Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

121962-ASAremote - Cisco Support Community

advertisement 
ASA Version 8.0(5)
!
hostname ASA-olo-MASTENHOF
domain-name olo.xxx
enable password xxx encrypted
passwd xxx encrypted
names
name 10.xxx.0.0 OLO
name 10.xxx.104.0 MASTENHOF
name 192.168.xxx.0 JONGEREN
name 192.168.xxx.0 SSL
name 10.xxx.0.4 DHCP-Relay-OLO
!
interface Vlan1
nameif jongeren
security-level 50
ip address 192.168.xxx.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address dhcp
!
interface Vlan10
nameif inside
security-level 100
ip address 10.xxx.104.1 255.255.255.0
!
interface Ethernet0/0
description WAN naar TELENET
switchport access vlan 2
!
interface Ethernet0/1
shutdown
!
interface Ethernet0/2
shutdown
!
interface Ethernet0/3
description LAN naar MASTENHOF-JONGEREN
!
interface Ethernet0/4
shutdown
!
interface Ethernet0/5
shutdown
!
interface Ethernet0/6
shutdown
!
interface Ethernet0/7
description LAN naar OLO-MASTENHOF
switchport access vlan 10
boot system disk0:/asa805-k8.bin
ftp mode passive
clock timezone CEST 1
clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
dns server-group DefaultDNS
domain-name olo.xxx
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group network DHCP-RELAY-DHCP-server
network-object host DHCP-Relay-OLO
object-group network DHCP-RELAY-Mastenhof-inside
network-object host 10.xxx.104.1
object-group network DHCP-RELAY-Mastenhof-outside
network-object host 81.xxx.xxx.198
object-group service DHCP-RELAY udp
port-object eq bootpc
port-object eq bootps
object-group network VPN-OLO
network-object OLO 255.255.255.0
object-group network VPN-Mastenhof
network-object MASTENHOF 255.255.255.0
access-list inside_access_in extended permit ip any any
access-list inside_access_in extended permit icmp any any
access-list outside_access_in extended permit icmp any any
access-list outside_access_in extended permit tcp any host 81.xxx.xxx.198 eq www
access-list outside_1_cryptomap remark Allow-MASTENHOF-over-VPN
access-list outside_1_cryptomap extended permit ip object-group VPN-Mastenhof objectgroup VPN-OLO
access-list outside_1_cryptomap extended permit udp object-group DHCP-RELAYMastenhof-outside object-group DHCP-RELAY-DHCP-server object-group DHCP-RELAY
access-list outside_1_cryptomap extended permit udp object-group DHCP-RELAYMastenhof-inside object-group DHCP-RELAY-DHCP-server object-group DHCP-RELAY
access-list inside_nat0_outbound remark ---NONAT---access-list inside_nat0_outbound extended permit ip MASTENHOF 255.255.255.0 OLO
255.255.255.0
access-list jongeren_access_in extended permit ip JONGEREN 255.255.255.0 any
access-list jongeren_access_in extended permit icmp any JONGEREN 255.255.255.0
access-list Nonat_SSL extended permit ip JONGEREN 255.255.255.0 SSL 255.255.255.0
pager lines 24
logging enable
logging emblem
logging asdm informational
logging device-id hostname
mtu jongeren 1500
mtu outside 1500
mtu inside 1500
ip local pool SSLoloClientPool 192.168.xxx.50-192.168.xxx.100 mask 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-645.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (jongeren) 0 access-list Nonat_SSL
nat (jongeren) 1 JONGEREN 255.255.255.0
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
static (jongeren,outside) tcp interface www 192.168.xxx.250 www netmask
255.255.255.255
access-group jongeren_access_in in interface jongeren
access-group outside_access_in in interface outside
access-group inside_access_in in interface inside
route outside 0.0.0.0 0.0.0.0 81.xxx.xxx.129 1
route outside OLO 255.255.255.0 213.xxx.xxx.31 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
aaa authentication http console LOCAL
aaa authentication serial console LOCAL
http server enable
http MASTENHOF 255.255.255.0 inside
http OLO 255.255.255.0 inside
crypto ipsec transform-set OLO-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set pfs group5
crypto map outside_map 1 set peer 213.xxx.xxx.31
crypto map outside_map 1 set transform-set OLO-AES-256-MD5
crypto map outside_map interface outside
crypto ca trustpoint localtrust
enrollment self
fqdn sslvpn.mastenhof.xxx
subject-name CN=sslvpn.mastenhof.xxx
keypair sslvpnkey
crl configure
crypto isakmp enable outside
crypto isakmp policy 1
authentication pre-share
encryption aes-256
hash md5
group 1
lifetime none
telnet timeout 5
ssh OLO 255.255.255.0 inside
ssh MASTENHOF 255.255.255.0 inside
ssh timeout 60
ssh version 2
console timeout 0
management-access inside
dhcpd auto_config outside
!
dhcpd address 192.168.2.10-192.168.2.100 jongeren
dhcpd dns 192.168.2.250 195.130.130.11 interface jongeren
dhcpd lease 1048575 interface jongeren
dhcpd option 3 ip 192.168.2.1 interface jongeren
!
dhcprelay server DHCP-Relay-OLO outside
dhcprelay enable inside
dhcprelay setroute inside
dhcprelay timeout 3600
no threat-detection basic-threat
no threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 195.xxx.xxx.23 source outside
ntp server 195.xxx.xxx.18 source outside
ssl trust-point localtrust outside
webvpn
port 444
enable outside
svc image disk0:/anyconnect-win-2.0.0343-k9.pkg 1
svc enable
tunnel-group-list enable
group-policy SSLCLient internal
group-policy SSLCLient attributes
dns-server value 192.168.xxx.250 8.8.8.8
vpn-tunnel-protocol svc
default-domain value mastenhof.xxx
address-pools value SSLoloClientPool
username admin password xxx encrypted privilege 15
username jdendas password xxx encrypted
username jdendas attributes
service-type remote-access
tunnel-group 213.xxx.xxx.31 type ipsec-l2l
tunnel-group 213.xxx.xxx.31 ipsec-attributes
pre-shared-key *
isakmp keepalive disable
tunnel-group SSLClient type remote-access
tunnel-group SSLClient general-attributes
default-group-policy SSLCLient
tunnel-group SSLClient webvpn-attributes
group-alias MY_RA enable
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:0e03b34ae51f5a0f924a3c933c6257fe
: end
Related documents
Saved : ASA Version 9.0(1) ! hostname TW5505-CAS domain
Saved : ASA Version 9.0(1) ! hostname TW5505-CAS domain
Download
advertisement