ASA Version 8.2(5) ! hostname ASA-RP enable password xxxxx encrypted passwd xxxxx encrypted names name x.x.x.x CN name x.x.x.x FW name x.x.x.x NFC name x.x.x.x PR name 192.168.4.0 THer description THer name 192.168.3.0 TAPar description TAPar name 192.168.2.0 TATua description TATua name 192.168.7.0 TCar description TCar name 192.168.6.0 TGua description TGua name 192.168.8.0 TSJ2 description TSJ2 name x.x.x.x CN_2 name x.x.x.x PR_2 name 10.0.96.17 Conf name 192.168.5.0 THer2 description THer2 name 192.168.9.0 TSJN description TSJN name 192.168.10.0 TGua name 10.200.1.2 GCS name 192.168.1.140 ATA name 192.168.150.0 accesoremoto ! interface Ethernet0/0 switchport access vlan 2 ! interface Ethernet0/7 description Administracion switchport access vlan 12 ! interface Vlan1 nameif inside security-level 100 ip address 192.168.1.1 255.255.255.0 ! interface Vlan2 nameif outside security-level 0 pppoe client vpdn group IE ip address pppoe ! interface Vlan12 no forward interface Vlan1 nameif gestion security-level 50 ip address 192.168.191.129 255.255.255.240 management-only ! boot system disk0:/asa825-k8.bin ftp mode passive clock timezone CST -6 same-security-traffic permit inter-interface same-security-traffic permit intra-interface object-group network gestion network-object host PR network-object host NFC network-object host CN network-object host FW network-object host CN_2 network-object host PR_2 network-object host Conf object-group protocol TCPUDP protocol-object udp protocol-object tcp object-group service cam tcp-udp port-object eq 37777 object-group service cam2 tcp-udp port-object eq 81 object-group network DM_INLINE_NETWORK_2 network-object 192.168.1.0 255.255.255.0 network-object accesoremoto 255.255.255.0 object-group network DM_INLINE_NETWORK_1 network-object 192.168.1.0 255.255.255.0 network-object accesoremoto 255.255.255.0 object-group network DM_INLINE_NETWORK_6 network-object 192.168.1.0 255.255.255.0 network-object accesoremoto 255.255.255.0 object-group network DM_INLINE_NETWORK_3 network-object 192.168.1.0 255.255.255.0 network-object accesoremoto 255.255.255.0 object-group network DM_INLINE_NETWORK_5 network-object 192.168.1.0 255.255.255.0 network-object accesoremoto 255.255.255.0 access-list gestion_nat0_outbound extended permit ip 192.168.191.128 255.255.255.240 object-group gestion access-list outside_1_cryptomap extended permit ip 192.168.191.128 255.255.255.240 object-group GCI_gestion access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 TAPar 255.255.255.0 access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 192.168.155.200 255.255.255.248 access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 TAPar2 255.255.255.0 access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 TAPar 255.255.255.0 access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 TATua 255.255.255.0 access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 TGua 255.255.255.0 access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 TCar 255.255.255.0 access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 TSJ2 255.255.255.0 access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 TSJN 255.255.255.0 access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 192.168.192.0 255.255.255.252 access-list inside_nat0_outbound extended permit ip TAPar2 255.255.255.0 192.168.1.0 255.255.255.0 access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 TGua 255.255.255.0 access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 accesoremoto 255.255.255.192 access-list inside_nat0_outbound extended permit ip TATua 255.255.255.0 accesoremoto 255.255.255.192 access-list inside_nat0_outbound extended permit ip TCar 255.255.255.0 accesoremoto 255.255.255.192 access-list inside_nat0_outbound extended permit ip TGua 255.255.255.0 accesoremoto 255.255.255.192 access-list inside_nat0_outbound extended permit ip TGua 255.255.255.0 accesoremoto 255.255.255.192 access-list inside_nat0_outbound extended permit ip TSJ2 255.255.255.0 accesoremoto 255.255.255.192 access-list outside_cryptomap_1 extended permit ip 192.168.1.0 255.255.255.0 TAPar 255.255.255.0 access-list prueba_splitTunnelAcl standard permit 192.168.1.0 255.255.255.0 access-list prueba_splitTunnelAcl standard permit TSJN 255.255.255.0 access-list prueba_splitTunnelAcl standard permit TGua 255.255.255.0 access-list prueba_splitTunnelAcl standard permit 192.168.192.0 255.255.255.252 access-list outside_5_cryptomap extended permit ip object-group DM_INLINE_NETWORK_3 TATua 255.255.255.0 access-list outside_6_cryptomap extended permit ip object-group DM_INLINE_NETWORK_6 TGua 255.255.255.0 access-list outside_7_cryptomap extended permit ip object-group DM_INLINE_NETWORK_1 TCar 255.255.255.0 access-list inside_nat_static extended permit ip host 192.168.1.253 object-group gestion access-list outside_cryptomap extended permit ip 192.168.1.0 255.255.255.0 TSJ2 255.255.255.0 access-list inside_nat_static_1 extended permit ip host 192.168.1.250 object-group gestion access-list outside_9_cryptomap extended permit ip 192.168.1.0 255.255.255.0 TAPar 255.255.255.0 access-list outside_3_cryptomap extended permit ip 192.168.1.0 255.255.255.0 TAPar2 255.255.255.0 access-list outside_4_cryptomap extended permit ip object-group DM_INLINE_NETWORK_2 TSJN 255.255.255.0 access-list outside_nat_static extended permit ip host PR_2 host 192.168.192.1 access-list outside_nat0_outbound extended permit ip host PR_2 192.168.192.0 255.255.255.252 access-list inside_access_in extended deny ip 192.168.1.0 255.255.255.0 host x.x.x.x access-list inside_access_in extended deny ip 192.168.1.0 255.255.255.0 host x.x.x.x access-list inside_access_in extended permit ip 192.168.1.0 255.255.255.0 any access-list outside_2_cryptomap extended permit ip 192.168.1.0 255.255.255.0 TAPar 255.255.255.0 access-list outside_access_in extended permit ip any any access-list outside_access_in extended deny ip host x.x.x.x 192.168.1.0 255.255.255.0 access-list outside_access_in extended permit object-group TCPUDP any any object-group cam access-list outside_access_in extended permit object-group TCPUDP any any object-group cam2 access-list outside_11_cryptomap extended permit ip host 10.201.10.160 host GCS access-list inside_nat_static_2 extended permit ip host ATA host GCS access-list outside_10_cryptomap extended permit ip object-group DM_INLINE_NETWORK_5 TGua 255.255.255.0 access-list GUA extended permit ip 192.168.1.0 255.255.255.0 TGua 255.255.255.0 access-list GI_splitTunnelAcl standard permit 192.168.1.0 255.255.255.0 access-list GI_splitTunnelAcl standard permit TATua 255.255.255.0 access-list GI_splitTunnelAcl standard permit TCar 255.255.255.0 access-list GI_splitTunnelAcl standard permit TGua 255.255.255.0 access-list GI_splitTunnelAcl standard permit TGua 255.255.255.0 access-list GI_splitTunnelAcl standard permit TSJN 255.255.255.0 pager lines 24 logging enable logging timestamp logging buffer-size 65536 logging asdm-buffer-size 200 logging buffered debugging logging trap notifications logging asdm informational no logging message 106015 no logging message 313001 no logging message 313008 no logging message 106023 no logging message 710003 no logging message 106100 no logging message 302015 no logging message 302014 no logging message 302013 no logging message 302018 no logging message 302017 no logging message 302016 no logging message 302021 no logging message 302020 flow-export destination gestion PR_2 9996 flow-export template timeout-rate 1 flow-export delay flow-create 60 mtu inside 1500 mtu outside 1500 mtu gestion 1500 ip local pool prueba_pool 192.168.155.200-192.168.155.205 mask 255.255.255.0 ip local pool accesoRemoto 192.168.150.1-192.168.150.50 mask 255.255.255.0 icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-621.bin no asdm history enable arp timeout 14400 nat-control global (outside) 1 interface nat (inside) 0 access-list inside_nat0_outbound nat (inside) 1 192.168.1.0 255.255.255.0 tcp 100 100 udp 100 nat (outside) 0 access-list outside_nat0_outbound nat (gestion) 0 access-list gestion_nat0_outbound nat (gestion) 1 192.168.191.128 255.255.255.240 static (inside,outside) tcp interface 37777 192.168.1.3 37777 netmask 255.255.255.255 static (inside,outside) tcp interface 81 192.168.1.3 81 netmask 255.255.255.255 static (outside,outside) 192.168.192.1 access-list outside_nat_static static (inside,outside) 192.168.191.130 access-list inside_nat_static static (inside,outside) 192.168.191.131 access-list inside_nat_static_1 static (inside,outside) 10.201.10.160 access-list inside_nat_static_2 access-group inside_access_in in interface inside access-group outside_access_in in interface outside route outside 0.0.0.0 0.0.0.0 x.x.x.x 1 timeout xlate 3:00:00 timeout conn 0:10:00 half-closed 0:05:00 udp 0:01:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 dynamic-access-policy-record DfltAccessPolicy aaa authentication ssh console LOCAL aaa authentication telnet console LOCAL http server enable http 192.168.1.0 255.255.255.0 inside http x.x.x.x 255.255.255.248 gestion http x.x.x.x 255.255.255.255 outside http x.x.x.x 255.255.255.255 outside http 0.0.0.0 0.0.0.0 outside http x.x.x.x 255.255.255.255 outside http x.x.x.x 255.255.255.255 outside snmp-server host gestion PR_2 community ***** version 2c udp-port 161 snmp-server host outside x.x.x.x community ***** snmp-server host outside x.x.x.x community ***** snmp-server host gestion PR community ***** udp-port 161 snmp-server host gestion FW community ***** udp-port 161 no snmp-server location no snmp-server contact snmp-server community ***** snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec security-association lifetime seconds 28800 crypto ipsec security-association lifetime kilobytes 4608000 crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 crypto map outside_map 1 match address outside_1_cryptomap crypto map outside_map 1 set pfs group1 crypto map outside_map 1 set connection-type originate-only crypto map outside_map 1 set peer x.x.x.x crypto map outside_map 1 set transform-set ESP-3DES-SHA crypto map outside_map 1 set nat-t-disable crypto map outside_map 2 match address outside_2_cryptomap crypto map outside_map 2 set pfs crypto map outside_map 2 set peer x.x.x.x crypto map outside_map 2 set transform-set ESP-3DES-SHA crypto map outside_map 3 match address outside_3_cryptomap crypto map outside_map 3 set pfs crypto map outside_map 3 set peer x.x.x.x crypto map outside_map 3 set transform-set ESP-3DES-SHA crypto map outside_map 4 match address outside_4_cryptomap crypto map outside_map 4 set pfs crypto map outside_map 4 set peer x.x.x.x crypto map outside_map 4 set transform-set ESP-3DES-MD5 crypto map outside_map 4 set security-association lifetime seconds 86400 crypto map outside_map 5 match address outside_5_cryptomap crypto map outside_map 5 set pfs crypto map outside_map 5 set peer x.x.x.x crypto map outside_map 5 set transform-set ESP-3DES-MD5 crypto map outside_map 5 set security-association lifetime seconds 86400 crypto map outside_map 6 match address outside_6_cryptomap crypto map outside_map 6 set pfs crypto map outside_map 6 set peer x.x.x.x crypto map outside_map 6 set transform-set ESP-3DES-MD5 crypto map outside_map 6 set security-association lifetime seconds 28800 crypto map outside_map 7 match address outside_7_cryptomap crypto map outside_map 7 set peer x.x.x.x crypto map outside_map 7 set transform-set ESP-3DES-MD5 crypto map outside_map 7 set security-association lifetime seconds 86400 crypto map outside_map 7 set nat-t-disable crypto map outside_map 8 match address outside_cryptomap crypto map outside_map 8 set pfs group1 crypto map outside_map 8 set peer x.x.x.x crypto map outside_map 8 set transform-set ESP-3DES-MD5 crypto map outside_map 8 set security-association lifetime seconds 28800 crypto map outside_map 8 set reverse-route crypto map outside_map 9 match address outside_9_cryptomap crypto map outside_map 9 set pfs crypto map outside_map 9 set peer x.x.x.x crypto map outside_map 9 set transform-set ESP-3DES-MD5 crypto map outside_map 10 match address outside_10_cryptomap crypto map outside_map 10 set pfs crypto map outside_map 10 set peer x.x.x.x crypto map outside_map 10 set transform-set ESP-3DES-SHA crypto map outside_map 10 set reverse-route crypto map outside_map 11 match address outside_11_cryptomap crypto map outside_map 11 set pfs crypto map outside_map 11 set peer x.x.x.x crypto map outside_map 11 set transform-set ESP-3DES-MD5 crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP crypto map outside_map interface outside crypto isakmp enable outside crypto isakmp enable gestion crypto isakmp policy 10 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 telnet 192.168.1.0 255.255.255.0 inside telnet timeout 5 ssh 192.168.1.0 255.255.255.0 inside ssh 0.0.0.0 0.0.0.0 inside ssh 0.0.0.0 0.0.0.0 outside ssh x.x.x.x 255.255.255.248 gestion ssh Conf 255.255.255.255 gestion ssh 0.0.0.0 0.0.0.0 gestion ssh timeout 10 ssh version 2 console timeout 0 management-access gestion vpdn group IE request dialout pppoe vpdn group IE localname xxxxx vpdn group IE ppp authentication pap vpdn username xxxx password ***** dhcpd auto_config outside ! dhcpd address 192.168.1.11-192.168.1.138 inside dhcpd dns 8.8.8.8 interface inside dhcpd enable inside ! threat-detection basic-threat threat-detection statistics port threat-detection statistics protocol threat-detection statistics access-list threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200 webvpn group-policy prueba internal group-policy prueba attributes vpn-tunnel-protocol IPSec split-tunnel-policy tunnelspecified split-tunnel-network-list value prueba_splitTunnelAcl group-policy GI internal group-policy GI attributes dns-server value 8.8.8.8 vpn-tunnel-protocol IPSec split-tunnel-policy tunnelspecified split-tunnel-network-list value GI_splitTunnelAcl default-domain value xxxxx.com username gi_gestion password xxxxx encrypted privilege 15 tunnel-group x.x.x.x type ipsec-l2l tunnel-group x.x.x.x ipsec-attributes pre-shared-key ***** tunnel-group prueba type remote-access tunnel-group prueba general-attributes address-pool prueba_pool default-group-policy prueba_gci tunnel-group prueba ipsec-attributes pre-shared-key ***** tunnel-group GI type remote-access tunnel-group GI general-attributes address-pool accesoRemoto default-group-policy GI tunnel-group GI ipsec-attributes pre-shared-key ***** ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect icmp inspect pptp inspect http inspect ip-options class class-default flow-export event-type all destination PR_2 ! service-policy global_policy global prompt hostname context call-home reporting anonymous prompt 2 call-home profile CiscoTAC-1 no active destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address email callhome@cisco.com destination transport-method http subscribe-to-alert-group diagnostic subscribe-to-alert-group environment subscribe-to-alert-group inventory periodic monthly subscribe-to-alert-group configuration periodic monthly subscribe-to-alert-group telemetry periodic daily