asa(config)# show run
: Saved
:
ASA Version 7.2(1) 
!
hostname asa
domain-name ascom.it
enable password 2KFQnbNIdI.2KYOU encrypted
names
!
interface GigabitEthernet0/0
 nameif inside
 security-level 100
 ip address 10.42.84.254 255.255.0.0 
!
interface GigabitEthernet0/1
 nameif outside
 security-level 0
 ip address 192.168.3.125 255.255.255.0 
!
interface GigabitEthernet0/2
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet0/3
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Management0/0
 shutdown
 no nameif
 no security-level
 no ip address
!
passwd 2KFQnbNIdI.2KYOU encrypted
boot system disk0:/asa721-k8.bin
ftp mode passive
clock timezone CEST 1
clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
dns server-group DefaultDNS
 domain-name ascom.it
access-list acl_nat0 extended permit ip 10.42.0.0 255.255.0.0 192.168.4.0 255.255.255.0 
pager lines 24
logging enable
logging buffered debugging
logging trap debugging
logging host inside 10.42.10.210
mtu inside 1500
mtu outside 1500
ip local pool webvpn_pool 192.168.4.1-192.168.4.10
no failover
asdm image disk0:/asdm521.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list acl_nat0
nat (inside) 1 10.42.0.0 255.255.0.0
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
group-policy WebVpn_Group_Policy internal
group-policy WebVpn_Group_Policy attributes
 wins-server none
 dns-server none
 dhcp-network-scope none
 vpn-access-hours none
 vpn-simultaneous-logins 3
 vpn-idle-timeout 30
 vpn-session-timeout none
 vpn-filter none
 vpn-tunnel-protocol IPSec l2tp-ipsec webvpn
 address-pools value webvpn_pool
 webvpn
  functions url-entry file-access file-entry file-browsing mapi port-forward filter http-proxy auto-download citrix
  html-content-filter none
  keep-alive-ignore 4
  http-comp gzip
  filter none
  url-list none
  customization none
  port-forward none
  port-forward-name value Application Access
  sso-server none
  deny-message value Login was successful, but because certain criteria have not been met or due to some specific group policy, you do not have permission to use any of the VPN features. Contact your IT administrator for more information.
  svc enable
  svc keep-installer installed
  svc keepalive none
  svc rekey time none
  svc rekey method none
  svc dpd-interval client none
  svc dpd-interval gateway none
  svc compression deflate
username gferrari password hfaCHcBs3TtY85xU encrypted privilege 15
username gferrari attributes
 vpn-group-policy WebVpn_Group_Policy
 vpn-access-hours none
 vpn-simultaneous-logins 3
 vpn-idle-timeout 30
 vpn-session-timeout none
 vpn-filter none
 vpn-tunnel-protocol IPSec l2tp-ipsec webvpn
 password-storage disable
 group-lock none
http server enable
http 10.42.0.0 255.255.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server community BIX2006
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ca trustpoint cert_virtuale
 enrollment self
 fqdn none
 subject-name CN=192.168.3.254
 keypair longpair
 crl configure
crypto ca trustpoint cert-fisico
 enrollment self
 subject-name CN=192.168.3.125
 keypair longpair
 crl configure
crypto ca certificate chain cert_virtuale
 certificate 31
    308201a4 3082010d a0030201 02020131 300d0609 2a864886 f70d0101 04050030 
    18311630 14060355 0403130d 3139322e 3136382e 332e3235 34301e17 0d303630 
    37323531 30313432 375a170d 31363037 32323130 31343237 5a301831 16301406 
    03550403 130d3139 322e3136 382e332e 32353430 819f300d 06092a86 4886f70d 
    01010105 0003818d 00308189 02818100 b20665a4 235dbf6e 4ef5a5f4 395f2343 
    fd7fb7f1 8a136edb ad4ea7ea 9c69ac7d 20bcfb9a 10ced535 9b68c7b1 5b833546 
    38e9262f 25dd7ea4 42e259bd 50aa3ca1 36436040 2296f593 054692b6 7655ed38 
    215375d8 7ba7aab2 424d14ee 92640da5 2672c18b 4b4f010c a2fc9bba 5a25e5fa 
    119e3c9b f66d4c0c b6da9bce a1b5451f 02030100 01300d06 092a8648 86f70d01 
    01040500 03818100 82b3a260 995fb5c8 b4a11433 344586ce e3b6c7f2 ccf68c19 
    4f5a8d85 8ca3a638 1d71a721 2d4f1f31 66d78426 52226f2e fb282a6f 23d04022 
    7e876671 66f7319c 0de8de01 7790963b 202e0f24 0b55ddbf fd6d417c 05877d13 
    74d4ee41 ce0223c2 27d42805 ceb4e6b4 3fd2d910 add8c67d b3fc97f1 e42fecfb 
    cc2c08a8 ab54a46e
  quit
crypto ca certificate chain cert-fisico
 certificate 31
    308201de 30820147 a0030201 02020131 300d0609 2a864886 f70d0101 04050030 
    35311630 14060355 0403130d 3139322e 3136382e 332e3132 35311b30 1906092a 
    864886f7 0d010902 160c6173 612e6173 636f6d2e 6974301e 170d3036 30373235 
    31303134 35395a17 0d313630 37323231 30313435 395a3035 31163014 06035504 
    03130d31 39322e31 36382e33 2e313235 311b3019 06092a86 4886f70d 01090216 
    0c617361 2e617363 6f6d2e69 7430819f 300d0609 2a864886 f70d0101 01050003 
    818d0030 81890281 8100b206 65a4235d bf6e4ef5 a5f4395f 2343fd7f b7f18a13 
    6edbad4e a7ea9c69 ac7d20bc fb9a10ce d5359b68 c7b15b83 354638e9 262f25dd 
    7ea442e2 59bd50aa 3ca13643 60402296 f5930546 92b67655 ed382153 75d87ba7 
    aab2424d 14ee9264 0da52672 c18b4b4f 010ca2fc 9bba5a25 e5fa119e 3c9bf66d 
    4c0cb6da 9bcea1b5 451f0203 01000130 0d06092a 864886f7 0d010104 05000381 
    810022ff 48e9911e dd5e3c13 717dbc1a b895a561 efc42af7 c4469044 da204d12 
    bb756ae6 116b8087 5be1ace0 1568be65 97353ee5 55b52359 ab67859c 51235a13 
    be940400 71084deb c89df73d 677d4a16 307bcd2f 5fb6924a 0dbde003 db35ffb0 
    addb9580 024b7d24 7e8cf323 d28a4b17 80bccc13 fb78b2e8 359bb66c 38cf6ea8 ef69
  quit
crypto isakmp enable inside
crypto isakmp enable outside
tunnel-group WebVpn_TunnelGroup type webvpn
tunnel-group WebVpn_TunnelGroup general-attributes
 address-pool (inside) webvpn_pool
 default-group-policy WebVpn_Group_Policy
tunnel-group-map default-group WebVpn_TunnelGroup
telnet 10.42.0.0 255.255.0.0 inside
telnet timeout 5
ssh 192.168.3.0 255.255.255.0 outside
ssh timeout 5
console timeout 0
vpn load-balancing 
 cluster ip address 192.168.3.254
 participate
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map 
  inspect ftp 
  inspect h323 h225 
  inspect h323 ras 
  inspect netbios 
  inspect rsh 
  inspect rtsp 
  inspect skinny 
  inspect esmtp 
  inspect sqlnet 
  inspect sunrpc 
  inspect tftp 
  inspect sip 
  inspect xdmcp 
!
service-policy global_policy global
ssl encryption 3des-sha1 aes128-sha1 aes256-sha1 des-sha1 rc4-md5
ssl trust-point cert-fisico
ssl trust-point cert_virtuale outside vpnlb-ip
webvpn
 enable outside
 svc image disk0:/sslclient-win-1.1.0.154.pkg 1
 svc enable
 java-trustpoint localcert
prompt hostname context 
zonelabs-integrity ssl-client-authentication enable
Cryptochecksum:132f1b3ea52c055fb280ab391ab80b7a
: end