ASA Version 9.1(2) ! hostname ciscoasa enable password NdRM9NcNe2zsYOHs encrypted passwd NdRM9NcNe2zsYOHs encrypted names ! interface GigabitEthernet0/0 nameif outside security-level 0 ip address dhcp ! interface GigabitEthernet0/1 nameif inside security-level 100 ip address 192.168.1.254 255.255.255.0 ! interface GigabitEthernet0/2 shutdown no nameif no security-level no ip address ! interface GigabitEthernet0/3 shutdown no nameif no security-level no ip address ! interface GigabitEthernet0/4 shutdown no nameif no security-level no ip address ! interface GigabitEthernet0/5 shutdown no nameif no security-level no ip address ! interface Management0/0 management-only nameif management security-level 100 ip address 1.2.3.4 255.255.255.0 ! ftp mode passive clock timezone HKST 8 same-security-traffic permit inter-interface same-security-traffic permit intra-interface object network INSIDE_SUBNET subnet 192.168.1.0 255.255.255.0 object service FTP service tcp destination eq ftp object network FTP_Inside host 192.168.1.24 object network FTP_Outside host x.x.x.x object service Passive_FTP service tcp destination range 30000 35000 object service passive_FTP service tcp destination range 30000 35000 object-group protocol TCPUDP protocol-object udp protocol-object tcp access-list Outside_access_in extended permit tcp object FTP_Outside object FTP_Inside eq ftp access-list Outside_access_in extended permit tcp object FTP_Outside object FTP_Inside eq ftp-data access-list Outside_access_in extended permit tcp any object FTP_Outside eq ftp access-list inside_access_in extended permit ip any any access-list global_access extended permit tcp any any no pager logging enable logging asdm informational mtu outside 1500 mtu inside 1500 mtu management 1500 no failover icmp unreachable rate-limit 1 burst-size 1 no asdm history enable arp timeout 14400 no arp permit-nonconnected nat (outside,outside) source dynamic any interface destination static FTP_Inside FTP_Inside service FTP FTP nat (inside,outside) source dynamic any interface ! object network FTP_Inside nat (inside,outside) static interface service tcp ftp ftp access-group Outside_access_in in interface outside access-group inside_access_in in interface inside access-group global_access global route outside 0.0.0.0 0.0.0.0 x.x.x.x 1 timeout xlate 3:00:00 timeout pat-xlate 0:00:30 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 dynamic-access-policy-record DfltAccessPolicy user-identity default-domain LOCAL aaa authentication ssh console LOCAL http server enable http 192.168.1.0 255.255.255.0 management http 192.168.1.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart crypto ipsec security-association pmtu-aging infinite crypto ca trustpool policy telnet 192.168.1.0 255.255.255.0 inside telnet timeout 5 ssh 192.168.1.0 255.255.255.0 inside ssh timeout 5 ssh key-exchange group dh-group1-sha1 console timeout 0 threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept username admin password oiH6ZXXDN4VA2EqR encrypted ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum client auto message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect ip-options inspect icmp inspect icmp error class class-default user-statistics accounting ! service-policy global_policy global prompt hostname context no call-home reporting anonymous Cryptochecksum:d9493260bc7bec7a2b1ddeacde959fd6 : end ciscoasa(config)#