本站已运行 14年358天19小时18分56秒

攻城狮论坛

作者: NewComer
查看: 1966|回复: 24

主题标签Tag

more +今日重磅推荐Recommend No.1

所有IT类厂商认证考试题库下载所有IT类厂商认证考试题库下载

more +随机图赏Gallery

【新盟教育】2023最新华为HCIA全套视频合集【网工基础全覆盖】---国sir公开课合集【新盟教育】2023最新华为HCIA全套视频合集【网工基础全覆盖】---国sir公开课合集
【新盟教育】网工小白必看的!2023最新版华为认证HCIA Datacom零基础全套实战课【新盟教育】网工小白必看的!2023最新版华为认证HCIA Datacom零基础全套实战课
原创_超融合自动化运维工具cvTools原创_超融合自动化运维工具cvTools
重量级~~30多套JAVA就业班全套 视频教程(请尽快下载,链接失效后不补)重量级~~30多套JAVA就业班全套 视频教程(请尽快下载,链接失效后不补)
链接已失效【超过几百G】EVE 国内和国外镜像 全有了 百度群分享链接已失效【超过几百G】EVE 国内和国外镜像 全有了 百度群分享
某linux大佬,积累多年的电子书(约300本)某linux大佬,积累多年的电子书(约300本)
乾颐堂现任明教教主Python完整版乾颐堂现任明教教主Python完整版
乾颐堂 教主技术进化论 2018-2019年 最新31-50期合集视频(各种最新技术杂谈视频)乾颐堂 教主技术进化论 2018-2019年 最新31-50期合集视频(各种最新技术杂谈视频)
Python学习视频 0起点视频 入门到项目实战篇 Python3.5.2视频教程 共847集 能学102天Python学习视频 0起点视频 入门到项目实战篇 Python3.5.2视频教程 共847集 能学102天
约21套Python视频合集 核心基础视频教程(共310G,已压缩)约21套Python视频合集 核心基础视频教程(共310G,已压缩)
最新20180811录制 IT爱好者-清风羽毛 - 网络安全IPSec VPN实验指南视频教程最新20180811录制 IT爱好者-清风羽毛 - 网络安全IPSec VPN实验指南视频教程
最新20180807录制EVE开机自启动虚拟路由器并桥接物理网卡充当思科路由器最新20180807录制EVE开机自启动虚拟路由器并桥接物理网卡充当思科路由器

[安全] 请问如何配置ASA5510才能让外面的电脑拨入内网的VPN服务器

  [复制链接]
查看: 1966|回复: 24
开通VIP 免金币+免回帖+批量下载+无广告
内网一台SERVER2008服务器作为VPN服务器,通过ASA5510的PAT上网,怎么配置能够让外面的设备通过PPTP拨号连接上VPN?
. ]8 C3 K$ |' w0 @' b9 }3 K2 K- X; i3 O8 U& m4 G1 P6 Z/ e+ j7 n: q
这个是我现在的基本配置/ m1 Y- t6 Q  L1 x; D5 U3 S
" X0 t- g( W, g# E
interface Ethernet0/05 j2 ?/ U% Q6 e2 D5 g2 V
nameif WAN
5 @: t- ^3 k; [( f$ } security-level 01 D, h/ _- G! [* l: E4 \; |+ Q
ip address a.a.a.a 255.255.255.252
3 S) A  R! Q7 D4 A" m8 |, E/ X!! d- H$ \6 _- l$ d/ j+ y
interface Ethernet0/1% ~& u0 P( s& y  W9 d: I
nameif LAN
8 i0 ~( \& c3 S& x" l security-level 100
( _/ X8 d: o. B( F4 P ip address 172.16.0.99 255.255.255.0 + g3 y/ a5 Q, X0 X8 Q/ R
!
# [1 X/ v" t0 y, k" pinterface Management0/0( [+ r+ w4 l& f% Q
nameif management! j6 l4 g5 ^% ?7 |+ e; K4 k7 e1 l
security-level 100# J% t+ D* k  d" Y" X& P2 b
ip address 192.168.1.1 255.255.255.0
( l9 [9 \3 k# d) b5 R management-only( P) {9 E* r$ }8 u) Z
! + I9 D0 R  m# n/ J5 I, Q
!
. o5 a9 ~. {  y- X% m* ztime-range test1 f* K! ?9 e* N3 A1 M: e4 h  \5 O
absolute start 08:43 11 March 2010 end 08:43 11 March 2011/ u& H( z% W" Y5 ~! o6 X! B
periodic daily 0:00 to 23:593 b  {, c- `2 U& c! [1 h
! / B$ O' j3 I/ i# J& e
ftp mode passive6 V0 _" m' l7 ?) a, N+ |5 Y
clock timezone CST 8
8 M1 U& @# g- E/ Laccess-list icmp_in extended permit ip any any - t  |! f# D5 T  i7 [4 w3 C0 _
access-list LAN_pnat_outbound extended permit ip any any
2 k: S7 q6 `8 J0 l$ X' z& Vaccess-list LAN_access_in extended permit ip any any
  n% o+ d" f: L! w' Aaccess-list WAN_access_in extended permit ip any any
* J6 K: l8 m! D: Waccess-list lan_in extended permit ip any any
9 d. l1 z. x* L5 [( J! 2 p8 O) c" U, |3 E8 t/ R: T( i# e
pager lines 24- L, o' D. U7 `3 `$ d) c2 T
logging asdm informational( L0 Z) d7 H+ i+ t" G9 m
mtu WAN 1500 * c4 ?) ]5 y, Y& @. ]! l$ |  b; y
mtu LAN 1500
  ~. M' P$ r0 U" kmtu management 15009 l6 W" S3 Y! |; V% T
mtu test 1500
0 J( @1 Z: x4 A' o# }5 I9 O; ]asdm image disk0:/asdm-508.bin, ?. s, F6 W# j& t4 Z/ N# ^* R
no asdm history enable
5 t& c7 _3 O  r& ]! K4 M- Karp timeout 14400
1 r+ I" Z1 ?' G3 B1 Bnat-control
) ^" h3 K# }; Y, E/ l8 uglobal (WAN) 1 interface
& @- D( r  C" P+ Bnat (LAN) 1 172.16.0.0 255.255.255.0- O) s/ @+ w* y
access-group icmp_in in interface WAN
+ Z) B5 o6 J  {4 c% c+ iaccess-group lan_in in interface LAN2 K/ e$ o% G9 c
route WAN 0.0.0.0 0.0.0.0 b.b.b.b
CCNA考试 官方正规报名 仅需1500元
回复 论坛版权

举报

lytheme [Lv4 初露锋芒] 发表于 2013-7-2 15:09:36 | 显示全部楼层
inspect pptp
回复 支持 反对

举报

whalejiangm [Lv5 不断成长] 发表于 2013-7-2 15:56:29 | 显示全部楼层
引用:                                                                                                                                作者: tomtangjh                                        viewpost.gif                                                                                                                                                                 inspect pptp                                                                                                                请问我在哪个命令下输入这个命令?
回复 支持 反对

举报

明月星空 [Lv5 不断成长] 发表于 2013-7-2 18:24:57 | 显示全部楼层
不是一条两条命令的问题
2 {  O4 E$ b5 O* Y; L4 |; @
3 t) F. y) T0 w: O' I9 I$ N) p3 c参考
2 p" X$ m) ~5 s6 L
9 m( k4 D' m9 W/ R$ I, ~/ IPIX Version 7.0(1) . |) q* K5 v" z
names2 f' g  ~' u/ v2 i' m( v; z
!5 `! t0 U4 O; Q! e/ F; [( b# \6 T
interface Ethernet0, P* S! X) b) ]: U/ v# i* Y. s
nameif outside
9 O  w+ @$ ?8 {! P! r( fsecurity-level 0. `6 I* y& S9 ?  M+ C6 w
ip address 172.29.6.1 255.255.255.0
0 H& N  F& d5 V6 `5 L7 q!
% ?& }3 ]' k" ?, ~' |interface Ethernet1% p; R: D1 t! T
nameif inside5 f; f( _: F: \& k/ J! w1 _
security-level 100
+ t3 M: O# x. s9 Hip address 172.29.131.1 255.255.255.0
- [+ M& q: ]3 J" p1 z6 t9 G$ q! s!
8 Z, o- s& \1 V7 O8 \enable password 90RBsEWodTGO2XFL encrypted
% @+ ?( g: a; j6 j8 o- U& vpasswd 2KFQnbNIdI.2KYOU encrypted- F8 q3 m. d  F) k
hostname pix( d+ K4 N/ v5 Y* B" H
ftp mode passive
- K0 F3 d, V# i0 U6 ^. Daccess-list nonat extended permit ip 172.29.131.0 255.255.255.0 10.1.1.0 255.255.255.0
3 ?% s, D8 j' z, X- v+ O7 R' xaccess-list split standard permit 10.1.1.0 255.255.255.0
, j( B" l& m2 n, C  I6 Epager lines 24
( ^8 M* \0 e/ Glogging console debugging! g; k5 U6 S4 h1 N
mtu outside 1500
$ L3 o, p! x; A4 }mtu inside 1500' t4 l; x! B! _. B1 s$ V% c
ip local pool testpool 10.1.1.1-10.1.1.154 l2 V. B) O2 e; P3 D! O
no failover
( L& _1 \) B: D- D- Z+ Vmonitor-interface outside& c. l% K1 w" K( V/ K& k! u
monitor-interface inside
/ T$ i5 D/ D" }" v! Vno asdm history enable' V) [7 h7 l# G
arp timeout 14400: b: k, d: P$ f" _6 K8 ?& |& F+ x
nat (inside) 0 access-list nonat# E; h- T. e% t
route outside 172.29.0.0 255.255.0.0 172.29.6.254 1
( F: M& |! Z0 Y# d5 ?( P6 O; X% ]timeout xlate 3:00:00
' R( H9 b* U7 B: utimeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
% ?4 G) f! ?  k; D! {4 K+ b. S- Ltimeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00# N5 G" y7 W+ X/ ^0 V& [/ {
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00% z$ z% f0 S8 U' {' X1 s
timeout uauth 0:05:00 absolute
6 O; N; e! G. U0 e- a2 m) b/ bgroup-policy test internal
; s: X) f8 ^( |( H  [group-policy test attributes
( O& d- l0 v6 Bwins-server value 10.1.1.102& C1 u0 x: f; F+ z7 t( R
dns-server value 10.1.1.100 10.1.1.101- D5 C) o% ^$ `- M; E0 A
split-tunnel-policy tunnelspecified* w7 X  P& l  t& ^/ b
split-tunnel-network-list value split! t) J7 |. F6 M* [
username peter password eiLX8yKuiZqgo6C8 encrypted' A% q/ ~/ j) _/ y: w2 P( O6 T! V
username tcytech password HTEt2RXRBqicQQ2g encrypted. x, X, S) e/ S; Q  i2 W
no snmp-server location
* \0 w7 w# M& M8 t7 vno snmp-server contact
6 Z% q! O- V: k# l2 U4 a( f" hsnmp-server enable traps snmp; g: k- S2 k1 Y
crypto ipsec transform-set test esp-aes esp-sha-hmac 1 B& J! U5 v+ q) M5 r( l' t0 h
crypto dynamic-map mymap 10 set transform-set test1 h' R4 {# [8 g2 L2 b
crypto map test 10 ipsec-isakmp dynamic mymap2 j5 S/ ]& c5 V
crypto map test interface outside
9 @# I! h6 c5 X2 s6 K* ^/ S6 iisakmp enable outside8 ?( r' n0 q; e% G* S# |) t0 s/ [
isakmp policy 20 authentication pre-share
7 f  W% H7 L6 _/ {isakmp policy 20 encryption aes9 {4 n& R9 s9 }0 _. t% ]2 n
isakmp policy 20 hash sha6 x' G8 b" y; G
isakmp policy 20 group 2* e; g' w& q3 s" W
isakmp policy 20 lifetime 3600% ]% h& m9 S6 w
isakmp policy 65535 authentication pre-share  o' D; D, H; M! R2 z
isakmp policy 65535 encryption 3des
0 U' B6 y- l9 D; t& Iisakmp policy 65535 hash sha
: W9 r4 S: H. D$ h# m+ zisakmp policy 65535 group 2
+ ?2 R; q, W4 X2 G* g/ o! Uisakmp policy 65535 lifetime 864002 n8 B2 n; ^7 Y- N5 M
telnet timeout 5
' j% f% N  e1 B7 r" vssh timeout 5
# G- L9 `9 \0 g  T1 Z7 |: jconsole timeout 0
2 D2 K; |9 A6 H+ {tunnel-group test type ipsec-ra4 {/ r& X$ e# g8 ]% C6 T$ f+ p
tunnel-group test general-attributes
, ]% P0 W/ P3 F/ Q! k( c0 j. caddress-pool testpool1 t( Q% _+ P0 Y3 j% g
default-group-policy test$ `1 R: D5 q% R
tunnel-group test ipsec-attributes( `' X$ ?7 e$ N
pre-shared-key */ E- L$ Q7 m0 u5 i: o
!4 D8 X1 D6 J& M( Q  R, ^  b0 r
class-map inspection_default
& e* S$ W7 ]/ W( Ymatch default-inspection-traffic
2 R( b# o5 |1 U' P!( m6 {4 _! w# _- f' I7 `6 W
!
# R- l" f% ~3 {% ~4 bpolicy-map global_policy5 I7 |, d/ U1 Z
class inspection_default5 V3 F& W: b7 s6 `9 v: T. c/ q2 P/ f
inspect dns maximum-length 512
  F* c7 F, l+ L# ?3 k1 kinspect ftp . O. D, |# ~+ w/ `8 z
inspect h323 h225
! n! B% @$ }' O4 ?5 \% sinspect h323 ras - R# R( G$ f9 J, t- T% ?, u
inspect netbios
8 |) o* }, c- v1 rinspect rsh . @/ [9 P* a/ ^; L6 j# G
inspect rtsp
  i; q- a% \9 Linspect skinny : t# y3 K, b+ P0 q; R9 b1 A1 u
inspect esmtp 6 K' p8 h# x  S5 Y) I" u4 e) C5 `+ `5 W2 E
inspect sqlnet
. z: M  p, G" A( f% dinspect sunrpc 4 H5 q2 t2 a3 t2 f/ {* }
inspect tftp ) |0 @( M5 Q. u. e& l
inspect sip
0 T/ ]  H* ]6 f' [+ s( I6 Y$ dinspect xdmcp ; W6 @3 e- z5 x. p/ f/ P

. J. M7 E3 Y' K' `$ Dhttp://www.hrbnt.cn/cisco/article.asp?id=1842
回复 支持 反对

举报

tell [Lv4 初露锋芒] 发表于 2013-7-2 22:59:14 | 显示全部楼层
引用:                                                                                                                                作者: ゞ懒虫ゞ                                        viewpost.gif                                                                                                                                                                 不是一条两条命令的问题
+ Q$ p1 H8 z& M* u* O
1 Z% ?1 n) y0 S7 P8 x参考$ F- R+ Q6 [+ c  W
! z" K5 ^4 F7 \. m* D+ P
PIX Version 7.0(1)
! N: }) r8 W( d+ unames
% O! T: @' ^2 ]8 [+ t7 V. C. `1 S!1 j0 e3 I! ~/ w) F% u$ I6 G5 J7 m* u
interface Ethernet09 m  M! `) Y8 Z% }  I
nameif outside
7 |, @) b4 e1 c% N, W) fsecurity-level 0
! B: ]% G8 H5 R* [# tip address 172.29.6.1 255.255.255.0
6 L; s3 Y7 v4 \( Z* V6 q5 W!
7 O% |: j$ @' X' O% q5 C+ ~interface Ethernet1
4 ^5 B; L# U+ j1 }* f7 @nameif inside$ f/ x6 H. _( b3 p2 B2 N
security-level 100  d$ G' k5 X2 H, R8 I) j
ip address 172.29.131.1 255.255.255.0
7 I* m& Z! K) Y9 A* i8 P!
/ k1 k6 _' d% s% H& Y' ~, H+ Fenable password 90RBsEWodTGO2XFL encrypted2 T( M# b2 G% D" L$ J1 }
passwd 2KFQnbNIdI.2KYOU encrypted* B" v( T+ D! b! t& Q3 a& S( s$ b
hostname pix
. X3 |' p' d5 v: U: Sftp mode passive7 P) j9 M7 C8 O" S9 r/ c
access-list nonat extended permit ip 172.29.131.0 255.255.255.0 10.1.1.0 255.255.255.0   c6 u8 O: y, C$ f* u; e1 i
access-list split standard permit 10.1.1.0 255.255.255.0
- L- E8 w6 N- l  E- }5 npager lines 24
6 ^3 H7 j) J* J) a/ mlogging console debugging
. N0 J5 A8 ~& y) F1 g9 M2 T+ z$ U: tmtu outside 1500
" M5 K& w- H3 s' Pmtu inside 1500
8 H& S* ~1 s% Z( Aip local pool testpool 10.1.1.1-10.1.1.150 d) m# g& }) ]* z2 z
no failover% i' l  g9 o# q5 M
monitor-interface outside1 D4 y; N4 x& P3 J3 [
monitor-interface inside
8 K9 e' s* y8 O4 O- X6 J) {8 L- Sno asdm history enable
# _: r' z3 I* z/ W' n- U# r/ harp timeout 14400
- S$ C( V8 V" ~, u! S% ?: y) a$ \nat (inside) 0 access-list nonat
5 T5 [, `9 Y! kroute outside 172.29.0.0 255.255.0.0 172.29.6.254 17 T8 N; V8 \( p; q' A
timeout xlate 3:00:00
+ e8 u9 m* A& ?# M  p/ ?$ P2 r, xtimeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:025 p- o! S9 s0 I# a
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00" @* C) P' U" m, p; {! Y9 X( M
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
  c  K% ?: @9 |4 E+ d6 v! o( Utimeout uauth 0:05:00 absolute
5 V$ S( n* ?/ h& J3 |group-policy test internal
6 e0 s# I7 m, I) l. o: _1 igroup-policy test attributes
( O, O0 |' h8 c8 A7 x( Rwins-server value 10.1.1.102* g( e' A: z6 U
dns-server value 10.1.1.100 10.1.1.101
/ R; `% u( V$ z5 ^1 J/ e) Isplit-tunnel-policy tunnelspecified2 d2 @1 d/ n" s' X. d7 B( g2 ~0 L
split-tunnel-network-list value split
% C0 r& N# C+ [9 z4 U: M4 Vusername peter password eiLX8yKuiZqgo6C8 encrypted
0 r$ l; @; n% u, E9 F) U* I& U' M! Qusername tcytech password HTEt2RXRBqicQQ2g encrypted  N" p" i) j# `2 S5 P
no snmp-server location2 i, z4 \& l2 {! K
no snmp-server contact
9 ^$ T: r' T" J3 i  Dsnmp-server enable traps snmp
6 S$ y, |0 ~8 [; Jcrypto ipsec transform-set test esp-aes esp-sha-hmac
0 W3 F% A) {- Ncrypto dynamic-map mymap 10 set transform-set test
+ h" a* T9 P% ?( f  Bcrypto map test 10 ipsec-isakmp dynamic mymap
; y' Y* {0 H0 w* Vcrypto map test interface outside& ]. x" X+ h2 C3 ^5 m
isakmp enable outside
: c) f- V8 G, Q, j( cisakmp policy 20 authentication pre-share
* C5 _+ L$ q5 i+ g, ?( sisakmp policy 20 encryption aes2 i4 Y$ |) X+ q
isakmp policy 20 hash sha+ r5 H. ]+ {( ]. I6 R( A  L5 {
isakmp policy 20 group 2
$ A7 p& L" z; e, Jisakmp policy 20 lifetime 3600
1 e$ ]. Q6 O. q; oisakmp policy 65535 authentication pre-share. M" m+ a3 x; O
isakmp policy 65535 encryption 3des
# p/ q" y2 W( \% ^- Kisakmp policy 65535 hash sha8 \1 C" J8 X" S
isakmp policy 65535 group 26 k$ Y$ a, U* _9 @: d# t2 L8 _$ Z
isakmp policy 65535 lifetime 86400
1 @' W# [  ^* _) @% `telnet timeout 5; A1 ]/ V7 h! u6 T3 O' p
ssh timeout 5
. e% ?4 X/ E$ t( ?7 @! ?! L. f2 Econsole timeout 0! n3 a0 n' ^/ b# k# K7 Z4 G1 Y! |
tunnel-group test type ipsec-ra
9 {' f4 P5 @6 k. b: \* Ftunnel-group test general-attributes2 D$ O: i# O* R! ~% q( D
address-pool testpool
% w' b# n& D) A; y- f/ Xdefault-group-policy test: u8 g1 d) a* |4 N1 }% b
tunnel-group test ipsec-attributes
& [9 f( Q8 j: epre-shared-key *: N5 h0 w% }) {/ V6 T
!- z2 E) o2 z& [5 H5 U
class-map inspection_default, u9 j: ]5 @* ]6 o: \( C1 A% x1 I
match default-inspection-traffic  F6 c; h, k; g3 E3 e9 I7 R. ]
!, ]: l1 n+ |9 q; b  K
!
( P/ y7 Y9 |7 u6 _& C" r" cpolicy-map global_policy
) x+ |0 r+ T1 N$ R+ \1 C' ~7 T- qclass inspection_default; E7 l1 t. Q2 m9 Z  h
inspect dns maximum-length 512
$ z1 l7 Q& a  ainspect ftp + m! L1 ?2 z: {$ v0 {4 s1 {
inspect h323 h225
' S  {4 h/ O0 i3 V! t3 }inspect h323 ras
3 H5 o+ M' `7 C7 X( Iinspect netbios
! P9 B3 ~3 }" w7 |3 y) X. jinspect rsh . p' |% Q) V: H1 l, L
inspect rtsp
* g; S. O/ k6 h. Oinspect skinny * N* X: a5 M3 R; b& z+ y- p
inspect esmtp
, B2 ^8 k0 v4 \/ Finspect sqlnet ; l. u6 D/ K! N; G
inspect sunrpc 8 |6 m1 t' e* [! _8 s7 ]( L
inspect tftp : \6 B4 v4 g1 {8 I) T( u& z! p
inspect sip 9 ?9 P0 \, p+ T( T. C/ Z
inspect xdmcp
5 u7 a+ x9 q( y9 ?9 ]! M5 t5 T6 }1 C' j9 c! r" A
http://www.hrbnt.cn/cisco/article.asp?id=1842                                                                                                                viewpost.gif 谢谢你!我真的很想给你奖分~~需要结合class-map policy-map 和service-map三者结合完成,大家看最后几段命令模仿就行了~~谢谢你哦!
回复 支持 反对

举报

cool-co [Lv8 技术精悍] 发表于 2013-11-6 15:19:16 | 显示全部楼层
过来看看的,感谢攻城狮论坛
回复 支持 反对

举报

jywjh [Lv8 技术精悍] 发表于 2013-11-8 13:52:18 | 显示全部楼层
看帖回帖是美德!:lol
回复 支持 反对

举报

dzd007 [Lv8 技术精悍] 发表于 2013-11-8 23:48:50 | 显示全部楼层
看帖回帖是美德!:lol
回复 支持 反对

举报

wwwsinakok [Lv8 技术精悍] 发表于 2013-11-10 12:14:34 | 显示全部楼层
谢谢楼主,共同发展
回复 支持 反对

举报

萤火虫 [Lv8 技术精悍] 发表于 2013-11-10 21:48:54 | 显示全部楼层
沙发!沙发!
回复 支持 反对

举报

您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

QQ|无图浏览|手机版|网站地图|攻城狮论坛

GMT+8, 2025-7-9 19:15 , Processed in 0.126489 second(s), 16 queries , Gzip On, MemCache On.

Powered by Discuz! X3.4 © 2001-2013 Comsenz Inc.

Designed by ARTERY.cn