Saved : ASA Version 8.2(1) ! hostname hds-asa1 domain-name zzzzzzzz enable password zzzzzzzzzzzzzz encrypted passwd zzzzzzzzzzzzzzzzzz encrypted names name 10.89.48.0 RKACC_NETWORK description Lithuania rkacc network name 10.89.54.0 rkacc_lan dns-guard ! interface Ethernet0/0 speed 10 duplex full nameif outside security-level 10 ip address external ip 255.255.255.240 ! interface Ethernet0/1 nameif inside security-level 100 ip address 10.20.30.1 255.255.255.0 ! interface Ethernet0/2 shutdown no nameif no security-level no ip address ! interface Ethernet0/3 shutdown no nameif no security-level no ip address ! interface Management0/0 shutdown no nameif no security-level no ip address ! boot system disk0:/asa821-k8.bin boot system disk0:/asa701-k8.bin ftp mode passive dns server-group DefaultDNS domain-namezzzzzzzzzzzzzzzzzzzz same-security-traffic permit intra-interface object-group network DM_INLINE_NETWORK_1 network-object RKACC_NETWORK 255.255.255.0 object-group network DM_INLINE_NETWORK_2 network-object RKACC_NETWORK 255.255.255.0 network-object rkacc_lan 255.255.255.0 object-group network DM_INLINE_NETWORK_3 network-object RKACC_NETWORK 255.255.255.0 network-object rkacc_lan 255.255.255.0 object-group network DM_INLINE_NETWORK_4 network-object RKACC_NETWORK 255.255.255.0 network-object rkacc_lan 255.255.255.0 object-group network DM_INLINE_NETWORK_5 network-object RKACC_NETWORK 255.255.255.0 network-object rkacc_lan 255.255.255.0 access-list 100 extended permit ip 10.20.30.0 255.255.255.0 object-group DM_INLINE_NETWORK_2 access-list nonat extended permit ip 10.20.30.0 255.255.255.0 object-group DM_INLINE_NETWORK_5 access-list inside_access_in extended permit ip 10.20.30.0 255.255.255.0 object-group DM_INLINE_NETWORK_4 access-list inside_access_in_1 extended permit ip any object-group DM_INLINE_NETWORK_3 access-list inside_access_in_1 extended permit ip any any pager lines 24 logging enable logging asdm informational mtu outside 1500 mtu inside 1500 ip audit signature 2000 disable ip audit signature 2001 disable no failover icmp unreachable rate-limit 1 burst-size 1 icmp permit any outside icmp permit any inside asdm image disk0:/asdm-621.bin no asdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 0 access-list nonat nat (inside) 1 10.20.30.0 255.255.255.0 access-group inside_access_in_1 in interface inside route outside 0.0.0.0 0.0.0.0 77.246.228.161 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 dynamic-access-policy-record DfltAccessPolicy aaa authentication ssh console LOCAL aaa authentication http console LOCAL http server enable http zzzzzzzzzzz outside http zzzzzzzzzzzz outside http zzzzzzzzzzzzzz outside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec transform-set SETAS esp-3des esp-sha-hmac crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec security-association lifetime seconds 28800 crypto ipsec security-association lifetime kilobytes 4608000 crypto map outside_map 20 match address 100 crypto map outside_map 20 set peer other pear ip crypto map outside_map 20 set transform-set SETAS crypto map outside_map interface outside crypto isakmp enable outside crypto isakmp enable inside crypto isakmp policy 10 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 telnet timeout 5 ssh zzzzzzzzzzzz outside ssh zzzzzzzzzzzzz outside ssh zzzzzzzzzzzzzz outside ssh timeout 5 console timeout 0 threat-detection basic-threat no threat-detection statistics access-list no threat-detection statistics tcp-intercept webvpn enable outside svc image disk0:/anyconnect-win-2.3.0254-k9.pkg 1 svc enable username username username tunnel-group other pear ip type ipsec-l2l tunnel-group other pear ip ipsec-attributes pre-shared-key * peer-id-validate nocheck ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns migrated_dns_map_1 parameters message-length maximum 512 policy-map global_policy class inspection_default inspect dns migrated_dns_map_1 inspect ftp inspect h323 h225 inspect h323 ras inspect netbios inspect rsh inspect rtsp inspect skinny inspect esmtp inspect sqlnet inspect sunrpc inspect tftp inspect sip inspect xdmcp ! service-policy global_policy global prompt hostname context Cryptochecksum:de4454ea81de48a18615cb938d1c3a5d : end asdm image disk0:/asdm-621.bin no asdm history enable