Sysadmin > CiscoFirewall > FirewallBestPractice > ASANamingSchema
Changes | Index | Search
Tags(edit)

Cisco ASA different naming schemata

ASANamingConventionALLCAPS | ASANamingConventionCamelCase

http://www.networkworld.com/community/node/23721

Work in progress

An example config for showing the different naming schemata 


: Saved
: Written by enable_15 at 11:50:08.572 CEDT Tue Aug 26 2008
!
ASA Version 8.0(3)12 <context>
!
hostname DEF001-SG01-H-5550
enable password tQIafIOPodeR1Xkw encrypted
passwd tvy1hubpzgsFDOsk encrypted
names
name 10.2.0.10 hLocAdmin description -- Lokaler Admin PC
!
interface GigabitEthernet0/1.63
 description -- Uplink
 nameif nFw_upl
 security-level 0
 ip address 144.21.4.136 255.255.255.224 standby 144.21.4.137 
!
interface GigabitEthernet1/0.944
 description -- inside desktop PCs
 nameif nFm_pc
 security-level 70
 ip address 10.2.0.1 255.255.255.0 standby 10.2.0.2 
!
object-group protocol TCPUDP
 protocol-object udp
 protocol-object tcp
!
object-group icmp-type sIcmpBase
 description -- BaseServices ICMP
 icmp-object conversion-error
 icmp-object echo
 icmp-object echo-reply
 icmp-object parameter-problem
 icmp-object source-quench
 icmp-object time-exceeded
 icmp-object traceroute
 icmp-object unreachable
!
object-group service sAddLdapTcp tcp
 description -- LDAP-Queries
 port-object eq ldap
 port-object eq ldaps
object-group service sAddNetbiosTcp tcp
 description -- TCP-Ports for CIFS
 port-object eq 445
 port-object eq netbios-ssn
object-group service sAddNetbiosUdp udp
 description -- UDP-Ports for CIFS
 port-object eq netbios-dgm
 port-object eq netbios-ns
 
object-group service sBaseTcp tcp
 description -- TCP-BaseServices for Clients
 port-object eq domain
 group-object sWebTcp
 group-object sSshTcp
 group-object sMailTcp
 group-object sBackupTcp
 port-object eq nntp
 port-object eq citrix-ica
 port-object eq ident
object-group service sBaseUdp udp
 description -- UDP-BaseServices for Clients
 port-object eq domain
 port-object eq ntp
 port-object eq isakmp
 port-object eq 427
object-group service sSshTcp tcp
 description -- RemoteAdministration via ssh, scp, sftp
 port-object eq ssh
 port-object eq 2222
object-group network nCampus
 description -- hole campus
 network-object 144.21.0.0 255.255.0.0
object-group network nCampusServer
 description -- important server (time, web, dns, Backup)
 network-object host 144.21.1.237
 network-object host 144.21.140.52
 network-object host 144.21.140.57
 network-object host 144.21.140.69
 network-object host 144.21.14.18
 network-object host 144.21.14.19
 network-object host 144.21.14.2
 network-object host 144.21.14.3
 network-object host 144.21.14.43
 network-object host 134.50.6.102
object-group service sBackupTcp tcp
 description -- Backup Tivoli
 port-object range 1600 1601
object-group service sMailTcp tcp
 description -- Mail only
 port-object eq imap4
 port-object eq pop3
 port-object eq smtp
 port-object eq 587
object-group service sWebTcp tcp
 description -- Web only
 port-object eq www
 port-object eq https
 port-object eq 8080
 port-object eq 3128
object-group protocol sIpVpn
 description -- ESP fuer VPN
 protocol-object esp
object-group service sAddLprTcp tcp
 description -- Printservice
 port-object eq 510
 port-object eq lpd
 port-object eq 9100
 port-object eq 9400
 port-object eq 9200
object-group service sAddLprUdp udp
 description -- Addhoc noch UDP
 port-object eq 510
 port-object eq 515
 port-object eq 9100
 port-object eq 9400
object-group service sAddVncTcp tcp
 description -- VNS Remote Managment
 port-object eq 5900
object-group service stAddMysqlTcp tcp
 description -- Databaseconnect fuer MySQL und ODBC
 port-object eq 3306
object-group service sAddGmailTcp tcp
 description -- IMAP/SSL, SMTP/SSL fuer Gmail
 port-object eq 465
 port-object eq 993
object-group service sAddBeehiveTcp tcp
 port-object eq 4443
 port-object eq 7777
 port-object eq 7778
 port-object eq 21401
access-list nFw_upl_access_in extended permit tcp any any object-group sBaseTcp 
access-list nFw_upl_access_in extended permit udp any any object-group sBaseUdp 
access-list nFw_upl_access_in extended permit icmp any any object-group sIcmpBase 
access-list nFw_upl_access_in extended deny tcp any any 
access-list nFw_upl_access_in extended deny udp any any 
access-list nFm_dmzdb_access_in extended permit tcp any any object-group sBaseTcp 
access-list nFm_dmzdb_access_in extended permit udp any any object-group sBaseUdp 
access-list nFm_dmzdb_access_in extended permit icmp any any object-group sIcmpBase 
access-list nFm_dmzdb_access_in extended deny tcp any any 
access-list nFm_dmzdb_access_in extended deny udp any any 
access-list nFm_pc_access_in extended permit tcp any any object-group sBaseTcp 
access-list nFm_pc_access_in extended permit udp any any object-group sBaseUdp 
access-list nFm_pc_access_in extended permit icmp any any object-group sIcmpBase 
access-list nFm_pc_access_in extended deny tcp any any 
access-list nFm_pc_access_in extended deny udp any any 
access-list nFm_dmzweb_access_in extended permit tcp any any object-group sBaseTcp 
access-list nFm_dmzweb_access_in extended permit udp any any object-group sBaseUdp 
access-list nFm_dmzweb_access_in extended permit icmp any any object-group sIcmpBase 
access-list nFm_dmzweb_access_in extended deny tcp any any 
access-list nFm_dmzweb_access_in extended deny udp any any 
access-list nFm_dmzapp_access_in extended permit tcp any any object-group sBaseTcp 
access-list nFm_dmzapp_access_in extended permit udp any any object-group sBaseUdp 
access-list nFm_dmzapp_access_in extended permit icmp any any object-group sIcmpBase 
access-list nFm_dmzapp_access_in extended deny tcp any any 
access-list nFm_dmzapp_access_in extended deny udp any any 
no pager
logging enable
logging asdm warnings
mtu nFw_upl 1500
mtu nFm_dmzdb 1500
mtu nFm_pc 1500
mtu nFm_dmzweb 1500
mtu nFm_dmzapp 1500
monitor-interface nFw_upl
monitor-interface nFm_dmz
monitor-interface nFm_pc
monitor-interface nFm_dmzweb
monitor-interface nFm_dmzapp
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
access-group nFw_upl_access_in in interface nFw_upl
access-group nFm_dmzdb_access_in in interface nFm_dmz
access-group nFm_pc_access_in in interface nFm_pc
access-group nFm_dmzweb_access_in in interface nFm_dmzweb
access-group nFm_dmzapp_access_in in interface nFm_dmzapp
route nFw_upl 0.0.0.0 0.0.0.0 144.21.4.129 1
timeout xlate 13:00:00
timeout conn 11:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
http server enable
http hLocAdmin 255.255.255.255 nFm_pc
no snmp-server location
no snmp-server contact
telnet timeout 5
ssh timeout 5
username joe password 5ctWL4yttfjyZlxZ encrypted privilege 15
username jack password /NMFJ23Z72OtfGky encrypted privilege 15
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map 
  inspect ftp 
  inspect h323 h225 
  inspect h323 ras 
  inspect netbios 
  inspect rsh 
  inspect rtsp 
  inspect skinny  
  inspect esmtp 
  inspect sqlnet 
  inspect sunrpc 
  inspect tftp 
  inspect sip  
  inspect xdmcp 
!
service-policy global_policy global
Cryptochecksum:f9206d4600ae89bf4c5e59ddeac9ede4
: end
Edit | Attach | More topic actions
Copyright © Creative Commons License