ASA Version 7.0(8) # y0 l a) l7 f) X
!
+ _6 w$ T2 |6 _1 Shostname ciscoasa1 n6 m& Z7 w$ I$ w/ Z5 Y) _0 J
domain-name default.domain.invalid7 p, C1 |) s; y J# R5 `
enable password 8Ry2YjIyt7RRXU24 encrypted
5 O5 B6 q2 v: Q/ X" H& z7 ?passwd 2KFQnbNIdI.2KYOU encrypted
2 B$ g8 `9 v$ O2 W7 znames
- U5 [9 {4 Q" ndns-guard. l2 K% |4 T: U3 a1 T( \/ s) z
!
' \( k) K1 I/ I. Y2 i: I" n$ T. zinterface Ethernet0/0: \1 g C1 z( r3 K1 p
nameif inside
# F1 A2 ?: _$ D security-level 100
, Q g M+ ~+ G; _6 E6 J ip address 192.168.0.1 255.255.255.0
" d7 ]2 Y. d# s3 ^1 [) ` h!
2 O( h3 D) u# l, F2 P# R$ ]) einterface Ethernet0/1
% V' M+ b8 b% l! X, u/ u/ P8 s nameif outside
6 V; H3 _4 J6 t% a5 [" D security-level 0
8 a% l2 g* P3 f6 M# \$ x ip address 222.178.X.X 255.255.255.252
! V% a5 w& _& u8 R& [8 [* V!; u* E E9 f D: P) \! r& D
interface Ethernet0/2
0 I" F: ?. s* l+ \( `. v1 K% |! y shutdown
/ J0 X1 A% e" g: d no nameif( \4 w% L& k3 E
no security-level
) J1 W5 D# ~( p" d; F no ip address+ U4 S! G6 }5 a [
!
2 g/ _+ x& F9 c$ M {! z- c* Vinterface Management0/0( }7 u" |6 ?1 B
nameif management5 A$ F% `6 F( O+ R" T' }
security-level 100
. Y; O1 E& f9 A, e ip address 192.168.1.1 255.255.255.0
& o4 d' d8 y6 m+ { management-only2 T; Z+ R5 `9 f- b2 q) A% j
!# x) Z( j. ~; j+ E3 s$ y7 O _, R
ftp mode passive1 k- |+ p/ D* j; c) o+ k( w2 t
same-security-traffic permit intra-interface
# G$ }6 A8 ]; a g t* e6 faccess-list 111 extended permit ip any any
, ^( M. h7 |6 h# Vaccess-list no-nat extended permit ip 192.168.0.0 255.255.255.0 192.168.10.0 255.255.255.0 * l5 n( a- k S0 \
access-list vpnclient_splitTunnelAcl standard permit 192.168.0.0 255.255.255.0 + X1 L+ i2 M' o$ d3 {3 J
pager lines 24$ I7 ?2 m$ X/ R# k
logging asdm informational8 N1 ~8 s, H) m, i9 l
mtu inside 15006 U) u$ u/ S+ A A5 }
mtu outside 1500
! e _! j; S6 \ n8 w" u9 umtu management 1500! U7 B2 C7 U7 s: a9 T
ip local pool vpnpool 192.168.10.100-192.168.10.199 mask 255.255.255.0
6 a$ O+ K6 L' Q9 A) Oasdm image disk0:/asdm-508.bin
7 p5 Q2 Q) _+ o5 F# O( \no asdm history enable% i6 L/ c; h$ f/ m$ i- V: _9 @7 T
arp timeout 14400" l" i$ J% j5 }0 l
global (outside) 1 interface
8 `2 S( y9 k) ]6 E0 X* Z1 Znat (inside) 0 access-list no-nat v. [% ]4 A& r) Z, p
nat (inside) 1 0.0.0.0 0.0.0.03 }1 i* S9 p% k( y V
static (inside,outside) tcp interface 5900 192.168.0.210 5900 netmask 255.255.255.255
( F- z$ G4 S# k* ?; K5 n3 [' jstatic (inside,outside) tcp interface 1433 192.168.0.143 1433 netmask 255.255.255.255 6 ]% O; o+ t% r6 k5 o- q! ~
static (inside,outside) tcp interface 1434 192.168.0.143 1434 netmask 255.255.255.255
4 |; m# L g* O1 z5 Mstatic (inside,outside) tcp interface 2425 192.168.0.143 2425 netmask 255.255.255.255 - j7 P8 Q: N) m& p2 `
static (inside,outside) tcp interface 2426 192.168.0.143 2426 netmask 255.255.255.255 / ^ b3 U5 J* a3 J2 z2 K6 G
static (inside,outside) tcp interface 2427 192.168.0.143 2427 netmask 255.255.255.255
+ R) K, I; n1 x y+ @" gstatic (inside,outside) tcp interface 2428 192.168.0.143 2428 netmask 255.255.255.255 : Z) m0 K v: {9 m8 r) H/ k. a
static (inside,outside) tcp interface 2429 192.168.0.143 2429 netmask 255.255.255.255 9 m: w! ?, y! e# i& k6 H0 z* Y
static (inside,outside) tcp interface 5800 192.168.0.210 5800 netmask 255.255.255.255 , B- D1 `) t$ K- k- R* J! Z
access-group 111 in interface outside
) F# c' l6 d9 croute outside 0.0.0.0 0.0.0.0 222.178.X.X 1
" M* A) ?% k5 A! n/ otimeout xlate 3:00:00
1 C" x8 L5 Q0 c g! T9 otimeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02+ V/ m+ W# H# U. Z' G: G
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
- [. T8 B: m3 L6 {: i* Gtimeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00) |" v1 \" n2 a$ r& W, X: V
timeout uauth 0:05:00 absolute
9 @. n2 P$ ]6 n5 N7 I5 [group-policy DfltGrpPolicy attributes4 }7 r1 E+ v+ C+ i; ?6 O) \8 [1 j1 l& I
banner none& Z) U( m- T) m. u. Y8 d* D
wins-server none
6 K/ R* N5 B1 I2 c+ L6 ^6 b+ m dns-server none
! r, k* e' i0 P& x5 @, Q- v/ s/ l dhcp-network-scope none! e8 [ i4 o) |9 R
vpn-access-hours none
5 {. a5 y1 A! V0 x* x7 o vpn-simultaneous-logins 3
7 P2 k5 ~( l0 M2 B$ z: R, ]2 e3 |6 r vpn-idle-timeout 30
7 V7 c& K# C( Z$ I2 |- R vpn-session-timeout none
& k& ?8 u0 w3 ]: Z4 R' A) K/ o vpn-filter none
% S F( d* B# H: v0 r7 o vpn-tunnel-protocol IPSec webvpn
. D0 A) g0 a" R password-storage disable
. d, u5 _8 z% w/ U) l- y ip-comp disable
& b- b9 @: G5 R' H/ ?; U re-xauth disable; I# E9 v. k2 _3 A( T0 Y. N2 _+ y
group-lock none
- p& u- W+ k3 k4 k0 G' W pfs disable
7 ?0 c( N8 p0 B* j/ i: ]1 O; T# C ipsec-udp disable ^' w4 y4 u) j' O
ipsec-udp-port 10000
! u# ?. P, w6 L; A2 ^7 T B( ^ split-tunnel-policy tunnelall
$ j2 m% H2 F. e1 A2 r* J split-tunnel-network-list none
. O) r( I! i) K" Z8 d# b6 @, y default-domain none$ q( |: c, ?6 ]0 T
split-dns none( c" b$ a& ^+ [2 }0 L Y
secure-unit-authentication disable, Z! F4 e5 ~& L! k) o+ V* c: B
user-authentication disable
6 M, d& ^) U; A) i2 `2 _ user-authentication-idle-timeout 300 B" \/ B4 z% \+ J- X
ip-phone-bypass disable
7 O! i: x$ m( e leap-bypass disable
$ F. I, C; \" I* Z/ u* Y; h nem disable- X3 v0 f. |1 Z5 q3 w. b
backup-servers keep-client-config# E, A% `* c( d! u3 I2 Y
client-firewall none
( O6 J; y6 p! @ client-access-rule none& L+ P1 W% Z9 U! M; G
webvpn
4 S- [+ r$ r5 V' W1 [ functions url-entry/ K; I% T) A$ Z
port-forward-name value Application Access7 [8 p8 t; G/ D
group-policy vpnclient internal
3 b& O; E- A& H! M! S: M# Sgroup-policy vpnclient attributes
4 p) v1 X8 A. U, s. C1 ]) \ dns-server value 61.128.128.67; }" y" l9 [0 x! ^! v/ R
vpn-tunnel-protocol IPSec
: _1 C1 f5 ]+ J, j split-tunnel-policy tunnelspecified
' I% I5 J( z6 O$ k4 N split-tunnel-network-list value vpnclient_splitTunnelAcl& P& N4 G& }- v% c$ D8 c
webvpn
) U K* V1 x2 D5 ~+ v0 J7 N* Q0 cusername admin11 password 2oVCF4GkSvYRaajj encrypted
9 ?. l) X* ?8 a1 }$ `7 j1 d) e; @username admin11 attributes; w, z; B' W) Q
vpn-group-policy vpnclient' J7 P/ B3 k+ [' s. U H# C
webvpn% @; K" \$ G0 A% R% B! D6 R8 T, W
username cisco password 3USUcOPFUiMCO4Jk encrypted privilege 150 h2 q, [3 b4 Z
aaa authentication ssh console LOCAL 1 {9 r# e( z% c0 P _& q
aaa authentication enable console LOCAL 9 V+ M' f& p. [" n, L7 R! `6 ?% D
aaa authentication http console LOCAL + M3 w H0 V4 l
aaa authentication serial console LOCAL
' a0 y2 F! x) x, \/ [% [aaa authentication telnet console LOCAL ; J2 m. d4 d \! j' r% M0 \
http server enable
; x8 t. {, g! F% O! d8 ?http 192.168.0.0 255.255.255.0 inside
4 [7 n/ R5 E9 ] ohttp 0.0.0.0 0.0.0.0 inside
$ I/ J y# t" E/ ohttp 0.0.0.0 0.0.0.0 outside
; s1 G$ F& l9 N. Ohttp 192.168.1.0 255.255.255.0 management
- ^% M; ]/ c$ l7 Xno snmp-server location5 M/ q$ X. r# u3 c1 i& E3 t
no snmp-server contact1 h7 z$ G. P* G! o, ~
snmp-server enable traps snmp authentication linkup linkdown coldstart
& }9 _+ h% |& Z! j8 P/ L1 R$ pcrypto ipsec transform-set vpnset esp-des esp-md5-hmac ! r$ ]5 p, N5 f7 M
crypto ipsec security-association lifetime seconds 28800
$ `4 n0 ^6 ?& K F" Ccrypto ipsec security-association lifetime kilobytes 4608000
7 s$ ?0 K: ^, L( w |5 N: B) T6 ~crypto dynamic-map outside-dyn-map 10 set transform-set vpnset" j b/ i! R( g3 O. T
crypto dynamic-map outside-dyn-map 10 set security-association lifetime seconds 2880008 h- w; J% }0 H# q
crypto dynamic-map outside-dyn-map 10 set security-association lifetime kilobytes 46080001 F- U) V2 I4 M
crypto dynamic-map outside-dyn-map 10 set reverse-route6 [$ p7 t) I8 u( ^& T6 [/ ]9 [
crypto map outside_map 65535 set security-association lifetime seconds 28800$ t& {& C$ v2 c. _+ T
crypto map outside_map 65535 set security-association lifetime kilobytes 4608000
- O3 j9 J7 V- T: p. |5 ncrypto map ESP-DES-MD5 20 set security-association lifetime seconds 28800
( m: e, l) `, t5 g) @crypto map ESP-DES-MD5 20 set security-association lifetime kilobytes 4608000: Q' p$ S2 z; @
crypto map mymap 10 set security-association lifetime seconds 288003 H( Q, @0 w. O& B
crypto map mymap 10 set security-association lifetime kilobytes 4608000% r3 P/ ~* |( a4 s
crypto map outside-map 10 ipsec-isakmp dynamic outside-dyn-map
, o+ R5 u0 t' {5 a/ c" `) x/ o" j7 Pcrypto map outside-map interface outside" W" f. }* Z5 N& q4 M
isakmp identity address
. l2 I0 F# O4 X7 |9 r [4 sisakmp enable outside
/ N Q1 v( m3 W& ?$ i2 k' l+ Visakmp policy 1 authentication pre-share
' M8 J2 E; F- X3 `" O/ }9 G9 @0 i' e Hisakmp policy 1 encryption des5 r$ W( E8 j# @* w/ b7 z
isakmp policy 1 hash md5% j% _) ^' w- p. G" F
isakmp policy 1 group 2 m: W W% X. L$ B- w- ?9 ?; s
isakmp policy 1 lifetime 86400
4 r+ q6 c7 C. s& q" [isakmp nat-traversal 20# q7 B+ t. ~5 M: v8 u- O, P" Y, d
tunnel-group DefaultL2LGroup ipsec-attributes0 x+ D. O' q( V0 V
pre-shared-key *
- Z, ^7 {6 B/ c0 W j8 x, c8 Atunnel-group vpnclient type ipsec-ra
. ]: ^( S$ }( i9 A- o4 X0 `tunnel-group vpnclient general-attributes
! |' s4 r7 f0 N% q. Q' h address-pool vpnpool
8 D1 ^6 @8 L0 t* S default-group-policy vpnclient. h- q$ T7 V$ B3 M
tunnel-group vpnclient ipsec-attributes
' a" L& a5 P0 r, S pre-shared-key *' B/ z% d; I e- Q
tunnel-group-map default-group cisco* ~ m7 C4 [! _' y
telnet 192.168.0.0 255.255.255.0 inside6 h# b/ z1 n# Z) \5 x8 g
telnet timeout 5
- }2 @/ q# n* Hssh 0.0.0.0 0.0.0.0 inside
( X+ i8 X- X" l/ }/ _& A( rssh 0.0.0.0 0.0.0.0 outside
. O9 L" t, F' f% j# S5 `, [6 x0 @ssh timeout 60& m) t4 L4 M+ N0 }, v( q, d
console timeout 0 B1 R# l; f5 L5 Q8 Y$ s
dhcpd address 192.168.0.2-192.168.0.254 inside# d# J# C) c5 j5 V
dhcpd address 192.168.1.2-192.168.1.254 management
/ i5 m( h9 Z* C1 \/ @" h Sdhcpd dns 61.128.128.68 61.128.192.68
3 `& F+ L: Z& C/ z4 _% Ddhcpd lease 3600
4 h; D; w! z8 P/ ndhcpd ping_timeout 50
/ n1 J. z2 x# \& {% Cdhcpd enable inside# R; @/ V: q# E) O, K0 @. e; }7 @
dhcpd enable management
) C' O1 |7 w: h!
% F, E9 P q% kclass-map inspection_default
' _! j% E+ A& x. O: I2 T match default-inspection-traffic
; [, X! s( G K; ^!
, m, t7 t V7 U9 Z" c9 e, Z!
2 P2 j8 {7 F! Q- V7 k3 npolicy-map global_policy
' y |* w( k3 z! i e) ? class inspection_default
8 W6 w( |' z7 {* F/ _+ h3 d inspect dns maximum-length 512 . W1 o" r, d! T/ q+ r
inspect ftp
" D4 h( k- g. p9 G* n$ _6 N inspect h323 h225
0 w4 D2 u! ?6 M0 d* V) D. x inspect h323 ras
* T9 u, ]# @7 Q* p7 b$ i" j$ c1 @ inspect rsh + @1 z+ q& L i( K' l1 w" E! F
inspect rtsp
" C! g! r1 G( q inspect esmtp 8 S. [0 ~9 k, n: v1 ?9 _
inspect sqlnet
# V3 p9 E1 i; E: \ inspect skinny
4 \3 f# C& }) l! I% _& ^6 Y$ U inspect sunrpc
# U7 K* s, i$ w inspect xdmcp , \+ V$ ]9 n* U |
inspect sip
1 l; d/ V$ W0 Y* e2 ^ inspect netbios & _& q. k. d+ p/ }2 ?* y5 c
inspect tftp
0 P- _& H. A$ y2 U) i' Q' S!
* E! |5 n3 ^8 Z% Lservice-policy global_policy global
3 F, k: O$ E/ c1 B7 Z8 Zclient-update enable6 w0 \, \! s! S. F+ c, D
Cryptochecksum:aef2b202fd891d6f72ef70a222d07ad71 b! x, V8 Y, \' |' V$ s
: end
6 c7 I2 U& z5 R& p9 N. e- O- f( D
' ]% N# Y2 ~; |* \( o% c请问下楼上的师傅QQ号是多少. 能否找你私下聊一下, 主要就是这个VPN的问题个. |
所有IT类厂商认证考试题库下载
【新盟教育】2023最新华为HCIA全套视频合集【网工基础全覆盖】---国sir公开课合集
【新盟教育】网工小白必看的!2023最新版华为认证HCIA Datacom零基础全套实战课
原创_超融合自动化运维工具cvTools
重量级~~30多套JAVA就业班全套 视频教程(请尽快下载,链接失效后不补)
链接已失效【超过几百G】EVE 国内和国外镜像 全有了 百度群分享
某linux大佬,积累多年的电子书(约300本)
乾颐堂现任明教教主Python完整版
乾颐堂 教主技术进化论 2018-2019年 最新31-50期合集视频(各种最新技术杂谈视频)
Python学习视频 0起点视频 入门到项目实战篇 Python3.5.2视频教程 共847集 能学102天
约21套Python视频合集 核心基础视频教程(共310G,已压缩)
最新20180811录制 IT爱好者-清风羽毛 - 网络安全IPSec VPN实验指南视频教程
最新20180807录制EVE开机自启动虚拟路由器并桥接物理网卡充当思科路由器
