Hirdetés

  2. Fórumok
  3. Hálózat, szolgáltatók
  4. Cisco vizsgák (CCNA, CCNP, CCIE)
  • Téma összefoglaló
    Utoljára frissítve: 2020-02-27 09:43

    Mobilarena

    --- Még az új vizsgarendszer előtti információk, majd frissítjük! ---


    Gyakran ismételt kérdések
    Olvasd el a cikkeket itt.

Új hozzászólás Aktív témák

  • #2494 AkoSCH csendes tag jerry311 #2375
    Új Válasz #2494
    Új hozzászólás
    Összes hozzászólása itt Válaszok az összes hozzászólására itt Válaszok erre a hozzászólásra

    AkoSCH

    csendes tag

    válasz jerry311 #2375 üzenetére

    Szia!

    Kicsit megint megakadtam, a VPN-nel.
    NAT Exempt bekapcsolva a Wizardban.
    IP-m most jó (10.10.10.1-et kaptam), viszont a Gateway meg 10.10.10.2 lett, ezt honnan kapta a hostom?

    Illetve továbbra sem tudok elérni semmilyen erőforrást a belső hálóból sem.

    Aktuális konfig része:

    interface Vlan1

    description LAN

    no forward interface Vlan12

    nameif inside

    security-level 100

    ip address 192.168.2.1 255.255.255.0

    !

    interface Vlan2

    description WAN

    nameif outside

    security-level 0

    ip address MY_STATIC_IP 255.255.255.248

    !

    interface Vlan12

    description Vendegeknek a valamiHotSpot WiFi-hez

    nameif guest

    security-level 100

    ip address 192.168.4.1 255.255.255.0

    management-only

    !

    ftp mode passive

    clock timezone GMT 0

    dns domain-lookup inside

    dns domain-lookup outside

    dns domain-lookup guest

    dns server-group DefaultDNS

    name-server 62.112.192.4

    name-server 195.70.35.66

    domain-name valami.local

    same-security-traffic permit intra-interface

    object network obj_any

    subnet 0.0.0.0 0.0.0.0

    object network inside-net

    subnet 192.168.2.0 255.255.255.0

    object network guest-net

    subnet 192.168.3.0 255.255.255.0

    object network NETWORK_OBJ_192.168.2.128_25

    subnet 192.168.2.128 255.255.255.128

    object-group protocol DM_INLINE_PROTOCOL_3

    protocol-object ip

    protocol-object icmp

    object-group protocol DM_INLINE_PROTOCOL_1

    protocol-object ip

    protocol-object icmp

    object-group protocol DM_INLINE_PROTOCOL_2

    protocol-object ip

    protocol-object icmp

    access-list global_access extended permit object-group DM_INLINE_PROTOCOL_3 any any

    access-list AnyConnect_Client_Local_Print extended deny ip any any

    access-list AnyConnect_Client_Local_Print extended permit tcp any any eq lpd

    access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol

    access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 631

    access-list AnyConnect_Client_Local_Print remark Windows' printing port

    access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 9100

    access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol

    access-list AnyConnect_Client_Local_Print extended permit udp any host 224.0.0.251 eq 5353

    access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name Resolution protocol

    access-list AnyConnect_Client_Local_Print extended permit udp any host 224.0.0.252 eq 5355

    access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol

    access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 137

    access-list AnyConnect_Client_Local_Print extended permit udp any any eq netbios-ns

    access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_2 any any

    access-list outside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 any any

    pager lines 24

    logging enable

    logging asdm informational

    mtu inside 1500

    mtu outside 1500

    mtu guest 1500

    ip local pool valami_vpn_pool 10.10.10.1-10.10.10.10 mask 255.255.255.0

    icmp unreachable rate-limit 1 burst-size 1

    icmp permit any inside

    no asdm history enable

    arp timeout 14400

    !

    object network inside-net

    nat (inside,outside) dynamic interface

    object network guest-net

    nat (guest,outside) dynamic interface

    access-group inside_access_in in interface inside

    access-group outside_access_in in interface outside

    access-group global_access global

    route outside 0.0.0.0 0.0.0.0 MY_STATIC_GW 1

    timeout xlate 3:00:00

    timeout pat-xlate 0:00:30

    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

    timeout tcp-proxy-reassembly 0:01:00

    timeout floating-conn 0:00:00

    dynamic-access-policy-record DfltAccessPolicy

    user-identity default-domain LOCAL

    aaa local authentication attempts max-fail 16

    http server enable

    http 192.168.2.0 255.255.255.0 inside

    no snmp-server location

    no snmp-server contact

    snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart

    telnet timeout 5

    ssh timeout 5

    ssh key-exchange group dh-group1-sha1

    console timeout 0

    dhcpd auto_config outside

    !

    threat-detection basic-threat

    threat-detection statistics host

    threat-detection statistics access-list

    no threat-detection statistics tcp-intercept

    webvpn

    enable inside

    enable outside

    anyconnect-essentials

    anyconnect image disk0:/anyconnect-win-2.5.2014-k9.pkg 1

    anyconnect enable

    tunnel-group-list enable

    group-policy GroupPolicy_valami_VPN internal

    group-policy GroupPolicy_valami_VPN attributes

    wins-server value 192.168.2.2

    dns-server value 192.168.2.2

    vpn-tunnel-protocol ssl-client

    split-tunnel-policy tunnelall

    default-domain value valami.local

    webvpn

    anyconnect ssl rekey time 30

    anyconnect ssl rekey method ssl

    anyconnect ask enable default anyconnect timeout 30

    customization none

    deny-message value Login was successful, but because certain criteria have not been met or due to some specific group policy, you do not have permission to use any of the VPN features. Contact your IT administrator for more information.

    username test password P4ttSyrm33SV8TYp encrypted

    tunnel-group valami_VPN type remote-access

    tunnel-group valami_VPN general-attributes

    address-pool valami_vpn_pool

    default-group-policy GroupPolicy_valami_VPN

    tunnel-group valami_VPN webvpn-attributes

    group-alias valami_VPN enable

    !

    class-map inspection_default

    match default-inspection-traffic

    !

    !

    policy-map type inspect dns preset_dns_map

    parameters

    message-length maximum client auto

    message-length maximum 512

    policy-map global_policy

    class inspection_default

    inspect dns preset_dns_map

    inspect ftp

    inspect h323 h225

    inspect h323 ras

    inspect rsh

    inspect rtsp

    inspect esmtp

    inspect sqlnet

    inspect skinny

    inspect sunrpc

    inspect xdmcp

    inspect sip

    inspect netbios

    inspect tftp

    inspect ip-options

    !

    service-policy global_policy global

    prompt hostname context

    no call-home reporting anonymous

    Cryptochecksum:d54de340bb6794d90a9ee52c69044753

    : end

    Előre is köszönöm a segítséget!

Új hozzászólás Aktív témák