Page 1
!ASA Version 8.4(2) !hostname asayppodomain-name XXXXX.grenable password XXXXXXX encryptedpasswd XXXXXXXX encryptednames!interface GigabitEthernet0/0 no nameif no security-level no ip address!interface GigabitEthernet0/0.110 description *** OUTPUT INTERFACE FOR THE MAIN BULK OF DATA *** vlan 110 nameif outside1 security-level 0 ip address 10.7.128.170 255.255.255.248 !interface GigabitEthernet0/0.888 description *** OUTPUT INTERFACE FOR FUTURE USE - EXTRA SYZEFXIS ADRESSES *** vlan 888 nameif outside2 security-level 0 ip address 10.7.92.171 255.255.255.248 !interface GigabitEthernet0/1 no nameif no security-level no ip address!interface GigabitEthernet0/1.113 vlan 113 nameif internal_users security-level 100 ip address 10.2.132.1 255.255.252.0 !interface GigabitEthernet0/1.300 vlan 300 nameif inside_data security-level 100 ip address 10.2.146.1 255.255.255.0 !interface GigabitEthernet0/1.999 description ***Administration Vlan*** shutdown vlan 999 nameif inside_admin security-level 100 ip address 10.7.80.148 255.255.255.0 !interface GigabitEthernet0/2 no nameif no security-level
Page 2
no ip address!interface GigabitEthernet0/2.70 description *** MANAGEMENT VLAN AT DMZ ZONE *** vlan 70 nameif DMZ_SINA security-level 70 ip address 10.2.150.33 255.255.255.224 authentication key eigrp 10 misco key-id 1 authentication mode eigrp 10 md5 summary-address eigrp 10 0.0.0.0 0.0.0.0 5!interface GigabitEthernet0/2.71 description *** OPEP servers *** vlan 71 nameif DMZ_OPEP security-level 50 ip address 192.168.30.1 255.255.255.0 !interface GigabitEthernet0/2.112 vlan 112 nameif dmz_webservers security-level 50 ip address 10.2.129.1 255.255.255.0 !interface GigabitEthernet0/3 nameif lan_Servers security-level 100 ip address 10.2.128.1 255.255.255.0 !interface Management0/0 nameif management security-level 100 ip address 192.168.1.1 255.255.255.0 management-only!regex regex14 "\.chatango\.com"regex regex15 "www\.games\.co\.uk"regex regex16 "www\.gamesgames\.com"regex regex17 "games24\.gr"regex regex18 "\.bourdela\.com"regex regex19 "\.hardsextube\.com"regex regex1 "www\.*(paixnidia|games)*\.gr "regex regex2 "www\.*(paixnidia|games)*\.com"regex regex3 "xn--mxaaitab2rgd\.com"regex regex4 "www\.ntop\.gr"regex regex5 "*paixnidia*\.gr"regex regex6 "www\.friv\.com"regex regex7 "www\.2search\.gr"regex regex8 "www\.trendygames\.gr"regex regex9 "www\.liose\.gr"regex regex10 "www\.pandagames\.gr"regex regex11 "www\.casinoinfo\.com"regex regex20 "www\.*(paixnidia|games)*\.net"regex regex12 "games\.yahoo\.com"regex regex13 "games\.msn\.com"!
Page 3
time-range webservers_time_restriction periodic weekdays 7:00 to 17:30!boot system disk0:/asa842-k8.binboot system disk0:/asa841-k8.binftp mode passiveclock timezone EEST 2clock summer-time EEDT recurring last Sun Mar 3:00 last Sun Oct 4:00dns domain-lookup outside1dns domain-lookup outside2dns domain-lookup internal_usersdns domain-lookup inside_datadns domain-lookup DMZ_SINAdns domain-lookup dmz_webserversdns domain-lookup lan_Serversdns domain-lookup managementdns server-group DefaultDNS name-server 10.2.128.21 name-server 10.2.128.22 domain-name culture.grsame-security-traffic permit inter-interfacesame-security-traffic permit intra-interfaceobject network FileSRV host 10.2.128.31object service AMS-1 service tcp destination eq 16111 description basic communication client object service AMS-2 service tcp destination eq 5033 description update mirror access object service AMS-3 service tcp destination eq 16102 description console access object service AMS-4 service udp destination eq 6000 description AMS discovery object service AMS-5 service tcp destination eq 16109 description Apply to object service AMS-6 service tcp destination eq 16108 description remote Virus chest access object service Microsoft-DS service tcp destination eq 445 object network Avast.culture.gr host 10.2.128.40object network Artemis host 10.2.129.44object network Chaos host 10.2.128.56object network AppDBSRV host 10.2.128.75object network AppSRV host 10.2.129.43object network Cultexmail-1 host 10.2.128.43object network Cultexmail-2
Page 4
host 10.2.128.43object network ccp host 10.2.129.24object network digital-heritage host 10.2.129.41object network dptsite host 10.2.129.31object network echelon host 10.2.129.40object service POP3S service tcp destination eq 995 object service AMS-7 service tcp destination eq 25322 object service AMS-8 service tcp destination eq 8731 object service AMS-9 service tcp destination eq 8732 object network SRVDeam1 host 10.2.129.26object network YPPOWebSRV host 10.2.129.30object network DPT-SOLONSRV host 10.2.129.25object network AthensEveryWeek host 10.2.129.45object network DPDWebSRV host 10.2.129.34object network DPTSITE_clone host 10.2.129.32object network GAMA-KPS host 10.2.129.29object network KASWebSRV host 10.2.129.35object network Mesogiako-Forum host 10.2.129.42object network MichaelWebSrv host 10.2.129.37object network VM-IISWebSrv1 host 10.2.129.36object network Venice host 10.2.129.46object network HYPER-V-Out host 10.2.129.51object network Sharepoint host 10.2.129.50object network SYZEYXIS??? subnet 10.179.0.0 255.255.0.0object network DEAM subnet 10.2.150.0 255.255.255.0object network Connex host 10.2.146.2 description Alternate GW object network PandaGD host 10.2.128.89object network ANY subnet 0.0.0.0 255.255.255.255object network Panda1
Page 5
host 212.205.126.80object network Panda2 host 212.205.126.25object network Panda10 host 74.208.97.139object network Panda11 host 212.227.53.223object network Panda12 host 208.83.138.31object network Panda3 host 193.104.218.81object network Panda4 host 206.253.225.17object network Panda5 host 87.106.160.52object network Panda6 host 206.253.225.13object network Panda7 host 206.253.225.16object network Panda8 host 85.25.6.48object network Panda9 host 74.208.97.105object network CultTMG host 10.2.128.76object network Backup-Server host 10.2.128.47object network CultDC1 host 10.2.128.21object network CultDC2 host 10.2.128.22object network HYPER-V5 host 10.2.129.52object network VMM host 10.2.128.73object network Admin host 10.2.132.10object network archaeocadastre host 10.2.129.48object network CCP-EVA host 10.2.129.38object network Amca host 10.2.129.47object network HYPER-V host 10.2.128.51object network HYPER-V2 host 10.2.128.78object network HYPER-V3 host 10.2.128.77object network HYPER-V4 host 10.2.128.83object network 9EBAproxy host 10.95.1.104object network 9EBA subnet 10.66.32.0 255.255.255.0 description internal lanobject network syzefxis_proxy_2
Page 6
host 10.95.1.50 description proxy server of syzefxisobject network proxy_server_3 host 10.255.139.186object network attacker-asia subnet 219.159.0.0 255.255.0.0 description attacker to smtpobject network CultEmailEDGE host 10.2.129.95object network mail.culture.gr host 10.7.128.172object network EYPOT subnet 10.18.75.0 255.255.255.128object service SecLDAP service tcp destination eq 50389 object network KE_EPKA host 10.179.123.66 description KE MOYSEIO RETHYMNOYobject network L_EPKA host 10.179.123.34object service smtpS service tcp destination eq 587 object service https service tcp destination eq https object service Mail-pop3 service tcp destination eq pop3 object service Mail-smtp service tcp destination eq smtp object network webaddress_mail host 10.7.128.172object network weaddress_mailobject network Cultexmail-3 host 10.2.128.43object network Cultexmail1 host 10.2.128.72object network Cultexmail-4 host 10.2.128.43object network Cultexmail-5 host 10.2.128.43object network KTHEPKA host 10.179.122.130object network AEPKA host 10.179.115.122object network 19EBA host 10.179.118.134object network syzefxis_proxy_server_5 host 172.20.10.4object network syzefxis_proxy_server_6 host 172.20.10.4object network 27EBA host 10.179.125.22object network 10.179.125.0 subnet 10.179.125.0 255.255.255.0object network 22eba host 10.179.122.158object network APPDB-SRV host 10.2.128.85
Page 7
object network APP-SRV host 10.2.129.53object network laikhs_texnhs host 10.179.125.78object network 10.179.115.134 host 10.179.115.134object network 2EBA host 10.179.118.150object network ieepka subnet 10.131.75.0 255.255.255.0object network ktimatologio_deam host 10.2.129.55object network Festival host 10.2.129.59object network 14-EBA host 10.179.116.138object network 23-EBA host 10.179.122.162object network 7-EBA host 10.179.122.62object network HYPER-V6 host 10.2.129.61object network HYPER-V7-Out host 10.2.129.54object network Artemis-1 host 10.2.129.62object network Chaos-1 host 10.2.128.57object network IBEPKA host 10.179.122.90object network 8EBA host 10.179.120.190object network AIGAI_WEBPAGE host 10.2.129.56object network PELLA_MUSEUM_WEBPAGE host 10.2.129.57object network MELT host 10.179.115.138object network TAP subnet 10.34.94.0 255.255.254.0object network d_sintirisi host 10.179.115.194 description Dieythinsi Sintirisisobject network KAepka host 10.179.117.154object network 6EBA host 10.179.122.150object network 10.179.122.74 host 10.179.122.74object network DMEEP host 10.179.125.106 description Themistokleous5object network dmz_ironport host 10.2.129.95object network KST_EPKA host 10.179.120.206object network 22EBA_NAYPAKTOS
Page 8
host 10.179.122.158object network LST_EPKA host 10.179.122.218object network ENM_ATTIKHS host 10.179.115.130object network ironport host 10.2.129.95object network ironport1 host 10.7.80.53object network soultani host 10.179.122.70object network artemis1 host 10.2.128.62object network Gen_Grammatia_Athlitismou host 10.6.240.22object network Gen_Grammatia_Athlitismou2 host 10.6.240.21object network Gen_Grammatia_Athlitismou3 host 10.6.240.29object network Olympia_Server host 10.2.129.57object network EAM subnet 10.34.115.0 255.255.255.0object network larisa subnet 10.130.44.0 255.255.255.0object network Yp.Newt.Mnhmeiwn_Stereas_Elladas subnet 10.130.44.0 255.255.255.0object network Byzntino_Mouseio_Thess subnet 10.66.31.0 255.255.255.0object network Byzantino_Mouseio_Athens subnet 10.34.44.0 255.255.254.0object network 4EBA subnet 10.162.58.0 255.255.255.0object network karitsi10 host 10.179.115.170object network 10.179.141.0 subnet 10.179.141.0 255.255.255.0object network antikytheramech host 10.2.129.56object service backup_auth service tcp destination range 7937 9936 object network eds host 10.2.129.55object network vm-iiswebsrv1 host 10.2.129.36object network Ayla host 10.2.129.45object service macromedia_flash_server service tcp destination eq 1935 object network dptapps host 10.2.129.32object network kthmatologio_webserver1 host 10.2.129.167object network kthmatologio_webserver2 host 10.2.129.168object service tcp_6080 service tcp destination eq 6080
Page 9
object service tcp_8080 service tcp destination eq 8080 object-group network WEBSERVERS description *** Outside to DMZ_WEBSERVERS ALLOWED *** network-object object Artemis network-object object ccp network-object object digital-heritage network-object object dptsite network-object object echelon network-object object SRVDeam1 network-object object YPPOWebSRV network-object object AppSRV network-object object DPT-SOLONSRV network-object object AthensEveryWeek network-object object DPDWebSRV network-object object DPTSITE_clone network-object object GAMA-KPS network-object object KASWebSRV network-object object Mesogiako-Forum network-object object MichaelWebSrv network-object object VM-IISWebSrv1 network-object object Venice network-object object HYPER-V-Out network-object object Sharepoint network-object object archaeocadastre network-object object CCP-EVA network-object object Amca network-object object CultEmailEDGE network-object object APP-SRV network-object object ktimatologio_deam network-object object Festival network-object object AIGAI_WEBPAGE network-object object PELLA_MUSEUM_WEBPAGEobject-group service common_ports tcp port-object eq www port-object eq httpsobject-group network web_internal_servers description *** web access to internal servers *** network-object host 10.2.128.23 network-object host 10.2.128.38 network-object host 10.2.128.39 network-object host 10.2.128.75 network-object host 10.2.128.80 network-object host 10.2.128.81 network-object host 10.2.128.54 network-object host 10.2.128.55 network-object host 10.2.128.56 network-object host 10.2.128.57 network-object host 10.2.128.41 network-object object Avast.culture.gr network-object object AppDBSRV network-object object Chaos network-object object Cultexmail-1 network-object object FileSRV network-object object Cultexmail-2object-group service www_internal_servers tcp port-object eq www
Page 10
port-object eq httpsobject-group network domain_controllers network-object object FileSRV network-object object CultDC1 network-object object CultDC2object-group service Avast service-object object AMS-1 service-object object AMS-2 service-object object AMS-3 service-object object AMS-4 service-object object AMS-5 service-object object AMS-6 service-object object AMS-7 service-object object AMS-8 service-object object AMS-9 object-group service DCE tcp-udp port-object eq 135object-group service RPC service-object object Microsoft-DS service-object tcp-udp destination eq 135 service-object tcp-udp destination eq kerberos service-object tcp destination eq netbios-ssn service-object udp destination eq netbios-dgm service-object udp destination eq netbios-ns service-object tcp-udp destination eq 1512 service-object tcp-udp destination eq 42 service-object tcp-udp destination eq 389 service-object tcp-udp destination eq 88 service-object tcp destination eq ldaps service-object udp destination eq time service-object udp destination eq ntp object-group protocol TCPUDP protocol-object udp protocol-object tcpobject-group service Oracle tcp port-object eq 2483 port-object eq sqlnetobject-group network SYZEYXIS_BRANCHES network-object host 10.179.123.114 network-object host 10.179.123.230 network-object host 10.179.119.150 network-object host 10.179.116.14 network-object host 10.179.115.166 network-object host 10.179.122.18 network-object host 10.179.115.198 network-object host 10.179.115.114 network-object host 10.179.115.126 network-object host 10.179.117.166 network-object host 10.179.115.158 network-object object KTHEPKA network-object host 10.179.123.22 network-object object AEPKA network-object object 19EBA network-object object 22eba network-object object ieepka network-object object 14-EBA network-object object 23-EBA
Page 11
network-object object 7-EBAobject-group service SQL tcp port-object eq 1433 port-object eq sqlnetobject-group network CultMAIL network-object object Cultexmail-1 network-object object Cultexmail1object-group service allowed_users_ports tcp port-object eq exec port-object eq 9100 port-object eq 7777 port-object eq 7778 port-object eq www port-object eq https port-object eq 8090 port-object eq ftp port-object eq ftp-data port-object eq pop3 port-object eq 3389 port-object eq 1863 port-object eq 3306 port-object eq 210object-group service allowed_users_ports_udp udp port-object eq bootps port-object eq bootpc port-object eq domain port-object eq 210object-group network popular_webpages network-object host 209.85.143.93 network-object host 209.85.143.91 network-object host 209.85.143.190 network-object host 209.85.143.136 network-object 204.15.16.0 255.255.248.0 network-object 66.220.144.0 255.255.245.0 network-object host 69.63.190.2 network-object 69.63.176.0 255.255.255.0object-group network WEB-SMTP-129 network-object object ccp network-object object digital-heritage network-object object dptsite network-object object echelon network-object object AppSRV network-object object YPPOWebSRV network-object object archaeocadastre network-object object Artemis network-object object APP-SRVobject-group network branches_dns_request description KE network-object host 10.179.123.230 network-object host 10.179.123.114 network-object object 9EBA network-object object 9EBAproxy network-object object EYPOT network-object object KE_EPKA network-object object L_EPKA network-object object 27EBAobject-group network lotus_notes
Page 12
network-object host 10.179.122.70 network-object host 10.179.115.158 network-object host 10.179.122.74 network-object host 10.179.115.174 network-object host 10.179.115.178 network-object host 10.179.115.186 network-object host 10.179.122.78 network-object host 10.179.122.210 network-object host 10.179.115.194 network-object host 10.179.115.198 network-object host 10.179.115.202 network-object host 10.179.115.206 network-object host 10.179.119.150 network-object host 10.179.115.130 network-object host 10.179.120.186 network-object host 10.179.115.134 network-object host 10.179.123.230 network-object host 10.179.123.114 network-object host 10.179.123.86 network-object host 10.179.123.46 network-object 10.34.115.0 255.255.255.0 network-object host 10.179.115.190 network-object 10.2.150.0 255.255.255.0object-group network vpn_site_to_site_branches network-object host 10.179.115.174object-group network syzefxis_ranges network-object 10.179.114.0 255.255.255.0 network-object 10.179.115.0 255.255.255.0 network-object 10.179.116.0 255.255.255.0 network-object 10.179.117.0 255.255.255.0 network-object 10.179.118.0 255.255.255.0 network-object 10.179.119.0 255.255.255.0 network-object 10.179.120.0 255.255.255.0 network-object 10.179.121.0 255.255.255.0 network-object 10.179.122.0 255.255.255.0 network-object 10.179.123.0 255.255.255.0 network-object object 10.179.125.0 group-object vpn_site_to_site_branches network-object object 10.179.141.0object-group network misthodosia network-object 10.34.44.0 255.255.255.254 network-object host 10.179.115.186 network-object host 10.179.115.218 network-object 10.131.75.0 255.255.255.0 network-object 10.34.115.0 255.255.255.0 network-object 10.34.44.0 255.255.255.0 network-object host 10.179.115.178 network-object host 10.179.123.46 network-object object 2EBA network-object object IBEPKA network-object object 8EBA network-object object MELT network-object object TAP network-object object d_sintirisi network-object object KAepka network-object object 6EBA network-object host 10.179.122.74
Page 13
network-object object DMEEP network-object object KST_EPKA network-object object 22EBA_NAYPAKTOS network-object object LST_EPKA network-object object ENM_ATTIKHS network-object object soultani network-object object Admin network-object object karitsi10 group-object syzefxis_rangesobject-group network acs.pandasoftware.com network-object object Panda1 network-object object Panda2 network-object object Panda10 network-object object Panda11 network-object object Panda12 network-object object Panda3 network-object object Panda4 network-object object Panda5 network-object object Panda6 network-object object Panda7 network-object object Panda8 network-object object Panda9object-group network proxies_gen_gram_athlitismou network-object host 10.6.240.29 network-object host 10.6.240.22object-group service PROXY tcp port-object eq 8080object-group network Backup network-object object DPT-SOLONSRV network-object object SRVDeam1 network-object object dptsite network-object object echelon network-object object AppSRV network-object object YPPOWebSRV network-object object APP-SRVobject-group service EMC-Networker tcp-udp port-object range 7937 9936object-group network DMZ_HYPER-V network-object object HYPER-V-Out network-object object HYPER-V5 network-object object HYPER-V6 network-object object HYPER-V7-Outobject-group network HYPER-V_IN network-object object HYPER-V network-object object HYPER-V2 network-object object HYPER-V3 network-object object HYPER-V4object-group network DM_INLINE_NETWORK_1 network-object object Admin network-object object VMM group-object HYPER-V_INobject-group network DM_INLINE_NETWORK_2 network-object object Artemis network-object object digital-heritage network-object object YPPOWebSRV network-object object Artemis-1object-group network support
Page 14
network-object host 10.179.123.46 network-object 10.179.114.0 255.255.255.0 network-object 10.179.115.0 255.255.255.0 network-object 10.179.116.0 255.255.255.0 network-object 10.179.117.0 255.255.255.0 network-object 10.179.118.0 255.255.255.0 network-object 10.179.119.0 255.255.255.0 network-object 10.179.120.0 255.255.255.0 network-object 10.179.121.0 255.255.255.0 network-object 10.179.122.0 255.255.255.0 network-object 10.179.123.0 255.255.255.0 network-object 10.179.124.0 255.255.255.0 network-object 10.162.58.0 255.255.255.0 network-object host 10.33.155.100 network-object object 9EBAproxy network-object object 9EBA network-object object syzefxis_proxy_2 network-object object proxy_server_3 network-object object EYPOT network-object object syzefxis_proxy_server_5 network-object object syzefxis_proxy_server_6 network-object object 27EBA network-object object larisa network-object object 10.179.141.0object-group service DM_INLINE_UDP_1 udp port-object eq snmp port-object eq snmptrapobject-group service EdgeSync tcp-udp port-object eq 50636object-group service DM_INLINE_SERVICE_1 service-object object SecLDAP service-object tcp destination eq smtp object-group network mail_web_nat network-object host 10.7.128.172object-group service web_mail tcp port-object eq httpsobject-group service DM_INLINE_TCP_1 tcp port-object eq www port-object eq httpsobject-group network load_balance_networks network-object 10.2.150.32 255.255.255.224 network-object 192.168.100.0 255.255.255.0object-group service DM_INLINE_TCP_2 tcp port-object eq 995 port-object eq pop3object-group network ntp_clients_syzefxis description ntp requests of clients - syzeyxis network-object object laikhs_texnhs network-object object 10.179.115.134object-group network DM_INLINE_NETWORK_3 network-object object Backup-Server network-object object VMMobject-group service DPM-data tcp port-object range 5718 5719object-group service DM_INLINE_TCP_3 tcp group-object DPM-data group-object EMC-Networker
Page 15
object-group network DM_INLINE_NETWORK_4 network-object object Backup-Server network-object object VMMobject-group service DM_INLINE_TCP_4 tcp group-object DPM-data group-object EMC-Networker port-object eq 135object-group service NetBIOS service-object object Microsoft-DS service-object tcp destination eq netbios-ssn service-object udp destination eq netbios-dgm service-object udp destination eq netbios-ns object-group network DM_INLINE_NETWORK_5 network-object object APP-SRV network-object object AppSRVobject-group network DM_INLINE_NETWORK_6 network-object object APPDB-SRV network-object object AppDBSRVobject-group network DM_INLINE_NETWORK_8 network-object object Chaos network-object object Chaos-1object-group service DM_INLINE_TCP_5 tcp port-object eq 3389 port-object eq www port-object eq httpsobject-group service internal_to_ironport tcp port-object eq 82 port-object eq 83 port-object eq ftp port-object eq www port-object eq https port-object eq ssh port-object eq telnetobject-group network PHASES network-object object Gen_Grammatia_Athlitismou network-object object Gen_Grammatia_Athlitismou2 network-object object Gen_Grammatia_Athlitismou3object-group network protocol description y network-object object 9EBAproxy network-object object proxy_server_3 network-object object syzefxis_proxy_2 network-object object syzefxis_proxy_server_5 group-object syzefxis_ranges network-object object EAM network-object object Gen_Grammatia_Athlitismou network-object object Gen_Grammatia_Athlitismou2 network-object object Gen_Grammatia_Athlitismou3 network-object object TAP network-object object DEAM network-object object Yp.Newt.Mnhmeiwn_Stereas_Elladas network-object object Byzntino_Mouseio_Thess network-object object 9EBA network-object object ieepka network-object object Byzantino_Mouseio_Athens network-object object 4EBAobject-group network olympia
Page 16
network-object object Byzantino_Mouseio_Athens network-object object Byzntino_Mouseio_Thess network-object object Yp.Newt.Mnhmeiwn_Stereas_Elladas group-object syzefxis_ranges network-object object 9EBA network-object object 9EBAproxy network-object object EAMobject-group network backup_clients network-object object antikytheramech network-object object APP-SRV network-object object Artemis network-object object digital-heritage network-object object archaeocadastre network-object object eds network-object object vm-iiswebsrv1 network-object object Amca network-object object Ayla network-object object CCP-EVA network-object object DPDWebSRV network-object object Festival network-object object GAMA-KPS network-object object MichaelWebSrv network-object object Olympia_Server network-object object ccp network-object object dptsite network-object object KASWebSRV network-object object AIGAI_WEBPAGE network-object object dptappsobject-group network kthmatologio_webservers network-object object kthmatologio_webserver1 network-object object kthmatologio_webserver2object-group service kthmatologio_web_ports service-object tcp destination eq www service-object object tcp_6080 service-object object tcp_8080 object-group service DM_INLINE_TCP_6 tcp port-object eq ldap port-object eq sqlnet port-object eq httpsaccess-list OUTSIDE_INBOUND remark Protect Smtp against specific attacker Chinaaccess-list OUTSIDE_INBOUND extended deny tcp object attacker-asia host 10.2.128.23 eq smtp access-list OUTSIDE_INBOUND extended permit tcp any object-group CultMAIL object-group DM_INLINE_TCP_1 access-list OUTSIDE_INBOUND extended permit tcp any object-group CultMAIL object-group DM_INLINE_TCP_2 access-list OUTSIDE_INBOUND extended permit tcp any object-group CultMAIL eq imap4 inactive access-list OUTSIDE_INBOUND extended permit tcp object-group SYZEYXIS_BRANCHES object-group CultMAIL eq 135 access-list OUTSIDE_INBOUND extended permit tcp any object CultEmailEDGE eq smtp inactive access-list OUTSIDE_INBOUND extended permit tcp any object ironport eq smtp access-list OUTSIDE_INBOUND remark *** ALLOW PACKETS FROM OUTSIDE INWARDS ***
Page 17
access-list OUTSIDE_INBOUND extended permit tcp any interface outside1 object-group common_ports access-list OUTSIDE_INBOUND extended permit esp host 10.179.115.174 interface outside1 access-list OUTSIDE_INBOUND extended permit udp host 10.179.115.174 interface outside1 eq isakmp access-list OUTSIDE_INBOUND extended permit udp host 10.179.115.174 interface outside1 eq 4500 access-list OUTSIDE_INBOUND extended permit tcp object-group protocol object APP-SRV object-group common_ports access-list OUTSIDE_INBOUND extended deny ip any object APP-SRV access-list OUTSIDE_INBOUND extended permit tcp object-group olympia object Olympia_Server object-group common_ports access-list OUTSIDE_INBOUND extended deny ip any object Olympia_Server access-list OUTSIDE_INBOUND extended permit ip object-group SYZEYXIS_BRANCHES 10.2.128.0 255.255.255.0 access-list OUTSIDE_INBOUND extended permit ip object-group misthodosia host 10.2.128.25 access-list OUTSIDE_INBOUND extended permit tcp object-group PHASES host 10.2.128.46 eq telnet access-list OUTSIDE_INBOUND extended permit tcp any 80.107.52.0 255.255.254.0 eq 2000 access-list OUTSIDE_INBOUND extended permit tcp any 80.107.52.0 255.255.254.0 eq 2001 access-list OUTSIDE_INBOUND extended permit tcp any 80.107.52.0 255.255.254.0 eq 2002 access-list OUTSIDE_INBOUND extended permit tcp any object-group WEBSERVERS object-group common_ports access-list OUTSIDE_INBOUND extended permit object-group kthmatologio_web_ports any object-group kthmatologio_webservers access-list OUTSIDE_INBOUND extended permit tcp any object SRVDeam1 eq 7777 access-list OUTSIDE_INBOUND extended permit tcp any object SRVDeam1 eq 7778 access-list OUTSIDE_INBOUND extended permit tcp any object SRVDeam1 eq 3389 access-list OUTSIDE_INBOUND extended permit tcp any object-group web_internal_servers object-group www_internal_servers access-list OUTSIDE_INBOUND extended permit udp object-group branches_dns_request object-group domain_controllers eq domain access-list OUTSIDE_INBOUND extended permit udp host 10.179.115.178 object-group domain_controllers eq dnsix access-list OUTSIDE_INBOUND extended permit udp host 10.7.128.169 host 10.2.128.66 eq 2055 access-list OUTSIDE_INBOUND extended permit object-group TCPUDP object SYZEYXIS??? object-group domain_controllers eq domain access-list OUTSIDE_INBOUND extended permit tcp object-group lotus_notes host 10.2.128.27 eq lotusnotes access-list OUTSIDE_INBOUND extended permit tcp object-group support host 10.2.128.33 eq www access-list OUTSIDE_INBOUND extended permit tcp 10.66.30.0 255.255.255.0 host 10.2.128.33 eq www access-list OUTSIDE_INBOUND extended permit tcp 10.34.44.0 255.255.254.0 host 10.2.128.33 eq www access-list OUTSIDE_INBOUND extended permit tcp 10.34.115.0 255.255.255.0 host 10.2.128.33 eq www
Page 18
access-list OUTSIDE_INBOUND extended permit tcp host 10.95.1.49 host 10.2.128.33 eq www access-list OUTSIDE_INBOUND extended permit tcp host 10.95.1.48 host 10.2.128.33 eq www access-list OUTSIDE_INBOUND extended permit tcp host 10.95.1.46 host 10.2.128.33 eq www access-list OUTSIDE_INBOUND extended permit tcp host 10.179.115.206 host 10.2.128.33 eq 8888 access-list OUTSIDE_INBOUND extended permit tcp host 10.95.1.51 host 10.2.128.33 eq www access-list OUTSIDE_INBOUND extended permit tcp 10.66.31.0 255.255.255.0 host 10.2.128.33 eq www access-list OUTSIDE_INBOUND extended permit tcp 10.66.32.0 255.255.255.0 host 10.2.128.33 eq www access-list OUTSIDE_INBOUND extended permit tcp 10.179.0.0 255.255.0.0 host 10.2.128.33 eq www access-list OUTSIDE_INBOUND extended permit tcp 10.131.75.0 255.255.255.0 host 10.2.128.33 eq www access-list OUTSIDE_INBOUND extended permit tcp 10.34.94.0 255.255.254.0 host 10.2.129.31 eq ftp access-list OUTSIDE_INBOUND extended permit tcp 10.34.94.0 255.255.254.0 host 10.2.129.31 eq ftp-data access-list OUTSIDE_INBOUND extended permit tcp object-group proxies_gen_gram_athlitismou host 10.2.128.46 eq www access-list OUTSIDE_INBOUND extended permit tcp object-group proxies_gen_gram_athlitismou host 10.2.128.46 eq telnet access-list OUTSIDE_INBOUND extended permit udp object-group ntp_clients_syzefxis host 10.2.146.50 eq ntp access-list DMZ1_INBOUND extended permit tcp 10.2.129.0 255.255.255.0 host 10.2.128.31 eq 8530 access-list DMZ1_INBOUND extended permit object-group TCPUDP 10.2.129.0 255.255.255.0 object-group domain_controllers eq domain access-list DMZ1_INBOUND extended permit object-group RPC 10.2.129.0 255.255.255.0 object-group domain_controllers access-list DMZ1_INBOUND extended permit object Microsoft-DS 10.2.129.0 255.255.255.0 10.2.128.0 255.255.255.0 access-list DMZ1_INBOUND extended permit object-group Avast 10.2.129.0 255.255.255.0 object Avast.culture.gr access-list DMZ1_INBOUND extended permit tcp object-group DM_INLINE_NETWORK_2 object-group DM_INLINE_NETWORK_8 object-group Oracle access-list DMZ1_INBOUND extended permit tcp object-group DM_INLINE_NETWORK_5 object-group DM_INLINE_NETWORK_6 object-group SQL access-list DMZ1_INBOUND extended permit tcp host 10.2.129.53 object artemis1 eq 1433 access-list DMZ1_INBOUND extended permit tcp object Olympia_Server object artemis1 eq 1433 access-list DMZ1_INBOUND extended permit tcp host 10.2.129.53 object artemis1 object-group SQL access-list DMZ1_INBOUND extended permit tcp object-group kthmatologio_webservers any object-group Oracle access-list DMZ1_INBOUND extended permit tcp object-group kthmatologio_webservers any object-group DM_INLINE_TCP_6 access-list DMZ1_INBOUND extended permit icmp object-group kthmatologio_webservers 10.2.128.0 255.255.255.0 echo access-list DMZ1_INBOUND extended permit tcp 10.2.129.0 255.255.255.0 10.2.132.0 255.255.252.0 eq www
Page 19
access-list DMZ1_INBOUND extended permit tcp 10.2.129.0 255.255.255.0 object CultTMG object-group PROXY access-list DMZ1_INBOUND extended permit udp 10.2.129.0 255.255.255.0 host 10.2.128.82 object-group DM_INLINE_UDP_1 access-list DMZ1_INBOUND extended permit tcp object-group WEBSERVERS object-group web_internal_servers object-group www_internal_servers access-list DMZ1_INBOUND extended permit tcp object-group WEB-SMTP-129 object Cultexmail1 eq smtp access-list DMZ1_INBOUND extended permit object-group DM_INLINE_SERVICE_1 object CultEmailEDGE object-group CultMAIL access-list DMZ1_INBOUND extended permit object-group TCPUDP object CultEmailEDGE object-group CultMAIL object-group EdgeSync access-list DMZ1_INBOUND extended permit tcp object dmz_ironport object-group CultMAIL eq smtp access-list DMZ1_INBOUND extended permit tcp object AIGAI_WEBPAGE object-group CultMAIL eq smtp access-list DMZ1_INBOUND extended permit tcp object-group Backup object-group DM_INLINE_NETWORK_4 object-group DM_INLINE_TCP_4 access-list DMZ1_INBOUND extended permit object backup_auth object-group backup_clients object Backup-Server access-list DMZ1_INBOUND extended permit tcp host 10.2.129.31 host 10.2.128.33 object-group common_ports access-list DMZ1_INBOUND extended permit ip host 10.2.129.31 host 10.2.128.39 access-list DMZ1_INBOUND extended permit ip object-group DMZ_HYPER-V object-group DM_INLINE_NETWORK_1 access-list DMZ1_INBOUND extended permit icmp 10.2.129.0 255.255.255.0 10.2.132.0 255.255.252.0 echo-reply access-list DMZ1_INBOUND extended permit icmp 10.2.129.0 255.255.255.0 10.2.128.0 255.255.255.0 echo-reply access-list DMZ1_INBOUND extended permit udp host 10.2.150.35 host 100.0.0.93 eq ntp access-list DMZ1_INBOUND extended permit tcp host 10.2.129.48 host 10.2.129.73 eq netbios-ssn access-list DMZ1_INBOUND extended permit udp host 10.2.129.53 any eq netbios-ns access-list DMZ1_INBOUND remark Allow nat from DMZ to SINAaccess-list DMZ1_INBOUND extended permit ip host 10.2.129.60 192.168.100.0 255.255.255.0 access-list DMZ1_INBOUND extended deny ip 10.2.129.0 255.255.255.0 10.2.132.0 255.255.252.0 access-list DMZ1_INBOUND extended deny ip 10.2.129.0 255.255.255.0 10.2.128.0 255.255.255.0 access-list DMZ1_INBOUND extended deny ip 10.2.129.0 255.255.255.0 10.7.80.0 255.255.255.0 access-list DMZ1_INBOUND extended deny ip 10.2.129.0 255.255.255.0 80.107.52.0 255.255.254.0 access-list DMZ1_INBOUND extended deny ip 10.2.129.0 255.255.255.0 10.2.141.0 255.255.255.0 access-list DMZ1_INBOUND extended deny ip 10.2.129.0 255.255.255.0 10.2.146.0 255.255.255.0 access-list DMZ1_INBOUND extended permit ip 10.2.129.0 255.255.255.0 any access-list DMZ1_INBOUND extended permit icmp any 10.2.132.0 255.255.252.0 echo-reply access-list DMZ1_INBOUND extended permit icmp any 10.7.80.0 255.255.255.0 echo-reply
Page 20
access-list DMZ1_INBOUND extended permit icmp any host 10.2.129.1 echo-reply access-list extended extended permit ip host 192.168.70.2 10.2.132.0 255.255.252.0 access-list extended extended permit icmp host 192.168.70.2 10.2.132.0 255.255.252.0 echo-reply access-list USERS_INSIDE_INBOUND remark Deny Access to Attacker Chinaaccess-list USERS_INSIDE_INBOUND extended deny tcp any object attacker-asia eq smtp access-list USERS_INSIDE_INBOUND extended permit tcp 10.2.132.0 255.255.252.0 object ironport1 object-group internal_to_ironport access-list USERS_INSIDE_INBOUND remark *** ALLOW FLOWS FROM INSIDE USERS TO OUTSIDE ***access-list USERS_INSIDE_INBOUND extended permit tcp 10.2.132.0 255.255.252.0 host 10.7.128.170 object-group common_ports access-list USERS_INSIDE_INBOUND extended permit ip 10.2.132.0 255.255.255.224 any access-list USERS_INSIDE_INBOUND extended permit icmp 10.2.132.0 255.255.255.224 any access-list USERS_INSIDE_INBOUND extended permit ip 10.2.150.0 255.255.255.224 host 10.2.132.1 access-list USERS_INSIDE_INBOUND extended deny ip 80.107.52.0 255.255.254.0 host 10.2.132.1 access-list USERS_INSIDE_INBOUND extended permit udp host 255.255.255.255 eq bootpc host 0.0.0.0 eq bootps access-list USERS_INSIDE_INBOUND remark *** DENY ACCESS TO WEBSERVERS (FACEBOOK, e.t.c) ***access-list USERS_INSIDE_INBOUND extended deny ip 10.2.132.0 255.255.252.0 object-group popular_webpages access-list USERS_INSIDE_INBOUND remark *** ALLOW TCP FLOWS ***access-list USERS_INSIDE_INBOUND extended permit tcp 10.2.132.0 255.255.252.0 any object-group allowed_users_ports access-list USERS_INSIDE_INBOUND remark *** ALLOW UDP FLOWS ***access-list USERS_INSIDE_INBOUND extended permit udp 10.2.132.0 255.255.252.0 any object-group allowed_users_ports_udp access-list USERS_INSIDE_INBOUND extended permit icmp 10.2.132.0 255.255.252.0 object-group domain_controllers access-list USERS_INSIDE_INBOUND extended deny icmp 10.2.132.0 255.255.252.0 80.107.52.0 255.255.254.0 access-list USERS_INSIDE_INBOUND extended deny icmp 10.2.132.0 255.255.252.0 80.107.53.0 255.255.255.0 access-list USERS_INSIDE_INBOUND remark *** FLOWS to 129 VLAN***access-list USERS_INSIDE_INBOUND extended permit tcp 10.2.132.0 255.255.252.0 object SRVDeam1 eq 7777 access-list USERS_INSIDE_INBOUND extended permit tcp 10.2.132.0 255.255.252.0 object SRVDeam1 eq 778 access-list USERS_INSIDE_INBOUND extended permit tcp 10.2.132.0 255.255.252.0 object YPPOWebSRV eq 7811 access-list USERS_INSIDE_INBOUND extended permit tcp 10.2.132.0 255.255.252.0 10.2.129.0 255.255.255.0 eq lotusnotes access-list USERS_INSIDE_INBOUND extended permit tcp 10.2.132.0 255.255.252.0 any eq ssh access-list USERS_INSIDE_INBOUND extended permit tcp 10.2.132.0 255.255.252.0 10.2.129.0 255.255.255.0 eq 445 access-list USERS_INSIDE_INBOUND extended permit udp 10.2.132.0 255.255.252.0 10.2.129.0 255.255.255.0 eq 445
Page 21
access-list USERS_INSIDE_INBOUND extended permit tcp 10.2.132.0 255.255.252.0 10.2.129.0 255.255.255.0 eq 3389 access-list USERS_INSIDE_INBOUND extended permit object tcp_8080 10.2.132.0 255.255.252.0 10.2.129.0 255.255.255.0 access-list USERS_INSIDE_INBOUND extended permit tcp 10.2.132.0 255.255.252.0 10.2.129.0 255.255.255.0 range 135 netbios-ssn access-list USERS_INSIDE_INBOUND remark *** ALLOW ALL FLOWS TO FLOWS to VLAN 128,300,70 VLAN***access-list USERS_INSIDE_INBOUND extended permit tcp 10.2.132.0 255.255.252.0 10.2.128.0 255.255.255.0 access-list USERS_INSIDE_INBOUND extended permit udp 10.2.132.0 255.255.252.0 10.2.128.0 255.255.255.0 access-list USERS_INSIDE_INBOUND extended permit tcp 10.2.132.0 255.255.252.0 10.2.146.0 255.255.255.0 access-list USERS_INSIDE_INBOUND extended permit tcp 10.2.132.0 255.255.252.0 192.168.70.0 255.255.255.0 access-list USERS_INSIDE_INBOUND remark Geniko Logistirio tou Kratous - Efarmoghaccess-list USERS_INSIDE_INBOUND extended permit tcp 10.2.132.0 255.255.252.0 host 84.205.246.147 eq 50201 access-list USERS_INSIDE_INBOUND extended permit tcp 10.2.132.0 255.255.252.0 host 84.205.246.147 eq 8002 access-list USERS_INSIDE_INBOUND extended permit object macromedia_flash_server 10.2.132.0 255.255.252.0 any access-list USERS_INSIDE_INBOUND remark *** Allow Protocols from Any to Any*access-list USERS_INSIDE_INBOUND extended permit tcp any any range 9100 9102 access-list USERS_INSIDE_INBOUND extended permit tcp any any eq 1782 access-list USERS_INSIDE_INBOUND extended permit udp any any eq 9100 access-list USERS_INSIDE_INBOUND extended permit icmp any any echo-reply access-list USERS_INSIDE_INBOUND extended permit tcp any any eq lpd access-list IPS extended permit ip any any access-list http_traffic extended deny tcp any host 10.2.129.53 eq www access-list http_traffic extended deny tcp 10.2.132.0 255.255.252.0 host 10.2.129.53 eq www access-list http_traffic extended permit tcp any any eq www access-list CONNS remark *** TCP CONNECTION LIMITS ***access-list CONNS extended permit ip any 10.2.129.0 255.255.255.0 access-list BOTNET_FILTER remark *** Classification for BOTNET Filtering ***access-list BOTNET_FILTER extended deny ip any 10.7.80.0 255.255.255.0 access-list BOTNET_FILTER extended permit ip any any access-list split_tunnel_staff remark Lan Serversaccess-list split_tunnel_staff standard permit 10.2.128.0 255.255.255.0 access-list split_tunnel_staff remark DMZ Serversaccess-list split_tunnel_staff standard permit 10.2.129.0 255.255.255.0 access-list split_tunnel_staff remark Lan Usersaccess-list split_tunnel_staff standard permit 10.2.132.0 255.255.252.0 access-list split_tunnel_staff standard permit 10.2.146.0 255.255.255.0 access-list split_tunnel_staff standard permit 10.7.80.0 255.255.255.0 access-list split_tunnel_staff remark Sina LANaccess-list split_tunnel_staff standard permit 192.168.100.0 255.255.255.0 access-list dmz_servers_2 remark ****DMZ ZONE 2 - SECURITY LEVEL 70****access-list dmz_servers_2 extended permit udp host 10.2.150.34 host 100.0.0.93 eq ntp
Page 22
access-list dmz_servers_2 extended permit eigrp host 10.2.150.34 interface DMZ_SINA access-list dmz_servers_2 extended permit udp host 10.2.150.35 host 100.0.0.93 eq ntp access-list dmz_servers_2 extended permit eigrp host 10.2.150.35 interface DMZ_SINA access-list dmz_servers_2 extended permit udp 192.168.99.0 255.255.255.0 host 100.0.0.93 eq ntp access-list dmz_servers_2 extended permit udp 192.168.99.0 255.255.255.0 host 10.2.128.21 eq dnsix access-list dmz_servers_2 extended permit udp 192.168.99.0 255.255.255.0 host 10.2.128.22 eq dnsix access-list dmz_servers_2 extended permit udp host 192.168.100.7 eq 135 host 10.2.128.73 access-list dmz_servers_2 extended permit udp 192.168.100.0 255.255.255.0 host 10.2.128.73 eq netbios-dgm access-list dmz_servers_2 extended permit udp 192.168.100.0 255.255.255.0 host 10.2.128.21 eq dnsix access-list dmz_servers_2 extended permit udp 192.168.100.0 255.255.255.0 host 10.2.128.22 eq dnsix access-list dmz_servers_2 extended permit udp 192.168.100.0 255.255.255.0 object CultDC1 eq domain access-list dmz_servers_2 extended permit udp 192.168.100.0 255.255.255.0 object CultDC1 eq netbios-ns access-list dmz_servers_2 extended permit udp 192.168.100.0 255.255.255.0 object CultDC2 eq domain access-list dmz_servers_2 extended permit udp 192.168.100.0 255.255.255.0 object CultDC2 eq netbios-ns access-list dmz_servers_2 extended deny ip object-group load_balance_networks 10.2.128.0 255.255.255.0 access-list dmz_servers_2 extended deny ip object-group load_balance_networks 10.2.132.0 255.255.252.0 access-list dmz_servers_2 extended deny ip object-group load_balance_networks 10.2.146.0 255.255.255.0 access-list dmz_servers_2 extended deny ip object-group load_balance_networks 10.2.142.0 255.255.255.0 access-list dmz_servers_2 extended deny ip object-group load_balance_networks 10.2.143.0 255.255.255.0 access-list dmz_servers_2 extended deny ip object-group load_balance_networks host 100.0.0.93 access-list dmz_servers_2 extended deny ip object-group load_balance_networks 10.7.80.0 255.255.255.0 access-list dmz_servers_2 extended deny ip object-group load_balance_networks 80.107.52.0 255.255.254.0 access-list dmz_servers_2 extended deny ip object-group load_balance_networks 10.2.129.0 255.255.255.0 access-list dmz_servers_2 extended permit ip any any access-list ktimatologio remark Allow only local Lan to Vpnaccess-list ktimatologio standard permit host 0.0.0.0 access-list ktimatologio_restrict extended permit ip any host 10.2.129.55 access-list ktimatologio_restrict extended permit icmp any host 10.2.129.55 access-list qos_lan_Servers extended permit tcp 10.2.128.0 255.255.255.0 10.2.129.0 255.255.255.0 eq 1433 access-list qos_lan_Servers extended permit udp 10.2.128.0 255.255.255.0 10.2.129.0 255.255.255.0 eq 1433
Page 23
access-list karitisi10_vpn extended permit ip 10.2.128.0 255.255.255.0 192.168.15.0 255.255.255.0 access-list karitisi10_vpn extended permit ip 10.2.129.0 255.255.255.0 192.168.15.0 255.255.255.0 access-list karitisi10_vpn extended permit ip 10.2.132.0 255.255.252.0 192.168.15.0 255.255.255.0 access-list karitisi10_vpn extended permit ip any 192.168.15.0 255.255.255.0 access-list split_tunnel_statistics remark allow webcensus.statistics.graccess-list split_tunnel_statistics standard permit host 10.16.128.120 access-list split_tunnel_statistics standard permit host 10.2.128.21 access-list split_tunnel_statistics standard permit host 10.2.128.22 access-list split_tunnel_statistics standard permit 10.16.128.0 255.255.255.0 access-list split_tunnel_statistics standard permit host 10.2.128.76 access-list aigai_access_list extended permit tcp 10.2.150.128 255.255.255.252 object AIGAI_WEBPAGE eq ftp-data access-list aigai_access_list extended permit tcp 10.2.150.128 255.255.255.252 object AIGAI_WEBPAGE eq ftp access-list aigai_access_list extended permit tcp 10.2.150.128 255.255.255.252 object AIGAI_WEBPAGE eq ssh access-list aigai_access_list extended permit tcp 10.2.150.128 255.255.255.252 host 10.2.129.56 object-group DM_INLINE_TCP_5 access-list aigai_access_list extended permit tcp 10.2.150.128 255.255.255.252 host 10.2.128.76 eq 8080 access-list aigai_access_list extended permit tcp 10.2.150.128 255.255.255.252 object CultDC1 eq domain access-list aigai_access_list extended permit tcp 10.2.150.128 255.255.255.252 object CultDC2 eq domain access-list aigai_access_list extended deny ip 10.2.150.128 255.255.255.252 10.2.128.0 255.255.255.0 access-list aigai_access_list extended deny ip 10.2.150.128 255.255.255.252 10.2.129.0 255.255.255.0 access-list aigai_access_list extended deny ip 10.2.150.128 255.255.255.252 10.2.132.0 255.255.252.0 access-list aigai_access_list extended permit ip any any access-list sina_admin_vpn extended permit ip any 192.168.100.0 255.255.255.0 access-list sina_admin_vpn extended permit tcp any object CultDC1 eq domain access-list sina_admin_vpn extended permit tcp any object CultTMG eq www access-list sina_admin_vpn extended permit tcp any object CultTMG eq 8080 access-list sina_admin_vpn extended deny tcp any host 10.2.128.0 object-group common_ports access-list sina_admin_vpn extended deny tcp any 10.7.80.0 255.255.255.0 object-group common_ports access-list sina_admin_vpn extended deny tcp any 10.2.132.0 255.255.252.0 object-group common_ports access-list sina_admin_vpn extended permit tcp any any object-group common_ports access-list slit_tunnel_aigai standard permit 10.2.128.0 255.255.255.0 access-list slit_tunnel_aigai standard permit 10.2.129.0 255.255.255.0 access-list spit_tunnel_mail remark mail server1access-list spit_tunnel_mail standard permit host 10.2.128.43 access-list spit_tunnel_mail remark mail server 2access-list spit_tunnel_mail standard permit host 10.2.128.72
Page 24
access-list spit_tunnel_mail remark dns1access-list spit_tunnel_mail standard permit host 10.2.128.21 access-list spit_tunnel_mail remark dns2access-list spit_tunnel_mail standard permit host 10.2.128.22 access-list spit_tunnel_mail remark proxyaccess-list spit_tunnel_mail standard permit host 10.2.128.76 access-list spit_tunnel_mail standard permit 10.2.128.0 255.255.255.0 access-list spit_tunnel_mail standard permit 10.2.129.0 255.255.255.0 access-list outlook_vpn extended permit object Mail-pop3 any host 10.2.128.43 access-list outlook_vpn extended permit object Mail-pop3 any object Cultexmail1 access-list outlook_vpn extended permit tcp any host 10.2.128.43 eq imap4 access-list outlook_vpn extended permit tcp any object Cultexmail1 eq imap4 access-list outlook_vpn extended permit tcp any host 10.2.128.43 eq smtp access-list outlook_vpn extended permit tcp any object Cultexmail1 eq smtp access-list outlook_vpn extended permit tcp any object CultTMG eq 8080 access-list outlook_vpn extended permit udp any object CultDC1 eq domain access-list outlook_vpn extended permit udp any object CultDC2 eq domain access-list outlook_vpn extended permit tcp any object-group domain_controllers eq domain access-list outlook_vpn extended permit tcp any object-group CultMAIL eq www access-list outlook_vpn extended permit tcp any object-group domain_controllers eq kerberos access-list outlook_vpn extended permit tcp any object-group domain_controllers eq 135 access-list outlook_vpn extended permit tcp any object-group CultMAIL eq https access-list lan_servers_list extended deny ip 10.2.128.0 255.255.255.0 80.107.52.0 255.255.254.0 access-list lan_servers_list extended deny icmp 10.2.128.0 255.255.255.0 80.107.52.0 255.255.254.0 access-list lan_servers_list extended permit ip any any access-list vpn_protocol_server extended permit tcp any object APP-SRV object-group common_ports access-list knowhow standard permit 10.2.128.160 255.255.255.224 access-list knowhow standard permit 10.2.129.160 255.255.255.224 access-list knowhow standard permit host 10.7.80.70 access-list knowhow standard permit host 10.7.80.71 access-list knowhow standard permit host 10.7.80.72 access-list knowhow standard permit host 10.2.128.21 access-list knowhow standard permit host 10.2.128.22 access-list knowhow standard permit host 10.2.128.76 access-list knowhow_ext extended permit ip 10.2.151.0 255.255.255.248 10.2.128.160 255.255.255.224 access-list knowhow_ext extended permit ip 10.2.151.0 255.255.255.248 10.2.129.160 255.255.255.224 access-list knowhow_ext extended permit ip 10.2.151.0 255.255.255.248 10.2.128.144 255.255.255.240 access-list knowhow_ext extended permit tcp 10.2.151.0 255.255.255.248 object CultDC1 eq domain access-list knowhow_ext extended permit tcp 10.2.151.0 255.255.255.248 object CultDC2 eq domain
Page 25
access-list knowhow_ext extended permit udp 10.2.151.0 255.255.255.248 object CultDC1 eq domain access-list knowhow_ext extended permit tcp 10.2.151.0 255.255.255.248 object CultTMG eq 8080 access-list knowhow_ext extended permit tcp 10.2.151.0 255.255.255.248 host 10.2.128.76 eq https access-list knowhow_ext extended permit ip 10.2.151.0 255.255.255.248 host 10.7.80.72 access-list knowhow_ext extended permit ip 10.2.151.0 255.255.255.248 host 10.7.80.71 access-list knowhow_ext extended permit ip 10.2.151.0 255.255.255.248 host 10.7.80.70 access-list knowhow_ext extended permit tcp 10.2.151.0 255.255.255.248 object CultTMG eq www access-list split_tunnel_compass standard permit 10.2.128.0 255.255.255.0 access-list vpn_compass extended permit ip any host 10.2.128.25 access-list vpn_compass extended permit udp any host 10.2.128.21 eq domain access-list vpn_compass extended permit udp any host 10.2.128.22 eq domain access-list vpn_compass extended permit ip any host 10.2.128.76 access-list 3p_vpn_acl extended permit ip any host 10.2.128.25 access-list 3p_vpn_acl extended permit ip any host 10.2.128.28 access-list 3p_vpn_acl extended permit ip any host 10.2.128.46 access-list 3p_vpn_acl extended permit ip any host 10.2.128.96 access-list 3p_vpn_acl extended permit icmp any host 10.2.128.96 access-list 3p_vpn_acl extended permit udp any host 10.2.128.21 eq domain access-list 3p_vpn_acl extended permit udp any host 10.2.128.22 eq domain access-list 3p_vpn_acl extended permit ip any host 10.2.128.76 access-list 3p_vpn_acl extended permit ip any object-group CultMAIL access-list 3p_vpn_acl extended deny ip any any access-list 3p_webacl webtype permit tcp host 10.2.128.25 eq ssh log defaultaccess-list 3p_webacl webtype permit tcp host 10.2.128.25 eq telnet log defaultaccess-list 3p_webacl webtype permit tcp host 10.2.128.25 eq www log defaultaccess-list 3p_webacl webtype permit tcp host 10.2.128.21 eq domain log defaultaccess-list 3p_webacl webtype permit tcp host 10.2.128.22 eq domain log defaultaccess-list 3p_webacl webtype permit tcp host 10.2.128.76 eq www log defaultaccess-list 3p_webacl webtype permit tcp host 10.2.128.76 eq domain log defaultaccess-list knowhow_wenacl webtype permit tcp 10.2.128.160 255.255.255.224 eq www log defaultaccess-list knowhow_wenacl webtype permit tcp 10.2.128.160 255.255.255.224 eq https log defaultaccess-list knowhow_wenacl webtype permit tcp 10.2.128.160 255.255.255.224 eq ssh log defaultaccess-list knowhow_wenacl webtype permit tcp host 10.2.128.76 eq 8080 log default
Page 26
access-list knowhow_wenacl webtype permit tcp host 10.2.128.76 eq www log defaultaccess-list knowhow_wenacl webtype permit tcp host 10.7.80.72 eq https log defaultaccess-list knowhow_wenacl webtype permit tcp host 10.7.80.72 eq ssh log defaultaccess-list knowhow_wenacl webtype permit tcp host 10.2.128.76 eq https log defaultaccess-list knowhow_wenacl webtype permit tcp host 10.2.128.21 eq domain log defaultaccess-list knowhow_wenacl webtype permit tcp host 10.2.128.22 eq domain log defaultaccess-list knowhow_wenacl webtype permit tcp 10.2.128.160 255.255.255.224 eq 3389 log defaultaccess-list protocol_webacl webtype permit tcp host 10.2.128.21 eq domain log disableaccess-list protocol_webacl webtype permit tcp host 10.2.128.22 eq domain log defaultaccess-list protocol_webacl webtype permit tcp host 10.2.128.76 eq 8080 log defaultaccess-list protocol_webacl webtype permit tcp host 10.2.129.53 eq www log defaultaccess-list protocol_webacl webtype permit tcp host 10.2.129.53 eq https log defaultaccess-list protocol_webacl webtype permit url http://protocol.yppo.gr/* log defaultaccess-list protocol_webacl webtype permit url https://protocol.yppo.gr/* log defaultaccess-list protocol_webacl webtype permit url http://test.protocol.yppo.gr/* log defaultaccess-list protocol_webacl webtype permit url https://test.ptotocol.yppo.gr/* log defaultaccess-list sinausers_webacl webtype permit tcp host 192.168.100.10 eq www log defaultaccess-list sinausers_webacl webtype permit tcp host 192.168.100.10 eq https log defaultaccess-list sinausers_webacl webtype permit tcp host 10.2.128.76 eq 8080 log defaultaccess-list sinausers_webacl webtype permit tcp host 10.2.128.76 eq www log defaultaccess-list sinausers_webacl webtype permit tcp host 10.2.128.76 eq https log defaultaccess-list sinausers_webacl webtype permit tcp host 10.2.128.21 eq domain log defaultaccess-list sinausers_webacl webtype permit tcp host 10.2.128.22 eq domain log defaultaccess-list sina_admin_weacl webtype permit url http://192.168.100.10 log defaultaccess-list sina_admin_weacl webtype permit url https://192.168.100.10 log defaultaccess-list sina_admin_weacl webtype permit url rdp://192.168.100.10 log defaultaccess-list sina_admin_weacl webtype permit url rdp://192.168.100.6 log defaultaccess-list sina_admin_weacl webtype permit url rdp://192.168.100.5 log default
Page 27
access-list sina_admin_weacl webtype permit tcp host 192.168.100.6 eq www log defaultaccess-list sina_admin_weacl webtype permit tcp host 192.168.100.6 eq 3389 log defaultaccess-list sina_admin_weacl webtype permit tcp host 192.168.100.6 eq https log defaultaccess-list sina_admin_weacl webtype permit tcp host 192.168.100.5 eq www log defaultaccess-list sina_admin_weacl webtype permit tcp host 192.168.100.5 eq https log defaultaccess-list sina_admin_weacl webtype permit tcp host 192.168.100.5 eq 3389 log defaultaccess-list sina_admin_weacl webtype permit url rdp2://192.168.100.10 log defaultaccess-list sina_admin_weacl webtype permit url rdp2://192.168.100.6 log defaultaccess-list sina_admin_weacl webtype permit url rdp2://192.168.100.5 log defaultaccess-list sina_admin_weacl webtype permit tcp host 10.2.128.21 eq domain log defaultaccess-list sina_admin_weacl webtype permit tcp host 10.2.128.22 eq domain log defaultaccess-list sina_admin_weacl webtype permit tcp host 10.2.128.76 eq www log defaultaccess-list aigai_weacl webtype permit tcp host 10.2.129.56 eq ftp-data log defaultaccess-list aigai_weacl webtype permit tcp host 10.2.129.56 eq www log defaultaccess-list aigai_weacl webtype permit tcp host 10.2.129.56 eq ftp log defaultaccess-list aigai_weacl webtype permit tcp host 10.2.129.56 eq https log defaultaccess-list aigai_weacl webtype permit tcp host 10.2.129.57 eq ftp-data log defaultaccess-list aigai_weacl webtype permit tcp host 10.2.129.56 eq ssh log defaultaccess-list aigai_weacl webtype permit tcp host 10.2.129.57 eq ftp log defaultaccess-list aigai_weacl webtype permit tcp host 10.2.129.57 eq www log defaultaccess-list aigai_weacl webtype permit tcp host 10.2.129.57 eq https log defaultaccess-list aigai_weacl webtype permit tcp host 10.2.128.21 eq domain log defaultaccess-list aigai_weacl webtype permit tcp host 10.2.128.22 eq domain log defaultaccess-list aigai_weacl webtype permit url rdp2://aigai.culture.gr log defaultaccess-list aigai_weacl webtype permit url rdp://aigai.culture.gr log defaultaccess-list aigai_weacl webtype permit url cifs://aigai.culture.gr log defaultaccess-list aigai_weacl webtype permit url ftp://aigai.culture.gr log defaultaccess-list gallery webtype permit tcp host 10.2.129.31 eq www log default
Page 28
access-list gallery webtype permit tcp host 10.2.129.31 eq https log defaultaccess-list gallery webtype permit tcp host 10.2.128.33 eq www log defaultaccess-list gallery webtype permit tcp host 10.2.128.33 eq https log defaultaccess-list elstat_webacl webtype permit tcp host 10.2.128.21 eq domain log defaultaccess-list elstat_webacl webtype permit tcp host 10.2.128.22 eq domain log defaultaccess-list elstat_webacl webtype permit tcp host 10.2.128.76 eq www log defaultaccess-list elstat_webacl webtype permit tcp host 10.2.128.76 eq https log defaultaccess-list elstat_webacl webtype deny tcp 10.2.128.0 255.255.255.0 log defaultaccess-list elstat_webacl webtype deny tcp 10.2.129.0 255.255.255.0 log defaultaccess-list elstat_webacl webtype deny tcp 10.2.132.0 255.255.252.0 log defaultaccess-list elstat_webacl webtype deny tcp 10.2.146.0 255.255.255.0 log defaultaccess-list elstat_webacl webtype deny tcp 192.168.0.0 255.255.0.0 log defaultaccess-list elstat_webacl webtype permit tcp any eq https log defaultaccess-list elstat_webacl webtype permit tcp any eq www log defaultaccess-list jstor_webacl webtype permit tcp host 10.2.128.21 eq domain log defaultaccess-list jstor_webacl webtype permit tcp host 10.2.128.22 eq domain log defaultaccess-list jstor_webacl webtype permit tcp host 194.66.22.38 eq www log defaultaccess-list jstor_webacl webtype permit tcp host 194.66.22.38 eq ftp log defaultaccess-list jstor_webacl webtype permit tcp host 194.66.22.38 eq ftp-data log defaultaccess-list jstor_webacl webtype permit url http://www.jstor.org log defaultaccess-list jstor_webacl webtype permit url http://www.jstor.org/action/ log defaultaccess-list jstor_webacl webtype permit url http://www.jstor.org/action/showAdvancedSearch log disableaccess-list jstor_webacl webtype permit url http://www.jstor.org/stable/ log defaultaccess-list jstor_webacl webtype permit url https://www.jstor.org log disableaccess-list jstor_webacl webtype permit url https://www.jstor.org/action/showAdvancedSearch log defaultaccess-list jstor_webacl webtype permit url ftp://www.jstor.org/stable/ log defaultaccess-list jstor_webacl webtype permit tcp host 198.108.24.38 eq www log disableaccess-list jstor_webacl webtype permit tcp host 198.108.24.38 eq https log disableaccess-list jstor_webacl webtype permit tcp host 198.108.24.38 eq ftp-data log disable
Page 29
access-list jstor_webacl webtype permit tcp host 198.108.24.38 eq ftp log disableaccess-list jstor_webacl webtype permit tcp host 198.108.24.43 eq login log disableaccess-list jstor_webacl webtype permit tcp host 50.16.205.53 eq www log disableaccess-list jstor_webacl webtype deny url any log disableaccess-list staff_webacl webtype permit tcp any eq www log defaultaccess-list staff_webacl webtype permit tcp any eq https log defaultaccess-list staff_webacl webtype permit tcp host 10.2.128.22 eq domain log defaultaccess-list staff_webacl webtype permit tcp host 10.2.128.21 eq domain log defaultaccess-list ktimatologio_webacl webtype permit url http://10.2.129.55 log defaultaccess-list ktimatologio_webacl webtype permit url cifs://10.2.129.55 log defaultaccess-list ktimatologio_webacl webtype permit url https://10.2.129.55 log defaultaccess-list ktimatologio_webacl webtype permit url ftp://10.2.129.55 log defaultaccess-list ktimatologio_webacl webtype permit url rdp://10.2.129.55 log defaultaccess-list ktimatologio_webacl webtype permit url rdp2://10.2.129.55 log defaultaccess-list ktimatologio_webacl webtype permit url ssh://10.2.129.55 log defaultaccess-list ktimatologio_webacl webtype permit url vnc://10.2.129.55 log defaultaccess-list sintirisi webtype permit url ftp://ftp.culture.gr log defaultaccess-list sintirisi webtype permit url http://ftp.culture.gr log defaultaccess-list sintirisi webtype permit url cifs://ftp.culture.gr log defaultaccess-list sintirisi webtype permit tcp host 10.2.128.31 eq ftp log defaultaccess-list sintirisi webtype permit tcp host 10.2.128.31 eq ftp-data log defaultaccess-list sintirisi webtype permit tcp host 10.2.128.31 log defaultaccess-list sintirisi webtype permit tcp host 10.2.128.21 eq domain log defaultaccess-list sintirisi webtype permit tcp host 10.2.128.76 eq www log defaultaccess-list antikytheramech_webacl webtype permit url ftp://antikytheramech.culture.gr log defaultaccess-list antikytheramech_webacl webtype permit url ftp://10.2.129.56 log defaultaccess-list antikytheramech_webacl webtype permit tcp host 10.2.129.56 eq ftp log defaultaccess-list antikytheramech_webacl webtype permit tcp host 10.2.129.56 eq ftp-data log defaultaccess-list antikytheramech_webacl webtype permit tcp host 10.2.129.56 eq ssh log defaultaccess-list antikytheramech_webacl webtype permit tcp host 10.2.128.21 eq domain log default
Page 30
access-list antikytheramech_webacl webtype permit tcp host 10.2.128.76 eq www log defaultaccess-list antikytheramech_webacl webtype permit tcp host 10.2.128.76 eq https log defaultaccess-list antikytheramech_webacl webtype permit url http://antikytheramech.culture.gr log defaultaccess-list antikytheramech_webacl webtype permit url http://10.2.129.56 log defaultaccess-list antikytheramech_webacl webtype permit url https://antikytheramech.culture.gr log defaultaccess-list antikytheramech_webacl webtype permit url https://10.2.129.56 log defaultpager lines 24logging enablelogging timestamplogging buffered informationallogging trap warningslogging asdm informationallogging host lan_Servers 10.2.128.39logging permit-hostdownmtu outside1 1500mtu outside2 1500mtu internal_users 1500mtu inside_data 1500mtu inside_admin 1500mtu DMZ_SINA 1500mtu DMZ_OPEP 1500mtu dmz_webservers 1500mtu lan_Servers 1500mtu management 1500ip local pool knowhow 10.2.151.1-10.2.151.6 mask 255.255.255.248ip local pool ktimatologio 10.2.150.73-10.2.150.74 mask 255.255.255.252ip local pool mail 10.2.150.193-10.2.150.254 mask 255.255.255.192ip local pool staff 10.2.150.2-10.2.150.30 mask 255.255.255.224ip local pool sina_admin2 10.2.149.240-10.2.149.254ip local pool sina_admin 10.2.150.65-10.2.150.70 mask 255.255.255.248ip local pool antikytheramech 10.2.150.133-10.2.150.134 mask 255.255.255.252ip local pool 3p 10.2.151.17-10.2.151.22 mask 255.255.255.248ip local pool aigai 10.2.150.129-10.2.150.130 mask 255.255.255.252ip local pool compass 10.2.151.9-10.2.151.14 mask 255.255.255.248ip local pool statistics 10.2.150.97-10.2.150.126 mask 255.255.255.224no failovericmp unreachable rate-limit 1 burst-size 1icmp permit any outside1icmp permit any outside2icmp permit any internal_usersicmp permit any inside_dataicmp permit any inside_adminicmp permit any DMZ_SINAicmp permit 10.2.132.0 255.255.255.0 DMZ_SINAicmp permit any dmz_webserversicmp permit any lan_Serversasdm image disk0:/asdm-641.binasdm history enablearp timeout 14400
Page 31
nat (outside1,lan_Servers) source static syzefxis_ranges syzefxis_ranges destination static CultMAIL CultMAIL!object network Cultexmail-1 nat (lan_Servers,outside1) static 10.7.128.172 service tcp pop3 pop3 object network Cultexmail-2 nat (lan_Servers,outside1) static 10.7.128.172 service tcp www www object network CultEmailEDGE nat (dmz_webservers,outside1) static 10.7.128.172 service tcp smtp smtp object network Cultexmail-3 nat (lan_Servers,outside1) static 10.7.128.172 service tcp imap4 imap4 object network Cultexmail-4 nat (lan_Servers,outside1) static 10.7.128.172 service tcp https https object network Cultexmail-5 nat (lan_Servers,outside1) static 10.7.128.172 service tcp 135 135 access-group OUTSIDE_INBOUND in interface outside1access-group USERS_INSIDE_INBOUND in interface internal_usersaccess-group dmz_servers_2 in interface DMZ_SINAaccess-group DMZ1_INBOUND in interface dmz_webserversaccess-group lan_servers_list in interface lan_Servers!router eigrp 10 no auto-summary network 10.2.150.32 255.255.255.224 passive-interface default no passive-interface DMZ_SINA!route outside1 0.0.0.0 0.0.0.0 10.7.128.169 1route inside_data 10.2.132.0 255.255.252.0 10.2.146.3 1route inside_data 10.2.141.0 255.255.255.0 10.2.146.3 1route inside_data 10.2.142.0 255.255.255.0 10.2.146.3 1route inside_data 10.2.143.0 255.255.255.0 10.2.146.3 1route inside_data 10.2.145.0 255.255.255.0 10.2.146.3 1route inside_data 10.2.151.64 255.255.255.252 10.2.146.3 1route inside_data 10.7.80.0 255.255.255.0 10.2.146.3 1route inside_data 46.4.107.39 255.255.255.255 10.2.146.2 1route inside_data 74.208.97.105 255.255.255.255 10.2.146.2 1route inside_data 74.208.97.139 255.255.255.255 10.2.146.2 1route inside_data 85.25.6.48 255.255.255.255 10.2.146.2 1route inside_data 87.106.160.52 255.255.255.255 10.2.146.2 1route inside_data 100.0.0.93 255.255.255.255 10.2.146.3 1route outside1 192.168.15.0 255.255.255.0 10.179.115.174 1route inside_data 192.168.85.0 255.255.255.0 10.2.146.2 1route inside_data 193.104.218.81 255.255.255.255 10.2.146.2 1route inside_data 193.105.109.110 255.255.255.255 10.2.146.2 1route inside_data 206.253.225.13 255.255.255.255 10.2.146.2 1route inside_data 206.253.225.16 255.255.255.255 10.2.146.2 1route inside_data 206.253.225.17 255.255.255.255 10.2.146.2 1route inside_data 208.83.138.31 255.255.255.255 10.2.146.2 1route inside_data 212.205.126.25 255.255.255.255 10.2.146.2 1route inside_data 212.205.126.80 255.255.255.255 10.2.146.2 1route inside_data 212.227.53.223 255.255.255.255 10.2.146.2 1timeout xlate 3:00:00timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
Page 32
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolutetimeout tcp-proxy-reassembly 0:01:00timeout floating-conn 0:00:00dynamic-access-policy-record DfltAccessPolicyaaa-server tacacs_plus protocol tacacs+aaa-server tacacs_plus (inside_data) host 10.2.146.50 key XXXXaaa-server rad_statistics protocol radiusaaa-server rad_statistics (lan_Servers) host 10.2.128.39 key XXXXaaa-server rad2 protocol radiusaaa-server rad2 (lan_Servers) host 10.2.128.86 key XXXXXuser-identity default-domain LOCALaaa authentication ssh console LOCAL aaa authentication http console LOCAL http server enablehttp 192.168.1.0 255.255.255.0 managementhttp 10.2.132.0 255.255.255.224 internal_usershttp 10.2.128.65 255.255.255.255 lan_Servershttp 10.2.146.50 255.255.255.255 inside_datahttp 10.2.146.2 255.255.255.255 inside_datahttp 10.2.150.0 255.255.255.224 inside_datahttp 10.2.128.66 255.255.255.255 lan_Servershttp 10.2.132.12 255.255.255.255 internal_usershttp redirect outside1 80snmp-server host lan_Servers 10.2.128.82 community Ciscono snmp-server locationno snmp-server contactsnmp-server community Ciscosnmp-server enable traps snmp authentication linkup linkdown coldstartcrypto ipsec ikev1 transform-set myset_karitsi10_l2l esp-aes esp-sha-hmac crypto ipsec ikev2 ipsec-proposal DES protocol esp encryption des protocol esp integrity sha-1 md5crypto ipsec ikev2 ipsec-proposal 3DES protocol esp encryption 3des protocol esp integrity sha-1 md5crypto ipsec ikev2 ipsec-proposal AES protocol esp encryption aes protocol esp integrity sha-1 md5crypto ipsec ikev2 ipsec-proposal AES192 protocol esp encryption aes-192 protocol esp integrity sha-1 md5crypto ipsec ikev2 ipsec-proposal AES256 protocol esp encryption aes-256 protocol esp integrity sha-1 md5crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DEScrypto map mymap_karitisi10 10 match address karitisi10_vpncrypto map mymap_karitisi10 10 set peer 10.179.115.174 crypto map mymap_karitisi10 10 set ikev1 transform-set myset_karitsi10_l2l
Page 33
crypto map mymap_karitisi10 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAPcrypto map mymap_karitisi10 interface outside1crypto map mymap_karitsi 10 set reverse-routecrypto ca trustpoint SSLVPN enrollment self subject-name CN=asayppoXXXX.XXXXX.XXXX,OU=XX,O=XXXX,C=GR serial-number keypair sslvpnkeypair crl configurecrypto ca trustpoint LOCAL-CA-SERVER keypair LOCAL-CA-SERVER crl configurecrypto ca server lifetime ca-certificate 3650 keysize 2048 keysize server 2048 smtp from-address [email protected] publish-crl outside1 80crypto ca certificate map StaffCertificateMap 9 subject-name attr ou eq staffcrypto ca certificate chain SSLVPN certificate d4594e4e 30820376 3082025e a0030201 020204d4 594e4e30 0d06092a 864886f7 0d010105 0500307d 310b3009 06035504 06130247 52310d30 0b060355 040a1304 5950504f 310b3009 06035504 0b130249 54311b30 19060355 04031312 61736179 70706f2e 63756c74 7572652e 67723135 30120603 55040513 0b4a4d58 31353135 4c304a4d 301f0609 2a864886 f70d0109 02161261 73617970 706f2e63 756c7475 72652e67 72301e17 0d313130 38323431 30353330 345a170d 32313038 32313130 35333034 5a307d31 0b300906 03550406 13024752 310d300b 06035504 0a130459 50504f31 0b300906 0355040b 13024954 311b3019 06035504 03131261 73617970 706f2e63 756c7475 72652e67 72313530 12060355 0405130b 4a4d5831 3531354c 304a4d30 1f06092a 864886f7 0d010902 16126173 61797070 6f2e6375 6c747572 652e6772 30820122 300d0609 2a864886 f70d0101 01050003 82010f00 3082010a 02820101 00b381c4 026ad310 83a61c1c a1c04873 ec66727d 9612d600 4e77addf ad4af235 08dd16e8 75cf7667 48bf7e1a 361cfa34 9c3cb84e 8e55e14a ac3b8315 e571d87a c2a6c040 756be687 9e39c98a 1d4df5e9 83d58c61 745ae098 f1c8b5be ad390d52 49ec1540 cc7569b7 452c9e2f 56e9ebfb 42b073b5 aa3079ef 75ea9628 cbf672fa 20390d76 34ceeabb 83144f63 7a5a1ada 55336cbc 2c8a659a f64a6bbb ddd4b32b a677e319 cc0cf85e a0440b6d c1d6844f a22f910e c035af1d 346ae43a 244eb1b6
Page 34
684233f9 75a6f857 92c72dc6 974464a5 abf60e59 a3d513e5 0610a827 db4a43a0 f4f28f5b d343aa66 a53a99fe 55e163af df79a30d d374eb88 19fdc2e1 3f24dca8 83020301 0001300d 06092a86 4886f70d 01010505 00038201 01004028 0ea5a889 0528f8e1 a55cf991 61fe4ced 3c875c9e f9b0c955 0017e945 3cef0ee4 b1f01ce0 e6a270ba 11fde1bc 2d73361a c2d6cfa9 01d30bf5 4a71a43e b6b9e103 df408ffc aa2386ee 079769e1 0a6f0a18 9950820d 6cfd5ecf ea4073b7 77b5d2cc a5d036ce 2988a328 5f6484ee 1517e226 ff1d80aa 6e353e28 70fb5f35 e0d77857 36faa3ea d83c059e cdc13c12 c8d6a488 02cdadc6 0d6e341d 584335ac d1c07ad3 5e956b84 4d455ab1 fb11cea1 594173d7 218e5e4f a027684b 2cf92e5c 0aeaa733 396d1fad b8768834 106a7f9f 025a9ff3 2917cbbe d6959a3f 0beec808 545c1672 a7d6f497 9963cbeb c29b2d43 8182019b 05e64877 2dd9f808 54e492bc 089c quitcrypto ca certificate chain LOCAL-CA-SERVER certificate ca 01 30820318 30820200 a0030201 02020101 300d0609 2a864886 f70d0101 05050030 1d311b30 19060355 04031312 61736179 70706f2e 63756c74 7572652e 6772301e 170d3132 30353033 31323036 34315a17 0d313530 35303331 32303634 315a301d 311b3019 06035504 03131261 73617970 706f2e63 756c7475 72652e67 72308201 22300d06 092a8648 86f70d01 01010500 0382010f 00308201 0a028201 0100e850 9f5fe410 d3887957 3cbf879d 71f738a7 faef548f 9b942e26 7725e9f9 3dfc5c58 52502026 11482322 6c460f56 9f9601a0 ef1d698b 7e7201fc c18bd462 e41cb070 71c4fcbd 785341de 0c1dae48 33d463b2 284cbd56 1189f08a 992182d9 4e51a0e0 fa6e02b4 7fe6f2f6 a097ce03 7d01e2b8 9fddd57c a915441b 6b4f48a1 fec8deff ff4bab43 e7ad9774 176cde71 8cfafc8b 83efac0e f8531e8f 24358360 f600edc8 d9797456 cd5898fe c6dcd9b1 4c9d681a f9171217 e74ff907 32dfbfd9 ae6cad3b 894dfebb f72252c4 6868a72c 04e8aced 43f68890 6c730644 fc98365a b715fe0c f0e4eead a628e881 0afc9951 8a78ff13 8ba9c787 42c8a69a f4b49d9c 06cb0203 010001a3 63306130 0f060355 1d130101 ff040530 030101ff 300e0603 551d0f01 01ff0404 03020186 301f0603 551d2304 18301680 14b5abe3 3ef10b7d 8be7383f 592499f7 7f96f2b8 8f301d06 03551d0e 04160414 b5abe33e f10b7d8b e7383f59
Page 35
2499f77f 96f2b88f 300d0609 2a864886 f70d0101 05050003 82010100 015d0164 7d071844 6f87eacb 84519cec 78a77e87 22aa17fe c47a26d7 0a57723f 53702e54 a47e037a 0427519b 980e8b4b 91729a7a ce3995c2 c16ec38e 78def4f0 cd6c8f6a 28dd6eb2 42d75264 5013bb32 a9c329e0 b5daf59c 62db09a4 48134d43 86a560db 2c09d1ab be1c5024 5cff65a9 7dbcd89f 5de5ff87 0954e82c 68ff9d84 b4bb68c1 184c3ea5 da3f166d d88d5c1d 9d2f1cd6 546e2430 b04506be f1f5f11a e8eb8608 6e034139 7618e760 3084e292 ecdd6a14 8d7f448f 056d4dc0 29f97b13 f71c0516 7f39945e 24a0b42e 0651cacd a5523786 42efd48f ed280a87 e1052b44 aa403364 324ebe77 1eda8ddc e143a066 2a762de4 64a7643e efaaec03 701e8620 quitcrypto ikev2 policy 1 encryption aes-256 integrity sha group 5 prf sha lifetime seconds 86400crypto ikev2 policy 10 encryption aes-192 integrity sha group 5 prf sha lifetime seconds 86400crypto ikev2 policy 20 encryption aes integrity sha group 5 prf sha lifetime seconds 86400crypto ikev2 policy 30 encryption 3des integrity sha group 5 prf sha lifetime seconds 86400crypto ikev2 policy 40 encryption des integrity sha group 5 prf sha lifetime seconds 86400crypto ikev2 enable outside1 client-services port 443crypto ikev2 remote-access trustpoint SSLVPNcrypto ikev1 enable outside1crypto ikev1 policy 10 authentication pre-share encryption aes hash sha group 2 lifetime 86400
Page 36
telnet timeout 5ssh scopy enablessh 10.2.132.18 255.255.255.255 internal_usersssh 10.2.132.10 255.255.255.255 internal_usersssh 10.2.132.12 255.255.255.255 internal_usersssh 0.0.0.0 0.0.0.0 inside_datassh 10.2.146.2 255.255.255.255 inside_datassh 10.2.146.50 255.255.255.255 inside_datassh 10.2.150.0 255.255.255.224 inside_datassh 10.2.132.0 255.255.255.255 inside_adminssh 10.2.128.65 255.255.255.255 lan_Serversssh 10.2.128.66 255.255.255.255 lan_Serversssh timeout 30ssh version 2console timeout 0management-access inside_datadhcpd address 192.168.1.2-192.168.1.254 management!dhcprelay server 10.2.128.21 lan_Serversdhcprelay server 10.2.128.22 lan_Serversdhcprelay server 10.2.128.18 lan_Serversdhcprelay enable internal_usersdhcprelay setroute internal_usersdhcprelay timeout 60priority-queue lan_Servers queue-limit 1024 tx-ring-limit 256threat-detection basic-threatthreat-detection statistics hostthreat-detection statistics port number-of-rate 3threat-detection statistics protocol number-of-rate 3threat-detection statistics access-listno threat-detection statistics tcp-interceptdynamic-filter updater-client enabledynamic-filter use-databasedynamic-filter enable interface outside1 classify-list BOTNET_FILTERdynamic-filter enable interface lan_Servers classify-list BOTNET_FILTERdynamic-filter drop blacklist interface outside1 dynamic-filter drop blacklist interface lan_Servers dynamic-filter whitelist address 83.235.173.112 255.255.255.255ntp authentication-key 1 md5 XXXXXntp authenticatentp trusted-key 1ntp server 100.0.0.93 key 1 source inside_datassl trust-point SSLVPN outside1webvpn enable outside1 http-proxy 10.2.128.76 8080 exclude *.XXXXXX.gr https-proxy 10.2.128.76 8080 exclude *.XXXXXX.gr csd image disk0:/csd_3.5.2008-k9.pkg csd enable anyconnect image disk0:/anyconnect-win-3.0.3054-k9.pkg 1 anyconnect image disk0:/anyconnect-macosx-i386-3.0.3054-k9.pkg 2 regex "Intel Mac OS X" anyconnect image disk0:/anyconnect-linux-3.0.3054-k9.pkg 3 regex "Linux"
Page 37
anyconnect profiles 3p disk0:/3p.xml anyconnect profiles aigai disk0:/aigai.xml anyconnect profiles antikytherameck disk0:/antikytherameck.xml anyconnect profiles compass disk0:/compass.xml anyconnect profiles knowhow disk0:/knowhow.xml anyconnect profiles ktimatologio disk0:/ktimatologio.xml anyconnect profiles mail disk0:/mail.xml anyconnect profiles sina_Admin disk0:/sina_admin.xml anyconnect profiles staff disk0:/staff.xml anyconnect profiles statistics disk0:/statistics.xml anyconnect enable
!class-map type inspect http match-any URLBLOCKLIST match request header host regex regex1 match request header host regex regex2 match request header host regex regex3 match request header host regex regex4 match request header host regex regex5 match request header host regex regex6 match request header host regex regex7 match request header host regex regex8 match request header host regex regex9 match request header host regex regex10 match request header host regex regex11 match request header host regex regex12 match request header host regex regex13 match request header host regex regex15 match request header host regex regex16 match request header host regex regex17 match request header host regex regex14 match request header host regex regex18 match request header host regex regex19 match request header host regex regex20class-map CONNS match access-list CONNSclass-map sql_priority match access-list qos_lan_Serversclass-map inspection_default match default-inspection-trafficclass-map ips match access-list IPSclass-map http_traffic match access-list http_trafficclass-map botnet_filter_dns_snooping match port udp eq domain!!policy-map type inspect dns preset_dns_map parameters message-length maximum client auto message-length maximum 512policy-map type inspect http BLOCKURLLIST parameters class URLBLOCKLIST drop-connection log
Page 38
policy-map inside_policy class http_traffic inspect http BLOCKURLLIST policy-map global_policy class inspection_default inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect sqlnet inspect skinny inspect xdmcp inspect sip inspect netbios inspect tftp inspect ip-options inspect dcerpc inspect ils inspect dns preset_dns_map inspect icmp policy-map CONNS class CONNS set connection embryonic-conn-max 500 set connection timeout embryonic 0:20:00 policy-map botnet_filter_dns_snooping class botnet_filter_dns_snooping inspect dns dynamic-filter-snoop class sql_priority prioritypolicy-map my-ips-policy class ips ips inline fail-open class botnet_filter_dns_snooping inspect dns dynamic-filter-snoop !service-policy global_policy globalservice-policy my-ips-policy interface outside1service-policy inside_policy interface internal_usersservice-policy CONNS interface dmz_webserversservice-policy botnet_filter_dns_snooping interface lan_Serverssmtp-server 10.2.128.72prompt hostname context no call-home reporting anonymouscall-home profile CiscoTAC-1 no active destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address email [email protected] destination transport-method http subscribe-to-alert-group diagnostic subscribe-to-alert-group environment subscribe-to-alert-group inventory periodic monthly subscribe-to-alert-group configuration periodic monthly subscribe-to-alert-group telemetry periodic dailyhpm topN enable
Page 39
Cryptochecksum:44ff84905eac8b50158ed9fa89618e87: end
