API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Feb 16th, 2019
107
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.95 KB | None | 0 0
raw download clone embed print report
  1. !
  2. hostname <SITE>-TB-OE-01
  3. enable password $sha512$5000$Dpo2mccXMNvSo0RVDPC3HA==$9DiZVn7sBxXDE2LBFTsD5w== pbkdf2
  4. names
  5.  
  6. !
  7. interface GigabitEthernet0/0
  8. description <== Connection to Black Firewall Port10 ==>
  9. nameif outside
  10. security-level 0
  11. ip address <CONNECTION-TO-BF-IP> <CONNECTION-TO-BF-SUBNET-MASK>
  12. !
  13. interface GigabitEthernet0/1
  14. description <== Connection to Inner Encryption Port G1/0/1 ==>
  15. nameif inside
  16. security-level 100
  17. ip address <CONNECTION-TO-IE-IP> <CONNECTION-TO-IE-SUBNET-MASK>
  18. !
  19. interface GigabitEthernet0/2
  20. shutdown
  21. no nameif
  22. no security-level
  23. no ip address
  24. !
  25. interface GigabitEthernet0/3
  26. shutdown
  27. no nameif
  28. no security-level
  29. no ip address
  30. !
  31. interface GigabitEthernet0/4
  32. shutdown
  33. no nameif
  34. no security-level
  35. no ip address
  36. !
  37. interface GigabitEthernet0/5
  38. shutdown
  39. no nameif
  40. no security-level
  41. no ip address
  42. !
  43. interface GigabitEthernet0/6
  44. description <== Management Interface ==>
  45. nameif mgmt
  46. security-level 100
  47. ip address <MGMT-IP-ADDRESS> <MGMT-SUBNET-MASK>
  48. !
  49. interface Management0/0
  50. shutdown
  51. no nameif
  52. no security-level
  53. no ip address
  54. !
  55. interface Tunnel<SITE-TUNNEL#-CACC>
  56. description <== Primary Tunnel to Datacenter (CACC) ==>
  57. nameif <SITE>-to-cacc-tunnel
  58. ip address <PRIMARY-TUNNEL-SUBNET+2> 255.255.255.252
  59. tunnel source interface outside
  60. tunnel destination 172.16.1.2
  61. tunnel mode ipsec ipv4
  62. tunnel protection ipsec profile profile-1
  63. !
  64. interface Tunnel<SITE-TUNNEL#-LUAY>
  65. description <== Secondary Tunnel to Datacenter (LUAY) ==>
  66. nameif <SITE>-to-luay-tunnel
  67. ip address <SECONDARY-TUNNEL-SUBNET+2> 255.255.255.252
  68. tunnel source interface outside
  69. tunnel destination 172.16.32.2
  70. tunnel mode ipsec ipv4
  71. tunnel protection ipsec profile profile-1
  72. !
  73. ftp mode passive
  74. pager lines 23
  75. mtu outside 1500
  76. mtu inside 1500
  77. mtu mgmt 1500
  78. no failover
  79. no monitor-interface service-module
  80. icmp unreachable rate-limit 1 burst-size 1
  81. no asdm history enable
  82. arp timeout 14400
  83. no arp permit-nonconnected
  84. arp rate-limit 8192
  85. !
  86. ! ROUTE OUTSIDE FOR TUNNEL DESTINATIONS
  87. route outside 172.16.0.0 255.255.0.0 172.16.33.1 1
  88. !
  89. ! ROUTE TO ENCRYPT TRAFFIC DESTINE FOR GRAY NETWORK AT CACC
  90. route <SITE>-to-cacc-tunnel 172.16.1.128 255.255.255.128 <PRIMARY-TUNNEL-SUBNET+1> 1
  91. !
  92. ! ROUTE TO ENCRYPT TRAFFIC DESTINE FOR GRAY NETWORK AT LUAY
  93. route <SITE>-to-luay-tunnel 172.16.32.128 255.255.255.128 <SECONDARY-TUNNEL-SUBNET+1> 1
  94. !
  95. user-identity default-domain LOCAL
  96. aaa authentication login-history
  97. no snmp-server location
  98. no snmp-server contact
  99. crypto ipsec ikev2 ipsec-proposal proposal-1
  100. protocol esp encryption aes-gcm-256
  101. protocol esp integrity sha-384
  102. crypto ipsec profile profile-1
  103. set ikev2 ipsec-proposal proposal-1
  104. set pfs group20
  105. set security-association lifetime seconds 28800
  106. crypto ipsec security-association pmtu-aging infinite
  107. crypto isakmp identity address
  108. crypto ikev2 policy 1
  109. encryption aes-gcm-256
  110. integrity null
  111. group 20
  112. prf sha384
  113. lifetime seconds 28800
  114. crypto ikev2 enable outside
  115. telnet timeout 5
  116. ssh stricthostkeycheck
  117. ssh timeout 5
  118. ssh version 2
  119. ssh key-exchange group dh-group1-sha1
  120. console timeout 0
  121. console serial
  122.  
  123. group-policy 172.16.1.2 internal
  124. group-policy 172.16.1.2 attributes
  125. vpn-tunnel-protocol ikev2
  126. group-policy 172.16.32.2 internal
  127. group-policy 172.16.32.2 attributes
  128. vpn-tunnel-protocol ikev2
  129. dynamic-access-policy-record DfltAccessPolicy
  130. tunnel-group 172.16.1.2 type ipsec-l2l
  131. tunnel-group 172.16.1.2 general-attributes
  132. default-group-policy 172.16.1.2
  133. tunnel-group 172.16.1.2 ipsec-attributes
  134. ikev2 remote-authentication pre-shared-key <SHARED-KEY-FOR-NOW>
  135. ikev2 local-authentication pre-shared-key <SHARED-KEY-FOR-NOW>
  136. tunnel-group 172.16.32.2 type ipsec-l2l
  137. tunnel-group 172.16.32.2 general-attributes
  138. default-group-policy 172.16.32.2
  139. tunnel-group 172.16.32.2 ipsec-attributes
  140. ikev2 remote-authentication pre-shared-key <SHARED-KEY-FOR-NOW>
  141. ikev2 local-authentication pre-shared-key <SHARED-KEY-FOR-NOW>
  142. !
  143. end
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!