外网能telnet内网服务器任何端口 ,能登录内网web服务器,但是不能访问web页面上视频摄像头。
ciscoasa(config)# sh run
: Saved
:
ASA Version 8.0(4)
!
firewall transparent
hostname ciscoasa
enable password .pqTEpRSbjzD0Og8 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface GigabitEthernet0/0
nameif outside
security-level 0
!
interface GigabitEthernet0/1
nameif inside
security-level 100
!
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
!
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
!
interface Management0/0
shutdown
no nameif
no security-level
management-only
!
ftp mode passive
access-list in2out extended permit ip any any
access-list in2out extended permit tcp any any
access-list in2out extended permit udp any any
pager lines 24
mtu outside 1500
mtu inside 1500
ip address 211.141.155.170 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
access-group in2out in interface outside
access-group in2out in interface inside
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
!
class-map inspection_default
match default-inspection-traffic
class-map conns3000
match port tcp eq 81
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ctiqbe
inspect dcerpc
inspect http
inspect icmp
inspect ils
inspect ipsec-pass-thru
inspect mgcp
inspect pptp
inspect snmp
inspect waas
policy-map conns3000
class conns3000
set connection conn-max 1000 embryonic-conn-max 3000
set connection timeout tcp 0:00:00
!
service-policy global_policy global
service-policy conns3000 interface inside
prompt hostname context
Cryptochecksum:963e6ba8c26beced1ebeca0d7c6d5a7c
: end
ciscoasa(config)#
正常的应该打开界面:
以下是打不开的界面:
ciscoasa(config)# sh run
: Saved
:
ASA Version 8.0(4)
!
firewall transparent
hostname ciscoasa
enable password .pqTEpRSbjzD0Og8 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface GigabitEthernet0/0
nameif outside
security-level 0
!
interface GigabitEthernet0/1
nameif inside
security-level 100
!
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
!
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
!
interface Management0/0
shutdown
no nameif
no security-level
management-only
!
ftp mode passive
access-list in2out extended permit ip any any
access-list in2out extended permit tcp any any
access-list in2out extended permit udp any any
pager lines 24
mtu outside 1500
mtu inside 1500
ip address 211.141.155.170 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
access-group in2out in interface outside
access-group in2out in interface inside
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
!
class-map inspection_default
match default-inspection-traffic
class-map conns3000
match port tcp eq 81
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ctiqbe
inspect dcerpc
inspect http
inspect icmp
inspect ils
inspect ipsec-pass-thru
inspect mgcp
inspect pptp
inspect snmp
inspect waas
policy-map conns3000
class conns3000
set connection conn-max 1000 embryonic-conn-max 3000
set connection timeout tcp 0:00:00
!
service-policy global_policy global
service-policy conns3000 interface inside
prompt hostname context
Cryptochecksum:963e6ba8c26beced1ebeca0d7c6d5a7c
: end
ciscoasa(config)#
正常的应该打开界面:
以下是打不开的界面:
