Jump to content

ASA5505 mehrere Externe IP-Adressen - 1 Interface


Der letzte Beitrag zu diesem Thema ist mehr als 180 Tage alt. Bitte erstelle einen neuen Beitrag zu Deiner Anfrage!

Empfohlene Beiträge

Hier noch mal die aktuelle Konfig!

 

: Saved

:

ASA Version 8.2(1)

!

hostname gatway1

name 192.168.30.0 _Inside-PC-LAN_0.30

!

interface Vlan1

nameif inside

security-level 100

ip address 192.168.30.3 255.255.255.0

!

interface Vlan2

nameif outside

security-level 0

ip address 195.1xx.2xx.242 255.255.255.224

!

interface Ethernet0/0

switchport access vlan 2

!

interface Ethernet0/1

!

interface Ethernet0/2

!

interface Ethernet0/3

!

interface Ethernet0/4

!

interface Ethernet0/5

!

interface Ethernet0/6

!

interface Ethernet0/7

!

ftp mode passive

clock timezone CEST 1

clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00

dns server-group DefaultDNS

domain-name p.local

same-security-traffic permit intra-interface

object-group service mSuite tcp

description mSuite

port-object eq 1700

port-object eq 603

port-object eq 605

port-object eq 607

object-group service Port_3000 tcp

description Port _3000

port-object eq 3000

object-group service Port_5432 tcp

description Port_5432

port-object eq 5432

object-group service Port_8000 tcp

description Port_8000

port-object eq 8000

object-group service Semiramis tcp

description Semiramis

port-object eq 8843

port-object eq 8888

access-list outside_cryptomap extended permit ip p_Inside-PC-LAN_0.30 255.255.255.0 m_168.190 255.255.255.0

access-list outside_cryptomap_1 extended permit ip p_Inside-PC-LAN_0.30 255.255.255.0 h_Net_10.0.0. 255.255.255.128

access-list outside_access_in extended permit ip any host 195.1xx.2xx.242

access-list outside_access_in extended permit tcp any host 195.1xx.2xx.242

access-list outside_access_in extended permit tcp any host 195.1xx.2xx.243 eq https

access-list outside_access_in extended permit tcp any host 195.1xx.2xx.243 object-group Semiramis

access-list outside_access_in extended permit tcp any host 195.1xx.2xx.244 eq echo

access-list outside_access_in extended permit tcp any host 195.1xx.2xx.244 eq www

access-list outside_access_in extended permit tcp any host 195.1xx.2xx.244 eq https

access-list outside_access_in extended permit tcp any host 195.1xx.2xx.244 eq lotusnotes

access-list outside_access_in extended permit tcp any host 195.1xx.2xx.244 object-group mSuite

access-list outside_access_in extended permit tcp any host 195.1xx.2xx.244 eq smtp

access-list outside_access_in extended permit tcp any host 195.1xx.2xx.245 eq https

access-list outside_access_in extended permit tcp any host 195.1xx.2xx.245 object-group Semiramis

access-list outside_access_in extended permit tcp any host 195.1xx.2xx.246 eq https

access-list outside_access_in extended permit tcp any host 195.1xx.2xx.246 eq lotusnotes

access-list outside_access_in extended permit tcp any host 195.1xx.2xx.246 eq www

access-list outside_access_in extended permit tcp any host 195.1xx.2xx.246 object-group mSuite

access-list outside_access_in extended permit tcp any host 195.1xx.2xx.246 eq smtp

access-list outside_access_in extended permit ip host 92. host 195.1xx.2xx.242

access-list outside_access_in extended permit ip host 81. host 195.1xx.2xx.242

access-list outside_access_in extended permit ip p_Inside-PC-LAN_0.30 255.255.255.0 h_Net_10.0.0. 255.255.255.128

access-list outside_access_in extended permit ip p_Inside-PC-LAN_0.30 255.255.255.0 host h_SAP_228.155

access-list inside_access_in extended permit tcp p_Inside-PC-LAN_0.30 255.255.255.0 host 195.1xx.2xx.244 eq lotusnotes

access-list inside_access_in extended permit ip any any

pager lines 24

logging enable

logging timestamp

logging standby

logging emblem

logging buffered emergencies

logging trap notifications

logging history notifications

logging asdm notifications

logging mail notifications

logging from-address

logging recipient-address level notifications

logging host inside 192.168.30.8 6/1470 secure

logging debug-trace

Link zu diesem Kommentar

mtu inside 1500

mtu outside 1500

icmp unreachable rate-limit 1 burst-size 1

no asdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0

static (inside,outside) 195.1xx.2xx.246 192.168.30.8 netmask 255.255.255.255

static (inside,outside) 195.1xx.2xx.243 192.168.30.1 netmask 255.255.255.255

static (inside,outside) 195.1xx.2xx.245 192.168.30.5 netmask 255.255.255.255

static (outside,inside) 192.168.30.2 195.1xx.2xx.244 netmask 255.255.255.255

access-group inside_access_in in interface inside

access-group outside_access_in in interface outside

route outside 0.0.0.0 0.0.0.0 195.1xx.2xx.241 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

dynamic-access-policy-record DfltAccessPolicy

http server enable

http p_Inside-PC-LAN_0.30 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac

crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac

crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac

crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac

crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac

crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac

crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac

crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

crypto map outside_map0 1

crypto map outside_map0 1 set peer 81

crypto map outside_map0 1

crypto map outside_map0 2 match address outside_cryptomap_1

crypto map outside_map0 2 set peer 92

crypto map outside_map0 2

crypto map outside_map0 interface outside

crypto ca server

shutdown

smtp from-address admin@gatway1.null

crypto isakmp identity hostname

crypto isakmp enable outside

crypto isakmp policy 5

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400

crypto isakmp policy 10

authentication pre-share

encryption des

hash sha

group 2

lifetime 86400

crypto isakmp policy 20

authentication pre-share

encryption 3des

hash md5

group 2

lifetime 86400

crypto isakmp policy 30

authentication pre-share

encryption aes

hash sha

group 2

lifetime 86400

crypto isakmp policy 65535

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400

telnet p_Inside-PC-LAN_0.30 255.255.255.0 inside

telnet timeout 5

ssh p_Inside-PC-LAN_0.30 255.255.255.0 inside

ssh timeout 5

console timeout 0

dhcpd dns 192.168.30.2 interface inside

!

vpnclient server 192.168.4.0

vpnclient mode client-mode

vpnclient vpngroup VPN_User password ********

threat-detection basic-threat

threat-detection statistics port

threat-detection statistics protocol

threat-detection statistics access-list

threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200

tftp-server inside 192.168.30.8 CiscoTFTP

webvpn

Link zu diesem Kommentar

tunnel-group mVPN type ipsec-l2l

tunnel-group mVPN general-attributes

tunnel-group mVPN ipsec-attributes

pre-shared-key *

tunnel-group 92.ype ipsec-l2l

tunnel-group 92. ipsec-attributes

pre-shared-key *

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

parameters

message-length maximum 512

policy-map global_policy

class inspection_default

inspect dns preset_dns_map

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp

Link zu diesem Kommentar
  • 3 Wochen später...
Der letzte Beitrag zu diesem Thema ist mehr als 180 Tage alt. Bitte erstelle einen neuen Beitrag zu Deiner Anfrage!

Schreibe einen Kommentar

Du kannst jetzt antworten und Dich später registrieren. Falls Du bereits ein Mitglied bist, logge Dich jetzt ein.

Gast
Auf dieses Thema antworten...

×   Du hast formatierten Text eingefügt.   Formatierung jetzt entfernen

  Only 75 emoji are allowed.

×   Dein Link wurde automatisch eingebettet.   Einbetten rückgängig machen und als Link darstellen

×   Dein vorheriger Inhalt wurde wiederhergestellt.   Editor-Fenster leeren

×   Du kannst Bilder nicht direkt einfügen. Lade Bilder hoch oder lade sie von einer URL.

×
×
  • Neu erstellen...