总公司与分公司要做站点VPN,两边设备都是CISCO ASA 5510,现做站点VPN已经连接上了,但内网ip无法PING通,也无法连接,第一次配置ASA,求各位大大帮帮忙!
/ l% Q. ~$ a1 C( J总公司配置文件如下:
. p. g/ q. T) L( O" H/ ^# aASA Version 8.3(2)
0 I& n5 m& ]: A* O; c!
6 {/ u! n& G6 \) j5 o! ahostname ciscoasa3 r# r3 ^# E" |, e1 K4 G6 R
enable password WLg4yr1XK2KDxYf5 encrypted
2 Q) d4 O2 r; u( F6 ~& xpasswd 2KFQnbNIdI.2KYOU encrypted
9 c" F, x( d% j' ~names l$ q5 @$ `& \, G) i' P
dns-guard
' H/ @$ r8 f& p7 k# U: i!
6 _0 H$ G$ I/ W6 Iinterface Ethernet0/0) G4 U( D( X+ {! ]% \" Y
nameif outside) r4 a% I$ {2 q9 P
security-level 0
( z3 N }- r" ~% a- L& aip address 202.71.x.x 255.255.255.128
3 E* @8 t4 q9 l+ ~!
1 q X) N/ v' Tinterface Ethernet0/1
0 Z$ Q9 h& O1 l/ l: onameif inside
2 L6 \0 o5 j! y: Psecurity-level 100
- m1 B7 x. i4 r1 N/ Aip address 172.20.11.251 255.255.0.0
) U# F$ T; X' U!, ^- Z5 \4 H) @' W
interface Ethernet0/2' `$ W# f5 K, s
nameif dmz; ?6 g( j' j, C# K& m8 D
security-level 50
_. l( T* s9 ]+ P! cip address 192.168.10.251 255.255.255.0
0 A {/ a4 x- y! }# ^9 M5 ]* N!
* |2 U% T: }" W6 |; Xinterface Ethernet0/3- ` D* z! r2 c, Q; r! H, a
shutdown) w4 y- I4 J& Y9 P: b! ~
no nameif# @8 u1 g9 q- ]* h' ?. d5 A
no security-level
6 t! g' M, X8 t" `% H6 r3 Yno ip address
# T7 \- T8 ~: ~! g6 z4 q% K!
5 P3 u- O+ C( N, m/ |, {interface Management0/0
+ f1 L2 p& Y: \" {) z4 ~nameif management
9 g) |/ c! z+ [security-level 100
9 q' b$ | z4 ]1 H' n$ ?' K. Lip address 192.168.1.1 255.255.255.0
3 I5 C3 U. L. B1 e* ~+ h! N4 G0 p" O* kmanagement-only2 k2 p; ]3 i" n* E
! u+ V5 u' K6 m
boot system disk0:/asa832-k8.bin
, `' S f3 {- h$ |& Fftp mode passive" p( V2 E5 N- z/ E: ~! U. S7 w6 W
clock timezone HKST 8
- N! V7 Z& L) {- B3 m7 o. Wdns domain-lookup outside1 M& D1 n$ A' {" X. b! V
dns server-group DefaultDNS4 M0 ?1 \ N' i. N9 b
name-server 202.67.240.221+ w* ~- d: v" ~3 }' s" \& F
name-server 202.67.240.222" B# J0 o; X% u' o
object network test_dmz
- R3 l- O0 p. s) Jhost 172.20.11.18 d, P( y4 j$ A3 c8 y0 F
object network NETWORK_OBJ_133.1.0.0_16 / R* v, w. q& E# H: H- W9 j+ g
subnet 133.1.0.0 255.255.0.0
$ |1 a$ u! ?' \7 [$ Yobject network NETWORK_OBJ_172.20.0.0_16 " Q f% w) Z) P1 ]
subnet 172.20.0.0 255.255.0.0
5 ` ^1 w/ @7 s# v- Dobject-group protocol DM_INLINE_PROTOCOL_2
$ x1 W+ ~: s$ U W( dprotocol-object icmp. q; f) h% @4 }9 U
protocol-object icmp6: t( v" Z. o* }$ x* [
access-list pub-server extended permit tcp any host 172.20.11.1 eq 5900 inactive : s5 n" X6 \1 L0 F Y
access-list pub-server extended permit tcp any host 172.20.11.1 eq 5800 inactive W2 A. `, m6 L7 S# U
access-list inside_access_in extended permit ip 172.20.0.0 255.255.0.0 133.1.0.0 255.255.0.0 2 G5 [1 |: W1 _( K
access-list outside_1_cryptomap extended permit object-group DM_INLINE_PROTOCOL_2 any any * n( [8 o$ g: P L
access-list outside_1_cryptomap extended permit ip 172.20.0.0 255.255.0.0 133.1.0.0 255.255.0.0 5 {1 Y3 m# @. W) D! m' `+ S
access-list outside_1_cryptomap extended permit tcp any host 172.20.11.1 eq 5800 5 _: Y5 e; |- D4 }% k! W
access-list outside_1_cryptomap extended permit tcp any host 172.20.11.1 eq 5900
4 @5 A, k, Z5 t7 s, w0 W( Rpager lines 24
3 ?9 k2 V) ]$ P8 x4 k8 a* Dlogging asdm informational
2 }2 W5 h! \, Pmtu outside 1500
- r1 w6 F8 ^, s. Amtu inside 15008 Q ~7 T. R$ [, A2 p4 O9 n ^, l( U
mtu dmz 1500* ]. c! T& C& [0 H
mtu management 15005 v0 n+ S* K; ~) m5 o9 V* ?% l
icmp unreachable rate-limit 1 burst-size 1
j4 \% [1 ^% Pasdm image disk0:/asdm-634.bin
0 M3 e. S& Z: m6 tno asdm history enable
4 C; h; z a+ T, |2 ]+ F& yarp timeout 14400
1 `: D( i. F e! inat (dmz,outside) source dynamic any interface% p3 E; i0 u! V' o( L
nat (inside,outside) source dynamic any interface1 W9 ?+ h7 L- n: l
nat (inside,outside) source static NETWORK_OBJ_172.20.0.0_16 NETWORK_OBJ_172.20.0.0_16 destination static NETWORK_OBJ_133.1.0.0_16 NETWORK_OBJ_133.1.0.0_16
0 i s9 i# v9 S. v e; m% |3 A!( e; p. l( W( x" k
object network test_dmz+ y7 [# [1 X0 t$ X2 B+ g
nat (inside,outside) static 202.71.x.x dns: W7 y& I& |- d+ c
access-group outside_1_cryptomap in interface outside
$ Y+ L5 z7 u8 Uaccess-group inside_access_in in interface inside- x$ g% \& _& M0 `2 R$ `* X* j+ Y: i: Y
route outside 0.0.0.0 0.0.0.0 202.71.249.1 1, _6 T: N) U2 c6 t0 `
timeout xlate 3:00:008 ]% \, L/ j, j5 W. @6 a2 L1 n
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02" g8 ~2 M, V* X: T2 t! F
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00$ ~# F% d4 D6 l0 f4 s/ w/ ~
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:001 d& O+ v) a6 Y- q0 }
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
9 `4 N% h5 X6 n5 Gtimeout tcp-proxy-reassembly 0:01:001 I4 V% x" F4 J/ R z5 Z
dynamic-access-policy-record DfltAccessPolicy5 [1 ]" h8 _/ a4 h. g% ^4 Y
http server enable b- [: Y7 g% @& @% B' M6 A
http 172.20.0.0 255.255.0.0 inside l' ?: n' S" g% t7 ^6 c' d# S
http 192.168.10.0 255.255.255.0 dmz
2 U8 O4 ^( J' J( K2 ]/ Dhttp 59.37.x.x 255.255.255.255 outside0 u' E2 f* u* K. V
http 133.1.0.0 255.255.0.0 inside5 L. [" L2 \5 e4 j7 j; E
no snmp-server location
, O: C+ O; Q5 U1 m9 Kno snmp-server contact3 `+ ]7 E1 q. A1 ]/ x
snmp-server enable traps snmp authentication linkup linkdown coldstart
1 q' T# n! {3 M5 @2 U1 l2 wcrypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac . T* E5 D6 L! G# ~, e
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac _. G/ \/ _; G8 V# Z: P2 B
crypto ipsec security-association lifetime seconds 28800/ I& m2 l2 z$ r7 H1 C1 j
crypto ipsec security-association lifetime kilobytes 4608000
$ b2 \/ q# j, O( t7 {- M$ C7 U# Ocrypto map outside_map 1 match address outside_1_cryptomap. H, G8 y) B+ x+ U/ I4 W( g/ E
crypto map outside_map 1 set pfs % O/ S2 J+ ~" Y0 ~+ e0 g, d
crypto map outside_map 1 set peer 59.37.x.x 5 b) D# A# R3 P6 b6 v' m
crypto map outside_map 1 set transform-set ESP-DES-SHA ESP-DES-MD5( Q) T7 b. \; U
crypto map outside_map 1 set nat-t-disable- N! A5 \& b* r+ i9 K1 M
crypto map outside_map interface outside
9 k) u+ S+ _3 p: r$ @# a- F' L. o5 }crypto isakmp enable outside+ y9 C: L7 @% I! |
crypto isakmp policy 10
3 _5 Y5 K. } D7 r. A$ i' `6 @authentication pre-share
5 I8 c4 ~( `0 B6 `1 ^1 Y! rencryption des' h" Q0 z C4 \( H
hash sha
/ o6 `3 w- s2 \group 2
% g0 H8 M+ f) d3 x* i2 Klifetime 86400
1 D( `9 T% _9 r9 b% S0 Utelnet timeout 5
4 X# i" I/ B ~( wssh timeout 5
& c: A& O1 d7 H# jconsole timeout 0
* K7 E6 @+ R. H- o: c U- tmanagement-access inside
5 m [" ^) v: t0 J# e1 f! hdhcpd address 192.168.1.2-192.168.1.254 management1 T! `& D' r6 o9 o% N( J
dhcpd enable management
; A2 y) C6 i) r6 a& R; h!
6 l$ N+ G$ I) d5 T# d- sthreat-detection basic-threat
# m/ H" e4 ~6 n9 D- Y# {threat-detection statistics access-list
/ W {6 ~" E! ~6 Sno threat-detection statistics tcp-intercept
' W. {) ~; o* c3 h- ^webvpn1 p o3 z6 c2 p) ?" J* D v$ o
username test password CbALENU0UyGZXMpV encrypted4 q3 n3 i0 g2 H7 k
tunnel-group 59.37.x.x type ipsec-l2l
0 y4 n t8 N9 q8 w# d$ V Ztunnel-group 59.37.x.x ipsec-attributes6 z8 O# n' ^$ ?: O0 J) S% s4 v$ `
pre-shared-key *****
5 \8 |9 x" @, D3 v* mtunnel-group-map default-group 59.37.x.x
* \6 E) T/ O7 g% z. J!
2 T O. w. j, ~$ c1 @7 J1 B7 T- qclass-map inspection_default8 ?, T8 c5 g- R: @2 U
match default-inspection-traffic7 w' ^" m/ S6 a1 b
!
1 m" Z! w% k* N5 H; b, T4 O t!
3 E6 b, \- d" n8 N% ?policy-map type inspect dns preset_dns_map
( N9 N% R+ z ^4 J' U9 pparameters% s! z$ U v2 \# u; E/ p( C, j
message-length maximum client auto
5 e- }/ T: @' u/ q2 \6 c8 ? message-length maximum 5129 A8 F4 R% ?; l0 }
policy-map global_policy* y; b0 ?% i* {% i
class inspection_default
0 T0 ^! \( l1 N inspect dns preset_dns_map
7 Y q, K9 b( d" Y. | inspect ftp ) \# u; z; C9 A+ s/ |/ _1 ]9 c1 _
inspect h323 h225 3 h1 r8 B3 z# |7 U ]$ ?
inspect h323 ras # G1 ?" s. _5 z" }; A
inspect rsh % U; ^( t, ]* v* a
inspect rtsp
1 Q- c1 J$ f; \( _ inspect esmtp
4 \. I+ n g% S M8 Q3 d( o5 W inspect sqlnet ( e% s J$ Q! {* c1 N! M5 i7 ? c- k
inspect skinny
+ X0 S% r# `, f. F) C& o$ X+ @. \ inspect sunrpc
) ?* j/ m# A6 }: ` inspect xdmcp ( k) p2 G, e% M
inspect sip ! \% U# |' j" D& ]1 _8 J1 _
inspect netbios
' W$ f( [; ]! F7 f& A inspect tftp
: E# M& e6 ^2 I- I x. P& j inspect ip-options
7 M* Y/ g0 o4 \& d! s2 v# }!
5 F8 R& {( n% C* P- cservice-policy global_policy global
2 W: x# {! X" @9 _6 G, X. Cprompt hostname context
% o/ W9 P/ j% V( X3 N- Acall-home5 @+ x( b( e, Z4 f
profile CiscoTAC-1
% r# B& e+ z3 w( W5 S4 `# y0 E no active
n, t! q7 _: i& X o( L4 E* F destination address http https://tools.cisco.com/its/service/...es/DDCEService* r; U7 X5 r8 S Y; U2 T5 N
destination address email callhome@cisco.com$ Q* w4 u x9 R' G5 E5 U) H
destination transport-method http' B$ ^) A+ n# i1 P* H. D- O: B
subscribe-to-alert-group diagnostic" h4 B. r: G7 y& N
subscribe-to-alert-group environment
# |4 @5 [7 y! s subscribe-to-alert-group inventory periodic monthly: k8 x3 H8 h8 E$ K9 P
subscribe-to-alert-group configuration periodic monthly
4 r/ S( l& o9 w+ |1 W subscribe-to-alert-group telemetry periodic daily
+ N: ]9 A+ J' r% w/ S. kCryptochecksum:6b879ef1f15a7d684d2f4381e5d4f716
$ E3 v+ |4 c. P) I/ z: L: end! d( Z' a$ I, ]' s2 J8 `
1 y, U5 ]1 D! [ e3 }分公司配置文件如下:
" j0 [& Y5 G/ Y+ [* KASA Version 8.3(2) 1 E7 R% l1 }9 A2 K$ E% z& m: y
!8 D4 d/ q1 |2 w' A R6 x
hostname ciscoasa
- `! g) @& \) z) o" U h5 Uenable password WLg4yr1XK2KDxYf5 encrypted; S: R& {" {3 o* l
passwd 2KFQnbNIdI.2KYOU encrypted* H* M" I% @2 d9 P: m- w. I
names
2 q( w$ f; T" q6 Q1 R8 qdns-guard
% ^1 n, U4 S9 i6 s!2 O/ ~6 O% |, ~' B6 F7 i
interface Ethernet0/0+ B9 U$ H) m$ g( Z$ U7 s: \0 E$ G9 O
nameif outside
% P# i, @& h4 z$ P$ b& osecurity-level 0
% O! {1 } r bip address 59.37.x.x 255.255.255.224
$ F6 r& N+ Y. c" [2 k* l- F!! C7 b, h$ g; \# [
interface Ethernet0/1
9 V' O: I: P( O5 E2 i: {1 [nameif inside4 ?+ C) Q4 F" {' N& E u! a& A0 Y
security-level 100- m2 J, ^& }6 f& }' [
ip address 133.1.20.251 255.255.0.0 3 L, _# G. D% n; F% O }& P
!! z" h# C2 ?2 n N$ _5 O
interface Ethernet0/2/ q$ A9 r( l& e0 m! I2 i
nameif dmz2 `1 b n3 }) \$ N& _6 Q
security-level 502 d/ b' i: P. W5 z ]
ip address 192.168.20.251 255.255.255.0
; a7 H" Y4 J" F! o$ K!
4 O* _6 F( O3 P/ y( Iinterface Ethernet0/3/ H) v1 e+ |# w; Q$ ~! \2 n& z) b% ^
shutdown/ E; B9 E, R3 Z8 B& q- ~, v
no nameif
- n' W3 }! f2 eno security-level
. g( g/ [/ z' H8 Qno ip address. {/ \; P0 `. k2 J$ N
!
- ^1 {: J& v* K+ {; _3 Jinterface Management0/0) ]- @2 A: r6 h0 W( L0 Z Y
nameif management( S# T: w0 D; s# \" N% f
security-level 100% B# u7 j- z: H$ m( t
ip address 192.168.1.1 255.255.255.0 : Q c$ i$ O" j$ n5 |- N8 ^
management-only" w. _' a- {$ Z+ r$ j+ t+ }
!
! W9 V- ~9 R8 w0 {6 |boot system disk0:/asa832-k8.bin
4 M) l ~1 \* dftp mode passive" p0 B. h3 g9 S7 M/ \
clock timezone CST 8# a8 C0 G6 E; K/ [& M1 c
dns domain-lookup outside
0 }: ^( `% G1 g3 W; Jdns server-group DefaultDNS
4 |, V$ J0 V* Z8 e* Pname-server 202.96.128.86
3 F5 `& \8 Q% j, M! t6 {4 pname-server 202.96.128.166& I- ^3 i2 P, |: H
object network test_dmz " M8 H/ n* Q9 X- C2 V, g
host 192.168.20.22' }' n4 X6 Y$ }/ f1 o2 A- g9 B1 Y O* J
description port 5800-5900
4 f' B# r$ I( a! S" B* ~object network NETWORK_OBJ_133.1.0.0_16
* h- r' J/ O6 |' \5 a' }. rsubnet 133.1.0.0 255.255.0.0
* N9 E: B6 ^2 ?& B/ }8 mobject network NETWORK_OBJ_172.20.0.0_16 * u/ [ O/ R6 w( c; u: i0 H: v$ Z
subnet 172.20.0.0 255.255.0.0
! p3 R. H' s U0 L/ cobject-group protocol DM_INLINE_PROTOCOL_2 I: `, v, R9 r; g
protocol-object icmp* J# B& X- U* c; D. E: @4 x
protocol-object icmp6% J- {6 V. N. v. B2 e1 P. m
object-group protocol DM_INLINE_PROTOCOL_3) H* Y% O! ~8 H( Q0 c; F
protocol-object icmp, n2 f |. ?& e) ?$ b% D5 M O2 D
protocol-object icmp6
& X9 Y% v" N; H/ d, P5 `! maccess-list inside_access_in extended permit ip 133.1.0.0 255.255.0.0 172.20.0.0 255.255.0.0
1 o2 i4 b1 O) N3 x0 h" taccess-list inside_access_in extended permit ip any any 9 ]6 Y1 f4 ?* K- i3 T
access-list pub-server extended permit tcp any host 192.168.20.22 eq 5800 inactive
, h1 y3 E% Q: ^7 C! V' Oaccess-list pub-server extended permit tcp any host 192.168.20.22 eq 5900 inactive
+ W* `3 G4 ~1 T" saccess-list outside_1_cryptomap extended permit object-group DM_INLINE_PROTOCOL_2 any any
8 B; O( y# {6 H Iaccess-list outside_1_cryptomap extended permit ip 133.1.0.0 255.255.0.0 172.20.0.0 255.255.0.0
- s5 [' W5 O% R) qaccess-list outside_1_cryptomap extended permit tcp any host 192.168.20.22 eq 5900 1 d( g, `$ g0 U- G% B9 l
access-list outside_1_cryptomap extended permit tcp any host 192.168.20.22 eq 5800 9 H. l; X; d3 }8 o
access-list dmz_access_in extended permit object-group DM_INLINE_PROTOCOL_3 any any " `( |3 T( g( x2 |- Q$ V) E$ U
pager lines 24
" I }% k7 B5 j, V. H6 ?' Alogging asdm informational' P/ Q c1 q1 U9 F( G* t
mtu outside 15003 }9 ]( p& u+ l& x1 [
mtu inside 1500
% v$ d$ Q: p, F/ K( qmtu dmz 1500+ r( \$ ?, _- b
mtu management 15008 o; I% c$ ~) ^, V
icmp unreachable rate-limit 1 burst-size 1% f4 F7 q+ _* |6 u
asdm image disk0:/asdm-634.bin
4 w# q; S) X% {* i% dno asdm history enable
' a' Z& v; \: a7 Barp timeout 14400
, U* c3 V5 T$ o1 {$ J& u. q4 [4 l- }nat (dmz,outside) source dynamic any interface
. F! m) W: h) p' e; N9 rnat (inside,outside) source dynamic any interface
- [) s" {0 z4 f' c+ b2 Fnat (inside,outside) source static NETWORK_OBJ_133.1.0.0_16 NETWORK_OBJ_133.1.0.0_16 destination static NETWORK_OBJ_172.20.0.0_16 NETWORK_OBJ_172.20.0.0_16- \3 Z8 m5 C) |$ P
!
9 c& Q4 v h* bobject network test_dmz
- H( ?2 ?0 V) ynat (dmz,outside) static 59.37.x.x dns* i( T. \+ J; D3 E( }* J5 o
access-group outside_1_cryptomap in interface outside
7 L7 J& `; W3 S7 ^3 D- B' Eaccess-group inside_access_in in interface inside% K. E9 ?& N. H! v6 S
access-group dmz_access_in in interface dmz# `( Q( m& c( i( i
route outside 0.0.0.0 0.0.0.0 59.37.23.193 1: b V% b6 @ W6 |& A ^
timeout xlate 3:00:00* B$ h, ]/ w2 B- O: B/ _
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:023 S, {0 M$ F' P/ w
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00+ h: t% s e% n2 }
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:005 r4 S* ]) m1 P# W
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute3 b& S" Z0 `% ^4 C. S
timeout tcp-proxy-reassembly 0:01:00( E( _! l1 v# F" K
dynamic-access-policy-record DfltAccessPolicy
# U' W+ d: s/ Q, @7 \http server enable
' c- G$ ^6 u7 t3 ^: r: P+ Z' phttp 133.1.0.0 255.255.0.0 inside0 I4 X1 v- n! ~/ u
http 192.168.20.0 255.255.255.0 dmz+ u; j6 O) ]' M: [- A* ~3 Q& T/ E
http 192.168.1.0 255.255.255.0 management
7 u! ^7 ]% Z) c& M/ ~no snmp-server location; S; Y3 U% r' q. v- C0 a9 i
no snmp-server contact# F( a1 `8 L8 a/ {, ^2 b; d
snmp-server enable traps snmp authentication linkup linkdown coldstart
' ]! V9 C( [% {* g$ fcrypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
9 J8 q; ` h; T$ a: Ocrypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac & _0 E1 s# U. I9 Y9 B( r! H
crypto ipsec security-association lifetime seconds 28800% G( N/ ]* O* ~" s2 u, H8 u
crypto ipsec security-association lifetime kilobytes 4608000
4 p& Z! b( x3 y0 m2 E Pcrypto map outside_map 1 match address outside_1_cryptomap
" m% l5 J: a& Vcrypto map outside_map 1 set pfs 3 u4 y* U) O0 u+ K
crypto map outside_map 1 set peer 202.71.x.x' N( f; ]* O4 [
crypto map outside_map 1 set transform-set ESP-DES-SHA ESP-DES-MD5
& T" x9 Z* l$ `! [% q$ ccrypto map outside_map interface outside
5 T* \% e( }3 u- h# ^+ D( S. vcrypto isakmp enable outside
, p4 G! n7 O m3 v/ |/ w) X8 e Gcrypto isakmp policy 10
1 u5 @: D* l* X1 Vauthentication pre-share
* n f4 I% c0 r2 @encryption des
* f: x5 m' f" b& s+ f4 Z9 T. [& d- ?' xhash sha
/ D* N' S9 i' K+ C" p, Bgroup 2; X5 N3 S6 ^8 ?: x9 u7 E
lifetime 86400 O8 o* R1 u- r! \" \; q4 I
telnet timeout 5
0 F- C M) {: e2 e B! ]ssh timeout 55 A4 k# \3 w# `
console timeout 0
: Q7 P7 F! f4 `9 c$ l8 w2 |management-access inside
3 t# ^/ t2 \% H* i9 Adhcpd address 192.168.1.2-192.168.1.254 management0 q/ n; W+ j! B- B, a8 x
dhcpd enable management6 W$ N( @) q7 v. g
!
* U: e0 M- A( Vthreat-detection basic-threat
6 @3 _% ~, ^" n7 Y3 E4 E. Mthreat-detection statistics port) S. C& h) I% z3 d1 j: [, g+ ~9 A
threat-detection statistics protocol
1 P$ P; J! L4 s3 `; gthreat-detection statistics access-list# B7 }2 M+ @, E4 P! ?
no threat-detection statistics tcp-intercept
. Y3 }+ l* y, M/ c5 g' B% V( Awebvpn
0 g3 S3 j: d9 p3 ]- J: @$ j X4 |tunnel-group 202.71.x.x type ipsec-l2l) M' \$ p; @9 a
tunnel-group 202.71.x.x ipsec-attributes' x0 S- T+ n1 n9 H* p: L3 \- @# V
pre-shared-key *****6 T, v) O- g) r( Z
isakmp keepalive threshold 20 retry 26 [- n; C$ c) s; x6 t' b! K
tunnel-group-map default-group 202.71.x.x
# f/ ^. q! y* n, J; T!8 I2 d- M1 t( l" H% L$ M
class-map inspection_default' T9 H% s8 y$ U0 @
match default-inspection-traffic/ n/ F- V3 U l; \& r
!, f4 o' L) S) H1 o% m: [
!
0 M, O$ Y' y' u: [policy-map type inspect dns preset_dns_map/ P6 f. P; w+ g' y0 K
parameters
# ~) i; p8 R8 N3 L! S- I$ t% f9 Q* l message-length maximum client auto+ S0 a0 \9 @# [% t0 T- j' @
message-length maximum 512
% S: C" Z& n) P; J. mpolicy-map global_policy: Y# k9 }) J# d" |: l
class inspection_default! I% S5 m; Z( \& s
inspect dns preset_dns_map
, E4 v+ g1 F& D/ }/ _( o% t! t+ R5 ` inspect ftp
; C9 H [) Z7 O% o Q# K# d inspect h323 h225
+ ?$ H, M! q: M! k8 u. a inspect h323 ras
, ?$ w$ [+ U9 |3 Q4 e: _8 I inspect rsh 7 @6 U! \+ c( @# k
inspect rtsp
2 u! O; z: u, p# x+ O0 M! P- }! E0 d inspect esmtp 0 W9 a* g+ K+ y: y) |
inspect sqlnet
) T- l( g2 D) B9 J- l! N' i+ I4 R inspect skinny
% W" Y$ S" I+ V: q inspect sunrpc 5 C5 W6 D. `5 I6 ]; L
inspect xdmcp : y- _7 Y0 P" z3 q
inspect sip / S7 E8 ^! |5 p3 {# w2 s9 y
inspect netbios
f( R3 h% c6 m9 n inspect tftp
\1 I# [2 \- H1 F G' `) A inspect ip-options * q8 u' ^1 f0 k0 H) h* V
!7 I( D2 G& ]$ ~: B9 }/ k
service-policy global_policy global
3 R* Z* _; v0 ~" d5 ~! ^: U/ Yprompt hostname context " z8 e3 d+ c! e8 Q9 w+ d0 I+ E( z
call-home
0 ?6 E" b& U3 [. b8 fprofile CiscoTAC-1
1 H+ M! u: A0 V- b no active
6 \: V: o' C: t- A: C0 m7 Y1 ]2 w destination address http https://tools.cisco.com/its/service/...es/DDCEService9 F& S: G- E% o$ k% f
destination address email callhome@cisco.com
# \* L3 T9 j0 I( V destination transport-method http
$ V8 f7 S5 s- h/ D3 |5 h subscribe-to-alert-group diagnostic
# O8 C3 k3 _ t4 a0 }7 H subscribe-to-alert-group environment/ k1 d+ ]2 J$ U" k- j* P8 m+ T& _
subscribe-to-alert-group inventory periodic monthly
$ a5 j$ b: u6 l) p! I: v subscribe-to-alert-group configuration periodic monthly& Q9 H5 ]4 r5 W5 w% |
subscribe-to-alert-group telemetry periodic daily9 z! X1 c7 K# }, k3 q
Cryptochecksum:28c12a34529f3296cc149e0125c752d7+ n1 `+ z% H# @( \ j' [
: end
* U5 E4 ~2 ~0 g5 M5 |. R4 V
* @1 Q; s4 c- G那位大大知道问题出在哪里的请帮帮忙,感激不尽! |
|
所有IT类厂商认证考试题库下载
【新盟教育】2023最新华为HCIA全套视频合集【网工基础全覆盖】---国sir公开课合集
【新盟教育】网工小白必看的!2023最新版华为认证HCIA Datacom零基础全套实战课
原创_超融合自动化运维工具cvTools
重量级~~30多套JAVA就业班全套 视频教程(请尽快下载,链接失效后不补)
链接已失效【超过几百G】EVE 国内和国外镜像 全有了 百度群分享
某linux大佬,积累多年的电子书(约300本)
乾颐堂现任明教教主Python完整版
乾颐堂 教主技术进化论 2018-2019年 最新31-50期合集视频(各种最新技术杂谈视频)
Python学习视频 0起点视频 入门到项目实战篇 Python3.5.2视频教程 共847集 能学102天
约21套Python视频合集 核心基础视频教程(共310G,已压缩)
最新20180811录制 IT爱好者-清风羽毛 - 网络安全IPSec VPN实验指南视频教程
最新20180807录制EVE开机自启动虚拟路由器并桥接物理网卡充当思科路由器
[复制链接]
