Уже несколько недель мучаюсь с CISCO ASA 5510, надеюсь кто-нибудь поможет.Необходимо, чтобы пользователи выходили в интернет через Cisco VPN Client.
Провайдером выделен IP 172.18.124.98 ,ближайший маршрутизатор провайдера 172.18.124.99
Внутренняя локальная сеть 10.10.10.0
Конфиг на 5510
ASA Version 7.0(8)
!
hostname telros
domain-name company.lan
enable password BSHiAF86w0CRRUMb encrypted
passwd BSHiAF86w0CRRUMb encrypted
names
dns-guard
!
interface Ethernet0/0
nameif outside
security-level 0
ip address 172.18.124.98 255.255.255.0
!
interface Ethernet0/1
nameif inside
security-level 50
ip address 10.10.10.1 255.255.255.0
!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
!
ftp mode passive
clock timezone MSK/MSD 3
clock summer-time MSK/MDD recurring last Sun Mar 2:00 last Sun Oct 3:00
same-security-traffic permit intra-interface
pager lines 24
mtu outside 1500
mtu inside 1500
mtu management 1500
ip local pool vpnpool 10.0.0.1-10.0.0.254
no failover
monitor-interface outside
monitor-interface inside
monitor-interface management
asdm image disk0:/asdm-508.bin
no asdm history enable
arp timeout 14400
nat-control
global (outside) 1 172.18.124.99
nat (inside) 1 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 172.18.124.99 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
group-policy clientgroup internal
group-policy clientgroup attributes
vpn-idle-timeout 20
split-tunnel-policy tunnelall
webvpn
username admin password f3UhLvUj1QsXsuK7 encrypted
http server enable
http 192.168.1.0 255.255.255.0 management
http redirect outside 80
http redirect inside 80
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set myset esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map rtpdynmap 20 set transform-set myset
crypto dynamic-map rtpdynmap 20 set security-association lifetime seconds 28800
crypto dynamic-map rtpdynmap 20 set security-association lifetime kilobytes 4608000
crypto map mymap 20 ipsec-isakmp dynamic rtpdynmap
crypto map mymap interface inside
isakmp identity address
isakmp enable inside
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
isakmp policy 65535 authentication pre-share
isakmp policy 65535 encryption 3des
isakmp policy 65535 hash sha
isakmp policy 65535 group 2
isakmp policy 65535 lifetime 86400
tunnel-group rtptacvpn type ipsec-ra
tunnel-group rtptacvpn general-attributes
address-pool vpnpool
default-group-policy clientgroup
tunnel-group rtptacvpn ipsec-attributes
pre-shared-key *
telnet 192.168.1.2 255.255.255.255 management
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd lease 3600
dhcpd ping_timeout 50
dhcpd enable management
Cryptochecksum:52e4e3c7495f9d1285b92f82cb3ef47d
-----------------------------------------------------------
VPN : клиент-циско поднят, а выхода в интернет нет.
Вариант для распечатки
Маршрутизаторы CISCO и др. оборудование. (Public)
(??) on 21-Июл-09, 15:49 
