: Saved
: Written by enable_15 at 15:01:51.794 UTC Tue Jan 27 2015
!
ASA Version 8.0(3)
!
hostname slappyfw1
domain-name slappy.com
enable password 6NSln6otKGstraBl encrypted
names
!
interface Vlan1
 nameif outside
 security-level 0
 ip address 99.98.97.2 255.255.255.192
!
interface Vlan2
 nameif inside
 security-level 100
 ip address 10.11.1.1 255.255.255.0
!
interface Ethernet0/0
!
interface Ethernet0/1
 switchport access vlan 2
!
interface Ethernet0/2
 switchport access vlan 2
 shutdown
!
interface Ethernet0/3
 switchport access vlan 2
 shutdown
!
interface Ethernet0/4
 switchport access vlan 2
 shutdown
!
interface Ethernet0/5
 switchport access vlan 2
 shutdown
!
interface Ethernet0/6
 shutdown
!
interface Ethernet0/7
 shutdown
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
dns server-group DefaultDNS
 domain-name slappy.com
access-list 105 extended permit tcp any host 99.98.97.2 eq 8080
access-list 105 extended permit tcp any host 99.98.97.2 eq www
access-list 105 extended permit tcp any host 99.98.97.2 eq ftp-data
access-list 105 extended permit tcp any host 99.98.97.2 eq ftp
access-list 105 extended permit udp any host 99.98.97.2 eq www
access-list 105 extended permit udp any host 99.98.97.2 eq 20
access-list 105 extended permit udp any host 99.98.97.2 eq 21
access-list 105 extended permit tcp any host 99.98.97.2 eq 2233
access-list 105 extended permit udp any host 99.98.97.2 eq 2233
access-list 105 extended permit icmp any any
access-list 105 extended permit tcp any host 99.98.97.2 eq pop3
access-list 105 extended permit tcp any host 99.98.97.2 eq imap4
access-list 105 extended permit udp any host 99.98.97.2 eq 143
access-list 105 extended permit udp any host 99.98.97.2 eq 110
access-list 105 extended permit tcp any host 99.98.97.2 eq smtp
access-list 105 extended permit tcp any host 99.98.97.2 eq 1443
access-list 105 extended permit udp any host 99.98.97.2 eq 1443
access-list 105 extended permit udp any host 99.98.97.2 eq 1444
access-list 105 extended permit tcp any host 99.98.97.2 eq 1444
access-list 105 extended permit tcp any host 99.98.97.2 eq pptp
access-list 105 extended permit udp any host 99.98.97.2 eq 47
access-list 105 extended permit tcp any host 99.98.97.2 eq 47
access-list 105 extended permit udp any host 99.98.97.2 eq 1723
access-list 105 extended permit udp any host 99.98.97.2 eq 45
access-list 105 extended permit tcp any host 99.98.97.2 eq 45
access-list 105 extended permit gre any any
access-list 105 extended permit tcp any any eq pptp
access-list 105 extended permit udp any host 99.98.97.2 eq 10000
access-list 105 extended permit udp any host 99.98.97.2 eq isakmp
access-list 105 extended permit tcp any host 99.98.97.2 eq 50
access-list 105 extended permit udp any host 99.98.97.2 eq 4500
access-list 105 extended permit tcp any host 99.98.97.2 eq 10000
access-list 105 extended permit tcp any host 99.98.97.2 eq 500
access-list 105 extended permit esp any host 99.98.97.2
access-list 105 extended permit udp any host 99.98.97.11 eq www
access-list 105 extended permit tcp any host 99.98.97.11 eq www
access-list 105 extended permit tcp any host 99.98.97.11 eq https
access-list 105 extended permit udp any host 99.98.97.11 eq 443
access-list 105 extended permit tcp any host 99.98.97.16 eq www
access-list 105 extended permit udp any host 99.98.97.16 eq www
access-list 105 extended permit udp any host 99.98.97.32
access-list 105 extended permit tcp any host 99.98.97.32
access-list 105 extended permit tcp any host 99.98.97.16 eq 8080
access-list 105 extended permit udp any host 99.98.97.16 eq 8080
access-list 105 extended permit udp any host 99.98.97.34 eq www
access-list 105 extended permit tcp any host 99.98.97.34 eq www
access-list 105 extended permit tcp any host 99.98.97.34
access-list 105 extended permit udp any host 99.98.97.30 eq 990
access-list 105 extended permit tcp any host 99.98.97.30 eq 990
access-list 105 extended permit tcp any host 99.98.97.30 eq 50000
access-list 105 extended permit tcp any host 99.98.97.30 eq 50001
access-list 105 extended permit tcp any host 99.98.97.30 eq 50002
access-list 105 extended permit tcp any host 99.98.97.30 eq 50003
access-list 105 extended permit tcp any host 99.98.97.30 eq 50004
access-list 105 extended permit tcp any host 99.98.97.2 eq 50000
access-list 105 extended permit tcp any host 99.98.97.2 eq 50001
access-list 105 extended permit tcp any host 99.98.97.2 eq 50002
access-list 105 extended permit tcp any host 99.98.97.2 eq 50003
access-list 105 extended permit tcp any host 99.98.97.2 eq 50004
access-list 105 extended permit tcp any host 99.98.97.10 eq 5555
access-list 105 extended permit udp any host 99.98.97.10 eq 5555
access-list 105 extended permit udp any host 99.98.97.9
access-list 105 extended permit tcp any host 99.98.97.9
access-list 105 extended permit tcp any host 99.98.97.2 eq 4110
access-list 105 extended permit tcp any host 99.98.97.2 eq 4112
access-list 105 extended permit tcp any host 99.98.97.2 eq 4113
access-list 105 extended permit tcp any host 99.98.97.14 eq www
access-list 105 extended permit udp any host 99.98.97.14 eq www
access-list 105 extended permit tcp any host 99.98.97.2 eq 50005
access-list 105 extended permit tcp any host 99.98.97.2 eq 50006
access-list 105 extended permit tcp any host 99.98.97.2 eq 50007
access-list 105 extended permit tcp any host 99.98.97.2 eq 50008
access-list 105 extended permit tcp any host 99.98.97.2 eq 50009
access-list 105 extended permit tcp any host 99.98.97.2 eq 50010
access-list 105 extended permit tcp any host 99.98.97.2 eq 50011
access-list 105 extended permit tcp any host 99.98.97.2 eq 50012
access-list 105 extended permit tcp any host 99.98.97.2 eq 50013
access-list 105 extended permit tcp any host 99.98.97.2 eq 50014
access-list 105 extended permit tcp any host 99.98.97.2 eq 50015
access-list 105 extended permit tcp any host 99.98.97.2 eq 50016
access-list 105 extended permit tcp any host 99.98.97.2 eq 50017
access-list 105 extended permit tcp any host 99.98.97.2 eq 50018
access-list 105 extended permit tcp any host 99.98.97.2 eq 50019
access-list 105 extended permit tcp any host 99.98.97.2 eq 50020
access-list 105 extended permit udp any host 99.98.97.50 eq www
access-list 105 extended permit tcp any host 99.98.97.50 eq www
access-list 105 extended permit udp any host 99.98.97.33 eq www
access-list 105 extended permit tcp any host 99.98.97.33 eq www
access-list 105 extended permit tcp any host 99.98.97.44
access-list 105 extended permit udp any host 99.98.97.44
access-list 105 extended permit tcp any host 99.98.97.59 eq www
access-list 105 extended permit udp any host 99.98.97.59 eq www
access-list 105 extended permit tcp any host 99.98.97.39 eq 5422
access-list 105 extended permit udp any host 99.98.97.39 eq 5422
access-list 105 extended permit tcp any host 99.98.97.39 eq www
access-list 105 extended permit udp any host 99.98.97.39 eq www
access-list 105 extended permit tcp any host 99.98.97.22 eq www
access-list 105 extended permit udp any host 99.98.97.22 eq www
access-list 105 extended permit tcp any host 99.98.97.57 eq 5422
access-list 105 extended permit udp any host 99.98.97.57 eq 5422
access-list 105 extended permit tcp any host 99.98.97.57 eq www
access-list 105 extended permit udp any host 99.98.97.57 eq www
access-list 105 extended permit tcp any host 99.98.97.40 eq www
access-list 105 extended permit udp any host 99.98.97.40 eq www
access-list 105 extended permit tcp any host 99.98.97.40 eq 8000
access-list 105 extended permit tcp any host 99.98.97.40 eq 8080
access-list 105 extended permit tcp any host 99.98.97.40 eq 491
access-list 105 extended permit udp any host 99.98.97.40 eq 8080
access-list 105 extended permit udp any host 99.98.97.40 eq 8000
access-list 105 extended permit tcp any host 99.98.97.40 eq https
access-list 105 extended permit tcp any host 99.98.97.12 eq https
access-list 105 extended permit udp any host 99.98.97.12 eq 443
access-list 105 extended permit tcp any host 99.98.97.12 eq 8443
access-list 105 extended permit udp any host 99.98.97.12 eq 8443
access-list 105 extended permit tcp any host 99.98.97.52 eq 5422
access-list 105 extended permit udp any host 99.98.97.52 eq 5422
access-list 105 extended permit tcp any host 99.98.97.14 eq https
access-list 105 extended permit udp any host 99.98.97.14 eq 443
access-list 105 extended permit tcp any host 99.98.97.33 eq https
access-list 105 extended permit tcp any host 99.98.97.18 eq www
access-list 105 extended permit udp any host 99.98.97.18 eq www
access-list 105 extended permit tcp any host 99.98.97.23 eq www
access-list 105 extended permit udp any host 99.98.97.23 eq www
access-list 105 extended permit tcp any host 99.98.97.13 eq https
access-list 105 extended permit udp any host 99.98.97.13 eq 443
access-list 105 extended permit tcp any host 99.98.97.15 eq https
access-list 105 extended permit udp any host 99.98.97.15 eq 443
access-list 105 extended permit tcp any host 99.98.97.13 eq www
access-list 105 extended permit udp any host 99.98.97.13 eq www
access-list 105 extended permit tcp any host 99.98.97.20 eq 8080
access-list 105 extended permit udp any host 99.98.97.20 eq 8080
pager lines 24
logging enable
logging buffered debugging
logging asdm informational
mtu outside 1500
mtu inside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-603.bin
asdm location 10.11.1.2 255.255.255.255 inside
asdm location 10.11.1.212 255.255.255.255 inside
asdm location 10.11.1.216 255.255.255.255 inside
asdm location 10.11.2.242 255.255.255.255 inside
asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) udp interface www 10.11.1.212 www netmask 255.255.255.255
static (inside,outside) tcp interface www 10.11.1.212 www netmask 255.255.255.255
static (inside,outside) udp interface 2233 10.11.1.2 2233 netmask 255.255.255.255
static (inside,outside) tcp interface 2233 10.11.1.2 2233 netmask 255.255.255.255
static (inside,outside) udp interface 10000 10.11.1.3 10000 netmask 255.255.255.255
static (inside,outside) tcp interface pptp 10.11.1.3 pptp netmask 255.255.255.255
static (inside,outside) tcp interface imap4 10.11.2.224 imap4 netmask 255.255.255.255
static (inside,outside) tcp 99.98.97.34 www 10.11.3.66 www netmask 255.255.255.255
static (inside,outside) udp 99.98.97.34 www 10.11.3.66 www netmask 255.255.255.255
static (inside,outside) tcp 99.98.97.30 990 10.11.1.216 990 netmask 255.255.255.255
static (inside,outside) udp 99.98.97.34 990 10.11.1.216 990 netmask 255.255.255.255
static (inside,outside) tcp 99.98.97.30 50000 10.11.1.216 50000 netmask 255.255.255.255
static (inside,outside) tcp 99.98.97.30 50001 10.11.1.216 50001 netmask 255.255.255.255
static (inside,outside) tcp 99.98.97.30 50002 10.11.1.216 50002 netmask 255.255.255.255
static (inside,outside) tcp 99.98.97.30 50003 10.11.1.216 50003 netmask 255.255.255.255
static (inside,outside) tcp 99.98.97.30 50004 10.11.1.216 50004 netmask 255.255.255.255
static (inside,outside) tcp interface 50000 10.11.1.213 50000 netmask 255.255.255.255
static (inside,outside) tcp interface 50001 10.11.1.213 50001 netmask 255.255.255.255
static (inside,outside) tcp interface 50002 10.11.1.213 50002 netmask 255.255.255.255
static (inside,outside) tcp interface 50003 10.11.1.213 50003 netmask 255.255.255.255
static (inside,outside) tcp interface 50004 10.11.1.213 50004 netmask 255.255.255.255
static (inside,outside) udp interface 20 10.11.1.213 20 netmask 255.255.255.255
static (inside,outside) udp interface 21 10.11.1.213 21 netmask 255.255.255.255
static (inside,outside) tcp interface ftp 10.11.1.213 ftp netmask 255.255.255.255
static (inside,outside) tcp 99.98.97.10 5555 10.11.3.245 5555 netmask 255.255.255.255
static (inside,outside) udp 99.98.97.10 5555 10.11.3.245 5555 netmask 255.255.255.255
static (inside,outside) udp interface 4500 10.11.1.3 4500 netmask 255.255.255.255
static (inside,outside) tcp interface 4110 10.11.3.60 4110 netmask 255.255.255.255
static (inside,outside) tcp interface 4112 10.11.3.60 4112 netmask 255.255.255.255
static (inside,outside) tcp interface 4113 10.11.3.60 4113 netmask 255.255.255.255
static (inside,outside) tcp 99.98.97.50 www 10.11.3.143 www netmask 255.255.255.255
static (inside,outside) udp 99.98.97.50 www 10.11.3.143 www netmask 255.255.255.255
static (inside,outside) tcp 99.98.97.14 www 10.11.5.34 www netmask 255.255.255.255
static (inside,outside) udp 99.98.97.14 www 10.11.5.34 www netmask 255.255.255.255
static (inside,outside) tcp 99.98.97.16 www 10.11.3.78 www netmask 255.255.255.255
static (inside,outside) udp 99.98.97.16 www 10.11.3.78 www netmask 255.255.255.255
static (inside,outside) tcp 99.98.97.59 www 10.11.5.61 www netmask 255.255.255.255
static (inside,outside) udp 99.98.97.59 www 10.11.5.61 www netmask 255.255.255.255
static (inside,outside) tcp 99.98.97.9 www 10.11.3.171 www netmask 255.255.255.255
static (inside,outside) udp 99.98.97.9 www 10.11.3.171 www netmask 255.255.255.255
static (inside,outside) tcp 99.98.97.22 www 10.11.3.61 www netmask 255.255.255.255
static (inside,outside) udp 99.98.97.22 www 10.11.3.61 www netmask 255.255.255.255
static (inside,outside) tcp 99.98.97.32 www 10.11.3.69 www netmask 255.255.255.255
static (inside,outside) udp 99.98.97.32 www 10.11.3.69 www netmask 255.255.255.255
static (inside,outside) tcp 99.98.97.57 5422 10.11.5.67 5422 netmask 255.255.255.255
static (inside,outside) udp 99.98.97.57 5422 10.11.5.67 5422 netmask 255.255.255.255
static (inside,outside) tcp 99.98.97.57 www 10.11.5.67 www netmask 255.255.255.255
static (inside,outside) udp 99.98.97.57 www 10.11.5.67 www netmask 255.255.255.255
static (inside,outside) tcp 99.98.97.40 www 10.11.1.211 www netmask 255.255.255.255
static (inside,outside) tcp 99.98.97.40 8000 10.11.1.211 8000 netmask 255.255.255.255
static (inside,outside) udp 99.98.97.40 www 10.11.1.211 www netmask 255.255.255.255
static (inside,outside) udp 99.98.97.40 8000 10.11.1.211 8000 netmask 255.255.255.255
static (inside,outside) tcp 99.98.97.40 https 10.11.1.211 8080 netmask 255.255.255.255
static (inside,outside) udp 99.98.97.40 443 10.11.1.211 8080 netmask 255.255.255.255
static (inside,outside) tcp 99.98.97.12 https 10.11.3.24 https netmask 255.255.255.255
static (inside,outside) udp 99.98.97.12 443 10.11.3.24 443 netmask 255.255.255.255
static (inside,outside) tcp 99.98.97.12 8443 10.11.3.24 8443 netmask 255.255.255.255
static (inside,outside) udp 99.98.97.12 8443 10.11.3.24 8443 netmask 255.255.255.255
static (inside,outside) tcp 99.98.97.52 5422 10.11.3.18 5422 netmask 255.255.255.255
static (inside,outside) udp 99.98.97.52 5422 10.11.3.18 5422 netmask 255.255.255.255
static (inside,outside) tcp 99.98.97.14 https 10.11.5.34 https netmask 255.255.255.255
static (inside,outside) udp 99.98.97.14 443 10.11.5.34 443 netmask 255.255.255.255
static (inside,outside) tcp interface ftp-data 10.11.1.212 ftp-data netmask 255.255.255.255
static (inside,outside) tcp 99.98.97.33 www 10.11.5.17 www netmask 255.255.255.255
static (inside,outside) udp 99.98.97.33 www 10.11.5.17 www netmask 255.255.255.255
static (inside,outside) tcp 99.98.97.33 https 10.11.5.17 https netmask 255.255.255.255
static (inside,outside) tcp 99.98.97.18 www 10.11.3.8 www netmask 255.255.255.255
static (inside,outside) udp 99.98.97.18 www 10.11.3.8 www netmask 255.255.255.255
static (inside,outside) tcp 99.98.97.23 www 10.11.3.58 www netmask 255.255.255.255
static (inside,outside) udp 99.98.97.23 www 10.11.3.58 www netmask 255.255.255.255
static (inside,outside) tcp 99.98.97.39 5422 10.11.3.64 5422 netmask 255.255.255.255
static (inside,outside) udp 99.98.97.39 5422 10.11.3.64 5422 netmask 255.255.255.255
static (inside,outside) tcp 99.98.97.39 www 10.11.3.64 www netmask 255.255.255.255
static (inside,outside) udp 99.98.97.39 www 10.11.3.64 www netmask 255.255.255.255
static (inside,outside) tcp 99.98.97.13 https 10.11.3.168 https netmask 255.255.255.255
static (inside,outside) udp 99.98.97.13 443 10.11.3.168 443 netmask 255.255.255.255
static (inside,outside) tcp 99.98.97.15 https 10.11.3.113 https netmask 255.255.255.255
static (inside,outside) udp 99.98.97.15 443 10.11.3.113 443 netmask 255.255.255.255
static (inside,outside) tcp 99.98.97.13 www 10.11.3.168 www netmask 255.255.255.255
static (inside,outside) udp 99.98.97.13 www 10.11.3.168 www netmask 255.255.255.255
static (inside,outside) tcp 99.98.97.20 8080 10.11.3.86 8080 netmask 255.255.255.255
static (inside,outside) udp 99.98.97.20 8080 10.11.3.86 8080 netmask 255.255.255.255
static (inside,outside) tcp interface pop3 10.11.2.247 pop3 netmask 255.255.255.255
static (inside,outside) udp interface 110 10.11.2.247 110 netmask 255.255.255.255
static (inside,outside) udp interface 25 10.11.2.247 25 netmask 255.255.255.255
static (inside,outside) tcp interface smtp 10.11.2.247 smtp netmask 255.255.255.255
static (inside,outside) udp interface 143 10.11.2.247 143 netmask 255.255.255.255
static (inside,outside) udp 99.98.97.11 www 10.11.2.247 www netmask 255.255.255.255
static (inside,outside) tcp 99.98.97.11 www 10.11.2.247 www netmask 255.255.255.255
static (inside,outside) tcp 99.98.97.11 https 10.11.2.247 https netmask 255.255.255.255
static (inside,outside) udp 99.98.97.11 443 10.11.2.247 443 netmask 255.255.255.255
static (inside,outside) 99.98.97.44 10.11.3.149 netmask 255.255.255.255
access-group 105 in interface outside
route outside 0.0.0.0 0.0.0.0 99.98.97.1 1
route inside 10.11.2.0 255.255.255.0 10.11.1.2 1
route inside 10.11.3.0 255.255.255.0 10.11.1.2 1
route inside 10.11.4.0 255.255.255.0 10.11.1.2 1
route inside 10.11.5.0 255.255.255.0 10.11.1.2 1
route inside 10.11.6.0 255.255.255.0 10.11.1.2 1
route inside 10.11.7.0 255.255.255.0 10.11.1.2 1
route inside 10.11.111.0 255.255.255.0 10.11.1.2 1
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
http server enable
http 10.11.3.134 255.255.255.255 inside
http 10.11.1.0 255.255.255.0 inside
http 10.11.2.241 255.255.255.255 inside
http 10.11.2.240 255.255.255.255 inside
http 10.11.3.60 255.255.255.255 inside
http 200.9.49.66 255.255.255.255 outside
no snmp-server location
no snmp-server contact
snmp-server community public
snmp-server enable traps snmp authentication linkup linkdown coldstart
no crypto isakmp nat-traversal
telnet 10.11.2.242 255.255.255.255 inside
telnet 10.11.3.117 255.255.255.255 inside
telnet 10.11.2.240 255.255.255.255 inside
telnet 10.11.3.60 255.255.255.255 inside
telnet 10.11.2.241 255.255.255.255 inside
telnet 10.11.3.134 255.255.255.255 inside
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 60
console timeout 0
dhcpd dns 24.92.226.11 10.11.2.210
dhcpd ping_timeout 750
dhcpd domain slappy.com
dhcpd auto_config outside
!
dhcpd address 10.11.1.7-10.11.1.16 inside
!

threat-detection basic-threat
threat-detection statistics access-list
!
class-map class_ftp
 match port tcp eq 990
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
  inspect dns preset_dns_map
  inspect http
  inspect pptp
 class class_ftp
  inspect ftp
!
service-policy global_policy global
prompt hostname context