标签:sha str parameter icmp cot skin tsp entity pack
--------------------ASA双线出口配置object network inside-outside-any-------------NAT地址配置
subnet 0.0.0.0 0.0.0.0
object network inside-backup-any-------------NAT地址配置
subnet 0.0.0.0 0.0.0.0
access-list 101 extended permit ip any any ----------ACL放行流量
access-list 101 extended permit icmp any any
access-group 101 in interface inside
access-group 101 in interface outside
access-group 101 in interface backup
object network inside-outside-any-------------NAT配置
nat (inside,outside) dynamic interface
object network inside-backup-any-------------NAT配置
nat (inside,backup) dynamic interface
route outside 0.0.0.0 0.0.0.0 101.207.139.1 1 track 1
route backup 0.0.0.0 0.0.0.0 110.185.170.129 2
sla monitor 1 ---------------------SLA配置
type echo protocol ipIcmpEcho 101.207.139.1 interface outside
num-packets 3
frequency 5
sla monitor schedule 1 life forever start-time now
track 1 rtr 1 reachability
——————————————————————————————
VXI-CD-D4-ALI-YX# sh run
: Saved
:
: Serial Number: FCH162771ZE
: Hardware: ASA5512, 4096 MB RAM, CPU Clarkdale 2792 MHz, 1 CPU (2 cores)
:
ASA Version 9.8(1)
!
hostname VXI-CD-D4-ALI-YX
domain-name vxichina.com
enable password $sha512$5000$IbjrxTmSmmi2fcd+JFFd9Q==$7osUM8bEfJAmvSoFwMDaAA== pbkdf2
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
names
!
interface GigabitEthernet0/0
nameif inside
security-level 100
ip address 172.29.32.199 255.255.255.0
!
interface GigabitEthernet0/1
description CU-150M
nameif outside
security-level 0
ip address X.207.139.216 255.255.255.0
!
interface GigabitEthernet0/2
description CT-50M
nameif backup
security-level 10
ip address X.185.170.155 255.255.255.128
!
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/4
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/5
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
management-only
shutdown
no nameif
no security-level
no ip address
!
ftp mode passive
dns server-group DefaultDNS
domain-name vxichina.com
object network inside-outside-any
subnet 0.0.0.0 0.0.0.0
object network inside-backup-any
subnet 0.0.0.0 0.0.0.0
access-list 101 extended permit ip any any
access-list 101 extended permit icmp any any
pager lines 24
logging enable
logging trap notifications
logging host inside 172.29.34.200
mtu inside 1500
mtu outside 1500
mtu backup 1500
no failover
no monitor-interface service-module
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
arp rate-limit 8192
!
object network inside-outside-any
nat (inside,outside) dynamic interface
object network inside-backup-any
nat (inside,backup) dynamic interface
access-group 101 in interface inside
access-group 101 in interface outside
access-group 101 in interface backup
route outside 0.0.0.0 0.0.0.0 X.207.139.1 1 track 1
route backup 0.0.0.0 0.0.0.0 X.185.170.129 10
route inside 172.28.199.0 255.255.255.0 172.29.32.254 1
route inside 172.29.33.0 255.255.255.0 172.29.32.254 1
route inside 172.29.34.0 255.255.255.0 172.29.32.254 1
route inside 172.29.35.0 255.255.255.0 172.29.32.254 1
route inside 172.29.36.0 255.255.255.0 172.29.32.254 1
route inside 172.29.37.0 255.255.255.0 172.29.32.254 1
route inside 172.29.39.0 255.255.255.0 172.29.32.254 1
route inside 172.29.40.0 255.255.255.0 172.29.32.254 1
route inside 172.29.45.0 255.255.255.0 172.29.32.254 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
timeout conn-holddown 0:00:15
timeout igp stale-route 0:01:10
aaa-server vxidcsh1 protocol radius
aaa-server vxidcsh1 (inside) host 172.28.2.101
key
authentication-port 1812
accounting-port 1813
user-identity default-domain LOCAL
aaa authentication ssh console vxidcsh1 LOCAL
aaa authentication login-history
snmp-server host inside 172.28.199.251 community version 2c
snmp-server host inside 172.28.199.243 community version 2c
snmp-server host inside 172.29.34.94 community version 2c
no snmp-server location
no snmp-server contact
sla monitor 1
type echo protocol ipIcmpEcho X.207.139.1 interface outside
num-packets 3
frequency 5
sla monitor schedule 1 life forever start-time now
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
!
track 1 rtr 1 reachability
telnet timeout 5
ssh stricthostkeycheck
ssh 172.28.199.251 255.255.255.255 inside
ssh 172.28.199.249 255.255.255.255 inside
ssh 172.29.36.1 255.255.255.255 inside
ssh timeout 3
ssh version 2
ssh key-exchange group dh-group1-sha1
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
dynamic-access-policy-record DfltAccessPolicy
username vxiadmin password $sha512$5000$/jobuwTFUIY2T1UoeJxf1w==$L5ssEprPnLaztyppoZ4LpA== pbkdf2
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
no tcp-inspection
policy-map global_policy
class inspection_default
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect dns preset_dns_map
policy-map type inspect dns migrated_dns_map_2
parameters
message-length maximum client auto
message-length maximum 512
no tcp-inspection
policy-map type inspect dns migrated_dns_map_1
parameters
message-length maximum client auto
message-length maximum 512
no tcp-inspection
!
service-policy global_policy global
prompt hostname context
call-home reporting anonymous prompt 1
call-home
profile CiscoTAC-1
no active
destination address http
destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:146bf7d331e2e7182b49172416034f7f
: end
标签:sha str parameter icmp cot skin tsp entity pack
原文地址:https://blog.51cto.com/13251917/2541556