asa_1

LAN+ISP_VPN+DMZ

ASA Version 7.0(2)

names

name 10.3.0.121 xxxDHCPVPN_22

name 10.3.0.122 xxxDHCPVPN_23

name 10.3.0.123 xxxDHCPVPN_24

name 10.3.0.124 xxxDHCPVPN_25

name 10.3.0.125 xxxDHCPVPN_26

!

interface Ethernet0/0

nameif outside

security-level 0

ip address xxx-ASA_outside 255.255.255.0

!

interface Ethernet0/1

nameif inside

security-level 100

ip address xxx-ASA_inside 255.255.255.0

!

interface Ethernet0/2

nameif dmz

security-level 50

ip address 192.168.253.1 255.255.255.0

!

interface Management0/0

nameif management

security-level 100

ip address 192.168.1.1 255.255.255.0

management-only

!

enable password xxxx encrypted

passwd xxxx encrypted

hostname xxxASA

ftp mode passive

access-list dmz_inside_inbound extended permit tcp any any

access-list outside_inbound extended permit tcp 10.3.0.0 255.255.0.0 host xxx-WEB2_outside eq 3389

access-list outside_inbound extended permit tcp 10.3.0.0 255.255.0.0 host xxx-WEB1_outside eq 3389

access-list outside_inbound extended permit tcp 10.3.0.0 255.255.0.0 any eq 3389

access-list outside_inbound extended permit tcp 10.3.0.0 255.255.0.0 any eq 1433

access-list outside_inbound extended permit icmp any any unreachable

access-list outside_inbound extended permit icmp any any echo-reply

access-list outside_inbound extended permit icmp any any echo

access-list outside_inbound extended permit ip host 10.0.0.253 host xxx-SQL_outside

access-list outside_inbound extended permit ip 10.3.0.0 255.255.0.0 host xxx-WEB2_outside

access-list outside_inbound extended deny ip host 10.0.0.251 any

access-list outside_inbound extended permit tcp 10.0.0.0 255.0.0.0 host xxx-WEBNLB_outside eq www

access-list outside_inbound extended permit ip host 10.0.0.252 host xxx-SQL_outside

access-list outside_inbound extended permit ip 10.3.0.0 255.255.0.0 host xxx-Reporting_outside

access-list outside_inbound extended permit ip 10.3.0.0 255.255.0.0 host xxx-Veritas_outside

access-list outside_inbound extended permit ip host 10.0.0.252 host xxx-Reporting_outside

access-list outside_inbound extended permit ip host 10.0.0.253 host xxx-Reporting_outside

pager lines 24

logging enable

logging trap informational

logging host outside xxx-UPDATE_aplikacije_i_antivirusa

mtu management 1500

mtu outside 1500

mtu inside 1500

mtu dmz 1500

monitor-interface management

monitor-interface outside

monitor-interface inside

monitor-interface dmz

icmp permit any echo outside

icmp permit any echo-reply outside

icmp permit any unreachable outside

icmp permit any echo-reply inside

icmp permit any unreachable inside

icmp permit any echo inside

icmp permit any echo dmz

icmp permit any unreachable dmz

icmp permit any echo-reply dmz

asdm image disk0:/asdm502.bin

no asdm history enable

arp timeout 14400

global (outside) 1 10.2.0.150-10.2.0.170

nat (inside) 1 0.0.0.0 0.0.0.0

nat (dmz) 1 0.0.0.0 0.0.0.0

static (inside,dmz) 192.168.254.0 192.168.254.0 netmask 255.255.255.0

static (inside,outside) xxx-SQL_outside xxx-SQL_inside netmask 255.255.255.255

static (dmz,outside) xxx-WEBNLB_outside xxx-WEBNLB_inside netmask 255.255.255.255

static (dmz,outside) xxx-WEB1_outside xxx-WEB1_inside netmask 255.255.255.255

static (dmz,outside) xxx-WEB2_outside xxx-WEB2_inside netmask 255.255.255.255

static (inside,outside) xxx-Reporting_outside xxx-Reporting_inside netmask 255.255.255.255

static (inside,outside) xxx-Veritas_outside xxx-Veritas_inside netmask 255.255.255.255

access-group outside_inbound in interface outside

access-group dmz_inside_inbound in interface dmz

route outside 0.0.0.0 0.0.0.0 10.2.0.1 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00

timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

username xxxxx password xxxx encrypted privilege 15

username xxxxx password xxxx encrypted privilege 15

aaa authentication ssh console LOCAL

http server enable

http 192.168.1.0 255.255.255.0 management

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp

telnet timeout 5

ssh 10.3.0.0 255.255.255.0 outside

ssh 192.168.254.0 255.255.255.0 inside

ssh timeout 5

console timeout 0

dhcpd address 192.168.1.2-192.168.1.254 management

dhcpd lease 3600

dhcpd ping_timeout 50

dhcpd enable management

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map global_policy

class inspection_default

inspect icmp

!

service-policy global_policy global

Cryptochecksum:d1aff915c914f48f4669c102617d9160

: end