ciscoasa# show running-config
) P* ~( n6 x6 A8 W- Q$ K: Saved! w+ U, @$ G. a) B; h! Q F, m/ }/ A
:9 w; v/ c0 f! y1 N3 x
ASA Version 7.2(3)5 p b; N$ y* K5 N+ D; N) h
!9 s' a) C; @6 C V1 O% p
hostname ciscoasa$ |8 V8 b+ i- h. c4 I* y# @; C
domain-name default.domain.invalid! a+ Z$ C+ Q# @. B, i* W% n Q/ R8 D
enable password 8Ry2YjIyt7RRXU24 encrypted$ ~6 ~* o8 R* B3 K2 Z
names
0 ^, Y( D: Y5 `( V b$ I0 h!# c* e* s- W6 I# P( [+ G* A
interface Vlan11 ^7 I6 U0 K& L
nameif inside
6 r- C& e. i% W+ m4 N$ ? security-level 100
6 I) ^& I& X$ ]. N8 I, M ip address 192.168.1.1 255.255.255.0" b5 F8 I' K; [& C }1 `+ e
!7 j+ L% |# }" r: J
interface Vlan20 A5 C8 f9 Y' r: s9 D; Y
nameif outside) t1 F9 j5 V ]- S$ i3 e) D- f$ a3 _
security-level 0
4 [% X3 }, ?. C( Y! s ip address 192.168.0.123 255.255.255.09 u" U9 X0 K2 T* g6 b- i/ h2 G4 Q
!2 M! r: U; t- B1 Z5 I1 C3 C
interface Ethernet0/0) B7 i: R) e, ]2 A, O# B
!
7 L' O, A, l% `3 Dinterface Ethernet0/18 H) G, m4 r( S# X
switchport access vlan 2
! w: T4 _8 c% D0 x3 v" u!
+ m4 b/ G. i/ g: F: u9 I, Yinterface Ethernet0/2
5 r1 B8 C; S M1 S& x U shutdown9 C3 S$ u; s, d6 r4 E5 V
!
0 b( { T" ?5 {8 q3 D& Iinterface Ethernet0/3
$ w; O4 ^ V: d* C8 N& S shutdown
% f2 u# K) I9 d!
# T6 o L% \/ O0 v+ l7 @* Vinterface Ethernet0/4 P2 X) }) i+ ^1 e9 l
shutdown2 O. z% ]3 p0 R$ @) E* m
!
L9 } [6 l9 p( c# _interface Ethernet0/5
% d5 `4 p; c2 R, i shutdown) Q' ?. Z8 k% U" a! O; h7 F# R
!
1 t: t6 n) m# V5 [( [4 [( G, ]7 v4 _interface Ethernet0/6
3 s, [; Q/ c" `/ q! E7 R$ K shutdown# a7 L! T8 ]5 T$ ^, X2 ~! e( Z6 k
!0 I7 N- W9 a0 U2 V& c" C2 p# n
interface Ethernet0/7
3 u9 O: [4 u+ E: J shutdown
( T3 A5 a9 c9 S X2 T1 ^- M+ R!6 u/ x) _7 L+ P/ T4 ?8 K) G
passwd 2KFQnbNIdI.2KYOU encrypted
! A" R# K1 A* D* j" d1 sboot system disk0:/asa723-k8.bin6 V- i& r/ F) [$ ?
ftp mode passive8 y" x3 j, T2 y
dns server-group DefaultDNS9 h$ l8 a, O: r+ Z. b4 T
domain-name default.domain.invalid/ F& j9 i/ A5 V. u0 I' d
access-list 100 extended permit ip any any
9 T0 A3 e8 [5 taccess-list 100 extended permit icmp any any# m- T3 s* q/ K! N; R
access-list inside_nat0_outbound extended permit ip any 192.168.2.0 255.255.255.0
1 }8 l& W1 R+ ]pager lines 24
) m! t* v% F/ ~. ^4 omtu inside 1500 k; `- \+ s0 }' v; Y
mtu outside 15003 ~) W0 y' N) b3 A N; H
ip local pool vpnpool 192.168.2.1-192.168.2.200 mask 255.255.255.0
4 V+ ~7 `7 C/ E" S1 W- O# nicmp unreachable rate-limit 1 burst-size 1
5 o$ h. z( T: ]/ kasdm image disk0:/asdm-523.bin) t2 L0 i7 J+ y* T
no asdm history enable
% P/ a3 o/ y( F& ]arp timeout 14400
# {" h2 T2 d. F/ b, P. Eglobal (outside) 1 interface- \, ~8 h6 T7 A4 b
nat (inside) 0 access-list inside_nat0_outbound
* O4 I& W2 v# v2 ?- N2 xnat (inside) 1 192.168.1.0 255.255.255.0" l* S8 N6 O1 [* r) g& V0 L0 m
access-group 100 in interface outside
' P! }6 i2 d( }" Lroute outside 0.0.0.0 0.0.0.0 192.168.0.1 1- q# ~/ `8 H* b. i* _6 A
timeout xlate 3:00:003 }6 {- W7 Y4 V I
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02- m( h0 h e- B1 x% l3 u
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
( G, t. i( N! Ktimeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00- r6 X8 @! F3 V9 s. F
timeout uauth 0:05:00 absolute6 ~9 @ n7 s7 N. p+ ]8 w
http server enable
3 {4 b$ G) S* lhttp 192.168.1.0 255.255.255.0 inside. `8 t x4 N1 o' R/ ?5 w* r; M2 l
no snmp-server location
& {+ B9 C( Y, {, Y1 X2 ~no snmp-server contact8 k: k. T7 t; j7 v/ P! c* l6 U
snmp-server enable traps snmp authentication linkup linkdown coldstart
2 B5 b7 D( ]/ @; Ocrypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac2 j* G7 [; {* B4 J+ n3 I8 ?
crypto dynamic-map outside_dyn_map 20 set pfs
) N* p+ y1 t( J4 A; Z8 E% Hcrypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
# \* M1 T: p( x& T* Gcrypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
7 O$ c$ w8 B% j' j- A" z( ~crypto map outside_map interface outside
9 A, H3 P) f/ F3 ]0 @6 c9 rcrypto isakmp enable outside
% f; P% n P- r* f7 ecrypto isakmp policy 10
( l9 M1 {) f$ e3 [4 q authentication pre-share5 Q$ l ^4 N* `2 R
encryption 3des0 Y9 h% M* p. e6 ~
hash sha
, U& f) x) w$ X+ Y9 H3 y group 2
& P' S9 g1 o/ `8 b lifetime 86400
7 x# M& \/ q8 P" [# Y& z. o# ctelnet timeout 51 U0 d8 o* |( u5 ^8 P& x
ssh timeout 5
5 A5 ~1 n, f, L/ [# C3 I/ V1 qconsole timeout 0- s0 W1 m% P$ h6 o& O1 ~+ f5 Z% L x
vpdn username cisco password ********* store-local
" ]# u! D2 S+ @8 i: b L+ H7 y- I& p0 i; n' U$ S
!$ M* D1 Y7 m3 f# U! x3 k, z( X+ S. F
class-map inspection_default
; D) ]% U4 N4 {2 n- M match default-inspection-traffic
" P% [5 ^& L5 b4 ?!
" J- O. O D' t {- c!9 U7 t7 ^4 b; A: X" c2 H! _, T
policy-map type inspect dns preset_dns_map0 a0 @9 m: v2 T. f
parameters
7 R- q& _$ W4 a. {# D. s message-length maximum 512
( v: n5 j o. ^) K" h& Qpolicy-map global_policy) d; M5 m8 X" u* [, R
class inspection_default
" _' f$ k4 q' w2 Z$ A7 o: c Z$ J inspect dns preset_dns_map3 h0 b3 ]( |6 N5 I5 V
inspect ftp* E% `$ s) r7 d$ J0 b* i9 d! c
inspect h323 h225
6 U: ]7 L' ]7 n inspect h323 ras
" r4 x. H F6 W" i& J/ ^& d inspect rsh
9 F; m; k5 f6 J7 d inspect rtsp
- i% `' j3 G4 x6 r inspect esmtp
, X- C, P9 e+ W3 d2 P0 i/ z inspect sqlnet- N. t, W' d7 X" a. l1 r
inspect skinny
; p5 b$ _/ i- N inspect sunrpc
- j. j, a/ n+ {; I7 j inspect xdmcp$ N6 U( E( @8 I$ Q) A$ m
inspect sip
% K% i9 w: i% }! o/ L. T inspect netbios7 Q& K! U5 t/ j$ O7 I6 _+ S
inspect tftp
4 w, o- a- Z/ L!
v8 g7 d7 A+ @( f- Wservice-policy global_policy global
4 g$ o A5 `( d7 B& H4 Ogroup-policy cisco internal
5 D2 q# I2 |, ]) H% }: @* U( C+ Qgroup-policy cisco attributes1 d% d6 i0 V( F# `. H8 Z
dns-server value 202.106.0.20
3 ^( M2 D3 |, u5 `+ a. t vpn-tunnel-protocol IPSec2 {( O5 |0 q& R/ C) E
username admin password eY/fQXw7Ure8Qrz7 encrypted privilege 0
( n* ^# B6 q' K. f( F+ ~0 gusername admin attributes
9 D4 r- x; A+ r$ N/ J p7 J: U# q vpn-group-policy cisco
5 b+ r" d' O, \5 C# Q: ^username cisco password 3USUcOPFUiMCO4Jk encrypted4 p# w- U% z" _; x/ B) T
tunnel-group cisco type ipsec-ra+ O, \1 \7 v% i% ^: G* v+ u" m; Z
tunnel-group cisco general-attributes
" }; b+ x! |. | o address-pool vpnpool
+ [1 ?' ?( o; b o5 i# O default-group-policy cisco) v0 {/ r$ L. D6 c8 N9 u
tunnel-group cisco ipsec-attributes1 r9 v/ a6 B: T3 u H9 r
pre-shared-key *7 F F. K% \( q. Y4 {
prompt hostname context
: k+ g8 Y9 s5 P+ D# D6 ICryptochecksum:5159e8065b74b0c99d69294325bc757d
" U/ Z% E2 W; m: end" A. Y: j8 f% ~8 t' W/ O
9 g& d9 Q4 y) W
7 G0 Y' s) ^* P* W配置完之后,远程客户端可以PING同内网,但是远程主机被分配的地址和被分配的网关一样,还上不了外网,谁能帮忙看看,谢谢了! |
|
所有IT类厂商认证考试题库下载
【新盟教育】2023最新华为HCIA全套视频合集【网工基础全覆盖】---国sir公开课合集
【新盟教育】网工小白必看的!2023最新版华为认证HCIA Datacom零基础全套实战课
原创_超融合自动化运维工具cvTools
重量级~~30多套JAVA就业班全套 视频教程(请尽快下载,链接失效后不补)
链接已失效【超过几百G】EVE 国内和国外镜像 全有了 百度群分享
某linux大佬,积累多年的电子书(约300本)
乾颐堂现任明教教主Python完整版
乾颐堂 教主技术进化论 2018-2019年 最新31-50期合集视频(各种最新技术杂谈视频)
Python学习视频 0起点视频 入门到项目实战篇 Python3.5.2视频教程 共847集 能学102天
约21套Python视频合集 核心基础视频教程(共310G,已压缩)
最新20180811录制 IT爱好者-清风羽毛 - 网络安全IPSec VPN实验指南视频教程
最新20180807录制EVE开机自启动虚拟路由器并桥接物理网卡充当思科路由器
[复制链接]
