: Saved : Written by maintenance at 18:21:44.075 CEDT Wed Oct 10 2007 ! ASA Version 7.2(2) ! hostname ciscoasa domain-name default.domain.invalid enable password =========== encrypted names name 192.168.2.2 Server-Outside description IP server sur l'interface Outside name 192.168.0.40 Server description Server SBS 2000 ! interface Vlan1 nameif inside security-level 100 ip address 192.168.0.2 255.255.255.0 ospf cost 10 ! interface Vlan2 nameif outside security-level 0 ip address Server-Outside 255.255.255.0 ospf cost 10 ! interface Vlan12 no forward interface Vlan1 nameif DMZ1 security-level 50 ip address 192.168.112.1 255.255.255.0 ospf cost 10 ! interface Ethernet0/0 switchport access vlan 2 ! interface Ethernet0/1 switchport access vlan 2 ! interface Ethernet0/2 switchport access vlan 12 ! interface Ethernet0/3 switchport access vlan 12 ! interface Ethernet0/4 ! interface Ethernet0/5 ! interface Ethernet0/6 ! interface Ethernet0/7 ! passwd ------------ encrypted ftp mode passive clock timezone CEST 1 clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00 dns server-group DefaultDNS domain-name default.domain.invalid object-group network VpnClient network-object 192.168.3.0 255.255.255.240 object-group service Mail tcp description Services Mail et Pop3 port-object eq pop3 port-object eq smtp object-group service Remote_Desktop tcp description Tcp/3389 port-object eq 3389 access-list outside_access_in extended permit tcp any host Server-Outside eq smtp log access-list outside_access_in extended permit tcp any host Server-Outside eq https log access-list outside_access_in extended permit tcp any host Server-Outside eq www log access-list outside_access_in extended permit ah any host Server-Outside log access-list outside_access_in extended permit esp any host Server-Outside log access-list outside_access_in extended permit tcp any host Server-Outside object-group Remote_Desktop log access-list outside_access_in extended permit udp 192.168.0.0 255.255.255.0 any eq domain log access-list outside_access_in extended permit ip 192.168.3.0 255.255.255.240 any log access-list outside_access_in extended deny ip any any log access-list inside_nat0_outbound extended permit ip any 192.168.3.0 255.255.255.240 access-list inside_nat0_outbound extended permit ip any 192.168.4.0 255.255.255.240 access-list inside_nat0_outbound extended permit ip any 192.168.5.0 255.255.255.240 access-list inside_nat0_outbound extended permit ip object-group VpnClient 192.168.4.0 255.255.255.240 access-list inside_access_in extended permit ip 192.168.0.0 255.255.255.0 any log access-list inside_access_in extended permit ip 192.168.3.0 255.255.255.240 any log access-list DMZ1_access_in extended permit ip object-group VpnClient any log inactive pager lines 24 logging enable logging console debugging logging asdm informational mtu inside 1500 mtu outside 1500 mtu DMZ1 1500 ip local pool RemoteVPN 192.168.3.1-192.168.3.14 mask 255.255.255.240 ip local pool RemoteVPN1 192.168.4.1-192.168.4.14 mask 255.255.255.240 ip local pool remotevpn2 192.168.5.1-192.168.5.14 mask 255.255.255.240 ip verify reverse-path interface DMZ1 icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-522.bin no asdm history enable arp timeout 14400 global (outside) 1 interface global (outside) 2 192.168.2.1 netmask 255.255.255.255 nat (inside) 0 access-list inside_nat0_outbound nat (inside) 1 0.0.0.0 0.0.0.0 static (inside,outside) tcp interface www Server www netmask 255.255.255.255 static (inside,outside) tcp interface https Server https netmask 255.255.255.255 static (inside,outside) tcp interface smtp Server smtp netmask 255.255.255.255 static (inside,outside) tcp interface 3389 Server 3389 netmask 255.255.255.255 access-group inside_access_in in interface inside access-group outside_access_in in interface outside access-group DMZ1_access_in in interface DMZ1 route outside 0.0.0.0 0.0.0.0 192.168.2.1 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout uauth 0:05:00 absolute aaa-server DomanController protocol nt aaa-server DomanController host Server nt-auth-domain-controller test no eou allow clientless group-policy DefaultRAGroup internal group-policy DefaultRAGroup attributes dns-server value 192.168.0.40 vpn-access-hours none vpn-simultaneous-logins 3 vpn-session-timeout none vpn-tunnel-protocol IPSec l2tp-ipsec webvpn group-policy DefaultRAGroup_1 internal group-policy DefaultRAGroup_1 attributes dns-server value 192.168.0.40 vpn-tunnel-protocol l2tp-ipsec group-policy testvpncisco internal group-policy testvpncisco attributes wins-server value 192.168.0.40 dns-server value 192.168.0.40 vpn-tunnel-protocol l2tp-ipsec default-domain value test.be group-policy DfltGrpPolicy attributes banner none wins-server value 192.168.0.40 dns-server value 192.168.0.40 dhcp-network-scope none vpn-access-hours none vpn-simultaneous-logins 3 vpn-idle-timeout 30 vpn-session-timeout none vpn-filter none vpn-tunnel-protocol IPSec l2tp-ipsec webvpn password-storage disable ip-comp disable re-xauth disable group-lock none pfs disable ipsec-udp enable ipsec-udp-port 10000 split-tunnel-policy tunnelall split-tunnel-network-list none default-domain none split-dns none intercept-dhcp 255.255.255.255 disable secure-unit-authentication disable user-authentication disable user-authentication-idle-timeout 30 ip-phone-bypass disable leap-bypass disable nem disable backup-servers keep-client-config msie-proxy server none msie-proxy method no-modify msie-proxy except-list none msie-proxy local-bypass disable nac disable nac-sq-period 300 nac-reval-period 36000 nac-default-acl none address-pools value RemoteVPN client-firewall none client-access-rule none webvpn functions url-entry file-access file-entry file-browsing mapi html-content-filter none homepage none keep-alive-ignore 4 http-comp gzip filter none url-list none customization value Janssens port-forward none port-forward-name value Application Access sso-server none deny-message value Login was successful, but because certain criteria have not been met or due to some specific group policy, you do not have permission to use any of the VPN features. Contact your IT administrator for more information svc none svc keep-installer installed svc keepalive none svc rekey time none svc rekey method none svc dpd-interval client none svc dpd-interval gateway none svc compression deflate group-policy JanssensSSL internal group-policy JanssensSSL attributes vpn-tunnel-protocol l2tp-ipsec webvpn webvpn functions url-entry file-access file-entry file-browsing url-list value ServerInkeuro customization value Janssens port-forward none username ddugailliez password ---------------- nt-encrypted privilege 15 username ddugailliez attributes vpn-group-policy DefaultRAGroup_1 vpn-tunnel-protocol IPSec l2tp-ipsec webvpn username maintenance password ----------------- nt-encrypted privilege 15 username maintenance attributes vpn-group-policy DefaultRAGroup_1 vpn-tunnel-protocol IPSec l2tp-ipsec webvpn webvpn url-list value ServerInkeuro customization value Janssens http server enable http 192.168.3.0 255.255.255.240 inside http 192.168.1.0 255.255.255.0 inside http 192.168.0.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-md5-hmac crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport crypto ipsec transform-set test2 esp-aes esp-sha-hmac crypto ipsec transform-set test2 mode transport crypto ipsec transform-set TRANS_ESP_DES_MD5 esp-des esp-md5-hmac crypto ipsec transform-set TRANS_ESP_DES_MD5 mode transport crypto ipsec transform-set test esp-3des esp-sha-hmac crypto ipsec transform-set test mode transport crypto dynamic-map outside_dyn_map 20 set pfs crypto dynamic-map outside_dyn_map 20 set transform-set test crypto dynamic-map outside_dyn_map 40 set pfs crypto dynamic-map outside_dyn_map 40 set transform-set ESP-3DES-SHA crypto dynamic-map outside_dyn_map 60 set pfs crypto dynamic-map outside_dyn_map 60 set transform-set test crypto dynamic-map outside_dyn_map 80 set pfs crypto dynamic-map outside_dyn_map 80 set transform-set test crypto dynamic-map outside_dyn_map 100 set pfs crypto dynamic-map outside_dyn_map 100 set transform-set TRANS_ESP_DES_MD5 crypto dynamic-map outside_dyn_map 120 set pfs crypto dynamic-map outside_dyn_map 120 set transform-set test crypto dynamic-map outside_dyn_map 140 set pfs crypto dynamic-map outside_dyn_map 140 set transform-set test crypto dynamic-map outside_dyn_map 160 set pfs crypto dynamic-map outside_dyn_map 160 set transform-set test crypto dynamic-map outside_dyn_map 180 set pfs crypto dynamic-map outside_dyn_map 180 set transform-set test crypto dynamic-map outside_dyn_map 200 set pfs crypto dynamic-map outside_dyn_map 200 set transform-set test crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map crypto map outside_map interface outside crypto isakmp identity address crypto isakmp enable inside crypto isakmp enable outside crypto isakmp policy 20 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 crypto isakmp policy 30 authentication pre-share encryption aes hash sha group 2 lifetime 86400 crypto isakmp policy 50 authentication pre-share encryption des hash md5 group 2 lifetime 86400 crypto isakmp nat-traversal 20 crypto isakmp ipsec-over-tcp port 10000 crypto isakmp reload-wait tunnel-group DefaultL2LGroup ipsec-attributes pre-shared-key ------- tunnel-group DefaultRAGroup general-attributes address-pool (outside) RemoteVPN address-pool RemoteVPN address-pool RemoteVPN1 default-group-policy DefaultRAGroup_1 tunnel-group DefaultRAGroup ipsec-attributes pre-shared-key ------- peer-id-validate nocheck isakmp keepalive disable tunnel-group DefaultRAGroup ppp-attributes no authentication chap no authentication ms-chap-v1 authentication ms-chap-v2 tunnel-group DefaultWEBVPNGroup general-attributes address-pool (outside) RemoteVPN1 address-pool RemoteVPN tunnel-group DefaultWEBVPNGroup webvpn-attributes customization Janssens nbns-server Server timeout 2 retry 2 telnet Server 255.255.255.255 inside telnet timeout 5 ssh 192.168.3.0 255.255.255.240 inside ssh timeout 5 console timeout 0 management-access inside dhcpd auto_config outside ! dhcpd dns Server interface inside dhcpd wins 192.168.0.2 interface inside ! vpnclient server Server-Outside vpnclient mode client-mode vpnclient vpngroup cisco password minos vpnclient username ddugailliez password Koksijde1 ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp ! service-policy global_policy global webvpn port 4443 enable outside customization Janssens url-list ServerInkeuro "inkeuro" http://192.168.0.40 1 url-list ServerInkeuro "inkeuro ssl" https://192.168.0.40 2 url-list Cisco "Cisco Site" http://www.cisco.com 1 prompt hostname context Cryptochecksum:beebb4c20123fe3fbdbba58a44d70ecc : end