Result of the command: "sh run"
: Saved
:
ASA Version 8.2(1)
!
hostname secure-access
domain-name ************.co.uk
enable password *********** encrypted
passwd ************ encrypted
names
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.168.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
pppoe client vpdn group BT
ip address 217.36.*.* 255.255.255.255 pppoe
!
interface Vlan12
nameif DMZ
security-level 50
ip address 192.168.169.1 255.255.255.0
!
interface Vlan22
nameif Wireless_HHP
security-level 100
ip address 172.16.36.1 255.255.254.0
!
interface Vlan32
nameif CNES
security-level 100
ip address 187.187.168.1 255.255.0.0
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
switchport access vlan 12
!
interface Ethernet0/3
switchport access vlan 22
!
interface Ethernet0/4
switchport access vlan 32
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
ftp mode passive
dns domain-lookup inside
dns domain-lookup outside
dns domain-lookup DMZ
dns domain-lookup Wireless_HHP
dns domain-lookup CNES
dns server-group DefaultDNS
domain-name hebrideanhousing.co.uk
same-security-traffic permit inter-interface
object-group network NET-cnes_HHP-Sty
network-object 172.20.224.0 255.255.240.0
object-group network NET-cnes_HHP-Balivanich
network-object 172.20.192.0 255.255.240.0
object-group network Oak-DC1
network-object 192.168.168.2 255.255.255.255
object-group network Maple-DC2
network-object 192.168.168.3 255.255.255.255
object-group network HHP_Domain_Controllers
group-object Oak-DC1
group-object Maple-DC2
object-group network PC-Support
network-object 187.187.60.1 255.255.255.255
network-object 187.187.60.2 255.255.255.254
network-object 187.187.60.4 255.255.255.254
network-object 187.187.60.6 255.255.255.255
object-group network ELM-ActiveH
network-object 192.168.168.6 255.255.255.255
object-group network Pine-GP
network-object 192.168.168.12 255.255.255.255
object-group network HHP_Application_Servers
group-object ELM-ActiveH
group-object Pine-GP
object-group network Fern-TS1
network-object 192.168.168.4 255.255.255.255
object-group network Fir-TS2
network-object 192.168.168.5 255.255.255.255
object-group network HHP_Terminal_Servers
group-object Fern-TS1
group-object Fir-TS2
object-group service Global_Catalog_LDAP
description (Generated by Cisco SM from Object "Global Catalog LDAP")
service-object tcp eq 3268
object-group service Global_Catalog_LDAP_SSL
description (Generated by Cisco SM from Object "Global Catalog LDAP SSL")
service-object tcp eq 3269
object-group service UDP-389
description UDP port for LDAP
service-object udp eq 389
object-group service TCP-88
description TCP Port 88
service-object tcp eq 88
object-group service TCP-445
description SMB
service-object tcp eq 445
object-group network John_-_Laptop
description John's Laptop
network-object 187.187.10.65 255.255.255.255
object-group network Graham_-_PC
description Graham Morrison's PC
network-object 187.187.10.90 255.255.255.255
object-group network john_test
network-object 187.187.40.7 255.255.255.255
object-group network Iain_PC
description Iain Macaulay IT
network-object 187.187.10.19 255.255.255.255
object-group network John_-_PC
description John MacPhail's PC
network-object 187.187.10.7 255.255.255.255
object-group network it-alahen-lap
network-object 187.187.10.230 255.255.255.255
object-group network Catriona_-_Laptop
description Catriona's Laptop
network-object 187.187.10.60 255.255.255.255
object-group network Graham_-_Laptop
network-object 187.186.10.120 255.255.255.255
object-group network it-innive-xp
description Innes MacIver's PC
network-object 187.187.10.14 255.255.255.255
object-group network it-alahen-xp
description Desktop
network-object 187.187.10.229 255.255.255.255
object-group network Cat_-_PC
description Catriona Macmillan's PC
network-object 187.187.10.4 255.255.255.255
object-group network it-davdon-xp
description Desktop
network-object 187.187.10.7 255.255.255.255
object-group network cat-laptop
description Catriona's Laptop addresses
network-object 187.187.77.81 255.255.255.255
network-object 187.187.77.82 255.255.255.255
object-group network Catriona_old_pc
network-object 187.187.10.44 255.255.255.255
object-group network cat-tablet
description Catriona's Tablet ip address's
network-object 187.187.77.78 255.255.255.254
object-group network PC_Support
group-object John_-_Laptop
group-object Graham_-_PC
group-object john_test
group-object Iain_PC
group-object John_-_PC
group-object it-alahen-lap
group-object Catriona_-_Laptop
group-object Graham_-_Laptop
group-object it-innive-xp
group-object it-alahen-xp
group-object Cat_-_PC
group-object it-davdon-xp
group-object cat-laptop
group-object Catriona_old_pc
group-object cat-tablet
access-list outside_access_in extended permit ip any any
access-list outside_access_in_1 extended permit ip any any
access-list CSM_FW_ACL_Wireless_HHP extended permit tcp object-group NET-cnes_HHP-Sty object-group HHP_Domain_Controllers eq ldap
access-list CSM_FW_ACL_Wireless_HHP extended permit udp object-group NET-cnes_HHP-Sty object-group HHP_Domain_Controllers eq domain
access-list CSM_FW_ACL_Wireless_HHP extended permit udp object-group NET-cnes_HHP-Sty object-group HHP_Domain_Controllers eq 88
access-list CSM_FW_ACL_Wireless_HHP extended permit tcp object-group NET-cnes_HHP-Sty object-group HHP_Domain_Controllers eq ldaps
access-list CSM_FW_ACL_Wireless_HHP extended permit udp object-group NET-cnes_HHP-Sty object-group HHP_Domain_Controllers eq netbios-dgm
access-list CSM_FW_ACL_Wireless_HHP extended permit udp object-group NET-cnes_HHP-Sty object-group HHP_Domain_Controllers eq netbios-ns
access-list CSM_FW_ACL_Wireless_HHP extended permit tcp object-group NET-cnes_HHP-Sty object-group HHP_Domain_Controllers eq netbios-ssn
access-list CSM_FW_ACL_Wireless_HHP extended permit udp object-group NET-cnes_HHP-Sty object-group HHP_Domain_Controllers eq ntp
access-list CSM_FW_ACL_Wireless_HHP extended permit tcp object-group NET-cnes_HHP-Sty object-group HHP_Domain_Controllers eq 135
access-list CSM_FW_ACL_Wireless_HHP extended permit object-group Global_Catalog_LDAP object-group NET-cnes_HHP-Sty object-group HHP_Domain_Controllers
access-list CSM_FW_ACL_Wireless_HHP extended permit object-group Global_Catalog_LDAP_SSL object-group NET-cnes_HHP-Sty object-group HHP_Domain_Controllers
access-list CSM_FW_ACL_Wireless_HHP extended permit object-group UDP-389 object-group NET-cnes_HHP-Sty object-group HHP_Domain_Controllers
access-list CSM_FW_ACL_Wireless_HHP extended permit object-group TCP-88 object-group NET-cnes_HHP-Sty object-group HHP_Domain_Controllers
access-list CSM_FW_ACL_Wireless_HHP extended permit object-group TCP-445 object-group NET-cnes_HHP-Sty object-group HHP_Domain_Controllers
access-list CSM_FW_ACL_Wireless_HHP extended permit tcp object-group NET-cnes_HHP-Balivanich object-group HHP_Domain_Controllers eq ldap
access-list CSM_FW_ACL_Wireless_HHP extended permit udp object-group NET-cnes_HHP-Balivanich object-group HHP_Domain_Controllers eq domain
access-list CSM_FW_ACL_Wireless_HHP extended permit udp object-group NET-cnes_HHP-Balivanich object-group HHP_Domain_Controllers eq 88
access-list CSM_FW_ACL_Wireless_HHP extended permit tcp object-group NET-cnes_HHP-Balivanich object-group HHP_Domain_Controllers eq ldaps
access-list CSM_FW_ACL_Wireless_HHP extended permit udp object-group NET-cnes_HHP-Balivanich object-group HHP_Domain_Controllers eq netbios-dgm
access-list CSM_FW_ACL_Wireless_HHP extended permit udp object-group NET-cnes_HHP-Balivanich object-group HHP_Domain_Controllers eq netbios-ns
access-list CSM_FW_ACL_Wireless_HHP extended permit tcp object-group NET-cnes_HHP-Balivanich object-group HHP_Domain_Controllers eq netbios-ssn
access-list CSM_FW_ACL_Wireless_HHP extended permit udp object-group NET-cnes_HHP-Balivanich object-group HHP_Domain_Controllers eq ntp
access-list CSM_FW_ACL_Wireless_HHP extended permit tcp object-group NET-cnes_HHP-Balivanich object-group HHP_Domain_Controllers eq 135
access-list CSM_FW_ACL_Wireless_HHP extended permit object-group Global_Catalog_LDAP object-group NET-cnes_HHP-Balivanich object-group HHP_Domain_Controllers
access-list CSM_FW_ACL_Wireless_HHP extended permit object-group Global_Catalog_LDAP_SSL object-group NET-cnes_HHP-Balivanich object-group HHP_Domain_Controllers
access-list CSM_FW_ACL_Wireless_HHP extended permit object-group UDP-389 object-group NET-cnes_HHP-Balivanich object-group HHP_Domain_Controllers
access-list CSM_FW_ACL_Wireless_HHP extended permit object-group TCP-88 object-group NET-cnes_HHP-Balivanich object-group HHP_Domain_Controllers
access-list CSM_FW_ACL_Wireless_HHP extended permit object-group TCP-445 object-group NET-cnes_HHP-Balivanich object-group HHP_Domain_Controllers
access-list CSM_FW_ACL_inside extended permit ip object-group HHP_Domain_Controllers object-group NET-cnes_HHP-Balivanich
access-list CSM_FW_ACL_inside extended permit ip object-group HHP_Domain_Controllers object-group NET-cnes_HHP-Sty
access-list CSM_FW_ACL_inside extended permit ip 192.168.168.0 255.255.255.0 any
access-list CSM_FW_ACL_inside extended permit ip object-group HHP_Application_Servers object-group PC_Support
access-list CSM_FW_ACL_inside extended permit ip object-group HHP_Domain_Controllers object-group PC_Support
access-list CSM_FW_ACL_inside extended permit ip object-group HHP_Terminal_Servers object-group PC_Support
access-list CSM_FW_ACL_CNES extended permit ip object-group PC_Support object-group NET-cnes_HHP-Balivanich
access-list CSM_FW_ACL_CNES extended permit ip object-group PC_Support object-group NET-cnes_HHP-Sty
access-list CSM_FW_ACL_CNES extended permit ip object-group PC_Support object-group HHP_Application_Servers
access-list CSM_FW_ACL_CNES extended permit ip object-group PC_Support object-group HHP_Domain_Controllers
access-list CSM_FW_ACL_CNES extended permit ip object-group PC_Support object-group HHP_Terminal_Servers
access-list CSM_nat0_CNES extended permit ip any object-group HHP_Application_Servers
access-list CSM_nat0_CNES extended permit ip any object-group HHP_Domain_Controllers
access-list CSM_nat0_CNES extended permit ip any object-group HHP_Terminal_Servers
access-list CSM_nat0_inside extended permit ip any object-group PC-Support
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1492
mtu DMZ 1500
mtu Wireless_HHP 1500
mtu CNES 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
nat-control
global (outside) 1 interface
nat (inside) 0 access-list CSM_nat0_inside
nat (inside) 1 0.0.0.0 0.0.0.0
nat (CNES) 0 access-list CSM_nat0_CNES
static (CNES,inside) 187.187.10.90 187.187.10.90 netmask 255.255.255.255
access-group CSM_FW_ACL_inside in interface inside
access-group outside_access_in_1 in interface outside control-plane
access-group outside_access_in in interface outside
access-group CSM_FW_ACL_Wireless_HHP in interface Wireless_HHP
access-group CSM_FW_ACL_CNES in interface CNES
route outside 0.0.0.0 0.0.0.0 81.148.0.157 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server HHP protocol ldap
aaa-server HHP (inside) host 187.187.1.213
timeout 5
server-type auto-detect
aaa authentication ssh console LOCAL
aaa authentication http console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 inside
http 192.168.168.0 255.255.255.0 inside
http 0.0.0.0 0.0.0.0 outside
http 194.83.245.242 255.255.255.255 outside
http 187.187.1.72 255.255.255.255 CNES
http 187.187.10.90 255.255.255.255 CNES
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto ca trustpoint ASDM_TrustPoint0
enrollment terminal
subject-name CN=secure-access.hebrideanhousing.co.uk,O=Hebridean Housing Partnership Limited,C=GB,St=Scotland,L=Isle of Lewis
keypair SSL_Certificate
crl configure
crypto ca trustpoint ASDM_TrustPoint1
enrollment terminal
crl configure
crypto ca certificate chain ASDM_TrustPoint0
certificate 0100000000012790a5c005
******************************************************
******************************************************
******************************************************
******************************************************
******************************************************
******************************************************
******************************************************
******************************************************
******************************************************
******************************************************
quit
crypto ca certificate chain ASDM_TrustPoint1
******************************************************
******************************************************
******************************************************
******************************************************
******************************************************
******************************************************
******************************************************
******************************************************
******************************************************
******************************************************
quit
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 outside
ssh 194.83.245.242 255.255.255.255 outside
ssh timeout 5
console timeout 0
vpdn group BT request dialout pppoe
vpdn group BT localname c460484@hg28.btclick.comvpdn group BT ppp authentication chap
vpdn username c460484@hg28.btclick.com password ********* dhcpd auto_config outside
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl trust-point ASDM_TrustPoint0 outside
ssl trust-point ASDM_TrustPoint0 outside vpnlb-ip
webvpn
enable inside
enable outside
group-policy HHP internal
group-policy HHP attributes
vpn-tunnel-protocol l2tp-ipsec webvpn
webvpn
url-list value Severs
customization value DfltCustomization
username gramor password ne829U0rGFVEedhY encrypted privilege 15
username gramor attributes
webvpn
url-list value Severs
tunnel-group WebVPN type remote-access
tunnel-group WebVPN general-attributes
default-group-policy HHP
!
!
prompt hostname context
Cryptochecksum:eb69b6d6dbcf50f8bc87e8b971bc3299
: end