: Saved : : Serial Number: : Hardware: ASA5506, 4096 MB RAM, CPU Atom C2000 series 1250 MHz, 1 CPU (4 cores) : ASA Version 9.9(1)3 ! hostname Firewall1 domain-name mydomain enable password my_encrypted_password_here names ! interface GigabitEthernet1/1 description "WAN Connection" nameif outside security-level 0 ip address 10.55.1.2 255.255.255.0 ! interface GigabitEthernet1/2 description "All Internal VLANs" no nameif no security-level no ip address ! interface GigabitEthernet1/2.10 description "Main VLAN" vlan 10 nameif MAIN security-level 100 ip address 10.10.1.1 255.255.255.0 ! interface GigabitEthernet1/2.20 description "Media/Streaming VLAN" vlan 20 nameif MEDIA security-level 85 ip address 10.20.1.1 255.255.255.0 ! interface GigabitEthernet1/2.30 description "DMZ and WiFi Guest Network VLAN" vlan 30 nameif DMZ security-level 80 ip address 192.168.5.1 255.255.255.0 ! interface GigabitEthernet1/2.40 description "Home Security and Cameras VLAN" vlan 40 nameif SECURITY security-level 90 ip address 10.40.1.1 255.255.255.0 ! interface GigabitEthernet1/2.50 description "Other Devices VLAN" vlan 50 nameif OTHER security-level 95 ip address 10.50.1.1 255.255.255.0 ! interface GigabitEthernet1/3 shutdown no nameif no security-level no ip address ! interface GigabitEthernet1/4 shutdown no nameif no security-level no ip address ! interface GigabitEthernet1/5 shutdown no nameif no security-level no ip address ! interface GigabitEthernet1/6 shutdown no nameif no security-level no ip address ! interface GigabitEthernet1/7 shutdown no nameif no security-level no ip address ! interface GigabitEthernet1/8 shutdown no nameif no security-level no ip address ! interface Management1/1 description "Management Interface" management-only no nameif no security-level no ip address ! banner login *** UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED *** ftp mode passive clock timezone CST -6 clock summer-time CDT recurring dns server-group DefaultDNS domain-name home.internal object network MAIN-PAT subnet 10.10.1.0 255.255.255.0 object network MEDIA-PAT subnet 10.20.1.0 255.255.255.0 object network SECURITY-PAT subnet 10.40.1.0 255.255.255.0 object network DMZ-PAT subnet 192.168.5.0 255.255.255.0 object network OTHER-PAT subnet 10.50.1.0 255.255.255.0 access-list sfr_redirect extended permit ip any any pager lines 24 mtu outside 1500 mtu MAIN 1500 mtu MEDIA 1500 mtu DMZ 1500 mtu OTHER 1500 mtu SECURITY 1500 icmp unreachable rate-limit 1 burst-size 1 no asdm history enable arp timeout 14400 no arp permit-nonconnected arp rate-limit 16384 ! object network MAIN-PAT nat (MAIN,outside) dynamic interface object network MEDIA-PAT nat (MEDIA,outside) dynamic interface object network SECURITY-PAT nat (SECURITY,outside) dynamic interface object network DMZ-PAT nat (DMZ,outside) dynamic interface object network OTHER-PAT nat (OTHER,outside) dynamic interface route outside 0.0.0.0 0.0.0.0 10.55.1.1 1 timeout xlate 3:00:00 timeout pat-xlate 0:00:30 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 timeout conn-holddown 0:00:15 timeout igp stale-route 0:01:10 user-identity default-domain LOCAL aaa authentication ssh console LOCAL aaa authentication login-history http server enable http 10.10.1.15 255.255.255.255 MAIN no snmp-server location no snmp-server contact service sw-reset-button crypto ipsec security-association pmtu-aging infinite crypto ca trustpool policy telnet timeout 5 ssh stricthostkeycheck ssh 10.10.1.15 255.255.255.255 MAIN ssh timeout 5 ssh version 2 ssh key-exchange group dh-group1-sha1 console timeout 5 threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept ntp server 128.138.140.44 ntp server 132.163.97.3 ntp server 132.163.96.3 ntp server 129.6.15.30 prefer ssl cipher default low ssl cipher tlsv1 low ssl cipher tlsv1.1 low ssl cipher tlsv1.2 low ssl cipher dtlsv1 low dynamic-access-policy-record DfltAccessPolicy username my_username_here password my_secret_encrypted_password privilege 15 ! class-map sfr match access-list sfr_redirect class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns migrated_dns_map_1 parameters message-length maximum client auto message-length maximum 512 no tcp-inspection policy-map global_policy class inspection_default inspect dns migrated_dns_map_1 inspect ftp inspect h323 h225 inspect h323 ras inspect ip-options inspect netbios inspect rsh inspect rtsp inspect skinny inspect esmtp inspect sqlnet inspect sunrpc inspect tftp inspect sip inspect xdmcp inspect icmp inspect icmp error class sfr sfr fail-open policy-map type inspect dns migrated_dns_map_2 parameters message-length maximum client auto message-length maximum 512 no tcp-inspection ! service-policy global_policy global prompt hostname context no call-home reporting anonymous Cryptochecksum:f88105d078d8c99c1784a3be9981fc5e : end