API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Mar 20th, 2017
355
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.31 KB | None | 0 0
raw download clone embed print report
  1. : Hardware: ASA5506, 4096 MB RAM, CPU Atom C2000 series 1250 MHz, 1 CPU (4 cores)
  2. :
  3. ASA Version 9.6(1)
  4. !
  5. hostname XXXXX
  6. enable password XXXXX encrypted
  7. names
  8.  
  9. !
  10. interface GigabitEthernet1/1
  11. nameif outside
  12. security-level 0
  13. ip address 8.8.8.8 255.255.255.252
  14. !
  15. interface GigabitEthernet1/2
  16. nameif inside
  17. security-level 100
  18. ip address 192.168.2.1 255.255.255.0
  19. !
  20. interface GigabitEthernet1/3
  21. shutdown
  22. no nameif
  23. no security-level
  24. no ip address
  25. !
  26. interface GigabitEthernet1/4
  27. shutdown
  28. no nameif
  29. no security-level
  30. no ip address
  31. !
  32. interface GigabitEthernet1/5
  33. shutdown
  34. no nameif
  35. no security-level
  36. no ip address
  37. !
  38. interface GigabitEthernet1/6
  39. shutdown
  40. no nameif
  41. no security-level
  42. no ip address
  43. !
  44. interface GigabitEthernet1/7
  45. shutdown
  46. no nameif
  47. no security-level
  48. no ip address
  49. !
  50. interface GigabitEthernet1/8
  51. shutdown
  52. no nameif
  53. no security-level
  54. no ip address
  55. !
  56. interface Management1/1
  57. management-only
  58. no nameif
  59. no security-level
  60. no ip address
  61. !
  62. ftp mode passive
  63. same-security-traffic permit inter-interface
  64. same-security-traffic permit intra-interface
  65. object network obj_any
  66. subnet 0.0.0.0 0.0.0.0
  67. object network LocalLAN
  68. subnet 192.168.2.0 255.255.255.0
  69. object-group network MplsLANS
  70. network-object 192.168.1.0 255.255.255.0
  71. network-object 10.0.66.0 255.255.255.0
  72. access-list DC extended permit ip 192.168.2.0 255.255.255.0 10.0.66.0 255.255.255.0
  73. access-list DC extended permit ip 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0
  74. access-list Firewall extended permit icmp any any unreachable
  75. access-list Firewall extended permit icmp any any time-exceeded
  76. pager lines 24
  77. logging asdm informational
  78. mtu outside 1500
  79. mtu inside 1500
  80. icmp unreachable rate-limit 1 burst-size 1
  81. no asdm history enable
  82. arp timeout 14400
  83. no arp permit-nonconnected
  84. nat (inside,any) source static LocalLAN LocalLAN destination static MplsLANS MplsLANS no-proxy-arp route-lookup
  85. !
  86. object network obj_any
  87. nat (any,outside) dynamic interface
  88. access-group Firewall in interface outside
  89. route outside 0.0.0.0 0.0.0.0 8.8.8.7 1
  90. timeout xlate 3:00:00
  91. timeout pat-xlate 0:00:30
  92. timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02
  93. timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  94. timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  95. timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  96. timeout tcp-proxy-reassembly 0:01:00
  97. timeout floating-conn 0:00:00
  98. user-identity default-domain LOCAL
  99. aaa authentication ssh console LOCAL
  100. http server enable
  101. http 192.168.1.0 255.255.255.0 inside
  102. no snmp-server location
  103. no snmp-server contact
  104. service sw-reset-button
  105. crypto ipsec ikev2 ipsec-proposal ikev2-proposal
  106. protocol esp encryption aes
  107. protocol esp integrity sha-1
  108. crypto ipsec security-association pmtu-aging infinite
  109. crypto map ikev2-map 1 match address DC
  110. crypto map ikev2-map 1 set peer 4.2.2.1
  111. crypto map ikev2-map 1 set ikev2 ipsec-proposal ikev2-proposal
  112. crypto map ikev2-map interface outside
  113. crypto ca trustpool policy
  114. crypto ikev2 policy 1
  115. encryption aes
  116. integrity sha
  117. group 5
  118. prf md5
  119. lifetime seconds 86400
  120. crypto ikev2 enable outside
  121. crypto ikev1 am-disable
  122. telnet timeout 5
  123. no ssh stricthostkeycheck
  124. ssh 192.168.2.0 255.255.255.0 inside
  125. ssh timeout 60
  126. ssh version 2
  127. ssh key-exchange group dh-group1-sha1
  128. console timeout 0
  129.  
  130. dhcpd auto_config outside
  131. !
  132. dhcpd address 192.168.2.5-192.168.2.254 inside
  133. dhcpd enable inside
  134. !
  135. dynamic-access-policy-record DfltAccessPolicy
  136. username psadmin password NizKMRaexA8h/wbh encrypted
  137. tunnel-group 4.2.2.1 type ipsec-l2l
  138. tunnel-group 4.2.2.1 ipsec-attributes
  139. isakmp keepalive threshold 1500 retry 2
  140. ikev2 remote-authentication pre-shared-key *****
  141. ikev2 local-authentication pre-shared-key *****
  142. !
  143. class-map inspection_default
  144. match default-inspection-traffic
  145. !
  146. !
  147. policy-map type inspect dns preset_dns_map
  148. parameters
  149. message-length maximum client auto
  150. message-length maximum 512
  151. policy-map global_policy
  152. class inspection_default
  153. inspect dns preset_dns_map
  154. inspect ftp
  155. inspect h323 h225
  156. inspect h323 ras
  157. inspect rsh
  158. inspect rtsp
  159. inspect esmtp
  160. inspect sqlnet
  161. inspect skinny
  162. inspect sunrpc
  163. inspect xdmcp
  164. inspect sip
  165. inspect netbios
  166. inspect tftp
  167. inspect ip-options
  168. inspect icmp
  169. !
  170. service-policy global_policy global
  171. prompt hostname context
  172. no call-home reporting anonymous
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!