Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- : Saved
- :
- ASA Version 9.0(2)
- !
- xlate per-session deny tcp any4 any4
- xlate per-session deny tcp any4 any6
- xlate per-session deny tcp any6 any4
- xlate per-session deny tcp any6 any6
- xlate per-session deny udp any4 any4 eq domain
- xlate per-session deny udp any4 any6 eq domain
- xlate per-session deny udp any6 any4 eq domain
- xlate per-session deny udp any6 any6 eq domain
- names
- !
- interface Ethernet0/0
- nameif outside
- security-level 0
- ip address 1.53.48.69 255.255.255.0
- !
- interface Ethernet0/1
- nameif inside
- security-level 100
- ip address 10.1.1.10 255.255.255.0
- !
- interface Ethernet0/2
- shutdown
- no nameif
- no security-level
- no ip address
- !
- interface Ethernet0/3
- shutdown
- no nameif
- no security-level
- no ip address
- !
- interface Management0/0
- management-only
- nameif management
- security-level 100
- ip address 192.168.111.1 255.255.255.0
- !
- boot system disk0:/asa902-k8.bin
- ftp mode passive
- clock timezone EST -5
- clock summer-time EDT recurring
- dns server-group DefaultDNS
- domain-name usa.com
- object network obj_any
- subnet 0.0.0.0 0.0.0.0
- object network NETWORK_OBJ_10.1.0.0_22
- subnet 10.1.0.0 255.255.252.0
- object service RDP
- service tcp destination eq 3389
- object network test-server2
- host 10.1.1.238
- object network secondary_outside
- host 1.53.48.70
- description secondary IP
- object network FTP_in
- host 10.1.1.21
- description FTP server
- object network SMTP_in
- host 10.1.1.19
- description SMTP to SPAM
- object network primary_outside
- host 1.53.48.69
- object network RDPGW
- host 10.1.1.18
- description RDPGW
- object network Intranet
- host 10.1.1.21
- description Intranet
- object network Spam_http
- host 10.1.1.19
- description Access to spam
- object network test-rdp
- host 10.1.1.238
- object service www
- service tcp destination eq www
- object network RDP_GW
- host 10.1.1.18
- description RDP Gateway
- object network NETWORK_OBJ_10.1.1.0_24
- subnet 10.1.1.0 255.255.255.0
- object network NETWORK_OBJ_192.168.2.0_24
- subnet 192.168.2.0 255.255.255.0
- object network NETWORK_OBJ_192.168.1.0_24
- subnet 192.168.1.0 255.255.255.0
- object network AEI-PROXY2
- host 10.1.1.21
- access-list outside_access_in extended permit ip any object Spam_http
- access-list outside_access_in extended permit ip any4 any4
- access-list inside_access_in extended permit ip any4 any4
- access-list outside_cryptomap_1 extended permit ip 10.1.1.0 255.255.255.0 192.168.1.0 255.255.255.0
- access-list outside_cryptomap_2 extended permit ip 10.1.1.0 255.255.255.0 192.168.2.0 255.255.255.0
- pager lines 24
- logging asdm informational
- mtu outside 1500
- mtu inside 1500
- mtu management 1500
- no failover
- icmp unreachable rate-limit 1 burst-size 1
- asdm image disk0:/asdm-712.bin
- no asdm history enable
- arp timeout 14400
- no arp permit-nonconnected
- nat (inside,outside) source static NETWORK_OBJ_10.1.1.0_24 NETWORK_OBJ_10.1.1.0_24 destination static NETWORK_OBJ_192.168.2.0_24 NETWORK_OBJ_192.168.2.0_24 no-proxy-arp
- nat (inside,outside) source static NETWORK_OBJ_10.1.1.0_24 NETWORK_OBJ_10.1.1.0_24 destination static NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_192.168.1.0_24 no-proxy-arp
- !
- object network obj_any
- nat (inside,outside) dynamic interface
- object network FTP_in
- nat (inside,outside) static interface service tcp ftp ftp
- object network SMTP_in
- nat (inside,outside) static interface service tcp smtp smtp
- object network Intranet
- nat (inside,outside) static interface service tcp www www
- object network Spam_http
- nat (inside,outside) static 1.53.48.68 service tcp www www
- object network test-rdp
- nat (inside,outside) static interface service tcp 3389 3389
- object network RDP_GW
- nat (inside,outside) static 1.53.48.68 service tcp https https
- access-group outside_access_in in interface outside
- access-group inside_access_in in interface inside
- route outside 0.0.0.0 0.0.0.0 1.53.48.1 1
- timeout xlate 3:00:00
- timeout pat-xlate 0:00:30
- timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
- timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
- timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
- timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
- timeout tcp-proxy-reassembly 0:01:00
- timeout floating-conn 0:00:00
- dynamic-access-policy-record DfltAccessPolicy
- user-identity default-domain LOCAL
- aaa authentication ssh console LOCAL
- aaa authorization command LOCAL
- http server enable
- http 192.168.111.0 255.255.255.0 management
- no snmp-server location
- no snmp-server contact
- snmp-server enable traps snmp authentication linkup linkdown coldstart
- crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
- crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
- crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
- crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
- crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
- crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
- crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
- crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
- crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
- crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac
- crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport
- crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac
- crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transport
- crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
- crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport
- crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac
- crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transport
- crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
- crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport
- crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac
- crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transport
- crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
- crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport
- crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac
- crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transport
- crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac
- crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport
- crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac
- crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transport
- crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
- crypto ipsec ikev2 ipsec-proposal DES
- protocol esp encryption des
- protocol esp integrity sha-1 md5
- crypto ipsec ikev2 ipsec-proposal 3DES
- protocol esp encryption 3des
- protocol esp integrity sha-1 md5
- crypto ipsec ikev2 ipsec-proposal AES
- protocol esp encryption aes
- protocol esp integrity sha-1 md5
- crypto ipsec ikev2 ipsec-proposal AES192
- protocol esp encryption aes-192
- protocol esp integrity sha-1 md5
- crypto ipsec ikev2 ipsec-proposal AES256
- protocol esp encryption aes-256
- protocol esp integrity sha-1 md5
- crypto ipsec security-association pmtu-aging infinite
- crypto dynamic-map VPN 1 set ikev1 transform-set ESP-3DES-SHA
- crypto map VPN 2 match address outside_cryptomap_1
- crypto map VPN 2 set peer 2.195.73.18
- crypto map VPN 2 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
- crypto map VPN 3 match address outside_cryptomap_2
- crypto map VPN 3 set peer 3.169.145.220
- crypto map VPN 3 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
- crypto map VPN 65535 ipsec-isakmp dynamic VPN
- crypto map VPN interface outside
- crypto ca trustpool policy
- crypto ikev2 policy 1
- encryption aes-256
- integrity sha
- group 5 2
- prf sha
- lifetime seconds 86400
- crypto ikev2 policy 10
- encryption aes-192
- integrity sha
- group 5 2
- prf sha
- lifetime seconds 86400
- crypto ikev2 policy 20
- encryption aes
- integrity sha
- group 5 2
- prf sha
- lifetime seconds 86400
- crypto ikev2 policy 30
- encryption 3des
- integrity sha
- group 5 2
- prf sha
- lifetime seconds 86400
- crypto ikev2 policy 40
- encryption des
- integrity sha
- group 5 2
- prf sha
- lifetime seconds 86400
- crypto ikev1 enable outside
- crypto ikev1 policy 1
- authentication pre-share
- encryption 3des
- hash sha
- group 2
- lifetime 86400
- crypto ikev1 policy 10
- authentication crack
- encryption aes-256
- hash sha
- group 2
- lifetime 86400
- crypto ikev1 policy 20
- authentication rsa-sig
- encryption aes-256
- hash sha
- group 2
- lifetime 86400
- crypto ikev1 policy 30
- authentication pre-share
- encryption aes-256
- hash sha
- group 2
- lifetime 86400
- crypto ikev1 policy 40
- authentication crack
- encryption aes-192
- hash sha
- group 2
- lifetime 86400
- crypto ikev1 policy 50
- authentication rsa-sig
- encryption aes-192
- hash sha
- group 2
- lifetime 86400
- crypto ikev1 policy 60
- authentication pre-share
- encryption aes-192
- hash sha
- group 2
- lifetime 86400
- crypto ikev1 policy 70
- authentication crack
- encryption aes
- hash sha
- group 2
- lifetime 86400
- crypto ikev1 policy 80
- authentication rsa-sig
- encryption aes
- hash sha
- group 2
- lifetime 86400
- crypto ikev1 policy 90
- authentication pre-share
- encryption aes
- hash sha
- group 2
- lifetime 86400
- crypto ikev1 policy 100
- authentication crack
- encryption 3des
- hash sha
- group 2
- lifetime 86400
- crypto ikev1 policy 110
- authentication rsa-sig
- encryption 3des
- hash sha
- group 2
- lifetime 86400
- crypto ikev1 policy 130
- authentication crack
- encryption des
- hash sha
- group 2
- lifetime 86400
- crypto ikev1 policy 140
- authentication rsa-sig
- encryption des
- hash sha
- group 2
- lifetime 86400
- crypto ikev1 policy 150
- authentication pre-share
- encryption des
- hash sha
- group 2
- lifetime 86400
- telnet timeout 5
- ssh 0.0.0.0 0.0.0.0 outside
- ssh 10.1.1.0 255.255.255.0 inside
- ssh timeout 30
- console timeout 0
- no threat-detection basic-threat
- threat-detection statistics access-list
- no threat-detection statistics tcp-intercept
- ntp server 24.93.40.100 source outside
- group-policy DfltGrpPolicy attributes
- vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-clientless
- group-policy GroupPolicy_2.195.73.18 internal
- group-policy GroupPolicy_2.195.73.18 attributes
- vpn-filter value outside_cryptomap_1
- vpn-tunnel-protocol ikev1
- group-policy GroupPolicy_3.169.145.220 internal
- group-policy GroupPolicy_3.169.145.220 attributes
- vpn-tunnel-protocol ikev1
- tunnel-group DefaultL2LGroup ipsec-attributes
- ikev1 pre-shared-key *****
- peer-id-validate nocheck
- tunnel-group 2.195.73.18 type ipsec-l2l
- tunnel-group 2.195.73.18 general-attributes
- default-group-policy GroupPolicy_50.195.73.18
- tunnel-group 2.195.73.18 ipsec-attributes
- ikev1 pre-shared-key *****
- tunnel-group 3.169.145.220 type ipsec-l2l
- tunnel-group 3.169.145.220 general-attributes
- default-group-policy GroupPolicy_50.195.73.18
- tunnel-group 3.169.145.220 ipsec-attributes
- ikev1 pre-shared-key *****
- !
- class-map inspection_default
- match default-inspection-traffic
- !
- !
- policy-map type inspect dns preset_dns_map
- parameters
- message-length maximum client auto
- message-length maximum 512
- policy-map global_policy
- class inspection_default
- inspect dns preset_dns_map
- inspect ftp
- inspect h323 h225
- inspect h323 ras
- inspect rsh
- inspect rtsp
- inspect esmtp
- inspect sqlnet
- inspect skinny
- inspect sunrpc
- inspect xdmcp
- inspect sip
- inspect netbios
- inspect tftp
- inspect ip-options
- !
- service-policy global_policy global
- privilege cmd level 3 mode exec command perfmon
- privilege cmd level 5 mode exec command dir
- privilege cmd level 3 mode exec command ping
- privilege cmd level 3 mode exec command who
- privilege cmd level 3 mode exec command logging
- privilege cmd level 3 mode exec command failover
- privilege cmd level 3 mode exec command vpn-sessiondb
- privilege cmd level 3 mode exec command packet-tracer
- privilege cmd level 5 mode exec command export
- privilege show level 5 mode exec command import
- privilege show level 5 mode exec command running-config
- privilege show level 3 mode exec command reload
- privilege show level 3 mode exec command mode
- privilege show level 3 mode exec command firewall
- privilege show level 3 mode exec command asp
- privilege show level 3 mode exec command cpu
- privilege show level 3 mode exec command interface
- privilege show level 3 mode exec command clock
- privilege show level 3 mode exec command dns-hosts
- privilege show level 3 mode exec command access-list
- privilege show level 3 mode exec command logging
- privilege show level 3 mode exec command vlan
- privilege show level 3 mode exec command ip
- privilege show level 3 mode exec command failover
- privilege show level 3 mode exec command asdm
- privilege show level 3 mode exec command arp
- privilege show level 3 mode exec command ipv6
- privilege show level 3 mode exec command route
- privilege show level 3 mode exec command ospf
- privilege show level 3 mode exec command aaa-server
- privilege show level 3 mode exec command aaa
- privilege show level 3 mode exec command eigrp
- privilege show level 3 mode exec command crypto
- privilege show level 3 mode exec command ssh
- privilege show level 3 mode exec command vpn-sessiondb
- privilege show level 3 mode exec command vpn
- privilege show level 3 mode exec command dhcpd
- privilege show level 3 mode exec command blocks
- privilege show level 3 mode exec command wccp
- privilege show level 3 mode exec command dynamic-filter
- privilege show level 3 mode exec command webvpn
- privilege show level 3 mode exec command service-policy
- privilege show level 3 mode exec command module
- privilege show level 3 mode exec command uauth
- privilege show level 3 mode exec command compression
- privilege show level 3 mode configure command interface
- privilege show level 3 mode configure command clock
- privilege show level 3 mode configure command access-list
- privilege show level 3 mode configure command logging
- privilege show level 3 mode configure command ip
- privilege show level 3 mode configure command failover
- privilege show level 5 mode configure command asdm
- privilege show level 3 mode configure command arp
- privilege show level 3 mode configure command route
- privilege show level 3 mode configure command aaa-server
- privilege show level 3 mode configure command aaa
- privilege show level 3 mode configure command crypto
- privilege show level 3 mode configure command ssh
- privilege show level 3 mode configure command dhcpd
- privilege show level 5 mode configure command privilege
- privilege clear level 3 mode exec command dns-hosts
- privilege clear level 3 mode exec command logging
- privilege clear level 3 mode exec command arp
- privilege clear level 3 mode exec command aaa-server
- privilege clear level 3 mode exec command crypto
- privilege clear level 3 mode exec command dynamic-filter
- privilege cmd level 3 mode configure command failover
- privilege clear level 3 mode configure command logging
- privilege clear level 3 mode configure command arp
- privilege clear level 3 mode configure command crypto
- privilege clear level 3 mode configure command aaa-server
- prompt hostname context
- no call-home reporting anonymous
- Cryptochecksum:1a034f9e851aa8cd19e0083486835dca
- : end
- asdm image disk0:/asdm-712.bin
- no asdm history enable
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement