Last active
June 2, 2023 19:21
-
-
Save LinuxNation/2fcc7ff9e5a69071d974ebf2ea9efa01 to your computer and use it in GitHub Desktop.
Cisco ASA 5505 example configuration
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| hostname virtprem-hq—vpn | |
| domain-name virtualprem.lan | |
| ! | |
| ! | |
| interface Loopback0 | |
| ip address 10.10.10.10 255.255.255.255 | |
| ! | |
| interface Ethernet0/0 | |
| switchport access vlan 100 | |
| ! | |
| interface Ethernet0/1 | |
| switchport access vlan 1 | |
| ! | |
| interface Vlan1 | |
| nameif INSIDE | |
| security-level 100 | |
| ip address 192.168.40.1 255.255.255.0 | |
| ! | |
| interface Vlan100 | |
| nameif OUTSIDE | |
| security-level 0 | |
| ip address 174.15.22.250 255.255.255.252 | |
| ! | |
| ! | |
| same-security-traffic permit inter-interface | |
| ! | |
| object network VPN | |
| subnet 198.19.1.0 255.255.255.0 | |
| nat (OUTSIDE,OUTSIDE) dynamic interface | |
| object network LAN | |
| subnet 192.168.40.0 255.255.255.0 | |
| ! | |
| access-list OUTSIDE_TO_IN extended permit ip object VPN any | |
| ! | |
| global (OUTSIDE) 1 interface | |
| nat (INSIDE) 1 192.168.40.0 255.255.255.0 | |
| ! | |
| access-group OUTSIDE_TO_IN in interface OUTSIDE | |
| ! | |
| route OUTSIDE 0.0.0.0 0.0.0.0 174.15.22.249 1 | |
| ! | |
| aaa authorization command LOCAL | |
| aaa authentication http console LOCAL | |
| aaa authentication ssh console LOCAL | |
| ! | |
| http server enable 8080 | |
| http 192.168.40.0 255.255.255.0 LAN | |
| http 198.19.1.0 255.255.255.0 VPN | |
| ssh 192.168.40.0 255.255.255.0 LAN | |
| ssh 198.19.1.0 255.255.255.0 VPN | |
| ssh timeout 60 | |
| ssh version 2 | |
| ssh key-exchange group dh-group14-sha1 | |
| ssl encryption aes128-sha1 | |
| ssl trust-point VPN-CERT OUTSIDE | |
| ! | |
| webvpn | |
| enable OUTSIDE | |
| anyconnect image disk0:/anyconnect-win-4.8.03052-webdeploy-k9.pkg 1 | |
| anyconnect enable | |
| ! | |
| group-policy ANYCONNECT-GROUP-POLICY internal | |
| group-policy ANYCONNECT-GROUP-POLICY attributes | |
| dns-server value 1.1.1.1 | |
| vpn-tunnel-protocol ssl-client | |
| default-domain value virtualprem.lan | |
| webvpn | |
| anyconnect ssl compression lzs | |
| ! | |
| ip local pool VPN 198.19.1.10-198.19.1.250 mask 255.255.255.0 | |
| ! | |
| username virtprem-lithuania password jTbuTcteEqARX8R7 | |
| username virtprem-lithuania attributes | |
| service-type remote-access | |
| ! | |
| username virtprem-morocco password TktH2X96nMHAeTRL | |
| username virtprem-morocco attributes | |
| service-type remote-access | |
| ! | |
| username virtprem-ukraine password f4atERLLe6tsyMVJ | |
| username virtprem-ukraine attributes | |
| service-type remote-access | |
| ! | |
| username virtprem-turkey password BFUmYSJq9ScdFPVL | |
| username virtprem-turkey attributes | |
| service-type remote-access | |
| ! | |
| tunnel-group ANYCONNECT-TUNNEL-GROUP type remote-access | |
| tunnel-group ANYCONNECT-TUNNEL-GROUP general-attributes | |
| address-pool VPN | |
| default-group-policy ANYCONNECT-GROUP-POLICY | |
| ! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment