ASA Version 7.0(8)
1 C0 |! ~ Y% U!
- E) g4 F/ O+ ?& M& jhostname ciscoasa! A+ f, U5 Z9 m1 E! E$ D/ |
domain-name default.domain.invalid
- {2 G$ t# S* Z# i4 X' `enable password 8Ry2YjIyt7RRXU24 encrypted
7 E, @3 {* R+ L! @1 n @passwd 2KFQnbNIdI.2KYOU encrypted
, @# {1 A7 C/ `& Lnames7 Z* x6 @/ T. J) M5 K6 u
dns-guard
, B2 `: C7 p8 P* A4 K+ C- f7 h!
- Y, s' X4 T, Z. linterface Ethernet0/0
# Y! u7 q+ P5 E S5 l* h" G nameif inside
3 N/ z3 W2 v* K5 ]8 F! f% O! ? security-level 100
5 _& @$ Q: u5 K1 C2 H ip address 192.168.0.1 255.255.255.0 # m9 Y# T! k! \$ i
!3 z1 A* P+ |6 u! K6 p" K
interface Ethernet0/11 x! T# C& J# }3 X( G
nameif outside( C# d% `; N- v) Z& R$ ^6 o
security-level 0
& N- ?% O) t! g- ? ip address 222.178.X.X 255.255.255.252 9 T/ I! U0 q( T& z! V9 k% ~' s
!( M* M) n1 Q {; M
interface Ethernet0/2
1 [; X8 ?5 R4 |+ ~; n shutdown
; J! @2 ~1 ~9 E6 Y' v* S no nameif
" j# I& U) X. O3 S3 R: Z& V no security-level
3 _8 a6 w5 z# c% ] no ip address& A3 l- _9 z% M& d
!
% I1 ^- Y$ ^! n& I7 k. Kinterface Management0/0
T8 E3 @: T" ~6 j2 R nameif management n, r& U' c( u+ c
security-level 100/ w6 v& X: M7 `
ip address 192.168.1.1 255.255.255.0
8 f# p9 g3 s% @9 u8 I f$ n/ W8 q. L management-only" R; b) N& U; p5 n/ A' \
!
- K' k7 C t& o& m$ _& L, Wftp mode passive& q A, H+ T9 q3 C' O/ i5 M
same-security-traffic permit intra-interface
& U/ i5 S3 }$ q) q' Z5 ?' laccess-list 111 extended permit ip any any
8 D" h4 e; _1 U4 z daccess-list no-nat extended permit ip 192.168.0.0 255.255.255.0 192.168.10.0 255.255.255.0 6 F; |- T+ I( W- q( n
access-list vpnclient_splitTunnelAcl standard permit 192.168.0.0 255.255.255.0 X% P4 d" M [0 s+ X
pager lines 245 t4 J7 Q' ^! A+ L
logging asdm informational$ _, M: s, ]9 U4 t6 h& A8 T
mtu inside 1500# p& Y1 ?. C: J
mtu outside 1500) c( U. r( L4 {+ G/ G( B6 u
mtu management 1500
* u; L$ N1 R: Qip local pool vpnpool 192.168.10.100-192.168.10.199 mask 255.255.255.0
$ O: a* L5 d6 j5 B6 ?asdm image disk0:/asdm-508.bin' V$ v/ ~( D& W; j9 ?
no asdm history enable
4 |3 T+ t' {, F' A! n/ e# |, Uarp timeout 14400% w$ x1 V! w7 S- Q0 O
global (outside) 1 interface8 j0 u$ T6 @9 I& y: L* u: c3 u
nat (inside) 0 access-list no-nat+ r( W2 w9 B3 k/ }1 C' ?
nat (inside) 1 0.0.0.0 0.0.0.06 ^7 z* s: m* S; E9 N* X* {/ |
static (inside,outside) tcp interface 5900 192.168.0.210 5900 netmask 255.255.255.255
7 Z4 R, {1 `: Q" u+ I% Qstatic (inside,outside) tcp interface 1433 192.168.0.143 1433 netmask 255.255.255.255 ) [* s9 J* A4 N$ i9 a
static (inside,outside) tcp interface 1434 192.168.0.143 1434 netmask 255.255.255.255
& I. H: D1 e! n- v; ostatic (inside,outside) tcp interface 2425 192.168.0.143 2425 netmask 255.255.255.255 2 ?) s# Z' \; b$ Y: ?& l
static (inside,outside) tcp interface 2426 192.168.0.143 2426 netmask 255.255.255.255
+ D: ?0 a, s7 }$ T/ o* u- D* sstatic (inside,outside) tcp interface 2427 192.168.0.143 2427 netmask 255.255.255.255
. T. @4 S) U1 V0 [! f, astatic (inside,outside) tcp interface 2428 192.168.0.143 2428 netmask 255.255.255.255
6 B: R. }- P0 Q( S4 |2 u7 fstatic (inside,outside) tcp interface 2429 192.168.0.143 2429 netmask 255.255.255.255 . [3 u2 ?/ f: A/ t* ?: {: ~ l
static (inside,outside) tcp interface 5800 192.168.0.210 5800 netmask 255.255.255.255 5 @9 o; s* d& t; r. W
access-group 111 in interface outside/ |5 g. P7 Q; _( s, H: i, O) l
route outside 0.0.0.0 0.0.0.0 222.178.X.X 12 w8 }+ v. V, p" n! l/ _8 w# t
timeout xlate 3:00:00
; U5 R* m9 U1 L5 g8 Q+ Qtimeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02' c' ~! Y5 A M
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00. P8 b" y7 r2 a$ j; z" g
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
* j* K* s$ W. b4 [; G# x. htimeout uauth 0:05:00 absolute7 l. J: ]; m4 E5 I8 Y+ X% a8 W: i
group-policy DfltGrpPolicy attributes; v% G: w' |* K/ G
banner none
' E" n' t% h% v# W- v$ C! g* h# ]9 Z wins-server none
# `# R( R9 }/ P" ~ dns-server none& t7 Z0 T4 |6 n5 n/ [% a# E& U
dhcp-network-scope none
6 x0 c6 J) J# S) U' y vpn-access-hours none
9 ?' a$ l1 ?* q* Y7 s' N9 G vpn-simultaneous-logins 36 ]( S9 b/ w7 C; @+ t
vpn-idle-timeout 30
/ O2 w4 Y: |- q8 g5 {. K4 Q, _ vpn-session-timeout none4 f' |+ q0 n3 ?( Z: {, P( ]: M
vpn-filter none6 V5 ^5 k1 l) P7 z& G2 z$ K& q
vpn-tunnel-protocol IPSec webvpn
n" w% K+ r/ G% S password-storage disable0 T5 v1 R: S$ P$ O1 y
ip-comp disable# g6 \6 p+ Z; O% Z6 S( p* m
re-xauth disable
1 d# f. S0 {2 W group-lock none7 a. {* V0 }; K. t% J% Q2 m
pfs disable
6 _6 H. v/ @1 [" P* E C ipsec-udp disable
: s' M; K/ u9 \* r ipsec-udp-port 10000
; n) y9 L7 q, {: m3 h split-tunnel-policy tunnelall
1 }: a- A7 \1 T; ?. D. ] split-tunnel-network-list none
) F! _1 ~5 Z- n& ]' Q! C# W default-domain none$ Z, k9 F! X0 [! [& {( p1 X( L
split-dns none3 P$ X0 q4 d, \( q+ g8 d& j. s
secure-unit-authentication disable3 z9 M6 R: E+ F
user-authentication disable. _. i' ^3 p) h* A6 R# A6 y7 T7 U+ T
user-authentication-idle-timeout 30; ]1 q4 h6 F, S- P
ip-phone-bypass disable/ m3 j- f- b$ ]! V5 }
leap-bypass disable
2 f. b# x4 V! G) M h/ x; I: p$ f, W nem disable; c% A" c0 G& q. `
backup-servers keep-client-config( Z" v9 q; X9 r4 O0 }9 z
client-firewall none3 I8 n9 q$ F9 v% K
client-access-rule none8 u% K6 O+ v" C4 ?1 S* u1 @
webvpn0 A7 k( a! c1 t! J% Z* n$ r
functions url-entry
6 F& Z, R D2 {2 D r' x& K port-forward-name value Application Access
1 T. C0 p9 U; Ggroup-policy vpnclient internal( Y! |/ \( C& K, @; P8 Y
group-policy vpnclient attributes
9 k& |6 x# X4 S- f dns-server value 61.128.128.67
+ Z4 Y- j% Z7 @' ]9 N6 D+ h7 x vpn-tunnel-protocol IPSec " F( |& W$ Z% B+ b) w1 x
split-tunnel-policy tunnelspecified- F. L3 \% q( J& v, c
split-tunnel-network-list value vpnclient_splitTunnelAcl
& U% h( C- d' ]5 M9 W' u2 s1 p webvpn# w: h& H8 s8 \# x4 d$ t
username admin11 password 2oVCF4GkSvYRaajj encrypted# V4 A8 B7 p6 O6 p( }7 j+ O* J
username admin11 attributes
+ M3 B6 C" o, b1 z8 X5 L. t+ p, Q vpn-group-policy vpnclient
* ?; y: V; O5 Y* D& R' w webvpn
" e( q+ U5 y. ^- Y0 u \3 Gusername cisco password 3USUcOPFUiMCO4Jk encrypted privilege 15
+ k _3 J+ |; [1 Gaaa authentication ssh console LOCAL , y6 P5 a; B# _/ `7 f& v s
aaa authentication enable console LOCAL
0 m! O; Q" H. P; qaaa authentication http console LOCAL + e5 R/ p: H! I+ a
aaa authentication serial console LOCAL ! ^$ J* e3 _9 v1 f9 ]3 B! }9 o+ s
aaa authentication telnet console LOCAL
6 F! }6 @' \7 ~) c4 G2 I9 ^: o \http server enable
! \4 Z; i: r6 \- bhttp 192.168.0.0 255.255.255.0 inside* i Q" h9 H/ t* ~. ~
http 0.0.0.0 0.0.0.0 inside
0 m. Z, u6 Y9 ~. Ahttp 0.0.0.0 0.0.0.0 outside
4 _0 W2 s+ b% N9 a' xhttp 192.168.1.0 255.255.255.0 management
/ ` H' Y) `/ N; j1 Pno snmp-server location( Z! P: u6 Q5 ]# K' h" e5 F
no snmp-server contact
1 Y. k& I% r$ ]5 Y. r8 E' Y9 N" Csnmp-server enable traps snmp authentication linkup linkdown coldstart
$ a4 ^) P, U3 B0 y) Fcrypto ipsec transform-set vpnset esp-des esp-md5-hmac
5 k1 n4 u. c% g% k1 r% ~crypto ipsec security-association lifetime seconds 28800
6 ?; O% a. n% E8 A9 B/ d4 Ocrypto ipsec security-association lifetime kilobytes 4608000$ m# o* u! F$ Y: Z) W0 d
crypto dynamic-map outside-dyn-map 10 set transform-set vpnset
# v3 \+ T6 L* f6 G7 P- E4 Zcrypto dynamic-map outside-dyn-map 10 set security-association lifetime seconds 288000- f' I6 B% u8 A% i7 | H
crypto dynamic-map outside-dyn-map 10 set security-association lifetime kilobytes 4608000+ N/ R- E9 P/ O) A- @8 [# x% q
crypto dynamic-map outside-dyn-map 10 set reverse-route
8 L9 B$ P' K" n. w4 d1 G; ?crypto map outside_map 65535 set security-association lifetime seconds 28800- Y" N; R; } `! ]& ]' a
crypto map outside_map 65535 set security-association lifetime kilobytes 4608000
0 i, n h9 T9 q( a, mcrypto map ESP-DES-MD5 20 set security-association lifetime seconds 28800
) y) a7 X( k3 v! M2 Scrypto map ESP-DES-MD5 20 set security-association lifetime kilobytes 4608000 r6 H& _4 u! h
crypto map mymap 10 set security-association lifetime seconds 28800: v* g6 T6 d, P# u7 L
crypto map mymap 10 set security-association lifetime kilobytes 4608000
1 `- _; b3 \% P3 B% N. Vcrypto map outside-map 10 ipsec-isakmp dynamic outside-dyn-map
& D: A7 W! g- Y u' Ccrypto map outside-map interface outside; b; m8 D f9 B0 c9 G$ e4 V; ]
isakmp identity address 4 P% u; Y: N2 A) _
isakmp enable outside$ B) O4 O) t+ W& U
isakmp policy 1 authentication pre-share1 p) K2 E7 G6 U9 Z/ k6 W( ~2 p& b6 W
isakmp policy 1 encryption des$ s* T L8 B" }, E1 j- d/ b& \2 L0 X
isakmp policy 1 hash md5
3 T% i/ B% ?9 gisakmp policy 1 group 2# B1 t$ g6 N6 q C3 B
isakmp policy 1 lifetime 86400
) P# r8 C3 b) r$ A+ _( S# bisakmp nat-traversal 20. {) G2 |% o9 F$ s" x$ M
tunnel-group DefaultL2LGroup ipsec-attributes# f3 t g8 Z, c
pre-shared-key *" Z# k% `1 T) h* {; |. |# Y
tunnel-group vpnclient type ipsec-ra
1 \) m3 s c! m: Ztunnel-group vpnclient general-attributes
4 s( C; h+ x6 M5 p' D. X$ F address-pool vpnpool
7 k" r, V, H/ P- E default-group-policy vpnclient
4 Z0 Q; G% t' ~* Xtunnel-group vpnclient ipsec-attributes5 N( T. M. I8 \, \) K
pre-shared-key *2 t4 ~7 o8 e) _& ?' g
tunnel-group-map default-group cisco# W1 u4 n, V$ [$ Z1 h; u# B
telnet 192.168.0.0 255.255.255.0 inside, @- g* \8 r( p/ T1 X8 _. K
telnet timeout 5
9 I. A; F; r% j0 k7 @ssh 0.0.0.0 0.0.0.0 inside
. t- j" l# B0 a$ essh 0.0.0.0 0.0.0.0 outside
3 U8 o) }' I0 i6 x2 wssh timeout 60
* I( U& {& j# n; rconsole timeout 0
% M" |: {9 K( idhcpd address 192.168.0.2-192.168.0.254 inside( j" D9 Q! o( Q% J( U
dhcpd address 192.168.1.2-192.168.1.254 management
" }3 w" y8 }6 w& [dhcpd dns 61.128.128.68 61.128.192.68
8 n% ]1 q" Q! }7 q1 E' Wdhcpd lease 3600
) x: Q) N! L0 x$ s2 s% q8 A! a5 T! Ydhcpd ping_timeout 50
& r* O3 e# Q) l% Bdhcpd enable inside
# z' Q2 l! V9 c* x( j3 w+ Ldhcpd enable management* J9 R. r2 n5 X. d+ h, d
!) }; D6 x) r' o
class-map inspection_default$ \9 d7 l% j5 K7 Z7 R
match default-inspection-traffic6 R8 A- ~! O1 \/ t, c
!& }; I$ }2 w# f0 Q! @9 X) s Q* e+ S
!/ e! A: }3 G8 I S+ E( b) b
policy-map global_policy! X2 k; e( B1 m! V* u% e
class inspection_default
+ \& s1 T. C$ K3 k6 z6 ? inspect dns maximum-length 512 C, h. {/ I1 B6 S9 C4 T
inspect ftp 1 |0 M# ^# r) M
inspect h323 h225 ( [% y, d4 X: P6 @# u
inspect h323 ras 9 w6 \8 P- B1 b( x! E) c/ T5 k0 I
inspect rsh
5 k1 P5 F5 z* W7 l) x! J4 t inspect rtsp
) O- x7 Z- Y9 W& ~" X9 c inspect esmtp
& \5 k# ~2 X# r5 r inspect sqlnet : y5 e. f( |' }( v: U
inspect skinny
# I4 D% Y: z+ n inspect sunrpc
2 |, F$ N# R \9 ] inspect xdmcp 4 g; \6 d) A, O2 C
inspect sip ( \" F4 d: B, {8 h
inspect netbios 6 p# v, ~9 k J ~
inspect tftp
, W* L1 g3 E7 l6 t5 \!
/ N; `9 Z" e. u+ bservice-policy global_policy global; l; D8 K) g/ o7 ^
client-update enable
9 H$ c( ~( z1 ?5 UCryptochecksum:aef2b202fd891d6f72ef70a222d07ad7% n. l- H; d0 x, Z
: end
- Y4 W+ g& s0 |$ N% P& e' t- \$ p$ I
请问下楼上的师傅QQ号是多少. 能否找你私下聊一下, 主要就是这个VPN的问题个. |
所有IT类厂商认证考试题库下载
【新盟教育】2023最新华为HCIA全套视频合集【网工基础全覆盖】---国sir公开课合集
【新盟教育】网工小白必看的!2023最新版华为认证HCIA Datacom零基础全套实战课
原创_超融合自动化运维工具cvTools
重量级~~30多套JAVA就业班全套 视频教程(请尽快下载,链接失效后不补)
链接已失效【超过几百G】EVE 国内和国外镜像 全有了 百度群分享
某linux大佬,积累多年的电子书(约300本)
乾颐堂现任明教教主Python完整版
乾颐堂 教主技术进化论 2018-2019年 最新31-50期合集视频(各种最新技术杂谈视频)
Python学习视频 0起点视频 入门到项目实战篇 Python3.5.2视频教程 共847集 能学102天
约21套Python视频合集 核心基础视频教程(共310G,已压缩)
最新20180811录制 IT爱好者-清风羽毛 - 网络安全IPSec VPN实验指南视频教程
最新20180807录制EVE开机自启动虚拟路由器并桥接物理网卡充当思科路由器
