oxidized 0.31.0 → 0.32.0

data/examples/device-simulation/yaml/asa_5512_9.12-4-67_single-context.yaml

@@ -1,531 +0,0 @@
----
-init_prompt: |-
-  .
-  Sample asa configuration with single context
-  Provided by @robertcheramy
-  .
-  User oxidzed logged in to LAB-ASA12-Oxidized-IPv6
-  Logins over the last 91 days: 21.  Last login: 20:01:14 CEST Oct 21 2024 from 10.42.0.17
-  Failed logins since the last login: 0. \x20
-  Type help or '?' for a list of available commands.
-  \rLAB-ASA12-Oxidized-IPv6>\x20
-commands:
-  enable: |-
-    enable
-    Password: ******************
-    \rLAB-ASA12-Oxidized-IPv6#\x20
-  terminal pager 0: |-
-    terminal pager 0
-    \rLAB-ASA12-Oxidized-IPv6#\x20
-  show mode: |-
-    show mode
-    Security context mode: single\x20
-    \rLAB-ASA12-Oxidized-IPv6#\x20
-  show version: |-
-    show version
-    
-    Cisco Adaptive Security Appliance Software Version 9.12(4)67\x20
-    SSP Operating System Version 2.6(1.272)
-    
-    Compiled on Thu 14-Mar-24 18:01 GMT by builders
-    System image file is \"disk0:/asa9-12-4-67-smp-k8.bin\"
-    Config file at boot was \"startup-config\"
-    
-    LAB-ASA12-Oxidized-IPv6 up 173 days 16 hours
-    
-    Hardware:   ASA5512, 4096 MB RAM, CPU Clarkdale 2800 MHz, 1 CPU (2 cores)
-                ASA: 1666 MB RAM, 1 CPU (1 core)
-    Internal ATA Compact Flash, 4096MB
-    BIOS Flash MX25EEEEEE @ 0xffbb0000, 8192KB
-    
-    Encryption hardware device : Cisco ASA Crypto on-board accelerator (revision 0x1)
-                                 Boot microcode        : CNPx-MC-BOOT-2.00
-                                 SSL/IKE microcode     : CNPx-MC-SSL-SB-PLUS-0005
-                                 IPSec microcode       : CNPx-MC-IPSEC-MAIN-0026
-                                 Number of accelerators: 1
-    Baseboard Management Controller (revision 0x1) Firmware Version: 2.4
-    
-    
-     0: Int: Internal-Data0/0    : address is c08c.cafe.7303, irq 11
-     1: Ext: GigabitEthernet0/0  : address is c08c.cafe.7307, irq 10
-     2: Ext: GigabitEthernet0/1  : address is c08c.cafe.7304, irq 10
-     3: Ext: GigabitEthernet0/2  : address is c08c.cafe.7308, irq 5
-     4: Ext: GigabitEthernet0/3  : address is c08c.cafe.7305, irq 5
-     5: Ext: GigabitEthernet0/4  : address is c08c.cafe.7309, irq 10
-     6: Ext: GigabitEthernet0/5  : address is c08c.cafe.7306, irq 10
-     7: Int: Internal-Data0/1    : address is 0000.0001.0002, irq 0
-     8: Int: Internal-Control0/0 : address is 0000.0001.0001, irq 0
-     9: Int: Internal-Data0/2    : address is 0000.0001.0003, irq 0
-    10: Ext: Management0/0       : address is c08c.cafe.7303, irq 0
-    11: Int: Internal-Data0/3    : address is 0000.0100.0001, irq 0
-    
-    Licensed features for this platform:
-    Maximum Physical Interfaces       : Unlimited      perpetual
-    Maximum VLANs                     : 50             perpetual
-    Inside Hosts                      : Unlimited      perpetual
-    Failover                          : Disabled       perpetual
-    Encryption-DES                    : Enabled        perpetual
-    Encryption-3DES-AES               : Enabled        perpetual
-    Security Contexts                 : 2              perpetual
-    Carrier                           : Disabled       perpetual
-    AnyConnect Premium Peers          : 2              perpetual
-    AnyConnect Essentials             : Disabled       perpetual
-    Other VPN Peers                   : 250            perpetual
-    Total VPN Peers                   : 250            perpetual
-    AnyConnect for Mobile             : Disabled       perpetual
-    AnyConnect for Cisco VPN Phone    : Disabled       perpetual
-    Advanced Endpoint Assessment      : Disabled       perpetual
-    Shared License                    : Disabled       perpetual
-    Total TLS Proxy Sessions          : 2              perpetual
-    Botnet Traffic Filter             : Disabled       perpetual
-    IPS Module                        : Disabled       perpetual
-    Cluster                           : Disabled       perpetual
-    
-    This platform has a Base license.
-    
-    Serial Number: FCH17AAAAAA
-    Running Permanent Activation Key: 0x12345678 0x9f012345 0x00000000 0x11111111 0x22222222\x20
-    Configuration register is 0x1
-    
-    Image type          : Release
-    Key version         : A
-    
-    Configuration has not been modified since last system restart.
-    \rLAB-ASA12-Oxidized-IPv6#  \x20
-  show inventory: |-
-    show inventory
-    Name: \"Chassis\", DESCR: \"ASA 5512-X with SW, 6 GE Data, 1 GE Mgmt, AC\"
-    PID: ASA5512           , VID: V01     , SN: FGL17AAAAAA
-    
-    \rLAB-ASA12-Oxidized-IPv6#\x20
-  'more system:running-config': |-
-    more system:running-config
-    : Saved
-    
-    :\x20
-    : Serial Number: FCH17AAAAAA
-    : Hardware:   ASA5512, 4096 MB RAM, CPU Clarkdale 2800 MHz, 1 CPU (2 cores)
-    : Written by oxidzed at 20:03:32.236 CEST Mon Oct 21 2024
-    !
-    ASA Version 9.12(4)67\x20
-    !
-    hostname LAB-ASA12-Oxidized-IPv6
-    domain-name lab
-    enable password $sha512$5000$AAAAAAAAAABBBBBBBBBBCCCCCCCCCC pbkdf2
-    service-module 0 keepalive-timeout 4
-    service-module 0 keepalive-counter 6
-    service-module ips keepalive-timeout 4
-    service-module ips keepalive-counter 6
-    service-module cxsc keepalive-timeout 4
-    service-module cxsc keepalive-counter 6
-    xlate per-session deny tcp any4 any4
-    xlate per-session deny tcp any4 any6
-    xlate per-session deny tcp any6 any4
-    xlate per-session deny tcp any6 any6
-    xlate per-session deny udp any4 any4 eq domain
-    xlate per-session deny udp any4 any6 eq domain
-    xlate per-session deny udp any6 any4 eq domain
-    xlate per-session deny udp any6 any6 eq domain
-    passwd AAAAAAAAAABBBBBBBBBBCCCCCCCCCC encrypted
-    names
-    no mac-address auto
-    
-    !
-    interface GigabitEthernet0/0
-     nameif RZ
-     security-level 90
-     no ip address
-     ipv6 address 2001:db8:0000:4200::12/64
-     ipv6 nd suppress-ra
-    !
-    interface GigabitEthernet0/1
-     nameif WAN
-     security-level 10
-     no ip address
-     ipv6 address 2001:db8:0000:4203::12/64
-     ipv6 nd suppress-ra
-    !
-    interface GigabitEthernet0/2
-     description IPv4 DMZ NAT64
-     nameif NAT64
-     security-level 95
-     ip address 10.42.1.2 255.255.255.240\x20
-    !
-    interface GigabitEthernet0/3
-     description Oxidized
-     nameif OXIDIZED
-     security-level 20
-     no ip address
-     ipv6 address 2001:db8:0000:4201::12/64
-    !
-    interface GigabitEthernet0/4
-     shutdown
-     no nameif
-     no security-level
-     no ip address
-    !
-    interface GigabitEthernet0/5
-     shutdown
-     no nameif
-     no security-level
-     no ip address
-    !
-    interface Management0/0
-     description Management
-     management-only
-     nameif management
-     security-level 100
-     ip address 10.42.2.12 255.255.255.0\x20
-    !
-    banner motd .
-    banner motd Sample asa configuration with single context
-    banner motd Provided by @robertcheramy
-    banner motd .
-    boot system disk0:/asa9-12-4-67-smp-k8.bin
-    ftp mode passive
-    clock timezone MET 1
-    clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 2:00
-    dns server-group DefaultDNS
-     domain-name oxidized
-    object network OXIDIZED
-     subnet 10.42.3.64 255.255.255.224
-    object network ROCKS
-     host 2001:db8:0000:4202::4:4
-    object network SOME_OBJECT
-     host 10.42.0.12
-    pager lines 24
-    logging enable
-    logging buffer-size 65000
-    logging monitor debugging
-    logging buffered notifications
-    mtu RZ 1500
-    mtu WAN 1500
-    mtu NAT64 1500
-    mtu OXIDIZED 1500
-    mtu management 1500
-    icmp unreachable rate-limit 1 burst-size 1
-    no asdm history enable
-    arp timeout 14400
-    no arp permit-nonconnected
-    arp rate-limit 8192
-    ipv6 route WAN 2001:db8:0000:4200::/56 2001:db8:0000:4203::801
-    ipv6 route WAN 2001:db8:0000:4203::/64 2001:db8:0000:4203::801
-    aaa-server TACACS protocol tacacs+
-    aaa-server TACACS (management) host 10.42.0.12
-     key AAAAAAAAAABBBBBBBBBBCCCCCCCCCC
-    aaa-server TACACS (management) host 10.42.0.13
-     key AAAAAAAAAABBBBBBBBBBCCCCCCCCCC
-    user-identity default-domain LOCAL
-    aaa authentication http console TACACS LOCAL
-    aaa authentication enable console TACACS LOCAL
-    aaa authentication serial console TACACS LOCAL
-    aaa authentication ssh console TACACS LOCAL
-    aaa authentication telnet console TACACS LOCAL
-    aaa authentication login-history
-    no snmp-server location
-    no snmp-server contact
-    ssh scopy enable
-    ssh stricthostkeycheck
-    ssh timeout 60
-    ssh version 2
-    ssh 10.42.0.0 255.255.0.0 management
-    console timeout 0
-    threat-detection basic-threat
-    threat-detection statistics access-list
-    no threat-detection statistics tcp-intercept
-    ntp server 10.42.42.11 source management prefer
-    username oxidized password $sha512$5000$AAAAAAAAAABBBBBBBBBBCCCCCCCCCC== pbkdf2
-    !
-    class-map inspection_default
-     match default-inspection-traffic
-    !
-    !
-    policy-map type inspect dns preset_dns_map
-     parameters
-      message-length maximum client auto
-      message-length maximum 512
-      no tcp-inspection
-    policy-map global_policy
-     class inspection_default
-      inspect dns preset_dns_map\x20
-      inspect ftp\x20
-      inspect h323 h225\x20
-      inspect h323 ras\x20
-      inspect ip-options\x20
-      inspect netbios\x20
-      inspect rsh\x20
-      inspect rtsp\x20
-      inspect skinny \x20
-      inspect esmtp\x20
-      inspect sqlnet\x20
-      inspect sunrpc\x20
-      inspect tftp\x20
-      inspect sip \x20
-      inspect xdmcp\x20
-      inspect icmp\x20
-    !
-    service-policy global_policy global
-    prompt hostname context\x20
-    no call-home reporting anonymous
-    call-home
-     profile CiscoTAC-1
-      no active
-      destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
-      destination address email callhome@cisco.com
-      destination transport-method http
-      subscribe-to-alert-group diagnostic
-      subscribe-to-alert-group environment
-      subscribe-to-alert-group inventory periodic monthly 1
-      subscribe-to-alert-group configuration periodic monthly 1
-      subscribe-to-alert-group telemetry periodic daily
-    password encryption aes
-    Cryptochecksum:dddddddddffffffffffffffeeeeeeeee
-    : end
-    
-    \rLAB-ASA12-Oxidized-IPv6#     \x20
-  exit: |-
-oxidized_output: |
-  !\x20
-  ! Cisco Adaptive Security Appliance Software Version 9.12(4)67\x20
-  ! SSP Operating System Version 2.6(1.272)
-  !\x20
-  ! Compiled on Thu 14-Mar-24 18:01 GMT by builders
-  ! System image file is \"disk0:/asa9-12-4-67-smp-k8.bin\"
-  ! Config file at boot was \"startup-config\"
-  !\x20
-  !\x20
-  ! Hardware:   ASA5512, 4096 MB RAM, CPU Clarkdale 2800 MHz, 1 CPU (2 cores)
-  !             ASA: 1666 MB RAM, 1 CPU (1 core)
-  ! Internal ATA Compact Flash, 4096MB
-  ! BIOS Flash MX25EEEEEE @ 0xffbb0000, 8192KB
-  !\x20
-  ! Encryption hardware device : Cisco ASA Crypto on-board accelerator (revision 0x1)
-  !                              Boot microcode        : CNPx-MC-BOOT-2.00
-  !                              SSL/IKE microcode     : CNPx-MC-SSL-SB-PLUS-0005
-  !                              IPSec microcode       : CNPx-MC-IPSEC-MAIN-0026
-  !                              Number of accelerators: 1
-  ! Baseboard Management Controller (revision 0x1) Firmware Version: 2.4
-  !\x20
-  !\x20
-  !  0: Int: Internal-Data0/0    : address is c08c.cafe.7303, irq 11
-  !  1: Ext: GigabitEthernet0/0  : address is c08c.cafe.7307, irq 10
-  !  2: Ext: GigabitEthernet0/1  : address is c08c.cafe.7304, irq 10
-  !  3: Ext: GigabitEthernet0/2  : address is c08c.cafe.7308, irq 5
-  !  4: Ext: GigabitEthernet0/3  : address is c08c.cafe.7305, irq 5
-  !  5: Ext: GigabitEthernet0/4  : address is c08c.cafe.7309, irq 10
-  !  6: Ext: GigabitEthernet0/5  : address is c08c.cafe.7306, irq 10
-  !  7: Int: Internal-Data0/1    : address is 0000.0001.0002, irq 0
-  !  8: Int: Internal-Control0/0 : address is 0000.0001.0001, irq 0
-  !  9: Int: Internal-Data0/2    : address is 0000.0001.0003, irq 0
-  ! 10: Ext: Management0/0       : address is c08c.cafe.7303, irq 0
-  ! 11: Int: Internal-Data0/3    : address is 0000.0100.0001, irq 0
-  !\x20
-  ! Licensed features for this platform:
-  ! Maximum Physical Interfaces       : Unlimited      perpetual
-  ! Maximum VLANs                     : 50             perpetual
-  ! Inside Hosts                      : Unlimited      perpetual
-  ! Failover                          : Disabled       perpetual
-  ! Encryption-DES                    : Enabled        perpetual
-  ! Encryption-3DES-AES               : Enabled        perpetual
-  ! Security Contexts                 : 2              perpetual
-  ! Carrier                           : Disabled       perpetual
-  ! AnyConnect Premium Peers          : 2              perpetual
-  ! AnyConnect Essentials             : Disabled       perpetual
-  ! Other VPN Peers                   : 250            perpetual
-  ! Total VPN Peers                   : 250            perpetual
-  ! AnyConnect for Mobile             : Disabled       perpetual
-  ! AnyConnect for Cisco VPN Phone    : Disabled       perpetual
-  ! Advanced Endpoint Assessment      : Disabled       perpetual
-  ! Shared License                    : Disabled       perpetual
-  ! Total TLS Proxy Sessions          : 2              perpetual
-  ! Botnet Traffic Filter             : Disabled       perpetual
-  ! IPS Module                        : Disabled       perpetual
-  ! Cluster                           : Disabled       perpetual
-  !\x20
-  ! This platform has a Base license.
-  !\x20
-  ! Serial Number: FCH17AAAAAA
-  ! Running Permanent Activation Key: 0x12345678 0x9f012345 0x00000000 0x11111111 0x22222222\x20
-  ! Configuration register is 0x1
-  !\x20
-  ! Image type          : Release
-  ! Key version         : A
-  !\x20
-  ! Name: \"Chassis\", DESCR: \"ASA 5512-X with SW, 6 GE Data, 1 GE Mgmt, AC\"
-  ! PID: ASA5512           , VID: V01     , SN: FGL17AAAAAA
-  !\x20
-  !
-  ASA Version 9.12(4)67\x20
-  !
-  hostname LAB-ASA12-Oxidized-IPv6
-  domain-name lab
-  enable password $sha512$5000$AAAAAAAAAABBBBBBBBBBCCCCCCCCCC pbkdf2
-  service-module 0 keepalive-timeout 4
-  service-module 0 keepalive-counter 6
-  service-module ips keepalive-timeout 4
-  service-module ips keepalive-counter 6
-  service-module cxsc keepalive-timeout 4
-  service-module cxsc keepalive-counter 6
-  xlate per-session deny tcp any4 any4
-  xlate per-session deny tcp any4 any6
-  xlate per-session deny tcp any6 any4
-  xlate per-session deny tcp any6 any6
-  xlate per-session deny udp any4 any4 eq domain
-  xlate per-session deny udp any4 any6 eq domain
-  xlate per-session deny udp any6 any4 eq domain
-  xlate per-session deny udp any6 any6 eq domain
-  passwd AAAAAAAAAABBBBBBBBBBCCCCCCCCCC encrypted
-  names
-  no mac-address auto
-  
-  !
-  interface GigabitEthernet0/0
-   nameif RZ
-   security-level 90
-   no ip address
-   ipv6 address 2001:db8:0000:4200::12/64
-   ipv6 nd suppress-ra
-  !
-  interface GigabitEthernet0/1
-   nameif WAN
-   security-level 10
-   no ip address
-   ipv6 address 2001:db8:0000:4203::12/64
-   ipv6 nd suppress-ra
-  !
-  interface GigabitEthernet0/2
-   description IPv4 DMZ NAT64
-   nameif NAT64
-   security-level 95
-   ip address 10.42.1.2 255.255.255.240\x20
-  !
-  interface GigabitEthernet0/3
-   description Oxidized
-   nameif OXIDIZED
-   security-level 20
-   no ip address
-   ipv6 address 2001:db8:0000:4201::12/64
-  !
-  interface GigabitEthernet0/4
-   shutdown
-   no nameif
-   no security-level
-   no ip address
-  !
-  interface GigabitEthernet0/5
-   shutdown
-   no nameif
-   no security-level
-   no ip address
-  !
-  interface Management0/0
-   description Management
-   management-only
-   nameif management
-   security-level 100
-   ip address 10.42.2.12 255.255.255.0\x20
-  !
-  banner motd .
-  banner motd Sample asa configuration with single context
-  banner motd Provided by @robertcheramy
-  banner motd .
-  boot system disk0:/asa9-12-4-67-smp-k8.bin
-  ftp mode passive
-  clock timezone MET 1
-  clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 2:00
-  dns server-group DefaultDNS
-   domain-name oxidized
-  object network OXIDIZED
-   subnet 10.42.3.64 255.255.255.224
-  object network ROCKS
-   host 2001:db8:0000:4202::4:4
-  object network SOME_OBJECT
-   host 10.42.0.12
-  pager lines 24
-  logging enable
-  logging buffer-size 65000
-  logging monitor debugging
-  logging buffered notifications
-  mtu RZ 1500
-  mtu WAN 1500
-  mtu NAT64 1500
-  mtu OXIDIZED 1500
-  mtu management 1500
-  icmp unreachable rate-limit 1 burst-size 1
-  no asdm history enable
-  arp timeout 14400
-  no arp permit-nonconnected
-  arp rate-limit 8192
-  ipv6 route WAN 2001:db8:0000:4200::/56 2001:db8:0000:4203::801
-  ipv6 route WAN 2001:db8:0000:4203::/64 2001:db8:0000:4203::801
-  aaa-server TACACS protocol tacacs+
-  aaa-server TACACS (management) host 10.42.0.12
-   key AAAAAAAAAABBBBBBBBBBCCCCCCCCCC
-  aaa-server TACACS (management) host 10.42.0.13
-   key AAAAAAAAAABBBBBBBBBBCCCCCCCCCC
-  user-identity default-domain LOCAL
-  aaa authentication http console TACACS LOCAL
-  aaa authentication enable console TACACS LOCAL
-  aaa authentication serial console TACACS LOCAL
-  aaa authentication ssh console TACACS LOCAL
-  aaa authentication telnet console TACACS LOCAL
-  aaa authentication login-history
-  no snmp-server location
-  no snmp-server contact
-  ssh scopy enable
-  ssh stricthostkeycheck
-  ssh timeout 60
-  ssh version 2
-  ssh 10.42.0.0 255.255.0.0 management
-  console timeout 0
-  threat-detection basic-threat
-  threat-detection statistics access-list
-  no threat-detection statistics tcp-intercept
-  ntp server 10.42.42.11 source management prefer
-  username oxidized password $sha512$5000$AAAAAAAAAABBBBBBBBBBCCCCCCCCCC== pbkdf2
-  !
-  class-map inspection_default
-   match default-inspection-traffic
-  !
-  !
-  policy-map type inspect dns preset_dns_map
-   parameters
-    message-length maximum client auto
-    message-length maximum 512
-    no tcp-inspection
-  policy-map global_policy
-   class inspection_default
-    inspect dns preset_dns_map\x20
-    inspect ftp\x20
-    inspect h323 h225\x20
-    inspect h323 ras\x20
-    inspect ip-options\x20
-    inspect netbios\x20
-    inspect rsh\x20
-    inspect rtsp\x20
-    inspect skinny \x20
-    inspect esmtp\x20
-    inspect sqlnet\x20
-    inspect sunrpc\x20
-    inspect tftp\x20
-    inspect sip \x20
-    inspect xdmcp\x20
-    inspect icmp\x20
-  !
-  service-policy global_policy global
-  prompt hostname context\x20
-  no call-home reporting anonymous
-  call-home
-   profile CiscoTAC-1
-    no active
-    destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
-    destination address email callhome@cisco.com
-    destination transport-method http
-    subscribe-to-alert-group diagnostic
-    subscribe-to-alert-group environment
-    subscribe-to-alert-group inventory periodic monthly 1
-    subscribe-to-alert-group configuration periodic monthly 1
-    subscribe-to-alert-group telemetry periodic daily
-  password encryption aes
-  Cryptochecksum:dddddddddffffffffffffffeeeeeeeee\n
-# End of YAML