Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- caspersb-asa5505# sh run
- : Saved
- :
- : Serial Number: JMX1714Z0QZ
- : Hardware: ASA5505, 512 MB RAM, CPU Geode 500 MHz
- :
- ASA Version 9.1(7)32
- !
- hostname caspersb-asa5505
- domain-name network.caspersbox.com
- enable password <redacted> encrypted
- xlate per-session deny tcp any4 any4
- xlate per-session deny tcp any4 any6
- xlate per-session deny tcp any6 any4
- xlate per-session deny tcp any6 any6
- xlate per-session deny udp any4 any4 eq domain
- xlate per-session deny udp any4 any6 eq domain
- xlate per-session deny udp any6 any4 eq domain
- xlate per-session deny udp any6 any6 eq domain
- passwd <redacted> encrypted
- names
- dns-guard
- ip local pool VPNPool 192.168.7.5-192.168.7.14 mask 255.255.255.240
- !
- interface Ethernet0/0
- switchport access vlan 2
- !
- interface Ethernet0/1
- switchport trunk allowed vlan 1,10,20,30,40
- !
- interface Ethernet0/2
- !
- interface Ethernet0/3
- !
- interface Ethernet0/4
- !
- interface Ethernet0/5
- !
- interface Ethernet0/6
- !
- interface Ethernet0/7
- !
- interface Vlan1
- nameif inside
- security-level 100
- ip address 192.168.5.1 255.255.255.248
- !
- interface Vlan2
- nameif outside
- security-level 0
- ip address dhcp setroute
- !
- banner login ********************************* WARNING *******************************
- banner login
- banner login Official CaspersBox Web Services computer system for authorized use only.
- banner login Do not discuss, enter, transfer, process, or transmit sensitive
- banner login information. By continuing to use the system, you are consenting that
- banner login you are a CWS authorized user. Using this system constitutes
- banner login consent to security testing and monitoring. Anyone using this system
- banner login expressly consents to such monitoring and is advised that if such
- banner login monitoring reveals possible criminal activity, system personnel may
- banner login provide the evidence of such monitoring to law enforcement officials.
- banner login Unauthorized use will result in criminal prosecution.
- banner login
- banner login ********************************* WARNING *******************************
- boot system disk0:/asa917-32-k8.bin
- ftp mode passive
- clock timezone EST -5
- clock summer-time EDT recurring
- dns domain-lookup inside
- dns server-group DefaultDNS
- name-server 8.8.4.4
- name-server 8.8.8.8
- domain-name network.caspersbox.com
- same-security-traffic permit inter-interface
- same-security-traffic permit intra-interface
- object network vlan10
- subnet 192.168.1.0 255.255.255.240
- object network vpn-network
- subnet 192.168.7.0 255.255.255.240
- object network dmz-network
- subnet 192.168.5.0 255.255.255.252
- object network vlan20
- subnet 192.168.2.0 255.255.255.240
- object network caspersb-squid01
- host 192.168.6.7
- object network caspersb-dns01
- host 192.168.2.6
- object network vlan40
- subnet 192.168.40.0 255.255.255.240
- object network caspersb-ad01
- host 192.168.2.3
- object network caspersb-ad02
- host 192.168.2.9
- object network NewVPNNetwork
- subnet 192.168.4.0 255.255.255.240
- object network caspersb-cs2901-wan
- host 192.168.5.2
- object network caspersb-asa5505-int
- host 192.168.5.1
- object network caspersb-dns02
- host 192.168.2.8
- object-group network drn_network
- network-object object vlan20
- network-object object vlan10
- network-object object vlan40
- network-object object NewVPNNetwork
- object-group network vpn_network
- network-object object vpn-network
- network-object object NewVPNNetwork
- object-group network dmz_network
- network-object object dmz-network
- object-group icmp-type DM_INLINE_ICMP_1
- icmp-object echo-reply
- icmp-object time-exceeded
- icmp-object unreachable
- object-group network CWSNA-ProxyServers
- network-object object caspersb-squid01
- object-group service CWSNA-ProxyServiceGroup
- description Proxy Services
- service-object ip
- service-object tcp destination eq domain
- service-object tcp destination eq ftp
- service-object tcp destination eq ftp-data
- service-object tcp destination eq www
- service-object tcp destination eq https
- service-object udp destination eq domain
- service-object icmp
- object-group network CWSNA-DNSServers
- description DNS Servers
- network-object object caspersb-dns01
- network-object object caspersb-dns02
- object-group network CWSNA-LDAP
- network-object object caspersb-ad01
- network-object object caspersb-ad02
- object-group network CWSNA-FW
- network-object object caspersb-cs2901-wan
- access-list CWSNA-ACL standard permit 192.168.5.0 255.255.255.252
- access-list CWSNA-ACL standard permit 192.168.1.0 255.255.255.240
- access-list CWSNA-ACL standard permit 192.168.2.0 255.255.255.240
- access-list CWSNA-ACL standard permit 192.168.40.0 255.255.255.240
- access-list inside_access_in extended permit ip object-group drn_network any
- access-list inside_access_in extended permit ip object-group vpn_network any
- access-list outside_access_in extended deny ip any any
- access-list outside_access_in extended permit icmp any any object-group DM_INLINE_ICMP_1
- access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol
- access-list AnyConnect_Client_Local_Print remark Windows' printing port
- access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol
- access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name Resolution protocol
- access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol
- access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol
- access-list AnyConnect_Client_Local_Print remark Windows' printing port
- access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol
- access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name Resolution protocol
- access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol
- access-list AnyConnect_Client_Local_Print extended deny ip any4 any4
- access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq lpd
- access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol
- access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 631
- access-list AnyConnect_Client_Local_Print remark Windows' printing port
- access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 9100
- access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol
- access-list AnyConnect_Client_Local_Print extended permit udp any4 host 224.0.0.251 eq 5353
- access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name Resolution protocol
- access-list AnyConnect_Client_Local_Print extended permit udp any4 host 224.0.0.252 eq 5355
- access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol
- access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 137
- access-list AnyConnect_Client_Local_Print extended permit udp any4 any4 eq netbios-ns
- access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol
- access-list AnyConnect_Client_Local_Print remark Windows' printing port
- access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol
- access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name Resolution protocol
- access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol
- access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol
- access-list AnyConnect_Client_Local_Print remark Windows' printing port
- access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol
- access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name Resolution protocol
- access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol
- access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol
- access-list AnyConnect_Client_Local_Print remark Windows' printing port
- access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol
- access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name Resolution protocol
- access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol
- access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol
- access-list AnyConnect_Client_Local_Print remark Windows' printing port
- access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol
- access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name Resolution protocol
- access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol
- access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol
- access-list AnyConnect_Client_Local_Print remark Windows' printing port
- access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol
- access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name Resolution protocol
- access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol
- pager lines 24
- logging enable
- logging standby
- logging asdm informational
- mtu inside 1500
- mtu outside 1500
- ip verify reverse-path interface outside
- no failover
- icmp unreachable rate-limit 1 burst-size 1
- asdm image disk0:/asdm-762-150.bin
- no asdm history enable
- arp timeout 14400
- no arp permit-nonconnected
- nat (inside,outside) source dynamic drn_network interface
- nat (outside,inside) source static vpn_network vpn_network destination static drn_network drn_network no-proxy-arp
- access-group inside_access_in in interface inside
- access-group outside_access_in in interface outside
- route inside 192.168.1.0 255.255.255.240 192.168.5.2 1
- route inside 192.168.2.0 255.255.255.240 192.168.5.2 2
- route inside 192.168.4.0 255.255.255.240 192.168.5.2 3
- timeout xlate 3:00:00
- timeout pat-xlate 0:00:30
- timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
- timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
- timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
- timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
- timeout tcp-proxy-reassembly 0:01:00
- timeout floating-conn 0:00:00
- dynamic-access-policy-record DfltAccessPolicy
- aaa-server CWSNA-LDAP protocol ldap
- aaa-server CWSNA-LDAP (inside) host 192.168.2.3
- ldap-base-dn OU=CWSNA,DC=caspersbox,DC=com
- ldap-scope subtree
- ldap-naming-attribute sAMAccountName
- ldap-login-password *****
- ldap-login-dn CN=sysadm,OU=Service Accounts,OU=CWSNA,DC=caspersbox,DC=com
- server-type microsoft
- aaa-server CWSNA-LDAP (inside) host 192.168.2.9
- ldap-base-dn OU=CWSNA,DC=caspersbox,DC=com
- ldap-scope subtree
- ldap-naming-attribute sAMAccountName
- ldap-login-password *****
- ldap-login-dn CN=sysadm,OU=Service Accounts,OU=CWSNA,DC=caspersbox,DC=com
- server-type microsoft
- user-identity default-domain LOCAL
- aaa authentication http console CWSNA-LDAP LOCAL
- aaa authentication ssh console CWSNA-LDAP LOCAL
- aaa local authentication attempts max-fail 3
- http server enable
- http server session-timeout 30
- http 192.168.1.0 255.255.255.240 inside
- no snmp-server location
- no snmp-server contact
- no service password-recovery
- crypto ipsec security-association pmtu-aging infinite
- crypto ca trustpoint _SmartCallHome_ServerCA
- no validation-usage
- crl configure
- crypto ca trustpoint ASDM_Launcher_Access_TrustPoint_0
- enrollment self
- fqdn none
- subject-name CN=192.168.5.1,CN=caspersb-asa5505
- keypair ASDM_LAUNCHER
- crl configure
- crypto ca trustpool policy
- telnet timeout 5
- ssh scopy enable
- ssh stricthostkeycheck
- ssh 192.168.1.0 255.255.255.240 inside
- ssh timeout 5
- ssh version 2
- ssh key-exchange group dh-group14-sha1
- console timeout 0
- management-access inside
- vpnclient mode client-mode
- threat-detection basic-threat
- threat-detection scanning-threat
- threat-detection statistics port
- threat-detection statistics protocol
- threat-detection statistics access-list
- threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
- ntp server 132.163.97.1 source outside
- ntp server 132.163.96.1 source outside
- ntp server 129.6.15.28 source outside prefer
- webvpn
- enable outside
- anyconnect image disk0:/anyconnect-win-2.5.2014-k9.pkg 1
- anyconnect profiles CWSNA-ClientProfile disk0:/cwsna-clientprofile.xml
- anyconnect enable
- tunnel-group-list enable
- cache
- disable
- group-policy DfltGrpPolicy attributes
- dns-server value 8.8.4.4
- group-policy GroupPolicy_CWSNA-ConnProfile internal
- group-policy GroupPolicy_CWSNA-ConnProfile attributes
- dns-server value 192.168.2.4
- dhcp-network-scope 192.168.4.0
- vpn-tunnel-protocol ssl-client
- split-tunnel-policy tunnelspecified
- split-tunnel-network-list value CWSNA-ACL
- default-domain value vpn.caspersbox.com
- webvpn
- anyconnect profiles value CWSNA-ClientProfile type user
- always-on-vpn profile-setting
- username kmhuntly password <redacted> encrypted privilege 15
- tunnel-group CWSNA-ConnProfile type remote-access
- tunnel-group CWSNA-ConnProfile general-attributes
- address-pool VPNPool
- authentication-server-group CWSNA-LDAP LOCAL
- default-group-policy GroupPolicy_CWSNA-ConnProfile
- tunnel-group CWSNA-ConnProfile webvpn-attributes
- group-alias CWSNA enable
- !
- class-map inspection_default
- match default-inspection-traffic
- !
- !
- policy-map type inspect dns preset_dns_map
- parameters
- message-length maximum client auto
- message-length maximum 512
- policy-map global_policy
- class inspection_default
- inspect dns preset_dns_map
- inspect ftp
- inspect h323 h225
- inspect h323 ras
- inspect rsh
- inspect rtsp
- inspect esmtp
- inspect sqlnet
- inspect skinny
- inspect sunrpc
- inspect xdmcp
- inspect sip
- inspect netbios
- inspect tftp
- inspect ip-options
- inspect icmp
- inspect icmp error
- !
- service-policy global_policy global
- prompt hostname context
- call-home reporting anonymous
- call-home
- profile CiscoTAC-1
- no active
- destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
- destination address email callhome@cisco.com
- destination transport-method http
- subscribe-to-alert-group diagnostic
- subscribe-to-alert-group environment
- subscribe-to-alert-group inventory periodic monthly
- subscribe-to-alert-group configuration periodic monthly
- subscribe-to-alert-group telemetry periodic daily
- Cryptochecksum:c7e7ccc4663285d9f1b499d6bdaf5de7
- : end
- caspersb-asa5505#
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement