: Saved
:
ASA Version 8.0(3)6 
!
hostname ciscoasa
enable password 6HHtUL1ago7yLAWH encrypted
passwd cypLS0aJk1N1G8CD encrypted
names
name 192.168.1.3 TORLYS-LAN description Access to TORLYS Internal Network
name 192.168.1.5 TorlysIntranet description TORLYS Intranet Server
name 192.168.1.2 TorlysWebserver description TORLYS Dealer Online Webserver
name 193.168.1.2 Discovery-LAN description Discovery Room Router
name 10.0.0.44 ExchangeOWA-Inside description Exchange CAS (TORMX01)
name 209.x.x.0 outside-network
name 192.168.1.8 TorDealer description New Dealer Online vm
name 209.x.x.9 TorDealer-public description Public IP of new Dealer Online
name 10.11.0.10 TORSHORE-DIR description ShoreTel VOIP Director
name 10.11.0.11 TORSHORE-ECC description ShoreTel VOIP ECC
name 10.11.0.0 VLAN30 description 10.11.0.0 subnet for VOIP
name 209.x.x.6 DiscoveryLAN
name 192.168.1.10 Spam description SPAM
name 192.168.1.15 EdgeTransport description Exchange Edge Transport - (TORMX02)
name 216.x.x.48 outside-network-BELL
name 216.x.x.52 Intranet
name 216.x.x.53 HideBehindNAT
name 216.x.x.54 ExchangeSMTP-Public description Public IP for Exchange SMTP (to be TMG)
name 216.x.x.51 webserver
name 216.x.x.55 ExchangeOWA-Public description Public IP for Exchange OWA (to be TMG on 247)
name 216.x.x.57 TORSHORE-DIR-public
name 216.x.x.59 TORSHORE-ECC-public
name 10.0.0.47 TORBESAVA
name 10.0.0.0 Inside_Network
name 192.168.1.6 Temp_Webserver_Inside
name 216.x.x.60 Temp_Webserver_Outside
!
interface Vlan1
 nameif Inside
 security-level 100
 ip address 192.168.1.1 255.255.255.0 
 ospf cost 10
!
interface Vlan2
 description TORLYS Internet
 nameif outside-BELL
 security-level 0
 ip address 216.x.x.50 255.255.255.240 
 ospf cost 10
!
interface Vlan3
 description Discovery Room Wirless (no internal lan access)
 no forward interface Vlan1
 nameif DiscoveryRm
 security-level 100
 ip address 193.168.1.1 255.255.255.0 
!
interface Vlan13
 description BELL Internet Pipe
 shutdown
 no nameif
 security-level 0
 no ip address
!
interface Ethernet0/0
 switchport access vlan 2
 speed 100
 duplex full
!
interface Ethernet0/1
 switchport access vlan 13
 speed 100
 duplex full
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
 switchport access vlan 3
!
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
object-group protocol TCPUDP
 protocol-object udp
 protocol-object tcp
object-group service custom tcp
 description custom to 1048
 port-object eq 1048
object-group service DM_INLINE_TCP_2 tcp
 port-object eq www
 port-object eq https
object-group network DM_INLINE_NETWORK_1
 network-object host TORSHORE-DIR-public
 network-object host TORSHORE-ECC-public
object-group protocol DM_INLINE_PROTOCOL_1
 protocol-object udp
 protocol-object tcp
 protocol-object ip
 protocol-object icmp
object-group service DM_INLINE_TCP_1 tcp
 port-object eq www
 port-object eq https
object-group service DM_INLINE_TCP_3 tcp
 port-object eq www
 port-object eq https
access-list outside_access_in remark Web browsing to Dealer Online Website
access-list outside_access_in extended permit tcp any host webserver eq www log 
access-list outside_access_in remark TORLYS Intranet Browsing
access-list outside_access_in extended permit tcp any host Intranet eq www log 
access-list outside_access_in remark SQL comms btween TORLYS4 and TORSRV3
access-list outside_access_in extended permit tcp any host webserver eq 1048 log 
access-list outside_access_in remark Secure Channel for Dealer Online Security Certificate
access-list outside_access_in extended permit tcp any host webserver eq https log 
access-list outside_access_in remark Secure Channel to Intranet Server
access-list outside_access_in extended permit tcp any host Intranet eq https log 
access-list outside_access_in remark Terminal Service Port for B.C. Access
access-list outside_access_in extended permit tcp any host HideBehindNAT eq 3389 log 
access-list outside_access_in remark Exchange SMTP access
access-list outside_access_in extended permit tcp any host ExchangeSMTP-Public eq smtp log 
access-list outside_access_in remark Exchange OWA access
access-list outside_access_in extended permit tcp any host ExchangeOWA-Public object-group DM_INLINE_TCP_2 log 
access-list outside_access_in remark Ad-Aware Port Service
access-list outside_access_in extended permit tcp any host HideBehindNAT eq 10020 inactive 
access-list outside_access_in remark RDP access to ShoreTel servers for SmartIP during VOIP configuration / installation
access-list outside_access_in extended permit tcp any object-group DM_INLINE_NETWORK_1 eq 3389 log 
access-list inside_access_in extended permit tcp any eq ssh any inactive 
access-list outside-BELL_access_in extended permit ip any any 
access-list Inside_nat0_outbound extended permit ip Inside_Network 255.255.255.0 11.0.0.0 255.255.255.0 
access-list outside-BELL_1_cryptomap extended permit ip Inside_Network 255.255.255.0 11.0.0.0 255.255.255.0 
access-list outside-BELL_access_in_1 extended permit tcp any host webserver eq www 
access-list outside-BELL_access_in_1 extended permit tcp any host Intranet object-group DM_INLINE_TCP_1 
access-list outside-BELL_access_in_1 extended permit tcp any host webserver eq 1048 
access-list outside-BELL_access_in_1 extended permit tcp any host webserver eq https 
access-list outside-BELL_access_in_1 extended permit tcp any host HideBehindNAT eq 3389 
access-list outside-BELL_access_in_1 extended permit tcp any host ExchangeSMTP-Public eq smtp 
access-list outside-BELL_access_in_1 extended permit tcp any host ExchangeOWA-Public object-group DM_INLINE_TCP_3 
access-list outside-BELL_access_in_1 extended permit tcp any host TORSHORE-DIR-public eq 3389 
access-list outside-BELL_access_in_1 extended permit tcp any host TORSHORE-ECC-public eq 3389 
access-list outside-BELL_access_in_1 extended permit icmp any any time-exceeded 
access-list outside-BELL_access_in_1 extended permit icmp any any unreachable 
access-list outside-BELL_access_in_1 extended permit icmp host 209.115.235.210 host 216.x.x.50 
access-list Inside_access_in extended permit ip any any 
pager lines 24
logging enable
logging timestamp
logging trap notifications
logging asdm notifications
logging facility 22
logging device-id string ASA5505
logging host Inside TORBESAVA
mtu Inside 1500
mtu outside-BELL 1500
mtu DiscoveryRm 1500
ip verify reverse-path interface outside-BELL
icmp unreachable rate-limit 1 burst-size 1
icmp permit any Inside
icmp permit host 216.x.x.244 traceroute outside-BELL
asdm image disk0:/asdm-603.bin
no asdm history enable
arp timeout 14400
nat-control
global (outside-BELL) 1 interface
nat (Inside) 0 access-list Inside_nat0_outbound
nat (Inside) 0 0.0.0.0 0.0.0.0 outside
static (Inside,outside-BELL) webserver TorlysWebserver netmask 255.255.255.255 
static (Inside,outside-BELL) Intranet TorlysIntranet netmask 255.255.255.255 
static (Inside,outside-BELL) TorDealer-public TorDealer netmask 255.255.255.255 
static (Inside,outside-BELL) HideBehindNAT TORLYS-LAN netmask 255.255.255.255 
static (Inside,outside-BELL) ExchangeSMTP-Public EdgeTransport netmask 255.255.255.255 
static (Inside,outside-BELL) ExchangeOWA-Public ExchangeOWA-Inside netmask 255.255.255.255 
static (Inside,outside-BELL) TORSHORE-DIR-public TORSHORE-DIR netmask 255.255.255.255 
static (Inside,outside-BELL) TORSHORE-ECC-public TORSHORE-ECC netmask 255.255.255.255 
static (Inside,outside-BELL) Temp_Webserver_Outside Temp_Webserver_Inside netmask 255.255.255.255 
access-group Inside_access_in in interface Inside
access-group outside-BELL_access_in_1 in interface outside-BELL
route outside-BELL 0.0.0.0 0.0.0.0 216.x.x.49 1
route outside-BELL 0.0.0.0 0.0.0.0 209.x.x.1 2
route Inside Inside_Network 255.255.255.0 TORLYS-LAN 1
route Inside ExchangeOWA-Inside 255.255.255.255 TORLYS-LAN 1
route Inside TORBESAVA 255.255.255.255 TORLYS-LAN 1
route Inside VLAN30 255.255.0.0 TORLYS-LAN 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL 
http server enable
http 216.x.x.48 255.255.255.240 outside-BELL
http 192.168.1.0 255.255.255.0 Inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac 
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac 
crypto map outside-BELL_map 1 match address outside-BELL_1_cryptomap
crypto map outside-BELL_map 1 set pfs 
crypto map outside-BELL_map 1 set peer 205.x.x.210 
crypto map outside-BELL_map 1 set transform-set ESP-DES-SHA
crypto map outside-BELL_map interface outside-BELL
crypto isakmp enable outside-BELL
crypto isakmp policy 10
 authentication pre-share
 encryption des
 hash sha
 group 2
 lifetime 86400
telnet Inside_Network 255.255.255.0 Inside
telnet 192.168.1.0 255.255.255.0 Inside
telnet timeout 5
ssh Inside_Network 255.255.255.0 Inside
ssh 192.168.1.0 255.255.255.0 Inside
ssh timeout 5
console timeout 0
dhcpd address TorlysWebserver-192.168.1.33 Inside
!

threat-detection basic-threat
threat-detection scanning-threat
threat-detection statistics
ntp server 129.6.15.29 source outside-BELL
ntp server 129.6.15.28 source outside-BELL
username admin password hPu0LTSnr0krGq6T encrypted privilege 15
tunnel-group 205.x.x.210 type ipsec-l2l
tunnel-group 205.x.x.210 ipsec-attributes
 pre-shared-key *
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 4096
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map 
  inspect ftp 
  inspect h323 h225 
  inspect h323 ras 
  inspect rsh 
  inspect rtsp 
  inspect esmtp 
  inspect sqlnet 
  inspect skinny  
  inspect sunrpc 
  inspect xdmcp 
  inspect sip  
  inspect netbios 
  inspect tftp 
  inspect icmp 
!
service-policy global_policy global
prompt hostname context 
Cryptochecksum:6f4f40a598061e845926af9401b45d0e
: end
asdm image disk0:/asdm-603.bin
asdm location TorlysWebserver 255.255.255.255 Inside
asdm location TORLYS-LAN 255.255.255.255 Inside
asdm location TorlysIntranet 255.255.255.255 Inside
asdm location Discovery-LAN 255.255.255.255 Inside
asdm location ExchangeOWA-Inside 255.255.255.255 Inside
asdm location TorDealer 255.255.255.255 Inside
asdm location TORSHORE-DIR 255.255.255.255 Inside
asdm location TORSHORE-ECC 255.255.255.255 Inside
asdm location Spam 255.255.255.255 Inside
asdm location EdgeTransport 255.255.255.255 Inside
asdm location ExchangeSMTP-Public 255.255.255.255 Inside
asdm location ExchangeOWA-Public 255.255.255.255 Inside
asdm location TORBESAVA 255.255.255.255 Inside
asdm location Inside_Network 255.255.255.0 Inside
asdm location Temp_Webserver_Inside 255.255.255.255 Inside
asdm location Temp_Webserver_Outside 255.255.255.255 Inside
no asdm history enable