Result of the command: "sho run" : Saved : : Serial Number: FCH164779D1 : Hardware: ASA5515, 8192 MB RAM, CPU Clarkdale 3058 MHz, 1 CPU (4 cores) : ASA Version 9.10(1) ! hostname NYC-ASA domain-name NYC enable password ***** pbkdf2 names no mac-address auto ip local pool AnyConnect_IPs 10.4.4.220-10.4.4.240 mask 255.255.255.0 ! interface GigabitEthernet0/0 no nameif no security-level no ip address ! interface GigabitEthernet0/0.26 description VLAN 26 vlan 26 nameif Cameras security-level 50 ip address 192.168.25.1 255.255.255.0 ! interface GigabitEthernet0/0.34 description VLAN 34 vlan 34 nameif Security_Access security-level 100 ip address 192.168.34.1 255.255.255.0 ! interface GigabitEthernet0/0.50 description VLAN 50 vlan 50 nameif Provisioning_Lab security-level 50 ip address 192.168.50.1 255.255.255.0 ! interface GigabitEthernet0/0.51 description VLAN 51 vlan 51 nameif Tech_Workbench security-level 100 ip address 192.168.51.1 255.255.255.0 ! interface GigabitEthernet0/0.69 description VLAN 69 vlan 69 nameif NYC_Internal security-level 50 ip address 10.4.4.1 255.255.255.0 ! interface GigabitEthernet0/0.75 description VLAN 75 vlan 75 nameif Team_Access security-level 100 ip address 192.168.75.1 255.255.255.0 ! interface GigabitEthernet0/0.99 description VLAN 99 vlan 99 nameif NJ_VPN_NET security-level 50 ip address 10.5.5.1 255.255.255.0 ! interface GigabitEthernet0/0.100 description VLAN 100 vlan 100 nameif Game_Room security-level 100 ip address 192.168.100.1 255.255.255.0 ! interface GigabitEthernet0/1 description To_Comcast shutdown nameif Comcast security-level 0 ip address X.X.X.210 255.255.255.248 ! interface GigabitEthernet0/2 description To_FiOS nameif FiOS security-level 0 ip address X.X.X.59 255.255.255.0 ! interface GigabitEthernet0/3 shutdown no nameif no security-level no ip address ! interface GigabitEthernet0/4 shutdown no nameif no security-level no ip address ! interface GigabitEthernet0/5 shutdown no nameif no security-level no ip address ! interface Management0/0 management-only nameif management security-level 100 ip address 10.6.4.29 255.255.255.0 ! ftp mode passive dns server-group DefaultDNS domain-name NYC same-security-traffic permit inter-interface object network ACSPrivateOne subnet 172.21.0.0 255.255.255.0 description VLAN 11 object network ACSPrivateTwo subnet 172.21.1.0 255.255.255.0 description VLAN 10 object network SEF_Private subnet 172.21.2.0 255.255.255.0 description VVLAN 10 object network NETWORK_OBJ_10.4.4.0_24 subnet 10.4.4.0 255.255.255.0 object network Camera_DVR host 192.168.25.2 description Camera_DVR object network Access_Control_RDP host 192.168.34.2 description Access_Control_RDP object network chris_RDP host 10.4.4.11 description chris_RDP object network bill_RDP host 10.4.4.12 description bill_RDP object network PRTG_2wayQOS_SEF host 10.4.4.202 description PRTG_2wayQOS_SEF object network Cameras_RDP host 10.4.4.203 description Cameras_RDP object service RDPng service tcp source eq 3389 object network NETWORK_OBJ_10.4.4.192_26 subnet 10.4.4.192 255.255.255.192 object network AnyConnect_DHCP range 10.4.4.220 10.4.4.240 object network ACS_Vlan-110 subnet XXX.XXX.76.0 255.255.254.0 description Vlan110 object network ACS_Vlan-113 subnet XXX.XXX.113.0 255.255.255.0 description Vlan113 object network ACS_Vlan-114 subnet XXX.XXX.114.0 255.255.255.0 description Vlan114 object network ACS_Vlan-120 subnet XXX.XXX.78.0 255.255.255.0 description Vlan120 object network ACS_Vlan-130 subnet XXX.XXX.79.0 255.255.255.0 description Vlan130 object network ACS_Vlan-30 subnet XXX.XXX.81.0 255.255.255.0 description Vlan30 object network ACS_Vlan-60 subnet XXX.XXX.83.0 255.255.255.0 description Vlan30 object network ACS_Vlan-70 subnet XXX.XXX.82.0 255.255.255.0 description Vlan70 object network Route_IPs subnet XXX.XXX.112.0 255.255.255.0 description IP used for devices for routing object network Route_IPs-2 subnet XXX.XXX.119.0 255.255.255.0 description IP used for devices for routing object network SEF_Vlan-50and51and52 subnet XXX.XXX.252.0 255.255.255.0 description Vlan50and51and52 object network SEF_Vlan-53 subnet XXX.XXX.253.0 255.255.255.0 description Vlan53 object network SEF_Vlan-54 subnet XXX.XXX.254.0 255.255.255.0 description Vlan54 object network SEF_Vlan-55 subnet XXX.XXX.255.0 255.255.255.0 description Vlan55 object network SEF_Vlan-56 subnet XXX.XXX.118.0 255.255.255.0 description Vlan56 object network ACS_Vlan-12 subnet 172.21.10.0 255.255.255.0 description Test-Net object network NoPo subnet 10.2.10.0 255.255.255.0 object-group network DM_INLINE_NETWORK_1 network-object 10.4.4.0 255.255.255.0 network-object 10.5.5.0 255.255.255.0 network-object 192.168.51.0 255.255.255.0 object-group network DM_INLINE_NETWORK_2 network-object object ACSPrivateOne network-object object ACSPrivateTwo object-group network Internal description NYC_Internals network-object 10.4.4.0 255.255.255.0 network-object 10.5.5.0 255.255.255.0 network-object 192.168.100.0 255.255.255.0 network-object 192.168.34.0 255.255.255.0 network-object 192.168.50.0 255.255.255.0 network-object 192.168.51.0 255.255.255.0 network-object 192.168.75.0 255.255.255.0 network-object object Camera_DVR object-group service RDP tcp-udp port-object eq 3389 object-group protocol TCPUDP protocol-object udp protocol-object tcp object-group protocol DM_INLINE_PROTOCOL_1 protocol-object ip protocol-object icmp object-group network ACS_Internals network-object object ACSPrivateOne network-object object ACSPrivateTwo network-object object ACS_Vlan-12 object-group network AnyConnect_DHCP_NOG network-object object AnyConnect_DHCP object-group network DM_INLINE_NETWORK_3 group-object ACS_Internals network-object object SEF_Private object-group network ALL_NYC_IPs_PUBANDPRIV description This is used for split tunneling. It includes all NYC IPs network-object 10.4.4.0 255.255.255.0 network-object 10.5.5.0 255.255.255.0 network-object 10.6.4.0 255.255.255.0 network-object 192.168.100.0 255.255.255.0 network-object 192.168.25.0 255.255.255.0 network-object 192.168.34.0 255.255.255.0 network-object 192.168.50.0 255.255.255.0 network-object 192.168.51.0 255.255.255.0 network-object 192.168.75.0 255.255.255.0 network-object X.X.X.0 255.255.255.0 network-object X.X.X.208 255.255.255.248 network-object object ACSPrivateOne network-object object ACSPrivateTwo network-object object ACS_Vlan-110 network-object object ACS_Vlan-113 network-object object ACS_Vlan-114 network-object object ACS_Vlan-120 network-object object ACS_Vlan-130 network-object object ACS_Vlan-30 network-object object ACS_Vlan-60 network-object object ACS_Vlan-70 network-object object Access_Control_RDP network-object object AnyConnect_DHCP network-object object Camera_DVR network-object object Cameras_RDP network-object object chris_RDP network-object object bill_RDP network-object object NETWORK_OBJ_10.4.4.0_24 network-object object NETWORK_OBJ_10.4.4.192_26 network-object object PRTG_2wayQOS_SEF network-object object Route_IPs network-object object Route_IPs-2 network-object object SEF_Private network-object object SEF_Vlan-50and51and52 network-object object SEF_Vlan-53 network-object object SEF_Vlan-54 network-object object SEF_Vlan-55 network-object object SEF_Vlan-56 access-list FiOS_cryptomap extended permit ip object-group Internal object-group ACS_Internals access-list FiOS_cryptomap_1 extended permit ip object-group DM_INLINE_NETWORK_1 object-group DM_INLINE_NETWORK_2 access-list global_access extended permit ip any any access-list global_access extended permit icmp any any access-list FiOS_access_in extended permit object-group DM_INLINE_PROTOCOL_1 any any access-list FiOS_cryptomap_2 extended permit ip object-group Internal object SEF_Private access-list FiOS_mpc extended permit tcp any any eq ssh access-list All_IP_SEF_ACS remark Vlan_110 access-list All_IP_SEF_ACS standard permit XXX.XXX.76.0 255.255.254.0 access-list All_IP_SEF_ACS remark Vlan 113 access-list All_IP_SEF_ACS standard permit XXX.XXX.113.0 255.255.255.0 access-list All_IP_SEF_ACS remark Vlan_114 access-list All_IP_SEF_ACS standard permit XXX.XXX.114.0 255.255.255.0 access-list All_IP_SEF_ACS remark Vlan 120 access-list All_IP_SEF_ACS standard permit XXX.XXX.78.0 255.255.255.0 access-list All_IP_SEF_ACS remark Vlan 130 access-list All_IP_SEF_ACS standard permit XXX.XXX.79.0 255.255.255.0 access-list All_IP_SEF_ACS remark Vlan_30 access-list All_IP_SEF_ACS standard permit XXX.XXX.81.0 255.255.255.0 access-list All_IP_SEF_ACS remark Vlan_60 access-list All_IP_SEF_ACS standard permit XXX.XXX.83.0 255.255.255.0 access-list All_IP_SEF_ACS remark Vlan_70 access-list All_IP_SEF_ACS standard permit XXX.XXX.82.0 255.255.255.0 access-list All_IP_SEF_ACS remark ACS_Priv access-list All_IP_SEF_ACS standard permit 172.21.0.0 255.255.254.0 access-list All_IP_SEF_ACS remark NYC_Cams access-list All_IP_SEF_ACS standard permit 192.168.25.0 255.255.255.0 access-list All_IP_SEF_ACS remark NYC_users access-list All_IP_SEF_ACS standard permit 10.4.4.0 255.255.255.0 access-list All_IP_SEF_ACS remark NYC_MGMT access-list All_IP_SEF_ACS standard permit 10.6.4.0 255.255.255.0 access-list All_IP_SEF_ACS remark NYC_Prov_Lab access-list All_IP_SEF_ACS standard permit 192.168.50.0 255.255.255.0 access-list All_IP_SEF_ACS remark NYC_Sec access-list All_IP_SEF_ACS standard permit 192.168.34.0 255.255.255.0 access-list All_IP_SEF_ACS remark SEF_Priv access-list All_IP_SEF_ACS standard permit 172.21.2.0 255.255.255.0 access-list All_IP_SEF_ACS remark Vlan_50-52 access-list All_IP_SEF_ACS standard permit XXX.XXX.252.0 255.255.255.0 access-list All_IP_SEF_ACS remark Vlan_53 access-list All_IP_SEF_ACS standard permit XXX.XXX.253.0 255.255.255.0 access-list All_IP_SEF_ACS remark Vlan_54 access-list All_IP_SEF_ACS standard permit XXX.XXX.254.0 255.255.255.0 access-list All_IP_SEF_ACS remark Vlan_55 access-list All_IP_SEF_ACS standard permit XXX.XXX.255.0 255.255.255.0 access-list All_IP_SEF_ACS remark Vlan_56 access-list All_IP_SEF_ACS standard permit XXX.XXX.118.0 255.255.255.0 access-list All_IP_SEF_ACS remark ACS_Team_Acc access-list All_IP_SEF_ACS standard permit 192.168.75.0 255.255.255.0 access-list All_IP_SEF_ACS remark ACS_WorkBench access-list All_IP_SEF_ACS standard permit 192.168.51.0 255.255.255.0 access-list Alex_evarist standard permit host XXX.XXX.118.15 access-list Alex_evarist standard permit host XXX.XXX.118.16 access-list Alex_evarist standard permit host XXX.XXX.80.21 access-list Alex_evarist standard permit host 172.21.1.185 access-list TW_Only standard permit host 172.21.1.179 access-list TW_Only standard permit host 172.21.1.180 access-list FiOS_cryptomap_3 extended permit ip 10.4.4.0 255.255.255.0 object NoPo pager lines 24 logging enable logging asdm informational mtu Cameras 1500 mtu Security_Access 1500 mtu Provisioning_Lab 1500 mtu Tech_Workbench 1500 mtu NYC_Internal 1500 mtu Team_Access 1500 mtu NJ_VPN_NET 1500 mtu Game_Room 1500 mtu Comcast 1500 mtu FiOS 1500 mtu management 1500 no failover no monitor-interface Cameras no monitor-interface Security_Access no monitor-interface Provisioning_Lab no monitor-interface Tech_Workbench no monitor-interface NYC_Internal no monitor-interface Team_Access no monitor-interface NJ_VPN_NET no monitor-interface Game_Room no monitor-interface service-module icmp unreachable rate-limit 1 burst-size 1 no asdm history enable arp timeout 14400 no arp permit-nonconnected arp rate-limit 16384 nat (NYC_Internal,FiOS) source static Internal Internal destination static SEF_Private SEF_Private nat (NYC_Internal,FiOS) source static Internal Internal destination static ACS_Internals ACS_Internals nat (NYC_Internal,FiOS) source static any any destination static NETWORK_OBJ_10.4.4.192_26 NETWORK_OBJ_10.4.4.192_26 no-proxy-arp route-lookup nat (FiOS,FiOS) source static AnyConnect_DHCP_NOG AnyConnect_DHCP_NOG destination static DM_INLINE_NETWORK_3 DM_INLINE_NETWORK_3 no-proxy-arp nat (NYC_Internal,FiOS) source static NETWORK_OBJ_10.4.4.0_24 NETWORK_OBJ_10.4.4.0_24 destination static NoPo NoPo no-proxy-arp route-lookup ! object network chris_RDP nat (NYC_Internal,FiOS) static interface service tcp 3389 51550 object network bill_RDP nat (NYC_Internal,FiOS) static interface service tcp 3389 55055 ! nat (any,FiOS) after-auto source dynamic Internal interface access-group FiOS_access_in in interface FiOS access-group global_access global route FiOS 0.0.0.0 0.0.0.0 X.X.X.1 1 timeout xlate 3:00:00 timeout pat-xlate 0:00:30 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 timeout conn-holddown 0:00:15 timeout igp stale-route 0:01:10 user-identity default-domain LOCAL aaa authentication login-history http server enable http 10.4.4.0 255.255.255.0 management http 10.6.4.0 255.255.255.0 management http 10.4.4.0 255.255.255.0 NYC_Internal snmp-server host FiOS XXX.XXX.252.59 poll community ***** version 2c snmp-server host FiOS XXX.XXX.80.62 poll community ***** version 2c snmp-server host NYC_Internal 10.4.4.202 poll community ***** version 2c no snmp-server location no snmp-server contact crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transport crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transport crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transport crypto ipsec ikev2 ipsec-proposal AES256 protocol esp encryption aes-256 protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES192 protocol esp encryption aes-192 protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES protocol esp encryption aes protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal 3DES protocol esp encryption 3des protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal DES protocol esp encryption des protocol esp integrity sha-1 md5 crypto ipsec security-association pmtu-aging infinite crypto map FiOS_map 1 match address FiOS_cryptomap crypto map FiOS_map 1 set peer XXX.XXX.0.226 crypto map FiOS_map 1 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 crypto map FiOS_map 1 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES crypto map FiOS_map 2 match address FiOS_cryptomap_1 crypto map FiOS_map 2 set peer XXX.XXX.80.1 crypto map FiOS_map 2 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 crypto map FiOS_map 2 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES crypto map FiOS_map 3 match address FiOS_cryptomap_2 crypto map FiOS_map 3 set peer XXX.XXX.119.1 crypto map FiOS_map 3 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 crypto map FiOS_map 3 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES crypto map FiOS_map 4 match address FiOS_cryptomap_3 crypto map FiOS_map 4 set peer XXX.XXX.128.73 crypto map FiOS_map 4 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 crypto map FiOS_map 4 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES crypto map FiOS_map interface FiOS crypto ca trustpool policy no crypto isakmp nat-traversal crypto ikev2 policy 1 encryption aes-256 integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 10 encryption aes-192 integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 20 encryption aes integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 30 encryption 3des integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 40 encryption des integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 enable FiOS crypto ikev1 enable FiOS crypto ikev1 policy 30 authentication pre-share encryption aes-256 hash md5 group 2 lifetime 86400 telnet timeout 5 ssh stricthostkeycheck ssh 10.4.4.0 255.255.255.0 management ssh 10.6.4.0 255.255.255.0 management ssh timeout 5 ssh version 2 ssh key-exchange group dh-group1-sha1 console timeout 0 dhcpd address 192.168.25.140-192.168.25.150 Cameras dhcpd dns 8.8.8.8 8.8.4.4 interface Cameras dhcpd lease 86400 interface Cameras dhcpd enable Cameras ! dhcpd address 192.168.34.10-192.168.34.50 Security_Access dhcpd dns 8.8.8.8 8.8.4.4 interface Security_Access dhcpd lease 86400 interface Security_Access dhcpd enable Security_Access ! dhcpd address 192.168.51.10-192.168.51.254 Tech_Workbench dhcpd dns 8.8.8.8 8.8.4.4 interface Tech_Workbench dhcpd lease 86400 interface Tech_Workbench dhcpd enable Tech_Workbench ! dhcpd address 10.4.4.20-10.4.4.199 NYC_Internal dhcpd dns 10.4.4.201 10.4.4.202 interface NYC_Internal dhcpd wins 10.4.4.201 10.4.4.202 interface NYC_Internal dhcpd lease 86400 interface NYC_Internal dhcpd enable NYC_Internal ! dhcpd address 192.168.75.50-192.168.75.200 Team_Access dhcpd dns 8.8.8.8 8.8.4.4 interface Team_Access dhcpd lease 86400 interface Team_Access dhcpd enable Team_Access ! dhcpd address 10.5.5.10-10.5.5.30 NJ_VPN_NET dhcpd dns 8.8.8.8 8.8.4.4 interface NJ_VPN_NET dhcpd lease 86400 interface NJ_VPN_NET dhcpd enable NJ_VPN_NET ! dhcpd address 192.168.100.100-192.168.100.200 Game_Room dhcpd dns 8.8.8.8 8.8.4.4 interface Game_Room dhcpd lease 86400 interface Game_Room dhcpd enable Game_Room ! threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept webvpn enable FiOS anyconnect-essentials anyconnect image disk0:/anyconnect-linux64-4.7.03052-webdeploy-k9.pkg 1 anyconnect image disk0:/anyconnect-macos-4.7.03052-webdeploy-k9.pkg 2 anyconnect image disk0:/anyconnect-win-4.7.03052-webdeploy-k9.pkg 3 anyconnect enable tunnel-group-list enable cache disable error-recovery disable group-policy TW_Only internal group-policy TW_Only attributes split-tunnel-policy tunnelspecified split-tunnel-network-list value TW_Only group-policy GroupPolicy_XXX.XXX.0.226 internal group-policy GroupPolicy_XXX.XXX.0.226 attributes vpn-tunnel-protocol ikev1 ikev2 group-policy GroupPolicy_Remote internal group-policy GroupPolicy_Remote attributes wins-server value 10.4.4.202 dns-server value 10.4.4.201 vpn-tunnel-protocol ssl-client split-tunnel-policy tunnelspecified split-tunnel-network-list value All_IP_SEF_ACS default-domain value NYC group-policy GroupPolicy_XXX.XXX.128.73 internal group-policy GroupPolicy_XXX.XXX.128.73 attributes vpn-tunnel-protocol ikev1 ikev2 group-policy GroupPolicy_XXX.XXX.119.1 internal group-policy GroupPolicy_XXX.XXX.119.1 attributes vpn-tunnel-protocol ikev1 ikev2 dynamic-access-policy-record DfltAccessPolicy //////////////////////////////////////////////////User names removes/////////////////////////////////////////////////////////////////////// service-type remote-access username nbryan password ***** encrypted username nbryan attributes service-type remote-access tunnel-group XXX.XXX.0.226 type ipsec-l2l tunnel-group XXX.XXX.0.226 general-attributes default-group-policy GroupPolicy_XXX.XXX.0.226 tunnel-group XXX.XXX.0.226 ipsec-attributes ikev1 pre-shared-key ***** ikev2 remote-authentication pre-shared-key ***** ikev2 local-authentication pre-shared-key ***** tunnel-group XXX.XXX.119.1 type ipsec-l2l tunnel-group XXX.XXX.119.1 general-attributes default-group-policy GroupPolicy_XXX.XXX.119.1 tunnel-group XXX.XXX.119.1 ipsec-attributes ikev1 pre-shared-key ***** ikev2 remote-authentication pre-shared-key ***** ikev2 local-authentication pre-shared-key ***** tunnel-group Remote type remote-access tunnel-group Remote general-attributes address-pool AnyConnect_IPs default-group-policy GroupPolicy_Remote tunnel-group Remote webvpn-attributes group-alias Remote enable tunnel-group XXX.XXX.128.73 type ipsec-l2l tunnel-group XXX.XXX.128.73 general-attributes default-group-policy GroupPolicy_XXX.XXX.128.73 tunnel-group XXX.XXX.128.73 ipsec-attributes ikev1 pre-shared-key ***** ikev2 remote-authentication pre-shared-key ***** ikev2 local-authentication pre-shared-key ***** ! class-map inspection_default match default-inspection-traffic class-map FiOS_SSH_Class match access-list FiOS_mpc ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum client auto message-length maximum 512 no tcp-inspection policy-map global_policy class inspection_default inspect ftp inspect h323 h225 inspect h323 ras inspect ip-options inspect netbios inspect rsh inspect rtsp inspect skinny inspect esmtp inspect sqlnet inspect sunrpc inspect tftp inspect sip inspect xdmcp inspect dns preset_dns_map inspect icmp policy-map type inspect dns migrated_dns_map_2 parameters message-length maximum client auto message-length maximum 512 no tcp-inspection policy-map type inspect dns migrated_dns_map_1 parameters message-length maximum client auto message-length maximum 512 no tcp-inspection policy-map FiOS_SSH_policy description Extend_SSH_TimeOut_To_3hr class FiOS_SSH_Class set connection timeout idle 72:00:00 reset ! service-policy global_policy global service-policy FiOS_SSH_policy interface FiOS prompt hostname context no call-home reporting anonymous call-home profile CiscoTAC-1 no active destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address email callhome@cisco.com destination transport-method http subscribe-to-alert-group diagnostic subscribe-to-alert-group environment subscribe-to-alert-group inventory periodic monthly subscribe-to-alert-group configuration periodic monthly subscribe-to-alert-group telemetry periodic daily Cryptochecksum:5532128f338b08d91cfef6033aafc198 : end