CITC-LH-ASA(config)# sh run : Saved : ASA Version 8.0(3) ! hostname CITC-LH-ASA domain-name ******** enable password ********** encrypted names ! interface Vlan1 nameif inside security-level 100 ip address 10.2.200.1 255.255.255.0 ! interface Vlan2 nameif outside security-level 0 ip address 10.2.254.2 255.255.255.0 ! interface Ethernet0/0 switchport access vlan 2 ! interface Ethernet0/1 ! interface Ethernet0/2 ! interface Ethernet0/3 ! interface Ethernet0/4 ! interface Ethernet0/5 ! interface Ethernet0/6 ! interface Ethernet0/7 ! passwd tdvfRQ4hiwl1apvU encrypted ftp mode passive clock timezone GMT/BST 0 clock summer-time GMT/BDT recurring last Sun Mar 1:00 last Sun Oct 2:00 dns server-group DefaultDNS domain-name *********** object-group network MessageLabs description MessageLabs SMTP Towers network-object 216.82.240.0 255.255.240.0 network-object 85.158.136.0 255.255.248.0 network-object 193.109.254.0 255.255.254.0 network-object 194.106.220.0 255.255.254.0 network-object 195.245.230.0 255.255.254.0 network-object 62.231.131.0 255.255.255.0 network-object 212.125.75.0 255.255.255.224 network-object 62.173.108.16 255.255.255.240 network-object 62.173.108.208 255.255.255.240 network-object 194.205.110.128 255.255.255.224 network-object host 195.216.16.211 network-object host 212.125.74.44 access-list outsidein extended permit tcp any host 10.2.254.2 eq https access-list outsidein extended permit tcp any host 10.2.254.2 eq www access-list outsidein extended permit udp any host 10.2.254.2 eq radius access-list outsidein extended permit udp any host 10.2.254.2 eq radius-acct access-list outsidein extended permit tcp any host 10.2.254.2 eq 1645 access-list outsidein extended permit tcp any host 10.2.254.2 eq 1646 access-list outsidein extended permit icmp any 10.2.254.0 255.255.255.0 unreachable access-list outsidein extended permit icmp any 10.2.254.0 255.255.255.0 time-exceeded access-list outsidein extended permit icmp any 10.2.254.0 255.255.255.0 echo-reply access-list outsidein extended permit tcp object-group MessageLabs host 10.2.254.2 eq smtp access-list nonat extended permit ip 10.2.200.0 255.255.255.0 10.2.100.0 255.255.255.0 pager lines 24 logging enable logging asdm debugging mtu inside 1500 mtu outside 1500 ip local pool citcpool 10.2.100.1-10.2.100.20 icmp unreachable rate-limit 1 burst-size 1 icmp permit 10.119.0.0 255.255.255.0 outside icmp permit host 10.2.254.1 outside icmp permit any outside asdm image disk0:/asdm-603.bin no asdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 0 access-list nonat nat (inside) 1 10.2.200.0 255.255.255.0 static (inside,outside) tcp interface smtp 10.2.200.201 smtp netmask 255.255.255.255 static (inside,outside) tcp interface www 10.2.200.201 www netmask 255.255.255.255 static (inside,outside) tcp interface https 10.2.200.201 https netmask 255.255.255.255 static (inside,outside) udp interface radius-acct 10.2.200.201 radius-acct netmask 255.255.255.255 static (inside,outside) udp interface radius 10.2.200.201 radius netmask 255.255.255.255 static (inside,outside) tcp interface 1645 10.2.200.201 1645 netmask 255.255.255.255 static (inside,outside) tcp interface 1646 10.2.200.201 1646 netmask 255.255.255.255 static (inside,outside) 10.2.254.80 10.2.200.80 netmask 255.255.255.240 access-group outsidein in interface outside route outside 0.0.0.0 0.0.0.0 10.2.254.1 1 route inside 172.16.0.0 255.255.0.0 10.2.200.2 1 timeout xlate 0:05:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout uauth 0:05:00 absolute dynamic-access-policy-record DfltAccessPolicy aaa-server CITCAUTH protocol radius aaa-server CITCAUTH host 10.2.200.201 key Rad1us aaa authentication ssh console CITCAUTH LOCAL http server enable http 192.168.1.0 255.255.255.0 inside http 10.2.200.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-MD5 crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map crypto map outside_map interface outside crypto isakmp enable outside crypto isakmp policy 10 authentication pre-share encryption 3des hash md5 group 2 lifetime 86400 telnet 10.2.200.0 255.255.255.0 inside telnet timeout 60 ssh 10.2.200.0 255.255.255.0 inside ssh 172.16.0.0 255.255.0.0 inside ssh 10.119.0.0 255.255.255.0 outside ssh 10.2.254.0 255.255.255.0 outside ssh timeout 60 console timeout 0 threat-detection basic-threat threat-detection statistics access-list group-policy CITCvpn internal group-policy CITCvpn attributes dns-server value 10.2.200.201 split-tunnel-policy tunnelspecified split-tunnel-network-list value nonat default-domain value ******* username CITCAdm1n password ************* encrypted privilege 15 tunnel-group CITCvpn type remote-access tunnel-group CITCvpn general-attributes address-pool citcpool authentication-server-group CITCAUTH default-group-policy CITCvpn tunnel-group CITCvpn ipsec-attributes pre-shared-key * ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect pptp policy-map type inspect ipsec-pass-thru Citc description VPN parameters ! service-policy global_policy global prompt hostname context Cryptochecksum:2b745db75d2115e941c0db1f0516870f : end CITC-LH-ASA(config)#