-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathASA.txt
102 lines (83 loc) · 2.59 KB
/
ASA.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
********
* ASA *
********
---------DHCP--------
dhcpd dns 8.8.8.8
dhcpd address 172.18.4.2-172.18.4.10 inside
dhcpd option 150 ip 172.18.4.1 interface inside
dhcpd enable inside
---------Access-Lists--------
# Objects & Access-Lists
object network HTTP
host 172.17.4.254
object network dmz
subnet 172.17.4.0 255.255.255.0
object network HTTPS
host 172.17.4.254
object network dmz1
subnet 172.17.4.0 255.255.255.0
object network inside
subnet 172.16.0.0 255.240.0.0
object network inside1
subnet 172.16.0.0 255.240.0.0
access-list INTERNET extended permit icmp any any echo-reply
access-list INTERNET extended permit udp any eq domain any
access-list INTERNET extended permit tcp any eq www any
access-list INTERNET extended permit tcp any eq https any
access-list INTERNET extended permit tcp any any eq www
access-list INTERNET extended permit tcp any any eq https
access-list INTERNET extended permit icmp any any
access-list DMZ extended permit ip any 172.17.4.0 255.255.255.0
access-list DMZ extended permit tcp any eq www any
access-list DMZ extended permit tcp any any eq www
access-list DMZ extended permit udp any any eq domain
access-list DMZ extended permit icmp any any
access-list DMZ extended permit tcp any any eq https
access-list DMZ extended permit tcp any eq https any
access-list OUTSIDE extended permit icmp any any
access-list OUTSIDE extended permit ip any any
# Objects & Access-groups
object network HTTP
nat (dmz,outside1) static 1.4.0.2
object network dmz
nat (dmz,outside1) dynamic interface
object network HTTPS
nat (dmz,outside2) static 1.4.0.2
object network dmz1
nat (dmz,outside2) dynamic interface
object network inside
nat (inside1,outside1) dynamic interface
object network inside1
nat (inside2,outside1) dynamic interface
access-group DMZ in interface dmz
access-group OUTSIDE out interface inside
access-group INTERNET in interface outside
---------Interfaces--------
interface GigabitEthernet1/1
bridge-group 1
nameif outside1
security-level 0
interface GigabitEthernet1/2
bridge-group 2
nameif inside1
security-level 100
interface GigabitEthernet1/3
bridge-group 2
nameif inside2
security-level 100
interface GigabitEthernet1/4
nameif dmz
security-level 50
ip address 172.17.4.1 255.255.255.0
interface GigabitEthernet1/5
bridge-group 1
nameif outside2
security-level 0
interface BVI1
nameif inside
security-level 100
ip address 172.18.4.1 255.255.255.0
interface BVI2
nameif outside
security-level 0
ip address 172.16.4.1 255.255.255.0