API tools faq
paste
Advertisement
Guest User

Cisco ASA1

a guest
Aug 22nd, 2021
623
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.06 KB | None | 0 0
raw download clone embed print report
  1. !ASA1
  2.  
  3. : Saved
  4. :
  5. ASA Version 8.4(2)
  6. !
  7. hostname ciscoasa
  8. enable password 8Ry2YjIyt7RRXU24 encrypted
  9. passwd 2KFQnbNIdI.2KYOU encrypted
  10. names
  11. !
  12. interface Ethernet0
  13. nameif outside
  14. security-level 0
  15. ip address dhcp
  16. !
  17. interface Ethernet1
  18. nameif inside
  19. security-level 100
  20. ip address 192.168.3.1 255.255.255.0
  21. !
  22. interface Ethernet2
  23. shutdown
  24. no nameif
  25. no security-level
  26. no ip address
  27. !
  28. interface Ethernet3
  29. shutdown
  30. no nameif
  31. no security-level
  32. no ip address
  33. !
  34. ftp mode passive
  35. same-security-traffic permit intra-interface
  36. object-group network inside
  37. network-object 192.168.3.0 255.255.255.0
  38. object-group network ALLSITES
  39. network-object 192.168.3.0 255.255.255.0
  40. network-object 192.168.4.0 255.255.255.0
  41. pager lines 24
  42. logging console debugging
  43. mtu outside 1500
  44. mtu inside 1500
  45. no failover
  46. icmp unreachable rate-limit 1 burst-size 1
  47. no asdm history enable
  48. arp timeout 14400
  49. nat (any,outside) source static ALLSITES ALLSITES destination static ALLSITES ALLSITES
  50. !
  51. nat (inside,outside) after-auto source dynamic inside interface
  52. route outside 10.10.1.0 255.255.255.0 10.10.0.1 1
  53. timeout xlate 3:00:00
  54. timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  55. timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  56. timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  57. timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  58. timeout tcp-proxy-reassembly 0:01:00
  59. timeout floating-conn 0:00:00
  60. dynamic-access-policy-record DfltAccessPolicy
  61. user-identity default-domain LOCAL
  62. no snmp-server location
  63. no snmp-server contact
  64. snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
  65. crypto ipsec ikev2 ipsec-proposal AES256
  66. protocol esp encryption aes-256
  67. protocol esp integrity sha-1
  68. crypto ipsec security-association lifetime seconds 3600
  69. crypto dynamic-map DYNAMIC-S2S 1 set pfs
  70. crypto dynamic-map DYNAMIC-S2S 1 set ikev2 ipsec-proposal AES256
  71. crypto dynamic-map DYNAMIC-S2S 1 set reverse-route
  72. crypto map VPNMAP 65535 ipsec-isakmp dynamic DYNAMIC-S2S
  73. crypto map VPNMAP interface outside
  74. crypto ikev2 policy 10
  75. encryption aes-256
  76. integrity sha512
  77. group 2
  78. prf sha
  79. lifetime seconds 28800
  80. crypto ikev2 enable outside
  81. telnet timeout 5
  82. ssh timeout 5
  83. console timeout 0
  84. dhcpd dns 192.168.3.1
  85. dhcpd lease 300
  86. dhcpd option 3 ip 192.168.3.1
  87. !
  88. dhcpd address 192.168.3.2-192.168.3.254 inside
  89. dhcpd enable inside
  90. !
  91. threat-detection basic-threat
  92. threat-detection statistics access-list
  93. no threat-detection statistics tcp-intercept
  94. webvpn
  95. anyconnect-essentials
  96. group-policy DefaultL2L internal
  97. group-policy DefaultL2L attributes
  98. vpn-tunnel-protocol ikev2
  99. tunnel-group DefaultL2LGroup general-attributes
  100. default-group-policy DefaultL2L
  101. tunnel-group DefaultL2LGroup ipsec-attributes
  102. ikev2 remote-authentication pre-shared-key *****
  103. ikev2 local-authentication pre-shared-key *****
  104. !
  105. class-map inspection_default
  106. match default-inspection-traffic
  107. !
  108. !
  109. policy-map type inspect dns preset_dns_map
  110. parameters
  111. message-length maximum client auto
  112. message-length maximum 512
  113. policy-map global_policy
  114. class inspection_default
  115. inspect dns preset_dns_map
  116. inspect ftp
  117. inspect h323 h225
  118. inspect h323 ras
  119. inspect ip-options
  120. inspect netbios
  121. inspect rsh
  122. inspect rtsp
  123. inspect skinny
  124. inspect esmtp
  125. inspect sqlnet
  126. inspect sunrpc
  127. inspect tftp
  128. inspect sip
  129. inspect xdmcp
  130. inspect icmp
  131. !
  132. service-policy global_policy global
  133. prompt hostname context
  134. no call-home reporting anonymous
  135. call-home
  136. profile CiscoTAC-1
  137. no active
  138. destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
  139. destination address email callhome@cisco.com
  140. destination transport-method http
  141. subscribe-to-alert-group diagnostic
  142. subscribe-to-alert-group environment
  143. subscribe-to-alert-group inventory periodic monthly
  144. subscribe-to-alert-group configuration periodic monthly
  145. subscribe-to-alert-group telemetry periodic daily
  146. crashinfo save disable
  147. Cryptochecksum:9cc1fc800aafbd703538f9e99fe427d3
  148. : end
  149.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!