ipsec-udp disable ipsec-udp-port 10000 split-tunnel-policy tunnelall split-tunnel-network-list none default-domain none split-dns none secure-unit-authentication enable user-authentication enable user-authentication-idle-timeout 30 ip-phone-bypass disable leap-bypass disable nem disable backup-servers keep-client-config client-firewall none client-access-rule none webvpn functions url-entry file-access file-entry file-browsing port-forward-name value Application Access group-policy GCC_VPN internal group-policy GCC_VPN attributes banner value Welcome to the Glenorchy Council Network wins-server value 10.10.0.90 10.10.0.91 dns-server value 10.10.0.88 10.10.0.89 vpn-tunnel-protocol IPSec webvpn group-lock value GCC_VPN webvpn username cisco password iIIyGlCGSKcTdMsg encrypted privilege 15 username comstra password WQoizql7mYcPrpu5 encrypted privilege 15 aaa authentication enable console LOCAL aaa authentication http console LOCAL aaa authentication ssh console LOCAL aaa authentication telnet console LOCAL aaa authentication match Gatling_VPN_authentication_Gosling-06 Gatling_VPN Gosling-06 aaa authorization command LOCAL aaa accounting enable console Gosling-06 http server enable http 10.10.0.0 255.255.255.255 Gatling_GCC_LAN http 10.10.0.0 255.255.254.0 Gatling_GCC_LAN http 147.109.239.181 255.255.255.255 Gatling_GCC_WAN http 192.168.1.0 255.255.255.0 Galtling_Management_Port snmp-server location Computer Room snmp-server contact infotech@gcc.tas.gov.au snmp-server community GCC snmp-server enable traps snmp authentication linkup linkdown coldstart sysopt connection tcpmss 0 sysopt noproxyarp Gatling_GCC_LAN sysopt noproxyarp Galtling_Management_Port auth-prompt prompt user prompt auth-prompt accept In like Flyn!! auth-prompt reject user rejected crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto dynamic-map Gatling_VPN_dyn_map 20 set transform-set ESP-3DES-SHA crypto dynamic-map Gatling_VPN_dyn_map 40 set transform-set ESP-3DES-SHA crypto map Gatling_VPN_map 65535 ipsec-isakmp dynamic Gatling_VPN_dyn_map crypto map Gatling_VPN_map interface Gatling_VPN isakmp identity auto isakmp enable Gatling_VPN isakmp policy 10 authentication pre-share isakmp policy 10 encryption 3des isakmp policy 10 hash sha isakmp policy 10 group 2 isakmp policy 10 lifetime 86400 isakmp nat-traversal 20 isakmp ipsec-over-tcp port 10000 tunnel-group GCC_VPN type ipsec-ra tunnel-group GCC_VPN general-attributes address-pool VPN_Pool authentication-server-group Gosling-06 authentication-server-group (Gatling_VPN) Gosling-06 accounting-server-group Gosling-06 default-group-policy GCC_VPN tunnel-group GCC_VPN ipsec-attributes pre-shared-key * radius-with-expiry no vpn-addr-assign aaa vpn-sessiondb max-session-limit 25 telnet 10.10.0.0 255.255.254.0 Gatling_GCC_LAN telnet timeout 5 ssh 10.10.0.0 255.255.255.255 Gatling_GCC_LAN ssh 147.109.239.179 255.255.255.255 Gatling_GCC_WAN ssh timeout 5 console timeout 0 dhcpd address 192.168.100.2-192.168.100.10 Galtling_Management_Port dhcpd dns 10.10.0.88 10.10.0.89 dhcpd wins 10.10.0.90 10.10.0.91 dhcpd lease 3600 dhcpd ping_timeout 50 dhcpd domain glenorchy.tas.gov.au dhcpd enable Galtling_Management_Port ntp server 10.10.0.12 source Gatling_GCC_LAN prefer tftp-server Gatling_GCC_LAN 10.10.1.122 d:\install\asa_config2 webvpn nbns-server 10.10.0.90 master timeout 2 retry 2 nbns-server 10.10.0.91 timeout 2 retry 2 nbns-server 10.10.5.5 timeout 2 retry 2 imap4s enable Gatling_GCC_WAN server 10.10.0.115 default-group-policy DfltGrpPolicy pop3s enable Gatling_GCC_WAN server 10.10.0.115 default-group-policy DfltGrpPolicy smtps enable Gatling_GCC_WAN server 10.10.0.115 default-group-policy DfltGrpPolicy smtp-server 10.10.0.15 10.10.0.115 client-update enable Cryptochecksum:d2ce2e92f83449b9cc92ac7dd2f6ade5 : end Gatling-06# sh access-list access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 4096) alert-interval 300 access-list Gatling_GCC_LAN_access_in; 5 elements access-list Gatling_GCC_LAN_access_in line 1 remark Web Access access-list Gatling_GCC_LAN_access_in line 2 extended permit tcp 10.10.0.0 255.255.0.0 eq www interface Gatling_GCC_WAN (hitcnt=0) access-list Gatling_GCC_LAN_access_in line 3 remark HTTPS Traffic out access-list Gatling_GCC_LAN_access_in line 4 extended permit tcp 10.10.0.0 255.255.0.0 eq https interface Gatling_GCC_WAN (hitcnt=0) access-list Gatling_GCC_LAN_access_in line 5 extended permit tcp interface Gatling_GCC_LAN eq ssh interface Gatling_GCC_WAN eq ssh (hitcnt=0) access-list Gatling_GCC_LAN_access_in line 6 extended permit icmp interface Gatling_GCC_LAN any (hitcnt=0) access-list Gatling_GCC_LAN_access_in line 7 extended permit icmp interface Gatling_GCC_LAN interface Gatling_VPN (hitcnt=0) access-list Gatling_GCC_WAN_access_out; 1 elements access-list Gatling_GCC_WAN_access_out line 1 remark POP3 Traffic access-list Gatling_GCC_WAN_access_out line 2 extended permit tcp 10.10.0.0 255.255.0.0 eq pop3 interface Gatling_GCC_WAN eq pop3 (hitcnt=0) access-list Gatling_GCC_WAN_access_in; 1 elements access-list Gatling_GCC_WAN_access_in line 1 remark COMSTRA FULL ACCESS access-list Gatling_GCC_WAN_access_in line 2 extended permit tcp 203.127.116.0 255.255.255.0 interface Gatling_GCC_LAN (hitcnt=0) access-list Gatling_GCC_LAN_nat0_outbound; 2 elements access-list Gatling_GCC_LAN_nat0_outbound line 1 extended permit ip interface Gatling_GCC_LAN 172.16.0.0 255.255.255.192 (hitcnt=0) access-list Gatling_GCC_LAN_nat0_outbound line 2 extended permit ip 10.10.0.0 255.255.254.0 10.10.0.0 255.255.0.0 (hitcnt=0) access-list Gatling_VPN_authentication_Gosling-06; 1 elements access-list Gatling_VPN_authentication_Gosling-06 line 1 remark AAA to Gosling-06 access-list Gatling_VPN_authentication_Gosling-06 line 2 extended permit tcp interface Gatling_VPN interface Gatling_GCC_LAN (hitcnt=0) access-list Gatling_VPN_access_in; 4 elements access-list Gatling_VPN_access_in line 1 extended permit udp interface Gatling_VPN eq radius host 10.10.0.36 eq radius (hitcnt=0) access-list Gatling_VPN_access_in line 2 extended permit udp interface Gatling_VPN eq radius-acct host 10.10.0.36 eq radius-acct (hitcnt=0) access-list Gatling_VPN_access_in line 3 extended permit icmp interface Gatling_VPN interface Gatling_GCC_LAN (hitcnt=0) access-list Gatling_VPN_access_in line 4 extended permit tcp interface Gatling_VPN interface Gatling_GCC_LAN (hitcnt=0) access-list Gatling_VPN; 5 elements access-list Gatling_VPN line 1 extended permit udp any host 147.109.253.xxx eq isakmp (hitcnt=0) access-list Gatling_VPN line 2 extended permit ah any host 147.109.253.xxx (hitcnt=0) access-list Gatling_VPN line 3 extended permit esp any host 147.109.253.xxx (hitcnt=0) access-list Gatling_VPN line 4 remark Tunnel Traffic access-list Gatling_VPN line 5 extended permit udp any host 147.109.253.xxx eq 4500 (hitcnt=0) access-list Gatling_VPN line 6 extended permit tcp 172.16.0.0 255.255.255.0 host 10.10.0.13 eq 3389 (hitcnt=0) Gatling-06# Gatling-06# Gatling-06# sh nat NAT policies on Interface Gatling_GCC_LAN: match ip Gatling_GCC_LAN host 10.10.0.6 Gatling_GCC_LAN 172.16.0.0 255.255.255.192 NAT exempt translate_hits = 0, untranslate_hits = 0 match ip Gatling_GCC_LAN 10.10.0.0 255.255.254.0 Gatling_GCC_LAN 10.10.0.0 255.255.0.0 NAT exempt translate_hits = 0, untranslate_hits = 0 match ip Gatling_GCC_LAN host 10.10.0.6 Gatling_VPN 172.16.0.0 255.255.255.192 NAT exempt translate_hits = 0, untranslate_hits = 0 match ip Gatling_GCC_LAN 10.10.0.0 255.255.254.0 Gatling_VPN 10.10.0.0 255.255.0.0 NAT exempt translate_hits = 0, untranslate_hits = 0 match ip Gatling_GCC_LAN host 10.10.0.6 Gatling_GCC_WAN 172.16.0.0 255.255.255.192 NAT exempt translate_hits = 0, untranslate_hits = 0 match ip Gatling_GCC_LAN 10.10.0.0 255.255.254.0 Gatling_GCC_WAN 10.10.0.0 255.255.0.0 NAT exempt translate_hits = 0, untranslate_hits = 0 match ip Gatling_GCC_LAN host 10.10.0.6 Galtling_Management_Port 172.16.0.0 255.255.255.192 NAT exempt translate_hits = 0, untranslate_hits = 0 match ip Gatling_GCC_LAN 10.10.0.0 255.255.254.0 Galtling_Management_Port 10.10.0.0 255.255.0.0 NAT exempt translate_hits = 0, untranslate_hits = 0 match ip Gatling_GCC_LAN any Gatling_GCC_LAN any identity NAT translation, pool 0 translate_hits = 0, untranslate_hits = 0 match ip Gatling_GCC_LAN any Gatling_VPN any identity NAT translation, pool 0 translate_hits = 0, untranslate_hits = 0 match ip Gatling_GCC_LAN any Gatling_GCC_WAN any identity NAT translation, pool 0 translate_hits = 0, untranslate_hits = 0 match ip Gatling_GCC_LAN any Galtling_Management_Port any identity NAT translation, pool 0 translate_hits = 0, untranslate_hits = 0 match ip Gatling_GCC_LAN any Gatling_VPN any no translation group, implicit deny policy_hits = 0 match ip Gatling_GCC_LAN any Gatling_GCC_WAN any no translation group, implicit deny policy_hits = 0 NAT policies on Interface Gatling_VPN: match ip Gatling_VPN host 10.10.0.6 Gatling_VPN 172.16.0.0 255.255.255.192 NAT exempt translate_hits = 0, untranslate_hits = 0 match ip Gatling_VPN 10.10.0.0 255.255.254.0 Gatling_VPN 10.10.0.0 255.255.0.0 NAT exempt translate_hits = 0, untranslate_hits = 0 match ip Gatling_VPN host 10.10.0.6 Gatling_GCC_WAN 172.16.0.0 255.255.255.192 NAT exempt translate_hits = 0, untranslate_hits = 0 match ip Gatling_VPN 10.10.0.0 255.255.254.0 Gatling_GCC_WAN 10.10.0.0 255.255.0.0 NAT exempt translate_hits = 0, untranslate_hits = 0 match ip Gatling_VPN 172.16.0.0 255.255.255.0 Gatling_GCC_LAN any identity NAT translation, pool 0 translate_hits = 180, untranslate_hits = 0 match ip Gatling_VPN 172.16.0.0 255.255.255.0 Gatling_VPN any identity NAT translation, pool 0 translate_hits = 0, untranslate_hits = 0 match ip Gatling_VPN 172.16.0.0 255.255.255.0 Galtling_Management_Port any identity NAT translation, pool 0 translate_hits = 0, untranslate_hits = 0 match ip Gatling_VPN any Gatling_GCC_WAN any no translation group, implicit deny policy_hits = 90 match ip Gatling_VPN any Gatling_GCC_LAN any no translation group, implicit deny policy_hits = 0 match ip Gatling_VPN any Galtling_Management_Port any no translation group, implicit deny policy_hits = 0 NAT policies on Interface Galtling_Management_Port: match ip Galtling_Management_Port any Gatling_GCC_LAN any dynamic translation to pool 10 (10.10.0.6 [Interface PAT]) translate_hits = 0, untranslate_hits = 0 match ip Galtling_Management_Port any Gatling_VPN any dynamic translation to pool 10 (No matching global) translate_hits = 0, untranslate_hits = 0 match ip Galtling_Management_Port any Gatling_GCC_WAN any dynamic translation to pool 10 (No matching global) translate_hits = 0, untranslate_hits = 0 match ip Galtling_Management_Port any Galtling_Management_Port any dynamic translation to pool 10 (No matching global) translate_hits = 0, untranslate_hits = 0 match ip Galtling_Management_Port any Gatling_VPN any no translation group, implicit deny policy_hits = 0 match ip Galtling_Management_Port any Gatling_GCC_WAN any no translation group, implicit deny policy_hits = 0 Gatling-06# sh run nat nat (Gatling_GCC_LAN) 0 access-list Gatling_GCC_LAN_nat0_outbound nat (Gatling_GCC_LAN) 0 0.0.0.0 0.0.0.0 nat (Gatling_VPN) 0 access-list Gatling_GCC_LAN_nat0_outbound nat (Gatling_VPN) 0 172.16.0.0 255.255.255.0 dns outside nat (Galtling_Management_Port) 10 0.0.0.0 0.0.0.0 Gatling-06#