SHOW:
|
|
- or go back to the newest paste.
1 | show run | |
2 | : Saved | |
3 | : | |
4 | : Serial Number: JMX1619Z136 | |
5 | : Hardware: ASA5505, 512 MB RAM, CPU Geode 500 MHz | |
6 | : | |
7 | ASA Version 9.1(7)16 | |
8 | ! | |
9 | - | hostname TSGM-OHRA-13397-ASA1 |
9 | + | hostname ciscoasa1 |
10 | - | domain-name ad.tristansgray.com |
10 | + | domain-name ########## |
11 | - | enable password bIjiuIvLH1VMiilI encrypted |
11 | + | enable password ############## encrypted |
12 | names | |
13 | ! | |
14 | interface Ethernet0/0 | |
15 | switchport access vlan 2 | |
16 | ! | |
17 | interface Ethernet0/1 | |
18 | ! | |
19 | interface Ethernet0/2 | |
20 | ! | |
21 | interface Ethernet0/3 | |
22 | ! | |
23 | interface Ethernet0/4 | |
24 | ! | |
25 | interface Ethernet0/5 | |
26 | ! | |
27 | interface Ethernet0/6 | |
28 | ! | |
29 | interface Ethernet0/7 | |
30 | ! | |
31 | interface Vlan1 | |
32 | nameif inside | |
33 | security-level 100 | |
34 | ip address 10.0.0.1 255.255.255.0 | |
35 | ! | |
36 | interface Vlan2 | |
37 | nameif outside | |
38 | security-level 0 | |
39 | ip address dhcp setroute | |
40 | ! | |
41 | ftp mode passive | |
42 | dns domain-lookup inside | |
43 | dns server-group DefaultDNS | |
44 | name-server 8.8.8.8 | |
45 | name-server 192.168.1.5 | |
46 | name-server 192.168.1.6 | |
47 | - | domain-name ad.tristansgray.com |
47 | + | domain-name ############ |
48 | object network obj_any | |
49 | subnet 0.0.0.0 0.0.0.0 | |
50 | object network 3759 | |
51 | subnet 192.168.1.0 255.255.255.0 | |
52 | object network NETWORK_OBJ_10.0.0.0_24 | |
53 | subnet 10.0.0.0 255.255.255.0 | |
54 | object network Local | |
55 | subnet 10.0.0.0 255.255.255.0 | |
56 | object-group service DM_INLINE_SERVICE_1 | |
57 | service-object icmp | |
58 | service-object icmp echo | |
59 | service-object icmp echo-reply | |
60 | service-object icmp traceroute | |
61 | service-object tcp-udp destination eq www | |
62 | access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_1 a ny interface outside | |
63 | access-list outside_access_in extended permit tcp any interface outside eq https | |
64 | access-list outside_access_in extended permit ip 10.0.0.0 255.255.255.0 object 3 759 | |
65 | access-list outside_cryptomap extended permit ip 10.0.0.0 255.255.255.0 object 3 759 | |
66 | access-list outside_cryptomap_1 extended permit ip 10.0.0.0 255.255.255.0 object 3759 | |
67 | pager lines 24 | |
68 | logging asdm informational | |
69 | mtu inside 1500 | |
70 | mtu outside 1500 | |
71 | no failover | |
72 | icmp unreachable rate-limit 1 burst-size 1 | |
73 | no asdm history enable | |
74 | arp timeout 14400 | |
75 | no arp permit-nonconnected | |
76 | nat (inside,outside) source static NETWORK_OBJ_10.0.0.0_24 NETWORK_OBJ_10.0.0.0_ 24 destination static 3759 3759 no-proxy-arp route-lookup | |
77 | ! | |
78 | object network obj_any | |
79 | nat (inside,outside) dynamic interface | |
80 | ! | |
81 | nat (inside,outside) after-auto source dynamic any interface | |
82 | access-group outside_access_in in interface outside | |
83 | timeout xlate 3:00:00 | |
84 | timeout pat-xlate 0:00:30 | |
85 | timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 | |
86 | timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 | |
87 | timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 | |
88 | timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute | |
89 | timeout tcp-proxy-reassembly 0:01:00 | |
90 | timeout floating-conn 0:00:00 | |
91 | dynamic-access-policy-record DfltAccessPolicy | |
92 | user-identity default-domain LOCAL | |
93 | http server enable | |
94 | http 10.0.0.0 255.255.255.0 inside | |
95 | http 192.168.1.0 255.255.255.0 inside | |
96 | no snmp-server location | |
97 | no snmp-server contact | |
98 | crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac | |
99 | crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transport | |
100 | crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac | |
101 | crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport | |
102 | crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac | |
103 | crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transport | |
104 | crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac | |
105 | crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport | |
106 | crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac | |
107 | crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transport | |
108 | crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac | |
109 | crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac | |
110 | crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac | |
111 | crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport | |
112 | crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac | |
113 | crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transport | |
114 | crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac | |
115 | crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac | |
116 | crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac | |
117 | crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport | |
118 | crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac | |
119 | crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transport | |
120 | crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac | |
121 | crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac | |
122 | crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac | |
123 | crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac | |
124 | crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac | |
125 | crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac | |
126 | crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac | |
127 | crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport | |
128 | crypto ipsec ikev2 ipsec-proposal AES256 | |
129 | protocol esp encryption aes-256 | |
130 | protocol esp integrity sha-1 md5 | |
131 | crypto ipsec ikev2 ipsec-proposal AES192 | |
132 | protocol esp encryption aes-192 | |
133 | protocol esp integrity sha-1 md5 | |
134 | crypto ipsec ikev2 ipsec-proposal AES | |
135 | protocol esp encryption aes | |
136 | protocol esp integrity sha-1 md5 | |
137 | crypto ipsec ikev2 ipsec-proposal 3DES | |
138 | protocol esp encryption 3des | |
139 | protocol esp integrity sha-1 md5 | |
140 | crypto ipsec ikev2 ipsec-proposal DES | |
141 | protocol esp encryption des | |
142 | protocol esp integrity sha-1 md5 | |
143 | crypto ipsec security-association pmtu-aging infinite | |
144 | crypto map outside_map 2 match address outside_cryptomap_1 | |
145 | crypto map outside_map 2 set peer 192.168.0.221 | |
146 | crypto map outside_map 2 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ES P-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 | |
147 | crypto map outside_map interface outside | |
148 | crypto ca trustpoint _SmartCallHome_ServerCA | |
149 | no validation-usage | |
150 | crl configure | |
151 | crypto ca trustpool policy | |
152 | crypto ca certificate chain _SmartCallHome_ServerCA | |
153 | certificate ca 18dad19e267de8bb4a2158cdcc6b3b4a | |
154 | 308204d3 308203bb a0030201 02021018 dad19e26 7de8bb4a 2158cdcc 6b3b4a30 | |
155 | 0d06092a 864886f7 0d010105 05003081 ca310b30 09060355 04061302 55533117 | |
156 | 30150603 55040a13 0e566572 69536967 6e2c2049 6e632e31 1f301d06 0355040b | |
157 | 13165665 72695369 676e2054 72757374 204e6574 776f726b 313a3038 06035504 | |
158 | 0b133128 63292032 30303620 56657269 5369676e 2c20496e 632e202d 20466f72 | |
159 | 20617574 686f7269 7a656420 75736520 6f6e6c79 31453043 06035504 03133c56 | |
160 | 65726953 69676e20 436c6173 73203320 5075626c 69632050 72696d61 72792043 | |
161 | 65727469 66696361 74696f6e 20417574 686f7269 7479202d 20473530 1e170d30 | |
162 | 36313130 38303030 3030305a 170d3336 30373136 32333539 35395a30 81ca310b | |
163 | 30090603 55040613 02555331 17301506 0355040a 130e5665 72695369 676e2c20 | |
164 | 496e632e 311f301d 06035504 0b131656 65726953 69676e20 54727573 74204e65 | |
165 | 74776f72 6b313a30 38060355 040b1331 28632920 32303036 20566572 69536967 | |
166 | 6e2c2049 6e632e20 2d20466f 72206175 74686f72 697a6564 20757365 206f6e6c | |
167 | 79314530 43060355 0403133c 56657269 5369676e 20436c61 73732033 20507562 | |
168 | 6c696320 5072696d 61727920 43657274 69666963 6174696f 6e204175 74686f72 | |
169 | 69747920 2d204735 30820122 300d0609 2a864886 f70d0101 01050003 82010f00 | |
170 | 3082010a 02820101 00af2408 08297a35 9e600caa e74b3b4e dc7cbc3c 451cbb2b | |
171 | e0fe2902 f95708a3 64851527 f5f1adc8 31895d22 e82aaaa6 42b38ff8 b955b7b1 | |
172 | b74bb3fe 8f7e0757 ecef43db 66621561 cf600da4 d8def8e0 c362083d 5413eb49 | |
173 | ca595485 26e52b8f 1b9febf5 a191c233 49d84363 6a524bd2 8fe87051 4dd18969 | |
174 | 7bc770f6 b3dc1274 db7b5d4b 56d396bf 1577a1b0 f4a225f2 af1c9267 18e5f406 | |
175 | 04ef90b9 e400e4dd 3ab519ff 02baf43c eee08beb 378becf4 d7acf2f6 f03dafdd | |
176 | 75913319 1d1c40cb 74241921 93d914fe ac2a52c7 8fd50449 e48d6347 883c6983 | |
177 | cbfe47bd 2b7e4fc5 95ae0e9d d4d143c0 6773e314 087ee53f 9f73b833 0acf5d3f | |
178 | 3487968a ee53e825 15020301 0001a381 b23081af 300f0603 551d1301 01ff0405 | |
179 | 30030101 ff300e06 03551d0f 0101ff04 04030201 06306d06 082b0601 05050701 | |
180 | 0c046130 5fa15da0 5b305930 57305516 09696d61 67652f67 69663021 301f3007 | |
181 | 06052b0e 03021a04 148fe5d3 1a86ac8d 8e6bc3cf 806ad448 182c7b19 2e302516 | |
182 | 23687474 703a2f2f 6c6f676f 2e766572 69736967 6e2e636f 6d2f7673 6c6f676f | |
183 | 2e676966 301d0603 551d0e04 1604147f d365a7c2 ddecbbf0 3009f343 39fa02af | |
184 | 33313330 0d06092a 864886f7 0d010105 05000382 01010093 244a305f 62cfd81a | |
185 | 982f3dea dc992dbd 77f6a579 2238ecc4 a7a07812 ad620e45 7064c5e7 97662d98 | |
186 | 097e5faf d6cc2865 f201aa08 1a47def9 f97c925a 0869200d d93e6d6e 3c0d6ed8 | |
187 | e6069140 18b9f8c1 eddfdb41 aae09620 c9cd6415 3881c994 eea28429 0b136f8e | |
188 | db0cdd25 02dba48b 1944d241 7a05694a 584f60ca 7e826a0b 02aa2517 39b5db7f | |
189 | e784652a 958abd86 de5e8116 832d10cc defda882 2a6d281f 0d0bc4e5 e71a2619 | |
190 | e1f4116f 10b595fc e7420532 dbce9d51 5e28b69e 85d35bef a57d4540 728eb70e | |
191 | 6b0e06fb 33354871 b89d278b c4655f0d 86769c44 7af6955c f65d3208 33a454b6 | |
192 | 183f685c f2424a85 3854835f d1e82cf2 ac11d6a8 ed636a | |
193 | quit | |
194 | crypto ikev2 policy 1 | |
195 | encryption aes-256 | |
196 | integrity sha | |
197 | group 5 2 | |
198 | prf sha | |
199 | lifetime seconds 86400 | |
200 | crypto ikev2 policy 10 | |
201 | encryption aes-192 | |
202 | integrity sha | |
203 | group 5 2 | |
204 | prf sha | |
205 | lifetime seconds 86400 | |
206 | crypto ikev2 policy 20 | |
207 | encryption aes | |
208 | integrity sha | |
209 | group 5 2 | |
210 | prf sha | |
211 | lifetime seconds 86400 | |
212 | crypto ikev2 policy 30 | |
213 | encryption 3des | |
214 | integrity sha | |
215 | group 5 2 | |
216 | prf sha | |
217 | lifetime seconds 86400 | |
218 | crypto ikev2 policy 40 | |
219 | encryption des | |
220 | integrity sha | |
221 | group 5 2 | |
222 | prf sha | |
223 | lifetime seconds 86400 | |
224 | crypto ikev2 enable outside | |
225 | crypto ikev1 enable outside | |
226 | crypto ikev1 policy 10 | |
227 | authentication pre-share | |
228 | encryption aes-256 | |
229 | hash sha | |
230 | group 2 | |
231 | lifetime 86400 | |
232 | crypto ikev1 policy 20 | |
233 | authentication rsa-sig | |
234 | encryption aes-256 | |
235 | hash sha | |
236 | group 2 | |
237 | lifetime 86400 | |
238 | crypto ikev1 policy 40 | |
239 | authentication pre-share | |
240 | encryption aes-192 | |
241 | hash sha | |
242 | group 2 | |
243 | lifetime 86400 | |
244 | crypto ikev1 policy 50 | |
245 | authentication rsa-sig | |
246 | encryption aes-192 | |
247 | hash sha | |
248 | group 2 | |
249 | lifetime 86400 | |
250 | crypto ikev1 policy 70 | |
251 | authentication pre-share | |
252 | encryption aes | |
253 | hash sha | |
254 | group 2 | |
255 | lifetime 86400 | |
256 | crypto ikev1 policy 80 | |
257 | authentication rsa-sig | |
258 | encryption aes | |
259 | hash sha | |
260 | group 2 | |
261 | lifetime 86400 | |
262 | crypto ikev1 policy 100 | |
263 | authentication pre-share | |
264 | encryption 3des | |
265 | hash sha | |
266 | group 2 | |
267 | lifetime 86400 | |
268 | crypto ikev1 policy 110 | |
269 | authentication rsa-sig | |
270 | encryption 3des | |
271 | hash sha | |
272 | group 2 | |
273 | lifetime 86400 | |
274 | crypto ikev1 policy 130 | |
275 | authentication pre-share | |
276 | encryption des | |
277 | hash sha | |
278 | group 2 | |
279 | lifetime 86400 | |
280 | crypto ikev1 policy 140 | |
281 | authentication rsa-sig | |
282 | encryption des | |
283 | hash sha | |
284 | group 2 | |
285 | lifetime 86400 | |
286 | telnet 10.0.0.0 255.255.255.0 inside | |
287 | telnet 192.168.1.0 255.255.255.0 inside | |
288 | telnet timeout 5 | |
289 | ssh stricthostkeycheck | |
290 | ssh 192.168.1.0 255.255.255.0 inside | |
291 | ssh 10.0.0.0 255.255.255.0 inside | |
292 | ssh timeout 5 | |
293 | ssh key-exchange group dh-group1-sha1 | |
294 | console timeout 0 | |
295 | management-access inside | |
296 | ||
297 | dhcpd dns 8.8.8.8 192.168.1.5 | |
298 | dhcpd auto_config outside | |
299 | ! | |
300 | dhcpd address 10.0.0.5-10.0.0.254 inside | |
301 | dhcpd enable inside | |
302 | ! | |
303 | threat-detection basic-threat | |
304 | threat-detection statistics access-list | |
305 | no threat-detection statistics tcp-intercept | |
306 | webvpn | |
307 | anyconnect-essentials | |
308 | cache | |
309 | disable | |
310 | group-policy DfltGrpPolicy attributes | |
311 | vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-clientless | |
312 | - | group-policy GroupPolicy_192.168.0.221 internal |
312 | + | group-policy GroupPolicy_######## internal |
313 | - | tunnel-group 192.168.0.221 type ipsec-l2l |
313 | + | tunnel-group ###### type ipsec-l2l |
314 | - | tunnel-group 192.168.0.221 ipsec-attributes |
314 | + | tunnel-group ###### ipsec-attributes |
315 | ikev1 pre-shared-key ***** | |
316 | ikev2 local-authentication pre-shared-key ***** | |
317 | ! | |
318 | class-map inspection_default | |
319 | match default-inspection-traffic | |
320 | ! | |
321 | ! | |
322 | policy-map type inspect dns preset_dns_map | |
323 | parameters | |
324 | message-length maximum client auto | |
325 | message-length maximum 512 | |
326 | policy-map global_policy | |
327 | class inspection_default | |
328 | inspect dns preset_dns_map | |
329 | inspect ftp | |
330 | inspect h323 h225 | |
331 | inspect h323 ras | |
332 | inspect rsh | |
333 | inspect rtsp | |
334 | inspect esmtp | |
335 | inspect sqlnet | |
336 | inspect skinny | |
337 | inspect sunrpc | |
338 | inspect xdmcp | |
339 | inspect sip | |
340 | inspect netbios | |
341 | inspect tftp | |
342 | inspect ip-options | |
343 | inspect icmp | |
344 | ! | |
345 | service-policy global_policy global | |
346 | prompt hostname context | |
347 | call-home reporting anonymous | |
348 | Cryptochecksum:543e3d54ba597263366dd1e29f2c7fcb | |
349 | : end |