! ASA Version 9.8(3) ! hostname dornfest domain-name happy.local enable password names no mac-address auto ip local pool AnyConnect_client_pool 172.22.21.10-172.22.21.250 mask 255.255.255.0 ! interface GigabitEthernet0/0 description outside nameif Outside security-level 0 ip address 28.15.23.163 255.255.255.0 ! interface GigabitEthernet0/1 description inside nameif Inside security-level 0 ip address 172.22.21.1 255.255.255.0 ! interface Management0/0 description management management-only nameif Management security-level 0 ip address 172.17.20.182 255.255.255.0 boot system disk0:/asa983-smp-k8.bin no ftp mode passive dns server-group DefaultDNS domain-name happy.local access-list splitACL standard permit 10.10.10.0 255.255.255.252 access-list ping extended permit icmp any any echo-reply access-list ping extended permit icmp any any source-quench access-list ping extended permit icmp any any unreachable access-list ping extended permit icmp any any time-exceeded pager lines 32 logging enable logging timestamp logging buffer-size 20000 logging monitor informational logging buffered debugging logging trap informational logging asdm informational logging facility 18 logging host Management 172.17.20.1 logging host netmanagment 10.21.1.55 6/5544 mtu Outside 1500 mtu Inside 1500 mtu netmanagment 1500 mtu Management 1500 no failover no monitor-interface service-module icmp unreachable rate-limit 1 burst-size 1 icmp permit any Outside icmp permit any Inside icmp permit any Management asdm image disk0:/asdm-792-152.bin no asdm history enable arp timeout 14400 no arp permit-nonconnected arp rate-limit 32768 timeout xlate 3:00:00 timeout pat-xlate 0:00:30 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 timeout conn-holddown 0:00:15 timeout igp stale-route 0:01:10 user-identity default-domain LOCAL aaa authentication serial console LOCAL aaa authentication ssh console LOCAL aaa authorization command LOCAL aaa authentication login-history http server enable no snmp-server location no snmp-server contact no snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart sysopt connection tcpmss 1300 crypto ipsec ikev2 ipsec-proposal STRONG protocol esp encryption aes-gcm-256 protocol esp integrity sha-1 crypto ipsec security-association pmtu-aging infinite crypto ipsec df-bit clear-df Outside crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group20 crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal STRONG crypto map Inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP crypto map Inside_map interface Outside crypto map Inside_map interface Inside crypto ca trustpoint VPN-TRUST subject-name CN=dornfest.happy.local keypair VPN-TRUST crl configure crypto ca trustpool policy crypto ca certificate map sv_certmap 10 subject-name attr cn co happy.local crypto ca certificate chain VPN-TRUST certificate 48068100000000000000000000000000000001e0 3082021e 308201a5 a0030201 02021448 06810000 00000000 00000000 00000000 0001e030 0a06082a 8648ce3d 04030330 31310b30 09060355 04061302 75733111 300f0603 55040a13 0861696e 666f7365 63310f30 0d060355 04031306 6169736c 6162301e 170d3230 30313136 31363331 33305a17 0d323431 32323631 34343334 6f6d3076 30100607 2a8648ce 3d020106 052b8104 00220362 000490ac 955dba6e d60e736d 6ce6a80f 85bc86c1 be490c61 9e299ca9 fa8a1c62 3a31c9f1 9eb81fda 4b61b10b fdb55f8c 3eaf433d 47374582 0e233f36 1f4a51aa 585ac320 f2d325b7 02ace6a5 4518d213 bb0782bb 9627894d b0fe4703 59a0abc6 0c73a381 9030818d 30090603 551d1304 02300030 13060355 1d25040c 300a0608 2b060105 05070301 300b0603 551d0f04 04030205 a0301e06 03551d11 04173015 8213626f 6e6e6965 2e61696e 666f7365 632e636f 6d301d06 03551d0e 04160414 61f87c3c 04c0ce6f a83a0e78 11825431 5313569d 301f0603 551d2304 18301680 141df47b 44d4ccf9 76367be1 4c53e163 13016d98 9b300a06 082a8648 ce3d0403 03036700 30640230 154106b2 f9f19801 9c428d79 97700123 d740178c 43d41177 610f2b16 56fd2a5f cc2f3988 12ad455d 8dbfbb2f a0c30121 02305c6a e9b2a30d 7a13f73c aa5ce905 12fb19b6 07f29696 3426e924 0fd6cee2 ae764b6f e411a559 ff9ec92b dec624cb e201 quit certificate ca 7857de0000000000000000000000000000000001 30820204 3082018a a0030201 02021478 57de0000 00000000 00000000 00000000 00000130 0a06082a 8648ce3d 04030330 31310b30 09060355 04061302 75733111 300f0603 55040a13 0861696e 666f7365 63310f30 0d060355 04031306 6169736c 6162301e 170d3139 31323236 31343433 34385a17 0d323431 32323631 34343334 385a3031 310b3009 06035504 06130275 73311130 0f060355 040a1308 61696e66 6f736563 310f300d 06035504 03130661 69736c61 62307630 1006072a 8648ce3d 7b4ec813 744c32e2 bcf04006 20783822 4af227d1 bee15b86 bf045606 2da96548 e33ec087 ef3336ad 7718e968 2d8ecdbe 5647bc0e a0b22b88 b0cf63f5 45d4b1ef 7be49c74 8283ed55 2ac5aa93 aaa36330 61300f06 03551d13 0101ff04 05300301 01ff300e 0603551d 0f0101ff 04040302 0106301d 0603551d 0e041604 141df47b 44d4ccf9 76367be1 4c53e163 13016d98 9b301f06 03551d23 04183016 80141df4 7b44d4cc f976367b e14c53e1 6313016d 989b300a 06082a86 48ce3d04 03030368 00306502 300d4eaa 48fe946e 98f87a28 a8168ff2 6eb4d9c8 483f056a f7f8845f de17c026 bb4d7a49 de7e1190 cc7825f1 32037808 d5023100 b1a0482e fdb5c311 112e53ce 2e73d00c e30fc106 b2c84601 38316d2f 83f4d21e ccf498a7 88848998 8fbd9b2a 6340a8c7 quit crypto isakmp identity hostname crypto ikev2 policy 1 encryption aes-256 integrity sha384 group 20 prf sha384 lifetime seconds 28800 crypto ikev2 enable Outside client-services port 443 crypto ikev2 remote-access trustpoint VPN-TRUST telnet timeout 5 ssh scopy enable ssh stricthostkeycheck ssh timeout 5 ssh version 2 ssh key-exchange group dh-group14-sha1 console timeout 5 management-access Management vpn load-balancing interface lbpublic Outside interface lbprivate Inside ! tls-proxy maximum-session 1000 ! threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept ntp server 172.17.20.180 source Management prefer ssl trust-point VPN-TRUST Management webvpn anyconnect image disk0:/anyconnect-linux-64-4.3.01095-k9.pkg 1 anyconnect profiles AnyConnectProfile disk0:/AnyConnectProfile.xml anyconnect enable tunnel-group-list enable cache disable certificate-group-map sv_certmap 10 AnyConnect_RA error-recovery disable group-policy GroupPolicy_AC internal group-policy GroupPolicy_AC attributes wins-server none vpn-tunnel-protocol ikev2 ssl-client split-tunnel-policy excludespecified split-tunnel-network-list value splitACL default-domain value happy.local dynamic-access-policy-record DfltAccessPolicy tunnel-group AnyConnect_RA type remote-access tunnel-group AnyConnect_RA general-attributes address-pool AnyConnect_client_pool default-group-policy GroupPolicy_AC tunnel-group AnyConnect_RA webvpn-attributes authentication certificate group-alias AnyConnect_RA enable no tunnel-group-map enable peer-ip tunnel-group-map default-group AnyConnect_RA ! class-map inspection_default match default-inspection-traffic class-map tcp_bypass match access-list ping ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum client auto message-length maximum 512 no tcp-inspection policy-map gpol_out class tcp_bypass set connection advanced-options tcp-state-bypass policy-map global_policy class inspection_default inspect ftp inspect h323 h225 inspect h323 ras inspect ip-options inspect netbios inspect rsh inspect rtsp inspect skinny inspect esmtp inspect sqlnet inspect sunrpc inspect tftp inspect sip inspect xdmcp inspect dns preset_dns_map inspect icmp policy-map type inspect dns migrated_dns_map_2 parameters message-length maximum client auto message-length maximum 512 no tcp-inspection policy-map type inspect dns migrated_dns_map_1 parameters message-length maximum client auto message-length maximum 512 no tcp-inspection ! service-policy global_policy global service-policy gpol_out interface Inside prompt hostname context no call-home reporting anonymous Cryptochecksum:3cb7bf5763a2dee8feba2ab11ecaf210 : end