设为首页收藏本站language 语言切换
查看: 2792|回复: 2
收起左侧

[已解决] cisco ASA 防火墙,,,,VPN客户端可以获取IP地址,但是PING不通防火墙内网地址

[复制链接]
发表于 2012-2-28 02:02:04 | 显示全部楼层 |阅读模式
cisco ASA 防火墙,,,,VPN客户端可以获取IP地址,但是PING不通防火墙内网地址 以下是配置,其中删除了没用的,
ciscoasa# show runASA Version 8.0(2) !hostname ciscoasaenable password 8Ry2YjIyt7RRXU24 encryptednames!interface Ethernet0/0 nameif outside security-level 0 ip address 12.1.1.1 255.255.255.0 !interface Ethernet0/1 nameif inside security-level 100 ip address 192.168.1.1 255.255.255.0 !access-list outin extended permit icmp any any access-list outin extended permit tcp any any access-list no-nat extended permit ip 192.168.1.0 255.255.255.0 192.168.10.0 255.255.255.0 access-list sdfl extended permit ip 192.168.1.0 255.255.255.0 any !ip local pool vpnpool 192.168.10.100-192.168.10.199!global (outside) 1 interfacenat (inside) 0 access-list no-natnat (inside) 1 0.0.0.0 0.0.0.0access-group outin in interface outsideroute outside 0.0.0.0 0.0.0.0 12.1.1.2 1!crypto ipsec transform-set ccsp esp-3des esp-sha-hmac crypto dynamic-map mydvpn 10 set transform-set ccspcrypto dynamic-map mydvpn 10 set reverse-routecrypto map cisco 10 ipsec-isakmp dynamic mydvpncrypto map cisco interface outsidecrypto isakmp enable outsidecrypto isakmp policy 10 authentication pre-share encryption 3des hash sha group 2 lifetime 86400!group-policy mypolicy internalgroup-policy mypolicy attributes split-tunnel-policy tunnelspecified split-tunnel-network-list value sdflusername 8126350abc password trFm/4tS63LT1l8m encryptedusername cisco password 3USUcOPFUiMCO4Jk encryptedtunnel-group myvpn type remote-accesstunnel-group myvpn general-attributes address-pool vpnpool authentication-server-group (outside) LOCAL default-group-policy mypolicytunnel-group myvpn ipsec-attributes pre-shared-key *: end
 楼主| 发表于 2012-2-28 02:02:55 | 显示全部楼层
ciscoasa# show run
ASA Version 8.0(2)
!
hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted
names
!
interface Ethernet0/0
nameif outside
security-level 0
ip address 12.1.1.1 255.255.255.0
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
access-list outin extended permit icmp any any
access-list outin extended permit tcp any any
access-list no-nat extended permit ip 192.168.1.0 255.255.255.0 192.168.10.0 255.255.255.0
access-list sdfl extended permit ip 192.168.1.0 255.255.255.0 any
!
ip local pool vpnpool 192.168.10.100-192.168.10.199
!
global (outside) 1 interface
nat (inside) 0 access-list no-nat
nat (inside) 1 0.0.0.0 0.0.0.0
access-group outin in interface outside
route outside 0.0.0.0 0.0.0.0 12.1.1.2 1
!
crypto ipsec transform-set ccsp esp-3des esp-sha-hmac
crypto dynamic-map mydvpn 10 set transform-set ccsp
crypto dynamic-map mydvpn 10 set reverse-route
crypto map cisco 10 ipsec-isakmp dynamic mydvpn
crypto map cisco interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
!
group-policy mypolicy internal
group-policy mypolicy attributes
split-tunnel-policy tunnelspecified
split-tunnel-network-list value sdfl
username 8126350abc password trFm/4tS63LT1l8m encrypted
username cisco password 3USUcOPFUiMCO4Jk encrypted
tunnel-group myvpn type remote-access
tunnel-group myvpn general-attributes
address-pool vpnpool
authentication-server-group (outside) LOCAL
default-group-policy mypolicy
tunnel-group myvpn ipsec-attributes
pre-shared-key *
: end
回复 支持 反对

举报

发表于 2013-9-2 20:58:44 | 显示全部楼层
楼主是怎么解决的
回复 支持 反对

举报

您需要登录后才可以回帖 登录 | 论坛注册

本版积分规则

QQ|Archiver|手机版|小黑屋|sitemap|鸿鹄论坛 ( 京ICP备14027439号 )  

GMT+8, 2025-7-26 08:59 , Processed in 0.126163 second(s), 23 queries , Redis On.  

  Powered by Discuz!

  © 2001-2025 HH010.COM

快速回复 返回顶部 返回列表