show run : Saved : : Hardware: ASA5506, 4096 MB RAM, CPU Atom C2000 series 1250 MHz, 1 CPU (4 cores) : ASA Version 9.6(2) ! hostname BT enable password RVNHYJApQV0wecmG encrypted names ip local pool SSLVPN_POOL 10.100.9.1-10.100.9.254 mask 255.255.255.0 ! interface GigabitEthernet1/1 nameif outside security-level 0 ip address 176.137.232.222 255.255.255.252 ! interface GigabitEthernet1/2 nameif inside security-level 100 ip address 10.68.64.100 255.255.255.0 ! interface GigabitEthernet1/3 shutdown no nameif no security-level no ip address ! interface GigabitEthernet1/4 shutdown no nameif no security-level no ip address ! interface GigabitEthernet1/5 shutdown no nameif no security-level no ip address ! interface GigabitEthernet1/6 shutdown no nameif no security-level no ip address ! interface GigabitEthernet1/7 shutdown no nameif no security-level no ip address ! interface GigabitEthernet1/8 shutdown no nameif no security-level no ip address ! interface Management1/1 management-only no nameif no security-level no ip address ! boot system disk0:/asa962-lfbff-k8.SPA ftp mode passive clock timezone MYT 8 dns domain-lookup outside dns domain-lookup inside dns server-group abc name-server 10.1.1.57 inside name-server 10.1.1.58 inside domain-name abc.com.my dns server-group Public name-server 8.8.8.8 outside name-server 8.8.4.4 dns-group ABC same-security-traffic permit inter-interface object network JR_10.68.62.0 subnet 10.68.62.0 255.255.255.0 object network HQ_10.1.1.0 subnet 10.1.1.0 255.255.255.0 object network HQ_10.3.64.0 subnet 10.3.64.0 255.255.255.0 object network HQ_10.3.65.0 subnet 10.3.65.0 255.255.255.0 object network HQ_10.3.66.0 subnet 10.3.66.0 255.255.255.0 object network HQ_10.3.68.0 subnet 10.3.68.0 255.255.255.0 object network HQ_172.16.1.0 subnet 172.16.1.0 255.255.255.0 object network NETWORK_OBJ_10.68.64.0_24 subnet 10.68.64.0 255.255.255.0 object network NETWORK_OBJ_10.100.9.0_24 subnet 10.100.9.0 255.255.255.0 object network NGT_10.68.60.0 subnet 10.68.60.0 255.255.255.0 object network NGTWIFI_172.16.2.0 subnet 172.16.2.0 255.255.255.0 object network NGTXentry_172.27.2.0 subnet 172.27.2.0 255.255.255.0 object-group network HQ_NETWORK network-object object HQ_10.1.1.0 network-object object HQ_10.3.64.0 network-object object HQ_10.3.65.0 network-object object HQ_10.3.66.0 network-object object HQ_10.3.68.0 network-object object HQ_172.16.1.0 object-group network HQ_VPN network-object object HQ_10.1.1.0 network-object object HQ_10.3.66.0 object-group service port-acl tcp-udp port-object eq 110 port-object eq 143 port-object eq 161 port-object eq 19044 port-object eq 19898 port-object eq 21 port-object eq 2378 port-object eq 25 port-object eq 389 port-object eq 390 port-object eq 4096 port-object eq 4097 port-object eq 443 port-object eq 445 port-object eq 49629 port-object eq 49630 port-object eq 5011 port-object eq 5012 port-object eq 515 port-object eq 5353 port-object eq 5556 port-object eq 6010 port-object eq 686 port-object eq 7800 port-object eq 8000 port-object eq 8005 port-object eq 8050 port-object eq 9000 port-object eq 9005 port-object eq 9100 port-object eq 9696 port-object eq 9797 port-object eq 9898 port-object eq 995 port-object eq 9999 port-object eq www object-group protocol TCPUDP protocol-object udp protocol-object tcp object-group network DM_INLINE_NETWORK_1 group-object HQ_VPN network-object object NGT_10.68.60.0 object-group network DM_INLINE_NETWORK_2 network-object object NGTWIFI_172.16.2.0 network-object object NGT_10.68.60.0 access-list outside_cryptomap extended permit ip object NETWORK_OBJ_10.68.64.0_24 object-group HQ_NETWORK access-list outside_cryptomap_3 extended permit ip 10.68.64.0 255.255.255.0 object Juru_10.68.62.0 access-list SSLVPN standard permit 10.68.64.0 255.255.255.0 access-list inside_access_in extended permit object-group TCPUDP any any object-group port-acl access-list inside_access_in extended permit ip any any access-list SFR extended permit ip any any access-list outside_cryptomap_4 extended permit ip 10.68.64.0 255.255.255.0 object-group DM_INLINE_NETWORK_2 access-list outside_cryptomap_2 extended permit ip 10.68.64.0 255.255.255.0 object NGT_10.68.60.0 access-list outside_access_in extended permit icmp any interface outside pager lines 24 logging enable logging asdm informational mtu outside 1500 mtu inside 1500 icmp unreachable rate-limit 1 burst-size 1 icmp permit any inside asdm image disk0:/asdm-762-150.bin no asdm history enable arp timeout 14400 no arp permit-nonconnected arp rate-limit 16384 nat (inside,outside) source static NETWORK_OBJ_10.68.64.0_24 NETWORK_OBJ_10.68.64.0_24 destination static DM_INLINE_NETWORK_1 DM_INLINE_NETWORK_1 no-proxy-arp route-lookup nat (inside,outside) source static NETWORK_OBJ_10.68.64.0_24 NETWORK_OBJ_10.68.64.0_24 destination static DM_INLINE_NETWORK_2 DM_INLINE_NETWORK_2 no-proxy-arp route-lookup nat (inside,outside) source static any any destination static NETWORK_OBJ_10.100.9.0_24 NETWORK_OBJ_10.100.9.0_24 no-proxy-arp route-lookup nat (inside,outside) source static NETWORK_OBJ_10.68.64.0_24 NETWORK_OBJ_10.68.64.0_24 destination static HQ_VPN HQ_VPN no-proxy-arp route-lookup ! nat (inside,outside) after-auto source dynamic any interface access-group outside_access_in in interface outside access-group inside_access_in in interface inside route outside 0.0.0.0 0.0.0.0 175.136.231.221 1 timeout xlate 3:00:00 timeout pat-xlate 0:00:30 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 timeout conn-holddown 0:00:15 user-identity default-domain LOCAL aaa authentication ssh console LOCAL http server enable 10443 http 0.0.0.0 0.0.0.0 inside http 0.0.0.0 0.0.0.0 outside snmp-server host inside 10.1.1.137 community ***** version 2c udp-port 161 no snmp-server contact snmp-server community ***** service sw-reset-button crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transport crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transport crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transport crypto ipsec ikev2 ipsec-proposal AES256 protocol esp encryption aes-256 protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES192 protocol esp encryption aes-192 protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES protocol esp encryption aes protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal 3DES protocol esp encryption 3des protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal DES protocol esp encryption des protocol esp integrity sha-1 md5 crypto ipsec security-association pmtu-aging infinite crypto map outside_map0 1 match address outside_cryptomap crypto map outside_map0 1 set peer 176.137.234.162 crypto map outside_map0 1 set ikev1 transform-set ESP-3DES-MD5 crypto map outside_map0 2 match address outside_cryptomap_3 crypto map outside_map0 2 set peer 122.123.48.46 crypto map outside_map0 2 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 crypto map outside_map0 3 match address outside_cryptomap_4 crypto map outside_map0 3 set peer 212.25.105.130 crypto map outside_map0 3 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 crypto map outside_map0 interface outside crypto ca trustpool policy crypto ikev2 policy 1 encryption aes-256 integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 10 encryption aes-192 integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 20 encryption aes integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 30 encryption 3des integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 40 encryption des integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev1 enable outside crypto ikev1 policy 10 authentication pre-share encryption 3des hash md5 group 2 lifetime 86400 crypto ikev1 policy 20 authentication rsa-sig encryption aes-256 hash sha group 2 lifetime 86400 crypto ikev1 policy 30 authentication pre-share encryption aes-256 hash sha group 2 lifetime 86400 crypto ikev1 policy 50 authentication rsa-sig encryption aes-192 hash sha group 2 lifetime 86400 crypto ikev1 policy 60 authentication pre-share encryption aes-192 hash sha group 2 lifetime 86400 crypto ikev1 policy 80 authentication rsa-sig encryption aes hash sha group 2 lifetime 86400 crypto ikev1 policy 90 authentication pre-share encryption aes hash sha group 2 lifetime 86400 crypto ikev1 policy 110 authentication rsa-sig encryption 3des hash sha group 2 lifetime 86400 crypto ikev1 policy 120 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 crypto ikev1 policy 140 authentication rsa-sig encryption des hash sha group 2 lifetime 86400 crypto ikev1 policy 150 authentication pre-share encryption des hash sha group 2 lifetime 86400 telnet timeout 5 ssh stricthostkeycheck ssh 0.0.0.0 0.0.0.0 outside ssh 0.0.0.0 0.0.0.0 inside ssh timeout 60 ssh key-exchange group dh-group1-sha1 console timeout 0 management-access inside dhcpd auto_config outside ! threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept ntp server 103.16.182.23 source outside webvpn port 8443 enable outside dtls port 8443 anyconnect image disk0:/anyconnect-win-4.3.05017-k9.pkg 1 anyconnect enable tunnel-group-list enable cache disable error-recovery disable group-policy DfltGrpPolicy attributes vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec ssl-client ssl-clientless group-policy GroupPolicy_BT_REMOTE internal group-policy GroupPolicy_BT_REMOTE attributes dns-server value 10.1.1.57 8.8.8.8 vpn-tunnel-protocol ssl-client split-tunnel-policy tunnelspecified split-tunnel-network-list value SSLVPN default-domain none client-bypass-protocol enable address-pools value SSLVPN_POOL group-policy BT_VPN internal group-policy BT_VPN attributes vpn-tunnel-protocol ikev1 group-policy HQ_VPN internal group-policy HQ_VPN attributes vpn-tunnel-protocol ikev1 group-policy JR_VPN internal group-policy JR_VPN attributes vpn-tunnel-protocol ikev1 dynamic-access-policy-record DfltAccessPolicy username vendoradmin password RTts.fr1rhX42/zx encrypted privilege 15 username ciscoadmin password 03ZmojsZZXvnv04i encrypted privilege 15 tunnel-group 176.137.234.162 type ipsec-l2l tunnel-group 176.137.234.162 general-attributes default-group-policy HQ_VPN tunnel-group 175.136.233.162 ipsec-attributes ikev1 pre-shared-key ***** tunnel-group 122.123.48.46 type ipsec-l2l tunnel-group 122.123.48.46 general-attributes default-group-policy JURU_VPN tunnel-group 122.123.48.46 ipsec-attributes ikev1 pre-shared-key ***** tunnel-group BT_REMOTE type remote-access tunnel-group BT_REMOTE general-attributes address-pool SSLVPN_POOL default-group-policy GroupPolicy_BT_REMOTE tunnel-group BT_REMOTE webvpn-attributes group-alias BT_REMOTE enable tunnel-group 220.96.85.198 type ipsec-l2l tunnel-group 220.96.85.198 general-attributes default-group-policy BT_VPN tunnel-group 220.96.85.198 ipsec-attributes ikev1 pre-shared-key ***** tunnel-group 212.25.105.130 type ipsec-l2l tunnel-group 212.25.105.130 general-attributes default-group-policy BT_VPN tunnel-group 212.25.105.130 ipsec-attributes ikev1 pre-shared-key ***** ! class-map SFR match access-list SFR class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum client auto message-length maximum 512 no tcp-inspection policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect ip-options inspect icmp class SFR sfr fail-open ! service-policy global_policy global prompt hostname context no call-home reporting anonymous Cryptochecksum:f7043e64c6e0712d6d2c35f86b0e47e5 : end