API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jan 26th, 2020
753
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 10.27 KB | None | 0 0
raw download clone embed print report
  1.  
  2. ASA Version 9.8(2)
  3. !
  4. hostname ciscoasa
  5. enable password
  6. names
  7. ip local pool L2TP-Pool 10.16.21.10-10.16.21.100
  8.  
  9. !
  10. interface GigabitEthernet1/1
  11. nameif outside
  12. security-level 0
  13. ip address 40.40.40.40 255.255.255.248
  14. !
  15. interface GigabitEthernet1/2
  16. nameif inside
  17. security-level 100
  18. ip address 10.16.255.1 255.255.255.0
  19. !
  20. interface GigabitEthernet1/3
  21. nameif inside_2
  22. security-level 100
  23. no ip address
  24. !
  25. interface GigabitEthernet1/4
  26. nameif inside_3
  27. security-level 100
  28. no ip address
  29. !
  30. interface GigabitEthernet1/5
  31. nameif inside_4
  32. security-level 100
  33. no ip address
  34. !
  35. interface GigabitEthernet1/6
  36. nameif inside_5
  37. security-level 100
  38. no ip address
  39. !
  40. interface GigabitEthernet1/7
  41. nameif inside_6
  42. security-level 100
  43. no ip address
  44. !
  45. interface GigabitEthernet1/8
  46. nameif inside_7
  47. security-level 100
  48. no ip address
  49. !
  50. interface Management1/1
  51. management-only
  52. no nameif
  53. no security-level
  54. no ip address
  55. !
  56. ftp mode passive
  57. dns domain-lookup outside
  58. dns domain-lookup inside
  59. dns domain-lookup inside_2
  60. dns domain-lookup inside_3
  61. dns domain-lookup inside_4
  62. dns domain-lookup inside_5
  63. dns domain-lookup inside_6
  64. dns domain-lookup inside_7
  65. same-security-traffic permit inter-interface
  66. object network obj_any1
  67. subnet 0.0.0.0 0.0.0.0
  68. object network obj_any2
  69. subnet 0.0.0.0 0.0.0.0
  70. object network obj_any3
  71. subnet 0.0.0.0 0.0.0.0
  72. object network obj_any4
  73. subnet 0.0.0.0 0.0.0.0
  74. object network obj_any5
  75. subnet 0.0.0.0 0.0.0.0
  76. object network obj_any6
  77. subnet 0.0.0.0 0.0.0.0
  78. object network obj_any7
  79. subnet 0.0.0.0 0.0.0.0
  80. object network sitea-server
  81. subnet 10.16.20.0 255.255.255.0
  82. object network sitea-vpn
  83. subnet 10.16.21.0 255.255.255.0
  84. object network sitea-wifi
  85. subnet 10.16.5.0 255.255.255.0
  86. object network sitea-client
  87. subnet 10.16.2.0 255.255.255.0
  88. object network sitec-server
  89. subnet 10.24.20.0 255.255.255.0
  90. object network sitec-client
  91. subnet 10.24.2.0 255.255.255.0
  92. object network sitec-wifi
  93. subnet 10.24.5.0 255.255.255.0
  94. object network sitec-vpn
  95. subnet 10.24.21.0 255.255.255.0
  96. object network siteb-server
  97. subnet 10.19.20.0 255.255.255.0
  98. object network siteb-wifi
  99. subnet 10.19.5.0 255.255.255.0
  100. object network siteb-client
  101. subnet 10.19.2.0 255.255.255.0
  102. object network siteb-vpn
  103. subnet 10.19.21.0 255.255.255.0
  104. object network aws-cms
  105. subnet 10.10.3.0 255.255.255.0
  106. object network obj_any
  107. subnet 0.0.0.0 0.0.0.0
  108. object-group protocol DM_INLINE_PROTOCOL_1
  109. protocol-object ip
  110. protocol-object icmp
  111. protocol-object icmp6
  112. object-group protocol DM_INLINE_PROTOCOL_2
  113. protocol-object icmp
  114. protocol-object icmp6
  115. object-group network sitea-office
  116. network-object object sitea-client
  117. network-object object sitea-server
  118. network-object object sitea-vpn
  119. network-object object sitea-wifi
  120. object-group network sitec-office
  121. network-object object sitec-client
  122. network-object object sitec-server
  123. network-object object sitec-vpn
  124. network-object object sitec-wifi
  125. object-group network siteb-office
  126. network-object object siteb-client
  127. network-object object siteb-server
  128. network-object object siteb-vpn
  129. network-object object siteb-wifi
  130. object-group network aws-cms-vpc
  131. network-object object aws-cms
  132. object-group network DM_INLINE_NETWORK_1
  133. network-object object aws-cms
  134. network-object object siteb-server
  135. network-object object sitea-server
  136. network-object object sitec-server
  137. access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 any any
  138. access-list outside_access_in extended permit object-group DM_INLINE_PROTOCOL_2 any any
  139. access-list Split-Tunnel-ACL standard permit 10.16.20.0 255.255.255.0
  140. access-list Split-Tunnel-ACL standard permit 10.10.3.0 255.255.255.0
  141. access-list outside_cryptomap extended permit ip object-group sitea-office object-group aws-cms-vpc
  142. access-list outside_cryptomap_1 extended permit ip object-group sitea-office object-group siteb-office
  143. access-list outside_cryptomap_2 extended permit ip object-group sitea-office object-group sitec-office
  144. pager lines 24
  145. logging enable
  146. logging asdm informational
  147. mtu outside 1500
  148. mtu inside 1500
  149. mtu inside_2 1500
  150. mtu inside_3 1500
  151. mtu inside_4 1500
  152. mtu inside_5 1500
  153. mtu inside_6 1500
  154. mtu inside_7 1500
  155. icmp unreachable rate-limit 1 burst-size 1
  156. no asdm history enable
  157. arp timeout 14400
  158. no arp permit-nonconnected
  159. arp rate-limit 16384
  160. nat (inside,outside) source static sitea-office sitea-office destination static siteb-office siteb-office no-proxy-arp route-lookup
  161. nat (inside,outside) source static sitea-office sitea-office destination static sitec-office sitec-office no-proxy-arp route-lookup
  162. nat (any,any) source static sitea-office sitea-office destination static aws-cms-vpc aws-cms-vpc no-proxy-arp
  163. nat (any,any) source static DM_INLINE_NETWORK_1 DM_INLINE_NETWORK_1 destination static sitea-vpn sitea-vpn no-proxy-arp
  164. !
  165. object network obj_any
  166. nat (any,outside) dynamic interface
  167. access-group outside_access_in in interface outside
  168. access-group inside_access_in in interface inside
  169. route outside 0.0.0.0 0.0.0.0 6.6.6.6 1
  170. route inside 10.16.2.0 255.255.255.0 10.16.255.254 1
  171. route inside 10.16.5.0 255.255.255.0 10.16.255.254 1
  172. route inside 10.16.20.0 255.255.255.0 10.16.255.254 1
  173. route inside 10.16.21.0 255.255.255.0 10.16.255.254 1
  174. timeout xlate 3:00:00
  175. timeout pat-xlate 0:00:30
  176. timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02
  177. timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  178. timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  179. timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  180. timeout tcp-proxy-reassembly 0:01:00
  181. timeout floating-conn 0:00:00
  182. timeout conn-holddown 0:00:15
  183. timeout igp stale-route 0:01:10
  184. aaa-server MY-LDAP-SERVER protocol ldap
  185. aaa-server MY-LDAP-SERVER (inside) host 10.16.20.2
  186. ldap-base-dn dc=insight,dc=local
  187. ldap-scope subtree
  188. ldap-naming-attribute sAMAccountName
  189. ldap-login-password *****
  190. ldap-login-dn
  191. server-type auto-detect
  192. user-identity default-domain LOCAL
  193. aaa authentication enable console LOCAL
  194. aaa authentication http console LOCAL
  195. aaa authentication ssh console LOCAL
  196. aaa authentication login-history
  197. http server enable
  198. http 0.0.0.0 0.0.0.0 outside
  199. http 0.0.0.0 0.0.0.0 inside
  200. no snmp-server location
  201. no snmp-server contact
  202. service sw-reset-button
  203. crypto ipsec ikev1 transform-set L2TP-IKE1-Transform-Set esp-aes esp-sha-hmac
  204. crypto ipsec ikev1 transform-set L2TP-IKE1-Transform-Set mode transport
  205. crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
  206. crypto ipsec security-association pmtu-aging infinite
  207. crypto dynamic-map L2TP-MAP 10 set ikev1 transform-set L2TP-IKE1-Transform-Set
  208. crypto map L2TP-VPN-MAP 1 match address outside_cryptomap
  209. crypto map L2TP-VPN-MAP 1 set pfs
  210. crypto map L2TP-VPN-MAP 1 set peer 0.0.0.0
  211. crypto map L2TP-VPN-MAP 1 set ikev1 transform-set ESP-AES-256-SHA
  212. crypto map L2TP-VPN-MAP 1 set nat-t-disable
  213. crypto map L2TP-VPN-MAP 2 match address outside_cryptomap_1
  214. crypto map L2TP-VPN-MAP 2 set pfs
  215. crypto map L2TP-VPN-MAP 2 set peer 1.1.1.1
  216. crypto map L2TP-VPN-MAP 2 set ikev1 transform-set ESP-AES-256-SHA
  217. crypto map L2TP-VPN-MAP 2 set nat-t-disable
  218. crypto map L2TP-VPN-MAP 3 match address outside_cryptomap_2
  219. crypto map L2TP-VPN-MAP 3 set pfs
  220. crypto map L2TP-VPN-MAP 3 set peer 2.2.2.2
  221. crypto map L2TP-VPN-MAP 3 set ikev1 transform-set ESP-AES-256-SHA
  222. crypto map L2TP-VPN-MAP 3 set nat-t-disable
  223. crypto map L2TP-VPN-MAP 20 ipsec-isakmp dynamic L2TP-MAP
  224. crypto map L2TP-VPN-MAP interface outside
  225. crypto ca trustpool policy
  226. crypto ikev1 enable outside
  227. crypto ikev1 policy 5
  228. authentication pre-share
  229. encryption 3des
  230. hash sha
  231. group 2
  232. lifetime 86400
  233. crypto ikev1 policy 9
  234. authentication pre-share
  235. encryption aes-256
  236. hash sha
  237. group 2
  238. lifetime 86400
  239. crypto ikev1 policy 20
  240. authentication rsa-sig
  241. encryption aes-256
  242. hash sha
  243. group 2
  244. lifetime 86400
  245. telnet timeout 5
  246. ssh stricthostkeycheck
  247. ssh 0.0.0.0 0.0.0.0 outside
  248. ssh 0.0.0.0 0.0.0.0 inside
  249. ssh timeout 5
  250. ssh version 2
  251. ssh key-exchange group dh-group14-sha1
  252. console timeout 0
  253.  
  254. dhcpd auto_config outside
  255. !
  256. threat-detection basic-threat
  257. threat-detection statistics access-list
  258. no threat-detection statistics tcp-intercept
  259. group-policy DfltGrpPolicy attributes
  260. vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-clientless
  261. group-policy L2TP-Policy internal
  262. group-policy L2TP-Policy attributes
  263. dns-server value 10.16.20.2 10.16.20.3
  264. vpn-tunnel-protocol l2tp-ipsec
  265. split-tunnel-policy tunnelall
  266. split-tunnel-network-list value Split-Tunnel-ACL
  267. default-domain value blah.local
  268. intercept-dhcp enable
  269. group-policy VPN internal
  270. group-policy VPN attributes
  271. vpn-tunnel-protocol ikev1
  272. dynamic-access-policy-record DfltAccessPolicy
  273. username user password pbkdf2 privilege 15
  274. tunnel-group DefaultRAGroup general-attributes
  275. address-pool L2TP-Pool
  276. authentication-server-group MY-LDAP-SERVER
  277. default-group-policy L2TP-Policy
  278. tunnel-group DefaultRAGroup ipsec-attributes
  279. ikev1 pre-shared-key *****
  280. tunnel-group DefaultRAGroup ppp-attributes
  281. authentication pap
  282. no authentication chap
  283. no authentication ms-chap-v1
  284. tunnel-group 1.1.1.1 type ipsec-l2l
  285. tunnel-group 1.1.1.1 general-attributes
  286. default-group-policy VPN
  287. tunnel-group 1.1.1.1 ipsec-attributes
  288. ikev1 pre-shared-key *****
  289. tunnel-group 2.2.2.2 type ipsec-l2l
  290. tunnel-group 2.2.2.2 general-attributes
  291. default-group-policy VPN
  292. tunnel-group 2.2.2.2 ipsec-attributes
  293. ikev1 pre-shared-key *****
  294. tunnel-group 3.3.3.3 type ipsec-l2l
  295. tunnel-group 3.3.3.3 general-attributes
  296. default-group-policy VPN
  297. tunnel-group 3.3.3.3 ipsec-attributes
  298. ikev1 pre-shared-key *****
  299. !
  300. class-map inspection_default
  301. match default-inspection-traffic
  302. !
  303. !
  304. policy-map type inspect dns preset_dns_map
  305. parameters
  306. message-length maximum client auto
  307. message-length maximum 512
  308. no tcp-inspection
  309. policy-map global_policy
  310. class inspection_default
  311. inspect dns preset_dns_map
  312. inspect ftp
  313. inspect h323 h225
  314. inspect h323 ras
  315. inspect rsh
  316. inspect rtsp
  317. inspect esmtp
  318. inspect sqlnet
  319. inspect skinny
  320. inspect sunrpc
  321. inspect xdmcp
  322. inspect sip
  323. inspect netbios
  324. inspect tftp
  325. inspect ip-options
  326. !
  327. service-policy global_policy global
  328. prompt hostname context
  329. no call-home reporting anonymous
  330. Cryptochecksum:093f24397fe562533f126deb5b72049b
  331. : end
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!