本站已运行

攻城狮论坛

搜索
立即注册用户登录
1234下一页
返回列表 发新帖
作者: shy119
查看: 3604|回复: 30

主题标签Tag

more +今日重磅推荐Recommend No.1

所有IT类厂商认证考试题库下载所有IT类厂商认证考试题库下载

more +随机图赏Gallery

【新盟教育】2023最新华为HCIA全套视频合集【网工基础全覆盖】---国sir公开课合集【新盟教育】2023最新华为HCIA全套视频合集【网工基础全覆盖】---国sir公开课合集
【新盟教育】网工小白必看的!2023最新版华为认证HCIA Datacom零基础全套实战课【新盟教育】网工小白必看的!2023最新版华为认证HCIA Datacom零基础全套实战课
原创_超融合自动化运维工具cvTools原创_超融合自动化运维工具cvTools
重量级~~30多套JAVA就业班全套 视频教程(请尽快下载,链接失效后不补)重量级~~30多套JAVA就业班全套 视频教程(请尽快下载,链接失效后不补)
链接已失效【超过几百G】EVE 国内和国外镜像 全有了 百度群分享链接已失效【超过几百G】EVE 国内和国外镜像 全有了 百度群分享
某linux大佬,积累多年的电子书(约300本)某linux大佬,积累多年的电子书(约300本)
乾颐堂现任明教教主Python完整版乾颐堂现任明教教主Python完整版
乾颐堂 教主技术进化论 2018-2019年 最新31-50期合集视频(各种最新技术杂谈视频)乾颐堂 教主技术进化论 2018-2019年 最新31-50期合集视频(各种最新技术杂谈视频)
Python学习视频 0起点视频 入门到项目实战篇 Python3.5.2视频教程 共847集 能学102天Python学习视频 0起点视频 入门到项目实战篇 Python3.5.2视频教程 共847集 能学102天
约21套Python视频合集 核心基础视频教程(共310G,已压缩)约21套Python视频合集 核心基础视频教程(共310G,已压缩)
最新20180811录制 IT爱好者-清风羽毛 - 网络安全IPSec VPN实验指南视频教程最新20180811录制 IT爱好者-清风羽毛 - 网络安全IPSec VPN实验指南视频教程
最新20180807录制EVE开机自启动虚拟路由器并桥接物理网卡充当思科路由器最新20180807录制EVE开机自启动虚拟路由器并桥接物理网卡充当思科路由器

[安全] ASA 5520 Remote VPN无法访问局域网

  [复制链接]
shy119 [Lv4 初露锋芒] 发表于 2013-7-12 02:02:18 | 显示全部楼层 |阅读模式
查看: 3604|回复: 30
开通VIP 免金币+免回帖+批量下载+无广告
各位高手,小弟在ASA 5520上建立了Remote VPN,利用Cisco Client客户端进行拨号,用以访问局域网资源;
* `6 D4 ]$ V( w  G5 w' T/ _4 v 但是现在拨号可以正常拨入,IP地址也能正常获取到,可以就是没办法访问局域网,Ping局域网IP也无法Ping通,
. H) h( w/ _( a" ~ 查看ASA outside路由表,均正常,在做Nat免除的时候,也设置了相应网段的Acl,但无论怎么设置,即使用了Access-list nonat extended permit ip any any ,均访问不了局域网,在下实在找不到问题所在,请各位高手指点,是否需要哪里进行设置啊?
1 y6 E0 \1 p; s" ]+ a
' K' X3 o( z& r  ]; ^7 u' ^
7 e# \( L( T1 E5 n+ F; V. m8 v  P6 Z 20120915_6df8e7821e8441be96cchoal6gCeyJfe.jpg * O" t8 V5 l* w4 G
8 P# l5 O; m/ m  p  p" e
3 ~  C, M/ N8 y* M
20120915_6df8e7821e8441be96cchoal6gCeyJfe.jpg
outside, IP地址, 局域网, 路由表, 客户端

相关帖子

CCNA考试 官方正规报名 仅需1500元
回复 论坛版权

使用道具 举报

胖丑丑 [Lv4 初露锋芒] 发表于 2013-7-12 03:32:05 | 显示全部楼层
我也想知道,有人回答吗?

2000人 活跃的 IT技术 & CCNA/CCNP 题库/战报/备考交流QQ群 2258097
回复 支持 反对

使用道具 举报

hongguang [Lv4 初露锋芒] 发表于 2013-7-12 05:51:08 | 显示全部楼层
没有配置怎么看?
回复 支持 反对

使用道具 举报

zhuch8236 [Lv4 初露锋芒] 发表于 2013-7-12 07:43:35 | 显示全部楼层
将5520的配置SHOW 出来才可以帮你解决问题。
回复 支持 反对

使用道具 举报

Sandra [Lv5 不断成长] 发表于 2013-7-12 07:53:23 | 显示全部楼层
引用:                                                                                                                                作者: liuzuen                                        viewpost.gif                                                                                                                                                                 将5520的配置SHOW 出来才可以帮你解决问题。                                                                                                                大致的配置如下,因为上面有路由和ssl VPN、 IPsec VPN,这样配置过后,路由居然也不行了。所以我还原配置了。但配置文件基本和下面一样,下面粘贴的配置文件除了隧道分离以外,其他基本都是一样的,请各位高手查看,小弟感激不尽啊:3 ?3 n/ {8 A3 B9 K& p/ s& e+ Z1 }
CQ-NPIT-ASA5520# sho run' Z2 }# |7 ^' v/ g, e' b
: Saved
' }- n* N4 v( [7 o' D' ?& Z :
  w' J. q" F1 ^) u2 K6 y, Y ASA Version 8.2(1)
9 V# ]1 L5 C" A9 w!
: W. N6 f( E6 n0 Q" n% n  G2 m hostname CQ-NPIT-ASA5520
( Z: a. x& n/ S3 C# E) P6 r enable password QoOCV7jIiYM4yBCe encrypted
7 q: Q0 q3 O% s; A/ T passwd F1F.OELd5bBmhCSZ encrypted
* }/ E& u% i+ ^$ }6 T: c names
/ Q; V* `. r* n# r !! P3 M4 m; W0 Y
interface GigabitEthernet0/0
5 x: F2 c! ~# h# z nameif DMZ* Q2 }  X' b( Y6 c5 s2 W& z, B  p
security-level 50; \- O8 z8 G6 V. o, n2 ]' E+ ~- t
ip address 10.10.1.1 255.255.255.0
# B: Q; q3 G# I5 `+ X. x$ ^8 {!: Z( Q9 O* o# i" V
interface GigabitEthernet0/18 ^2 F- r' l- U" N' h/ u7 e
nameif inside! y) N' A& a1 B, _
security-level 1007 r, ]& b* |2 ~% X
ip address 10.10.0.1 255.255.255.0 ( O$ C8 F" U# N8 A9 f
!- D, ^2 H  J0 v. G
interface GigabitEthernet0/2
2 a  o; C' y4 ?6 n0 t nameif outside
% l& k# c3 P% A7 `- j; o( }  N security-level 0
: y; ]$ O' Y- |; ?$ @ ip address 222.178.228.217 255.255.255.224 4 ]( n! a& r* k' R6 E. K( D
!% C+ t% p: }* O5 Q6 U$ t
interface GigabitEthernet0/3
8 R9 V0 E3 [- E shutdown     
1 ^3 _% K! r1 }2 M* Y no nameif
' X6 H" M6 N1 s$ }/ { no security-level# E7 T+ P, i, L- |9 |* {$ U% g
no ip address/ T$ N8 g( C- q  X5 y" D$ c
!7 e$ z$ k" ]* ?% G0 m4 M- O
interface Management0/0
( v* {: \; r* R( a$ l shutdown
# k- L( O$ L8 n% h- C, v2 ~7 I no nameif
, U9 a5 v3 J# p9 q' L: ~' B, y9 G no security-level
/ P2 C# l- h5 h; M no ip address
$ k/ Q" k% ?6 r) p3 c !
, Q/ V2 Y+ t/ Y7 A/ ^  r ftp mode passive
" V1 T; N& o1 P; X same-security-traffic permit inter-interface9 R* s2 ?; O$ W% ~
access-list outside_access_in extended permit tcp any interface outside eq ssh
2 d' C% x' f8 o9 y% Kaccess-list acl_outside extended permit icmp any any
+ {. s  m7 i0 @# r# q0 vaccess-list acl_outside extended permit ip any any 7 b6 Q$ U1 X3 ?) l: [. {  W
access-list acl_DMZ extended permit icmp any any 2 s$ z8 {8 N2 L* ]' X6 U
access-list acl_DMZ extended permit ip any any ! V% I2 G- c* U+ w" K/ |  z
access-list acl_inside extended permit icmp any any
+ e- U7 `. Z  w2 baccess-list acl_inside extended permit ip any any   E* c! u6 K( {5 c& m3 k; v
access-list NONAT extended permit ip 10.10.0.0 255.255.255.0 10.10.1.0 255.255.255.0
5 a2 T; A4 r4 i; \7 Paccess-list NONAT extended permit ip 10.10.0.0 255.255.255.0 10.0.0.0 255.255.255.0 * H/ o" u" o' C  G
access-list NONAT extended permit ip 10.10.0.0 255.255.255.0 10.0.6.0 255.255.255.0 + J/ Q9 _* F6 R6 X  c  ~
access-list NONAT extended permit ip 10.10.4.0 255.255.255.0 10.0.6.0 255.255.255.0
6 {/ v$ b( W% \! d+ K5 q2 w. Laccess-list NONAT extended permit ip 10.10.2.0 255.255.255.0 10.0.6.0 255.255.255.0 % A4 w& }8 C! ^4 G, C6 ?. Q, o
access-list NONAT extended permit ip 10.10.3.0 255.255.255.0 10.0.6.0 255.255.255.0 ( K0 |7 s: h8 ^  o- v! I6 Y5 y
access-list NONAT extended permit ip 10.10.5.0 255.255.255.0 10.0.6.0 255.255.255.0
- b- T2 f* R/ F, Raccess-list NONAT extended permit ip 10.10.6.0 255.255.255.0 10.0.6.0 255.255.255.0
& X! D- D' x# h5 _# ^- iaccess-list NONAT extended permit ip 10.10.7.0 255.255.255.0 10.0.6.0 255.255.255.0
' g+ G) ]" t' y7 W3 ^" ~1 Oaccess-list NONAT extended permit ip 10.10.8.0 255.255.255.0 10.0.6.0 255.255.255.0 5 e: S' j' h- O  M5 p
access-list NONAT extended permit ip 10.10.9.0 255.255.255.0 10.0.6.0 255.255.255.0
! U& O# x0 G3 {8 L( ?: r: W' qaccess-list NONAT extended permit ip 10.10.10.0 255.255.255.0 10.0.6.0 255.255.255.0
9 Q: \4 ^  _% p8 S" j1 u  yaccess-list NONAT extended permit ip 10.10.11.0 255.255.255.0 10.0.6.0 255.255.255.0 . `# f, j4 r! H
access-list NONAT extended permit ip 10.10.11.0 255.255.255.0 10.2.1.0 255.255.255.0
" ]/ _) S% `  Q* w, N8 l# uaccess-list NONAT extended permit ip 10.10.6.0 255.255.255.0 10.10.11.0 255.255.255.0
* _1 h& E- Z  t- A7 Yaccess-list NONAT extended deny ip 10.10.20.0 255.255.255.0 10.10.6.0 255.255.255.0 1 `9 |" ?& D0 l7 S! b( [
access-list NONAT extended deny ip 10.10.20.0 255.255.255.0 10.0.1.0 255.255.255.0
# b7 z# z3 M' u8 @2 z% aaccess-list NONAT extended deny ip 10.10.20.0 255.255.255.0 10.0.2.0 255.255.255.0
( |' S" Q/ U* laccess-list NONAT extended deny ip 10.10.20.0 255.255.255.0 10.0.3.0 255.255.255.0
. q% N, J2 t  ?5 Q5 ^5 v- baccess-list NONAT extended deny ip 10.10.20.0 255.255.255.0 10.0.4.0 255.255.255.0 ) w8 r: C& j( R* _
access-list NONAT extended deny ip 10.10.20.0 255.255.255.0 10.0.5.0 255.255.255.0
5 y8 g. O) X7 e, Vaccess-list NONAT extended deny ip 10.10.20.0 255.255.255.0 10.0.6.0 255.255.255.0 0 w6 b* @* O/ O" D- n8 Y0 j" {2 a
access-list NONAT extended deny ip 10.10.20.0 255.255.255.0 10.0.7.0 255.255.255.0 8 t9 B8 Z" l7 Y3 E# ~+ j
access-list NONAT extended deny ip 10.10.20.0 255.255.255.0 10.0.8.0 255.255.255.0 % e/ d+ n4 _/ q( }; c
access-list NONAT extended deny ip 10.10.3.0 255.255.255.0 interface outside + ~' {  j. \3 e+ f
access-list NONAT extended deny ip 10.10.7.0 255.255.255.0 interface outside & j. M) H" r) u1 w  f% s! N% p- A
access-list NONAT extended permit ip 10.10.6.0 255.255.255.0 10.0.2.0 255.255.255.0
4 J0 |, x! P0 ]# e$ qaccess-list NONAT extended permit ip 10.10.6.0 255.255.255.0 10.0.3.0 255.255.255.0 9 X# m3 a* ]$ A' x  s
access-list NONAT extended permit ip 10.10.6.0 255.255.255.0 10.0.4.0 255.255.255.0
6 @5 p  i$ o' q/ l7 j: F- f1 Qaccess-list NONAT extended permit ip 10.10.6.0 255.255.255.0 10.0.5.0 255.255.255.0 . q; K1 R2 C: O: a; l
access-list NONAT extended permit ip 10.10.6.0 255.255.255.0 10.0.7.0 255.255.255.0 " a6 T0 H) f9 ?
access-list NONAT extended permit ip 10.10.6.0 255.255.255.0 10.0.8.0 255.255.255.0 + C% E6 s/ ~8 Z: H- c
access-list NONAT extended permit ip 10.10.6.0 255.255.255.0 10.2.1.0 255.255.255.0 4 m0 v1 j& @, N  ?7 [0 k+ G+ v
access-list NONATDMZ extended permit ip 10.10.1.0 255.255.255.0 10.10.0.0 255.255.255.0 ) v2 S0 [8 h# p
access-list NONATDMZ extended permit ip 10.0.0.0 255.255.255.0 10.10.0.0 255.255.255.0
2 p- R5 f4 g4 x& V9 Qaccess-list NONATDMZ extended permit ip 10.0.6.0 255.255.255.0 10.10.0.0 255.255.255.0 * q: Q4 y* H. E/ L: _
access-list NONATDMZ extended permit ip 10.0.6.0 255.255.255.0 10.10.4.0 255.255.255.0 - u/ K6 Q8 q/ H9 |& I8 U2 F
access-list NONATDMZ extended permit ip 10.0.6.0 255.255.255.0 10.10.2.0 255.255.255.0
7 X5 k  M3 d; kaccess-list NONATDMZ extended permit ip 10.0.6.0 255.255.255.0 10.10.3.0 255.255.255.0
/ e8 T- a% h, e  kaccess-list NONATDMZ extended permit ip 10.0.6.0 255.255.255.0 10.10.5.0 255.255.255.0 $ ?- N# C" |. D7 b
access-list NONATDMZ extended permit ip 10.0.6.0 255.255.255.0 10.10.6.0 255.255.255.0 8 }! g2 W* ^5 \: w1 O
access-list NONATDMZ extended permit ip 10.0.6.0 255.255.255.0 10.10.7.0 255.255.255.0 6 g: l: [* z. v# \0 r
access-list NONATDMZ extended permit ip 10.0.6.0 255.255.255.0 10.10.8.0 255.255.255.0 8 B2 {4 u/ ]$ V. a. g
access-list NONATDMZ extended permit ip 10.0.6.0 255.255.255.0 10.10.9.0 255.255.255.0 ' y0 a# H( l1 \  y$ v" w5 H- Y3 x
access-list NONATDMZ extended permit ip 10.0.6.0 255.255.255.0 10.10.10.0 255.255.255.0 5 A* p7 ?8 i, v- k2 R( f# }6 h* ~( J
access-list NONATDMZ extended permit ip 10.0.6.0 255.255.255.0 10.10.11.0 255.255.255.0 2 r& H: O" M$ H5 y
access-list NONATDMZ extended permit ip 10.0.2.0 255.255.255.0 10.10.6.0 255.255.255.0 2 S% a% M3 M+ Y, m4 x- o
access-list NONATDMZ extended permit ip 10.0.3.0 255.255.255.0 10.10.6.0 255.255.255.0
2 s0 S8 q& D& t5 baccess-list NONATDMZ extended permit ip 10.0.4.0 255.255.255.0 10.10.6.0 255.255.255.0
2 F: x5 b4 K: Y5 D  Haccess-list NONATDMZ extended permit ip 10.0.5.0 255.255.255.0 10.10.6.0 255.255.255.0 % m3 v$ g" i3 _+ ?. U6 i
access-list NONATDMZ extended permit ip 10.0.7.0 255.255.255.0 10.10.6.0 255.255.255.0 - K5 p1 e* k3 `
access-list NONATDMZ extended permit ip 10.0.8.0 255.255.255.0 10.10.6.0 255.255.255.0
  ]. F, i- Q0 ^% v8 laccess-list NONATDMZ extended permit ip 10.0.2.0 255.255.255.0 10.10.2.0 255.255.255.0 9 V6 R9 p, d- x2 q0 u. e6 O
access-list NONATDMZ extended permit ip 10.0.2.0 255.255.255.0 10.10.3.0 255.255.255.0
3 }# e7 h. m+ g* r3 |access-list NONATDMZ extended permit ip 10.0.2.0 255.255.255.0 10.10.4.0 255.255.255.0 $ k' ~) o; e( g& c" M5 L' G2 G! b
access-list NONATDMZ extended permit ip 10.0.2.0 255.255.255.0 10.10.5.0 255.255.255.0
% M) V& M, J0 o$ r6 l3 I$ b: naccess-list NONATDMZ extended permit ip 10.0.2.0 255.255.255.0 10.10.7.0 255.255.255.0
$ Y( ~! O9 a. V/ U' [/ M. Yaccess-list NONATDMZ extended permit ip 10.0.2.0 255.255.255.0 10.10.8.0 255.255.255.0
: `; Z, H0 w! `; raccess-list NONATDMZ extended permit ip 10.0.2.0 255.255.255.0 10.10.9.0 255.255.255.0
, K; E5 b  g+ u9 ~( T, G2 eaccess-list NONATDMZ extended permit ip 10.0.2.0 255.255.255.0 10.10.10.0 255.255.255.0
7 {3 A+ H2 i4 @access-list NONATDMZ extended permit ip 10.0.2.0 255.255.255.0 10.10.11.0 255.255.255.0
7 D; C, w2 c$ Aaccess-list vpn extended permit ip 10.10.6.0 255.255.255.0 10.2.1.0 255.255.255.0
, n* U! |- _* q; K2 y0 w# caccess-list split-ssl extended permit ip 10.10.11.0 255.255.255.0 any
! V/ F. G7 \" G4 q0 G$ _3 Waccess-list no-nat extended permit ip 10.10.6.0 255.255.255.0 10.10.11.0 255.255.255.0 & \! }1 }" o+ l9 ~& |: D
access-list kbox-nonat extended permit ip any 10.10.0.0 255.255.0.0
& f# c, {# m, c. w( |6 l! uaccess-list kbox-nonat extended permit ip any 10.10.11.0 255.255.255.0
. Z$ s% ?* I6 h8 w7 _, kaccess-list vpnclient_splitTunnelAcl standard permit 10.10.6.0 255.255.255.0 ( v- d) N  _7 c4 v( t2 l- i
pager lines 24! B4 ?* w2 P' u' v9 E: b
mtu DMZ 1500
! e9 q- x$ r! u! g+ ~ mtu inside 1500* _4 J) n+ h* b4 d& u
mtu outside 1500
+ p# x. E3 `8 Q4 s% W/ A ip local pool ssl-pool 10.10.11.100-10.10.11.200
$ c$ z4 V' T6 T1 |9 d no failover
# L( i( }6 _  _ icmp unreachable rate-limit 1 burst-size 1. B& }! R) @% F) j9 B5 K
no asdm history enable
3 U# j- u: m9 ^+ ^. v7 Y arp timeout 14400# h( ?: j7 G% X' n' I& n3 x
global (outside) 1 interface
1 `' t  j) Q! @) n6 j: A: \5 w nat (DMZ) 0 access-list NONATDMZ
6 e6 r; W, B  E+ \  O0 y nat (DMZ) 1 10.10.1.0 255.255.255.0- H& j- Y. J4 y! ^3 B
nat (inside) 0 access-list no-nat
% ?8 l- ~# `- w8 Z$ v nat (inside) 1 0.0.0.0 0.0.0.02 ]9 ~2 o1 U& X
static (inside,outside) tcp interface 3389 10.10.8.254 3389 netmask 255.255.255.255 9 W( [6 y, a! O
access-group acl_DMZ in interface DMZ
8 B8 K: h% v% i access-group acl_inside in interface inside
- Y. v: E7 N* A. v. r access-group outside_access_in in interface outside
4 n. f* s- y9 L  \9 B+ g* C route outside 0.0.0.0 0.0.0.0 222.178.228.1 1
) f2 r* s% E9 N! a0 m# T route DMZ 10.0.0.0 255.255.255.0 10.10.1.2 1" D/ p; B3 B  |
route DMZ 10.0.1.0 255.255.255.0 10.10.1.2 1: d9 l! v' N1 y& [  |* d
route DMZ 10.0.2.0 255.255.255.0 10.10.1.2 1
7 Y% n2 i( f8 c6 ?$ [8 v/ j4 z route DMZ 10.0.3.0 255.255.255.0 10.10.1.2 1* x" a& m7 q. z7 R/ Q1 f1 a
route DMZ 10.0.4.0 255.255.255.0 10.10.1.2 1& F, k/ Z+ S" u" u8 @
route DMZ 10.0.5.0 255.255.255.0 10.10.1.2 1
" o5 d( |$ \: R! i route DMZ 10.0.6.0 255.255.255.0 10.10.1.2 1
! c3 J/ ~0 V- Q$ @- P1 f route DMZ 10.0.7.0 255.255.255.0 10.10.1.2 17 S" }* o" X# Z6 G; [
route DMZ 10.0.8.0 255.255.255.0 10.10.1.2 1
) }6 }7 l7 R- v# X9 I) H' A) o# S route DMZ 10.10.0.0 255.255.0.0 10.10.1.2 12 s5 f+ a, k4 q$ t4 ^
route inside 10.10.2.0 255.255.255.0 10.10.0.3 1
6 r4 P7 h8 s) n, c  H5 g( p route inside 10.10.3.0 255.255.255.0 10.10.0.3 1
! n/ R. J5 \7 x; v# d route inside 10.10.4.0 255.255.255.0 10.10.0.3 1( f  l6 s, f( h5 r0 h* t
route inside 10.10.5.0 255.255.255.0 10.10.0.3 1
$ S* V* X- t  j& z+ t5 X route inside 10.10.6.0 255.255.255.0 10.10.0.3 1  G, e/ b/ _, ?6 k3 w2 [
route inside 10.10.7.0 255.255.255.0 10.10.0.3 1: M+ q* P, v* m* E, @% v
route inside 10.10.8.0 255.255.255.0 10.10.0.3 1
8 z2 r3 F: L; q: B4 {; C route inside 10.10.9.0 255.255.255.0 10.10.0.3 1. I# z6 _6 o4 E4 o, Q) J9 v
route inside 10.10.10.0 255.255.255.0 10.10.0.3 1
, ^! t0 l) K0 P! \% `( h route inside 10.10.11.0 255.255.255.0 10.10.0.3 1! E. S5 u0 ~9 @0 t$ m; u' w5 X
route inside 10.10.20.0 255.255.255.0 10.10.0.3 1
( e1 z; D# v/ K/ R timeout xlate 3:00:00
  E0 i$ H4 f( n timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
- F% ~' ?0 X% d1 f, B timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
& ~7 A) g8 ?! f; A- ^6 t timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00. c% W& K5 Z6 A7 }& Q
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
, n) l6 C1 F" F2 S+ \& r" z timeout tcp-proxy-reassembly 0:01:000 S* d# W0 C% ]; h2 d  v
dynamic-access-policy-record DfltAccessPolicy% h. @5 V0 K+ W9 N9 B/ |
aaa authentication ssh console LOCAL 9 j0 W6 u' }* H" E- P& g0 {
no snmp-server location. P( Z! X" U) G, `) i3 A
no snmp-server contact
% f: H" z& f3 f  g2 k5 A6 `% X+ }5 B snmp-server enable traps snmp authentication linkup linkdown coldstart. r: {, u# {) F  V8 o+ c
crypto ipsec transform-set mytrans esp-des esp-md5-hmac 7 \+ S: r+ E4 f* E- @# G
crypto ipsec transform-set myvpnset esp-des esp-md5-hmac
( X( @3 l0 @+ ]crypto ipsec security-association lifetime seconds 28800
: z4 N2 _% S# U# ? crypto ipsec security-association lifetime kilobytes 4608000
5 P; P8 z& w' u+ `4 z" W crypto dynamic-map 11 1 set pfs group1
+ q/ Q: R; S5 F2 p  D crypto dynamic-map 11 1 set peer 221.226.186.202 , o+ T" a& `' L+ K! R8 y4 o4 P
crypto dynamic-map 11 1 set transform-set mytrans+ p$ v! F3 E  K, N0 T. t& B
crypto dynamic-map myvpn-dynamic-map 30 set transform-set myvpnset
& t9 O) n. Q3 d9 K crypto dynamic-map myvpn-dynamic-map 30 set security-association lifetime seconds 288000/ B8 ^0 e; D5 m( V" B1 I. g" Q  ?
crypto dynamic-map myvpn-dynamic-map 30 set reverse-route
: J8 O1 @# g2 H$ t( G, P; g crypto map mymap 10 ipsec-isakmp dynamic 11
, k9 m- C# V  e& u- U. I( a crypto map kbvpn-map 10 ipsec-isakmp dynamic myvpn-dynamic-map
5 x7 C0 \6 f2 @1 Q7 |7 ~* @ crypto map kbvpn-map interface outside
% W$ j4 s( t  Y: E crypto isakmp enable outside2 O  s/ j+ p! q! O- m
crypto isakmp policy 1
+ [: c: b  f0 O1 p  |+ x authentication pre-share
4 N2 E% Q2 p: I$ o6 Y encryption des2 K; G2 S& _3 U7 W+ C% Z
hash md5; P' M# _/ v" w; m
group 1/ a1 g- y" `: h8 v# N6 U) P
lifetime 28800
* v# p8 z) S* x- F% J crypto isakmp policy 30# c: X4 [% a4 Y  `" }
authentication pre-share
* p" e& S- @  q encryption des
9 z/ S% N- b5 j( v; E3 u8 ` hash md5
6 g$ U/ E6 g* ]! ?3 r/ u group 23 I: o$ [6 B4 W
lifetime 43200" A& q! H# A$ H- {* l9 \$ z, r
telnet 0.0.0.0 0.0.0.0 DMZ% n9 R0 X( j4 L: {& l
telnet 0.0.0.0 0.0.0.0 inside
4 P. c4 i9 D8 X, w6 H telnet timeout 53 W/ a3 }1 V0 A5 L, E9 @  n
ssh 0.0.0.0 0.0.0.0 DMZ; }$ j* [- n- f& q. M7 q
ssh 0.0.0.0 0.0.0.0 inside; O, P: G5 `% v% O( I. j5 F; u
ssh 0.0.0.0 0.0.0.0 outside( o; k5 o* S( O8 W) T
ssh timeout 5
* _5 G( [4 I8 F$ D ssh version 1
7 i( d; Y) m& p6 u4 K& K) k console timeout 0
- x* j: P; p3 X' C threat-detection basic-threat8 x; W5 F6 m( i
threat-detection statistics access-list$ ]2 n! d/ @! i1 V0 n& U( H  B
no threat-detection statistics tcp-intercept
9 f3 }: O0 h% B webvpn
- G; {  Q# y, Q' @$ \  X enable outside
3 v) e. q8 T8 a( W) f6 a) @ svc image disk0:/anyconnect-win-2.4.1012-k9.pkg 1
: ]1 x5 g& {9 Y" U# Q: ^+ q svc enable! A3 C2 l+ Y( m7 s3 {% k! x- b
tunnel-group-list enable
. F1 X/ Y' A& b% M3 r# H3 c group-policy mysslvpn internal
. N6 \7 D3 m  s2 R( f/ A% b group-policy mysslvpn attributes/ p( J; G- V) A
vpn-tunnel-protocol svc webvpn
/ P/ c% s, G8 ~ split-tunnel-policy tunnelspecified
! }# o! [/ @4 L- B! F: a webvpn
5 X6 |+ h6 `; L   svc ask enable. \& Y' i; [0 \" q' m8 \) j2 q
group-policy vpnclient internal0 R6 I  ]& N% _! ?  z/ m3 N
group-policy vpnclient attributes
5 N- V: W/ h. }+ G7 u) b$ |$ `! D split-tunnel-policy tunnelspecified& z/ b' B: F. a! I3 P1 ?6 {8 y
split-tunnel-network-list value vpnclient_splitTunnelAcl1 M& A# X+ ?6 L
group-policy vnplient internal
9 G# t7 C1 e& E# ^& ]4 ~ group-policy kbvpn internal
1 _+ c' Y, `' A( n/ ~ group-policy kbvpn attributes% Z- }3 x* [" E8 {
dns-server value 202.96.134.1344 E$ @* H$ Y8 G5 Z+ b+ L- u$ j- a
default-domain value sai.internal8 k2 D* |  i/ @3 b8 d2 @- A
username test password Ml5fT94l.h0Lx1Mx encrypted% ^3 q' P: B9 S9 x* S$ F
username test attributes$ P& e% H1 Y( Z5 V8 p* K$ O! A
vpn-group-policy mysslvpn
: I! R' Q- \" R- n  S! `! R username saivpn password UxQAbmBtn5COxcam encrypted
6 a! x  I8 ^$ y% [9 q$ m" x username saivpn attributes9 w$ J+ K& Z) H7 \
vpn-group-policy kbvpn( R! W; d4 o$ u. u- F
username cisco password 5GXZVPtV0PmkexwA encrypted privilege 159 _0 k  S2 h: _$ p8 _
tunnel-group mysslvpn-group type remote-access
8 O, S! ]; C. \: O2 |  B& c tunnel-group mysslvpn-group general-attributes
- j) _& \$ _# |) N% t/ a3 f# I address-pool ssl-pool( ?( s  E: G/ m
tunnel-group mysslvpn-group webvpn-attributes6 M& X0 H! K( j
group-alias group2 enable, C7 E! f4 q* ~  ~: _
tunnel-group 221.226.186.222 type ipsec-l2l+ m7 ^; ]' b8 |) A& Y/ @
tunnel-group 221.226.186.222 ipsec-attributes5 N; }; b( i! y. y9 H2 H, t  I  l
pre-shared-key *7 \: Z: ?, P' y: e) J* i
tunnel-group kbvpn type remote-access3 p* G4 a/ G8 }" E: z5 l  F/ {
tunnel-group kbvpn general-attributes" F9 {# i; ]! \% Y/ Y7 V- E
address-pool ssl-pool" u' q/ D% J/ L
default-group-policy kbvpn
9 W( ]- P0 a  \! X" } tunnel-group kbvpn ipsec-attributes1 f$ Z1 J: K) X$ k. ]' f" G. n0 h8 U
pre-shared-key *5 P+ J, G3 W" x" \, p
!; u" {5 z8 S. R+ w+ M( a3 r8 s
class-map inspection_default
2 M8 p9 D( y8 s8 J4 m3 O( [ match default-inspection-traffic
7 u5 Z/ r" |- X" H/ k !2 J; I, A8 \4 E& K
!
# V4 R8 r! _# l/ G! A policy-map type inspect dns preset_dns_map, O# l8 s* y3 b1 }( O
parameters: ]( j) i. }; h, b+ a0 ?. p
   message-length maximum 512% y, n, b, F+ u0 Z! ~* q
policy-map global_policy; Z: Z! e+ X0 {; W2 ~1 z
class inspection_default
$ x: [& n' u% b   inspect dns preset_dns_map
5 H/ H& k6 C; r8 e! G" N" @  inspect ftp 4 T% r! X) M, u+ ?: Q/ t2 C$ W, p
  inspect h323 h225
3 m% F/ c" Y; Z6 _2 d8 n  inspect h323 ras 5 C2 T% Y" ?" o. W
  inspect netbios 9 [8 f  \/ E' o/ b8 c6 Q' z
  inspect rsh
* Q& z3 _9 r6 Q! ]  inspect rtsp * X/ }% b& V$ X
  inspect skinny  6 q2 j( ^; \/ h% D6 X
   inspect esmtp
( _  w( A$ \! o5 U" S1 x  inspect sqlnet
' ?7 p+ N# ^1 G( H: k  inspect sunrpc
1 i1 I' d9 F% T+ r9 e" A$ o  inspect tftp 4 m% x7 A! Y) V3 S
  inspect sip  4 a0 z# `% G$ j4 P" m+ d7 f5 d
   inspect xdmcp
, h& n- V$ G+ ], F/ }!) J6 t2 K+ K# [- V
service-policy global_policy global0 A& g- u/ K) a
prompt hostname context ; l4 L4 p6 N. }: u* O" V* j
Cryptochecksum:ce63fb82dff1232a82660339950b8b54
, j4 j0 t% b% q. B, w : end
回复 支持 反对

使用道具 举报

点支烟看夕阳 [Lv5 不断成长] 发表于 2013-7-12 08:28:54 | 显示全部楼层
56-bit DES……
回复 支持 反对

使用道具 举报

twyman003 [Lv5 不断成长] 发表于 2013-7-12 09:26:09 | 显示全部楼层
3楼的方法可以借鉴
回复 支持 反对

使用道具 举报

tell [Lv4 初露锋芒] 发表于 2013-7-12 09:28:31 | 显示全部楼层
  56-bit DES……                                                                                                                请问DES加密方式有问题吗?
- U( M. s3 E7 n- A1 A1 n4 Q% t
回复 支持 反对

使用道具 举报

twtyn [Lv5 不断成长] 发表于 2013-7-12 13:24:00 | 显示全部楼层
ping 的是什么地址?是10.10.6.0/24中的吗?
: |( a% Z& A$ m1 r/ Q" f" Z$ ~access-list no-nat extended permit ip 10.10.6.0 255.255.255.0 10.10.11.0 255.255.255.0
回复 支持 反对

使用道具 举报

qbzx [Lv5 不断成长] 发表于 2013-7-12 16:13:47 | 显示全部楼层
ping 的是什么地址?是10.10.6.0/24中的吗?
% D) C7 s1 {9 a& ^access-list no-nat extended permit ip 10.10.6.0 255.255.255.0 10.10.11.0 255.255.255.0                                                                                                                对啊,客户端获取到的是10.10.11.0/24的网段,ping 10.10.6.0的网段!
回复 支持 反对

使用道具 举报

下一页 »
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

QQ|无图浏览|手机版|网站地图|攻城狮论坛

GMT+8, 2025-6-13 14:13 , Processed in 0.109812 second(s), 18 queries , Gzip On, MemCache On.

Powered by Discuz! X3.4 © 2001-2013 Comsenz Inc.

Designed by ARTERY.cn