: Saved : Written by enable_15 at 17:03:44.930 UTC Thu Nov 11 2021 ! ASA Version 9.1(5) ! hostname ciscoasa enable password 8Ry2YjIyt7RRXU24 encrypted xlate per-session deny tcp any4 any4 xlate per-session deny tcp any4 any6 xlate per-session deny tcp any6 any4 xlate per-session deny tcp any6 any6 xlate per-session deny udp any4 any4 eq domain xlate per-session deny udp any4 any6 eq domain xlate per-session deny udp any6 any4 eq domain xlate per-session deny udp any6 any6 eq domain passwd 2KFQnbNIdI.2KYOU encrypted names dns-guard ip local pool ANYCONNECT-POOL 10.249.249.1-10.249.249.100 mask 255.255.255.0 ip local pool ANYCONNECT-POOL1 10.248.248.1-10.248.248.100 mask 255.255.255.0 ip local pool AnyConnect-Pool2 10.247.247.2-10.247.247.10 mask 255.255.255.0 ! interface Ethernet0/0 nameif outside security-level 0 ip address 192.168.0.201 255.255.255.0 ! interface Ethernet0/1 nameif inside security-level 100 ip address 10.10.10.1 255.255.255.0 ! interface Ethernet0/2 shutdown no nameif no security-level no ip address ! interface Ethernet0/3 shutdown no nameif no security-level no ip address ! interface Management0/0 management-only nameif management security-level 100 ip address 192.168.1.1 255.255.255.0 ! boot system disk0:/asa915-k8.bin ftp mode passive object network Obj-0.0.0.0 subnet 0.0.0.0 0.0.0.0 description anyting in inside network object network OBJ_Specific_192.168.100.0 subnet 192.168.100.0 255.255.255.0 description VLAN 100 behand the HP switch object network OBJ_Specific_192.168.200.0 subnet 192.168.200.0 255.255.255.0 description VLAN 200 behind the HP switch object network 192.168.0.5 host 192.168.0.5 description Rogers Modem router private spare IP object network 192.168.0.4 host 192.168.0.4 object network Obj_10.10.10.0 subnet 10.10.10.0 255.255.255.0 object network HPE_2920_VLAN1 host 10.10.10.254 description HPE 2920 VLAN1 object network NETWORK_OBJ_10.249.249.0_25 subnet 10.249.249.0 255.255.255.128 object network NETWORK_OBJ_10.248.248.0_25 subnet 10.248.248.0 255.255.255.128 object network NETWORK_OBJ_10.247.247.0_28 subnet 10.247.247.0 255.255.255.240 access-list SPLIT_TUNNEL standard permit 10.10.10.0 255.255.255.0 access-list AnyConnect_Client_Local_Print extended deny ip any4 any4 access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq lpd access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 631 access-list AnyConnect_Client_Local_Print remark Windows' printing port access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 9100 access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol access-list AnyConnect_Client_Local_Print extended permit udp any4 host 224.0.0.251 eq 5353 access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name Resolution protocol access-list AnyConnect_Client_Local_Print extended permit udp any4 host 224.0.0.252 eq 5355 access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 137 access-list AnyConnect_Client_Local_Print extended permit udp any4 any4 eq netbios-ns pager lines 24 logging asdm informational mtu outside 1500 mtu inside 1500 mtu management 1500 no failover icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-761.bin no asdm history enable arp timeout 14400 no arp permit-nonconnected nat (inside,any) source dynamic OBJ_Specific_192.168.100.0 192.168.0.5 nat (inside,any) source dynamic OBJ_Specific_192.168.200.0 192.168.0.4 nat (inside,outside) source dynamic Obj_10.10.10.0 interface nat (inside,outside) source static any any destination static NETWORK_OBJ_10.249.249.0_25 NETWORK_OBJ_10.249.249.0_25 no-proxy-arp route-lookup nat (inside,outside) source static any any destination static NETWORK_OBJ_10.248.248.0_25 NETWORK_OBJ_10.248.248.0_25 no-proxy-arp route-lookup nat (inside,outside) source static any any destination static NETWORK_OBJ_10.247.247.0_28 NETWORK_OBJ_10.247.247.0_28 no-proxy-arp route-lookup ! object network Obj-0.0.0.0 nat (inside,outside) dynamic interface route outside 0.0.0.0 0.0.0.0 192.168.0.1 1 route inside 192.168.100.0 255.255.255.0 10.10.10.254 1 route inside 192.168.200.0 255.255.255.0 10.10.10.254 1 route inside 0.0.0.0 0.0.0.0 10.10.10.254 tunneled timeout xlate 3:00:00 timeout pat-xlate 0:00:30 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 dynamic-access-policy-record DfltAccessPolicy user-identity default-domain LOCAL aaa authentication ssh console LOCAL http server enable http 192.168.1.0 255.255.255.0 management http 10.10.10.0 255.255.255.0 inside no snmp-server location no snmp-server contact crypto ipsec security-association pmtu-aging infinite crypto ca trustpool policy telnet timeout 5 ssh stricthostkeycheck ssh 10.10.10.0 255.255.255.0 inside ssh 192.168.200.0 255.255.255.0 inside ssh timeout 5 ssh key-exchange group dh-group1-sha1 console timeout 0 dhcpd address 192.168.1.2-192.168.1.254 management dhcpd enable management ! threat-detection statistics access-list no threat-detection statistics tcp-intercept webvpn enable outside anyconnect image disk0:/anyconnect-win-4.8.01090-webdeploy-k9.pkg 1 anyconnect enable tunnel-group-list enable group-policy GroupPolicy_RichardHomeVPN internal group-policy GroupPolicy_RichardHomeVPN attributes wins-server none dns-server value 8.8.8.8 vpn-tunnel-protocol ssl-client default-domain value RichardHomeVPM.net group-policy GroupPolicy_RichardVPN_SplitTunnel internal group-policy GroupPolicy_RichardVPN_SplitTunnel attributes wins-server none dns-server value 8.8.8.8 vpn-tunnel-protocol ssl-client split-tunnel-policy tunnelspecified split-tunnel-network-list value SPLIT_TUNNEL default-domain value RichardHome.Net split-tunnel-all-dns disable username wenjiang password jsk00xIcRYyQNgHe encrypted username cisco password x.vVS4uhbeBdto2w encrypted privilege 15 username cisco attributes password-storage disable username richardlai password CJKRvYu6tR8oRxIT encrypted tunnel-group RichardHomeVPN type remote-access tunnel-group RichardHomeVPN general-attributes address-pool ANYCONNECT-POOL default-group-policy GroupPolicy_RichardHomeVPN tunnel-group RichardHomeVPN webvpn-attributes group-alias RichardHomeVPN enable tunnel-group RichardVPN_SplitTunnel type remote-access tunnel-group RichardVPN_SplitTunnel general-attributes address-pool ANYCONNECT-POOL1 default-group-policy GroupPolicy_RichardVPN_SplitTunnel tunnel-group RichardVPN_SplitTunnel webvpn-attributes group-alias RichardVPN_SplitTunnel enable ! class-map inspection_default match default-inspection-traffic ! ! policy-map global_policy class inspection_default inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect ip-options inspect icmp inspect icmp error ! service-policy global_policy global prompt hostname context no call-home reporting anonymous call-home profile CiscoTAC-1 no active destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address email callhome@cisco.com destination transport-method http subscribe-to-alert-group diagnostic subscribe-to-alert-group environment subscribe-to-alert-group inventory periodic monthly subscribe-to-alert-group configuration periodic monthly subscribe-to-alert-group telemetry periodic daily Cryptochecksum:2db3430f15bd726c167c857387d0da3d : end