! ASA Version 8.2(2)16 ! hostname TEST-FW names ! interface GigabitEthernet0/0 shutdown no nameif no security-level no ip address ! interface GigabitEthernet0/1 nameif inside security-level 100 ip address 172.17.193.41 255.255.255.248 ! interface GigabitEthernet0/2 no nameif no security-level no ip address ! interface GigabitEthernet0/2.38 vlan 38 nameif DMZ_TEST security-level 50 ip address 172.21.38.1 255.255.255.0 ! interface GigabitEthernet0/3 shutdown no nameif no security-level no ip address ! interface Management0/0 shutdown no nameif no security-level no ip address management-only ! boot system disk0:/asa822-16-k8.bin ftp mode passive clock timezone CST -6 clock summer-time CST recurring object-group service DM_INLINE_SERVICE_1 service-object tcp-udp eq 389 service-object tcp-udp eq 88 service-object tcp-udp eq domain service-object tcp eq 135 service-object tcp eq 1688 service-object tcp eq 3268 service-object tcp eq 445 service-object tcp eq https service-object udp eq ntp object-group service DM_INLINE_SERVICE_2 service-object tcp eq 445 service-object tcp eq 8192 service-object tcp eq 8194 service-object tcp eq www service-object tcp eq https service-object udp eq netbios-ns access-list DMZ_TEST_access_in remark Allow AD traffic from DMZ_TEST to Domain Controllers. Added 03/24/2014 access-list DMZ_TEST_access_in extended permit object-group DM_INLINE_SERVICE_1 172.21.38.0 255.255.255.0 object-group DM_INLINE_NETWORK_1 access-list DMZ_TEST_access_in remark Allow AD traffic from DMZ-TEST to Domain Controllers on TCP Random ports. Added 03/24/2014 access-list DMZ_TEST_access_in extended permit tcp 172.21.38.0 255.255.255.0 object-group DM_INLINE_NETWORK_2 range 49152 65535 pager lines 24 logging enable logging timestamp logging buffer-size 65535 logging buffered informational logging trap informational logging asdm debugging logging facility 23 mtu inside 1500 mtu DMZ_TEST 1500 no failover icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-632.bin no asdm history enable arp timeout 14400 access-group DMZ_TEST_access_in in interface DMZ_TEST ! router eigrp 2112 no auto-summary eigrp router-id 172.17.193.41 network 172.17.193.40 255.255.255.248 network 172.21.38.0 255.255.255.0 passive-interface default no passive-interface inside ! timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 dynamic-access-policy-record DfltAccessPolicy aaa authentication enable console RADIUS_SERVERS LOCAL aaa authentication http console RADIUS_SERVERS LOCAL aaa authentication ssh console RADIUS_SERVERS LOCAL crypto ipsec security-association lifetime seconds 28800 crypto ipsec security-association lifetime kilobytes 4608000 telnet timeout 5 ssh timeout 5 ssh version 2 console timeout 5 management-access inside threat-detection basic-threat threat-detection scanning-threat threat-detection statistics threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200 webvpn ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum client auto message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect ip-options ! service-policy global_policy global prompt hostname context Cryptochecksum:bd04280be20fe7ff0951671f14ca20cd : end