Result of the command: "show run" : Saved : ASA Version 7.2(4) ! hostname XXXXXXX domain-name XXX.COM enable password XXX encrypted passwd XXX encrypted names dns-guard ! interface GigabitEthernet0/0 speed 1000 duplex full nameif outside security-level 0 ip address 111.222.167.2 255.255.255.0 ! interface GigabitEthernet0/1 speed 1000 duplex full nameif inside security-level 100 ip address 172.16.20.2 255.255.255.0 ! interface GigabitEthernet0/2 speed 1000 duplex full nameif dmz security-level 50 ip address 172.16.10.2 255.255.255.0 ! interface GigabitEthernet0/3 shutdown nameif Management2 security-level 100 ip address 172.16.40.210 255.255.255.0 management-only ! interface Management0/0 nameif management security-level 100 ip address 192.168.1.1 255.255.255.0 management-only ! boot system disk0:/asa724-k8.bin ftp mode passive clock timezone XXX -X clock summer-time XXX recurring dns server-group DefaultDNS domain-name XXX.COM object-group network System_6 description Both subnets 172.16.22.0 (internal) and 172.16.12.0 (DMZ) network-object 172.16.12.0 255.255.255.0 network-object 172.16.22.0 255.255.255.0 object-group network XXX_Support description IP addresses from which XXX Support may access the XXX System network-object host XXX.XXX.194.34 network-object host XXX.XXX.196.234 access-list CAPIN extended permit icmp host 111.222.167.2 any access-list CAPIN extended permit icmp any host 111.222.167.2 access-list CAPOUT extended permit icmp host 111.222.167.2 any access-list CAPOUT extended permit icmp any host 111.222.167.2 access-list outside_in extended permit tcp any host 111.222.167.15 eq www access-list outside_in extended permit tcp object-group XXX_Support host 111.222.167.15 eq ftp-data access-list outside_in extended permit tcp object-group XXX_Support host 111.222.167.15 eq ssh access-list outside_in extended permit icmp any any access-list outside_in extended permit tcp object-group XXX_Support host 111.222.167.15 eq ftp access-list outside_in extended permit tcp any host 111.222.167.15 eq https access-list outside_in extended permit tcp any host 111.222.167.15 eq 8080 access-list outside_in extended permit tcp any host 111.222.167.12 eq www access-list outside_in extended permit tcp any host 111.222.167.12 eq 1629 access-list outside_in extended permit tcp any host 111.222.167.13 eq 1629 access-list outside_in extended permit tcp any host 111.222.167.13 eq www access-list outside_in extended permit tcp any host 111.222.167.22 eq www access-list outside_in extended permit tcp any host 111.222.167.22 eq https access-list outside_in extended permit tcp any host 111.222.167.23 eq www access-list outside_in extended permit tcp any host 111.222.167.23 eq https access-list outside_in extended permit tcp any host 111.222.167.13 eq 5900 access-list outside_in extended permit tcp any host 111.222.167.16 eq rtsp access-list outside_in extended permit tcp any host 111.222.167.6 eq telnet access-list outside_in extended permit tcp any host 111.222.167.16 eq www access-list outside_in extended permit tcp any host 111.222.167.17 eq www access-list outside_in extended permit tcp any host 111.222.167.17 eq https access-list outside_in extended permit tcp any host 111.222.167.16 eq 7070 access-list outside_in extended permit tcp any host 111.222.167.16 eq 7071 access-list outside_in extended permit udp any host 111.222.167.16 range 6970 7170 access-list outside_in extended permit tcp any host 111.222.167.16 eq 2030 access-list outside_in extended permit udp any host 111.222.167.16 eq 2030 access-list outside_in extended permit udp any host 111.222.167.16 range 30001 30020 access-list outside_in extended permit tcp any host 111.222.167.16 range 30001 30020 access-list outside_in extended permit tcp any host 111.222.167.18 eq ssh access-list outside_in extended permit tcp any host 111.222.167.19 eq ssh access-list outside_in extended permit tcp any host 111.222.167.18 eq 8080 access-list outside_in extended permit tcp any host 111.222.167.19 eq 8080 access-list outside_in extended permit tcp any host 111.222.167.19 eq www inactive access-list outside_in extended permit tcp any host 111.222.167.18 eq www inactive access-list outside_in extended permit tcp any host 111.222.167.18 eq 3306 inactive access-list outside_in extended permit tcp any host 111.222.167.19 eq 3306 inactive access-list outside_in extended permit tcp any host 111.222.167.16 eq 14312 access-list outside_in extended permit tcp any host 111.222.167.20 eq www access-list outside_in extended permit tcp any host 111.222.167.20 eq https access-list outside_in extended permit tcp any host 111.222.167.20 range 20564 20763 access-list inside_nat0_outbound extended permit ip any 172.16.100.0 255.255.255.0 access-list inside_nat0_outbound extended permit ip object-group System_6 172.16.101.0 255.255.255.0 access-list inside_nat0_outbound extended permit ip any 192.168.102.176 255.255.255.240 access-list inside_nat0_outbound extended permit ip 172.16.20.0 255.255.255.0 172.16.100.0 255.255.255.0 access-list inside_nat0_outbound extended permit ip 172.16.40.0 255.255.255.0 172.16.100.0 255.255.255.0 access-list inside_nat0_outbound extended permit ip 172.16.100.0 255.255.255.0 172.16.40.0 255.255.255.0 access-list outside_cryptomap_dyn_20 extended permit ip any 172.16.100.0 255.255.255.0 access-list outside_cryptomap_dyn_20 remark Vendor_VPN access-list outside_cryptomap_dyn_20 extended permit ip any 172.16.101.0 255.255.255.0 access-list outside_cryptomap_dyn_20 extended permit ip 172.16.100.0 255.255.255.0 any access-list Vendor_Maint extended permit ip 172.16.101.0 255.255.255.0 object-group System_6 log access-list Vendor_Maint extended permit ip object-group System_6 172.16.101.0 255.255.255.0 log access-list DefaultRAGroup_splitTunnelAcl standard permit any access-list User_Test1_splitTunnelAcl standard permit 172.16.20.0 255.255.255.0 access-list User_Test1_splitTunnelAcl standard permit 172.16.40.0 255.255.255.0 access-list User_Test1_splitTunnelAcl standard permit 172.16.10.0 255.255.255.0 access-list User_Test1_splitTunnelAcl standard permit 172.16.16.0 255.255.255.0 access-list dmz_nat0_outbound extended permit ip 172.16.10.0 255.255.255.0 172.16.100.0 255.255.255.0 access-list dmz_nat0_outbound extended permit ip 172.16.16.0 255.255.255.0 172.16.100.0 255.255.255.0 pager lines 24 logging enable logging timestamp logging asdm-buffer-size 200 logging monitor debugging logging trap informational logging history notifications logging asdm informational logging host inside 172.16.40.40 logging flash-maximum-allocation 2048 logging permit-hostdown logging class auth history informational logging class config history informational logging class sys history informational logging class vpn history informational mtu outside 1500 mtu inside 1500 mtu dmz 1500 mtu management 1500 mtu Management2 1500 ip local pool VPN_IP_Pool_100 172.16.100.10-172.16.100.254 mask 255.255.255.0 ip local pool Vendor_VPN_Pool_101 172.16.101.10-172.16.101.254 mask 255.255.255.0 ip local pool OurCompany_102 192.168.102.180-192.168.102.185 mask 255.255.255.0 no failover monitor-interface outside monitor-interface inside monitor-interface dmz monitor-interface management monitor-interface Management2 icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-524.bin asdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 0 access-list inside_nat0_outbound nat (inside) 1 0.0.0.0 0.0.0.0 nat (dmz) 0 access-list dmz_nat0_outbound nat (dmz) 1 0.0.0.0 0.0.0.0 static (dmz,outside) 111.222.167.15 172.16.15.10 netmask 255.255.255.255 static (dmz,outside) 111.222.167.33 172.16.15.33 netmask 255.255.255.255 static (dmz,outside) 111.222.167.13 172.16.13.10 netmask 255.255.255.255 static (dmz,outside) 111.222.167.12 172.16.12.11 netmask 255.255.255.255 static (dmz,outside) 111.222.167.22 172.16.12.10 netmask 255.255.255.255 static (dmz,outside) 111.222.167.23 172.16.12.12 netmask 255.255.255.255 static (dmz,outside) 111.222.167.16 172.16.16.10 netmask 255.255.255.255 static (dmz,outside) 111.222.167.6 172.16.16.6 netmask 255.255.255.255 static (dmz,outside) 111.222.167.17 172.16.17.10 netmask 255.255.255.255 static (dmz,outside) 111.222.167.18 172.16.18.18 netmask 255.255.255.255 static (dmz,outside) 111.222.167.19 172.16.18.19 netmask 255.255.255.255 static (dmz,outside) 111.222.167.20 172.16.16.12 netmask 255.255.255.255 static (inside,outside) 111.222.167.5 172.16.22.11 netmask 255.255.255.255 access-group outside_in in interface outside route outside 0.0.0.0 0.0.0.0 111.222.167.2 1 route inside 172.16.50.0 255.255.255.0 172.16.20.2 1 route inside 172.16.25.0 255.255.255.0 172.16.20.2 1 route inside 172.16.24.0 255.255.255.0 172.16.20.2 1 route inside 172.16.23.0 255.255.255.0 172.16.20.2 1 route inside 172.16.22.0 255.255.255.0 172.16.20.2 1 route inside 172.16.21.0 255.255.255.0 172.16.20.2 1 route inside 172.16.51.0 255.255.255.0 172.16.20.2 1 route inside 172.16.28.0 255.255.255.0 172.16.20.2 1 route inside 172.16.39.0 255.255.255.0 172.16.20.2 1 route inside 192.168.102.0 255.255.255.0 192.168.102.250 1 route inside 192.168.100.0 255.255.255.0 192.168.102.250 1 route inside 172.18.5.0 255.255.255.0 172.16.20.2 1 route inside 172.18.10.0 255.255.255.0 172.16.20.2 1 route inside 172.18.20.0 255.255.255.0 172.16.20.2 1 route inside 172.21.100.0 255.255.255.0 172.16.20.2 1 route dmz 172.16.17.0 255.255.255.0 172.16.10.2 1 route dmz 172.16.16.0 255.255.255.0 172.16.10.2 1 route dmz 172.16.14.0 255.255.255.0 172.16.10.2 1 route dmz 172.16.13.0 255.255.255.0 172.16.10.2 1 route dmz 172.16.12.0 255.255.255.0 172.16.10.2 1 route dmz 172.16.11.0 255.255.255.0 172.16.10.2 1 route dmz 172.16.15.0 255.255.255.0 172.16.10.2 1 route dmz 172.16.18.0 255.255.255.0 172.16.10.2 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute aaa authentication telnet console LOCAL aaa authentication enable console LOCAL aaa authentication ssh console LOCAL aaa authentication http console LOCAL aaa authorization command LOCAL http server enable http 172.16.40.222 255.255.255.255 Management2 http 192.168.1.0 255.255.255.0 management snmp-server host Management2 172.16.40.40 community XXXX no snmp-server location no snmp-server contact snmp-server community XXXX snmp-server enable traps snmp authentication linkup linkdown coldstart snmp-server enable traps syslog snmp-server enable traps ipsec start stop crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_dyn_20 crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA crypto dynamic-map outside_dyn_map 40 set pfs group5 crypto dynamic-map outside_dyn_map 40 set transform-set ESP-3DES-SHA crypto dynamic-map outside_dyn_map 60 set pfs group1 crypto dynamic-map outside_dyn_map 60 set transform-set TRANS_ESP_3DES_SHA crypto dynamic-map outside_dyn_map 80 set transform-set ESP-3DES-SHA crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map crypto map outside_map interface outside crypto isakmp identity hostname crypto isakmp enable outside crypto isakmp policy 10 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 crypto isakmp nat-traversal 20 crypto isakmp ipsec-over-tcp port 10000 client-update enable telnet timeout 5 ssh 172.16.40.222 255.255.255.255 Management2 ssh timeout 5 console timeout 0 management-access management ntp authenticate ntp server XXX.XXX.222.200 source outside group-policy User_Test1 internal group-policy User_Test1 attributes wins-server value 172.16.40.40 dns-server value 172.16.40.40 vpn-tunnel-protocol IPSec split-tunnel-policy tunnelspecified split-tunnel-network-list value User_Test1_splitTunnelAcl default-domain value acme.com group-policy DefaultRAGroup internal group-policy DefaultRAGroup attributes wins-server value 192.168.102.201 dns-server value 192.168.102.201 vpn-tunnel-protocol l2tp-ipsec split-tunnel-policy tunnelspecified split-tunnel-network-list value DefaultRAGroup_splitTunnelAcl default-domain value OurCompany.com group-policy Vendor_Grp_Policy internal group-policy Vendor_Grp_Policy attributes dns-server value 172.16.40.40 192.168.102.201 default-domain value acme.com address-pools value Vendor_VPN_Pool_101 group-policy Vendor_Maint_VPN internal group-policy Vendor_Maint_VPN attributes dns-server value 172.16.40.40 172.16.40.41 default-domain value acme.com group-policy Outside_Test internal group-policy Outside_Test attributes dns-server value 172.16.40.40 192.168.102.201 split-tunnel-policy tunnelall username XXX password username XXX password tunnel-group DefaultRAGroup general-attributes address-pool OurCompany_102 default-group-policy DefaultRAGroup tunnel-group DefaultRAGroup ipsec-attributes pre-shared-key * tunnel-group DefaultRAGroup ppp-attributes authentication ms-chap-v2 tunnel-group Outside_Test type ipsec-ra tunnel-group Outside_Test general-attributes address-pool VPN_IP_Pool_100 default-group-policy Outside_Test tunnel-group Outside_Test ipsec-attributes pre-shared-key * tunnel-group Vendor_Maint_VPN type ipsec-ra tunnel-group Vendor_Maint_VPN general-attributes address-pool Vendor_VPN_Pool_101 default-group-policy Vendor_Grp_Policy tunnel-group Vendor_Maint_VPN ipsec-attributes pre-shared-key * tunnel-group WebVPN1 type webvpn tunnel-group WebVPN1 webvpn-attributes tunnel-group User_Test1 type ipsec-ra tunnel-group User_Test1 general-attributes address-pool VPN_IP_Pool_100 default-group-policy User_Test1 tunnel-group User_Test1 ipsec-attributes pre-shared-key * ! class-map class_sip_tcp match port tcp eq sip ! ! policy-map global_policy class class_sip_tcp inspect sip ! service-policy global_policy global prompt hostname context Cryptochecksum:f6932e8f8e43651b3a39c92edb53d080 : end