在思科5510上不能ping不通inside电脑

怎么在asa 5510上不能ping通inside 电脑，电脑上可以ping通inside IP
怎样才能ping 通outside IP
但是我在5510上ping 不通inside 电脑

EZVPN-服务器的配置：
how run
: Saved
:
ASA Version 8.2(1)
!
hostname
ciscoasa
domain-name default.domain.invalid
enable password
2zFxJaDytPY1aw/B encrypted
passwd 2zFxJaDytPY1aw/B
encrypted
names
dns-guard
!
interface Ethernet0/0
nameif
outside
security-level 0
ip address 219.141.99.169 255.255.255.192

!
interface Ethernet0/1
nameif inside
security-level 100
ip
address 10.18.1.1 255.255.255.0
!
interface Ethernet0/2
shutdown
no
nameif
no security-level
<--- More --->

no ip
address
!
interface Ethernet0/3
shutdown
nameif
dmz
security-level 50
no ip address
!
interface
Management0/0
nameif management
security-level 100
ip address
192.168.1.1 255.255.255.0
management-only
!
boot system
disk0:/asa821-k8.bin
ftp mode passive
dns server-group
DefaultDNS
domain-name default.domain.invalid
same-security-traffic permit
intra-interface
access-list 100 extended permit ip 10.178.0.0 255.255.0.0 any

access-list 100 extended permit ip 192.168.0.0 255.255.0.0 any

access-list 100 extended permit ip 10.18.1.0 255.255.1.0 any
access-list
icmp extended permit icmp any any
access-list icmp extended permit tcp any
any eq https
access-list icmp extended permit tcp any any eq www

access-list icmp extended permit ip any host 222.87.55.131
access-list
tunnelall standard permit 10.18.1.0 255.255.255.0
access-list nat0 extended
permit ip 10.0.0.0 255.0.0.0 10.0.0.0 255.0.0.0
access-list tunnel extended
permit ip 10.18.1.0 255.255.255.0 host 61.139.2.69
access-list all_host
extended permit ip host 10.18.1.1 any
access-list outside_access_in extended
permit ip any any
access-list outside_access_in extended permit icmp any any

access-list outside_access_in extended permit tcp any any
access-list
outside_access_in extended permit udp any any
access-list 2001 extended
permit ip any 192.168.10.0 255.255.255.0
access-list 2001 extended permit ip
any 192.168.60.0 255.255.255.0
access-list no-nat extended permit ip
10.18.1.0 255.255.255.0 10.100.100.0 255.255.255.0
access-list no-nat
extended permit ip 10.178.0.0 255.255.0.0 10.100.100.0 255.255.255.0

access-list splist_tunnel extended permit ip 10.18.1.0 255.255.255.0 any

access-list splist_tunnel extended permit ip 10.178.0.0 255.255.0.0 any

access-list vpn-no-nat extended permit ip 10.178.0.0 255.255.0.0 10.10.10.0
255.255.255.0
access-list vpn-no-nat extended permit ip 10.18.1.0
255.255.255.0 10.10.10.0 255.255.255.0
pager lines 24
logging
enable
logging timestamp
logging monitor debugging
logging buffered
debugging
logging asdm informational
<--- More --->

logging debug-trace
mtu outside 1500
mtu inside 1500
mtu
management 1500
mtu dmz 1500
ip local pool ezvpnpool
10.10.10.1-10.10.10.100
icmp unreachable rate-limit 1 burst-size 1
asdm
image disk0:/asdm-507.bin
no asdm history enable
arp timeout
14400
global (outside) 1 interface
nat (inside) 0 access-list
vpn-no-nat
nat (inside) 1 access-list 100
static (inside,outside) tcp
interface 8900 10.178.142.26 www netmask 255.255.255.255
static
(inside,outside) tcp interface 8988 10.178.142.26 ssh netmask 255.255.255.255

static (inside,outside) tcp interface 8999 10.178.142.26 ftp netmask
255.255.255.255
access-group outside_access_in in interface outside
route
outside 0.0.0.0 0.0.0.0 219.141.99.129 1
route inside 10.178.0.0 255.255.0.0
10.18.1.2 1
route inside 192.168.0.0 255.255.0.0 10.18.1.2 1
timeout xlate
3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp
0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00
sip-disconnect 0:02:00
<--- More --->

timeout
sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout
tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record
DfltAccessPolicy
aaa authentication ssh console LOCAL
aaa authentication
http console LOCAL
aaa local authentication attempts max-fail 16
http
server enable
http 0.0.0.0 0.0.0.0 outside
http 192.168.1.0 255.255.255.0
management
http 10.178.0.0 255.255.0.0 inside
snmp-server host inside
10.178.142.110 community public version 2c
no snmp-server location
no
snmp-server contact
snmp-server community *****
snmp-server enable traps
snmp authentication linkup linkdown coldstart
snmp-server enable traps
syslog
crypto ipsec transform-set ccie esp-3des esp-sha-hmac
crypto ipsec
security-association lifetime seconds 28800
crypto ipsec security-association
lifetime kilobytes 4608000
crypto dynamic-map my 10 set transform-set
ccie
crypto dynamic-map my 10 set reverse-route
crypto map ezvpn 10
ipsec-isakmp dynamic my
crypto map ezvpn interface outside
crypto isakmp
identity address
crypto isakmp enable outside
crypto isakmp policy
10
authentication pre-share
encryption 3des
hash sha
group
2
lifetime 86400
crypto isakmp ipsec-over-tcp port 1000
crypto isakmp
disconnect-notify
telnet 0.0.0.0 0.0.0.0 inside
telnet 10.178.142.0
255.255.255.0 inside
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 outside
ssh
timeout 5
ssh version 2
console timeout 0
dhcpd address
192.168.1.2-192.168.1.254 management
dhcpd enable
management
!
threat-detection basic-threat
threat-detection statistics
access-list
no threat-detection statistics
tcp-intercept
webvpn
group-policy mypp internal
group-policy mypp
attributes
dns-server value 202.98.192.67
split-tunnel-policy
tunnelspecified
split-tunnel-network-list value
splist_tunnel
address-pools value ezvpnpool
username cisco password
3USUcOPFUiMCO4Jk encrypted
tunnel-group sldzvpn type
remote-access
tunnel-group sldzvpn general-attributes
default-group-policy
mypp
tunnel-group sldzvpn ipsec-attributes
pre-shared-key
*
!
class-map ips-global-class
description The traffic class that
identify what traffic is redirected to SSM
match any
class-map
limit-192WangDuan
match access-list 2001
class-map
inspection_default
match default-inspection-traffic
!
!
policy-map
type inspect dns migrated_dns_map_1
parameters
message-length maximum
512
<--- More --->

policy-map
global_policy
class inspection_default
inspect dns migrated_dns_map_1

inspect ftp
inspect h323 h225
inspect h323 ras
inspect
rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect
skinny
inspect sunrpc
inspect xdmcp
inspect
sip
inspect netbios
inspect tftp
inspect icmp
policy-map
type inspect dns migrated_dns_map_2
parameters
message-length maximum
512
policy-map ips-global-policy
description The Policy that ASA redirects
traffic to SSM (IPS).
class ips-global-class
ips inline
fail-open
<--- More --->

class
inspection_default
inspect dns migrated_dns_map_2
inspect ftp

inspect h323 h225
inspect h323 ras
inspect rsh
inspect
rtsp
inspect esmtp
inspect sqlnet
inspect
skinny
inspect sunrpc
inspect xdmcp
inspect
sip
inspect netbios
inspect tftp
inspect icmp
policy-map
limit-192WangDuan
class limit-192WangDuan
police output 30720000
1280000
!
service-policy ips-global-policy global
prompt hostname
context
Cryptochecksum:8de3e5a4868c50f5b307e02c11ba62fb
:
end

第一阶段：
ciscoasa# show crypto isakmp sa
Active SA: 1

Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during
rekey)
Total IKE SA: 1
1 IKE Peer: 114.138.5.127
Type : user
Role : responder
Rekey : no State :
AM_ACTIVE
ciscoasa#

第二阶段：
ciscoasa# show crypto ipsec
sa
interface: outside
Crypto map tag: my, seq num: 10, local addr:
219.141.99.169
local ident (addr/mask/prot/port):
(0.0.0.0/0.0.0.0/0/0)
remote ident (addr/mask/prot/port):
(10.10.10.1/255.255.255.255/0/0)
current_peer: 114.138.5.127, username:
cisco
dynamic allocated peer ip: 10.10.10.1
#pkts encaps: 0,
#pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0,
#pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0

#pkts not compressed: 0, #pkts comp failed: 0, #pkts decomp failed: 0

#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0

#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0

#send errors: 0, #recv errors: 0
local crypto endpt.:
219.141.99.169/4500, remote crypto endpt.: 114.138.5.127/4960
path mtu
1500, ipsec overhead 66, media mtu 1500
current outbound spi:
9A779D99
inbound esp sas:
spi: 0xD69071F3 (3599790579)

transform: esp-3des esp-sha-hmac no compression
in use settings
={RA, Tunnel, NAT-T-Encaps, }
slot: 0, conn_id: 24576, crypto-map:
my
sa timing: remaining key lifetime (sec): 28762
IV
size: 8 bytes
replay detection support: Y
Anti replay
bitmap:
0x00000000 0x00000001
outbound esp sas:

spi: 0x9A779D99 (2591530393)
transform: esp-3des esp-sha-hmac no
compression
in use settings ={RA, Tunnel, NAT-T-Encaps, }

slot: 0, conn_id: 24576, crypto-map: my
sa timing: remaining key
lifetime (sec): 28762
IV size: 8 bytes
replay detection
support: Y
Anti replay bitmap:
0x00000000
0x00000001
ciscoasa#

温馨提示：答案为网友推荐，仅供参考

当前网址：http://55.wendadaohang.com/zd/Q8Gc4GGF4.html