CISCO ASA5510定义接口

searal
1 ℃
2020-03-09

整理文档很辛苦，赏杯茶钱您下走！

还剩 ... 页未读，继续阅读 >>

免费阅读已结束，点击下载阅读编辑剩下 ... 页

阅读已结束，您可以下载文档离线阅读编辑

资源描述

#####定义接口：interfaceEthernet0nameifoutsidesecurity-level0ipaddress218.247.1.162255.255.255.224interfaceEthernet1nameifinsidesecurity-level100ipaddress10.10.10.1255.255.255.0#####定义ACL：access-listno-natextendedpermitip10.10.10.0255.255.255.0192.168.200.0255.255.255.0access-listno-natextendedpermitip192.168.0.0255.255.0.0192.168.200.0255.255.255.0access-listto_vpnextendedpermitip192.168.0.0255.255.0.0192.168.200.0255.255.255.0access-listto_vpnextendedpermitip192.168.200.0255.255.255.0192.168.0.0255.255.0.0access-listto_vpnextendedpermitip10.10.10.0255.255.255.0192.168.200.0255.255.255.0access-listto_vpnextendedpermitip192.168.200.0255.255.255.010.10.10.0255.255.255.0access-listaaaextendedpermiticmpanyanyaccess-listaaaextendedpermitip192.168.200.0255.255.255.0any#####定义VPN地址池：iplocalpool1192.168.200.1-192.168.200.254mask255.255.255.0#####定义NAT转换：global(outside)1218.247.1.163nat(inside)0access-listno-natnat(inside)110.10.10.0255.255.255.0nat(inside)1192.168.0.0255.255.0.0#####将access-listaaa应用到outside接口上：access-groupaaaininterfaceoutside#####写路由：routeoutside0.0.0.00.0.0.0218.247.1.1611routeinside192.168.0.0255.255.0.010.10.10.21#####定义group组策略：group-policydymtvpninternalgroup-policydymtvpnattributesvpn-idle-timeout900split-tunnel-policytunnelspecifiedsplit-tunnel-network-listvalueto_vpn#####定义VPN用户名、密码：usernametestuserpasswordhr0jyWze24KV0pD1encryptedusernamelvdongpasswordaeL/Sov33qP3x/CMencrypted#####定义ipsec策略：cryptoipsectransform-setdymtvpnesp-3desesp-md5-hmac#####定义动态映射：cryptodynamic-mapdymtvpn10settransform-setdymtvpn#####将动态映射绑定到静态映射：cryptomapdymtvpn20ipsec-isakmpdynamicdymtvpn#####将静态映射应用到接口上：cryptomapdymtvpninterfaceoutside#####定义IKE：cryptoisakmpidentityaddresscryptoisakmpenableoutsidecryptoisakmppolicy10authenticationpre-shareencryption3deshashmd5group2lifetime86400#####定义隧道组：tunnel-groupdymtvpntypeipsec-ratunnel-groupdymtvpngeneral-attributesaddress-pool1authentication-server-group(outside)LOCALdefault-group-policydymtvpntunnel-groupdymtvpnipsec-attributespre-shared-key*ciscoasa#showrun:Saved:ASAVersion7.0(8)!hostnameciscoasaenablepassword8Ry2YjIyt7RRXU24encryptedpasswd2KFQnbNIdI.2KYOUencryptednamesdns-guard!interfaceEthernet0/0shutdownnonameifnosecurity-levelnoipaddress!interfaceEthernet0/1nameifinsidesecurity-level100ipaddress172.27.115.100255.255.255.0!interfaceEthernet0/2nameifoutsidesecurity-level0ipaddress10.1.1.100255.255.0.0!interfaceManagement0/0nameifmanagementsecurity-level100ipaddress192.168.1.1255.255.255.0management-only!ftpmodepassiveaccess-listacl_outsideextendedpermiticmpanyanypagerlines24loggingasdminformationalmtumanagement1500mtuinside1500mtuoutside1500noasdmhistoryenablearptimeout14400global(outside)1interfacenat(inside)1172.27.115.0255.255.255.0static(inside,outside)tcp10.1.1.200(inside,outside)tcp10.1.1.2008080172.25.115.18080netmask255.255.255.255static(inside,outside)tcp10.1.1.200ftp-data172.25.115.1ftp-datanetmask255.255.255.255static(inside,outside)tcp10.1.1.200ftp172.25.115.1ftpnetmask255.255.255.255access-groupacl_outsideininterfaceoutsiderouteoutside0.0.0.00.0.0.0255.255.0.01timeoutxlate3:00:00timeoutconn1:00:00half-closed0:10:00udp0:02:00icmp0:00:02timeoutsunrpc0:10:00h3230:05:00h2251:00:00mgcp0:05:00timeoutmgcp-pat0:05:00sip0:30:00sip_media0:02:00timeoutuauth0:05:00absolutehttpserverenablehttp192.168.1.0255.255.255.0managementnosnmp-serverlocationnosnmp-servercontactsnmp-serverenabletrapssnmpauthenticationlinkuplinkdowncoldstartcryptoipsecsecurity-associationlifetimeseconds28800cryptoipsecsecurity-associationlifetimekilobytes4608000telnettimeout5sshtimeout5consoletimeout0dhcpdaddress192.168.1.2-192.168.1.254managementdhcpdlease3600dhcpdping_timeout50dhcpdenablemanagement!class-mapinspection_defaultmatchdefault-inspection-traffic!!policy-mapglobal_policyclassinspection_defaultinspectdnsmaximum-length512inspectftpinspecth323h225inspecth323rasinspectrshinspectrtspinspectesmtpinspectsqlnetinspectskinnyinspectsunrpcinspectxdmcpinspectsipinspectnetbiosinspecttftp!service-policyglobal_policyglobalCryptochecksum:ee226ef9935acfa2262e800fcfaa0181:endciscoasa#insideIP是172.27.115.100，outsideIP是10.1.1.100172.27.115.1是FTP和还是不通，FTP也登陆不上去高手能帮看看问题是出在哪里吗？请提供相关命令，小弟在此跪谢了！！！