ASA Version 7.0(8) + U4 A+ e8 }5 V, t1 f# [/ S/ q7 |, p
!: |. Q2 W- h, p) F- [2 P' c
hostname ciscoasa% ~. x( @# o: E
domain-name default.domain.invalid% K5 W' ^+ f5 o Q# g5 D. h) t
enable password 8Ry2YjIyt7RRXU24 encrypted
7 N2 `; E6 A8 c( P$ mpasswd 2KFQnbNIdI.2KYOU encrypted( c, C% u: @' ]+ j/ l& S7 L
names
( J1 u8 C/ Z5 ?- A1 H: Q6 cdns-guard
* [# N6 d4 E2 t- @ R5 I!' ?/ g6 [' J) M- q
interface Ethernet0/0
9 v: r6 g) b& z+ p" d/ f nameif inside4 L# e2 V2 c# J$ v k: z
security-level 100
6 G" N9 }% S6 k0 P+ E+ | q9 W$ U ip address 192.168.0.1 255.255.255.0 1 a+ F0 {, \0 o5 [, ]
!
: ^2 W- }2 X+ u$ Z4 Winterface Ethernet0/1- k9 D1 {4 ~ l; G& i0 s
nameif outside# H6 y' X- C! C3 [, o
security-level 0) j7 n3 a0 x5 y' v. s+ V) m
ip address 222.178.X.X 255.255.255.252 3 U- T8 [4 S% b7 X
!2 k* m( Z7 q" n7 Q T- c2 D
interface Ethernet0/2# g3 `$ ~! c& U% O# l/ E
shutdown6 h; T. h/ l8 ~" [
no nameif5 ~9 h% I/ e! o4 W
no security-level3 J* v6 j; W) c! e
no ip address+ x, m+ u7 c: f. }, A$ ]8 Q& _
!0 a! H( A* Q e: S
interface Management0/08 l1 b3 G0 w/ D1 F
nameif management
, }3 g0 T" ?8 f4 ^7 o: F' i7 k security-level 100$ D- j, p0 E. W# S# w! r
ip address 192.168.1.1 255.255.255.0 6 w+ m C! X8 o: d
management-only
f# U& M* R1 o, |, y!
: M% e2 L6 I* \! |# ^7 Nftp mode passive% ?1 Y( M9 N9 B5 q+ ]4 X- i
same-security-traffic permit intra-interface
6 t- z4 } G) ], [" A: t& yaccess-list 111 extended permit ip any any 3 g \2 W4 M5 @5 x- p) }
access-list no-nat extended permit ip 192.168.0.0 255.255.255.0 192.168.10.0 255.255.255.0
! U: x8 T5 v! R# k. V7 Daccess-list vpnclient_splitTunnelAcl standard permit 192.168.0.0 255.255.255.0 9 J3 ? `3 i: z3 @9 o) _% ?
pager lines 24- W3 f' n z2 _8 S$ _
logging asdm informational
* y8 o& l& }& o7 @$ r: Qmtu inside 1500
+ ^$ U/ |! k' z9 _& d4 a# d7 ^! K9 G! tmtu outside 1500: N4 G2 ]' c) T3 J
mtu management 1500
. z0 l4 t/ D* C/ R2 O( i1 J0 D9 |ip local pool vpnpool 192.168.10.100-192.168.10.199 mask 255.255.255.07 i- v2 G% D9 `: f
asdm image disk0:/asdm-508.bin# o. ~1 Z! w; b: K2 j8 M& L
no asdm history enable, r6 w% n' `: I1 P. z* c
arp timeout 14400/ e* f& I& l# k( f2 a% s
global (outside) 1 interface
9 F8 P) _. }8 u/ O3 r) V/ a pnat (inside) 0 access-list no-nat- @& W8 l) |/ A6 O. I# d
nat (inside) 1 0.0.0.0 0.0.0.0
1 T% w* ?1 b# v% x- @static (inside,outside) tcp interface 5900 192.168.0.210 5900 netmask 255.255.255.255
9 Z$ C, m2 f, b0 ~* {* hstatic (inside,outside) tcp interface 1433 192.168.0.143 1433 netmask 255.255.255.255
5 D! {+ g* M& fstatic (inside,outside) tcp interface 1434 192.168.0.143 1434 netmask 255.255.255.255 7 v$ N, K0 O. ]) a% w/ [2 b
static (inside,outside) tcp interface 2425 192.168.0.143 2425 netmask 255.255.255.255
6 ^! N3 U1 r9 P [. q4 sstatic (inside,outside) tcp interface 2426 192.168.0.143 2426 netmask 255.255.255.255 5 K* p9 M9 R/ Y0 C
static (inside,outside) tcp interface 2427 192.168.0.143 2427 netmask 255.255.255.255
6 f p% R5 s( o1 Ystatic (inside,outside) tcp interface 2428 192.168.0.143 2428 netmask 255.255.255.255
' V: E1 x4 {. l+ f" Xstatic (inside,outside) tcp interface 2429 192.168.0.143 2429 netmask 255.255.255.255
# G4 Y( A7 W+ {static (inside,outside) tcp interface 5800 192.168.0.210 5800 netmask 255.255.255.255
4 e! r+ B0 `, S5 }* v saccess-group 111 in interface outside( O: J1 ~% v+ W% A6 I8 O( B; V7 D
route outside 0.0.0.0 0.0.0.0 222.178.X.X 1/ h0 B& b; E0 B# @! X. l
timeout xlate 3:00:004 F0 P' y$ \$ T& M" F
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02& U O- l1 _( w# v) N; S, F) S- a
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:000 B: t$ g% ]+ }9 L3 h2 g3 |
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00, t- n+ A2 l4 A; h% `3 p& l% Q0 u* t
timeout uauth 0:05:00 absolute
4 S5 Q" w" c' C3 X egroup-policy DfltGrpPolicy attributes
& w& Z' O, `, S; i banner none, d/ B; c; V0 T
wins-server none
- h7 o8 X( A" H. l1 C( v dns-server none
6 t) q- J0 R' J9 j( t7 J& @; O dhcp-network-scope none, c8 x6 S" y! \) X2 I3 c. V& \
vpn-access-hours none7 f# i" D! f7 [' V% X/ t z1 C
vpn-simultaneous-logins 33 [6 P' E" b2 a/ d
vpn-idle-timeout 30
2 I, m4 f! T4 }( y6 n. { vpn-session-timeout none
. I* c1 I, v% \& ^5 u: \ vpn-filter none
* f+ e* J. x5 O- b* n& S3 \2 _2 n vpn-tunnel-protocol IPSec webvpn! Q9 m7 [, n& P! k' X
password-storage disable
, j4 p) i5 B4 p' r$ q [$ Z ip-comp disable+ P: m6 Y% f$ u f
re-xauth disable
* f, Z5 U0 {8 L5 s/ f group-lock none
2 i+ Z2 w+ y: d# e8 x pfs disable
1 U( b* M3 u! ` ipsec-udp disable
$ j3 [/ }* p5 R, [ ipsec-udp-port 10000( i+ [7 W7 L5 Y3 H/ e8 [) I1 {( D" j
split-tunnel-policy tunnelall& S) y* z# m0 g2 n4 }- O/ f
split-tunnel-network-list none9 ^* m4 Q* ]/ v
default-domain none
' S+ z, J/ A) X3 @ split-dns none
& }, g2 V* N# ~( D secure-unit-authentication disable. H7 n1 o$ l: c- C+ N. R& l0 k9 {0 W
user-authentication disable
3 i; _1 Q* x. z( n. x user-authentication-idle-timeout 30
* T* n, W! o6 s' e ip-phone-bypass disable
7 {& v" l2 X& x; O) _ leap-bypass disable
4 J M% _- r( z& W+ _. P nem disable
2 Y9 g) b4 L+ U* O4 T: K7 S backup-servers keep-client-config3 i, n# Z) O( [! h* Q0 r
client-firewall none! D0 x4 N: [+ f5 z2 ^% p
client-access-rule none
0 `: ?8 }' l+ N! r webvpn# Q) I' N, a, @) g! \! u' r
functions url-entry2 q5 c+ p: s; w: t! r f& \
port-forward-name value Application Access
1 e' p5 c) ?! o O0 Egroup-policy vpnclient internal! u! E0 D- k# m( q. P6 F3 J/ b. y# f
group-policy vpnclient attributes6 H4 j& F* R: D6 e8 I, g
dns-server value 61.128.128.67
$ M. K# X: B$ I9 o vpn-tunnel-protocol IPSec % F' k1 I6 c% I
split-tunnel-policy tunnelspecified
3 p1 ?' A- @& `+ b& V! |6 r' ? split-tunnel-network-list value vpnclient_splitTunnelAcl* z0 Y7 t) h' L# d; j
webvpn
6 E6 b8 e9 ^4 _' ~/ @8 cusername admin11 password 2oVCF4GkSvYRaajj encrypted9 \! h m+ {1 J) Y$ A+ {2 `
username admin11 attributes) C6 t9 C# q/ H3 \! O0 z9 j7 R+ v
vpn-group-policy vpnclient
& X4 H1 p, N3 A6 c webvpn8 A% U& |, N0 R5 N
username cisco password 3USUcOPFUiMCO4Jk encrypted privilege 15
% r" ^6 \% E V% Z; ^aaa authentication ssh console LOCAL % F' O1 P% C, U# h* ~* O" S
aaa authentication enable console LOCAL 7 K4 p7 Z( J4 {/ a9 B0 H0 ]
aaa authentication http console LOCAL
1 \4 U2 f) O' {aaa authentication serial console LOCAL ; b4 f5 F- N2 O* z6 b
aaa authentication telnet console LOCAL , p6 N3 t8 R; {
http server enable
. ?5 D! W4 Q7 M O4 y8 w& vhttp 192.168.0.0 255.255.255.0 inside
6 ^% Y U8 c# ]7 \% c, B1 rhttp 0.0.0.0 0.0.0.0 inside4 \. ?, T& v+ U" e& ]. z
http 0.0.0.0 0.0.0.0 outside
) C* w5 T3 F) w% K1 \2 s1 q* Z; Xhttp 192.168.1.0 255.255.255.0 management
6 [: ~* R& J3 u( L6 xno snmp-server location
6 c! x' b; k, k5 R3 ~no snmp-server contact
?1 s0 x5 R" Wsnmp-server enable traps snmp authentication linkup linkdown coldstart; J' ^) i% z' Q7 M/ N# u5 `* V$ u
crypto ipsec transform-set vpnset esp-des esp-md5-hmac & }: V7 r R1 e" i$ {8 S }. F* a) v
crypto ipsec security-association lifetime seconds 28800# R* b( @( l3 t+ W! R
crypto ipsec security-association lifetime kilobytes 4608000
/ h- _" }' q2 O- S' g Qcrypto dynamic-map outside-dyn-map 10 set transform-set vpnset& a" d# u' c. C3 ?* A
crypto dynamic-map outside-dyn-map 10 set security-association lifetime seconds 288000* n3 v) J" E. ^$ X: o
crypto dynamic-map outside-dyn-map 10 set security-association lifetime kilobytes 4608000
, C8 ?/ q# \5 k+ c6 s* Dcrypto dynamic-map outside-dyn-map 10 set reverse-route
# z# A# q& [& }. J- z0 wcrypto map outside_map 65535 set security-association lifetime seconds 288001 _) \$ u; X8 c4 t
crypto map outside_map 65535 set security-association lifetime kilobytes 4608000
; _ }; ~9 }9 R/ B. b2 ^ x: L4 _crypto map ESP-DES-MD5 20 set security-association lifetime seconds 288006 h, B3 }2 ?( J$ \4 c5 u! H% {& j
crypto map ESP-DES-MD5 20 set security-association lifetime kilobytes 4608000
. d/ }3 N I8 m i$ Y% @. |crypto map mymap 10 set security-association lifetime seconds 28800
* r/ g+ Q& j, X# Q4 p' v+ h7 {crypto map mymap 10 set security-association lifetime kilobytes 4608000! d3 e9 c. R K
crypto map outside-map 10 ipsec-isakmp dynamic outside-dyn-map
9 s/ a$ q, j$ ^: ^crypto map outside-map interface outside
. M/ p% x Y: j, |3 { Sisakmp identity address
; E0 V7 c, D& y/ s; E" ?isakmp enable outside3 c8 N) ]2 _) u3 y8 [) d
isakmp policy 1 authentication pre-share
9 ?: c, L, e$ G& _ @" b/ ~isakmp policy 1 encryption des
, \5 u& h- P8 m. eisakmp policy 1 hash md5. `0 R* O: e$ T* ~% g
isakmp policy 1 group 2
+ W. b2 S4 ~5 }7 Z7 T: Pisakmp policy 1 lifetime 86400
6 O$ [" \9 d8 nisakmp nat-traversal 20* W9 W9 d4 E& i: ]/ L+ Y8 ]
tunnel-group DefaultL2LGroup ipsec-attributes
8 P6 D4 a8 J1 Q' Y pre-shared-key *
2 F- z" y& _ Dtunnel-group vpnclient type ipsec-ra1 L4 y& d3 v* _( O) f9 W1 Z) ~
tunnel-group vpnclient general-attributes
; n# W u7 G6 y" f( Z3 w1 ~0 [% ]" d- | address-pool vpnpool }# y- S6 j6 n8 N
default-group-policy vpnclient
+ H' v, e/ c) `6 Utunnel-group vpnclient ipsec-attributes
* r1 u8 y2 l0 w4 f3 [4 q pre-shared-key *
. e; k5 T6 |) b0 C c( @2 Qtunnel-group-map default-group cisco
. {& B V1 ?8 u4 Ytelnet 192.168.0.0 255.255.255.0 inside' t! C2 c; k% {/ c) M
telnet timeout 56 O4 A0 o* M, @
ssh 0.0.0.0 0.0.0.0 inside7 B* f( [# a$ q" j! [+ ?$ F
ssh 0.0.0.0 0.0.0.0 outside
: N/ e/ F6 E7 D! ~# s' Q! xssh timeout 60
; W* `- w+ M f$ c0 k' {$ `console timeout 0! B) f/ {4 c+ k7 W; W: g+ ^
dhcpd address 192.168.0.2-192.168.0.254 inside
% M }9 T% n7 \3 u$ [- Gdhcpd address 192.168.1.2-192.168.1.254 management
! O) j. ]0 D; P" Q/ }* mdhcpd dns 61.128.128.68 61.128.192.68; i/ n: B* j/ E# [/ Z
dhcpd lease 36005 K2 Z y5 F8 L) B# N: l
dhcpd ping_timeout 50- Z' H6 P9 h% u; y
dhcpd enable inside( n2 c, L7 x0 n2 C" i9 }! ~0 A
dhcpd enable management
/ b5 t' w2 h+ \$ n7 v# Q!
9 N e1 _! [4 @6 d- I) l8 Bclass-map inspection_default- ~! e1 L: d m2 ]% |
match default-inspection-traffic+ Y, |& `, n( L D: H
!
8 K: X, m/ C! p, I. Z!
M6 t& g/ Y% e, Vpolicy-map global_policy
9 x, h9 k- w5 I& b$ U class inspection_default
" G2 e* D+ e9 Y inspect dns maximum-length 512 / m4 Q' \0 B$ {: Z
inspect ftp , H- m. ~; m7 L+ F6 T6 }) P
inspect h323 h225
/ k& |6 H, @3 p! ` t/ s5 R inspect h323 ras ) ~* M& ^. J' Y, F, {2 P* G$ D
inspect rsh
% f2 J& f7 }, I/ b6 s inspect rtsp
/ j5 d: i4 Y: B2 q' S; C inspect esmtp b! ~1 |4 c3 L; H3 n+ z. ~
inspect sqlnet 1 R: ^6 e% }5 }, y3 Q
inspect skinny 5 Y! k4 e; L5 i3 H
inspect sunrpc
6 Q l1 [9 N, l6 U) O8 N/ Y inspect xdmcp
# ?1 w( E8 V. ?6 C/ U6 [* Y inspect sip $ }0 _- t1 ]7 Y- J9 B
inspect netbios
) T7 S; U% h1 n' F$ i inspect tftp 8 D; F) f/ Z7 v$ g9 Q% h
!
A8 N. S4 [4 \: l) vservice-policy global_policy global& v% Z" _/ E4 u6 \1 ]- I
client-update enable8 L7 x# \ k7 Y4 a; u3 P: b, P
Cryptochecksum:aef2b202fd891d6f72ef70a222d07ad7
' z8 E1 l* e$ x% @/ u( v, E) O5 p0 i7 k: end
8 Q1 n+ |, e, N" s2 }0 P/ D5 ~' Q5 |
请问下楼上的师傅QQ号是多少. 能否找你私下聊一下, 主要就是这个VPN的问题个. |