ASA Version 9.1(5)19 ! hostname ciscoasa domain-name enable password 8Ry2YjIyt7RRXU24 encrypted names ip local pool pool 192.168.5.1-192.168.5.254 mask 255.255.255.0 ! interface Ethernet0/0 nameif outside security-level 0 ip address dhcp setroute ! interface Ethernet0/1 nameif Inside security-level 100 ip address 192.168.3.1 255.255.255.0 ! interface Ethernet0/2 shutdown no nameif no security-level no ip address ! interface Ethernet0/3 shutdown no nameif no security-level no ip address ! interface Management0/0 management-only nameif management security-level 100 ip address 192.168.1.1 255.255.255.0 ! ftp mode passive clock timezone EST -5 clock summer-time EDT recurring dns domain-lookup Inside dns server-group DefaultDNS name-server 208.67.222.222 name-server 208.67.220.220 domain-name ddns.net same-security-traffic permit inter-interface same-security-traffic permit intra-interface object network obj-0.0.0.0 subnet 0.0.0.0 0.0.0.0 object network pool subnet 192.168.5.0 255.255.255.0 object network internal subnet 192.168.3.0 255.255.255.0 object network obj-192.168.3.50-udp object network Plex-server host 192.168.3.50 object network plex object service plexs object network minecraft-server-tcp host 192.168.3.159 object network minecraft-server-udp host 192.168.3.159 object network Truenas-plex host 192.168.3.159 object network truenas-nginx-http host 192.168.3.159 object network truenas-nginx-https host 192.168.3.159 object network 192.168.3.0 subnet 192.168.3.0 255.255.255.0 object network minecraft host 192.168.3.159 object-group protocol TCPUDP protocol-object udp protocol-object tcp object-group service 8000-8010 tcp port-object range 8000 8010 object-group service minecraft-port tcp-udp port-object eq 25565 object-group service minecraft-port-tcp tcp port-object eq 25565 object-group service minecraft-port-udp udp port-object eq 25565 object-group service 8000-8010udp udp port-object range 8000 8010 object-group service 3478udp udp port-object eq 3478 access-list inside_access_in extended permit ip 192.168.3.0 255.255.255.0 any access-list split standard permit 192.168.3.0 255.255.255.0 access-list plexport extended permit tcp any4 object minecraft-server-tcp eq 25565 access-list plexport extended permit tcp any object Plex-server eq 3240 access-list plexport extended permit tcp any object minecraft-server-tcp eq 25565 access-list plexport extended permit udp any object minecraft-server-udp eq 25565 access-list plexport extended permit tcp any object Truenas-plex eq 32400 access-list plexport extended permit tcp any object truenas-nginx-http eq 10583 access-list plexport extended permit tcp any object truenas-nginx-https eq 10584 pager lines 24 logging enable logging asdm informational mtu outside 1500 mtu Inside 1500 mtu management 1500 no failover icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-731.bin no asdm history enable arp timeout 14400 no arp permit-nonconnected nat (Inside,outside) source static internal internal destination static pool pool no-proxy-arp route-lookup nat (Inside,outside) source static pool pool destination static internal internal no-proxy-arp route-lookup ! object network obj-0.0.0.0 nat (Inside,outside) dynamic interface object network Truenas-plex nat (Inside,outside) static interface service tcp 32400 32400 object network minecraft nat (Inside,outside) static interface service tcp 25565 25565 access-group plexport in interface outside timeout xlate 3:00:00 timeout pat-xlate 0:00:30 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 dynamic-access-policy-record DfltAccessPolicy user-identity default-domain LOCAL aaa authentication http console LOCAL http server enable http 192.168.1.0 255.255.255.0 management no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart crypto ipsec security-association pmtu-aging infinite crypto ca trustpoint ASDM_TrustPoint0 enrollment self subject-name CN=ciscoasa keypair mykeypair crl configure crypto ca trustpool policy crypto ca certificate chain ASDM_TrustPoint0 certificate 482bcb62 quit crypto ikev2 remote-access trustpoint ASDM_TrustPoint0 telnet timeout 5 no ssh stricthostkeycheck ssh timeout 5 ssh key-exchange group dh-group1-sha1 console timeout 0 management-access Inside dhcp-client client-id interface outside dhcpd dns 208.67.222.222 208.67.220.220 dhcpd auto_config outside ! dhcpd address 192.168.3.2-192.168.3.254 Inside dhcpd dns 208.67.222.222 208.67.220.220 interface Inside dhcpd domain ddns.net interface Inside dhcpd auto_config outside interface Inside dhcpd enable Inside ! dhcpd address 192.168.1.2-192.168.1.254 management dhcpd enable management ! threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept ntp authentication-key 1 md5 ***** ntp authenticate ntp trusted-key 1 ntp server 129.6.15.28 key 1 source outside prefer tftp-server Inside 192.168.3.51 C:\TFTP-Root\asdm-731.bin ssl trust-point ASDM_TrustPoint0 Inside ssl trust-point ASDM_TrustPoint0 outside webvpn enable outside anyconnect-essentials anyconnect image disk0:/anyconnect-win-3.1.05187-k9.pkg 1 anyconnect enable tunnel-group-list enable group-policy anyconnect internal group-policy anyconnect attributes wins-server none dns-server value 208.67.222.222 208.67.220.220 vpn-tunnel-protocol ssl-client split-tunnel-policy tunnelspecified split-tunnel-network-list value split default-domain value ddns.net address-pools value pool username encrypted privilege 15 username attributes vpn-group-policy anyconnect group-lock value anyconnect username encrypted username encrypted tunnel-group anyconnect type remote-access tunnel-group anyconnect general-attributes address-pool pool default-group-policy anyconnect tunnel-group anyconnect webvpn-attributes group-alias anyconnect enable ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum client auto message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect ip-options inspect icmp inspect icmp error ! service-policy global_policy global prompt hostname context no call-home reporting anonymous Cryptochecksum: : end