asa(config)# sh run : : Serial Number: : Hardware: ASA5506, 4096 MB RAM, CPU Atom C2000 series 1250 MHz, 1 CPU (4 cores) : ASA Version 9.15(1) ! hostname asa domain-name caloro.m enable password ***** pbkdf2 service-module 1 keepalive-timeout 4 service-module 1 keepalive-counter 6 service-module sfr keepalive-timeout 4 service-module sfr keepalive-counter 6 names no mac-address auto ! interface GigabitEthernet1/1 nameif outside security-level 0 ip address dhcp setroute ! interface GigabitEthernet1/2 bridge-group 1 nameif inside_1 security-level 100 ! interface GigabitEthernet1/3 bridge-group 1 nameif inside_2 security-level 100 ! interface GigabitEthernet1/4 bridge-group 1 nameif inside_3 security-level 100 ! interface GigabitEthernet1/5 bridge-group 1 nameif inside_4 security-level 100 ! interface GigabitEthernet1/6 bridge-group 1 nameif inside_5 security-level 100 ! interface GigabitEthernet1/7 bridge-group 1 nameif inside_6 security-level 100 ! interface GigabitEthernet1/8 bridge-group 1 nameif inside_7 security-level 100 ! interface Management1/1 management-only no nameif security-level 100 no ip address ! interface BVI1 nameif inside security-level 100 ip address 192.168.1.1 255.255.255.0 ! clock timezone CEST 1 clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00 dns server-group DefaultDNS domain-name caloro.m same-security-traffic permit inter-interface object network obj_any1 subnet 0.0.0.0 0.0.0.0 object network obj_any2 subnet 0.0.0.0 0.0.0.0 object network obj_any3 subnet 0.0.0.0 0.0.0.0 object network obj_any4 subnet 0.0.0.0 0.0.0.0 object network obj_any5 subnet 0.0.0.0 0.0.0.0 object network obj_any6 subnet 0.0.0.0 0.0.0.0 object network obj_any7 subnet 0.0.0.0 0.0.0.0 object network HomeLan host 192.168.1.0 description HomeLAN object network WWW host 0.0.0.0 object network INSIDE-NET subnet 192.168.1.0 255.255.255.0 object network DNS-Server host 192.168.1.9 description Debian DNS Server object network VPN-Server host 192.168.1.9 description Debian - VPN-Server object service OpenVPN service udp destination eq 1194 description OpenVPN object-group security VPN description VPN security-group tag 1194 object-group security DM_INLINE_SECURITY_1 group-object VPN security-group tag 1194 access-list 109 extended permit ip object DNS-Server any log disable access-list outside_access_in extended permit udp any object-group-security DM_INLINE_SECURITY_1 interface inside access-list inbound extended permit icmp any any time-exceeded access-list inbound extended permit icmp any any unreachable pager lines 24 logging enable logging asdm informational mtu outside 1500 mtu inside_1 1500 mtu inside_2 1500 mtu inside_3 1500 mtu inside_4 1500 mtu inside_5 1500 mtu inside_6 1500 mtu inside_7 1500 icmp unreachable rate-limit 1 burst-size 1 icmp permit 192.168.1.0 255.255.255.0 inside no asdm history enable arp timeout 14400 no arp permit-nonconnected arp rate-limit 16384 ! object network obj_any1 nat (inside_1,outside) dynamic interface object network obj_any2 nat (inside_2,outside) dynamic interface object network obj_any3 nat (inside_3,outside) dynamic interface object network obj_any4 nat (inside_4,outside) dynamic interface object network obj_any5 nat (inside_5,outside) dynamic interface object network obj_any6 nat (inside_6,outside) dynamic interface object network obj_any7 nat (inside_7,outside) dynamic interface access-group 109 in interface outside control-plane access-group inbound in interface outside timeout xlate 3:00:00 timeout pat-xlate 0:00:30 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 timeout conn-holddown 0:00:15 timeout igp stale-route 0:01:10 user-identity default-domain LOCAL aaa authentication http console LOCAL aaa authentication ssh console LOCAL aaa authentication login-history http server enable http 192.168.1.0 255.255.255.0 inside_6 http 192.168.1.0 255.255.255.0 inside_2 http 192.168.1.0 255.255.255.0 inside_3 http 192.168.1.0 255.255.255.0 inside_5 http 192.168.1.0 255.255.255.0 inside_1 http 192.168.1.0 255.255.255.0 inside_4 http 192.168.1.0 255.255.255.0 inside_7 no snmp-server location no snmp-server contact service sw-reset-button crypto ipsec security-association pmtu-aging infinite crypto ca trustpoint _SmartCallHome_ServerCA no validation-usage crl configure crypto ca trustpoint ASDM_TrustPoint0 enrollment terminal subject-name CN=asa crl configure crypto ca trustpool policy auto-import crypto ca certificate chain _SmartCallHome_ServerCA certificate ca 0509 31cd2e.... quit telnet timeout 5 ssh stricthostkeycheck ssh timeout 5 ssh version 2 ssh key-exchange group dh-group1-sha1 ssh 192.168.1.0 255.255.255.0 inside_7 ssh 192.168.1.1 255.255.255.255 inside_7 console timeout 0 dhcpd auto_config outside ! dhcpd address 192.168.1.20-192.168.1.200 inside dhcpd dns 192.168.1.9 interface inside dhcpd domain caloro.m interface inside dhcpd option 3 ip 192.168.1.1 interface inside dhcpd option 4 ip 21.21.21.21 195.186.4.101 interface inside dhcpd option 5 ip 192.168.1.9 interface inside dhcpd option 6 ip 192.168.1.9 interface inside dhcpd option 15 ascii caloro.m interface inside dhcpd option 26 hex 1500 interface inside dhcpd enable inside ! threat-detection basic-threat threat-detection statistics threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200 dynamic-access-policy-record DfltAccessPolicy username SSH password ***** pbkdf2 privilege 15 username admin password ***** pbkdf2 privilege 15 ! class-map inspection_default match default-inspection-traffic ! policy-map type inspect dns preset_dns_map parameters message-length maximum client auto message-length maximum 512 no tcp-inspection policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect ip-options inspect snmp inspect icmp class class-default user-statistics accounting set connection decrement-ttl ! service-policy global_policy global prompt hostname context call-home reporting anonymous Cryptochecksum:d : end