- 积分
- 331
- 鸿鹄币
- 个
- 好评度
- 点
- 精华
- 最后登录
- 1970-1-1
- 阅读权限
- 30
- 听众
- 收听
初级工程师
  
|
cisco ASA 防火墙,,,,VPN客户端可以获取IP地址,但是PING不通防火墙内网地址 以下是配置,其中删除了没用的,
ciscoasa# show runASA Version 8.0(2) !hostname ciscoasaenable password 8Ry2YjIyt7RRXU24 encryptednames!interface Ethernet0/0 nameif outside security-level 0 ip address 12.1.1.1 255.255.255.0 !interface Ethernet0/1 nameif inside security-level 100 ip address 192.168.1.1 255.255.255.0 !access-list outin extended permit icmp any any access-list outin extended permit tcp any any access-list no-nat extended permit ip 192.168.1.0 255.255.255.0 192.168.10.0 255.255.255.0 access-list sdfl extended permit ip 192.168.1.0 255.255.255.0 any !ip local pool vpnpool 192.168.10.100-192.168.10.199!global (outside) 1 interfacenat (inside) 0 access-list no-natnat (inside) 1 0.0.0.0 0.0.0.0access-group outin in interface outsideroute outside 0.0.0.0 0.0.0.0 12.1.1.2 1!crypto ipsec transform-set ccsp esp-3des esp-sha-hmac crypto dynamic-map mydvpn 10 set transform-set ccspcrypto dynamic-map mydvpn 10 set reverse-routecrypto map cisco 10 ipsec-isakmp dynamic mydvpncrypto map cisco interface outsidecrypto isakmp enable outsidecrypto isakmp policy 10 authentication pre-share encryption 3des hash sha group 2 lifetime 86400!group-policy mypolicy internalgroup-policy mypolicy attributes split-tunnel-policy tunnelspecified split-tunnel-network-list value sdflusername 8126350abc password trFm/4tS63LT1l8m encryptedusername cisco password 3USUcOPFUiMCO4Jk encryptedtunnel-group myvpn type remote-accesstunnel-group myvpn general-attributes address-pool vpnpool authentication-server-group (outside) LOCAL default-group-policy mypolicytunnel-group myvpn ipsec-attributes pre-shared-key *: end
|
|