CCSP/CCVP --ASA 5520配置例子

　　access-list POLICY extended permit tcp any object-group H_auth object-group TCP_client_auth access-list POLICY remark # # ntp

　　access-list POLICY extended permit tcp any object-group H_ntp_servers object-group tcp_ntp

　　access-list POLICY extended permit udp any object-group H_ntp_servers object-group udp_ntpaccess-list HIDING remark # this is a nat rule, only permit's are allowed

　　access-list HIDING extended permit ip object-group N_RFC1918 anyaccess-list IPS extended permit ip any any tcp-map mss

　　exceed-mss allow

　　!pager lines 22

　　logging enable

　　logging console critical

　　logging monitor errors

　　logging buffered critical

　　logging trap errors

　　logging facility 16

　　logging host secure 172.26.31.142

　　logging permit-hostdown

　　mtu inside_data 1500

　　mtu web 1500

　　mtu secure 1500

　　mtu sprint 1500

　　mtu outside 1500

　　ip verify reverse-path interface inside_data

　　ip verify reverse-path interface web

　　ip verify reverse-path interface secure

　　ip verify reverse-path interface sprint

　　ip verify reverse-path interface outside

　　asdm image disk0:/asdm502.bin

　　no asdm history enable

　　arp outside {mac-outside interface} {hiding IP)

　　arp timeout 14400

　　global outside 1 {hiding ip} netmask 255.255.255.0

　　nat (inside_data) 0 access-list NONAT

　　nat (inside_voice) 0 access-list NONAT