Saturday, May 6, 2023

Configure Meraki MX WAN IP Address (Internet)

Here's a link on how to configure a Static IP address in the Meraki MX WAN Uplink (Internet 1).

The Meraki MX WAN Uplink is set to obtain a DHCP IP address from the ISP by default. In most enterprise network, the ISP will assign a static IP address (usually a /30). 

To configure the Meraki MX WAN Uplink (Internet 1), connect an RJ45 cable in the laptop LAN port to Meraki MX LAN Port 5. Set the laptop LAN to auto obtain a DHCP IP address. The Meraki MX should give an IP address 192.168.128.2/24.

 

C:\Users\user>ipconfig

 

Windows IP Configuration

 

Ethernet adapter Ethernet:

 

   Connection-specific DNS Suffix  . :

   Link-local IPv6 Address . . . . . : fe80::ddf8:984f:a3:c8c0%53

   IPv4 Address. . . . . . . . . . . : 192.168.128.2

   Subnet Mask . . . . . . . . . . . : 255.255.255.0

   Default Gateway . . . . . . . . . : 192.168.128.1

 

Type in the web browser: http://mx.meraki.com. Note it's an HTTP connection. You'll land in the Connection page/tab.


Take note of the Meraki MX serial number found in the rear chassis.

Go to Configure > login using the serial number as the Username > leave the password blank > click Sign in.



Go to Configure > Uplink Configuration > Internet 1 (WAN Port 3) > IP assignment > Static.

Type Address (assigned by the ISP): 200.1.1.100 > Netmask: 255.255.255.252 > Gateway > DNS Server 1: 8.8.8.8

Click Save.

Notice it will display a Configure changes saved.

I did a hard reboot on the Meraki MX appliance by removing and reconnecting the power cable.

 

I received a different DHCP IP address in my laptop.


 

C:\Users\user>ipconfig

 

Windows IP Configuration

 

Ethernet adapter Ethernet:

 

   Connection-specific DNS Suffix  . :

   Link-local IPv6 Address . . . . . : fe80::ddf8:984f:a3:c8c0%53

   IPv4 Address. . . . . . . . . . . : 192.168.0.2

   Subnet Mask . . . . . . . . . . . : 255.255.0.0

   Default Gateway . . . . . . . . . : 192.168.0.1

 


The Internet 1 (WAN Port ) Uplink configuration is still intact.

 

You can now connect the ISP RJ45 cable to WAN Port 3 and further manage/configure the Meraki MX from the Meraki cloud dashboard.

 

I had to change from WAN Port 3 (RJ45) to Port 1 (fiber SFP) and also change its public IP address. I used a Cisco brand GLC-LH-SMD and it worked.

You'll get these web error page if you use the LAN port and use http://mx.meraki.com and http://wired.meraki.com.


You should reconfigure the MX device using the out-of-band Management port (wrench icon) while it's in production. Set your PC LAN TCP/IP setting to DHCP (auto obtain an IP address). Type in the web browser http://setup.meraki.com. In this case I opened another web browser (Microsoft edge). I got an IP address of 10.122.65.134/8 from the MX Management port.

Go to Configure > Internet 1 > Active Port > select: SFP > update IP address, Netmask and Gateway

In this case the provider is using a VLAN tag so I selected: Use VLAN tagging > type VLAN ID.

Click Save (bottom of page) and make sure the status changed to Healthy (green check). Or you can check the power (left most LED light) turns to solid white or you can also check from the Meraki Dashboard.



Posted by at No comments:

Friday, April 7, 2023

Register a FortiGate Next-Generation Firewall in FortiCloud

Here's a link on how to register a FortiGate device in FortiCloud portal. This is an essential step in setting up a FortiGate Next-Generation Firewall (NGFW) in order to get full access to Fortinet technical support (create ticket and firmware download) and FortiGuard services (AntiMalware, Antivirus, Web filter, etc).

This is a FortiGate 40F front chassis where you can find the status LED light.

The rear chassis has the power, console and Ethernet ports: 1, 2, 3, A and WAN.

You'll find the sticket for the initial local setup and FortiCloud key on the top chassis.

You can register a new FortiGate device in the FortiCloud portal. This is how the FortiCloud Asset Management dashboard looks like.

You can also navigate other FortiCloud services under Services.

 

You can navigate to various FortiCloud technical support under Support.

To register a new FortiGate device, go to My Assets > click Register More (upper right blue button).

Type the device serial number > select: A non-government user (for private company/enterprise) > click Next.

Type the FortiCloud Key > type a Production Description (optional) and Support Contract (optional) > select Fortinet Partner. (drop-down).

Read/scroll the End User License Agreement (EULA) > click Accept > click Next.

Read the Important Notice > click Accept > click Confirm.

Read the Product Info summary > click Done.


Posted by at No comments:

Thursday, March 2, 2023

Factory Reset a FortiGate Firewall

I visited Perth, Western Australia a month ago for a network upgrade. I strolled around Elizabeth Quay in my free time which has a picturesque view of the Swan River and Perth Central Business District (CBD). The quay project was completed in January 2016 and it was named in honour of the former Queen Elizabeth II during her Diamond Jubilee.


This is Elizabeth Quay CBD and Bell Tower at night time.


I always order a cheese burger whenever I visit Australia. I just can't get enough of their "Aussie" beef, which is flavorful and nutritious too since they're grass fed.


Here's a link in performing a factory reset in a FortiGate Next Generation Firewall.You can do this in a couple of ways:

1. While FortiGate device is booting up (within 20 seconds), press and hold RESET button until you see System is resetting to factory default.

 

There's a RESET button in a FortiGate 40F appliance located at the rear chassis. You'll need a thin pointed object, i.e. unbend a paper clip or sharp pencil, to push it.


 

2. You can also issue the exec factoryreset CLI command. Note there's no space between the words factory reset.

 

The FortiGate will auto reboot. The default login is admin with no password.

 

It will prompt you to create a new password upon initial login.

 

 

FG-FW01-PRI # exec factoryreset

This operation will reset the system to factory default!

Do you want to continue? (y/n)y

 

 

System is resetting to factory default...

 

 

The system is going down NOW !!

 

FG-FW01-PRI #

Please stand by while rebooting the system.

Restarting system.

 

 

FortiGate-40F (18:55-07.27.2021)

Ver:05000021

Serial number: FGT40FTK21091234

CPU: 1200MHz

Total RAM: 2 GB

Initializing boot device...

Initializing MAC... NP6XLITE#0

Please wait for OS to boot, or press any key to display configuration menu......

 

Booting OS...

Initializing firewall...

 

System is starting...

 

 

FortiGate-40F login: admin

Password:

You are forced to change your password. Please input a new password.

New Password:

Confirm Password:

Welcome!

 

FortiGate-40F # 

 

Posted by at No comments:

Saturday, February 4, 2023

Cisco Firepower 2100 ASA Appliance Mode Upgrade

The upgrade procedure a Cisco Firepower ASA 2100 standalone unit with ASA version 9.13 and above is similar to the upgrade procedure in a classic Cisco ASA firewall.

 

The newer Firepower 2100 with ASA are shipped with ASA version 9.13 above which runs in Appliance mode. The ASA version 9.16.3 is the TAC recommended code (with gold star) as of this writing. Always check the ASA version and ASDM compatibility using this matrix. The ASA 9.16.3.19 is compatible with ASDM 7.18 (1.152)

 

 

ciscoasa# show version

 

Cisco Adaptive Security Appliance Software Version 9.16(2)3

SSP Operating System Version 2.10(1.172)

Device Manager Version 7.16(1)

 

Compiled on Mon 06-Sep-21 19:54 GMT by builders

System image file is "disk0:/mnt/boot/installables/switch/fxos-k8-fp2k-npu.2.10.1.172.SPA"

Config file at boot was "startup-config"

 

ciscoasa up 31 mins 46 secs

 

Hardware:   FPR-2120, 6588 MB RAM, CPU MIPS 1200 MHz, 1 CPU (8 cores)

 

 

 1: Int: Internal-Data0/1    : address is 000f.b748.1234, irq 0

 3: Int: Not licensed        : irq 0

 4: Ext: Management1/1       : address is 3c26.e404.5678, irq 0

 5: Int: Internal-Data1/1    : address is 0000.0100.0001, irq 0

 

License mode: Smart Licensing

 

Licensed features for this platform:

Maximum Physical Interfaces       : Unlimited     

Maximum VLANs                     : 1024          

Inside Hosts                      : Unlimited     

Failover                          : Active/Active 

Encryption-DES                    : Enabled       

Encryption-3DES-AES               : Disabled      

Security Contexts                 : 2             

Carrier                           : Disabled      

AnyConnect Premium Peers          : 3500          

AnyConnect Essentials             : Disabled      

Other VPN Peers                   : 3500          

Total VPN Peers                   : 3500          

AnyConnect for Mobile             : Enabled       

AnyConnect for Cisco VPN Phone    : Enabled       

Advanced Endpoint Assessment      : Enabled       

Shared License                    : Disabled      

Total TLS Proxy Sessions          : 8000          

Cluster                           : Disabled      

 

Serial Number: JAD26291234

Configuration register is 0x1

Configuration last modified by enable_1 at 08:19:10.249 UTC Sun Dec 11 2022

 

 

ciscoasa# show run asdm

no asdm history enable

 

 

ciscoasa# show fxos mode

Mode is currently set to appliance

 

 

I used a USB flash disk to easily copy the ASA image and ASDM files. There's no syslog generated by the ASA when a USB flash disk is inserted.

 

ciscoasa# dir ?

 

  /all             List all files

  /recursive       List files recursively

  all-filesystems  List files on all filesystems

  disk0:           Directory or file name

  disk1:           Directory or file name

  flash:           Directory or file name

  system:          Directory or file name

  <cr>

ciscoasa# dir disk1:

 

Directory of disk1:/

 

<OUTPUT TRUNCATED>

 

181    -rwx  474321104    23:27:50 Sep 12 2022  cisco-asa-fp2k.9.16.3.19.SPA

182    -rwx  110401360    17:03:44 Dec 11 2022  asdm-7181-152.bin

 

12 file(s) total size: 1036935529 bytes

2013265920 bytes total (886046720 bytes free/44% free)

 


Use the copy disk1: disk0: to transfer image files from USB to ASA flash memory.

 

ciscoasa# copy disk1:/asdm-7181-152.bin disk0:/asdm-7181-152.bin

 

Source filename [asdm-7181-152.bin]?

 

Destination filename [asdm-7181-152.bin]?

 

Copy in progress...CCCCCCCCCCCCCCCCCCCCCC

 

CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC

Verifying file disk0:/asdm-7181-152.bin...

 

Writing file disk0:/asdm-7181-152.bin...

 

110401360 bytes copied in 27.340 secs (4088939 bytes/sec)

 

 

ciscoasa# copy disk1:/cisco-asa-fp2k.9.16.3.19.SPA disk0:/cisco-asa-fp2k.9.16.3.19.SPA

 

Source filename [cisco-asa-fp2k.9.16.3.19.SPA]?

 

Destination filename [cisco-asa-fp2k.9.16.3.19.SPA]?

 

Copy in progress...CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC

 

CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC

Verifying file disk0:/cisco-asa-fp2k.9.16.3.19.SPA...

 

Writing file disk0:/cisco-asa-fp2k.9.16.3.19.SPA...

 

474321104 bytes copied in 110.830 secs (4312010 bytes/sec)

 

 

ciscoasa# dir

 

Directory of disk0:/

 

134217958  drwx  52           19:54:29 Jul 20 2022  log

268599726  -rw-  37230720     19:55:18 Sep 06 2021  asdm.bin

2      drwx  4096         19:49:07 Jul 20 2022  cores

134217961  drwx  6            19:53:47 Jul 20 2022  fxos

134217962  drwx  22           19:54:51 Jul 20 2022  smart-log

402653602  -rw-  176          08:18:37 Dec 11 2022  npu-asa-cmd-server.log

402653603  -rw-  39           08:18:26 Dec 11 2022  snortpacketinfo.conf

268745990  drw-  26           19:55:22 Jul 20 2022  coredumpinfo

402653597  -rwx  474321104    09:15:43 Dec 11 2022  cisco-asa-fp2k.9.16.3.19.SPA

402653605  -rwx  110401360    09:17:03 Dec 11 2022  asdm-7181-152.bin

 

5 file(s) total size: 621953399 bytes

21475885056 bytes total (20637024256 bytes free/96% free)

 

 

Use the verify command to check the integrity of the file. MD5 checksum are found in the Cisco website.

 

ciscoasa# verify /md5 asdm-7181-152.bin

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

 

<OUTPUT TRUNCATED>

 

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!Done!

verify /MD5 (disk0:/asdm-7181-152.bin) = 5871d371950e3861c303d351de361f54

 

 

ciscoasa# verify /md5 cisco-asa-fp2k.9.16.3.19.SPA

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

 

<OUTPUT TRUNCATED>

 

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!Done!

verify /MD5 (disk0:/cisco-asa-fp2k.9.16.3.19.SPA) = 1fc4a0d9ad1729f1719e978713585ba8

 

 

Like the classic ASA, just change the boot system variable to point to the new ASA image and ASDM, save and reload for it to take effect.

 

ciscoasa# show run boot system

ciscoasa# <BLANK>

 

ciscoasa# configure terminal

ciscoasa(config)# boot system disk0:/cisco-asa-fp2k.9.16.3.19.SPA

 

The system is currently installed with security software package 9.16.2.3, which has:

   - The platform version:  2.10.1.172

   - The CSP (asa) version: 9.16.2.3

Preparing new image for install...

!!!!!!!!!!!

Image download complete (Successful unpack the image).

Installation of version 9.16.3.19 will do the following:

   - upgrade to the new platform version 2.10.1.207

   - upgrade to the CSP ASA version 9.16.3.19

After installation is complete, ensure to do write memory and reload to save this config and apply the new image.

Finalizing image install process...

 

Install_status: ready............

Install_status: validating-images.....

Install_status: upgrading-npu

Install_status: upgrading-system

Install_status: update-software-pack-completed

 

 

ciscoasa(config)# asdm image disk0:/asdm-7181-152.bin

ciscoasa(config)# end

ciscoasa# write memory

Building configuration...

Cryptochecksum: dc4d65b9 d6d90953 487e762f c145c225

 

12006 bytes copied in 1.890 secs (12006 bytes/sec)

[OK]

 

ciscoasa# reload

Proceed with reload? [confirm]

ciscoasa#

 

 

***

*** --- START GRACEFUL SHUTDOWN ---

Shutting down Application Agent

Shutting down isakmp

Shutting down webvpn

Shutting down sw-module

Shutting down License Controller

Shutting down File system

 

 

***

*** --- SHUTDOWN NOW ---

Process shutdown finished

Rebooting... (status 0x9)

..

lina_monitor pro2022 Dec 11 09:25:15 PMLOG: PM IPC UTILITY: Shutting down all ports

 

Cisco ASA: CMD=-stop, CSP-ID=cisco-asa.9.16.2.3__asa_001_JMX2630X263NOV0U01, FLAG=''

Cisco ASA stopping ...

Cisco ASA stopped successfully.

Stopping Octeon Serial Logd...

Stopping Octeon Serial Logd... success

Stopping OpenBSD Secure Shell server: sshd

stopped /usr/sbin/sshd (pid 9975)

done.

Stopping Octeon NPU ...

 

<OUTPUT TRUNCATED>

 

 

It took around 9 mins for the upgrade to complete.

 

Cisco ASA: CMD=-bootup, CSP-ID=cisco-asa.9.16.2.3__asa_001_JMX2630X263NOV0U01, FLAG=''

Cisco ASA booting up ...

INFO:-MspCheck: Configuration Xml found is /opt/cisco/csp/applications/configs/cspCfg_cisco-asa.9.16.2.3__asa_001_JMX2630X263NOV0U01.xml

INFO:

 

firepower-2120 login: admin (automatic login)

 

Successful login attempts for user 'admin' : 1

INFO: System Disks /dev/sda is present. Status: Operable. /dev/sdb is present. Status: Inoperable.

 

Waiting for Application infrastructure to be ready...

Verifying the signature of the Application image...

Please wait for Cisco ASA to come online...1...

Please wait for Cisco ASA to come online...2...

Please wait for Cisco ASA to come online...3...

Please wait for Cisco ASA to come online...4...

Please wait for Cisco ASA to come online...5...

Please wait for Cisco ASA to come online...6...

Please wait for Cisco ASA to come online...7...

Please wait for Cisco ASA to come online...8...

 

Cisco ASA: CMD=-upgrade, CSP-ID=cisco-asa.9.16.3.19__asa_001_JMX2630X263NOV0U01, FLAG='cisco-asa.9.16.2.3__asa_001_JMX2630X263NOV0U01'

Cisco ASA begins upgrade ...

Please wait for Cisco ASA to come online...9...

Please wait for Cisco ASA to come online...10...

Please wait for Cisco ASA to come online...11...

Please wait for Cisco ASA to come online...12...

Please wait for Cisco ASA to come online...13...

Please wait for Cisco ASA to come online...14...

Verifying signature for cisco-asa.9.16.3.19 ...

Verifying signature for cisco-asa.9.16.3.19 ... success

Please wait for Cisco ASA to come online...15...

 

Cisco ASA: CMD=-start, CSP-ID=cisco-asa.9.16.3.19__asa_001_JMX2630X263NOV0U01, FLAG=''

Cisco ASA starting ...

Registering to process manager ...

Cisco ASA started successfully.

Please wait for Cisco ASA to come online...16...

Please wait for Cisco ASA to come online...17...

Please wait for Cisco ASA to come online...18...

lina_init_env: memif is not enabled.

System Cores 8 Nodes 1 Max Cores 48

Number of Cores 8

Global Reserve Memory Per Node: 692060160 bytes Nodes=1

 

LCMB: HEAP-CACHE POOL got 683671552 bytes on numa-id=0, virt=0x0000005555600000

 

total_reserved_mem = 1073741824

 

total_heapcache_mem = 683671552

total mem 7168280331 system 7222935552 kernel 54655221 image 0

new 7168280331 old 1073741824 reserve 1757413376 priv new 5465522176 priv old 0

Processor memory:   6908362752

POST started...

POST finished, result is 0 (hint: 1 means it failed)

 

Cisco Adaptive Security Appliance Software Version 9.16(3)19

 

Compiled on Wed 03-Aug-22 05:26 GMT by builders

Platform is FPR-2120

Adding Cavium NIC interface 1 port 0

 

Total NICs found: 5

 

NIC pci:id 00, slot 0, port 1, bus -1, dev -1 func 0, irq 00, internal, ten_gb-ethernet, ind 1

NIC pci:id 01, slot 0, port -1, bus 0, dev 0 func 0, irq 00, internal, , ind 0

NIC pci:id 02, slot 1, port 1, bus -1, dev -1 func -1, irq 00, internal, gb-ethernet, ind 1

NIC pci:id 03, slot 1, port 1, bus -1, dev -1 func -1, irq 00, external, gb-ethernet, ind 1

NIC pci:id 04, slot 1, port 1, bus -1, dev -1 func -1, irq 00, internal, gb-ethernet, ind 1

en_vtun rev00 Backplane Ext-Mgmt Interface     @ index 03 MAC: 3c26.e404.9e81

en_vtun rev00 Backplane Tap Interface     @ index 04 MAC: 0000.0100.0001

WARNING: Attribute already exists in the dictionary.

Use software crypto.

The 3DES/AES algorithms require a Encryption-3DES-AES entitlement.

The 3DES/AES algorithms require a Encryption-3DES-AES entitlement.

 

Cisco Adaptive Security Appliance Software Version 9.16(3)19

 

  ****************************** Warning *******************************

  This product contains cryptographic features and is

  subject to United States and local country laws

  governing, import, export, transfer, and use.

  Delivery of Cisco cryptographic products does not

  imply third-party authority to import, export,

  distribute, or use encryption. Importers, exporters,

  distributors and users are responsible for compliance

  with U.S. and local country laws. By using this

  product you agree to comply with applicable laws and

  regulations. If you are unable to comply with U.S.

  and local laws, return the enclosed items immediately.

 

  A summary of U.S. laws governing Cisco cryptographic

  products may be found at:

  http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

 

  If you require further assistance please contact us by

  sending email to export@cisco.com.

  ******************************* Warning *******************************

Cisco Adaptive Security Appliance Software, version 9.16

Copyright (c) 1996-2022 by Cisco Systems, Inc.

For licenses and notices for open source software used in this product, please visit

http://www.cisco.com/go/asa-opensource

 

                Restricted Rights Legend

Use, duplication, or disclosure by the Government is

subject to restrictions as set forth in subparagraph

(c) of the Commercial Computer Software - Restricted

Rights clause at FAR sec. 52.227-19 and subparagraph

(c) (1) (ii) of the Rights in Technical Data and Computer

Software clause at DFARS sec. 252.227-7013.

 

                Cisco Systems, Inc.

                170 West Tasman Drive

                San Jose, California 95134-1706

 

Reading from flash...

!!!.....

Cryptochecksum (unchanged): dc4d65b9 d6d90953 487e762f c145c225

 

INFO: Power-On Self-Test in process.

..............

INFO: Power-On Self-Test complete.

 

INFO: Starting SW-DRBG health test...

INFO: SW-DRBG health test passed.

User enable_1 logged in to ciscoasa

Logins over the last 1 days: 1. 

Failed logins since the last login: 0. 

 Attaching to ASA CLI ... Press 'Ctrl+a then d' to detach.

Type help or '?' for a list of available commands.

 

ciscoasa> enable

Password: ********

ciscoasa# show version

 

Cisco Adaptive Security Appliance Software Version 9.16(3)19

SSP Operating System Version 2.10(1.207)

Device Manager Version 7.18(1)152

 

Compiled on Wed 03-Aug-22 05:26 GMT by builders

System image file is "disk0:/mnt/boot/installables/switch/fxos-k8-fp2k-npu.2.10.1.207.SPA"

Config file at boot was "startup-config"

 

ciscoasa up 1 min 37 secs

 

Hardware:   FPR-2120, 6588 MB RAM, CPU MIPS 1200 MHz, 1 CPU (8 cores)

 

 

 1: Int: Internal-Data0/1    : address is 000f.b748.1234, irq 0

 3: Int: Not licensed        : irq 0

 4: Ext: Management1/1       : address is 3c26.e404.5678, irq 0

 5: Int: Internal-Data1/1    : address is 0000.0100.0001, irq 0

 

License mode: Smart Licensing

 

Licensed features for this platform:

Maximum Physical Interfaces       : Unlimited     

Maximum VLANs                     : 1024          

Inside Hosts                      : Unlimited     

Failover                          : Active/Active 

Encryption-DES                    : Enabled       

Encryption-3DES-AES               : Disabled      

Security Contexts                 : 2             

Carrier                           : Disabled      

AnyConnect Premium Peers          : 3500          

AnyConnect Essentials             : Disabled      

Other VPN Peers                   : 3500          

Total VPN Peers                   : 3500          

AnyConnect for Mobile             : Enabled       

AnyConnect for Cisco VPN Phone    : Enabled       

Advanced Endpoint Assessment      : Enabled       

Shared License                    : Disabled      

Total TLS Proxy Sessions          : 8000          

Cluster                           : Disabled      

 

Serial Number: JAD26291234

Configuration register is 0x1

Configuration has not been modified since last system restart.

 

 

ciscoasa# show asdm ?

 

  history       Show contents of Device Manager history buffer

  image         Show current Device Manager image file

  log_sessions  Show current Device Manager logging sessions

  sessions      Show current Device Manager sessions

 

ciscoasa# show asdm image

Device Manager image file, disk0:/asdm-7181-152.bin


Remove the default ASA config with this command script.


interface Ethernet1/1
 no ip address dhcp setroute

interface Ethernet1/2
 no ip address

interface Management1/1
 no ip address

no dns domain-lookup outside

no object network obj_any

no http 0.0.0.0 0.0.0.0 management

no http 192.168.1.0 255.255.255.0 inside

no dhcpd auto_config outside
no dhcpd address 192.168.1.20-192.168.1.254 inside
no dhcpd enable inside

write memory

 

ciscoasa# show run
: Saved

:
: Serial Number: JAD26291234
: Hardware:   FPR-2120, 6588 MB RAM, CPU MIPS 1200 MHz, 1 CPU (8 cores)
:
ASA Version 9.16(3)19
!
hostname ciscoasa
enable password ***** pbkdf2
service-module 0 keepalive-timeout 4
service-module 0 keepalive-counter 6
names
no mac-address auto

!
interface Ethernet1/1
 nameif outside
 security-level 0
 ip address dhcp setroute
!
interface Ethernet1/2
 nameif inside
 security-level 100
 ip address 192.168.1.1 255.255.255.0
!
interface Ethernet1/3
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet1/4
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet1/5
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet1/6
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet1/7
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet1/8
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet1/9
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet1/10
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet1/11
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet1/12
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet1/13
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet1/14
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet1/15
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet1/16
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Management1/1
 management-only
 nameif management
 security-level 100
 ip address dhcp setroute
!
boot system disk0:/cisco-asa-fp2k.9.16.3.19.SPA
ftp mode passive
dns domain-lookup outside
dns server-group DefaultDNS
 name-server 208.67.220.220
 name-server 208.67.222.222
object network obj_any
 subnet 0.0.0.0 0.0.0.0
pager lines 24
mtu outside 1500
mtu inside 1500
mtu management 1500
no failover
no failover wait-disable
no monitor-interface service-module
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-7181-152.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
arp rate-limit 32768
!
object network obj_any
 nat (any,outside) dynamic interface
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
timeout conn-holddown 0:00:15
timeout igp stale-route 0:01:10
user-identity default-domain LOCAL
aaa authentication login-history
http server enable
http 0.0.0.0 0.0.0.0 management
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpoint _SmartCallHome_ServerCA
 no validation-usage
 crl configure
crypto ca trustpoint _SmartCallHome_ServerCA2
 no validation-usage
 crl configure
crypto ca trustpool policy
 auto-import
crypto ca certificate chain _SmartCallHome_ServerCA
 certificate ca 0a0142800000014523c844b500000002
    30820560 30820348 a0030201 0202100a 01428000 00014523 c844b500 00000230
    0d06092a 864886f7 0d01010b 0500304a 310b3009 06035504 06130255 53311230
 

<OUTPUT TRUNCATED>


    6b3c1083 c6addea8 cd168e8d f0073771 9ff2abfc 41f5c18b ec00375d 09e54e80
    effab15c 3806a51b 4ae1dc38 2d3cdcab 1f901ad5 4a9ceed1 706cccee f457f818
    ba846e87
  quit
crypto ca certificate chain _SmartCallHome_ServerCA2
 certificate ca 0509
    308205b7 3082039f a0030201 02020205 09300d06 092a8648 86f70d01 01050500
    3045310b 30090603 55040613 02424d31 19301706 0355040a 13105175 6f566164
 

<OUTPUT TRUNCATED>


    b478a53a 874c8d8a a5d54697 f22c10b9 bc5422c0 01506943 9ef4b2ef 6df8ecda
    f1e3b1ef df918f54 2a0b25c1 2619c452 100565d5 8210eac2 31cd2e
  quit
telnet timeout 5
ssh stricthostkeycheck
ssh timeout 5
ssh version 2
ssh key-exchange group dh-group14-sha256
console timeout 0
dhcpd auto_config outside
!
dhcpd address 192.168.1.20-192.168.1.254 inside
dhcpd enable inside
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
dynamic-access-policy-record DfltAccessPolicy
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum client auto
  message-length maximum 512
  no tcp-inspection
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect ip-options
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip  
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
 profile CiscoTAC-1
  no active
  destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
  destination address email callhome@cisco.com
  destination transport-method http
  subscribe-to-alert-group diagnostic
  subscribe-to-alert-group environment
  subscribe-to-alert-group inventory periodic monthly
  subscribe-to-alert-group configuration periodic monthly
  subscribe-to-alert-group telemetry periodic daily
 profile License
  destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
  destination transport-method http
Cryptochecksum:dc4d65b9d6d90953487e762fc145c225
: end
 

Posted by at No comments:
Subscribe to: Posts (Atom)