Scribd Logo
Unggah

Selamat datang di Scribd!

  • New AsA BMA

    Diunggah oleh

    syed_engr
    20 tayangan5 halaman
    Configuring ASA Firewall

    Judul Asli

    new_AsA_BMA

    Hak Cipta

    © © All Rights Reserved

    Format Tersedia

    TXT, PDF, TXT atau baca online dari Scribd

    Apakah menurut Anda dokumen ini bermanfaat?

    Apakah konten ini tidak pantas?

    Laporkan Dokumen Ini
    Configuring ASA Firewall

    Hak Cipta:

    © All Rights Reserved
    Unduh sebagai TXT, PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    20 tayangan5 halaman

    New AsA BMA

    Diunggah oleh

    syed_engr
    Configuring ASA Firewall

    Hak Cipta:

    © All Rights Reserved
    Unduh sebagai TXT, PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    dari 5

    !!

    /** General

    interface GigabitEthernet0/0
    ip address 10.0.0.2 255.0.0.0
    nameif outside
    security-level 0
    speed 100
    duplex full
    no shutdown

    interface GigabitEthernet0/1
    ip address 192.168.0.137 255.255.255.0
    nameif inside
    security-level 100
    speed 100
    duplex full
    no shutdown

    interface GigabitEthernet0/2
    no ip address
    speed 100
    duplex full
    no shutdown
    nameif intf2

    hostname BMA-ASA

    domain-name BMA-ASA.com
    clock timezone PKT 5

    !!!!! /**** ACCESS list portion

    object-group service BMA tcp


    description services

    port-object eq 8998
    port-object eq 6789
    port-object eq 6786
    port-object eq 6785
    port-object eq 8997
    port-object eq 8996
    port-object eq 8995
    port-object eq 8994
    port-object eq 6788
    port-object eq 6787
    port-object eq 7777

    object-group service VNC tcp-udp


    port-object range 5800 5900
    object-group service VPN tcp
    port-object eq pptp
    port-object range 90 99
    object-group service Video tcp
    port-object eq h323
    port-object range 2326 2365
    port-object range 5555 5574

    object-group network BMA_Servers

    network-object host 10.0.0.3


    network-object host 10.0.0.4
    network-object host 10.0.0.5
    network-object host 10.0.0.6
    network-object host 10.0.0.11

    ! access-list ACL_IN extended permit tcp any object-group BMA_Servers object-group


    BMA

    access-list outside_access_in permit tcp any host 10.0.0.3 object-group BMA


    access-list outside_access_in permit tcp any host 10.0.0.4 object-group BMA
    access-list outside_access_in permit tcp any host 10.0.0.5 object-group BMA
    access-list outside_access_in permit tcp any host 10.0.0.6 object-group BMA
    access-list outside_access_in permit tcp any host 10.0.0.11

    names
    pager lines 24
    mtu outside 1500
    mtu inside 1500
    mtu intf2 1500
    ip audit info action alarm
    ip audit attack action alarm

    !!! /*PDM to ASDM Conversion

    asdm location 192.168.0.194 255.255.255.255 inside


    asdm location 192.168.0.0 255.255.255.255 inside
    asdm location 192.168.0.167 255.255.255.255 inside
    asdm location 192.168.0.79 255.255.255.255 inside
    asdm location 192.168.0.93 255.255.255.255 inside
    asdm location 192.168.0.206 255.255.255.255 inside
    asdm location 192.168.0.43 255.255.255.255 inside
    asdm location 192.168.0.101 255.255.255.255 inside
    asdm location 192.168.0.150 255.255.255.255 inside
    asdm location 192.168.0.115 255.255.255.255 inside
    asdm location 192.168.0.124 255.255.255.255 inside
    asdm location 192.168.0.126 255.255.255.255 inside
    asdm location 192.168.0.146 255.255.255.255 inside
    asdm location 192.168.0.49 255.255.255.255 inside
    asdm location 192.168.0.51 255.255.255.255 inside
    asdm location 192.168.0.162 255.255.255.255 inside
    asdm location 192.168.0.222 255.255.255.255 inside
    asdm location 192.168.0.223 255.255.255.255 inside
    asdm location 192.168.0.2 255.255.255.255 inside
    asdm location 192.168.0.5 255.255.255.255 inside
    asdm location 192.168.0.10 255.255.255.255 inside
    asdm location 192.168.0.44 255.255.255.255 inside
    asdm location 192.168.0.53 255.255.255.255 inside
    asdm location 192.168.0.59 255.255.255.255 inside
    asdm location 192.168.0.61 255.255.255.255 inside
    asdm location 192.168.0.71 255.255.255.255 inside
    asdm location 192.168.0.75 255.255.255.255 inside
    asdm location 192.168.0.100 255.255.255.255 inside
    asdm location 192.168.0.117 255.255.255.255 inside
    asdm location 192.168.0.132 255.255.255.255 inside
    asdm location 192.168.0.168 255.255.255.255 inside
    asdm location 192.168.0.219 255.255.255.255 inside
    asdm location 192.168.0.225 255.255.255.255 inside
    asdm location 192.168.0.105 255.255.255.255 inside
    asdm location 192.168.0.165 255.255.255.255 inside
    asdm location 192.168.0.189 255.255.255.255 inside
    asdm location 192.168.0.13 255.255.255.255 inside
    asdm location 192.168.0.32 255.255.255.255 inside
    asdm location 192.168.0.52 255.255.255.255 inside
    asdm location 192.168.0.84 255.255.255.255 inside
    asdm location 192.168.0.116 255.255.255.255 inside
    asdm location 192.168.0.153 255.255.255.255 inside
    asdm location 192.168.0.161 255.255.255.255 inside
    asdm location 192.168.0.204 255.255.255.255 inside
    asdm location 192.168.0.246 255.255.255.255 inside
    asdm location 192.168.0.252 255.255.255.255 inside
    asdm location 192.168.0.102 255.255.255.255 inside
    asdm location 192.168.0.141 255.255.255.255 inside
    logging asdm informational
    logging asdm-buffer-size 100
    asdm history enable

    arp timeout 14400


    global (outside) 1 10.0.0.10
    nat (inside) 1 192.168.0.2 255.255.255.255 0 0
    nat (inside) 1 192.168.0.5 255.255.255.255 0 0
    nat (inside) 1 192.168.0.13 255.255.255.255 0 0
    nat (inside) 1 192.168.0.32 255.255.255.255 0 0
    nat (inside) 1 192.168.0.43 255.255.255.255 0 0
    nat (inside) 1 192.168.0.52 255.255.255.255 0 0
    nat (inside) 1 192.168.0.53 255.255.255.255 0 0
    nat (inside) 1 192.168.0.59 255.255.255.255 0 0
    nat (inside) 1 192.168.0.75 255.255.255.255 0 0
    nat (inside) 1 192.168.0.79 255.255.255.255 0 0
    nat (inside) 1 192.168.0.84 255.255.255.255 0 0
    nat (inside) 1 192.168.0.100 255.255.255.255 0 0
    nat (inside) 1 192.168.0.102 255.255.255.255 0 0
    nat (inside) 1 192.168.0.105 255.255.255.255 0 0
    nat (inside) 1 192.168.0.116 255.255.255.255 0 0
    nat (inside) 1 192.168.0.117 255.255.255.255 0 0
    nat (inside) 1 192.168.0.124 255.255.255.255 0 0
    nat (inside) 1 192.168.0.141 255.255.255.255 0 0
    nat (inside) 1 192.168.0.153 255.255.255.255 0 0
    nat (inside) 1 192.168.0.161 255.255.255.255 0 0
    nat (inside) 1 192.168.0.162 255.255.255.255 0 0
    nat (inside) 1 192.168.0.165 255.255.255.255 0 0
    nat (inside) 1 192.168.0.167 255.255.255.255 0 0
    nat (inside) 1 192.168.0.188 255.255.255.255 0 0
    nat (inside) 1 192.168.0.189 255.255.255.255 0 0
    nat (inside) 1 192.168.0.194 255.255.255.255 0 0
    nat (inside) 1 192.168.0.204 255.255.255.255 0 0
    nat (inside) 1 192.168.0.206 255.255.255.255 0 0
    nat (inside) 1 192.168.0.214 255.255.255.255 0 0
    nat (inside) 1 192.168.0.219 255.255.255.255 0 0
    nat (inside) 1 192.168.0.246 255.255.255.255 0 0
    nat (inside) 1 192.168.0.252 255.255.255.255 0 0
    static (inside,outside) 10.0.0.4 192.168.0.150 netmask 255.255.255.255 0 0
    static (inside,outside) 10.0.0.5 192.168.0.222 netmask 255.255.255.255 0 0
    static (inside,outside) 10.0.0.6 192.168.0.223 netmask 255.255.255.255 0 0
    static (inside,outside) 10.0.0.3 192.168.0.101 netmask 255.255.255.255 0 0
    static (inside,outside) 10.0.0.11 192.168.0.51 netmask 255.255.255.255 0 0

    access-group outside_access_in in interface outside


    route outside 0.0.0.0 0.0.0.0 10.0.0.1 1

    timeout xlate 3:00:00


    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
    timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
    timeout sip-disconnect 0:02:00 sip-invite 0:03:00
    timeout uauth 0:05:00 absolute
    aaa-server TACACS+ protocol tacacs+
    aaa-server TACACS+ max-failed-attempts 3
    aaa-server TACACS+ deadtime 10
    aaa-server RADIUS protocol radius
    aaa-server RADIUS max-failed-attempts 3
    aaa-server RADIUS deadtime 10
    aaa-server LOCAL protocol local
    http server enable
    http 192.168.0.101 255.255.255.255 inside
    http 192.168.0.150 255.255.255.255 inside
    http 192.168.0.51 255.255.255.255 inside
    http 192.168.0.79 255.255.255.255 inside
    snmp-server host inside 192.168.0.51
    no snmp-server location
    no snmp-server contact
    snmp-server community public
    no snmp-server enable traps

    /*** missing flood guard

    telnet 192.168.0.51 255.255.255.255 inside


    telnet timeout 5
    ssh timeout 5
    console timeout 0
    dhcpd lease 3600
    dhcpd ping_timeout 750
    dhcpd auto_config outside
    terminal width 80

    !! /**** fixup conversion


    policy-map type inspect dns preset_dns_map
    parameters
    message-length maximum 512
    policy-map global_policy
    class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect http
    inspect pptp
    inspect rsh
    inspect rtsp
    inspect sip
    inspect skinny
    inspect esmtp
    inspect sqlnet
    inspect tftp

    Anda mungkin juga menyukai