sh run : Saved : : Serial Number: : Hardware: ASA5506, 4096 MB RAM, CPU Atom C2000 series 1250 MHz, 1 CPU (4 cores) : ASA Version 9.8(2) ! hostname hostnamevpn enable password names ! interface GigabitEthernet1/1 description TO ISP nameif outside security-level 0 ip address dhcp setroute ! interface GigabitEthernet1/2 bridge-group 1 nameif inside_1 security-level 100 ! interface GigabitEthernet1/3 bridge-group 1 nameif inside_2 security-level 100 ! interface GigabitEthernet1/4 bridge-group 1 nameif inside_3 security-level 100 ! interface GigabitEthernet1/5 bridge-group 1 nameif inside_4 security-level 100 ! interface GigabitEthernet1/6 bridge-group 1 nameif inside_5 security-level 100 ! interface GigabitEthernet1/7 bridge-group 1 nameif inside_6 security-level 100 ! interface GigabitEthernet1/8 bridge-group 1 nameif inside_7 security-level 100 ! interface Management1/1 management-only no nameif no security-level no ip address ! interface BVI1 description Equates to switch ports nameif inside security-level 100 ip address 10.X.X.254 255.255.255.0 ! boot system disk0:/asa982-lfbff-k8.SPA ftp mode passive clock timezone EST -5 same-security-traffic permit inter-interface same-security-traffic permit intra-interface object network rm_any subnet 0.0.0.0 0.0.0.0 object network 10.X.X.0_24 subnet 10.X.X.0 255.255.255.0 access-list vpn_traffic extended permit ip object 10.X.X.0_24 object rm_any pager lines 24 logging enable logging buffered informational logging asdm informational logging host inside X.X.X.X mtu outside 1500 mtu inside_1 1500 mtu inside_2 1500 mtu inside_3 1500 mtu inside_4 1500 mtu inside_5 1500 mtu inside_6 1500 mtu inside_7 1500 icmp unreachable rate-limit 1 burst-size 1 no asdm history enable arp timeout 14400 no arp permit-nonconnected arp rate-limit 16384 timeout xlate 3:00:00 timeout pat-xlate 0:00:30 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 timeout conn-holddown 0:00:15 timeout igp stale-route 0:01:10 user-identity default-domain LOCAL aaa authentication ssh console LOCAL aaa authentication serial console LOCAL aaa authentication http console LOCAL aaa authentication login-history http server enable http 10.0.0.0 255.0.0.0 inside_1 http 10.0.0.0 255.0.0.0 inside_2 http 10.0.0.0 255.0.0.0 inside_3 http 10.0.0.0 255.0.0.0 inside_4 http 10.0.0.0 255.0.0.0 inside_5 http 10.0.0.0 255.0.0.0 inside_6 http 10.0.0.0 255.0.0.0 inside_7 no snmp-server location no snmp-server contact service sw-reset-button crypto ipsec ikev1 transform-set rm-transset esp-aes esp-sha-hmac crypto ipsec security-association pmtu-aging infinite crypto map outside_map 1 match address vpn_traffic crypto map outside_map 1 set peer X.X.X.X crypto map outside_map 1 set ikev1 transform-set rm-transset crypto map outside_map interface outside crypto ca trustpool policy crypto ikev1 enable outside crypto ikev1 policy 1 authentication pre-share encryption aes hash sha group 2 lifetime 86400 telnet timeout 5 ssh stricthostkeycheck ssh 10.0.0.0 255.0.0.0 inside_1 ssh 10.0.0.0 255.0.0.0 inside_2 ssh 10.0.0.0 255.0.0.0 inside_3 ssh 10.0.0.0 255.0.0.0 inside_4 ssh 10.0.0.0 255.0.0.0 inside_5 ssh 10.0.0.0 255.0.0.0 inside_6 ssh 10.0.0.0 255.0.0.0 inside_7 ssh timeout 5 ssh version 2 ssh key-exchange group dh-group1-sha1 console timeout 0 management-access inside dhcpd dns X.X.X.X dhcpd domain corp.rmic.com dhcpd auto_config outside dhcpd option 150 ip X.X.X.X X.X.X.X dhcpd option 3 ip 10.X.X.254 ! dhcpd address 10.X.X.1-10.X.X.5 inside ! threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept dynamic-access-policy-record DfltAccessPolicy username sshadmin password $sha512$5000$J3Qr1kseF1tHNHWhw0hIjw==$LYbZ+1QDxW6M/PpB6uVVag== pbkdf2 tunnel-group X.X.X.X type ipsec-l2l tunnel-group X.X.X.X ipsec-attributes ikev1 pre-shared-key ***** ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum client auto message-length maximum 512 no tcp-inspection policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect ip-options ! service-policy global_policy global prompt hostname context no call-home reporting anonymous : end tracysmithermanvpn#