ASA-PR1# sh ru : Saved : ASA Version 7.2(2) ! hostname ASA-PR1 domain-name lotosnet.local enable password eGbHEyZzX.RPEfbq encrypted names dns-guard ! interface GigabitEthernet0/0 nameif internal-interface security-level 100 ip address 192.168.165.1 255.255.255.0 standby 192.168.165.2 ! interface GigabitEthernet0/1 nameif ISP_PROVIDER security-level 25 ip address 10.10.X.X 255.255.255.248 standby 10.10.X.X ! interface GigabitEthernet0/2 nameif outside-interface security-level 0 ip address 80.XX.XX.XX. 255.255.255.XX ! interface GigabitEthernet0/3 nameif disaster-interface security-level 90 ip address 10.30.1.1 255.255.255.240 standby 10.30.1.2 ! interface Management0/0 description LAN Failover Interface ! ftp mode passive clock timezone CEST 1 clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00 dns server-group DefaultDNS domain-name lotosnet.local same-security-traffic permit inter-interface same-security-traffic permit intra-interface object-group service XXXXXX_GROUP tcp description XXXXX_GROUP port-object eq 1401 port-object eq ftp port-object eq ftp-data port-object eq ssh port-object eq 11121 port-object range 50000 65000 access-list internal-interface_access_in extended permit ip any any access-list internal-interface_access_in extended permit icmp any any access-list disaster-interface_access_in extended permit icmp any any log access-list disaster-interface_access_in extended permit ip any any access-list LOCAL_LAN_ACCESS standard permit 5.5.5.0 255.255.255.0 access-list LOCAL_LAN_ACCESS standard permit 192.168.1.0 255.255.255.0 access-list internal-interface_nat0_outbound extended permit ip 192.168.165.0 255.255.255.0 10.20.0.0 255.255.0.0 access-list internal-interface_nat0_outbound extended permit ip 192.168.166.0 255.255.255.0 10.20.0.0 255.255.0.0 access-list internal-interface_nat0_outbound extended permit ip 192.168.165.0 255.255.255.0 192.168.166.0 255.255.255.0 access-list internal-interface_nat0_outbound extended permit ip 192.168.165.0 255.255.255.0 10.30.1.0 255.255.255.240 access-list internal-interface_nat0_outbound extended permit ip 192.168.165.0 255.255.255.0 192.168.167.0 255.255.255.0 access-list internal-interface_nat0_outbound extended permit ip 192.168.167.0 255.255.255.0 10.20.0.0 255.255.0.0 access-list internal-interface_nat0_outbound extended permit ip 192.168.165.0 255.255.255.0 9.9.9.0 255.255.255.252 access-list internal-interface_nat0_outbound extended permit ip any 7.7.7.0 255.255.255.0 access-list internal-interface_nat0_outbound extended permit ip 192.168.165.0 255.255.255.0 host 1.1.1.1 access-list internal-interface_nat0_outbound extended permit ip host 192.168.165.20 host 1.1.1.1 access-list internal-interface_nat0_outbound extended permit ip host 192.168.165.21 host 1.1.1.1 access-list internal-interface_nat0_outbound extended permit ip host 192.168.165.44 host 1.1.1.1 access-list internal-interface_nat0_outbound extended permit ip 192.168.165.0 255.255.255.0 10.30.1.16 255.255.255.240 access-list internal-interface_nat0_outbound extended permit ip 192.168.165.0 255.255.255.0 192.168.10.0 255.255.255.0 access-list internal-interface_nat0_outbound extended permit ip 192.168.166.0 255.255.255.0 10.30.0.0 255.255.255.0 access-list internal-interface_nat0_outbound extended permit ip 10.30.0.0 255.255.255.0 192.168.166.0 255.255.255.0 access-list internal-interface_nat0_outbound extended permit ip 192.168.165.0 255.255.255.0 10.70.0.0 255.255.0.0 access-list internal-interface_nat0_outbound extended permit ip 192.168.166.0 255.255.255.0 10.70.0.0 255.255.0.0 access-list internal-interface_nat0_outbound extended permit ip 192.168.167.0 255.255.255.0 10.70.0.0 255.255.0.0 access-list outside-interface_access_in extended permit icmp host 80.33.27.1 any access-list outside-interface_access_in extended permit tcp host 80.XX.XX.XX host 80.33.27.92 eq https access-list outside-interface_access_in extended permit tcp host 195.XX.XX.XX host 80.33.27.92 eq https access-list outside-interface_access_in extended permit tcp host 194.XX.XX.XX. host 80.33.27.92 eq https access-list outside-interface_access_in extended permit tcp host 80.XX.XX.XX. host 80.33.27.92 eq https access-list outside-interface_access_in extended permit ip host 195.XX.XX.XX. host 80.33.27.92 access-list outside-interface_access_in extended permit icmp any any inactive access-list EASYNET_ACCESS_access_in extended permit icmp 172.28.0.0 255.255.0.0 interface EASYNET_ACCESS access-list EASYNET_ACCESS_access_in extended permit icmp 172.28.0.0 255.255.0.0 192.168.165.0 255.255.255.0 access-list EASYNET_ACCESS_access_in extended permit tcp 172.28.0.0 255.255.0.0 192.168.165.0 255.255.255.0 object-group CORONIS_GROUP access-list PERMIT_LOCAL_LAN standard permit 192.168.165.0 255.255.255.0 access-list outside-interface_60_cryptomap extended permit ip 192.168.165.0 255.255.255.0 10.70.0.0 255.255.0.0 access-list outside-interface_60_cryptomap extended permit ip 192.168.166.0 255.255.255.0 10.70.0.0 255.255.0.0 access-list outside-interface_60_cryptomap extended permit ip 192.168.167.0 255.255.255.0 10.70.0.0 255.255.0.0 access-list outside-interface_60_cryptomap extended permit ip 192.168.166.0 255.255.255.0 10.20.0.0 255.255.0.0 access-list outside-interface_60_cryptomap extended permit ip 192.168.165.0 255.255.255.0 10.20.0.0 255.255.0.0 access-list outside-interface_60_cryptomap extended permit ip 192.168.167.0 255.255.255.0 10.20.0.0 255.255.0.0 pager lines 24 logging enable logging trap informational logging asdm informational mtu internal-interface 1500 mtu EASYNET_ACCESS 1500 mtu outside-interface 1500 mtu disaster-interface 1500 ip local pool ippool 9.9.9.1-9.9.9.2 mask 255.255.255.0 ip local pool rmpool 1.1.1.1 mask 255.255.255.255 failover failover lan unit primary failover lan interface failover Management0/0 failover interface ip failover 1.1.1.1 255.255.255.252 standby 1.1.1.2 no monitor-interface EASYNET_ACCESS no monitor-interface disaster-interface icmp unreachable rate-limit 1 burst-size 1 icmp permit any internal-interface icmp permit any disaster-interface asdm image disk0:/asdm-522.bin no asdm history enable arp timeout 14400 global (EASYNET_ACCESS) 1 interface global (outside-interface) 1 interface nat (internal-interface) 0 access-list internal-interface_nat0_outbound nat (internal-interface) 1 192.168.165.0 255.255.255.0 static (internal-interface,outside-interface) tcp interface https 192.168.165.43 https netmask 255.255.255.255 static (internal-interface,disaster-interface) 7.7.7.0 7.7.7.0 netmask 255.255.255.0 static (internal-interface,EASYNET_ACCESS) 192.168.165.0 192.168.165.0 netmask 255.255.255.0 access-group internal-interface_access_in in interface internal-interface access-group EASYNET_ACCESS_access_in in interface EASYNET_ACCESS access-group outside-interface_access_in in interface outside-interface access-group disaster-interface_access_in in interface disaster-interface route internal-interface 10.30.0.0 255.255.255.0 192.168.165.201 1 route internal-interface 192.168.167.0 255.255.255.0 192.168.165.61 1 route EASYNET_ACCESS 172.28.0.0 255.255.0.0 10.10.1.3 1 route EASYNET_ACCESS 172.28.0.0 255.255.0.0 10.10.1.4 100 route outside-interface 0.0.0.0 0.0.0.0 80.33.27.2 1 route disaster-interface 192.168.166.0 255.255.255.0 10.30.1.3 1 route disaster-interface 10.30.1.16 255.255.255.240 10.30.1.3 1 route disaster-interface 192.168.10.0 255.255.255.0 10.30.1.3 1 timeout xlate 3:00:00 timeout conn 3:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout uauth 0:05:00 absolute aaa-server RADIUSVPN protocol radius aaa-server RADIUSVPN (internal-interface) host 192.168.165.32 key 1ntral0t authentication-port 1812 accounting-port 1813 group-policy DfltGrpPolicy attributes banner none wins-server none dns-server none dhcp-network-scope none vpn-access-hours none vpn-simultaneous-logins 300 vpn-idle-timeout none vpn-session-timeout none vpn-filter none vpn-tunnel-protocol IPSec webvpn password-storage disable ip-comp disable re-xauth disable group-lock none pfs disable ipsec-udp disable ipsec-udp-port 10000 split-tunnel-policy excludespecified split-tunnel-network-list value LOCAL_LAN_ACCESS default-domain none split-dns none intercept-dhcp 255.255.255.255 disable secure-unit-authentication disable user-authentication disable user-authentication-idle-timeout 30 ip-phone-bypass disable leap-bypass disable nem disable backup-servers keep-client-config msie-proxy server none msie-proxy method no-modify msie-proxy except-list none msie-proxy local-bypass disable nac disable nac-sq-period 300 nac-reval-period 36000 nac-default-acl none address-pools none client-firewall none client-access-rule none webvpn functions url-entry html-content-filter none homepage none keep-alive-ignore 4 http-comp gzip filter none url-list none customization value DfltCustomization port-forward none port-forward-name value Application Access sso-server none deny-message value Login was successful, but because certain criteria have not been met or due to some specific group policy, you do not have permission to use any of the VPN features. Contact your IT administrator for more information svc none svc keep-installer installed svc keepalive none svc rekey time none svc rekey method none svc dpd-interval client none svc dpd-interval gateway none svc compression deflate group-policy sagroup internal group-policy sagroup attributes split-tunnel-policy tunnelspecified split-tunnel-network-list value PERMIT_LOCAL_LAN group-policy RMCLIENT internal group-policy RMCLIENT attributes vpn-tunnel-protocol IPSec username 10100201 password KO2in7Z3c1MmAo.I encrypted username intralot password V1.RGxfpnfbuXs.Q encrypted privilege 15 username intralot attributes vpn-group-policy sagroup username dstam password qpevCDMwGZ82idBb encrypted username dstam attributes vpn-framed-ip-address 1.1.1.1 255.255.255.0 username client1 password 3EwHoG9Y5EZ4X1si encrypted privilege 0 username client1 attributes vpn-group-policy RMCLIENT aaa authorization command LOCAL http server enable 11443 http 89.210.194.41 255.255.255.255 outside-interface http 62.38.240.142 255.255.255.255 outside-interface http 194.30.236.225 255.255.255.255 outside-interface http 192.168.165.0 255.255.255.0 internal-interface http 195.97.26.99 255.255.255.255 outside-interface snmp-server host internal-interface 192.168.165.65 community public no snmp-server location no snmp-server contact snmp-server community public snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto dynamic-map outside-interface_dyn_map 20 set transform-set ESP-3DES-SHA crypto dynamic-map outside-interface_dyn_map 40 set pfs crypto dynamic-map outside-interface_dyn_map 40 set transform-set ESP-3DES-SHA crypto dynamic-map EASYNET_ACCESS_dyn_map 20 set pfs crypto dynamic-map EASYNET_ACCESS_dyn_map 20 set transform-set ESP-3DES-SHA crypto map outside-interface_map 40 set peer 194.30.236.210 crypto map outside-interface_map 40 set transform-set ESP-3DES-SHA crypto map outside-interface_map 60 match address outside-interface_60_cryptomap crypto map outside-interface_map 60 set pfs crypto map outside-interface_map 60 set peer 195.97.35.190 crypto map outside-interface_map 60 set transform-set ESP-AES-256-SHA crypto map outside-interface_map 65535 ipsec-isakmp dynamic outside-interface_dyn_map crypto map outside-interface_map interface outside-interface crypto map EASYNET_ACCESS_map 65535 ipsec-isakmp dynamic EASYNET_ACCESS_dyn_map crypto map EASYNET_ACCESS_map interface EASYNET_ACCESS crypto ca trustpoint trpoint enrollment url http://192.168.165.32:80/certsrv/mscep/mscep.dll fqdn ASA-PR1.lotosnet.local subject-name CN=CASPAIN,OU=intralot,C=SP crl configure crypto ca certificate chain trpoint certificate 5bcb8c85000000000011 3082058a 30820472 a0030201 02020a5b cb8c8500 00000000 11300d06 092a8648 86f70d01 01050500 30433115 3013060a 09922689 93f22c64 01191605 6c6f6361 6c311830 16060a09 92268993 f22c6401 1916086c 6f746f73 6e657431 10300e06 03550403 13074341 53504149 4e301e17 0d303730 36303430 39343530 355a170d quit certificate ca 2f5e8b819e552993459d85eb089d3ac4 30820462 3082034a a0030201 0202102f 5e8b819e 55299345 9d85eb08 9d3ac430 0d06092a 864886f7 0d010105 05003043 31153013 060a0992 268993f2 2c640119 16056c6f 63616c31 18301606 0a099226 8993f22c 64011916 086c6f74 6f736e65 quit crypto isakmp enable PROVIDER crypto isakmp enable outside-interface crypto isakmp policy 10 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 crypto isakmp policy 20 authentication rsa-sig encryption 3des hash sha group 5 lifetime 86400 crypto isakmp policy 40 authentication pre-share encryption aes-256 hash sha group 5 lifetime 86400 crypto isakmp nat-traversal 20 crypto isakmp disconnect-notify tunnel-group DefaultRAGroup general-attributes authentication-server-group RADIUSVPN LOCAL tunnel-group DefaultRAGroup ipsec-attributes pre-shared-key * peer-id-validate cert trust-point trpoint tunnel-group sagroup type ipsec-ra tunnel-group sagroup general-attributes address-pool ippool authentication-server-group RADIUSVPN LOCAL authorization-server-group LOCAL default-group-policy sagroup tunnel-group sagroup ipsec-attributes pre-shared-key * peer-id-validate cert trust-point trpoint tunnel-group RMCLIENT type ipsec-ra tunnel-group RMCLIENT general-attributes address-pool rmpool default-group-policy RMCLIENT tunnel-group RMCLIENT ipsec-attributes pre-shared-key * tunnel-group 195.97.35.190 type ipsec-l2l tunnel-group 195.97.35.190 ipsec-attributes pre-shared-key * telnet 192.168.165.0 255.255.255.0 internal-interface telnet timeout 5 ssh 192.168.165.0 255.255.255.0 internal-interface ssh timeout 5 console timeout 0 ! ! prompt hostname context Cryptochecksum:6fc4232740549a0227792dba6ce111cf : end