Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- : Hardware: ASA5506, 4096 MB RAM, CPU Atom C2000 series 1250 MHz, 1 CPU (4 cores)
- :
- ASA Version 9.6(1)
- !
- hostname XXXXX
- enable password XXXXX encrypted
- names
- !
- interface GigabitEthernet1/1
- nameif outside
- security-level 0
- ip address 8.8.8.8 255.255.255.252
- !
- interface GigabitEthernet1/2
- nameif inside
- security-level 100
- ip address 192.168.2.1 255.255.255.0
- !
- interface GigabitEthernet1/3
- shutdown
- no nameif
- no security-level
- no ip address
- !
- interface GigabitEthernet1/4
- shutdown
- no nameif
- no security-level
- no ip address
- !
- interface GigabitEthernet1/5
- shutdown
- no nameif
- no security-level
- no ip address
- !
- interface GigabitEthernet1/6
- shutdown
- no nameif
- no security-level
- no ip address
- !
- interface GigabitEthernet1/7
- shutdown
- no nameif
- no security-level
- no ip address
- !
- interface GigabitEthernet1/8
- shutdown
- no nameif
- no security-level
- no ip address
- !
- interface Management1/1
- management-only
- no nameif
- no security-level
- no ip address
- !
- ftp mode passive
- same-security-traffic permit inter-interface
- same-security-traffic permit intra-interface
- object network obj_any
- subnet 0.0.0.0 0.0.0.0
- object network LocalLAN
- subnet 192.168.2.0 255.255.255.0
- object-group network MplsLANS
- network-object 192.168.1.0 255.255.255.0
- network-object 10.0.66.0 255.255.255.0
- access-list DC extended permit ip 192.168.2.0 255.255.255.0 10.0.66.0 255.255.255.0
- access-list DC extended permit ip 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0
- access-list Firewall extended permit icmp any any unreachable
- access-list Firewall extended permit icmp any any time-exceeded
- pager lines 24
- logging asdm informational
- mtu outside 1500
- mtu inside 1500
- icmp unreachable rate-limit 1 burst-size 1
- no asdm history enable
- arp timeout 14400
- no arp permit-nonconnected
- nat (inside,any) source static LocalLAN LocalLAN destination static MplsLANS MplsLANS no-proxy-arp route-lookup
- !
- object network obj_any
- nat (any,outside) dynamic interface
- access-group Firewall in interface outside
- route outside 0.0.0.0 0.0.0.0 8.8.8.7 1
- timeout xlate 3:00:00
- timeout pat-xlate 0:00:30
- timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02
- timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
- timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
- timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
- timeout tcp-proxy-reassembly 0:01:00
- timeout floating-conn 0:00:00
- user-identity default-domain LOCAL
- aaa authentication ssh console LOCAL
- http server enable
- http 192.168.1.0 255.255.255.0 inside
- no snmp-server location
- no snmp-server contact
- service sw-reset-button
- crypto ipsec ikev2 ipsec-proposal ikev2-proposal
- protocol esp encryption aes
- protocol esp integrity sha-1
- crypto ipsec security-association pmtu-aging infinite
- crypto map ikev2-map 1 match address DC
- crypto map ikev2-map 1 set peer 4.2.2.1
- crypto map ikev2-map 1 set ikev2 ipsec-proposal ikev2-proposal
- crypto map ikev2-map interface outside
- crypto ca trustpool policy
- crypto ikev2 policy 1
- encryption aes
- integrity sha
- group 5
- prf md5
- lifetime seconds 86400
- crypto ikev2 enable outside
- crypto ikev1 am-disable
- telnet timeout 5
- no ssh stricthostkeycheck
- ssh 192.168.2.0 255.255.255.0 inside
- ssh timeout 60
- ssh version 2
- ssh key-exchange group dh-group1-sha1
- console timeout 0
- dhcpd auto_config outside
- !
- dhcpd address 192.168.2.5-192.168.2.254 inside
- dhcpd enable inside
- !
- dynamic-access-policy-record DfltAccessPolicy
- username psadmin password NizKMRaexA8h/wbh encrypted
- tunnel-group 4.2.2.1 type ipsec-l2l
- tunnel-group 4.2.2.1 ipsec-attributes
- isakmp keepalive threshold 1500 retry 2
- ikev2 remote-authentication pre-shared-key *****
- ikev2 local-authentication pre-shared-key *****
- !
- class-map inspection_default
- match default-inspection-traffic
- !
- !
- policy-map type inspect dns preset_dns_map
- parameters
- message-length maximum client auto
- message-length maximum 512
- policy-map global_policy
- class inspection_default
- inspect dns preset_dns_map
- inspect ftp
- inspect h323 h225
- inspect h323 ras
- inspect rsh
- inspect rtsp
- inspect esmtp
- inspect sqlnet
- inspect skinny
- inspect sunrpc
- inspect xdmcp
- inspect sip
- inspect netbios
- inspect tftp
- inspect ip-options
- inspect icmp
- !
- service-policy global_policy global
- prompt hostname context
- no call-home reporting anonymous
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement