· 7 years ago · Jan 29, 2018, 07:04 PM
1: Saved
2
3 :
4: Serial Number: JAD214904MZ
5: Hardware: ASA5506, 4096 MB RAM, CPU Atom C2000 series 1250 MHz, 1 CPU (4 cores)
6:
7ASA Version 9.8(1)
8!
9terminal width 350
10hostname NPRDKMA08NAT01
11domain-name novoprod.local
12enable password $sha512$5000$UxkgSXnr+/4ra5OjdA/ccA==$GckUvCDwWZxO9x6eat22jA== pbkdf2
13names
14
15!
16interface GigabitEthernet1/1
17 nameif outside
18 security-level 100
19 ip address 177.22.250.130 255.255.255.192
20 ipv6 address autoconfig
21!
22interface GigabitEthernet1/2
23 bridge-group 1
24 nameif inside_1
25 security-level 100
26!
27interface GigabitEthernet1/3
28 bridge-group 1
29 nameif vlan
30 security-level 100
31!
32interface GigabitEthernet1/4
33 bridge-group 1
34 nameif inside_3
35 security-level 100
36!
37interface GigabitEthernet1/5
38 bridge-group 1
39 nameif inside_4
40 security-level 100
41!
42interface GigabitEthernet1/6
43 bridge-group 1
44 nameif inside_5
45 security-level 100
46!
47interface GigabitEthernet1/7
48 bridge-group 1
49 nameif inside_6
50 security-level 100
51!
52interface GigabitEthernet1/8
53 bridge-group 1
54 nameif inside_7
55 security-level 100
56!
57interface Management1/1
58 management-only
59 no nameif
60 no security-level
61 no ip address
62!
63interface BVI1
64 nameif inside
65 security-level 100
66 ip address 192.168.1.1 255.255.255.0
67!
68ftp mode passive
69clock timezone CEST 1
70clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
71dns server-group DefaultDNS
72 domain-name corpcos.local
73same-security-traffic permit inter-interface
74same-security-traffic permit intra-interface
75object network obj_any1
76 subnet 0.0.0.0 0.0.0.0
77object network obj_any2
78 subnet 0.0.0.0 0.0.0.0
79object network obj_any3
80 subnet 0.0.0.0 0.0.0.0
81object network obj_any4
82 subnet 0.0.0.0 0.0.0.0
83object network obj_any5
84 subnet 0.0.0.0 0.0.0.0
85object network obj_any6
86 subnet 0.0.0.0 0.0.0.0
87object network obj_any7
88 subnet 0.0.0.0 0.0.0.0
89object network obj_HMI01
90 host 192.168.1.12
91 description diluteHMI1
92object network obj_HMI02
93 host 192.168.1.13
94 description diluteHMI2
95object network obj_HMIPR01
96 host 192.168.1.202
97 description dilutelenxeThermo
98object network obj:NPPLC801
99 host 192.168.1.10
100 description dilutePLC
101object network obj_BR1
102 host 192.168.1.206
103 description diluteVision
104object network obj_PLC01
105 host 192.168.1.180
106 description CartonTwinCat
107object network obj_BR2
108 host 192.168.1.207
109 description render
110object network obj_PLC02
111 host 192.168.1.181
112 description Scada
113object network obj_HMIPR02
114 host 192.168.1.203
115 description WritelenxeInk
116object network obj_HMIPR03
117 host 192.168.1.204
118 description WritelenxeLaser
119object network obj_BR3
120 host 192.168.1.208
121 description WriteVision
122object network obj_HMI03
123 host 192.168.1.112
124 description robotHMI1
125object network PLC802
126 host 192.168.1.110
127 description robotPLC
128object network Rework
129 host 192.168.1.205
130 description robotInlineWash
131object network obj_BR4
132 host 192.168.1.209
133 description robotVision
134object network QXC
135 host 192.168.1.211
136 description ManualShipperWash
137object network OXB1
138 host 192.168.1.210
139 description AcidWash
140pager lines 24
141logging asdm informational
142mtu outside 1500
143mtu inside_1 1500
144mtu vlan 1500
145mtu inside_3 1500
146mtu inside_4 1500
147mtu inside_5 1500
148mtu inside_6 1500
149mtu inside_7 1500
150icmp unreachable rate-limit 1 burst-size 1
151no asdm history enable
152arp timeout 14400
153no arp permit-nonconnected
154arp rate-limit 16384
155!
156object network obj_any1
157 nat (inside_1,outside) dynamic interface
158object network obj_any3
159 nat (inside_3,outside) dynamic interface
160object network obj_any4
161 nat (inside_4,outside) dynamic interface
162object network obj_any5
163 nat (inside_5,outside) dynamic interface
164object network obj_any6
165 nat (inside_6,outside) dynamic interface
166object network obj_any7
167 nat (inside_7,outside) dynamic interface
168object network obj_HMI01
169 nat (inside_1,outside) static 177.22.250.141 net-to-net dns
170object network obj_HMI02
171 nat (inside_1,outside) static 177.22.250.142 net-to-net dns
172object network obj_HMIPR01
173 nat (inside_1,outside) static 177.22.250.143 net-to-net dns
174object network PLC0801
175 nat (inside_1,outside) static 177.22.250.140 net-to-net dns
176object network obj_BR1
177 nat (inside_1,outside) static 177.22.250.145 net-to-net dns
178object network obj_PLC01
179 nat (inside_1,outside) static 177.22.250.150 net-to-net dns
180object network obj_BR2
181 nat (inside_1,outside) static 177.22.250.155 net-to-net dns
182object network obj_PLC02
183 nat (inside_1,outside) static 177.22.250.160 net-to-net dns
184object network obj_HMIPR02
185 nat (inside_1,outside) static 177.22.250.163 net-to-net dns
186object network obj_HMIPR03
187 nat (inside_1,outside) static 177.22.250.164 net-to-net dns
188object network obj_BR3
189 nat (inside_1,outside) static 177.22.250.165 net-to-net dns
190object network obj_HMI03
191 nat (inside_1,outside) static 177.22.250.171 net-to-net dns
192object network PLC0802
193 nat (inside_1,outside) static 177.22.250.170 net-to-net dns
194object network Rework
195 nat (inside_1,outside) static 177.22.250.173 net-to-net dns
196object network obj_BR4
197 nat (inside_1,outside) static 177.22.250.175 net-to-net dns
198object network QXC
199 nat (inside_1,outside) static 177.22.250.183 net-to-net dns
200object network OXB1
201 nat (inside_1,outside) static 177.22.250.187 net-to-net dns
202route outside 0.0.0.0 0.0.0.0 177.22.250.190 1
203timeout xlate 3:00:00
204timeout pat-xlate 0:00:30
205timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02
206timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
207timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
208timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
209timeout tcp-proxy-redilute 0:01:00
210timeout floating-conn 0:00:00
211timeout conn-holddown 0:00:15
212timeout igp stale-route 0:01:10
213user-identity default-domain LOCAL
214aaa authentication login-history
215http server enable
216http 192.168.1.0 255.255.255.0 vlan
217http 192.168.1.13 255.255.255.255 inside_1
218http 192.168.1.0 255.255.255.0 inside_6
219http 192.168.1.0 255.255.255.0 inside_4
220http 192.168.1.0 255.255.255.0 inside_1
221http 192.168.1.0 255.255.255.0 inside_5
222http 192.168.1.0 255.255.255.0 inside_7
223http 192.168.1.0 255.255.255.0 inside_3
224no snmp-server location
225no snmp-server contact
226service sw-reset-button
227crypto ipsec security-association pmtu-aging infinite
228crypto ca trustpoint ASDM_Launcher_Access_TrustPoint_0
229 enrollment self
230 fqdn none
231 subject-name CN=192.168.1.1,CN=ciscoasa
232 keypair ASDM_LAUNCHER
233 crl configure
234crypto ca trustpool policy
235crypto ca certificate chain ASDM_Launcher_Access_TrustPoint_0
236 certificate 46806c5a
237 308202ce 308201b6 a0030201 02020446 806c5a30 0d06092a 864886f7 0d01010b
238 05003029 3111300f 06035504 03130863 6973636f 61736131 14301206 03550403
239 130b3139 322e3136 382e312e 31301e17 0d313830 31323731 34303034 375a170d
240 32383031 32353134 30303437 5a302931 11300f06 03550403 13086369 73636f61
241 73613114 30120603 55040313 0b313932 2e313638 2e312e31 30820122 300d0609
242 2a864886 f70d0101 01050003 82010f00 3082010a 02820101 00f7f3b7 26ce24f8
243 91a7cb2a c57b5808 94277326 ab08677a ed4673b0 c398d62f ba01ecb0 6700530b
244 ebeac84d a36f0c94 e28df2cd 4c5a53ab be212f4d 221e1bc3 a43326b4 e5c64640
245 b7e8905c 813888aa 08fc67ef 19d89eb7 6faff621 97d100a6 af3e2ed6 e3a750ab
246 8579f1c9 abb12759 73393931 c86db249 91ed75ab 96ae37f1 f14537b5 010ab4c6
247 7bcdabd3 8c9d0e7b b94aac83 9aa49e00 2d66fd8b 4c8c08f8 cc1bad93 94efa5c2
248 48a4de9b 0dde57a4 658131cb b2c18918 d466b063 e64b12ec face9b68 5a96acee
249 7c192e2a 9ee6b84a 22c09b7b 13418013 fb867730 1918b732 fc46e15d 06e829be
250 d738b284 446262f4 44703151 b8e48e91 0f235202 1cb71dd5 bf020301 0001300d
251 06092a86 4886f70d 01010b05 00038201 010055b0 ca24ffd1 419ee98e 559abe89
252 33c45c9f e6471d79 fb465139 21de3ee4 fc8cdcc9 4d0cf25a 3b1d6a07 eb72da03
253 15d87ee4 bf781520 f2dfabbf 451c00c5 477cfbaf a53dcc95 d6b20178 72349f6a
254 7ecb02ea 938dd74d 47506495 ed2fe2c3 f4f8ebd1 dd363633 0a2e3f2d 6361e33d
255 c5d70bac 7496a893 1f4d911e b38c7ad3 fae50d1b 91735e4f 11644f74 dd729dc4
256 156c351d 2b40f73b 6c6c196c 03203fb0 dab368b2 a1a1ee12 ce5bcced 942c0de9
257 f8488a2e 7301df66 b8ac528c d3822ef4 bec9a609 20de3fd7 74aaa47b cff14d71
258 6ee9e15c 62d3bed0 0c643223 fb64fb27 5adda479 546832e7 d53bc9d7 b3309465
259 7beab10f 519e2b6d ff1a2e37 a4677575 ae5f
260 quit
261telnet timeout 5
262ssh stricthostkeycheck
263ssh timeout 5
264ssh key-exchange group dh-group1-sha1
265console timeout 0
266
267dhcpd auto_config outside
268!
269dhcpd address 192.168.1.5-192.168.1.254 inside
270dhcpd enable inside
271!
272threat-detection basic-threat
273threat-detection statistics access-list
274no threat-detection statistics tcp-intercept
275ntp trusted-key 1
276ntp server 177.21.12.4 key 1 source outside prefer
277ssl trust-point ASDM_Launcher_Access_TrustPoint_0 inside
278ssl trust-point ASDM_Launcher_Access_TrustPoint_0 inside vpnlb-ip
279dynamic-access-policy-record DfltAccessPolicy
280!
281class-map inspection_default
282 match default-inspection-traffic
283!
284!
285policy-map type inspect dns preset_dns_map
286 parameters
287 message-length maximum client auto
288 message-length maximum 512
289 no tcp-inspection
290policy-map global_policy
291 class inspection_default
292 inspect dns preset_dns_map
293 inspect ftp
294 inspect h323 h225
295 inspect h323 ras
296 inspect rsh
297 inspect rtsp
298 inspect esmtp
299 inspect sqlnet
300 inspect skinny
301 inspect sunrpc
302 inspect xdmcp
303 inspect sip
304 inspect netbios
305 inspect tftp
306 inspect ip-options
307!
308service-policy global_policy global
309prompt hostname context
310no call-home reporting anonymous
311Cryptochecksum:f8c5c03fdffff45d10568c857f02ef5b
312: end
313no asdm history enable