WRH-ASA# show run
: Saved
:
ASA Version 7.0(6)
!
hostname WRH-ASA
domain-name myworkdomainhere.org
names
name 192.0.0.25 MAIL-PRIV
name xxx.xxx.45.196 MAIL-PUB
name 192.0.0.11 TEST-PRIV
name 192.0.0.207 WEB-PRIV
name xxx.xxx.45.198 WEB-PUB
name 192.0.0.72 CITRIX-02
name xxx.xxx.45.195 CITRIX02-PUB
name 192.0.0.26 Spamstop
name 192.0.0.235 CHARTLINK
name xxx.xxx.45.197 CHARTLINK-PUB
name 192.0.0.99 WEBBETA-PRIV
name xxx.xx.168.156 WEBBETA-PUB
name xxx.xx.168.157 GWMOBILE-PUB
name 192.0.0.74 GWMOBILE-PRI
name xxx.xx.168.154 CITRIX01-PUB
name 192.0.3.253 CITRIX01-PRI
dns-guard
!
interface Ethernet0/0
 nameif outside
 security-level 0
 ip address xxx.xxx.45.194 255.255.255.248
!
interface Ethernet0/1
 nameif inside
 security-level 100
 ip address 10.10.0.2 255.255.255.0
!
interface Ethernet0/2
 nameif dmz
 security-level 40
 ip address 10.34.17.2 255.255.255.0
!
interface Ethernet0/3
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Management0/0
 shutdown
 nameif management
 security-level 100
 no ip address
 management-only
!
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring 2 Sun Mar 2:00 1 Sun Nov 2:00
access-list INBOUND extended permit icmp any any
access-list INBOUND extended permit tcp any host MAIL-PUB eq smtp
access-list INBOUND extended permit tcp any host MAIL-PUB eq https
access-list INBOUND extended permit tcp any host MAIL-PUB eq www
access-list INBOUND extended permit tcp any host WEB-PUB eq www
access-list INBOUND extended permit tcp any host WEB-PUB eq citrix-ica
access-list INBOUND extended permit tcp any host CITRIX02-PUB eq citrix-ica
access-list INBOUND extended permit tcp any host CHARTLINK-PUB eq www
access-list INBOUND extended permit tcp any host CHARTLINK-PUB eq https
access-list INBOUND extended permit tcp any host CHARTLINK-PUB eq ssh
access-list INBOUND extended permit tcp any host xxx.xx.168.155 eq smtp
access-list INBOUND extended permit tcp any host xxx.xx.168.155 eq www
access-list INBOUND extended permit tcp any host xxx.xx.168.155 eq https
access-list INBOUND extended permit tcp any host WEBBETA-PUB eq www
access-list INBOUND extended permit tcp any host WEBBETA-PUB eq citrix-ica
access-list INBOUND extended permit tcp any host GWMOBILE-PUB eq www
access-list INBOUND extended permit tcp any host CITRIX01-PUB eq citrix-ica
access-list DMZ-INBOUND extended permit ip any any
access-list NONAT extended permit ip 192.0.0.0 255.255.252.0 10.34.17.0 255.255.255.0
access-list NONAT extended permit ip 172.16.4.0 255.255.255.0 10.34.17.0 255.255.255.0
access-list NONAT extended permit icmp 172.16.4.0 255.255.255.0 10.34.17.0 255.255.255.0
access-list NONAT extended permit ip host 192.0.0.236 host 10.0.0.2
access-list NONAT extended permit ip host 192.0.0.200 host 10.0.0.2
access-list inside_nat0_outbound extended permit ip 192.0.0.0 255.255.252.0 10.34.17.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 172.16.4.0 255.255.255.0 10.34.17.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip host 192.0.0.236 host 10.0.0.2
access-list inside_nat0_outbound extended permit ip host 192.0.0.200 host 10.0.0.2
pager lines 24
logging enable
logging buffered critical
logging trap critical
logging asdm informational
logging host inside 192.0.1.44
mtu outside 1500
mtu inside 1500
mtu dmz 1500
mtu management 1500
ip verify reverse-path interface outside
ip audit attack action alarm drop reset
no failover
asdm image disk0:/asdm506.bin
no asdm history enable
arp timeout 14400
global (outside) 10 MAIL-PUB
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 10 MAIL-PRIV 255.255.255.255
nat (inside) 10 Spamstop 255.255.255.255
nat (inside) 1 0.0.0.0 0.0.0.0
nat (dmz) 0 10.34.17.0 255.255.255.0
static (inside,outside) tcp MAIL-PUB smtp Spamstop smtp netmask 255.255.255.255
static (inside,outside) tcp MAIL-PUB https MAIL-PRIV https netmask 255.255.255.255
static (inside,outside) tcp MAIL-PUB www MAIL-PRIV www netmask 255.255.255.255
static (inside,outside) WEB-PUB WEB-PRIV netmask 255.255.255.255
static (inside,outside) CITRIX02-PUB CITRIX-02 netmask 255.255.255.255
static (inside,outside) CHARTLINK-PUB CHARTLINK netmask 255.255.255.255
static (inside,outside) xxx.xx.168.155 192.0.0.58 netmask 255.255.255.255
static (inside,outside) WEBBETA-PUB WEBBETA-PRIV netmask 255.255.255.255
static (inside,outside) GWMOBILE-PUB GWMOBILE-PRI netmask 255.255.255.255
static (inside,outside) CITRIX01-PUB CITRIX01-PRI netmask 255.255.255.255
static (inside,outside) xx.xxx.214.11 10.1.0.172 netmask 255.255.255.255
static (inside,outside) xx.xxx.214.12 10.1.0.173 netmask 255.255.255.255
static (inside,outside) xx.xxx.214.10 192.0.1.248 netmask 255.255.255.255
access-group INBOUND in interface outside
access-group DMZ-INBOUND in interface dmz
route outside 0.0.0.0 0.0.0.0 xxx.xxx.45.193 1
route inside 10.1.0.0 255.255.255.0 10.10.0.1 1
route inside 172.16.4.0 255.255.255.0 10.10.0.1 1
route inside 192.0.0.0 255.255.252.0 10.10.0.1 1
route dmz 10.0.0.2 255.255.255.255 10.34.17.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 192.0.0.0 255.255.252.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet 192.0.0.0 255.255.252.0 inside
telnet timeout 5
ssh 192.0.0.0 255.255.252.0 inside
ssh timeout 10
console timeout 15
management-access inside
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map global_policy
 class inspection_default
  inspect dns maximum-length 512
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect http
  inspect pptp
  inspect rsh
  inspect rtsp
  inspect sip
  inspect skinny
  inspect esmtp
  inspect sqlnet
  inspect tftp
!
service-policy global_policy global
ntp server 192.0.0.14 source inside
Cryptochecksum:d864f1e42a2a7956593e7bda657fc327
: end
WRH-ASA#