Main > WorkPad > WorkPadTestASAPrimary
Changes | Index | Search
Tags(edit)

system context 

: Saved
:
ASA Version 8.4(3) <system>
!
hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted
mac-address auto prefix 21717
!
interface GigabitEthernet0/0
 description -- trunk interface
!
interface GigabitEthernet0/0.150
 description -- vrf CustA
 vlan 150
!
interface GigabitEthernet0/0.151
 description -- vrf CustB
 vlan 151
!
interface GigabitEthernet0/0.152
 description -- vrf CustC
 vlan 152
!
interface GigabitEthernet0/0.200
 description -- transfer CustA
 vlan 200
!
interface GigabitEthernet0/0.201
 description -- transfer CustB
 vlan 201
!
interface GigabitEthernet0/0.202
 description -- transfer CustC
 vlan 202
!
interface GigabitEthernet0/1
 shutdown
!
interface GigabitEthernet0/2
 shutdown
!
interface GigabitEthernet0/3
 shutdown
!
interface GigabitEthernet0/4
 shutdown
!
interface GigabitEthernet0/5
 shutdown
!
interface Management0/0
!
interface Management0/1
 shutdown
!
interface TenGigabitEthernet0/6
 shutdown
!
interface TenGigabitEthernet0/7
 shutdown
!
interface TenGigabitEthernet0/8
 shutdown
!
interface TenGigabitEthernet0/9
 description LAN/STATE Failover Interface
!
class default
  limit-resource All 0
  limit-resource ASDM 5
  limit-resource SSH 5
  limit-resource Telnet 5
!

ftp mode passive
no pager
failover
failover lan unit primary
failover lan interface failover-link TenGigabitEthernet0/9
failover key fOObARbatz
failover replication http
failover link failover-link TenGigabitEthernet0/9
failover interface ip failover-link 192.168.8.1 255.255.255.252 standby 192.168.8.2
no asdm history enable
arp timeout 14400
console timeout 0
!
tls-proxy maximum-session 1000
!

admin-context admin
context admin
  description -- administration context (user from this context can switch into other contexts)
  allocate-interface Management0/0
  config-url disk0:/admin.cfg
!

context CustA
  description -- virtuell FW Customer A
  allocate-interface GigabitEthernet0/0.150
  allocate-interface GigabitEthernet0/0.200
  config-url disk0:/custa.cfg
!

context CustB
  description -- virtuell FW Customer B
  allocate-interface GigabitEthernet0/0.151
  allocate-interface GigabitEthernet0/0.201
  config-url disk0:/custb.cfg
!

context CustC
  description -- virtuell FW Customer C
  allocate-interface GigabitEthernet0/0.152
  allocate-interface GigabitEthernet0/0.202
  config-url disk0:/custc.cfg
!

prompt hostname context
no call-home reporting anonymous
Cryptochecksum:3bc61695eb10f8531ca567e93143051a
: end

customer context 

hostname CustA
!
interface GigabitEthernet0/0.150
 nameif inside
 security-level 100
 ip address 10.135.150.4 255.255.255.248 standby 10.135.150.5
!
interface GigabitEthernet0/0.200
 nameif transfer
 security-level 0
 ip address 10.135.200.4 255.255.255.248 standby 10.135.200.5
!
access-list transfer_acl extended deny udp any any eq 23
access-list transfer_acl extended deny tcp any any eq telnet
access-list transfer_acl extended permit ip any any
access-list transfer_acl extended permit icmp any any
access-list inside_acl extended deny tcp any any eq telnet inactive
access-list inside_acl extended permit ip any any
access-list inside_acl extended permit icmp any any
access-group inside_acl in interface inside
access-group transfer_acl in interface transfer
route transfer 0.0.0.0 0.0.0.0 10.135.200.3 1
route insidelink 10.135.100.0 255.255.255.0 10.135.150.3 1

Customer B 

hostname CustB
!
interface GigabitEthernet0/0.151
 nameif inside
 security-level 100
 ip address 10.135.151.4 255.255.255.248 standby 10.135.151.5
!
interface GigabitEthernet0/0.201
 nameif transfer
 security-level 0
 ip address 10.135.201.4 255.255.255.248 standby 10.135.201.5
!
access-list transfer_acl extended deny tcp any any eq telnet inactive
access-list transfer_acl extended permit ip any any
access-list transfer_acl extended permit icmp any any
access-list inside_acl extended deny tcp any any eq telnet inactive
access-list inside_acl extended permit ip any any
access-list inside_acl extended permit icmp any any
access-group inside_acl in interface inside
access-group transfer_acl in interface transfer
route transfer 0.0.0.0 0.0.0.0 10.135.201.3 1
route inside 10.135.101.0 255.255.255.0 10.135.151.3 1
<verbatim>

---+ Customer C

<verbatim>
hostname CustC
!
interface GigabitEthernet0/0.152
 nameif inside
 security-level 100
 ip address 10.135.152.4 255.255.255.248 standby 10.135.152.5
!
interface GigabitEthernet0/0.202
 nameif transfer
 security-level 0
 ip address 10.135.202.4 255.255.255.248 standby 10.135.202.5
!
access-list transfer_acl extended deny tcp any any eq telnet inactive
access-list transfer_acl extended permit ip any any
access-list transfer_acl extended permit icmp any any
access-list inside_acl extended deny tcp any any eq telnet inactive
access-list inside_acl extended permit ip any any
access-list inside_acl extended permit icmp any any
access-group inside_acl in interface inside
access-group transfer_acl in interface transfer
route transfer 0.0.0.0 0.0.0.0 10.135.202.3 1
route inside 10.135.102.0 255.255.255.0 10.135.152.3 1
</verbatim></verbatim>
<nop>
Edit | Attach | More topic actions
Copyright © Creative Commons License