ASA Version 7.0(8) $ Q7 D- ?% P; y' B; {' o
!
$ v- M2 n/ x0 H! ?hostname ciscoasa; {7 y {/ a0 b. J, m+ p& q3 n9 f6 A R
domain-name default.domain.invalid% ?3 j( b; L: k
enable password 8Ry2YjIyt7RRXU24 encrypted
- C6 X) y8 D+ B! Tpasswd 2KFQnbNIdI.2KYOU encrypted
; C6 M. ?' o. D( [4 {4 dnames7 K1 `: @, N6 g( }! D6 L& t! E# r( X* O
dns-guard: W' s# |3 P- l8 L$ j
!+ r/ D( C, K- y; [: Z$ f
interface Ethernet0/0
' @$ w) _: O& O5 j7 u0 Y nameif inside
! B! x$ U% |0 \+ ~9 `; }: R security-level 100
& e% f, {: b$ E ip address 192.168.0.1 255.255.255.0
# E0 h1 B3 m5 ?$ M!
/ J$ n3 p9 E' Uinterface Ethernet0/1 I1 `/ K2 [) s1 _
nameif outside
4 @! W/ ]1 G2 }( I+ ~; D security-level 0
: y1 I, F( F1 A ip address 222.178.X.X 255.255.255.252
1 Q) h. R' h0 f9 p* g6 U" E; V& z!
4 j( s7 Y" A+ e' ~interface Ethernet0/2! ?# T n% q8 l+ r! B S0 x' n
shutdown
7 o9 R s m7 ?3 h: v no nameif! t1 t" O" U N" m, j
no security-level' q" o4 Q s, Z1 @. @8 X
no ip address1 B( ^' Y$ r, P/ ~/ }
!
' D7 n9 @) z Cinterface Management0/0
0 e( v5 A0 n$ {5 s* a! a/ V0 t7 b2 X nameif management1 ?0 p- y& n# k
security-level 100
6 b! I2 {: C( e) _/ W) u# \) p ip address 192.168.1.1 255.255.255.0 ; `( H7 f/ p' o G
management-only
7 r+ I& _" P, u' ]4 |) l!
3 g7 T2 Z' A1 x% zftp mode passive2 c0 |/ x$ |- Z4 o1 W. C
same-security-traffic permit intra-interface
( _! {5 Y- S9 C% W5 l9 ~9 G' W( Daccess-list 111 extended permit ip any any
; ~9 L7 H# c! Caccess-list no-nat extended permit ip 192.168.0.0 255.255.255.0 192.168.10.0 255.255.255.0
/ v9 I9 g# R' U: X/ Uaccess-list vpnclient_splitTunnelAcl standard permit 192.168.0.0 255.255.255.0 1 `4 t& [' q* r/ B
pager lines 24. c' ]3 i! k4 Y& t) G
logging asdm informational$ e. ^4 E+ c- Y
mtu inside 1500( n. a$ O# X% n1 n% u( t! \5 ]
mtu outside 1500
* z3 O9 r+ H* ]3 J% J0 lmtu management 1500
2 h/ c4 U, L2 J% ~9 h" c1 Gip local pool vpnpool 192.168.10.100-192.168.10.199 mask 255.255.255.0
7 D9 g- T# U0 N( _4 rasdm image disk0:/asdm-508.bin
$ \6 J" N- g. U+ Wno asdm history enable; }5 T! e) }4 J7 p [- u# r+ S
arp timeout 14400; y2 Z5 j, `+ j% k' \. Y
global (outside) 1 interface: y& x) Z4 y; e, U6 `7 Y
nat (inside) 0 access-list no-nat
3 E g' R5 f. t4 v; e( F/ @/ jnat (inside) 1 0.0.0.0 0.0.0.0
C2 Q! h6 P5 v; X) g! xstatic (inside,outside) tcp interface 5900 192.168.0.210 5900 netmask 255.255.255.255 4 K% G2 [ |- M( K2 V: k" W, K5 Q, F
static (inside,outside) tcp interface 1433 192.168.0.143 1433 netmask 255.255.255.255 ! U3 e4 |9 ]4 J+ B# c" o5 b
static (inside,outside) tcp interface 1434 192.168.0.143 1434 netmask 255.255.255.255 4 ^: U9 r2 _$ {( d# Y
static (inside,outside) tcp interface 2425 192.168.0.143 2425 netmask 255.255.255.255 7 ?( n: N# ]/ q
static (inside,outside) tcp interface 2426 192.168.0.143 2426 netmask 255.255.255.255 & @# {6 I, S9 g- p7 P
static (inside,outside) tcp interface 2427 192.168.0.143 2427 netmask 255.255.255.255 1 R: T+ @. E+ V# w7 D. z. t. t
static (inside,outside) tcp interface 2428 192.168.0.143 2428 netmask 255.255.255.255 / {6 |* W: H' J; R
static (inside,outside) tcp interface 2429 192.168.0.143 2429 netmask 255.255.255.255
+ X4 o n; n" k- I0 Bstatic (inside,outside) tcp interface 5800 192.168.0.210 5800 netmask 255.255.255.255
0 s7 U! U3 }0 L5 a- Taccess-group 111 in interface outside# q& k, m0 z' c1 F6 t
route outside 0.0.0.0 0.0.0.0 222.178.X.X 13 P) H ~. Q9 A' i& d$ e t
timeout xlate 3:00:00
4 z' P$ L9 ~; ]timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02+ U7 j9 u5 \; N$ n" E
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
- X8 T/ W! l; p7 ytimeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:002 Y% `( l% X# x
timeout uauth 0:05:00 absolute. y) F/ F% m @
group-policy DfltGrpPolicy attributes) u4 X/ a6 `& U2 C( @
banner none# _, W/ F" n4 {+ V2 L X
wins-server none7 B7 L+ |# y8 o: i4 n3 B2 l' Q6 O
dns-server none
" R; m9 ~7 ]- H dhcp-network-scope none
# {: v C0 H) u/ k- W vpn-access-hours none
; l9 K6 F6 n. @9 w4 L7 W" E vpn-simultaneous-logins 3
5 A& p9 G' K9 G) a- G- n vpn-idle-timeout 30- A: J/ ~4 h$ _
vpn-session-timeout none o% g+ Z- ^& I+ l& h! ~
vpn-filter none
+ i. {2 Y5 i: w$ Q/ D! W: U" k vpn-tunnel-protocol IPSec webvpn o V3 Q$ T+ n
password-storage disable
3 b% A" o7 Z# P4 v ip-comp disable
+ {! J5 ]9 k" ~ F, _ re-xauth disable
% P. \! Z! h; _) |- v9 P group-lock none- `+ M6 ]+ C* _& v; b& e
pfs disable
* p0 r+ |5 \, ?; e8 c$ B ipsec-udp disable& r- a2 ^# T2 m; [/ w; x) a
ipsec-udp-port 10000
- k1 K% x3 \$ `$ r& D; A1 X split-tunnel-policy tunnelall4 o. x; G$ N) s, _2 [
split-tunnel-network-list none9 B! O0 `1 H2 G8 P
default-domain none
6 P7 u8 G. `/ @$ A9 h split-dns none
& _. q2 w+ t1 x- O9 w3 V. w7 N secure-unit-authentication disable
- I0 x/ v5 ^, C) e3 d$ k user-authentication disable. h) a! F$ K9 N9 H: A7 M
user-authentication-idle-timeout 30
- \( a- b, U' | [5 H, k% I6 m ip-phone-bypass disable
1 q. B+ j, I$ S6 b& I G leap-bypass disable
% s* p- U( w1 x: Z, h nem disable7 K! T+ w: V4 [7 A) I; {* r
backup-servers keep-client-config1 |% W B5 {5 b/ U3 j
client-firewall none
X+ y+ L2 f P- M4 E% i" c client-access-rule none
- X0 s5 G% D- H5 @2 \9 ? webvpn8 I- ~3 [6 X, ^( l' n3 j6 \
functions url-entry
8 b6 p$ g. t1 | port-forward-name value Application Access8 i2 V8 @; |. e2 @/ [: d
group-policy vpnclient internal
# o) q; @: ?! \* G& Y0 egroup-policy vpnclient attributes
6 j8 x8 _8 X$ m' t/ J @8 x dns-server value 61.128.128.67" L$ @; c3 p: Q0 f+ b6 f
vpn-tunnel-protocol IPSec
6 |0 W! D7 _$ J& J: `2 g i split-tunnel-policy tunnelspecified
% Y- j( u; P% t) _ split-tunnel-network-list value vpnclient_splitTunnelAcl/ H4 m% W2 I5 o. J: D
webvpn4 m% U- I! M4 S) I% }: H: i
username admin11 password 2oVCF4GkSvYRaajj encrypted
1 r/ U- }- ?: Eusername admin11 attributes: t ~7 z+ |. F- s) q
vpn-group-policy vpnclient
- @* L; G* g/ s, m4 |6 J webvpn
" S3 e" D2 e6 S" U( Zusername cisco password 3USUcOPFUiMCO4Jk encrypted privilege 15
U# ~# V+ X* v, J- q- maaa authentication ssh console LOCAL # R; u+ l3 H2 }# K5 o8 q/ @5 Y
aaa authentication enable console LOCAL
* p% y' u! U8 J7 {: Jaaa authentication http console LOCAL
! `* p/ e) _6 E4 \9 L& caaa authentication serial console LOCAL 2 x7 l( C7 t0 J9 l# Y7 i
aaa authentication telnet console LOCAL
1 V4 r9 ], L% G' l8 _' zhttp server enable
, [- k4 b: [: i+ l1 g! O- h' o0 {http 192.168.0.0 255.255.255.0 inside" ~# N3 p7 P' w
http 0.0.0.0 0.0.0.0 inside
+ X+ g0 X5 k/ z8 n, s7 R$ w( H0 [http 0.0.0.0 0.0.0.0 outside
: A8 r: |" k8 w! [http 192.168.1.0 255.255.255.0 management8 ?5 u; K# C3 G c" x
no snmp-server location& e* I u) D& a! \
no snmp-server contact
* {. `& t( }5 ?6 U% ?4 tsnmp-server enable traps snmp authentication linkup linkdown coldstart
8 M( h8 v1 A% [7 O7 O9 k& ncrypto ipsec transform-set vpnset esp-des esp-md5-hmac / L& R4 k: e5 n* k! F
crypto ipsec security-association lifetime seconds 288009 e8 v {% X% v
crypto ipsec security-association lifetime kilobytes 4608000' A! Z: d9 K2 M% H
crypto dynamic-map outside-dyn-map 10 set transform-set vpnset# d2 V4 J2 K: K9 A% j& n& J1 R
crypto dynamic-map outside-dyn-map 10 set security-association lifetime seconds 288000
0 I/ A0 A V! n( O [crypto dynamic-map outside-dyn-map 10 set security-association lifetime kilobytes 46080001 |3 q8 u7 Q8 O- w8 M3 y
crypto dynamic-map outside-dyn-map 10 set reverse-route
. L1 i0 m) F! C+ p( M7 d. a6 Xcrypto map outside_map 65535 set security-association lifetime seconds 28800
" R* I6 Z/ f6 B: mcrypto map outside_map 65535 set security-association lifetime kilobytes 46080005 _7 w$ M2 r$ W# \; x
crypto map ESP-DES-MD5 20 set security-association lifetime seconds 28800" ~( C. Z( \9 u0 K$ P, O
crypto map ESP-DES-MD5 20 set security-association lifetime kilobytes 46080008 W! y6 {) \0 P- `; `
crypto map mymap 10 set security-association lifetime seconds 28800 x6 e+ m5 F4 ]8 i5 X
crypto map mymap 10 set security-association lifetime kilobytes 4608000$ V+ D4 i4 s4 f3 u* c
crypto map outside-map 10 ipsec-isakmp dynamic outside-dyn-map
4 t" y, C: S' z+ Tcrypto map outside-map interface outside1 A% K5 @, ?5 S8 O7 S
isakmp identity address 1 |/ l, B" {! A+ z9 k8 K0 R
isakmp enable outside
: c9 e: I" c) H) E5 S& W+ hisakmp policy 1 authentication pre-share* U" h( `: T5 i
isakmp policy 1 encryption des& e4 o D9 _7 x* l
isakmp policy 1 hash md5
0 [, I! h; B, M$ c% Cisakmp policy 1 group 20 ~; P6 g' v' ]
isakmp policy 1 lifetime 864005 C# K: A6 ~1 R3 l7 i$ X2 K# |) ]
isakmp nat-traversal 20
5 E" w+ q. v1 g- J v. atunnel-group DefaultL2LGroup ipsec-attributes
; A0 X3 ]! ^% g' ]$ g+ C0 p pre-shared-key *0 z/ e( E h9 _, A. p# B
tunnel-group vpnclient type ipsec-ra6 p6 n" x9 R! i$ T5 a. |
tunnel-group vpnclient general-attributes
& I- g. P( ^% g5 `8 K& q# Z* G4 m address-pool vpnpool
" g( g- i: P/ d, c; p. `$ o default-group-policy vpnclient
9 q- H0 U A. r! C. S3 \$ O9 atunnel-group vpnclient ipsec-attributes
9 a3 f3 ^; v6 L pre-shared-key *
6 A) t/ Z3 j3 g! S! Ctunnel-group-map default-group cisco/ P2 j) i" e( \7 \! J! q
telnet 192.168.0.0 255.255.255.0 inside* b6 D% g7 R0 M5 P r
telnet timeout 5- D* f: r% ?; j( \
ssh 0.0.0.0 0.0.0.0 inside& i5 v0 z% Q# r& e- C1 Y
ssh 0.0.0.0 0.0.0.0 outside1 R2 t1 I1 {9 d' ^1 I& ?8 T* k
ssh timeout 60
8 {8 i+ ?4 j1 j# F o, }& V/ Cconsole timeout 0& c+ P7 n( x! N: V5 Y# q
dhcpd address 192.168.0.2-192.168.0.254 inside9 v) G: y* Q0 y" ?% {
dhcpd address 192.168.1.2-192.168.1.254 management# A. g4 v3 A, n2 K2 ^3 r9 |
dhcpd dns 61.128.128.68 61.128.192.68- ]/ q4 V- C5 Z! Y; A7 [7 }
dhcpd lease 3600! l; x. y3 B. U' g1 T" y
dhcpd ping_timeout 50# k2 {) E- X8 T) ]8 O. O, L2 _+ R
dhcpd enable inside
4 _+ [: }- e4 {dhcpd enable management d! O# s7 K8 h( M
!
% x9 v( Y3 R3 ^# Xclass-map inspection_default* |1 y( [: Z& P( D' G
match default-inspection-traffic; z/ r! ?' `! O, g$ Z7 C5 v
!
1 b. ~: x. z* u0 }! A!* B1 y$ N B3 D3 d% j) p" G X
policy-map global_policy1 ?3 N9 i* @. r+ f1 N
class inspection_default
. g5 ?& J; ` f: r/ i inspect dns maximum-length 512 : c5 N8 p. x$ h3 D% V# ]! V
inspect ftp
+ H1 Z' E3 S' L7 W O inspect h323 h225
& c9 R! i# G* z7 R& F inspect h323 ras
6 I5 @9 S; Y) e: i! @6 S inspect rsh
2 {8 e, l2 }/ N. v inspect rtsp 3 m; Q) g7 l; o7 i9 ?
inspect esmtp , l% a" u1 s6 h4 o0 L
inspect sqlnet # t* w; O2 \4 [% I# ]
inspect skinny
0 T+ K0 i) A, z2 ]; l- N inspect sunrpc
* x% D; b, d8 X6 H0 _ inspect xdmcp ( ?. m0 z8 c! T0 {& f) l- `* ^1 d! M
inspect sip - k, @! e. j- s+ W" M) M) e
inspect netbios 6 i e) o, N# v
inspect tftp ! ] Q% \$ Y' n* u0 w2 Q8 J
!2 @# L! W/ p. Z2 Q- _* f
service-policy global_policy global
S R: q3 E2 K; D; U4 C8 G0 Gclient-update enable: j2 d) i/ P# k
Cryptochecksum:aef2b202fd891d6f72ef70a222d07ad7+ x2 s* F1 t8 V& o. U6 ?
: end+ k) ~( a9 C8 A( b' l8 m9 r! j2 E
, P" c( d D, O1 L$ I& m请问下楼上的师傅QQ号是多少. 能否找你私下聊一下, 主要就是这个VPN的问题个. |
所有IT类厂商认证考试题库下载
【新盟教育】2023最新华为HCIA全套视频合集【网工基础全覆盖】---国sir公开课合集
【新盟教育】网工小白必看的!2023最新版华为认证HCIA Datacom零基础全套实战课
原创_超融合自动化运维工具cvTools
重量级~~30多套JAVA就业班全套 视频教程(请尽快下载,链接失效后不补)
链接已失效【超过几百G】EVE 国内和国外镜像 全有了 百度群分享
某linux大佬,积累多年的电子书(约300本)
乾颐堂现任明教教主Python完整版
乾颐堂 教主技术进化论 2018-2019年 最新31-50期合集视频(各种最新技术杂谈视频)
Python学习视频 0起点视频 入门到项目实战篇 Python3.5.2视频教程 共847集 能学102天
约21套Python视频合集 核心基础视频教程(共310G,已压缩)
最新20180811录制 IT爱好者-清风羽毛 - 网络安全IPSec VPN实验指南视频教程
最新20180807录制EVE开机自启动虚拟路由器并桥接物理网卡充当思科路由器
