: Saved
: Written by enable_15 at 07:19:51.329 UTC Tue Sep 30 2014
!
ASA Version 8.4(2) 
!
hostname asa1
enable password 0kJhWf.xwl584crW encrypted
passwd 0kJhWf.xwl584crW encrypted
names
!
interface GigabitEthernet0
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet1
 nameif outside
 security-level 0
 ip address 62.105.149.229 255.255.255.224 
!
interface GigabitEthernet2
 nameif inside
 security-level 100
 ip address 192.168.2.253 255.255.255.0 
!
interface GigabitEthernet3
 nameif dmz
 security-level 50
 ip address 192.168.253.1 255.255.255.0 
!
interface GigabitEthernet4
 nameif inside2
 security-level 90
 ip address 192.168.252.1 255.255.255.0 
!
interface GigabitEthernet5
 shutdown
 no nameif
 no security-level
 no ip address
!
ftp mode passive
object network inside_2
 subnet 192.168.2.0 255.255.255.0
object network outside_pool
 range 62.105.149.230 62.105.149.235
object network outside_address
 host 62.105.149.236
object network outside_address2
 host 62.105.149.240
object network specific_real_address
 host 195.112.100.134
object network internal_client1
 host 192.168.2.249
object network real_address_9.9.9.9
 host 9.9.9.9
object network dmz_server_global
 host 62.105.149.237
object network dmz_server_real
 host 192.168.253.10
object network dmz_server1_http_local
 host 192.168.253.10
object network dmz_server2_local
 host 192.168.253.11
object network dmz_server1_global
 host 62.105.149.237
object network dmz_server2_global
 host 62.105.149.238
object network dmz_indentity
 subnet 192.168.253.0 255.255.255.0
object network dmz_network
 subnet 192.168.253.0 255.255.255.0
object network dmz_server1_ftp_local
 host 192.168.253.10
object service ftp_service_obj
 service tcp destination range ftp-data ftp 
object network dmz_server1_ftp_data_local
 host 192.168.253.10
object network inside_252
 subnet 192.168.252.0 255.255.255.0
object network private_network10
 subnet 10.0.0.0 255.0.0.0
object network private_network_172
 subnet 172.16.0.0 172.31.0.0
object network provate_192
 subnet 192.168.0.0 255.255.0.0
object-group network dmz_servers_inside
 network-object object dmz_server1_http_local
 network-object object dmz_server2_local
object-group service dmz_services_og tcp
 port-object eq ftp
 port-object eq ftp-data
 port-object eq www
 port-object eq https
object-group network dmz_servers_global
 network-object object dmz_server1_global
 network-object object dmz_server2_global
object-group network private_networks
 network-object object private_network10
 network-object object private_network_172
 network-object object provate_192
access-list outside_access_in extended permit tcp any object dmz_server1_http_local eq www 
access-list outside_access_in extended permit tcp any object dmz_server1_http_local eq ftp 
access-list dmz_access_in extended permit ip any host 192.168.2.49 
access-list dmz_access_in extended permit icmp any host 192.168.2.49 
access-list dmz_access_in extended permit tcp any host 192.168.2.12 eq ftp 
access-list dmz_access_in extended deny ip any object-group private_networks 
access-list dmz_access_in extended permit ip any any 
access-list inside2_access_in extended permit ip any any 
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu dmz 1500
mtu inside2 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-643.bin
no asdm history enable
arp timeout 14400
!
object network inside_2
 nat (inside,outside) dynamic outside_address
object network dmz_server1_http_local
 nat (dmz,any) static dmz_server1_global service tcp www www 
object network dmz_network
 nat (dmz,outside) dynamic outside_address
object network inside_252
 nat (inside2,outside) dynamic outside_address
access-group outside_access_in in interface outside
access-group dmz_access_in in interface dmz
access-group inside2_access_in in interface inside2
!
router ospf 10
 network 192.168.2.0 255.255.255.0 area 0
 network 192.168.252.0 255.255.255.0 area 0
 network 192.168.253.0 255.255.255.0 area 0
 log-adj-changes
!
route outside 0.0.0.0 0.0.0.0 62.105.149.225 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL 
aaa authentication http console LOCAL 
http server enable
http 192.168.2.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ca trustpoint ASDM_TrustPoint0
 enrollment self
 subject-name CN=asa1
 crl configure
crypto ca certificate chain ASDM_TrustPoint0
 certificate a08d0954
    308201bf 30820128 a0030201 020204a0 8d095430 0d06092a 864886f7 0d010105 
    05003024 310d300b 06035504 03130461 73613131 13301106 092a8648 86f70d01 
    09021604 61736131 301e170d 31343039 30393036 34333131 5a170d32 34303930 
    36303634 3331315a 3024310d 300b0603 55040313 04617361 31311330 1106092a 
    864886f7 0d010902 16046173 61313081 9f300d06 092a8648 86f70d01 01010500 
    03818d00 30818902 818100b6 d25b97cd e0ed5718 3ecbbff9 42da6ed9 df44c4d5 
    036d4d2d 249d1071 e194948d c316b5f3 740d1ae5 b7a5a218 7cc9abeb 02269934 
    7f7973a5 356e6eea 0da663a6 7841213a 67d3f9d0 c37292d6 411c55ef 4c85d933 
    2a256e40 a704fd4b 3aa219f8 9fc8a1d1 b200763d 115feb23 65246dca a0a931da 
    a777b0f9 c403ed90 fe92eb02 03010001 300d0609 2a864886 f70d0101 05050003 
    81810059 cb397650 83599d06 eb06f86c e1fd252d a1b39a54 678ec267 67ba6381 
    86acafef f744a994 9d7b5f7a 5ed95012 8d7d4630 3c60d062 78e44689 74302088 
    3527e410 d27b6b16 58f78a91 8c65358a 76ec1bfb 0bad9eba a7b0c527 d254f9ec 
    f3e1035a 057ef088 f435bee2 8be82726 1ca2a291 97838ce3 b23e18d4 9856884c 188818
  quit
telnet 192.168.2.0 255.255.255.0 inside
telnet timeout 5
ssh 192.168.2.0 255.255.255.0 inside
ssh timeout 60
console timeout 0
dhcpd address 192.168.252.100-192.168.252.200 inside2
dhcpd dns 8.8.8.8 interface inside2
dhcpd enable inside2
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
username asaadmin password fLerRrl0l9cO2yQ1 encrypted privilege 15
!
class-map inspection_default
 match default-inspection-traffic
class-map type inspect ftp match-all ftp-inpect-cmap
 match request-command dele 
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum client auto
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map 
  inspect h323 h225 
  inspect h323 ras 
  inspect rsh 
  inspect rtsp 
  inspect esmtp 
  inspect sqlnet 
  inspect skinny  
  inspect sunrpc 
  inspect xdmcp 
  inspect sip  
  inspect netbios 
  inspect tftp 
  inspect ip-options 
  inspect icmp 
  inspect ftp 
policy-map type inspect ftp ftp-inpect-pmap
 parameters
  mask-banner
  mask-syst-reply
 class ftp-inpect-cmap
  reset log
!
service-policy global_policy global
prompt hostname context 
no call-home reporting anonymous
call-home
 profile CiscoTAC-1
  no active
  destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
  destination address email callhome@cisco.com
  destination transport-method http
  subscribe-to-alert-group diagnostic
  subscribe-to-alert-group environment
  subscribe-to-alert-group inventory periodic monthly
  subscribe-to-alert-group configuration periodic monthly
  subscribe-to-alert-group telemetry periodic daily
crashinfo save disable
Cryptochecksum:c8dee61459a6bbf95397d4d9900e0c17
: end