Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ASA Version 9.8(2)
- !
- hostname ciscoasa
- enable password
- names
- ip local pool L2TP-Pool 10.16.21.10-10.16.21.100
- !
- interface GigabitEthernet1/1
- nameif outside
- security-level 0
- ip address 40.40.40.40 255.255.255.248
- !
- interface GigabitEthernet1/2
- nameif inside
- security-level 100
- ip address 10.16.255.1 255.255.255.0
- !
- interface GigabitEthernet1/3
- nameif inside_2
- security-level 100
- no ip address
- !
- interface GigabitEthernet1/4
- nameif inside_3
- security-level 100
- no ip address
- !
- interface GigabitEthernet1/5
- nameif inside_4
- security-level 100
- no ip address
- !
- interface GigabitEthernet1/6
- nameif inside_5
- security-level 100
- no ip address
- !
- interface GigabitEthernet1/7
- nameif inside_6
- security-level 100
- no ip address
- !
- interface GigabitEthernet1/8
- nameif inside_7
- security-level 100
- no ip address
- !
- interface Management1/1
- management-only
- no nameif
- no security-level
- no ip address
- !
- ftp mode passive
- dns domain-lookup outside
- dns domain-lookup inside
- dns domain-lookup inside_2
- dns domain-lookup inside_3
- dns domain-lookup inside_4
- dns domain-lookup inside_5
- dns domain-lookup inside_6
- dns domain-lookup inside_7
- same-security-traffic permit inter-interface
- object network obj_any1
- subnet 0.0.0.0 0.0.0.0
- object network obj_any2
- subnet 0.0.0.0 0.0.0.0
- object network obj_any3
- subnet 0.0.0.0 0.0.0.0
- object network obj_any4
- subnet 0.0.0.0 0.0.0.0
- object network obj_any5
- subnet 0.0.0.0 0.0.0.0
- object network obj_any6
- subnet 0.0.0.0 0.0.0.0
- object network obj_any7
- subnet 0.0.0.0 0.0.0.0
- object network sitea-server
- subnet 10.16.20.0 255.255.255.0
- object network sitea-vpn
- subnet 10.16.21.0 255.255.255.0
- object network sitea-wifi
- subnet 10.16.5.0 255.255.255.0
- object network sitea-client
- subnet 10.16.2.0 255.255.255.0
- object network sitec-server
- subnet 10.24.20.0 255.255.255.0
- object network sitec-client
- subnet 10.24.2.0 255.255.255.0
- object network sitec-wifi
- subnet 10.24.5.0 255.255.255.0
- object network sitec-vpn
- subnet 10.24.21.0 255.255.255.0
- object network siteb-server
- subnet 10.19.20.0 255.255.255.0
- object network siteb-wifi
- subnet 10.19.5.0 255.255.255.0
- object network siteb-client
- subnet 10.19.2.0 255.255.255.0
- object network siteb-vpn
- subnet 10.19.21.0 255.255.255.0
- object network aws-cms
- subnet 10.10.3.0 255.255.255.0
- object network obj_any
- subnet 0.0.0.0 0.0.0.0
- object-group protocol DM_INLINE_PROTOCOL_1
- protocol-object ip
- protocol-object icmp
- protocol-object icmp6
- object-group protocol DM_INLINE_PROTOCOL_2
- protocol-object icmp
- protocol-object icmp6
- object-group network sitea-office
- network-object object sitea-client
- network-object object sitea-server
- network-object object sitea-vpn
- network-object object sitea-wifi
- object-group network sitec-office
- network-object object sitec-client
- network-object object sitec-server
- network-object object sitec-vpn
- network-object object sitec-wifi
- object-group network siteb-office
- network-object object siteb-client
- network-object object siteb-server
- network-object object siteb-vpn
- network-object object siteb-wifi
- object-group network aws-cms-vpc
- network-object object aws-cms
- object-group network DM_INLINE_NETWORK_1
- network-object object aws-cms
- network-object object siteb-server
- network-object object sitea-server
- network-object object sitec-server
- access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 any any
- access-list outside_access_in extended permit object-group DM_INLINE_PROTOCOL_2 any any
- access-list Split-Tunnel-ACL standard permit 10.16.20.0 255.255.255.0
- access-list Split-Tunnel-ACL standard permit 10.10.3.0 255.255.255.0
- access-list outside_cryptomap extended permit ip object-group sitea-office object-group aws-cms-vpc
- access-list outside_cryptomap_1 extended permit ip object-group sitea-office object-group siteb-office
- access-list outside_cryptomap_2 extended permit ip object-group sitea-office object-group sitec-office
- pager lines 24
- logging enable
- logging asdm informational
- mtu outside 1500
- mtu inside 1500
- mtu inside_2 1500
- mtu inside_3 1500
- mtu inside_4 1500
- mtu inside_5 1500
- mtu inside_6 1500
- mtu inside_7 1500
- icmp unreachable rate-limit 1 burst-size 1
- no asdm history enable
- arp timeout 14400
- no arp permit-nonconnected
- arp rate-limit 16384
- nat (inside,outside) source static sitea-office sitea-office destination static siteb-office siteb-office no-proxy-arp route-lookup
- nat (inside,outside) source static sitea-office sitea-office destination static sitec-office sitec-office no-proxy-arp route-lookup
- nat (any,any) source static sitea-office sitea-office destination static aws-cms-vpc aws-cms-vpc no-proxy-arp
- nat (any,any) source static DM_INLINE_NETWORK_1 DM_INLINE_NETWORK_1 destination static sitea-vpn sitea-vpn no-proxy-arp
- !
- object network obj_any
- nat (any,outside) dynamic interface
- access-group outside_access_in in interface outside
- access-group inside_access_in in interface inside
- route outside 0.0.0.0 0.0.0.0 6.6.6.6 1
- route inside 10.16.2.0 255.255.255.0 10.16.255.254 1
- route inside 10.16.5.0 255.255.255.0 10.16.255.254 1
- route inside 10.16.20.0 255.255.255.0 10.16.255.254 1
- route inside 10.16.21.0 255.255.255.0 10.16.255.254 1
- timeout xlate 3:00:00
- timeout pat-xlate 0:00:30
- timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02
- timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
- timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
- timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
- timeout tcp-proxy-reassembly 0:01:00
- timeout floating-conn 0:00:00
- timeout conn-holddown 0:00:15
- timeout igp stale-route 0:01:10
- aaa-server MY-LDAP-SERVER protocol ldap
- aaa-server MY-LDAP-SERVER (inside) host 10.16.20.2
- ldap-base-dn dc=insight,dc=local
- ldap-scope subtree
- ldap-naming-attribute sAMAccountName
- ldap-login-password *****
- ldap-login-dn
- server-type auto-detect
- user-identity default-domain LOCAL
- aaa authentication enable console LOCAL
- aaa authentication http console LOCAL
- aaa authentication ssh console LOCAL
- aaa authentication login-history
- http server enable
- http 0.0.0.0 0.0.0.0 outside
- http 0.0.0.0 0.0.0.0 inside
- no snmp-server location
- no snmp-server contact
- service sw-reset-button
- crypto ipsec ikev1 transform-set L2TP-IKE1-Transform-Set esp-aes esp-sha-hmac
- crypto ipsec ikev1 transform-set L2TP-IKE1-Transform-Set mode transport
- crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
- crypto ipsec security-association pmtu-aging infinite
- crypto dynamic-map L2TP-MAP 10 set ikev1 transform-set L2TP-IKE1-Transform-Set
- crypto map L2TP-VPN-MAP 1 match address outside_cryptomap
- crypto map L2TP-VPN-MAP 1 set pfs
- crypto map L2TP-VPN-MAP 1 set peer 0.0.0.0
- crypto map L2TP-VPN-MAP 1 set ikev1 transform-set ESP-AES-256-SHA
- crypto map L2TP-VPN-MAP 1 set nat-t-disable
- crypto map L2TP-VPN-MAP 2 match address outside_cryptomap_1
- crypto map L2TP-VPN-MAP 2 set pfs
- crypto map L2TP-VPN-MAP 2 set peer 1.1.1.1
- crypto map L2TP-VPN-MAP 2 set ikev1 transform-set ESP-AES-256-SHA
- crypto map L2TP-VPN-MAP 2 set nat-t-disable
- crypto map L2TP-VPN-MAP 3 match address outside_cryptomap_2
- crypto map L2TP-VPN-MAP 3 set pfs
- crypto map L2TP-VPN-MAP 3 set peer 2.2.2.2
- crypto map L2TP-VPN-MAP 3 set ikev1 transform-set ESP-AES-256-SHA
- crypto map L2TP-VPN-MAP 3 set nat-t-disable
- crypto map L2TP-VPN-MAP 20 ipsec-isakmp dynamic L2TP-MAP
- crypto map L2TP-VPN-MAP interface outside
- crypto ca trustpool policy
- crypto ikev1 enable outside
- crypto ikev1 policy 5
- authentication pre-share
- encryption 3des
- hash sha
- group 2
- lifetime 86400
- crypto ikev1 policy 9
- authentication pre-share
- encryption aes-256
- hash sha
- group 2
- lifetime 86400
- crypto ikev1 policy 20
- authentication rsa-sig
- encryption aes-256
- hash sha
- group 2
- lifetime 86400
- telnet timeout 5
- ssh stricthostkeycheck
- ssh 0.0.0.0 0.0.0.0 outside
- ssh 0.0.0.0 0.0.0.0 inside
- ssh timeout 5
- ssh version 2
- ssh key-exchange group dh-group14-sha1
- console timeout 0
- dhcpd auto_config outside
- !
- threat-detection basic-threat
- threat-detection statistics access-list
- no threat-detection statistics tcp-intercept
- group-policy DfltGrpPolicy attributes
- vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-clientless
- group-policy L2TP-Policy internal
- group-policy L2TP-Policy attributes
- dns-server value 10.16.20.2 10.16.20.3
- vpn-tunnel-protocol l2tp-ipsec
- split-tunnel-policy tunnelall
- split-tunnel-network-list value Split-Tunnel-ACL
- default-domain value blah.local
- intercept-dhcp enable
- group-policy VPN internal
- group-policy VPN attributes
- vpn-tunnel-protocol ikev1
- dynamic-access-policy-record DfltAccessPolicy
- username user password pbkdf2 privilege 15
- tunnel-group DefaultRAGroup general-attributes
- address-pool L2TP-Pool
- authentication-server-group MY-LDAP-SERVER
- default-group-policy L2TP-Policy
- tunnel-group DefaultRAGroup ipsec-attributes
- ikev1 pre-shared-key *****
- tunnel-group DefaultRAGroup ppp-attributes
- authentication pap
- no authentication chap
- no authentication ms-chap-v1
- tunnel-group 1.1.1.1 type ipsec-l2l
- tunnel-group 1.1.1.1 general-attributes
- default-group-policy VPN
- tunnel-group 1.1.1.1 ipsec-attributes
- ikev1 pre-shared-key *****
- tunnel-group 2.2.2.2 type ipsec-l2l
- tunnel-group 2.2.2.2 general-attributes
- default-group-policy VPN
- tunnel-group 2.2.2.2 ipsec-attributes
- ikev1 pre-shared-key *****
- tunnel-group 3.3.3.3 type ipsec-l2l
- tunnel-group 3.3.3.3 general-attributes
- default-group-policy VPN
- tunnel-group 3.3.3.3 ipsec-attributes
- ikev1 pre-shared-key *****
- !
- class-map inspection_default
- match default-inspection-traffic
- !
- !
- policy-map type inspect dns preset_dns_map
- parameters
- message-length maximum client auto
- message-length maximum 512
- no tcp-inspection
- policy-map global_policy
- class inspection_default
- inspect dns preset_dns_map
- inspect ftp
- inspect h323 h225
- inspect h323 ras
- inspect rsh
- inspect rtsp
- inspect esmtp
- inspect sqlnet
- inspect skinny
- inspect sunrpc
- inspect xdmcp
- inspect sip
- inspect netbios
- inspect tftp
- inspect ip-options
- !
- service-policy global_policy global
- prompt hostname context
- no call-home reporting anonymous
- Cryptochecksum:093f24397fe562533f126deb5b72049b
- : end
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement