Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ASA Version 8.2(5)
- !
- terminal width 140
- hostname LPL-asa5500
- domain-name lafayette.local
- no names
- name 75.75.75.33 LPL-ASA
- name 192.168.10.1 lpl-asa-inside
- name 192.168.10.0 lpl-lan
- name 75.75.75.32 LPL-SERVER-OUTSIDE
- name 192.168.10.2 lpl-server-inside
- name 75.75.75.31 LPL-SWITCHVOX-OUTSIDE
- name 192.168.10.3 lpl-switchvox-inside
- !
- interface Ethernet0/0
- switchport access vlan 2
- !
- interface Ethernet0/1
- !
- interface Ethernet0/2
- shutdown
- !
- interface Ethernet0/3
- shutdown
- !
- interface Ethernet0/4
- shutdown
- !
- interface Ethernet0/5
- shutdown
- !
- interface Ethernet0/6
- shutdown
- !
- interface Ethernet0/7
- shutdown
- !
- interface Vlan1
- nameif inside
- security-level 100
- ip address 192.168.10.1 255.255.255.0
- !
- interface Vlan2
- nameif outside
- security-level 0
- ip address 75.75.75.33 255.255.255.248
- !
- no ftp mode passive
- dns server-group DefaultDNS
- domain-name lafayette.local
- same-security-traffic permit inter-interface
- access-list outside-in extended permit tcp any host 75.75.75.32 eq https
- access-list outside-in extended permit tcp any host 75.75.75.32 eq 3389
- access-list outside-in extended permit tcp any host 75.75.75.32 eq 987
- access-list outside-in extended permit tcp any host 75.75.75.32 eq ftp
- access-list outside-in extended permit tcp any host 75.75.75.32 eq www
- access-list outside-in extended permit udp any host 75.75.75.31 range 10000 20000
- access-list outside-in extended permit udp any host 75.75.75.31 eq sip
- access-list outside-in extended permit tcp any host 75.75.75.31 eq https
- access-list outside-in extended permit tcp any host 75.75.75.31 eq 5222
- access-list outside-in extended permit tcp any host 75.75.75.31 eq 843
- access-list outside-in extended permit tcp any host 75.75.75.31 eq 5269
- access-list LPL_splitTunnelAcl standard permit any
- pager lines 1000
- logging enable
- logging asdm informational
- mtu inside 1500
- mtu outside 1500
- icmp unreachable rate-limit 1 burst-size 1
- no asdm history enable
- arp timeout 14400
- global (outside) 1 interface
- nat (inside) 1 0.0.0.0 0.0.0.0
- static (inside,outside) 75.75.75.31 192.168.10.3 netmask 255.255.255.255
- access-group outside-in in interface outside
- route outside 0.0.0.0 0.0.0.0 75.75.75.34 1
- timeout xlate 3:00:00
- timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
- timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
- timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
- timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
- timeout tcp-proxy-reassembly 0:01:00
- timeout floating-conn 0:00:00
- dynamic-access-policy-record DfltAccessPolicy
- aaa authentication ssh console LOCAL
- http server enable
- http 192.168.10.0 255.255.255.0 inside
- no snmp-server location
- no snmp-server contact
- snmp-server enable traps snmp authentication linkup linkdown coldstart
- crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac
- crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport
- crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
- crypto ipsec security-association lifetime seconds 28800
- crypto ipsec security-association lifetime kilobytes 4608000
- crypto dynamic-map outside_dyn_map 20 set pfs group1
- crypto dynamic-map outside_dyn_map 20 set transform-set TRANS_ESP_3DES_SHA
- crypto dynamic-map outside_dyn_map 40 set pfs group1
- crypto dynamic-map outside_dyn_map 40 set transform-set ESP-3DES-SHA
- crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
- crypto map outside_map interface outside
- crypto isakmp enable outside
- crypto isakmp policy 10
- authentication pre-share
- encryption 3des
- hash sha
- group 2
- lifetime 86400
- crypto isakmp policy 65535
- authentication pre-share
- encryption 3des
- hash sha
- group 2
- lifetime 86400
- telnet 192.168.10.0 255.255.255.0 inside
- telnet timeout 5
- ssh 192.168.10.0 255.255.255.0 inside
- ssh timeout 5
- console timeout 0
- threat-detection basic-threat
- threat-detection statistics access-list
- no threat-detection statistics tcp-intercept
- webvpn
- group-policy LPL internal
- group-policy LPL attributes
- wins-server value 192.168.10.2
- vpn-tunnel-protocol IPSec
- split-tunnel-policy tunnelspecified
- split-tunnel-network-list value LPL_splitTunnelAcl
- default-domain value lafayette.local
- !
- class-map inspection_default
- match default-inspection-traffic
- !
- !
- policy-map type inspect dns preset_dns_map
- parameters
- message-length maximum client auto
- message-length maximum 512
- policy-map global_policy
- class inspection_default
- inspect dns preset_dns_map
- inspect ftp
- inspect h323 h225
- inspect h323 ras
- inspect ip-options
- inspect netbios
- inspect rsh
- inspect rtsp
- inspect skinny
- inspect esmtp
- inspect sqlnet
- inspect sunrpc
- inspect tftp
- inspect sip
- inspect xdmcp
- inspect pptp
- inspect icmp
- inspect ipsec-pass-thru
- !
- service-policy global_policy global
- prompt hostname context
- no call-home reporting anonymous
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement