YilinChen 发表于 2019-6-29 19:17
policy-map global_policy
class inspection_default
inspect icmp
去都已经写了这些了,但是还是Ping不通也不能SSH,别的分公司的都是正常的只有这一个,我只能连接防火墙的下联设备路由,在SSH进防火墙,直接SSH防火墙是不可以的,Telnet也是不可以的这是为什么呢,
class-map url_class
match access-list url_filter_list
class-map type regex match-any url_class_regex
match regex url_filter1
match regex url_filter2
match regex url_filter3
match regex url_filter4
match regex url_filter5
match regex url_filter6
match regex url_filter7
match regex url_filter8
match regex url_filter9
match regex url_filter10
match regex url_filter11
match regex url_filter12
match regex url_filter13
match regex url_filter14
class-map inspection_default
match default-inspection-traffic
class-map type inspect http match-all url_class_inspect
match request header host regex class url_class_regex
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect icmp
policy-map type inspect http url_policy_inspect
parameters
class url_class_inspect
drop-connection log
policy-map url_policy
class url_class
inspect http url_policy_inspect
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
icmp permit any echo inside
icmp permit any echo-reply inside
icmp permit any outside
no asdm history enable
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
aaa authentication telnet console LOCAL
group 2
lifetime 86400
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 inside
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 5
ssh version 2
console timeout 5