设为首页收藏本站language 语言切换
开启辅助访问 切换到宽版

鸿鹄论坛

 找回密码
 论坛注册

QQ登录

先注册再绑定QQ

鸿鹄论坛»鸿鹄论坛 ≡□≡技术专题≡□≡ 网络管理 asa5510已配置ipsecVPN,隧道已建立,但是偶尔能ping通 ...
返回列表 发新帖
查看: 1487|回复: 3
收起左侧

asa5510已配置ipsecVPN,隧道已建立,但是偶尔能ping通,两边配置都没问题,求指教

[复制链接]
wyabys
发表于 2020-7-6 14:57:14 | 显示全部楼层 |阅读模式
本帖最后由 wyabys 于 2020-7-6 15:05 编辑

asa5510已配置ipsecVPN,隧道已建立,但是偶尔能ping通,两边配置应该都没问题,否则也不能偶尔通,(本段ip:121.22.17.22,内网:172.19.1.0)(对端ip:93.241.23.55,内网:172.17.1.0),之前是正常的,只是更改了一下对端IP就不行了,红色字体的一直no不掉,不知道为什么,配置里内网做了一些限速,求指教

ASA Version 8.0(4)
!
hostname 123
domain-name default.domain.invalid
enable password 2PBLHHcqywCij5wW encrypted
passwd 2PBLHHcqywCij5wW encrypted
names
dns-guard
!
interface Ethernet0/0
nameif outside
security-level 0
ip address 121.22.17.22 255.255.255.248
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 172.19.1.1 255.255.0.0
!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
!
boot system disk0:/asa804-k8.bin
boot system disk0:/flash
ftp mode passive
clock timezone CST 8
dns server-group DefaultDNS
domain-name default.domain.invalid
access-list 102 extended permit icmp any any
access-list 102 extended permit ip any any
access-list 102 extended permit tcp any any
access-list 102 extended permit udp any any
access-list rate_limit_1 extended permit ip any host 172.19.1.13
access-list altendorf_limit_1 extended permit ip any host 172.19.1.13
access-list altendorf_limit_1 extended permit ip host 172.19.1.13 any
access-list altendorf_limit_2 extended permit ip host 172.19.1.14 any
access-list altendorf_limit_2 extended permit ip any host 172.19.1.14
access-list altendorf_limit_3 extended permit ip any host 172.19.1.15
access-list altendorf_limit_3 extended permit ip host 172.19.1.15 any
access-list altendorf_limit_201 extended permit ip any host 172.19.1.201
access-list altendorf_limit_201 extended permit ip host 172.19.1.201 any
access-list altendorf_limit_4 extended permit ip any host 172.19.1.17
access-list altendorf_limit_4 extended permit ip host 172.19.1.17 any
access-list altendorf_limit_5 extended permit ip host 172.19.1.18 any
access-list altendorf_limit_5 extended permit ip any host 172.19.1.18
access-list altendorf_limit_6 extended permit ip any host 172.19.1.19
access-list altendorf_limit_6 extended permit ip host 172.19.1.19 any
access-list altendorf_limit_7 extended permit ip any host 172.19.1.21
access-list altendorf_limit_7 extended permit ip host 172.19.1.21 any
access-list altendorf_limit_8 extended permit ip any host 172.19.1.22
access-list altendorf_limit_8 extended permit ip host 172.19.1.22 any
access-list altendorf_limit_9 extended permit ip any host 172.19.1.23
access-list altendorf_limit_9 extended permit ip host 172.19.1.23 any
access-list altendorf_limit_10 extended permit ip host 172.19.1.24 any
access-list altendorf_limit_10 extended permit ip any host 172.19.1.24
access-list altendorf_limit_11 extended permit ip any host 172.19.1.25
access-list altendorf_limit_11 extended permit ip host 172.19.1.25 any
access-list altendorf_limit_12 extended permit ip host 172.19.1.26 any
access-list altendorf_limit_12 extended permit ip any host 172.19.1.26
access-list altendorf_limit_13 extended permit ip any host 172.19.1.27
access-list altendorf_limit_13 extended permit ip host 172.19.1.27 any
access-list altendorf_limit_14 extended permit ip host 172.19.1.29 any
access-list altendorf_limit_14 extended permit ip any host 172.19.1.29
access-list altendorf_limit_15 extended permit ip any host 172.19.1.30
access-list altendorf_limit_15 extended permit ip host 172.19.1.30 any
access-list altendorf_limit_16 extended permit ip any host 172.19.1.31
access-list altendorf_limit_16 extended permit ip host 172.19.1.31 any
access-list altendorf_limit_17 extended permit ip any host 172.19.1.32
access-list altendorf_limit_17 extended permit ip host 172.19.1.32 any
access-list altendorf_limit_18 extended permit ip any host 172.19.1.33
access-list altendorf_limit_18 extended permit ip host 172.19.1.33 any
access-list altendorf_limit_19 extended permit ip any host 172.19.1.34
access-list altendorf_limit_19 extended permit ip host 172.19.1.34 any
access-list altendorf_limit_20 extended permit ip any host 172.19.1.35
access-list altendorf_limit_20 extended permit ip host 172.19.1.35 any
access-list altendorf_limit_200 extended permit ip any host 192.168.1.200
access-list altendorf_limit_200 extended permit ip host 192.168.1.200 any
access-list altendorf_limit_21 extended permit ip host 192.168.1.36 any
access-list altendorf_limit_21 extended permit ip any host 192.168.1.36
access-list altendorf_limit_22 extended permit ip any host 192.168.1.37
access-list altendorf_limit_22 extended permit ip host 192.168.1.37 any
access-list altendorf_limit_23 extended permit ip host 192.168.1.38 any
access-list altendorf_limit_23 extended permit ip any host 192.168.1.38
access-list altendorf_limit_24 extended permit ip any host 192.168.1.39
access-list altendorf_limit_24 extended permit ip host 192.168.1.39 any
access-list altendorf_limit_25 extended permit ip host 192.168.1.40 any
access-list altendorf_limit_25 extended permit ip any host 192.168.1.40
access-list no-nat extended permit ip 172.19.0.0 255.255.0.0 172.17.0.0 255.255.0.0
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu management 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-621.bin
asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list no-nat
nat (inside) 1 0.0.0.0 0.0.0.0
access-group 102 in interface outside
route outside 0.0.0.0 0.0.0.0 121.22.17.22 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
aaa authentication telnet console LOCAL
aaa authentication http console LOCAL
aaa authentication ssh console LOCAL
http server enable
http 172.19.0.0 255.255.0.0 management
http 192.168.1.0 255.255.255.0 management
http 172.19.1.0 255.255.255.0 inside
http 192.168.1.0 255.255.255.0 inside
http 172.19.1.1 255.255.255.255 inside
http 0.0.0.0 0.0.0.0 inside
http 172.19.0.0 255.255.0.0 inside
http 0.0.0.0 0.0.0.0 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
sysopt noproxyarp inside
crypto ipsec transform-set MODP1536 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec security-association lifetime seconds 7800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map modp1536 5 set security-association lifetime seconds 28800
crypto map modp1536 5 set security-association lifetime kilobytes 4608000
crypto map MODP1536 5 match address no-nat
crypto map MODP1536 5 set peer 93.241.23.55
crypto map MODP1536 5 set transform-set MODP1536 ESP-AES-256-MD5
crypto map MODP1536 5 set security-association lifetime seconds 3600
crypto map MODP1536 5 set security-association lifetime kilobytes 4608000
crypto map MODP1536 interface outside
crypto isakmp enable outside
crypto isakmp policy 5
authentication pre-share
encryption aes-256
hash md5
group 5
lifetime 7800
crypto isakmp ipsec-over-tcp port 10000
telnet 172.19.0.0 255.255.0.0 inside
telnet timeout 1440
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 5
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl encryption des-sha1 rc4-md5
username admin password EzH4h5qCGNuSog7q encrypted
username altendorf password d/27h.BL0Vb2LK7b encrypted
username altendor nopassword
tunnel-group 93.241.23.55 type ipsec-l2l
tunnel-group 93.241.23.55 ipsec-attributes
pre-shared-key *
tunnel-group-map default-group 93.241.23.55
!
class-map altendorf_limit_19
match access-list altendorf_limit_19
class-map altendorf_limit_18
match access-list altendorf_limit_18
class-map altendorf_limit_11
match access-list altendorf_limit_11
class-map altendorf_limit_22
match access-list altendorf_limit_22
class-map rate_limit1
match access-list rate_limit_1
class-map altendorf_limit_10
match access-list altendorf_limit_10
class-map altendorf_limit_23
match access-list altendorf_limit_23
class-map altendorf_limit_13
match access-list altendorf_limit_13
class-map altendorf_limit_20
match access-list altendorf_limit_20
class-map altendorf_limit_12
match access-list altendorf_limit_12
class-map altendorf_limit_21
match access-list altendorf_limit_21
class-map altendorf_limit_15
match access-list altendorf_limit_15
class-map altendorf_limit_14
match access-list altendorf_limit_14
class-map altendorf_limit_17
match access-list altendorf_limit_17
class-map altendorf_limit_24
match access-list altendorf_limit_24
class-map altendorf_limit_16
match access-list altendorf_limit_16
class-map altendorf_limit_25
match access-list altendorf_limit_25
class-map altendorf_limit_8
match access-list altendorf_limit_8
class-map altendorf_limit_9
match access-list altendorf_limit_9
class-map altendorf_limit_1
match access-list altendorf_limit_1
class-map altendorf_limit_2
match access-list altendorf_limit_2
class-map altendorf_limit_200
match access-list altendorf_limit_200
class-map inspection_default
match default-inspection-traffic
class-map altendorf_limit_3
match access-list altendorf_limit_3
class-map altendorf_limit_201
match access-list altendorf_limit_201
class-map altendorf_limit_4
match access-list altendorf_limit_4
class-map altendorf_limit_5
match access-list altendorf_limit_5
class-map altendorf_limit_6
match access-list altendorf_limit_6
class-map altendorf_limit_7
match access-list altendorf_limit_7
!
!
policy-map altendorf_limit
class altendorf_limit_1
  police input 1638000 3276000
  police output 1638000 3276000
class altendorf_limit_2
  police input 1638000 3276000
  police output 1638000 3276000
class altendorf_limit_3
  police input 1638000 3276000
  police output 1638000 3276000
class altendorf_limit_201
  police input 1638000 3276000
  police output 1638000 3276000
class altendorf_limit_4
  police input 1638000 3276000
  police output 1638000 3276000
class altendorf_limit_5
  police input 1638000 3276000
  police output 1638000 3276000
class altendorf_limit_6
  police input 1638000 3276000
  police output 1638000 3276000
class altendorf_limit_7
  police input 1638000 3276000
  police output 1638000 3276000
class altendorf_limit_8
  police input 1638000 3276000
  police output 1638000 3276000
class altendorf_limit_9
  police input 1638000 3276000
  police output 1638000 3276000
class altendorf_limit_10
  police input 1638000 3276000
  police output 1638000 3276000
class altendorf_limit_11
  police input 1638000 3276000
  police output 1638000 3276000
class altendorf_limit_12
  police input 1638000 3276000
  police output 1638000 3276000
class altendorf_limit_13
  police input 1638000 3276000
  police output 1638000 3276000
class altendorf_limit_14
  police input 1638000 3276000
  police output 1638000 3276000
class altendorf_limit_15
  police input 1638000 3276000
  police output 1638000 3276000
class altendorf_limit_16
  police input 1638000 3276000
  police output 1638000 3276000
class altendorf_limit_17
  police input 1638000 3276000
  police output 1638000 3276000
class altendorf_limit_18
  police input 1638000 3276000
  police output 1638000 3276000
class altendorf_limit_19
  police input 1638000 3276000
  police output 1638000 3276000
class altendorf_limit_20
  police input 1638000 3276000
  police output 1638000 3276000
class altendorf_limit_200
  police input 1638000 3276000
  police output 1638000 3276000
class altendorf_limit_21
  police input 1638000 3276000
  police output 1638000 3276000
class altendorf_limit_22
  police input 1638000 3276000
  police output 1638000 3276000
class altendorf_limit_23
  police input 1638000 3276000
  police output 1638000 3276000
class altendorf_limit_24
  police input 1638000 3276000
  police output 1638000 3276000
class altendorf_limit_25
  police input 1638000 3276000
  police output 1638000 3276000
policy-map type inspect dns migrated_dns_map_1
parameters
  message-length maximum 512
policy-map global_policy
class inspection_default
  inspect dns migrated_dns_map_1
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
!
service-policy global_policy global
service-policy altendorf_limit interface inside
prompt hostname context
Cryptochecksum:b9562aedd104f6199e985ddacaec026b
: end



回复

使用道具 举报

战神jsh
发表于 2020-11-20 10:38:37 | 显示全部楼层
你发到思科专栏里,找大神们看下
沙发 2020-11-20 10:38:37 回复 收起回复
回复 支持 反对

使用道具 举报

shinyyork
发表于 2021-2-23 15:32:24 | 显示全部楼层
你改對端IP 有連crypto map中的peer ip一起改嗎? 改完還要檢查acl有沒有過 至於no不掉~ 通常是系統預設值 ! 你可以改改看數字 看是不是可以改,不能改就是預設值! 真的要實驗才知道!
板凳 2021-2-23 15:32:24 回复 收起回复
回复 支持 反对

使用道具 举报

815229639
发表于 2021-11-24 22:38:34 | 显示全部楼层
得找思科的
地板 2021-11-24 22:38:34 回复 收起回复
回复 支持 反对

使用道具 举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 论坛注册

本版积分规则

QQ|Archiver|手机版|小黑屋|sitemap|鸿鹄论坛 ( 京ICP备14027439号 )  

GMT+8, 2025-2-2 21:46 , Processed in 0.085876 second(s), 13 queries , Redis On.  

  Powered by Discuz!

  © 2001-2025 HH010.COM

快速回复 返回顶部 返回列表