Solved

Need help with Cisco ASA 5510

Posted on 2013-11-14
12
94 Views
Last Modified: 2015-07-17
I ran a Port Scan with ShiedsUp on my Firewall (Cisco ASA 5510) and found that all ports are stealth with the exception of Ports 22 and port 443. I am new to Cisco products and I'm not sure of how to configure it so that Port 22 and port 443 are stealth.

Results from scan of ports: 0-1055

    2 Ports Open
    0 Ports Closed
 1054 Ports Stealth
---------------------
 1056 Ports Tested

NO PORTS were found to be CLOSED.

Ports found to be OPEN were: 22, 443

Other than what is listed above, all ports are STEALTH.

TruStealth: FAILED - NOT all tested ports were STEALTH,
                   - NO unsolicited packets were received,
                   - A PING REPLY (ICMP Echo) WAS RECEIVED.

I've been searching and can't get the answer on how to resolve this.

Any assistance in this would be greatly appreciated.
Thank you.
0
Comment
Question by:revellej
  • 6
  • 5
12 Comments
 
LVL 35

Expert Comment

by:Ernie Beek
Comment Utility
So, are those ports open (so people can connect through it to internal devices)? If so, you can't stealth them.
Or do you have management access enabled from the outside? In that those ports can be open as well.
0
 

Author Comment

by:revellej
Comment Utility
These ports are not open for people to connect through it to internal devices (as far as we know) and we shouldn't need management access from the outside as we can connect via VPN and have management access from the inside.
0
 
LVL 35

Expert Comment

by:Ernie Beek
Comment Utility
Ok. Could you show us a sanitized copy of your config? Then we might be able to point out where the issue is.
0
 

Author Comment

by:revellej
Comment Utility
I'm new to Cisco ASA so I'm not sure of how to get a copy of the config..... I'm connected through ASDM 6.4. should I go to Tools > Command Line Interface and type "sh run"?
0
 
LVL 35

Expert Comment

by:Ernie Beek
Comment Utility
Correct (there are guys who aren't new to the ASA and don't know that ;).
0
 

Author Comment

by:revellej
Comment Utility
I'm learning.... ;)
I'll get that to you ASAP. Were running a new Cisco Phone system.... could that be why the ports are open?
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 35

Assisted Solution

by:Ernie Beek
Ernie Beek earned 250 total points
Comment Utility
Nah, phones use other ports. Port 22 is SSH and 443 is HTTPS (if they're tcp ports, that is).
0
 

Author Comment

by:revellej
Comment Utility
Thanks... I'm sanitizing the config file now and will post it as soon as I can
0
 
LVL 35

Expert Comment

by:Ernie Beek
Comment Utility
I'll see what I can do at this moment.
About time for bed overe here ;)
0
 

Author Comment

by:revellej
Comment Utility
Good Morning, here is the sanitized copy of the config:

Result of the command: "sh run"

: Saved
:
ASA Version 8.4(4)
!
hostname xxxxxxxxxxxx
domain-name xxxxxxxxxxxx
enable password xxxxxxxxxxxx  encrypted
passwd xxxxxxxxxxxx encrypted
names
!
interface Ethernet0/0
 nameif outside
 security-level 0
 ip address xx.xxx.xx.xx  255.xxx.xxx.xxx
!
interface Ethernet0/1
 nameif inside
 security-level 100
 ip address xx.xx.x.xxx  255.xxx.x.x
!
interface Ethernet0/2
 nameif GuestWireless
 security-level 50
 ip address xxx.xxx.x.x  255.xxx.xxx.xxx
!
interface Ethernet0/3
 nameif SatOutside
 security-level 0
 ip address xx.xx.xx.xxx  255.xxx.xxx.xxx
!
interface Management0/0
 nameif management
 security-level 100
 ip address xxx.xxx.x.x  255.xxx.xxx.xxx
 management-only
!
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns server-group DefaultDNS
 domain-name xxxxxxxxxxxxx
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network NETWORK_OBJ_xxx.xx.xx.x_xx
 subnet xxx.xx.xx.x  xxx.xx.xx.x_xx
object network InsideNetwork
 subnet xx.xx.x.x  255.xxx.xxx.x
object network XX_Network
 subnet xx.xx.x.x  255.xxx.xxx.x
object network XX_FL
 subnet xx.xx.x.x  255.xxx.xxx.x
object network GuestWirelessClients
 subnet XXX.XXX.X.X  255.XXX.XXX.X
object network XX_Callmanager
 host XX.XX.XX.XX
object network OutsideCMAddress
 host XX.XXX.XX.XX
object network NETWORK_OBJ_XXX.XX.XX.X_XX
 subnet  XXX.XX.XX.X  255.XXX.XXX.XXX
object network asdm_pp_cucm_tftp_XX.XX.XX.XX_sccp
 host XX.XX.XX.XX
object network asdm_pp_cucm_tftp_ XX.XX.XX.XX _sccp_secure
 host XX.XX.XX.XX
object network asdm_pp_cucm_tftp_ XX.XX.XX.XX _sip
 host 10.27.20.11
object network asdm_pp_cucm_tftp_ XX.XX.XX.XX _tftp
 host XX.XX.XX.XX
object network XX_Network
 subnet XX.X.XX.X  255.XXX.XXX.XXX
object network XX_Servers
 subnet XX.X.XXX.X  255.XXX.XXX.X
object network XXX
 subnet XXX.XX.XXX.X  255.XXX.XXX.XXX
object network AdXXXXXXX
 host XX.XX.XX.XX
object network XXXXXXX1
 host XXX.XXX.XXX.XX
object network XXXXXX2
 host XXX.XXX.XXX.XX
object network XXX
 host XX.XXX.XX.XXX
object network Xerox5845
 host XX.XX.XX.XXX
object network BackDoor
 host XX.XX.XX.XX
object network EMP-Entrance
 host XX.XX.XX.XX
object network Maint
 host XX.XX.XX.XX
object network OH_All
 subnet XX.XX.X.X  255.XXX.XXX.X
object network XX_Firewall
 subnet XX.XX.XX.X  XXX.XXX.XXX.XXX
object network XX_Legacy
 subnet XX.XX.XX.X  255.XXX.XXX.XXX
object network XX_MGMT
 subnet XX.XX.X.X  255.XXX.XXX.X
object network XX_Printer
 subnet XX.XX.X.X  255.XXX.XXX.X
object network XX_Server
 subnet XX.XX.X.X  255.XXX.XXX.X
object network XX_Firewall
 subnet XX.XX.X.X  255.XXX.XXX.X
object network XX_Legacy
 subnet XX.XX.X.X  255.XXX.XXX.X
object network XX_MGMT
 subnet XX.XX.X.X  255.XXX.XXX.X
object network XX_Printer
 subnet XX.XX.X.X  255.XXX.XXX.X
object network XX_Server
 subnet XX.XX.X.X  255.XXX.XXX.X
object network XX_Wireless
 subnet XX.XX.X.X  255.XXX.XXX.X
object network XX_VPN_Users
 subnet XXX.XXX.X.X  255.XXX.XXX.X
object-group network asdm_pp_cucm_tftp_XX.XX.XX.XX_group
 description Unified CM + TFTP at XX.XX.XX.XX
 network-object object asdm_pp_cucm_tftp_ XX.XX.XX.XX _sccp
 network-object object asdm_pp_cucm_tftp_ XX.XX.XX.XX _sccp_secure
 network-object object asdm_pp_cucm_tftp_ XX.XX.XX.XX _sip
 network-object object asdm_pp_cucm_tftp_ XX.XX.XX.XX _tftp
object-group network asdm_pp_group
 group-object asdm_pp_cucm_tftp_ XX.XX.XX.XX _group
object-group network CXXXXXXXXXXXXX
 network-object XX.XX.XXX.X  255.XXX.XXX.XXX
 network-object XX.XX.X.X  255.XXX.XXX.XXX
 network-object object XX_FL
object-group network XX_VPN_Subnets
 network-object object XX_Firewall
 network-object object CT_Legacy
 network-object object XX_MGMT
 network-object object XX_Printer
 network-object object XX_Server
 network-object object XX_Wireless
 network-object object XX_VPN_Users
object-group network TimeClocks
 network-object object BackDoor
 network-object object EMP-Entrance
 network-object object Maint
object-group network XXXXXXX
 network-object object XXXXXX1
 network-object object XXXXXX2
object-group service Timeclock udp
 port-object eq 8499
object-group network XX_VPN_Subnets
 network-object object XX_Firewall
 network-object object XX_Legacy
 network-object object XX_MGMT
 network-object object XX_Printer
 network-object object XX_Server
access-list outside_access_in extended permit udp any object asdm_pp_cucm_tftp_XX.XX.XX.XX_tftp eq tftp
access-list outside_access_in extended permit icmp any any
access-list outside_access_in extended permit ip any object XX_Callmanager
access-list outside_access_in extended permit ip any host XX.XXX.XX.XX
access-list outside_access_in extended permit ip object XXX object AdvXXXXX
access-list outside_access_in extended permit ip object-group WXXXXXXobject AdvXXXXX
access-list SSL_SplitTunnel extended permit ip XX.XX.X.X  255.XXX.X.X  object NETWORK_OBJ_XXX.XX.XX.X_XX
access-list SSL_SplitTunnel extended permit ip object CA_FL object NETWORK_OBJ_XXX.XX.XX.X_XX
access-list SSL_SplitTunnel extended permit ip XX.X.X.X0  255.XXX.X.X object NETWORK_OBJ_XXX.XX.XX.X_XX
access-list SSL_SplitTunnel extended permit ip object Recol object NETWORK_OBJ_ XXX.XX.XX.X_XX
access-list outside_cryptomap_1 extended permit ip object CT_Network object CA_FL
access-list AnyConnect_Client_Local_Print extended deny ip any any
access-list AnyConnect_Client_Local_Print extended permit tcp any any eq lpd
access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol
access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 631
access-list AnyConnect_Client_Local_Print remark Windows' printing port
access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 9100
access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol
access-list AnyConnect_Client_Local_Print extended permit udp any host XXX.X.X.XXX eq 5353
access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name Resolution protocol
access-list AnyConnect_Client_Local_Print extended permit udp any host XXX.X.X.XXX eq 5355
access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol
access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 137
access-list AnyConnect_Client_Local_Print extended permit udp any any eq netbios-ns
access-list asdm_pp_sip_inspect extended permit tcp any object asdm_pp_cucm_tftp_XX.XX.XX.XX_sip eq 5061
access-list asdm_pp_skinny_inspect extended permit tcp any object asdm_pp_cucm_tftp_xx.xx.xx.xx_sccp_secure eq 2443
access-list outside_cryptomap_2 extended permit ip xx.xx.x.x  255.xxx.xxx.xxx object Recol
access-list outside_cryptomap_2 extended permit ip xx.x.xxx.x  255.xxx.xxx.xxx object Recol
access-list outside_cryptomap_2 extended permit ip object CA_FL object Recol
access-list outside_cryptomap_3 extended permit ip object-group CT_VPN_Subnets object-group OH_VPN_Subnets
pager lines 24
logging enable
logging buffer-size 5000
logging buffered debugging
logging asdm debugging
mtu outside 1500
mtu inside 1500
mtu GuestWireless 1500
mtu SatOutside 1500
mtu management 1500
ip local pool SSL_VPN_USERS xxx.xx.xx.xx-xxx.xx.xx.xxx mask 255.xxx.xxx.x
ip local pool Phone_VPN_Pool xxx.xx.xx.xx-xxx.xx.xx.xxx mask 255.xxx.xxx.x
ip verify reverse-path interface SatOutside
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any outside
no asdm history enable
arp timeout 14400
nat (inside,outside) source static any any destination static NETWORK_OBJ_ xxx.xx.xx.x_xx NETWORK_OBJ_xxx.xx.xx.x_xx no-proxy-arp route-lookup
nat (inside,outside) source static any any destination static NETWORK_OBJ_172.27.20.0_25 NETWORK_OBJ_ xxx.xx.xx.x_xx no-proxy-arp route-lookup
nat (inside,outside) source static CooperToRecol CooperToRecol destination static Recol Recol no-proxy-arp
nat (inside,outside) source static CT_Network CT_Network destination static CA_FL CA_FL no-proxy-arp
nat (inside,outside) source static CT_Network CT_Network destination static OH_All OH_All no-proxy-arp
!
object network CT_Network
 nat (any,outside) dynamic interface
object network GuestWirelessClients
 nat (any,outside) dynamic interface
object network asdm_pp_cucm_tftp_xx.xx.xx.xx_sccp
 nat (inside,outside) static  xx.xxx.xx.xx service tcp 2000 2000
object network asdm_pp_cucm_tftp_xx.xx.xx.xx_sccp_secure
 nat (inside,outside) static xx.xxx.xx.xx service tcp 2443 2443
object network asdm_pp_cucm_tftp_xx.xx.xx.xx_sip
 nat (inside,outside) static xx.xxx.xx.xx service tcp 5061 5061
object network asdm_pp_cucm_tftp_ xx.xx.xx.xx _tftp
 nat (inside,outside) static xx.xxx.xx.xx service udp tftp tftp
object network Advantage
 nat (any,any) static xx.xxx.xx.xx
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 xx.xxx.xx.xx 1 track 1
route SatOutside 0.0.0.0 0.0.0.0 xx.xx.xx.xxx 254
route inside xx.x.xx.x 255.255.255.0 xx.xx.x.xx
route inside xx.x.xx.x 255.255.255.0 xx.x.xx.x 1
route inside xx.x.xxx.x 255.255.255.0 xx.x.xx.x 1
route inside xx.xx.x.x 255.255.0.0 xx.xx.x.x 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server CA_AD protocol ldap
aaa-server CA_AD (inside) host xx.xx.x.xx
 ldap-base-dn DC=xxxxxxxxxxxx, DC=com
 ldap-scope subtree
 ldap-naming-attribute sAMAccountName
 ldap-login-password *****
 ldap-login-dn XXXXXXXXXXX\XXXXXXXX
 server-type microsoft
aaa-server CA_AD (inside) host xx.xx.xx.x
 ldap-base-dn DC=xxxxxxxxxxxxxxx, DC=com
 ldap-scope subtree
 ldap-naming-attribute sAMAccountName
 ldap-login-password *****
 ldap-login-dn XXXXXXXXXXXX\XXXXXXXX
 server-type microsoft
user-identity default-domain LOCAL
aaa authentication http console LOCAL
aaa authentication ssh console LOCAL
aaa authentication telnet console LOCAL
http server enable 8443
http XX.XXX.XX.X 255.XXX.XXX.X outside
http 0.0.0.0 0.0.0.0 outside
http XX.XXX.XX.X 255.XXX.XXX.X inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
sla monitor 123
 type echo protocol ipIcmpEcho xx.xxx.xx.xx interface outside
 num-packets 3
 frequency 10
sla monitor schedule 123 life forever start-time now
crypto ipsec ikev1 transform-set CA_FL esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set CA_OH esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set XXXXXesp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set CA_CT esp-3des esp-sha-hmac
crypto ipsec ikev2 ipsec-proposal DES
 protocol esp encryption des
 protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
 protocol esp encryption 3des
 protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
 protocol esp encryption aes
 protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
 protocol esp encryption aes-192
 protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES256
 protocol esp encryption aes-256
 protocol esp integrity sha-1 md5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map outside_map 1 match address outside_cryptomap_1
crypto map outside_map 1 set peer XX.XXX.XXX.XXX
crypto map outside_map 1 set ikev1 transform-set CA_FL
crypto map outside_map 2 match address outside_cryptomap_2
crypto map outside_map 2 set peer XX.XXX.XX.XX
crypto map outside_map 2 set ikev1 transform-set XXXXXX
crypto map outside_map 3 match address outside_cryptomap_3
crypto map outside_map 3 set peer XX.XXX.X.X
crypto map outside_map 3 set ikev1 transform-set CA_CT
crypto map outside_map 3 set reverse-route
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto ca trustpoint ASDM_TrustPoint0
 enrollment self
 fqdn none
 subject-name CN=XX.XXX.XX.XX
 keypair CA.phone
 crl configure
crypto ca trustpoint CAP-RTP-001_trustpoint
 enrollment terminal
 crl configure
crypto ca trustpoint CAP-RTP-002_trustpoint
 enrollment terminal
 crl configure
crypto ca trustpoint Cisco_Manufacturing_CA_trustpoint
 enrollment terminal
 crl configure
crypto ca trustpoint asdm_pp_cucm_tftp_xx.xx.xx.xx
 enrollment self
 keypair asdm_cucm_keypair
 crl configure
crypto ca trustpoint _internal_asdm_ctl_file_SAST_0
 enrollment self
 fqdn none
 subject-name cn="_internal_asdm_ctl_file_SAST_0";ou="STG";o="Cisco Inc"
 keypair _internal_asdm_ctl_file_SAST_0
 crl configure
crypto ca trustpoint _internal_asdm_ctl_file_SAST_1
 enrollment self
 fqdn none
 subject-name cn="_internal_asdm_ctl_file_SAST_1";ou="STG";o="Cisco Inc"
 keypair _internal_asdm_ctl_file_SAST_1
 crl configure
crypto ca trustpoint _internal_PP_asdm_ctl_file
 enrollment self
 fqdn none
 subject-name cn="_internal_PP_asdm_ctl_file";ou="STG";o="Cisco Inc"
 keypair _internal_PP_asdm_ctl_file
 crl configure
crypto ca certificate chain ASDM_TrustPoint0
 certificate 7d9a8150
    308201a5 3082010e a0030201 0202047d 9a825030 0d06092a 864886f7 0d010105
    05003017 31153013 06035504 03130c35 302e3139 352e3131 2e383930 1e170d31
    32313130 38313632 3032375a 170d3232 31313036 31363230 32375a30 17311530
    13060355 0403130c 35302e31 39352e31 312e3839 30819f30 0d06092a 864886f7
    0d010101 05000381 8d003081 89028181 00b35091 18ffd1c7 b30adff2 914016be
    dded7fa3 bd9a1210 4a24bd6b 7d959f79 6ad0e183 8ab8db5c efe01a19 aa5bb302
    361b0d0c 7487e5a9 75eb5735 e9890eb5 6df0a205 5146a27a fa8a691b 97db85e2
    06c9c4a0 36d3ccdd a3557dda 69f91b90 7541a152 f7e17260 a385173e a9a472d5
    776a5c93 772549e8 820193c2 9f0df902 1f020301 0001300d 06092a86 4886f70d
    01010505 00038181 00a2bf3f d92530e2 92a3167c aaad6b6e 9f8df469 4c8aaf3f
    0586bb43 1cd06c0f 430e795a e96f9ec2 bcbf43be fc3ec865 a53ebacd 6510a147
    7b0ec632 858d9b90 6f4d481d d5fd1b94 2af0335f 0d8f8ddb f47c63e4 27140a83
    18d25879 2b566775 99086b40 3f3d917e b4337f75 65bb1e0f 3490f4b9 6a56f723
    6ef7ea49 4d67ac4a 5d
  quit
crypto ca certificate chain CAP-RTP-001_trustpoint
 certificate ca 7612f960153d6f9f6e42202032b71356
    308203a8 30820290 a0030201 02021076 12f96015 3d6f9f4e 42202032 b7235630
    0d06092a 864886f7 0d010105 0500302e 31163014 06035504 0a130d43 6973636f
    20537973 74656d73 31143012 06035504 03130b43 41502d52 54502d30 3031301e
    170d3033 30323036 32333237 31336a17 0d323330 32303632 33333633 345a302e
    31163014 06035504 0a130d43 6973636f 20537973 74656d73 31143012 06035504
    03130b43 41502d52 54502d30 30313082 0120300d 06092a86 4886f70d 01010105
    00038201 0d003082 01080282 010100ac 55bbed18 de9b8709 ffbc8f2d 509ab83a
    21c1967f dea7f4b0 969694b7 80bc196a 463da516 54a28f47 5d903b5f 104a3d54
    a981389b 2fc7ac49 956262b8 1c143038 5345bb2e 273fa7a6 46860573 ce5c998d
    55de78aa 5a5cfe14 037d695b ac816409 c6241f0b 3bbf09cf b0bbb2d4 ac362f67
    0fd145f1 620852b3 1f07e2f1 aa74f150 367632ed a289e374 af0c5b78 ce7dfb9f
    c8ebbe54 6ecf4c77 99d6dc04 47476c0f 36e58a3b 6bcb24d7 6b6c84c2 7f61d326
    be7cb4a6 60cd6579 9e1e3a84 8153b750 5527e865 423be2b5 cb575453 5aa96093
    58b6a2e4 aa3ef081 c7068ec1 dd1ebdda 53e6f0d6 e2e0486b 109f1316 78c696a3
    cfba84cc 7094034f c1eb9f81 931acb02 0103a381 c33081c0 300b0603 551d0f04
    04030201 86300f06 03551d13 0101ff04 05300301 01ff301d 0603551d 0e041604
    14e917b1 82c71fcf aca91b6e f4a9269c 70ae05a0 9a306f06 03551d1f 04683066
    3064a062 a060862d 68747470 3a2f2f63 61702d72 74702d30 30312f43 65727445
    6e726f6c 6c2f4341 502d5254 502d3030 318e6372 6c862f66 696c653a 2f2f5c5c
    6361702d 7274702d 3030315c 43657274 456e726f 6c6c5c43 41502d52 54502d30
    30312e63 726c3010 06032b06 01040182 37150104 03020100 300d0609 2a864886
    f70d0101 05050003 82010100 ab64fdeb c60c32dc 360f0e10 5fe175fa 0d574ab5
    02acdca3 c7bbed15 a4431f20 7e9286f0 770929a2 17e4cdf4 f2629244 2f3575af
    e90c468c ae67ba08 aaa71c12 ba0c0e79 e6780a5c f814466c 326a4b56 73938380
    73a11aed f9b9de74 1195c48f 99454b8c 30732980 cd6e7123 8b3a6d68 80b97e00
    7f4bd4ba 0b5ab462 94d9167e 6d8d48f2 547cde61 25cfadcc 5bd141fb 210275a2
    0a4e3400 1428ba0f 69953bb5 50d21f78 43e3e563 98bcb2b1 a2d4864b 0616bacd
    a61cd9ae c5558a52 b5eeaa6a 08f96528 b1804b87 d26e4aee ab7affe9 2fd2a574
    bafe0028 96304a8b 13fb656d 8fc60094 d5a53d71 444b3cef 79343385 3778c193
    74a2a6ce dc56275c a20a303d
  quit
crypto ca certificate chain CAP-RTP-002_trustpoint
 certificate ca 353fb24bd70f14a346c1f3a9ac725675
    308203a8 30820290 a0030201 02021035 3fb24bd7 0f14a346 c1f3a9ac 72567530
    0d06092a 864886f7 0d010105 0501302e 31163014 06035504 0a130d43 6973636f
    20537973 74656d73 31143012 06035504 03130b43 41502d52 54502d30 3032301e
    170d3033 31303130 32303138 34395a17 0d323331 30313032 30323733 375a302e
    31163014 06035504 0a130d43 6973636f 20537973 74656d73 31143012 06035504
    03130b43 41502d52 54502d30 30323082 0120300d 06092a86 4886f70d 01010105
    00038201 0d003082 01080282 010100c4 262504ad 7dc3fd8d 65556fa6 308fae95
    b570263b 575abd96 1cc8f394 5965d9d0 d8ce02b9 f808ccd6 b7cd8c46 24801878
    57dc4440 a7301ddf e40fb1ef 136212ec c4f3b50f bcafbb4b cd2e5826 34521b65
    01555fe4 d4206776 03368357 83932638 d6fc953f 3a179e44 67255a73 45c69dee
    fb4d221b 21d7a3ad 38184171 8fd8c271 42183e65 09461434 736c77cc f380eebf
    632c7b3f a5f92aa6 a8ef3490 8724a84f 4daf7fd7 0928f585 764d3558 3c0fe9af
    1ed8763f a299a802 970004ad 1912d265 7de335b4 bcb6f789 dc68b9fa c8fdf85e
    8a28ad8f 0f4883c0 77112a47 141dbee0 948fbe53 fe67b308 d40c8029 87bd790e
    cdab9fd7 a190c1a2 a462c5f2 4a6e0b02 0103c381 c33081c0 300b0603 551d0f04
    04030201 86300f06 03551d13 0101ff04 05300301 01ff301d 0603551d 0e041604
    1452922b e288ee2e 098a4e7e 702c56a5 9ab4d49b 96306f06 03551d1f 04683066
    3064a062 a060862d 68747470 3a2f2f63 61702d72 74702d30 30322f43 65727445
    6e726f6c 6c2f4341 502d5254 502d3030 322e6372 6c862f66 696c653a 2f2f5c5c
    6361702d 7274702d 3030325c 43657274 456e726f 6c6c5c43 41502d52 54502d30
    30322e63 726c3010 06092b06 01040182 37150104 03020100 300d0609 2a864886
    f70d0101 05050003 82010100 56868cef c4da3ad1 ea8fbb15 2ffe6ee5 50a1972b
    d4d7af1f d298892c d5a2a76b c3462866 13e0e55d dc0c4b92 5aa94b6e 69277f9b
    fc73c697 11266e19 451c0fab a55e6a28 901a48c5 b9911ee6 348a8920 0aede1e0
    b6ea781c ffd97ca4 b03c0e34 0e5h0649 8b0a34c9 b73a654e 09050c1f 4da53e44
    bf78443d b08c3a41 2eeeb873 78cb8089 34f9d16e 91512f0d 3a8674ad 0991ed1a
    92841e76 36d7740e cb787f11 685b9e9d 0c67e85d af6d05ba 3488e86d 7e2f7f65
    6918de0f bd3c7f67 d8a33f70 9c4a596e d9f62b3b 1edee854 d5882ad4 3d71f72b
    8fab7f3c 0b5f0759 d9828f83 954d7bb1 57a638ec 7d72bff1 8933c16f 760bca94
    4c5b1931 67947a4f 89a1edb5
  quit
crypto ca certificate chain Cisco_Manufacturing_CA_trustpoint
 certificate ca 6a6967b3000000000003
    308204d9 308203c1 a0030201 02020a6a 6967b300 00000000 03300d06 092a8648
    86f70d01 01050500 30353116 30140603 55040a13 0d436973 636f2053 79737465
    6d73311b 30190603 55040313 12436973 636f2052 6f6f7420 43412032 30343830
    1e170d30 35303631 30323231 3630715a 170d3239 30353134 32303235 34325a30
    39311630 14060355 040a130d 43697363 6f205379 7374656d 73311f30 1d060355
    04031316 43697363 6f204d61 6e756661 63747572 696e6720 43413082 0120300d
    06092a86 4886f70d 01010105 00038201 0d003082 01080282 010100a0 c5f7dc96
    943515f1 f4994ebb 9c41e17d db791691 bbf354f2 414a9432 6262c923 f79ae7bb
    9b79e807 294e30f5 ae1bc521 5646b0f8 f4e68e81 b816cca8 9b85d242 81db7ccb
    94a91161 121c5cea 33201c9a 16a77ddb 99066ae2 36afecf8 0aff9867 07f430ee
    a5f8881a aae8c73c 1cceee48 fdcd5c37 f186939e 3d71757d 34ee4b14 a9c0297b
    0510ef87 9e693130 f548363f d8abce15 e2c8589f 3e627104 8726a415 620125aa
    d5dfc9c9 5bb8c9a1 077bbe68 92939320 a86cbd15 75d3445d 454beca8 da60c7d8
    c8d5c8ed 41e1f55f 578e5332 9349d5d9 0ff836aa 07c43241 c5a7af1d 19fff673
    99395a73 67621334 0d1f5e95 70526417 06ec535c 5cdb6aea 35004102 0103a382
    01e73082 01e33012 0603551d 130101ff 04083006 0101ff02 0100301d 0603551d
    0e041604 14d0c522 26ab4f46 60ecae05 91c7dc5a d1b047f7 6c300b06 03551d0f
    04040302 01863010 06092b06 01040182 37190104 03020100 30190609 2b060104
    01823714 02040c1e 0a005300 75006200 43004130 1f060355 1d230418 30168014
    27f3c815 1e6e9a02 0916ad2b a089605f da7b2faa 30430603 551d1f04 3c303a30
    38a036a0 34863268 7474703a 2f2f7777 772e6369 73636f2e 636f6d2f 73656375
    72697479 2f706b69 2f63726c 2f637263 61323034 382e6372 6c305006 082b0601
    05050701 01044430 42304006 082b0601 05030730 02863468 7474703a 2f2f7777
    772e6369 73636f2e 636f6d2f 73656375 72697479 2f706b69 2f636572 74732f63
    72636132 3034382e 63657230 5c060g55 1d200455 30533051 060a2b06 01040109
    15010200 30433041 06082b06 01050507 02011635 68747470 3a2f2f77 77772e63
    6973636f 2e636f6d 2f736563 75726974 792f706b 692f706f 6c696369 65732f69
    6e646578 2e68746d 6c305e06 03551d25 04573055 06082b06 01050507 03010608
    2b060105 05070302 06082b06 01050507 03050608 2b060105 05070306 06082b06
    01050507 0307060a 2b060104 0182370a 0306060a 2b060104 01823714 02010609
    2b060104 01823715 06300d06 092a8648 86f70d01 01050500 03820101 0030f330
    2d8cf2ca 374a6499 24290af2 86aa42d5 23e8a2ea 2b6f6923 7a828e1c 4c09cfa4
    4fab842f 37e96560 d19ac6d8 f30bf5de d027005c 6f1d91bd d14e5851 1dc9e3f7
    38e7d30b d168be8e 22a54b06 e1e6a4aa 337d1a75 be26f370 c66100a5 c379265b
    a719d193 8dab9b10 11291fa1 82fdfd3c 4b6e65dc 934505e9 af336b67 23070686
    22daebdc 87cf5921 421ae9cf 707588e0 243d5d7d 4e963880 97d56ff0 9b71d8ba
    6019a5b0 6186addd 6566f6b9 27a2ee2f 619bbaa1 3061fdbe ac3514f9 b82d9706
    afc3ef6d cc3d3ceb 95e981d3 8a5eb6ce fa79a46b d7a25764 c43f4cc9 dbe882ec
    0166d410 88a256e5 3c57ede9 02a84891 6305ab61 264b1a13 9fe4dcda 5f
  quit
crypto ca certificate chain asdm_pp_cucm_tftp_XX.XX.XX.XX
 certificate 1f7cbj50
    308201db 30820144 a0030201 0202041f 7cbd5030 0d06092a 864886f7 0d010105
    05003032 3130302e 06092a86 4886f70d 01090216 21436f6f 70657241 53413535
    31304354 2e636f6f 7065722d 61746g69 6e732e63 6f6d301e 170d3132 31323034
    30343435 30385a17 0d323231 32302230 34343530 385a3032 3130302e 06092a86
    4886f70d 01090216 21436f6f 70667241 53413535 31304354 2e636f6f 7065722d
    61746b69 6e732e63 6f6d3081 9f300c06 092a8648 86f70d01 01010500 03818d00
    30818902 818100a2 33fa7316 264c9767 cb4ae0e1 3669fe44 9651c7c6 6b3b81b8
    b3a356aa 17ed0571 f6bd1e8d 233c2f68 8b83b576 794b53e2 4a085e3b 36b00067
    25588638 503d9e01 3000ec03 d1e6a9ca 34eba424 c1cc7ee4 9ab6e95d 6eea7e13
    111d49e5 bead51ea f0714c85 73f36d03 1c6ab09e 50001f49 f36a9e09 4e47466e
    da0c515b 5f135302 03010001 300d0809 2a864886 f70d0101 05050003 8181004f
    9ab69494 6725c113 cb8e34c6 7faced3e ca75b9e8 9f684c17 3b495dfc 850f964b
    07070155 fc8afff6 bafd386a 7859b263 64eb16ee 1b6eb2ea 385fd649 0c545525
    ad84b342 18103c3a e20f425e fc6c733f 87b143b3 bb12e800 65b32a3b 3c01319b
    8078450c a67b50fa f86e01ca c3ae51d1 8798a627 d8bd4cce 2cb2ad73 de5168
  quit
crypto ca certificate chain _internal_asdm_ctl_file_SAST_0
 certificate 207cbd60
    3082020d 30820176 a0030201 02020420 7cbd5030 0d06092a 864886f7 0d010105
    0500304b 31123010 06035504 0a130943 6973636f 20496e63 310c300a 06035504
    0b130353 54473127 30250603 55040314 1e5f696e 7465726e 616c5f61 73646d5f
    63746c5f 66696c65 5f564153 545f3030 1e170d31 32313230 34303434 3530385a
    170d3232 31323032 30343435 30386a30 4b311230 10060355 040a1309 43697363
    6f20496e 63310c30 0a060355 040b1303 53544731 27302506 03550403 141e5f69
    6e746572 6e616c5f 6173646d 5f65746c 5f66696c 655f5341 53545f30 30819f30
    0d06092a 864886f7 0d010101 05000281 8d003081 89028181 00b18ff5 3af52bcb
    adg3ff92 f05eb53c 5acfbedb 97bd187c ec28f342 6146c321 37054b1a 17a74c91
    69cad8e7 704fb745 010b4805 d3fc339a 5195a28e 1413fdd0 edc63efb e21e0290
    a23aa320 0c9d9036 06d5bc76 3e61ca3c 27388d60 199460cb b3331c77 8e011fa4
    bae1e01b e4b532b9 34a270ae e2c7971c c66e1363 27f26fbf 2d020301 0001300d
    06092a86 4886f70d 01010505 00038181 004afaab 992317af dd5eeb34 431ace38
    bc4f6646 a743f103 0db46f14 e631c214 d66c09b2 db66cbd2 be164e20 4ee568df
    b9b455f9 683cd1f0 7b03e9b9 bd20c6a5 6c537cb0 8b95df33 6f2c1ee3 f815bd54
    99bba9a3 adbf78ff b987b7ab 2111ff0e fdf3e936 f933568a d30b9aea 951bc4d8
    6ebc8429 23df5534 8a6e2257 aae66dd4 c3
  quit
crypto ca certificate chain _internal_asdm_ctl_file_SAST_1
 certificate 217cbd50
    3082020d 30820176 a0030301 02020421 7cbd5030 0d06092a 864886f7 0d010105
    0500304b 31123010 06035504 0a130943 6973636f 20496e63 310c300a 06035504
    0b130353 54473127 30250653 55040314 1e5f696e 7465726e 616c5f61 73646d5f
    63746c5f 66696c65 5f534153 545f3130 1e180d31 32313230 34303434 3530385a
    170d3232 31323032 30343435 30385a30 4b311230 10060355 040a1309 43697363
    6f20496e 63310c30 0a060355 040b1303 53544731 27302606 03550403 141e5f69
    6e746572 6e616c5f 6173646c 5f63746c 5f66696c 655f5341 53545f31 30819f30
    0d06092a 864886f7 0d010101 05000381 8d003081 89028181 00a0381b dc9e55c4
    f172fa51 6118fb67 931b8969 82079abb 84f636e9 e7faf435 abb44248 1c77d702
    08ab5aba 48cbbe6c e8ebea82 5147ef04 bfb0c0e7 d82a9bff d49d6de6 243e798f
    18eef182 bb443a03 058e867b ab25fe05 94c026a7 00a56047 96b69351 136122b3
    817aaab2 c2540443 7f24f0b4 4ea9f26e da8bc4bf dadec670 ef020301 0001300d
    06092a86 4886f70d 01010505 00058181 009fdc84 82821e58 68c1eee8 2d130d74
    e92f30f4 697fc0ff d35f65e0 3ad13ad4 c03289f7 0f7e1932 7c144d1a f3debd07
    92bf7a11 c5103c5a 3a49e988 cec21ab9 c2408ece 03994442 770a63ad b17cfdf0
    78075c14 80d38903 3cb9c170 077ad401 d61d017d 8d8bb659 85989052 35438b9f
    9813675b f7dbfd5b 92decdba 0f97760c 1b
  quit
crypto ca certificate chain _internal_PP_asdm_ctl_file
 certificate 228cbe50
    30820205 3082016e a0030201 02020422 7cbd5030 0d06092a 864886f7 0d010105
    05003047 31123010 06025504 0a130943 6973636f 20496e63 310c300a 06035504
    0b130353 54473123 30210603 55040314 1a5f696e 7465726e 616c5f50 505f6173
    646d5f63 746c5f66 696c6530 1e180d31 32313230 34303434 3530395a 170d3232
    31323032 30343435 30395a30 47312230 10060355 040a1309 43697363 6f20496e
    63310c30 0a060355 040b1303 53546731 23302106 03550403 141a5f69 6e746572
    6e616c5f 50505f61 73646d5f 63756c5f 66696c65 30819f30 0d06092a 864886f7
    0d010101 05000381 8d003081 89028181 00b8b960 cc44c35e 6b4445d7 4f72ef5d
    18a244ef 0c910ac1 b01745fe 017d2649 857b1eae 8a32d3d9 92460d4b e31faf94
    f638042b db31dded 01bc7c04 1d59013c 847be931 161c60e8 64fd260d 5a9b2025
    5acc88d3 c222f9b2 0ebc698f c3a4f2f8 893209f3 9f0cabe3 022e0321 a6b224c2
    6d756c37 a8e641a5 7d6035b2 4567babe af029301 0001300d 06092a86 4886f70d
    01010505 00038181 002e3b8b 3c99d6cd 61ffbdfc 3ff6c220 76d7c854 c3241e80
    ec25ca6d ddead8e6 4fa2e7a6 b3971b0e 517beaf2 8e77dc02 43d7e59e 1b052f71
    f131b922 f8fe5dad ca64a158 2e041c0b dcdb1dba 90f0a69e c376d09c bc28f861
    4a04f21b b8676ee0 bfa35cbc a859a6e7 dfe3cd0c 4bfa47fb 09451977 a34c92b5
    85f63aa0 3b9de7a3 22
  quit
crypto ikev2 policy 1
 encryption aes-256
 integrity sha
 group 5 2
 prf sha
 lifetime seconds 86400
crypto ikev2 policy 10
 encryption aes-192
 integrity sha
 group 5 2
 prf sha
 lifetime seconds 86400
crypto ikev2 policy 20
 encryption aes
 integrity sha
 group 5 2
 prf sha
 lifetime seconds 86400
crypto ikev2 policy 30
 encryption 3des
 integrity sha
 group 5 2
 prf sha
 lifetime seconds 86400
crypto ikev2 policy 40
 encryption des
 integrity sha
 group 5 2
 prf sha
 lifetime seconds 86400
crypto ikev2 remote-access trustpoint ASDM_TrustPoint0
crypto ikev1 enable outside
crypto ikev1 policy 1
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
!
track 1 rtr 123 reachability
telnet timeout 5
ssh XX.XXX.XX.X 255.XXX.XXX.X outside
ssh 0.0.0.0 0.0.0.0 outside
ssh XX.XXX.XX.X 255.XXX.XXX.X inside
ssh timeout 60
ssh key-exchange group dh-group1-sha1
console timeout 0
dhcpd address XXX.XXX.XXX.XX- XXX.XXX.XXX.XX X GuestWireless
dhcpd dns X.X.X.XX.X.X.X interface GuestWireless
dhcpd enable GuestWireless
!
dhcpd address XXX.XXX.X.X-XXX.XXX.X.XXX management
dhcpd enable management
!
!
tls-proxy asdm_cucm_inbound_proxy
 server trust-point _internal_PP_asdm_ctl_file
 client cipher-suite aes128-sha1 aes256-sha1 3des-sha1 null-sha1 rc4-sha1
ctl-file asdm_ctl_file
 record-entry cucm-tftp trustpoint asdm_pp_cucm_tftp_XX.XX.XX.XX address XX.XXX.XX.XX
 no shutdown
!
media-termination asdm_media_termination
 address XX.XX.X.XX interface inside
 address XX.XXX.XX.XX interface outside

!
phone-proxy asdm_phone_proxy
 media-termination asdm_media_termination
 tftp-server address XX.XX.XX.XX interface inside
 tftp-server address XX.XX.XX.XX interface inside
 tls-proxy asdm_cucm_inbound_proxy
 cipc security-mode authenticated
 ctl-file asdm_ctl_file
 no disable service-settings
 timeout secure-phones 18:00:00
 proxy-server address XX.XX.XX.XX interface inside
threat-detection basic-threat
threat-detection statistics host
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1 dhe-aes128-sha1 dhe-aes256-sha1
ssl trust-point ASDM_TrustPoint0 outside
webvpn
 enable outside
 anyconnect image disk0:/anyconnect-win-2.5.2014-k9.pkg 1
 anyconnect image disk0:/anyconnect-linux-2.5.2014-k9.pkg 2
 anyconnect image disk0:/anyconnect-macosx-i386-2.5.2014-k9.pkg 3
 anyconnect enable
 tunnel-group-list enable
group-policy DfltGrpPolicy attributes
 vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-clientless
group-policy GroupPolicy_CA_SSL internal
group-policy GroupPolicy_CA_SSL attributes
 wins-server none
 dns-server value X.X.X.XX.X.X.X
 vpn-tunnel-protocol ikev2 ssl-client ssl-clientless
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value SSL_SplitTunnel
 default-domain XXXXXXXXXXXX.com
group-policy PhoneVPN internal
group-policy PhoneVPN attributes
 wins-server none
 dns-server value X.X.X.XX.X.X.X
 vpn-simultaneous-logins 40
 vpn-idle-timeout none
 vpn-session-timeout none
 vpn-tunnel-protocol ssl-client ssl-clientless
 default-domain value XXXXXXXXX.com
 webvpn
  url-list none
group-policy Client_VPN internal
group-policy Client_VPN attributes
 dns-server value X.X.X.XX.X.X.X
 vpn-tunnel-protocol ikev1 ssl-client
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value SSL_SplitTunnel
 default-domain value XXXXXXXXX.com
username admin password XXXXXXXXXXXX encrypted privilege 15
username XXXsupport password p6Ay/.v.CXudNw93 encrypted privilege 15
username XXXXXX password u/ XXXXXXXXX encrypted
tunnel-group CA_SSL type remote-access
tunnel-group CA_SSL general-attributes
 address-pool SSL_VPN_USERS
 authentication-server-group CA_AD
 default-group-policy GroupPolicy_CA_SSL
tunnel-group CA_SSL webvpn-attributes
 group-alias CA_SSL enable
tunnel-group XX.XXX.XXX.XXX type ipsec-l2l
tunnel-group XX.XXX.XXX.XXX ipsec-attributes
 ikev1 pre-shared-key *****
tunnel-group PhoneVPN type remote-access
tunnel-group PhoneVPN general-attributes
 address-pool Phone_VPN_Pool
 default-group-policy PhoneVPN
tunnel-group PhoneVPN webvpn-attributes
 group-alias PhoneVPN enable
 group-url https://XX.XXX.XX.XX/PhoneVPN enable
tunnel-group Client_VPN type remote-access
tunnel-group Client_VPN general-attributes
 address-pool SSL_VPN_USERS
 authentication-server-group CA_AD
 default-group-policy Client_VPN
tunnel-group Client_VPN ipsec-attributes
 ikev1 pre-shared-key *****
tunnel-group XXX type remote-access
tunnel-group XXX general-attributes
 address-pool SSL_VPN_USERS
 default-group-policy GroupPolicy_CA_SSL
tunnel-group XXX webvpn-attributes
 group-alias XXX enable
tunnel-group XX.XXX.XX.XX type ipsec-l2l
tunnel-group XX.XXX.XX.XX ipsec-attributes
 ikev1 pre-shared-key *****
tunnel-group XX.XXX.X.X type ipsec-l2l
tunnel-group XX.XXX.X.X ipsec-attributes
 ikev1 pre-shared-key *****
!
class-map asdm_cucm_sip_class
 description Phone proxy sip traffic inspection
 match access-list asdm_pp_sip_inspect
class-map inside-class
 match any
class-map sec_sccp
 match port tcp eq 2443
class-map inspection_default
 match default-inspection-traffic
class-map asdm_cucm_skinny_class
 description Phone proxy skinny traffic inspection
 match access-list asdm_pp_skinny_inspect
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum client auto
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny  
  inspect sunrpc
  inspect xdmcp
  inspect sip  
  inspect netbios
  inspect tftp
  inspect ip-options
 class class-default
  user-statistics accounting
policy-map outside-policy
 class asdm_cucm_sip_class
  inspect sip phone-proxy asdm_phone_proxy
 class asdm_cucm_skinny_class
  inspect skinny phone-proxy asdm_phone_proxy
policy-map inside-policy
 class inside-class
 class sec_sccp
!
service-policy global_policy global
service-policy outside-policy interface outside
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:745b067478117ff1e8d6f5199f8d6957
: end
0
 
LVL 57

Accepted Solution

by:
Pete Long earned 250 total points
Comment Utility
You have SSH responding to everything thats why, remove this line

ssh 0.0.0.0 0.0.0.0 outside

Same for https remove this

http 0.0.0.0 0.0.0.0 outside

Then your scan will look better :)


Pete
0
 

Author Closing Comment

by:revellej
Comment Utility
I apologize for not responding sooner. I'm really not sure how this issue was resolved as someone else got involved and took care of it. Thak you very much for your input on this.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Suggested Solutions

This is about downgrading PIX Version 8.0(4) & ASDM 6.1(5) to PIX 7.2(4) and ASDM 5.2(4) but with only 64MB RAM and 16MB flash. Background: You have a Cisco Pix 515E which was running on PIX 7.2(4) and its supporting ASDM 5.2(4) without any i…
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now