Escolar Documentos
Profissional Documentos
Cultura Documentos
:
: Serial Number: JAD20330BTS
: Hardware: ASA5508, 8192 MB RAM, CPU Atom C2000 series 2000 MHz, 1
CPU (8 cores)
:
ASA Version 9.6(1)
!
hostname Plan-Inter
enable password O1j0rNNcSPRqkLbW encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface GigabitEthernet1/1
nameif inside
security-level 100
ip address 10.32.80.2 255.255.255.0
!
interface GigabitEthernet1/2
description Enlace hacia Internet
nameif outside
security-level 0
ip address 190.95.231.253 255.255.255.248
!
interface GigabitEthernet1/3
description Enlace hacia DMZ
nameif DMZ
security-level 100
ip address 10.32.82.1 255.255.255.0
!
interface GigabitEthernet1/4
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/5
nameif pruebas
security-level 60
ip address 172.16.10.1 255.255.255.0
!
interface GigabitEthernet1/6
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/7
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/8
shutdown
no nameif
no security-level
no ip address
!
interface Management1/1
management-only
no nameif
no security-level
no ip address
!
ftp mode passive
dns server-group DefaultDNS
name-server 8.8.8.8
same-security-traffic permit inter-interface
object network obj-10.32.81.0
subnet 10.32.81.0 255.255.255.0
object network obj-10.32.83.0
subnet 10.32.83.0 255.255.255.0
object network obj-10.32.84.0
subnet 10.32.84.0 255.255.255.0
object network obj-10.32.85.0
subnet 10.32.85.0 255.255.255.128
object network obj-10.32.85.128
subnet 10.32.85.128 255.255.255.192
object network obj-10.32.85.192
subnet 10.32.85.192 255.255.255.224
object network obj-10.32.85.224
dhcprelay timeout 60
dynamic-access-policy-record DfltAccessPolicy
username cisco password 3USUcOPFUiMCO4Jk encrypted
!
class-map cmap-https
match access-list https
class-map my-sfr-class
match access-list WEBSFR
class-map inspection_default
match default-inspection-traffic
class-map cmap-http
match access-list web
!
!
parameters
message-length maximum client auto
message-length maximum 512
policy-map type inspect scansafe http-pmap
parameters
http
policy-map pmap-webtraffic
class cmap-http
inspect scansafe http-pmap fail-close
class cmap-https
inspect scansafe https-pmap fail-close
!
service-policy global_policy global
prompt hostname context
call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
Plan-Inter# conf t
Plan-Inter(config)# Service-policy pmap-webtraffic interface inside
Plan-Inter(config)#
Plan-Inter(config)#
Plan-Inter(config)#
Plan-Inter#
Plan-Inter#
Plan-Inter#
Plan-Inter#
Plan-Inter# wr
Building configuration...
Cryptochecksum: c8344684 3eeff843 33568c5f cf30c486
:
: Serial Number: JAD20330BTS
: Hardware: ASA5508, 8192 MB RAM, CPU Atom C2000 series 2000 MHz, 1
CPU (8 cores)
:
ASA Version 9.6(1)
!
hostname Plan-Inter
enable password O1j0rNNcSPRqkLbW encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface GigabitEthernet1/1
nameif inside
security-level 100
ip address 10.32.80.2 255.255.255.0
!
interface GigabitEthernet1/2
description Enlace hacia Internet
nameif outside
security-level 0
ip address 190.95.231.253 255.255.255.248
!
interface GigabitEthernet1/3
description Enlace hacia DMZ
nameif DMZ
security-level 100
ip address 10.32.82.1 255.255.255.0
!
interface GigabitEthernet1/4
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/5
nameif pruebas
security-level 60
ip address 172.16.10.1 255.255.255.0
!
interface GigabitEthernet1/6
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/7
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/8
shutdown
no nameif
no security-level
no ip address
!
interface Management1/1
management-only
no nameif
no security-level
no ip address
!
ftp mode passive
dns server-group DefaultDNS
name-server 8.8.8.8
same-security-traffic permit inter-interface
object network obj-10.32.81.0
no failover
no monitor-interface service-module
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (inside,DMZ) source static expressin-server expressin-server destination
static obj-190.95.231.250 express-server
!
object network obj-10.32.81.0
nat (inside,outside) dynamic interface
object network obj-10.32.83.0
nat (inside,outside) dynamic interface
object network obj-10.32.84.0
nat (inside,outside) dynamic interface
object network obj-10.32.85.0
nat (inside,outside) dynamic interface
object network obj-10.32.85.128
nat (inside,outside) dynamic interface
object network obj-10.32.85.192
nat (inside,outside) dynamic interface
object network obj-10.32.85.224
nat (inside,outside) dynamic interface
object network obj-10.32.87.0
nat (inside,outside) dynamic interface
object network obj-10.32.87.128
nat (inside,outside) dynamic interface
object network obj-10.32.86.128
nat (inside,outside) dynamic interface
dhcprelay timeout 60
dynamic-access-policy-record DfltAccessPolicy
username cisco password 3USUcOPFUiMCO4Jk encrypted
!
class-map cmap-https
match access-list https
class-map my-sfr-class
match access-list WEBSFR
class-map inspection_default
match default-inspection-traffic
class-map cmap-http
match access-list web
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map type inspect scansafe https-pmap
parameters
https
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
class my-sfr-class
class class-default
user-statistics accounting
policy-map type inspect dns migrated_dns_map_1
parameters
message-length maximum client auto
message-length maximum 512
policy-map type inspect scansafe http-pmap
parameters
http
policy-map pmap-webtraffic
class cmap-http
inspect scansafe http-pmap fail-close
class cmap-https
inspect scansafe https-pmap fail-close
!
service-policy global_policy global
service-policy pmap-webtraffic interface inside
prompt hostname context
call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http
https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly 1
subscribe-to-alert-group configuration periodic monthly 1
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:c83446843eeff84333568c5fcf30c486
: end