思科ASA5512X接华为S5700三层死活上不去网

coolwushan

有大神帮忙看看嘛？思科ASA5512X防火墙配好了G0/5口直接接PC就可以上网，但是这个口下接华为S5700三层就不能上网了，为什么啊，能帮我看看配置吗？
思科ASA5512X

asa5512(config-if)# show run

: Saved

:

: Serial Number: FCH17497W5X

: Hardware:   ASA5512, 4096 MB RAM, CPU Clarkdale 2792 MHz, 1 CPU (2 cores)

:

ASA Version 9.6(2)

!

hostname asa5512

enable password 8Ry2YjIyt7RRXU24 encrypted

names

!

interface GigabitEthernet0/0

nameif outside

security-level 0

pppoe client vpdn group ainy

ip address pppoe setroute

!

interface GigabitEthernet0/1

shutdown

no nameif

no security-level

no ip address

!

interface GigabitEthernet0/2

shutdown

no nameif

no security-level

no ip address

!

interface GigabitEthernet0/3

shutdown

no nameif

no security-level

no ip address

!

interface GigabitEthernet0/4

nameif ftp

security-level 90

ip address 10.0.1.1 255.255.255.0

!

interface GigabitEthernet0/5

nameif inside

security-level 100

ip address 10.0.0.1 255.255.255.0

!

interface Management0/0

management-only

nameif guanli

security-level 100

no ip address

!

ftp mode passive

object network real-192.168.3.0

subnet 192.168.3.0 255.255.255.0

object network map-10.0.0.1

host 10.0.0.1

object-group network shengshi

network-object 10.0.0.0 255.255.255.0

access-list inside extended permit icmp any any

access-list inside extended permit ip any any

access-list outside extended permit icmp any any

access-list outside extended permit ip any any

access-list 100 extended permit icmp any any

access-list 100 extended permit ip any any

access-list 110 extended permit ip any any

pager lines 24

logging asdm informational

mtu outside 1500

mtu ftp 1500

mtu inside 1500

mtu guanli 1500

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-762.bin

no asdm history enable

arp timeout 14400

no arp permit-nonconnected

arp rate-limit 8192

nat (inside,outside) source dynamic shengshi interface

access-group 100 in interface outside

access-group 110 in interface inside

route inside 172.16.38.0 255.255.255.0 10.0.0.2 1

route inside 192.168.3.0 255.255.255.0 10.0.0.2 1

route inside 192.168.7.0 255.255.255.0 10.0.0.2 1

route inside 192.168.11.0 255.255.255.0 10.0.0.2 1

route inside 192.168.15.0 255.255.255.0 10.0.0.2 1

timeout xlate 3:00:00

timeout pat-xlate 0:00:30

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

timeout conn-holddown 0:00:15

user-identity default-domain LOCAL

aaa authentication ssh console LOCAL

aaa authentication telnet console LOCAL

http server enable

http 0.0.0.0 0.0.0.0 inside

http 10.0.0.0 255.255.255.0 inside

http 0.0.0.0 0.0.0.0 outside

no snmp-server location

no snmp-server contact

crypto ipsec security-association pmtu-aging infinite

crypto ca trustpool policy

telnet 0.0.0.0 0.0.0.0 inside

telnet timeout 5

ssh stricthostkeycheck

ssh 0.0.0.0 0.0.0.0 inside

ssh timeout 5

ssh key-exchange group dh-group1-sha1

console timeout 0

vpdn group ainy request dialout pppoe

vpdn group ainy localname 880000060822

vpdn group ainy ppp authentication pap

vpdn username 880000060822 password *****

dhcpd auto_config outside

!

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

dynamic-access-policy-record DfltAccessPolicy

username sshyadmin password RRytp7jSxPlt70DD encrypted

username webadmin password NEeb6Vrzr6UDxhQS encrypted

username admin password eY/fQXw7Ure8Qrz7 encrypted

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

parameters

  message-length maximum client auto

  message-length maximum 512

  no tcp-inspection

policy-map global_policy

class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect rsh

  inspect rtsp

  inspect esmtp

  inspect sqlnet

  inspect skinny  

  inspect sunrpc

  inspect xdmcp

  inspect sip  

  inspect netbios

  inspect tftp

  inspect ip-options

!

service-policy global_policy global

prompt hostname context

no call-home reporting anonymous

Cryptochecksum:a91374c9edf4d9c5f7b5e1445006eb6f

: end

华为S5700三层交换机

sys

sys S5700

dhcp enable

vlan batch 3 7 11 15

int vlanif 3

ip address 192.168.3.254 24

dhcp select interface

dhcp server dns-list 114.114.114.114 8.8.8.8

dhcp server excluded-ip-address 192.168.3.1 192.168.3.49

dhcp server lease day 1 hour 0 minute 0

int vlanif 7

ip address 192.168.7.254 24

dhcp select interface

dhcp server dns-list 114.114.114.114 8.8.8.8

dhcp server excluded-ip-address 192.168.7.1 192.168.7.49

dhcp server lease day 1 hour 0 minute 0

int vlanif 11

ip address 192.168.11.254 24

dhcp select interface

dhcp server dns-list 114.114.114.114 8.8.8.8

dhcp server excluded-ip-address 192.168.11.1 192.168.11.49

dhcp server lease day 1 hour 0 minute 0

int g0/0/3

port link-type trunk

port trunk allow-pass vlan 3

port trunk pvid vlan 3

int g0/0/7

port link-type trunk

port trunk allow-pass vlan 7

port trunk pvid vlan 7

int g0/0/11

port link-type trunk

port trunk allow-pass vlan 11

port trunk pvid vlan 11

int vlanif 15

ip address 192.168.15.254 24

int g0/0/15

port link-type trunk

port trunk allow-pass vlan 15

port trunk pvid vlan 15

dhcp select interface

dhcp server dns-list 8.8.8.8 114.114.114.114

dhcp server excluded-ip-address 192.168.15.1 192.168.15.49

dhcp server lease day 1 hour 0 minute 0

int g0/0/19

port link-type trunk

port trunk allow-pass vlan 15

port trunk pvid vlan 15

vlan 26

int vlanif 26

ip address 10.0.0.2 24

int g0/0/26

port link-type access

port default vlan 26

Lapot16

Thanks for sharing !!

13806196060

不难呀。花钱帮你搞定。。。。

mop_cs

兄弟，S5700的路由呢？最起码要一跳默认路由吧.

517408378

VPN学习学习

小黎来学习

没有默认路由啊