API tools faq
paste
Advertisement
Guest User

NN ASA Config

a guest
Dec 4th, 2012
253
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.84 KB | None | 0 0
raw download clone embed print report
  1. CoreNative(config)# sh run
  2. : Saved
  3. :
  4. ASA Version 8.2(5)
  5. !
  6. hostname CoreNative
  7. enable password .m1BRA2KFWinJYL5 encrypted
  8. passwd 2KFQnbNIdI.2KYOU encrypted
  9. names
  10. !
  11. interface Ethernet0/0
  12. switchport access vlan 2
  13. !
  14. interface Ethernet0/1
  15. switchport trunk allowed vlan 10-18
  16. switchport mode trunk
  17. !
  18. interface Ethernet0/2
  19. switchport access vlan 100
  20. switchport trunk native vlan 100
  21. !
  22. interface Ethernet0/3
  23. !
  24. interface Ethernet0/4
  25. !
  26. interface Ethernet0/5
  27. !
  28. interface Ethernet0/6
  29. switchport access vlan 200
  30. !
  31. interface Ethernet0/7
  32. !
  33. interface Vlan2
  34. nameif outside
  35. security-level 0
  36. ip address dhcp setroute
  37. !
  38. interface Vlan10
  39. nameif AuthUser
  40. security-level 80
  41. ip address 10.0.10.1 255.255.255.0
  42. !
  43. interface Vlan11
  44. nameif Management
  45. security-level 90
  46. ip address 10.0.11.1 255.255.255.0
  47. !
  48. interface Vlan12
  49. nameif WirelessAuth
  50. security-level 80
  51. ip address 10.0.12.1 255.255.255.0
  52. !
  53. interface Vlan13
  54. nameif WirelessGuest
  55. security-level 50
  56. ip address 10.0.13.1 255.255.255.0
  57. !
  58. interface Vlan14
  59. nameif Server
  60. security-level 60
  61. ip address 10.0.14.1 255.255.255.0
  62. !
  63. interface Vlan15
  64. nameif Storage
  65. security-level 60
  66. ip address 10.0.15.1 255.255.255.0
  67. !
  68. interface Vlan16
  69. nameif VoIP
  70. security-level 60
  71. ip address 10.0.16.1 255.255.255.0
  72. !
  73. interface Vlan18
  74. nameif Camera
  75. security-level 60
  76. ip address 10.0.18.1 255.255.255.0
  77. !
  78. interface Vlan100
  79. nameif Engineering
  80. security-level 100
  81. ip address 10.0.100.1 255.255.255.0
  82. !
  83. ftp mode passive
  84. clock timezone MST -7
  85. clock summer-time MDT recurring
  86. dns domain-lookup outside
  87. dns server-group DefaultDNS
  88. name-server x.x.x.x
  89. name-server x.x.x.x
  90. same-security-traffic permit inter-interface
  91. same-security-traffic permit intra-interface
  92. access-list inside_access_in extended permit ip any any
  93. access-list split-tunnel standard permit 192.168.1.0 255.255.255.0
  94. access-list splitVPN standard permit 192.168.1.0 255.255.255.0
  95. access-list Engineering_nat0_outbound extended permit ip 10.0.100.0 255.255.255.0 10.0.10.0 255.255.255.0
  96. pager lines 24
  97. logging enable
  98. logging asdm informational
  99. mtu inside 1500
  100. mtu outside 1500
  101. mtu AuthUser 1500
  102. mtu Management 1500
  103. mtu WirelessAuth 1500
  104. mtu WirelessGuest 1500
  105. mtu Server 1500
  106. mtu Storage 1500
  107. mtu VoIP 1500
  108. mtu Camera 1500
  109. mtu Engineering 1500
  110. ip local pool VPNpool 10.0.50.10-10.0.50.85 mask 255.255.255.0
  111. no failover
  112. icmp unreachable rate-limit 1 burst-size 1
  113. icmp permit any inside
  114. icmp permit any AuthUser
  115. icmp permit any Management
  116. icmp permit any WirelessAuth
  117. icmp permit any Storage
  118. icmp permit any Engineering
  119. no asdm history enable
  120. arp timeout 14400
  121. nat-control
  122. global (outside) 1 interface
  123. nat (AuthUser) 1 0.0.0.0 0.0.0.0
  124. nat (Management) 1 0.0.0.0 0.0.0.0
  125. nat (WirelessAuth) 1 0.0.0.0 0.0.0.0
  126. nat (Storage) 1 0.0.0.0 0.0.0.0
  127. nat (Engineering) 0 access-list Engineering_nat0_outbound
  128. nat (Engineering) 1 0.0.0.0 0.0.0.0
  129. access-group outside_access in interface outside
  130. timeout xlate 3:00:00
  131. timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  132. timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  133. timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  134. timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  135. timeout tcp-proxy-reassembly 0:01:00
  136. timeout floating-conn 0:00:00
  137. dynamic-access-policy-record DfltAccessPolicy
  138. aaa authentication ssh console LOCAL
  139. aaa local authentication attempts max-fail 16
  140. http server enable
  141. http 0.0.0.0 0.0.0.0 outside
  142. http 0.0.0.0 0.0.0.0 Engineering
  143. no snmp-server location
  144. no snmp-server contact
  145. snmp-server enable traps snmp authentication linkup linkdown coldstart
  146.  
  147. telnet timeout 5
  148. ssh 0.0.0.0 0.0.0.0 inside
  149. ssh 0.0.0.0 0.0.0.0 outside
  150. ssh 0.0.0.0 0.0.0.0 Engineering
  151. ssh timeout 60
  152. console timeout 0
  153. management-access Engineering
  154. dhcpd auto_config outside
  155. !
  156. dhcpd address 192.168.1.5-192.168.1.149 inside
  157. dhcpd enable inside
  158. !
  159. dhcpd address 10.0.10.50-10.0.10.250 AuthUser
  160. dhcpd dns x.x.x.x interface AuthUser
  161. dhcpd auto_config outside interface AuthUser
  162. dhcpd enable AuthUser
  163. !
  164. dhcpd address 10.0.11.50-10.0.11.150 Management
  165. dhcpd auto_config outside interface Management
  166. dhcpd enable Management
  167. !
  168. dhcpd address 10.0.12.50-10.0.12.250 WirelessAuth
  169. dhcpd auto_config outside interface WirelessAuth
  170. dhcpd enable WirelessAuth
  171. !
  172. dhcpd address 10.0.13.50-10.0.13.100 WirelessGuest
  173. dhcpd auto_config outside interface WirelessGuest
  174. dhcpd enable WirelessGuest
  175. !
  176. dhcpd address 10.0.18.2-10.0.18.2 Camera
  177. dhcpd dns x.x.x.x interface Camera
  178. dhcpd enable Camera
  179. !
  180. dhcpd address 10.0.100.100-10.0.100.200 Engineering
  181. dhcpd dns x.x.x.x interface Engineering
  182. dhcpd enable Engineering
  183. !
  184.  
  185. threat-detection basic-threat
  186. threat-detection statistics access-list
  187. no threat-detection statistics tcp-intercept
  188. ssl trust-point ASDM_TrustPoint0 outside
  189. webvpn
  190. enable inside
  191. enable outside
  192. anyconnect-essentials
  193. svc image disk0:/anyconnect-win-2.5.2014-k9.pkg 1
  194. svc enable
  195. tunnel-group-list enable
  196. group-policy NativeVPN internal
  197. group-policy NativeVPN attributes
  198. dns-server value x.x.x.x
  199. vpn-tunnel-protocol svc webvpn
  200. split-tunnel-policy tunnelspecified
  201. split-tunnel-network-list value splitVPN
  202. default-domain value home.bbbbbl.com
  203. webvpn
  204. svc mtu 1200
  205. !
  206. class-map inspection_default
  207. match default-inspection-traffic
  208. !
  209. !
  210. policy-map type inspect dns preset_dns_map
  211. parameters
  212. message-length maximum client auto
  213. message-length maximum 512
  214. policy-map global_policy
  215. class inspection_default
  216. inspect dns preset_dns_map
  217. inspect ftp
  218. inspect h323 h225
  219. inspect h323 ras
  220. inspect rsh
  221. inspect rtsp
  222. inspect esmtp
  223. inspect sqlnet
  224. inspect skinny
  225. inspect sunrpc
  226. inspect xdmcp
  227. inspect sip
  228. inspect netbios
  229. inspect tftp
  230. inspect ip-options
  231. inspect icmp
  232. !
  233. service-policy global_policy global
  234. prompt hostname context
  235. : end
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!