精选文章 ASA 5520 双线负载

ASA 5520 双线负载

作者:weixin_34221773 时间: 2010-03-08 05:20:39
weixin_34221773 2010-03-08 05:20:39
网通和电信地址分段均从网上搜集到的,

另配置了 IPSEC LAN 2 LAN


: Saved
:
ASA Version 8.0(3)
!
hostname ciscoasa
domain-name domainname.com
enable password NMxA5vHVCmm encrypted
names
dns-guard
!
interface GigabitEthernet0/0
 nameif outside
 security-level 0
 ip address X.X.X.7 255.255.255.224
!
interface GigabitEthernet0/1
 nameif outside1
 security-level 0
 ip address X.X.X.2 255.255.255.240
!
interface GigabitEthernet0/2
 nameif inside
 security-level 100
 ip address 10.10.10.8 255.255.255.0
!
interface GigabitEthernet0/3
 shutdown
 nameif dmz
 security-level 80
 ip address 100.100.100.1 255.255.255.0
!
interface Management0/0
 nameif guanli
 security-level 100
 ip address 192.168.100.230 255.255.255.0
!
passwd 173MxbCczggFOk1n encrypted
boot system disk0:/asa803.bin
ftp mode passive
clock timezone HKST 8
dns server-group DefaultDNS
 domain-name domainname.com
access-list acl_out extended permit tcp any host X.X.X.5 eq smtp
access-list acl_out extended permit tcp any host X.X.X.5 eq pop3
access-list acl_out extended permit tcp any host X.X.X.5 eq www
access-list acl_out extended permit tcp any host X.X.X.5 eq 2008
access-list acl_out extended permit icmp any any
access-list acl_out extended permit gre any any
access-list acl_out extended permit tcp any host X.X.X.3 eq ftp
access-list acl_out extended permit tcp any host X.X.X.4 eq www
access-list acl_out extended permit tcp any host X.X.X.6 eq www
access-list acl_out extended permit tcp any host X.X.X.4 eq 8888
access-list acl_out extended permit tcp any host X.X.X.5 eq pptp
access-list acl_out extended permit tcp any host X.X.X.3 eq 47
access-list acl_out extended permit tcp any host X.X.X.2 eq 81
access-list acl_out extended permit tcp any host X.X.X.2 eq 82
access-list acl_out extended permit tcp any host X.X.X.2 eq 83
access-list acl_out extended permit tcp any host X.X.X.2 eq 84
access-list acl_out extended permit tcp any host X.X.X.8 eq www
access-list acl_out extended permit tcp any host X.X.X.1 eq 8080
access-list acl_out extended permit tcp any host X.X.X.8 eq www
access-list acl_out extended permit tcp any host X.X.X.3 eq 8001
access-list acl_out extended permit tcp any host X.X.X.0 eq ftp
access-list acl_out extended permit tcp any host X.X.X.1 eq www
access-list acl_out extended permit tcp any host X.X.X.0 eq 8080
access-list acl_out extended permit tcp any host X.X.X.8 eq 8080
access-list acl_out extended permit tcp any host X.X.X.4 eq www
access-list acl_out extended permit tcp any host X.X.X.0 eq www
access-list acl_out extended permit tcp any host X.X.X.4 eq 3389
access-list acl_out extended permit tcp any host X.X.X.9 eq www
access-list acl_out extended permit tcp any host X.X.X.9 eq ftp-data
access-list acl_out extended permit tcp any host X.X.X.9 eq ftp
access-list acl_out extended permit tcp any host X.X.X.9 eq smtp
access-list acl_out extended permit tcp any host X.X.X.9 eq 90
access-list acl_out extended permit tcp any host X.X.X.9 eq pop3
access-list acl_out extended permit tcp any host X.X.X.9 eq 1000
access-list acl_out extended permit tcp any host X.X.X.9 eq 1433
access-list acl_out extended permit tcp any host X.X.X.9 eq 2401
access-list acl_out extended permit tcp any host X.X.X.9 eq 3000
access-list acl_out extended permit tcp any host X.X.X.9 eq 3306
access-list acl_out extended permit tcp any host X.X.X.9 eq 3389
access-list acl_out extended permit tcp any host X.X.X.5 eq ftp
access-list acl-out extended permit icmp any any
access-list *** extended permit ip 10.10.10.0 255.255.255.0 192.168.233.0 255.255.255.0
access-list nonat extended permit ip 10.10.10.0 255.255.255.0 192.168.233.0 255.255.255.0
access-list nonat extended permit ip 10.10.10.0 255.255.255.0 192.168.220.0 255.255.255.0
access-list ***1 extended permit ip 10.10.10.0 255.255.255.0 192.168.220.0 255.255.255.0
access-list 201 extended deny tcp any any eq 593
access-list 201 extended deny tcp any any eq 1434
access-list 201 extended deny tcp any any eq 2500
access-list 201 extended deny tcp any any eq 4444
access-list 201 extended deny tcp any any eq 5900
access-list 201 extended deny tcp any any eq 6346
access-list 201 extended deny tcp any any eq 6667
access-list 201 extended deny tcp any any eq 9393
access-list 201 extended deny udp any any eq 135
access-list 201 extended deny udp any any eq netbios-ns
access-list 201 extended deny udp any any eq 445
access-list 201 extended deny udp any any eq 593
access-list 201 extended deny udp any any eq 1434
access-list 201 extended deny tcp any any eq 9995
access-list 201 extended deny tcp any any eq 5554
access-list 201 extended deny tcp any any eq 9996
access-list 201 extended deny udp any any eq 6346
access-list 201 extended deny udp any any eq 6881
access-list 201 extended deny udp any any eq 6882
access-list 201 extended deny udp any any eq 6883
access-list 201 extended deny udp any any eq 6885
access-list 201 extended deny udp any any eq 6886
access-list 201 extended deny udp any any eq 6887
access-list 201 extended deny udp any any eq 6888
access-list 201 extended deny udp any any eq 6889
access-list 201 extended deny tcp any any eq 6881
access-list 201 extended deny tcp any any eq 6882
access-list 201 extended deny tcp any any eq 6883
access-list 201 extended deny tcp any any eq 6884
access-list 201 extended deny tcp any any eq 6885
access-list 201 extended deny tcp any any eq 6886
access-list 201 extended deny tcp any any eq 6887
access-list 201 extended deny tcp any any eq 6888
access-list 201 extended deny tcp any any eq 6889
access-list 201 extended deny tcp any any eq 135
access-list 201 extended deny tcp any any eq 445
access-list 201 extended deny tcp any any eq 137
access-list 201 extended deny tcp any any eq netbios-ssn
access-list 201 extended permit ip any any
access-list 201 extended deny udp any any eq 139
access-list acl_out1 extended permit gre any any
access-list acl_out1 extended permit icmp any any
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu outside1 1500
mtu inside 1500
mtu guanli 1500
mtu dmz 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm p_w_picpath disk0:/asdm-603.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
global (outside1) 1 interface
nat (inside) 0 access-list nonat
nat (inside) 1 10.10.10.0 255.255.255.0
nat (inside) 1 192.168.201.0 255.255.255.0
nat (inside) 1 192.168.202.0 255.255.255.0
nat (inside) 1 10.10.10.0 255.255.255.0
nat (inside) 1 192.168.204.0 255.255.255.0
nat (inside) 1 192.168.205.0 255.255.255.0
nat (inside) 1 192.168.206.0 255.255.255.0
nat (inside) 1 192.168.207.0 255.255.255.0
nat (inside) 1 192.168.208.0 255.255.255.0
alias (inside) 10.10.10.14 X.X.X.6 255.255.255.255
alias (inside) 10.10.10.10 X.X.X.5 255.255.255.255
alias (inside) 10.10.10.40 X.X.X.8 255.255.255.255
alias (inside) 10.10.10.35 X.X.X.2 255.255.255.255
alias (inside) 10.10.10.5 X.X.X.0 255.255.255.255
alias (inside) 10.10.10.120 X.X.X.1 255.255.255.255
alias (inside) 10.10.10.123 X.X.X.4 255.255.255.255
static (inside,outside) X.X.X.3 10.10.10.130 netmask 255.255.255.255
static (inside,outside) X.X.X.6 10.10.10.14 netmask 255.255.255.255
static (inside,outside) X.X.X.2 10.10.10.35 netmask 255.255.255.255
static (inside,outside) X.X.X.8 10.10.10.40 netmask 255.255.255.255
static (inside,outside) X.X.X.7 10.10.10.12 netmask 255.255.255.255
static (inside,outside) X.X.X.8 10.10.10.113 netmask 255.255.255.255
static (inside,outside) X.X.X.3 10.10.10.119 netmask 255.255.255.255
static (inside,outside) X.X.X.1 10.10.10.110 netmask 255.255.255.255
static (inside,outside) X.X.X.2 10.10.10.111 netmask 255.255.255.255
static (inside,outside) X.X.X.3 10.10.10.112 netmask 255.255.255.255
static (inside,outside) X.X.X.4 10.10.10.113 netmask 255.255.255.255
static (inside,outside) X.X.X.5 10.10.10.22 netmask 255.255.255.255
static (inside,outside) X.X.X.0 10.10.10.5 netmask 255.255.255.255
static (inside,outside) X.X.X.1 10.10.10.120 netmask 255.255.255.255
static (inside,outside) X.X.X.5 10.10.10.10 netmask 255.255.255.255
static (inside,outside) X.X.X.4 10.10.10.123 netmask 255.255.255.255
static (inside,outside) X.X.X.9 10.10.10.126 netmask 255.255.255.255
static (inside,outside1) X.X.X.4 192.168.207.20 netmask 255.255.255.255
access-group acl_out in interface outside
access-group acl_out1 in interface outside1
access-group 201 in interface inside
route outside 0.0.0.0 0.0.0.0 X.X.X.6 1
route outside1 0.0.0.0 0.0.0.0 X.X.X.1 10
route outside 58.16.0.0 255.255.0.0 X.X.X.6 1
route outside 58.17.0.0 255.255.128.0 X.X.X.6 1
route outside 58.18.0.0 255.255.0.0 X.X.X.6 1
route outside 58.19.0.0 255.255.0.0 X.X.X.6 1
route outside 58.20.0.0 255.255.0.0 X.X.X.6 1
route outside 58.22.0.0 255.254.0.0 X.X.X.6 1
route outside1 58.32.0.0 255.248.0.0 X.X.X.1 1
route outside1 58.40.0.0 255.254.0.0 X.X.X.1 1
route outside1 58.42.0.0 255.255.0.0 X.X.X.1 1
route outside1 58.44.0.0 255.252.0.0 X.X.X.1 1
route outside1 58.48.0.0 255.248.0.0 X.X.X.1 1
route outside1 58.56.0.0 255.254.0.0 X.X.X.1 1
route outside1 58.58.0.0 255.255.0.0 X.X.X.1 1
route outside1 58.59.0.0 255.255.128.0 X.X.X.1 1
route outside1 58.59.128.0 255.255.128.0 X.X.X.1 1
route outside1 58.60.0.0 255.252.0.0 X.X.X.1 1
route outside 58.100.0.0 255.254.0.0 X.X.X.6 1
route outside1 58.208.0.0 255.240.0.0 X.X.X.1 1
route outside 58.240.0.0 255.240.0.0 X.X.X.6 1
route outside1 59.40.0.0 255.254.0.0 X.X.X.1 1
route outside1 59.42.0.0 255.255.0.0 X.X.X.1 1
route outside1 59.44.0.0 255.252.0.0 X.X.X.1 1
route outside1 59.48.0.0 255.255.0.0 X.X.X.1 1
route outside1 59.49.0.0 255.255.128.0 X.X.X.1 1
route outside1 59.49.128.0 255.255.128.0 X.X.X.1 1
route outside1 59.50.0.0 255.255.0.0 X.X.X.1 1
route outside1 59.51.0.0 255.255.128.0 X.X.X.1 1
route outside1 59.51.128.0 255.255.128.0 X.X.X.1 1
route outside1 59.52.0.0 255.252.0.0 X.X.X.1 1
route outside1 59.56.0.0 255.252.0.0 X.X.X.1 1
route outside1 59.60.0.0 255.254.0.0 X.X.X.1 1
route outside1 59.62.0.0 255.254.0.0 X.X.X.1 1
route outside 59.80.0.0 255.252.0.0 X.X.X.6 1
route outside 60.0.0.0 255.248.0.0 X.X.X.6 1
route outside 60.8.0.0 255.252.0.0 X.X.X.6 1
route outside 60.12.0.0 255.255.0.0 X.X.X.6 1
route outside 60.13.0.0 255.255.192.0 X.X.X.6 1
route outside 60.13.128.0 255.255.128.0 X.X.X.6 1
route outside 60.14.0.0 255.254.0.0 X.X.X.6 1
route outside 60.16.0.0 255.240.0.0 X.X.X.6 1
route outside 60.55.0.0 255.255.0.0 X.X.X.6 1
route outside1 60.160.0.0 255.254.0.0 X.X.X.1 1
route outside1 60.162.0.0 255.254.0.0 X.X.X.1 1
route outside1 60.164.0.0 255.254.0.0 X.X.X.1 1
route outside1 60.166.0.0 255.254.0.0 X.X.X.1 1
route outside1 60.168.0.0 255.248.0.0 X.X.X.1 1
route outside1 60.176.0.0 255.240.0.0 X.X.X.1 1
route outside 60.208.0.0 255.240.0.0 X.X.X.6 1
route outside 60.216.0.0 255.254.0.0 X.X.X.6 1
route outside 60.220.0.0 255.252.0.0 X.X.X.6 1
route outside 61.4.64.0 255.255.240.0 X.X.X.6 1
route outside 61.47.128.0 255.255.192.0 X.X.X.6 1
route outside 61.48.0.0 255.248.0.0 X.X.X.6 1
route outside 61.128.210.0 255.255.255.0 X.X.X.6 1
route outside 61.133.0.0 255.255.128.0 X.X.X.6 1
route outside1 61.133.128.0 255.255.128.0 X.X.X.1 1
route outside1 61.134.64.0 255.255.224.0 X.X.X.1 1
route outside 61.134.96.0 255.255.224.0 X.X.X.6 1
route outside 61.134.128.0 255.255.128.0 X.X.X.6 1
route outside 61.135.0.0 255.255.0.0 X.X.X.6 1
route outside 61.136.0.0 255.255.0.0 X.X.X.6 1
route outside1 61.136.128.0 255.255.128.0 X.X.X.1 1
route outside1 61.137.0.0 255.255.128.0 X.X.X.1 1
route outside 61.137.128.0 255.255.128.0 X.X.X.6 1
route outside 61.138.0.0 255.255.128.0 X.X.X.6 1
route outside1 61.138.192.0 255.255.192.0 X.X.X.1 1
route outside1 61.139.0.0 255.255.128.0 X.X.X.1 1
route outside 61.139.128.0 255.255.192.0 X.X.X.6 1
route outside1 61.139.192.0 255.255.192.0 X.X.X.1 1
route outside1 61.140.0.0 255.252.0.0 X.X.X.1 1
route outside 61.144.0.0 255.248.0.0 X.X.X.6 1
route outside1 61.144.0.0 255.252.0.0 X.X.X.1 1
route outside 61.148.0.0 255.254.0.0 X.X.X.6 1
route outside1 61.152.0.0 255.252.0.0 X.X.X.1 1
route outside 61.156.0.0 255.255.0.0 X.X.X.6 1
route outside1 61.157.0.0 255.255.0.0 X.X.X.1 1
route outside 61.158.0.0 255.255.0.0 X.X.X.6 1
route outside 61.159.0.0 255.255.192.0 X.X.X.6 1
route outside1 61.159.64.0 255.255.192.0 X.X.X.1 1
route outside1 61.159.128.0 255.255.128.0 X.X.X.1 1
route outside1 61.160.0.0 255.255.0.0 X.X.X.1 1
route outside 61.161.0.0 255.255.192.0 X.X.X.6 1
route outside1 61.161.64.0 255.255.192.0 X.X.X.1 1
route outside 61.161.128.0 255.255.128.0 X.X.X.6 1
route outside 61.162.0.0 255.254.0.0 X.X.X.6 1
route outside1 61.164.0.0 255.254.0.0 X.X.X.1 1
route outside1 61.166.0.0 255.255.0.0 X.X.X.1 1
route outside 61.167.0.0 255.255.0.0 X.X.X.6 1
route outside 61.168.0.0 255.255.0.0 X.X.X.6 1
route outside1 61.169.0.0 255.255.0.0 X.X.X.1 1
route outside1 61.170.0.0 255.254.0.0 X.X.X.1 1
route outside1 61.172.0.0 255.252.0.0 X.X.X.1 1
route outside 61.176.0.0 255.255.0.0 X.X.X.6 1
route outside1 61.177.0.0 255.255.0.0 X.X.X.1 1
route outside1 61.178.0.0 255.255.0.0 X.X.X.1 1
route outside 61.179.0.0 255.255.0.0 X.X.X.6 1
route outside1 61.180.0.0 255.255.128.0 X.X.X.1 1
route outside 61.180.13.0 255.255.255.0 X.X.X.6 1
route outside 61.180.128.0 255.255.128.0 X.X.X.6 1
route outside 61.181.0.0 255.255.0.0 X.X.X.6 1
route outside 61.182.0.0 255.255.0.0 X.X.X.6 1
route outside1 61.183.0.0 255.255.0.0 X.X.X.1 1
route outside1 61.184.0.0 255.252.0.0 X.X.X.1 1
route outside1 61.188.0.0 255.255.0.0 X.X.X.1 1
route outside 61.189.0.0 255.255.128.0 X.X.X.6 1
route outside1 61.189.128.0 255.255.128.0 X.X.X.1 1
route outside1 61.190.0.0 255.254.0.0 X.X.X.1 1
route outside 61.236.0.0 255.254.0.0 X.X.X.6 1
route outside 61.237.148.0 255.255.255.0 X.X.X.6 1
route outside 125.32.0.0 255.255.0.0 X.X.X.6 1
route outside 125.58.128.0 255.255.128.0 X.X.X.6 1
route outside1 125.64.0.0 255.248.0.0 X.X.X.1 1
route outside1 125.72.0.0 255.255.0.0 X.X.X.1 1
route outside1 125.73.0.0 255.255.0.0 X.X.X.1 1
route outside1 125.80.0.0 255.248.0.0 X.X.X.1 1
route outside1 125.88.0.0 255.248.0.0 X.X.X.1 1
route outside1 125.104.0.0 255.248.0.0 X.X.X.1 1
route outside1 125.112.0.0 255.240.0.0 X.X.X.1 1
route inside 192.168.201.0 255.255.255.0 10.10.10.254 1
route inside 192.168.202.0 255.255.255.0 10.10.10.254 1
route inside 10.10.10.0 255.255.255.0 10.10.10.254 1
route inside 192.168.204.0 255.255.255.0 10.10.10.254 1
route inside 192.168.205.0 255.255.255.0 10.10.10.254 1
route inside 192.168.206.0 255.255.255.0 10.10.10.254 1
route inside 192.168.207.0 255.255.255.0 10.10.10.254 1
route outside 202.4.252.0 255.255.252.0 X.X.X.6 1
route outside 202.8.128.0 255.255.224.0 X.X.X.6 1
route outside 202.10.64.0 255.255.240.0 X.X.X.6 1
route outside 202.14.235.0 255.255.255.0 X.X.X.6 1
route outside 202.14.236.0 255.255.254.0 X.X.X.6 1
route outside 202.14.238.0 255.255.255.0 X.X.X.6 1
route outside 202.38.164.0 255.255.252.0 X.X.X.6 1
route outside 202.63.248.0 255.255.252.0 X.X.X.6 1
route outside 202.69.4.0 255.255.252.0 X.X.X.6 1
route outside 202.85.208.0 255.255.240.0 X.X.X.6 1
route outside 202.90.224.0 255.255.240.0 X.X.X.6 1
route outside 202.91.0.0 255.255.252.0 X.X.X.6 1
route outside 202.91.128.0 255.255.252.0 X.X.X.6 1
route outside 202.91.176.0 255.255.240.0 X.X.X.6 1
route outside 202.94.0.0 255.255.224.0 X.X.X.6 1
route outside 202.95.0.0 255.255.224.0 X.X.X.6 1
route outside 202.96.0.0 255.240.0.0 X.X.X.6 1
route outside1 202.96.96.0 255.255.248.0 X.X.X.1 1
route outside1 202.96.104.0 255.255.248.0 X.X.X.1 1
route outside1 202.96.112.0 255.255.240.0 X.X.X.1 1
route outside1 202.96.128.0 255.255.248.0 X.X.X.1 1
route outside1 202.96.136.0 255.255.248.0 X.X.X.1 1
route outside1 202.96.144.0 255.255.240.0 X.X.X.1 1
route outside1 202.96.160.0 255.255.248.0 X.X.X.1 1
route outside1 202.96.168.0 255.255.248.0 X.X.X.1 1
route outside1 202.96.176.0 255.255.240.0 X.X.X.1 1
route outside1 202.96.200.0 255.255.248.0 X.X.X.1 1
route outside1 202.96.208.0 255.255.240.0 X.X.X.1 1
route outside1 202.96.224.0 255.255.248.0 X.X.X.1 1
route outside1 202.97.0.0 255.255.248.0 X.X.X.1 1
route outside1 202.97.8.0 255.255.248.0 X.X.X.1 1
route outside1 202.97.16.0 255.255.240.0 X.X.X.1 1
route outside1 202.97.32.0 255.255.224.0 X.X.X.1 1
route outside1 202.97.64.0 255.255.224.0 X.X.X.1 1
route outside1 202.97.96.0 255.255.240.0 X.X.X.1 1
route outside1 202.97.112.0 255.255.240.0 X.X.X.1 1
route outside1 202.98.32.0 255.255.248.0 X.X.X.1 1
route outside1 202.98.48.0 255.255.240.0 X.X.X.1 1
route outside1 202.98.64.0 255.255.224.0 X.X.X.1 1
route outside1 202.98.96.0 255.255.248.0 X.X.X.1 1
route outside1 202.98.128.0 255.255.224.0 X.X.X.1 1
route outside1 202.98.160.0 255.255.248.0 X.X.X.1 1
route outside1 202.98.168.0 255.255.248.0 X.X.X.1 1
route outside1 202.98.192.0 255.255.248.0 X.X.X.1 1
route outside1 202.98.200.0 255.255.248.0 X.X.X.1 1
route outside1 202.98.208.0 255.255.240.0 X.X.X.1 1
route outside1 202.98.224.0 255.255.248.0 X.X.X.1 1
route outside1 202.98.232.0 255.255.248.0 X.X.X.1 1
route outside1 202.98.240.0 255.255.240.0 X.X.X.1 1
route outside1 202.99.192.0 255.255.248.0 X.X.X.1 1
route outside1 202.100.96.0 255.255.248.0 X.X.X.1 1
route outside1 202.100.104.0 255.255.248.0 X.X.X.1 1
route outside1 202.100.112.0 255.255.240.0 X.X.X.1 1
route outside1 202.100.136.0 255.255.248.0 X.X.X.1 1
route outside1 202.100.160.0 255.255.248.0 X.X.X.1 1
route outside1 202.100.168.0 255.255.248.0 X.X.X.1 1
route outside1 202.100.176.0 255.255.240.0 X.X.X.1 1
route outside1 202.100.192.0 255.255.248.0 X.X.X.1 1
route outside1 202.100.208.0 255.255.240.0 X.X.X.1 1
route outside1 202.100.224.0 255.255.224.0 X.X.X.1 1
route outside1 202.101.0.0 255.255.192.0 X.X.X.1 1
route outside1 202.101.64.0 255.255.224.0 X.X.X.1 1
route outside1 202.101.96.0 255.255.224.0 X.X.X.1 1
route outside1 202.101.128.0 255.255.192.0 X.X.X.1 1
route outside1 202.101.224.0 255.255.248.0 X.X.X.1 1
route outside1 202.102.0.0 255.255.224.0 X.X.X.1 1
route outside1 202.102.32.0 255.255.224.0 X.X.X.1 1
route outside1 202.102.64.0 255.255.192.0 X.X.X.1 1
route outside1 202.103.0.0 255.255.248.0 X.X.X.1 1
route outside1 202.103.8.0 255.255.248.0 X.X.X.1 1
route outside1 202.103.16.0 255.255.240.0 X.X.X.1 1
route outside1 202.103.32.0 255.255.224.0 X.X.X.1 1
route outside1 202.103.192.0 255.255.224.0 X.X.X.1 1
route outside1 202.103.224.0 255.255.248.0 X.X.X.1 1
route outside1 202.104.0.0 255.254.0.0 X.X.X.1 1
route outside1 202.107.128.0 255.255.128.0 X.X.X.1 1
route outside1 202.109.0.0 255.255.0.0 X.X.X.1 1
route outside1 202.110.128.0 255.255.192.0 X.X.X.1 1
route outside1 202.111.0.0 255.255.128.0 X.X.X.1 1
route outside 202.122.32.0 255.255.248.0 X.X.X.6 1
route outside 202.122.64.0 255.255.224.0 X.X.X.6 1
route outside 202.123.96.0 255.255.240.0 X.X.X.6 1
route outside 202.127.0.0 255.255.248.0 X.X.X.6 1
route outside 202.127.212.0 255.255.252.0 X.X.X.6 1
route outside 202.136.252.0 255.255.252.0 X.X.X.6 1
route outside 202.180.128.0 255.255.224.0 X.X.X.6 1
route outside 203.79.0.0 255.255.240.0 X.X.X.6 1
route outside 203.90.0.0 255.255.252.0 X.X.X.6 1
route outside 203.90.192.0 255.255.224.0 X.X.X.6 1
route outside 203.93.0.0 255.255.0.0 X.X.X.6 1
route outside 203.128.128.0 255.255.224.0 X.X.X.6 1
route outside 203.134.240.0 255.255.248.0 X.X.X.6 1
route outside 203.175.128.0 255.255.224.0 X.X.X.6 1
route outside 203.175.192.0 255.255.192.0 X.X.X.6 1
route outside 203.196.0.0 255.255.248.0 X.X.X.6 1
route outside 203.207.64.0 255.255.192.0 X.X.X.6 1
route outside 203.207.128.0 255.255.128.0 X.X.X.6 1
route outside 210.12.0.0 255.254.0.0 X.X.X.6 1
route outside 210.14.160.0 255.255.224.0 X.X.X.6 1
route outside 210.14.192.0 255.255.192.0 X.X.X.6 1
route outside 210.15.0.0 255.255.128.0 X.X.X.6 1
route outside 210.15.128.0 255.255.192.0 X.X.X.6 1
route outside 210.21.0.0 255.255.0.0 X.X.X.6 1
route outside 210.22.0.0 255.255.0.0 X.X.X.6 1
route outside 210.45.128.0 255.255.240.0 X.X.X.6 1
route outside 210.51.0.0 255.255.0.0 X.X.X.6 1
route outside 210.52.0.0 255.254.0.0 X.X.X.6 1
route outside 210.72.96.0 255.255.240.0 X.X.X.6 1
route outside 210.73.32.0 255.255.224.0 X.X.X.6 1
route outside 210.74.96.0 255.255.224.0 X.X.X.6 1
route outside 210.74.128.0 255.255.224.0 X.X.X.6 1
route outside 210.78.0.0 255.255.224.0 X.X.X.6 1
route outside 210.82.0.0 255.254.0.0 X.X.X.6 1
route outside 211.64.0.0 255.248.0.0 X.X.X.6 1
route outside 211.95.192.0 255.255.192.0 X.X.X.6 1
route outside 211.97.245.0 255.255.255.0 X.X.X.6 1
route outside 211.144.0.0 255.240.0.0 X.X.X.6 1
route outside 211.163.0.0 255.255.0.0 X.X.X.6 1
route outside 218.4.0.0 255.252.0.0 X.X.X.6 1
route outside1 218.4.0.0 255.254.0.0 X.X.X.1 1
route outside1 218.6.0.0 255.255.0.0 X.X.X.1 1
route outside 218.8.0.0 255.252.0.0 X.X.X.6 1
route outside 218.12.0.0 255.255.0.0 X.X.X.6 1
route outside1 218.13.0.0 255.255.0.0 X.X.X.1 1
route outside1 218.14.0.0 255.254.0.0 X.X.X.1 1
route outside1 218.16.0.0 255.252.0.0 X.X.X.1 1
route outside1 218.20.0.0 255.255.0.0 X.X.X.1 1
route outside1 218.21.0.0 255.255.128.0 X.X.X.1 1
route outside 218.21.128.0 255.255.128.0 X.X.X.6 1
route outside1 218.22.0.0 255.254.0.0 X.X.X.1 1
route outside 218.24.0.0 255.252.0.0 X.X.X.6 1
route outside 218.28.0.0 255.254.0.0 X.X.X.6 1
route outside1 218.30.0.0 255.254.0.0 X.X.X.1 1
route outside 218.56.0.0 255.252.0.0 X.X.X.6 1
route outside 218.60.0.0 255.254.0.0 X.X.X.6 1
route outside 218.62.0.0 255.255.128.0 X.X.X.6 1
route outside1 218.62.128.0 255.255.128.0 X.X.X.1 1
route outside1 218.63.0.0 255.255.0.0 X.X.X.1 1
route outside1 218.64.0.0 255.254.0.0 X.X.X.1 1
route outside1 218.66.0.0 255.255.0.0 X.X.X.1 1
route outside1 218.67.0.0 255.255.128.0 X.X.X.1 1
route outside 218.67.128.0 255.255.128.0 X.X.X.6 1
route outside 218.68.0.0 255.254.0.0 X.X.X.6 1
route outside1 218.70.0.0 255.254.0.0 X.X.X.1 1
route outside1 218.72.0.0 255.248.0.0 X.X.X.1 1
route outside1 218.80.0.0 255.240.0.0 X.X.X.1 1
route outside 218.96.0.0 255.252.0.0 X.X.X.6 1
route outside 218.104.0.0 255.255.0.0 X.X.X.6 1
route outside 218.106.0.0 255.254.0.0 X.X.X.6 1
route outside 218.108.0.0 255.254.0.0 X.X.X.6 1
route outside 219.82.0.0 255.255.0.0 X.X.X.6 1
route outside1 219.128.0.0 255.240.0.0 X.X.X.1 1
route outside 219.141.128.0 255.255.128.0 X.X.X.6 1
route outside 219.142.0.0 255.254.0.0 X.X.X.6 1
route outside1 219.144.0.0 255.248.0.0 X.X.X.1 1
route outside1 219.152.0.0 255.254.0.0 X.X.X.1 1
route outside 219.154.0.0 255.254.0.0 X.X.X.6 1
route outside 219.156.0.0 255.254.0.0 X.X.X.6 1
route outside 219.158.0.0 255.255.0.0 X.X.X.6 1
route outside 219.159.0.0 255.255.192.0 X.X.X.6 1
route outside1 219.159.64.0 255.255.192.0 X.X.X.1 1
route outside1 219.159.128.0 255.255.128.0 X.X.X.1 1
route outside 219.216.0.0 255.248.0.0 X.X.X.6 1
route outside1 220.160.0.0 255.224.0.0 X.X.X.1 1
route outside 220.192.0.0 255.240.0.0 X.X.X.6 1
route outside 220.248.0.0 255.252.0.0 X.X.X.6 1
route outside 220.250.0.0 255.255.0.0 X.X.X.6 1
route outside 220.252.0.0 255.255.0.0 X.X.X.6 1
route outside 221.0.0.0 255.248.0.0 X.X.X.6 1
route outside 221.6.0.0 255.255.0.0 X.X.X.6 1
route outside 221.7.0.0 255.255.192.0 X.X.X.6 1
route outside 221.7.64.0 255.255.224.0 X.X.X.6 1
route outside 221.7.128.0 255.255.128.0 X.X.X.6 1
route outside 221.8.0.0 255.254.0.0 X.X.X.6 1
route outside 221.10.0.0 255.255.0.0 X.X.X.6 1
route outside 221.11.0.0 255.255.128.0 X.X.X.6 1
route outside 221.11.128.0 255.255.192.0 X.X.X.6 1
route outside 221.11.192.0 255.255.224.0 X.X.X.6 1
route outside 221.12.0.0 255.255.128.0 X.X.X.6 1
route outside 221.13.0.0 255.255.0.0 X.X.X.6 1
route outside 221.14.0.0 255.254.0.0 X.X.X.6 1
route outside 221.122.0.0 255.254.0.0 X.X.X.6 1
route outside 221.136.0.0 255.254.0.0 X.X.X.6 1
route outside 221.172.0.0 255.252.0.0 X.X.X.6 1
route outside 221.192.0.0 255.252.0.0 X.X.X.6 1
route outside 221.196.0.0 255.254.0.0 X.X.X.6 1
route outside 221.198.0.0 255.255.0.0 X.X.X.6 1
route outside 221.199.0.0 255.255.224.0 X.X.X.6 1
route outside 221.199.32.0 255.255.240.0 X.X.X.6 1
route outside 221.199.128.0 255.255.192.0 X.X.X.6 1
route outside 221.199.192.0 255.255.240.0 X.X.X.6 1
route outside 221.200.0.0 255.248.0.0 X.X.X.6 1
route outside 221.207.0.0 255.255.192.0 X.X.X.6 1
route outside 221.208.0.0 255.240.0.0 X.X.X.6 1
route outside 221.208.0.0 255.252.0.0 X.X.X.6 1
route outside1 221.224.0.0 255.248.0.0 X.X.X.1 1
route outside1 221.232.0.0 255.252.0.0 X.X.X.1 1
route outside1 221.236.0.0 255.254.0.0 X.X.X.1 1
route outside1 221.238.0.0 255.255.0.0 X.X.X.1 1
route outside1 221.239.0.0 255.255.128.0 X.X.X.1 1
route outside1 221.239.128.0 255.255.128.0 X.X.X.1 1
route outside 222.32.0.0 255.224.0.0 X.X.X.6 1
route outside1 222.72.0.0 255.254.0.0 X.X.X.1 1
route outside1 222.74.0.0 255.255.0.0 X.X.X.1 1
route outside1 222.75.0.0 255.255.0.0 X.X.X.1 1
route outside1 222.76.0.0 255.252.0.0 X.X.X.1 1
route outside1 222.80.0.0 255.254.0.0 X.X.X.1 1
route outside1 222.82.0.0 255.255.0.0 X.X.X.1 1
route outside1 222.83.0.0 255.255.128.0 X.X.X.1 1
route outside1 222.83.128.0 255.255.128.0 X.X.X.1 1
route outside1 222.84.0.0 255.255.0.0 X.X.X.1 1
route outside1 222.85.0.0 255.255.128.0 X.X.X.1 1
route outside1 222.85.128.0 255.255.128.0 X.X.X.1 1
route outside1 222.86.0.0 255.254.0.0 X.X.X.1 1
route outside1 222.88.0.0 255.254.0.0 X.X.X.1 1
route outside1 222.90.0.0 255.254.0.0 X.X.X.1 1
route outside1 222.92.0.0 255.252.0.0 X.X.X.1 1
route outside 222.128.0.0 255.240.0.0 X.X.X.6 1
route outside 222.160.0.0 255.252.0.0 X.X.X.6 1
route outside1 222.168.0.0 255.254.0.0 X.X.X.1 1
route outside1 222.172.0.0 255.255.128.0 X.X.X.1 1
route outside1 222.172.128.0 255.255.128.0 X.X.X.1 1
route outside1 222.173.0.0 255.255.0.0 X.X.X.1 1
route outside1 222.174.0.0 255.254.0.0 X.X.X.1 1
route outside1 222.176.0.0 255.248.0.0 X.X.X.1 1
route outside1 222.184.0.0 255.248.0.0 X.X.X.1 1
route outside1 222.208.0.0 255.248.0.0 X.X.X.1 1
route outside1 222.216.0.0 255.254.0.0 X.X.X.1 1
route outside1 222.218.0.0 255.255.0.0 X.X.X.1 1
route outside1 222.219.0.0 255.255.0.0 X.X.X.1 1
route outside1 222.220.0.0 255.254.0.0 X.X.X.1 1
route outside1 222.222.0.0 255.254.0.0 X.X.X.1 1
route outside1 222.240.0.0 255.248.0.0 X.X.X.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
http server enable
http 0.0.0.0 0.0.0.0 inside
http 0.0.0.0 0.0.0.0 guanli
no snmp-server location
no snmp-server contact
snmp-server community public
snmp-server enable traps snmp authentication linkup linkdown coldstart
sysopt noproxyarp inside
crypto ipsec transform-set *** esp-des esp-md5-hmac
crypto map *** 10 match address ***
crypto map *** 10 set pfs group1
crypto map *** 10 set peer X.X.X.X
crypto map *** 10 set transform-set ***
crypto map *** 20 match address ***1
crypto map *** 20 set pfs group1
crypto map *** 20 set peer X.X.X.X
crypto map *** 20 set transform-set ***
crypto map *** interface outside
crypto isakmp enable outside
crypto isakmp policy 10
 authentication pre-share
 encryption des
 hash md5     
 group 1
 lifetime 86400
crypto isakmp ipsec-over-tcp port 10000
telnet 10.10.10.0 255.255.255.0 inside
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 inside
ssh timeout 10
console timeout 0
threat-detection basic-threat
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
group-policy DfltGrpPolicy attributes
 ***-tunnel-protocol IPSec l2tp-ipsec
group-policy l2tpipsec internal
username cisco password 9bDthaBXlMp encrypted
tunnel-group DefaultRAGroup general-attributes
 default-group-policy l2tpipsec
tunnel-group DefaultRAGroup ipsec-attributes
 pre-shared-key *
tunnel-group DefaultRAGroup ppp-attributes
 authentication ms-chap-v2
tunnel-group X.X.X.X type ipsec-l2l
tunnel-group X.X.X.X ipsec-attributes
 pre-shared-key *
tunnel-group X.X.X.X type ipsec-l2l
tunnel-group X.X.X.X ipsec-attributes
 pre-shared-key *
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns migrated_dns_map_1
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns migrated_dns_map_1
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny  
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip  
  inspect xdmcp
  inspect pptp
  inspect icmp
  inspect ipsec-pass-thru
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:d89690e3e03538a3a0dcf52bc94320c8
: end

转载于:https://blog.51cto.com/28917/281844

勿删,copyright占位
分享文章到微博
分享文章到朋友圈

上一篇:复习之EIGRP非等价负载均衡理解

下一篇:Session如果没有执行commit会自动提交吗?

您可能感兴趣

华为云40多款云服务产品0元试用活动

免费套餐,马上领取!
CSDN

CSDN

中国开发者社区CSDN (Chinese Software Developer Network) 创立于1999年,致力为中国开发者提供知识传播、在线学习、职业发展等全生命周期服务。