Advertisement
missiongeek

Untitled

Oct 13th, 2013
180
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.70 KB | None | 0 0
  1. hostname asaconcord
  2. domain-name rtv.com
  3. enable password x.x.x.x encrypted
  4. passwd x.x.x.x encrypted
  5. names
  6. name 10.10.0.0 A-10.10.0.0 description INSIDE_NETWORK
  7. name 10.10.0.5 A-10.10.0.5 description VPN_PLATINUM2
  8. name 10.10.0.90 A-10.10.0.90 description VGSUPPORT
  9. name x.x.x.x x.x.x.x description OUTSIDE_NETWORK
  10. !
  11. interface Ethernet0/0
  12. description VLAN 2
  13. switchport access vlan 2
  14. !
  15. interface Ethernet0/1
  16. description VLAN 1
  17. !
  18. interface Ethernet0/2
  19. !
  20. interface Ethernet0/3
  21. switchport access vlan 3
  22. !
  23. interface Ethernet0/4
  24. switchport access vlan 4
  25. !
  26. interface Ethernet0/5
  27. !
  28. interface Ethernet0/6
  29. !
  30. interface Ethernet0/7
  31. shutdown
  32. !
  33. interface Vlan1
  34. description Inside
  35. nameif Inside
  36. security-level 100
  37. ip address 10.10.0.1 255.255.252.0
  38. !
  39. interface Vlan2
  40. description Public
  41. nameif Public
  42. security-level 0
  43. ip address x.x.x.x 255.255.255.224
  44. !
  45. interface Vlan3
  46. nameif dev
  47. security-level 100
  48. ip address 192.168.3.1 255.255.255.0
  49. !
  50. interface Vlan4
  51. nameif wireless
  52. security-level 100
  53. ip address 192.168.4.1 255.255.255.0
  54. !
  55. boot system disk0:/asa824-1-k8.bin
  56. ftp mode passive
  57. clock timezone EST -5
  58. clock summer-time edt recurring
  59. dns domain-lookup Inside
  60. dns domain-lookup Public
  61. dns server-group DefaultDNS
  62. name-server A-10.10.0.5
  63. name-server 10.10.0.7
  64. name-server 8.8.8.8
  65. name-server 4.2.2.2
  66. domain-name rtv.com
  67. same-security-traffic permit inter-interface
  68. same-security-traffic permit intra-interface
  69. object-group service DM_INLINE_TCP_1 tcp
  70. port-object eq www
  71. port-object eq https
  72. 0
  73. access-list NoNAT extended permit ip A-10.10.0.0 255.255.252.0 x.x.x.x 255.255.248.0 log critical
  74. access-list in-out extended permit ip any any
  75. access-list in-out extended permit tcp host 10.10.0.10 any eq smtp
  76. access-list in-out extended permit tcp host 10.10.0.104 any eq smtp
  77. access-list in-out extended permit tcp host 10.10.1.15 any eq smtp
  78. access-list in-out extended permit tcp any eq www any eq www log
  79. access-list in-out extended permit tcp any eq smtp any eq smtp
  80. access-list in-out extended permit tcp any eq https any eq https log
  81. access-list Public_1_cryptomap extended permit ip A-10.10.0.0 255.255.252.0 x.x.x.x 255.255.248.0
  82. access-list nonat extended permit ip A-10.10.0.0 255.255.252.0 x.x.x.x 255.255.248.0
  83. pager lines 24
  84. logging enable
  85. logging timestamp
  86. logging emblem
  87. logging list SyslogEvents level alerts
  88. logging console warnings
  89. logging monitor errors
  90. logging buffered emergencies
  91. logging trap errors
  92. logging history errors
  93. logging asdm errors
  94. logging from-address mauricio@terarecon.com
  95. logging host Inside 10.10.0.250 format emblem
  96. logging host Inside x.x.x.x format emblem
  97. logging permit-hostdown
  98. mtu Inside 1500
  99. mtu Public 1500
  100. mtu wireless 1500
  101. mtu dev 1500
  102. ip local pool Pool 10.10.1.200-10.10.1.245 mask 255.255.255.224
  103. ip verify reverse-path interface Inside
  104. no failover
  105. icmp unreachable rate-limit 1 burst-size 1
  106. asdm image disk0:/asdm-625-53.bin
  107. asdm history enable
  108. arp timeout 14400
  109. global (Public) 1 interface
  110. nat (Inside) 0 access-list nonat
  111. nat (Inside) 1 A-10.10.0.0 255.255.252.0
  112. nat (Inside) 1 0.0.0.0 0.0.0.0
  113. nat (wireless) 1 192.168.4.0 255.255.255.0
  114. nat (dev) 1 192.168.3.0 255.255.255.0
  115. access-group out-in in interface Public
  116. route Public 0.0.0.0 0.0.0.0 x.x.x.x
  117. route Public x.x.x.x 255.255.248.0 63.150.232.1 1
  118. timeout xlate 1:00:00
  119. timeout conn 0:30:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  120. timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  121. timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  122. timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  123. timeout tcp-proxy-reassembly 0:01:00
  124. dynamic-access-policy-record DfltAccessPolicy
  125. aaa-server TACACS+ protocol tacacs+
  126. aaa-server RADIUS protocol radius
  127. mac-list 500 permit 001c.2395.9ab5 ffff.ffff.ffff
  128. aaa authentication ssh console LOCAL
  129. aaa authentication telnet console LOCAL
  130. http server enable
  131. http 0.0.0.0 0.0.0.0 Inside
  132. snmp-server host Inside x.x.x.x community ***** version 2c
  133. no snmp-server location
  134. no snmp-server contact
  135. snmp-server community *****
  136. snmp-server enable traps snmp authentication linkup linkdown coldstart
  137. crypto ipsec transform-set chevelle esp-des esp-md5-hmac
  138. crypto ipsec transform-set 3desmd5 esp-3des esp-md5-hmac
  139. crypto ipsec transform-set terarecon esp-des esp-md5-hmac
  140. crypto ipsec transform-set strong esp-3des esp-md5-hmac
  141. crypto ipsec security-association lifetime seconds 28800
  142. crypto ipsec security-association lifetime kilobytes 4608000
  143. crypto dynamic-map dynmap 100 set transform-set 3desmd5
  144. crypto map vpn 1 match address Public_1_cryptomap
  145. crypto map vpn 1 set peer x.x.x.x
  146. crypto map vpn 1 set transform-set 3desmd5 terarecon strong chevelle
  147. crypto map vpn 100 ipsec-isakmp dynamic dynmap
  148. crypto map vpn interface Public
  149. crypto isakmp identity address
  150. crypto isakmp enable Inside
  151. crypto isakmp enable Public
  152. crypto isakmp policy 1
  153. authentication pre-share
  154. encryption 3des
  155. hash md5
  156. group 2
  157. lifetime 86400
  158. crypto isakmp policy 2
  159. authentication pre-share
  160. encryption des
  161. hash md5
  162. group 1
  163. lifetime 1000
  164. crypto isakmp policy 10
  165. authentication pre-share
  166. encryption des
  167. hash md5
  168. group 2
  169. lifetime 86400
  170. crypto isakmp policy 65535
  171. authentication pre-share
  172. encryption 3des
  173. hash sha
  174. group 2
  175. lifetime 86400
  176. crypto isakmp ipsec-over-tcp port 10000
  177. client-update enable
  178. telnet 0.0.0.0 0.0.0.0 Inside
  179. telnet timeout 5
  180. ssh 0.0.0.0 0.0.0.0 Inside
  181. ssh timeout 60
  182. ssh version 2
  183. console timeout 0
  184. management-access Inside
  185.  
  186. no threat-detection basic-threat
  187. threat-detection scanning-threat shun
  188. threat-detection statistics
  189. threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
  190. webvpn
  191. enable Public
  192. svc image disk0:/anyconnect-win-2.4.1012-k9.pkg 1
  193. svc image disk0:/anyconnect-wince-ARMv4I-2.4.1012-k9.pkg 2
  194. svc enable
  195. group-policy DfltGrpPolicy attributes
  196. vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn
  197. username terarecon password x.x.x.x encrypted
  198. username missiongeek password x.x.x.x encrypted privilege 15
  199. tunnel-group DefaultRAGroup general-attributes
  200. address-pool Pool
  201. dhcp-server A-10.10.0.5
  202. tunnel-group x.x.x.x type ipsec-l2l
  203. tunnel-group x.x.x.x ipsec-attributes
  204. pre-shared-key *****
  205. !
  206. class-map type inspect http match-all asdm_medium_security_methods
  207. match not request method head
  208. match not request method post
  209. match not request method get
  210. class-map inspection_default
  211. match default-inspection-traffic
  212. !
  213. !
  214. policy-map type inspect dns preset_dns_map
  215. parameters
  216. message-length maximum 512
  217. id-randomization
  218. id-mismatch action log
  219. policy-map global_policy
  220. class inspection_default
  221. inspect ftp
  222. inspect h323 h225
  223. inspect h323 ras
  224. inspect netbios
  225. inspect rsh
  226. inspect rtsp
  227. inspect skinny
  228. inspect esmtp
  229. inspect sqlnet
  230. inspect sunrpc
  231. inspect tftp
  232. inspect sip
  233. inspect xdmcp
  234. inspect dns preset_dns_map
  235. inspect http
  236. inspect pptp
  237. inspect icmp
  238. inspect ip-options
  239. policy-map type inspect http HTTP_inspection
  240. parameters
  241. protocol-violation action drop-connection
  242. class asdm_medium_security_methods
  243. drop-connection
  244. !
  245. service-policy global_policy global
  246. smtp-server x.x.x.x
  247. prompt hostname context
  248. call-home
  249. profile CiscoTAC-1
  250. no active
  251. destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
  252. destination address email callhome@cisco.com
  253. destination transport-method http
  254. subscribe-to-alert-group diagnostic
  255. subscribe-to-alert-group environment
  256. subscribe-to-alert-group inventory periodic monthly
  257. subscribe-to-alert-group configuration periodic monthly
  258. subscribe-to-alert-group telemetry periodic daily
  259. Cryptochecksum:b3bd2ef31e056aee46d942caee20f20d
  260. : end
  261. asaconcord#
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement