Cisco OL-24124-01 User Manual
Page 12
17-12
Cisco Unified Communications Manager Security Guide
OL-24124-01
Chapter 17 Configuring Virtual Private Networks
Sample ASA configuration summary
no nameif
security-level 100
no ip address
!
interface Management0/0
shutdown
nameif management
security-level 100
no ip address
management-only
!
!--- Boot image of ASA
boot system disk0:/asa821-k8.bin
ftp mode passive
!--- Clock settings
clock timezone CST -6
clock summer-time CDT recurring
!--- DNS configuration
dns domain-lookup outside
dns server-group DefaultDNS
name-server 64.101.128.56
domain-name nw048b.cisco.com
!--- Enable interface on the same security level so that they can communicate to each
other
same-security-traffic permit inter-interface
!--- Enable communication between hosts connected to same interface
same-security-traffic permit intra-interface
pager lines 24
!--- Logging options
logging enable
logging timestamp
logging console debugging
no logging message 710005
mtu outside 1500
mtu inside 1500
mtu management 1500
!--- Define IP local address pool
ip local pool Webvpn_POOL 10.8.40.150-10.8.40.170 mask 255.255.255.192
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
!--- ASDM image
asdm image disk0:/asdm-623.bin
no asdm history enable
arp timeout 14400
!--- Static routing
route outside 0.0.0.0 0.0.0.0 10.89.79.129 1
route inside 10.89.0.0 255.255.0.0 10.8.40.1 1
route inside 0.0.0.0 0.0.0.0 10.8.40.1 tunneled
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute