Scribd Logo
Upload

Welcome to Scribd!

  • Firewall

    Uploaded by

    Audrey Momo
    8 views5 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as txt, pdf, or txt
    8 views5 pages

    Firewall

    Uploaded by

    Audrey Momo

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as txt, pdf, or txt
    of 5

    Saved

    :
    ASA Version 9.1(2)
    !
    hostname YDECRPINFFWL001
    domain-name isare.net
    enable password RLU4rLTHR43pjbvs encrypted
    xlate per-session deny tcp any4 any4
    xlate per-session deny tcp any4 any6
    xlate per-session deny tcp any6 any4
    xlate per-session deny tcp any6 any6
    xlate per-session deny udp any4 any4 eq domain
    xlate per-session deny udp any4 any6 eq domain
    xlate per-session deny udp any6 any4 eq domain
    xlate per-session deny udp any6 any6 eq domain
    passwd 2KFQnbNIdI.2KYOU encrypted
    names
    ip local pool VPN-Client-IP-Pool 192.168.20.1-192.168.20.254 mask 255.255.255.0
    !
    interface GigabitEthernet0/0
    description connection to Camtel
    nameif outside
    security-level 0
    ip address dhcp setroute
    !
    interface GigabitEthernet0/1
    description connection to YDECRPINFSWT001
    nameif inside
    security-level 100
    ip address 172.19.103.161 255.255.255.252
    !
    interface GigabitEthernet0/2
    nameif caguest
    security-level 50
    ip address 192.168.252.1 255.255.255.0
    !
    interface GigabitEthernet0/3
    shutdown
    no nameif
    no security-level
    no ip address
    !
    interface Management0/0
    shutdown
    no nameif
    no security-level
    no ip address
    !
    boot system disk0:/asa912-k8.bin
    ftp mode passive
    clock timezone UTC 1
    dns domain-lookup outside
    dns server-group DefaultDNS
    domain-name isare.net
    dns server-group isare
    name-server 8.8.8.8
    name-server 8.8.4.4
    domain-name isare.net
    object network Obj-ASSIGNEDIP
    subnet 192.168.20.0 255.255.255.0
    object network obj_any
    subnet 0.0.0.0 0.0.0.0
    object-group network Obj_VPNSUBNETS
    network-object 10.5.0.0 255.255.0.0
    network-object 172.19.103.0 255.255.255.0
    network-object 192.168.20.0 255.255.255.0
    object-group network Obj_INTERNALSUBNETS
    network-object 10.5.0.0 255.255.0.0
    network-object 172.19.103.0 255.255.255.0
    network-object 192.168.0.0 255.255.0.0
    object-group network OG_CAGUEST_Hosts
    network-object 192.168.252.0 255.255.255.0
    object-group service INTERNET_UDP udp
    description UDP Standard Internet Services
    port-object eq domain
    port-object eq ntp
    access-list acl_traceroute extended permit icmp any any
    access-list SPLIT-ACL standard permit 10.5.0.0 255.255.0.0
    access-list SPLIT-ACL standard permit 172.19.103.0 255.255.255.0
    access-list netflow-export extended permit ip any any
    access-list OUTBOUND extended permit udp any any eq ntp
    pager lines 24
    logging enable
    logging timestamp
    logging list LL_loginevent level warnings
    logging list LL_loginevent message 113012
    logging list LL_loginevent message 113008
    logging list LL_loginevent message 611101
    logging list LL_loginevent message 605005
    logging list LL_loginevent message 611102
    logging list LL_loginevent message 111008
    logging list LL_loginevent message 111009
    logging list LL_loginevent message 502103
    logging list LL_loginevent message 611103
    logging buffer-size 30000
    logging buffered debugging
    logging trap notifications
    logging asdm debugging
    logging facility 19
    logging device-id hostname
    logging host inside 10.5.7.134
    logging host inside 10.5.7.135
    logging host inside 10.5.7.136
    logging message 622001 level errors
    flow-export destination inside 10.5.7.137 2055
    flow-export destination inside 10.5.7.134 2055
    flow-export template timeout-rate 1
    flow-export delay flow-create 15
    mtu outside 1500
    mtu inside 1500
    mtu caguest 1500
    no failover
    icmp unreachable rate-limit 1 burst-size 1
    asdm image disk0:/asdm-7121.bin
    no asdm history enable
    arp timeout 14400
    no arp permit-nonconnected
    nat (inside,outside) source static Obj_INTERNALSUBNETS Obj_INTERNALSUBNETS
    destination static Obj_VPNSUBNETS Obj_VPNSUBNETS no-proxy-a
    nat (inside,outside) source dynamic any interface
    nat (caguest,outside) source dynamic any interface
    access-group OUTBOUND in interface outside
    !
    router eigrp 1001
    network 172.19.103.160 255.255.255.252
    redistribute static metric 102400 1 255 1 1500
    !
    timeout xlate 3:00:00
    timeout pat-xlate 0:00:30
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    timeout floating-conn 0:00:00
    dynamic-access-policy-record DfltAccessPolicy
    aaa-server grp_Radius protocol radius
    aaa-server grp_Radius (inside) host 10.5.7.135
    key *****
    authentication-port 1812
    accounting-port 1813
    aaa-server grp_Radius (inside) host 10.5.7.131
    key *****
    user-identity default-domain LOCAL
    aaa authentication ssh console grp_Radius LOCAL
    http server enable
    http 10.5.0.0 255.255.0.0 inside
    http 192.168.20.0 255.255.255.0 inside
    snmp-server host inside 10.5.7.134 community ***** version 2c
    snmp-server host inside 10.5.7.135 community *****
    snmp-server host inside 10.5.7.136 community ***** version 2c
    snmp-server location AWAE
    snmp-server contact ISARE
    snmp-server community *****
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    crypto ipsec security-association pmtu-aging infinite
    crypto ca trustpool policy
    telnet timeout 5
    ssh 192.168.100.0 255.255.255.0 outside
    ssh 10.5.0.0 255.255.0.0 inside
    ssh 192.168.20.0 255.255.255.0 inside
    ssh timeout 60
    ssh version 2
    ssh key-exchange group dh-group1-sha1
    console timeout 0
    management-access inside
    dhcpd domain web-login.guest.isare.net
    !
    dhcpd address 192.168.252.2-192.168.252.100 caguest
    dhcpd dns 208.67.220.220 208.67.222.222 interface caguest
    dhcpd lease 604800 interface caguest
    dhcpd enable caguest
    !
    threat-detection basic-threat
    threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    ntp server 10.5.7.131 prefer
    ssl encryption aes128-sha1 aes256-sha1 3des-sha1 dhe-aes128-sha1 dhe-aes256-sha1
    webvpn
    enable outside
    enable caguest
    anyconnect image disk0:/anyconnect-win-4.7.01076-webdeploy-k9.pkg 1
    anyconnect enable
    tunnel-group-list enable
    group-policy GroupPolicy_secure.connections.com internal
    group-policy GroupPolicy_secure.connections.com attributes
    wins-server value 10.5.7.131
    dns-server value 10.55.7.131
    vpn-tunnel-protocol ssl-client
    split-tunnel-policy tunnelspecified
    split-tunnel-network-list value SPLIT-ACL
    default-domain value isare.us
    username ohana password CPrrEZ3Jr2FGUKZs encrypted privilege 15
    tunnel-group secure.connections.com type remote-access
    tunnel-group secure.connections.com general-attributes
    address-pool VPN-Client-IP-Pool
    authentication-server-group grp_Radius LOCAL
    authorization-server-group grp_Radius
    default-group-policy GroupPolicy_secure.connections.com
    tunnel-group secure.connections.com webvpn-attributes
    group-alias Network-Admins enable
    group-alias Network-Support enable
    group-alias Secure enable
    tunnel-group Secure type remote-access
    tunnel-group Network-Admins type remote-access
    tunnel-group Network-Support type remote-access
    !
    class-map netflow-export-class
    match access-list netflow-export
    class-map inspection_default
    match default-inspection-traffic
    !
    !
    policy-map type inspect dns preset_dns_map
    parameters
    message-length maximum client auto
    message-length maximum 4096
    policy-map global_policy
    class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect ip-options
    inspect netbios
    inspect rsh
    inspect rtsp
    inspect skinny
    inspect esmtp
    inspect sqlnet
    inspect sunrpc
    inspect tftp
    inspect sip
    inspect xdmcp
    inspect icmp
    inspect icmp error
    class netflow-export-class
    flow-export event-type all destination 10.5.7.134
    flow-export event-type flow-create destination 10.5.7.134
    flow-export event-type flow-denied destination 10.5.7.134
    flow-export event-type flow-update destination 10.5.7.134
    policy-map botnet-policy
    policy-map type inspect dns migrated_dns_map_1
    parameters
    !
    service-policy global_policy global
    prompt hostname context
    no call-home reporting anonymous
    call-home
    profile CiscoTAC-1
    no active
    destination address http
    https://tools.cisco.com/its/service/oddce/services/DDCEService
    destination address email callhome@cisco.com
    destination transport-method http
    subscribe-to-alert-group diagnostic
    subscribe-to-alert-group environment
    subscribe-to-alert-group inventory periodic monthly
    subscribe-to-alert-group configuration periodic monthly
    subscribe-to-alert-group telemetry periodic daily
    Cryptochecksum:0783b5bea3fe0539fd629d886863e3d0
    : end
    YDECRPINFFWL001#
    YDECRPINFFWL001#
    YDECRPINFFWL001#
    YDECRPINFFWL001#
    YDECRPINFFWL001#
    YDECRPINFFWL001#
    YDECRPINFFWL001#
    YDECRPINFFWL001#
    YDECRPINFFWL001#

    You might also like