ASA Version 9.6(4)34 ! terminal width 511 hostname ASA names ! interface GigabitEthernet1/1 channel-group 10 mode active no nameif no security-level no ip address ! interface GigabitEthernet1/2 channel-group 10 mode active no nameif no security-level no ip address ! interface GigabitEthernet1/3 channel-group 20 mode active no nameif no security-level no ip address ! interface GigabitEthernet1/4 channel-group 20 mode active no nameif no security-level no ip address ! interface GigabitEthernet1/5 description LAN Failover Interface ! interface GigabitEthernet1/6 description STATE Failover Interface ! interface GigabitEthernet1/7 shutdown no nameif no security-level no ip address ! interface GigabitEthernet1/8 shutdown no nameif no security-level no ip address ! interface Port-channel10 lacp max-bundle 8 no nameif no security-level no ip address ! interface Port-channel10.3001 vlan 3001 nameif outside-isp1 security-level 0 ip address 115.42.250.6 255.255.255.248 ! interface Port-channel10.3002 vlan 3002 nameif outside-isp2 security-level 0 ip address 118.189.59.68 255.255.255.248 ! interface Port-channel20 lacp max-bundle 8 no nameif no security-level no ip address ! interface Port-channel20.20 vlan 2020 nameif inside security-level 100 ip address 10.200.20.254 255.255.255.248 standby 10.200.20.253 ! same-security-traffic permit inter-interface same-security-traffic permit intra-interface object network Internal-LAN subnet 10.200.0.0 255.255.0.0 object network 10.88.0.0 subnet 10.88.0.0 255.255.128.0 object network 106.10.250.1 host 106.10.250.1 object network inside object-group network OBJ-OFFICE-GROUP network-object 10.200.0.0 255.255.0.0 object-group network OBJ-AZURE-GROUP network-object object 10.88.0.0 object-group network OBJ-AZURE-LOCAL-GROUP network-object object Internal-LAN network-object object 106.10.250.11 access-list outside-isp2_cryptomap extended permit ip object-group OBJ-AZURE-LOCAL-GROUP object-group OBJ-AZURE-GROUP nat (inside,outside-isp2) source static OBJ-AZURE-LOCAL-GROUP OBJ-AZURE-LOCAL-GROUP destination static OBJ-AZURE-GROUP OBJ-AZURE-GROUP ! route outside-isp1 0.0.0.0 0.0.0.0 115.42.250.5 1 track 1 route outside-isp1 10.0.0.0 255.0.0.0 115.42.250.5 1 track 1 route management 0.0.0.0 0.0.0.0 10.200.5.254 1 route outside-isp2 0.0.0.0 0.0.0.0 118.189.59.67 10 route outside-isp2 4.2.2.2 255.255.255.255 118.189.59.67 10 route outside-isp1 8.8.8.8 255.255.255.255 115.42.250.5 1 route outside-isp2 10.0.0.0 255.0.0.0 118.189.59.67 10 route inside 10.200.0.0 255.255.0.0 10.200.20.249 1 crypto ipsec ikev2 ipsec-proposal AES256 protocol esp encryption aes-256 protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES192 protocol esp encryption aes-192 protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES protocol esp encryption aes protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal 3DES protocol esp encryption 3des protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal DES protocol esp encryption des protocol esp integrity sha-1 md5 crypto ipsec security-association lifetime seconds 7200 crypto ipsec security-association lifetime kilobytes 102400000 crypto ipsec security-association pmtu-aging infinite crypto map outside-isp2_map1 1 match address outside-isp2_cryptomap crypto map outside-isp2_map1 1 set peer 52.187.32.142 crypto map outside-isp2_map1 1 set ikev2 ipsec-proposal AES256 crypto map outside-isp2_map1 1 set reverse-route crypto map outside-isp2_map1 interface outside-isp2 crypto isakmp identity address crypto ikev2 policy 1 encryption aes-256 integrity sha256 group 5 2 prf sha256 lifetime seconds 86400 crypto ikev2 enable outside-isp2 crypto ikev2 remote-access trustpoint SSL-TrustPoint crypto ikev1 enable outside-isp1 ! tunnel-group 52.187.32.142 type ipsec-l2l tunnel-group 52.187.32.142 ipsec-attributes ikev2 remote-authentication pre-shared-key ***** ikev2 local-authentication pre-shared-key *****