大家好,请教一下,我这边用cisco 5505 配置了一个vpn 然后现在发现,使用client能正常拨入公司网络,但是客户机不能上互联网了,不晓得是什么原因,谢谢大家啦!配置如下
! o6 Z1 E1 c* W6 `! D4 Q
7 Z$ [. S* S3 ]$ ?/ UASA5505# sho run
& L8 l9 p; r, `+ y4 `) ~9 t: Saved- M$ }' K+ X* E- a% D
:
" l9 x7 l1 s. D+ ?( WASA Version 8.2(1)
W( ~) V, H5 r8 a4 d: o!
* ^' A5 f& e- `! [hostname ASA5505
: w. v* F5 @! [) q0 Yenable password u2sZfN.nFilnS5wX encrypted+ ?" z7 y/ U2 n4 G7 P3 M
passwd u2sZfN.nFilnS5wX encrypted
* U3 m+ @, D6 jnames: J9 z+ ^$ x" ]! k: s
!: i& |3 Q% ?) F
interface Vlan1
8 V [$ a8 G. a+ X: Y$ L" t7 A3 l5 u+ _) n nameif inside& j* p2 Z/ H4 |% f, B
security-level 100
z* R' i) i$ K ip address 192.168.1.1 255.255.255.0/ l% J$ y' [. H7 L& C1 B
!
$ s9 C, u2 Q# L) {& B, @interface Vlan2: X% t. u3 Y! I' Z$ D( o# \8 h
nameif outside# W8 E2 b6 s# Y. z
security-level 0
- O& z- G8 L1 f3 j0 U5 H1 h5 D ip address 211.99.9.246 255.255.255.128% Q% T! N9 d8 X$ Y* G/ a% ?' I
!' t3 w9 w# ?$ H) T" H, I; w
interface Ethernet0/0" C" I, ~3 W0 m
switchport access vlan 2% O5 i/ W+ m. |) r S
!. J' _+ ^( i. D6 F, w! ^
interface Ethernet0/1
- x1 z0 M& q' o( K* E/ c- ]) e; _! t: w! O' o3 L5 W# Y' j
interface Ethernet0/2
3 a( [5 `+ `. @1 q!, `. q3 }' }7 B8 B: S$ ~
interface Ethernet0/3+ k& d$ _$ N# `0 G" d
!0 M+ _6 e( K' e1 j L! U
interface Ethernet0/40 l( u9 K+ b! @1 [& ^
!' t" i# H" T) l7 [# a
interface Ethernet0/57 o' F6 a- x: o! @& X
!. `: y% R1 U6 ^) |% K3 H
interface Ethernet0/6
, A# @/ m+ U6 d8 |!
9 ]7 ~; S6 r& \6 _. \interface Ethernet0/7
5 \0 i: e+ E# ?+ ^4 o!
4 N# R4 ^1 {2 R3 w( G# vftp mode passive
7 X/ ]$ b9 u( i! Oclock timezone CST 8
1 [% [( n3 S* }1 }3 Daccess-list no-nat extended permit ip 192.168.1.0 255.255.255.0 192.168.1.0 255.255.255.09 I1 x2 ^7 F7 m( t, `4 @6 E
access-list per_icmp extended permit icmp any any- @3 L; k3 _, s! u" H) {
access-list 100 extended permit tcp any host 211.99.9.246 eq smtp5 j' v0 |' h/ J- a( t7 l; e. B
access-list 100 extended permit tcp any host 211.99.9.246 eq pop32 }. F' T- I3 M) ~1 h) e
pager lines 24
' h' Y0 w1 U9 L1 ]' m" f, Rlogging asdm informational
3 D; }( B# y; {% K7 o$ [mtu inside 1500
: R1 z/ v2 ]2 [& [mtu outside 1500 V0 a0 X! C1 F9 x
ip local pool VPNpool 192.168.1.100-192.168.1.200
+ t( _( l: L- p0 C9 v7 eicmp unreachable rate-limit 1 burst-size 1
* I3 R* t1 p9 s. w' w- l) _no asdm history enable
) v/ \( l$ ~) w) {arp timeout 14400' ?* b' ^1 Q# P: Z, [
global (outside) 1 interface
; [' j) |3 M5 `8 v& E) H2 M0 Wnat (inside) 0 access-list no-nat
6 {7 ?; y- Q0 _$ w/ K( [6 f! xnat (inside) 1 0.0.0.0 0.0.0.0
8 }% x9 E& b' Q+ P$ C% B! ostatic (inside,outside) tcp interface smtp 192.168.1.88 smtp netmask 255.255.255.255
F/ U$ z. H* xstatic (inside,outside) tcp interface pop3 192.168.1.88 pop3 netmask 255.255.255.255; D0 k/ R& [, N
access-group 100 in interface outside
`) m- A* @) {" n. N; Iroute outside 0.0.0.0 0.0.0.0 211.99.9.129 12 B: t; ^( X- L3 M. {, n- u
timeout xlate 3:00:00! c/ B4 a* |' Z q, o1 ^7 Q# K/ i
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02" N& r8 e9 z4 F( f
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
9 {) B4 g+ q1 P/ G% ytimeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00! L# {* g: {3 L& J" n+ y9 ]
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
, Z! [: j( A1 `- I4 Xtimeout tcp-proxy-reassembly 0:01:00' t! h( k, q4 X ^4 ]9 P
dynamic-access-policy-record DfltAccessPolicy
9 W5 }9 h4 @. u0 u5 J1 Q/ |& B, whttp server enable7 x* O* [' a. {
http 192.168.1.0 255.255.255.0 inside% t: w5 _2 s, V0 P! \: m* G6 m
no snmp-server location' }) I: h2 _0 Q N y& t# ^
no snmp-server contact4 }: Y% r2 e- p* g
snmp-server enable traps snmp authentication linkup linkdown coldstart
5 B7 w3 [3 f/ w% C! ]% hcrypto ipsec transform-set TranSet esp-3des esp-md5-hmac
- @9 L' r$ g+ A1 Ocrypto ipsec security-association lifetime seconds 28800& r( p4 Q ?% X& M
crypto ipsec security-association lifetime kilobytes 4608000) u, ~5 c2 I0 _. v
crypto dynamic-map dyn1 1 set transform-set TranSet: M# K7 [+ K, s; e% S8 K
crypto dynamic-map dyn1 1 set reverse-route
) g2 V, k$ o; w, B0 d1 A pcrypto map mymap 1 ipsec-isakmp dynamic dyn1
2 p) }8 C+ H# J" O {4 Lcrypto map mymap interface outside7 F; q9 I' u2 o: N
crypto isakmp enable outside
* ?) O: Q5 \4 h7 Ocrypto isakmp policy 1
) T$ O" u7 J0 S, [: d; Q authentication pre-share
+ }- A, u3 e m! P encryption 3des
3 T! J4 w7 S3 w! [ hash sha
3 C T3 L# B" ?7 T. o group 2
5 @, T5 _0 z' ]9 w h' j# q! I lifetime 43200& d4 w6 M( W( g- ?8 x! t ^
telnet 0.0.0.0 0.0.0.0 inside D! \) K1 e2 T5 \% p
telnet timeout 5. _+ X3 a# A$ T
ssh 0.0.0.0 0.0.0.0 inside8 c! I4 g5 S! G; D& ~
ssh 0.0.0.0 0.0.0.0 outside
# P6 Q# q& `2 x' W9 r2 cssh timeout 5# `+ c' o- L9 I
console timeout 0* j, R8 m o4 E/ Q1 J) N- j$ N
dhcpd dns 202.106.0.20 219.141.136.109 t c9 `* F& u, O: F- g
dhcpd auto_config outside
9 o; V9 e- L: o* ?!
, a& B2 g8 e: J: @% p- a7 Jdhcpd address 192.168.1.2-192.168.1.99 inside/ d o' Q% Q5 f- ?
dhcpd enable inside
% c$ p6 ^) z! M!$ D, u7 u' e" G! S1 L* I2 U
+ Z- Z5 U* Z$ B; s0 Othreat-detection basic-threat% T3 ^8 @* `7 }: ]9 d4 K
threat-detection statistics access-list
( p* U. _$ Z- p- ^no threat-detection statistics tcp-intercept
" k4 o6 m& K* }. @% h/ \2 S# Kwebvpn+ z1 u; R+ r1 {/ O+ a9 g' K7 Y7 E
username yinbin.wei password LP.6xEmPfbaW7vOU encrypted. Z: S6 ~$ A) X% K7 \2 q7 R; C
username xin.meng password 4K/R640Cy6rniQN. encrypted
' y: w2 b( U: J8 k4 ?6 Uusername duo.xu password jszrg6J8Qyz5TQUg encrypted
( ~1 G- E2 t2 h8 u, X5 W7 ~username xin.zhou password LcbaOY75jxbi4Obb encrypted
' O5 `/ H2 l5 y4 Busername guang.chen password cPWFSFk6L7Nfp4nu encrypted
' F- o, Z o9 dusername jia.you password 0lK2vtU4iyd4rxfz encrypted
9 j6 c1 F2 \- P, h* U4 _username michael.bo password lB/q1rJle4e8d991 encrypted
+ p6 `- X$ S$ V: c6 d. C! Susername yanxiu.li password GiF7Q.vqfUR5bO8I encrypted
0 R) ?. S8 e: K/ cusername dolby password SfEkTLTdhMmZJ2NB encrypted
) ?2 L4 r- U+ N8 m( E$ Nusername xuefeng.wang password ciMb/gpmtn/o1k.e encrypted
) P2 H1 p- ~( j: v" iusername ygds password L7lB8F6PS7TdgCHU encrypted# ?+ W+ ]8 g+ b: W
tunnel-group VPNgroup type remote-access7 S# J: d, m3 a4 c
tunnel-group VPNgroup general-attributes
( X+ j4 e7 l" _3 H* ? address-pool VPNpool
2 y$ Q/ ^' h0 L% o! O- N7 f, n6 Stunnel-group VPNgroup ipsec-attributes: P' F* R4 P! [/ }/ m
pre-shared-key *; m0 J1 f8 |* d! {3 w
!) L* S: m- _. S/ Q1 j, p# b
!
# n/ V+ d! M% Y+ Z* J j5 c( |prompt hostname context
/ O4 p) T T5 l* x( {Cryptochecksum:216114785cc29d8b1fcd28edbc171aab
, u9 O4 x) N: P9 g" l5 A+ v: end0 q3 L, A) D" `' t7 z0 q
ASA5505# |
|
所有IT类厂商认证考试题库下载
【新盟教育】2023最新华为HCIA全套视频合集【网工基础全覆盖】---国sir公开课合集
【新盟教育】网工小白必看的!2023最新版华为认证HCIA Datacom零基础全套实战课
原创_超融合自动化运维工具cvTools
重量级~~30多套JAVA就业班全套 视频教程(请尽快下载,链接失效后不补)
链接已失效【超过几百G】EVE 国内和国外镜像 全有了 百度群分享
某linux大佬,积累多年的电子书(约300本)
乾颐堂现任明教教主Python完整版
乾颐堂 教主技术进化论 2018-2019年 最新31-50期合集视频(各种最新技术杂谈视频)
Python学习视频 0起点视频 入门到项目实战篇 Python3.5.2视频教程 共847集 能学102天
约21套Python视频合集 核心基础视频教程(共310G,已压缩)
最新20180811录制 IT爱好者-清风羽毛 - 网络安全IPSec VPN实验指南视频教程
最新20180807录制EVE开机自启动虚拟路由器并桥接物理网卡充当思科路由器
[复制链接]
