Created
May 18, 2017 08:52
-
-
Save franzramadhan/3dcad9caa8aa2f3871d8a582b1fbc72f to your computer and use it in GitHub Desktop.
ASA-B Configuration
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| : Saved | |
| : | |
| : Serial Number: JAD202409YP | |
| : Hardware: ASA5508, 8192 MB RAM, CPU Atom C2000 series 2000 MHz, 1 CPU (8 cores) | |
| : Written by admin2 at 14:18:01.378 UTC Thu Mar 23 2017 | |
| ! | |
| ASA Version 9.7(1) | |
| ! | |
| hostname fwasa-c | |
| domain-name 1rstwap.com | |
| enable password ho/3kbA4pqB5EN7u encrypted | |
| names | |
| ! | |
| interface GigabitEthernet1/1 | |
| shutdown | |
| nameif outside | |
| security-level 0 | |
| ip address dhcp setroute | |
| ! | |
| interface GigabitEthernet1/2 | |
| shutdown | |
| nameif inside | |
| security-level 100 | |
| no ip address | |
| ! | |
| interface GigabitEthernet1/3 | |
| shutdown | |
| no nameif | |
| no security-level | |
| no ip address | |
| ! | |
| interface GigabitEthernet1/4 | |
| description intranet VLAN 1 | |
| nameif intranet | |
| security-level 90 | |
| ip address 10.32.16.221 255.255.255.0 | |
| ! | |
| interface GigabitEthernet1/5 | |
| nameif uservlan | |
| security-level 90 | |
| no ip address | |
| ! | |
| interface GigabitEthernet1/5.5 | |
| description Admin VLAN 5 Gateway | |
| vlan 5 | |
| nameif gw_adm | |
| security-level 90 | |
| ip address 10.32.5.254 255.255.255.0 | |
| policy-route route-map gwadm_map | |
| ! | |
| interface GigabitEthernet1/5.6 | |
| description Development VLAN Gateway | |
| shutdown | |
| vlan 6 | |
| nameif gw_dev | |
| security-level 90 | |
| ip address 10.32.6.253 255.255.255.0 | |
| policy-route route-map gwdev_map | |
| ! | |
| interface GigabitEthernet1/5.7 | |
| description Finance VLAN Gateway | |
| shutdown | |
| vlan 7 | |
| nameif gw_fin | |
| security-level 90 | |
| ip address 10.32.7.252 255.255.255.0 | |
| policy-route route-map gwfin_map | |
| ! | |
| interface GigabitEthernet1/5.8 | |
| description HRD VLAN Gateway | |
| shutdown | |
| vlan 8 | |
| nameif gw_hrd | |
| security-level 90 | |
| ip address 10.32.8.254 255.255.255.0 | |
| policy-route route-map gwhrd_map | |
| ! | |
| interface GigabitEthernet1/5.9 | |
| description Telco VLAN Gateway | |
| shutdown | |
| vlan 9 | |
| nameif gw_tel | |
| security-level 90 | |
| ip address 10.32.9.253 255.255.255.0 | |
| policy-route route-map gwtel_map | |
| ! | |
| interface GigabitEthernet1/5.10 | |
| description GA VLAN Gateway | |
| shutdown | |
| vlan 10 | |
| nameif gw_ga | |
| security-level 90 | |
| ip address 10.32.11.254 255.255.255.0 | |
| policy-route route-map gwga_map | |
| ! | |
| interface GigabitEthernet1/5.11 | |
| description Marketing VLAN Gateway | |
| shutdown | |
| vlan 11 | |
| nameif gw_mkt | |
| security-level 90 | |
| ip address 10.32.13.253 255.255.255.0 | |
| policy-route route-map gwmkt_map | |
| ! | |
| interface GigabitEthernet1/5.14 | |
| description Management VLAN Gateway | |
| shutdown | |
| vlan 14 | |
| nameif gw_mgt | |
| security-level 90 | |
| ip address 10.32.14.253 255.255.255.0 | |
| policy-route route-map gwmgt_map | |
| ! | |
| interface GigabitEthernet1/5.16 | |
| description Guest VLAN 16 Gateway | |
| vlan 16 | |
| nameif gw_qca | |
| security-level 90 | |
| ip address 10.32.15.254 255.255.255.0 | |
| policy-route route-map gwqca_map | |
| ! | |
| interface GigabitEthernet1/5.32 | |
| description Guest VLAN Gateway | |
| shutdown | |
| vlan 32 | |
| nameif gw_gst | |
| security-level 90 | |
| ip address 192.168.1.251 255.255.255.0 | |
| policy-route route-map gwgst_map | |
| ! | |
| interface GigabitEthernet1/6 | |
| shutdown | |
| no nameif | |
| no security-level | |
| no ip address | |
| ! | |
| interface GigabitEthernet1/7 | |
| shutdown | |
| no nameif | |
| no security-level | |
| no ip address | |
| ! | |
| interface GigabitEthernet1/8 | |
| shutdown | |
| no nameif | |
| no security-level | |
| no ip address | |
| ! | |
| interface Management1/1 | |
| management-only | |
| nameif management-interface | |
| security-level 0 | |
| ip address 10.32.50.2 255.255.255.0 | |
| ! | |
| boot system disk0:/asa971-lfbff-k8.SPA | |
| ftp mode passive | |
| dns domain-lookup intranet | |
| dns domain-lookup gw_adm | |
| dns server-group DefaultDNS | |
| name-server 10.32.16.238 | |
| name-server 10.32.16.237 | |
| domain-name 1rstwap.com | |
| same-security-traffic permit inter-interface | |
| same-security-traffic permit intra-interface | |
| object network obj_any | |
| subnet 0.0.0.0 0.0.0.0 | |
| object network vlan.1rstwap | |
| subnet 10.32.0.0 255.255.0.0 | |
| object network out.nat.http-https | |
| host 10.32.16.221 | |
| object network intra.squid | |
| host 10.32.16.222 | |
| object service udp.53 | |
| service udp source eq domain destination eq domain | |
| description dns | |
| object service tcp.http | |
| service tcp source eq www destination eq www | |
| object service tcp.ssl | |
| service tcp source eq https destination eq https | |
| object network intra.insana-dns | |
| range 10.32.16.237 10.32.16.238 | |
| description internal dns server | |
| object service rsync | |
| service tcp destination eq 873 | |
| object network intra.repo | |
| host 10.32.15.190 | |
| object service udp.rsync | |
| service udp destination eq 873 | |
| object network intra.asa-a | |
| host 10.32.16.253 | |
| object network intra.tuyul | |
| host 10.32.16.179 | |
| object network dmz.singasari | |
| host 10.32.10.11 | |
| description main mail server | |
| object network vlan.liewap | |
| subnet 80.66.224.0 255.255.255.0 | |
| description 1rstwap Liechtenstein Network | |
| object service rtp | |
| service udp destination range 16384 32767 | |
| object-group protocol DM_INLINE_PROTOCOL_1 | |
| protocol-object udp | |
| protocol-object tcp | |
| object-group service svc.web-browsing tcp | |
| port-object eq www | |
| port-object eq https | |
| object-group protocol TCPUDP | |
| protocol-object udp | |
| protocol-object tcp | |
| access-list gw_hrd_access_in_1 extended permit ip any any | |
| access-list inside_access_in_1 extended permit ip any any | |
| access-list gw_admin_access_in_1 extended permit ip any any | |
| access-list gw_testbed_access_in extended permit ip any any | |
| access-list gw_ga_access_in_1 extended permit ip any any | |
| access-list gw_finance_access_in_2 extended permit ip any any | |
| access-list intranet_access_in_1 extended permit ip any any | |
| access-list gw_marketing_access_in_1 extended permit ip any any | |
| access-list uservlan_access_in_1 extended permit ip any any | |
| access-list gw_telco_access_in_1 extended permit ip any any | |
| access-list gw_dev_access_in_2 extended permit ip any any | |
| access-list gw_guest_access_in_1 extended permit ip any any | |
| access-list gw_management_access_in_1 extended permit ip any any | |
| access-list gwadm_map_in extended deny ip any 10.32.0.0 255.255.0.0 | |
| access-list gwadm_map_in extended permit tcp any any object-group svc.web-browsing | |
| access-list gwdev_map_in extended deny ip any 10.32.0.0 255.255.0.0 | |
| access-list gwdev_map_in extended permit tcp any any object-group svc.web-browsing | |
| access-list gwfin_map_in extended deny ip any 10.32.0.0 255.255.0.0 | |
| access-list gwfin_map_in extended permit tcp any any object-group svc.web-browsing | |
| access-list gwhrd_map_in extended deny ip any 10.32.0.0 255.255.0.0 | |
| access-list gwhrd_map_in extended permit tcp any any object-group svc.web-browsing | |
| access-list gwtel_map_in extended deny ip any 10.32.0.0 255.255.0.0 | |
| access-list gwtel_map_in extended permit tcp any any object-group svc.web-browsing | |
| access-list gwga_map_in extended deny ip any 10.32.0.0 255.255.0.0 | |
| access-list gwga_map_in extended permit tcp any any object-group svc.web-browsing | |
| access-list gwmkt_map_in extended deny ip any 10.32.0.0 255.255.0.0 | |
| access-list gwmkt_map_in extended permit tcp any any object-group svc.web-browsing | |
| access-list gwmgt_map_in extended deny ip any 10.32.0.0 255.255.0.0 | |
| access-list gwmgt_map_in extended permit tcp any any object-group svc.web-browsing | |
| access-list gwqca_map_in extended deny ip any 10.32.0.0 255.255.0.0 | |
| access-list gwqca_map_in extended permit tcp any any object-group svc.web-browsing | |
| access-list gwgst_map_in extended deny ip any 10.32.0.0 255.255.0.0 | |
| access-list gwgst_map_in extended permit tcp any any object-group svc.web-browsing | |
| no pager | |
| logging enable | |
| logging buffered warnings | |
| logging asdm informational | |
| mtu outside 1500 | |
| mtu inside 1500 | |
| mtu intranet 1500 | |
| mtu uservlan 1500 | |
| mtu gw_adm 1500 | |
| mtu gw_dev 1500 | |
| mtu gw_fin 1500 | |
| mtu gw_hrd 1500 | |
| mtu gw_tel 1500 | |
| mtu gw_ga 1500 | |
| mtu gw_mkt 1500 | |
| mtu gw_mgt 1500 | |
| mtu gw_qca 1500 | |
| mtu gw_gst 1500 | |
| mtu management-interface 1500 | |
| no failover | |
| no monitor-interface service-module | |
| icmp unreachable rate-limit 1 burst-size 1 | |
| asdm image disk0:/asdm-771.bin | |
| no asdm history enable | |
| arp timeout 14400 | |
| no arp permit-nonconnected | |
| arp rate-limit 16384 | |
| access-group inside_access_in_1 in interface inside | |
| access-group intranet_access_in_1 in interface intranet | |
| access-group uservlan_access_in_1 in interface uservlan | |
| access-group gw_admin_access_in_1 in interface gw_adm | |
| access-group gw_dev_access_in_2 in interface gw_dev | |
| access-group gw_finance_access_in_2 in interface gw_fin | |
| access-group gw_hrd_access_in_1 in interface gw_hrd | |
| access-group gw_telco_access_in_1 in interface gw_tel | |
| access-group gw_ga_access_in_1 in interface gw_ga | |
| access-group gw_marketing_access_in_1 in interface gw_mkt | |
| access-group gw_management_access_in_1 in interface gw_mgt | |
| access-group gw_testbed_access_in in interface gw_qca | |
| access-group gw_guest_access_in_1 in interface gw_gst | |
| ! | |
| route-map gwga_map permit 5 | |
| match ip address gwga_map_in | |
| set ip next-hop 10.32.16.222 | |
| ! | |
| route-map gwqca_map permit 2 | |
| match ip address gwqca_map_in | |
| set ip next-hop 10.32.16.222 | |
| ! | |
| route-map gwmkt_map permit 5 | |
| match ip address gwmkt_map_in | |
| set ip next-hop 10.32.16.222 | |
| ! | |
| route-map gwdev_map permit 3 | |
| match ip address gwdev_map_in | |
| set ip next-hop 10.32.16.222 | |
| ! | |
| route-map gwhrd_map permit 5 | |
| match ip address gwhrd_map_in | |
| set ip next-hop 10.32.16.222 | |
| ! | |
| route-map gwmgt_map permit 5 | |
| match ip address gwmgt_map_in | |
| set ip next-hop 10.32.16.222 | |
| ! | |
| route-map gwtel_map permit 5 | |
| match ip address gwtel_map_in | |
| set ip next-hop 10.32.16.222 | |
| ! | |
| route-map gwfin_map permit 4 | |
| match ip address gwfin_map_in | |
| set ip next-hop 10.32.16.222 | |
| ! | |
| route-map gwgst_map permit 5 | |
| match ip address gwgst_map_in | |
| set ip next-hop 10.32.16.222 | |
| ! | |
| route-map gwadm_map permit 1 | |
| match ip address gwadm_map_in | |
| set ip next-hop 10.32.16.222 | |
| ! | |
| route intranet 0.0.0.0 0.0.0.0 10.32.16.254 1 | |
| timeout xlate 3:00:00 | |
| timeout pat-xlate 0:00:30 | |
| timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02 | |
| timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 | |
| timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 | |
| timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute | |
| timeout tcp-proxy-reassembly 0:01:00 | |
| timeout floating-conn 0:00:00 | |
| timeout conn-holddown 0:00:15 | |
| timeout igp stale-route 0:01:10 | |
| user-identity default-domain LOCAL | |
| aaa authentication ssh console LOCAL | |
| http server enable | |
| http 192.168.1.0 255.255.255.0 inside | |
| http 10.32.50.0 255.255.255.0 management-interface | |
| no snmp-server location | |
| no snmp-server contact | |
| service sw-reset-button | |
| crypto ipsec security-association pmtu-aging infinite | |
| crypto ca trustpool policy | |
| telnet timeout 5 | |
| ssh stricthostkeycheck | |
| ssh 10.32.50.0 255.255.255.0 management-interface | |
| ssh timeout 30 | |
| ssh key-exchange group dh-group14-sha1 | |
| console timeout 0 | |
| dhcpd auto_config outside | |
| ! | |
| priority-queue intranet | |
| priority-queue uservlan | |
| threat-detection basic-threat | |
| threat-detection statistics access-list | |
| no threat-detection statistics tcp-intercept | |
| ntp server 10.32.16.237 source intranet prefer | |
| dynamic-access-policy-record DfltAccessPolicy | |
| username backup password 1.pfPrSCM2geHdoN encrypted privilege 15 | |
| username josefhpr password $sha512$5000$SAoawMonTj1Ho4uSv1wiFg==$WvRNGUdI4mbvLXI3Cn3eTg== pbkdf2 privilege 15 | |
| username admin4 password $sha512$5000$93WH7kwhlTR/chSxCIyRJw==$lhVJExz1xjfi3IT+186FPA== pbkdf2 | |
| username admin3 password $sha512$5000$n3Sl6JzmFKkV1AuIHT84ig==$pn80YHG0zn4fT64XTMezQA== pbkdf2 | |
| username admin2 password XATYWOkqC4kYIAUH encrypted privilege 15 | |
| ! | |
| class-map voice_traffic | |
| match dscp ef | |
| class-map Voice | |
| match dscp ef | |
| ! | |
| ! | |
| policy-map type inspect dns preset_dns_map | |
| parameters | |
| message-length maximum client auto | |
| message-length maximum 512 | |
| no tcp-inspection | |
| policy-map default_shaping_policy | |
| class class-default | |
| policy-map qos_class_policy | |
| class voice_traffic | |
| priority | |
| policy-map pl_priority | |
| class Voice | |
| priority | |
| policy-map pl_shaping | |
| class class-default | |
| sfr fail-open | |
| ! | |
| service-policy qos_class_policy global | |
| prompt hostname context | |
| no call-home reporting anonymous | |
| Cryptochecksum:22ef8a9f59507f73d401c57c264a5d3d | |
| : end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment