API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Feb 29th, 2012
19
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 13.57 KB | None | 0 0
raw download clone embed print report
  1. ASA Version 8.4(3)
  2. !
  3. hostname gw
  4. domain-name internal.company.com
  5. names
  6. !
  7. interface Ethernet0/0
  8. nameif outside
  9. security-level 0
  10. ip address 216.x.x.x 255.255.255.224
  11. !
  12. interface Ethernet0/1
  13. nameif inside
  14. security-level 100
  15. ip address 192.168.0.1 255.255.255.0
  16. !
  17. interface Management0/0
  18. nameif management
  19. security-level 100
  20. ip address 192.168.1.1 255.255.255.0
  21. management-only
  22. !
  23. boot system disk0:/asa843-k8.bin
  24. ftp mode passive
  25. clock timezone MST -7
  26. dns domain-lookup outside
  27. dns server-group DefaultDNS
  28. name-server 8.8.8.8
  29. domain-name internal.company.com
  30. same-security-traffic permit inter-interface
  31. same-security-traffic permit intra-interface
  32. object network subnet_a
  33. subnet 192.168.20.0 255.255.255.0
  34. object network subnet_a_wireless
  35. subnet 192.168.21.0 255.255.255.0
  36. object network subnet_b
  37. subnet 192.168.10.0 255.255.255.0
  38. object network subnet_b_wireless
  39. subnet 192.168.11.0 255.255.255.0
  40. object network subnet_c
  41. subnet 192.168.30.0 255.255.255.0
  42. object network subnet_c_wireless
  43. subnet 192.168.31.0 255.255.255.0
  44. object network subnet_dc
  45. subnet 10.10.10.0 255.255.255.192
  46. object network subnet_server
  47. subnet 192.168.5.0 255.255.255.0
  48. object network NETWORK_OBJ_192.168.0.0_24
  49. subnet 192.168.0.0 255.255.255.0
  50. object network subnet_primary
  51. subnet 192.168.0.0 255.255.255.0
  52. object network EXTERNAL_PAT
  53. host 216.x.x.x
  54. object network subnet_192.168.0.0
  55. subnet 192.168.0.0 255.255.0.0
  56. object network vpn_nat
  57. subnet 192.168.0.0 255.255.0.0
  58. object network obj-192.168
  59. subnet 192.168.0.0 255.255.255.0
  60. object-group network internal_lan_wireless
  61. network-object object subnet_b_wireless
  62. network-object object subnet_c_wireless
  63. network-object object subnet_a_wireless
  64. object-group network company_trusted_lan
  65. network-object object subnet_a
  66. network-object object subnet_b
  67. network-object object subnet_c
  68. network-object object subnet_server
  69. network-object object subnet_dc
  70. network-object object subnet_primary
  71. object-group network company_lan
  72. network-object object subnet_a
  73. network-object object subnet_a_wireless
  74. network-object object subnet_b
  75. network-object object subnet_b_wireless
  76. network-object object subnet_c
  77. network-object object subnet_c_wireless
  78. network-object object subnet_dc
  79. network-object object subnet_primary
  80. network-object object subnet_server
  81. object-group network company_lan_internal
  82. network-object object subnet_a
  83. network-object object subnet_a_wireless
  84. network-object object subnet_b
  85. network-object object subnet_b_wireless
  86. network-object object subnet_c
  87. network-object object subnet_c_wireless
  88. network-object object subnet_primary
  89. network-object object subnet_server
  90. access-list inside_access_in extended permit ip any any log disable
  91. access-list global_access extended permit icmp any any log disable
  92. access-list global_access extended permit ip any any log disable
  93. access-list outside_access_in extended permit ip any any log disable
  94. access-list outside_access_in extended permit icmp any any log disable
  95. access-list split_tunnel extended permit ip object-group company_lan any log disable
  96. access-list split_tunnel extended permit icmp object-group company_lan any log
  97. access-list DC_VPN_TRAFFIC extended permit ip object subnet_192.168.0.0 object subnet_dc
  98. access-list inside_access extended permit ip any any
  99. access-list inside_acl extended permit ip object-group company_lan any
  100. access-list inside_acl extended permit icmp object-group company_lan any
  101. access-list outside_access_out extended permit ip any any log disable
  102. access-list outside_access_out extended permit icmp any any log disable
  103. pager lines 30
  104. logging enable
  105. logging buffered debugging
  106. logging asdm notifications
  107. mtu outside 1500
  108. mtu inside 1500
  109. mtu vpn 1500
  110. mtu management 1500
  111. ip local pool vpn_pool 192.168.0.101-192.168.0.254 mask 255.255.255.0
  112. icmp unreachable rate-limit 1 burst-size 1
  113. asdm image disk0:/asdm-647.bin
  114. no asdm history enable
  115. arp timeout 14400
  116. nat (outside,outside) source static obj-192.168 obj-192.168 destination static subnet_dc subnet_dc no-proxy-arp route-lookup
  117. nat (inside,outside) source static company_lan_internal company_lan_internal destination static company_lan company_lan no-proxy-arp route-lookup
  118. !
  119. nat (inside,outside) after-auto source dynamic company_lan_internal interface
  120. access-group global_access global
  121. !
  122. router eigrp 10
  123. no auto-summary
  124. network 192.168.0.0 255.255.255.0
  125. !
  126. route outside 0.0.0.0 0.0.0.0 216.x.x.x 1
  127. timeout xlate 3:00:00
  128. timeout pat-xlate 0:00:30
  129. timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  130. timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  131. timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  132. timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  133. timeout tcp-proxy-reassembly 0:01:00
  134. timeout floating-conn 0:00:00
  135. dynamic-access-policy-record DfltAccessPolicy
  136. aaa-server company protocol radius
  137. aaa-server company (inside) host 192.168.5.29
  138. key *
  139. radius-common-pw *
  140. user-identity default-domain LOCAL
  141. aaa authentication ssh console LOCAL
  142. http server enable
  143. http 192.168.1.0 255.255.255.0 management
  144. http 192.168.0.0 255.255.0.0 inside
  145. http redirect outside 80
  146. no snmp-server location
  147. no snmp-server contact
  148. snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
  149. crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
  150. crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
  151. crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  152. crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
  153. crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
  154. crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
  155. crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
  156. crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
  157. crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
  158. crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
  159. crypto ipsec ikev2 ipsec-proposal DES
  160. protocol esp encryption des
  161. protocol esp integrity sha-1 md5
  162. crypto ipsec ikev2 ipsec-proposal 3DES
  163. protocol esp encryption 3des
  164. protocol esp integrity sha-1 md5
  165. crypto ipsec ikev2 ipsec-proposal AES
  166. protocol esp encryption aes
  167. protocol esp integrity sha-1 md5
  168. crypto ipsec ikev2 ipsec-proposal AES192
  169. protocol esp encryption aes-192
  170. protocol esp integrity sha-1 md5
  171. crypto ipsec ikev2 ipsec-proposal AES256
  172. protocol esp encryption aes-256
  173. protocol esp integrity sha-1 md5
  174. crypto ipsec fragmentation after-encryption outside
  175. crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
  176. crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
  177. crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
  178. crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
  179. crypto map DC_VPN_MAP 1 match address DC_VPN_TRAFFIC
  180. crypto map DC_VPN_MAP 1 set pfs
  181. crypto map DC_VPN_MAP 1 set peer 204.x.x.x
  182. crypto map DC_VPN_MAP 1 set ikev1 transform-set ESP-3DES-SHA
  183. crypto map DC_VPN_MAP 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
  184. crypto map DC_VPN_MAP interface outside
  185. crypto ca trustpoint anyconnect_trustpoint
  186. enrollment self
  187. subject-name CN=gw
  188. crl configure
  189. crypto ca certificate chain anyconnect_trustpoint
  190. certificate 48733d4f
  191. quit
  192. crypto isakmp nat-traversal 21
  193. crypto ikev2 policy 1
  194. encryption aes-256
  195. integrity sha
  196. group 5 2
  197. prf sha
  198. lifetime seconds 86400
  199. crypto ikev2 policy 10
  200. encryption aes-192
  201. integrity sha
  202. group 5 2
  203. prf sha
  204. lifetime seconds 86400
  205. crypto ikev2 policy 20
  206. encryption aes
  207. integrity sha
  208. group 5 2
  209. prf sha
  210. lifetime seconds 86400
  211. crypto ikev2 policy 30
  212. encryption 3des
  213. integrity sha
  214. group 5 2
  215. prf sha
  216. lifetime seconds 86400
  217. crypto ikev2 policy 40
  218. encryption des
  219. integrity sha
  220. group 5 2
  221. prf sha
  222. lifetime seconds 86400
  223. crypto ikev2 enable outside client-services port 443
  224. crypto ikev2 remote-access trustpoint anyconnect_trustpoint
  225. crypto ikev1 enable outside
  226. crypto ikev1 policy 10
  227. authentication crack
  228. encryption aes-256
  229. hash sha
  230. group 2
  231. lifetime 86400
  232. crypto ikev1 policy 20
  233. authentication rsa-sig
  234. encryption aes-256
  235. hash sha
  236. group 2
  237. lifetime 86400
  238. crypto ikev1 policy 30
  239. authentication pre-share
  240. encryption aes-256
  241. hash sha
  242. group 2
  243. lifetime 86400
  244. crypto ikev1 policy 40
  245. authentication crack
  246. encryption aes-192
  247. hash sha
  248. group 2
  249. lifetime 86400
  250. crypto ikev1 policy 50
  251. authentication rsa-sig
  252. encryption aes-192
  253. hash sha
  254. group 2
  255. lifetime 86400
  256. crypto ikev1 policy 60
  257. authentication pre-share
  258. encryption aes-192
  259. hash sha
  260. group 2
  261. lifetime 86400
  262. crypto ikev1 policy 70
  263. authentication crack
  264. encryption aes
  265. hash sha
  266. group 2
  267. lifetime 86400
  268. crypto ikev1 policy 80
  269. authentication rsa-sig
  270. encryption aes
  271. hash sha
  272. group 2
  273. lifetime 86400
  274. crypto ikev1 policy 90
  275. authentication pre-share
  276. encryption aes
  277. hash sha
  278. group 2
  279. lifetime 86400
  280. crypto ikev1 policy 100
  281. authentication crack
  282. encryption 3des
  283. hash sha
  284. group 2
  285. lifetime 86400
  286. crypto ikev1 policy 110
  287. authentication rsa-sig
  288. encryption 3des
  289. hash sha
  290. group 2
  291. lifetime 86400
  292. crypto ikev1 policy 120
  293. authentication pre-share
  294. encryption 3des
  295. hash sha
  296. group 2
  297. lifetime 86400
  298. crypto ikev1 policy 130
  299. authentication crack
  300. encryption des
  301. hash sha
  302. group 2
  303. lifetime 86400
  304. crypto ikev1 policy 140
  305. authentication rsa-sig
  306. encryption des
  307. hash sha
  308. group 2
  309. lifetime 86400
  310. crypto ikev1 policy 150
  311. authentication pre-share
  312. encryption des
  313. hash sha
  314. group 2
  315. lifetime 86400
  316. telnet timeout 5
  317. ssh 192.168.0.0 255.255.0.0 inside
  318. ssh 192.168.1.0 255.255.255.0 management
  319. ssh timeout 60
  320. console timeout 0
  321. management-access inside
  322. dhcpd address 192.168.0.20-192.168.0.100 inside
  323. dhcpd dns 192.168.5.47 interface inside
  324. dhcpd wins 192.168.5.29 interface inside
  325. dhcpd ping_timeout 20 interface inside
  326. dhcpd domain internal.company.com interface inside
  327. dhcpd enable inside
  328. !
  329. dhcpd address 192.168.1.2-192.168.1.254 management
  330. dhcpd enable management
  331. !
  332. threat-detection basic-threat
  333. threat-detection statistics
  334. threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
  335. ntp server 91.189.94.4 source outside prefer
  336. ssl trust-point anyconnect_trustpoint outside
  337. webvpn
  338. enable outside
  339. anyconnect image disk0:/anyconnect-win-2.5.3054-k9.pkg 1
  340. anyconnect image disk0:/anyconnect-macosx-i386-2.5.3054-k9.pkg 2
  341. anyconnect image disk0:/anyconnect-linux-64-2.5.3054-k9.pkg 3
  342. anyconnect image disk0:/anyconnect-linux-2.5.3054-k9.pkg 4
  343. anyconnect profiles company_anyconnect_client_profile disk0:/company_anyconnect_client_profile.xml
  344. anyconnect enable
  345. tunnel-group-list enable
  346. group-policy DefaultRAGroup internal
  347. group-policy DefaultRAGroup attributes
  348. wins-server value 192.168.5.29
  349. dns-server value 192.168.5.46
  350. vpn-tunnel-protocol ikev1 ikev2 ssl-client
  351. password-storage enable
  352. split-tunnel-network-list value split_tunnel
  353. default-domain value internal.company.com
  354. group-policy DfltGrpPolicy attributes
  355. dns-server value 8.8.8.8
  356. password-storage enable
  357. split-tunnel-policy tunnelspecified
  358. split-tunnel-network-list value split_tunnel
  359. default-domain value internal.company.com
  360. group-policy company internal
  361. group-policy company attributes
  362. wins-server value 192.168.5.29
  363. dns-server value 192.168.5.46
  364. vpn-tunnel-protocol ikev1
  365. password-storage enable
  366. split-tunnel-network-list value split_tunnel
  367. default-domain value internal.company.com
  368. group-policy GroupPolicy_company_anyconnect internal
  369. group-policy GroupPolicy_company_anyconnect attributes
  370. wins-server value 192.168.5.29
  371. dns-server value 192.168.5.46
  372. vpn-tunnel-protocol ikev2 ssl-client
  373. password-storage enable
  374. split-tunnel-network-list value split_tunnel
  375. default-domain value internal.company.com
  376. webvpn
  377. anyconnect profiles value company_anyconnect_client_profile type user
  378. tunnel-group DefaultRAGroup general-attributes
  379. address-pool vpn_pool
  380. authentication-server-group company LOCAL
  381. default-group-policy DefaultRAGroup
  382. tunnel-group DefaultRAGroup ipsec-attributes
  383. ikev1 pre-shared-key *****
  384. tunnel-group DefaultRAGroup ppp-attributes
  385. authentication ms-chap-v2
  386. tunnel-group DefaultWEBVPNGroup general-attributes
  387. authentication-server-group company LOCAL
  388. tunnel-group company_anyconnect type remote-access
  389. tunnel-group company_anyconnect general-attributes
  390. address-pool vpn_pool
  391. authentication-server-group company LOCAL
  392. default-group-policy GroupPolicy_company_anyconnect
  393. tunnel-group company_anyconnect webvpn-attributes
  394. group-alias company_anyconnect enable
  395. tunnel-group company type remote-access
  396. tunnel-group company general-attributes
  397. address-pool vpn_pool
  398. authentication-server-group company LOCAL
  399. default-group-policy company
  400. tunnel-group company ipsec-attributes
  401. ikev1 pre-shared-key *
  402. tunnel-group DC_VPN type ipsec-l2l
  403. tunnel-group 204.x.x.x type ipsec-l2l
  404. tunnel-group 204.x.x.x ipsec-attributes
  405. ikev1 pre-shared-key *
  406. !
  407. class-map inspection_default
  408. match default-inspection-traffic
  409. !
  410. !
  411. policy-map type inspect dns preset_dns_map
  412. parameters
  413. message-length maximum client auto
  414. message-length maximum 512
  415. policy-map global_policy
  416. class inspection_default
  417. inspect dns preset_dns_map
  418. inspect ftp
  419. inspect h323 h225
  420. inspect h323 ras
  421. inspect rsh
  422. inspect rtsp
  423. inspect esmtp
  424. inspect sqlnet
  425. inspect skinny
  426. inspect sunrpc
  427. inspect xdmcp
  428. inspect sip
  429. inspect netbios
  430. inspect tftp
  431. inspect ip-options
  432. inspect icmp
  433. class class-default
  434. user-statistics accounting
  435. !
  436. service-policy global_policy global
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!