: Saved : ASA Version 7.2(2) ! hostname homeasa domain-name default.domain.home enable password XXXXXXXXX encrypted names ! interface Vlan1 nameif inside security-level 100 ip address 192.168.1.1 255.255.255.0 ! interface Vlan2 nameif outside security-level 0 ip address dhcp setroute ! interface Vlan12 description DMZ for webserver no forward interface Vlan1 nameif DMZ security-level 4 ip address 192.168.2.1 255.255.255.0 ! interface Ethernet0/0 switchport access vlan 2 ! interface Ethernet0/1 ! interface Ethernet0/2 ! interface Ethernet0/3 switchport access vlan 12 ! interface Ethernet0/4 ! interface Ethernet0/5 ! interface Ethernet0/6 ! interface Ethernet0/7 ! passwd XXXXXXXXXXX encrypted ftp mode passive clock timezone EST 10 clock summer-time EDT recurring last Sun Oct 2:00 last Sun Mar 3:00 dns server-group DefaultDNS domain-name default.domain.home access-list outside_access_in extended permit tcp any host 172.16.1.1 eq www log access-list outside_authentication extended permit tcp any host 172.16.1.1 eq www access-group outside_access_in in interface outside access-list inside_nat0_outbound extended permit ip any 192.168.1.0 255.255.255.128 access-list inside_nat0_outbound extended permit ip any 192.168.1.192 255.255.255.224 pager lines 24 logging enable logging asdm informational mtu inside 1500 mtu outside 1500 mtu DMZ 1500 ip local pool vpnpool 192.168.1.50-192.168.1.99 mask 255.255.255.0 ip local pool vpnpool2 192.168.1.200-192.168.1.210 mask 255.255.255.0 ip verify reverse-path interface outside ip audit name AlarmDrop attack action alarm drop ip audit interface outside AlarmDrop icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-522.bin no asdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 0 access-list inside_nat0_outbound nat (inside) 1 0.0.0.0 0.0.0.0 static (DMZ,outside) tcp interface www 192.168.2.2 www netmask 255.255.255.255 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout uauth 0:05:00 absolute group-policy DefaultRAGroup internal group-policy DefaultRAGroup attributes dns-server value 172.16.1.254 vpn-tunnel-protocol l2tp-ipsec group-policy DefaultRAGroup_1 internal group-policy DefaultRAGroup_1 attributes dns-server value 172.16.1.254 group-policy vpngroup internal group-policy vpngroup attributes dns-server value 172.16.1.254 vpn-tunnel-protocol IPSec username userAr password XXXXXXXX encrypted privilege 0 username userAr attributes vpn-group-policy vpngroup username userA password XXXXXXXXX encrypted privilege 15 aaa authentication enable console LOCAL aaa authentication ssh console LOCAL aaa authentication http console LOCAL aaa authentication match outside_authentication outside LOCAL aaa local authentication attempts max-fail 3 http server enable http 192.168.1.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart auth-prompt prompt Warning. Unathorised access will be prosecuted auth-prompt accept Welcome auth-prompt reject You are not authorised to access me. Go away! crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto dynamic-map outside_dyn_map 20 set pfs crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA crypto dynamic-map outside_dyn_map 40 set pfs crypto dynamic-map outside_dyn_map 40 set transform-set TRANS_ESP_3DES_SHA crypto dynamic-map outside_dyn_map 60 set pfs crypto dynamic-map outside_dyn_map 60 set transform-set ESP-3DES-SHA crypto dynamic-map outside_dyn_map 80 set pfs crypto dynamic-map outside_dyn_map 80 set transform-set ESP-3DES-SHA crypto dynamic-map outside_dyn_map 100 set pfs crypto dynamic-map outside_dyn_map 100 set transform-set TRANS_ESP_3DES_SHA crypto dynamic-map outside_dyn_map 120 set pfs crypto dynamic-map outside_dyn_map 120 set transform-set ESP-3DES-SHA crypto dynamic-map outside_dyn_map 140 set pfs crypto dynamic-map outside_dyn_map 140 set transform-set ESP-3DES-SHA crypto dynamic-map outside_dyn_map 160 set pfs crypto dynamic-map outside_dyn_map 160 set transform-set ESP-3DES-SHA crypto dynamic-map outside_dyn_map 180 set pfs crypto dynamic-map outside_dyn_map 180 set transform-set ESP-3DES-SHA crypto dynamic-map inside_dyn_map 20 set pfs crypto dynamic-map inside_dyn_map 20 set transform-set ESP-3DES-SHA crypto dynamic-map inside_dyn_map 40 set pfs crypto dynamic-map inside_dyn_map 40 set transform-set ESP-3DES-SHA crypto dynamic-map inside_dyn_map 60 set pfs crypto dynamic-map inside_dyn_map 60 set transform-set ESP-3DES-SHA crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map crypto map outside_map interface outside crypto map inside_map 65535 ipsec-isakmp dynamic inside_dyn_map crypto map inside_map interface inside crypto isakmp enable inside crypto isakmp enable outside crypto isakmp policy 10 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 crypto isakmp nat-traversal 20 crypto isakmp ipsec-over-tcp port 10000 tunnel-group DefaultRAGroup general-attributes address-pool vpnpool address-pool vpnpool2 default-group-policy DefaultRAGroup_1 tunnel-group DefaultRAGroup ipsec-attributes pre-shared-key * peer-id-validate nocheck tunnel-group DefaultRAGroup ppp-attributes no authentication ms-chap-v1 authentication ms-chap-v2 tunnel-group vpngroup type ipsec-ra tunnel-group vpngroup general-attributes address-pool vpnpool2 default-group-policy vpngroup tunnel-group vpngroup ipsec-attributes pre-shared-key * t telnet 192.168.1.0 255.255.255.0 inside telnet timeout 5 ssh 192.168.1.0 255.255.255.0 inside ssh timeout 5 console timeout 0 dhcpd auto_config outside ! dhcpd address 192.168.1.2-192.168.1.33 inside dhcpd enable inside ! ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp ! service-policy global_policy global prompt hostname context Cryptochecksum:e9a8eeb5b0ca4d933a774e8e8a0e981f : end asdm image disk0:/asdm-522.bin no asdm history enable Never miss a thing. Make Yahoo your homepage.