cisco 远程vpn到公司后,已经分配到ip pool里的地址,但是不能访问内网的IP(非防火墙的内网IP),求高手指点,什么原因& H6 G( R! X( t* b+ S6 ^
# R8 k; ]: c% Q( {! Fasa的配置如下:. s l _7 c. A6 @# g) L
ciscoasa# sh run
6 L: H# h. x: a5 U! N! g; ?: Saved6 z1 @+ b$ |+ H
:
4 W, I, w. k/ E8 S# `6 \% DASA Version 8.2(1) 5 \* e! p5 M. z' I) ^" A+ D
!
8 \1 t4 m. p* Chostname ciscoasa* D( b9 @' f1 Y" `7 p
domain-name cisco
% p7 m; }" Y9 w9 {% venable password 50Nk.e7v/HwBPDMk encrypted: }: G) b0 T+ _( I
passwd GLcon/czRZoeXjAp encrypted
! q4 G! f, w7 _$ ~! v2 n: J. Pnames
% G. t3 U+ `5 O# S6 {+ J3 Y. g!% U6 _/ U+ m# Q* I2 Q; E& g
interface Ethernet0/09 S" F) O q9 b" C8 [
nameif inside
7 Q3 a1 t( o/ J' a security-level 90
% W5 r+ Y" s3 L: _# E/ P6 N3 m8 f+ E ip address 192.168.100.1 255.255.255.0
5 r& Q1 E7 @* m1 H!+ X, Z5 y* k0 a# {+ Z8 K" t
interface Ethernet0/0.101! R" a# x2 A/ t" m* F
vlan 101
& `2 v% Y P( n# A4 g, d0 j4 i nameif office1
7 _1 ^' \) Q; I security-level 90
; Q1 ]7 Z9 ^# K+ ]! J ip address 192.168.101.1 255.255.255.0 " B F$ b/ q/ h% y+ m4 [- F T
!
0 x! }- y a& E+ q8 k! O% Zinterface Ethernet0/1
# Z3 q$ C: V. N6 Q# L/ R9 X, k nameif outside
! S4 u& s8 l2 v F security-level 0! ~0 a- I5 b U
ip address 123.31.129.185 255.255.255.248 ) K9 l/ S& {2 o
! & L7 {4 w L( }1 }8 T2 I
interface Ethernet0/2
. f( }$ U. P r6 i# R; n nameif outside1
& E( N+ R% f1 ~7 r+ d security-level 0! J2 M7 e/ T' f# y" b- g, Z
pppoe client vpdn group vpn
' s! l8 W1 z# |: Y! F% A pppoe client route distance 10# h$ ]. E3 i' S& s( X7 D0 V
ip address pppoe setroute
1 c) |! m) c/ u5 L!2 `1 O6 B/ l0 J/ D* l3 p" S- c
interface Ethernet0/39 p4 n, o5 S6 L- Z2 P( t: L
nameif to_zhongbu
1 U, F7 I/ y9 L! ]$ t2 W6 J: ?! u) i, Z security-level 30* L/ X A' b J: J6 a8 u. i
ip address 172.31.254.130 255.255.255.248
, f G! Q# ~ i& ^3 z5 Z8 N$ r!/ ]% x" i& }7 q" z5 c) k: H
interface Management0/0) k, D7 r2 `+ G% R% H1 z! w
nameif management
* z9 S5 ^3 q2 i" s security-level 20% E; u, ]# L) r2 r( i2 p
ip address 192.168.222.1 255.255.255.0
' l5 _2 z5 `1 a* t- `5 D" f5 I' @) L!8 R, `' h; |8 v9 B4 l7 M8 b p3 f
regex youxi-filter "youxi.baidu"% O. v; @' x; _7 n9 w
boot system disk0:/asa821-k8.bin
, V, i9 h' v$ |' x" p- Fftp mode passive. |, z6 w% b- b; ?/ Y& o' Z2 K
clock timezone GMT 80 C( u9 k: V$ \, Y
dns server-group DefaultDNS
" }3 i# v. p0 F2 s O' ?6 T ~9 M domain-name cisco
; h& i+ L2 b6 Osame-security-traffic permit inter-interface7 V- I/ s7 u0 o5 a p. [/ P
same-security-traffic permit intra-interface
! T4 C$ \6 T% h0 `' j1 G4 R/ T8 ^object-group network HTTP_SERVER0 a$ b& c5 a/ U3 A8 {
access-list cqbj extended permit ip 192.168.100.0 255.255.255.0 192.168.0.0 255.255.240.0
' u! q2 w! |3 }% h2 ^+ }access-list cqbj extended permit ip 192.168.100.0 255.255.255.0 10.0.0.0 255.0.0.0
: n2 Y: ?1 W! J5 xaccess-list cqbj extended permit ip 192.168.100.0 255.255.255.0 192.168.66.0 255.255.255.0 + _6 w( a P Q1 ^- g) l2 d' m/ s
access-list inter extended permit ip 192.168.100.0 255.255.255.0 any
+ q0 \9 Z' U1 z% y$ X5 S8 Jaccess-list inter extended permit ip 192.168.101.0 255.255.255.0 any
; i/ U" Q# A- O, Saccess-list bjcq extended permit ip 192.168.0.0 255.255.240.0 192.168.100.0 255.255.255.0
! M+ ^+ y- X# q _/ M" Oaccess-list bjcq extended permit ip 10.0.0.0 255.0.0.0 192.168.100.0 255.255.255.0
" y& |7 g$ l- v/ \6 U; saccess-list bjcq extended permit ip 172.31.254.128 255.255.255.248 192.168.100.0 255.255.255.0 / c: q8 A9 y |2 g: m4 I! l
access-list webserver extended permit tcp any interface outside eq www
" X/ x# y8 z$ c' J. i% k8 Yaccess-list webserver extended permit tcp any interface outside eq 81 1 z G- c3 e( K, ]0 i A
access-list webserver extended permit tcp any interface outside eq 8080
! W+ L; l9 j- G; l' saccess-list webserver extended permit tcp any interface outside eq 8000 - N3 A' b( {* D" m8 i0 t- \
access-list webserver extended permit tcp any interface outside eq 99
/ n8 \# e# U4 Iaccess-list webserver extended permit tcp any interface outside eq 8088 / i& Z( k. V) \5 k2 \& P, W
access-list webserver extended permit tcp any interface outside eq 9000
0 k6 {7 N' y. q) c# \5 ^access-list webserver extended permit tcp any interface outside eq 9090
6 m" l) g' C8 E9 u) F& Uaccess-list webserver extended permit tcp any interface outside eq 8081 / _! k4 d, _/ r1 F6 b
access-list webserver extended permit tcp any interface outside eq 3389
& a* U( B9 G& w o/ |" Saccess-list webserver extended permit tcp any interface outside eq 8001 ; H% b l# w# J* Z
access-list webserver extended permit tcp any interface outside eq 33696 3 r. Q8 U( P: J2 c0 F
access-list webserver extended permit tcp any interface outside eq 82
, H5 I5 o' u% C( U* x; B2 laccess-list all extended permit ip any any
' D# h3 u2 G. R! caccess-list all extended permit icmp any any * I8 V2 d" o7 ~
access-list Local_LAN_Access standard permit host 0.0.0.0 : h/ I$ }8 @6 _
access-list vpnin extended permit ip 192.168.100.0 255.255.255.0 192.168.100.0 255.255.255.0
& C+ c: Y$ H* Saccess-list vpnin extended permit ip 192.168.100.0 255.255.255.0 10.0.0.0 255.0.0.0
! f& S* Z/ _: ]6 ^% uaccess-list 56server extended permit ip host 192.168.100.56 any 1 f' M2 P; W$ U& q; @7 ?8 n
access-list webserver1 extended permit tcp any interface outside1 eq www
, h' R: D% U( w) P/ [/ Naccess-list webserver1 extended permit tcp any interface outside1 eq 2401
% U$ o* w! C: Qaccess-list webserver1 extended permit tcp any interface outside1 eq 81
' q' ^) R" O; Z1 l+ z. {3 oaccess-list to_inside extended permit ip 192.168.101.0 255.255.255.0 192.168.100.0 255.255.255.0 ! u/ _9 @7 U7 D' C) {
access-list traffic-lim extended permit ip any host 192.168.100.112 + j/ u$ B9 i2 w8 N
access-list traffic-lim extended permit ip host 192.168.100.112 any
, v i: ^) _( i0 s, G9 w) T% Caccess-list traffic-lim extended permit ip host 192.168.101.112 any
I* I+ x7 c7 N* w" d8 ^* ?access-list traffic-lim extended permit ip any host 192.168.101.112
B( C* s* l& Y9 v, J% @1 x! oaccess-list traffic_prior extended permit ip any host 192.168.100.56
6 G1 g* K9 l, p5 _ h' {4 ]access-list traffic_prior extended permit ip host 192.168.100.56 any
7 O# t6 @5 g* w" V: Kaccess-list traffic_prior extended permit ip any host 192.168.100.110 , f& h5 Y$ U0 c- N+ O
access-list traffic_prior extended permit ip host 192.168.100.110 any
) j4 A8 x# }" E7 o9 @- v) n @access-list traffic_prior extended permit ip any host 192.168.100.41 / T; ?4 T8 s- Y- I: `3 o( G7 M
access-list traffic_prior extended permit ip host 192.168.100.41 any & K: y( }8 E' ]+ |, d# m* {- G
access-list netflow-export extended permit ip any any
* I- K* }/ S4 M/ k [pager lines 24% w J& O3 I2 W. i
logging enable5 K9 T/ k4 E5 Z: |- T; }; @
logging buffered debugging) f M7 ]5 ]- P) b& G3 Q8 f# i. N8 |
logging asdm informational) Y* ~5 c% A! ^
logging host management 192.168.100.112
3 X7 O- o( L6 N2 V. c4 K& |5 c/ Ino logging message 106015, m4 o0 v9 L T* E- @
no logging message 313001! A; _; }. ~: D7 |3 @' |- q
no logging message 313008: N3 T2 v2 C' h$ [4 g
no logging message 106023) \0 M" q1 @1 C; C4 D) n1 g. t( }
no logging message 710003
3 n& U: A7 z9 _! i G. a5 Ano logging message 106100
u* C$ I& T7 [no logging message 302015, H& D4 q% i4 E
no logging message 302014
( e: H4 A& g3 c9 D7 Hno logging message 3020131 U2 d/ A$ y. ^4 f$ ~! ~
no logging message 302018
7 R/ l( U8 u1 D! I$ { G' n! k2 xno logging message 302017, T2 r2 d& V8 q' T5 y1 ]* f
no logging message 302016
/ K7 Q1 [/ Q2 _: i2 i+ wno logging message 302021
) T; c# f7 g; C$ M( p$ n" ]- \no logging message 302020
( \6 u1 D$ P8 l- Zflow-export destination inside 192.168.100.19 99960 A# y! w6 s% H& q, _# s6 M4 C% P( `7 n
flow-export destination inside 192.168.100.112 9996
! O: n+ z/ f, y! D/ K6 Aflow-export destination inside 192.168.100.38 9996
& E% X8 A% R3 C, I) Gflow-export template timeout-rate 12 P! X1 C/ o \; H) g& {
flow-export delay flow-create 608 S6 i! U. O' A9 j, E/ I! |
mtu inside 1500+ c+ V4 U& @1 O( a
mtu office1 1500
: q. ?/ W6 x/ E8 Z: Kmtu outside 1500
4 l( o$ y# g, w& D/ a6 J nmtu outside1 1500* U6 s. }4 X4 C* F
mtu to_zhongbu 1500# ?: L5 `! G( W1 ]* ]* ~
mtu management 1500
8 K7 T( l( I0 B& F3 o+ aip local pool vpnpool 192.168.100.10-192.168.100.20 mask 255.255.255.0
; Y; W v$ f1 ~+ v, ^- ^no failover8 F* n0 L5 o; k' W$ |
icmp unreachable rate-limit 1 burst-size 1
: K; W: u7 x1 G6 T) Yicmp deny any echo outside. n. M9 k6 J/ n4 P- }
asdm image disk0:/asdm-621.bin. R6 o: C. N5 r
asdm history enable
P& p" m2 }+ ?! varp inside 192.168.100.108 8ca9.8261.bc5e
, |# \- d, b3 ~( O" e- Garp inside 192.168.100.232 0021.9b1b.48a3 ; F8 f) e4 a# ?
arp inside 192.168.100.245 0021.9b1b.46c3 4 H$ g& N( E* M: h8 }
arp inside 192.168.100.112 0026.c6a0.b2d8
2 x6 V7 U+ g6 d6 ]% iarp timeout 14400
1 K0 y# v$ N9 ^, i ]# r$ K) K( r: uglobal (outside) 1 interface
' V2 f8 x' f1 Uglobal (outside1) 1 interface$ K1 c& G* h) }2 \! Z
nat (inside) 0 access-list cqbj
6 \. Y7 N( ~6 ]' r, x. o8 ?4 b& Onat (inside) 1 access-list inter& V; M, H+ L7 I
nat (office1) 0 access-list to_inside0 g T2 C7 z! w* \
nat (office1) 1 access-list inter L# [9 p; X" ^4 R3 @8 v
alias (inside) 192.168.100.56 123.31.129.185 255.255.255.255+ i! d# k: N( R. N$ ]# K
static (inside,outside) tcp interface 2401 192.168.100.232 2401 netmask 255.255.255.255 6 n# V! d, ]' u8 A" q
static (inside,outside1) tcp interface www 192.168.100.56 www netmask 255.255.255.255
) f& l* E4 ~1 n- \; C7 A: g6 Lstatic (inside,outside) tcp interface 81 192.168.100.110 81 netmask 255.255.255.255
0 j. Q, S' B: O7 ~static (inside,outside) tcp interface 8088 192.168.100.41 8088 netmask 255.255.255.255 dns
! F" G$ k7 T* e" R! Fstatic (inside,outside) tcp interface 9000 192.168.100.41 9000 netmask 255.255.255.255 7 x: I9 Z5 B8 g4 a1 m' m
static (inside,outside) tcp interface www 192.168.100.56 www netmask 255.255.255.255 dns
( _% t( p' e- o& l! s: Zstatic (inside,outside) tcp interface 99 192.168.100.110 99 netmask 255.255.255.255
8 k+ M+ I4 n" S+ \0 y& mstatic (inside,outside) tcp interface 8081 192.168.100.42 8081 netmask 255.255.255.255 5 B2 {4 P+ J1 k+ F/ K+ f' S
static (inside,outside) tcp interface 3389 192.168.100.31 3389 netmask 255.255.255.255
$ j0 a/ R6 F4 sstatic (inside,outside) tcp interface 8001 192.168.100.147 8001 netmask 255.255.255.255
* G9 `, ~# ?0 e% I+ p, wstatic (inside,outside) tcp interface 33696 192.168.100.147 33696 netmask 255.255.255.255
! ~" c |, d* n) dstatic (inside,outside) tcp interface 82 192.168.100.57 82 netmask 255.255.255.255 7 }$ H/ L& H8 u7 f/ e
static (inside,to_zhongbu) 192.168.100.0 192.168.100.0 netmask 255.255.255.0 + `- u- ^6 n! |; Y% x
static (inside,outside1) 192.168.100.0 access-list vpnin ( o4 v L; o( L2 k6 _3 h8 A, c
static (inside,office1) 192.168.100.0 192.168.100.0 netmask 255.255.255.0 $ i8 @+ B+ K& d6 R; Y( }' W. P4 A
static (office1,to_zhongbu) 192.168.101.0 192.168.101.0 netmask 255.255.255.0 8 s4 m# p* X! }* ^4 k5 j* t( W
static (inside,outside) 203.86.86.138 192.168.66.80 netmask 255.255.255.255 dns ) [; q& Q. U, v5 t4 C6 [. J* F
static (inside,outside) 192.168.100.0 access-list vpnin + \5 a* F! g! X1 I& @5 b1 J* [
access-group webserver in interface outside
, }0 w }# l! F7 I& ]+ E S; maccess-group webserver1 in interface outside1
3 n9 l. ]% }. J- [0 U& d2 x Daccess-group bjcq in interface to_zhongbu
7 V5 @2 x) s; v+ M$ s: Eroute outside 0.0.0.0 0.0.0.0 123.31.129.190 2, w2 g0 O' X1 e/ Z: R- n- I
route to_zhongbu 10.0.0.0 255.0.0.0 172.31.254.129 19 M1 ~( K+ i6 k( f" N7 W
route to_zhongbu 134.98.152.0 255.255.252.0 172.31.254.129 1; N! B/ }+ c" j* }9 E
route to_zhongbu 192.168.0.0 255.255.240.0 172.31.254.129 1
6 J" O- A% ]# h* n( lroute to_zhongbu 192.168.66.0 255.255.255.0 172.31.254.129 1
2 L/ i. S- a+ O. b; N$ p# atimeout xlate 3:00:001 L1 G _0 R. z. [
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02! A2 E% K& |' L0 @3 I
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:007 i, I, Y, [7 Z8 B. |
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00: I7 F( J2 p8 F# }
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute2 w+ e* j5 h0 B' Z6 R
timeout tcp-proxy-reassembly 0:01:00: M9 A: C* W" r
dynamic-access-policy-record DfltAccessPolicy+ a8 i0 Q! p9 c2 a* B
aaa authentication ssh console LOCAL ; `4 D. b' U: r
http server enable
* _7 L( b1 z( u0 ]# ghttp 192.168.100.0 255.255.255.0 inside
4 Q0 g5 @* a& l$ P2 _1 k. Mhttp 0.0.0.0 0.0.0.0 inside1 _4 \* O; s3 q
http 0.0.0.0 0.0.0.0 outside0 ^" ^7 u* S1 l# I2 ~; d
snmp-server host inside 192.168.100.112 community public% A$ V% z9 V# K* s% ^( |
snmp-server host inside 192.168.100.19 community public4 R* H% U# q! { |6 {8 ?0 [ U
snmp-server host inside 192.168.100.38 community public: ]9 i. H6 M6 D" L
snmp-server location inside
* k8 G# j. v, Y1 B- J; Csnmp-server contact inside
: @7 c4 Q% j+ x( v* Lsnmp-server community *****" E0 y& N& h" Q) r9 U: R
snmp-server enable traps snmp authentication linkup linkdown coldstart8 ]: u5 [& w" ~7 t
snmp-server enable traps syslog
' w+ U; _2 {# g/ }; u% O3 Xsysopt noproxyarp inside
# }# [$ @) Y: i7 O. y7 p- fcrypto ipsec transform-set metarset esp-aes esp-sha-hmac 8 @7 D. e/ ?. w6 H* F
crypto ipsec security-association lifetime seconds 28800; N+ z, y7 e+ l" w0 Y3 V9 t& M N
crypto ipsec security-association lifetime kilobytes 4608000
1 W; {* n3 M) Z$ V2 qcrypto dynamic-map metardyn 1 set transform-set metarset
3 ^$ n, O) M4 @& W/ |- mcrypto dynamic-map metardyn 1 set reverse-route0 V& e; B5 K' V) A/ b. a. [$ ^
crypto map metarmap 1 ipsec-isakmp dynamic metardyn
# w* L3 T! H# S% T' xcrypto map metarmap interface outside
( l- h- m. i# @2 n; \6 m; L0 Wcrypto isakmp enable outside m, N* B3 w, U Q
crypto isakmp policy 16 b+ F V6 o; n0 }: g
authentication pre-share
" F" m5 Z# h" x! S0 U3 K, W9 q encryption aes
# Q& f% A+ A8 T& X2 k hash sha
4 I% z1 I1 M! s$ ^, @) ?5 l( T group 2/ h! b; m! F5 @; R' k9 {9 g" t
lifetime 86400
$ G4 y; m" {7 {8 V- |% ?& n& Scrypto isakmp policy 65535. t8 k' o" w1 x* q2 B. t0 q4 K& x
authentication pre-share9 S( L1 A; h. X6 y2 Q" u# \
encryption 3des
. w$ Y+ o9 ?- l c+ N. ~ hash sha( G% h. }7 z. @' \* P$ x
group 2
+ K5 P: p( _6 P1 C lifetime 86400
/ G' V5 g. P8 R; w0 V$ F' p+ Ycrypto isakmp nat-traversal 3600
- A/ h$ g6 \2 O6 F h6 x8 vtelnet 0.0.0.0 0.0.0.0 inside- G# }" x9 M: T0 y
telnet 192.168.101.0 255.255.255.0 office1
g' e, [% u( b7 k+ J, Btelnet timeout 30
) I! E! B0 Z$ d4 v2 \. ?7 Rssh 0.0.0.0 0.0.0.0 inside
3 L7 G8 }& B* @ssh 0.0.0.0 0.0.0.0 outside2 n4 S5 e* Z N U
ssh 0.0.0.0 0.0.0.0 outside1
# \9 P8 g2 V) D& }$ J issh timeout 5
( x6 ]9 v: ~" m) M) E9 J) H% Tconsole timeout 0& l+ }4 W; h9 E" r: J
dhcpd address 192.168.100.240-192.168.100.254 inside
5 z. r( O( U( l0 ddhcpd dns 61.128.128.68 interface inside
9 I' g& {. }5 g7 }* F0 \' adhcpd update dns both override interface inside. d5 e( Y' l4 y$ }) e. G
!/ H1 N9 Y" q% N4 a
priority-queue inside
& x# b; ~% Q7 Y8 p. I( c; ] tx-ring-limit 200
\: v$ a4 q) e' W2 Vpriority-queue outsideu* N4 V! C7 p0 n3 \: ~: T
tx-ring-limit 200
) E3 T$ Q2 e3 x9 n# ythreat-detection basic-threat
/ [/ ` v# @5 q A: y! Fthreat-detection statistics port
3 x7 x1 ?+ C- k6 @# r/ E# Wthreat-detection statistics protocol3 H" A( j5 R/ n& [% c
threat-detection statistics access-list5 Z3 E! w( H% p
no threat-detection statistics tcp-intercept" G3 {" F3 Q. N( X* r8 L
webvpn9 E7 r( B) ]8 k+ M& l$ E( `
group-policy allowlanaccess internal
3 g& D/ m# w/ l, Q# Sgroup-policy allowlanaccess attributes
. w5 \1 x& D$ Q4 h split-tunnel-policy excludespecified" q: t% b( p' _2 R' h$ y
split-tunnel-network-list value Local_LAN_Access& c/ k8 _! c- @4 i, C
tunnel-group metargroup type remote-access$ F7 R4 t; l* n8 |' a
tunnel-group metargroup general-attributes
. E! Y" i, c! K$ n+ z address-pool vpnpool5 v% q9 h4 q( T! L* n
default-group-policy allowlanaccess
% i5 v+ \9 W; ?% etunnel-group metargroup ipsec-attributes2 P7 |. T2 L7 M* d9 n9 q4 I
pre-shared-key *5 ? Z& |- h; q$ ]! g d
!
6 m0 f6 ?$ e$ y8 i8 ]2 |/ w! [class-map netflow-export-class
: i3 M/ y# r/ o4 o; P match access-list netflow-export& o8 S1 R; i" q) C: t( R. K
class-map Traffic-pri: M- Y; r- i: A4 C# G
match access-list traffic_prior! K" R& @% l h* ?' A6 f5 H
class-map traffic-lim
; k: T3 K! M# I match access-list traffic-lim
5 m$ y$ H2 S, \! a0 f$ S4 sclass-map inspection_default
/ B, M' ^$ h, i+ a- l+ K match default-inspection-traffic9 S" V3 j! c4 a3 Y( i, w% Q5 }
class-map host111
% m' A3 |8 c0 ?) o2 d3 O!
* B4 Z/ m1 s' m5 [# ?1 s!
. f4 Y! O) C8 H2 Kpolicy-map type inspect dns preset_dns_map
. q9 B" J+ l5 G9 P parameters
$ n) U" r6 z) `- h* ]1 w message-length maximum 512! M9 h! ^0 K. N0 Z, s% F. U
policy-map Traffic-pri# a" E7 T! X$ ~3 [/ F6 b. w
class Traffic-pri
" o. h6 k: b3 S8 T priority; p8 i4 z* ~1 N7 j: S. T
policy-map type inspect http url-filters
: d& d8 j7 [! p6 ?) m5 E2 m; } parameters
Z. o, f+ \6 J$ r protocol-violation action drop-connection log# W& m- g2 t1 P/ x
match request header host regex youxi-filter- l; i. _# m) M0 R8 p4 c& m
drop-connection log
- w8 t* e, k' f+ u) E1 V- Kpolicy-map global_policy% f$ @7 e1 e. D3 [9 L |# [5 p; t
class inspection_default
( ^& W, h P! B; Z# D inspect dns preset_dns_map , z# d' b! |' ^" ~! ]8 C
inspect ftp # B3 z8 e" J/ H" U' T* M- H
inspect h323 h225 ; I. \/ c7 [5 c0 i/ R
inspect h323 ras " h, {( b" m! ?" d, o4 Q' [
inspect netbios 7 n6 t( G5 k" M o- i2 Z
inspect rsh 7 i7 @7 p4 o$ n4 Z+ Z9 y7 f
inspect rtsp
- m5 E# K3 ]3 D inspect skinny
. k9 x; V( |# M: p- n inspect esmtp
' S4 Q" e9 i) | inspect sqlnet
! s$ ]- ]; m7 V8 F inspect sunrpc
, e& |1 }9 V4 R inspect tftp
& ]: b R3 _' h6 P- ?) F, q inspect sip
8 v3 Y5 E! ?) e0 w) a inspect xdmcp
. n- G' L5 {7 { inspect icmp
0 K W" v2 N+ s3 B. N9 _# b inspect http url-filters
, X' V; y+ c0 d- }* W M class netflow-export-class+ m: b2 I1 T& J6 \) W; o5 d$ C
flow-export event-type all destination 192.168.100.38 192.168.100.19; w& D+ p& C5 x- a6 F
!
% O; ]) x, w- Mservice-policy global_policy global
% T" `! o: F1 Mservice-policy Traffic-pri interface inside2 {5 s8 S: W3 W4 e `
service-policy Traffic-pri interface outside7 x4 @3 j8 [8 C: s
prompt hostname context ) P+ }; M6 @! M T; t
Cryptochecksum:858d1e014e446a3fd5c3ab5cfc3aee03
7 n" q& p! L7 \# i' P" \0 P! X: end |
|
所有IT类厂商认证考试题库下载
【新盟教育】2023最新华为HCIA全套视频合集【网工基础全覆盖】---国sir公开课合集
【新盟教育】网工小白必看的!2023最新版华为认证HCIA Datacom零基础全套实战课
原创_超融合自动化运维工具cvTools
重量级~~30多套JAVA就业班全套 视频教程(请尽快下载,链接失效后不补)
链接已失效【超过几百G】EVE 国内和国外镜像 全有了 百度群分享
某linux大佬,积累多年的电子书(约300本)
乾颐堂现任明教教主Python完整版
乾颐堂 教主技术进化论 2018-2019年 最新31-50期合集视频(各种最新技术杂谈视频)
Python学习视频 0起点视频 入门到项目实战篇 Python3.5.2视频教程 共847集 能学102天
约21套Python视频合集 核心基础视频教程(共310G,已压缩)
最新20180811录制 IT爱好者-清风羽毛 - 网络安全IPSec VPN实验指南视频教程
最新20180807录制EVE开机自启动虚拟路由器并桥接物理网卡充当思科路由器
[复制链接]
