: Saved
:
ASA Version 8.0(3) 
!
hostname ciscoasa
domain-name default.domain.invalid
enable password ovq.o.UMBwqu7LkF encrypted
multicast-routing
names
dns-guard
!
interface Ethernet0/0
 speed 100
 duplex full
 nameif outside
 security-level 0
 ip address 8.10.15.130 255.255.255.224 
!
interface Ethernet0/1
 description ABCD internal connection from firewall to switch
 speed 100
 duplex full
 nameif inside
 security-level 100
 ip address 192.168.10.1 255.255.255.0 
!
interface Ethernet0/2
 speed 100
 duplex full
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet0/3
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Management0/0
 speed 100
 duplex full
 shutdown
 nameif management
 security-level 100
 no ip address
 management-only
!
passwd kPHFpsqZBHvmvZAt encrypted
boot system disk0:/asa803-k8.bin
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns domain-lookup outside
dns domain-lookup inside
dns domain-lookup management
dns server-group DefaultDNS
 name-server 66.28.0.45
 name-server 66.28.0.61
 domain-name default.domain.invalid
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group service ExchangeOWA tcp
 description Exchange Web and Mobile Access
 port-object eq smtp
 port-object eq https
 port-object eq www
object-group network admin-ip
 network-object host 192.168.1.199
 network-object 172.30.1.0 255.255.255.0
 network-object host 192.168.1.195
 network-object host 74.15.177.198
 network-object host 192.168.1.188
 network-object host 192.168.1.180
object-group network approved-ip
 network-object host 66.201.210.204
 network-object host 161.216.253.69
 network-object host 161.216.253.70
 network-object host 140.242.64.22
 network-object host 8.10.15.141
 network-object 172.30.1.0 255.255.255.0
object-group network tms-ip
 network-object host 65.94.174.212
 network-object host 76.65.204.236
 network-object host 76.65.204.57
 network-object host 8.10.15.135
 network-object host 74.15.177.198
 network-object host 8.10.15.141
 network-object host 66.201.210.203
 network-object host 66.201.210.204
 network-object 198.151.161.0 255.255.255.0
object-group service DM_INLINE_SERVICE_1
 service-object tcp eq www 
 service-object tcp eq https 
 service-object tcp eq ssh 
 service-object udp eq 962 
 service-object udp eq snmp 
object-group service VNC tcp
 description VNC
 port-object eq 5900
object-group network DM_INLINE_NETWORK_2
 network-object 172.30.1.0 255.255.255.0
 network-object 192.168.0.0 255.255.0.0
object-group network DM_INLINE_NETWORK_1
 network-object 10.86.0.0 255.255.255.0
 network-object 192.168.13.0 255.255.255.0
access-list outside_1_cryptomap extended permit ip 172.30.1.0 255.255.255.0 192.168.13.0 255.255.255.0 
access-list dzm extended permit ip any any 
access-list dzm extended permit icmp any any 
access-list ouside extended permit ip any any 
access-list cont_in extended permit ip host 8.10.15.135 any 
access-list outside extended permit tcp any host 8.10.15.130 
access-list outside extended permit tcp any host 8.10.15.141 eq www 
access-list outside extended permit tcp any host 8.10.15.133 object-group ExchangeOWA 
access-list outside extended permit tcp any host 8.10.15.137 eq pptp 
access-list outside extended permit gre any host 8.10.15.137 
access-list outside extended permit object-group DM_INLINE_SERVICE_1 object-group tms-ip host 8.10.15.134 
access-list outside extended permit tcp host 192.168.1.12 eq citrix-ica any eq citrix-ica 
access-list outside extended permit icmp any any echo-reply 
access-list cscTraffic extended deny ip host 192.168.10.254 any 
access-list cscTraffic extended deny ip object-group admin-ip any 
access-list cscTraffic extended deny ip any object-group tms-ip 
access-list cscTraffic extended permit tcp any any eq www 
access-list cscTraffic extended permit tcp any any eq smtp 
access-list cscTraffic extended permit tcp any any eq ftp 
access-list Split_tunnel_ACL standard permit 192.168.0.0 255.255.0.0 
access-list Split_tunnel_ACL standard permit 172.30.1.0 255.255.255.0 
access-list inside extended permit tcp host 192.168.1.16 any eq smtp 
access-list inside extended deny tcp any any eq smtp 
access-list inside extended deny tcp any any eq pop3 
access-list inside extended permit tcp any host 66.201.210.227 eq pptp 
access-list inside extended permit tcp any host 205.205.17.66 eq pptp 
access-list inside extended permit tcp any host 69.70.77.242 eq pptp 
access-list inside extended permit tcp any host 74.13.252.10 eq pptp 
access-list inside extended deny tcp any any eq pptp 
access-list inside extended permit ip any any 
access-list inside_nat0_outbound extended permit ip object-group DM_INLINE_NETWORK_2 192.168.100.0 255.255.255.192 
access-list inside_nat0_outbound extended permit ip 172.30.1.0 255.255.255.0 object-group DM_INLINE_NETWORK_1 
pager lines 24
logging enable
logging timestamp
logging buffered informational
logging asdm informational
logging facility 19
logging host inside 192.168.1.15
mtu outside 1500
mtu inside 1500
mtu management 1500
ip local pool ABCD-pool 192.168.100.1-192.168.100.50 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
icmp permit any outside
icmp permit any inside
asdm image disk0:/asdm-611.bin
no asdm history enable
arp timeout 14400
nat-control
global (outside) 10 interface
global (inside) 200 192.168.0.0 netmask 255.255.0.0
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 10 0.0.0.0 0.0.0.0
static (inside,outside) tcp 8.10.15.133 smtp 192.168.1.16 smtp netmask 255.255.255.255 
static (inside,outside) tcp 8.10.15.133 www 192.168.1.16 www netmask 255.255.255.255 
static (inside,outside) tcp 8.10.15.133 https 192.168.1.16 https netmask 255.255.255.255 
static (inside,outside) tcp interface 8443 192.168.10.254 8443 netmask 255.255.255.255 
static (inside,outside) tcp interface citrix-ica 192.168.1.12 citrix-ica netmask 255.255.255.255 
static (inside,outside) tcp 8.10.15.141 www 172.30.1.70 www netmask 255.255.255.255 
static (inside,outside) 8.10.15.134 172.30.1.50 netmask 255.255.255.255 
static (inside,outside) 8.10.15.137 192.168.1.11 netmask 255.255.255.255 
access-group outside in interface outside
access-group inside in interface inside
route outside 0.0.0.0 0.0.0.0 8.10.15.129 1
route inside 172.20.20.0 255.255.255.0 192.168.10.2 1
route inside 172.30.1.0 255.255.255.0 192.168.10.2 1
route inside 192.168.1.0 255.255.255.0 192.168.10.2 1
route inside 192.168.2.0 255.255.255.0 192.168.10.2 1
route inside 192.168.3.0 255.255.255.0 192.168.10.2 1
route inside 192.168.6.0 255.255.255.0 192.168.10.2 1
route inside 192.168.100.0 255.255.255.0 192.168.10.2 255
route inside 192.168.101.0 255.255.255.0 192.168.10.2 1
route inside 192.168.102.0 255.255.255.0 192.168.10.2 1
route inside 192.168.103.0 255.255.255.0 192.168.10.2 1
route inside 192.168.106.0 255.255.255.0 192.168.10.2 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
aaa-server radius protocol radius
 accounting-mode simultaneous
aaa-server radius host 192.168.1.10
 key ABCDradius
aaa-server radius host 192.168.1.11
 key ABCDradius
http server enable
http 0.0.0.0 0.0.0.0 outside
http 192.168.0.0 255.255.0.0 inside
http redirect outside 80
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac 
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac 
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac 
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac 
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac 
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac 
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac 
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac 
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac 
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac 
crypto dynamic-map outside_dyn_map 20 set pfs 
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set peer 98.10.18.120 
crypto map outside_map 1 set transform-set ESP-3DES-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto ca trustpoint ASDM_TrustPoint0
 enrollment self
 fqdn ciscoasa
 subject-name CN=ciscoasa
 no client-types
 proxy-ldc-issuer
 crl configure
crypto ca trustpoint ASDM_TrustPoint1
 enrollment self
 fqdn ciscoasa
 subject-name CN=ciscoasa
 no client-types
 crl configure
crypto ca trustpoint ASDM_TrustPoint2
 enrollment terminal
 fqdn ciscoasa
 subject-name CN=ciscoasa
 no client-types
 crl configure
crypto isakmp identity hostname 
crypto isakmp enable outside
crypto isakmp policy 10
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
crypto isakmp policy 30
 authentication crack
 encryption 3des
 hash sha
 group 2
 lifetime 86400
no crypto isakmp nat-traversal
vpn-sessiondb max-webvpn-session-limit 10
telnet 0.0.0.0 0.0.0.0 outside
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 15
ssh 0.0.0.0 0.0.0.0 outside
ssh 0.0.0.0 0.0.0.0 inside
ssh timeout 10
console timeout 0
management-access inside
priority-queue outside
priority-queue inside
threat-detection basic-threat
threat-detection statistics
ntp server 192.168.1.10 source inside
webvpn
 enable outside
 csd image disk0:/securedesktop_asa_3_2_0_136.pkg
 svc image disk0:/anyconnect-win-2.1.0148-k9.pkg 6
 svc image disk0:/anyconnect-macosx-i386-2.1.0148-k9.pkg 7
 svc image disk0:/anyconnect-macosx-powerpc-2.1.0148-k9.pkg 8
 svc image disk0:/anyconnect-linux-2.1.0148-k9.pkg 9
 svc image disk0:/sslclient-win-1.1.3.173.pkg 10
 svc enable
 cache
  disable
group-policy ABCDIPsec internal
group-policy ABCDIPsec attributes
 dns-server value 192.168.1.10 192.168.1.11
 vpn-tunnel-protocol IPSec l2tp-ipsec 
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value Split_tunnel_ACL
 default-domain value ABCDtelecom.com
group-policy DfltGrpPolicy attributes
 dns-server value 192.168.1.10 192.168.1.11
 vpn-idle-timeout 10
 vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value Split_tunnel_ACL
 default-domain value ABCDtelecom.com
 webvpn
  url-list value ABCDApps
  svc ask enable default webvpn
  hidden-shares visible
username ken1 password vftXtZ3k2zZw3LRe encrypted privilege 15
tunnel-group DefaultRAGroup general-attributes
 address-pool ABCD-pool
 authentication-server-group radius LOCAL
tunnel-group DefaultRAGroup webvpn-attributes
 group-alias DefaultRA enable
tunnel-group DefaultWEBVPNGroup general-attributes
 address-pool ABCD-pool
 authentication-server-group radius LOCAL
tunnel-group DefaultWEBVPNGroup webvpn-attributes
 group-alias DefaultWeb enable
tunnel-group ABCDIPsec type remote-access
tunnel-group ABCDIPsec general-attributes
 address-pool ABCD-pool
 authentication-server-group radius LOCAL
 default-group-policy ABCDIPsec
tunnel-group ABCDIPsec webvpn-attributes
 group-alias ABCDIPSec enable
 group-alias IPSec disable
tunnel-group ABCDIPsec ipsec-attributes
 pre-shared-key *
tunnel-group ABCDSSL type remote-access
tunnel-group ABCDSSL general-attributes
 address-pool ABCD-pool
 authentication-server-group radius LOCAL
tunnel-group ABCDSSL webvpn-attributes
 group-alias ABCDSSL enable
 group-url https://8.10.15.130/ABCDSSL enable
tunnel-group 98.10.18.120 type ipsec-l2l
tunnel-group 98.10.18.120 ipsec-attributes
 pre-shared-key *
!
class-map global-class
 match default-inspection-traffic
class-map csc-class
 match access-list cscTraffic
!
!
policy-map global-policy
 class global-class
  inspect pptp 
  inspect ftp 
 class csc-class
  csc fail-open
!
service-policy global-policy global
prompt hostname context 
Cryptochecksum:c9c94bd6288afd39f8a8d026cd9b8d95
: end
asdm image disk0:/asdm-611.bin
asdm location 192.168.100.0 255.255.255.192 outside
asdm location 192.168.0.0 255.255.0.0 inside
asdm location 192.168.123.0 255.255.255.0 inside
asdm location 192.168.123.0 255.255.255.0 outside
asdm location 192.168.111.0 255.255.255.0 inside
asdm location 192.168.10.0 255.255.255.0 outside
asdm location 192.168.10.254 255.255.255.255 outside
asdm location 8.10.15.133 255.255.255.255 outside
asdm location 66.201.210.227 255.255.255.255 outside
asdm location 74.15.188.220 255.255.255.255 outside
asdm location 192.168.1.16 255.255.255.255 inside
asdm location 206.47.249.40 255.255.255.255 outside
asdm location 207.139.2.173 255.255.255.255 outside
asdm location 172.30.1.0 255.255.255.0 inside
asdm location 172.30.1.50 255.255.255.255 inside
no asdm history enable