Cisco Cisco Identity Services Engine 1.3 プリント

 

 
 

Cisco Systems © 2015 

19 페이지  

보안

 액세스 방법 가이드 

access-list pre-posture remark exclude ISE PSN Servers 

access-list pre-posture extended deny ip any host 2.2.2.2  

access-list pre-posture remark Permit ALL Traffic 

access-list pre-posture extended permit ip any any  

access-list pre-posture extended permit ip any object ocsp.quovadisglobal.com log  

access-list test extended permit icmp any any  

access-list 101 extended permit icmp any any  

access-list test101 extended permit ip any4 any4  

pager lines 24 

mtu outside 1500 

mtu inside 1500 

icmp unreachable rate-limit 1 burst-size 1 

icmp permit any outside 

asdm image disk0:/asdm-731-101.bin 

no asdm history enable 

arp timeout 14400 

no arp permit-nonconnected 

route outside 0.0.0.0 0.0.0.0 1.1.1.1 1 

route inside 10.19.151.208 255.255.255.240 1.1.1.103 1 

route inside 0.0.0.0 0.0.0.0 1.1.1.103 tunneled 

timeout xlate 3:00:00 

timeout pat-xlate 0:00:30 

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute 

timeout tcp-proxy-reassembly 0:01:00 

timeout floating-conn 0:00:00 

aaa-server RADIUS-SERVERS protocol radius 

 accounting-mode simultaneous 

 interim-accounting-update 

 max-failed-attempts 5 

 merge-dacl before-avpair 

 dynamic-authorization 

aaa-server RADIUS-SERVERS (inside) host 2.2.2.2 

 timeout 21 

 key ***** 

 authentication-port 1812 

 accounting-port 1813 

 radius 

-common-pw ***** 

 acl-netmask-convert auto-detect 

acl-netmask-convert auto-detect 

aaa-server OTP protocol radius 

aaa-server OTP (inside) host 10.35.48.251 

 key ***** 

aaa-server OTP_ETE protocol radius 

aaa-server OTP_ETE (inside) host 10.35.50.200 

 key ***** 

 radius-common-pw ***** 

user-identity default-domain LOCAL 

aaa authentication http console LOCAL  

aaa authentication ssh console MGMT-RBAC LOCAL 

http server enable 8443 

http 0.0.0.0 0.0.0.0 inside 

no snmp-server location 

no snmp-server contact 

service resetoutside 

crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac  

crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac  

crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac  

crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac  

crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac  

crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac  

crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac  

crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac  

crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac  

crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac  

crypto ipsec ikev2 ipsec-proposal ESP 

 protocol esp encryption aes-gcm-256 aes-gcm-192 

 protocol esp integrity sha-256 sha-1 

crypto ipsec ikev2 ipsec-proposal AES256