ASA Version 8.0(3) ! hostname CISCOASA domain-name btw.local names name 192.168.0.102 intranet description Intranet BTW name 192.168.11.105 PineApp description AntiSpam name 192.168.0.206 Live_Backup ! interface Vlan1 nameif inside security-level 100 ip address 192.168.0.12 255.255.255.0 ! interface Vlan2 description Interface Internet nameif outside security-level 0 pppoe client vpdn group orange ip address pppoe setroute ! interface Ethernet0/0 switchport access vlan 2 ! interface Ethernet0/1 ! interface Ethernet0/2 ! interface Ethernet0/3 ! interface Ethernet0/4 ! interface Ethernet0/5 ! interface Ethernet0/6 ! interface Ethernet0/7 ! boot system disk0:/asa803-k8.bin boot system disk0:/asa802-k8.bin ftp mode passive clock timezone CEST 1 clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00 dns domain-lookup inside dns server-group DefaultDNS name-server 192.168.0.201 name-server 192.168.0.202 domain-name btw.local same-security-traffic permit inter-interface same-security-traffic permit intra-interface object-group network Net_Interne network-object 192.168.0.0 255.255.255.0 network-object 192.168.11.0 255.255.255.0 network-object 192.168.254.0 255.255.255.0 object-group service DM_INLINE_TCP_1 tcp port-object eq www port-object eq https access-list inside_access_in remark Autorisation Interne access-list inside_access_in extended permit ip object-group Net_Interne any log notifications access-list inside_access_in extended deny ip any any log notifications access-list outside_access_in extended permit tcp any interface outside object-group DM_INLINE_TCP_1 log notifications access-list outside_access_in extended deny ip any any log warnings access-list inside_nat0_outbound extended permit ip object-group Net_Interne 192.168.254.0 255.255.255.0 access-list BTW standard permit 192.168.0.0 255.255.255.0 access-list BTW standard permit 192.168.11.0 255.255.255.0 pager lines 24 logging enable logging timestamp logging list VPNSSL level notifications class auth logging asdm-buffer-size 512 logging trap informational logging asdm notifications logging mail VPNSSL logging from-address ASA@bytheway.fr logging recipient-address mhennebicq@bytheway.fr level notifications logging device-id hostname logging debug-trace logging flash-bufferwrap logging flash-maximum-allocation 10240 logging permit-hostdown mtu inside 1500 mtu outside 1500 ip local pool Pool_BTW 192.168.254.10-192.168.254.254 mask 255.255.255.0 icmp unreachable rate-limit 1 burst-size 1 icmp permit any inside icmp deny any outside asdm image disk0:/asdm-611.bin asdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 0 access-list inside_nat0_outbound nat (inside) 1 192.168.0.0 255.255.255.0 dns static (inside,outside) tcp interface www Live_Backup www netmask 255.255.255.255 dns access-group inside_access_in in interface inside access-group outside_access_in in interface outside route inside 192.168.11.0 255.255.255.0 192.168.0.10 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout uauth 0:05:00 absolute dynamic-access-policy-record DfltAccessPolicy aaa-server AUTH-RADIUS protocol radius aaa-server AUTH-RADIUS host 192.168.0.201 aaa authentication http console LOCAL aaa authentication ssh console LOCAL aaa authentication telnet console LOCAL http server enable http 192.168.254.0 255.255.255.0 inside http 192.168.0.0 255.255.255.0 inside http 192.168.0.0 255.255.255.255 inside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart no crypto isakmp nat-traversal no vpn-addr-assign aaa no vpn-addr-assign dhcp telnet 192.168.0.0 255.255.255.0 inside telnet timeout 5 ssh scopy enable ssh 192.168.0.0 255.255.255.0 inside ssh timeout 5 console timeout 0 management-access inside vpdn group orange request dialout pppoe vpdn group orange localname fti/6acaaug vpdn group orange ppp authentication pap vpdn username fti/6acaaug password ********* store-local no threat-detection basic-threat threat-detection statistics ntp server 192.168.0.201 source inside ssl trust-point ASDM_TrustPoint3 outside webvpn enable outside character-encoding unicode csd image disk0:/securedesktop-asa-3.2.1.126-k9.pkg svc image disk0:/anyconnect-win-2.1.0148-k9.pkg 1 svc image disk0:/anyconnect-win-2.0.0343-k9.pkg 2 svc enable port-forward Serveurs 1028 prod2 3389 TSE sur PROD2 port-forward Serveurs 1027 prod1 3389 TSE sur PROD1 port-forward Serveurs 1026 srvtech 3389 TSE sur SRVTECH port-forward Serveurs 1029 prodsql 3389 TSE sur PRODSQL port-forward Serveurs 1032 mortimer 3389 TSE sur MORTIMER port-forward Serveurs 1030 prodobmg 3389 TSE sur PRODOBMG port-forward Serveurs 1031 blake 3389 TSE sur BLAKE port-forward Serveurs 1033 agora 3389 TSE sur AGORA port-forward Serveurs www smtp.bytheway.fr 7080 PineApp smart-tunnel list "ST_BTW" "Firewall_Netasq" "firewall.exe" smart-tunnel list "ST_BTW" "Firewall_Moniteur" "Monitor.exe" smart-tunnel list "ST_BTW" "Connexion_RDP" "mstsc.exe" smart-tunnel list "ST_BTW" "Firewall_Reporter" "reporter.exe" smart-tunnel list "ST_BTW" "Firewall_Manager_V7" "Manager.exe" smart-tunnel list "ST_BTW" "ssh" "ssh.exe" smart-tunnel list "ST_BTW" "telnet" "putty.exe" smart-tunnel list "ST_BTW" "Console_VMWare" "vmware.exe" group-policy Technical internal group-policy Technical attributes dns-server value 192.168.0.201 192.168.0.202 vpn-simultaneous-logins 3 vpn-tunnel-protocol svc webvpn split-tunnel-policy tunnelspecified split-tunnel-network-list value BTW default-domain value btw.local address-pools value Pool_BTW webvpn url-list value technical port-forward enable Serveurs http-proxy enable svc dtls enable svc keep-installer installed svc compression deflate customization value DfltCustomization http-comp gzip smart-tunnel enable ST_BTW activex-relay enable file-entry enable file-browsing enable auto-signon allow ip 192.168.0.0 255.255.255.0 auth-type all auto-signon allow ip 192.168.11.0 255.255.255.0 auth-type all group-policy DfltGrpPolicy attributes dns-server value 192.168.0.201 192.168.0.202 vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn split-dns value btw.local group-policy Administratif internal group-policy Administratif attributes vpn-tunnel-protocol svc webvpn webvpn url-list value administratif username administrator password pEuo4YAUTxHjU9wm encrypted privilege 15 tunnel-group DefaultWEBVPNGroup general-attributes address-pool Pool_BTW authentication-server-group AUTH-RADIUS authorization-server-group AUTH-RADIUS accounting-server-group AUTH-RADIUS password-management password-expire-in-days 7 ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect netbios inspect rsh inspect rtsp inspect skinny inspect esmtp inspect sqlnet inspect sunrpc inspect tftp inspect sip inspect xdmcp inspect ctiqbe inspect dcerpc inspect ils inspect ipsec-pass-thru inspect mgcp inspect pptp inspect snmp inspect http inspect icmp inspect icmp error ! service-policy global_policy global smtp-server 192.168.0.110 prompt hostname context : end asdm image disk0:/asdm-611.bin asdm location Live_Backup 255.255.255.255 inside asdm history enable