cisco_asa_5515-x

conf t
#basic configuration for ASA management
!
hostname Cisco
!
interface Port-channel1
nameif PO1
security-level 0
no ip address
!
interface GigabitEthernet0/0
no shutdown
channel-group 1 mode active
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/1
no shutdown
channel-group 1 mode active
no nameif
no security-level
no ip address
!
interface Port-channel1.906
vlan 906
nameif 906-WAN
security-level 0
ip address 79.112.1.2 255.255.255.0
!
interface Port-channel1.100
vlan 100
nameif 100-LSP-MGT
security-level 100
ip address 10.140.13.135 255.255.255.128
!
ntp server 172.16.8.225 source 100-LSP-MGT
clock timezone GMT 0
domain-name marriott.com
dns domain-lookup 906-WAN
dns server-group DefaultDNS
name-server 8.8.8.8
domain-name marriott.com
logging enable
logging timestamp
logging trap critical
logging asdm informational
logging host 100-LSP-MGT 172.16.8.241
logging permit-hostdown
icmp permit 217.169.134.32 255.255.255.224 906-WAN
route 906-WAN 0.0.0.0 0.0.0.0 79.112.1.1 1

route 100-LSP-MGT 172.16.8.0 255.255.252.0 10.140.13.129 1
route 100-LSP-MGT 172.16.16.0 255.255.252.0 10.140.13.129 1
aaa-server HOIST protocol radius
aaa-server HOIST (100-LSP-MGT) host 172.16.8.102
key Sp7xyDrk
authentication-port 1812
accounting-port 1813
radius-common-pw Sp7xyDrk
no mschapv2-capable
user-identity default-domain LOCAL
aaa authentication enable console HOIST LOCAL
aaa authentication http console HOIST LOCAL
aaa authentication ssh console HOIST LOCAL
aaa authentication serial console LOCAL
http server enable
http server idle-timeout 10
http 10.140.13.0 255.255.255.128 100-LSP-MGT
http 217.169.134.33 255.255.255.255 906-WAN
http 172.16.8.0 255.255.252.0 100-LSP-MGT
http 172.16.16.0 255.255.252.0 100-LSP-MGT
ssh 217.169.134.33 255.255.255.255 906-WAN
ssh 10.140.13.0 255.255.255.128 100-LSP-MGT
ssh 172.16.16.0 255.255.252.0 100-LSP-MGT
ssh 172.16.8.0 255.255.252.0 100-LSP-MGT
ssh stricthostkeycheck
ssh timeout 10
ssh version 2
crypto key generate rsa general-keys modulus 2048 noconfirm
console timeout 10
snmp-server host 100-LSP-MGT 172.16.8.245 community b@mb1x version 2c udp-port 161
snmp-server location Cisco
snmp-server contact HoistGroup
snmp-server community cru3sl1
username admin password 8jsIb3irnfso8OxQ encrypted privilege 15
enable password djipOQZX8WxG.ccW encrypted
#—————————————————————–
#add GPNS specific interfaces
!
interface Port-channel1.105
vlan 105
nameif 105-GPMS
security-level 90
ip address 10.140.13.65 255.255.255.224
object network 105-GPMS
subnet 10.140.13.64 255.255.255.224
!
interface Port-channel1.200
vlan 200
nameif 200-SRVMIPCI
security-level 90
ip address 10.140.10.1 255.255.255.192
object network 200-SRVMIPCI
subnet 10.140.10.0 255.255.255.192
!
interface Port-channel1.201
vlan 201
nameif 201-SRVTRST
security-level 90
ip address 10.140.12.129 255.255.255.224
object network 201-SRVTRST
subnet 10.140.12.128 255.255.255.224
!
interface Port-channel1.202
vlan 202
nameif 202-SRVNTRST
security-level 90
ip address 10.140.12.161 255.255.255.224 object network 202-SRVNTRST subnet 10.140.12.160 255.255.255.224 ! interface Port-channel1.203 vlan 203 nameif 203-MICTERM security-level 90 ip address 10.140.11.65 255.255.255.192 object network 203-MICTERM subnet 10.140.11.64 255.255.255.192 ! interface Port-channel1.205 vlan 205 nameif 205-MICTERM2 security-level 90 ip address 10.140.11.161 255.255.255.224 object network 205-MICTERM2 subnet 10.140.11.160 255.255.255.224 ! interface Port-channel1.206 vlan 206 nameif 206-TOKEN security-level 90 ip address 10.140.12.193 255.255.255.192 object network 206-TOKEN subnet 10.140.12.192 255.255.255.192 ! interface Port-channel1.601 vlan 601 nameif 601-ASSVOIP1 security-level 40 ip address 172.16.0.1 255.255.255.0 object network 601-ASSVOIP1 subnet 172.16.0.0 255.255.255.0 ! interface Port-channel1.650 vlan 650 nameif 650-WVOIP security-level 40 ip address 172.16.2.1 255.255.255.0 object network 650-WVOIP subnet 172.16.2.0 255.255.255.0 ! interface Port-channel1.651 vlan 651 nameif 651-GSTVOIP1 security-level 40 ip address 172.16.4.1 255.255.255.0 object network 651-GSTVOIP1 subnet 172.16.4.0 255.255.255.0 ! interface Port-channel1.699 vlan 699 nameif 699-MGTVOIP security-level 40 ip address 10.140.11.33 255.255.255.224 object network 699-MGTVOIP subnet 10.140.11.32 255.255.255.224 ! interface Port-channel1.700 vlan 700 nameif 700-SURVCAM security-level 40 ip address 172.17.1.1 255.255.255.0 object network 700-SURVCAM subnet 172.17.1.0 255.255.255.0 ! interface Port-channel1.820 vlan 820 nameif 820-KEYCRDLC security-level 30 ip address 192.168.21.1 255.255.255.0 object network 820-KEYCRDLC subnet 192.168.21.0 255.255.255.0 ! interface Port-channel1.850 vlan 850 nameif 850-IPTVNDR1 security-level 30 ip address 172.18.0.1 255.255.0.0 object network 850-IPTVNDR1 subnet 172.18.0.0 255.255.0.0 ! interface Port-channel1.899 vlan 899 nameif 899-MGTIPTV security-level 30 ip address 192.168.99.1 255.255.255.0 object network 899-MGTIPTV subnet 192.168.99.0 255.255.255.0 ! interface Port-channel1.900 vlan 900 nameif 900-MIWAN security-level 90 ip address 10.140.13.98 255.255.255.248 object network 900-MIWAN subnet 10.140.13.96 255.255.255.248 ! #add Marriott routes route 900-MIWAN 10.59.103.0 255.255.255.0 10.140.13.97 1 route 900-MIWAN 159.166.0.0 255.255.0.0 10.140.13.97 1 route 900-MIWAN 162.10.146.0 255.255.255.0 10.140.13.97 1 route 900-MIWAN 162.130.0.0 255.255.0.0 10.140.13.97 1 ! #add network objects object network 300-ASSPC subnet 10.140.12.0 255.255.255.128 object network 301-ASSDEV subnet 10.140.10.128 255.255.255.192 object network 302-SPACLNT subnet 10.140.11.128 255.255.255.224 object network 305-ASSPC2 subnet 10.140.11.192 255.255.255.192 object network 351-OPERAIFC subnet 10.10.1.10 255.255.254.0 object network 450-ASSPCW subnet 10.140.10.192 255.255.255.224 object network 451-MICROSHH subnet 10.140.11.0 255.255.255.224 object network GW_in_900 host 10.140.13.97 object network Net_MI_1 subnet 162.130.0.0 255.255.0.0 description MI network N# 1 object network Net_MI_3 subnet 159.166.0.0 255.255.0.0 description MI network N# 3 object network Net_MI_SRV subnet 162.10.146.0 255.255.255.0 object network Net_MI_Accenture_1 subnet 192.168.72.0 255.255.255.0 description Accetnture network for Marriott object network Net_MI_Accenture_2 subnet 192.168.73.0 255.255.255.0 description Accenture network for Marriott object network Host_Marriott_ACS host 162.130.146.47 description Marriott active Directory object network Host_Marriott_OWA host 162.130.196.190 description owa.marriott.com object network MAARK1-SVR3 host 162.130.114.45 object network MAARK1_SVR1 host 162.130.128.92 object network MAARK1_SVR2 host 162.130.122.125 object network Net_MI_2 subnet 10.0.0.0 255.0.0.0 description MI network N# 2 object network SixAppCertDld_DNS fqdn v4 services.3cint.com object network SixAppCertDld_IP fqdn v4 194.7.129.142 object network SixDDC_DNS fqdn v4 ddc.3cint.com object network SixDDC_IP host 194.7.129.146 object network SixServerMaintenace host 217.31.76.137 object network SixTransAuthDNS fqdn v4 auth.3cint.com object network SixTransAuthIP host 194.7.129.137 object network SixTransUpl_DNS fqdn v4 transaction.3cint.com object network SixTransUpl_IP host 194.7.129.139 object network SixOSSEC_DNS fqdn v4 mon.3cint.com object network SixOSSEC_IP fqdn v4 217.31.76.152 object network SixSysConfDld_DNS fqdn v4 3csupportsystem.com object network SixSysConfDld_IP host 194.7.129.144 object network SixDNS_DNS fqdn v4 ns2.verizon.net object network SixDNS_IP host 194.7.15.70 object network SixNTP fqdn v4 pool.ntp.org object network EMV_Serv fqdn v4 serv.ep2.telekurs.com object network EMV_Serv_IP host 153.46.253.156 object network EMV_Siconfig fqdn v4 siconfig.ep2.telekurs.com object network EMV_SiconfigIP host 153.46.253.155 object network EMV_Siinit fqdn v4 siinit.ep2.telekurs.com object network EMV_SiinitIP host 153.46.253.149 object network EMV_fe fqdn v4 fe.ep2.telekurs.com object network EMV_feIP host 153.46.253.145 object network EMV_PMS fqdn v4 pms.ep2.telekurs.com object network EMV_PMS_IP host 153.46.253.151 object network EMV_fecash fqdn v4 fe.cash.telekurs.com object network EMV_fecashIP host 153.46.253.158 object network EMV_ep2p fqdn v4 ep2p.a-multilink.ch object network EMV_ep2pIP host 62.2.162.97 object network EMV_gklp fqdn v4 gklp.telekurs.com object network EMV_gklpIP host 153.46.253.217 object network EMV_ep2 fqdn v4 ep2.firstdata.de object network EMV_ep2IP host 217.73.32.84 object network EMV_IP host 193.16.220.2 object network EMV_ep2rtc fqdn v4 ep2.rtc.ch object network EMV_ep2rtcIP host 193.227.225.13 object network EMV_ep2post fqdn v4 ep2.PostFinance.ch object network EMV_ep2postIP host 138.189.254.100 object network EMVIP2 host 62.2.162.113 object network SIX_SVR host 172.23.0.3 object network Six_SupportIP1 host 217.31.76.146 object network Six_SupportIP2 host 194.7.129.152 object network Six_SupportIP3 host 65.216.73.194 ! #add object network groups object-group network MI_WAN_net description all MI routable intranet networks network-object object Net_MI_1 network-object object Net_MI_3 network-object object Net_MI_SRV network-object object Net_MI_Accenture_1 network-object object Net_MI_Accenture_2 network-object object Net_MI_2 object-group network DM_INLINE_NETWORK_2 network-object object MAARK1-SVR3 network-object object MAARK1_SVR1 network-object object MAARK1_SVR2 object-group protocol DM_INLINE_PROTOCOL_4 protocol-object ip protocol-object icmp object-group network DM_INLINE_NETWORK_3 group-object MI_WAN_net object-group network DM_INLINE_NETWORK_5 network-object object 820-KEYCRDLC group-object MI_WAN_net network-object object 203-MICTERM object-group network DM_INLINE_NETWORK_6 network-object object 105-GPMS network-object object 203-MICTERM network-object object 205-MICTERM2 network-object object 206-TOKEN network-object object 300-ASSPC network-object object 301-ASSDEV network-object object 305-ASSPC2 network-object object 351-OPERAIFC network-object object 450-ASSPCW network-object object 451-MICROSHH network-object object 900-MIWAN object-group network DM_INLINE_NETWORK_4 network-object object 200-SRVMIPCI network-object object 201-SRVTRST network-object object 300-ASSPC network-object object 301-ASSDEV network-object object 450-ASSPCW object-group network DM_INLINE_NETWORK_54 network-object object 200-SRVMIPCI network-object object 201-SRVTRST network-object object 202-SRVNTRST network-object object 203-MICTERM network-object object 601-ASSVOIP1 network-object object 651-GSTVOIP1 network-object object 699-MGTVOIP network-object object 700-SURVCAM network-object object 820-KEYCRDLC network-object object 850-IPTVNDR1 network-object object 899-MGTIPTV object-group network SIX_SVR_OUT network-object object SixAppCertDld_DNS network-object object SixAppCertDld_IP network-object object SixDDC_DNS network-object object SixDDC_IP network-object object SixDNS_DNS network-object object SixDNS_IP network-object object SixNTP network-object object SixOSSEC_DNS network-object object SixOSSEC_IP network-object object SixServerMaintenace network-object object SixSysConfDld_DNS network-object object SixSysConfDld_IP network-object object SixTransAuthDNS network-object object SixTransAuthIP network-object object SixTransUpl_DNS network-object object SixTransUpl_IP object-group network EMV network-object object EMV_IP network-object object EMV_PMS network-object object EMV_PMS_IP network-object object EMV_Serv network-object object EMV_Serv_IP network-object object EMV_Siconfig network-object object EMV_SiconfigIP network-object object EMV_Siinit network-object object EMV_SiinitIP network-object object EMVIP2 network-object object EMV_ep2 network-object object EMV_ep2IP network-object object EMV_ep2p network-object object EMV_ep2pIP network-object object EMV_ep2post network-object object EMV_ep2postIP network-object object EMV_ep2rtc network-object object EMV_ep2rtcIP network-object object EMV_fe network-object object EMV_feIP network-object object EMV_fecash network-object object EMV_fecashIP network-object object EMV_gklp network-object object EMV_gklpIP object-group network DM_INLINE_NETWORK_7 network-object object 200-SRVMIPCI network-object object 201-SRVTRST network-object object 205-MICTERM2 network-object object 300-ASSPC network-object object 301-ASSDEV network-object object 305-ASSPC2 network-object object 450-ASSPCW network-object object 451-MICROSHH network-object object 900-MIWAN object-group network DM_INLINE_NETWORK_8 network-object object 201-SRVTRST network-object object 203-MICTERM network-object object 205-MICTERM2 network-object object 451-MICROSHH object-group network DM_INLINE_NETWORK_9 network-object object 105-GPMS network-object object 200-SRVMIPCI network-object object 201-SRVTRST network-object object 202-SRVNTRST network-object object 300-ASSPC network-object object 301-ASSDEV network-object object 351-OPERAIFC network-object object 450-ASSPCW object-group network Six_Support network-object object Six_SupportIP1 network-object object Six_SupportIP2 network-object object Six_SupportIP3 object-group network DM_INLINE_NETWORK_10 network-object object SixServerMaintenace network-object object SixTransAuthDNS network-object object SixTransAuthIP object-group network DM_INLINE_NETWORK_11 network-object object SixAppCertDld_DNS network-object object SixAppCertDld_IP network-object object SixDDC_DNS network-object object SixDDC_IP network-object object SixSysConfDld_DNS network-object object SixSysConfDld_IP network-object object SixTransUpl_DNS network-object object SixTransUpl_IP object-group network DM_INLINE_NETWORK_23 network-object object SixOSSEC_DNS network-object object SixOSSEC_IP object-group network DM_INLINE_NETWORK_24 network-object object EMV_Serv network-object object EMV_Serv_IP object-group network DM_INLINE_NETWORK_25 network-object object EMV_Siconfig network-object object EMV_SiconfigIP object-group network DM_INLINE_NETWORK_26 network-object object EMV_Siinit network-object object EMV_SiinitIP object-group network DM_INLINE_NETWORK_27 network-object object EMV_fe network-object object EMV_feIP object-group network DM_INLINE_NETWORK_28 network-object object EMV_PMS network-object object EMV_PMS_IP object-group network DM_INLINE_NETWORK_29 network-object object EMV_fecash network-object object EMV_fecashIP object-group network DM_INLINE_NETWORK_30 network-object object EMV_gklp network-object object EMV_gklpIP object-group network DM_INLINE_NETWORK_31 network-object object EMV_ep2p network-object object EMV_ep2pIP object-group network DM_INLINE_NETWORK_32 network-object object EMV_ep2 network-object object EMV_ep2IP object-group network DM_INLINE_NETWORK_33 network-object object EMV_ep2rtc network-object object EMV_ep2rtcIP object-group network DM_INLINE_NETWORK_34 network-object object EMV_ep2post network-object object EMV_ep2postIP object-group network DM_INLINE_NETWORK_1 network-object object 105-GPMS network-object object 200-SRVMIPCI network-object object 201-SRVTRST network-object object 202-SRVNTRST network-object object 300-ASSPC network-object object 301-ASSDEV network-object object 450-ASSPCW object-group network DM_INLINE_NETWORK_37 network-object object 200-SRVMIPCI network-object object 201-SRVTRST network-object object 202-SRVNTRST network-object object 203-MICTERM network-object object 205-MICTERM2 network-object object 300-ASSPC network-object object 305-ASSPC2 network-object object 450-ASSPCW network-object object 900-MIWAN group-object MI_WAN_net object-group network DM_INLINE_NETWORK_38 network-object object 105-GPMS network-object object 200-SRVMIPCI network-object object 203-MICTERM network-object object 205-MICTERM2 network-object object 300-ASSPC network-object object 305-ASSPC2 object-group network DM_INLINE_NETWORK_40 network-object object 301-ASSDEV network-object object 900-MIWAN object-group network DM_INLINE_NETWORK_41 network-object object 105-GPMS network-object object 200-SRVMIPCI network-object object 300-ASSPC network-object object 305-ASSPC2 network-object object 450-ASSPCW network-object object 699-MGTVOIP network-object object 899-MGTIPTV object-group network DM_INLINE_NETWORK_44 network-object object 200-SRVMIPCI network-object object 201-SRVTRST network-object object 202-SRVNTRST network-object object 300-ASSPC network-object object 301-ASSDEV network-object object 305-ASSPC2 network-object object 450-ASSPCW network-object object 900-MIWAN object-group network DM_INLINE_NETWORK_45 network-object object 100-LSP-MGT network-object object 200-SRVMIPCI network-object object 201-SRVTRST network-object object 202-SRVNTRST network-object object 203-MICTERM network-object object 205-MICTERM2 network-object object 301-ASSDEV network-object object 305-ASSPC2 network-object object 450-ASSPCW network-object object 451-MICROSHH network-object object 900-MIWAN group-object MI_WAN_net object-group network DM_INLINE_NETWORK_46 network-object object 100-LSP-MGT network-object object 200-SRVMIPCI network-object object 201-SRVTRST network-object object 202-SRVNTRST network-object object 203-MICTERM network-object object 205-MICTERM2 network-object object 300-ASSPC network-object object 301-ASSDEV network-object object 450-ASSPCW network-object object 451-MICROSHH network-object object 699-MGTVOIP network-object object 899-MGTIPTV network-object object 900-MIWAN group-object MI_WAN_net object-group network DM_INLINE_NETWORK_47 network-object object 200-SRVMIPCI network-object object 201-SRVTRST network-object object 202-SRVNTRST network-object object 699-MGTVOIP network-object object 899-MGTIPTV object-group network DM_INLINE_NETWORK_48 network-object object 100-LSP-MGT network-object object 200-SRVMIPCI network-object object 201-SRVTRST network-object object 202-SRVNTRST network-object object 203-MICTERM network-object object 300-ASSPC network-object object 301-ASSDEV network-object object 305-ASSPC2 network-object object 699-MGTVOIP network-object object 899-MGTIPTV network-object object 900-MIWAN group-object MI_WAN_net object-group network DM_INLINE_NETWORK_49 network-object object 200-SRVMIPCI network-object object 201-SRVTRST network-object object 203-MICTERM network-object object 300-ASSPC network-object object 301-ASSDEV object-group network DM_INLINE_NETWORK_50 network-object object 650-WVOIP network-object object 651-GSTVOIP1 network-object object 699-MGTVOIP object-group network DM_INLINE_NETWORK_51 network-object object 601-ASSVOIP1 network-object object 651-GSTVOIP1 network-object object 699-MGTVOIP object-group network DM_INLINE_NETWORK_52 network-object object 601-ASSVOIP1 network-object object 650-WVOIP network-object object 699-MGTVOIP ! #add service objects object service 1433 service tcp destination eq 1433 object service 50020 service tcp destination eq 50020 object service 50026 service tcp destination eq 50026 object service 5009 service tcp destination eq 5009 object service 5055 service tcp destination eq 5055 object service 52311 service tcp destination eq 52311 object service 8000 service tcp destination eq 8000 object service 8050 service tcp destination eq 8050 object service 8080 service tcp destination eq 8080 object service 8081 service tcp destination eq 8081 object service 88 service tcp destination eq 88 object service activedirectory-tcp service tcp destination eq 445 object service dce-endpointmapper service tcp destination eq 135 object service ldap-udp service udp destination eq 389 object service 10000 service tcp destination eq 10000 object service 10081 service tcp destination eq 10081 object service 135 service tcp destination eq 135 object service 18900 service tcp destination eq 18900 object service 25760 service tcp destination eq 25760 object service 25762 service tcp destination eq 25762 object service 3389 service tcp destination eq 3389 object service 35760 service tcp destination eq 35760 object service 445 service udp destination eq 445 object service 50002 service tcp destination eq 50002 object service 9100 service tcp destination eq 9100 description Micros Printer object service 2638 service tcp destination eq 2638 object service 5012 service tcp destination eq 5012 description Distributed Service Manager object service 50123 service tcp destination eq 50123 description MDS HTTP Service object service 5900 service tcp destination eq 5900 description VNC fr Fernzugriff object service 6001-6002 service tcp destination range 6001 6002 description Sentinel License object service 7019 service tcp destination eq 7019 description Caller ID Service object service 7300-7301 service tcp destination range 7300 7301 description Micros Cal Server FileTransfer object service 9000 service tcp destination eq 9000 description SIX_CARDS object service OSSEC service udp destination eq 1514 object service 8115 service tcp destination eq 8115 object service 8953 service tcp destination eq 8953 object service 2252 service tcp destination eq 2252 object service 2251 service tcp destination eq 2251 object service 2254 service tcp destination eq 2254 object service 2270 service tcp destination eq 2270 object service 62000 service tcp destination eq 62000 object service 3000 service tcp destination eq 3000 object service 3100 service tcp destination eq 3100 object service 3200 service tcp destination eq 3200 object service 41563 service tcp destination eq 41563 object service 5061-5062 service tcp destination range 5061 5062 object service 8001 service tcp destination eq 8001 object service 8002 service tcp destination eq 8002 object service 1637 service tcp destination eq 1637 object service 1639 service tcp destination eq 1639 object service 1641 service tcp destination eq 1641 object service 1603 service tcp destination eq 1603 object service 1605 service tcp destination eq 1605 object service 1607 service tcp destination eq 1607 object service 11022 service tcp destination eq 11022 object service 5900-5902 service tcp destination range 5900 5902 object service 8443 service tcp destination eq 8443 ! #add service object groups object-group protocol DM_INLINE_PROTOCOL_7 protocol-object ip protocol-object icmp object-group service MAARK1 service-object object 10000 service-object object 10081 service-object object 135 service-object object 18900 service-object object 25760 service-object object 25762 service-object object 3389 service-object object 35760 service-object object 445 service-object object 50002 service-object object 9100 service-object tcp destination eq lpd service-object tcp destination eq netbios-ssn service-object udp destination eq netbios-dgm service-object udp destination eq netbios-ns service-object udp destination eq snmp service-object udp destination eq snmptrap object-group service GPOD service-object object 1433 service-object object 50020 service-object object 50026 service-object object 5009 service-object object 5055 service-object object 52311 service-object object 8000 service-object object 8050 service-object object 8080 service-object object 8081 service-object object 88 service-object object activedirectory-tcp service-object object dce-endpointmapper service-object object ldap-udp service-object tcp-udp destination eq 9100 service-object tcp-udp destination eq domain service-object tcp-udp destination eq sunrpc service-object tcp destination eq www service-object tcp destination eq https service-object tcp destination eq ldap service-object tcp destination eq ldaps service-object tcp destination eq netbios-ssn service-object udp destination eq netbios-dgm service-object udp destination eq netbios-ns object-group service MICROS service-object object 2638 service-object object 5012 service-object object 50123 service-object object 5900 service-object object 6001-6002 service-object object 7019 service-object object 9100 service-object tcp destination eq ftp service-object tcp destination eq www service-object object 7300-7301 service-object icmp object-group service DM_INLINE_SERVICE_1 service-object object 3000 service-object object 3100 service-object object 3200 object-group service DM_INLINE_SERVICE_2 service-object object 8000 service-object object 8001 service-object object 8002 object-group service DM_INLINE_SERVICE_3 service-object object 1637 service-object object 1639 service-object object 1641 object-group service DM_INLINE_SERVICE_4 service-object object 1603 service-object object 1605 service-object object 1607 object-group service IPTV_OUT description Outbound policy for IPTV management service-object object 11022 service-object object 8080 service-object object 8443 service-object tcp-udp destination eq domain service-object tcp destination eq ftp service-object tcp destination eq www service-object tcp destination eq https object-group service DM_INLINE_SERVICE_7 service-object object 8000 service-object object 8001 service-object object 8002 object-group service DM_INLINE_SERVICE_8 service-object object 1637 service-object object 1639 service-object object 1641 object-group service DM_INLINE_SERVICE_9 service-object object 1603 service-object object 1605 service-object object 1607 object-group service SIX_CARDS service-object icmp service-object object 9000 service-object icmp echo service-object icmp echo-reply object-group service IPTV_IN service-object object 5900-5902 service-object object 8080 object-group service DM_INLINE_SERVICE_6 service-object object 3000 service-object object 3100 service-object object 3200 ! #add ACLs access-list 100-LSP-MGT_access_in extended permit ip object 100-LSP-MGT object-group MI_WAN_net access-list 200-SRVMIPCI_access_in extended permit ip object 200-SRVMIPCI object-group DM_INLINE_NETWORK_6 access-list 203-MICTERM_access_in extended permit ip object 203-MICTERM object-group DM_INLINE_NETWORK_7 access-list 699-MGTVOIP_access_in extended permit ip object 699-MGTVOIP object-group DM_INLINE_NETWORK_8 access-list 899-MGTIPTV_access_in extended permit ip object 899-MGTIPTV object-group DM_INLINE_NETWORK_9 access-list 900-MIWAN_access_in extended permit ip object-group DM_INLINE_NETWORK_2 object 100-LSP-MGT access-list 900-MIWAN_access_in extended permit ip object-group MI_WAN_net object-group DM_INLINE_NETWORK_4 access-list 900-MIWAN_access_in extended permit ip any object 699-MGTVOIP access-list 105-GPMS_access_in extended permit ip object 300-ASSPC object-group DM_INLINE_NETWORK_45 access-list 105-GPMS_access_in extended permit ip object 301-ASSDEV object-group DM_INLINE_NETWORK_37 access-list 105-GPMS_access_in extended permit ip object 305-ASSPC2 object-group DM_INLINE_NETWORK_46 access-list 105-GPMS_access_in extended permit ip object 351-OPERAIFC object-group DM_INLINE_NETWORK_47 access-list 105-GPMS_access_in extended permit ip object 450-ASSPCW object-group DM_INLINE_NETWORK_48 access-list 105-GPMS_access_in extended permit ip object 451-MICROSHH object-group DM_INLINE_NETWORK_49 access-list 201-SRVTRST_access_in extended permit ip object 201-SRVTRST object-group DM_INLINE_NETWORK_38 access-list 201-SRVTRST_access_in extended permit ip object 201-SRVTRST object-group DM_INLINE_NETWORK_40 access-list 202-SRVNTRST_access_in extended permit ip object 202-SRVNTRST object-group DM_INLINE_NETWORK_41 access-list 205-MICTERM2_access_in extended permit ip object 205-MICTERM2 object-group DM_INLINE_NETWORK_44 access-list 205-MICTERM2_access_in extended permit ip object 205-MICTERM2 object 451-MICROSHH access-list 206-TOKEN_access_in extended permit ip object 206-TOKEN object 200-SRVMIPCI access-list 601-ASSVOIP1_access_in extended permit ip object 601-ASSVOIP1 object-group DM_INLINE_NETWORK_50 access-list 651-GSTVOIP1_access_in extended permit ip object 651-GSTVOIP1 object-group DM_INLINE_NETWORK_52 access-list 650-WVOIP_access_in extended permit ip object 650-WVOIP object-group DM_INLINE_NETWORK_51 access-list 700-SURVCAM_access_in extended permit ip object 700-SURVCAM any access-list 820-KEYCRDLC_access_in extended permit ip object 820-KEYCRDLC object-group DM_INLINE_NETWORK_1 access-list 850-IPTVNDR1_access_in extended permit ip object 850-IPTVNDR1 object 899-MGTIPTV access-group 100-LSP-MGT_access_in in interface 100-LSP-MGT access-group 105-GPMS_access_in in interface 105-GPMS access-group 200-SRVMIPCI_access_in in interface 200-SRVMIPCI access-group 201-SRVTRST_access_in in interface 201-SRVTRST access-group 202-SRVNTRST_access_in in interface 202-SRVNTRST access-group 203-MICTERM_access_in in interface 203-MICTERM access-group 205-MICTERM2_access_in in interface 205-MICTERM2 access-group 206-TOKEN_access_in in interface 206-TOKEN access-group 601-ASSVOIP1_access_in in interface 601-ASSVOIP1 access-group 650-WVOIP_access_in in interface 650-WVOIP access-group 651-GSTVOIP1_access_in in interface 651-GSTVOIP1 access-group 699-MGTVOIP_access_in in interface 699-MGTVOIP access-group 700-SURVCAM_access_in in interface 700-SURVCAM access-group 820-KEYCRDLC_access_in in interface 820-KEYCRDLC access-group 850-IPTVNDR1_access_in in interface 850-IPTVNDR1 access-group 899-MGTIPTV_access_in in interface 899-MGTIPTV access-group 900-MIWAN_access_in in interface 900-MIWAN ! #add NAT rules object network 699-MGTVOIP nat (699-MGTVOIP,906-WAN) dynamic interface object network 899-MGTIPTV nat (899-MGTIPTV,906-WAN) dynamic interface object network 700-SURVCAM nat (700-SURVCAM,906-WAN) dynamic interface ! #configure anti-spoofing on all interfaces ip verify reverse-path interface 100-LSP-MGT ip verify reverse-path interface 105-GPMS ip verify reverse-path interface 200-SRVMIPCI ip verify reverse-path interface 201-SRVTRST ip verify reverse-path interface 202-SRVNTRST ip verify reverse-path interface 203-MICTERM ip verify reverse-path interface 205-MICTERM2 ip verify reverse-path interface 206-TOKEN ip verify reverse-path interface 601-ASSVOIP1 ip verify reverse-path interface 650-WVOIP ip verify reverse-path interface 651-GSTVOIP1 ip verify reverse-path interface 699-MGTVOIP ip verify reverse-path interface 700-SURVCAM ip verify reverse-path interface 820-KEYCRDLC ip verify reverse-path interface 850-IPTVNDR1 ip verify reverse-path interface 899-MGTIPTV ip verify reverse-path interface 900-MIWAN ip verify reverse-path interface 906-WAN ! #Marriott access username marriott password C3c1SVg5MO77QDY1 encrypted privilege 2 snmp-server host 900-MIWAN 162.130.114.45 community m@rr10tt version 2c snmp-server host 900-MIWAN 162.130.122.125 community m@rr10tt version 2c snmp-server host 900-MIWAN 162.130.128.92 community m@rr10tt version 2c snmp-server location SL41TX snmp-server contact Hoist snmp-server community m@rr10tt snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart ssh 162.130.128.92 255.255.255.255 900-MIWAN ssh 162.130.114.45 255.255.255.255 900-MIWAN ssh 162.130.122.125 255.255.255.255 900-MIWAN #—save config end wr mem