: Saved : : Serial Number: JAD233504WH : Hardware: ASA5506, 4096 MB RAM, CPU Atom C2000 series 1250 MHz, 1 CPU (4 cores) : ASA Version 9.8(4)32 ! hostname ASA5506-3 domain-name cisco.com enable password $sha512$5000$yTAH/jAqUbmMnUA2Xh2bFg==$EujIHrLoFIBNuxJdM4UaFQ== pbkdf2 names no mac-address auto ! interface GigabitEthernet1/1 nameif outside security-level 0 ip address dhcp setroute ! interface GigabitEthernet1/2 bridge-group 1 nameif inside_2 security-level 100 ! interface GigabitEthernet1/3 bridge-group 1 nameif inside_3 security-level 100 ! interface GigabitEthernet1/4 bridge-group 1 nameif inside_4 security-level 100 ! interface GigabitEthernet1/5 bridge-group 1 nameif inside_5 security-level 100 ! interface GigabitEthernet1/6 bridge-group 1 nameif inside_6 security-level 100 ! interface GigabitEthernet1/7 bridge-group 1 nameif inside_7 security-level 100 ! interface GigabitEthernet1/8 bridge-group 1 nameif inside_8 security-level 100 ! interface Management1/1 management-only no nameif no security-level no ip address ! interface BVI1 nameif inside security-level 100 ip address 192.168.102.1 255.255.255.0 ! banner login NOTICE TO USERS banner login ============================================================================= banner login This is an official computer system and is the property of Prosis Hawaii LLC. banner login It is for authorized users only. Unauthorized users are prohibited. banner login Users (authorized or unauthorized) have no explicit or implicit expectation banner login of privacy. Any or all uses of this system may be subject to one or more of banner login the following actions: interception, monitoring, recording, auditing, banner login inspection and disclosing to security personnel and law enforcement personnel, banner login as well as authorized officials of other agencies, both domestic and foreign. banner login By using this system, the user consents to these actions. Unauthorized or banner login improper use of this system may result in administrative disciplinary action banner login and civil and criminal penalties. By accessing this system you indicate your banner login awareness of and consent to these terms and conditions of use. Discontinue banner login access immediately if you do not agree to the conditions stated in this notice. banner login ============================================================================= banner login boot system disk0:/asa984-32-lfbff-k8.SPA no ftp mode passive clock timezone HST -10 dns server-group DefaultDNS domain-name cisco.com same-security-traffic permit inter-interface same-security-traffic permit intra-interface object network NETWORK_OBJ_10.250.37.0_24 subnet 10.250.37.0 255.255.255.0 object network NETWORK_OBJ_192.168.0.0_19 subnet 192.168.0.0 255.255.224.0 object network NETWORK_OBJ_192.168.102.0_24 subnet 192.168.102.0 255.255.255.0 object network NETWORK_OBJ_192.168.224.0_19 subnet 192.168.224.0 255.255.224.0 object network NETWORK_OBJ_205.109.51.0_24 subnet 205.109.51.0 255.255.255.0 object network NETWORK_OBJ_205.109.54.0_23 subnet 205.109.54.0 255.255.254.0 object network NETWORK_OBJ_205.109.247.136_32 host 205.109.247.136 object network NETWORK_OBJ_192.168.101.0_24 subnet 192.168.101.0 255.255.255.0 object network NETWORK_OBJ_192.168.100.0_24 subnet 192.168.100.0 255.255.255.0 object network NETWORK_OBJ_10.208.0.0_21 subnet 10.208.0.0 255.255.248.0 object network NETWORK_OBJ_10.210.0.0_21 subnet 10.210.0.0 255.255.248.0 object-group network DM_INLINE_NETWORK_2 network-object object NETWORK_OBJ_10.250.37.0_24 network-object object NETWORK_OBJ_192.168.0.0_19 network-object object NETWORK_OBJ_192.168.224.0_19 network-object object NETWORK_OBJ_205.109.51.0_24 network-object object NETWORK_OBJ_205.109.54.0_23 network-object object NETWORK_OBJ_205.109.247.136_32 network-object object NETWORK_OBJ_192.168.101.0_24 network-object object NETWORK_OBJ_192.168.100.0_24 network-object object NETWORK_OBJ_10.208.0.0_21 network-object object NETWORK_OBJ_10.210.0.0_21 access-list outside_cryptomap extended permit ip 192.168.102.0 255.255.255.0 object-group DM_INLINE_NETWORK_2 pager lines 24 logging enable logging timestamp logging buffer-size 10000 logging trap informational logging asdm informational logging host inside 192.168.249.105 mtu outside 1500 mtu inside_2 1500 mtu inside_3 1500 mtu inside_4 1500 mtu inside_5 1500 mtu inside_6 1500 mtu inside_7 1500 mtu inside_8 1500 icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-7121.bin no asdm history enable arp timeout 14400 no arp permit-nonconnected arp rate-limit 16384 nat (inside_2,outside) source static NETWORK_OBJ_192.168.102.0_24 NETWORK_OBJ_192.168.102.0_24 destination static DM_INLINE_NETWORK_2 DM_INLINE_NETWORK_2 no-proxy-arp route-lookup nat (inside_3,outside) source static NETWORK_OBJ_192.168.102.0_24 NETWORK_OBJ_192.168.102.0_24 destination static DM_INLINE_NETWORK_2 DM_INLINE_NETWORK_2 no-proxy-arp route-lookup nat (inside_4,outside) source static NETWORK_OBJ_192.168.102.0_24 NETWORK_OBJ_192.168.102.0_24 destination static DM_INLINE_NETWORK_2 DM_INLINE_NETWORK_2 no-proxy-arp route-lookup nat (inside_5,outside) source static NETWORK_OBJ_192.168.102.0_24 NETWORK_OBJ_192.168.102.0_24 destination static DM_INLINE_NETWORK_2 DM_INLINE_NETWORK_2 no-proxy-arp route-lookup nat (inside_6,outside) source static NETWORK_OBJ_192.168.102.0_24 NETWORK_OBJ_192.168.102.0_24 destination static DM_INLINE_NETWORK_2 DM_INLINE_NETWORK_2 no-proxy-arp route-lookup nat (inside_7,outside) source static NETWORK_OBJ_192.168.102.0_24 NETWORK_OBJ_192.168.102.0_24 destination static DM_INLINE_NETWORK_2 DM_INLINE_NETWORK_2 no-proxy-arp route-lookup nat (inside_8,outside) source static NETWORK_OBJ_192.168.102.0_24 NETWORK_OBJ_192.168.102.0_24 destination static DM_INLINE_NETWORK_2 DM_INLINE_NETWORK_2 no-proxy-arp route-lookup ! object network NETWORK_OBJ_192.168.102.0_24 nat (any,outside) dynamic interface timeout xlate 3:00:00 timeout pat-xlate 0:00:30 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 timeout conn-holddown 0:00:15 timeout igp stale-route 0:01:10 aaa-server RADIUS protocol radius aaa-server RADIUS (inside) host 192.168.249.111 key ***** radius-common-pw ***** user-identity default-domain LOCAL aaa authentication http console RADIUS LOCAL aaa authentication ssh console LOCAL aaa authorization exec LOCAL auto-enable aaa authentication login-history http server enable http 192.168.102.0 255.255.255.0 inside_2 http 192.168.102.0 255.255.255.0 inside_3 http 192.168.102.0 255.255.255.0 inside_4 http 192.168.102.0 255.255.255.0 inside_5 http 192.168.102.0 255.255.255.0 inside_6 http 192.168.102.0 255.255.255.0 inside_7 http 192.168.102.0 255.255.255.0 inside_8 http 192.168.252.0 255.255.255.0 inside_8 http X.X.X.X 255.255.255.255 outside no snmp-server location no snmp-server contact service sw-reset-button crypto ipsec ikev1 transform-set tset esp-aes-256 esp-sha-hmac crypto ipsec security-association pmtu-aging infinite crypto dynamic-map outside_dyn_map 1 set ikev1 transform-set tset crypto dynamic-map outside_dyn_map 1 set reverse-route crypto map outside_map 1 match address outside_cryptomap crypto map outside_map 1 set peer 72.234.212.145 crypto map outside_map 1 set ikev1 transform-set tset crypto map outside_map 1 set reverse-route crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map crypto map outside_map interface outside crypto ca trustpool policy crypto ikev1 enable outside crypto ikev1 policy 10 authentication pre-share encryption aes-256 hash sha group 2 lifetime 86400 telnet timeout 5 ssh stricthostkeycheck ssh X.X.X.X 255.255.255.255 outside ssh X.X.X.X 255.255.255.255 outside ssh X.X.X.X 255.255.255.255 outside ssh 192.168.102.0 255.255.255.0 inside_2 ssh 192.168.102.0 255.255.255.0 inside_3 ssh 192.168.102.0 255.255.255.0 inside_4 ssh 192.168.102.0 255.255.255.0 inside_5 ssh 192.168.102.0 255.255.255.0 inside_6 ssh 192.168.102.0 255.255.255.0 inside_7 ssh 192.168.102.0 255.255.255.0 inside_8 ssh timeout 15 ssh version 2 ssh key-exchange group dh-group1-sha1 console timeout 0 management-access inside dhcpd dns 192.168.249.112 4.2.2.4 dhcpd auto_config outside dhcpd option 150 ip 192.168.250.10 ! dhcpd address 192.168.102.100-192.168.102.250 inside dhcpd dns 192.168.249.111 4.2.2.4 interface inside dhcpd enable inside ! threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept ntp server 192.168.246.1 source inside dynamic-access-policy-record DfltAccessPolicy tunnel-group X.X.X.X type ipsec-l2l tunnel-group X.X.X.X ipsec-attributes ikev1 pre-shared-key ***** ! class-map firePOWER-class description class to send all traffic to the Firepower module match any class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum client auto message-length maximum 512 no tcp-inspection policy-map global_policy class inspection_default inspect ftp inspect h323 h225 inspect h323 ras inspect ip-options inspect netbios inspect rsh inspect rtsp inspect skinny inspect esmtp inspect sqlnet inspect sunrpc inspect tftp inspect sip inspect xdmcp inspect dns preset_dns_map inspect icmp class firePOWER-class sfr fail-open policy-map type inspect dns migrated_dns_map_2 parameters message-length maximum client auto message-length maximum 512 no tcp-inspection policy-map type inspect dns migrated_dns_map_1 parameters message-length maximum client auto message-length maximum 512 no tcp-inspection ! service-policy global_policy global prompt hostname context no call-home reporting anonymous call-home profile CiscoTAC-1 no active destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address email callhome@cisco.com destination transport-method http subscribe-to-alert-group diagnostic subscribe-to-alert-group environment subscribe-to-alert-group inventory periodic monthly subscribe-to-alert-group configuration periodic monthly subscribe-to-alert-group telemetry periodic daily Cryptochecksum:2f948171c7373d7b6c72fe1dc6628ec7 : end