ASA Version 8.2(5)52 ! interface GigabitEthernet0/0 description Corus Network nameif Corus security-level 80 ip address 172.20.30.5 255.255.252.0 ! interface GigabitEthernet0/2 description For Internet nameif Outside security-level 0 ip address 64.179.xxx.xxx 255.255.255.248 ! interface Management0/0 shutdown no nameif no security-level no ip address ! boot system disk0:/asa825-52-k8.bin object-group network Toronto_Network network-object 172.20.30.0 255.255.254.0 network-object 192.168.42.0 255.255.255.0 object-group network Montreal_Network network-object 192.168.66.0 255.255.255.0 access-list acl_corus_in extended permit icmp any any log disable access-list acl_corus_in extended permit ip any any log disable access-list acl_corus_in extended permit icmp any any echo access-list acl_corus_in extended permit icmp any any echo-reply access-list acl_corus_in extended deny ip any any log access-list acl_outside_in extended permit ip object-group Montreal_Network object-group Toronto_Network access-list acl_outside_in extended permit ip object-group Toronto_Network object-group Montreal_Network access-list Corus_nat0_outbound extended permit ip object-group Toronto_Network object-group Montreal_Network access-list Outside_1_cryptomap extended permit ip object-group Toronto_Network object-group Montreal_Network mtu Corus 1500 mtu TLN 1500 mtu Outside 1500 no failover icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-713.bin no asdm history enable arp timeout 14400 global (Corus) 1 interface global (Outside) 1 interface nat (Corus) 0 access-list Corus_nat0_outbound access-group acl_corus_in in interface Corus access-group acl_tln_in in interface TLN access-group acl_outside_in in interface Outside route Outside 0.0.0.0 0.0.0.0 64.179.xxx.xxx 200 route Corus 10.0.0.0 255.0.0.0 172.20.30.1 1 route Corus 172.16.0.0 255.240.0.0 172.20.30.1 1 route Corus 192.168.42.0 255.255.255.0 172.20.30.1 2 timeout xlate 3:00:00 timeout conn 2:59:59 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 dynamic-access-policy-record DfltAccessPolicy crypto ipsec transform-set myset esp-3des esp-md5-hmac crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac crypto ipsec transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac crypto ipsec transform-set ESP-AES-128-SHA-TRANS mode transport crypto ipsec transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac crypto ipsec transform-set ESP-AES-128-MD5-TRANS mode transport crypto ipsec transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac crypto ipsec transform-set ESP-AES-192-SHA-TRANS mode transport crypto ipsec transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac crypto ipsec transform-set ESP-AES-192-MD5-TRANS mode transport crypto ipsec transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac crypto ipsec transform-set ESP-AES-256-SHA-TRANS mode transport crypto ipsec transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac crypto ipsec transform-set ESP-AES-256-MD5-TRANS mode transport crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac crypto ipsec transform-set ESP-3DES-SHA-TRANS mode transport crypto ipsec transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac crypto ipsec transform-set ESP-3DES-MD5-TRANS mode transport crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac crypto ipsec transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac crypto ipsec transform-set ESP-DES-SHA-TRANS mode transport crypto ipsec transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac crypto ipsec transform-set ESP-DES-MD5-TRANS mode transport crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec security-association lifetime seconds 28800 crypto ipsec security-association lifetime kilobytes 4608000 crypto map Outside_map 1 match address Outside_1_cryptomap crypto map Outside_map 1 set pfs group1 crypto map Outside_map 1 set peer 64.179.yyy.yyy crypto map Outside_map 1 set transform-set ESP-3DES-SHA crypto map Outside_map interface Outside crypto isakmp identity address crypto isakmp enable Corus crypto isakmp enable Outside crypto isakmp policy 10 authentication pre-share encryption 3des hash md5 group 2 lifetime 86400 crypto isakmp policy 30 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 no crypto isakmp nat-traversal threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept webvpn group-policy DfltGrpPolicy attributes vpn-idle-timeout none username admin password Ir2lFnuIjsnQuoUU encrypted privilege 15 username admin1 password gWe.oMSKmeGtelxS encrypted tunnel-group 64.179.yyy.yyy type ipsec-l2l tunnel-group 64.179.yyy.yyy ipsec-attributes pre-shared-key ***** ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect netbios inspect rsh inspect rtsp inspect skinny inspect esmtp inspect sqlnet inspect sunrpc inspect tftp inspect sip inspect xdmcp inspect icmp inspect ip-options ! service-policy global_policy global prompt hostname context no call-home reporting anonymous call-home profile CiscoTAC-1 no active destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address email callhome@cisco.com destination transport-method http subscribe-to-alert-group diagnostic subscribe-to-alert-group environment subscribe-to-alert-group inventory periodic monthly subscribe-to-alert-group configuration periodic monthly subscribe-to-alert-group telemetry periodic daily Cryptochecksum:0cf3346c8ccc479772aac98a0ce8ed16 : end