permit intra-interface
# O8 i5 E) H. x, a* @6 F8 m! qaccess-list 111 extended permit ip any any
6 C) |1 k' ~* i/ }/ w2 J6 Aaccess-list no-nat extended permit ip 192.168.0.0 255.255.255.0 192.168.10.0 255.255.255.0 7 R' Z, u8 N! q- s
access-list vpnclient_splitTunnelAcl standard permit 192.168.0.0 255.255.255.0 + ?. p0 e& U; N( F! J
pager lines 24+ ^& ^1 V# b6 K2 h# g; Q( M/ J
logging asdm informational4 S" r% p( r0 S: ?5 k, ~% q
mtu inside 1500
8 D/ Q& L# ~4 D9 y- amtu outside 1500" \1 u# g+ u5 H+ P' s) Y6 A
mtu management 1500
$ [' w1 g( X" b/ y/ Cip local pool vpnpool 192.168.10.100-192.168.10.199 mask 255.255.255.08 n0 {9 a+ l! D) \2 F, v; ]& z
asdm image disk0:/asdm-508.bin
2 Q) S: v" ?' i) `0 gno asdm history enable
4 H2 N2 k# A: X" P9 v: Z$ [) `arp timeout 14400
- X% g+ G4 A2 g1 t3 n' k1 D: F! eglobal (outside) 1 interface8 a. N v' N9 E. e. B8 J
nat (inside) 0 access-list no-nat; r8 b6 r- d6 K$ b
nat (inside) 1 0.0.0.0 0.0.0.0 N/ E; b: R1 U7 \
static (inside,outside) tcp interface 5900 192.168.0.210 5900 netmask 255.255.255.255 # P. }/ P' n/ i
static (inside,outside) tcp interface 1433 192.168.0.143 1433 netmask 255.255.255.255
, S6 R, b7 m+ S% L% b; n, rstatic (inside,outside) tcp interface 1434 192.168.0.143 1434 netmask 255.255.255.255
/ W* Z% F( G8 x. Y( E* g& `static (inside,outside) tcp interface 2425 192.168.0.143 2425 netmask 255.255.255.255 4 E: g3 Y0 o: n9 S D+ V% D
static (inside,outside) tcp interface 2426 192.168.0.143 2426 netmask 255.255.255.255 ) S/ }9 C: x7 N/ l$ y9 u8 p
static (inside,outside) tcp interface 2427 192.168.0.143 2427 netmask 255.255.255.255
* s$ G6 C: | u+ Z: C$ dstatic (inside,outside) tcp interface 2428 192.168.0.143 2428 netmask 255.255.255.255 : m# _$ O8 T1 o8 A5 }4 H+ A* @* p+ M
static (inside,outside) tcp interface 2429 192.168.0.143 2429 netmask 255.255.255.255 3 f) t8 l; h* L/ A$ E
static (inside,outside) tcp interface 5800 192.168.0.210 5800 netmask 255.255.255.255
+ I, C E- v M5 a b( F0 c/ G! @1 ]access-group 111 in interface outside
5 K/ t& R" P d7 l6 p* W, i6 E9 y/ _route outside 0.0.0.0 0.0.0.0 222.178.X.X 1$ a; ?4 U% i, U# u
timeout xlate 3:00:00/ h5 E8 T0 [+ _$ f7 a3 I' k: n
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
2 \: h) w) ]& F: Dtimeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 i5 \3 l8 ^5 g
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
, M! t$ ]$ F: F, ztimeout uauth 0:05:00 absolute4 x6 W; l$ w9 ~! \5 |' \
group-policy DfltGrpPolicy attributes
# w; Q. Y h3 d* l2 ~6 P) [ T banner none
8 K/ ]7 C2 U4 p wins-server none
Y5 }& d! e3 K dns-server none
2 y' E( a/ n1 N/ R; X( f6 t+ v dhcp-network-scope none
( D6 k5 d& v+ B% F: e vpn-access-hours none
! G9 g' e o. u- W vpn-simultaneous-logins 3 R: l/ J: d' u& V
vpn-idle-timeout 30
' ~- ?1 \% Y8 r' v) U6 f vpn-session-timeout none
1 G8 t9 J5 H B! N3 w) n vpn-filter none0 N/ \ @3 b& ^/ ~# [ B
vpn-tunnel-protocol IPSec webvpn4 z N9 q& L, W
password-storage disable
# I0 g- }5 g b. T- Q5 }2 _ ip-comp disable# u! B) p0 Y% ~8 u4 d' p0 H
re-xauth disable
! G6 O3 x& k; Q$ Y& g" q group-lock none
: r6 h! R/ D! m2 N2 \, Z8 M pfs disable
$ Q* _- ]7 W6 I+ s. H1 Z2 h# g ipsec-udp disable& c- c$ |$ r- E2 Z( e5 d
ipsec-udp-port 10000% g( I' w4 E; {, N
split-tunnel-policy tunnelall
8 @) z4 Q( W/ h! W( s split-tunnel-network-list none
9 O1 t2 _% d# {) k7 J u* S default-domain none
7 S% i- U5 V* ~ split-dns none
; y! R8 b+ N+ u0 M: C" ? secure-unit-authentication disable4 `. ]2 s( t9 u, R2 o% ?) U
user-authentication disable5 s r6 A7 h3 H8 M
user-authentication-idle-timeout 30% @5 P9 ?+ H' r. z9 k, p
ip-phone-bypass disable" o! l- N' W( U4 @5 [" ?- o
leap-bypass disable
2 u% }$ P1 g# r) c% t$ M0 X# p! A nem disable
: S$ |& Q. D+ H9 v" \ backup-servers keep-client-config9 M# @) v1 O: S% f2 a w
client-firewall none
8 W& `4 W6 m" O client-access-rule none# B1 G6 U+ s% X: D2 M
webvpn6 l8 t/ w4 g( f$ m- W2 u
functions url-entry
7 Y8 r; f. N0 I+ q. }3 x# I) m port-forward-name value Application Access
- W' _7 f7 B- ?* H0 u) x+ x) bgroup-policy vpnclient internal3 E$ u/ Q0 r; \* S: n
group-policy vpnclient attributes
! v* b4 A" j: ~* n& k dns-server value 61.128.128.67
8 R O6 a1 l( U4 A- J vpn-tunnel-protocol IPSec Q \6 N4 v% t& A* `
split-tunnel-policy tunnelspecified1 y8 v4 P2 R& {6 [; S
split-tunnel-network-list value vpnclient_splitTunnelAcl
' A2 A! ]4 d: ?9 m webvpn
, B- d5 y8 k% l2 k5 Zusername admin11 password 2oVCF4GkSvYRaajj encrypted
: ^* j4 ^! k* E% Z7 Q# ]$ \# K: Qusername admin11 attributes9 {2 {( c/ s3 E# g1 P+ ?* O( m R
vpn-group-policy vpnclient5 Z2 }$ w; R# D: t- i5 m, X
webvpn
% z3 x4 z, p8 t; {/ e/ g" g( {username cisco password 3USUcOPFUiMCO4Jk encrypted privilege 15
' k" {/ L! {" h' c/ m, ^aaa authentication ssh console LOCAL
' d3 m, U+ `2 q% b0 haaa authentication enable console LOCAL
4 \' I9 Y* A: S* V/ G) m$ v uaaa authentication http console LOCAL
7 L! f& {1 u$ vaaa authentication serial console LOCAL
4 N9 U) H& b! j; C; F! h1 caaa authentication telnet console LOCAL
; q( L0 C$ L! @ M" l( y, z* ?http server enable
' ?5 f+ l: y4 A8 d. j$ Uhttp 192.168.0.0 255.255.255.0 inside3 Q0 b7 I, Z, U! B
http 0.0.0.0 0.0.0.0 inside
$ Q8 k* i" R# B0 fhttp 0.0.0.0 0.0.0.0 outside
# U9 c. l5 J4 B9 a. qhttp 192.168.1.0 255.255.255.0 management5 F4 @0 h0 o# \0 T" Y9 e3 j$ S4 j5 b
no snmp-server location. _; C6 X z, j" _* N8 S
no snmp-server contact8 h1 ?% W3 Y9 i+ Z
snmp-server enable traps snmp authentication linkup linkdown coldstart
3 F1 C* l6 C; U3 Tcrypto ipsec transform-set vpnset esp-des esp-md5-hmac
) a& B5 ?" w' l/ _crypto ipsec security-association lifetime seconds 28800( q; _/ m+ i) O( P7 E# T
crypto ipsec security-association lifetime kilobytes 4608000
* n0 ^2 }6 v5 \2 bcrypto dynamic-map outside-dyn-map 10 set transform-set vpnset" ?+ A* _) y# S8 u2 S' V4 B& q
crypto dynamic-map outside-dyn-map 10 set security-association lifetime seconds 288000
& S, X0 P5 L5 C+ \' Ocrypto dynamic-map outside-dyn-map 10 set security-association lifetime kilobytes 4608000, A, P8 I6 z8 Q: A
crypto dynamic-map outside-dyn-map 10 set reverse-route
- Z# j8 T: Q2 H7 g$ z6 S/ Rcrypto map outside_map 65535 set security-association lifetime seconds 28800
; i/ V+ ?2 F) K, o' |! Lcrypto map outside_map 65535 set security-association lifetime kilobytes 4608000
2 O7 E$ N' y3 u" b2 h+ n" Pcrypto map ESP-DES-MD5 20 set security-association lifetime seconds 28800
; Q* t2 u1 y( N, b! i8 `crypto map ESP-DES-MD5 20 set security-association lifetime kilobytes 4608000
& T6 M% W' y* M; ?crypto map mymap 10 set security-association lifetime seconds 28800
! M6 |: L% z( U: o* g) E9 {$ Tcrypto map mymap 10 set security-association lifetime kilobytes 4608000! s! s% h( s4 A
crypto map outside-map 10 ipsec-isakmp dynamic outside-dyn-map& C; T' y1 Q5 ]5 @/ S$ q- V
crypto map outside-map interface outside/ @7 R. J1 H/ U- r% f4 S
isakmp identity address " {* F: d, {4 C. J/ Y* a: b
isakmp enable outside
q, s# a3 [2 j% e& Uisakmp policy 1 authentication pre-share# L) U, i2 B& m' R0 `$ O6 a
isakmp policy 1 encryption des2 e# G6 n2 n+ C4 r
isakmp policy 1 hash md5; J! [: ~+ z# N
isakmp policy 1 group 2
7 D% q9 c7 C0 H8 s9 sisakmp policy 1 lifetime 86400
# q- R4 S9 E! P$ _" U$ n5 V* \- pisakmp nat-traversal 20; }6 D+ u" k) c
tunnel-group DefaultL2LGroup ipsec-attributes
* T$ A& H5 S. o# a; ?* Q pre-shared-key *9 x% e2 x2 Y: @/ W; r# c
tunnel-group vpnclient type ipsec-ra
: R" @+ I; F$ h itunnel-group vpnclient general-attributes
# p" o& i: X) `# Q7 ^ address-pool vpnpool
( M$ i1 K B+ B- [7 U4 k( }7 c default-group-policy vpnclient* } {+ G* {, H% I' Z
tunnel-group vpnclient ipsec-attributes
1 i2 z( F7 Q; K0 n5 E, Q pre-shared-key *
1 u' B# |- O" C/ dtunnel-group-map default-group cisco- i) T! m: s5 t$ ]! a/ w
telnet 192.168.0.0 255.255.255.0 inside9 \5 P! I( Q& h9 c F5 ~, O
telnet timeout 5/ J6 n0 Y( ~$ ~
ssh 0.0.0.0 0.0.0.0 inside0 l; n* w$ f2 W6 `
ssh 0.0.0.0 0.0.0.0 outside
3 e& B5 |/ u- |6 M* b6 y9 E9 v! u! cssh timeout 60* Z0 H1 u( m' r- O, n, S/ O
console timeout 0
/ D8 p% ~' ?7 y, }1 E/ Edhcpd address 192.168.0.2-192.168.0.254 inside
/ X5 V3 @4 w9 J: m$ p1 I) Rdhcpd address 192.168.1.2-192.168.1.254 management
# h# i$ E& P" N( S5 Fdhcpd dns 61.128.128.68 61.128.192.68
5 F7 n- `' Q7 @2 p# Pdhcpd lease 36005 q6 d3 L+ b8 U& I
dhcpd ping_timeout 50
' `: s# e b+ B: i% D& [dhcpd enable inside
# ]. C; C# t/ }5 B2 Rdhcpd enable management6 R7 |/ w4 K; {/ N ?' Q/ Q
!0 y! L( q7 [8 { ^* ?; y
class-map inspection_default
# x5 g: v7 z2 W, g6 K* Q$ K9 M match default-inspection-traffic, c/ Q1 K3 ?9 O# W* G, C
!
2 G2 @0 p( [5 ?5 K N1 `!
4 n; P" I1 ]2 h5 z, ~$ J6 }policy-map global_policy
3 @3 e. X1 L+ D6 T# Q class inspection_default& E, ?" M& d5 E8 Z4 H, Q
inspect dns maximum-length 512 9 c7 Z/ ^3 [# J. W* w% C5 @! ]+ x
inspect ftp
" M7 {! r" P/ X( }" m6 n( o inspect h323 h225 7 }: w' Q" T( |0 [' A- I
inspect h323 ras
& R' I0 A. o( R% t) @ inspect rsh * V9 n% F6 a7 k$ v9 Z" r* o6 M
inspect rtsp
) \6 E/ g5 ^/ Z, N8 }3 c inspect esmtp ) l; T" B& n2 i1 s; r
inspect sqlnet
* R& K4 _5 S: e, Z' S inspect skinny
3 s% H- Y2 u* E# G( I inspect sunrpc 4 G, ?% I& ~! P' `/ g7 }- R, t
inspect xdmcp
/ b6 X! T' u* c8 C; Q inspect sip 5 a( y% O& c) m3 O9 [
inspect netbios
! i1 h, O1 m! w' Q: {* b inspect tftp
, g; T0 Y3 M' T' ]* h( O!0 C6 _ Z( |5 p! X; {
service-policy global_policy global
' A" J( a9 ^+ A s. _4 V, @client-update enable3 W Q1 {* G6 w( k
Cryptochecksum:aef2b202fd891d6f72ef70a222d07ad7
' |) }* t7 j9 v0 g# p B8 i: end
8 h4 S: p: z! H v+ W) `. p M7 m$ B; Q
请问下楼上的师傅QQ号是多少. 能否找你私下聊一下, 主要就是这个VPN的问题个. |
所有IT类厂商认证考试题库下载
【新盟教育】2023最新华为HCIA全套视频合集【网工基础全覆盖】---国sir公开课合集
【新盟教育】网工小白必看的!2023最新版华为认证HCIA Datacom零基础全套实战课
原创_超融合自动化运维工具cvTools
重量级~~30多套JAVA就业班全套 视频教程(请尽快下载,链接失效后不补)
链接已失效【超过几百G】EVE 国内和国外镜像 全有了 百度群分享
某linux大佬,积累多年的电子书(约300本)
乾颐堂现任明教教主Python完整版
乾颐堂 教主技术进化论 2018-2019年 最新31-50期合集视频(各种最新技术杂谈视频)
Python学习视频 0起点视频 入门到项目实战篇 Python3.5.2视频教程 共847集 能学102天
约21套Python视频合集 核心基础视频教程(共310G,已压缩)
最新20180811录制 IT爱好者-清风羽毛 - 网络安全IPSec VPN实验指南视频教程
最新20180807录制EVE开机自启动虚拟路由器并桥接物理网卡充当思科路由器
