ASA Version 7.0(8)
9 J8 ?' M6 y+ l f6 F!6 x3 [" g' Q/ Y; @, I" ?
hostname ciscoasa- K4 w% S3 [9 Y0 w3 [
domain-name default.domain.invalid
. j! M3 f9 b' ]$ n# n$ P7 Nenable password 8Ry2YjIyt7RRXU24 encrypted1 B. k. \ N# C
passwd 2KFQnbNIdI.2KYOU encrypted
' G6 r/ ~/ z3 e; ^" N1 Qnames8 m9 H- C, ]" P- ^
dns-guard* c+ a& ~7 J3 d
!
9 w1 f- K( h0 C3 ^( M8 ~ N5 @interface Ethernet0/0
l8 G+ y& ^( k4 [+ l# R* C8 r* v nameif inside0 G7 B# d( w! y/ P/ X, W& L$ [. d# r
security-level 100/ M9 B% G: W u8 A7 @" g
ip address 192.168.0.1 255.255.255.0 0 o+ u+ S6 b+ T3 W
!
5 [: K, z9 ?' minterface Ethernet0/1
+ \# F6 y1 r' a* m+ {/ k( \- t nameif outside
8 ?# K3 x/ G0 X4 B7 o security-level 0' p6 Y" `' W* u9 m% v; E
ip address 222.178.X.X 255.255.255.252
8 q* @ ]# K% U" H! a4 ]!
- K0 Z5 i9 q! M6 h9 f! Uinterface Ethernet0/2
& o% o1 I# I0 b shutdown0 U4 G3 E+ v/ n2 T Z" a
no nameif
1 L- E' v; |: s+ a7 s* l d* d2 H: l no security-level
0 d4 [3 L* B0 s$ i no ip address
* ]. i4 ]8 l& d9 z; A!+ P0 z; x2 s% e* Y
interface Management0/0+ W, q8 W9 i$ W7 A
nameif management& {7 j4 R. S2 P! q
security-level 100
1 m* G% e, S G# U! F ip address 192.168.1.1 255.255.255.0 ) Q, E; @) ?. j' [
management-only3 B6 O9 `- g; K3 s# t8 B V
!
8 U* K3 l' J" l# P/ y" E& rftp mode passive
8 B6 A, v* U( a0 Y6 q: B+ _9 zsame-security-traffic permit intra-interface
q: M) Y- D3 Z; m4 caccess-list 111 extended permit ip any any - y1 h+ n) z; k- O3 L
access-list no-nat extended permit ip 192.168.0.0 255.255.255.0 192.168.10.0 255.255.255.0
' ^7 C2 V* X' ]' `9 H/ o7 Y- baccess-list vpnclient_splitTunnelAcl standard permit 192.168.0.0 255.255.255.0
" T% C- J# S" v8 {pager lines 24
) u/ U) s/ K/ W/ y. m# r; I, blogging asdm informational
; I6 }+ E5 E/ u \3 e1 t3 b8 v+ ^mtu inside 1500
$ Z4 B' f: p; e& v% }mtu outside 15004 P3 q. ]* E3 ?- i; {% n
mtu management 15006 C3 S' d1 W- V+ z. a
ip local pool vpnpool 192.168.10.100-192.168.10.199 mask 255.255.255.0
& j) H) I8 l# f# pasdm image disk0:/asdm-508.bin
; v* `$ L1 J9 u$ t$ u' `% kno asdm history enable
" f1 d8 i' x q G( E! ^# Z! w) T0 varp timeout 14400
0 `- j9 m* R; k+ w' o. @. v7 {global (outside) 1 interface& I% V3 C1 \( c, K4 y
nat (inside) 0 access-list no-nat
1 j! c; Z) P4 i/ {+ U8 g4 d; ]# h( Gnat (inside) 1 0.0.0.0 0.0.0.0; g# @0 h# Q8 D2 Q0 O
static (inside,outside) tcp interface 5900 192.168.0.210 5900 netmask 255.255.255.255
' `/ D! ?* E! Nstatic (inside,outside) tcp interface 1433 192.168.0.143 1433 netmask 255.255.255.255
; @* X8 i3 u" W6 Kstatic (inside,outside) tcp interface 1434 192.168.0.143 1434 netmask 255.255.255.255
* K y: a# k$ e! S% ], wstatic (inside,outside) tcp interface 2425 192.168.0.143 2425 netmask 255.255.255.255 ; }* t) ~$ w+ Y6 b& V
static (inside,outside) tcp interface 2426 192.168.0.143 2426 netmask 255.255.255.255 2 q, K' Y: |6 N$ e
static (inside,outside) tcp interface 2427 192.168.0.143 2427 netmask 255.255.255.255 4 a& b; V4 b7 M: k' y6 t
static (inside,outside) tcp interface 2428 192.168.0.143 2428 netmask 255.255.255.255 ! g& i$ c+ E4 N' o
static (inside,outside) tcp interface 2429 192.168.0.143 2429 netmask 255.255.255.255
. r( f- Z9 ]- F* T+ _1 Ostatic (inside,outside) tcp interface 5800 192.168.0.210 5800 netmask 255.255.255.255 ' j L7 g4 }9 D4 x* p
access-group 111 in interface outside) D, Q8 E# n% X: o Z
route outside 0.0.0.0 0.0.0.0 222.178.X.X 10 V$ B; Z* X, U) O$ I' Y! h5 j
timeout xlate 3:00:000 X! j# s5 u$ G G, j" E, q" u
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:028 Z, A1 h& b/ I+ }# w, B+ m5 a- }
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 z: a: k1 e3 X
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:001 c2 g( J7 B6 s9 L, ` }% _" A
timeout uauth 0:05:00 absolute- _4 {, V) ^& {/ S( z, O" f. D
group-policy DfltGrpPolicy attributes. N- @- |* ?0 e
banner none
7 [& a* `+ A* z4 n7 ^& s6 {# _ wins-server none% @$ ?, C# s! G3 \
dns-server none
9 A3 x0 j5 n( Y dhcp-network-scope none
! g% n7 T8 t' N' C/ z( @ vpn-access-hours none8 g% D" g) o8 j5 R
vpn-simultaneous-logins 3# e8 N7 Q# Q3 ~9 W8 j
vpn-idle-timeout 30
0 ~! a1 \% H- {. J1 W vpn-session-timeout none, \8 t5 h$ { @6 R) l- E7 o
vpn-filter none
4 N8 e. k# p2 a" B+ o vpn-tunnel-protocol IPSec webvpn- D# @) z2 c. }: R( A! O
password-storage disable
; u4 O- V7 [8 M* y. x$ z& l/ Z ip-comp disable$ c8 c2 x: z2 h1 b
re-xauth disable
# |4 Y' H9 L' f5 @3 z group-lock none
) I. \2 t q- j# p6 Q9 D pfs disable9 E7 n. H, x$ ?: U; G0 [3 |7 M
ipsec-udp disable
- [! L3 n- ?" r$ J3 G& m ipsec-udp-port 100001 P' i5 P G( [$ W3 _
split-tunnel-policy tunnelall
2 X, t! J% N% C: f! u/ G. t split-tunnel-network-list none
+ y5 ?9 S" Q1 m' ~! _ default-domain none; a% g+ _4 ^$ n. W
split-dns none
W; ~. }3 K$ d/ c8 @ secure-unit-authentication disable
* q: D4 j* ^- o4 O2 i* } user-authentication disable) w" v4 k1 P. j! [# I. ?9 ~
user-authentication-idle-timeout 30% k* }- n+ }# `; h
ip-phone-bypass disable
! h. W- K" N, W, |/ Y leap-bypass disable$ r/ m; `# _+ L2 `
nem disable3 R2 t# t' x, j% i6 J
backup-servers keep-client-config
( P3 _& l4 k" B% b" f: a& D client-firewall none
0 X* c. _0 O$ n3 Y8 ] client-access-rule none
5 V- z" ?% |2 i! i, m webvpn
/ i3 Y7 W' Y- G7 ]8 x2 f: Q% R/ C functions url-entry# l# {- ?. x% U1 g5 x3 z
port-forward-name value Application Access
+ U( m& m* y( t, Dgroup-policy vpnclient internal
0 U2 v% U1 G) F; M6 xgroup-policy vpnclient attributes' `+ i: F! w! q6 R3 g) J) J
dns-server value 61.128.128.67
$ ]$ T j& H- ?2 U+ }- R vpn-tunnel-protocol IPSec
" ?1 }7 L9 K6 G5 l split-tunnel-policy tunnelspecified# a1 B+ `$ b. U8 g4 C5 Z; K
split-tunnel-network-list value vpnclient_splitTunnelAcl
) C" N" [& P3 Z% G [, E( k webvpn( }$ ` P# Y( V6 o
username admin11 password 2oVCF4GkSvYRaajj encrypted5 d! o7 N5 ]1 x
username admin11 attributes8 M+ q3 m! v" h& K! E
vpn-group-policy vpnclient
3 n Q) k A% J: \4 H- ^$ y webvpn7 J6 ?1 l3 Z; e& X1 O
username cisco password 3USUcOPFUiMCO4Jk encrypted privilege 15
: a7 l! X/ s! j Laaa authentication ssh console LOCAL
( H9 U$ s3 k8 T' W5 f0 }- p; Qaaa authentication enable console LOCAL 4 y9 p3 O% n: w1 @( s
aaa authentication http console LOCAL
" B: u7 T( r& \( n5 N7 yaaa authentication serial console LOCAL
# Y( \, |$ V$ V) e) Xaaa authentication telnet console LOCAL
1 g ]( g) w& a- l+ p2 z' C+ z* Ohttp server enable
7 z( l" ^. u8 ]# p$ x/ Phttp 192.168.0.0 255.255.255.0 inside& O q S7 K0 B/ ~! h
http 0.0.0.0 0.0.0.0 inside
' n1 \$ e. i& G' M' G* O, L* ]* thttp 0.0.0.0 0.0.0.0 outside
* @' p! n$ d( v% d7 N" }- shttp 192.168.1.0 255.255.255.0 management
- Y: ~, @' ?! E' qno snmp-server location9 a4 D- \$ [5 Q7 O+ J5 V" ?
no snmp-server contact3 V1 O v3 n9 ~/ |* L5 j
snmp-server enable traps snmp authentication linkup linkdown coldstart
& p6 M% `" u$ H% T! pcrypto ipsec transform-set vpnset esp-des esp-md5-hmac 6 J2 N. @7 L0 |& \3 H
crypto ipsec security-association lifetime seconds 288003 [4 K8 C0 }% Z, @/ o4 W! q! ?
crypto ipsec security-association lifetime kilobytes 4608000
3 t- G/ O5 J1 W! Pcrypto dynamic-map outside-dyn-map 10 set transform-set vpnset
% J# E- f) y$ _crypto dynamic-map outside-dyn-map 10 set security-association lifetime seconds 288000
( a7 \; i$ c; I1 ?5 I' e+ _' icrypto dynamic-map outside-dyn-map 10 set security-association lifetime kilobytes 4608000& a2 a* B% g3 u$ m9 ^0 O
crypto dynamic-map outside-dyn-map 10 set reverse-route2 v* F; T/ P9 r" n8 o! a3 b- F5 m
crypto map outside_map 65535 set security-association lifetime seconds 28800
; w Z. ~" ?* F1 g7 e/ Z" Scrypto map outside_map 65535 set security-association lifetime kilobytes 4608000( [ g1 g) @3 n8 {
crypto map ESP-DES-MD5 20 set security-association lifetime seconds 28800
% X5 O0 s7 ^5 [* i% Jcrypto map ESP-DES-MD5 20 set security-association lifetime kilobytes 4608000
6 m% N' o& @7 g- ccrypto map mymap 10 set security-association lifetime seconds 28800
% }9 X! M3 N" vcrypto map mymap 10 set security-association lifetime kilobytes 46080005 \& f G' e" w5 C; ?+ V. c
crypto map outside-map 10 ipsec-isakmp dynamic outside-dyn-map, u. i9 p Q5 C2 [) ?* a" h
crypto map outside-map interface outside" J# }1 C- v" }3 ^' d, p
isakmp identity address Z* O' V9 l! S# V
isakmp enable outside# Z- p' X8 x5 L1 }* j. j, Q
isakmp policy 1 authentication pre-share
5 s# k& A9 x" G$ Sisakmp policy 1 encryption des0 u! g. A% }7 _: z( N1 S0 W
isakmp policy 1 hash md5
& t3 o7 v, R' G& B7 c) gisakmp policy 1 group 26 f" X5 h$ [$ y! F1 x+ g
isakmp policy 1 lifetime 86400. `2 j2 Y1 p3 T, q4 y1 D9 V/ b
isakmp nat-traversal 20
0 D* J8 q' p( K. r* s c/ ~tunnel-group DefaultL2LGroup ipsec-attributes7 I k7 e5 T; ]* Y9 s
pre-shared-key *- t5 |/ L+ d! E. L( {( Q1 ^& B
tunnel-group vpnclient type ipsec-ra
; X: K- m' V' t% _tunnel-group vpnclient general-attributes# t+ U, h9 M0 H. `- D2 k- Z6 B* g7 l
address-pool vpnpool0 F. C2 } l) ^) d+ D7 b6 ?$ n% l
default-group-policy vpnclient
# V% r. R$ T% R5 l: A/ H, Ytunnel-group vpnclient ipsec-attributes% q' B8 e3 A I; R x- W% B+ Z
pre-shared-key *2 T$ {# r5 p5 d' e- s+ |
tunnel-group-map default-group cisco* N- z g9 A9 Q( a) `1 i% `
telnet 192.168.0.0 255.255.255.0 inside6 o7 L$ O* G* ~- }
telnet timeout 5
: U: l* ^. J f+ [5 B4 V/ j# h8 @5 }6 assh 0.0.0.0 0.0.0.0 inside
7 {5 ^* a1 g8 ]9 W# tssh 0.0.0.0 0.0.0.0 outside& j- |/ V& s1 T% u5 b( B' R
ssh timeout 609 Y) E+ l0 |( n9 c
console timeout 0
- v6 z1 U9 {* w2 `$ Edhcpd address 192.168.0.2-192.168.0.254 inside* t5 p, Y% N I4 Q5 {8 G
dhcpd address 192.168.1.2-192.168.1.254 management! Q% F7 C; P+ [# F) {
dhcpd dns 61.128.128.68 61.128.192.68, g& {, L6 b1 m2 R4 A
dhcpd lease 3600
/ K5 i" S* p9 b5 f K- a, Rdhcpd ping_timeout 50
, P" \; Y$ z# _dhcpd enable inside# p2 b3 ^$ @. g
dhcpd enable management
, O3 P m! o' n' b!9 |$ b7 t& W0 u* |6 v/ |* R! F0 j
class-map inspection_default" F' n& \3 K5 f; G
match default-inspection-traffic
. z/ a+ x( J. \% }7 B% t2 p!( v' f8 u4 w3 \3 e% U& o/ o* q0 l
!5 B7 Y/ `3 Y- P) C' T
policy-map global_policy8 d$ G* a; W( f
class inspection_default2 S, T& [* o. b p; s6 q1 g, ?
inspect dns maximum-length 512 * T7 R. [0 d# ^* ^1 _+ t
inspect ftp ( w" F8 y/ I6 G: M
inspect h323 h225 ! q* \4 L* {7 m( Y. e) t$ @/ `
inspect h323 ras ' g0 z5 S1 ? M/ H0 y( b2 h
inspect rsh * T- d; V' ~& y% L) A0 O9 f5 m: j
inspect rtsp
9 m) e3 W ^) {' V3 z2 q inspect esmtp
& c3 ~' d8 @) E9 \* Q" T8 N0 A inspect sqlnet
/ s6 q1 C$ W5 _" g inspect skinny " h4 Z# @; ?# _2 X" F
inspect sunrpc * S; S4 w& [- w# O2 D! m9 i
inspect xdmcp
6 A }5 q9 S0 _, H9 Y2 D. Q# J inspect sip
5 p4 p r. M) F+ @- `$ M! n' ] inspect netbios
9 v- {' u8 h; g" p; C% U6 E inspect tftp ( `# O! C: u. l' Y. I
!. L: Q: ]* ^9 w" m/ m! W0 @& E
service-policy global_policy global9 `4 ^, p1 R9 ?) p
client-update enable2 m+ Z! i9 @+ k$ p% ^
Cryptochecksum:aef2b202fd891d6f72ef70a222d07ad7
( f, r* q9 K) h6 r8 _! `/ N: end& e1 x/ J9 `5 ^% ?" f8 S: H* |
* ?4 E: p! k6 l) E+ y+ ]
请问下楼上的师傅QQ号是多少. 能否找你私下聊一下, 主要就是这个VPN的问题个. |
所有IT类厂商认证考试题库下载
【新盟教育】2023最新华为HCIA全套视频合集【网工基础全覆盖】---国sir公开课合集
【新盟教育】网工小白必看的!2023最新版华为认证HCIA Datacom零基础全套实战课
原创_超融合自动化运维工具cvTools
重量级~~30多套JAVA就业班全套 视频教程(请尽快下载,链接失效后不补)
链接已失效【超过几百G】EVE 国内和国外镜像 全有了 百度群分享
某linux大佬,积累多年的电子书(约300本)
乾颐堂现任明教教主Python完整版
乾颐堂 教主技术进化论 2018-2019年 最新31-50期合集视频(各种最新技术杂谈视频)
Python学习视频 0起点视频 入门到项目实战篇 Python3.5.2视频教程 共847集 能学102天
约21套Python视频合集 核心基础视频教程(共310G,已压缩)
最新20180811录制 IT爱好者-清风羽毛 - 网络安全IPSec VPN实验指南视频教程
最新20180807录制EVE开机自启动虚拟路由器并桥接物理网卡充当思科路由器
