-
-
Save pmac72/f483ea8c7c8c8c254626 to your computer and use it in GitHub Desktop.
Cisco ASA 5505 Running Configuration
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
: Saved | |
: | |
ASA Version 8.2(5) | |
! | |
terminal width 128 | |
hostname ciscoasa | |
enable password ENABLE_PASSWORD encrypted | |
passwd ENABLE_PASSWORD encrypted | |
names | |
! | |
interface Ethernet0/0 | |
switchport access vlan 2 | |
! | |
interface Ethernet0/1 | |
! | |
interface Ethernet0/2 | |
! | |
interface Ethernet0/3 | |
! | |
interface Ethernet0/4 | |
! | |
interface Ethernet0/5 | |
! | |
interface Ethernet0/6 | |
! | |
interface Ethernet0/7 | |
! | |
interface Vlan1 | |
nameif inside | |
security-level 100 | |
ip address 10.0.0.225 255.255.255.0 | |
! | |
interface Vlan2 | |
nameif outside | |
security-level 0 | |
ip address OFFICE_OUTSIDE_IP 255.255.255.240 | |
! | |
ftp mode passive | |
dns domain-lookup inside | |
dns server-group DefaultDNS | |
name-server 8.8.8.8 | |
name-server 8.8.4.4 | |
same-security-traffic permit intra-interface | |
access-list inside_nat0_outbound extended permit ip any 10.0.0.0 255.255.255.192 | |
access-list Split_Tunnel_List standard permit 10.0.0.0 255.255.255.0 | |
access-list Split_Tunnel_List standard permit 172.17.0.0 255.255.0.0 | |
access-list acl-amzn extended permit ip any 172.17.0.0 255.255.0.0 | |
access-list amzn-filter extended permit ip 172.17.0.0 255.255.0.0 10.0.0.0 255.0.0.0 | |
access-list amzn-filter extended permit ip 172.17.0.0 255.255.0.0 host OFFICE_OUTSIDE_IP | |
access-list amzn-filter extended deny ip any any | |
access-list outside_access_in extended permit ip host AWS_TUNNEL_1_IP host OFFICE_OUTSIDE_IP | |
access-list outside_access_in extended permit ip host AWS_TUNNEL_2_IP host OFFICE_OUTSIDE_IP | |
access-list outside_access_in extended permit icmp any any | |
no pager | |
logging asdm informational | |
mtu inside 1500 | |
mtu outside 1500 | |
ip local pool RA_VPN_POOL 10.0.0.10-10.0.0.50 mask 255.255.255.0 | |
icmp unreachable rate-limit 1 burst-size 1 | |
icmp permit any outside | |
no asdm history enable | |
arp timeout 14400 | |
global (outside) 1 interface | |
nat (inside) 0 access-list acl-amzn | |
nat (inside) 1 0.0.0.0 0.0.0.0 | |
nat (outside) 1 10.0.0.0 255.255.255.0 | |
access-group outside_access_in in interface outside | |
route outside 0.0.0.0 0.0.0.0 OFFICE_INTERNET_GATEWAY 1 | |
timeout xlate 3:00:00 | |
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 | |
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 | |
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 | |
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute | |
timeout tcp-proxy-reassembly 0:01:00 | |
timeout floating-conn 0:00:00 | |
dynamic-access-policy-record DfltAccessPolicy | |
aaa authentication ssh console LOCAL | |
http server enable | |
http 10.0.0.0 255.255.255.0 inside | |
no snmp-server location | |
no snmp-server contact | |
snmp-server enable traps snmp authentication linkup linkdown coldstart | |
sysopt connection tcpmss 1387 | |
sla monitor 1 | |
type echo protocol ipIcmpEcho 172.17.32.154 interface outside | |
frequency 5 | |
sla monitor schedule 1 life forever start-time now | |
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac | |
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac | |
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac | |
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac | |
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac | |
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac | |
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac | |
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac | |
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac | |
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac | |
crypto ipsec transform-set transform-amzn esp-aes esp-sha-hmac | |
crypto ipsec security-association lifetime seconds 3600 | |
crypto ipsec security-association lifetime kilobytes 4608000 | |
crypto ipsec security-association replay window-size 128 | |
crypto ipsec df-bit clear-df outside | |
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1 | |
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 | |
crypto map outside_map 1 match address acl-amzn | |
crypto map outside_map 1 set pfs | |
crypto map outside_map 1 set peer AWS_TUNNEL_1_IP AWS_TUNNEL_2_IP | |
crypto map outside_map 1 set transform-set transform-amzn | |
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP | |
crypto map outside_map interface outside | |
crypto isakmp identity address | |
crypto isakmp enable outside | |
crypto isakmp policy 10 | |
authentication pre-share | |
encryption 3des | |
hash sha | |
group 2 | |
lifetime 86400 | |
crypto isakmp policy 201 | |
authentication pre-share | |
encryption aes | |
hash sha | |
group 2 | |
lifetime 28800 | |
telnet timeout 5 | |
ssh 10.0.0.0 255.255.255.0 inside | |
ssh timeout 45 | |
console timeout 0 | |
management-access inside | |
dhcpd auto_config outside | |
! | |
dhcpd address 10.0.0.229-10.0.0.254 inside | |
dhcpd dns 8.8.8.8 8.8.4.4 interface inside | |
dhcpd auto_config outside interface inside | |
dhcpd enable inside | |
! | |
threat-detection basic-threat | |
threat-detection statistics access-list | |
no threat-detection statistics tcp-intercept | |
ntp server 216.239.38.15 source outside | |
ntp server 216.239.36.15 source outside | |
ntp server 216.239.34.15 source outside | |
ntp server 216.239.32.15 source outside | |
webvpn | |
group-policy RA_GROUP internal | |
group-policy RA_GROUP attributes | |
dns-server value 8.8.8.8 8.8.4.4 | |
vpn-tunnel-protocol IPSec | |
split-tunnel-network-list value Split_Tunnel_List | |
group-policy filter internal | |
group-policy filter attributes | |
vpn-filter value amzn-filter | |
! users removed from config but all were of this format | |
! username USERNAME password ENCRYPTED_PASSWORD encrypted | |
! username USERNAME attributes | |
! vpn-group-policy RA_GROUP | |
tunnel-group RA_GROUP type remote-access | |
tunnel-group RA_GROUP general-attributes | |
address-pool RA_VPN_POOL | |
default-group-policy RA_GROUP | |
tunnel-group RA_GROUP ipsec-attributes | |
pre-shared-key ***** | |
tunnel-group AWS_TUNNEL_1_IP type ipsec-l2l | |
tunnel-group AWS_TUNNEL_1_IP general-attributes | |
default-group-policy filter | |
tunnel-group AWS_TUNNEL_1_IP ipsec-attributes | |
pre-shared-key ***** | |
isakmp keepalive threshold 10 retry 3 | |
tunnel-group AWS_TUNNEL_2_IP type ipsec-l2l | |
tunnel-group AWS_TUNNEL_2_IP general-attributes | |
default-group-policy filter | |
tunnel-group AWS_TUNNEL_2_IP ipsec-attributes | |
pre-shared-key ***** | |
isakmp keepalive threshold 10 retry 3 | |
! | |
class-map inspection_default | |
match default-inspection-traffic | |
! | |
! | |
policy-map type inspect dns preset_dns_map | |
parameters | |
message-length maximum client auto | |
message-length maximum 512 | |
policy-map global_policy | |
class inspection_default | |
inspect dns preset_dns_map | |
inspect ftp | |
inspect h323 h225 | |
inspect h323 ras | |
inspect rsh | |
inspect rtsp | |
inspect esmtp | |
inspect sqlnet | |
inspect skinny | |
inspect sunrpc | |
inspect xdmcp | |
inspect sip | |
inspect netbios | |
inspect tftp | |
inspect ip-options | |
inspect icmp | |
! | |
service-policy global_policy global | |
prompt hostname context | |
no call-home reporting anonymous | |
call-home | |
profile CiscoTAC-1 | |
no active | |
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService | |
destination address email callhome@cisco.com | |
destination transport-method http | |
subscribe-to-alert-group diagnostic | |
subscribe-to-alert-group environment | |
subscribe-to-alert-group inventory periodic monthly | |
subscribe-to-alert-group configuration periodic monthly | |
subscribe-to-alert-group telemetry periodic daily | |
Cryptochecksum:6a427614aceb1b9c6c62ae5465d872a0 | |
: end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment