SA Version 9.12(2) ! hostname ASAv1 enable password ***** pbkdf2 ! license smart feature tier standard throughput level 1G names name 173.37.145.8 tools.cisco.com no mac-address auto ip local pool Network-10 10.0.0.2-10.0.0.252 mask 255.255.255.0 ! interface GigabitEthernet0/0 description AWS Eth1 Outside interface nameif Outside security-level 0 ip address 15.200.26.219 255.255.255.240 ! interface GigabitEthernet0/1 description AWS Eth2 Inside interface nameif Inside security-level 100 ip address 10.0.3.227 255.255.255.0 ! interface Management0/0 nameif management security-level 100 ip address dhcp setroute ! ftp mode passive clock timezone EST -5 clock summer-time EDT recurring dns domain-lookup Outside dns domain-lookup Inside dns domain-lookup management same-security-traffic permit inter-interface same-security-traffic permit intra-interface object network Anyconnect-Inet subnet 10.0.0.0 255.255.0.0 description AWS Internal network object network VPN subnet 10.0.0.0 255.255.255.0 description VPN user IP Pool object network LinuxHost-1.206 host 10.0.1.206 object network rdp-host-1.7 host 10.0.1.7 object network rdp-host-1.171 host 10.0.1.171 object-group service DM_INLINE_SERVICE_1 service-object esp service-object tcp destination eq https service-object udp destination eq 4500 service-object udp destination eq isakmp service-object icmp object-group protocol TCPUDP protocol-object udp protocol-object tcp access-list vpn-acl extended permit ip any any log access-list AnyConnect_Client_Local_Print extended permit ip any4 any4 access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq lpd access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 631 access-list AnyConnect_Client_Local_Print remark Windows' printing port access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 9100 access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol access-list AnyConnect_Client_Local_Print extended permit udp any4 host 224.0.0.251 eq 5353 access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name Resolution protocol access-list AnyConnect_Client_Local_Print extended permit udp any4 host 224.0.0.252 eq 5355 access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 137 access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol access-list AnyConnect_Client_Local_Print remark Windows' printing port access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name Resolution protocol access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol access-list AnyConnect_Client_Local_Print extended permit udp any4 any4 eq netbios-ns access-list management_access_in extended permit tcp any4 host 10.0.1.206 eq ssh access-list management_access_in extended permit tcp any4 host 10.0.1.7 eq 3389 access-list management_access_in extended permit tcp any4 host 10.0.1.171 eq 3389 access-list VPN_CLIENTS_OUT extended permit ip object VPN any access-list SplitTunnel standard permit 10.0.0.0 255.255.255.0 pager lines 23 logging enable logging timestamp logging console informational logging trap informational logging history informational logging asdm informational logging host management 10.0.7.8 logging class auth console informational trap alerts logging class vpn console informational trap informational logging class webvpn trap informational mtu Outside 1500 mtu Inside 1500 mtu management 1500 no failover no monitor-interface service-module icmp unreachable rate-limit 1 burst-size 1 no asdm history enable arp timeout 14400 no arp permit-nonconnected arp rate-limit 8192 nat (Inside,management) source static Anyconnect-Inet Anyconnect-Inet destination static VPN VPN access-group management_access_in in interface management route management 0.0.0.0 0.0.0.0 52.222.73.114 1 route Inside 10.0.0.0 255.255.0.0 10.0.3.1 1 route Inside 10.0.2.0 255.255.255.0 10.0.3.1 1 route Inside 10.0.4.0 255.255.255.0 10.0.3.1 1 timeout xlate 3:00:00 timeout pat-xlate 0:00:30 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 timeout conn-holddown 0:00:15 timeout igp stale-route 0:01:10 aaa-server RADIUS protocol radius aaa-server RADIUS (Inside) host 10.0.4.132 key ***** authentication-port 1812 accounting-port 1813 no mschapv2-capable user-identity default-domain LOCAL aaa authentication ssh console LOCAL aaa authentication login-history http server enable http 0.0.0.0 0.0.0.0 management http 0.0.0.0 0.0.0.0 Outside no snmp-server location no snmp-server contact crypto ipsec security-association pmtu-aging infinite crypto ca trustpoint _SmartCallHome_ServerCA no validation-usage crl configure crypto ca trustpoint self-signed enrollment self subject-name cn=ASAv1 keypair self-key crl configure telnet timeout 5 ssh stricthostkeycheck ssh timeout 30 ssh version 1 2 console timeout 0 threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept ssl trust-point ASDM_TrustPoint4 Outside ssl trust-point ASDM_TrustPoint4 management ssl trust-point ASDM_TrustPoint4 Outside vpnlb-ip ssl trust-point ASDM_TrustPoint4 management vpnlb-ip webvpn enable management hsts enable max-age 31536000 include-sub-domains no preload anyconnect image disk0:/anyconnect-macos-4.6.03049-webdeploy-k9.pkg 1 anyconnect image disk0:/anyconnect-win-4.3.05017-k9.pkg 2 anyconnect enable tunnel-group-list enable cache disable error-recovery disable group-policy DfltGrpPolicy attributes vpn-tunnel-protocol ikev1 l2tp-ipsec group-policy GroupPolicy_VPN_Users internal group-policy GroupPolicy_VPN_Users attributes wins-server none dns-server value 10.0.3.5 vpn-tunnel-protocol ssl-client ssl-clientless split-tunnel-policy tunnelspecified split-tunnel-network-list value vpn-acl default-domain value Int.com webvpn anyconnect keep-installer installed group-policy GroupPoliocy_VPN_Users internal group-policy GroupPoliocy_VPN_Users attributes dns-server value 8.8.8.8 vpn-filter value VPN_CLIENTS_OUT vpn-tunnel-protocol ikev1 l2tp-ipsec split-tunnel-policy tunnelall address-pools value Network-10 dynamic-access-policy-record DfltAccessPolicy username cisco password ***** pbkdf2 privilege 15 tunnel-group VPN_Users type remote-access tunnel-group VPN_Users general-attributes address-pool Network-10 authentication-server-group RADIUS default-group-policy GroupPolicy_VPN_Users tunnel-group VPN_Users webvpn-attributes group-alias VPN_Users enable ! prompt hostname context no call-home reporting anonymous call-home profile CiscoTAC-1 no active destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address email callhome@cisco.com destination transport-method http subscribe-to-alert-group diagnostic subscribe-to-alert-group environment subscribe-to-alert-group inventory periodic monthly subscribe-to-alert-group configuration periodic monthly subscribe-to-alert-group telemetry periodic daily profile License destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService destination transport-method http !