Sie sind auf Seite 1von 17

ij04-ASA5585-1/secntx1# changeto syste

ij04-ASA5585-1#
ij04-ASA5585-1#
ij04-ASA5585-1#
ij04-ASA5585-1# sh failover state
This host Group 1
Group 2

State
Primary
Active
Failed

Other host Group 1

Secondary
Failed

Group 2

Active

Last Failure Reason

Date/Time

None
Ifc Failure
02:38:30 UTC Oct 13 2010
secntx2 outside: No Link
secntx2 inside: No Link
Ifc Failure
02:38:46 UTC Oct 13 2010
secntx1 outside: Failed
secntx1 inside: Failed
None

====Configuration State===
Sync Done - STANDBY
====Communication State===
Mac set
ij04-ASA5585-1# sh run
: Saved
:
ASA Version 9.1(2) <system>
!
hostname ij04-ASA5585-1
enable password 9jNfZuG3TC5tCVH0 encrypted
no mac-address auto
!
interface GigabitEthernet0/0
description STATE Failover Interface
!
interface GigabitEthernet0/1
description LAN Failover Interface
!
interface GigabitEthernet0/2
!
interface GigabitEthernet0/3
description LAN Failover Interface
!
interface GigabitEthernet0/4
!
interface GigabitEthernet0/5
!
interface GigabitEthernet0/6
!
interface GigabitEthernet0/7
!
interface Management0/0
!
ij04-ASA5585-1#
ij04-ASA5585-1#
ij04-ASA5585-1# sh run
: Saved
:
ASA Version 9.1(2) <system>
!

hostname ij04-ASA5585-1
enable password 9jNfZuG3TC5tCVH0 encrypted
no mac-address auto
!
interface GigabitEthernet0/0
description STATE Failover Interface
!
interface GigabitEthernet0/1
description LAN Failover Interface
!
interface GigabitEthernet0/2
!
interface GigabitEthernet0/3
description LAN Failover Interface
!
interface GigabitEthernet0/4
!
interface GigabitEthernet0/5
!
interface GigabitEthernet0/6
!
interface GigabitEthernet0/7
!
interface Management0/0
!
interface Management0/1
!
interface TenGigabitEthernet0/8
!
interface TenGigabitEthernet0/9
!
interface Port-channel1
!
class default
limit-resource All 0
limit-resource ASDM 5
limit-resource SSH 5
limit-resource Telnet 5
!
boot system disk0:/asa912-smp-k8.bin
ftp mode passive
pager lines 24
failover
failover lan unit primary
failover lan interface failover_link GigabitEthernet0/1
failover link state_link GigabitEthernet0/0
failover interface ip failover_link 10.10.101.2 255.255.255.0 standby 10.10.101.
1
failover interface ip state_link 10.10.100.2 255.255.255.0 standby 10.10.100.1
failover group 1
failover group 2
secondary
asdm image disk0:/asdm-714.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
console timeout 0
!
tls-proxy maximum-session 1000

!
admin-context admin
ij04-ASA5585-1# sh ver
Cisco Adaptive Security Appliance Software Version 9.1(2) <system>
Device Manager Version 7.1(4)
Compiled on Thu 09-May-13 16:20 PDT by builders
System image file is "disk0:/asa912-smp-k8.bin"
Config file at boot was "startup-config"
ij04-ASA5585-1 up 1 day 2 hours
failover cluster up 2 days 0 hours
Hardware: ASA5585-SSP-20, 12288 MB RAM, CPU Xeon 5500 series 2133 MHz, 1 CPU (
8 cores)
Internal ATA Compact Flash, 2048MB
BIOS Flash M25P32 @ 0x0, 4096KB
Encryption hardware device : Cisco ASA-5585 on-board
Boot microcode
:
SSL/IKE microcode
:
IPSec microcode
:
Number of accelerators:

accelerator (revision 0x1)


CNPx-MC-BOOT-2.00
CNPx-MC-SSL-PLUS-T020
CNPx-MC-IPSEC-MAIN-0024
2

Programmable device : Cisco CPLD revision 0x8


0:
2:
3:
4:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:

Int:
Int:
Ext:
Ext:
Ext:
Ext:
Ext:
Ext:
Ext:
Ext:
Ext:
Ext:
Ext:
Ext:
Int:
Int:
Int:
Int:
Int:
Int:
Int:
Int:

Internal-Data0/0
: address is 0000.0001.0001, irq 5
Internal-Data0/1
: address is 0000.0001.0002, irq 10
Management0/0
: address is 5475.d05a.fb94, irq 10
Management0/1
: address is 5475.d05a.fb95, irq 5
GigabitEthernet0/0 : address is 5475.d05a.fb96, irq 255
GigabitEthernet0/1 : address is 5475.d05a.fb97, irq 255
GigabitEthernet0/2 : address is 5475.d05a.fb98, irq 255
GigabitEthernet0/3 : address is 5475.d05a.fb99, irq 255
GigabitEthernet0/4 : address is 5475.d05a.fb9a, irq 255
GigabitEthernet0/5 : address is 5475.d05a.fb9b, irq 255
GigabitEthernet0/6 : address is 5475.d05a.fb9c, irq 255
GigabitEthernet0/7 : address is 5475.d05a.fb9d, irq 255
TenGigabitEthernet0/8: address is 5475.d05a.fb9e, irq 255
TenGigabitEthernet0/9: address is 5475.d05a.fb9f, irq 255
Internal-Data0/2
: address is 0000.0100.001b, irq 255
Internal-Data0/3
: address is 0000.0100.001c, irq 255
Not used
: irq 255
Not used
: irq 255
Not used
: irq 255
Not used
: irq 255
Not used
: irq 255
Not used
: irq 255

Licensed features for this platform:


Maximum Physical Interfaces
: Unlimited
Maximum VLANs
: 1024
Inside Hosts
: Unlimited
Failover
: Active/Active
Encryption-DES
: Enabled
Encryption-3DES-AES
: Disabled
Security Contexts
: 2
GTP/GPRS
: Disabled

perpetual
perpetual
perpetual
perpetual
perpetual
perpetual
perpetual
perpetual

AnyConnect Premium Peers


AnyConnect Essentials
Other VPN Peers
Total VPN Peers
Shared License
AnyConnect for Mobile
AnyConnect for Cisco VPN Phone
Advanced Endpoint Assessment
UC Phone Proxy Sessions
Total UC Proxy Sessions
Botnet Traffic Filter
Intercompany Media Engine
10GE I/O
Cluster

:
:
:
:
:
:
:
:
:
:
:
:
:
:

2
Disabled
10000
10000
Disabled
Disabled
Disabled
Disabled
2
2
Disabled
Disabled
Enabled
Disabled

perpetual
perpetual
perpetual
perpetual
perpetual
perpetual
perpetual
perpetual
perpetual
perpetual
perpetual
perpetual
perpetual
perpetual

This platform has an ASA5585-SSP-20 VPN Premium license.


Failover cluster licensed features for this platform:
Maximum Physical Interfaces
: Unlimited
perpetual
Maximum VLANs
: 1024
perpetual
Inside Hosts
: Unlimited
perpetual
Failover
: Active/Active perpetual
Encryption-DES
: Enabled
perpetual
Encryption-3DES-AES
: Enabled
perpetual
Security Contexts
: 4
perpetual
GTP/GPRS
: Disabled
perpetual
AnyConnect Premium Peers
: 4
perpetual
AnyConnect Essentials
: Disabled
perpetual
Other VPN Peers
: 10000
perpetual
Total VPN Peers
: 10000
perpetual
Shared License
: Disabled
perpetual
AnyConnect for Mobile
: Disabled
perpetual
AnyConnect for Cisco VPN Phone
: Disabled
perpetual
Advanced Endpoint Assessment
: Disabled
perpetual
UC Phone Proxy Sessions
: 4
perpetual
Total UC Proxy Sessions
: 4
perpetual
Botnet Traffic Filter
: Disabled
perpetual
Intercompany Media Engine
: Disabled
perpetual
10GE I/O
: Enabled
12 days
Cluster
: Disabled
perpetual
This platform has an ASA5585-SSP-20 VPN Premium license.
Serial Number: JAF1453AJRF
Running Permanent Activation Key: 0x5632f754 0x7492e7f9 0xed90b1cc 0xf284cce4 0x
8438db99
Configuration register is 0x1
Configuration last modified by enable_1 at 02:38:06.739 UTC Wed Oct 13 2010
ij04-ASA5585-1# dir
Directory of disk0:/
82
-rwx
11
drwx
22
drwx
23
drwx
83
-rwx
238.log
84
-rwx

30726144
32768
32768
32768
260

22:28:58
22:38:12
04:35:08
22:38:34
22:38:34

Aug
Aug
Sep
Aug
Aug

03
03
22
03
03

2011
2011
2010
2011
2011

asa841-smp-k8.bin
log
crypto_archive
coredumpinfo
upgrade_startup_errors_201108032

260

20:43:10 Aug 24 2011 upgrade_startup_errors_201108242

043.log
85
drwx
87
-rwx
88
-rwx
89
-rwx
90
-rwx
91
-rwx
527.log
92
-rwx
001.log
93
-rwx
240.log
94
-rwx
95
-rwx
96
-rwx
97
-rwx
98
-rwx
99
-rwx
005.log
100
-rwx
101
-rwx
102
-rwx
134.log
103
-rwx
006.log
104
-rwx
105
-rwx
106
-rwx
107
-rwx

32768
15841428
16280544
31039488
0
100

22:58:14
11:38:16
03:32:22
03:52:38
03:57:20
15:27:06

Aug
Aug
Aug
Aug
Aug
Nov

260

00:01:52 Sep 22 2010 upgrade_startup_errors_201009220

260

02:40:06 Sep 22 2010 upgrade_startup_errors_201009220

36827136
4514
4514
3392
1765
200

00:55:26
04:36:40
22:16:20
03:59:20
06:05:06
00:05:12

2721
2181
260

01:09:30 Sep 28 2010 A.cfg


01:09:32 Sep 28 2010 B.cfg
01:34:52 Sep 25 2010 upgrade_startup_errors_201009250

200

00:06:14 Sep 22 2010 upgrade_startup_errors_201009220

38191104
2336
2350
22658960

01:12:40
02:26:44
23:07:46
02:32:26

Sep
Sep
Sep
Oct
Oct
Sep

Sep
Oct
Oct
Oct

24
25
26
26
26
01

23
23
24
12
13
25

22
13
12
13

2011
2011
2011
2011
2011
2011

2010
2010
2010
2010
2010
2010

2010
2010
2010
2010

2049605632 bytes total (1852309504 bytes free)


ij04-ASA5585-1# sh run
: Saved
:
ASA Version 9.1(2) <system>
!
hostname ij04-ASA5585-1
enable password 9jNfZuG3TC5tCVH0 encrypted
no mac-address auto
!
interface GigabitEthernet0/0
description STATE Failover Interface
!
interface GigabitEthernet0/1
description LAN Failover Interface
!
interface GigabitEthernet0/2
!
interface GigabitEthernet0/3
description LAN Failover Interface
!
interface GigabitEthernet0/4
!
interface GigabitEthernet0/5
!
interface GigabitEthernet0/6
!
interface GigabitEthernet0/7
!
interface Management0/0

tmp
asdm-641.bin
asdm-645.bin
asa842-smp-k8.bin
nat_ident_migrate
upgrade_startup_errors_201111011

asa901-smp-k8.bin
DRDO-TEST1
DRDO1.cfg
old_running.cfg
admin.cfg
upgrade_startup_errors_201009250

asa912-smp-k8.bin
secntx1.cfg
secntx2.cfg
asdm-714.bin

!
interface Management0/1
!
interface TenGigabitEthernet0/8
!
interface TenGigabitEthernet0/9
!
interface Port-channel1
!
class default
limit-resource All 0
limit-resource ASDM 5
limit-resource SSH 5
limit-resource Telnet 5
!
boot system disk0:/asa912-smp-k8.bin
ftp mode passive
pager lines 24
failover
failover lan unit primary
failover lan interface failover_link GigabitEthernet0/1
failover link state_link GigabitEthernet0/0
failover interface ip failover_link 10.10.101.2 255.255.255.0 standby 10.10.101.
1
failover interface ip state_link 10.10.100.2 255.255.255.0 standby 10.10.100.1
failover group 1
failover group 2
secondary
asdm image disk0:/asdm-714.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
console timeout 0
!
tls-proxy maximum-session 1000
!
admin-context admin
context admin
allocate-interface Management0/0
config-url disk0:/admin.cfg
!
context secntx1
allocate-interface TenGigabitEthernet0/8 visible
allocate-interface TenGigabitEthernet0/9 visible
config-url disk0:/secntx1.cfg
join-failover-group 1
!
context secntx2
allocate-interface GigabitEthernet0/2 visible
allocate-interface GigabitEthernet0/4 visible
config-url disk0:/secntx2.cfg
join-failover-group 2
!
username cisco password ffIRPGpDSOJh9YLq encrypted privilege 15
prompt hostname context

no call-home reporting anonymous


call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DD
CEService
destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly 6
subscribe-to-alert-group configuration periodic monthly 6
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:6688ddd98668cd32fde279bf0a7f8141
: end
ij04-ASA5585-1# sh ver
Cisco Adaptive Security Appliance Software Version 9.1(2) <system>
Device Manager Version 7.1(4)
Compiled on Thu 09-May-13 16:20 PDT by builders
System image file is "disk0:/asa912-smp-k8.bin"
Config file at boot was "startup-config"
ij04-ASA5585-1 up 1 day 2 hours
failover cluster up 2 days 0 hours
Hardware: ASA5585-SSP-20, 12288 MB RAM, CPU Xeon 5500 series 2133 MHz, 1 CPU (
8 cores)
Internal ATA Compact Flash, 2048MB
BIOS Flash M25P32 @ 0x0, 4096KB
Encryption hardware device : Cisco ASA-5585 on-board
Boot microcode
:
SSL/IKE microcode
:
IPSec microcode
:
Number of accelerators:

accelerator (revision 0x1)


CNPx-MC-BOOT-2.00
CNPx-MC-SSL-PLUS-T020
CNPx-MC-IPSEC-MAIN-0024
2

Programmable device : Cisco CPLD revision 0x8


0:
2:
3:
4:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:

Int:
Int:
Ext:
Ext:
Ext:
Ext:
Ext:
Ext:
Ext:
Ext:
Ext:
Ext:
Ext:
Ext:
Int:
Int:
Int:
Int:
Int:
Int:

Internal-Data0/0
: address is 0000.0001.0001, irq 5
Internal-Data0/1
: address is 0000.0001.0002, irq 10
Management0/0
: address is 5475.d05a.fb94, irq 10
Management0/1
: address is 5475.d05a.fb95, irq 5
GigabitEthernet0/0 : address is 5475.d05a.fb96, irq 255
GigabitEthernet0/1 : address is 5475.d05a.fb97, irq 255
GigabitEthernet0/2 : address is 5475.d05a.fb98, irq 255
GigabitEthernet0/3 : address is 5475.d05a.fb99, irq 255
GigabitEthernet0/4 : address is 5475.d05a.fb9a, irq 255
GigabitEthernet0/5 : address is 5475.d05a.fb9b, irq 255
GigabitEthernet0/6 : address is 5475.d05a.fb9c, irq 255
GigabitEthernet0/7 : address is 5475.d05a.fb9d, irq 255
TenGigabitEthernet0/8: address is 5475.d05a.fb9e, irq 255
TenGigabitEthernet0/9: address is 5475.d05a.fb9f, irq 255
Internal-Data0/2
: address is 0000.0100.001b, irq 255
Internal-Data0/3
: address is 0000.0100.001c, irq 255
Not used
: irq 255
Not used
: irq 255
Not used
: irq 255
Not used
: irq 255

32: Int: Not used


33: Int: Not used

: irq 255
: irq 255

Licensed features for this platform:


Maximum Physical Interfaces
: Unlimited
Maximum VLANs
: 1024
Inside Hosts
: Unlimited
Failover
: Active/Active
Encryption-DES
: Enabled
Encryption-3DES-AES
: Disabled
Security Contexts
: 2
GTP/GPRS
: Disabled
AnyConnect Premium Peers
: 2
AnyConnect Essentials
: Disabled
Other VPN Peers
: 10000
Total VPN Peers
: 10000
Shared License
: Disabled
AnyConnect for Mobile
: Disabled
AnyConnect for Cisco VPN Phone
: Disabled
Advanced Endpoint Assessment
: Disabled
UC Phone Proxy Sessions
: 2
Total UC Proxy Sessions
: 2
Botnet Traffic Filter
: Disabled
Intercompany Media Engine
: Disabled
10GE I/O
: Enabled
Cluster
: Disabled

perpetual
perpetual
perpetual
perpetual
perpetual
perpetual
perpetual
perpetual
perpetual
perpetual
perpetual
perpetual
perpetual
perpetual
perpetual
perpetual
perpetual
perpetual
perpetual
perpetual
perpetual
perpetual

This platform has an ASA5585-SSP-20 VPN Premium license.


Failover cluster licensed features for this platform:
Maximum Physical Interfaces
: Unlimited
perpetual
Maximum VLANs
: 1024
perpetual
Inside Hosts
: Unlimited
perpetual
Failover
: Active/Active perpetual
Encryption-DES
: Enabled
perpetual
Encryption-3DES-AES
: Enabled
perpetual
Security Contexts
: 4
perpetual
GTP/GPRS
: Disabled
perpetual
AnyConnect Premium Peers
: 4
perpetual
AnyConnect Essentials
: Disabled
perpetual
Other VPN Peers
: 10000
perpetual
Total VPN Peers
: 10000
perpetual
Shared License
: Disabled
perpetual
AnyConnect for Mobile
: Disabled
perpetual
AnyConnect for Cisco VPN Phone
: Disabled
perpetual
Advanced Endpoint Assessment
: Disabled
perpetual
UC Phone Proxy Sessions
: 4
perpetual
Total UC Proxy Sessions
: 4
perpetual
Botnet Traffic Filter
: Disabled
perpetual
Intercompany Media Engine
: Disabled
perpetual
10GE I/O
: Enabled
12 days
Cluster
: Disabled
perpetual
This platform has an ASA5585-SSP-20 VPN Premium license.
Serial Number: JAF1453AJRF
Running Permanent Activation Key: 0x5632f754 0x7492e7f9 0xed90b1cc 0xf284cce4 0x
8438db99
Configuration register is 0x1

Configuration last modified by enable_1 at 02:38:06.739 UTC Wed Oct 13 2010


ij04-ASA5585-1# changeto con
ij04-ASA5585-1# changeto context admin
ij04-ASA5585-1/admin#
ij04-ASA5585-1/admin#
ij04-ASA5585-1/admin# chnageto system
^
ERROR: % Invalid input detected at '^' marker.
ij04-ASA5585-1/admin#
ij04-ASA5585-1/admin# changeto sys
ij04-ASA5585-1# sh run
: Saved
:
ASA Version 9.1(2) <system>
!
hostname ij04-ASA5585-1
enable password 9jNfZuG3TC5tCVH0 encrypted
no mac-address auto
!
interface GigabitEthernet0/0
description STATE Failover Interface
!
interface GigabitEthernet0/1
description LAN Failover Interface
!
interface GigabitEthernet0/2
!
interface GigabitEthernet0/3
description LAN Failover Interface
!
interface GigabitEthernet0/4
!
interface GigabitEthernet0/5
!
interface GigabitEthernet0/6
!
interface GigabitEthernet0/7
!
interface Management0/0
!
interface Management0/1
!
interface TenGigabitEthernet0/8
!
interface TenGigabitEthernet0/9
!
interface Port-channel1
!
class default
limit-resource All 0
limit-resource ASDM 5
limit-resource SSH 5
limit-resource Telnet 5
!
boot system disk0:/asa912-smp-k8.bin
ftp mode passive
pager lines 24
failover
failover lan unit primary

failover lan interface failover_link GigabitEthernet0/1


failover link state_link GigabitEthernet0/0
failover interface ip failover_link 10.10.101.2 255.255.255.0 standby 10.10.101.
1
failover interface ip state_link 10.10.100.2 255.255.255.0 standby 10.10.100.1
failover group 1
failover group 2
secondary
asdm image disk0:/asdm-714.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
console timeout 0
!
tls-proxy maximum-session 1000
!
admin-context admin
context admin
allocate-interface Management0/0
config-url disk0:/admin.cfg
!
context secntx1
allocate-interface TenGigabitEthernet0/8 visible
allocate-interface TenGigabitEthernet0/9 visible
config-url disk0:/secntx1.cfg
join-failover-group 1
!
context secntx2
allocate-interface GigabitEthernet0/2 visible
allocate-interface GigabitEthernet0/4 visible
config-url disk0:/secntx2.cfg
join-failover-group 2
!
username cisco password ffIRPGpDSOJh9YLq encrypted privilege 15
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DD
CEService
destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly 6
subscribe-to-alert-group configuration periodic monthly 6
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:6688ddd98668cd32fde279bf0a7f8141
: end
ij04-ASA5585-1#
ij04-ASA5585-1#
ij04-ASA5585-1#
ij04-ASA5585-1#
ij04-ASA5585-1#
ij04-ASA5585-1# changeto con

ij04-ASA5585-1# changeto context admin


ij04-ASA5585-1/admin#
ij04-ASA5585-1/admin# sh run
: Saved
:
ASA Version 9.1(2) <context>
!
hostname ij04-ASA5585-1
domain-name wr
enable password 8Ry2YjIyt7RRXU24 encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Management0/0
nameif mangement
security-level 0
ip address 10.64.121.129 255.255.252.0
!
dns server-group DefaultDNS
domain-name wr
pager lines 24
logging enable
logging asdm informational
mtu mangement 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
route mangement 0.0.0.0 0.0.0.0 10.64.120.1 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
user-identity default-domain LOCAL
http server enable
http 0.0.0.0 0.0.0.0 mangement
no snmp-server location
no snmp-server contact
crypto ipsec security-association pmtu-aging infinite
telnet 0.0.0.0 0.0.0.0 mangement
telnet timeout 5
ssh timeout 5
ssh key-exchange group dh-group1-sha1
no threat-detection statistics tcp-intercept
username cisco password ffIRPGpDSOJh9YLq encrypted privilege 15
!
!
Cryptochecksum:258dcda0d8d0c1f7e94cb77d01852923
: end

ij04-ASA5585-1/admin# changeto con


ij04-ASA5585-1/admin# changeto context secntx1
ij04-ASA5585-1/secntx1#
ij04-ASA5585-1/secntx1#
ij04-ASA5585-1/secntx1# sh run
: Saved
:
ASA Version 9.1(2) <context>
!
hostname secntx1
enable password 9jNfZuG3TC5tCVH0 encrypted
names
!
interface TenGigabitEthernet0/8
nameif outside
security-level 10
ip address 10.1.4.4 255.255.255.0 standby 10.1.4.10
asr-group 1
!
interface TenGigabitEthernet0/9
nameif inside
security-level 90
ip address 10.4.7.4 255.255.255.0 standby 10.4.7.10
!
access-list access_permit remark "This will allow all types of IP traffic from o
utside"
access-list access_permit extended permit ip any any log
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
access-group access_permit in interface outside
!
router ospf 111
network 10.1.4.0 255.255.255.0 area 0
network 10.4.7.0 255.255.255.0 area 0
log-adj-changes
!
route outside 0.0.0.0 0.0.0.0 10.1.4.1 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
user-identity default-domain LOCAL
http server enable
http 0.0.0.0 0.0.0.0 inside
no snmp-server location
ij04-ASA5585-1/secntx1#
ij04-ASA5585-1/secntx1#
ij04-ASA5585-1/secntx1# sh ver
Cisco Adaptive Security Appliance Software Version 9.1(2) <context>

Device Manager Version 7.1(4)


Compiled on Thu 09-May-13 16:20 PDT by builders
ij04-ASA5585-1 up 1 day 2 hours
failover cluster up 2 days 1 hour
Hardware:

ASA5585-SSP-20

Licensed features for this user context:


Failover
: Active/Active
Encryption-DES
: Enabled
Encryption-3DES-AES
: Disabled
GTP/GPRS
: Disabled
Other VPN Peers
: 0
Botnet Traffic Filter
: Disabled
Intercompany Media Engine
: Disabled
10GE I/O
: Enabled
Cluster
: Disabled

perpetual
perpetual
perpetual
perpetual
perpetual
perpetual
perpetual
perpetual
perpetual

Failover cluster licensed features for this user context:


Failover
: Active/Active perpetual
Encryption-DES
: Enabled
perpetual
Encryption-3DES-AES
: Enabled
perpetual
GTP/GPRS
: Disabled
perpetual
Other VPN Peers
: 0
perpetual
Botnet Traffic Filter
: Disabled
perpetual
Intercompany Media Engine
: Disabled
perpetual
10GE I/O
: Enabled
12 days
Cluster
: Disabled
perpetual
Configuration last modified by cisco at 04:50:26.477 UTC Thu Oct 14 2010
ij04-ASA5585-1/secntx1# sh run
: Saved
:
ASA Version 9.1(2) <context>
!
hostname secntx1
enable password 9jNfZuG3TC5tCVH0 encrypted
names
!
interface TenGigabitEthernet0/8
nameif outside
security-level 10
ip address 10.1.4.4 255.255.255.0 standby 10.1.4.10
asr-group 1
!
interface TenGigabitEthernet0/9
nameif inside
security-level 90
ip address 10.4.7.4 255.255.255.0 standby 10.4.7.10
!
access-list access_permit remark "This will allow all types of IP traffic from o
utside"
access-list access_permit extended permit ip any any log
pager lines 24
logging enable
logging asdm informational
mtu outside 1500

mtu inside 1500


icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
access-group access_permit in interface outside
!
router ospf 111
network 10.1.4.0 255.255.255.0 area 0
network 10.4.7.0 255.255.255.0 area 0
log-adj-changes
!
route outside 0.0.0.0 0.0.0.0 10.1.4.1 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
user-identity default-domain LOCAL
http server enable
http 0.0.0.0 0.0.0.0 inside
no snmp-server location
no snmp-server contact
crypto ipsec security-association pmtu-aging infinite
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 5
ssh timeout 5
ssh key-exchange group dh-group1-sha1
no threat-detection statistics tcp-intercept
ssl encryption des-sha1
username cisco password ffIRPGpDSOJh9YLq encrypted privilege 15
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
!

service-policy global_policy global


Cryptochecksum:d41d8cd98f00b204e9800998ecf8427e
: end
ij04-ASA5585-1/secntx1# conf t
ij04-ASA5585-1/secntx1(config)# router osp
ij04-ASA5585-1/secntx1(config)# router ospf ?
configure mode commands/options:
<1-65535> Process ID
ij04-ASA5585-1/secntx1(config)# router ospf 111 ?
configure mode commands/options:
<cr>
ij04-ASA5585-1/secntx1(config)# router ?
configure mode commands/options:
eigrp Enhanced Interior Gateway Routing Protocol (EIGRP)
ospf Open Shortest Path First (OSPF)
ij04-ASA5585-1/secntx1(config)# router
ERROR: % Incomplete command
ij04-ASA5585-1/secntx1(config)#
ij04-ASA5585-1/secntx1(config)#
ij04-ASA5585-1/secntx1(config)# sh os nei
Neighbor ID
Pri State
Dead Time Address
1.1.1.1
1 FULL/DR
0:00:35
10.1.4.1
7.7.7.7
1 FULL/BDR
0:00:33
10.4.7.7
ij04-ASA5585-1/secntx1(config)# sh run
: Saved
:
ASA Version 9.1(2) <context>
!
hostname secntx1
enable password 9jNfZuG3TC5tCVH0 encrypted
names
!
interface TenGigabitEthernet0/8
nameif outside
security-level 10
ip address 10.1.4.4 255.255.255.0 standby 10.1.4.10
asr-group 1
!
interface TenGigabitEthernet0/9
nameif inside
security-level 90
ip address 10.4.7.4 255.255.255.0 standby 10.4.7.10
!
access-list access_permit remark "This will allow all types of IP
utside"
access-list access_permit extended permit ip any any log
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
access-group access_permit in interface outside

Interface
outside
inside

traffic from o

!
router ospf 111
network 10.1.4.0 255.255.255.0 area 0
network 10.4.7.0 255.255.255.0 area 0
log-adj-changes
!
route outside 0.0.0.0 0.0.0.0 10.1.4.1 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
user-identity default-domain LOCAL
http server enable
http 0.0.0.0 0.0.0.0 inside
no snmp-server location
no snmp-server contact
crypto ipsec security-association pmtu-aging infinite
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 5
ssh timeout 5
ssh key-exchange group dh-group1-sha1
no threat-detection statistics tcp-intercept
ssl encryption des-sha1
username cisco password ffIRPGpDSOJh9YLq encrypted privilege 15
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
!
service-policy global_policy global
Cryptochecksum:d41d8cd98f00b204e9800998ecf8427e
: end
ij04-ASA5585-1/secntx1(config)# sh route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP


D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is 10.1.4.1 to network 0.0.0.0
O
1.1.1.1 255.255.255.255 [110/11] via 10.1.4.1, 26:24:02, outside
C
10.4.7.0 255.255.255.0 is directly connected, inside
C
10.1.4.0 255.255.255.0 is directly connected, outside
S* 0.0.0.0 0.0.0.0 [1/0] via 10.1.4.1, outside
ij04-ASA5585-1/secntx1(config)# sh route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is 10.1.4.1 to network 0.0.0.0
O E2
O E2
O
O E2
O E2
O E2
O E2
O E2
O E2
O E2
O E2
O E2
O E2
C
O E2
O E2
O E2
O E2
O E2
O E2
O E2
C
O E2
O E2
O E2
O E2
O E2
O E2
O E2
S*

17.17.17.17 255.255.255.255 [110/20] via 10.4.7.7, 0:00:19, inside


16.16.16.16 255.255.255.255 [110/20] via 10.4.7.7, 0:00:19, inside
1.1.1.1 255.255.255.255 [110/11] via 10.1.4.1, 0:00:19, outside
18.18.18.18 255.255.255.255 [110/20] via 10.4.7.7, 0:00:19, inside
7.7.7.7 255.255.255.255 [110/20] via 10.4.7.7, 0:00:19, inside
8.8.8.8 255.255.255.255 [110/20] via 10.4.7.7, 0:00:19, inside
9.9.9.9 255.255.255.255 [110/20] via 10.4.7.7, 0:00:19, inside
10.7.13.0 255.255.255.0 [110/20] via 10.4.7.7, 0:00:19, inside
10.7.8.0 255.255.255.0 [110/20] via 10.4.7.7, 0:00:19, inside
10.6.9.0 255.255.255.0 [110/20] via 10.4.7.7, 0:00:19, inside
10.16.18.0 255.255.255.0 [110/20] via 10.4.7.7, 0:00:19, inside
10.13.14.0 255.255.255.0 [110/20] via 10.4.7.7, 0:00:19, inside
10.8.11.0 255.255.255.0 [110/20] via 10.4.7.7, 0:00:19, inside
10.4.7.0 255.255.255.0 is directly connected, inside
10.8.9.0 255.255.255.0 [110/20] via 10.4.7.7, 0:00:25, inside
10.9.15.0 255.255.255.0 [110/20] via 10.4.7.7, 0:00:25, inside
10.8.14.0 255.255.255.0 [110/20] via 10.4.7.7, 0:00:25, inside
10.9.14.0 255.255.255.0 [110/20] via 10.4.7.7, 0:00:25, inside
10.8.15.0 255.255.255.0 [110/20] via 10.4.7.7, 0:00:25, inside
10.9.13.0 255.255.255.0 [110/20] via 10.4.7.7, 0:00:25, inside
10.9.12.0 255.255.255.0 [110/20] via 10.4.7.7, 0:00:25, inside
10.1.4.0 255.255.255.0 is directly connected, outside
10.13.17.0 255.255.255.0 [110/20] via 10.4.7.7, 0:00:25, inside
10.13.16.0 255.255.255.0 [110/20] via 10.4.7.7, 0:00:25, inside
11.1.1.0 255.255.255.0 [110/20] via 10.4.7.7, 0:00:25, inside
12.1.1.0 255.255.255.0 [110/20] via 10.4.7.7, 0:00:25, inside
13.13.13.13 255.255.255.255 [110/20] via 10.4.7.7, 0:00:25, inside
14.14.14.14 255.255.255.255 [110/20] via 10.4.7.7, 0:00:25, inside
15.15.15.15 255.255.255.255 [110/20] via 10.4.7.7, 0:00:25, inside
0.0.0.0 0.0.0.0 [1/0] via 10.1.4.1, outside