NMX防火墙ASA5510配置（思科防火墙asa5505配置手册）

NMX防火墙ASA5510配置（思科防火墙asa5505配置手册）

ASA Version 7.0(6) !hostname ciscoasadomain-name ciscoasa.comenable password 2KFQnbNIdI.2KYOU encryptednamesdns-guard!interface Ethernet0/0nameif outsidesecurity-level 0ip address 111.111.107.201 255.255.255.192 !interface Ethernet0/1nameif insidesecurity-level 100ip address 192.168.11.251 255.255.255.0 !interface Ethernet0/2shutdownno nameifno security-levelno ip address! interface Management0/0shutdownno nameifno security-levelno ip addressmanagement-only!passwd tsjKg7JHkl3qMaXK encryptedftp mode passiveaccess-list 101 extended permit icmp any any access-list no-nat extended permit ip 192.168.11.0 255.255.255.0 192.168.30.0 255.255.255.0 access-list vpnsplit standard permit 192.168.11.0 255.255.255.0 pager lines 24mtu outside 1500mtu inside 1500ip local pool vpn-pool 192.168.30.1-192.168.30.100 mask 255.255.255.0no asdm history enablearp timeout 14400nat (inside) 0 access-list no-natnat (inside) 1 0.0.0.0 0.0.0.0access-group 101 in interface outsideroute outside 0.0.0.0 0.0.0.0 219.235.107.254 1timeout xlate 3:00:00timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00timeout uauth 0:05:00 absolutegroup-policy wlgs internalgroup-policy wlgs attributesvpn-idle-timeout 1800split-tunnel-policy tunnelspecifiedsplit-tunnel-network-list value vpnsplitwebvpnusername test password P4ttSyrm33SV8TYp encryptedusername datapart password cmuSZjj2pzwasn8i encryptedusername sunruichao password oqiShihZQ55e1wHo encryptedaaa authentication ssh console LOCAL no snmp-server locationno snmp-server contactsnmp-server enable traps snmp authentication linkup linkdown coldstartcrypto ipsec transform-set vpnset esp-des esp-md5-hmac crypto dynamic-map dymap 10 set transform-set vpnsetcrypto dynamic-map dymap 10 set reverse-routecrypto map vpnmap 10 ipsec-isakmp dynamic dymapcrypto map vpnmap interface outsideisakmp identity address isakmp enable outsideisakmp enable insideisakmp policy 10 authentication pre-shareisakmp policy 10 encryption desisakmp policy 10 hash md5isakmp policy 10 group 2isakmp policy 10 lifetime 86400isakmp nat-traversal 20tunnel-group wlgs type ipsec-ratunnel-group wlgs general-attributesaddress-pool vpn-poolauthentication-server-group (outside) LOCALdefault-group-policy wlgstunnel-group wlgs ipsec-attributespre-shared-key *isakmp keepalive threshold 20telnet timeout 5ssh 219.235.107.0 255.255.255.0 outsidessh 0.0.0.0 0.0.0.0 outsidessh 0.0.0.0 0.0.0.0 insidessh timeout 60console timeout 0management-access inside!class-map inspection_defaultmatch default-inspection-traffic!!policy-map global_policyclass inspection_defaultinspect dns maximum-length 512 inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp !service-policy global_policy globalCryptochecksum:3016601c943eb848602796f63ed0ae41: end

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。