asa 5512 端口映射问题
来源:互联网 发布:杭州网络 编辑:程序博客网 时间:2024/06/05 20:48
hostname ciscoasaenable password UBMuSr2NjOdZ6AiU encryptedxlate per-session deny tcp any4 any4xlate per-session deny tcp any4 any6xlate per-session deny tcp any6 any4xlate per-session deny tcp any6 any6xlate per-session deny udp any4 any4 eq domainxlate per-session deny udp any4 any6 eq domainxlate per-session deny udp any6 any4 eq domainxlate per-session deny udp any6 any6 eq domainpasswd 2KFQnbNIdI.2KYOU encryptednames!interface Ethernet0/0 nameif outside security-level 0 ip address *.*.188.101 255.255.255.248 !interface Ethernet0/1 nameif inside security-level 100 ip address 192.168.10.1 255.255.255.0 !interface Ethernet0/2 nameif outside1 security-level 0 no ip address!interface Ethernet0/3 shutdown no nameif no security-level no ip address!interface Management0/0 management-only nameif management security-level 100 ip address 192.168.100.1 255.255.255.0 !boot system disk0:/asa915-k8.binftp mode passiveobject network inside-net subnet 10.10.0.0 255.255.0.0object network 192.168.110.0 subnet 192.168.110.0 255.255.255.0object network inside-net1 subnet 192.168.10.0 255.255.255.0object network 10.10.90.2 host 10.10.90.2object network 10.10.90.2-01 host 10.10.90.2object network 10.10.90.2-02 host 10.10.90.2object-group network 10.10.20.0object-group network 10.10.30.0object-group network 10.10.40.0object-group network 10.10.50.0object-group network 10.10.60.0object-group network 10.10.70.0object-group network 10.10.80.0object-group network 10.10.90.0object-group network 10.10.100.0object-group network 192.168.0.0access-list out extended permit icmp any any access-list out extended permit ip any4 any4 access-list out extended permit ip 10.10.0.0 255.255.0.0 192.168.110.0 255.255.255.0 access-list out extended permit tcp any host 10.10.90.11 eq 8001 access-list out extended permit tcp any host 10.10.90.11 eq 3001 access-list out extended permit tcp any host 10.10.90.11 eq 3000 access-list out extended permit tcp any host 10.10.90.11 eq 8000 access-list out extended permit tcp any host 10.10.90.11 eq 3002 access-list nonat extended permit ip 10.10.0.0 255.255.0.0 192.168.110.0 255.255.255.0 access-list inside extended permit ip any4 any4 access-list inside extended permit icmp any4 any4 access-list inside extended permit ip 10.10.40.0 255.255.255.0 any4 pager lines 24mtu outside 1500mtu inside 1500mtu outside1 1500mtu management 1500icmp unreachable rate-limit 1 burst-size 1no asdm history enablearp timeout 14400no arp permit-nonconnectednat (inside,outside) source static inside-net inside-net destination static 192.168.110.0 192.168.110.0 no-proxy-arp route-lookup!object network inside-net nat (inside,outside) dynamic interfaceobject network inside-net1 nat (inside,outside) dynamic interfaceobject network 10.10.90.11 nat (inside,outside) static interface service tcp 8000 8001 object network 10.10.90.11-02 nat (inside,outside) static interface service tcp 3001 3002 access-group out in interface outsideaccess-group inside in interface insideroute outside 0.0.0.0 0.0.0.0 *.*.188.113 1 route inside 10.10.20.0 255.255.255.0 192.168.10.2 1 route inside 10.10.30.0 255.255.255.0 192.168.10.2 1 route inside 10.10.40.0 255.255.255.0 192.168.10.2 1 route inside 10.10.50.0 255.255.255.0 192.168.10.2 1 route inside 10.10.60.0 255.255.255.0 192.168.10.2 1 route inside 10.10.70.0 255.255.255.0 192.168.10.2 1 route inside 10.10.80.0 255.255.255.0 192.168.10.2 1 route inside 10.10.90.0 255.255.255.0 192.168.10.2 1 route inside 10.10.100.0 255.255.255.0 192.168.10.2 1 route inside 172.168.20.0 255.255.255.0 172.1.1.1 1 route outside 192.168.110.0 255.255.255.0 *.*.188.113 1 timeout xlate 3:00:00timeout pat-xlate 0:00:30timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolutetimeout tcp-proxy-reassembly 0:01:00timeout floating-conn 0:00:00dynamic-access-policy-record DfltAccessPolicyuser-identity default-domain LOCALaaa authentication ssh console LOCAL snmp-server host inside 10.10.20.102 community *****no snmp-server locationno snmp-server contactsnmp-server community *****snmp-server enable traps syslogcrypto ipsec ikev1 transform-set vpn esp-3des esp-md5-hmac crypto ipsec security-association pmtu-aging infinitecrypto map zhongxin 10 match address nonatcrypto map zhongxin 10 set peer *.*.57.242 crypto map zhongxin 10 set ikev1 transform-set vpncrypto map zhongxin interface outsidecrypto ca trustpool policycrypto ikev1 enable outsidecrypto ikev1 policy 10 authentication pre-share encryption 3des hash md5 group 2 lifetime 86400telnet 0.0.0.0 0.0.0.0 insidetelnet timeout 5console timeout 0vpdn username test password ***** store-localthreat-detection statistics access-listno threat-detection statistics tcp-interceptusername xinma2$ password 1e9gh.L.XaMzYLwr encryptedusername admin password 2oQYYbTOhyNUXKB4 encryptedtunnel-group *.*.57.244 type ipsec-l2ltunnel-group *.*.57.244 ipsec-attributes ikev1 pre-shared-key *****!class-map inspection_default match default-inspection-traffic!!policy-map type inspect dns preset_dns_map parameters message-length maximum client auto message-length maximum 512policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect ip-options !service-policy global_policy globalprompt hostname context no call-home reporting anonymousCryptochecksum:ce9e55fed38a72f49f631c90b9f36b37: endhttp://bbs.51cto.com/thread-1099521-1-1.html
0 0
- asa 5512 端口映射问题
- ASA变端口映射
- global.asa问题总结
- Cisco ASA 假死问题
- ASA 5525X NAT 问题
- 问题记录:端口映射?
- 请教关于global.asa的问题
- 关于asa防火墙动态vpn的问题
- 使用GNS3模拟ASA遇到的问题。
- 通过防火墙端口映射出现问题
- STM8S外设的端口映射问题
- 端口映射
- 端口映射
- 端口映射
- 端口映射
- 端口映射
- 端口映射
- 端口映射
- stanford cs106b mutual recursion demo
- LCM Challenge(暴力)
- python (7) 什么是迭代
- 谈如何将android studio项目转换成eclipse
- Doom3-BFG引擎-Review 1 (初始介绍)
- asa 5512 端口映射问题
- EIP寄存器
- 2015年个人规划-成为一名合格程序员
- leetcode algorithms: two sum
- android.os.NetworkOnMainThreadException异常
- [Python]断言assert的用法
- 在struts2的配置文件中用图形化的界面快速include其他struts.xml
- GeoServer:代码实现批量发布地图服务
- 北林校赛 北林oj 1332 冰尘君与扑克魔术