oxidized 0.30.1 → 0.31.0

data/examples/device-simulation/yaml/asa_5512_9.12-4-67_single-context.yaml

@@ -0,0 +1,531 @@
+---
+init_prompt: |-
+  .
+  Sample asa configuration with single context
+  Provided by @robertcheramy
+  .
+  User oxidzed logged in to LAB-ASA12-Oxidized-IPv6
+  Logins over the last 91 days: 21.  Last login: 20:01:14 CEST Oct 21 2024 from 10.42.0.17
+  Failed logins since the last login: 0. \x20
+  Type help or '?' for a list of available commands.
+  \rLAB-ASA12-Oxidized-IPv6>\x20
+commands:
+  enable: |-
+    enable
+    Password: ******************
+    \rLAB-ASA12-Oxidized-IPv6#\x20
+  terminal pager 0: |-
+    terminal pager 0
+    \rLAB-ASA12-Oxidized-IPv6#\x20
+  show mode: |-
+    show mode
+    Security context mode: single\x20
+    \rLAB-ASA12-Oxidized-IPv6#\x20
+  show version: |-
+    show version
+    
+    Cisco Adaptive Security Appliance Software Version 9.12(4)67\x20
+    SSP Operating System Version 2.6(1.272)
+    
+    Compiled on Thu 14-Mar-24 18:01 GMT by builders
+    System image file is \"disk0:/asa9-12-4-67-smp-k8.bin\"
+    Config file at boot was \"startup-config\"
+    
+    LAB-ASA12-Oxidized-IPv6 up 173 days 16 hours
+    
+    Hardware:   ASA5512, 4096 MB RAM, CPU Clarkdale 2800 MHz, 1 CPU (2 cores)
+                ASA: 1666 MB RAM, 1 CPU (1 core)
+    Internal ATA Compact Flash, 4096MB
+    BIOS Flash MX25EEEEEE @ 0xffbb0000, 8192KB
+    
+    Encryption hardware device : Cisco ASA Crypto on-board accelerator (revision 0x1)
+                                 Boot microcode        : CNPx-MC-BOOT-2.00
+                                 SSL/IKE microcode     : CNPx-MC-SSL-SB-PLUS-0005
+                                 IPSec microcode       : CNPx-MC-IPSEC-MAIN-0026
+                                 Number of accelerators: 1
+    Baseboard Management Controller (revision 0x1) Firmware Version: 2.4
+    
+    
+     0: Int: Internal-Data0/0    : address is c08c.cafe.7303, irq 11
+     1: Ext: GigabitEthernet0/0  : address is c08c.cafe.7307, irq 10
+     2: Ext: GigabitEthernet0/1  : address is c08c.cafe.7304, irq 10
+     3: Ext: GigabitEthernet0/2  : address is c08c.cafe.7308, irq 5
+     4: Ext: GigabitEthernet0/3  : address is c08c.cafe.7305, irq 5
+     5: Ext: GigabitEthernet0/4  : address is c08c.cafe.7309, irq 10
+     6: Ext: GigabitEthernet0/5  : address is c08c.cafe.7306, irq 10
+     7: Int: Internal-Data0/1    : address is 0000.0001.0002, irq 0
+     8: Int: Internal-Control0/0 : address is 0000.0001.0001, irq 0
+     9: Int: Internal-Data0/2    : address is 0000.0001.0003, irq 0
+    10: Ext: Management0/0       : address is c08c.cafe.7303, irq 0
+    11: Int: Internal-Data0/3    : address is 0000.0100.0001, irq 0
+    
+    Licensed features for this platform:
+    Maximum Physical Interfaces       : Unlimited      perpetual
+    Maximum VLANs                     : 50             perpetual
+    Inside Hosts                      : Unlimited      perpetual
+    Failover                          : Disabled       perpetual
+    Encryption-DES                    : Enabled        perpetual
+    Encryption-3DES-AES               : Enabled        perpetual
+    Security Contexts                 : 2              perpetual
+    Carrier                           : Disabled       perpetual
+    AnyConnect Premium Peers          : 2              perpetual
+    AnyConnect Essentials             : Disabled       perpetual
+    Other VPN Peers                   : 250            perpetual
+    Total VPN Peers                   : 250            perpetual
+    AnyConnect for Mobile             : Disabled       perpetual
+    AnyConnect for Cisco VPN Phone    : Disabled       perpetual
+    Advanced Endpoint Assessment      : Disabled       perpetual
+    Shared License                    : Disabled       perpetual
+    Total TLS Proxy Sessions          : 2              perpetual
+    Botnet Traffic Filter             : Disabled       perpetual
+    IPS Module                        : Disabled       perpetual
+    Cluster                           : Disabled       perpetual
+    
+    This platform has a Base license.
+    
+    Serial Number: FCH17AAAAAA
+    Running Permanent Activation Key: 0x12345678 0x9f012345 0x00000000 0x11111111 0x22222222\x20
+    Configuration register is 0x1
+    
+    Image type          : Release
+    Key version         : A
+    
+    Configuration has not been modified since last system restart.
+    \rLAB-ASA12-Oxidized-IPv6#  \x20
+  show inventory: |-
+    show inventory
+    Name: \"Chassis\", DESCR: \"ASA 5512-X with SW, 6 GE Data, 1 GE Mgmt, AC\"
+    PID: ASA5512           , VID: V01     , SN: FGL17AAAAAA
+    
+    \rLAB-ASA12-Oxidized-IPv6#\x20
+  'more system:running-config': |-
+    more system:running-config
+    : Saved
+    
+    :\x20
+    : Serial Number: FCH17AAAAAA
+    : Hardware:   ASA5512, 4096 MB RAM, CPU Clarkdale 2800 MHz, 1 CPU (2 cores)
+    : Written by oxidzed at 20:03:32.236 CEST Mon Oct 21 2024
+    !
+    ASA Version 9.12(4)67\x20
+    !
+    hostname LAB-ASA12-Oxidized-IPv6
+    domain-name lab
+    enable password $sha512$5000$AAAAAAAAAABBBBBBBBBBCCCCCCCCCC pbkdf2
+    service-module 0 keepalive-timeout 4
+    service-module 0 keepalive-counter 6
+    service-module ips keepalive-timeout 4
+    service-module ips keepalive-counter 6
+    service-module cxsc keepalive-timeout 4
+    service-module cxsc keepalive-counter 6
+    xlate per-session deny tcp any4 any4
+    xlate per-session deny tcp any4 any6
+    xlate per-session deny tcp any6 any4
+    xlate per-session deny tcp any6 any6
+    xlate per-session deny udp any4 any4 eq domain
+    xlate per-session deny udp any4 any6 eq domain
+    xlate per-session deny udp any6 any4 eq domain
+    xlate per-session deny udp any6 any6 eq domain
+    passwd AAAAAAAAAABBBBBBBBBBCCCCCCCCCC encrypted
+    names
+    no mac-address auto
+    
+    !
+    interface GigabitEthernet0/0
+     nameif RZ
+     security-level 90
+     no ip address
+     ipv6 address 2001:db8:0000:4200::12/64
+     ipv6 nd suppress-ra
+    !
+    interface GigabitEthernet0/1
+     nameif WAN
+     security-level 10
+     no ip address
+     ipv6 address 2001:db8:0000:4203::12/64
+     ipv6 nd suppress-ra
+    !
+    interface GigabitEthernet0/2
+     description IPv4 DMZ NAT64
+     nameif NAT64
+     security-level 95
+     ip address 10.42.1.2 255.255.255.240\x20
+    !
+    interface GigabitEthernet0/3
+     description Oxidized
+     nameif OXIDIZED
+     security-level 20
+     no ip address
+     ipv6 address 2001:db8:0000:4201::12/64
+    !
+    interface GigabitEthernet0/4
+     shutdown
+     no nameif
+     no security-level
+     no ip address
+    !
+    interface GigabitEthernet0/5
+     shutdown
+     no nameif
+     no security-level
+     no ip address
+    !
+    interface Management0/0
+     description Management
+     management-only
+     nameif management
+     security-level 100
+     ip address 10.42.2.12 255.255.255.0\x20
+    !
+    banner motd .
+    banner motd Sample asa configuration with single context
+    banner motd Provided by @robertcheramy
+    banner motd .
+    boot system disk0:/asa9-12-4-67-smp-k8.bin
+    ftp mode passive
+    clock timezone MET 1
+    clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 2:00
+    dns server-group DefaultDNS
+     domain-name oxidized
+    object network OXIDIZED
+     subnet 10.42.3.64 255.255.255.224
+    object network ROCKS
+     host 2001:db8:0000:4202::4:4
+    object network SOME_OBJECT
+     host 10.42.0.12
+    pager lines 24
+    logging enable
+    logging buffer-size 65000
+    logging monitor debugging
+    logging buffered notifications
+    mtu RZ 1500
+    mtu WAN 1500
+    mtu NAT64 1500
+    mtu OXIDIZED 1500
+    mtu management 1500
+    icmp unreachable rate-limit 1 burst-size 1
+    no asdm history enable
+    arp timeout 14400
+    no arp permit-nonconnected
+    arp rate-limit 8192
+    ipv6 route WAN 2001:db8:0000:4200::/56 2001:db8:0000:4203::801
+    ipv6 route WAN 2001:db8:0000:4203::/64 2001:db8:0000:4203::801
+    aaa-server TACACS protocol tacacs+
+    aaa-server TACACS (management) host 10.42.0.12
+     key AAAAAAAAAABBBBBBBBBBCCCCCCCCCC
+    aaa-server TACACS (management) host 10.42.0.13
+     key AAAAAAAAAABBBBBBBBBBCCCCCCCCCC
+    user-identity default-domain LOCAL
+    aaa authentication http console TACACS LOCAL
+    aaa authentication enable console TACACS LOCAL
+    aaa authentication serial console TACACS LOCAL
+    aaa authentication ssh console TACACS LOCAL
+    aaa authentication telnet console TACACS LOCAL
+    aaa authentication login-history
+    no snmp-server location
+    no snmp-server contact
+    ssh scopy enable
+    ssh stricthostkeycheck
+    ssh timeout 60
+    ssh version 2
+    ssh 10.42.0.0 255.255.0.0 management
+    console timeout 0
+    threat-detection basic-threat
+    threat-detection statistics access-list
+    no threat-detection statistics tcp-intercept
+    ntp server 10.42.42.11 source management prefer
+    username oxidized password $sha512$5000$AAAAAAAAAABBBBBBBBBBCCCCCCCCCC== pbkdf2
+    !
+    class-map inspection_default
+     match default-inspection-traffic
+    !
+    !
+    policy-map type inspect dns preset_dns_map
+     parameters
+      message-length maximum client auto
+      message-length maximum 512
+      no tcp-inspection
+    policy-map global_policy
+     class inspection_default
+      inspect dns preset_dns_map\x20
+      inspect ftp\x20
+      inspect h323 h225\x20
+      inspect h323 ras\x20
+      inspect ip-options\x20
+      inspect netbios\x20
+      inspect rsh\x20
+      inspect rtsp\x20
+      inspect skinny \x20
+      inspect esmtp\x20
+      inspect sqlnet\x20
+      inspect sunrpc\x20
+      inspect tftp\x20
+      inspect sip \x20
+      inspect xdmcp\x20
+      inspect icmp\x20
+    !
+    service-policy global_policy global
+    prompt hostname context\x20
+    no call-home reporting anonymous
+    call-home
+     profile CiscoTAC-1
+      no active
+      destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
+      destination address email callhome@cisco.com
+      destination transport-method http
+      subscribe-to-alert-group diagnostic
+      subscribe-to-alert-group environment
+      subscribe-to-alert-group inventory periodic monthly 1
+      subscribe-to-alert-group configuration periodic monthly 1
+      subscribe-to-alert-group telemetry periodic daily
+    password encryption aes
+    Cryptochecksum:dddddddddffffffffffffffeeeeeeeee
+    : end
+    
+    \rLAB-ASA12-Oxidized-IPv6#     \x20
+  exit: |-
+oxidized_output: |
+  !\x20
+  ! Cisco Adaptive Security Appliance Software Version 9.12(4)67\x20
+  ! SSP Operating System Version 2.6(1.272)
+  !\x20
+  ! Compiled on Thu 14-Mar-24 18:01 GMT by builders
+  ! System image file is \"disk0:/asa9-12-4-67-smp-k8.bin\"
+  ! Config file at boot was \"startup-config\"
+  !\x20
+  !\x20
+  ! Hardware:   ASA5512, 4096 MB RAM, CPU Clarkdale 2800 MHz, 1 CPU (2 cores)
+  !             ASA: 1666 MB RAM, 1 CPU (1 core)
+  ! Internal ATA Compact Flash, 4096MB
+  ! BIOS Flash MX25EEEEEE @ 0xffbb0000, 8192KB
+  !\x20
+  ! Encryption hardware device : Cisco ASA Crypto on-board accelerator (revision 0x1)
+  !                              Boot microcode        : CNPx-MC-BOOT-2.00
+  !                              SSL/IKE microcode     : CNPx-MC-SSL-SB-PLUS-0005
+  !                              IPSec microcode       : CNPx-MC-IPSEC-MAIN-0026
+  !                              Number of accelerators: 1
+  ! Baseboard Management Controller (revision 0x1) Firmware Version: 2.4
+  !\x20
+  !\x20
+  !  0: Int: Internal-Data0/0    : address is c08c.cafe.7303, irq 11
+  !  1: Ext: GigabitEthernet0/0  : address is c08c.cafe.7307, irq 10
+  !  2: Ext: GigabitEthernet0/1  : address is c08c.cafe.7304, irq 10
+  !  3: Ext: GigabitEthernet0/2  : address is c08c.cafe.7308, irq 5
+  !  4: Ext: GigabitEthernet0/3  : address is c08c.cafe.7305, irq 5
+  !  5: Ext: GigabitEthernet0/4  : address is c08c.cafe.7309, irq 10
+  !  6: Ext: GigabitEthernet0/5  : address is c08c.cafe.7306, irq 10
+  !  7: Int: Internal-Data0/1    : address is 0000.0001.0002, irq 0
+  !  8: Int: Internal-Control0/0 : address is 0000.0001.0001, irq 0
+  !  9: Int: Internal-Data0/2    : address is 0000.0001.0003, irq 0
+  ! 10: Ext: Management0/0       : address is c08c.cafe.7303, irq 0
+  ! 11: Int: Internal-Data0/3    : address is 0000.0100.0001, irq 0
+  !\x20
+  ! Licensed features for this platform:
+  ! Maximum Physical Interfaces       : Unlimited      perpetual
+  ! Maximum VLANs                     : 50             perpetual
+  ! Inside Hosts                      : Unlimited      perpetual
+  ! Failover                          : Disabled       perpetual
+  ! Encryption-DES                    : Enabled        perpetual
+  ! Encryption-3DES-AES               : Enabled        perpetual
+  ! Security Contexts                 : 2              perpetual
+  ! Carrier                           : Disabled       perpetual
+  ! AnyConnect Premium Peers          : 2              perpetual
+  ! AnyConnect Essentials             : Disabled       perpetual
+  ! Other VPN Peers                   : 250            perpetual
+  ! Total VPN Peers                   : 250            perpetual
+  ! AnyConnect for Mobile             : Disabled       perpetual
+  ! AnyConnect for Cisco VPN Phone    : Disabled       perpetual
+  ! Advanced Endpoint Assessment      : Disabled       perpetual
+  ! Shared License                    : Disabled       perpetual
+  ! Total TLS Proxy Sessions          : 2              perpetual
+  ! Botnet Traffic Filter             : Disabled       perpetual
+  ! IPS Module                        : Disabled       perpetual
+  ! Cluster                           : Disabled       perpetual
+  !\x20
+  ! This platform has a Base license.
+  !\x20
+  ! Serial Number: FCH17AAAAAA
+  ! Running Permanent Activation Key: 0x12345678 0x9f012345 0x00000000 0x11111111 0x22222222\x20
+  ! Configuration register is 0x1
+  !\x20
+  ! Image type          : Release
+  ! Key version         : A
+  !\x20
+  ! Name: \"Chassis\", DESCR: \"ASA 5512-X with SW, 6 GE Data, 1 GE Mgmt, AC\"
+  ! PID: ASA5512           , VID: V01     , SN: FGL17AAAAAA
+  !\x20
+  !
+  ASA Version 9.12(4)67\x20
+  !
+  hostname LAB-ASA12-Oxidized-IPv6
+  domain-name lab
+  enable password $sha512$5000$AAAAAAAAAABBBBBBBBBBCCCCCCCCCC pbkdf2
+  service-module 0 keepalive-timeout 4
+  service-module 0 keepalive-counter 6
+  service-module ips keepalive-timeout 4
+  service-module ips keepalive-counter 6
+  service-module cxsc keepalive-timeout 4
+  service-module cxsc keepalive-counter 6
+  xlate per-session deny tcp any4 any4
+  xlate per-session deny tcp any4 any6
+  xlate per-session deny tcp any6 any4
+  xlate per-session deny tcp any6 any6
+  xlate per-session deny udp any4 any4 eq domain
+  xlate per-session deny udp any4 any6 eq domain
+  xlate per-session deny udp any6 any4 eq domain
+  xlate per-session deny udp any6 any6 eq domain
+  passwd AAAAAAAAAABBBBBBBBBBCCCCCCCCCC encrypted
+  names
+  no mac-address auto
+  
+  !
+  interface GigabitEthernet0/0
+   nameif RZ
+   security-level 90
+   no ip address
+   ipv6 address 2001:db8:0000:4200::12/64
+   ipv6 nd suppress-ra
+  !
+  interface GigabitEthernet0/1
+   nameif WAN
+   security-level 10
+   no ip address
+   ipv6 address 2001:db8:0000:4203::12/64
+   ipv6 nd suppress-ra
+  !
+  interface GigabitEthernet0/2
+   description IPv4 DMZ NAT64
+   nameif NAT64
+   security-level 95
+   ip address 10.42.1.2 255.255.255.240\x20
+  !
+  interface GigabitEthernet0/3
+   description Oxidized
+   nameif OXIDIZED
+   security-level 20
+   no ip address
+   ipv6 address 2001:db8:0000:4201::12/64
+  !
+  interface GigabitEthernet0/4
+   shutdown
+   no nameif
+   no security-level
+   no ip address
+  !
+  interface GigabitEthernet0/5
+   shutdown
+   no nameif
+   no security-level
+   no ip address
+  !
+  interface Management0/0
+   description Management
+   management-only
+   nameif management
+   security-level 100
+   ip address 10.42.2.12 255.255.255.0\x20
+  !
+  banner motd .
+  banner motd Sample asa configuration with single context
+  banner motd Provided by @robertcheramy
+  banner motd .
+  boot system disk0:/asa9-12-4-67-smp-k8.bin
+  ftp mode passive
+  clock timezone MET 1
+  clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 2:00
+  dns server-group DefaultDNS
+   domain-name oxidized
+  object network OXIDIZED
+   subnet 10.42.3.64 255.255.255.224
+  object network ROCKS
+   host 2001:db8:0000:4202::4:4
+  object network SOME_OBJECT
+   host 10.42.0.12
+  pager lines 24
+  logging enable
+  logging buffer-size 65000
+  logging monitor debugging
+  logging buffered notifications
+  mtu RZ 1500
+  mtu WAN 1500
+  mtu NAT64 1500
+  mtu OXIDIZED 1500
+  mtu management 1500
+  icmp unreachable rate-limit 1 burst-size 1
+  no asdm history enable
+  arp timeout 14400
+  no arp permit-nonconnected
+  arp rate-limit 8192
+  ipv6 route WAN 2001:db8:0000:4200::/56 2001:db8:0000:4203::801
+  ipv6 route WAN 2001:db8:0000:4203::/64 2001:db8:0000:4203::801
+  aaa-server TACACS protocol tacacs+
+  aaa-server TACACS (management) host 10.42.0.12
+   key AAAAAAAAAABBBBBBBBBBCCCCCCCCCC
+  aaa-server TACACS (management) host 10.42.0.13
+   key AAAAAAAAAABBBBBBBBBBCCCCCCCCCC
+  user-identity default-domain LOCAL
+  aaa authentication http console TACACS LOCAL
+  aaa authentication enable console TACACS LOCAL
+  aaa authentication serial console TACACS LOCAL
+  aaa authentication ssh console TACACS LOCAL
+  aaa authentication telnet console TACACS LOCAL
+  aaa authentication login-history
+  no snmp-server location
+  no snmp-server contact
+  ssh scopy enable
+  ssh stricthostkeycheck
+  ssh timeout 60
+  ssh version 2
+  ssh 10.42.0.0 255.255.0.0 management
+  console timeout 0
+  threat-detection basic-threat
+  threat-detection statistics access-list
+  no threat-detection statistics tcp-intercept
+  ntp server 10.42.42.11 source management prefer
+  username oxidized password $sha512$5000$AAAAAAAAAABBBBBBBBBBCCCCCCCCCC== pbkdf2
+  !
+  class-map inspection_default
+   match default-inspection-traffic
+  !
+  !
+  policy-map type inspect dns preset_dns_map
+   parameters
+    message-length maximum client auto
+    message-length maximum 512
+    no tcp-inspection
+  policy-map global_policy
+   class inspection_default
+    inspect dns preset_dns_map\x20
+    inspect ftp\x20
+    inspect h323 h225\x20
+    inspect h323 ras\x20
+    inspect ip-options\x20
+    inspect netbios\x20
+    inspect rsh\x20
+    inspect rtsp\x20
+    inspect skinny \x20
+    inspect esmtp\x20
+    inspect sqlnet\x20
+    inspect sunrpc\x20
+    inspect tftp\x20
+    inspect sip \x20
+    inspect xdmcp\x20
+    inspect icmp\x20
+  !
+  service-policy global_policy global
+  prompt hostname context\x20
+  no call-home reporting anonymous
+  call-home
+   profile CiscoTAC-1
+    no active
+    destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
+    destination address email callhome@cisco.com
+    destination transport-method http
+    subscribe-to-alert-group diagnostic
+    subscribe-to-alert-group environment
+    subscribe-to-alert-group inventory periodic monthly 1
+    subscribe-to-alert-group configuration periodic monthly 1
+    subscribe-to-alert-group telemetry periodic daily
+  password encryption aes
+  Cryptochecksum:dddddddddffffffffffffffeeeeeeeee\n
+# End of YAML