Ever do configs in notepad? It is so much easier than just getting on the ASA/Router/Switch itself and doing it. I dont know why. I just find that if you know the cli pretty well, to me it seems easier to just write all the config out in notepad (cut and paste and modify mostly) and then cut and paste a final product into the device itself. Any thoughts on that? Here is what I have for tonight's config of an ASA:
config t
int vlan 2
no ip add
ip add 13.X.X.218 255.255.255.248
exit
no ip route 0.0.0.0 0.0.0.0 67.X.X.73
ip route 0.0.0.0 0.0.0.0 13.X.X.217
no static (inside,outside) tcp interface citrix-ica 192.168.168.209 citrix-ica netmask 255.255.255.255
no static (inside,outside) udp interface 1494 192.168.168.209 1494 netmask 255.255.255.255
no static (inside,outside) tcp interface https 192.168.168.209 https netmask 255.255.255.255
no static (inside,outside) tcp interface 1604 192.168.168.209 1604 netmask 255.255.255.255
no static (inside,outside) udp interface 1604 192.168.168.209 1604 netmask 255.255.255.255
no static (inside,outside) tcp interface pptp 192.168.168.250 pptp netmask 255.255.255.255
no static (inside,outside) tcp 67.X.X.76 3389 192.168.168.250 3389 netmask 255.255.255.255
no static (inside,outside) tcp interface 2067 192.168.168.49 2067 netmask 255.255.255.255
no static (inside,outside) 67.X.X.77 192.168.168.55 netmask 255.255.255.255
no static (inside,outside) 67.X.X.78 192.168.168.245 netmask 255.255.255.255
no access-list 101
access-list 101 extended permit tcp any host 13.X.X.218 eq citrix-ica
access-list 101 extended permit udp any host 13.X.X.218 eq 1494
access-list 101 extended permit tcp any host 13.X.X.218 eq https
access-list 101 extended permit tcp any host 13.X.X.218 eq 1604
access-list 101 extended permit udp any host 13.X.X.218 eq 1604
access-list 101 extended permit tcp any host 13.X.X.218 eq pptp
access-list 101 extended permit ip any host 13.X.X.220
access-list 101 extended permit tcp any host 13.X.X.219 eq 3389
access-list 101 extended permit ip any host 13.X.X.221
access-list 101 extended permit tcp any host 13.X.X.218 eq 2067
static (inside,outside) tcp interface citrix-ica 192.168.168.209 citrix-ica netmask 255.255.255.255
static (inside,outside) udp interface 1494 192.168.168.209 1494 netmask 255.255.255.255
static (inside,outside) tcp interface https 192.168.168.209 https netmask 255.255.255.255
static (inside,outside) tcp interface 1604 192.168.168.209 1604 netmask 255.255.255.255
static (inside,outside) udp interface 1604 192.168.168.209 1604 netmask 255.255.255.255
static (inside,outside) tcp interface pptp 192.168.168.250 pptp netmask 255.255.255.255
static (inside,outside) tcp 13.X.X.219 3389 192.168.168.250 3389 netmask 255.255.255.255
static (inside,outside) tcp interface 2067 192.168.168.49 2067 netmask 255.255.255.255
static (inside,outside) 13.X.X.220 192.168.168.55 netmask 255.255.255.255
static (inside,outside) 13.X.X.221 192.168.168.245 netmask 255.255.255.255
wr mem
exit
reload (The ASA will reboot after you type this in.)
Tomorrow, I should be able to just cut and paste this whole thing in all at once and be done with it quickly while onsite. Anyway, not much technical on this post, but I just thought it was a good note for tonight. Notepad can be a good thing sometimes.
