Voorbeeld 1 Asa 5505

Saved
:
ASA Version 7.2(4)
!
hostname Test
domain-name test.com
enable password F4M969RI8REUCzj4 encrypted
passwd F4M969RI8REUCzj4 encrypted
names
name 174.78.101.4 Outsideip
name 10.229.110.7 insideip
!
interface Vlan1
nameif inside
security-level 100
ip address insideip 255.255.255.0
ospf cost 10
!
interface Vlan2
nameif outside
security-level 0
ip address Outsideip 255.255.255.248
ospf cost 10
!
interface Ethernet0/0
switchport access vlan 2
!
!
!
!
!
!
!
!
ftp mode passive
clock timezone CEST 1
clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
dns server-group DefaultDNS
domain-name test.com
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group network DM_INLINE_NETWORK_1
network-object 10.229.110.0 255.255.255.0
network-object 10.229.120.0 255.255.255.0
network-object 10.229.110.0 255.255.255.0
network-object 10.229.120.0 255.255.255.0
network-object 10.229.110.0 255.255.255.0
network-object 10.229.120.0 255.255.255.0
network-object 10.229.110.0 255.255.255.0
network-object 10.229.120.0 255.255.255.0
network-object 10.229.110.0 255.255.255.0
network-object 10.229.120.0 255.255.255.0
network-object 10.229.110.0 255.255.255.0
network-object 10.229.120.0 255.255.255.0
!
access-list outside-in extended permit icmp any any echo-reply
! access-list outside-in extended permit tcp any host 10.229.105.205 eq imap4
access-list outside-in extended permit ip any any
access-list outside-in extended deny ip any any log
!
access-list lan-to-vpn extended permit tcp host 10.229.105.205 any eq imap4 ????
access-list lan-to-vpn extended permit ip 10.229.110.0 255.255.255.0 object-group
DM_INLINE_NETWORK_1
DM_INLINE_NETWORK_2
DM_INLINE_NETWORK_3
DM_INLINE_NETWORK_4
DM_INLINE_NETWORK_5
DM_INLINE_NETWORK_6
!
access-list remote-access extended permit ip any 10.229.110.0 255.255.255.0
!
access-list splittunnel standard permit any
access-list splittunnel standard permit 10.229.110.0 255.255.255.0
!
access-list outside_access_in extended permit tcp any host 10.229.105.205 eq imap4
access-list outside_access_in extended permit ip any any
!
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool remotevpn 10.229.110.200-10.229.110.235 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
icmp permit any outside
asdm image disk0:/asdm-524.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
static (outside,inside) tcp interface imap4 Outsideip imap4 netmask 255.255.255.255 dns ?????
static (inside,outside) tcp interface imap4 insideip imap4 netmask 255.255.255.255
access-group lan-to-vpn in interface inside
access-group outside_access_in in interface outside
route inside 192.168.191.0 255.255.255.0 10.229.110.1 1
route inside 192.168.192.0 255.255.255.0 10.229.110.1 1
route inside 10.229.105.0 255.255.255.0 10.229.110.1 1
route inside 10.229.9.0 255.255.255.0 10.229.110.1 1
route inside 10.229.4.0 255.255.255.0 10.229.110.1 1
route outside 0.0.0.0 0.0.0.0 Outsideip 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
aaa authorization command LOCAL
http server enable
http 10.229.110.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 match address remote-access
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp reload-wait
telnet 10.229.110.0 255.255.255.0 inside
telnet timeout 5
ssh 10.229.110.0 255.255.255.0 inside
ssh timeout 20
console timeout 0
management-access inside
group-policy DfltGrpPolicy attributes

banner none
wins-server none
dns-server none
dhcp-network-scope none
vpn-access-hours none
vpn-simultaneous-logins 30
vpn-idle-timeout none
vpn-session-timeout none
vpn-filter none
vpn-tunnel-protocol IPSec l2tp-ipsec webvpn
password-storage disable
ip-comp disable
re-xauth disable
group-lock none
pfs disable
ipsec-udp disable
ipsec-udp-port 10000
split-tunnel-policy tunnelspecified
split-tunnel-network-list value outside-in
default-domain none
split-dns none
intercept-dhcp 255.255.255.255 disable
secure-unit-authentication disable
user-authentication disable
user-authentication-idle-timeout none
ip-phone-bypass disable
leap-bypass disable
nem disable
backup-servers keep-client-config
msie-proxy server none
msie-proxy method auto-detect
msie-proxy except-list none
msie-proxy local-bypass enable
nac disable
nac-sq-period 300
nac-reval-period 86000
nac-default-acl none
address-pools none
smartcard-removal-disconnect enable
client-firewall none
client-access-rule none
webvpn
functions url-entry
html-content-filter none
homepage none
keep-alive-ignore 4
http-comp gzip
filter none
url-list none
customization value DfltCustomization
port-forward none
port-forward-name value Application Access
sso-server none
deny-message value Login was successful, but because certain criteria have not been met or due to
some specific group policy, you do not have permission to use any of the VPN features. Contact your IT
administrator for more information
svc none
svc keep-installer installed
svc keepalive none
svc rekey time none
svc rekey method none
svc dpd-interval client none
svc dpd-interval gateway none
svc compression deflate
group-policy remotevpn internal
group-policy remotevpn attributes
dns-server value 10.229.110.11
vpn-access-hours none
group-lock value remotevpn
split-tunnel-policy tunnelspecified
split-tunnel-network-list value splittunnel
user-authentication-idle-timeout none
msie-proxy method auto-detect
username wbeedge password Ta8HvkJqraRyD10t encrypted privilege 15
username wbeedge attributes
vpn-group-policy remotevpn
vpn-framed-ip-address 10.229.110.210 255.255.255.0
username wbewipe password bDCjUvxVEQjOFgvw encrypted
username wbewipe attributes
username wbemave password E5tjgDYzLvA6NPB. encrypted
username wbemave attributes
username wbemipe password E5tjgDYzLvA6NPB. encrypted
username wbemipe attributes
username wbewiiu password bDCjUvxVEQjOFgvw encrypted
username wbewiiu attributes
username wbejuwe password 7kjKshpih56rezPc encrypted
username wbejuwe attributes
username wbeanve password JJKKxpvgjwLOvmPN encrypted
username wbeanve attributes
username wbesadu password x6TILC9BeRXNzvxG encrypted
username wbesadu attributes
username wbebehu password WkGGowZgdkn0Rf7N encrypted
username wbebehu attributes
username wbevetu password nLgrn2ZemmWVaGP0 encrypted
username wbevetu attributes
username wbeinpe password XzvVupNV6dx66ZmD encrypted
username wbeinpe attributes
username wbedice password 58IKigkO0i9pSqVh encrypted
username wbedice attributes
username wbealhe password JJKKxpvgjwLOvmPN encrypted
username wbealhe attributes
username wbeleou password HD6cYIU1cpPOgXXK encrypted
username wbeleou attributes
username wbestke password x6TILC9BeRXNzvxG encrypted
username wbestke attributes
username wbesihe password x6TILC9BeRXNzvxG encrypted
username wbesihe attributes
username wbeirna password XzvVupNV6dx66ZmD encrypted
username wbeirna attributes
username wbefala password HCq3Ej6qvkqcGu2n encrypted
username wbefala attributes
username wbesaba password x6TILC9BeRXNzvxG encrypted
username wbesaba attributes
username wbeerma password Lu8VAM.Q2WheBanX encrypted
username wbeerma attributes
username wbewipa password bDCjUvxVEQjOFgvw encrypted
username wbewipa attributes
username wbedasc password 58IKigkO0i9pSqVh encrypted
username wbedasc attributes
username wbeweas password bDCjUvxVEQjOFgvw encrypted
username wbeweas attributes
username wbekeic password Wi5xooY1gwmj6Xmv encrypted
username wbekeic attributes
username wbegear password k0QcSOE1FFIOnM06 encrypted privilege 15
username wbegear attributes
username wbechgr password 0MGgzvRHdd97dp/w encrypted
username wbechgr attributes
username wbekabr password Wi5xooY1gwmj6Xmv encrypted
username wbekabr attributes
username wbekecl password Wi5xooY1gwmj6Xmv encrypted
username wbekecl attributes
username wbeglgo password ekKTCceU8nGVXect encrypted
username wbeglgo attributes
username wbemado password E5tjgDYzLvA6NPB. encrypted
username wbemado attributes
username wbestco password x6TILC9BeRXNzvxG encrypted
username wbestco attributes
username wbechmo password 0MGgzvRHdd97dp/w encrypted
username wbechmo attributes
username wbecero password 0MGgzvRHdd97dp/w encrypted
username wbecero attributes
username wbeanro password JJKKxpvgjwLOvmPN encrypted
username wbeanro attributes
username wbenado password bfsdIe4aLLixmw.X encrypted
username wbenado attributes
username wbejamo password 7kjKshpih56rezPc encrypted
username wbejamo attributes
username wbemith password E5tjgDYzLvA6NPB. encrypted
username wbemith attributes
tunnel-group DefaultL2LGroup general-attributes
default-group-policy remotevpn
tunnel-group DefaultL2LGroup ipsec-attributes
pre-shared-key *
peer-id-validate nocheck
tunnel-group DefaultRAGroup general-attributes
address-pool remotevpn
tunnel-group DefaultRAGroup ipsec-attributes
pre-shared-key *
tunnel-group DefaultWEBVPNGroup general-attributes
tunnel-group remotevpn type ipsec-ra
tunnel-group remotevpn general-attributes
address-pool remotevpn
tunnel-group remotevpn ipsec-attributes
pre-shared-key *
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
imap4s
port 143
server 10.229.105.205
outstanding 40
pop3s
server 10.229.105.205
outstanding 40
smtps
server 10.229.105.205
privilege cmd level 3 mode exec command perfmon
privilege cmd level 3 mode exec command ping
privilege cmd level 3 mode exec command who
privilege cmd level 3 mode exec command logging
privilege cmd level 3 mode exec command failover
privilege show level 5 mode exec command running-config
privilege show level 3 mode exec command reload
privilege show level 3 mode exec command mode
privilege show level 3 mode exec command firewall
privilege show level 3 mode exec command interface
privilege show level 3 mode exec command clock
privilege show level 3 mode exec command dns-hosts
privilege show level 3 mode exec command access-list
privilege show level 3 mode exec command logging
privilege show level 3 mode exec command ip
privilege show level 3 mode exec command failover
privilege show level 3 mode exec command asdm
privilege show level 3 mode exec command arp
privilege show level 3 mode exec command route
privilege show level 3 mode exec command ospf
privilege show level 3 mode exec command aaa-server
privilege show level 3 mode exec command aaa
privilege show level 3 mode exec command crypto
privilege show level 3 mode exec command vpn-sessiondb
privilege show level 3 mode exec command ssh
privilege show level 3 mode exec command dhcpd
privilege show level 3 mode exec command vpn
privilege show level 3 mode exec command blocks
privilege show level 3 mode exec command uauth
privilege show level 3 mode configure command interface
privilege show level 3 mode configure command clock
privilege show level 3 mode configure command access-list
privilege show level 3 mode configure command logging
privilege show level 3 mode configure command ip
privilege show level 3 mode configure command failover
privilege show level 5 mode configure command asdm
privilege show level 3 mode configure command arp
privilege show level 3 mode configure command route
privilege show level 3 mode configure command aaa-server
privilege show level 3 mode configure command aaa
privilege show level 3 mode configure command crypto
privilege show level 3 mode configure command ssh
privilege show level 3 mode configure command dhcpd
privilege show level 5 mode configure command privilege
privilege clear level 3 mode exec command dns-hosts
privilege clear level 3 mode exec command logging
privilege clear level 3 mode exec command arp
privilege clear level 3 mode exec command aaa-server
privilege clear level 3 mode exec command crypto
privilege cmd level 3 mode configure command failover
privilege clear level 3 mode configure command logging
privilege clear level 3 mode configure command arp
privilege clear level 3 mode configure command crypto
privilege clear level 3 mode configure command aaa-server
prompt hostname context
Cryptochecksum:79eb78b9edabd448573e513727fe58f9
: end

Voorbeeld 1 Asa 5505

Transféré par

Informations du document

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Voorbeeld 1 Asa 5505

Transféré par

Droits d'auteur :

Formats disponibles

Saved

group-policy DfltGrpPolicy attributes

Vous aimerez peut-être aussi