remote access vpn 已经做成功,连接很正常。但连通后,ping内网服务器的ip(159.46.5.0网段的),有的时候通,有的时候不通。请高手看看!配置如下) o: _# q1 I/ C1 c: Z
( B [( y2 c! E" O7 A7 b( E0 |
: Z9 R: T, l0 ^# X, M, }; ?!* D- j% X) P. [5 F# m% w
interface Ethernet0/0
& a& B* s" r; h! {& w0 A, g1 j nameif out; I: {) A2 e6 Z" ^& G' F
security-level 0# M' a! e) U4 G
ip address 59.42.158.242 255.255.255.248
6 E4 K( M" U/ q3 h!
% V% C$ S p/ ~interface Ethernet0/14 n6 l6 [* ]7 c w1 e# n R
nameif ins1 [3 x- n% Z; B8 |% \8 \
security-level 100
0 T3 {5 Y5 M% ]) `0 V- \7 Y0 o- [ ip address 159.46.30.1 255.255.255.0 - b N) C K' F! `, o
!
( J: O; X+ ^8 _boot system disk0:/asa722-k8.bin
, R) m2 b4 _9 Z9 Z+ n$ N% Dftp mode passive
3 O! q. g) ]# A s1 Bdns server-group DefaultDNS* y% b/ u! K7 O) e$ d- v! q
domain-name eluckygo.com- ~$ j6 M0 h0 n; o a" t! [9 ^- X6 D
access-list 100 extended permit ip any any
~" }+ U- K5 I1 iaccess-list 100 extended permit tcp any any
7 D2 S- K# w$ @: kaccess-list ins_nat0_outbound extended permit ip 159.46.5.0 255.255.255.0 159.46.40.0 255.255.255.128 1 L# p+ V9 y3 I6 W6 k$ w
access-list eluckygo_splitTunnelAcl standard permit 159.46.5.0 255.255.255.0
. q7 o( m" d0 K3 l* b, Gpager lines 24
, v) f3 K6 p' l, flogging asdm informational
# W9 m* P- o! ~& z2 dmtu out 15005 ~3 w8 \4 p2 _# P* F) [# h2 {1 _4 M
mtu ins 1500
$ ^/ c4 m6 X- r1 \6 M6 i2 A! ?! t$ Mmtu management 1500* n( Y9 E( x: @: s) _
ip local pool remote 159.46.40.10-159.46.40.100 mask 255.255.255.0+ }; o6 W& f4 |# H0 f, x, P
icmp unreachable rate-limit 1 burst-size 1. d' o% E5 ?' N" q8 ]/ ^! f
asdm image disk0:/asdm-507.bin# X* A2 E8 G( a+ U% L) {
no asdm history enable
/ z6 a# z* s) U7 p/ [% Rarp timeout 14400* y1 r- v" d+ y( C
global (out) 1 interface
, ~* e9 ^; a$ tnat (ins) 0 access-list ins_nat0_outbound
5 P5 ~+ s4 x7 N/ l7 z& |6 w/ Y% ?nat (ins) 1 0.0.0.0 0.0.0.0
3 `' {' X' {- V. @3 N6 Pstatic (ins,out) 59.42.158.244 159.46.5.13 netmask 255.255.255.255
1 o# I; s6 @+ p( w5 B8 u( |static (ins,out) 59.42.158.243 159.46.5.12 netmask 255.255.255.255 & ^, { I N3 W% q; D5 q8 ?
static (ins,out) 59.42.158.246 159.46.5.80 netmask 255.255.255.255 - E: s+ Q" s4 `+ h
access-group 100 in interface out H4 W) h7 u: e- H5 |( D
route out 0.0.0.0 0.0.0.0 59.42.158.241 11 }3 `$ s' |" E8 F
route ins 159.46.5.0 255.255.255.0 159.46.30.2 1
4 {+ ^# W& {0 p; ~8 Y! ~ z$ d, Troute ins 159.46.21.0 255.255.255.0 159.46.30.2 1
0 B' X+ D) j3 ~3 }3 iroute ins 159.46.11.0 255.255.255.0 159.46.30.2 1( w( f; u8 u* x) U5 G
timeout xlate 3:00:00
- T: }$ g& M5 t, M" N+ Stimeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:027 V3 k7 {; d$ R' P% w7 k# O$ F/ M
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
7 L6 H9 b/ M L2 y0 _9 z0 rtimeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
( D/ p1 ]8 R0 D* a- r' Rtimeout uauth 0:05:00 absolute% m: H. M4 f2 x4 ? q& s, h4 p
group-policy eluckygo internal% q. x" D1 Y4 C, K: c
group-policy eluckygo attributes
- M; x4 O, x* Z, Z dns-server value 202.96.128.166 202.96.128.860 m2 v7 R8 P, B7 q5 `
vpn-tunnel-protocol IPSec 7 U' b5 g+ B2 {1 T8 c+ l( J( R7 @ j
split-tunnel-policy tunnelspecified
* @% ~) e% b4 p S$ i9 ^3 k4 A- R8 _ split-tunnel-network-list value eluckygo_splitTunnelAcl
# F& Q: [ I1 j: q0 L default-domain value eluckygo.com" e1 X8 d3 f/ Y/ a# O; |
username 3dtgnt password G7JW/VOddMOcBc0F encrypted
8 n7 K1 m' ~5 m2 j' `! ?username eyes.com5 password LHjCcc5Dx99csJuz encrypted+ O# G. r% e) Q& N7 f
username eyes.com5 attributes
* Z6 @5 g2 T4 ` vpn-group-policy eluckygo& R6 \/ [* |; |8 l& H
2 V. ]: u, k( K7 M+ O2 u8 Qhttp server enable
* k( l' l0 l ?- _* Yhttp 192.168.1.0 255.255.255.0 management8 O; q, ~( n/ P" n
no snmp-server location
3 o: ^. R. i! H5 [: @no snmp-server contact8 }; _& y1 \9 I- s, t
snmp-server enable traps snmp authentication linkup linkdown coldstart- {9 K \0 ~8 m u
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac & i/ o5 K, i' s- L9 z$ x
crypto dynamic-map out_dyn_map 20 set transform-set ESP-3DES-SHA. k/ j' n! k+ a( w3 h2 [1 e: ]5 {% N A
crypto dynamic-map out_dyn_map 40 set transform-set ESP-3DES-SHA
; L, Z3 H* Q8 {! R {4 [crypto dynamic-map out_dyn_map 60 set transform-set ESP-3DES-SHA
8 T6 s* Y4 P6 |: k2 n ~crypto map out_map 65535 ipsec-isakmp dynamic out_dyn_map, n! I8 `8 g; B7 r' ~6 S# f
crypto map out_map interface out, Q# n, c( T, y
crypto isakmp enable out* R/ k. F1 F$ Q+ Q( k# t. j4 y. J" H# g
crypto isakmp policy 10 ]; ~( Y- l6 q- Y
authentication pre-share
9 ~3 s1 b* x! ~1 q encryption 3des2 w7 h! b" z& b% u8 v3 U z3 A
hash sha
+ y. \1 U9 J6 [& {+ D group 2
% e7 o8 B# v. {1 _6 Z) p lifetime 86400
3 y* v- n: B2 ^6 Xtunnel-group eluckygo type ipsec-ra
% D/ m% n" g+ m6 I6 atunnel-group eluckygo general-attributes
8 Y: W$ C0 @7 B address-pool remote6 b3 S+ J! n3 ^1 s% u; q
default-group-policy eluckygo# Y8 X; i* B, S4 O1 U' [
tunnel-group eluckygo ipsec-attributes: O, @% ~+ p, N$ u! v
pre-shared-key *
, B0 H7 E5 K2 Y( Ttelnet 159.46.5.0 255.255.255.0 ins. n% M. C8 z$ G: f/ [
telnet 159.46.30.0 255.255.255.0 ins8 \8 R) e2 D! J/ H5 M
telnet 159.46.5.11 255.255.255.255 ins
/ Y5 |' H4 f0 C7 X$ u# Ptelnet timeout 59 r1 w! v. W' l8 T ] t& i3 O
ssh 0.0.0.0 0.0.0.0 out* J. O8 h; `% e* g
ssh timeout 602 e6 C' H" f J% t p# ]
console timeout 0
+ H& |) t' B" k% Pdhcpd address 192.168.1.2-192.168.1.254 management$ [. z8 M0 v( ~4 @
dhcpd enable management* |' S' `9 a( r. j: U
!4 T# T4 I- A k: G7 x E3 t
class-map inspection_default! z% M' i5 ^" C% E5 O" L3 X
match default-inspection-traffic5 j$ R* D- m( X$ |) J
!: Q( S, | M& Z4 g
!
. @9 o1 g7 T A, M$ P: F, apolicy-map type inspect dns migrated_dns_map_19 e3 l# x1 N, b! P8 U* t
parameters
1 ?. `0 g5 Y( [" N) _' ^4 R6 m message-length maximum 512" A# S5 p8 ?7 M7 _
policy-map global_policy3 t" n* K( @* U2 S
class inspection_default
; v* b& {6 w2 f1 y+ h: Z( J inspect dns migrated_dns_map_1 - }1 }% D5 P: F9 ^) q3 n
inspect ftp 9 L# ~+ n6 I2 f T* T2 G
inspect h323 h225 ) i3 Q, ]# o9 Z# E4 q/ U. X
inspect h323 ras " ^) o7 e: a- r: w' e
inspect rsh 6 K5 s- X$ Y2 ?) F9 B& F( ]
inspect rtsp - F2 w8 P0 O0 A8 ]. i
inspect esmtp ' f) r; j8 ~& @' Y
inspect sqlnet 4 `9 [ \6 E2 l8 D ^
inspect skinny
' X0 i* ~; @# v B- A* r7 | inspect sunrpc
: y2 C6 j8 h& [# u* d8 { inspect xdmcp
; Y% ~: U0 x' }2 l9 I/ R$ m inspect sip 2 ~' u, i, w4 P( P* {
inspect netbios
( Q& Z% y2 B, B inspect tftp
) Z2 }. w& C. l h3 R; u* J! m inspect icmp 5 T% e: E# V% b6 q( ~
!! x9 Q9 u, k6 a1 u m5 T
service-policy global_policy global
1 B) u7 {8 A1 B4 f7 ]- a- H- B; Xprompt hostname context 5 i* e K# {$ m# k$ D% V
Cryptochecksum:0c3afefa2c1fe8c1a907a63d9ca07928 |
|
所有IT类厂商认证考试题库下载
【新盟教育】2023最新华为HCIA全套视频合集【网工基础全覆盖】---国sir公开课合集
【新盟教育】网工小白必看的!2023最新版华为认证HCIA Datacom零基础全套实战课
原创_超融合自动化运维工具cvTools
重量级~~30多套JAVA就业班全套 视频教程(请尽快下载,链接失效后不补)
链接已失效【超过几百G】EVE 国内和国外镜像 全有了 百度群分享
某linux大佬,积累多年的电子书(约300本)
乾颐堂现任明教教主Python完整版
乾颐堂 教主技术进化论 2018-2019年 最新31-50期合集视频(各种最新技术杂谈视频)
Python学习视频 0起点视频 入门到项目实战篇 Python3.5.2视频教程 共847集 能学102天
约21套Python视频合集 核心基础视频教程(共310G,已压缩)
最新20180811录制 IT爱好者-清风羽毛 - 网络安全IPSec VPN实验指南视频教程
最新20180807录制EVE开机自启动虚拟路由器并桥接物理网卡充当思科路由器
[复制链接]
