VFCNETASA01# show run : Saved : : Serial Number: FCH21287XXQ : Hardware: ASA5525, 8192 MB RAM, CPU Lynnfield 2394 MHz, 1 CPU (4 cores) : ASA Version 9.8(1) ! hostname VFCNETASA01 domain-name vfc.local enable password $sha512$5000$+3uOTbCdi9jCWRXN3yuyvg==$say5xarAe+wCgJl/b05xag== pbkdf2 names ip local pool Net2-SSL-VPN-POOL 172.16.2.1-172.16.2.100 mask 255.255.255.0 ip local pool Net60-IPSEC-VPN-POOL 10.60.60.1-10.60.60.100 mask 255.255.255.0 ip local pool NET70-IPEC-VPN-POOL 11.11.11.1-11.11.11.10 mask 255.255.255.0 ! interface GigabitEthernet0/0 channel-group 1 mode active no nameif no security-level no ip address ! interface GigabitEthernet0/1 channel-group 1 mode active no nameif no security-level no ip address ! interface GigabitEthernet0/2 channel-group 1 mode active no nameif no security-level no ip address ! interface GigabitEthernet0/3 channel-group 1 mode active no nameif no security-level no ip address ! interface GigabitEthernet0/4 description mgt VLAN shutdown nameif mgt security-level 100 ip address dhcp setroute ! interface GigabitEthernet0/5 description wan1-FTTH-VNPT nameif wan1 security-level 0 ip address 113.161.107.157 255.255.255.248 ! interface GigabitEthernet0/6 description CMC-ISP nameif wan2 security-level 0 pppoe client vpdn group fpt02 ip address 183.91.25.130 255.255.255.240 ! interface GigabitEthernet0/7 shutdown nameif wan3 security-level 0 pppoe client vpdn group cmc ip address pppoe setroute ! interface Management0/0 management-only nameif management security-level 100 ip address 172.16.1.250 255.255.255.0 ! interface Port-channel1 description connect to Cisco 3850 lacp max-bundle 8 nameif conneted-dev security-level 0 no ip address ! interface Port-channel1.100 description 29-guest-wifi vlan 100 nameif guest100 security-level 50 ip address 10.100.1.254 255.255.255.0 ! interface Port-channel1.200 vlan 200 nameif dmz security-level 50 ip address 172.16.200.254 255.255.255.0 ! interface Port-channel1.900 vlan 900 nameif inside900 security-level 100 ip address 10.10.10.254 255.255.255.0 policy-route route-map PBR-INSIDE900 ! regex DomainList1 "\.yahoo\.com" banner login VFC VFCNETASA01 banner motd VFC VFCNETASA01 banner asdm VFC VFCNETASA01 boot system disk0:/asa981-smp-k8.bin ftp mode passive clock timezone ICT 7 dns domain-lookup management dns domain-lookup conneted-dev dns domain-lookup guest100 dns server-group DNSGroup name-server 172.16.17.11 name-server 172.16.17.70 name-server 172.16.17.71 name-server 172.16.17.68 domain-name vfc.local dns server-group DefaultDNS name-server 172.16.17.70 name-server 172.16.17.71 name-server 172.16.17.68 domain-name vfc.local same-security-traffic permit inter-interface same-security-traffic permit intra-interface object network generic_all subnet 0.0.0.0 0.0.0.0 object network H-VFCSRVEX01 host 172.16.17.80 description Mail Server object network Net2-VPN-SSL subnet 172.16.2.0 255.255.255.0 description Net2-VPN-SSL object network H-VFCSRVAPP01 host 172.16.17.91 description Web Server AppEpacific object network H-HCM-SVR-002 host 172.16.17.11 description Web Server vfc.com.vn object network H-VFCSRVSMS01 host 172.16.17.18 description Web Server SMS Vietguyz object service Aver80 service tcp source eq www destination eq www description Aver mgmt web 80 object service Aver1720 service tcp source eq h323 destination eq h323 description H.323 Call setup object service AverUDP description Signaling and control for audio, call, video, and data object service Aver5060 service tcp source eq sip destination eq sip description Aver SIP object service Aver1719 service udp source eq 1719 destination eq 1719 description Gatekeeper object service Aver_Data service udp destination range 30000 30699 description Signaling and control for audio, call, video, and data object service http81 service tcp destination eq 81 description banking bidv ca nhan object service http82 service tcp destination eq 82 description banking bidv doanh nghiep object service http8080 service tcp destination eq 8080 description web 8080 object service http8800 service tcp destination eq 8800 object service https444 service tcp destination eq 444 object service ftp20 service tcp destination eq ftp-data description ftp data 20 object service ftp9000 service tcp destination eq 9200 description ftp IT object network GW_R01-113.161.107.153 host 113.161.107.153 object network Net70-SSL-Pool subnet 10.70.70.0 255.255.255.0 description Net70-SSL-Pool object network Net17_ServerGroup subnet 172.16.17.0 255.255.255.0 description Net17_ServerGroup object network Net32_29User-LAN subnet 172.16.32.0 255.255.255.0 description Net32_29User-LAN object network Net64_37User-LAN subnet 172.16.64.0 255.255.255.0 description Net64_37User-LAN object network Gw-C3750-Connected host 10.10.10.253 description Gw-C3750-Connected object network Net60-IPSEC-VPN subnet 10.60.60.0 255.255.255.0 description Net60-IPSEC-VPN object service RDP3389 service tcp destination eq 3389 description RemoteDesktop3389 object service RDP8899 service tcp destination eq 8899 description RemoteDesktop8899 object service ftp9999 service tcp destination eq 9999 description ftp9999-Sql Backup object network Net100_guest100 subnet 10.100.1.0 255.255.255.0 description Net100_guest100 object network IP-113.161.107.158 host 113.161.107.158 description Web App ePacific Server IP Public object service mssql-UDP-1434 service udp destination eq 1434 object service mssql-tcp-1433 service tcp destination eq 1433 object service sql-analysis-tcp-2382 service tcp destination eq 2382 object network IP-113.161.107.156 host 113.161.107.156 description IP Public Web Server SMS Vietguys object network IP-113.161.107.155 host 113.161.107.155 description IP VPN Server Public object network IP-113.161.107.154 host 113.161.107.154 description IP Mail Server Line VPNT backup object network Net33_Wifi subnet 172.16.33.0 255.255.255.0 description Net33_Wifi object network NETWORK_OBJ_10.60.60.0_25 subnet 10.60.60.0 255.255.255.128 object service SSH3322 service tcp destination eq 3322 description SSH3322 object service sms8088 service tcp destination eq 8088 description sms8088 object network OBJ-NET16-DMZ subnet 172.16.16.0 255.255.255.0 description OBJ-NET16-DMZ object network Net172.16.0_ServerGroup subnet 172.16.0.0 255.255.0.0 description Net172.16.0_ServerGroup object network OBJ-NET10-INSIDE900 subnet 10.10.10.0 255.255.255.0 description OBJ-NET10-INSIDE900 object network OBJ-NET1-MGT subnet 172.16.1.0 255.255.255.0 description OBJ-NET1-MGT object network DDE-111.68.20.150 host 111.68.20.150 description DDE-111.68.20.150 object network DDE-195.96.193.23 host 195.96.193.23 description DDE-195.96.193.23 object network DDE-213.202.100.90 host 213.202.100.90 description DDE-213.202.100.90 object network DDE-45.77.67.197 host 45.77.67.197 description DDE-45.77.67.197 object network DDE-89.253.235.118 host 89.253.235.118 description DDE-89.253.235.118 object network DDE-66.36.173.246 host 66.36.173.246 description DDE-66.36.173.246 object network DDE-62.212.154.98 host 62.212.154.98 description DDE-62.212.154.98 object network DDE-77.123.53.200 host 77.123.53.200 description DDE-77.123.53.200 object network DDE-180.222.185.74 host 180.222.185.74 description DDE-180.222.185.74 object network DDE-84.234.64.216 host 84.234.64.216 description DDE-84.234.64.216 object network DDE-98.124.251.65 host 98.124.251.65 description DDE-98.124.251.65 object network DDE-68.171.62.42 host 68.171.62.42 description DDE-68.171.62.42 object network DDE-175.107.146.17 host 175.107.146.17 description DDE-175.107.146.17 object network DDE-194.69.192.64 host 194.69.192.64 description DDE-194.69.192.64 object network DDE-75.98.175.70 host 75.98.175.70 description DDE-75.98.175.70 object network DDE-151.236.60.40 host 151.236.60.40 description DDE-151.236.60.40 object network DDE-178.151.116.49 host 178.151.116.49 description DDE-178.151.116.49 object network DDE-62.50.190.101 host 62.50.190.101 description DDE-62.50.190.101 object network DDE-85.214.28.187 host 85.214.28.187 description DDE-85.214.28.187 object network DDE-92.48.90.34 host 92.48.90.34 description DDE-92.48.90.34 object network DDE-176.28.9.111 host 176.28.9.111 description DDE-176.28.9.111 object network DDE-85.214.106.31 host 85.214.106.31 description DDE-85.214.106.31 object network DDE-217.160.224.147 host 217.160.224.147 description DDE-217.160.224.147 object network DDE-83.220.128.111 host 83.220.128.111 description 83.220.128.111 object network DDE-72.249.127.194 host 72.249.127.194 description DDE-72.249.127.194 object network LOCKY-198.105.244.11 host 198.105.244.11 description LOCKY-198.105.244.11 object network LOCKY-104.239.213.7 host 104.239.213.7 description LOCKY-104.239.213.7 object service dhcp67 service udp destination eq bootps description dhcp67 object service dhcp68 service udp destination eq bootpc description dhcp68 object service nbname137 service tcp destination eq 137 description nbname137 object service nbnameudp137 service udp destination eq netbios-ns description nbnameudp137 object service nbdatagram138 service udp destination eq netbios-dgm description nbdatagram138 object service nbsession139 service tcp destination eq netbios-ssn description nbsession139 object service smb445 service tcp destination eq 445 description smb445 object service Kerberos88 service tcp destination eq 88 description Kerberos88 object service rpc135 service tcp destination eq 135 description rpc135 object service ldap389 service tcp destination eq ldap description ldap389 object service microsoft-ds445 service tcp destination eq 445 description microsoft-ds445 object service tcp464 service tcp destination eq 464 description tcp464 object service tcp539 service tcp destination eq 539 description tcp539 object service ldap636 service tcp destination eq ldaps description ldap636 object service GCTCP3268 service tcp destination eq 3268 object service GCTCP3269 service tcp destination eq 3269 object service Kerberosudp88 service udp destination eq 88 object service dnsudp53 service udp destination eq domain object service smbudp445 service udp destination eq 445 object service udp25 service udp destination eq 25 object service dfs5722 service tcp destination eq 5722 object service ntp123 service udp destination eq ntp object service SOAP9389 service tcp destination eq 9389 object service udp2535 service tcp destination eq 2535 object service smtp465 service tcp destination eq 465 description smtp465 object service pops995 service tcp destination eq 995 description pops995 object service tcp8000 service tcp destination eq 8000 description tcp8000 object service tcp8001 service tcp destination eq 8001 object service RDP3390 service tcp destination eq 3390 object service RDP3398 service tcp destination eq 3398 object network H-NVP-NBO-001 host 172.16.33.200 description H-NVP-NBO-001 object service RDP3388 service tcp destination eq 3388 description RDP3388 object service CAM34567 service tcp destination eq 34567 description CAM34567 object network H-CAM34567 host 172.16.33.44 description H-CAM34567 object network H-NVP-NBO-001-Eth0 host 172.16.32.145 description H-NVP-NBO-001-Eth0 object network H-VFCSRVHV03 host 172.16.17.16 description H-VFCSRVHV03 object service http8089 service tcp destination eq 8089 description Web Dien Luc EVNC object service PPTP1723 service tcp destination eq pptp description PPTP1723 object network H-VFCSRVVPN01 host 172.16.17.11 description H-VFCSRVVPN01 object service RDP9999 service tcp destination eq 9999 object service RDP service tcp destination eq 3389 object service L2TP1701 service udp destination eq 1701 description L2TP1701 object service IKEv500 service udp destination eq isakmp description IKEv500 object service L2TP4500 service udp destination eq 4500 description L2TP4500 object service Unifi3478 service udp destination eq 3478 description Unifi3478 object network D-RangeIP-Web range 65.208.151.112 65.208.151.115 description D-RangeIP-Web object network Net176-VPNDTH subnet 172.16.176.0 255.255.255.0 description Net176-VPNDTH object network IP-172.16.1.240-SFR host 172.16.1.240 description IP-172.16.1.240-SFR object service CAM34588 service tcp destination eq 34588 description CAM34588 object service UDP1723 service udp destination eq 1723 description UDP1723 object service GRE47 service gre description GRE47 object network H-VFCSRVAD02 host 172.16.17.69 description H-VFCSRVAD02-Radius VPN object service SQL14333 service tcp destination eq 14333 object service SQL1433 service tcp destination eq 1433 object service SQL14333-SourcePort service tcp source eq 14333 object service SQL1433-SourcePort service tcp source eq 1433 object service RDP9999-SourcePort service tcp source eq 9999 object network DIP-144.214.70.62 host 144.214.70.62 description Cisco CVE-2018-0101 object network DIP-75.105.175.87 host 75.105.175.87 description Cisco CVE-2018-0101 object network D-Network-Logon-ASA subnet 103.89.0.0 255.255.0.0 description D-Network-Logon-ASA object network D-RangeIP-LogonASA range 103.89.88.1 103.89.88.254 description D-RangeIP-LogonASA object network IP-VietGuys host 103.1.209.146 description IP-VietGuys object service sms14999 service tcp destination eq 14999 description SMS Vietguys 14999 object network DIP58.218.198.141 host 58.218.198.141 description Deny-SSH-FloodSMS object network CC-51.254.221.129 host 51.254.221.129 description CC-51.254.221.129 object network CC-191.238.234.227 host 191.238.234.227 description CC-191.238.234.227 object network CC-139.99.101.96 host 139.99.101.96 description CC-139.99.101.96 object network CC-144.217.84.99 host 144.217.84.99 description CC-144.217.84.99 object network CC-147.135.210.184 host 147.135.210.184 description CC-147.135.210.184 object network CC-142.44.163.168 host 142.44.163.168 description CC-142.44.163.168 object network CC-192.99.71.250 host 192.99.71.250 description CC-192.99.71.250 object network CC-142.44.240.14 host 142.44.240.14 description CC-142.44.240.14 object network CC-66.70.190.236 host 66.70.190.236 description CC-66.70.190.236 object network CC-145.239.93.125 host 145.239.93.125 description CC-145.239.93.125 object service WSUS8530 service tcp destination eq 8530 description WSUS8530 object service WSUS8531 service tcp destination eq 8531 description WSUS8531 object network DIP-5.8.18.56 host 5.8.18.56 description DIP-5.8.18.56 object network DIP-5.8.18.63 host 5.8.18.63 description DIP-5.8.18.63 object network D-RangIP-5.8.18.0-5.8.18.127 subnet 5.8.18.0 255.255.255.128 description D-RangIP- 5.8.18.0-5.8.18.127 object network H-HCM-NBO-135-Wifi host 172.16.33.201 description Dao, Le Cong object network H-HCM-NBO-135-eth0 host 172.16.32.147 description Dao, Le Cong-eth0 object network OBJ-IP-45.119.82.46 host 45.119.82.46 description IP-API Quet Scan NOD object service WEB80 service tcp destination eq www object service FTP21 service tcp destination range ftp-data ftp object network H-VFCSRVFTP01 host 172.16.17.11 description H-VFCSRVFTP01-FTP update epacific object network H-VFCHDNVR08ET host 172.16.64.210 description H-VFCHDNVR08ET-DVR Camera VP37-CN HCM object service NVR34567 service tcp destination eq 34567 object service NVR45678 service tcp destination eq 45678 object network H-VFCSRAPPISQL host 172.16.17.91 description Server WebApp Dev NongDuoc -SQL Remote object network OBJ-NET10-WIFI subnet 10.100.100.0 255.255.255.0 object network OBJ-NET10-WIFI-GUEST subnet 10.100.100.0 255.255.255.0 description OBJ-NET10-WIFI-GUEST object network OBJ-NET33-WIFI-STAFF subnet 172.16.33.0 255.255.255.0 description OBJ-NET33-WIFI-STAFF object network OBJ-NET32-LAN-USER29 subnet 172.16.32.0 255.255.255.0 description OBJ-NET32-LAN-USER29 object network OBJ-NET64-LAN-USER37 subnet 172.16.64.0 255.255.255.0 description OBJ-NET64-LAN-USER37 object network OBJ-NET17-SRV-GROUP subnet 172.16.17.0 255.255.255.0 description OBJ-NET17-SRV-GROUP object network IP-101.99.34.130 host 101.99.34.130 description wan2cmc object network IP-183.91.25.131 host 183.91.25.131 description Mail Server Exchange 2016 object network DIP-197.232.22.209 host 197.232.22.209 description Spam email-defmis object service FTP-Passive service tcp source range 1024 65535 description FTP-Passive object network DIP-38.132.124.250 host 38.132.124.250 description DIP-38.132.124.250 object network DIP-89.249.65.220 host 89.249.65.220 description DIP-89.249.65.220 object service KMS1688 service tcp destination eq 1688 description KMS1688 object service OPENVPN1194 service udp destination eq 1194 description OPENVPN1194 object service HTTP89 service tcp destination eq 89 description HTTP89 object network OBJ-H-VFCSRVWEB01 host 172.16.16.11 description OBJ-H-VFCSRVWEB01 object network DIP-104.248.163.221 host 104.248.163.221 description DIP-104.248.163.221 object network H-IPHONE-JSISEN host 172.16.33.47 description H-IPHONE-JSISEN object network DIP-212.22.162.17 host 212.22.162.17 description DIP-212.22.162.17-Spam object network DIP-27.74.251.127 host 27.74.251.127 description DIP-27.74.251.127-WebAttack object network DIP-42.61.41.114 host 42.61.41.114 description DIP-42.61.41.114 object network DIP-169.254.95.120 host 169.254.95.120 description DIP-169.254.95.120 object network DIP-107.173.49.208 host 107.173.49.208 description CC-107.173.49.208 object network DIP-192.227.248.189 host 192.227.248.189 description DIP-192.227.248.189 object network DIP-107.174.39.144 host 107.174.39.144 description DIP-107.174.39.144 object network DIP-184.164.139.212 host 184.164.139.212 description DIP-184.164.139.212 object network DIP-107.175.94.16 host 107.175.94.16 description DIP-107.175.94.16 object network DIP-107.175.3.16 host 107.175.3.16 description DIP-107.175.3.16 object network DIP-107.175.75.116 host 107.175.75.116 description DIP-107.175.75.116 object network DIP-167.114.56.226 host 167.114.56.226 description DIP-167.114.56.226 object network DIP-66.85.157.69 host 66.85.157.69 description DIP-66.85.157.69 object network DIP-107.172.249.103 host 107.172.249.103 description DIP-107.172.249.103 object network DIP-198.46.168.33 host 198.46.168.33 description DIP-198.46.168.33 object network DIP-172.245.205.107 host 172.245.205.107 description DIP-172.245.205.107 object network DIP-167.114.56.224 host 167.114.56.224 description DIP-167.114.56.224 object network DIP-116.197.235.202 host 116.197.235.202 description DIP-116.197.235.202 object network DIP-72.83.72.137 host 72.83.72.137 description DIP-72.83.72.137 object network DIP-192.64.119.21 host 192.64.119.21 description DIP-192.64.119.21 object network DIP-192.64.119.20 host 192.64.119.20 description DIP-192.64.119.20 object network DIP-192.64.119.87 host 192.64.119.87 description DIP-192.64.119.87 object network DIP-192.64.119.86 host 192.64.119.86 description DIP-192.64.119.86 object network DIP-192.227.248.181 host 192.227.248.181 description DIP-192.227.248.181 object network DIP-151.106.60.136 host 151.106.60.136 description DIP-151.106.60.136 object network DIP-198.46.168.29 host 198.46.168.29 description DIP-198.46.168.29 object network DIP-151.106.60.15 host 151.106.60.15 description DIP-151.106.60.15 object network DIP-185.136.163.167 host 185.136.163.167 description DIP-185.136.163.167 object network DIP-107.172.150.141 host 107.172.150.141 description DIP-107.172.150.141 object network DIP-198.23.140.75 host 198.23.140.75 description DIP-198.23.140.75 object network DIP-107.172.249.122 host 107.172.249.122 description DIP-107.172.249.122 object network DIP-185.136.165.202 host 185.136.165.202 description DIP-185.136.165.202 object network DIP-192.95.14.128 host 192.95.14.128 description DIP-192.95.14.128 object network DIP-62.255.119.211 host 62.255.119.211 description DIP-62.255.119.211 object network DIP-108.170.60.181 host 108.170.60.181 description DIP-108.170.60.181 object network DIP-198.46.209.171 host 198.46.209.171 description DIP-198.46.209.171 object network DIP-107.175.64.217 host 107.175.64.217 description DIP-107.175.64.217 object network DIP-107.175.75.115 host 107.175.75.115 description DIP-107.175.75.115 object network DIP-192.227.248.188 host 192.227.248.188 description DIP-192.227.248.188 object network DIP-162.255.119.132 host 162.255.119.132 description DIP-162.255.119.132 object network DIP-104.18.42.155 host 104.18.42.155 description DIP-104.18.42.155 object network DIP-104.18.43.155 host 104.18.43.155 description DIP-104.18.43.155 object network DIP-192.64.119.61 host 192.64.119.61 description Block-shengu.tech object network DIP-192.64.119.60 host 192.64.119.60 description Block-kalya.website object network DIP-192.227.248.182 host 192.227.248.182 description Block-smtp3.info object network DIP-192.64.119.7 host 192.64.119.7 description Block-urlmon.online object network DIP-162.255.119.211 host 162.255.119.211 description Block-gpcantgua.com object network DIP-45.32.114.96 host 45.32.114.96 description Block-vanxuangroup.edu.vn object network DIP-162.255.119.56 host 162.255.119.56 description Block-zzivet37.pro object network DIP-192.64.119.6 host 192.64.119.6 description Block-wvideo.site object network DIP-162.255.119.133 host 162.255.119.133 description Block-usfinance.store object network DIP-70.182.143.99 host 70.182.143.99 description Block-pixeliph.com object network DIP-162.255.118.61 host 162.255.118.61 description DIP-162.255.118.61 object network DIP-162.255.118.62 host 162.255.118.62 description DIP-162.255.118.62 object network DIP-104.47.36.36 host 104.47.36.36 description DIP-104.47.36.36 object network OBJ-NET60-IPSEC-VPN subnet 10.60.60.0 255.255.255.0 description OBJ-NET60-IPSEC-VPN object network OBJ-NET2-SSL-VPN subnet 172.16.2.0 255.255.255.0 description OBJ-NET2-SSL-VPN object network OBJ-NET20-HEARTBEAT subnet 172.16.20.0 255.255.255.0 description OBJ-NET20-HEARTBEAT object network DIP-113.161.29.77 host 113.161.29.77 description DIP-113.161.29.77 object network DIP-113.161.86.33 host 113.161.86.33 description DIP-113.161.86.33 object network DIP-125.212.251.9 host 125.212.251.9 description DIP-125.212.251.9 object network DIP-113.161.232.47 host 113.161.232.47 description DIP-113.161.232.47 object network OBJ-NET11-IPSEC-VPN subnet 11.11.11.0 255.255.255.0 description OBJ-NET11-IPSEC-VPN object network OBJ-H-NGUYENMY host 172.16.33.80 description OBJ-H-NGUYENMY object service IMAP993 service tcp destination eq 993 description IMAP993 object service SMTP587 service tcp destination eq 587 description SMTP587 object service HTTP8668 service tcp destination eq 8668 description tracuu.hoadondientu-ptp.vn object network OBJ-NET23-IT-LAB subnet 172.16.23.0 255.255.255.0 description OBJ-NET23-IT-LAB object network DIP-84.22.140.12 host 84.22.140.12 description DIP-84.22.140.12-445 object network OBJ-H-HCM-SVR-001 host 172.16.17.10 description OBJ-H-HCM-SVR-001 object network DIP-Rang-65.208.151.0 range 65.208.151.100 65.208.151.199 description DIP-Rang-65.208.151.0 object network DIP-81.6.42.123 host 81.6.42.123 description DIP-81.6.42.123 object network OBJ-H-HCM-NBO-150-Wifi host 172.16.33.128 description Dao, Le Cong-WF object service OBJ-HTTP8443 service tcp destination eq 8443 description OBJ-HTTP8443-API VIETTEL object network OBJ-IP-183.91.25.132 host 183.91.25.132 description VFCSRVWEB01-vfc.com.vn object network OBJ-H-VFCSRVWEB02 host 172.16.16.11 description OBJ-H-VFCSRVWEB02 object network OBJ-IP-113.161.107.157 host 113.161.107.157 description IP-113.161.107.157-IPWAN2CMC object network OBJ-H-HCM-NBO-150-Eth0 host 172.16.32.50 description OBJ-H-HCM-NBO-150-Eth0 object-group service G_MailService tcp description G_MailService port-object eq domain port-object eq www port-object eq https port-object eq smtp object-group service G_VC description G_VC service-object object Aver1719 service-object object Aver1720 service-object object Aver5060 service-object object Aver80 service-object object Aver_Data service-object tcp destination eq h323 object-group service G-VFCSRVAPP01 service-object object mssql-UDP-1434 service-object object mssql-tcp-1433 service-object tcp destination eq ftp service-object tcp destination eq ftp-data service-object tcp destination eq www service-object tcp destination eq https service-object object sql-analysis-tcp-2382 object-group service G-SERVICE-VFCSRVAPP01 tcp port-object eq www port-object eq https object-group network G_DDE description G_DDE-Virus O97M/DDEDownloader.C network-object object DDE-111.68.20.150 network-object object DDE-195.96.193.23 network-object object DDE-213.202.100.90 network-object object DDE-45.77.67.197 network-object object DDE-89.253.235.118 network-object object DDE-175.107.146.17 network-object object DDE-180.222.185.74 network-object object DDE-62.212.154.98 network-object object DDE-66.36.173.246 network-object object DDE-68.171.62.42 network-object object DDE-77.123.53.200 network-object object DDE-84.234.64.216 network-object object DDE-98.124.251.65 network-object object DDE-151.236.60.40 network-object object DDE-178.151.116.49 network-object object DDE-194.69.192.64 network-object object DDE-62.50.190.101 network-object object DDE-75.98.175.70 network-object object DDE-85.214.28.187 network-object object DDE-92.48.90.34 network-object object DDE-176.28.9.111 network-object object DDE-217.160.224.147 network-object object DDE-72.249.127.194 network-object object DDE-83.220.128.111 network-object object DDE-85.214.106.31 network-object object LOCKY-104.239.213.7 network-object object LOCKY-198.105.244.11 network-object object CC-139.99.101.96 network-object object CC-142.44.163.168 network-object object CC-142.44.240.14 network-object object CC-144.217.84.99 network-object object CC-145.239.93.125 network-object object CC-147.135.210.184 object-group service G_Service_AD description G_Service_AD service-object object Kerberos88 service-object object dhcp67 service-object object dhcp68 service-object object ldap389 service-object object ldap636 service-object object nbdatagram138 service-object object nbname137 service-object object nbnameudp137 service-object object nbsession139 service-object object rpc135 service-object object smb445 service-object tcp destination eq hostname service-object tcp destination eq kerberos service-object tcp destination eq ldap service-object tcp destination eq ldaps service-object tcp destination eq netbios-ssn service-object object tcp464 service-object object tcp539 service-object udp destination eq isakmp service-object udp destination eq kerberos service-object udp destination eq nameserver service-object object GCTCP3268 service-object object GCTCP3269 service-object object Kerberosudp88 service-object object SOAP9389 service-object object dfs5722 service-object object ntp123 service-object object smbudp445 service-object tcp-udp destination eq 464 service-object object udp2535 object-group service G_Service_User_Common description G_Service_User_Common service-object object ftp20 service-object object ftp9000 service-object object http8080 service-object object http81 service-object object http82 service-object tcp destination eq ftp service-object tcp destination eq www service-object tcp destination eq https service-object object http8089 object-group service DM_INLINE_SERVICE_1 service-object icmp service-object object RDP8899 service-object object ftp9000 service-object object http8080 service-object object ftp9999 service-object tcp destination eq pop3 service-object object smtp465 service-object object pops995 group-object G_Service_User_Common service-object object https444 service-object object Unifi3478 service-object tcp destination eq ssh service-object object HTTP89 service-object object SMTP587 service-object object HTTP8668 object-group service DM_INLINE_SERVICE_8 service-object object CAM34567 service-object object CAM34588 object-group service G_Services_IT description G_Services_IT service-object object ftp9999 service-object object RDP3388 object-group service DM_INLINE_SERVICE_2 service-object object dnsudp53 service-object tcp destination eq domain service-object tcp destination eq www service-object tcp destination eq https service-object tcp destination eq smtp service-object udp destination eq ntp service-object object WSUS8530 service-object object WSUS8531 service-object tcp destination eq ssh service-object icmp service-object icmp time-exceeded service-object icmp unreachable service-object tcp destination eq ftp service-object tcp destination eq ftp-data object-group service DM_INLINE_SERVICE_3 service-object object ftp20 service-object object http81 service-object object http82 service-object tcp destination eq ftp service-object tcp destination eq www service-object tcp destination eq https service-object object https444 object-group network G_IT description G_IT network-object object H-NVP-NBO-001 network-object object H-NVP-NBO-001-Eth0 network-object object H-HCM-NBO-135-Wifi network-object object H-HCM-NBO-135-eth0 network-object object H-IPHONE-JSISEN network-object object OBJ-H-NGUYENMY network-object object OBJ-H-HCM-NBO-150-Eth0 network-object object OBJ-H-HCM-NBO-150-Wifi object-group service DM_INLINE_SERVICE_4 service-object object ntp123 service-object tcp destination eq domain service-object tcp destination eq www service-object tcp destination eq https service-object udp destination eq domain service-object icmp echo object-group network G_Server description G_Server network-object object H-HCM-SVR-002 network-object object H-VFCSRVAPP01 network-object object H-VFCSRVEX01 network-object object H-VFCSRVHV03 network-object object H-VFCSRVSMS01 object-group network G_Deny description G_Deny network-object object DDE-92.48.90.34 network-object object D-RangeIP-Web network-object object DIP-144.214.70.62 network-object object DIP-75.105.175.87 network-object object D-RangeIP-LogonASA network-object object DIP58.218.198.141 network-object object DIP-5.8.18.56 network-object object DIP-5.8.18.63 network-object object D-RangIP-5.8.18.0-5.8.18.127 network-object object DIP-38.132.124.250 network-object object DIP-89.249.65.220 network-object object DIP-104.248.163.221 network-object object DIP-212.22.162.17 network-object object DIP-27.74.251.127 network-object object DIP-42.61.41.114 network-object object DIP-169.254.95.120 network-object object DIP-107.173.49.208 network-object object DIP-107.172.150.141 network-object object DIP-107.172.249.103 network-object object DIP-107.172.249.122 network-object object DIP-107.174.39.144 network-object object DIP-107.175.3.16 network-object object DIP-107.175.64.217 network-object object DIP-107.175.75.115 network-object object DIP-107.175.75.116 network-object object DIP-107.175.94.16 network-object object DIP-108.170.60.181 network-object object DIP-116.197.235.202 network-object object DIP-151.106.60.136 network-object object DIP-151.106.60.15 network-object object DIP-167.114.56.224 network-object object DIP-167.114.56.226 network-object object DIP-172.245.205.107 network-object object DIP-184.164.139.212 network-object object DIP-185.136.163.167 network-object object DIP-185.136.165.202 network-object object DIP-192.227.248.181 network-object object DIP-192.227.248.188 network-object object DIP-192.227.248.189 network-object object DIP-192.64.119.20 network-object object DIP-192.64.119.21 network-object object DIP-192.64.119.86 network-object object DIP-192.64.119.87 network-object object DIP-192.95.14.128 network-object object DIP-198.23.140.75 network-object object DIP-198.46.168.29 network-object object DIP-198.46.168.33 network-object object DIP-198.46.209.171 network-object object DIP-62.255.119.211 network-object object DIP-66.85.157.69 network-object object DIP-72.83.72.137 network-object object DIP-104.18.42.155 network-object object DIP-104.18.43.155 network-object object DIP-162.255.119.132 network-object object DIP-162.255.119.133 network-object object DIP-162.255.119.211 network-object object DIP-162.255.119.56 network-object object DIP-192.227.248.182 network-object object DIP-192.64.119.6 network-object object DIP-192.64.119.60 network-object object DIP-192.64.119.61 network-object object DIP-192.64.119.7 network-object object DIP-45.32.114.96 network-object object DIP-70.182.143.99 network-object object DIP-104.47.36.36 network-object object DIP-162.255.118.61 network-object object DIP-162.255.118.62 network-object object DIP-113.161.29.77 network-object object DIP-113.161.86.33 network-object object DIP-125.212.251.9 network-object object DIP-113.161.232.47 network-object object DIP-197.232.22.209 network-object object DIP-84.22.140.12 network-object object DIP-Rang-65.208.151.0 network-object object DIP-81.6.42.123 object-group service DM_INLINE_SERVICE_5 service-object tcp destination eq https service-object tcp destination eq www service-object object http81 service-object udp destination eq ntp object-group service DM_INLINE_SERVICE_7 service-object icmp group-object G_Service_User_Common service-object object RDP8899 service-object object Unifi3478 service-object object ftp9000 service-object object ftp9999 service-object object http8080 service-object object https444 service-object object pops995 service-object object smtp465 service-object tcp destination eq pop3 service-object object HTTP89 service-object object IMAP993 service-object object SMTP587 service-object tcp destination eq imap4 object-group network DM_INLINE_NETWORK_1 network-object object OBJ-NET16-DMZ network-object object H-VFCSRVVPN01 object-group service DM_INLINE_SERVICE_9 service-object object SSH3322 service-object object dnsudp53 service-object tcp destination eq www service-object tcp destination eq https service-object udp destination eq ntp service-object tcp-udp destination eq domain service-object tcp destination eq ssh service-object object sms14999 service-object object sms8088 object-group service DM_INLINE_SERVICE_10 service-object object dnsudp53 service-object tcp destination eq www service-object tcp destination eq https object-group service DM_INLINE_SERVICE_11 service-object ip service-object icmp echo-reply service-object icmp time-exceeded service-object icmp unreachable object-group service DM_INLINE_SERVICE_12 service-object object ftp9999 service-object object http81 service-object object http82 service-object tcp destination eq ftp service-object tcp destination eq www service-object tcp destination eq https service-object tcp destination eq ftp-data access-list NET32-ACL extended permit tcp any any eq www log access-list NET32-ACL extended permit tcp any any eq https log access-list NET32-ACL extended permit tcp any any eq ftp log access-list NET32-ACL extended permit tcp any any eq ftp-data log access-list NET32-ACL extended permit ip 172.16.32.0 255.255.255.0 any access-list NET20-ACL extended permit ip 172.16.20.0 255.255.255.0 any access-list NET64-ACL extended permit tcp any any eq www log access-list NET64-ACL extended permit tcp any any eq https log access-list NET64-ACL extended permit tcp any any eq ftp log access-list NET64-ACL extended permit tcp any any eq ftp-data log access-list NET64-ACL extended permit ip 172.16.64.0 255.255.255.0 any access-list WAN1-ACCESS-IN extended permit tcp any4 object H-VFCSRVSMS01 eq www access-list WAN1-ACCESS-IN extended permit tcp any object H-VFCSRVAPP01 eq https log access-list WAN1-ACCESS-IN extended permit tcp any object H-VFCSRVAPP01 eq www log access-list WAN1-ACCESS-IN extended permit object-group DM_INLINE_SERVICE_5 any object H-VFCSRVVPN01 access-list WAN1-ACCESS-IN extended permit tcp any object H-VFCSRVAPP01 eq ftp access-list WAN1-ACCESS-IN extended permit tcp any object H-VFCSRVAPP01 eq ftp-data access-list WAN1-ACCESS-IN extended permit tcp any object H-VFCSRVAPP01 eq 2382 inactive access-list WAN1-ACCESS-IN extended permit tcp any object H-VFCSRVSMS01 eq https log access-list WAN1-ACCESS-IN extended permit tcp any object H-VFCSRVSMS01 eq www log access-list WAN1-ACCESS-IN extended permit tcp any object H-VFCSRVSMS01 eq ftp log access-list WAN1-ACCESS-IN extended permit tcp any object H-VFCSRVSMS01 eq ftp-data log access-list WAN1-ACCESS-IN extended permit tcp any object H-VFCSRVSMS01 eq ssh log access-list WAN1-ACCESS-IN extended permit tcp any object H-VFCSRVSMS01 eq 8088 log inactive access-list WAN1-ACCESS-IN extended permit tcp any object H-VFCSRVSMS01 eq 3322 log inactive access-list WAN1-ACCESS-IN extended permit tcp any object H-VFCSRVEX01 eq smtp log access-list WAN1-ACCESS-IN extended permit tcp any object H-VFCSRVEX01 eq https log access-list WAN1-ACCESS-IN extended permit tcp any object H-VFCSRVEX01 eq www log access-list WAN1-ACCESS-IN extended permit tcp any object H-VFCSRVEX01 eq domain log access-list WAN1-ACCESS-IN extended permit object WEB80 any object OBJ-H-VFCSRVWEB01 inactive access-list WAN1-ACCESS-IN extended permit object NVR34567 any object H-VFCHDNVR08ET log access-list WAN1-ACCESS-IN extended deny ip object-group G_DDE any log access-list WAN1-ACCESS-IN extended deny ip object-group G_Deny any access-list WAN1-ACCESS-IN extended deny ip object-group G_Deny object H-VFCSRVSMS01 access-list WAN1-ACCESS-IN extended deny ip object-group G_Deny object H-VFCSRVAPP01 log access-list WAN1-ACCESS-IN extended deny icmp any object H-VFCSRVSMS01 access-list WAN1-ACCESS-IN extended deny icmp any object H-VFCSRVAPP01 log access-list OUTSIDE_ACCESS_IN remark ICMP type 11 for Windows Traceroute access-list OUTSIDE_ACCESS_IN extended permit icmp any any time-exceeded access-list OUTSIDE_ACCESS_IN remark ICMP type 3 for Cisco and Linux access-list OUTSIDE_ACCESS_IN extended permit icmp any any unreachable access-list WAN2-ACCESS-IN extended permit tcp any object H-VFCSRVEX01 eq smtp log access-list WAN2-ACCESS-IN extended permit tcp any object H-VFCSRVEX01 eq https log access-list WAN2-ACCESS-IN extended permit tcp any object H-VFCSRVEX01 eq www log access-list WAN2-ACCESS-IN extended permit tcp any object H-VFCSRVEX01 eq domain log access-list WAN2-ACCESS-IN remark Allow traceroute access-list WAN2-ACCESS-IN extended permit icmp any any time-exceeded access-list WAN2-ACCESS-IN remark Allow traceroute access-list WAN2-ACCESS-IN extended permit icmp any any unreachable access-list WAN2-ACCESS-IN extended permit object SQL1433 object OBJ-IP-45.119.82.46 object H-VFCSRAPPISQL log access-list WAN2-ACCESS-IN extended permit icmp any any inactive access-list WAN2-ACCESS-IN extended permit icmp any any echo-reply inactive access-list WAN2-ACCESS-IN extended permit object FTP21 any object H-VFCSRVFTP01 log access-list WAN2-ACCESS-IN extended permit object WEB80 any object H-VFCSRVFTP01 log inactive access-list WAN2-ACCESS-IN extended permit object NVR34567 any object H-VFCHDNVR08ET log access-list WAN2-ACCESS-IN extended permit tcp any object OBJ-H-VFCSRVWEB02 eq www log access-list WAN2-ACCESS-IN extended permit tcp any object OBJ-H-VFCSRVWEB02 eq https log access-list WAN2-ACCESS-IN extended deny ip object-group G_Deny object H-HCM-SVR-002 access-list WAN2-ACCESS-IN extended deny ip object-group G_Deny any access-list WAN2-ACCESS-IN extended deny ip object-group G_DDE any log access-list WAN2-ACCESS-IN extended deny ip object-group G_Deny object H-VFCSRVEX01 log notifications access-list WAN2-ACCESS-IN extended deny ip object-group G_Deny object OBJ-H-HCM-SVR-001 access-list WAN2-ACCESS-IN extended deny ip object-group G_Deny object OBJ-H-VFCSRVWEB02 access-list WAN2-ACCESS-IN extended deny icmp any object OBJ-H-VFCSRVWEB02 access-list WAN2-ACCESS-IN extended deny icmp any object H-VFCSRVEX01 log access-list SERVER17-TO-INSIDE900 extended permit ip any any log access-list SERVER17-TO-INSIDE900 extended deny ip object-group G_DDE any access-list NET17-ACL remark Test L2TP Tunnel Split internet access-list NET17-ACL extended permit ip 172.16.17.0 255.255.255.0 any access-list ACL-SPLIT-NET remark Routing Server group access-list ACL-SPLIT-NET standard permit 172.16.17.0 255.255.255.0 access-list ACL-SPLIT-NET standard permit 172.16.16.0 255.255.255.0 access-list ACL-SPLIT-NET standard permit 10.10.10.0 255.255.255.0 access-list NET33-ACL extended permit tcp any any eq www log access-list NET33-ACL extended permit tcp any any eq https log access-list NET33-ACL extended permit tcp any any eq ftp log access-list NET33-ACL extended permit tcp any any eq ftp-data log access-list NET33-ACL extended permit ip 172.16.32.0 255.255.255.0 any access-list AnyConnect_Client_Local_Print extended deny ip any4 any4 access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq lpd access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 631 access-list AnyConnect_Client_Local_Print remark Windows' printing port access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 9100 access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol access-list AnyConnect_Client_Local_Print extended permit udp any4 host 224.0.0.251 eq 5353 access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name Resolution protocol access-list AnyConnect_Client_Local_Print extended permit udp any4 host 224.0.0.252 eq 5355 access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 137 access-list AnyConnect_Client_Local_Print extended permit udp any4 any4 eq netbios-ns access-list inside900_access_in extended permit object-group DM_INLINE_SERVICE_11 object-group G_IT any access-list inside900_access_in extended permit object-group DM_INLINE_SERVICE_12 object H-VFCSRVVPN01 any access-list inside900_access_in extended permit object-group DM_INLINE_SERVICE_2 object Net17_ServerGroup any access-list inside900_access_in extended permit object-group DM_INLINE_SERVICE_1 object Net32_29User-LAN any access-list inside900_access_in extended permit object-group DM_INLINE_SERVICE_3 object Net64_37User-LAN any access-list inside900_access_in extended permit object-group DM_INLINE_SERVICE_4 object-group DM_INLINE_NETWORK_1 any access-list inside900_access_in extended permit object-group DM_INLINE_SERVICE_7 object Net33_Wifi any access-list inside900_access_in extended permit object-group DM_INLINE_SERVICE_8 object H-CAM34567 any access-list inside900_access_in extended permit icmp any any inactive access-list inside900_access_in extended permit object-group DM_INLINE_SERVICE_9 object H-VFCSRVSMS01 any access-list inside900_access_in extended permit object OBJ-HTTP8443 object OBJ-H-HCM-NBO-150-Wifi any access-list inside900_access_in extended permit object OBJ-HTTP8443 object OBJ-H-HCM-NBO-150-Eth0 any access-list inside900_access_in extended deny ip object-group G_DDE any access-list inside900_access_in extended deny ip any object-group G_Deny access-list dmz16_access_in extended permit ip any any log access-list VFCIPSecVPNProfile_splitTunnelAcl standard permit 172.16.17.0 255.255.255.0 access-list VFCIPSecVPNProfile_splitTunnelAcl remark dmz16 access-list VFCIPSecVPNProfile_splitTunnelAcl standard permit 172.16.16.0 255.255.255.0 access-list VFCIPSecVPNProfile_splitTunnelAcl standard permit 10.10.10.0 255.255.255.0 access-list VFCIPSecVPNProfile_splitTunnelAcl standard permit 172.16.1.0 255.255.255.0 access-list NETUSER_ACL extended permit ip 172.16.32.0 255.255.255.0 any access-list NETUSER_ACL extended permit ip 172.16.33.0 255.255.255.0 any access-list NETUSER_ACL extended permit ip 172.16.64.0 255.255.255.0 any access-list NETSERVER_ACL extended permit ip 172.16.17.0 255.255.255.0 any access-list guest100_access_in extended permit ip object Net100_guest100 any access-list guest100_access_in extended permit object-group DM_INLINE_SERVICE_10 10.100.1.0 255.255.255.0 object OBJ-H-VFCSRVWEB01 access-list NET100-ACL extended permit ip 10.100.100.0 255.255.255.0 any access-list NET16-ACL extended permit ip 172.16.16.0 255.255.255.0 any access-list ACL-SPLIT-NET17 standard permit 172.16.17.0 255.255.255.0 access-list NET23-ACL extended permit ip 172.17.23.0 255.255.255.0 any pager lines 24 logging enable logging buffer-size 500000 logging buffered debugging logging asdm informational logging recipient-address phuong.nguyenvan@vfc.com.vn level informational mtu mgt 1500 mtu wan1 1500 mtu wan2 1500 mtu wan3 1500 mtu management 1500 mtu conneted-dev 1500 mtu guest100 1500 mtu dmz 1500 mtu inside900 1500 ip verify reverse-path interface wan1 ip verify reverse-path interface inside900 no failover no monitor-interface service-module icmp unreachable rate-limit 10 burst-size 5 icmp permit any echo-reply wan1 icmp deny any wan1 icmp permit any wan2 icmp permit any echo wan2 icmp permit any echo-reply wan2 icmp permit 172.16.1.0 255.255.255.0 inside900 icmp permit 172.16.33.0 255.255.255.0 echo inside900 icmp permit 172.16.32.0 255.255.255.0 echo inside900 icmp permit 172.16.32.0 255.255.255.0 echo-reply inside900 icmp permit 10.10.10.0 255.255.255.0 inside900 no asdm history enable arp timeout 14400 no arp permit-nonconnected arp rate-limit 16384 nat (inside900,wan2) source static H-VFCSRVEX01 IP-183.91.25.131 nat (wan2,inside900) source static any any destination static interface H-VFCSRVFTP01 service FTP21 FTP21 nat (wan2,inside900) source static any any destination static interface H-VFCSRAPPISQL service SQL14333 SQL1433 nat (wan2,inside900) source static any any destination static interface H-VFCHDNVR08ET service NVR45678 NVR34567 nat (wan2,inside900) source static any any destination static interface H-VFCSRVFTP01 service WEB80 WEB80 nat (inside900,wan2) source static Net17_ServerGroup Net17_ServerGroup destination static Net60-IPSEC-VPN Net60-IPSEC-VPN no-proxy-arp route-lookup nat (wan1,inside900) source static any any destination static interface H-VFCHDNVR08ET service NVR45678 NVR34567 nat (inside900,wan2) source static OBJ-H-VFCSRVWEB02 OBJ-IP-183.91.25.132 nat (inside900,wan1) source static H-VFCSRVEX01 IP-113.161.107.154 nat (inside900,wan2) source dynamic any interface nat (inside900,wan1) source dynamic any interface nat (inside900,wan2) source static OBJ-NET10-INSIDE900 OBJ-NET10-INSIDE900 destination static Net2-VPN-SSL Net2-VPN-SSL no-proxy-arp route-lookup nat (inside900,wan2) source static Net17_ServerGroup Net17_ServerGroup destination static Net2-VPN-SSL Net2-VPN-SSL no-proxy-arp route-lookup nat (guest100,wan2) source dynamic any interface nat (guest100,wan1) source dynamic any interface nat (inside900,wan1) source static Net17_ServerGroup Net17_ServerGroup destination static Net60-IPSEC-VPN Net60-IPSEC-VPN no-proxy-arp route-lookup nat (inside900,wan1) source static Net17_ServerGroup Net17_ServerGroup destination static Net2-VPN-SSL Net2-VPN-SSL no-proxy-arp route-lookup nat (inside900,wan1) source static OBJ-NET10-INSIDE900 OBJ-NET10-INSIDE900 destination static OBJ-NET60-IPSEC-VPN OBJ-NET60-IPSEC-VPN no-proxy-arp route-lookup nat (inside900,wan1) source static OBJ-NET16-DMZ OBJ-NET16-DMZ destination static OBJ-NET60-IPSEC-VPN OBJ-NET60-IPSEC-VPN no-proxy-arp route-lookup nat (inside900,wan1) source static OBJ-NET1-MGT OBJ-NET1-MGT destination static OBJ-NET60-IPSEC-VPN OBJ-NET60-IPSEC-VPN no-proxy-arp route-lookup nat (inside900,wan2) source static OBJ-NET16-DMZ OBJ-NET16-DMZ destination static OBJ-NET60-IPSEC-VPN OBJ-NET60-IPSEC-VPN no-proxy-arp route-lookup ! object network H-VFCSRVAPP01 nat (inside900,wan1) static 113.161.107.158 object network H-VFCSRVSMS01 nat (inside900,wan1) static IP-113.161.107.156 object network H-VFCSRVVPN01 nat (inside900,wan1) static IP-113.161.107.155 access-group WAN1-ACCESS-IN in interface wan1 access-group WAN2-ACCESS-IN in interface wan2 access-group guest100_access_in in interface guest100 access-group inside900_access_in in interface inside900 ! route-map PBR-INSIDE900 permit 10 match ip address NET17-ACL NET16-ACL NET23-ACL set ip next-hop verify-availability 183.91.25.129 1 track 1 set ip next-hop verify-availability 113.161.107.153 2 track 2 set ip next-hop 183.91.25.129 ! route-map PBR-INSIDE900 permit 20 match ip address NET100-ACL NET32-ACL NET33-ACL NET64-ACL set ip next-hop verify-availability 113.161.107.153 1 track 1 set ip next-hop verify-availability 183.91.25.129 2 track 2 set ip next-hop 113.161.107.153 ! route wan1 0.0.0.0 0.0.0.0 113.161.107.153 2 track 1 route wan2 0.0.0.0 0.0.0.0 183.91.25.129 50 route guest100 100.100.1.0 255.255.255.0 10.10.10.253 1 route inside900 172.16.1.0 255.255.255.0 10.10.10.253 1 route inside900 172.16.16.0 255.255.255.0 10.10.10.253 1 route inside900 172.16.17.0 255.255.255.0 10.10.10.253 1 route inside900 172.16.20.0 255.255.255.0 10.10.10.253 1 route inside900 172.16.21.0 255.255.255.0 10.10.10.253 1 route inside900 172.16.32.0 255.255.255.0 10.10.10.253 1 route inside900 172.16.33.0 255.255.255.0 10.10.10.253 1 route inside900 172.16.64.0 255.255.255.0 10.10.10.253 1 timeout xlate 3:00:00 timeout pat-xlate 0:00:30 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 timeout conn-holddown 0:00:15 timeout igp stale-route 0:01:10 aaa-server VFC-NPS-01 protocol radius aaa-server VFC-NPS-01 (inside900) host 172.16.17.69 key ***** radius-common-pw ***** user-identity default-domain LOCAL aaa authentication ssh console LOCAL aaa authentication telnet console LOCAL aaa authentication login-history http server enable 8800 http server idle-timeout 30 http 172.16.17.0 255.255.255.0 inside900 http 172.16.16.0 255.255.255.0 inside900 http 172.16.33.200 255.255.255.255 inside900 http 172.16.32.145 255.255.255.255 inside900 http 172.16.2.0 255.255.255.0 wan2 http 10.60.60.0 255.255.255.0 inside900 http 172.16.17.16 255.255.255.255 inside900 http 172.16.32.0 255.255.255.0 inside900 http 172.16.17.88 255.255.255.255 inside900 http 172.16.17.200 255.255.255.255 inside900 http 42.119.159.105 255.255.255.255 wan2 http 42.119.159.105 255.255.255.255 wan1 no snmp-server location no snmp-server contact sysopt connection preserve-vpn-flows sla monitor 3 type echo protocol ipIcmpEcho 8.8.8.8 interface wan1 num-packets 3 frequency 30 sla monitor schedule 3 life forever start-time now sla monitor 4 type echo protocol ipIcmpEcho 8.8.8.8 interface wan2 sla monitor schedule 4 life forever start-time now crypto ipsec ikev1 transform-set VFC-DES-SHA-ike1 esp-des esp-sha-hmac crypto ipsec ikev1 transform-set VFC-DES-SHA-ike1 mode transport crypto ipsec ikev1 transform-set VFC-WINS-TRANS-ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec ikev1 transform-set VFC-WINS-TRANS-ESP-3DES-SHA mode transport crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transport crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transport crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transport crypto ipsec ikev2 ipsec-proposal DES protocol esp encryption des protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal 3DES protocol esp encryption 3des protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES protocol esp encryption aes protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES192 protocol esp encryption aes-192 protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES256 protocol esp encryption aes-256 protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal VFC-3DES-SHA-P2 protocol esp encryption 3des protocol esp integrity sha-1 crypto ipsec security-association pmtu-aging infinite crypto dynamic-map VFC-MAP-IPSec 10 set ikev1 transform-set VFC-DES-SHA-ike1 crypto dynamic-map VFC-WINS-DYN-MAP 20 set ikev1 transform-set VFC-WINS-TRANS-ESP-3DES-SHA crypto dynamic-map VFC-WINS-DYN-MAP 50 set ikev1 transform-set VFC-WINS-TRANS-ESP-3DES-SHA crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65534 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES crypto map VFC-MAP-VPN 20 ipsec-isakmp dynamic VFC-MAP-IPSec crypto map VFC-WINS-WAN3-MAP 20 ipsec-isakmp dynamic VFC-WINS-DYN-MAP crypto map wan1_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP crypto map wan1_map interface wan1 crypto map wan2_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP crypto map wan2_map interface wan2 crypto map inside900_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP crypto map inside900_map interface inside900 crypto ca trustpoint _SmartCallHome_ServerCA no validation-usage crl configure crypto ca trustpoint LOCAL-CA-SERVER keypair LOCAL-CA-SERVER crl configure crypto ca trustpoint SSLVPN-CA enrollment self fqdn vpn.vfc.com.vn email Phuong.NguyenVan@vfc.com.vn subject-name CN=vpn.vfc.com.vn,OU=IT Department,O=VFC,C=VN,L=Ho Chi Minh,EA=Phuong.NguyenVan@vfc.com.vn ip-address 118.69.34.113 keypair LOCAL-CA-SERVER crl configure crypto ca trustpoint SSLVPNVNPT-CA enrollment self fqdn vpn2.vfc.com.vn email Phuong.NguyenVan@vfc.com.vn subject-name CN=vpn2.vfc.com.vn,OU=IT Department,O=VFC,C=VN,L=Ho Chi Minh,EA=Phuong.NguyenVan@vfc.com.vn ip-address 113.161.107.157 keypair vpnsslvnpt crl configure crypto ca trustpool policy crypto ca server lifetime ca-certificate 1825 keysize 2048 keysize server 2048 crypto ca certificate map VFCMAP 10 subject-name attr cn co vpn.vfc.com.vn issuer-name attr o eq vfc crypto ca certificate chain _SmartCallHome_ServerCA certificate ca 18dad19e267de8bb4a2158cdcc6b3b4a 308204d3 308203bb a0030201 02021018 dad19e26 7de8bb4a 2158cdcc 6b3b4a30 0d06092a 864886f7 0d010105 05003081 ca310b30 09060355 04061302 55533117 30150603 55040a13 0e566572 69536967 6e2c2049 6e632e31 1f301d06 0355040b 13165665 72695369 676e2054 72757374 204e6574 776f726b 313a3038 06035504 0b133128 63292032 30303620 56657269 5369676e 2c20496e 632e202d 20466f72 20617574 686f7269 7a656420 75736520 6f6e6c79 31453043 06035504 03133c56 65726953 69676e20 436c6173 73203320 5075626c 69632050 72696d61 72792043 65727469 66696361 74696f6e 20417574 686f7269 7479202d 20473530 1e170d30 36313130 38303030 3030305a 170d3336 30373136 32333539 35395a30 81ca310b 30090603 55040613 02555331 17301506 0355040a 130e5665 72695369 676e2c20 496e632e 311f301d 06035504 0b131656 65726953 69676e20 54727573 74204e65 74776f72 6b313a30 38060355 040b1331 28632920 32303036 20566572 69536967 6e2c2049 6e632e20 2d20466f 72206175 74686f72 697a6564 20757365 206f6e6c 79314530 43060355 0403133c 56657269 5369676e 20436c61 73732033 20507562 6c696320 5072696d 61727920 43657274 69666963 6174696f 6e204175 74686f72 69747920 2d204735 30820122 300d0609 2a864886 f70d0101 01050003 82010f00 3082010a 02820101 00af2408 08297a35 9e600caa e74b3b4e dc7cbc3c 451cbb2b e0fe2902 f95708a3 64851527 f5f1adc8 31895d22 e82aaaa6 42b38ff8 b955b7b1 b74bb3fe 8f7e0757 ecef43db 66621561 cf600da4 d8def8e0 c362083d 5413eb49 ca595485 26e52b8f 1b9febf5 a191c233 49d84363 6a524bd2 8fe87051 4dd18969 7bc770f6 b3dc1274 db7b5d4b 56d396bf 1577a1b0 f4a225f2 af1c9267 18e5f406 04ef90b9 e400e4dd 3ab519ff 02baf43c eee08beb 378becf4 d7acf2f6 f03dafdd 75913319 1d1c40cb 74241921 93d914fe ac2a52c7 8fd50449 e48d6347 883c6983 cbfe47bd 2b7e4fc5 95ae0e9d d4d143c0 6773e314 087ee53f 9f73b833 0acf5d3f 3487968a ee53e825 15020301 0001a381 b23081af 300f0603 551d1301 01ff0405 30030101 ff300e06 03551d0f 0101ff04 04030201 06306d06 082b0601 05050701 0c046130 5fa15da0 5b305930 57305516 09696d61 67652f67 69663021 301f3007 06052b0e 03021a04 148fe5d3 1a86ac8d 8e6bc3cf 806ad448 182c7b19 2e302516 23687474 703a2f2f 6c6f676f 2e766572 69736967 6e2e636f 6d2f7673 6c6f676f 2e676966 301d0603 551d0e04 1604147f d365a7c2 ddecbbf0 3009f343 39fa02af 33313330 0d06092a 864886f7 0d010105 05000382 01010093 244a305f 62cfd81a 982f3dea dc992dbd 77f6a579 2238ecc4 a7a07812 ad620e45 7064c5e7 97662d98 097e5faf d6cc2865 f201aa08 1a47def9 f97c925a 0869200d d93e6d6e 3c0d6ed8 e6069140 18b9f8c1 eddfdb41 aae09620 c9cd6415 3881c994 eea28429 0b136f8e db0cdd25 02dba48b 1944d241 7a05694a 584f60ca 7e826a0b 02aa2517 39b5db7f e784652a 958abd86 de5e8116 832d10cc defda882 2a6d281f 0d0bc4e5 e71a2619 e1f4116f 10b595fc e7420532 dbce9d51 5e28b69e 85d35bef a57d4540 728eb70e 6b0e06fb 33354871 b89d278b c4655f0d 86769c44 7af6955c f65d3208 33a454b6 183f685c f2424a85 3854835f d1e82cf2 ac11d6a8 ed636a quit crypto ca certificate chain LOCAL-CA-SERVER certificate ca 01 3082031e 30820206 a0030201 02020101 300d0609 2a864886 f70d0101 05050030 20311e30 1c060355 04031315 5646434e 45544153 4130312e 7666632e 6c6f6361 6c301e17 0d313731 30313531 34353431 385a170d 32323130 31343134 35343138 5a302031 1e301c06 03550403 13155646 434e4554 41534130 312e7666 632e6c6f 63616c30 82012230 0d06092a 864886f7 0d010101 05000382 010f0030 82010a02 82010100 a6f35072 f432f439 fc7a84a6 929d6a88 2654819c 1cdd9700 842aec6a e6c41382 d3946c9f a9715c99 4c29be00 3ab808d1 42727c48 f692b836 9f3d9563 14962eb9 57ed8bf3 f755ed48 b5fe78b4 d908bdc5 db595743 4e4ce7dd bf082ffc 1ab6316c 8b25df49 8d8d013e e9775b5a 74526db2 81873064 7cee41f7 9cdae1d1 a503ddef ef0d8d02 e32d089f 7f7bc6e7 abb658f9 25a77ff1 d426230e a477bbeb ee19eaaa 61a9139e 62d7f780 2430e384 47988acf 3b9539cb 48e8b34e 61cb73a0 c75e7bfa 48e32b5b 0c84b176 0a3d6f64 ed676323 912c4c36 8509adf8 e3f6d3f0 d9868797 33c99ffb 44f1c7fb 2a9f274d 97dc77cd 6d193c8d 539fe4b2 06584846 19354f8d 02030100 01a36330 61300f06 03551d13 0101ff04 05300301 01ff300e 0603551d 0f0101ff 04040302 0186301f 0603551d 23041830 16801426 35255058 ffe75d49 b2a39908 58a59018 95541e30 1d060355 1d0e0416 04142635 255058ff e75d49b2 a3990858 a5901895 541e300d 06092a86 4886f70d 01010505 00038201 01008d4a 52d5b788 11335dde 7bca1454 0184a7db 510a8964 3c75d514 4b3602e7 0d537933 a8fbd873 571b3a6a 4392e1fd b9f158bc e7f5e708 44d456fd ad411f0f 1559526e ddda4044 8a664734 7b30b397 12270fc7 505cac87 4ef07d6e c5041d76 5c8b5ff5 bcb57e92 48ce1e7d f8a82e90 79535deb 9db8e71e 38a764f7 990c075b 1ff22b0b a880cda8 1a38d2ba 719df823 a01a3e23 bb09a869 6d48d70c 88d17f33 eaa336fc f52904b9 1a75a0e8 357feb38 250914c5 ee9f4986 448c6891 3e9c1dab 98fff711 b6b917fd e2e4feca 856375ff 5d09b16e 1ea360b3 5ffd5af3 bb7382cc 0e56a898 37748bed 15dddfbf 16d50fd1 567a1c59 d9ca12df af31c596 467b4a59 67a4 quit crypto ca certificate chain SSLVPN-CA certificate 1204e359 30820410 308202f8 a0030201 02020412 04e35930 0d06092a 864886f7 0d01010b 05003081 c9312a30 2806092a 864886f7 0d010901 161b5068 756f6e67 2e4e6775 79656e56 616e4076 66632e63 6f6d2e76 6e311430 12060355 0407130b 486f2043 6869204d 696e6831 0b300906 03550406 1302564e 310c300a 06035504 0a130356 46433116 30140603 55040b13 0d495420 44657061 72746d65 6e743117 30150603 55040313 0e76706e 2e766663 2e636f6d 2e766e31 39301a06 092a8648 86f70d01 0908130d 3131382e 36392e33 342e3131 33301b06 092a8648 86f70d01 0902160e 76706e2e 7666632e 636f6d2e 766e301e 170d3137 31303135 31353030 31385a17 0d323731 30313331 35303031 385a3081 c9312a30 2806092a 864886f7 0d010901 161b5068 756f6e67 2e4e6775 79656e56 616e4076 66632e63 6f6d2e76 6e311430 12060355 0407130b 486f2043 6869204d 696e6831 0b300906 03550406 1302564e 310c300a 06035504 0a130356 46433116 30140603 55040b13 0d495420 44657061 72746d65 6e743117 30150603 55040313 0e76706e 2e766663 2e636f6d 2e766e31 39301a06 092a8648 86f70d01 0908130d 3131382e 36392e33 342e3131 33301b06 092a8648 86f70d01 0902160e 76706e2e 7666632e 636f6d2e 766e3082 0122300d 06092a86 4886f70d 01010105 00038201 0f003082 010a0282 010100a6 f35072f4 32f439fc 7a84a692 9d6a8826 54819c1c dd970084 2aec6ae6 c41382d3 946c9fa9 715c994c 29be003a b808d142 727c48f6 92b8369f 3d956314 962eb957 ed8bf3f7 55ed48b5 fe78b4d9 08bdc5db 5957434e 4ce7ddbf 082ffc1a b6316c8b 25df498d 8d013ee9 775b5a74 526db281 8730647c ee41f79c dae1d1a5 03ddefef 0d8d02e3 2d089f7f 7bc6e7ab b658f925 a77ff1d4 26230ea4 77bbebee 19eaaa61 a9139e62 d7f78024 30e38447 988acf3b 9539cb48 e8b34e61 cb73a0c7 5e7bfa48 e32b5b0c 84b1760a 3d6f64ed 67632391 2c4c3685 09adf8e3 f6d3f0d9 86879733 c99ffb44 f1c7fb2a 9f274d97 dc77cd6d 193c8d53 9fe4b206 58484619 354f8d02 03010001 300d0609 2a864886 f70d0101 0b050003 82010100 8b11e628 4992e513 b5efe41a 5f09e64e 4d1bdbd5 9e219c18 270a9a1b 1e415098 ce644287 7d641536 bc8617fb f9c3a6fc ed6043c4 5d519e5e ff0c3ae8 e77a517b 1f67b75e c8c7a01f 7849a7d6 525f3bdb 58acce92 01975b91 1eab830d 0a981c28 ab1a79aa 7e4b867c c7e3beef 1b872db0 2babf949 6dc36960 85c2117d bf2a0362 b1a0784d b77c5bbd c74f44e3 b3c9f8a5 92080399 3ab91eaa db0b3885 8147f7f4 e548dfec 106af0e9 64d6cbe7 aaf41ac7 baec6fe2 a39f9c00 d498053f 6cbe7cf5 048d389f 434a3da9 f4d1d07d 0055e5d1 4196e84a ad128199 00f7d668 39088824 177a4ca1 de2388cc 9ed225b0 d7abf0dd c26c7a0d 2fc53591 bd3806a4 d1883b9e quit crypto ca certificate chain SSLVPNVNPT-CA certificate 0b4dc35a 30820418 30820300 a0030201 0202040b 4dc35a30 0d06092a 864886f7 0d01010b 05003081 cd312a30 2806092a 864886f7 0d010901 161b5068 756f6e67 2e4e6775 79656e56 616e4076 66632e63 6f6d2e76 6e311430 12060355 0407130b 486f2043 6869204d 696e6831 0b300906 03550406 1302564e 310c300a 06035504 0a130356 46433116 30140603 55040b13 0d495420 44657061 72746d65 6e743118 30160603 55040313 0f76706e 322e7666 632e636f 6d2e766e 313c301c 06092a86 4886f70d 01090216 0f76706e 322e7666 632e636f 6d2e766e 301c0609 2a864886 f70d0109 08130f31 31332e31 36312e31 30372e31 3537301e 170d3138 30363134 31303136 32315a17 0d323830 36313131 30313632 315a3081 cd312a30 2806092a 864886f7 0d010901 161b5068 756f6e67 2e4e6775 79656e56 616e4076 66632e63 6f6d2e76 6e311430 12060355 0407130b 486f2043 6869204d 696e6831 0b300906 03550406 1302564e 310c300a 06035504 0a130356 46433116 30140603 55040b13 0d495420 44657061 72746d65 6e743118 30160603 55040313 0f76706e 322e7666 632e636f 6d2e766e 313c301c 06092a86 4886f70d 01090216 0f76706e 322e7666 632e636f 6d2e766e 301c0609 2a864886 f70d0109 08130f31 31332e31 36312e31 30372e31 35373082 0122300d 06092a86 4886f70d 01010105 00038201 0f003082 010a0282 010100a5 1ff7c5d2 aed079e5 7a888fa7 078aa418 85f3e96d 2e90436d f4f2e4cb 4c4009aa e485b677 5818fa35 d5c72644 ae3c2195 71525cf6 07f639a6 12548c97 ba00d81d 18f6903e 90bc4755 257aa3ed 0fa85258 894a71f2 b097adf5 d55a4b00 670a55c7 7644b077 9ae8d7c0 dfede669 8d89b6ba fd514137 2b88ccd2 3dd9ae11 bd5bf232 ae6189b8 b22f5406 64c512c8 c6057ce6 ace473d0 fdcbf5d5 2d5d88b8 a97e1604 d6dcf0c4 d5f62582 75726a84 3e1e0967 bebac48c 24a263c1 50055fc2 f9c8bda5 fc2bdfa5 86fc775f 6a77b7eb f96919e3 b7dedaa3 319a130a a7f34565 b0f3908c 4ffe9cd5 2a7c3a8d 9bd8692f db841241 6ae7eb7c e70f8dc5 441e6780 843e1502 03010001 300d0609 2a864886 f70d0101 0b050003 82010100 8eee149c 29601991 db802130 7190348e 376ef708 aef3ee5f e9e28b02 d6b06a69 03a9a3d2 68f361d7 d5ee29d6 997bc0a0 83595c9b bd3c676f 7b4c813e 2108add9 1af4cab1 8ddbb443 ca472b7b 2ef0e0f3 00ccf80a e8235f57 7832f335 2bae581a ce90b0a4 6d593582 d3743e0a 659768ce 9502a023 cf1de2c7 8af760ae be3d6afe bfef14d0 62e3e2c1 42ed6c7e 30d1c60f 322dd259 9e013254 8118813b 7e5bca3f b3a188c3 6affdbd2 16d410ff 472c4ef4 387600f2 29dbbd4e 0e0214b0 08500912 59e16272 597825dd 4700782e 3d02be99 8a79b423 1b2e4d86 1b8d3db5 66f1caa5 ce24aea5 fc1eff45 fa8baf44 3b7f4e68 f3730633 1b137354 2146aff2 a8ba8dc9 quit crypto ikev2 policy 1 encryption aes-256 integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 10 encryption aes-192 integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 20 encryption aes integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 30 encryption 3des integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 40 encryption des integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 enable wan1 crypto ikev2 enable wan2 client-services port 443 crypto ikev2 enable inside900 client-services port 443 crypto ikev2 remote-access trustpoint SSLVPN-CA crypto ikev1 enable wan1 crypto ikev1 enable wan2 crypto ikev1 enable inside900 crypto ikev1 policy 10 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 crypto ikev1 policy 20 authentication rsa-sig encryption 3des hash sha group 2 lifetime 86400 client-update enable ! track 1 rtr 3 reachability ! track 2 rtr 4 reachability telnet 172.16.17.0 255.255.255.0 inside900 telnet timeout 15 ssh scopy enable ssh stricthostkeycheck ssh 42.119.159.105 255.255.255.255 wan1 ssh 172.16.33.200 255.255.255.255 inside900 ssh 172.16.32.145 255.255.255.255 inside900 ssh 172.16.17.0 255.255.255.0 inside900 ssh 10.60.60.0 255.255.255.0 inside900 ssh timeout 5 ssh key-exchange group dh-group1-sha1 console timeout 0 management-access inside900 vpdn group cmc request dialout pppoe vpdn group cmc localname phuonga240417 vpdn group cmc ppp authentication pap vpdn group netfpt request dialout pppoe vpdn group netfpt localname sgfdl-090330-278 vpdn group netfpt ppp authentication pap vpdn group wanfpt request dialout pppoe vpdn group wanfpt localname sgfdl-090330-278 vpdn group wanfpt ppp authentication pap vpdn group wan2fpt request dialout pppoe vpdn group wan2fpt localname sgfdl-090330-278 vpdn group wan2fpt ppp authentication pap vpdn group fpt02 request dialout pppoe vpdn group fpt02 localname sgfdl-090330-278 vpdn group fpt02 ppp authentication pap vpdn username phuonga240417 password ***** vpdn username sgfdl-090330-278 password ***** dhcp-client client-id interface mgt dhcpd address 10.100.1.10-10.100.1.200 guest100 dhcpd dns 8.8.8.8 8.8.4.4 interface guest100 dhcpd ping_timeout 120 interface guest100 dhcpd enable guest100 ! dhcprelay timeout 60 threat-detection basic-threat threat-detection statistics threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200 ssl server-version tlsv1.1 ssl client-version tlsv1.1 ssl cipher default custom "RC4-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA" ssl cipher tlsv1 custom "RC4-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA" ssl cipher dtlsv1 custom "RC4-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA" ssl trust-point SSLVPNVNPT-CA wan1 ssl trust-point SSLVPN-CA wan2 ssl trust-point SSLVPN-CA wan1 vpnlb-ip webvpn enable wan1 enable wan2 anyconnect image disk0:/anyconnect-win-4.6.01103-webdeploy-k9.pkg 2 anyconnect image disk0:/anyconnect-macos-4.5.03040-webdeploy-k9.pkg 3 anyconnect image disk0:/anyconnect-linux64-4.5.03040-webdeploy-k9.pkg 4 anyconnect profiles VFCIPSecVPNIKEv2 disk0:/Ipsec/VFCIPSecVPNIKEv2.xml anyconnect profiles VFCSSLVPNClient disk0:/sslvpn/VFCSSLVPNClient.xml anyconnect enable tunnel-group-list enable cache disable error-recovery disable group-policy VFCIPSecVPNProfile internal group-policy VFCIPSecVPNProfile attributes wins-server value 172.16.17.70 172.16.17.11 dns-server value 172.16.17.70 172.16.17.11 vpn-idle-timeout none vpn-session-timeout none vpn-tunnel-protocol ikev1 ikev2 password-storage enable split-tunnel-policy tunnelspecified split-tunnel-network-list value VFCIPSecVPNProfile_splitTunnelAcl default-domain value vfc.local group-policy VFCSSLClientPolicy internal group-policy VFCSSLClientPolicy attributes wins-server value 172.16.17.70 172.16.17.71 dns-server value 172.16.17.70 172.16.17.11 vpn-tunnel-protocol ikev1 ssl-client ssl-clientless split-tunnel-policy tunnelspecified split-tunnel-network-list value VFCIPSecVPNProfile_splitTunnelAcl default-domain value vfc.local address-pools value Net2-SSL-VPN-POOL webvpn anyconnect keep-installer installed anyconnect dpd-interval client 30 anyconnect profiles value VFCSSLVPNClient type user group-policy VFCIPSecWindowsPolicy internal group-policy VFCIPSecWindowsPolicy attributes dns-server value 172.16.17.70 vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec split-tunnel-policy tunnelspecified split-tunnel-network-list value ACL-SPLIT-NET default-domain value vfc.local group-policy GroupPolicy_VFCIPSecVPNIKEv2 internal group-policy GroupPolicy_VFCIPSecVPNIKEv2 attributes wins-server none dns-server value 172.16.17.70 172.16.17.71 vpn-tunnel-protocol ikev2 split-tunnel-policy tunnelspecified split-tunnel-network-list value VFCIPSecVPNProfile_splitTunnelAcl default-domain value vfc.local webvpn anyconnect profiles value VFCIPSecVPNIKEv2 type user dynamic-access-policy-record DfltAccessPolicy username admin password $sha512$5000$e4ZxXqzkEyMt2/apT2feUQ==$3boSshu5A+3wYuOTJvJmaQ== pbkdf2 privilege 15 username admin1 password $sha512$5000$Pf70GiA4/aAMx0isk5ag7Q==$hJWk/IuQvXVKcRMs+/Xa1Q== pbkdf2 privilege 15 username nvphuong password DOJqnMRXHUNleYYM7wkc3Q== nt-encrypted tunnel-group DefaultRAGroup general-attributes address-pool Net60-IPSEC-VPN-POOL default-group-policy VFCIPSecWindowsPolicy tunnel-group DefaultRAGroup webvpn-attributes group-alias VFCIPSecVPNWindows disable tunnel-group DefaultRAGroup ipsec-attributes ikev1 pre-shared-key ***** peer-id-validate nocheck tunnel-group DefaultRAGroup ppp-attributes no authentication chap authentication ms-chap-v2 tunnel-group VFCSSLClientProfile type remote-access tunnel-group VFCSSLClientProfile general-attributes authentication-server-group VFC-NPS-01 default-group-policy VFCSSLClientPolicy tunnel-group VFCSSLClientProfile webvpn-attributes group-alias VFCSSLVPNClient enable tunnel-group VFCIPSecVPNProfile type remote-access tunnel-group VFCIPSecVPNProfile general-attributes address-pool Net60-IPSEC-VPN-POOL authentication-server-group VFC-NPS-01 default-group-policy VFCIPSecVPNProfile tunnel-group VFCIPSecVPNProfile ipsec-attributes ikev1 pre-shared-key ***** isakmp keepalive threshold 60 retry 2 tunnel-group VFCIPSecVPNIKEv2 type remote-access tunnel-group VFCIPSecVPNIKEv2 general-attributes address-pool Net60-IPSEC-VPN-POOL authentication-server-group VFC-NPS-01 default-group-policy GroupPolicy_VFCIPSecVPNIKEv2 tunnel-group VFCIPSecVPNIKEv2 webvpn-attributes group-alias VFCIPSecVPNIKEv2 disable tunnel-group VFCIPSecVPNIKEv2 ipsec-attributes ikev2 remote-authentication pre-shared-key ***** tunnel-group-map VFCMAP 10 VFCIPSecVPNProfile ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum client auto message-length maximum 512 no tcp-inspection policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect ip-options inspect icmp inspect icmp error inspect pptp inspect snmp class class-default set connection decrement-ttl user-statistics accounting inspect ftp ! service-policy global_policy global smtp-server 172.16.17.80 prompt hostname context no call-home reporting anonymous hpm topN enable Cryptochecksum:a4a3676553c60d48df4345593f879e99 : end