asa_2

LAN + 2 WANs ( to ADSL_internet and to ISP_VPN )

ASA Version 7.0(2)

names

name 192.168.0.x Name1

name 192.168.0.x Name2

name 192.168.0.x Name3

name 192.168.0.x Name4

name 192.168.0.x Name5

name 192.168.0.x Name6

!

interface Ethernet0/0

nameif outside

security-level 0

ip address 192.168.100.1 255.255.255.0

!

interface Ethernet0/1

nameif inside

security-level 100

ip address x-ASA_inside 255.255.255.0

!

interface Ethernet0/2

nameif VPN

security-level 50

ip address 10.3.0.1 255.255.255.0

!

interface Management0/0

nameif management

security-level 100

ip address 192.168.1.1 255.255.255.0

management-only

!

enable password xxxxxxxxxx encrypted

passwd xxxxxxxx encrypted

hostname xxxxx

domain-name xxxx.local

ftp mode passive

clock timezone CEST 1

clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00

same-security-traffic permit intra-interface

access-list inside_VPN_outbound extended permit ip host Kruno_Linux 10.0.0.0 255.0.0.0

access-list inside_VPN_outbound extended permit ip host Kruno_WinXP 10.0.0.0 255.0.0.0

access-list inside_VPN_outbound extended permit ip host Kruno_Lap 10.0.0.0 255.0.0.0

access-list inside_VPN_outbound extended permit ip host JB_WinXP 10.0.0.0 255.0.0.0

access-list inside_VPN_outbound extended permit ip host Dario_XP 10.0.0.0 255.0.0.0

access-list inside_VPN_outbound extended permit ip host Damir_XP 10.0.0.0 255.0.0.0

access-list inside_VPN_outbound extended permit ip host Andrej_XP 10.0.0.0 255.0.0.0

access-list inside_VPN_outbound extended permit ip host Josip_XP 10.0.0.0 255.0.0.0

access-list inside_VPN_outbound extended permit ip host Robert_XP 10.0.0.0 255.0.0.0

access-list inside_VPN_outbound extended permit ip host Dragan_XP 10.0.0.0 255.0.0.0

access-list inside_VPN_outbound extended permit ip host Dragan_Lap 10.0.0.0 255.0.0.0

access-list inside_VPN_outbound extended permit ip host Dev2005 10.0.0.0 255.0.0.0

access-list inside_VPN_outbound extended permit ip host 192.168.0.254 10.0.0.0 255.0.0.0

access-list inside_VPN_outbound extended permit icmp host Podrska_XP 10.0.0.0 255.0.0.0

access-list inside_VPN_outbound extended permit tcp host Podrska_XP 10.0.0.0 255.0.0.0 eq 16234

access-list inside_VPN_outbound extended permit ip host DC_Server 10.0.0.0 255.0.0.0

access-list inside_VPN_outbound extended permit tcp host Podrska_XP 10.0.0.0 255.0.0.0 eq 1433

access-list VPN_inside_inbound extended permit tcp any any eq www

access-list VPN_inside_inbound extended permit tcp any any eq 4343

access-list VPN_inside_inbound extended permit tcp any any eq 8089

access-list VPN_inside_inbound extended permit udp any any eq syslog

access-list VPN_inside_inbound extended permit tcp any any eq 3389

access-list VPN_inside_inbound extended permit ip host 10.0.0.252 host 10.3.0.11

access-list VPN_inside_inbound extended permit ip host 10.0.0.253 host 10.3.0.11

access-list outside_inside_inbound extended permit tcp any any eq 4899

access-list outside_inside_inbound extended permit tcp any any eq pptp

access-list outside_inside_inbound extended permit tcp any any eq 22442

access-list outside_inside_inbound extended permit tcp any any eq 1111

access-list inside_out extended permit ip host Kruno_Lap any

access-list inside_out extended permit ip host Kruno_Linux any

access-list inside_out extended permit ip host DC_Server any

access-list inside_out extended permit ip host Update_Server any

access-list inside_out extended permit ip host RedHat any

access-list inside_out extended permit ip host JB_Lap any

access-list inside_out extended permit ip host JB_WinXP any

access-list inside_out extended permit ip host Dev2005 any

access-list inside_out extended permit ip host Kruno_WinXP any

access-list inside_out extended permit ip host Josip_XP any

access-list inside_out extended permit ip host Josip_Lap any

access-list inside_out extended permit ip host Sanela_XP any

access-list inside_out extended permit ip host Miro_Lap any

access-list inside_out extended permit ip host Andrej_XP any

access-list inside_out extended permit ip host Robert_XP any

access-list inside_out extended permit ip host Ivana_XP any

access-list inside_out extended permit ip host Andrej_Lap any

access-list inside_out extended permit ip host Robert_Lap any

access-list inside_out extended permit ip host Dario_XP any

access-list inside_out extended permit ip host Gogo_XP any

access-list inside_out extended permit ip host Damir_XP any

access-list inside_out extended permit ip host Damir_Lap any

access-list inside_out extended permit ip host Miro any

access-list inside_out extended permit ip host Imre_XP any

access-list inside_out extended permit ip host Imre_Lap any

access-list inside_out extended permit ip host Podrska_XP any

access-list inside_out extended permit ip host Dragan_XP any

access-list inside_out extended permit ip host Dragan_Lap any

access-list inside_out extended permit tcp host Filip_Lap any eq www

access-list inside_out extended permit tcp host Aleksandar_Lap any eq www

access-list inside_out extended permit tcp host Nikola_Lap any eq www

access-list inside_out extended permit tcp host Slaven_Lap any eq www

access-list inside_out extended permit tcp host Vedran_Lap any eq www

access-list inside_out extended permit tcp host Hrvoje_XP any eq www

access-list inside_out extended permit tcp host SS_XP any eq www

access-list inside_out extended permit tcp host Slaven_Lap any eq domain

access-list inside_out extended permit tcp host Aleksandar_Lap any eq domain

access-list inside_out extended permit tcp host Filip_Lap any eq domain

access-list inside_out extended permit tcp host Nikola_Lap any eq domain

access-list inside_out extended permit tcp host Vedran_Lap any eq domain

access-list inside_out extended permit tcp host Hrvoje_XP any eq domain

access-list inside_out extended permit tcp host SS_XP any eq domain

access-list inside_out extended permit tcp host Filip_Lap any eq pop3

access-list inside_out extended permit tcp host Filip_Lap any eq smtp

access-list inside_out extended permit tcp host Aleksandar_Lap any eq pop3

access-list inside_out extended permit tcp host Aleksandar_Lap any eq smtp

access-list inside_out extended permit tcp host Nikola_Lap any eq pop3

access-list inside_out extended permit tcp host Nikola_Lap any eq smtp

access-list inside_out extended permit tcp host Slaven_Lap any eq pop3

access-list inside_out extended permit tcp host Slaven_Lap any eq smtp

access-list inside_out extended permit tcp host Vedran_Lap any eq pop3

access-list inside_out extended permit tcp host Vedran_Lap any eq smtp

access-list inside_out extended permit tcp host SS_XP any eq pop3

access-list inside_out extended permit tcp host SS_XP any eq smtp

access-list inside_out extended permit tcp host Hrvoje_XP any eq pop3

access-list inside_out extended permit tcp host Hrvoje_XP any eq smtp

access-list inside_out extended permit tcp host Mirolap any

access-list inside_out extended permit ip host Jazz any

access-list inside_out extended permit tcp host Vedran_Lap any eq 8089

access-list inside_out extended permit tcp host Slaven_Lap any eq 8089

access-list inside_out extended permit tcp host Nikola_Lap any eq 8089

access-list inside_out extended permit tcp host Filip_Lap any eq 8089

access-list inside_out extended permit tcp host Aleksandar_Lap any eq 8089

access-list inside_out extended permit tcp host Vedran_Lap any eq https

access-list inside_out extended permit tcp host Slaven_Lap any eq https

access-list inside_out extended permit tcp host Nikola_Lap any eq https

access-list inside_out extended permit tcp host Aleksandar_Lap any eq https

access-list inside_out extended permit tcp host Filip_Lap any eq https

access-list inside_out extended permit tcp host Nikola_Lap any eq ftp

access-list inside_out extended permit tcp host Servis_IP_za_aktivaciju_windowsa any eq www

access-list inside_out extended permit tcp host Servis_IP_za_aktivaciju_windowsa any eq https

access-list inside_out extended permit tcp host SS_XP any eq ftp

access-list inside_out extended permit tcp host Servis_IP_za_aktivaciju_windowsa any eq domain

access-list inside_out extended permit tcp host SS_XP any eq https

access-list inside_out extended permit tcp host xxxx any eq domain

access-list inside_out extended permit tcp host xxxx any eq www

access-list inside_out extended permit tcp host xxxx any eq https

access-list inside_out extended permit tcp host xxxxx any eq ftp

access-list inside_out extended permit tcp host xxxx any eq domain

access-list inside_out extended permit tcp host Hrvoje_XP any eq https

access-list inside_out extended permit ip host Gogo_VoIP_test any

access-list inside_out extended permit tcp host xxxx any eq 465

access-list inside_out extended permit tcp host xxxx any eq 995

access-list inside_out extended permit tcp host Renata any eq www

access-list inside_out extended permit tcp host Renata any eq smtp

access-list inside_out extended permit tcp host Renata any eq pop3

access-list inside_out extended permit tcp host Renata any eq https

access-list inside_out extended permit tcp host Renata any eq domain

access-list inside_nat0_outbound extended permit ip 192.168.0.0 255.255.255.0 192.168.10.0 255.255.255.0

pager lines 24

logging enable

logging timestamp

logging trap informational

logging host inside Update_Server

mtu outside 1500

mtu inside 1500

mtu VPN 1500

mtu management 1500

ip local pool vpnpool 192.168.10.10-192.168.10.20

monitor-interface outside

monitor-interface inside

monitor-interface VPN

monitor-interface management

asdm image disk0:/asdm502.bin

no asdm history enable

arp timeout 14400

global (outside) 1 interface

global (VPN) 2 x_DHCPVPN_01-x_DHCPVPN_26

nat (inside) 0 access-list inside_nat0_outbound

nat (inside) 2 access-list inside_VPN_outbound

nat (inside) 1 0.0.0.0 0.0.0.0

static (inside,outside) tcp 192.168.100.2 4899 Kruno_WinXP 4899 netmask 255.255.255.255

static (inside,outside) tcp 192.168.100.2 pptp DC_Server pptp netmask 255.255.255.255

static (inside,outside) tcp 192.168.100.2 22442 JB_WinXP 22442 netmask 255.255.255.255

static (inside,outside) tcp 192.168.100.2 1111 192.168.0.90 1111 netmask 255.255.255.255

static (inside,VPN) x-UPDATE_for_an_app_and_antivirus_Update_Server netmask 255.255.255.255

static (inside,VPN) 10.3.0.11 Dev2005 netmask 255.255.255.255

access-group outside_inside_inbound in interface outside

access-group inside_out in interface inside

access-group VPN_inside_inbound in interface VPN

route outside 0.0.0.0 0.0.0.0 192.168.100.1 1

route VPN 10.0.0.0 255.0.0.0 10.3.0.1 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00

timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

group-policy DfltGrpPolicy attributes

banner none

wins-server none

dns-server value DC_Server

dhcp-network-scope none

vpn-access-hours none

vpn-simultaneous-logins 30

vpn-idle-timeout 30

vpn-session-timeout none

vpn-filter none

vpn-tunnel-protocol IPSec webvpn

password-storage disable

ip-comp enable

re-xauth disable

group-lock none

pfs disable

ipsec-udp disable

ipsec-udp-port 10000

split-tunnel-policy tunnelall

split-tunnel-network-list none

default-domain none

split-dns none

secure-unit-authentication disable

user-authentication disable

user-authentication-idle-timeout 30

ip-phone-bypass disable

leap-bypass disable

nem disable

backup-servers keep-client-config

client-firewall none

client-access-rule none

webvpn

functions url-entry

port-forward-name value Application Access

group-policy SecureMeGrp internal

group-policy SecureMeGrp attributes

default-domain value x.local

webvpn

username xxxxx password xxxxxx encrypted privilege 15

username xxxxx attributes

vpn-group-policy SecureMeGrp

webvpn

username xxxxxx password xxxxxxxx encrypted privilege 15

username xxxxx attributes

vpn-group-policy SecureMeGrp

webvpn

username xxxxx password xxxxxx encrypted privilege 15

username xxxxx attributes

vpn-group-policy SecureMeGrp

webvpn

username xxxxxx password xxxxx encrypted privilege 15

username xxxxxx attributes

vpn-group-policy SecureMeGrp

webvpn

aaa authentication ssh console LOCAL

http server enable

http 192.168.0.0 255.255.255.0 inside

http 192.168.0.0 255.255.255.0 management

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp

crypto ipsec transform-set myset esp-aes-256 esp-sha-hmac

crypto dynamic-map dynmap 10 set transform-set myset

crypto map IPSec_map 65535 ipsec-isakmp dynamic dynmap

crypto map IPSec_map interface outside

isakmp enable outside

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption aes-256

isakmp policy 10 hash sha

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

telnet 192.168.0.0 255.255.255.0 inside

telnet 192.168.0.0 255.255.255.0 management

telnet timeout 15

ssh 192.168.0.0 255.255.255.0 inside

ssh timeout 5

console timeout 0

tunnel-group ciscovpn type ipsec-ra

tunnel-group ciscovpn general-attributes

address-pool vpnpool

tunnel-group ciscovpn ipsec-attributes

pre-shared-key *

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map global_policy

class inspection_default

inspect dns maximum-length 512

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp

inspect pptp

inspect icmp

!

service-policy global_policy global

ntp server 213.194.159.3 source outside prefer

Cryptochecksum:7c460c8b52554437ddef3bd33b5e4d0a

: end