ASA Version 9.2(3) ! hostname LSB-LBB-ASA5515 domain-name cisco.com enable password vbC.mM7QrFLXKD2d encrypted names name 10.21.57.0 LAN_SUBNET_NUM name 65.182.82.132 OUTSIDE_MANDRY name 205.209.245.1 OUTSIDE_IP name 10.140.57.0 LAN_BRANCHES2_SUBNET_NUMBER name 10.22.57.0 LAN_BRANCHES1_SUBNET_NUMBER name 192.168.51.0 LAN_PHONES_SUBNET_NUMBER name 10.106.160.0 LAN_FISERV1_SUBNET_NUMBER name 10.140.254.0 LAN_FISERV2_SUBNET_NUMBER name 10.21.57.4 INSIDE_LSB-LBB-MPLS-1921 name 10.254.1.0 DMZ_SUBNET_NUM ip local pool POOL_VPN_RA 192.168.50.10-192.168.50.30 mask 255.255.255.0 ! interface GigabitEthernet0/0 duplex full nameif OUTSIDE security-level 0 ip address 205.209.245.37 255.255.255.0 ! interface GigabitEthernet0/1 nameif INSIDE security-level 100 ip address 10.21.57.1 255.255.255.0 ! interface GigabitEthernet0/2 nameif DMZ security-level 50 ip address 10.254.1.1 255.255.255.0 ! interface GigabitEthernet0/3 shutdown no nameif no security-level no ip address ! interface GigabitEthernet0/4 shutdown no nameif no security-level no ip address ! interface GigabitEthernet0/5 shutdown no nameif no security-level no ip address ! interface Management0/0 management-only nameif management security-level 100 ip address 192.168.1.1 255.255.255.0 ! ftp mode passive clock timezone UTC -6 clock summer-time UTC recurring dns server-group DefaultDNS domain-name cisco.com object network LAN_LUBBOCK subnet 10.21.57.0 255.255.255.0 description ***Local Subnet*** object network LAN_VPN_RA subnet 192.168.50.0 255.255.255.0 description ***REMOTE ACCESS VPN IP POOL SUBNET*** object network LAN_BIGSPRING subnet 10.22.57.64 255.255.255.192 object network LAN_BROWNFIELD subnet 10.22.57.128 255.255.255.192 object network LAN_ODESSA subnet 10.22.57.0 255.255.255.192 object network LAN_MIDLAND subnet 10.140.57.0 255.255.255.192 object network DMZ_BOMGAR host 10.254.1.2 object network ACCESS_SECUREWORKS host 63.99.110.204 object network OUTSIDE_ISENSOR host 205.209.245.38 object network INSIDE_SECUREWORKS host 10.21.57.218 object network OUTSIDE_BOMGAR host 205.209.245.40 object network OUTSIDE_CAMERA host 205.209.245.41 object network INSIDE_CAMERA host 10.21.57.223 object network INSIDE_SILVERSKY host 10.21.57.5 object network OUTSIDE_SECUREWORKS host 205.209.245.39 object network LAN_DMZ subnet 10.254.1.0 255.255.255.0 object service TCP_SSH service tcp source eq ssh object service TCP_541 service tcp source eq 541 object service TCP_444 service tcp source eq 444 object service TCP_HTTPS service tcp source eq https object-group network LAN_ALL network-object object LAN_LUBBOCK network-object object LAN_BROWNFIELD network-object object LAN_BIGSPRING network-object object LAN_ODESSA network-object object LAN_MIDLAND object-group icmp-type ICMP_BOMGAR icmp-object echo icmp-object echo-reply object-group service TCP_ISENSOR tcp port-object eq 2300 port-object eq 2500 port-object eq 50022 object-group service TCP_SECUREWORKS tcp port-object eq 50022 port-object eq 2300 object-group service TCP_BOMGAR tcp port-object eq www port-object eq https port-object eq 8200 object-group network ACCESS_SILVERSKY network-object 216.54.170.245 255.255.255.255 network-object 66.28.84.132 255.255.255.255 network-object OUTSIDE_MANDRY 255.255.255.255 object-group service TCP_SILVERSKY tcp port-object eq ssh port-object eq 541 port-object eq 444 port-object eq https object-group network LAN_FISERV network-object 10.1.10.0 255.255.255.0 network-object 10.2.2.0 255.255.255.0 network-object 129.100.0.0 255.255.0.0 network-object 192.168.50.0 255.255.255.0 access-list SPLITTUNNEL extended permit ip object-group LAN_ALL object LAN_VPN_RA access-list DMZ extended permit icmp object DMZ_BOMGAR object-group LAN_ALL object-group ICMP_BOMGAR access-list DMZ extended permit udp any any eq ntp access-list DMZ extended permit tcp object DMZ_BOMGAR object-group LAN_ALL object-group TCP_BOMGAR access-list DMZ extended permit tcp any object DMZ_BOMGAR object-group TCP_BOMGAR access-list INBOUND extended permit tcp object ACCESS_SECUREWORKS object INSIDE_SECUREWORKS object-group TCP_SECUREWORKS access-list INBOUND extended permit tcp object OUTSIDE_ISENSOR object INSIDE_SECUREWORKS object-group TCP_ISENSOR access-list INBOUND extended permit tcp any object DMZ_BOMGAR object-group TCP_BOMGAR access-list INBOUND extended permit tcp object-group ACCESS_SILVERSKY object INSIDE_SILVERSKY object-group TCP_SILVERSKY access-list INBOUND extended permit tcp any object INSIDE_CAMERA eq https access-list INBOUND extended permit tcp any object INSIDE_CAMERA eq 3389 access-list OUTBOUND extended permit ip any host 174.120.195.252 log alerts access-list OUTBOUND extended permit ip any host 209.250.246.98 log alerts access-list OUTBOUND extended permit ip any any pager lines 24 logging enable logging timestamp logging standby logging buffer-size 1048576 logging console emergencies logging monitor emergencies logging buffered warnings logging trap debugging logging history emergencies logging asdm informational logging mail alerts logging from-address asa@lonestarwtx.com logging recipient-address support@mandrytechnology.com level alerts logging host INSIDE 10.21.57.218 logging host INSIDE 10.21.57.10 mtu management 1500 mtu OUTSIDE 1500 mtu INSIDE 1500 mtu DMZ 1500 no failover icmp unreachable rate-limit 1 burst-size 1 icmp permit any echo-reply OUTSIDE icmp permit 12.146.232.0 255.255.255.0 OUTSIDE icmp permit 64.31.190.0 255.255.255.0 OUTSIDE icmp permit 63.239.86.0 255.255.255.0 OUTSIDE icmp permit 64.240.15.0 255.255.255.0 OUTSIDE icmp permit 65.114.32.0 255.255.254.0 OUTSIDE icmp permit 216.133.152.0 255.255.254.0 OUTSIDE icmp permit 206.55.100.0 255.255.252.0 OUTSIDE icmp permit host OUTSIDE_MANDRY OUTSIDE no asdm history enable arp timeout 14400 no arp permit-nonconnected nat (OUTSIDE,DMZ) source static any any destination static OUTSIDE_BOMGAR DMZ_BOMGAR nat (INSIDE,DMZ) source static LAN_ALL LAN_ALL destination static LAN_DMZ LAN_DMZ nat (INSIDE,OUTSIDE) source static LAN_LUBBOCK LAN_LUBBOCK destination static LAN_VPN_RA LAN_VPN_RA nat (INSIDE,OUTSIDE) source static LAN_ALL LAN_ALL destination static LAN_FISERV LAN_FISERV nat (OUTSIDE,INSIDE) source static any any destination static OUTSIDE_CAMERA INSIDE_CAMERA nat (OUTSIDE,INSIDE) source static any any destination static interface INSIDE_SILVERSKY service TCP_SSH TCP_SSH nat (OUTSIDE,INSIDE) source static any any destination static interface INSIDE_SILVERSKY service TCP_541 TCP_541 nat (OUTSIDE,INSIDE) source static any any destination static interface INSIDE_SILVERSKY service TCP_444 TCP_444 nat (OUTSIDE,INSIDE) source static any any destination static interface INSIDE_SILVERSKY service TCP_HTTPS TCP_HTTPS nat (OUTSIDE,INSIDE) source static any any destination static OUTSIDE_SECUREWORKS INSIDE_SECUREWORKS ! nat (INSIDE,OUTSIDE) after-auto source dynamic any interface nat (DMZ,OUTSIDE) after-auto source dynamic any interface access-group INBOUND in interface OUTSIDE access-group OUTBOUND in interface INSIDE access-group DMZ in interface DMZ router ospf 1 router-id 10.21.57.1 network LAN_SUBNET_NUM 255.255.255.0 area 0 log-adj-changes default-information originate metric 1 ! route OUTSIDE 0.0.0.0 0.0.0.0 OUTSIDE_IP 1 track 1 route INSIDE LAN_BRANCHES1_SUBNET_NUMBER 255.255.255.0 INSIDE_LSB-LBB-MPLS-1921 1 route INSIDE LAN_FISERV1_SUBNET_NUMBER 255.255.255.0 INSIDE_LSB-LBB-MPLS-1921 1 route INSIDE LAN_BRANCHES2_SUBNET_NUMBER 255.255.255.0 INSIDE_LSB-LBB-MPLS-1921 1 route INSIDE LAN_FISERV2_SUBNET_NUMBER 255.255.255.0 INSIDE_LSB-LBB-MPLS-1921 1 route INSIDE LAN_PHONES_SUBNET_NUMBER 255.255.255.0 INSIDE_LSB-LBB-MPLS-1921 1 timeout xlate 3:00:00 timeout pat-xlate 0:00:30 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 dynamic-access-policy-record DfltAccessPolicy user-identity default-domain LOCAL http server enable 4343 http 192.168.1.0 255.255.255.0 management http OUTSIDE_MANDRY 255.255.255.255 OUTSIDE http LAN_SUBNET_NUM 255.255.255.0 INSIDE snmp-server host INSIDE 10.21.57.10 community MTS-LSSB snmp-server location 6220 Milwaukee Ave Lubbock, Texas snmp-server contact Jon Ruth, (806) 771-7616 snmp-server community MTS-LSSB sla monitor 1 type echo protocol ipIcmpEcho 12.175.11.53 interface OUTSIDE timeout 3000 threshold 1000 frequency 30 sla monitor schedule 1 life forever start-time now crypto ipsec ikev1 transform-set MYSET esp-3des esp-md5-hmac crypto ipsec security-association pmtu-aging infinite crypto dynamic-map DYNMAP 10 set ikev1 transform-set MYSET crypto dynamic-map DYNMAP 10 set security-association lifetime seconds 28800 crypto dynamic-map DYNMAP 10 set security-association lifetime kilobytes 4608000 crypto map VPN_RA 10 ipsec-isakmp dynamic DYNMAP crypto map VPN_RA interface OUTSIDE crypto ca trustpool policy crypto isakmp identity address crypto ikev1 enable OUTSIDE crypto ikev1 policy 10 authentication pre-share encryption 3des hash md5 group 2 lifetime 86400 ! track 1 rtr 1 reachability telnet timeout 5 ssh stricthostkeycheck ssh LAN_SUBNET_NUM 255.255.255.0 INSIDE ssh timeout 30 ssh key-exchange group dh-group1-sha1 console timeout 0 dhcpd address 192.168.1.2-192.168.1.254 management dhcpd enable management ! threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept ntp server 129.7.1.66 source OUTSIDE prefer ntp server 139.78.135.14 source OUTSIDE group-policy VPN_RA internal group-policy VPN_RA attributes dns-server value 10.21.57.10 vpn-idle-timeout 30 split-tunnel-policy tunnelspecified split-tunnel-network-list value SPLITTUNNEL username mtssupport password b7TteJLp1n4481Mz encrypted username lssbadmin password 4i57wzkQYGblEk6I encrypted tunnel-group VPN_RA type remote-access tunnel-group VPN_RA general-attributes address-pool POOL_VPN_RA default-group-policy VPN_RA tunnel-group VPN_RA ipsec-attributes ikev1 pre-shared-key %^tASFy22gYT^ ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum client auto message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect ip-options inspect icmp ! service-policy global_policy global prompt hostname context Cryptochecksum:e8dfc288c832984beed8e787fc68f618 : end