: Saved : ASA Version 8.2(5) ! hostname ASA5510 names name 12.33.204.204 webservices name 10.1.1.19 apps01 name 10.1.1.10 apps02 name 12.33.204.202 chat name 12.33.204.205 store name 172.16.1.17 websrv1 ! interface Ethernet0/0 nameif inside security-level 100 ip address 10.1.1.254 255.255.255.0 ! interface Ethernet0/1 shutdown no nameif security-level 1 no ip address ! interface Ethernet0/2 nameif dmz security-level 50 ip address 172.16.1.253 255.255.255.0 ! interface Ethernet0/3 nameif outside security-level 1 ip address 12.33.204.206 255.255.255.248 ! interface Management0/0 shutdown no nameif no security-level no ip address ! boot system disk0:/asa825-k8.bin ftp mode passive clock timezone CST -6 clock summer-time CDT recurring dns server-group DefaultDNS access-list inside_access_in extended permit ip any any access-list outside_access_in extended permit tcp any host webservices eq https access-list outside_access_in extended deny ip any host webservices access-list outside_access_in extended permit ip any any access-list outside_access_out extended permit ip any any access-list dmz_access_in extended permit ip any any access-list dmz_access_out extended permit ip any any pager lines 24 logging enable logging timestamp logging asdm informational logging class auth asdm emergencies logging class ip asdm warnings logging class vpn asdm informational mtu inside 1500 mtu dmz 1500 mtu outside 1500 no failover icmp unreachable rate-limit 1 burst-size 1 icmp permit any inside icmp permit any dmz icmp permit any outside asdm image disk0:/asdm-713.bin no asdm history enable arp timeout 14400 global (dmz) 1 interface global (outside) 1 interface nat (inside) 1 0.0.0.0 0.0.0.0 nat (dmz) 1 0.0.0.0 0.0.0.0 static (dmz,outside) store websrv1 netmask 255.255.255.255 dns static (inside,outside) chat apps02 netmask 255.255.255.255 dns static (inside,outside) webservices apps01 netmask 255.255.255.255 dns access-group inside_access_in in interface inside access-group dmz_access_in in interface dmz access-group dmz_access_out out interface dmz access-group outside_access_in in interface outside access-group outside_access_out out interface outside route outside 0.0.0.0 0.0.0.0 12.33.204.201 1 route inside 10.1.0.0 255.255.224.0 10.1.1.254 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 dynamic-access-policy-record DfltAccessPolicy http server enable http 0.0.0.0 0.0.0.0 inside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac crypto ipsec security-association lifetime seconds 28800 crypto ipsec security-association lifetime kilobytes 4608000 no crypto isakmp nat-traversal no vpn-addr-assign aaa no vpn-addr-assign dhcp no vpn-addr-assign local telnet 10.1.1.0 255.255.255.0 inside telnet timeout 15 ssh 0.0.0.0 0.0.0.0 outside ssh timeout 60 console timeout 0 no threat-detection basic-threat threat-detection statistics port threat-detection statistics protocol no threat-detection statistics access-list no threat-detection statistics tcp-intercept ntp server 192.5.41.41 source outside ntp server 192.5.41.40 source outside prefer webvpn group-policy DfltGrpPolicy attributes vpn-idle-timeout none vpn-tunnel-protocol svc password-storage enable split-tunnel-policy tunnelspecified tunnel-group DefaultRAGroup ipsec-attributes isakmp keepalive threshold 60 retry 2 tunnel-group DefaultRAGroup ppp-attributes authentication pap authentication ms-chap-v2 authentication eap-proxy tunnel-group-map enable rules tunnel-group-map default-group DefaultL2LGroup ! ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum 512 policy-map global_policy ! prompt hostname context no call-home reporting anonymous Cryptochecksum:1c95b19642cd11e95d4265305a652c43 : end asdm image disk0:/asdm-713.bin asdm location webservices 255.255.255.255 inside asdm location adt 255.255.255.255 inside asdm location store 255.255.255.255 inside asdm location websrv1 255.255.255.255 inside no asdm history enable