CiscoASA PH

Column1
: Saved
:
ASA Version 9.1(2)
!
hostname ciscoasaPH
enable password U5voiFKNPCdumCpL encrypted
names
!
interface GigabitEthernet0/0
nameif comclarkOUTSIDE
security-level 0
ip address 210.4.99.194 255.255.255.240
!
speed 100
duplex full
nameif PLDTOUTSIDE
security-level 0
ip address 122.53.87.170 255.255.255.240
!
speed 100
duplex full
nameif inside
security-level 100
ip address 192.168.20.1 255.255.255.0
!
speed 100
duplex full
nameif PLDTPFSENSE
security-level 0
ip address 192.168.40.15 255.255.255.0
!
shutdown
nameif PLDTBiz
security-level 0
ip address dhcp setroute
!
description PLDTFIBER100
shutdown
nameif PLDTFIBER100OUTSIDE
security-level 0
ip address 122.52.112.114 255.255.255.248
!
interface Management0/0
management-only
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
!
regex urllist1 ".*\.([Ee][Xx][Ee]|[Cc][Oo][Mm]|[Bb][Aa][Tt]) HTTP/1.(01)"
regex domainlist1 "\youtube\.com"
regex TLString "/ws/eBayISAPI.dll?SimilarListing&"
regex contenttype "Content-Type"
regex applicationheader "application/.*"
boot system disk0:/asa912-smp-k8.bin
ftp mode passive
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network RabbitMQ_LAN
host 192.168.20.111
object network RabbitMQ_WAN
host 210.4.99.199
object network Any_Comclark
subnet 0.0.0.0 0.0.0.0
description Any to Comclark
object network BI-Pool_A
range 208.76.253.48 208.76.253.55
object network BI-Pool_B
range 5.2.126.114 5.2.126.126
object network CA_WAN
host 172.248.57.189
description California Public IP
object network CCTV-PLDT_WAN
host 122.53.87.168
description Main DVR
object network CCTV_LAN
host 192.168.20.17
description Main DVR
object network CiscoASA-inside
host 192.168.20.1
object network Zeroimages-PLDT_WAN
host 122.53.87.165
description images.ecellonline.com
object network Zeroimages_LAN
host 192.168.20.214
description Creativeimages
object network Zeroimages_WAN
host 210.4.99.198
description images.ecellonline.com
object network OWA-PLDT_WAN
host 122.53.87.172
description owa.ecellglobal.com
object network OWA_LAN
host 192.168.20.7
description Exchange01
object network OWA_WAN
host 210.4.99.206
description owa.ecellglobal.com
object network FL_WAN
host 108.189.35.146
description Florida Public IP
object network Manufacturing-Comclark
host 111.125.108.215
description 124.107.133.90
object network Manufacturing-DSL
host 111.125.108.198
object network Manufacturing-IGate
range 124.107.133.90 124.107.133.93
object network OpenVPN-PLDT_WAN
host 122.53.87.171
object network OpenVPN_LAN
host 192.168.20.13
object network OpenVPN_WAN
host 210.4.99.205
object network Sage-App-PLDT_WAN
host 122.53.87.167
object network Zero1_LAN
host 192.168.20.119
object network Zero1_WAN
host 210.4.99.201
description z1.ecellglobal.com
object network SageDB2009_LAN
host 192.168.20.74
description sql-cluster01
object network DBClone_WAN
host 210.4.99.202
object network SageDB2013_LAN
host 192.168.20.167
object network SageDB2013_WAN
host 210.4.99.200
object network Talisma-Web-PLDT_WAN
host 122.53.87.163
description chatsupport.ecellglobal.com
object network Talisma-Web_LAN
host 192.168.20.11
object network UK-BT_WAN
host 62.6.242.2
description UK BT Connection Public IP
object network UK_WAN
host 81.149.69.78
description UK Public IP
object network Vicidial-PLDT_WAN
host 122.53.87.169
description VOIP PLDT
object network Vicidial_LAN
host 192.168.20.76
object network Vicidial_WAN
host 210.4.99.203
description VOIP
object network Zero-PLDT_WAN
host 122.52.112.116
description zero@ecell.com.ph
object network ZeroDB_LAN
host 192.168.20.58
object network ZeroDB_WAN
host 210.4.99.204
object network Zero_LAN
host 192.168.20.57
object network Zero_WAN
host 210.4.99.197
description zero.ecellglobal.com
object network internal-subnet-21
subnet 192.168.21.0 255.255.255.0
description 21 Network
subnet 192.168.22.0 255.255.255.0
subnet 192.168.23.0 255.255.255.0
subnet 192.168.24.0 255.255.255.0
subnet 192.168.26.0 255.255.255.0
subnet 192.168.28.0 255.255.255.0
object network localelcellcouk-PLDT_WAN
host 122.53.87.162
description localelcellcouk.ecellonline.com
object network localelcellcouk_LAN
host 192.168.20.124
object network localelcellcouk_WAN
host 210.4.99.195
description localelcellcouk.ecellonline.com
object network voiptalk.org
subnet 77.240.48.0 255.255.255.0
object service Bartender_tcp
service tcp destination eq 9070
object service Bartender_udp
service udp destination eq 9070
object service MSSQL
service tcp destination range 1433 1444
object service MySQL
object service sip_aux
service udp destination range 10000 25000
object service RDP
object service Talisma-ports
service tcp source range 5770 5771 destination range 5770 5771
object network E2X_Public_IP
range 109.231.204.82 109.231.204.83
object network Sage_Support
host 78.86.17.154
object network Any_PLDTOUTSIDE
subnet 0.0.0.0 0.0.0.0
description Any to PLDT
object network Any_PLDTPFSENSE
subnet 0.0.0.0 0.0.0.0
description Any to PLDTPFSENSE
object network rackspace
host 162.209.1.89
object service http
service tcp destination eq www
object service https
service tcp source eq https destination eq https
object service sip
service tcp destination range sip 5070
object service sip_udp
service udp destination range sip 5070
object service ssh
service tcp destination eq ssh
object service rabbitmq
object service rabbitmqtest
object network voiptalk.org2
subnet 77.240.60.0 255.255.255.0
subnet 77.240.54.0 255.255.255.0
subnet 77.240.55.0 255.255.255.0
subnet 217.14.138.0 255.255.255.0
object network Ecell_B
subnet 192.168.50.0 255.255.255.0
description ecellb
subnet 77.240.61.0 255.255.255.0
object network DBClone_LAN
host 192.168.20.160
object network Vicidial_LAN2
host 192.168.20.118
object network Mfg_Pub_IP_FL
host 124.107.133.94
object network Mfg_Msql_DB
host 124.107.133.93
object network ChinaPublicIP
host 218.18.77.170
object network Japan
host 153.161.136.69
object network A.Peralta
host 120.29.105.94
object network UK_Accountant_WAN
host 180.191.151.173
description 31.49.36.176 - UK Accountant
object network PLDT_Main_WAN
host 122.52.104.155
object service z1
object network Italy_WAN
host 95.248.166.158
description 151.28.36.74previous office
object network Pavillion-Comclark
host 120.29.106.254
object network Test_Bob_LAN
host 192.168.21.21
object network Rackspace_web_server
host 23.253.58.138
object network TestPLDTChiz
host 192.168.24.57
object network PLDTBizGateway
host 192.168.100.36
object network MailServerLan
host 192.168.20.222
description MailServer-chiz
object network MailServerWAN
host 210.4.99.195
description MailServer-chiz
object network JorenWAN
host 85.255.234.5
object network cszero_LAN
host 192.168.20.67
object network Manufacturing-pldt
host 111.125.111.227
object network CSzero-Wan
host 210.4.99.195
object network ecellmain
host 210.4.99.195
object network QNAP-LAN
host 192.168.20.107
object network QNAP-WAN
host 210.4.99.196
object network TEST_for_Sir_drew
host 180.191.151.173
object network 3G-Test_remove_soon
host 112.198.98.253
object network UK_Accountant_IP
host 31.49.36.176
object network youtube-IP-1
range 199.223.232.0 199.223.239.255
range 207.223.160.0 207.223.175.255
range 208.65.152.0 208.65.155.255
range 208.117.224.0 208.117.255.255
range 209.85.128.0 209.85.255.255
range 216.58.192.0 216.58.223.255
range 216.239.32.0 216.239.63.255
object network chiz
host 192.168.24.55
range 202.69.185.242 202.69.185.253
object network 202.69.185.16
host 202.69.185.16
description youtube
host 202.69.185.20
host 202.69.185.24
host 202.69.185.26
host 202.69.185.27
host 202.69.185.31
host 202.69.185.35
host 202.69.185.37
host 202.69.185.38
host 202.69.185.42
host 202.69.185.46
range 202.69.185.48 202.69.185.49
host 202.69.185.53
host 202.69.185.57
host 202.69.185.59
object network uera
host 192.168.24.83
object network Temp159
host 192.168.20.59
object network Temp59
host 192.168.20.155
object network temp59_WAN
host 210.4.99.198
description 192.168.20.59 IP
object network prod_replication
host 124.107.133.93
object network amazonRDS
host 52.54.134.236
description aurora
object network ProdNetwork
subnet 192.168.50.0 255.255.255.0
object network AmazonEC2
host 52.91.250.103
object network Peak_Indicators01
host 193.35.57.66
object network Peak_indicators02
host 5.2.126.114
object network Peak_indicator03
host 208.76.253.50
object network Peak_indicators04
host 173.198.225.2
object network Any_PLDTFIBER100
subnet 0.0.0.0 0.0.0.0
description Any to PLDTFiber100
object network ZeroDB-PLDT_WAN
host 122.52.112.116
object network QNAP-PLDT_WAN
host 122.52.112.117
description QNAP_PLDT
object network CSzero-PLDT_WAN
host 122.52.112.118
object network Peak_Indicators05
host 5.2.126.115
object network NETWORK_OBJ_122.52.112.112_29
subnet 122.52.112.112 255.255.255.248
object network NETWORK_OBJ_210.4.99.192_28
subnet 210.4.99.192 255.255.255.240
subnet 192.168.20.0 255.255.255.0
description VLAN 20
object network TEST_HOST
host 192.168.20.61
object-group service VOIP-ports
service-object tcp-udp destination range sip 5070
service-object object sip_aux
object-group service DM_INLINE_SERVICE_7
group-object VOIP-ports
service-object object http
object-group network internal_subnets
description internal networks
network-object object internal-subnet-21
object-group network DM_INLINE_NETWORK_1
network-object object UK-BT_WAN
network-object object UK_WAN
network-object object Mfg_Pub_IP_FL
network-object object Japan
network-object object A.Peralta
network-object object Rackspace_web_server
network-object object PLDT_Main_WAN
network-object object JorenWAN
network-object object ecellmain
network-object object TEST_for_Sir_drew
network-object object UK_Accountant_WAN
network-object object FL_WAN
network-object object Manufacturing-DSL
network-object object Manufacturing-pldt
network-object object Manufacturing-IGate
network-object object Manufacturing-Comclark
network-object object AmazonEC2
network-object object ChinaPublicIP
network-object object Italy_WAN
object-group service Bartender-ports
service-object object Bartender_tcp
service-object object Bartender_udp
group-object Bartender-ports
service-object tcp destination eq www
service-object ip
service-object tcp destination eq 15672
group-object Bartender-ports
service-object object z1
service-object tcp destination eq ssh
service-object object MySQL
service-object object Talisma-ports
service-object tcp destination eq https
network-object object BI-Pool_B
network-object object CA_WAN
network-object object UK-BT_WAN
network-object object UK_WAN
network-object object E2X_Public_IP
network-object object BI-Pool_A
network-object object Mfg_Pub_IP_FL
network-object object Mfg_Msql_DB
network-object object Pavillion-Comclark
network-object object FL_WAN
network-object object amazonRDS
network-object object SageDB2013_LAN
network-object object ZeroDB_LAN
network-object object DBClone_LAN
network-object object MailServerLan
object-group service SQLDB-ports
service-object object MSSQL
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
service-object object Talisma-ports
service-object tcp destination eq https
service-object ip
object-group service DM_INLINE_TCP_2 tcp
port-object eq www
port-object eq https
port-object eq smtp
object-group service OpenVPN-ports udp
port-object range 1194 1195
port-object eq www
network-object object OWA-PLDT_WAN
network-object object OWA_WAN
network-object object Zeroimages-PLDT_WAN
network-object object Zeroimages_WAN
network-object object Zero_WAN
network-object object Zero-PLDT_WAN
network-object object Vicidial-PLDT_WAN
network-object object Vicidial_WAN
network-object host 146.112.61.106
object-group network All_inside_network
network-object 192.168.20.0 255.255.255.0
object-group service Rabbitmq-port tcp
port-object eq 15672
object-group network VOIPTALK_IPs
network-object object voiptalk.org
network-object object voiptalk.org2
network-object object RabbitMQ_LAN
network-object object Zero_LAN
network-object object OWA_LAN
network-object object cszero_LAN
network-object object QNAP-LAN
network-object object Zero1_LAN
group-object VOIPTALK_IPs
network-object object Italy_WAN
network-object object QNAP-LAN
network-object object cszero_LAN
service-object ip
service-object object ssh
service-object tcp
object-group protocol DM_INLINE_PROTOCOL_2
protocol-object udp
protocol-object tcp
protocol-object ip
network-object object Manufacturing-pldt
network-object object amazonRDS
network-object 192.168.50.0 255.255.255.0
network-object object Peak_Indicators01
network-object object Peak_indicators02
network-object object Peak_indicator03
network-object object Peak_indicators04
network-object object Peak_Indicators05
network-object object Temp59
network-object object Temp159
object-group network youtubePublicIP
description blockyoutube
network-object object 202.69.185.16
network-object object youtube-IP-8
group-object youtubePublicIP
service-object ip
service-object tcp
service-object object ssh
network-object object ZeroDB-PLDT_WAN
network-object object ZeroDB_WAN
network-object object ZeroDB-PLDT_WAN
network-object object ZeroDB_WAN
service-object object https
port-object eq www
access-list comclarkOUTSIDE_access_in extended permit icmp any4 object-group All_inside_network
access-list comclarkOUTSIDE_access_in extended permit object-group DM_INLINE_SERVICE_8 object-group DM_INLINE_NET
access-list comclarkOUTSIDE_access_in extended permit object-group SQLDB-ports object-group DM_INLINE_NETWORK_2 o
access-list comclarkOUTSIDE_access_in extended permit object-group DM_INLINE_SERVICE_6 any object-group DM_INLINE_
access-list comclarkOUTSIDE_access_in extended permit object-group DM_INLINE_SERVICE_1 any object Zero_LAN inactive
access-list comclarkOUTSIDE_access_in extended permit object-group VOIP-ports any object Vicidial_LAN inactive
access-list comclarkOUTSIDE_access_in extended permit object-group DM_INLINE_SERVICE_3 any object Zeroimages_LAN
access-list comclarkOUTSIDE_access_in extended permit udp any object OpenVPN_LAN object-group OpenVPN-ports
access-list comclarkOUTSIDE_access_in extended permit ip any object localelcellcouk_LAN
access-list comclarkOUTSIDE_access_in extended permit object-group DM_INLINE_SERVICE_2 any object Talisma-Web_LAN
access-list comclarkOUTSIDE_access_in extended permit tcp any object OWA_LAN object-group DM_INLINE_TCP_2
access-list comclarkOUTSIDE_access_in extended permit object RDP any object Zero1_LAN inactive
access-list comclarkOUTSIDE_access_in extended permit ip any object Zeroimages_WAN inactive
access-list comclarkOUTSIDE_access_in extended permit tcp any object RabbitMQ_LAN eq www inactive
access-list comclarkOUTSIDE_access_in extended deny object-group DM_INLINE_PROTOCOL_2 object-group All_inside_netw
access-list comclarkOUTSIDE_access_in extended deny tcp any object-group DM_INLINE_NETWORK_12 range 1 65535
access-list PLDTOUTSIDE_access_in extended permit tcp any object Zero_LAN eq www
access-list PLDTOUTSIDE_access_in extended permit tcp any object Zeroimages_LAN eq www
access-list PLDTOUTSIDE_access_in extended permit tcp any object OWA_LAN object-group DM_INLINE_TCP_3
access-list PLDTOUTSIDE_access_in extended permit udp any object OpenVPN_LAN object-group OpenVPN-ports
access-list PLDTOUTSIDE_access_in extended permit object RDP object Sage_Support object Zero1_LAN
access-list PLDTOUTSIDE_access_in extended permit ip any object localelcellcouk_LAN
access-list PLDTOUTSIDE_access_in extended permit object-group DM_INLINE_SERVICE_4 any object Talisma-Web_LAN
access-list PLDTOUTSIDE_access_in extended permit tcp any object CCTV_LAN
access-list PLDTOUTSIDE_access_in extended permit object-group VOIP-ports any object Vicidial_LAN inactive
access-list PLDTBiz_access_in extended permit icmp any4 any4 echo-reply log disable
access-list PLDTFIBER100OUTSIDE_access_in extended permit object-group DM_INLINE_SERVICE_9 any object cszero_LAN
access-list PLDTFIBER100OUTSIDE_access_in extended permit icmp any4 192.168.20.0 255.255.255.0 echo-reply
access-list inside_mpc_2 extended permit ip host 192.168.24.21 any inactive
access-list inside_access_in extended deny ip object internal-subnet-28 object-group DM_INLINE_NETWORK_8
access-list inside_access_in extended deny ip object-group DM_INLINE_NETWORK_14 object-group DM_INLINE_NETWORK_
access-list inside_access_in extended deny ip host 192.168.23.46 any
access-list inside_access_in extended permit ip any any
pager lines 24
logging enable
logging asdm informational
no logging message 106015
flow-export destination inside 192.168.20.234 2055
flow-export template timeout-rate 1
flow-export delay flow-create 15
mtu comclarkOUTSIDE 1500
mtu PLDTOUTSIDE 1500
mtu inside 1500
mtu PLDTPFSENSE 1500
mtu management 1500
mtu PLDTBiz 1500
mtu PLDTFIBER100OUTSIDE 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-713.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (inside,inside) source dynamic internal_subnets interface destination static DM_INLINE_NETWORK_6 Zero_LAN
nat (inside,inside) source dynamic internal_subnets interface destination static DM_INLINE_NETWORK_17 Temp59
nat (inside,inside) source dynamic internal_subnets interface destination static temp59_WAN Temp159
nat (inside,inside) source dynamic internal_subnets interface destination static DM_INLINE_NETWORK_5 Zeroimages_LAN in
nat (inside,inside) source dynamic internal_subnets interface destination static DM_INLINE_NETWORK_18 ZeroDB_LAN
nat (inside,inside) source dynamic internal_subnets interface destination static DBClone_WAN DBClone_LAN
nat (inside,inside) source dynamic internal_subnets interface destination static SageDB2013_WAN SageDB2013_LAN
nat (inside,inside) source dynamic internal_subnets interface destination static RabbitMQ_WAN RabbitMQ_LAN
nat (inside,inside) source dynamic internal_subnets interface destination static DM_INLINE_NETWORK_7 Vicidial_LAN
nat (inside,inside) source dynamic internal_subnets interface destination static DM_INLINE_NETWORK_4 OWA_LAN
nat (inside,inside) source dynamic internal_subnets interface destination static QNAP-WAN QNAP-LAN
nat (inside,inside) source dynamic internal_subnets interface destination static Zero1_WAN Zero1_LAN
nat (comclarkOUTSIDE,inside) source static any any destination static RabbitMQ_WAN RabbitMQ_LAN description RabbitMQ
nat (comclarkOUTSIDE,inside) source static any any destination static Zero_WAN Zero_LAN description Comclark to Zero
nat (comclarkOUTSIDE,inside) source static any any destination static Zeroimages_WAN Temp159 service http http inactive
nat (comclarkOUTSIDE,inside) source static any any destination static Zeroimages_WAN Zeroimages_LAN service ssh ssh inac
nat (comclarkOUTSIDE,inside) source static any any destination static Vicidial_WAN Vicidial_LAN
nat (comclarkOUTSIDE,inside) source static any any destination static CSzero-Wan cszero_LAN
nat (comclarkOUTSIDE,inside) source static any any destination static QNAP-WAN QNAP-LAN
nat (comclarkOUTSIDE,inside) source static any localelcellcouk_WAN destination static localelcellcouk_LAN localelcellcouk_L
nat (comclarkOUTSIDE,inside) source static any any destination static OpenVPN_WAN OpenVPN_LAN
nat (comclarkOUTSIDE,inside) source static any any destination static DBClone_WAN DBClone_LAN
nat (comclarkOUTSIDE,inside) source static any any destination static SageDB2013_WAN SageDB2013_LAN
nat (comclarkOUTSIDE,inside) source static any any destination static ZeroDB_WAN Temp59
nat (comclarkOUTSIDE,inside) source static any any destination static Zero1_WAN Zero1_LAN
nat (comclarkOUTSIDE,inside) source static any any destination static OWA_WAN OWA_LAN
nat (PLDTFIBER100OUTSIDE,inside) source static any any destination static ZeroDB-PLDT_WAN Temp59
nat (PLDTFIBER100OUTSIDE,inside) source static any any destination static QNAP-PLDT_WAN QNAP-LAN
nat (PLDTFIBER100OUTSIDE,inside) source static any any destination static Zero-PLDT_WAN Zero_LAN
nat (PLDTFIBER100OUTSIDE,inside) source static any any destination static CSzero-Wan cszero_LAN
nat (PLDTOUTSIDE,inside) source static any any destination static Talisma-Web-PLDT_WAN Talisma-Web_LAN
nat (PLDTOUTSIDE,inside) source static any any destination static Zeroimages-PLDT_WAN Zeroimages_LAN
nat (PLDTOUTSIDE,inside) source static any any destination static Sage-App-PLDT_WAN Zero1_LAN
nat (PLDTOUTSIDE,any) source static any any destination static Vicidial-PLDT_WAN Vicidial_LAN inactive
nat (PLDTOUTSIDE,inside) source static any any destination static OWA-PLDT_WAN OWA_LAN
nat (PLDTOUTSIDE,inside) source static any any destination static CCTV-PLDT_WAN CCTV_LAN
nat (inside,inside) source dynamic internal_subnets interface destination static CSzero-Wan cszero_LAN
nat (comclarkOUTSIDE,inside) source static any any destination static temp59_WAN Temp159
nat (inside,comclarkOUTSIDE) source static NETWORK_OBJ_210.4.99.192_28 NETWORK_OBJ_210.4.99.192_28 destination s
nat (PLDTFIBER100OUTSIDE,any) source static TEST_HOST TEST_HOST destination static interface NETWORK_OBJ_122.52.11
!
object network Any_Comclark
nat (inside,comclarkOUTSIDE) dynamic interface
object network Any_PLDTOUTSIDE
nat (inside,PLDTBiz) dynamic interface
object network Any_PLDTPFSENSE
nat (inside,PLDTPFSENSE) dynamic interface
object network Any_PLDTFIBER100
nat (any,PLDTFIBER100OUTSIDE) dynamic interface
access-group comclarkOUTSIDE_access_in in interface comclarkOUTSIDE
access-group PLDTOUTSIDE_access_in in interface PLDTOUTSIDE
access-group inside_access_in in interface inside
access-group PLDTBiz_access_in in interface PLDTBiz
access-group PLDTFIBER100OUTSIDE_access_in in interface PLDTFIBER100OUTSIDE
route comclarkOUTSIDE 0.0.0.0 0.0.0.0 210.4.99.193 10 track 1
route PLDTFIBER100OUTSIDE 192.168.20.61 255.255.255.255 122.52.112.113 9 track 9
route inside 192.168.21.0 255.255.255.0 192.168.20.2 1
route inside 192.168.22.0 255.255.255.0 192.168.20.2 1
route inside 192.168.23.0 255.255.255.0 192.168.20.2 1
route inside 192.168.24.0 255.255.255.0 192.168.20.2 1
route inside 192.168.25.0 255.255.255.0 192.168.20.2 1
route inside 192.168.26.0 255.255.255.0 192.168.20.2 1
route inside 192.168.28.0 255.255.255.0 192.168.20.2 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication telnet console LOCAL
aaa authentication ssh console LOCAL
aaa authorization exec authentication-server
http server enable
http 192.168.1.0 255.255.255.0 management
http 192.168.21.0 255.255.255.0 inside
http 192.168.15.0 255.255.255.0 inside
http 192.168.20.0 255.255.255.0 inside
snmp-server group Authentication&Encryption v3 priv
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
sla monitor 2
type echo protocol ipIcmpEcho 202.69.191.10 interface comclarkOUTSIDE
num-packets 10
frequency 10
sla monitor schedule 2 life forever start-time now
sla monitor 9
type echo protocol ipIcmpEcho 8.8.8.8 interface PLDTFIBER100OUTSIDE
sla monitor schedule 9 life forever start-time now
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set Cloud_AES-256_SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
encryption aes-192
integrity sha
group 5 2
prf sha
encryption aes
integrity sha
group 5 2
prf sha
encryption 3des
integrity sha
group 5 2
prf sha
encryption des
integrity sha
group 5 2
prf sha
crypto ikev1 enable comclarkOUTSIDE
authentication pre-share
encryption aes-256
hash sha
group 5
lifetime 86400
!
track 1 rtr 2 reachability
!
track 9 rtr 9 reachability
telnet 192.168.21.0 255.255.255.0 inside
telnet 192.168.20.0 255.255.255.0 inside
telnet 192.168.15.0 255.255.255.0 inside
telnet 192.168.24.0 255.255.255.0 inside
telnet 192.168.1.0 255.255.255.0 management
telnet timeout 20
ssh 192.168.24.0 255.255.255.0 inside
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
dhcp-client client-id interface PLDTBiz
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
!
priority-queue inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1
username ecell password .iJCouA4uJ.7AVcS encrypted
username ciscoasaPH password k6/HhzClOgZ2Jl7d encrypted
tunnel-group-map enable rules
!
class-map type regex match-any URLBlock
match regex urllist1
class-map type regex match-any TurboListerStringBlock
description Turbo lIster String Block as per requirement for string search blocking
match regex TLString
class-map type regex match-any DomainBlock
match regex domainlist1
class-map type inspect http match-all BlockDOmainCLass
match request header host regex class DomainBlock
class-map inspection_default
match default-inspection-traffic
class-map inside-class2
match access-list inside_mpc_2
class-map type inspect http match-all AppHeaderClass
match request header regex contenttype regex applicationheader
class-map type inspect http match-all BlockYrlsClass
match request uri regex class URLBlock
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map type inspect http http_inspection_policy
parameters
protocol-violation action drop-connection
match request args regex TLString
drop-connection log
match request method connect
drop-connection log
class AppHeaderClass
drop-connection log
class BlockDOmainCLass
reset log
class BlockYrlsClass
reset log
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
class class-default
user-statistics accounting
flow-export event-type all destination 192.168.24.29 192.168.20.233 192.168.20.73 192.168.20.234
policy-map inside-policy
class inside-class2
police input 100000 1500
police output 100000 1500
!
service-policy global_policy global
service-policy inside-policy interface inside
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:5217901ca162cc9044a58a3adb532114
: end
asdm image disk0:/asdm-713.bin
no asdm history enable

CiscoASA PH

Загружено:

Сведения о документе

Авторское право

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

CiscoASA PH

Загружено:

Авторское право:

Column1

Вам также может понравиться