Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- GeekASA# sh run
- : Saved
- :
- ASA Version 8.4(5)
- !
- hostname GeekASA
- domain-name geekgear.local
- enable password VUXujbbUQVeAUuB3 encrypted
- passwd 2KFQnbNIdI.2KYOU encrypted
- names
- !
- interface Ethernet0/0
- !
- interface Ethernet0/1
- switchport access vlan 2
- !
- interface Ethernet0/2
- shutdown
- !
- interface Ethernet0/3
- switchport access vlan 2
- !
- interface Ethernet0/4
- shutdown
- !
- interface Ethernet0/5
- shutdown
- !
- interface Ethernet0/6
- shutdown
- !
- interface Ethernet0/7
- shutdown
- !
- interface Vlan1
- description *** Outside internet to router.
- nameif outside
- security-level 0
- ip address *.174.13.3* 255.255.255.224
- !
- interface Vlan2
- description *** Desktop Vlan
- nameif inside
- security-level 100
- ip address 10.0.1.1 255.255.255.0
- !
- interface Vlan3
- no nameif
- security-level 100
- ip address 10.1.4.1 255.255.255.0
- !
- boot system disk0:/asa845-k8.bin
- ftp mode passive
- clock timezone AKST -9
- dns domain-lookup outside
- same-security-traffic permit inter-interface
- same-security-traffic permit intra-interface
- object network obj_any
- subnet 0.0.0.0 0.0.0.0
- object network obj_wired
- subnet 10.1.2.0 255.255.255.0
- object network VPN
- subnet 10.0.5.0 255.255.255.0
- object network obj_wireless
- subnet 10.1.4.0 255.255.255.0
- object network obj_rdpsrv
- host 10.0.1.2
- access-list Split_Tunnel standard permit 10.0.1.0 255.255.255.0
- access-list Split_Tunnel standard permit 10.1.2.0 255.255.255.0
- access-list Split_Tunnel standard permit 10.1.4.0 255.255.255.0
- access-list Split_Tunnel standard permit 10.0.5.0 255.255.255.0
- access-list nat0 extended permit ip 10.0.5.0 255.255.255.0 10.1.2.0 255.255.255.0
- access-list nat0 extended permit ip 10.0.5.0 255.255.255.0 10.1.4.0 255.255.255.0
- access-list nat0 extended permit ip 10.0.5.0 255.255.255.0 10.0.1.0 255.255.255.0
- access-list 123 extended permit icmp any host 10.1.2.10
- access-list 123 extended permit icmp any host 10.0.1.2
- access-list 123 extended permit tcp any host 10.0.1.2 eq 3389
- !
- tcp-map TestMap
- !
- tcp-map test
- !
- pager lines 24
- logging enable
- logging buffered notifications
- logging asdm informational
- mtu outside 1500
- mtu inside 1500
- ip local pool GeekVPN 10.0.5.1-10.0.5.15 mask 255.255.255.0
- ip verify reverse-path interface outside
- icmp unreachable rate-limit 1 burst-size 1
- icmp permit host 10.1.2.10 echo inside
- icmp permit 10.1.4.0 255.255.255.0 inside
- icmp permit 10.0.1.0 255.255.255.0 inside
- icmp permit any inside
- asdm image disk0:/asdm-712.bin
- no asdm history enable
- arp timeout 14400
- no arp permit-nonconnected
- nat (inside,outside) source static any any destination static VPN VPN route-lookup
- !
- object network obj_any
- nat (inside,outside) dynamic interface
- object network obj_rdpsrv
- nat (inside,outside) static interface service tcp 3389 ftp
- access-group 123 in interface outside
- route outside 0.0.0.0 0.0.0.0 *.174.13.* 1
- timeout xlate 3:00:00
- timeout pat-xlate 0:00:30
- timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
- timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
- timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
- timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
- timeout tcp-proxy-reassembly 0:01:00
- timeout floating-conn 0:00:00
- dynamic-access-policy-record DfltAccessPolicy
- user-identity default-domain LOCAL
- nac-policy DfltGrpPolicy-nac-framework-create nac-framework
- reval-period 36000
- sq-period 300
- aaa authentication ssh console LOCAL
- http server enable
- http 10.1.0.0 255.255.0.0 inside
- http 10.0.5.0 255.255.255.0 inside
- http 10.0.0.0 255.0.0.0 inside
- no snmp-server location
- no snmp-server contact
- snmp-server enable traps snmp authentication linkup linkdown coldstart
- crypto dynamic-map GeekMap 1 set reverse-route
- crypto map GeekMap 1 ipsec-isakmp dynamic GeekMap
- crypto map GeekMap interface outside
- crypto ca trustpoint _SmartCallHome_ServerCA
- crl configure
- crypto ca trustpoint entrust
- revocation-check ocsp none
- enrollment terminal
- crl configure
- crypto ca trustpoint ASDM_TrustPoint0
- enrollment self
- subject-name O=GeekGear
- keypair GeekCert
- crl configure
- telnet timeout 5
- ssh 10.0.0.0 255.0.0.0 inside
- ssh timeout 30
- ssh version 2
- ssh key-exchange group dh-group1-sha1
- console timeout 0
- management-access inside
- priority-queue inside
- threat-detection basic-threat
- threat-detection statistics access-list
- no threat-detection statistics tcp-intercept
- ssl trust-point ASDM_TrustPoint0 outside
- webvpn
- enable outside
- anyconnect image disk0:/anyconnect-win-2.5.6005-k9.pkg 1
- anyconnect enable
- group-policy DfltGrpPolicy attributes
- vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-clientless
- nac-settings value DfltGrpPolicy-nac-framework-create
- webvpn
- url-list value Test
- anyconnect ssl keepalive none
- anyconnect dpd-interval client none
- anyconnect dpd-interval gateway none
- anyconnect ssl compression deflate
- customization value DfltCustomization
- group-policy GeekPolicy internal
- group-policy GeekPolicy attributes
- wins-server none
- dns-server none
- vpn-tunnel-protocol ssl-client
- split-tunnel-policy tunnelspecified
- split-tunnel-network-list value Split_Tunnel
- default-domain none
- address-pools value GeekVPN
- webvpn
- url-list value Test
- username beb0p password WThrSVbiqTZ9RJ3I encrypted privilege 15
- username beb0p attributes
- vpn-group-policy GeekPolicy
- tunnel-group DefaultRAGroup general-attributes
- address-pool GeekVPN
- default-group-policy GeekPolicy
- tunnel-group DefaultWEBVPNGroup general-attributes
- address-pool GeekVPN
- default-group-policy GeekPolicy
- tunnel-group Geeks type remote-access
- tunnel-group Geeks general-attributes
- address-pool GeekVPN
- default-group-policy GeekPolicy
- !
- class-map anything
- match any
- class-map test
- class-map inspection_default
- match default-inspection-traffic
- !
- !
- policy-map type inspect dns preset_dns_map
- parameters
- message-length maximum 512
- policy-map p1
- description Any
- class anything
- inspect http
- policy-map type inspect http http-inspect-map
- parameters
- protocol-violation action drop-connection
- match req-resp content-type mismatch
- drop-connection log
- policy-map global_policy
- class inspection_default
- inspect dns preset_dns_map
- inspect ftp
- inspect h323 h225
- inspect h323 ras
- inspect netbios
- inspect rsh
- inspect rtsp
- inspect skinny
- inspect esmtp
- inspect sqlnet
- inspect sunrpc
- inspect tftp
- inspect sip
- inspect xdmcp
- inspect ip-options
- class class-default
- !
- service-policy global_policy global
- prompt hostname context
- no call-home reporting anonymous
- call-home
- profile CiscoTAC-1
- no active
- destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
- destination address email callhome@cisco.com
- destination transport-method http
- subscribe-to-alert-group diagnostic
- subscribe-to-alert-group environment
- subscribe-to-alert-group inventory periodic monthly
- subscribe-to-alert-group configuration periodic monthly
- subscribe-to-alert-group telemetry periodic daily
- Cryptochecksum:2e0a54cc7aaf510ab6ec4b8e34f35559
- : end
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement