wr t - Cisco Support Community

advertisement
wr t
: Saved
:
ASA Version 7.2(1)
!
hostname VunAsa1
domain-name gbs-norfolk.navy.mil
enable password 8Ry2YjIyt7RRXU24 encrypted
multicast-routing
names
!
interface Ethernet0/0
nameif outside
security-level 0
ip address 215.1.XXX.XXX 255.255.255.192
ospf cost 10
!
interface Ethernet0/1
nameif DMZ
security-level 50
ip address 10.30.Y.Y 255.255.255.0
ospf cost 10
!
interface Ethernet0/2
nameif inside
security-level 100
ip address 10.10.Z.Z 255.255.255.0
!
interface Management0/0
description Management port
nameif management
security-level 100
ip address 192.168.X.X 255.255.255.0
ospf cost 10
management-only
!
passwd 2KFQnbNIdI.2KYOU encrypted
banner login login banner
banner motd *******UNITED STATES DEPARTMENT OF DEFENSE WARNING STATEMENT*******
banner motd This is a Department of Defense System. This system, including
banner motd all related equipment, networks and network devices (specifically
banner motd including Internet access), are provided only for authorized U.S.
banner motd Government use. DoD computer systems may be monitored for all
banner motd lawful purposes, including to ensure that their use is authorized,
banner motd for management of the system, to facilitate protection against
banner motd unauthorized access, and to verify security procedures, survivability,
banner motd and operational security. Monitoring includes active attacks by
banner motd authorized DoD entities to test or verify the security of this system.
banner motd During monitoring, information may be examined, recorded, copied and
banner motd used for authorized purposes. All information, including personal
banner motd information, placed on or sent over this system may be monitored.
banner motd Use of this DoD system, authorized or unauthorized, constitutes
banner motd consent to monitoring of this system. Unauthorized use may subject
banner motd you to criminal prosecution. Evidence of unauthorized use collected
banner motd during monitoring may be used for administrative, criminal or adverse
banner motd action. Use of this system constitutes consent to monitoring for
banner motd these purposes.
banner motd you are attempting to login $(hostname)
banner motd *******************************************************************
ftp mode passive
dns domain-lookup outside
dns domain-lookup DMZ
dns domain-lookup inside
dns server-group DefaultDNS
name-server 215.1.
name-server 215.1.
domain-name gbs-norfolk.navy.mil
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
access-list outside_access_in extended permit ip any any log debugging
access-list inside_access_in extended permit ip any any log debugging inactive
access-list inside_access_in_1 extended permit ip any any log debugging
access-list outside_access_out extended permit ip any any log debugging
access-list outside_mpc extended permit icmp 10.10.1.0 255.255.255.0 any
pager lines 24
logging enable
logging buffered informational
logging asdm informational
logging debug-trace
logging flash-bufferwrap
mtu outside 1500
mtu DMZ 1500
mtu inside 1500
mtu management 1500
icmp permit any outside
icmp permit any inside
asdm image disk0:/asdm-521.bin
no asdm history enable
arp timeout 14400
nat-control
global (DMZ) 200 interface
nat (DMZ) 200 10.10.50.0 255.255.255.0
nat (inside) 200 0.0.0.0 0.0.0.0
static (outside,outside) 215.1.YY.YY 10.10.2.62 netmask 255.255.255.255
static (outside,outside) 215.1.YY.YY 10.10.2.61 netmask 255.255.255.255
static (outside,outside) 215.1.YY.YY 10.10.2.82 netmask 255.255.255.255
access-group outside_access_in in interface outside
access-group outside_access_out out interface outside
access-group inside_access_in_1 in interface inside
access-group inside_access_in out interface inside
route outside 0.0.0.0 0.0.0.0 215.1.YYY.YYY 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 192.168.111.0 255.255.255.0 management
http 192.168.111.100 255.255.255.255 DMZ
snmp-server host management 192.168.113.38 community public
no snmp-server location
no snmp-server contact
snmp-server community public
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 9
ssh 0.0.0.0 0.0.0.0 management
ssh timeout 5
console timeout 9
!
class-map inspection_default
match default-inspection-traffic
class-map outside-class
match access-list outside_mpc
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect icmp
inspect icmp error
policy-map outside-policy
class outside-class
inspect dns preset_dns_map
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:88924b703463d23a00e26abbb9c6ebb1
: end
[OK]
VunAsa1#
VunAsa1#
VunAsa1#
Download