Jump to content

Wo "Access-Group" im Cisco ASDM?

tester78

Von tester78
in Cisco Forum — Allgemein

Der letzte Beitrag zu diesem Thema ist mehr als 180 Tage alt. Bitte erstelle einen neuen Beitrag zu Deiner Anfrage!

Empfohlene Beiträge

tester78 Enthusiast

tester78   10

Geschrieben
Geschrieben

Hallo

 

bei einer ASA 5505 möchte ich einem Server in der DMZ ein Loch zu einem Server im internen Netz schlagen.

 

Wenn ich den packet Tracer nutze sehe ich jedoch den Fehler:

 

unbenanntec.th.jpg

 

Uploaded with ImageShack.us

 

Also nehme ich an muss die Ip noch der access group "dmz_acl" hinzugefügt werden.

 

Wo aber finde ich im Cisco ASDM diese Access Group?

 

NAT Regeln

 

unbenannt2gqv.th.jpg

 

Uploaded with ImageShack.us

 

Vielen Dank!

Link zu diesem Kommentar
tester78 Enthusiast

tester78   10

Geschrieben
  • Autor
Geschrieben

: Saved

:

ASA Version 8.2(1)11

!

hostname ASA

domain-name xy.de

enable password xy123encrypted

passwd xy123 encrypted

names

name 192.168.100.0 München

name 172.18.0.0 Köln

name 192.168.184.0 Vorarlberg

name 172.16.0.0 Ort

name 10.1.192.38 Hamburg

name 10.1.192.67 Hamburg2

name 10.120.3.125 Hamburg3

name 10.1.196.66 Hamburg4

name 172.32.0.0 Berlin

name 172.20.0.0 Aachen

name 12.65.56.6 pix-Vorarlberg

name 172.19.0.0 new-york-net

name 123.123.12.86 outside-DienstDemoServer description Dienst/Dienst2 Demo-Server

name 172.16.1.235 inside-DienstDemoServer description Dienst/Dienst2 Demo-Server

name 172.16.5.7 A-172.16.5.7 description 172.16.5.7

name 192.168.181.0 EA-VPN-Users

dns-guard

!

interface Ethernet0/0

nameif inside

security-level 100

ip address 172.16.0.1 255.255.0.0 standby 172.16.0.3

!

interface Ethernet0/1

speed 10

duplex full

nameif outside

security-level 0

ip address 123.123.13.130 255.255.255.192 standby 123.123.13.133

!

interface Ethernet0/2

nameif dmz

security-level 50

ip address 123.123.12.1 255.255.255.0 standby 123.123.12.3

!

interface Ethernet0/3

description LAN/STATE Failover Interface

!

interface Management0/0

shutdown

nameif management

security-level 100

no ip address

management-only

!

boot system disk0:/asa821-11-k8.bin

ftp mode passive

clock timezone CEST 1

clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00

dns server-group DefaultDNS

domain-name xy.de

same-security-traffic permit intra-interface

object-group network og_ip_nat_dmz

network-object host 123.123.12.8

network-object host 123.123.12.4

network-object host 123.123.12.10

network-object Ort 255.255.0.0

network-object host 123.123.12.17

network-object host 123.123.12.28

object-group service server-default

description http/https/ssh/exchange

service-object tcp eq www

service-object tcp eq https

service-object tcp eq exchangeoutlook

service-object tcp eq ssh

object-group protocol TCPUDP

protocol-object udp

protocol-object tcp

object-group service Dienst

description Dienst service

service-object tcp eq 18080

object-group service DM_INLINE_TCP_1 tcp

port-object eq 8099

port-object eq exchangeoutlook

object-group service DM_INLINE_TCP_2 tcp

port-object eq 8099

port-object eq www

object-group service DM_INLINE_TCP_3 tcp

port-object eq 8099

port-object eq exchangeoutlook

object-group service DM_INLINE_TCP_4 tcp

port-object eq www

port-object eq https

access-list outside_acl remark Kein Ping von extern zulassen

access-list outside_acl extended deny icmp any any log disable

access-list outside_acl extended deny tcp any any eq nntp

access-list outside_acl extended permit tcp any host 123.123.12.40 eq smtp

access-list outside_acl extended permit tcp any host 123.123.12.40 eq exchangeoutlook

access-list outside_acl extended permit tcp any host 123.123.12.5 object-group DM_INLINE_TCP_1

access-list outside_acl extended permit tcp any host 123.123.12.6 eq exchangeoutlook

access-list outside_acl extended permit tcp any host 123.123.12.28 eq 63149

access-list outside_acl extended permit tcp any host 123.123.12.28 eq 63148

access-list outside_acl extended permit tcp any host 123.123.12.8 object-group DM_INLINE_TCP_3

access-list outside_acl extended permit tcp any host 123.123.12.8 eq smtp

access-list outside_acl extended permit tcp any host 123.123.12.140 eq 8082

access-list outside_acl extended permit tcp any host 123.123.12.140 eq 8081

access-list outside_acl extended permit tcp any host 123.123.12.140 eq 7070

access-list outside_acl extended permit tcp any host 123.123.12.140 eq 1533

access-list outside_acl extended permit tcp any host 123.123.12.140 eq www

access-list outside_acl extended permit tcp any host 123.123.12.140 eq rtsp

access-list outside_acl extended permit tcp any host 123.123.12.140 eq

Link zu diesem Kommentar
tester78 Enthusiast

tester78   10

Geschrieben
  • Autor
Geschrieben

https

access-list outside_acl extended permit tcp any host 123.123.12.10 eq https

access-list outside_acl extended permit tcp any host 123.123.12.5 eq www

access-list outside_acl extended permit tcp any host 123.123.12.10 eq www

access-list outside_acl extended permit tcp any host 123.123.12.26 eq www

access-list outside_acl extended permit tcp any host 123.123.12.26 eq https

access-list outside_acl extended permit tcp any host 123.123.12.142 eq www

access-list outside_acl extended permit tcp any host 123.123.12.142 eq https

access-list outside_acl extended deny tcp any any eq 36794

access-list outside_acl extended permit tcp any host 123.123.12.100 eq pptp

access-list outside_acl extended permit gre any host 123.123.12.100

access-list outside_acl extended permit tcp any host 123.123.12.140 eq 8084

access-list outside_acl extended permit gre host 193.178.227.6 any

access-list outside_acl extended permit tcp any host 123.123.12.150 eq 8080

access-list outside_acl extended permit tcp any host 123.123.12.150 eq 2135

access-list outside_acl extended permit tcp any host 123.123.12.53 eq www

access-list outside_acl extended permit tcp any host 123.123.12.53 eq https

access-list outside_acl extended permit tcp any host 123.123.12.54 eq www

access-list outside_acl extended permit tcp any host 123.123.12.54 eq https

access-list outside_acl extended permit tcp any host 123.123.12.55 object-group DM_INLINE_TCP_2

access-list outside_acl extended permit tcp any host 123.123.12.55 eq https

access-list outside_acl extended permit tcp any host 123.123.12.57 eq www

access-list outside_acl extended permit tcp any host 123.123.12.57 eq https

access-list outside_acl extended permit esp host 193.247.102.154 any

access-list outside_acl extended permit tcp any host 123.123.12.34 eq smtp

access-list outside_acl extended permit gre host 66.89.199.67 any

access-list outside_acl extended permit tcp any host 123.123.12.8 eq ftp

access-list outside_acl extended permit tcp any host 123.123.12.59 eq www

access-list outside_acl extended permit tcp any host 123.123.12.59 eq ssh

access-list outside_acl extended permit ip any Ort 255.255.0.0

access-list outside_acl extended permit tcp any host 123.123.12.8 eq www

access-list outside_acl extended permit tcp any host 123.123.12.11 eq www

access-list outside_acl extended permit tcp any host 123.123.12.11 eq 3389

access-list outside_acl extended permit tcp any host 123.123.12.8 eq https

access-list outside_acl extended permit tcp any host 123.123.12.88 eq www

access-list outside_acl extended permit tcp any host 123.123.12.88 eq 8080

access-list outside_acl extended permit tcp host 217.7.27.30 host 123.123.12.140 eq exchangeoutlook

access-list outside_acl extended permit tcp any host 123.123.12.101 eq pptp

access-list outside_acl extended permit gre any host 123.123.12.101

access-list outside_acl remark testserver IT

access-list outside_acl extended permit tcp any host 123.123.12.60 eq exchangeoutlook

access-list outside_acl remark testserver IT

access-list outside_acl extended permit object-group TCPUDP any host 123.123.12.60 eq www

access-list outside_acl remark Dienst/Dienst2

access-list outside_acl extended permit tcp any host outside-DienstDemoServer eq 18080

access-list outside_acl remark Weiss - Tobit-Server

access-list outside_acl extended permit tcp any host 123.123.13.140 object-group DM_INLINE_TCP_4

access-list dmz_acl extended permit icmp any object-group og_ip_nat_dmz

access-list dmz_acl extended permit tcp any host 123.123.12.40 eq smtp

access-list dmz_acl extended permit tcp 123.123.12.0 255.255.255.0 Ort 255.255.0.0 eq exchangeoutlook

Link zu diesem Kommentar
tester78 Enthusiast

tester78   10

Geschrieben
  • Autor
Geschrieben

access-list dmz_acl extended permit tcp any host 123.123.12.10 eq exchangeoutlook

access-list dmz_acl extended permit tcp any host 123.123.12.10 eq 63148

access-list dmz_acl extended permit tcp any host 123.123.12.8 eq exchangeoutlook

access-list dmz_acl extended permit tcp any host 123.123.12.8 eq smtp

access-list dmz_acl extended permit tcp host 123.123.12.8 host 172.16.1.10 eq www

access-list dmz_acl extended permit udp host 123.123.12.40 host 172.16.5.75 eq netbios-ns

access-list dmz_acl extended deny tcp any object-group og_ip_nat_dmz eq 36794

access-list dmz_acl extended permit tcp host 123.123.12.40 host 172.16.20.2 eq smtp

access-list dmz_acl extended permit tcp host 123.123.12.40 host 172.16.1.248 eq smtp inactive

access-list dmz_acl extended permit tcp any host 123.123.12.34 eq smtp

access-list dmz_acl extended permit tcp host 123.123.12.34 host 172.16.1.248 eq smtp

access-list dmz_acl extended permit tcp host 123.123.12.40 host 172.16.1.249 eq smtp inactive

access-list dmz_acl extended deny ip any object-group og_ip_nat_dmz

access-list dmz_acl extended deny tcp 123.123.12.0 255.255.255.0 any eq 137

access-list dmz_acl extended deny udp 123.123.12.0 255.255.255.0 any eq netbios-ns log disable

access-list dmz_acl extended deny tcp 123.123.13.0 255.255.255.0 any eq 137

access-list dmz_acl extended deny udp 123.123.13.0 255.255.255.0 any eq netbios-ns

access-list dmz_acl extended permit ip any any

access-list dmz_acl remark data is downloaded through this port (optional)

access-list dmz_acl extended permit tcp host 123.123.12.28 host 172.16.1.41 eq 902

access-list dmz_acl remark Global Catalog Server

access-list dmz_acl extended permit tcp host 123.123.12.28 host 172.16.1.41 eq 3268

access-list dmz_acl remark View/VDM Connection Server/View Manager - Global Catalog Server

access-list dmz_acl extended permit tcp host 123.123.12.28 host 172.16.1.41 eq 3269

access-list dmz_acl remark RDP Protocol

access-list dmz_acl extended permit tcp host 123.123.12.28 host 172.16.1.41 eq 3389

access-list dmz_acl remark Multimedia Redirection (MMR) (optional)

access-list dmz_acl extended permit tcp host 123.123.12.28 host 172.16.1.41 eq 9427

access-list dmz_acl remark abfrage

access-list dmz_acl extended permit tcp host 123.123.12.28 host 172.16.1.41 eq 18443

access-list dmz_acl remark (AES 128 bit)

access-list dmz_acl extended permit tcp host 123.123.12.28 host 172.16.1.41 eq 50002

access-list dmz_acl remark View 4

access-list dmz_acl extended permit tcp host 123.123.12.28 host 172.16.1.41 eq 4001

access-list dmz_acl remark View

access-list dmz_acl extended permit udp host 123.123.12.28 host 172.16.1.41 eq netbios-ns

access-list inside_acl extended deny tcp Ort 255.255.0.0 any eq 1214

access-list inside_acl extended deny tcp any any eq nntp inactive

access-list inside_acl extended deny tcp Ort 255.255.0.0 any eq 1243

access-list inside_acl extended deny tcp Ort 255.255.0.0 any eq 4661

access-list inside_acl extended deny tcp Ort 255.255.0.0 any eq 4662

access-list inside_acl extended deny tcp Ort 255.255.0.0 any eq 5554

access-list inside_acl extended deny tcp Ort 255.255.0.0 any eq 6346

access-list inside_acl extended deny tcp Ort 255.255.0.0 any eq 6347

access-list inside_acl extended deny tcp Ort 255.255.0.0 any eq 6699

access-list inside_acl extended deny tcp Ort 255.255.0.0 any eq 17300

access-list inside_acl extended deny udp Ort 255.255.0.0 any eq netbios-ns

access-list inside_acl extended deny udp Ort 255.255.0.0 any eq 4672

access-list inside_acl extended deny udp Ort 255.255.0.0 any eq 6257

access-list inside_acl extended permit ip any any

access-list inside_outbound_nat0_acl extended permit ip Ort 255.255.0.0 München 255.255.252.0

access-list inside_outbound_nat0_acl extended permit ip Ort 255.255.0.0 Aachen 255.255.0.0

access-list inside_outbound_nat0_acl extended permit ip Ort 255.255.0.0 Köln 255.255.0.0

Link zu diesem Kommentar
tester78 Enthusiast

tester78   10

Geschrieben
  • Autor
Geschrieben

access-list inside_outbound_nat0_acl extended permit ip Ort 255.255.0.0 Berlin 255.255.0.0

access-list inside_outbound_nat0_acl extended permit ip Ort 255.255.0.0 host Hamburg3

access-list inside_outbound_nat0_acl extended permit ip Ort 255.255.0.0 host Hamburg4

access-list inside_outbound_nat0_acl extended permit ip any 172.16.60.0 255.255.255.240

access-list inside_outbound_nat0_acl extended permit ip Ort 255.255.0.0 new-york-net 255.255.0.0

access-list inside_outbound_nat0_acl extended permit ip Ort 255.255.0.0 192.168.1.0 255.255.255.0

access-list outside_cryptomap_20 extended permit ip Ort 255.255.0.0 München 255.255.252.0

access-list outside_cryptomap_40 extended permit ip Ort 255.255.0.0 Aachen 255.255.0.0

access-list outside_cryptomap_60 extended permit ip Ort 255.255.0.0 Köln 255.255.0.0

access-list outside_cryptomap_30 extended permit ip Ort 255.255.0.0 Berlin 255.255.0.0

access-list outside_cryptomap_50 extended permit ip Ort 255.255.0.0 Vorarlberg 255.255.255.0

access-list outside_cryptomap_65 extended permit ip host 172.16.5.25 host Hamburg

access-list outside_cryptomap_65 extended permit ip host 172.16.5.46 host Hamburg

access-list outside_cryptomap_65 extended permit ip host 172.16.1.2 host Hamburg

access-list outside_cryptomap_65 extended permit ip host 172.16.5.13 host Hamburg2

access-list outside_cryptomap_65 extended permit ip host 172.16.5.13 host Hamburg

access-list outside_cryptomap_65 extended permit ip host 172.16.5.25 host Hamburg2

access-list outside_cryptomap_65 extended permit ip host 172.16.5.46 host Hamburg2

access-list outside_cryptomap_65 extended permit ip host 172.16.1.2 host Hamburg2

access-list outside_cryptomap_65 extended permit ip host 172.16.5.25 host Hamburg3

access-list outside_cryptomap_65 extended permit ip host 172.16.5.46 host Hamburg3

access-list outside_cryptomap_65 extended permit ip host 172.16.1.2 host Hamburg3

access-list outside_cryptomap_65 extended permit ip host 172.16.5.13 host Hamburg3

access-list outside_cryptomap_65 extended permit ip host 172.16.5.13 host Hamburg4

access-list outside_cryptomap_65 extended permit ip host 172.16.5.46 host Hamburg4

access-list outside_cryptomap_65 extended permit ip host 172.16.5.25 host Hamburg4

access-list outside_cryptomap_65 extended permit ip host 172.16.1.2 host Hamburg4

access-list inside_access_in extended deny tcp any any eq nntp

access-list inside_access_in extended permit ip Ort 255.255.0.0 Google_Networks 255.255.255.0

access-list inside_access_in extended permit ip Ort 255.255.0.0 any

access-list inside_access_in extended permit ip any host 212.63.83.9

access-list inside_access_in extended permit ip host 172.22.2.200 any

access-list outside_cryptomap extended permit ip Ort 255.255.0.0 Berlin 255.255.0.0

access-list outside_cryptomap_1 extended permit ip Ort 255.255.0.0 München 255.255.252.0

access-list outside_cryptomap_2 extended permit ip Ort 255.255.0.0 Aachen 255.255.0.0

access-list outside_cryptomap_4 extended permit ip host 123.123.12.6 host 10.100.3.3

access-list inside extended deny tcp host A-172.16.5.7 any eq nntp

access-list outside_cryptomap_5 extended permit ip Ort 255.255.0.0 192.168.1.0 255.255.255.0

access-list outside_cryptomap_7 extended permit ip Ort 255.255.0.0 host 91.139.255.196

access-list inside_nat_outbound extended permit icmp host 172.16.0.4 host 193.238.199.3

pager lines 24

logging enable

logging timestamp

logging standby

logging buffered informational

logging trap warnings

logging asdm warnings

logging host inside 172.16.1.245 17/1514

flow-export destination inside 172.16.5.37 2055

flow-export destination inside 172.16.1.22 2055

mtu inside 1500

mtu outside 1500

Link zu diesem Kommentar
tester78 Enthusiast

tester78   10

Geschrieben
  • Autor
Geschrieben

mtu dmz 1500

mtu management 1500

ip local pool pool-vpn-ras 172.16.60.0-172.16.60.15 mask 255.255.255.240

failover

failover lan unit secondary

failover lan interface failover Ethernet0/3

failover key *****

failover link failover Ethernet0/3

failover interface ip failover 10.255.40.1 255.255.255.252 standby 10.255.40.2

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-623.bin

no asdm history enable

arp timeout 14400

global (outside) 1 192.168.254.1-192.168.255.254

global (outside) 2 123.123.13.192-123.123.13.250

global (outside) 3 123.123.13.251 netmask 255.255.255.0

nat (inside) 0 access-list inside_outbound_nat0_acl

nat (inside) 3 access-list inside_nat_outbound

nat (inside) 3 172.16.5.100 255.255.255.255

nat (inside) 3 172.16.5.111 255.255.255.255

nat (inside) 3 Ort 255.255.0.0

static (dmz,outside) tcp 123.123.12.88 www 123.123.12.88 8080 netmask 255.255.255.255

static (inside,dmz) 123.123.12.8 123.123.12.8 netmask 255.255.255.255

static (inside,dmz) 123.123.12.4 123.123.12.4 netmask 255.255.255.255

static (inside,dmz) Ort Ort netmask 255.255.0.0

static (inside,outside) 123.123.12.141 172.16.1.244 netmask 255.255.255.255

static (inside,dmz) 123.123.12.17 123.123.12.17 netmask 255.255.255.255

static (inside,outside) 123.123.12.100 172.16.1.245 netmask 255.255.255.255

static (inside,outside) 123.123.12.101 172.16.1.246 netmask 255.255.255.255

static (inside,outside) outside-DienstDemoServer inside-DienstDemoServer netmask 255.255.255.255

static (dmz,outside) 123.123.12.5 123.123.12.5 netmask 255.255.255.255

static (dmz,outside) 123.123.12.6 123.123.12.6 netmask 255.255.255.255

static (dmz,outside) 123.123.12.8 123.123.12.8 netmask 255.255.255.255

static (dmz,outside) 123.123.12.26 123.123.12.26 netmask 255.255.255.255

static (dmz,outside) 123.123.12.4 123.123.12.4 netmask 255.255.255.255

static (dmz,outside) 123.123.12.142 123.123.12.142 netmask 255.255.255.255

static (dmz,outside) 123.123.12.150 123.123.12.150 netmask 255.255.255.255

static (dmz,outside) 123.123.12.53 123.123.12.53 netmask 255.255.255.255

static (dmz,outside) 123.123.12.54 123.123.12.54 netmask 255.255.255.255

static (dmz,outside) 123.123.12.55 123.123.12.55 netmask 255.255.255.255

static (dmz,outside) 123.123.12.57 123.123.12.57 netmask 255.255.255.255

static (dmz,outside) 123.123.12.17 123.123.12.17 netmask 255.255.255.255

static (dmz,outside) 123.123.12.59 123.123.12.59 netmask 255.255.255.255

static (dmz,outside) 123.123.12.60 123.123.12.60 netmask 255.255.255.255

static (outside,inside) 172.22.2.200 123.123.13.140 netmask 255.255.255.255

static (inside,outside) 123.123.13.140 172.16.0.4 netmask 255.255.255.255

static (dmz,outside) 123.123.12.140 123.123.12.140 netmask 255.255.255.255

static (dmz,outside) 123.123.12.28 123.123.12.28 netmask 255.255.255.255

static (inside,dmz) 123.123.12.28 123.123.12.28 netmask 255.255.255.255

Link zu diesem Kommentar
tester78 Enthusiast

tester78   10

Geschrieben
  • Autor
Geschrieben

access-group inside_access_in in interface inside

access-group outside_acl in interface outside

access-group dmz_acl in interface dmz

route outside 0.0.0.0 0.0.0.0 123.123.13.129 1

route inside 172.22.0.0 255.255.0.0 172.16.0.4 1

route inside 192.168.10.0 255.255.255.0 172.16.0.2 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

dynamic-access-policy-record DfltAccessPolicy

aaa-server radius-group protocol radius

aaa-server radius-group (inside) host 172.16.1.245

timeout 5

key ******

http server enable

http 192.168.1.0 255.255.255.0 management

http Ort 255.255.0.0 inside

http 172.30.129.74 255.255.255.255 inside

http 217.7.27.30 255.255.255.255 outside

http 62.91.23.78 255.255.255.255 outside

http 195.64.180.0 255.255.254.0 outside

http 193.238.199.39 255.255.255.255 outside

http Vorarlberg 255.255.255.0 inside

snmp-server host outside 62.91.23.78 community ***** version 2c

snmp-server host inside 172.16.1.22 community ***** version 2c

snmp-server host inside 172.16.5.37 community *****

snmp-server location Halle

no snmp-server contact

snmp-server community *****

snmp-server enable traps snmp authentication linkup linkdown coldstart

sysopt noproxyarp inside

service resetoutside

crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac

crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac

crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac

crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport

crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac

crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac

crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac

crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac

crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac

crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 TRANS_ESP_3DES_SHA

crypto map outside_map 1 match address outside_cryptomap

crypto map outside_map 1 set peer 217.7.27.30

crypto map outside_map 1 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5

Link zu diesem Kommentar
tester78 Enthusiast

tester78   10

Geschrieben
  • Autor
Geschrieben

crypto map outside_map 2 match address outside_cryptomap_1

crypto map outside_map 2 set peer 62.159.239.82

crypto map outside_map 2 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5

crypto map outside_map 3 match address outside_cryptomap_2

crypto map outside_map 3 set peer 217.7.135.66

crypto map outside_map 3 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5

crypto map outside_map 5 match address outside_cryptomap_5

crypto map outside_map 5 set peer 62.154.243.205

crypto map outside_map 5 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5

crypto map outside_map 7 match address outside_cryptomap_7

crypto map outside_map 7 set peer 91.139.255.196

crypto map outside_map 7 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5

crypto map outside_map 9 match address outside_cryptomap_4

crypto map outside_map 9 set pfs group5

crypto map outside_map 9 set peer 213.61.155.186

crypto map outside_map 9 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5

crypto map outside_map 9 set security-association lifetime seconds 7800

crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP

crypto map outside_map interface outside

crypto ca trustpoint ASDM_TrustPoint0

enrollment self

fqdn pix515e

subject-name CN=pix515e

no client-types

crl configure

crypto isakmp enable outside

crypto isakmp policy 2

authentication pre-share

encryption 3des

hash md5

group 2

lifetime 86400

crypto isakmp policy 10

authentication pre-share

encryption aes

hash sha

group 2

lifetime 86400

crypto isakmp policy 30

authentication pre-share

encryption 3des

hash sha

group 2

Link zu diesem Kommentar
tester78 Enthusiast

tester78   10

Geschrieben
  • Autor
Geschrieben

lifetime 86400

crypto isakmp policy 100

authentication pre-share

encryption aes-256

hash sha

group 5

lifetime 7800

no crypto isakmp nat-traversal

telnet 172.16.4.14 255.255.255.255 inside

telnet 172.16.1.250 255.255.255.255 inside

telnet timeout 5

ssh Ort 255.255.0.0 inside

ssh 172.16.1.250 255.255.255.255 inside

ssh 191.238.176.4 255.255.255.255 outside

ssh timeout 5

ssh version 2

console timeout 5

management-access inside

threat-detection basic-threat

threat-detection scanning-threat shun

threat-detection statistics

threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200

ntp server 80.81.187.1 source outside prefer

webvpn

group-policy DefaultRAGroup internal

group-policy DefaultRAGroup attributes

dns-server value 172.16.1.245 172.16.1.246

vpn-tunnel-protocol l2tp-ipsec

default-domain value xy.de

username admin password xy123 encrypted

tunnel-group DefaultRAGroup general-attributes

address-pool pool-vpn-ras

authentication-server-group radius-group

default-group-policy DefaultRAGroup

tunnel-group DefaultRAGroup ipsec-attributes

pre-shared-key *

tunnel-group 62.159.239.82 type ipsec-l2l

tunnel-group 62.159.239.82 ipsec-attributes

pre-shared-key *

tunnel-group 217.7.135.66 type ipsec-l2l

tunnel-group 217.7.135.66 ipsec-attributes

pre-shared-key *

tunnel-group 217.7.27.30 type ipsec-l2l

tunnel-group 217.7.27.30 ipsec-attributes

pre-shared-key *

tunnel-group 62.154.243.205 type ipsec-l2l

tunnel-group 62.154.243.205 ipsec-attributes

pre-shared-key *

tunnel-group 213.61.155.186 type ipsec-l2l

tunnel-group 213.61.155.186 ipsec-attributes

pre-shared-key *

tunnel-group 91.139.255.196 type ipsec-l2l

tunnel-group 91.139.255.196 ipsec-attributes

pre-shared-key *

Link zu diesem Kommentar
tester78 Enthusiast

tester78   10

Geschrieben
  • Autor
Geschrieben

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

parameters

message-length maximum 512

policy-map type inspect dns migrated_dns_map_1

parameters

message-length maximum 512

policy-map global_policy

class inspection_default

inspect dns migrated_dns_map_1

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp

inspect http

inspect pptp

inspect snmp

!

service-policy global_policy global

prompt hostname context state priority

Cryptochecksum:baf25d27786c6c7c40878734e2715

: end

asdm image disk0:/asdm-623.bin

asdm location new-york-net 255.255.255.0 inside

asdm location Google_Networks 255.255.255.0 inside

asdm location 123.123.12.101 255.255.255.255 inside

asdm location outside-DienstDemoServer 255.255.255.255 inside

asdm location inside-DienstDemoServer 255.255.255.255 inside

asdm location A-172.16.5.7 255.255.255.255 inside

asdm location EA-VPN-Users 255.255.255.0 inside

no asdm history enable

Link zu diesem Kommentar
Der letzte Beitrag zu diesem Thema ist mehr als 180 Tage alt. Bitte erstelle einen neuen Beitrag zu Deiner Anfrage!

Schreibe einen Kommentar

Du kannst jetzt antworten und Dich später registrieren. Falls Du bereits ein Mitglied bist, logge Dich jetzt ein.

Gast
Auf dieses Thema antworten...

×   Du hast formatierten Text eingefügt.   Formatierung jetzt entfernen

  Only 75 emoji are allowed.

×   Dein Link wurde automatisch eingebettet.   Einbetten rückgängig machen und als Link darstellen

×   Dein vorheriger Inhalt wurde wiederhergestellt.   Editor-Fenster leeren

×   Du kannst Bilder nicht direkt einfügen. Lade Bilder hoch oder lade sie von einer URL.

×
Zurück zur Übersicht


×
×
  • Neu erstellen...