ASA Version 9.8(2) ! object network FEPA host 192.168.17.21 description FEPA object network FEPA-NAT host 192.168.251.93 description NAT for PLNT acccess by the FEP object network FEPB-NAT host 192.168.251.94 description NAT for PLNT access from FEPB object network FEPB host 192.168.17.22 description FEPB object network HERMDC1 host 192.168.14.15 description DC1 object network HERMDC2 host 192.168.14.16 description DC2 object network HMPHFEPA host 192.168.13.21 description Physical FEP server A object network HMPHFEPB host 192.168.13.22 description Physical FEP server B object network HM-EMS-SW01 host 192.168.104.201 object network HM-EMS-SW02 host 192.168.104.202 object network HERM-FW02 host 192.168.104.102 object network HERM-FW01 host 192.168.104.101 object network HM-ISP-SW01 host 192.168.104.205 object network HM-ISP-SW02 host 192.168.104.206 object network PHYS-GW host 192.168.13.1 object network AD-GW host 192.168.14.1 object network SF-EMS subnet 192.168.13.0 255.255.255.0 description SF-EMS Network object network SF-AD subnet 192.168.14.0 255.255.255.0 description SF AD Network object network SF-MGMT subnet 192.168.101.0 255.255.255.0 description SF MGMT Network object network Phys-Serv subnet 192.168.13.0 255.255.255.0 object network SF-EMS-AD-GW host 192.168.14.1 description Gateway for SF EMS AD object network SF-EMS-GW host 192.168.13.1 object network SF-EMS-MGMT-GW host 192.168.101.1 object-group network DM_INLINE_NETWORK_1 network-object object HMPHFEPA network-object object HMPHFEPB object-group network DM_INLINE_NETWORK_2 network-object object HERMDC1 network-object object HERMDC2 object-group network DM_INLINE_NETWORK_3 network-object object FEPA network-object object FEPB object-group network DM_INLINE_NETWORK_4 network-object object HERMDC1 network-object object HERMDC2 object-group network DM_INLINE_NETWORK_5 network-object object HMPHFEPA network-object object HMPHFEPB object-group network DM_INLINE_NETWORK_6 network-object object HERMDC1 network-object object HERMDC2 object-group network DM_INLINE_NETWORK_7 network-object object HMPHFEPA network-object object HMPHFEPB object-group network DM_INLINE_NETWORK_8 network-object object HERMDC1 network-object object HERMDC2 object-group network DM_INLINE_NETWORK_9 network-object object HMPHFEPA network-object object HMPHFEPB object-group network DM_INLINE_NETWORK_10 network-object 192.168.104.0 255.255.255.0 network-object 192.168.14.0 255.255.255.0 network-object 192.168.17.0 255.255.255.0 object-group network DM_INLINE_NETWORK_11 network-object object SF-AD network-object object SF-EMS network-object object SF-MGMT object-group network DM_INLINE_NETWORK_12 network-object 192.168.104.0 255.255.255.0 network-object 192.168.14.0 255.255.255.0 network-object 192.168.17.0 255.255.255.0 object-group network DM_INLINE_NETWORK_13 network-object object SF-AD network-object object SF-EMS network-object object SF-MGMT object-group network DM_INLINE_NETWORK_16 network-object 192.168.104.0 255.255.255.0 network-object 192.168.14.0 255.255.255.0 network-object 10.4.17.0 255.255.255.0 object-group network DM_INLINE_NETWORK_17 network-object object SF-AD network-object object SF-EMS network-object object SF-MGMT object-group protocol DM_INLINE_PROTOCOL_1 protocol-object udp protocol-object tcp object-group protocol DM_INLINE_PROTOCOL_2 protocol-object udp protocol-object tcp object-group protocol TCPUDP protocol-object udp protocol-object tcp object-group network DM_INLINE_NETWORK_14 network-object 192.168.14.0 255.255.255.0 network-object object SF-AD object-group network DM_INLINE_NETWORK_15 network-object 192.168.14.0 255.255.255.0 network-object object SF-AD object-group network DM_INLINE_NETWORK_18 network-object 192.168.14.0 255.255.255.0 network-object object SF-AD object-group network DM_INLINE_NETWORK_19 network-object 192.168.14.0 255.255.255.0 network-object object SF-AD object-group network DM_INLINE_NETWORK_20 network-object 192.168.17.0 255.255.255.0 network-object object SF-EMS network-object object SF-AD object-group network DM_INLINE_NETWORK_21 network-object 192.168.17.0 255.255.255.0 network-object object SF-EMS network-object object SF-AD object-group network DM_INLINE_NETWORK_22 network-object 192.168.17.0 255.255.255.0 network-object object SF-EMS network-object object SF-AD object-group network DM_INLINE_NETWORK_23 network-object 192.168.17.0 255.255.255.0 network-object object SF-EMS network-object object SF-AD access-list PLNT_access_in_1 remark Allows communication from FEPA to the Hermiston PLNT network access-list PLNT_access_in_1 extended permit ip object FEPA 192.168.251.64 255.255.255.224 access-list PLNT_access_in_1 remark Allows communication from FEPB to the Hermiston PLNT network access-list PLNT_access_in_1 extended permit ip object FEPB 192.168.251.64 255.255.255.224 access-list PHYS_access_out extended permit ip object-group DM_INLINE_NETWORK_5 192.168.14.0 255.255.255.0 access-list PHYS_access_out extended permit ip any any access-list HERM-AD-SVR_access_in extended permit ip object-group DM_INLINE_NETWORK_1 object-group DM_INLINE_NETWORK_2 access-list HERM-AD-SVR_access_in extended permit ip object-group DM_INLINE_NETWORK_3 object-group DM_INLINE_NETWORK_4 access-list HERM-AD-SVR_access_out extended permit ip object-group DM_INLINE_NETWORK_6 object-group DM_INLINE_NETWORK_7 access-list PHYS_access_in extended permit ip object-group DM_INLINE_NETWORK_8 object-group DM_INLINE_NETWORK_9 access-list PHYS_access_in extended permit ip any any access-list AD_access_out extended permit ip 192.168.14.0 255.255.255.0 192.168.13.0 255.255.255.0 access-list AD_access_out extended permit ip any any access-list AD_access_in extended permit ip any any access-list HERM-PHYS_access_out extended permit ip any any access-list HERM-PHYS_access_in extended permit ip any any access-list ISP01_cryptomap extended permit ip object-group DM_INLINE_NETWORK_10 object-group DM_INLINE_NETWORK_11 access-list ISP01_cryptomap_1 extended permit ip object-group DM_INLINE_NETWORK_12 object-group DM_INLINE_NETWORK_13 access-list ISP01_cryptomap_4 extended permit ip object-group DM_INLINE_NETWORK_16 object-group DM_INLINE_NETWORK_17 access-list HM-AD_access_out extended permit ip object-group DM_INLINE_NETWORK_18 object-group DM_INLINE_NETWORK_19 access-list HM-AD_access_in extended permit ip object-group DM_INLINE_NETWORK_14 object-group DM_INLINE_NETWORK_15 access-list HM-FEP_access_out extended permit ip object-group DM_INLINE_NETWORK_20 object-group DM_INLINE_NETWORK_21 access-list HM-FEP_access_in extended permit ip object-group DM_INLINE_NETWORK_22 object-group DM_INLINE_NETWORK_23 pager lines 24 nat (any,ISP01) source dynamic any interface inactive access-group HM-AD_access_in in interface HM-AD access-group HM-AD_access_out out interface HM-AD access-group HM-FEP_access_in in interface HM-FEP access-group HM-FEP_access_out out interface HM-FEP ipv6 dhcprelay timeout 60 route ISP01 0.0.0.0 0.0.0.0 172.30.100.117 1 fragment size 200 ISP01 fragment chain 24 ISP01 fragment timeout 5 ISP01 no fragment reassembly full ISP01 fragment size 200 ISP02 fragment chain 24 ISP02 fragment timeout 5 ISP02 no fragment reassembly full ISP02 fragment size 200 management fragment chain 24 management fragment timeout 5 management no fragment reassembly full management fragment size 200 HERM-REDUNDANT fragment chain 24 HERM-REDUNDANT fragment timeout 5 HERM-REDUNDANT no fragment reassembly full HERM-REDUNDANT fragment size 200 HM-PHYS fragment chain 24 HM-PHYS fragment timeout 5 HM-PHYS no fragment reassembly full HM-PHYS fragment size 200 HM-AD fragment chain 24 HM-AD fragment timeout 5 HM-AD no fragment reassembly full HM-AD fragment size 200 HM-DMZ fragment chain 24 HM-DMZ fragment timeout 5 HM-DMZ no fragment reassembly full HM-DMZ fragment size 200 HM-PLNT fragment chain 24 HM-PLNT fragment timeout 5 HM-PLNT no fragment reassembly full HM-PLNT fragment size 200 HM-FEP fragment chain 24 HM-FEP fragment timeout 5 HM-FEP no fragment reassembly full HM-FEP fragment size 200 HM-MGMT fragment chain 24 HM-MGMT fragment timeout 5 HM-MGMT no fragment reassembly full HM-MGMT no sysopt traffic detailed-statistics no sysopt connection timewait sysopt connection tcpmss 1380 sysopt connection tcpmss minimum 0 sysopt connection permit-vpn sysopt connection reclassify-vpn no sysopt connection preserve-vpn-flows no sysopt radius ignore-secret no sysopt noproxyarp ISP01 no sysopt noproxyarp ISP02 no sysopt noproxyarp management no sysopt noproxyarp HERM-REDUNDANT no sysopt noproxyarp HM-PHYS no sysopt noproxyarp HM-AD no sysopt noproxyarp HM-DMZ no sysopt noproxyarp HM-PLNT no sysopt noproxyarp HM-FEP no sysopt noproxyarp HM-MGMT service password-recovery crypto ipsec ikev2 ipsec-proposal AES256 protocol esp encryption aes-256 protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES192 protocol esp encryption aes-192 protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES protocol esp encryption aes protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal 3DES protocol esp encryption 3des protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal DES protocol esp encryption des protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal HM-SF protocol esp encryption aes-256 protocol esp integrity sha-512 no crypto ipsec ikev2 sa-strength-enforcement crypto ipsec profile HM-SF set ikev2 ipsec-proposal HM-SF set pfs group20 set security-association lifetime kilobytes unlimited set security-association lifetime seconds 288000 crypto ipsec security-association lifetime seconds 28800 crypto ipsec security-association lifetime kilobytes unlimited crypto ipsec security-association replay disable crypto ipsec security-association replay window-size 64 crypto ipsec security-association pmtu-aging infinite crypto ipsec fragmentation before-encryption ISP01 crypto ipsec fragmentation before-encryption ISP02 crypto ipsec fragmentation before-encryption management crypto ipsec fragmentation before-encryption HERM-REDUNDANT crypto ipsec fragmentation before-encryption HM-PHYS crypto ipsec fragmentation before-encryption HM-AD crypto ipsec fragmentation before-encryption HM-DMZ crypto ipsec fragmentation before-encryption HM-PLNT crypto ipsec fragmentation before-encryption HM-FEP crypto ipsec fragmentation before-encryption HM-MGMT crypto ipsec df-bit copy-df ISP01 crypto ipsec df-bit copy-df ISP02 crypto ipsec df-bit copy-df management crypto ipsec df-bit copy-df HERM-REDUNDANT crypto ipsec df-bit copy-df HM-PHYS crypto ipsec df-bit copy-df HM-AD crypto ipsec df-bit copy-df HM-DMZ crypto ipsec df-bit copy-df HM-PLNT crypto ipsec df-bit copy-df HM-FEP crypto ipsec df-bit copy-df HM-MGMT crypto ipsec inner-routing-lookup crypto map ISP01_map 1 match address ISP01_cryptomap crypto map ISP01_map 1 set connection-type bi-directional crypto map ISP01_map 1 set peer 172.30.100.100 crypto map ISP01_map 1 set ikev1 phase1-mode main crypto map ISP01_map 1 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 crypto map ISP01_map 1 set ikev2 mode tunnel crypto map ISP01_map 1 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES no crypto map ISP01_map 1 set tfc-packets crypto map ISP01_map0 1 match address ISP01_cryptomap_1 crypto map ISP01_map0 1 set connection-type bi-directional crypto map ISP01_map0 1 set peer 172.30.100.100 crypto map ISP01_map0 1 set ikev1 phase1-mode main crypto map ISP01_map0 1 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 crypto map ISP01_map0 1 set ikev2 mode tunnel crypto map ISP01_map0 1 set ikev2 ipsec-proposal DES 3DES AES AES192 AES256 no crypto map ISP01_map0 1 set tfc-packets crypto map ISP01_map1 3 match address ISP01_cryptomap_4 crypto map ISP01_map1 3 set pfs group20 crypto map ISP01_map1 3 set connection-type bi-directional crypto map ISP01_map1 3 set peer 192.168.40.1 crypto map ISP01_map1 3 set ikev1 phase1-mode main crypto map ISP01_map1 3 set ikev2 mode tunnel crypto map ISP01_map1 3 set ikev2 ipsec-proposal HM-SF crypto map ISP01_map1 3 set security-association lifetime kilobytes unlimited no crypto map ISP01_map1 3 set tfc-packets crypto map ISP01_map1 interface ISP01 crypto ca trustpool policy revocation-check none crl cache-time 60 crl enforcenextupdate crypto ca alerts expiration begin 60 repeat 7 crypto isakmp identity auto crypto isakmp nat-traversal 10 crypto ikev2 policy 1 encryption aes-256 integrity sha512 group 20 prf sha512 lifetime seconds 28800 crypto ikev2 policy 10 encryption aes-192 integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 20 encryption aes integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 30 encryption 3des integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 40 encryption des integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 enable ISP01 crypto ikev2 enable ISP02 crypto ikev2 cookie-challenge 50 no crypto ikev2 fragmentation crypto ikev2 limit max-in-negotiation-sa 100 no crypto ikev2 limit max-sa no crypto ikev2 notify invalid-selectors crypto ikev2 redirect during-auth crypto ikev1 enable ISP02 crypto ikev1 limit max-in-negotiation-sa 20 crypto ikev1 policy 10 authentication pre-share encryption aes-256 hash sha group 2 lifetime 86400 crypto ikev1 policy 20 authentication rsa-sig encryption aes-256 hash sha group 2 lifetime 86400 crypto ikev1 policy 40 authentication pre-share encryption aes-192 hash sha group 2 lifetime 86400 crypto ikev1 policy 50 authentication rsa-sig encryption aes-192 hash sha group 2 lifetime 86400 crypto ikev1 policy 70 authentication pre-share encryption aes hash sha group 2 lifetime 86400 crypto ikev1 policy 80 authentication rsa-sig encryption aes hash sha group 2 lifetime 86400 crypto ikev1 policy 100 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 crypto ikev1 policy 110 authentication rsa-sig encryption 3des hash sha group 2 lifetime 86400 crypto ikev1 policy 130 authentication pre-share encryption des hash sha group 2 lifetime 86400 crypto ikev1 policy 140 authentication rsa-sig encryption des hash sha group 2 lifetime 86400 telnet timeout 5 ssh stricthostkeycheck ssh timeout 5 ssh key-exchange group dh-group1-sha1 console timeout 0 management-access HM-MGMT vpn-addr-assign aaa vpn-addr-assign dhcp vpn-addr-assign local reuse-delay 0 ipv6-vpn-addr-assign aaa ipv6-vpn-addr-assign local reuse-delay 0 no vpn-sessiondb max-other-vpn-limit no vpn-sessiondb max-anyconnect-premium-or-essentials-limit no remote-access threshold l2tp tunnel hello 60 ! tls-proxy maximum-session 300 ! ssl server-version tlsv1 ssl client-version tlsv1 ssl cipher default low ssl cipher tlsv1 low ssl cipher tlsv1.1 low ssl cipher tlsv1.2 low ssl cipher dtlsv1 low ssl dh-group group2 ssl ecdh-group group19 ssl certificate-authentication fca-timeout 2 webvpn memory-size percent 50 port 443 dtls port 443 character-encoding none no http-proxy no https-proxy default-idle-timeout 1800 no hsts enable portal-access-rule none no hostscan enable no anyconnect enable no tunnel-group-list enable no http-only-cookie no tunnel-group-preference group-url rewrite order 65535 enable resource-mask * no internal-password no onscreen-keyboard no default-language no smart-tunnel notification-icon no keepout cache disable max-object-size 1000 min-object-size 0 no cache-static-content enable lmfactor 20 expiry-time 1 no auto-signon error-recovery disable no ssl-server-check no mus password mus host mus.cisco.com no hostscan data-limit : # show import webvpn customization : Template : DfltCustomization : # show import webvpn url-list : Template : # show import webvpn translation-table : Translation Tables' Templates: : PortForwarder : banners : customization : url-list : webvpn : Translation Tables: : fr PortForwarder : fr customization : fr webvpn : ja PortForwarder : ja customization : ja webvpn : ru PortForwarder : ru customization : ru webvpn : # show import webvpn mst-translation : No MS translation tables defined : # show import webvpn webcontent : No custom webcontent is loaded : # show import webvpn AnyConnect-customization : No OEM resources defined : # show import webvpn plug-in : mdm-proxy port enrollment 443 no port checkin no trustpoint no accounting-server-group no authentication-server-group no password-management session-timeout enrollment 300 checkin 300 session-limit 1000 group-policy DfltGrpPolicy internal group-policy DfltGrpPolicy attributes banner none wins-server none dns-server none dhcp-network-scope none vpn-access-hours none vpn-simultaneous-logins 3 vpn-idle-timeout 30 vpn-idle-timeout alert-interval 1 vpn-session-timeout none vpn-session-timeout alert-interval 1 vpn-filter none ipv6-vpn-filter none vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec ssl-clientless password-storage disable ip-comp disable re-xauth disable group-lock none pfs disable ipsec-udp disable ipsec-udp-port 10000 split-tunnel-policy tunnelall ipv6-split-tunnel-policy tunnelall split-tunnel-network-list none default-domain none split-dns none split-tunnel-all-dns disable intercept-dhcp 255.255.255.255 disable secure-unit-authentication disable user-authentication disable user-authentication-idle-timeout 30 ip-phone-bypass disable client-bypass-protocol disable gateway-fqdn none leap-bypass disable nem disable backup-servers keep-client-config msie-proxy server none msie-proxy method no-modify msie-proxy except-list none msie-proxy local-bypass disable msie-proxy pac-url none msie-proxy lockdown enable vlan none address-pools none ipv6-address-pools none smartcard-removal-disconnect enable scep-forwarding-url none security-group-tag none periodic-authentication certificate none client-firewall none client-access-rule none webvpn url-list none filter none homepage none html-content-filter none port-forward name Application Access port-forward disable http-proxy disable anyconnect ssl dtls enable anyconnect mtu 1406 anyconnect firewall-rule client-interface private none anyconnect firewall-rule client-interface public none anyconnect keep-installer installed anyconnect ssl keepalive 20 anyconnect ssl rekey time none anyconnect ssl rekey method none anyconnect dpd-interval client 30 anyconnect dpd-interval gateway 30 anyconnect ssl compression none anyconnect dtls compression none anyconnect modules none anyconnect profiles none anyconnect ask none customization none keep-alive-ignore 4 http-comp gzip download-max-size 2147483647 upload-max-size 2147483647 post-max-size 2147483647 user-storage none storage-objects value cookies,credentials storage-key none hidden-shares none smart-tunnel disable activex-relay enable unix-auth-uid 65534 unix-auth-gid 65534 file-entry enable file-browsing enable url-entry enable deny-message value Login was successful, but because certain criteria have not been met or due to some specific group policy, you do not have permission to use any of the VPN features. Contact your IT administrator for more information smart-tunnel auto-signon disable anyconnect ssl df-bit-ignore disable anyconnect routing-filtering-ignore disable smart-tunnel tunnel-policy tunnelall always-on-vpn profile-setting group-policy GroupPolicy_192.168.40.1 internal group-policy GroupPolicy_192.168.40.1 attributes vpn-idle-timeout none vpn-session-timeout none vpn-tunnel-protocol ikev2 periodic-authentication certificate none dynamic-access-policy-record DfltAccessPolicy action continue password-policy minimum-length 3 password-policy minimum-changes 0 password-policy minimum-lowercase 0 password-policy minimum-uppercase 0 password-policy minimum-numeric 0 password-policy minimum-special 0 password-policy lifetime 0 no password-policy authenticate-enable no password-policy username-check no password-policy reuse-interval quota management-session 0 tunnel-group DefaultL2LGroup type ipsec-l2l tunnel-group DefaultL2LGroup general-attributes default-group-policy DfltGrpPolicy tunnel-group DefaultL2LGroup ipsec-attributes no ikev1 pre-shared-key peer-id-validate req no chain no ikev1 trust-point isakmp keepalive threshold 10 retry 2 no ikev2 remote-authentication no ikev2 local-authentication tunnel-group DefaultRAGroup type remote-access tunnel-group DefaultRAGroup general-attributes no address-pool no ipv6-address-pool authentication-server-group LOCAL secondary-authentication-server-group none no accounting-server-group default-group-policy DfltGrpPolicy no dhcp-server no strip-realm no nat-assigned-to-public-ip no scep-enrollment enable no password-management no strip-group no authorization-required username-from-certificate CN OU secondary-username-from-certificate CN OU authentication-attr-from-server primary authenticated-session-username primary tunnel-group DefaultRAGroup webvpn-attributes customization DfltCustomization authentication aaa no override-svc-download no radius-reject-message no proxy-auth sdi no pre-fill-username client no pre-fill-username clientless no secondary-pre-fill-username client no secondary-pre-fill-username clientless dns-group DefaultDNS no without-csd tunnel-group DefaultRAGroup ipsec-attributes no ikev1 pre-shared-key peer-id-validate req no chain no ikev1 trust-point no ikev1 radius-sdi-xauth isakmp keepalive threshold 300 retry 2 ikev1 user-authentication xauth no ikev2 remote-authentication no ikev2 local-authentication tunnel-group DefaultRAGroup ppp-attributes no authentication pap authentication chap authentication ms-chap-v1 no authentication ms-chap-v2 no authentication eap-proxy tunnel-group DefaultWEBVPNGroup type remote-access tunnel-group DefaultWEBVPNGroup general-attributes no address-pool no ipv6-address-pool authentication-server-group LOCAL secondary-authentication-server-group none no accounting-server-group default-group-policy DfltGrpPolicy no dhcp-server no strip-realm no nat-assigned-to-public-ip no scep-enrollment enable no password-management no strip-group no authorization-required username-from-certificate CN OU secondary-username-from-certificate CN OU authentication-attr-from-server primary authenticated-session-username primary tunnel-group DefaultWEBVPNGroup webvpn-attributes customization DfltCustomization authentication aaa no override-svc-download no radius-reject-message no proxy-auth sdi no pre-fill-username client no pre-fill-username clientless no secondary-pre-fill-username client no secondary-pre-fill-username clientless dns-group DefaultDNS no without-csd tunnel-group DefaultWEBVPNGroup ipsec-attributes no ikev1 pre-shared-key peer-id-validate req no chain no ikev1 trust-point no ikev1 radius-sdi-xauth isakmp keepalive threshold 300 retry 2 ikev1 user-authentication xauth no ikev2 remote-authentication no ikev2 local-authentication tunnel-group DefaultWEBVPNGroup ppp-attributes no authentication pap authentication chap authentication ms-chap-v1 no authentication ms-chap-v2 no authentication eap-proxy tunnel-group 192.168.40.1 type ipsec-l2l tunnel-group 192.168.40.1 general-attributes default-group-policy GroupPolicy_192.168.40.1 tunnel-group 192.168.40.1 ipsec-attributes ikev1 pre-shared-key ***** peer-id-validate req no chain no ikev1 trust-point isakmp keepalive threshold 10 retry 2 ikev2 remote-authentication pre-shared-key ***** ikev2 local-authentication pre-shared-key ***** ! class-map type inspect http match-all _default_gator match request header user-agent regex _default_gator class-map type inspect http match-all _default_msn-messenger match response header content-type regex _default_msn-messenger class-map type inspect http match-all _default_yahoo-messenger match request body regex _default_yahoo-messenger class-map type inspect http match-all _default_windows-media-player-tunnel match request header user-agent regex _default_windows-media-player-tunnel class-map type inspect http match-all _default_gnu-http-tunnel match request args regex _default_gnu-http-tunnel_arg match request uri regex _default_gnu-http-tunnel_uri class-map type inspect http match-all _default_firethru-tunnel match request header host regex _default_firethru-tunnel_1 match request uri regex _default_firethru-tunnel_2 class-map type inspect http match-all _default_aim-messenger match request header host regex _default_aim-messenger class-map type inspect http match-all _default_http-tunnel match request uri regex _default_http-tunnel class-map type inspect http match-all _default_kazaa match response header regex _default_x-kazaa-network count gt 0 class-map type inspect http match-all _default_shoutcast-tunneling-protocol match request header regex _default_icy-metadata regex _default_shoutcast-tunneling-protocol class-map class-default match any class-map inspection_default match default-inspection-traffic class-map type inspect http match-all _default_GoToMyPC-tunnel match request args regex _default_GoToMyPC-tunnel match request uri regex _default_GoToMyPC-tunnel_2 class-map type inspect http match-all _default_httport-tunnel match request header host regex _default_httport-tunnel ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum client auto message-length maximum 512 no message-length maximum server dns-guard protocol-enforcement nat-rewrite no tcp-inspection no id-randomization no id-mismatch no tsig enforced policy-map type inspect m3ua _default_m3ua_map description Default M3UA policymap parameters no message-tag-validation error no message-tag-validation notify no message-tag-validation dupu ss7 variant ITU timeout endpoint 0:30:00 timeout session 0:01:00 policy-map type inspect rtsp _default_rtsp_map description Default RTSP policymap parameters policy-map type inspect diameter _default_diameter_map description Default DIAMETER policymap parameters no unsupported application-id action log no unsupported command-code action log no unsupported avp action log policy-map type inspect ipv6 _default_ipv6_map description Default IPV6 policy-map parameters verify-header type verify-header order match header routing-type range 2 255 drop log policy-map type inspect h323 _default_h323_map description Default H.323 policymap parameters no rtp-conformance policy-map type inspect esmtp _default_esmtp_map description Default ESMTP policy-map parameters mask-banner no mail-relay no special-character allow-tls match cmd line length gt 512 drop-connection log match cmd RCPT count gt 100 drop-connection log match body line length gt 998 log match header line length gt 998 drop-connection log match sender-address length gt 320 drop-connection log match MIME filename length gt 255 drop-connection log match ehlo-reply-parameter others mask policy-map type inspect ip-options _default_ip_options_map description Default IP-OPTIONS policy-map parameters router-alert action allow policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 _default_h323_map inspect h323 ras _default_h323_map inspect rsh inspect rtsp inspect esmtp _default_esmtp_map inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect ip-options _default_ip_options_map inspect icmp class class-default policy-map type inspect sctp _default_sctp_map description Default SCTP policymap parameters policy-map type inspect sip _default_sip_map description Default SIP policymap parameters im no ip-address-privacy traffic-non-sip no rtp-conformance policy-map type inspect dns _default_dns_map description Default DNS policy-map parameters no message-length maximum client no message-length maximum no message-length maximum server dns-guard protocol-enforcement nat-rewrite no tcp-inspection no id-randomization no id-mismatch no tsig enforced policy-map type inspect ipsec-pass-thru _default_ipsec_passthru_map description Default IPSEC-PASS-THRU policy-map parameters esp per-client-max 0 timeout 0:10:00