Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- hostname asaconcord
- domain-name rtv.com
- enable password x.x.x.x encrypted
- passwd x.x.x.x encrypted
- names
- name 10.10.0.0 A-10.10.0.0 description INSIDE_NETWORK
- name 10.10.0.5 A-10.10.0.5 description VPN_PLATINUM2
- name 10.10.0.90 A-10.10.0.90 description VGSUPPORT
- name x.x.x.x x.x.x.x description OUTSIDE_NETWORK
- !
- interface Ethernet0/0
- description VLAN 2
- switchport access vlan 2
- !
- interface Ethernet0/1
- description VLAN 1
- !
- interface Ethernet0/2
- !
- interface Ethernet0/3
- switchport access vlan 3
- !
- interface Ethernet0/4
- switchport access vlan 4
- !
- interface Ethernet0/5
- !
- interface Ethernet0/6
- !
- interface Ethernet0/7
- shutdown
- !
- interface Vlan1
- description Inside
- nameif Inside
- security-level 100
- ip address 10.10.0.1 255.255.252.0
- !
- interface Vlan2
- description Public
- nameif Public
- security-level 0
- ip address x.x.x.x 255.255.255.224
- !
- interface Vlan3
- nameif dev
- security-level 100
- ip address 192.168.3.1 255.255.255.0
- !
- interface Vlan4
- nameif wireless
- security-level 100
- ip address 192.168.4.1 255.255.255.0
- !
- boot system disk0:/asa824-1-k8.bin
- ftp mode passive
- clock timezone EST -5
- clock summer-time edt recurring
- dns domain-lookup Inside
- dns domain-lookup Public
- dns server-group DefaultDNS
- name-server A-10.10.0.5
- name-server 10.10.0.7
- name-server 8.8.8.8
- name-server 4.2.2.2
- domain-name rtv.com
- same-security-traffic permit inter-interface
- same-security-traffic permit intra-interface
- object-group service DM_INLINE_TCP_1 tcp
- port-object eq www
- port-object eq https
- 0
- access-list NoNAT extended permit ip A-10.10.0.0 255.255.252.0 x.x.x.x 255.255.248.0 log critical
- access-list in-out extended permit ip any any
- access-list in-out extended permit tcp host 10.10.0.10 any eq smtp
- access-list in-out extended permit tcp host 10.10.0.104 any eq smtp
- access-list in-out extended permit tcp host 10.10.1.15 any eq smtp
- access-list in-out extended permit tcp any eq www any eq www log
- access-list in-out extended permit tcp any eq smtp any eq smtp
- access-list in-out extended permit tcp any eq https any eq https log
- access-list Public_1_cryptomap extended permit ip A-10.10.0.0 255.255.252.0 x.x.x.x 255.255.248.0
- access-list nonat extended permit ip A-10.10.0.0 255.255.252.0 x.x.x.x 255.255.248.0
- pager lines 24
- logging enable
- logging timestamp
- logging emblem
- logging list SyslogEvents level alerts
- logging console warnings
- logging monitor errors
- logging buffered emergencies
- logging trap errors
- logging history errors
- logging asdm errors
- logging from-address mauricio@terarecon.com
- logging host Inside 10.10.0.250 format emblem
- logging host Inside x.x.x.x format emblem
- logging permit-hostdown
- mtu Inside 1500
- mtu Public 1500
- mtu wireless 1500
- mtu dev 1500
- ip local pool Pool 10.10.1.200-10.10.1.245 mask 255.255.255.224
- ip verify reverse-path interface Inside
- no failover
- icmp unreachable rate-limit 1 burst-size 1
- asdm image disk0:/asdm-625-53.bin
- asdm history enable
- arp timeout 14400
- global (Public) 1 interface
- nat (Inside) 0 access-list nonat
- nat (Inside) 1 A-10.10.0.0 255.255.252.0
- nat (Inside) 1 0.0.0.0 0.0.0.0
- nat (wireless) 1 192.168.4.0 255.255.255.0
- nat (dev) 1 192.168.3.0 255.255.255.0
- access-group out-in in interface Public
- route Public 0.0.0.0 0.0.0.0 x.x.x.x
- route Public x.x.x.x 255.255.248.0 63.150.232.1 1
- timeout xlate 1:00:00
- timeout conn 0:30:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
- timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
- timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
- timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
- timeout tcp-proxy-reassembly 0:01:00
- dynamic-access-policy-record DfltAccessPolicy
- aaa-server TACACS+ protocol tacacs+
- aaa-server RADIUS protocol radius
- mac-list 500 permit 001c.2395.9ab5 ffff.ffff.ffff
- aaa authentication ssh console LOCAL
- aaa authentication telnet console LOCAL
- http server enable
- http 0.0.0.0 0.0.0.0 Inside
- snmp-server host Inside x.x.x.x community ***** version 2c
- no snmp-server location
- no snmp-server contact
- snmp-server community *****
- snmp-server enable traps snmp authentication linkup linkdown coldstart
- crypto ipsec transform-set chevelle esp-des esp-md5-hmac
- crypto ipsec transform-set 3desmd5 esp-3des esp-md5-hmac
- crypto ipsec transform-set terarecon esp-des esp-md5-hmac
- crypto ipsec transform-set strong esp-3des esp-md5-hmac
- crypto ipsec security-association lifetime seconds 28800
- crypto ipsec security-association lifetime kilobytes 4608000
- crypto dynamic-map dynmap 100 set transform-set 3desmd5
- crypto map vpn 1 match address Public_1_cryptomap
- crypto map vpn 1 set peer x.x.x.x
- crypto map vpn 1 set transform-set 3desmd5 terarecon strong chevelle
- crypto map vpn 100 ipsec-isakmp dynamic dynmap
- crypto map vpn interface Public
- crypto isakmp identity address
- crypto isakmp enable Inside
- crypto isakmp enable Public
- crypto isakmp policy 1
- authentication pre-share
- encryption 3des
- hash md5
- group 2
- lifetime 86400
- crypto isakmp policy 2
- authentication pre-share
- encryption des
- hash md5
- group 1
- lifetime 1000
- crypto isakmp policy 10
- authentication pre-share
- encryption des
- hash md5
- group 2
- lifetime 86400
- crypto isakmp policy 65535
- authentication pre-share
- encryption 3des
- hash sha
- group 2
- lifetime 86400
- crypto isakmp ipsec-over-tcp port 10000
- client-update enable
- telnet 0.0.0.0 0.0.0.0 Inside
- telnet timeout 5
- ssh 0.0.0.0 0.0.0.0 Inside
- ssh timeout 60
- ssh version 2
- console timeout 0
- management-access Inside
- no threat-detection basic-threat
- threat-detection scanning-threat shun
- threat-detection statistics
- threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
- webvpn
- enable Public
- svc image disk0:/anyconnect-win-2.4.1012-k9.pkg 1
- svc image disk0:/anyconnect-wince-ARMv4I-2.4.1012-k9.pkg 2
- svc enable
- group-policy DfltGrpPolicy attributes
- vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn
- username terarecon password x.x.x.x encrypted
- username missiongeek password x.x.x.x encrypted privilege 15
- tunnel-group DefaultRAGroup general-attributes
- address-pool Pool
- dhcp-server A-10.10.0.5
- tunnel-group x.x.x.x type ipsec-l2l
- tunnel-group x.x.x.x ipsec-attributes
- pre-shared-key *****
- !
- class-map type inspect http match-all asdm_medium_security_methods
- match not request method head
- match not request method post
- match not request method get
- class-map inspection_default
- match default-inspection-traffic
- !
- !
- policy-map type inspect dns preset_dns_map
- parameters
- message-length maximum 512
- id-randomization
- id-mismatch action log
- policy-map global_policy
- class inspection_default
- inspect ftp
- inspect h323 h225
- inspect h323 ras
- inspect netbios
- inspect rsh
- inspect rtsp
- inspect skinny
- inspect esmtp
- inspect sqlnet
- inspect sunrpc
- inspect tftp
- inspect sip
- inspect xdmcp
- inspect dns preset_dns_map
- inspect http
- inspect pptp
- inspect icmp
- inspect ip-options
- policy-map type inspect http HTTP_inspection
- parameters
- protocol-violation action drop-connection
- class asdm_medium_security_methods
- drop-connection
- !
- service-policy global_policy global
- smtp-server x.x.x.x
- prompt hostname context
- call-home
- profile CiscoTAC-1
- no active
- destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
- destination address email callhome@cisco.com
- destination transport-method http
- subscribe-to-alert-group diagnostic
- subscribe-to-alert-group environment
- subscribe-to-alert-group inventory periodic monthly
- subscribe-to-alert-group configuration periodic monthly
- subscribe-to-alert-group telemetry periodic daily
- Cryptochecksum:b3bd2ef31e056aee46d942caee20f20d
- : end
- asaconcord#
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement