API tools faq
paste
Advertisement
Guest User

Cisco ASA2

a guest
Aug 22nd, 2021
534
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.02 KB | None | 0 0
raw download clone embed print report
  1. !ASA2
  2.  
  3. : Saved
  4. :
  5. ASA Version 8.4(2)
  6. !
  7. hostname ciscoasa
  8. enable password 8Ry2YjIyt7RRXU24 encrypted
  9. passwd 2KFQnbNIdI.2KYOU encrypted
  10. names
  11. !
  12. interface Ethernet0
  13. nameif outside
  14. security-level 0
  15. ip address dhcp
  16. !
  17. interface Ethernet1
  18. nameif inside
  19. security-level 100
  20. ip address 192.168.4.1 255.255.255.0
  21. !
  22. interface Ethernet2
  23. shutdown
  24. no nameif
  25. no security-level
  26. no ip address
  27. !
  28. interface Ethernet3
  29. shutdown
  30. no nameif
  31. no security-level
  32. no ip address
  33. !
  34. ftp mode passive
  35. object-group network inside
  36. network-object 192.168.4.0 255.255.255.0
  37. object-group network S2
  38. network-object 192.168.4.0 255.255.255.0
  39. object-group network S1
  40. network-object 192.168.3.0 255.255.255.0
  41. object-group network ALLSITES
  42. network-object 192.168.3.0 255.255.255.0
  43. network-object 192.168.4.0 255.255.255.0
  44. access-list L2LVPN extended permit ip object-group S2 object-group S1
  45. pager lines 24
  46. logging console debugging
  47. mtu outside 1500
  48. mtu inside 1500
  49. no failover
  50. icmp unreachable rate-limit 1 burst-size 1
  51. no asdm history enable
  52. arp timeout 14400
  53. nat (inside,outside) source static ALLSITES ALLSITES destination static ALLSITES ALLSITES
  54. !
  55. nat (inside,outside) after-auto source dynamic inside interface
  56. route outside 10.10.0.0 255.255.255.0 10.10.1.1 1
  57. timeout xlate 3:00:00
  58. timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  59. timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  60. timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  61. timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  62. timeout tcp-proxy-reassembly 0:01:00
  63. timeout floating-conn 0:00:00
  64. dynamic-access-policy-record DfltAccessPolicy
  65. user-identity default-domain LOCAL
  66. no snmp-server location
  67. no snmp-server contact
  68. snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
  69. crypto ipsec ikev2 ipsec-proposal AES256
  70. protocol esp encryption aes-256
  71. protocol esp integrity sha-1
  72. crypto ipsec security-association lifetime seconds 3600
  73. crypto map VPNMAP 1 match address L2LVPN
  74. crypto map VPNMAP 1 set pfs
  75. crypto map VPNMAP 1 set peer 10.10.0.2
  76. crypto map VPNMAP 1 set ikev2 ipsec-proposal AES256
  77. crypto map VPNMAP interface outside
  78. crypto ikev2 policy 10
  79. encryption aes-256
  80. integrity sha512
  81. group 2
  82. prf sha
  83. lifetime seconds 28800
  84. crypto ikev2 enable outside
  85. telnet timeout 5
  86. ssh timeout 5
  87. console timeout 0
  88. dhcpd dns 192.168.4.1
  89. dhcpd lease 300
  90. dhcpd option 3 ip 192.168.4.1
  91. !
  92. dhcpd address 192.168.4.2-192.168.4.254 inside
  93. dhcpd enable inside
  94. !
  95. threat-detection basic-threat
  96. threat-detection statistics access-list
  97. no threat-detection statistics tcp-intercept
  98. webvpn
  99. anyconnect-essentials
  100. tunnel-group 10.10.0.2 type ipsec-l2l
  101. tunnel-group 10.10.0.2 ipsec-attributes
  102. ikev2 remote-authentication pre-shared-key *****
  103. ikev2 local-authentication pre-shared-key *****
  104. !
  105. class-map inspection_default
  106. match default-inspection-traffic
  107. !
  108. !
  109. policy-map type inspect dns preset_dns_map
  110. parameters
  111. message-length maximum client auto
  112. message-length maximum 512
  113. policy-map global_policy
  114. class inspection_default
  115. inspect dns preset_dns_map
  116. inspect ftp
  117. inspect h323 h225
  118. inspect h323 ras
  119. inspect ip-options
  120. inspect netbios
  121. inspect rsh
  122. inspect rtsp
  123. inspect skinny
  124. inspect esmtp
  125. inspect sqlnet
  126. inspect sunrpc
  127. inspect tftp
  128. inspect sip
  129. inspect xdmcp
  130. inspect icmp
  131. !
  132. service-policy global_policy global
  133. prompt hostname context
  134. no call-home reporting anonymous
  135. call-home
  136. profile CiscoTAC-1
  137. no active
  138. destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
  139. destination address email callhome@cisco.com
  140. destination transport-method http
  141. subscribe-to-alert-group diagnostic
  142. subscribe-to-alert-group environment
  143. subscribe-to-alert-group inventory periodic monthly
  144. subscribe-to-alert-group configuration periodic monthly
  145. subscribe-to-alert-group telemetry periodic daily
  146. crashinfo save disable
  147. Cryptochecksum:51ebac17a82752b3479a6481837e36b6
  148. : end
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!