CISCO SSL VPN+LDAP

ciscoasa# show run : Saved : ASA Version 8.0(3) ! hostname ciscoasa domain-name default.domain.invalid enable password pwoHnXoX4r5T/VBl encrypted names name X.Y.X.Z server1 dns-guard ! interface GigabitEthernet0/0 descr ip tion to ChangKua

ciscoasa# show run
: Saved
:
ASA Version 8.0(3)
!
hostname ciscoasa
domain-name default.domain.invalid
enable password pwoHnXoX4r5T/VBl encrypted
names
name X.Y.X.Z server1
dns-guard
!
interface GigabitEthernet0/0
description to ChangKuang
speed 100
duplex full
nameif outside
security-level 0
ip address X.X.Y.Z. 255.255.255.252
!
interface GigabitEthernet0/1
speed 100
duplex full
nameif inside
security-level 100
ip address X.Y.X.X 255.255.255.252
!
interface GigabitEthernet0/2
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif management
security-level 100
ip address X.Y.1.1 255.255.255.0
management-only
!
passwd pwoHnXoX4r5T/VBl encrypted
boot system disk0:/asa803-k8.bin
ftp mode passive
dns domain-lookup outside
dns domain-lookup inside
dns server-group DefaultDNS
name-server server1
domain-name default.domain.invalid
access-list xyz extended permit ip X.Y.176.0 255.255.240.0 any
access-list xyz extended permit ip X.Y.48.0 255.255.240.0 any
access-list xyz extended permit ip X.Y.64.0 255.255.240.0 any
access-list xyz extended permit ip X.Y.96.0 255.255.240.0 any
access-list xyz extended permit ip X.Y.126.144 255.255.255.240 any
access-list 100 extended permit icmp any any
access-list 100 extended permit ip any any
access-list 100 extended permit udp any any
pager lines 24
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu management 1500
no failoverBT无线网络破解教程
asdm image disk0:/asdm-603.bin
no asdm history enable
arp timeout 14400
global (outside) 1 X.X.Y.Y
nat (inside) 1 access-list xyz
static (inside,outside) X.X.X.X Y.Y.Y.Y netmask 255.255.255.255
access-group 100 in interface outside
access-group 100 out interface outside
access-group 100 in interface inside
access-group 100 out interface inside
route outside 0.0.0.0 0.0.0.0 Z.Z.Z.Z 1
route inside X.Y.126.144 255.255.255.240 X.X.88.30 1
route inside X.Z.176.0 255.255.240.0 X.Y88.30 1
route inside X.C.48.0 255.255.240.0 X.Y.88.30 1
route inside C.C.64.0 255.255.240.0 X.Y.88.30 1
route inside Y.Y.96.0 255.255.240.0 X.Y.88.30 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absoluteBT4
dynamic-access-policy-record DfltAccessPolicy
aaa-server ASDF protocol ldap
aaa-server ASDF host X.Y.Z.P
ldap-base-dn o=ASDF
ldap-scope subtree
ldap-naming-attribute uid
ldap-login-password *
ldap-login-dn cn=Directory Manager
server-type auto-detect
http server enable
http X.Y.1.0 255.255.255.0 management
http 0.0.0.0 0.0.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
client-update enable
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 30
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 20
ssh version 1
console timeout 0
dhcpd address X.Y.1.2-X.Y.1.254 management
dhcpd enable management
!思科学习视频资料下载中心
threat-detection basic-threat
threat-detection statistics access-list
webvpn
enable outside
port-forward centerport 20023 X.0.176.54 telnet
port-forward centerport 20022 Y.0.2.253 ssh ssh
port-forward centerport 20024 X.Y.88.29 telnet telnet
tunnel-group-list enable
internal-password enable
group-policy mywebvpn internal
group-policy mywebvpn attributes
banner value ASDF SSL VPN
dns-server value X.Y.Z.Y
vpn-access-hours none
vpn-simultaneous-logins 3
vpn-idle-timeout 30思科路由器配置
vpn-session-timeout none
vpn-tunnel-protocol webvpn
smartcard-removal-disconnect disable
webvpn
url-list none
filter none
homepage none
svc dpd-interval client 30
file-entry enable
file-browsing enable
url-entry enable
group-policy group2 internal
group-policy group2 attributes
vpn-access-hours none
vpn-simultaneous-logins 3
vpn-idle-timeout 30
vpn-session-timeout none
vpn-tunnel-protocol webvpn
vlan none
webvpn
filter none思科路由器交换机
port-forward enable centerport
username test password P4ttSyrm33SV8TYp encrypted
username test attributes
vpn-group-policy mywebvpn
username user password XEaJpJFaYvDqZKxJ encrypted privilege 15
username user attributes
vpn-group-policy group2
username ASDF password EbCUygPWyuuaqx3d encrypted privilege 15
username cisco password 3USUcOPFUiMCO4Jk encrypted privilege 7
username cisco attributes
vpn-group-policy mywebvpn
tunnel-group mywebvpn type remote-access
tunnel-group mywebvpn general-attributes
authentication-server-group ASDF LOCAL
default-group-policy mywebvpn
tunnel-group mywebvpn webvpn-attributes
group-alias webvpn enable
tunnel-group TunnelGroup2 type remote-access
tunnel-group TunnelGroup2 general-attributes
default-group-policy group2
tunnel-group TunnelGroup2 webvpn-attributes
group-alias group2 enable
!
class-map inspection_default
match default-inspection-traffic
!思科路由器交换机模拟软件
!
policy-map type inspect dns migrated_dns_map_1
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns migrated_dns_map_1
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:4185eb8aa50e1f5685bf8f9d6cd7200c
: endlinux 论坛 思科论坛 Cisco
Cisco N7K 的硬件架构 Cisco R&S N4 版本解密视频分享
http://bbs.net527.cn/forum-26-1.html
http://www.net527.cn/a/luyoujiaohuan/index.html
http://www.net527.com
Linux 系统

郑重声明:本文版权包含图片归原作者所有,转载文章仅为传播更多信息之目的,如作者信息标记有误,请第一时间联系我们(delete@yzlfxy.com)修改或删除,多谢。

郑重声明:本文版权归原作者所有,转载文章仅为传播更多信息之目的,如作者信息标记有误,请第一时间联系我们修改或删除,多谢。

留言与评论(共有 0 条评论)
昵称:
匿名发表
   
验证码: