: Saved : ASA Version 7.2(2) ! hostname AvenirGOCASA1 domain-name default.domain.invalid enable password QC8o.5ImaNB3RmV3 encrypted names ! interface Vlan1 nameif inside security-level 100 ip address 188.88.8.1 255.255.255.0 ! interface Vlan2 nameif outside security-level 0 ip address dhcp setroute ! interface Ethernet0/0 switchport access vlan 2 ! interface Ethernet0/1 ! interface Ethernet0/2 ! interface Ethernet0/3 ! interface Ethernet0/4 ! interface Ethernet0/5 ! interface Ethernet0/6 ! interface Ethernet0/7 ! passwd 2KFQnbNIdI.2KYOU encrypted ftp mode passive dns server-group DefaultDNS domain-name default.domain.invalid object-group network AvenirGOCHeadOffice network-object host 188.88.8.0 access-list inside_nat0_outbound extended permit ip any 188.88.8.192 255.255.255.192 access-list inside_nat0_outbound extended permit ip any host 207.81.157.27 access-list inside_nat0_outbound extended permit ip host 188.88.8.0 host 207.81.156.167 access-list inside_nat0_outbound extended permit ip 188.88.8.0 255.255.255.0 host 207.216.215.135 access-list Avenir_HO standard permit 188.88.8.0 255.255.255.0 access-list outside_40_cryptomap extended permit ip host 207.81.156.167 host 207.81.163.1 access-list outside_20_cryptomap extended permit ip 188.88.8.0 255.255.255.0 host 142.179.0.192 access-list outside_60_cryptomap extended permit ip 188.88.8.0 255.255.255.0 host 207.216.215.135 pager lines 24 logging enable logging asdm informational mtu inside 1500 mtu outside 1500 ip local pool AvenirGOC_VPN_Clients 188.88.8.200-188.88.8.249 mask 255.255.255.0 ip local pool Avenir_VPN_Clients 188.88.8.250-188.88.8.254 mask 255.255.255.0 icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-522.bin no asdm history enable arp timeout 14400 nat-control global (outside) 1 interface nat (inside) 0 access-list inside_nat0_outbound nat (inside) 1 0.0.0.0 0.0.0.0 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout uauth 0:05:00 absolute group-policy DfltGrpPolicy attributes banner none wins-server none dns-server none dhcp-network-scope none vpn-access-hours none vpn-simultaneous-logins 3 vpn-idle-timeout none vpn-session-timeout none vpn-filter none vpn-tunnel-protocol IPSec l2tp-ipsec webvpn password-storage disable ip-comp disable re-xauth disable group-lock none pfs disable ipsec-udp disable ipsec-udp-port 10000 split-tunnel-policy tunnelall split-tunnel-network-list none default-domain none split-dns none intercept-dhcp 255.255.255.255 disable secure-unit-authentication disable user-authentication disable user-authentication-idle-timeout none ip-phone-bypass disable leap-bypass disable nem disable backup-servers keep-client-config msie-proxy server none msie-proxy method no-modify msie-proxy except-list none msie-proxy local-bypass disable nac disable nac-sq-period 300 nac-reval-period 36000 nac-default-acl none address-pools none client-firewall none client-access-rule none webvpn functions url-entry html-content-filter none homepage none keep-alive-ignore 4 http-comp gzip filter none url-list none customization value DfltCustomization port-forward none port-forward-name value Application Access sso-server none deny-message value Login was successful, but because certain criteria have not been met or due to some specific group policy, you do not have permission to use any of the VPN features. Contact your IT administrator for more information svc none svc keep-installer installed svc keepalive none svc rekey time none svc rekey method none svc dpd-interval client none svc dpd-interval gateway none svc compression deflate group-policy Avenir_VPN_Clients internal group-policy Avenir_VPN_Clients attributes banner value Avenir_VPN_Clients Group Policy wins-server value 188.88.8.6 dns-server value 188.88.8.6 vpn-idle-timeout none vpn-session-timeout none vpn-tunnel-protocol IPSec split-tunnel-policy tunnelspecified split-tunnel-network-list value Avenir_HO default-domain value Avenir.net split-dns value Avenir.net user-authentication-idle-timeout 360 address-pools value Avenir_VPN_Clients group-policy AvenirGOC_VPN_Clients internal group-policy AvenirGOC_VPN_Clients attributes wins-server value 188.88.8.6 dns-server value 188.88.8.6 vpn-idle-timeout 360 vpn-tunnel-protocol IPSec default-domain value Avenir.net address-pools value AvenirGOC_VPN_Clients username VPN-AWong password oGXX9u.F2AGZQzC0 encrypted privilege 0 username VPN-AWong attributes vpn-group-policy Avenir_VPN_Clients username VPN-Brad password f3LwnF0oH5mLT5h. encrypted privilege 15 username VPN-Brad attributes vpn-group-policy AvenirGOC_VPN_Clients username VPN-Brad_Split password f3LwnF0oH5mLT5h. encrypted username VPN-Brad_Split attributes vpn-group-policy Avenir_VPN_Clients username VPN-KSauve password yqu3ToYuuJZmXv8k encrypted privilege 0 username VPN-KSauve attributes vpn-group-policy Avenir_VPN_Clients username VPN-Les password ISTG8pp6HB7iWgHU encrypted http server enable http 188.88.8.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto dynamic-map outside_dyn_map 20 set pfs crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA crypto dynamic-map outside_dyn_map 40 set pfs crypto dynamic-map outside_dyn_map 40 set transform-set ESP-3DES-SHA crypto map outside_map 60 match address outside_60_cryptomap crypto map outside_map 60 set pfs crypto map outside_map 60 set peer 207.216.215.135 crypto map outside_map 60 set transform-set ESP-3DES-SHA crypto map outside_map 60 set nat-t-disable crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map crypto map outside_map interface outside crypto isakmp enable outside crypto isakmp policy 10 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 tunnel-group Avenir_VPN_Clients type ipsec-ra tunnel-group Avenir_VPN_Clients general-attributes address-pool Avenir_VPN_Clients default-group-policy Avenir_VPN_Clients tunnel-group Avenir_VPN_Clients ipsec-attributes pre-shared-key * tunnel-group AvenirGOC_VPN_Clients type ipsec-ra tunnel-group AvenirGOC_VPN_Clients general-attributes address-pool AvenirGOC_VPN_Clients default-group-policy AvenirGOC_VPN_Clients tunnel-group AvenirGOC_VPN_Clients ipsec-attributes pre-shared-key * tunnel-group 207.216.215.135 type ipsec-l2l tunnel-group 207.216.215.135 ipsec-attributes pre-shared-key * telnet timeout 5 ssh timeout 5 console timeout 0 dhcpd dns 188.88.8.6 dhcpd wins 188.88.8.6 dhcpd auto_config outside dhcpd update dns both ! dhcpd address 188.88.8.75-188.88.8.150 inside dhcpd enable inside ! ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp ! service-policy global_policy global prompt hostname context Cryptochecksum:61bda9924374941d82e371df26d5325d : end asdm image disk0:/asdm-522.bin no asdm history enable