Created
August 12, 2012 17:57
-
-
Save anonymous/3333437 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| : Saved | |
| : | |
| ASA Version 8.4(4)1 | |
| ! | |
| hostname asa | |
| domain-name securesub.net | |
| enable password xxxxxxxx encrypted | |
| passwd xxxxxxxx encrypted | |
| names | |
| name 192.168.0.11 DAN_NIX | |
| name 192.168.0.1 ASA_INSIDE | |
| ! | |
| interface Ethernet0/0 | |
| switchport access vlan 2 | |
| ! | |
| interface Ethernet0/1 | |
| ! | |
| interface Ethernet0/2 | |
| switchport access vlan 101 | |
| ! | |
| interface Ethernet0/3 | |
| switchport access vlan 1337 | |
| ! | |
| interface Ethernet0/4 | |
| ! | |
| interface Ethernet0/5 | |
| ! | |
| interface Ethernet0/6 | |
| ! | |
| interface Ethernet0/7 | |
| ! | |
| interface Vlan1 | |
| description \\LAN Connection to Switch\\ | |
| nameif inside | |
| security-level 100 | |
| ip address ASA_INSIDE 255.255.255.0 | |
| ! | |
| interface Vlan2 | |
| description //OUT TO FIOS/// | |
| nameif outside | |
| security-level 0 | |
| ip address dhcp setroute | |
| ! | |
| interface Vlan101 | |
| description //WIFI USERS// | |
| nameif WIFI | |
| security-level 75 | |
| ip address 192.168.101.1 255.255.255.0 | |
| ! | |
| interface Vlan1337 | |
| description //MDC3 Competiton// | |
| nameif HAKlab | |
| security-level 10 | |
| ip address 10.10.10.1 255.255.255.0 | |
| ! | |
| boot system disk0:/asa844-1-k8.bin | |
| ftp mode passive | |
| clock timezone EST -5 | |
| clock summer-time EDT recurring | |
| dns domain-lookup inside | |
| dns domain-lookup outside | |
| dns server-group DefaultDNS | |
| name-server 192.168.0.25 | |
| name-server 4.2.2.2 | |
| domain-name securesub.net | |
| same-security-traffic permit inter-interface | |
| same-security-traffic permit intra-interface | |
| object network INSIDE_LAN | |
| subnet 192.168.0.0 255.255.255.0 | |
| object network CAFFEINATED-SSH | |
| host 192.168.0.22 | |
| object network ASA_INSIDE | |
| host 192.168.0.1 | |
| object network ASA-ASDM_SSLVPN | |
| host 192.168.0.1 | |
| object network AnyConnect_VPN_USERS | |
| description Anyconnet VPN Range | |
| object network ANYCONNECT_VPN_USERS | |
| object network ANYCONNECT_VPN_POOL | |
| object network ANYCONNECT_VPN | |
| subnet 192.168.0.200 255.255.255.248 | |
| object network EXCHANGE_SMTP(SSL) | |
| host 192.168.0.4 | |
| object network Dans-Desktop | |
| host 192.168.0.10 | |
| object network EXCHANGE_OWA | |
| host 192.168.0.4 | |
| object network EXCHANGE_ACTIVESYNC | |
| host 192.168.0.4 | |
| object network EXCHANGE_IMAP | |
| host 192.168.0.4 | |
| object network EXCHANGE_SMTP | |
| host 192.168.0.4 | |
| object network ESX_5_SERVER | |
| host 192.168.0.5 | |
| description ESX5 Server | |
| object network Media | |
| host 192.168.0.6 | |
| description Media | |
| object network RRAS | |
| host 192.168.0.4 | |
| object network RDWeb_App | |
| host 192.168.0.4 | |
| object network RRAS_L2TP_IKE | |
| host 192.168.0.4 | |
| object network RRAS_L2TP_IPSEC | |
| host 192.168.0.4 | |
| object network VPN-POOL | |
| host 192.168.0.200 | |
| object network DD-WRT | |
| host 192.168.0.101 | |
| object network SWITCH | |
| host 192.168.0.2 | |
| object network ESX_MANAGEMENT | |
| host 192.168.0.3 | |
| object network WDTV | |
| host 192.168.0.7 | |
| object network FREENAS | |
| host 192.168.0.12 | |
| object network CANON_PRINTER | |
| host 192.168.0.26 | |
| object network Ventrilo_tcp | |
| host 192.168.0.6 | |
| description Ventrilo Server | |
| object network ventrilo_udp | |
| host 192.168.0.6 | |
| object network Vent_data_tcp | |
| host 192.168.0.6 | |
| object network vent_data_udp | |
| host 192.168.0.6 | |
| object network US.LOGON.BATTLE.NET | |
| host 12.129.206.130 | |
| description Ysera | |
| object network YSERA | |
| host 199.107.6.199 | |
| object network IIS_OWA | |
| host 192.168.0.4 | |
| object service https | |
| service tcp source eq https destination eq https | |
| object network Minecraft | |
| host 192.168.0.22 | |
| object network Media-Server | |
| host 192.168.0.6 | |
| object service 6in4 | |
| service 41 | |
| object network ipv6_remote_endpoint | |
| host 216.66.22.2 | |
| object network ipv6_local_endpoint | |
| host 192.168.0.25 | |
| object network DNS_lookup | |
| host 192.168.0.25 | |
| object network DNS_transfer | |
| host 192.168.0.25 | |
| object network WIFI_INSIDE | |
| subnet 192.168.101.0 255.255.255.0 | |
| object network HAK_LAB | |
| subnet 10.10.10.0 255.255.255.0 | |
| description HAK_LAB | |
| object network MDC3_VPN | |
| subnet 10.10.10.200 255.255.255.248 | |
| object-group network obj-192.168.0.0 | |
| object-group service metasploit_range tcp | |
| port-object range 4444 4454 | |
| object-group protocol TCPUDP | |
| protocol-object udp | |
| protocol-object tcp | |
| object-group network INTERNAL_ONLY_DEVICES | |
| network-object object CANON_PRINTER | |
| network-object object DD-WRT | |
| network-object object ESX_5_SERVER | |
| network-object object ESX_MANAGEMENT | |
| network-object object FREENAS | |
| network-object object SWITCH | |
| network-object object WDTV | |
| object-group service Vent tcp-udp | |
| port-object eq 6011 | |
| port-object eq 3784 | |
| object-group service World_of_Warcraft tcp | |
| port-object eq 3724 | |
| port-object eq 6112 | |
| port-object range 6881 6999 | |
| object-group network Ventrilo | |
| network-object object Vent_data_tcp | |
| network-object object vent_data_udp | |
| network-object object Ventrilo_tcp | |
| network-object object ventrilo_udp | |
| object-group service Battlenet_login tcp | |
| port-object eq 1119 | |
| object-group service irc_ports tcp | |
| port-object eq 8001 | |
| object-group service minecraft tcp | |
| port-object eq 25565 | |
| object-group service Vent_3784 tcp | |
| port-object eq 3784 | |
| object-group service Vent_3784_udp udp | |
| port-object eq 3784 | |
| access-list outside_access_in extended permit tcp any object CAFFEINATED-SSH eq ssh | |
| access-list outside_access_in extended permit tcp any object ASA_INSIDE eq 8080 | |
| access-list inside_nat0_outbound extended permit ip 192.168.0.0 255.255.255.0 192.168.0.0 255.255.255.0 | |
| access-list ALLOWED_FROM_OUTSIDE extended permit ip 192.168.0.0 255.255.255.0 object ANYCONNECT_VPN | |
| access-list ALLOWED_FROM_OUTSIDE extended permit object-group TCPUDP any object CAFFEINATED-SSH object-group Vent log emergencies | |
| access-list ALLOWED_FROM_OUTSIDE extended permit tcp any object Media eq 64620 | |
| access-list ALLOWED_FROM_OUTSIDE extended permit tcp any object EXCHANGE_ACTIVESYNC eq www | |
| access-list ALLOWED_FROM_OUTSIDE extended permit tcp any object RDWeb_App eq 3389 | |
| access-list ALLOWED_FROM_OUTSIDE extended permit tcp any object EXCHANGE_OWA eq https | |
| access-list ALLOWED_FROM_OUTSIDE extended permit tcp any object EXCHANGE_SMTP(SSL) eq 587 | |
| access-list ALLOWED_FROM_OUTSIDE extended permit tcp any object CAFFEINATED-SSH eq ssh | |
| access-list ALLOWED_FROM_OUTSIDE extended permit tcp any object ASA-ASDM_SSLVPN eq www | |
| access-list ALLOWED_FROM_OUTSIDE extended permit tcp any object EXCHANGE_IMAP eq 993 | |
| access-list ALLOWED_FROM_OUTSIDE extended permit tcp any object EXCHANGE_SMTP eq smtp | |
| access-list ALLOWED_FROM_OUTSIDE extended permit tcp any object RRAS eq pptp | |
| access-list ALLOWED_FROM_OUTSIDE extended permit gre any object RRAS | |
| access-list outside_access_in_1 extended permit ip any any | |
| access-list outside_access_in_1 extended permit 41 any any | |
| access-list inside_access_in_1 extended permit 41 any any | |
| access-list inside_access_in_1 extended permit ip any any | |
| access-list global_access extended permit icmp any any echo | |
| access-list global_access extended permit icmp any any echo-reply | |
| access-list global_access extended permit tcp any any eq 8001 log emergencies | |
| access-list global_access extended deny tcp any any eq finger | |
| access-list global_access extended deny ip object-group INTERNAL_ONLY_DEVICES interface outside | |
| access-list global_access extended permit ip 192.168.0.0 255.255.255.0 any | |
| access-list global_access extended permit ip 192.168.101.0 255.255.255.0 any | |
| access-list global_access extended permit ip 10.10.10.0 255.255.255.0 any | |
| access-list global_access extended permit tcp any object Dans-Desktop eq 64620 | |
| access-list global_access extended permit object-group TCPUDP any object DNS_lookup eq domain | |
| access-list global_access extended permit tcp any object Media-Server eq 64621 | |
| access-list global_access extended permit tcp any object EXCHANGE_ACTIVESYNC eq www | |
| access-list global_access extended permit tcp any object RDWeb_App eq 3389 | |
| access-list global_access extended permit tcp any object EXCHANGE_SMTP(SSL) eq 587 | |
| access-list global_access extended permit tcp any object CAFFEINATED-SSH eq ssh | |
| access-list global_access extended permit tcp any object ASA-ASDM_SSLVPN eq www | |
| access-list global_access extended permit tcp any object EXCHANGE_IMAP eq 993 | |
| access-list global_access extended permit tcp any object EXCHANGE_SMTP eq smtp | |
| access-list global_access extended permit tcp any object RRAS eq pptp | |
| access-list global_access extended permit gre any object RRAS | |
| access-list global_access extended permit tcp any object EXCHANGE_OWA eq https | |
| access-list global_access extended permit tcp any object Minecraft object-group minecraft | |
| access-list global_access extended permit tcp any object Vent_data_tcp object-group Vent_3784 | |
| access-list global_access extended permit udp any object vent_data_udp object-group Vent_3784_udp | |
| access-list BAH-PKI-LAB standard permit 10.100.60.0 255.255.255.0 | |
| access-list BAH-PKI-LAB standard permit 192.168.5.0 255.255.255.0 | |
| access-list BAH-PKI-LAB remark BAH-PKI-LAB ACCESS | |
| access-list BAH-PKI-LAB remark Vandyke WIFI | |
| access-list BAH-PKI-LAB remark BAH-PKI-LAB ACCESS | |
| access-list BAH-PKI-LAB remark Vandyke WIFI | |
| access-list inside_access_in extended permit ip any any | |
| access-list irc extended permit tcp any any eq 8001 log emergencies interval 1 | |
| access-list irc extended permit tcp object CAFFEINATED-SSH any object-group irc_ports log debugging interval 10 | |
| access-list ipv6tunnel extended permit object 6in4 object ipv6_remote_endpoint object ipv6_local_endpoint | |
| access-list inside_access_in_2 extended permit ip object ANYCONNECT_VPN interface inside | |
| access-list AnyConnect_Client_Local_Print extended deny ip any any | |
| access-list AnyConnect_Client_Local_Print extended permit tcp any any eq lpd | |
| access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol | |
| access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 631 | |
| access-list AnyConnect_Client_Local_Print remark Windows' printing port | |
| access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 9100 | |
| access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol | |
| access-list AnyConnect_Client_Local_Print extended permit udp any host 224.0.0.251 eq 5353 | |
| access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name Resolution protocol | |
| access-list AnyConnect_Client_Local_Print extended permit udp any host 224.0.0.252 eq 5355 | |
| access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol | |
| access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 137 | |
| access-list AnyConnect_Client_Local_Print extended permit udp any any eq netbios-ns | |
| access-list haklab_access_in extended permit ip object MDC3_VPN interface HAKlab | |
| pager lines 24 | |
| logging enable | |
| logging emblem | |
| logging console emergencies | |
| logging monitor emergencies | |
| logging buffered emergencies | |
| logging trap emergencies | |
| logging history emergencies | |
| logging asdm emergencies | |
| logging mail emergencies | |
| logging from-address asa@coffee.no-ip.info | |
| logging host inside 192.168.0.22 format emblem | |
| logging message 101001 level emergencies | |
| mtu inside 1500 | |
| mtu outside 1500 | |
| mtu WIFI 1500 | |
| mtu HAKlab 1500 | |
| ip local pool mdc3_VPN 10.10.10.200-10.10.10.240 mask 255.255.255.0 | |
| ip local pool VPN 192.168.0.200-192.168.0.205 mask 255.255.255.0 | |
| ipv6 local pool ipv6pool 2001:470:8:1044::1/64 100 | |
| ipv6 local pool SecuresubIPV6 2001:470:8:1044::100/64 10 | |
| ipv6 access-list outside_access_ipv6_in permit icmp6 interface outside interface inside echo | |
| ipv6 access-list outside_access_ipv6_in permit icmp6 interface outside interface inside echo-reply | |
| no failover | |
| icmp unreachable rate-limit 1 burst-size 1 | |
| asdm image disk0:/asdm-649-103.bin | |
| no asdm history enable | |
| arp timeout 14400 | |
| nat (inside,outside) source static HAK_LAB HAK_LAB destination static MDC3_VPN MDC3_VPN | |
| nat (inside,outside) source static INSIDE_LAN INSIDE_LAN destination static ANYCONNECT_VPN ANYCONNECT_VPN | |
| nat (inside,outside) source static ipv6_local_endpoint interface destination static ipv6_remote_endpoint ipv6_remote_endpoint | |
| ! | |
| object network INSIDE_LAN | |
| nat (inside,outside) dynamic interface | |
| object network CAFFEINATED-SSH | |
| nat (inside,outside) static interface service tcp ssh ssh | |
| object network EXCHANGE_SMTP(SSL) | |
| nat (inside,outside) static interface service tcp 587 587 | |
| object network EXCHANGE_OWA | |
| nat (inside,outside) static interface service tcp https https | |
| object network EXCHANGE_ACTIVESYNC | |
| nat (inside,outside) static interface service tcp www www | |
| object network EXCHANGE_IMAP | |
| nat (inside,outside) static interface service tcp 993 993 | |
| object network EXCHANGE_SMTP | |
| nat (inside,outside) static interface service tcp smtp smtp | |
| object network Media | |
| nat (inside,outside) static interface service tcp 64621 64621 | |
| object network RRAS | |
| nat (inside,outside) static interface service tcp pptp pptp | |
| object network RDWeb_App | |
| nat (inside,outside) static interface service tcp 3389 3389 | |
| object network WIFI_INSIDE | |
| nat (WIFI,outside) dynamic interface | |
| object network HAK_LAB | |
| nat (any,outside) dynamic interface | |
| ! | |
| nat (outside,outside) after-auto source dynamic MDC3_VPN interface | |
| nat (outside,outside) after-auto source dynamic ANYCONNECT_VPN interface | |
| access-group inside_access_in_2 in interface inside | |
| access-group ipv6tunnel in interface outside | |
| access-group outside_access_ipv6_in in interface outside | |
| access-group haklab_access_in in interface HAKlab | |
| access-group global_access global | |
| timeout xlate 3:00:00 | |
| timeout pat-xlate 0:00:30 | |
| timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 | |
| timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 | |
| timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 | |
| timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute | |
| timeout tcp-proxy-reassembly 0:01:00 | |
| timeout floating-conn 0:00:00 | |
| dynamic-access-policy-record DfltAccessPolicy | |
| user-identity default-domain LOCAL | |
| aaa authentication ssh console LOCAL | |
| http server enable 8080 | |
| http server idle-timeout 10 | |
| http 0.0.0.0 0.0.0.0 inside | |
| http 0.0.0.0 0.0.0.0 outside | |
| no snmp-server location | |
| no snmp-server contact | |
| snmp-server enable traps snmp authentication linkup linkdown coldstart | |
| crypto ipsec ikev2 ipsec-proposal DES | |
| protocol esp encryption des | |
| protocol esp integrity sha-1 md5 | |
| crypto ipsec ikev2 ipsec-proposal 3DES | |
| protocol esp encryption 3des | |
| protocol esp integrity sha-1 md5 | |
| crypto ipsec ikev2 ipsec-proposal AES | |
| protocol esp encryption aes | |
| protocol esp integrity sha-1 md5 | |
| crypto ipsec ikev2 ipsec-proposal AES192 | |
| protocol esp encryption aes-192 | |
| protocol esp integrity sha-1 md5 | |
| crypto ipsec ikev2 ipsec-proposal AES256 | |
| protocol esp encryption aes-256 | |
| protocol esp integrity sha-1 md5 | |
| crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES | |
| crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP | |
| crypto map outside_map interface outside | |
| crypto ca trustpoint ASDM_TrustPoint1 | |
| enrollment terminal | |
| crl configure | |
| crypto ca trustpoint securesub | |
| revocation-check ocsp | |
| keypair securesub | |
| ocsp url http://192.168.0.22:3502 | |
| crl configure | |
| crypto ca certificate chain ASDM_TrustPoint1 | |
| certificate ca 7243d66dbffa9b9241ad74e98c76bd7b | |
| 30820387 3082026f a0030201 02021072 43d66dbf fa9b9241 ad74e98c 76bd7b30 | |
| 0d06092a 864886f7 0d010105 0500304a 31133011 060a0992 268993f2 2c640119 | |
| 16036e65 74311930 17060a09 92268993 f22c6401 19160973 65637572 65737562 | |
| 31183016 06035504 03130f73 65637572 65737562 2d44432d 4341301e 170d3132 | |
| 30373139 31363535 33375a17 0d313730 37313931 37303533 355a304a 31133011 | |
| 060a0992 268993f2 2c640119 16036e65 74311930 17060a09 92268993 f22c6401 | |
| 19160973 65637572 65737562 31183016 06035504 03130f73 65637572 65737562 | |
| 2d44432d 43413082 0122300d 06092a86 4886f70d 01010105 00038201 0f003082 | |
| 010a0282 010100be 47b66f33 1bd1b628 1818c1e4 b3402975 0b94562e 72c23780 | |
| b83a7747 355572d6 42460041 76b3d477 24cbe682 c2b5f01d 8d8d18f4 1c5caae8 | |
| 88d7921c 73578b70 7006738f dcad245c 005664a7 f255ce98 2e732212 672465aa | |
| 5fc217ae 191eac6d 535b7d55 512f3a64 91475790 f26b7952 8c54498c 118d53ae | |
| f274dc52 41f54a7f 3a55c6c2 6bda098a 252ef4bf 27aad40a ec10c299 b72ec99a | |
| c2e9f487 8923eba4 1b331d2b 9facf4ec bbb84be3 96fe58e3 0c485001 952258c6 | |
| a222e6a7 ad0f4b86 1c0baa09 e1c1ddea 950fd841 d08f15d3 d2820525 c11b2708 | |
| e771084d 56edf783 70a42ecc 46ff274b c49d6fac df0051e2 97a3487b acbfa7c9 | |
| bc3c2da6 9c0cf502 03010001 a3693067 30130609 2b060104 01823714 0204061e | |
| 04004300 41300e06 03551d0f 0101ff04 04030201 86300f06 03551d13 0101ff04 | |
| 05300301 01ff301d 0603551d 0e041604 14773ed6 80516666 70f6f23f b2519fc1 | |
| bac218c4 cb301006 092b0601 04018237 15010403 02010030 0d06092a 864886f7 | |
| 0d010105 05000382 01010075 0e2f72aa 42e13293 f7033178 d4fc6a2d c237a7ae | |
| 4fbf7a9b df50d2eb 3653f932 2a9e30cc f23e3686 79864d1d 7654c351 a190165e | |
| cddc4f0f 896ee852 c4f2f354 6970f761 bf988d7c fae3b7dd 2d16c4fa d0637456 | |
| 6f36ace1 e1a33501 cf6ab98b 60846274 04e44605 b0e79791 da7d6f1c 11ea5766 | |
| 9f9c6cc4 410a16bc fd2748ba 80479555 aa9f7050 56c42a22 d2393aed c74f7c77 | |
| 97c1e96e b30df36e 386cb68e d533d050 bcceae68 7f51a7c4 65bc6b7b 3766914c | |
| b4236093 0e1d31d7 63adbe05 a728b136 65f5e4b3 195546c9 d65d02dd 0fa8568e | |
| 787b22b5 e6f24045 2302a530 9628c0eb cb0d16f1 f070212b c8528eb6 ef1c9ddf | |
| 45553f29 7adb8945 066fd0 | |
| quit | |
| crypto ca certificate chain securesub | |
| certificate 237e430200000000003c | |
| 308203db 308202c3 a0030201 02020a23 7e430200 00000000 3c300d06 092a8648 | |
| 86f70d01 01050500 304a3113 3011060a 09922689 93f22c64 01191603 6e657431 | |
| 19301706 0a099226 8993f22c 64011916 09736563 75726573 75623118 30160603 | |
| 55040313 0f736563 75726573 75622d44 432d4341 301e170d 31323037 32363134 | |
| 31303232 5a170d31 34303732 36313431 3032325a 301c311a 30180603 55040313 | |
| 11617361 2e736563 75726573 75622e6e 65743082 0122300d 06092a86 4886f70d | |
| 01010105 00038201 0f003082 010a0282 010100bd b0d227bf 2ee34809 76be6fdd | |
| e07df57c 1bbff598 2cd6640f fa65999b 5fccf6cf d7359889 2d510c97 6af509cc | |
| c0a8b9b8 1788ccae bcbeb4fa 983c0776 87f1d2b3 adcce980 28ffc230 6a3a89d2 | |
| 87688769 46662954 6f8da01f d911ffb4 5b49365b f36d52ae 4f874fc9 6d667af5 | |
| e59620e1 256ef4ff 56e38556 49b33505 713568dd c66a5350 7ee15dd3 6212ec90 | |
| 345b82d7 904d907b 6647ef4c a69e4336 96bc0413 1170bbbb 27afb9fb a607ee1e | |
| 48e36dd4 3a73120d 874e0b45 87f8e058 66003f3a ce8bd5c1 ca62c872 3b0cb850 | |
| 1edb9055 8f74b93d cd1626b6 7519acd2 5b59ea40 66081950 b180c689 2e8261be | |
| f3541145 73263dc1 7e5bf56f c7c90ce7 33db8102 03010001 a381f030 81ed3021 | |
| 06092b06 01040182 37140204 141e1200 57006500 62005300 65007200 76006500 | |
| 72300e06 03551d0f 0101ff04 04030205 a0301306 03551d25 040c300a 06082b06 | |
| 01050507 0301301b 06092b06 01040182 37150a04 0e300c30 0a06082b 06010505 | |
| 07030130 1d060355 1d0e0416 04147fda 44683cc6 fb1d91aa c0384945 951b8224 | |
| a9e7300f 0603551d 11040830 068704c0 a8000130 1f060355 1d230418 30168014 | |
| 773ed680 51666670 f6f23fb2 519fc1ba c218c4cb 30350608 2b060105 05070101 | |
| 04293027 30250608 2b060105 05073001 86196874 74703a2f 2f313932 2e313638 | |
| 2e302e32 323a3335 30322f30 0d06092a 864886f7 0d010105 05000382 01010082 | |
| 62c07363 177d3bfe c45a18a4 8ea6e9aa 9e5ca3f6 b82d777a 661146c6 fb3c5269 | |
| 205b8331 72682979 0e50b0a2 b8acf3f0 bb2dced6 37195c51 66124e58 6087e87a | |
| 6dd30afb a9bb9762 cc08c6d7 4e1d2451 1d39f8dd 22d8f38e 7e912ee7 8565d538 | |
| bb0de3a4 85b4f9af 73926d84 ce38041e 15168b1e 02e1f41f f429615d fc31bf17 | |
| a94ad811 b4894437 651c92b4 d627a673 74737fac 3efc832d e7e3a496 6e956e90 | |
| e12a8aaa 0c9125fe 560a57ff 6d613bc8 952de6c0 2548382e 2210803f 1687f101 | |
| b6aaf7ee 622ea779 218d0c95 83453a88 00372eee aaf6decd 3a092855 6c7965cf | |
| 089a5340 7f1c25a7 e6cd06ef 48b636ce 95cb2d33 f19ba565 12953af9 e2f3af | |
| quit | |
| crypto ikev2 policy 1 | |
| encryption aes-256 | |
| integrity sha | |
| group 5 | |
| prf sha | |
| lifetime seconds 86400 | |
| crypto ikev2 policy 10 | |
| encryption aes-192 | |
| integrity sha | |
| group 5 | |
| prf sha | |
| lifetime seconds 86400 | |
| crypto ikev2 policy 20 | |
| encryption aes | |
| integrity sha | |
| group 5 | |
| prf sha | |
| lifetime seconds 86400 | |
| crypto ikev2 policy 30 | |
| encryption 3des | |
| integrity sha | |
| group 5 | |
| prf sha | |
| lifetime seconds 86400 | |
| crypto ikev2 policy 40 | |
| encryption des | |
| integrity sha | |
| group 5 | |
| prf sha | |
| lifetime seconds 86400 | |
| crypto ikev2 remote-access trustpoint securesub | |
| crypto ikev1 policy 10 | |
| authentication pre-share | |
| encryption des | |
| hash sha | |
| group 2 | |
| lifetime 86400 | |
| telnet timeout 5 | |
| ssh 192.168.0.0 255.255.255.0 inside | |
| ssh 192.168.101.0 255.255.255.0 WIFI | |
| ssh timeout 60 | |
| ssh key-exchange group dh-group1-sha1 | |
| console timeout 0 | |
| management-access inside | |
| dhcpd auto_config outside | |
| ! | |
| dhcpd dns 129.250.35.250 129.250.35.251 interface inside | |
| ! | |
| threat-detection basic-threat | |
| threat-detection statistics | |
| threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200 | |
| ssl trust-point securesub inside | |
| ssl trust-point securesub outside | |
| webvpn | |
| port 8080 | |
| enable outside | |
| anyconnect-essentials | |
| anyconnect image disk0:/anyconnect-win-3.0.5080-k9.pkg 1 | |
| anyconnect profiles MDC3 disk0:/mdc3.xml | |
| anyconnect profiles coffee_anyconnect_client_profile disk0:/coffee_anyconnect_client_profile.xml | |
| anyconnect enable | |
| tunnel-group-list enable | |
| group-policy DefaultRAGroup internal | |
| group-policy DfltGrpPolicy attributes | |
| vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-clientless | |
| group-policy GroupPolicy_coffee_anyconnect internal | |
| group-policy GroupPolicy_coffee_anyconnect attributes | |
| wins-server none | |
| dns-server value 192.168.0.25 4.2.2.2 | |
| vpn-tunnel-protocol ikev2 ssl-client | |
| split-tunnel-policy excludespecified | |
| split-tunnel-network-list value BAH-PKI-LAB | |
| default-domain value securesub | |
| webvpn | |
| anyconnect keep-installer installed | |
| anyconnect ssl rekey time 30 | |
| anyconnect ssl rekey method ssl | |
| anyconnect profiles value coffee_anyconnect_client_profile type user | |
| anyconnect ask enable default anyconnect timeout 5 | |
| group-policy mdc3_policy internal | |
| group-policy mdc3_policy attributes | |
| wins-server none | |
| dns-server value 10.10.10.25 4.2.2.2 | |
| vpn-tunnel-protocol ikev2 ssl-client | |
| default-domain value mdc3.net | |
| webvpn | |
| anyconnect profiles value MDC3 type user | |
| group-policy coffee_clientless internal | |
| group-policy coffee_clientless attributes | |
| vpn-tunnel-protocol ssl-clientless | |
| webvpn | |
| url-list value dans | |
| anyconnect ask none default anyconnect | |
| username pronto password xxxxxxxx encrypted | |
| username pronto attributes | |
| vpn-group-policy mdc3_policy | |
| group-lock value mdc3 | |
| service-type remote-access | |
| webvpn | |
| anyconnect profiles value MDC3 type user | |
| username dano password xxxxxxxx encrypted privilege 15 | |
| tunnel-group coffee_anyconnect type remote-access | |
| tunnel-group coffee_anyconnect general-attributes | |
| address-pool VPN | |
| ipv6-address-pool SecuresubIPV6 | |
| default-group-policy GroupPolicy_coffee_anyconnect | |
| tunnel-group coffee_anyconnect webvpn-attributes | |
| group-alias asa.securesub disable | |
| group-alias coffee_anyconnect disable | |
| group-alias securesub enable | |
| tunnel-group coffee_clientless type remote-access | |
| tunnel-group coffee_clientless general-attributes | |
| default-group-policy coffee_clientless | |
| tunnel-group mdc3 type remote-access | |
| tunnel-group mdc3 general-attributes | |
| address-pool mdc3_VPN | |
| default-group-policy mdc3_policy | |
| dhcp-server subnet-selection 10.10.10.25 | |
| tunnel-group mdc3 webvpn-attributes | |
| group-alias mdc3 enable | |
| ! | |
| class-map global-class | |
| match default-inspection-traffic | |
| class-map inspection_default | |
| match default-inspection-traffic | |
| ! | |
| ! | |
| policy-map type inspect dns preset_dns_map | |
| parameters | |
| message-length maximum 512 | |
| policy-map FTPPOLICY | |
| class inspection_default | |
| inspect ftp | |
| policy-map global-policy | |
| class global-class | |
| inspect esmtp | |
| inspect ipsec-pass-thru | |
| ! | |
| service-policy global-policy global | |
| prompt hostname context | |
| no call-home reporting anonymous | |
| call-home | |
| profile CiscoTAC-1 | |
| no active | |
| destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService | |
| destination address email callhome@cisco.com | |
| destination transport-method http | |
| subscribe-to-alert-group diagnostic | |
| subscribe-to-alert-group environment | |
| subscribe-to-alert-group inventory periodic monthly | |
| subscribe-to-alert-group configuration periodic monthly | |
| subscribe-to-alert-group telemetry periodic daily | |
| hpm topN enable | |
| Cryptochecksum:13bcb0f15d9734c3d19aebbc25a8aa93 | |
| : end | |
| asdm image disk0:/asdm-649-103.bin | |
| no asdm history enable |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment