ASA Version 8.0(3) ! hostname PrimASA1 domain-name default.domain.invalid enable password DFUod4rGZX607fgA encrypted names name 85.158.136.0 messlabs2 name 193.109.254.0 messlabs3 name 194.106.220.0 messlabs4 name 195.245.230.0 messlabs5 name 62.231.131.0 messlabs6 name 212.125.74.44 messlabs7 name 195.216.16.211 messlabs8 name 212.125.75.0 messlabs9 name 194.205.110.128 messlabs10 name 62.173.108.16 messlabs11 name 62.173.108.208 messlabs12 name 216.82.240.0 messlab1 ! interface Vlan1 nameif inside security-level 100 ip address 192.168.0.1 255.255.255.0 ! interface Vlan2 nameif outside security-level 0 ip address 80.169.52.60 255.255.255.248 ! interface Vlan3 description backup no forward interface Vlan2 nameif Backup security-level 0 ip address 212.2.14.250 255.255.255.248 ! interface Ethernet0/0 ! interface Ethernet0/1 switchport access vlan 2 speed 100 duplex full ! interface Ethernet0/2 switchport access vlan 3 ! interface Ethernet0/3 shutdown ! interface Ethernet0/4 shutdown ! interface Ethernet0/5 ! interface Ethernet0/6 shutdown ! interface Ethernet0/7 shutdown ! passwd 0LxrbyIisih2y46f encrypted boot system disk0:/asa803-k8.bin ftp mode passive dns server-group DefaultDNS domain-name default.domain.invalid object-group network messagelabs network-object messlab1 255.255.240.0 network-object messlabs2 255.255.248.0 network-object messlabs3 255.255.254.0 network-object messlabs4 255.255.254.0 network-object messlabs5 255.255.254.0 network-object messlabs6 255.255.255.0 network-object messlabs7 255.255.255.255 network-object messlabs8 255.255.255.255 network-object messlabs9 255.255.255.224 network-object messlabs10 255.255.255.224 network-object messlabs11 255.255.255.240 network-object messlabs12 255.255.255.240 access-list 101 extended permit ip 192.168.0.0 255.255.255.0 any access-list outside_in extended permit tcp 10.0.0.0 255.255.255.0 host 80.169.52.58 eq telnet access-list outside_in extended permit tcp object-group messagelabs host 80.169.52.60 eq smtp access-list outside_in extended permit tcp any host 80.169.52.60 eq pop3 access-list outside_in extended permit tcp any host 80.169.52.60 eq https access-list outside_in extended permit tcp any host 80.169.52.60 eq pptp access-list outside_in extended permit gre any host 80.169.52.60 access-list outside_in extended permit tcp any host 80.169.52.62 eq www access-list outside_in extended permit tcp any host 80.169.52.62 eq https access-list outside_in extended permit tcp any host 80.169.52.62 eq pop3 access-list inside_nat0_outbound extended permit ip 192.168.0.0 255.255.255.0 10.0.0.0 255.255.255.0 access-list inside_nat0_outbound extended permit ip 192.168.0.0 255.255.255.0 192.168.11.0 255.255.255.0 access-list inside_nat0_outbound extended permit ip 192.168.0.0 255.255.255.0 10.0.1.0 255.255.255.0 access-list inside_nat0_outbound extended permit ip any 10.0.0.0 255.255.255.0 access-list inside_nat0_outbound extended permit ip 172.18.1.0 255.255.255.0 192.168.24.0 255.255.255.0 access-list outside_20_cryptomap extended permit ip 192.168.0.0 255.255.255.0 192.168.11.0 255.255.255.0 access-list inside_access_in extended permit gre any any access-list inside_access_in extended permit ip any any access-list ca3support_splitTunnelAcl standard permit any access-list backup_in extended permit tcp object-group messagelabs host 212.2.14.251 eq smtp access-list backup_in extended permit tcp any host 212.2.14.251 eq pop3 access-list backup_in extended permit tcp any host 212.2.14.251 eq https access-list backup_in extended permit tcp any host 212.2.14.251 eq pptp access-list backup_in extended permit gre any host 212.2.14.251 access-list caesupport_splitTunnelAcl standard permit 192.168.0.0 255.255.255.0 access-list 102 extended permit gre any any access-list 102 extended permit tcp any any eq pptp access-list Primrosestaff_splitTunnelAcl standard permit 192.168.0.0 255.255.255.0 access-list capture1 extended permit ip any host 192.168.0.10 access-list capture1 extended permit ip host 192.168.0.10 any access-list capture2 extended permit ip host 144.254.7.100 any access-list capture2 extended permit ip any host 144.254.7.100 access-list capture3 extended permit tcp any interface outside eq https access-list capture4 extended permit ip interface inside host 192.168.0.10 access-list capture4 extended permit ip host 192.168.0.10 interface inside access-list ultraspeed extended permit ip 192.168.0.0 255.255.255.0 192.168.24.0 255.255.255.0 access-list ultraspeed2 extended permit ip 172.18.1.0 255.255.255.0 192.168.24.0 255.255.255.0 access-list policy-nat extended permit ip 192.168.0.0 255.255.255.0 192.168.24.0 255.255.255.0 pager lines 24 logging enable logging buffered debugging logging asdm informational logging class ssl console debugging mtu inside 1500 mtu outside 1500 mtu Backup 1500 ip local pool caesupport 10.0.0.1-10.0.0.254 mask 255.255.255.0 ip local pool Primremote 10.0.1.0-10.0.1.255 mask 255.255.255.0 icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-611.bin no asdm history enable arp timeout 14400 global (outside) 10 interface global (Backup) 10 interface nat (inside) 0 access-list inside_nat0_outbound nat (inside) 10 access-list 101 static (inside,outside) tcp 80.169.52.62 www 192.168.0.16 www netmask 255.255.255.255 static (inside,outside) tcp 80.169.52.62 pop3 192.168.0.16 pop3 netmask 255.255.255.255 static (inside,outside) tcp 80.169.52.62 https 192.168.0.16 https netmask 255.255.255.255 static (inside,outside) tcp interface https 192.168.0.5 https netmask 255.255.255.255 static (inside,outside) tcp interface pptp 192.168.0.5 pptp netmask 255.255.255.255 static (inside,outside) tcp interface smtp 192.168.0.16 smtp netmask 255.255.255.255 static (inside,Backup) 212.2.14.251 192.168.0.5 netmask 255.255.255.255 static (inside,outside) 172.18.1.0 access-list policy-nat access-group inside_access_in in interface inside access-group outside_in in interface outside access-group backup_in in interface Backup route outside 0.0.0.0 0.0.0.0 80.169.52.58 1 track 1 route Backup 0.0.0.0 0.0.0.0 212.2.14.249 254 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout uauth 0:05:00 absolute dynamic-access-policy-record DfltAccessPolicy aaa-server VPN_Auth protocol ldap aaa-server VPN_Auth host 192.168.0.10 ldap-base-dn dc=Primrose, dc=local ldap-scope subtree ldap-naming-attribute sAMAccountName ldap-login-password * ldap-login-dn CN=asa,OU=Infrastructure,OU=Evaluate Technologies,OU=London,OU=Users,OU=MyBusiness,DC=Primrose,DC=Local server-type auto-detect aaa authentication ssh console LOCAL http server enable http 10.0.1.0 255.255.255.0 outside http 192.168.0.0 255.255.255.0 inside http 10.0.0.0 255.255.255.0 outside http 144.254.7.100 255.255.255.255 outside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart sla monitor 123 type echo protocol ipIcmpEcho 80.169.50.173 interface outside num-packets 3 frequency 10 sla monitor schedule 123 life forever start-time now crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA crypto dynamic-map outside_dyn_map 40 set transform-set ESP-3DES-SHA crypto dynamic-map outside_dyn_map 60 set transform-set ESP-3DES-SHA crypto dynamic-map outside_dyn_map 80 set pfs crypto dynamic-map outside_dyn_map 80 set transform-set ESP-3DES-SHA crypto dynamic-map outside_dyn_map 100 set pfs crypto dynamic-map outside_dyn_map 100 set transform-set ESP-3DES-SHA crypto dynamic-map outside_dyn_map 120 set transform-set ESP-3DES-SHA crypto dynamic-map outside_dyn_map 140 set pfs crypto dynamic-map outside_dyn_map 140 set transform-set ESP-3DES-SHA crypto dynamic-map outside_dyn_map 160 set transform-set ESP-3DES-SHA crypto dynamic-map outside_dyn_map 180 set pfs crypto dynamic-map outside_dyn_map 180 set transform-set ESP-3DES-SHA crypto map outside_map 20 match address outside_20_cryptomap crypto map outside_map 20 set peer 212.36.44.130 crypto map outside_map 20 set transform-set ESP-3DES-SHA crypto map outside_map 30 match address ultraspeed2 crypto map outside_map 30 set pfs crypto map outside_map 30 set peer 62.149.33.7 crypto map outside_map 30 set transform-set ESP-3DES-SHA crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map crypto map outside_map interface outside crypto isakmp enable outside crypto isakmp enable Backup crypto isakmp policy 10 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 crypto isakmp policy 65535 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 ! track 1 rtr 123 reachability telnet 192.168.0.0 255.255.255.0 inside telnet 10.0.0.0 255.255.255.0 outside telnet 10.0.1.0 255.255.255.0 outside telnet 212.2.14.248 255.255.255.248 Backup telnet timeout 5 ssh 144.254.7.100 255.255.255.255 outside ssh 212.169.21.130 255.255.255.255 outside ssh 144.254.7.177 255.255.255.255 outside ssh 81.143.166.105 255.255.255.255 outside ssh timeout 5 console timeout 0 management-access inside threat-detection basic-threat threat-detection statistics access-list group-policy caesupport internal group-policy caesupport attributes vpn-tunnel-protocol IPSec split-tunnel-policy tunnelspecified split-tunnel-network-list value caesupport_splitTunnelAcl group-policy Primrose internal group-policy Primrose attributes dns-server value 192.168.0.10 vpn-tunnel-protocol IPSec default-domain value Primrose.local group-policy Primrosestaff internal group-policy Primrosestaff attributes dns-server value 192.168.0.5 192.168.0.10 vpn-tunnel-protocol IPSec split-tunnel-policy tunnelspecified split-tunnel-network-list value Primrosestaff_splitTunnelAcl default-domain value primroselocal username SConnelly password CQtB/3XCa7goB/0K encrypted username caesupport password E.UApRo97Wjkc7l8 encrypted privilege 0 username caesupport attributes vpn-group-policy caesupport username caesupp0rt password rPUMnzoswKYBMGjt encrypted privilege 15 username primrosestaff nopassword username PCarron password cUC9OQKtHR9yYlPJ encrypted username PFradgley password 0W1pxoEse4.ivbmG encrypted username JMidgley password Z6mnUcWK8tZi6f8. encrypted username ohynderi password 7BKbG9PZCXU1U4iE encrypted privilege 15 username CDrummond password vWzq6W7cKT.K8N5v encrypted username DSimao password K/NN1eaIQLW.mz2D encrypted username HCraggs password L8J9p1qXFm1Sxi9/ encrypted username PLeslie password X5uxWy8kxJNosB4/ encrypted username THawkins password LxwR0zBR5qG15Bre encrypted username OAyanwuyi password C8zDZqWtUagj6NLN encrypted tunnel-group caesupport type remote-access tunnel-group caesupport general-attributes address-pool caesupport default-group-policy caesupport tunnel-group caesupport ipsec-attributes pre-shared-key * tunnel-group 212.36.44.130 type ipsec-l2l tunnel-group 212.36.44.130 ipsec-attributes pre-shared-key * tunnel-group Primrose type remote-access tunnel-group Primrose general-attributes address-pool Primremote tunnel-group Primrose ipsec-attributes pre-shared-key * tunnel-group Primremote type remote-access tunnel-group Primrosestaff type remote-access tunnel-group Primrosestaff general-attributes address-pool Primremote authentication-server-group VPN_Auth default-group-policy Primrosestaff tunnel-group Primrosestaff ipsec-attributes pre-shared-key * tunnel-group 62.149.33.7 type ipsec-l2l tunnel-group 62.149.33.7 ipsec-attributes pre-shared-key * ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect netbios inspect rsh inspect rtsp inspect skinny inspect sqlnet inspect sunrpc inspect tftp inspect sip inspect xdmcp inspect icmp policy-map inspection_default ! service-policy global_policy global prompt hostname context Cryptochecksum:644e44bab3a51a6116d6ff70a7d7ef95 : end