ASA Version 7.0(4) ! hostname ciscoasa domain-name default.domain.invalid enable password 6356f3533f563 encrypted names ! interface GigabitEthernet0/0 description ASA's WAN Facing Interface nameif Outside security-level 0 ip address 1.0.0.1 255.0.0.0 ! interface GigabitEthernet0/1 description Interfcace For Communicating with Remote Branches nameif Rem_Br security-level 100 ip address 10.0.0.1 255.0.0.0 ! interface GigabitEthernet0/2 shutdown no nameif no security-level no ip address ! interface GigabitEthernet0/3 shutdown no nameif no security-level no ip address ! interface Management0/0 nameif Inside security-level 100 ip address 192.168.0.240 255.255.255.0 ! passwd 7asdf978asfdgiua encrypted ftp mode passive same-security-traffic permit inter-interface access-list Inside_access_in extended permit udp 192.168.0.0 255.255.255.0 any access-list Inside_access_in extended permit tcp 192.168.0.0 255.255.255.0 any access-list Inside_nat0_outbound extended permit ip 192.168.0.0 255.255.255.0 interface Outside access-list Inside_nat0_outbound extended permit ip 192.168.0.0 255.255.255.0 192.168.1.0 255.255.255.0 access-list Inside_nat0_outbound extended permit ip 192.168.0.0 255.255.255.0 192.168.2.0 255.255.255.0 access-list Inside_nat0_outbound extended permit ip 192.168.0.0 255.255.255.0 192.168.5.0 255.255.255.0 access-list Inside_nat0_outbound extended permit ip 192.168.0.0 255.255.255.0 192.168.3.0 255.255.255.0 access-list Inside_nat0_outbound extended permit ip 192.168.0.0 255.255.255.0 any access-list Rem_Br_access_in extended permit tcp 192.168.2.0 255.255.255.0 192.168.0.0 255.255.255.0 access-list Rem_Br_access_in extended permit tcp 192.168.5.0 255.255.255.0 192.168.0.0 255.255.255.0 access-list Rem_Br_access_in extended permit tcp 192.168.3.0 255.255.255.0 192.168.0.0 255.255.255.0 access-list Rem_Br_access_in extended permit tcp 192.168.1.0 255.255.255.0 192.168.0.0 255.255.255.0 pager lines 24 logging enable logging asdm informational mtu Outside 1500 mtu Rem_Br 1500 mtu Inside 1500 ip local pool mypool 192.168.0.245-192.168.0.250 ip verify reverse-path interface Outside ip verify reverse-path interface Inside no failover asdm image disk0:/asdm-504.bin no asdm history enable arp timeout 14400 nat-control global (Outside) 1 interface nat (Inside) 0 access-list Inside_nat0_outbound nat (Inside) 1 192.168.0.0 255.255.255.0 access-group Rem_Br_access_in in interface Rem_Br access-group Inside_access_in in interface Inside route Outside 0.0.0.0 0.0.0.0 1.0.0.2 1 route Rem_Br 192.168.1.0 255.255.255.0 10.0.0.2 1 route Rem_Br 192.168.2.0 255.255.255.0 10.0.0.2 1 route Rem_Br 192.168.3.0 255.255.255.0 10.0.0.2 1 route Rem_Br 192.168.5.0 255.255.255.0 10.0.0.2 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute username neo7 password 0UrtaUnH8j4c1MAQ encrypted http server enable http 192.168.0.0 255.255.255.0 Inside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec transform-set firstset esp-3des esp-md5-hmac crypto dynamic-map dyn1 1 set transform-set firstset crypto dynamic-map dyn1 1 set reverse-route crypto map mymap 1 ipsec-isakmp dynamic dyn1 crypto map mymap interface Outside isakmp enable Outside isakmp policy 1 authentication pre-share isakmp policy 1 encryption 3des isakmp policy 1 hash sha isakmp policy 1 group 2 isakmp policy 1 lifetime 43200 isakmp ipsec-over-tcp port 500 tunnel-group test-group type ipsec-ra tunnel-group test-group general-attributes address-pool mypool tunnel-group testgroup type ipsec-ra tunnel-group testgroup ipsec-attributes pre-shared-key one telnet timeout 5 ssh timeout 5 console timeout 0 dhcpd lease 3600 dhcpd ping_timeout 50 tftp-server Inside 10.0.0.2 run-config Cryptochecksum:eddc476297cd1621496ab62243bcf7a0 : end