2023年12月6日发(作者:)
ASA5520,双ISP接入配置
实现功能如下:
1,部分网通站点走网通线路,其余走电信实现负载均衡(电信为主)
2,任何一条链路断掉,另一条可以继续用
3,电信网通口上都启用VPNClient,保证电信,网通客户端都可以顺利拨入
jxwsj(config)# show run
: Saved
:
ASA Version 7.0(5)
!
hostname jxwsj
domain-name
enable password Zjts encrypted
names
dns-guard
!
interface GigabitEthernet0/0
description tocnc
nameif outside
security-level 0
ip address 网通IP 255.255.255.248
!
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 192.1.5.2 255.255.255.0
!
interface GigabitEthernet0/2
description to cnt
nameif ct
security-level 0
ip address 电信IP 255.255.255.248
!
interface GigabitEthernet0/3
nameif gov
security-level 40
ip address 21.36.255.14 255.255.255.0
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
!
passwd 9jY encrypted
ftp mode passive
access-list 110 extended permit ip any any
access-list 150 extended permit tcp any any eq www
access-list 150 extended permit tcp any any eq 8080
access-list 150 extended permit tcp any any eq lotusnotes
access-list 150 extended permit icmp any any
access-list 150 extended deny ip any any
access-list inside_in extended permit ip any any
access-list 102 extended permit ip 192.168.0.0 255.255.255.0 192.168.200.0 255.255.255.0
access-list 102 extended permit ip 192.168.1.0 255.255.255.0 192.168.200.0 255.255.255.0
access-list 102 extended permit ip 192.168.3.0 255.255.255.0 192.168.200.0 255.255.255.0
access-list 102 extended permit ip 192.168.4.0 255.255.255.0 192.168.200.0 255.255.255.0
access-list 102 extended permit ip 192.1.5.0 255.255.255.0 192.168.200.0 255.255.255.0
access-list tempdeny extended deny ip host 192.168.3.11 any
access-list tempdeny extended deny ip host 192.168.3.12 any
access-list tempdeny extended deny ip host 192.168.3.13 any
access-list tempdeny extended deny ip host 192.168.3.14 any
access-list tempdeny extended permit ip any any
access-list 111 extended permit ip any any
pager lines 24
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu gov 1500
mtu management 1500
mtu ct 1500
ip local pool vpdn 192.168.200.1-192.168.200.100
no failover
asdm image disk0:/
no asdm history enable
arp inside 192.168.3.14 0016.1727.a178
arp inside 192.168.3.13 000a.480b.2295
arp inside 192.168.3.12 0030.1b31.a88b
arp inside 192.168.3.11 000a.480e.24a4
arp timeout 14400
global (outside) 1 interface
global (gov) 1 interface
global (ct) 1 interface
nat (inside) 0 access-list 102
nat (inside) 1 0.0.0.0 0.0.0.0
access-group 110 in interface outside
access-group tempdeny in interface inside
access-group 150 in interface gov
access-group 111 in interface ct
route outside 0.0.0.0 0.0.0.0 网通网关 254
route outside 222.160.0.0 255.224.0.0 网通网关 1
route outside 222.162.0.0 255.255.0.0 网通网关 1
route outside 222.160.0.0 255.254.0.0 网通网关 1
route outside 222.136.0.0 255.248.0.0 网通网关 1
route outside 222.132.0.0 255.252.0.0 网通网关 1
route outside 222.128.0.0 255.252.0.0 网通网关 1
route outside 221.216.0.0 255.248.0.0 网通网关 1
route outside 221.213.0.0 255.255.0.0 网通网关 1
route outside 221.212.0.0 255.255.0.0 网通网关 1
route outside 221.208.0.0 255.252.0.0 网通网关 1
route outside 221.207.0.0 255.255.192.0 网通网关 1
route outside 221.204.0.0 255.254.0.0 网通网关 1
route outside 221.200.0.0 255.252.0.0 网通网关 1
route outside 221.199.192.0 255.255.240.0 网通网关 1
route outside 221.199.128.0 255.255.192.0 网通网关 1
route outside 221.199.32.0 255.255.240.0 网通网关 1
route outside 221.199.0.0 255.255.224.0 网通网关 1
route outside 221.198.0.0 255.255.0.0 网通网关 1
route outside 221.196.0.0 255.254.0.0 网通网关 1
route outside 221.192.0.0 255.252.0.0 网通网关 1
route outside 221.14.0.0 255.254.0.0 网通网关 1
route outside 221.13.128.0 255.255.128.0 网通网关 1
route outside 221.13.64.0 255.255.224.0 网通网关 1
route outside 221.13.0.0 255.255.192.0 网通网关 1
route outside 125.210.0.0 255.255.0.0 网通网关 1
route outside 58.100.0.0 255.255.0.0 网通网关 1
route outside 219.82.0.0 255.255.0.0 网通网关 1
route outside 218.108.0.0 255.255.0.0 网通网关 1
route outside 221.12.128.0 255.255.192.0 网通网关 1
route outside 221.12.0.0 255.255.128.0 网通网关 1
route outside 221.11.128.0 255.255.224.0 网通网关 1
route outside 221.11.0.0 255.255.128.0 网通网关 1
route outside 221.10.0.0 255.255.0.0 网通网关 1
route outside 221.8.0.0 255.254.0.0 网通网关 1
route outside 221.7.128.0 255.255.128.0 网通网关 1
route outside 221.7.64.0 255.255.224.0 网通网关 1
route outside 221.7.0.0 255.255.192.0 网通网关 1
route outside 221.6.0.0 255.255.0.0 网通网关 1
route outside 221.4.0.0 255.254.0.0 网通网关 1
route outside 221.3.128.0 255.255.128.0 网通网关 1
route outside 221.0.0.0 255.252.0.0 网通网关 1
route outside 218.68.0.0 255.254.0.0 网通网关 1
route outside 218.67.128.0 255.255.128.0 网通网关 1
route outside 218.60.0.0 255.254.0.0 网通网关 1
route outside 218.56.0.0 255.252.0.0 网通网关 1
route outside 218.28.0.0 255.254.0.0 网通网关 1
route outside 218.26.0.0 255.254.0.0 网通网关 1
route outside 218.24.0.0 255.254.0.0 网通网关 1
route outside 218.12.0.0 255.255.0.0 网通网关 1
route outside 218.11.0.0 255.255.0.0 网通网关 1
route outside 218.10.0.0 255.255.0.0 网通网关 1
route outside 218.8.0.0 255.254.0.0 网通网关 1
route outside 218.7.0.0 255.255.0.0 网通网关 1
route outside 202.111.160.0 255.255.224.0 网通网关 1
route outside 202.111.128.0 255.255.224.0 网通网关 1
route outside 202.110.192.0 255.255.192.0 网通网关 1
route outside 202.110.64.0 255.255.192.0 网通网关 1
route outside 202.110.0.0 255.255.192.0 网通网关 1
route outside 202.108.0.0 255.255.0.0 网通网关 1
route outside 202.107.0.0 255.255.128.0 网通网关 1
route outside 202.106.0.0 255.255.0.0 网通网关 1
route outside 202.102.224.0 255.255.224.0 网通网关 1
route outside 202.102.128.0 255.255.192.0 网通网关 1
route outside 202.99.224.0 255.255.224.0 网通网关 1
route outside 202.99.192.0 255.255.224.0 网通网关 1
route outside 202.99.128.0 255.255.192.0 网通网关 1
route outside 202.99.64.0 255.255.192.0 网通网关 1
route outside 202.99.0.0 255.255.192.0 网通网关 1
route outside 202.98.0.0 255.255.224.0 网通网关 1
route outside 202.97.192.0 255.255.192.0 网通网关 1
route outside 202.97.160.0 255.255.224.0 网通网关 1
route outside 202.97.128.0 255.255.224.0 网通网关 1
route outside 202.96.64.0 255.255.224.0 网通网关 1
route outside 202.96.0.0 255.255.192.0 网通网关 1
route outside 61.189.0.0 255.255.128.0 网通网关 1
route outside 61.182.0.0 255.255.0.0 网通网关 1
route outside 61.181.0.0 255.255.0.0 网通网关 1
route outside 61.180.128.0 255.255.128.0 网通网关 1
route outside 61.179.0.0 255.255.0.0 网通网关 1
route outside 61.176.0.0 255.255.0.0 网通网关 1
route outside 61.168.0.0 255.255.0.0 网通网关 1
route outside 61.167.0.0 255.255.0.0 网通网关 1
route outside 61.163.0.0 255.255.0.0 网通网关 1
route outside 61.162.0.0 255.255.0.0 网通网关 1
route outside 61.161.128.0 255.255.128.0 网通网关 1
route outside 61.161.0.0 255.255.192.0 网通网关 1
route outside 61.159.0.0 255.255.192.0 网通网关 1
route outside 61.158.128.0 255.255.128.0 网通网关 1
route outside 61.156.0.0 255.255.0.0 网通网关 1
route outside 61.148.0.0 255.254.0.0 网通网关 1
route outside 61.139.128.0 255.255.192.0 网通网关 1
route outside 61.138.128.0 255.255.192.0 网通网关 1
route outside 61.138.64.0 255.255.192.0 网通网关 1
route outside 61.138.0.0 255.255.192.0 网通网关 1
route outside 61.137.128.0 255.255.128.0 网通网关 1
route outside 61.136.64.0 255.255.192.0 网通网关 1
route outside 61.135.0.0 255.255.0.0 网通网关 1
route outside 61.134.96.0 255.255.224.0 网通网关 1
route outside 61.133.0.0 255.255.128.0 网通网关 1
route outside 61.55.0.0 255.255.0.0 网通网关 1
route outside 61.54.0.0 255.255.0.0 网通网关 1
route outside 61.52.0.0 255.254.0.0 网通网关 1
route outside 61.48.0.0 255.252.0.0 网通网关 1
route outside 60.220.0.0 255.252.0.0 网通网关 1
route outside 60.216.0.0 255.254.0.0 网通网关 1
route outside 60.208.0.0 255.248.0.0 网通网关 1
route outside 60.31.0.0 255.255.0.0 网通网关 1
route outside 60.24.0.0 255.248.0.0 网通网关 1
route outside 60.16.0.0 255.248.0.0 网通网关 1
route outside 60.13.128.0 255.255.128.0 网通网关 1
route outside 60.13.0.0 255.255.192.0 网通网关 1
route outside 60.12.0.0 255.255.0.0 网通网关 1
route outside 60.10.0.0 255.255.0.0 网通网关 1
route outside 60.8.0.0 255.254.0.0 网通网关 1
route outside 60.0.0.0 255.248.0.0 网通网关 1
route inside 192.168.0.0 255.255.255.0 192.1.5.1 1
route inside 192.168.3.0 255.255.255.0 192.1.5.1 1
route inside 192.168.4.0 255.255.255.0 192.1.5.1 1
route inside 192.168.1.0 255.255.255.0 192.1.5.1 1
route gov 21.0.0.0 255.0.0.0 21.36.255.1 1
route ct 0.0.0.0 0.0.0.0 电信网关 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
group-policy clientgroup internal
group-policy clientgroup attributes
vpn-idle-timeout 20
split-tunnel-policy tunnelall
webvpn
username zmkm password encrypted
username owen password G7ZPUlDLDg6W94ag encrypted
username cisco password e1OkT/res2LB3io6 encrypted
http server enable
http 192.168.0.2 255.255.255.255 inside
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set aaades esp-3des esp-md5-hmac
crypto ipsec transform-set aaades1 esp-3des esp-md5-hmac
crypto dynamic-map dynomap 10 set transform-set aaades
crypto dynamic-map dynomap1 20 set transform-set aaades1
crypto map vpnpeer 20 ipsec-isakmp dynamic dynomap
crypto map vpnpeer interface outside
crypto map vpnpeer1 30 ipsec-isakmp dynamic dynomap1
crypto map vpnpeer1 interface ct
isakmp identity address
isakmp enable outside
isakmp enable ct
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
tunnel-group huhao type ipsec-ra
tunnel-group huhao general-attributes
address-pool vpdn
authorization-server-group LOCAL
default-group-policy clientgroup
tunnel-group huhao ipsec-attributes
pre-shared-key *
tunnel-group cnt type ipsec-ra
tunnel-group cnt general-attributes
address-pool vpdn
authentication-server-group none
authorization-server-group LOCAL
default-group-policy clientgroup
tunnel-group cnt ipsec-attributes
pre-shared-key *
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 outside
ssh 0.0.0.0 0.0.0.0 ct
ssh timeout 60
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd lease 3600
dhcpd ping_timeout 50
Cryptochecksum:38caa994b55d5b8bf627a1e972ed56ee
: end
发布评论