wiki:Realisations/2007-2008/Projet/Entreprise1/ASA5510

Version 1 (modified by oriol, 17 years ago) (diff)

--

Configuration Cisco ASA 5510

ASA Version 7.0(6) 
!
hostname ciscoasa
domain-name AS1
enable password 2KFQnbNIdI.2KYOU encrypted
names
dns-guard
!
interface Ethernet0/0
 nameif outside
 security-level 0
 ip address 10.10.0.2 255.255.255.0 
 ipv6 address 2001:db8:8001:2000::2/64
 ipv6 enable
!
interface Ethernet0/1
 nameif inside
 security-level 100
 ip address 10.10.1.254 255.255.255.0 
 ipv6 address 2001:db8:8001:1::ffff/64
 ipv6 enable
!
interface Ethernet0/2
 nameif DMZ   
 security-level 50
 ip address 10.10.2.254 255.255.255.0 
 ipv6 address 2001:db8:8001:2::ffff/64
 ipv6 enable
!
interface Management0/0
 nameif management
 security-level 100
 ip address 10.10.130.10 255.255.255.0 
 management-only
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
clock timezone CEST 1
clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
object-group protocol all
 protocol-object 22
 protocol-object 23
 protocol-object 80
 protocol-object ip
 protocol-object icmp
 protocol-object igmp
 protocol-object ipinip
 protocol-object tcp
 protocol-object udp
 protocol-object esp
 protocol-object ah
 protocol-object icmp6
 protocol-object ospf
 protocol-object pim
access-list tcp_permit extended permit tcp any any 
access-list udp_permit extended permit udp any any 
access-list icmp_permit extended permit icmp any any 
access-list http_permit extended permit 80 any any 
access-list telnet extended permit 23 any any 
access-list all extended permit object-group all any any 
pager lines 24
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu DMZ 1500
mtu management 1500
icmp permit any outside
icmp permit any inside
icmp permit any DMZ
icmp permit any management
asdm image disk0:/asdm506.bin
no asdm history enable
arp timeout 14400
access-group all in interface outside
access-group all out interface outside
access-group all in interface inside
access-group all out interface inside
access-group all in interface DMZ
access-group all out interface DMZ
rip outside default version 2
route outside 10.20.0.0 255.255.0.0 10.10.0.1 1
route outside 10.30.0.0 255.255.0.0 10.10.0.1 1
route outside 10.40.0.0 255.255.0.0 10.10.0.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
username david password z0WkhcbGz1/5UmkS encrypted privilege 15
http server enable
http 10.10.130.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet 10.10.130.0 255.255.255.0 management
telnet timeout 5
ssh scopy enable
ssh 10.10.130.0 255.255.255.0 management
ssh 10.10.130.2 255.255.255.255 management
ssh timeout 5
ssh version 2
console timeout 0
tftp-server management 10.10.2.1 ciscoASA5510