SA 5510:
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network 192.168.0.0
subnet 192.168.0.0 255.255.255.0
object network 192.168.1.0
subnet 192.168.1.0 255.255.255.0
object network 192.168.2.0
subnet 192.168.2.0 255.255.255.0
object network 192.168.4.0
subnet 192.168.4.0 255.255.255.0
object network 10.23.53.0
subnet 10.23.53.0 255.255.255.0
access-list outside extended permit icmp any any echo-reply
access-list outside extended permit icmp any any unreachable
access-list outside extended permit icmp any any time-exceeded
access-list outside extended permit icmp any any information-reply
access-list outside extended permit icmp any any information-request
access-list outside extended permit icmp any any parameter-problem
access-list 101 extended permit ip 10.23.53.0 255.255.255.0 any
access-list 110 permit ip 10.23.53.0 255.255.255.0 192.168.0.0 255.255.255.0
access-list 111 permit ip 10.23.53.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list 112 permit ip 10.23.53.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list 114 permit ip 10.23.53.0 255.255.255.0 192.168.4.0 255.255.255.0
nat (inside,outside) source static 10.23.53.0 10.23.53.0 destination static 192.168.0.0 192.168.0.0
nat (inside,outside) source static 10.23.53.0 10.23.53.0 destination static 192.168.1.0 192.168.1.0
nat (inside,outside) source static 10.23.53.0 10.23.53.0 destination static 192.168.2.0 192.168.2.0
nat (inside,outside) source static 10.23.53.0 10.23.53.0 destination static 192.168.4.0 192.168.4.0
!
object network obj_any
nat (inside,outside) dynamic interface
object network ftp_server
nat (inside,outside) static interface service tcp ftp ftp
object network rdp
nat (inside,outside) static interface service
access-group outside in interface outside
crypto ipsec ikev1 transform-set MYSET esp-des esp-md5-hmac
crypto dynamic-map MYSET 10 set ikev1 transform-set MYSET
crypto map MYSET1 10 ipsec-isakmp dynamic MYSET
crypto map MYSET1 20 match address 110
crypto map MYSET1 20 set peer xx.xx.xx.xx
crypto map MYSET1 20 set ikev1 transform-set MYSET
crypto map MYSET1 30 match address 112
crypto map MYSET1 30 set peer xx.xx.xx.xx
crypto map MYSET1 30 set ikev1 transform-set MYSET
crypto map MYSET1 40 match address 111
crypto map MYSET1 40 set peer xx.xx.xx.xx
crypto map MYSET1 40 set ikev1 transform-set MYSET
crypto map MYSET1 60 match address 114
crypto map MYSET1 60 set peer xx.xx.xx.xx
crypto map MYSET1 60 set ikev1 transform-set MYSET
crypto map MYSET1 interface outside
crypto isakmp identity address
crypto ikev1 enable outside
crypto ikev1 policy 10
ASA 5505:
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network 192.168.4.0
subnet 192.168.4.0 255.255.255.0
object network 10.23.53.0
subnet 10.23.53.0 255.255.255.0
access-list outside extended permit icmp any any echo-reply
access-list outside extended permit icmp any any unreac
access-list outside extended permit icmp any any time-exceeded
access-list outside extended permit icmp any any information-reply
access-list outside extended permit icmp any any information-request
access-list outside extended permit icmp any any parameter-problem
access-list 101 extended permit ip 192.168.4.0 255.255.255.0 any
access-list 110 extended permit ip 192.168.4.0 255.255.255.0 10.23.53.0 255.255.255.0
nat (inside,outside) source static 192.168.4.0 192.168.4.0 destination static 10.23.53.0 10.23.53.0
!
object network obj_any
nat (inside,outside) dynamic interface
crypto ipsec ikev1 transform-set MYSET esp-des esp-md5-hmac
crypto dynamic-map MYSET 10 set ikev1 transform-set MYSET
crypto map MYSET1 10 ipsec-isakmp dynamic MYSET
// crypto map MYSET1 20 match address 110 // had to remove that line, otherwise i get no packet encaps/decaps
crypto map MYSET1 20 set peer xx.xx.xx.xx
crypto map MYSET1 20 set ikev1 transform-set MYSET
crypto map MYSET1 interface outside
crypto isakmp identity address
crypto ikev1 enable outside
crypto ikev1 policy 10access-group outside in interface outside
