MOGASA> en Password: **************** MOGASA# sh run : Saved : : Serial Number: : Hardware: ASA5505, 512 MB RAM, CPU Geode 500 MHz : ASA Version 9.2(4) ! hostname MOGASA domain-name names ! interface Ethernet0/0 switchport access vlan 3 ! interface Ethernet0/1 switchport access vlan 28 ! interface Ethernet0/2 switchport access vlan 28 ! interface Ethernet0/3 switchport access vlan 28 ! interface Ethernet0/4 switchport access vlan 28 ! interface Ethernet0/5 switchport access vlan 28 ! interface Ethernet0/6 switchport access vlan 38 ! interface Ethernet0/7 switchport access vlan 38 ! interface Vlan3 description External Network nameif outside security-level 0 ip address X.X.X.X 255.255.255.252 ! interface Vlan28 description Internal Network nameif inside security-level 100 ip address X.X.1.1 255.255.255.0 ! interface Vlan38 nameif stream security-level 50 ip address X.X.12.1 255.255.255.0 ! boot system disk0:/asa924-k8.bin ftp mode passive dns server-group DefaultDNS domain-name something.local object network LAN subnet X.X.1.0 255.255.255.0 object network REMOTE-LAN subnet X.X.55.0 255.255.255.0 object service https service tcp destination eq https object service https-src service tcp source eq https object service http service tcp destination eq www object service http-src service tcp source eq www object network Internet subnet X.X.1.0 255.255.255.0 object network Geo-Rec host X.X.1.224 object service Bal-Stream-dest service udp destination eq 9005 object network Bal-Wan host 62.145.99.42 object service Bal-Stream-Src service udp source eq 9005 object network Stream-Connection subnet X.X.12.0 255.255.255.0 object service RDP-Dest service tcp destination eq 3389 object service RDP-Src service tcp source eq 3389 object-group network obj_any access-list outside_access_in extended permit object http any any inactive access-list outside_access_in extended permit object https any interface outside inactive access-list outside_access_in extended permit object Bal-Stream-dest any object Geo-Rec inactive access-list outside_access_in extended permit ip any any access-list inside_access_in extended permit ip object LAN object REMOTE-LAN inactive access-list inside_access_in extended permit ip any any access-list global_access extended permit icmp any any access-list outside_cryptomap extended permit ip object LAN object REMOTE-LAN pager lines 24 logging enable logging console emergencies logging asdm informational mtu outside 1500 mtu inside 1500 mtu stream 1500 no failover icmp unreachable rate-limit 1 burst-size 1 no asdm history enable arp timeout 14400 no arp permit-nonconnected nat (inside,outside) source static Geo-Rec interface service Bal-Stream-dest Bal-Stream-Src nat (inside,outside) source dynamic any interface nat (inside,outside) source static LAN LAN destination static REMOTE-LAN REMOTE-LAN no-proxy-arp route-lookup access-group outside_access_in in interface outside access-group inside_access_in in interface inside access-group global_access global route outside 0.0.0.0 0.0.0.0 X.X.X.X 1 timeout xlate 3:00:00 timeout pat-xlate 0:00:30 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 dynamic-access-policy-record DfltAccessPolicy user-identity default-domain LOCAL http server enable http X.X.1.0 255.255.255.0 inside no snmp-server location no snmp-server contact sysopt connection tcpmss 1300 crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transport crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transport crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transport crypto ipsec ikev2 ipsec-proposal DES protocol esp encryption des protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal 3DES protocol esp encryption 3des protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES protocol esp encryption aes protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES192 protocol esp encryption aes-192 protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES256 protocol esp encryption aes-256 protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal secure protocol esp encryption null protocol esp integrity sha-1 crypto ipsec security-association pmtu-aging infinite crypto ipsec fragmentation after-encryption outside crypto map outside_map 1 match address outside_cryptomap crypto map outside_map 1 set peer X.X.X.X crypto map outside_map 1 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 crypto map outside_map 1 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES crypto map outside_map 1 set df-bit set-df crypto map outside_map 1 set validate-icmp-errors crypto map outside_map interface outside crypto ca trustpool policy crypto ikev2 policy 1 encryption null integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 2 encryption null integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 10 encryption null integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 20 encryption null integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 30 encryption null integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 40 encryption null integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 enable outside crypto ikev1 enable outside crypto ikev1 policy 10 authentication pre-share encryption aes-256 hash sha group 2 lifetime 86400 crypto ikev1 policy 20 authentication rsa-sig encryption aes-256 hash sha group 2 lifetime 86400 crypto ikev1 policy 40 authentication pre-share encryption aes-192 hash sha group 2 lifetime 86400 crypto ikev1 policy 50 authentication rsa-sig encryption aes-192 hash sha group 2 lifetime 86400 crypto ikev1 policy 70 authentication pre-share encryption aes hash sha group 2 lifetime 86400 crypto ikev1 policy 80 authentication rsa-sig encryption aes hash sha group 2 lifetime 86400 crypto ikev1 policy 100 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 crypto ikev1 policy 110 authentication rsa-sig encryption 3des hash sha group 2 lifetime 86400 crypto ikev1 policy 130 authentication pre-share encryption des hash sha group 2 lifetime 86400 crypto ikev1 policy 140 authentication rsa-sig encryption des hash sha group 2 lifetime 86400 telnet timeout 5 ssh stricthostkeycheck ssh timeout 5 ssh key-exchange group dh-group1-sha1 console timeout 0 dhcpd auto_config outside ! dhcpd address X.X.1.200-X.X.1.220 inside dhcpd dns X.X.55.11 X.X.55.12 interface inside dhcpd domain something.local interface inside dhcpd option 3 ip X.X.1.1 interface inside dhcpd enable inside ! dhcpd address X.X.12.100-X.X.12.120 stream dhcpd enable stream ! threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept ntp server X.X.1.1 source inside ntp server 197.80.150.123 source outside ntp server 168.167.71.137 source outside ntp server 196.10.54.57 source outside ntp server 45.222.43.250 source outside group-policy GroupPolicy_X.X.X.X internal group-policy GroupPolicy_X.X.X.X attributes vpn-tunnel-protocol ikev1 ikev2 username admin password 3ufKmWvW/lN8pCMZ encrypted privilege 15 tunnel-group X.X.X.X type ipsec-l2l tunnel-group X.X.X.X general-attributes default-group-policy GroupPolicy_X.X.X.X tunnel-group X.X.X.X ipsec-attributes ikev1 pre-shared-key ***** ikev2 remote-authentication pre-shared-key ***** ikev2 local-authentication pre-shared-key ***** ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum client auto message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect ip-options ! service-policy global_policy global prompt hostname context no call-home reporting anonymous Cryptochecksum:23b84e2e974e4fb56480d387d8dddc0b : end MOGASA#