mfw01# sho config : Saved : Written by xxx at 10:30:10.001 PDT Mon Aug 29 2016 ! ASA Version 8.2(4) ! hostname mfw01 domain-name mills.int enable password jeunYHGhr8t.WxkZ encrypted passwd jeunYHGhr8t.WxkZ encrypted names name xx.174.143.97 cox-gateway description cox-gateway name 172.16.10.0 iscsi-network description iscsi-network name 192.168.1.0 legacy-network description legacy-network name 10.20.50.0 management-network description management-network name 10.20.10.0 server-network description server-network name 10.20.20.0 user-network description user-network name 192.168.1.101 private-em-imap description private-em-imap name 10.20.10.2 private-exchange description private-exchange name 10.20.10.3 private-ftp description private-ftp name 192.168.1.202 private-ip-phones description private-ip-phones name 10.20.10.6 private-kaseya description private-kaseya name 192.168.1.2 private-mitel-3300 description private-mitel-3300 name 10.20.10.1 private-pptp description private-pptp name 10.20.10.7 private-sharepoint description private-sharepoint name 10.20.10.4 private-tportal description private-tportal name xx.174.143.99 public-exchange description public-exchange name xx.174.143.100 public-ftp description public-ftp name xx.174.143.101 public-tportal description public-tportal name xx.174.143.102 public-sharepoint description public-sharepoint name xx.174.143.103 public-ip-phones description public-ip-phones name xx.174.143.104 public-mitel-3300 description public-mitel-3300 name xx.174.143.105 public-xorcom description public-xorcom name xx.174.143.108 public-remote-support description public-remote-support name xx.174.143.109 public-xarios description public-xarios name xx.174.143.110 public-kaseya description public-kaseya name xx.174.143.111 public-pptp description public-pptp name 192.168.2.0 Irvine_LAN description Irvine_LAN name xx.174.143.98 public-ip name 10.20.10.14 private-RevProxy description private-RevProxy name xx.174.143.107 public-RevProxy description Public-RevProxy name 10.20.10.9 private-XenDesktop description private-XenDesktop name xx.174.143.115 public-XenDesktop description public-XenDesktop name 10.20.1.1 private-gateway description private-gateway name 192.168.1.96 private-remote-support description private-remote-support name 10.20.10.20 private-uca description private-uca name xx.174.143.116 public-uca description public-uca name 10.20.20.6 private-xorcom description private-xorcom name 10.20.20.250 private-xarios description private-xarios name 192.111.11.0 MJB_LAN description Mark Remote LAN ! interface Ethernet0/0 nameif public security-level 0 ip address public-ip 255.255.255.224 ! interface Ethernet0/1 speed 100 duplex full nameif private security-level 100 ip address private-gateway 255.255.255.0 ! interface Ethernet0/2 shutdown no nameif no security-level no ip address ! interface Ethernet0/3 shutdown no nameif no security-level no ip address ! interface Management0/0 nameif management security-level 100 ip address 192.168.0.1 255.255.255.0 management-only ! ftp mode passive clock timezone pst -8 clock summer-time PDT recurring dns domain-lookup public dns domain-lookup private dns domain-lookup management dns server-group DefaultDNS domain-name mills.int object-group service ftp service-object tcp eq ftp service-object tcp eq ftp-data object-group service DM_INLINE_SERVICE_1 group-object ftp service-object udp eq tftp object-group service web-server service-object tcp eq www service-object tcp eq https object-group service DM_INLINE_SERVICE_2 service-object tcp eq smtp object-group service DM_INLINE_SERVICE_3 service-object tcp eq ssh group-object web-server object-group service kaseya service-object tcp eq 4242 service-object tcp eq 5721 service-object tcp eq 8080 service-object udp eq 5721 object-group service DM_INLINE_SERVICE_4 group-object kaseya group-object web-server object-group service DM_INLINE_SERVICE_5 service-object gre service-object tcp eq pptp object-group service VPN service-object gre service-object esp service-object ah service-object tcp eq pptp service-object udp eq 4500 service-object udp eq isakmp object-group network MILLS_VPN_VLANS network-object 10.20.1.0 255.255.255.0 network-object server-network 255.255.255.0 network-object user-network 255.255.255.0 network-object management-network 255.255.255.0 network-object legacy-network 255.255.255.0 object-group service InterTel5000 service-object tcp range 3998 3999 service-object tcp range 6800 6802 service-object udp eq 20001 service-object udp range 5004 5007 service-object udp range 50098 50508 service-object udp range 6604 7039 service-object udp eq bootpc service-object udp eq tftp service-object tcp eq 4000 service-object tcp eq 44000 service-object tcp eq www service-object tcp eq https service-object tcp eq 5566 service-object udp eq 5567 service-object udp range 6004 6603 service-object tcp eq 6880 service-object tcp range 10500 20000 service-object udp range 10500 20000 object-group service DM_INLINE_SERVICE_7 service-object icmp group-object InterTel5000 object-group service DM_INLINE_SERVICE_8 service-object icmp service-object tcp eq https service-object tcp eq ssh object-group service RevProxy tcp description RevProxy port-object eq 5500 object-group service XenDesktop tcp description Xen port-object eq 8080 port-object eq 2514 port-object eq 2598 port-object eq 27000 port-object eq 7279 port-object eq 8000 port-object eq citrix-ica port-object range 1491 1499 port-object eq 3389 port-object range 1433 1434 port-object eq 8100 port-object eq 135 port-object eq 3268 object-group service EXCHANGE_HTTP group-object web-server object-group service DM_INLINE_SERVICE_0 service-object tcp eq 40 service-object tcp eq https service-object tcp eq ssh service-object udp eq www object-group service UCA description UCA Ports service-object tcp eq 36008 service-object tcp eq 6800 service-object tcp range 6801 6802 service-object tcp eq www service-object tcp eq https service-object tcp eq ssh service-object udp range 20000 31000 object-group service PhoneManager tcp description Phone Manager 2007 port-object eq 2007 port-object eq 1433 port-object eq 2001 port-object eq 8184 port-object eq 8186 port-object eq 8187 port-object eq 8188 port-object eq 8189 port-object eq https port-object eq 8086 port-object eq 8087 access-list public_access_in extended permit object-group UCA any host public-uca access-list public_access_in extended permit object-group DM_INLINE_SERVICE_8 any host public-ip access-list public_access_in extended permit object-group VPN any host public-ip access-list public_access_in extended permit object-group DM_INLINE_SERVICE_7 any host public-ip-phones access-list public_access_in extended permit object-group DM_INLINE_SERVICE_1 any host public-ftp access-list public_access_in extended permit object-group DM_INLINE_SERVICE_0 any host public-xorcom access-list public_access_in extended permit tcp any host public-RevProxy object-group RevProxy access-list public_access_in extended permit object-group DM_INLINE_SERVICE_3 any host public-remote-support access-list public_access_in extended permit tcp any host public-xarios object-group PhoneManager access-list public_access_in extended permit object-group web-server any host public-sharepoint access-list public_access_in extended permit object-group web-server any host public-tportal access-list public_access_in extended permit object-group DM_INLINE_SERVICE_4 any host public-kaseya access-list public_access_in extended permit object-group DM_INLINE_SERVICE_5 any host public-pptp access-list public_access_in extended permit tcp any host public-XenDesktop object-group XenDesktop access-list public_access_in extended permit object-group EXCHANGE_HTTP any host public-exchange access-list public_access_in extended permit object-group DM_INLINE_SERVICE_2 216.239.32.0 255.255.224.0 host public-exchange access-list public_access_in extended permit object-group DM_INLINE_SERVICE_2 64.233.160.0 255.255.224.0 host public-exchange access-list public_access_in extended permit object-group DM_INLINE_SERVICE_2 66.249.80.0 255.255.240.0 host public-exchange access-list public_access_in extended permit object-group DM_INLINE_SERVICE_2 72.14.192.0 255.255.192.0 host public-exchange access-list public_access_in extended permit object-group DM_INLINE_SERVICE_2 209.85.128.0 255.255.128.0 host public-exchange access-list public_access_in extended permit object-group DM_INLINE_SERVICE_2 66.102.0.0 255.255.240.0 host public-exchange access-list public_access_in extended permit object-group DM_INLINE_SERVICE_2 74.125.0.0 255.255.0.0 host public-exchange access-list public_access_in extended permit object-group DM_INLINE_SERVICE_2 64.18.0.0 255.255.240.0 host public-exchange access-list public_access_in extended permit object-group DM_INLINE_SERVICE_2 207.126.144.0 255.255.240.0 host public-exchange access-list public_access_in extended permit object-group DM_INLINE_SERVICE_2 173.194.0.0 255.255.0.0 host public-exchange access-list public_access_in extended permit object-group DM_INLINE_SERVICE_2 216.58.192.0 255.255.224.0 host public-exchange access-list private_access_in extended permit icmp any any access-list private_access_in extended permit ip any any access-list VPN_Users_SplitTunnelAcl standard permit server-network 255.255.255.0 access-list VPN_Users_SplitTunnelAcl standard permit user-network 255.255.255.0 access-list VPN_Users_SplitTunnelAcl standard permit management-network 255.255.255.0 access-list VPN_Users_SplitTunnelAcl standard permit 10.20.1.0 255.255.255.0 access-list VPN_Users_SplitTunnelAcl standard permit legacy-network 255.255.255.0 access-list private_nat0_outbound extended permit ip object-group MILLS_VPN_VLANS Irvine_LAN 255.255.255.0 access-list private_nat0_outbound extended permit ip object-group MILLS_VPN_VLANS 10.20.1.96 255.255.255.240 access-list private_nat0_outbound extended permit ip object-group MILLS_VPN_VLANS 10.90.2.0 255.255.255.0 access-list private_nat0_outbound extended permit ip object-group MILLS_VPN_VLANS MJB_LAN 255.255.255.0 access-list public_1_cryptomap extended permit ip object-group MILLS_VPN_VLANS Irvine_LAN 255.255.255.0 access-list public_2_cryptomap extended permit ip object-group MILLS_VPN_VLANS 10.90.2.0 255.255.255.0 access-list public_cryptomap extended permit ip object-group MILLS_VPN_VLANS MJB_LAN 255.255.255.0 pager lines 24 logging enable logging list Error-Events level warnings logging monitor warnings logging buffered warnings logging trap warnings logging asdm warnings logging mail warnings logging host private private-kaseya logging permit-hostdown logging class auth trap alerts mtu public 1500 mtu private 1500 mtu management 1500 ip local pool VPN_Users 10.20.1.100-10.20.1.110 mask 255.255.255.0 no failover icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-731.bin no asdm history enable arp timeout 14400 global (public) 101 interface nat (private) 0 access-list private_nat0_outbound nat (private) 101 0.0.0.0 0.0.0.0 nat (management) 101 0.0.0.0 0.0.0.0 static (private,public) public-ip-phones private-ip-phones netmask 255.255.255.255 dns static (private,public) public-ftp private-ftp netmask 255.255.255.255 dns static (private,public) public-xorcom private-xorcom netmask 255.255.255.255 dns static (private,public) public-exchange private-exchange netmask 255.255.255.255 dns static (private,public) public-RevProxy private-RevProxy netmask 255.255.255.255 dns static (private,public) public-remote-support private-remote-support netmask 255.255.255.255 dns static (private,public) public-xarios private-xarios netmask 255.255.255.255 dns static (private,public) public-sharepoint private-sharepoint netmask 255.255.255.255 dns static (private,public) public-tportal private-tportal netmask 255.255.255.255 dns static (private,public) public-kaseya private-kaseya netmask 255.255.255.255 dns static (private,public) public-pptp private-pptp netmask 255.255.255.255 dns static (private,public) public-XenDesktop private-XenDesktop netmask 255.255.255.255 dns static (private,public) public-uca private-uca netmask 255.255.255.255 dns access-group public_access_in in interface public access-group private_access_in in interface private route public 0.0.0.0 0.0.0.0 cox-gateway 1 route private server-network 255.255.255.0 10.20.1.254 1 route private user-network 255.255.255.0 10.20.1.254 1 route private management-network 255.255.255.0 10.20.1.254 1 route private iscsi-network 255.255.255.0 10.20.1.254 1 route private legacy-network 255.255.255.0 10.20.1.254 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 ldap attribute-map admin-control map-name comment Privilege-Level ldap attribute-map allow-dialin map-name msNPAllowDialin IETF-Radius-Class map-value msNPAllowDialin FALSE NOACCESS map-value msNPAllowDialin TRUE IPSecUsers ldap attribute-map mills-vpn_users map-name msNPAllowDialin IETF-Radius-Class map-value msNPAllowDialin FALSE NOACCESS map-value msNPAllowDialin True IPSecUsers ldap attribute-map network-admins map-name memberOf IETF-Radius-Service-Type map-value memberOf FALSE NOACCESS map-value memberOf "Network Admins" 6 dynamic-access-policy-record DfltAccessPolicy aaa-server Mills protocol nt aaa-server Mills (private) host private-pptp nt-auth-domain-controller ms01.mills.int aaa-server Mills_NetAdmin protocol ldap aaa-server Mills_NetAdmin (private) host private-pptp server-port 389 ldap-base-dn ou=San Diego,dc=mills,dc=int ldap-group-base-dn ou=San Diego,dc=mills,dc=int ldap-scope subtree ldap-naming-attribute cn ldap-login-password * ldap-login-dn cn=asa,ou=Service Accounts,ou=San Diego,dc=mills,dc=int server-type microsoft ldap-attribute-map mills-vpn_users aaa-server NetworkAdmins protocol ldap aaa-server NetworkAdmins (private) host private-pptp ldap-base-dn ou=San Diego,dc=mills,dc=int ldap-group-base-dn ou=San Diego,dc=mills,dc=int ldap-scope subtree ldap-naming-attribute cn ldap-login-password * ldap-login-dn cn=asa,ou=Service Accounts,ou=San Diego,dc=mills,dc=int server-type microsoft ldap-attribute-map network-admins aaa-server ADVPNUsers protocol ldap aaa-server ADVPNUsers (private) host private-pptp ldap-base-dn ou=San Diego,dc=mills,dc=int ldap-group-base-dn ou=San Diego,dc=mills,dc=int ldap-scope subtree ldap-naming-attribute cn ldap-login-password * ldap-login-dn cn=asa,ou=Service Accounts,ou=San Diego,dc=mills,dc=int server-type microsoft ldap-attribute-map mills-vpn_users aaa authentication enable console ADVPNUsers LOCAL aaa authentication http console ADVPNUsers LOCAL aaa authentication serial console ADVPNUsers LOCAL aaa authentication telnet console ADVPNUsers LOCAL aaa authentication ssh console ADVPNUsers LOCAL http server enable http 0.0.0.0 0.0.0.0 management http 0.0.0.0 0.0.0.0 public http 0.0.0.0 0.0.0.0 private snmp-server host private private-kaseya poll community ***** version 2c snmp-server location Mills - San Diego snmp-server contact Mills Assist snmp-server enable traps snmp authentication linkup linkdown coldstart sysopt noproxyarp private crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto ipsec transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac crypto ipsec transform-set ESP-AES-128-SHA-TRANS mode transport crypto ipsec transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac crypto ipsec transform-set ESP-AES-128-MD5-TRANS mode transport crypto ipsec transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac crypto ipsec transform-set ESP-AES-192-SHA-TRANS mode transport crypto ipsec transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac crypto ipsec transform-set ESP-AES-192-MD5-TRANS mode transport crypto ipsec transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac crypto ipsec transform-set ESP-AES-256-SHA-TRANS mode transport crypto ipsec transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac crypto ipsec transform-set ESP-AES-256-MD5-TRANS mode transport crypto ipsec transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac crypto ipsec transform-set ESP-3DES-SHA-TRANS mode transport crypto ipsec transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac crypto ipsec transform-set ESP-3DES-MD5-TRANS mode transport crypto ipsec transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac crypto ipsec transform-set ESP-DES-SHA-TRANS mode transport crypto ipsec transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac crypto ipsec transform-set ESP-DES-MD5-TRANS mode transport crypto ipsec security-association lifetime seconds 28800 crypto ipsec security-association lifetime kilobytes 4608000 crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 crypto map public_map 1 match address public_1_cryptomap crypto map public_map 1 set pfs crypto map public_map 1 set peer xx.194.200.115 crypto map public_map 1 set transform-set ESP-3DES-MD5 ESP-AES-128-SHA crypto map public_map 1 set nat-t-disable crypto map public_map 1 set phase1-mode aggressive crypto map public_map 2 match address public_cryptomap crypto map public_map 2 set pfs crypto map public_map 2 set peer xx.25.107.240 crypto map public_map 2 set transform-set ESP-3DES-MD5 ESP-AES-128-SHA crypto map public_map 2 set nat-t-disable crypto map public_map 2 set phase1-mode aggressive crypto map public_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP crypto map public_map interface public crypto ca trustpoint ASDM_TrustPoint0 enrollment self subject-name CN=mfw01.mills.int crl configure crypto ca certificate chain ASDM_TrustPoint0 certificate c4b59652 308201eb 30820154 a0030201 020204c4 b5965230 0d06092a 864886f7 0d010105 0500303a 31183016 06035504 03130f6d 66773031 2e6d696c 6c732e69 6e74311e 301c0609 2a864886 f70d0109 02160f6d 66773031 2e6d696c 6c732e69 6e74301e 170d3133 31313239 31383037 32345a17 0d323331 31323731 38303732 345a303a 31183016 06035504 03130f6d 66773031 2e6d696c 6c732e69 6e74311e 301c0609 2a864886 f70d0109 02160f6d 66773031 2e6d696c 6c732e69 6e743081 9f300d06 092a8648 86f70d01 01010500 03818d00 30818902 818100cc 3fdf6e66 8f4b5797 2de2dbc9 0fff100f 74c1d258 4e17d2af fa362a7c 06c8f7b5 cc8e2258 dc6f850d 3cb87501 5b2a97ea a1882d54 1cae7f6e f18e7cf0 eceb5e50 832eae39 c5da4802 d08eb0a7 33b1572f a6a6804c d96d1c31 bdc4b1a5 91ee127c 8309e3a6 5e175fc0 9b80ee6f 74b096ea 51ab7e8a ee696a91 0c2111f8 f15c5b02 03010001 300d0609 2a864886 f70d0101 05050003 81810080 c62a79d7 367b14a3 5d8d79bd b646fb05 1e1ba5c5 d5bca08b 163b7bcc 09e90346 eb0dac02 b95e7231 19f22e0d c0b4ed54 edcd26be 60b7fa59 0b073a77 4546b42a d9c3812a 2c54d43b d1acb1b2 85b586be 058580ba b24fc82a e37b0c3e 54132607 7a4e39fc 7479035e f655d628 91f14bad 0d957835 57db169c 78b28b09 a413ea quit crypto isakmp enable public crypto isakmp policy 1 authentication pre-share encryption aes hash sha group 5 lifetime 86400 crypto isakmp policy 10 authentication pre-share encryption aes hash sha group 2 lifetime 86400 crypto isakmp policy 30 authentication pre-share encryption 3des hash md5 group 1 lifetime 28800 telnet 0.0.0.0 0.0.0.0 private telnet timeout 5 ssh 0.0.0.0 0.0.0.0 public ssh 0.0.0.0 0.0.0.0 private ssh 0.0.0.0 0.0.0.0 management ssh timeout 5 console timeout 0 management-access private dhcpd address 192.168.0.2-192.168.0.254 management ! threat-detection basic-threat threat-detection statistics access-list threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200 ntp authenticate ntp server 216.129.110.22 source public ntp server 173.244.211.10 source public ntp server 24.124.0.251 source public prefer webvpn enable public svc enable group-policy NOACCESS internal group-policy NOACCESS attributes vpn-simultaneous-logins 0 vpn-tunnel-protocol svc group-policy MJB_VPN internal group-policy MJB_VPN attributes vpn-tunnel-protocol IPSec group-policy IPSecUsers internal group-policy IPSecUsers attributes wins-server value 10.20.10.1 dns-server value 10.20.10.1 vpn-tunnel-protocol IPSec l2tp-ipsec svc password-storage enable split-tunnel-policy tunnelspecified split-tunnel-network-list value VPN_Users_SplitTunnelAcl default-domain value mills.int address-pools value VPN_Users group-policy Irvine internal group-policy Irvine attributes vpn-tunnel-protocol IPSec username admin password Kra9/kXfLDwlSxis encrypted tunnel-group VPN_Users type remote-access tunnel-group VPN_Users general-attributes address-pool VPN_Users authentication-server-group Mills_NetAdmin default-group-policy IPSecUsers tunnel-group VPN_Users ipsec-attributes pre-shared-key * tunnel-group xx.168.155.98 type ipsec-l2l tunnel-group xx.168.155.98 general-attributes default-group-policy Irvine tunnel-group xx.168.155.98 ipsec-attributes pre-shared-key * tunnel-group xx.194.200.115 type ipsec-l2l tunnel-group xx.194.200.115 general-attributes default-group-policy Irvine tunnel-group xx.194.200.115 ipsec-attributes pre-shared-key * tunnel-group xx.177.187.189 type ipsec-l2l tunnel-group xx.177.187.189 general-attributes default-group-policy Irvine tunnel-group xx.177.187.189 ipsec-attributes pre-shared-key * tunnel-group xx.25.107.240 type ipsec-l2l tunnel-group xx.25.107.240 general-attributes default-group-policy MJB_VPN tunnel-group xx.25.107.240 ipsec-attributes pre-shared-key * ! class-map global-class match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum 512 policy-map global-policy class global-class inspect dns inspect ftp inspect h323 h225 inspect h323 ras inspect netbios inspect rsh inspect rtsp inspect sip inspect skinny inspect sqlnet inspect sunrpc inspect tftp inspect xdmcp inspect icmp inspect pptp ! service-policy global-policy global privilege cmd level 3 mode exec command perfmon privilege cmd level 3 mode exec command ping privilege cmd level 3 mode exec command who privilege cmd level 3 mode exec command logging privilege cmd level 3 mode exec command failover privilege cmd level 3 mode exec command packet-tracer privilege show level 5 mode exec command import privilege show level 5 mode exec command running-config privilege show level 3 mode exec command reload privilege show level 3 mode exec command mode privilege show level 3 mode exec command firewall privilege show level 3 mode exec command asp privilege show level 3 mode exec command cpu privilege show level 3 mode exec command interface privilege show level 3 mode exec command clock privilege show level 3 mode exec command dns-hosts privilege show level 3 mode exec command access-list privilege show level 3 mode exec command logging privilege show level 3 mode exec command vlan privilege show level 3 mode exec command ip privilege show level 3 mode exec command ipv6 privilege show level 3 mode exec command failover privilege show level 3 mode exec command asdm privilege show level 3 mode exec command arp privilege show level 3 mode exec command route privilege show level 3 mode exec command ospf privilege show level 3 mode exec command aaa-server privilege show level 3 mode exec command aaa privilege show level 3 mode exec command eigrp privilege show level 3 mode exec command crypto privilege show level 3 mode exec command vpn-sessiondb privilege show level 3 mode exec command ssh privilege show level 3 mode exec command dhcpd privilege show level 3 mode exec command vpn privilege show level 3 mode exec command blocks privilege show level 3 mode exec command wccp privilege show level 3 mode exec command webvpn privilege show level 3 mode exec command module privilege show level 3 mode exec command uauth privilege show level 3 mode exec command compression privilege show level 3 mode configure command interface privilege show level 3 mode configure command clock privilege show level 3 mode configure command access-list privilege show level 3 mode configure command logging privilege show level 3 mode configure command ip privilege show level 3 mode configure command failover privilege show level 5 mode configure command asdm privilege show level 3 mode configure command arp privilege show level 3 mode configure command route privilege show level 3 mode configure command aaa-server privilege show level 3 mode configure command aaa privilege show level 3 mode configure command crypto privilege show level 3 mode configure command ssh privilege show level 3 mode configure command dhcpd privilege show level 5 mode configure command privilege privilege clear level 3 mode exec command dns-hosts privilege clear level 3 mode exec command logging privilege clear level 3 mode exec command arp privilege clear level 3 mode exec command aaa-server privilege clear level 3 mode exec command crypto privilege cmd level 3 mode configure command failover privilege clear level 3 mode configure command logging privilege clear level 3 mode configure command arp privilege clear level 3 mode configure command crypto privilege clear level 3 mode configure command aaa-server prompt hostname context call-home profile CiscoTAC-1 no active destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address email callhome@cisco.com destination transport-method http subscribe-to-alert-group diagnostic subscribe-to-alert-group environment subscribe-to-alert-group inventory periodic monthly subscribe-to-alert-group configuration periodic monthly subscribe-to-alert-group telemetry periodic daily Cryptochecksum:2fa7f12b3c67653c3e0b1e6ed1e3cc55