ASA Version 9.5(2)2 ! xlate per-session deny tcp any4 any4 xlate per-session deny tcp any4 any6 xlate per-session deny tcp any6 any4 xlate per-session deny tcp any6 any6 xlate per-session deny udp any4 any4 eq domain xlate per-session deny udp any4 any6 eq domain xlate per-session deny udp any6 any4 eq domain xlate per-session deny udp any6 any6 eq domain ip local pool SidenisAG-RA-Pool 192.168.128.1-192.168.128.254 mask 255.255.255.0 ! interface GigabitEthernet0/0 nameif outside security-level 0 ip address XXXXXXXXXXXX ! interface GigabitEthernet0/1 nameif dmz security-level 80 ip address XXXXXXXXXXXX 255.255.255.240 ! interface GigabitEthernet0/2 nameif inside security-level 100 ip address 192.168.10.97 255.255.255.0 ! interface GigabitEthernet0/3 shutdown no nameif no security-level no ip address ! interface GigabitEthernet0/4 shutdown no nameif no security-level no ip address ! interface GigabitEthernet0/5 shutdown no nameif no security-level no ip address ! interface Management0/0 management-only nameif management security-level 90 ip address dhcp setroute ! same-security-traffic permit intra-interface object network sidenis_zur_vpn_net subnet 192.168.128.0 255.255.255.0 object network inside_net subnet 192.168.10.0 255.255.255.0 object network dmz_net subnet 91.250.73.96 255.255.255.240 object network outside_net subnet 176.28.61.216 255.255.255.248 object network SwissReVDWP host 193.246.XXX.XX object network SwissReVWP host 193.246.XXX.XX object network SwissReLegacy host 193.246.XXX.XX object-group network all_vpn network-object object sidenis_spb_inside_net network-object object sidenis_zur_vpn_net object-group network Remote_Access_VPN_Pool network-object object sidenis_zur_vpn_net object-group network SwissReVW network-object object SwissReLegacy network-object object SwissReVDWP network-object object SwissReVWP access-list outside_access_in extended permit ip object-group HostEurope_Support any4 access-list outside_access_in extended permit ip object-group HostEurope_Services any4 access-list outside_access_in extended permit ip object-group PlusServer_Services any access-list outside_access_in extended permit icmp any4 any4 access-list outside_access_in extended permit tcp any4 object-group DM_INLINE_NETWORK_3 object-group DM_INLINE_TCP_1 access-list outside_access_in extended permit tcp any object-group DM_INLINE_NETWORK_12 eq https access-list outside_access_in extended permit tcp any4 object git-server eq ssh log debugging access-list outside_access_in extended permit object mongodb object-group actus.cloud object-group DM_INLINE_NETWORK_5 log debugging access-list outside_access_in extended permit ip object Azure_net object inside_net access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_2 any4 object he-lin-web-1 log debugging access-list outside_access_in extended permit object mssql object-group DM_INLINE_NETWORK_8 object he-win-sql1 access-list outside_access_in extended permit ip object-group SwissReVW any access-list outside_access_in extended permit ip object sidenis_zur_vpn_net any access-list outside_access_in extended deny ip any any log debugging access-list outside_1_cryptomap extended permit ip object-group DM_INLINE_NETWORK_2 object sidenis_zur_inside_net access-list outside_2_cryptomap extended permit ip object-group DM_INLINE_NETWORK_4 object-group Sidenis_VPN_St_Petersburg access-list SidenisAG_splitTunnelAcl standard permit 91.250.73.96 255.255.255.240 access-list SidenisAG_splitTunnelAcl remark SystemorphAG_VPN-Netze access-list SidenisAG_splitTunnelAcl standard permit 10.169.57.0 255.255.255.0 access-list SidenisAG_splitTunnelAcl standard permit 172.16.0.0 255.255.255.0 access-list SidenisAG_splitTunnelAcl standard permit 192.168.1.0 255.255.255.0 access-list SidenisAG_splitTunnelAcl standard permit 192.168.10.0 255.255.255.0 access-list SidenisAG_splitTunnelAcl remark srvw-p.swissre.com access-list SidenisAG_splitTunnelAcl standard permit host 193.246.XXX.XX access-list SidenisAG_splitTunnelAcl remark srvw.swissre.com access-list SidenisAG_splitTunnelAcl standard permit host 193.246.XXX.XX access-list SidenisAG_splitTunnelAcl remark SwissRe legacy access-list SidenisAG_splitTunnelAcl standard permit host 193.246.XXX.XX access-list outside_cryptomap extended permit ip object-group DM_INLINE_NETWORK_1 object-group systemoprh_net pager lines 48 mtu outside 1500 mtu dmz 1500 mtu inside 1500 mtu management 1500 ip audit name outside_attack attack action alarm ip audit name outside_inform info action alarm ip audit interface outside outside_inform ip audit interface outside outside_attack no failover no monitor-interface service-module icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-762.bin asdm history enable arp timeout 14400 no arp permit-nonconnected nat (inside,outside) source static inside_net inside_net destination static all_vpn all_vpn nat (outside,outside) source static all_vpn all_vpn destination static all_vpn all_vpn nat (outside,dmz) source static any any destination static he-lin-web-1 he-lin-web-1 service smtp_astro smtp nat (any,dmz) source static any any destination static he-lin-web-1 he-lin-web-1 nat (outside,inside) source static any any destination static interface mongodb-host service mongodb-outside mongodb nat (outside,inside) source static any any destination static interface mongodb_test_db service mongodb_test mongodb nat (inside,outside) source static inside_net inside_net destination static Azure_net Azure_net nat (outside,inside) source static any any destination static interface he-win-sql1 service mssql-outside mssql nat (any,outside) source static Remote_Access_VPN_Pool Remote_Access_VPN_Pool destination static SwissReVW SwissReVW no-proxy-arp ! object network inside_net nat (inside,outside) dynamic interface access-group outside_access_in in interface outside access-group dmz_access_in in interface dmz route outside 0.0.0.0 0.0.0.0 176.28.61.217 1 timeout xlate 3:00:00 timeout pat-xlate 0:00:30 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 webvpn enable outside anyconnect-essentials anyconnect image disk0:/anyconnect-win-3.1.04059-k9.pkg 1 anyconnect image disk0:/anyconnect-linux-64-3.1.04059-k9.pkg 3 anyconnect profiles SidenisAnyConnect disk0:/sidenisanyconnect.xml anyconnect enable cache disable error-recovery disable group-policy NOACCESS internal group-policy NOACCESS attributes wins-server none dns-server value XXX vpn-simultaneous-logins 0 vpn-tunnel-protocol ikev1 ssl-client default-domain value sidenis.local address-pools none group-policy DfltGrpPolicy attributes dns-server value XXX vpn-tunnel-protocol ikev1 ikev2 ssl-client ssl-clientless default-domain value sidenis.local group-policy GroupPolicy_176.28.61.213 internal group-policy GroupPolicy_176.28.61.213 attributes vpn-tunnel-protocol ikev1 group-policy GroupPolicy1 internal group-policy GroupPolicy1 attributes vpn-tunnel-protocol ikev1 group-policy SidenisAG internal group-policy SidenisAG attributes dns-server value XXX vpn-simultaneous-logins 3 vpn-tunnel-protocol ikev1 ikev2 ssl-client group-lock none split-tunnel-policy tunnelspecified split-tunnel-network-list value SidenisAG_splitTunnelAcl default-domain value sidenis.local address-pools value SidenisAG-RA-Pool webvpn anyconnect profiles value SidenisAnyConnect type user dynamic-access-policy-record DfltAccessPolicy username admin password XXX username remote password XXX username remote attributes vpn-group-policy SidenisAG tunnel-group DefaultRAGroup general-attributes authentication-server-group Active-Directory tunnel-group DefaultWEBVPNGroup general-attributes authentication-server-group Active-Directory LOCAL tunnel-group DefaultWEBVPNGroup webvpn-attributes group-alias FullSidenisAccess enable tunnel-group SidenisAG type remote-access tunnel-group SidenisAG general-attributes address-pool SidenisAG-RA-Pool authentication-server-group Active-Directory LOCAL authentication-server-group (dmz) Active-Directory LOCAL authorization-server-group Active-Directory default-group-policy NOACCESS secondary-username-from-certificate CN tunnel-group SidenisAG webvpn-attributes authentication aaa certificate group-alias SidenisAG enable tunnel-group SidenisAG ipsec-attributes ikev1 pre-shared-key ***** ! ! prompt hostname context no call-home reporting anonymous Cryptochecksum XXX : end asdm image disk0:/asdm-762.bin asdm history enable