本站已运行

攻城狮论坛

12
返回列表 发新帖
作者: cankudewenrou
查看: 3544|回复: 14

more +今日重磅推荐Recommend No.1

所有IT类厂商认证考试题库下载所有IT类厂商认证考试题库下载

more +随机图赏Gallery

【新盟教育】2023最新华为HCIA全套视频合集【网工基础全覆盖】---国sir公开课合集【新盟教育】2023最新华为HCIA全套视频合集【网工基础全覆盖】---国sir公开课合集
【新盟教育】网工小白必看的!2023最新版华为认证HCIA Datacom零基础全套实战课【新盟教育】网工小白必看的!2023最新版华为认证HCIA Datacom零基础全套实战课
原创_超融合自动化运维工具cvTools原创_超融合自动化运维工具cvTools
重量级~~30多套JAVA就业班全套 视频教程(请尽快下载,链接失效后不补)重量级~~30多套JAVA就业班全套 视频教程(请尽快下载,链接失效后不补)
链接已失效【超过几百G】EVE 国内和国外镜像 全有了 百度群分享链接已失效【超过几百G】EVE 国内和国外镜像 全有了 百度群分享
某linux大佬,积累多年的电子书(约300本)某linux大佬,积累多年的电子书(约300本)
乾颐堂现任明教教主Python完整版乾颐堂现任明教教主Python完整版
乾颐堂 教主技术进化论 2018-2019年 最新31-50期合集视频(各种最新技术杂谈视频)乾颐堂 教主技术进化论 2018-2019年 最新31-50期合集视频(各种最新技术杂谈视频)
Python学习视频 0起点视频 入门到项目实战篇 Python3.5.2视频教程 共847集 能学102天Python学习视频 0起点视频 入门到项目实战篇 Python3.5.2视频教程 共847集 能学102天
约21套Python视频合集 核心基础视频教程(共310G,已压缩)约21套Python视频合集 核心基础视频教程(共310G,已压缩)
最新20180811录制 IT爱好者-清风羽毛 - 网络安全IPSec VPN实验指南视频教程最新20180811录制 IT爱好者-清风羽毛 - 网络安全IPSec VPN实验指南视频教程
最新20180807录制EVE开机自启动虚拟路由器并桥接物理网卡充当思科路由器最新20180807录制EVE开机自启动虚拟路由器并桥接物理网卡充当思科路由器

[安全] pix做vpn,vpn client拨入后不能访问内网

[复制链接]
htd002 [Lv4 初露锋芒] 发表于 2013-8-6 15:06:20 | 显示全部楼层
开通VIP 免金币+免回帖+批量下载+无广告
引用:                                                                                                                                作者: thescofield                                        viewpost.gif                                                                                                                                                                 帮顶.  同样的问题                                                                                                                inside访问vpn地址nonat掉
CCNA考试 官方正规报名 仅需1500元
回复 支持 反对

使用道具 举报

wenwenwen [Lv4 初露锋芒] 发表于 2013-8-6 16:22:23 | 显示全部楼层
做了no nat的 还是不行
回复 支持 反对

使用道具 举报

jd_chen [Lv4 初露锋芒] 发表于 2013-8-6 16:30:09 | 显示全部楼层
引用:                                                                                                                                作者: thescofield                                        viewpost.gif                                                                                                                                                                 做了no nat的 还是不行                                                                                                                配置贴上来看看
回复 支持 反对

使用道具 举报

妖怪 [Lv4 初露锋芒] 发表于 2013-8-6 16:59:27 | 显示全部楼层
ASA Version 7.0(8)
2 |8 B5 F7 W( X, u1 E4 A!6 u0 h' `" `: g' j9 f# O5 ^. W
hostname ciscoasa' o' B2 z6 B% G0 z$ ]
domain-name default.domain.invalid
7 J( d- A( F3 c% z7 T; U( {2 Zenable password 8Ry2YjIyt7RRXU24 encrypted# J- ]" u- p4 }- `, ?2 y
passwd 2KFQnbNIdI.2KYOU encrypted8 {0 v( k' w) j( R
names+ h3 Q7 K- F* m3 L! Z3 m8 J
dns-guard0 M4 V2 }4 Q# Z3 u: t- [
!
5 Q; [- O' o" I- I3 O1 u- z. }interface Ethernet0/0
5 H1 B  \- h: o2 l, _$ v) w nameif inside
4 t' f6 G: k# M3 u0 U security-level 1006 z$ W7 H* W4 t/ F5 t- \9 K+ \& L- B
ip address 192.168.0.1 255.255.255.0 2 I" [" E7 G6 W+ v9 o
!
7 o* a; X+ U% }interface Ethernet0/18 J# Q! c: v! A" f/ g
nameif outside) L5 X/ {. G+ z4 [( q
security-level 00 F7 s' q! G4 O$ k. \  g% `/ c3 a( x
ip address 222.178.X.X 255.255.255.252
  ?- v3 h; `: i( J% o- E8 V  V!+ f1 O$ ^, J- H' v
interface Ethernet0/2
6 b& Q4 Q. D* ?& D0 p shutdown: Q1 K) |7 O2 ^% z# X6 a" n" U
no nameif9 A2 m; I7 O( b9 R/ H9 T. _1 \
no security-level
- W: S' F2 Q& q/ Y- }4 r no ip address9 O( e, Z9 s; h9 [& s
!
7 ^; Y4 M! ]" u" N( sinterface Management0/0
7 J# k0 R# d  |0 ?- A nameif management
" ]2 m; o1 b. j# _% I! u security-level 100
7 {7 ~  H2 ~/ k& p# S5 n$ [" t ip address 192.168.1.1 255.255.255.0
! u1 K# t. [- j  S& \: N2 r* t  j9 b6 d: \ management-only6 n' X0 t: D! B( G
!9 D8 l" h. Y' e6 _0 P2 }# ?
ftp mode passive
3 J3 H8 o& s' n9 n, m0 d& asame-security-traffic permit intra-interface0 f5 ?9 ^6 J+ N- Z5 U8 o
access-list 111 extended permit ip any any
" j7 z3 p( k/ Y" haccess-list no-nat extended permit ip 192.168.0.0 255.255.255.0 192.168.10.0 255.255.255.0
) J, k( s- X$ i1 Gaccess-list vpnclient_splitTunnelAcl standard permit 192.168.0.0 255.255.255.0 9 ^3 ?( B8 L6 y; ^" U3 Y$ ^
pager lines 24
/ ]" s. k' c9 k$ clogging asdm informational. Q7 l6 v8 K! x1 K& `
mtu inside 1500) t* B2 m1 }) x8 y* O; g  C( D
mtu outside 1500# y. c' c6 b! {8 i. ~" i
mtu management 1500
% _# a7 K- ~1 S' e& I+ fip local pool vpnpool 192.168.10.100-192.168.10.199 mask 255.255.255.0
  @. Q* O* |3 P- v5 h, easdm image disk0:/asdm-508.bin0 F8 u% ]- o2 M& c' k  f
no asdm history enable9 }/ E8 _- O0 R$ N3 a. ?
arp timeout 14400
6 f" `2 q; c2 t2 oglobal (outside) 1 interface
1 G- o$ B% m* [) m' Nnat (inside) 0 access-list no-nat
+ a6 Z# O8 ]# c* J9 Pnat (inside) 1 0.0.0.0 0.0.0.04 p7 A$ v0 g* x& r4 A8 {
static (inside,outside) tcp interface 5900 192.168.0.210 5900 netmask 255.255.255.255 5 a+ d$ Y* c, u+ b+ S6 R! C7 m
static (inside,outside) tcp interface 1433 192.168.0.143 1433 netmask 255.255.255.255 5 S; T# d1 J" e# {% E* H
static (inside,outside) tcp interface 1434 192.168.0.143 1434 netmask 255.255.255.255
7 f! q( t$ [% }+ U% a2 @/ `static (inside,outside) tcp interface 2425 192.168.0.143 2425 netmask 255.255.255.255 ( S5 H8 \+ [& U( Z+ b
static (inside,outside) tcp interface 2426 192.168.0.143 2426 netmask 255.255.255.255
7 @' w: {* {: C/ t# n* Dstatic (inside,outside) tcp interface 2427 192.168.0.143 2427 netmask 255.255.255.255
8 K2 p5 q* }  [. F% [+ Bstatic (inside,outside) tcp interface 2428 192.168.0.143 2428 netmask 255.255.255.255
+ j1 ], d9 K4 S2 ~  u2 l. n. jstatic (inside,outside) tcp interface 2429 192.168.0.143 2429 netmask 255.255.255.255 8 w+ Q0 {0 ?" m: B& \
static (inside,outside) tcp interface 5800 192.168.0.210 5800 netmask 255.255.255.255 : k/ w, M: m/ V
access-group 111 in interface outside
" p1 ?5 w9 A/ Y8 r/ h+ `( J+ froute outside 0.0.0.0 0.0.0.0 222.178.X.X 1
' K, X% u2 I" k4 H6 f1 Htimeout xlate 3:00:002 l/ e$ f+ Z- h9 Y9 F2 B/ E9 k
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
; }. n1 C6 a  o! u$ A& G& s+ Q2 B4 rtimeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:009 x0 [9 n# n- c- L) l4 B3 T
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00: N2 o. l+ c0 M% ?7 B( q
timeout uauth 0:05:00 absolute
1 s/ Z" P! t" w  }. k4 vgroup-policy DfltGrpPolicy attributes5 H# }4 J: T$ ]' e/ G
banner none
( l; B, r+ F: o' Q wins-server none& z& i5 o4 g6 b& A6 I! g  z
dns-server none
6 j4 F! ]1 y. x dhcp-network-scope none# _. R5 @. T# J+ |
vpn-access-hours none' U% b  o6 o6 e) _
vpn-simultaneous-logins 3
, j9 Z4 X4 i/ [# F vpn-idle-timeout 30: ?2 v4 o& Y& `2 r0 S' E
vpn-session-timeout none6 H: B1 j5 d# l6 M, d
vpn-filter none! n  ~5 [9 p0 Q3 A0 o' F
vpn-tunnel-protocol IPSec webvpn# s  O4 n: A- {% z' T  B
password-storage disable( e+ I2 ^/ i, R! d& z& z/ a
ip-comp disable8 y% c4 }  ], {' O# t3 v# v
re-xauth disable9 S( f& e) v' B& [
group-lock none% X4 ?" O( \' p- Y; x. b: M
pfs disable
1 }# P* @# H- h, K ipsec-udp disable% n& U( K3 F7 R3 ]/ Z& z
ipsec-udp-port 10000
/ X4 g8 y; F$ K1 t. K3 S2 L/ z split-tunnel-policy tunnelall
- p4 D; }) U& \; p1 q' K  a: ~2 A split-tunnel-network-list none
9 U5 m' J. h: h default-domain none7 I0 |0 ?2 E9 R
split-dns none. V' Y& |- F1 ~
secure-unit-authentication disable4 f+ j+ a6 S+ W' _. l0 J1 j# F
user-authentication disable
& G( `: y$ {  Y" e: e- ]' ?  I. v user-authentication-idle-timeout 30
. w( }* p8 P* P6 l, K0 H3 l ip-phone-bypass disable- a3 S2 P9 V0 ?7 M4 O6 H
leap-bypass disable
4 Y5 q4 ~9 H& J$ n1 k5 V3 B nem disable1 T! O2 U5 e6 i9 ]- S/ V* ~/ H
backup-servers keep-client-config
; Z" F4 ^* l) h8 t0 w9 y client-firewall none. g+ L8 f: R7 A" R7 O' F
client-access-rule none* Y* t. n& l5 E( E
webvpn
8 z* y- Q, i7 _  functions url-entry
+ t( |) q( D2 Q! x% z  port-forward-name value Application Access! M6 J& P4 I! P* g) B
group-policy vpnclient internal! {6 j0 A7 V: }$ K4 I* a4 j* R
group-policy vpnclient attributes
7 G6 {" L# a& n1 e dns-server value 61.128.128.67
/ G% y; I) L: n6 Y2 s vpn-tunnel-protocol IPSec
" V8 O* H% t: S5 r# Z2 E5 u split-tunnel-policy tunnelspecified
2 t% ]' f. a! o9 ^; _ split-tunnel-network-list value vpnclient_splitTunnelAcl
9 X+ E. G3 G) P+ |1 S6 ~ webvpn4 r; w  s" t# X: Q: e
username admin11 password 2oVCF4GkSvYRaajj encrypted. ~( A6 L4 i+ G( f
username admin11 attributes
8 ?. B  T5 o# m' x4 x vpn-group-policy vpnclient2 }. U4 h- k% N" g
webvpn- x9 P6 R, X7 `% ]# g
username cisco password 3USUcOPFUiMCO4Jk encrypted privilege 15( A5 [! b7 H. ^8 h
aaa authentication ssh console LOCAL + c4 H9 L8 `7 k7 T1 Z/ m
aaa authentication enable console LOCAL 7 z" l" ^% g3 j
aaa authentication http console LOCAL
; Q1 w4 _  D' B! M: ~aaa authentication serial console LOCAL
% W( ?, C+ V9 r. {& Oaaa authentication telnet console LOCAL ) I9 s: j9 |( I# P  p
http server enable
" \0 G1 d  M! Mhttp 192.168.0.0 255.255.255.0 inside3 I5 w4 n- p5 m% T$ k% }
http 0.0.0.0 0.0.0.0 inside& D+ X) M" ?. P) z# N( r* ?1 _* n
http 0.0.0.0 0.0.0.0 outside" w! F" s! z6 G2 ]
http 192.168.1.0 255.255.255.0 management
/ L4 }& V" ~6 V) w! K! Tno snmp-server location  ?. a6 t0 q' Y& _9 e9 s. y
no snmp-server contact
, s4 T3 z, k+ d( t- csnmp-server enable traps snmp authentication linkup linkdown coldstart$ Q% f2 z; z% }
crypto ipsec transform-set vpnset esp-des esp-md5-hmac
: K: ^2 u( S/ j! M2 t* x5 X9 wcrypto ipsec security-association lifetime seconds 28800
& l4 }+ n  {0 Y& W4 h; Bcrypto ipsec security-association lifetime kilobytes 4608000
6 G( N; n; K4 \0 K7 kcrypto dynamic-map outside-dyn-map 10 set transform-set vpnset9 |0 \) n4 w8 H6 t
crypto dynamic-map outside-dyn-map 10 set security-association lifetime seconds 288000
: k3 B8 ^  K* l* ocrypto dynamic-map outside-dyn-map 10 set security-association lifetime kilobytes 4608000
# S0 L. y; _+ a0 q+ ncrypto dynamic-map outside-dyn-map 10 set reverse-route  }- S  g& R8 ^$ `2 X0 j
crypto map outside_map 65535 set security-association lifetime seconds 28800
& O; g% ?' H  L  p4 _crypto map outside_map 65535 set security-association lifetime kilobytes 4608000& `! T4 U, t# _' F% V' [6 F1 _
crypto map ESP-DES-MD5 20 set security-association lifetime seconds 28800
7 T. v9 d, x, T. W+ `, r9 Jcrypto map ESP-DES-MD5 20 set security-association lifetime kilobytes 4608000
( ~9 ^0 i& S. v% _crypto map mymap 10 set security-association lifetime seconds 28800
& ^! k6 k1 B% {crypto map mymap 10 set security-association lifetime kilobytes 4608000
3 ?9 k* z0 q- Q2 kcrypto map outside-map 10 ipsec-isakmp dynamic outside-dyn-map; C) M/ N! x/ |2 V% G. `6 F9 G  ~
crypto map outside-map interface outside
" U+ q* M, G  V/ q' H0 j$ Bisakmp identity address + T- F# H5 c) M) H. y: m, S
isakmp enable outside! H  `3 H/ g7 K$ C; H9 }
isakmp policy 1 authentication pre-share; @- p4 [8 S2 M+ f5 N
isakmp policy 1 encryption des# F9 P, l% f" v, I! H4 I' S
isakmp policy 1 hash md5
9 L2 b9 v6 H' {: Oisakmp policy 1 group 2
1 E$ V! k9 E  ?4 d0 W! Tisakmp policy 1 lifetime 86400  o& g% W7 \: {7 R# ?8 g
isakmp nat-traversal  20
* E, Z$ g/ x' e& `tunnel-group DefaultL2LGroup ipsec-attributes
. L/ [$ l% D: X: J3 `* l' v pre-shared-key *; S9 q3 ~4 c0 A) _) P
tunnel-group vpnclient type ipsec-ra
/ ~- p% _! M6 |9 f. u. i+ etunnel-group vpnclient general-attributes
' f2 ?* P. l8 S- K+ `( | address-pool vpnpool
0 w3 {0 U8 _7 R/ W/ ^9 I& A; K* u default-group-policy vpnclient* I' C+ n! d) B/ X0 E  D- L4 B1 x
tunnel-group vpnclient ipsec-attributes$ o! Z- D1 @8 w5 P' }# s
pre-shared-key *
/ o9 C% t8 ?' i" C( w1 Y# s8 y8 Vtunnel-group-map default-group cisco
* R0 b' A# e+ \6 ~) etelnet 192.168.0.0 255.255.255.0 inside
) i: P$ i( l$ e+ v; B1 Ztelnet timeout 5; x% Z/ c  c, u
ssh 0.0.0.0 0.0.0.0 inside
$ l- I6 e, \' B& p, o9 _ssh 0.0.0.0 0.0.0.0 outside0 F2 }3 L' O5 Q
ssh timeout 60! t) i; T4 X. T0 b6 }
console timeout 09 v) g6 z5 D' i( o! Z
dhcpd address 192.168.0.2-192.168.0.254 inside
0 Y2 D- ~0 i4 ]1 Odhcpd address 192.168.1.2-192.168.1.254 management
0 X# I4 _1 Q0 Q% @3 fdhcpd dns 61.128.128.68 61.128.192.68: G4 Q' |4 S1 q# ]! ^
dhcpd lease 3600
8 [5 v3 P" r7 \! a0 ~) \dhcpd ping_timeout 50
" N( ]6 ]- u0 }+ Cdhcpd enable inside
2 a! j1 Q& x9 adhcpd enable management
* Q0 X" X, W. \5 Q!
4 l; {( y9 T, H8 x3 B2 zclass-map inspection_default; p0 y. k. V3 n( w; V% ^
match default-inspection-traffic8 q( U) A9 V2 Z) ]3 R- T
!) ~# j$ R, S# s. T6 ?
!. F' {$ k$ ^7 K5 H2 f% Z+ E
policy-map global_policy
6 a- y, L1 c7 Z( l0 V5 B class inspection_default: P8 d4 F! Q+ k* U: \# A, w
  inspect dns maximum-length 512
. J: y/ ?3 ^; @$ ?+ I5 T  inspect ftp
4 V+ ]3 h. i/ Q& Z  inspect h323 h225
1 X: A% d! ^: s0 ^  inspect h323 ras
; s5 G7 Z' l5 V' Y/ A; L  inspect rsh 1 Z0 m# Y' o/ w$ g; L. |+ r
  inspect rtsp
) j5 U2 z( m1 L: f# Z1 P$ b  inspect esmtp 0 u4 j: j3 @* Y7 z6 L8 M
  inspect sqlnet 7 U0 @! x, \3 B4 I, V
  inspect skinny 1 b( P! _" c  t2 C
  inspect sunrpc 0 ^; v/ h7 X* W: C8 Q+ E
  inspect xdmcp * u% o) ^! u. m
  inspect sip 6 `) F- E4 P% ?5 _5 k
  inspect netbios 5 _0 X' l: p; {4 q
  inspect tftp 9 q! b" d4 E: R" B- O* P
!
2 ~9 d' T" T0 g. _" ?3 Y$ {+ kservice-policy global_policy global
* H8 A: H* A4 O/ E  K# d! G8 ^client-update enable
  V4 I/ G. j8 b  K$ A2 FCryptochecksum:aef2b202fd891d6f72ef70a222d07ad7
: z* V0 _8 `* ~: end5 t" I5 F% H- S) ~

: V* L9 b, y- `9 w9 M) E! \请问下楼上的师傅QQ号是多少. 能否找你私下聊一下, 主要就是这个VPN的问题个.
回复 支持 反对

使用道具 举报

sqzzl002 [Lv4 初露锋芒] 发表于 2013-8-6 21:33:44 | 显示全部楼层
设置拨号连接参数,点击“属性”进入TCP/IP协议设置,勾选“在远程网络上使用默认网关”前面的勾。    biggrin.gif
回复 支持 反对

使用道具 举报

您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

QQ|无图浏览|手机版|网站地图|攻城狮论坛

GMT+8, 2026-7-4 05:38 , Processed in 0.098513 second(s), 11 queries , Gzip On, MemCache On.

Powered by Discuz! X3.4 © 2001-2013 Comsenz Inc.

Designed by ARTERY.cn