Chapter 17 Configuring Virtual Private Networks
Sample ASA configuration summary
no nameif security-level 100 no ip address
!
interface Management0/0 shutdown
nameif management security-level 100 no ip address management-only
!
!--- Boot image of ASA
boot system disk0:/asa821-k8.bin ftp mode passive
!--- Clock settings clock timezone CST -6
clock summer-time CDT recurring
!--- DNS configuration dns domain-lookup outside dns server-group DefaultDNS
name-server 64.101.128.56 domain-name nw048b.cisco.com
| | | !--- Enable interface on the same security level so that they can communicate to each |
| | | other |
| | | same-security-traffic permit inter-interface |
| | | !--- Enable communication between hosts connected to same interface |
| | | same-security-traffic permit intra-interface |
| | | pager lines 24 |
| | | !--- Logging options |
| | | logging enable |
| | | logging timestamp |
| | | logging console debugging |
| | | no logging message 710005 |
| | | mtu outside 1500 |
| | | mtu inside 1500 |
| | | mtu management 1500 |
| | | !--- Define IP local address pool |
| | | ip local pool Webvpn_POOL 10.8.40.150-10.8.40.170 mask 255.255.255.192 |
| | | no failover |
| | | icmp unreachable rate-limit 1 burst-size 1 |
| | | icmp permit any inside |
| | | !--- ASDM image |
| | | asdm image disk0:/asdm-623.bin |
| | | no asdm history enable |
| | | arp timeout 14400 |
| | | !--- Static routing |
| | | route outside 0.0.0.0 0.0.0.0 10.89.79.129 1 |
| | | route inside 10.89.0.0 255.255.0.0 10.8.40.1 1 |
| | | route inside 0.0.0.0 0.0.0.0 10.8.40.1 tunneled |
| | | timeout xlate 3:00:00 |
| | | timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 |
| | | timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 |
| | | timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 |
| | | timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute |
| | | Cisco Unified Communications Manager Security Guide |
| | |
| | | | |
| 17-12 | | OL-24124-01 | |
| | |
