ASA Version 7.0(8)
7 b, S4 n: U4 d" ]( e& `( L!4 _, [; y) h0 @' V& i9 Q8 m
hostname ciscoasa! \3 W, Q4 {8 f2 ?
domain-name default.domain.invalid" j) o9 I9 k4 L$ j9 z
enable password 8Ry2YjIyt7RRXU24 encrypted
5 B# o9 K, M/ e5 }# h2 m' e- Gpasswd 2KFQnbNIdI.2KYOU encrypted# L5 x6 {8 g `+ H# ]3 R
names3 e2 e3 E! V: V/ v/ r" e9 P
dns-guard$ g }: W1 `0 D* d8 F
!
* H4 v) V/ U' v. D: n0 q, i5 |interface Ethernet0/0
) ?/ t% |0 o' y% B- M o- V% ^ nameif inside
! w8 n/ o1 W& g2 Z' e. B: D security-level 100 A& B% n Q; W: O
ip address 192.168.0.1 255.255.255.0
6 Y/ z$ B [" D0 x% L$ g!2 U8 w' C. ^# u& l `) }3 P) `
interface Ethernet0/1, [- e4 X7 k* M V' u
nameif outside; `6 J5 h$ A& K8 G
security-level 04 E& |' J( c& f/ v0 N2 N; M7 s
ip address 222.178.X.X 255.255.255.252
+ d( o# u1 m4 F( ~: [) @9 C!
4 v# e, Y0 m9 v G! N' F9 _interface Ethernet0/2
% o, g5 ?, ]7 d" B3 T shutdown
5 ~9 o: [; h' g& Y& j5 [" f no nameif
* p) s' [. c2 ^& G no security-level
) r8 D# x' q- d P5 u }! f: U no ip address
5 t' q# H2 G" V; E- _!
6 s& W3 J4 Y! U! Rinterface Management0/0
5 E/ _3 B; s# k+ D2 X/ |- o nameif management3 S9 T( j& G1 ~! g) r2 M
security-level 100
9 j6 z) }0 \) W# H3 I ip address 192.168.1.1 255.255.255.0 7 t: m2 J( [/ @& f9 i5 x6 t
management-only9 p/ P1 d4 U0 i$ D! x4 k
!
8 _: b- g8 ^- }. b$ Zftp mode passive
( q3 t% p% Z4 v0 [# Nsame-security-traffic permit intra-interface
' @0 l6 B' a a0 caccess-list 111 extended permit ip any any * u" J, p+ ]4 O5 L
access-list no-nat extended permit ip 192.168.0.0 255.255.255.0 192.168.10.0 255.255.255.0
8 V" G, r$ k+ v4 M* I0 oaccess-list vpnclient_splitTunnelAcl standard permit 192.168.0.0 255.255.255.0
9 v1 q3 r5 Y3 ?; [* Z4 b1 Wpager lines 24
b' D% H, i" i9 W! Xlogging asdm informational
# P s2 M' j# }mtu inside 15009 y( s# ^! W- m+ M3 J5 W3 z
mtu outside 15000 ]1 ^! m: Q; \8 o
mtu management 1500- \- W3 Y8 E% k; W$ T
ip local pool vpnpool 192.168.10.100-192.168.10.199 mask 255.255.255.0: g" K& n# U d$ c f6 h# o0 E
asdm image disk0:/asdm-508.bin" F' d& b+ Y6 B K' `& q: k
no asdm history enable
5 v k9 h1 o" E6 [arp timeout 14400% W' o$ A3 o. O# b3 b6 }2 U
global (outside) 1 interface
6 x! ~! w# d0 J M! h- Z" v1 u/ vnat (inside) 0 access-list no-nat
8 Z9 h3 |- ^9 X4 snat (inside) 1 0.0.0.0 0.0.0.01 S4 @* U0 h$ \9 V/ w& t* j) [
static (inside,outside) tcp interface 5900 192.168.0.210 5900 netmask 255.255.255.255
) A7 ?2 O3 q* `1 n3 C @. U- Tstatic (inside,outside) tcp interface 1433 192.168.0.143 1433 netmask 255.255.255.255
9 w. B) _2 ~4 _% b9 W" |1 Ostatic (inside,outside) tcp interface 1434 192.168.0.143 1434 netmask 255.255.255.255
9 G0 J& _ k* _( }) Estatic (inside,outside) tcp interface 2425 192.168.0.143 2425 netmask 255.255.255.255 / M F4 n+ y% m: t, t. W
static (inside,outside) tcp interface 2426 192.168.0.143 2426 netmask 255.255.255.255 \/ O3 Q+ s. w- {/ G/ _; y9 f
static (inside,outside) tcp interface 2427 192.168.0.143 2427 netmask 255.255.255.255
: X! d4 Z, C/ y1 M' C- F4 Lstatic (inside,outside) tcp interface 2428 192.168.0.143 2428 netmask 255.255.255.255
/ I5 N4 a, ~ z- n4 h) D7 Nstatic (inside,outside) tcp interface 2429 192.168.0.143 2429 netmask 255.255.255.255
0 E/ R( m r. g! ] |3 y2 Mstatic (inside,outside) tcp interface 5800 192.168.0.210 5800 netmask 255.255.255.255 2 e/ Q! V8 k' C7 n
access-group 111 in interface outside
; D7 E3 B8 j( o3 W9 vroute outside 0.0.0.0 0.0.0.0 222.178.X.X 1
# m3 U3 h0 }* Y$ g7 etimeout xlate 3:00:003 A4 V+ J9 q, ]8 j0 U" t
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:027 L* L2 H# V" v7 _0 R3 o' G% ?3 P
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
0 F6 `( a2 q0 ?; S* N( j3 q! D2 Utimeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
4 K& X8 Z5 b+ `9 y3 A8 _timeout uauth 0:05:00 absolute: ~- Y# V& U' H
group-policy DfltGrpPolicy attributes
# I$ O+ B5 Q- ^5 R0 ~% s banner none
8 m) o# A6 N' }, a1 Q0 D* o( | wins-server none
: W4 u9 j: K5 x. ^7 S3 z dns-server none
# Y7 d: k/ Y7 p; m& }% C dhcp-network-scope none! O3 F& j$ E9 U6 b/ Y; Q
vpn-access-hours none2 O( w3 K9 O0 L8 i
vpn-simultaneous-logins 3; g" R( D! P& t x! A) ]) t
vpn-idle-timeout 30
0 V( p7 P6 w, [& R; e vpn-session-timeout none$ E/ b8 ?9 N- _
vpn-filter none" L( O- I' K. l V- e5 A6 ^
vpn-tunnel-protocol IPSec webvpn
) _ E: O; w; D password-storage disable
6 K: F$ |' k7 J( }" z# c ip-comp disable& g# m6 V" A8 Y7 b" b; U6 z
re-xauth disable
, o$ g( N* e* z) b( ? group-lock none
5 T/ c( d) f6 G9 [ pfs disable
) Y* G( t L. P$ w7 r! j ipsec-udp disable: h( q2 V+ ^5 `0 k0 [1 A
ipsec-udp-port 10000- V0 O; F( R& {1 g) X
split-tunnel-policy tunnelall
9 f8 u0 `& v9 C2 Y5 y split-tunnel-network-list none
$ d8 Y* @! ~: C, |% h1 q; a default-domain none/ E$ M, G; a. ~: R$ J6 a
split-dns none
3 p1 X5 Z- ~6 p/ h secure-unit-authentication disable
. ^, Y! X4 v1 ^6 c. K2 e user-authentication disable
/ Y4 ~, | `; ` H! r7 ]% h user-authentication-idle-timeout 30- I( F# U6 U) i% g
ip-phone-bypass disable) m) O( D6 g8 q! H5 D! U
leap-bypass disable
1 ]8 V0 ?9 v) z) I5 o* b. U nem disable' m3 x. X3 ]" v$ ?3 N
backup-servers keep-client-config4 B& g) N0 S4 @1 V+ ^/ Y, d
client-firewall none
& O! d) |' I5 x7 a client-access-rule none/ p9 ^8 u( @0 ?4 f$ F
webvpn2 b' F* h/ }1 A7 G X- A
functions url-entry2 W; }. n W7 @, b
port-forward-name value Application Access4 A* k7 K4 I, u4 p. w- G
group-policy vpnclient internal
! q0 u8 I9 b$ H6 rgroup-policy vpnclient attributes
. e M2 A( Y: S+ s, H dns-server value 61.128.128.67, S4 X8 U( i& Y- s1 d$ n
vpn-tunnel-protocol IPSec
" r9 J7 s8 e0 G8 z split-tunnel-policy tunnelspecified. S) i; r/ M9 V9 I, L; }
split-tunnel-network-list value vpnclient_splitTunnelAcl% X/ V! C6 u; n4 c$ x9 `: x6 y- a
webvpn
/ ~5 b* j0 i- t) w' i0 ^1 Q: u0 Nusername admin11 password 2oVCF4GkSvYRaajj encrypted
7 i( s1 ]; @9 M" Husername admin11 attributes2 f7 C0 g4 U- C
vpn-group-policy vpnclient7 w+ C2 s( R2 l! j& C5 b
webvpn
" K9 B5 V6 ]4 musername cisco password 3USUcOPFUiMCO4Jk encrypted privilege 15
' G+ X7 K. D$ A( j7 Iaaa authentication ssh console LOCAL : |, V y0 x! s7 ^8 F7 g
aaa authentication enable console LOCAL
3 C. C% o) v _1 }2 T$ s4 Xaaa authentication http console LOCAL
. l+ [! E1 n9 ?5 H, zaaa authentication serial console LOCAL
, H7 j w) k& N, K- ]& @aaa authentication telnet console LOCAL ) c$ A( y- K, P+ P
http server enable1 j, e- C6 U1 f/ O: Y: v) @
http 192.168.0.0 255.255.255.0 inside1 ^' y9 \0 O2 Z D+ m! s* T
http 0.0.0.0 0.0.0.0 inside; k4 o: Z" S# U2 O, Q
http 0.0.0.0 0.0.0.0 outside; v U+ s [' `: G( r
http 192.168.1.0 255.255.255.0 management& G* O3 ^/ y! _% _7 A! ]( Y( `
no snmp-server location
$ ?8 l5 n( ]; |0 |no snmp-server contact
0 J' ?7 Q# t. P( \snmp-server enable traps snmp authentication linkup linkdown coldstart. z% u5 [/ A$ T+ w
crypto ipsec transform-set vpnset esp-des esp-md5-hmac
, ^8 u: R( s4 O k$ Mcrypto ipsec security-association lifetime seconds 28800 F0 F% W+ U( `
crypto ipsec security-association lifetime kilobytes 4608000
" f* A! \2 ], w% Ncrypto dynamic-map outside-dyn-map 10 set transform-set vpnset
& f4 s* c/ B) N$ Q) J a, Tcrypto dynamic-map outside-dyn-map 10 set security-association lifetime seconds 288000- b9 Z* Z( U1 W# V. ~
crypto dynamic-map outside-dyn-map 10 set security-association lifetime kilobytes 4608000- ^4 U3 j7 a5 A, H
crypto dynamic-map outside-dyn-map 10 set reverse-route
# z- e. c L d6 R. mcrypto map outside_map 65535 set security-association lifetime seconds 28800/ H3 E& f4 w+ v
crypto map outside_map 65535 set security-association lifetime kilobytes 4608000- Q' |6 P5 r3 ]% ]' [- Q# |
crypto map ESP-DES-MD5 20 set security-association lifetime seconds 288009 |4 Z5 k9 l2 G. g; \; d
crypto map ESP-DES-MD5 20 set security-association lifetime kilobytes 46080005 z+ i- v4 a1 w4 p& x# x
crypto map mymap 10 set security-association lifetime seconds 28800 X- A: S, T& v3 \2 q
crypto map mymap 10 set security-association lifetime kilobytes 4608000
! J/ W8 G# \, F1 Mcrypto map outside-map 10 ipsec-isakmp dynamic outside-dyn-map& p( l4 q$ C9 j% e: ]/ o1 [
crypto map outside-map interface outside5 E( B* ]9 e; A4 |7 [
isakmp identity address 5 h! Q9 x7 H, B! \' L, Y
isakmp enable outside. G! {' W6 t) V) L
isakmp policy 1 authentication pre-share
1 `, A8 H# t6 ?+ ?4 ^3 ~% Yisakmp policy 1 encryption des1 {1 g* H! o+ d/ R9 o2 x# G
isakmp policy 1 hash md55 C7 v+ I7 d$ |$ R. `
isakmp policy 1 group 2
4 f; v& _# Z$ N) aisakmp policy 1 lifetime 86400
B1 a* J. I# Y- kisakmp nat-traversal 20
( f& u/ x9 K& N' b, K3 htunnel-group DefaultL2LGroup ipsec-attributes
+ z" s, l" ^6 s' ~ pre-shared-key *
0 h4 h+ w$ E) r6 Q L& Ttunnel-group vpnclient type ipsec-ra& ?& T$ R0 T" s
tunnel-group vpnclient general-attributes
2 p7 @3 h, u9 ^' j, x. ]! i address-pool vpnpool
; U; E! v( L( q8 B default-group-policy vpnclient- p6 r. E0 D/ C* f) V) u1 v
tunnel-group vpnclient ipsec-attributes
0 k6 A- Y9 R% B0 [1 Q pre-shared-key *
# t7 U6 C( g) ?( r* y7 htunnel-group-map default-group cisco
( H- @- R7 v( i& g$ ]! b' W* _telnet 192.168.0.0 255.255.255.0 inside
, t, r9 V: E/ w7 i$ \2 s [telnet timeout 5, ^% f* b4 ?2 z# ~7 ~ Z" \
ssh 0.0.0.0 0.0.0.0 inside
! R( Y b& F9 e8 R" P7 c! l$ mssh 0.0.0.0 0.0.0.0 outside" Y8 }" O" x2 y# j; u6 C
ssh timeout 60% l- N# f6 t0 \: X
console timeout 0
6 h( L8 X& p/ [* |, Z3 U1 V' r0 mdhcpd address 192.168.0.2-192.168.0.254 inside' E% r4 Z. G9 m9 M, o4 H
dhcpd address 192.168.1.2-192.168.1.254 management
$ `) H8 L# d' ]. o! u# [8 Bdhcpd dns 61.128.128.68 61.128.192.68
- \8 z; f6 X5 T$ s0 ldhcpd lease 3600/ K6 H6 X3 m; s/ A# p! q: `
dhcpd ping_timeout 50
( p. J5 ^% t4 V) Fdhcpd enable inside
9 b* E% @9 Z7 a5 B" W: L! edhcpd enable management
5 z/ F: n3 D. c7 |- v1 ?!. L8 c/ r+ k( r# s1 r( w, ]: {
class-map inspection_default, d: L* _8 T1 c4 K
match default-inspection-traffic( U x2 S, J! L# D; X
!4 S8 g8 H+ X4 k6 L2 A
!. n; j1 A# f T
policy-map global_policy" p/ Z2 J/ v/ M4 Z
class inspection_default
& M2 k. `3 O; q+ i5 C inspect dns maximum-length 512 % m; ]2 d' r; U+ {
inspect ftp 5 e* `/ i& p* ]
inspect h323 h225
3 s: z- u* }6 k B' l inspect h323 ras
9 X+ ?, n. `4 A& a+ W8 R inspect rsh
; q/ b7 T; Q. K. |- h" `3 Q B inspect rtsp $ R) b$ h: T) N1 H" @! |" K1 N5 x! j" Z
inspect esmtp t% o; L8 T. y7 T' V
inspect sqlnet 2 @+ p* z9 e. J
inspect skinny
9 Y. q" `( v' z- I+ Z inspect sunrpc ?- v: u3 f# ^# V: e0 ~+ E- n2 l5 L8 I; S
inspect xdmcp
- u) {. g* q! A4 z* u inspect sip 3 Q9 q! h3 k6 D
inspect netbios 6 @! e v+ {, J. |
inspect tftp
8 B/ G* F1 C8 K! r( S! g!, C9 K- p/ L0 Y" z" g. A
service-policy global_policy global
% R" A, {3 s; U- |, Gclient-update enable$ {- K, V: p$ N; o
Cryptochecksum:aef2b202fd891d6f72ef70a222d07ad7; D c# e6 @1 ?) B3 ^$ V* f! T6 v
: end
g; E0 S7 {" n) b v- h4 O* L7 {9 ]# g" z6 m
请问下楼上的师傅QQ号是多少. 能否找你私下聊一下, 主要就是这个VPN的问题个. |
所有IT类厂商认证考试题库下载
【新盟教育】2023最新华为HCIA全套视频合集【网工基础全覆盖】---国sir公开课合集
【新盟教育】网工小白必看的!2023最新版华为认证HCIA Datacom零基础全套实战课
原创_超融合自动化运维工具cvTools
重量级~~30多套JAVA就业班全套 视频教程(请尽快下载,链接失效后不补)
链接已失效【超过几百G】EVE 国内和国外镜像 全有了 百度群分享
某linux大佬,积累多年的电子书(约300本)
乾颐堂现任明教教主Python完整版
乾颐堂 教主技术进化论 2018-2019年 最新31-50期合集视频(各种最新技术杂谈视频)
Python学习视频 0起点视频 入门到项目实战篇 Python3.5.2视频教程 共847集 能学102天
约21套Python视频合集 核心基础视频教程(共310G,已压缩)
最新20180811录制 IT爱好者-清风羽毛 - 网络安全IPSec VPN实验指南视频教程
最新20180807录制EVE开机自启动虚拟路由器并桥接物理网卡充当思科路由器
