firewall(config)# show run : Saved : ASA Version 8.3(1) ! hostname firewall domain-name site_a.intra enable password MaU.hefweIrg4aVD encrypted passwd 2KFQnbNIdI.2KYOU encrypted names name 192.168.45.24 Server description Server name 192.168.45.25 Mail description Mail ! interface Vlan1 nameif inside security-level 100 ip address 192.168.45.1 255.255.255.0 ! interface Vlan2 nameif outside security-level 0 pppoe client vpdn group netstream ip address pppoe setroute ! interface Ethernet0/0 switchport access vlan 2 ! interface Ethernet0/1 ! interface Ethernet0/2 ! interface Ethernet0/3 ! interface Ethernet0/4 ! interface Ethernet0/5 ! interface Ethernet0/6 ! interface Ethernet0/7 ! ftp mode passive clock timezone CEST 1 clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00 dns domain-lookup inside dns domain-lookup outside dns server-group DefaultDNS name-server 192.168.45.21 domain-name site_a.intra object network obj_any subnet 0.0.0.0 0.0.0.0 object network NETWORK_OBJ_192.168.31.0_24 subnet 192.168.31.0 255.255.255.0 object network Server host 192.168.45.24 object network Server-http host 192.168.45.24 object network Server-ftp host 192.168.45.24 object network Mail host 192.168.45.25 object network Mail-https host 192.168.45.25 object network Mail-SMTP host 192.168.45.25 object network Mail-SMTPS host 192.168.45.25 object network Mail-SMTPSS host 192.168.45.25 object network Mail-IMAP host 192.168.45.25 object network Mail-IMAPS host 192.168.45.25 object network NETWORK_OBJ_192.168.45.0_24 subnet 192.168.45.0 255.255.255.0 object network site_aag subnet 192.168.45.0 255.255.255.0 object network site_b subnet 192.168.45.0 255.255.255.0 object network NETWORK_OBJ_12.168.1.0 host 12.168.1.0 object network NETWORK_OBJ_192.168.1.0_24 subnet 192.168.1.0 255.255.255.0 object network NETWORK_OBJ_10.1.1.0_24 subnet 10.1.1.0 255.255.255.0 object-group service Server-transfer tcp description Server port-object eq www port-object eq ftp object-group service Mail-Service tcp description Mail port-object eq https port-object eq smtp port-object eq 465 port-object eq 587 port-object eq 993 port-object eq imap4 access-list site_aVPN_splitTunnelAcl standard permit 192.168.45.0 255.255.255.0 access-list outside_access_in extended permit tcp any object Server object-group Server-transfer access-list outside_access_in extended permit tcp any object Mail object-group Mail-Service access-list outside_1_cryptomap extended permit ip object site_a object site_b access-list outside_2_cryptomap extended permit ip 192.168.45.0 255.255.255.0 10.1.1.0 255.255.255.0 access-list inside_cryptomap extended permit ip 192.168.45.0 255.255.255.0 10.1.1.0 255.255.255.0 pager lines 24 logging enable logging console warnings logging monitor informational logging asdm informational mtu inside 1500 mtu outside 1492 ip local pool VPNClient 192.168.31.1-192.168.31.254 mask 255.255.255.0 icmp unreachable rate-limit 1 burst-size 1 asdm history enable arp timeout 14400 nat (inside,outside) source static NETWORK_OBJ_192.168.45.0_24 NETWORK_OBJ_192.168.45.0_24 destination static NETWORK_OBJ_192.168.31.0_24 NETWORK_OBJ_192.168.31.0_24 nat (inside,outside) source static any any destination static NETWORK_OBJ_192.168.31.0_24 NETWORK_OBJ_192.168.31.0_24 nat (inside,outside) source static site_aag site_aag destination static site_b site_b nat (inside,outside) source static NETWORK_OBJ_192.168.45.0_24 NETWORK_OBJ_192.168.45.0_24 destination static NETWORK_OBJ_12.168.1.0 NETWORK_OBJ_12.168.1.0 nat (inside,outside) source static NETWORK_OBJ_192.168.45.0_24 NETWORK_OBJ_192.168.45.0_24 destination static NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_192.168.1.0_24 nat (inside,outside) source static NETWORK_OBJ_192.168.45.0_24 NETWORK_OBJ_192.168.45.0_24 destination static NETWORK_OBJ_10.1.1.0_24 NETWORK_OBJ_10.1.1.0_24 ! object network obj_any nat (inside,outside) dynamic interface object network Server-http nat (inside,outside) static interface service tcp www www object network Server-ftp nat (inside,outside) static interface service tcp ftp ftp object network Mail-https nat (inside,outside) static interface service tcp https https object network Mail-SMTP nat (inside,outside) static interface service tcp smtp smtp object network Mail-SMTPS nat (inside,outside) static interface service tcp 465 465 object network Mail-SMTPSS nat (inside,outside) static interface service tcp 587 587 object network Mail-IMAP nat (inside,outside) static interface service tcp imap4 imap4 object network Mail-IMAPS nat (inside,outside) static interface service tcp 993 993 access-group outside_access_in in interface outside timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 dynamic-access-policy-record DfltAccessPolicy aaa authentication ssh console LOCAL http server enable http 192.168.45.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto ipsec security-association lifetime seconds 28800 crypto ipsec security-association lifetime kilobytes 4608000 crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1 crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 crypto dynamic-map sitetosite 1 match address inside_cryptomap crypto dynamic-map sitetosite 1 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 crypto map outside_map 1 match address outside_1_cryptomap crypto map outside_map 1 set pfs crypto map outside_map 1 set transform-set ESP-AES-128-SHA crypto map outside_map 1 set reverse-route crypto map outside_map 2 match address outside_2_cryptomap crypto map outside_map 2 set pfs crypto map outside_map 2 set connection-type answer-only crypto map outside_map 2 set transform-set ESP-AES-128-SHA crypto map outside_map 2 set reverse-route crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP crypto map outside_map interface outside crypto map inside_map1 1 ipsec-isakmp dynamic sitetosite crypto map inside_map1 interface inside crypto isakmp enable outside crypto isakmp policy 1 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 crypto isakmp policy 10 authentication pre-share encryption 3des hash md5 group 2 lifetime 86400 crypto isakmp policy 50 authentication pre-share encryption aes hash sha group 2 lifetime 86400 telnet timeout 5 ssh 192.168.45.0 255.255.255.0 inside ssh 0.0.0.0 0.0.0.0 outside ssh timeout 30 console timeout 0 vpdn group netstream request dialout pppoe vpdn group netstream localname site_a@2wire.ch vpdn group netstream ppp authentication chap vpdn username site_a@2wire.ch password ***** dhcpd address 192.168.45.151-192.168.45.254 inside dhcpd dns 192.168.45.21 interface inside dhcpd lease 1048575 interface inside dhcpd domain site_a.intra interface inside dhcpd enable inside ! threat-detection basic-threat threat-detection statistics port threat-detection statistics protocol threat-detection statistics access-list threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200 ntp authentication-key 1 md5 ***** ntp authentication-key 2 md5 ***** ntp authenticate ntp trusted-key 1 ntp trusted-key 2 ntp server 46.19.142.197 key 1 prefer ntp server 193.219.61.110 key 2 prefer webvpn group-policy pkpowell internal group-policy pkpowell attributes dns-server value 192.168.45.21 8.8.4.4 vpn-tunnel-protocol IPSec svc split-tunnel-policy tunnelspecified split-tunnel-network-list value site_aVPN_splitTunnelAcl group-policy site_aVPN internal group-policy site_aVPN attributes dns-server value 192.168.0.253 vpn-tunnel-protocol IPSec svc split-tunnel-policy tunnelspecified split-tunnel-network-list value site_aVPN_splitTunnelAcl default-domain value site_a.intra group-policy boltsgroup internal group-policy boltsgroup attributes split-tunnel-policy tunnelall split-tunnel-network-list value site_aVPN_splitTunnelAcl username admin password GscWEAr8hW0uPvLa encrypted privilege 15 username admin attributes vpn-group-policy site_aVPN username phil password li15vHGWMHMaAyA2 encrypted privilege 15 username phil attributes vpn-group-policy site_aVPN username pkpowell password sWZ0Sb8WXZaoLjSp encrypted privilege 0 username pkpowell attributes vpn-group-policy pkpowell username site_a password RW20GB3rGFrxqh9L encrypted privilege 0 username site_a attributes vpn-group-policy site_aVPN service-type remote-access tunnel-group site_aVPN type remote-access tunnel-group site_aVPN general-attributes address-pool VPNClient default-group-policy site_aVPN tunnel-group site_aVPN ipsec-attributes pre-shared-key ***** tunnel-group pkpowell type remote-access tunnel-group pkpowell general-attributes address-pool VPNClient default-group-policy pkpowell tunnel-group pkpowell ipsec-attributes pre-shared-key ***** tunnel-group sitetosite type ipsec-l2l tunnel-group sitetosite general-attributes default-group-policy pkpowell tunnel-group sitetosite ipsec-attributes pre-shared-key ***** tunnel-group 0.0.0.0 type ipsec-l2l tunnel-group 0.0.0.0 ipsec-attributes pre-shared-key ***** ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum client auto message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect ip-options ! service-policy global_policy global prompt hostname context hpm topN enable Cryptochecksum:1f6b7baae37c5d64f3326aca0f109638 : end