我接了一台5510 做SSL VPN,远程客户可以成功登陆VPN,并获取到地址池分配的地址,但是无法ping通inside的下一跳(182.168.248.35),更无法ping通内部要访问的服务器(192.168.84.92),我通过登陆ASA可以ping通内部服务器,说明内部路由什么的应该是没什么问题的吧,可是问题出在哪呢?急,请高人指点
9 v E3 `& x8 \+ A3 D3 N. C% l5 P" a L6 H1 u& l0 P
ASA Version 8.2(1)
% r& p' r1 ?8 G: K!: s# h; o$ p6 R$ i9 w/ C7 ?
hostname ciscoasa2 Q$ H% D+ d% v, a; h
enable password 2KFQnbNIdI.2KYOU encrypted: a9 y6 B- x( G0 E/ j; w& a! T
passwd 2KFQnbNIdI.2KYOU encrypted
2 U4 ^$ L/ A3 K$ k# q: Hnames: t- w, W$ s# [* L6 ]# p5 p& s& _+ v! \
!
; v& [7 f: _, uinterface Ethernet0/0
: J Q9 J y7 F6 b- } nameif outside
8 n5 }2 ? v9 W- u- j: A9 C. q% u' M% n security-level 08 {: T0 T2 ~. o! Z2 n
ip address 192.168.248.13 255.255.255.240
' u6 d; ]) T3 _" f) d8 j4 J!, {" S+ r2 @& ~8 B8 C8 W/ v
interface Ethernet0/1
e% R: {2 Y6 \! f. z nameif inside0 X3 {" U/ i+ u* u$ ]1 ]6 ^/ t' @
security-level 1005 J" s/ n: W7 A2 T8 c
ip address 192.168.248.43 255.255.255.224
' Y- X3 A% n* y# F+ j6 K% v!
8 y% g( F% s8 W$ ^/ Q5 finterface Ethernet0/2
. y" N6 K% z5 E- ~: ^ shutdown3 h# ?5 O9 ?) v* R! S
no nameif. p3 Z4 @; m' {0 J) Z
no security-level# V6 m/ |% x% Z% D2 n9 {
no ip address
4 r: X3 J( }; Y/ @!8 z6 |) V2 d+ t
interface Ethernet0/3
( G+ U1 V s5 v1 Y shutdown
+ F" E: F/ y! l no nameif% C! t1 q& o; E3 G3 p$ r
no security-level
& Y6 d7 s- i' u5 B: a" @2 F; l no ip address
. V$ ]% b' ~. }+ I1 U$ D3 M4 O5 L!5 h- R& D' v2 }2 Q( ^
interface Management0/0
9 H9 D& D2 M! k, D% ^" M' ~9 L shutdown7 H& s$ w" o _5 t6 e
no nameif
F" {% i; ]' I# e no security-level( B0 t7 ~& ]4 l& n8 I* L$ T8 J2 F
no ip address
) @6 E7 C' Z5 B$ ^!
6 G, e5 K& ]5 K/ r2 a5 ?! w* rboot system disk0:/asa821-k8.bin& S# B9 p2 o+ M. j+ _3 g
ftp mode passive/ ~2 |( j: ~( j) N6 I( \
access-list inside_nat0_outbound extended permit ip 192.168.248.32 255.255.255.224 172.16.222.0 255.255.255.0 3 j$ E* G: @+ c
access-list split-ssl extended permit ip 192.168.248.32 255.255.255.224 any
& R. j% I% J$ r7 _pager lines 246 K. S* _! \) r6 q
logging enable5 X6 a c1 o3 q& W" x" f
mtu outside 1500
; \! c7 s- m; O; }; t9 \mtu inside 1500
. x) M8 G6 k* uip local pool SSLClientPool 172.16.222.1-172.16.222.254 mask 255.255.255.0
% J4 w3 y( M( j1 c- Gno failover: j7 ?$ j p5 S s9 G. }
icmp unreachable rate-limit 1 burst-size 1
6 L- ~" t" z; d. K5 Z$ lno asdm history enable8 b9 @, U# V3 P' q+ q' g7 L. B
arp timeout 144006 K F5 e# i# g5 g
global (outside) 1 interface7 h' m7 c5 o! d
nat (inside) 0 access-list inside_nat0_outbound
X& h7 p' R5 T# y- X( o' cnat (inside) 1 0.0.0.0 0.0.0.0) W8 `% g9 k" ~7 H5 P, I( E! w T
route outside 0.0.0.0 0.0.0.0 192.168.248.7 1# I+ c3 T# e* Z. p' m# K
route inside 192.168.84.92 255.255.255.255 192.168.248.35 10 Y* {. [, P2 J
route inside 192.168.84.93 255.255.255.255 192.168.248.35 1
$ M: x2 ?$ H" @( ^9 Froute inside 192.168.84.94 255.255.255.255 192.168.248.35 1
2 P6 h' C4 {9 l. L- _route inside 192.168.245.58 255.255.255.255 192.168.248.35 1
) L: l Z) S$ P/ r8 M0 E) G& xroute inside 192.168.242.80 255.255.255.255 192.168.248.35 1
# L! G6 i& A5 ^route inside 192.168.242.81 255.255.255.255 192.168.248.35 1
, |4 j# i) g/ l3 l2 y! Mtimeout xlate 3:00:00
; B# q& h' d# \timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
0 }. X' u* G4 s' j& q! F1 p% htimeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
R+ e- i" b, P B* j( `timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
% G/ K; v6 _/ \, |* N: Qtimeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute" Z) q7 ?- Z5 @4 [
timeout tcp-proxy-reassembly 0:01:000 T3 S% U% W6 C' r
dynamic-access-policy-record DfltAccessPolicy# Z- q u5 A: B; G
http server enable
' \( Y/ [7 X7 l9 D* D/ G, u: Ohttp 0.0.0.0 0.0.0.0 inside
+ e2 L: E# X' W6 K3 W/ N+ v+ \) dno snmp-server location
% i/ \& l M) ?! [' D1 N5 Vno snmp-server contact; G" ^$ t: ~& x. I& Z* V- ?8 h; K
crypto ipsec security-association lifetime seconds 28800
5 A, l9 B' M2 l6 Z3 ^7 ~' lcrypto ipsec security-association lifetime kilobytes 4608000 G1 j+ ~$ z5 Q4 j+ O3 A: ~7 q
crypto ca trustpoint localtrust* V6 R/ k* S |
enrollment self' |' n$ x3 T' Q- t' Z6 X5 N5 q
fqdn sslvpn.cisco.com4 |) h( L" Q# [4 A7 [
subject-name CN=sslvpn.cisco.com
2 Q, z! L" r" f; D3 W! \8 t keypair sslvpnkeypair
0 s; O1 w+ _4 U( Z- j crl configure5 f: m" G" ~+ J. [
crypto ca certificate chain localtrust/ r" u* z% m9 s" T
certificate ea637e50
) e- ]( f6 r, ~: j% | xxxxxxxxxxxxxxxxx, R) J, z1 O3 B/ {4 E2 h
% ~2 @: A% q3 F8 y6 vtelnet timeout 5- G* @. i6 |0 a6 a
ssh 0.0.0.0 0.0.0.0 inside
1 `* r" u. ^7 Issh timeout 5
" K% c5 c& T' Y$ G" u9 w6 Aconsole timeout 0
* a7 o/ a' @7 f& Jthreat-detection basic-threat5 ?# `6 X% ~8 b
threat-detection statistics access-list; z; a/ d7 h7 w7 `
no threat-detection statistics tcp-intercept5 P$ w- a; b- [4 c
ssl trust-point localtrust outside
1 A% S: U- S0 `% v9 dwebvpn" z! P, w; R% y" K
enable outside$ x* g8 z) D, p% u2 |
svc image disk0:/sslclient-win-1.1.4.179.pkg 1& `. v% d- k' u% I* z* @
svc enable/ }% @- n4 r4 }$ z8 u2 h5 \
group-policy SSLCLientPolicy internal3 ]7 N6 t% [ @( ^
group-policy SSLCLientPolicy attributes
! U0 U* }0 H. s1 O% I6 K: W vpn-tunnel-protocol svc 3 A, Z. X" ~; k
split-tunnel-policy tunnelspecified) P( c- b1 G+ j' y) M
split-tunnel-network-list value split-ssl
- {4 Y$ f0 d. K address-pools value SSLClientPool
1 q+ y* D# X( Eusername test1 password Kg/Rgy23do7gPGTv encrypted
; x3 z( {( J) I' qusername test1 attributes
7 _, T6 Y+ ]' m4 i2 ` vpn-group-policy SSLCLientPolicy
4 b. w6 ]) K ] service-type remote-access- o( M% Y3 j! H( [ | T
username test password P4ttSyrm33SV8TYp encrypted
- y# `% _( t% h1 Tusername test attributes
5 K! M$ X$ e$ w) V- r% B vpn-group-policy SSLCLientPolicy8 X' _! p4 k+ ^
service-type remote-access8 k- `3 q8 ~! P7 ~( W
tunnel-group SSLClientProfile type remote-access
3 h7 J4 }: W* |$ otunnel-group SSLClientProfile general-attributes2 j; D) s; W: w' ~( E5 I1 u- f9 m
default-group-policy SSLCLientPolicy
( K% i# F6 Y7 X% P0 \2 btunnel-group SSLClientProfile webvpn-attributes
/ Y/ H' u F; Z- X" e0 {1 y% [ group-alias SSLVPNClient enable
) ?4 C# S* J' A4 P j8 T!
! }# y+ m* q6 J( T; Uclass-map inspection_default& b5 |& S6 c4 \
match default-inspection-traffic5 X5 {( e8 N$ k! v
!
% j( F* F6 N, N!; Y4 A& J7 l7 i8 F
policy-map type inspect dns preset_dns_map* F: B- M9 a" P4 B
parameters
5 P1 z5 {! n3 Y4 }' g# J$ L message-length maximum 512
7 t" v5 W2 z+ W6 Q' p( @1 o3 |# J message-length maximum client auto: M' N3 p% c* n; r
policy-map global_policy
: S# K0 A+ K/ z2 H+ G. q. D' W class inspection_default
7 k4 s( K; e9 H0 [ _ inspect dns preset_dns_map s! \+ H8 d& e2 X$ p4 Q
inspect ftp
* } ~! ?, C! ]! z, N. C inspect h323 h225 3 g4 J3 W% c- p( N' O) ^( `
inspect h323 ras
6 r9 w7 d( E9 a7 y inspect netbios
$ K' A3 r9 H N1 t ~. N% O inspect rsh 9 _9 @# L3 ?$ q2 z, ^0 N3 b
inspect rtsp - s/ [* I8 U% X Q" ~& a
inspect skinny
1 q* [$ u G: L: T2 r% C, l inspect esmtp / P. O3 f' F7 M' P
inspect sqlnet 8 B4 F) e9 f) {+ r+ u. C
inspect sunrpc
X O) l6 _" T6 k/ ] inspect tftp - i, ?7 [: a/ d
inspect sip
2 X6 |; w8 b9 q8 q& U inspect xdmcp 6 R; f8 |, J3 y5 S
!* F+ l, K2 y1 N* f, E3 b$ K
service-policy global_policy global) ^ S. z* k Y+ E4 |9 `. F* g
prompt hostname context
$ `/ F+ M) `+ ~4 [Cryptochecksum:fd2d64f60c6e2eb61e219e0b04c11ec6
" u' c: I& o" ~" |: end
5 [$ b0 n% Y+ M. w2 ]# Xciscoasa# |
|
所有IT类厂商认证考试题库下载
【新盟教育】2023最新华为HCIA全套视频合集【网工基础全覆盖】---国sir公开课合集
【新盟教育】网工小白必看的!2023最新版华为认证HCIA Datacom零基础全套实战课
原创_超融合自动化运维工具cvTools
重量级~~30多套JAVA就业班全套 视频教程(请尽快下载,链接失效后不补)
链接已失效【超过几百G】EVE 国内和国外镜像 全有了 百度群分享
某linux大佬,积累多年的电子书(约300本)
乾颐堂现任明教教主Python完整版
乾颐堂 教主技术进化论 2018-2019年 最新31-50期合集视频(各种最新技术杂谈视频)
Python学习视频 0起点视频 入门到项目实战篇 Python3.5.2视频教程 共847集 能学102天
约21套Python视频合集 核心基础视频教程(共310G,已压缩)
最新20180811录制 IT爱好者-清风羽毛 - 网络安全IPSec VPN实验指南视频教程
最新20180807录制EVE开机自启动虚拟路由器并桥接物理网卡充当思科路由器
[复制链接]
