Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Cisco Community
- Technology and Support
- Security
- Network Security
- Cisco ASA 5525-X QoS issue
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
1207
Views
0
Helpful
2
Replies
Cisco ASA 5525-X QoS issue
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-05-2018 02:50 AM - edited 02-21-2020 08:19 AM
I have a problem with QoS which appears with all images later than 9.5.2, I don't have this problem with 9.5.2 or older images. I have two interfaces which look into the Internet (Outside_1 and Outside_2) and one interface which looks into a local network (Inside). Inside interface has a QoS rule with output policing. In case when traffic goes in the Outside_1-Inside direction, the QoS rule doesn't work, but ASA's Packet Tracer shows traffic is captured by this QoS rule. In case when traffic goes in the Outside_2-Inside direction, the QoS rule polices traffic, as it should. Outside_1 and Outside_2 interfaces have the same configuration except IP addresses.
Labels:
2 Replies 2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-05-2018 07:01 AM
can you post the configuration to review.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-07-2018 10:31 PM
I only deleted certificates and hided outside ip addresses. In case when traffic goes in the Outside_Ertel-Inside direction, a service-policy is named as Inside-policy doesn't work, but when traffic goes in the Outside_Beeline-Inside direction, this service-policy polices traffic, as it should, and i found one thing, I have an IPSec tunnel on the Outside_Ertel interface and when traffic does from this tunnel, it is policed by the Inside-policy service-policy.
ASA Version 9.9(2)
!
ip local pool VPN_IP_POOL_TEST 172.20.0.5-172.20.0.200 mask 255.255.255.0
!
ip local pool VPN_IP_POOL_TEST 172.20.0.5-172.20.0.200 mask 255.255.255.0
!
interface GigabitEthernet0/0
nameif Inside
security-level 100
ip address 172.17.1.37 255.255.255.252
!
interface GigabitEthernet0/1
nameif Outside_Ertel
security-level 0
ip address A.A.A.A 255.255.255.0
!
interface GigabitEthernet0/2
nameif Outside_Beeline
security-level 0
ip address B.B.B.B 255.255.255.252
!
interface GigabitEthernet0/3
nameif Administrative
security-level 0
no ip address
!
interface GigabitEthernet0/3.11
vlan 11
nameif SQUID
security-level 100
ip address 10.10.10.10 255.255.255.248
!
interface GigabitEthernet0/3.12
vlan 12
nameif Beeline_pool
security-level 100
ip address C.C.C.C 255.255.255.248
policy-route route-map Beeline_pool
!
interface GigabitEthernet0/3.13
vlan 13
nameif Beeline_pool_2
security-level 0
ip address D.D.D.D 255.255.255.248
policy-route route-map Beeline_pool
!
interface GigabitEthernet0/3.99
vlan 99
nameif Trade
security-level 50
ip address 192.168.99.1 255.255.255.0
!
interface GigabitEthernet0/4
shutdown
no nameif
security-level 0
no ip address
!
interface GigabitEthernet0/5
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/6
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/7
nameif 3com_Management
security-level 100
ip address 172.18.1.1 255.255.255.252
!
interface Management0/0
management-only
nameif Management
security-level 100
no ip address
!
regex domainlis "\.yaplakal\.com"
boot system disk0:/asa992-smp-k8.bin
boot system disk0:/asa952-6-smp-k8.bin
boot system disk0:/asa944-16-smp-k8.bin
boot system disk0:/asa981-smp-k8.bin
ftp mode passive
clock timezone MSK/MSD 3
clock summer-time MSK/MDD recurring last Sun Mar 2:00 last Sun Oct 3:00
dns domain-lookup Inside
dns server-group DefaultDNS
name-server 10.100.0.2 Inside
domain-name mbaru.ru
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network MBA_Nets
subnet 10.100.0.0 255.255.0.0
object service smtp
service tcp destination eq smtp
object network DC1
host 10.100.0.2
object network DC2
host 10.100.0.3
object network SQUID
host 10.10.10.11
object service dns_tcp
service tcp destination eq domain
object service imap
service tcp destination eq imap4
object service imap_ssl
service tcp destination eq 993
object service smtp_ssl
service tcp destination eq 465
object network Kalinina_Net
subnet 10.100.64.0 255.255.192.0
object service pop3
service tcp destination eq pop3
object service pop3_ssl
service tcp destination eq 995
object network Search
host 10.100.0.7
object service sms
service tcp destination range 8000 8001
object service dns_udp
service udp destination eq domain
object service web_mail
service tcp destination eq 32000
object network Sharepoint
host 10.100.0.112
object service fake_rdp
service tcp destination eq 5589
object service rdp
service tcp destination eq 3389
object network Shareman
host 77.232.139.13
object service sharepoint_https
service tcp destination eq https
object network Fileserver
host 10.100.0.45
object service ftp
service tcp destination eq ftp
object service ftp_data
service tcp destination range 5500 5525
object network SMO
host 88.135.48.181
object service isakmp_1
service udp destination eq isakmp
object service isakmp_2
service udp destination eq 4500
object service tunnel
service gre
object network Konsul_Net
subnet 10.100.60.0 255.255.252.0
object network Memfis_Net
subnet 10.100.0.0 255.255.224.0
object network NETWORK_OBJ_172.16.0.0_24
subnet 172.16.0.0 255.255.255.0
object network VPN_POOL_TEST
subnet 172.20.0.0 255.255.255.0
object network NETWORK_OBJ_172.20.0.0_25
subnet 172.20.0.0 255.255.255.128
object network VPN_NET
subnet 172.20.0.0 255.255.255.0
object network iDRAC
subnet 10.90.90.0 255.255.255.0
object network SSH
host 10.100.0.110
description WIFI Controller
object network Internet_Ertel
subnet 0.0.0.0 0.0.0.0
object network MSK_Main
host E.E.E.E
object network MSK_Reserve
host F.F.F.F
object network Cisco_interface_for_MSK
host 172.17.1.81
object network Cisco_interface_for_SMO
host 172.17.1.77
object service ipsec_additional
service udp destination eq 4500
object network All_MBA_Nets
subnet 10.100.0.0 255.255.0.0
object network Asterisk_local
host 10.100.0.5
object network Aterisk_beeline
host M.M.M.M
object network WINSRV12RDP7
range 10.100.28.1 10.100.28.100
object network WINSRV12RDP8
range 10.100.28.101 10.100.28.200
object network WINSRV12RDP3
range 10.100.30.1 10.100.30.100
object network WINSRV12RDP4
range 10.100.30.101 10.100.30.200
object network WINSRV12RDP5
range 10.100.29.1 10.100.29.100
object network WINSRV12RDP6
range 10.100.29.101 10.100.29.200
object network WINSRV12RDP9
range 10.100.27.1 10.100.27.100
object network WINSRV12RDP10
range 10.100.27.101 10.100.27.200
object network WINSRV12RDP11
range 10.100.26.1 10.100.26.100
object network WINSRV12RDP12
range 10.100.26.101 10.100.26.200
object network WINSRV12RDP13
range 10.100.25.1 10.100.25.100
object network WINSRV12RDP14
range 10.100.25.101 10.100.25.200
object network WINSRV12RDP15
range 10.100.24.1 10.100.24.100
object network WINSRV12RDP16
range 10.100.24.101 10.100.24.200
object network WINSRV12RDP1
range 10.100.31.1 10.100.31.100
object network WINSRV12RDP2
range 10.100.31.101 10.100.31.200
object network MEMFIS(SRV_AND_NET)
range 10.100.0.1 10.100.0.255
object network MEMFIS(ADMINISTRATIVE)
range 10.100.1.0 10.100.1.255
object network SMO(SRV_AND_NET)
range 10.100.48.1 10.100.48.255
object network SMO(ADMINISTRATIVE)
range 10.100.55.1 10.100.55.100
object network KALININA(ADMINISTRATIVE)
range 10.100.65.1 10.100.67.255
object network MSK(ADMINISTRATIVE)
subnet 10.100.58.0 255.255.255.0
object network MBAFIN_GUEST
subnet 10.90.92.0 255.255.255.0
object network FAX
host 213.85.168.52
object network Interlin
host 188.94.208.10
object network MTT_ym
host 80.75.132.66
object network Power
host 178.238.120.178
object network Zebra
host 213.145.43.128
object network MTT
host 80.75.130.132
object network MTT_ufa
host 80.75.130.147
object network Autoinform_beeline
host G.G.G.G
object service sharepoint_https_fake
service tcp destination eq 444
object network MSK_WIFI_GUEST
host 10.100.59.1
object network MSK_local
subnet 10.100.58.0 255.255.255.0
object network SMTP
host 10.100.0.2
object network SMO_local
subnet 10.100.48.0 255.255.248.0
object network RD2
range 10.100.22.101 10.100.22.200
object network KALININA(SRV_AND_NET)
range 10.100.64.1 10.100.64.255
object network SMSSENDER
host 10.100.3.177
description Send sms pass
object network MSK_wifi
subnet 10.100.59.0 255.255.255.0
object network Sharepoint_https
host 10.100.0.7
object network MSK_NEW
subnet 10.100.60.0 255.255.252.0
object network MSK_NEW_WiFi
host 10.100.57.1
object network MSK_wifi_NEW
subnet 10.100.57.0 255.255.255.0
object network AnyConnectClients
subnet 172.20.0.0 255.255.255.0
object network gitlab
host 10.100.3.167
object service web_mail_src
service tcp source eq 32000
object service smtp_src
service tcp source eq smtp
object service smtp_ssl_src
service tcp source eq 465
object service imap_src
service tcp source eq imap4
object service imap_ssl_src
service tcp source eq 993
object service pop3_src
service tcp source eq pop3
object service pop3_ssl_src
service tcp source eq 995
object service sms_src
service tcp source range 8000 8001
object service fake_rdp_src
service tcp source eq 5589 destination range 1 65535
object service rdp_src
service tcp source eq 3389 destination range 1 65535
object service ftp_src
service tcp source eq ftp
object service https_src
service tcp source eq https
object service https_444_src
service tcp source eq 444
object service ftps_src
service tcp source range 5500 5525
object network VPN
subnet 172.20.0.0 255.255.255.0
object network BACKUP_SERVER
host 10.100.4.27
object network Limited_IPs_Memfis
range 10.100.2.0 10.100.2.255
object network Limited_IPs_Kalinina
range 10.100.68.0 10.100.68.255
object network testpc
host 10.100.3.252
object network ASA_SMO
host 172.17.1.146
object network MSK_Old_Branch
host F.F.F.F
object network 10.100.67.37
host 10.100.67.37
object network Redis
host 10.100.4.18
object service RTP_SIP
service udp source range 10000 20000
description RTP
object network Icewarp
host 10.100.0.4
object network IP_Phone
host 10.100.69.138
object network symantec_backup
host 10.100.3.253
object network erptest
host 10.100.31.201
object network 10.100.1.103
host 10.100.1.103
object network 10.100.1.107
host 10.100.1.107
object network VostokFinance_1
subnet 10.0.10.0 255.255.255.0
object network VostokFinance_2
subnet 10.2.0.0 255.255.0.0
object network VostokFinance_3
subnet 10.3.10.0 255.255.255.0
object network 10.100.3.52
host 10.100.3.52
object network 10.100.3.253
host 10.100.3.253
object network 10.100.49.13
host 10.100.49.13
object network WIN10SER
host 10.100.3.121
object network Slackware14.2
host 10.100.3.248
object network Printserver
host 10.100.4.65
object network 10.100.3.149
host 10.100.3.149
object network 10.100.4.4
host 10.100.4.4
object network 10.100.3.13
host 10.100.3.13
object network 10.100.3.194
host 10.100.3.194
object network 10.100.69.54
host 10.100.69.54
object network IP_ETAP
host 37.112.57.61
object network Test
host 10.100.67.63
description test
object network FreeRadius
host 10.10.10.9
object network Freeradius_res
host 10.10.10.11
object network Dosugova
host 10.100.1.16
object network logicinvest
host 10.100.67.129
object service http_src
service tcp source eq www destination range 1 65535
object service fake_http_src
service tcp source eq 5050 destination range 1 65535
object network 10.100.31.205
host 10.100.31.205
object network 54.246.205.20
host 54.246.205.20
description Telemarket
object network 54.246.211.170
host 54.246.211.170
description Telemarket
object network 176.34.143.182
host 176.34.143.182
description Telemarket
object service http_src_telemarket
service tcp source eq 4546
object service http_dst_telemarket
service tcp destination eq 4546
object network SMS_Traffic_prov
host 212.24.56.100
description sms_status_resive
object network 209.95.50.91
host 209.95.50.91
description Telemarket
object network 54.171.177.117
host 54.171.177.117
description Telemarket
object network CZinvest
host 37.112.63.240
object service CZ_Sharepoint_http
service tcp source eq 8088
object network DevinoMailSpamer1
range 212.193.97.32 212.193.97.239
object network DevinoMailSpamer2
range 194.226.179.64 194.226.179.239
object network 54.154.54.79
host 54.154.54.79
description Telemarket
object network J.J.J.J
host J.J.J.J
description MSK
object network trade_server
host 192.168.99.2
object network TRADE_NETWOKR
subnet 192.168.99.0 255.255.255.0
object network 54.154.99.68
host 54.154.99.68
object network Autoinform_local
host 10.100.0.6
object network Other_Memfis_Net
range 10.100.3.0 10.100.7.254
object network 10.100.69.21
host 10.100.69.21
object network 10.100.69.180
host 10.100.69.180
object network 10.100.69.52
host 10.100.69.52
object network 10.100.3.241
host 10.100.3.241
object network 10.100.69.35
host 10.100.69.35
object network 10.100.69.42
host 10.100.69.42
object network Support_RSBANK
host 95.66.140.96
description support_rsbank
object network RSbank_server
host 10.100.3.241
object network Support_RSBANK_2
host 82.202.161.83
object network VD_Server
host 10.30.2.88
object network 95.169.99.106
host 95.169.99.106
object network 95.169.99.104
host 95.169.99.104
object network 95.169.99.108
host 95.169.99.108
object network 95.169.99.107
host 95.169.99.107
object network Artem_Outside
host 31.132.155.171
object network 31.132.155.171
host 31.132.155.171
object network 195.19.12.10
host 195.19.12.10
object network 10.11.0.0
subnet 10.11.0.0 255.255.0.0
object network 10.20.0.0
subnet 10.20.0.0 255.255.0.0
object network 10.21.0.0
subnet 10.21.0.0 255.255.0.0
object network 10.22.0.0
subnet 10.22.0.0 255.255.0.0
object network 10.23.0.0
subnet 10.23.0.0 255.255.0.0
object network 10.24.0.0
subnet 10.24.0.0 255.255.0.0
object network 10.25.40.0
subnet 10.25.40.0 255.255.255.0
object network 10.26.0.0
subnet 10.26.0.0 255.255.0.0
object network 10.27.0.0
subnet 10.27.0.0 255.255.0.0
object network 10.30.0.0
subnet 10.30.0.0 255.255.0.0
object network 10.32.0.0
subnet 10.32.0.0 255.255.0.0
object network 10.33.0.0
subnet 10.33.0.0 255.255.0.0
object network 10.50.0.0
subnet 10.50.0.0 255.255.0.0
object network 10.111.0.0
subnet 10.111.0.0 255.255.0.0
object network 10.112.0.0
subnet 10.112.0.0 255.255.0.0
object network 195.19.12.6
host 195.19.12.6
object network 10.40.0.0
subnet 10.40.0.0 255.255.0.0
object network 10.100.4.59
host 10.100.4.59
object network iBANK
host 109.232.250.90
object network FSSP
host 95.173.157.48
object network 37.18.20.234
host 37.18.20.234
object network 37.18.20.197
host 37.18.20.197
object network 37.18.20.231
host 37.18.20.231
object network Marianna
host 10.100.67.96
object network 10.100.67.56
host 10.100.67.56
object network 1C8RDP
host 10.100.0.15
object network W2K8R2IIS
host 10.100.0.54
object network MILI_Scoring
subnet 37.18.20.0 255.255.255.0
object network Minkov
host 31.132.155.171
object service score
service tcp destination eq 8989
object service score_src
service tcp source eq 8989
object network mttapi
host 80.75.132.103
object network 10.100.67.74
host 10.100.67.74
object network 176.99.4.174
host 176.99.4.174
object network 176.99.6.90
host 176.99.6.90
object network 151.248.118.155
host 151.248.118.155
object network SMS_Traffic_Status
host 213.248.59.122
object network winsrv12backup
host 10.100.3.230
object network SMS_Traffic_Status_2
host 212.92.99.146
object network SMS_Traffic_Status_3
host 212.92.99.210
object service score_src_test
service tcp source eq 8990
object service score_test
service tcp destination eq 8990
object service score_src2
service tcp source eq 9090
object service score2
service tcp destination eq 9090
object-group network DM_INLINE_NETWORK_15
network-object 10.0.0.0 255.255.255.0
network-object 10.2.0.0 255.255.255.0
network-object 10.3.0.0 255.255.255.0
object-group service RTP
service-object object RTP_SIP
object-group network DM_INLINE_NETWORK_5
network-object object Kalinina_Net
network-object object Konsul_Net
network-object object Memfis_Net
object-group service DM_INLINE_SERVICE_1
service-object object imap
service-object object imap_ssl
service-object object pop3
service-object object pop3_ssl
service-object object smtp
service-object object smtp_ssl
service-object object web_mail
service-object object sms
object-group service DM_INLINE_SERVICE_2
service-object object imap
service-object object imap_ssl
service-object object pop3
service-object object pop3_ssl
service-object object smtp
service-object object smtp_ssl
service-object object web_mail
object-group service DM_INLINE_SERVICE_3
service-object object ftp
service-object object ftp_data
object-group service DM_INLINE_SERVICE_4
service-object object rdp
service-object object sharepoint_https
object-group network DM_INLINE_NETWORK_2
network-object object MSK_Main
network-object object SMO
object-group network DM_INLINE_NETWORK_3
network-object object Aterisk_beeline
network-object object Autoinform_beeline
object-group service DM_INLINE_SERVICE_5
group-object RTP
service-object udp destination eq bootpc
service-object udp destination eq bootps
service-object udp destination eq sip
object-group icmp-type DM_INLINE_ICMP_1
icmp-object time-exceeded
icmp-object unreachable
object-group network asterisk_beeline_ip
network-object object Aterisk_beeline
network-object object Autoinform_beeline
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
object-group network DM_INLINE_NETWORK_11
network-object object DC1
network-object object DC2
network-object host 10.100.1.107
object-group icmp-type DM_INLINE_ICMP_2
icmp-object time-exceeded
icmp-object unreachable
object-group network IP_USERS
description ALL MBA USER INTERNET
network-object object SMO(ADMINISTRATIVE)
network-object object SMSSENDER
network-object object KALININA(ADMINISTRATIVE)
network-object object MEMFIS(ADMINISTRATIVE)
network-object object Limited_IPs_Kalinina
network-object object Limited_IPs_Memfis
object-group network Terminal's_Servers
network-object object WINSRV12RDP1
network-object object WINSRV12RDP10
network-object object WINSRV12RDP11
network-object object WINSRV12RDP12
network-object object WINSRV12RDP13
network-object object WINSRV12RDP14
network-object object WINSRV12RDP15
network-object object WINSRV12RDP16
network-object object WINSRV12RDP2
network-object object WINSRV12RDP3
network-object object WINSRV12RDP4
network-object object WINSRV12RDP5
network-object object WINSRV12RDP6
network-object object WINSRV12RDP7
network-object object WINSRV12RDP8
network-object object WINSRV12RDP9
object-group network DM_INLINE_NETWORK_4
group-object IP_USERS
group-object Terminal's_Servers
object-group network IP_with_Internet
network-object object MEMFIS(SRV_AND_NET)
network-object object MSK(ADMINISTRATIVE)
network-object object SMO(ADMINISTRATIVE)
network-object object SMO(SRV_AND_NET)
network-object object KALININA(SRV_AND_NET)
network-object object Redis
network-object object SMSSENDER
network-object object gitlab
network-object object KALININA(ADMINISTRATIVE)
network-object object MEMFIS(ADMINISTRATIVE)
network-object object 10.100.3.52
network-object object trade_server
network-object object 10.100.69.42
network-object object 10.100.4.59
network-object object erptest
object-group network Limited_IPs_All
network-object object Limited_IPs_Kalinina
network-object object Limited_IPs_Memfis
object-group network DM_INLINE_NETWORK_8
group-object IP_with_Internet
network-object object RD2
group-object Limited_IPs_All
object-group network DM_INLINE_NETWORK_12
network-object 0.0.0.0 0.0.0.0
network-object object Shareman
object-group network DM_INLINE_NETWORK_7
network-object object MSK_Main
network-object object MSK_Reserve
object-group service DM_INLINE_TCP_9 tcp
port-object eq www
port-object eq https
object-group service DM_INLINE_UDP_1 udp
port-object eq 4500
port-object eq isakmp
object-group service DM_INLINE_UDP_2 udp
port-object eq 4500
port-object eq isakmp
object-group network SIP_Service_Provider
network-object object FAX
network-object object Interlin
network-object object MTT
network-object object MTT_ufa
network-object object MTT_ym
network-object object Power
network-object object Zebra
object-group network DM_INLINE_NETWORK_13
network-object object MBAFIN_GUEST
network-object object MBA_Nets
network-object object SQUID
network-object object FreeRadius
network-object object TRADE_NETWOKR
object-group network DM_INLINE_NETWORK_9
network-object object Aterisk_beeline
network-object object Autoinform_beeline
object-group service DM_INLINE_TCPUDP_1 tcp-udp
port-object range 10000 65535
port-object eq sip
object-group network DM_INLINE_NETWORK_14
network-object object MBAFIN_GUEST
network-object object MBA_Nets
network-object object SQUID
network-object object FreeRadius
network-object object TRADE_NETWOKR
object-group service mail tcp
port-object eq 465
port-object eq 993
port-object eq 995
port-object eq imap4
port-object eq pop3
port-object eq smtp
port-object eq 32000
object-group service DM_INLINE_TCP_7 tcp
port-object eq 8000
port-object eq 8001
object-group network CZ_Nets
network-object object 10.11.0.0
network-object object 10.111.0.0
network-object object 10.112.0.0
network-object object 10.20.0.0
network-object object 10.21.0.0
network-object object 10.22.0.0
network-object object 10.23.0.0
network-object object 10.24.0.0
network-object object 10.26.0.0
network-object object 10.27.0.0
network-object object 10.30.0.0
network-object object 10.32.0.0
network-object object 10.33.0.0
network-object object 10.50.0.0
network-object object 10.40.0.0
network-object object 10.25.40.0
object-group network DM_INLINE_NETWORK_1
group-object Limited_IPs_All
group-object IP_with_Internet
network-object object MBAFIN_GUEST
network-object object VPN
group-object Terminal's_Servers
network-object object RD2
group-object CZ_Nets
object-group network DM_INLINE_NETWORK_6
network-object object KALININA(SRV_AND_NET)
network-object object MEMFIS(SRV_AND_NET)
network-object object SMO(SRV_AND_NET)
object-group service Aster_rtp udp
port-object range 10000 20000
object-group network DM_INLINE_NETWORK_10
network-object object DC1
network-object object DC2
network-object host 10.100.1.107
object-group service DM_INLINE_SERVICE_6
group-object RTP
service-object udp destination eq bootpc
service-object udp destination eq bootps
service-object udp destination eq sip
object-group service DM_INLINE_SERVICE_7
group-object RTP
service-object tcp-udp destination eq domain
service-object udp destination eq bootpc
service-object udp destination eq bootps
service-object udp destination eq sip
object-group network Bypass_The_Firepower
network-object object FreeRadius
network-object object Freeradius_res
network-object object Icewarp
network-object object Search
network-object object Fileserver
network-object object Dosugova
network-object object iBANK
network-object object TRADE_NETWOKR
network-object object 1C8RDP
network-object object mttapi
object-group user sf
description dsf
user LOCAL\admin
object-group network DM_INLINE_NETWORK_18
network-object object VostokFinance_1
network-object object VostokFinance_2
network-object object VostokFinance_3
object-group service DM_INLINE_TCP_1 tcp
port-object eq www
port-object eq https
object-group network Telemarket
network-object object 195.19.12.10
network-object object 195.19.12.6
network-object object 37.18.20.197
network-object object 37.18.20.231
network-object object 37.18.20.234
object-group service KMS_SER tcp-udp
port-object eq 1688
object-group service DM_INLINE_UDP_3 udp
port-object range 10000 20000
port-object eq sip
object-group protocol DM_INLINE_PROTOCOL_1
protocol-object udp
protocol-object tcp
object-group network DM_INLINE_NETWORK_16
network-object host 10.100.0.50
network-object host 10.100.0.51
network-object host 10.100.0.66
network-object object Redis
network-object object erptest
object-group network RS_Bank_support_group
network-object object Support_RSBANK
network-object object Support_RSBANK_2
object-group network SMS
network-object object 95.169.99.106
network-object object 95.169.99.104
network-object object 95.169.99.108
network-object object SMS_Traffic_prov
network-object object 95.169.99.107
network-object object SMS_Traffic_Status
network-object object SMS_Traffic_Status_2
network-object object SMS_Traffic_Status_3
object-group network DM_INLINE_NETWORK_17
network-object object Kalinina_Net
network-object object Other_Memfis_Net
object-group network Scoring
network-object object MILI_Scoring
network-object object Minkov
network-object object 176.99.4.174
network-object object 176.99.6.90
network-object object 151.248.118.155
object-group service DM_INLINE_SERVICE_8
service-object object score
service-object object score_test
service-object object score2
access-list web-traffic extended permit ip object-group DM_INLINE_NETWORK_5 any
access-list squid extended permit ip object SQUID any
access-list Local_Net standard permit 10.100.0.0 255.255.0.0
access-list L2TP_group_splitTunnelAcl standard permit 10.100.0.0 255.255.0.0
access-list mba-vpn_splitTunnelAcl standard permit 10.100.0.0 255.255.0.0
access-list DefaultRAGroup_splitTunnelAcl standard permit 10.100.0.0 255.255.0.0
access-list DefaultRAGroup_splitTunnelAcl_1 standard permit 10.100.0.0 255.255.0.0
access-list DefaultRAGroup_splitTunnelAcl_1 standard permit 10.90.90.0 255.255.255.0
access-list mba-vpn_splitTunnelAcl_1 standard permit 10.100.0.0 255.255.0.0
access-list easy-vpn_splitTunnelAcl standard permit 10.100.0.0 255.255.0.0
access-list Outside_Beeline_access_in remark Allow traceroute cmd
access-list Outside_Beeline_access_in extended permit icmp any any object-group DM_INLINE_ICMP_1 log disable
access-list Outside_Beeline_access_in extended deny ip object-group SPAM any4
access-list Outside_Beeline_access_in extended permit object-group DM_INLINE_SERVICE_2 any object Icewarp
access-list Outside_Beeline_access_in extended permit ip any object-group DM_INLINE_NETWORK_3
access-list Outside_Beeline_access_in extended permit object-group TCPUDP object-group SIP_Service_Provider object-group DM_INLINE_NETWORK_9 object-group DM_INLINE_TCPUDP_1
access-list Outside_Ertel_access_in remark Allow traceroute cmd
access-list Outside_Ertel_access_in extended permit icmp any any object-group DM_INLINE_ICMP_2 log disable
access-list Outside_Ertel_access_in extended deny ip object-group SPAM any4
access-list Outside_Ertel_access_in extended permit object-group DM_INLINE_SERVICE_1 any object Icewarp
access-list Outside_Ertel_access_in extended permit object-group DM_INLINE_SERVICE_3 any object Fileserver
access-list Outside_Ertel_access_in extended permit object-group DM_INLINE_SERVICE_8 object-group Scoring object W2K8R2IIS
access-list Outside_Ertel_access_in extended permit object sms object-group SMS object Search
access-list Outside_Ertel_access_in extended permit tcp object CZinvest object Sharepoint eq 8088 inactive
access-list Outside_Ertel_access_in extended permit object-group DM_INLINE_SERVICE_4 object Shareman object Sharepoint
access-list Outside_Ertel_access_in extended permit tcp object Shareman object Sharepoint eq https
access-list Outside_Ertel_access_in extended permit tcp any object logicinvest eq www inactive
access-list Outside_Ertel_access_in extended permit object http_dst_telemarket object-group Telemarket object Search
access-list Outside_Ertel_access_in extended permit object rdp object-group RS_Bank_support_group object RSbank_server
access-list SQUID_Redirect extended deny tcp 10.100.0.0 255.255.0.0 host 10.100.60.2 eq www
access-list SQUID_Redirect extended permit ip object RD2 any
access-list SQUID_Redirect extended permit ip object-group DM_INLINE_NETWORK_6 any
access-list SQUID_Redirect extended deny tcp object-group IP_USERS any eq www
access-list Outside_Ertel_mpc_13 extended permit ip object RD2 object MSK_NEW inactive
access-list Outside_Ertel_mpc_13 extended permit object-group DM_INLINE_SERVICE_5 object MBA_Nets object MSK_NEW
access-list Outside_Ertel_mpc_13 extended permit object-group TCPUDP object-group DM_INLINE_NETWORK_10 any eq domain
access-list Outside_Ertel_mpc_13 extended permit ip object TRADE_NETWOKR any
access-list Inside_mpc extended permit tcp any object-group DM_INLINE_TCP_9 object MBA_Nets
access-list Outside_Ertel_mpc_14 extended permit object-group DM_INLINE_PROTOCOL_1 object-group IP_USERS any range 1025 65535
access-list Outside_Beeline_mpc_4 extended permit object-group DM_INLINE_SERVICE_6 object MBA_Nets object MSK_NEW
access-list Outside_Beeline_mpc_4 extended permit object-group TCPUDP object-group DM_INLINE_NETWORK_11 any eq domain
access-list Outside_Beeline_mpc_4 extended permit object-group TCPUDP object-group asterisk_beeline_ip eq sip any eq sip
access-list Outside_Beeline_mpc_4 extended permit udp object-group asterisk_beeline_ip any range 10000 40000
access-list Outside_Beeline_mpc_10 extended permit object-group TCPUDP object-group IP_USERS any range 1 1024
access-list Outside_Beeline_mpc_11 extended permit object-group TCPUDP object-group IP_USERS any range 1025 65535
access-list Inside_access_in extended permit tcp object-group Terminal's_Servers any object-group DM_INLINE_TCP_1
access-list Inside_access_in extended permit ip object-group Terminal's_Servers host 193.232.167.126
access-list Inside_access_in extended permit ip object-group DM_INLINE_NETWORK_8 any
access-list Inside_access_in extended permit ip object-group DM_INLINE_NETWORK_17 object trade_server
access-list Inside_access_in extended permit ip object MBAFIN_GUEST any
access-list Inside_access_in extended permit ip object Icewarp any
access-list Inside_access_in extended permit ip object erptest any
access-list Inside_access_in extended permit ip object iDRAC any
access-list Inside_mpc_1 extended permit tcp any object Icewarp object-group mail
access-list Inside_mpc_2 extended permit tcp any object Search object-group DM_INLINE_TCP_7
access-list Beeline_pool_mpc extended permit object-group TCPUDP any eq sip object Aterisk_beeline eq sip
access-list Beeline_pool_mpc_1 extended permit object-group TCPUDP any range 10000 65535 object Aterisk_beeline range 10000 65535
access-list Outside_Ertel_mpc extended permit object-group DM_INLINE_PROTOCOL_1 object-group IP_USERS any range 1 1024
access-list Outside_Ertel_mpc_1 extended permit ip object All_MBA_Nets object MSK_NEW
access-list SMO_VLAN_mpc extended permit udp object SMO object-group DM_INLINE_UDP_2 object Cisco_interface_for_SMO object-group DM_INLINE_UDP_1
access-list global_mpc extended permit ip object All_MBA_Nets any
access-list Outside_Ertel_cryptomap_4 extended permit udp object DC1 object MSK_NEW_WiFi
access-list Outside_Ertel_cryptomap_4 extended permit ip object DC1 object J.J.J.J
access-list Outside_Ertel_cryptomap_4 extended permit ip object MBA_Nets object MSK_NEW
access-list Outside_Ertel_cryptomap_4 extended permit ip object VPN_NET object MSK_NEW
access-list Outside_Ertel_cryptomap_4 extended permit ip object 10.111.0.0 object MSK_NEW
access-list Outside_Ertel_cryptomap_3 extended permit ip object MBA_Nets object MSK_NEW
access-list global_mpc_2 extended deny ip object-group Bypass_The_Firepower any
access-list global_mpc_2 extended deny ip any object-group Bypass_The_Firepower
access-list global_mpc_2 extended deny ip object TRADE_NETWOKR object Asterisk_local
access-list global_mpc_2 extended permit ip object-group DM_INLINE_NETWORK_1 any4
access-list global_mpc_2 extended permit ip any4 object All_MBA_Nets
access-list Outside_Beeline_mpc extended permit ip object All_MBA_Nets object MSK_NEW
access-list Inside_mpc_4 extended permit ip object MSK_NEW object MBA_Nets
access-list Inside_mpc_3 extended permit object-group DM_INLINE_SERVICE_7 object MSK_NEW object MBA_Nets
access-list Inside_mpc_3 extended permit ip any object TRADE_NETWOKR
access-list Outside_Ertel_cryptomap_65535.65535 extended permit ip any any
access-list VostokFinance extended permit ip 10.100.48.0 255.255.248.0 object-group DM_INLINE_NETWORK_15
access-list AnyConnect_Client_Local_Print extended deny ip any4 any4
access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq lpd
access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol
access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 631
access-list AnyConnect_Client_Local_Print remark Windows' printing port
access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 9100
access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol
access-list AnyConnect_Client_Local_Print extended permit udp any4 host 224.0.0.251 eq 5353
access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name Resolution protocol
access-list AnyConnect_Client_Local_Print extended permit udp any4 host 224.0.0.252 eq 5355
access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol
access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 137
access-list AnyConnect_Client_Local_Print extended permit udp any4 any4 eq netbios-ns
access-list RestrictedVPN extended permit tcp any object gitlab eq www
access-list RestrictedVPN extended permit tcp any object gitlab eq ssh
access-list RestrictedVPN extended permit object-group TCPUDP any object DC1 eq domain
access-list RestrictedVPN extended permit ip any object-group DM_INLINE_NETWORK_16
access-list RestrictedVPN extended permit tcp any host 10.100.0.35 eq 1433
access-list Allow_All_VPN extended permit ip any object MBA_Nets
access-list Inside_mpc_5 extended permit ip any object Fileserver
access-list TEST_ETAP_IP standard permit host 10.100.67.63
access-list Trade_access_in extended permit udp object TRADE_NETWOKR object Asterisk_local object-group DM_INLINE_UDP_3
access-list Trade_access_in extended permit object-group TCPUDP object trade_server object DC2 object-group KMS_SER
access-list Trade_access_in extended permit ip object TRADE_NETWOKR object Icewarp
access-list Trade_access_in extended deny ip object TRADE_NETWOKR object MBA_Nets
access-list Trade_access_in extended permit ip object TRADE_NETWOKR any
access-list SYSADMIN4 standard permit host 10.100.67.71
access-list SYSADMIN4 standard permit host 10.100.1.103
access-list Redirect_test extended permit ip host 10.100.1.107 any
access-list Redirect_test extended permit ip host 10.100.1.234 any
access-list Redirect_test extended permit ip host 10.100.1.102 any
access-list Outside_Ertel_cryptomap_10 extended permit ip object TRADE_NETWOKR object VD_Server
access-list Outside_Ertel_CZ extended permit ip object MBA_Nets object-group CZ_Nets
pager lines 24
logging enable
logging emblem
logging trap errors
logging asdm debugging
logging facility 17
logging device-id ipaddress Inside
logging host SQUID 10.10.10.11 format emblem
logging class auth trap informational
logging class ids trap debugging
logging class sys trap warnings
logging class vpn trap informational
logging class vpnc trap informational
logging class webvpn trap informational
mtu Inside 1500
mtu Outside_Ertel 1500
mtu Outside_Beeline 1500
mtu Administrative 1500
mtu SQUID 1500
mtu Beeline_pool 1500
mtu Beeline_pool_2 1500
mtu Trade 1500
mtu 3com_Management 1500
mtu Management 1500
no failover
no monitor-interface SQUID
no monitor-interface Beeline_pool
no monitor-interface Beeline_pool_2
no monitor-interface Trade
no monitor-interface service-module
icmp unreachable rate-limit 10 burst-size 1
asdm image disk0:/asdm-791.bin
asdm history enable
arp timeout 14400
no arp permit-nonconnected
arp rate-limit 16384
nat (Outside_Ertel,Outside_Ertel) source static VPN_NET VPN_NET destination static MSK_NEW MSK_NEW no-proxy-arp route-lookup
nat (Inside,Outside_Ertel) source static MBA_Nets MBA_Nets destination static VPN_NET VPN_NET no-proxy-arp route-lookup
nat (Inside,Outside_Ertel) source static MBA_Nets MBA_Nets destination static MSK_local MSK_local no-proxy-arp route-lookup description MSK Identity NAT
nat (Inside,Outside_Ertel) source static MBA_Nets MBA_Nets destination static MSK_wifi MSK_wifi no-proxy-arp route-lookup description MSK Wi-Fi Identity NAT
nat (Trade,Outside_Ertel) source static TRADE_NETWOKR TRADE_NETWOKR destination static VD_Server VD_Server no-proxy-arp route-lookup description VD Identity
nat (Inside,Outside_Ertel) source static MBA_Nets MBA_Nets destination static MSK_wifi_NEW MSK_wifi_NEW no-proxy-arp route-lookup
nat (Inside,Outside_Beeline) source static MBA_Nets MBA_Nets destination static MSK_wifi_NEW MSK_wifi_NEW no-proxy-arp route-lookup
nat (Inside,Outside_Ertel) source static MBA_Nets MBA_Nets destination static MSK_NEW MSK_NEW no-proxy-arp route-lookup
nat (Inside,Outside_Beeline) source static MBA_Nets MBA_Nets destination static MSK_NEW MSK_NEW no-proxy-arp route-lookup
nat (any,Outside_Ertel) source static MBA_Nets MBA_Nets destination static CZ_Nets CZ_Nets no-proxy-arp route-lookup
nat (Inside,Outside_Ertel) source static Icewarp interface service web_mail_src web_mail_src no-proxy-arp description PORT MAP MAIL 32000
nat (Inside,Outside_Ertel) source static Icewarp interface service smtp_src smtp_src no-proxy-arp description PORT MAP SMTP 25
nat (Inside,Outside_Ertel) source static Icewarp interface service smtp_ssl_src smtp_ssl_src no-proxy-arp description PORT MAP SMTP 465
nat (Inside,Outside_Ertel) source static Icewarp interface service imap_src imap_src no-proxy-arp description PORT MAP IMAP 143
nat (Inside,Outside_Ertel) source static Icewarp interface service imap_ssl_src imap_ssl_src no-proxy-arp description PORT MAP IMAP 993
nat (Inside,Outside_Ertel) source static Icewarp interface service pop3_src pop3_src no-proxy-arp description PORT MAP POP3 110
nat (Inside,Outside_Ertel) source static Icewarp interface service pop3_ssl_src pop3_ssl_src no-proxy-arp description PORT MAP POP3 995
nat (Inside,Outside_Ertel) source static Search interface service sms_src sms_src no-proxy-arp description PORT MAP SMS 8000-8001
nat (Inside,Outside_Ertel) source static Search interface destination static Telemarket Telemarket service http_src_telemarket http_src_telemarket no-proxy-arp description PORT MAP Telemarket 4546
nat (Inside,Outside_Ertel) source static logicinvest interface service http_src fake_http_src no-proxy-arp inactive description PORT MAP LOGICINVEST HTTP 5050
nat (Inside,Outside_Ertel) source static Sharepoint interface destination static Shareman Shareman service rdp_src fake_rdp_src no-proxy-arp description PORT MAP SHAREPOINT RDP 5589
nat (Inside,Outside_Ertel) source static Sharepoint interface destination static Shareman Shareman service https_src https_444_src no-proxy-arp
nat (Inside,Outside_Ertel) source static RSbank_server interface destination static RS_Bank_support_group RS_Bank_support_group service rdp_src fake_rdp_src no-proxy-arp description PORT MAP RSBank RDP 5589
nat (Inside,Outside_Ertel) source static Fileserver interface service ftp_src ftp_src no-proxy-arp
nat (Inside,Outside_Ertel) source static Fileserver interface service ftps_src ftps_src no-proxy-arp
nat (Inside,Outside_Beeline) source static Icewarp interface service smtp_src smtp_src no-proxy-arp description PORT MAP SMTP 25
nat (Inside,Outside_Beeline) source static Icewarp interface service smtp_ssl_src smtp_ssl_src no-proxy-arp description PORT MAP SMTP 465
nat (Inside,Outside_Beeline) source static Icewarp interface service imap_src imap_src no-proxy-arp description PORT MAP IMAP 143
nat (Inside,Outside_Beeline) source static Icewarp interface service imap_ssl_src imap_ssl_src no-proxy-arp description PORT MAP IMAP 993
nat (Inside,Outside_Beeline) source static Icewarp interface service pop3_src pop3_src no-proxy-arp description PORT MAP POP3 110
nat (Inside,Outside_Beeline) source static Icewarp interface service pop3_ssl_src pop3_ssl_src no-proxy-arp description PORT MAP POP3 995
nat (Inside,Outside_Beeline) source static Icewarp interface service web_mail_src web_mail_src no-proxy-arp description PORT MAP MAIL 32000
nat (Inside,Outside_Ertel) source static W2K8R2IIS interface destination static Scoring Scoring service score_src score_src no-proxy-arp description SCORING
nat (Inside,Outside_Ertel) source static W2K8R2IIS interface destination static Scoring Scoring service score_src2 score_src2 no-proxy-arp description SCORING
nat (Inside,Outside_Ertel) source static W2K8R2IIS interface destination static Scoring Scoring service score_src_test score_src_test no-proxy-arp description SCORING_TEST
!
nat (any,Outside_Ertel) after-auto source dynamic DM_INLINE_NETWORK_14 interface description PAT Ertel
nat (any,Outside_Beeline) after-auto source dynamic DM_INLINE_NETWORK_13 interface description PAT Beeline
access-group Inside_access_in in interface Inside
access-group Outside_Ertel_access_in in interface Outside_Ertel
access-group Outside_Beeline_access_in in interface Outside_Beeline
access-group Trade_access_in in interface Trade
!
route-map Beeline_pool permit 1
match interface Beeline_pool
set ip dscp ef
set ip next-hop H.H.H.H
interface GigabitEthernet0/0
nameif Inside
security-level 100
ip address 172.17.1.37 255.255.255.252
!
interface GigabitEthernet0/1
nameif Outside_Ertel
security-level 0
ip address A.A.A.A 255.255.255.0
!
interface GigabitEthernet0/2
nameif Outside_Beeline
security-level 0
ip address B.B.B.B 255.255.255.252
!
interface GigabitEthernet0/3
nameif Administrative
security-level 0
no ip address
!
interface GigabitEthernet0/3.11
vlan 11
nameif SQUID
security-level 100
ip address 10.10.10.10 255.255.255.248
!
interface GigabitEthernet0/3.12
vlan 12
nameif Beeline_pool
security-level 100
ip address C.C.C.C 255.255.255.248
policy-route route-map Beeline_pool
!
interface GigabitEthernet0/3.13
vlan 13
nameif Beeline_pool_2
security-level 0
ip address D.D.D.D 255.255.255.248
policy-route route-map Beeline_pool
!
interface GigabitEthernet0/3.99
vlan 99
nameif Trade
security-level 50
ip address 192.168.99.1 255.255.255.0
!
interface GigabitEthernet0/4
shutdown
no nameif
security-level 0
no ip address
!
interface GigabitEthernet0/5
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/6
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/7
nameif 3com_Management
security-level 100
ip address 172.18.1.1 255.255.255.252
!
interface Management0/0
management-only
nameif Management
security-level 100
no ip address
!
regex domainlis "\.yaplakal\.com"
boot system disk0:/asa992-smp-k8.bin
boot system disk0:/asa952-6-smp-k8.bin
boot system disk0:/asa944-16-smp-k8.bin
boot system disk0:/asa981-smp-k8.bin
ftp mode passive
clock timezone MSK/MSD 3
clock summer-time MSK/MDD recurring last Sun Mar 2:00 last Sun Oct 3:00
dns domain-lookup Inside
dns server-group DefaultDNS
name-server 10.100.0.2 Inside
domain-name mbaru.ru
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network MBA_Nets
subnet 10.100.0.0 255.255.0.0
object service smtp
service tcp destination eq smtp
object network DC1
host 10.100.0.2
object network DC2
host 10.100.0.3
object network SQUID
host 10.10.10.11
object service dns_tcp
service tcp destination eq domain
object service imap
service tcp destination eq imap4
object service imap_ssl
service tcp destination eq 993
object service smtp_ssl
service tcp destination eq 465
object network Kalinina_Net
subnet 10.100.64.0 255.255.192.0
object service pop3
service tcp destination eq pop3
object service pop3_ssl
service tcp destination eq 995
object network Search
host 10.100.0.7
object service sms
service tcp destination range 8000 8001
object service dns_udp
service udp destination eq domain
object service web_mail
service tcp destination eq 32000
object network Sharepoint
host 10.100.0.112
object service fake_rdp
service tcp destination eq 5589
object service rdp
service tcp destination eq 3389
object network Shareman
host 77.232.139.13
object service sharepoint_https
service tcp destination eq https
object network Fileserver
host 10.100.0.45
object service ftp
service tcp destination eq ftp
object service ftp_data
service tcp destination range 5500 5525
object network SMO
host 88.135.48.181
object service isakmp_1
service udp destination eq isakmp
object service isakmp_2
service udp destination eq 4500
object service tunnel
service gre
object network Konsul_Net
subnet 10.100.60.0 255.255.252.0
object network Memfis_Net
subnet 10.100.0.0 255.255.224.0
object network NETWORK_OBJ_172.16.0.0_24
subnet 172.16.0.0 255.255.255.0
object network VPN_POOL_TEST
subnet 172.20.0.0 255.255.255.0
object network NETWORK_OBJ_172.20.0.0_25
subnet 172.20.0.0 255.255.255.128
object network VPN_NET
subnet 172.20.0.0 255.255.255.0
object network iDRAC
subnet 10.90.90.0 255.255.255.0
object network SSH
host 10.100.0.110
description WIFI Controller
object network Internet_Ertel
subnet 0.0.0.0 0.0.0.0
object network MSK_Main
host E.E.E.E
object network MSK_Reserve
host F.F.F.F
object network Cisco_interface_for_MSK
host 172.17.1.81
object network Cisco_interface_for_SMO
host 172.17.1.77
object service ipsec_additional
service udp destination eq 4500
object network All_MBA_Nets
subnet 10.100.0.0 255.255.0.0
object network Asterisk_local
host 10.100.0.5
object network Aterisk_beeline
host M.M.M.M
object network WINSRV12RDP7
range 10.100.28.1 10.100.28.100
object network WINSRV12RDP8
range 10.100.28.101 10.100.28.200
object network WINSRV12RDP3
range 10.100.30.1 10.100.30.100
object network WINSRV12RDP4
range 10.100.30.101 10.100.30.200
object network WINSRV12RDP5
range 10.100.29.1 10.100.29.100
object network WINSRV12RDP6
range 10.100.29.101 10.100.29.200
object network WINSRV12RDP9
range 10.100.27.1 10.100.27.100
object network WINSRV12RDP10
range 10.100.27.101 10.100.27.200
object network WINSRV12RDP11
range 10.100.26.1 10.100.26.100
object network WINSRV12RDP12
range 10.100.26.101 10.100.26.200
object network WINSRV12RDP13
range 10.100.25.1 10.100.25.100
object network WINSRV12RDP14
range 10.100.25.101 10.100.25.200
object network WINSRV12RDP15
range 10.100.24.1 10.100.24.100
object network WINSRV12RDP16
range 10.100.24.101 10.100.24.200
object network WINSRV12RDP1
range 10.100.31.1 10.100.31.100
object network WINSRV12RDP2
range 10.100.31.101 10.100.31.200
object network MEMFIS(SRV_AND_NET)
range 10.100.0.1 10.100.0.255
object network MEMFIS(ADMINISTRATIVE)
range 10.100.1.0 10.100.1.255
object network SMO(SRV_AND_NET)
range 10.100.48.1 10.100.48.255
object network SMO(ADMINISTRATIVE)
range 10.100.55.1 10.100.55.100
object network KALININA(ADMINISTRATIVE)
range 10.100.65.1 10.100.67.255
object network MSK(ADMINISTRATIVE)
subnet 10.100.58.0 255.255.255.0
object network MBAFIN_GUEST
subnet 10.90.92.0 255.255.255.0
object network FAX
host 213.85.168.52
object network Interlin
host 188.94.208.10
object network MTT_ym
host 80.75.132.66
object network Power
host 178.238.120.178
object network Zebra
host 213.145.43.128
object network MTT
host 80.75.130.132
object network MTT_ufa
host 80.75.130.147
object network Autoinform_beeline
host G.G.G.G
object service sharepoint_https_fake
service tcp destination eq 444
object network MSK_WIFI_GUEST
host 10.100.59.1
object network MSK_local
subnet 10.100.58.0 255.255.255.0
object network SMTP
host 10.100.0.2
object network SMO_local
subnet 10.100.48.0 255.255.248.0
object network RD2
range 10.100.22.101 10.100.22.200
object network KALININA(SRV_AND_NET)
range 10.100.64.1 10.100.64.255
object network SMSSENDER
host 10.100.3.177
description Send sms pass
object network MSK_wifi
subnet 10.100.59.0 255.255.255.0
object network Sharepoint_https
host 10.100.0.7
object network MSK_NEW
subnet 10.100.60.0 255.255.252.0
object network MSK_NEW_WiFi
host 10.100.57.1
object network MSK_wifi_NEW
subnet 10.100.57.0 255.255.255.0
object network AnyConnectClients
subnet 172.20.0.0 255.255.255.0
object network gitlab
host 10.100.3.167
object service web_mail_src
service tcp source eq 32000
object service smtp_src
service tcp source eq smtp
object service smtp_ssl_src
service tcp source eq 465
object service imap_src
service tcp source eq imap4
object service imap_ssl_src
service tcp source eq 993
object service pop3_src
service tcp source eq pop3
object service pop3_ssl_src
service tcp source eq 995
object service sms_src
service tcp source range 8000 8001
object service fake_rdp_src
service tcp source eq 5589 destination range 1 65535
object service rdp_src
service tcp source eq 3389 destination range 1 65535
object service ftp_src
service tcp source eq ftp
object service https_src
service tcp source eq https
object service https_444_src
service tcp source eq 444
object service ftps_src
service tcp source range 5500 5525
object network VPN
subnet 172.20.0.0 255.255.255.0
object network BACKUP_SERVER
host 10.100.4.27
object network Limited_IPs_Memfis
range 10.100.2.0 10.100.2.255
object network Limited_IPs_Kalinina
range 10.100.68.0 10.100.68.255
object network testpc
host 10.100.3.252
object network ASA_SMO
host 172.17.1.146
object network MSK_Old_Branch
host F.F.F.F
object network 10.100.67.37
host 10.100.67.37
object network Redis
host 10.100.4.18
object service RTP_SIP
service udp source range 10000 20000
description RTP
object network Icewarp
host 10.100.0.4
object network IP_Phone
host 10.100.69.138
object network symantec_backup
host 10.100.3.253
object network erptest
host 10.100.31.201
object network 10.100.1.103
host 10.100.1.103
object network 10.100.1.107
host 10.100.1.107
object network VostokFinance_1
subnet 10.0.10.0 255.255.255.0
object network VostokFinance_2
subnet 10.2.0.0 255.255.0.0
object network VostokFinance_3
subnet 10.3.10.0 255.255.255.0
object network 10.100.3.52
host 10.100.3.52
object network 10.100.3.253
host 10.100.3.253
object network 10.100.49.13
host 10.100.49.13
object network WIN10SER
host 10.100.3.121
object network Slackware14.2
host 10.100.3.248
object network Printserver
host 10.100.4.65
object network 10.100.3.149
host 10.100.3.149
object network 10.100.4.4
host 10.100.4.4
object network 10.100.3.13
host 10.100.3.13
object network 10.100.3.194
host 10.100.3.194
object network 10.100.69.54
host 10.100.69.54
object network IP_ETAP
host 37.112.57.61
object network Test
host 10.100.67.63
description test
object network FreeRadius
host 10.10.10.9
object network Freeradius_res
host 10.10.10.11
object network Dosugova
host 10.100.1.16
object network logicinvest
host 10.100.67.129
object service http_src
service tcp source eq www destination range 1 65535
object service fake_http_src
service tcp source eq 5050 destination range 1 65535
object network 10.100.31.205
host 10.100.31.205
object network 54.246.205.20
host 54.246.205.20
description Telemarket
object network 54.246.211.170
host 54.246.211.170
description Telemarket
object network 176.34.143.182
host 176.34.143.182
description Telemarket
object service http_src_telemarket
service tcp source eq 4546
object service http_dst_telemarket
service tcp destination eq 4546
object network SMS_Traffic_prov
host 212.24.56.100
description sms_status_resive
object network 209.95.50.91
host 209.95.50.91
description Telemarket
object network 54.171.177.117
host 54.171.177.117
description Telemarket
object network CZinvest
host 37.112.63.240
object service CZ_Sharepoint_http
service tcp source eq 8088
object network DevinoMailSpamer1
range 212.193.97.32 212.193.97.239
object network DevinoMailSpamer2
range 194.226.179.64 194.226.179.239
object network 54.154.54.79
host 54.154.54.79
description Telemarket
object network J.J.J.J
host J.J.J.J
description MSK
object network trade_server
host 192.168.99.2
object network TRADE_NETWOKR
subnet 192.168.99.0 255.255.255.0
object network 54.154.99.68
host 54.154.99.68
object network Autoinform_local
host 10.100.0.6
object network Other_Memfis_Net
range 10.100.3.0 10.100.7.254
object network 10.100.69.21
host 10.100.69.21
object network 10.100.69.180
host 10.100.69.180
object network 10.100.69.52
host 10.100.69.52
object network 10.100.3.241
host 10.100.3.241
object network 10.100.69.35
host 10.100.69.35
object network 10.100.69.42
host 10.100.69.42
object network Support_RSBANK
host 95.66.140.96
description support_rsbank
object network RSbank_server
host 10.100.3.241
object network Support_RSBANK_2
host 82.202.161.83
object network VD_Server
host 10.30.2.88
object network 95.169.99.106
host 95.169.99.106
object network 95.169.99.104
host 95.169.99.104
object network 95.169.99.108
host 95.169.99.108
object network 95.169.99.107
host 95.169.99.107
object network Artem_Outside
host 31.132.155.171
object network 31.132.155.171
host 31.132.155.171
object network 195.19.12.10
host 195.19.12.10
object network 10.11.0.0
subnet 10.11.0.0 255.255.0.0
object network 10.20.0.0
subnet 10.20.0.0 255.255.0.0
object network 10.21.0.0
subnet 10.21.0.0 255.255.0.0
object network 10.22.0.0
subnet 10.22.0.0 255.255.0.0
object network 10.23.0.0
subnet 10.23.0.0 255.255.0.0
object network 10.24.0.0
subnet 10.24.0.0 255.255.0.0
object network 10.25.40.0
subnet 10.25.40.0 255.255.255.0
object network 10.26.0.0
subnet 10.26.0.0 255.255.0.0
object network 10.27.0.0
subnet 10.27.0.0 255.255.0.0
object network 10.30.0.0
subnet 10.30.0.0 255.255.0.0
object network 10.32.0.0
subnet 10.32.0.0 255.255.0.0
object network 10.33.0.0
subnet 10.33.0.0 255.255.0.0
object network 10.50.0.0
subnet 10.50.0.0 255.255.0.0
object network 10.111.0.0
subnet 10.111.0.0 255.255.0.0
object network 10.112.0.0
subnet 10.112.0.0 255.255.0.0
object network 195.19.12.6
host 195.19.12.6
object network 10.40.0.0
subnet 10.40.0.0 255.255.0.0
object network 10.100.4.59
host 10.100.4.59
object network iBANK
host 109.232.250.90
object network FSSP
host 95.173.157.48
object network 37.18.20.234
host 37.18.20.234
object network 37.18.20.197
host 37.18.20.197
object network 37.18.20.231
host 37.18.20.231
object network Marianna
host 10.100.67.96
object network 10.100.67.56
host 10.100.67.56
object network 1C8RDP
host 10.100.0.15
object network W2K8R2IIS
host 10.100.0.54
object network MILI_Scoring
subnet 37.18.20.0 255.255.255.0
object network Minkov
host 31.132.155.171
object service score
service tcp destination eq 8989
object service score_src
service tcp source eq 8989
object network mttapi
host 80.75.132.103
object network 10.100.67.74
host 10.100.67.74
object network 176.99.4.174
host 176.99.4.174
object network 176.99.6.90
host 176.99.6.90
object network 151.248.118.155
host 151.248.118.155
object network SMS_Traffic_Status
host 213.248.59.122
object network winsrv12backup
host 10.100.3.230
object network SMS_Traffic_Status_2
host 212.92.99.146
object network SMS_Traffic_Status_3
host 212.92.99.210
object service score_src_test
service tcp source eq 8990
object service score_test
service tcp destination eq 8990
object service score_src2
service tcp source eq 9090
object service score2
service tcp destination eq 9090
object-group network DM_INLINE_NETWORK_15
network-object 10.0.0.0 255.255.255.0
network-object 10.2.0.0 255.255.255.0
network-object 10.3.0.0 255.255.255.0
object-group service RTP
service-object object RTP_SIP
object-group network DM_INLINE_NETWORK_5
network-object object Kalinina_Net
network-object object Konsul_Net
network-object object Memfis_Net
object-group service DM_INLINE_SERVICE_1
service-object object imap
service-object object imap_ssl
service-object object pop3
service-object object pop3_ssl
service-object object smtp
service-object object smtp_ssl
service-object object web_mail
service-object object sms
object-group service DM_INLINE_SERVICE_2
service-object object imap
service-object object imap_ssl
service-object object pop3
service-object object pop3_ssl
service-object object smtp
service-object object smtp_ssl
service-object object web_mail
object-group service DM_INLINE_SERVICE_3
service-object object ftp
service-object object ftp_data
object-group service DM_INLINE_SERVICE_4
service-object object rdp
service-object object sharepoint_https
object-group network DM_INLINE_NETWORK_2
network-object object MSK_Main
network-object object SMO
object-group network DM_INLINE_NETWORK_3
network-object object Aterisk_beeline
network-object object Autoinform_beeline
object-group service DM_INLINE_SERVICE_5
group-object RTP
service-object udp destination eq bootpc
service-object udp destination eq bootps
service-object udp destination eq sip
object-group icmp-type DM_INLINE_ICMP_1
icmp-object time-exceeded
icmp-object unreachable
object-group network asterisk_beeline_ip
network-object object Aterisk_beeline
network-object object Autoinform_beeline
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
object-group network DM_INLINE_NETWORK_11
network-object object DC1
network-object object DC2
network-object host 10.100.1.107
object-group icmp-type DM_INLINE_ICMP_2
icmp-object time-exceeded
icmp-object unreachable
object-group network IP_USERS
description ALL MBA USER INTERNET
network-object object SMO(ADMINISTRATIVE)
network-object object SMSSENDER
network-object object KALININA(ADMINISTRATIVE)
network-object object MEMFIS(ADMINISTRATIVE)
network-object object Limited_IPs_Kalinina
network-object object Limited_IPs_Memfis
object-group network Terminal's_Servers
network-object object WINSRV12RDP1
network-object object WINSRV12RDP10
network-object object WINSRV12RDP11
network-object object WINSRV12RDP12
network-object object WINSRV12RDP13
network-object object WINSRV12RDP14
network-object object WINSRV12RDP15
network-object object WINSRV12RDP16
network-object object WINSRV12RDP2
network-object object WINSRV12RDP3
network-object object WINSRV12RDP4
network-object object WINSRV12RDP5
network-object object WINSRV12RDP6
network-object object WINSRV12RDP7
network-object object WINSRV12RDP8
network-object object WINSRV12RDP9
object-group network DM_INLINE_NETWORK_4
group-object IP_USERS
group-object Terminal's_Servers
object-group network IP_with_Internet
network-object object MEMFIS(SRV_AND_NET)
network-object object MSK(ADMINISTRATIVE)
network-object object SMO(ADMINISTRATIVE)
network-object object SMO(SRV_AND_NET)
network-object object KALININA(SRV_AND_NET)
network-object object Redis
network-object object SMSSENDER
network-object object gitlab
network-object object KALININA(ADMINISTRATIVE)
network-object object MEMFIS(ADMINISTRATIVE)
network-object object 10.100.3.52
network-object object trade_server
network-object object 10.100.69.42
network-object object 10.100.4.59
network-object object erptest
object-group network Limited_IPs_All
network-object object Limited_IPs_Kalinina
network-object object Limited_IPs_Memfis
object-group network DM_INLINE_NETWORK_8
group-object IP_with_Internet
network-object object RD2
group-object Limited_IPs_All
object-group network DM_INLINE_NETWORK_12
network-object 0.0.0.0 0.0.0.0
network-object object Shareman
object-group network DM_INLINE_NETWORK_7
network-object object MSK_Main
network-object object MSK_Reserve
object-group service DM_INLINE_TCP_9 tcp
port-object eq www
port-object eq https
object-group service DM_INLINE_UDP_1 udp
port-object eq 4500
port-object eq isakmp
object-group service DM_INLINE_UDP_2 udp
port-object eq 4500
port-object eq isakmp
object-group network SIP_Service_Provider
network-object object FAX
network-object object Interlin
network-object object MTT
network-object object MTT_ufa
network-object object MTT_ym
network-object object Power
network-object object Zebra
object-group network DM_INLINE_NETWORK_13
network-object object MBAFIN_GUEST
network-object object MBA_Nets
network-object object SQUID
network-object object FreeRadius
network-object object TRADE_NETWOKR
object-group network DM_INLINE_NETWORK_9
network-object object Aterisk_beeline
network-object object Autoinform_beeline
object-group service DM_INLINE_TCPUDP_1 tcp-udp
port-object range 10000 65535
port-object eq sip
object-group network DM_INLINE_NETWORK_14
network-object object MBAFIN_GUEST
network-object object MBA_Nets
network-object object SQUID
network-object object FreeRadius
network-object object TRADE_NETWOKR
object-group service mail tcp
port-object eq 465
port-object eq 993
port-object eq 995
port-object eq imap4
port-object eq pop3
port-object eq smtp
port-object eq 32000
object-group service DM_INLINE_TCP_7 tcp
port-object eq 8000
port-object eq 8001
object-group network CZ_Nets
network-object object 10.11.0.0
network-object object 10.111.0.0
network-object object 10.112.0.0
network-object object 10.20.0.0
network-object object 10.21.0.0
network-object object 10.22.0.0
network-object object 10.23.0.0
network-object object 10.24.0.0
network-object object 10.26.0.0
network-object object 10.27.0.0
network-object object 10.30.0.0
network-object object 10.32.0.0
network-object object 10.33.0.0
network-object object 10.50.0.0
network-object object 10.40.0.0
network-object object 10.25.40.0
object-group network DM_INLINE_NETWORK_1
group-object Limited_IPs_All
group-object IP_with_Internet
network-object object MBAFIN_GUEST
network-object object VPN
group-object Terminal's_Servers
network-object object RD2
group-object CZ_Nets
object-group network DM_INLINE_NETWORK_6
network-object object KALININA(SRV_AND_NET)
network-object object MEMFIS(SRV_AND_NET)
network-object object SMO(SRV_AND_NET)
object-group service Aster_rtp udp
port-object range 10000 20000
object-group network DM_INLINE_NETWORK_10
network-object object DC1
network-object object DC2
network-object host 10.100.1.107
object-group service DM_INLINE_SERVICE_6
group-object RTP
service-object udp destination eq bootpc
service-object udp destination eq bootps
service-object udp destination eq sip
object-group service DM_INLINE_SERVICE_7
group-object RTP
service-object tcp-udp destination eq domain
service-object udp destination eq bootpc
service-object udp destination eq bootps
service-object udp destination eq sip
object-group network Bypass_The_Firepower
network-object object FreeRadius
network-object object Freeradius_res
network-object object Icewarp
network-object object Search
network-object object Fileserver
network-object object Dosugova
network-object object iBANK
network-object object TRADE_NETWOKR
network-object object 1C8RDP
network-object object mttapi
object-group user sf
description dsf
user LOCAL\admin
object-group network DM_INLINE_NETWORK_18
network-object object VostokFinance_1
network-object object VostokFinance_2
network-object object VostokFinance_3
object-group service DM_INLINE_TCP_1 tcp
port-object eq www
port-object eq https
object-group network Telemarket
network-object object 195.19.12.10
network-object object 195.19.12.6
network-object object 37.18.20.197
network-object object 37.18.20.231
network-object object 37.18.20.234
object-group service KMS_SER tcp-udp
port-object eq 1688
object-group service DM_INLINE_UDP_3 udp
port-object range 10000 20000
port-object eq sip
object-group protocol DM_INLINE_PROTOCOL_1
protocol-object udp
protocol-object tcp
object-group network DM_INLINE_NETWORK_16
network-object host 10.100.0.50
network-object host 10.100.0.51
network-object host 10.100.0.66
network-object object Redis
network-object object erptest
object-group network RS_Bank_support_group
network-object object Support_RSBANK
network-object object Support_RSBANK_2
object-group network SMS
network-object object 95.169.99.106
network-object object 95.169.99.104
network-object object 95.169.99.108
network-object object SMS_Traffic_prov
network-object object 95.169.99.107
network-object object SMS_Traffic_Status
network-object object SMS_Traffic_Status_2
network-object object SMS_Traffic_Status_3
object-group network DM_INLINE_NETWORK_17
network-object object Kalinina_Net
network-object object Other_Memfis_Net
object-group network Scoring
network-object object MILI_Scoring
network-object object Minkov
network-object object 176.99.4.174
network-object object 176.99.6.90
network-object object 151.248.118.155
object-group service DM_INLINE_SERVICE_8
service-object object score
service-object object score_test
service-object object score2
access-list web-traffic extended permit ip object-group DM_INLINE_NETWORK_5 any
access-list squid extended permit ip object SQUID any
access-list Local_Net standard permit 10.100.0.0 255.255.0.0
access-list L2TP_group_splitTunnelAcl standard permit 10.100.0.0 255.255.0.0
access-list mba-vpn_splitTunnelAcl standard permit 10.100.0.0 255.255.0.0
access-list DefaultRAGroup_splitTunnelAcl standard permit 10.100.0.0 255.255.0.0
access-list DefaultRAGroup_splitTunnelAcl_1 standard permit 10.100.0.0 255.255.0.0
access-list DefaultRAGroup_splitTunnelAcl_1 standard permit 10.90.90.0 255.255.255.0
access-list mba-vpn_splitTunnelAcl_1 standard permit 10.100.0.0 255.255.0.0
access-list easy-vpn_splitTunnelAcl standard permit 10.100.0.0 255.255.0.0
access-list Outside_Beeline_access_in remark Allow traceroute cmd
access-list Outside_Beeline_access_in extended permit icmp any any object-group DM_INLINE_ICMP_1 log disable
access-list Outside_Beeline_access_in extended deny ip object-group SPAM any4
access-list Outside_Beeline_access_in extended permit object-group DM_INLINE_SERVICE_2 any object Icewarp
access-list Outside_Beeline_access_in extended permit ip any object-group DM_INLINE_NETWORK_3
access-list Outside_Beeline_access_in extended permit object-group TCPUDP object-group SIP_Service_Provider object-group DM_INLINE_NETWORK_9 object-group DM_INLINE_TCPUDP_1
access-list Outside_Ertel_access_in remark Allow traceroute cmd
access-list Outside_Ertel_access_in extended permit icmp any any object-group DM_INLINE_ICMP_2 log disable
access-list Outside_Ertel_access_in extended deny ip object-group SPAM any4
access-list Outside_Ertel_access_in extended permit object-group DM_INLINE_SERVICE_1 any object Icewarp
access-list Outside_Ertel_access_in extended permit object-group DM_INLINE_SERVICE_3 any object Fileserver
access-list Outside_Ertel_access_in extended permit object-group DM_INLINE_SERVICE_8 object-group Scoring object W2K8R2IIS
access-list Outside_Ertel_access_in extended permit object sms object-group SMS object Search
access-list Outside_Ertel_access_in extended permit tcp object CZinvest object Sharepoint eq 8088 inactive
access-list Outside_Ertel_access_in extended permit object-group DM_INLINE_SERVICE_4 object Shareman object Sharepoint
access-list Outside_Ertel_access_in extended permit tcp object Shareman object Sharepoint eq https
access-list Outside_Ertel_access_in extended permit tcp any object logicinvest eq www inactive
access-list Outside_Ertel_access_in extended permit object http_dst_telemarket object-group Telemarket object Search
access-list Outside_Ertel_access_in extended permit object rdp object-group RS_Bank_support_group object RSbank_server
access-list SQUID_Redirect extended deny tcp 10.100.0.0 255.255.0.0 host 10.100.60.2 eq www
access-list SQUID_Redirect extended permit ip object RD2 any
access-list SQUID_Redirect extended permit ip object-group DM_INLINE_NETWORK_6 any
access-list SQUID_Redirect extended deny tcp object-group IP_USERS any eq www
access-list Outside_Ertel_mpc_13 extended permit ip object RD2 object MSK_NEW inactive
access-list Outside_Ertel_mpc_13 extended permit object-group DM_INLINE_SERVICE_5 object MBA_Nets object MSK_NEW
access-list Outside_Ertel_mpc_13 extended permit object-group TCPUDP object-group DM_INLINE_NETWORK_10 any eq domain
access-list Outside_Ertel_mpc_13 extended permit ip object TRADE_NETWOKR any
access-list Inside_mpc extended permit tcp any object-group DM_INLINE_TCP_9 object MBA_Nets
access-list Outside_Ertel_mpc_14 extended permit object-group DM_INLINE_PROTOCOL_1 object-group IP_USERS any range 1025 65535
access-list Outside_Beeline_mpc_4 extended permit object-group DM_INLINE_SERVICE_6 object MBA_Nets object MSK_NEW
access-list Outside_Beeline_mpc_4 extended permit object-group TCPUDP object-group DM_INLINE_NETWORK_11 any eq domain
access-list Outside_Beeline_mpc_4 extended permit object-group TCPUDP object-group asterisk_beeline_ip eq sip any eq sip
access-list Outside_Beeline_mpc_4 extended permit udp object-group asterisk_beeline_ip any range 10000 40000
access-list Outside_Beeline_mpc_10 extended permit object-group TCPUDP object-group IP_USERS any range 1 1024
access-list Outside_Beeline_mpc_11 extended permit object-group TCPUDP object-group IP_USERS any range 1025 65535
access-list Inside_access_in extended permit tcp object-group Terminal's_Servers any object-group DM_INLINE_TCP_1
access-list Inside_access_in extended permit ip object-group Terminal's_Servers host 193.232.167.126
access-list Inside_access_in extended permit ip object-group DM_INLINE_NETWORK_8 any
access-list Inside_access_in extended permit ip object-group DM_INLINE_NETWORK_17 object trade_server
access-list Inside_access_in extended permit ip object MBAFIN_GUEST any
access-list Inside_access_in extended permit ip object Icewarp any
access-list Inside_access_in extended permit ip object erptest any
access-list Inside_access_in extended permit ip object iDRAC any
access-list Inside_mpc_1 extended permit tcp any object Icewarp object-group mail
access-list Inside_mpc_2 extended permit tcp any object Search object-group DM_INLINE_TCP_7
access-list Beeline_pool_mpc extended permit object-group TCPUDP any eq sip object Aterisk_beeline eq sip
access-list Beeline_pool_mpc_1 extended permit object-group TCPUDP any range 10000 65535 object Aterisk_beeline range 10000 65535
access-list Outside_Ertel_mpc extended permit object-group DM_INLINE_PROTOCOL_1 object-group IP_USERS any range 1 1024
access-list Outside_Ertel_mpc_1 extended permit ip object All_MBA_Nets object MSK_NEW
access-list SMO_VLAN_mpc extended permit udp object SMO object-group DM_INLINE_UDP_2 object Cisco_interface_for_SMO object-group DM_INLINE_UDP_1
access-list global_mpc extended permit ip object All_MBA_Nets any
access-list Outside_Ertel_cryptomap_4 extended permit udp object DC1 object MSK_NEW_WiFi
access-list Outside_Ertel_cryptomap_4 extended permit ip object DC1 object J.J.J.J
access-list Outside_Ertel_cryptomap_4 extended permit ip object MBA_Nets object MSK_NEW
access-list Outside_Ertel_cryptomap_4 extended permit ip object VPN_NET object MSK_NEW
access-list Outside_Ertel_cryptomap_4 extended permit ip object 10.111.0.0 object MSK_NEW
access-list Outside_Ertel_cryptomap_3 extended permit ip object MBA_Nets object MSK_NEW
access-list global_mpc_2 extended deny ip object-group Bypass_The_Firepower any
access-list global_mpc_2 extended deny ip any object-group Bypass_The_Firepower
access-list global_mpc_2 extended deny ip object TRADE_NETWOKR object Asterisk_local
access-list global_mpc_2 extended permit ip object-group DM_INLINE_NETWORK_1 any4
access-list global_mpc_2 extended permit ip any4 object All_MBA_Nets
access-list Outside_Beeline_mpc extended permit ip object All_MBA_Nets object MSK_NEW
access-list Inside_mpc_4 extended permit ip object MSK_NEW object MBA_Nets
access-list Inside_mpc_3 extended permit object-group DM_INLINE_SERVICE_7 object MSK_NEW object MBA_Nets
access-list Inside_mpc_3 extended permit ip any object TRADE_NETWOKR
access-list Outside_Ertel_cryptomap_65535.65535 extended permit ip any any
access-list VostokFinance extended permit ip 10.100.48.0 255.255.248.0 object-group DM_INLINE_NETWORK_15
access-list AnyConnect_Client_Local_Print extended deny ip any4 any4
access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq lpd
access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol
access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 631
access-list AnyConnect_Client_Local_Print remark Windows' printing port
access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 9100
access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol
access-list AnyConnect_Client_Local_Print extended permit udp any4 host 224.0.0.251 eq 5353
access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name Resolution protocol
access-list AnyConnect_Client_Local_Print extended permit udp any4 host 224.0.0.252 eq 5355
access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol
access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 137
access-list AnyConnect_Client_Local_Print extended permit udp any4 any4 eq netbios-ns
access-list RestrictedVPN extended permit tcp any object gitlab eq www
access-list RestrictedVPN extended permit tcp any object gitlab eq ssh
access-list RestrictedVPN extended permit object-group TCPUDP any object DC1 eq domain
access-list RestrictedVPN extended permit ip any object-group DM_INLINE_NETWORK_16
access-list RestrictedVPN extended permit tcp any host 10.100.0.35 eq 1433
access-list Allow_All_VPN extended permit ip any object MBA_Nets
access-list Inside_mpc_5 extended permit ip any object Fileserver
access-list TEST_ETAP_IP standard permit host 10.100.67.63
access-list Trade_access_in extended permit udp object TRADE_NETWOKR object Asterisk_local object-group DM_INLINE_UDP_3
access-list Trade_access_in extended permit object-group TCPUDP object trade_server object DC2 object-group KMS_SER
access-list Trade_access_in extended permit ip object TRADE_NETWOKR object Icewarp
access-list Trade_access_in extended deny ip object TRADE_NETWOKR object MBA_Nets
access-list Trade_access_in extended permit ip object TRADE_NETWOKR any
access-list SYSADMIN4 standard permit host 10.100.67.71
access-list SYSADMIN4 standard permit host 10.100.1.103
access-list Redirect_test extended permit ip host 10.100.1.107 any
access-list Redirect_test extended permit ip host 10.100.1.234 any
access-list Redirect_test extended permit ip host 10.100.1.102 any
access-list Outside_Ertel_cryptomap_10 extended permit ip object TRADE_NETWOKR object VD_Server
access-list Outside_Ertel_CZ extended permit ip object MBA_Nets object-group CZ_Nets
pager lines 24
logging enable
logging emblem
logging trap errors
logging asdm debugging
logging facility 17
logging device-id ipaddress Inside
logging host SQUID 10.10.10.11 format emblem
logging class auth trap informational
logging class ids trap debugging
logging class sys trap warnings
logging class vpn trap informational
logging class vpnc trap informational
logging class webvpn trap informational
mtu Inside 1500
mtu Outside_Ertel 1500
mtu Outside_Beeline 1500
mtu Administrative 1500
mtu SQUID 1500
mtu Beeline_pool 1500
mtu Beeline_pool_2 1500
mtu Trade 1500
mtu 3com_Management 1500
mtu Management 1500
no failover
no monitor-interface SQUID
no monitor-interface Beeline_pool
no monitor-interface Beeline_pool_2
no monitor-interface Trade
no monitor-interface service-module
icmp unreachable rate-limit 10 burst-size 1
asdm image disk0:/asdm-791.bin
asdm history enable
arp timeout 14400
no arp permit-nonconnected
arp rate-limit 16384
nat (Outside_Ertel,Outside_Ertel) source static VPN_NET VPN_NET destination static MSK_NEW MSK_NEW no-proxy-arp route-lookup
nat (Inside,Outside_Ertel) source static MBA_Nets MBA_Nets destination static VPN_NET VPN_NET no-proxy-arp route-lookup
nat (Inside,Outside_Ertel) source static MBA_Nets MBA_Nets destination static MSK_local MSK_local no-proxy-arp route-lookup description MSK Identity NAT
nat (Inside,Outside_Ertel) source static MBA_Nets MBA_Nets destination static MSK_wifi MSK_wifi no-proxy-arp route-lookup description MSK Wi-Fi Identity NAT
nat (Trade,Outside_Ertel) source static TRADE_NETWOKR TRADE_NETWOKR destination static VD_Server VD_Server no-proxy-arp route-lookup description VD Identity
nat (Inside,Outside_Ertel) source static MBA_Nets MBA_Nets destination static MSK_wifi_NEW MSK_wifi_NEW no-proxy-arp route-lookup
nat (Inside,Outside_Beeline) source static MBA_Nets MBA_Nets destination static MSK_wifi_NEW MSK_wifi_NEW no-proxy-arp route-lookup
nat (Inside,Outside_Ertel) source static MBA_Nets MBA_Nets destination static MSK_NEW MSK_NEW no-proxy-arp route-lookup
nat (Inside,Outside_Beeline) source static MBA_Nets MBA_Nets destination static MSK_NEW MSK_NEW no-proxy-arp route-lookup
nat (any,Outside_Ertel) source static MBA_Nets MBA_Nets destination static CZ_Nets CZ_Nets no-proxy-arp route-lookup
nat (Inside,Outside_Ertel) source static Icewarp interface service web_mail_src web_mail_src no-proxy-arp description PORT MAP MAIL 32000
nat (Inside,Outside_Ertel) source static Icewarp interface service smtp_src smtp_src no-proxy-arp description PORT MAP SMTP 25
nat (Inside,Outside_Ertel) source static Icewarp interface service smtp_ssl_src smtp_ssl_src no-proxy-arp description PORT MAP SMTP 465
nat (Inside,Outside_Ertel) source static Icewarp interface service imap_src imap_src no-proxy-arp description PORT MAP IMAP 143
nat (Inside,Outside_Ertel) source static Icewarp interface service imap_ssl_src imap_ssl_src no-proxy-arp description PORT MAP IMAP 993
nat (Inside,Outside_Ertel) source static Icewarp interface service pop3_src pop3_src no-proxy-arp description PORT MAP POP3 110
nat (Inside,Outside_Ertel) source static Icewarp interface service pop3_ssl_src pop3_ssl_src no-proxy-arp description PORT MAP POP3 995
nat (Inside,Outside_Ertel) source static Search interface service sms_src sms_src no-proxy-arp description PORT MAP SMS 8000-8001
nat (Inside,Outside_Ertel) source static Search interface destination static Telemarket Telemarket service http_src_telemarket http_src_telemarket no-proxy-arp description PORT MAP Telemarket 4546
nat (Inside,Outside_Ertel) source static logicinvest interface service http_src fake_http_src no-proxy-arp inactive description PORT MAP LOGICINVEST HTTP 5050
nat (Inside,Outside_Ertel) source static Sharepoint interface destination static Shareman Shareman service rdp_src fake_rdp_src no-proxy-arp description PORT MAP SHAREPOINT RDP 5589
nat (Inside,Outside_Ertel) source static Sharepoint interface destination static Shareman Shareman service https_src https_444_src no-proxy-arp
nat (Inside,Outside_Ertel) source static RSbank_server interface destination static RS_Bank_support_group RS_Bank_support_group service rdp_src fake_rdp_src no-proxy-arp description PORT MAP RSBank RDP 5589
nat (Inside,Outside_Ertel) source static Fileserver interface service ftp_src ftp_src no-proxy-arp
nat (Inside,Outside_Ertel) source static Fileserver interface service ftps_src ftps_src no-proxy-arp
nat (Inside,Outside_Beeline) source static Icewarp interface service smtp_src smtp_src no-proxy-arp description PORT MAP SMTP 25
nat (Inside,Outside_Beeline) source static Icewarp interface service smtp_ssl_src smtp_ssl_src no-proxy-arp description PORT MAP SMTP 465
nat (Inside,Outside_Beeline) source static Icewarp interface service imap_src imap_src no-proxy-arp description PORT MAP IMAP 143
nat (Inside,Outside_Beeline) source static Icewarp interface service imap_ssl_src imap_ssl_src no-proxy-arp description PORT MAP IMAP 993
nat (Inside,Outside_Beeline) source static Icewarp interface service pop3_src pop3_src no-proxy-arp description PORT MAP POP3 110
nat (Inside,Outside_Beeline) source static Icewarp interface service pop3_ssl_src pop3_ssl_src no-proxy-arp description PORT MAP POP3 995
nat (Inside,Outside_Beeline) source static Icewarp interface service web_mail_src web_mail_src no-proxy-arp description PORT MAP MAIL 32000
nat (Inside,Outside_Ertel) source static W2K8R2IIS interface destination static Scoring Scoring service score_src score_src no-proxy-arp description SCORING
nat (Inside,Outside_Ertel) source static W2K8R2IIS interface destination static Scoring Scoring service score_src2 score_src2 no-proxy-arp description SCORING
nat (Inside,Outside_Ertel) source static W2K8R2IIS interface destination static Scoring Scoring service score_src_test score_src_test no-proxy-arp description SCORING_TEST
!
nat (any,Outside_Ertel) after-auto source dynamic DM_INLINE_NETWORK_14 interface description PAT Ertel
nat (any,Outside_Beeline) after-auto source dynamic DM_INLINE_NETWORK_13 interface description PAT Beeline
access-group Inside_access_in in interface Inside
access-group Outside_Ertel_access_in in interface Outside_Ertel
access-group Outside_Beeline_access_in in interface Outside_Beeline
access-group Trade_access_in in interface Trade
!
route-map Beeline_pool permit 1
match interface Beeline_pool
set ip dscp ef
set ip next-hop H.H.H.H
!
route Outside_Ertel 0.0.0.0 0.0.0.0 I.I.I.I 1 track 1
route Outside_Beeline 0.0.0.0 0.0.0.0 H.H.H.H 2
route Inside 10.90.90.0 255.255.255.0 172.17.1.38 1
route Inside 10.90.92.0 255.255.255.0 172.17.1.38 1
route Inside 10.100.0.0 255.255.224.0 172.17.1.38 1
route Inside 10.100.48.0 255.255.248.0 172.17.1.38 1
route Inside 10.100.58.0 255.255.255.0 172.17.1.38 1
route Inside 10.100.64.0 255.255.192.0 172.17.1.38 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
timeout conn-holddown 0:00:15
timeout igp stale-route 0:01:10
aaa-server DC_RADIUS protocol radius
aaa-server DC_RADIUS (Inside) host 10.100.0.2
key ytepyftim
authentication-port 1812
accounting-port 1813
radius-common-pw ytepyftim
aaa-server LDAP protocol ldap
max-failed-attempts 2
aaa-server LDAP (Inside) host 10.100.0.2
ldap-base-dn DC=local,DC=test
ldap-scope subtree
ldap-naming-attribute sAMAccountName
ldap-login-password XXXXXXXX
ldap-login-dn CN=ASA,CN=Users,DC=local,DC=test
server-type microsoft
no user-identity enable
user-identity default-domain LOCAL
user-identity action netbios-response-fail remove-user-ip
user-identity inactive-user-timer minutes 120
user-identity logout-probe netbios local-system probe-time minutes 10 retry-interval seconds 10 retry-count 2 user-not-needed
user-identity poll-import-user-group-timer hours 1
user-identity user-not-found enable
aaa authentication ssh console LOCAL
aaa authentication login-history
http server enable
http 10.100.0.0 255.255.224.0 Management
http 10.100.64.0 255.255.192.0 Management
http 10.100.0.0 255.255.0.0 3com_Management
http 10.100.64.0 255.255.192.0 Beeline_pool_2
http 10.100.0.0 255.255.0.0 Inside
http redirect Outside_Ertel 80
http redirect Outside_Beeline 80
snmp-server host Inside 10.100.0.254 community public version 2c
no snmp-server location
no snmp-server contact
sla monitor 1
type echo protocol ipIcmpEcho I.I.I.I interface Outside_Ertel
num-packets 5
sla monitor schedule 1 life forever start-time now
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transport
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map Outside_Ertel_map 2 match address Outside_Ertel_cryptomap_4
crypto map Outside_Ertel_map 2 set peer J.J.J.J
crypto map Outside_Ertel_map 2 set ikev1 transform-set ESP-AES-128-MD5
crypto map Outside_Ertel_map 2 set security-association lifetime seconds 3600
crypto map Outside_Ertel_map 10 match address Outside_Ertel_cryptomap_10
crypto map Outside_Ertel_map 10 set pfs
crypto map Outside_Ertel_map 10 set peer K.K.K.K
crypto map Outside_Ertel_map 10 set ikev1 transform-set ESP-AES-128-MD5
crypto map Outside_Ertel_map 10 set security-association lifetime seconds 1800
crypto map Outside_Ertel_map 20 match address Outside_Ertel_CZ
crypto map Outside_Ertel_map 20 set pfs
crypto map Outside_Ertel_map 20 set peer L.L.L.L
crypto map Outside_Ertel_map 20 set ikev1 transform-set ESP-AES-128-SHA
crypto map Outside_Ertel_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map Outside_Ertel_map interface Outside_Ertel
crypto map Outside_Ertel_map interface Outside_Beeline
crypto ca trustpoint ASDM_TrustPoint0-1
validation-usage ipsec-client ssl-client ssl-server
crl configure
crypto ca trustpoint ASDM_TrustPoint1_vpn
keypair ASDM_TrustPoint1_vpn
crl configure
crypto ca trustpoint ASDM_TrustPoint1_vpn-1
crl configure
crypto ca trustpoint ASDM_Launcher_Access_TrustPoint_0
enrollment self
fqdn none
subject-name CN=172.17.1.37,CN=webvpn
keypair ASDM_LAUNCHER
crl configure
crypto ca trustpoint ASDM_TrustPoint1_webvpn
enrollment terminal
subject-name CN=webvpn.mbafin.ru,C=RU
keypair WEBVPN
no validation-usage
crl configure
crypto ca trustpoint ASDM_TrustPoint1
enrollment terminal
crl configure
crypto ca trustpoint ASDM_TrustPoint_COMODO
keypair ASDM_TrustPoint_COMODO
crl configure
crypto ca trustpoint ASDM_TrustPoint_COMODO-1
crl configure
crypto ca trustpool policy
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable Outside_Ertel client-services port 443
crypto ikev2 enable Outside_Beeline client-services port 443
crypto ikev2 remote-access trustpoint ASDM_TrustPoint1_vpn
crypto ikev1 enable Outside_Ertel
crypto ikev1 enable Outside_Beeline
crypto ikev1 policy 5
authentication pre-share
encryption aes
hash md5
group 2
lifetime 48000
crypto ikev1 policy 20
authentication rsa-sig
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 30
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 50
authentication rsa-sig
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 60
authentication pre-share
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 80
authentication rsa-sig
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 90
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 110
authentication rsa-sig
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 120
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 140
authentication rsa-sig
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 150
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
client-update enable
!
track 1 rtr 1 reachability
telnet timeout 5
ssh stricthostkeycheck
ssh 10.100.0.0 255.255.0.0 Inside
ssh 10.100.64.0 255.255.192.0 Beeline_pool_2
ssh 10.100.0.0 255.255.0.0 3com_Management
ssh 10.100.0.0 255.255.0.0 Management
ssh timeout 15
ssh version 1 2
ssh key-exchange group dh-group1-sha1
console timeout 0
management-access Inside
vpn-sessiondb max-other-vpn-limit 250
vpn-sessiondb max-anyconnect-premium-or-essentials-limit 750
vpn load-balancing
interface lbpublic Outside_Ertel
interface lbprivate Inside
priority-queue Inside
priority-queue Outside_Ertel
priority-queue Outside_Beeline
priority-queue 3com_Management
threat-detection basic-threat
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
dynamic-filter updater-client enable
dynamic-filter use-database
dynamic-filter enable interface Outside_Ertel
dynamic-filter enable interface Outside_Beeline
dynamic-filter drop blacklist interface Outside_Ertel
dynamic-filter drop blacklist interface Outside_Beeline
dynamic-filter whitelist
address 109.232.250.90 255.255.255.255
address 87.118.199.38 255.255.255.255
name www.bankvrn.ru
name ibank.bankvrn.ru
dynamic-filter blacklist
name yaplakal.com
name pikabu.ru
name yaplakal.ru
name yap.ru
name yaplakal.com.ru
ntp server 10.100.0.2
ssl trust-point ASDM_Launcher_Access_TrustPoint_0 Inside
ssl trust-point ASDM_TrustPoint_COMODO Outside_Ertel
ssl trust-point ASDM_TrustPoint_COMODO Outside_Beeline
ssl trust-point ASDM_TrustPoint_COMODO Beeline_pool_2
ssl trust-point ASDM_Launcher_Access_TrustPoint_0 Inside vpnlb-ip
ssl trust-point ASDM_TrustPoint_COMODO domain vpn.mbafin.ru
webvpn
enable Outside_Ertel
enable Outside_Beeline
no anyconnect-essentials
anyconnect image disk0:/anyconnect-win-3.1.14018-k9.pkg 7
anyconnect image disk0:/anyconnect-macosx-i386-3.1.14018-k9.pkg 9
anyconnect image disk0:/anyconnect-linux-3.1.14018-k9.pkg 10
anyconnect image disk0:/anyconnect-linux-64-3.1.14018-k9.pkg 11
anyconnect profiles AnyConnect_client_profile disk0:/anyconnect_client_profile.xml
anyconnect enable
tunnel-group-list enable
smart-tunnel network RD host rd.mbaru.ru
smart-tunnel notification-icon
cache
disable
error-recovery disable
ssl-server-check warn-on-failure
group-policy DefaultRAGroup internal
group-policy DefaultRAGroup attributes
dns-server value 10.100.0.2
vpn-tunnel-protocol ikev2
default-domain value mbaru.ru
group-policy DfltGrpPolicy attributes
vpn-tunnel-protocol ikev2
group-policy easy-vpn internal
group-policy easy-vpn attributes
dns-server value 10.100.0.2
vpn-tunnel-protocol ikev1
split-tunnel-policy tunnelspecified
split-tunnel-network-list value easy-vpn_splitTunnelAcl
default-domain value mbaru.ru
group-policy GroupPolicy_J.J.J.J internal
group-policy GroupPolicy_J.J.J.J attributes
vpn-tunnel-protocol ikev1
group-policy GroupPolicy_AnyConnect internal
group-policy GroupPolicy_AnyConnect attributes
wins-server none
dns-server value 10.100.0.2
vpn-idle-timeout 600
vpn-tunnel-protocol ikev2 ssl-client
split-tunnel-policy tunnelspecified
split-tunnel-network-list value DefaultRAGroup_splitTunnelAcl_1
default-domain value mbaru.ru
split-dns value 10.100.0.2
webvpn
anyconnect profiles value AnyConnect_client_profile type user
group-policy GroupPolicy_K.K.K.K internal
group-policy GroupPolicy_K.K.K.K attributes
vpn-tunnel-protocol ikev1
group-policy GroupPolicy_L.L.L.L internal
group-policy GroupPolicy_L.L.L.L attributes
vpn-tunnel-protocol ikev1
group-policy GroupPolicy1 internal
group-policy GroupPolicy1 attributes
vpn-tunnel-protocol l2tp-ipsec
group-policy ClientlessGroupPolicy internal
group-policy ClientlessGroupPolicy attributes
vpn-tunnel-protocol l2tp-ipsec
dynamic-access-policy-record DfltAccessPolicy
action terminate
dynamic-access-policy-record RestrictedVPN
network-acl RestrictedVPN
priority 1
dynamic-access-policy-record "Allow All"
network-acl Allow_All_VPN
quota management-session 100
username admin password 0on4306YzAN5BlzQ encrypted privilege 15
username root password EoNvB9LxLeNFLMGs1HmcLQ== nt-encrypted privilege 15
tunnel-group DefaultRAGroup general-attributes
address-pool VPN_IP_POOL_TEST
default-group-policy DefaultRAGroup
tunnel-group DefaultRAGroup ipsec-attributes
ikev1 pre-shared-key heslox
tunnel-group AnyConnect type remote-access
tunnel-group AnyConnect general-attributes
address-pool VPN_IP_POOL_TEST
authentication-server-group LDAP
default-group-policy GroupPolicy_AnyConnect
tunnel-group AnyConnect webvpn-attributes
group-alias AnyConnect enable
tunnel-group easy-vpn type remote-access
tunnel-group easy-vpn general-attributes
address-pool VPN_IP_POOL_TEST
authentication-server-group LDAP
default-group-policy easy-vpn
tunnel-group easy-vpn ipsec-attributes
ikev1 pre-shared-key Qq123123
tunnel-group J.J.J.J type ipsec-l2l
tunnel-group J.J.J.J general-attributes
default-group-policy GroupPolicy_J.J.J.J
tunnel-group J.J.J.J ipsec-attributes
ikev1 pre-shared-key heslox
tunnel-group K.K.K.K type ipsec-l2l
tunnel-group K.K.K.K general-attributes
default-group-policy GroupPolicy_K.K.K.K
tunnel-group K.K.K.K ipsec-attributes
ikev1 pre-shared-key heslox
tunnel-group L.L.L.L type ipsec-l2l
tunnel-group L.L.L.L general-attributes
default-group-policy GroupPolicy_L.L.L.L
tunnel-group L.L.L.L ipsec-attributes
ikev1 pre-shared-key heslox
tunnel-group MBAFServices type remote-access
tunnel-group MBAFServices general-attributes
authentication-server-group LDAP
default-group-policy ClientlessGroupPolicy
tunnel-group MBAFServices webvpn-attributes
customization MBAFServices
group-alias JetMoneySevices enable
group-alias MBAFServices disable
!
class-map HTTP_IN
match access-list Inside_mpc
class-map ASTER_RTP_IN
match access-list Beeline_pool_mpc_1
class-map Outside_Ertel-class-shape
match access-list Outside_Ertel_mpc_14
class-map IPSEC_SMO
match access-list SMO_VLAN_mpc
class-map type regex match-any SiteBlackList
match regex domainlis
class-map type inspect http match-all URLClass
match response header allow regex class SiteBlackList
class-map Outside_Beeline-class-shape
match access-list Outside_Beeline_mpc_11
class-map ASTER_SIGNAL_IN
match access-list Beeline_pool_mpc
class-map CX_Proxy
match access-list global_mpc_2
class-map type regex match-any Regex
match regex _default_gnu-http-tunnel_arg
match regex _default_firethru-tunnel_1
match regex _default_firethru-tunnel_2
match regex _default_msn-messenger
match regex _default_GoToMyPC-tunnel_2
match regex _default_windows-media-player-tunnel
match regex _default_x-kazaa-network
match regex _default_shoutcast-tunneling-protocol
match regex _default_gator
match regex _default_aim-messenger
match regex _default_gnu-http-tunnel_uri
match regex _default_http-tunnel
match regex _default_httport-tunnel
match regex _default_GoToMyPC-tunnel
match regex _default_icy-metadata
match regex _default_yahoo-messenger
class-map STATUS_IN
match access-list Inside_mpc_2
class-map Outside_Beeline-class-shape-first
match access-list Outside_Beeline_mpc_10
class-map MAIL_IN
match access-list Inside_mpc_1
class-map Outside_Ertel-class-shape-first
match access-list Outside_Ertel_mpc
class-map Inside-class-prio
match access-list Inside_mpc_3
class-map Outside_Ertel-class-shape-msk
match access-list Outside_Ertel_mpc_1
class-map FTP_IN
match access-list Inside_mpc_5
class-map Inside-class-shape-msk
match access-list Inside_mpc_4
class-map DM_INLINE_Child-Class
match access-list global_mpc
class-map inspection_default
match default-inspection-traffic
class-map Outside_Beeline-class_shape-msk
match access-list Outside_Beeline_mpc
class-map type inspect http match-all asdm_high_security_methods
match not request method get
match not request method head
class-map Outside_Beeline-class-priority
match access-list Outside_Beeline_mpc_4
class-map Outside_Ertel-class-priority
match access-list Outside_Ertel_mpc_13
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
no tcp-inspection
policy-map type inspect im IM
parameters
match protocol msn-im yahoo-im
drop-connection log
policy-map DM_INLINE_Child-Policy
class DM_INLINE_Child-Class
priority
policy-map Inside-policy
class Inside-class-prio
priority
class FTP_IN
priority
class Inside-class-shape-msk
police output 15000000 15000
class MAIL_IN
police output 10000000 5000
class HTTP_IN
police output 30000000 15000
class STATUS_IN
police output 10000000 150000
class class-default
police output 30000000 15000
policy-map type inspect gtp default_gtp_map
parameters
policy-map global_policy
class inspection_default
inspect ctiqbe
inspect dcerpc
inspect esmtp
inspect ftp
inspect h323 h225
inspect h323 ras
inspect http
inspect icmp
inspect ils
inspect ip-options
inspect mgcp
inspect netbios
inspect rsh
inspect rtsp
inspect sip
inspect skinny
inspect snmp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect waas
inspect xdmcp
inspect icmp error
inspect pptp
inspect dns preset_dns_map dynamic-filter-snoop
inspect gtp default_gtp_map
class CX_Proxy
sfr fail-open
policy-map type inspect http http_inspection
parameters
protocol-violation action drop-connection log
class URLClass
reset log
policy-map Beeline_pool-policy
class ASTER_SIGNAL_IN
priority
class ASTER_RTP_IN
priority
policy-map Outside_Beeline-policy
class Outside_Beeline-class-priority
priority
class Outside_Beeline-class_shape-msk
police output 15000000 15000
class Outside_Beeline-class-shape-first
set connection per-client-max 1000 per-client-embryonic-max 100
set connection timeout idle 0:30:00 dcd 0:15:00 5
police output 15000000 150000
class Outside_Beeline-class-shape
set connection per-client-max 1500 per-client-embryonic-max 300
set connection timeout idle 0:30:00 dcd 0:15:00 5
police output 10000000 1000000
class class-default
police output 15000000 15000
policy-map Outside_Ertel-policy
class Outside_Ertel-class-priority
priority
class Outside_Ertel-class-shape-msk
police output 15000000 150000
class Outside_Ertel-class-shape-first
police output 10000000 150000
set connection per-client-max 1000 per-client-embryonic-max 100
set connection timeout idle 0:30:00 dcd 0:15:00 5
class Outside_Ertel-class-shape
set connection per-client-max 1500 per-client-embryonic-max 300
set connection timeout idle 0:30:00 dcd 0:15:00 5
police output 10000000 150000
class class-default
police output 150000000 75000
policy-map type inspect http P2P
parameters
protocol-violation action drop-connection log
class asdm_high_security_methods
drop-connection
match request header non-ascii
drop-connection
match request uri regex class Regex
drop-connection log
policy-map SMO_VLAN-policy
class IPSEC_SMO
priority
!
service-policy global_policy global
service-policy Inside-policy interface Inside
service-policy Outside_Ertel-policy interface Outside_Ertel
service-policy Outside_Beeline-policy interface Outside_Beeline
: end
route Outside_Ertel 0.0.0.0 0.0.0.0 I.I.I.I 1 track 1
route Outside_Beeline 0.0.0.0 0.0.0.0 H.H.H.H 2
route Inside 10.90.90.0 255.255.255.0 172.17.1.38 1
route Inside 10.90.92.0 255.255.255.0 172.17.1.38 1
route Inside 10.100.0.0 255.255.224.0 172.17.1.38 1
route Inside 10.100.48.0 255.255.248.0 172.17.1.38 1
route Inside 10.100.58.0 255.255.255.0 172.17.1.38 1
route Inside 10.100.64.0 255.255.192.0 172.17.1.38 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
timeout conn-holddown 0:00:15
timeout igp stale-route 0:01:10
aaa-server DC_RADIUS protocol radius
aaa-server DC_RADIUS (Inside) host 10.100.0.2
key ytepyftim
authentication-port 1812
accounting-port 1813
radius-common-pw ytepyftim
aaa-server LDAP protocol ldap
max-failed-attempts 2
aaa-server LDAP (Inside) host 10.100.0.2
ldap-base-dn DC=local,DC=test
ldap-scope subtree
ldap-naming-attribute sAMAccountName
ldap-login-password XXXXXXXX
ldap-login-dn CN=ASA,CN=Users,DC=local,DC=test
server-type microsoft
no user-identity enable
user-identity default-domain LOCAL
user-identity action netbios-response-fail remove-user-ip
user-identity inactive-user-timer minutes 120
user-identity logout-probe netbios local-system probe-time minutes 10 retry-interval seconds 10 retry-count 2 user-not-needed
user-identity poll-import-user-group-timer hours 1
user-identity user-not-found enable
aaa authentication ssh console LOCAL
aaa authentication login-history
http server enable
http 10.100.0.0 255.255.224.0 Management
http 10.100.64.0 255.255.192.0 Management
http 10.100.0.0 255.255.0.0 3com_Management
http 10.100.64.0 255.255.192.0 Beeline_pool_2
http 10.100.0.0 255.255.0.0 Inside
http redirect Outside_Ertel 80
http redirect Outside_Beeline 80
snmp-server host Inside 10.100.0.254 community public version 2c
no snmp-server location
no snmp-server contact
sla monitor 1
type echo protocol ipIcmpEcho I.I.I.I interface Outside_Ertel
num-packets 5
sla monitor schedule 1 life forever start-time now
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transport
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map Outside_Ertel_map 2 match address Outside_Ertel_cryptomap_4
crypto map Outside_Ertel_map 2 set peer J.J.J.J
crypto map Outside_Ertel_map 2 set ikev1 transform-set ESP-AES-128-MD5
crypto map Outside_Ertel_map 2 set security-association lifetime seconds 3600
crypto map Outside_Ertel_map 10 match address Outside_Ertel_cryptomap_10
crypto map Outside_Ertel_map 10 set pfs
crypto map Outside_Ertel_map 10 set peer K.K.K.K
crypto map Outside_Ertel_map 10 set ikev1 transform-set ESP-AES-128-MD5
crypto map Outside_Ertel_map 10 set security-association lifetime seconds 1800
crypto map Outside_Ertel_map 20 match address Outside_Ertel_CZ
crypto map Outside_Ertel_map 20 set pfs
crypto map Outside_Ertel_map 20 set peer L.L.L.L
crypto map Outside_Ertel_map 20 set ikev1 transform-set ESP-AES-128-SHA
crypto map Outside_Ertel_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map Outside_Ertel_map interface Outside_Ertel
crypto map Outside_Ertel_map interface Outside_Beeline
crypto ca trustpoint ASDM_TrustPoint0-1
validation-usage ipsec-client ssl-client ssl-server
crl configure
crypto ca trustpoint ASDM_TrustPoint1_vpn
keypair ASDM_TrustPoint1_vpn
crl configure
crypto ca trustpoint ASDM_TrustPoint1_vpn-1
crl configure
crypto ca trustpoint ASDM_Launcher_Access_TrustPoint_0
enrollment self
fqdn none
subject-name CN=172.17.1.37,CN=webvpn
keypair ASDM_LAUNCHER
crl configure
crypto ca trustpoint ASDM_TrustPoint1_webvpn
enrollment terminal
subject-name CN=webvpn.mbafin.ru,C=RU
keypair WEBVPN
no validation-usage
crl configure
crypto ca trustpoint ASDM_TrustPoint1
enrollment terminal
crl configure
crypto ca trustpoint ASDM_TrustPoint_COMODO
keypair ASDM_TrustPoint_COMODO
crl configure
crypto ca trustpoint ASDM_TrustPoint_COMODO-1
crl configure
crypto ca trustpool policy
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable Outside_Ertel client-services port 443
crypto ikev2 enable Outside_Beeline client-services port 443
crypto ikev2 remote-access trustpoint ASDM_TrustPoint1_vpn
crypto ikev1 enable Outside_Ertel
crypto ikev1 enable Outside_Beeline
crypto ikev1 policy 5
authentication pre-share
encryption aes
hash md5
group 2
lifetime 48000
crypto ikev1 policy 20
authentication rsa-sig
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 30
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 50
authentication rsa-sig
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 60
authentication pre-share
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 80
authentication rsa-sig
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 90
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 110
authentication rsa-sig
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 120
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 140
authentication rsa-sig
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 150
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
client-update enable
!
track 1 rtr 1 reachability
telnet timeout 5
ssh stricthostkeycheck
ssh 10.100.0.0 255.255.0.0 Inside
ssh 10.100.64.0 255.255.192.0 Beeline_pool_2
ssh 10.100.0.0 255.255.0.0 3com_Management
ssh 10.100.0.0 255.255.0.0 Management
ssh timeout 15
ssh version 1 2
ssh key-exchange group dh-group1-sha1
console timeout 0
management-access Inside
vpn-sessiondb max-other-vpn-limit 250
vpn-sessiondb max-anyconnect-premium-or-essentials-limit 750
vpn load-balancing
interface lbpublic Outside_Ertel
interface lbprivate Inside
priority-queue Inside
priority-queue Outside_Ertel
priority-queue Outside_Beeline
priority-queue 3com_Management
threat-detection basic-threat
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
dynamic-filter updater-client enable
dynamic-filter use-database
dynamic-filter enable interface Outside_Ertel
dynamic-filter enable interface Outside_Beeline
dynamic-filter drop blacklist interface Outside_Ertel
dynamic-filter drop blacklist interface Outside_Beeline
dynamic-filter whitelist
address 109.232.250.90 255.255.255.255
address 87.118.199.38 255.255.255.255
name www.bankvrn.ru
name ibank.bankvrn.ru
dynamic-filter blacklist
name yaplakal.com
name pikabu.ru
name yaplakal.ru
name yap.ru
name yaplakal.com.ru
ntp server 10.100.0.2
ssl trust-point ASDM_Launcher_Access_TrustPoint_0 Inside
ssl trust-point ASDM_TrustPoint_COMODO Outside_Ertel
ssl trust-point ASDM_TrustPoint_COMODO Outside_Beeline
ssl trust-point ASDM_TrustPoint_COMODO Beeline_pool_2
ssl trust-point ASDM_Launcher_Access_TrustPoint_0 Inside vpnlb-ip
ssl trust-point ASDM_TrustPoint_COMODO domain vpn.mbafin.ru
webvpn
enable Outside_Ertel
enable Outside_Beeline
no anyconnect-essentials
anyconnect image disk0:/anyconnect-win-3.1.14018-k9.pkg 7
anyconnect image disk0:/anyconnect-macosx-i386-3.1.14018-k9.pkg 9
anyconnect image disk0:/anyconnect-linux-3.1.14018-k9.pkg 10
anyconnect image disk0:/anyconnect-linux-64-3.1.14018-k9.pkg 11
anyconnect profiles AnyConnect_client_profile disk0:/anyconnect_client_profile.xml
anyconnect enable
tunnel-group-list enable
smart-tunnel network RD host rd.mbaru.ru
smart-tunnel notification-icon
cache
disable
error-recovery disable
ssl-server-check warn-on-failure
group-policy DefaultRAGroup internal
group-policy DefaultRAGroup attributes
dns-server value 10.100.0.2
vpn-tunnel-protocol ikev2
default-domain value mbaru.ru
group-policy DfltGrpPolicy attributes
vpn-tunnel-protocol ikev2
group-policy easy-vpn internal
group-policy easy-vpn attributes
dns-server value 10.100.0.2
vpn-tunnel-protocol ikev1
split-tunnel-policy tunnelspecified
split-tunnel-network-list value easy-vpn_splitTunnelAcl
default-domain value mbaru.ru
group-policy GroupPolicy_J.J.J.J internal
group-policy GroupPolicy_J.J.J.J attributes
vpn-tunnel-protocol ikev1
group-policy GroupPolicy_AnyConnect internal
group-policy GroupPolicy_AnyConnect attributes
wins-server none
dns-server value 10.100.0.2
vpn-idle-timeout 600
vpn-tunnel-protocol ikev2 ssl-client
split-tunnel-policy tunnelspecified
split-tunnel-network-list value DefaultRAGroup_splitTunnelAcl_1
default-domain value mbaru.ru
split-dns value 10.100.0.2
webvpn
anyconnect profiles value AnyConnect_client_profile type user
group-policy GroupPolicy_K.K.K.K internal
group-policy GroupPolicy_K.K.K.K attributes
vpn-tunnel-protocol ikev1
group-policy GroupPolicy_L.L.L.L internal
group-policy GroupPolicy_L.L.L.L attributes
vpn-tunnel-protocol ikev1
group-policy GroupPolicy1 internal
group-policy GroupPolicy1 attributes
vpn-tunnel-protocol l2tp-ipsec
group-policy ClientlessGroupPolicy internal
group-policy ClientlessGroupPolicy attributes
vpn-tunnel-protocol l2tp-ipsec
dynamic-access-policy-record DfltAccessPolicy
action terminate
dynamic-access-policy-record RestrictedVPN
network-acl RestrictedVPN
priority 1
dynamic-access-policy-record "Allow All"
network-acl Allow_All_VPN
quota management-session 100
username admin password 0on4306YzAN5BlzQ encrypted privilege 15
username root password EoNvB9LxLeNFLMGs1HmcLQ== nt-encrypted privilege 15
tunnel-group DefaultRAGroup general-attributes
address-pool VPN_IP_POOL_TEST
default-group-policy DefaultRAGroup
tunnel-group DefaultRAGroup ipsec-attributes
ikev1 pre-shared-key heslox
tunnel-group AnyConnect type remote-access
tunnel-group AnyConnect general-attributes
address-pool VPN_IP_POOL_TEST
authentication-server-group LDAP
default-group-policy GroupPolicy_AnyConnect
tunnel-group AnyConnect webvpn-attributes
group-alias AnyConnect enable
tunnel-group easy-vpn type remote-access
tunnel-group easy-vpn general-attributes
address-pool VPN_IP_POOL_TEST
authentication-server-group LDAP
default-group-policy easy-vpn
tunnel-group easy-vpn ipsec-attributes
ikev1 pre-shared-key Qq123123
tunnel-group J.J.J.J type ipsec-l2l
tunnel-group J.J.J.J general-attributes
default-group-policy GroupPolicy_J.J.J.J
tunnel-group J.J.J.J ipsec-attributes
ikev1 pre-shared-key heslox
tunnel-group K.K.K.K type ipsec-l2l
tunnel-group K.K.K.K general-attributes
default-group-policy GroupPolicy_K.K.K.K
tunnel-group K.K.K.K ipsec-attributes
ikev1 pre-shared-key heslox
tunnel-group L.L.L.L type ipsec-l2l
tunnel-group L.L.L.L general-attributes
default-group-policy GroupPolicy_L.L.L.L
tunnel-group L.L.L.L ipsec-attributes
ikev1 pre-shared-key heslox
tunnel-group MBAFServices type remote-access
tunnel-group MBAFServices general-attributes
authentication-server-group LDAP
default-group-policy ClientlessGroupPolicy
tunnel-group MBAFServices webvpn-attributes
customization MBAFServices
group-alias JetMoneySevices enable
group-alias MBAFServices disable
!
class-map HTTP_IN
match access-list Inside_mpc
class-map ASTER_RTP_IN
match access-list Beeline_pool_mpc_1
class-map Outside_Ertel-class-shape
match access-list Outside_Ertel_mpc_14
class-map IPSEC_SMO
match access-list SMO_VLAN_mpc
class-map type regex match-any SiteBlackList
match regex domainlis
class-map type inspect http match-all URLClass
match response header allow regex class SiteBlackList
class-map Outside_Beeline-class-shape
match access-list Outside_Beeline_mpc_11
class-map ASTER_SIGNAL_IN
match access-list Beeline_pool_mpc
class-map CX_Proxy
match access-list global_mpc_2
class-map type regex match-any Regex
match regex _default_gnu-http-tunnel_arg
match regex _default_firethru-tunnel_1
match regex _default_firethru-tunnel_2
match regex _default_msn-messenger
match regex _default_GoToMyPC-tunnel_2
match regex _default_windows-media-player-tunnel
match regex _default_x-kazaa-network
match regex _default_shoutcast-tunneling-protocol
match regex _default_gator
match regex _default_aim-messenger
match regex _default_gnu-http-tunnel_uri
match regex _default_http-tunnel
match regex _default_httport-tunnel
match regex _default_GoToMyPC-tunnel
match regex _default_icy-metadata
match regex _default_yahoo-messenger
class-map STATUS_IN
match access-list Inside_mpc_2
class-map Outside_Beeline-class-shape-first
match access-list Outside_Beeline_mpc_10
class-map MAIL_IN
match access-list Inside_mpc_1
class-map Outside_Ertel-class-shape-first
match access-list Outside_Ertel_mpc
class-map Inside-class-prio
match access-list Inside_mpc_3
class-map Outside_Ertel-class-shape-msk
match access-list Outside_Ertel_mpc_1
class-map FTP_IN
match access-list Inside_mpc_5
class-map Inside-class-shape-msk
match access-list Inside_mpc_4
class-map DM_INLINE_Child-Class
match access-list global_mpc
class-map inspection_default
match default-inspection-traffic
class-map Outside_Beeline-class_shape-msk
match access-list Outside_Beeline_mpc
class-map type inspect http match-all asdm_high_security_methods
match not request method get
match not request method head
class-map Outside_Beeline-class-priority
match access-list Outside_Beeline_mpc_4
class-map Outside_Ertel-class-priority
match access-list Outside_Ertel_mpc_13
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
no tcp-inspection
policy-map type inspect im IM
parameters
match protocol msn-im yahoo-im
drop-connection log
policy-map DM_INLINE_Child-Policy
class DM_INLINE_Child-Class
priority
policy-map Inside-policy
class Inside-class-prio
priority
class FTP_IN
priority
class Inside-class-shape-msk
police output 15000000 15000
class MAIL_IN
police output 10000000 5000
class HTTP_IN
police output 30000000 15000
class STATUS_IN
police output 10000000 150000
class class-default
police output 30000000 15000
policy-map type inspect gtp default_gtp_map
parameters
policy-map global_policy
class inspection_default
inspect ctiqbe
inspect dcerpc
inspect esmtp
inspect ftp
inspect h323 h225
inspect h323 ras
inspect http
inspect icmp
inspect ils
inspect ip-options
inspect mgcp
inspect netbios
inspect rsh
inspect rtsp
inspect sip
inspect skinny
inspect snmp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect waas
inspect xdmcp
inspect icmp error
inspect pptp
inspect dns preset_dns_map dynamic-filter-snoop
inspect gtp default_gtp_map
class CX_Proxy
sfr fail-open
policy-map type inspect http http_inspection
parameters
protocol-violation action drop-connection log
class URLClass
reset log
policy-map Beeline_pool-policy
class ASTER_SIGNAL_IN
priority
class ASTER_RTP_IN
priority
policy-map Outside_Beeline-policy
class Outside_Beeline-class-priority
priority
class Outside_Beeline-class_shape-msk
police output 15000000 15000
class Outside_Beeline-class-shape-first
set connection per-client-max 1000 per-client-embryonic-max 100
set connection timeout idle 0:30:00 dcd 0:15:00 5
police output 15000000 150000
class Outside_Beeline-class-shape
set connection per-client-max 1500 per-client-embryonic-max 300
set connection timeout idle 0:30:00 dcd 0:15:00 5
police output 10000000 1000000
class class-default
police output 15000000 15000
policy-map Outside_Ertel-policy
class Outside_Ertel-class-priority
priority
class Outside_Ertel-class-shape-msk
police output 15000000 150000
class Outside_Ertel-class-shape-first
police output 10000000 150000
set connection per-client-max 1000 per-client-embryonic-max 100
set connection timeout idle 0:30:00 dcd 0:15:00 5
class Outside_Ertel-class-shape
set connection per-client-max 1500 per-client-embryonic-max 300
set connection timeout idle 0:30:00 dcd 0:15:00 5
police output 10000000 150000
class class-default
police output 150000000 75000
policy-map type inspect http P2P
parameters
protocol-violation action drop-connection log
class asdm_high_security_methods
drop-connection
match request header non-ascii
drop-connection
match request uri regex class Regex
drop-connection log
policy-map SMO_VLAN-policy
class IPSEC_SMO
priority
!
service-policy global_policy global
service-policy Inside-policy interface Inside
service-policy Outside_Ertel-policy interface Outside_Ertel
service-policy Outside_Beeline-policy interface Outside_Beeline
: end
Learn, share, save
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide
Customers Also Viewed These Support Documents
