namesname 192.168.68.0 Net-AZ4-SERVERSname 192.168.168.64 Net-AZ4-NETWORKname

1. names
2. name 192.168.68.0 Net-AZ4-SERVERS
3. name 192.168.168.64 Net-AZ4-NETWORK
4. name 2.2.2.194 AZ4-vSCP
5. name 9.9.9.196 SCP-DG-BP
6. name 192.168.168.80 Net-CorpOne1
7. name 192.168.168.84 Net-CorpOne2
8. name 4.4.4.58 Net-info1
9. name 4.4.4.2 Net-info2
10. name 192.168.68.100 AZ4-vNS1
11. name 2.2.2.198 trust03
12. name 2.2.2.196 trust01
13. name 2.2.2.197 trust02
14. name 2.2.2.199 trust04
15. name 2.2.2.200 trust15
16. name 2.2.2.201 trust16
17. name 2.2.2.202 trust17
18. name 2.2.2.203 trust18
19. name 2.2.2.204 trust19
20. name 2.2.2.205 trust20
21. name 2.2.2.206 trust21
22. name 2.2.2.207 trust22
23. name 2.2.2.208 trust23
24. name 2.2.2.209 trust24
25. name 2.2.2.210 trust25
26. name 2.2.2.211 trust26
27. name 2.2.2.212 trust27
28. name 2.2.2.213 trust28
29. name 2.2.2.214 trust29
30. name 2.2.2.215 trust30
31. name 2.2.2.216 trust31
32. name 2.2.2.195 AZ4-vTEST
33. name 3.3.3.34 CorpOneMD1
34. name 3.3.3.50 CorpOneMD2
35. name 192.168.168.82 CorpOneMD-inside1
36. name 192.168.168.86 CorpOneMD-inside2
37. name 192.168.68.101 AZ4-vNS2
38. ip local pool temppool 192.168.0.1-192.168.0.254 mask 255.255.255.0
39.  
40. !
41. interface GigabitEthernet1/1
42. description Trunk for providers, dmz1 and outside
43. speed 1000
44. duplex full
45. nameif outside
46. security-level 0
47. ip address 1.1.1.6 255.255.255.252
48. !
49. interface GigabitEthernet1/1.1
50. description to DMZ
51. vlan 100
52. nameif dmz1
53. security-level 50
54. ip address 2.2.2.193 255.255.255.224 standby 2.2.2.222
55. !
56. interface GigabitEthernet1/2
57. description Inside-Interface
58. speed 1000
59. duplex full
60. nameif inside
61. security-level 100
62. ip address 192.168.168.65 255.255.255.240 standby 192.168.168.68
63. !
64. interface GigabitEthernet1/2.68
65. vlan 68
66. nameif inside-68
67. security-level 100
68. ip address 192.168.68.253 255.255.255.0 standby 192.168.68.254
69. !
70. interface GigabitEthernet1/2.201
71. vlan 201
72. nameif CorpOne-a
73. security-level 40
74. ip address 192.168.168.81 255.255.255.252
75. !
76. interface GigabitEthernet1/2.202
77. vlan 202
78. nameif CorpOne-b
79. security-level 40
80. ip address 192.168.168.85 255.255.255.252
81. !
82. interface GigabitEthernet1/3
83. description to outside2
84. nameif outside2
85. security-level 10
86. ip address 1.1.1.2 255.255.255.252
87. !
88. interface GigabitEthernet1/4
89. shutdown
90. no nameif
91. no security-level
92. no ip address
93. !
94. interface GigabitEthernet1/5
95. shutdown
96. no nameif
97. no security-level
98. no ip address
99. !
100. interface GigabitEthernet1/6
101. shutdown
102. no nameif
103. no security-level
104. no ip address
105. !
106. interface GigabitEthernet1/7
107. shutdown
108. no nameif
109. no security-level
110. no ip address
111. !
112. interface GigabitEthernet1/8
113. description LAN Failover Interface
114. !
115. interface Management1/1
116. management-only
117. no nameif
118. no security-level
119. no ip address
120. !
121. ftp mode passive
122. clock timezone EST -5
123. clock summer-time EDT recurring
124. dns domain-lookup outside
125. dns domain-lookup inside-68
126. dns server-group DefaultDNS
127. name-server 8.8.8.8 inside-68
128. name-server 8.8.4.4 outside
129. name-server 1.1.1.1
130. domain-name informatics.com
131. same-security-traffic permit inter-interface
132. same-security-traffic permit intra-interface
133. object network NETWORK_OBJ_192.168.0.8_29
134. subnet 192.168.0.8 255.255.255.248
135. object network NETWORK_OBJ_192.168.0.0_24
136. subnet 192.168.0.0 255.255.255.0
137. object network AZ4-vSCP
138. host 2.2.2.194
139. object-group network SCP-Access
140. network-object host SCP-DG-BP
141. object-group network CorpOne
142. network-object Net-CorpOne1 255.255.255.252
143. network-object Net-CorpOne2 255.255.255.252
144. object-group network info
145. network-object Net-info1 255.255.255.255
146. network-object Net-info2 255.255.255.255
147. network-object SCP-DG-BP 255.255.255.255
148. object-group service info-Common tcp
149. port-object eq ssh
150. port-object eq telnet
151. object-group network TI-DNS
152. network-object host AZ4-vNS1
153. network-object host AZ4-vNS2
154. object-group network all-trust-hosts
155. network-object host AZ4-vTEST
156. network-object host trust01
157. network-object host trust02
158. network-object host trust03
159. network-object host trust04
160. network-object host trust15
161. network-object host trust16
162. network-object host trust17
163. network-object host trust18
164. network-object host trust19
165. network-object host trust20
166. network-object host trust21
167. network-object host trust22
168. network-object host trust23
169. network-object host trust24
170. network-object host trust25
171. network-object host trust26
172. network-object host trust27
173. network-object host trust28
174. network-object host trust29
175. network-object host trust30
176. network-object host trust31
177. network-object host AZ4-vSCP
178. object-group network DMZ-INT-DNSAccess
179. network-object host AZ4-vTEST
180. group-object all-trust-hosts
181. object-group network DMZ-WEBAccess
182. network-object host AZ4-vTEST
183. group-object all-trust-hosts
184. object-group service web tcp
185. port-object eq www
186. port-object eq https
187. object-group network DMZ-BBTestAccess
188. network-object host AZ4-vTEST
189. object-group network trust-hosts
190. network-object host AZ4-vTEST
191. object-group network trust01
192. network-object host trust01
193. object-group network trust02
194. network-object host trust02
195. object-group network trust03
196. network-object host trust03
197. object-group network trust04
198. network-object host trust04
199. object-group network trust15
200. network-object host trust15
201. object-group network trust16
202. network-object host trust16
203. object-group network trust17
204. network-object host trust17
205. object-group network trust18
206. network-object host trust18
207. object-group network trust19
208. network-object host trust19
209. object-group network trust20
210. network-object host trust20
211. object-group network trust21
212. network-object host trust21
213. object-group network trust22
214. network-object host trust22
215. object-group network trust23
216. network-object host trust23
217. object-group network trust24
218. network-object host trust24
219. object-group network trust25
220. network-object host trust25
221. object-group network trust26
222. network-object host trust26
223. object-group network trust27
224. network-object host trust27
225. object-group network trust28
226. network-object host trust28
227. object-group network trust29
228. network-object host trust29
229. object-group network trust30
230. network-object host trust30
231. object-group network trust31
232. network-object host trust31
233. object-group network AZ4-vTEST
234. network-object host AZ4-vTEST
235. object-group service standard-trust-tcp-udp tcp-udp
236. port-object range 22 23
237. port-object range 9080 9083
238. port-object range 9090 9093
239. port-object range 12345 12349
240. port-object eq www
241. port-object eq 443
242. port-object eq 8080
243. port-object eq 9443
244. object-group network CorpOne_MD_Servers
245. network-object host CorpOneMD1
246. network-object host CorpOneMD2
247. object-group service trust-2-bb-tcp-udp tcp-udp
248. port-object eq 8194
249. port-object eq 8196
250. object-group service tinfo-2-bb-tcp-udp tcp-udp
251. port-object eq 8194
252. port-object eq 8196
253. port-object eq 9194
254. access-list inside_access_out extended permit ip any4 any4
255. access-list split-tunnel standard permit 192.168.68.0 255.255.255.0
256. access-list dmz_access_in remark The following line is to allow access to external http/https websites from authorized DMZ hosts
257. access-list dmz_access_in extended permit tcp object-group DMZ-WEBAccess any4 object-group web
258. access-list dmz_access_in remark The following 4 lines are to allow ICMP for Ping and Traceroute
259. access-list dmz_access_in extended permit icmp any4 any4 echo
260. access-list dmz_access_in extended permit icmp any4 any4 echo-reply
261. access-list dmz_access_in extended permit icmp any4 any4 time-exceeded
262. access-list dmz_access_in extended permit icmp any4 any4 traceroute
263. access-list dmz_access_in remark The following 2 lines are to allow DNS queries from authorized DMZ hosts
264. access-list dmz_access_in extended permit tcp object-group all-trust-hosts object-group TI-DNS eq domain
265. access-list dmz_access_in extended permit udp object-group all-trust-hosts object-group TI-DNS eq domain
266. access-list dmz_access_in remark The following line is to allow access to BB md servers from DMZ hosts
267. access-list dmz_access_in extended permit tcp object-group all-trust-hosts object-group CorpOne_MD_Servers object-group trust-2-bb-tcp-udp
268. access-list outside_access_in remark The following 1 line is to allow info hosts inside to common md ports
269. access-list outside_access_in extended permit tcp object-group info object-group CorpOne_MD_Servers object-group tinfo-2-bb-tcp-udp
270. access-list outside_access_in remark The following 1 line is to allow DG hosts inside to common md ports for testing
271. access-list outside_access_in extended permit tcp object-group SCP-Access object-group CorpOne_MD_Servers object-group tinfo-2-bb-tcp-udp
272. access-list outside_access_in remark The following 1 line allow SSH access to the test server from authorized IPs
273. access-list outside_access_in extended permit tcp object-group info object-group all-trust-hosts object-group standard-trust-tcp-udp
274.  
275. logging enable
276. logging timestamp
277. no logging hide username
278. no arp permit-nonconnected
279. arp rate-limit 16384
280. nat (inside,outside) source dynamic any interface
281. nat (inside-68,outside) source dynamic any interface
282. nat (inside-68,inside) source dynamic any interface
283. nat (inside,inside-68) source dynamic any interface
284. nat (inside,outside2) source dynamic any interface
285. nat (inside,outside) source static any any destination static NETWORK_OBJ_192.168.0.8_29 NETWORK_OBJ_192.168.0.8_29 no-proxy-arp route-lookup
286. nat (inside-68,outside) source static any any destination static NETWORK_OBJ_192.168.0.0_24 NETWORK_OBJ_192.168.0.0_24 no-proxy-arp route-lookup
287. nat (outside,dmz1) source dynamic any interface
288. nat (outside2,dmz1) source dynamic any interface
289. nat (inside-68,outside2) source dynamic any interface
290. nat (inside,outside2) source static any any destination static NETWORK_OBJ_192.168.0.8_29 NETWORK_OBJ_192.168.0.8_29 no-proxy-arp route-lookup
291. nat (inside-68,outside2) source static any any destination static NETWORK_OBJ_192.168.0.0_24 NETWORK_OBJ_192.168.0.0_24 no-proxy-arp route-lookup
292. nat (dmz1,CorpOne-a) source dynamic any interface
293. nat (dmz1,CorpOne-b) source dynamic any interface
294. !
295. nat (dmz1,outside) after-auto source dynamic any interface
296. nat (dmz1,outside2) after-auto source dynamic any interface
297. access-group outside_access_in in interface outside
298. access-group dmz_access_in in interface dmz1
299. access-group inside_access_out in interface inside
300. access-group inside_access_out in interface inside-68
301. access-group outside_access_in in interface outside2
302. route outside 0.0.0.0 0.0.0.0 1.1.1.5 1
303. route outside2 0.0.0.0 0.0.0.0 1.1.1.1 2
304. route CorpOne-a CorpOneMD1 255.255.255.255 CorpOneMD-inside1 1
305. route CorpOne-b CorpOneMD2 255.255.255.255 CorpOneMD-inside2 2
306. route inside-68 Net-AZ4-SERVERS 255.255.255.240 192.168.168.66 1
307.  
308. policy-map type inspect dns preset_dns_map
309. parameters
310. message-length maximum client auto
311. message-length maximum 512
312. no tcp-inspection
313. policy-map global_policy
314. class inspection_default
315. inspect dns preset_dns_map
316. inspect ftp
317. inspect h323 h225
318. inspect h323 ras
319. inspect rsh
320. inspect rtsp
321. inspect esmtp
322. inspect sqlnet
323. inspect skinny
324. inspect sunrpc
325. inspect xdmcp
326. inspect sip
327. inspect netbios
328. inspect tftp
329. inspect ip-options
330. inspect icmp