Scribd
Upload
23 views

ASA3

The document displays configuration output from a Cisco ASA firewall. It shows interface configurations, access control lists, VPN tunnel settings, and other firewall settings. The ASA has two interfaces - inside and outside - and is configured for site-to-site VPN and network address translation.

Uploaded by

Muddassir Quraishi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
23 views

ASA3

The document displays configuration output from a Cisco ASA firewall. It shows interface configurations, access control lists, VPN tunnel settings, and other firewall settings. The ASA has two interfaces - inside and outside - and is configured for site-to-site VPN and network address translation.

Uploaded by

Muddassir Quraishi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 3

DO>

DO>
DO>
DO>
DO> en
Password:
DO# sh int ip brie
Interface IP-Address OK? Method Status
Protocol
GigabitEthernet0 97.105.187.42 YES CONFIG up up
GigabitEthernet1 10.10.30.2 YES CONFIG up up
GigabitEthernet2 unassigned YES unset administratively down up
GigabitEthernet3 unassigned YES unset administratively down up
GigabitEthernet4 unassigned YES unset administratively down up
GigabitEthernet5 unassigned YES unset administratively down up
DO#
DO#
DO#
DO# sh run
: Saved
:
ASA Version 8.4(2)
!
hostname DOASA
!
interface GigabitEthernet0
nameif outside
security-level 0
ip address 97.105.187.42 255.255.255.248
!
interface GigabitEthernet1
nameif inside
security-level 100
ip address 10.10.30.2 255.255.255.0
!
interface GigabitEthernet2
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet3
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet4
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet5
shutdown
no nameif
no security-level
no ip address
!
ftp mode passive
object-group network DM_INLINE_NETWORK_11
network-object 10.10.30.0 255.255.255.0
network-object 10.10.40.0 255.255.255.0
object-group network DM_INLINE_NETWORK_14
network-object 10.10.2.0 255.255.255.0
network-object 10.171.48.0 255.255.255.0
access-list outside_cryptomap extended permit ip object-group DM_INLINE_NETWORK_11
object-group DM_INLINE_NETWORK_14
access-list outside extended permit icmp any any echo-reply
access-list outside extended permit icmp any any echo
pager lines 24
mtu outside 1500
mtu inside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
route outside 0.0.0.0 0.0.0.0 97.105.187.41 1
route inside 10.10.40.0 255.255.255.0 10.10.30.1 1
route inside 10.10.50.0 255.255.255.0 10.10.30.1 1
route inside 10.10.60.0 255.255.255.0 10.10.30.1 1
route inside 10.10.70.0 255.255.255.0 10.10.30.1 1
route inside 10.10.80.0 255.255.255.0 10.10.30.1 1
route inside 10.10.90.0 255.255.255.0 10.10.30.1 1
route inside 10.10.100.0 255.255.255.0 10.10.30.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec security-association lifetime seconds 86400
crypto map outside_map 6 match address outside_cryptomap
crypto map outside_map 6 set peer 162.253.197.122
crypto map outside_map 6 set ikev1 transform-set ESP-AES-256-SHA
crypto map outside_map 6 set security-association lifetime seconds 86400
crypto map outside_map interface outside
crypto ikev1 enable outside
crypto ikev1 policy 30
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
tunnel-group 162.253.197.122 type ipsec-l2l
tunnel-group 162.253.197.122 ipsec-attributes
ikev1 pre-shared-key *****
!
class-map icmp
class-map inspection-default
match default-inspection-traffic
!
!
policy-map icmp-inspect
class inspection-default
inspect icmp
policy-map global_policy
policy-map GLOBAL-POLICY
!
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http
https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
crashinfo save disable
Cryptochecksum:4dd796ee219002e0b190a44d4e15b747
: end
DO#

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy