API tools faq
paste
Advertisement
Guest User

fw config

a guest
Jul 20th, 2011
413
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.42 KB | None | 0 0
raw download clone embed print report
  1. ASA Version 8.2(5)
  2. !
  3. hostname FW1
  4. domain-name fw.domain.com
  5. enable password xxx encrypted
  6. passwd yyy encrypted
  7. names
  8. !
  9. interface Ethernet0/0
  10. switchport trunk allowed vlan 150
  11. switchport trunk native vlan 150
  12. switchport mode trunk
  13. !
  14. interface Ethernet0/1
  15. switchport trunk allowed vlan 2
  16. switchport trunk native vlan 2
  17. switchport mode trunk
  18. !
  19. interface Ethernet0/2
  20. shutdown
  21. !
  22. interface Ethernet0/3
  23. shutdown
  24. !
  25. interface Ethernet0/4
  26. shutdown
  27. !
  28. interface Ethernet0/5
  29. shutdown
  30. !
  31. interface Ethernet0/6
  32. shutdown
  33. !
  34. interface Ethernet0/7
  35. shutdown
  36. !
  37. interface Vlan1
  38. nameif inside
  39. security-level 100
  40. ip address 192.168.100.254 255.255.255.0
  41. !
  42. interface Vlan2
  43. nameif trust
  44. security-level 100
  45. ip address 192.168.200.254 255.255.255.0
  46. !
  47. interface Vlan150
  48. nameif outside
  49. security-level 0
  50. ip address 80.90.80.90 255.255.254.0
  51. !
  52. boot system disk0:/asa825-k8.bin
  53. ftp mode passive
  54. clock timezone GMT/BST 0
  55. clock summer-time GMT/BDT recurring last Sun Mar 1:00 last Sun Oct 2:00
  56. dns server-group DefaultDNS
  57. domain-name fw.domain.com
  58. same-security-traffic permit inter-interface
  59. object-group network management
  60. network-object 123.123.123.0 255.255.255.128
  61. network-object host 234.234.234.234
  62. object-group service managedports tcp
  63. port-object eq 1311
  64. port-object eq 5666
  65. port-object eq 6556
  66. port-object eq ssh
  67. port-object eq telnet
  68. port-object eq 3389
  69. object-group service ftpports tcp
  70. port-object eq ftp
  71. port-object eq ftp-data
  72. object-group service webports tcp
  73. port-object eq www
  74. port-object eq https
  75. object-group service standardtcpout tcp
  76. port-object eq ftp
  77. port-object eq ftp-data
  78. port-object eq www
  79. port-object eq https
  80. port-object eq domain
  81. port-object eq ssh
  82. port-object eq pop3
  83. port-object eq imap4
  84. port-object eq 1433
  85. port-object eq 3306
  86. port-object eq whois
  87. port-object eq 8443
  88. port-object eq 5224
  89. port-object eq smtp
  90. port-object eq tacacs
  91. object-group service standardudpout udp
  92. port-object eq domain
  93. port-object eq ntp
  94. port-object eq syslog
  95. object-group service windowsdomaintcp tcp
  96. port-object eq 123
  97. port-object eq 135
  98. port-object eq 136
  99. port-object eq 137
  100. port-object eq 138
  101. port-object eq netbios-ssn
  102. port-object eq 1025
  103. port-object eq 3268
  104. port-object eq 3269
  105. port-object eq 445
  106. port-object range 49152 65535
  107. port-object eq 88
  108. port-object eq domain
  109. port-object eq ldap
  110. port-object eq ldaps
  111. object-group service windowsdomainudp udp
  112. port-object eq 135
  113. port-object eq 136
  114. port-object eq netbios-ns
  115. port-object eq netbios-dgm
  116. port-object eq 139
  117. port-object range 3268 3269
  118. port-object eq 389
  119. port-object eq 445
  120. port-object eq 636
  121. port-object eq 88
  122. port-object eq domain
  123. port-object eq ntp
  124. object-group service tcpnetbackupclient tcp
  125. port-object eq 13783
  126. port-object range 1024 5000
  127. port-object eq 13782
  128. port-object eq 13724
  129. object-group service tcpnetbackupmaster tcp
  130. port-object eq 13720
  131. access-list inside_access_in extended permit icmp any any
  132. access-list inside_access_in extended permit tcp any any object-group standardtcpout
  133. access-list inside_access_in extended permit udp any any object-group standardudpout
  134. access-list inside_access_in extended permit ip any any
  135. access-list outside_access_in extended permit icmp any any
  136. access-list outside_access_in extended permit tcp object-group management any object-group managedports
  137. access-list outside_access_in extended permit udp object-group management any eq snmp
  138. access-list trust_access_in extended permit ip any any
  139. access-list outside_access_in_1 extended permit ip any any
  140. pager lines 24
  141. logging enable
  142. logging timestamp
  143. logging buffered errors
  144. logging trap errors
  145. logging asdm errors
  146. mtu inside 1500
  147. mtu outside 1500
  148. mtu trust 1500
  149. no failover
  150. icmp unreachable rate-limit 1 burst-size 1
  151. icmp permit any inside
  152. asdm image disk0:/asdm-635.bin
  153. asdm history enable
  154. arp timeout 14400
  155. nat (inside) 1 0.0.0.0 0.0.0.0
  156. access-group inside_access_in in interface inside
  157. access-group outside_access_in_1 in interface outside
  158. access-group trust_access_in in interface trust
  159. route outside 0.0.0.0 0.0.0.0 123.123.123.123
  160. timeout xlate 3:00:00
  161. timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  162. timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  163. timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  164. timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  165. timeout tcp-proxy-reassembly 0:01:00
  166. timeout floating-conn 0:00:00
  167. dynamic-access-policy-record DfltAccessPolicy
  168. aaa-server TACACS+ protocol tacacs+
  169. aaa-server TACACS+ (outside) host 123.123.123.123
  170. key *****
  171. aaa-server TACACS+ (outside) host 234.234.234.234
  172. key *****
  173. aaa authentication http console TACACS+ LOCAL
  174. aaa authentication ssh console TACACS+ LOCAL
  175. aaa authentication enable console TACACS+ LOCAL
  176. aaa accounting enable console TACACS+
  177. aaa accounting ssh console TACACS+
  178. aaa accounting command TACACS+
  179. http server enable
  180. http 192.168.1.0 255.255.255.0 inside
  181. http 123.123.123.0 255.255.255.128 outside
  182. no snmp-server location
  183. snmp-server contact Bob
  184. snmp-server community *****
  185. snmp-server enable traps snmp authentication linkup linkdown coldstart
  186. crypto ipsec security-association lifetime seconds 28800
  187. crypto ipsec security-association lifetime kilobytes 4608000
  188. telnet timeout 5
  189. ssh 123.123.123.0 255.255.255.128 outside
  190. ssh 234.234.234.234 255.255.255.255 outside
  191. ssh timeout 60
  192. ssh version 2
  193. console timeout 0
  194.  
  195. threat-detection basic-threat
  196. threat-detection statistics access-list
  197. no threat-detection statistics tcp-intercept
  198. ntp server 123.123.123.123.
  199. webvpn
  200. username rancid password xxxx encrypted privilege 15
  201. !
  202. class-map inspection_default
  203. match default-inspection-traffic
  204. !
  205. !
  206. policy-map global_policy
  207. class inspection_default
  208. inspect dns
  209. inspect ftp
  210. inspect icmp
  211. inspect ip-options
  212. !
  213. service-policy global_policy global
  214. prompt hostname context
  215. no call-home reporting anonymous
  216. call-home
  217. profile CiscoTAC-1
  218. no active
  219. destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
  220. destination address email callhome@cisco.com
  221. destination transport-method http
  222. subscribe-to-alert-group diagnostic
  223. subscribe-to-alert-group environment
  224. subscribe-to-alert-group inventory periodic monthly
  225. subscribe-to-alert-group configuration periodic monthly
  226. subscribe-to-alert-group telemetry periodic daily
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!