SHARE
TWEET

Untitled

a guest Jul 19th, 2019 61 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. names
  2. name 192.168.68.0 Net-AZ4-SERVERS
  3. name 192.168.168.64 Net-AZ4-NETWORK
  4. name 2.2.2.194 AZ4-vSCP
  5. name 9.9.9.196 SCP-DG-BP
  6. name 192.168.168.80 Net-CorpOne1
  7. name 192.168.168.84 Net-CorpOne2
  8. name 4.4.4.58 Net-info1
  9. name 4.4.4.2 Net-info2
  10. name 192.168.68.100 AZ4-vNS1
  11. name 2.2.2.198 trust03
  12. name 2.2.2.196 trust01
  13. name 2.2.2.197 trust02
  14. name 2.2.2.199 trust04
  15. name 2.2.2.200 trust15
  16. name 2.2.2.201 trust16
  17. name 2.2.2.202 trust17
  18. name 2.2.2.203 trust18
  19. name 2.2.2.204 trust19
  20. name 2.2.2.205 trust20
  21. name 2.2.2.206 trust21
  22. name 2.2.2.207 trust22
  23. name 2.2.2.208 trust23
  24. name 2.2.2.209 trust24
  25. name 2.2.2.210 trust25
  26. name 2.2.2.211 trust26
  27. name 2.2.2.212 trust27
  28. name 2.2.2.213 trust28
  29. name 2.2.2.214 trust29
  30. name 2.2.2.215 trust30
  31. name 2.2.2.216 trust31
  32. name 2.2.2.195 AZ4-vTEST
  33. name 3.3.3.34 CorpOneMD1
  34. name 3.3.3.50 CorpOneMD2
  35. name 192.168.168.82 CorpOneMD-inside1
  36. name 192.168.168.86 CorpOneMD-inside2
  37. name 192.168.68.101 AZ4-vNS2
  38. ip local pool temppool 192.168.0.1-192.168.0.254 mask 255.255.255.0
  39.  
  40. !
  41. interface GigabitEthernet1/1
  42.  description Trunk for providers, dmz1 and outside
  43.  speed 1000
  44.  duplex full
  45.  nameif outside
  46.  security-level 0
  47.  ip address 1.1.1.6 255.255.255.252
  48. !
  49. interface GigabitEthernet1/1.1
  50.  description to DMZ
  51.  vlan 100
  52.  nameif dmz1
  53.  security-level 50
  54.  ip address 2.2.2.193 255.255.255.224 standby 2.2.2.222
  55. !
  56. interface GigabitEthernet1/2
  57.  description Inside-Interface
  58.  speed 1000
  59.  duplex full
  60.  nameif inside
  61.  security-level 100
  62.  ip address 192.168.168.65 255.255.255.240 standby 192.168.168.68
  63. !
  64. interface GigabitEthernet1/2.68
  65.  vlan 68
  66.  nameif inside-68
  67.  security-level 100
  68.  ip address 192.168.68.253 255.255.255.0 standby 192.168.68.254
  69. !
  70. interface GigabitEthernet1/2.201
  71.  vlan 201
  72.  nameif CorpOne-a
  73.  security-level 40
  74.  ip address 192.168.168.81 255.255.255.252
  75. !
  76. interface GigabitEthernet1/2.202
  77.  vlan 202
  78.  nameif CorpOne-b
  79.  security-level 40
  80.  ip address 192.168.168.85 255.255.255.252
  81. !
  82. interface GigabitEthernet1/3
  83.  description to outside2
  84.  nameif outside2
  85.  security-level 10
  86.  ip address 1.1.1.2 255.255.255.252
  87. !
  88. interface GigabitEthernet1/4
  89.  shutdown
  90.  no nameif
  91.  no security-level
  92.  no ip address
  93. !
  94. interface GigabitEthernet1/5
  95.  shutdown
  96.  no nameif
  97.  no security-level
  98.  no ip address
  99. !
  100. interface GigabitEthernet1/6
  101.  shutdown
  102.  no nameif
  103.  no security-level
  104.  no ip address
  105. !
  106. interface GigabitEthernet1/7
  107.  shutdown
  108.  no nameif
  109.  no security-level
  110.  no ip address
  111. !
  112. interface GigabitEthernet1/8
  113.  description LAN Failover Interface
  114. !
  115. interface Management1/1
  116.  management-only
  117.  no nameif
  118.  no security-level
  119.  no ip address
  120. !
  121. ftp mode passive
  122. clock timezone EST -5
  123. clock summer-time EDT recurring
  124. dns domain-lookup outside
  125. dns domain-lookup inside-68
  126. dns server-group DefaultDNS
  127.  name-server 8.8.8.8 inside-68
  128.  name-server 8.8.4.4 outside
  129.  name-server 1.1.1.1
  130.  domain-name informatics.com
  131. same-security-traffic permit inter-interface
  132. same-security-traffic permit intra-interface
  133. object network NETWORK_OBJ_192.168.0.8_29
  134.  subnet 192.168.0.8 255.255.255.248
  135. object network NETWORK_OBJ_192.168.0.0_24
  136.  subnet 192.168.0.0 255.255.255.0
  137. object network AZ4-vSCP
  138.  host 2.2.2.194
  139. object-group network SCP-Access
  140.  network-object host SCP-DG-BP
  141. object-group network CorpOne
  142.  network-object Net-CorpOne1 255.255.255.252
  143.  network-object Net-CorpOne2 255.255.255.252
  144. object-group network info
  145.  network-object Net-info1 255.255.255.255
  146.  network-object Net-info2 255.255.255.255
  147.  network-object SCP-DG-BP 255.255.255.255
  148. object-group service info-Common tcp
  149.  port-object eq ssh
  150.  port-object eq telnet
  151. object-group network TI-DNS
  152.  network-object host AZ4-vNS1
  153.  network-object host AZ4-vNS2
  154. object-group network all-trust-hosts
  155.  network-object host AZ4-vTEST
  156.  network-object host trust01
  157.  network-object host trust02
  158.  network-object host trust03
  159.  network-object host trust04
  160.  network-object host trust15
  161.  network-object host trust16
  162.  network-object host trust17
  163.  network-object host trust18
  164.  network-object host trust19
  165.  network-object host trust20
  166.  network-object host trust21
  167.  network-object host trust22
  168.  network-object host trust23
  169.  network-object host trust24
  170.  network-object host trust25
  171.  network-object host trust26
  172.  network-object host trust27
  173.  network-object host trust28
  174.  network-object host trust29
  175.  network-object host trust30
  176.  network-object host trust31
  177.  network-object host AZ4-vSCP
  178. object-group network DMZ-INT-DNSAccess
  179.  network-object host AZ4-vTEST
  180.  group-object all-trust-hosts
  181. object-group network DMZ-WEBAccess
  182.  network-object host AZ4-vTEST
  183.  group-object all-trust-hosts
  184. object-group service web tcp
  185.  port-object eq www
  186.  port-object eq https
  187. object-group network DMZ-BBTestAccess
  188.  network-object host AZ4-vTEST
  189. object-group network trust-hosts
  190.  network-object host AZ4-vTEST
  191. object-group network trust01
  192.  network-object host trust01
  193. object-group network trust02
  194.  network-object host trust02
  195. object-group network trust03
  196.  network-object host trust03
  197. object-group network trust04
  198.  network-object host trust04
  199. object-group network trust15
  200.  network-object host trust15
  201. object-group network trust16
  202.  network-object host trust16
  203. object-group network trust17
  204.  network-object host trust17
  205. object-group network trust18
  206.  network-object host trust18
  207. object-group network trust19
  208.  network-object host trust19
  209. object-group network trust20
  210.  network-object host trust20
  211. object-group network trust21
  212.  network-object host trust21
  213. object-group network trust22
  214.  network-object host trust22
  215. object-group network trust23
  216.  network-object host trust23
  217. object-group network trust24
  218.  network-object host trust24
  219. object-group network trust25
  220.  network-object host trust25
  221. object-group network trust26
  222.  network-object host trust26
  223. object-group network trust27
  224.  network-object host trust27
  225. object-group network trust28
  226.  network-object host trust28
  227. object-group network trust29
  228.  network-object host trust29
  229. object-group network trust30
  230.  network-object host trust30
  231. object-group network trust31
  232.  network-object host trust31
  233. object-group network AZ4-vTEST
  234.  network-object host AZ4-vTEST
  235. object-group service standard-trust-tcp-udp tcp-udp
  236.  port-object range 22 23
  237.  port-object range 9080 9083
  238.  port-object range 9090 9093
  239.  port-object range 12345 12349
  240.  port-object eq www
  241.  port-object eq 443
  242.  port-object eq 8080
  243.  port-object eq 9443
  244. object-group network CorpOne_MD_Servers
  245.  network-object host CorpOneMD1
  246.  network-object host CorpOneMD2
  247. object-group service trust-2-bb-tcp-udp tcp-udp
  248.  port-object eq 8194
  249.  port-object eq 8196
  250. object-group service tinfo-2-bb-tcp-udp tcp-udp
  251.  port-object eq 8194
  252.  port-object eq 8196
  253.  port-object eq 9194
  254. access-list inside_access_out extended permit ip any4 any4
  255. access-list split-tunnel standard permit 192.168.68.0 255.255.255.0
  256. access-list dmz_access_in remark The following line is to allow access to external http/https websites from authorized DMZ hosts
  257. access-list dmz_access_in extended permit tcp object-group DMZ-WEBAccess any4 object-group web
  258. access-list dmz_access_in remark The following 4 lines are to allow ICMP for Ping and Traceroute
  259. access-list dmz_access_in extended permit icmp any4 any4 echo
  260. access-list dmz_access_in extended permit icmp any4 any4 echo-reply
  261. access-list dmz_access_in extended permit icmp any4 any4 time-exceeded
  262. access-list dmz_access_in extended permit icmp any4 any4 traceroute
  263. access-list dmz_access_in remark The following 2 lines are to allow DNS queries from authorized DMZ hosts
  264. access-list dmz_access_in extended permit tcp object-group all-trust-hosts object-group TI-DNS eq domain
  265. access-list dmz_access_in extended permit udp object-group all-trust-hosts object-group TI-DNS eq domain
  266. access-list dmz_access_in remark The following line is to allow access to BB md servers from DMZ hosts
  267. access-list dmz_access_in extended permit tcp object-group all-trust-hosts object-group CorpOne_MD_Servers object-group trust-2-bb-tcp-udp
  268. access-list outside_access_in remark The following 1 line is to allow info hosts inside to common md ports
  269. access-list outside_access_in extended permit tcp object-group info object-group CorpOne_MD_Servers object-group tinfo-2-bb-tcp-udp
  270. access-list outside_access_in remark The following 1 line is to allow DG hosts inside to common md ports for testing
  271. access-list outside_access_in extended permit tcp object-group SCP-Access object-group CorpOne_MD_Servers object-group tinfo-2-bb-tcp-udp
  272. access-list outside_access_in remark The following 1 line allow SSH access to the test server from authorized IPs
  273. access-list outside_access_in extended permit tcp object-group info object-group all-trust-hosts object-group standard-trust-tcp-udp
  274.  
  275. logging enable
  276. logging timestamp
  277. no logging hide username
  278. no arp permit-nonconnected
  279. arp rate-limit 16384
  280. nat (inside,outside) source dynamic any interface
  281. nat (inside-68,outside) source dynamic any interface
  282. nat (inside-68,inside) source dynamic any interface
  283. nat (inside,inside-68) source dynamic any interface
  284. nat (inside,outside2) source dynamic any interface
  285. nat (inside,outside) source static any any destination static NETWORK_OBJ_192.168.0.8_29 NETWORK_OBJ_192.168.0.8_29 no-proxy-arp route-lookup
  286. nat (inside-68,outside) source static any any destination static NETWORK_OBJ_192.168.0.0_24 NETWORK_OBJ_192.168.0.0_24 no-proxy-arp route-lookup
  287. nat (outside,dmz1) source dynamic any interface
  288. nat (outside2,dmz1) source dynamic any interface
  289. nat (inside-68,outside2) source dynamic any interface
  290. nat (inside,outside2) source static any any destination static NETWORK_OBJ_192.168.0.8_29 NETWORK_OBJ_192.168.0.8_29 no-proxy-arp route-lookup
  291. nat (inside-68,outside2) source static any any destination static NETWORK_OBJ_192.168.0.0_24 NETWORK_OBJ_192.168.0.0_24 no-proxy-arp route-lookup
  292. nat (dmz1,CorpOne-a) source dynamic any interface
  293. nat (dmz1,CorpOne-b) source dynamic any interface
  294. !
  295. nat (dmz1,outside) after-auto source dynamic any interface
  296. nat (dmz1,outside2) after-auto source dynamic any interface
  297. access-group outside_access_in in interface outside
  298. access-group dmz_access_in in interface dmz1
  299. access-group inside_access_out in interface inside
  300. access-group inside_access_out in interface inside-68
  301. access-group outside_access_in in interface outside2
  302. route outside 0.0.0.0 0.0.0.0 1.1.1.5 1
  303. route outside2 0.0.0.0 0.0.0.0 1.1.1.1 2
  304. route CorpOne-a CorpOneMD1 255.255.255.255 CorpOneMD-inside1 1
  305. route CorpOne-b CorpOneMD2 255.255.255.255 CorpOneMD-inside2 2
  306. route inside-68 Net-AZ4-SERVERS 255.255.255.240 192.168.168.66 1
  307.  
  308. policy-map type inspect dns preset_dns_map
  309.  parameters
  310.   message-length maximum client auto
  311.   message-length maximum 512
  312.   no tcp-inspection
  313. policy-map global_policy
  314.  class inspection_default
  315.   inspect dns preset_dns_map
  316.   inspect ftp
  317.   inspect h323 h225
  318.   inspect h323 ras
  319.   inspect rsh
  320.   inspect rtsp
  321.   inspect esmtp
  322.   inspect sqlnet
  323.   inspect skinny
  324.   inspect sunrpc
  325.   inspect xdmcp
  326.   inspect sip
  327.   inspect netbios
  328.   inspect tftp
  329.   inspect ip-options
  330.   inspect icmp
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top