: Saved : : Serial Number: JAD201800T7 : Hardware: ASA5506, 4096 MB RAM, CPU Atom C2000 series 1250 MHz, 1 CPU (4 cores) : ASA Version 9.5(2) ! hostname Venus domain-name CAMPUS.org enable password 8Ry2YjIyt7RRXU24 encrypted names ip local pool POOL_VPN_REMOTE_USERS 10.91.90.10-10.91.90.199 mask 255.255.255.0 ip local pool POOL_VPN_REMOTE_ADMIN 10.91.100.1-10.91.100.2 mask 255.255.255.252 ip local pool POOL_VPN_COMPTA 10.91.91.1-10.91.91.2 mask 255.255.255.252 ! interface GigabitEthernet1/1 nameif inside security-level 100 ip address 10.91.250.12 255.255.255.0 ! interface GigabitEthernet1/2 shutdown no nameif security-level 0 no ip address ! interface GigabitEthernet1/3 shutdown no nameif no security-level no ip address ! interface GigabitEthernet1/4 shutdown no nameif no security-level no ip address ! interface GigabitEthernet1/5 shutdown no nameif no security-level no ip address ! interface GigabitEthernet1/6 shutdown no nameif no security-level no ip address ! interface GigabitEthernet1/7 shutdown no nameif no security-level no ip address ! interface GigabitEthernet1/8 nameif outside security-level 0 ip address dhcp setroute ! interface Management1/1 management-only nameif MANAGEMENT security-level 100 ip address 10.91.2.251 255.255.255.0 ! ftp mode passive clock timezone CEST 1 clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00 dns domain-lookup inside dns domain-lookup outside dns server-group DefaultDNS name-server 10.91.250.10 inside name-server 8.8.8.8 outside domain-name CAMPUS.org object network obj_any subnet 0.0.0.0 0.0.0.0 object network NETWORK_OBJ_10.91.90.0_24 subnet 10.91.90.0 255.255.255.0 object network NETWORK_OBJ_10.91.250.0_24 subnet 10.91.250.0 255.255.255.0 object network LAN_CAMPUS_GRENOBLE subnet 10.38.0.0 255.255.0.0 object network LAN_KN host 10.33.35.105 object network NAT_LAN_CAMPUS_GRENOBLE subnet 10.253.0.0 255.255.0.0 description NAT VERS KN object network LAN_CAMPUS subnet 10.0.0.0 255.128.0.0 object network LAN_TYSLAB subnet 10.255.255.0 255.255.255.0 object network LAN_CAMPUS_LISSES subnet 10.91.0.0 255.255.0.0 object network LAN_CAMPUS_NANTES subnet 10.44.0.0 255.255.0.0 object network LAN_CAMPUS_RENNES subnet 10.35.0.0 255.255.0.0 object network LAN_CAMPUS_TOULOUSE subnet 10.31.0.0 255.255.0.0 object network LAN_CAMPUS_STRASBOURG subnet 10.67.0.0 255.255.0.0 object network NETWORK_OBJ_10.91.100.0_30 subnet 10.91.100.0 255.255.255.252 object network LAN_VPN_COMPTA range 10.91.91.1 10.91.91.2 object network ERP host 10.91.250.14 object network LAN_CUSTOMER_1 subnet 172.16.70.0 255.255.254.0 object network LAN_CUSTOMER_2 subnet 172.16.72.0 255.255.254.0 object network LAN_CUSTOMER_3 subnet 192.168.0.0 255.255.0.0 object network LAN_CUSTOMER_4 subnet 192.46.0.0 255.255.0.0 object network LAN_CUSTOMER_5 subnet 10.1.0.0 255.255.0.0 object network NAT_CAMPUS<->CUSTOMER host 10.10.249.1 object network LAN_TEST subnet 192.0.0.0 255.0.0.0 object network LAN_CAMPUS_GRENOBLE_TECHNIQUE subnet 10.38.50.0 255.255.255.0 object network GW_LAN_CAMPUS_GRENOBLE host 10.38.254.1 object network HOST_CAMPUS_LISSES_SERVEURS_ERPVIRTUEL host 10.91.250.16 object-group network DM_INLINE_NETWORK_1 network-object object LAN_CAMPUS_GRENOBLE network-object object LAN_CAMPUS_LISSES network-object object LAN_CAMPUS_NANTES network-object object LAN_CAMPUS_RENNES network-object object LAN_CAMPUS_STRASBOURG network-object object LAN_CAMPUS_TOULOUSE object-group network LAN_CUSTOMER network-object object LAN_CUSTOMER_1 network-object object LAN_CUSTOMER_2 network-object object LAN_CUSTOMER_3 network-object object LAN_CUSTOMER_4 network-object object LAN_CUSTOMER_5 access-list VERS_CAMPUS standard permit 10.91.250.0 255.255.255.0 access-list outside_cryptomap_4 extended permit ip object LAN_CAMPUS_GRENOBLE object LAN_TEST access-list outside_cryptomap_1 extended permit ip object LAN_CAMPUS_GRENOBLE object LAN_KN access-list outside_cryptomap_2 extended permit ip object LAN_CAMPUS object LAN_TYSLAB access-list VERS_ERP extended permit ip object LAN_VPN_COMPTA object ERP access-list VERS_CAMPUS_ADMIN standard permit 10.91.250.0 255.255.255.0 access-list VERS_CAMPUS_ADMIN standard deny any4 access-list DE_EXT-COMPTA_VERS_ERP standard permit host 10.91.250.16 access-list DE_EXT-COMPTA_VERS_ERP standard deny any4 access-list outside_cryptomap extended permit ip object LAN_CAMPUS_GRENOBLE object LAN_TEST access-list outside_cryptomap_3 extended permit ip object NAT_CAMPUS<->CUSTOMER object-group LAN_CUSTOMER access-list outside_cryptomap_5 extended permit ip object HOST_CAMPUS_LISSES_SERVEURS_ERPVIRTUEL object-group LAN_CUSTOMER access-list outside_cryptomap_8 extended permit ip object NAT_CAMPUS<->CUSTOMER object-group LAN_CUSTOMER access-list outside_cryptomap_6 extended permit ip object HOST_CAMPUS_LISSES_SERVEURS_ERPVIRTUEL object-group LAN_CUSTOMER pager lines 24 logging enable logging asdm informational mtu inside 1500 mtu outside 1500 mtu MANAGEMENT 1500 no failover no monitor-interface service-module icmp unreachable rate-limit 1 burst-size 1 no asdm history enable arp timeout 14400 no arp permit-nonconnected nat (inside,outside) source static HOST_CAMPUS_LISSES_SERVEURS_ERPVIRTUEL HOST_CAMPUS_LISSES_SERVEURS_ERPVIRTUEL destination static LAN_CUSTOMER NAT_CAMPUS<->CUSTOMER no-proxy-arp inactive nat (inside,outside) source static HOST_CAMPUS_LISSES_SERVEURS_ERPVIRTUEL HOST_CAMPUS_LISSES_SERVEURS_ERPVIRTUEL destination static LAN_CUSTOMER LAN_CUSTOMER no-proxy-arp route-lookup ! object network obj_any nat (any,inside) dynamic interface object network HOST_CAMPUS_LISSES_SERVEURS_ERPVIRTUEL nat (inside,outside) static NAT_CAMPUS<->CUSTOMER ! nat (MANAGEMENT,outside) after-auto source dynamic any interface route inside 10.38.0.0 255.255.0.0 10.91.250.254 1 route MANAGEMENT 10.38.50.0 255.255.255.0 10.91.2.254 1 route MANAGEMENT 10.91.50.0 255.255.255.0 10.91.2.254 1 timeout xlate 3:00:00 timeout pat-xlate 0:00:30 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 aaa-server AAA_CAMPUS protocol radius aaa-server AAA_CAMPUS (inside) host 10.91.250.10 timeout 5 key ***** user-identity default-domain LOCAL aaa authentication ssh console LOCAL aaa authorization exec LOCAL auto-enable http server enable http 10.91.50.0 255.255.255.0 MANAGEMENT http 10.91.2.0 255.255.255.0 MANAGEMENT http 10.38.50.0 255.255.255.0 MANAGEMENT http 10.91.250.0 255.255.255.0 MANAGEMENT http 10.0.0.0 255.0.0.0 MANAGEMENT snmp-server host inside 10.38.250.200 community ***** version 2c snmp-server location LISSES snmp-server contact ochambelant@karelis-systemes.fr snmp-server community ***** snmp-server enable traps syslog snmp-server enable traps ipsec start stop snmp-server enable traps entity cpu-temperature chassis-temperature accelerator-temperature snmp-server enable traps memory-threshold snmp-server enable traps interface-threshold snmp-server enable traps remote-access session-threshold-exceeded snmp-server enable traps connection-limit-reached snmp-server enable traps cpu threshold rising snmp-server enable traps ikev2 start stop snmp-server enable traps nat packet-discard snmp-server enable traps config service sw-reset-button crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transport crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transport crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transport crypto ipsec ikev2 ipsec-proposal DES protocol esp encryption des protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal 3DES protocol esp encryption 3des protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES protocol esp encryption aes protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES192 protocol esp encryption aes-192 protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES256 protocol esp encryption aes-256 protocol esp integrity sha-1 md5 crypto ipsec security-association pmtu-aging infinite crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES crypto map VersFree_map 2 match address outside_cryptomap_1 crypto map VersFree_map 2 set pfs crypto map VersFree_map 2 set peer 57.66.70.251 crypto map VersFree_map 2 set ikev2 ipsec-proposal AES256 crypto map VersFree_map 3 match address outside_cryptomap_6 crypto map VersFree_map 3 set pfs crypto map VersFree_map 3 set peer 83.206.232.103 crypto map VersFree_map 3 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 crypto map VersFree_map 3 set ikev2 ipsec-proposal DES 3DES AES AES192 AES256 crypto map VersFree_map 4 match address outside_cryptomap_3 crypto map VersFree_map 4 set peer 88.170.34.5 crypto map VersFree_map 4 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 crypto map VersFree_map 4 set ikev2 ipsec-proposal DES 3DES AES AES192 AES256 crypto map VersFree_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP crypto map VersFree_map interface outside crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP crypto map inside_map interface inside crypto ca trustpoint _SmartCallHome_ServerCA no validation-uERP crl configure crypto ca trustpoint ASDM_TrustPoint0 enrollment terminal subject-name CN=Venus.CAMPUS.local,O=CAMPUS,C=FR crl configure crypto ca trustpoint ASDM_TrustPoint1 enrollment self subject-name CN=vpn.CAMPUS.com,O=CAMPUS,C=FR keypair KEY proxy-ldc-issuer crl configure crypto ca trustpoint SeflSignedCert enrollment self subject-name CN=Venus keypair SSLCert crl configure crypto ca trustpoint ASDM_TrustPoint2 enrollment terminal subject-name CN=vpn.CAMPUS.com,O=CAMPUS,C=FR,L=Lisses,EA=ochambelant@karelis-systemes.fr crl configure crypto ca trustpoint ASDM_Launcher_Access_TrustPoint_0 enrollment self fqdn none subject-name CN=10.91.2.251,CN=Venus keypair ASDM_LAUNCHER crl configure crypto ca trustpoint vpn.CAMPUS.com enrollment self subject-name CN=vpn.CAMPUS.com proxy-ldc-issuer crl configure crypto ca trustpool policy crypto ca certificate chain _SmartCallHome_ServerCA certificate ca 6ecc7aa5a7032009b8cebcf4e952d491 308205ec 308204d4 a0030201 0202106e cc7aa5a7 032009b8 cebcf4e9 52d49130 0d06092a 864886f7 0d010105 05003081 ca310b30 09060355 04061302 55533117 30150603 55040a13 0e566572 69536967 6e2c2049 6e632e31 1f301d06 0355040b 13165665 72695369 676e2054 72757374 204e6574 776f726b 313a3038 06035504 0b133128 63292032 30303620 56657269 5369676e 2c20496e 632e202d 20466f72 20617574 686f7269 7a656420 75736520 6f6e6c79 31453043 06035504 03133c56 65726953 69676e20 436c6173 73203320 5075626c 69632050 72696d61 72792043 65727469 66696361 74696f6e 20417574 686f7269 7479202d 20473530 1e170d31 30303230 38303030 3030305a 170d3230 30323037 32333539 35395a30 81b5310b 30090603 55040613 02555331 17301506 0355040a 130e5665 72695369 676e2c20 496e632e 311f301d 06035504 0b131656 65726953 69676e20 54727573 74204e65 74776f72 6b313b30 39060355 040b1332 5465726d 73206f66 20757365 20617420 68747470 733a2f2f 7777772e 76657269 7369676e 2e636f6d 2f727061 20286329 3130312f 302d0603 55040313 26566572 69536967 6e20436c 61737320 33205365 63757265 20536572 76657220 4341202d 20473330 82012230 0d06092a 864886f7 0d010101 05000382 010f0030 82010a02 82010100 b187841f c20c45f5 bcab2597 a7ada23e 9cbaf6c1 39b88bca c2ac56c6 e5bb658e 444f4dce 6fed094a d4af4e10 9c688b2e 957b899b 13cae234 34c1f35b f3497b62 83488174 d188786c 0253f9bc 7f432657 5833833b 330a17b0 d04e9124 ad867d64 12dc744a 34a11d0a ea961d0b 15fca34b 3bce6388 d0f82d0c 948610ca b69a3dca eb379c00 48358629 5078e845 63cd1941 4ff595ec 7b98d4c4 71b350be 28b38fa0 b9539cf5 ca2c23a9 fd1406e8 18b49ae8 3c6e81fd e4cd3536 b351d369 ec12ba56 6e6f9b57 c58b14e7 0ec79ced 4a546ac9 4dc5bf11 b1ae1c67 81cb4455 33997f24 9b3f5345 7f861af3 3cfa6d7f 81f5b84a d3f58537 1cb5a6d0 09e4187b 384efa0f 02030100 01a38201 df308201 db303406 082b0601 05050701 01042830 26302406 082b0601 05050730 01861868 7474703a 2f2f6f63 73702e76 65726973 69676e2e 636f6d30 12060355 1d130101 ff040830 060101ff 02010030 70060355 1d200469 30673065 060b6086 480186f8 45010717 03305630 2806082b 06010505 07020116 1c687474 70733a2f 2f777777 2e766572 69736967 6e2e636f 6d2f6370 73302a06 082b0601 05050702 02301e1a 1c687474 70733a2f 2f777777 2e766572 69736967 6e2e636f 6d2f7270 61303406 03551d1f 042d302b 3029a027 a0258623 68747470 3a2f2f63 726c2e76 65726973 69676e2e 636f6d2f 70636133 2d67352e 63726c30 0e060355 1d0f0101 ff040403 02010630 6d06082b 06010505 07010c04 61305fa1 5da05b30 59305730 55160969 6d616765 2f676966 3021301f 30070605 2b0e0302 1a04148f e5d31a86 ac8d8e6b c3cf806a d448182c 7b192e30 25162368 7474703a 2f2f6c6f 676f2e76 65726973 69676e2e 636f6d2f 76736c6f 676f2e67 69663028 0603551d 11042130 1fa41d30 1b311930 17060355 04031310 56657269 5369676e 4d504b49 2d322d36 301d0603 551d0e04 1604140d 445c1653 44c1827e 1d20ab25 f40163d8 be79a530 1f060355 1d230418 30168014 7fd365a7 c2ddecbb f03009f3 4339fa02 af333133 300d0609 2a864886 f70d0101 05050003 82010100 0c8324ef ddc30cd9 589cfe36 b6eb8a80 4bd1a3f7 9df3cc53 ef829ea3 a1e697c1 589d756c e01d1b4c fad1c12d 05c0ea6e b2227055 d9203340 3307c265 83fa8f43 379bea0e 9a6c70ee f69c803b d937f47a 6decd018 7d494aca 99c71928 a2bed877 24f78526 866d8705 404167d1 273aeddc 481d22cd 0b0b8bbc f4b17bfd b499a8e9 762ae11a 2d876e74 d388dd1e 22c6df16 b62b8214 0a945cf2 50ecafce ff62370d ad65d306 4153ed02 14c8b558 28a1ace0 5becb37f 954afb03 c8ad26db e6667812 4ad99f42 fbe198e6 42839b8f 8f6724e8 6119b5dd cdb50b26 058ec36e c4c875b8 46cfe218 065ea9ae a8819a47 16de0c28 6c2527b9 deb78458 c61f381e a4c4cb66 quit crypto ca certificate chain ASDM_TrustPoint1 certificate 753d8f57 30820397 3082027f a0030201 02020475 3d8f5730 0d06092a 864886f7 0d010105 0500305b 310b3009 06035504 06130246 52311030 0e060355 040a1307 536f6c75 74797331 18301606 03550403 130f7670 6e2e736f 6c757479 732e636f 6d312030 1e06092a 864886f7 0d010902 16115665 6e75732e 736f6c75 7479732e 6f726730 1e170d31 36303732 30303932 3032315a 170d3236 30373138 30393230 32315a30 5b310b30 09060355 04061302 46523110 300e0603 55040a13 07536f6c 75747973 31183016 06035504 03130f76 706e2e73 6f6c7574 79732e63 6f6d3120 301e0609 2a864886 f70d0109 02161156 656e7573 2e736f6c 75747973 2e6f7267 30820122 300d0609 2a864886 f70d0101 01050003 82010f00 3082010a 02820101 00bf5dc4 33dea8ee 885c1410 fcabd9e1 45d64598 d8d4b757 697919b2 543a7ccd c2a2996c 73e43a36 48b0f86c 1ed3d15c d2fc6758 14f30a44 e1236bc7 abdb9938 17eb424e 0ae0e05a 9e1de66b 708c992c 9bc11601 1de06530 66d4b726 131eac8e 603f0bce ce0a1512 2021bb42 b29d0dca f459b0e3 f98f4ce8 9d41a874 87a86e3e 611f11d7 488f4e9c 719e595b 24814862 4dc461b8 0dda5432 64a0a6ed a7f0b0a2 b1a7f9ca e99a9114 b02eac55 8bff7bfc 32bb279f 4b60855e 82aea2a9 cd22565c 25caf118 5883b244 31187815 d8aa845a 0d0a33c0 93a9a036 fa6e4a67 c3266fb0 0191351e 1e58b023 8861e284 1fe6f13f 292cbf5b 2fe69c3f 7cde52d2 1bed1129 65020301 0001a363 3061300f 0603551d 130101ff 04053003 0101ff30 0e060355 1d0f0101 ff040403 02018630 1f060355 1d230418 30168014 832a762b 9e2d3a13 545385ed d097ab95 b15a5fe2 301d0603 551d0e04 16041483 2a762b9e 2d3a1354 5385edd0 97ab95b1 5a5fe230 0d06092a 864886f7 0d010105 05000382 01010090 e4f05871 f7a7eed0 f8ab1d5b b9923bbb cef0cb7f 5535b347 cf865642 2327cee2 395a6e50 3aaf5eef 254498cb c376803f 11fdbb24 f8ea1504 e35c006e 1bc5681e 681f045a 7628a353 85a20a9f de489b00 3fafc4bb 0b49ed52 4a88964c 24a3f7b4 57a6d25c 611da22f 9f7a6351 40c342bb 0dc18016 2386404f d7a9557a 36ec2d0b a5650c01 51129f0c 27741254 bbfbf01f 6bc76ead 7787c25c 727217f7 93352d58 3f92d02f ff5a46de 4213830f 945a987d e6aa3eb5 93d28f72 47885281 2b66b5cf 7010314b 00e1ea41 8ab0804c 23d98793 598d4f03 0df92a9b 2e8a6708 f5c7e66e 92564d79 c82abb6c 205ab8b4 e68828ee 50d3a143 4cc602d3 1eab9e1b aa11e8 quit crypto ca certificate chain SeflSignedCert certificate 94686a57 308202e4 308201cc a0030201 02020494 686a5730 0d06092a 864886f7 0d010105 05003034 310e300c 06035504 03130556 656e7573 31223020 06092a86 4886f70d 01090216 1356656e 75732e73 6f6c7574 79732e6c 6f63616c 301e170d 31363036 32343130 35313139 5a170d32 36303632 32313035 3131395a 3034310e 300c0603 55040313 0556656e 75733122 30200609 2a864886 f70d0109 02161356 656e7573 2e736f6c 75747973 2e6c6f63 616c3082 0122300d 06092a86 4886f70d 01010105 00038201 0f003082 010a0282 010100c2 9a82b367 85e6c1d3 7555fa4f dd0df94f 3eddc3d3 b8529c96 9c147a43 9d2b79ad ca26c79f a2948783 ef6109ed 87f51d7a 80756f6a f9850a11 f9c04b76 f28b0564 24d7d94d fb826591 43162e1f a3a60c7a 4751018a 4da1baf4 a83186d7 a76db5b0 13388cb1 f304ffd3 8c3cb405 ebc0180f b9a0cfbc c5a172b0 3814f018 16ca82ca 9b5e6c9c 4e6500a2 f61536b3 ca8c0ba0 8c55574b 34e873eb 16643ae8 56c25e72 1f0a835e 3147fe7a 38d4d3ce cda3261e a9c61112 e51e306f 129b13df dcf2df12 8f2f4b2b de9bb405 abe81fe1 f0c9f90c 4e4d722a f6d11ebc 8d2abe05 31e90574 945ccc7d af4c3878 05ae40b9 2ca4b5b1 2050e6ee 243a1cdd 7dbd07ba b7fd7702 03010001 300d0609 2a864886 f70d0101 05050003 82010100 4eac5c08 31dfe538 b1387cb8 5c6c4fb6 ef51f326 6c398677 76aef22b d9321688 8f611adf c19c2cb0 ae9991a3 46f59c96 99fa7452 6050a241 18eeeabc e1611a6f ff2e1258 0b70e939 2f721746 9f6e0d1e 4f7b1f30 df0ae211 8e48d720 39e6f36a 1f45a7e3 2f2f5d73 e02ae0f1 cd6e92c0 bf701dc5 bdabe4f8 644b2b33 26a521e2 3e977b5a 3bea25bc fca8e29e 6cfe0218 91245c0b 5505d2cb 37e2727c 8d749e16 0d20004b b7eb038c 5bebb020 9e694486 f4243d3c d240d56a 6d697d8d 7e822e9f 8b04ca2b 7b4d526d 3a47ec91 cb7280b7 f1128509 d13132da 177b69ff 52b841d0 b126f7d6 baf673e5 fad44f48 a1625921 365b9bc2 51e00abb deb90cb0 c58c4e8b quit crypto ca certificate chain ASDM_Launcher_Access_TrustPoint_0 certificate 743d8f57 308202c8 308201b0 a0030201 02020474 3d8f5730 0d06092a 864886f7 0d010105 05003026 310e300c 06035504 03130556 656e7573 31143012 06035504 03130b31 302e3931 2e322e32 3531301e 170d3136 30373230 30393136 35305a17 0d323630 37313830 39313635 305a3026 310e300c 06035504 03130556 656e7573 31143012 06035504 03130b31 302e3931 2e322e32 35313082 0122300d 06092a86 4886f70d 01010105 00038201 0f003082 010a0282 010100d5 105e00b0 1da2d9c5 813f01c9 4ac5289f 3754b0a1 778f545a 0f6e6a46 95a85499 8e809866 618000fe 2b342aa9 d2b17e46 94ccffd0 9e273b81 2862a09c 590475b0 c5e91c02 aa34c165 88c1a14c 74f37739 9567f5ae dd69cf30 38632cde 543caa7a a5c91b67 7cf35b12 3aba8491 9e2f4e71 4680e40f b6206dd8 f33b7d82 316890de 15f31143 2dd0c345 40bca4ec a76a0e8e edfa05a7 6db12869 d0fe0b43 aec9af7d 332dbe22 cddfca3f 9c862a0a fd9af38d ecd6bea1 6708b257 e2bb9643 8496c0b6 49ac418d cca02e93 2babb5f6 e323d4c5 679fc9a8 041ccd73 195b1da6 e85c52aa 83200503 1c5d765a 71b017d1 d1b3db60 1a7ac7c9 84001a32 9a5d861f 6ab20f02 03010001 300d0609 2a864886 f70d0101 05050003 82010100 99e5df05 2a2cdfc7 cb417c9f 06d2f3d6 557ae655 45a2641a f4072238 b611dc3b 4d933f3d ad09217d 30fc7cc1 9adf45a3 32d800fc 6fea5193 4e4fa193 97475629 5e297dd2 77a12537 818edcf7 6b6cf9bf 259a7144 46a727e9 ffdb9f8e 072328a3 65fa6b27 7811c8e2 cc635180 e39cd197 0d6ed1ca 1135f737 a5d015cb 0b70ac09 00b0f174 11292593 88c5574a 69e44908 ce1a17f4 8f744ccb 46f6372e 3aa1aef5 a3a5241a 41af581b e2ee0431 9ef24f80 b24b897a 171ba3c1 cab86a83 18ffcb11 0886ee80 75c29708 0bca0f41 91db7aab 723b9f75 5b3ffd66 ec711016 85b28e73 42306e8c 9808b666 82934184 847cf490 d22d74fa 7526d48e b636af0a de094af4 quit crypto ca certificate chain vpn.CAMPUS.com certificate 763d8f57 30820254 308201bd a0030201 02020476 3d8f5730 0d06092a 864886f7 0d010105 0500303c 31183016 06035504 03130f76 706e2e73 6f6c7574 79732e63 6f6d3120 301e0609 2a864886 f70d0109 02161156 656e7573 2e736f6c 75747973 2e6f7267 301e170d 31363037 32303039 32323038 5a170d32 36303731 38303932 3230385a 303c3118 30160603 55040313 0f76706e 2e736f6c 75747973 2e636f6d 3120301e 06092a86 4886f70d 01090216 1156656e 75732e73 6f6c7574 79732e6f 72673081 9f300d06 092a8648 86f70d01 01010500 03818d00 30818902 818100a3 6a0893ca 3b1644f9 ec2413cb 334ca467 08725697 f6ffdf35 88e28904 32fd6de2 556e3cea 4e2f15d0 f272292d 8d2beb14 d850b03b 18fe8d8b 6c143a53 822d8ba3 c20108a1 cc58135a e46f74ff b9c7da4d 6a9a0edf c72aac22 0c6a3ba9 1f544638 da8f9b22 c165779b eec572eb 5cb31c92 3a48b866 c7af9ce5 7b006d02 5180dd02 03010001 a3633061 300f0603 551d1301 01ff0405 30030101 ff300e06 03551d0f 0101ff04 04030201 86301f06 03551d23 04183016 8014b452 10d76587 11af5ae1 558e2e00 43218203 4f14301d 0603551d 0e041604 14b45210 d7658711 af5ae155 8e2e0043 2182034f 14300d06 092a8648 86f70d01 01050500 03818100 9a43cc1d 21c6c04c eda1cf82 0f7a1f0a 99e383ae 318ac13a 6af9e7d5 3a9b232b 9efc8d53 d58cce97 7008cb0e 894da4c4 e7d5f678 833940de f818e80e a7c54455 2d3470d1 b8a69114 5a7aa047 fa1fb7ae 05eca6c7 05726c65 4919ac31 60298c88 36f7121b 3963c0b3 62368f83 53fae99c 42183e0e 2d967453 a41a6d2d 7e388802 quit crypto ikev2 policy 1 encryption aes-256 integrity sha256 sha group 5 2 1 prf sha256 sha lifetime seconds 86400 crypto ikev2 policy 10 encryption aes-192 integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 20 encryption aes integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 30 encryption 3des integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 40 encryption des integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 enable outside crypto ikev2 remote-access trustpoint vpn.CAMPUS.com crypto ikev1 enable inside crypto ikev1 enable outside crypto ikev1 policy 20 authentication rsa-sig encryption aes-256 hash sha group 2 lifetime 86400 crypto ikev1 policy 30 authentication pre-share encryption aes-256 hash sha group 2 lifetime 86400 crypto ikev1 policy 50 authentication rsa-sig encryption aes-192 hash sha group 2 lifetime 86400 crypto ikev1 policy 60 authentication pre-share encryption aes-192 hash sha group 2 lifetime 86400 crypto ikev1 policy 80 authentication rsa-sig encryption aes hash sha group 2 lifetime 86400 crypto ikev1 policy 90 authentication pre-share encryption aes hash sha group 2 lifetime 86400 crypto ikev1 policy 110 authentication rsa-sig encryption 3des hash sha group 2 lifetime 86400 crypto ikev1 policy 120 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 crypto ikev1 policy 140 authentication rsa-sig encryption des hash sha group 2 lifetime 86400 crypto ikev1 policy 150 authentication pre-share encryption des hash sha group 2 lifetime 86400 telnet timeout 5 no ssh stricthostkeycheck ssh 10.38.50.0 255.255.255.0 MANAGEMENT ssh timeout 5 ssh key-exchange group dh-group1-sha1 console timeout 0 management-access MANAGEMENT dhcp-client client-id interface outside dhcpd auto_config inside ! threat-detection basic-threat threat-detection statistics threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200 ntp server 10.91.250.10 source inside prefer ssl trust-point vpn.CAMPUS.com inside ssl trust-point vpn.CAMPUS.com outside ssl trust-point ASDM_Launcher_Access_TrustPoint_0 MANAGEMENT ssl trust-point ASDM_Launcher_Access_TrustPoint_0 MANAGEMENT vpnlb-ip webvpn enable inside enable outside anyconnect image disk0:/anyconnect-win-4.1.04011-k9.pkg 1 anyconnect profiles VPN_REMOTE_USERS_client_profile disk0:/VPN_REMOTE_USERS_client_profile.xml anyconnect enable tunnel-group-list enable cache disable error-recovery disable group-policy GroupPolicy_VPN_REMOTE_USERS internal group-policy GroupPolicy_VPN_REMOTE_USERS attributes wins-server none dns-server value 10.91.250.10 vpn-tunnel-protocol ssl-client split-tunnel-policy tunnelspecified split-tunnel-network-list value VERS_CAMPUS_ADMIN default-domain none group-policy GroupPolicy_83.206.232.103 internal group-policy GroupPolicy_83.206.232.103 attributes vpn-session-timeout none vpn-tunnel-protocol ikev1 ikev2 periodic-authentication certificate none group-policy GroupPolicy_VPN_COMPTA internal group-policy GroupPolicy_VPN_COMPTA attributes wins-server none dns-server value 10.91.250.10 vpn-tunnel-protocol ssl-client split-tunnel-policy tunnelspecified split-tunnel-network-list value DE_EXT-COMPTA_VERS_ERP default-domain value CAMPUS.org dynamic-access-policy-record DfltAccessPolicy tunnel-group VPN_REMOTE_USERS type remote-access tunnel-group VPN_REMOTE_USERS general-attributes address-pool POOL_VPN_REMOTE_USERS default-group-policy GroupPolicy_VPN_REMOTE_USERS tunnel-group VPN_REMOTE_USERS webvpn-attributes group-alias VPN_REMOTE_USERS enable tunnel-group VPN_COMPTA type remote-access tunnel-group VPN_COMPTA general-attributes address-pool POOL_VPN_COMPTA default-group-policy GroupPolicy_VPN_COMPTA tunnel-group VPN_COMPTA webvpn-attributes group-alias VPN_COMPTA enable tunnel-group 83.206.232.103 type ipsec-l2l tunnel-group 83.206.232.103 general-attributes default-group-policy GroupPolicy_83.206.232.103 tunnel-group 83.206.232.103 ipsec-attributes ikev1 pre-shared-key ***** peer-id-validate nocheck isakmp keepalive disable ikev2 remote-authentication pre-shared-key ***** ikev2 local-authentication pre-shared-key ***** ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters mesERP-length maximum client auto mesERP-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect ip-options class class-default user-statistics accounting ! service-policy global_policy global prompt hostname context call-home reporting anonymous hpm topN enable Cryptochecksum:2f458b911cf0b2b137da43b43aa842c3 : end