Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ASA Version 8.2(5)
- !
- hostname FW1
- domain-name fw.domain.com
- enable password xxx encrypted
- passwd yyy encrypted
- names
- !
- interface Ethernet0/0
- switchport trunk allowed vlan 150
- switchport trunk native vlan 150
- switchport mode trunk
- !
- interface Ethernet0/1
- switchport trunk allowed vlan 2
- switchport trunk native vlan 2
- switchport mode trunk
- !
- interface Ethernet0/2
- shutdown
- !
- interface Ethernet0/3
- shutdown
- !
- interface Ethernet0/4
- shutdown
- !
- interface Ethernet0/5
- shutdown
- !
- interface Ethernet0/6
- shutdown
- !
- interface Ethernet0/7
- shutdown
- !
- interface Vlan1
- nameif inside
- security-level 100
- ip address 192.168.100.254 255.255.255.0
- !
- interface Vlan2
- nameif trust
- security-level 100
- ip address 192.168.200.254 255.255.255.0
- !
- interface Vlan150
- nameif outside
- security-level 0
- ip address 80.90.80.90 255.255.254.0
- !
- boot system disk0:/asa825-k8.bin
- ftp mode passive
- clock timezone GMT/BST 0
- clock summer-time GMT/BDT recurring last Sun Mar 1:00 last Sun Oct 2:00
- dns server-group DefaultDNS
- domain-name fw.domain.com
- same-security-traffic permit inter-interface
- object-group network management
- network-object 123.123.123.0 255.255.255.128
- network-object host 234.234.234.234
- object-group service managedports tcp
- port-object eq 1311
- port-object eq 5666
- port-object eq 6556
- port-object eq ssh
- port-object eq telnet
- port-object eq 3389
- object-group service ftpports tcp
- port-object eq ftp
- port-object eq ftp-data
- object-group service webports tcp
- port-object eq www
- port-object eq https
- object-group service standardtcpout tcp
- port-object eq ftp
- port-object eq ftp-data
- port-object eq www
- port-object eq https
- port-object eq domain
- port-object eq ssh
- port-object eq pop3
- port-object eq imap4
- port-object eq 1433
- port-object eq 3306
- port-object eq whois
- port-object eq 8443
- port-object eq 5224
- port-object eq smtp
- port-object eq tacacs
- object-group service standardudpout udp
- port-object eq domain
- port-object eq ntp
- port-object eq syslog
- object-group service windowsdomaintcp tcp
- port-object eq 123
- port-object eq 135
- port-object eq 136
- port-object eq 137
- port-object eq 138
- port-object eq netbios-ssn
- port-object eq 1025
- port-object eq 3268
- port-object eq 3269
- port-object eq 445
- port-object range 49152 65535
- port-object eq 88
- port-object eq domain
- port-object eq ldap
- port-object eq ldaps
- object-group service windowsdomainudp udp
- port-object eq 135
- port-object eq 136
- port-object eq netbios-ns
- port-object eq netbios-dgm
- port-object eq 139
- port-object range 3268 3269
- port-object eq 389
- port-object eq 445
- port-object eq 636
- port-object eq 88
- port-object eq domain
- port-object eq ntp
- object-group service tcpnetbackupclient tcp
- port-object eq 13783
- port-object range 1024 5000
- port-object eq 13782
- port-object eq 13724
- object-group service tcpnetbackupmaster tcp
- port-object eq 13720
- access-list inside_access_in extended permit icmp any any
- access-list inside_access_in extended permit tcp any any object-group standardtcpout
- access-list inside_access_in extended permit udp any any object-group standardudpout
- access-list inside_access_in extended permit ip any any
- access-list outside_access_in extended permit icmp any any
- access-list outside_access_in extended permit tcp object-group management any object-group managedports
- access-list outside_access_in extended permit udp object-group management any eq snmp
- access-list trust_access_in extended permit ip any any
- access-list outside_access_in_1 extended permit ip any any
- pager lines 24
- logging enable
- logging timestamp
- logging buffered errors
- logging trap errors
- logging asdm errors
- mtu inside 1500
- mtu outside 1500
- mtu trust 1500
- no failover
- icmp unreachable rate-limit 1 burst-size 1
- icmp permit any inside
- asdm image disk0:/asdm-635.bin
- asdm history enable
- arp timeout 14400
- nat (inside) 1 0.0.0.0 0.0.0.0
- access-group inside_access_in in interface inside
- access-group outside_access_in_1 in interface outside
- access-group trust_access_in in interface trust
- route outside 0.0.0.0 0.0.0.0 123.123.123.123
- timeout xlate 3:00:00
- timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
- timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
- timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
- timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
- timeout tcp-proxy-reassembly 0:01:00
- timeout floating-conn 0:00:00
- dynamic-access-policy-record DfltAccessPolicy
- aaa-server TACACS+ protocol tacacs+
- aaa-server TACACS+ (outside) host 123.123.123.123
- key *****
- aaa-server TACACS+ (outside) host 234.234.234.234
- key *****
- aaa authentication http console TACACS+ LOCAL
- aaa authentication ssh console TACACS+ LOCAL
- aaa authentication enable console TACACS+ LOCAL
- aaa accounting enable console TACACS+
- aaa accounting ssh console TACACS+
- aaa accounting command TACACS+
- http server enable
- http 192.168.1.0 255.255.255.0 inside
- http 123.123.123.0 255.255.255.128 outside
- no snmp-server location
- snmp-server contact Bob
- snmp-server community *****
- snmp-server enable traps snmp authentication linkup linkdown coldstart
- crypto ipsec security-association lifetime seconds 28800
- crypto ipsec security-association lifetime kilobytes 4608000
- telnet timeout 5
- ssh 123.123.123.0 255.255.255.128 outside
- ssh 234.234.234.234 255.255.255.255 outside
- ssh timeout 60
- ssh version 2
- console timeout 0
- threat-detection basic-threat
- threat-detection statistics access-list
- no threat-detection statistics tcp-intercept
- ntp server 123.123.123.123.
- webvpn
- username rancid password xxxx encrypted privilege 15
- !
- class-map inspection_default
- match default-inspection-traffic
- !
- !
- policy-map global_policy
- class inspection_default
- inspect dns
- inspect ftp
- inspect icmp
- inspect ip-options
- !
- service-policy global_policy global
- prompt hostname context
- no call-home reporting anonymous
- call-home
- profile CiscoTAC-1
- no active
- destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
- destination address email callhome@cisco.com
- destination transport-method http
- subscribe-to-alert-group diagnostic
- subscribe-to-alert-group environment
- subscribe-to-alert-group inventory periodic monthly
- subscribe-to-alert-group configuration periodic monthly
- subscribe-to-alert-group telemetry periodic daily
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement