Clean Cisco ASA Sample Config

ASA Version 8.
4(4)1
!
names
name 10.10.54.0 TCAAD-DMZNet-10.10.54.0
name 64.18.4.12 outbounds5.obsmtp.com
name 64.18.0.0 postini
name 172.16.0.0 RFC1918-172.16.0.0Only
name 192.168.0.0 RFC1918-192.168.0.0Only
name 85.115.32.0 Websense1
name 10.0.0.0 RFC1918-10.0.0.0
name 10.10.65.0 TCAAD-IntNet-10.10.65.0_24 description VOIP
name 10.10.66.0 TCAAD-IntNet-10.10.66.0_24
name 10.10.65.32 TCAAD-ST01
name 10.10.66.34 tcaad-exsvr01.tcaad-us.local
name 10.10.64.0 TCAAD-IntNet-10.10.64.0_24
name 10.10.66.32 tcaad-adsvr01.tcaad-us.local
name 10.10.79.0 TCAAD-VPNNet-10.10.79.0_24
name 10.10.95.0 TCAAD-TeamCenter-10.10.95.0
name 66.192.8.221 mailx.tcaad-us.com
!
interface Ethernet0/0
switchport access vlan 2
!
!
description link to Cisco switch
switchport trunk allowed vlan 1,4-5,13,23
switchport trunk native vlan 1
switchport mode trunk
!
!
!
!
!
!
interface Vlan1
nameif inside
security-level 100
allow-ssc-mgmt
ip address 10.10.64.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address 209.234.214.190 255.255.255.252
!
interface Vlan3
shutdown
nameif dmz
security-level 50
ip address 10.10.68.1 255.255.255.0
!
interface Vlan4
nameif VOIP
security-level 100
ip address 10.10.65.1 255.255.255.0
!
interface Vlan5
nameif Corp
security-level 100
ip address 10.10.66.1 255.255.255.0
!
interface Vlan13
nameif Guest
security-level 10
ip address 10.10.73.1 255.255.255.0
!
interface Vlan23
nameif TeamCenter
security-level 100
ip address 10.10.95.1 255.255.255.0
!
boot system disk0:/asa844-1-k8.bin
boot system disk0:/asa843-9-k8.bin
ftp mode passive
clock timezone PST -8
clock summer-time PDT recurring
dns domain-lookup inside
dns domain-lookup outside
dns domain-lookup Corp
dns server-group DefaultDNS
name-server tcaad-adsvr01.tcaad-us.local
name-server 68.105.28.16
name-server 68.105.29.16
domain-name tcaad-us.local
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network TCAAD-IntNet-10.10.64.0_24
subnet 10.10.64.0 255.255.255.0
object network TCAAD-VPNNet-10.10.79.0_24
subnet 10.10.79.0 255.255.255.0
object network RFC1918-10.0.0.0
subnet 10.0.0.0 255.0.0.0
object network TCAAD-IntNet-10.10.64.0_24-01
subnet 10.10.64.0 255.255.255.0
subnet 10.10.65.0 255.255.255.0
subnet 10.10.66.0 255.255.255.0
subnet 10.10.65.0 255.255.255.0
object network tcaad-exsvr01.tcaad-us.local
host 10.10.66.34
object network mailx.tcaad-us.com
host 66.192.8.221
subnet 10.10.66.0 255.255.255.0
object network RFC1918-192.168.0.0Only
subnet 192.168.0.0 255.255.0.0
description Created during name migration
object network RFC1918-172.16.0.0Only
subnet 172.16.0.0 255.255.240.0
object network outbounds5.obsmtp.com
host 64.18.4.12
object network tcaad-adsvr01.tcaad-us.local
host 10.10.66.32
object network postini
subnet 64.18.0.0 255.255.240.0
object network TCAAD-ST01
host 10.10.65.32
object network remote.tcaa-usa.com
host 70.60.135.174
description TCAA Citrix Gateway
object service CitrixCSG444
service tcp destination eq 444
object service CitrixSession
object network tcaad-fssvr01.tcaad-us.local
host 10.10.66.33
subnet 10.10.73.0 255.255.255.0
description Guest Network
subnet 10.10.73.0 255.255.255.0
object network TEN01-IntNet-10.10.18.0
subnet 10.10.18.0 255.255.255.0
description TEN01-Corporate
object service rdp
object network TCAAD-TeamCenter-10.10.95.0_24
subnet 10.10.95.0 255.255.255.0
object network OO
host 98.173.204.203
description OO Office
object network tcaad-pdm01
host 10.10.66.37
description tcaad-pdm01
object service SolidW
service tcp source eq 25734 destination eq 25734
description Solidworks
object network tcaad-pdm
host 10.10.66.37
object network PDM-Server
host 66.192.8.220
description PDM Server
object network PDM-Server.local
host 10.10.66.20
description PDM-Server.local
object-group service DNS-Resolve
service-object tcp destination eq domain
service-object udp destination eq domain
object-group service Ping
service-object icmp echo
service-object icmp information-request
service-object icmp traceroute
object-group service Standard-Internet
service-object tcp destination eq www
service-object tcp destination eq https
group-object Ping
service-object tcp destination eq ftp
service-object object rdp
object-group service VPN
service-object esp
service-object ah
service-object udp destination eq isakmp
service-object udp source range 0 65535 destination eq 4500
object-group network RFC1918
network-object RFC1918-10.0.0.0 255.0.0.0
network-object RFC1918-172.16.0.0Only 255.255.240.0
object-group network WebsenseGroup
network-object Websense3 255.255.248.0
object-group network RFC1918-No10Net
object-group service Solidworks tcp
port-object eq 25734
port-object range 1433 1434
port-object eq 3030
port-object range 7788 7789
object-group service DM_INLINE_SERVICE_2
group-object VPN
service-object tcp destination eq pptp
object-group service DM_INLINE_TCP_1 tcp
port-object eq www
port-object eq https
object-group service DM_INLINE_TCP_2 tcp
port-object eq imap4
port-object eq pop3
access-list inside_nat0_outbound extended permit ip object TCAAD-IntNet-
10.10.64.0_24 object TCAAD-VPNNet-10.10.79.0_24
access-list inside_nat0_outbound extended permit ip object TCAAD-IntNet-
10.10.64.0_24 object RFC1918-10.0.0.0
access-list TCAAD_Main_VPN_ACL extended deny ip any object RFC1918-192.168.0.0Only
log disable
access-list TCAAD_Main_VPN_ACL extended permit ip object TCAAD-VPNNet-10.10.79.0_24
object TCAAD-VPNNet-10.10.79.0_24
object TCAAD-IntNet-10.10.64.0_24
access-list TCAAD_Main_VPN_ACL extended deny ip any object-group RFC1918
access-list TCAAD_Main_VPN_ACL extended permit tcp object TCAAD-VPNNet-
10.10.79.0_24 host 66.220.19.48 eq ssh
access-list TCAAD_Main_VPN_ACL extended permit object-group Ping object TCAAD-
VPNNet-10.10.79.0_24 any
access-list TCAAD_Main_VPN_ACL extended permit object-group Standard-Internet
object TCAAD-VPNNet-10.10.79.0_24 any
access-list TCAAD_Main_VPN_ACL extended deny ip any any
access-list outside_nat0_outbound extended permit ip object TCAAD-VPNNet-
10.10.79.0_24 object TCAAD-VPNNet-10.10.79.0_24
10.10.79.0_24 object TCAAD-IntNet-10.10.64.0_24
access-list TCAAD_Main_VPN_SplitTunnel_ACL extended permit ip any object RFC1918-
192.168.0.0Only
access-list TCAAD_Main_VPN_SplitTunnel_ACL extended permit ip any 10.1.5.0
255.255.255.0
access-list Corp_nat0_outbound extended permit ip object TCAAD-IntNet-10.10.66.0_24
access-list Corp_nat0_outbound extended permit ip object TCAAD-IntNet-10.10.66.0_24
object RFC1918-10.0.0.0
access-list VOIP_nat0_outbound extended permit ip object TCAAD-IntNet-10.10.65.0_24
access-list VOIP_nat0_outbound extended permit ip object TCAAD-IntNet-10.10.65.0_24
object RFC1918-10.0.0.0
access-list inside_access_in remark Allow ICMP to inside
access-list inside_access_in extended permit object-group Ping any any
access-list inside_access_in extended permit ip any any
access-list outside_access_in remark Deny any to RFC1918-non10net
access-list outside_access_in extended deny ip any object-group RFC1918-No10Net
access-list outside_access_in remark Deny RFC1918 to Any
access-list outside_access_in extended deny ip object-group RFC1918 any
access-list outside_access_in remark Allow postini email deliver to Exchange
access-list outside_access_in extended permit tcp object postini object tcaad-
exsvr01.tcaad-us.local eq smtp
access-list outside_access_in remark Allow Solidworks to tcaad-pdm01
access-list outside_access_in extended permit tcp object OO host 10.10.66.37
object-group Solidworks
access-list outside_access_in remark Allow Barracuda email deliver to Exchange
access-list outside_access_in extended permit tcp host 209.128.110.169 object
tcaad-exsvr01.tcaad-us.local eq smtp
access-list outside_access_in remark Allow Barracuda (New IP) email deliver to
Exchange
access-list outside_access_in extended permit tcp host 192.65.134.24 object tcaad-
exsvr01.tcaad-us.local eq smtp
access-list outside_access_in remark Allow Exchange OWA Access
access-list outside_access_in extended permit tcp any object tcaad-exsvr01.tcaad-
us.local eq https
access-list outside_access_in remark Allow Exchange SMTP Access
access-list outside_access_in extended permit tcp any object tcaad-exsvr01.tcaad-
us.local eq smtp inactive
access-list outside_access_in remark Deny All
access-list outside_access_in extended deny ip any any log interval 1
access-list VOIP_access_in remark Deny All
access-list VOIP_access_in extended permit ip any any log interval 1
access-list Corp_access_in remark gbl icmp for all
access-list Corp_access_in extended permit object-group Ping any any
access-list Corp_access_in remark Deny all
access-list Corp_access_in extended permit ip any any log interval 1
access-list Guest_access_in remark Deny any to RFC1918 non10net
access-list Guest_access_in extended deny ip any object-group RFC1918-No10Net
access-list Guest_access_in remark Allow DNS Access
access-list Guest_access_in extended permit object-group DNS-Resolve object TCAAD-
IntNet-10.10.73.0_24 object tcaad-adsvr01.tcaad-us.local
access-list Guest_access_in remark Allow HTTP to OWA Access
access-list Guest_access_in extended permit object-group Standard-Internet object
TCAAD-IntNet-10.10.73.0_24 object tcaad-exsvr01.tcaad-us.local
access-list Guest_access_in remark Deny any to RFC1918-10.0.0.0
access-list Guest_access_in extended deny ip any object-group RFC1918
access-list Guest_access_in remark Allow DNS Access from local provider
IntNet-10.10.73.0_24 host 8.8.8.8
access-list Guest_access_in remark Allow Standard Internet Ports
access-list Guest_access_in extended permit tcp object TCAAD-IntNet-10.10.73.0_24
any object-group DM_INLINE_TCP_1
access-list Guest_access_in remark Allow Guest email access on Internet
access-list Guest_access_in extended permit tcp object TCAAD-IntNet-10.10.73.0_24
any object-group DM_INLINE_TCP_2
IntNet-10.10.73.0_24 any
access-list Guest_access_in remark Allow Guest VPN Access on Internet
access-list Guest_access_in extended permit object-group DM_INLINE_SERVICE_2 object
TCAAD-IntNet-10.10.73.0_24 any
access-list Guest_access_in remark Deny All
access-list Guest_access_in extended deny ip any any log interval 1
access-list AnyConnect_Client_Local_Print extended deny ip any any
access-list AnyConnect_Client_Local_Print extended permit tcp any any eq lpd
access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol
access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 631
access-list AnyConnect_Client_Local_Print remark Windows' printing port
access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol
access-list AnyConnect_Client_Local_Print extended permit udp any host 224.0.0.251
eq 5353
access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name
Resolution protocol
access-list AnyConnect_Client_Local_Print extended permit udp any host 224.0.0.252
eq 5355
access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol
access-list AnyConnect_Client_Local_Print extended permit udp any any eq netbios-ns
access-list outside_cryptomap extended permit ip object TCAAD-IntNet-10.10.66.0_24
object TEN01-IntNet-10.10.18.0
access-list TEN01_VPN_Filter extended permit ip object TCAAD-IntNet-10.10.66.0_24
object TEN01-IntNet-10.10.18.0
access-list TEN01_VPN_Filter extended permit ip object TEN01-IntNet-10.10.18.0
access-list TeamCenter_access_in remark Allow icmp to TeamCenter VLAN
access-list TeamCenter_access_in extended permit object-group Ping any any
access-list TeamCenter_access_in remark Allow IP to TeamVCenter
access-list TeamCenter_access_in extended permit ip any any
pager lines 24
logging enable
logging timestamp
logging list VPN-EventEmailFilter message 713120
logging list VPN-EventEmailFilter2 message 713120
logging asdm-buffer-size 512
logging buffered debugging
logging trap informational
logging asdm debugging
logging mail VPN-EventEmailFilter2
logging from-address tcaad-asa01@tcaad-us.com
logging recipient-address greg@outsideopen.com level informational
logging host Corp 10.10.66.38
logging permit-hostdown
mtu inside 1500
mtu outside 1500
mtu dmz 1500
mtu VOIP 1500
mtu Corp 1500
mtu Guest 1500
mtu TeamCenter 1500
ip local pool VPN 10.10.55.128-10.10.55.159 mask 255.255.255.0
ip local pool VPN_Pool 10.10.79.128-10.10.79.159 mask 255.255.255.0
ipv6 access-list inside_access_ipv6_in deny ip any any
ipv6 access-list dmz_access_ipv6_in remark Deny All
ipv6 access-list dmz_access_ipv6_in deny ip any any
ipv6 access-list outside_access_ipv6_in deny ip any any
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-649.bin
no asdm history enable
arp timeout 14400
nat (Corp,outside) source static TCAAD-IntNet-10.10.66.0_24 TCAAD-IntNet-
10.10.66.0_24 destination static TEN01-IntNet-10.10.18.0 TEN01-IntNet-10.10.18.0
nat (outside,outside) source static TCAAD-VPNNet-10.10.79.0_24 TCAAD-VPNNet-
10.10.79.0_24 destination static TCAAD-VPNNet-10.10.79.0_24 TCAAD-VPNNet-
10.10.79.0_24 no-proxy-arp route-lookup
10.10.79.0_24 destination static TCAAD-IntNet-10.10.64.0_24 TCAAD-IntNet-
nat (VOIP,outside) source static TCAAD-IntNet-10.10.65.0_24 TCAAD-IntNet-
nat (VOIP,dmz) source static TCAAD-IntNet-10.10.65.0_24 TCAAD-IntNet-10.10.65.0_24
destination static RFC1918-10.0.0.0 RFC1918-10.0.0.0 no-proxy-arp route-lookup
nat (VOIP,VOIP) source static TCAAD-IntNet-10.10.65.0_24 TCAAD-IntNet-10.10.65.0_24
nat (Corp,outside) source static TCAAD-IntNet-10.10.66.0_24 TCAAD-IntNet-
nat (Corp,dmz) source static TCAAD-IntNet-10.10.66.0_24 TCAAD-IntNet-10.10.66.0_24
nat (Corp,VOIP) source static TCAAD-IntNet-10.10.66.0_24 TCAAD-IntNet-10.10.66.0_24
nat (Corp,Corp) source static TCAAD-IntNet-10.10.66.0_24 TCAAD-IntNet-10.10.66.0_24
nat (Corp,Guest) source static TCAAD-IntNet-10.10.66.0_24 TCAAD-IntNet-
!
nat (inside,outside) dynamic interface
object network TCAAD-VPNNet-10.10.79.0_24
nat (outside,outside) dynamic interface
nat (inside,dmz) dynamic interface
nat (VOIP,outside) dynamic interface
nat (Corp,outside) dynamic interface
nat (VOIP,dmz) dynamic interface
object network tcaad-exsvr01.tcaad-us.local
nat (Corp,outside) static mailx.tcaad-us.com dns
nat (Corp,dmz) dynamic interface
nat (Guest,outside) dynamic interface
!
nat (outside,Corp) after-auto source static any any destination static PDM-Server
tcaad-pdm
access-group inside_access_in in interface inside
access-group inside_access_ipv6_in in interface inside
access-group outside_access_in in interface outside
access-group outside_access_ipv6_in in interface outside
access-group dmz_access_ipv6_in in interface dmz
access-group VOIP_access_in in interface VOIP
access-group Corp_access_in in interface Corp
access-group Guest_access_in in interface Guest
access-group TeamCenter_access_in in interface TeamCenter
route outside 0.0.0.0 0.0.0.0 209.234.214.189 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
action terminate
dynamic-access-policy-record TCAAD_Main_VPN_DAP
priority 30
dynamic-access-policy-record TCAAD_FTP_SSLVPN_DAP
priority 40
aaa-server TCAAD_RADIUS protocol radius
aaa-server TCAAD_RADIUS (Corp) host tcaad-adsvr01.tcaad-us.local
key *****
radius-common-pw *****
aaa-server TCAAD_LDAPS protocol ldap
aaa-server TCAAD_LDAPS (Corp) host tcaad-adsvr01.tcaad-us.local
server-port 636
ldap-base-dn dc=tcaad-us,dc=local
ldap-scope subtree
ldap-naming-attribute sAMAccountName
ldap-over-ssl enable
server-type microsoft
user-identity default-domain LOCAL
aaa authentication telnet console LOCAL
aaa authentication ssh console LOCAL
aaa authentication enable console LOCAL
http server enable
http TCAAD-IntNet-10.10.64.0_24 255.255.255.0 inside
http TCAAD-VPNNet-10.10.79.0_24 255.255.255.0 inside
http TCAAD-IntNet-10.10.66.0_24 255.255.255.0 inside
http TCAAD-IntNet-10.10.64.0_24 255.255.255.0 Corp
http tcaad-adsvr01.tcaad-us.local 255.255.255.255 Corp
http TCAAD-IntNet-10.10.66.0_24 255.255.255.0 Corp
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh scopy enable
ssh TCAAD-VPNNet-10.10.79.0_24 255.255.255.0 inside
ssh TCAAD-IntNet-10.10.66.0_24 255.255.255.0 inside
ssh TCAAD-IntNet-10.10.64.0_24 255.255.255.0 inside
ssh TCAAD-IntNet-10.10.64.0_24 255.255.255.0 Corp
ssh timeout 15
ssh key-exchange group dh-group1-sha1
console timeout 0
management-access inside
dhcpd dns tcaad-adsvr01.tcaad-us.local

dhcpd lease 604800
dhcpd domain tcaad-us.local
!
dhcpd address 10.10.64.128-10.10.64.159 inside
dhcpd dns tcaad-adsvr01.tcaad-us.local interface inside
dhcpd lease 604800 interface inside
dhcpd domain tcaad-us.local interface inside
dhcpd option 3 ip 10.10.64.1 interface inside
!
dhcpd address 10.10.65.128-10.10.65.159 VOIP
dhcpd dns tcaad-adsvr01.tcaad-us.local interface VOIP
dhcpd lease 604800 interface VOIP
dhcpd domain tcaad-us.local interface VOIP
dhcpd option 3 ip 10.10.65.1 interface VOIP
dhcpd option 42 ip 64.147.116.229 interface VOIP
dhcpd option 156 ascii
ftpservers=10.10.65.32,country=1,language=1,layer2tagging=1,vlanid=4 interface VOIP
!
dhcpd address 10.10.66.128-10.10.66.159 Corp
dhcpd dns tcaad-adsvr01.tcaad-us.local interface Corp
dhcpd lease 604800 interface Corp
dhcpd domain tcaad-us.local interface Corp
dhcpd option 3 ip 10.10.66.1 interface Corp
dhcpd option 42 ip 64.147.116.229 interface Corp
dhcpd option 156 ascii
ftpservers=10.10.65.32,country=1,language=1,layer2tagging=1,vlanid=4 interface Corp
!
dhcprelay server tcaad-adsvr01.tcaad-us.local Corp
dhcprelay enable inside
dhcprelay enable VOIP
dhcprelay enable Guest
dhcprelay timeout 60
threat-detection basic-threat
threat-detection statistics
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-
rate 200
ntp server 192.5.41.209 source outside prefer
webvpn
enable outside
anyconnect image disk0:/anyconnect-win-2.5.2019-k9.pkg 1
anyconnect enable
tunnel-group-list enable
smart-tunnel auto-signon TCAAD_FTP_SSLVPN_SmartTunnelAutoSign-onServerList use-
domain host 10.10.66.33
smart-tunnel auto-signon TCAAD_FTP_SSLVPN_SmartTunnelAutoSign-onServerList host
tcaad-fssvr01.tcaad-us.local
tcaad-fssvr01
smart-tunnel auto-signon TCAAD_FTP_SSLVPN_SmartTunnelAutoSign-onServerList ip
10.10.66.33 255.255.255.255
tcaad-ftp01
tcaad-ftp01.tcaad-us.local
smart-tunnel auto-signon TCAAD_FTP_SSLVPN_SmartTunnelAutoSign-onServerList ip
10.10.66.36 255.255.255.255
group-policy DfltGrpPolicy attributes
dns-server value 10.10.66.32
vpn-idle-timeout 240
vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-client ssl-clientless
default-domain value tcaad-us.local
group-policy GroupPolicy_12.54.126.2 internal
group-policy GroupPolicy_12.54.126.2 attributes
vpn-filter value TEN01_VPN_Filter
vpn-tunnel-protocol ikev1
group-policy TCAAD_Main_VPN_GP internal
group-policy TCAAD_Main_VPN_GP attributes
banner value You are accessing the TCAAD network. Your system usage may be
monitored, recorded, and subject to audit. Unauthorized use of the system is
prohibited and subject to criminal and civil penalties. Use of the system
indicates consent to monitoring and recording.
vpn-filter value TCAAD_Main_VPN_ACL
vpn-tunnel-protocol ikev1 ssl-client ssl-clientless
ip-comp enable
pfs enable
split-tunnel-policy excludespecified
split-tunnel-network-list value TCAAD_Main_VPN_SplitTunnel_ACL
secure-unit-authentication enable
user-authentication enable
group-policy TCAAD_FTP_SSLVPN_GP internal
group-policy TCAAD_FTP_SSLVPN_GP attributes
wins-server none
vpn-tunnel-protocol ssl-clientless
webvpn
url-list value TCAAD_FTP_SSLVPN_Bookmarks
customization value TCAAD_FTP_SSLVPN_Customizations
smart-tunnel auto-signon enable TCAAD_FTP_SSLVPN_SmartTunnelAutoSign-onServerList
auto-signon allow ip 10.10.66.33 255.255.255.255 auth-type all
auto-signon allow ip 10.10.66.36 255.255.255.255 auth-type all
tunnel-group TCAAD_Main_VPN_CP type remote-access
tunnel-group TCAAD_Main_VPN_CP general-attributes
address-pool VPN_Pool
authentication-server-group TCAAD_LDAPS LOCAL
username-from-certificate UID
tunnel-group TCAAD_Main_VPN_CP webvpn-attributes
group-alias Main_VPN enable
group-url https://sslvpn.tcaad-us.com enable
tunnel-group TCAAD_Main_VPN_CP ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group TCAAD_FTP_SSLVPN_CP type remote-access
tunnel-group TCAAD_FTP_SSLVPN_CP general-attributes
address-pool VPN_Pool
authentication-server-group TCAAD_LDAPS LOCAL
default-group-policy TCAAD_FTP_SSLVPN_GP
username-from-certificate UID
tunnel-group TCAAD_FTP_SSLVPN_CP webvpn-attributes
customization TCAAD_FTP_SSLVPN_Customizations
group-alias SSL_FTP enable
group-url https://sslftp.tcaad-us.com enable
tunnel-group 12.54.126.2 type ipsec-l2l
tunnel-group 12.54.126.2 general-attributes
default-group-policy GroupPolicy_12.54.126.2
tunnel-group 12.54.126.2 ipsec-attributes
ikev1 pre-shared-key *****
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
!
class-map global-class
match default-inspection-traffic
!
!
policy-map global-policy
class global-class
inspect dns
inspect ftp
inspect h323 h225
inspect h323 ras
inspect icmp
inspect ip-options
inspect netbios
inspect pptp
inspect rsh
inspect rtsp
inspect sip
inspect skinny
inspect sqlnet
inspect sunrpc
inspect tftp
inspect xdmcp
class class-default
user-statistics accounting
!
service-policy global-policy global
smtp-server 64.18.4.12 10.10.66.34
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http
https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
hpm topN enable
Cryptochecksum:86dc6e5eecfd7378d12c05bdcbddbc0b
: end

Clean Cisco ASA Sample Config

Caricato da

Informazioni sul documento

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Clean Cisco ASA Sample Config

Caricato da

Copyright:

Formati disponibili

ASA Version 8.

dhcpd dns tcaad-adsvr01.tcaad-us.local

Potrebbero piacerti anche