Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- show run
- : Saved
- :
- : Serial Number: JMX1619Z136
- : Hardware: ASA5505, 512 MB RAM, CPU Geode 500 MHz
- :
- ASA Version 9.1(7)16
- !
- hostname ciscoasa1
- domain-name ##########
- enable password ############## encrypted
- names
- !
- interface Ethernet0/0
- switchport access vlan 2
- !
- interface Ethernet0/1
- !
- interface Ethernet0/2
- !
- interface Ethernet0/3
- !
- interface Ethernet0/4
- !
- interface Ethernet0/5
- !
- interface Ethernet0/6
- !
- interface Ethernet0/7
- !
- interface Vlan1
- nameif inside
- security-level 100
- ip address 10.0.0.1 255.255.255.0
- !
- interface Vlan2
- nameif outside
- security-level 0
- ip address dhcp setroute
- !
- ftp mode passive
- dns domain-lookup inside
- dns server-group DefaultDNS
- name-server 8.8.8.8
- name-server 192.168.1.5
- name-server 192.168.1.6
- domain-name ############
- object network obj_any
- subnet 0.0.0.0 0.0.0.0
- object network 3759
- subnet 192.168.1.0 255.255.255.0
- object network NETWORK_OBJ_10.0.0.0_24
- subnet 10.0.0.0 255.255.255.0
- object network Local
- subnet 10.0.0.0 255.255.255.0
- object-group service DM_INLINE_SERVICE_1
- service-object icmp
- service-object icmp echo
- service-object icmp echo-reply
- service-object icmp traceroute
- service-object tcp-udp destination eq www
- access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_1 a ny interface outside
- access-list outside_access_in extended permit tcp any interface outside eq https
- access-list outside_access_in extended permit ip 10.0.0.0 255.255.255.0 object 3 759
- access-list outside_cryptomap extended permit ip 10.0.0.0 255.255.255.0 object 3 759
- access-list outside_cryptomap_1 extended permit ip 10.0.0.0 255.255.255.0 object 3759
- pager lines 24
- logging asdm informational
- mtu inside 1500
- mtu outside 1500
- no failover
- icmp unreachable rate-limit 1 burst-size 1
- no asdm history enable
- arp timeout 14400
- no arp permit-nonconnected
- nat (inside,outside) source static NETWORK_OBJ_10.0.0.0_24 NETWORK_OBJ_10.0.0.0_ 24 destination static 3759 3759 no-proxy-arp route-lookup
- !
- object network obj_any
- nat (inside,outside) dynamic interface
- !
- nat (inside,outside) after-auto source dynamic any interface
- access-group outside_access_in in interface outside
- timeout xlate 3:00:00
- timeout pat-xlate 0:00:30
- timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
- timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
- timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
- timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
- timeout tcp-proxy-reassembly 0:01:00
- timeout floating-conn 0:00:00
- dynamic-access-policy-record DfltAccessPolicy
- user-identity default-domain LOCAL
- http server enable
- http 10.0.0.0 255.255.255.0 inside
- http 192.168.1.0 255.255.255.0 inside
- no snmp-server location
- no snmp-server contact
- crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac
- crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transport
- crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
- crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport
- crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac
- crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transport
- crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
- crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport
- crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac
- crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transport
- crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
- crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
- crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
- crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport
- crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac
- crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transport
- crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
- crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
- crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac
- crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport
- crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac
- crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transport
- crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
- crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
- crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
- crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
- crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
- crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
- crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac
- crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport
- crypto ipsec ikev2 ipsec-proposal AES256
- protocol esp encryption aes-256
- protocol esp integrity sha-1 md5
- crypto ipsec ikev2 ipsec-proposal AES192
- protocol esp encryption aes-192
- protocol esp integrity sha-1 md5
- crypto ipsec ikev2 ipsec-proposal AES
- protocol esp encryption aes
- protocol esp integrity sha-1 md5
- crypto ipsec ikev2 ipsec-proposal 3DES
- protocol esp encryption 3des
- protocol esp integrity sha-1 md5
- crypto ipsec ikev2 ipsec-proposal DES
- protocol esp encryption des
- protocol esp integrity sha-1 md5
- crypto ipsec security-association pmtu-aging infinite
- crypto map outside_map 2 match address outside_cryptomap_1
- crypto map outside_map 2 set peer 192.168.0.221
- crypto map outside_map 2 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ES P-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
- crypto map outside_map interface outside
- crypto ca trustpoint _SmartCallHome_ServerCA
- no validation-usage
- crl configure
- crypto ca trustpool policy
- crypto ca certificate chain _SmartCallHome_ServerCA
- certificate ca 18dad19e267de8bb4a2158cdcc6b3b4a
- 308204d3 308203bb a0030201 02021018 dad19e26 7de8bb4a 2158cdcc 6b3b4a30
- 0d06092a 864886f7 0d010105 05003081 ca310b30 09060355 04061302 55533117
- 30150603 55040a13 0e566572 69536967 6e2c2049 6e632e31 1f301d06 0355040b
- 13165665 72695369 676e2054 72757374 204e6574 776f726b 313a3038 06035504
- 0b133128 63292032 30303620 56657269 5369676e 2c20496e 632e202d 20466f72
- 20617574 686f7269 7a656420 75736520 6f6e6c79 31453043 06035504 03133c56
- 65726953 69676e20 436c6173 73203320 5075626c 69632050 72696d61 72792043
- 65727469 66696361 74696f6e 20417574 686f7269 7479202d 20473530 1e170d30
- 36313130 38303030 3030305a 170d3336 30373136 32333539 35395a30 81ca310b
- 30090603 55040613 02555331 17301506 0355040a 130e5665 72695369 676e2c20
- 496e632e 311f301d 06035504 0b131656 65726953 69676e20 54727573 74204e65
- 74776f72 6b313a30 38060355 040b1331 28632920 32303036 20566572 69536967
- 6e2c2049 6e632e20 2d20466f 72206175 74686f72 697a6564 20757365 206f6e6c
- 79314530 43060355 0403133c 56657269 5369676e 20436c61 73732033 20507562
- 6c696320 5072696d 61727920 43657274 69666963 6174696f 6e204175 74686f72
- 69747920 2d204735 30820122 300d0609 2a864886 f70d0101 01050003 82010f00
- 3082010a 02820101 00af2408 08297a35 9e600caa e74b3b4e dc7cbc3c 451cbb2b
- e0fe2902 f95708a3 64851527 f5f1adc8 31895d22 e82aaaa6 42b38ff8 b955b7b1
- b74bb3fe 8f7e0757 ecef43db 66621561 cf600da4 d8def8e0 c362083d 5413eb49
- ca595485 26e52b8f 1b9febf5 a191c233 49d84363 6a524bd2 8fe87051 4dd18969
- 7bc770f6 b3dc1274 db7b5d4b 56d396bf 1577a1b0 f4a225f2 af1c9267 18e5f406
- 04ef90b9 e400e4dd 3ab519ff 02baf43c eee08beb 378becf4 d7acf2f6 f03dafdd
- 75913319 1d1c40cb 74241921 93d914fe ac2a52c7 8fd50449 e48d6347 883c6983
- cbfe47bd 2b7e4fc5 95ae0e9d d4d143c0 6773e314 087ee53f 9f73b833 0acf5d3f
- 3487968a ee53e825 15020301 0001a381 b23081af 300f0603 551d1301 01ff0405
- 30030101 ff300e06 03551d0f 0101ff04 04030201 06306d06 082b0601 05050701
- 0c046130 5fa15da0 5b305930 57305516 09696d61 67652f67 69663021 301f3007
- 06052b0e 03021a04 148fe5d3 1a86ac8d 8e6bc3cf 806ad448 182c7b19 2e302516
- 23687474 703a2f2f 6c6f676f 2e766572 69736967 6e2e636f 6d2f7673 6c6f676f
- 2e676966 301d0603 551d0e04 1604147f d365a7c2 ddecbbf0 3009f343 39fa02af
- 33313330 0d06092a 864886f7 0d010105 05000382 01010093 244a305f 62cfd81a
- 982f3dea dc992dbd 77f6a579 2238ecc4 a7a07812 ad620e45 7064c5e7 97662d98
- 097e5faf d6cc2865 f201aa08 1a47def9 f97c925a 0869200d d93e6d6e 3c0d6ed8
- e6069140 18b9f8c1 eddfdb41 aae09620 c9cd6415 3881c994 eea28429 0b136f8e
- db0cdd25 02dba48b 1944d241 7a05694a 584f60ca 7e826a0b 02aa2517 39b5db7f
- e784652a 958abd86 de5e8116 832d10cc defda882 2a6d281f 0d0bc4e5 e71a2619
- e1f4116f 10b595fc e7420532 dbce9d51 5e28b69e 85d35bef a57d4540 728eb70e
- 6b0e06fb 33354871 b89d278b c4655f0d 86769c44 7af6955c f65d3208 33a454b6
- 183f685c f2424a85 3854835f d1e82cf2 ac11d6a8 ed636a
- quit
- crypto ikev2 policy 1
- encryption aes-256
- integrity sha
- group 5 2
- prf sha
- lifetime seconds 86400
- crypto ikev2 policy 10
- encryption aes-192
- integrity sha
- group 5 2
- prf sha
- lifetime seconds 86400
- crypto ikev2 policy 20
- encryption aes
- integrity sha
- group 5 2
- prf sha
- lifetime seconds 86400
- crypto ikev2 policy 30
- encryption 3des
- integrity sha
- group 5 2
- prf sha
- lifetime seconds 86400
- crypto ikev2 policy 40
- encryption des
- integrity sha
- group 5 2
- prf sha
- lifetime seconds 86400
- crypto ikev2 enable outside
- crypto ikev1 enable outside
- crypto ikev1 policy 10
- authentication pre-share
- encryption aes-256
- hash sha
- group 2
- lifetime 86400
- crypto ikev1 policy 20
- authentication rsa-sig
- encryption aes-256
- hash sha
- group 2
- lifetime 86400
- crypto ikev1 policy 40
- authentication pre-share
- encryption aes-192
- hash sha
- group 2
- lifetime 86400
- crypto ikev1 policy 50
- authentication rsa-sig
- encryption aes-192
- hash sha
- group 2
- lifetime 86400
- crypto ikev1 policy 70
- authentication pre-share
- encryption aes
- hash sha
- group 2
- lifetime 86400
- crypto ikev1 policy 80
- authentication rsa-sig
- encryption aes
- hash sha
- group 2
- lifetime 86400
- crypto ikev1 policy 100
- authentication pre-share
- encryption 3des
- hash sha
- group 2
- lifetime 86400
- crypto ikev1 policy 110
- authentication rsa-sig
- encryption 3des
- hash sha
- group 2
- lifetime 86400
- crypto ikev1 policy 130
- authentication pre-share
- encryption des
- hash sha
- group 2
- lifetime 86400
- crypto ikev1 policy 140
- authentication rsa-sig
- encryption des
- hash sha
- group 2
- lifetime 86400
- telnet 10.0.0.0 255.255.255.0 inside
- telnet 192.168.1.0 255.255.255.0 inside
- telnet timeout 5
- ssh stricthostkeycheck
- ssh 192.168.1.0 255.255.255.0 inside
- ssh 10.0.0.0 255.255.255.0 inside
- ssh timeout 5
- ssh key-exchange group dh-group1-sha1
- console timeout 0
- management-access inside
- dhcpd dns 8.8.8.8 192.168.1.5
- dhcpd auto_config outside
- !
- dhcpd address 10.0.0.5-10.0.0.254 inside
- dhcpd enable inside
- !
- threat-detection basic-threat
- threat-detection statistics access-list
- no threat-detection statistics tcp-intercept
- webvpn
- anyconnect-essentials
- cache
- disable
- group-policy DfltGrpPolicy attributes
- vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-clientless
- group-policy GroupPolicy_######## internal
- tunnel-group ###### type ipsec-l2l
- tunnel-group ###### ipsec-attributes
- ikev1 pre-shared-key *****
- ikev2 local-authentication pre-shared-key *****
- !
- class-map inspection_default
- match default-inspection-traffic
- !
- !
- policy-map type inspect dns preset_dns_map
- parameters
- message-length maximum client auto
- message-length maximum 512
- policy-map global_policy
- class inspection_default
- inspect dns preset_dns_map
- inspect ftp
- inspect h323 h225
- inspect h323 ras
- inspect rsh
- inspect rtsp
- inspect esmtp
- inspect sqlnet
- inspect skinny
- inspect sunrpc
- inspect xdmcp
- inspect sip
- inspect netbios
- inspect tftp
- inspect ip-options
- inspect icmp
- !
- service-policy global_policy global
- prompt hostname context
- call-home reporting anonymous
- Cryptochecksum:543e3d54ba597263366dd1e29f2c7fcb
- : end
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement