Announcement

**minhuit** · 08-12-2014, 11:02 AM

dùng card loopback đi bạn, GNS3 với wifi hay bị lỗi lắm

**trangdangbt92** · 13-12-2014, 01:35 PM

cám ơn minhuit mình làm được rồi

**duc loc** · 19-12-2014, 03:26 PM

chào thầy,

em đang cấu hình asa 5510, interface outside thì cấu hình pppoe với ftth (ip tỉnh), đã set acl cho icmp , inspect icmp. nhưng không ping được 8.8.8.8

đã thử GNS3, set ip cho outside, cũng đặt acl icmp, inspect icmp. ping từ trong đến máy ngoài nối với outside thì bình thường.

mọi người giúp mình xem lổi chổ nào ?.

**minhuit** · 19-12-2014, 07:25 PM

bạn tham khảo cấu hình pppoe của ASA tại đây nhé: svuit.vn/lab-71/lab-asa-configuration-pppoe-asa-5525-a-681.html

Nếu không được bạn có thể cho mình xem file config của bạn được không ?

**duc loc** · 19-12-2014, 08:25 PM

đây bạn,

ASA Version 8.2(1)
!
hostname MY-FIREWALL
domain-name Domain.com
enable password 7qdAUUaRqQyk.Wch encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
!
interface Ethernet0/0
nameif outside
security-level 0
ip address pppoe setroute
!
interface Ethernet0/1
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/2
nameif inside
security-level 100
ip address 192.168.1.254 255.255.255.0
!
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/2
nameif inside
security-level 100
ip address 192.168.1.254 255.255.255.0
!
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
shutdown
no nameif
no security-level
no ip address
!
boot system disk0:/asa821-k8.bin
ftp mode passive
clock timezone ICT 7
dns domain-lookup outside
dns server-group DefaultDNS
name-server 208.67.222.222
domain-name Domain.com
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
access-list OUT-ACCESS-IN extended permit icmp any any echo-reply
access-list OUT-ACCESS-IN extended permit tcp any host 113.161.90.45eq www
access-list OUT-ACCESS-IN extended permit tcp any host 113.161.90.45eq https
access-list REMOTE-VPN-GROUP_splitTunnelAcl standard permit 192.168.1.0 255.255.255.0
access-list IN-ACCESS-OUT extended permit tcp 192.168.1.0 255.255.255.0 any eq pptp
access-list IN-ACCESS-OUT extended permit gre 192.168.1.0 255.255.255.0 any
access-list IN-ACCESS-OUT extended permit udp 192.168.1.0 255.255.255.0 any
access-list IN-ACCESS-OUT extended permit udp 192.168.1.0 255.255.255.0 any eq 4500
access-list IN-ACCESS-OUT extended permit udp 192.168.1.0 255.255.255.0 any eq isakmp
access-list IN-ACCESS-OUT extended permit esp 192.168.1.0 255.255.255.0 any
access-list IN-ACCESS-OUT extended permit tcp 192.168.1.0 255.255.255.0 any eq telnet
access-list IN-ACCESS-OUT extended permit ip 192.168.1.0 255.255.255.0 any
access-list REMOTE-VPN-GROUP_splitTunnelAcl_1 standard permit 192.168.1.0 255.255.255.0
access-list IN-ACCESS-OUT-DENY-SMTP extended deny tcp any any eq smtp
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
ip local pool VPN-POOL 192.68.2.1-192.68.2.200
ip local pool REMOTE-VPN-POOL 192.168.150.1-192.168.150.30 mask 255.255.255.0
ip verify reverse-path interface outside
ip audit name Info1 info action alarm drop
ip audit name Attack1 attack action alarm drop
ip audit interface outside Info1
ip audit interface outside Attack1
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-621.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list 100
nat (inside) 1 192.168.1.0 255.255.255.0
static

**moonvil131** · 20-12-2014, 07:49 AM

wow, bài viết của bạn giúp tôi có kinh nghi

**Tai tuong** · 22-12-2014, 08:21 PM

Thanks vì bài viết hữu ích! ^^

Announcement

Help! cấu hình ASA ver 8.2..

Help! cấu hình ASA ver 8.2..

Comment

Comment

Comment

Comment

Comment

Comment

Comment