CA防火墙ASA配置（asa防火墙清除配置）

CA防火墙ASA配置（asa防火墙清除配置）

ASA Version 7.2(4) !hostname wlgs-outsidedomain-name wlgs-outside.comenable password tsjKg7JHkl3qMaXK encryptedpasswd tsjKg7JHkl3qMaXK encryptednamesdns-guard!interface GigabitEthernet0/0nameif outsidesecurity-level 0ip address 111.111.107.193 255.255.255.192 !interface GigabitEthernet0/1nameif insidesecurity-level 100ip address 192.168.15.254 255.255.255.0 !interface GigabitEthernet0/2shutdownno nameifno security-levelno ip address!interface GigabitEthernet0/3shutdownno nameifno security-levelno ip address!interface Management0/0nameif managementsecurity-level 100ip address 192.168.1.1 255.255.255.0 management-only!ftp mode passivedns server-group DefaultDNSdomain-name wlgs-outside.comaccess-list 109 extended permit ip host 10.65.160.102 any access-list 109 extended permit ip 192.168.30.0 255.255.255.0 any access-list 109 extended deny ip any any access-list no-nat extended permit ip 192.168.15.0 255.255.255.0 192.168.30.0 255.255.255.0 access-list vpnsplit standard permit 192.168.15.0 255.255.255.0 access-list split-ssl extended permit ip 192.168.15.0 255.255.255.0 any access-list 108 extended permit icmp any any pager lines 24logging asdm informationalmtu outside 1500mtu inside 1500mtu management 1500ip local pool vpn-pool 192.168.30.1-192.168.30.100 mask 255.255.255.0no failovericmp unreachable rate-limit 1 burst-size 1asdm image disk0:/ASDM-524.BINno asdm history enablearp timeout 14400nat (inside) 0 access-list no-natnat (inside) 1 0.0.0.0 0.0.0.0access-group 108 in interface outsideaccess-group split-ssl in interface insideroute outside 0.0.0.0 0.0.0.0 219.235.107.254 1timeout xlate 3:00:00timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00timeout sip-provisional-media 0:02:00 uauth 0:05:00 absoluteaaa authentication ssh console LOCAL server enable192.168.1.0 255.255.255.0 managementsnmp-server host outside 219.235.107.193 community publicno snmp-server locationno snmp-server contactsnmp-server community publicsnmp-server enable traps snmp authentication linkup linkdown coldstartsnmp-server enable traps syslogcrypto ipsec transform-set vpnset esp-3des esp-sha-hmac crypto dynamic-map dymap 10 set transform-set vpnsetcrypto dynamic-map dymap 10 set reverse-routecrypto map vpnmap 10 ipsec-isakmp dynamic dymapcrypto map vpnmap interface outsidecrypto isakmp identity address crypto isakmp enable outsidecrypto isakmp enable insidecrypto isakmp policy 10authentication pre-shareencryption 3deshash shagroup 2lifetime 86400crypto isakmp nat-traversal 20telnet timeout 5ssh 0.0.0.0 0.0.0.0 outsidessh 0.0.0.0 0.0.0.0 insidessh timeout 60console timeout 0management-access insidedhcpd address 192.168.1.2-192.168.1.254 managementdhcpd enable management!ssl encryption des-sha1 rc4-md5webvpnenable outsidesvc image disk0:/sslclient-win-1.1.0.154.pkg 1svc enabletunnel-group-list enablegroup-policy mysslvpn-group-policy internalgroup-policy mysslvpn-group-policy attributesvpn-tunnel-protocol webvpnsplit-tunnel-policy tunnelspecifiedsplit-tunnel-network-list value vpnsplitwebvpnsvc enablegroup-policy wlgs internalgroup-policy wlgs attributesvpn-idle-timeout 1800split-tunnel-policy tunnelspecifiedsplit-tunnel-network-list value vpnsplitusername test password P4ttSyrm33SV8TYp encryptedusername test attributesvpn-group-policy mysslvpn-group-policyusername webvpn password yLRmYA5FRKBhsE1j encryptedusername webvpn attributesvpn-group-policy mysslvpn-group-policyusername fenghuimin password jKr/TV8ffJpqYtHY encryptedusername datapart password cmuSZjj2pzwasn8i encryptedusername sunruichao password oqiShihZQ55e1wHo encryptedusername sunrc password ukmQRDeqEfWQZGTu encryptedtunnel-group wlgs type ipsec-ratunnel-group wlgs general-attributesaddress-pool vpn-poolauthentication-server-group (outside) LOCALdefault-group-policy wlgstunnel-group wlgs ipsec-attributespre-shared-key *tunnel-group mysslvpn-group type webvpntunnel-group mysslvpn-group general-attributesaddress-pool vpn-pooltunnel-group mysslvpn-group webvpn-attributesgroup-alias wlgs enable!class-map inspection_defaultmatch default-inspection-traffic!!policy-map type inspect dns migrated_dns_map_1parametersmessage-length maximum 512policy-map global_policyclass inspection_defaultinspect dns migrated_dns_map_1 inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp !service-policy global_policy globalprompt hostname context Cryptochecksum:66e9cd91eb0e03a762e085a8591d0dd7: end

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。