ciscoasa# sho run : Saved : ASA Version 8.6(1)2 ! hostname ciscoasa domain-name sch4400.somerset.gov.uk enable password encrypted passwd encrypted names ! interface GigabitEthernet0/0 nameif Outside security-level 0 ip address 172.19.53.54 255.255.255.252 ! interface GigabitEthernet0/1 speed 1000 duplex full nameif Inside security-level 90 ip address 10.5.107.134 255.255.255.248 ! interface GigabitEthernet0/2 speed 1000 duplex full nameif Apple_Network security-level 40 ip address 172.20.222.254 255.255.255.0 ! interface GigabitEthernet0/3 speed 1000 duplex full nameif Wireless security-level 40 ip address 172.20.255.254 255.255.248.0 ! interface GigabitEthernet0/4 nameif PrestonSchool.co.uk security-level 90 ip address 172.20.239.254 255.255.255.128 ! interface GigabitEthernet0/5 shutdown no nameif no security-level no ip address ! interface Management0/0 nameif management security-level 100 ip address 192.168.1.105 255.255.255.0 management-only ! ftp mode passive clock timezone GMT 0 dns server-group DefaultDNS domain-name sch4455.somerset.gov.uk dns server-group Preston_School_DNS_Servers same-security-traffic permit intra-interface object network RDC4455.sch4455.somerset.gov.uk host 10.5.107.250 description Primary Domain Controller object network SDC4455.sch4455.somerset.gov.uk host 10.5.107.253 description Secondary Domain Controller object network 10.80.11.110 host 10.80.11.110 object network 10.80.11.111 host 10.80.11.111 object network 10.80.11.112 host 10.80.11.112 object network 10.80.11.113 host 10.80.11.113 object network 10.80.11.114 host 10.80.11.114 object network 10.80.11.115 host 10.80.11.115 object network Capita_VPN host 213.129.90.233 object network VLE_Server host 10.5.107.248 description Moodle Server object network SQL4455 host 10.5.107.252 description SIMS Server object network Terminal_Server host 10.5.107.245 description Terminal server for remote services object network Print_Server host 10.5.107.244 description Print Server object network NAP_Server_SDC host 10.5.107.250 description Microsoft Network Access Protection Server object network Inside_Wired_Network subnet 10.5.107.128 255.255.255.248 description ASA Inside Interface Network object network Apple subnet 172.20.222.0 255.255.255.0 description Apple NAT to Outside Interface object network RDC4455 host 10.5.107.253 description Primary DNS object network SDC4455 host 10.5.107.250 description Secondary DNS object network WLC_1 host 172.20.255.201 description Primary Wireless LAN Controller object network WLC_2 host 172.20.255.202 description Secondary Wireless LAN Controller object network WLC_to_RADIUS host 172.20.255.201 object network RDC_NAP_Server host 10.5.107.253 description RDC object network SDC_NAP_Server host 10.5.107.250 description SDC object service GC service tcp destination eq 3268 description Global Catalogue object service Kpassword service tcp destination eq 464 object network Server_VLAN range 10.5.107.195 10.5.107.240 object network Apple_Server host 172.20.222.253 object network Imaging_Network subnet 172.20.232.0 255.255.248.0 object network Imaging_VLAN_Internet subnet 172.20.232.0 255.255.248.0 description Internet Access object service RDP service tcp destination eq 3389 object network Management_Server host 10.5.107.232 object network UMS4455 host 10.5.107.228 description Domain File Server object network Apps_Server host 10.5.107.233 description Application Server object network Inside-172.20.239.128 subnet 172.20.239.128 255.255.255.128 object-group network Domain_Controllers network-object object RDC4400.sch4455.somerset.gov.uk network-object object SDC4400.sch4455.somerset.gov.uk object-group service TCP-139 tcp description DFSN, NetBIOS Session Service, NetLogon port-object eq netbios-ssn object-group service UDP-139 udp description NetLogon, NetBIOS Name Resolution port-object eq netbios-ns object-group network County_SLG_Access description Allow SLG update requests from the local SIMS server network-object object 10.80.11.110 network-object object 10.80.11.111 network-object object 10.80.11.112 network-object object 10.80.11.113 network-object object 10.80.11.114 network-object object 10.80.11.115 object-group service Capita udp description Capita VPN Circuit port-object eq 1194 object-group service Remote_Desktop tcp port-object eq 3389 object-group service Somerset_Learning_Gateway tcp description SLG Update Service port-object eq 120 port-object eq 121 port-object eq 1435 port-object eq 3829 port-object eq 90 object-group service NAP_Access udp port-object eq 1812 port-object eq 1813 port-object eq radius port-object eq radius-acct port-object eq 32768 object-group protocol TCPUDP protocol-object udp protocol-object tcp object-group network DNS_Servers network-object object RDC4455 network-object object SDC4455 object-group service Exchange tcp description Exchange Listening Port port-object eq 993 object-group service Apple_Push_Notification_service tcp description Apple Push notification service port-object eq 5223 object-group service SSL_SMTP tcp description SSL SMTP port-object eq 465 object-group service Apple_Facetime udp description Apple Facetime Port Group port-object eq 16384 port-object eq 16385 port-object eq 16386 object-group service Android_Market tcp description Android Market Place port-object eq 5228 object-group service Print_Server_Ports tcp description Print Server Ports port-object eq www port-object eq 48111 port-object eq https port-object eq 445 object-group network RADIUS_Servers network-object object RDC4455 network-object object SDC4455 object-group network WLAN_Controllers description Wireless LAN Controllers network-object object WLC_1 network-object object WLC_2 object-group network NAP_Servers1 description Allow RADIUS authentication traffic from wireless clients network-object object RDC_NAP_Server network-object object SDC_NAP_Server object-group service MirrorOpTCP tcp port-object eq 3268 port-object eq ldap object-group network Server_and_Tech_VLAN network-object object Server_VLAN object-group service VNC_Viewer tcp port-object eq 6900 port-object eq 6901 port-object eq 6902 port-object eq 6903 port-object eq 6904 port-object eq 6905 port-object eq 6906 port-object eq 6907 port-object eq 6908 port-object eq 6909 object-group service RPC_Endpoint tcp description RPC Enpoint Mapper for AD Communication port-object eq 135 object-group service LADP_UDP udp description LDAP for AD Authentication port-object eq 389 object-group service TCP-445 tcp description SMB port-object eq 445 object-group service TCP-3268 tcp description Directory, Replication, User and Computer Authentication, Group Policy, Trusts LDAP GC port-object eq 3268 object-group service TCP-3269 tcp description Directory, Replication, User and Computer Authentication, Group Policy, Trusts LDAP GC SSL port-object eq 3269 object-group service TCP-88 tcp description User and Computer Authentication, Forest Level Trusts Kerberos port-object eq 88 object-group service UDP-88 udp description User and Computer Authentication, Forest Level Trusts Kerberos port-object eq 88 object-group service TCP-464 tcp description Replication, User and Computer Authentication, Trusts Kerberos change/set password port-object eq 464 object-group service UDP-464 udp description Replication, User and Computer Authentication, Trusts Kerberos change/set password port-object eq 464 object-group service UDP-138 udp description DFS, Group Policy DFSN, NetLogon, NetBIOS Datagram Service port-object eq netbios-dgm object-group service TCP-RCP_Ephemeral tcp description PRC dynamic Port Range port-object range 49152 65535 object-group service UPD-RPC_Ephemeral udp description RPC dynamic Ports port-object range 49152 65535 object-group service DHCP udp port-object eq bootpc port-object eq bootps object-group service KMS tcp description Ms Key Management Service port-object eq 1688 access-list Outside_access_in extended permit tcp any object VLE_Server eq https access-list Outside_access_in extended permit object RDP any object Terminal_Server access-list Outside_access_in extended permit tcp object-group County_SLG_Access object SQL4455 object-group Somerset_Learning_Gateway inactive access-list Outside_access_in extended permit udp object Capita_VPN object SQL4455 object-group Capita inactive access-list Outside_access_in extended permit icmp any any inactive access-list Outside_access_in extended permit ip any any inactive access-list Outside_access_in extended permit tcp any any inactive access-list Outside_access_in extended permit udp any any inactive access-list Inside_access_in extended permit icmp any any access-list Inside_access_in extended permit ip any any access-list Inside_access_in extended permit tcp any any access-list Inside_access_in extended permit udp any any access-list global_access extended permit tcp any any access-list global_access extended permit ip any any access-list global_access extended permit udp any any access-list Apple_Network_access_in extended permit tcp 172.20.222.0 255.255.255.0 object VLE_Server eq https access-list Apple_Network_access_in extended permit udp 172.20.222.0 255.255.255.0 object-group DNS_Servers eq domain access-list Apple_Network_access_in extended permit udp 172.20.222.0 255.255.255.0 object SDC4455 eq ntp access-list Apple_Network_access_in extended deny icmp any any access-list Wireless_access_in extended permit tcp 172.20.248.0 255.255.248.0 object Management_Server object-group KMS access-list Wireless_access_in extended permit udp 172.20.248.0 255.255.248.0 object-group Domain_Controllers eq ntp access-list Wireless_access_in extended permit udp 172.20.248.0 255.255.248.0 object-group NAP_Servers1 object-group NAP_Access access-list Wireless_access_in extended permit udp 172.20.248.0 255.255.248.0 object-group Domain_Controllers object-group DHCP access-list Wireless_access_in extended permit udp 172.20.248.0 255.255.248.0 object-group Domain_Controllers eq netbios-ns access-list Wireless_access_in extended permit tcp 172.20.248.0 255.255.248.0 object-group Domain_Controllers eq 135 access-list Wireless_access_in extended permit udp 172.20.248.0 255.255.248.0 object-group Domain_Controllers object-group UDP-139 access-list Wireless_access_in extended permit tcp 172.20.248.0 255.255.248.0 object-group Domain_Controllers object-group TCP-139 access-list Wireless_access_in extended permit tcp 172.20.248.0 255.255.248.0 object-group Domain_Controllers eq ldap access-list Wireless_access_in extended permit udp 172.20.248.0 255.255.248.0 object-group Domain_Controllers object-group LADP_UDP access-list Wireless_access_in extended permit tcp 172.20.248.0 255.255.248.0 object-group Domain_Controllers eq ldaps access-list Wireless_access_in extended permit tcp 172.20.248.0 255.255.248.0 object-group Domain_Controllers eq 445 access-list Wireless_access_in extended permit tcp 172.20.248.0 255.255.248.0 object-group Domain_Controllers object-group TCP-3268 access-list Wireless_access_in extended permit tcp 172.20.248.0 255.255.248.0 object-group Domain_Controllers object-group TCP-3269 access-list Wireless_access_in extended permit tcp 172.20.248.0 255.255.248.0 object-group Domain_Controllers eq domain access-list Wireless_access_in extended permit tcp 172.20.248.0 255.255.248.0 object-group Domain_Controllers object-group TCP-88 access-list Wireless_access_in extended permit tcp 172.20.248.0 255.255.248.0 object-group Domain_Controllers object-group TCP-464 access-list Wireless_access_in extended permit udp 172.20.248.0 255.255.248.0 object-group Domain_Controllers object-group UDP-88 access-list Wireless_access_in extended permit udp 172.20.248.0 255.255.248.0 object-group Domain_Controllers object-group UDP-138 access-list Wireless_access_in extended permit tcp 172.20.248.0 255.255.248.0 object-group Domain_Controllers object-group TCP-RCP_Ephemeral access-list Wireless_access_in extended permit udp 172.20.248.0 255.255.248.0 object-group Domain_Controllers object-group UDP-464 access-list Wireless_access_in extended permit udp 172.20.248.0 255.255.248.0 object-group Domain_Controllers object-group UPD-RPC_Ephemeral access-list Wireless_access_in extended permit tcp 172.20.248.0 255.255.248.0 object Apps_Server eq 445 access-list Wireless_access_in extended permit udp 172.20.248.0 255.255.248.0 object Apps_Server eq netbios-ns access-list Wireless_access_in extended permit tcp 172.20.248.0 255.255.248.0 object UMS4455 eq 445 access-list Wireless_access_in extended permit udp 172.20.248.0 255.255.248.0 object UMS4455 eq netbios-ns access-list Wireless_access_in extended permit tcp 172.20.248.0 255.255.248.0 object VLE_Server eq https access-list Wireless_access_in extended permit tcp 172.20.248.0 255.255.248.0 object Management_Server eq 445 access-list Wireless_access_in extended permit tcp 172.20.248.0 255.255.248.0 any eq https access-list Wireless_access_in extended permit tcp 172.20.248.0 255.255.248.0 object Print_Server object-group Print_Server_Ports access-list Wireless_access_in extended permit tcp 172.20.248.0 255.255.248.0 object Print_Server eq 135 access-list Wireless_access_in extended permit udp 172.20.248.0 255.255.248.0 object Print_Server eq netbios-ns access-list Wireless_access_in extended permit udp 172.20.248.0 255.255.248.0 object-group DNS_Servers eq domain access-list Wireless_access_in extended permit tcp 172.20.248.0 255.255.248.0 any eq www access-list Wireless_access_in extended deny icmp any any access-list Wireless_access_in extended deny ip any any access-list Wireless_access_in extended deny object-group TCPUDP any any access-list global_mpc extended permit tcp 172.20.248.0 255.255.248.0 object VLE_Server eq https access-list PrestonSchool.co.uk_access_in extended permit icmp any any access-list PrestonSchool.co.uk_access_in extended permit tcp 172.20.239.128 255.255.255.128 any eq domain access-list PrestonSchool.co.uk_access_in extended permit udp 172.20.239.128 255.255.255.128 any eq domain access-list PrestonSchool.co.uk_access_in extended permit ip 172.20.239.128 255.255.255.128 any access-list PrestonSchool.co.uk_access_in extended permit tcp 172.20.239.128 255.255.255.128 any eq www access-list PrestonSchool.co.uk_access_in extended permit tcp 172.20.239.128 255.255.255.128 any eq https pager lines 24 logging enable logging asdm informational mtu Outside 1500 mtu Inside 1500 mtu Apple_Network 1500 mtu Wireless 1500 mtu PrestonSchool.co.uk 1500 mtu management 1500 no failover icmp unreachable rate-limit 1 burst-size 1 no asdm history enable arp timeout 14400 access-group Outside_access_in in interface Outside access-group Inside_access_in in interface Inside access-group Apple_Network_access_in in interface Apple_Network access-group Wireless_access_in in interface Wireless access-group PrestonSchool.co.uk_access_in in interface PrestonSchool.co.uk access-group global_access global route Outside 0.0.0.0 0.0.0.0 172.19.53.53 1 route Inside 10.5.104.0 255.255.252.0 10.5.107.131 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 dynamic-access-policy-record DfltAccessPolicy user-identity default-domain LOCAL aaa authentication ssh console LOCAL http server enable http 192.168.1.0 255.255.255.0 management no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart telnet 192.168.1.0 255.255.255.0 management telnet timeout 5 ssh 192.168.1.0 255.255.255.0 management ssh timeout 5 ssh version 2 console timeout 0 management-access management no threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept ntp server 10.5.107.250 source Inside webvpn username sysadmin password Ni2TRRb2yr8tvRiy encrypted privilege 15 ! class-map global-class match access-list global_mpc class-map Wireless-class3 match port tcp eq netbios-ssn class-map Wireless-class2 match port tcp range 49152 65535 class-map Wireless-class1 match port tcp eq 445 class-map Wireless-class7 description KMS Port match port tcp eq 1688 class-map Wireless-class6 match port tcp eq ldap class-map PrestonSchool.co.uk-class1 match port udp eq domain class-map Wireless-class5 match port udp eq 88 class-map PrestonSchool.co.uk-class2 match port tcp eq https class-map Wireless-class4 match port tcp eq 88 class-map PrestonSchool.co.uk-class3 match port tcp eq domain class-map Wireless-class8 description NTP match port udp eq ntp class-map Wireless-class match port tcp eq 135 class-map PrestonSchool.co.uk-class match port tcp eq www class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum client auto message-length maximum 512 policy-map PrestonSchool.co.uk-policy class PrestonSchool.co.uk-class set connection advanced-options tcp-state-bypass class PrestonSchool.co.uk-class1 set connection advanced-options tcp-state-bypass class PrestonSchool.co.uk-class2 set connection advanced-options tcp-state-bypass class PrestonSchool.co.uk-class3 set connection advanced-options tcp-state-bypass policy-map Wireless-policy description TCP 123 NTP class Wireless-class set connection advanced-options tcp-state-bypass class Wireless-class1 set connection advanced-options tcp-state-bypass class Wireless-class2 set connection advanced-options tcp-state-bypass class Wireless-class3 set connection advanced-options tcp-state-bypass class Wireless-class4 set connection advanced-options tcp-state-bypass class Wireless-class5 set connection advanced-options tcp-state-bypass class Wireless-class6 set connection advanced-options tcp-state-bypass class Wireless-class7 set connection advanced-options tcp-state-bypass class Wireless-class8 set connection advanced-options tcp-state-bypass policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect ip-options class global-class set connection advanced-options tcp-state-bypass ! service-policy global_policy global service-policy Wireless-policy interface Wireless service-policy PrestonSchool.co.uk-policy interface PrestonSchool.co.uk prompt hostname context no call-home reporting anonymous Cryptochecksum:6469abea03cb441ff538eb839ca620af : end