: Saved : ASA Version 8.2(2) ! hostname -asa domain-name .com enable password passwd names ! interface Vlan1 nameif inside security-level 100 ip address 192.168.100.1 255.255.255.0 ! interface Vlan2 mac-address 000e.0c63.89ab nameif outside security-level 0 ip address XXX.XXX.183.202 255.255.255.248 ! interface Ethernet0/0 switchport access vlan 2 ! interface Ethernet0/1 ! interface Ethernet0/2 ! interface Ethernet0/3 ! interface Ethernet0/4 ! interface Ethernet0/5 ! interface Ethernet0/6 ! interface Ethernet0/7 ! boot system disk0:/asa822-k8.bin boot system disk0:/asa723-k8.bin ftp mode passive clock timezone CST -6 clock summer-time CDT recurring dns domain-lookup outside dns server-group DefaultDNS name-server 65.32.1.65 name-server 65.32.1.70 domain-name xxxx.com same-security-traffic permit intra-interface access-list acl_in extended permit tcp any host XXX.XXX.183.202 eq www access-list acl_in extended permit udp any host XXX.XXX.183.202 eq 4500 access-list acl_in extended permit udp any host XXX.XXX.183.202 eq isakmp access-list acl_in extended permit tcp any host XXX.XXX.183.202 eq ftp access-list acl_in extended permit tcp any host XXX.XXX.183.202 eq ssh access-list acl_in extended permit udp any eq 4500 host XXX.XXX.183.203 eq 4500 access-list acl_in extended permit udp any host XXX.XXX.183.203 eq isakmp access-list acl_in extended permit tcp any host XXX.XXX.183.203 eq 18772 access-list acl_in extended permit tcp any host XXX.XXX.183.204 eq 3389 access-list acl_in extended permit tcp any host XXX.XXX.183.202 eq 28001 access-list acl_in extended permit tcp any host XXX.XXX.183.204 eq 28001 access-list acl_in extended permit tcp any host XXX.XXX.183.205 eq 3389 access-list acl_in extended permit tcp any host XXX.XXX.183.206 eq 3389 access-list 100 extended permit ip 192.168.100.0 255.255.255.0 192.168.10.0 255.255.255.0 access-list acl_out extended permit ip any any access-list outside_1_cryptomap extended permit ip 192.168.100.0 255.255.255.0 192.168.10.0 255.255.255.0 access-list Bessermer extended permit ip 192.168.100.0 255.255.255.0 192.168.10.0 255.255.255.0 access-list Bessermer extended permit ip 192.168.100.0 255.255.255.0 10.255.255.0 255.255.255.0 access-list nonat extended permit ip 192.168.100.0 255.255.255.0 192.168.10.0 255.255.255.0 access-list nonat extended permit ip 192.168.10.0 255.255.255.0 10.255.254.0 255.255.255.0 access-list nonat extended permit ip 192.168.100.0 255.255.255.0 10.255.254.0 255.255.255.0 access-list nonat extended permit ip 10.255.254.0 255.255.255.0 192.168.100.0 255.255.255.0 access-list nonat extended permit ip 10.255.254.0 255.255.255.0 192.168.10.0 255.255.255.0 access-list split extended permit ip 192.168.100.0 255.255.255.0 10.255.254.0 255.255.255.0 access-list split extended permit ip 192.168.10.0 255.255.255.0 10.255.254.0 255.255.255.0 access-list acl-in extended permit tcp any host XXX.XXX.183.205 eq 3389 ! tcp-map // ! pager lines 24 logging enable logging list ISGA level informational class ip logging asdm informational logging mail ISGA logging from-address ASA-AY@xxxx.com logging recipient-address ASA-Errors@xxxx.com level errors logging recipient-address mskipper@xxxx.com level critical logging class ip mail notifications mtu inside 1500 mtu outside 1500 ip local pool RAS 10.255.254.1-10.255.254.50 mask 255.255.255.0 icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-523.bin no asdm history enable arp timeout 14400 nat-control global (outside) 1 interface nat (inside) 0 access-list nonat nat (inside) 1 0.0.0.0 0.0.0.0 static (inside,outside) tcp XXX.XXX.183.204 3389 192.168.100.3 3389 netmask 255.255.255.255 static (inside,outside) tcp XXX.XXX.183.204 28001 192.168.100.3 28001 netmask 255.255.255.255 static (inside,outside) XXX.XXX.183.203 192.168.100.50 netmask 255.255.255.255 static (inside,outside) XXX.XXX.183.205 192.168.100.4 netmask 255.255.255.255 static (inside,outside) XXX.XXX.183.206 192.168.100.5 netmask 255.255.255.255 access-group acl_in in interface outside route outside 0.0.0.0 0.0.0.0 XXX.XXX.183.201 1 route outside XXX.XXX.181.0 255.255.255.248 XXX.XXX.183.201 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 dynamic-access-policy-record DfltAccessPolicy aaa authentication http console LOCAL aaa authentication ssh console LOCAL aaa authentication telnet console LOCAL http server enable http 192.168.100.0 255.255.255.0 inside http xxx.xxx.0.0 255.255.0.0 outside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec transform-set 3DES-MD5 esp-3des esp-md5-hmac crypto ipsec security-association lifetime seconds 28800 crypto ipsec security-association lifetime kilobytes 4608000 crypto dynamic-map dynmap 1 set transform-set 3DES-MD5 crypto map outside_map 1 match address outside_1_cryptomap crypto map outside_map 1 set pfs crypto map outside_map 1 set peer XXX.XXX.181.98 crypto map outside_map 1 set transform-set ESP-3DES-SHA crypto map outside_map 20 match address 100 crypto map outside_map 20 set peer XXX.XXX.181.98 crypto map vpn 1 match address Bessermer crypto map vpn 1 set peer XXX.XXX.186.77 crypto map vpn 1 set transform-set 3DES-MD5 crypto map vpn 65535 ipsec-isakmp dynamic dynmap crypto map vpn interface outside crypto isakmp enable outside crypto isakmp policy 1 authentication pre-share encryption 3des hash md5 group 2 lifetime 86400 crypto isakmp policy 10 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 telnet 192.168.100.0 255.255.255.0 inside telnet timeout 5 ssh 192.168.100.0 255.255.255.0 inside ssh 0.0.0.0 0.0.0.0 outside ssh timeout 60 console timeout 0 management-access inside dhcpd dns 65.32.1.65 65.32.1.70 dhcpd wins 192.168.100.3 dhcpd domain xxxx.local dhcpd auto_config outside ! dhcpd address 192.168.100.100-192.168.100.150 inside dhcpd dns 192.168.100.250 8.8.8.8 interface inside dhcpd lease 600 interface inside dhcpd ping_timeout 300 interface inside dhcpd domain xxxx.com interface inside dhcpd auto_config outside interface inside dhcpd enable inside ! threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept webvpn group-policy RAS internal group-policy RAS attributes wins-server value 192.168.100.250 dns-server value 192.168.100.250 split-tunnel-policy tunnelspecified split-tunnel-network-list value split default-domain value bermoco.local address-pools value RAS username links password XXXX encrypted privilege 15 username admin password XXXX encrypted privilege 15 username xxxx password XXX encrypted tunnel-group XXX.XXX.181.98 type ipsec-l2l tunnel-group XXX.XXX.181.98 ipsec-attributes pre-shared-key ***** tunnel-group XXX.XXX.186.77 type ipsec-l2l tunnel-group XXX.XXX.186.77 ipsec-attributes pre-shared-key ***** tunnel-group RAS type remote-access tunnel-group RAS general-attributes address-pool RAS default-group-policy RAS tunnel-group RAS ipsec-attributes pre-shared-key ***** ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect ip-options ! service-policy global_policy global smtp-server XXX.XXX.151.242 prompt hostname context call-home profile CiscoTAC-1 no active destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address email callhome@cisco.com destination transport-method http subscribe-to-alert-group diagnostic subscribe-to-alert-group environment subscribe-to-alert-group inventory periodic monthly subscribe-to-alert-group configuration periodic monthly subscribe-to-alert-group telemetry periodic daily Cryptochecksum:43a35e2f5faaf6d081561b93824d5bec : end