: ASA Version 8.4(2) ! hostname FIREWALL enable password ElIrdmi2a6v encrypted passwd 2KFQnIdI.2KU encrypted names ! interface GigabitEthernet0/0 description CONNECTION TO ISP TTCL ZTE SWITCH PORT04 nameif outside security-level 50 ip address 41.59.251.P 255.255.255.252 ! interface GigabitEthernet0/1 description CONNECTION TO IPS PORT 0/0 nameif inside security-level 50 ip address 10.10.10.1 255.255.255.252 ! interface GigabitEthernet0/2 description CONNECTION TO DMZ (MAIL SERVER) nameif dmz security-level 50 ip address 192.168.2.1 255.255.255.0 ! interface GigabitEthernet0/3 shutdown no nameif no security-level no ip address ! interface Management0/0 description CONNECTION TO CORE SWITCH PORT04 nameif management security-level 0 ip address 192.168.1.1 255.255.255.0 management-only ! ftp mode passive dns server-group DefaultDNS same-security-traffic permit inter-interface same-security-traffic permit intra-interface object network inside_hosts_172.17.0.0 subnet 172.17.0.0 255.255.0.0 object network AccessMail host 192.168.2.2 object network AccessHTTP host 192.168.2.3 object network MPLS_INTERNET subnet 10.0.0.0 255.0.0.0 object-group service DM_INLINE_TCP_1 tcp port-object eq pop3 port-object eq smtp access-list out_in extended permit tcp any host 41.59.253.W eq www access-list out_in extended permit tcp any host 41.59.253.W eq smtp access-list out_dmz extended permit tcp any host 192.168.2.3 eq WWW access-list out_in extended permit tcp any host 192.168.2.2 access-list out_in extended permit icmp any host 192.168.2.2 access-list out_in extended deny ip any any access-list inside_out extended permit udp host 172.17.18.42 any access-list inside_out extended permit ip host 172.17.18.41 any access-list inside_out extended permit ip host 172.17.18.40 any access-list inside_out extended permit ip host 172.17.18.39 any access-list inside_out extended permit ip host 172.17.18.38 any access-list inside_out extended permit ip host 172.17.18.37 any access-list inside_out extended permit ip host 172.17.18.36 any access-list inside_out extended permit tcp any any eq www access-list inside_out extended permit tcp any any eq https access-list inside_out extended permit tcp any any eq smtp access-list inside_out extended permit tcp any any eq pop3 access-list inside_out extended permit tcp host 172.17.18.42 any access-list inside_out extended permit udp any any eq domain access-list inside_out extended permit udp any any eq 953 access-list inside_out extended permit udp any any eq 22 access-list inside_out extended permit tcp any any eq ssh access-list inside_out extended permit icmp any any access-list inside_out extended permit tcp any any eq ftp access-list inside_out extended permit ip any any access-list inside_out extended permit ip any host 192.168.2.2 access-list inside_out extended deny ip any any access-list global_mpc extended permit tcp interface inside interface outside eq www access-list global_mpc extended permit ip any any access-list netflow-export extended permit ip any any access-list out_dmz extended permit tcp any host 192.168.2.2 eq www access-list out_dmz extended permit tcp any host 192.168.2.2 eq smtp access-list out_dmz extended permit tcp any host 41.59.253.W eq www access-list out_dmz extended permit tcp any host 41.59.253.W eq smtp access-list global_mpc_1 extended permit tcp any any object-group DM_INLINE_TCP_1 1 pager lines 24 logging enable logging asdm informational logging host inside 172.17.18.34 no logging message 106015 no logging message 313001 no logging message 313008 no logging message 106023 no logging message 710003 no logging message 106100 no logging message 302015 no logging message 302014 no logging message 302013 no logging message 302018 no logging message 302017 no logging message 302016 no logging message 302021 no logging message 302020 flow-export destination inside 172.16.18.34 2055 flow-export destination inside 172.17.18.34 2055 flow-export template timeout-rate 1 flow-export delay flow-create 60 mtu outside 1500 mtu inside 1500 mtu dmz 1500 mtu management 1500 no failover icmp unreachable rate-limit 1 burst-size 1 no asdm history enable arp timeout 14400 ! object network inside_hosts_172.17.0.0 nat (inside,outside) dynamic interface object network AccessMail nat (dmz,outside) static 41.59.253.W object network AccessHTTP nat (dmz,outside) static 41.59.253.(W+1) object network MPLS_INTERNET nat (inside,outside) dynamic interface access-group inside_out in interface inside route outside 0.0.0.0 0.0.0.0 41.59.251.(P-1) 1 route inside 10.0.0.0 255.0.0.0 10.10.10.2 1 route inside 172.17.0.0 255.255.240.0 10.10.10.2 1 route inside 172.17.16.0 255.255.254.0 10.10.10.2 1 route inside 172.17.18.0 255.255.254.0 10.10.10.2 1 route inside 172.17.20.0 255.255.252.0 10.10.10.2 1 route inside 172.17.24.0 255.255.248.0 10.10.10.2 1 route inside 172.17.32.0 255.255.224.0 10.10.10.2 1 route inside 172.17.64.0 255.255.192.0 10.10.10.2 1 route inside 172.17.128.0 255.255.192.0 10.10.10.2 1 route inside 172.17.192.0 255.255.192.0 10.10.10.2 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 dynamic-access-policy-record DfltAccessPolicy user-identity default-domain LOCAL http server enable http 192.168.1.0 255.255.255.0 management http 172.17.18.0 255.255.255.0 management http authentication-certificate management snmp-server host inside 172.17.18.34 community ***** version 2c no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart snmp-server enable traps syslog snmp-server enable traps ipsec start stop snmp-server enable traps entity config-change fru-insert fru-remove snmp-server enable traps memory-threshold snmp-server enable traps interface-threshold snmp-server enable traps remote-access session-threshold-exceeded snmp-server enable traps connection-limit-reached snmp-server enable traps cpu threshold rising snmp-server enable traps ikev2 start stop snmp-server enable traps nat packet-discard telnet 10.10.10.0 255.255.255.0 inside telnet 10.10.10.0 255.255.255.252 inside telnet timeout 5 ssh timeout 5 console timeout 0 management-access inside dhcpd address 192.168.1.2-192.168.1.254 management dhcpd enable management ! threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept webvpn ! class-map netflow-export-class match access-list netflow-export class-map global-class match access-list global_mpc_1 class-map inside-class class-map inspection_default match default-inspection-traffic class-map global_class match access-list global_mpc ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum client auto message-length maximum 512 policy-map netflow-policy class netflow-export-class flow-export event-type all destination 172.16.18.34 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect ip-options class global-class csc fail-open class class-default flow-export event-type all destination 172.16.18.34 172.17.18.34 policy-map inside-policy class inside-class csc fail-open ! service-policy global_policy global prompt hostname context no call-home reporting anonymous Cryptochecksum:b07d4e66863074a8dc5c916bb5e47 : end FIREWALL#