Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
331
Views
0
Helpful
0
Replies

ASA5510 confiuration help please

calexis01
Level 1
Level 1

‎09-18-2014 11:06 AM - edited ‎02-21-2020 05:17 AM

Hi Everyone I have the following situation. My organization just acquired a 2nd internet connection from Rogers (fiber)

To be used for Site to Site VPN Connections, Client access VPN, Email and all other server services.

My Current config is as follows

: Saved
:
ASA Version 8.4(3)
!
hostname ciscoasa
domain-name skylineonline.ca
enable password WFeWIs64GuAbwObi encrypted
passwd PvpVQIloouq8ng2u encrypted
names
name 200.170.150.89 A-200.170.150.89 description Spammer
!
interface Ethernet0/0
 nameif Atria
 security-level 0
 ip address pppoe setroute
!
interface Ethernet0/1
 description link to PIX
 nameif Skyline
 security-level 100
 ip address 172.20.20.1 255.255.254.0
!
interface Ethernet0/2
 description Isolated Internet Access
 nameif Guest
 security-level 100
 ip address 10.0.0.1 255.255.255.0
!
interface Ethernet0/3
 no nameif
 no security-level
 no ip address
!
interface Management0/0
 nameif management
 security-level 100
 ip address 192.168.10.1 255.255.255.0
 management-only
!
boot system disk0:/asa843-k8.bin
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns domain-lookup Atria
dns domain-lookup Skyline
dns domain-lookup Guest
dns server-group DefaultDNS
 name-server 172.20.20.8
 name-server 172.20.20.6
 domain-name skylineonline.ca
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network obj-192.168.20.0
 subnet 192.168.20.0 255.255.255.0
object network obj-172.20.20.0
 subnet 172.20.20.0 255.255.254.0
object network obj-192.168.2.0
 subnet 192.168.2.0 255.255.255.0
object network obj-192.168.0.0
 subnet 192.168.0.0 255.255.255.0
object network obj-192.168.1.0
 subnet 192.168.1.0 255.255.255.0
object network obj-172.20.20.7
 host 172.20.20.7
object network obj-172.20.20.7-01
 host 172.20.20.7
object network obj-172.20.20.5
 host 172.20.20.5
object network obj-172.20.20.7-02
 host 172.20.20.7
object network obj-172.20.20.6
 host 172.20.20.6
object network obj-172.20.20.6-01
 host 172.20.20.6
object network obj-172.20.20.6-02
 host 172.20.20.6
object network obj-172.20.20.6-03
 host 172.20.20.6
object network obj-172.20.20.6-04
 host 172.20.20.6
object network obj-172.20.20.6-05
 host 172.20.20.6
object network obj-172.20.20.7-03
 host 172.20.20.7
object network obj-172.20.20.2
 host 172.20.20.2
object network obj-10.0.0.0
 subnet 10.0.0.0 255.255.255.0
object network obj_any
 subnet 0.0.0.0 0.0.0.0
object network A-200.170.150.89
 host 200.170.150.89
 description Created during name migration
object network DHCPGroup
 range 172.20.20.146 172.20.21.254
 description All DHCP range
object network NETWORK_OBJ_192.168.20.0_24
 subnet 192.168.20.0 255.255.255.0
object network AnyConnect_Port_Redirection
 host 172.20.20.1
object network NETWORK_OBJ_172.20.20.0_23
 subnet 172.20.20.0 255.255.254.0
object network NETWORK_OBJ_192.168.5.0_24
 subnet 192.168.5.0 255.255.255.0
access-list Atria_access_in remark SSMTP
access-list Atria_access_in extended permit tcp any any eq 465
access-list Atria_access_in extended permit icmp any any
access-list Atria_access_in remark Getting hit by spam coming from this address.  Blocked.
access-list Atria_access_in extended deny ip host 64.191.155.11 any
access-list Atria_access_in remark Getting hit by spam coming from this address.  Blocked.
access-list Atria_access_in extended deny ip object A-200.170.150.89 any
access-list Atria_access_in remark OWA
access-list Atria_access_in extended permit tcp any any eq https
access-list Atria_access_in extended permit tcp any any eq smtp
access-list Atria_access_in extended permit tcp any any eq 123 inactive
access-list Atria_access_in extended permit tcp any any eq 4343
access-list Atria_access_in extended permit tcp any any eq 587
access-list Atria_access_in remark TM
access-list Atria_access_in extended permit tcp any any eq 56915
access-list Atria_access_in remark Trend Micro
access-list Atria_access_in extended permit tcp any any eq 8059 inactive
access-list Atria_access_in remark Sysaid
access-list Atria_access_in extended permit tcp any any eq netbios-ssn inactive
access-list Atria_access_in remark Sysaid
access-list Atria_access_in extended permit tcp any any eq 445 inactive
access-list Atria_access_in remark sysaid
access-list Atria_access_in extended permit udp any any eq netbios-ns inactive
access-list Atria_access_in remark Sysaid
access-list Atria_access_in extended permit udp any any eq 8193
access-list Atria_access_in remark AnyConnect
access-list Atria_access_in extended permit tcp any any eq 8443
access-list Atria_access_in remark sysaid
access-list Atria_access_in extended permit tcp any any eq 8090
access-list Atria_access_in remark Sysaid
access-list Atria_access_in extended permit udp any any eq netbios-dgm inactive
access-list acl_atria extended permit icmp any any
access-list acl_skyline extended permit ip any any
access-list Skyline_access_in extended deny tcp object DHCPGroup any eq smtp
access-list Skyline_access_in extended permit tcp any any eq smtp
access-list Skyline_access_in remark ZeroAccess - virus
access-list Skyline_access_in extended deny udp 172.20.20.0 255.255.254.0 any eq 16465 log alerts
access-list Skyline_access_in extended permit ip any any
access-list Skyline_access_in remark OWA
access-list Skyline_access_in extended permit tcp any any eq https inactive
access-list Skyline_access_in remark test for radius vpn authentication
access-list Skyline_access_in extended permit udp any host 172.20.20.6 eq radius
access-list Skyline_access_in remark test for radius vpn authentication
access-list Skyline_access_in extended permit udp any host 172.20.20.6 eq radius-acct
access-list Skyline_access_in remark test for ldap authentication
access-list Skyline_access_in extended permit tcp any host 172.20.20.6 eq ldap
access-list Skyline_nat0_outbound extended permit ip any 192.168.20.0 255.255.255.0
access-list Skyline_nat0_outbound extended permit ip 172.20.20.0 255.255.254.0 192.168.20.0 255.255.255.0
access-list Skyline_nat0_outbound extended permit ip 172.20.20.0 255.255.254.0 192.168.2.0 255.255.255.0
access-list Skyline_nat0_outbound extended permit ip 172.20.20.0 255.255.254.0 192.168.0.0 255.255.255.0
access-list Skyline_nat0_outbound extended permit ip 172.20.20.0 255.255.254.0 192.168.1.0 255.255.255.0
access-list management_1_cryptomap extended permit ip 172.20.20.0 255.255.254.0 any
access-list skyline_splitTunnelAcl standard permit 172.20.20.0 255.255.254.0
access-list Atria_2_cryptomap extended permit ip 172.20.20.0 255.255.254.0 192.168.1.0 255.255.255.0
access-list Guest_access_in extended permit ip any any
access-list Guest_access_in extended permit tcp any any eq smtp
access-list Atria_cryptomap_1 extended permit ip 172.20.20.0 255.255.254.0 192.168.0.0 255.255.255.0
access-list Atria_cryptomap extended permit ip 172.20.20.0 255.255.254.0 192.168.2.0 255.255.255.0
access-list global_mpc extended permit ip any any
access-list Atria_cryptomap_3 extended permit ip 172.20.20.0 255.255.254.0 192.168.0.0 255.255.255.0
access-list Atria_cryptomap_2 extended permit ip 172.20.20.0 255.255.254.0 192.168.5.0 255.255.255.0
pager lines 24
logging enable
logging console errors
logging asdm errors
no logging message 106015
no logging message 313001
no logging message 313008
no logging message 106023
no logging message 710003
no logging message 106100
no logging message 302015
no logging message 302014
no logging message 302013
no logging message 302018
no logging message 302017
no logging message 302016
no logging message 302021
no logging message 302020
flow-export destination Skyline 172.20.20.6 26000
mtu Atria 1500
mtu Skyline 1500
mtu Guest 1500
mtu management 1500
ip local pool VPN_Users 192.168.20.1-192.168.20.200 mask 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-645-106.bin
no asdm history enable
arp timeout 14400
nat (Skyline,any) source static any any destination static obj-192.168.20.0 obj-192.168.20.0 no-proxy-arp
nat (Skyline,any) source static obj-172.20.20.0 obj-172.20.20.0 destination static obj-192.168.20.0 obj-192.168.20.0 no-proxy-arp
nat (Skyline,any) source static obj-172.20.20.0 obj-172.20.20.0 destination static obj-192.168.2.0 obj-192.168.2.0 no-proxy-arp
nat (Skyline,any) source static obj-172.20.20.0 obj-172.20.20.0 destination static obj-192.168.0.0 obj-192.168.0.0 no-proxy-arp
nat (Skyline,any) source static obj-172.20.20.0 obj-172.20.20.0 destination static obj-192.168.1.0 obj-192.168.1.0 no-proxy-arp
nat (Skyline,Atria) source static any any destination static NETWORK_OBJ_192.168.20.0_24 NETWORK_OBJ_192.168.20.0_24 no-proxy-arp route-lookup
nat (Atria,Atria) source static NETWORK_OBJ_172.20.20.0_23 NETWORK_OBJ_172.20.20.0_23 destination static NETWORK_OBJ_192.168.5.0_24 NETWORK_OBJ_192.168.5.0_24 no-proxy-arp route-lookup
!
object network obj-172.20.20.0
 nat (Skyline,Atria) dynamic interface
object network obj-172.20.20.7
 nat (Skyline,Atria) static interface service tcp smtp smtp
object network obj-172.20.20.7-01
 nat (Skyline,Atria) static interface service tcp 465 465
object network obj-172.20.20.5
 nat (Skyline,Atria) static interface service tcp 123 123
object network obj-172.20.20.7-02
 nat (Skyline,Atria) static interface service tcp 587 587
object network obj-172.20.20.6
 nat (Skyline,Atria) static interface service tcp netbios-ssn netbios-ssn
object network obj-172.20.20.6-01
 nat (Skyline,Atria) static interface service tcp 445 445
object network obj-172.20.20.6-02
 nat (Skyline,Atria) static interface service udp netbios-ns netbios-ns
object network obj-172.20.20.6-03
 nat (Skyline,Atria) static interface service udp netbios-dgm netbios-dgm
object network obj-172.20.20.6-04
 nat (Skyline,Atria) static interface service udp 8193 8193
object network obj-172.20.20.6-05
 nat (Skyline,Atria) static interface service tcp 8090 8090
object network obj-172.20.20.7-03
 nat (Skyline,Atria) static interface service tcp https https
object network obj-172.20.20.2
 nat (Skyline,Atria) static interface service tcp 3443 3443
object network obj-10.0.0.0
 nat (Guest,Atria) dynamic interface
object network obj_any
 nat (management,Atria) dynamic interface
access-group Atria_access_in in interface Atria
access-group Skyline_access_in in interface Skyline
access-group Guest_access_in in interface Guest
route Skyline 192.168.5.0 255.255.255.0 172.20.20.183 1
route Skyline 192.168.128.0 255.255.255.0 172.20.20.183 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server VPNUsers protocol radius
aaa-server VPNUsers (Skyline) host 172.20.20.5
 timeout 5
 key *****
aaa-server LDAPServer protocol ldap
aaa-server LDAPServer (Skyline) host 172.20.20.6
 ldap-base-dn dc=skylineonline,dc=ca
 ldap-scope subtree
 ldap-naming-attribute sAMAccountName
 ldap-login-password *****
 ldap-login-dn cn=administrator,cn=Users,dn=skylineonline,dn=ca
 server-type auto-detect
aaa-server RadiusServer protocol radius
aaa-server RadiusServer (Skyline) host 172.20.20.6
 timeout 60
 key *****
user-identity default-domain LOCAL
http server enable
http 192.168.10.0 255.255.255.0 management
snmp-server host Skyline 172.20.20.1 community *****
snmp-server host Skyline 172.20.20.6 community *****
no snmp-server location
no snmp-server contact
snmp-server community *****
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set Meraki esp-3des esp-sha-hmac
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map management_map 1 set pfs group1
crypto map management_map 1 set peer 216.171.111.46
crypto map management_map 1 set ikev1 transform-set ESP-3DES-MD5
crypto map management_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map management_map interface management
crypto map Atria_map 1 set pfs group1
crypto map Atria_map 1 set peer 216.171.111.46
crypto map Atria_map 1 set ikev1 transform-set ESP-3DES-MD5
crypto map Atria_map 2 match address Atria_2_cryptomap
crypto map Atria_map 2 set peer 208.124.168.50
crypto map Atria_map 2 set ikev1 transform-set Meraki
crypto map Atria_map 3 match address Atria_cryptomap
crypto map Atria_map 3 set pfs group1
crypto map Atria_map 3 set peer 165.154.87.33
crypto map Atria_map 3 set ikev1 transform-set ESP-3DES-MD5
crypto map Atria_map 4 match address Atria_cryptomap_3
crypto map Atria_map 4 set pfs group1
crypto map Atria_map 4 set peer 64.56.236.127
crypto map Atria_map 4 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map Atria_map 5 match address Atria_cryptomap_2
crypto map Atria_map 5 set peer 70.53.70.124
crypto map Atria_map 5 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map Atria_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map Atria_map interface Atria
crypto ca trustpoint ASDM_TrustPoint0
 enrollment self
 subject-name CN=ciscoasa
 proxy-ldc-issuer
 crl configure
crypto ca certificate chain ASDM_TrustPoint0
 certificate 8cd2d952
    30820256 308201bf a0030201 0202048c d2d95230 0d06092a 864886f7 0d010105
    0500303d 3111300f 06035504 03130863 6973636f 61736131 28302606 092a8648
    86f70d01 09021619 63697363 6f617361 2e736b79 6c696e65 6f6e6c69 6e652e63
    61301e17 0d313430 31323032 30303633 305a170d 32343031 31383230 30363330
    5a303d31 11300f06 03550403 13086369 73636f61 73613128 30260609 2a864886
    f70d0109 02161963 6973636f 6173612e 736b796c 696e656f 6e6c696e 652e6361
    30819f30 0d06092a 864886f7 0d010101 05000381 8d003081 89028181 009eb929
    73c4daf1 66efdd18 d13f4819 8f96d3c9 9cf966a7 b0f7daec 9f72b7ca 9eac4c59
    23864b99 b928c51e 88390675 31043121 fb047f8f ec271ce0 11272175 4c05cd86
    ff453f5b d9231bd8 ceba8712 04c9bd15 2f9460b9 1592fc56 da483c8f 1f07b24d
    4ce02ecd e8f059c5 fac4ecb9 7e792995 51d2df23 57f2512e 1a3e74cb cb020301
    0001a363 3061300f 0603551d 130101ff 04053003 0101ff30 0e060355 1d0f0101
    ff040403 02018630 1f060355 1d230418 30168014 66f9981b 7889bdd7 325753a2
    88f352af aa3e7e06 301d0603 551d0e04 16041466 f9981b78 89bdd732 5753a288
    f352afaa 3e7e0630 0d06092a 864886f7 0d010105 05000381 81000e3b fc44647d
    277a09d6 490fed03 177631dc 5e377466 f80c7324 1f786c84 c277171a 0ce8fad9
    e3dbd1a2 7772fab9 502fb394 3b320cb0 c49af69e cc1a2241 bfab40cc b1c4b180
    ae5b9f47 416eeb22 c3ae2fc0 1295f831 c58304e3 150ea3f7 a439a1e8 e318628f
    6789b998 a7539deb 9da58520 8e77612d fc6f3ce1 ec645ae8 ff22
  quit
crypto ikev2 remote-access trustpoint ASDM_TrustPoint0
crypto ikev1 enable Atria
crypto ikev1 policy 30
 authentication pre-share
 encryption 3des
 hash md5
 group 1
 lifetime 86400
crypto ikev1 policy 50
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 60
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 28800
telnet 172.20.20.0 255.255.254.0 Skyline
telnet 192.168.10.0 255.255.255.0 management
telnet timeout 240
ssh timeout 5
console timeout 0
vpdn group bell request dialout pppoe
vpdn group bell localname Skyl001@bellnet.ca
vpdn group top ppp authentication pap
vpdn username Skyl001@bellnet.ca password *****
dhcpd address 192.168.10.2-192.168.10.254 management
!
threat-detection basic-threat
threat-detection scanning-threat
threat-detection statistics host number-of-rate 2
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
ssl trust-point ASDM_TrustPoint0 Atria
webvpn
 port 8443
 enable Atria
 anyconnect image disk0:/anyconnect-win-2.5.2014-k9.pkg 1
 anyconnect image disk0:/anyconnect-macosx-i386-2.5.2014-k9.pkg 2
 anyconnect enable
 tunnel-group-list enable
group-policy DfltGrpPolicy attributes
 vpn-tunnel-protocol ikev1 l2tp-ipsec
group-policy GroupPolicy_Anyconnect_Skyline internal
group-policy GroupPolicy_Anyconnect_Skyline attributes
 wins-server none
 dns-server value 8.8.8.8 4.2.2.2
 vpn-tunnel-protocol ssl-client
 default-domain value skylineonline.ca
group-policy GroupPolicy_70.53.70.124 internal
group-policy GroupPolicy_70.53.70.124 attributes
 vpn-tunnel-protocol ikev1
group-policy GroupPolicy1 internal
group-policy GroupPolicy1 attributes
 vpn-tunnel-protocol ikev1
group-policy skyline_1 internal
group-policy skyline_1 attributes
 wins-server none
 dns-server value 172.20.20.8
 vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec ssl-client
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value skyline_splitTunnelAcl
 default-domain value skylineonline.ca
group-policy skyline internal
group-policy skyline attributes
 dns-server value 172.20.20.5
 vpn-tunnel-protocol ikev1
 default-domain value skylineonline.ca
group-policy ktestasa internal
group-policy ktestasa attributes
 dns-server value 172.20.20.5
 vpn-tunnel-protocol ssl-client
username skyline password skyDhyvHhEoefFsP encrypted privilege 0
username skyline attributes
 vpn-group-policy skyline
 vpn-simultaneous-logins 200
username ktestuser password qUNBBHUaM8JSSiwY encrypted privilege 0
username ktestuser attributes
 vpn-group-policy ktestasa
tunnel-group skyline type remote-access
tunnel-group skyline general-attributes
 address-pool VPN_Users
 default-group-policy skyline_1
tunnel-group skyline ipsec-attributes
 ikev1 pre-shared-key *****
 isakmp keepalive disable
tunnel-group ktestasa type remote-access
tunnel-group ktestasa general-attributes
 address-pool VPN_Users
 default-group-policy ktestasa
tunnel-group ktestasa ipsec-attributes
 ikev1 pre-shared-key *****
tunnel-group 208.124.168.50 type ipsec-l2l
tunnel-group 208.124.168.50 ipsec-attributes
 ikev1 pre-shared-key *****
tunnel-group SkylineRD type remote-access
tunnel-group SkylineRD general-attributes
 address-pool VPN_Users
 authentication-server-group RadiusServer
 default-group-policy skyline_1
tunnel-group SkylineRD ipsec-attributes
 ikev1 pre-shared-key *****
tunnel-group 173.206.130.63 type ipsec-l2l
tunnel-group 173.206.130.63 ipsec-attributes
 ikev1 pre-shared-key *****
tunnel-group 165.154.87.33 type ipsec-l2l
tunnel-group 165.154.87.33 ipsec-attributes
 ikev1 pre-shared-key *****
tunnel-group Anyconnect_Skyline type remote-access
tunnel-group Anyconnect_Skyline general-attributes
 address-pool VPN_Users
 authentication-server-group RadiusServer
 default-group-policy skyline_1
tunnel-group Anyconnect_Skyline webvpn-attributes
 group-alias Anyconnect_Skyline enable
tunnel-group 64.56.236.127 type ipsec-l2l
tunnel-group 64.56.236.127 ipsec-attributes
 ikev1 pre-shared-key *****
tunnel-group 173.206.129.126 type ipsec-l2l
tunnel-group 173.206.129.126 ipsec-attributes
 ikev1 pre-shared-key *****
tunnel-group 70.53.70.124 type ipsec-l2l
tunnel-group 70.53.70.124 general-attributes
 default-group-policy GroupPolicy1
tunnel-group 70.53.70.124 ipsec-attributes
 ikev1 pre-shared-key *****
!
class-map global-class
 match access-list global_mpc
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 description Netflow
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect sqlnet
  inspect skinny  
  inspect sunrpc
  inspect xdmcp
  inspect sip  
  inspect netbios
  inspect tftp
  inspect ip-options
 class global-class
  flow-export event-type all destination 172.20.20.6
 class class-default
  user-statistics accounting
policy-map global-policy
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
 profile CiscoTAC-1
  no active
  destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
  destination address email callhome@cisco.com
  destination transport-method http
  subscribe-to-alert-group diagnostic
  subscribe-to-alert-group environment
  subscribe-to-alert-group inventory periodic monthly
  subscribe-to-alert-group configuration periodic monthly
  subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:a658984a2f9338972f5c25da655cc3ac
: end
asdm image disk0:/asdm-645-106.bin
asdm location 192.168.2.0 255.255.255.0 Skyline
asdm location A-200.170.150.89 255.255.255.255 Skyline
no asdm history enable

 

Any help will be greatly appreciated.

 

0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card