ASA Version 7.2(3) names name 10.10.10.5 WebServer_Private name x.x.x.14 WebServer_Public name 192.168.1.1 DNS_Pri name 192.168.1.12 DNS_Sec ! interface Ethernet0/0 nameif OUTSIDE security-level 0 ip address x.x.x.10 255.255.255.248 ospf cost 10 ! interface Ethernet0/1 nameif INSIDE security-level 100 ip address 192.168.90.1 255.255.255.0 ospf cost 10 ! interface Ethernet0/2 nameif DMZ security-level 50 ip address 10.10.10.1 255.255.255.0 ! interface Ethernet0/3 shutdown no nameif no security-level no ip address ! interface Management0/0 shutdown nameif management security-level 100 ip address 192.168.100.1 255.255.255.0 ospf cost 10 management-only ! dns domain-lookup OUTSIDE dns server-group DefaultDNS name-server 195.229.241.222 name-server 213.42.20.20 domain-name QUALIFICATIONS.AE object-group protocol VPN protocol-object gre protocol-object esp protocol-object ah object-group service UDP-VPN udp port-object eq isakmp port-object eq kerberos object-group service VPN-TCP tcp port-object eq kerberos port-object eq pptp object-group service Web_Access tcp port-object eq www port-object eq https object-group network DNS network-object host DNS_Sec network-object host DNS_Pri access-list out-to-in extended permit tcp any host WebServer_Public access-list out-to-in extended permit tcp any host x.x.x.11 eq smtp access-list out-to-in extended permit tcp any host x.x.x.11 eq www access-list out-to-in extended permit tcp any host x.x.x.11 eq https access-list out-to-in extended permit tcp any host x.x.x.13 eq 3101 access-list out-to-in extended permit tcp any host x.x.x.13 eq 4101 access-list out-to-in extended permit tcp any host x.x.x.13 eq pop3 access-list out-to-in extended permit tcp any host x.x.x.11 eq pop3 access-list out-to-in extended permit tcp any interface OUTSIDE eq telnet access-list out-to-in extended permit tcp any interface OUTSIDE eq ssh access-list out-to-in extended permit ip any host 192.168.3.30 access-list out-to-in extended permit tcp host x.x.x.114 any access-list out-to-in extended permit udp host x.x.x.114 any access-list out-to-in extended permit ip host x.x.x.114 any access-list 101 extended deny ip host 192.168.2.6 any access-list 101 extended permit ip any any access-list INSIDE_nat0_outbound extended permit ip any 10.10.10.0 255.255.255. access-list INSIDE_nat0_outbound extended permit ip any 192.168.6.0 255.255.255.128 access-list INSIDE_nat0_outbound extended permit ip 192.168.90.0 255.255.255.0 192.168.6.0 255.255.255.128 access-list INSIDE_nat0_outbound extended permit ip any 192.168.212.0 255.255.255.0 access-list INSIDE_nat0_outbound extended permit ip any 10.1.20.0 255.255.255.0 access-list OUTSIDE_1_cryptomap extended permit ip any 10.1.20.0 255.255.255.0 access-list OUTSIDE_2_cryptomap extended permit ip any 10.1.20.0 255.255.255.0 access-list DMZ_nat0_outbound extended permit ip host WebServer_Private 192.168.0.0 255.255.0.0 ip local pool VPNPOOL 192.168.6.1-192.168.6.100 mask 255.255.255.0 ip local pool new-pool 192.168.212.1-192.168.212.254 mask 255.255.255.0 ip local pool test xy.xy.148.1-xy.xy.148.254 mask 255.255.255.0 global (OUTSIDE) 2 interface global (OUTSIDE) 1 x.x.x.12 netmask 255.255.255.255 global (OUTSIDE) 3 WebServer_Public netmask 255.0.0.0 nat (INSIDE) 0 access-list INSIDE_nat0_outbound nat (INSIDE) 1 0.0.0.0 0.0.0.0 nat (DMZ) 0 access-list DMZ_nat0_outbound static (INSIDE,OUTSIDE) tcp x.x.x.11 smtp 192.168.1.4 smtp netmask 255.255.255.255 static (INSIDE,OUTSIDE) tcp x.x.x.13 3101 192.168.1.3 4101 netmask 255.255.255.255 static (INSIDE,OUTSIDE) tcp x.x.x.11 https 192.168.1.4 https netmask 255.255.255.255 static (INSIDE,OUTSIDE) tcp x.x.x.11 www 192.168.1.4 www netmask 255.255.255.255 static (INSIDE,OUTSIDE) tcp x.x.x.11 pop3 192.168.1.4 pop3 netmask 255.255.255.255 static (INSIDE,OUTSIDE) tcp x.x.x.13 pop3 192.168.1.3 pop3 netmask 255.255.255.255 static (OUTSIDE,DMZ) WebServer_Private WebServer_Public netmask 255.255.255.255 access-group out-to-in in interface OUTSIDE route OUTSIDE 0.0.0.0 0.0.0.0 x.x.x.9 1 route INSIDE 192.168.0.0 255.255.0.0 192.168.90.254 1 http server enable http 0.0.0.0 0.0.0.0 INSIDE http 192.168.3.31 255.255.255.255 INSIDE http 192.168.3.0 255.255.255.255 INSIDE http 192.168.3.26 255.255.255.255 INSIDE http 192.168.1.0 255.255.255.0 management http 192.168.1.0 255.255.255.0 INSIDE http 192.168.3.200 255.255.255.255 INSIDE no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto dynamic-map OUTSIDE_dyn_map 30 set transform-set ESP-3DES-SHA crypto dynamic-map OUTSIDE_dyn_map 50 set pfs crypto dynamic-map OUTSIDE_dyn_map 50 set transform-set ESP-3DES-SHA crypto dynamic-map OUTSIDE_dyn_map 70 set pfs crypto dynamic-map OUTSIDE_dyn_map 70 set transform-set ESP-3DES-SHA crypto dynamic-map OUTSIDE_dyn_map 90 set pfs crypto dynamic-map OUTSIDE_dyn_map 90 set transform-set ESP-3DES-SHA crypto dynamic-map OUTSIDE_dyn_map 110 set pfs crypto dynamic-map OUTSIDE_dyn_map 110 set transform-set ESP-3DES-SHA crypto dynamic-map OUTSIDE_dyn_map 130 set pfs crypto dynamic-map OUTSIDE_dyn_map 130 set transform-set ESP-3DES-SHA crypto dynamic-map INSIDE_dyn_map 20 set pfs crypto dynamic-map INSIDE_dyn_map 20 set transform-set ESP-3DES-SHA crypto dynamic-map INSIDE_dyn_map 40 set pfs crypto dynamic-map INSIDE_dyn_map 40 set transform-set ESP-3DES-SHA crypto dynamic-map management_dyn_map 20 set pfs crypto dynamic-map management_dyn_map 20 set transform-set ESP-3DES-SHA crypto map OUTSIDE_map 1 match address OUTSIDE_1_cryptomap crypto map OUTSIDE_map 1 set pfs crypto map OUTSIDE_map 1 set peer y.y.y.114 crypto map OUTSIDE_map 1 set transform-set ESP-3DES-SHA crypto map OUTSIDE_map 2 match address OUTSIDE_2_cryptomap crypto map OUTSIDE_map 2 set pfs crypto map OUTSIDE_map 2 set peer y.y.y.114 crypto map OUTSIDE_map 2 set transform-set ESP-3DES-SHA crypto map OUTSIDE_map 65535 ipsec-isakmp dynamic OUTSIDE_dyn_map crypto map OUTSIDE_map interface OUTSIDE crypto map INSIDE_map 65535 ipsec-isakmp dynamic INSIDE_dyn_map crypto map INSIDE_map interface INSIDE crypto map management_map 65535 ipsec-isakmp dynamic management_dyn_map crypto map management_map interface management crypto isakmp identity address crypto isakmp enable OUTSIDE crypto isakmp enable INSIDE crypto isakmp enable management crypto isakmp policy 10 authentication pre-share encryption des hash sha group 2 lifetime 86400 crypto isakmp policy 65535 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 crypto isakmp nat-traversal 20 no vpn-addr-assign aaa no vpn-addr-assign dhcp group-policy EQFP internal group-policy EQFP attributes dns-server value 192.168.1.1 192.168.1.12 vpn-tunnel-protocol IPSec group-policy EQFPMN internal group-policy EQFPMN attributes dns-server value 192.168.1.1 vpn-tunnel-protocol IPSec default-domain value QUALIFICATIONS.AE username admin password /lQxrc8OEnCW9dhD encrypted privilege 15 username qfp-vpn password s0egNSkvTKF49S60 encrypted privilege 0 username qfp-vpn attributes vpn-group-policy EQFP tunnel-group EQFPMN type ipsec-ra tunnel-group EQFPMN general-attributes address-pool VPNPOOL default-group-policy EQFPMN tunnel-group EQFPMN ipsec-attributes pre-shared-key * tunnel-group EQFP type ipsec-ra tunnel-group EQFP general-attributes address-pool new-pool default-group-policy EQFP tunnel-group EQFP ipsec-attributes pre-shared-key * prompt hostname context Cryptochecksum:697ab115b2a7b40ef289f835ff3c96d3 : end EQFP-ASA#