API tools faq
paste
Advertisement
Guest User

Configuration

a guest
Apr 20th, 2018
512
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.94 KB | None | 0 0
raw download clone embed print report
  1. Lab-ASA# show run
  2. !
  3. ASA Version 9.8(1)
  4. !
  5. hostname Lab-ASA
  6. domain-name asalabdomain
  7. names
  8. ip local pool VPN_users 10.10.10.101-10.10.10.200 mask 255.255.255.0
  9. !
  10. interface GigabitEthernet1/1
  11. nameif outside
  12. security-level 0
  13. pppoe client vpdn group Lab-ASA
  14. ip address pppoe setroute
  15. !
  16. interface GigabitEthernet1/2
  17. bridge-group 1
  18. nameif inside_1
  19. security-level 100
  20. !
  21. interface GigabitEthernet1/3
  22. bridge-group 1
  23. nameif inside_2
  24. security-level 100
  25. !
  26. interface GigabitEthernet1/4
  27. bridge-group 1
  28. nameif inside_3
  29. security-level 100
  30. !
  31. interface GigabitEthernet1/5
  32. bridge-group 1
  33. nameif inside_4
  34. security-level 100
  35. !
  36. interface GigabitEthernet1/6
  37. bridge-group 1
  38. nameif inside_5
  39. security-level 100
  40. !
  41. interface GigabitEthernet1/7
  42. bridge-group 1
  43. nameif inside_6
  44. security-level 100
  45. !
  46. interface GigabitEthernet1/8
  47. bridge-group 1
  48. nameif inside_7
  49. security-level 100
  50. !
  51. interface Management1/1
  52. management-only
  53. no nameif
  54. no security-level
  55. no ip address
  56. !
  57. interface BVI1
  58. nameif inside_bridge
  59. security-level 100
  60. ip address 10.10.10.1 255.255.255.0
  61. !
  62. ftp mode passive
  63. !
  64. dns server-group DefaultDNS
  65. domain-name asalabdomain
  66. same-security-traffic permit inter-interface
  67. same-security-traffic permit intra-interface
  68. !
  69. object network internalIP
  70. subnet 10.10.10.0 255.255.255.0
  71. !
  72. object-group network Global_Blacklist
  73. network-object host 2.2.2.2
  74. !
  75. access-list outside_access_in extended deny ip object-group Global_Blacklist any4
  76. access-list VPN_ACL standard permit 10.10.10.0 255.255.255.0
  77. access-list inside_bridge_access_in extended permit ip any any
  78. access-list inside_1_access_in extended permit ip any any
  79. access-list inside_2_access_in extended permit ip any any
  80. access-list inside_5_access_in extended permit ip any any
  81. access-list inside_6_access_in extended permit ip any any
  82. access-list inside_3_access_in extended permit ip any any
  83. access-list inside_7_access_in extended permit ip any any
  84. access-list inside_4_access_in extended permit ip any any
  85. !
  86. pager lines 24
  87. logging enable
  88. logging timestamp
  89. logging trap informational
  90. logging asdm critical
  91. logging permit-hostdown
  92. mtu outside 1500
  93. mtu inside_1 1500
  94. mtu inside_2 1500
  95. mtu inside_3 1500
  96. mtu inside_4 1500
  97. mtu inside_5 1500
  98. mtu inside_6 1500
  99. mtu inside_7 1500
  100. icmp unreachable rate-limit 1 burst-size 1
  101. no asdm history enable
  102. arp timeout 14400
  103. no arp permit-nonconnected
  104. arp rate-limit 16384
  105. !
  106. object network internalIP
  107. nat (any,outside) dynamic interface
  108. !
  109. access-group outside_access_in in interface outside
  110. access-group inside_1_access_in in interface inside_1
  111. access-group inside_2_access_in in interface inside_2
  112. access-group inside_3_access_in in interface inside_3
  113. access-group inside_4_access_in in interface inside_4
  114. access-group inside_5_access_in in interface inside_5
  115. access-group inside_6_access_in in interface inside_6
  116. access-group inside_7_access_in in interface inside_7
  117. access-group inside_bridge_access_in in interface inside_bridge
  118. !
  119. timeout xlate 3:00:00
  120. timeout pat-xlate 0:00:30
  121. timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02
  122. timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  123. timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  124. timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  125. timeout tcp-proxy-reassembly 0:01:00
  126. timeout floating-conn 0:00:00
  127. timeout conn-holddown 0:00:15
  128. timeout igp stale-route 0:01:10
  129. !
  130. user-identity default-domain LOCAL
  131. aaa authentication ssh console LOCAL
  132. aaa authentication enable console LOCAL
  133. aaa authentication http console LOCAL
  134. aaa authentication login-history
  135. !
  136. no snmp-server location
  137. no snmp-server contact
  138. service sw-reset-button
  139. crypto ipsec security-association pmtu-aging infinite
  140. crypto ca trustpool policy
  141. telnet timeout 5
  142. ssh stricthostkeycheck
  143. ssh timeout 5
  144. ssh key-exchange group dh-group1-sha1
  145. console timeout 0
  146. !
  147. dhcpd auto_config outside
  148. dhcpd option 3 ip 10.10.10.1
  149. !
  150. dhcpd address 10.10.10.10-10.10.10.100 inside_bridge
  151. dhcpd dns 8.8.8.8 interface inside_bridge
  152. dhcpd option 3 ip 10.10.10.1 interface inside_bridge
  153. dhcpd enable inside_bridge
  154. !
  155. threat-detection basic-threat
  156. threat-detection statistics access-list
  157. no threat-detection statistics tcp-intercept
  158. !
  159. webvpn
  160. enable outside
  161. anyconnect image disk0:/anyconnect-win-4.5.05030-webdeploy-k9.pkg 1
  162. anyconnect image disk0:/anyconnect-macos-4.5.05030-webdeploy-k9.pkg 2
  163. anyconnect enable
  164. tunnel-group-list enable
  165. keepout "Service out temporarily."
  166. cache
  167. disable
  168. error-recovery disable
  169. group-policy DfltGrpPolicy attributes
  170. dns-server value 8.8.8.8
  171. vpn-simultaneous-logins 10
  172. vpn-tunnel-protocol ssl-client
  173. split-tunnel-policy tunnelspecified
  174. ipv6-split-tunnel-policy tunnelspecified
  175. group-policy VPN_group_policy internal
  176. group-policy VPN_group_policy attributes
  177. dns-server value 8.8.8.8
  178. vpn-tunnel-protocol ssl-client
  179. split-tunnel-policy tunnelspecified
  180. split-tunnel-network-list value VPN_ACL
  181. default-domain value asalabdomain
  182. dynamic-access-policy-record DfltAccessPolicy
  183. username admin password [omitted] privilege 15
  184. username user1 password [omitted] privilege 0
  185. username user1 attributes
  186. vpn-group-policy VPN_group_policy
  187. vpn-filter none
  188. group-lock value VPN_tunnel_group
  189. service-type remote-access
  190. username user2 password [omitted] privilege 0
  191. username user2 attributes
  192. vpn-group-policy VPN_group_policy
  193. vpn-filter none
  194. group-lock value VPN_tunnel_group
  195. service-type remote-access
  196. tunnel-group VPN_tunnel_group type remote-access
  197. tunnel-group VPN_tunnel_group general-attributes
  198. address-pool VPN_users
  199. default-group-policy VPN_group_policy
  200. tunnel-group VPN_tunnel_group webvpn-attributes
  201. group-alias VPN_tunnel_group enable
  202. !
  203. !
  204. !
  205. policy-map type inspect dns preset_dns_map
  206. parameters
  207. message-length maximum client auto
  208. message-length maximum 512
  209. no tcp-inspection
  210. !
  211. prompt hostname context
  212. no call-home reporting anonymous
  213. !
  214. : end
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!