Scribd Logo
Upload

Welcome to Scribd!

  • 191 views

    Nouveau Document Texte

    Uploaded by

    test test
    This document contains the configuration output of an ASA firewall device with the hostname "fw1". It has interfaces configured for an outside, inside, and three DMZ networks. Access control lists and NAT rules are configured to allow traffic between the networks and protect the internal network. An IPSec VPN tunnel is also configured between this device and another organization.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd

    Nouveau Document Texte

    Uploaded by

    test test
    191 views9 pages
    This document contains the configuration output of an ASA firewall device with the hostname "fw1". It has interfaces configured for an outside, inside, and three DMZ networks. Access control lists and NAT rules are configured to allow traffic between the networks and protect the internal network. An IPSec VPN tunnel is also configured between this device and another organization.

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    This document contains the configuration output of an ASA firewall device with the hostname "fw1". It has interfaces configured for an outside, inside, and three DMZ networks. Access control lists and NAT rules are configured to allow traffic between the networks and protect the internal network. An IPSec VPN tunnel is also configured between this device and another organization.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Download as txt, pdf, or txt
    191 views9 pages

    Nouveau Document Texte

    Uploaded by

    test test
    This document contains the configuration output of an ASA firewall device with the hostname "fw1". It has interfaces configured for an outside, inside, and three DMZ networks. Access control lists and NAT rules are configured to allow traffic between the networks and protect the internal network. An IPSec VPN tunnel is also configured between this device and another organization.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Download as txt, pdf, or txt
    of 9

    fw1# sh run

    : Saved

    :
    : Serial Number: FCH24197CXT
    : Hardware: ASA5525, 8192 MB RAM, CPU Lynnfield 2394 MHz, 1 CPU (4 cores)
    :
    ASA Version 9.8(2)
    !
    hostname fw1
    domain-name wapis.sn
    enable password $sha512$5000$G9l3TC3UrNcElAXD+nsE6g==$P9YLnRnj1l43LYT00UubeQ==
    pbkdf2
    passwd ZMoqb1HT6VSDRzmN encrypted
    names
    name 193.22.7.132 INTERPOL-IPSG-DC1
    name 185.73.252.152 INTERPOL-IGCI-DC3
    ip local pool ANYCONNECT-VPN-POOL 172.18.1.1-172.18.1.50 mask 255.255.255.0

    !
    interface GigabitEthernet0/0
    description *** Public internet
    nameif outside
    security-level 0
    ip address 41.214.10.106 255.255.255.252
    !
    interface GigabitEthernet0/1
    description *** LAN for users
    nameif inside
    security-level 100
    ip address 10.10.1.1 255.255.255.0 standby 10.10.1.253
    !
    interface GigabitEthernet0/2
    description *** Trunk interface DMZ
    no nameif
    no security-level
    no ip address
    !
    interface GigabitEthernet0/2.20
    vlan 20
    nameif dmz_web
    security-level 80
    ip address 172.16.11.1 255.255.255.0 standby 172.16.11.253
    !
    interface GigabitEthernet0/2.30
    vlan 30
    nameif dmz_db
    security-level 80
    ip address 172.16.12.1 255.255.255.0 standby 172.16.12.253
    !
    interface GigabitEthernet0/2.40
    vlan 40
    nameif dmz_mgt
    security-level 80
    ip address 172.16.1.1 255.255.255.0 standby 172.16.1.253
    !
    interface GigabitEthernet0/3
    shutdown
    no nameif
    no security-level
    no ip address
    !
    interface GigabitEthernet0/4
    no nameif
    no security-level
    no ip address
    !
    interface GigabitEthernet0/5
    no nameif
    no security-level
    no ip address
    !
    interface GigabitEthernet0/6
    no nameif
    no security-level
    no ip address
    !
    interface GigabitEthernet0/7
    description LAN/STATE Failover Interface
    !
    interface Management0/0
    management-only
    nameif management
    security-level 100
    ip address 192.168.1.1 255.255.255.0
    !
    boot system disk0:/asa982-smp-k8.bin
    ftp mode passive
    dns server-group DefaultDNS
    domain-name wapis.sn
    same-security-traffic permit inter-interface
    object network WEB11
    host 172.16.11.11
    object network WEB12
    host 172.16.11.12
    object network DB11
    host 172.16.12.21
    object network DB12
    host 172.16.12.22
    object network MGT11
    host 172.16.1.31
    object network MGT12
    host 172.16.1.32
    object network ADM_STATION
    host 10.10.1.2
    object network ADM_WORKSTATION
    host 172.16.1.8
    object network obj_172.16.11.0
    subnet 172.16.11.0 255.255.255.0
    description WAPIS LOCAL IP
    object network obj_172.18.1.0
    subnet 172.18.1.0 255.255.255.0
    description WAPIS REMOTE IP
    object network obj_172.16.1.0
    object network FH1
    host 172.17.40.102
    object network FH2
    host 172.17.40.103
    object-group network WEB_SERVERS
    network-object object WEB11
    network-object object WEB12
    object-group network DB_SERVERS
    network-object object DB11
    network-object object DB12
    object-group network MGT_SERVERS
    network-object object MGT11
    network-object object MGT12
    object-group network LAN_USERS
    network-object 10.10.1.0 255.255.255.0
    object-group network remote-network
    network-object 192.168.2.0 255.255.255.0
    object-group network FH
    object-group network INTERPOL-DC
    network-object 10.1.1.0 255.255.255.0
    object-group network LAN4NAT
    network-object 10.8.175.0 255.255.255.224
    object-group network dmz_web
    network-object 172.16.11.0 255.255.255.0
    access-list inside extended permit tcp object ADM_STATION any
    access-list inside extended permit udp object-group LAN_USERS object-group
    MGT_SERVERS eq domain
    access-list inside extended permit tcp object-group LAN_USERS object-group
    MGT_SERVERS eq www
    access-list inside extended permit tcp object-group LAN_USERS object-group
    MGT_SERVERS eq https
    access-list inside extended permit tcp object-group LAN_USERS object-group
    WEB_SERVERS eq www
    access-list inside extended permit tcp object-group LAN_USERS object-group
    WEB_SERVERS eq https
    access-list inside extended permit udp object-group LAN_USERS object-group
    DB_SERVERS eq 3306
    access-list inside extended permit tcp object-group LAN_USERS object-group
    DB_SERVERS eq 3306
    access-list inside extended permit icmp any any
    access-list inside extended permit ip any any
    access-list inside extended permit icmp any any echo
    access-list dmz_web extended permit tcp object ADM_STATION any eq ssh
    access-list dmz_web extended permit tcp object ADM_STATION any eq 8022
    access-list dmz_web extended permit icmp any any
    access-list dmz_web extended permit tcp object-group WEB_SERVERS object-group
    MGT_SERVERS eq domain
    access-list dmz_web extended permit tcp object-group WEB_SERVERS object-group
    DB_SERVERS eq 3306
    access-list dmz_web extended deny ip any any log notifications
    access-list dmz_db extended permit tcp object ADM_STATION any eq ssh
    access-list dmz_db extended permit tcp object-group DB_SERVERS object-group
    MGT_SERVERS eq domain
    access-list dmz_db extended permit icmp any any
    access-list dmz_db extended permit ip any any
    access-list dmz_mgt extended permit tcp object ADM_STATION any eq ssh
    access-list dmz_mgt extended permit tcp object-group MGT_SERVERS object-group
    DB_SERVERS eq 3306
    access-list dmz_mgt extended permit tcp object-group MGT_SERVERS object-group
    MGT_SERVERS eq www
    access-list dmz_mgt extended permit icmp any any
    access-list dmz_mgt extended permit ip any any
    access-list outside extended permit tcp any host 172.16.1.31
    access-list outside extended permit tcp any any eq ssh
    access-list outside extended permit esp any any
    access-list outside extended permit udp any any eq isakmp
    access-list outside extended permit icmp any any
    access-list outside extended permit icmp any any echo
    access-list outside extended permit tcp any host 41.214.10.106 eq ssh
    access-list outside extended permit tcp any any
    access-list IPSec_Traffic extended permit ip object-group LAN_USERS object-group
    remote-network
    access-list ANYCONNECT-VPN-ACL standard permit 172.16.11.0 255.255.255.0
    access-list INTERPOL-IPSG extended permit ip object-group LAN4NAT object-group
    INTERPOL-DC
    pager lines 24
    logging enable
    logging timestamp
    logging buffered notifications
    logging asdm informational
    mtu outside 1500
    mtu inside 1500
    mtu dmz_web 1500
    mtu dmz_db 1500
    mtu dmz_mgt 1500
    mtu management 1500
    failover
    failover lan unit primary
    failover lan interface failover GigabitEthernet0/7
    failover polltime unit 1 holdtime 3
    failover key *****
    failover link failover GigabitEthernet0/7
    failover interface ip failover 172.16.255.1 255.255.255.248 standby 172.16.255.2
    icmp unreachable rate-limit 1 burst-size 1
    asdm image disk0:/asdm-782.bin
    no asdm history enable
    arp timeout 14400
    no arp permit-nonconnected
    arp rate-limit 16384
    nat (dmz_web,outside) source static obj_172.16.11.0 obj_172.16.11.0 destination
    static obj_172.18.1.0 obj_172.18.1.0 no-proxy-arp route-lookup
    nat (dmz_web,outside) source static dmz_web LAN4NAT destination static INTERPOL-DC
    INTERPOL-DC
    access-group outside in interface outside
    access-group inside in interface inside
    access-group dmz_web in interface dmz_web
    access-group dmz_db in interface dmz_db
    access-group dmz_mgt in interface dmz_mgt
    router rip
    network 10.0.0.0
    network 192.168.200.0
    version 2
    no auto-summary
    !
    route outside 0.0.0.0 0.0.0.0 41.214.10.105 1
    timeout xlate 3:00:00
    timeout pat-xlate 0:00:30
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    timeout floating-conn 0:00:00
    timeout conn-holddown 0:00:15
    timeout igp stale-route 0:01:10
    user-identity default-domain LOCAL
    aaa authentication ssh console LOCAL
    aaa authentication login-history
    http server enable
    http 192.168.1.0 255.255.255.0 management
    snmp-server host dmz_mgt 172.16.1.31 community *****
    no snmp-server location
    no snmp-server contact
    snmp-server community *****
    snmp-server enable traps syslog
    crypto ipsec ikev1 transform-set TSET esp-3des esp-md5-hmac
    crypto ipsec ikev1 transform-set TS-WAPIS esp-aes-256 esp-sha-hmac
    crypto ipsec ikev2 ipsec-proposal AES256-CBCmode-INTERPOL-DCx
    protocol esp encryption aes-256 aes
    protocol esp integrity sha-256
    crypto ipsec security-association pmtu-aging infinite
    crypto dynamic-map DYNAMIC-CRYPTO-MAP 65535 set ikev1 transform-set TS-WAPIS
    crypto dynamic-map DYNAMIC-CRYPTO-MAP 65535 set reverse-route
    crypto map CRYPTO-VPN-MAP 100 match address INTERPOL-IPSG
    crypto map CRYPTO-VPN-MAP 100 set pfs group20
    crypto map CRYPTO-VPN-MAP 100 set peer INTERPOL-IPSG-DC1 INTERPOL-IGCI-DC3
    crypto map CRYPTO-VPN-MAP 100 set ikev2 ipsec-proposal AES256-CBCmode-INTERPOL-DCx
    crypto map CRYPTO-VPN-MAP 100 set security-association lifetime seconds 3600
    crypto map CRYPTO-VPN-MAP 100 set reverse-route dynamic
    crypto map CRYPTO-VPN-MAP 65535 ipsec-isakmp dynamic DYNAMIC-CRYPTO-MAP
    crypto map CRYPTO-VPN-MAP interface outside
    crypto ca trustpoint _SmartCallHome_ServerCA
    no validation-usage
    crl configure
    crypto ca trustpoint ANYCONNECT-VPN-TRUSTPOINT
    enrollment self
    fqdn vpn.wapis.sn
    subject-name CN=vpn.wapis.sn
    keypair ANYCONNECT-VPN-KEY
    crl configure
    crypto ca trustpool policy
    crypto ca certificate chain _SmartCallHome_ServerCA
    certificate ca 513fb9743870b73440418d30930699ff
    30820538 30820420 a0030201 02021051 3fb97438 70b73440 418d3093 0699ff30
    0d06092a 864886f7 0d01010b 05003081 ca310b30 09060355 04061302 55533117
    30150603 55040a13 0e566572 69536967 6e2c2049 6e632e31 1f301d06 0355040b
    13165665 72695369 676e2054 72757374 204e6574 776f726b 313a3038 06035504
    0b133128 63292032 30303620 56657269 5369676e 2c20496e 632e202d 20466f72
    20617574 686f7269 7a656420 75736520 6f6e6c79 31453043 06035504 03133c56
    65726953 69676e20 436c6173 73203320 5075626c 69632050 72696d61 72792043
    65727469 66696361 74696f6e 20417574 686f7269 7479202d 20473530 1e170d31
    33313033 31303030 3030305a 170d3233 31303330 32333539 35395a30 7e310b30
    09060355 04061302 5553311d 301b0603 55040a13 1453796d 616e7465 6320436f
    72706f72 6174696f 6e311f30 1d060355 040b1316 53796d61 6e746563 20547275
    7374204e 6574776f 726b312f 302d0603 55040313 2653796d 616e7465 6320436c
    61737320 33205365 63757265 20536572 76657220 4341202d 20473430 82012230
    0d06092a 864886f7 0d010101 05000382 010f0030 82010a02 82010100 b2d805ca
    1c742db5 175639c5 4a520996 e84bd80c f1689f9a 422862c3 a530537e 5511825b
    037a0d2f e17904c9 b4967719 81019459 f9bcf77a 9927822d b783dd5a 277fb203
    7a9c5325 e9481f46 4fc89d29 f8be7956 f6f7fdd9 3a68da8b 4b823341 12c3c83c
    ccd6967a 84211a22 04032717 8b1c6861 930f0e51 80331db4 b5ceeb7e d062acee
    b37b0174 ef6935eb cad53da9 ee9798ca 8daa440e 25994a15 96a4ce6d 02541f2a
    6a26e206 3a6348ac b44cd175 9350ff13 2fd6dae1 c618f59f c9255df3 003ade26
    4db42909 cd0f3d23 6f164a81 16fbf283 10c3b8d6 d855323d f1bd0fbd 8c52954a
    16977a52 2163752f 16f9c466 bef5b509 d8ff2700 cd447c6f 4b3fb0f7 02030100
    01a38201 63308201 5f301206 03551d13 0101ff04 08300601 01ff0201 00303006
    03551d1f 04293027 3025a023 a021861f 68747470 3a2f2f73 312e7379 6d63622e
    636f6d2f 70636133 2d67352e 63726c30 0e060355 1d0f0101 ff040403 02010630
    2f06082b 06010505 07010104 23302130 1f06082b 06010505 07300186 13687474
    703a2f2f 73322e73 796d6362 2e636f6d 306b0603 551d2004 64306230 60060a60
    86480186 f8450107 36305230 2606082b 06010505 07020116 1a687474 703a2f2f
    7777772e 73796d61 7574682e 636f6d2f 63707330 2806082b 06010505 07020230
    1c1a1a68 7474703a 2f2f7777 772e7379 6d617574 682e636f 6d2f7270 61302906
    03551d11 04223020 a41e301c 311a3018 06035504 03131153 796d616e 74656350
    4b492d31 2d353334 301d0603 551d0e04 1604145f 60cf6190 55df8443 148a602a
    b2f57af4 4318ef30 1f060355 1d230418 30168014 7fd365a7 c2ddecbb f03009f3
    4339fa02 af333133 300d0609 2a864886 f70d0101 0b050003 82010100 5e945649
    dd8e2d65 f5c13651 b603e3da 9e7319f2 1f59ab58 7e6c2605 2cfa81d7 5c231722
    2c3793f7 86ec85e6 b0a3fd1f e232a845 6fe1d9fb b9afd270 a0324265 bf84fe16
    2a8f3fc5 a6d6a393 7d43e974 21913528 f463e92e edf7f55c 7f4b9ab5 20e90abd
    e045100c 14949a5d a5e34b91 e8249b46 4065f422 72cd99f8 8811f5f3 7fe63382
    e6a8c57e fed008e2 25580871 68e6cda2 e614de4e 52242dfd e5791353 e75e2f2d
    4d1b6d40 15522bf7 87897812 816ed94d aa2d78d4 c22c3d08 5f87919e 1f0eb0de
    30526486 89aa9d66 9c0e760c 80f274d8 2af8b83a ced7d60f 11be6bab 14f5bd41
    a0226389 f1ba0f6f 2963662d 3fac8c72 c5fbc7e4 d40ff23b 4f8c29c7
    quit
    crypto ca certificate chain ANYCONNECT-VPN-TRUSTPOINT
    certificate 13c22364
    308202e4 308201cc a0030201 02020413 c2236430 0d06092a 864886f7 0d01010b
    05003034 31153013 06035504 03130c76 706e2e77 61706973 2e736e31 1b301906
    092a8648 86f70d01 0902160c 76706e2e 77617069 732e736e 301e170d 32333033
    32393037 35373533 5a170d33 33303332 36303735 3735335a 30343115 30130603
    55040313 0c76706e 2e776170 69732e73 6e311b30 1906092a 864886f7 0d010902
    160c7670 6e2e7761 7069732e 736e3082 0122300d 06092a86 4886f70d 01010105
    00038201 0f003082 010a0282 010100a7 ae9ad4a1 478f896a 64a1b816 7b17d778
    0626da66 5bfb712e 847d42fc 5eb411c4 189c462d fe260d0e fed767b1 9a08ee30
    49cfc831 d89cf35d 3d08dfda ac585b2e d1100fe2 516b76b2 fd4aa0d8 24d996a4
    b218f009 0912421e 4ab3702d 040cb043 32c786f8 f7f47170 feccda2a 9606bfec
    709163f2 994f30d1 907e6ae1 783ddd61 6af61ac7 a55a6f9d 23bd35f1 92244746
    32177ab3 e0a53ac0 1249dc45 0f86f4b8 f1b203df 657b7115 217bd64e d1915c66
    e7d3824c cedbbe99 cb1317ff a742209e 6392d2bb 34b0d970 ba0294c0 4fa643e1
    97b30714 3c85c0f3 7a846116 bd89513f 4320bd03 040db52b 7d5a6b7e b59c4a8d
    11fd8cc6 35e9fde8 83f55134 43356b02 03010001 300d0609 2a864886 f70d0101
    0b050003 82010100 6cd82ec3 a3e218f6 a9320783 96c3862f 108a3d7d 0e1782ee
    3e6a8831 da2421c3 f9a19dfb 1f502934 c3aa00be 40550ea9 11ad7714 7f729393
    a5231f95 c5182cbd ac362410 6fbcf078 ff1617e7 cfabea36 0fef5945 785551ee
    49765e4c 3352b67e 595450e6 fbf50a09 9f045c04 e7a80aa0 58358e7e 0986251b
    62e8fdb3 7cce4a35 73a49064 f46adda3 3b9adaef 36673be2 37b5b5f1 72be721c
    8cf3fcdd d17e0aed 011fda25 0e4646d8 58924759 f5f1d952 aa7b99e7 f7cb5df7
    a6fd1f82 c772eeb7 8e8c9339 31b726dc a61a930d e0f1870f 0e8b08ac cba2cb41
    92dcfff6 4faa5110 0c92440f 11969951 1a33bba7 62783a67 a0c5e907 347bdc89
    5981e559 eb0da17e
    quit
    crypto ikev2 policy 155
    encryption aes-256
    integrity sha256
    group 20
    prf sha256
    lifetime seconds 86400
    crypto ikev2 enable outside
    crypto ikev1 enable outside
    crypto ikev1 policy 10
    authentication pre-share
    encryption 3des
    hash md5
    group 2
    lifetime 86400
    crypto ikev1 policy 65535
    authentication pre-share
    encryption aes-256
    hash sha
    group 5
    lifetime 86400
    telnet timeout 5
    ssh stricthostkeycheck
    ssh 105.235.123.56 255.255.255.248 outside
    ssh 0.0.0.0 0.0.0.0 outside
    ssh 10.10.1.2 255.255.255.255 inside
    ssh 172.16.1.8 255.255.255.255 dmz_mgt
    ssh 0.0.0.0 0.0.0.0 dmz_mgt
    ssh timeout 60
    ssh key-exchange group dh-group1-sha1
    console timeout 0
    management-access inside
    dhcpd dns 172.16.1.31
    dhcpd domain sipao.sn
    !
    dhcpd address 192.168.1.2-192.168.1.254 management
    dhcpd enable management
    !
    threat-detection basic-threat
    threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    ssl cipher default low
    ssl cipher tlsv1 low
    ssl cipher tlsv1.1 low
    ssl cipher tlsv1.2 low
    ssl cipher dtlsv1 low
    ssl trust-point ANYCONNECT-VPN-TRUSTPOINT
    ssl trust-point ANYCONNECT-VPN-TRUSTPOINT outside
    webvpn
    port 50443
    enable outside
    anyconnect image disk0:/anyconnect-win-4.10.06090-webdeploy-k9.pkg 1
    anyconnect enable
    tunnel-group-list enable
    cache
    disable
    error-recovery disable
    group-policy GroupPolicy2 internal
    group-policy GroupPolicy2 attributes
    vpn-tunnel-protocol ikev2
    group-policy GRP-ANYCONNECT-VPN internal
    group-policy GRP-ANYCONNECT-VPN attributes
    wins-server none
    dns-server value 8.8.8.8 8.8.4.4
    vpn-tunnel-protocol ssl-client ssl-clientless
    split-tunnel-policy tunnelspecified
    split-tunnel-network-list value ANYCONNECT-VPN-ACL
    default-domain value wapis.sn
    dynamic-access-policy-record DfltAccessPolicy
    username wapis password
    $sha512$5000$wDBhyOfwcARxR2+ADQ8O0Q==$n/MIUav8zI27tFkJdw+suQ== pbkdf2
    username polgend password
    $sha512$5000$FpNilk+eMKiVq1CNvIZ3Uw==$SbP3Air1l8ATjoE+QlapUw== pbkdf2
    username policegend password
    $sha512$5000$tTc7P2Jt0kBeEylMFMRvHA==$7JqHiytJWUp6U1q3Dg8mUQ== pbkdf2
    tunnel-group DefaultL2LGroup ipsec-attributes
    ikev1 pre-shared-key *****
    tunnel-group 192.168.200.1 type ipsec-l2l
    tunnel-group 192.168.200.1 ipsec-attributes
    ikev1 pre-shared-key *****
    tunnel-group TNG-ANYCONNECT-VPN type remote-access
    tunnel-group TNG-ANYCONNECT-VPN general-attributes
    address-pool ANYCONNECT-VPN-POOL
    default-group-policy GRP-ANYCONNECT-VPN
    tunnel-group TNG-ANYCONNECT-VPN webvpn-attributes
    group-alias [WAPIS-ANYCONNECT-VPN] enable
    tunnel-group 193.22.7.132 type ipsec-l2l
    tunnel-group 193.22.7.132 general-attributes
    default-group-policy GroupPolicy2
    tunnel-group 193.22.7.132 ipsec-attributes
    isakmp keepalive threshold 10 retry 10
    ikev2 remote-authentication pre-shared-key *****
    ikev2 local-authentication pre-shared-key *****
    tunnel-group 185.73.252.152 type ipsec-l2l
    tunnel-group 185.73.252.152 general-attributes
    default-group-policy GroupPolicy2
    tunnel-group 185.73.252.152 ipsec-attributes
    isakmp keepalive threshold 10 retry 10
    ikev2 remote-authentication pre-shared-key *****
    ikev2 local-authentication pre-shared-key *****
    !
    class-map inspection_default
    match default-inspection-traffic
    !
    !
    policy-map type inspect dns preset_dns_map
    parameters
    message-length maximum client auto
    message-length maximum 512
    no tcp-inspection
    policy-map global_policy
    class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny
    inspect sunrpc
    inspect xdmcp
    inspect sip
    inspect netbios
    inspect tftp
    inspect ip-options
    inspect icmp
    !
    service-policy global_policy global
    prompt hostname context
    call-home reporting anonymous
    Cryptochecksum:625416d81caee9f6a158932853fac9d0
    : end

    You might also like