corpasa5510# sh run : Saved : ASA Version 8.2(2)17 ! hostname corpasa5510 domain-name corp.xxxxxxx.net names name xxx.xxx.xxx.231 mail-out name 172.24.94.155 nova name xxx.xxx.xxx.237 qadev-out name xxx.xxx.xxx.235 dbqa-out name 172.24.94.25 apollo name 172.24.94.30 sip name xxx.xxx.xxx.249 sip-out name 172.24.95.190 vijaiqa name xxx.xxx.xxx.248 vijaiqa-out name 172.24.94.12 orion name xxx.xxx.xxx.245 orion-out name 172.24.94.23 talon name xxx.xxx.xxx.239 hub-out name xxx.xxx.xxx.250 trend-out name xxx.xxx.xxx.246 aegean-out name 172.24.94.11 aegean name 172.24.94.73 corpTC01 name xxx.xxx.xxx.233 corpTC01-out name 172.24.94.5 luna name xxx.xxx.xxx.251 luna-out name 172.24.94.8 helios name 172.24.94.67 swRouter-Inside name 172.24.94.13 nebula name xxx.xxx.xxx.217 NagiosProd name xxx.xxx.xxx.149 mailer-prod name 172.24.94.6 halo name 172.24.94.39 xwiki name xxx.xxx.xxx.232 xwiki-out name 172.24.94.152 qalinux name 172.24.94.36 LDAP389 name xxx.xxx.xxx.240 LDAP389-out name 172.24.94.105 jira name xxx.xxx.xxx.228 jira-out name 172.24.94.28 dbqa name xxx.xxx.xxx.246 asiaOffice name xxx.xxx.xxx.123 bssmgt-aws name 172.24.94.38 wsus name xxx.xxx.xxx.238 wsus-out name xxx.xxx.xxx.229 apollo-out name 172.24.94.91 linux-vpn name xxx.xxx.xxx.247 linux-vpn-out name xxx.xxx.xxx.48 DR-NatGateway name xxx.xxx.xxx.123 minos-aws name 172.24.94.201 PO name xxx.xxx.xxx.242 PO-out name xxx.xxx.xxx.76 GlennPrice name xxx.xxx.xxx.142 nagios-ab name xxx.xxx.xxx.22 otrsProd-L3 name 172.24.94.106 bitbucket name xxx.xxx.xxx.244 bitbucket-out name xxx.xxx.xxx.13 Prod389 name xxx.xxx.xxx.50 ProdInsidePAT name 172.24.96.11 Halo_DHCP_Server_Guest_Network_172.24.96.11 description DHCP server for Guest Network name 10.0.90.0 DMZ_Network name 10.0.88.0 Road_Warriors dns-guard ! interface Ethernet0/0 description Outside interface for xxx CORP speed 100 duplex full nameif outside security-level 0 ip address xxx.xxx.xxx.230 255.255.255.224 ! interface Ethernet0/1 description Corp inside Network speed 100 duplex full nameif Inside security-level 100 ip address 172.24.94.130 255.255.254.0 ! interface Ethernet0/1.10 description xxxxxxx Guest Internet access only vlan 10 nameif Inside_Guest security-level 100 ip address 172.24.96.1 255.255.255.0 ! interface Ethernet0/2 description ASA to Mikrotik for IKEv2 VPN nameif dmz security-level 50 ip address 10.0.90.2 255.255.255.0 ! interface Ethernet0/3 shutdown no nameif no security-level no ip address ! interface Management0/0 speed 100 duplex full shutdown nameif management security-level 100 ip address 192.168.88.201 255.255.255.0 management-only ! boot system disk0:/asa822-17-k8.bin ftp mode passive clock timezone PST -8 clock summer-time PDT recurring dns domain-lookup Inside dns server-group DefaultDNS name-server luna name-server halo domain-name corp.xxxxxxx.net same-security-traffic permit inter-interface same-security-traffic permit intra-interface object-group network Prod network-object host bssmgt-aws network-object xxx.xxx.xxx.0 255.255.255.0 object-group network Corp network-object 172.24.94.0 255.255.254.0 object-group network prodLDAP description Production LDAP Access network-object host mailer-prod network-object host NagiosProd network-object host Prod389 object-group network Denver network-object xxx.xxx.xxx.152 255.255.255.248 object-group network Amazon-DR network-object host DR-NatGateway network-object host minos-aws network-object host bssmgt-aws object-group network DMZ_Network network-object DMZ_Network 255.255.255.0 access-list acl-vpn remark #### site-to-site VPN #### access-list acl-vpn extended permit ip 172.24.94.0 255.255.254.0 192.168.0.0 255.255.255.0 access-list acl-vpn extended permit ip 172.24.94.0 255.255.254.0 10.10.20.0 255.255.252.0 access-list vpn extended permit gre host mail-out any inactive access-list vpn extended permit gre host xxx.xxx.xxx.230 any inactive access-list vpn extended permit gre host 172.24.94.130 any inactive access-list acl-in extended permit ip any any access-list acl-out extended permit icmp any xxx.xxx.xxx.224 255.255.255.224 unreachable log access-list acl-out extended permit icmp any xxx.xxx.xxx.224 255.255.255.224 time-exceeded log access-list acl-out extended permit icmp any xxx.xxx.xxx.224 255.255.255.224 echo-reply access-list acl-out extended permit icmp any xxx.xxx.xxx.224 255.255.255.224 source-quench access-list acl-out extended permit icmp any host mail-out access-list acl-out extended permit icmp any host apollo-out access-list acl-out remark ### SMTP in ### access-list acl-out extended permit tcp any host mail-out eq smtp access-list acl-out remark #### SSH access #### access-list acl-out extended permit tcp any host mail-out eq ssh access-list acl-out extended permit udp object-group India host sip-out eq sip access-list acl-out extended permit udp object-group India host sip-out eq 4569 access-list acl-out extended permit tcp host xxx.xxx.xxx.74 host sip-out eq 3478 access-list acl-out extended permit udp host xxx.xxx.xxx.74 host sip-out eq 3478 access-list acl-out extended permit udp host xxx.xxx.xxx.74 host sip-out eq sip access-list acl-out extended permit tcp object-group India host sip-out eq 3478 access-list acl-out extended permit tcp any host PO-out eq ssh access-list acl-out extended permit udp object-group India host sip-out eq 3478 access-list acl-out extended permit udp object-group India host sip-out range 32000 65000 access-list acl-out remark ### Inbound SIP ### access-list acl-out extended permit udp host GlennPrice host sip-out eq sip access-list acl-out extended permit udp host GlennPrice host sip-out range 10000 20000 access-list acl-out extended permit tcp host GlennPrice host sip-out eq https access-list acl-out extended permit udp object-group Denver host sip-out eq sip access-list acl-out extended permit udp object-group Denver host sip-out range 10000 20000 access-list acl-out extended permit udp any host sip-out range 10000 20000 inactive access-list acl-out extended permit udp object-group India host sip-out range 10000 20000 access-list acl-out extended permit udp host 66.243.108.101 host sip-out eq sip inactive access-list acl-out extended permit udp object-group SIP host sip-out eq sip access-list acl-out extended permit udp object-group SIP host sip-out range 10000 20000 access-list acl-out extended permit udp object-group SIP-Vitelity host sip-out eq sip access-list acl-out extended permit tcp object-group SIP-Vitelity host sip-out range 10000 20000 access-list acl-out extended permit udp 46.19.210.0 255.255.255.128 host sip-out eq sip inactive access-list acl-out extended permit udp 46.19.209.0 255.255.255.128 host sip-out eq sip inactive access-list acl-out extended permit udp host 192.159.66.3 host sip-out eq sip inactive access-list acl-out remark #### LDAP for Prod #### access-list acl-out extended permit tcp object-group Prod host LDAP389-out eq ldap access-list acl-out extended permit tcp object-group Prod host LDAP389-out eq ldaps access-list acl-out remark ### HTTP / HTTPS and Direct Access ### access-list acl-out extended permit tcp any host apollo-out eq www access-list acl-out extended permit tcp any host apollo-out eq https access-list acl-out extended permit tcp object-group Prod host xwiki-out eq 5432 access-list acl-out extended permit tcp object-group Prod host xwiki-out eq www access-list acl-out extended permit tcp object-group Prod host xwiki-out eq https access-list acl-out extended permit tcp object-group India host xwiki-out eq www access-list acl-out extended permit tcp object-group India host xwiki-out eq https access-list acl-out extended permit tcp object-group India host sip-out eq www access-list acl-out extended permit tcp object-group India host sip-out eq https access-list acl-out remark #### Chat access #### access-list acl-out remark ### Seafile - timetracker ### access-list acl-out extended permit tcp any host hub-out eq https access-list acl-out extended permit tcp any host hub-out eq www access-list acl-out extended permit tcp any host hub-out eq 12001 access-list acl-out extended permit tcp any host hub-out eq 10001 access-list acl-out remark ### FTP access ### access-list acl-out remark ### VPN Access ### access-list acl-out extended permit gre any host linux-vpn-out access-list acl-out extended permit tcp any host linux-vpn-out eq pptp access-list acl-out remark ### Direct Access https access ### access-list acl-out extended permit gre any host trend-out access-list acl-out extended permit tcp object-group India host qadev-out eq 5900 access-list acl-out extended permit tcp object-group India host qadev-out eq www access-list acl-out extended permit tcp object-group India host qadev-out eq https access-list acl-out remark ### BSS China Access ### access-list acl-out extended permit tcp object-group BSSAsia host qadev-out eq https access-list acl-out extended permit tcp object-group BSSAsia host qadev-out eq www access-list acl-out remark ### India Access ### access-list acl-out extended permit tcp object-group India host orion-out eq www access-list acl-out extended permit tcp object-group India host orion-out eq https access-list acl-out extended permit tcp object-group India host dbqa-out eq ssh access-list acl-out extended permit tcp object-group India host qadev-out eq 3389 access-list acl-out extended permit tcp object-group India host dbqa-out eq sqlnet access-list acl-out remark ### Prod access to QADEV ### access-list acl-out extended permit tcp object-group Prod host dbqa-out eq ssh access-list acl-out extended permit tcp object-group Prod host dbqa-out eq sqlnet access-list acl-out extended permit tcp host ProdInsidePAT host orion-out eq ssh access-list acl-out extended permit tcp any host vijaiqa-out eq 3389 access-list acl-out remark ### Orion for Prod backup via ssh ### access-list acl-out extended permit tcp host xxx.xxx.xxx.251 host orion-out eq ssh access-list acl-out remark #### Trend Micro External Access ### access-list acl-out extended permit tcp object-group Prod host trend-out eq 8059 access-list acl-out extended permit icmp object-group Prod host trend-out access-list acl-out extended permit tcp object-group India host trend-out eq 8059 access-list acl-out extended permit icmp object-group India host trend-out access-list acl-out extended permit tcp object-group Amazon-DR host trend-out eq 8059 access-list acl-out extended permit icmp object-group Amazon-DR host trend-out access-list acl-out remark #### Prod access to Aegean #### access-list acl-out extended permit tcp object-group Prod host aegean-out eq ssh access-list acl-out remark #### corpTC01 access #### access-list acl-out extended permit tcp any host corpTC01-out eq ssh access-list acl-out extended permit tcp object-group India host luna-out eq ldap access-list acl-out extended permit tcp object-group India host luna-out eq ldaps access-list acl-out extended permit tcp any host corpTC01-out eq 8080 access-list acl-out extended permit tcp any host corpTC01-out eq https access-list acl-out extended permit tcp any host corpTC01-out eq www access-list acl-out remark #### Starwood VPN Route Access #### access-list acl-out remark #### LDAP for PROD Servers #### access-list acl-out extended permit tcp object-group prodLDAP host luna-out eq ldaps access-list acl-out extended permit tcp object-group prodLDAP host luna-out eq ldap access-list acl-out extended permit tcp host nagios-ab host luna-out eq ldaps access-list acl-out extended permit tcp host nagios-ab host luna-out eq ldap access-list acl-out remark #### Bitbucket access #### access-list acl-out extended permit tcp object-group India host bitbucket-out eq www access-list acl-out extended permit tcp object-group India host bitbucket-out eq https access-list acl-out extended permit tcp object-group Denver host bitbucket-out eq www access-list acl-out extended permit tcp object-group Denver host bitbucket-out eq https access-list acl-out extended permit tcp object-group Prod host bitbucket-out eq www access-list acl-out extended permit tcp object-group Prod host bitbucket-out eq https access-list acl-out remark #### Jira access #### access-list acl-out extended permit tcp object-group India host jira eq www access-list acl-out extended permit tcp object-group India host jira eq https access-list acl-out extended permit tcp object-group Denver host jira eq www access-list acl-out extended permit tcp object-group Denver host jira eq https access-list acl-out extended permit tcp object-group Prod host jira eq www access-list acl-out extended permit tcp object-group Prod host jira eq https access-list acl-out extended permit tcp any host jira-out eq https access-list acl-out extended deny ip any any access-list acl-india extended permit ip 172.24.94.0 255.255.254.0 10.10.20.0 255.255.252.0 access-list acl-dmz extended permit ip DMZ_Network 255.255.255.0 172.24.94.0 255.255.254.0 access-list acl-dmz extended permit ip any DMZ_Network 255.255.255.0 log access-list acl-dmz extended permit icmp any DMZ_Network 255.255.255.0 access-list acl-dmz extended deny ip any any log access-list acl-vpn-denver extended permit ip 172.24.94.0 255.255.254.0 192.168.0.0 255.255.255.0 access-list QOS extended permit ip host 172.24.94.95 any access-list QOS extended permit ip any host 172.24.94.95 inactive access-list Inside_Guest_access_in extended permit ip any any access-list Inside_Guest_access_in extended deny ip any any log access-list inside_test extended permit tcp any eq www host jira access-list inside_test extended permit tcp any eq https host jira pager lines 24 logging enable logging timestamp logging asdm-buffer-size 200 logging monitor debugging logging buffered debugging logging trap informational logging history debugging logging asdm informational logging mail emergencies logging from-address corp-asa@xxxxxxx.net logging recipient-address itsupport@xxxxxxx.net level critical logging facility 23 logging host Inside orion no logging message 106015 no logging message 313001 no logging message 313008 no logging message 106023 no logging message 305006 no logging message 710003 no logging message 106100 no logging message 302015 no logging message 302014 no logging message 302013 no logging message 302018 no logging message 302017 no logging message 302016 no logging message 302021 no logging message 302020 flow-export destination Inside 172.24.95.189 5510 flow-export template timeout-rate 1 flow-export delay flow-create 20 mtu outside 1500 mtu Inside 1500 mtu dmz 1500 mtu management 1500 mtu Inside_Guest 1500 ip verify reverse-path interface Inside icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-634.bin no asdm history enable arp timeout 14400 nat-control global (outside) 101 interface nat (Inside) 0 access-list acl-vpn nat (Inside) 101 0.0.0.0 0.0.0.0 nat (Inside_Guest) 101 0.0.0.0 0.0.0.0 static (Inside,outside) mail-out helios netmask 255.255.255.255 tcp 0 8192 static (Inside,outside) apollo-out apollo netmask 255.255.255.255 tcp 500 0 static (Inside,outside) vijaiqa-out vijaiqa netmask 255.255.255.255 static (Inside,outside) orion-out orion netmask 255.255.255.255 tcp 500 500 static (Inside,outside) hub-out talon netmask 255.255.255.255 tcp 500 500 static (Inside,outside) trend-out halo netmask 255.255.255.255 tcp 500 500 static (Inside,outside) aegean-out aegean netmask 255.255.255.255 tcp 500 500 static (Inside,outside) corpTC01-out corpTC01 netmask 255.255.255.255 tcp 500 500 static (Inside,outside) sip-out sip netmask 255.255.255.255 tcp 0 8192 static (Inside,outside) luna-out luna netmask 255.255.255.255 static (Inside,outside) xwiki-out xwiki netmask 255.255.255.255 tcp 0 8192 static (Inside,outside) qadev-out qalinux netmask 255.255.255.255 tcp 0 8192 static (Inside,outside) LDAP389-out LDAP389 netmask 255.255.255.255 tcp 0 8192 static (Inside,outside) dbqa-out dbqa netmask 255.255.255.255 tcp 0 8192 static (Inside,outside) wsus-out wsus netmask 255.255.255.255 static (Inside,outside) linux-vpn-out linux-vpn netmask 255.255.255.255 static (Inside,outside) PO-out PO netmask 255.255.255.255 static (Inside,outside) jira-out jira netmask 255.255.255.255 tcp 0 8192 static (dmz,dmz) DMZ_Network DMZ_Network netmask 255.255.255.0 static (Inside,Inside) 172.24.94.0 172.24.94.0 netmask 255.255.254.0 access-group acl-out in interface outside access-group acl-in in interface Inside access-group acl-dmz in interface dmz access-group Inside_Guest_access_in in interface Inside_Guest route outside 0.0.0.0 0.0.0.0 xxx.xxx.xxx.225 1 route dmz Road_Warriors 255.255.254.0 10.0.90.1 1 policy-map type inspect dns migrated_dns_map_1 parameters message-length maximum client auto message-length maximum 512 policy-map global_policy class inspection_default inspect dns migrated_dns_map_1 inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect ip-options inspect icmp inspect icmp error inspect pptp class NetFlow-traffic class class-default policy-map SIP_SHAPE class class-default shape average 90000000 service-policy SIP_PRIORITY policy-map QOS_WEB-LIMIT class QOS_WEB-LIMIT police output 40000000 40000000 police input 40000000 40000000 ! service-policy global_policy global service-policy QOS_WEB-LIMIT interface Inside smtp-server 172.24.94.8 prompt hostname context call-home profile CiscoTAC-1 no active destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address email callhome@cisco.com destination transport-method http subscribe-to-alert-group diagnostic subscribe-to-alert-group environment subscribe-to-alert-group inventory periodic monthly subscribe-to-alert-group configuration periodic monthly subscribe-to-alert-group telemetry periodic daily Cryptochecksum:dc7e1f089e739da64e31d83dfa5b1aaa : end corpasa5510#