SH Run

: Saved
:
: Serial Number: FCH222970YF
: Hardware: ASA5555, 16384 MB RAM, CPU Lynnfield 2793 MHz, 1 CPU (8 cores)
:
ASA Version 9.8(2)
!
hostname ciscoasa
enable password $sha512$5000$bcM3Et/y63nSS2izHwA8Fw==$x11+y4FIaTfYHXDDu3UCwQ==
pbkdf2
xlate per-session deny tcp any4 any4
xlate per-session deny udp any4 any4 eq domain
names
!
interface GigabitEthernet0/0
shutdown
no nameif
no security-level
no ip address
!
shutdown
no nameif
no security-level
no ip address
!
shutdown
no nameif
no security-level
no ip address
!
nameif test-int
security-level 62
ip address 192.168.210.2 255.255.255.0
!
interface GigabitEthernet0/3.110
vlan 110
nameif DMZ
security-level 50
ip address 10.67.110.2 255.255.255.0
!
nameif PortE
security-level 0
ip address 10.67.34.1 255.255.255.252
!
nameif PortC
security-level 0
ip address 192.168.1.6 255.255.255.0
!
nameif 199.1
security-level 0
ip address 172.16.199.1 255.255.255.0
!
vlan 20
nameif vlan20
security-level 0
ip address 10.67.18.2 255.255.255.0
!
vlan 30
nameif vlan30
security-level 0
ip address 10.67.72.2 255.255.255.0
!
vlan 40
nameif vlan40
security-level 60
ip address 10.67.33.2 255.255.255.0
!
vlan 50
nameif vlan50
security-level 0
ip address 10.67.35.2 255.255.255.0
!
vlan 60
nameif vlan60
security-level 0
ip address 10.67.36.2 255.255.255.0
!
vlan 70
nameif vlan70
security-level 0
ip address 10.67.37.2 255.255.255.0
!
vlan 111
nameif vlan111
security-level 100
ip address 10.67.111.2 255.255.255.0
!
vlan 112
nameif vlan112
security-level 0
ip address 10.67.112.2 255.255.255.0
!
vlan 200
nameif vlan200
security-level 0
ip address 192.168.200.1 255.255.255.0
!
nameif PortA
security-level 0
ip address 10.67.70.2 255.255.255.252
!
interface Management0/0
management-only
shutdown
no nameif
no security-level
no ip address
!
ftp mode passive
same-security-traffic permit intra-interface
object network testnw
subnet 192.168.210.0 255.255.255.0
object network wanip
subnet 10.67.70.0 255.255.255.252
access-list ping extended permit icmp any any
access-list test extended permit ip any any
access-list outside_access_in extended permit ip any any
access-list vlan20_access_in extended permit icmp any any
access-list vlan20_access_in extended permit ip any any
access-list 34.1_access_in extended permit icmp any any
access-list 34.1_access_in extended permit ip any any
access-list 199.1_access_in extended permit ip any any
access-list DMZ_access_in extended permit icmp any any
access-list vlan30_access_in_1 extended permit icmp any any
access-list vlan30_access_in_1 extended permit ip any any
pager lines 24
mtu test-int 1500
mtu DMZ 1500
mtu PortE 1500
mtu PortC 1500
mtu 199.1 1500
mtu vlan20 1500
mtu vlan30 1500
mtu vlan40 1500
mtu vlan50 1500
mtu vlan60 1500
mtu vlan70 1500
mtu vlan111 1500
mtu vlan112 1500
mtu vlan200 1500
mtu PortA 1500
no failover
no monitor-interface service-module
icmp unreachable rate-limit 1 burst-size 1
icmp permit any test-int
icmp permit any DMZ
icmp permit any PortE
icmp permit any PortC
icmp permit any 199.1
icmp permit any vlan20
icmp permit any PortA
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
arp rate-limit 32768
nat (test-int,PortA) source static testnw testnw destination static wanip wanip
access-group test in interface test-int
access-group DMZ_access_in in interface DMZ
access-group 34.1_access_in in interface PortE
access-group 1.6_access_in in interface PortC
access-group 199.1_access_in in interface 199.1
access-group vlan20_access_in in interface vlan20
access-group vlan30_access_in_1 in interface vlan30
access-group outside_access_in in interface PortA
route PortA 0.0.0.0 0.0.0.0 10.67.70.1 1
route PortC 10.1.15.0 255.255.255.0 192.168.1.251 1
route PortE 10.67.2.0 255.255.255.0 10.67.34.2 1
route PortE 10.67.3.0 255.255.255.0 10.67.34.2 1
route PortE 10.67.4.0 255.255.255.0 10.67.34.2 1
route PortE 10.67.5.0 255.255.255.0 10.67.34.2 1
route PortE 10.67.6.0 255.255.255.0 10.67.34.2 1
route PortE 10.67.7.0 255.255.255.0 10.67.34.2 1
route PortE 10.67.8.0 255.255.255.0 10.67.34.2 1
route PortE 10.67.9.0 255.255.255.0 10.67.34.2 1
route PortE 10.67.10.0 255.255.255.0 10.67.34.2 1
route PortE 10.67.11.0 255.255.255.0 10.67.34.2 1
route PortE 10.67.12.0 255.255.255.0 10.67.34.2 1
route PortE 10.67.13.0 255.255.255.0 10.67.34.2 1
route PortE 10.67.14.0 255.255.255.0 10.67.34.2 1
route PortE 10.67.15.0 255.255.255.0 10.67.34.2 1
route PortE 10.67.16.0 255.255.255.0 10.67.34.2 1
route PortE 10.67.17.0 255.255.255.0 10.67.34.2 1
route PortE 10.67.19.0 255.255.255.0 10.67.34.2 1
route PortE 10.67.20.0 255.255.255.0 10.67.34.2 1
route PortE 10.67.21.0 255.255.255.0 10.67.34.2 1
route PortE 10.67.22.0 255.255.255.0 10.67.34.2 1
route PortE 10.67.23.0 255.255.255.0 10.67.34.2 1
route PortE 10.67.24.0 255.255.255.0 10.67.34.2 1
route PortE 10.67.26.0 255.255.255.0 10.67.34.2 1
route PortE 10.67.27.0 255.255.255.0 10.67.34.2 1
route PortE 10.67.29.0 255.255.255.0 10.67.34.2 1
route PortE 10.67.31.0 255.255.255.0 10.67.34.2 1
route PortE 10.67.32.0 255.255.255.0 10.67.34.2 1
route PortE 10.67.37.0 255.255.255.0 10.67.34.2 1
route PortE 10.67.96.0 255.255.255.0 10.67.34.2 1
route PortE 10.67.97.0 255.255.255.0 10.67.34.2 1
route PortA 10.67.220.0 255.255.255.0 10.67.70.1 1
route PortA 172.20.0.0 255.255.0.0 10.67.70.1 1
route PortA 172.25.0.0 255.255.0.0 10.67.70.1 1
route PortE 192.10.29.0 255.255.255.252 10.67.34.2 1
route PortE 192.168.4.0 255.255.255.0 10.67.34.2 1
route PortE 192.172.5.0 255.255.255.252 10.67.34.2 1
route PortE 192.172.6.0 255.255.255.252 10.67.34.2 1
route PortE 192.172.7.0 255.255.255.252 10.67.34.2 1
route PortE 192.172.8.0 255.255.255.252 10.67.34.2 1
route PortE 192.172.9.0 255.255.255.252 10.67.34.2 1
route PortE 192.172.11.0 255.255.255.252 10.67.34.2 1
route PortE 192.172.13.0 255.255.255.252 10.67.34.2 1
route PortE 192.172.14.0 255.255.255.252 10.67.34.2 1
route PortE 192.172.15.0 255.255.255.252 10.67.34.2 1
route PortE 192.172.16.0 255.255.255.252 10.67.34.2 1
route PortE 192.172.19.0 255.255.255.252 10.67.34.2 1
route PortE 192.172.20.0 255.255.255.252 10.67.34.2 1
route 199.1 192.172.21.0 255.255.255.252 10.67.34.2 1
route PortE 192.172.22.0 255.255.255.252 10.67.34.2 1
route PortE 192.172.24.0 255.255.255.252 10.67.34.2 1
route PortE 192.172.26.0 255.255.255.252 10.67.34.2 1
route PortE 192.172.27.0 255.255.255.252 10.67.34.2 1
route PortE 192.172.29.0 255.255.255.252 10.67.34.2 1
route PortE 192.172.31.0 255.255.255.252 10.67.34.2 1
route PortE 192.210.202.0 255.255.255.0 10.67.34.2 1
route PortE 192.210.204.0 255.255.255.0 10.67.34.2 1
route PortE 192.210.205.0 255.255.255.0 10.67.34.2 1
route PortE 192.210.206.0 255.255.255.0 10.67.34.2 1
route PortE 192.210.207.0 255.255.255.0 10.67.34.2 1
route PortE 192.210.208.0 255.255.255.0 10.67.34.2 1
route PortE 192.210.209.0 255.255.255.0 10.67.34.2 1
route PortE 192.210.210.0 255.255.255.0 10.67.34.2 1
route PortE 192.210.211.0 255.255.255.0 10.67.34.2 1
route PortE 192.210.212.0 255.255.255.0 10.67.34.2 1
route PortE 192.210.213.0 255.255.255.0 10.67.34.2 1
route PortE 192.210.214.0 255.255.255.0 10.67.34.2 1
route PortE 192.210.215.0 255.255.255.0 10.67.34.2 1
route PortE 192.210.216.0 255.255.255.0 10.67.34.2 1
route PortE 192.210.217.0 255.255.255.0 10.67.34.2 1
route PortE 192.210.218.0 255.255.255.0 10.67.34.2 1
route PortE 192.210.219.0 255.255.255.0 10.67.34.2 1
route PortE 192.210.220.0 255.255.255.0 10.67.34.2 1
route PortE 192.210.221.0 255.255.255.0 10.67.34.2 1
route PortE 192.210.222.0 255.255.255.0 10.67.34.2 1
route 199.1 192.210.223.0 255.255.255.0 10.67.34.2 1
route PortE 192.210.224.0 255.255.255.0 10.67.34.2 1
route PortE 192.210.226.0 255.255.255.0 10.67.34.2 1
route PortE 192.210.227.0 255.255.255.0 10.67.34.2 1
route PortE 192.210.229.0 255.255.255.0 10.67.34.2 1
route PortE 192.210.232.0 255.255.255.0 10.67.34.2 1
route PortE 192.210.234.0 255.255.255.0 10.67.34.2 1
route PortE 192.230.20.0 255.255.255.0 10.67.34.2 1
route PortE 192.230.20.0 255.255.255.255 10.67.34.2 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
timeout conn-holddown 0:00:15
timeout igp stale-route 0:01:10
user-identity default-domain LOCAL
aaa authentication login-history
http server enable
http 10.0.0.0 255.0.0.0 PortA
http 192.0.0.0 255.255.255.0 test-int
http 0.0.0.0 0.0.0.0 test-int
no snmp-server location
no snmp-server contact
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet 10.67.70.2 255.255.255.255 PortE
telnet timeout 5
ssh stricthostkeycheck
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
!
tls-proxy maximum-session 1000
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
dynamic-access-policy-record DfltAccessPolicy
username admin password
$sha512$5000$pHY4hlITzbp3GvWxd5y/Gg==$pFVWeAVep5UVt2G6094KYw== pbkdf2
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
no tcp-inspection
policy-map global_policy
class inspection_default
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect dns preset_dns_map
policy-map type inspect dns migrated_dns_map_2
parameters
no tcp-inspection
policy-map type inspect dns migrated_dns_map_1
parameters
no tcp-inspection
!
service-policy global_policy global
prompt hostname context
call-home reporting anonymous prompt 2
call-home
profile CiscoTAC-1
no active
destination address http
https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:a1b89d034ed176bd9012adae27c0071c
: end
no asdm history enable

SH Run

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

SH Run

Uploaded by

Copyright:

Available Formats

: Saved

You might also like