ASA# sh run : Saved : ASA Version 7.2(3) ! hostname ASA domain-name domain.COM enable password V7zyMlpOGYxd6c3I encrypted names dns-guard ! interface Vlan1 description Management nameif inside security-level 100 ip address 192.168.200.4 255.255.255.0 ! interface Vlan2 description WAN nameif outside security-level 0 ip address 63.x.y.26 255.255.255.0 ! interface Vlan255 description ASA to LAN (192.168.255.2) nameif inside255 security-level 100 ip address 192.168.255.1 255.255.255.252 ! interface Ethernet0/0 description WAN - connection to Verizon's network switchport access vlan 2 ! interface Ethernet0/1 description VLAN255 to LAN switchport access vlan 255 ! interface Ethernet0/2 ! interface Ethernet0/3 ! interface Ethernet0/4 ! interface Ethernet0/5 ! interface Ethernet0/6 ! interface Ethernet0/7 ! passwd Mffj8n6./Cz96uYu encrypted ftp mode passive clock timezone EST -5 clock summer-time EDT recurring dns domain-lookup inside dns server-group DefaultDNS domain-name domain.COM dns server-group NDMN01 name-server 192.168.200.x name-server 192.168.201.x domain-name ogsny.domain.com same-security-traffic permit inter-interface access-list inside_nat0_outside extended permit ip 192.168.200.0 255.255.255.0 172.16.20.0 255.255.255.0 access-list Split_T extended permit ip 192.168.200.0 255.255.255.0 172.16.20.0 255.255.255.0 pager lines 24 mtu inside 1500 mtu outside 1500 mtu inside255 1500 ip local pool test 192.168.200.5-192.168.200.7 mask 255.255.255.0 ip local pool VPN_Pool 172.16.20.0-172.16.20.254 mask 255.255.255.0 ip verify reverse-path interface outside no failover icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-523.bin asdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 1 0.0.0.0 0.0.0.0 route outside 0.0.0.0 0.0.0.0 63.x.y.1 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout uauth 0:05:00 absolute http server enable http 192.168.200.0 255.255.255.0 inside crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto dynamic-map outside_dyn_map 20 set pfs crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA crypto dynamic-map outside_dyn_map 20 set reverse-route crypto map outside_map 1 match address outside_1_cryptomap crypto map outside_map 1 set pfs crypto map outside_map 1 set peer 69.a.b.82 crypto map outside_map 1 set transform-set ESP-3DES-MD5 crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map crypto map outside_map interface outside crypto isakmp enable outside crypto isakmp policy 10 authentication pre-share encryption 3des hash md5 group 2 lifetime 86400 crypto isakmp policy 30 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 crypto isakmp nat-traversal 20 no vpn-addr-assign dhcp telnet 192.168.200.0 255.255.255.0 inside telnet timeout 5 ssh timeout 5 console timeout 15 management-access inside dhcpd auto_config outside ! ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect icmp ! service-policy global_policy global ntp server 192.43.244.18 source outside prefer ntp server 207.46.232.182 source outside group-policy test internal group-policy test attributes banner value this is a test VPN dns-server value 4.2.2.2 vpn-tunnel-protocol IPSec l2tp-ipsec split-tunnel-policy tunnelspecified split-tunnel-network-list value Split_T address-pools value test username test password P4ttSyrm33SV8TYp encrypted privilege 1 username test attributes vpn-group-policy test tunnel-group 69.a.b.82 type ipsec-l2l tunnel-group 69.a.b.82 ipsec-attributes pre-shared-key * tunnel-group test type ipsec-ra tunnel-group test general-attributes address-pool VPN_Pool authorization-server-group LOCAL authorization-server-group (inside) LOCAL authorization-server-group (outside) LOCAL default-group-policy test authorization-required tunnel-group test ipsec-attributes pre-shared-key * smtp-server 192.168.200.12 prompt hostname context Cryptochecksum:6789df29e21827bf0db34d4beb426dd6 : end ASA# exit