ASA Version 7.0(6) ! hostname NY-1WH-FW-01 domain-name default.domain.invalid enable password ###### encrypted names dns-guard ! interface Ethernet0/0 nameif Outside security-level 0 ip address 138.96.11.175 255.255.255.224 ! interface Ethernet0/1 nameif Inside security-level 100 ip address 192.168.208.4 255.255.255.0 ! interface Ethernet0/2 shutdown no nameif no security-level no ip address ! interface Ethernet0/3 shutdown no nameif no security-level no ip address ! interface Management0/0 nameif management security-level 100 ip address 192.168.111.254 255.255.255.0 management-only ! passwd 2KFQnbNIdI.2KYOU encrypted banner login I banner login nc. ftp mode passive clock timezone EST -5 clock summer-time EDT recurring access-list Inside_nat0_outbound extended permit ip any 192.168.208.0 255.255.255.0 192.168.210.0 255.255.255.0 access-list NY-1WH_splitTunnelAcl standard permit 192.168.208.0 255.255.255.0 access-list Inside_access_in extended permit ip any any access-list Inside_access_in extended permit icmp any any access-list mixit_splitTunnelAcl standard permit host 192.168.208.4 access-list 10 extended permit ip any 192.168.208.0 255.255.255.0 access-list MixVpn_splitTunnelAcl standard permit 192.168.208.0 255.255.255.0 pager lines 24 logging asdm informational mtu Outside 1500 mtu Inside 1500 mtu management 1500 ip local pool VPNPool 192.168.210.1-192.168.210.199 mask 255.255.255.0 no failover monitor-interface Outside monitor-interface Inside monitor-interface management asdm image disk0:/asdm506.bin no asdm history enable arp timeout 14400 nat-control global (Outside) 11 138.96.11.175-138.96.11.178 global (Outside) 10 interface nat (Inside) 0 access-list Inside_nat0_outbound nat (Inside) 10 0.0.0.0 0.0.0.0 nat (management) 10 0.0.0.0 0.0.0.0 access-group Inside_access_in in interface Inside route Outside 0.0.0.0 0.0.0.0 138.96.11.174 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute group-policy MixVpn internal group-policy MixVpn attributes split-tunnel-policy tunnelspecified split-tunnel-network-list value MixVpn_splitTunnelAcl webvpn group-policy NY-1WH internal group-policy NY-1WH attributes dns-server value 207.217.126.81 207.217.77.82 split-tunnel-policy tunnelspecified split-tunnel-network-list value NY-1WH_splitTunnelAcl webvpn username gperry password xdMnhjFiA8TplN5B encrypted privilege 15 username iraheel password 1EK4qfBw427oLo9T encrypted privilege 15 aaa authentication enable console LOCAL aaa authentication http console LOCAL aaa authentication serial console LOCAL aaa authentication ssh console LOCAL aaa authentication telnet console LOCAL http server enable http 67.84.92.220 255.255.255.255 Outside http 221.120.195.34 255.255.255.255 Outside http 192.168.208.0 255.255.255.0 Inside http 192.168.111.0 255.255.255.0 management no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac crypto dynamic-map Outside_dyn_map 20 set transform-set ESP-3DES-SHA crypto dynamic-map Outside_dyn_map 40 set transform-set ESP-3DES-SHA crypto dynamic-map Outside_dyn_map 60 set transform-set ESP-DES-MD5 crypto dynamic-map management_dyn_map 20 set transform-set ESP-3DES-SHA crypto dynamic-map Inside_dyn_map 20 set transform-set ESP-DES-MD5 crypto map Outside_map 65535 ipsec-isakmp dynamic Outside_dyn_map crypto map Outside_map interface Outside crypto map management_map 65535 ipsec-isakmp dynamic management_dyn_map crypto map management_map interface management crypto map Inside_map 65535 ipsec-isakmp dynamic Inside_dyn_map crypto map Inside_map interface Inside isakmp enable Outside isakmp enable Inside isakmp enable management isakmp policy 10 authentication pre-share isakmp policy 10 encryption 3des isakmp policy 10 hash sha isakmp policy 10 group 2 isakmp policy 10 lifetime 86400 isakmp policy 30 authentication pre-share isakmp policy 30 encryption des isakmp policy 30 hash md5 isakmp policy 30 group 2 isakmp policy 30 lifetime 86400 tunnel-group NY-1WH type ipsec-ra tunnel-group NY-1WH general-attributes address-pool VPNPool default-group-policy NY-1WH tunnel-group NY-1WH ipsec-attributes pre-shared-key * tunnel-group MixVpn type ipsec-ra tunnel-group MixVpn general-attributes address-pool VPNPool default-group-policy MixVpn tunnel-group MixVpn ipsec-attributes pre-shared-key * telnet 67.84.192.220 255.255.255.255 Outside telnet 211.130.195.34 255.255.255.255 Outside telnet 192.168.208.0 255.255.255.0 Inside telnet 192.168.111.0 255.255.255.0 management telnet timeout 5 ssh 67.84.192.220 255.255.255.255 Outside ssh 211.130.195.34 255.255.255.255 Outside ssh 192.168.208.0 255.255.255.0 Inside ssh 192.168.111.0 255.255.255.0 management ssh timeout 5 console timeout 0 dhcpd address 192.168.208.200-192.168.208.240 Inside dhcpd dns 207.217.126.81 207.217.77.82 dhcpd lease 3600 dhcpd ping_timeout 50 dhcpd auto_config Inside dhcpd enable Inside ntp server 209.51.161.238 source Outside ntp server 208.184.49.9 source Outside prefer Cryptochecksum:2eb7a7200e13c4c37f52984c0759c71b : end