examples/device-simulation/yaml/asa_5512_9.12-4-67_single-context.yaml
---
init_prompt: |-
.
Sample asa configuration with single context
Provided by @robertcheramy
.
User oxidzed logged in to LAB-ASA12-Oxidized-IPv6
Logins over the last 91 days: 21. Last login: 20:01:14 CEST Oct 21 2024 from 10.42.0.17
Failed logins since the last login: 0. \x20
Type help or '?' for a list of available commands.
\rLAB-ASA12-Oxidized-IPv6>\x20
commands:
enable: |-
enable
Password: ******************
\rLAB-ASA12-Oxidized-IPv6#\x20
terminal pager 0: |-
terminal pager 0
\rLAB-ASA12-Oxidized-IPv6#\x20
show mode: |-
show mode
Security context mode: single\x20
\rLAB-ASA12-Oxidized-IPv6#\x20
show version: |-
show version
Cisco Adaptive Security Appliance Software Version 9.12(4)67\x20
SSP Operating System Version 2.6(1.272)
Compiled on Thu 14-Mar-24 18:01 GMT by builders
System image file is \"disk0:/asa9-12-4-67-smp-k8.bin\"
Config file at boot was \"startup-config\"
LAB-ASA12-Oxidized-IPv6 up 173 days 16 hours
Hardware: ASA5512, 4096 MB RAM, CPU Clarkdale 2800 MHz, 1 CPU (2 cores)
ASA: 1666 MB RAM, 1 CPU (1 core)
Internal ATA Compact Flash, 4096MB
BIOS Flash MX25EEEEEE @ 0xffbb0000, 8192KB
Encryption hardware device : Cisco ASA Crypto on-board accelerator (revision 0x1)
Boot microcode : CNPx-MC-BOOT-2.00
SSL/IKE microcode : CNPx-MC-SSL-SB-PLUS-0005
IPSec microcode : CNPx-MC-IPSEC-MAIN-0026
Number of accelerators: 1
Baseboard Management Controller (revision 0x1) Firmware Version: 2.4
0: Int: Internal-Data0/0 : address is c08c.cafe.7303, irq 11
1: Ext: GigabitEthernet0/0 : address is c08c.cafe.7307, irq 10
2: Ext: GigabitEthernet0/1 : address is c08c.cafe.7304, irq 10
3: Ext: GigabitEthernet0/2 : address is c08c.cafe.7308, irq 5
4: Ext: GigabitEthernet0/3 : address is c08c.cafe.7305, irq 5
5: Ext: GigabitEthernet0/4 : address is c08c.cafe.7309, irq 10
6: Ext: GigabitEthernet0/5 : address is c08c.cafe.7306, irq 10
7: Int: Internal-Data0/1 : address is 0000.0001.0002, irq 0
8: Int: Internal-Control0/0 : address is 0000.0001.0001, irq 0
9: Int: Internal-Data0/2 : address is 0000.0001.0003, irq 0
10: Ext: Management0/0 : address is c08c.cafe.7303, irq 0
11: Int: Internal-Data0/3 : address is 0000.0100.0001, irq 0
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 50 perpetual
Inside Hosts : Unlimited perpetual
Failover : Disabled perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Security Contexts : 2 perpetual
Carrier : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 250 perpetual
Total VPN Peers : 250 perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
Shared License : Disabled perpetual
Total TLS Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
IPS Module : Disabled perpetual
Cluster : Disabled perpetual
This platform has a Base license.
Serial Number: FCH17AAAAAA
Running Permanent Activation Key: 0x12345678 0x9f012345 0x00000000 0x11111111 0x22222222\x20
Configuration register is 0x1
Image type : Release
Key version : A
Configuration has not been modified since last system restart.
\rLAB-ASA12-Oxidized-IPv6# \x20
show inventory: |-
show inventory
Name: \"Chassis\", DESCR: \"ASA 5512-X with SW, 6 GE Data, 1 GE Mgmt, AC\"
PID: ASA5512 , VID: V01 , SN: FGL17AAAAAA
\rLAB-ASA12-Oxidized-IPv6#\x20
'more system:running-config': |-
more system:running-config
: Saved
:\x20
: Serial Number: FCH17AAAAAA
: Hardware: ASA5512, 4096 MB RAM, CPU Clarkdale 2800 MHz, 1 CPU (2 cores)
: Written by oxidzed at 20:03:32.236 CEST Mon Oct 21 2024
!
ASA Version 9.12(4)67\x20
!
hostname LAB-ASA12-Oxidized-IPv6
domain-name lab
enable password $sha512$5000$AAAAAAAAAABBBBBBBBBBCCCCCCCCCC pbkdf2
service-module 0 keepalive-timeout 4
service-module 0 keepalive-counter 6
service-module ips keepalive-timeout 4
service-module ips keepalive-counter 6
service-module cxsc keepalive-timeout 4
service-module cxsc keepalive-counter 6
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd AAAAAAAAAABBBBBBBBBBCCCCCCCCCC encrypted
names
no mac-address auto
!
interface GigabitEthernet0/0
nameif RZ
security-level 90
no ip address
ipv6 address 2001:db8:0000:4200::12/64
ipv6 nd suppress-ra
!
interface GigabitEthernet0/1
nameif WAN
security-level 10
no ip address
ipv6 address 2001:db8:0000:4203::12/64
ipv6 nd suppress-ra
!
interface GigabitEthernet0/2
description IPv4 DMZ NAT64
nameif NAT64
security-level 95
ip address 10.42.1.2 255.255.255.240\x20
!
interface GigabitEthernet0/3
description Oxidized
nameif OXIDIZED
security-level 20
no ip address
ipv6 address 2001:db8:0000:4201::12/64
!
interface GigabitEthernet0/4
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/5
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
description Management
management-only
nameif management
security-level 100
ip address 10.42.2.12 255.255.255.0\x20
!
banner motd .
banner motd Sample asa configuration with single context
banner motd Provided by @robertcheramy
banner motd .
boot system disk0:/asa9-12-4-67-smp-k8.bin
ftp mode passive
clock timezone MET 1
clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 2:00
dns server-group DefaultDNS
domain-name oxidized
object network OXIDIZED
subnet 10.42.3.64 255.255.255.224
object network ROCKS
host 2001:db8:0000:4202::4:4
object network SOME_OBJECT
host 10.42.0.12
pager lines 24
logging enable
logging buffer-size 65000
logging monitor debugging
logging buffered notifications
mtu RZ 1500
mtu WAN 1500
mtu NAT64 1500
mtu OXIDIZED 1500
mtu management 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
arp rate-limit 8192
ipv6 route WAN 2001:db8:0000:4200::/56 2001:db8:0000:4203::801
ipv6 route WAN 2001:db8:0000:4203::/64 2001:db8:0000:4203::801
aaa-server TACACS protocol tacacs+
aaa-server TACACS (management) host 10.42.0.12
key AAAAAAAAAABBBBBBBBBBCCCCCCCCCC
aaa-server TACACS (management) host 10.42.0.13
key AAAAAAAAAABBBBBBBBBBCCCCCCCCCC
user-identity default-domain LOCAL
aaa authentication http console TACACS LOCAL
aaa authentication enable console TACACS LOCAL
aaa authentication serial console TACACS LOCAL
aaa authentication ssh console TACACS LOCAL
aaa authentication telnet console TACACS LOCAL
aaa authentication login-history
no snmp-server location
no snmp-server contact
ssh scopy enable
ssh stricthostkeycheck
ssh timeout 60
ssh version 2
ssh 10.42.0.0 255.255.0.0 management
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 10.42.42.11 source management prefer
username oxidized password $sha512$5000$AAAAAAAAAABBBBBBBBBBCCCCCCCCCC== pbkdf2
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
no tcp-inspection
policy-map global_policy
class inspection_default
inspect dns preset_dns_map\x20
inspect ftp\x20
inspect h323 h225\x20
inspect h323 ras\x20
inspect ip-options\x20
inspect netbios\x20
inspect rsh\x20
inspect rtsp\x20
inspect skinny \x20
inspect esmtp\x20
inspect sqlnet\x20
inspect sunrpc\x20
inspect tftp\x20
inspect sip \x20
inspect xdmcp\x20
inspect icmp\x20
!
service-policy global_policy global
prompt hostname context\x20
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly 1
subscribe-to-alert-group configuration periodic monthly 1
subscribe-to-alert-group telemetry periodic daily
password encryption aes
Cryptochecksum:dddddddddffffffffffffffeeeeeeeee
: end
\rLAB-ASA12-Oxidized-IPv6# \x20
exit: |-
oxidized_output: |
!\x20
! Cisco Adaptive Security Appliance Software Version 9.12(4)67\x20
! SSP Operating System Version 2.6(1.272)
!\x20
! Compiled on Thu 14-Mar-24 18:01 GMT by builders
! System image file is \"disk0:/asa9-12-4-67-smp-k8.bin\"
! Config file at boot was \"startup-config\"
!\x20
!\x20
! Hardware: ASA5512, 4096 MB RAM, CPU Clarkdale 2800 MHz, 1 CPU (2 cores)
! ASA: 1666 MB RAM, 1 CPU (1 core)
! Internal ATA Compact Flash, 4096MB
! BIOS Flash MX25EEEEEE @ 0xffbb0000, 8192KB
!\x20
! Encryption hardware device : Cisco ASA Crypto on-board accelerator (revision 0x1)
! Boot microcode : CNPx-MC-BOOT-2.00
! SSL/IKE microcode : CNPx-MC-SSL-SB-PLUS-0005
! IPSec microcode : CNPx-MC-IPSEC-MAIN-0026
! Number of accelerators: 1
! Baseboard Management Controller (revision 0x1) Firmware Version: 2.4
!\x20
!\x20
! 0: Int: Internal-Data0/0 : address is c08c.cafe.7303, irq 11
! 1: Ext: GigabitEthernet0/0 : address is c08c.cafe.7307, irq 10
! 2: Ext: GigabitEthernet0/1 : address is c08c.cafe.7304, irq 10
! 3: Ext: GigabitEthernet0/2 : address is c08c.cafe.7308, irq 5
! 4: Ext: GigabitEthernet0/3 : address is c08c.cafe.7305, irq 5
! 5: Ext: GigabitEthernet0/4 : address is c08c.cafe.7309, irq 10
! 6: Ext: GigabitEthernet0/5 : address is c08c.cafe.7306, irq 10
! 7: Int: Internal-Data0/1 : address is 0000.0001.0002, irq 0
! 8: Int: Internal-Control0/0 : address is 0000.0001.0001, irq 0
! 9: Int: Internal-Data0/2 : address is 0000.0001.0003, irq 0
! 10: Ext: Management0/0 : address is c08c.cafe.7303, irq 0
! 11: Int: Internal-Data0/3 : address is 0000.0100.0001, irq 0
!\x20
! Licensed features for this platform:
! Maximum Physical Interfaces : Unlimited perpetual
! Maximum VLANs : 50 perpetual
! Inside Hosts : Unlimited perpetual
! Failover : Disabled perpetual
! Encryption-DES : Enabled perpetual
! Encryption-3DES-AES : Enabled perpetual
! Security Contexts : 2 perpetual
! Carrier : Disabled perpetual
! AnyConnect Premium Peers : 2 perpetual
! AnyConnect Essentials : Disabled perpetual
! Other VPN Peers : 250 perpetual
! Total VPN Peers : 250 perpetual
! AnyConnect for Mobile : Disabled perpetual
! AnyConnect for Cisco VPN Phone : Disabled perpetual
! Advanced Endpoint Assessment : Disabled perpetual
! Shared License : Disabled perpetual
! Total TLS Proxy Sessions : 2 perpetual
! Botnet Traffic Filter : Disabled perpetual
! IPS Module : Disabled perpetual
! Cluster : Disabled perpetual
!\x20
! This platform has a Base license.
!\x20
! Serial Number: FCH17AAAAAA
! Running Permanent Activation Key: 0x12345678 0x9f012345 0x00000000 0x11111111 0x22222222\x20
! Configuration register is 0x1
!\x20
! Image type : Release
! Key version : A
!\x20
! Name: \"Chassis\", DESCR: \"ASA 5512-X with SW, 6 GE Data, 1 GE Mgmt, AC\"
! PID: ASA5512 , VID: V01 , SN: FGL17AAAAAA
!\x20
!
ASA Version 9.12(4)67\x20
!
hostname LAB-ASA12-Oxidized-IPv6
domain-name lab
enable password $sha512$5000$AAAAAAAAAABBBBBBBBBBCCCCCCCCCC pbkdf2
service-module 0 keepalive-timeout 4
service-module 0 keepalive-counter 6
service-module ips keepalive-timeout 4
service-module ips keepalive-counter 6
service-module cxsc keepalive-timeout 4
service-module cxsc keepalive-counter 6
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd AAAAAAAAAABBBBBBBBBBCCCCCCCCCC encrypted
names
no mac-address auto
!
interface GigabitEthernet0/0
nameif RZ
security-level 90
no ip address
ipv6 address 2001:db8:0000:4200::12/64
ipv6 nd suppress-ra
!
interface GigabitEthernet0/1
nameif WAN
security-level 10
no ip address
ipv6 address 2001:db8:0000:4203::12/64
ipv6 nd suppress-ra
!
interface GigabitEthernet0/2
description IPv4 DMZ NAT64
nameif NAT64
security-level 95
ip address 10.42.1.2 255.255.255.240\x20
!
interface GigabitEthernet0/3
description Oxidized
nameif OXIDIZED
security-level 20
no ip address
ipv6 address 2001:db8:0000:4201::12/64
!
interface GigabitEthernet0/4
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/5
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
description Management
management-only
nameif management
security-level 100
ip address 10.42.2.12 255.255.255.0\x20
!
banner motd .
banner motd Sample asa configuration with single context
banner motd Provided by @robertcheramy
banner motd .
boot system disk0:/asa9-12-4-67-smp-k8.bin
ftp mode passive
clock timezone MET 1
clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 2:00
dns server-group DefaultDNS
domain-name oxidized
object network OXIDIZED
subnet 10.42.3.64 255.255.255.224
object network ROCKS
host 2001:db8:0000:4202::4:4
object network SOME_OBJECT
host 10.42.0.12
pager lines 24
logging enable
logging buffer-size 65000
logging monitor debugging
logging buffered notifications
mtu RZ 1500
mtu WAN 1500
mtu NAT64 1500
mtu OXIDIZED 1500
mtu management 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
arp rate-limit 8192
ipv6 route WAN 2001:db8:0000:4200::/56 2001:db8:0000:4203::801
ipv6 route WAN 2001:db8:0000:4203::/64 2001:db8:0000:4203::801
aaa-server TACACS protocol tacacs+
aaa-server TACACS (management) host 10.42.0.12
key AAAAAAAAAABBBBBBBBBBCCCCCCCCCC
aaa-server TACACS (management) host 10.42.0.13
key AAAAAAAAAABBBBBBBBBBCCCCCCCCCC
user-identity default-domain LOCAL
aaa authentication http console TACACS LOCAL
aaa authentication enable console TACACS LOCAL
aaa authentication serial console TACACS LOCAL
aaa authentication ssh console TACACS LOCAL
aaa authentication telnet console TACACS LOCAL
aaa authentication login-history
no snmp-server location
no snmp-server contact
ssh scopy enable
ssh stricthostkeycheck
ssh timeout 60
ssh version 2
ssh 10.42.0.0 255.255.0.0 management
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 10.42.42.11 source management prefer
username oxidized password $sha512$5000$AAAAAAAAAABBBBBBBBBBCCCCCCCCCC== pbkdf2
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
no tcp-inspection
policy-map global_policy
class inspection_default
inspect dns preset_dns_map\x20
inspect ftp\x20
inspect h323 h225\x20
inspect h323 ras\x20
inspect ip-options\x20
inspect netbios\x20
inspect rsh\x20
inspect rtsp\x20
inspect skinny \x20
inspect esmtp\x20
inspect sqlnet\x20
inspect sunrpc\x20
inspect tftp\x20
inspect sip \x20
inspect xdmcp\x20
inspect icmp\x20
!
service-policy global_policy global
prompt hostname context\x20
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly 1
subscribe-to-alert-group configuration periodic monthly 1
subscribe-to-alert-group telemetry periodic daily
password encryption aes
Cryptochecksum:dddddddddffffffffffffffeeeeeeeee\n
# End of YAML