Config

The document contains the running configurations of three network devices: an ASA firewall (ASA-5505) and two routers (R1 and R3). It details interface settings, IP addresses, access control lists, and VPN configurations. The configurations indicate a network setup involving multiple subnets and security policies for traffic management.

Uploaded by

Muhammad Shehab

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as TXT, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

5 views16 pages

Config

Uploaded by

Muhammad Shehab

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as TXT, PDF, TXT or read online on Scribd

You are on page 1/ 16

ASA-5506#show run

: Saved
:
ASA Version 9.6(1)
!
hostname ASA-5505
names
!
interface GigabitEthernet1/1
nameif outside
security-level 0
ip address 209.165.200.226 255.255.255.248
!
interface GigabitEthernet1/2
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface GigabitEthernet1/3
nameif dmz
security-level 50
ip address 192.168.2.1 255.255.255.0
!
interface GigabitEthernet1/4
no nameif
no security-level
no ip address
shutdown
!
interface GigabitEthernet1/5
no nameif
no security-level
no ip address
shutdown
!
interface GigabitEthernet1/6
no nameif
no security-level
no ip address
shutdown
!
interface GigabitEthernet1/7
no nameif
no security-level
no ip address
shutdown
!
interface GigabitEthernet1/8
no nameif
no security-level
no ip address
shutdown
!
interface Management1/1
management-only
no nameif
no security-level
no ip address
shutdown
!
object network obj-dmz
subnet 192.168.2.0 255.255.255.0
object network obj-inside
subnet 192.168.1.0 255.255.255.0
object network obj-local
subnet 192.168.1.0 255.255.255.0
object network obj-remote
subnet 172.16.3.0 255.255.255.0
!
route outside 172.16.3.0 255.255.255.0 209.165.200.225 1
!
access-list ICMP_ACL extended permit icmp any any
access-list outside_access_in extended permit udp any any eq isakmp
access-list outside_access_in extended permit udp any any eq non500-isakmp
access-list outside_access_in extended permit ip 192.168.2.0 255.255.255.0
172.16.3.0 255.255.255.0
access-list outside_access_in extended permit ip 172.16.3.0 255.255.255.0
192.168.2.0 255.255.255.0
!
!
access-group ICMP_ACL in interface inside
access-group ICMP_ACL in interface dmz
access-group outside_access_in in interface outside
!
!
class-map inspection_default
match default-inspection-traffic
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect tftp
!
service-policy global_policy global
!
telnet timeout 5
ssh timeout 5
!
!
!

R1>en
R1#
R1#show run
Building configuration...

Current configuration : 1144 bytes

!
version 15.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname R1
!
!
!
!
!
!
!
!
no ip cef
no ipv6 cef
!
!
!
!
crypto isakmp policy 10
encr aes
authentication pre-share
group 2
!
crypto isakmp key CCQvpn123 address 172.16.3.1
!
!
!
crypto ipsec transform-set VPN-SET esp-aes esp-sha-hmac
!
crypto map VPN-MAP 10 ipsec-isakmp
set peer 172.16.3.1
set transform-set VPN-SET
match address VPN-TRAFFIC
!
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface GigabitEthernet0/0/0
ip address 209.165.200.225 255.255.255.248
duplex auto
speed auto
crypto map VPN-MAP
!
interface GigabitEthernet0/0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/1/0
ip address 10.1.1.1 255.255.255.252
!
interface Serial0/1/1
no ip address
clock rate 2000000
shutdown
!
interface Vlan1
no ip address
shutdown
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.1.1.2
!
ip flow-export version 9
!
!
ip access-list extended VPN-TRAFFIC
permit ip 192.168.1.0 0.0.0.255 172.16.3.0 0.0.0.255
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
!
end

R3#
R3#show run
Building configuration...

Current configuration : 1250 bytes

!
version 15.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname R3
!
!
!
!
!
!
!
!
no ip cef
no ipv6 cef
!
!
!
!
crypto isakmp policy 10
encr aes
authentication pre-share
group 2
!
crypto isakmp key CCQvpn123 address 209.165.200.225
!
!
!
crypto ipsec transform-set VPN-SET esp-aes esp-sha-hmac
!
crypto map VPN-MAP 10 ipsec-isakmp
set peer 209.165.200.225
set transform-set VPN-SET
match address VPN-TRAFFIC
!
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface GigabitEthernet0/0/0
no ip address
duplex auto
speed auto
shutdown
!
interface GigabitEthernet0/0/1
ip address 172.16.3.1 255.255.255.0
duplex auto
speed auto
crypto map VPN-MAP
!
interface GigabitEthernet0/0/2
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/1/0
no ip address
clock rate 2000000
shutdown
!
interface Serial0/1/1
ip address 10.2.2.1 255.255.255.252
clock rate 2000000
!
interface Vlan1
no ip address
shutdown
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.2.2.2
!
ip flow-export version 9
!
!
ip access-list extended VPN-TRAFFIC
permit ip 172.16.3.0 0.0.0.255 192.168.1.0 0.0.0.255
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
!
end