ASA Version 7.0(5) ! hostname ciscoasa domain-name default.domain.invalid enable password BXdBI/nCX9W8gnaT encrypted no names name 192.168.0.114 Consult name 192.168.102.0 DMZ name 192.168.0.213 Color name 192.168.0.117 Outer name 192.168.0.230 USA dns-guard ! interface Ethernet0/0 nameif Outside security-level 0 ip address x.x.x.37 255.255.255.248 ! interface Ethernet0/1 nameif Inside security-level 100 ip address 192.168.0.250 255.255.255.0 ! interface Ethernet0/2 nameif DMZ security-level 50 ip address 192.168.102.250 255.255.255.0 ! interface Management0/0 nameif management security-level 100 no ip address management-only ! ftp mode passive same-security-traffic permit intra-interface access-list tac extended permit ip any host 209.116.241.10 access-list tac extended permit ip host 209.116.241.10 any access-list out_to_inside extended permit tcp any host x.x.x.34 eq www access-list out_to_inside extended permit tcp any host x.x.x.34 eq 8080 access-list out_to_inside extended permit tcp any host x.x.x.34 eq 8383 access-list out_to_inside extended permit tcp any host x.x.x.34 eq smtp access-list out_to_inside extended permit tcp any host x.x.x.34 eq pop3 access-list out_to_inside extended permit tcp any host x.x.x.34 eq 3389 access-list out_to_inside extended permit tcp any host x.x.x.34 eq 13001 access-list out_to_inside extended permit icmp any any access-list out_to_inside extended permit tcp any host x.x.x.35 eq www access-list out_to_inside extended permit tcp any host x.x.x.38 eq www access-list out_to_inside extended permit tcp any host x.x.x.35 eq 8383 access-list out_to_inside extended permit tcp any host x.x.x.35 eq smtp access-list out_to_inside extended permit tcp any host x.x.x.35 eq pop3 access-list out_to_inside extended permit tcp any host x.x.x.36 eq pptp access-list out_to_inside extended permit gre any host x.x.x.36 access-list out_to_inside extended permit tcp any host x.x.x.36 eq 3389 access-list out_to_inside extended permit tcp any host x.x.x.36 eq 8080 access-list out_to_inside extended permit tcp any host x.x.x.38 eq 3389 access-list out_to_inside extended permit tcp any host x.x.x.36 eq www access-list Inside_nat0_outbound extended permit ip any 192.168.101.0 255.255.25 5.0 access-list Inside_nat0_outbound extended permit ip 192.168.0.0 255.255.255.0 19 2.168.11.0 255.255.255.0 access-list 102 standard permit 192.168.0.0 255.255.0.0 access-list Outside_cryptomap_20 extended permit ip 192.168.0.0 255.255.255.0 19 2.168.11.0 255.255.255.0 no pager logging enable logging timestamp logging buffered debugging logging trap informational logging asdm informational logging from-address blin@mvps.org logging recipient-address blin@mvps.org level errors logging host Outside x.x.x.37 logging host Inside 192.168.0.232 mtu Outside 1500 mtu Inside 1500 mtu DMZ 1500 mtu management 1500 ip local pool 101 192.168.101.1-192.168.101.254 mask 255.255.255.0 asdm image disk0:/asdm505.bin no asdm history enable arp timeout 14400 global (Outside) 10 interface nat (Inside) 0 access-list Inside_nat0_outbound nat (Inside) 10 0.0.0.0 0.0.0.0 nat (management) 10 0.0.0.0 0.0.0.0 static (Inside,Outside) x.x.x.34 192.168.0.213 netmask 255.255.255.255 dns static (Inside,Outside) x.x.x.35 192.168.0.114 netmask 255.255.255.255 dns static (Inside,Outside) x.x.x.38 192.168.0.117 netmask 255.255.255.255 dns static (Inside,Outside) x.x.x.36 192.168.0.230 netmask 255.255.255.255 access-group out_to_inside in interface Outside route Outside 0.0.0.0 0.0.0.0 x.x.x.33 1 route Inside 192.168.1.0 255.255.255.0 192.168.0.81 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute url-list Any "0" http://0.0.0.0 port-forward Telent telnet 192.168.0.250 telnet asa port-forward TS https 192.168.0.230 3389 data group-policy DfltGrpPolicy attributes banner none wins-server value 192.168.0.231 dns-server value 192.168.0.231 dhcp-network-scope none vpn-access-hours none vpn-simultaneous-logins 5 vpn-idle-timeout 30 vpn-session-timeout none vpn-filter none vpn-tunnel-protocol IPSec webvpn password-storage disable ip-comp disable re-xauth disable group-lock none pfs disable ipsec-udp disable ipsec-udp-port 10000 split-tunnel-policy tunnelspecified split-tunnel-network-list value 102 default-domain none split-dns none secure-unit-authentication disable user-authentication disable user-authentication-idle-timeout 30 ip-phone-bypass disable leap-bypass disable nem disable backup-servers keep-client-config client-firewall none client-access-rule none webvpn functions url-entry port-forward value TS port-forward-name value Application Access group-policy Webvpn internal group-policy Webvpn attributes vpn-tunnel-protocol IPSec webvpn webvpn functions url-entry file-access file-entry file-browsing port-forward filter vpn-group-policy DfltGrpPolicy webvpn username blin password xxxx encrypted privilege 15 username blin attributes vpn-group-policy DfltGrpPolicy webvpn http server enable http 192.168.0.0 255.255.255.0 Inside http 192.168.1.0 255.255.255.0 management no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto dynamic-map Outside_dyn_map 20 set transform-set ESP-3DES-SHA crypto map Outside_map 20 match address Outside_cryptomap_20 crypto map Outside_map 20 set peer x.x.x.106 crypto map Outside_map 20 set transform-set ESP-3DES-MD5 crypto map Outside_map 65535 ipsec-isakmp dynamic Outside_dyn_map crypto map Outside_map interface Outside isakmp identity address isakmp enable Outside isakmp policy 1 authentication pre-share isakmp policy 1 encryption 3des isakmp policy 1 hash md5 isakmp policy 1 group 2 isakmp policy 1 lifetime 86400 isakmp policy 10 authentication pre-share isakmp policy 10 encryption 3des isakmp policy 10 hash sha isakmp policy 10 group 2 isakmp policy 10 lifetime 86400 isakmp policy 30 authentication pre-share isakmp policy 30 encryption 3des isakmp policy 30 hash md5 isakmp policy 30 group 1 isakmp policy 30 lifetime 86400 isakmp nat-traversal 20 tunnel-group DefaultRAGroup general-attributes default-group-policy Webvpn tunnel-group PPTPVPN type ipsec-ra tunnel-group PPTPVPN general-attributes address-pool 101 tunnel-group PPTPVPN ipsec-attributes pre-shared-key * tunnel-group 206.81.53.106 type ipsec-l2l tunnel-group 206.81.53.106 ipsec-attributes pre-shared-key * telnet 192.168.0.0 255.255.255.0 Inside telnet timeout 10 console timeout 0 management-access Inside dhcpd lease 3600 dhcpd ping_timeout 50 ! class-map inspection_default match default-inspection-traffic ! ! policy-map global_policy class inspection_default inspect dns maximum-length 512 inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect icmp