Want more features on Pastebin? Sign Up, it's FREE!
Guest

Untitled

By: a guest on Mar 25th, 2013  |  syntax: None  |  size: 15.52 KB  |  views: 273  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. : Saved
  2. :
  3. ASA Version 9.0(2)
  4. !
  5. xlate per-session deny tcp any4 any4
  6. xlate per-session deny tcp any4 any6
  7. xlate per-session deny tcp any6 any4
  8. xlate per-session deny tcp any6 any6
  9. xlate per-session deny udp any4 any4 eq domain
  10. xlate per-session deny udp any4 any6 eq domain
  11. xlate per-session deny udp any6 any4 eq domain
  12. xlate per-session deny udp any6 any6 eq domain
  13. names
  14. !
  15. interface Ethernet0/0
  16.  nameif outside
  17.  security-level 0
  18.  ip address 1.53.48.69 255.255.255.0
  19. !
  20. interface Ethernet0/1
  21.  nameif inside
  22.  security-level 100
  23.  ip address 10.1.1.10 255.255.255.0
  24. !
  25. interface Ethernet0/2
  26.  shutdown
  27.  no nameif
  28.  no security-level
  29.  no ip address
  30. !
  31. interface Ethernet0/3
  32.  shutdown
  33.  no nameif
  34.  no security-level
  35.  no ip address
  36. !
  37. interface Management0/0
  38.  management-only
  39.  nameif management
  40.  security-level 100
  41.  ip address 192.168.111.1 255.255.255.0
  42. !
  43. boot system disk0:/asa902-k8.bin
  44. ftp mode passive
  45. clock timezone EST -5
  46. clock summer-time EDT recurring
  47. dns server-group DefaultDNS
  48.  domain-name usa.com
  49. object network obj_any
  50.  subnet 0.0.0.0 0.0.0.0
  51. object network NETWORK_OBJ_10.1.0.0_22
  52.  subnet 10.1.0.0 255.255.252.0
  53. object service RDP
  54.  service tcp destination eq 3389
  55. object network test-server2
  56.  host 10.1.1.238
  57. object network secondary_outside
  58.  host 1.53.48.70
  59.  description secondary IP
  60. object network FTP_in
  61.  host 10.1.1.21
  62.  description FTP server
  63. object network SMTP_in
  64.  host 10.1.1.19
  65.  description SMTP to SPAM
  66. object network primary_outside
  67.  host 1.53.48.69
  68. object network RDPGW
  69.  host 10.1.1.18
  70.  description RDPGW
  71. object network Intranet
  72.  host 10.1.1.21
  73.  description Intranet
  74. object network Spam_http
  75.  host 10.1.1.19
  76.  description Access to spam
  77. object network test-rdp
  78.  host 10.1.1.238
  79. object service www
  80.  service tcp destination eq www
  81. object network RDP_GW
  82.  host 10.1.1.18
  83.  description RDP Gateway
  84. object network NETWORK_OBJ_10.1.1.0_24
  85.  subnet 10.1.1.0 255.255.255.0
  86. object network NETWORK_OBJ_192.168.2.0_24
  87.  subnet 192.168.2.0 255.255.255.0
  88. object network NETWORK_OBJ_192.168.1.0_24
  89.  subnet 192.168.1.0 255.255.255.0
  90. object network AEI-PROXY2
  91.  host 10.1.1.21
  92. access-list outside_access_in extended permit ip any object Spam_http
  93. access-list outside_access_in extended permit ip any4 any4
  94. access-list inside_access_in extended permit ip any4 any4
  95. access-list outside_cryptomap_1 extended permit ip 10.1.1.0 255.255.255.0 192.168.1.0 255.255.255.0
  96. access-list outside_cryptomap_2 extended permit ip 10.1.1.0 255.255.255.0 192.168.2.0 255.255.255.0
  97. pager lines 24
  98. logging asdm informational
  99. mtu outside 1500
  100. mtu inside 1500
  101. mtu management 1500
  102. no failover
  103. icmp unreachable rate-limit 1 burst-size 1
  104. asdm image disk0:/asdm-712.bin
  105. no asdm history enable
  106. arp timeout 14400
  107. no arp permit-nonconnected
  108. nat (inside,outside) source static NETWORK_OBJ_10.1.1.0_24 NETWORK_OBJ_10.1.1.0_24 destination static NETWORK_OBJ_192.168.2.0_24 NETWORK_OBJ_192.168.2.0_24 no-proxy-arp
  109. nat (inside,outside) source static NETWORK_OBJ_10.1.1.0_24 NETWORK_OBJ_10.1.1.0_24 destination static NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_192.168.1.0_24 no-proxy-arp
  110. !
  111. object network obj_any
  112.  nat (inside,outside) dynamic interface
  113. object network FTP_in
  114.  nat (inside,outside) static interface service tcp ftp ftp
  115. object network SMTP_in
  116.  nat (inside,outside) static interface service tcp smtp smtp
  117. object network Intranet
  118.  nat (inside,outside) static interface service tcp www www
  119. object network Spam_http
  120.  nat (inside,outside) static 1.53.48.68 service tcp www www
  121. object network test-rdp
  122.  nat (inside,outside) static interface service tcp 3389 3389
  123. object network RDP_GW
  124.  nat (inside,outside) static 1.53.48.68 service tcp https https
  125. access-group outside_access_in in interface outside
  126. access-group inside_access_in in interface inside
  127. route outside 0.0.0.0 0.0.0.0 1.53.48.1 1
  128. timeout xlate 3:00:00
  129. timeout pat-xlate 0:00:30
  130. timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  131. timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  132. timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  133. timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  134. timeout tcp-proxy-reassembly 0:01:00
  135. timeout floating-conn 0:00:00
  136. dynamic-access-policy-record DfltAccessPolicy
  137. user-identity default-domain LOCAL
  138. aaa authentication ssh console LOCAL
  139. aaa authorization command LOCAL
  140. http server enable
  141. http 192.168.111.0 255.255.255.0 management
  142. no snmp-server location
  143. no snmp-server contact
  144. snmp-server enable traps snmp authentication linkup linkdown coldstart
  145. crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
  146. crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
  147. crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
  148. crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
  149. crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
  150. crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
  151. crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
  152. crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
  153. crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
  154. crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac
  155. crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport
  156. crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac
  157. crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transport
  158. crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
  159. crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport
  160. crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac
  161. crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transport
  162. crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
  163. crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport
  164. crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac
  165. crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transport
  166. crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
  167. crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport
  168. crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac
  169. crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transport
  170. crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac
  171. crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport
  172. crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac
  173. crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transport
  174. crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  175. crypto ipsec ikev2 ipsec-proposal DES
  176.  protocol esp encryption des
  177.  protocol esp integrity sha-1 md5
  178. crypto ipsec ikev2 ipsec-proposal 3DES
  179.  protocol esp encryption 3des
  180.  protocol esp integrity sha-1 md5
  181. crypto ipsec ikev2 ipsec-proposal AES
  182.  protocol esp encryption aes
  183.  protocol esp integrity sha-1 md5
  184. crypto ipsec ikev2 ipsec-proposal AES192
  185.  protocol esp encryption aes-192
  186.  protocol esp integrity sha-1 md5
  187. crypto ipsec ikev2 ipsec-proposal AES256
  188.  protocol esp encryption aes-256
  189.  protocol esp integrity sha-1 md5
  190. crypto ipsec security-association pmtu-aging infinite
  191. crypto dynamic-map VPN 1 set ikev1 transform-set ESP-3DES-SHA
  192. crypto map VPN 2 match address outside_cryptomap_1
  193. crypto map VPN 2 set peer 2.195.73.18
  194. crypto map VPN 2 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
  195. crypto map VPN 3 match address outside_cryptomap_2
  196. crypto map VPN 3 set peer 3.169.145.220
  197. crypto map VPN 3 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
  198. crypto map VPN 65535 ipsec-isakmp dynamic VPN
  199. crypto map VPN interface outside
  200. crypto ca trustpool policy
  201. crypto ikev2 policy 1
  202.  encryption aes-256
  203.  integrity sha
  204.  group 5 2
  205.  prf sha
  206.  lifetime seconds 86400
  207. crypto ikev2 policy 10
  208.  encryption aes-192
  209.  integrity sha
  210.  group 5 2
  211.  prf sha
  212.  lifetime seconds 86400
  213. crypto ikev2 policy 20
  214.  encryption aes
  215.  integrity sha
  216.  group 5 2
  217.  prf sha
  218.  lifetime seconds 86400
  219. crypto ikev2 policy 30
  220.  encryption 3des
  221.  integrity sha
  222.  group 5 2
  223.  prf sha
  224.  lifetime seconds 86400
  225. crypto ikev2 policy 40
  226.  encryption des
  227.  integrity sha
  228.  group 5 2
  229.  prf sha
  230.  lifetime seconds 86400
  231. crypto ikev1 enable outside
  232. crypto ikev1 policy 1
  233.  authentication pre-share
  234.  encryption 3des
  235.  hash sha
  236.  group 2
  237.  lifetime 86400
  238. crypto ikev1 policy 10
  239.  authentication crack
  240.  encryption aes-256
  241.  hash sha
  242.  group 2
  243.  lifetime 86400
  244. crypto ikev1 policy 20
  245.  authentication rsa-sig
  246.  encryption aes-256
  247.  hash sha
  248.  group 2
  249.  lifetime 86400
  250. crypto ikev1 policy 30
  251.  authentication pre-share
  252.  encryption aes-256
  253.  hash sha
  254.  group 2
  255.  lifetime 86400
  256. crypto ikev1 policy 40
  257.  authentication crack
  258.  encryption aes-192
  259.  hash sha
  260.  group 2
  261.  lifetime 86400
  262. crypto ikev1 policy 50
  263.  authentication rsa-sig
  264.  encryption aes-192
  265.  hash sha
  266.  group 2
  267.  lifetime 86400
  268. crypto ikev1 policy 60
  269.  authentication pre-share
  270.  encryption aes-192
  271.  hash sha
  272.  group 2
  273.  lifetime 86400
  274. crypto ikev1 policy 70
  275.  authentication crack
  276.  encryption aes
  277.  hash sha
  278.  group 2
  279.  lifetime 86400
  280. crypto ikev1 policy 80
  281.  authentication rsa-sig
  282.  encryption aes
  283.  hash sha
  284.  group 2
  285.  lifetime 86400
  286. crypto ikev1 policy 90
  287.  authentication pre-share
  288.  encryption aes
  289.  hash sha
  290.  group 2
  291.  lifetime 86400
  292. crypto ikev1 policy 100
  293.  authentication crack
  294.  encryption 3des
  295.  hash sha
  296.  group 2
  297.  lifetime 86400
  298. crypto ikev1 policy 110
  299.  authentication rsa-sig
  300.  encryption 3des
  301.  hash sha
  302.  group 2
  303.  lifetime 86400
  304. crypto ikev1 policy 130
  305.  authentication crack
  306.  encryption des
  307.  hash sha
  308.  group 2
  309.  lifetime 86400
  310. crypto ikev1 policy 140
  311.  authentication rsa-sig
  312.  encryption des
  313.  hash sha
  314.  group 2
  315.  lifetime 86400
  316. crypto ikev1 policy 150
  317.  authentication pre-share
  318.  encryption des
  319.  hash sha
  320.  group 2
  321.  lifetime 86400
  322. telnet timeout 5
  323. ssh 0.0.0.0 0.0.0.0 outside
  324. ssh 10.1.1.0 255.255.255.0 inside
  325. ssh timeout 30
  326. console timeout 0
  327. no threat-detection basic-threat
  328. threat-detection statistics access-list
  329. no threat-detection statistics tcp-intercept
  330. ntp server 24.93.40.100 source outside
  331. group-policy DfltGrpPolicy attributes
  332.  vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-clientless
  333. group-policy GroupPolicy_2.195.73.18 internal
  334. group-policy GroupPolicy_2.195.73.18 attributes
  335.  vpn-filter value outside_cryptomap_1
  336.  vpn-tunnel-protocol ikev1
  337. group-policy GroupPolicy_3.169.145.220 internal
  338. group-policy GroupPolicy_3.169.145.220 attributes
  339.  vpn-tunnel-protocol ikev1
  340. tunnel-group DefaultL2LGroup ipsec-attributes
  341.  ikev1 pre-shared-key *****
  342.  peer-id-validate nocheck
  343. tunnel-group 2.195.73.18 type ipsec-l2l
  344. tunnel-group 2.195.73.18 general-attributes
  345.  default-group-policy GroupPolicy_50.195.73.18
  346. tunnel-group 2.195.73.18 ipsec-attributes
  347.  ikev1 pre-shared-key *****
  348. tunnel-group 3.169.145.220 type ipsec-l2l
  349. tunnel-group 3.169.145.220 general-attributes
  350.  default-group-policy GroupPolicy_50.195.73.18
  351. tunnel-group 3.169.145.220 ipsec-attributes
  352.  ikev1 pre-shared-key *****
  353. !
  354. class-map inspection_default
  355.  match default-inspection-traffic
  356. !
  357. !
  358. policy-map type inspect dns preset_dns_map
  359.  parameters
  360.   message-length maximum client auto
  361.   message-length maximum 512
  362. policy-map global_policy
  363.  class inspection_default
  364.   inspect dns preset_dns_map
  365.   inspect ftp
  366.   inspect h323 h225
  367.   inspect h323 ras
  368.   inspect rsh
  369.   inspect rtsp
  370.   inspect esmtp
  371.   inspect sqlnet
  372.   inspect skinny  
  373.   inspect sunrpc
  374.   inspect xdmcp
  375.   inspect sip  
  376.   inspect netbios
  377.   inspect tftp
  378.   inspect ip-options
  379. !
  380. service-policy global_policy global
  381. privilege cmd level 3 mode exec command perfmon
  382. privilege cmd level 5 mode exec command dir
  383. privilege cmd level 3 mode exec command ping
  384. privilege cmd level 3 mode exec command who
  385. privilege cmd level 3 mode exec command logging
  386. privilege cmd level 3 mode exec command failover
  387. privilege cmd level 3 mode exec command vpn-sessiondb
  388. privilege cmd level 3 mode exec command packet-tracer
  389. privilege cmd level 5 mode exec command export
  390. privilege show level 5 mode exec command import
  391. privilege show level 5 mode exec command running-config
  392. privilege show level 3 mode exec command reload
  393. privilege show level 3 mode exec command mode
  394. privilege show level 3 mode exec command firewall
  395. privilege show level 3 mode exec command asp
  396. privilege show level 3 mode exec command cpu
  397. privilege show level 3 mode exec command interface
  398. privilege show level 3 mode exec command clock
  399. privilege show level 3 mode exec command dns-hosts
  400. privilege show level 3 mode exec command access-list
  401. privilege show level 3 mode exec command logging
  402. privilege show level 3 mode exec command vlan
  403. privilege show level 3 mode exec command ip
  404. privilege show level 3 mode exec command failover
  405. privilege show level 3 mode exec command asdm
  406. privilege show level 3 mode exec command arp
  407. privilege show level 3 mode exec command ipv6
  408. privilege show level 3 mode exec command route
  409. privilege show level 3 mode exec command ospf
  410. privilege show level 3 mode exec command aaa-server
  411. privilege show level 3 mode exec command aaa
  412. privilege show level 3 mode exec command eigrp
  413. privilege show level 3 mode exec command crypto
  414. privilege show level 3 mode exec command ssh
  415. privilege show level 3 mode exec command vpn-sessiondb
  416. privilege show level 3 mode exec command vpn
  417. privilege show level 3 mode exec command dhcpd
  418. privilege show level 3 mode exec command blocks
  419. privilege show level 3 mode exec command wccp
  420. privilege show level 3 mode exec command dynamic-filter
  421. privilege show level 3 mode exec command webvpn
  422. privilege show level 3 mode exec command service-policy
  423. privilege show level 3 mode exec command module
  424. privilege show level 3 mode exec command uauth
  425. privilege show level 3 mode exec command compression
  426. privilege show level 3 mode configure command interface
  427. privilege show level 3 mode configure command clock
  428. privilege show level 3 mode configure command access-list
  429. privilege show level 3 mode configure command logging
  430. privilege show level 3 mode configure command ip
  431. privilege show level 3 mode configure command failover
  432. privilege show level 5 mode configure command asdm
  433. privilege show level 3 mode configure command arp
  434. privilege show level 3 mode configure command route
  435. privilege show level 3 mode configure command aaa-server
  436. privilege show level 3 mode configure command aaa
  437. privilege show level 3 mode configure command crypto
  438. privilege show level 3 mode configure command ssh
  439. privilege show level 3 mode configure command dhcpd
  440. privilege show level 5 mode configure command privilege
  441. privilege clear level 3 mode exec command dns-hosts
  442. privilege clear level 3 mode exec command logging
  443. privilege clear level 3 mode exec command arp
  444. privilege clear level 3 mode exec command aaa-server
  445. privilege clear level 3 mode exec command crypto
  446. privilege clear level 3 mode exec command dynamic-filter
  447. privilege cmd level 3 mode configure command failover
  448. privilege clear level 3 mode configure command logging
  449. privilege clear level 3 mode configure command arp
  450. privilege clear level 3 mode configure command crypto
  451. privilege clear level 3 mode configure command aaa-server
  452. prompt hostname context
  453. no call-home reporting anonymous
  454. Cryptochecksum:1a034f9e851aa8cd19e0083486835dca
  455. : end
  456. asdm image disk0:/asdm-712.bin
  457. no asdm history enable
clone this paste RAW Paste Data