此实验通过VMware做的 ASA5520
ciscoasa# show run
: Saved
:
ASA Version 8.0(2)
!
hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted
names
!
interface Ethernet0/0
nameif outside
security-level 0
ip address 198.1.1.1 255.255.255.0
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 192.168.1.119 255.255.255.0
!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/4
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/5
shutdown
no nameif
no security-level
no ip address
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
access-list go-*** extended permit ip 192.168.1.0 255.255.255.0 192.168.10.0 255.255.255.0
access-list split-ssl extended permit ip 192.168.1.0 255.255.255.0 any
pager lines 24
mtu outside 1500
mtu inside 1500
ip local pool ssl-user 192.168.10.1-192.168.10.99
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm p_w_picpath disk0:/asdm-621.bin
no asdm history enable
arp timeout 14400
nat (inside) 0 access-list go-***
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
aaa authentication http console LOCAL
http server enable
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
no crypto isakmp nat-traversal
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
!
service-policy global_policy global
web***
enable outside
svc p_w_picpath disk0:/sslclient-win-1.1.4.179.pkg 1
svc enable
tunnel-group-list enable
group-policy myssl***-group-policy internal
group-policy myssl***-group-policy attributes
***-tunnel-protocol svc web***
split-tunnel-policy tunnelspecified
split-tunnel-network-list value split-ssl
web***
svc ask enable
username test001 password i1lji/GiOWB67bAs encrypted
username test001 attributes
***-group-policy myssl***-group-policy
username cisco password 3USUcOPFUiMCO4Jk encrypted privilege 15
tunnel-group myssl***-group type remote-access
tunnel-group myssl***-group general-attributes
address-pool ssl-user
tunnel-group myssl***-group web***-attributes
group-alias groups enable
prompt hostname context
Cryptochecksum:c01fa20ddbf4bf5c2cde1524ff238b85
: end
: Saved
:
ASA Version 8.0(2)
!
hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted
names
!
interface Ethernet0/0
nameif outside
security-level 0
ip address 198.1.1.1 255.255.255.0
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 192.168.1.119 255.255.255.0
!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/4
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/5
shutdown
no nameif
no security-level
no ip address
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
access-list go-*** extended permit ip 192.168.1.0 255.255.255.0 192.168.10.0 255.255.255.0
access-list split-ssl extended permit ip 192.168.1.0 255.255.255.0 any
pager lines 24
mtu outside 1500
mtu inside 1500
ip local pool ssl-user 192.168.10.1-192.168.10.99
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm p_w_picpath disk0:/asdm-621.bin
no asdm history enable
arp timeout 14400
nat (inside) 0 access-list go-***
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
aaa authentication http console LOCAL
http server enable
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
no crypto isakmp nat-traversal
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
!
service-policy global_policy global
web***
enable outside
svc p_w_picpath disk0:/sslclient-win-1.1.4.179.pkg 1
svc enable
tunnel-group-list enable
group-policy myssl***-group-policy internal
group-policy myssl***-group-policy attributes
***-tunnel-protocol svc web***
split-tunnel-policy tunnelspecified
split-tunnel-network-list value split-ssl
web***
svc ask enable
username test001 password i1lji/GiOWB67bAs encrypted
username test001 attributes
***-group-policy myssl***-group-policy
username cisco password 3USUcOPFUiMCO4Jk encrypted privilege 15
tunnel-group myssl***-group type remote-access
tunnel-group myssl***-group general-attributes
address-pool ssl-user
tunnel-group myssl***-group web***-attributes
group-alias groups enable
prompt hostname context
Cryptochecksum:c01fa20ddbf4bf5c2cde1524ff238b85
: end
转载于:https://blog.51cto.com/tsinglins/265695
2163
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
