: Saved : Written by enable_15 at 09:10:17.840 EST Tue Jun 10 2008 ! ASA Version 7.2(4) ! hostname ciscoasa domain-name pdc.newriver.org enable password xxxxxxxxxxxxxxxxxxxxxxxxx passwd xxxxxxxxxxxxxxxxxxxxxxxxxxx names name 192.168.100.222 cassy name 192.168.100.173 sara name 192.168.100.161 sherry2 name 192.168.100.100 amy name 192.168.100.135 cmhc name 192.168.100.228 sherry name 192.168.100.227 martha name 192.168.100.33 mistools ! interface Ethernet0/0 nameif WAN security-level 0 ip address 24.xxx.xxx.140 255.255.255.224 ! interface Ethernet0/1 nameif DMZ security-level 50 ip address 10.100.100.1 255.255.255.0 ! interface Ethernet0/2 nameif LAN security-level 100 ip address 192.168.100.232 255.255.255.0 ! interface Ethernet0/3 shutdown no nameif no security-level no ip address ! interface Management0/0 nameif management security-level 100 ip address 192.168.1.1 255.255.255.0 management-only ! boot system disk0:/asa724-k8.bin ftp mode passive clock timezone EST -5 dns server-group DefaultDNS domain-name pdc.newriver.org object-group service fuelman tcp port-object range 9401 9402 object-group service AveryLabcorp tcp port-object eq 2703 port-object range 1401 1402 port-object eq citrix-ica object-group service Ichat tcp port-object eq sip port-object eq 5678 object-group service internet tcp port-object eq www port-object eq domain port-object eq https port-object eq ftp port-object eq 123 object-group service marp tcp port-object range 1223 1224 port-object eq 1433 object-group service mvannoy tcp port-object eq smtp port-object eq 993 port-object eq 563 object-group service vpn tcp port-object eq 500 port-object eq 1457 port-object eq pptp port-object eq 1701 object-group service enotes tcp port-object eq www port-object eq 3389 port-object eq https object-group service Internetudp udp port-object eq 21 port-object eq domain port-object eq ntp object-group network marpcomputers network-object 192.168.50.194 255.255.255.255 network-object 192.168.40.248 255.255.255.255 network-object 192.168.17.192 255.255.255.255 network-object 192.168.16.14 255.255.255.255 network-object 192.168.80.34 255.255.255.255 object-group network allowallaccess network-object amy 255.255.255.255 network-object martha 255.255.255.255 network-object cassy 255.255.255.255 network-object sherry 255.255.255.255 network-object cmhc 255.255.255.255 network-object sherry2 255.255.255.255 network-object sara 255.255.255.255 network-object mistools 255.255.255.255 object-group protocol TCPUDP protocol-object udp protocol-object tcp object-group service Mvannoyudp udp port-object eq 563 object-group service sipps tcp-udp port-object eq 992 object-group service imapin tcp-udp port-object eq 143 object-group service polycomtcp tcp port-object eq 1731 object-group service polycomtcpudp tcp-udp port-object range 1718 1720 port-object eq 2050 port-object range 3230 3253 object-group service polycomudp udp port-object eq 2253 access-list LAN_access_in remark Internet Access access-list LAN_access_in extended permit tcp any any object-group internet access-list LAN_access_in remark Internet Access access-list LAN_access_in extended permit udp any any object-group Internetudp access-list LAN_access_in remark Barracuda Outbound access-list LAN_access_in extended permit ip host 192.168.100.99 any access-list LAN_access_in remark DMZ Access access-list LAN_access_in extended permit ip 192.168.0.0 255.255.0.0 10.100.100.0 255.255.255.0 access-list LAN_access_in remark Mike Vannoy access-list LAN_access_in extended permit tcp host 192.168.40.41 204.17.24.0 255.255.255.0 object-group mvannoy access-list LAN_access_in remark Mike Vannoy access-list LAN_access_in extended permit udp host 192.168.40.41 204.17.24.0 255.255.255.0 object-group Mvannoyudp access-list LAN_access_in remark ichat access-list LAN_access_in extended permit tcp 192.168.0.0 255.255.0.0 host 205.188.179.233 object-group Ichat access-list LAN_access_in remark ichat access-list LAN_access_in extended permit tcp 192.168.0.0 255.255.0.0 any eq aol access-list LAN_access_in remark sipps access-list LAN_access_in extended permit object-group TCPUDP 192.168.0.0 255.255.0.0 any object-group sipps access-list LAN_access_in remark fuelman access-list LAN_access_in extended permit tcp 192.168.0.0 255.255.0.0 any object-group fuelman access-list LAN_access_in remark marp access-list LAN_access_in extended permit tcp object-group marpcomputers any object-group marp access-list LAN_access_in remark marp access-list LAN_access_in extended permit udp object-group marpcomputers any eq 1433 access-list LAN_access_in remark labcorp avery access-list LAN_access_in extended permit tcp host 192.168.16.14 any object-group AveryLabcorp access-list LAN_access_in remark allow all access access-list LAN_access_in extended permit ip object-group allowallaccess any access-list LAN_access_in remark mail out access-list LAN_access_in extended permit tcp host 192.168.100.199 any eq smtp access-list LAN_access_in extended permit tcp host 192.168.100.199 any eq imap4 access-list LAN_access_in remark video out access-list LAN_access_in extended permit ip host 10.10.99.14 any access-list WAN_access_in remark Mail in to barracuda access-list WAN_access_in extended permit tcp any host 24.xxx.xxx.131 eq smtp access-list WAN_access_in remark imap in to mailserver access-list WAN_access_in extended permit object-group TCPUDP any host 24.xxx.xxx.132 object-group imapin access-list WAN_access_in remark Outlook web access access-list WAN_access_in extended permit tcp any host 24.xxx.xxx.132 eq https access-list WAN_access_in remark video in access-list WAN_access_in extended permit tcp any host 24.xxx.xxx.135 object-group polycomtcp access-list WAN_access_in remark video in access-list WAN_access_in extended permit udp any host 24.xxx.xxx.135 object-group polycomudp access-list WAN_access_in remark video in access-list WAN_access_in extended permit object-group TCPUDP any host 24.xxx.xxx.135 object-group polycomtcpudp access-list WAN_access_in remark outside access to enotes access-list WAN_access_in extended permit tcp any host 24.xxx.xxx.141 object-group enotes access-list WAN_access_in remark conference room schedule access-list WAN_access_in extended permit tcp any host 24.xxx.xxx.150 eq www access-list DMZ_access_in remark dns servers access-list DMZ_access_in extended permit object-group TCPUDP 10.100.100.0 255.255.255.0 192.168.100.0 255.255.255.0 eq domain access-list DMZ_access_in remark ping access-list DMZ_access_in extended permit icmp 10.100.100.0 255.255.255.0 192.168.0.0 255.255.0.0 echo access-list DMZ_access_in remark DMZ Out Bound access-list DMZ_access_in extended permit ip 10.100.100.0 255.255.255.0 any access-list DMZ_nat0_outbound extended permit ip 10.100.100.0 255.255.255.0 192.168.0.0 255.255.0.0 access-list LAN_nat0_outbound extended permit ip 192.168.0.0 255.255.0.0 10.100.100.0 255.255.255.0 pager lines 24 logging asdm informational mtu WAN 1500 mtu DMZ 1500 mtu LAN 1500 mtu management 1500 icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-524.bin asdm location 204.17.24.0 255.255.255.0 WAN asdm location 205.188.179.233 255.255.255.255 WAN asdm location 192.168.100.199 255.255.255.255 LAN asdm location 192.168.0.0 255.255.0.0 LAN asdm location 24.xxx.xxx.131 255.255.255.255 LAN asdm location 24.xxx.xxx.132 255.255.255.255 LAN asdm location 24.xxx.xxx.135 255.255.255.255 LAN asdm location 24.xxx.xxx.141 255.255.255.255 LAN asdm location 24.xxx.xxx.132 255.255.255.255 WAN asdm location 24.xxx.xxx.136 255.255.255.255 DMZ asdm group marpcomputers LAN asdm group allowallaccess LAN no asdm history enable arp timeout 14400 nat-control global (WAN) 10 interface nat (DMZ) 0 access-list DMZ_nat0_outbound nat (LAN) 0 access-list LAN_nat0_outbound nat (LAN) 10 192.168.0.0 255.255.0.0 static (LAN,WAN) tcp 24.xxx.xxx.150 www 192.168.100.5 81 netmask 255.255.255.255 static (LAN,WAN) 24.xxx.xxx.132 192.168.100.199 netmask 255.255.255.255 static (LAN,WAN) 24.xxx.xxx.135 10.10.99.14 netmask 255.255.255.255 static (LAN,WAN) 24.xxx.xxx.141 192.168.100.139 netmask 255.255.255.255 access-group WAN_access_in in interface WAN access-group DMZ_access_in in interface DMZ access-group LAN_access_in in interface LAN route WAN 0.0.0.0 0.0.0.0 24.xxx.xxx.129 1 route LAN 192.168.0.0 255.255.0.0 192.168.100.1 1 route LAN 10.10.0.0 255.255.0.0 192.168.100.1 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute http server enable http 192.168.0.0 255.255.0.0 LAN http 192.168.1.0 255.255.255.0 management no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart telnet 192.168.0.0 255.255.0.0 LAN telnet 192.168.1.0 255.255.255.0 management telnet timeout 5 ssh timeout 5 console timeout 0 dhcpd address 192.168.1.2-192.168.1.254 management ! priority-queue LAN tx-ring-limit 256 ! class-map LAN-class description video match dscp ef class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns migrated_dns_map_1 parameters message-length maximum 512 policy-map global_policy class inspection_default inspect dns migrated_dns_map_1 inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect icmp policy-map LAN-policy description video class LAN-class priority ! service-policy global_policy global service-policy LAN-policy interface LAN prompt hostname context Cryptochecksum:64b6266d911b9bbc95aa322277b27dd2 : end