ASA Version 8.2(1) ! names ! interface Vlan1 nameif inside security-level 100 ip address 192.168.66.1 255.255.255.0 ! interface Vlan2 nameif outside security-level 0 ip address 64.179.yyy.yyy 255.255.255.252 ! interface Ethernet0/0 switchport access vlan 2 ! interface Ethernet0/1 ! interface Ethernet0/2 ! interface Ethernet0/3 ! interface Ethernet0/4 ! interface Ethernet0/5 ! interface Ethernet0/6 ! interface Ethernet0/7 ! ftp mode passive clock timezone EST -5 same-security-traffic permit inter-interface same-security-traffic permit intra-interface object-group network Montreal_Network network-object 192.168.66.0 255.255.255.0 object-group network Toronto_Network network-object 172.20.30.0 255.255.254.0 network-object 192.168.42.0 255.255.255.0 access-list ICMP extended permit icmp any any echo access-list MONT-TTO extended permit ip object-group Montreal_Network object-group Toronto_Network log debugging access-list MONT-TTO extended permit icmp any any echo access-list MONT-TTO extended permit icmp any any echo-reply access-list no_nat extended permit ip any 172.20.30.0 255.255.254.0 access-list no_nat extended permit ip object-group Montreal_Network object-group Toronto_Network access-list outside_1_cryptomap extended permit ip object-group Montreal_Network object-group Toronto_Network access-list inside_nat0_outbound extended permit ip object-group Montreal_Network object-group Toronto_Network access-list MONT-OUT extended permit icmp any any echo access-list MONT-OUT extended permit icmp any any echo-reply access-list inside_access_in extended permit ip any any access-list inside_access_in extended permit icmp any any echo access-list inside_access_in extended permit icmp any any echo-reply pager lines 24 logging enable logging timestamp logging buffered informational logging asdm informational mtu inside 1500 mtu outside 1500 icmp unreachable rate-limit 1 burst-size 1 icmp permit host 66.207.xxx.xxx outside no asdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 0 access-list inside_nat0_outbound access-group inside_access_in in interface inside access-group MONT-TTO in interface outside route outside 0.0.0.0 0.0.0.0 64.179.yyy.yyy 1 timeout xlate 3:00:00 timeout conn 2:59:59 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 dynamic-access-policy-record DfltAccessPolicy aaa authentication ssh console LOCAL no snmp-server location no snmp-server contact snmp-server community ***** snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec transform-set myset esp-3des esp-md5-hmac crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac crypto ipsec transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac crypto ipsec transform-set ESP-AES-128-SHA-TRANS mode transport crypto ipsec transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac crypto ipsec transform-set ESP-AES-128-MD5-TRANS mode transport crypto ipsec transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac crypto ipsec transform-set ESP-AES-192-SHA-TRANS mode transport crypto ipsec transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac crypto ipsec transform-set ESP-AES-192-MD5-TRANS mode transport crypto ipsec transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac crypto ipsec transform-set ESP-AES-256-SHA-TRANS mode transport crypto ipsec transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac crypto ipsec transform-set ESP-AES-256-MD5-TRANS mode transport crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac crypto ipsec transform-set ESP-3DES-SHA-TRANS mode transport crypto ipsec transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac crypto ipsec transform-set ESP-3DES-MD5-TRANS mode transport crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac crypto ipsec transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac crypto ipsec transform-set ESP-DES-SHA-TRANS mode transport crypto ipsec transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac crypto ipsec transform-set ESP-DES-MD5-TRANS mode transport crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec security-association lifetime seconds 28800 crypto ipsec security-association lifetime kilobytes 4608000 crypto map outside_map 1 match address outside_1_cryptomap crypto map outside_map 1 set pfs group1 crypto map outside_map 1 set peer 64.179.xxx.xxx crypto map outside_map 1 set transform-set ESP-3DES-SHA crypto map outside_map interface outside crypto isakmp identity address crypto isakmp enable inside crypto isakmp enable outside crypto isakmp policy 10 authentication pre-share encryption 3des hash md5 group 2 lifetime 86400 crypto isakmp policy 65535 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 no crypto isakmp nat-traversal management-access inside dhcpd dns 8.8.8.8 ! dhcpd address 192.168.66.100-192.168.66.130 inside dhcpd enable inside ! group-policy DfltGrpPolicy attributes vpn-idle-timeout none username admin password Ir2lFnuIjsnQuoUU encrypted privilege 15 username CorusAdmin password xhP2IEbGyn72Vs0k encrypted tunnel-group 64.179.xxx.xxx type ipsec-l2l tunnel-group 64.179.xxx.xxx ipsec-attributes pre-shared-key * ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect netbios inspect rsh inspect rtsp inspect skinny inspect esmtp inspect sqlnet inspect sunrpc inspect tftp inspect sip inspect xdmcp inspect icmp ! service-policy global_policy global prompt hostname context Cryptochecksum:91c7248d9341a8d56b9008cde5d418a2 : end