Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- !ASA1
- : Saved
- :
- ASA Version 8.4(2)
- !
- hostname ciscoasa
- enable password 8Ry2YjIyt7RRXU24 encrypted
- passwd 2KFQnbNIdI.2KYOU encrypted
- names
- !
- interface Ethernet0
- nameif outside
- security-level 0
- ip address dhcp
- !
- interface Ethernet1
- nameif inside
- security-level 100
- ip address 192.168.3.1 255.255.255.0
- !
- interface Ethernet2
- shutdown
- no nameif
- no security-level
- no ip address
- !
- interface Ethernet3
- shutdown
- no nameif
- no security-level
- no ip address
- !
- ftp mode passive
- same-security-traffic permit intra-interface
- object-group network inside
- network-object 192.168.3.0 255.255.255.0
- object-group network ALLSITES
- network-object 192.168.3.0 255.255.255.0
- network-object 192.168.4.0 255.255.255.0
- pager lines 24
- logging console debugging
- mtu outside 1500
- mtu inside 1500
- no failover
- icmp unreachable rate-limit 1 burst-size 1
- no asdm history enable
- arp timeout 14400
- nat (any,outside) source static ALLSITES ALLSITES destination static ALLSITES ALLSITES
- !
- nat (inside,outside) after-auto source dynamic inside interface
- route outside 10.10.1.0 255.255.255.0 10.10.0.1 1
- timeout xlate 3:00:00
- timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
- timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
- timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
- timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
- timeout tcp-proxy-reassembly 0:01:00
- timeout floating-conn 0:00:00
- dynamic-access-policy-record DfltAccessPolicy
- user-identity default-domain LOCAL
- no snmp-server location
- no snmp-server contact
- snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
- crypto ipsec ikev2 ipsec-proposal AES256
- protocol esp encryption aes-256
- protocol esp integrity sha-1
- crypto ipsec security-association lifetime seconds 3600
- crypto dynamic-map DYNAMIC-S2S 1 set pfs
- crypto dynamic-map DYNAMIC-S2S 1 set ikev2 ipsec-proposal AES256
- crypto dynamic-map DYNAMIC-S2S 1 set reverse-route
- crypto map VPNMAP 65535 ipsec-isakmp dynamic DYNAMIC-S2S
- crypto map VPNMAP interface outside
- crypto ikev2 policy 10
- encryption aes-256
- integrity sha512
- group 2
- prf sha
- lifetime seconds 28800
- crypto ikev2 enable outside
- telnet timeout 5
- ssh timeout 5
- console timeout 0
- dhcpd dns 192.168.3.1
- dhcpd lease 300
- dhcpd option 3 ip 192.168.3.1
- !
- dhcpd address 192.168.3.2-192.168.3.254 inside
- dhcpd enable inside
- !
- threat-detection basic-threat
- threat-detection statistics access-list
- no threat-detection statistics tcp-intercept
- webvpn
- anyconnect-essentials
- group-policy DefaultL2L internal
- group-policy DefaultL2L attributes
- vpn-tunnel-protocol ikev2
- tunnel-group DefaultL2LGroup general-attributes
- default-group-policy DefaultL2L
- tunnel-group DefaultL2LGroup ipsec-attributes
- ikev2 remote-authentication pre-shared-key *****
- ikev2 local-authentication pre-shared-key *****
- !
- class-map inspection_default
- match default-inspection-traffic
- !
- !
- policy-map type inspect dns preset_dns_map
- parameters
- message-length maximum client auto
- message-length maximum 512
- policy-map global_policy
- class inspection_default
- inspect dns preset_dns_map
- inspect ftp
- inspect h323 h225
- inspect h323 ras
- inspect ip-options
- inspect netbios
- inspect rsh
- inspect rtsp
- inspect skinny
- inspect esmtp
- inspect sqlnet
- inspect sunrpc
- inspect tftp
- inspect sip
- inspect xdmcp
- inspect icmp
- !
- service-policy global_policy global
- prompt hostname context
- no call-home reporting anonymous
- call-home
- profile CiscoTAC-1
- no active
- destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
- destination address email callhome@cisco.com
- destination transport-method http
- subscribe-to-alert-group diagnostic
- subscribe-to-alert-group environment
- subscribe-to-alert-group inventory periodic monthly
- subscribe-to-alert-group configuration periodic monthly
- subscribe-to-alert-group telemetry periodic daily
- crashinfo save disable
- Cryptochecksum:9cc1fc800aafbd703538f9e99fe427d3
- : end
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement