API tools faq
paste
Advertisement
remotefixonline

5510-config

remotefixonline
Jun 27th, 2013
155
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 11.85 KB | None | 0 0
raw download clone embed print report
  1. asdm image disk0:/asdm-508.bin
  2. asdm location 10.0.3.0 255.255.255.0 inside
  3. asdm location 10.0.0.1 255.255.255.255 inside
  4. asdm location 68.188.97.153 255.255.255.255 guest
  5. asdm location 192.168.1.0 255.255.255.0 outside
  6. asdm location 192.168.1.0 255.255.255.0 guest
  7. asdm location 68.188.97.153 255.255.255.255 outside
  8. asdm location 192.168.1.0 255.255.255.0 inside
  9. no asdm history enable
  10. : Saved
  11. :
  12. ASA Version 7.0(8)
  13. !
  14. hostname asaxo
  15. domain-name bethesdahealth.org
  16. enable password asdfsdfsf encrypted
  17. passwd sdfsdfsf encrypted
  18. names
  19. dns-guard
  20. !
  21. interface Ethernet0/0
  22. speed 100
  23. duplex full
  24. nameif outside
  25. security-level 0
  26. ip address 67.152.145.227 255.255.255.224
  27. !
  28. interface Ethernet0/1
  29. speed 100
  30. duplex full
  31. nameif inside
  32. security-level 100
  33. ip address 10.0.0.2 255.255.252.0
  34. !
  35. interface Ethernet0/2
  36. no nameif
  37. no security-level
  38. no ip address
  39. !
  40. interface Ethernet0/2.172
  41. vlan 172
  42. nameif guestmgmt
  43. security-level 80
  44. ip address 172.16.0.1 255.255.255.0
  45. !
  46. interface Ethernet0/2.173
  47. vlan 173
  48. nameif guest
  49. security-level 10
  50. ip address 172.17.0.1 255.255.255.0
  51. !
  52. interface Management0/0
  53. nameif management
  54. security-level 100
  55. ip address 192.168.1.1 255.255.255.0
  56. management-only
  57. !
  58. !
  59. time-range test
  60. !
  61. ftp mode passive
  62. clock timezone CST -6
  63. clock summer-time CDT recurring 1 Sun Apr 2:00 last Sun Oct 2:00
  64. same-security-traffic permit intra-interface
  65. object-group network PrivateIPs
  66. network-object 10.0.0.0 255.0.0.0
  67. network-object 172.16.0.0 255.240.0.0
  68. network-object 192.168.0.0 255.255.0.0
  69. access-list inside_nat0_outbound extended permit ip any 10.0.3.0 255.255.255.0
  70. access-list inside_nat0_outbound extended permit ip 10.0.0.0 255.255.252.0 host 68.188.97.153
  71. access-list inside_nat0_outbound extended permit ip 10.0.0.0 255.255.252.0 192.168.1.0 255.255.255.0
  72. access-list inside_nat0_outbound extended permit ip 10.0.0.0 255.0.0.0 192.168.1.0 255.255.255.0
  73. access-list inside_nat0_outbound extended permit ip 10.1.0.0 255.255.255.0 192.168.1.0 255.255.255.0
  74. access-list bethMB_splitTunnelAcl standard permit any
  75. access-list inbound extended permit icmp any any echo-reply
  76. access-list inbound extended permit icmp any any source-quench
  77. access-list inbound extended permit icmp any any unreachable
  78. access-list inbound extended permit icmp any any time-exceeded
  79. access-list inbound extended permit tcp any host 67.152.145.228 eq https
  80. access-list inbound extended permit tcp any host 67.152.145.229 eq smtp
  81. access-list inbound extended permit tcp any host 67.152.145.228 eq pptp
  82. access-list inbound extended permit gre any host 67.152.145.228
  83. access-list inbound extended permit ah any host 67.152.145.228
  84. access-list inbound extended permit tcp any host 67.152.145.232 eq https
  85. access-list inbound extended permit tcp any host 67.152.145.233 eq 3389
  86. access-list inbound extended permit tcp any host 67.152.145.233 eq https
  87. access-list inbound extended permit tcp any host 67.152.145.234 eq https
  88. access-list inbound extended permit udp host 10.2.0.246 any eq isakmp
  89. access-list inbound extended permit udp host 10.2.0.246 any eq 4500
  90. access-list guestmgmt extended permit icmp any any echo-reply
  91. access-list guestmgmt extended permit icmp any any source-quench
  92. access-list guestmgmt extended permit icmp any any unreachable
  93. access-list guestmgmt extended permit icmp any any time-exceeded
  94. access-list guestmgmt extended permit 97 host 172.16.0.10 host 10.0.75.10
  95. access-list guestmgmt extended permit udp host 172.16.0.10 host 10.0.75.10 eq 1666
  96. access-list guestmgmt extended deny ip any object-group PrivateIPs
  97. access-list guestmgmt extended permit ip any any
  98. access-list guestmgmt_nat0_outbound extended permit ip any 10.0.3.0 255.255.255.0
  99. access-list guest extended permit udp any any eq bootpc
  100. access-list guest extended permit udp any any eq bootps
  101. access-list guest extended permit udp any any eq domain
  102. access-list guest extended permit tcp any any eq domain
  103. access-list guest extended permit tcp 172.17.0.0 255.255.255.0 any eq www
  104. access-list guest extended permit tcp 172.17.0.0 255.255.255.0 any eq https
  105. access-list guest extended permit tcp any host 67.152.145.228 eq https
  106. access-list guest extended permit tcp any host 67.152.145.229 eq smtp
  107. access-list guest extended permit tcp any host 67.152.145.228 eq pptp
  108. access-list guest extended permit gre any host 67.152.145.228
  109. access-list guest extended permit ah any host 67.152.145.228
  110. access-list guest extended permit tcp any host 67.152.145.232 eq https
  111. access-list guest extended permit tcp any host 67.152.145.233 eq 3389
  112. access-list guest extended permit tcp any host 67.152.145.233 eq https
  113. access-list guest extended permit tcp any host 67.152.145.234 eq https
  114. access-list guest extended deny ip any any
  115. access-list limitguest extended permit ip 172.17.0.0 255.255.255.0 any
  116. access-list limitguest extended permit ip any 172.17.0.0 255.255.255.0
  117. access-list limitguest extended permit ip any host 67.152.145.253
  118. access-list limitguest extended permit ip host 67.152.145.253 any
  119. access-list guest_nat0_outbound extended permit ip 10.0.0.0 255.255.0.0 192.168.1.0 255.255.255.0
  120. access-list outside_cryptomap_1 extended permit ip 10.0.0.0 255.255.0.0 192.168.1.0 255.255.255.0
  121. access-list inside_nat0_outside extended permit ip any 192.168.1.0 255.255.255.0
  122. access-list inside_nat0_outside extended permit ip any 192.168.0.0 255.255.0.0
  123. access-list outside_nat0_outbound extended permit ip 10.0.0.0 255.0.0.0 192.168.1.0 255.255.255.0
  124. access-list outside_nat0_inbound extended permit ip 10.0.0.0 255.0.0.0 192.168.1.0 255.255.255.0
  125. pager lines 24
  126. logging enable
  127. logging monitor warnings
  128. logging buffered warnings
  129. logging asdm informational
  130. mtu outside 1500
  131. mtu inside 1500
  132. mtu management 1500
  133. mtu guestmgmt 1500
  134. mtu guest 1500
  135. ip local pool MBCGIT 10.0.3.5-10.0.3.254 mask 255.255.252.0
  136. asdm image disk0:/asdm-508.bin
  137. no asdm history enable
  138. arp timeout 14400
  139. global (outside) 10 interface
  140. global (outside) 20 67.152.145.253
  141. nat (outside) 0 access-list outside_nat0_outbound
  142. nat (outside) 0 access-list outside_nat0_inbound outside
  143. nat (inside) 0 access-list inside_nat0_outbound
  144. nat (inside) 10 0.0.0.0 0.0.0.0
  145. nat (guestmgmt) 0 access-list guestmgmt_nat0_outbound
  146. nat (guest) 0 access-list guest_nat0_outbound
  147. nat (guest) 20 172.17.0.0 255.255.255.0
  148. static (inside,outside) 67.152.145.229 10.0.0.15 netmask 255.255.255.255
  149. static (inside,outside) 67.152.145.230 10.0.0.5 netmask 255.255.255.255
  150. static (inside,outside) 67.152.145.232 10.0.0.7 netmask 255.255.255.255
  151. static (inside,outside) 67.152.145.234 10.0.0.38 netmask 255.255.255.255
  152. static (inside,outside) 67.152.145.233 10.1.0.216 netmask 255.255.255.255
  153. static (inside,outside) 67.152.145.228 10.0.0.64 netmask 255.255.255.255
  154. static (inside,guestmgmt) 10.0.0.0 10.0.0.0 netmask 255.0.0.0
  155. static (inside,guest) 67.152.145.229 10.0.0.15 netmask 255.255.255.255
  156. static (inside,guest) 67.152.145.230 10.0.0.5 netmask 255.255.255.255
  157. static (inside,guest) 67.152.145.232 10.0.0.7 netmask 255.255.255.255
  158. static (inside,guest) 67.152.145.234 10.0.0.38 netmask 255.255.255.255
  159. static (inside,guest) 67.152.145.233 10.1.0.216 netmask 255.255.255.255
  160. static (inside,guest) 67.152.145.228 10.0.0.64 netmask 255.255.255.255
  161. access-group inbound in interface outside
  162. access-group guestmgmt in interface guestmgmt
  163. access-group guest in interface guest
  164. route outside 192.168.1.0 255.255.255.0 192.168.1.1 1
  165. route outside 0.0.0.0 0.0.0.0 67.152.145.225 1
  166. route inside 10.0.76.0 255.255.255.0 10.0.0.1 1
  167. route inside 10.0.75.0 255.255.255.0 10.0.0.1 1
  168. route inside 10.9.0.0 255.255.0.0 10.0.0.1 1
  169. route inside 10.6.0.0 255.255.0.0 10.0.0.1 1
  170. route inside 10.4.0.0 255.255.0.0 10.0.0.1 1
  171. route inside 10.3.0.0 255.255.0.0 10.0.0.1 1
  172. route inside 10.2.0.0 255.255.0.0 10.0.0.1 1
  173. route inside 10.7.0.0 255.255.0.0 10.0.0.1 1
  174. route inside 10.5.0.0 255.255.0.0 10.0.0.1 1
  175. route inside 10.1.0.0 255.255.0.0 10.0.0.1 1
  176. route inside 10.9.5.0 255.255.255.0 10.0.0.1 1
  177. route inside 10.9.0.0 255.255.252.0 10.0.0.1 1
  178. route inside 10.7.0.0 255.255.255.0 10.0.0.1 1
  179. route inside 10.6.0.0 255.255.255.0 10.0.0.1 1
  180. route inside 10.5.0.0 255.255.255.0 10.0.0.1 1
  181. route inside 10.4.0.0 255.255.255.0 10.0.0.1 1
  182. route inside 10.3.0.0 255.255.255.0 10.0.0.1 1
  183. route inside 10.2.0.0 255.255.255.0 10.0.0.1 1
  184. route inside 10.1.0.0 255.255.255.0 10.0.0.1 1
  185. timeout xlate 3:00:00
  186. timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  187. timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
  188. timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
  189. timeout uauth 0:05:00 absolute
  190. group-policy bethMB internal
  191. group-policy bethMB attributes
  192. dns-server value 12.127.16.68
  193. split-tunnel-policy tunnelspecified
  194. split-tunnel-network-list value bethMB_splitTunnelAcl
  195. webvpn
  196. username mbcg password Ssdfsdfsdf encrypted privilege 15
  197. username mbcg attributes
  198. vpn-group-policy bethMB
  199. webvpn
  200. http server enable
  201. http 10.0.0.0 255.255.252.0 inside
  202. http 192.168.1.0 255.255.255.0 management
  203. snmp-server host inside 10.1.0.99 community bhg2012
  204. no snmp-server location
  205. no snmp-server contact
  206. snmp-server community sdfsdfsf
  207. snmp-server enable traps snmp authentication linkup linkdown coldstart
  208. crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  209. crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
  210. crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
  211. crypto ipsec security-association lifetime seconds 28800
  212. crypto ipsec security-association lifetime kilobytes 4608000
  213. crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
  214. crypto dynamic-map outside_dyn_map 20 set security-association lifetime seconds 28800
  215. crypto dynamic-map outside_dyn_map 20 set security-association lifetime kilobytes 4608000
  216. crypto map outside_map 1 match address outside_cryptomap_1
  217. crypto map outside_map 1 set pfs group1
  218. crypto map outside_map 1 set peer 68.188.97.153
  219. crypto map outside_map 1 set transform-set ESP-3DES-SHA
  220. crypto map outside_map 1 set security-association lifetime seconds 28800
  221. crypto map outside_map 1 set security-association lifetime kilobytes 4608000
  222. crypto map outside_map 1 set nat-t-disable
  223. crypto map outside_map interface outside
  224. isakmp enable outside
  225. isakmp policy 10 authentication pre-share
  226. isakmp policy 10 encryption 3des
  227. isakmp policy 10 hash sha
  228. isakmp policy 10 group 2
  229. isakmp policy 10 lifetime 86400
  230. isakmp nat-traversal 20
  231. tunnel-group bethMB type ipsec-ra
  232. tunnel-group bethMB general-attributes
  233. address-pool MBCGIT
  234. default-group-policy bethMB
  235. tunnel-group bethMB ipsec-attributes
  236. pre-shared-key sdfsdfsdf
  237. tunnel-group 68.188.97.153 type ipsec-l2l
  238. tunnel-group 68.188.97.153 ipsec-attributes
  239. pre-shared-key sdfsdfsf
  240. telnet 10.0.0.0 255.255.252.0 inside
  241. telnet timeout 5
  242. ssh 68.143.191.75 255.255.255.255 outside
  243. ssh 68.143.191.77 255.255.255.255 outside
  244. ssh 198.200.139.235 255.255.255.255 outside
  245. ssh 10.0.0.0 255.255.252.0 inside
  246. ssh 10.1.0.0 255.255.255.0 inside
  247. ssh timeout 60
  248. console timeout 0
  249. management-access inside
  250. dhcpd address 172.17.0.20-172.17.0.254 guest
  251. dhcpd dns 8.8.8.8 8.8.4.4
  252. dhcpd lease 7200
  253. dhcpd ping_timeout 50
  254. dhcpd enable guest
  255. !
  256. class-map limitguest-class
  257. match access-list limitguest
  258. class-map inspection_default
  259. match default-inspection-traffic
  260. !
  261. !
  262. policy-map global_policy
  263. class inspection_default
  264. inspect dns maximum-length 512
  265. inspect ftp
  266. inspect h323 h225
  267. inspect h323 ras
  268. inspect rsh
  269. inspect rtsp
  270. inspect sqlnet
  271. inspect skinny
  272. inspect sunrpc
  273. inspect xdmcp
  274. inspect sip
  275. inspect netbios
  276. inspect tftp
  277. class class-default
  278. policy-map limitguest-policy
  279. class limitguest-class
  280. police 1000000 150000 conform-action drop
  281. !
  282. service-policy global_policy global
  283. service-policy limitguest-policy interface outside
  284. service-policy limitguest-policy interface guest
  285. Cryptochecksum:09640b352758050259d55d4d8bd6ba41
  286. : end
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!