API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Apr 4th, 2021
83
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 14.12 KB | None | 0 0
raw download clone embed print report
  1.  
  2. caspersb-asa5505# sh run
  3. : Saved
  4. :
  5. : Serial Number: JMX1714Z0QZ
  6. : Hardware: ASA5505, 512 MB RAM, CPU Geode 500 MHz
  7. :
  8. ASA Version 9.1(7)32
  9. !
  10. hostname caspersb-asa5505
  11. domain-name network.caspersbox.com
  12. enable password <redacted> encrypted
  13. xlate per-session deny tcp any4 any4
  14. xlate per-session deny tcp any4 any6
  15. xlate per-session deny tcp any6 any4
  16. xlate per-session deny tcp any6 any6
  17. xlate per-session deny udp any4 any4 eq domain
  18. xlate per-session deny udp any4 any6 eq domain
  19. xlate per-session deny udp any6 any4 eq domain
  20. xlate per-session deny udp any6 any6 eq domain
  21. passwd <redacted> encrypted
  22. names
  23. dns-guard
  24. ip local pool VPNPool 192.168.7.5-192.168.7.14 mask 255.255.255.240
  25. !
  26. interface Ethernet0/0
  27. switchport access vlan 2
  28. !
  29. interface Ethernet0/1
  30. switchport trunk allowed vlan 1,10,20,30,40
  31. !
  32. interface Ethernet0/2
  33. !
  34. interface Ethernet0/3
  35. !
  36. interface Ethernet0/4
  37. !
  38. interface Ethernet0/5
  39. !
  40. interface Ethernet0/6
  41. !
  42. interface Ethernet0/7
  43. !
  44. interface Vlan1
  45. nameif inside
  46. security-level 100
  47. ip address 192.168.5.1 255.255.255.248
  48. !
  49. interface Vlan2
  50. nameif outside
  51. security-level 0
  52. ip address dhcp setroute
  53. !
  54. banner login ********************************* WARNING *******************************
  55. banner login
  56. banner login Official CaspersBox Web Services computer system for authorized use only.
  57. banner login Do not discuss, enter, transfer, process, or transmit sensitive
  58. banner login information. By continuing to use the system, you are consenting that
  59. banner login you are a CWS authorized user. Using this system constitutes
  60. banner login consent to security testing and monitoring. Anyone using this system
  61. banner login expressly consents to such monitoring and is advised that if such
  62. banner login monitoring reveals possible criminal activity, system personnel may
  63. banner login provide the evidence of such monitoring to law enforcement officials.
  64. banner login Unauthorized use will result in criminal prosecution.
  65. banner login
  66. banner login ********************************* WARNING *******************************
  67. boot system disk0:/asa917-32-k8.bin
  68. ftp mode passive
  69. clock timezone EST -5
  70. clock summer-time EDT recurring
  71. dns domain-lookup inside
  72. dns server-group DefaultDNS
  73. name-server 8.8.4.4
  74. name-server 8.8.8.8
  75. domain-name network.caspersbox.com
  76. same-security-traffic permit inter-interface
  77. same-security-traffic permit intra-interface
  78. object network vlan10
  79. subnet 192.168.1.0 255.255.255.240
  80. object network vpn-network
  81. subnet 192.168.7.0 255.255.255.240
  82. object network dmz-network
  83. subnet 192.168.5.0 255.255.255.252
  84. object network vlan20
  85. subnet 192.168.2.0 255.255.255.240
  86. object network caspersb-squid01
  87. host 192.168.6.7
  88. object network caspersb-dns01
  89. host 192.168.2.6
  90. object network vlan40
  91. subnet 192.168.40.0 255.255.255.240
  92. object network caspersb-ad01
  93. host 192.168.2.3
  94. object network caspersb-ad02
  95. host 192.168.2.9
  96. object network NewVPNNetwork
  97. subnet 192.168.4.0 255.255.255.240
  98. object network caspersb-cs2901-wan
  99. host 192.168.5.2
  100. object network caspersb-asa5505-int
  101. host 192.168.5.1
  102. object network caspersb-dns02
  103. host 192.168.2.8
  104. object-group network drn_network
  105. network-object object vlan20
  106. network-object object vlan10
  107. network-object object vlan40
  108. network-object object NewVPNNetwork
  109. object-group network vpn_network
  110. network-object object vpn-network
  111. network-object object NewVPNNetwork
  112. object-group network dmz_network
  113. network-object object dmz-network
  114. object-group icmp-type DM_INLINE_ICMP_1
  115. icmp-object echo-reply
  116. icmp-object time-exceeded
  117. icmp-object unreachable
  118. object-group network CWSNA-ProxyServers
  119. network-object object caspersb-squid01
  120. object-group service CWSNA-ProxyServiceGroup
  121. description Proxy Services
  122. service-object ip
  123. service-object tcp destination eq domain
  124. service-object tcp destination eq ftp
  125. service-object tcp destination eq ftp-data
  126. service-object tcp destination eq www
  127. service-object tcp destination eq https
  128. service-object udp destination eq domain
  129. service-object icmp
  130. object-group network CWSNA-DNSServers
  131. description DNS Servers
  132. network-object object caspersb-dns01
  133. network-object object caspersb-dns02
  134. object-group network CWSNA-LDAP
  135. network-object object caspersb-ad01
  136. network-object object caspersb-ad02
  137. object-group network CWSNA-FW
  138. network-object object caspersb-cs2901-wan
  139. access-list CWSNA-ACL standard permit 192.168.5.0 255.255.255.252
  140. access-list CWSNA-ACL standard permit 192.168.1.0 255.255.255.240
  141. access-list CWSNA-ACL standard permit 192.168.2.0 255.255.255.240
  142. access-list CWSNA-ACL standard permit 192.168.40.0 255.255.255.240
  143. access-list inside_access_in extended permit ip object-group drn_network any
  144. access-list inside_access_in extended permit ip object-group vpn_network any
  145. access-list outside_access_in extended deny ip any any
  146. access-list outside_access_in extended permit icmp any any object-group DM_INLINE_ICMP_1
  147. access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol
  148. access-list AnyConnect_Client_Local_Print remark Windows' printing port
  149. access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol
  150. access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name Resolution protocol
  151. access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol
  152. access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol
  153. access-list AnyConnect_Client_Local_Print remark Windows' printing port
  154. access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol
  155. access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name Resolution protocol
  156. access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol
  157. access-list AnyConnect_Client_Local_Print extended deny ip any4 any4
  158. access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq lpd
  159. access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol
  160. access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 631
  161. access-list AnyConnect_Client_Local_Print remark Windows' printing port
  162. access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 9100
  163. access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol
  164. access-list AnyConnect_Client_Local_Print extended permit udp any4 host 224.0.0.251 eq 5353
  165. access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name Resolution protocol
  166. access-list AnyConnect_Client_Local_Print extended permit udp any4 host 224.0.0.252 eq 5355
  167. access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol
  168. access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 137
  169. access-list AnyConnect_Client_Local_Print extended permit udp any4 any4 eq netbios-ns
  170. access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol
  171. access-list AnyConnect_Client_Local_Print remark Windows' printing port
  172. access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol
  173. access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name Resolution protocol
  174. access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol
  175. access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol
  176. access-list AnyConnect_Client_Local_Print remark Windows' printing port
  177. access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol
  178. access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name Resolution protocol
  179. access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol
  180. access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol
  181. access-list AnyConnect_Client_Local_Print remark Windows' printing port
  182. access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol
  183. access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name Resolution protocol
  184. access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol
  185. access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol
  186. access-list AnyConnect_Client_Local_Print remark Windows' printing port
  187. access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol
  188. access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name Resolution protocol
  189. access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol
  190. access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol
  191. access-list AnyConnect_Client_Local_Print remark Windows' printing port
  192. access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol
  193. access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name Resolution protocol
  194. access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol
  195. pager lines 24
  196. logging enable
  197. logging standby
  198. logging asdm informational
  199. mtu inside 1500
  200. mtu outside 1500
  201. ip verify reverse-path interface outside
  202. no failover
  203. icmp unreachable rate-limit 1 burst-size 1
  204. asdm image disk0:/asdm-762-150.bin
  205. no asdm history enable
  206. arp timeout 14400
  207. no arp permit-nonconnected
  208. nat (inside,outside) source dynamic drn_network interface
  209. nat (outside,inside) source static vpn_network vpn_network destination static drn_network drn_network no-proxy-arp
  210. access-group inside_access_in in interface inside
  211. access-group outside_access_in in interface outside
  212. route inside 192.168.1.0 255.255.255.240 192.168.5.2 1
  213. route inside 192.168.2.0 255.255.255.240 192.168.5.2 2
  214. route inside 192.168.4.0 255.255.255.240 192.168.5.2 3
  215. timeout xlate 3:00:00
  216. timeout pat-xlate 0:00:30
  217. timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  218. timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  219. timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  220. timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  221. timeout tcp-proxy-reassembly 0:01:00
  222. timeout floating-conn 0:00:00
  223. dynamic-access-policy-record DfltAccessPolicy
  224. aaa-server CWSNA-LDAP protocol ldap
  225. aaa-server CWSNA-LDAP (inside) host 192.168.2.3
  226. ldap-base-dn OU=CWSNA,DC=caspersbox,DC=com
  227. ldap-scope subtree
  228. ldap-naming-attribute sAMAccountName
  229. ldap-login-password *****
  230. ldap-login-dn CN=sysadm,OU=Service Accounts,OU=CWSNA,DC=caspersbox,DC=com
  231. server-type microsoft
  232. aaa-server CWSNA-LDAP (inside) host 192.168.2.9
  233. ldap-base-dn OU=CWSNA,DC=caspersbox,DC=com
  234. ldap-scope subtree
  235. ldap-naming-attribute sAMAccountName
  236. ldap-login-password *****
  237. ldap-login-dn CN=sysadm,OU=Service Accounts,OU=CWSNA,DC=caspersbox,DC=com
  238. server-type microsoft
  239. user-identity default-domain LOCAL
  240. aaa authentication http console CWSNA-LDAP LOCAL
  241. aaa authentication ssh console CWSNA-LDAP LOCAL
  242. aaa local authentication attempts max-fail 3
  243. http server enable
  244. http server session-timeout 30
  245. http 192.168.1.0 255.255.255.240 inside
  246. no snmp-server location
  247. no snmp-server contact
  248. no service password-recovery
  249. crypto ipsec security-association pmtu-aging infinite
  250. crypto ca trustpoint _SmartCallHome_ServerCA
  251. no validation-usage
  252. crl configure
  253. crypto ca trustpoint ASDM_Launcher_Access_TrustPoint_0
  254. enrollment self
  255. fqdn none
  256. subject-name CN=192.168.5.1,CN=caspersb-asa5505
  257. keypair ASDM_LAUNCHER
  258. crl configure
  259. crypto ca trustpool policy
  260. telnet timeout 5
  261. ssh scopy enable
  262. ssh stricthostkeycheck
  263. ssh 192.168.1.0 255.255.255.240 inside
  264. ssh timeout 5
  265. ssh version 2
  266. ssh key-exchange group dh-group14-sha1
  267. console timeout 0
  268. management-access inside
  269.  
  270. vpnclient mode client-mode
  271. threat-detection basic-threat
  272. threat-detection scanning-threat
  273. threat-detection statistics port
  274. threat-detection statistics protocol
  275. threat-detection statistics access-list
  276. threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
  277. ntp server 132.163.97.1 source outside
  278. ntp server 132.163.96.1 source outside
  279. ntp server 129.6.15.28 source outside prefer
  280. webvpn
  281. enable outside
  282. anyconnect image disk0:/anyconnect-win-2.5.2014-k9.pkg 1
  283. anyconnect profiles CWSNA-ClientProfile disk0:/cwsna-clientprofile.xml
  284. anyconnect enable
  285. tunnel-group-list enable
  286. cache
  287. disable
  288. group-policy DfltGrpPolicy attributes
  289. dns-server value 8.8.4.4
  290. group-policy GroupPolicy_CWSNA-ConnProfile internal
  291. group-policy GroupPolicy_CWSNA-ConnProfile attributes
  292. dns-server value 192.168.2.4
  293. dhcp-network-scope 192.168.4.0
  294. vpn-tunnel-protocol ssl-client
  295. split-tunnel-policy tunnelspecified
  296. split-tunnel-network-list value CWSNA-ACL
  297. default-domain value vpn.caspersbox.com
  298. webvpn
  299. anyconnect profiles value CWSNA-ClientProfile type user
  300. always-on-vpn profile-setting
  301. username kmhuntly password <redacted> encrypted privilege 15
  302. tunnel-group CWSNA-ConnProfile type remote-access
  303. tunnel-group CWSNA-ConnProfile general-attributes
  304. address-pool VPNPool
  305. authentication-server-group CWSNA-LDAP LOCAL
  306. default-group-policy GroupPolicy_CWSNA-ConnProfile
  307. tunnel-group CWSNA-ConnProfile webvpn-attributes
  308. group-alias CWSNA enable
  309. !
  310. class-map inspection_default
  311. match default-inspection-traffic
  312. !
  313. !
  314. policy-map type inspect dns preset_dns_map
  315. parameters
  316. message-length maximum client auto
  317. message-length maximum 512
  318. policy-map global_policy
  319. class inspection_default
  320. inspect dns preset_dns_map
  321. inspect ftp
  322. inspect h323 h225
  323. inspect h323 ras
  324. inspect rsh
  325. inspect rtsp
  326. inspect esmtp
  327. inspect sqlnet
  328. inspect skinny
  329. inspect sunrpc
  330. inspect xdmcp
  331. inspect sip
  332. inspect netbios
  333. inspect tftp
  334. inspect ip-options
  335. inspect icmp
  336. inspect icmp error
  337. !
  338. service-policy global_policy global
  339. prompt hostname context
  340. call-home reporting anonymous
  341. call-home
  342. profile CiscoTAC-1
  343. no active
  344. destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
  345. destination address email callhome@cisco.com
  346. destination transport-method http
  347. subscribe-to-alert-group diagnostic
  348. subscribe-to-alert-group environment
  349. subscribe-to-alert-group inventory periodic monthly
  350. subscribe-to-alert-group configuration periodic monthly
  351. subscribe-to-alert-group telemetry periodic daily
  352. Cryptochecksum:c7e7ccc4663285d9f1b499d6bdaf5de7
  353. : end
  354. caspersb-asa5505#
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!