Cisco ASA

1. ASA Version 8.2(5)
2. !
3. terminal width 140
4. hostname LPL-asa5500
5. domain-name lafayette.local
6. no names
7. name 75.75.75.33 LPL-ASA
8. name 192.168.10.1 lpl-asa-inside
9. name 192.168.10.0 lpl-lan
10. name 75.75.75.32 LPL-SERVER-OUTSIDE
11. name 192.168.10.2 lpl-server-inside
12. name 75.75.75.31 LPL-SWITCHVOX-OUTSIDE
13. name 192.168.10.3 lpl-switchvox-inside
14. !
15. interface Ethernet0/0
16. switchport access vlan 2
17. !
18. interface Ethernet0/1
19. !
20. interface Ethernet0/2
21. shutdown
22. !
23. interface Ethernet0/3
24. shutdown
25. !
26. interface Ethernet0/4
27. shutdown
28. !
29. interface Ethernet0/5
30. shutdown
31. !
32. interface Ethernet0/6
33. shutdown
34. !
35. interface Ethernet0/7
36. shutdown
37. !
38. interface Vlan1
39. nameif inside
40. security-level 100
41. ip address 192.168.10.1 255.255.255.0
42. !
43. interface Vlan2
44. nameif outside
45. security-level 0
46. ip address 75.75.75.33 255.255.255.248
47. !
48. no ftp mode passive
49. dns server-group DefaultDNS
50. domain-name lafayette.local
51. same-security-traffic permit inter-interface
52. access-list outside-in extended permit tcp any host 75.75.75.32 eq https
53. access-list outside-in extended permit tcp any host 75.75.75.32 eq 3389
54. access-list outside-in extended permit tcp any host 75.75.75.32 eq 987
55. access-list outside-in extended permit tcp any host 75.75.75.32 eq ftp
56. access-list outside-in extended permit tcp any host 75.75.75.32 eq www
57. access-list outside-in extended permit udp any host 75.75.75.31 range 10000 20000
58. access-list outside-in extended permit udp any host 75.75.75.31 eq sip
59. access-list outside-in extended permit tcp any host 75.75.75.31 eq https
60. access-list outside-in extended permit tcp any host 75.75.75.31 eq 5222
61. access-list outside-in extended permit tcp any host 75.75.75.31 eq 843
62. access-list outside-in extended permit tcp any host 75.75.75.31 eq 5269
63. access-list LPL_splitTunnelAcl standard permit any
64. pager lines 1000
65. logging enable
66. logging asdm informational
67. mtu inside 1500
68. mtu outside 1500
69. icmp unreachable rate-limit 1 burst-size 1
70. no asdm history enable
71. arp timeout 14400
72. global (outside) 1 interface
73. nat (inside) 1 0.0.0.0 0.0.0.0
74. static (inside,outside) 75.75.75.31 192.168.10.3 netmask 255.255.255.255
75. access-group outside-in in interface outside
76. route outside 0.0.0.0 0.0.0.0 75.75.75.34 1
77. timeout xlate 3:00:00
78. timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
79. timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
80. timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
81. timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
82. timeout tcp-proxy-reassembly 0:01:00
83. timeout floating-conn 0:00:00
84. dynamic-access-policy-record DfltAccessPolicy
85. aaa authentication ssh console LOCAL
86. http server enable
87. http 192.168.10.0 255.255.255.0 inside
88. no snmp-server location
89. no snmp-server contact
90. snmp-server enable traps snmp authentication linkup linkdown coldstart
91. crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac
92. crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport
93. crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
94. crypto ipsec security-association lifetime seconds 28800
95. crypto ipsec security-association lifetime kilobytes 4608000
96. crypto dynamic-map outside_dyn_map 20 set pfs group1
97. crypto dynamic-map outside_dyn_map 20 set transform-set TRANS_ESP_3DES_SHA
98. crypto dynamic-map outside_dyn_map 40 set pfs group1
99. crypto dynamic-map outside_dyn_map 40 set transform-set ESP-3DES-SHA
100. crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
101. crypto map outside_map interface outside
102. crypto isakmp enable outside
103. crypto isakmp policy 10
104. authentication pre-share
105. encryption 3des
106. hash sha
107. group 2
108. lifetime 86400
109. crypto isakmp policy 65535
110. authentication pre-share
111. encryption 3des
112. hash sha
113. group 2
114. lifetime 86400
115. telnet 192.168.10.0 255.255.255.0 inside
116. telnet timeout 5
117. ssh 192.168.10.0 255.255.255.0 inside
118. ssh timeout 5
119. console timeout 0
120.  
121. threat-detection basic-threat
122. threat-detection statistics access-list
123. no threat-detection statistics tcp-intercept
124. webvpn
125. group-policy LPL internal
126. group-policy LPL attributes
127. wins-server value 192.168.10.2
128. vpn-tunnel-protocol IPSec
129. split-tunnel-policy tunnelspecified
130. split-tunnel-network-list value LPL_splitTunnelAcl
131. default-domain value lafayette.local
132. !
133. class-map inspection_default
134. match default-inspection-traffic
135. !
136. !
137. policy-map type inspect dns preset_dns_map
138. parameters
139. message-length maximum client auto
140. message-length maximum 512
141. policy-map global_policy
142. class inspection_default
143. inspect dns preset_dns_map
144. inspect ftp
145. inspect h323 h225
146. inspect h323 ras
147. inspect ip-options
148. inspect netbios
149. inspect rsh
150. inspect rtsp
151. inspect skinny
152. inspect esmtp
153. inspect sqlnet
154. inspect sunrpc
155. inspect tftp
156. inspect sip
157. inspect xdmcp
158. inspect pptp
159. inspect icmp
160. inspect ipsec-pass-thru
161. !
162. service-policy global_policy global
163. prompt hostname context
164. no call-home reporting anonymous