다음 출력 결과를 사용하여 Cisco ASA 5510을 구성합니다.
ciscoasa# show running-config output : Saved : ASA Version 8.2(1)18 ! hostname ciscoasa enable password 2KFQnbNIdI.2KYOU encrypted passwd 2KFQnbNIdI.2KYOU encrypted names ! interface Ethernet0/0 nameif untrusted security-level 100 ip address 10.24.120.90 255.255.252.0 ! interface Ethernet0/1 nameif trusted security-level 90 ip address 172.16.0.1 255.255.0.0 ! interface Ethernet0/2 shutdown no nameif no security-level no ip address ! interface Ethernet0/3 shutdown no nameif no security-level no ip address ! interface Management0/0 shutdown no nameif no security-level no ip address ! boot system disk0:/asa821-18-k8.bin ftp mode passive access-list ACL1 extended permit ip 172.16.0.0 255.255.0.0 192.168.5.0 255.255.255.0 access-list ACL1 extended permit ip 192.168.5.0 255.255.255.0 172.16.0.0 255.255.0.0 access-list 101 extended permit icmp any any pager lines 24 mtu untrusted 1500 mtu trusted 1500 no failover icmp unreachable rate-limit 1 burst-size 1 icmp permit any untrusted icmp permit any trusted no asdm history enable arp timeout 14400 access-group 101 in interface untrusted access-group 101 out interface untrusted access-group 101 in interface trusted access-group 101 out interface trusted route untrusted 10.115.0.0 255.255.0.0 10.24.123.253 1 route untrusted 192.168.5.0 255.255.255.0 10.115.199.103 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 dynamic-access-policy-record DfltAccessPolicy no snmp-server location no snmp-server contact crypto ipsec transform-set MYSET esp-3des esp-sha-hmac crypto ipsec security-association lifetime seconds 28800 crypto ipsec security-association lifetime kilobytes 4608000 crypto map MYVPN 1 match address ACL1 crypto map MYVPN 1 set pfs crypto map MYVPN 1 set peer 10.115.199.103 crypto map MYVPN 1 set transform-set MYSET crypto map MYVPN interface untrusted crypto isakmp enable untrusted crypto isakmp policy 1 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 telnet 10.0.0.0 255.0.0.0 untrusted telnet timeout 5 ssh timeout 5 console timeout 0 no threat-detection basic-threat no threat-detection statistics access-list no threat-detection statistics tcp-intercept username admin password f3UhLvUj1QsXsuK7 encrypted tunnel-group 10.115.199.103 type ipsec-l2l tunnel-group 10.115.199.103 ipsec-attributes pre-shared-key * ! ! prompt hostname context Cryptochecksum:29c3cc49460831ff6c070671098085a9 : end