: Hardware: ASA5520, 2048 MB RAM, CPU Pentium 4 Celeron 2000 MHz : ASA Version 9.1(7)19 ! xlate per-session deny tcp any4 any4 xlate per-session deny tcp any4 any6 xlate per-session deny tcp any6 any4 xlate per-session deny tcp any6 any6 xlate per-session deny udp any4 any4 eq domain xlate per-session deny udp any4 any6 eq domain xlate per-session deny udp any6 any4 eq domain xlate per-session deny udp any6 any6 eq domain names ip local pool VPNPool 10.240.8.1-10.240.8.100 mask 255.255.255.0 ! interface GigabitEthernet0/0 description ASA OUT TO Suddenlink nameif outside security-level 0 ip address dhcp setroute ! interface GigabitEthernet0/1 no nameif no security-level no ip address ! interface GigabitEthernet0/2 no nameif no security-level no ip address ! interface GigabitEthernet0/2.16 description 3560G-Port24 vlan 16 nameif guest security-level 50 ip address 10.240.16.1 255.255.255.0 ! interface GigabitEthernet0/3 description 3560G-Port2 nameif inside security-level 100 ip address 10.240.10.2 255.255.255.0 ! interface Management0/0 management-only shutdown nameif management security-level 100 ip address 192.168.1.1 255.255.255.0 ! boot system disk0:/asa917-19-k8.bin ftp mode passive object network obj-10.250.10.0 subnet 10.250.10.0 255.255.255.0 object network obj_any subnet 0.0.0.0 0.0.0.0 object network obj-10.0 subnet 10.240.10.0 255.255.255.0 object network obj_guest subnet 10.240.16.0 255.255.255.0 object network NETWORK_OBJ_10.240.8.0_25 subnet 10.240.8.0 255.255.255.128 object network NETWORK_OBJ_10.250.10.0_24 subnet 10.250.10.0 255.255.255.0 object network HyperVHost host 10.240.10.10 object-group network Local_LAN network-object 10.240.10.0 255.255.255.0 network-object 10.240.12.0 255.255.255.0 network-object 10.240.14.0 255.255.255.0 object-group network DD_GC network-object 10.250.10.0 255.255.255.0 network-object 10.250.12.0 255.255.255.0 network-object 10.250.14.0 255.255.255.0 network-object 172.24.16.0 255.255.252.0 network-object 172.24.32.0 255.255.252.0 network-object 172.24.48.0 255.255.252.0 object-group network DM_INLINE_NETWORK_1 network-object 10.240.10.0 255.255.255.0 network-object 10.240.12.0 255.255.255.0 network-object 10.240.14.0 255.255.255.0 network-object 10.240.16.0 255.255.255.0 object-group network Rackspace network-object 172.24.16.0 255.255.252.0 network-object 172.24.32.0 255.255.252.0 network-object 172.24.48.0 255.255.252.0 access-list DD_GC extended permit ip object-group Local_LAN object-group DD_GC access-list nonat extended permit ip any4 object-group DD_GC access-list nonat extended permit ip any4 10.250.10.0 255.255.255.0 access-list nonat extended permit ip any object-group Rackspace access-list outside extended permit icmp any4 any4 access-list VPNUSERS_splitTunnelAcl standard permit 10.250.10.0 255.255.255.0 access-list outside_in extended permit tcp any host 10.240.10.10 eq 3310 access-list Rackspace extended permit ip object-group Local_LAN object-group Rackspace pager lines 24 logging enable logging asdm debugging mtu outside 1400 mtu guest 1500 mtu inside 1400 mtu management 1500 no failover icmp unreachable rate-limit 1 burst-size 1 icmp permit 10.240.0.0 255.255.0.0 inside icmp permit 10.250.0.0 255.255.0.0 inside asdm image disk0:/asdm-782.bin no asdm history enable arp timeout 14400 no arp permit-nonconnected nat (inside,any) source static any any destination static DD_GC DD_GC no-proxy-arp route-lookup nat (inside,any) source static any any destination static obj-10.250.10.0 obj-10.250.10.0 no-proxy-arp route-lookup nat (inside,outside) source static NETWORK_OBJ_10.250.10.0_24 NETWORK_OBJ_10.250.10.0_24 destination static NETWORK_OBJ_10.240.8.0_25 NETWORK_OBJ_10.240.8.0_25 no-proxy-arp route-lookup ! object network obj_any nat (inside,outside) dynamic interface object network obj_guest nat (guest,outside) dynamic interface access-group outside in interface outside route inside 10.240.14.0 255.255.255.0 10.240.10.1 1 timeout xlate 3:00:00 timeout pat-xlate 0:00:30 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 dynamic-access-policy-record DfltAccessPolicy aaa-server CiscoAuth protocol radius aaa-server CiscoAuth (inside) host 10.240.10.11 key ***** user-identity default-domain LOCAL aaa authentication ssh console LOCAL aaa authentication telnet console CiscoAuth LOCAL aaa authentication http console CiscoAuth LOCAL http server enable http server session-timeout 1440 http 192.168.1.0 255.255.255.0 management http 10.240.10.0 255.255.255.0 inside no snmp-server location no snmp-server contact crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac crypto ipsec security-association pmtu-aging infinite crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group5 crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 crypto map VPN 19 match address crypto map VPN 19 set ikev1 transform-set ESP-3DES-MD5 crypto map VPN 19 set security-association lifetime seconds 28800 crypto map VPN 19 set security-association lifetime kilobytes 4608000 crypto map VPN 20 match address crypto map VPN 20 set ikev1 transform-set ESP-3DES-MD5 crypto map VPN 20 set ikev2 pre-shared-key ***** crypto map VPN 20 set security-association lifetime seconds 28800 crypto map VPN 20 set security-association lifetime kilobytes 4608000 crypto map VPN 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP crypto map VPN interface outside crypto ca trustpool policy crypto ikev1 enable outside crypto ikev1 policy 10 authentication pre-share encryption 3des hash md5 group 2 lifetime 86400 crypto ikev1 policy 20 authentication pre-share encryption aes-256 hash sha group 5 lifetime 86400 crypto ikev1 policy 65535 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 telnet 10.240.10.0 255.255.255.0 inside telnet 10.250.0.0 255.255.0.0 inside telnet timeout 1440 ssh stricthostkeycheck ssh 10.240.10.0 255.255.255.0 inside ssh timeout 5 ssh key-exchange group dh-group1-sha1 console timeout 0 management-access inside dhcpd dns 208.67.222.222 208.67.220.220 ! dhcpd address 10.240.16.2-10.240.16.250 guest dhcpd enable guest ! dhcpd address 192.168.1.2-192.168.1.254 management dhcpd enable management ! threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept webvpn anyconnect-essentials cache disable group-policy DfltGrpPolicy attributes vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-clientless group-policy VPNUSERS internal group-policy VPNUSERS attributes dns-server value 10.240.10.10 208.67.222.222 vpn-tunnel-protocol ikev1 ssl-clientless split-tunnel-policy tunnelspecified split-tunnel-network-list value VPNUSERS_splitTunnelAcl default-domain value Cam.Home username cameronc password vnVq3ASeRQrY7Gm8 encrypted privilege 15 tunnel-group type ipsec-l2l tunnel-group ipsec-attributes ikev1 pre-shared-key ***** tunnel-group VPNUSERS type remote-access tunnel-group VPNUSERS general-attributes address-pool VPNPool default-group-policy VPNUSERS tunnel-group VPNUSERS ipsec-attributes ikev1 pre-shared-key ***** tunnel-group type ipsec-l2l tunnel-group ipsec-attributes ikev1 pre-shared-key ***** ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect ip-options ! service-policy global_policy global prompt hostname context no call-home reporting anonymous call-home profile CiscoTAC-1 no active destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address email callhome@cisco.com destination transport-method http subscribe-to-alert-group diagnostic subscribe-to-alert-group environment subscribe-to-alert-group inventory periodic monthly subscribe-to-alert-group configuration periodic monthly subscribe-to-alert-group telemetry periodic daily Cryptochecksum:4399e149de3c492312a5a727587dd4e1 : end DunnHome5520#