Uli_87 10 Geschrieben 9. März 2009 Melden Teilen Geschrieben 9. März 2009 Guten Tag, Ich wollte in meinem ASA eine VPN Verbindung einrichten, durch den SSL VPN Wizard habe ich die Verbindung einwandfrei konfiguriert. Das Verbinden duch Anyconnect ans VPN aus dem Netzwerk outside funktioniert problemlos, aber leider kann ich den netzwerk 10.4.3.0 nicht pingen. Ich schreibe da mal die konfiguration und hoffe dass mich jemand helfen kann! : Saved : ASA Version 8.0(4) ! hostname robasa1 domain-name iit.re enable password 1IXqTFxrMVIPL/Vp encrypted passwd 2KFQnbNIdI.2KYOU encrypted names name 10.10.0.64 sptt-p-workers-poschiavo name 10.10.4.64 sptt-workers-robbia name 10.4.3.0 ids-network1 ! interface Ethernet0/0 description INTERNET ACCESS nameif outside security-level 10 ip address 192.168.1.10 255.255.255.0 ospf cost 10 ! interface Ethernet0/1 description INDUSTRIE IT nameif inside security-level 10 ip address 10.10.128.254 255.255.255.0 ospf cost 10 ! interface Ethernet0/2 description DMZ PORT shutdown nameif dmz security-level 0 no ip address ospf cost 10 ! interface Ethernet0/3 description IDS VPN ACCESS PORT nameif ids security-level 10 ip address 10.4.3.5 255.255.255.192 ospf cost 10 ! interface Management0/0 nameif management security-level 100 ip address 192.168.10.1 255.255.255.0 ospf cost 10 management-only ! ftp mode passive dns server-group DefaultDNS domain-name iit.re same-security-traffic permit inter-interface same-security-traffic permit intra-interface access-list outside_access_in remark Permit all traffic from outside to inside access-list outside_access_in extended permit ip any any access-list inside_access_in remark Permit all traffic from inside to outside access-list inside_access_in extended permit ip any any access-list inside_access_out extended permit ip any any access-list outside_access_out extended permit ip any any Vielen Dank Uli Zitieren Link zu diesem Kommentar
Uli_87 10 Geschrieben 9. März 2009 Autor Melden Teilen Geschrieben 9. März 2009 CONFIG Part 2 pager lines 24 logging asdm informational mtu outside 1500 mtu inside 1500 mtu dmz 1500 mtu ids 1500 mtu management 1500 ip local pool IDS_VPNpool 172.16.1.100-172.16.1.199 mask 255.255.255.0 no failover icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-613.bin no asdm history enable arp timeout 14400 global (outside) 1 interface global (inside) 1 interface nat (inside) 1 sptt-p-workers-poschiavo 255.255.255.192 dns nat (inside) 1 sptt-workers-robbia 255.255.255.192 dns nat (management) 0 0.0.0.0 0.0.0.0 dns access-group outside_access_in in interface outside access-group outside_access_out out interface outside access-group inside_access_in in interface inside access-group inside_access_out out interface inside route outside 0.0.0.0 0.0.0.0 192.168.1.1 1 route inside sptt-p-workers-poschiavo 255.255.255.192 10.10.128.195 1 route inside sptt-workers-robbia 255.255.255.192 10.10.128.131 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute dynamic-access-policy-record DfltAccessPolicy http server enable http 192.168.1.0 255.255.255.0 management http 10.10.128.128 255.255.255.255 inside http sptt-workers-robbia 255.255.255.192 inside http 10.10.128.0 255.255.255.0 inside http 192.168.10.0 255.255.255.0 management http sptt-p-workers-poschiavo 255.255.255.192 inside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec security-association lifetime seconds 28800 crypto ipsec security-association lifetime kilobytes 4608000 crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set Zitieren Link zu diesem Kommentar
Uli_87 10 Geschrieben 9. März 2009 Autor Melden Teilen Geschrieben 9. März 2009 CONFIG Part 3 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set security-association lifetime seconds 28800 crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set security-association lifetime kilobytes 4608000 crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP crypto map outside_map interface outside crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP crypto map inside_map interface inside crypto map ids_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP crypto map ids_map interface ids crypto isakmp enable outside crypto isakmp enable inside crypto isakmp enable ids crypto isakmp policy 5 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 crypto isakmp policy 10 authentication pre-share encryption des hash sha group 2 lifetime 86400 no vpn-addr-assign aaa no vpn-addr-assign dhcp telnet timeout 5 ssh timeout 5 console timeout 0 vpdn username nls2005@XXXX.ch password ********* dhcpd address 192.168.1.32-192.168.1.64 outside dhcpd enable outside ! dhcpd address 192.168.10.2-192.168.10.254 management ! threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept webvpn enable outside enable inside enable ids svc image disk0:/anyconnect-win-2.2.0133-k9.pkg 1 svc enable tunnel-group-list enable group-policy DfltGrpPolicy attributes vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn webvpn svc ask none default svc group-policy Policy_IDS_VPN internal group-policy Policy_IDS_VPN attributes vpn-tunnel-protocol svc address-pools value IDS_VPNpool username ids-remote password .onZxguIuB8Kxn9u encrypted privilege 15 username ids-remote attributes vpn-group-policy Policy_IDS_VPN service-type remote-access tunnel-group RE_VPN type remote-access tunnel-group RE_VPN general-attributes address-pool (outside) IDS_VPNpool address-pool IDS_VPNpool authentication-server-group (outside) LOCAL authorization-server-group (outside) LOCAL default-group-policy Policy_IDS_VPN tunnel-group RE_VPN webvpn-attributes group-alias IDS enable ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp ! service-policy global_policy global prompt hostname context Cryptochecksum:d3dd9bfc25c4486db5a4e578408844df : end asdm image disk0:/asdm-613.bin asdm location sptt-workers-robbia 255.255.255.192 management asdm location sptt-p-workers-poschiavo 255.255.255.192 management no asdm history enable Zitieren Link zu diesem Kommentar
Empfohlene Beiträge
Schreibe einen Kommentar
Du kannst jetzt antworten und Dich später registrieren. Falls Du bereits ein Mitglied bist, logge Dich jetzt ein.