Поиск по сайту
Результаты поиска по тегам 'ASA 5525-X'.
Найдено 1 результат
-
Добрый день столкнулся с проблемой при настройке BGP на ASA 5525-x, суть проблемы в том что спустя некоторые время она начинает дропать некоторые сайты к примеру fs.to, gismeteo.ua и перестает грузиться видео на youtube, кто сталкивался с такой проблемой? пример конфига вот: ASA Version 9.5(1) ! hostname RouterBGP domain-name domain.net names ! interface GigabitEthernet0/0 flowcontrol send on nameif prov1 security-level 0 ip address 10.1.10.3 255.255.255.248 ! interface GigabitEthernet0/1 flowcontrol send on nameif prov2 security-level 0 ip address 198.168.20.5 255.255.255.248 ! interface GigabitEthernet0/2 flowcontrol send on nameif dmz security-level 0 ip address 10.11.29.1 255.255.255.0 ! interface GigabitEthernet0/3 flowcontrol send on shutdown no nameif no security-level no ip address ! interface GigabitEthernet0/4 shutdown no nameif no security-level no ip address ! interface GigabitEthernet0/5 shutdown no nameif no security-level no ip address ! interface GigabitEthernet0/6 shutdown no nameif no security-level no ip address ! interface GigabitEthernet0/7 shutdown no nameif no security-level no ip address ! interface Management0/0 management-only nameif management security-level 100 ip address a.b.c.d a.b.c.d ! boot config disk0:/admin.cfg ftp mode passive dns server-group DefaultDNS domain-name domain.net same-security-traffic permit inter-interface pager lines 24 logging enable logging timestamp logging trap warnings logging host management a.b.c.d mtu prov1 1500 mtu prov2 1500 mtu dmz 1500 mtu management 1500 no failover no monitor-interface service-module icmp unreachable rate-limit 1 burst-size 1 no asdm history enable arp timeout 14400 no arp permit-nonconnected ! prefix-list Anons seq 5 permit 10.11.29.0/24 ! prefix-list default seq 5 permit 0.0.0.0/0 ! bgp-community new-format ! route-map Uran-output permit 100 match ip address prefix-list Anons ! route-map Ukrcom-output permit 100 match ip address prefix-list Anons set as-path prepend 197000 197000 197000 197000 197000 set community 21000:20005 21000:30005 21000:40005 ! route-map Default permit 100 match ip address prefix-list default ! router bgp 197000 bgp log-neighbor-changes bgp bestpath compare-routerid no bgp enforce-first-as bgp router-id 10.11.29.1 address-family ipv4 unicast neighbor 198.168.20.6 remote-as 21000 neighbor 198.168.20.6 description Ukrcom neighbor 198.168.20.6 activate neighbor 198.168.20.6 send-community neighbor 198.168.20.6 next-hop-self neighbor 198.168.20.6 weight 200 neighbor 198.168.20.6 route-map Default in neighbor 198.168.20.6 route-map Ukrcom-output out neighbor 10.1.10.2 remote-as 12000 neighbor 10.1.10.2 description Uran neighbor 10.1.10.2 activate neighbor 10.1.10.2 next-hop-self neighbor 10.1.10.2 weight 500 neighbor 10.1.10.2 route-map Default in neighbor 10.1.10.2 route-map Uran-output out network 10.11.29.0 no auto-summary no synchronization exit-address-family ! route prov1 0.0.0.0 0.0.0.0 10.1.10.2 1 route prov2 0.0.0.0 0.0.0.0 198.168.20.6 2 timeout xlate 3:00:00 timeout pat-xlate 0:00:30 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 user-identity default-domain LOCAL aaa authentication ssh console LOCAL snmp-server group cactus v3 auth snmp-server host management a.b.c.d community ***** udp-port 161 no snmp-server location no snmp-server contact crypto ipsec security-association pmtu-aging infinite crypto ca trustpool policy telnet timeout 5 ssh stricthostkeycheck ssh a.b.c.d a.b.c.d management ssh timeout 5 ssh key-exchange group dh-group1-sha1 console timeout 0 threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept ntp server a.b.c.d source management dynamic-access-policy-record DfltAccessPolicy ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns migrated_dns_map_1 parameters message-length maximum client auto message-length maximum 512 policy-map global_policy class inspection_default inspect dns migrated_dns_map_1 inspect ftp inspect h323 h225 inspect h323 ras inspect ip-options inspect netbios inspect rsh inspect rtsp inspect skinny inspect esmtp inspect sqlnet inspect sunrpc inspect tftp inspect sip inspect xdmcp inspect icmp inspect icmp error inspect http ! prompt hostname context no call-home reporting anonymou
