: Saved : Written by enable_15 at 08:40:04.132 CST Tue Feb 5 2008 ! ASA Version 7.2(3) ! hostname louasa001 domain-name mydomainweb.com names name 10.72.1.3 louexc001 name 69.208.10.244 marcas_at_BTS name 224.209.20.104 BTS_COLO name 60.15.120.192 BTS_Mail name 44.18.208.88 LOU_DC01-OUT name 44.18.208.85 LOUEXEC001-out dns-guard ! interface GigabitEthernet0/0 description Internet shutdown nameif outside security-level 0 no ip address ! interface GigabitEthernet0/1 description Core network nameif inside security-level 100 ip address 10.72.1.254 255.255.252.0 ! interface GigabitEthernet0/2 description Time Warner Internet speed 100 duplex full nameif Outside_2 security-level 0 ip address 44.18.208.93 255.255.255.224 ospf network point-to-point non-broadcast ! interface GigabitEthernet0/3 description FAE Network nameif FAE security-level 1 ip address 192.168.7.1 255.255.255.0 ! interface Management0/0 nameif management security-level 100 ip address 192.168.1.1 255.255.255.0 management-only ! boot system disk0:/asa723-k8.bin ftp mode passive clock timezone CST -6 clock summer-time CDT recurring dns domain-lookup inside dns domain-lookup Outside_2 dns server-group DefaultDNS name-server 206.136.95.2 name-server 64.132.94.250 name-server 10.72.1.1 domain-name mydomainweb.com same-security-traffic permit inter-interface same-security-traffic permit intra-interface object-group service webservices tcp port-object eq www port-object eq https object-group network BTS description BTS Email and Monitoring network-object BTS_COLO 255.255.255.248 network-object BTS_Mail 255.255.255.255 object-group network GrapeVine_Networks network-object 10.64.0.0 255.255.252.0 network-object 10.65.0.0 255.255.252.0 network-object 10.65.4.0 255.255.252.0 network-object 172.16.100.224 255.255.255.240 network-object 172.16.100.240 255.255.255.240 object-group network Louisville network-object 10.72.0.0 255.255.252.0 network-object 192.168.7.0 255.255.255.0 access-list inside_nat0_outbound extended permit ip object-group Louisville object-group GrapeVine_Networks access-list inside_nat0_outbound extended permit ip 10.72.0.0 255.255.252.0 10.12.0.0 255.255.252.0 access-list inside_access_in extended permit ip any any access-list inside_access_in extended permit icmp any any access-list inside_access_in extended permit udp any any access-list inside_access_in extended permit tcp any any access-list Outside_2_access_in extended permit ip host 63.149.133.251 any access-list Outside_2_access_in extended permit tcp any host LOU_DC01-OUT access-list Outside_2_access_in extended permit icmp any host LOU_DC01-OUT access-list Outside_2_access_in extended permit tcp any host LOUEXEC001-out object-group webservices access-list Outside_2_access_in extended permit icmp any host LOUEXEC001-out access-list Outside_2_access_in extended permit ip 63.148.133.0 255.255.255.0 any access-list Outside_2_access_in extended permit tcp any host LOUEXEC001-out eq 3389 access-list Outside_2_access_in extended permit icmp any interface Outside_2 access-list Outside_2_access_in extended permit icmp any any access-list Outside_2_access_in extended permit ip object-group BTS any access-list Outside_2_access_in extended permit ip host marcas_at_BTS any access-list Outside_2_access_in extended permit ip any any inactive access-list mydomainVPN_splitTunnelAcl standard permit any access-list FAE_access_in extended permit tcp any any access-list FAE_access_in extended permit udp any any access-list FAE_access_in extended permit ip any any access-list FAE_access_in extended permit icmp any any access-list Outside_2_cryptomap_40 extended permit ip 10.72.0.0 255.255.252.0 10.12.0.0 255.255.252.0 access-list Outside_2_cryptomap_40 extended permit icmp 10.72.0.0 255.255.252.0 10.12.0.0 255.255.252.0 access-list Outside_2_cryptomap_20 extended permit ip object-group Louisville object-group GrapeVine_Networks access-list Outside_2_cryptomap_20 extended permit icmp object-group Louisville object-group GrapeVine_Networks access-list Outside_2_cryptomap_20 extended permit ospf interface Outside_2 host 55.163.15.123 access-list Outside_2_cryptomap_20 extended permit ospf host 55.163.15.123 interface Outside_2 pager lines 24 logging enable logging timestamp logging list NAble_Message_Level level errors logging list VPN_DEBUG level debugging class vpdn logging list VPN_DEBUG level debugging class vpn logging list VPN_DEBUG level debugging class vpnc logging list VPN_DEBUG level debugging class vpnfo logging list VPN_DEBUG level debugging class vpnlb logging monitor critical logging trap informational logging history critical logging asdm VPN_DEBUG logging device-id hostname logging host inside 10.64.1.174 logging host inside 10.65.1.36 logging permit-hostdown logging class auth history warnings monitor warnings asdm warnings logging class config history critical monitor warnings asdm warnings logging class sys history critical monitor warnings asdm warnings mtu outside 1500 mtu inside 1500 mtu Outside_2 1500 mtu FAE 1500 mtu management 1500 ip local pool Lou_VPN_Pool 172.16.11.2-172.16.11.254 mask 255.255.255.0 no failover icmp unreachable rate-limit 1 burst-size 1 icmp permit any inside icmp permit any Outside_2 icmp permit any FAE asdm image disk0:/asdm-523.bin no asdm history enable arp timeout 14400 global (Outside_2) 203 44.18.208.66 global (Outside_2) 204 44.18.208.67 nat (inside) 0 access-list inside_nat0_outbound nat (inside) 203 0.0.0.0 0.0.0.0 nat (FAE) 204 192.168.7.0 255.255.255.0 static (inside,Outside_2) LOU_DC01-OUT 10.72.1.1 netmask 255.255.255.255 static (inside,Outside_2) LOUEXEC001-out louexc001 netmask 255.255.255.255 access-group inside_access_in in interface inside access-group Outside_2_access_in in interface Outside_2 access-group FAE_access_in in interface FAE route Outside_2 0.0.0.0 0.0.0.0 44.18.208.65 1 route Outside_2 55.163.15.123 255.255.255.255 44.18.208.65 1 ! router ospf 7 router-id 10.72.1.253 network 10.72.0.0 255.255.252.0 area 1 network 192.168.7.0 255.255.255.0 area 1 network 55.163.15.96 255.255.255.224 area 0 network 44.18.208.64 255.255.255.224 area 0 area 1 neighbor 55.163.15.123 interface Outside_2 log-adj-changes default-information originate always metric 1 ! crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto map Outside_2_map 20 match address Outside_2_cryptomap_20 crypto map Outside_2_map 20 set peer 55.163.15.123 crypto map Outside_2_map 20 set transform-set ESP-3DES-MD5 crypto map Outside_2_map 40 match address Outside_2_cryptomap_40 crypto map Outside_2_map 40 set peer 72.183.42.250 crypto map Outside_2_map 40 set transform-set ESP-3DES-MD5 crypto map Outside_2_map interface Outside_2 crypto isakmp identity address crypto isakmp enable Outside_2 crypto isakmp policy 10 authentication pre-share encryption 3des hash md5 group 2 lifetime none crypto isakmp nat-traversal 20 crypto isakmp ipsec-over-tcp port 10000 no vpn-addr-assign aaa no vpn-addr-assign local ssh timeout 60 console timeout 0 management-access inside dhcpd dns 216.136.95.2 64.132.94.250 dhcpd lease 3000 dhcpd domain mydomain.com dhcpd option 3 ip 192.168.7.1 ! dhcpd address 192.168.7.100-192.168.7.200 FAE dhcpd enable FAE ! ! class-map class_sip_tcp match port tcp eq sip class-map inspection_default match default-inspection-traffic ! ! policy-map global_policy class class_sip_tcp inspect sip class inspection_default inspect rsh inspect skinny inspect sqlnet inspect http inspect ftp inspect rtsp ! service-policy global_policy global ntp server 192.43.244.18 source outside prefer group-policy DfltGrpPolicy attributes banner none wins-server none dns-server none dhcp-network-scope none vpn-access-hours none vpn-simultaneous-logins 3 vpn-idle-timeout none vpn-session-timeout none vpn-filter none vpn-tunnel-protocol IPSec webvpn password-storage disable ip-comp disable re-xauth disable group-lock none pfs disable ipsec-udp disable ipsec-udp-port 10000 split-tunnel-policy tunnelall split-tunnel-network-list none default-domain none split-dns none intercept-dhcp 255.255.255.255 disable secure-unit-authentication disable user-authentication disable user-authentication-idle-timeout 30 ip-phone-bypass disable leap-bypass disable nem disable backup-servers keep-client-config msie-proxy server none msie-proxy method no-modify msie-proxy except-list none msie-proxy local-bypass disable nac disable nac-sq-period 300 nac-reval-period 36000 nac-default-acl none address-pools none smartcard-removal-disconnect enable client-firewall none client-access-rule none webvpn functions url-entry html-content-filter none homepage none keep-alive-ignore 4 http-comp gzip filter none url-list none customization value DfltCustomization port-forward none port-forward-name value Application Access sso-server none deny-message value Login was successful, but because certain criteria have not been met or due to some specific group policy, you do not have permission to use any of the VPN features. Contact your IT administrator for more information svc none svc keep-installer installed svc keepalive none svc rekey time none svc rekey method none svc dpd-interval client none svc dpd-interval gateway none svc compression deflate group-policy mydomainVPN internal group-policy mydomainVPN attributes wins-server value 10.72.1.1 10.64.1.2 dns-server value 10.72.1.1 10.64.1.2 split-tunnel-policy tunnelspecified split-tunnel-network-list value mydomainVPN_splitTunnelAcl default-domain value mydomainNT tunnel-group 55.163.15.123 type ipsec-l2l tunnel-group 55.163.15.123 ipsec-attributes pre-shared-key * tunnel-group 72.183.42.250 type ipsec-l2l tunnel-group 72.183.42.250 ipsec-attributes pre-shared-key * prompt hostname context Cryptochecksum:2db5afab7d6022cbc4f0d835749ac9ca : end