ciscoasa# show running-config4 [: @2 ` U; O- [ _
: Saved& [7 T% ]$ i& o
:6 ]- L, U" r4 O0 o: f
ASA Version 7.2(3)
2 b- K! m* `+ S!
3 j, l( d- ?& Z7 T% x2 ^hostname ciscoasa
C( w" B* O9 B a4 f- u+ Qdomain-name default.domain.invalid0 {, F. e8 _$ }1 ~" z5 U/ m: G
enable password 8Ry2YjIyt7RRXU24 encrypted0 ?5 p5 G/ E, L$ x- `* ?6 _
names
G* o& P, b6 [0 `; m!
" Z! d' s7 z s, L( U1 jinterface Vlan1
8 v3 [) V, A: ?. U! V+ Y; A% T3 O nameif inside
. R6 Y' i& g. ?3 K7 u& b; Q, U security-level 100; ^$ a5 u/ Q; `0 O( z# W
ip address 192.168.1.1 255.255.255.0
. J! ^, g A. }3 \4 l$ \% \! s!! q7 H2 b) V3 ^2 r u# G0 P
interface Vlan2+ F1 X4 g+ i- ~2 a+ m
nameif outside
7 i, k! f B. V4 `% o7 F' w security-level 04 B* g( D3 i2 N3 U; w5 N1 V0 m
ip address 192.168.0.123 255.255.255.0
5 ?, j f- \. h2 \!1 j7 L! y2 Q# Y( g3 m: G
interface Ethernet0/0
2 ?. n8 O: g% ]5 U!
. B2 r0 Y% K" `$ y- Y8 h/ g7 E, hinterface Ethernet0/19 b+ C7 q- j# f- T3 L; R
switchport access vlan 22 Q/ K' R* ^" ~, a& f" J7 ?
!
/ M1 t9 D0 N U; ninterface Ethernet0/2
1 u3 @9 V, H7 C, D) L( v shutdown
+ `6 D) }' o- {1 w1 m- u0 @) t6 g!
* I" \( T$ H- }: j3 }. }5 ?interface Ethernet0/3
* {1 Z& g+ c) x shutdown
9 j4 G* r' W* }9 r$ K. u!
& m2 z) K0 M; {5 |5 _/ Finterface Ethernet0/4, U1 `, a v; |$ |1 m& B: }% `" k
shutdown' w* z3 G: s% j
!
# `' p& h. R6 p5 Hinterface Ethernet0/5! a0 D s: `+ {. k& U n3 X1 a
shutdown
5 Q9 t. A0 m2 s!. j0 ` r) f& J( d# J) b
interface Ethernet0/6 P2 u2 b, j: f: C, z0 @4 F6 k, ^
shutdown
2 |' E. S- L+ ?' e2 x+ k @ {!0 a* V1 c' C7 G3 Q% d- o
interface Ethernet0/7
& C, ^! S( r; @6 A, V% K7 K shutdown
- H/ g* L+ K y!
7 O+ _2 Q N/ }# O' fpasswd 2KFQnbNIdI.2KYOU encrypted* o' Q4 w$ V- q w
boot system disk0:/asa723-k8.bin; `# P* M' A- K Q0 V
ftp mode passive
8 l3 N$ g8 n: Q% `0 V! K p1 ^. t6 wdns server-group DefaultDNS5 t" L- B0 E7 y
domain-name default.domain.invalid* w" E% M4 k7 N6 J2 y7 D9 u8 x% w
access-list 100 extended permit ip any any. F" j+ ~8 L7 t0 X/ h
access-list 100 extended permit icmp any any# ?" @' Z6 X, \3 @
access-list inside_nat0_outbound extended permit ip any 192.168.2.0 255.255.255.0* a. \) R2 G T+ H+ e) M4 y! g
pager lines 24
5 r1 j0 m+ _4 w, d# imtu inside 15007 P. a5 s2 V" S) o4 G4 {; \8 e& F& j
mtu outside 1500. H7 F5 a5 w3 R( u; \* O5 e
ip local pool vpnpool 192.168.2.1-192.168.2.200 mask 255.255.255.0; y: ]" f$ g( Y2 E7 b J L! ~
icmp unreachable rate-limit 1 burst-size 18 B, O! k( @9 s5 Z) N- `, M
asdm image disk0:/asdm-523.bin
s+ p) Y2 F0 R3 a H' G/ _no asdm history enable
$ v4 U4 A' T% h. y/ w& n, |, }, @% Sarp timeout 14400& d6 M" \6 {0 R) c% A6 n. ?
global (outside) 1 interface
( O- s! `: |; nnat (inside) 0 access-list inside_nat0_outbound1 |) k& e% Z. R$ ~0 x' a
nat (inside) 1 192.168.1.0 255.255.255.0
) u2 z# u: M5 R1 ~( w* k9 ]: {access-group 100 in interface outside, [- |% e# s& K( f# J3 p: V
route outside 0.0.0.0 0.0.0.0 192.168.0.1 15 p y( c! A3 L, ?
timeout xlate 3:00:00
+ Z& t+ w) F* |# O- Jtimeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02- A( H/ S/ O( }; p5 V: j
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00& r" c3 o. L7 P6 C p
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
9 \+ L( x( j" B, @2 F7 W: Y5 Otimeout uauth 0:05:00 absolute" P# _" v- U. r) i$ i6 {
http server enable
, a* q7 ^+ E( T- E9 ehttp 192.168.1.0 255.255.255.0 inside! s) c& b; @0 X/ q0 u
no snmp-server location8 [- W2 j3 x/ u) @& |
no snmp-server contact8 `; Q8 O6 h+ G0 \. a2 D3 h! R& K2 F6 S
snmp-server enable traps snmp authentication linkup linkdown coldstart
; Q; d9 {! x8 s) I- gcrypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
8 W9 c. i1 G% k& Dcrypto dynamic-map outside_dyn_map 20 set pfs
4 a+ z6 G7 e u, D! Pcrypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA L! p# s2 x6 i0 p% t' n# \3 X1 c( u
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
% x4 S; G4 m r: Q9 b4 H( Xcrypto map outside_map interface outside. ]2 F+ f0 U7 C5 n" e
crypto isakmp enable outside! Y2 k, j3 O) j% R, k; [6 U
crypto isakmp policy 10: V8 a- P3 Y. |2 {
authentication pre-share
j8 Y6 c& ]0 W: U8 U2 o encryption 3des
0 ~8 Q7 p. h' h. k) Q2 ^" o0 j hash sha& t; ~ {2 q9 v8 r9 Q, G9 H: }
group 2
% e: J; G, x% d" c! _ lifetime 864003 d3 Z# g R+ p( c6 F e1 V+ b
telnet timeout 5/ c; N* I3 j! M# f/ C. E( \5 ~
ssh timeout 5
3 l7 i" S4 B& o4 `* @* e7 G* kconsole timeout 0( o( {) W7 |* v* ^) H2 s2 N' ^2 q
vpdn username cisco password ********* store-local
8 u) f* ^) h1 c2 N1 i; K- ]9 v- K8 G8 J7 u' V" t0 [7 f4 N# u
!
$ _/ u* X2 |5 m, `( B1 A! {4 K( `class-map inspection_default
* }1 N+ _# X+ o2 [1 Y) d- y/ p match default-inspection-traffic6 e4 K; ~8 }5 L3 w; ?
!7 o8 v& v: A1 d
!
" f2 Z9 @5 ~* Kpolicy-map type inspect dns preset_dns_map; j4 N5 J3 p4 i: Z
parameters
- J; G+ w9 w/ i5 ^ message-length maximum 512
) I0 h! E9 w# y# u9 Q7 C' R4 Gpolicy-map global_policy9 U; Z0 h% |3 H& T. W" k# p
class inspection_default: H$ {/ ^8 X( \& y$ {6 [2 ?# t* I$ z2 w5 e
inspect dns preset_dns_map
V0 i) u( R( h n4 W' u inspect ftp
8 s# {% _( J$ I+ j inspect h323 h225) `" p! `% ]0 a6 ^
inspect h323 ras0 n7 E; W3 {7 O+ Z% `/ x
inspect rsh& W6 G4 k" o" U( o
inspect rtsp2 ?: W& }4 r. M% W) m6 u( g, M
inspect esmtp( b; w8 _" B2 \: H6 K
inspect sqlnet
% L: u) _5 l% ` M% O inspect skinny' I7 M( L7 E; `4 B
inspect sunrpc
) H' z0 X6 [! B# u/ W) @+ f inspect xdmcp% @& I- t- T- |: X) f! s+ O$ b. Q6 _+ M( n
inspect sip
/ j- Y' D3 o# g1 z6 t0 @ inspect netbios
8 v9 g7 i1 G+ L9 J" m0 S inspect tftp
' W N/ r9 X7 k% J/ F!
+ _& k6 M7 h8 J6 x) ?service-policy global_policy global; y0 t: X8 K) c* l. V8 c. D
group-policy cisco internal
# j" L7 V+ b3 n- Y4 t9 igroup-policy cisco attributes
2 J; w' ?$ l" @) R7 O/ f- L7 _ dns-server value 202.106.0.20
" j4 d( D* K! Z vpn-tunnel-protocol IPSec i1 D2 S6 v* x$ z5 N1 s
username admin password eY/fQXw7Ure8Qrz7 encrypted privilege 0
0 w/ h, E5 u7 t! F0 lusername admin attributes
5 W5 T+ Q$ o( Q/ @/ Y vpn-group-policy cisco
; q$ h' n' |2 Y9 H% z, [username cisco password 3USUcOPFUiMCO4Jk encrypted8 {0 \# \! I+ E9 M2 n* x
tunnel-group cisco type ipsec-ra0 L; A C8 i8 x) w4 M2 \5 H; q0 b
tunnel-group cisco general-attributes
5 Z1 w" {. t# C' x address-pool vpnpool
* G Q0 U4 E/ \; S" h+ H default-group-policy cisco
' s0 n4 R3 W( |! _! ftunnel-group cisco ipsec-attributes
/ H* |* \6 k7 t pre-shared-key *
$ T$ K. m: e, K/ y$ Aprompt hostname context) i$ C M8 H, |/ O% \, ]
Cryptochecksum:5159e8065b74b0c99d69294325bc757d! J& e, M+ ^/ v9 t% K
: end% E8 X- x V. S- F
$ F6 H+ J% E. f/ w3 F
* ]4 n! h" y7 i9 S- r! v# _配置完之后,远程客户端可以PING同内网,但是远程主机被分配的地址和被分配的网关一样,还上不了外网,谁能帮忙看看,谢谢了! |
|
所有IT类厂商认证考试题库下载
【新盟教育】2023最新华为HCIA全套视频合集【网工基础全覆盖】---国sir公开课合集
【新盟教育】网工小白必看的!2023最新版华为认证HCIA Datacom零基础全套实战课
原创_超融合自动化运维工具cvTools
重量级~~30多套JAVA就业班全套 视频教程(请尽快下载,链接失效后不补)
链接已失效【超过几百G】EVE 国内和国外镜像 全有了 百度群分享
某linux大佬,积累多年的电子书(约300本)
乾颐堂现任明教教主Python完整版
乾颐堂 教主技术进化论 2018-2019年 最新31-50期合集视频(各种最新技术杂谈视频)
Python学习视频 0起点视频 入门到项目实战篇 Python3.5.2视频教程 共847集 能学102天
约21套Python视频合集 核心基础视频教程(共310G,已压缩)
最新20180811录制 IT爱好者-清风羽毛 - 网络安全IPSec VPN实验指南视频教程
最新20180807录制EVE开机自启动虚拟路由器并桥接物理网卡充当思科路由器
[复制链接]
