ASA Version 8.2(5)19 ! hostname ciscoasa domain-name mycompany.local enable password 1293587651 encrypted passwd 132948712394 encrypted multicast-routing no names ! interface GigabitEthernet0/0 nameif inside security-level 100 ip address 192.168.99.1 255.255.252.0 standby 192.168.97.1 igmp access-group inside_multicast ! interface GigabitEthernet0/1 nameif web_dmz security-level 10 ip address x.x.128.1 255.255.252.0 standby x.x.128.2 ! interface GigabitEthernet0/2 shutdown no nameif security-level 100 no ip address ! interface GigabitEthernet0/3 shutdown no nameif no security-level no ip address ! interface Management0/0 shutdown nameif management security-level 100 no ip address no igmp management-only ! interface GigabitEthernet1/0 description LAN/STATE Failover Interface shutdown ! interface GigabitEthernet1/1 nameif Back_Up security-level 80 ip address 172.16.16.1 255.255.255.0 ! interface GigabitEthernet1/2 shutdown no nameif no security-level no ip address ! interface GigabitEthernet1/3 nameif outside security-level 0 ip address x.x.141.2 255.255.255.0 standby x.x.141.3 ! pim rp-address x.x.152.1 boot system disk0:/asa825-19-k8.bin ftp mode passive clock timezone EST -5 clock summer-time EDT recurring dns domain-lookup inside dns domain-lookup web_dmz dns domain-lookup outside dns server-group DefaultDNS name-server 192.168.99.73 name-server 192.168.99.74 domain-name mycompany.local same-security-traffic permit intra-interface access-list inside_multicast standard permit any access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_3 object-group DM_INLINE_NETWORK_15 host x.x.141.40 access-list outside_access_in remark Listener in Brazil access-list outside_access_in extended permit object-group TCPUDP object-group Brazillian-Listener object-group Web eq www access-list outside_access_in remark These addresses have been seen in the DMZ trying to access ftp's access-list outside_access_in extended deny ip object-group Attempted_Web_Access any access-list outside_access_in extended deny ip 41.0.0.0 255.0.0.0 any access-list outside_access_in remark temp block, possible DoS 9/11/13 access-list outside_access_in extended deny ip 221.0.0.0 255.0.0.0 any access-list outside_access_in remark Tehran access-list outside_access_in extended deny ip 130.255.0.0 255.255.0.0 any access-list outside_access_in extended deny ip 189.0.0.0 255.128.0.0 any access-list outside_access_in extended deny ip 189.128.0.0 255.255.254.0 any access-list outside_access_in extended deny ip 189.128.4.0 255.255.252.0 any access-list outside_access_in extended deny ip 189.128.3.0 255.255.255.0 any access-list outside_access_in extended permit tcp x.x.0.0 255.128.0.0 object-group Web eq www access-list outside_access_in remark Appears to be spam source access-list outside_access_in extended deny ip object-group DM_INLINE_NETWORK_12 any access-list outside_access_in remark Localpalooza stream access-list outside_access_in extended permit tcp any host x.x.130.130 eq 8000 inactive access-list outside_access_in remark Access for WJCC access-list outside_access_in extended permit ip object-group DM_INLINE_NETWORK_9 object-group Web access-list outside_access_in remark ftp to vbschools access-list outside_access_in extended permit tcp host x.x.10.204 host x.x.131.4 object-group DM_INLINE_TCP_11 access-list outside_access_in remark VDOE MySQL Access access-list outside_access_in extended permit tcp host x.x.75.224 host x.x.128.230 eq 3306 access-list outside_access_in extended permit object-group TCPUDP any host x.x.141.252 eq www access-list outside_access_in remark VB ACL to QUMU access-list outside_access_in extended permit tcp object-group VB_Schools_QUMU host x.x.131.43 object-group DM_INLINE_TCP_2 access-list outside_access_in remark TTAC Moodle Access access-list outside_access_in extended permit tcp object-group DM_INLINE_NETWORK_4 object-group DM_INLINE_NETWORK_7 object-group RDP access-list outside_access_in remark FTP ICECast Logging server access-list outside_access_in extended permit tcp any object-group DM_INLINE_TCP_12 host x.x.130.131 object-group DM_INLINE_TCP_4 access-list outside_access_in remark Live streaming access-list outside_access_in extended permit tcp any host x.x.130.94 object-group DM_INLINE_TCP_3 access-list outside_access_in remark Appliance connection into Emedia VA access-list outside_access_in extended permit tcp object-group School_Emedia_Appliance host x.x.128.94 eq 3306 access-list outside_access_in remark test for emedia Appliance access-list outside_access_in extended permit tcp host x.x.156.2 object-group EmediaVa-Servers object-group DM_INLINE_TCP_7 access-list outside_access_in remark aspen access-list outside_access_in extended permit tcp any host x.x.130.117 object-group DM_INLINE_TCP_13 access-list outside_access_in remark Paul Sipe's House to Emediava access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_2 host 108.15.167.138 object-group DM_INLINE_NETWORK_1 access-list outside_access_in remark For Ray and remote Broadcasts access-list outside_access_in extended permit object-group TCPUDP any host x.x.141.164 object-group tieline access-list outside_access_in remark Rivendale Support access access-list outside_access_in extended permit tcp object-group DM_INLINE_NETWORK_3 host x.x.141.22 eq ssh access-list outside_access_in extended permit tcp object-group TA_Support_Group object-group Team_Approach_Servers object-group DM_INLINE_TCP_1 access-list outside_access_in extended permit icmp any any echo-reply access-list outside_access_in extended permit icmp any any time-exceeded access-list outside_access_in extended permit tcp object-group Omneon_Support_Group host x.x.141.138 object-group Omneon_Sup_Service_Group access-list outside_access_in extended permit udp object-group Omneon_Support_Group host x.x.141.138 object-group Omneon_Sup_Service_Group access-list outside_access_in extended permit tcp object-group Protrack_support object-group Protrack_ref eq ssh access-list outside_access_in extended permit tcp any object-group Ext_DNS eq domain access-list outside_access_in extended permit udp any object-group Ext_DNS eq domain access-list outside_access_in extended permit tcp any host x.x.130.60 object-group Radius access-list outside_access_in extended permit tcp any x.x.129.0 255.255.255.0 object-group Mail access-list outside_access_in extended permit tcp any object-group Web object-group web access-list outside_access_in extended permit tcp any host x.x.130.54 eq www access-list outside_access_in extended permit tcp any object-group All_Access eq www access-list outside_access_in extended permit tcp any host x.x.141.9 eq https access-list outside_access_in extended permit tcp host x.x.142.196 host x.x.130.11 eq www access-list outside_access_in extended permit tcp any host x.x.130.50 eq www access-list outside_access_in extended permit tcp any host x.x.130.50 eq ftp access-list outside_access_in extended permit tcp any host x.x.130.50 eq ftp-data access-list outside_access_in extended permit tcp any host x.x.130.50 object-group Helix_MMS access-list outside_access_in extended permit udp any host x.x.130.50 object-group Helix_MMS access-list outside_access_in extended permit tcp any host x.x.130.50 eq rtsp access-list outside_access_in extended permit udp any host x.x.130.50 object-group Helix_UDP access-list outside_access_in extended permit tcp any host x.x.128.208 object-group DM_INLINE_TCP_10 access-list outside_access_in remark PBS Network Space access-list outside_access_in extended permit udp x.x.0.0 255.255.0.0 host x.x.141.65 object-group DM_INLINE_UDP_1 inactive access-list outside_access_in extended permit ip x.x.155.0 255.255.255.0 x.x.132.0 255.255.255.0 access-list outside_access_in extended permit tcp any host x.x.130.49 object-group DM_INLINE_TCP_8 access-list outside_access_in extended permit tcp any host x.x.130.100 object-group DM_INLINE_TCP_9 access-list outside_access_in extended permit tcp any object-group EMail eq smtp access-list outside_access_in extended permit tcp host x.x.155.169 host x.x.129.43 eq 90 access-list outside_access_in extended permit tcp host x.x.14.84 host x.x.129.43 eq 90 access-list outside_access_in extended permit tcp any host x.x.130.59 eq ssh access-list outside_access_in extended permit tcp any object-group Shoutcast_80 eq www access-list outside_access_in extended permit udp any any object-group EchoLink access-list outside_access_in extended permit tcp any host x.x.130.59 eq 8000 access-list outside_access_in extended permit tcp host x.x.142.196 host x.x.141.232 eq 81 access-list outside_access_in remark Time server access-list outside_access_in extended permit udp any host x.x.141.15 eq ntp access-list outside_access_in extended permit tcp any host x.x.130.53 eq 1935 access-list outside_access_in extended permit tcp any host x.x.130.53 eq https access-list outside_access_in extended permit tcp any host x.x.130.86 eq 8000 access-list outside_access_in extended permit tcp any host x.x.130.86 eq 8001 access-list outside_access_in remark Access to bugs.emediava.org access-list outside_access_in extended permit tcp any host x.x.130.104 eq www access-list outside_access_in remark Streaming for Jason access-list outside_access_in extended permit tcp any host x.x.130.55 object-group Shoutcast_Ports access-list outside_access_in remark TTAC-Adobe Connect Server access-list outside_access_in extended permit tcp any host x.x.128.111 object-group DM_INLINE_TCP_6 access-list outside_access_in remark Mine access-list outside_access_in extended permit tcp host x.x.111.160 host x.x.141.230 object-group DM_INLINE_TCP_15 access-list outside_access_in remark PBS Network Space access-list outside_access_in remark PBS Network Space access-list outside_access_in remark PBS Network Space access-list outside_access_in remark PBS Network Space access-list outside_access_in remark PBS Network Space access-list outside_access_in remark Access to bugs.emediava.org access-list outside_access_in remark Virgae support in to server access-list outside_access_in remark Virage 2nd support in to server access-list outside_access_in remark Virage 3rd support in to server access-list outside_access_in remark Streaming for Jason access-list inside_outbound_nat0_acl extended permit ip any 192.168.98.0 255.255.255.0 access-list outside_cryptomap_dyn_20 extended permit ip any 192.168.98.0 255.255.255.0 access-list web_dmz_access_in remark Eduwidgets access-list web_dmz_access_in extended permit tcp host x.x.130.35 any object-group DM_INLINE_TCP_14 access-list web_dmz_access_in extended permit udp host x.x.130.5 host 192.168.99.4 eq syslog access-list web_dmz_access_in remark Access for WJCC access-list web_dmz_access_in extended permit ip any object-group DM_INLINE_NETWORK_10 access-list web_dmz_access_in extended permit udp any host x.x.141.15 eq ntp access-list web_dmz_access_in extended permit tcp host x.x.129.4 host 192.168.99.19 eq 445 access-list web_dmz_access_in remark Colaberate.mycompany.org access-list web_dmz_access_in extended permit tcp host x.x.130.10 host 192.168.99.73 eq ldap access-list web_dmz_access_in remark Confluence LDAP Connectivity to Digital access-list web_dmz_access_in extended permit tcp host x.x.130.29 object-group DM_INLINE_NETWORK_5 eq ldap access-list web_dmz_access_in remark Open for Virtulization access-list web_dmz_access_in extended permit ip x.x.128.0 255.255.252.0 object-group UCS_Blade_Server inactive access-list web_dmz_access_in extended permit ip object-group DM_INLINE_NETWORK_13 object-group DM_INLINE_NETWORK_14 access-list web_dmz_access_in extended permit object-group DM_INLINE_SERVICE_1 host x.x.130.107 any access-list web_dmz_access_in remark Emedia Servers Out access-list web_dmz_access_in extended permit tcp object-group EmediaVa-Servers any object-group DM_INLINE_TCP_5 access-list web_dmz_access_in remark out for Qumu access-list web_dmz_access_in extended permit ip host x.x.131.43 any access-list web_dmz_access_in extended permit tcp host x.x.129.4 object-group DM_INLINE_NETWORK_2 eq smtp access-list web_dmz_access_in extended permit tcp host x.x.129.6 host 192.168.99.22 eq smtp access-list web_dmz_access_in extended permit udp x.x.128.0 255.255.252.0 host 192.168.98.10 eq ntp access-list web_dmz_access_in extended permit udp object-group Ext_DNS any eq domain access-list web_dmz_access_in extended permit tcp object-group Ext_DNS any eq domain access-list web_dmz_access_in extended permit tcp host x.x.129.1 any eq domain access-list web_dmz_access_in extended permit udp host x.x.129.1 any eq domain access-list web_dmz_access_in extended permit tcp host x.x.129.2 any eq domain access-list web_dmz_access_in extended permit udp host x.x.129.2 any eq domain access-list web_dmz_access_in extended permit tcp host x.x.129.4 any eq smtp access-list web_dmz_access_in extended permit tcp host x.x.129.5 any eq smtp access-list web_dmz_access_in extended permit tcp host x.x.129.6 any eq smtp access-list web_dmz_access_in extended deny tcp x.x.129.0 255.255.255.0 any eq smtp access-list web_dmz_access_in extended permit tcp x.x.128.0 255.255.252.0 any eq smtp access-list web_dmz_access_in extended permit tcp x.x.128.0 255.255.252.0 any eq www access-list web_dmz_access_in extended permit tcp x.x.128.0 255.255.252.0 any eq https access-list web_dmz_access_in extended permit icmp x.x.128.0 255.255.252.0 any access-list web_dmz_access_in remark Barracuda Support access-list web_dmz_access_in extended permit tcp host x.x.129.4 any eq ssh access-list web_dmz_access_in remark 1920s fast serv relay access-list web_dmz_access_in extended permit tcp host x.x.130.43 host 209.9.238.5 eq 8570 access-list web_dmz_access_in remark 1920s 32k relay access-list web_dmz_access_in extended permit tcp host x.x.130.88 host 68.106.153.196 eq 8050 access-list web_dmz_access_in extended permit tcp host x.x.130.50 host x.x.147.27 eq 8080 access-list web_dmz_access_in extended permit tcp host x.x.129.5 any eq ssh access-list web_dmz_access_in remark These addresses have been seen in the DMZ trying to access the 648 switch via HTTP access-list web_dmz_access_in remark Colaberate.mycompany.org access-list web_dmz_access_in remark Confluence LDAP Connectivity to Digital access-list web_dmz_access_in remark Open for Virtulization access-list web_dmz_access_in remark Emedia Servers Out access-list web_dmz_access_in remark Barracuda Support access-list web_dmz_access_in remark 1920s fast serv relay access-list web_dmz_access_in remark 1920s 32k relay access-list web_dmz_access_in remark allow d2l support to FTP out for files access-list Dial-up_access_in extended permit tcp any host x.x.141.23 eq https access-list Dial-up_access_in extended permit ip any any access-list web_dmz_outbound_nat0_acl extended permit ip any any access-list mycompany_tech_splitTunnelAcl extended permit ip 192.168.96.0 255.255.252.0 any access-list mycompany_tech_splitTunnelAcl extended permit ip x.x.128.0 255.255.252.0 any access-list Radio_access_in extended permit udp any host 192.168.5.3 eq ntp access-list Radio_access_in extended permit ip any any access-list inside_nat0_outbound extended permit ip any 192.168.98.0 255.255.255.0 access-list inside_nat0_outbound extended permit ip 192.168.96.0 255.255.252.0 x.x.128.0 255.255.252.0 access-list inside_nat0_outbound extended permit ip object-group DM_INLINE_NETWORK_11 192.168.3.0 255.255.255.0 access-list inside_nat0_outbound extended permit ip 192.168.96.0 255.255.252.0 192.168.12.0 255.255.255.0 access-list inside_nat0_outbound extended permit ip 192.168.96.0 255.255.252.0 192.168.14.0 255.255.255.0 access-list mycompany_tech_splitTunnelAcl_1 standard permit x.x.128.0 255.255.252.0 access-list mycompany_tech_splitTunnelAcl_1 standard permit 192.168.96.0 255.255.252.0 access-list mycompany_tech_splitTunnelAcl_1 standard permit 172.16.16.0 255.255.255.0 access-list inside_access_in extended permit ip object-group CDE_Clients object-group CDE_Servers access-list inside_access_in extended permit ip host x.x.129.1 object-group CDE_Servers access-list inside_access_in remark Back Ups access-list inside_access_in extended permit ip host 192.168.99.3 host 172.20.0.80 access-list inside_access_in extended deny ip any 172.20.0.0 255.255.255.0 access-list inside_access_in extended permit ip any any access-list outside_2_cryptomap extended permit ip object-group DM_INLINE_NETWORK_6 192.168.3.0 255.255.255.0 access-list web_dmz_nat0_outbound extended permit ip 192.168.96.0 255.255.252.0 host 192.168.98.201 access-list web_dmz_nat0_outbound extended permit ip x.x.128.0 255.255.252.0 host 192.168.98.201 access-list outside_cryptomap extended permit ip 192.168.96.0 255.255.252.0 192.168.12.0 255.255.255.0 access-list outside_cryptomap_1 extended permit ip object-group DM_INLINE_NETWORK_8 192.168.14.0 255.255.255.0 access-list inside_access_in_1 extended permit ip 192.168.96.0 255.255.252.0 any access-list CDE_access_ipv6_in remark Access to CDE DMZ only access-list Back_Up_access_in extended permit ip any any pager lines 24 logging enable logging timestamp logging asdm-buffer-size 512 logging trap debugging logging asdm informational logging mail critical logging from-address asa@mycompany.org logging recipient-address ron.bennington@mycompany.org level critical logging facility 16 logging queue 0 logging host inside 192.168.99.4 logging class vpdn trap debugging logging class vpn trap debugging logging class vpnc trap debugging logging class webvpn trap debugging logging class svc trap debugging mtu inside 1500 mtu web_dmz 1500 mtu management 1500 mtu Back_Up 1500 mtu outside 1500 ip local pool VPN_IP_Pool 192.168.98.100-192.168.98.200 mask 255.255.252.0 ip local pool MeaganStatic 192.168.98.201-192.168.98.202 mask 255.255.252.0 ip local pool Aspen_Appl 192.168.98.225-192.168.98.230 mask 255.255.252.0 ip local pool CBART 192.168.98.232-192.168.98.233 mask 255.255.252.0 no failover failover lan unit primary failover lan interface failover GigabitEthernet1/0 failover link failover GigabitEthernet1/0 failover interface ip failover 10.254.0.1 255.255.255.0 standby 10.254.0.2 no monitor-interface management icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-713.bin asdm history enable arp timeout 14400 global (inside) 10 interface global (web_dmz) 10 interface global (outside) 10 interface nat (inside) 0 access-list inside_nat0_outbound nat (inside) 10 0.0.0.0 0.0.0.0 nat (web_dmz) 0 access-list web_dmz_nat0_outbound static (inside,outside) x.x.141.8 192.168.99.17 netmask 255.255.255.255 static (inside,outside) x.x.141.80 172.20.0.80 netmask 255.255.255.255 static (inside,outside) x.x.141.81 172.20.0.81 netmask 255.255.255.255 static (inside,outside) x.x.141.6 192.168.99.22 netmask 255.255.255.255 dns static (inside,outside) x.x.141.23 192.168.99.23 netmask 255.255.255.255 dns static (inside,outside) x.x.141.138 192.168.99.231 netmask 255.255.255.255 static (inside,outside) x.x.141.25 192.168.99.25 netmask 255.255.255.255 static (inside,outside) x.x.141.26 192.168.99.26 netmask 255.255.255.255 static (inside,outside) x.x.141.10 192.168.99.10 netmask 255.255.255.255 static (inside,outside) x.x.141.202 192.168.99.202 netmask 255.255.255.255 static (inside,outside) x.x.141.130 192.168.97.130 netmask 255.255.255.255 static (inside,outside) x.x.141.125 192.168.99.107 netmask 255.255.255.255 static (inside,inside) 192.168.5.0 192.168.5.0 netmask 255.255.255.0 static (inside,inside) 192.168.6.0 192.168.6.0 netmask 255.255.255.0 static (inside,inside) 172.20.0.0 172.20.0.0 netmask 255.255.255.0 static (inside,outside) x.x.141.238 192.168.99.238 netmask 255.255.255.255 dns static (inside,outside) x.x.141.232 192.168.99.232 netmask 255.255.255.255 static (inside,outside) x.x.141.9 192.168.99.21 netmask 255.255.255.255 dns static (inside,web_dmz) x.x.141.23 192.168.99.23 netmask 255.255.255.255 dns static (inside,web_dmz) x.x.141.9 192.168.99.21 netmask 255.255.255.255 dns static (inside,outside) x.x.141.3 192.168.98.2 netmask 255.255.255.255 norandomseq static (inside,outside) x.x.141.65 192.168.97.65 netmask 255.255.255.255 static (inside,outside) x.x.141.220 192.168.99.220 netmask 255.255.255.255 static (inside,web_dmz) x.x.141.15 192.168.98.10 netmask 255.255.255.255 static (inside,outside) x.x.141.164 192.168.99.164 netmask 255.255.255.255 static (inside,outside) x.x.141.20 192.168.5.236 netmask 255.255.255.255 static (inside,outside) x.x.141.22 192.168.5.12 netmask 255.255.255.255 static (inside,outside) x.x.141.252 192.168.99.252 netmask 255.255.255.255 static (inside,outside) x.x.141.36 192.168.97.6 netmask 255.255.255.255 static (inside,outside) x.x.141.230 192.168.99.230 netmask 255.255.255.255 static (inside,outside) x.x.141.40 172.20.0.14 netmask 255.255.255.255 access-group inside_access_in_1 in interface inside control-plane access-group inside_access_in in interface inside access-group web_dmz_access_in in interface web_dmz access-group Back_Up_access_in in interface Back_Up access-group outside_access_in in interface outside route outside 0.0.0.0 0.0.0.0 x.x.141.1 1 route inside 172.20.0.0 255.255.255.0 192.168.98.17 1 route inside 192.168.5.0 255.255.255.0 192.168.98.12 1 route inside 192.168.6.0 255.255.255.0 192.168.98.12 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 dynamic-access-policy-record DfltAccessPolicy aaa-server RADIUS protocol radius accounting-mode simultaneous aaa-server RADIUS (inside) host 192.168.99.73 key ***** aaa-server RADIUS (inside) host 192.168.99.74 key ***** nac-policy DfltGrpPolicy-nac-framework-create nac-framework reval-period 36000 sq-period 300 aaa authentication telnet console LOCAL http server enable http 192.168.1.0 255.255.255.0 management http 192.168.99.95 255.255.255.255 inside http 192.168.96.0 255.255.252.0 inside snmp-server group Authentication&Encryption v3 priv snmp-server user mycompanyAdmin Authentication&Encryption v3 encrypted auth md5 b5:75:d2:47:b0:54:a6:fd:66:a6:fc:d3:47:79:36:3d priv des 21:c8:ec:04:c0:96:3d:64:53:f7:b9:fe:95:b9:68:2c snmp-server host inside 192.168.99.163 community ***** version 2c snmp-server host inside 192.168.99.67 poll community ***** snmp-server host inside 192.168.99.69 community ***** version 2c snmp-server location mycompany snmp-server contact My Name snmp-server community ***** snmp-server enable traps snmp authentication linkup linkdown coldstart sysopt connection tcpmss 1460 service internal service resetoutside crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac crypto ipsec transform-set ESP-AES-128-SHA-TRANS mode transport crypto ipsec transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac crypto ipsec transform-set ESP-AES-128-MD5-TRANS mode transport crypto ipsec transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac crypto ipsec transform-set ESP-AES-192-SHA-TRANS mode transport crypto ipsec transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac crypto ipsec transform-set ESP-AES-192-MD5-TRANS mode transport crypto ipsec transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac crypto ipsec transform-set ESP-AES-256-SHA-TRANS mode transport crypto ipsec transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac crypto ipsec transform-set ESP-AES-256-MD5-TRANS mode transport crypto ipsec transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac crypto ipsec transform-set ESP-3DES-SHA-TRANS mode transport crypto ipsec transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac crypto ipsec transform-set ESP-3DES-MD5-TRANS mode transport crypto ipsec transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac crypto ipsec transform-set ESP-DES-SHA-TRANS mode transport crypto ipsec transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac crypto ipsec transform-set ESP-DES-MD5-TRANS mode transport crypto ipsec security-association lifetime seconds 28800 crypto ipsec security-association lifetime kilobytes 4608000 crypto dynamic-map outside_dyn_map 20 set pfs group1 crypto dynamic-map outside_dyn_map 20 set transform-set ESP-AES-256-MD5 crypto dynamic-map outside_dyn_map 20 set security-association lifetime seconds 28800 crypto dynamic-map outside_dyn_map 20 set security-association lifetime kilobytes 4608000 crypto dynamic-map outside_dyn_map 40 set pfs crypto dynamic-map outside_dyn_map 40 set transform-set ESP-AES-256-MD5 crypto dynamic-map outside_dyn_map 40 set security-association lifetime seconds 28800 crypto dynamic-map outside_dyn_map 40 set security-association lifetime kilobytes 4608000 crypto map outside_map 2 match address outside_2_cryptomap crypto map outside_map 2 set pfs group1 crypto map outside_map 2 set peer x.x.222.179 crypto map outside_map 2 set transform-set ESP-AES-256-MD5 crypto map outside_map 2 set security-association lifetime seconds 28800 crypto map outside_map 2 set security-association lifetime kilobytes 4608000 crypto map outside_map 4 match address outside_cryptomap crypto map outside_map 4 set pfs group1 crypto map outside_map 4 set peer x.x.125.159 crypto map outside_map 4 set transform-set ESP-DES-SHA crypto map outside_map 5 match address outside_cryptomap_1 crypto map outside_map 5 set pfs crypto map outside_map 5 set peer x.x.89.98 crypto map outside_map 5 set transform-set ESP-AES-256-SHA crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map crypto map outside_map interface outside crypto ca trustpoint ASDM_TrustPoint1 enrollment self keypair ASDM_TrustPoint1 crl configure crypto ca certificate chain ASDM_TrustPoint1 certificate 4aec3450 3082027c 308201e5 a0030201 0202044a ec345030 0d06092a crypto isakmp enable inside crypto isakmp enable Back_Up crypto isakmp enable outside crypto isakmp policy 10 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 crypto isakmp policy 30 authentication pre-share encryption 3des hash md5 group 2 lifetime 86400 crypto isakmp policy 50 authentication pre-share encryption aes-256 hash md5 group 5 lifetime 86400 crypto isakmp policy 70 authentication pre-share encryption aes-256 hash sha group 2 lifetime 86400 crypto isakmp policy 90 authentication pre-share encryption aes-256 hash sha group 5 lifetime 86400 crypto isakmp policy 110 authentication rsa-sig encryption des hash sha group 1 lifetime 86400 crypto isakmp policy 130 authentication pre-share encryption des hash sha group 1 lifetime 86400 no vpn-addr-assign aaa no vpn-addr-assign dhcp telnet 0.0.0.0 0.0.0.0 inside telnet timeout 5 ssh 192.168.99.230 255.255.255.255 inside ssh 192.168.96.71 255.255.255.255 inside ssh timeout 5 console timeout 0 management-access inside threat-detection basic-threat threat-detection scanning-threat shun except ip-address 192.168.12.0 255.255.255.0 threat-detection scanning-threat shun except ip-address 192.168.14.0 255.255.255.0 threat-detection scanning-threat shun except ip-address 192.168.99.230 255.255.255.255 threat-detection scanning-threat shun except ip-address 192.168.99.24 255.255.255.255 threat-detection scanning-threat shun except ip-address x.x.128.0 255.255.224.0 threat-detection scanning-threat shun except ip-address x.x.141.0 255.255.255.0 threat-detection scanning-threat shun duration 30 threat-detection statistics port threat-detection statistics protocol threat-detection statistics access-list threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200 ntp server 192.168.98.10 source inside prefer ssl encryption aes128-sha1 aes256-sha1 3des-sha1 rc4-sha1 webvpn enable outside anyconnect-essentials svc image disk0:/anyconnect-win-3.0.2052-k9.pkg 1 svc image disk0:/anyconnect-macosx-i386-3.0.2052-k9.pkg 2 svc image disk0:/anyconnect-symbian-armv5_urel-2.4.5004-asa-package.pkg 3 svc image disk0:/anyconnect-linux-3.0.2052-k9.pkg 4 svc image disk0:/anyconnect-linux-64-3.0.2052-k9.pkg 5 svc enable tunnel-group-list enable group-policy brocade internal group-policy brocade attributes vpn-tunnel-protocol svc webvpn webvpn url-list none svc ask enable default webvpn group-policy CBART internal group-policy CBART attributes banner value All Activity will be recorded wins-server none dns-server value 192.168.99.73 192.168.99.74 vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn default-domain value mycompany.local address-pools value CBART group-policy DfltGrpPolicy attributes vpn-idle-timeout none vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn nac-settings value DfltGrpPolicy-nac-framework-create webvpn svc keepalive none svc dpd-interval client none svc dpd-interval gateway none customization value DfltCustomization group-policy ABS_Access internal group-policy ABS_Access attributes vpn-tunnel-protocol svc webvpn webvpn url-list none svc ask enable group-policy vbschools internal group-policy vbschools attributes wins-server none vpn-tunnel-protocol IPSec l2tp-ipsec webvpn default-domain value mycompany.local group-policy Orion internal group-policy mycompany_staff_ac internal group-policy mycompany_staff_ac attributes wins-server value 192.168.99.16 192.168.99.20 dns-server value 192.168.99.73 192.168.99.74 vpn-tunnel-protocol svc default-domain value mycompany.local group-policy mycompany_staff internal group-policy mycompany_staff attributes wins-server value 192.168.99.16 192.168.99.20 dns-server value 192.168.99.73 192.168.99.74 vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn default-domain value mycompany.local webvpn url-list none svc dtls enable svc mtu 1200 svc compression none svc ask enable default webvpn svc df-bit-ignore enable group-policy NSU internal group-policy NSU attributes vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn webvpn url-list none group-policy mycompany_tech internal group-policy mycompany_tech attributes wins-server value 192.168.99.16 192.168.99.20 dns-server value 192.168.99.73 192.168.99.74 vpn-tunnel-protocol IPSec l2tp-ipsec svc split-tunnel-policy tunnelspecified split-tunnel-network-list value mycompany_tech_splitTunnelAcl_1 default-domain value mycompany.local tunnel-group mycompany_staff type remote-access tunnel-group mycompany_staff general-attributes address-pool VPN_IP_Pool authentication-server-group RADIUS default-group-policy mycompany_staff tunnel-group mycompany_staff ipsec-attributes pre-shared-key ***** tunnel-group mycompany_tech type remote-access tunnel-group mycompany_tech general-attributes address-pool VPN_IP_Pool authentication-server-group RADIUS default-group-policy mycompany_tech tunnel-group mycompany_tech webvpn-attributes group-alias mycompany_tech enable tunnel-group mycompany_tech ipsec-attributes pre-shared-key ***** tunnel-group vbschools type remote-access tunnel-group vbschools general-attributes address-pool VPN_IP_Pool default-group-policy vbschools tunnel-group vbschools webvpn-attributes group-alias vbschools enable tunnel-group mycompany_Staff_AC type remote-access tunnel-group mycompany_Staff_AC general-attributes address-pool (inside) VPN_IP_Pool address-pool VPN_IP_Pool authentication-server-group RADIUS authentication-server-group (inside) RADIUS default-group-policy mycompany_staff_ac password-management tunnel-group mycompany_Staff_AC webvpn-attributes group-alias mycompany_Staff enable tunnel-group x.x.222.179 type ipsec-l2l tunnel-group x.x.222.179 ipsec-attributes pre-shared-key ***** tunnel-group x.x.125.159 type ipsec-l2l tunnel-group x.x.125.159 ipsec-attributes pre-shared-key ***** tunnel-group ABS1 type remote-access tunnel-group ABS1 general-attributes address-pool VPN_IP_Pool default-group-policy ABS_Access tunnel-group ABS1 webvpn-attributes group-alias ABS1 enable group-url https://x.x.141.2/ABS1 enable tunnel-group Brocade type remote-access tunnel-group Brocade general-attributes address-pool VPN_IP_Pool default-group-policy brocade tunnel-group Brocade webvpn-attributes group-alias brocade enable group-url https://x.x.141.2/brocade enable tunnel-group ABS type remote-access tunnel-group ABS general-attributes address-pool VPN_IP_Pool default-group-policy mycompany_staff tunnel-group ABS webvpn-attributes group-alias ABS enable group-url https://x.x.141.2/ABS enable tunnel-group x.x.89.98 type ipsec-l2l tunnel-group x.x.89.98 ipsec-attributes pre-shared-key ***** tunnel-group AspenAppl type remote-access tunnel-group AspenAppl general-attributes address-pool Aspen_Appl default-group-policy NSU tunnel-group AspenAppl webvpn-attributes group-alias AspenAppl enable tunnel-group CBART type remote-access tunnel-group CBART general-attributes address-pool CBART default-group-policy CBART tunnel-group CBART webvpn-attributes group-alias CBART enable ! class-map global-class match any class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum 4096 policy-map global_policy class inspection_default inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect dns inspect ip-options class global-class ! service-policy global_policy global prompt hostname context coredump enable filesystem disk0: size 124 no call-home reporting anonymous Cryptochecksum:9ee6acc06a6a0f64b229ca36d61370c4 : end ciscoasa#