asa e portmapping

Mettete al sicuro la vostra rete!

Moderatore: Federico.Lagni

Rispondi
Avatar utente
daysleeper
Network Emperor
Messaggi: 347
Iscritto il: gio 20 ott , 2005 12:47 pm
Località: Gioia del Colle(ba)

Salve a tutti,
posto qui sotto la conf di un asa (non configurato da me) e vorrei sapere se secondo voi si può aggiungere il portmapping per pptp e https verso un server sulla lan senza stravolgerne il funzionamento.

ASA Version 8.0(3)
!
hostname ASA
enable password pippopluto encrypted
names
!
interface Vlan1
nameif inside
security-level 100
ip address 10.169.47.65 255.255.255.192
!
interface Vlan2
mac-address 001e.4ae7.534c
nameif outside
security-level 0
ip address 192.168.1.39 255.255.255.0
!
interface Ethernet0/0
description OUTSIDE
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
shutdown
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
passwd pippopluto encrypted
boot system disk0:/asa803-k8.bin
ftp mode passive
access-list DaInternet extended permit icmp any host 192.168.1.38 echo-reply
access-list _vpnc_no_nat_acl extended permit ip any host 192.168.0.11
access-list _vpnc_no_nat_acl extended permit ip any 192.168.50.0 255.255.255.0
access-list _vpnc_no_nat_acl extended permit ip any host 192.168.0.37
pager lines 24
logging enable
logging buffer-size 1048576
logging buffered debugging
logging asdm informational
mtu inside 1350
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-603.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
access-group DaInternet in interface outside
route outside 0.0.0.0 0.0.0.0 192.168.1.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 10.169.47.64 255.255.255.192 inside
http 213.156.51.0 255.255.255.128 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto isakmp policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet 10.169.47.64 255.255.255.192 inside
telnet 192.168.50.0 255.255.255.0 inside
telnet timeout 5
ssh 10.169.47.64 255.255.255.192 inside
ssh 192.168.50.0 255.255.255.0 inside
ssh timeout 5
console timeout 0
management-access inside
vpnclient server ip del server
vpnclient mode network-extension-mode
vpnclient nem-st-autoconnect
vpnclient vpngroup gruppo password ********
vpnclient username nomeutente password ********
vpnclient enable
threat-detection basic-threat
threat-detection statistics access-list
username cisco password pippopluto encrypted privilege 15
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:6453cd2143912e77fa91a48e6ed7dc4a
: end
A daje e daje le cipolle diventan'aje!!!
Avatar utente
Wizard
Intergalactic subspace network admin
Messaggi: 3441
Iscritto il: ven 03 feb , 2006 10:04 am
Località: Emilia Romagna
Contatta:

Si no problem x 2 statiche e 2 acl
Il futuro è fatto di persone che hanno delle intuizioni e visioni .....sono quelle persone che fanno la differenza...... quelle dotate di un TERZO OCCHIO....
Avatar utente
daysleeper
Network Emperor
Messaggi: 347
Iscritto il: gio 20 ott , 2005 12:47 pm
Località: Gioia del Colle(ba)

Quindi easyvpn non usa pptp per stabilire le connessioni e non influisce su easyvpn creare delle regole di pat per quanto riguarda il pptp?
A daje e daje le cipolle diventan'aje!!!
Rispondi