: ASA Version 8.0(3) ! hostname ASA domain-name default.domain.invalid dns-guard ! interface GigabitEthernet0/0 description " Towards WAN " speed 1000 duplex full nameif WAN security-level 0 ip address 10.0.0.26 255.255.255.248 standby 10.0.0.27 ! interface GigabitEthernet0/1 description " Towards LAN Users " speed 1000 duplex full nameif LAN security-level 100 ip address 10.0.0.2 255.255.255.248 standby 10.0.0.3 interface GigabitEthernet0/3 description LAN/STATE Failover Interface ! boot system disk0:/asa803-k8.bin ftp mode passive clock timezone IST 5 30 dns server-group DefaultDNS domain-name default.domain.invalid access-list LAN extended permit ip 10.0.0.0 255.0.0.0 any access-list WAN extended permit ip any 10.0.0.0 255.0.0.0 access-list cisco_splitTunnelAcl standard permit any access-list LAN_nat0_outbound extended permit ip any 10.0.5.0 255.255.255.0 pager lines 24 logging enable logging asdm informational mtu WAN 1500 mtu LAN 1500 mtu DMZ1 1500 mtu management 1500 ip local pool VPN-Pool 10.0.5.1-10.0.5.255 mask 255.255.255.0 failover failover lan unit primary failover lan interface Failover GigabitEthernet0/3 failover polltime unit 1 holdtime 3 failover replication http failover link Failover GigabitEthernet0/3 failover interface ip Failover 1.1.1.1 255.255.255.252 standby 1.1.1.2 icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-602.bin no asdm history enable arp timeout 60 nat (LAN) 0 access-list LAN_nat0_outbound access-group WAN in interface WAN access-group LAN in interface LAN route WAN 0.0.0.0 0.0.0.0 10.0.0.25 1 route LAN 10.0.0.0 255.0.0.0 10.0.0.1 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout uauth 0:05:00 absolute dynamic-access-policy-record DfltAccessPolicy aaa authentication ssh console LOCAL http server enable http 10.0.0.0 255.0.0.0 LAN http 0.0.0.0 0.0.0.0 WAN no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart service resetoutside crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-DES-SHA ESP-DES-MD5 crypto map WAN_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP crypto map WAN_map interface WAN crypto isakmp enable WAN crypto isakmp policy 10 authentication pre-share encryption des hash sha group 2 lifetime 86400 no vpn-addr-assign aaa no vpn-addr-assign dhcp threat-detection basic-threat threat-detection statistics group-policy cisco internal group-policy cisco attributes dns-server value 10.10.8.11 10.10.8.12 vpn-tunnel-protocol IPSec split-tunnel-policy tunnelspecified split-tunnel-network-list value cisco_splitTunnelAcl default-domain value cisco.net username cisco password bEyqiUgo8HknwRbf encrypted privilege 0 username cisco attributes vpn-group-policy cisco tunnel-group cisco type remote-access tunnel-group cisco general-attributes address-pool VPN-Pool default-group-policy cisco tunnel-group cisco ipsec-attributes pre-shared-key * ! class-map inspection_default match default-inspection-traffic ! policy-map type inspect dns migrated_dns_map_2 parameters message-length maximum 512 policy-map global_policy class inspection_default inspect dns migrated_dns_map_2 inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect icmp ! service-policy global_policy global prompt hostname context