version 15.2 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Router ! boot-start-marker boot-end-marker ! ! ! no aaa new-model ! crypto pki trustpoint TP-self-signed-1716945716 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-1716945716 revocation-check none rsakeypair TP-self-signed-1716945716 ! ! crypto pki certificate chain TP-self-signed-1716945716 certificate self-signed 01 3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 31373136 39343537 3136301E 170D3137 31313137 32303030 30375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 37313639 34353731 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100AEC1 0EB25661 EF694200 B662ECC0 BAE8F4AA 0F6A0F81 D3C8C272 169E07F7 C2A4493F 357184D6 A2E9280F 89F39A55 CF650336 679E7AC8 B4C583CC A9449058 66E04F62 F466DA44 36C12DDF AA806598 943B78A9 84704740 233B05D2 F47DF839 4C6300A4 B2C1FFC7 9ED1520D 74B3A754 0CC2BA28 41588230 DE243823 05909249 D0BF0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603 551D2304 18301680 14AF02DF 1621A358 CEF01EF1 2FC6DD95 BA3DB5AA C7301D06 03551D0E 04160414 AF02DF16 21A358CE F01EF12F C6DD95BA 3DB5AAC7 300D0609 2A864886 F70D0101 05050003 81810094 1AFE6B17 40570E7C 7DA173A6 D8BCF314 D992C03C CF73F9B9 05DA2996 F60B2308 29855BBF FE55017A A3DD78C8 1D4AD4E1 9DCA7556 FC9CEDEC A3A76A07 76615FF3 04092348 B4BCBB96 31498B12 A8DD4BC4 F4F1C84C 63BB1774 732495F8 1963AD1F 8DE68251 2008C57C B72B6076 4EB6A498 39FCEF22 7E5A8DBD 01FFE7EA F23D21 quit ip cef ! ! ! no ip dhcp use class no ip dhcp use vrf connected ip dhcp excluded-address 192.168.1.0 192.168.1.99 ! ip dhcp pool vlan1 import all network 192.168.1.0 255.255.255.0 default-router 192.168.1.1 dns-server 90.207.238.97 90.207.238.99 ! ! ! no ipv6 cef ! ! license udi pid C887VA-W-E-K9 sn FCZ1631C6R3 ! ! vtp domain SKYBB vtp mode transparent username faieza privilege 15 secret 5 $1$9BoE$Zz74ymPxsv0oQu/5NTfdj. ! ! ! ! ! controller VDSL 0 ! vlan 10 ! ! ! ! ! ! ! ! ! ! interface ATM0 no ip address ip policy route-map voip atm vc-per-vp 64 no atm ilmi-keepalive pvc 0/38 encapsulation aal5mux ppp dialer dialer pool-member 1 ! ! interface Ethernet0 no ip address shutdown ! interface FastEthernet0 no ip address ! interface FastEthernet1 no ip address ! interface FastEthernet2 no ip address ! interface FastEthernet3 description *** vlan 10/FE0 to CISCO ASA *** switchport access vlan 10 no ip address ! interface Wlan-GigabitEthernet0 description Internal switch interface connecting to the embedded AP no ip address ! interface wlan-ap0 description Embedded Service module interface to manage the embedded AP ip unnumbered Vlan1 ! interface Vlan1 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$ ip address 192.168.1.1 255.255.255.0 ip nat inside ip virtual-reassembly in ip tcp adjust-mss 1452 ! interface Vlan10 description *** vlan 10/FE0 to CISCO ASA *** ip address 10.10.10.1 255.255.255.0 ip nat inside ip virtual-reassembly in ! interface Dialer0 ip address negotiated ip nat outside ip virtual-reassembly in encapsulation ppp dialer pool 1 dialer-group 1 ppp authentication chap callin ppp chap hostname 7160afb35580@skydsl ppp chap password 0 df59b51e ppp pap sent-username 7160afb35580@skydsl password 0 df59b54e ppp ipcp dns request no cdp enable ! ip forward-protocol nd ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ! ip dns server ip nat source list LAN pool LAN ip nat inside source list LAN interface Dialer0 overload ip nat inside source list any interface Dialer0 overload ip nat inside source static udp 10.10.10.2 4500 interface Dialer0 4500 ip nat inside source static udp 10.10.10.2 500 interface Dialer0 500 ip nat inside source static esp 10.10.10.2 interface Dialer0 ip route 0.0.0.0 0.0.0.0 Dialer0 ip route 10.10.10.0 255.255.255.0 10.10.10.2 ip route 172.16.30.0 255.255.255.0 10.10.10.2 ! ip access-list extended LAN permit ip 172.16.30.0 0.0.0.255 any permit ip 10.10.10.0 0.0.0.255 any ip access-list extended any permit ip any any ! ! ! ! line con 0 no modem enable line aux 0 line 2 no activation-character no exec transport preferred none transport input all stopbits 1 line vty 0 4 login transport input all ! scheduler allocate 20000 1000 ! end ciscoasa# sh xlate 57 in use, 492 most used Flags: D - DNS, e - extended, I - identity, i - dynamic, r - portmap, s - static, T - twice, N - net-to-net NAT from inside:172.16.30.0/24 to outside:172.16.30.0/24 flags sIT idle 2:00:00 timeout 0:00:00 NAT from outside:192.168.100.0/28 to inside:192.168.100.0/28 flags sIT idle 2:00:00 timeout 0:00:00 TCP PAT from inside:172.16.30.2/59578 to outside:10.10.10.2/59578 flags ri idle 0:00:06 timeout 0:00:30 UDP PAT from inside:172.16.30.2/59438 to outside:10.10.10.2/59438 flags ri idle 0:00:06 timeout 0:00:30 UDP PAT from inside:172.16.30.2/59436 to outside:10.10.10.2/59436 flags ri idle 0:00:09 timeout 0:00:30 UDP PAT from inside:172.16.30.2/56982 to outside:10.10.10.2/56982 flags ri idle 0:00:12 timeout 0:00:30 TCP PAT from inside:172.16.30.2/59576 to outside:10.10.10.2/59576 flags ri idle 0:00:18 timeout 0:00:30 TCP PAT from inside:172.16.30.2/59577 to outside:10.10.10.2/59577 flags ri idle 0:00:18 timeout 0:00:30 UDP PAT from inside:172.16.30.2/49533 to outside:10.10.10.2/49533 flags ri idle 0:00:18 timeout 0:00:30 TCP PAT from inside:172.16.30.2/59575 to outside:10.10.10.2/59575 flags ri idle 0:00:19 timeout 0:00:30 UDP PAT from inside:172.16.30.2/60154 to outside:10.10.10.2/60154 flags ri idle 0:00:19 timeout 0:00:30 TCP PAT from inside:172.16.30.2/59574 to outside:10.10.10.2/59574 flags ri idle 0:00:19 timeout 0:00:30 UDP PAT from inside:172.16.30.2/63714 to outside:10.10.10.2/63714 flags ri idle 0:00:19 timeout 0:00:30 UDP PAT from inside:172.16.30.2/64799 to outside:10.10.10.2/64799 flags ri idle 0:00:20 timeout 0:00:30 UDP PAT from inside:172.16.30.2/59334 to outside:10.10.10.2/59334 flags ri idle 0:00:20 timeout 0:00:30 TCP PAT from inside:172.16.30.2/59573 to outside:10.10.10.2/59573 flags ri idle 0:00:23 timeout 0:00:30 TCP PAT from inside:172.16.30.2/59572 to outside:10.10.10.2/59572 flags ri idle 0:00:23 timeout 0:00:30 TCP PAT from inside:172.16.30.2/59571 to outside:10.10.10.2/59571 flags ri idle 0:00:23 timeout 0:00:30 UDP PAT from inside:172.16.30.2/60649 to outside:10.10.10.2/60649 flags ri idle 0:00:23 timeout 0:00:30 UDP PAT from inside:172.16.30.2/61575 to outside:10.10.10.2/61575 flags ri idle 0:00:23 timeout 0:00:30 TCP PAT from inside:172.16.30.2/59570 to outside:10.10.10.2/59570 flags ri idle 0:00:24 timeout 0:00:30 UDP PAT from inside:172.16.30.2/49635 to outside:10.10.10.2/49635 flags ri idle 0:00:24 timeout 0:00:30 UDP PAT from inside:172.16.30.2/62306 to outside:10.10.10.2/62306 flags ri idle 0:00:24 timeout 0:00:30 UDP PAT from inside:172.16.30.2/62304 to outside:10.10.10.2/62304 flags ri idle 0:00:24 timeout 0:00:30 UDP PAT from inside:172.16.30.2/55258 to outside:10.10.10.2/55258 flags ri idle 0:00:26 timeout 0:00:30 UDP PAT from inside:172.16.30.2/61005 to outside:10.10.10.2/61005 flags ri idle 0:00:25 timeout 0:00:30 TCP PAT from inside:172.16.30.2/59569 to outside:10.10.10.2/59569 flags ri idle 0:00:24 timeout 0:00:30 TCP PAT from inside:172.16.30.2/59568 to outside:10.10.10.2/59568 flags ri idle 0:00:26 timeout 0:00:30 UDP PAT from inside:172.16.30.2/65234 to outside:10.10.10.2/65234 flags ri idle 0:00:26 timeout 0:00:30 UDP PAT from inside:172.16.30.2/57331 to outside:10.10.10.2/57331 flags ri idle 0:00:26 timeout 0:00:30 TCP PAT from inside:172.16.30.2/59567 to outside:10.10.10.2/59567 flags ri idle 0:00:27 timeout 0:00:30 TCP PAT from inside:172.16.30.2/59566 to outside:10.10.10.2/59566 flags ri idle 0:00:26 timeout 0:00:30 UDP PAT from inside:172.16.30.2/50167 to outside:10.10.10.2/50167 flags ri idle 0:00:27 timeout 0:00:30 TCP PAT from inside:172.16.30.2/59565 to outside:10.10.10.2/59565 flags ri idle 0:00:24 timeout 0:00:30 TCP PAT from inside:172.16.30.2/59564 to outside:10.10.10.2/59564 flags ri idle 0:00:27 timeout 0:00:30 UDP PAT from inside:172.16.30.2/52908 to outside:10.10.10.2/52908 flags ri idle 0:00:27 timeout 0:00:30 UDP PAT from inside:172.16.30.2/56344 to outside:10.10.10.2/56344 flags ri idle 0:00:27 timeout 0:00:30 UDP PAT from inside:172.16.30.2/63745 to outside:10.10.10.2/63745 flags ri idle 0:00:27 timeout 0:00:30 TCP PAT from inside:172.16.30.2/59563 to outside:10.10.10.2/59563 flags ri idle 0:00:27 timeout 0:00:30 TCP PAT from inside:172.16.30.2/59562 to outside:10.10.10.2/59562 flags ri idle 0:00:27 timeout 0:00:30 TCP PAT from inside:172.16.30.2/59561 to outside:10.10.10.2/59561 flags ri idle 0:00:27 timeout 0:00:30 TCP PAT from inside:172.16.30.2/59560 to outside:10.10.10.2/59560 flags ri idle 0:00:27 timeout 0:00:30 UDP PAT from inside:172.16.30.2/59957 to outside:10.10.10.2/59957 flags ri idle 0:00:27 timeout 0:00:30 UDP PAT from inside:172.16.30.2/56028 to outside:10.10.10.2/56028 flags ri idle 0:00:27 timeout 0:00:30 UDP PAT from inside:172.16.30.2/53628 to outside:10.10.10.2/53628 flags ri idle 0:00:27 timeout 0:00:30 UDP PAT from inside:172.16.30.2/58012 to outside:10.10.10.2/58012 flags ri idle 0:00:27 timeout 0:00:30 UDP PAT from inside:172.16.30.2/63177 to outside:10.10.10.2/63177 flags ri idle 0:00:27 timeout 0:00:30 UDP PAT from inside:172.16.30.2/63465 to outside:10.10.10.2/63465 flags ri idle 0:00:27 timeout 0:00:30 UDP PAT from inside:172.16.30.2/62491 to outside:10.10.10.2/62491 flags ri idle 0:00:27 timeout 0:00:30 UDP PAT from inside:172.16.30.2/51590 to outside:10.10.10.2/51590 flags ri idle 0:00:28 timeout 0:00:30 UDP PAT from inside:172.16.30.2/58110 to outside:10.10.10.2/58110 flags ri idle 0:00:28 timeout 0:00:30 TCP PAT from inside:172.16.30.2/59558 to outside:10.10.10.2/59558 flags ri idle 0:00:19 timeout 0:00:30 TCP PAT from inside:172.16.30.2/59557 to outside:10.10.10.2/59557 flags ri idle 0:03:20 timeout 0:00:30 TCP PAT from inside:172.16.30.2/59553 to outside:10.10.10.2/59553 flags ri idle 0:04:51 timeout 0:00:30 TCP PAT from inside:172.16.30.2/58892 to outside:10.10.10.2/58892 flags ri idle 0:51:39 timeout 0:00:30 TCP PAT from inside:172.16.30.2/58420 to outside:10.10.10.2/58420 flags ri idle 1:52:41 timeout 0:00:30 UDP PAT from inside:172.16.30.2/29233 to outside:10.10.10.2/29233 flags ri idle 0:00:03 timeout 0:00:30 ASA Version 9.2(2)8 ! hostname ciscoasa enable password 8Ry2YjIyt7RRXU24 encrypted xlate per-session deny tcp any4 any4 xlate per-session deny tcp any4 any6 xlate per-session deny tcp any6 any4 xlate per-session deny tcp any6 any6 xlate per-session deny udp any4 any4 eq domain xlate per-session deny udp any4 any6 eq domain xlate per-session deny udp any6 any4 eq domain xlate per-session deny udp any6 any6 eq domain names ip local pool vpnpool 192.168.100.1-192.168.100.10 mask 255.255.255.0 ! interface Ethernet0/0 switchport access vlan 10 ! interface Ethernet0/1 ! interface Ethernet0/2 shutdown ! interface Ethernet0/3 shutdown ! interface Ethernet0/4 shutdown ! interface Ethernet0/5 shutdown ! interface Ethernet0/6 shutdown ! interface Ethernet0/7 shutdown ! interface Vlan1 nameif inside security-level 100 ip address 172.16.30.1 255.255.255.0 ! interface Vlan10 nameif outside security-level 0 ip address 10.10.10.2 255.255.255.0 ! ftp mode passive object network obj_any subnet 0.0.0.0 0.0.0.0 object network NETWORK_OBJ_172.16.30.0_24 subnet 172.16.30.0 255.255.255.0 object network NETWORK_OBJ_192.168.100.0_28 subnet 192.168.100.0 255.255.255.240 access-list inside_access_in extended permit ip 172.16.30.0 255.255.255.0 10.0.0.0 255.255.255.0 access-list inside_access_in extended permit ip any any access-list Internet_access_in extended permit ip 10.0.0.0 255.255.255.0 172.16.30.0 255.255.255.0 access-list Internet_access_in extended permit ip 172.16.30.0 255.255.255.0 10.0.0.0 255.255.255.0 access-list remotevpn_splitTunnelAcl standard permit 172.16.30.0 255.255.255.0 pager lines 24 mtu inside 1500 mtu outside 1500 no failover icmp unreachable rate-limit 1 burst-size 1 no asdm history enable arp timeout 14400 no arp permit-nonconnected nat (inside,outside) source static NETWORK_OBJ_172.16.30.0_24 NETWORK_OBJ_172.16.30.0_24 destination static NETWORK_OBJ_192.168.100.0_28 NETWORK_OBJ_192.168.100.0_28 no-proxy-arp route-lookup ! object network obj_any nat (inside,outside) dynamic interface route outside 0.0.0.0 0.0.0.0 10.10.10.1 1 timeout xlate 3:00:00 timeout pat-xlate 0:00:30 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 dynamic-access-policy-record DfltAccessPolicy user-identity default-domain LOCAL aaa authentication ssh console LOCAL http server enable http 172.16.30.0 255.255.255.0 inside no snmp-server location no snmp-server contact crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac crypto ipsec security-association pmtu-aging infinite crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1 crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP crypto map outside_map interface outside crypto ca trustpool policy crypto isakmp nat-traversal 3600 crypto ikev1 enable outside crypto ikev1 policy 10 authentication crack encryption aes-256 hash sha group 2 lifetime 86400 crypto ikev1 policy 20 authentication rsa-sig encryption aes-256 hash sha group 2 lifetime 86400 crypto ikev1 policy 30 authentication pre-share encryption aes-256 hash sha group 2 lifetime 86400 crypto ikev1 policy 40 authentication crack encryption aes-192 hash sha group 2 lifetime 86400 crypto ikev1 policy 50 authentication rsa-sig encryption aes-192 hash sha group 2 lifetime 86400 crypto ikev1 policy 60 authentication pre-share encryption aes-192 hash sha group 2 lifetime 86400 crypto ikev1 policy 70 authentication crack encryption aes hash sha group 2 lifetime 86400 crypto ikev1 policy 80 authentication rsa-sig encryption aes hash sha group 2 lifetime 86400 crypto ikev1 policy 90 authentication pre-share encryption aes hash sha group 2 lifetime 86400 crypto ikev1 policy 100 authentication crack encryption 3des hash sha group 2 lifetime 86400 crypto ikev1 policy 110 authentication rsa-sig encryption 3des hash sha group 2 lifetime 86400 crypto ikev1 policy 120 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 crypto ikev1 policy 130 authentication crack encryption des hash sha group 2 lifetime 86400 crypto ikev1 policy 140 authentication rsa-sig encryption des hash sha group 2 lifetime 86400 crypto ikev1 policy 150 authentication pre-share encryption des hash sha group 2 lifetime 86400 crypto ikev1 policy 65535 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 telnet timeout 5 ssh stricthostkeycheck ssh 172.16.30.0 255.255.255.0 inside ssh timeout 5 ssh key-exchange group dh-group1-sha1 console timeout 0 dhcpd domain DOMAINET.se dhcpd auto_config outside ! dhcpd address 172.16.30.2-172.16.30.33 inside dhcpd dns 10.10.10.1 interface inside dhcpd lease 432000 interface inside dhcpd enable inside ! threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept group-policy remotevpn internal group-policy remotevpn attributes vpn-tunnel-protocol ikev1 split-tunnel-policy tunnelspecified split-tunnel-network-list value remotevpn_splitTunnelAcl username hamid password L0w/6yVKbR5Zm91N encrypted privilege 0 username hamid attributes vpn-group-policy remotevpn tunnel-group remotevpn type remote-access tunnel-group remotevpn general-attributes address-pool vpnpool default-group-policy remotevpn tunnel-group remotevpn ipsec-attributes ikev1 pre-shared-key ***** ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum client auto message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect ip-options inspect netbios inspect rsh inspect rtsp inspect skinny inspect esmtp inspect sqlnet inspect sunrpc inspect tftp inspect sip inspect xdmcp ! service-policy global_policy global prompt hostname context no call-home reporting anonymous call-home profile CiscoTAC-1 no active destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address email callhome@cisco.com destination transport-method http subscribe-to-alert-group diagnostic subscribe-to-alert-group environment subscribe-to-alert-group inventory periodic monthly subscribe-to-alert-group configuration periodic monthly subscribe-to-alert-group telemetry periodic daily Cryptochecksum:c2f70c5344fe08a1205a4c6b981c9651