show run : Saved : : Hardware: ASA5506, 4096 MB RAM, CPU Atom C2000 series 1250 MHz, 1 CPU (4 cores) : ASA Version 9.6(2) ! hostname JR domain-name abc.com.my enable password RVNHYJApQV0wecmG encrypted names ip local pool ABC_SSLVPN_JR_IP 10.100.12.1-10.100.12.254 mask 255.255.255.0 ! interface GigabitEthernet1/1 no nameif no security-level no ip address ! interface GigabitEthernet1/2 nameif inside security-level 100 ip address 10.68.62.100 255.255.255.0 ! interface GigabitEthernet1/3 nameif outside security-level 0 ip address 122.123.48.46 255.255.255.252 ! interface GigabitEthernet1/4 shutdown no nameif no security-level no ip address ! interface GigabitEthernet1/5 shutdown no nameif no security-level no ip address ! interface GigabitEthernet1/6 shutdown no nameif no security-level no ip address ! interface GigabitEthernet1/7 shutdown no nameif no security-level no ip address ! interface GigabitEthernet1/8 shutdown no nameif no security-level no ip address ! interface Management1/1 management-only no nameif no security-level no ip address ! boot system disk0:/asa962-lfbff-k8-5506.SPA ftp mode passive clock timezone MYT 8 dns server-group DefaultDNS domain-name abc.com.my object network obj_any subnet 0.0.0.0 0.0.0.0 object network HQ_10.3.66.0 subnet 10.3.66.0 255.255.255.0 object network HQ_10.1.1.0 subnet 10.1.1.0 255.255.255.0 object network SG_172.18.0.0 subnet 172.18.0.0 255.255.0.0 object network Internal_10.68.62.0 subnet 10.68.62.0 255.255.255.0 object network External_218.111.56.96 subnet 218.111.56.96 255.255.255.252 object network BT_10.68.64.0 subnet 10.68.64.0 255.255.255.0 object network JR_SSLVPN_10.100.12.0 subnet 10.100.12.0 255.255.255.0 object network NETWORK_OBJ_10.68.62.0_24 subnet 10.68.62.0 255.255.255.0 object network NETWORK_OBJ_10.100.12.0_24 subnet 10.100.12.0 255.255.255.0 object-group network DM_INLINE_NETWORK_1 network-object object HQ_10.1.1.0 network-object object HQ_10.3.66.0 access-list inside_access_in extended permit ip object Internal_10.68.62.0 object HQ_10.1.1.0 access-list inside_access_in extended permit ip object Internal_10.68.62.0 object HQ_10.3.66.0 access-list inside_access_in extended permit ip object Internal_10.68.62.0 object SG_172.18.0.0 access-list inside_access_in extended permit icmp any any access-list inside_access_in extended permit ip object Internal_10.68.62.0 any access-list inside_access_in extended permit ip any any access-list outside_cryptomap extended permit ip 10.68.62.0 255.255.255.0 object-group DM_INLINE_NETWORK_1 access-list outside_cryptomap_3 extended permit ip 10.68.62.0 255.255.255.0 object BTengah_10.68.64.0 access-list SSLVPN standard permit 10.68.62.0 255.255.255.0 access-list AnyConnect_Client_Local_Print extended deny ip any4 any4 access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq lpd access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 631 access-list AnyConnect_Client_Local_Print remark Windows' printing port access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 9100 access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol access-list AnyConnect_Client_Local_Print extended permit udp any4 host 224.0.0.251 eq 5353 access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name Resolution protocol access-list AnyConnect_Client_Local_Print extended permit udp any4 host 224.0.0.252 eq 5355 access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 137 access-list AnyConnect_Client_Local_Print extended permit udp any4 any4 eq netbios-ns access-list outside_access_in extended permit tcp any any eq smtp access-list SFR extended permit ip any any access-list inside_access_in_1 extended permit ip any any access-list outside_access_in_1 extended permit ip any any pager lines 24 logging enable logging asdm informational mtu inside 1500 mtu outside 1500 icmp unreachable rate-limit 1 burst-size 1 icmp permit any inside asdm image disk0:/asdm-762-150.bin no asdm history enable arp timeout 14400 no arp permit-nonconnected arp rate-limit 16384 nat (inside,outside) source static NETWORK_OBJ_10.68.62.0_24 NETWORK_OBJ_10.68.62.0_24 destination static DM_INLINE_NETWORK_1 DM_INLINE_NETWORK_1 no-proxy-arp route-lookup nat (inside,outside) source static any any destination static NETWORK_OBJ_10.100.12.0_24 NETWORK_OBJ_10.100.12.0_24 no-proxy-arp route-lookup nat (inside,outside) source static NETWORK_OBJ_10.68.62.0_24 NETWORK_OBJ_10.68.62.0_24 destination static BTengah_10.68.64.0 BTengah_10.68.64.0 no-proxy-arp route-lookup ! nat (inside,outside) after-auto source dynamic any interface access-group inside_access_in_1 in interface inside access-group outside_access_in_1 in interface outside route outside 0.0.0.0 0.0.0.0 121.122.47.45 1 timeout xlate 3:00:00 timeout pat-xlate 0:00:30 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 timeout conn-holddown 0:00:15 user-identity default-domain LOCAL aaa authentication ssh console LOCAL http server enable 10443 http 0.0.0.0 0.0.0.0 inside http 0.0.0.0 0.0.0.0 outside snmp-server host inside 10.1.1.137 community ***** version 2c udp-port 161 no snmp-server contact snmp-server community ***** service sw-reset-button crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transport crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transport crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transport crypto ipsec ikev2 ipsec-proposal AES256 protocol esp encryption aes-256 protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES192 protocol esp encryption aes-192 protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES protocol esp encryption aes protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal 3DES protocol esp encryption 3des protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal DES protocol esp encryption des protocol esp integrity sha-1 md5 crypto ipsec security-association pmtu-aging infinite crypto map outside_map0 1 match address outside_cryptomap crypto map outside_map0 1 set peer 176.137.234.162 crypto map outside_map0 1 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 crypto map outside_map0 2 match address outside_cryptomap_3 crypto map outside_map0 2 set peer 176.137.232.222 crypto map outside_map0 2 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 crypto map outside_map0 interface outside crypto ca trustpool policy crypto ikev2 policy 1 encryption aes-256 integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 10 encryption aes-192 integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 20 encryption aes integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 30 encryption 3des integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 40 encryption des integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev1 enable outside crypto ikev1 policy 20 authentication rsa-sig encryption aes-256 hash sha group 2 lifetime 86400 crypto ikev1 policy 30 authentication pre-share encryption aes-256 hash sha group 2 lifetime 86400 crypto ikev1 policy 50 authentication rsa-sig encryption aes-192 hash sha group 2 lifetime 86400 crypto ikev1 policy 60 authentication pre-share encryption aes-192 hash sha group 2 lifetime 86400 crypto ikev1 policy 80 authentication rsa-sig encryption aes hash sha group 2 lifetime 86400 crypto ikev1 policy 90 authentication pre-share encryption aes hash sha group 2 lifetime 86400 crypto ikev1 policy 110 authentication rsa-sig encryption 3des hash sha group 2 lifetime 86400 crypto ikev1 policy 120 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 crypto ikev1 policy 140 authentication rsa-sig encryption des hash sha group 2 lifetime 86400 crypto ikev1 policy 150 authentication pre-share encryption des hash sha group 2 lifetime 86400 telnet timeout 5 ssh stricthostkeycheck ssh 0.0.0.0 0.0.0.0 inside ssh 0.0.0.0 0.0.0.0 outside ssh timeout 60 ssh key-exchange group dh-group1-sha1 console timeout 0 management-access inside threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept ntp server 103.16.182.23 source outside webvpn port 8443 enable outside dtls port 8443 anyconnect image disk0:/anyconnect-win-4.3.05017-k9.pkg 1 anyconnect profiles JR_REMOTE disk0:/jr_remote.xml anyconnect enable tunnel-group-list enable cache disable error-recovery disable group-policy DfltGrpPolicy attributes vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-clientless group-policy GroupPolicy_JR_REMOTE internal group-policy GroupPolicy_JR_REMOTE attributes wins-server none dns-server value 10.1.1.57 10.1.1.58 vpn-tunnel-protocol ssl-client split-tunnel-policy tunnelspecified split-tunnel-network-list value SSLVPN default-domain value ccb.com.my client-bypass-protocol enable address-pools value CCB_SSLVPN_JURU_IP webvpn anyconnect profiles value JURU_REMOTE type user group-policy BT_VPN internal group-policy BT_VPN attributes vpn-tunnel-protocol ikev1 l2tp-ipsec group-policy HQ_VPN internal group-policy HQ_VPN attributes vpn-tunnel-protocol ikev1 l2tp-ipsec dynamic-access-policy-record DfltAccessPolicy username vendoradmin password RTts.fr1rhX42/zx encrypted privilege 15 username ciscoadmin password 03ZmojsZZXvnv04i encrypted privilege 15 tunnel-group 176.137.234.162 type ipsec-l2l tunnel-group 176.137.234.162 general-attributes default-group-policy HQ_VPN tunnel-group 176.137.234.162 ipsec-attributes ikev1 pre-shared-key ***** tunnel-group JR_REMOTE type remote-access tunnel-group JR_REMOTE general-attributes address-pool CCB_SSLVPN_JURU_IP default-group-policy GroupPolicy_JURU_REMOTE tunnel-group JR_REMOTE webvpn-attributes group-alias JR_REMOTE enable tunnel-group 176.137.232.222 type ipsec-l2l tunnel-group 176.137.232.222 general-attributes default-group-policy BT_VPN tunnel-group 176.137.232.222 ipsec-attributes ikev1 pre-shared-key ***** ! class-map SFR match access-list SFR class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum client auto message-length maximum 512 no tcp-inspection policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect ip-options class SFR sfr fail-open ! service-policy global_policy global prompt hostname context no call-home reporting anonymous Cryptochecksum:d194bbae671864181edba00801dfecb4 : end