: Saved : ASA Version 8.0(3) ! hostname xxx-asa5505 domain-name xxxxx.com enable password xxxxxxxxxxx encrypted fips enable names ! interface Vlan1 nameif inside security-level 100 ip address 192.168.123.1 255.255.255.0 ! interface Vlan2 description Outside Interface of 5505 nameif outside security-level 0 dhcp client update dns server both ip address dhcp setroute ! interface Ethernet0/0 switchport access vlan 2 ! interface Ethernet0/1 ! interface Ethernet0/2 ! interface Ethernet0/3 ! interface Ethernet0/4 ! interface Ethernet0/5 ! interface Ethernet0/6 ! interface Ethernet0/7 ! passwd 2KFQnbNIdI.2KYOU encrypted banner login xxxxxxxxx Services, Inc. banner login Authorized Access Only. All others must disconnect immediately. boot system disk0:/asa803-k8.bin ftp mode passive clock timezone CST -6 clock summer-time CDT recurring dns domain-lookup inside dns server-group DefaultDNS name-server 4.2.2.2 domain-name tlets.com same-security-traffic permit inter-interface same-security-traffic permit intra-interface access-list inside_access_in extended permit gre any any access-list inside_access_in extended permit ip any any access-list inside_access_out extended permit ip any any access-list inside_access_out extended permit udp any any access-list inside_access_out extended permit icmp any any access-list outside_access_in extended permit tcp any host 192.168.123.160 eq ftp access-list outside_access_in extended permit udp any any eq 4569 access-list outside_access_in extended permit udp any host 192.168.123.5 eq sip access-list outside_access_in extended permit udp any host 192.168.123.5 range 10000 10025 access-list outside_access_in extended permit udp any host 192.168.123.5 eq 5061 access-list outside_access_in extended permit udp any host 192.168.123.160 eq 5008 access-list outside_access_in extended permit udp any host 192.168.123.160 eq 8080 access-list outside_access_in extended permit tcp any any eq 8000 access-list outside_access_in extended permit udp any any eq 8000 access-list outside_access_in extended permit tcp any any eq 8001 access-list outside_access_in extended permit udp any any eq 8001 access-list outside_access_in extended permit tcp any any eq www access-list VPN extended permit ip any any access-list inside_nat0_outbound extended permit ip any 192.168.123.0 255.255.255.0 access-list inside_nat0_outbound extended permit ip any 192.168.1.0 255.255.255.0 access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 192.168.123.0 255.255.255.0 access-list inside_nat0_outbound extended permit ip 192.168.123.0 255.255.255.0 192.168.1.0 255.255.255.0 access-list xxx-RA-VPN_splitTunnelAcl standard permit 192.168.123.0 255.255.255.0 access-list cap_acl extended permit ip 192.168.1.0 255.255.255.0 host 192.168.123.160 access-list cap_acl extended permit ip host 192.168.123.160 192.168.1.0 255.255.255.0 access-list outside-in-acl remark Allow ICMP Type 11 for Windows tracert access-list outside-in-acl extended permit icmp any any time-exceeded pager lines 24 logging enable logging timestamp logging emblem logging asdm-buffer-size 512 logging monitor warnings logging trap errors logging history critical logging asdm debugging logging host inside 192.168.123.15 format emblem logging permit-hostdown mtu inside 1500 mtu outside 1500 ip local pool xxx-RA-VPN-IP 192.168.1.50-192.168.1.60 mask 255.255.255.0 icmp unreachable rate-limit 10 burst-size 5 icmp permit any inside icmp permit any outside asdm image disk0:/asdm-611.bin asdm history enable arp timeout 14400 nat-control global (outside) 1 interface nat (inside) 0 access-list inside_nat0_outbound nat (inside) 1 0.0.0.0 0.0.0.0 static (inside,outside) udp interface sip 192.168.123.5 sip netmask 255.255.255.255 static (inside,outside) tcp interface ftp 192.168.123.160 ftp netmask 255.255.255.255 static (inside,outside) tcp interface 5008 192.168.123.160 5008 netmask 255.255.255.255 static (inside,outside) udp interface 5008 192.168.123.160 5008 netmask 255.255.255.255 static (inside,outside) tcp interface 8000 192.168.123.160 8000 netmask 255.255.255.255 static (inside,outside) tcp interface 8001 192.168.123.160 8001 netmask 255.255.255.255 static (inside,outside) udp interface 8000 192.168.123.160 8000 netmask 255.255.255.255 static (inside,outside) udp interface 8001 192.168.123.160 8001 netmask 255.255.255.255 static (inside,outside) tcp interface 8080 192.168.123.160 8080 netmask 255.255.255.255 static (inside,outside) udp interface 8080 192.168.123.160 8080 netmask 255.255.255.255 static (inside,outside) tcp interface www 192.168.123.28 www netmask 255.255.255.255 static (inside,outside) udp interface www 192.168.123.28 www netmask 255.255.255.255 static (inside,outside) tcp interface 10001 192.168.123.5 10001 netmask 255.255.255.255 static (inside,outside) tcp interface 10002 192.168.123.5 10002 netmask 255.255.255.255 static (inside,outside) tcp interface 10003 192.168.123.5 10003 netmask 255.255.255.255 static (inside,outside) tcp interface 10004 192.168.123.5 10004 netmask 255.255.255.255 static (inside,outside) tcp interface 10005 192.168.123.5 10005 netmask 255.255.255.255 static (inside,outside) tcp interface 10006 192.168.123.5 10006 netmask 255.255.255.255 static (inside,outside) tcp interface 10007 192.168.123.5 10007 netmask 255.255.255.255 static (inside,outside) tcp interface 10008 192.168.123.5 10008 netmask 255.255.255.255 static (inside,outside) tcp interface 10009 192.168.123.5 10009 netmask 255.255.255.255 static (inside,outside) tcp interface 10010 192.168.123.5 10010 netmask 255.255.255.255 static (inside,outside) tcp interface 10011 192.168.123.5 10011 netmask 255.255.255.255 static (inside,outside) tcp interface 10012 192.168.123.5 10012 netmask 255.255.255.255 static (inside,outside) tcp interface 10013 192.168.123.5 10013 netmask 255.255.255.255 static (inside,outside) tcp interface 10014 192.168.123.5 10014 netmask 255.255.255.255 static (inside,outside) tcp interface 10015 192.168.123.5 10015 netmask 255.255.255.255 static (inside,outside) tcp interface 10016 192.168.123.5 10016 netmask 255.255.255.255 static (inside,outside) tcp interface 10017 192.168.123.5 10017 netmask 255.255.255.255 static (inside,outside) tcp interface 10018 192.168.123.5 10018 netmask 255.255.255.255 static (inside,outside) tcp interface 10019 192.168.123.5 10019 netmask 255.255.255.255 static (inside,outside) tcp interface 10020 192.168.123.5 10020 netmask 255.255.255.255 static (inside,outside) tcp interface 10021 192.168.123.5 10021 netmask 255.255.255.255 static (inside,outside) tcp interface 10022 192.168.123.5 10022 netmask 255.255.255.255 static (inside,outside) tcp interface 10023 192.168.123.5 10023 netmask 255.255.255.255 static (inside,outside) tcp interface 10024 192.168.123.5 10024 netmask 255.255.255.255 static (inside,outside) tcp interface 10025 192.168.123.5 10025 netmask 255.255.255.255 static (inside,outside) udp interface 5061 192.168.123.5 5061 netmask 255.255.255.255 access-group outside_access_in in interface outside timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout uauth 0:05:00 absolute dynamic-access-policy-record DfltAccessPolicy aaa authentication enable console LOCAL aaa authentication http console LOCAL aaa authentication serial console LOCAL aaa authentication ssh console LOCAL aaa authentication telnet console LOCAL aaa authorization command LOCAL aaa authorization exec authentication-server http server enable http 0.0.0.0 0.0.0.0 inside snmp-server host inside 192.168.123.27 community xxxconsultant version 2c snmp-server location xxx Office snmp-server contact me@xxxxx.com snmp-server community xxxconsultant snmp-server enable traps snmp authentication linkup linkdown coldstart snmp-server enable traps syslog snmp-server enable traps entity config-change fru-insert fru-remove crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto dynamic-map outside_dyn_map 1 set pfs group5 crypto dynamic-map outside_dyn_map 1 set transform-set ESP-AES-256-MD5 ESP-AES-128-MD5 ESP-3DES-MD5 ESP-AES-256-SHA ESP-AES-128-SHA ESP-3DES-SHA crypto dynamic-map outside_dyn_map 1 set reverse-route crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map crypto map outside_map interface outside crypto isakmp enable outside crypto isakmp policy 10 authentication pre-share encryption aes-256 hash md5 group 5 lifetime 86400 crypto isakmp nat-traversal 10 crypto isakmp ipsec-over-tcp port 10000 no vpn-addr-assign aaa no vpn-addr-assign dhcp telnet 0.0.0.0 0.0.0.0 inside telnet timeout 10 ssh scopy enable ssh 0.0.0.0 0.0.0.0 inside ssh timeout 10 ssh version 2 console timeout 20 management-access inside dhcp-client broadcast-flag dhcp-client update dns server both dhcpd address 192.168.123.10-192.168.123.24 inside dhcpd dns 68.178.169.210 4.2.2.2 interface inside dhcpd lease 36400 interface inside dhcpd domain tlets.com interface inside dhcpd enable inside ! priority-queue inside priority-queue outside threat-detection basic-threat threat-detection scanning-threat shun except ip-address 192.168.123.0 255.255.255.0 threat-detection statistics ntp server 128.138.140.44 source outside ntp server 64.109.43.141 source outside ntp server 132.160.49.93 source outside ntp server 128.194.254.9 source outside prefer ssl encryption aes128-sha1 aes256-sha1 3des-sha1 webvpn enable outside group-policy DfltGrpPolicy attributes vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn group-policy GroupPolicy1 internal group-policy GroupPolicy1 attributes vpn-tunnel-protocol webvpn webvpn url-list value Cisco file-browsing enable url-entry enable group-policy xxx-RA-VPN internal group-policy xxx-RA-VPN attributes banner value You are connected to xxx VPN dns-server value 4.2.2.2 vpn-idle-timeout none vpn-session-timeout none vpn-tunnel-protocol IPSec split-tunnel-policy tunnelspecified split-tunnel-network-list value xxx-RA-VPN_splitTunnelAcl default-domain value xxxxx.com vlan none username xxxxx password xxxxxxxxxx encrypted privilege 15 username xxxxx attributes vpn-group-policy GroupPolicy1 vpn-access-hours none vpn-idle-timeout none vpn-session-timeout none webvpn url-entry enable url-list value xxx-Network username xxxxx password xxxxxxxxxx encrypted privilege 15 username xxxxxx password xxxxxxxxxxx encrypted privilege 15 username xxxxxx attributes vpn-group-policy xxx-RA-VPN username xxxxxxx password xxxxxxxxxxxxx encrypted privilege 15 username xxxxxxx attributes vpn-group-policy xxx-RA-VPN vpn-idle-timeout none vpn-session-timeout none username xxx password xxxxxxxxxxxxxxx encrypted privilege 15 username xxxx attributes vpn-group-policy GroupPolicy1 vpn-access-hours none vpn-simultaneous-logins 3 vpn-idle-timeout none vpn-session-timeout none vpn-tunnel-protocol webvpn tunnel-group DefaultWEBVPNGroup general-attributes default-group-policy GroupPolicy1 tunnel-group DefaultWEBVPNGroup webvpn-attributes radius-reject-message tunnel-group xxx-RA-VPN type remote-access tunnel-group xxx-RA-VPN general-attributes address-pool xxx-RA-VPN-IP authorization-server-group LOCAL default-group-policy xxx-RA-VPN authorization-required tunnel-group xxx-RA-VPN ipsec-attributes pre-shared-key * peer-id-validate nocheck ! class-map VoIP description High Priority = VoIP match dscp ef class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect sunrpc inspect xdmcp inspect netbios inspect tftp inspect pptp class class-default set connection decrement-ttl policy-map General-Purpose class VoIP priority ! service-policy global_policy global service-policy General-Purpose interface inside service-policy General-Purpose interface outside prompt hostname context Cryptochecksum:ac67c3933b2c2311a903be2d551c634a : end asdm image disk0:/asdm-611.bin asdm history enable