API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Aug 1st, 2016
630
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.64 KB | None | 0 0
raw download clone embed print report
  1. =~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2016.08.01 23:24:00 =~=~=~=~=~=~=~=~=~=~=~=
  2. sh run
  3. : Saved
  4. :
  5. : Serial Number: 9AW4MCWVJ39
  6. : Hardware: ASAv, 2048 MB RAM, CPU Xeon 5500 series 2400 MHz
  7. :
  8. ASA Version 9.3(1)
  9. !
  10. hostname CISCOASA1
  11. enable password DPo8KMYgWczwBY00 encrypted
  12. xlate per-session deny tcp any4 any4
  13. xlate per-session deny tcp any4 any6
  14. xlate per-session deny tcp any6 any4
  15. xlate per-session deny tcp any6 any6
  16. xlate per-session deny udp any4 any4 eq domain
  17. xlate per-session deny udp any4 any6 eq domain
  18. xlate per-session deny udp any6 any4 eq domain
  19. xlate per-session deny udp any6 any6 eq domain
  20. names
  21. !
  22. interface GigabitEthernet0/0
  23. nameif outside
  24. security-level 0
  25. ip address dhcp setroute
  26. !
  27. <--- More --->
  28.  
  29. interface GigabitEthernet0/1
  30. nameif inside
  31. security-level 100
  32. ip address 10.0.250.254 255.255.255.0
  33. !
  34. interface GigabitEthernet0/1.2
  35. vlan 2
  36. nameif LANMANAGEMENT
  37. security-level 100
  38. ip address 10.0.2.254 255.255.255.0
  39. !
  40. interface GigabitEthernet0/1.20
  41. vlan 20
  42. nameif ISCSI_VLAN20
  43. security-level 100
  44. ip address 10.0.20.254 255.255.255.0
  45. !
  46. interface GigabitEthernet0/1.30
  47. vlan 30
  48. nameif VMOTION_VLAN30
  49. security-level 100
  50. ip address 10.0.30.254 255.255.255.0
  51. !
  52. <--- More --->
  53.  
  54. interface GigabitEthernet0/1.50
  55. vlan 50
  56. nameif PROD_VLAN50
  57. security-level 100
  58. ip address 10.0.50.254 255.255.255.0
  59. !
  60. interface GigabitEthernet0/1.66
  61. vlan 66
  62. nameif TESTING_VLAN66
  63. security-level 100
  64. ip address 10.0.66.254 255.255.255.0
  65. !
  66. interface GigabitEthernet0/1.100
  67. vlan 100
  68. nameif WIRELESS_VLAN100
  69. security-level 100
  70. ip address 10.0.100.254 255.255.255.0
  71. !
  72. interface GigabitEthernet0/1.660
  73. vlan 660
  74. nameif PUBLIC_VLAN660
  75. security-level 0
  76. ip address 10.66.0.254 255.255.255.0
  77. <--- More --->
  78.  
  79. !
  80. interface GigabitEthernet0/2
  81. shutdown
  82. no nameif
  83. no security-level
  84. no ip address
  85. !
  86. interface GigabitEthernet0/3
  87. shutdown
  88. no nameif
  89. no security-level
  90. no ip address
  91. !
  92. interface GigabitEthernet0/4
  93. shutdown
  94. no nameif
  95. no security-level
  96. no ip address
  97. !
  98. interface GigabitEthernet0/5
  99. shutdown
  100. no nameif
  101. no security-level
  102. <--- More --->
  103.  
  104. no ip address
  105. !
  106. interface GigabitEthernet0/6
  107. shutdown
  108. no nameif
  109. no security-level
  110. no ip address
  111. !
  112. interface GigabitEthernet0/7
  113. shutdown
  114. no nameif
  115. no security-level
  116. no ip address
  117. !
  118. interface GigabitEthernet0/8
  119. shutdown
  120. no nameif
  121. no security-level
  122. no ip address
  123. !
  124. interface Management0/0
  125. management-only
  126. shutdown
  127. <--- More --->
  128.  
  129. nameif management
  130. security-level 0
  131. ip address 10.0.254.1 255.255.255.0
  132. !
  133. ftp mode passive
  134. clock timezone EST -5
  135. clock summer-time EDT recurring
  136. dns domain-lookup inside
  137. dns server-group DefaultDNS
  138. name-server 8.8.8.8
  139. name-server 4.2.2.2
  140. same-security-traffic permit inter-interface
  141. same-security-traffic permit intra-interface
  142. object network OBJ-0.0.0.0
  143. subnet 0.0.0.0 0.0.0.0
  144. object network INETACCESS
  145. subnet 0.0.0.0 0.0.0.0
  146. object network OBJ-RDP
  147. host 10.0.250.211
  148. description RDP
  149. object service RDP-3389
  150. service tcp destination eq 3389
  151. description Microsoft RDP
  152. <--- More --->
  153.  
  154. object service RDP-Service
  155. service tcp source eq 3389
  156. object-group protocol TCPUDP
  157. protocol-object udp
  158. protocol-object tcp
  159. access-list outside_access_in extended permit object RDP-3389 any object OBJ-RDP
  160. pager lines 23
  161. logging enable
  162. logging asdm informational
  163. mtu outside 1500
  164. mtu inside 1500
  165. mtu LANMANAGEMENT 1500
  166. mtu ISCSI_VLAN20 1500
  167. mtu VMOTION_VLAN30 1500
  168. mtu PROD_VLAN50 1500
  169. mtu TESTING_VLAN66 1500
  170. mtu WIRELESS_VLAN100 1500
  171. mtu PUBLIC_VLAN660 1500
  172. mtu management 1500
  173. no failover
  174. icmp unreachable rate-limit 1 burst-size 1
  175. no asdm history enable
  176. arp timeout 14400
  177. <--- More --->
  178.  
  179. no arp permit-nonconnected
  180. nat (inside,outside) source static OBJ-RDP interface service any RDP-Service
  181. !
  182. object network INETACCESS
  183. nat (any,outside) dynamic interface
  184. access-group outside_access_in in interface outside
  185. timeout xlate 3:00:00
  186. timeout pat-xlate 0:00:30
  187. timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  188. timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  189. timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  190. timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  191. timeout tcp-proxy-reassembly 0:01:00
  192. timeout floating-conn 0:00:00
  193. user-identity default-domain LOCAL
  194. aaa authentication ssh console LOCAL
  195. http server enable
  196. http 10.0.250.0 255.255.255.0 management
  197. http 0.0.0.0 0.0.0.0 inside
  198. no snmp-server location
  199. no snmp-server contact
  200. crypto ipsec security-association pmtu-aging infinite
  201. crypto ca trustpool policy
  202. <--- More --->
  203.  
  204. telnet timeout 5
  205. ssh stricthostkeycheck
  206. ssh 0.0.0.0 0.0.0.0 inside
  207. ssh 10.0.250.0 255.255.255.0 management
  208. ssh timeout 5
  209. ssh key-exchange group dh-group1-sha1
  210. console timeout 0
  211. dhcp-client client-id interface outside
  212. dhcpd update dns both override
  213. !
  214. dhcpd address 10.0.250.100-10.0.250.200 inside
  215. dhcpd dns 10.0.250.211 4.2.2.2 interface inside
  216. dhcpd enable inside
  217. !
  218. !
  219. tls-proxy maximum-session 500
  220. !
  221. threat-detection basic-threat
  222. threat-detection statistics access-list
  223. no threat-detection statistics tcp-intercept
  224. webvpn
  225. anyconnect-essentials
  226. error-recovery disable
  227. <--- More --->
  228.  
  229. dynamic-access-policy-record DfltAccessPolicy
  230. username cisco password XXXXXXXXXXXX encrypted
  231. !
  232. class-map inspection_default
  233. match default-inspection-traffic
  234. !
  235. !
  236. policy-map type inspect dns preset_dns_map
  237. parameters
  238. message-length maximum client auto
  239. message-length maximum 512
  240. policy-map global_policy
  241. class inspection_default
  242. inspect rtsp
  243. inspect sunrpc
  244. inspect xdmcp
  245. inspect netbios
  246. inspect tftp
  247. inspect ip-options
  248. inspect dns preset_dns_map
  249. inspect ftp
  250. inspect h323 h225
  251. inspect h323 ras
  252. <--- More --->
  253.  
  254. inspect rsh
  255. inspect esmtp
  256. inspect sqlnet
  257. inspect sip
  258. inspect skinny
  259. !
  260. service-policy global_policy global
  261. prompt hostname context
  262. no call-home reporting anonymous
  263. call-home
  264. profile CiscoTAC-1
  265. no active
  266. destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
  267. destination address email [email protected]
  268. destination transport-method http
  269. subscribe-to-alert-group diagnostic
  270. subscribe-to-alert-group environment
  271. subscribe-to-alert-group inventory periodic monthly 5
  272. subscribe-to-alert-group configuration periodic monthly 5
  273. subscribe-to-alert-group telemetry periodic daily
  274. Cryptochecksum:6732bfe6b0799e0020a3dacaee21
  275. : end
  276.  
  277. CISCOASA1(config-if)#
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!