pager lines 22
logging enable
logging console critical
logging monitor errors
logging buffered critical
logging trap errors
logging facility 16
logging host secure 172.26.31.142
logging permit-hostdown
mtu inside_data 1500
mtu web 1500
mtu secure 1500
mtu sprint 1500
mtu outside 1500
ip verify reverse-path interface inside_data
ip verify reverse-path interface web
ip verify reverse-path interface secure
ip verify reverse-path interface sprint
ip verify reverse-path interface outside
asdm image disk0:/asdm502.bin
no asdm history enable
arp outside {mac-outside interface} {hiding IP)
arp timeout 14400
global outside 1 {hiding ip} netmask 255.255.255.0
nat (inside_data) 0 access-list NONAT
nat (inside_voice) 0 access-list NONAT
nat (sprint) 0 access-list NONAT
nat (secure) 0 access-list NONAT
nat (inside_data) 1 access-list HIDING
route inside_data 172.26.25.0 255.255.255.0 172.26.24.5 1
route inside_data 172.26.22.0 255.255.255.0 172.26.24.5 1
route inside_data 172.26.16.0 255.255.255.0 172.26.24.5 1
route sprint 172.16.0.0 255.240.0.0 172.26.24.10 1
route sprint 10.0.0.0 255.0.0.0 172.26.24.10 1
route sprint 192.168.0.0 255.255.0.0 172.26.24.10 1

access-group POLICY in interface inside_data per-user-override
access-group POLICY in interface inside_voice
access-group POLICY in interface web
access-group POLICY in interface secure per-user-override
access-group POLICY in interface sprint per-user-override
access-group POLICY in interface outside

timeout xlate 3:00:00
timeout conn 2:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:10
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:00:00 absolute uauth 0:15:00 inactivity

virtual telnet 172.26.24.xx

auth-prompt prompt Please enter your username and password
auth-prompt accept Authentication succeeded.
auth-prompt reject Authentication failed. Try again.
telnet timeout 5
ssh scopy enable
ssh 172.22.161.0 255.255.255.0 sprint
ssh 172.26.16.0 255.255.255.0 inside_data
ssh 172.26.31.0 255.255.255.0 secure
ssh timeout 60
ssh version 2
console timeout 0
management-access inside_data
mangement-acccess sprint

class-map my-ips-class
match access-list IPS
class-map VoIP
match dscp cs3  ef
class-map inspection_default
match default-inspection-traffic
class-map mss-map
match access-list MSS-exceptions

policy-map global_policy
class inspection_default
  inspect ftp
  inspect h323 h225
  inspect rtsp
  inspect skinny
  inspect tftp
  inspect sip
  inspect icmp
  inspect ctiqbe
  inspect dns
  inspect http
class mss-map
  set connection advanced-options mss
class my-ips-class
  ips promiscuous fail-open
policy-map qos
class VoIP
  priority
policy-map my-ips-policy
class my-ips-class
  ips promiscuous fail-open

service-policy global_policy global
  ntp server 202.108.158.139

rdca4fwep

==========================================================================
shafw01(config)# sh run
: Saved
:
ASA Version 7.0(4)
!
hostname shafw01
domain-name heraeus.com
enable password .68HJO4Qmg83HE2S encrypted
names
!
interface GigabitEthernet0/0
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/0.150
vlan 150
nameif inside_data
security-level 50
ip address 172.26.24.18 255.255.255.240
!
interface GigabitEthernet0/0.151
vlan 151
nameif inside_voice
security-level 50
ip address 10.48.8.1 255.255.255.0
!            
interface GigabitEthernet0/1
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/1.161
vlan 161
nameif web
security-level 50
ip address 172.26.30.1 255.255.255.0
!
interface GigabitEthernet0/1.163
vlan 163
nameif secure
security-level 50
ip address 172.26.31.1 255.255.255.0
!
interface GigabitEthernet0/2
description LAN/STATE Failover interface for futer!
shutdown
no nameif
no security-level
no ip address
!            
interface GigabitEthernet0/3
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/3.154
vlan 154
nameif sprint
security-level 50
ip address 172.26.24.9 255.255.255.0
!
interface Management0/0
nameif outside
security-level 50
ip address 222.66.83.18 255.255.255.240
!
passwd 2KFQnbNIdI.2KYOU encrypted
boot system disk0:/0
boot system disk0:/asa704-k8.bin
ftp mode passive
clock timezone cet 8
dns domain-lookup inside_data
dns name-server 172.26.16.17
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group icmp-type icmp_echo_request
icmp-object echo
object-group icmp-type icmp_echo_reply
object-group network h_china_ntpserver
network-object host 202.108.158.139
object-group network h_auth42
network-object host 172.26.31.42
network-object host 172.26.24.19
object-group network N_RFC1918
network-object 10.0.0.0 255.0.0.0
network-object 172.16.0.0 255.240.0.0
network-object 192.168.0.0 255.255.0.0
object-group network n_VLAN108_16
network-object 172.26.16.0 255.255.255.0
object-group network n_VLAN105_22
network-object 172.26.22.0 255.255.255.0
object-group network n_VLAN106_25
network-object 172.26.25.0 255.255.255.0
object-group network n_VLAN163_31
network-object 172.26.31.0 255.255.255.0
object-group network n_VLAN108_18
network-object 172.26.18.0 255.255.255.0
object-group network N_RDCA_S_C
group-object n_VLAN108_18
group-object n_VLAN108_16
group-object n_VLAN105_22
object-group service tcp_http tcp
port-object eq www
object-group service tcp_https tcp
port-object eq https
object-group service tcp_telnet tcp
port-object eq telnet
object-group service TCP_client_auth tcp
group-object tcp_http
group-object tcp_https
group-object tcp_telnet
object-group service tcp_http_8080 tcp
port-object eq 8080
object-group service tcp_ftp tcp
port-object eq ftp
object-group service tcp_ntp tcp
port-object eq 123
object-group service udp_ntp udp
port-object eq ntp
object-group service tcp_smtp tcp
port-object eq smtp
object-group service tcp_ssh tcp
port-object eq ssh
object-group network H_auth
group-object h_auth42
object-group network H_ntp_servers
group-object h_china_ntpserver
object-group service TCP_webservice tcp
group-object tcp_http
group-object tcp_https
access-list HIDING extended permit ip object-group N_RFC1918 any
access-list HIDING remark # this is a nat rule, only permit''s are allowed
access-list NONAT extended permit ip object-group N_RFC1918 object-group N_RFC1918
access-list POLICY remark # counterpart of trigger rule
access-list POLICY extended permit tcp any object-group H_auth object-group TCP_client_auth
access-list POLICY remark # # ntp
access-list POLICY extended permit tcp any object-group H_ntp_servers object-group tcp_ntp
access-list POLICY extended permit udp any object-group H_ntp_servers object-group udp_ntp
access-list POLICY remark # RDCA-webbrowsing rule
access-list POLICY extended permit tcp object-group N_RDCA_S_C any object-group TCP_webservice log
access-list POLICY remark # All Internal Network is allowed
access-list POLICY remark # All Internal Network Traffic is allowed
access-list POLICY extended permit ip object-group N_RFC1918 object-group N_RFC1918 log
access-list POLICY extended deny ip any any log
access-list IPS extended permit ip any any
pager lines 24
logging enable
logging buffer-size 10000
logging console critical
logging monitor errors
logging buffered errors
logging trap errors
logging facility 16
logging host secure 172.26.31.142
logging permit-hostdown
mtu inside_data 1500
mtu inside_voice 1500
mtu web 1500
mtu secure 1500
mtu sprint 1500
mtu outside 1500
ip verify reverse-path interface inside_data
ip verify reverse-path interface web
ip verify reverse-path interface secure
ip verify reverse-path interface sprint
ip verify reverse-path interface outside