: Hardware: ASA5516, 8192 MB RAM, CPU Atom C2000 series 2416 MHz, 1 CPU (8 cores) : Written by enable_15 at 13:07:17.202 EDT Thu Aug 16 2018 ! ASA Version 9.8(2) ! hostname VPN-A domain-name chesterfield.gov ip local pool Employee x.x.x.x-x.x.x.x mask 255.255.254.0 ip local pool IST-NetworkAdmin x.x.x.x-x.x.x.x mask 255.255.255.240 ip local pool PD-Unfiltered x.x.x.x-x.x.x.x mask 255.255.255.240 ip local pool SSC-CAIS x.x.x.x-x.x.x.x mask 255.255.255.248 ip local pool UTIL-SCADA x.x.x.x-x.x.x.x mask 255.255.255.240 ! interface GigabitEthernet1/1 nameif outside security-level 0 ip address x.x.x.x-x.x.x.x 255.255.255.0 ! interface GigabitEthernet1/2 nameif inside security-level 100 ip address x.x.x.x-x.x.x.x 255.255.255.0 ! interface GigabitEthernet1/3 shutdown no nameif no security-level no ip address ! interface GigabitEthernet1/4 shutdown no nameif no security-level no ip address ! interface GigabitEthernet1/5 shutdown no nameif no security-level no ip address ! interface GigabitEthernet1/6 shutdown no nameif no security-level no ip address ! interface GigabitEthernet1/7 shutdown no nameif no security-level no ip address ! interface GigabitEthernet1/8 shutdown no nameif no security-level no ip address ! interface Management1/1 management-only shutdown no nameif no security-level no ip address ! banner login banner login This is a proprietary system, NOT for public or personal use. All work products, banner login communications, files, data or information directly or indirectly created, input banner login or accessed on this system are and shall become the sole property of banner login Chesterfield County Gov. banner login banner login banner login This system is actively monitored and accessed by Chesterfield County Gov. banner login By logging onto this system, the user consents to such monitoring and access. banner login banner login banner login USE OF THIS SYSTEM WITHOUT OR IN EXCESS OF THE PROPER AUTHORIZATION MAY SUBJECT banner login THE USER TO DISCIPLINE AND/OR CIVIL AND CRIMINAL PENALTIES banner login boot system disk0:/asa982-lfbff-k8.SPA ftp mode passive clock timezone EST -5 clock summer-time EDT recurring dns domain-lookup inside dns server-group DefaultDNS name-server x.x.x.x inside name-server x.x.x.x name-server x.x.x.x name-server x.x.x.x domain-name chesterfield.gov access-list redistribute remark General Use (Pool name Employee) access-list redistribute standard permit x.x.x.x 255.255.254.0 access-list redistribute remark UTIL-SCADA (Pool name UTIL-SCADA) access-list redistribute standard permit x.x.x.x 255.255.255.240 access-list redistribute remark PD-Unfiltered (Pool name PD-Unfiltered) access-list redistribute standard permit x.x.x.x 255.255.255.240 access-list redistribute remark IST Network Admin (Pool Name IST-NetworkAdmin) access-list redistribute standard permit x.x.x.x 255.255.255.240 access-list redistribute remark State Supreme Court - CAIS (Pool name SSC-CAIS) access-list redistribute standard permit x.x.x.x 255.255.255.248 access-list AnyConnect_Client_Local_Print extended deny ip any4 any4 access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq lpd access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 631 access-list AnyConnect_Client_Local_Print remark Windows' printing port access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 9100 access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol access-list AnyConnect_Client_Local_Print extended permit udp any4 host 224.0.0.251 eq 5353 access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name Resolution protocol access-list AnyConnect_Client_Local_Print extended permit udp any4 host 224.0.0.252 eq 5355 access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 137 access-list AnyConnect_Client_Local_Print extended permit udp any4 any4 eq netbios-ns pager lines 35 logging enable logging timestamp logging buffer-size 65000 logging buffered informational logging trap informational logging asdm debugging logging host inside x.x.x.x no logging message 717045 no logging message 716021 no logging message 611318 no logging message 602102 no logging message 713204 no logging message 611317 no logging message 602101 no logging message 737010 no logging message 717047 no logging message 611316 no logging message 717048 no logging message 716016 no logging message 611323 no logging message 716017 no logging message 611322 no logging message 716018 no logging message 611321 no logging message 737006 no logging message 716019 no logging message 713211 no logging message 611320 no logging message 741004 no logging message 713213 no logging message 737005 no logging message 109001 no logging message 741002 no logging message 713215 no logging message 741003 no logging message 717024 no logging message 603107 no logging message 109003 no logging message 741000 no logging message 717025 no logging message 603106 no logging message 109002 no logging message 741001 no logging message 737001 no logging message 603105 no logging message 109005 no logging message 603104 no logging message 717028 no logging message 611303 no logging message 109007 no logging message 717029 no logging message 611302 no logging message 109006 no logging message 717030 no logging message 620001 no logging message 611301 no logging message 603109 no logging message 603108 no logging message 611307 no logging message 718049 no logging message 717033 no logging message 611306 no logging message 717034 no logging message 713160 no logging message 611305 no logging message 402130 no logging message 302304 no logging message 718051 no logging message 717035 no logging message 611304 no logging message 717036 no logging message 611311 no logging message 611310 no logging message 426001 no logging message 402129 no logging message 315011 no logging message 717038 no logging message 713164 no logging message 611309 no logging message 426002 no logging message 611308 no logging message 426003 no logging message 725008 no logging message 725009 no logging message 713169 no logging message 725010 no logging message 718058 no logging message 410004 no logging message 311004 no logging message 109021 no logging message 725011 no logging message 718059 no logging message 713171 no logging message 725012 no logging message 718036 no logging message 713170 no logging message 311002 no logging message 725013 no logging message 718037 no logging message 713173 no logging message 311003 no logging message 725014 no logging message 718038 no logging message 713172 no logging message 621001 no logging message 106015 no logging message 718039 no logging message 311001 no logging message 109008 no logging message 106012 no logging message 717016 no logging message 621003 no logging message 713177 no logging message 621002 no logging message 613002 no logging message 718034 no logging message 621005 no logging message 613003 no logging message 718035 no logging message 621004 no logging message 621007 no logging message 613001 no logging message 603103 no logging message 314002 no logging message 621006 no logging message 603102 no logging message 330005 no logging message 314003 no logging message 109014 no logging message 718046 no logging message 717022 no logging message 603101 no logging message 718047 no logging message 602304 no logging message 314001 no logging message 718040 no logging message 322004 no logging message 314006 no logging message 718041 no logging message 713121 no logging message 314004 no logging message 314005 no logging message 772005 no logging message 724004 no logging message 604103 no logging message 718021 no logging message 604102 no logging message 718022 no logging message 713124 no logging message 604101 no logging message 718023 no logging message 403500 no logging message 725001 no logging message 723001 no logging message 718017 no logging message 709001 no logging message 725002 no logging message 723002 no logging message 713128 no logging message 201010 no logging message 725003 no logging message 724003 no logging message 723003 no logging message 718019 no logging message 717003 no logging message 725004 no logging message 723004 no logging message 720060 no logging message 717004 no logging message 709002 no logging message 201012 no logging message 734003 no logging message 725005 no logging message 723005 no logging message 720061 no logging message 718029 no logging message 717005 no logging message 725006 no logging message 723006 no logging message 720062 no logging message 718030 no logging message 717006 no logging message 734001 no logging message 725007 no logging message 723007 no logging message 720063 no logging message 717007 no logging message 720056 no logging message 719024 no logging message 420004 no logging message 720057 no logging message 719025 no logging message 718025 no logging message 420005 no logging message 720058 no logging message 719026 no logging message 718026 no logging message 720059 no logging message 718027 no logging message 604104 no logging message 718004 no logging message 606005 no logging message 622001 no logging message 606004 no logging message 713143 no logging message 606003 no logging message 419003 no logging message 720048 no logging message 719016 no logging message 606002 no logging message 720049 no logging message 719017 no logging message 713905 no logging message 713145 no logging message 606001 no logging message 720050 no logging message 719018 no logging message 713906 no logging message 719019 no logging message 718003 no logging message 713147 no logging message 719020 no logging message 720045 no logging message 719021 no logging message 718013 no logging message 720046 no logging message 719022 no logging message 719023 no logging message 617100 no logging message 308001 no logging message 723008 no logging message 720040 no logging message 421004 no logging message 723009 no logging message 720041 no logging message 719009 no logging message 421005 no logging message 723010 no logging message 720042 no logging message 719010 no logging message 723011 no logging message 719011 no logging message 723012 no logging message 719012 no logging message 723013 no logging message 720037 no logging message 719013 no logging message 723014 no logging message 703002 no logging message 421002 no logging message 720039 no logging message 719015 no logging message 720032 no logging message 713094 no logging message 719001 no logging message 713097 no logging message 711001 no logging message 703001 no logging message 106026 no logging message 720034 no logging message 713096 no logging message 719003 no logging message 713099 no logging message 720028 no logging message 719004 no logging message 711002 no logging message 106025 no logging message 720029 no logging message 719005 no logging message 713101 no logging message 720030 no logging message 719006 no logging message 720031 no logging message 719007 no logging message 713103 no logging message 720024 no logging message 720025 no logging message 199003 no logging message 720026 no logging message 713104 no logging message 199002 no logging message 720027 no logging message 199005 no logging message 713108 no logging message 720023 no logging message 752008 no logging message 713113 no logging message 713114 no logging message 732003 no logging message 722013 no logging message 713117 no logging message 732002 no logging message 722014 no logging message 720014 no logging message 732001 no logging message 720015 no logging message 737031 no logging message 305007 no logging message 199019 no logging message 751003 no logging message 720010 no logging message 199018 no logging message 752002 no logging message 737029 no logging message 720004 no logging message 720005 no logging message 737026 no logging message 722022 no logging message 720006 no logging message 722023 no logging message 721001 no logging message 712001 no logging message 721002 no logging message 720002 no logging message 721003 no logging message 720003 no logging message 712003 no logging message 721004 no logging message 713066 no logging message 712002 no logging message 305012 no logging message 722029 no logging message 305011 no logging message 722030 no logging message 721006 no logging message 305010 no logging message 113017 no logging message 722031 no logging message 305009 no logging message 113016 no logging message 722024 no logging message 721008 no logging message 722025 no logging message 722026 no logging message 721010 no logging message 722027 no logging message 722036 no logging message 721012 no logging message 710005 no logging message 338301 no logging message 721014 no logging message 710004 no logging message 113009 no logging message 713079 no logging message 710007 no logging message 113008 no logging message 721016 no logging message 710006 no logging message 614002 no logging message 113011 no logging message 710001 no logging message 113010 no logging message 721018 no logging message 715080 no logging message 113013 no logging message 614001 no logging message 113012 no logging message 710002 no logging message 113015 no logging message 731003 no logging message 113014 no logging message 106102 no logging message 731002 no logging message 210022 no logging message 731001 no logging message 103012 no logging message 113003 no logging message 715073 no logging message 713025 no logging message 113002 no logging message 715072 no logging message 713024 no logging message 113005 no logging message 715075 no logging message 713027 no logging message 113004 no logging message 715074 no logging message 713026 no logging message 113007 no logging message 722053 no logging message 715077 no logging message 713029 no logging message 113006 no logging message 715076 no logging message 713028 no logging message 715079 no logging message 713031 no logging message 702307 no logging message 715078 no logging message 713030 no logging message 702306 no logging message 608001 no logging message 702304 no logging message 713035 no logging message 616001 no logging message 713034 no logging message 713037 no logging message 335004 no logging message 713036 no logging message 713039 no logging message 335006 no logging message 713038 no logging message 335007 no logging message 713040 no logging message 335001 no logging message 415001 no logging message 303002 no logging message 713044 no logging message 415003 no logging message 607003 no logging message 415002 no logging message 617002 no logging message 615002 no logging message 715049 no logging message 617003 no logging message 607001 no logging message 715048 no logging message 114005 no logging message 715051 no logging message 617001 no logging message 615001 no logging message 114004 no logging message 715050 no logging message 611102 no logging message 715053 no logging message 611101 no logging message 605005 no logging message 746018 no logging message 715052 no logging message 713052 no logging message 617004 no logging message 605004 no logging message 715055 no logging message 715054 no logging message 746017 no logging message 715041 no logging message 715040 no logging message 715043 no logging message 715042 no logging message 715045 no logging message 715044 no logging message 701002 no logging message 715047 no logging message 715046 no logging message 713256 no logging message 715065 no logging message 713001 no logging message 701001 no logging message 715064 no logging message 715067 no logging message 713263 no logging message 715066 no logging message 715069 no logging message 715068 no logging message 715071 no logging message 713267 no logging message 713007 no logging message 715070 no logging message 713264 no logging message 715057 no logging message 713265 no logging message 414004 no logging message 334008 no logging message 715056 no logging message 414007 no logging message 338104 no logging message 334009 no logging message 715059 no logging message 713271 no logging message 715058 no logging message 715061 no logging message 713269 no logging message 610101 no logging message 414008 no logging message 302010 no logging message 111009 no logging message 715060 no logging message 444103 no logging message 302009 no logging message 715063 no logging message 715062 no logging message 302015 no logging message 715017 no logging message 713273 no logging message 302014 no logging message 715016 no logging message 302013 no logging message 334001 no logging message 715019 no logging message 302012 no logging message 715018 no logging message 302003 no logging message 715021 no logging message 602303 no logging message 334004 no logging message 715020 no logging message 312001 no logging message 715023 no logging message 713219 no logging message 713023 no logging message 444108 no logging message 425004 no logging message 338101 no logging message 110003 no logging message 715022 no logging message 338102 no logging message 110002 no logging message 334007 no logging message 716041 no logging message 715009 no logging message 338103 no logging message 716040 no logging message 715008 no logging message 713222 no logging message 444107 no logging message 304005 no logging message 716043 no logging message 715011 no logging message 713223 no logging message 444104 no logging message 304004 no logging message 302004 no logging message 716042 no logging message 715010 no logging message 713220 no logging message 425001 no logging message 415017 no logging message 716037 no logging message 715013 no logging message 713221 no logging message 336011 no logging message 425002 no logging message 335012 no logging message 716036 no logging message 715012 no logging message 425003 no logging message 304009 no logging message 335013 no logging message 716039 no logging message 715015 no logging message 429006 no logging message 335014 no logging message 716038 no logging message 715014 no logging message 713224 no logging message 429005 no logging message 716033 no logging message 715033 no logging message 713225 no logging message 716032 no logging message 715032 no logging message 338304 no logging message 335009 no logging message 333009 no logging message 716035 no logging message 715035 no logging message 335010 no logging message 716034 no logging message 715034 no logging message 713228 no logging message 730003 no logging message 335011 no logging message 715037 no logging message 746002 no logging message 730002 no logging message 715036 no logging message 730001 no logging message 715039 no logging message 713235 no logging message 715038 no logging message 302303 no logging message 746001 no logging message 730007 no logging message 715025 no logging message 713233 no logging message 730006 no logging message 715024 no logging message 730005 no logging message 716059 no logging message 715027 no logging message 730004 no logging message 716058 no logging message 715026 no logging message 713236 no logging message 622102 no logging message 715029 no logging message 714005 no logging message 730010 no logging message 715028 no logging message 714004 no logging message 715031 no logging message 714007 no logging message 622101 no logging message 746008 no logging message 730008 no logging message 715030 no logging message 714006 no logging message 609002 no logging message 746009 no logging message 716049 no logging message 714001 no logging message 108005 no logging message 716051 no logging message 716012 no logging message 714003 no logging message 609001 no logging message 108007 no logging message 746012 no logging message 716050 no logging message 716013 no logging message 714002 no logging message 428001 no logging message 108006 no logging message 746013 no logging message 716014 no logging message 120007 no logging message 113033 no logging message 716015 no logging message 302033 no logging message 716008 no logging message 321004 no logging message 716009 no logging message 716010 no logging message 714009 no logging message 713184 no logging message 120003 no logging message 113037 no logging message 716011 no logging message 714008 no logging message 713187 no logging message 109036 no logging message 333001 no logging message 716004 no logging message 714011 no logging message 113039 no logging message 716005 no logging message 714010 no logging message 321003 no logging message 333003 no logging message 716006 no logging message 109025 no logging message 109024 no logging message 713190 no logging message 716001 no logging message 715001 no logging message 716002 no logging message 715002 no logging message 713192 no logging message 716003 no logging message 715003 no logging message 113028 no logging message 716028 no logging message 715004 no logging message 716029 no logging message 715005 no logging message 716030 no logging message 715006 no logging message 199909 no logging message 302018 no logging message 716031 no logging message 715007 no logging message 302017 no logging message 726001 no logging message 716024 no logging message 611315 no logging message 302016 no logging message 737016 no logging message 717041 no logging message 716025 no logging message 611314 no logging message 737017 no logging message 716026 no logging message 737014 no logging message 717043 no logging message 716027 no logging message 611312 no logging message 602104 no logging message 302021 no logging message 737015 no logging message 716020 no logging message 199907 no logging message 611319 no logging message 602103 no logging message 302020 mtu outside 1500 mtu inside 1500 no failover no monitor-interface service-module icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-792-152.bin no asdm history enable arp timeout 14400 no arp permit-nonconnected arp rate-limit 16384 ! route-map redistribute permit 1 match ip address redistribute ! router ospf 10 network x.x.x.x 255.255.255.0 area 0.0.0.0 network x.x.x.x 255.255.255.0 area 0.0.0.0 area 0.0.0.0 log-adj-changes ! router eigrp 1 network x.x.x.x 255.255.255.0 passive-interface outside redistribute static route-map redistribute ! route inside 0.0.0.0 0.0.0.0 x.x.x.x tunneled timeout xlate 3:00:00 timeout pat-xlate 0:00:30 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 timeout conn-holddown 0:00:15 timeout igp stale-route 0:01:10 ldap attribute-map LDAP_memberOf map-name memberOf Group-Policy map-value memberOf CN=VPN,DC=chesterfield,DC=gov RemoteAccess_Grp aaa-server Certificate protocol kerberos aaa-server Certificate (inside) host x.x.x.x kerberos-realm CHESTERFIELD.GOV aaa-server Certificate (inside) host x.x.x.x kerberos-realm CHESTERFIELD.GOV aaa-server Certificate (inside) host x.x.x.x kerberos-realm CHESTERFIELD.GOV aaa-server Certificate (inside) host x.x.x.x kerberos-realm UTILITIES.CHESTERFIELD.GOV aaa-server Certificate (inside) host x.x.x.x kerberos-realm UTILITIES.CHESTERFIELD.GOV aaa-server Fontana protocol radius aaa-server Fontana (inside) host x.x.x.x key MaskedKey aaa-server Glendora protocol radius aaa-server Glendora (inside) host x.x.x.x key MaskedKey aaa-server Duo-LDAP protocol ldap aaa-server Duo-LDAP (outside) host api-Masked.duosecurity.com timeout 60 server-port 636 ldap-base-dn dc=Masked,dc=duosecurity,dc=com ldap-naming-attribute cn ldap-login-password Masked Password ldap-login-dn dc=Masked,dc=duosecurity,dc=com ldap-over-ssl enable server-type auto-detect aaa-server LDAP-Domain protocol ldap aaa-server LDAP-Domain (inside) host x.x.x.x ldap-base-dn DC=chesterfield,DC=gov ldap-naming-attribute sAMAccountName ldap-login-password Masked Password ldap-login-dn vpn.firewall server-type microsoft ldap-attribute-map LDAP_memberOf user-identity default-domain LOCAL aaa authentication ssh console LOCAL aaa authentication http console LOCAL no aaa authentication login-history http server enable http x.x.x.x 255.255.0.0 inside http x.x.x.x 255.255.255.0 inside http x.x.x.x 255.255.255.0 inside http x.x.x.x 255.255.255.240 inside http x.x.x.x 255.255.255.240 inside http x.x.x.x 255.255.255.240 inside http x.x.x.x 255.255.254.0 inside http x.x.x.x 255.255.255.240 inside snmp-server host inside x.x.x.x poll community Masked version 2c snmp-server location Masked no snmp-server contact snmp-server community Masked service sw-reset-button crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transport crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transport crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transport crypto ipsec ikev2 ipsec-proposal DES protocol esp encryption des protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal 3DES protocol esp encryption 3des protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES protocol esp encryption aes protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES192 protocol esp encryption aes-192 protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES256 protocol esp encryption aes-256 protocol esp integrity sha-1 md5 crypto ipsec security-association pmtu-aging infinite crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set nat-t-disable crypto map outside_map0 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP crypto map outside_map0 interface outside crypto ca trustpoint ASDM_TrustPoint1 enrollment terminal crl configure crypto ca trustpoint ASDM_TrustPoint3 keypair ASDM_TrustPoint3 crl configure crypto ca trustpool policy crypto ca certificate map DefaultCertificateMap 50 issuer-name eq abbot crypto ca certificate map UTIL-SCADA 26 subject-name attr ea eq Masked E-mail Address crypto ca certificate map UTIL-SCADA 27 subject-name attr ea eq Masked E-mail Address crypto ca certificate map UTIL-SCADA 28 subject-name attr ea eq Masked E-mail Address crypto ca certificate map UTIL-SCADA 29 subject-name attr ea eq Masked E-mail Address crypto ca certificate map UTIL-SCADA 30 subject-name attr ea eq Masked E-mail Address crypto ca certificate map UTIL-SCADA 31 subject-name attr ea eq Masked E-mail Address crypto ca certificate map UTIL-SCADA 32 subject-name attr ea eq Masked E-mail Address crypto ca certificate map UTIL-SCADA 33 subject-name attr ea eq Masked E-mail Address crypto ca certificate map UTIL-SCADA 34 subject-name attr ea eq Masked E-mail Address crypto ca certificate map UTIL-SCADA 35 subject-name attr ea eq Masked E-mail Address crypto ca certificate map UTIL-SCADA 36 subject-name attr ea eq Masked E-mail Address crypto ca certificate map UTIL-SCADA 37 subject-name attr ea eq Masked E-mail Address crypto ca certificate map UTIL-SCADA 38 subject-name attr ea eq Masked E-mail Address crypto ca certificate map UTIL-SCADA 39 subject-name attr ea eq Masked E-mail Address crypto ca certificate map UTIL-SCADA 40 subject-name attr ea eq Masked E-mail Address crypto ca certificate map UTIL-SCADA 41 subject-name attr ea eq Masked E-mail Address crypto ca certificate map UTIL-SCADA 42 subject-name attr ea eq Masked E-mail Address crypto ca certificate map UTIL-SCADA 43 subject-name attr ea eq Masked E-mail Address crypto ca certificate map UTIL-SCADA 44 subject-name attr ea eq Masked E-mail Address crypto ca certificate map UTIL-SCADA 45 subject-name attr ea eq Masked E-mail Address crypto ca certificate map UTIL-SCADA 46 subject-name attr ea eq Masked E-mail Address crypto ca certificate map UTIL-SCADA 47 subject-name attr ea eq Masked E-mail Address crypto ca certificate map UTIL-SCADA 48 subject-name attr ea eq Masked E-mail Address crypto ca certificate map UTIL-SCADA 49 subject-name attr ea eq Masked E-mail Address crypto ca certificate map IST-NetworkAdmin 10 subject-name attr ea eq Masked E-mail Address crypto ca certificate map IST-NetworkAdmin 11 subject-name attr ea eq Masked E-mail Address crypto ca certificate map IST-NetworkAdmin 12 subject-name attr ea eq Masked E-mail Address crypto ca certificate map IST-NetworkAdmin 13 subject-name attr ea eq Masked E-mail Address crypto ca certificate map IST-NetworkAdmin 14 subject-name attr ea eq Masked E-mail Address crypto ca certificate map IST-NetworkAdmin 15 subject-name attr ea eq Masked E-mail Address crypto ca certificate map SSC-CAIS 21 subject-name attr ea eq Masked E-mail Address crypto ca certificate map SSC-CAIS 22 subject-name attr ea eq Masked E-mail Address crypto ca certificate chain ASDM_TrustPoint1 certificate ca Masked quit crypto ca certificate chain ASDM_TrustPoint3 certificate Masked quit crypto ikev2 policy 1 encryption aes-256 integrity sha group 5 prf sha lifetime seconds 86400 crypto ikev2 policy 10 encryption aes-192 integrity sha group 5 prf sha lifetime seconds 86400 crypto ikev2 policy 20 encryption aes integrity sha group 5 prf sha lifetime seconds 86400 crypto ikev2 policy 30 encryption 3des integrity sha group 5 prf sha lifetime seconds 86400 crypto ikev2 policy 40 encryption des integrity sha group 5 prf sha lifetime seconds 86400 crypto ikev2 enable outside client-services port 443 crypto ikev2 remote-access trustpoint ASDM_TrustPoint3 crypto ikev1 enable outside crypto ikev1 policy 10 authentication pre-share encryption aes-256 hash sha group 2 lifetime 86400 crypto ikev1 policy 20 authentication pre-share encryption 3des hash md5 group 2 lifetime 86400 crypto ikev1 policy 30 authentication pre-share encryption aes-256 hash sha group 5 lifetime 86400 telnet timeout 5 ssh stricthostkeycheck ssh x.x.x.x 255.255.0.0 inside ssh x.x.x.x 255.255.255.0 inside ssh x.x.x.x 255.255.255.240 inside ssh x.x.x.x 255.255.255.240 inside ssh x.x.x.x 255.255.254.0 inside ssh x.x.x.x 255.255.255.240 inside ssh x.x.x.x 255.255.255.255 inside ssh timeout 30 ssh version 2 ssh key-exchange group dh-group1-sha1 console timeout 30 management-access inside vpn-addr-assign local reuse-delay 10 threat-detection basic-threat threat-detection statistics host threat-detection statistics port threat-detection statistics protocol threat-detection statistics access-list no threat-detection statistics tcp-intercept ntp server x.x.x.x source inside ntp server x.x.x.x source inside ntp server x.x.x.x source inside prefer ssl trust-point ASDM_TrustPoint3 outside webvpn enable outside anyconnect image disk0:/anyconnect-win-3.1.02026-k9.pkg 1 anyconnect profiles VPN-A disk0:/vpn-a.xml anyconnect profiles VPN-A(duo) disk0:/vpn-a(duo).xml anyconnect enable tunnel-group-list enable cache disable certificate-group-map UTIL-SCADA 26 UTIL-SCADA certificate-group-map UTIL-SCADA 27 UTIL-SCADA certificate-group-map UTIL-SCADA 28 UTIL-SCADA certificate-group-map UTIL-SCADA 29 UTIL-SCADA certificate-group-map UTIL-SCADA 30 UTIL-SCADA certificate-group-map UTIL-SCADA 31 UTIL-SCADA certificate-group-map UTIL-SCADA 32 UTIL-SCADA certificate-group-map UTIL-SCADA 33 UTIL-SCADA certificate-group-map UTIL-SCADA 34 UTIL-SCADA certificate-group-map UTIL-SCADA 35 UTIL-SCADA certificate-group-map UTIL-SCADA 36 UTIL-SCADA certificate-group-map UTIL-SCADA 37 UTIL-SCADA certificate-group-map UTIL-SCADA 38 UTIL-SCADA certificate-group-map UTIL-SCADA 39 UTIL-SCADA certificate-group-map UTIL-SCADA 40 UTIL-SCADA certificate-group-map UTIL-SCADA 41 UTIL-SCADA certificate-group-map UTIL-SCADA 42 UTIL-SCADA certificate-group-map UTIL-SCADA 43 UTIL-SCADA certificate-group-map UTIL-SCADA 44 UTIL-SCADA certificate-group-map UTIL-SCADA 45 UTIL-SCADA certificate-group-map UTIL-SCADA 46 UTIL-SCADA certificate-group-map UTIL-SCADA 47 UTIL-SCADA certificate-group-map UTIL-SCADA 48 UTIL-SCADA certificate-group-map UTIL-SCADA 49 UTIL-SCADA certificate-group-map IST-NetworkAdmin 10 IST-NetworkAdmin certificate-group-map IST-NetworkAdmin 11 IST-NetworkAdmin certificate-group-map IST-NetworkAdmin 12 IST-NetworkAdmin certificate-group-map IST-NetworkAdmin 13 IST-NetworkAdmin certificate-group-map IST-NetworkAdmin 14 IST-NetworkAdmin certificate-group-map IST-NetworkAdmin 15 IST-NetworkAdmin certificate-group-map SSC-CAIS 21 SSC-CAIS certificate-group-map SSC-CAIS 22 SSC-CAIS error-recovery disable group-policy SSC-CAIS internal group-policy SSC-CAIS attributes banner none wins-server value x.x.x.x dns-server value x.x.x.x x.x.x.x vpn-idle-timeout 30 vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec ssl-client ssl-clientless default-domain value chesterfield.gov split-tunnel-all-dns disable address-pools value SSC-CAIS scep-forwarding-url none webvpn anyconnect profiles value VPN-A type user anyconnect ask enable default webvpn always-on-vpn profile-setting group-policy UTIL-SCADA internal group-policy UTIL-SCADA attributes banner none wins-server value x.x.x.x dns-server value x.x.x.x x.x.x.x vpn-idle-timeout 30 vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec ssl-client ssl-clientless split-tunnel-policy tunnelall default-domain value chesterfield.gov address-pools value UTIL-SCADA webvpn anyconnect profiles value VPN-A type user group-policy DfltGrpPolicy attributes vpn-idle-timeout none vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-clientless default-domain value chesterfield.gov group-policy Access-Software internal group-policy Access-Software attributes banner none wins-server value x.x.x.x dns-server value x.x.x.x x.x.x.x vpn-idle-timeout 30 vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec ssl-client ssl-clientless default-domain value chesterfield.gov address-pools value Employee scep-forwarding-url none webvpn anyconnect profiles value VPN-A type user anyconnect ask enable default webvpn always-on-vpn profile-setting group-policy Duo internal group-policy Duo attributes banner none wins-server value x.x.x.x dns-server value x.x.x.x x.x.x.x vpn-idle-timeout 30 vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec ssl-client ssl-clientless password-storage disable default-domain value chesterfield.gov split-tunnel-all-dns disable webvpn anyconnect profiles value VPN-A(duo) type user anyconnect ask enable default webvpn customization value Duo group-policy IST-NetworkAdmin internal group-policy IST-NetworkAdmin attributes banner none wins-server value x.x.x.x dns-server value x.x.x.x x.x.x.x vpn-idle-timeout 30 vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec ssl-client ssl-clientless default-domain value chesterfield.gov split-tunnel-all-dns disable address-pools value IST-NetworkAdmin scep-forwarding-url none webvpn anyconnect profiles value VPN-A type user anyconnect ask enable default webvpn always-on-vpn profile-setting dynamic-access-policy-record DfltAccessPolicy username Masked Username password Masked Password encrypted privilege 15 username Masked Username password Masked Password encrypted privilege 15 username Masked Username password Masked Password encrypted privilege 15 username Masked Username password Masked Password encrypted privilege 15 username Masked Username password Masked Password encrypted privilege 15 username Masked Username password Masked Password encrypted privilege 15 username Masked Username password Masked Password encrypted privilege 15 tunnel-group UTIL-SCADA type remote-access tunnel-group UTIL-SCADA general-attributes address-pool UTIL-SCADA authentication-server-group Certificate accounting-server-group Glendora default-group-policy UTIL-SCADA tunnel-group UTIL-SCADA webvpn-attributes authentication aaa certificate group-alias UTIL-SCADA enable tunnel-group IST-NetworkAdmin type remote-access tunnel-group IST-NetworkAdmin general-attributes address-pool IST-NetworkAdmin authentication-server-group Certificate accounting-server-group Glendora default-group-policy IST-NetworkAdmin tunnel-group IST-NetworkAdmin webvpn-attributes authentication aaa certificate group-alias IST-NetworkAdmin enable tunnel-group SSC-CAIS type remote-access tunnel-group SSC-CAIS general-attributes address-pool SSC-CAIS authentication-server-group Certificate accounting-server-group Glendora default-group-policy SSC-CAIS tunnel-group SSC-CAIS webvpn-attributes authentication aaa certificate group-alias SSC-CAIS enable tunnel-group Duo type remote-access tunnel-group Duo general-attributes address-pool Employee authentication-server-group Certificate secondary-authentication-server-group Duo-LDAP use-primary-username accounting-server-group Glendora default-group-policy Duo tunnel-group Duo webvpn-attributes customization Duo authentication aaa certificate group-alias Duo enable group-url https://VPN-A.chesterfield.gov/Duo enable tunnel-group Access-Software type remote-access tunnel-group Access-Software general-attributes address-pool Employee authentication-server-group Certificate accounting-server-group Glendora default-group-policy Access-Software tunnel-group Access-Software webvpn-attributes authentication aaa certificate group-alias Access-Software enable group-url https://VPN-A.chesterfield.gov/access enable tunnel-group Access-Software ipsec-attributes ikev1 trust-point ASDM_TrustPoint3 tunnel-group-map enable rules tunnel-group-map default-group Access-Software tunnel-group-map DefaultCertificateMap 50 Access-Software tunnel-group-map UTIL-SCADA 26 UTIL-SCADA tunnel-group-map UTIL-SCADA 27 UTIL-SCADA tunnel-group-map UTIL-SCADA 28 UTIL-SCADA tunnel-group-map UTIL-SCADA 29 UTIL-SCADA tunnel-group-map UTIL-SCADA 30 UTIL-SCADA tunnel-group-map UTIL-SCADA 31 UTIL-SCADA tunnel-group-map UTIL-SCADA 32 UTIL-SCADA tunnel-group-map UTIL-SCADA 33 UTIL-SCADA tunnel-group-map UTIL-SCADA 34 UTIL-SCADA tunnel-group-map UTIL-SCADA 35 UTIL-SCADA tunnel-group-map UTIL-SCADA 36 UTIL-SCADA tunnel-group-map UTIL-SCADA 37 UTIL-SCADA tunnel-group-map UTIL-SCADA 38 UTIL-SCADA tunnel-group-map UTIL-SCADA 39 UTIL-SCADA tunnel-group-map UTIL-SCADA 40 UTIL-SCADA tunnel-group-map UTIL-SCADA 41 UTIL-SCADA tunnel-group-map UTIL-SCADA 42 UTIL-SCADA tunnel-group-map UTIL-SCADA 43 UTIL-SCADA tunnel-group-map UTIL-SCADA 44 UTIL-SCADA tunnel-group-map UTIL-SCADA 45 UTIL-SCADA tunnel-group-map UTIL-SCADA 46 UTIL-SCADA tunnel-group-map UTIL-SCADA 47 UTIL-SCADA tunnel-group-map UTIL-SCADA 48 UTIL-SCADA tunnel-group-map UTIL-SCADA 49 UTIL-SCADA tunnel-group-map IST-NetworkAdmin 10 IST-NetworkAdmin tunnel-group-map IST-NetworkAdmin 11 IST-NetworkAdmin tunnel-group-map IST-NetworkAdmin 12 IST-NetworkAdmin tunnel-group-map IST-NetworkAdmin 13 IST-NetworkAdmin tunnel-group-map IST-NetworkAdmin 14 IST-NetworkAdmin tunnel-group-map IST-NetworkAdmin 15 IST-NetworkAdmin tunnel-group-map SSC-CAIS 21 SSC-CAIS tunnel-group-map SSC-CAIS 22 SSC-CAIS ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum client auto message-length maximum 512 no tcp-inspection policy-map global_policy class inspection_default inspect ftp inspect h323 h225 inspect h323 ras inspect ip-options inspect netbios inspect rsh inspect rtsp inspect skinny inspect esmtp inspect sqlnet inspect sunrpc inspect tftp inspect sip inspect xdmcp inspect dns preset_dns_map class class-default user-statistics accounting ! service-policy global_policy global prompt hostname context no call-home reporting anonymous Cryptochecksum:62ac4ac6f7a7d19f23939f011f5c771e : end