· 6 years ago · Jan 12, 2019, 03:04 AM
1ciscoasa# show run
2: Saved
3
4:
5: Serial Number: JAD192800UE
6: Hardware: ASA5506W, 4096 MB RAM, CPU Atom C2000 series 1250 MHz, 1 CPU (4 cores)
7:
8ASA Version 9.4(1)
9!
10hostname ciscoasa
11domain-name cisco.com
12enable password jlu7F.2XnHTv1EV5 encrypted
13names
14ip local pool Lab_VPN 10.1.1.225-10.1.1.245 mask 255.255.255.0
15!
16interface GigabitEthernet1/1
17 nameif outside
18 security-level 0
19 ip address dhcp
20!
21interface GigabitEthernet1/2
22 description inside
23 nameif inside
24 security-level 100
25 ip address 10.1.1.1 255.255.255.0
26!
27interface GigabitEthernet1/3
28 no nameif
29 no security-level
30 no ip address
31!
32interface GigabitEthernet1/4
33 shutdown
34 no nameif
35 no security-level
36 no ip address
37!
38interface GigabitEthernet1/5
39 no nameif
40 no security-level
41 no ip address
42!
43interface GigabitEthernet1/6
44 shutdown
45 no nameif
46 no security-level
47 no ip address
48!
49interface GigabitEthernet1/7
50 shutdown
51 no nameif
52 no security-level
53 no ip address
54!
55interface GigabitEthernet1/8
56 no nameif
57 no security-level
58 no ip address
59!
60interface GigabitEthernet1/9
61 shutdown
62 nameif wifi
63 security-level 100
64 ip address 192.168.10.1 255.255.255.0
65!
66interface Management1/1
67 management-only
68 no nameif
69 no security-level
70 no ip address
71!
72ftp mode passive
73dns domain-lookup outside
74dns domain-lookup inside
75dns server-group DefaultDNS
76 name-server 64.222.165.243
77 domain-name cisco.com
78same-security-traffic permit inter-interface
79object network obj_any
80 subnet 0.0.0.0 0.0.0.0
81object network 10.1.3.82
82 host 10.1.3.82
83 description Email Server
84object network NETWORK_OBJ_10.1.1.224_28
85 subnet 10.1.1.224 255.255.255.240
86object network Internal-Networks
87 subnet 10.0.0.0 255.0.0.0
88object-group protocol DM_INLINE_PROTOCOL_1
89 protocol-object ip
90 protocol-object icmp
91 protocol-object udp
92 protocol-object tcp
93object-group protocol DM_INLINE_PROTOCOL_2
94 protocol-object ip
95 protocol-object icmp
96 protocol-object udp
97 protocol-object tcp
98object-group protocol DM_INLINE_PROTOCOL_3
99 protocol-object ip
100 protocol-object icmp
101 protocol-object udp
102 protocol-object tcp
103object-group network test1
104 network-object 10.1.0.0 255.255.0.0
105 network-object 172.16.0.0 255.255.0.0
106 network-object 192.168.0.0 255.255.0.0
107access-list global_access extended permit object-group DM_INLINE_PROTOCOL_1 any any
108access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_3 any any
109access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_2 interface inside interface outside log disable
110access-list outside_access_in extended permit tcp any object 10.1.3.82 eq smtp log disable
111access-list TunnelTraffic standard permit 10.1.0.0 255.255.0.0
112access-list TunnelTraffic standard permit 172.16.0.0 255.255.0.0
113access-list TunnelTraffic standard permit 192.168.0.0 255.255.0.0
114access-list AnyConnect_Client_Local_Print extended deny ip any4 any4
115access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq lpd
116access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol
117access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 631
118access-list AnyConnect_Client_Local_Print remark Windows' printing port
119access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 9100
120access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol
121access-list AnyConnect_Client_Local_Print extended permit udp any4 host 224.0.0.251 eq 5353
122access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name Resolution protocol
123access-list AnyConnect_Client_Local_Print extended permit udp any4 host 224.0.0.252 eq 5355
124access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol
125access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 137
126access-list AnyConnect_Client_Local_Print extended permit udp any4 any4 eq netbios-ns
127pager lines 24
128logging asdm informational
129flow-export destination inside 192.168.1.12 2055
130mtu outside 1500
131mtu inside 1500
132mtu wifi 1500
133no failover
134no monitor-interface service-module
135icmp unreachable rate-limit 1 burst-size 1
136icmp permit any inside
137no asdm history enable
138arp timeout 14400
139no arp permit-nonconnected
140nat (outside,inside) source static any any destination static 10.1.3.82 10.1.3.82 unidirectional
141nat (inside,outside) source dynamic any interface
142nat (outside,inside) source static any any
143nat (inside,outside) source static Internal-Networks Internal-Networks destination static NETWORK_OBJ_10.1.1.224_28 NETWORK_OBJ_10.1.1.224_28 unidirectional
144access-group outside_access_in in interface outside
145access-group inside_access_in in interface inside
146access-group global_access global
147route outside 0.0.0.0 0.0.0.0 192.168.1.1 1
148route inside 10.0.0.0 255.0.0.0 10.1.1.2 1
149timeout xlate 3:00:00
150timeout pat-xlate 0:00:30
151timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
152timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
153timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
154timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
155timeout tcp-proxy-reassembly 0:01:00
156timeout floating-conn 0:00:00
157user-identity default-domain LOCAL
158aaa authentication ssh console LOCAL
159http server enable
160http 192.168.10.0 255.255.255.0 wifi
161http 192.168.1.0 255.255.255.0 outside
162no snmp-server location
163no snmp-server contact
164service sw-reset-button
165crypto ipsec security-association pmtu-aging infinite
166crypto ca trustpoint ASDM_TrustPoint0
167 enrollment self
168 subject-name CN=ciscoasa
169 crl configure
170crypto ca trustpool policy
171crypto ca certificate chain ASDM_TrustPoint0
172 certificate 7a5c365c
173 308202e8 308201d0 a0030201 0202047a 5c365c30 0d06092a 864886f7 0d010105
174 05003036 3111300f 06035504 03130863 6973636f 61736131 21301f06 092a8648
175 86f70d01 09021612 63697363 6f617361 2e636973 636f2e63 6f6d301e 170d3139
176 30313039 32323133 31355a17 0d323930 31303632 32313331 355a3036 3111300f
177 06035504 03130863 6973636f 61736131 21301f06 092a8648 86f70d01 09021612
178 63697363 6f617361 2e636973 636f2e63 6f6d3082 0122300d 06092a86 4886f70d
179 01010105 00038201 0f003082 010a0282 010100b3 cea990f6 1a9a9765 be3abf50
180 003b3652 aeed95e1 23f90bc0 9c6d6125 32a4df24 aef7ce08 144dbeda 4d0bf38c
181 cf511e5b 0fd778db 07eabdda 9a8e845b 9dbdd4cc 3e2acb58 1a96c101 9dfb6925
182 52529ae4 451b2cbf e5c7779f 6c2a9631 e32a7bc2 94de2f11 2d53c487 549e04b8
183 473e4750 97ecaafb f5d97e54 e7df3ca2 2073429d c06c5096 8a6ccf87 bb779607
184 783ad2db 1bc2b140 e53262f7 0c3df2da 7457e2bd 87a684f5 a6847f98 69572911
185 3efab26f f3041bf7 d0fbe877 78835ead e17a4b19 5d2537ea 7198efd1 588d620c
186 4b814cc1 222b56a5 356f177a ca1e8e2f 5c699e65 8d3ad8c8 c647acf2 c730a0dd
187 1ebe6ec9 16875fe3 7aa5d3bc 422e7f01 a3649b02 03010001 300d0609 2a864886
188 f70d0101 05050003 82010100 1f4136bd 27e1f246 c6a8d659 95efc6f0 78312b49
189 4b980dd7 df358667 d2899192 4d7caf5b 760602eb 7a222cba ddfc6c00 d495c081
190 69a74dd7 08a369ef 5fcee13c deea5310 cc00ab98 12b9f139 e1539e7f f3f0da63
191 ccf07253 18ef8247 2c5d965a 1f7f2298 555008e6 3bea392f 19243c9f b4a66a93
192 86834ecc 4823a378 f2860ecd 91bd99c2 7e5452d1 22692719 0b31a8b8 d6ad5566
193 fc94171a 01e2fb8d 7133d3f7 9e88ad51 de4566f5 fd34338c a0c89360 cb2b356b
194 1a9e9e74 23b2d67f 34596cef 3375368f 5be0cdca 38588dc0 3f2cca4d 93ddb7cf
195 51fedd9d d9fbc7be ce4c2f25 2e95ee02 198ddd4e 2dc5ac26 aa5c653f 7d7e2598
196 05a236d6 dc5b51e8 007cb685
197 quit
198telnet timeout 5
199no ssh stricthostkeycheck
200ssh 0.0.0.0 0.0.0.0 outside
201ssh timeout 60
202ssh version 2
203ssh key-exchange group dh-group1-sha1
204console timeout 0
205dhcpd auto_config outside
206!
207dhcpd address 192.168.10.2-192.168.10.254 wifi
208dhcpd enable wifi
209!
210threat-detection basic-threat
211threat-detection statistics access-list
212no threat-detection statistics tcp-intercept
213ntp server 129.6.15.30 source outside
214ssl trust-point ASDM_TrustPoint0 outside
215ssl trust-point ASDM_TrustPoint0 inside
216webvpn
217 enable outside
218 anyconnect image disk0:/anyconnect-win-3.1.07021-k9.pkg 1
219 anyconnect image disk0:/anyconnect-macosx-i386-3.1.07021-k9.pkg 2
220 anyconnect enable
221 tunnel-group-list enable
222 error-recovery disable
223group-policy DfltGrpPolicy attributes
224group-policy GroupPolicy_Lab internal
225group-policy GroupPolicy_Lab attributes
226 wins-server none
227 dns-server value 64.222.165.243
228 vpn-tunnel-protocol ssl-client
229 split-tunnel-policy tunnelspecified
230 split-tunnel-network-list value TunnelTraffic
231 default-domain none
232dynamic-access-policy-record DfltAccessPolicy
233password-policy minimum-length 5
234password-policy minimum-uppercase 1
235password-policy minimum-numeric 1
236username derek password blT.5TlpvSpFFiFI encrypted privilege 15
237username admin password RRccUL9Icbc7lnQ3 encrypted
238username chipcurrent password XV0SWyM8.dOUHREZ encrypted privilege 0
239tunnel-group Lab type remote-access
240tunnel-group Lab general-attributes
241 address-pool Lab_VPN
242 default-group-policy GroupPolicy_Lab
243tunnel-group Lab webvpn-attributes
244 group-alias Lab enable
245!
246class-map inspection_default
247 match default-inspection-traffic
248!
249!
250policy-map type inspect dns preset_dns_map
251 parameters
252 message-length maximum client auto
253 message-length maximum 512
254policy-map global_policy
255 class inspection_default
256 inspect dns preset_dns_map
257 inspect ftp
258 inspect h323 h225
259 inspect h323 ras
260 inspect rsh
261 inspect rtsp
262 inspect esmtp
263 inspect sqlnet
264 inspect skinny
265 inspect sunrpc
266 inspect xdmcp
267 inspect sip
268 inspect netbios
269 inspect tftp
270 inspect ip-options
271!
272service-policy global_policy global
273prompt hostname context
274no call-home reporting anonymous
275Cryptochecksum:d41a5438315e2c6caafb067fa804d7cf
276: end