Created
December 1, 2014 22:43
-
-
Save suidroot/b58db5621c62e469975e to your computer and use it in GitHub Desktop.
ASA VPN Blog
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ciscoasa# sh run | |
: Saved | |
: | |
ASA Version 8.4(2) | |
! | |
hostname ciscoasa | |
enable password 8Ry2YjIyt7RRXU24 encrypted | |
passwd 2KFQnbNIdI.2KYOU encrypted | |
names | |
! | |
interface GigabitEthernet0 | |
nameif outside | |
security-level 0 | |
ip address 11.11.11.22 255.255.255.0 | |
! | |
interface GigabitEthernet1 | |
nameif inside | |
security-level 100 | |
ip address 10.0.1.1 255.255.255.0 | |
! | |
interface GigabitEthernet2 | |
shutdown | |
no nameif | |
no security-level | |
no ip address | |
! | |
interface GigabitEthernet3 | |
shutdown | |
no nameif | |
no security-level | |
no ip address | |
! | |
interface GigabitEthernet4 | |
shutdown | |
no nameif | |
no security-level | |
no ip address | |
! | |
interface GigabitEthernet5 | |
shutdown | |
no nameif | |
no security-level | |
no ip address | |
! | |
ftp mode passive | |
access-list ACL-VPN-SRX extended permit ip 10.0.1.0 255.255.255.0 10.0.2.0 255.255.255.0 | |
access-list ACL-VPN-SRX extended permit ip 172.16.1.0 255.255.255.0 172.16.2.0 255.255.255.0 | |
access-list ACL-VPN-SRX extended permit ip 172.16.1.0 255.255.255.0 10.0.2.0 255.255.255.0 | |
access-list ACL-VPN-SRX extended permit ip 10.0.1.0 255.255.255.0 172.16.2.0 255.255.255.0 | |
pager lines 24 | |
mtu outside 1500 | |
mtu inside 1500 | |
icmp unreachable rate-limit 1 burst-size 1 | |
no asdm history enable | |
arp timeout 14400 | |
route outside 0.0.0.0 0.0.0.0 11.11.11.11 1 | |
timeout xlate 3:00:00 | |
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 | |
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 | |
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 | |
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute | |
timeout tcp-proxy-reassembly 0:01:00 | |
timeout floating-conn 0:00:00 | |
dynamic-access-policy-record DfltAccessPolicy | |
user-identity default-domain LOCAL | |
no snmp-server location | |
no snmp-server contact | |
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart | |
crypto ipsec ikev1 transform-set ESP-AES128-SHA esp-aes esp-sha-hmac | |
crypto map MAP-VPN 10 match address ACL-VPN-SRX | |
crypto map MAP-VPN 10 set peer 11.11.11.11 | |
crypto map MAP-VPN 10 set ikev1 transform-set ESP-AES128-SHA | |
crypto map MAP-VPN interface outside | |
crypto ikev1 enable outside | |
crypto ikev1 policy 5 | |
authentication pre-share | |
encryption aes | |
hash sha | |
group 2 | |
lifetime 86400 | |
crypto ikev1 policy 65535 | |
authentication pre-share | |
encryption 3des | |
hash sha | |
group 2 | |
lifetime 86400 | |
telnet timeout 5 | |
ssh timeout 5 | |
console timeout 0 | |
threat-detection basic-threat | |
threat-detection statistics access-list | |
no threat-detection statistics tcp-intercept | |
tunnel-group 11.11.11.11 type ipsec-l2l | |
tunnel-group 11.11.11.11 ipsec-attributes | |
ikev1 pre-shared-key ***** | |
! | |
! | |
prompt hostname context | |
no call-home reporting anonymous | |
call-home | |
profile CiscoTAC-1 | |
no active | |
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService | |
destination address email callhome@cisco.com | |
destination transport-method http | |
subscribe-to-alert-group diagnostic | |
subscribe-to-alert-group environment | |
subscribe-to-alert-group inventory periodic monthly | |
subscribe-to-alert-group configuration periodic monthly | |
subscribe-to-alert-group telemetry periodic daily | |
crashinfo save disable | |
Cryptochecksum:b65bdb5ddebccb9c74ddd4cce0f23a2f | |
: end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment