Created
August 6, 2012 17:15
-
-
Save anonymous/3276764 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
: Saved | |
: | |
ASA Version 8.4(4)1 | |
! | |
hostname asa | |
domain-name securesub.net | |
enable password XXX encrypted | |
passwd XXX encrypted | |
names | |
name 192.168.0.11 DAN_NIX | |
name 192.168.0.1 ASA_INSIDE | |
! | |
interface Ethernet0/0 | |
switchport access vlan 2 | |
! | |
interface Ethernet0/1 | |
! | |
interface Ethernet0/2 | |
! | |
interface Ethernet0/3 | |
! | |
interface Ethernet0/4 | |
! | |
interface Ethernet0/5 | |
switchport monitor Ethernet0/0 | |
! | |
interface Ethernet0/6 | |
! | |
interface Ethernet0/7 | |
! | |
interface Vlan1 | |
description \\LAN Connection to Switch\\ | |
nameif inside | |
security-level 100 | |
ip address ASA_INSIDE 255.255.255.0 | |
! | |
interface Vlan2 | |
description //OUT TO FIOS/// | |
nameif outside | |
security-level 0 | |
ip address dhcp setroute | |
! | |
boot system disk0:/asa844-1-k8.bin | |
ftp mode passive | |
clock timezone EST -5 | |
clock summer-time EDT recurring | |
dns domain-lookup inside | |
dns domain-lookup outside | |
dns server-group DefaultDNS | |
name-server 192.168.0.25 | |
name-server 4.2.2.2 | |
domain-name securesub.net | |
same-security-traffic permit intra-interface | |
object network INSIDE_LAN | |
subnet 192.168.0.0 255.255.255.0 | |
object network CAFFEINATED-SSH | |
host 192.168.0.22 | |
object network ASA_INSIDE | |
host 192.168.0.1 | |
object network ASA-ASDM_SSLVPN | |
host 192.168.0.1 | |
object network AnyConnect_VPN_USERS | |
description Anyconnet VPN Range | |
object network ANYCONNECT_VPN_USERS | |
object network ANYCONNECT_VPN_POOL | |
object network ANYCONNECT_VPN | |
subnet 192.168.0.200 255.255.255.248 | |
object network EXCHANGE_SMTP(SSL) | |
host 192.168.0.4 | |
object network Dans-Desktop | |
host 192.168.0.10 | |
object network EXCHANGE_OWA | |
host 192.168.0.4 | |
object network EXCHANGE_ACTIVESYNC | |
host 192.168.0.4 | |
object network EXCHANGE_IMAP | |
host 192.168.0.4 | |
object network EXCHANGE_SMTP | |
host 192.168.0.4 | |
object network ESX_5_SERVER | |
host 192.168.0.5 | |
description ESX5 Server | |
object network DansDesktop | |
host 192.168.0.10 | |
description DansDesktop | |
object network RRAS | |
host 192.168.0.4 | |
object network RDWeb_App | |
host 192.168.0.4 | |
object network RRAS_L2TP_IKE | |
host 192.168.0.4 | |
object network RRAS_L2TP_IPSEC | |
host 192.168.0.4 | |
object network VPN-POOL | |
host 192.168.0.200 | |
object network DD-WRT | |
host 192.168.0.101 | |
object network SWITCH | |
host 192.168.0.2 | |
object network ESX_MANAGEMENT | |
host 192.168.0.3 | |
object network WDTV | |
host 192.168.0.7 | |
object network FREENAS | |
host 192.168.0.12 | |
object network CANON_PRINTER | |
host 192.168.0.26 | |
object network Ventrilo_tcp | |
host 192.168.0.6 | |
description Ventrilo Server | |
object network ventrilo_udp | |
host 192.168.0.6 | |
object network Vent_data_tcp | |
host 192.168.0.6 | |
object network vent_data_udp | |
host 192.168.0.6 | |
object network US.LOGON.BATTLE.NET | |
host 12.129.206.130 | |
description Ysera | |
object network YSERA | |
host 199.107.6.199 | |
object network IIS_OWA | |
host 192.168.0.4 | |
object service https | |
service tcp source eq https destination eq https | |
object network Minecraft | |
host 192.168.0.22 | |
object network Media-Server | |
host 192.168.0.6 | |
object service 6in4 | |
service 41 | |
object network ipv6_remote_endpoint | |
host 216.66.22.2 | |
object network ipv6_local_endpoint | |
host 192.168.0.25 | |
object network DNS_lookup | |
host 192.168.0.25 | |
object network DNS_transfer | |
host 192.168.0.25 | |
object-group network obj-192.168.0.0 | |
object-group service metasploit_range tcp | |
port-object range 4444 4454 | |
object-group protocol TCPUDP | |
protocol-object udp | |
protocol-object tcp | |
object-group network INTERNAL_ONLY_DEVICES | |
network-object object CANON_PRINTER | |
network-object object DD-WRT | |
network-object object ESX_5_SERVER | |
network-object object ESX_MANAGEMENT | |
network-object object FREENAS | |
network-object object SWITCH | |
network-object object WDTV | |
object-group service Vent tcp-udp | |
port-object eq 6011 | |
port-object eq 3784 | |
object-group service World_of_Warcraft tcp | |
port-object eq 3724 | |
port-object eq 6112 | |
port-object range 6881 6999 | |
object-group network Ventrilo | |
network-object object Vent_data_tcp | |
network-object object vent_data_udp | |
network-object object Ventrilo_tcp | |
network-object object ventrilo_udp | |
object-group service Battlenet_login tcp | |
port-object eq 1119 | |
object-group service irc_ports tcp | |
port-object eq 8001 | |
object-group service minecraft tcp | |
port-object eq 25565 | |
object-group service Vent_3784 tcp | |
port-object eq 3784 | |
object-group service Vent_3784_udp udp | |
port-object eq 3784 | |
access-list outside_access_in extended permit tcp any object CAFFEINATED-SSH eq ssh | |
access-list outside_access_in extended permit tcp any object ASA_INSIDE eq 8080 | |
access-list inside_nat0_outbound extended permit ip 192.168.0.0 255.255.255.0 192.168.0.0 255.255.255.0 | |
access-list ALLOWED_FROM_OUTSIDE extended permit ip 192.168.0.0 255.255.255.0 object ANYCONNECT_VPN | |
access-list ALLOWED_FROM_OUTSIDE extended permit object-group TCPUDP any object CAFFEINATED-SSH object-group Vent log emergencies | |
access-list ALLOWED_FROM_OUTSIDE extended permit tcp any object DansDesktop eq 64620 | |
access-list ALLOWED_FROM_OUTSIDE extended permit tcp any object EXCHANGE_ACTIVESYNC eq www | |
access-list ALLOWED_FROM_OUTSIDE extended permit tcp any object RDWeb_App eq 3389 | |
access-list ALLOWED_FROM_OUTSIDE extended permit tcp any object EXCHANGE_OWA eq https | |
access-list ALLOWED_FROM_OUTSIDE extended permit tcp any object EXCHANGE_SMTP(SSL) eq 587 | |
access-list ALLOWED_FROM_OUTSIDE extended permit tcp any object CAFFEINATED-SSH eq ssh | |
access-list ALLOWED_FROM_OUTSIDE extended permit tcp any object ASA-ASDM_SSLVPN eq www | |
access-list ALLOWED_FROM_OUTSIDE extended permit tcp any object EXCHANGE_IMAP eq 993 | |
access-list ALLOWED_FROM_OUTSIDE extended permit tcp any object EXCHANGE_SMTP eq smtp | |
access-list ALLOWED_FROM_OUTSIDE extended permit tcp any object RRAS eq pptp | |
access-list ALLOWED_FROM_OUTSIDE extended permit gre any object RRAS | |
access-list outside_access_in_1 extended permit ip any any | |
access-list outside_access_in_1 extended permit 41 any any | |
access-list inside_access_in_1 extended permit 41 any any | |
access-list inside_access_in_1 extended permit ip any any | |
access-list global_access extended permit icmp any any echo | |
access-list global_access extended permit icmp any any echo-reply | |
access-list global_access extended permit tcp any object US.LOGON.BATTLE.NET object-group Battlenet_login log emergencies | |
access-list global_access extended permit tcp any any object-group World_of_Warcraft log emergencies | |
access-list global_access extended permit tcp any any eq 8001 log emergencies | |
access-list global_access extended deny tcp any any eq finger | |
access-list global_access extended deny ip object-group INTERNAL_ONLY_DEVICES interface outside | |
access-list global_access extended permit ip 192.168.0.0 255.255.255.0 any | |
access-list global_access extended permit tcp any object Dans-Desktop eq 64620 | |
access-list global_access extended permit object-group TCPUDP any object DNS_lookup eq domain | |
access-list global_access extended permit tcp any object Media-Server eq 64621 | |
access-list global_access extended permit tcp any object EXCHANGE_ACTIVESYNC eq www | |
access-list global_access extended permit tcp any object RDWeb_App eq 3389 | |
access-list global_access extended permit tcp any object EXCHANGE_SMTP(SSL) eq 587 | |
access-list global_access extended permit tcp any object CAFFEINATED-SSH eq ssh | |
access-list global_access extended permit tcp any object ASA-ASDM_SSLVPN eq www | |
access-list global_access extended permit tcp any object EXCHANGE_IMAP eq 993 | |
access-list global_access extended permit tcp any object EXCHANGE_SMTP eq smtp | |
access-list global_access extended permit tcp any object RRAS eq pptp | |
access-list global_access extended permit gre any object RRAS | |
access-list global_access extended permit tcp any object EXCHANGE_OWA eq https | |
access-list global_access extended permit tcp any object Minecraft object-group minecraft | |
access-list global_access extended permit tcp any object Vent_data_tcp object-group Vent_3784 | |
access-list global_access extended permit udp any object vent_data_udp object-group Vent_3784_udp | |
access-list BAH-PKI-LAB remark BAH-PKI-LAB ACCESS | |
access-list BAH-PKI-LAB standard permit 10.100.60.0 255.255.255.0 | |
access-list BAH-PKI-LAB remark Vandyke WIFI | |
access-list BAH-PKI-LAB standard permit 192.168.5.0 255.255.255.0 | |
access-list BAH-PKI-LAB remark BAH-PKI-LAB ACCESS | |
access-list BAH-PKI-LAB remark Vandyke WIFI | |
access-list inside_access_in extended permit ip any any | |
access-list irc extended permit tcp any any eq 8001 log emergencies interval 1 | |
access-list irc extended permit tcp object CAFFEINATED-SSH any object-group irc_ports log debugging interval 10 | |
access-list ipv6tunnel extended permit object 6in4 object ipv6_remote_endpoint object ipv6_local_endpoint | |
pager lines 24 | |
logging enable | |
logging emblem | |
logging console emergencies | |
logging monitor emergencies | |
logging buffered emergencies | |
logging trap emergencies | |
logging history emergencies | |
logging asdm emergencies | |
logging mail emergencies | |
logging from-address asa@coffee.no-ip.info | |
logging host inside 192.168.0.22 format emblem | |
logging message 101001 level emergencies | |
mtu inside 1500 | |
mtu outside 1500 | |
ip local pool VPN 192.168.0.200-192.168.0.205 mask 255.255.255.0 | |
ipv6 local pool SecuresubIPV6 2001:470:8:1044::100/64 10 | |
ipv6 access-list outside_access_ipv6_in permit icmp6 interface outside interface inside echo | |
ipv6 access-list outside_access_ipv6_in permit icmp6 interface outside interface inside echo-reply | |
no failover | |
icmp unreachable rate-limit 1 burst-size 1 | |
asdm image disk0:/asdm-649-103.bin | |
no asdm history enable | |
arp timeout 14400 | |
nat (inside,outside) source static INSIDE_LAN INSIDE_LAN destination static ANYCONNECT_VPN ANYCONNECT_VPN | |
nat (inside,outside) source static ipv6_local_endpoint interface destination static ipv6_remote_endpoint ipv6_remote_endpoint | |
! | |
object network INSIDE_LAN | |
nat (inside,outside) dynamic interface | |
object network CAFFEINATED-SSH | |
nat (inside,outside) static interface service tcp ssh ssh | |
object network EXCHANGE_SMTP(SSL) | |
nat (inside,outside) static interface service tcp 587 587 | |
object network EXCHANGE_OWA | |
nat (inside,outside) static interface service tcp https https | |
object network EXCHANGE_ACTIVESYNC | |
nat (inside,outside) static interface service tcp www www | |
object network EXCHANGE_IMAP | |
nat (inside,outside) static interface service tcp 993 993 | |
object network EXCHANGE_SMTP | |
nat (inside,outside) static interface service tcp smtp smtp | |
object network DansDesktop | |
nat (inside,outside) static interface service tcp 64620 64620 | |
object network RRAS | |
nat (inside,outside) static interface service tcp pptp pptp | |
object network RDWeb_App | |
nat (inside,outside) static interface service tcp 3389 3389 | |
object network Ventrilo_tcp | |
nat (any,outside) static interface service tcp 3784 3784 | |
object network ventrilo_udp | |
nat (any,outside) static interface service udp 3784 3784 | |
object network Vent_data_tcp | |
nat (any,outside) static interface service tcp 6011 6011 | |
object network vent_data_udp | |
nat (any,outside) static interface service udp 6011 6011 | |
object network IIS_OWA | |
nat (any,outside) static interface service tcp https https | |
object network Minecraft | |
nat (any,outside) static interface service tcp 25565 25565 | |
object network Media-Server | |
nat (any,outside) static interface service tcp 64621 64621 | |
object network DNS_lookup | |
nat (any,outside) static interface service tcp domain domain | |
object network DNS_transfer | |
nat (any,outside) static interface service udp domain domain | |
! | |
nat (outside,outside) after-auto source dynamic ANYCONNECT_VPN interface | |
access-group ipv6tunnel in interface outside | |
access-group outside_access_ipv6_in in interface outside | |
access-group global_access global | |
timeout xlate 3:00:00 | |
timeout pat-xlate 0:00:30 | |
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 | |
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 | |
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 | |
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute | |
timeout tcp-proxy-reassembly 0:01:00 | |
timeout floating-conn 0:00:00 | |
dynamic-access-policy-record DfltAccessPolicy | |
user-identity default-domain LOCAL | |
aaa authentication ssh console LOCAL | |
http server enable 8080 | |
http server idle-timeout 10 | |
http 0.0.0.0 0.0.0.0 inside | |
http 0.0.0.0 0.0.0.0 outside | |
no snmp-server location | |
no snmp-server contact | |
snmp-server enable traps snmp authentication linkup linkdown coldstart | |
crypto ipsec ikev2 ipsec-proposal AES256 | |
protocol esp encryption aes-256 | |
protocol esp integrity sha-1 md5 | |
crypto ipsec ikev2 ipsec-proposal AES192 | |
protocol esp encryption aes-192 | |
protocol esp integrity sha-1 md5 | |
crypto ipsec ikev2 ipsec-proposal AES | |
protocol esp encryption aes | |
protocol esp integrity sha-1 md5 | |
crypto ipsec ikev2 ipsec-proposal 3DES | |
protocol esp encryption 3des | |
protocol esp integrity sha-1 md5 | |
crypto ipsec ikev2 ipsec-proposal DES | |
protocol esp encryption des | |
protocol esp integrity sha-1 md5 | |
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES | |
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP | |
crypto map outside_map interface outside | |
crypto ca trustpoint ASDM_TrustPoint1 | |
enrollment terminal | |
crl configure | |
crypto ca trustpoint securesub | |
revocation-check ocsp | |
keypair securesub | |
ocsp url http://192.168.0.22:3502 | |
crl configure | |
crypto ca certificate chain ASDM_TrustPoint1 | |
certificate ca XXXXX | |
quit | |
crypto ca certificate chain securesub | |
certificate XXXXX | |
quit | |
crypto ikev2 policy 1 | |
encryption aes-256 | |
integrity sha | |
group 5 | |
prf sha | |
lifetime seconds 86400 | |
crypto ikev2 policy 10 | |
encryption aes-192 | |
integrity sha | |
group 5 | |
prf sha | |
lifetime seconds 86400 | |
crypto ikev2 policy 20 | |
encryption aes | |
integrity sha | |
group 5 | |
prf sha | |
lifetime seconds 86400 | |
crypto ikev2 policy 30 | |
encryption 3des | |
integrity sha | |
group 5 | |
prf sha | |
lifetime seconds 86400 | |
crypto ikev2 policy 40 | |
encryption des | |
integrity sha | |
group 5 | |
prf sha | |
lifetime seconds 86400 | |
crypto ikev2 remote-access trustpoint securesub | |
crypto ikev1 policy 10 | |
authentication pre-share | |
encryption des | |
hash sha | |
group 2 | |
lifetime 86400 | |
telnet timeout 5 | |
ssh 192.168.0.0 255.255.255.0 inside | |
ssh timeout 60 | |
ssh key-exchange group dh-group1-sha1 | |
console timeout 0 | |
management-access inside | |
dhcpd auto_config outside | |
! | |
dhcpd dns 129.250.35.250 129.250.35.251 interface inside | |
! | |
threat-detection basic-threat | |
threat-detection statistics | |
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200 | |
ssl trust-point securesub outside | |
ssl trust-point securesub inside | |
webvpn | |
port 8080 | |
enable outside | |
anyconnect-essentials | |
anyconnect image disk0:/anyconnect-win-3.0.5080-k9.pkg 1 | |
anyconnect profiles coffee_anyconnect_client_profile disk0:/coffee_anyconnect_client_profile.xml | |
anyconnect enable | |
tunnel-group-list enable | |
group-policy DefaultRAGroup internal | |
group-policy DfltGrpPolicy attributes | |
vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-clientless | |
group-policy GroupPolicy_coffee_anyconnect internal | |
group-policy GroupPolicy_coffee_anyconnect attributes | |
wins-server none | |
dns-server value 192.168.0.25 4.2.2.2 | |
vpn-tunnel-protocol ikev2 ssl-client | |
split-tunnel-policy excludespecified | |
split-tunnel-network-list value BAH-PKI-LAB | |
default-domain value securesub | |
webvpn | |
anyconnect keep-installer installed | |
anyconnect ssl rekey time 30 | |
anyconnect ssl rekey method ssl | |
anyconnect profiles value coffee_anyconnect_client_profile type user | |
anyconnect ask enable default anyconnect timeout 5 | |
group-policy coffee_clientless internal | |
group-policy coffee_clientless attributes | |
vpn-tunnel-protocol ssl-clientless | |
webvpn | |
url-list value dans | |
anyconnect ask none default anyconnect | |
service-type remote-access | |
username dano password XXXXXX encrypted privilege 15 | |
tunnel-group coffee_anyconnect type remote-access | |
tunnel-group coffee_anyconnect general-attributes | |
address-pool VPN | |
ipv6-address-pool SecuresubIPV6 | |
default-group-policy GroupPolicy_coffee_anyconnect | |
tunnel-group coffee_anyconnect webvpn-attributes | |
authentication aaa certificate | |
group-alias coffee_anyconnect disable | |
group-alias securesub enable | |
tunnel-group coffee_clientless type remote-access | |
tunnel-group coffee_clientless general-attributes | |
default-group-policy coffee_clientless | |
! | |
class-map global-class | |
match default-inspection-traffic | |
class-map inspection_default | |
match default-inspection-traffic | |
! | |
! | |
policy-map type inspect dns preset_dns_map | |
parameters | |
message-length maximum 512 | |
policy-map FTPPOLICY | |
class inspection_default | |
inspect ftp | |
policy-map global-policy | |
class global-class | |
inspect esmtp | |
inspect ipsec-pass-thru | |
! | |
service-policy global-policy global | |
prompt hostname context | |
no call-home reporting anonymous | |
call-home | |
profile CiscoTAC-1 | |
no active | |
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService | |
destination address email callhome@cisco.com | |
destination transport-method http | |
subscribe-to-alert-group diagnostic | |
subscribe-to-alert-group environment | |
subscribe-to-alert-group inventory periodic monthly | |
subscribe-to-alert-group configuration periodic monthly | |
subscribe-to-alert-group telemetry periodic daily | |
hpm topN enable | |
Cryptochecksum:a92a6de1278b17f8c59b7af2be9e525e | |
: end | |
asdm image disk0:/asdm-649-103.bin | |
no asdm history enable |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment