小弟能力有限确实是无能为力了,各位高手帮看看是撒问题..........
! T0 q6 G# O4 X& h+ W. @8 h现在防火墙放在ISP和路由之间,走的透明模式,现在只要一接上防火墙,内网用户发不出去邮件,外网访问内网流媒体服务器也很卡,拿掉防火墙就都好了,是撒问题啊?
5 o, R( v* o3 o, T% t$ D下面见配(目前基本没做什么策略)% {+ ^" C- `- n9 n4 ?
ciscoasa(config)# sh ru4 z4 x. F; B- c* s* D. [
: Saved
- t/ \# i2 ~% f2 I5 y3 V/ R* N:0 u; H( L L0 v1 z. V( M
ASA Version 8.2(5); T3 N! j8 `" R3 g" n& u/ O
!" F" a- i" m# H c' I" F2 M
firewall transparent
4 {+ h* }. b( shostname ciscoasa
) O7 T6 S) w) S2 @+ J# ?enable password 4uHyfCVszlSrDQ1P encrypted: l- e4 [+ c6 w4 e: a, l, d
passwd 4uHyfCVszlSrDQ1P encrypted
) W m/ S, D, A' B- unames) D# B, [+ s! V O6 |& a
!
9 V7 t* } L; {7 t. c7 S2 v$ N3 B4 c) binterface Ethernet0/07 L1 A# c- T2 Z
nameif outside& f- f. v+ ~* g9 w9 }
security-level 0
7 K& s! U: l3 W( q# Y2 C R!+ n2 h1 ]8 I4 |7 u% G
interface Ethernet0/13 C. |' I; y3 Q7 f5 C& O4 T
nameif inside, P: D" A% J, F8 d
security-level 100
5 I, c9 K& J( s; {7 @# @!( I$ z0 |$ U+ ]; m3 x5 @
interface Ethernet0/28 U, i" d5 z. R
shutdown
( \ G! G; ~% c% D/ dno nameif
& L0 F9 ~ V5 o- \8 r! J2 Eno security-level2 I' j0 e. \6 k- K, y
! S' a& d# ]) f1 }
interface Ethernet0/3: w0 a1 ^; x9 Z3 M* D H
shutdown2 S' Q" B6 }' @+ g& B
no nameif' q: k; H# A) [
no security-level
: `+ |% N% Y# F/ l% n!* S, V2 ]4 e( N& g
interface Management0/00 z( X4 d; W- u6 |5 p2 U: N
shutdown
1 x; D# M8 [- o! w7 P7 G+ |no nameif6 Z2 W: G5 D8 c! ?! x, U
no security-level- _( V3 g/ j Q
management-only. H/ G# N: t3 F0 F- _, x/ @: j
!+ g. i. l# B# d
ftp mode passive
( ~: k- h; u5 x2 m! Gsame-security-traffic permit inter-interface
7 }9 w- I0 \$ vaccess-list permit_any extended permit icmp any any5 g! x& k, Z( Q* l# V3 L2 c3 M
access-list permit_any extended permit ip any any
( c# X6 y3 y8 \3 F. m) l8 o/ y$ yaccess-list permit_any extended permit tcp any any: U8 W8 s, E6 Q2 \' a6 t/ M( q
access-list permit_any extended permit udp any any
6 ?5 z6 ^4 m: t+ J9 S spager lines 24
H, ]( g- L6 g) u' Llogging enable8 O9 f" O5 g; @
mtu outside 1500) D5 _- n/ A+ b' m* D8 l
mtu inside 1500
" E5 \8 J0 y6 G3 W0 m5 ~$ i; S6 {8 \/ ?ip address 61.190.19.174 255.255.255.252
. M. Z3 W9 |8 y5 N7 dicmp unreachable rate-limit 1 burst-size 1
1 k# l/ ?( \9 fno asdm history enable* K/ t# x, z4 \/ X/ H
arp timeout 14400
2 o3 s8 q: f6 l& z, J: D$ taccess-group permit_any in interface outside
* g& ~, u9 b8 {( Yaccess-group permit_any in interface inside
. g( F6 E# k) u2 W: Nroute outside 0.0.0.0 0.0.0.0 61.190.19.173 1
8 k4 U+ {- x( ~5 l% u6 htimeout xlate 3:00:00
9 M M+ @* \. P% ?* |timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
5 }2 F$ ~' v0 d2 ftimeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
) N- ~& z" V M5 H) y, ltimeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
7 m" {/ r! z; `3 V' b; s: V1 Etimeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute" V$ n; E$ f* V* s) M! x) \
timeout tcp-proxy-reassembly 0:01:00
f x( {3 J3 Y7 `6 Ktimeout floating-conn 0:00:00
- [6 L) S' d7 _dynamic-access-policy-record DfltAccessPolicy
r, d( b2 g5 ^aaa authentication telnet console LOCAL
+ X' p& H" n" v7 p) s1 u. W! Oaaa authentication enable console LOCAL$ \) ]( ~: b7 l1 Z( d! R7 @9 e
aaa authentication ssh console LOCAL
. c# N( v. A. V) n; Thttp server enable; P* F+ u" X8 a7 v$ a; b: i
http 0.0.0.0 0.0.0.0 inside
6 D3 h6 m; U* h* chttp 0.0.0.0 0.0.0.0 outside0 x" @0 z4 [) i/ O5 o
no snmp-server location
& G. ]" L1 t. X+ Z, \7 |' R8 k! d6 z8 _no snmp-server contact8 c" P* S w" x: O, Y
snmp-server enable traps snmp authentication linkup linkdown coldstart) C, y9 G& P2 {9 H
crypto ipsec security-association lifetime seconds 28800( S8 \# x& }5 ]3 |
crypto ipsec security-association lifetime kilobytes 4608000) B3 K4 E, o4 m6 d N7 p
crypto ca trustpoint _SmartCallHome_ServerCA. c6 b. i& `6 m' P. {
crl configure7 l3 U$ I; l; P& r/ W' x6 l5 m( _
telnet 0.0.0.0 0.0.0.0 outside
% z! B7 C2 W, u/ v5 @9 ? C( ~& [telnet 0.0.0.0 0.0.0.0 inside( I, |& j, b+ [7 ]$ C2 x9 |8 m8 F* V
telnet timeout 20
4 J. a# j" x/ _) j5 Qssh 0.0.0.0 0.0.0.0 outside
' Z" |$ C) E. I0 U. d. \' V9 kssh 0.0.0.0 0.0.0.0 inside* s+ ]( X: u8 y0 s
ssh timeout 5
& n F: d% @. |9 s. K0 \, m! nconsole timeout 0
$ g6 j* Q, t4 P2 _7 s7 `threat-detection basic-threat
6 B$ G( h, D: S% D9 @threat-detection statistics access-list# Z4 d% t5 w5 v- |! ]7 y' D+ S
no threat-detection statistics tcp-intercept& D, S5 C4 J. `7 T
username yiyuan password LMCU1xfIRj0W/7rs encrypted privilege 158 o! C' h# N+ Z. r
!: s: [' T+ D& {, F' L
class-map inspection_default7 k# W ]4 [7 v6 V4 K
match default-inspection-traffic3 _: _0 ]& r. S$ w2 a" V
!# R4 K" p6 f' Y
!" k& J+ r# m2 q/ D& }
policy-map type inspect dns preset_dns_map+ n7 g0 X7 E. Z4 g+ W
parameters/ P* Y4 j9 f- H4 R; Z' X8 n/ u8 |
message-length maximum client auto
# z" e P/ t5 q' P n message-length maximum 512+ J9 [; j% U' K* I% C2 P
policy-map global_policy
. L& v0 H$ A+ q6 p1 z) Dclass inspection_default) @: _5 `' w9 {; E h" Z8 C/ h C
inspect dns preset_dns_map% i8 _! z% v9 T! x: P3 `
inspect ftp0 X9 C' |: Y' W) L- B
inspect h323 h2250 K. V+ w \7 c: `! `- R- Z
inspect h323 ras
: L( A! p8 z) r" |% R inspect rsh7 x4 ^+ s8 ?6 ~" @( q& ~& ~
inspect rtsp
" R& L! H/ E2 f& n- g# Q inspect esmtp: _2 F- J( H, z7 {* h
inspect sqlnet. I4 b+ r& {; W" l, k; {
inspect skinny
2 s9 X6 m' L# ?# d2 X/ ~' K. [9 B inspect sunrpc* i, j& p6 ?5 F, f) `5 G2 z' h* T0 w
inspect xdmcp! z6 i, C# X) \+ h6 S! n
inspect sip
+ ~& \6 Q- [) [- F inspect netbios. h+ T1 o* V0 ?5 p
inspect tftp# c t" i8 T9 S' M/ x0 F- a! K
inspect ip-options
( w* G7 K3 t- Y/ u!' t; Y- Q3 s# l" ^
service-policy global_policy global
3 ]1 z4 j" C( j& W+ |prompt hostname context
* F5 n; f+ K$ z: q, o0 y" V1 W+ w' fcall-home reporting anonymous8 M1 e: T' D \9 ?- Q! a5 ^! t
Cryptochecksum:d7c36b8c45b6efda1ff90d96a8c888376 x2 @$ M- z! |) G
: end1 o5 l) {+ }! Q3 h* [6 K6 M2 Q
ciscoasa(config)#1 |
|
所有IT类厂商认证考试题库下载
【新盟教育】2023最新华为HCIA全套视频合集【网工基础全覆盖】---国sir公开课合集
【新盟教育】网工小白必看的!2023最新版华为认证HCIA Datacom零基础全套实战课
原创_超融合自动化运维工具cvTools
重量级~~30多套JAVA就业班全套 视频教程(请尽快下载,链接失效后不补)
链接已失效【超过几百G】EVE 国内和国外镜像 全有了 百度群分享
某linux大佬,积累多年的电子书(约300本)
乾颐堂现任明教教主Python完整版
乾颐堂 教主技术进化论 2018-2019年 最新31-50期合集视频(各种最新技术杂谈视频)
Python学习视频 0起点视频 入门到项目实战篇 Python3.5.2视频教程 共847集 能学102天
约21套Python视频合集 核心基础视频教程(共310G,已压缩)
最新20180811录制 IT爱好者-清风羽毛 - 网络安全IPSec VPN实验指南视频教程
最新20180807录制EVE开机自启动虚拟路由器并桥接物理网卡充当思科路由器
[复制链接]
