Hi,
I am facing issue with portforwarding from outside internet to inside interface of Cisco ASA, i already enable natting and access list but still i cannot access the ldap server on inside interface of ASA. Any help will be great. Below is the configuration done to allow outside access to inside with for ldap port
object-group network LDAP_DC5_ACCESS
description DC5_PUBLIC_ACCESS_IP
network-object 99.132.180.0 255.255.255.0
network-object 99.132.181.0 255.255.255.0
network-object 99.132.182.0 255.255.255.0
network-object 99.132.183.0 255.255.255.0
network-object 99.183.28.0 255.255.252.0
network-object 62.209.50.0 255.255.255.0
network-object 62.209.51.0 255.255.255.0
network-object 81.207.212.0 255.255.255.0
network-object 81.207.213.0 255.255.255.0
network-object 81.209.104.0 255.255.255.0
access-group outside_access_in in interface outside
access-list outside_access_in extended permit tcp object-group LDAP_DC5_ACCESS host 10.10.14.12 eq ldap
access-list outside_access_in extended permit tcp object-group LDAP_DC5_ACCESS host 10.10.14.12 eq ldaps
access-group outside_access_in in interface outside
object network DC5
host 10.10.14.12
nat (inside,outside) static interface service tcp ldap ldap
=================================================================================
And Running configuration for the Cisco ASA can be seen down.
name 10.10.17.1 RY-N-SW1 description Core Switch name 10.10.14.11 RY-S-BB1 description Black Berry Server name 10.10.15.2 RY-S-DC1 description RY Old Domain Server name 10.10.14.2 RY-S-DC3 description Riyadh new Domain Controller name 10.10.14.5 RY-S-EX2 description Riyadh Exchange Server no mac-address auto ip local pool vpn19users 10.10.19.1-10.10.19.254 mask 255.255.255.0
! interface GigabitEthernet0/0 nameif outside security-level 0 ip address 81.213.205.130 255.255.255.0 ! interface GigabitEthernet0/1 nameif inside security-level 100 ip address 172.16.2.1 255.255.255.252 rip send version 2 rip receive version 2 ! interface GigabitEthernet0/2 nameif DMZ security-level 20 ip address 192.168.2.3 255.255.255.0 rip receive version 2 ! interface GigabitEthernet0/3 shutdown no nameif no security-level no ip address ! interface GigabitEthernet0/4 speed 1000 duplex full no nameif no security-level no ip address ! interface GigabitEthernet0/5 speed 1000 duplex full no nameif no security-level no ip address ! interface Management0/0 management-only nameif management security-level 100 ip address 10.10.10.1 255.255.255.0 ! boot system disk0:/asa964-smp-k8.bin boot system disk0:/asa952-smp-k8.bin ftp mode passive clock timezone AST 3 dns domain-lookup outside dns domain-lookup inside dns domain-lookup DMZ dns domain-lookup management dns server-group DefaultDNS name-server RY-S-DC3 name-server 10.10.14.9 domain-name bahamdan.net same-security-traffic permit intra-interface object network NETWORK_OBJ_10.10.19.0_24 subnet 10.10.19.0 255.255.255.0 object network NETWORK_OBJ_10.14.0.0_16 subnet 10.14.0.0 255.255.0.0 object network NETWORK_OBJ_10.10.10.0_24 subnet 10.10.10.0 255.255.255.0 object network RY_Local subnet 10.10.0.0 255.255.0.0 object network RY_DMZ subnet 192.168.2.0 255.255.255.0 object network NY_Remote subnet 10.9.0.0 255.255.0.0 object network DxB_Network subnet 10.12.0.0 255.255.0.0 object network SAFANAD-AZURE subnet 10.20.0.0 255.255.252.0 object network Webex_Int host 192.168.2.16 object network Webex_Ext host 81.213.205.136 object network VCSE host 192.168.2.22 object network CS1 host 10.10.14.38 description CAS Server object network EX3 host 10.10.14.36 description EX3 Server object network EX5 host 10.10.14.25 object network Exchange host 192.168.2.10 description exchange server DMZ object network Anyconnect subnet 10.10.19.0 255.255.255.0 object network 10.10.14.0 subnet 10.10.14.0 255.255.255.0 object network VPN-POOL subnet 10.10.224.0 255.255.255.0 object network VCSE_EXT host 81.213.205.122 description VCSE external IP address object network VoIP_Network subnet 10.10.50.0 255.255.255.0 object network KBV_Network subnet 10.14.0.0 255.255.0.0 object network KBV_DMZ subnet 192.168.3.0 255.255.255.0 object network UK2_Kamal subnet 10.21.10.0 255.255.255.0 description UK2 Kamal Apartment object network Ext_FCM host 81.213.205.180 description EXt_FCM_temp object network FCM host 10.10.10.200 description FCM_temp object network core object network BGFileShare host 10.10.14.43 description FileSharing object network Internet_Router host 81.213.205.129 object network SolarWinds host 10.10.14.26 description SolarWinds object network DXB_DMZ subnet 192.168.4.0 255.255.255.0 object network NY_DMZ subnet 192.168.5.0 255.255.255.0 object network VCSE_HOST host 192.168.2.22 description VCS Expressway DMZ object network VCS-C_HOST host 10.10.50.222 description The VCS Control Host object network DMZ-V-EDGE host 192.168.2.10 description Exchange SMTP server object network WEBEX_HOST host 192.168.2.16 object network Webex_Internal_Host host 10.10.50.9 object network Backup_Server host 10.10.14.18 object network proofpoint subnet 91.207.212.0 255.255.255.0 object network DC5 host 10.10.14.12 object-group network BGHL_RY_LOCAL description Local & DMZ network network-object object RY_Local network-object object RY_DMZ object-group network DxB_Remote network-object object DxB_Network network-object object SAFANAD-AZURE network-object object DXB_DMZ object-group network Inside_Exch_Servers network-object object EX3 network-object object EX5 network-object object CS1 object-group network REMOTE-SITES network-object 10.12.0.0 255.255.0.0 network-object 10.9.0.0 255.255.0.0 object-group network RmoteV network-object 10.12.0.0 255.255.0.0 network-object 10.9.0.0 255.255.0.0 object-group network KBV_Remote network-object object KBV_DMZ network-object object KBV_Network object-group network DM_INLINE_NETWORK_1 network-object object RY_DMZ network-object object RY_Local object-group network DM_INLINE_NETWORK_2 network-object object CS1 network-object object EX5 object-group service Sara_Services_Ports tcp port-object eq 6101 port-object eq domain port-object eq www port-object eq https port-object eq smtp object-group protocol DM_INLINE_PROTOCOL_1 protocol-object ip protocol-object udp protocol-object tcp object-group network DM_INLINE_NETWORK_5 network-object host 46.228.47.114 network-object host 216.58.210.206 network-object host 46.228.47.0 object-group network DM_INLINE_NETWORK_4 network-object object CS1 network-object object EX5 object-group service DM_INLINE_TCP_1 tcp port-object eq https port-object eq smtp object-group network DXB_DMZ_Group network-object object DXB_DMZ object-group network DM_INLINE_NETWORK_6 network-object object NY_DMZ network-object object NY_Remote object-group network NY_DMZ_Group network-object object NY_DMZ object-group network DM_INLINE_NETWORK_7 network-object object NY_DMZ network-object object NY_Remote object-group service VCSE_TCP_PORTS tcp port-object eq 2222 port-object range 36000 59999 port-object eq 5061 port-object eq 5222 port-object eq 7001 port-object eq 7002 port-object eq 7400 port-object eq 8443 port-object eq h323 port-object eq www port-object eq https port-object eq sip object-group service VCSE_UDP_PORTS udp port-object range 36000 59999 object-group service DM_INLINE_SERVICE_1 service-object tcp destination eq domain service-object tcp destination eq www service-object tcp destination eq https service-object tcp destination eq smtp service-object udp destination eq domain service-object icmp service-object udp destination eq ntp object-group network TRN description Trusted Remote Networks network-object 10.10.10.0 255.255.255.0 network-object 172.16.2.0 255.255.255.252 network-object 192.168.2.0 255.255.255.0 network-object object Anyconnect network-object object DXB_DMZ network-object object DxB_Network network-object object KBV_DMZ network-object object NY_DMZ network-object object NY_Remote network-object object RY_DMZ network-object object SAFANAD-AZURE network-object object UK2_Kamal network-object object RY_Local object-group service Sara_Services_Ports_UDP udp port-object eq domain port-object eq ntp object-group service Symantec_Backup tcp port-object eq 6101 object-group network LDAP_DC5_ACCESS description DC5_PUBLIC_ACCESS_IP network-object 185.132.180.0 255.255.255.0 network-object 185.132.181.0 255.255.255.0 network-object 185.132.182.0 255.255.255.0 network-object 185.132.183.0 255.255.255.0 network-object 185.183.28.0 255.255.252.0 network-object 62.209.50.0 255.255.255.0 network-object 62.209.51.0 255.255.255.0 network-object 91.207.212.0 255.255.255.0 network-object 91.207.213.0 255.255.255.0 network-object 91.209.104.0 255.255.255.0 object-group network Proofpoint description Proofpoint IP network-object 185.132.180.0 255.255.255.0 network-object 185.132.181.0 255.255.255.0 network-object 185.132.182.0 255.255.255.0 network-object 185.132.183.0 255.255.255.0 network-object 185.183.28.0 255.255.252.0 network-object 62.209.50.0 255.255.255.0 network-object 62.209.51.0 255.255.255.0 network-object 91.207.212.0 255.255.255.0 network-object 91.207.213.0 255.255.255.0 network-object 91.209.104.0 255.255.255.0 access-list sfr_redirect extended permit ip any any access-list AnyConnect_Client_Local_Print extended deny ip any4 any4 access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq lpd access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 631 access-list AnyConnect_Client_Local_Print remark Windows' printing port access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 9100 access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol access-list AnyConnect_Client_Local_Print extended permit udp any4 host 224.0.0.251 eq 5353 access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name Resolution protocol access-list AnyConnect_Client_Local_Print extended permit udp any4 host 224.0.0.252 eq 5355 access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 137 access-list AnyConnect_Client_Local_Print extended permit udp any4 any4 eq netbios-ns access-list BHQ_splitTunnelAcl standard permit 10.10.16.0 255.255.255.0 access-list BHQ_splitTunnelAcl standard permit 10.10.14.0 255.255.255.0 access-list BHQ_splitTunnelAcl standard permit 10.10.15.0 255.255.255.0 access-list BHQ_splitTunnelAcl standard permit 10.10.50.0 255.255.255.0 access-list BHQ_splitTunnelAcl standard permit 192.168.2.0 255.255.255.0 access-list BHQ_splitTunnelAcl remark DXB access-list BHQ_splitTunnelAcl standard permit 10.12.0.0 255.255.0.0 access-list BHQ_splitTunnelAcl remark NY access-list BHQ_splitTunnelAcl standard permit 10.9.0.0 255.255.0.0 access-list BHQ_splitTunnelAcl standard permit 172.16.2.0 255.255.255.252 access-list BHQ_splitTunnelAcl remark David VA2 access-list BHQ_splitTunnelAcl standard permit 10.20.10.0 255.255.255.0 access-list outside_cryptomap_4 extended permit ip object RY_Local object-group DxB_Remote access-list outside_cryptomap_1 extended permit ip object RY_Local object UK2_Kamal access-list inside_access_in remark Block Sites access-list inside_access_in extended deny ip any object-group DM_INLINE_NETWORK_5 inactive access-list inside_access_in extended permit ip any any inactive access-list inside_access_in extended permit ip object-group TRN any access-list outside_access_in remark Accees from internet Router to Solarwinds access-list outside_access_in extended permit ip object Internet_Router object SolarWinds access-list outside_access_in extended permit udp any object VCSE object-group VCSE_UDP_PORTS access-list outside_access_in extended permit tcp any object VCSE object-group VCSE_TCP_PORTS access-list outside_access_in extended permit tcp any object Webex_Int eq https access-list outside_access_in extended permit ip any object-group BGHL_RY_LOCAL inactive access-list outside_access_in extended permit tcp any object Exchange eq smtp access-list outside_access_in extended permit tcp any object-group DM_INLINE_NETWORK_4 object-group DM_INLINE_TCP_1 access-list outside_access_in extended permit tcp object-group LDAP_DC5_ACCESS host 10.10.14.12 eq ldap access-list outside_access_in extended permit tcp object-group LDAP_DC5_ACCESS host 10.10.14.12 eq ldaps access-list DMZ_access_in extended permit ip object KBV_DMZ object RY_DMZ inactive access-list DMZ_access_in extended permit ip object-group TRN object-group DM_INLINE_NETWORK_1 inactive access-list DMZ_access_in extended permit ip object RY_Local object RY_DMZ inactive access-list DMZ_access_in extended deny ip object RY_DMZ object-group TRN inactive access-list DMZ_access_in extended permit object-group DM_INLINE_SERVICE_1 object RY_DMZ any access-list DMZ_access_in extended permit tcp object DMZ-V-EDGE object-group DM_INLINE_NETWORK_2 eq smtp access-list DMZ_access_in extended permit udp object VCSE_HOST object VCS-C_HOST object-group VCSE_UDP_PORTS access-list DMZ_access_in extended permit tcp object VCSE_HOST object VCS-C_HOST object-group VCSE_TCP_PORTS access-list DMZ_access_in extended permit ip object WEBEX_HOST object Webex_Internal_Host access-list DMZ_access_in extended permit tcp object RY_DMZ object Backup_Server object-group Symantec_Backup access-list no_nat extended permit ip object RY_Local 10.10.19.0 255.255.255.0 access-list Split_Tunnel_List standard permit 10.10.19.0 255.255.255.0 access-list Split_Tunnel_List standard permit 172.16.2.0 255.255.255.252 access-list inside_access_out extended permit ip any any access-list outside_access_out remark Block any Suspicious PC ,laptop,mobile or any access-list outside_access_out extended deny object-group DM_INLINE_PROTOCOL_1 host 10.10.18.94 any inactive access-list outside_access_out extended permit ip any any access-list SPLIT-TUNNEL standard permit 10.9.0.0 255.255.0.0 access-list SPLIT-TUNNEL standard permit 10.12.0.0 255.255.0.0 access-list SPLIT-TUNNEL standard permit 10.21.10.0 255.255.255.0 access-list outside_in extended permit tcp any object Webex_Int eq https access-list outside_in extended permit tcp any object VCSE access-list outside_in extended permit tcp any object VCSE eq https access-list outside_in extended permit tcp any object VCSE eq 8443 access-list outside_in extended permit ip any object VCSE access-list outside_in extended permit tcp any object VCSE eq 5061 access-list outside_in extended permit tcp any object VCSE eq 5222 access-list outside_in extended permit udp any object VCSE range 36002 59999 access-list outside_in extended permit udp any object VCSE range 3478 3483 access-list outside_in extended permit udp any object VCSE range 24000 24999 access-list outside_in extended permit icmp any4 any4 echo-reply inactive access-list outside_in extended permit tcp any object VCSE eq 7001 access-list outside_in extended permit tcp any object VCSE eq 7002 access-list outside_in extended permit tcp any object VCSE eq 7400 access-list outside_in extended permit tcp any object VCSE eq 2222 access-list outside_in extended permit udp any object VCSE range 36000 36011 access-list outside_in extended permit tcp object VCSE eq 7001 any access-list outside_in extended permit tcp object VCSE eq 7002 any access-list outside_in extended permit tcp object VCSE eq 7400 any access-list outside_in extended permit tcp object VCSE eq 2222 any access-list outside_in extended permit udp object VCSE range 36000 36011 any access-list outside_in extended permit tcp any object VCSE eq 5062 access-list outside_in extended permit tcp any object VCSE eq sip access-list outside_in extended permit udp any object VCSE eq sip access-list outside_in extended permit udp any object VCSE eq 5061 access-list outside_in extended permit udp any object VCSE eq 5062 access-list outside_in extended permit tcp any object VCSE eq 7601 access-list outside_cryptomap_3 extended permit ip object-group BGHL_RY_LOCAL object-group KBV_Remote access-list Riverbed_TCP_Option_76 extended permit tcp any any log access-list Riverbed_TCP_Option_78 extended permit tcp any any log access-list outside_cryptomap_2 extended permit ip object RY_Local object UK2_Kamal access-list RemoteVPN_splitTunnelAcl standard permit 10.10.0.0 255.255.0.0 access-list RemoteVPN_splitTunnelAcl standard permit 10.20.1.0 255.255.255.0 access-list RemoteVPN_splitTunnelAcl remark David VA2 access-list RemoteVPN_splitTunnelAcl standard permit 10.20.10.0 255.255.255.0 access-list RemoteVPN_splitTunnelAcl standard permit 10.9.0.0 255.255.0.0 access-list RemoteVPN_splitTunnelAcl standard permit 10.12.0.0 255.255.0.0 access-list RemoteVPN_splitTunnelAcl standard permit 192.168.2.0 255.255.255.0 access-list RemoteVPN_splitTunnelAcl remark RY2-v-ur4 access-list RemoteVPN_splitTunnelAcl standard permit host 10.14.14.41 access-list RemoteVPN_splitTunnelAcl remark Villa Access from VPN access-list RemoteVPN_splitTunnelAcl standard permit 10.14.0.0 255.255.0.0 access-list outside_cryptomap_5 extended permit ip object RY_Local object-group DM_INLINE_NETWORK_6 ! tcp-map Riverbed_TCP_Option_76_Tmap tcp-options range 76 76 allow tcp-options md5 clear ! tcp-map Riverbed_TCP_Option_78_Tmap tcp-options range 78 78 allow tcp-options md5 clear ! pager lines 24 logging enable logging standby logging emblem logging buffer-size 100096 logging console errors logging monitor critical logging buffered critical logging trap informational logging history warnings logging asdm critical logging mail critical logging from-address solarwindsadmin@bahamdan.net logging recipient-address IT_EMAIL_NOTICE@bahamdan.net level errors logging host inside 10.10.14.26 logging debug-trace flow-export destination inside 10.10.14.26 2055 flow-export template timeout-rate 1 mtu outside 1500 mtu inside 1500 mtu DMZ 1500 mtu management 1500 no failover no monitor-interface service-module icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-791.bin no asdm history enable arp timeout 14400 no arp permit-nonconnected arp rate-limit 16384 nat (DMZ,outside) source static BGHL_RY_LOCAL BGHL_RY_LOCAL destination static KBV_Remote KBV_Remote no-proxy-arp route-lookup nat (inside,outside) source static BGHL_RY_LOCAL BGHL_RY_LOCAL destination static KBV_Remote KBV_Remote no-proxy-arp route-lookup nat (inside,DMZ) source dynamic VoIP_Network interface destination static VCSE_EXT VCSE nat (DMZ,outside) source static RY_DMZ RY_DMZ destination static Anyconnect Anyconnect no-proxy-arp route-lookup nat (inside,outside) source static RY_Local RY_Local destination static Anyconnect Anyconnect no-proxy-arp route-lookup nat (inside,outside) source static BGHL_RY_LOCAL BGHL_RY_LOCAL destination static DxB_Remote DxB_Remote no-proxy-arp route-lookup nat (inside,outside) source static BGHL_RY_LOCAL BGHL_RY_LOCAL destination static DM_INLINE_NETWORK_7 DM_INLINE_NETWORK_7 no-proxy-arp route-lookup nat (inside,outside) source static BGHL_RY_LOCAL BGHL_RY_LOCAL destination static UK2_Kamal UK2_Kamal no-proxy-arp route-lookup nat (inside,outside) source dynamic BGHL_RY_LOCAL interface nat (DMZ,outside) source dynamic RY_DMZ interface inactive nat (inside,outside) source static any any destination static NETWORK_OBJ_10.10.19.0_24 NETWORK_OBJ_10.10.19.0_24 no-proxy-arp route-lookup nat (inside,outside) source static REMOTE-SITES REMOTE-SITES destination static VPN-POOL VPN-POOL nat (inside,outside) source static RmoteV RmoteV destination static VPN-POOL VPN-POOL nat (inside,outside) source static RY_Local RY_Local destination static DxB_Remote DxB_Remote no-proxy-arp route-lookup nat (inside,outside) source static RY_Local RY_Local destination static UK2_Kamal UK2_Kamal no-proxy-arp route-lookup nat (inside,outside) source static RY_Local RY_Local destination static NETWORK_OBJ_10.10.19.0_24 NETWORK_OBJ_10.10.19.0_24 no-proxy-arp route-lookup nat (inside,outside) source static RY_Local RY_Local destination static NY_Remote NY_Remote no-proxy-arp route-lookup inactive nat (inside,outside) source static RY_Local RY_Local destination static DM_INLINE_NETWORK_6 DM_INLINE_NETWORK_6 no-proxy-arp route-lookup inactive ! object network Webex_Int nat (DMZ,outside) static Webex_Ext object network VCSE nat (DMZ,outside) static VCSE_EXT object network CS1 nat (inside,outside) static 81.213.205.132 object network Exchange nat (DMZ,outside) static 81.213.205.133 object network DC5 nat (inside,outside) static interface service tcp ldap ldap access-group outside_access_in in interface outside access-group outside_access_out out interface outside access-group inside_access_in in interface inside access-group inside_access_out out interface inside access-group DMZ_access_in in interface DMZ router rip network 10.0.0.0 network 192.168.2.0 passive-interface DMZ default-information originate ! route outside 0.0.0.0 0.0.0.0 81.213.205.129 1 route inside 10.10.10.0 255.255.255.0 172.16.2.2 1 route inside 10.10.14.0 255.255.255.0 172.16.2.2 1 route inside 10.10.16.0 255.255.255.0 172.16.2.2 1 route inside 10.10.17.0 255.255.255.0 172.16.2.2 1 route inside 10.10.18.0 255.255.255.0 172.16.2.2 1 route inside 10.10.24.0 255.255.255.0 172.16.2.2 1 route inside 10.10.50.0 255.255.255.0 172.16.2.2 1 timeout xlate 3:00:00 timeout pat-xlate 0:00:30 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 timeout conn-holddown 0:00:15 aaa-server BHQ-AD protocol radius aaa-server BHQ-AD (inside) host 10.10.14.9 key ***** user-identity default-domain LOCAL aaa authentication ssh console LOCAL aaa authentication http console LOCAL http server enable http 10.10.10.0 255.255.255.0 management http 10.10.14.0 255.255.255.0 inside http 10.9.10.0 255.255.255.0 inside http 10.12.14.0 255.255.255.0 inside http 10.14.14.0 255.255.255.0 inside http 10.10.16.0 255.255.255.0 inside snmp-server location RY LAN snmp-server contact mabudeeb@bahamdan.com snmp-server community ***** snmp-server enable traps syslog snmp-server enable traps entity config-change fru-insert fru-remove sysopt connection tcpmss 1200 crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transport crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transport crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transport crypto ipsec ikev2 ipsec-proposal DES protocol esp encryption des protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal 3DES protocol esp encryption 3des protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES protocol esp encryption aes protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES192 protocol esp encryption aes-192 protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES256 protocol esp encryption aes-256 protocol esp integrity sha-1 md5 crypto ipsec security-association pmtu-aging infinite crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1 crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES crypto map outside_map 2 match address outside_cryptomap_1 crypto map outside_map 2 set peer 217.41.57.235 crypto map outside_map 2 set ikev1 transform-set ESP-3DES-SHA crypto map outside_map 3 match address outside_cryptomap_4 crypto map outside_map 3 set peer 151.253.72.139 crypto map outside_map 3 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 crypto map outside_map 4 match address outside_cryptomap_3 crypto map outside_map 4 set peer 37.216.216.238 crypto map outside_map 4 set ikev1 transform-set ESP-DES-SHA crypto map outside_map 5 match address outside_cryptomap_2 crypto map outside_map 5 set peer 217.41.57.235 crypto map outside_map 5 set ikev1 transform-set ESP-DES-SHA crypto map outside_map 6 match address outside_cryptomap_5 crypto map outside_map 6 set peer 204.145.77.98 crypto map outside_map 6 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP crypto map outside_map interface outside crypto ca trustpoint ASDM_TrustPoint0 enrollment self subject-name CN=RY-X-ASA1 crl configure crypto ca trustpoint StarSSL_Inter enrollment terminal crl configure crypto ca trustpoint AnyConnect_SSL2017 enrollment terminal subject-name CN=vpn.bahamdan.com,OU=IT,O=Bahamdan Group,C=SA,St=Central,L=RY,EA=info@bahamdan.com keypair AnyConnectKey crl configure crypto ca trustpoint StarCom_new_Inter enrollment terminal crl configure crypto ca trustpoint StarCom_Root_2017 enrollment terminal crl configure crypto ca trustpoint Godaddy_SSL_AnyConnect_2017 enrollment terminal subject-name CN=vpn.bahamdan.com,OU=IT,O=Bahamdan Group,C=SA,St=Central,L=Riyadh,EA=info@bahamdan.com keypair AnyConnectKey crl configure crypto ca trustpoint Godaddy_Intermediate enrollment terminal crl configure crypto ca trustpool policy crypto ca certificate chain ASDM_TrustPoint0 certificate 365c1c57 308201ed 30820156 a0030201 02020436 5c1c5730 0d06092a 864886f7 0d010105 0500303b 31123010 06035504 03130952 592d582d 41534131 31253023 06092a86 4886f70d 01090216 1652592d 582d4153 41312e62 6168616d 64616e2e 6e657430 1e170d31 36303432 34303535 3631345a 170d3236 30343232 30353536 31345a30 3b311230 10060355 04031309 52592d58 2d415341 31312530 2306092a 864886f7 0d010902 16165259 2d582d41 5341312e 62616861 6d64616e 2e6e6574 30819f30 0d06092a 864886f7 0d010101 05000381 8d003081 89028181 00c846cf 4d8b1fd0 7a490efd 0e6093d4 c9924e41 f2f84ec1 6cba0054 95b5226b eba1b001 fd035442 07f6bee4 f2bae815 7a8cff1d f077f895 8bc300b8 7bfca25b 01d0a125 0b63a01f ad7aa9e3 ee9dec44 13c11acb 0bbc8e12 30fd964e 116024ce 962d459d 766e75bd 0610dc82 e2ff9bca edf82902 630fc52b 6bb923e5 037cff4d 23020301 0001300d 06092a86 4886f70d 01010505 00038181 007a3561 1141249d ae34c095 f724ebae aaf5d16d 8fd3e0ed 63291434 148bdf2c 5e8b122f c9fd5cb0 bf138bb2 367c3710 a718e9f3 968bee6a 214959db 4d3ba5ea 01f9f06e f4c7d4bd 06f120f2 41792e28 17137849 dff459b7 50fe02fa 3aff81e6 faa88563 955bdc9c 1eed2135 bbd448e2 d34fa9b9 dd4353f6 0caf12d7 e0234fee ea quit crypto ca certificate chain StarSSL_Inter certificate ca 6a5dc3e53b4e4fd07b691ea5fcec646b 308205e5 308203cd a0030201 0202106a 5dc3e53b 4e4fd07b 691ea5fc ec646b30 0d06092a 864886f7 0d01010b 0500307d 310b3009 06035504 06130249 4c311630 14060355 040a130d 53746172 74436f6d 204c7464 2e312b30 29060355 040b1322 53656375 72652044 69676974 616c2043 65727469 66696361 74652053 69676e69 6e673129 30270603 55040313 20537461 7274436f 6d204365 72746966 69636174 696f6e20 41757468 6f726974 79301e17 0d313531 32313630 31303030 355a170d 33303132 31363031 30303035 5a307831 0b300906 03550406 1302494c 31163014 06035504 0a130d53 74617274 436f6d20 4c74642e 31293027 06035504 0b132053 74617274 436f6d20 43657274 69666963 6174696f 6e204175 74686f72 69747931 26302406 03550403 131d5374 61727443 6f6d2043 6c617373 20312044 56205365 72766572 20434130 82012230 0d06092a 864886f7 0d010101 05000382 010f0030 82010a02 82010100 daecf4aa 88678bb0 4b626696 bfc94468 e6c22b4c a033ceac 79e376c3 d156e075 af41b40a 4580efcb 8de416e3 26143e11 1e41e7d4 c93bb228 d7909fc5 f0d1fee5 38db8a7b 3bb45202 65777e41 ed8e0c23 1c59b38b a18079e2 c339d78b 6c664ea6 dcce2566 2de0993e c848588d 74aa5ffc 2ddd6706 ac59e6be 75b2e9c1 059911c3 3aa025e6 5bfe8bde 4c100210 b41a1266 dab055ad 8103bd9a b510adc1 bfe83980 05bc0d57 eeb146a2 a325b4c1 f41d9cab 4e2efd4c e2bb5ece b2ad13c4 f9b63c9e 2af16a31 7f77f8b6 15953f15 b3eb03d7 6b379dc9 5da840cb 53cf4888 18e0e85b 1b2df336 29eb7fdd 16dfbe08 1f40c3d0 b218a976 1ad92fca b5d2389b 4e556219 02030100 01a38201 64308201 60300e06 03551d0f 0101ff04 04030201 06301d06 03551d25 04163014 06082b06 01050507 03020608 2b060105 05070301 30120603 551d1301 01ff0408 30060101 ff020100 30320603 551d1f04 2b302930 27a025a0 23862168 7474703a 2f2f6372 6c2e7374 61727473 736c2e63 6f6d2f73 66736361 2e63726c 30660608 2b060105 05070101 045a3058 30240608 2b060105 05073001 86186874 74703a2f 2f6f6373 702e7374 61727473 736c2e63 6f6d3030 06082b06 01050507 30028624 68747470 3a2f2f61 69612e73 74617274 73736c2e 636f6d2f 63657274 732f6361 2e637274 301d0603 551d0e04 160414d7 914e01c4 b0bff8c8 6793449c e733faad 930caf30 1f060355 1d230418 30168014 4e0bef1a a4405ba5 17698730 ca346843 d041aef2 303f0603 551d2004 38303630 34060455 1d200030 2c302a06 082b0601 05050702 01161e68 7474703a 2f2f7777 772e7374 61727473 736c2e63 6f6d2f70 6f6c6963 79300d06 092a8648 86f70d01 010b0500 03820201 008ee73f bde44bba 82883d2b d7bb0dab 505df794 2fccead5 8723d072 a8dd9bc5 8518d42c 056b323e c9ad446d 7e867389 30e5dfd8 2f30384b be837910 5118416c ab7b9c92 b0580679 9407202d 338444c8 2d2c8013 b24229a1 09fff00f 9e47107f 1e39f063 ae26f8be a7626947 16bc49cf c7549f47 a80ebced 06db2451 599543f9 22a2ed09 bf326550 5445de0d 9bffb4d4 35c1ce89 a840fc00 2b771897 d6ebe90f 9e2a608a 3ca37a5f 8213d60c 2dc17b9c 6b57f73a 96536d41 4f74fcf5 2af3f5a8 216dfab3 6279298e 04defa5d af5f7f3a 01072cd5 767be4d8 e1eea299 89abf787 17e137b3 e185613e 8ec63ade cff9446c 1be01261 b25d9399 6a3e9778 39c1c4e2 1844e0df 9d91bdf5 ccb6ab95 ad0cb1ca ba232880 918ef3d3 d6688da3 2b502ae6 c6b48f9e 63a7625e 1576d189 e2b0e422 ab782222 351f4ca5 a7df89e2 e06d370a d4148a8f 1519b5de c1a89df1 d65bc3da 36deed62 aaceeb19 6ed3e116 0ac30ec8 1dc36ef3 42890d60 165969ad 4bc18646 66075d88 070b7189 22946a1b 036c0b2a 4e9e633e 959dab43 748e1a43 1e859075 af294d1e eecfdc53 29ba3f1d ef5eb0b8 cfac2803 3b42f7c5 daa2b3ce d2990bef 73f874a4 a39ca618 ad8b2a7b b067046b 4035fd57 686e4f9b c054589f 566405a2 9fa2ac25 74e8f0d8 f41b8091 abb76ad7 b2c19c26 e2f509a9 4b373692 e3cd6eb5 7c3ef6d3 2c85eea5 f645163d 1df66a5a 16 quit crypto ca certificate chain AnyConnect_SSL2017 certificate 71764cccc260979d 30820641 30820429 a0030201 02020871 764cccc2 60979d30 0d06092a 864886f7 0d01010b 0500306c 310b3009 06035504 06130245 53311430 12060355 040a0c0b 53746172 74436f6d 20434131 29302706 0355040b 0c205374 61727443 6f6d2043 65727469 66696361 74696f6e 20417574 686f7269 7479311c 301a0603 5504030c 13537461 7274436f 6d204252 2053534c 20494341 301e170d 31373034 32353035 34373331 5a170d31 39303432 34323135 3730305a 3028310b 30090603 55040613 02534131 19301706 03550403 0c107670 6e2e6261 68616d64 616e2e63 6f6d3082 0122300d 06092a86 4886f70d 01010105 00038201 0f003082 010a0282 0101009c b3f9b671 88cf7cde 793a7422 162ad882 1f6c9d83 a62d5b0d e77d2eaa 945317c6 a1c84a9e 57500726 8c01fa37 9cf6be09 f90c7f03 c29af64b bc0f3b4f 5ae8de90 191a2922 c7e1f268 0a1a12b4 240c1146 9d3ffcd1 9244d7b3 b001df60 f1e9f58d 25761c5f 15f95eac adff94dd a6132356 962b52cf 8beef37b 43e1f543 b326dbba 5d0ede6d ef757a6f 6e90e808 665c5c64 4806ac34 b817e8a3 eafc3052 6ebe6dd7 bab4fcc8 d275a372 b671b4b9 f97a706a dbfd57b0 4d2e56f1 b41372c7 b70b0b4c b7ef9b48 ecaa8590 8f448593 6709781d 47e9a331 2418764b 91c18ce3 afc1cfd9 d223d9dc 47ddb914 d3727352 cbdbc585 22251a02 ff656537 02684e1c 1f550702 03010001 a3820229 30820225 30730608 2b060105 05070101 04673065 303b0608 2b060105 05073002 862f6874 74703a2f 2f616961 2e737461 7274636f 6d63612e 636f6d2f 63657274 732f7363 612e7365 72766572 312e6372 74302606 082b0601 05050730 01861a68 7474703a 2f2f6f63 73702e73 74617274 636f6d63 612e636f 6d301d06 03551d0e 04160414 772617f4 53701fdb 5bddb9fb ec941b23 2358d5d0 30090603 551d1304 02300030 1f060355 1d230418 30168014 fb104b95 b135552f bd6214a9 5202120a 68e81242 30520603 551d2004 4b304930 0d060b2b 06010401 81b53701 02033038 06066781 0c010201 302e302c 06082b06 01050507 02011620 68747470 3a2f2f77 77772e73 74617274 636f6d63 612e636f 6d2f706f 6c696379 303a0603 551d1f04 33303130 2fa02da0 2b862968 7474703a 2f2f6372 6c2e7374 61727463 6f6d6361 2e636f6d 2f736361 2d736572 76657231 2e63726c 300b0603 551d0f04 04030205 a0301d06 03551d25 04163014 06082b06 01050507 03020608 2b060105 05070301 301b0603 551d1104 14301282 1076706e 2e626168 616d6461 6e2e636f 6d308189 060a2b06 010401d6 79020402 047b0479 00770075 002cb8b5 a36cf7c0 8717e6f0 3d241d52 657e8dba c6c7d11e 747e68f3 a44b2212 44000001 5ba3ae85 ce000004 03004630 4402200c e7e46b8d 0bdd7452 7f04163e 2ffae7fd 6d5091db fc6a3777 a0df4d81 7d7adb02 2045d79e c90f52df b8ff1e9f 2b6dfe6d aa24883d 521fb549 18f9214d c3c63104 f4300d06 092a8648 86f70d01 010b0500 03820201 00068f30 dc9abb70 a0be4351 6edf8a63 371739d5 7b9a12cc fe2b48bd 02ac3369 7ad2174e f3f266af 302825c9 f5b9e61e 746832fb 0a99afa7 b8e900ba d5bf46e7 eb3b82e6 e89918f9 007dcd8e d2b32c9d 377616b6 fd8cdbfd e33bbbd0 982fb442 19abb38f 4bb65f64 c6269e18 5c5612f8 099bd842 0f41fae5 ef1c06d5 446b5b3c e55a597a c7bdd922 cdb4658f 88fa75c3 ba88c947 1dd591c5 c69ed5c9 ceec542b d247844d c986f77d 625bf692 d28e3495 9568bf40 5f55fd40 19a76261 1c7a0b4d 166e1ed6 47e62a5f 0fb8e793 6da4183d a38e609b efd3fe7c 5afa412e e2d95f35 059d51b8 77806112 2a416767 ab4a7494 639e1bca 16ec7d50 166d06b1 2e87cf63 18458e13 ec88edea 2016081b ad83c722 a8b1b4bd 2c7c50de 894ac6c7 d5564cdc cb3a7942 808dcf42 a6b2059d c6eb91b7 7b187a35 623fddf1 c65f6ea5 8d4c5523 e6f2a255 829a30b9 a4f7c099 32a4b8c2 6893e3cb 94b25282 9ef232bd d545e626 113b87b5 01db8faf d003bb14 8d22ef6f bf6a9db2 e1b70445 997373cb 20a4e8ca 9cabb4ca 59972d3d 7f05519d c752095a fb3a3a21 084c4d58 e52a00bf 11e519fa a097f822 32eb118e c7df96da de72cca4 bf4de170 2525b71a d242e56c 811dd86f ba1d93ee c0681dac 7df78b71 137b1eae 0800f1c5 812dd11a cb18929e 1d164771 e3bde0df f4fbb5b0 49d469c4 022d61df 2be331f9 85d39dc8 4570a505 3485c9dd cd quit crypto ca certificate chain StarCom_new_Inter certificate ca 14c9792b2b1da926 30820692 3082047a a0030201 02020814 c9792b2b 1da92630 0d06092a 864886f7 0d01010b 05003051 310b3009 06035504 06130245 53311430 12060355 040a0c0b 53746172 74436f6d 20434131 2c302a06 03550403 0c235374 61727443 6f6d2043 65727469 66696361 74696f6e 20417574 686f7269 74792047 33301e17 0d313730 34303731 32333233 395a170d 34323033 32323037 31373538 5a306c31 0b300906 03550406 13024553 31143012 06035504 0a0c0b53 74617274 436f6d20 43413129 30270603 55040b0c 20537461 7274436f 6d204365 72746966 69636174 696f6e20 41757468 6f726974 79311c30 1a060355 04030c13 53746172 74436f6d 20425220 53534c20 49434130 82022230 0d06092a 864886f7 0d010101 05000382 020f0030 82020a02 82020100 9be6e9e1 38683b90 73384e44 b2034613 a4dabf3a 23744908 2cfe1dbd af7dd049 039d0a28 8e3c2eac 9c5e78bc df79ff3f 6ca818f9 d21d77ee 48f55e31 30d1027b 7a5d6fa8 5b7472e0 47a5381a 7458122d 7b7b02e6 08dadd20 9d945140 76a33f95 c96f2356 459532c5 ee957ab3 fb4f8e0c 97c037e1 82c884c4 556a5b87 e8ed14ef 1cef33ea 3e60c447 dac8323a d6c8906a f0a813fb dac31492 6906211f a0a55c2e 11539938 012a88c0 83578f43 aafc5850 fa458398 e3c2b13e f0448aec 4ce8acac c1f8c5f9 8ed8e4e2 4f51dd73 f73f3500 68b6905c 9b7cc476 37cb94eb 90f81b51 99fdafaa 82e40659 0e90a8e7 a75edade 6cfa6e5c 944f1322 e4aaf490 cd31e2fa 6673dfcd df3047a4 23a461d0 62f9ad4a 2d151e03 5213c3c3 621ea584 60f6e40b bff0bc8d f6570266 0fc3dc79 ba32435a e1c8fc61 5dd23d21 07e66fbb 4278a9fd 1fec51ae 74541b17 34ef9433 bc8f6b0d 1338ae42 ba1800c1 1faa77b9 6d99d043 99569d8f 431ffb42 6a1a9def 6580b239 18bcd4e5 0cb0f667 c05104dd a5a3d626 a5ddf69b 17e60380 e832f058 6b45793d 9263ca56 3ef69a0d 00b9f3eb 0c0a331f 799f5c6b e5076009 269ece9a 5abf649a e52d0d17 50e95df4 d363bfcf d888cae0 75e59dca c6946f9b ce836a40 8578c554 59306ba3 eb339717 07cdca0b 53f344d1 825f517f 2dec0d64 41e9c407 f032acba bb5caf09 871788c6 db6309ab 71faa66d 02030100 01a38201 51308201 4d306c06 082b0601 05050701 01046030 5e303406 082b0601 05050730 02862868 7474703a 2f2f6169 612e7374 61727463 6f6d6361 2e636f6d 2f636572 74732f63 6162722e 63727430 2606082b 06010505 07300186 1a687474 703a2f2f 6f637370 2e737461 7274636f 6d63612e 636f6d30 1d060355 1d0e0416 0414fb10 4b95b135 552fbd62 14a95202 120a68e8 12423012 0603551d 130101ff 04083006 0101ff02 0100301f 0603551d 23041830 168014cb 10ad2c46 dd2645df ae17d61b 1fbdf29a 60aa1430 41060355 1d20043a 30383036 0604551d 2000302e 302c0608 2b060105 05070201 16206874 74703a2f 2f777777 2e737461 7274636f 6d63612e 636f6d2f 706f6c69 63793036 0603551d 1f042f30 2d302ba0 29a02786 25687474 703a2f2f 63726c2e 73746172 74636f6d 63612e63 6f6d2f73 66736361 62722e63 726c300e 0603551d 0f0101ff 04040302 0106300d 06092a86 4886f70d 01010b05 00038202 010047d3 73581e7c 00a72a3a 14ea3281 602443b9 91a1b666 fb984f01 840dde21 591115a0 d697201c 16fcaace ea4e8c2d a3d6cfd9 2261da85 e885fd40 14d7b49c e9c519fa a2e9c06a c7e777ea a4724339 e222e885 012920da b38cf87b cc05ffaa 98280a80 a93a9d30 b4cc5c45 93f48985 8bea4a28 314187f3 a097e8e1 8f5f83d7 2e0dcba4 cbe67163 fd9be06f 869cb1c2 59ffe276 258b8cc8 6b77d7f3 cf03afe2 11c7772a bdbca7c9 c21a6e09 aa35690e 62f8faea 48b3bde2 2787cdce bd659f8e d7075e8a 8e3ded9f 6724cf4d 879264ec f1a97ccd 696d17cb c785944a 8419d8b1 8da0eac7 f008188b dc4e8865 ad86f20c 105826ab abf99d05 29ae9749 fb5f1798 0c3b9950 afe465eb 274eff41 aaaa04fd eef785dd 30bf66a1 d40be65e a9eb8018 94869313 c220888c ed11a024 e63ff2a7 6d263996 bd049162 4825f3df 458d5435 05a13443 3ce837c3 0fe2603f 9028e187 8c14572d a5b5c0d5 4671bd6e b2f3b1bd 6e927b30 a856e9ce 2731ec31 601e749e 5a8a3c59 ff72a77c 436ca8cc d4dac67d 20cf56a1 d077a8b0 20aa38ce 629c8e26 f5a763d9 00b360b5 5c1eefcd 045b60a8 bc0fae0d f54c9c22 400d98f5 919e693c eba55a4c e88cefc6 9f348786 cf0a9c7b a015b106 8f9b4428 4d5d0c49 678dbbfe bb7980e3 64a83270 7359a6a6 890528b1 e9359d3c 59407ab8 70b86976 2fd9c08c 0d7b87a4 79ec7736 0d75df1d 663fca4a f68e quit crypto ca certificate chain StarCom_Root_2017 certificate ca 3fad7fd6a9bfb83a 30820566 3082034e a0030201 0202083f ad7fd6a9 bfb83a30 0d06092a 864886f7 0d01010b 05003051 310b3009 06035504 06130245 53311430 12060355 040a0c0b 53746172 74436f6d 20434131 2c302a06 03550403 0c235374 61727443 6f6d2043 65727469 66696361 74696f6e 20417574 686f7269 74792047 33301e17 0d313730 33323230 37313935 365a170d 34323033 32323037 31373538 5a305131 0b300906 03550406 13024553 31143012 06035504 0a0c0b53 74617274 436f6d20 4341312c 302a0603 5504030c 23537461 7274436f 6d204365 72746966 69636174 696f6e20 41757468 6f726974 79204733 30820222 300d0609 2a864886 f70d0101 01050003 82020f00 3082020a 02820201 00ea2b70 234ab89b 4faaf0bd 4dca38e4 8145a708 082881a5 e5e969fb 2af83d8a 7ef38275 5212e2dd 8966c1b8 dc721026 22d7b81a 5a5aa8d0 f7a960df fea2b38a c426d48e 685845c0 e2529808 1d68b92e 4a5ff273 c707e8d6 7bf05dba 646495d3 b050b0c2 0e0c0ca6 43e7fced 9e1e16ca 5e05863b 2d11b3bf f53467cf 219ca42e 22714a0c 228f6d73 e07ad19d fc82fb5b c0866f2a 7f40e0a4 d2c22e82 e01007d6 31dc6366 20b1dfb5 38377337 aa7e1bf5 d77887df 3e67147a 7e39668e 129c01bd 539149f1 e760032e 470c95ff 7bf2ef0d 40be8c1b b7ebac7d a6eed421 9bac5706 128d670a 03477c99 00fd96bb c7033f7e f8f8d3d4 5edede5d 70070811 3e0b2a4c 15002dab 7801e6eb f03cd852 0548152c efba0467 12fa7ff5 799c5961 04e755e9 793b8af1 5b7face2 f359d24b 28b38627 e79ee79e 6c898cf5 a73ea9d0 4f5842b6 e6ca0926 7ad893bf afcf9517 52a88f40 1613d592 596e030d 2141d4fe af99fc58 06199d0b abb0ee42 e2fe38a7 3ced4c52 47fbe6db 94143d0d 5e438aa8 beda6c52 d602a529 7c467513 b6e31fc7 ea53f029 0eac273f c627d85e 8a9569f3 0b043a81 7d655847 3df80e4c 5127eb97 f0f0b03b ea9aef50 7d786845 c8b8e18a 80c91618 250d4dde ede73c74 525712d1 ac797ec0 4f862da2 6b635258 bd3a31b9 fecfa7eb 017521e3 697741b3 24d76ff7 d34ee107 2436d3f6 6e91dd39 5f59b463 c89d7939 ad020301 0001a342 3040301d 0603551d 0e041604 14cb10ad 2c46dd26 45dfae17 d61b1fbd f29a60aa 14300f06 03551d13 0101ff04 05300301 01ff300e 0603551d 0f0101ff 04040302 0106300d 06092a86 4886f70d 01010b05 00038202 0100208f c11ec875 30c0a4dd 7d6a824b 3a0b4639 747288bd 0b74027d 1f88ecd2 14105787 d749fc82 404a9ed2 5cd3c7db ed3a578d 98fbb9a4 e89620f3 76906f5c 9d8ce916 0c440525 b60f02ee 0589fea8 619f9deb 4e347517 6945a945 f0d986c3 7387c27b 4bc128fb 2203273f 4cde2f11 8e91926a 24283bab e09d9815 8d192e40 c37be967 2d50414e b8718087 1d67f46e 24030dd6 f0640d03 c94c77c4 b0a46832 c8cfb191 aa401348 b72601c7 530b2dfc c52c873c 100fee64 1054f2e4 c2c4d083 2b23fdb4 1de7d02a 3f936257 43c09838 377e3e52 29b5ed82 b67cbdbf 5e513caf 98bea280 50159291 95d05fef 745262f1 503fb26a 102c1df2 c71beed4 3655618a cd16cd6d 80ec9a88 264a5787 09610e23 7825c048 521e257d 554891ca 8a81bedf c78172b8 8937e28b 33d07780 4a9890ab ce396ae4 e613934e 6a80ac85 0ffff1bb ab7dd432 7882f485 dcf5e1d9 68c1d6a5 3dbd9fa9 aeb4297f 8a46ed94 f1337a68 bf1bf444 e1cac470 f14e4ca5 0357d6d1 d0642aea ecd7f261 aa3e1822 8c990ad3 a3727a41 b7f4ae9e 199d20d7 42798dd1 a6136edd 0f2fadd2 0f1fdbf6 c9426caa 720e6d23 86dc8c81 fef3e99c fcde3119 0f4a5412 279f7250 ea9df859 5e969683 ea361ffe fcebaa4b dc8cdfac 2b60ca0e ac87a22c 1b2fcbf5 ed1b8c17 17e22c1f cb815216 c2842dfc 3f3402a9 b1bef0c1 98a1aeaa a9ff3ab1 6e3c44dc e2d2f490 f9e8 quit crypto ca certificate chain Godaddy_SSL_AnyConnect_2017 certificate 00d3b1042aa19befcc 3082053c 30820424 a0030201 02020900 d3b1042a a19befcc 300d0609 2a864886 f70d0101 0b050030 81b4310b 30090603 55040613 02555331 10300e06 03550408 13074172 697a6f6e 61311330 11060355 0407130a 53636f74 74736461 6c65311a 30180603 55040a13 11476f44 61646479 2e636f6d 2c20496e 632e312d 302b0603 55040b13 24687474 703a2f2f 63657274 732e676f 64616464 792e636f 6d2f7265 706f7369 746f7279 2f313330 31060355 0403132a 476f2044 61646479 20536563 75726520 43657274 69666963 61746520 41757468 6f726974 79202d20 4732301e 170d3137 30343235 30393334 30305a17 0d313930 34323530 39333430 305a303e 3121301f 06035504 0b131844 6f6d6169 6e20436f 6e74726f 6c205661 6c696461 74656431 19301706 03550403 13107670 6e2e6261 68616d64 616e2e63 6f6d3082 0122300d 06092a86 4886f70d 01010105 00038201 0f003082 010a0282 0101009c b3f9b671 88cf7cde 793a7422 162ad882 1f6c9d83 a62d5b0d e77d2eaa 945317c6 a1c84a9e 57500726 8c01fa37 9cf6be09 f90c7f03 c29af64b bc0f3b4f 5ae8de90 191a2922 c7e1f268 0a1a12b4 240c1146 9d3ffcd1 9244d7b3 b001df60 f1e9f58d 25761c5f 15f95eac adff94dd a6132356 962b52cf 8beef37b 43e1f543 b326dbba 5d0ede6d ef757a6f 6e90e808 665c5c64 4806ac34 b817e8a3 eafc3052 6ebe6dd7 bab4fcc8 d275a372 b671b4b9 f97a706a dbfd57b0 4d2e56f1 b41372c7 b70b0b4c b7ef9b48 ecaa8590 8f448593 6709781d 47e9a331 2418764b 91c18ce3 afc1cfd9 d223d9dc 47ddb914 d3727352 cbdbc585 22251a02 ff656537 02684e1c 1f550702 03010001 a38201c4 308201c0 300c0603 551d1301 01ff0402 3000301d 0603551d 25041630 1406082b 06010505 07030106 082b0601 05050703 02300e06 03551d0f 0101ff04 04030205 a0303706 03551d1f 0430302e 302ca02a a0288626 68747470 3a2f2f63 726c2e67 6f646164 64792e63 6f6d2f67 64696732 73312d34 38382e63 726c305d 0603551d 20045630 54304806 0b608648 0186fd6d 01071701 30393037 06082b06 01050507 0201162b 68747470 3a2f2f63 65727469 66696361 7465732e 676f6461 6464792e 636f6d2f 7265706f 7369746f 72792f30 08060667 810c0102 01307606 082b0601 05050701 01046a30 68302406 082b0601 05050730 01861868 7474703a 2f2f6f63 73702e67 6f646164 64792e63 6f6d2f30 4006082b 06010505 07300286 34687474 703a2f2f 63657274 69666963 61746573 2e676f64 61646479 2e636f6d 2f726570 6f736974 6f72792f 67646967 322e6372 74301f06 03551d23 04183016 801440c2 bd278ecc 348330a2 33d7fb6c b3f0b42c 80ce3031 0603551d 11042a30 28821076 706e2e62 6168616d 64616e2e 636f6d82 14777777 2e76706e 2e626168 616d6461 6e2e636f 6d301d06 03551d0e 04160414 772617f4 53701fdb 5bddb9fb ec941b23 2358d5d0 300d0609 2a864886 f70d0101 0b050003 82010100 0a74cde2 96d08d3d be94cfb4 9116edc8 f07e4b94 8a547a20 da0a295b f9ab0538 6cea28f2 d626fb42 1bdb1b43 202207d8 ab60c03c f48031c6 87f75f3e 73511e81 dbc5e5d1 09c5a0aa d3637cc9 53b68e21 c3b2c78d e62c138b d374d2ce cd722228 a07d518c e1fb785f 81986edd 98ee459f a3cc7bd4 fd6da257 a6c1220e 5dec81be 3532b4d8 15b8367c 13229900 95eddde7 f2d074f2 fdcc31c7 6505ed1b 59f21db9 5966a5ed 0c5ed972 4f2a560b 2cd115db aa58759b a81de95a c442c28a da4f523d f1579648 a880e39d 58a8bd9a d118fa93 6df914c1 4a4b7208 5617eb0e 53d4a1de 60abf748 083ea964 8ea1b3d9 823f8b64 f175d760 de79a21d 288ba899 c4416b57 quit crypto ca certificate chain Godaddy_Intermediate certificate ca 07 308204d0 308203b8 a0030201 02020107 300d0609 2a864886 f70d0101 0b050030 8183310b 30090603 55040613 02555331 10300e06 03550408 13074172 697a6f6e 61311330 11060355 0407130a 53636f74 74736461 6c65311a 30180603 55040a13 11476f44 61646479 2e636f6d 2c20496e 632e3131 302f0603 55040313 28476f20 44616464 7920526f 6f742043 65727469 66696361 74652041 7574686f 72697479 202d2047 32301e17 0d313130 35303330 37303030 305a170d 33313035 30333037 30303030 5a3081b4 310b3009 06035504 06130255 53311030 0e060355 04081307 4172697a 6f6e6131 13301106 03550407 130a5363 6f747473 64616c65 311a3018 06035504 0a131147 6f446164 64792e63 6f6d2c20 496e632e 312d302b 06035504 0b132468 7474703a 2f2f6365 7274732e 676f6461 6464792e 636f6d2f 7265706f 7369746f 72792f31 33303106 03550403 132a476f 20446164 64792053 65637572 65204365 72746966 69636174 65204175 74686f72 69747920 2d204732 30820122 300d0609 2a864886 f70d0101 01050003 82010f00 3082010a 02820101 00b9e0cb 10d4af76 bdd49362 eb3064b8 81086cc3 04d96217 8e2fff3e 65cf8fce 62e63c52 1cda1645 4b55ab78 6b638362 90ce0f69 6c99c81a 148b4ccc 4533ea88 dc9ea3af 2bfe8061 9d7957c4 cf2ef43f 303c5d47 fc9a16bc c3379641 518e114b 54f828be d08cbef0 30381ef3 b026f866 47636dde 7126478f 384753d1 461db4e3 dc00ea45 acbdbc71 d9aa6f00 dbdbcd30 3a794f5f 4c47f81d ef5bc2c4 9d603bb1 b24391d8 a4334eea b3d6274f ad258aa5 c6f4d5d0 a6ae7405 645788b5 4455d42d 2a3a3ef8 b8bde932 0a029464 c4163a50 f14aaee7 7933af0c 20077fe8 df0439c2 69026c63 52fa77c1 1bc87487 c8b99318 5054354b 694ebc3b d3492e1f dcc1d252 fb020301 0001a382 011a3082 0116300f 0603551d 130101ff 04053003 0101ff30 0e060355 1d0f0101 ff040403 02010630 1d060355 1d0e0416 041440c2 bd278ecc 348330a2 33d7fb6c b3f0b42c 80ce301f 0603551d 23041830 1680143a 9a850710 6728b6ef f6bd0541 6e20c194 da0fde30 3406082b 06010505 07010104 28302630 2406082b 06010505 07300186 18687474 703a2f2f 6f637370 2e676f64 61646479 2e636f6d 2f303506 03551d1f 042e302c 302aa028 a0268624 68747470 3a2f2f63 726c2e67 6f646164 64792e63 6f6d2f67 64726f6f 742d6732 2e63726c 30460603 551d2004 3f303d30 3b060455 1d200030 33303106 082b0601 05050702 01162568 74747073 3a2f2f63 65727473 2e676f64 61646479 2e636f6d 2f726570 6f736974 6f72792f 300d0609 2a864886 f70d0101 0b050003 82010100 087e6c93 10c838b8 96a9904b ffa15f4f 04ef6c3e 9c8806c9 508fa673 f757311b bebce42f dbf8bad3 5be0b4e7 e679620e 0ca2d76a 637331b5 f5a848a4 3b082da2 5d90d7b4 7c254f11 5630c4b6 449d7b2c 9de55ee6 ef0c61aa bfe42a1b ee849eb8 837dc143 ce44a713 700d911f f4c813ad 8360d9d8 72a87324 1eb5ac22 0eca1789 6258441b ab892501 000fcdc4 1b62db51 b4d30f51 2a9bf4bc 73fc76ce 36a4cdd9 d82ceaae 9bf52ab2 90d14d75 188a3f8a 4190237d 5b4bfea4 03589b46 b2c36060 83f87d50 41cec2a1 90c3bbef 022fd215 54ee4415 d90aaea7 8a33edb1 2d763626 dc04eb9f f7611f15 dc876fee 469628ad a1267d0a 09a72e04 a38dbcf8 bc043001 quit crypto ikev2 policy 1 encryption aes-256 integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 10 encryption aes-192 integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 20 encryption aes integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 30 encryption 3des integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 40 encryption des integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 enable outside client-services port 443 crypto ikev2 remote-access trustpoint Godaddy_SSL_AnyConnect_2017 crypto ikev1 enable outside crypto ikev1 policy 20 authentication rsa-sig encryption aes-256 hash sha group 2 lifetime 86400 crypto ikev1 policy 30 authentication pre-share encryption aes-256 hash sha group 2 lifetime 86400 crypto ikev1 policy 50 authentication rsa-sig encryption aes-192 hash sha group 2 lifetime 86400 crypto ikev1 policy 60 authentication pre-share encryption aes-192 hash sha group 2 lifetime 86400 crypto ikev1 policy 80 authentication rsa-sig encryption aes hash sha group 2 lifetime 86400 crypto ikev1 policy 90 authentication pre-share encryption aes hash sha group 2 lifetime 86400 crypto ikev1 policy 100 authentication pre-share encryption aes hash sha group 1 lifetime 86400 crypto ikev1 policy 110 authentication rsa-sig encryption 3des hash sha group 2 lifetime 86400 crypto ikev1 policy 120 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 crypto ikev1 policy 140 authentication rsa-sig encryption des hash sha group 2 lifetime 86400 crypto ikev1 policy 150 authentication pre-share encryption des hash sha group 2 lifetime 86400 telnet timeout 5 no ssh stricthostkeycheck ssh 10.10.14.0 255.255.255.0 inside ssh 10.9.14.0 255.255.255.0 inside ssh 10.12.14.0 255.255.255.0 inside ssh 10.14.14.0 255.255.255.0 inside ssh 10.10.16.0 255.255.255.0 inside ssh 10.10.10.0 255.255.255.0 management ssh timeout 60 ssh key-exchange group dh-group1-sha1 console timeout 0 threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept ntp server 131.107.1.10 source outside ntp server RY-S-DC3 source inside prefer ntp server 64.236.96.53 source outside ssl cipher default all ssl cipher tlsv1 custom "DES-CBC3-SHA" ssl cipher dtlsv1 custom "DES-CBC3-SHA" ssl trust-point Godaddy_SSL_AnyConnect_2017 outside webvpn enable outside anyconnect image disk0:/anyconnect-win-4.2.03013-k9.pkg 1 anyconnect image disk0:/anyconnect-linux-64-4.2.03013-k9.pkg 2 anyconnect image disk0:/anyconnect-macosx-i386-4.2.03013-k9.pkg 3 anyconnect profiles BAH-HQ-AC_client_profile disk0:/BAH-HQ-AC_client_profile.xml anyconnect profiles RY_HQ_VPN_client_profile disk0:/RY_HQ_VPN_client_profile.xml anyconnect enable tunnel-group-list enable cache disable error-recovery disable group-policy DfltGrpPolicy attributes vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-clientless group-policy GroupPolicy_RY_HQ_VPN internal group-policy GroupPolicy_RY_HQ_VPN attributes wins-server none dns-server value 10.10.14.2 10.10.14.9 vpn-tunnel-protocol ikev2 ssl-client split-tunnel-policy tunnelspecified ipv6-split-tunnel-policy excludespecified split-tunnel-network-list value RemoteVPN_splitTunnelAcl default-domain value bahamdan.net split-dns none webvpn anyconnect profiles value RY_HQ_VPN_client_profile type user group-policy GroupPolicy3 internal group-policy GroupPolicy3 attributes vpn-tunnel-protocol ikev1 group-policy GroupPolicy2 internal group-policy GroupPolicy2 attributes vpn-tunnel-protocol ikev1 group-policy GroupPolicy1 internal group-policy GroupPolicy1 attributes vpn-tunnel-protocol ikev1 group-policy RemoteVPN internal group-policy RemoteVPN attributes dns-server value 10.10.14.2 10.10.14.9 vpn-tunnel-protocol ikev1 l2tp-ipsec password-storage disable split-tunnel-policy tunnelspecified split-tunnel-network-list value RemoteVPN_splitTunnelAcl default-domain value bahamdan.net dynamic-access-policy-record DfltAccessPolicy username badmin password 6Jfwniznj4fkQFne encrypted privilege 15 tunnel-group RY_HQ_VPN type remote-access tunnel-group RY_HQ_VPN general-attributes address-pool vpn19users authentication-server-group BHQ-AD default-group-policy GroupPolicy_RY_HQ_VPN tunnel-group RY_HQ_VPN webvpn-attributes group-alias RY_HQ_VPN enable tunnel-group 37.216.216.238 type ipsec-l2l tunnel-group 37.216.216.238 general-attributes default-group-policy GroupPolicy3 tunnel-group 37.216.216.238 ipsec-attributes ikev1 pre-shared-key ***** tunnel-group 151.253.72.139 type ipsec-l2l tunnel-group 151.253.72.139 general-attributes default-group-policy GroupPolicy1 tunnel-group 151.253.72.139 ipsec-attributes ikev1 pre-shared-key ***** tunnel-group 217.41.57.235 type ipsec-l2l tunnel-group 217.41.57.235 ipsec-attributes ikev1 pre-shared-key ***** tunnel-group RemoteVPN type remote-access tunnel-group RemoteVPN general-attributes address-pool vpn19users authentication-server-group BHQ-AD default-group-policy RemoteVPN tunnel-group RemoteVPN ipsec-attributes ikev1 pre-shared-key ***** peer-id-validate nocheck tunnel-group 204.145.77.98 type ipsec-l2l tunnel-group 204.145.77.98 general-attributes default-group-policy GroupPolicy2 tunnel-group 204.145.77.98 ipsec-attributes ikev1 pre-shared-key ***** ! class-map global-class class-map cmap class-map Riverbed_TCP_Option_76_Cmap match access-list Riverbed_TCP_Option_76 class-map sfr match access-list sfr_redirect class-map tcp-traffic class-map inspection_default match default-inspection-traffic class-map Riverbed_TCP_Option_78_Cmap match access-list Riverbed_TCP_Option_78 class-map global-class1 description SolarWinds match any ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum client auto message-length maximum 512 no tcp-inspection policy-map pmap class cmap policy-map global_policy class sfr sfr fail-open class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect ip-options inspect netbios inspect rsh inspect rtsp inspect sip inspect skinny inspect sqlnet inspect sunrpc inspect tftp inspect xdmcp class Riverbed_TCP_Option_76_Cmap set connection advanced-options Riverbed_TCP_Option_76_Tmap class Riverbed_TCP_Option_78_Cmap set connection advanced-options Riverbed_TCP_Option_78_Tmap class global-class1 flow-export event-type all destination 10.10.14.26 policy-map global-policy class tcp-traffic class cmap policy-map type inspect dns migrated_dns_map_1 parameters message-length maximum 512 no tcp-inspection ! service-policy global_policy global prompt hostname context no call-home reporting anonymous Cryptochecksum:07ba28fe3de3c4b3ac3e0ddb19c88f6a
... View more