ASA1# sho run : Saved : ASA Version 9.1(2) ! hostname ASA1 domain-name TEST1.CA enable password 8Ry2YjIyt7RRXU24 encrypted names ! interface GigabitEthernet0/0 nameif Outside security-level 100 ip address 7.0.0.2 255.255.255.0 ! interface GigabitEthernet0/1 nameif AS1toR1 security-level 50 ip address 1.0.0.2 255.255.255.0 ! interface GigabitEthernet0/2 nameif AS1toR2 security-level 50 ip address 3.0.0.2 255.255.255.0 ! interface GigabitEthernet0/3 shutdown no nameif no security-level no ip address ! interface GigabitEthernet0/4 shutdown no nameif no security-level no ip address ! interface GigabitEthernet0/5 shutdown no nameif no security-level no ip address ! interface Management0/0 management-only nameif management security-level 0 ip address 192.168.1.1 255.255.255.0 ! ftp mode passive dns domain-lookup Outside dns domain-lookup AS1toR1 dns domain-lookup AS1toR2 dns domain-lookup management dns server-group DefaultDNS name-server 201.201.201.201 domain-name TEST1.CA same-security-traffic permit inter-interface same-security-traffic permit intra-interface object-group network DM_INLINE_NETWORK_456 network-object 4.0.0.0 255.255.255.0 network-object 5.0.0.0 255.255.255.0 network-object 6.0.0.0 255.255.255.0 object-group network DM_INLINE_NETWORK_1 network-object 1.0.0.0 255.255.255.0 object-group network DM_INLINE_NETWORK_3 network-object 3.0.0.0 255.255.255.0 access-list HEADEND extended permit ip any any access-list Outside_access_out extended permit icmp any4 any4 access-list Outside_access_out extended permit ip any any access-list Outside_access_in extended permit icmp any4 any4 access-list Outside_access_in extended permit ip any any access-list Outside_access_in_1 extended permit icmp any4 any4 access-list Outside_access_in_1 extended permit ip any any access-list AS1toR2_access_in extended permit icmp any4 any4 access-list AS1toR2_access_in extended permit ip any any access-list AS1toR1_access_in extended permit icmp any4 any4 access-list AS1toR1_access_in extended permit ip any any access-list AS1toR1_access_in_1 extended permit icmp any4 any4 access-list AS1toR1_access_in_1 extended permit ip any any access-list AS1toR2_access_in_1 extended permit icmp any4 any4 access-list AS1toR2_access_in_1 extended permit ip any any access-list Outside_access_in_2 extended permit icmp any4 any4 access-list Outside_access_in_2 extended permit ip any any access-list 101 extended permit ip 9.0.0.0 255.255.255.0 8.0.0.0 255.255.255.0 access-list 101 extended deny ip 9.0.0.0 255.255.255.0 8.0.0.0 255.255.255.0 access-list 101 extended permit ip 9.0.0.0 255.255.255.0 any access-list 111 extended permit ip 5.0.0.0 255.255.255.0 8.0.0.0 255.255.255.0 access-list 111 extended deny ip 5.0.0.0 255.255.255.0 8.0.0.0 255.255.255.0 access-list 111 extended permit ip 5.0.0.0 255.255.255.0 any nat (AS1toR1,outside) source static DM_INLINE_NETWORK_1 DM_INLINE_NETWORK_1 destination static DM_INLINE_NETWORK_456 DM_INLINE_NETWORK_456 no-proxy-arp nat (AS1toR2,outside) source static DM_INLINE_NETWORK_3 DM_INLINE_NETWORK_1 destination static DM_INLINE_NETWORK_456 DM_INLINE_NETWORK_456 no-proxy-arp nat (outside,outside) source static DM_INLINE_NETWORK_456 DM_INLINE_NETWORK_456 destination static DM_INLINE_NETWORK_456 DM_INLINE_NETWORK_456 pager lines 24 logging enable logging asdm informational mtu Outside 1500 mtu AS1toR1 1500 mtu AS1toR2 1500 mtu management 1500 no failover icmp unreachable rate-limit 1 burst-size 1 no asdm history enable arp timeout 14400 no arp permit-nonconnected access-group Outside_access_in_2 in interface Outside access-group AS1toR1_access_in_1 in interface AS1toR1 access-group AS1toR2_access_in_1 in interface AS1toR2 ! ! ! router ospf 1 network 1.0.0.0 255.255.255.0 area 0 network 3.0.0.0 255.255.255.0 area 0 network 7.0.0.0 255.255.255.0 area 0 log-adj-changes ! route Outside 0.0.0.0 0.0.0.0 7.0.0.1 route Outside 5.0.0.0 255.255.255.0 7.0.0.1 route Outside 6.0.0.0 255.255.255.0 7.0.0.1 route Outside 9.0.0.0 255.255.255.0 7.0.0.1 timeout xlate 3:00:00 timeout pat-xlate 0:00:30 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 dynamic-access-policy-record DfltAccessPolicy network-acl HEADEND user-identity default-domain LOCAL eou allow none http server enable http 192.168.1.2 255.255.255.255 management no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart sysopt connection preserve-vpn-flows crypto ipsec ikev1 transform-set MAPVPN esp-3des esp-md5-hmac crypto ipsec security-association pmtu-aging infinite crypto dynamic-map DYNMAP 10 set ikev1 transform-set MAPVPN crypto dynamic-map DYNMAP 10 set reverse-route crypto map VPN 10 ipsec-isakmp dynamic DYNMAP crypto map VPN interface Outside crypto ca trustpool policy crypto ikev1 enable Outside crypto ikev1 policy 10 authentication pre-share encryption 3des hash md5 group 2 lifetime 86400 telnet timeout 5 ssh timeout 5 ssh key-exchange group dh-group1-sha1 console timeout 0 vpn-addr-assign local reuse-delay 30 vpn load-balancing interface lbpublic Outside interface lbprivate AS1toR1 threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept webvpn enable Outside no anyconnect-essentials group-policy DfltGrpPolicy attributes wins-server value 10.10.10.10 dns-server value 201.201.201.201 vpn-idle-timeout none vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-clientless split-tunnel-network-list value HEADEND default-domain value TEST1.CA webvpn activex-relay disable tunnel-group DefaultL2LGroup ipsec-attributes ikev1 pre-shared-key ***** tunnel-group DefaultRAGroup general-attributes secondary-authentication-server-group LOCAL authorization-server-group LOCAL nat-assigned-to-public-ip Outside tunnel-group DefaultRAGroup ipsec-attributes peer-id-validate nocheck ikev1 user-authentication none tunnel-group DefaultWEBVPNGroup general-attributes secondary-authentication-server-group LOCAL tunnel-group DefaultWEBVPNGroup ipsec-attributes ikev1 user-authentication none ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum client auto message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect ip-options inspect netbios inspect rsh inspect rtsp inspect skinny inspect esmtp inspect sqlnet inspect sunrpc inspect tftp inspect sip inspect xdmcp ! service-policy global_policy global prompt hostname context no call-home reporting anonymous call-home profile CiscoTAC-1 no active destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address email callhome@cisco.com destination transport-method http subscribe-to-alert-group diagnostic subscribe-to-alert-group environment subscribe-to-alert-group inventory periodic monthly 24 subscribe-to-alert-group configuration periodic monthly 24 subscribe-to-alert-group telemetry periodic daily Cryptochecksum:8145197ce8f1db7b8b762c1e28f8f6b0 : end ASA1#