All of our Google services (gmail, youtube, google analytics, gstatic (google content server), gchat, play) stopped working a few days ago, suddenly and out of the blue. Been troubleshooting as best I can. Situation is I've inherited an older ASA that was setup by an employee who has since been fired for low-quality work. Trying to figure out what he did and what needs fixed. Network infrastructure is the office here runs off a 5505 ASA, and it remotely connects to other ASAs (also 5505s) across town. (oddly, our location, which is also the master ASA, is the only one experiencing these problems with Google.)

The example below is for youtube.

cap drop type asp-drop acl-drop

show cap drop

3 packets captured
1: 18:52:21.569443 802.1Q vlan#2 P0 74.125.224.98.443 > 64.183.14.26.49931: P 2923469107:2923469162(55) ack 3707520682 win 48300 Drop-reason: (acl-drop) Flow is denied by configured rule
2: 18:52:24.275162 802.1Q vlan#2 P0 74.125.224.37.443 > 64.183.14.26.55682: F 3670860891:3670860891(0) ack 1328362848 win 42900
3: 18:52:30.274994 802.1Q vlan#2 P0 74.125.224.37.443 > 64.183.14.26.55682: F 3670860891:3670860891(0) ack 1328362848 win 42900 Drop-reason: (acl-drop) Flow is denied by configured rule
3 packets shown

and the show run all:

: Saved
:
ASA Version 9.1(1)
!
command-alias exec h help
command-alias exec lo logout
command-alias exec p ping
command-alias exec s show
terminal width 80
hostname WHollywood
domain-name teststore.com
enable password 9r2Uw9GjtI4wLHV/ encrypted
no fips enable
xlate per-session permit tcp any4 any4
xlate per-session permit tcp any4 any6
xlate per-session permit tcp any6 any4
xlate per-session permit tcp any6 any6
xlate per-session permit udp any4 any4 eq domain
xlate per-session permit udp any4 any6 eq domain
xlate per-session permit udp any6 any4 eq domain
xlate per-session permit udp any6 any6 eq domain
passwd XTsulCmtEoSMztgC encrypted
names
ip local pool SSLClientPool 10.255.255.101-10.255.255.125 mask 255.255.255.0
!
interface Ethernet0/0
switchport access vlan 2
switchport mode access
no switchport protected
speed auto
duplex auto
delay 10
!
interface Ethernet0/1
switchport access vlan 1
switchport mode access
no switchport protected
speed auto
duplex auto
delay 10
!
interface Ethernet0/2
switchport access vlan 1
switchport mode access
no switchport protected
speed auto
duplex auto
delay 10
!
interface Ethernet0/3
switchport access vlan 1
switchport mode access
no switchport protected
speed auto
duplex auto
delay 10
!
interface Ethernet0/4
switchport access vlan 1
switchport mode access
no switchport protected
speed auto
duplex auto
delay 10
!
interface Ethernet0/5
switchport access vlan 1
switchport mode access
no switchport protected
speed auto
duplex auto
delay 10
!
interface Ethernet0/6
switchport access vlan 1
switchport mode access
no switchport protected
speed auto
duplex auto
delay 10
!
interface Ethernet0/7
switchport access vlan 1
switchport mode access
no switchport protected
speed auto
duplex auto
delay 10
!
interface Vlan1
nameif inside
security-level 100
ip address 10.0.0.254 255.255.255.0
delay 10
!
interface Vlan2
nameif outside
security-level 0
ip address 64.183.14.26 255.255.255.252
delay 10
!
regex _default_gator "Gator"
regex _default_firethru-tunnel_2 "[/\\]cgi[-]bin[/\\]proxy"
regex _default_shoutcast-tunneling-protocol "1"
regex _default_http-tunnel "[/\\]HT_PortLog.aspx"
regex _default_x-kazaa-network "[xX]-[kK][aA][zZ][aA][aA]-[nN][eE][tT][wW][oO][rR][kK]"
regex _default_msn-messenger "[Aa][Pp][Pp][Ll][Ii][Cc][Aa][Tt][Ii][Oo][Nn][/\\][Xx][-][Mm][Ss][Nn][-][Mm][Ee][Ss][Ss][Ee][Nn][Gg][Ee][Rr]"
regex _default_GoToMyPC-tunnel_2 "[/\\]erc[/\\]Poll"
regex _default_gnu-http-tunnel_uri "[/\\]index[.]html"
regex _default_aim-messenger "[Hh][Tt][Tt][Pp][.][Pp][Rr][Oo][Xx][Yy][.][Ii][Cc][Qq][.][Cc][Oo][Mm]"
regex _default_gnu-http-tunnel_arg "crap"
regex _default_icy-metadata "[iI][cC][yY]-[mM][eE][tT][aA][dD][aA][tT][aA]"
regex _default_GoToMyPC-tunnel "machinekey"
regex _default_windows-media-player-tunnel "NSPlayer"
regex _default_yahoo-messenger "YMSG"
regex _default_httport-tunnel "photo[.]exectech[-]va[.]com"
regex _default_firethru-tunnel_1 "firethru[.]com"
checkheaps check-interval 60
checkheaps validate-checksum 60
boot system disk0:/asa911-k8.bin
ftp mode passive
clock timezone PST -8
clock summer-time PDT recurring 2 Sun Mar 2:00 1 Sun Nov 2:00 60
dns domain-lookup inside
dns domain-lookup outside
dns server-group DefaultDNS
name-server 8.8.8.8
name-server 208.67.222.222
domain-name teststore.com
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object service ah pre-defined
service ah
description This is a pre-defined object
object service eigrp pre-defined
service eigrp
description This is a pre-defined object
object service esp pre-defined
service esp
description This is a pre-defined object
object service gre pre-defined
service gre
description This is a pre-defined object
object service icmp pre-defined
service icmp
description This is a pre-defined object
object service icmp6 pre-defined
service icmp6
description This is a pre-defined object
object service igmp pre-defined
service igmp
description This is a pre-defined object
object service igrp pre-defined
service igrp
description This is a pre-defined object
object service ip pre-defined
service ip
description This is a pre-defined object
object service ipinip pre-defined
service ipinip
description This is a pre-defined object
object service ipsec pre-defined
service esp
description This is a pre-defined object
object service nos pre-defined
service nos
description This is a pre-defined object
object service ospf pre-defined
service ospf
description This is a pre-defined object
object service pcp pre-defined
service pcp
description This is a pre-defined object
object service pim pre-defined
service pim
description This is a pre-defined object
object service pptp pre-defined
service gre
description This is a pre-defined object
object service snp pre-defined
service snp
description This is a pre-defined object
object service tcp pre-defined
service tcp
description This is a pre-defined object
object service udp pre-defined
service udp
description This is a pre-defined object
object service tcp-aol pre-defined
service tcp destination eq aol
description This is a pre-defined object
object service tcp-bgp pre-defined
service tcp destination eq bgp
description This is a pre-defined object
object service tcp-chargen pre-defined
service tcp destination eq chargen
description This is a pre-defined object
object service tcp-cifs pre-defined
service tcp destination eq cifs
description This is a pre-defined object
object service tcp-citrix-ica pre-defined
service tcp destination eq citrix-ica
description This is a pre-defined object
object service tcp-ctiqbe pre-defined
service tcp destination eq ctiqbe
description This is a pre-defined object
object service tcp-daytime pre-defined
service tcp destination eq daytime
description This is a pre-defined object
object service tcp-discard pre-defined
service tcp destination eq discard
description This is a pre-defined object
object service tcp-domain pre-defined
service tcp destination eq domain
description This is a pre-defined object
object service tcp-echo pre-defined
service tcp destination eq echo
description This is a pre-defined object
object service tcp-exec pre-defined
service tcp destination eq exec
description This is a pre-defined object
object service tcp-finger pre-defined
service tcp destination eq finger
description This is a pre-defined object
object service tcp-ftp pre-defined
service tcp destination eq ftp
description This is a pre-defined object
object service tcp-ftp-data pre-defined
service tcp destination eq ftp-data
description This is a pre-defined object
object service tcp-gopher pre-defined
service tcp destination eq gopher
description This is a pre-defined object
object service tcp-ident pre-defined
service tcp destination eq ident
description This is a pre-defined object
object service tcp-imap4 pre-defined
service tcp destination eq imap4
description This is a pre-defined object
object service tcp-irc pre-defined
service tcp destination eq irc
description This is a pre-defined object
object service tcp-hostname pre-defined
service tcp destination eq hostname
description This is a pre-defined object
object service tcp-kerberos pre-defined
service tcp destination eq kerberos
description This is a pre-defined object
object service tcp-klogin pre-defined
service tcp destination eq klogin
description This is a pre-defined object
object service tcp-kshell pre-defined
service tcp destination eq kshell
description This is a pre-defined object
object service tcp-ldap pre-defined
service tcp destination eq ldap
description This is a pre-defined object
object service tcp-ldaps pre-defined
service tcp destination eq ldaps
description This is a pre-defined object
object service tcp-login pre-defined
service tcp destination eq login
description This is a pre-defined object
object service tcp-lotusnotes pre-defined
service tcp destination eq lotusnotes
description This is a pre-defined object
object service tcp-nfs pre-defined
service tcp destination eq nfs
description This is a pre-defined object
object service tcp-netbios-ssn pre-defined
service tcp destination eq netbios-ssn
description This is a pre-defined object
object service tcp-whois pre-defined
service tcp destination eq whois
description This is a pre-defined object
object service tcp-nntp pre-defined
service tcp destination eq nntp
description This is a pre-defined object
object service tcp-pcanywhere-data pre-defined
service tcp destination eq pcanywhere-data
description This is a pre-defined object
object service tcp-pim-auto-rp pre-defined
service tcp destination eq pim-auto-rp
description This is a pre-defined object
object service tcp-pop2 pre-defined
service tcp destination eq pop2
description This is a pre-defined object
object service tcp-pop3 pre-defined
service tcp destination eq pop3
description This is a pre-defined object
object service tcp-pptp pre-defined
service tcp destination eq pptp
description This is a pre-defined object
object service tcp-lpd pre-defined
service tcp destination eq lpd
description This is a pre-defined object
object service tcp-rsh pre-defined
service tcp destination eq rsh
description This is a pre-defined object
object service tcp-rtsp pre-defined
service tcp destination eq rtsp
description This is a pre-defined object
object service tcp-sip pre-defined
service tcp destination eq sip
description This is a pre-defined object
object service tcp-smtp pre-defined
service tcp destination eq smtp
description This is a pre-defined object
object service tcp-ssh pre-defined
service tcp destination eq ssh
description This is a pre-defined object
object service tcp-sunrpc pre-defined
service tcp destination eq sunrpc
description This is a pre-defined object
object service tcp-tacacs pre-defined
service tcp destination eq tacacs
description This is a pre-defined object
object service tcp-talk pre-defined
service tcp destination eq talk
description This is a pre-defined object
object service tcp-telnet pre-defined
service tcp destination eq telnet
description This is a pre-defined object
object service tcp-uucp pre-defined
service tcp destination eq uucp
description This is a pre-defined object
object service tcp-www pre-defined
service tcp destination eq www
description This is a pre-defined object
object service tcp-http pre-defined
service tcp destination eq www
description This is a pre-defined object
object service tcp-https pre-defined
service tcp destination eq https
description This is a pre-defined object
object service tcp-cmd pre-defined
service tcp destination eq rsh
description This is a pre-defined object
object service tcp-sqlnet pre-defined
service tcp destination eq sqlnet
description This is a pre-defined object
object service tcp-h323 pre-defined
service tcp destination eq h323
description This is a pre-defined object
object service tcp-udp-cifs pre-defined
service tcp-udp destination eq cifs
description This is a pre-defined object
object service tcp-udp-discard pre-defined
service tcp-udp destination eq discard
description This is a pre-defined object
object service tcp-udp-domain pre-defined
service tcp-udp destination eq domain
description This is a pre-defined object
object service tcp-udp-echo pre-defined
service tcp-udp destination eq echo
description This is a pre-defined object
object service tcp-udp-kerberos pre-defined
service tcp-udp destination eq kerberos
description This is a pre-defined object
object service tcp-udp-nfs pre-defined
service tcp-udp destination eq nfs
description This is a pre-defined object
object service tcp-udp-pim-auto-rp pre-defined
service tcp-udp destination eq pim-auto-rp
description This is a pre-defined object
object service tcp-udp-sip pre-defined
service tcp-udp destination eq sip
description This is a pre-defined object
object service tcp-udp-sunrpc pre-defined
service tcp-udp destination eq sunrpc
description This is a pre-defined object
object service tcp-udp-tacacs pre-defined
service tcp-udp destination eq tacacs
description This is a pre-defined object
object service tcp-udp-www pre-defined
service tcp-udp destination eq www
description This is a pre-defined object
object service tcp-udp-http pre-defined
service tcp-udp destination eq www
description This is a pre-defined object
object service tcp-udp-talk pre-defined
service tcp-udp destination eq talk
description This is a pre-defined object
object service udp-biff pre-defined
service udp destination eq biff
description This is a pre-defined object
object service udp-bootpc pre-defined
service udp destination eq bootpc
description This is a pre-defined object
object service udp-bootps pre-defined
service udp destination eq bootps
description This is a pre-defined object
object service udp-cifs pre-defined
service udp destination eq cifs
description This is a pre-defined object
object service udp-discard pre-defined
service udp destination eq discard
description This is a pre-defined object
object service udp-domain pre-defined
service udp destination eq domain
description This is a pre-defined object
object service udp-dnsix pre-defined
service udp destination eq dnsix
description This is a pre-defined object
object service udp-echo pre-defined
service udp destination eq echo
description This is a pre-defined object
object service udp-www pre-defined
service udp destination eq www
description This is a pre-defined object
object service udp-http pre-defined
service udp destination eq www
description This is a pre-defined object
object service udp-nameserver pre-defined
service udp destination eq nameserver
description This is a pre-defined object
object service udp-kerberos pre-defined
service udp destination eq kerberos
description This is a pre-defined object
object service udp-mobile-ip pre-defined
service udp destination eq mobile-ip
description This is a pre-defined object
object service udp-nfs pre-defined
service udp destination eq nfs
description This is a pre-defined object
object service udp-netbios-ns pre-defined
service udp destination eq netbios-ns
description This is a pre-defined object
object service udp-netbios-dgm pre-defined
service udp destination eq netbios-dgm
description This is a pre-defined object
object service udp-ntp pre-defined
service udp destination eq ntp
description This is a pre-defined object
object service udp-pcanywhere-status pre-defined
service udp destination eq pcanywhere-status
description This is a pre-defined object
object service udp-pim-auto-rp pre-defined
service udp destination eq pim-auto-rp
description This is a pre-defined object
object service udp-radius pre-defined
service udp destination eq radius
description This is a pre-defined object
object service udp-radius-acct pre-defined
service udp destination eq radius-acct
description This is a pre-defined object
object service udp-rip pre-defined
service udp destination eq rip
description This is a pre-defined object
object service udp-secureid-udp pre-defined
service udp destination eq secureid-udp
description This is a pre-defined object
object service udp-sip pre-defined
service udp destination eq sip
description This is a pre-defined object
object service udp-snmp pre-defined
service udp destination eq snmp
description This is a pre-defined object
object service udp-snmptrap pre-defined
service udp destination eq snmptrap
description This is a pre-defined object
object service udp-sunrpc pre-defined
service udp destination eq sunrpc
description This is a pre-defined object
object service udp-syslog pre-defined
service udp destination eq syslog
description This is a pre-defined object
object service udp-tacacs pre-defined
service udp destination eq tacacs
description This is a pre-defined object
object service udp-talk pre-defined
service udp destination eq talk
description This is a pre-defined object
object service udp-tftp pre-defined
service udp destination eq tftp
description This is a pre-defined object
object service udp-time pre-defined
service udp destination eq time
description This is a pre-defined object
object service udp-who pre-defined
service udp destination eq who
description This is a pre-defined object
object service udp-xdmcp pre-defined
service udp destination eq xdmcp
description This is a pre-defined object
object service udp-isakmp pre-defined
service udp destination eq isakmp
description This is a pre-defined object
object service icmp6-unreachable pre-defined
service icmp6 unreachable
description This is a pre-defined object
object service icmp6-packet-too-big pre-defined
service icmp6 packet-too-big
description This is a pre-defined object
object service icmp6-time-exceeded pre-defined
service icmp6 time-exceeded
description This is a pre-defined object
object service icmp6-parameter-problem pre-defined
service icmp6 parameter-problem
description This is a pre-defined object
object service icmp6-echo pre-defined
service icmp6 echo
description This is a pre-defined object
object service icmp6-echo-reply pre-defined
service icmp6 echo-reply
description This is a pre-defined object
object service icmp6-membership-query pre-defined
service icmp6 membership-query
description This is a pre-defined object
object service icmp6-membership-report pre-defined
service icmp6 membership-report
description This is a pre-defined object
object service icmp6-membership-reduction pre-defined
service icmp6 membership-reduction
description This is a pre-defined object
object service icmp6-router-renumbering pre-defined
service icmp6 router-renumbering
description This is a pre-defined object
object service icmp6-router-solicitation pre-defined
service icmp6 router-solicitation
description This is a pre-defined object
object service icmp6-router-advertisement pre-defined
service icmp6 router-advertisement
description This is a pre-defined object
object service icmp6-neighbor-solicitation pre-defined
service icmp6 neighbor-solicitation
description This is a pre-defined object
object service icmp6-neighbor-advertisement pre-defined
service icmp6 neighbor-advertisement
description This is a pre-defined object
object service icmp6-neighbor-redirect pre-defined
service icmp6 neighbor-redirect
description This is a pre-defined object
object service icmp-echo pre-defined
service icmp echo
description This is a pre-defined object
object service icmp-echo-reply pre-defined
service icmp echo-reply
description This is a pre-defined object
object service icmp-unreachable pre-defined
service icmp unreachable
description This is a pre-defined object
object service icmp-source-quench pre-defined
service icmp source-quench
description This is a pre-defined object
object service icmp-redirect pre-defined
service icmp redirect
description This is a pre-defined object
object service icmp-alternate-address pre-defined
service icmp alternate-address
description This is a pre-defined object
object service icmp-router-advertisement pre-defined
service icmp router-advertisement
description This is a pre-defined object
object service icmp-router-solicitation pre-defined
service icmp router-solicitation
description This is a pre-defined object
object service icmp-time-exceeded pre-defined
service icmp time-exceeded
description This is a pre-defined object
object service icmp-parameter-problem pre-defined
service icmp parameter-problem
description This is a pre-defined object
object service icmp-timestamp-request pre-defined
service icmp timestamp-request
description This is a pre-defined object
object service icmp-timestamp-reply pre-defined
service icmp timestamp-reply
description This is a pre-defined object
object service icmp-information-request pre-defined
service icmp information-request
description This is a pre-defined object
object service icmp-information-reply pre-defined
service icmp information-reply
description This is a pre-defined object
object service icmp-mask-request pre-defined
service icmp mask-request
description This is a pre-defined object
object service icmp-mask-reply pre-defined
service icmp mask-reply
description This is a pre-defined object
object service icmp-traceroute pre-defined
service icmp traceroute
description This is a pre-defined object
object service icmp-conversion-error pre-defined
service icmp conversion-error
description This is a pre-defined object
object service icmp-mobile-redirect pre-defined
service icmp mobile-redirect
description This is a pre-defined object
object network obj-10.0.0.0
subnet 10.0.0.0 255.255.255.0
description 9
object network obj-10.0.1.0
subnet 10.0.1.0 255.255.255.0
object network obj-10.0.2.0
subnet 10.0.2.0 255.255.255.0
object network obj-10.0.3.0
subnet 10.0.3.0 255.255.255.0
object network obj-10.255.255.0
subnet 10.255.255.0 255.255.255.0
object network 10.0.4.0
subnet 10.0.4.0 255.255.255.0
description Sunset Store
object network NETWORK_OBJ_10.0.0.0_24
subnet 10.0.0.0 255.255.255.0
object network Rackspace-vpn-peer
host 67.192.187.32
description Rackspace-vpn-peer
object network INTERNAL
subnet 10.255.255.0 255.255.255.0
object network NETWORK_OBJ_10.0.5.0_24
subnet 10.0.5.0 255.255.255.0
object network insideout
subnet 10.0.0.0 255.255.255.0
object network officecomps
range 10.0.0.110 10.0.0.141
description officedhcpcomps
object network testoffice
range 10.0.100.110 10.0.100.141
object-group service DM_INLINE_SERVICE_3
service-object tcp-udp destination eq echo
service-object udp destination eq echo
object-group icmp-type DM_INLINE_ICMP_2
icmp-object echo
icmp-object echo-reply
icmp-object traceroute
object-group service DM_INLINE_SERVICE_4
service-object tcp-udp destination eq echo
service-object tcp destination eq echo
service-object udp destination eq echo
object-group network DM_INLINE_NETWORK_1
access-list NONAT extended permit ip 10.0.0.0 255.255.255.0 10.0.1.0 255.255.255.0
access-list NONAT extended permit ip 10.0.0.0 255.255.255.0 10.0.2.0 255.255.255.0
access-list NONAT extended permit ip 10.0.0.0 255.255.255.0 10.0.3.0 255.255.255.0
access-list NONAT extended permit ip 10.0.0.0 255.255.255.0 10.255.255.0 255.255.255.0
access-list IPSEC_ACL extended permit ip 10.0.0.0 255.255.255.0 10.0.2.0 255.255.255.0
access-list IPSEC_ACL extended permit ip 10.255.255.0 255.255.255.0 10.0.2.0 255.255.255.0
access-list LosAngeles extended permit ip 10.0.0.0 255.255.255.0 10.0.1.0 255.255.255.0
access-list LosAngeles extended permit ip 10.255.255.0 255.255.255.0 10.0.1.0 255.255.255.0
access-list SantaMonicaPico extended permit ip 10.0.0.0 255.255.255.0 10.0.3.0 255.255.255.0
access-list SantaMonicaPico extended permit ip 10.255.255.0 255.255.255.0 10.0.3.0 255.255.255.0
access-list inside_access_in remark **AR** - echo, echo-reply, traceroute for diags through Aug 10
access-list inside_access_in remark **AR** - echo, echo-reply, traceroute for diags through Aug 10
access-list inside_access_in remark **AR** - echo, echo-reply, traceroute for diags through Aug 10
access-list outside_cryptomap extended permit ip 10.0.0.0 255.255.255.0 object 10.0.4.0
access-list outside_cryptomap_1 extended permit ip 10.0.0.0 255.255.255.0 10.0.5.0 255.255.255.0
access-list outside_cryptomap_2 extended permit ip 10.0.0.0 255.255.255.0 10.0.5.0 255.255.255.0
pager lines 24
logging enable
logging buffer-size 4096
logging asdm-buffer-size 100
logging buffered informational
logging asdm informational
logging flash-minimum-free 3076
logging flash-maximum-allocation 1024
logging rate-limit 1 10 message 747001
logging rate-limit 1 1 message 402116
logging rate-limit 1 10 message 620002
logging rate-limit 1 10 message 717015
logging rate-limit 1 10 message 717018
logging rate-limit 1 10 message 201013
logging rate-limit 1 10 message 201012
logging rate-limit 1 1 message 313009
logging rate-limit 100 1 message 750003
logging rate-limit 100 1 message 750002
logging rate-limit 100 1 message 750004
logging rate-limit 1 10 message 419003
logging rate-limit 1 10 message 405002
logging rate-limit 1 10 message 421007
logging rate-limit 1 10 message 405001
logging rate-limit 1 10 message 421001
logging rate-limit 1 10 message 421002
logging rate-limit 1 10 message 337004
logging rate-limit 1 10 message 337005
logging rate-limit 1 10 message 337001
logging rate-limit 1 10 message 337002
logging rate-limit 1 10 message 337003
logging rate-limit 2 5 message 199011
logging rate-limit 1 10 message 199010
logging rate-limit 1 10 message 337009
logging rate-limit 2 5 message 199012
logging rate-limit 1 10 message 710002
logging rate-limit 1 10 message 209003
logging rate-limit 1 10 message 209004
logging rate-limit 1 10 message 209005
logging rate-limit 1 10 message 431002
logging rate-limit 1 10 message 431001
logging rate-limit 1 1 message 447001
logging rate-limit 1 10 message 110003
logging rate-limit 1 10 message 110002
logging rate-limit 1 10 message 429007
logging rate-limit 1 10 message 216004
logging rate-limit 1 10 message 450001
flow-export template timeout-rate 30
mtu inside 1500
mtu outside 1500
no failover
failover lan unit secondary
failover polltime unit 1 holdtime 15
failover polltime interface 5 holdtime 25
failover interface-policy 1
monitor-interface inside
monitor-interface outside
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-712.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (inside,any) source static obj-10.0.0.0 obj-10.0.0.0 destination static obj-10.0.1.0 obj-10.0.1.0 no-proxy-arp route-lookup description 1
nat (inside,any) source static obj-10.0.0.0 obj-10.0.0.0 destination static obj-10.0.2.0 obj-10.0.2.0 no-proxy-arp route-lookup description 2
nat (inside,any) source static obj-10.0.0.0 obj-10.0.0.0 destination static obj-10.0.3.0 obj-10.0.3.0 no-proxy-arp route-lookup description 3
nat (inside,any) source static obj-10.0.0.0 obj-10.0.0.0 destination static 10.0.4.0 10.0.4.0 no-proxy-arp route-lookup description 5
nat (inside,outside) source static NETWORK_OBJ_10.0.0.0_24 NETWORK_OBJ_10.0.0.0_24 destination static NETWORK_OBJ_10.0.5.0_24 NETWORK_OBJ_10.0.5.0_24 no-proxy-arp route-lookup description 8
nat (inside,any) source static obj-10.0.0.0 obj-10.0.0.0 destination static obj-10.255.255.0 obj-10.255.255.0 no-proxy-arp route-lookup description 4
!
object network insideout
nat (inside,outside) dynamic interface
ipv6 dhcprelay timeout 60
route outside 0.0.0.0 0.0.0.0 64.183.14.25 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
action continue
no cts server-group
no cts sxp enable
no cts sxp default password
no cts sxp default source-ip
cts sxp reconciliation period 120
cts sxp retry period 120
user-identity enable
user-identity domain LOCAL
user-identity default-domain LOCAL
user-identity action mac-address-mismatch remove-user-ip
user-identity inactive-user-timer minutes 60
user-identity poll-import-user-group-timer hours 8
user-identity ad-agent active-user-database on-demand
user-identity ad-agent hello-timer seconds 30 retry-times 5
no user-identity user-not-found enable
aaa authentication ssh console LOCAL
aaa authentication http console LOCAL
aaa local authentication attempts max-fail 16
http server enable 8443
http 10.0.0.0 255.255.255.0 inside
http 63.80.139.192 255.255.255.192 outside
http 4.34.84.192 255.255.255.192 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
no snmp-server enable traps syslog
no snmp-server enable traps ipsec start stop
no snmp-server enable traps entity config-change fru-insert fru-remove fan-failure power-supply power-supply-presence cpu-temperature chassis-temperature power-supply-temperature chassis-fan-failure
no snmp-server enable traps memory-threshold
no snmp-server enable traps interface-threshold
no snmp-server enable traps remote-access session-threshold-exceeded
no snmp-server enable traps connection-limit-reached
no snmp-server enable traps cpu threshold rising
no snmp-server enable traps ikev2 start stop
no snmp-server enable traps nat packet-discard
snmp-server enable
snmp-server listen-port 161
fragment size 200 inside
fragment chain 24 inside
fragment timeout 5 inside
no fragment reassembly full inside
fragment size 200 outside
fragment chain 24 outside
fragment timeout 5 outside
no fragment reassembly full outside
no sysopt connection timewait
sysopt connection tcpmss 1380
sysopt connection tcpmss minimum 0
sysopt connection permit-vpn
sysopt connection reclassify-vpn
no sysopt connection preserve-vpn-flows
no sysopt radius ignore-secret
no sysopt noproxyarp inside
no sysopt noproxyarp outside
service password-recovery
crypto ipsec ikev1 transform-set IPSEC_SET esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transport
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto ipsec security-association replay window-size 64
crypto ipsec security-association pmtu-aging infinite
crypto ipsec fragmentation before-encryption inside
crypto ipsec fragmentation before-encryption outside
crypto ipsec df-bit copy-df inside
crypto ipsec df-bit copy-df outside
crypto map IPSEC_MAP 1 match address outside_cryptomap
crypto map IPSEC_MAP 1 set connection-type bi-directional
crypto map IPSEC_MAP 1 set peer 198.2.47.110 162.196.15.161
crypto map IPSEC_MAP 1 set ikev1 phase1-mode main
crypto map IPSEC_MAP 1 set ikev1 transform-set IPSEC_SET
no crypto map IPSEC_MAP 1 set tfc-packets
crypto map IPSEC_MAP 2 match address outside_cryptomap_1
crypto map IPSEC_MAP 2 set connection-type bi-directional
crypto map IPSEC_MAP 2 set peer 173.198.117.154
crypto map IPSEC_MAP 2 set ikev1 phase1-mode main
crypto map IPSEC_MAP 2 set ikev1 transform-set ESP-AES-256-SHA
crypto map IPSEC_MAP 2 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
no crypto map IPSEC_MAP 2 set tfc-packets
crypto map IPSEC_MAP 3 match address outside_cryptomap_2
crypto map IPSEC_MAP 3 set connection-type bi-directional
crypto map IPSEC_MAP 3 set peer 97.72.69.138
crypto map IPSEC_MAP 3 set ikev1 phase1-mode main
crypto map IPSEC_MAP 3 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
no crypto map IPSEC_MAP 3 set tfc-packets
crypto map IPSEC_MAP 10 match address IPSEC_ACL
crypto map IPSEC_MAP 10 set connection-type bi-directional
crypto map IPSEC_MAP 10 set peer 72.34.112.22 67.52.122.18
crypto map IPSEC_MAP 10 set ikev1 phase1-mode main
crypto map IPSEC_MAP 10 set ikev1 transform-set IPSEC_SET
no crypto map IPSEC_MAP 10 set tfc-packets
crypto map IPSEC_MAP 20 match address LosAngeles
crypto map IPSEC_MAP 20 set connection-type bi-directional
crypto map IPSEC_MAP 20 set peer 64.183.50.110 99.92.126.61
crypto map IPSEC_MAP 20 set ikev1 phase1-mode aggressive group2
crypto map IPSEC_MAP 20 set ikev1 transform-set IPSEC_SET
no crypto map IPSEC_MAP 20 set tfc-packets
crypto map IPSEC_MAP 30 match address SantaMonicaPico
crypto map IPSEC_MAP 30 set connection-type bi-directional
crypto map IPSEC_MAP 30 set peer 173.196.157.42 173.51.171.146
crypto map IPSEC_MAP 30 set ikev1 phase1-mode main
crypto map IPSEC_MAP 30 set ikev1 transform-set IPSEC_SET
no crypto map IPSEC_MAP 30 set tfc-packets
crypto map IPSEC_MAP interface outside
crypto ca trustpoint _SmartCallHome_ServerCA
revocation-check none
enrollment retry period 1
enrollment retry count 0
no fqdn
no email
no subject-name
no serial-number
no ip-address
no password
validation-usage ipsec-client ssl-client
accept-subordinates
id-cert-issuer
id-usage ssl-ipsec
no ignore-ipsec-keyusage
no ignore-ssl-keyusage
no proxy-ldc-issuer
crl configure
policy cdp
cache-time 60
enforcenextupdate
protocol http
protocol ldap
protocol scep
crypto ca trustpoint ASDM_TrustPoint0
revocation-check none
enrollment retry period 1
enrollment retry count 0
enrollment terminal
fqdn vpn.teststore.com
no email
subject-name CN=vpn.teststore.com,OU=vpn,O="teststore, LLC",C=US,St=California,L=Los Angeles
no serial-number
ip-address 64.183.14.26
no password
keypair vpn.teststore.com.key
validation-usage ipsec-client ssl-client
accept-subordinates
id-cert-issuer
id-usage ssl-ipsec
no ignore-ipsec-keyusage
no ignore-ssl-keyusage
no proxy-ldc-issuer
crl configure
policy cdp
cache-time 60
enforcenextupdate
protocol http
protocol ldap
protocol scep
crypto ca trustpool policy
revocation-check none
crl cache-time 60
crl enforcenextupdate
crypto ca certificate chain _SmartCallHome_ServerCA
certificate *redacted*
quit
crypto ca certificate chain ASDM_TrustPoint0
certificate *redacted*
quit
crypto isakmp identity address
crypto isakmp nat-traversal 20
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable inside
crypto ikev2 enable outside
crypto ikev2 cookie-challenge 50
crypto ikev2 limit max-in-negotiation-sa 100
no crypto ikev2 limit max-sa
crypto ikev2 redirect during-auth
crypto ikev1 enable inside
crypto ikev1 enable outside
crypto ikev1 policy 10
authentication pre-share
encryption aes-256
hash sha
group 5
lifetime 86400
crypto ikev1 policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet 10.0.1.0 255.255.255.0 inside
telnet timeout 5
ssh 10.0.0.0 255.255.255.0 inside
ssh 63.80.139.192 255.255.255.192 outside
ssh 64.60.44.224 255.255.255.224 outside
ssh 4.34.84.192 255.255.255.192 outside
ssh timeout 5
console timeout 0
management-access inside
vpn-addr-assign aaa
vpn-addr-assign dhcp
vpn-addr-assign local reuse-delay 0
ipv6-vpn-addr-assign aaa
ipv6-vpn-addr-assign local reuse-delay 0
no vpn-sessiondb max-other-vpn-limit
no vpn-sessiondb max-anyconnect-premium-or-essentials-limit
no remote-access threshold
l2tp tunnel hello 60

no vpnclient enable
dhcpd dns 8.8.8.8 208.67.222.222
dhcpd lease 86400
dhcpd option 3 ip 10.0.0.254
!
dhcpd address 10.0.0.110-10.0.0.141 inside
dhcpd option 3 ip 10.0.0.254 interface inside
dhcpd enable inside
!
!
tls-proxy maximum-session 10
!
threat-detection rate dos-drop rate-interval 600 average-rate 100 burst-rate 400
threat-detection rate dos-drop rate-interval 3600 average-rate 80 burst-rate 320
threat-detection rate bad-packet-drop rate-interval 600 average-rate 100 burst-rate 400
threat-detection rate bad-packet-drop rate-interval 3600 average-rate 80 burst-rate 320
threat-detection rate acl-drop rate-interval 600 average-rate 400 burst-rate 800
threat-detection rate acl-drop rate-interval 3600 average-rate 320 burst-rate 640
threat-detection rate conn-limit-drop rate-interval 600 average-rate 100 burst-rate 400
threat-detection rate conn-limit-drop rate-interval 3600 average-rate 80 burst-rate 320
threat-detection rate icmp-drop rate-interval 600 average-rate 100 burst-rate 400
threat-detection rate icmp-drop rate-interval 3600 average-rate 80 burst-rate 320
threat-detection rate scanning-threat rate-interval 600 average-rate 5 burst-rate 10
threat-detection rate scanning-threat rate-interval 3600 average-rate 4 burst-rate 8
threat-detection rate syn-attack rate-interval 600 average-rate 100 burst-rate 200
threat-detection rate syn-attack rate-interval 3600 average-rate 80 burst-rate 160
threat-detection rate fw-drop rate-interval 600 average-rate 400 burst-rate 1600
threat-detection rate fw-drop rate-interval 3600 average-rate 320 burst-rate 1280
threat-detection rate inspect-drop rate-interval 600 average-rate 400 burst-rate 1600
threat-detection rate inspect-drop rate-interval 3600 average-rate 320 burst-rate 1280
threat-detection rate interface-drop rate-interval 600 average-rate 2000 burst-rate 8000
threat-detection rate interface-drop rate-interval 3600 average-rate 1600 burst-rate 6400
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl server-version any
ssl client-version any
ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1
ssl trust-point ASDM_TrustPoint0 outside
webvpn
memory-size percent 50
port 443
enable outside
dtls port 443
character-encoding none
no http-proxy
no https-proxy
default-idle-timeout 1800
portal-access-rule none
csd image disk0:/csd_3.6.6234-k9.pkg
no csd enable
anyconnect image disk0:/anyconnect-macosx-i386-3.1.05152-k9.pkg 1 regex "Intel Mac OS X"
anyconnect image disk0:/anyconnect-linux-3.1.05152-k9.pkg 2
anyconnect image disk0:/anyconnect-win-3.1.03103-k9.pkg 3
anyconnect enable
tunnel-group-list enable
no tunnel-group-preference group-url
rewrite order 65535 enable resource-mask *
no internal-password
no onscreen-keyboard
no default-language
no smart-tunnel notification-icon
no keepout
cache
no disable
max-object-size 1000
min-object-size 0
no cache-static-content enable
lmfactor 20
expiry-time 1
no auto-signon
no error-recovery disable
no ssl-server-check
no mus password
mus host mus.cisco.com
: # show import webvpn customization
: Template
: DfltCustomization
: # show import webvpn url-list
: Template
: # show import webvpn translation-table
: Translation Tables' Templates:
: AnyConnect
: PortForwarder
: banners
: csd
: customization
: url-list
: webvpn
: Translation Tables:
: fr PortForwarder
: fr csd
: fr customization
: fr webvpn
: ja PortForwarder
: ja csd
: ja customization
: ja webvpn
: ru PortForwarder
: ru customization
: ru webvpn
: # show import webvpn mst-translation
: No MS translation tables defined
: # show import webvpn webcontent
: No custom webcontent is loaded
: # show import webvpn AnyConnect-customization
: No OEM resources defined
: # show import webvpn plug-in
:
group-policy SSLCLientPolicy internal
group-policy SSLCLientPolicy attributes
banner value ---Authorized Access Only---
banner value ---Authorized Access Only---
banner value ---Authorized Access Only---
dns-server value 206.13.29.12
vpn-tunnel-protocol ikev1 ssl-client
split-tunnel-policy tunnelspecified
split-tunnel-network-list none
default-domain none
split-dns value teststore.com
address-pools value SSLClientPool
webvpn
anyconnect ssl rekey time 30
anyconnect ssl rekey method ssl
anyconnect ask none default anyconnect
group-policy DfltGrpPolicy internal
group-policy DfltGrpPolicy attributes
banner none
wins-server none
dns-server none
dhcp-network-scope none
vpn-access-hours none
vpn-simultaneous-logins 3
vpn-idle-timeout 30
vpn-idle-timeout alert-interval 1
vpn-session-timeout none
vpn-session-timeout alert-interval 1
vpn-filter none
ipv6-vpn-filter none
vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-clientless
password-storage disable
ip-comp disable
re-xauth disable
group-lock none
pfs disable
ipsec-udp disable
ipsec-udp-port 10000
split-tunnel-policy tunnelall
ipv6-split-tunnel-policy tunnelall
split-tunnel-network-list none
default-domain none
split-dns none
split-tunnel-all-dns disable
intercept-dhcp 255.255.255.255 disable
secure-unit-authentication disable
user-authentication disable
user-authentication-idle-timeout 30
ip-phone-bypass disable
client-bypass-protocol disable
gateway-fqdn none
leap-bypass disable
nem disable
backup-servers keep-client-config
msie-proxy server none
msie-proxy method no-modify
msie-proxy except-list none
msie-proxy local-bypass disable
msie-proxy pac-url none
msie-proxy lockdown enable
vlan none
nac-settings none
address-pools none
ipv6-address-pools none
smartcard-removal-disconnect enable
scep-forwarding-url none
client-firewall none
client-access-rule none
webvpn
url-list none
filter none
homepage none
html-content-filter none
port-forward name Application Access
port-forward disable
http-proxy disable
sso-server none
anyconnect ssl dtls enable
anyconnect mtu 1406
anyconnect firewall-rule client-interface private none
anyconnect firewall-rule client-interface public none
anyconnect keep-installer installed
anyconnect ssl keepalive 20
anyconnect ssl rekey time none
anyconnect ssl rekey method none
anyconnect dpd-interval client 30
anyconnect dpd-interval gateway 30
anyconnect ssl compression none
anyconnect dtls compression lzs
anyconnect modules none
anyconnect profiles none
anyconnect ask none
customization none
keep-alive-ignore 4
http-comp gzip
download-max-size 2147483647
upload-max-size 2147483647
post-max-size 2147483647
user-storage none
storage-objects value cookies,credentials
storage-key none
hidden-shares none
smart-tunnel disable
activex-relay enable
unix-auth-uid 65534
unix-auth-gid 65534
file-entry enable
file-browsing enable
url-entry enable
deny-message value Login was successful, but because certain criteria have not been met or due to some specific group policy, you do not have permission to use any of the VPN features. Contact your IT administrator for more information
smart-tunnel auto-signon disable
anyconnect ssl df-bit-ignore disable
anyconnect routing-filtering-ignore disable
smart-tunnel tunnel-policy tunnelall
always-on-vpn profile-setting
group-policy GroupPolicy_173.198.117.154 internal
group-policy GroupPolicy_173.198.117.154 attributes
vpn-tunnel-protocol ikev1
group-policy GroupPolicy_67.192.187.32 internal
group-policy GroupPolicy_67.192.187.32 attributes
vpn-tunnel-protocol ikev1
username admin password PjOstXDsqwmjgWtV encrypted privilege 15
username Charles password 9DZ6znTPWNPflTc8 encrypted privilege 15
username connie password f/.TrabI8q28EXcT encrypted privilege 15
username Marcelo password IXM6qKOsPXgozpr6 encrypted privilege 2
username andy password D4MuOk9Vq/u8G3pT encrypted privilege 15
tunnel-group DefaultL2LGroup type ipsec-l2l
tunnel-group DefaultL2LGroup general-attributes
no accounting-server-group
default-group-policy DfltGrpPolicy
tunnel-group DefaultL2LGroup ipsec-attributes
no ikev1 pre-shared-key
peer-id-validate req
no chain
no ikev1 trust-point
isakmp keepalive threshold 10 retry 2
no ikev2 remote-authentication
no ikev2 local-authentication
tunnel-group DefaultRAGroup type remote-access
tunnel-group DefaultRAGroup general-attributes
no address-pool
no ipv6-address-pool
authentication-server-group LOCAL
secondary-authentication-server-group none
no accounting-server-group
default-group-policy DfltGrpPolicy
no dhcp-server
no strip-realm
no nat-assigned-to-public-ip
no scep-enrollment enable
no password-management
no override-account-disable
no strip-group
no authorization-required
username-from-certificate CN OU
secondary-username-from-certificate CN OU
authentication-attr-from-server primary
authenticated-session-username primary
tunnel-group DefaultRAGroup webvpn-attributes
customization DfltCustomization
authentication aaa
no override-svc-download
no radius-reject-message
no proxy-auth sdi
no pre-fill-username ssl-client
no pre-fill-username clientless
no secondary-pre-fill-username ssl-client
no secondary-pre-fill-username clientless
dns-group DefaultDNS
no without-csd
tunnel-group DefaultRAGroup ipsec-attributes
no ikev1 pre-shared-key
peer-id-validate req
no chain
no ikev1 trust-point
no ikev1 radius-sdi-xauth
isakmp keepalive threshold 300 retry 2
ikev1 user-authentication xauth
no ikev2 remote-authentication
no ikev2 local-authentication
tunnel-group DefaultRAGroup ppp-attributes
no authentication pap
authentication chap
authentication ms-chap-v1
no authentication ms-chap-v2
no authentication eap-proxy
tunnel-group DefaultWEBVPNGroup type remote-access
tunnel-group DefaultWEBVPNGroup general-attributes
no address-pool
no ipv6-address-pool
authentication-server-group LOCAL
secondary-authentication-server-group none
no accounting-server-group
default-group-policy DfltGrpPolicy
no dhcp-server
no strip-realm
no nat-assigned-to-public-ip
no scep-enrollment enable
no password-management
no override-account-disable
no strip-group
no authorization-required
username-from-certificate CN OU
secondary-username-from-certificate CN OU
authentication-attr-from-server primary
authenticated-session-username primary
tunnel-group DefaultWEBVPNGroup webvpn-attributes
customization DfltCustomization
authentication aaa
no override-svc-download
no radius-reject-message
no proxy-auth sdi
no pre-fill-username ssl-client
no pre-fill-username clientless
no secondary-pre-fill-username ssl-client
no secondary-pre-fill-username clientless
dns-group DefaultDNS
no without-csd
tunnel-group DefaultWEBVPNGroup ipsec-attributes
no ikev1 pre-shared-key
peer-id-validate req
no chain
no ikev1 trust-point
no ikev1 radius-sdi-xauth
isakmp keepalive threshold 300 retry 2
ikev1 user-authentication xauth
no ikev2 remote-authentication
no ikev2 local-authentication
tunnel-group DefaultWEBVPNGroup ppp-attributes
no authentication pap
authentication chap
authentication ms-chap-v1
no authentication ms-chap-v2
no authentication eap-proxy
tunnel-group SSLClientProfile type remote-access
tunnel-group SSLClientProfile general-attributes
address-pool SSLClientPool
no ipv6-address-pool
authentication-server-group LOCAL
secondary-authentication-server-group none
no accounting-server-group
default-group-policy SSLCLientPolicy
no dhcp-server
no strip-realm
no nat-assigned-to-public-ip
no scep-enrollment enable
no password-management
no override-account-disable
no strip-group
no authorization-required
username-from-certificate CN OU
secondary-username-from-certificate CN OU
authentication-attr-from-server primary
authenticated-session-username primary
tunnel-group SSLClientProfile webvpn-attributes
customization DfltCustomization
authentication aaa
no override-svc-download
no radius-reject-message
no proxy-auth sdi
no pre-fill-username ssl-client
no pre-fill-username clientless
no secondary-pre-fill-username ssl-client
no secondary-pre-fill-username clientless
group-alias SSLVPNClient enable
dns-group DefaultDNS
no without-csd
tunnel-group SSLClientProfile ipsec-attributes
no ikev1 pre-shared-key
peer-id-validate req
no chain
no ikev1 trust-point
no ikev1 radius-sdi-xauth
isakmp keepalive threshold 300 retry 2
ikev1 user-authentication xauth
no ikev2 remote-authentication
no ikev2 local-authentication
tunnel-group SSLClientProfile ppp-attributes
no authentication pap
authentication chap
authentication ms-chap-v1
no authentication ms-chap-v2
no authentication eap-proxy
tunnel-group 72.34.112.22 type ipsec-l2l
tunnel-group 72.34.112.22 general-attributes
no accounting-server-group
default-group-policy DfltGrpPolicy
tunnel-group 72.34.112.22 ipsec-attributes
ikev1 pre-shared-key *****
peer-id-validate req
no chain
no ikev1 trust-point
isakmp keepalive threshold 10 retry 2
no ikev2 remote-authentication
no ikev2 local-authentication
tunnel-group 99.92.126.61 type ipsec-l2l
tunnel-group 99.92.126.61 general-attributes
no accounting-server-group
default-group-policy DfltGrpPolicy
tunnel-group 99.92.126.61 ipsec-attributes
ikev1 pre-shared-key *****
peer-id-validate req
no chain
no ikev1 trust-point
isakmp keepalive threshold 10 retry 2
no ikev2 remote-authentication
no ikev2 local-authentication
tunnel-group 66.15.159.126 type ipsec-l2l
tunnel-group 66.15.159.126 general-attributes
no accounting-server-group
default-group-policy DfltGrpPolicy
tunnel-group 66.15.159.126 ipsec-attributes
ikev1 pre-shared-key *****
peer-id-validate req
no chain
no ikev1 trust-point
isakmp keepalive threshold 10 retry 2
no ikev2 remote-authentication
no ikev2 local-authentication
tunnel-group 173.196.157.42 type ipsec-l2l
tunnel-group 173.196.157.42 general-attributes
no accounting-server-group
default-group-policy DfltGrpPolicy
tunnel-group 173.196.157.42 ipsec-attributes
ikev1 pre-shared-key *****
peer-id-validate req
no chain
no ikev1 trust-point
isakmp keepalive threshold 10 retry 2
no ikev2 remote-authentication
no ikev2 local-authentication
tunnel-group 64.183.50.110 type ipsec-l2l
tunnel-group 64.183.50.110 general-attributes
no accounting-server-group
default-group-policy DfltGrpPolicy
tunnel-group 64.183.50.110 ipsec-attributes
ikev1 pre-shared-key *****
peer-id-validate req
no chain
no ikev1 trust-point
isakmp keepalive threshold 10 retry 2
no ikev2 remote-authentication
no ikev2 local-authentication
tunnel-group 67.52.122.18 type ipsec-l2l
tunnel-group 67.52.122.18 general-attributes
no accounting-server-group
default-group-policy DfltGrpPolicy
tunnel-group 67.52.122.18 ipsec-attributes
ikev1 pre-shared-key *****
peer-id-validate req
no chain
no ikev1 trust-point
isakmp keepalive threshold 10 retry 2
no ikev2 remote-authentication
no ikev2 local-authentication
tunnel-group 198.2.47.110 type ipsec-l2l
tunnel-group 198.2.47.110 general-attributes
no accounting-server-group
default-group-policy DfltGrpPolicy
tunnel-group 198.2.47.110 ipsec-attributes
ikev1 pre-shared-key *****
peer-id-validate req
no chain
no ikev1 trust-point
isakmp keepalive threshold 10 retry 2
no ikev2 remote-authentication
no ikev2 local-authentication
tunnel-group 162.196.15.161 type ipsec-l2l
tunnel-group 162.196.15.161 general-attributes
no accounting-server-group
default-group-policy DfltGrpPolicy
tunnel-group 162.196.15.161 ipsec-attributes
ikev1 pre-shared-key *****
peer-id-validate req
no chain
no ikev1 trust-point
isakmp keepalive threshold 10 retry 2
no ikev2 remote-authentication
no ikev2 local-authentication
tunnel-group 173.51.171.146 type ipsec-l2l
tunnel-group 173.51.171.146 general-attributes
no accounting-server-group
default-group-policy DfltGrpPolicy
tunnel-group 173.51.171.146 ipsec-attributes
ikev1 pre-shared-key *****
peer-id-validate req
no chain
no ikev1 trust-point
isakmp keepalive threshold 10 retry 2
no ikev2 remote-authentication
no ikev2 local-authentication
tunnel-group 173.198.117.154 type ipsec-l2l
tunnel-group 173.198.117.154 general-attributes
no accounting-server-group
default-group-policy GroupPolicy_173.198.117.154
tunnel-group 173.198.117.154 ipsec-attributes
ikev1 pre-shared-key *****
peer-id-validate req
no chain
no ikev1 trust-point
isakmp keepalive threshold 10 retry 2
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
tunnel-group 97.72.69.138 type ipsec-l2l
tunnel-group 97.72.69.138 general-attributes
no accounting-server-group
default-group-policy DfltGrpPolicy
tunnel-group 97.72.69.138 ipsec-attributes
ikev1 pre-shared-key *****
peer-id-validate req
no chain
no ikev1 trust-point
isakmp keepalive threshold 10 retry 2
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
!
class-map type inspect http match-all _default_gator
match request header user-agent regex _default_gator
class-map type inspect http match-all _default_msn-messenger
match response header content-type regex _default_msn-messenger
class-map type inspect http match-all _default_yahoo-messenger
match request body regex _default_yahoo-messenger
class-map type inspect http match-all _default_windows-media-player-tunnel
match request header user-agent regex _default_windows-media-player-tunnel
class-map type inspect http match-all _default_gnu-http-tunnel
match request args regex _default_gnu-http-tunnel_arg
match request uri regex _default_gnu-http-tunnel_uri
class-map type inspect http match-all _default_firethru-tunnel
match request header host regex _default_firethru-tunnel_1
match request uri regex _default_firethru-tunnel_2
class-map type inspect http match-all _default_aim-messenger
match request header host regex _default_aim-messenger
class-map type inspect http match-all _default_http-tunnel
match request uri regex _default_http-tunnel
class-map type inspect http match-all _default_kazaa
match response header regex _default_x-kazaa-network count gt 0
class-map type inspect http match-all _default_shoutcast-tunneling-protocol
match request header regex _default_icy-metadata regex _default_shoutcast-tunneling-protocol
class-map class-default
match any
class-map inspection_default
match default-inspection-traffic
class-map type inspect http match-all _default_GoToMyPC-tunnel
match request args regex _default_GoToMyPC-tunnel
match request uri regex _default_GoToMyPC-tunnel_2
class-map type inspect http match-all _default_httport-tunnel
match request header host regex _default_httport-tunnel
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
no message-length maximum server
dns-guard
protocol-enforcement
nat-rewrite
no id-randomization
no id-mismatch
no tsig enforced
policy-map type inspect rtsp _default_rtsp_map
description Default RTSP policymap
parameters
policy-map type inspect ipv6 _default_ipv6_map
description Default IPV6 policy-map
parameters
verify-header type
verify-header order
match header routing-type range 0 255
drop log
policy-map type inspect h323 _default_h323_map
description Default H.323 policymap
parameters
no rtp-conformance
policy-map type inspect esmtp _default_esmtp_map
description Default ESMTP policy-map
parameters
mask-banner
no mail-relay
no special-character
no allow-tls
match cmd line length gt 512
drop-connection log
match cmd RCPT count gt 100
drop-connection log
match body line length gt 998
log
match header line length gt 998
drop-connection log
match sender-address length gt 320
drop-connection log
match MIME filename length gt 255
drop-connection log
match ehlo-reply-parameter others
mask
policy-map type inspect ip-options _default_ip_options_map
description Default IP-OPTIONS policy-map
parameters
router-alert action allow
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225 _default_h323_map
inspect h323 ras _default_h323_map
inspect rsh
inspect rtsp
inspect esmtp _default_esmtp_map
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options _default_ip_options_map
inspect icmp
inspect icmp error
class class-default
policy-map type inspect sip _default_sip_map
description Default SIP policymap
parameters
im
no ip-address-privacy
traffic-non-sip
no rtp-conformance
policy-map type inspect dns _default_dns_map
description Default DNS policy-map
parameters
no message-length maximum client
no message-length maximum
no message-length maximum server
dns-guard
protocol-enforcement
nat-rewrite
no id-randomization
no id-mismatch
no tsig enforced
policy-map type inspect ipsec-pass-thru _default_ipsec_passthru_map
description Default IPSEC-PASS-THRU policy-map
parameters
esp per-client-max 0 timeout 0:10:00
!
service-policy global_policy global
imap4s
port 993
no server
outstanding 20
name-separator :
server-separator @
authentication-server-group LOCAL
no authorization-server-group
no accounting-server-group
default-group-policy DfltGrpPolicy
no authentication
no authorization-required
authorization-dn-attributes CN OU
pop3s
port 995
no server
outstanding 20
name-separator :
server-separator @
authentication-server-group LOCAL
no authorization-server-group
no accounting-server-group
default-group-policy DfltGrpPolicy
no authentication
no authorization-required
authorization-dn-attributes CN OU
smtps
port 988
no server
outstanding 20
name-separator :
server-separator @
authentication-server-group LOCAL
no authorization-server-group
no accounting-server-group
default-group-policy DfltGrpPolicy
authentication aaa
no authorization-required
authorization-dn-attributes CN OU
prompt hostname context
auto-update device-id hostname
auto-update poll-period 720 0 5
auto-update timeout 0
compression anyconnect-ssl http-comp
no coredump enable
call-home reporting anonymous
call-home
alert-group all
alert-group-config environment
threshold cpu 85-90
threshold memory 85-90
event-queue-size 10
rate-limit 10
profile _anonymous
active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination message-size-limit 3145728
destination preferred-msg-format xml
destination transport-method http
subscribe-to-alert-group diagnostic severity disaster
subscribe-to-alert-group inventory periodic monthly 7
subscribe-to-alert-group configuration export minimum periodic monthly 7
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email callhome@cisco.com
destination message-size-limit 3145728
destination preferred-msg-format xml
destination transport-method http
subscribe-to-alert-group diagnostic severity informational
subscribe-to-alert-group environment severity informational
subscribe-to-alert-group inventory periodic monthly 7
subscribe-to-alert-group configuration export minimum periodic monthly 7
subscribe-to-alert-group telemetry periodic daily
no password encryption aes
Cryptochecksum:cf69cde1ca9e36611705af7a8127d577
: end