access-list global_access remark HTTP and HTTPS to IT Web Server
access-list global_access extended permit tcp any4 object Research_Web_Server object-
group DM_INLINE_TCP_4
access-list outside_access_in remark Permit Mgmt Traffic from MgmtRange to SR VLANs
access-list outside_access_in extended permit object-group Mgmt-Traffic object IT_
Management_Host_Range object-group DM_INLINE_NETWORK_1
access-list SRVLAN155_mpc extended permit ip any4 any4
pager lines 24
logging enable
logging buffered informational
mtu SRVLAN154 1500
mtu SRVLAN155 1500
mtu outside 1500
mtu IPS-mgmt 1500
failover
failover lan unit primary
failover lan unit secondary
Appendix B: Configuration Examples
August 2014 Series
74
failover lan interface failover GigabitEthernet0/2
failover polltime unit msec 200 holdtime msec 800
failover polltime interface msec 500 holdtime 5
failover key *****
failover replication http
failover link failover GigabitEthernet0/2
failover interface ip failover 10.5.26.130 255.255.255.252 standby 10.5.26.129
monitor-interface SRVLAN154
monitor-interface SRVLAN155
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-716.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
access-group outside_access_in in interface outside
access-group global_access global
route outside 0.0.0.0 0.0.0.0 10.5.26.1 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server AAA-SERVER protocol tacacs+
aaa-server AAA-SERVER (outside) host 10.4.48.15
key *****
user-identity default-domain LOCAL
aaa authentication enable console AAA-SERVER LOCAL
aaa authentication ssh console AAA-SERVER LOCAL
aaa authentication http console AAA-SERVER LOCAL
aaa authentication serial console AAA-SERVER LOCAL
aaa authorization exec authentication-server
http server enable
http 10.4.48.0 255.255.255.0 outside
snmp-server host outside 10.4.48.35 community *****
no snmp-server location
no snmp-server contact
snmp-server community *****
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
sysopt noproxyarp SRVLAN154
sysopt noproxyarp SRVLAN155
sysopt noproxyarp outside
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
Appendix B: Configuration Examples
August 2014 Series
75
telnet timeout 5
ssh stricthostkeycheck
ssh 10.4.48.0 255.255.255.0 outside
ssh timeout 5
ssh version 2
ssh key-exchange group dh-group1-sha1
console timeout 0
!
tls-proxy maximum-session 1000
!
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 10.4.48.17
ssl encryption aes256-sha1 aes128-sha1 3des-sha1
webvpn
anyconnect-essentials
username admin password <removed> encrypted privilege 15
!
You've reached the end of your free preview.
Want to read all 84 pages?
- Spring '17
