服务器 Gind.cn
  1. 服务器 Gind.cn
  3. ASA 5505阻止用户
Intereting Posts
为服务器安装Java运行时:比std JRE包好? 如何保持MinIO备份? Windows 2008 – 通过端口或服务定义IP订单 有关在Ubuntu 10.04服务器上设置适当权限的build议 需要build议select软件\硬件进行虚拟化 让我们encryptionSSL证书文件未find错误,但仍然工作 OSX服务器VPN – 访问在VPN服务器上运行的服务 批量目录权限 用Dovecot获取.eml文件 openLDAP复制错误“无效格式条目:olcDatabase = {1} mdb,cn = config” 解决networking中断问题 何时使用NFS的Web应用程序 为什么我不能重新创build一个数据库? pipe理terminal服务会话而不提供login权限 如何不得到这么多的Apache CLOSE_WAIT连接?

ASA 5505阻止用户

我最近安装了一个ASA 5505.但现在我有用户被阻止/从互联网上踢。

我能做些什么来防止这种情况?

这里是运行configuration:

命令结果:“sh run” 

: Saved :ASA Version 9.0(1) ! hostname ciscoasa enable password ------------- encrypted passwd ------------ encrypted names ! interface Ethernet0/0 switchport access vlan 2 ! interface Ethernet0/1 ! interface Ethernet0/2 ! interface Ethernet0/3 ! interface Ethernet0/4 ! interface Ethernet0/5 ! interface Ethernet0/6 ! interface Ethernet0/7 ! interface Vlan1 nameif inside security-level 100 ip address 192.168.1.1 255.255.255.0 ! interface Vlan2 nameif outside security-level 0 ip address xxx.xxx.xxx.xxx 255.255.255.248 ! ftp mode passive object network obj_any subnet 0.0.0.0 0.0.0.0 pager lines 24 logging enable logging asdm informational mtu inside 1500 mtu outside 1500 icmp unreachable rate-limit 1 burst-size 1 no asdm history enable arp timeout 14400 no arp permit-nonconnected ! object network obj_any nat (inside,outside) dynamic interface route outside 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx 1 timeout xlate 3:00:00 timeout pat-xlate 0:00:30 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 dynamic-access-policy-record DfltAccessPolicy user-identity default-domain LOCAL http server enable http 192.168.1.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart crypto ipsec security-association pmtu-aging infinite crypto ca trustpool policy telnet timeout 5 ssh timeout 5 console timeout 0 dhcpd dns xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx dhcpd auto_config outside ! dhcpd address 192.168.1.5-192.168.1.30 inside dhcpd enable inside ! threat-detection basic-threat threat-detection statistics host threat-detection statistics port threat-detection statistics protocol threat-detection statistics access-list no threat-detection statistics tcp-intercept ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum client auto message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect ip-options ! service-policy global_policy global prompt hostname context no call-home reporting anonymous Cryptochecksum:dac8da9f3df0438bed0b9b1b714a1e67 : end

根据政策地图“全球政策”也启用http检查。 HTTP在基本操作中,我不认为需要通过防火墙进行任何检查,但以我个人的经验,我已经看到这一点,甚至认为可能是你的情况。

试着让这个启用,让我知道结果。