cdpasa1> en
Password: *******
cdpasa1# show run
: Saved
:
ASA Version 8.0(3)
!
hostname cdpasa1
domain-name x.com
enable password encrypted
names
name 10.249.48.0 Hgnwhse description Hgnwhse
name 10.2.21.10 chadtest
name 10.2.253.252 Sametime
name 10.2.253.10 Ftp01
name 10.2.253.11 Farabi
name 10.2.253.12 DistSite
name 10.2.253.13 aadoorgroup.com
name 10.2.253.14 Betadist
name 10.2.253.15 Baronmetal
name 10.2.253.16 www.cecodoor.com
name 10.2.253.254 Cdpnotes1
name 10.2.253.253 Mailsrv1
name 10.2.253.251 Emailscan
name 10.2.253.20 Dns01
name 129.41.16.54 EDOXS01
name 64.242.106.19 EDOXS03
name 216.185.117.206 EDOXS04
name 216.237.12.146 EDOXS02
name 216.237.57.125 EDOXS20
name 151.205.245.38 EDOXS14
name 151.205.245.37 EDOXS13
name 151.205.245.36 EDOXS12
name 151.205.245.35 EDOXS11
name 151.205.245.34 EDOXS10
name 151.205.245.33 EDOXS09
name 64.208.56.97 EDOXS05
name 208.254.27.251 EDOXS16
name 208.254.27.250 EDOXS15
name 208.254.27.249 EDOXS18
name 216.237.12.147 EDOXS06
name 208.254.27.248 EDOXS17
name 194.133.15.69 EDOXS19
name 66.162.217.101 EDOXS08
name 66.162.217.100 EDOXS07
name 66.249.2.114 EDOXS22
name 66.249.2.118 EDOXS26
name 66.249.2.117 EDOXS25
name 66.249.2.116 EDOXS24
name 66.249.2.115 EDOXS23
name 64.34.161.7 EDOXS21
name 66.92.226.30 EDOXS27
name 66.92.226.29 EDOXS28
name 66.92.226.28 EDOXS29
name 66.92.226.27 EDOXS30
name 66.92.226.26 EDOXS31
name 66.92.226.25 EDOXS32
name 205.152.37.23 ATTMETDNS1
name 205.152.132.23 ATTMETDNS2
name 10.2.20.226 DNS02
name 10.2.30.28 DNS01
name 10.244.12.0 Maltex
dns-guard
!
interface GigabitEthernet0/0
 nameif outside
 security-level 0
 ip address 74.x.x.2 255.255.255.224
!
interface GigabitEthernet0/1
 nameif inside
 security-level 100
 ip address 10.2.30.13 255.255.192.0
!
interface GigabitEthernet0/2
 nameif DMZ
 security-level 50
 ip address 10.2.253.2 255.255.255.0
!
interface GigabitEthernet0/3
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Management0/0
 nameif management
 security-level 100
 ip address 192.168.1.3 255.255.255.0
 management-only
!
passwd BWaQlcykry5AAxTH encrypted
boot system disk0:/asa803-k8.bin
ftp mode passive
dns server-group DefaultDNS
 domain-name cecodoor.com
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group protocol TCPUDP
 protocol-object udp
 protocol-object tcp
access-list cecovpn_splitTunnelAcl standard permit 10.0.0.0 255.0.0.0
access-list cecovpn_splitTunnelAcl standard permit 172.0.0.0 255.0.0.0
access-list inside_nat0_outbound extended permit ip 10.0.0.0 255.0.0.0 10.2.23.0 255.255.255.128
access-list inside_nat0_outbound extended permit ip 172.0.0.0 255.0.0.0 10.2.23.0 255.255.255.128
access-list inside_nat0_outbound extended permit ip 10.0.0.0 255.0.0.0 10.2.253.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 172.0.0.0 255.0.0.0 10.2.253.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 10.0.0.0 255.0.0.0 Hgnwhse 255.255.255.0
access-list inside_nat0_outbound extended permit ip 10.0.0.0 255.0.0.0 Maltex 255.255.255.0
access-list outside_1_cryptomap extended permit ip 10.0.0.0 255.0.0.0 Hgnwhse 255.255.255.0
access-list DMZ_access_in extended permit icmp 10.2.253.0 255.255.255.0 any
access-list DMZ_access_in extended permit ip any any
access-list outside_in extended permit tcp any host 74.x.x.13 eq www
access-list outside_in extended permit tcp any host 74.x.x.13 eq https
access-list outside_in extended permit tcp any host 74.x.x.14 eq www
access-list outside_in extended permit esp any any
access-list outside_in extended permit udp any any eq isakmp
access-list outside_in extended permit icmp any host 74.x.x.13
access-list outside_in extended permit icmp any host 74.x.x.16
access-list outside_in extended permit tcp any host 74.x.x.16 eq www
access-list outside_in extended permit tcp any host 74.x.x.16 eq https
access-list outside_in extended permit tcp any host 74.x.x.21 eq www
access-list outside_in extended permit tcp any host 74.x.x.21 eq 8081
access-list outside_in extended permit tcp any host 74.x.x.21 eq 8082
access-list outside_in extended permit tcp any host 74.x.x.24 eq ftp
access-list outside_in extended permit tcp any host 74.x.x.24 eq ftp-data
access-list outside_in extended permit tcp any host 74.x.x.17 eq www
access-list outside_in extended permit tcp any host 74.x.x.17 eq https
access-list outside_in extended permit tcp any host 74.x.x.15 eq www
access-list outside_in extended permit tcp any host 74.x.x.18 eq www
access-list outside_in extended permit tcp any host 74.x.x.18 eq lotusnotes
access-list outside_in extended permit tcp any host 74.x.x.19 eq www
access-list outside_in extended permit tcp any host 74.x.x.19 eq lotusnotes
access-list outside_in extended permit tcp any host 74.x.x.30 eq www
access-list outside_in extended permit tcp any host 74.x.x.25 eq www
access-list outside_in extended permit tcp any host 74.x.x.28 eq www
access-list outside_in extended permit tcp any host 74.x.x.28 eq https
access-list outside_in extended permit tcp host EDOXS01 host 74.x.x.22 eq smtp
access-list outside_in extended permit tcp host EDOXS02 host 74.x.x.22 eq smtp
access-list outside_in extended permit tcp host EDOXS03 host 74.x.x.22 eq smtp
access-list outside_in extended permit tcp host EDOXS04 host 74.x.x.22 eq smtp
access-list outside_in extended permit tcp host EDOXS05 host 74.x.x.22 eq smtp
access-list outside_in extended permit tcp host EDOXS06 host 74.x.x.22 eq smtp
access-list outside_in extended permit tcp host EDOXS07 host 74.x.x.22 eq smtp
access-list outside_in extended permit tcp host EDOXS08 host 74.x.x.22 eq smtp
access-list outside_in extended permit tcp host EDOXS09 host 74.x.x.22 eq smtp
access-list outside_in extended permit tcp host EDOXS10 host 74.x.x.22 eq smtp
access-list outside_in extended permit tcp host EDOXS11 host 74.x.x.22 eq smtp
access-list outside_in extended permit tcp host EDOXS12 host 74.x.x.22 eq smtp
access-list outside_in extended permit tcp host EDOXS13 host 74.x.x.22 eq smtp
access-list outside_in extended permit tcp host EDOXS14 host 74.x.x.22 eq smtp
access-list outside_in extended permit tcp host EDOXS15 host 74.x.x.22 eq smtp
access-list outside_in extended permit tcp host EDOXS16 host 74.x.x.22 eq smtp
access-list outside_in extended permit tcp host EDOXS17 host 74.x.x.22 eq smtp
access-list outside_in extended permit tcp host EDOXS18 host 74.x.x.22 eq smtp
access-list outside_in extended permit tcp host EDOXS19 host 74.x.x.22 eq smtp
access-list outside_in extended permit tcp host EDOXS20 host 74.x.x.22 eq smtp
access-list outside_in extended permit tcp host EDOXS21 host 74.x.x.22 eq smtp
access-list outside_in extended permit tcp host EDOXS22 host 74.x.x.22 eq smtp
access-list outside_in extended permit tcp host EDOXS23 host 74.x.x.22 eq smtp
access-list outside_in extended permit tcp host EDOXS24 host 74.x.x.22 eq smtp
access-list outside_in extended permit tcp host EDOXS25 host 74.x.x.22 eq smtp
access-list outside_in extended permit tcp host EDOXS26 host 74.x.x.22 eq smtp
access-list outside_in extended permit tcp host EDOXS27 host 74.x.x.22 eq smtp
access-list outside_in extended permit tcp host EDOXS28 host 74.x.x.22 eq smtp
access-list outside_in extended permit tcp host EDOXS29 host 74.x.x.22 eq smtp
access-list outside_in extended permit tcp host EDOXS30 host 74.x.x.22 eq smtp
access-list outside_in extended permit tcp host EDOXS31 host 74.x.x.22 eq smtp
access-list outside_in extended permit tcp host EDOXS32 host 74.x.x.22 eq smtp
access-list outside_in extended permit tcp any host 74.x.x.18 eq https
access-list outside_in extended permit tcp any host 74.x.x.19 eq https
access-list maltexvpn extended permit ip 10.0.0.0 255.0.0.0 Maltex 255.255.255.0
pager lines 24
logging enable
logging buffer-size 20000
logging buffered debugging
logging asdm informational
logging from-address asa5520@cecodoor.com
logging recipient-address chays@cecodoor.com level errors
mtu outside 1500
mtu inside 1500
mtu DMZ 1500
mtu management 1500
ip local pool cdppool 10.2.23.50-10.2.23.100 mask 255.255.255.192
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit host 10.249.48.1 outside
icmp permit any outside
icmp permit any inside
icmp permit any DMZ
asdm image disk0:/asdm-611.bin
no asdm history enable
arp timeout 14400
nat-control
global (outside) 101 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 101 0.0.0.0 0.0.0.0
nat (DMZ) 101 10.2.253.0 255.255.255.0
static (inside,outside) 74.x.x.13 10.2.18.13 netmask 255.255.255.255
static (DMZ,outside) 74.x.x.16 www.cecodoor.com netmask 255.255.255.255
static (DMZ,outside) 74.x.x.21 Sametime netmask 255.255.255.255
static (DMZ,outside) 74.x.x.24 Ftp01 netmask 255.255.255.255
static (DMZ,outside) 74.x.x.15 Farabi netmask 255.255.255.255
static (DMZ,outside) 74.x.x.17 DistSite netmask 255.255.255.255
static (DMZ,outside) 74.x.x.25 aadoorgroup.com netmask 255.255.255.255
static (DMZ,outside) 74.x.x.28 Betadist netmask 255.255.255.255
static (DMZ,outside) 74.x.x.30 Baronmetal netmask 255.255.255.255
static (DMZ,outside) 74.x.x.18 Cdpnotes1 netmask 255.255.255.255
static (DMZ,outside) 74.x.x.19 Mailsrv1 netmask 255.255.255.255
static (DMZ,outside) 74.x.x.22 Emailscan netmask 255.255.255.255
static (DMZ,outside) 74.x.x.23 Dns01 netmask 255.255.255.255
access-group outside_in in interface outside
access-group DMZ_access_in in interface DMZ
route outside 0.0.0.0 0.0.0.0 74.x.x.1 1
route inside 10.0.0.0 255.0.0.0 10.2.0.2 1
route inside 10.2.64.0 255.255.254.0 10.2.0.2 1
route outside Hgnwhse 255.255.255.0 74.x.x.1 1
route inside 172.0.0.0 255.0.0.0 10.2.30.9 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.1.0 255.255.255.0 management
http 10.2.0.0 255.255.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set s2s esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-D
crypto map outside_map 15 match address outside_1_cryptomap
crypto map outside_map 15 set peer 76.228.49.58
crypto map outside_map 15 set transform-set s2s ESP-3DES-SHA
crypto map outside_map 15 set reverse-route
crypto map outside_map 20 match address maltexvpn
crypto map outside_map 20 set peer 201.116.176.161
crypto map outside_map 20 set transform-set s2s ESP-3DES-SHA
crypto map outside_map 20 set reverse-route
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map inside_map interface inside
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp enable inside
crypto isakmp policy 10
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 28800
crypto isakmp nat-traversal 3600
telnet 10.2.0.0 255.255.0.0 inside
telnet chadtest 255.255.255.255 inside
telnet 10.2.30.99 255.255.255.255 inside
telnet 10.2.69.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.1.4-192.168.1.254 management
dhcpd enable management
!
threat-detection basic-threat
threat-detection statistics access-list
group-policy S2SVPN internal
group-policy S2SVPN attributes
 vpn-tunnel-protocol IPSec
group-policy DfltGrpPolicy attributes
 vpn-tunnel-protocol IPSec webvpn
group-policy cecovpn internal
group-policy cecovpn attributes
 wins-server value 10.2.20.226
 dns-server value 10.2.20.226 10.2.30.28
 vpn-tunnel-protocol IPSec
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value cecovpn_splitTunnelAcl
 default-domain value x.com
tunnel-group cecovpn type remote-access
tunnel-group cecovpn general-attributes
 address-pool cdppool
 default-group-policy cecovpn
tunnel-group cecovpn ipsec-attributes
 pre-shared-key *
tunnel-group 76.x.x.58 type ipsec-l2l
tunnel-group 76.x.x.58 general-attributes
 default-group-policy S2SVPN
tunnel-group 76.x.x.58 ipsec-attributes
 pre-shared-key *
tunnel-group 201.x.x.161 type ipsec-l2l
tunnel-group 201.x.x.161 general-attributes
 default-group-policy S2SVPN
tunnel-group 201.x.x.161 ipsec-attributes
 pre-shared-key *
!
class-map ftp-port
 match port tcp eq ftp
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect ftp inbound_ftp
 parameters
policy-map global_policy
 class inspection_default
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:3596103ae0b932339eeb3de97a1fddce
: end
cdpasa1#