Scribd Logo
Încărcați

Bine ați venit la Scribd!

  • Asa

    Încărcat de

    nr1733
    42 vizualizări4 pagini

    Drepturi de autor

    © Attribution Non-Commercial (BY-NC)

    Formate disponibile

    TXT, PDF, TXT sau citiți online pe Scribd

    Vi se pare util acest document?

    Este necorespunzător acest conținut?

    Raportați acest document

    Drepturi de autor:

    Attribution Non-Commercial (BY-NC)
    Descărcați ca TXT, PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    42 vizualizări4 pagini

    Asa

    Încărcat de

    nr1733

    Drepturi de autor:

    Attribution Non-Commercial (BY-NC)
    Descărcați ca TXT, PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    din 4

    hostname ASA enable password 8Ry2YjIyt7RRXU24 encrypted names dns-guard ! interface Ethernet0/0 nameif outside security-level 0 ip address 192.1.22.

    10 255.255.255.0 ospf message-digest-key 1 md5 <removed> ospf authentication message-digest ! interface Ethernet0/1 nameif inside security-level 100 ip address 10.22.22.10 255.255.255.0 ! interface Ethernet0/2 nameif DMZ3 security-level 50 ip address 10.33.33.10 255.255.255.0 ! interface Ethernet0/3 shutdown no nameif no security-level no ip address ! interface Management0/0 shutdown no nameif no security-level no ip address ! passwd 2KFQnbNIdI.2KYOU encrypted regex ABC "CMD" regex CMD "CMD.EXE$" boot system disk0:/asa722-k8.bin ftp mode passive object-group network PN network-object 101.1.1.0 255.255.255.0 network-object 150.1.5.0 255.255.255.0 network-object 175.4.1.0 255.255.255.0 network-object 199.1.33.0 255.255.255.0 network-object 205.5.7.0 255.255.255.0 object-group network W-F-N network-object host 192.1.22.201 network-object host 192.1.22.202 network-object host 192.1.22.203 object-group network SMTP-N network-object host 192.1.22.204 network-object host 192.1.22.205 object-group network D-T-N network-object host 192.1.22.206 network-object host 192.1.22.207 object-group service W-F-S tcp port-object eq www port-object eq https port-object eq ftp object-group service D-T-S udp

    port-object eq tftp port-object eq domain access-list inf extended permit tcp host 192.1.22.2 host 10.22.22.1 eq bgp access-list inf extended permit tcp any host 192.1.22.222 eq www access-list inf extended permit tcp any host 192.1.22.221 eq ftp access-list inf extended permit tcp any host 10.22.22.1 eq telnet access-list inf extended permit tcp any host 10.22.22.1 eq ssh access-list inf extended permit tcp any host 10.22.22.1 eq www access-list inf extended permit tcp any host 192.1.22.25 eq www access-list inf extended permit tcp any host 192.1.22.25 eq tacacs access-list inf extended permit udp any host 192.1.22.25 eq radius access-list inf extended permit udp any host 192.1.22.25 eq radius-acct access-list inf extended permit tcp any host 192.1.22.10 eq smtp access-list inf extended permit tcp any host 192.1.22.10 eq telnet access-list inf extended permit tcp host 22.22.22.22 host 192.1.22.21 eq ssh access-list inf extended permit tcp host 22.22.22.22 host 192.1.22.21 eq telnet access-list inf extended permit tcp host 192.1.22.2 host 192.1.22.22 eq ssh access-list inf extended permit tcp host 192.1.22.2 host 192.1.22.22 eq telnet access-list inf extended permit icmp host 22.22.22.22 host 10.22.22.1 access-list inf extended permit tcp object-group PN object-group W-F-N object-gr oup W-F-S access-list inf extended permit tcp object-group PN object-group SMTP-N eq smtp access-list inf extended permit udp object-group PN object-group D-T-N object-gr oup D-T-S access-list MYFTP extended permit tcp any host 192.1.22.221 eq ftp access-list HTTPCMD extended permit tcp any host 192.1.22.222 eq www access-list MyServers extended permit tcp any host 192.1.22.221 eq ftp access-list MyServers extended permit tcp any host 192.1.22.221 eq ftp-data access-list MyServers extended permit tcp any host 192.1.22.222 eq www ! tcp-map ABC tcp-options range 19 19 allow ! no pager mtu outside 1500 mtu inside 1500 mtu DMZ3 1500 no failover icmp unreachable rate-limit 1 burst-size 1 icmp permit any echo-reply outside asdm image disk0:/asdm506.bin no asdm history enable arp timeout 14400 global (outside) 1 192.1.22.151-192.1.22.200 global (outside) 1 interface nat (inside) 1 10.11.11.0 255.255.255.0 nat (inside) 1 10.22.22.0 255.255.255.0 nat (inside) 1 11.0.0.0 255.0.0.0 nat (DMZ3) 1 10.33.33.0 255.255.255.0 nat (DMZ3) 1 33.0.0.0 255.0.0.0 static (DMZ3,outside) tcp interface smtp 10.33.33.31 smtp netmask 255.255.255.25 5 static (DMZ3,outside) tcp interface telnet 10.33.33.32 telnet netmask 255.255.25 5.255 static (inside,outside) 10.22.22.1 10.22.22.1 netmask 255.255.255.255 static (inside,outside) 192.1.22.25 10.22.22.25 netmask 255.255.255.255 static (DMZ3,outside) 192.1.22.201 10.33.33.201 netmask 255.255.255.255 static (DMZ3,outside) 192.1.22.202 10.33.33.202 netmask 255.255.255.255 static (DMZ3,outside) 192.1.22.203 10.33.33.203 netmask 255.255.255.255 static (DMZ3,outside) 192.1.22.204 10.33.33.204 netmask 255.255.255.255

    static (DMZ3,outside) 192.1.22.205 10.33.33.205 netmask 255.255.255.255 static (DMZ3,outside) 192.1.22.206 10.33.33.206 netmask 255.255.255.255 static (DMZ3,outside) 192.1.22.207 10.33.33.207 netmask 255.255.255.255 static (inside,outside) 192.1.22.221 10.22.22.221 netmask 255.255.255.255 static (inside,outside) 192.1.22.222 10.22.22.222 netmask 255.255.255.255 access-group inf in interface outside ! router ospf 1 network 192.1.22.0 255.255.255.0 area 0 log-adj-changes ! timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout uauth 0:05:00 absolute no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart telnet timeout 5 ssh timeout 5 console timeout 0 dhcpd dns 192.1.22.35 dhcpd wins 10.33.33.36 ! dhcpd address 10.33.33.51-10.33.33.100 DMZ3 dhcpd enable DMZ3 ! priority-queue outside ! class-map FTP2100 match port tcp eq 2100 class-map BGP match port tcp eq bgp class-map HTTP8080 match port tcp eq 8080 class-map Q-Telnet match port tcp eq telnet class-map MyServers match access-list MyServers class-map Q-HTTP match port tcp eq www class-map Q-SMTP match port tcp eq smtp class-map MYFTP-S match access-list MYFTP class-map inspection_default match default-inspection-traffic class-map Q-FTP match port tcp range ftp-data ftp class-map HTTP-CMD match access-list HTTPCMD ! ! policy-map type inspect http URL parameters match request uri regex ABC drop-connection policy-map type inspect ftp FTP-C parameters

    match request-command rnfr put dele rmd reset policy-map global_policy class inspection_default inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect skinny inspect esmtp inspect sqlnet inspect sunrpc inspect tftp inspect sip inspect http inspect icmp class HTTP8080 inspect http class FTP2100 inspect ftp class MYFTP-S inspect ftp strict FTP-C class HTTP-CMD inspect http URL class BGP set connection random-sequence-number disable set connection advanced-options ABC policy-map type inspect ftp abc parameters mask-syst-reply policy-map QoS class Q-HTTP police output 256000 class Q-FTP police output 128000 class Q-SMTP police output 128000 class Q-Telnet priority class MyServers police input 256000 ! service-policy global_policy global service-policy QoS interface outside prompt hostname context

    S-ar putea să vă placă și