ASAHome# show run : Saved : : Serial Number: JMX1302L1QL : Hardware: ASA5510, 1024 MB RAM, CPU Pentium 4 Celeron 1600 MHz : ASA Version 9.1(6) ! hostname ASAHome domain-name twinkie710.ddns.net enable password 7rhyV6SC2srI9RYo encrypted xlate per-session deny tcp any4 any4 xlate per-session deny tcp any4 any6 xlate per-session deny tcp any6 any4 xlate per-session deny tcp any6 any6 xlate per-session deny udp any4 any4 eq domain xlate per-session deny udp any4 any6 eq domain xlate per-session deny udp any6 any4 eq domain xlate per-session deny udp any6 any6 eq domain passwd 2KFQnbNIdI.2KYOU encrypted names ip local pool VPNUsers 192.168.11.10-192.168.11.50 mask 255.255.255.192 ! interface Ethernet0/0 nameif outside security-level 0 ip address dhcp setroute ! interface Ethernet0/1 nameif inside security-level 100 ip address 192.168.10.1 255.255.255.0 ! interface Ethernet0/2 nameif DMZ security-level 50 ip address 192.168.12.1 255.255.255.240 ! interface Ethernet0/3 shutdown no nameif no security-level no ip address ! interface Management0/0 management-only nameif management security-level 100 ip address 192.168.9.1 255.255.255.252 ! boot system disk1:/asa916-k8.bin ftp mode passive clock timezone CST -6 clock summer-time CDT recurring dns server-group DefaultDNS name-server 192.168.10.15 name-server 8.8.8.8 name-server 4.2.2.2 name-server 8.8.4.4 domain-name twinkie710.ddns.net same-security-traffic permit inter-interface same-security-traffic permit intra-interface object network inside-subnet subnet 192.168.10.0 255.255.255.0 object network dmz-subnet subnet 192.168.12.0 255.255.255.240 object network webserver host 192.168.12.2 object network dns-server host 192.168.10.15 object network LAN subnet 192.168.10.0 255.255.255.0 object network DMZ subnet 192.168.12.0 255.255.255.240 object network VPNPOOL subnet 192.168.11.0 255.255.255.192 object network webserver-HTTP host 192.168.12.2 object network webserver-HTTPS host 192.168.12.2 access-list dmz_acl extended permit udp any object dns-server eq domain access-list dmz_acl extended permit ip any object inside-subnet access-list dmz_acl extended permit ip any any pager lines 24 logging enable logging asdm informational mtu outside 1500 mtu inside 1500 mtu management 1500 mtu DMZ 1500 icmp unreachable rate-limit 1 burst-size 1 icmp deny any outside asdm image disk0:/asdm-751.bin asdm history enable arp timeout 14400 no arp permit-nonconnected nat (inside,outside) source static inside-subnet inside-subnet destination static VPNPOOL VPNPOOL no-proxy-arp route-lookup ! object network inside-subnet nat (inside,outside) dynamic interface object network webserver-HTTP nat (DMZ,outside) static interface service tcp www www ! nat (outside,outside) after-auto source dynamic VPNPOOL interface nat (DMZ,outside) after-auto source dynamic any interface access-group dmz_acl in interface DMZ route outside 0.0.0.0 0.0.0.0 68.102.208.1 1 timeout xlate 3:00:00 timeout pat-xlate 0:00:30 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 dynamic-access-policy-record DfltAccessPolicy user-identity default-domain LOCAL aaa authentication ssh console LOCAL http server enable http 192.168.10.0 255.255.255.0 inside snmp-server group Admins v3 priv snmp-server host inside 192.168.10.11 community ***** snmp-server host inside 192.168.10.12 community ***** snmp-server host inside 192.168.10.2 community ***** snmp-server location Office snmp-server contact Jonathan snmp-server community ***** snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac crypto ipsec ikev2 ipsec-proposal DES protocol esp encryption des protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal 3DES protocol esp encryption 3des protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES protocol esp encryption aes protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES192 protocol esp encryption aes-192 protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES256 protocol esp encryption aes-256 protocol esp integrity sha-1 md5 crypto ipsec security-association pmtu-aging infinite crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1 crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP crypto map outside_map interface outside crypto map DMZ_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP crypto map DMZ_map interface DMZ crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP crypto map inside_map interface inside crypto ca trustpool policy crypto ikev2 policy 1 encryption aes-256 integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 10 encryption aes-192 integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 20 encryption aes integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 30 encryption 3des integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 40 encryption des integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 enable outside client-services port 443 crypto ikev1 enable outside crypto ikev1 enable inside crypto ikev1 enable DMZ crypto ikev1 policy 10 authentication crack encryption aes-256 hash sha group 2 lifetime 86400 crypto ikev1 policy 20 authentication rsa-sig encryption aes-256 hash sha group 2 lifetime 86400 crypto ikev1 policy 30 authentication pre-share encryption aes-256 hash sha group 2 lifetime 86400 crypto ikev1 policy 40 authentication crack encryption aes-192 hash sha group 2 lifetime 86400 crypto ikev1 policy 50 authentication rsa-sig encryption aes-192 hash sha group 2 lifetime 86400 crypto ikev1 policy 60 authentication pre-share encryption aes-192 hash sha group 2 lifetime 86400 crypto ikev1 policy 70 authentication crack encryption aes hash sha group 2 lifetime 86400 crypto ikev1 policy 80 authentication rsa-sig encryption aes hash sha group 2 lifetime 86400 crypto ikev1 policy 90 authentication pre-share encryption aes hash sha group 2 lifetime 86400 crypto ikev1 policy 100 authentication crack encryption 3des hash sha group 2 lifetime 86400 crypto ikev1 policy 110 authentication rsa-sig encryption 3des hash sha group 2 lifetime 86400 crypto ikev1 policy 120 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 crypto ikev1 policy 130 authentication crack encryption des hash sha group 2 lifetime 86400 crypto ikev1 policy 140 authentication rsa-sig encryption des hash sha group 2 lifetime 86400 crypto ikev1 policy 150 authentication pre-share encryption des hash sha group 2 lifetime 86400 telnet timeout 5 ssh stricthostkeycheck ssh 192.168.10.0 255.255.255.0 inside ssh timeout 5 ssh version 2 ssh key-exchange group dh-group1-sha1 console timeout 0 management-access management dhcpd address 192.168.10.50-192.168.10.200 inside dhcpd dns 192.168.10.15 interface inside dhcpd domain twinkie710.ddns.net interface inside dhcpd enable inside ! threat-detection basic-threat threat-detection statistics threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200 ntp server 38.229.71.1 source outside ntp server 209.208.79.69 source outside ntp server 108.59.2.24 source outside ntp server 45.79.111.114 source outside prefer group-policy VPN_Users internal group-policy VPN_Users attributes dns-server value 192.168.10.15 8.8.8.8 vpn-tunnel-protocol ikev1 split-tunnel-policy tunnelall default-domain value twinkie710.ddns.net split-tunnel-all-dns enable username woodjl1650 password IYD1wu7sEjGmHAyj encrypted privilege 15 tunnel-group VPN_Users type remote-access tunnel-group VPN_Users general-attributes address-pool VPNUsers default-group-policy VPN_Users tunnel-group VPN_Users ipsec-attributes ikev1 pre-shared-key ***** ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect ip-options inspect icmp class class-default user-statistics accounting ! service-policy global_policy global prompt hostname context no call-home reporting anonymous call-home profile CiscoTAC-1 no active destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address email callhome@cisco.com destination transport-method http subscribe-to-alert-group diagnostic subscribe-to-alert-group environment subscribe-to-alert-group inventory periodic monthly subscribe-to-alert-group configuration periodic monthly subscribe-to-alert-group telemetry periodic daily hpm topN enable Cryptochecksum:27de83bc9d84d76da4583b5b79c32612 : end