本站已运行 15年10天19小时48分25秒

攻城狮论坛

作者: NewComer
查看: 1975|回复: 24

主题标签Tag

more +今日重磅推荐Recommend No.1

所有IT类厂商认证考试题库下载所有IT类厂商认证考试题库下载

more +随机图赏Gallery

【新盟教育】2023最新华为HCIA全套视频合集【网工基础全覆盖】---国sir公开课合集【新盟教育】2023最新华为HCIA全套视频合集【网工基础全覆盖】---国sir公开课合集
【新盟教育】网工小白必看的!2023最新版华为认证HCIA Datacom零基础全套实战课【新盟教育】网工小白必看的!2023最新版华为认证HCIA Datacom零基础全套实战课
原创_超融合自动化运维工具cvTools原创_超融合自动化运维工具cvTools
重量级~~30多套JAVA就业班全套 视频教程(请尽快下载,链接失效后不补)重量级~~30多套JAVA就业班全套 视频教程(请尽快下载,链接失效后不补)
链接已失效【超过几百G】EVE 国内和国外镜像 全有了 百度群分享链接已失效【超过几百G】EVE 国内和国外镜像 全有了 百度群分享
某linux大佬,积累多年的电子书(约300本)某linux大佬,积累多年的电子书(约300本)
乾颐堂现任明教教主Python完整版乾颐堂现任明教教主Python完整版
乾颐堂 教主技术进化论 2018-2019年 最新31-50期合集视频(各种最新技术杂谈视频)乾颐堂 教主技术进化论 2018-2019年 最新31-50期合集视频(各种最新技术杂谈视频)
Python学习视频 0起点视频 入门到项目实战篇 Python3.5.2视频教程 共847集 能学102天Python学习视频 0起点视频 入门到项目实战篇 Python3.5.2视频教程 共847集 能学102天
约21套Python视频合集 核心基础视频教程(共310G,已压缩)约21套Python视频合集 核心基础视频教程(共310G,已压缩)
最新20180811录制 IT爱好者-清风羽毛 - 网络安全IPSec VPN实验指南视频教程最新20180811录制 IT爱好者-清风羽毛 - 网络安全IPSec VPN实验指南视频教程
最新20180807录制EVE开机自启动虚拟路由器并桥接物理网卡充当思科路由器最新20180807录制EVE开机自启动虚拟路由器并桥接物理网卡充当思科路由器

[安全] 请问如何配置ASA5510才能让外面的电脑拨入内网的VPN服务器

  [复制链接]
查看: 1975|回复: 24
开通VIP 免金币+免回帖+批量下载+无广告
内网一台SERVER2008服务器作为VPN服务器,通过ASA5510的PAT上网,怎么配置能够让外面的设备通过PPTP拨号连接上VPN?
5 K+ c" X9 s0 c+ \! Q1 `2 F" J- h& k6 }: B, j, ~0 c4 j
这个是我现在的基本配置
, }3 s; N. U0 A: m
: j$ {# Y9 B% O% e! rinterface Ethernet0/0
0 c! {% T, |6 s2 S% F6 h nameif WAN
0 m3 I0 b) L4 O" _) R0 u; f; p4 J security-level 00 m+ T5 _4 `% ^6 T
ip address a.a.a.a 255.255.255.252 ! _0 d+ \$ l# Y: ]: Z
!, a+ L* M/ j$ q9 s( V
interface Ethernet0/1* W  D% y4 F+ }. k/ a
nameif LAN
3 a5 `) ?1 s- g5 H! z/ H1 J security-level 100/ C) y- Q1 C6 u6 o4 ?7 Z2 h9 S% Z
ip address 172.16.0.99 255.255.255.0
" `$ U  f% |* R7 x' i+ u( n7 q) T!
; k: |8 k4 p$ b9 t% ]7 `7 ninterface Management0/02 P3 u+ X, T: z1 U
nameif management
8 |1 Y- a$ Z) F6 E! I* G security-level 100
5 V1 n; X/ e. R6 s* Y! L ip address 192.168.1.1 255.255.255.0   Q; y% i$ K# d# h2 ?  s9 d
management-only
" }: C1 S& B( P! r/ {/ A# G! 8 p& ~2 `7 N- ]# T8 Z" w! v& W9 w
! 6 |! @  ~5 A- _  k! s7 q
time-range test$ Y. U$ y5 ]/ P9 r- W; O
absolute start 08:43 11 March 2010 end 08:43 11 March 20111 e( \; s! E$ T$ v$ W) n7 j" u
periodic daily 0:00 to 23:59
+ R7 \$ S& A( `, W2 }5 N: a2 g! / a7 d! G- w2 a  s- C+ N( N4 j  V
ftp mode passive2 }6 x) `/ ]: c9 a9 z& _
clock timezone CST 80 J0 t$ ^9 i/ D  g
access-list icmp_in extended permit ip any any
1 ~$ y: i# D+ P- H! @# e: aaccess-list LAN_pnat_outbound extended permit ip any any
' E+ X' I" g# X) _9 qaccess-list LAN_access_in extended permit ip any any
1 x+ C, H: n% K: v0 Y2 Zaccess-list WAN_access_in extended permit ip any any 9 g9 g8 {$ t# [4 G! b9 a- T
access-list lan_in extended permit ip any any
! o! B+ y( Q9 t. F!
& k0 a4 G* H: h" \0 @pager lines 24
/ u! n& K7 v: O9 G) W2 clogging asdm informational! ~6 y( c4 \1 h% [5 P  n% p: ^" D! W
mtu WAN 1500 + B. f6 ?# N$ \: N8 n
mtu LAN 1500 3 I/ o; d4 @2 Q# \; ^' d/ M! F- w- _
mtu management 1500
8 ^; p8 ?2 T2 ]) f9 E% [  _! ]mtu test 1500 % Q" E& O* ?  x- H3 F+ W
asdm image disk0:/asdm-508.bin0 T( H& v  E& N9 U, P" k9 Q
no asdm history enable  D+ C. C' U7 M/ p( S/ \
arp timeout 14400
2 d" w5 c% ?6 X5 b  dnat-control * o, w5 S. C, C
global (WAN) 1 interface- U% D4 _% K. G7 g& `# Z
nat (LAN) 1 172.16.0.0 255.255.255.0
0 S! W7 Q# ?$ y+ D# \access-group icmp_in in interface WAN
( L) D0 a8 M! G2 x  [access-group lan_in in interface LAN
3 g! T- d" p5 U+ Z! x" Kroute WAN 0.0.0.0 0.0.0.0 b.b.b.b
CCNA考试 官方正规报名 仅需1500元
回复 论坛版权

举报

lytheme [Lv4 初露锋芒] 发表于 2013-7-2 15:09:36 | 显示全部楼层
inspect pptp
回复 支持 反对

举报

whalejiangm [Lv5 不断成长] 发表于 2013-7-2 15:56:29 | 显示全部楼层
引用:                                                                                                                                作者: tomtangjh                                        viewpost.gif                                                                                                                                                                 inspect pptp                                                                                                                请问我在哪个命令下输入这个命令?
回复 支持 反对

举报

明月星空 [Lv5 不断成长] 发表于 2013-7-2 18:24:57 | 显示全部楼层
不是一条两条命令的问题' }' H5 c% r: i5 z% K+ Y
. z/ m' ~* j; u$ k, T: J! b. D
参考, t0 w4 q# d7 X( j$ ?

- j; Q; P5 |  LPIX Version 7.0(1) 1 l! H% h) r. S
names
, C1 _7 ?" m- \!# S0 v6 [3 K' z* i
interface Ethernet0+ K! O% T# t6 V4 z7 D% @- E7 r
nameif outside8 F+ ^! k5 n8 `8 f, P$ B! G
security-level 0
+ m4 {6 t# K0 H$ xip address 172.29.6.1 255.255.255.0
" d- n! q8 G# T6 E* o* Q!
7 B2 h# ^; P- N$ q( Kinterface Ethernet1
& S& `( K3 J' g) z) inameif inside5 V( n) P0 k# T" w1 U' u+ f
security-level 100
5 y2 K; D  l  M! r* d) l% `ip address 172.29.131.1 255.255.255.0 0 }% O" X# h4 g! o( C' k& l7 J
!* Y& _* m( v: W: ]' \+ |
enable password 90RBsEWodTGO2XFL encrypted
% W0 f$ R( n3 m/ Z5 j! o% Cpasswd 2KFQnbNIdI.2KYOU encrypted
& |8 q9 h: {; x0 P( zhostname pix
( c0 m' D5 h5 j6 Gftp mode passive
, w0 g: W" W2 [" Y0 Zaccess-list nonat extended permit ip 172.29.131.0 255.255.255.0 10.1.1.0 255.255.255.0 / r$ p6 Z' B0 B5 Z4 z8 T
access-list split standard permit 10.1.1.0 255.255.255.0 $ w: X4 t/ j' n: s7 {
pager lines 24
3 A9 K5 N. d6 X: v+ O! R3 S7 N4 ~) wlogging console debugging" x& i5 A* B7 c( R% ^9 X4 L
mtu outside 1500
, X& P4 D# }9 w$ O5 Nmtu inside 1500" a! n& z# v% ~& ~& u
ip local pool testpool 10.1.1.1-10.1.1.15
/ x8 d' [: @: mno failover+ K8 \# w6 E1 ?9 b: T  v
monitor-interface outside3 p$ l) Z/ s7 g4 `0 }% ~* G$ H
monitor-interface inside
" T  M. g' N3 l8 c- vno asdm history enable; F! ^! i+ o* |7 f# B$ C9 U
arp timeout 14400, {7 C, l6 C% {# }: m
nat (inside) 0 access-list nonat3 L3 F9 v: {. Y) j6 S  W
route outside 172.29.0.0 255.255.0.0 172.29.6.254 1
" P  u! A9 F* f2 {! atimeout xlate 3:00:00
7 w0 \1 ~" I/ Q7 N4 ]2 {7 jtimeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
4 E6 b0 n0 u7 c8 utimeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:003 y4 `4 O: Y& f6 ], y
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00' F5 L3 O8 L* L- I
timeout uauth 0:05:00 absolute
! g$ H# T& a% d* g/ Sgroup-policy test internal
6 F4 k' d) I. K6 ~1 M) i& E" Ygroup-policy test attributes
: T6 j3 E5 ?  {$ e0 R- [" L: Uwins-server value 10.1.1.102% f+ ]8 g; M( I% H" k' H
dns-server value 10.1.1.100 10.1.1.101: T+ L9 g2 ?# [: K0 Y% G
split-tunnel-policy tunnelspecified
! X( X+ F! W8 t0 T; bsplit-tunnel-network-list value split
& ~' ?0 J0 ]2 W% ausername peter password eiLX8yKuiZqgo6C8 encrypted- R, H4 w2 w$ g' g# y3 a
username tcytech password HTEt2RXRBqicQQ2g encrypted# x, c* G4 G6 J7 g: ~
no snmp-server location
" K* D7 q0 @( y! q  y. n+ Lno snmp-server contact6 }7 q$ f2 `# s  t
snmp-server enable traps snmp
- }( l% Z) Z! a. {  _crypto ipsec transform-set test esp-aes esp-sha-hmac / a5 ^- O" b9 w7 \4 z# e
crypto dynamic-map mymap 10 set transform-set test
7 M1 G; n. L) [) N: w. [crypto map test 10 ipsec-isakmp dynamic mymap) l' g3 Y, k- \$ Q: V
crypto map test interface outside  d% ^3 _  a& H/ c$ k
isakmp enable outside
/ q! V/ J5 R4 ?* z5 qisakmp policy 20 authentication pre-share
! r- E4 @- n/ R1 ]) X; R9 Zisakmp policy 20 encryption aes" e+ i2 M; j+ T* E8 F
isakmp policy 20 hash sha
- P) N8 R- s3 p9 lisakmp policy 20 group 2
/ ]  Z: q2 ^+ c  x/ |, Risakmp policy 20 lifetime 3600
- z2 y/ I; p0 {' f% R9 T5 R* Nisakmp policy 65535 authentication pre-share& a* x! j, ^) X1 ~# b& c3 X9 p
isakmp policy 65535 encryption 3des
& Y/ y- E' I  a) ?isakmp policy 65535 hash sha
& z7 a$ r! A. g" C) O% K/ n/ fisakmp policy 65535 group 2
( y* j  @+ H' G0 u) ]0 Zisakmp policy 65535 lifetime 86400
6 J3 f& o9 r( A( W5 _) t: ctelnet timeout 56 I& m1 u6 r4 h' e# N
ssh timeout 5
+ \2 y% S" k; N( t: s0 \console timeout 0
0 h# T+ T; d3 G2 s9 D" z! }6 X% E$ g& itunnel-group test type ipsec-ra6 M& X. k$ [- ~) \% I7 n- ^4 t
tunnel-group test general-attributes
4 P) C( S6 X7 y$ g: P% N9 H. I' i2 ]address-pool testpool
( h3 ^3 f4 ~' `$ t, R; b% z( Y* u4 Mdefault-group-policy test2 t0 r9 A# ~* O7 r; y& v
tunnel-group test ipsec-attributes1 p# \4 b( H4 _1 p8 l* u
pre-shared-key *4 `( B! K4 D" y. h( A  K" K' @
!
  a* A, [2 _# m" x& Xclass-map inspection_default( L2 H) D4 g: `0 s
match default-inspection-traffic
4 K2 l: N( ^: e" w+ e!( ~' p( ^0 b" F
!! s7 @9 `- K, P' z
policy-map global_policy2 L8 W! }$ \7 p9 }; @7 b* ]
class inspection_default1 [  `5 C0 ]6 Z6 e
inspect dns maximum-length 512
6 l' p! ~: e! O6 tinspect ftp 8 M$ B/ c) C! }
inspect h323 h225 " C% k8 O1 r4 s9 t+ H
inspect h323 ras
* G& ^) Z9 q, S+ J6 u$ w! y, cinspect netbios 5 L6 W. _# g# Y9 q# M/ I. c
inspect rsh . N2 u2 |& p7 r1 M9 V5 B1 W" t
inspect rtsp 7 y, L' R& I/ d1 g' }0 X
inspect skinny
1 [& a1 c8 g4 Pinspect esmtp * y" ~* y0 W% B. ^. z+ M  c+ E2 V
inspect sqlnet
! Y0 y* f- D- k1 b7 A9 S1 _* d7 Ainspect sunrpc
  L: R! K7 c- r) z. q& y3 @inspect tftp + S' g6 J5 Z* {. _0 k* F
inspect sip ; e( F* h1 `7 y( |, m
inspect xdmcp ! z# K" ^+ a0 Y8 k& L6 Z: T
7 J; m9 F. f7 Y) s6 a7 V
http://www.hrbnt.cn/cisco/article.asp?id=1842
回复 支持 反对

举报

tell [Lv4 初露锋芒] 发表于 2013-7-2 22:59:14 | 显示全部楼层
引用:                                                                                                                                作者: ゞ懒虫ゞ                                        viewpost.gif                                                                                                                                                                 不是一条两条命令的问题, z" o$ M9 A  r
( p; j  |$ m' ~6 e
参考* a4 N  z6 D0 o6 ^6 x

2 F, y. S' U+ FPIX Version 7.0(1)
# n$ c7 N* u5 _# z; unames
$ v1 @% U$ a- Z+ J" u5 T7 |!
* x$ Y" M5 _# i% Jinterface Ethernet0
! r/ G% b0 ?, A. x0 U7 H3 W7 k  lnameif outside
+ S" L4 x# o) C2 U: m- Esecurity-level 09 h- i( R9 P, l- J0 s9 ~
ip address 172.29.6.1 255.255.255.0
2 D. \- I& Y5 ]$ U' w: ]$ Y) {!
4 \0 F2 W" J$ U% B, Jinterface Ethernet1
2 B. o6 z+ _  m3 k0 _nameif inside
' m* b+ _* g! U0 l7 ]% G3 usecurity-level 1001 I4 I0 Y& v/ x& l# I4 c
ip address 172.29.131.1 255.255.255.0 . q- z5 a9 \, N/ l( q' ]
!
, |# a* ^+ \2 c( ^) c, Lenable password 90RBsEWodTGO2XFL encrypted" w8 e8 w3 U9 u" f9 }% a2 u
passwd 2KFQnbNIdI.2KYOU encrypted
; R7 P& r) _' N$ n. E" L2 ahostname pix
* g+ t( ?7 g! R: q  [' cftp mode passive
/ S5 L! z; C' D1 J, kaccess-list nonat extended permit ip 172.29.131.0 255.255.255.0 10.1.1.0 255.255.255.0
( f% Y- K$ Q8 ~0 Zaccess-list split standard permit 10.1.1.0 255.255.255.0   j+ Z, v7 U3 o+ \& l
pager lines 24
6 B7 |/ l9 d' W: u1 [/ Nlogging console debugging
3 W3 K; k1 _5 ~- P; q$ \mtu outside 1500% K9 w0 f  E+ S: s
mtu inside 1500
+ U3 |4 H: e: ^  N3 Yip local pool testpool 10.1.1.1-10.1.1.15# x8 P  R# F. [" j8 x! j
no failover
1 s1 N& L1 v0 H! l  omonitor-interface outside
5 l* d! y$ w+ A8 zmonitor-interface inside
" }+ @; _$ x% \# x8 f$ T  Yno asdm history enable0 ]4 i" q4 Y; Q  L8 r
arp timeout 14400
" b9 R) I8 [  y/ H8 _" ~( ?2 anat (inside) 0 access-list nonat7 B# `' R) |3 s& `: E0 e( i
route outside 172.29.0.0 255.255.0.0 172.29.6.254 1
, x/ V- n% W, f9 rtimeout xlate 3:00:00& ]- r, P1 t+ z, D9 Z# d8 R
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02: V: [* l) b! J) {5 j% u4 Z& H
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00& |. r9 I) B; C6 }; }; G$ a
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00. e' O% g2 z6 T. g) R, K
timeout uauth 0:05:00 absolute
: n) C; J' x% P! G! wgroup-policy test internal& Y+ k% p% q1 g0 b/ l( [  m! i
group-policy test attributes5 c# K& V8 R5 j. {
wins-server value 10.1.1.102
/ b3 v9 j( f; ]0 ?/ L0 @dns-server value 10.1.1.100 10.1.1.101
$ N- }; `0 l- E! ^- m- ^- _8 ^split-tunnel-policy tunnelspecified
- G. ]* O+ @6 h) P( U" Zsplit-tunnel-network-list value split
2 ?8 B. u; y) O& K1 U+ E1 husername peter password eiLX8yKuiZqgo6C8 encrypted$ w% V  \2 k: W/ Q8 C
username tcytech password HTEt2RXRBqicQQ2g encrypted
4 ?6 F4 x1 J8 p9 Rno snmp-server location
4 u: b3 N7 b2 l1 T3 R6 Uno snmp-server contact
! d4 H4 V' N. E* t0 r" ~  tsnmp-server enable traps snmp
' h8 K7 W# X8 X# ]# r# S( z8 n9 _crypto ipsec transform-set test esp-aes esp-sha-hmac % P, ^7 o! L5 Z* f. i
crypto dynamic-map mymap 10 set transform-set test0 |) W6 Z& D# Q& s* {
crypto map test 10 ipsec-isakmp dynamic mymap
9 W; |1 E* L, X6 q3 Y  [# ocrypto map test interface outside' b. y0 z3 z2 b& D( c
isakmp enable outside! q5 r2 u* [/ T2 v9 V
isakmp policy 20 authentication pre-share
' o* x: b, P  \& c/ d8 x* yisakmp policy 20 encryption aes; O$ ]% ~( K, ^5 T4 o5 t7 L
isakmp policy 20 hash sha
. I: A8 s+ @2 n7 u  r: P5 Tisakmp policy 20 group 2( C% G0 }$ Y: W2 t6 J
isakmp policy 20 lifetime 3600- H9 ^$ O: ]" w/ E
isakmp policy 65535 authentication pre-share
( k/ V/ E; @& I* ~! ~isakmp policy 65535 encryption 3des
$ U2 q( j; V1 D' Z2 q! ?0 m# jisakmp policy 65535 hash sha' s6 X: w$ C/ h- G& L' u- G& ?; ]
isakmp policy 65535 group 22 o6 n7 {' {/ K$ K  h) O
isakmp policy 65535 lifetime 86400* s4 h+ j: }& s+ W, H* @
telnet timeout 5$ \0 ?. M8 F4 f7 I- j
ssh timeout 51 a' j- ~  @& P$ o
console timeout 0! ^' V* H$ Z8 X' I) J8 u
tunnel-group test type ipsec-ra
. F; n- D/ q7 T: Atunnel-group test general-attributes6 P5 A; O% c2 z: h+ S# ~3 n, l
address-pool testpool
8 a' b, P+ R, _5 mdefault-group-policy test3 W5 Q& \% {$ i9 L3 X! W2 m( a
tunnel-group test ipsec-attributes
7 P& N+ x0 L* r3 o  L8 Q- p+ Mpre-shared-key *' |# H5 K9 K( d
!- |4 i' ~# I& _, b- K  S0 C( f/ Y
class-map inspection_default* t( o7 k$ x1 J8 H
match default-inspection-traffic
& o! U& j! h' m6 l9 w. t  y!5 p" ~. |; U! U3 t- Z# U$ A' Q. |
!3 s0 D6 }: y" K( O
policy-map global_policy
7 g& x+ t7 n) [class inspection_default: A* d6 w! w$ d. h# W  P
inspect dns maximum-length 512 % P/ q1 l  w0 d& H- e5 g
inspect ftp ( A: B1 e' ]9 m* z
inspect h323 h225 " K* t  ?0 k) u# n
inspect h323 ras
" e) Z1 ]' z  \0 Pinspect netbios 0 x8 w3 W/ s+ z" @
inspect rsh ) t- C! r- p7 ?1 }
inspect rtsp
6 j5 A* c! \+ U+ O2 i, z# rinspect skinny ( z2 R+ n) m/ t8 ]8 _  }6 [
inspect esmtp 9 s& \  @% R3 H! e8 I! h7 d
inspect sqlnet
: z$ `- D0 U/ v0 {inspect sunrpc
6 \. q! f8 i4 r" m/ E! S0 ~inspect tftp / [1 @1 t& x' G) `  d! I0 d
inspect sip 1 X) L: Y" o0 w) z% s$ Q. l
inspect xdmcp
( l" t4 j$ `0 O; m' X
5 M. k3 M4 A7 s" s$ Chttp://www.hrbnt.cn/cisco/article.asp?id=1842                                                                                                                viewpost.gif 谢谢你!我真的很想给你奖分~~需要结合class-map policy-map 和service-map三者结合完成,大家看最后几段命令模仿就行了~~谢谢你哦!
回复 支持 反对

举报

cool-co [Lv8 技术精悍] 发表于 2013-11-6 15:19:16 | 显示全部楼层
过来看看的,感谢攻城狮论坛
回复 支持 反对

举报

jywjh [Lv8 技术精悍] 发表于 2013-11-8 13:52:18 | 显示全部楼层
看帖回帖是美德!:lol
回复 支持 反对

举报

dzd007 [Lv8 技术精悍] 发表于 2013-11-8 23:48:50 | 显示全部楼层
看帖回帖是美德!:lol
回复 支持 反对

举报

wwwsinakok [Lv8 技术精悍] 发表于 2013-11-10 12:14:34 | 显示全部楼层
谢谢楼主,共同发展
回复 支持 反对

举报

萤火虫 [Lv8 技术精悍] 发表于 2013-11-10 21:48:54 | 显示全部楼层
沙发!沙发!
回复 支持 反对

举报

您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

QQ|无图浏览|手机版|网站地图|攻城狮论坛

GMT+8, 2025-7-26 19:44 , Processed in 0.115642 second(s), 18 queries , Gzip On, MemCache On.

Powered by Discuz! X3.4 © 2001-2013 Comsenz Inc.

Designed by ARTERY.cn