Hirdetés

  2. Fórumok
  3. Hálózat, szolgáltatók
  4. Cisco vizsgák (CCNA, CCNP, CCIE)
  • Téma összefoglaló
    Utoljára frissítve: 2020-02-27 09:43

    PROHARDVER!

    --- Még az új vizsgarendszer előtti információk, majd frissítjük! ---


    Gyakran ismételt kérdések
    Olvasd el a cikkeket itt.

Új hozzászólás Aktív témák

  • #2213 AkoSCH csendes tag
    Új Válasz #2213
    Új hozzászólás
    Összes hozzászólása itt Válaszok az összes hozzászólására itt Válaszok erre a hozzászólásra

    AkoSCH

    csendes tag

    Sziasztok!

    Asa 5505 [8.4(4).1], Anyconnect beállításával kapcsolatban lenne kérdésem:

    Felmerülő kérdések:

    -a wizardot végignyomtam, viszont az eszközön a VPN lámpa nem ég. (ez normális?)

    -ASA adja a VPN klienst a gépeknek, ezt hogy lehet elérni?
    (belső hálóban az ASA ip-re csak az ASDM indítófelület kapom meg)

    És akkor a running congig:

    Result of the command: "show running-config"

    : Saved
    :
    ASA Version 8.4(4)1
    !
    hostname cegnevASA
    domain-name cegnev.local
    enable password 8Ry2YjIyt7RRXU24 encrypted
    passwd 2KFQnbNIdI.2KYOU encrypted
    names
    !
    interface Ethernet0/0
    switchport access vlan 2
    !
    interface Ethernet0/1
    !
    interface Ethernet0/2
    !
    interface Ethernet0/3
    !
    interface Ethernet0/4
    !
    interface Ethernet0/5
    !
    interface Ethernet0/6
    !
    interface Ethernet0/7
    switchport access vlan 12
    !
    interface Vlan1
    description LAN
    no forward interface Vlan12
    nameif inside
    security-level 100
    ip address 192.168.2.1 255.255.255.0
    !
    interface Vlan2
    description WAN
    nameif outside
    security-level 0
    ip address 77.111.103.106 255.255.255.248
    !
    interface Vlan12
    description Vendegeknek a cegnevHotSpot WiFi-hez
    nameif guest
    security-level 100
    ip address 192.168.3.1 255.255.255.0
    !
    ftp mode passive
    clock timezone GMT 0
    dns domain-lookup inside
    dns domain-lookup outside
    dns domain-lookup guest
    dns server-group DefaultDNS
    name-server 62.112.192.4
    name-server 195.70.35.66
    domain-name cegnev.local
    same-security-traffic permit intra-interface
    object network obj_any
    subnet 0.0.0.0 0.0.0.0
    object network inside-net
    subnet 192.168.2.0 255.255.255.0
    object network guest-net
    subnet 192.168.3.0 255.255.255.0
    object network NETWORK_OBJ_192.168.2.128_25
    subnet 192.168.2.128 255.255.255.128
    object network WEBSHOP
    host 192.168.2.2
    object network INSIDE_HOST
    host 10.100.130.5
    object network NS1000
    host 192.168.2.215
    object network Dev_1
    host 192.168.2.2
    object network Dev_2
    host 192.168.2.2
    object-group protocol DM_INLINE_PROTOCOL_3
    protocol-object ip
    protocol-object icmp
    access-list global_access extended permit object-group DM_INLINE_PROTOCOL_3 any any
    access-list AnyConnect_Client_Local_Print extended deny ip any any
    access-list AnyConnect_Client_Local_Print extended permit tcp any any eq lpd
    access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol
    access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 631
    access-list AnyConnect_Client_Local_Print remark Windows' printing port
    access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 9100
    access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol
    access-list AnyConnect_Client_Local_Print extended permit udp any host 224.0.0.251 eq 5353
    access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name Resolution protocol
    access-list AnyConnect_Client_Local_Print extended permit udp any host 224.0.0.252 eq 5355
    access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol
    access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 137
    access-list AnyConnect_Client_Local_Print extended permit udp any any eq netbios-ns
    pager lines 24
    logging asdm informational
    mtu inside 1500
    mtu outside 1500
    mtu guest 1500
    ip local pool vpn_range 192.168.2.190-192.168.2.200 mask 255.255.255.0
    icmp unreachable rate-limit 1 burst-size 1
    icmp permit any inside
    no asdm history enable
    arp timeout 14400
    !
    object network inside-net
    nat (inside,outside) dynamic interface
    object network guest-net
    nat (guest,outside) dynamic interface
    object network WEBSHOP
    nat (inside,outside) static interface service tcp www www
    object network NS1000
    nat (inside,outside) static interface service tcp 23210 23210
    object network Dev_1
    nat (inside,outside) static interface service tcp pptp pptp
    object network Dev_2
    nat (inside,outside) static interface service tcp 47 47
    access-group global_access global
    route outside 0.0.0.0 0.0.0.0 77.111.103.105 1
    timeout xlate 3:00:00
    timeout pat-xlate 0:00:30
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    timeout floating-conn 0:00:00
    dynamic-access-policy-record DfltAccessPolicy
    user-identity default-domain LOCAL
    aaa local authentication attempts max-fail 16
    http server enable
    http 192.168.2.0 255.255.255.0 inside
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
    telnet timeout 5
    ssh timeout 5
    ssh key-exchange group dh-group1-sha1
    console timeout 0

    dhcpd auto_config outside
    !
    dhcpd address 192.168.2.5-192.168.2.132 inside
    !
    threat-detection basic-threat
    threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    webvpn
    enable outside
    anyconnect-essentials
    anyconnect image disk0:/anyconnect-win-2.5.2014-k9.pkg 1
    anyconnect enable
    tunnel-group-list enable
    group-policy GroupPolicy_cegnev_VPN internal
    group-policy GroupPolicy_cegnev_VPN attributes
    wins-server value 192.168.2.1
    dns-server value 192.168.2.1 62.112.192.4
    vpn-tunnel-protocol ssl-client
    split-tunnel-policy tunnelall
    default-domain value cegnev.local
    webvpn
    anyconnect ssl rekey time 30
    anyconnect ssl rekey method ssl
    anyconnect ask enable default anyconnect timeout 30
    customization none
    deny-message value Login was successful, but because certain criteria have not been met or due to some specific group policy, you do not have permission to use any of the VPN features. Contact your IT administrator for more information.
    username test password P4ttSyrm33SV8TYp encrypted
    tunnel-group cegnev_VPN type remote-access
    tunnel-group cegnev_VPN general-attributes
    address-pool vpn_range
    default-group-policy GroupPolicy_cegnev_VPN
    tunnel-group cegnev_VPN webvpn-attributes
    group-alias cegnev_VPN enable
    !
    class-map inspection_default
    match default-inspection-traffic
    !
    !
    policy-map type inspect dns preset_dns_map
    parameters
    message-length maximum client auto
    message-length maximum 512
    policy-map global_policy
    class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny
    inspect sunrpc
    inspect xdmcp
    inspect sip
    inspect netbios
    inspect tftp
    inspect ip-options
    !
    service-policy global_policy global
    prompt hostname context
    no call-home reporting anonymous
    Cryptochecksum:5012c3fab35d00317efc267c2dff3f15
    : end

Új hozzászólás Aktív témák