Новый участник
Сообщения: 3
Благодарности: 0
|
Профиль
|
Отправить PM
| Цитировать
": Saved
:
ASA Version 7.2(2)
!
hostname ciscoasa
domain-name default.domain.invalid
enable password ********** encrypted
names
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.254 255.255.255.0
ospf cost 10
!
interface Vlan2
nameif outside
security-level 0
ip address 192.168.33.1 255.255.255.0
ospf cost 10
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
passwd ********** encrypted
ftp mode passive
clock timezone GST 4
dns server-group DefaultDNS
domain-name default.domain.invalid
object-group network subnets_ZAGS
network-object 192.168.34.0 255.255.255.0
network-object 192.168.35.0 255.255.255.0
network-object host 192.168.33.100
network-object 192.168.33.0 255.255.255.0
access-list inside_access_in extended permit icmp host 192.168.1.29 any
access-list inside_access_in extended permit ip host 192.168.1.30 any
access-list inside_access_in extended permit ip host 192.168.1.29 any
access-list inside_access_in remark PARENT PROXY 192.168.1.29--> 10.3.2.11/8080
access-list inside_access_in extended permit tcp host 192.168.1.29 host 10.3.2.11 eq 8080 inactive
access-list inside_access_in remark pop3 inside_in for mail.izh.ru
access-list inside_access_in extended permit tcp host 192.168.1.29 host 192.168.31.1 eq pop3 inactive
access-list inside_access_in remark pop3 from 10.3.2.11 (for hmail ack)
access-list inside_access_in extended permit tcp host 192.168.1.29 host 10.3.2.11 eq pop3 inactive
access-list inside_access_in remark subnet_ZAGS down from 3proxy
access-list inside_access_in extended permit tcp host 192.168.1.29 eq 5555 object-group subnets_ZAGS eq 5555 inactive
access-list inside_access_in remark smtp translation from 192.168.1.29 to 10.3.2.14 smtp-server
access-list inside_access_in extended permit tcp host 192.168.1.29 host 10.3.2.14 eq smtp inactive
access-list inside_access_in remark smtp translation from 192.168.1.29 to 192.168.31.1 for Olimp
access-list inside_access_in extended permit tcp host 192.168.1.29 host 192.168.31.1 eq smtp inactive
access-list inside_access_in extended permit tcp host 192.168.1.29 eq ssh host 192.168.33.33 eq ssh inactive
access-list inside_access_in extended permit ip host 192.168.1.101 any
access-list inside_access_in extended permit icmp host 192.168.1.101 any
access-list inside_access_in extended permit ip host 192.168.33.103 any
access-list inside_access_in extended permit icmp host 192.168.33.103 any
access-list outside_access_in extended permit icmp any any
access-list outside_access_in extended permit ip any host 192.168.33.29 inactive
access-list outside_access_in extended permit ip object-group subnets_ZAGS host 192.168.33.29
access-list outside_access_in extended permit tcp object-group subnets_ZAGS host 192.168.33.29 eq 5555
access-list outside_access_in extended permit tcp object-group subnets_ZAGS eq smtp host 192.168.33.29 eq smtp
access-list outside_access_in extended permit tcp host 192.168.33.33 host 192.168.33.29 eq 5555
access-list outside_access_in extended permit tcp any eq 8080 interface outside eq 8080 inactive
access-list outside_access_in extended permit tcp any eq 5555 interface outside eq 5555 inactive
access-list outside_access_in extended permit tcp any eq pop3 interface outside eq pop3 inactive
access-list outside_access_in extended permit tcp any eq smtp host 192.168.1.29 eq smtp inactive
access-list outside_access_in remark pop3 from 10.3.2.11 (for hmail)
access-list outside_access_in extended permit tcp host 10.3.2.11 eq pop3 host 192.168.1.29 eq pop3 inactive
access-list outside_access_in remark subnets_zags access to 3proxy on 192.168.1.29/5555
access-list outside_access_in extended permit tcp object-group subnets_ZAGS host 192.168.1.29 eq 5555 inactive
access-list outside_access_in remark pop3 outside_in for mail.izh.ru
access-list outside_access_in extended permit tcp host 192.168.31.1 eq pop3 host 192.168.1.29 eq pop3 inactive
access-list outside_access_in remark PARENT PROXY 10.3.2.11/8080--> 192.168.1.29
access-list outside_access_in extended permit tcp host 10.3.2.11 eq 8080 host 192.168.33.29 inactive
access-list outside_access_in extended permit ip host 10.3.2.11 host 192.168.33.29
access-list outside_access_in extended permit ip host 10.3.2.11 host 192.168.33.101
access-list outside_access_in extended permit ip object-group subnets_ZAGS host 192.168.33.101
access-list outside_access_in extended permit tcp object-group subnets_ZAGS host 192.168.1.101 eq 5555
access-list outside_access_in extended permit tcp object-group subnets_ZAGS eq smtp host 192.168.33.101 eq smtp
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-522.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
global (outside) 2 192.168.33.29 netmask 255.255.255.255
static (inside,outside) tcp 192.168.33.100 55777 192.168.1.10 55777 netmask 255.255.255.255
static (inside,outside) 192.168.33.29 192.168.1.29 netmask 255.255.255.255
static (inside,outside) 192.168.33.101 192.168.1.101 netmask 255.255.255.255
access-group inside_access_in in interface inside
access-group outside_access_in in interface outside
route inside 192.168.1.29 255.255.255.255 192.168.1.254 1
route inside 192.168.1.101 255.255.255.255 192.168.1.254 1
route outside 0.0.0.0 0.0.0.0 192.168.33.254 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
username Van_87 password ************* encrypted privilege 15
aaa authentication ssh console LOCAL
http server enable
http 192.168.31.213 255.255.255.255 outside
http 192.168.1.29 255.255.255.255 inside
http 192.168.1.101 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet 192.168.1.29 255.255.255.255 inside
telnet 192.168.1.101 255.255.255.255 inside
telnet timeout 5
ssh 192.168.1.29 255.255.255.255 inside
ssh 192.168.1.101 255.255.255.255 inside
ssh 192.168.33.29 255.255.255.255 outside
ssh 192.168.31.213 255.255.255.255 outside
ssh 192.168.33.101 255.255.255.255 outside
ssh timeout 5
ssh version 2
console timeout 0
dhcpd auto_config outside
!
!
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
!
privilege cmd level 3 mode exec command perfmon
privilege cmd level 3 mode exec command ping
privilege cmd level 3 mode exec command who
privilege cmd level 3 mode exec command logging
privilege cmd level 3 mode exec command failover
privilege show level 5 mode exec command running-config
privilege show level 3 mode exec command reload
privilege show level 3 mode exec command mode
privilege show level 3 mode exec command firewall
privilege show level 3 mode exec command interface
privilege show level 3 mode exec command clock
privilege show level 3 mode exec command dns-hosts
privilege show level 3 mode exec command access-list
privilege show level 3 mode exec command logging
privilege show level 3 mode exec command ip
privilege show level 3 mode exec command failover
privilege show level 3 mode exec command asdm
privilege show level 3 mode exec command arp
privilege show level 3 mode exec command route
privilege show level 3 mode exec command ospf
privilege show level 3 mode exec command aaa-server
privilege show level 3 mode exec command aaa
privilege show level 3 mode exec command crypto
privilege show level 3 mode exec command vpn-sessiondb
privilege show level 3 mode exec command ssh
privilege show level 3 mode exec command dhcpd
privilege show level 3 mode exec command vpn
privilege show level 3 mode exec command blocks
privilege show level 3 mode exec command uauth
privilege show level 3 mode configure command interface
privilege show level 3 mode configure command clock
privilege show level 3 mode configure command access-list
privilege show level 3 mode configure command logging
privilege show level 3 mode configure command ip
privilege show level 3 mode configure command failover
privilege show level 5 mode configure command asdm
privilege show level 3 mode configure command arp
privilege show level 3 mode configure command route
privilege show level 3 mode configure command aaa-server
privilege show level 3 mode configure command aaa
privilege show level 3 mode configure command crypto
privilege show level 3 mode configure command ssh
privilege show level 3 mode configure command dhcpd
privilege show level 5 mode configure command privilege
privilege clear level 3 mode exec command dns-hosts
privilege clear level 3 mode exec command logging
privilege clear level 3 mode exec command arp
privilege clear level 3 mode exec command aaa-server
privilege clear level 3 mode exec command crypto
privilege cmd level 3 mode configure command failover
privilege clear level 3 mode configure command logging
privilege clear level 3 mode configure command arp
privilege clear level 3 mode configure command crypto
privilege clear level 3 mode configure command aaa-server
prompt hostname context
Cryptochecksum:588b4375f5b3ec72fcc3774ad9e88315
: end
asdm image disk0:/asdm-522.bin
no asdm history enable
|
Отправлено: 11:01, 06-03-2013
| #3
|
