: Serial Number: JAD194502IQ : Hardware: ASA5506, 4096 MB RAM, CPU Atom C2000 series 1250 MHz, 1 CPU (4 cores) : ASA Version 9.5(2)5 ! hostname BRANCH domain-name customer.local enable password 2KFQnbNIdI.2KYOU encrypted xlate per-session deny tcp any4 any4 xlate per-session deny tcp any4 any6 xlate per-session deny tcp any6 any4 xlate per-session deny tcp any6 any6 xlate per-session deny udp any4 any4 eq domain xlate per-session deny udp any4 any6 eq domain xlate per-session deny udp any6 any4 eq domain xlate per-session deny udp any6 any6 eq domain names ! interface GigabitEthernet1/1 nameif outside security-level 0 ip address x.x.x.146 255.255.255.248 ! interface GigabitEthernet1/2 nameif inside security-level 100 ip address 192.168.5.1 255.255.255.0 ! interface GigabitEthernet1/3 shutdown no nameif no security-level no ip address ! interface GigabitEthernet1/4 shutdown no nameif no security-level no ip address ! interface GigabitEthernet1/5 shutdown no nameif no security-level no ip address ! interface GigabitEthernet1/6 shutdown no nameif no security-level no ip address ! interface GigabitEthernet1/7 shutdown no nameif no security-level no ip address ! interface GigabitEthernet1/8 shutdown no nameif no security-level no ip address ! interface Management1/1 management-only shutdown no nameif no security-level no ip address ! banner motd You are entering a restricted network device. This communication constitutes banner motd an electronic communication within the scope of the Electronic Communication banner motd Privacy Act, 18 USCA 2510. The unlawful interception, use, or disclosure of banner motd such information is strictly prohibited under 18 USCA 2511 and any applicable banner motd laws. Violators will be prosecuted to the fullest extent of the law. ftp mode passive clock timezone EST -5 clock summer-time EDT recurring dns server-group DefaultDNS domain-name customer.local object network INSIDE_NETWORK subnet 192.168.5.0 255.255.255.0 object network REMOTE_CORP subnet 192.168.0.0 255.255.255.0 access-list OUTSIDE_ACCESS_IN extended permit icmp any any time-exceeded access-list OUTSIDE_ACCESS_IN extended permit icmp any any unreachable access-list BRANCH_to_CORP extended permit ip object INSIDE_NETWORK object REMOTE_CORP pager lines 24 logging enable logging timestamp logging buffer-size 65000 logging buffered notifications mtu outside 1500 mtu inside 1500 icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-752-153.bin no asdm history enable arp timeout 14400 no arp permit-nonconnected ! object network INSIDE_NETWORK nat (inside,outside) dynamic interface access-group OUTSIDE_ACCESS_IN in interface outside route outside 0.0.0.0 0.0.0.0 x.x.x.145 1 timeout xlate 3:00:00 timeout pat-xlate 0:00:30 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 user-identity default-domain LOCAL aaa authentication ssh console LOCAL aaa authentication telnet console LOCAL aaa authentication http console LOCAL http server enable 88 http 0.0.0.0 0.0.0.0 inside no snmp-server location no snmp-server contact service sw-reset-button crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec security-association pmtu-aging infinite crypto map outside_map 10 match address BRANCH_to_CORP crypto map outside_map 10 set pfs crypto map outside_map 10 set peer x.x.x.10 x.x.x.162 crypto map outside_map 10 set ikev1 transform-set ESP-3DES-MD5 crypto map outside_map interface outside crypto ca trustpool policy crypto ikev1 enable outside crypto ikev1 policy 10 authentication pre-share encryption 3des hash md5 group 2 lifetime 86400 crypto ikev1 policy 65535 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 telnet 0.0.0.0 0.0.0.0 inside telnet timeout 30 ssh stricthostkeycheck ssh 0.0.0.0 0.0.0.0 outside ssh 0.0.0.0 0.0.0.0 inside ssh timeout 30 ssh version 2 ssh key-exchange group dh-group1-sha1 console timeout 0 management-access inside dhcpd dns x.x.x.12 8.8.8.8 ! dhcpd address 192.168.5.10-192.168.5.100 inside dhcpd enable inside ! threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept ntp server 129.6.15.28 dynamic-access-policy-record DfltAccessPolicy tunnel-group x.x.x.10 type ipsec-l2l tunnel-group x.x.x.10 ipsec-attributes ikev1 pre-shared-key tunnel-group x.x.x.162 type ipsec-l2l tunnel-group x.x.x.162 ipsec-attributes ikev1 pre-shared-key ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum client auto message-length maximum 512 policy-map global_policy class inspection_default inspect ftp inspect h323 h225 inspect h323 ras inspect ip-options inspect netbios inspect rsh inspect rtsp inspect skinny inspect esmtp inspect sqlnet inspect sunrpc inspect tftp inspect sip inspect xdmcp inspect dns preset_dns_map inspect icmp class class-default set connection decrement-ttl policy-map type inspect dns migrated_dns_map_1 parameters message-length maximum client auto message-length maximum 512 ! service-policy global_policy global prompt hostname context no call-home reporting anonymous call-home profile CiscoTAC-1 no active destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address email callhome@cisco.com destination transport-method http subscribe-to-alert-group diagnostic subscribe-to-alert-group environment subscribe-to-alert-group inventory periodic monthly subscribe-to-alert-group configuration periodic monthly subscribe-to-alert-group telemetry periodic daily Cryptochecksum:0f0ad7df62a6bf8a4cdeb15fbce80bb2 : end