ASA Version 7.0(8) , U4 t# o! W$ K8 B/ ?
!: D( c# ~" S7 `; S! B
hostname ciscoasa, k9 r* P/ P: d) A* |# ^
domain-name default.domain.invalid4 ^9 N V* g! S1 [
enable password 8Ry2YjIyt7RRXU24 encrypted
+ T5 G3 |0 C1 I) d3 b, j2 W8 wpasswd 2KFQnbNIdI.2KYOU encrypted( R& {& b, O# [* F4 Z0 y# b
names& r* d0 I c1 {9 N
dns-guard
7 j: a8 g0 J- R!! z2 e0 `1 s. E x7 i/ S" u. @2 P2 S# v
interface Ethernet0/0
% K& A4 m, I6 S- n2 A nameif inside
" i: G. M" [; G- k8 O; y security-level 100
9 o8 {4 s; \2 F3 A ip address 192.168.0.1 255.255.255.0 2 h1 N& ~$ B2 W6 r: a
!9 X. w8 R# D) i1 T( Z/ |0 m' v
interface Ethernet0/1
8 U8 d+ @/ F# p+ ? nameif outside! w& Y- Q% O: y1 d; S
security-level 0
7 b& }" p3 [' l }% G6 v ip address 222.178.X.X 255.255.255.252 ' N1 E7 ~4 H- X0 z
!9 E/ [' c( n( n, P0 a6 n5 p
interface Ethernet0/2& O( f& K* ?9 C
shutdown
# o+ }+ x' ^/ R1 s$ D# a no nameif
$ X/ Q2 M5 J. A2 O3 c8 D no security-level
. u6 u8 J D( f) x no ip address" J A* x) X M$ ?# g6 B
!9 r4 b" [" r* ?" X
interface Management0/0
, s0 q' O% l2 o$ V& y# u nameif management1 g$ H+ a2 C( W! }1 d/ c
security-level 1006 G2 C9 [0 a' i# r4 E
ip address 192.168.1.1 255.255.255.0 " j% g! A1 o8 W% w6 n* r
management-only o( d9 M7 ^% [
!
0 S' V0 v4 d% b7 c Q6 a7 |: Q& R# [ftp mode passive
* a8 t/ q8 y9 I6 `/ j) Esame-security-traffic permit intra-interface; f7 y% O& N& \: g
access-list 111 extended permit ip any any
5 j9 v% L {. G8 Yaccess-list no-nat extended permit ip 192.168.0.0 255.255.255.0 192.168.10.0 255.255.255.0
4 c6 f9 ~5 i! t0 G, p; Oaccess-list vpnclient_splitTunnelAcl standard permit 192.168.0.0 255.255.255.0 ( c$ c- Z& O: k! x8 E {( N
pager lines 24
2 k; [6 P8 Q* Q- k' l, }logging asdm informational
: k% c) S( y7 U3 f" H8 Kmtu inside 1500
9 v+ y! c. ~1 ^' G' [" |0 Xmtu outside 1500+ Y& `, S2 s5 g4 v- v5 B
mtu management 1500
# U1 o$ D0 ?9 Mip local pool vpnpool 192.168.10.100-192.168.10.199 mask 255.255.255.0
/ Q( w' w7 c( j- Z) A3 \; T* M8 v! {asdm image disk0:/asdm-508.bin
% S5 c+ Z/ f, E0 z; S2 n2 uno asdm history enable
* s' N8 `2 @6 f! n& T/ Varp timeout 144003 u% z: S1 ?, b$ C+ o6 {$ @
global (outside) 1 interface
- Y5 t3 d* P$ S2 Xnat (inside) 0 access-list no-nat1 Y' Q4 D" @0 n' E( ~
nat (inside) 1 0.0.0.0 0.0.0.0; a7 V1 J3 z8 {
static (inside,outside) tcp interface 5900 192.168.0.210 5900 netmask 255.255.255.255 % I' V* D8 }+ x% r; m- j
static (inside,outside) tcp interface 1433 192.168.0.143 1433 netmask 255.255.255.255
. Q2 t& T& O, |7 Y1 X0 J' ystatic (inside,outside) tcp interface 1434 192.168.0.143 1434 netmask 255.255.255.255
# F- i' i @5 Q! w- h4 c& D+ Lstatic (inside,outside) tcp interface 2425 192.168.0.143 2425 netmask 255.255.255.255
7 \8 f$ ?8 `3 G0 M9 _# zstatic (inside,outside) tcp interface 2426 192.168.0.143 2426 netmask 255.255.255.255
' w" ]; i" L/ i/ |! P pstatic (inside,outside) tcp interface 2427 192.168.0.143 2427 netmask 255.255.255.255 " R" |' I- ]! r' b" b5 M+ ?3 Z
static (inside,outside) tcp interface 2428 192.168.0.143 2428 netmask 255.255.255.255 ( d4 x1 t( O% z. c! ?( C7 X
static (inside,outside) tcp interface 2429 192.168.0.143 2429 netmask 255.255.255.255 4 b' I: |) M5 _+ A! l$ x) z
static (inside,outside) tcp interface 5800 192.168.0.210 5800 netmask 255.255.255.255
. H$ N- l; r( }2 ^! R- f+ Jaccess-group 111 in interface outside
2 U) C) h+ I5 ] ^, O% L6 }# w! xroute outside 0.0.0.0 0.0.0.0 222.178.X.X 1
6 L& b% |" _. b; utimeout xlate 3:00:004 T) v. C1 d4 `' O' h* ~" b9 y% ~& x
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
* }# a4 [; r) |5 Stimeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00$ ?3 L* Y$ x# q& K- X
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:009 b; u# b9 j3 H" K4 U
timeout uauth 0:05:00 absolute
! H# ^, \4 [! [* z) o3 M2 rgroup-policy DfltGrpPolicy attributes5 V& K- V4 D+ B! L
banner none
* Q2 m' \* M; ` wins-server none
1 {* d. I9 d4 c( M dns-server none7 M& h2 u8 q, ~( K4 X' u1 a
dhcp-network-scope none
( Z/ q3 T' M1 P5 l! ~4 @; I% q vpn-access-hours none
2 s$ Q9 {% Z8 f+ b vpn-simultaneous-logins 3- V# b1 u3 B# D7 Y- N2 X1 C1 }
vpn-idle-timeout 30* i. D0 D! E. N; c6 E
vpn-session-timeout none% O/ P7 B1 e4 b! L5 y+ l$ \8 n
vpn-filter none/ Y$ l5 R- G2 B; o2 i
vpn-tunnel-protocol IPSec webvpn
( H* ?# q' i5 F: I/ V: f password-storage disable
* ]3 x9 x; Y! ~- P9 _* f! m( m7 d8 m ip-comp disable
# u: d+ k! F4 o0 P. d4 u. @ re-xauth disable& A* Y: b% n- H5 x' m' h- r
group-lock none' g6 M/ x( O( {# l
pfs disable
+ \+ e% q% U) x+ ?( o ipsec-udp disable3 ?" \! J3 a& x
ipsec-udp-port 10000
, ^( f7 r$ l3 L2 Y- L2 e split-tunnel-policy tunnelall
3 \# X. c! l% E( J9 h7 { split-tunnel-network-list none* g6 A b/ v6 Q' ]$ D# `6 J9 E
default-domain none
% |% D8 y1 T7 G! o$ I split-dns none; `6 z) v Q" a6 P i5 z: @* O1 c
secure-unit-authentication disable
5 K& G. z. s- u# _ user-authentication disable% w# U. y/ U$ d1 l5 m
user-authentication-idle-timeout 30
4 K, S1 G6 F6 c6 w! I! C2 d& U* G ip-phone-bypass disable2 |# ^' W% n& f- I9 U% e% I
leap-bypass disable
) L8 G A. o3 p6 J, X1 |' H nem disable ^( w0 T8 L4 Z/ t) W6 H
backup-servers keep-client-config
" i" N7 X4 S" a# |; k client-firewall none
1 F6 [# V( ^9 K( y5 V+ x; x client-access-rule none' X0 G# H4 H! ~/ k: _
webvpn
! A4 ^4 i( Q8 q7 G: u! g functions url-entry8 `% q' `; ^4 M- @+ x
port-forward-name value Application Access8 T7 g& O/ j' B& ~5 h9 f! [
group-policy vpnclient internal
" _+ q: E" m$ v; I* |$ _2 B, ]group-policy vpnclient attributes
. Y! _% D% O6 F" H& q& C dns-server value 61.128.128.676 e% r# ^/ R! |5 @2 ]9 I! P' C5 M
vpn-tunnel-protocol IPSec + K; d9 }" x; {
split-tunnel-policy tunnelspecified0 D' \0 N- x5 A( q3 c
split-tunnel-network-list value vpnclient_splitTunnelAcl
" K& W7 j" V& T' T! ?, k6 R webvpn
V: u$ I, F+ B, qusername admin11 password 2oVCF4GkSvYRaajj encrypted8 F, P. g T0 R( d# E
username admin11 attributes ]9 q9 D+ _, I* I" {. {4 A2 R6 b# d
vpn-group-policy vpnclient
& N2 _" h; ~) X: { R5 ]: \: [ webvpn1 @) N% l/ A2 k9 ^4 H9 u3 g1 F
username cisco password 3USUcOPFUiMCO4Jk encrypted privilege 15
) P$ w5 w2 ?6 N' @1 W( Iaaa authentication ssh console LOCAL # I& d( K% J5 q) _: q
aaa authentication enable console LOCAL
1 s' r ?( y/ |) z( q% laaa authentication http console LOCAL 8 K) s, M8 t* K! e; A. J' `
aaa authentication serial console LOCAL : a! r" q5 ]* p0 m0 c1 f
aaa authentication telnet console LOCAL
3 E4 g; y) \0 r9 b9 thttp server enable5 J8 b+ X7 d e8 I# R- t
http 192.168.0.0 255.255.255.0 inside- M" l: w& [: _8 Q/ I- b8 G
http 0.0.0.0 0.0.0.0 inside9 z7 y$ N2 l+ D. g" J% C; o" B/ g
http 0.0.0.0 0.0.0.0 outside
; G' |8 Y4 |% P% v4 L) Vhttp 192.168.1.0 255.255.255.0 management1 }8 ~- L0 @) W, ^+ T
no snmp-server location
8 i7 k& t: n W$ Q/ Kno snmp-server contact
# `7 [5 E% e- psnmp-server enable traps snmp authentication linkup linkdown coldstart
, Z( l, |- H! [7 \6 J3 P1 ecrypto ipsec transform-set vpnset esp-des esp-md5-hmac ( b4 \7 N: m& R
crypto ipsec security-association lifetime seconds 28800
% l" o% k Z% {; X$ ^2 K' r+ ecrypto ipsec security-association lifetime kilobytes 4608000
+ L1 z$ B/ N9 {9 q/ Q2 C4 _9 d7 icrypto dynamic-map outside-dyn-map 10 set transform-set vpnset
3 ^5 S8 }4 Y6 G1 \- acrypto dynamic-map outside-dyn-map 10 set security-association lifetime seconds 2880000 D! h p% C+ e2 l
crypto dynamic-map outside-dyn-map 10 set security-association lifetime kilobytes 4608000
2 e+ o4 K/ }9 }0 s- _9 |* w0 Bcrypto dynamic-map outside-dyn-map 10 set reverse-route
: `7 \# U. @1 [4 Mcrypto map outside_map 65535 set security-association lifetime seconds 28800+ h3 B1 u5 u W: D$ M" D
crypto map outside_map 65535 set security-association lifetime kilobytes 4608000) ?6 z) a! E* u9 w2 ~
crypto map ESP-DES-MD5 20 set security-association lifetime seconds 28800
4 y) W Z' z) H( W0 Q- E* Jcrypto map ESP-DES-MD5 20 set security-association lifetime kilobytes 4608000
, ~* h! q( P; kcrypto map mymap 10 set security-association lifetime seconds 28800
% q% e9 n5 y, _7 pcrypto map mymap 10 set security-association lifetime kilobytes 4608000# _9 {' p0 C- B& K7 G
crypto map outside-map 10 ipsec-isakmp dynamic outside-dyn-map4 C! p/ d! G" J- Q3 h: _
crypto map outside-map interface outside
0 x0 K; M5 m. L- M( [isakmp identity address ' X' B6 `5 a+ A
isakmp enable outside- R( Q9 B/ z/ |) h, O
isakmp policy 1 authentication pre-share
1 ~2 b+ R6 Z' B* }- k4 eisakmp policy 1 encryption des; F4 z. E2 Y" M) _) N0 A0 D
isakmp policy 1 hash md59 t( B, `: [& ~* t6 L; U
isakmp policy 1 group 2
[+ G9 i6 z/ L+ y- gisakmp policy 1 lifetime 86400" s, p* h; l8 }6 N) \+ e' b3 f
isakmp nat-traversal 20$ ^4 v0 _( O' Z, N
tunnel-group DefaultL2LGroup ipsec-attributes# I1 o5 }) y' w& ?0 W7 o7 z1 w
pre-shared-key *
" b% P9 M' k* @7 a& e+ htunnel-group vpnclient type ipsec-ra
+ L. H+ d) Z+ s! q8 e( S: A) }6 s# xtunnel-group vpnclient general-attributes+ S* P9 R+ o- D' T
address-pool vpnpool6 P9 O6 s3 [" F$ b' m
default-group-policy vpnclient1 H) y3 P8 \8 B6 V
tunnel-group vpnclient ipsec-attributes1 n3 A! Q% G2 r' [, P
pre-shared-key *& a' I2 G7 y8 E% Y
tunnel-group-map default-group cisco& d4 U' ~ m( V, G
telnet 192.168.0.0 255.255.255.0 inside
3 W8 O, q% ^( u. s0 | ctelnet timeout 51 P, A( v4 i) q" W3 o0 G. Z8 w9 q
ssh 0.0.0.0 0.0.0.0 inside ?- y9 H' U$ m! W7 Y
ssh 0.0.0.0 0.0.0.0 outside
& E! W5 J) B( b% M% \, }: vssh timeout 60
1 n( j. }! D+ B& }# jconsole timeout 0
# e+ B5 g6 t7 q$ Adhcpd address 192.168.0.2-192.168.0.254 inside; v# }7 `2 O% F; F9 v6 K$ ]0 ?
dhcpd address 192.168.1.2-192.168.1.254 management
& K5 x1 r% d5 |* odhcpd dns 61.128.128.68 61.128.192.686 f) X* J+ x9 {3 ~. Z% J: U, J
dhcpd lease 3600
$ z, O( \7 y% e% tdhcpd ping_timeout 50! v, r4 N% \) a; B' r* u" |
dhcpd enable inside
; X( ]6 _/ m$ Sdhcpd enable management
2 d1 {/ S2 }& A0 S0 r!
! h6 Q; P4 j6 t1 u5 mclass-map inspection_default0 q) s- T: a/ v. z4 }& @8 x
match default-inspection-traffic
( f- u& s( ]/ N1 j$ h! C!
. T* n8 T: N$ i1 D2 U* X!( H7 R8 b( L+ g
policy-map global_policy7 v6 G. f# p9 t
class inspection_default3 T# k6 U4 j! z v& D
inspect dns maximum-length 512
' T9 c5 X. v( |6 Y inspect ftp + K1 A# _ t$ B. D
inspect h323 h225
- `/ B: T" U. A* I! F, M3 o inspect h323 ras ( e7 j, H D- A! U- Y$ g
inspect rsh
6 p7 a/ c% B6 T. {( b inspect rtsp . d4 N8 ], Q( C8 d
inspect esmtp u& H% a2 ^" O5 Q
inspect sqlnet $ H$ a) z" |# L* W- d2 {
inspect skinny
x: L. {8 |/ K" C inspect sunrpc $ k* W# T5 w9 U
inspect xdmcp
+ p* s) H, o9 P& O% f inspect sip " w3 q b k5 i+ ?1 w; n
inspect netbios 9 g0 B! [$ p+ Y+ F
inspect tftp ) z: _; ^0 n5 \* a
!
2 l, Q' I* x% h5 gservice-policy global_policy global5 D3 [8 k5 G* t2 j
client-update enable
g- Q h4 C' F7 L# zCryptochecksum:aef2b202fd891d6f72ef70a222d07ad7
0 z) q6 N( ~. ~- g* I$ K( M0 |+ B: end0 i" e6 d8 J2 F P
9 E, M- q$ {# x! v) n
请问下楼上的师傅QQ号是多少. 能否找你私下聊一下, 主要就是这个VPN的问题个. |
所有IT类厂商认证考试题库下载
【新盟教育】2023最新华为HCIA全套视频合集【网工基础全覆盖】---国sir公开课合集
【新盟教育】网工小白必看的!2023最新版华为认证HCIA Datacom零基础全套实战课
原创_超融合自动化运维工具cvTools
重量级~~30多套JAVA就业班全套 视频教程(请尽快下载,链接失效后不补)
链接已失效【超过几百G】EVE 国内和国外镜像 全有了 百度群分享
某linux大佬,积累多年的电子书(约300本)
乾颐堂现任明教教主Python完整版
乾颐堂 教主技术进化论 2018-2019年 最新31-50期合集视频(各种最新技术杂谈视频)
Python学习视频 0起点视频 入门到项目实战篇 Python3.5.2视频教程 共847集 能学102天
约21套Python视频合集 核心基础视频教程(共310G,已压缩)
最新20180811录制 IT爱好者-清风羽毛 - 网络安全IPSec VPN实验指南视频教程
最新20180807录制EVE开机自启动虚拟路由器并桥接物理网卡充当思科路由器
