Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Lab-ASA# show run
- !
- ASA Version 9.8(1)
- !
- hostname Lab-ASA
- domain-name asalabdomain
- names
- ip local pool VPN_users 10.10.10.101-10.10.10.200 mask 255.255.255.0
- !
- interface GigabitEthernet1/1
- nameif outside
- security-level 0
- pppoe client vpdn group Lab-ASA
- ip address pppoe setroute
- !
- interface GigabitEthernet1/2
- bridge-group 1
- nameif inside_1
- security-level 100
- !
- interface GigabitEthernet1/3
- bridge-group 1
- nameif inside_2
- security-level 100
- !
- interface GigabitEthernet1/4
- bridge-group 1
- nameif inside_3
- security-level 100
- !
- interface GigabitEthernet1/5
- bridge-group 1
- nameif inside_4
- security-level 100
- !
- interface GigabitEthernet1/6
- bridge-group 1
- nameif inside_5
- security-level 100
- !
- interface GigabitEthernet1/7
- bridge-group 1
- nameif inside_6
- security-level 100
- !
- interface GigabitEthernet1/8
- bridge-group 1
- nameif inside_7
- security-level 100
- !
- interface Management1/1
- management-only
- no nameif
- no security-level
- no ip address
- !
- interface BVI1
- nameif inside_bridge
- security-level 100
- ip address 10.10.10.1 255.255.255.0
- !
- ftp mode passive
- !
- dns server-group DefaultDNS
- domain-name asalabdomain
- same-security-traffic permit inter-interface
- same-security-traffic permit intra-interface
- !
- object network internalIP
- subnet 10.10.10.0 255.255.255.0
- !
- object-group network Global_Blacklist
- network-object host 2.2.2.2
- !
- access-list outside_access_in extended deny ip object-group Global_Blacklist any4
- access-list VPN_ACL standard permit 10.10.10.0 255.255.255.0
- access-list inside_bridge_access_in extended permit ip any any
- access-list inside_1_access_in extended permit ip any any
- access-list inside_2_access_in extended permit ip any any
- access-list inside_5_access_in extended permit ip any any
- access-list inside_6_access_in extended permit ip any any
- access-list inside_3_access_in extended permit ip any any
- access-list inside_7_access_in extended permit ip any any
- access-list inside_4_access_in extended permit ip any any
- !
- pager lines 24
- logging enable
- logging timestamp
- logging trap informational
- logging asdm critical
- logging permit-hostdown
- mtu outside 1500
- mtu inside_1 1500
- mtu inside_2 1500
- mtu inside_3 1500
- mtu inside_4 1500
- mtu inside_5 1500
- mtu inside_6 1500
- mtu inside_7 1500
- icmp unreachable rate-limit 1 burst-size 1
- no asdm history enable
- arp timeout 14400
- no arp permit-nonconnected
- arp rate-limit 16384
- !
- object network internalIP
- nat (any,outside) dynamic interface
- !
- access-group outside_access_in in interface outside
- access-group inside_1_access_in in interface inside_1
- access-group inside_2_access_in in interface inside_2
- access-group inside_3_access_in in interface inside_3
- access-group inside_4_access_in in interface inside_4
- access-group inside_5_access_in in interface inside_5
- access-group inside_6_access_in in interface inside_6
- access-group inside_7_access_in in interface inside_7
- access-group inside_bridge_access_in in interface inside_bridge
- !
- timeout xlate 3:00:00
- timeout pat-xlate 0:00:30
- timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02
- timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
- timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
- timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
- timeout tcp-proxy-reassembly 0:01:00
- timeout floating-conn 0:00:00
- timeout conn-holddown 0:00:15
- timeout igp stale-route 0:01:10
- !
- user-identity default-domain LOCAL
- aaa authentication ssh console LOCAL
- aaa authentication enable console LOCAL
- aaa authentication http console LOCAL
- aaa authentication login-history
- !
- no snmp-server location
- no snmp-server contact
- service sw-reset-button
- crypto ipsec security-association pmtu-aging infinite
- crypto ca trustpool policy
- telnet timeout 5
- ssh stricthostkeycheck
- ssh timeout 5
- ssh key-exchange group dh-group1-sha1
- console timeout 0
- !
- dhcpd auto_config outside
- dhcpd option 3 ip 10.10.10.1
- !
- dhcpd address 10.10.10.10-10.10.10.100 inside_bridge
- dhcpd dns 8.8.8.8 interface inside_bridge
- dhcpd option 3 ip 10.10.10.1 interface inside_bridge
- dhcpd enable inside_bridge
- !
- threat-detection basic-threat
- threat-detection statistics access-list
- no threat-detection statistics tcp-intercept
- !
- webvpn
- enable outside
- anyconnect image disk0:/anyconnect-win-4.5.05030-webdeploy-k9.pkg 1
- anyconnect image disk0:/anyconnect-macos-4.5.05030-webdeploy-k9.pkg 2
- anyconnect enable
- tunnel-group-list enable
- keepout "Service out temporarily."
- cache
- disable
- error-recovery disable
- group-policy DfltGrpPolicy attributes
- dns-server value 8.8.8.8
- vpn-simultaneous-logins 10
- vpn-tunnel-protocol ssl-client
- split-tunnel-policy tunnelspecified
- ipv6-split-tunnel-policy tunnelspecified
- group-policy VPN_group_policy internal
- group-policy VPN_group_policy attributes
- dns-server value 8.8.8.8
- vpn-tunnel-protocol ssl-client
- split-tunnel-policy tunnelspecified
- split-tunnel-network-list value VPN_ACL
- default-domain value asalabdomain
- dynamic-access-policy-record DfltAccessPolicy
- username admin password [omitted] privilege 15
- username user1 password [omitted] privilege 0
- username user1 attributes
- vpn-group-policy VPN_group_policy
- vpn-filter none
- group-lock value VPN_tunnel_group
- service-type remote-access
- username user2 password [omitted] privilege 0
- username user2 attributes
- vpn-group-policy VPN_group_policy
- vpn-filter none
- group-lock value VPN_tunnel_group
- service-type remote-access
- tunnel-group VPN_tunnel_group type remote-access
- tunnel-group VPN_tunnel_group general-attributes
- address-pool VPN_users
- default-group-policy VPN_group_policy
- tunnel-group VPN_tunnel_group webvpn-attributes
- group-alias VPN_tunnel_group enable
- !
- !
- !
- policy-map type inspect dns preset_dns_map
- parameters
- message-length maximum client auto
- message-length maximum 512
- no tcp-inspection
- !
- prompt hostname context
- no call-home reporting anonymous
- !
- : end
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement