I thought it would help indivduals here (Both experienced and newcomers to Cisco gear) to have a thread with basic or advanced templates in it. Templates help reduce the config time of routers and firewalls for me at lease.
Please label your template with the device it was written for and what its purpose is.
Please do not post short commands unless you don't remember the full command
PLEASE REMOVE ANY IP'S OR PROPRIETARY INFORMATION FROM TEMPLATES
here are a few to starte
>Cisco ASA 55xx series firewalls
>VPN client connection (Non-SSL based)
>Blocking websites using regular expressions
> Image Update (versions may differ) *Must have TFTP server for update
> Basic Configuration *Very Basic*
Please label your template with the device it was written for and what its purpose is.
Please do not post short commands unless you don't remember the full command
PLEASE REMOVE ANY IP'S OR PROPRIETARY INFORMATION FROM TEMPLATES
here are a few to starte
>Cisco ASA 55xx series firewalls
>VPN client connection (Non-SSL based)
Code:
access-list remotevpn_splitTunnelAcl standard permit {Internal subnet} {Internal Subnet mask}
access-list inside_nat0_outbound extended permit ip {Internal subnet} {Internal Subnet mask} {VPN subnet} VPN Subnet mask}
ip local pool vpnpool {VPN Dhcp Pool} mask 255.255.255.0
nat (inside) 0 access-list inside_nat0_outbound
aaa-server windowsias protocol radius
aaa-server windowsias host }Radius Server}
key {Radius key}
radius-common-pw {password}
group-policy remotevpn internal
group-policy remotevpn attributes
dns-server value {DNS Server}
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value remotevpn_splitTunnelAcl
default-domain value {Domain}
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 set pfs
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
tunnel-group remotevpn type ipsec-ra
tunnel-group remotevpn general-attributes
address-pool vpnpool
authentication-server-group windowsias
default-group-policy remotevpn
tunnel-group remotevpn ipsec-attributes
pre-shared-key {Key}
>Blocking websites using regular expressions
Code:
regex domainlist1 "\.youtube\.com"
regex domainlist2 "\.myspace\.com"
regex domainlist3 "\.facebook\.com"
regex domainlist4 "\.streamaudio\.com"
regex domainlist5 "\.windowsmedia\.com"
regex domainlist6 "\.itunes\.com"
regex domainlist7 "\.monster\.com"
regex domainlist8 "\.hotels\.com"
access-list inside_mpc extended permit tcp any any eq www
class-map type regex match-any DomainBlockList
match regex domainlist1
match regex domainlist2
match regex domainlist3
match regex domainlist4
match regex domainlist5
match regex domainlist6
match regex domainlist7
match regex domainlist8
class-map type inspect http match-all BlockDomainsClass
match request header host regex class DomainBlockList
class-map httptraffic
match access-list inside_mpc
policy-map type inspect http http_inspection_policy
parameters
protocol-violation action drop-connection
class AppHeaderClass
drop-connection log
match request method connect
drop-connection log
class BlockDomainsClass
reset log
class BlockURLsClass
reset log
policy-map inside-policy
class httptraffic
inspect http http_inspection_policy
service-policy inside-policy interface inside
> Image Update (versions may differ) *Must have TFTP server for update
Code:
Copy tftp disk0
{IP OF TFTP Server}
asa\asa822-k8.bin
asa822-k8.bin
copy tftp disk0
{IP OF TFTP Server}
asa\asdm-625.bin
asdm-625.bin
config t
boot system disk0:/asa822-k8.bin
asdm image disk0:/asdm-625.bin
write mem
show boot
> Basic Configuration *Very Basic*
Code:
no dhcpd enable inside
no dhcpd address 192.168.1.5-192.168.1.254 inside
no dhcpd address 192.168.1.2-192.168.1.129 inside
!
interface Vlan1
nameif inside
security-level 100
ip address {Inside IP} 255.255.255.0
!
!
Hostname {ASA NAME}
!
enable password {Password}
passwd {Password}
!
interface Vlan2
nameif outside
security-level 0
ip address {Outside IP} {Outside Subnet}
!
dns domain-lookup outside
dns server-group DefaultDNS
name-server {Outside DNS}
name-server {Outside DNS 2}
!
route outside 0.0.0.0 0.0.0.0 {Gateway} 1
!
!
clock timezone EST -5
!
snmp-server host inside {SNMP Host} community public version 2c
snmp-server location {Location}
snmp-server contact {Contact}
snmp-server community {Community password}
snmp-server enable traps snmp authentication linkup linkdown coldstart
!
tftp-server outside {Outside TFTP Server} {TFTP Image path}
!
telnet {Inside Network} 255.255.255.0 inside
!
no http 192.168.1.0 255.255.255.0 inside
http {Inside Network) 255.255.255.0 inside
Last edited: