Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
109 lines (91 sloc) 2.91 KB
show crypto key mypubkey rsa
! remove factory default key
crypto key zeroize rsa label <Default-RSA-Key>.server
delete /noconfirm disk0:upgrade_startup_errors_*.log
hostname fw01.corp.example.com
domain-name corp.example.com
crypto key generate rsa modulus 2048
banner login YOUR WARNING BANNER GOES HERE
banner login YOUR WARNING BANNER GOES HERE
banner login YOUR WARNING BANNER GOES HERE
banner login YOUR WARNING BANNER GOES HERE
banner login YOUR WARNING BANNER GOES HERE
banner login YOUR WARNING BANNER GOES HERE
banner exec YOUR WARNING BANNER GOES HERE
banner exec YOUR WARNING BANNER GOES HERE
banner exec YOUR WARNING BANNER GOES HERE
banner exec YOUR WARNING BANNER GOES HERE
banner asdm YOUR WARNING BANNER GOES HERE
banner asdm YOUR WARNING BANNER GOES HERE
banner asdm YOUR WARNING BANNER GOES HERE
banner asdm YOUR WARNING BANNER GOES HERE
logging enable
logging timestamp
logging standby
logging buffer-size 32768
logging console critical
logging history informational
logging monitor informational
logging buffered informational
logging trap informational
logging asdm informational
interface GigabitEthernet 0/0
nameif outside
exit
interface GigabitEthernet 0/1
nameif inside
exit
! Change to your log server IP
logging host management 10.1.1.21
! Change these values to your environment's need
username this-is-temp password This-is-a-TEMP-value-CHANGE-BEFORE-deployment!
enable password CHANGE-this-BEFORE-deployment!
aaa authentication ssh console LOCAL
! Change to your NTP server IPs
ntp server 10.1.1.31 prefer
ntp server 10.1.1.32
ip verify reverse-path interface outside
ip verify reverse-path interface inside
icmp deny any outside
! Change to your network management subnet or access host IP
icmp permit host 10.1.2.11 management
console timeout 10
ssh timeout 10
ssh version 2
ssh key-exchange group dh-group14-sha1
ssh cipher encryption fips
ssh cipher integrity fips
class-map inspection_default
match default-inspection-traffic
policy-map global_policy
class inspection_default
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sunrpc
inspect tftp
inspect xdmcp
inspect ip-options
inspect icmp
inspect icmp error
no inspect sqlnet
exit
exit
no service resetoutbound interface outside
threat-detection basic-threat
ssl encryption aes256-sha1 aes128-sha1
prompt hostname priority state
no logging hide username
ssl server-version tlsv1
ssl cipher default custom "DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:AES256-SHA:AES128-SHA"
ssl cipher tlsv1 custom "DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:AES256-SHA:AES128-SHA"
ssl cipher tlsv1.1 custom "DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:AES256-SHA:AES128-SHA"
ssl cipher tlsv1.2 custom "DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:AES256-SHA:AES128-SHA"
ssl cipher dtlsv1 custom "DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:AES256-SHA:AES128-SHA"
ssl dh-group group14
ssl ecdh-group group21
You can’t perform that action at this time.