ASA Version 7.0(7) ! hostname ciscoasa domain-name my.firewall.com enable password xxxxxxxx encrypted names name 192.168.100.222 cassy name 192.168.100.173 sara name 192.168.100.161 sherry2 name 192.168.100.100 amy name 192.168.100.135 cmhc name 192.168.100.228 sherry name 192.168.100.227 martha name 192.168.100.33 mistools no dns-guard ! interface Ethernet0/0 nameif WAN security-level 0 ip address 24.xxx.xxx.140 255.255.255.224 ! interface Ethernet0/1 nameif DMZ security-level 50 ip address 10.100.100.1 255.255.255.0 ! interface Ethernet0/2 nameif LAN security-level 100 ip address 192.168.100.232 255.255.255.0 ! interface Management0/0 nameif management security-level 100 ip address 192.168.1.1 255.255.255.0 management-only ! passwd xxxxxxxxxxxx encrypted ftp mode passive clock timezone EST -5 object-group service fuelman tcp port-object range 9401 9402 object-group service AveryLabcorp tcp port-object eq 2703 port-object range 1401 1402 port-object eq citrix-ica object-group service Ichat tcp port-object eq sip port-object eq 5678 object-group service internet tcp port-object eq www port-object eq domain port-object eq https port-object eq ftp port-object eq 123 object-group service marp tcp port-object range 1223 1224 port-object eq 1433 object-group service mvannoy tcp port-object eq smtp port-object eq 993 port-object eq 563 object-group service vpn tcp port-object eq 500 port-object eq 1457 port-object eq pptp port-object eq 1701 object-group service enotes tcp port-object eq www port-object eq 3389 port-object eq https object-group service Internetudp udp port-object eq 21 port-object eq domain port-object eq ntp object-group network marpcomputers network-object 192.168.50.194 255.255.255.255 network-object 192.168.40.248 255.255.255.255 network-object 192.168.17.192 255.255.255.255 network-object 192.168.16.14 255.255.255.255 network-object 192.168.80.34 255.255.255.255 object-group network allowallaccess network-object amy 255.255.255.255 network-object martha 255.255.255.255 network-object cassy 255.255.255.255 network-object sherry 255.255.255.255 network-object cmhc 255.255.255.255 network-object sherry2 255.255.255.255 network-object sara 255.255.255.255 network-object mistools 255.255.255.255 access-list LAN_access_in extended permit tcp any any object-group internet access-list LAN_access_in extended permit udp any any object-group Internetudp access-list LAN_access_in remark Mike Vannoy access-list LAN_access_in extended permit tcp host 192.168.40.41 204.17.24.0 255 .255.255.0 object-group mvannoy access-list LAN_access_in remark Mike Vannoy access-list LAN_access_in extended permit udp host 192.168.40.41 204.17.24.0 255 .255.255.0 eq 563 access-list LAN_access_in remark Ichat access-list LAN_access_in extended permit tcp 192.168.0.0 255.255.0.0 host 205.1 88.179.233 object-group Ichat access-list LAN_access_in remark Ichat access-list LAN_access_in extended permit tcp 192.168.0.0 255.255.0.0 any eq aol access-list LAN_access_in remark Sipps access-list LAN_access_in extended permit tcp 192.168.0.0 255.255.0.0 any eq 992 access-list LAN_access_in remark Sipps access-list LAN_access_in extended permit udp 192.168.0.0 255.255.0.0 any eq 992 access-list LAN_access_in remark fuelman access-list LAN_access_in extended permit tcp 192.168.0.0 255.255.0.0 any object -group fuelman access-list LAN_access_in remark access to dmz access-list LAN_access_in extended permit ip 192.168.0.0 255.255.0.0 10.100.100. 0 255.255.255.0 access-list LAN_access_in remark marp access-list LAN_access_in extended permit tcp object-group marpcomputers any obj ect-group marp access-list LAN_access_in remark marp access-list LAN_access_in extended permit udp object-group marpcomputers any eq 1433 access-list LAN_access_in remark Labcorp Avery access-list LAN_access_in extended permit tcp host 192.168.16.14 any object-grou p AveryLabcorp access-list LAN_access_in remark access allowed access-list LAN_access_in extended permit ip object-group allowallaccess any access-list LAN_access_in remark email out access-list LAN_access_in extended permit tcp host 192.168.100.199 any eq smtp access-list LAN_access_in remark imap out access-list LAN_access_in extended permit tcp host 192.168.100.199 any eq imap4 access-list LAN_access_in remark barracuda out access-list LAN_access_in extended permit ip host 192.168.100.99 any access-list LAN_access_in remark video out access-list LAN_access_in extended permit ip host 10.10.99.14 any access-list LAN_access_in extended deny ip any any access-list DMZ_access_in remark dns access to dmz access-list DMZ_access_in extended permit tcp 10.100.100.0 255.255.255.0 192.168 .0.0 255.255.0.0 eq domain access-list DMZ_access_in remark dns access to dmz access-list DMZ_access_in extended permit udp 10.100.100.0 255.255.255.0 192.168 .0.0 255.255.0.0 eq domain access-list DMZ_access_in remark ping access-list DMZ_access_in extended permit icmp 10.100.100.0 255.255.255.0 192.16 8.0.0 255.255.0.0 echo access-list DMZ_access_in remark dmz out access-list DMZ_access_in extended permit ip 10.100.100.0 255.255.255.0 any access-list WAN_access_in remark mail in to barracuda access-list WAN_access_in extended permit tcp any host 24.xxx.xxx.131 eq smtp access-list WAN_access_in remark Outlook web access access-list WAN_access_in extended permit tcp any host 24.xxx.xxx.132 eq https access-list WAN_access_in remark imap access-list WAN_access_in extended permit tcp any host 24.xxx.xxx.132 eq imap4 access-list WAN_access_in remark imap access-list WAN_access_in extended permit udp any host 24.xxx.xxx.132 eq 143 access-list WAN_access_in remark sechulder access-list WAN_access_in extended permit tcp any host 24.xxx.xxx.150 eq 81 access-list WAN_access_in remark polycom bridge access-list WAN_access_in extended permit ip any host 24.xxx.xxx.135 access-list LAN_nat0_outbound extended permit ip 192.168.0.0 255.255.0.0 10.100. 100.0 255.255.255.0 access-list DMZ_nat0_inbound extended permit ip 10.100.100.0 255.255.255.0 192.1 68.0.0 255.255.0.0 pager lines 24 logging asdm informational mtu WAN 1500 mtu DMZ 1500 mtu LAN 1500 mtu management 1500 asdm image disk0:/asdm-507.bin no asdm history enable arp timeout 14400 global (WAN) 10 interface nat (DMZ) 0 access-list DMZ_nat0_inbound outside nat (LAN) 0 access-list LAN_nat0_outbound nat (LAN) 10 192.168.0.0 255.255.0.0 static (LAN,WAN) 24.xxx.xxx.135 10.10.99.14 netmask 255.255.255.255 static (LAN,WAN) 24.xxx.xxx.131 192.168.100.99 netmask 255.255.255.255 static (LAN,WAN) 24.xxx.xxx.132 192.168.100.199 netmask 255.255.255.255 static (LAN,WAN) 24.xxx.xxx.150 192.168.100.5 netmask 255.255.255.255 access-group WAN_access_in in interface WAN access-group DMZ_access_in in interface DMZ access-group LAN_access_in in interface LAN route WAN 0.0.0.0 0.0.0.0 24.xxx.xxx.129 1 route LAN 10.10.0.0 255.255.0.0 192.168.100.1 1 route LAN 192.168.0.0 255.255.0.0 192.168.100.1 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute http server enable http 192.168.0.0 255.255.0.0 LAN http 192.168.1.0 255.255.255.0 management no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart telnet 192.168.0.0 255.255.0.0 LAN telnet 192.168.1.0 255.255.255.0 management telnet timeout 5 ssh timeout 5 console timeout 0 dhcpd address 192.168.1.2-192.168.1.254 management dhcpd lease 3600 dhcpd ping_timeout 50 priority-queue LAN ! class-map LAN-class description video match dscp ef class-map inspection_default match default-inspection-traffic ! ! policy-map global_policy class inspection_default inspect dns maximum-length 512 inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp policy-map LAN-policy description video class LAN-class priority ! service-policy global_policy global service-policy LAN-policy interface LAN