Result of the command: "sh run" : Saved : : Serial Number: JAD190402CJ : Hardware: ASA5506, 4096 MB RAM, CPU Atom C2000 series 1250 MHz, 1 CPU (4 cores) : ASA Version 9.12(2) ! hostname NTPL-ASA domain-name ntpladh.com enable password ***** pbkdf2 names no mac-address auto ip local pool vpnusers 11.1.1.0-11.1.1.15 mask 255.255.255.240 ip local pool Internal 12.1.1.0-12.1.1.15 mask 255.255.255.240 ! interface GigabitEthernet1/1 nameif outside security-level 0 ip address 49.248.128.xx 255.255.255.0 ! interface GigabitEthernet1/2 nameif DMZ security-level 100 ip address 10.1.1.1 255.255.255.252 ! interface GigabitEthernet1/3 bridge-group 1 nameif inside_2 security-level 100 ! interface GigabitEthernet1/4 bridge-group 1 nameif inside_3 security-level 100 ! interface GigabitEthernet1/5 bridge-group 1 nameif inside_4 security-level 100 ! interface GigabitEthernet1/6 bridge-group 1 nameif inside_5 security-level 100 ! interface GigabitEthernet1/7 bridge-group 1 nameif inside_6 security-level 100 ! interface GigabitEthernet1/8 bridge-group 1 nameif inside_7 security-level 100 ! interface Management1/1 management-only shutdown nameif management security-level 70 ip address 10.3.3.3 255.255.255.0 ! interface BVI1 no nameif security-level 100 ip address 192.168.1.1 255.255.255.0 ! boot system disk0:/asa9-12-2-lfbff-k8.SPA ftp mode passive clock timezone IST 5 30 dns domain-lookup outside dns domain-lookup DMZ dns server-group DefaultDNS name-server 192.168.240.10 DMZ name-server 8.8.8.8 outside domain-name ntpladh.com same-security-traffic permit intra-interface object network REVERSE_ROUTE host 10.3.3.254 object network NETWORK_OBJ_11.1.1.0_28 subnet 11.1.1.0 255.255.255.240 object network ISP host 49.248.128.xx object network 10.1.1.1 host 10.1.1.1 object network H-192.168.210.7 host 192.168.210.7 description Harsh PC object service rdp service tcp source range 1 65535 destination eq 3389 object network FORTIGATE-10.1.1.2 host 10.1.1.2 object network OLD-NTPLAD host 192.168.240.10 object network INTERNAL subnet 192.168.230.0 255.255.255.0 object network REVERSE_SUBNET subnet 192.168.0.0 255.255.0.0 object network default_route subnet 0.0.0.0 0.0.0.0 object network GOOGLE_DNS host 8.8.8.8 object network UCS host 192.168.240.2 object network ISE host 192.168.240.17 object network DMZ-NETWORK subnet 10.1.1.0 255.255.255.252 object network MANAGEMENT-NETOWRK subnet 10.3.3.0 255.255.255.0 object network OUTSIDE-NETWORK subnet 49.248.128.0 255.255.255.0 object network 12.1.1.0 subnet 12.1.1.0 255.255.255.240 object network NEW-AD host 192.168.240.159 object service LDAP-389 service tcp source range 1 65535 destination eq ldap description LDAP-389 object-group service DM_INLINE_SERVICE_2 service-object ip service-object tcp destination eq www service-object tcp destination eq https service-object icmp object-group protocol DM_INLINE_PROTOCOL_3 protocol-object ip protocol-object icmp object-group protocol DM_INLINE_PROTOCOL_1 protocol-object ip protocol-object icmp object-group service DM_INLINE_SERVICE_3 service-object ip service-object tcp-udp destination eq domain service-object icmp object-group network DM_INLINE_NETWORK_4 network-object object default_route network-object object GOOGLE_DNS object-group network DM_INLINE_NETWORK_5 network-object object 10.1.1.1 network-object object DMZ-NETWORK object-group protocol DM_INLINE_PROTOCOL_2 protocol-object ip protocol-object icmp object-group service DM_INLINE_SERVICE_1 service-object tcp-udp destination eq domain service-object object LDAP-389 object-group service DM_INLINE_SERVICE_4 service-object object LDAP-389 service-object tcp-udp destination eq domain object-group service DM_INLINE_SERVICE_5 service-object object LDAP-389 service-object tcp-udp destination eq domain object-group service DM_INLINE_TCP_1 tcp port-object eq www port-object eq https object-group service DM_INLINE_SERVICE_7 service-object icmp service-object tcp-udp destination eq domain service-object tcp destination eq ldap object-group protocol DM_INLINE_PROTOCOL_4 protocol-object ip protocol-object icmp object-group protocol DM_INLINE_PROTOCOL_5 protocol-object ip protocol-object icmp access-list AnyConnect_Client_Local_Print extended deny ip any4 any4 inactive access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq lpd inactive access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 631 inactive access-list AnyConnect_Client_Local_Print remark Windows' printing port access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 9100 inactive access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol access-list AnyConnect_Client_Local_Print extended permit udp any4 host 224.0.0.251 eq 5353 inactive access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name Resolution protocol access-list AnyConnect_Client_Local_Print extended permit udp any4 host 224.0.0.252 eq 5355 inactive access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 137 inactive access-list AnyConnect_Client_Local_Print extended permit udp any4 any4 eq netbios-ns inactive access-list outside_access_in extended permit object-group DM_INLINE_PROTOCOL_2 object NETWORK_OBJ_11.1.1.0_28 object DMZ-NETWORK access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_7 object NETWORK_OBJ_11.1.1.0_28 object OLD-NTPLAD inactive access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_2 object-group DM_INLINE_NETWORK_4 object-group DM_INLINE_NETWORK_5 inactive access-list outside_access_in extended permit ip object NETWORK_OBJ_11.1.1.0_28 any inactive access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 10.2.2.0 255.255.255.252 object REVERSE_SUBNET inactive access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_5 object REVERSE_SUBNET 10.2.2.0 255.255.255.252 inactive access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_3 object DMZ-NETWORK object NETWORK_OBJ_11.1.1.0_28 access-list inside_access_in extended permit ip object NETWORK_OBJ_11.1.1.0_28 object OLD-NTPLAD inactive access-list inside_access_in extended permit ip object NETWORK_OBJ_11.1.1.0_28 object ISE inactive access-list inside_access_in extended permit ip object NETWORK_OBJ_11.1.1.0_28 object NEW-AD inactive access-list inside_access_in extended permit ip object ISE object NETWORK_OBJ_11.1.1.0_28 inactive access-list inside_access_in extended permit object-group DM_INLINE_SERVICE_3 any any inactive access-list noaccess_vpn extended permit object-group DM_INLINE_SERVICE_4 object NETWORK_OBJ_11.1.1.0_28 object OLD-NTPLAD access-list noaccess_vpn extended permit object rdp object NETWORK_OBJ_11.1.1.0_28 object NEW-AD access-list noaccess_vpn extended permit object-group DM_INLINE_PROTOCOL_4 object NETWORK_OBJ_11.1.1.0_28 object OUTSIDE-NETWORK inactive access-list vpnusers_vpn extended permit object-group DM_INLINE_SERVICE_5 object NETWORK_OBJ_11.1.1.0_28 object OLD-NTPLAD access-list vpnusers_vpn extended permit tcp object NETWORK_OBJ_11.1.1.0_28 object ISE object-group DM_INLINE_TCP_1 access-list vpnusers_vpn extended permit ip object NETWORK_OBJ_11.1.1.0_28 interface outside inactive pager lines 24 logging enable logging console debugging logging asdm informational logging class webvpn console debugging logging class dap console debugging mtu outside 1500 mtu DMZ 1500 mtu inside_2 1500 mtu inside_3 1500 mtu inside_4 1500 mtu inside_5 1500 mtu inside_6 1500 mtu inside_7 1500 mtu management 1500 icmp unreachable rate-limit 1 burst-size 1 no asdm history enable arp timeout 14400 no arp permit-nonconnected arp rate-limit 16384 nat (outside,outside) source dynamic NETWORK_OBJ_11.1.1.0_28 interface nat (DMZ,outside) source dynamic NETWORK_OBJ_11.1.1.0_28 interface access-group outside_access_in in interface outside access-group inside_access_in in interface DMZ route outside 0.0.0.0 0.0.0.0 49.248.128.1 1 route DMZ 192.168.0.0 255.255.0.0 10.1.1.2 1 route management 192.168.190.0 255.255.255.0 10.3.3.254 1 timeout xlate 3:00:00 timeout pat-xlate 0:00:30 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 timeout conn-holddown 0:00:15 timeout igp stale-route 0:01:10 ldap attribute-map anyconnectldap map-name memberof Group-Policy map-value memberof "CN=vishal shah,CN=Users,DC=NTPLADH,DC=COM" vpnusers aaa-server raldap protocol ldap aaa-server raldap (DMZ) host 192.168.240.10 ldap-base-dn DC=NTPLADH,DC=COM ldap-scope subtree ldap-naming-attribute sAMAccountName ldap-login-password ***** ldap-login-dn CN=vishal shah,CN=Users,DC=NTPLADH,DC=COM server-type microsoft ldap-attribute-map anyconnectldap aaa-server duo protocol ldap aaa-server duo (outside) host api-26c8d851.duosecurity.com timeout 120 server-port 636 ldap-base-dn dc=DI51Z62W043C6N3VG0LG,dc=duosecurity,dc=com ldap-naming-attribute cn ldap-login-password ***** ldap-login-dn dc=DI51Z62W043C6N3VG0LG,dc=duosecurity,dc=com ldap-over-ssl enable server-type auto-detect aaa-server ISE protocol radius merge-dacl before-avpair dynamic-authorization aaa-server ISE (DMZ) host 192.168.240.17 key ***** radius-common-pw ***** user-identity default-domain LOCAL aaa authentication telnet console LOCAL aaa authentication enable console LOCAL aaa authentication ssh console LOCAL aaa authorization command LOCAL aaa authorization exec LOCAL auto-enable aaa authentication login-history http server enable http server idle-timeout 5 http 192.168.1.0 255.255.255.0 inside_2 http 0.0.0.0 0.0.0.0 management http 0.0.0.0 0.0.0.0 outside http redirect outside 80 no snmp-server location no snmp-server contact service sw-reset-button crypto ipsec security-association pmtu-aging infinite crypto ca trustpoint ASDM_TrustPoint0_ntpl enrollment self subject-name CN=ciscoasa keypair ntpl123 no ca-check crl configure crypto ca trustpoint ntpl enrollment self subject-name CN=ntpl-asa.ntpladh.com keypair ntplvpnkeypair crl configure crypto ca trustpool policy crypto ca certificate chain ASDM_TrustPoint0_ntpl certificate 1bc65b5d 308202d4 308201bc a0030201 0202041b c65b5d30 0d06092a 864886f7 0d01010b 0500302c 3111300f 06035504 03130863 6973636f 61736131 17301506 092a8648 86f70d01 09021608 63697363 6f617361 301e170d 31393038 32303131 33363231 5a170d32 39303831 37313133 3632315a 302c3111 300f0603 55040313 08636973 636f6173 61311730 1506092a 864886f7 0d010902 16086369 73636f61 73613082 0122300d 06092a86 4886f70d 01010105 00038201 0f003082 010a0282 01010089 6dc5cacf 0dec8d6e bc43fd62 4aad712a 5682b83e 1f2b2c79 4d1cb3c8 4c433173 d96f8d38 2cdc8847 739a381a 2cd517a2 f19b8b6d fa3b9b90 c5dcc7e4 dcc8ec3b c4a6c63a 6c5024b7 2f7721e8 76111546 f13dffdc f0f57925 9719b78e 6b5d1a45 ea386fc4 8e308f2e ae283fe5 b60effe5 3f9105a7 6157e4dc 5ffc37cd 1db2ee32 243459a3 921d175f 685224f0 61750c7e f3042cf7 885d6a63 81f1e9cd 13bcb228 c8338c46 005a91e5 c99a4dd7 876f43df b764747a 5908d0da aa2ae7a8 b88a266f 38c879c8 135260c5 9198fef2 599bd264 6e97282a 2a2574b0 aad0904e 040dfdab c9737e46 12508cdb f3ac6112 e30061da 7052e1c2 0dc9002c b5d3225f 3098ab02 03010001 300d0609 2a864886 f70d0101 0b050003 82010100 6fd7b357 f4ed5fcf 1b561281 b573e49b 2bfadca9 e0dfa0f5 5d3f779b a04a8f55 a363511e 3b72cd32 a237c3fd 1209ebe2 da49a69e 0fe48700 62be2742 b13f2e26 5681af35 23d195aa d01b951f f70e5569 ca07c823 9373634f 3ea3e727 268a2107 5ff8eb90 fb262317 6d73dfbb 3d9e9aa0 bb7165da b9362960 809903bd 488d2422 47d3f597 ece08ece a9dd9eca dbfde67f e2b8947c f1fbdacf 0774b804 b39e50dc 687f644b deaebbc0 b954e684 c09d98d7 69ea652d 9a50f8a8 507303fc 65a58f83 f941e352 7ea33543 9f753c11 50e90c49 518b5d38 98d29b4f b292df91 62e673b1 d44e5c27 e3301079 9009f397 99add35f 124008df e0b546b5 79917c68 2e363bc0 quit crypto ca certificate chain ntpl certificate 4ff25c5d 30820304 308201ec a0030201 0202044f f25c5d30 0d06092a 864886f7 0d01010b 05003044 311d301b 06035504 0313146e 74706c2d 6173612e 6e74706c 6164682e 636f6d31 23302106 092a8648 86f70d01 09021614 6e74706c 2d617361 2e6e7470 6c616468 2e636f6d 301e170d 31393038 32333131 32343430 5a170d32 39303832 30313132 3434305a 3044311d 301b0603 55040313 146e7470 6c2d6173 612e6e74 706c6164 682e636f 6d312330 2106092a 864886f7 0d010902 16146e74 706c2d61 73612e6e 74706c61 64682e63 6f6d3082 0122300d 06092a86 4886f70d 01010105 00038201 0f003082 010a0282 010100cd cbfe587e 68751bcb 4263df1a 7ecab5b7 dbcbc338 0ce9ab2d 1c6fa7f3 e98dfaf6 6859af65 2ba6492b b63c441e 27bd635b 508c6a78 918f7125 b3457c2e 4db4a85d 738ca7d7 350f2337 8301820c 23fe8425 10cf257d e905aed2 90b58e47 43ae0ecd 448d5dea ecab3571 67a3f8f4 40276a82 182d21d0 352c39fd c9dc4ba1 96747462 3b46d4da 55c23a24 29d57edc ca6f9785 1157952a d7f82860 7bd5bfd2 5b35b57f 463026b6 966e727f 9ff41913 ffa6a45c 52da77d2 b0a3dcc4 bec1d68f 2bb0b08c 1bed4909 9ca68dc9 16b766e5 2941c713 90973d09 3a443245 c4992ef4 ee9553e4 e5d8cabd bc29a769 6ada79a9 4dda1f81 f0229df3 6647f7ca 0bfa68cb 01c3cd02 03010001 300d0609 2a864886 f70d0101 0b050003 82010100 1f693fc4 c63680c6 db563191 3e6ef181 a7a813d3 294af435 5e7e4345 446c05aa bee2a35a d94b3b57 29b7b559 6a392016 11411614 5eaaf990 9bcc485b d91d6ade 094ddc93 9b4cbeb3 4a827d85 4a6afe83 6cf2c1bd 45ae0750 0603d38f 21040a5f 5ff128a6 fb92ae36 d7569437 87df0e6d 785e9c2e 76888984 7222d86c f3fece32 c07ed4dd 911d00c1 364a6768 bd9e5a89 481ece39 bb55672f 9d10e735 304795e8 0a2fc9c8 ce8f87e1 ff70ba94 8e5da5da 7242610b 6375af6f 0125e3b9 239e90f2 a80fba2b da574d2f 654d46a5 341c60f8 40aa6b02 7d380ec8 af48cdb3 0730afa2 edaf2d4c beadc1d5 2630e5f1 96847949 69320899 344b5e39 e3187733 53230c87 quit telnet 0.0.0.0 0.0.0.0 outside telnet 192.168.1.0 255.255.255.0 inside_2 telnet 0.0.0.0 0.0.0.0 management telnet timeout 5 no ssh stricthostkeycheck ssh 0.0.0.0 0.0.0.0 outside ssh 192.168.1.0 255.255.255.0 inside_2 ssh 0.0.0.0 0.0.0.0 management ssh timeout 5 ssh version 1 2 ssh key-exchange group dh-group1-sha1 console timeout 0 management-access management dhcpd auto_config outside ! threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept ssl cipher default all ssl cipher tlsv1 low ssl cipher tlsv1.1 low ssl cipher tlsv1.2 low ssl cipher dtlsv1 low ssl trust-point ASDM_TrustPoint0_ntpl outside ssl trust-point ASDM_TrustPoint0_ntpl DMZ ssl trust-point ASDM_TrustPoint0_ntpl inside_2 ssl trust-point ASDM_TrustPoint0_ntpl inside_3 ssl trust-point ASDM_TrustPoint0_ntpl inside_4 ssl trust-point ASDM_TrustPoint0_ntpl inside_5 ssl trust-point ASDM_TrustPoint0_ntpl inside_6 ssl trust-point ASDM_TrustPoint0_ntpl inside_7 webvpn enable outside enable DMZ hsts enable max-age 31536000 include-sub-domains no preload anyconnect image disk0:/anyconnect-win-4.6.00362-webdeploy-k9.pkg 1 anyconnect profiles noaccess disk0:/noaccess.xml anyconnect profiles vpnusers disk0:/vpnusers.xml anyconnect enable tunnel-group-list enable cache disable error-recovery disable group-policy noaccess internal group-policy noaccess attributes dns-server value 192.168.240.10 vpn-idle-timeout 30 vpn-session-timeout none vpn-tunnel-protocol ssl-client ssl-clientless group-lock value noaccess default-domain value ntpladh.com webvpn anyconnect profiles none group-policy GroupPolicy_vpnusers internal group-policy GroupPolicy_vpnusers attributes wins-server none dns-server value 192.168.240.10 vpn-idle-timeout 30 vpn-session-timeout none vpn-tunnel-protocol ssl-client ssl-clientless group-lock value vpnusers default-domain value ntpladh.com webvpn anyconnect profiles none always-on-vpn profile-setting group-policy "GroupPolicy_Internal user" internal group-policy "GroupPolicy_Internal user" attributes wins-server none dns-server value 192.168.240.159 vpn-session-timeout none vpn-tunnel-protocol ssl-client ssl-clientless default-domain value netlogicadh.com dynamic-access-policy-record DfltAccessPolicy username admin password ***** pbkdf2 privilege 15 username user1 password ***** pbkdf2 username Akshay password ***** pbkdf2 tunnel-group vpnusers type remote-access tunnel-group vpnusers general-attributes address-pool vpnusers authentication-server-group raldap default-group-policy GroupPolicy_vpnusers tunnel-group vpnusers webvpn-attributes group-alias vpnusers enable tunnel-group noaccess type remote-access tunnel-group noaccess general-attributes address-pool vpnusers authentication-server-group raldap default-group-policy noaccess tunnel-group noaccess webvpn-attributes group-alias noaccess enable tunnel-group "Internal user" type remote-access tunnel-group "Internal user" general-attributes address-pool Internal authentication-server-group ISE accounting-server-group ISE default-group-policy "GroupPolicy_Internal user" tunnel-group "Internal user" webvpn-attributes group-alias "Internal user" enable ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum client auto message-length maximum 512 no tcp-inspection policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect ip-options inspect icmp ! service-policy global_policy global prompt hostname context no call-home reporting anonymous Cryptochecksum:fe8f37ff4b850edf50183ec6a239ccf6 : end