Saved : ASA Version 9.0(1) ! hostname TW5505-CAS domain
advertisement
Saved : ASA Version 9.0(1) ! hostname TW5505-CAS domain-name kaohsiungcas enable password tBh3awLOQgkQBGu4 encrypted passwd pmco3e9PCmD//huB encrypted names ip local pool VPNPool 10.14.100.1-10.14.100.10 mask 255.255.255.0 ! interface Ethernet0/0 description ISP connecion switchport access vlan 75 ! interface Ethernet0/1 description connection to TW3750_CAS switchport access vlan 55 ! interface Ethernet0/2 shutdown ! interface Ethernet0/3 description WL in CAS Room Rack switchport access vlan 75 shutdown ! interface Ethernet0/4 shutdown ! interface Ethernet0/5 shutdown ! interface Ethernet0/6 switchport access vlan 75 shutdown ! interface Ethernet0/7 description connection for testing switchport access vlan 55 shutdown ! interface Vlan55 nameif inside security-level 100 ip address 10.14.55.1 255.255.255.192 ! interface Vlan75 description outside connection nameif outside security-level 0 ip address 211.23.X.X 255.255.255.0 ! ftp mode passive dns server-group DefaultDNS domain-name kaohsiungcas same-security-traffic permit inter-interface same-security-traffic permit intra-interface object network obj_any subnet 0.0.0.0 0.0.0.0 object network inside_network subnet 10.14.0.0 255.255.0.0 object network VPN_network subnet 10.14.100.0 255.255.255.0 object-group icmp-type DefaultICMP description Default ICMP Types permitted icmp-object echo-reply icmp-object unreachable icmp-object time-exceeded icmp-object echo access-list TWVPN_splitTunnelAcl standard permit 10.14.0.0 255.255.240.0 access-list TWVPN_splitTunnelAcl standard permit 10.14.100.0 255.255.255.0 access-list TWVPN_splitTunnelAcl standard permit any4 access-list TWVPN_splitTunnelAcl standard permit 10.14.55.0 255.255.255.252 access-list nonat extended permit ip 10.14.100.0 255.255.255.240 any access-list nonat extended permit ip any 10.14.100.0 255.255.255.240 access-list nonat extended permit ip 10.14.55.0 255.255.255.240 interface outside access-list nonat extended permit ip any any access-list Remote_splitTunnelAcl standard permit host 10.14.100.1 access-list Remote_splitTunnelAcl standard permit any4 access-list acl_outside extended permit icmp any any object-group DefaultICMP access-list acl_outside extended permit ip 10.14.0.0 255.255.0.0 any access-list split_tunnel extended permit ip 10.14.100.0 255.255.255.0 10.14.0.0 255.255.0.0 pager lines 24 logging enable logging asdm informational mtu inside 1500 mtu outside 1500 icmp unreachable rate-limit 1 burst-size 1 no asdm history enable arp timeout 14400 no arp permit-nonconnected nat (inside,outside) source static inside_network inside_network destination static VPN_network VPN_network no-proxy-arp route-lookup route outside 0.0.0.0 0.0.0.0 211.23.X.X 1 route inside 10.14.0.0 255.255.240.0 10.14.55.2 1 route inside 10.14.100.0 255.255.255.240 10.14.55.2 1 timeout xlate 3:00:00 timeout pat-xlate 0:00:30 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 dynamic-access-policy-record DfltAccessPolicy user-identity default-domain LOCAL aaa authentication http console LOCAL aaa authentication enable console LOCAL aaa authentication ssh console LOCAL http server enable http 10.14.55.0 255.255.255.192 inside http 211.23.X.X 255.255.255.252 outside http 10.14.55.0 255.255.255.248 inside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac crypto ipsec ikev1 transform-set dyn1 esp-des esp-sha-hmac crypto ipsec ikev1 transform-set dyn2 esp-des esp-sha-hmac crypto ipsec ikev1 transform-set myset esp-des esp-md5-hmac crypto ipsec security-association pmtu-aging infinite crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1 crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DESSHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 crypto dynamic-map dyn_map 10 set ikev1 transform-set dyn1 myset crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP crypto map dyn1 10 set pfs crypto map dyn1 10 set peer 10.14.100.1 crypto map dyn1 10 set ikev1 transform-set dyn1 crypto map dyn1 10 set reverse-route crypto map dyn1 20 ipsec-isakmp dynamic dyn_map crypto map dyn1 interface outside crypto map dyn2 20 set pfs crypto map dyn2 20 set ikev1 transform-set dyn2 crypto map dyn2 20 set reverse-route crypto map dyn2 interface inside crypto ca trustpool policy crypto isakmp identity address crypto isakmp nat-traversal 10 crypto ikev1 enable outside crypto ikev1 ipsec-over-tcp port 10000 crypto ikev1 policy 10 authentication pre-share encryption des hash md5 group 2 lifetime 86400 crypto ikev1 policy 20 authentication pre-share encryption des hash md5 group 5 lifetime 86400 crypto ikev1 policy 30 authentication pre-share encryption des hash sha group 2 lifetime 86400 crypto ikev1 policy 40 authentication crack encryption aes-192 hash sha group 2 lifetime 86400 crypto ikev1 policy 50 authentication rsa-sig encryption aes-192 hash sha group 2 lifetime 86400 crypto ikev1 policy 60 authentication pre-share encryption aes-192 hash sha group 2 lifetime 86400 telnet 10.14.55.0 255.255.255.252 inside telnet 10.14.55.0 255.255.255.248 inside telnet 0.0.0.0 0.0.0.0 inside telnet timeout 20 ssh 10.14.55.0 255.255.255.252 inside ssh 0.0.0.0 0.0.0.0 outside ssh 211.23.X.X 255.255.255.248 outside ssh 211.23.X.X 255.255.255.252 outside ssh timeout 5 console timeout 5 management-access inside no vpn-addr-assign dhcp dhcpd auto_config inside ! threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept group-policy TWVPN internal group-policy TWVPN attributes vpn-tunnel-protocol ikev1 split-tunnel-policy tunnelspecified split-tunnel-network-list value TWVPN_splitTunnelAcl default-domain value kaohsiungcas group-policy Remote internal group-policy Remote attributes vpn-idle-timeout 120 vpn-tunnel-protocol ikev1 password-storage disable ip-comp disable pfs enable ipsec-udp enable ipsec-udp-port 10000 split-tunnel-policy tunnelspecified split-tunnel-network-list value split_tunnel username LMPTW00 password BpF3l13Pysappb11 encrypted privilege 15 username LMPTW00 attributes vpn-group-policy TWVPN username CUSTOMSTW password ayUgimWT9sCHmyHp encrypted privilege 7 username CUSTOMSTW attributes vpn-group-policy TWVPN username SERCOTW password 1w9mGRDon7enwGL4 encrypted privilege 15 username SERCOTW attributes vpn-group-policy TWVPN username Remote password CGT1CA0.I4QS3hp9 encrypted privilege 15 username ORNLTW password MKKCf.qSezqNpF6Y encrypted privilege 7 username ORNLTW attributes vpn-group-policy TWVPN username LANLTW password EQLcMcnEPwTeNJ6m encrypted privilege 7 username LANLTW attributes vpn-group-policy TWVPN username SNLTW password xnPBJwB89wo6IBpA encrypted privilege 15 username SNLTW attributes vpn-group-policy TWVPN username PNNLTW password v5sGt2JbmauShXLb encrypted privilege 7 username PNNLTW attributes vpn-group-policy TWVPN tunnel-group DefaultRAGroup ipsec-attributes ikev1 pre-shared-key ***** tunnel-group TWVPN type remote-access tunnel-group TWVPN general-attributes address-pool VPNPool default-group-policy TWVPN tunnel-group TWVPN ipsec-attributes ikev1 pre-shared-key ***** tunnel-group Remote type remote-access tunnel-group Remote general-attributes address-pool VPNPool default-group-policy Remote tunnel-group Remote ipsec-attributes ikev1 pre-shared-key ***** tunnel-group 211.23.X.X type ipsec-l2l tunnel-group 211.23.X.X ipsec-attributes ikev1 pre-shared-key ***** tunnel-group 10.14.100.1 type ipsec-l2l tunnel-group 10.14.100.1 ipsec-attributes ikev1 pre-shared-key ***** tunnel-group-map enable rules tunnel-group-map default-group Remote ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum client auto message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect ip-options inspect icmp policy-map global_map class inspection_default ! service-policy global_policy global prompt hostname context no call-home reporting anonymous Cryptochecksum:83b74a844f39b124091d95158cf0ee02 : end
