Microsoft MVPs inside

MCSEboard.de – IT Pro Forum zu Windows Server 2008 R2 / 2008 / 2003 & Windows 7 / Vista / XP
Zurück   MCSEboard.de MCSE Forum > MCSE Forum & Cisco Forum > Cisco Forum — Allgemein
Seite neu laden Wo "Access-Group" im Cisco ASDM?
  SSL
Registrieren Hilfe Regeln Benutzerliste Suchen Heutige Beiträge Alle Foren als gelesen markieren

Cisco Forum — Allgemein


Cisco Forum: Alles zum Thema CISCO Zertifizierungen CCNA, CCNP, CCSP, CCIE etc. — Q & A zum Thema CISCO Router, Switches und Firewalls

Antwort
Seite 1 von 2 1 2
     
Themen-Optionen
Alt 04.11.2011, 16:47   #1
Newbie
 
Offline
Registriert seit: 01-2010
Beiträge: 28
Thema Wo "Access-Group" im Cisco ASDM?
Hallo

bei einer ASA 5505 möchte ich einem Server in der DMZ ein Loch zu einem Server im internen Netz schlagen.

Wenn ich den packet Tracer nutze sehe ich jedoch den Fehler:



Uploaded with ImageShack.us

Also nehme ich an muss die Ip noch der access group "dmz_acl" hinzugefügt werden.

Wo aber finde ich im Cisco ASDM diese Access Group?

NAT Regeln



Uploaded with ImageShack.us

Vielen Dank!
    Mit Zitat antworten
Alt 04.11.2011, 18:15   #2
Newbie
 
Offline
Registriert seit: 01-2010
Beiträge: 28
die "Permit" Regel von der DMZ IP auf die interne IP besteht natürlich auch schon.
    Mit Zitat antworten
Alt 04.11.2011, 20:49   #3
Board Veteran
 
Offline
Registriert seit: 11-2007
Beiträge: 947
Hallo,

da kann man so fast nix zu sagen was da fehlt. Einfach Configposten (externe IP´s und PWs unkenntlich machen)

Signatur
Done: Cisco 640-802 ; 640-460 ; 640-863 ; 640-553 ; 642-873 ; 640-721 - HP Master ASE Network 2011 ; ASE Blade 2010 ; ASE Proliant 2010;

    Mit Zitat antworten
Alt 06.11.2011, 01:16   #4
Newbie
 
Offline
Registriert seit: 01-2010
Beiträge: 28
: Saved
:
ASA Version 8.2(1)11
!
hostname ASA
domain-name xy.de
enable password xy123encrypted
passwd xy123 encrypted
names
name 192.168.100.0 München
name 172.18.0.0 Köln
name 192.168.184.0 Vorarlberg
name 172.16.0.0 Ort
name 10.1.192.38 Hamburg
name 10.1.192.67 Hamburg2
name 10.120.3.125 Hamburg3
name 10.1.196.66 Hamburg4
name 172.32.0.0 Berlin
name 172.20.0.0 Aachen
name 12.65.56.6 pix-Vorarlberg
name 172.19.0.0 new-york-net
name 123.123.12.86 outside-DienstDemoServer description Dienst/Dienst2 Demo-Server
name 172.16.1.235 inside-DienstDemoServer description Dienst/Dienst2 Demo-Server
name 172.16.5.7 A-172.16.5.7 description 172.16.5.7
name 192.168.181.0 EA-VPN-Users
dns-guard
!
interface Ethernet0/0
nameif inside
security-level 100
ip address 172.16.0.1 255.255.0.0 standby 172.16.0.3
!
interface Ethernet0/1
speed 10
duplex full
nameif outside
security-level 0
ip address 123.123.13.130 255.255.255.192 standby 123.123.13.133
!
interface Ethernet0/2
nameif dmz
security-level 50
ip address 123.123.12.1 255.255.255.0 standby 123.123.12.3
!
interface Ethernet0/3
description LAN/STATE Failover Interface
!
interface Management0/0
shutdown
nameif management
security-level 100
no ip address
management-only
!
boot system disk0:/asa821-11-k8.bin
ftp mode passive
clock timezone CEST 1
clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
dns server-group DefaultDNS
domain-name xy.de
same-security-traffic permit intra-interface
object-group network og_ip_nat_dmz
network-object host 123.123.12.8
network-object host 123.123.12.4
network-object host 123.123.12.10
network-object Ort 255.255.0.0
network-object host 123.123.12.17
network-object host 123.123.12.28
object-group service server-default
description http/https/ssh/exchange
service-object tcp eq www
service-object tcp eq https
service-object tcp eq exchangeoutlook
service-object tcp eq ssh
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
object-group service Dienst
description Dienst service
service-object tcp eq 18080
object-group service DM_INLINE_TCP_1 tcp
port-object eq 8099
port-object eq exchangeoutlook
object-group service DM_INLINE_TCP_2 tcp
port-object eq 8099
port-object eq www
object-group service DM_INLINE_TCP_3 tcp
port-object eq 8099
port-object eq exchangeoutlook
object-group service DM_INLINE_TCP_4 tcp
port-object eq www
port-object eq https
access-list outside_acl remark Kein Ping von extern zulassen
access-list outside_acl extended deny icmp any any log disable
access-list outside_acl extended deny tcp any any eq nntp
access-list outside_acl extended permit tcp any host 123.123.12.40 eq smtp
access-list outside_acl extended permit tcp any host 123.123.12.40 eq exchangeoutlook
access-list outside_acl extended permit tcp any host 123.123.12.5 object-group DM_INLINE_TCP_1
access-list outside_acl extended permit tcp any host 123.123.12.6 eq exchangeoutlook
access-list outside_acl extended permit tcp any host 123.123.12.28 eq 63149
access-list outside_acl extended permit tcp any host 123.123.12.28 eq 63148
access-list outside_acl extended permit tcp any host 123.123.12.8 object-group DM_INLINE_TCP_3
access-list outside_acl extended permit tcp any host 123.123.12.8 eq smtp
access-list outside_acl extended permit tcp any host 123.123.12.140 eq 8082
access-list outside_acl extended permit tcp any host 123.123.12.140 eq 8081
access-list outside_acl extended permit tcp any host 123.123.12.140 eq 7070
access-list outside_acl extended permit tcp any host 123.123.12.140 eq 1533
access-list outside_acl extended permit tcp any host 123.123.12.140 eq www
access-list outside_acl extended permit tcp any host 123.123.12.140 eq rtsp
access-list outside_acl extended permit tcp any host 123.123.12.140 eq
    Mit Zitat antworten
Alt 06.11.2011, 01:19   #5
Newbie
 
Offline
Registriert seit: 01-2010
Beiträge: 28
https
access-list outside_acl extended permit tcp any host 123.123.12.10 eq https
access-list outside_acl extended permit tcp any host 123.123.12.5 eq www
access-list outside_acl extended permit tcp any host 123.123.12.10 eq www
access-list outside_acl extended permit tcp any host 123.123.12.26 eq www
access-list outside_acl extended permit tcp any host 123.123.12.26 eq https
access-list outside_acl extended permit tcp any host 123.123.12.142 eq www
access-list outside_acl extended permit tcp any host 123.123.12.142 eq https
access-list outside_acl extended deny tcp any any eq 36794
access-list outside_acl extended permit tcp any host 123.123.12.100 eq pptp
access-list outside_acl extended permit gre any host 123.123.12.100
access-list outside_acl extended permit tcp any host 123.123.12.140 eq 8084
access-list outside_acl extended permit gre host 193.178.227.6 any
access-list outside_acl extended permit tcp any host 123.123.12.150 eq 8080
access-list outside_acl extended permit tcp any host 123.123.12.150 eq 2135
access-list outside_acl extended permit tcp any host 123.123.12.53 eq www
access-list outside_acl extended permit tcp any host 123.123.12.53 eq https
access-list outside_acl extended permit tcp any host 123.123.12.54 eq www
access-list outside_acl extended permit tcp any host 123.123.12.54 eq https
access-list outside_acl extended permit tcp any host 123.123.12.55 object-group DM_INLINE_TCP_2
access-list outside_acl extended permit tcp any host 123.123.12.55 eq https
access-list outside_acl extended permit tcp any host 123.123.12.57 eq www
access-list outside_acl extended permit tcp any host 123.123.12.57 eq https
access-list outside_acl extended permit esp host 193.247.102.154 any
access-list outside_acl extended permit tcp any host 123.123.12.34 eq smtp
access-list outside_acl extended permit gre host 66.89.199.67 any
access-list outside_acl extended permit tcp any host 123.123.12.8 eq ftp
access-list outside_acl extended permit tcp any host 123.123.12.59 eq www
access-list outside_acl extended permit tcp any host 123.123.12.59 eq ssh
access-list outside_acl extended permit ip any Ort 255.255.0.0
access-list outside_acl extended permit tcp any host 123.123.12.8 eq www
access-list outside_acl extended permit tcp any host 123.123.12.11 eq www
access-list outside_acl extended permit tcp any host 123.123.12.11 eq 3389
access-list outside_acl extended permit tcp any host 123.123.12.8 eq https
access-list outside_acl extended permit tcp any host 123.123.12.88 eq www
access-list outside_acl extended permit tcp any host 123.123.12.88 eq 8080
access-list outside_acl extended permit tcp host 217.7.27.30 host 123.123.12.140 eq exchangeoutlook
access-list outside_acl extended permit tcp any host 123.123.12.101 eq pptp
access-list outside_acl extended permit gre any host 123.123.12.101
access-list outside_acl remark testserver IT
access-list outside_acl extended permit tcp any host 123.123.12.60 eq exchangeoutlook
access-list outside_acl remark testserver IT
access-list outside_acl extended permit object-group TCPUDP any host 123.123.12.60 eq www
access-list outside_acl remark Dienst/Dienst2
access-list outside_acl extended permit tcp any host outside-DienstDemoServer eq 18080
access-list outside_acl remark Weiss - Tobit-Server
access-list outside_acl extended permit tcp any host 123.123.13.140 object-group DM_INLINE_TCP_4
access-list dmz_acl extended permit icmp any object-group og_ip_nat_dmz
access-list dmz_acl extended permit tcp any host 123.123.12.40 eq smtp
access-list dmz_acl extended permit tcp 123.123.12.0 255.255.255.0 Ort 255.255.0.0 eq exchangeoutlook
    Mit Zitat antworten
Alt 06.11.2011, 01:20   #6
Newbie
 
Offline
Registriert seit: 01-2010
Beiträge: 28
access-list dmz_acl extended permit tcp any host 123.123.12.10 eq exchangeoutlook
access-list dmz_acl extended permit tcp any host 123.123.12.10 eq 63148
access-list dmz_acl extended permit tcp any host 123.123.12.8 eq exchangeoutlook
access-list dmz_acl extended permit tcp any host 123.123.12.8 eq smtp
access-list dmz_acl extended permit tcp host 123.123.12.8 host 172.16.1.10 eq www
access-list dmz_acl extended permit udp host 123.123.12.40 host 172.16.5.75 eq netbios-ns
access-list dmz_acl extended deny tcp any object-group og_ip_nat_dmz eq 36794
access-list dmz_acl extended permit tcp host 123.123.12.40 host 172.16.20.2 eq smtp
access-list dmz_acl extended permit tcp host 123.123.12.40 host 172.16.1.248 eq smtp inactive
access-list dmz_acl extended permit tcp any host 123.123.12.34 eq smtp
access-list dmz_acl extended permit tcp host 123.123.12.34 host 172.16.1.248 eq smtp
access-list dmz_acl extended permit tcp host 123.123.12.40 host 172.16.1.249 eq smtp inactive
access-list dmz_acl extended deny ip any object-group og_ip_nat_dmz
access-list dmz_acl extended deny tcp 123.123.12.0 255.255.255.0 any eq 137
access-list dmz_acl extended deny udp 123.123.12.0 255.255.255.0 any eq netbios-ns log disable
access-list dmz_acl extended deny tcp 123.123.13.0 255.255.255.0 any eq 137
access-list dmz_acl extended deny udp 123.123.13.0 255.255.255.0 any eq netbios-ns
access-list dmz_acl extended permit ip any any
access-list dmz_acl remark data is downloaded through this port (optional)
access-list dmz_acl extended permit tcp host 123.123.12.28 host 172.16.1.41 eq 902
access-list dmz_acl remark Global Catalog Server
access-list dmz_acl extended permit tcp host 123.123.12.28 host 172.16.1.41 eq 3268
access-list dmz_acl remark View/VDM Connection Server/View Manager - Global Catalog Server
access-list dmz_acl extended permit tcp host 123.123.12.28 host 172.16.1.41 eq 3269
access-list dmz_acl remark RDP Protocol
access-list dmz_acl extended permit tcp host 123.123.12.28 host 172.16.1.41 eq 3389
access-list dmz_acl remark Multimedia Redirection (MMR) (optional)
access-list dmz_acl extended permit tcp host 123.123.12.28 host 172.16.1.41 eq 9427
access-list dmz_acl remark abfrage
access-list dmz_acl extended permit tcp host 123.123.12.28 host 172.16.1.41 eq 18443
access-list dmz_acl remark (AES 128 bit)
access-list dmz_acl extended permit tcp host 123.123.12.28 host 172.16.1.41 eq 50002
access-list dmz_acl remark View 4
access-list dmz_acl extended permit tcp host 123.123.12.28 host 172.16.1.41 eq 4001
access-list dmz_acl remark View
access-list dmz_acl extended permit udp host 123.123.12.28 host 172.16.1.41 eq netbios-ns
access-list inside_acl extended deny tcp Ort 255.255.0.0 any eq 1214
access-list inside_acl extended deny tcp any any eq nntp inactive
access-list inside_acl extended deny tcp Ort 255.255.0.0 any eq 1243
access-list inside_acl extended deny tcp Ort 255.255.0.0 any eq 4661
access-list inside_acl extended deny tcp Ort 255.255.0.0 any eq 4662
access-list inside_acl extended deny tcp Ort 255.255.0.0 any eq 5554
access-list inside_acl extended deny tcp Ort 255.255.0.0 any eq 6346
access-list inside_acl extended deny tcp Ort 255.255.0.0 any eq 6347
access-list inside_acl extended deny tcp Ort 255.255.0.0 any eq 6699
access-list inside_acl extended deny tcp Ort 255.255.0.0 any eq 17300
access-list inside_acl extended deny udp Ort 255.255.0.0 any eq netbios-ns
access-list inside_acl extended deny udp Ort 255.255.0.0 any eq 4672
access-list inside_acl extended deny udp Ort 255.255.0.0 any eq 6257
access-list inside_acl extended permit ip any any
access-list inside_outbound_nat0_acl extended permit ip Ort 255.255.0.0 München 255.255.252.0
access-list inside_outbound_nat0_acl extended permit ip Ort 255.255.0.0 Aachen 255.255.0.0
access-list inside_outbound_nat0_acl extended permit ip Ort 255.255.0.0 Köln 255.255.0.0
    Mit Zitat antworten
Alt 06.11.2011, 01:21   #7
Newbie
 
Offline
Registriert seit: 01-2010
Beiträge: 28
access-list inside_outbound_nat0_acl extended permit ip Ort 255.255.0.0 Berlin 255.255.0.0
access-list inside_outbound_nat0_acl extended permit ip Ort 255.255.0.0 host Hamburg3
access-list inside_outbound_nat0_acl extended permit ip Ort 255.255.0.0 host Hamburg4
access-list inside_outbound_nat0_acl extended permit ip any 172.16.60.0 255.255.255.240
access-list inside_outbound_nat0_acl extended permit ip Ort 255.255.0.0 new-york-net 255.255.0.0
access-list inside_outbound_nat0_acl extended permit ip Ort 255.255.0.0 192.168.1.0 255.255.255.0
access-list outside_cryptomap_20 extended permit ip Ort 255.255.0.0 München 255.255.252.0
access-list outside_cryptomap_40 extended permit ip Ort 255.255.0.0 Aachen 255.255.0.0
access-list outside_cryptomap_60 extended permit ip Ort 255.255.0.0 Köln 255.255.0.0
access-list outside_cryptomap_30 extended permit ip Ort 255.255.0.0 Berlin 255.255.0.0
access-list outside_cryptomap_50 extended permit ip Ort 255.255.0.0 Vorarlberg 255.255.255.0
access-list outside_cryptomap_65 extended permit ip host 172.16.5.25 host Hamburg
access-list outside_cryptomap_65 extended permit ip host 172.16.5.46 host Hamburg
access-list outside_cryptomap_65 extended permit ip host 172.16.1.2 host Hamburg
access-list outside_cryptomap_65 extended permit ip host 172.16.5.13 host Hamburg2
access-list outside_cryptomap_65 extended permit ip host 172.16.5.13 host Hamburg
access-list outside_cryptomap_65 extended permit ip host 172.16.5.25 host Hamburg2
access-list outside_cryptomap_65 extended permit ip host 172.16.5.46 host Hamburg2
access-list outside_cryptomap_65 extended permit ip host 172.16.1.2 host Hamburg2
access-list outside_cryptomap_65 extended permit ip host 172.16.5.25 host Hamburg3
access-list outside_cryptomap_65 extended permit ip host 172.16.5.46 host Hamburg3
access-list outside_cryptomap_65 extended permit ip host 172.16.1.2 host Hamburg3
access-list outside_cryptomap_65 extended permit ip host 172.16.5.13 host Hamburg3
access-list outside_cryptomap_65 extended permit ip host 172.16.5.13 host Hamburg4
access-list outside_cryptomap_65 extended permit ip host 172.16.5.46 host Hamburg4
access-list outside_cryptomap_65 extended permit ip host 172.16.5.25 host Hamburg4
access-list outside_cryptomap_65 extended permit ip host 172.16.1.2 host Hamburg4
access-list inside_access_in extended deny tcp any any eq nntp
access-list inside_access_in extended permit ip Ort 255.255.0.0 Google_Networks 255.255.255.0
access-list inside_access_in extended permit ip Ort 255.255.0.0 any
access-list inside_access_in extended permit ip any host 212.63.83.9
access-list inside_access_in extended permit ip host 172.22.2.200 any
access-list outside_cryptomap extended permit ip Ort 255.255.0.0 Berlin 255.255.0.0
access-list outside_cryptomap_1 extended permit ip Ort 255.255.0.0 München 255.255.252.0
access-list outside_cryptomap_2 extended permit ip Ort 255.255.0.0 Aachen 255.255.0.0
access-list outside_cryptomap_4 extended permit ip host 123.123.12.6 host 10.100.3.3
access-list inside extended deny tcp host A-172.16.5.7 any eq nntp
access-list outside_cryptomap_5 extended permit ip Ort 255.255.0.0 192.168.1.0 255.255.255.0
access-list outside_cryptomap_7 extended permit ip Ort 255.255.0.0 host 91.139.255.196
access-list inside_nat_outbound extended permit icmp host 172.16.0.4 host 193.238.199.3
pager lines 24
logging enable
logging timestamp
logging standby
logging buffered informational
logging trap warnings
logging asdm warnings
logging host inside 172.16.1.245 17/1514
flow-export destination inside 172.16.5.37 2055
flow-export destination inside 172.16.1.22 2055
mtu inside 1500
mtu outside 1500
    Mit Zitat antworten
Alt 06.11.2011, 01:21   #8
Newbie
 
Offline
Registriert seit: 01-2010
Beiträge: 28
mtu dmz 1500
mtu management 1500
ip local pool pool-vpn-ras 172.16.60.0-172.16.60.15 mask 255.255.255.240
failover
failover lan unit secondary
failover lan interface failover Ethernet0/3
failover key *****
failover link failover Ethernet0/3
failover interface ip failover 10.255.40.1 255.255.255.252 standby 10.255.40.2
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-623.bin
no asdm history enable
arp timeout 14400
global (outside) 1 192.168.254.1-192.168.255.254
global (outside) 2 123.123.13.192-123.123.13.250
global (outside) 3 123.123.13.251 netmask 255.255.255.0
nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 3 access-list inside_nat_outbound
nat (inside) 3 172.16.5.100 255.255.255.255
nat (inside) 3 172.16.5.111 255.255.255.255
nat (inside) 3 Ort 255.255.0.0
static (dmz,outside) tcp 123.123.12.88 www 123.123.12.88 8080 netmask 255.255.255.255
static (inside,dmz) 123.123.12.8 123.123.12.8 netmask 255.255.255.255
static (inside,dmz) 123.123.12.4 123.123.12.4 netmask 255.255.255.255
static (inside,dmz) Ort Ort netmask 255.255.0.0
static (inside,outside) 123.123.12.141 172.16.1.244 netmask 255.255.255.255
static (inside,dmz) 123.123.12.17 123.123.12.17 netmask 255.255.255.255
static (inside,outside) 123.123.12.100 172.16.1.245 netmask 255.255.255.255
static (inside,outside) 123.123.12.101 172.16.1.246 netmask 255.255.255.255
static (inside,outside) outside-DienstDemoServer inside-DienstDemoServer netmask 255.255.255.255
static (dmz,outside) 123.123.12.5 123.123.12.5 netmask 255.255.255.255
static (dmz,outside) 123.123.12.6 123.123.12.6 netmask 255.255.255.255
static (dmz,outside) 123.123.12.8 123.123.12.8 netmask 255.255.255.255
static (dmz,outside) 123.123.12.26 123.123.12.26 netmask 255.255.255.255
static (dmz,outside) 123.123.12.4 123.123.12.4 netmask 255.255.255.255
static (dmz,outside) 123.123.12.142 123.123.12.142 netmask 255.255.255.255
static (dmz,outside) 123.123.12.150 123.123.12.150 netmask 255.255.255.255
static (dmz,outside) 123.123.12.53 123.123.12.53 netmask 255.255.255.255
static (dmz,outside) 123.123.12.54 123.123.12.54 netmask 255.255.255.255
static (dmz,outside) 123.123.12.55 123.123.12.55 netmask 255.255.255.255
static (dmz,outside) 123.123.12.57 123.123.12.57 netmask 255.255.255.255
static (dmz,outside) 123.123.12.17 123.123.12.17 netmask 255.255.255.255
static (dmz,outside) 123.123.12.59 123.123.12.59 netmask 255.255.255.255
static (dmz,outside) 123.123.12.60 123.123.12.60 netmask 255.255.255.255
static (outside,inside) 172.22.2.200 123.123.13.140 netmask 255.255.255.255
static (inside,outside) 123.123.13.140 172.16.0.4 netmask 255.255.255.255
static (dmz,outside) 123.123.12.140 123.123.12.140 netmask 255.255.255.255
static (dmz,outside) 123.123.12.28 123.123.12.28 netmask 255.255.255.255
static (inside,dmz) 123.123.12.28 123.123.12.28 netmask 255.255.255.255
    Mit Zitat antworten
Alt 06.11.2011, 01:22   #9
Newbie
 
Offline
Registriert seit: 01-2010
Beiträge: 28
access-group inside_access_in in interface inside
access-group outside_acl in interface outside
access-group dmz_acl in interface dmz
route outside 0.0.0.0 0.0.0.0 123.123.13.129 1
route inside 172.22.0.0 255.255.0.0 172.16.0.4 1
route inside 192.168.10.0 255.255.255.0 172.16.0.2 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server radius-group protocol radius
aaa-server radius-group (inside) host 172.16.1.245
timeout 5
key ******
http server enable
http 192.168.1.0 255.255.255.0 management
http Ort 255.255.0.0 inside
http 172.30.129.74 255.255.255.255 inside
http 217.7.27.30 255.255.255.255 outside
http 62.91.23.78 255.255.255.255 outside
http 195.64.180.0 255.255.254.0 outside
http 193.238.199.39 255.255.255.255 outside
http Vorarlberg 255.255.255.0 inside
snmp-server host outside 62.91.23.78 community ***** version 2c
snmp-server host inside 172.16.1.22 community ***** version 2c
snmp-server host inside 172.16.5.37 community *****
snmp-server location Halle
no snmp-server contact
snmp-server community *****
snmp-server enable traps snmp authentication linkup linkdown coldstart
sysopt noproxyarp inside
service resetoutside
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac
crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 TRANS_ESP_3DES_SHA
crypto map outside_map 1 match address outside_cryptomap
crypto map outside_map 1 set peer 217.7.27.30
crypto map outside_map 1 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
    Mit Zitat antworten
Alt 06.11.2011, 01:22   #10
Newbie
 
Offline
Registriert seit: 01-2010
Beiträge: 28
crypto map outside_map 2 match address outside_cryptomap_1
crypto map outside_map 2 set peer 62.159.239.82
crypto map outside_map 2 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 3 match address outside_cryptomap_2
crypto map outside_map 3 set peer 217.7.135.66
crypto map outside_map 3 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 5 match address outside_cryptomap_5
crypto map outside_map 5 set peer 62.154.243.205
crypto map outside_map 5 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 7 match address outside_cryptomap_7
crypto map outside_map 7 set peer 91.139.255.196
crypto map outside_map 7 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 9 match address outside_cryptomap_4
crypto map outside_map 9 set pfs group5
crypto map outside_map 9 set peer 213.61.155.186
crypto map outside_map 9 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 9 set security-association lifetime seconds 7800
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto ca trustpoint ASDM_TrustPoint0
enrollment self
fqdn pix515e
subject-name CN=pix515e
no client-types
crl configure
crypto isakmp enable outside
crypto isakmp policy 2
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
crypto isakmp policy 10
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto isakmp policy 30
authentication pre-share
encryption 3des
hash sha
group 2
    Mit Zitat antworten
Antwort
Seite 1 von 2 1 2


Themen-Optionen


Ähnliche Themen
Thema Autor Forum Antworten Letzter Beitrag
2K8 - Verzeichnisrechte "Access Denied" nach DENY auf Gruppe "Benutzer" AlexD1979 Windows Server Forum 2 06.01.2009 12:38
Group Policy, Outlook 2007, disable "Check Spelling as you type" sammy2ooo Windows Forum — Allgemein 3 07.03.2008 17:54
"Check for newer web pages" per Group Policy konfigurieren coolskin Windows Forum — Allgemein 1 26.02.2008 21:05
Massenhaftes Ändern der "Group Scope" fjoerdman Windows Server Forum 7 13.10.2007 07:55
"net group" Benutzer löschen unixduke Windows Forum — Allgemein 1 07.05.2004 14:19


Alle Zeitangaben in MEZ/CET. Es ist jetzt 07:21 Uhr. Seite generiert in 0,054 Sekunden.
Alle Foren als gelesen markieren |

- Unsere Partner -
Kontakt - MCSEboard.de - Nach oben - Impressum

Copyright © 2000 – 2012 MCSEboard.de

Sprung zum Seitenanfang