ASA Config

1. ASA Version 9.8(1)
2. !
3. hostname ciscoasa
4. enable password *REMOVED*
5. names
6.  
7. !
8. interface GigabitEthernet1/1
9. nameif outside
10. security-level 0
11. ip address *EXAMPLE* 100.1.1.158 255.255.255.240
12. !
13. interface GigabitEthernet1/2
14. shutdown
15. no nameif
16. no security-level
17. no ip address
18. !
19. interface GigabitEthernet1/3
20. shutdown
21. no nameif
22. no security-level
23. no ip address
24. !
25. interface GigabitEthernet1/4
26. shutdown
27. no nameif
28. no security-level
29. no ip address
30. !
31. interface GigabitEthernet1/5
32. shutdown
33. no nameif
34. no security-level
35. no ip address
36. !
37. interface GigabitEthernet1/6
38. shutdown
39. no nameif
40. no security-level
41. no ip address
42. !
43. interface GigabitEthernet1/7
44. shutdown
45. no nameif
46. no security-level
47. no ip address
48. !
49. interface GigabitEthernet1/8
50. description LAN UPLINK
51. nameif inside
52. security-level 100
53. ip address 172.16.100.1 255.255.255.252
54. !
55. interface Management1/1
56. management-only
57. no nameif
58. no security-level
59. no ip address
60. !
61. ftp mode passive
62. clock timezone EST -5
63. clock summer-time EDT recurring
64. object network obj_any
65. subnet 0.0.0.0 0.0.0.0
66. object network inside-subnet
67. subnet 172.16.0.0 255.255.0.0
68. access-list OUTSIDE-IN extended permit icmp any any echo-reply
69. access-list OUTSIDE-IN extended deny ip any any log
70. access-list inside_access_in_1 extended permit ip any any
71. pager lines 24
72. logging asdm informational
73. mtu outside 1500
74. mtu inside 1500
75. icmp unreachable rate-limit 1 burst-size 1
76. icmp permit any outside
77. icmp permit any inside
78. no asdm history enable
79. arp timeout 14400
80. no arp permit-nonconnected
81. arp rate-limit 16384
82. !
83. nat (inside,outside) after-auto source dynamic inside-subnet interface
84. access-group OUTSIDE-IN in interface outside
85. access-group inside_access_in_1 in interface inside
86. router eigrp 1
87. network 0.0.0.0 0.0.0.0
88. passive-interface default
89. no passive-interface inside
90. !
91. route outside 0.0.0.0 0.0.0.0 *EXAMPLE* 10.1.1.145 1
92. timeout xlate 3:00:00
93. timeout pat-xlate 0:00:30
94. timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02
95. timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
96. timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
97. timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
98. timeout tcp-proxy-reassembly 0:01:00
99. timeout floating-conn 0:00:00
100. timeout conn-holddown 0:00:15
101. timeout igp stale-route 0:01:10
102. user-identity default-domain LOCAL
103. aaa authentication enable console LOCAL
104. aaa authentication http console LOCAL
105. aaa authentication ssh console LOCAL
106. aaa authentication login-history
107. http server enable
108. http 0.0.0.0 0.0.0.0 inside
109. no snmp-server location
110. no snmp-server contact
111. service sw-reset-button
112. crypto ipsec security-association pmtu-aging infinite
113. crypto ca trustpool policy
114. telnet timeout 5
115. no ssh stricthostkeycheck
116. ssh 0.0.0.0 0.0.0.0 inside
117. ssh timeout 5
118. ssh key-exchange group dh-group1-sha1
119. console timeout 0
120.  
121. dhcpd auto_config outside
122. !
123. threat-detection basic-threat
124. threat-detection statistics access-list
125. no threat-detection statistics tcp-intercept
126. dynamic-access-policy-record DfltAccessPolicy
127. username chrismj password *REMOVED*
128. !
129. class-map global-class
130. match default-inspection-traffic
131. !
132. !
133. policy-map type inspect dns preset_dns_map
134. parameters
135. message-length maximum client auto
136. message-length maximum 512
137. no tcp-inspection
138. policy-map global-policy
139. class global-class
140. inspect dns
141. inspect http
142. inspect icmp
143. inspect icmp error
144. !
145. service-policy global-policy global
146. prompt hostname context
147. no call-home reporting anonymous
148. Cryptochecksum:*REMOVED*
149. : end