Cisco‎ > ‎

asa_2

LAN + 2 WANs ( to ADSL_internet and to ISP_VPN )

ASA Version 7.0(2)
names
name 192.168.0.x Name1
name 192.168.0.x Name2
name 192.168.0.x Name3
name 192.168.0.x Name4
name 192.168.0.x Name5
name 192.168.0.x Name6
!
interface Ethernet0/0
nameif outside
security-level 0
ip address 192.168.100.1 255.255.255.0
!
interface Ethernet0/1
nameif inside
security-level 100
ip address x-ASA_inside 255.255.255.0
!
interface Ethernet0/2
nameif VPN
security-level 50
ip address 10.3.0.1 255.255.255.0
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
!
enable password xxxxxxxxxx encrypted
passwd xxxxxxxx encrypted
hostname xxxxx
domain-name xxxx.local
ftp mode passive
clock timezone CEST 1
clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
same-security-traffic permit intra-interface
access-list inside_VPN_outbound extended permit ip host Kruno_Linux 10.0.0.0 255.0.0.0
access-list inside_VPN_outbound extended permit ip host Kruno_WinXP 10.0.0.0 255.0.0.0
access-list inside_VPN_outbound extended permit ip host Kruno_Lap 10.0.0.0 255.0.0.0
access-list inside_VPN_outbound extended permit ip host JB_WinXP 10.0.0.0 255.0.0.0
access-list inside_VPN_outbound extended permit ip host Dario_XP 10.0.0.0 255.0.0.0
access-list inside_VPN_outbound extended permit ip host Damir_XP 10.0.0.0 255.0.0.0
access-list inside_VPN_outbound extended permit ip host Andrej_XP 10.0.0.0 255.0.0.0
access-list inside_VPN_outbound extended permit ip host Josip_XP 10.0.0.0 255.0.0.0
access-list inside_VPN_outbound extended permit ip host Robert_XP 10.0.0.0 255.0.0.0
access-list inside_VPN_outbound extended permit ip host Dragan_XP 10.0.0.0 255.0.0.0
access-list inside_VPN_outbound extended permit ip host Dragan_Lap 10.0.0.0 255.0.0.0
access-list inside_VPN_outbound extended permit ip host Dev2005 10.0.0.0 255.0.0.0
access-list inside_VPN_outbound extended permit ip host 192.168.0.254 10.0.0.0 255.0.0.0
access-list inside_VPN_outbound extended permit icmp host Podrska_XP 10.0.0.0 255.0.0.0
access-list inside_VPN_outbound extended permit tcp host Podrska_XP 10.0.0.0 255.0.0.0 eq 16234
access-list inside_VPN_outbound extended permit ip host DC_Server 10.0.0.0 255.0.0.0
access-list inside_VPN_outbound extended permit tcp host Podrska_XP 10.0.0.0 255.0.0.0 eq 1433
access-list VPN_inside_inbound extended permit tcp any any eq www
access-list VPN_inside_inbound extended permit tcp any any eq 4343
access-list VPN_inside_inbound extended permit tcp any any eq 8089
access-list VPN_inside_inbound extended permit udp any any eq syslog
access-list VPN_inside_inbound extended permit tcp any any eq 3389
access-list VPN_inside_inbound extended permit ip host 10.0.0.252 host 10.3.0.11
access-list VPN_inside_inbound extended permit ip host 10.0.0.253 host 10.3.0.11
access-list outside_inside_inbound extended permit tcp any any eq 4899
access-list outside_inside_inbound extended permit tcp any any eq pptp
access-list outside_inside_inbound extended permit tcp any any eq 22442
access-list outside_inside_inbound extended permit tcp any any eq 1111
access-list inside_out extended permit ip host Kruno_Lap any
access-list inside_out extended permit ip host Kruno_Linux any
access-list inside_out extended permit ip host DC_Server any
access-list inside_out extended permit ip host Update_Server any
access-list inside_out extended permit ip host RedHat any
access-list inside_out extended permit ip host JB_Lap any
access-list inside_out extended permit ip host JB_WinXP any
access-list inside_out extended permit ip host Dev2005 any
access-list inside_out extended permit ip host Kruno_WinXP any
access-list inside_out extended permit ip host Josip_XP any
access-list inside_out extended permit ip host Josip_Lap any
access-list inside_out extended permit ip host Sanela_XP any
access-list inside_out extended permit ip host Miro_Lap any
access-list inside_out extended permit ip host Andrej_XP any
access-list inside_out extended permit ip host Robert_XP any
access-list inside_out extended permit ip host Ivana_XP any
access-list inside_out extended permit ip host Andrej_Lap any
access-list inside_out extended permit ip host Robert_Lap any
access-list inside_out extended permit ip host Dario_XP any
access-list inside_out extended permit ip host Gogo_XP any
access-list inside_out extended permit ip host Damir_XP any
access-list inside_out extended permit ip host Damir_Lap any
access-list inside_out extended permit ip host Miro any
access-list inside_out extended permit ip host Imre_XP any
access-list inside_out extended permit ip host Imre_Lap any
access-list inside_out extended permit ip host Podrska_XP any
access-list inside_out extended permit ip host Dragan_XP any
access-list inside_out extended permit ip host Dragan_Lap any
access-list inside_out extended permit tcp host Filip_Lap any eq www
access-list inside_out extended permit tcp host Aleksandar_Lap any eq www
access-list inside_out extended permit tcp host Nikola_Lap any eq www
access-list inside_out extended permit tcp host Slaven_Lap any eq www
access-list inside_out extended permit tcp host Vedran_Lap any eq www
access-list inside_out extended permit tcp host Hrvoje_XP any eq www
access-list inside_out extended permit tcp host SS_XP any eq www
access-list inside_out extended permit tcp host Slaven_Lap any eq domain
access-list inside_out extended permit tcp host Aleksandar_Lap any eq domain
access-list inside_out extended permit tcp host Filip_Lap any eq domain
access-list inside_out extended permit tcp host Nikola_Lap any eq domain
access-list inside_out extended permit tcp host Vedran_Lap any eq domain
access-list inside_out extended permit tcp host Hrvoje_XP any eq domain
access-list inside_out extended permit tcp host SS_XP any eq domain
access-list inside_out extended permit tcp host Filip_Lap any eq pop3
access-list inside_out extended permit tcp host Filip_Lap any eq smtp
access-list inside_out extended permit tcp host Aleksandar_Lap any eq pop3
access-list inside_out extended permit tcp host Aleksandar_Lap any eq smtp
access-list inside_out extended permit tcp host Nikola_Lap any eq pop3
access-list inside_out extended permit tcp host Nikola_Lap any eq smtp
access-list inside_out extended permit tcp host Slaven_Lap any eq pop3
access-list inside_out extended permit tcp host Slaven_Lap any eq smtp
access-list inside_out extended permit tcp host Vedran_Lap any eq pop3
access-list inside_out extended permit tcp host Vedran_Lap any eq smtp
access-list inside_out extended permit tcp host SS_XP any eq pop3
access-list inside_out extended permit tcp host SS_XP any eq smtp
access-list inside_out extended permit tcp host Hrvoje_XP any eq pop3
access-list inside_out extended permit tcp host Hrvoje_XP any eq smtp
access-list inside_out extended permit tcp host Mirolap any
access-list inside_out extended permit ip host Jazz any
access-list inside_out extended permit tcp host Vedran_Lap any eq 8089
access-list inside_out extended permit tcp host Slaven_Lap any eq 8089
access-list inside_out extended permit tcp host Nikola_Lap any eq 8089
access-list inside_out extended permit tcp host Filip_Lap any eq 8089
access-list inside_out extended permit tcp host Aleksandar_Lap any eq 8089
access-list inside_out extended permit tcp host Vedran_Lap any eq https
access-list inside_out extended permit tcp host Slaven_Lap any eq https
access-list inside_out extended permit tcp host Nikola_Lap any eq https
access-list inside_out extended permit tcp host Aleksandar_Lap any eq https
access-list inside_out extended permit tcp host Filip_Lap any eq https
access-list inside_out extended permit tcp host Nikola_Lap any eq ftp
access-list inside_out extended permit tcp host Servis_IP_za_aktivaciju_windowsa any eq www
access-list inside_out extended permit tcp host Servis_IP_za_aktivaciju_windowsa any eq https
access-list inside_out extended permit tcp host SS_XP any eq ftp
access-list inside_out extended permit tcp host Servis_IP_za_aktivaciju_windowsa any eq domain
access-list inside_out extended permit tcp host SS_XP any eq https
access-list inside_out extended permit tcp host xxxx any eq domain
access-list inside_out extended permit tcp host xxxx any eq www
access-list inside_out extended permit tcp host xxxx any eq https
access-list inside_out extended permit tcp host xxxxx any eq ftp
access-list inside_out extended permit tcp host xxxx any eq domain
access-list inside_out extended permit tcp host Hrvoje_XP any eq https
access-list inside_out extended permit ip host Gogo_VoIP_test any
access-list inside_out extended permit tcp host xxxx any eq 465
access-list inside_out extended permit tcp host xxxx any eq 995
access-list inside_out extended permit tcp host Renata any eq www
access-list inside_out extended permit tcp host Renata any eq smtp
access-list inside_out extended permit tcp host Renata any eq pop3
access-list inside_out extended permit tcp host Renata any eq https
access-list inside_out extended permit tcp host Renata any eq domain
access-list inside_nat0_outbound extended permit ip 192.168.0.0 255.255.255.0 192.168.10.0 255.255.255.0
pager lines 24
logging enable
logging timestamp
logging trap informational
logging host inside Update_Server
mtu outside 1500
mtu inside 1500
mtu VPN 1500
mtu management 1500
ip local pool vpnpool 192.168.10.10-192.168.10.20
monitor-interface outside
monitor-interface inside
monitor-interface VPN
monitor-interface management
asdm image disk0:/asdm502.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
global (VPN) 2 x_DHCPVPN_01-x_DHCPVPN_26
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 2 access-list inside_VPN_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp 192.168.100.2 4899 Kruno_WinXP 4899 netmask 255.255.255.255
static (inside,outside) tcp 192.168.100.2 pptp DC_Server pptp netmask 255.255.255.255
static (inside,outside) tcp 192.168.100.2 22442 JB_WinXP 22442 netmask 255.255.255.255
static (inside,outside) tcp 192.168.100.2 1111 192.168.0.90 1111 netmask 255.255.255.255
static (inside,VPN) x-UPDATE_aplikacije_i_antivirusa Update_Server netmask 255.255.255.255
static (inside,VPN) 10.3.0.11 Dev2005 netmask 255.255.255.255
access-group outside_inside_inbound in interface outside
access-group inside_out in interface inside
access-group VPN_inside_inbound in interface VPN
route outside 0.0.0.0 0.0.0.0 192.168.100.1 1
route VPN 10.0.0.0 255.0.0.0 10.3.0.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
group-policy DfltGrpPolicy attributes
banner none
wins-server none
dns-server value DC_Server
dhcp-network-scope none
vpn-access-hours none
vpn-simultaneous-logins 30
vpn-idle-timeout 30
vpn-session-timeout none
vpn-filter none
vpn-tunnel-protocol IPSec webvpn
password-storage disable
ip-comp enable
re-xauth disable
group-lock none
pfs disable
ipsec-udp disable
ipsec-udp-port 10000
split-tunnel-policy tunnelall
split-tunnel-network-list none
default-domain none
split-dns none
secure-unit-authentication disable
user-authentication disable
user-authentication-idle-timeout 30
ip-phone-bypass disable
leap-bypass disable
nem disable
backup-servers keep-client-config
client-firewall none
client-access-rule none
webvpn
functions url-entry
port-forward-name value Application Access
group-policy SecureMeGrp internal
group-policy SecureMeGrp attributes
default-domain value x.local
webvpn
username xxxxx password xxxxxx encrypted privilege 15
username xxxxx attributes
vpn-group-policy SecureMeGrp
webvpn
username xxxxxx password xxxxxxxx encrypted privilege 15
username xxxxx attributes
vpn-group-policy SecureMeGrp
webvpn
username xxxxx password xxxxxx encrypted privilege 15
username xxxxx attributes
vpn-group-policy SecureMeGrp
webvpn
username xxxxxx password xxxxx encrypted privilege 15
username xxxxxx attributes
vpn-group-policy SecureMeGrp
webvpn
aaa authentication ssh console LOCAL
http server enable
http 192.168.0.0 255.255.255.0 inside
http 192.168.0.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp
crypto ipsec transform-set myset esp-aes-256 esp-sha-hmac
crypto dynamic-map dynmap 10 set transform-set myset
crypto map IPSec_map 65535 ipsec-isakmp dynamic dynmap
crypto map IPSec_map interface outside
isakmp enable outside
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption aes-256
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
telnet 192.168.0.0 255.255.255.0 inside
telnet 192.168.0.0 255.255.255.0 management
telnet timeout 15
ssh 192.168.0.0 255.255.255.0 inside
ssh timeout 5
console timeout 0
tunnel-group ciscovpn type ipsec-ra
tunnel-group ciscovpn general-attributes
address-pool vpnpool
tunnel-group ciscovpn ipsec-attributes
pre-shared-key *
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect dns maximum-length 512
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect pptp
inspect icmp
!
service-policy global_policy global
ntp server 213.194.159.3 source outside prefer
Cryptochecksum:7c460c8b52554437ddef3bd33b5e4d0a
: end 
Comments