: Saved : : Serial Number: FCH164479D1 : Hardware: ASA5515, 8192 MB RAM, CPU Clarkdale 3059 MHz, 1 CPU (4 cores) : ASA Version 9.10(1) ! hostname JoKo-ASA domain-name NYC enable password ***** pbkdf2 names no mac-address auto ip local pool AnyConnect_IPs 10.4.4.220-10.4.4.240 mask 255.255.255.0 ! interface GigabitEthernet0/0 no nameif no security-level no ip address ! interface GigabitEthernet0/0.25 description VLAN 25 vlan 25 nameif DataRoom security-level 50 ip address 10.10.25.1 255.255.255.0 ! interface GigabitEthernet0/0.34 description VLAN 34 vlan 34 nameif Game_Access security-level 100 ip address 10.10.34.1 255.255.255.0 ! interface GigabitEthernet0/0.50 description VLAN 50 vlan 50 nameif Kit_Lab security-level 50 ip address 10.10.50.1 255.255.255.0 ! interface GigabitEthernet0/0.51 description VLAN 51 vlan 51 nameif Workbench security-level 100 ip address 10.10.51.1 255.255.255.0 ! interface GigabitEthernet0/0.69 description VLAN 69 vlan 69 nameif NYC_Internal security-level 50 ip address 10.4.4.1 255.255.255.0 ! interface GigabitEthernet0/0.75 description VLAN 75 vlan 75 nameif Team_Access security-level 100 ip address 10.10.75.1 255.255.255.0 ! interface GigabitEthernet0/0.99 description VLAN 99 vlan 99 nameif USF_VPN_NET security-level 50 ip address 10.5.5.1 255.255.255.0 ! interface GigabitEthernet0/0.100 description VLAN 100 vlan 100 nameif Game_Room security-level 100 ip address 10.10.100.1 255.255.255.0 ! interface GigabitEthernet0/1 description To_Comcast nameif Comcast security-level 0 ip address 96.X.X.210 255.255.255.248 ! interface GigabitEthernet0/2 description To_FiOS shutdown nameif FiOS security-level 0 ip address 47.X.X.59 255.255.255.0 ! interface GigabitEthernet0/3 shutdown no nameif no security-level no ip address ! interface GigabitEthernet0/4 shutdown no nameif no security-level no ip address ! interface GigabitEthernet0/5 shutdown no nameif no security-level no ip address ! interface Management0/0 management-only nameif management security-level 100 ip address 10.6.4.29 255.255.255.0 ! ftp mode passive dns server-group DefaultDNS domain-name NYC same-security-traffic permit inter-interface same-security-traffic permit intra-interface object network ABCPrivateOne subnet 172.21.0.0 255.255.255.0 description VLAN 11 object network ABCPrivateTwo subnet 172.21.1.0 255.255.255.0 description VLAN 10 object network ATL_Private subnet 172.21.2.0 255.255.255.0 description VVLAN 10 object network NETWORK_OBJ_10.4.4.0_24 subnet 10.4.4.0 255.255.255.0 object network Kit host 10.10.25.5 description Kit description PRTG_2wayQOS_ATL object network DataRoom_RDP host 10.4.4.203 description DataRoom_RDP object service RDPng service tcp source eq 3389 object network NETWORK_OBJ_10.4.4.192_26 subnet 10.4.4.192 255.255.255.192 object network AnyConnect_DHCP range 10.4.4.220 10.4.4.240 object network ABC_Vlan-110 subnet 204.X.X.0.0 255.255.254.0 description Vlan110 object network ABC_Vlan-113 subnet 67.X.X.0 255.255.255.0 description Vlan113 object network ABC_Vlan-114 subnet 66.X.X.0 255.255.255.0 description Vlan114 object network ABC_Vlan-120 subnet 65.X.X.0 255.255.255.0 description Vlan120 object network ABC_Vlan-130 subnet 65.X.X.0 255.255.255.0 description Vlan130 object network ABC_Vlan-30 subnet 64.X.X.0 255.255.255.0 description Vlan30 object network ABC_Vlan-60 subnet 60.X.X.0 255.255.255.0 description Vlan30 object network ABC_Vlan-70 subnet 63.X.X.0 255.255.255.0 description Vlan70 object network Route_IPs subnet 62.X.X.0 255.255.255.0 description IP used for devices for routing object network Route_IPs-2 subnet 61.X.X.0 255.255.255.0 description IP used for devices for routing object network ATL_Vlan-50and51and52 subnet 59.X.X.0 255.255.255.0 description Vlan50and51and52 object network ATL_Vlan-53 subnet 58.X.X.0 255.255.255.0 description Vlan53 object network ATL_Vlan-54 subnet 57.X.X.0 255.255.255.0 description Vlan54 object network ATL_Vlan-55 subnet 56.X.X.0 255.255.255.0 description Vlan55 object network ATL_Vlan-56 subnet 55.X.X.0 255.255.255.0 description Vlan56 object network ABC_Vlan-12 subnet 172.21.10.0 255.255.255.0 description Test-Net object network NoPo subnet 10.2.10.0 255.255.255.0 object network ABC_Vlan-80 subnet 54.X.X.0 255.255.255.0 description VLAN 80 object network Kit_auto_NAT subnet 10.10.25.0 255.255.255.0 object-group network DM_INLINE_NETWORK_1 network-object 10.4.4.0 255.255.255.0 network-object 10.5.5.0 255.255.255.0 network-object 10.10.51.0 255.255.255.0 object-group network DM_INLINE_NETWORK_2 network-object object ABCPrivateOne network-object object ABCPrivateTwo object-group network Internal description JoKo_Internals network-object 10.4.4.0 255.255.255.0 network-object 10.5.5.0 255.255.255.0 network-object 10.10.100.0 255.255.255.0 network-object 10.10.34.0 255.255.255.0 network-object 10.10.50.0 255.255.255.0 network-object 10.10.51.0 255.255.255.0 network-object 10.10.75.0 255.255.255.0 network-object object Kit object-group service RDP tcp-udp port-object eq 3389 object-group protocol TCPUDP protocol-object udp protocol-object tcp object-group protocol DM_INLINE_PROTOCOL_1 protocol-object ip protocol-object icmp object-group network ABC_Internals network-object object ABCPrivateOne network-object object ABCPrivateTwo network-object object ABC_Vlan-12 object-group network AnyConnect_DHCP_NOG network-object object AnyConnect_DHCP object-group network DM_INLINE_NETWORK_3 group-object ABC_Internals network-object object ATL_Private object-group network ALL_NYC_IPs_PUBANDPRIV description This is used for split tunneling. It includes all NYC IPs network-object 10.4.4.0 255.255.255.0 network-object 10.5.5.0 255.255.255.0 network-object 10.6.4.0 255.255.255.0 network-object 10.10.100.0 255.255.255.0 network-object 10.10.34.0 255.255.255.0 network-object 10.10.50.0 255.255.255.0 network-object 10.10.51.0 255.255.255.0 network-object 10.10.75.0 255.255.255.0 network-object 47.X.X.0 255.255.255.0 network-object 96.X.X.208 255.255.255.248 network-object object ABCPrivateOne network-object object ABCPrivateTwo network-object object ABC_Vlan-110 network-object object ABC_Vlan-113 network-object object ABC_Vlan-114 network-object object ABC_Vlan-120 network-object object ABC_Vlan-130 network-object object ABC_Vlan-30 network-object object ABC_Vlan-60 network-object object ABC_Vlan-70 network-object object Access_Control_RDP network-object object AnyConnect_DHCP network-object object DataRoom_RDP network-object object Name_RDP network-object object JNamew_RDP network-object object NETWORK_OBJ_10.4.4.0_24 network-object object NETWORK_OBJ_10.4.4.192_26 network-object object PRTG_2wayQOS_ATL network-object object Route_IPs network-object object Route_IPs-2 network-object object ATL_Private network-object object ATL_Vlan-50and51and52 network-object object ATL_Vlan-53 network-object object ATL_Vlan-54 network-object object ATL_Vlan-55 network-object object ATL_Vlan-56 network-object object Kit_auto_NAT network-object object Kit object-group network DM_INLINE_NETWORK_4 network-object 10.4.4.0 255.255.255.0 network-object 10.10.50.0 255.255.255.0 network-object 10.10.51.0 255.255.255.0 object-group network DM_INLINE_NETWORK_5 network-object object ABCPrivateOne network-object object ABCPrivateTwo object-group network DM_INLINE_NETWORK_6 network-object object ABCPrivateOne network-object object ABCPrivateTwo network-object object ABC_Vlan-110 network-object object ABC_Vlan-113 network-object object ABC_Vlan-114 network-object object ABC_Vlan-12 network-object object ABC_Vlan-120 network-object object ABC_Vlan-130 network-object object ABC_Vlan-30 network-object object ABC_Vlan-60 network-object object ABC_Vlan-70 network-object object ABC_Vlan-80 object-group network DM_INLINE_NETWORK_7 network-object object ABCPrivateOne network-object object ABCPrivateTwo object-group network DM_INLINE_NETWORK_8 network-object object ABCPrivateOne network-object object ABCPrivateTwo object-group network VPN_NAT description IPs_That_need_to_be_natted network-object 10.4.4.0 255.255.255.0 network-object object Kit_auto_NAT object-group network DM_INLINE_NETWORK_9 network-object object ATL_Private network-object object ATL_Vlan-50and51and52 network-object object ATL_Vlan-53 network-object object ATL_Vlan-54 network-object object ATL_Vlan-55 network-object object ATL_Vlan-56 access-list Comcast_cryptomap_1 extended permit ip object-group Internal object-group ABC_Internals access-list FiOS_cryptomap_1 extended permit ip object-group DM_INLINE_NETWORK_1 object-group DM_INLINE_NETWORK_2 access-list global_access extended permit ip any any access-list global_access extended permit icmp any any access-list FiOS_access_in extended permit object-group DM_INLINE_PROTOCOL_1 any any access-list Comcast_cryptomap_2 extended permit ip object-group Internal object-group DM_INLINE_NETWORK_5 access-list FiOS_mpc extended permit tcp any any eq ssh access-list All_IP_ATL_ABC remark Vlan_110 access-list All_IP_ATL_ABC standard permit 204.X.X.0.0 255.255.254.0 access-list All_IP_ATL_ABC remark Vlan 113 access-list All_IP_ATL_ABC standard permit 67.X.X.0 255.255.255.0 access-list All_IP_ATL_ABC remark Vlan_114 access-list All_IP_ATL_ABC standard permit 66.X.X.0 255.255.255.0 access-list All_IP_ATL_ABC remark Vlan 120 access-list All_IP_ATL_ABC standard permit 65.X.X.0 255.255.255.0 access-list All_IP_ATL_ABC remark Vlan 130 access-list All_IP_ATL_ABC standard permit 65.X.X.0 255.255.255.0 access-list All_IP_ATL_ABC remark Vlan_30 access-list All_IP_ATL_ABC standard permit 64.X.X.0 255.255.255.0 access-list All_IP_ATL_ABC remark Vlan_60 access-list All_IP_ATL_ABC standard permit 60.X.X.0 255.255.255.0 access-list All_IP_ATL_ABC remark Vlan_70 access-list All_IP_ATL_ABC standard permit 63.X.X.0 255.255.255.0 access-list All_IP_ATL_ABC remark ABC_Priv access-list All_IP_ATL_ABC standard permit 172.21.0.0 255.255.254.0 access-list All_IP_ATL_ABC remark JoKo_Cams access-list All_IP_ATL_ABC standard permit 10.10.25.0 255.255.255.0 access-list All_IP_ATL_ABC remark JoKo_users access-list All_IP_ATL_ABC standard permit 10.4.4.0 255.255.255.0 access-list All_IP_ATL_ABC remark JoKo_MGMT access-list All_IP_ATL_ABC standard permit 10.6.4.0 255.255.255.0 access-list All_IP_ATL_ABC remark JoKo_Prov_Lab access-list All_IP_ATL_ABC standard permit 10.10.50.0 255.255.255.0 access-list All_IP_ATL_ABC remark JoKo_Sec access-list All_IP_ATL_ABC standard permit 10.10.34.0 255.255.255.0 access-list All_IP_ATL_ABC remark ATL_Priv access-list All_IP_ATL_ABC standard permit 172.21.2.0 255.255.255.0 access-list All_IP_ATL_ABC remark Vlan_50-52 access-list All_IP_ATL_ABC standard permit 59.X.X.0 255.255.255.0 access-list All_IP_ATL_ABC remark Vlan_53 access-list All_IP_ATL_ABC standard permit 58.X.X.0 255.255.255.0 access-list All_IP_ATL_ABC remark Vlan_54 access-list All_IP_ATL_ABC standard permit 57.X.X.0 255.255.255.0 access-list All_IP_ATL_ABC remark Vlan_55 access-list All_IP_ATL_ABC standard permit 56.X.X.0 255.255.255.0 access-list All_IP_ATL_ABC remark Vlan_56 access-list All_IP_ATL_ABC standard permit 55.X.X.0 255.255.255.0 access-list All_IP_ATL_ABC remark ABC_Team_Acc access-list All_IP_ATL_ABC standard permit 10.10.75.0 255.255.255.0 access-list All_IP_ATL_ABC remark ABC_WorkBench access-list All_IP_ATL_ABC standard permit 10.10.51.0 255.255.255.0 access-list TW_Only standard permit host 172.21.1.179 access-list TW_Only standard permit host 172.21.1.180 access-list Comcast_cryptomap_3 extended permit ip object-group Internal object NoPo access-list Comcast_cryptomap extended permit ip object-group Internal object-group DM_INLINE_NETWORK_9 no pager logging enable logging asdm informational mtu DataRoom 1500 mtu Game_Access 1500 mtu Kit_Lab 1500 mtu Workbench 1500 mtu NYC_Internal 1500 mtu Team_Access 1500 mtu USF_VPN_NET 1500 mtu Game_Room 1500 mtu Comcast 1500 mtu FiOS 1500 mtu management 1500 no failover no monitor-interface DataRoom no monitor-interface Game_Access no monitor-interface Kit_Lab no monitor-interface Workbench no monitor-interface NYC_Internal no monitor-interface Team_Access no monitor-interface USF_VPN_NET no monitor-interface Game_Room no monitor-interface service-module icmp unreachable rate-limit 1 burst-size 1 no asdm history enable arp timeout 14400 no arp permit-nonconnected arp rate-limit 16384 nat (NYC_Internal,FiOS) source static any any destination static NETWORK_OBJ_10.4.4.192_26 NETWORK_OBJ_10.4.4.192_26 no-proxy-arp route-lookup nat (FiOS,FiOS) source static AnyConnect_DHCP_NOG AnyConnect_DHCP_NOG destination static DM_INLINE_NETWORK_3 DM_INLINE_NETWORK_3 no-proxy-arp nat (NYC_Internal,Comcast) source static Internal Internal destination static ATL_Private ATL_Private nat (NYC_Internal,Comcast) source static Internal Internal destination static ABC_Internals ABC_Internals nat (any,Comcast) source dynamic Internal interface nat (NYC_Internal,Comcast) source static Internal Internal destination static NoPo NoPo no-proxy-arp route-lookup nat (NYC_Internal,Comcast) source static Internal Internal no-proxy-arp route-lookup nat (NYC_Internal,Comcast) source static DM_INLINE_NETWORK_4 DM_INLINE_NETWORK_4 destination static DM_INLINE_NETWORK_6 DM_INLINE_NETWORK_6 no-proxy-arp route-lookup nat (NYC_Internal,Comcast) source static any any no-proxy-arp route-lookup nat (NYC_Internal,FiOS) source static Internal Internal destination static DM_INLINE_NETWORK_7 DM_INLINE_NETWORK_7 no-proxy-arp route-lookup nat (any,Comcast) source static Internal Internal destination static DM_INLINE_NETWORK_8 DM_INLINE_NETWORK_8 no-proxy-arp route-lookup nat (NYC_Internal,FiOS) source static Internal Internal destination static DM_INLINE_NETWORK_8 DM_INLINE_NETWORK_8 no-proxy-arp route-lookup nat (NYC_Internal,Comcast) source static Internal Internal destination static DM_INLINE_NETWORK_9 DM_INLINE_NETWORK_9 no-proxy-arp route-lookup nat (NYC_Internal,Comcast) source static Internal Internal destination static DM_INLINE_NETWORK_5 DM_INLINE_NETWORK_5 no-proxy-arp route-lookup nat (NYC_Internal,Comcast) source static any any destination static NETWORK_OBJ_10.4.4.192_26 NETWORK_OBJ_10.4.4.192_26 no-proxy-arp route-lookup ! object network Kit nat (any,Comcast) dynamic interface ! nat (any,FiOS) after-auto source dynamic Internal interface access-group FiOS_access_in in interface FiOS access-group global_access global route FiOS 0.0.0.0 0.0.0.0 47.X.X.1 1 route Comcast 0.0.0.0 0.0.0.0 96.X.X.214 254 timeout xlate 3:00:00 timeout pat-xlate 0:00:30 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 timeout conn-holddown 0:00:15 timeout igp stale-route 0:01:10 user-identity default-domain LOCAL aaa authentication login-history http server enable http 10.4.4.0 255.255.255.0 management http 10.6.4.0 255.255.255.0 management http 10.4.4.0 255.255.255.0 NYC_Internal http 0.0.0.0 0.0.0.0 Comcast no snmp-server location no snmp-server contact sla monitor 10 type echo protocol ipIcmpEcho 47.X.X.1 interface FiOS frequency 5 sla monitor schedule 10 life forever start-time now crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transport crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transport crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transport crypto ipsec ikev2 ipsec-proposal AES256 protocol esp encryption aes-256 protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES192 protocol esp encryption aes-192 protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES protocol esp encryption aes protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal 3DES protocol esp encryption 3des protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal DES protocol esp encryption des protocol esp integrity sha-1 md5 crypto ipsec security-association pmtu-aging infinite crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES crypto map FiOS_map 2 match address FiOS_cryptomap_1 crypto map FiOS_map 2 set peer 192.X.X.1 crypto map FiOS_map 2 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 crypto map FiOS_map 2 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES crypto map outside_map 4 match address Comcast_cryptomap_3 crypto map outside_map 4 set peer 96.X.X.73 crypto map outside_map 4 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 crypto map outside_map 4 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES crypto map outside_map interface FiOS crypto map Comcast_map 1 match address Comcast_cryptomap crypto map Comcast_map 1 set peer 68.X.X.1 crypto map Comcast_map 1 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 crypto map Comcast_map 1 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES crypto map Comcast_map 2 match address Comcast_cryptomap_2 crypto map Comcast_map 2 set peer 192.X.X.57 crypto map Comcast_map 2 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 crypto map Comcast_map 2 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES crypto map Comcast_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP crypto map Comcast_map interface Comcast crypto ca trustpoint ASDM_TrustPoint0 enrollment self subject-name CN=JoKo-ASA crl configure crypto ca trustpool policy crypto ca certificate chain ASDM_TrustPoint0 certificate e633aa5e 308202dc 308201c4 a0030201 020204e6 33aa5e30 0d06092a 864886f7 0d01010b 05003030 3111300f 06035504 0313084e 6f4b6f2d 41534131 1b301906 092a8648 86f70d01 0902160c 4e6f4b6f 2d415341 2e4c5356 301e170d 32303037 30393230 31313531 5a170d33 30303730 37323031 3135315a 30303111 300f0603 55040313 084e6f4b 6f2d4153 41311b30 1906092a 864886f7 0d010902 160c4e6f 4b6f2d41 53412e4c 53563082 0122300d 06092a86 4886f70d 01010105 00038201 0f003082 010a0282 010100ad 35345b10 d3aa4f67 68482913 510db797 f7444df7 22e92721 73aff6f3 8cb645e5 f28b2d10 8c34b9fc 3e7141bf bc8b786b 4d0fc3f5 be90a208 28108925 f2ee495e eb159666 310cc23f d76439c4 bb5d5413 d2f0d759 664339f2 4487a37d 57131fa6 2c8b171c 69d6130f 94ca0535 d87c7934 7ee43ede 1b039afb 65f57c59 5163ee47 f1df3260 a2c07050 d82d8b39 8244f35c 30f0beec 8dbc2f1a ed1cfbff f6122d17 7d93307d 91b3c1d6 22bd48a2 4061d0cb ad856f33 d010e78d 6e156648 de6177d6 9ce1be5e 6eaaaa43 5cde9a50 9af93781 1518203b e79b18dc 7ce280fb 195ff70d 3b7c5024 60d34fb0 ec2f4fb1 0244ca98 97b3d1ee 79c07c7e 6df95515 63226702 03010001 300d0609 2a864886 f70d0101 0b050003 82010100 42462663 06b74d1c e53626dd 2081fa77 3f0f94e5 b2fcbb1f 81a29357 a418b93c 7599bf0e c8b32aa2 0bbe1a35 47821dbc 5433349d 18fa3aa0 b0856f62 cbf00e97 0dec39ca e73d573c 378bf986 a97b8cfd 90753f87 3fc72cfa 68891d47 b0fe1017 8adeca72 ff973f1b b626fac3 608c5279 18e8d495 53a157c2 f855f126 e47e683f a91c2db0 850c59f6 c032c754 f95016e7 fff55d88 5789d706 0dab6d60 a9ec85b7 466e6e38 4ca16d10 b872bcce aa45feeb 7bbf6192 28960475 2cee04af ad5f4fda c2eb3d0f a9165825 9441f1ec 6c1ced63 c3703d5f dcf8d137 4b9bd436 0fb0ce27 c6c44f65 fb2c05e9 1c02d7f3 d3fc15cd bd17d7dc 0c35a522 ef01328a e57c6fee quit crypto ikev2 policy 1 encryption aes-256 integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 20 encryption aes integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 30 encryption 3des integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 40 encryption des integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 enable NYC_Internal crypto ikev2 enable Comcast client-services port 443 crypto ikev2 enable FiOS crypto ikev2 remote-access trustpoint ASDM_TrustPoint0 crypto ikev1 enable NYC_Internal crypto ikev1 enable Comcast crypto ikev1 enable FiOS crypto ikev1 policy 30 authentication pre-share encryption aes-256 hash md5 group 2 lifetime 86400 ! track 1 rtr 10 reachability telnet timeout 5 ssh stricthostkeycheck ssh 10.4.4.0 255.255.255.0 NYC_Internal ssh 10.6.4.0 255.255.255.0 management ssh timeout 5 ssh version 2 ssh key-exchange group dh-group1-sha1 console timeout 0 dhcpd address 10.10.25.140-10.10.25.150 DataRoom dhcpd dns 8.8.8.8 8.8.4.4 interface DataRoom dhcpd lease 86400 interface DataRoom dhcpd enable DataRoom ! dhcpd address 10.10.34.10-10.10.34.50 Game_Access dhcpd dns 8.8.8.8 8.8.4.4 interface Game_Access dhcpd lease 86400 interface Game_Access dhcpd enable Game_Access ! dhcpd address 10.10.51.10-10.10.51.254 Workbench dhcpd dns 8.8.8.8 8.8.4.4 interface Workbench dhcpd lease 86400 interface Workbench dhcpd enable Workbench ! dhcpd address 10.4.4.20-10.4.4.199 NYC_Internal dhcpd dns 10.4.4.201 10.4.4.202 interface NYC_Internal dhcpd wins 10.4.4.201 10.4.4.202 interface NYC_Internal dhcpd lease 86400 interface NYC_Internal dhcpd enable NYC_Internal ! dhcpd address 10.10.75.50-10.10.75.200 Team_Access dhcpd dns 8.8.8.8 8.8.4.4 interface Team_Access dhcpd lease 86400 interface Team_Access dhcpd enable Team_Access ! dhcpd address 10.5.5.10-10.5.5.30 USF_VPN_NET dhcpd dns 8.8.8.8 8.8.4.4 interface USF_VPN_NET dhcpd lease 86400 interface USF_VPN_NET dhcpd enable USF_VPN_NET ! dhcpd address 10.10.100.100-10.10.100.200 Game_Room dhcpd dns 8.8.8.8 8.8.4.4 interface Game_Room dhcpd lease 86400 interface Game_Room dhcpd enable Game_Room ! threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept ssl trust-point ASDM_TrustPoint0 Comcast ssl trust-point ASDM_TrustPoint0 FiOS webvpn enable Comcast enable FiOS anyconnect-essentials anyconnect image disk0:/anyconnect-linux64-4.7.03052-webdeploy-k9.pkg 1 anyconnect image disk0:/anyconnect-macos-4.7.03052-webdeploy-k9.pkg 2 anyconnect image disk0:/anyconnect-win-4.7.03052-webdeploy-k9.pkg 3 anyconnect profiles AnyConnect_Comcast_client_profile disk0:/AnyConnect_Comcast_client_profile.xml anyconnect enable tunnel-group-list enable cache disable error-recovery disable group-policy TW_Only internal group-policy TW_Only attributes split-tunnel-policy tunnelspecified split-tunnel-network-list value TW_Only group-policy GroupPolicy_192.X.X.57 internal group-policy GroupPolicy_192.X.X.57 attributes vpn-tunnel-protocol ikev1 ikev2 group-policy GroupPolicy_Remote internal group-policy GroupPolicy_Remote attributes wins-server value 10.4.4.202 dns-server value 10.4.4.201 10.4.4.202 vpn-tunnel-protocol ssl-client split-tunnel-policy tunnelall split-tunnel-network-list value All_IP_ATL_ABC default-domain value NYC group-policy GroupPolicy_64.X.X.226_Comcast internal group-policy GroupPolicy_64.X.X.226_Comcast attributes vpn-tunnel-protocol ikev1 ikev2 group-policy GroupPolicy_AnyConnect_Comcast internal group-policy GroupPolicy_AnyConnect_Comcast attributes wins-server value 10.4.4.202 dns-server value 10.4.4.201 10.4.4.202 vpn-tunnel-protocol ikev2 ssl-client split-tunnel-policy tunnelall default-domain value NYC webvpn anyconnect profiles value AnyConnect_Comcast_client_profile type user group-policy GroupPolicy_96.X.X.73 internal group-policy GroupPolicy_96.X.X.73 attributes vpn-tunnel-protocol ikev1 ikev2 group-policy GroupPolicy_68.X.X.1 internal group-policy GroupPolicy_68.X.X.1 attributes vpn-tunnel-protocol ikev1 ikev2 dynamic-access-policy-record DfltAccessPolicy *****Usernames Removed**** service-type remote-access tunnel-group 192.X.X.57 type ipsec-l2l tunnel-group 192.X.X.57 general-attributes default-group-policy GroupPolicy_192.X.X.57 tunnel-group 192.X.X.57 ipsec-attributes ikev1 pre-shared-key ***** ikev2 remote-authentication pre-shared-key ***** ikev2 local-authentication pre-shared-key ***** tunnel-group 68.X.X.1 type ipsec-l2l tunnel-group 68.X.X.1 general-attributes default-group-policy GroupPolicy_68.X.X.1 tunnel-group 68.X.X.1 ipsec-attributes ikev1 pre-shared-key ***** ikev2 remote-authentication pre-shared-key ***** ikev2 local-authentication pre-shared-key ***** tunnel-group Remote type remote-access tunnel-group Remote general-attributes address-pool AnyConnect_IPs default-group-policy GroupPolicy_Remote tunnel-group Remote webvpn-attributes group-alias Remote enable tunnel-group 96.X.X.73 type ipsec-l2l tunnel-group 96.X.X.73 general-attributes default-group-policy GroupPolicy_96.X.X.73 tunnel-group 96.X.X.73 ipsec-attributes ikev1 pre-shared-key ***** ikev2 remote-authentication pre-shared-key ***** ikev2 local-authentication pre-shared-key ***** tunnel-group Comcast_to_ABC type ipsec-l2l tunnel-group Comcast_to_ABC general-attributes default-group-policy GroupPolicy_64.X.X.226_Comcast tunnel-group Comcast_to_ABC ipsec-attributes ikev1 pre-shared-key ***** ikev2 remote-authentication pre-shared-key ***** ikev2 local-authentication pre-shared-key ***** tunnel-group AnyConnect_Comcast type remote-access tunnel-group AnyConnect_Comcast general-attributes address-pool AnyConnect_IPs default-group-policy GroupPolicy_AnyConnect_Comcast tunnel-group AnyConnect_Comcast webvpn-attributes group-alias AnyConnect_Comcast enable ! class-map inspection_default match default-inspection-traffic class-map FiOS_SSH_Class match access-list FiOS_mpc ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum client auto message-length maximum 512 no tcp-inspection policy-map global_policy class inspection_default inspect ftp inspect h323 h225 inspect h323 ras inspect ip-options inspect netbios inspect rsh inspect rtsp inspect skinny inspect esmtp inspect sqlnet inspect sunrpc inspect tftp inspect sip inspect xdmcp inspect dns preset_dns_map inspect icmp policy-map type inspect dns migrated_dns_map_2 parameters message-length maximum client auto message-length maximum 512 no tcp-inspection policy-map type inspect dns migrated_dns_map_1 parameters message-length maximum client auto message-length maximum 512 no tcp-inspection policy-map FiOS_SSH_policy description Extend_SSH_TimeOut_To_3hr class FiOS_SSH_Class set connection timeout idle 72:00:00 reset ! service-policy global_policy global service-policy FiOS_SSH_policy interface FiOS prompt hostname context no call-home reporting anonymous call-home profile CiscoTAC-1 no active destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address email callhome@cisco.com destination transport-method http subscribe-to-alert-group diagnostic subscribe-to-alert-group environment subscribe-to-alert-group inventory periodic monthly subscribe-to-alert-group configuration periodic monthly subscribe-to-alert-group telemetry periodic daily Cryptochecksum:cfe08e2e56fd222fd1fb37a016422565 : end