10金币
公司有台ASA5512,想用双线接入一台WEB服务器,比喻电信用http://111.111.111.111:8081,联通用http://222.222.222.222:8081访问,给调防火墙的人来好几次没调好,我又是菜鸟。现在问题是电信能访问,联通就不行了。求高手给看看:4 g! d; c* i$ T- z1 I
ASA Version 9.1(2)
' m3 a! Z" B2 \$ x* [+ T!
: d3 p% M+ j2 i* M3 ]hostname ciscoasa3 C5 ? ]. w" W- ]/ [" N
domain-name default.domain.invalid
& t4 }. G- T) F/ n0 {4 }enable password 2KFQnbNIdI.2KYOU encrypted' b( y/ Y" y% E" L* }
xlate per-session deny tcp any4 any4
3 g+ z) _2 Q! q# c. {9 dxlate per-session deny tcp any4 any6
1 l/ C& F% ^) B0 a. ^+ x$ vxlate per-session deny tcp any6 any4
_; X9 |$ x9 Z0 n- N0 U yxlate per-session deny tcp any6 any6: D J! ]$ R' q& ]; w8 I
xlate per-session deny udp any4 any4 eq domain
8 q3 I1 g) `5 _ dxlate per-session deny udp any4 any6 eq domain
6 m4 q5 z0 W; J6 }xlate per-session deny udp any6 any4 eq domain6 W# ?# {) F; W
xlate per-session deny udp any6 any6 eq domain" a5 e8 }/ d1 ?7 M
xlate per-session deny tcp any4 any46 V; {1 t" }& [* R6 \4 U6 V
xlate per-session deny tcp any4 any6
9 Q! S1 O% L* ^! wxlate per-session deny tcp any6 any4, O5 n# S, K* v4 q, F5 H
xlate per-session deny tcp any6 any6
. p8 C. I) J4 j! \' i8 N# Uxlate per-session deny udp any4 any4 eq domain8 g& r1 Z) d; d$ G% B4 v y
xlate per-session deny udp any4 any6 eq domain
1 E3 L1 b6 K1 P1 T9 Uxlate per-session deny udp any6 any4 eq domain8 u9 y2 B7 l3 i* N8 Q4 a, e
xlate per-session deny udp any6 any6 eq domain
9 K) S) h9 n7 R. gnames8 O( H' C- y2 ~ j3 a! X
!
/ F: V4 h0 C% ]6 ^' L9 Q9 `interface GigabitEthernet0/0# f/ E: ?5 h% p; c! g
nameif outside
8 U. t# ~' ] ?2 x; G8 |security-level 0+ u5 P+ z5 g1 s7 g
ip address 111.111.111.111 255.255.255.248 -----电信IP7 T- `* C- I. r2 f, v# r, t d
!# J7 J& E' o9 I
interface GigabitEthernet0/1+ e7 n1 R, c( U% Z0 u$ o6 X
nameif outside1& P( j2 K; \* z4 [( U) ?
security-level 0
3 V2 Z6 S3 g) d; d1 W7 c: qip address 222.222.222.222 255.255.255.248 -----联通IP. ^; N1 u, q9 d$ i1 n+ A) o6 Q
!! C) C- t. k& u" n0 t
interface GigabitEthernet0/2' e4 B5 a( O( m+ X6 [+ r* O
nameif inside
2 F4 c3 y7 O/ s( D% Asecurity-level 100
{9 ^, ~- l$ t, M" t. h; I# Mip address 192.168.10.1 255.255.255.0 / M; z4 c) e* c* M: g2 r% Q4 h
!) c% {5 d8 m7 T
interface GigabitEthernet0/3. |0 ^4 u+ u- j
shutdown
8 i* n% V. q5 r5 qno nameif. R" ]: t& X3 o# b( i
no security-level$ |( O8 A n! n0 P e8 H
no ip address
' q# w6 M) H# a. X2 @!* R0 C5 F/ r; d, }$ _- m9 ^
interface GigabitEthernet0/4
$ ~; }& a( t, M0 ]shutdown
2 W! D; U" X1 r* {7 u+ dno nameif
1 g' [% l. v! z! y, nno security-level& s! {( M& d' S+ e5 ?! m
no ip address
: C! K1 o6 j) x' k!
/ T; X4 X$ O0 `, o. C; Cinterface GigabitEthernet0/5
2 t/ m: z' @2 p3 J: oshutdown# s* A9 S( y- }8 R
no nameif- d. Y i" `$ W, `; o2 v
no security-level3 F, ~+ N i" S, ?. v. J
no ip address* _7 C9 I8 m7 }3 x% K; b) [: ~
!, s+ F! C" Z4 l9 N3 i* d$ S
interface Management0/0( ~8 S4 T2 r6 h6 c8 ^0 O
management-only; v R0 v/ P- a. B# R
nameif guanli4 Q; D% n% Y! L' t( ^$ x4 S
security-level 05 c3 U5 i( p9 _ B) u
ip address 192.168.2.1 255.255.255.0
. B+ ?' Y5 F, Z1 ~2 ?!/ x" }+ Q" z; p9 s+ \8 r
ftp mode passive7 P8 M; {9 i( W. S. [( E: O. Z
dns server-group DefaultDNS5 x/ \- t7 d1 A" F' e
domain-name default.domain.invalid1 l2 N4 C l2 M
dns server-group defaultDNS: ?& @9 t) b& ^$ q; s
dns server-group defaultdns- \1 ?, T6 ^+ W& g
dns server-group enable) c- E. K6 Q. q( |5 i
dns server-group global: K h# i' D* }; K# S* z, x$ V
object network internet
a) W0 j. H7 ^, g! usubnet 192.168.10.0 255.255.255.0
( w' K* g4 |/ Xobject network internet1; [( w+ `! q& s' W- x& L+ I
subnet 192.168.10.0 255.255.255.0' I8 k0 _# j, D
object network Inside11& v) s/ [0 Q, P
host 192.168.10.2' ?# X0 J+ P E! j8 w
object network Inside031 w X+ G' x# F8 ?9 h5 O% E, c5 Z$ S
host 192.168.10.35 x1 R$ S4 A, V5 k+ E
object network Inside029 \% Q# l) i2 U6 p0 k5 o
host 192.168.10.2
' J0 e! W2 Q1 ?& Q Gobject network Inside04
4 ~: ]& A- j, a+ }8 ~host 192.168.10.4$ u' J) D# s# Z: H" x
object network Inside12' p/ U) D# S% |2 {* K! V" z8 g) J, ^; y
host 192.168.10.2
+ M; I5 p- ~; L" c! O1 E( Pobject network Inside80810 S' H7 N0 }5 M9 g: B' l
host 192.168.10.2
% J, O* m" E" L/ j/ n0 uaccess-list 102 extended permit tcp any host 192.168.10.2 eq 8266 ; H0 \2 H) `+ l: n2 |
access-list 102 extended permit tcp any host 192.168.10.2 eq 1188 6 r6 ^# _0 E4 D9 k
access-list 104 extended permit tcp any host 192.168.10.2 eq 3389 % B+ n& H& @6 d( A( H
access-list 104 extended permit tcp any host 192.168.10.2 eq www " d* k2 {$ ^; Y7 V
access-list 104 extended permit tcp any host 192.168.10.3 eq 3389
: @5 s5 T" W! q9 M4 N6 Caccess-list 104 extended permit tcp any host 192.168.10.4 eq 3389
+ c1 T; o) b. e) X+ {6 q* npager lines 243 r: N. F) ~7 _/ ^9 _
mtu outside 1500" A ^7 [8 k) A& |
mtu outside1 1500% g3 t! q9 N Y5 P
mtu inside 1500
3 Y2 v" ]* c$ Z2 R6 q/ g4 dmtu guanli 1500
2 r h, [: L$ [0 E; e9 Bicmp unreachable rate-limit 1 burst-size 1
' H/ [7 N4 @ D$ sasdm history enable
# L! o0 k8 s2 l" \arp timeout 14400/ t. ~9 [9 f. Y9 o
no arp permit-nonconnected$ o% @; N. f% L) d
!* Y/ @) D7 h' `
object network internet
; }# h- t+ f6 Znat (inside,outside) dynamic interface dns
. d5 O( F5 i0 X8 e; z3 _3 \7 Kobject network internet1
9 X6 E6 b& Y3 }0 ?nat (inside,outside1) dynamic interface dns
; k M" m9 o; {5 v$ |/ h5 Mobject network Inside11
+ i0 S% ]: q- Unat (inside,outside) static interface service tcp 3389 33892
) N) \ g( a0 M+ w( w: w7 Iobject network Inside03- c/ K1 f. n1 }; K' L) w$ K
nat (inside,outside) static interface service tcp 3389 33893 # [3 u) \! Y! ]1 g3 j
object network Inside02
! u7 p. }! [! {) pnat (inside,outside) static interface service tcp www 8081
* o: o9 X$ J/ Q: z9 |object network Inside041 _7 w$ h, [" S4 \. P
nat (inside,outside) static interface service tcp 3389 33894
% ^, N- e" K) }+ `8 T) Kobject network Inside12& B0 M8 {8 `, u9 z& w
nat (inside,outside1) static interface service tcp 3389 33892
. x0 ]5 h7 ]8 K/ m e. qobject network Inside8081( L& E; U. p$ @! I" ]
nat (inside,outside1) static interface service tcp www 8081
. L/ E2 s6 S' M8 ^. Uaccess-group 104 in interface outside
9 A* j7 P( ~$ Oaccess-group 104 in interface outside17 E b+ s- h# M: r9 R
route outside 0.0.0.0 0.0.0.0 111.111.111.110 1
* r/ e c( R; t1 s2 Aroute outside1 0.0.0.0 0.0.0.0 222.222.222.220 2$ g- K' k5 K8 v
timeout xlate 3:00:006 _0 ]7 X- ^6 N0 B0 N
timeout pat-xlate 0:00:30+ k' f. J1 y' V# q% `2 z7 L
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02/ p3 L \( }- X% v5 {! T/ j! `& ~
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00' r y/ \% ?( I9 o
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:006 k* Y; H @7 v$ r
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
* c6 j5 t5 S1 Mtimeout tcp-proxy-reassembly 0:01:00) K, R% J Q& e; y$ C
timeout floating-conn 0:00:00
0 {9 D+ S! U0 w+ o7 Qdynamic-access-policy-record DfltAccessPolicy
6 I6 y4 u' o6 h( Y& x& Jaaa-server LOCAl protocol tacacs+) Z x. D/ S" H- } Y
aaa-server Local protocol tacacs+
2 D: l9 }$ _7 |' n7 v* _% Haaa-server Local (inside) host aaa-ssh
$ x* i8 |* |4 Huser-identity default-domain LOCAL' o( s* j' u- r h" s6 r
aaa authentication ssh console LOCAL
: y) X, M d* u# m( Q. c( Y: ahttp server enable! g/ o% Z) e( t
http 192.168.2.0 255.255.255.0 guanli
/ g, D* m1 `, f. Y* J9 [( yno snmp-server location7 d4 P8 ^5 ?) ^6 G4 [
no snmp-server contact
2 I M+ F* H4 m" K! c/ `8 M$ Asnmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
) |( S- I+ i; L3 v, m) qcrypto ipsec security-association pmtu-aging infinite
9 F( A' `2 Z! S3 Icrypto ca trustpool policy
! [% W; [1 @8 i6 o8 l% p* m% Vtelnet 192.168.10.0 255.255.255.0 inside
6 y5 o. r) w4 F, ^( @8 itelnet timeout 59 X4 e3 L$ L6 L$ b# j9 B% I; {/ ]
ssh 0.0.0.0 0.0.0.0 outside6 r; j5 w- N1 L% S z1 o6 z% ~) P
ssh 192.168.10.0 255.255.255.0 inside
0 O4 ]6 Y. B5 Z+ @% F: N6 cssh timeout 30
' P6 r3 r3 M# v+ h$ ^- C- Ossh version 2
8 c5 R! {) N" y k1 ~1 X1 @ssh key-exchange group dh-group1-sha12 b( V; v5 O5 J, @9 j# {5 | C9 n
console timeout 09 \5 a. }+ L6 w% H6 [8 n1 Q
dhcpd address 192.168.10.20-192.168.10.200 inside" ]1 b, f5 Z" }$ o
dhcpd dns 219.146.1.66 202.102.128.68 interface inside
8 ^6 x5 S: q! O* odhcpd enable inside" c, n4 ~8 X# X6 g# u [ o
!9 _/ {0 }& b% `
threat-detection basic-threat% _) V- r" \7 c7 T% u: }
threat-detection statistics access-list
. r) r) |' x# D& Y* Uno threat-detection statistics tcp-intercept
9 h; g, v( Z1 v5 S$ P& D& [& j( Susername admin password izZCkX0.j7FlRkeS encrypted
" @6 x( y! O( j& v+ o2 fusername cisco password miNpFG.9QSZNEuyO encrypted
?: x+ ^3 `4 g+ _- G8 B!2 E: `! L- P0 M7 H! @
class-map inspection_default( b; y1 j4 j- p( |
match default-inspection-traffic
' x! O: N' m# T: _: p, T2 j!9 [/ h- Y. f4 C7 M6 z7 C8 B% ]/ }
!
0 ?( Z. u8 [3 ]7 ^7 }0 Qpolicy-map type inspect dns preset_dns_map- a. z5 [; h5 x, Z
parameters, [6 y: @0 T6 b1 g" o; S! _4 d" a
message-length maximum client auto
# t3 O V x# o: h6 i5 T message-length maximum 5124 u D0 g* i0 x/ J
policy-map global_policy
( L1 Y) {6 o. C4 R2 l0 oclass inspection_default$ U/ X& S4 q4 i* K
inspect dns preset_dns_map * s. O+ X6 y t7 D
inspect ftp % C, e) s j8 g8 @
inspect h323 h225
; f! n6 b1 u4 B) u, }8 X) C9 q) m inspect h323 ras
" ~7 T1 x- T! z, X3 n! y' P( H/ y inspect ip-options " ^) ? ~' v- q
inspect netbios ( }9 C5 E/ \9 v) x& k" l
inspect rsh ; ]# [) O6 K# F8 j' Q1 w
inspect rtsp
2 e- M1 h$ c9 ~& l8 c inspect skinny ) `& V4 I7 w& S9 V2 H
inspect esmtp
4 J6 g3 d" X2 {! n' G4 x, k1 A1 \6 Y inspect sqlnet ' a$ Y9 y( ?2 s/ s L
inspect sunrpc
% u' J- J' S& s; r2 u Q inspect tftp
' I- D+ f t1 r' Y inspect sip
% z4 h3 O$ R& T1 L% G8 P9 M; u8 J inspect xdmcp / d0 \& S4 |5 ^) i8 H. ~' Q+ w
! l9 m! l$ z9 v
service-policy global_policy global
: s5 I: S! J& O! ]$ M: pprompt hostname context ; S2 V2 S; L$ n. H& p! f
no call-home reporting anonymous# f! a2 p( f2 y" D: v; [* n$ {
call-home! V8 {% I. {, f
profile CiscoTAC-1+ h& ~, N0 m( s: ~# a8 @
no active
& p" l7 R* r; R4 j, O5 g( q destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService9 Q& t; f: d2 Z4 z% R; d
destination address email callhome@cisco.com
2 \* M0 N; m' h) w' G3 O destination transport-method http& U% @0 u: l8 N2 @6 K* G5 _1 ?) q
subscribe-to-alert-group diagnostic: t: a, q8 |( [8 z* o8 T
subscribe-to-alert-group environment
4 q# Y" V( b' L) H/ W6 j subscribe-to-alert-group inventory periodic monthly 22
9 {5 | a) a# |/ p( J1 ? subscribe-to-alert-group configuration periodic monthly 22
8 [# [) K$ _' e subscribe-to-alert-group telemetry periodic daily1 R, J; d* r# U( y h
Cryptochecksum:6487eeef6ad7a7a17fb12f33dddb26380 p' |& L+ O- y/ g
: end
2 P% {# q7 C- H% k& @4 Y7 o8 h; d) l# K) l9 ]4 |/ V# K2 W% i
6 G- _' T& a2 ?/ h# U/ G
; R' }" z6 g0 }, T) A
|
|
所有IT类厂商认证考试题库下载
【新盟教育】2023最新华为HCIA全套视频合集【网工基础全覆盖】---国sir公开课合集
【新盟教育】网工小白必看的!2023最新版华为认证HCIA Datacom零基础全套实战课
原创_超融合自动化运维工具cvTools
重量级~~30多套JAVA就业班全套 视频教程(请尽快下载,链接失效后不补)
链接已失效【超过几百G】EVE 国内和国外镜像 全有了 百度群分享
某linux大佬,积累多年的电子书(约300本)
乾颐堂现任明教教主Python完整版
乾颐堂 教主技术进化论 2018-2019年 最新31-50期合集视频(各种最新技术杂谈视频)
Python学习视频 0起点视频 入门到项目实战篇 Python3.5.2视频教程 共847集 能学102天
约21套Python视频合集 核心基础视频教程(共310G,已压缩)
最新20180811录制 IT爱好者-清风羽毛 - 网络安全IPSec VPN实验指南视频教程
最新20180807录制EVE开机自启动虚拟路由器并桥接物理网卡充当思科路由器
