API tools faq
paste
Guest User

Untitled

a guest
Nov 27th, 2018
156
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.00 KB | None | 0 0
raw download clone embed print report
  1.  
  2. : Hardware: ASA5506, 4096 MB RAM, CPU Atom C2000 series 1250 MHz, 1 CPU (4 cor es)
  3. :
  4. ASA Version 9.5(2)
  5. !
  6. ip local pool VPNPOOL 10.100.0.150-10.100.0.254 mask 255.255.255.0
  7. !
  8. interface GigabitEthernet1/1
  9. nameif outside
  10. security-level 0
  11. ip address [MY PUBLIC IP ADDRESS] 255.255.255.248
  12. !
  13. interface GigabitEthernet1/2
  14. nameif inside
  15. security-level 100
  16. ip address 10.40.0.2 255.255.255.0
  17. !
  18. interface GigabitEthernet1/3
  19. shutdown
  20. no nameif
  21. no security-level
  22. no ip address
  23. !
  24. interface GigabitEthernet1/4
  25. shutdown
  26. no nameif
  27. no security-level
  28. no ip address
  29. !
  30. interface GigabitEthernet1/5
  31. shutdown
  32. no nameif
  33. no security-level
  34. no ip address
  35. !
  36. interface GigabitEthernet1/6
  37. shutdown
  38. no nameif
  39. no security-level
  40. no ip address
  41. !
  42. interface GigabitEthernet1/7
  43. shutdown
  44. no nameif
  45. no security-level
  46. no ip address
  47. !
  48. interface GigabitEthernet1/8
  49. shutdown
  50. no nameif
  51. no security-level
  52. no ip address
  53. !
  54. interface Management1/1
  55. management-only
  56. no nameif
  57. no security-level
  58. no ip address
  59. !
  60. ftp mode passive
  61. same-security-traffic permit intra-interface
  62. object network obj_10.40.0.0
  63. subnet 10.40.0.0 255.255.0.0
  64. object network VPN_object
  65. range 10.100.0.150 10.100.0.254
  66. object network VPN_OBJECT
  67. object network RAT_SRV
  68. host 10.40.0.20
  69. access-list VPN_SplitTunnel extended permit ip 10.100.0.0 255.255.255.0 10.40.0. 0 255.255.0.0
  70. access-list SFR extended permit ip any any
  71. access-list VPN standard permit 10.40.0.0 255.255.0.0
  72. access-list VPN standard permit 10.100.0.0 255.255.255.0
  73. access-list inbound extended permit tcp any object RAT_SRV eq 4782
  74. pager lines 24
  75. logging asdm informational
  76. mtu outside 1500
  77. mtu inside 1500
  78. icmp unreachable rate-limit 1 burst-size 1
  79. no asdm history enable
  80. arp timeout 14400
  81. no arp permit-nonconnected
  82. nat (inside,outside) source static obj_10.40.0.0 obj_10.40.0.0 destination stati c VPN_object VPN_object no-proxy-arp route-lookup
  83. nat (inside,any) source static obj_10.40.0.0 obj_10.40.0.0 destination static VP N_object VPN_object no-proxy-arp route-lookup
  84. nat (outside,outside) source static VPN_object VPN_object destination static VPN _object VPN_object no-proxy-arp route-lookup
  85. !
  86. object network obj_10.40.0.0
  87. nat (inside,outside) dynamic interface
  88. object network RAT_SRV
  89. nat (inside,outside) static interface service tcp 4782 4782
  90. route outside 0.0.0.0 0.0.0.0 [MY PUBLIC IP ADDRESS] 1
  91. route inside 10.40.1.0 255.255.255.0 10.40.0.1 1
  92. route inside 10.100.0.0 255.255.255.0 10.40.0.1 1
  93. timeout xlate 3:00:00
  94. timeout pat-xlate 0:00:30
  95. timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02
  96. timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  97. timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  98. timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  99. timeout tcp-proxy-reassembly 0:01:00
  100. timeout floating-conn 0:00:00
  101. user-identity default-domain LOCAL
  102. aaa authentication telnet console LOCAL
  103. http server enable
  104. http 10.40.0.0 255.255.255.0 inside
  105. no snmp-server location
  106. no snmp-server contact
  107. service sw-reset-button
  108. crypto ipsec security-association pmtu-aging infinite
  109. crypto ca trustpool policy
  110. telnet 10.100.0.0 255.255.255.0 outside
  111. telnet 10.40.0.0 255.255.255.0 inside
  112. telnet 10.100.0.0 255.255.255.0 inside
  113. telnet timeout 5
  114. no ssh stricthostkeycheck
  115. ssh timeout 5
  116. ssh key-exchange group dh-group1-sha1
  117. console timeout 0
  118. management-access inside
  119.  
  120. dhcpd auto_config outside
  121. !
  122. threat-detection basic-threat
  123. threat-detection statistics access-list
  124. no threat-detection statistics tcp-intercept
  125. ntp server 10.40.0.1
  126. webvpn
  127. enable outside
  128. anyconnect image disk0:/anyconnect-win-3.1.14018-k9.pkg 1
  129. anyconnect enable
  130. tunnel-group-list enable
  131. cache
  132. disable
  133. error-recovery disable
  134. group-policy GroupPolicy_test internal
  135. group-policy GroupPolicy_test attributes
  136. wins-server none
  137. dns-server value 8.8.8.8
  138. vpn-tunnel-protocol ssl-client
  139. default-domain none
  140. group-policy Any_Connect internal
  141. group-policy Any_Connect attributes
  142. dns-server value 163.121.128.134 163.121.128.135
  143. vpn-tunnel-protocol ssl-client ssl-clientless
  144. split-tunnel-policy tunnelspecified
  145. split-tunnel-network-list value VPN
  146. address-pools value VPNPOOL
  147. dynamic-access-policy-record DfltAccessPolicy
  148.  
  149. username admin password --- encrypted privilege 15
  150. username user password --- encrypted privilege 15
  151. username user attributes
  152. vpn-group-policy Any_Connect
  153. vpn-simultaneous-logins 25
  154. tunnel-group Any_connecy type remote-access
  155. tunnel-group Any_connecy general-attributes
  156. address-pool VPNPOOL
  157. default-group-policy Any_Connect
  158. tunnel-group Any_connecy webvpn-attributes
  159. group-alias Aphrodite enable
  160. tunnel-group test type remote-access
  161. tunnel-group test general-attributes
  162. address-pool VPNPOOL
  163. default-group-policy GroupPolicy_test
  164. tunnel-group test webvpn-attributes
  165. group-alias test enable
  166. !
  167. class-map SFR
  168. match access-list SFR
  169. class-map inspection_default
  170. match default-inspection-traffic
  171. !
  172. !
  173. policy-map type inspect dns preset_dns_map
  174. parameters
  175. message-length maximum client auto
  176. message-length maximum 512
  177. policy-map global_policy
  178. class inspection_default
  179. inspect dns preset_dns_map
  180. inspect ftp
  181. inspect h323 h225
  182. inspect h323 ras
  183. inspect rsh
  184. inspect rtsp
  185. inspect esmtp
  186. inspect sqlnet
  187. inspect skinny
  188. inspect sunrpc
  189. inspect xdmcp
  190. inspect sip
  191. inspect netbios
  192. inspect tftp
  193. inspect ip-options
  194. inspect icmp
  195. class SFR
  196. sfr fail-open monitor-only
  197. !
  198. service-policy global_policy global
  199. prompt hostname context
  200. no call-home reporting anonymous
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!