CISCO ASA

1. : Saved
2. : Written by enable_15 at 00:37:03 UTC ???? 1 1993
3. : Call-home enabled from prompt by enable_15 at 00:37:03 UTC ???? 1 1993
4. :
5. ASA Version 8.4(2)
6. !
7. hostname CORP-ASA
8. domain-name theccnas.com
9. enable password NeRTTKjVCdf18jre encrypted
10. names
11. !
12. interface Ethernet0/0
13. switchport access vlan 2
14. !
15. interface Ethernet0/1
16. switchport access vlan 1
17. !
18. interface Ethernet0/2
19. switchport access vlan 3
20. !
21. interface Ethernet0/3
22. switchport access vlan 1
23. !
24. interface Ethernet0/4
25. switchport access vlan 1
26. !
27. interface Ethernet0/5
28. switchport access vlan 1
29. !
30. interface Ethernet0/6
31. switchport access vlan 1
32. !
33. interface Ethernet0/7
34. switchport access vlan 1
35. !
36. interface Vlan1
37. nameif inside
38. security-level 100
39. ip address 192.168.1.1 255.255.255.0
40. !
41. interface Vlan2
42. nameif outside
43. security-level 0
44. ip address 209.165.200.253 255.255.255.240
45. !
46. interface Vlan3
47. no forward interface Vlan1
48. nameif dmz
49. security-level 70
50. ip address 10.1.1.254 255.255.255.0
51. !
52. object network dmz-dns-server
53. host 10.1.1.5
54. object network dmz-web-server
55. host 10.1.1.2
56. object network inside-nat
57. subnet 192.168.1.0 255.255.255.0
58. !
59. route outside 0.0.0.0 0.0.0.0 209.165.200.254 1
60. !
61. access-list OUTSIDE-TO-DMZ extended permit tcp any host 10.1.1.2 eq www
62. access-list OUTSIDE-TO-DMZ extended permit tcp any host 10.1.1.5 eq domain
63. access-list OUTSIDE-TO-DMZ extended permit udp any host 10.1.1.5 eq domain
64. access-list OUTSIDE-TO-DMZ extended permit icmp any any echo-reply
65. access-list OUTSIDE-TO-DMZ extended permit tcp host 198.133.219.35 host 10.1.1.2 eq ftp
66. !
67. !
68. access-group OUTSIDE-TO-DMZ in interface outside
69. object network dmz-dns-server
70. nat (dmz,outside) static 209.165.200.242
71. object network dmz-web-server
72. nat (dmz,outside) static 209.165.200.241
73. object network inside-nat
74. nat (inside,outside) dynamic interface
75. !
76. !
77. !
78. !
79. class-map inspection_default
80. match default-inspection-traffic
81. !
82. policy-map global_policy
83. class inspection_default
84. inspect http
85. !
86. service-policy global_policy global
87. !
88. telnet timeout 5
89. ssh timeout 5
90. !
91. dhcpd auto_config outside
92. !
93. dhcpd address 192.168.1.5-192.168.1.35 inside
94. dhcpd enable inside
95. !
96. !
97. !
98. !
99. !