forum.opennet.ru

Составление сообщения

Исходное сообщение

"Пожалуйста проверьте конфигурацию"
Отправлено sidsoft, 13-Апр-13 12:39

ASA-5515-X# show config
: Saved
: Written by enable_15 at 01:23:02.096 UTC Sat Apr 13 2013
!
ASA Version 8.6(1)
!
hostname ASA-5515-X
domain-name хххх.ru
enable password
passwd
names
!
interface GigabitEthernet0/0
nameif inside
security-level 100
ip address 192.168.200.236 255.255.255.0
!
interface GigabitEthernet0/1
nameif outside
security-level 0
ip address 192.0.0.2 255.255.255.0
!
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/4
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/5
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
!
ftp mode passive
dns server-group DefaultDNS
domain-name хххх.ru
object network local_network
subnet 192.168.200.0 255.255.255.0
object network remote_network
subnet 192.168.20.0 255.255.255.0
access-list crypt_for_VPN1 extended permit ip object local_network object remote_network
pager lines 24
mtu inside 1500
mtu management 1500
mtu outside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
nat (inside,outside) source static local_network local_network destination static remote_network remote_network
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
aaa authentication telnet console LOCAL
aaa authentication http console LOCAL
http server enable
http server idle-timeout 60
http server session-timeout 60
http 192.168.1.0 255.255.255.0 management
http 0.0.0.0 0.0.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto map outside_map 1 match address crypt_for_VPN1
crypto map outside_map 1 set pfs
crypto map outside_map 1 set peer 192.0.0.1
crypto map outside_map 1 set ikev1 transform-set ESP-3DES-MD5 ESP-3DES-SHA
crypto ikev1 enable outside
crypto ikev1 policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 20
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 7200
crypto ikev1 policy 30
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 1440
ssh 0.0.0.0 0.0.0.0 inside
ssh timeout 60
ssh version 2
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
username root password fSxC7.NN7u15TsWj encrypted privilege 15
tunnel-group 192.0.0.2 type ipsec-l2l
tunnel-group 192.0.0.2 ipsec-attributes
ikev1 pre-shared-key *****
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
  message-length maximum client auto
  message-length maximum 512
policy-map global_policy
class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
  inspect ip-options
  inspect icmp
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:d7dc71bb92d95e74b79904af7bed87f5
****************************************************************************************
Подскажите пожалуйста она рабочая? А то никак не может к этой АСА подключиться CISCO ISR 891
Спасибо Вам за ответы и уделенное время

Исходное сообщение
"Пожалуйста проверьте конфигурацию" Отправлено sidsoft, 13-Апр-13 12:39
ASA-5515-X# show config : Saved : Written by enable_15 at 01:23:02.096 UTC Sat Apr 13 2013 ! ASA Version 8.6(1) ! hostname ASA-5515-X domain-name хххх.ru enable password passwd names ! interface GigabitEthernet0/0 nameif inside security-level 100 ip address 192.168.200.236 255.255.255.0 ! interface GigabitEthernet0/1 nameif outside security-level 0 ip address 192.0.0.2 255.255.255.0 ! interface GigabitEthernet0/2 shutdown no nameif no security-level no ip address ! interface GigabitEthernet0/3 shutdown no nameif no security-level no ip address ! interface GigabitEthernet0/4 shutdown no nameif no security-level no ip address ! interface GigabitEthernet0/5 shutdown no nameif no security-level no ip address ! interface Management0/0 nameif management security-level 100 ip address 192.168.1.1 255.255.255.0 management-only ! ftp mode passive dns server-group DefaultDNS domain-name хххх.ru object network local_network subnet 192.168.200.0 255.255.255.0 object network remote_network subnet 192.168.20.0 255.255.255.0 access-list crypt_for_VPN1 extended permit ip object local_network object remote_network pager lines 24 mtu inside 1500 mtu management 1500 mtu outside 1500 no failover icmp unreachable rate-limit 1 burst-size 1 no asdm history enable arp timeout 14400 nat (inside,outside) source static local_network local_network destination static remote_network remote_network timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 dynamic-access-policy-record DfltAccessPolicy user-identity default-domain LOCAL aaa authentication ssh console LOCAL aaa authentication telnet console LOCAL aaa authentication http console LOCAL http server enable http server idle-timeout 60 http server session-timeout 60 http 192.168.1.0 255.255.255.0 management http 0.0.0.0 0.0.0.0 inside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac crypto map outside_map 1 match address crypt_for_VPN1 crypto map outside_map 1 set pfs crypto map outside_map 1 set peer 192.0.0.1 crypto map outside_map 1 set ikev1 transform-set ESP-3DES-MD5 ESP-3DES-SHA crypto ikev1 enable outside crypto ikev1 policy 10 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 crypto ikev1 policy 20 authentication pre-share encryption 3des hash md5 group 2 lifetime 7200 crypto ikev1 policy 30 authentication pre-share encryption aes-256 hash sha group 2 lifetime 86400 telnet 0.0.0.0 0.0.0.0 inside telnet timeout 1440 ssh 0.0.0.0 0.0.0.0 inside ssh timeout 60 ssh version 2 console timeout 0 dhcpd address 192.168.1.2-192.168.1.254 management dhcpd enable management ! threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept webvpn username root password fSxC7.NN7u15TsWj encrypted privilege 15 tunnel-group 192.0.0.2 type ipsec-l2l tunnel-group 192.0.0.2 ipsec-attributes ikev1 pre-shared-key *** ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum client auto message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect ip-options inspect icmp ! service-policy global_policy global prompt hostname context no call-home reporting anonymous Cryptochecksum:d7dc71bb92d95e74b79904af7bed87f5 ************************************************************************************** Подскажите пожалуйста она рабочая? А то никак не может к этой АСА подключиться CISCO ISR 891 Спасибо Вам за ответы и уделенное время

Ваше сообщение
Имя*:
EMail:	Для отправки новых сообщений в текущей нити на email укажите знак ! перед адресом, например, !user@host.ru (!! - не показывать email). Более тонкая настройка отправки ответов производится в профиле зарегистрированного участника форума.
Заголовок*:
Сообщение*:	> ASA-5515-X# show config > : Saved > : Written by enable_15 at 01:23:02.096 UTC Sat Apr 13 2013 > ! > ASA Version 8.6(1) > ! > hostname ASA-5515-X > domain-name хххх.ru > enable password > passwd > names > ! > interface GigabitEthernet0/0 > nameif inside > security-level 100 > ip address 192.168.200.236 255.255.255.0 > ! > interface GigabitEthernet0/1 > nameif outside > security-level 0 > ip address 192.0.0.2 255.255.255.0 > ! > interface GigabitEthernet0/2 > shutdown > no nameif > no security-level > no ip address > ! > interface GigabitEthernet0/3 > shutdown > no nameif > no security-level > no ip address > ! > interface GigabitEthernet0/4 > shutdown > no nameif > no security-level > no ip address > ! > interface GigabitEthernet0/5 > shutdown > no nameif > no security-level > no ip address > ! > interface Management0/0 > nameif management > security-level 100 > ip address 192.168.1.1 255.255.255.0 > management-only > ! > ftp mode passive > dns server-group DefaultDNS > domain-name хххх.ru > object network local_network > subnet 192.168.200.0 255.255.255.0 > object network remote_network > subnet 192.168.20.0 255.255.255.0 > access-list crypt_for_VPN1 extended permit ip object local_network object remote_network > pager lines 24 > mtu inside 1500 > mtu management 1500 > mtu outside 1500 > no failover > icmp unreachable rate-limit 1 burst-size 1 > no asdm history enable > arp timeout 14400 > nat (inside,outside) source static local_network local_network destination static remote_network > remote_network > timeout xlate 3:00:00 > timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 > timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 > timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 > timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute > timeout tcp-proxy-reassembly 0:01:00 > timeout floating-conn 0:00:00 > dynamic-access-policy-record DfltAccessPolicy > user-identity default-domain LOCAL > aaa authentication ssh console LOCAL > aaa authentication telnet console LOCAL > aaa authentication http console LOCAL > http server enable > http server idle-timeout 60 > http server session-timeout 60 > http 192.168.1.0 255.255.255.0 management > http 0.0.0.0 0.0.0.0 inside > no snmp-server location > no snmp-server contact > snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart > crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac > crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac > crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac > crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac > crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac > crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac > crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac > crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac > crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac > crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac > crypto map outside_map 1 match address crypt_for_VPN1 > crypto map outside_map 1 set pfs > crypto map outside_map 1 set peer 192.0.0.1 > crypto map outside_map 1 set ikev1 transform-set ESP-3DES-MD5 ESP-3DES-SHA > crypto ikev1 enable outside > crypto ikev1 policy 10 > authentication pre-share > encryption 3des > hash sha > group 2 > lifetime 86400 > crypto ikev1 policy 20 > authentication pre-share > encryption 3des > hash md5 > group 2 > lifetime 7200 > crypto ikev1 policy 30 > authentication pre-share > encryption aes-256 > hash sha > group 2 > lifetime 86400 > telnet 0.0.0.0 0.0.0.0 inside > telnet timeout 1440 > ssh 0.0.0.0 0.0.0.0 inside > ssh timeout 60 > ssh version 2 > console timeout 0 > dhcpd address 192.168.1.2-192.168.1.254 management > dhcpd enable management > ! > threat-detection basic-threat > threat-detection statistics access-list > no threat-detection statistics tcp-intercept > webvpn > username root password fSxC7.NN7u15TsWj encrypted privilege 15 > tunnel-group 192.0.0.2 type ipsec-l2l > tunnel-group 192.0.0.2 ipsec-attributes > ikev1 pre-shared-key *** > ! > class-map inspection_default > match default-inspection-traffic > ! > ! > policy-map type inspect dns preset_dns_map > parameters > message-length maximum client auto > message-length maximum 512 > policy-map global_policy > class inspection_default > inspect dns preset_dns_map > inspect ftp > inspect h323 h225 > inspect h323 ras > inspect rsh > inspect rtsp > inspect esmtp > inspect sqlnet > inspect skinny > inspect sunrpc > inspect xdmcp > inspect sip > inspect netbios > inspect tftp > inspect ip-options > inspect icmp > ! > service-policy global_policy global > prompt hostname context > no call-home reporting anonymous > Cryptochecksum:d7dc71bb92d95e74b79904af7bed87f5 > ************************************************************************************** > Подскажите пожалуйста она рабочая? А то никак не может к этой АСА > подключиться CISCO ISR 891 > Спасибо Вам за ответы и уделенное время
	Введите код, изображенный на картинке:

При общении не допускается: неуважительное отношение к собеседнику, хамство, унизительное обращение, ненормативная лексика, переход на личности, агрессивное поведение, обесценивание собеседника, провоцирование флейма голословными и заведомо ложными заявлениями. Не отвечайте на сообщения, явно нарушающие правила - удаляются не только сами нарушения, но и все ответы на них. Лог модерирования.

Партнёры:

Хостинг:

Закладки на сайте
Проследить за страницей

Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру