这是我配置的,要求从公网上pc能vpn拨入,可是就是拨不上,公网端是outside2,昨天发了没人理我,高手大侠们速速救我
0 k/ ~6 i; M4 Z1 O5 nASA Version 7.2(4)
! {# i. p. i8 A3 O2 [/ c!
3 C3 ?; {- u& ~: w) dhostname wlan2
* c7 F8 Y4 R1 E& K: henable password VIwoTD3r7KcGrQga encrypted
/ p; s3 w3 u) D3 ]* @3 O" spasswd 2KFQnbNIdI.2KYOU encrypted+ M. K+ ]3 E$ ~/ q' @
names
2 y& K* t1 ~! r) A. |dns-guard
( r, o3 }6 F5 D! I2 |" L0 F# W!
( B5 g* R3 m* g; r- ^/ Minterface GigabitEthernet0/0
* K/ T P/ C/ W7 L: y/ L A2 Odescription to-ipwan
! y( d' z. p, |4 J9 w% qno nameif
' F6 _3 X: K" @( K8 ?' Qsecurity-level 0
( r% D3 V" w2 xno ip address
4 q& ?+ R! `# k6 E: x!
]* p1 X, ^2 c; {interface GigabitEthernet0/0.1
$ S: y+ S: T9 H, E6 C7 mvlan 145
' q( b8 R/ P9 v, q# Znameif outside
( B3 ~* Q' A) {3 B* W7 }5 S* y4 u! Bsecurity-level 0
5 g# q' c- O0 B- l; Zip address 11.16.4.18 255.255.255.240 standby 11.16.4.19
M R1 {$ n# O- B0 d!& K/ Z- `) S8 f n
interface GigabitEthernet0/0.2- F# X* u4 J" R+ S) ?
vlan 146
N" m7 ^% W! l. g9 L' @' i: Fnameif outside28 Z5 C) l% b/ |9 B2 n9 ]' ?
security-level 0
7 k7 e' U" Y4 Bip address 211.239.30.66 255.255.255.240 standby 211.239.30.673 u# A: b, C0 @: J- n/ E2 F
!
! {/ W' f2 y. J( \2 hinterface GigabitEthernet0/1
7 |$ D9 C+ R9 e8 Z" n' G5 Q* N& Vdescription inside, H3 m" z2 C( V8 \4 S
nameif inside$ P( D0 ~, {" B" a! y# J/ i2 X
security-level 100- n: t& h6 J! }6 A6 w( X% B
ip address 10.1.1.1 255.255.255.0 standby 10.1.1.2
. K6 ?" C, r2 ^! N!' c C/ y \+ f% ]( X5 C
interface GigabitEthernet0/2
* u3 R: F9 j8 ~description to-DCN
* |6 u9 z% C2 g$ A" B* |6 ~nameif dmz
! B) |8 T3 }2 }# T- tsecurity-level 50* j9 r' C; X$ ? I. o9 N
ip address 136.65.5.100 255.255.255.08 H; _+ u8 C8 a
!
0 R% M5 f1 A. R3 Ginterface GigabitEthernet0/3
. z! c& d" W, x ^# ?8 d- Sdescription failover
- |2 ]8 F7 h1 ashutdown, B' n4 i; J2 o. {% t6 Y" \
no nameif
9 A0 R# t$ Z0 O1 h+ k- j# G% [no security-level
: l# U" D6 h% ^8 b5 k, \, Ano ip address
2 r0 X6 e: _( f$ G) {!
' x B! D) B1 B: a# kinterface Management0/0
5 T- c# Z1 p$ E. e: p5 t* Gnameif management
- B6 r# q; f5 e2 a$ Tsecurity-level 100& b7 t, N: F+ u' L
ip address 192.168.1.1 255.255.255.04 ^! B' e6 h0 [+ J
management-only+ x! w6 b: q& q" Y
!
* {' M) O0 z ~; c1 t1 n+ |ftp mode passive
( @. c# @, y- V" r) xaccess-list outside extended permit icmp any any$ X* y6 y7 d0 O; A! k q
access-list outside extended permit tcp any any
& ?+ { c$ ]* m3 o0 Q8 |# jaccess-list outside extended permit udp any any
3 @! J+ T+ }. K# V( u' i# T4 Haccess-list inside extended permit icmp any any# v& b: z0 N0 D. A& J
access-list inside extended permit tcp any any
! U; j3 Y. ]0 [' T0 J4 h) }access-list inside extended permit udp any any
. K( a" I) u8 a! V9 r {access-list outside2 extended permit icmp any any
2 R, D% H Q/ J* ?' ?9 Eaccess-list outside2 extended permit tcp any any
j8 D8 s3 M6 L* m0 B9 R% D, ^access-list dmz extended permit icmp any any# F/ _) ?* ^9 w4 u" c0 a
access-list dmz extended permit tcp any any6 S, ?5 ?. k: W% ]! w
access-list vpnnat0 extended permit ip 10.1.1.0 255.255.255.0 192.168.3.0 25
! D/ J' w# _) |5.255.0 log* D l( _. O0 e* R# J% q: e
pager lines 24
( L, |! Z. z6 R) W- n9 Qlogging asdm informational
' r0 x1 [, L I0 z v3 D% W' `/ q4 amtu outside 1500! O: q5 [* g( ]$ v! X
mtu outside2 1500
0 ^5 N- e% U& `; n) t$ _6 V3 Ymtu inside 15001 w8 Y# X ?6 ~' `) G* z1 A
mtu dmz 1500 b+ c4 s) U* w) A7 `; E
mtu management 1500& o; t1 E) K/ u
ip local pool remote 192.168.3.1-192.168.3.2003 k! {4 `/ |, `) @9 O2 I/ ]6 E
no failover. c# X' i+ Q( { O" b5 f+ m# P; T
icmp unreachable rate-limit 1 burst-size 1. N. c) v5 R$ s
icmp permit any outside% N( S7 b- ~7 U: _
icmp permit any outside27 ^: _6 j R3 @# X/ m6 Z4 b
icmp permit any inside" \0 T# I2 X N$ g+ {
icmp permit any dmz
" n! Y/ J: i6 U4 [asdm image disk0:/ASDM-524.BIN; ?. O5 @+ f& F, V$ X& ?9 F, c
no asdm history enable, I* ? B& w& ~; P2 s2 F
arp timeout 14400 m* k; H% x3 z& m% F) H. O$ r
nat (inside) 0 access-list vpnnat02 M- I" c4 Q9 S5 Z5 s
static (inside,dmz) 136.65.5.102 10.1.1.11 netmask 255.255.255.255
, z! _$ N7 Q# |8 v$ pstatic (inside,dmz) 136.65.5.101 10.1.1.10 netmask 255.255.255.255
0 L7 X: W) e/ S* o) Gstatic (inside,outside2) 211.239.30.68 10.1.1.11 netmask 255.255.255.255
# u/ Z/ }: u# L5 M2 b0 k/ |, pstatic (inside,outside2) 211.239.30.70 10.1.1.12 netmask 255.255.255.2554 B9 [0 j% T- s$ d t
static (inside,outside2) 211.239.30.71 10.1.1.13 netmask 255.255.255.255
$ k& i4 y1 Z6 N, c3 p% `static (inside,outside) 11.16.4.20 10.1.1.12 netmask 255.255.255.255/ s) Z5 I7 @& X8 D) i
static (inside,outside) 11.16.4.21 10.1.1.13 netmask 255.255.255.255) m! O+ k) L7 [, p% A/ g
static (inside,outside2) 211.239.30.69 10.1.1.10 netmask 255.255.255.2550 p- y' F8 U# Z, u# {5 ]8 c
access-group outside in interface outside0 L" L1 _1 S& A, s) H
access-group outside2 in interface outside2
2 ]/ r+ _4 \; Laccess-group inside in interface inside0 w& a* \3 Q& h9 {; }, F' E
access-group dmz in interface dmz$ T1 {( @9 E* Y5 l7 {6 z
route outside 10.0.0.0 255.0.0.0 11.16.4.17 12 z3 `( M: h" F B$ ?
route outside2 0.0.0.0 0.0.0.0 211.239.30.65 1$ y+ @$ q0 Y ?1 T
route inside 192.168.3.0 255.255.255.0 10.1.1.10 11 k+ G( O2 H- X- b- e. `7 M
route dmz 132.33.3.0 255.255.255.0 136.65.5.65 1
0 j! K/ d0 U5 x5 j- [) A$ ?. Ctimeout xlate 3:00:003 g5 c8 k, M6 D0 t* g' v" T: y* X
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
; O7 Q' L/ Q( X1 ?3 Xtimeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:6 U0 H' [& Z8 p5 _1 |: R
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:025 P3 x5 s1 u: |! K* j5 G' K$ g
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
: }4 o- h8 o5 Qhttp server enable
; ?& f/ m6 V6 Q2 L& ghttp 192.168.1.0 255.255.255.0 management, k& `. D- d% s* ]2 G! c' B p
no snmp-server location+ |) d8 S* u; V* M
no snmp-server contact
. s0 O$ U# z J7 j% O( l5 F' rsnmp-server enable traps snmp authentication linkup linkdown coldstart6 z7 o& C9 I3 J- O
crypto ipsec transform-set testset esp-des esp-md5-hmac
, ?, O; o5 Z j8 G" K4 T$ t% ocrypto dynamic-map testdyn 10 set transform-set testset
, R4 h! I+ w2 O( Bcrypto dynamic-map testdyn 10 set reverse-route
. h, {* C5 i! Qcrypto map testmap 20 ipsec-isakmp dynamic testdyn
$ p$ O: g+ y7 B8 Z. Y Kcrypto map testmap interface outside2' w5 ?4 ^6 I4 J, e0 ]
crypto isakmp enable outside2
0 t' Q1 @6 [6 R# k: n _6 ~crypto isakmp policy 102 f# h& ?' N& ^9 e. o
authentication pre-share
. ]+ D- W3 y/ ]) `encryption des
8 W# S3 D' d7 K- _3 C. U' jhash sha
# K7 a% d& n! n- G, z& agroup 1
, Y5 E, Z+ Z2 u/ Clifetime 864003 h n: w' Q$ V. c4 S4 S# B2 A* J
telnet 0.0.0.0 0.0.0.0 outside25 u4 W/ T' w/ t( e( l- ?
telnet 0.0.0.0 0.0.0.0 inside, D$ D: w6 m, ^( w# R1 Z/ K
telnet timeout 5" t( d: T q" U" u
ssh timeout 5
! w7 U d! v) p/ aconsole timeout 0
6 v0 U3 B8 j0 @, R) {dhcpd address 192.168.1.2-192.168.1.254 management
7 a, p* r9 `; Q# z# cdhcpd enable management, N3 s% r3 S6 F
!
0 c; ^3 u4 h0 t) i ?6 ^3 wssl encryption des-sha1 rc4-md5# }0 r0 L& ~2 T; I" ]( Y0 h* c
group-policy mygroup internal' V* V* R( \' F. o9 X
group-policy mygroup attributes
4 Z+ F2 O. @) i+ M) V5 Hsplit-tunnel-policy tunnelspecified
4 c6 ^2 u4 J: B6 A0 R5 L3 E) tsplit-tunnel-network-list value vpnnat0
3 y: w; m& ]& u- x6 cusername 1234 password xU6ws8pUOHLBXx9z encrypted
; K b6 K3 z. R7 z- Jusername cisco password 3USUcOPFUiMCO4Jk encrypted( p1 P. Y I0 T6 t! g
tunnel-group tsetgroup type ipsec-ra
7 x/ G6 }* e( H( L9 d1 i6 utunnel-group testgroup type ipsec-ra
8 c) a6 u5 H' g Q: y3 {tunnel-group testgroup general-attributes# f' Q; `; T4 i6 N+ @8 E
address-pool remote% m! e- K1 A& e4 m
default-group-policy mygroup! _8 U6 R- k1 {9 ~
tunnel-group testgroup ipsec-attributes2 @4 `, `5 x8 R, r) [
pre-shared-key *6 Y! ^6 I' @9 i: u: f6 c% A
!% {. Y z% D4 W. X6 _+ {
class-map inspection_default
* r) w0 [+ Y* |; ]" @+ ~match default-inspection-traffic5 X$ h/ p7 H* t3 \( z
!
/ W) z# u2 P% V* A!) C. l5 @' P; ]4 ~( C: _
policy-map type inspect dns migrated_dns_map_1
' U, {* \! P& ~0 {1 H( ?. E3 r. oparameters6 }3 N1 |3 P& G
message-length maximum 512
7 w( _; `' T1 c5 p) m% U1 A9 Z" _policy-map global_policy% u& F. L( C5 y$ {) y) e( K
class inspection_default+ K/ E! R" O7 n# _6 {( K* g
inspect dns migrated_dns_map_1
6 U& G+ ?- \7 N) M3 Ninspect ftp
1 o1 {7 W; x3 q* }; O# Einspect h323 h2252 Q, y' L# F2 L$ V4 T3 ]& C
inspect h323 ras
, h9 e/ X' t+ \# S. s7 Pinspect rsh2 a9 Q8 e1 b( t
inspect rtsp
5 D5 |' B: M9 L7 b: R1 v7 Yinspect esmtp# o, _* m; R" \9 {% ~: B1 w3 ?
inspect sqlnet- M' t1 ]0 `7 }8 Q$ B( A4 O
inspect skinny+ I/ q1 ^$ ^& S6 B T9 B
inspect sunrpc* z7 L: b3 _+ D- T( _- V& b1 c
inspect xdmcp/ C7 H- Y# a1 }& E) L& P; V4 [# A
inspect sip- ]* f7 K5 m+ M0 L3 W, D+ c
inspect netbios; p9 s0 K+ C5 }
inspect tftp
4 W- T& H1 C2 J4 E/ n!" W4 H8 B; {; @
service-policy global_policy global4 E4 [6 l, f! l* K8 _( \
prompt hostname context
) r( j7 q, [- h4 d$ v2 BCryptochecksum:5cdf5655a7a9767ba7cd6954a5ce5c70* a1 W P/ r) p) r M9 X
: end |
|
所有IT类厂商认证考试题库下载
【新盟教育】2023最新华为HCIA全套视频合集【网工基础全覆盖】---国sir公开课合集
【新盟教育】网工小白必看的!2023最新版华为认证HCIA Datacom零基础全套实战课
原创_超融合自动化运维工具cvTools
重量级~~30多套JAVA就业班全套 视频教程(请尽快下载,链接失效后不补)
链接已失效【超过几百G】EVE 国内和国外镜像 全有了 百度群分享
某linux大佬,积累多年的电子书(约300本)
乾颐堂现任明教教主Python完整版
乾颐堂 教主技术进化论 2018-2019年 最新31-50期合集视频(各种最新技术杂谈视频)
Python学习视频 0起点视频 入门到项目实战篇 Python3.5.2视频教程 共847集 能学102天
约21套Python视频合集 核心基础视频教程(共310G,已压缩)
最新20180811录制 IT爱好者-清风羽毛 - 网络安全IPSec VPN实验指南视频教程
最新20180807录制EVE开机自启动虚拟路由器并桥接物理网卡充当思科路由器
[复制链接]
