ciscoasa# sh run : Saved : ASA Version 9.1(2) ! hostname ciscoasa domain-name halliburton.com enable password 0e53SZdxezxawxDG encrypted xlate per-session deny tcp any4 any4 xlate per-session deny tcp any4 any6 xlate per-session deny tcp any6 any4 xlate per-session deny tcp any6 any6 xlate per-session deny udp any4 any4 eq domain xlate per-session deny udp any4 any6 eq domain xlate per-session deny udp any6 any4 eq domain xlate per-session deny udp any6 any6 eq domain passwd 2KFQnbNIdI.2KYOU encrypted names ip local pool VPN_POOL 10.1.0.1-10.1.0.254 mask 255.255.255.0 ! interface Ethernet0/0 switchport access vlan 100 ! interface Ethernet0/1 switchport access vlan 2 ! interface Ethernet0/2 switchport access vlan 2 ! interface Ethernet0/3 switchport access vlan 2 ! interface Ethernet0/4 switchport access vlan 2 ! interface Ethernet0/5 switchport access vlan 2 ! interface Ethernet0/6 switchport access vlan 2 ! interface Ethernet0/7 switchport access vlan 2 ! interface Vlan2 nameif inside security-level 100 ip address 192.168.0.1 255.255.255.0 ! interface Vlan100 nameif outside security-level 0 ip address 175.136.239.130 255.255.255.252 ! boot system disk0:/asa912-k8.bin ftp mode passive clock timezone MYT 8 dns domain-lookup outside dns server-group DefaultDNS name-server 202.188.1.5 name-server 202.188.0.133 domain-name halliburton.com same-security-traffic permit inter-interface same-security-traffic permit intra-interface object network 192.168.1.0 subnet 192.168.1.0 255.255.255.0 description Halliburton_LAN object network inside_LAN subnet 192.168.0.0 255.255.255.0 object network VPN_Network subnet 10.1.0.0 255.255.255.0 object network FIN_SRV01 host 192.168.0.100 object network VPN_Netwrok subnet 10.1.0.0 255.255.255.0 object network NETWORK_OBJ_10.1.0.0_24 subnet 10.1.0.0 255.255.255.0 object-group icmp-type DM_INLINE_ICMP_1 icmp-object echo icmp-object echo-reply object-group protocol DM_INLINE_PROTOCOL_1 protocol-object ip protocol-object icmp protocol-object udp protocol-object tcp access-list inside_access_in extended permit ip object inside_LAN any access-list inside_access_in extended deny ip any any access-list outside_access_in extended permit ip any any access-list outside_access_in extended permit icmp any object inside_LAN object-group DM_INLINE_ICMP_1 access-list HB_VPN extended permit object-group DM_INLINE_PROTOCOL_1 object VPN_Network object FIN_SRV01 access-list inside_access_in_1 extended permit ip any any access-list VPN_Network extended permit ip 192.168.0.0 255.255.255.0 10.0.1.0 255.255.255.0 access-list HB_MY_splitTunnelAcl_2 standard permit host 192.168.0.100 pager lines 24 logging enable logging asdm informational mtu inside 1500 mtu outside 1500 icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-713.bin no asdm history enable arp timeout 14400 no arp permit-nonconnected nat (any,any) source static VPN_Network VPN_Network destination static FIN_SRV01 FIN_SRV01 ! object network inside_LAN nat (any,outside) dynamic interface access-group inside_access_in_1 in interface inside access-group outside_access_in in interface outside route outside 0.0.0.0 0.0.0.0 175.136.239.129 1 timeout xlate 3:00:00 timeout pat-xlate 0:00:30 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 dynamic-access-policy-record DfltAccessPolicy webvpn url-list value RDP user-identity default-domain LOCAL aaa authentication enable console LOCAL aaa authentication ssh console LOCAL aaa authentication http console LOCAL aaa authorization exec LOCAL http server enable http 0.0.0.0 0.0.0.0 inside http 0.0.0.0 0.0.0.0 outside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac crypto ipsec security-association pmtu-aging infinite crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1 crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP crypto map outside_map interface outside crypto ca trustpoint ASDM_TrustPoint0 enrollment self subject-name CN=ciscoasa crl configure crypto ca trustpoint ASDM_TrustPoint1 enrollment self subject-name CN=ciscoasa proxy-ldc-issuer crl configure crypto ca trustpool policy crypto ca certificate chain ASDM_TrustPoint1 certificate 84253553 30820254 308201bd a0030201 02020484 25355330 0d06092a 864886f7 0d010105 0500303c 3111300f 06035504 03130863 6973636f 61736131 27302506 092a8648 86f70d01 09021618 63697363 6f617361 2e68616c 6c696275 72746f6e 2e636f6d 301e170d 31343033 32383037 34373139 5a170d32 34303332 35303734 3731395a 303c3111 300f0603 55040313 08636973 636f6173 61312730 2506092a 864886f7 0d010902 16186369 73636f61 73612e68 616c6c69 62757274 6f6e2e63 6f6d3081 9f300d06 092a8648 86f70d01 01010500 03818d00 30818902 818100c9 c63caa50 2a12dd9e 437aa2a7 4b169ab1 6e401dcf 234d133a 244511de a077e437 dfe268a0 57aa5f17 b1c75e68 01d8391a ce537a2d 41e9016f 8162f5ea cbdf5d0d 9dc9123e eacf7174 da7f4fc4 e5361159 a8722675 20347988 bd9c1033 c013fbcf 04309895 156a3816 1700a11a 755e7908 0e3b33c5 f98a83a6 ca89d9e1 62f9f902 03010001 a3633061 300f0603 551d1301 01ff0405 30030101 ff300e06 03551d0f 0101ff04 04030201 86301f06 03551d23 04183016 8014f605 1d918692 b5e09535 0eabbf10 a9f34f24 dd6d301d 0603551d 0e041604 14f6051d 918692b5 e095350e abbf10a9 f34f24dd 6d300d06 092a8648 86f70d01 01050500 03818100 78da6342 cf795dd4 cd198c37 53bee5a7 2ae9bc52 168f2c11 913d0e0c 90b8f7cc d376ba56 dd9eaf2a 91443574 456ecf40 c7f83999 6569ce91 40f0ce92 03e47eb2 1dd8521d c0f53ded 779c7330 0386a99d f02bba74 9f61a648 cca42df9 48be7ffa 494de7da 042ae487 f6acbfcd e771be6b 2be5fef0 973d8d59 c3a60f39 7fdcf019 quit no crypto isakmp nat-traversal crypto ikev2 policy 1 encryption aes-256 integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 10 encryption aes-192 integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 20 encryption aes integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 30 encryption 3des integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 40 encryption des integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 enable outside crypto ikev1 enable outside crypto ikev1 policy 5 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 crypto ikev1 policy 10 authentication crack encryption aes-256 hash sha group 2 lifetime 86400 crypto ikev1 policy 20 authentication rsa-sig encryption aes-256 hash sha group 2 lifetime 86400 crypto ikev1 policy 30 authentication pre-share encryption aes-256 hash sha group 2 lifetime 86400 crypto ikev1 policy 40 authentication crack encryption aes-192 hash sha group 2 lifetime 86400 crypto ikev1 policy 50 authentication rsa-sig encryption aes-192 hash sha group 2 lifetime 86400 crypto ikev1 policy 60 authentication pre-share encryption aes-192 hash sha group 2 lifetime 86400 crypto ikev1 policy 70 authentication crack encryption aes hash sha group 2 lifetime 86400 crypto ikev1 policy 80 authentication rsa-sig encryption aes hash sha group 2 lifetime 86400 crypto ikev1 policy 90 authentication pre-share encryption aes hash sha group 2 lifetime 86400 crypto ikev1 policy 100 authentication crack encryption 3des hash sha group 2 lifetime 86400 crypto ikev1 policy 110 authentication rsa-sig encryption 3des hash sha group 2 lifetime 86400 crypto ikev1 policy 130 authentication crack encryption des hash sha group 2 lifetime 86400 crypto ikev1 policy 140 authentication rsa-sig encryption des hash sha group 2 lifetime 86400 crypto ikev1 policy 150 authentication pre-share encryption des hash sha group 2 lifetime 86400 telnet 0.0.0.0 0.0.0.0 outside telnet timeout 5 ssh 0.0.0.0 0.0.0.0 outside ssh timeout 5 ssh key-exchange group dh-group1-sha1 console timeout 0 management-access inside dhcpd auto_config outside ! dhcpd address 192.168.0.101-192.168.0.130 inside dhcpd dns 202.188.0.133 202.188.1.5 interface inside dhcpd domain hallbayan01@unifibiz interface inside dhcpd enable inside ! threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept ntp server 202.71.100.89 source outside webvpn enable outside smart-tunnel list Halliburton23_RDP wininit.exe wininit.exe platform windows smart-tunnel list Halliburton23_RDP TSWbPrxy.exe TSWbPrxy.exe platform windows smart-tunnel list Halliburton23_RDP services.exe services.exe platform windows smart-tunnel list Halliburton23_RDP mstsc.exe mstsc.exe platform windows smart-tunnel list Halliburton23_RDP wksprt.exe wksprt.exe platform windows group-policy DfltGrpPolicy attributes webvpn url-list value RDP smart-tunnel enable Halliburton23_RDP group-policy HB_MY internal group-policy HB_MY attributes dns-server value 8.8.8.8 8.8.4.4 vpn-tunnel-protocol ikev1 split-tunnel-policy tunnelspecified split-tunnel-network-list value HB_VPN default-domain value halliburton.com username Yin_Mei password KJkscnepnb6B5uNC encrypted privilege 0 username Yin_Mei attributes service-type remote-access username Basil_Law password gMeFr1t86MFZViA4 encrypted privilege 0 username Basil_Law attributes service-type remote-access username Rashid_Yusoff password LxyZjt2yG8B5cu9r encrypted privilege 0 username Rashid_Yusoff attributes service-type remote-access username administrator password woVD0EbRlBnBW1dA encrypted privilege 15 username administrator attributes vpn-group-policy DfltGrpPolicy webvpn url-list value RDP smart-tunnel enable Halliburton23_RDP username Steve_Jacobs password 8BzMnNE1cXhPxk8f encrypted privilege 0 username Steve_Jacobs attributes service-type remote-access username A_Fais password 0jkKVKJbXqjYPeWX encrypted privilege 0 username A_Fais attributes service-type remote-access tunnel-group HB_MY type remote-access tunnel-group HB_MY general-attributes address-pool VPN_POOL default-group-policy HB_MY tunnel-group HB_MY ipsec-attributes ikev1 pre-shared-key ***** ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum client auto message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect ip-options ! service-policy global_policy global prompt hostname context no call-home reporting anonymous Cryptochecksum:e84d3a6dd96518192b7bffb3eb140944 : end