=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2015.11.19 17:59:19 =~=~=~=~=~=~=~=~=~=~=~= sh run : Saved : : Serial Number: FCH18487AUC : Hardware: ASA5512, 4096 MB RAM, CPU Clarkdale 2793 MHz, 1 CPU (2 cores) : ASA Version 9.2(2)4 ! hostname axletech domain-name axletech.in enable password XWHpXUKlE815xncu encrypted names ! interface GigabitEthernet0/0 nameif outside security-level 0 ip address 49.248.250.98 255.255.255.252 ! interface GigabitEthernet0/1 nameif inside security-level 100 ip address 10.0.64.1 255.255.255.0 ! interface GigabitEthernet0/2 shutdown no nameif <--- More ---> no security-level no ip address ! interface GigabitEthernet0/3 shutdown no nameif no security-level no ip address ! interface GigabitEthernet0/4 shutdown no nameif no security-level no ip address ! interface GigabitEthernet0/5 shutdown no nameif no security-level no ip address ! interface Management0/0 management-only nameif management <--- More ---> security-level 100 ip address 192.168.1.1 255.255.255.0 ! boot system disk0:/asa922-4-smp-k8.bin ftp mode passive dns server-group DefaultDNS domain-name axletech.in object network Remote-vpnip host 63.124.2.202 object network Inside-Network subnet 10.0.64.0 255.255.255.0 object network VPN subnet 10.0.64.0 255.255.224.0 object-group service Internet-udp udp description UDP Standard Internet Services port-object eq domain port-object eq ntp port-object eq isakmp port-object eq 4500 object-group service Internet-tcp tcp description TCP Standard Internet Services port-object eq www port-object eq https port-object eq smtp <--- More ---> port-object eq 465 port-object eq pop3 port-object eq 995 port-object eq ftp port-object eq ftp-data port-object eq domain port-object eq ssh port-object eq telnet object-group protocol DM_INLINE_PROTOCOL_1 protocol-object ip protocol-object icmp object-group protocol DM_INLINE_PROTOCOL_2 protocol-object ip protocol-object icmp object-group protocol DM_INLINE_PROTOCOL_3 protocol-object ip protocol-object icmp object-group protocol DM_INLINE_PROTOCOL_4 protocol-object ip protocol-object icmp access-list inside-in remark -=[Access Lists For Outgoing Packets from Inside interface]=- access-list inside_access_out extended permit object-group DM_INLINE_PROTOCOL_1 any any access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_2 any any access-list outside_access_in extended permit object-group DM_INLINE_PROTOCOL_3 any any <--- More ---> access-list outside_access_in extended permit icmp any object VPN access-list outside_access_in extended permit udp any any eq isakmp access-list outside_access_out extended permit object-group DM_INLINE_PROTOCOL_4 any any access-list outside_access_out extended permit udp any any eq isakmp access-list outside_cryptomap extended permit ip object VPN any4 access-list Inside_access_in extended permit ip any object VPN pager lines 24 logging enable logging asdm informational mtu outside 1500 mtu inside 1500 mtu management 1500 icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-7221.bin no asdm history enable arp timeout 14400 no arp permit-nonconnected ! object network Inside-Network nat (inside,outside) dynamic interface object network VPN nat (inside,outside) dynamic interface access-group outside_access_in in interface outside access-group outside_access_out out interface outside <--- More ---> access-group inside_access_in in interface inside access-group inside_access_out out interface inside route outside 0.0.0.0 0.0.0.0 49.248.250.97 1 timeout xlate 3:00:00 timeout pat-xlate 0:00:30 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 dynamic-access-policy-record DfltAccessPolicy user-identity default-domain LOCAL aaa authentication telnet console LOCAL aaa authentication http console LOCAL aaa authentication ssh console LOCAL http server enable http 192.168.1.0 255.255.255.0 management http 10.0.96.0 255.255.224.0 inside http 0.0.0.0 0.0.0.0 outside no snmp-server location no snmp-server contact crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac <--- More ---> crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transport crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transport crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac <--- More ---> crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transport crypto ipsec ikev2 ipsec-proposal DES protocol esp encryption des protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal 3DES protocol esp encryption 3des protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES protocol esp encryption aes protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES192 protocol esp encryption aes-192 protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES256 protocol esp encryption aes-256 protocol esp integrity sha-1 md5 crypto ipsec security-association pmtu-aging infinite crypto map outside_map 1 match address outside_cryptomap crypto map outside_map 1 set pfs group5 crypto map outside_map 1 set peer 63.124.2.202 crypto map outside_map 1 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 <--- More ---> crypto map outside_map 1 set ikev2 ipsec-proposal AES AES192 AES256 DES 3DES crypto map outside_map interface outside crypto ca trustpool policy crypto ikev2 policy 10 encryption aes integrity sha256 group 5 prf sha lifetime seconds 28800 crypto ikev2 enable outside crypto ikev1 enable outside crypto ikev1 policy 10 authentication pre-share encryption aes hash sha group 5 lifetime 28800 telnet 10.0.96.0 255.255.224.0 inside telnet timeout 5 no ssh stricthostkeycheck ssh 49.248.250.96 255.255.255.252 outside ssh 0.0.0.0 0.0.0.0 outside ssh 0.0.0.0 0.0.0.0 inside ssh timeout 5 <--- More ---> ssh key-exchange group dh-group1-sha1 console timeout 0 dhcpd dns 8.8.8.8 202.149.208.91 dhcpd option 3 ip 10.0.64.1 ! dhcpd address 10.0.64.31-10.0.64.100 inside dhcpd enable inside ! dhcpd address 192.168.1.2-192.168.1.254 management dhcpd enable management ! threat-detection basic-threat threat-detection statistics host threat-detection statistics access-list no threat-detection statistics tcp-intercept ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1 group-policy GroupPolicy_63.124.2.202 internal group-policy GroupPolicy_63.124.2.202 attributes vpn-tunnel-protocol ikev1 ikev2 username sarojp password w355y6oFsFyWg5/2 encrypted privilege 15 username admin password wq8x9lH2B09N7YqJ encrypted privilege 15 username ciscoadmin password W0ATeFBkCO3ErmVn encrypted tunnel-group 63.124.2.202 type ipsec-l2l tunnel-group 63.124.2.202 general-attributes <--- More ---> default-group-policy GroupPolicy_63.124.2.202 tunnel-group 63.124.2.202 ipsec-attributes ikev1 pre-shared-key ***** ikev2 remote-authentication pre-shared-key ***** ikev2 local-authentication pre-shared-key ***** ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum client auto message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet <--- More ---> inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect ip-options ! service-policy global_policy global prompt hostname context no call-home reporting anonymous Cryptochecksum:15b193b758bcc7a6d2eb6dc1e1b31249 : end axletech# exit Logoff