: Saved:ASA Version 9.0(2) !xlate per-session deny tcp any4 any4xlate

1. : Saved
2. :
3. ASA Version 9.0(2)
4. !
5. xlate per-session deny tcp any4 any4
6. xlate per-session deny tcp any4 any6
7. xlate per-session deny tcp any6 any4
8. xlate per-session deny tcp any6 any6
9. xlate per-session deny udp any4 any4 eq domain
10. xlate per-session deny udp any4 any6 eq domain
11. xlate per-session deny udp any6 any4 eq domain
12. xlate per-session deny udp any6 any6 eq domain
13. names
14. !
15. interface Ethernet0/0
16. nameif outside
17. security-level 0
18. ip address 1.53.48.69 255.255.255.0
19. !
20. interface Ethernet0/1
21. nameif inside
22. security-level 100
23. ip address 10.1.1.10 255.255.255.0
24. !
25. interface Ethernet0/2
26. shutdown
27. no nameif
28. no security-level
29. no ip address
30. !
31. interface Ethernet0/3
32. shutdown
33. no nameif
34. no security-level
35. no ip address
36. !
37. interface Management0/0
38. management-only
39. nameif management
40. security-level 100
41. ip address 192.168.111.1 255.255.255.0
42. !
43. boot system disk0:/asa902-k8.bin
44. ftp mode passive
45. clock timezone EST -5
46. clock summer-time EDT recurring
47. dns server-group DefaultDNS
48. domain-name usa.com
49. object network obj_any
50. subnet 0.0.0.0 0.0.0.0
51. object network NETWORK_OBJ_10.1.0.0_22
52. subnet 10.1.0.0 255.255.252.0
53. object service RDP
54. service tcp destination eq 3389
55. object network test-server2
56. host 10.1.1.238
57. object network secondary_outside
58. host 1.53.48.70
59. description secondary IP
60. object network FTP_in
61. host 10.1.1.21
62. description FTP server
63. object network SMTP_in
64. host 10.1.1.19
65. description SMTP to SPAM
66. object network primary_outside
67. host 1.53.48.69
68. object network RDPGW
69. host 10.1.1.18
70. description RDPGW
71. object network Intranet
72. host 10.1.1.21
73. description Intranet
74. object network Spam_http
75. host 10.1.1.19
76. description Access to spam
77. object network test-rdp
78. host 10.1.1.238
79. object service www
80. service tcp destination eq www
81. object network RDP_GW
82. host 10.1.1.18
83. description RDP Gateway
84. object network NETWORK_OBJ_10.1.1.0_24
85. subnet 10.1.1.0 255.255.255.0
86. object network NETWORK_OBJ_192.168.2.0_24
87. subnet 192.168.2.0 255.255.255.0
88. object network NETWORK_OBJ_192.168.1.0_24
89. subnet 192.168.1.0 255.255.255.0
90. object network AEI-PROXY2
91. host 10.1.1.21
92. access-list outside_access_in extended permit ip any object Spam_http
93. access-list outside_access_in extended permit ip any4 any4
94. access-list inside_access_in extended permit ip any4 any4
95. access-list outside_cryptomap_1 extended permit ip 10.1.1.0 255.255.255.0 192.168.1.0 255.255.255.0
96. access-list outside_cryptomap_2 extended permit ip 10.1.1.0 255.255.255.0 192.168.2.0 255.255.255.0
97. pager lines 24
98. logging asdm informational
99. mtu outside 1500
100. mtu inside 1500
101. mtu management 1500
102. no failover
103. icmp unreachable rate-limit 1 burst-size 1
104. asdm image disk0:/asdm-712.bin
105. no asdm history enable
106. arp timeout 14400
107. no arp permit-nonconnected
108. nat (inside,outside) source static NETWORK_OBJ_10.1.1.0_24 NETWORK_OBJ_10.1.1.0_24 destination static NETWORK_OBJ_192.168.2.0_24 NETWORK_OBJ_192.168.2.0_24 no-proxy-arp
109. nat (inside,outside) source static NETWORK_OBJ_10.1.1.0_24 NETWORK_OBJ_10.1.1.0_24 destination static NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_192.168.1.0_24 no-proxy-arp
110. !
111. object network obj_any
112. nat (inside,outside) dynamic interface
113. object network FTP_in
114. nat (inside,outside) static interface service tcp ftp ftp
115. object network SMTP_in
116. nat (inside,outside) static interface service tcp smtp smtp
117. object network Intranet
118. nat (inside,outside) static interface service tcp www www
119. object network Spam_http
120. nat (inside,outside) static 1.53.48.68 service tcp www www
121. object network test-rdp
122. nat (inside,outside) static interface service tcp 3389 3389
123. object network RDP_GW
124. nat (inside,outside) static 1.53.48.68 service tcp https https
125. access-group outside_access_in in interface outside
126. access-group inside_access_in in interface inside
127. route outside 0.0.0.0 0.0.0.0 1.53.48.1 1
128. timeout xlate 3:00:00
129. timeout pat-xlate 0:00:30
130. timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
131. timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
132. timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
133. timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
134. timeout tcp-proxy-reassembly 0:01:00
135. timeout floating-conn 0:00:00
136. dynamic-access-policy-record DfltAccessPolicy
137. user-identity default-domain LOCAL
138. aaa authentication ssh console LOCAL
139. aaa authorization command LOCAL
140. http server enable
141. http 192.168.111.0 255.255.255.0 management
142. no snmp-server location
143. no snmp-server contact
144. snmp-server enable traps snmp authentication linkup linkdown coldstart
145. crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
146. crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
147. crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
148. crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
149. crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
150. crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
151. crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
152. crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
153. crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
154. crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac
155. crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport
156. crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac
157. crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transport
158. crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
159. crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport
160. crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac
161. crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transport
162. crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
163. crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport
164. crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac
165. crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transport
166. crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
167. crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport
168. crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac
169. crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transport
170. crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac
171. crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport
172. crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac
173. crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transport
174. crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
175. crypto ipsec ikev2 ipsec-proposal DES
176. protocol esp encryption des
177. protocol esp integrity sha-1 md5
178. crypto ipsec ikev2 ipsec-proposal 3DES
179. protocol esp encryption 3des
180. protocol esp integrity sha-1 md5
181. crypto ipsec ikev2 ipsec-proposal AES
182. protocol esp encryption aes
183. protocol esp integrity sha-1 md5
184. crypto ipsec ikev2 ipsec-proposal AES192
185. protocol esp encryption aes-192
186. protocol esp integrity sha-1 md5
187. crypto ipsec ikev2 ipsec-proposal AES256
188. protocol esp encryption aes-256
189. protocol esp integrity sha-1 md5
190. crypto ipsec security-association pmtu-aging infinite
191. crypto dynamic-map VPN 1 set ikev1 transform-set ESP-3DES-SHA
192. crypto map VPN 2 match address outside_cryptomap_1
193. crypto map VPN 2 set peer 2.195.73.18
194. crypto map VPN 2 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
195. crypto map VPN 3 match address outside_cryptomap_2
196. crypto map VPN 3 set peer 3.169.145.220
197. crypto map VPN 3 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
198. crypto map VPN 65535 ipsec-isakmp dynamic VPN
199. crypto map VPN interface outside
200. crypto ca trustpool policy
201. crypto ikev2 policy 1
202. encryption aes-256
203. integrity sha
204. group 5 2
205. prf sha
206. lifetime seconds 86400
207. crypto ikev2 policy 10
208. encryption aes-192
209. integrity sha
210. group 5 2
211. prf sha
212. lifetime seconds 86400
213. crypto ikev2 policy 20
214. encryption aes
215. integrity sha
216. group 5 2
217. prf sha
218. lifetime seconds 86400
219. crypto ikev2 policy 30
220. encryption 3des
221. integrity sha
222. group 5 2
223. prf sha
224. lifetime seconds 86400
225. crypto ikev2 policy 40
226. encryption des
227. integrity sha
228. group 5 2
229. prf sha
230. lifetime seconds 86400
231. crypto ikev1 enable outside
232. crypto ikev1 policy 1
233. authentication pre-share
234. encryption 3des
235. hash sha
236. group 2
237. lifetime 86400
238. crypto ikev1 policy 10
239. authentication crack
240. encryption aes-256
241. hash sha
242. group 2
243. lifetime 86400
244. crypto ikev1 policy 20
245. authentication rsa-sig
246. encryption aes-256
247. hash sha
248. group 2
249. lifetime 86400
250. crypto ikev1 policy 30
251. authentication pre-share
252. encryption aes-256
253. hash sha
254. group 2
255. lifetime 86400
256. crypto ikev1 policy 40
257. authentication crack
258. encryption aes-192
259. hash sha
260. group 2
261. lifetime 86400
262. crypto ikev1 policy 50
263. authentication rsa-sig
264. encryption aes-192
265. hash sha
266. group 2
267. lifetime 86400
268. crypto ikev1 policy 60
269. authentication pre-share
270. encryption aes-192
271. hash sha
272. group 2
273. lifetime 86400
274. crypto ikev1 policy 70
275. authentication crack
276. encryption aes
277. hash sha
278. group 2
279. lifetime 86400
280. crypto ikev1 policy 80
281. authentication rsa-sig
282. encryption aes
283. hash sha
284. group 2
285. lifetime 86400
286. crypto ikev1 policy 90
287. authentication pre-share
288. encryption aes
289. hash sha
290. group 2
291. lifetime 86400
292. crypto ikev1 policy 100
293. authentication crack
294. encryption 3des
295. hash sha
296. group 2
297. lifetime 86400
298. crypto ikev1 policy 110
299. authentication rsa-sig
300. encryption 3des
301. hash sha
302. group 2
303. lifetime 86400
304. crypto ikev1 policy 130
305. authentication crack
306. encryption des
307. hash sha
308. group 2
309. lifetime 86400
310. crypto ikev1 policy 140
311. authentication rsa-sig
312. encryption des
313. hash sha
314. group 2
315. lifetime 86400
316. crypto ikev1 policy 150
317. authentication pre-share
318. encryption des
319. hash sha
320. group 2
321. lifetime 86400
322. telnet timeout 5
323. ssh 0.0.0.0 0.0.0.0 outside
324. ssh 10.1.1.0 255.255.255.0 inside
325. ssh timeout 30
326. console timeout 0
327. no threat-detection basic-threat
328. threat-detection statistics access-list
329. no threat-detection statistics tcp-intercept
330. ntp server 24.93.40.100 source outside
331. group-policy DfltGrpPolicy attributes
332. vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-clientless
333. group-policy GroupPolicy_2.195.73.18 internal
334. group-policy GroupPolicy_2.195.73.18 attributes
335. vpn-filter value outside_cryptomap_1
336. vpn-tunnel-protocol ikev1
337. group-policy GroupPolicy_3.169.145.220 internal
338. group-policy GroupPolicy_3.169.145.220 attributes
339. vpn-tunnel-protocol ikev1
340. tunnel-group DefaultL2LGroup ipsec-attributes
341. ikev1 pre-shared-key *****
342. peer-id-validate nocheck
343. tunnel-group 2.195.73.18 type ipsec-l2l
344. tunnel-group 2.195.73.18 general-attributes
345. default-group-policy GroupPolicy_50.195.73.18
346. tunnel-group 2.195.73.18 ipsec-attributes
347. ikev1 pre-shared-key *****
348. tunnel-group 3.169.145.220 type ipsec-l2l
349. tunnel-group 3.169.145.220 general-attributes
350. default-group-policy GroupPolicy_50.195.73.18
351. tunnel-group 3.169.145.220 ipsec-attributes
352. ikev1 pre-shared-key *****
353. !
354. class-map inspection_default
355. match default-inspection-traffic
356. !
357. !
358. policy-map type inspect dns preset_dns_map
359. parameters
360. message-length maximum client auto
361. message-length maximum 512
362. policy-map global_policy
363. class inspection_default
364. inspect dns preset_dns_map
365. inspect ftp
366. inspect h323 h225
367. inspect h323 ras
368. inspect rsh
369. inspect rtsp
370. inspect esmtp
371. inspect sqlnet
372. inspect skinny
373. inspect sunrpc
374. inspect xdmcp
375. inspect sip
376. inspect netbios
377. inspect tftp
378. inspect ip-options
379. !
380. service-policy global_policy global
381. privilege cmd level 3 mode exec command perfmon
382. privilege cmd level 5 mode exec command dir
383. privilege cmd level 3 mode exec command ping
384. privilege cmd level 3 mode exec command who
385. privilege cmd level 3 mode exec command logging
386. privilege cmd level 3 mode exec command failover
387. privilege cmd level 3 mode exec command vpn-sessiondb
388. privilege cmd level 3 mode exec command packet-tracer
389. privilege cmd level 5 mode exec command export
390. privilege show level 5 mode exec command import
391. privilege show level 5 mode exec command running-config
392. privilege show level 3 mode exec command reload
393. privilege show level 3 mode exec command mode
394. privilege show level 3 mode exec command firewall
395. privilege show level 3 mode exec command asp
396. privilege show level 3 mode exec command cpu
397. privilege show level 3 mode exec command interface
398. privilege show level 3 mode exec command clock
399. privilege show level 3 mode exec command dns-hosts
400. privilege show level 3 mode exec command access-list
401. privilege show level 3 mode exec command logging
402. privilege show level 3 mode exec command vlan
403. privilege show level 3 mode exec command ip
404. privilege show level 3 mode exec command failover
405. privilege show level 3 mode exec command asdm
406. privilege show level 3 mode exec command arp
407. privilege show level 3 mode exec command ipv6
408. privilege show level 3 mode exec command route
409. privilege show level 3 mode exec command ospf
410. privilege show level 3 mode exec command aaa-server
411. privilege show level 3 mode exec command aaa
412. privilege show level 3 mode exec command eigrp
413. privilege show level 3 mode exec command crypto
414. privilege show level 3 mode exec command ssh
415. privilege show level 3 mode exec command vpn-sessiondb
416. privilege show level 3 mode exec command vpn
417. privilege show level 3 mode exec command dhcpd
418. privilege show level 3 mode exec command blocks
419. privilege show level 3 mode exec command wccp
420. privilege show level 3 mode exec command dynamic-filter
421. privilege show level 3 mode exec command webvpn
422. privilege show level 3 mode exec command service-policy
423. privilege show level 3 mode exec command module
424. privilege show level 3 mode exec command uauth
425. privilege show level 3 mode exec command compression
426. privilege show level 3 mode configure command interface
427. privilege show level 3 mode configure command clock
428. privilege show level 3 mode configure command access-list
429. privilege show level 3 mode configure command logging
430. privilege show level 3 mode configure command ip
431. privilege show level 3 mode configure command failover
432. privilege show level 5 mode configure command asdm
433. privilege show level 3 mode configure command arp
434. privilege show level 3 mode configure command route
435. privilege show level 3 mode configure command aaa-server
436. privilege show level 3 mode configure command aaa
437. privilege show level 3 mode configure command crypto
438. privilege show level 3 mode configure command ssh
439. privilege show level 3 mode configure command dhcpd
440. privilege show level 5 mode configure command privilege
441. privilege clear level 3 mode exec command dns-hosts
442. privilege clear level 3 mode exec command logging
443. privilege clear level 3 mode exec command arp
444. privilege clear level 3 mode exec command aaa-server
445. privilege clear level 3 mode exec command crypto
446. privilege clear level 3 mode exec command dynamic-filter
447. privilege cmd level 3 mode configure command failover
448. privilege clear level 3 mode configure command logging
449. privilege clear level 3 mode configure command arp
450. privilege clear level 3 mode configure command crypto
451. privilege clear level 3 mode configure command aaa-server
452. prompt hostname context
453. no call-home reporting anonymous
454. Cryptochecksum:1a034f9e851aa8cd19e0083486835dca
455. : end
456. asdm image disk0:/asdm-712.bin
457. no asdm history enable