Expand|Select|Wrap|Line Numbers
- PuTTY log 2010.10.13 13:11:53
- User Access Verification
- Password:
- Type help or '?' for a list of available commands.
- IFASA> en
- Password: **************
- IFASA# sh run
- : Saved
- :
- ASA Version 7.1(2)
- !
- hostname IFASA
- domain-name default.domain.invalid
- enable password 8pkSRCt/lliZt3SZ encrypted
- names
- !
- interface Ethernet0/0
- description "Connected with internet router on port F0/0"
- nameif outside
- security-level 0
- ip address 100.100.100.2 255.255.255.0
- !
- interface Ethernet0/1
- description "Connected with Core switch on port G0/1"
- nameif inside
- security-level 100
- ip address 10.10.20.1 255.255.255.0
- !
- interface Ethernet0/2
- nameif dmz
- security-level 50
- ip address 10.10.30.1 255.255.255.0
- <--- More --->
- !
- interface Management0/0
- description ##Management Port####
- nameif mgm
- security-level 90
- no ip address
- management-only
- !
- passwd 8pkSRCt/lliZt3SZ encrypted
- ftp mode passive
- dns server-group DefaultDNS
- domain-name default.domain.invalid
- access-list outside_access_in extended permit icmp any any echo-reply
- access-list outside_access_in extended permit icmp any any source-quench
- access-list outside_access_in extended permit icmp any any unreachable
- access-list outside_access_in extended permit icmp any any time-exceeded
- access-list inside_nat0_outbound extended permit ip any 172.16.1.0 255.255.255.240
- access-list inside_nat0_outbound extended permit ip 192.168.100.0 255.255.255.0 192.168.3.0 255.255.255.0
- access-list inside_nat0_outbound extended permit ip 192.168.100.0 255.255.255.0 193.99.1.0 255.255.255.0
- access-list inside_nat0_outbound extended permit ip 192.168.100.0 255.255.255.0 193.99.4.0 255.255.255.0
- access-list inside_nat0_outbound extended permit ip 192.168.100.0 255.255.255.0 195.124.13.0 255.255.255.0
- access-list inside_nat0_outbound extended permit ip 192.168.100.0 255.255.255.0 10.202.144.0 255.255.255.0
- access-list inside_nat0_outbound extended permit ip 192.168.100.0 255.255.255.0 host 10.200.54.135
- access-list inside_nat0_outbound extended permit ip 192.168.100.0 255.255.255.0 172.16.0.0 255.255.255.0
- access-list inside_nat0_outbound extended permit ip 192.168.100.0 255.255.255.0 144.145.112.0 255.255.255.0
- access-list inside_nat0_outbound extended permit ip 192.168.100.0 255.255.255.0 172.29.0.0 255.255.255.0
- access-list inside_nat0_outbound extended permit ip 192.168.100.0 255.255.255.0 144.145.0.0 255.255.255.0
- access-list inside_nat0_outbound extended permit ip 192.168.100.0 255.255.255.0 144.0.0.0 255.0.0.0
- access-list inside_nat0_outbound extended permit ip 192.168.100.0 255.255.255.0 172.16.0.0 255.255.0.0
- access-list inside_nat0_outbound extended permit ip 192.168.100.0 255.255.255.0 172.21.0.0 255.255.0.0
- access-list inside_nat0_outbound extended permit ip 192.168.100.0 255.255.255.0 172.29.0.0 255.255.0.0
- access-list inside_nat0_outbound extended permit ip 192.168.100.0 255.255.255.0 144.145.0.0 255.255.0.0
- access-list inside_nat0_outbound extended permit ip 192.168.100.0 255.255.255.0 10.220.90.0 255.255.255.0
- access-list inside_nat0_outbound extended permit ip 192.168.100.0 255.255.255.0 144.145.64.0 255.255.255.0
- access-list inside_nat0_outbound extended permit ip 192.168.100.0 255.255.255.0 144.145.75.0 255.255.255.0
- access-list inside_nat0_outbound extended permit ip 192.168.100.0 255.255.255.0 host 144.145.75.196
- access-list inside_nat0_outbound extended permit ip 192.168.100.0 255.255.255.0 172.129.0.0 255.255.0.0
- access-list inside_nat0_outbound extended permit ip 192.168.100.0 255.255.255.0 host 10.102.18.142
- access-list inside_nat0_outbound extended permit ip 192.168.0.0 255.255.255.0 10.102.0.0 255.255.255.0
- access-list inside_nat0_outbound extended permit ip 192.168.100.0 255.255.255.0 10.0.0.0 255.0.0.0
- access-list inside_nat0_outbound extended permit ip 192.168.0.0 255.255.0.0 172.29.0.0 255.255.0.0
- access-list inside_nat0_outbound extended permit ip 192.168.0.0 255.255.0.0 host 172.29.4.93
- access-list inside_nat0_outbound extended permit ip 192.0.0.0 255.0.0.0 172.0.0.0 255.0.0.0
- access-list inside_nat0_outbound extended permit ip 172.29.4.0 255.255.255.0 192.168.100.0 255.255.255.0
- access-list inside_nat0_outbound extended permit ip host 10.200.96.132 192.168.100.0 255.255.255.0
- access-list inside_nat0_outbound extended permit ip host 192.168.100.65 host 10.200.96.132
- access-list inside_nat0_outbound extended permit ip 192.0.0.0 255.0.0.0 host 10.200.96.132
- access-list inside_nat0_outbound extended permit ip 192.168.100.0 255.255.255.192 172.16.1.0 255.255.255.240
- access-list inside_nat0_outbound extended permit ip 192.168.100.64 255.255.255.192 172.16.1.0 255.255.255.240
- access-list inside_nat0_outbound extended permit ip 192.168.100.0 255.255.255.0 10.0.0.0 255.255.255.0
- access-list inside_nat0_outbound extended permit ip 192.168.100.0 255.255.255.192 182.16.1.0 255.255.255.240
- access-list inside_nat0_outbound extended permit ip 192.168.100.64 255.255.255.192 182.16.1.0 255.255.255.240
- access-list inside_nat0_outbound extended permit ip any 182.16.1.0 255.255.255.240
- access-list outside_cryptomap_20 extended permit ip 192.168.100.0 255.255.255.0 192.168.3.0 255.255.255.0
- access-list outside_cryptomap_20 extended permit ip 192.168.100.0 255.255.255.0 193.99.1.0 255.255.255.0
- access-list outside_cryptomap_20 extended permit ip 192.168.100.0 255.255.255.0 193.99.4.0 255.255.255.0
- access-list outside_cryptomap_20 extended permit ip 192.168.100.0 255.255.255.0 195.124.13.0 255.255.255.0
- access-list outside_cryptomap_20 extended permit ip 192.168.100.0 255.255.255.0 10.202.144.0 255.255.255.0
- access-list outside_cryptomap_20 extended permit ip 192.168.100.0 255.255.255.0 host 10.200.54.135
- access-list outside_cryptomap_20 extended permit ip 192.168.100.0 255.255.255.0 172.16.0.0 255.255.255.0
- access-list outside_cryptomap_20 extended permit ip 192.168.100.0 255.255.255.0 144.145.112.0 255.255.255.0
- access-list outside_cryptomap_20 extended permit ip 192.168.100.0 255.255.255.0 172.129.0.0 255.255.0.0
- access-list outside_cryptomap_20 extended permit ip 192.168.100.0 255.255.255.0 144.145.0.0 255.255.255.0
- access-list outside_cryptomap_20 extended permit ip 192.168.100.0 255.255.255.0 172.21.0.0 255.255.0.0
- access-list outside_cryptomap_20 extended permit ip 192.168.100.0 255.255.255.0 10.220.90.0 255.255.255.0
- access-list outside_cryptomap_20 extended permit ip 192.168.100.0 255.255.255.0 144.145.75.0 255.255.255.0
- access-list outside_cryptomap_20 extended permit ip 192.168.100.0 255.255.255.0 144.0.0.0 255.0.0.0
- access-list outside_cryptomap_20 extended permit ip 192.168.100.0 255.255.255.0 host 10.220.90.38
- access-list outside_cryptomap_20 extended permit ip 192.168.100.0 255.255.255.0 10.200.105.0 255.255.255.0
- access-list outside_cryptomap_20 extended permit ip 192.168.100.0 255.255.255.0 10.0.0.0 255.0.0.0
- access-list outside_cryptomap_20 extended permit ip 192.168.100.0 255.255.255.0 host 10.102.18.42
- access-list outside_cryptomap_20 extended permit ip 172.29.4.0 255.255.255.0 192.168.100.0 255.255.255.0
- access-list outside_cryptomap_20 extended permit ip 192.168.100.0 255.255.255.0 172.29.3.0 255.255.255.0
- access-list outside_cryptomap_20 extended permit ip 192.168.100.0 255.255.255.0 172.29.4.0 255.255.255.0
- access-list outside_cryptomap_20 extended permit ip 192.168.100.0 255.255.255.0 10.200.112.0 255.255.255.0
- access-list test extended permit ip host 10.10.20.101 host 4.2.2.2
- access-list test extended permit ip host 4.2.2.2 host 10.10.20.101
- access-list test extended permit ip host 100.100.100.3 host 4.2.2.2
- access-list test extended permit ip host 4.2.2.2 host 100.100.100.3
- access-list test extended permit ip host 10.10.20.101 host 66.102.13.104
- access-list test extended permit ip host 66.102.13.104 host 10.10.20.101
- access-list test extended permit ip host 100.100.100.3 host 66.102.13.104
- access-list test extended permit ip host 66.102.13.104 host 100.100.100.3
- access-list test extended permit ip host 100.100.100.1 host 66.102.13.104
- access-list test extended permit ip host 66.102.13.104 host 100.100.100.1
- access-list idea_splitTunnelAcl standard permit any
- access-list dmz_nat0_outbound extended permit ip 192.168.100.0 255.255.255.0 10.220.90.0 255.255.255.0
- access-list dmz_nat0_outbound extended permit ip 192.168.100.0 255.255.255.0 host 10.102.18.142
- access-list dmz_nat0_outbound extended permit ip 192.168.100.0 255.255.255.0 10.102.18.0 255.255.255.0
- access-list dmz_nat0_outbound extended permit ip 192.168.100.0 255.255.255.0 10.102.0.0 255.255.255.0
- access-list dmz_nat0_outbound extended permit ip 192.168.0.0 255.255.255.0 10.102.0.0 255.255.255.0
- access-list dmz_nat0_outbound extended permit ip 192.0.0.0 255.0.0.0 10.0.0.0 255.0.0.0
- access-list dmz_nat0_outbound extended permit ip 192.168.100.0 255.255.255.0 172.29.0.0 255.255.0.0
- access-list dmz_nat0_outbound extended permit ip 192.168.100.0 255.255.255.0 172.29.4.0 255.255.255.0
- access-list dmz_nat0_outbound extended permit ip host 10.200.96.132 192.168.0.0 255.255.0.0
- access-list unity_splitTunnelAcl standard permit 192.168.104.0 255.255.255.0
- access-list unity_splitTunnelAcl standard permit host 192.168.100.67
- access-list unity_splitTunnelAcl standard permit host 192.168.100.70
- access-list unity_splitTunnelAcl standard permit host 192.168.100.71
- access-list inside_access_in extended permit ip any any
- pager lines 24
- logging enable
- logging asdm informational
- mtu outside 1500
- mtu inside 1500
- mtu dmz 1500
- mtu mgm 1500
- ip local pool ifdhcp 172.16.1.1-172.16.1.10 mask 255.255.255.0
- ip local pool nexttoidea 182.16.1.1-182.16.1.10 mask 255.255.255.0
- ip local pool ideavpnpool 172.28.1.100-172.28.1.199 mask 255.255.255.0
- asdm image disk0:/asdm.bin
- asdm history enable
- arp timeout 14400
- nat-control
- global (outside) 1 100.100.100.3
- global (outside) 2 100.100.100.4
- global (outside) 3 100.100.100.5
- global (outside) 5 interface
- nat (inside) 0 access-list inside_nat0_outbound
- nat (inside) 5 10.10.20.100 255.255.255.255
- nat (inside) 5 192.168.100.0 255.255.255.192
- nat (inside) 5 192.168.100.64 255.255.255.192
- nat (inside) 5 192.168.103.0 255.255.255.0
- nat (inside) 5 192.168.104.0 255.255.255.0
- nat (dmz) 0 access-list dmz_nat0_outbound
- nat (dmz) 5 10.10.30.0 255.255.255.0
- route outside 0.0.0.0 0.0.0.0 100.100.100.1 1
- route inside 192.168.103.0 255.255.255.0 10.10.20.2 1
- route inside 192.168.100.64 255.255.255.192 10.10.20.2 1
- route inside 192.168.100.0 255.255.255.192 10.10.20.2 1
- timeout xlate 3:00:00
- timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
- timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
- timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
- timeout uauth 0:05:00 absolute
- group-policy unity internal
- group-policy unity attributes
- wins-server value 192.168.100.5
- dns-server value 203.196.128.4 192.168.100.5
- split-tunnel-policy tunnelspecified
- split-tunnel-network-list value unity_splitTunnelAcl
- default-domain value confidign
- group-policy nexttoideavpn internal
- group-policy nexttoideavpn attributes
- dns-server value 203.196.128.4 192.168.100.5
- vpn-tunnel-protocol IPSec
- default-domain value confidign
- group-policy nextgenvpn internal
- group-policy nextgenvpn attributes
- dns-server value 203.196.128.4 192.168.100.5
- vpn-tunnel-protocol IPSec
- default-domain value confidign
- group-policy idea internal
- group-policy idea attributes
- split-tunnel-policy tunnelspecified
- split-tunnel-network-list value idea_splitTunnelAcl
- username testasa password xz64BOi0/q9vNlsO encrypted
- username BalamuruganJ password bC0quptZGNndczai encrypted privilege 0
- username BalamuruganJ attributes
- vpn-group-policy unity
- username spice password eLlcIWZLnszxmfPc encrypted
- username remotevpn password 19ozm5I0mkO2G1Fj encrypted
- username karthik password spKyg06wKqb2qpG2 encrypted
- username cisco password 3USUcOPFUiMCO4Jk encrypted privilege 15
- username MadhavanG password TG5ToGaURcla8SES encrypted privilege 0
- username MadhavanG attributes
- vpn-group-policy unity
- username idea1 password Cxl84giZLtfZKg8T encrypted
- username igidel password drlk5lzEa04hxmFa encrypted privilege 0
- username igidel attributes
- vpn-group-policy idea
- aaa authentication ssh console LOCAL
- aaa authentication http console LOCAL
- http server enable
- http 0.0.0.0 0.0.0.0 outside
- http 192.168.100.0 255.255.255.0 inside
- http 192.168.101.0 255.255.255.0 inside
- http 192.168.102.0 255.255.255.0 inside
- http 0.0.0.0 0.0.0.0 inside
- http 192.168.100.0 255.255.255.192 inside
- http 10.10.20.1 255.255.255.255 inside
- http 192.168.100.100 255.255.255.255 inside
- http 192.168.200.0 255.255.255.0 mgm
- http 192.168.100.0 255.255.255.0 mgm
- snmp-server host inside 192.168.100.74 community gqmaps
- no snmp-server location
- no snmp-server contact
- snmp-server community gqmaps
- snmp-server enable traps snmp authentication linkup linkdown coldstart
- snmp-server enable traps syslog
- sysopt noproxyarp outside
- crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
- crypto dynamic-map outside_dyn_map 10 set transform-set ESP-3DES-SHA
- crypto dynamic-map outside_dyn_map 10 set security-association lifetime seconds 288000
- crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
- crypto dynamic-map outside_dyn_map 40 set transform-set ESP-3DES-SHA
- crypto dynamic-map outside_dyn_map 40 set security-association lifetime seconds 288000
- crypto dynamic-map Outside_dyn_map 10 set reverse-route
- crypto dynamic-map Outside_dyn_map 40 set reverse-route
- crypto map outside_map 20 match address outside_cryptomap_20
- crypto map outside_map 20 set peer 193.96.192.33
- crypto map outside_map 20 set transform-set ESP-3DES-SHA
- crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
- crypto map outside_map interface outside
- crypto map Outside_map 40 ipsec-isakmp dynamic Outside_dyn_map
- isakmp identity address
- isakmp enable outside
- isakmp policy 1 authentication pre-share
- isakmp policy 1 encryption 3des
- isakmp policy 1 hash sha
- isakmp policy 1 group 2
- isakmp policy 1 lifetime 43200
- isakmp policy 10 authentication pre-share
- isakmp policy 10 encryption 3des
- isakmp policy 10 hash sha
- isakmp policy 10 group 2
- isakmp policy 10 lifetime 28800
- isakmp nat-traversal 20
- tunnel-group 193.96.192.33 type ipsec-l2l
- tunnel-group 193.96.192.33 ipsec-attributes
- pre-shared-key *
- tunnel-group idea type ipsec-ra
- tunnel-group idea general-attributes
- address-pool ifdhcp
- tunnel-group idea ipsec-attributes
- pre-shared-key *
- tunnel-group nexttoideavpn type ipsec-ra
- tunnel-group nexttoideavpn general-attributes
- address-pool nexttoidea
- default-group-policy nexttoideavpn
- tunnel-group nexttoideavpn ipsec-attributes
- pre-shared-key *
- tunnel-group nextgenvpn type ipsec-ra
- tunnel-group nextgenvpn general-attributes
- address-pool ideavpnpool
- default-group-policy nextgenvpn
- tunnel-group nextgenvpn ipsec-attributes
- pre-shared-key *
- telnet 0.0.0.0 0.0.0.0 outside
- telnet 192.168.100.0 255.255.255.0 inside
- telnet 10.10.20.0 255.255.255.0 inside
- telnet 0.0.0.0 0.0.0.0 inside
- telnet 192.168.100.0 255.255.255.192 inside
- telnet 128.136.100.100 155.155.255.255 inside
- telnet 128.136.100.0 155.155.255.0 inside
- telnet 192.136.100.0 255.155.255.0 inside
- telnet 192.168.100.64 255.255.255.192 inside
- telnet 192.168.100.100 255.255.255.255 inside
- telnet timeout 60
- ssh 0.0.0.0 0.0.0.0 outside
- ssh 192.168.100.0 255.255.255.0 inside
- ssh 192.168.101.0 255.255.255.0 inside
- ssh 192.168.102.0 255.255.255.0 inside
- ssh 192.168.103.0 255.255.255.0 inside
- ssh timeout 5
- console timeout 0
- !
- class-map inspection_default
- match default-inspection-traffic
- !
- !
- policy-map global_policy
- class inspection_default
- inspect dns maximum-length 51
- inspect ftp
- inspect h323 h225
- inspect h323 ras
- inspect netbios
- inspect rsh
- inspect rtsp
- inspect skinny
- inspect esmtp
- inspect sqlnet
- inspect sunrpc
- inspect tftp
- inspect sip
- inspect xdmcp
- inspect icmp
- !
- service-policy global_policy global
- Cryptochecksum:b5ff87410a5ca4bacd9ac2fbddf91aa8
- : end
- IFASA#
- IFASA#
Please help me.I really appreciate!...