API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Apr 17th, 2014
174
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.08 KB | None | 0 0
raw download clone embed print report
  1. GeekASA# sh run
  2. : Saved
  3. :
  4. ASA Version 8.4(5)
  5. !
  6. hostname GeekASA
  7. domain-name geekgear.local
  8. enable password VUXujbbUQVeAUuB3 encrypted
  9. passwd 2KFQnbNIdI.2KYOU encrypted
  10. names
  11. !
  12. interface Ethernet0/0
  13. !
  14. interface Ethernet0/1
  15. switchport access vlan 2
  16. !
  17. interface Ethernet0/2
  18. shutdown
  19. !
  20. interface Ethernet0/3
  21. switchport access vlan 2
  22. !
  23. interface Ethernet0/4
  24. shutdown
  25. !
  26. interface Ethernet0/5
  27. shutdown
  28. !
  29. interface Ethernet0/6
  30. shutdown
  31. !
  32. interface Ethernet0/7
  33. shutdown
  34. !
  35. interface Vlan1
  36. description *** Outside internet to router.
  37. nameif outside
  38. security-level 0
  39. ip address *.174.13.3* 255.255.255.224
  40. !
  41. interface Vlan2
  42. description *** Desktop Vlan
  43. nameif inside
  44. security-level 100
  45. ip address 10.0.1.1 255.255.255.0
  46. !
  47. interface Vlan3
  48. no nameif
  49. security-level 100
  50. ip address 10.1.4.1 255.255.255.0
  51. !
  52. boot system disk0:/asa845-k8.bin
  53. ftp mode passive
  54. clock timezone AKST -9
  55. dns domain-lookup outside
  56. same-security-traffic permit inter-interface
  57. same-security-traffic permit intra-interface
  58. object network obj_any
  59. subnet 0.0.0.0 0.0.0.0
  60. object network obj_wired
  61. subnet 10.1.2.0 255.255.255.0
  62. object network VPN
  63. subnet 10.0.5.0 255.255.255.0
  64. object network obj_wireless
  65. subnet 10.1.4.0 255.255.255.0
  66. object network obj_rdpsrv
  67. host 10.0.1.2
  68. access-list Split_Tunnel standard permit 10.0.1.0 255.255.255.0
  69. access-list Split_Tunnel standard permit 10.1.2.0 255.255.255.0
  70. access-list Split_Tunnel standard permit 10.1.4.0 255.255.255.0
  71. access-list Split_Tunnel standard permit 10.0.5.0 255.255.255.0
  72. access-list nat0 extended permit ip 10.0.5.0 255.255.255.0 10.1.2.0 255.255.255.0
  73. access-list nat0 extended permit ip 10.0.5.0 255.255.255.0 10.1.4.0 255.255.255.0
  74. access-list nat0 extended permit ip 10.0.5.0 255.255.255.0 10.0.1.0 255.255.255.0
  75. access-list 123 extended permit icmp any host 10.1.2.10
  76. access-list 123 extended permit icmp any host 10.0.1.2
  77. access-list 123 extended permit tcp any host 10.0.1.2 eq 3389
  78. !
  79. tcp-map TestMap
  80. !
  81. tcp-map test
  82. !
  83. pager lines 24
  84. logging enable
  85. logging buffered notifications
  86. logging asdm informational
  87. mtu outside 1500
  88. mtu inside 1500
  89. ip local pool GeekVPN 10.0.5.1-10.0.5.15 mask 255.255.255.0
  90. ip verify reverse-path interface outside
  91. icmp unreachable rate-limit 1 burst-size 1
  92. icmp permit host 10.1.2.10 echo inside
  93. icmp permit 10.1.4.0 255.255.255.0 inside
  94. icmp permit 10.0.1.0 255.255.255.0 inside
  95. icmp permit any inside
  96. asdm image disk0:/asdm-712.bin
  97. no asdm history enable
  98. arp timeout 14400
  99. no arp permit-nonconnected
  100. nat (inside,outside) source static any any destination static VPN VPN route-lookup
  101. !
  102. object network obj_any
  103. nat (inside,outside) dynamic interface
  104. object network obj_rdpsrv
  105. nat (inside,outside) static interface service tcp 3389 ftp
  106. access-group 123 in interface outside
  107. route outside 0.0.0.0 0.0.0.0 *.174.13.* 1
  108. timeout xlate 3:00:00
  109. timeout pat-xlate 0:00:30
  110. timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  111. timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  112. timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  113. timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  114. timeout tcp-proxy-reassembly 0:01:00
  115. timeout floating-conn 0:00:00
  116. dynamic-access-policy-record DfltAccessPolicy
  117. user-identity default-domain LOCAL
  118. nac-policy DfltGrpPolicy-nac-framework-create nac-framework
  119. reval-period 36000
  120. sq-period 300
  121. aaa authentication ssh console LOCAL
  122. http server enable
  123. http 10.1.0.0 255.255.0.0 inside
  124. http 10.0.5.0 255.255.255.0 inside
  125. http 10.0.0.0 255.0.0.0 inside
  126. no snmp-server location
  127. no snmp-server contact
  128. snmp-server enable traps snmp authentication linkup linkdown coldstart
  129. crypto dynamic-map GeekMap 1 set reverse-route
  130. crypto map GeekMap 1 ipsec-isakmp dynamic GeekMap
  131. crypto map GeekMap interface outside
  132. crypto ca trustpoint _SmartCallHome_ServerCA
  133. crl configure
  134. crypto ca trustpoint entrust
  135. revocation-check ocsp none
  136. enrollment terminal
  137. crl configure
  138. crypto ca trustpoint ASDM_TrustPoint0
  139. enrollment self
  140. subject-name O=GeekGear
  141. keypair GeekCert
  142. crl configure
  143.  
  144. telnet timeout 5
  145. ssh 10.0.0.0 255.0.0.0 inside
  146. ssh timeout 30
  147. ssh version 2
  148. ssh key-exchange group dh-group1-sha1
  149. console timeout 0
  150. management-access inside
  151.  
  152. priority-queue inside
  153. threat-detection basic-threat
  154. threat-detection statistics access-list
  155. no threat-detection statistics tcp-intercept
  156. ssl trust-point ASDM_TrustPoint0 outside
  157. webvpn
  158. enable outside
  159. anyconnect image disk0:/anyconnect-win-2.5.6005-k9.pkg 1
  160. anyconnect enable
  161. group-policy DfltGrpPolicy attributes
  162. vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-clientless
  163. nac-settings value DfltGrpPolicy-nac-framework-create
  164. webvpn
  165. url-list value Test
  166. anyconnect ssl keepalive none
  167. anyconnect dpd-interval client none
  168. anyconnect dpd-interval gateway none
  169. anyconnect ssl compression deflate
  170. customization value DfltCustomization
  171. group-policy GeekPolicy internal
  172. group-policy GeekPolicy attributes
  173. wins-server none
  174. dns-server none
  175. vpn-tunnel-protocol ssl-client
  176. split-tunnel-policy tunnelspecified
  177. split-tunnel-network-list value Split_Tunnel
  178. default-domain none
  179. address-pools value GeekVPN
  180. webvpn
  181. url-list value Test
  182. username beb0p password WThrSVbiqTZ9RJ3I encrypted privilege 15
  183. username beb0p attributes
  184. vpn-group-policy GeekPolicy
  185. tunnel-group DefaultRAGroup general-attributes
  186. address-pool GeekVPN
  187. default-group-policy GeekPolicy
  188. tunnel-group DefaultWEBVPNGroup general-attributes
  189. address-pool GeekVPN
  190. default-group-policy GeekPolicy
  191. tunnel-group Geeks type remote-access
  192. tunnel-group Geeks general-attributes
  193. address-pool GeekVPN
  194. default-group-policy GeekPolicy
  195. !
  196. class-map anything
  197. match any
  198. class-map test
  199. class-map inspection_default
  200. match default-inspection-traffic
  201. !
  202. !
  203. policy-map type inspect dns preset_dns_map
  204. parameters
  205. message-length maximum 512
  206. policy-map p1
  207. description Any
  208. class anything
  209. inspect http
  210. policy-map type inspect http http-inspect-map
  211. parameters
  212. protocol-violation action drop-connection
  213. match req-resp content-type mismatch
  214. drop-connection log
  215. policy-map global_policy
  216. class inspection_default
  217. inspect dns preset_dns_map
  218. inspect ftp
  219. inspect h323 h225
  220. inspect h323 ras
  221. inspect netbios
  222. inspect rsh
  223. inspect rtsp
  224. inspect skinny
  225. inspect esmtp
  226. inspect sqlnet
  227. inspect sunrpc
  228. inspect tftp
  229. inspect sip
  230. inspect xdmcp
  231. inspect ip-options
  232. class class-default
  233. !
  234. service-policy global_policy global
  235. prompt hostname context
  236. no call-home reporting anonymous
  237. call-home
  238. profile CiscoTAC-1
  239. no active
  240. destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
  241. destination address email callhome@cisco.com
  242. destination transport-method http
  243. subscribe-to-alert-group diagnostic
  244. subscribe-to-alert-group environment
  245. subscribe-to-alert-group inventory periodic monthly
  246. subscribe-to-alert-group configuration periodic monthly
  247. subscribe-to-alert-group telemetry periodic daily
  248. Cryptochecksum:2e0a54cc7aaf510ab6ec4b8e34f35559
  249. : end
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!