API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Dec 12th, 2017
349
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.37 KB | None | 0 0
raw download clone embed print report
  1. fw1# show run
  2. : Saved
  3. :
  4. : Serial Number: JMX1040K0TF
  5. : Hardware: ASA5550, 4096 MB RAM, CPU Pentium 4 3000 MHz
  6. :
  7. ASA Version 9.1(7)
  8. !
  9. hostname fw1
  10. enable password 8Ry2YjIyt7RRXU24 encrypted
  11. names
  12. !
  13. interface GigabitEthernet0/0
  14. nameif Outside
  15. security-level 0
  16. ip address 207.253.203.2 255.255.255.240
  17. !
  18. interface GigabitEthernet0/1
  19. shutdown
  20. no nameif
  21. no security-level
  22. no ip address
  23. !
  24. interface GigabitEthernet0/2
  25. shutdown
  26. no nameif
  27. no security-level
  28. no ip address
  29. !
  30. interface GigabitEthernet0/3
  31. shutdown
  32. no nameif
  33. no security-level
  34. no ip address
  35. !
  36. interface Management0/0
  37. management-only
  38. no nameif
  39. security-level 100
  40. no ip address
  41. !
  42. interface GigabitEthernet1/0
  43. nameif inside
  44. security-level 100
  45. ip address 192.168.10.1 255.255.255.0
  46. !
  47. interface GigabitEthernet1/1
  48. no nameif
  49. no security-level
  50. no ip address
  51. !
  52. interface GigabitEthernet1/1.5
  53. vlan 5
  54. nameif inside5
  55. security-level 100
  56. ip address 10.0.5.1 255.255.255.0
  57. !
  58. interface GigabitEthernet1/1.11
  59. vlan 11
  60. nameif inside11
  61. security-level 10
  62. ip address 192.168.11.1 255.255.255.0
  63. !
  64. interface GigabitEthernet1/1.12
  65. vlan 12
  66. nameif inside12
  67. security-level 100
  68. ip address 10.0.12.1 255.255.255.0
  69. !
  70. interface GigabitEthernet1/1.30
  71. vlan 30
  72. nameif insideDOCKER
  73. security-level 100
  74. ip address 172.17.0.1 255.255.0.0
  75. !
  76. interface GigabitEthernet1/1.101
  77. vlan 101
  78. nameif insidePOD1
  79. security-level 100
  80. ip address 10.101.0.1 255.255.255.0
  81. !
  82. interface GigabitEthernet1/2
  83. shutdown
  84. no nameif
  85. no security-level
  86. no ip address
  87. !
  88. interface GigabitEthernet1/3
  89. shutdown
  90. no nameif
  91. no security-level
  92. no ip address
  93. !
  94. ftp mode passive
  95. same-security-traffic permit inter-interface
  96. object network obj_any
  97. subnet 0.0.0.0 0.0.0.0
  98. object network wifiguest
  99. subnet 0.0.0.0 0.0.0.0
  100. object network POD1
  101. subnet 0.0.0.0 0.0.0.0
  102. object network DOCKER
  103. subnet 0.0.0.0 0.0.0.0
  104. object network inside
  105. subnet 0.0.0.0 0.0.0.0
  106. object network PAT-SSH
  107. host 192.168.10.2
  108. access-list outside-inbound extended permit tcp any object PAT-SSH eq ssh
  109. pager lines 24
  110. mtu Outside 1500
  111. mtu inside 1500
  112. mtu inside12 1500
  113. mtu inside11 1500
  114. mtu inside5 1500
  115. mtu insidePOD1 1500
  116. mtu insideDOCKER 1500
  117. no failover
  118. icmp unreachable rate-limit 1 burst-size 1
  119. icmp permit 192.168.10.0 255.255.255.0 Outside
  120. icmp permit 192.168.10.0 255.255.255.0 inside
  121. no asdm history enable
  122. arp timeout 14400
  123. no arp permit-nonconnected
  124. !
  125. object network obj_any
  126. nat (inside5,Outside) dynamic interface
  127. object network wifiguest
  128. nat (inside11,Outside) dynamic interface
  129. object network POD1
  130. nat (insidePOD1,Outside) dynamic interface
  131. object network DOCKER
  132. nat (insideDOCKER,Outside) dynamic interface
  133. object network inside
  134. nat (inside,Outside) dynamic interface
  135. object network PAT-SSH
  136. nat (inside,Outside) static interface service tcp ssh ssh
  137. access-group outside-inbound in interface Outside
  138. route Outside 0.0.0.0 0.0.0.0 207.253.203.1 1
  139. timeout xlate 3:00:00
  140. timeout pat-xlate 0:00:30
  141. timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  142. timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  143. timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  144. timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  145. timeout tcp-proxy-reassembly 0:01:00
  146. timeout floating-conn 0:00:00
  147. dynamic-access-policy-record DfltAccessPolicy
  148. user-identity default-domain LOCAL
  149. http server enable
  150. http 192.168.10.0 255.255.255.0 inside
  151. http 10.0.5.0 255.255.255.0 inside
  152. no snmp-server location
  153. no snmp-server contact
  154. crypto ipsec security-association pmtu-aging infinite
  155. crypto ca trustpool policy
  156. telnet timeout 5
  157. ssh stricthostkeycheck
  158. ssh timeout 5
  159. ssh key-exchange group dh-group1-sha1
  160. console timeout 0
  161. !
  162. tls-proxy maximum-session 1000
  163. !
  164. threat-detection basic-threat
  165. threat-detection statistics access-list
  166. no threat-detection statistics tcp-intercept
  167. username admin password f3UhLvUj1QsXsuK7 encrypted privilege 15
  168. !
  169. class-map inspection_default
  170. match default-inspection-traffic
  171. !
  172. !
  173. policy-map global_policy
  174. class inspection_default
  175. inspect icmp
  176. class class-default
  177. inspect icmp
  178. policy-map global_polic
  179. !
  180. service-policy global_policy global
  181. prompt hostname context
  182. no call-home reporting anonymous
  183. Cryptochecksum:fe3ca545111491fb7661cca0d576b5e6
  184. : end
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!