mosesrenegade/asa-bridge.cfg

## asa-bridge.cfg
firewall transparent
enable password cisco
hostname ciscoasa
domain-name domain.local
names
!
interface GigabitEthernet1/1
 nameif outside
 bridge-group 1
 security-level 100
!
interface GigabitEthernet1/2
 nameif inside
 bridge-group 1
 security-level 100
!
interface Management1/1
 management-only
 no nameif
 no security-level
!
interface BVI1
 ip address 192.168.1.2 255.255.255.0
!
boot system disk0:/asa941-lfbff-k8.SPA
ftp mode passive
dns domain-lookup outside
dns domain-lookup inside
dns server-group DefaultDNS
same-security-traffic permit inter-interface
access-list inside_access_in extended permit ip any any
access-list outside_access_in extended permit ip any any
access-list global_mpc_1 extended permit ip any any
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
icmp unreachable rate-limit 1 burst-size 1
icmp permit any outside
icmp permit any inside
asdm history enable
arp timeout 14400
no arp permit-nonconnected
access-group outside_access_in in interface outside
access-group inside_access_in in interface inside
route outside 0.0.0.0 0.0.0.0 192.168.1.1 1
user-identity default-domain LOCAL
aaa authentication http console LOCAL
aaa authentication ssh console LOCAL
http server enable
http 0.0.0.0 0.0.0.0 inside
no snmp-server location
no snmp-server contact
service sw-reset-button
crypto ipsec security-association pmtu-aging infinite
no ssh stricthostkeycheck
ssh 192.168.1.0 255.255.255.0 inside
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
threat-detection basic-threat
threat-detection statistics
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
ssl server-version tlsv1.2
ssl client-version tlsv1.2
dynamic-access-policy-record DfltAccessPolicy
username cisco priv 15 password cisco
class-map global-class
 match access-list global_mpc
class-map inspection_default
 match default-inspection-traffic
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum client auto
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect esmtp
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect ip-options
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect sip
  inspect skinny
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect xdmcp
 class global-class
  sfr fail-open
 class class-default
  user-statistics accounting
!
service-policy global_policy global
prompt hostname context
service call-home
call-home reporting anonymous
call-home
 contact-email-addr mosherna@cisco.com
 profile CiscoTAC-1
  no active
  destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
  destination address email callhome@cisco.com
  destination transport-method http
  subscribe-to-alert-group diagnostic
  subscribe-to-alert-group environment
  subscribe-to-alert-group inventory periodic monthly 28
  subscribe-to-alert-group configuration periodic monthly 28
  subscribe-to-alert-group telemetry periodic daily
hpm topN enable
	firewall transparent
	enable password cisco
	hostname ciscoasa
	domain-name domain.local
	names
	!
	interface GigabitEthernet1/1
	nameif outside
	bridge-group 1
	security-level 100
	!
	interface GigabitEthernet1/2
	nameif inside
	bridge-group 1
	security-level 100
	!
	interface Management1/1
	management-only
	no nameif
	no security-level
	!
	interface BVI1
	ip address 192.168.1.2 255.255.255.0
	!
	boot system disk0:/asa941-lfbff-k8.SPA
	ftp mode passive
	dns domain-lookup outside
	dns domain-lookup inside
	dns server-group DefaultDNS
	same-security-traffic permit inter-interface
	access-list inside_access_in extended permit ip any any
	access-list outside_access_in extended permit ip any any
	access-list global_mpc_1 extended permit ip any any
	pager lines 24
	logging enable
	logging asdm informational
	mtu outside 1500
	mtu inside 1500
	icmp unreachable rate-limit 1 burst-size 1
	icmp permit any outside
	icmp permit any inside
	asdm history enable
	arp timeout 14400
	no arp permit-nonconnected
	access-group outside_access_in in interface outside
	access-group inside_access_in in interface inside
	route outside 0.0.0.0 0.0.0.0 192.168.1.1 1
	user-identity default-domain LOCAL
	aaa authentication http console LOCAL
	aaa authentication ssh console LOCAL
	http server enable
	http 0.0.0.0 0.0.0.0 inside
	no snmp-server location
	no snmp-server contact
	service sw-reset-button
	crypto ipsec security-association pmtu-aging infinite
	no ssh stricthostkeycheck
	ssh 192.168.1.0 255.255.255.0 inside
	ssh timeout 5
	ssh key-exchange group dh-group1-sha1
	console timeout 0
	threat-detection basic-threat
	threat-detection statistics
	threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
	ssl server-version tlsv1.2
	ssl client-version tlsv1.2
	dynamic-access-policy-record DfltAccessPolicy
	username cisco priv 15 password cisco
	class-map global-class
	match access-list global_mpc
	class-map inspection_default
	match default-inspection-traffic
	!
	policy-map type inspect dns preset_dns_map
	parameters
	message-length maximum client auto
	message-length maximum 512
	policy-map global_policy
	class inspection_default
	inspect dns preset_dns_map
	inspect esmtp
	inspect ftp
	inspect h323 h225
	inspect h323 ras
	inspect ip-options
	inspect netbios
	inspect rsh
	inspect rtsp
	inspect sip
	inspect skinny
	inspect sqlnet
	inspect sunrpc
	inspect tftp
	inspect xdmcp
	class global-class
	sfr fail-open
	class class-default
	user-statistics accounting
	!
	service-policy global_policy global
	prompt hostname context
	service call-home
	call-home reporting anonymous
	call-home
	contact-email-addr mosherna@cisco.com
	profile CiscoTAC-1
	no active
	destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
	destination address email callhome@cisco.com
	destination transport-method http
	subscribe-to-alert-group diagnostic
	subscribe-to-alert-group environment
	subscribe-to-alert-group inventory periodic monthly 28
	subscribe-to-alert-group configuration periodic monthly 28
	subscribe-to-alert-group telemetry periodic daily
	hpm topN enable