Result of the command: "sh run" : Saved : : Serial Number: JAD2037029J : Hardware: ASA5508, 8192 MB RAM, CPU Atom C2000 series 2000 MHz, 1 CPU (8 cores) : ASA Version 9.8(4)41 ! hostname fw-mtk2 domain-name nwb.local enable password EH.Ra/9U3zt0klYA encrypted passwd 2KFQnbNIdI.2KYOU encrypted names name 192.168.56.32 NET_MTK-IPSEC-RA name 192.168.56.40 NET_MTK-SSL-RA name 192.168.55.0 NET_NWB-RA name 192.168.100.0 NET_NWB-Server name 192.168.200.0 NET_NWB-Proxy name 192.168.200.2 Server_NWB-Proxy name 192.168.200.4 Server_NWB-NMS1 name 192.168.200.5 Server_NWB-NMS2 name 62.245.154.114 FW_NWB-Ext name 172.30.4.0 NET_LBO-Ext name 172.30.7.1 Server_LBO-Ext name 217.110.88.170 FW_LBO-Ext name 80.85.5.76 Server_MAIL1-Ext name 85.214.51.145 Server_MAIL2-Ext name 192.53.103.108 Server_PTB-NTP1 name 192.53.103.104 Server_PTB-NTP2 name 131.188.3.222 Server_FAUI-NTP1 name 194.187.160.94 Router_BR-Ext name 192.168.16.0 NET_NWB-Clients name 192.168.55.16 NET_NWB-RA-ipsec-allnets name 62.245.154.112 NET_NWB-Ext name 10.10.0.120 Switch_MTK-T05-1 name 10.10.0.121 Switch_MTK-UG16-1 name 10.10.0.122 Switch_MTK-EG10.1-1 name 10.10.0.123 Switch_MTK-EG10.1-2 name 10.10.0.124 Switch_MTK-1.10-1 name 10.10.0.125 Switch_MTK-2.10-1 name 10.10.0.126 Switch_MTK-3.10-1 name 83.236.183.226 Router_DS-Ext1 name 213.23.54.50 Router_DS-Ext2 name 192.168.100.25 Server_NWB-DC01 name 192.168.100.26 Server_NWB-DC02 name 193.28.97.0 NET_TDS-Ext name 10.10.2.0 NET_MTK2 name 10.10.2.1 FW_MTK2-Int name 88.217.184.96 FW_MTK2-Ext no mac-address auto ip local pool IPPOOL_MTK_IPSEC-RA 192.168.56.33-192.168.56.38 ! interface GigabitEthernet1/1 nameif outside security-level 0 ip address 192.168.178.100 255.255.255.0 ! interface GigabitEthernet1/2 no nameif security-level 100 no ip address ! interface GigabitEthernet1/2.13 vlan 13 nameif MTK2-DRUCKER security-level 100 ip address 10.9.13.254 255.255.255.0 ! interface GigabitEthernet1/2.16 vlan 16 nameif MTK2-CLIENTS security-level 100 ip address 10.9.16.254 255.255.255.0 ! interface GigabitEthernet1/2.18 vlan 18 nameif MTK2-MANAGEMENT security-level 100 ip address 10.9.18.254 255.255.255.0 ! interface GigabitEthernet1/3 shutdown no nameif no security-level no ip address ! interface GigabitEthernet1/4 shutdown no nameif security-level 100 no ip address ! interface GigabitEthernet1/5 nameif MGMT-IPS security-level 60 ip address 10.9.249.254 255.255.255.0 ! interface GigabitEthernet1/6 shutdown no nameif no security-level no ip address ! interface GigabitEthernet1/7 shutdown no nameif security-level 0 no ip address ! interface GigabitEthernet1/8 shutdown no nameif no security-level no ip address ! interface Management1/1 management-only nameif mgmt security-level 0 no ip address ! banner login ** W A R N I N G ** banner login Unauthorized access prohibited. banner login All access is monitored,and trespassers shall be banner login prosecuted to the fullest extent of the law. boot system disk0:/asa984-41-lfbff-k8.SPA boot system disk0:/asa982-20-lfbff-k8.SPA ftp mode passive clock timezone CEST 1 clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00 dns server-group DefaultDNS domain-name nwb.local same-security-traffic permit inter-interface same-security-traffic permit intra-interface object network obj_any subnet 0.0.0.0 0.0.0.0 object network NET_LBO-Ext subnet 172.30.4.0 255.255.252.0 object network NET_MTK-IPSEC-RA subnet 192.168.56.32 255.255.255.248 object network NET_MTK2 subnet 10.10.2.0 255.255.255.0 object network NET_NWB-RA subnet 192.168.55.0 255.255.255.0 object network NET_NWB-Server subnet 192.168.100.0 255.255.255.0 object network NET_TDS-Ext subnet 193.28.97.0 255.255.255.224 object network Server_MAIL1-Ext host 80.85.5.76 object network Server_MAIL2-Ext host 85.214.51.145 object network Server_NWB-Proxy host 192.168.200.2 object network NET_NWB-Clients subnet 192.168.16.0 255.255.255.0 object network NET_NWB-Proxy subnet 192.168.200.0 255.255.255.248 object network FW_NWB-Ext host 62.245.154.114 object network NET_NWB-CTX-Worker subnet 192.168.110.0 255.255.255.0 object network nw_192.168.110.0-24_NWB-CTX-WORKER subnet 192.168.110.0 255.255.255.0 object network nw_192.168.100.0-24_NWB-SERVER subnet 192.168.100.0 255.255.255.0 object network nw_192.168.200.0-29_NWB-PROXY subnet 192.168.200.0 255.255.255.248 object network nw_10.9.13.0-24_MTK2-DRUCKER subnet 10.9.13.0 255.255.255.0 object network nw_10.9.16.0-24_MTK2-CLIENTS subnet 10.9.16.0 255.255.255.0 object network nw_10.9.18.0-24_MTK2-MGMT subnet 10.9.18.0 255.255.255.0 object network h_10.9.249.11-FW-MTK2-IPS host 10.9.249.11 object network nw_10.9.249.0-24_MTK2-MGMT-IPS subnet 10.9.249.0 255.255.255.0 object network SRVPROXYHA-01 host 192.168.105.8 object network nw-10.10.100.0-24 subnet 10.10.100.0 255.255.255.0 object network RVSMA01 host 192.168.105.5 object network SRVPROXY-HA1 host 192.168.105.8 object-group service ports_tcp_mail tcp description --- TCP-Ports fuer Client-Zugriff auf Mailsystem --- port-object eq pop3 port-object eq smtp object-group network EXT_Mail-Server description --- Externe Mailserver im Internet --- network-object object Server_MAIL1-Ext network-object object Server_MAIL2-Ext object-group network ENC_Domain_NWB description --- Ziel-Netze bei NWB fuer Cryptomap --- network-object object NET_NWB-CTX-Worker network-object object NET_NWB-Proxy network-object object NET_NWB-RA network-object object NET_NWB-Server network-object object SRVPROXY-HA1 network-object object NET_NWB-Clients object-group network NET_MTK2_NTP-Client description --- NTP-Clients aus dem internen Netz --- network-object Switch_MTK-T05-1 255.255.255.255 network-object Switch_MTK-UG16-1 255.255.255.255 network-object Switch_MTK-EG10.1-1 255.255.255.255 network-object Switch_MTK-EG10.1-2 255.255.255.255 network-object Switch_MTK-1.10-1 255.255.255.255 network-object Switch_MTK-2.10-1 255.255.255.255 network-object Switch_MTK-3.10-1 255.255.255.255 object-group service ports_tcp_citrix tcp description --- TCP-Ports fuer Client-Zugriff auf Citrix --- port-object eq citrix-ica port-object eq 2598 port-object eq www port-object eq https object-group network ng_MTK2-NETZE network-object object nw_10.9.13.0-24_MTK2-DRUCKER network-object object nw_10.9.16.0-24_MTK2-CLIENTS network-object object nw_10.9.18.0-24_MTK2-MGMT network-object object nw_10.9.249.0-24_MTK2-MGMT-IPS network-object object NET_MTK2 object-group network ng_NWB-NETZE network-object object nw_192.168.100.0-24_NWB-SERVER network-object object nw_192.168.110.0-24_NWB-CTX-WORKER network-object object nw_192.168.200.0-29_NWB-PROXY network-object object SRVPROXYHA-01 network-object object nw-10.10.100.0-24 access-list 100 extended permit tcp any any inactive access-list 100 extended permit ip any any inactive access-list 100 extended permit ip object NET_MTK2 object-group ENC_Domain_NWB access-list ACL_nonat_inside remark --- kein NAT fuer VPN-Traffic --- access-list ACL_nonat_inside remark --- kein NAT fuer VPN-Traffic --- access-list ACL_nonat_inside remark --- kein NAT fuer VPN-Traffic --- access-list ACL_nonat_inside remark --- kein NAT fuer VPN-Traffic --- access-list ACL_cryptomap_vpn2nwb remark --- Cryptomap-Defintion fuer VPN nach KH-NWB --- access-list ACL_cryptomap_vpn2nwb remark --- Cryptomap-Defintion fuer VPN nach KH-NWB --- access-list ACL_cryptomap_vpn2nwb remark --- Cryptomap-Defintion fuer VPN nach KH-NWB --- access-list ACL_cryptomap_vpn2nwb remark --- Cryptomap-Defintion fuer VPN nach KH-NWB --- access-list ACL_cryptomap_vpn2lbo remark --- Cryptomap-Defintion fuer VPN nach LBO --- access-list ACL_cryptomap_vpn2lbo remark --- Cryptomap-Defintion fuer VPN nach LBO --- access-list ACL_cryptomap_vpn2lbo remark --- Cryptomap-Defintion fuer VPN nach LBO --- access-list ACL_cryptomap_vpn2lbo remark --- Cryptomap-Defintion fuer VPN nach LBO --- access-list ACL_dcryptomap_vpnclient remark --- Cryptomap-Defintion fuer Zugriff auf VPN-Clients --- access-list ACL_dcryptomap_vpnclient remark --- Cryptomap-Defintion fuer Zugriff auf VPN-Clients --- access-list ACL_dcryptomap_vpnclient remark --- Cryptomap-Defintion fuer Zugriff auf VPN-Clients --- access-list ACL_dcryptomap_vpnclient remark --- Cryptomap-Defintion fuer Zugriff auf VPN-Clients --- access-list ACL_inside_in extended deny ip any any access-list ACL_inside_in remark --- Policy fuer Traffic ins VPN und ins Internet --- access-list ACL_inside_in remark --- Policy fuer Traffic ins VPN und ins Internet --- access-list outside_cryptomap extended permit ip object-group ng_MTK2-NETZE object-group ng_NWB-NETZE access-list ACL_outside_in extended deny ip any any access-list global_mpc extended permit ip any any access-list MTK2-MANAGEMENT_access_in extended permit ip object nw_10.9.18.0-24_MTK2-MGMT object-group ng_NWB-NETZE access-list MTK2-CLIENTS_access_in extended permit ip object nw_10.9.16.0-24_MTK2-CLIENTS object-group ng_NWB-NETZE access-list MTK2-CLIENTS_access_in extended permit icmp object nw_10.9.16.0-24_MTK2-CLIENTS any access-list MTK2-CLIENTS_access_in extended permit tcp object nw_10.9.16.0-24_MTK2-CLIENTS object-group EXT_Mail-Server object-group ports_tcp_mail access-list MTK2-CLIENTS_access_in extended permit ip 10.9.16.0 255.255.255.0 object nw_10.9.13.0-24_MTK2-DRUCKER access-list MTK2-DRUCKER_access_in extended permit ip object nw_10.9.13.0-24_MTK2-DRUCKER object-group ng_NWB-NETZE access-list insideold_access_in extended permit ip any any access-list outside_cryptomap_2 extended permit ip object-group ng_MTK2-NETZE object-group ENC_Domain_NWB access-list MGMT-IPS_access_in extended permit ip object nw_10.9.249.0-24_MTK2-MGMT-IPS any pager lines 24 logging enable logging timestamp logging monitor informational logging buffered errors logging trap warnings logging asdm informational logging facility 23 mtu outside 1500 mtu MTK2-DRUCKER 1500 mtu MTK2-CLIENTS 1500 mtu MTK2-MANAGEMENT 1500 mtu MGMT-IPS 1500 mtu mgmt 1500 ip verify reverse-path interface outside no failover no failover wait-disable no monitor-interface service-module icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-7161-150.bin no asdm history enable arp timeout 14400 no arp permit-nonconnected arp rate-limit 16384 nat (MGMT-IPS,outside) source static h_10.9.249.11-FW-MTK2-IPS h_10.9.249.11-FW-MTK2-IPS destination static ENC_Domain_NWB ENC_Domain_NWB nat (MTK2-DRUCKER,outside) source static nw_10.9.13.0-24_MTK2-DRUCKER nw_10.9.13.0-24_MTK2-DRUCKER destination static ENC_Domain_NWB ENC_Domain_NWB nat (MTK2-CLIENTS,outside) source static nw_10.9.16.0-24_MTK2-CLIENTS nw_10.9.16.0-24_MTK2-CLIENTS destination static ENC_Domain_NWB ENC_Domain_NWB nat (MTK2-MANAGEMENT,outside) source static nw_10.9.18.0-24_MTK2-MGMT nw_10.9.18.0-24_MTK2-MGMT destination static ENC_Domain_NWB ENC_Domain_NWB ! object network obj_any nat (any,outside) dynamic interface ! nat (MTK2-CLIENTS,outside) after-auto source dynamic any interface nat (MGMT-IPS,outside) after-auto source dynamic any interface access-group ACL_outside_in in interface outside access-group MTK2-DRUCKER_access_in in interface MTK2-DRUCKER access-group MTK2-CLIENTS_access_in in interface MTK2-CLIENTS access-group MTK2-MANAGEMENT_access_in in interface MTK2-MANAGEMENT access-group MGMT-IPS_access_in in interface MGMT-IPS route outside 0.0.0.0 0.0.0.0 192.168.178.1 1 timeout xlate 3:00:00 timeout pat-xlate 0:00:30 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 timeout conn-holddown 0:00:15 timeout igp stale-route 0:01:10 user-identity default-domain LOCAL aaa authentication ssh console LOCAL aaa authentication http console LOCAL aaa authorization exec LOCAL aaa authorization http console LOCAL aaa authentication login-history http server enable 8443 http 194.45.105.11 255.255.255.255 outside http 213.157.19.114 255.255.255.255 outside http Router_DS-Ext1 255.255.255.255 outside http Router_BR-Ext 255.255.255.255 outside http NET_NWB-Ext 255.255.255.248 outside http Router_DS-Ext2 255.255.255.255 outside http 212.77.183.176 255.255.255.255 outside http 80.148.37.8 255.255.255.248 outside http 89.28.138.128 255.255.255.224 outside http 10.9.16.0 255.255.255.0 MTK2-CLIENTS http 192.168.110.0 255.255.255.0 MGMT-IPS http NET_NWB-Server 255.255.255.0 MGMT-IPS http 81.27.171.128 255.255.255.128 outside http 185.210.103.33 255.255.255.255 outside http 185.210.100.1 255.255.255.255 outside http 192.168.100.100 255.255.255.255 outside http 192.168.100.100 255.255.255.255 MGMT-IPS snmp-server location KH MTK 2UG Serverraum T05 EDV snmp-server contact Walter Balk snmp-server community ***** service sw-reset-button crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac crypto ipsec ikev1 transform-set RA-IPSEC esp-3des esp-sha-hmac crypto ipsec ikev1 transform-set LBO-IPSEC esp-3des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transport crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transport crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transport crypto ipsec ikev1 transform-set NWB-IPSEC esp-aes-256 esp-sha-hmac crypto ipsec ikev2 ipsec-proposal DES protocol esp encryption des protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal 3DES protocol esp encryption 3des protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES protocol esp encryption aes protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES192 protocol esp encryption aes-192 protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES256 protocol esp encryption aes-256 protocol esp integrity sha-1 md5 crypto ipsec security-association pmtu-aging infinite crypto dynamic-map dyn_outside_map1 90 set ikev1 transform-set RA-IPSEC crypto dynamic-map dyn_outside_map1 90 set security-association lifetime seconds 7200 crypto dynamic-map dyn_outside_map1 90 set security-association lifetime kilobytes 115200 crypto map outside_map1 1 match address outside_cryptomap_2 crypto map outside_map1 1 set pfs group5 crypto map outside_map1 1 set peer 80.148.37.11 crypto map outside_map1 1 set ikev1 transform-set NWB-IPSEC crypto map outside_map1 90 ipsec-isakmp dynamic dyn_outside_map1 crypto map outside_map1 interface outside crypto ca trustpoint _SmartCallHome_ServerCA no validation-usage crl configure crypto ca trustpool policy crypto ca certificate chain _SmartCallHome_ServerCA certificate ca 0509 308205b7 3082039f a0030201 02020205 09300d06 092a8648 86f70d01 01050500 3045310b 30090603 55040613 02424d31 19301706 0355040a 13105175 6f566164 6973204c 696d6974 6564311b 30190603 55040313 1251756f 56616469 7320526f 6f742043 41203230 1e170d30 36313132 34313832 3730305a 170d3331 31313234 31383233 33335a30 45310b30 09060355 04061302 424d3119 30170603 55040a13 1051756f 56616469 73204c69 6d697465 64311b30 19060355 04031312 51756f56 61646973 20526f6f 74204341 20323082 0222300d 06092a86 4886f70d 01010105 00038202 0f003082 020a0282 0201009a 18ca4b94 0d002daf 03298af0 0f81c8ae 4c19851d 089fab29 4485f32f 81ad321e 9046bfa3 86261a1e fe7e1c18 3a5c9c60 172a3a74 8333307d 615411cb edabe0e6 d2a27ef5 6b6f18b7 0a0b2dfd e93eef0a c6b310e9 dcc24617 f85dfda4 daff9e49 5a9ce633 e62496f7 3fba5b2b 1c7a35c2 d667feab 66508b6d 28602bef d760c3c7 93bc8d36 91f37ff8 db1113c4 9c7776c1 aeb7026a 817aa945 83e205e6 b956c194 378f4871 6322ec17 6507958a 4bdf8fc6 5a0ae5b0 e35f5e6b 11ab0cf9 85eb44e9 f80473f2 e9fe5c98 8cf573af 6bb47ecd d45c022b 4c39e1b2 95952d42 87d7d5b3 9043b76c 13f1dedd f6c4f889 3fd175f5 92c391d5 8a88d090 ecdc6dde 89c26571 968b0d03 fd9cbf5b 16ac92db eafe797c adebaff7 16cbdbcd 252be51f fb9a9fe2 51cc3a53 0c48e60e bdc9b476 0652e611 13857263 0304e004 362b2019 02e874a7 1fb6c956 66f07525 dc67c10e 616088b3 3ed1a8fc a3da1db0 d1b12354 df44766d ed41d8c1 b222b653 1cdf351d dca1772a 31e42df5 e5e5dbc8 e0ffe580 d70b63a0 ff33a10f ba2c1515 ea97b3d2 a2b5bef2 8c961e1a 8f1d6ca4 6137b986 7333d797 969e237d 82a44c81 e2a1d1ba 675f9507 a32711ee 16107bbc 454a4cb2 04d2abef d5fd0c51 ce506a08 31f991da 0c8f645c 03c33a8b 203f6e8d 673d3ad6 fe7d5b88 c95efbcc 61dc8b33 77d34432 35096204 921610d8 9e2747fb 3b21e3f8 eb1d5b02 03010001 a381b030 81ad300f 0603551d 130101ff 04053003 0101ff30 0b060355 1d0f0404 03020106 301d0603 551d0e04 1604141a 8462bc48 4c332504 d4eed0f6 03c41946 d1946b30 6e060355 1d230467 30658014 1a8462bc 484c3325 04d4eed0 f603c419 46d1946b a149a447 3045310b 30090603 55040613 02424d31 19301706 0355040a 13105175 6f566164 6973204c 696d6974 6564311b 30190603 55040313 1251756f 56616469 7320526f 6f742043 41203282 02050930 0d06092a 864886f7 0d010105 05000382 0201003e 0a164d9f 065ba8ae 715d2f05 2f67e613 4583c436 f6f3c026 0c0db547 645df8b4 72c946a5 03182755 89787d76 ea963480 1720dce7 83f88dfc 07b8da5f 4d2e67b2 84fdd944 fc775081 e67cb4c9 0d0b7253 f8760707 4147960c fbe08226 93558cfe 221f6065 7c5fe726 b3f73290 9850d437 7155f692 2178f795 79faf82d 26876656 3077a637 78335210 58ae3f61 8ef26ab1 ef187e4a 5963ca8d a256d5a7 2fbc561f cf39c1e2 fb0aa815 2c7d4d7a 63c66c97 443cd26f c34a170a f890d257 a21951a5 2d9741da 074fa950 da908d94 46e13ef0 94fd1000 38f53be8 40e1b46e 561a20cc 6f588ded 2e458fd6 e9933fe7 b12cdf3a d6228cdc 84bb226f d0f8e4c6 39e90488 3cc3baeb 557a6d80 9924f56c 01fbf897 b0945beb fdd26ff1 77680d35 6423acb8 55a103d1 4d4219dc f8755956 a3f9a849 79f8af0e b911a07c b76aed34 d0b62662 381a870c f8e8fd2e d3907f07 912a1dd6 7e5c8583 99b03808 3fe95ef9 3507e4c9 626e577f a75095f7 bac89be6 8ea201c5 d666bf79 61f33c1c e1b9825c 5da0c3e9 d848bd19 a2111419 6eb2861b 683e4837 1a88b75d 965e9cc7 ef276208 e291195c d2f121dd ba174282 97718153 31a99ff6 7d62bf72 e1a3931d cc8a265a 0938d0ce d70d8016 b478a53a 874c8d8a a5d54697 f22c10b9 bc5422c0 01506943 9ef4b2ef 6df8ecda f1e3b1ef df918f54 2a0b25c1 2619c452 100565d5 8210eac2 31cd2e quit crypto isakmp nat-traversal 120 crypto ikev2 policy 1 encryption aes-256 integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 10 encryption aes-192 integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 20 encryption aes integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 30 encryption 3des integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 40 encryption des integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev1 enable outside crypto ikev1 policy 1 authentication pre-share encryption aes-256 hash sha group 5 lifetime 86400 crypto ikev1 policy 10 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 crypto ikev1 policy 20 authentication pre-share encryption 3des hash md5 group 2 lifetime 86400 crypto ikev1 policy 30 authentication pre-share encryption 3des hash sha group 2 lifetime 28800 telnet timeout 5 ssh stricthostkeycheck ssh 194.45.105.11 255.255.255.255 outside ssh 213.157.19.114 255.255.255.255 outside ssh Router_BR-Ext 255.255.255.255 outside ssh Router_DS-Ext1 255.255.255.255 outside ssh NET_NWB-Ext 255.255.255.248 outside ssh Router_DS-Ext2 255.255.255.255 outside ssh 212.77.183.176 255.255.255.255 outside ssh 80.148.37.8 255.255.255.248 outside ssh 89.28.138.128 255.255.255.224 outside ssh 81.27.171.128 255.255.255.128 outside ssh 185.210.103.33 255.255.255.255 outside ssh 185.210.100.1 255.255.255.255 outside ssh 192.168.100.100 255.255.255.255 outside ssh NET_NWB-Server 255.255.255.0 MGMT-IPS ssh 192.168.110.0 255.255.255.0 MGMT-IPS ssh 192.168.100.100 255.255.255.255 MGMT-IPS ssh timeout 60 ssh version 2 ssh key-exchange group dh-group1-sha1 console timeout 0 management-access MGMT-IPS vpdn group Internet request dialout pppoe vpdn group Internet localname XA10192287@mdsl.mnet-online.de vpdn group Internet ppp authentication pap vpdn username XA10192287@mdsl.mnet-online.de password ***** no vpn-addr-assign aaa no vpn-addr-assign dhcp dhcpd dns Server_NWB-DC01 Server_NWB-DC02 dhcpd wins Server_NWB-DC01 Server_NWB-DC02 dhcpd lease 86400 dhcpd domain neuwittelsbach.int dhcpd auto_config outside ! dhcprelay server Server_NWB-DC01 outside dhcprelay server Server_NWB-DC02 outside dhcprelay enable MTK2-DRUCKER dhcprelay enable MTK2-CLIENTS dhcprelay timeout 60 threat-detection basic-threat threat-detection statistics port threat-detection statistics protocol threat-detection statistics access-list threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200 ntp server Server_PTB-NTP1 source outside prefer ntp server Server_PTB-NTP2 source outside ntp server Server_FAUI-NTP1 source outside group-policy DfltGrpPolicy attributes vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-client ssl-clientless password-storage enable group-policy GPO_Site2Site-NWB internal group-policy GPO_Site2Site-NWB attributes vpn-filter none vpn-tunnel-protocol ikev1 dynamic-access-policy-record DfltAccessPolicy username login4sws password $sha512$5000$GkHLOSsFucckkjESlumhzA==$+8MeXsF3XD1miQIPTkk+Hw== pbkdf2 privilege 15 username wbalk password 781m5PiEDftc.clA encrypted username wbalk attributes service-type remote-access username adm-nwb password OFCgo1DQoaON6Bc8 encrypted privilege 15 username dsdata password p5f77ymIUHC4Z5uo encrypted privilege 15 username dsservice password r16hgtL/DLnetfX. encrypted username dsservice attributes service-type remote-access tunnel-group 80.148.37.10 type ipsec-l2l tunnel-group 80.148.37.10 general-attributes default-group-policy GPO_Site2Site-NWB tunnel-group 80.148.37.10 ipsec-attributes ikev1 pre-shared-key ***** tunnel-group 80.148.37.11 type ipsec-l2l tunnel-group 80.148.37.11 general-attributes default-group-policy GPO_Site2Site-NWB tunnel-group 80.148.37.11 ipsec-attributes ikev1 pre-shared-key ***** ! class-map global-class match access-list global_mpc class-map class_sip_tcp match port tcp eq sip class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum client auto message-length maximum 512 no tcp-inspection policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect ip-options inspect http inspect icmp inspect pptp class class_sip_tcp inspect sip class global-class sfr fail-open monitor-only ! service-policy global_policy global prompt hostname context no call-home reporting anonymous call-home profile CiscoTAC-1 no active destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address email callhome@cisco.com destination transport-method http subscribe-to-alert-group diagnostic subscribe-to-alert-group environment subscribe-to-alert-group inventory periodic monthly subscribe-to-alert-group configuration periodic monthly subscribe-to-alert-group telemetry periodic daily Cryptochecksum:86c63de97f76799be7e6e6d42b57807b : end