Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- !
- hostname <SITE>-TB-OE-01
- enable password $sha512$5000$Dpo2mccXMNvSo0RVDPC3HA==$9DiZVn7sBxXDE2LBFTsD5w== pbkdf2
- names
- !
- interface GigabitEthernet0/0
- description <== Connection to Black Firewall Port10 ==>
- nameif outside
- security-level 0
- ip address <CONNECTION-TO-BF-IP> <CONNECTION-TO-BF-SUBNET-MASK>
- !
- interface GigabitEthernet0/1
- description <== Connection to Inner Encryption Port G1/0/1 ==>
- nameif inside
- security-level 100
- ip address <CONNECTION-TO-IE-IP> <CONNECTION-TO-IE-SUBNET-MASK>
- !
- interface GigabitEthernet0/2
- shutdown
- no nameif
- no security-level
- no ip address
- !
- interface GigabitEthernet0/3
- shutdown
- no nameif
- no security-level
- no ip address
- !
- interface GigabitEthernet0/4
- shutdown
- no nameif
- no security-level
- no ip address
- !
- interface GigabitEthernet0/5
- shutdown
- no nameif
- no security-level
- no ip address
- !
- interface GigabitEthernet0/6
- description <== Management Interface ==>
- nameif mgmt
- security-level 100
- ip address <MGMT-IP-ADDRESS> <MGMT-SUBNET-MASK>
- !
- interface Management0/0
- shutdown
- no nameif
- no security-level
- no ip address
- !
- interface Tunnel<SITE-TUNNEL#-CACC>
- description <== Primary Tunnel to Datacenter (CACC) ==>
- nameif <SITE>-to-cacc-tunnel
- ip address <PRIMARY-TUNNEL-SUBNET+2> 255.255.255.252
- tunnel source interface outside
- tunnel destination 172.16.1.2
- tunnel mode ipsec ipv4
- tunnel protection ipsec profile profile-1
- !
- interface Tunnel<SITE-TUNNEL#-LUAY>
- description <== Secondary Tunnel to Datacenter (LUAY) ==>
- nameif <SITE>-to-luay-tunnel
- ip address <SECONDARY-TUNNEL-SUBNET+2> 255.255.255.252
- tunnel source interface outside
- tunnel destination 172.16.32.2
- tunnel mode ipsec ipv4
- tunnel protection ipsec profile profile-1
- !
- ftp mode passive
- pager lines 23
- mtu outside 1500
- mtu inside 1500
- mtu mgmt 1500
- no failover
- no monitor-interface service-module
- icmp unreachable rate-limit 1 burst-size 1
- no asdm history enable
- arp timeout 14400
- no arp permit-nonconnected
- arp rate-limit 8192
- !
- ! ROUTE OUTSIDE FOR TUNNEL DESTINATIONS
- route outside 172.16.0.0 255.255.0.0 172.16.33.1 1
- !
- ! ROUTE TO ENCRYPT TRAFFIC DESTINE FOR GRAY NETWORK AT CACC
- route <SITE>-to-cacc-tunnel 172.16.1.128 255.255.255.128 <PRIMARY-TUNNEL-SUBNET+1> 1
- !
- ! ROUTE TO ENCRYPT TRAFFIC DESTINE FOR GRAY NETWORK AT LUAY
- route <SITE>-to-luay-tunnel 172.16.32.128 255.255.255.128 <SECONDARY-TUNNEL-SUBNET+1> 1
- !
- user-identity default-domain LOCAL
- aaa authentication login-history
- no snmp-server location
- no snmp-server contact
- crypto ipsec ikev2 ipsec-proposal proposal-1
- protocol esp encryption aes-gcm-256
- protocol esp integrity sha-384
- crypto ipsec profile profile-1
- set ikev2 ipsec-proposal proposal-1
- set pfs group20
- set security-association lifetime seconds 28800
- crypto ipsec security-association pmtu-aging infinite
- crypto isakmp identity address
- crypto ikev2 policy 1
- encryption aes-gcm-256
- integrity null
- group 20
- prf sha384
- lifetime seconds 28800
- crypto ikev2 enable outside
- telnet timeout 5
- ssh stricthostkeycheck
- ssh timeout 5
- ssh version 2
- ssh key-exchange group dh-group1-sha1
- console timeout 0
- console serial
- group-policy 172.16.1.2 internal
- group-policy 172.16.1.2 attributes
- vpn-tunnel-protocol ikev2
- group-policy 172.16.32.2 internal
- group-policy 172.16.32.2 attributes
- vpn-tunnel-protocol ikev2
- dynamic-access-policy-record DfltAccessPolicy
- tunnel-group 172.16.1.2 type ipsec-l2l
- tunnel-group 172.16.1.2 general-attributes
- default-group-policy 172.16.1.2
- tunnel-group 172.16.1.2 ipsec-attributes
- ikev2 remote-authentication pre-shared-key <SHARED-KEY-FOR-NOW>
- ikev2 local-authentication pre-shared-key <SHARED-KEY-FOR-NOW>
- tunnel-group 172.16.32.2 type ipsec-l2l
- tunnel-group 172.16.32.2 general-attributes
- default-group-policy 172.16.32.2
- tunnel-group 172.16.32.2 ipsec-attributes
- ikev2 remote-authentication pre-shared-key <SHARED-KEY-FOR-NOW>
- ikev2 local-authentication pre-shared-key <SHARED-KEY-FOR-NOW>
- !
- end
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement