ASA# sh run : Saved : ASA Version 8.0(3)6 ! hostname ASA domain-name mycompany.com enable password cD.Ipd4mfAx7CaFG encrypted passwd 2KFQnbNIdI.2KYOU encrypted names name 192.168.110.0 VPN-3 description VPN-3 Externo ! interface Ethernet0/0 nameif outside security-level 0 ip address 1.1.1.1 255.255.255.248 ospf cost 10 ! interface Ethernet0/1 speed 100 duplex full nameif inside security-level 100 ip address 192.168.1.249 255.255.255.0 ospf cost 10 ! interface Ethernet0/2 speed 100 duplex full nameif DMZ security-level 50 ip address 192.168.10.249 255.255.255.0 ospf cost 10 ! interface Ethernet0/3 no nameif no security-level no ip address ! ! boot system disk0:/asa803-6-k8.bin ftp mode passive clock timezone PEST -5 dns server-group DefaultDNS domain-name mycompany.com access-list dmzacceso extended permit ip 192.168.10.0 255.255.255.0 VPN-3 255.255.255.0 log disable access-list outsideacceso extended permit ip VPN-3 255.255.255.0 192.168.1.0 255.255.255.0 log disable access-list outsideacceso extended permit ip VPN-3 255.255.255.0 192.168.10.0 255.255.255.0 log disable access-list outsideacceso extended permit ip VPN-3 255.255.255.0 192.168.20.0 255.255.255.0 log disable access-list insideacceso extended permit ip 192.168.1.0 255.255.255.0 VPN-3 255.255.255.0 log disable access-list nonat extended permit ip host 192.168.1.219 host 192.168.10.33 access-list nonat remark No natear si va hacia la VPNs Remoto access-list nonat extended permit ip 192.168.1.0 255.255.255.0 VPN-3 255.255.255.0 access-list Remote-VPN_splitTunnelAcl standard permit 192.168.1.0 255.255.255.0 access-list VPN-3-ACL extended permit ip 192.168.10.0 255.255.255.0 VPN-3 255.255.255.0 access-list VPN-3-ACL extended permit ip 192.168.1.0 255.255.255.0 VPN-3 255.255.255.0 log disable access-list VPN-3-ACL extended permit ip VPN-3 255.255.255.0 192.168.30.0 255.255.255.0 log disable access-list VPN-3-ACL extended permit ip VPN-3 255.255.255.0 192.168.20.0 255.255.255.0 log disable access-list VPN-3-ACL extended permit ip 192.168.20.0 255.255.255.0 VPN-3 255.255.255.0 access-list DMZ_nat0_outbound extended permit ip 192.168.30.0 255.255.255.0 VPN-3 255.255.255.0 access-list DMZ_nat0_outbound extended permit ip 192.168.20.0 255.255.255.0 VPN-3 255.255.255.0 access-list DMZ_nat0_outbound extended permit ip 192.168.10.0 255.255.255.0 VPN-3 255.255.255.0 access-list traffic_for_ips_DMZ extended permit ip 192.168.10.0 255.255.255.0 any access-list traffic_for_ips_DMZ extended permit ip any 192.168.10.0 255.255.255.0 ! ip local pool Pool-VPN-3 192.168.110.1-192.168.110.254 mask 255.255.255.0 arp timeout 14400 nat-control global (outside) 1 interface nat (inside) 0 access-list nonat nat (inside) 1 192.168.1.5 255.255.255.255 nat (DMZ) 0 access-list DMZ_nat0_outbound nat (DMZ) 1 192.168.10.250 255.255.255.255 access-group outsideacceso in interface outside access-group outsideout out interface outside access-group insideacceso in interface inside access-group dmzacceso in interface DMZ ! route-map proxy-redirect permit 100 timeout xlate 5:01:00 timeout conn 15:00:00 half-closed 0:10:00 udp 0:10:00 icmp 0:00:02 aaa authentication enable console LOCAL http server enable 7443 http 192.168.10.0 255.255.255.0 DMZ snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto dynamic-map outside_dyn_map 30 set pfs crypto dynamic-map outside_dyn_map 30 set transform-set ESP-AES-128-SHA crypto map outside_map 30 ipsec-isakmp dynamic outside_dyn_map crypto map outside_map interface outside crypto isakmp identity address crypto isakmp nat-traversal 20 crypto isakmp enable outside crypto isakmp policy 10 authentication pre-share encryption aes hash sha group 2 lifetime 86400 no vpn-addr-assign aaa no vpn-addr-assign dhcp ssh 192.168.10.0 255.255.255.0 inside webvpn enable outside group-policy SSL-SAPOLIO internal group-policy SSL-SAPOLIO attributes vpn-tunnel-protocol webvpn default-domain value mycompany.com webvpn url-list none group-policy Remote-VPN internal group-policy Remote-VPN attributes vpn-tunnel-protocol IPSec split-tunnel-policy tunnelspecified split-tunnel-network-list value VPN-3-ACL default-domain value mycompany.com username jlvelasquez password 0q9zCR7leD3tSbLL encrypted username jlvelasquez attributes vpn-group-policy Remote-VPN service-type remote-access tunnel-group Remote-VPN type remote-access tunnel-group Remote-VPN general-attributes address-pool Pool-VPN-3 default-group-policy Remote-VPN tunnel-group Remote-VPN ipsec-attributes pre-shared-key * tunnel-group SSL-SAPOLIO type remote-access tunnel-group SSL-SAPOLIO general-attributes default-group-policy SSL-SAPOLIO