The config on the pix: interface Ethernet0 nameif outside security-level 0 ip address 82.94.31.134 255.255.255.248 ! interface Ethernet1 nameif inside security-level 100 ip address 192.168.1.1 255.255.255.0 ! interface Ethernet2 shutdown no nameif no security-level no ip address ! enable password IPkHJFT/72US3tkW encrypted passwd 2KFQnbNIdI.2KYOU encrypted hostname sabrapix domain-name sabrapix.local ftp mode passive clock timezone CEST 1 clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00 access-list outside_access_in extended permit tcp 82.94.31.128 255.255.255.248 eq 3389 host 192.168.1.50 eq 3389 access-list vpnbinnenkant_splitTunnelAcl standard permit any access-list inside_cryptomap_dyn_20 extended permit ip any 192.168.1.128 255.255.255.128 access-list Internet_nat0_inbound extended permit ip any 192.168.0.0 255.255.255.0 access-list Internet_cryptomap_20 extended permit ip any 192.168.0.0 255.255.255.0 access-list 222 extended permit ip 192.168.1.0 255.255.255.0 10.39.5.0 255.255.255.0 access-list 222 extended permit ip 192.168.1.0 255.255.255.0 10.1.1.0 255.255.255.0 access-list 222 extended permit ip 192.168.1.0 255.255.255.0 192.168.0.0 255.255.255.0 access-list 222 extended permit ip any 192.168.1.128 255.255.255.128 access-list outside_cryptomap_1 extended permit ip 192.168.1.0 255.255.255.0 10.1.1.0 255.255.255.0 access-list outside_cryptomap_2 extended permit ip 192.168.1.0 255.255.255.0 192.168.0.0 255.255.255.0 access-list vpnclient_splitTunnelAcl standard permit any access-list outside_cryptomap_dyn_20 extended permit ip any 192.168.1.128 255.255.255.128 pager lines 24 logging trap emergencies logging asdm informational logging class auth trap emergencies mtu inside 1500 mtu outside 1500 ip local pool vpnclient 192.168.1.150-192.168.1.200 monitor-interface inside monitor-interface outside asdm image flash:/asdm-501.bin no asdm history enable arp timeout 14400 global (outside) 10 192.168.1.1-192.168.1.250 netmask 255.255.255.0 global (outside) 10 interface nat (inside) 0 access-list 222 nat (inside) 10 0.0.0.0 0.0.0.0 nat (outside) 0 access-list Internet_nat0_inbound outside static (outside,inside) tcp interface 3389 82.94.31.128 3389 netmask 255.255.255.255 access-group outside_access_in in interface outside route outside 0.0.0.0 0.0.0.0 82.94.31.129 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute group-policy vpnbinnenkant internal group-policy vpnbinnenkant attributes dns-server value 194.109.6.66 194.109.9.99 split-tunnel-policy tunnelspecified split-tunnel-network-list value vpnbinnenkant_splitTunnelAcl group-policy vpnclient internal group-policy vpnclient attributes split-tunnel-policy tunnelspecified split-tunnel-network-list value vpnclient_splitTunnelAcl username sabra password 9zpQIMMxEQ2QXgFd encrypted privilege 15 username vpnclient password .PWl1PwAsJNfjW8u encrypted privilege 0 username vpntest password wdFWFxCzwfGC9u3W encrypted privilege 0 username jeroen password BsYrksOLbSlKLKIL encrypted privilege 15 http server enable http 192.168.1.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server enable traps snmp crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac crypto ipsec transform-set Tunnel-ESPDES-MD5 esp-des esp-md5-hmac crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac crypto dynamic-map inside_dyn_map 20 match address inside_cryptomap_dyn_20 crypto dynamic-map inside_dyn_map 20 set transform-set ESP-DES-SHA crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_dyn_20 crypto dynamic-map outside_dyn_map 20 set transform-set ESP-DES-SHA crypto map inside_map 65535 ipsec-isakmp dynamic inside_dyn_map crypto map inside_map interface inside crypto map Internet_map 20 match address Internet_cryptomap_20 crypto map Internet_map 20 set peer 80.61.25.182 crypto map Internet_map 20 set transform-set ESP-DES-MD5 crypto map Forinternet 222 set peer 82.92.216.209 crypto map ForInternet 1 match address outside_cryptomap_1 crypto map ForInternet 1 set peer 212.129.136.247 crypto map ForInternet 1 set transform-set Tunnel-ESPDES-MD5 crypto map ForInternet 2 match address outside_cryptomap_2 crypto map ForInternet 2 set peer 80.61.25.182 crypto map ForInternet 2 set transform-set Tunnel-ESPDES-MD5 crypto map ForInternet 222 match address 222 crypto map ForInternet 222 set peer 82.92.216.209 crypto map ForInternet 222 set transform-set Tunnel-ESPDES-MD5 crypto map ForInternet 65535 ipsec-isakmp dynamic outside_dyn_map crypto map ForInternet interface outside isakmp enable inside isakmp enable outside isakmp policy 10 authentication pre-share isakmp policy 10 encryption des isakmp policy 10 hash md5 isakmp policy 10 group 2 isakmp policy 10 lifetime 86400 isakmp policy 22 authentication pre-share isakmp policy 22 encryption des isakmp policy 22 hash md5 isakmp policy 22 group 1 isakmp policy 22 lifetime 28800 isakmp policy 42 authentication pre-share isakmp policy 42 encryption des isakmp policy 42 hash sha isakmp policy 42 group 2 isakmp policy 42 lifetime 86400 isakmp nat-traversal 20 isakmp ipsec-over-tcp port 10000 telnet 192.168.1.0 255.255.255.0 inside telnet timeout 5 ssh timeout 5 console timeout 0 dhcpd address 192.168.1.50-192.168.1.254 inside dhcpd dns 194.109.6.66 194.109.9.99 dhcpd lease 3600 dhcpd ping_timeout 50 dhcpd enable inside tunnel-group vpnbinnenkant type ipsec-ra tunnel-group vpnbinnenkant general-attributes address-pool vpnclient default-group-policy vpnbinnenkant tunnel-group vpnbinnenkant ipsec-attributes pre-shared-key * tunnel-group BIG type ipsec-l2l tunnel-group BIG ipsec-attributes pre-shared-key * tunnel-group 82.92.216.209 type ipsec-l2l tunnel-group 82.92.216.209 ipsec-attributes pre-shared-key * tunnel-group 212.129.136.247 type ipsec-l2l tunnel-group 212.129.136.247 ipsec-attributes pre-shared-key * tunnel-group 80.61.25.182 type ipsec-l2l tunnel-group 80.61.25.182 ipsec-attributes pre-shared-key * tunnel-group vpnclient type ipsec-ra tunnel-group vpnclient general-attributes default-group-policy vpnclient dhcp-server 192.168.1.1 tunnel-group vpnclient ipsec-attributes pre-shared-key * peer-id-validate nocheck ! class-map inspection_default match default-inspection-traffic ! ! policy-map global_policy class inspection_default inspect dns maximum-length 512 inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp ! service-policy global_policy global Cryptochecksum:94f5bff0450935557a8e0595634d8ce6 : end