interface Ethernet0/0 description Outside Interface switchport access vlan 2 ! interface Ethernet0/1 shutdown ! interface Ethernet0/2 shutdown ! interface Ethernet0/3 shutdown ! interface Ethernet0/4 shutdown ! interface Ethernet0/5 description Offices ! interface Ethernet0/6 description PBX switchport access vlan 3200 ! interface Ethernet0/7 shutdown ! interface Vlan1 nameif Inside security-level 100 ip address 172.10.231.1 255.255.255.0 ! interface Vlan2 nameif Outside security-level 0 ip address 2.2.2.12 255.255.255.192 ! interface Vlan3200 nameif MitelPBX security-level 100 ip address 10.39.228.10 255.255.255.0 ! object network NATPool range 10.24.127.20 10.24.127.254 description NAT Pool object network LIONSVR2 host 172.10.231.107 description Lion Server object network VPNLion2 host 10.24.127.107 description Lion NAT object network 10.39.0.0 subnet 10.39.0.0 255.255.0.0 object network HELIONSVR3 host 172.10.230.108 description 2nd Server object network VPNLION3 host 10.24.127.108 description NAT, 2nd Server object-group network All_HQ_Protected_Networks description This group contains all networks that we allow to be encrypted to/from the ASA firewall network-object 10.43.0.0 255.255.0.0 network-object 10.41.0.0 255.255.0.0 network-object 10.56.0.0 255.255.0.0 network-object 10.42.0.0 255.255.0.0 network-object 10.53.0.0 255.255.0.0 network-object 10.39.0.0 255.255.0.0 network-object 10.22.0.0 255.255.0.0 network-object 10.54.0.0 255.255.0.0 object-group service WebServices tcp description This group contains all services used for accessing the internet port-object eq 7001 port-object eq ftp port-object eq ftp-data port-object eq www port-object eq https object-group network NATPoolGroup network-object object NATPool object-group service PBXPorts tcp description This group contains all services used for the new PBX port-object eq 15347 port-object eq 1752 access-list Inside_nat0_outbound extended permit ip 10.24.127.0 255.255.255.0 object-group All_HQ_VPN_Protected_Networks access-list Outside_20_cryptomap remark This rule protects traffic destined for HQ's internal private networks. access-list Outside_20_cryptomap extended permit ip 10.24.127.0 255.255.255.0 object-group All_HQ_VPN_Protected_Networks access-list Outside_20_cryptomap extended permit ip 10.39.228.0 255.255.255.0 object-group All_HQ_VPN_Protected_Networks access-list Outside_cryptomap_50 remark This rule protects traffic destined for HQ's internal private networks (backup). access-list Outside_cryptomap_50 extended permit ip 10.24.127.0 255.255.255.0 object-group All_HQ_VPN_Protected_Networks access-list Outside_cryptomap_50 extended permit ip 10.39.228.0 255.255.255.0 object-group All_HQ_VPN_Protected_Networks access-list Inside_access_in remark Allows access to VPN connected networks access-list Inside_access_in extended permit ip 172.10.231.0 255.255.255.0 object-group All_HQ_VPN_Protected_Networks access-list Inside_access_in remark Allows access to the internet access-list Inside_access_in extended permit tcp 172.10.231.0 255.255.255.0 any object-group WebServices inactive access-list Inside_access_in remark Allows access to ISP DNS servers access-list Inside_access_in extended permit udp 172.10.231.0 255.255.255.0 any eq domain access-list Inside_access_in extended permit tcp 172.10.231.0 255.255.255.0 any object-group PBXPorts access-list Inside_access_in extended permit tcp any any object-group PBXPorts access-list Inside_nat_outbound extended permit ip 172.10.0.0 255.255.255.0 object-group All_HQ_VPN_Protected_Networks