show asp table classify crypto Interface drac: Interface dmz: Interface inside: Interface outside: in id=0x4c492a8, priority=70, domain=decrypt, deny=false hits=1, user_data=0x89a4, cs_id=0x0, reverse, flags=0x0, protocol=50 src ip=80.176.122.226, mask=255.255.255.255, port=55907 dst ip=94.236.50.116, mask=255.255.255.255, port=33937 in id=0x1f49b10, priority=70, domain=decrypt, deny=false hits=13, user_data=0x10c9c, cs_id=0x0, reverse, flags=0x0, protocol=50 src ip=78.86.119.49, mask=255.255.255.255, port=40144 dst ip=94.236.50.116, mask=255.255.255.255, port=29074 in id=0x4c1b9c8, priority=69, domain=ipsec-tunnel-flow, deny=false hits=8985, user_data=0x89a4, cs_id=0x0, reverse, flags=0x0, protocol=0 src ip=172.16.9.0, mask=255.255.255.0, port=0 dst ip=192.168.100.0, mask=255.255.252.0, port=0 in id=0x4b3a7f8, priority=69, domain=ipsec-tunnel-flow, deny=false hits=10590, user_data=0x10c9c, cs_id=0x0, reverse, flags=0x0, protocol=0 src ip=172.16.0.0, mask=255.255.255.0, port=0 dst ip=192.168.100.0, mask=255.255.252.0, port=0 in id=0x4b33ae0, priority=12, domain=ipsec-natt, deny=false hits=0, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=17 src ip=0.0.0.0, mask=0.0.0.0, port=0 dst ip=94.236.50.116, mask=255.255.255.255, port=4500 out id=0x4b38250, priority=70, domain=encrypt, deny=false hits=0, user_data=0x0, cs_id=0x4b34d08, reverse, flags=0x0, protocol=0 src ip=0.0.0.0, mask=255.255.255.255, port=0 dst ip=0.0.0.0, mask=255.255.255.255, port=0 out id=0x4c31ab8, priority=70, domain=encrypt, deny=false hits=6579, user_data=0x462c, cs_id=0x4b34d08, reverse, flags=0x0, protocol=0 src ip=192.168.100.0, mask=255.255.252.0, port=0 dst ip=172.16.9.0, mask=255.255.255.0, port=0 out id=0x4b38b20, priority=70, domain=encrypt, deny=false hits=0, user_data=0x0, cs_id=0x4b34d08, reverse, flags=0x0, protocol=0 src ip=192.168.100.0, mask=255.255.252.0, port=0 dst ip=172.16.9.0, mask=255.255.255.0, port=0 out id=0x4b38cf0, priority=70, domain=encrypt, deny=false hits=10654, user_data=0x0, cs_id=0x4b34d08, reverse, flags=0x0, protocol=0 src ip=192.168.100.0, mask=255.255.252.0, port=0 dst ip=172.16.0.0, mask=255.255.255.0, port=0 out id=0x4b38ef8, priority=70, domain=encrypt, deny=false hits=0, user_data=0x0, cs_id=0x4b366d0, reverse, flags=0x0, protocol=0 src ip=0.0.0.0, mask=255.255.255.255, port=0 dst ip=0.0.0.0, mask=255.255.255.255, port=0 out id=0x4b39160, priority=70, domain=encrypt, deny=false hits=0, user_data=0x0, cs_id=0x4b366d0, reverse, flags=0x0, protocol=0 src ip=192.168.100.0, mask=255.255.252.0, port=0 dst ip=172.16.9.0, mask=255.255.255.0, port=0 out id=0x4c38ed0, priority=70, domain=encrypt, deny=false hits=0, user_data=0xda04, cs_id=0x4b366d0, reverse, flags=0x0, protocol=0 src ip=192.168.100.0, mask=255.255.252.0, port=0 dst ip=172.16.0.0, mask=255.255.255.0, port=0 out id=0x4b39368, priority=70, domain=encrypt, deny=false hits=0, user_data=0x0, cs_id=0x4b366d0, reverse, flags=0x0, protocol=0 src ip=192.168.100.0, mask=255.255.252.0, port=0 dst ip=172.16.0.0, mask=255.255.255.0, port=0 show asp table vpn-context VPN CTX=0x00010C9C, Ptr=0x04C32040, DECR+ESP, UP, pk=0000010683, rk=0000000005, gc=1 VPN CTX=0x0000DA04, Ptr=0x04C38DE8, ENCR+ESP, UP, pk=0000000000, rk=0000000005, gc=0 VPN CTX=0x000089A4, Ptr=0x04B3A870, DECR+ESP, UP, pk=0000042057, rk=0000000005, gc=55 VPN CTX=0x0000462C, Ptr=0x04C31A00, ENCR+ESP, UP, pk=0000030403, rk=0000000005, gc=54 show crypto ipsec sa detail interface: outside Crypto map tag: outside_map, seq num: 2, local addr: 94.236.50.116 access-list outside_2_cryptomap permit ip 192.168.100.0 255.255.252.0 172.16.0.0 255.255.255.0 local ident (addr/mask/prot/port): (192.168.100.0/255.255.252.0/0/0) remote ident (addr/mask/prot/port): (172.16.0.0/255.255.255.0/0/0) current_peer: 78.86.119.49 #pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0 #pkts decaps: 10468, #pkts decrypt: 10468, #pkts verify: 10468 #pkts compressed: 0, #pkts decompressed: 0 #pkts not compressed: 0, #pkts comp failed: 0, #pkts decomp failed: 0 #pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0 #PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0 #pkts no sa (send): 0, #pkts invalid sa (rcv): 0 #pkts encaps failed (send): 0, #pkts decaps failed (rcv): 0 #pkts invalid prot (rcv): 0, #pkts verify failed: 0 #pkts invalid identity (rcv): 0, #pkts invalid len (rcv): 0 #pkts replay rollover (send): 0, #pkts replay rollover (rcv): 0 #pkts replay failed (rcv): 0 #pkts min mtu frag failed (send): 0, #pkts bad frag offset (rcv): 0 #pkts internal err (send): 0, #pkts internal err (rcv): 0 local crypto endpt.: 94.236.50.116, remote crypto endpt.: 78.86.119.49 path mtu 1500, ipsec overhead 58, media mtu 1500 current outbound spi: 0F7B6523 inbound esp sas: spi: 0xD09C9271 (3499922033) transform: esp-3des esp-sha-hmac none in use settings ={L2L, Tunnel, PFS Group 2, } slot: 0, conn_id: 2, crypto-map: outside_map sa timing: remaining key lifetime (sec): 1093 IV size: 8 bytes replay detection support: Y outbound esp sas: spi: 0x0F7B6523 (259745059) transform: esp-3des esp-sha-hmac none in use settings ={L2L, Tunnel, PFS Group 2, } slot: 0, conn_id: 2, crypto-map: outside_map sa timing: remaining key lifetime (sec): 1093 IV size: 8 bytes replay detection support: Y Crypto map tag: outside_map, seq num: 1, local addr: 94.236.50.116 access-list outside_1_cryptomap_1 permit ip 192.168.100.0 255.255.252.0 172.16.9.0 255.255.255.0 local ident (addr/mask/prot/port): (192.168.100.0/255.255.252.0/0/0) remote ident (addr/mask/prot/port): (172.16.9.0/255.255.255.0/0/0) current_peer: 80.176.122.226 #pkts encaps: 29604, #pkts encrypt: 29613, #pkts digest: 29613 #pkts decaps: 41253, #pkts decrypt: 41253, #pkts verify: 41253 #pkts compressed: 0, #pkts decompressed: 0 #pkts not compressed: 29604, #pkts comp failed: 0, #pkts decomp failed: 0 #pre-frag successes: 9, #pre-frag failures: 0, #fragments created: 18 #PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0 #pkts no sa (send): 0, #pkts invalid sa (rcv): 0 #pkts encaps failed (send): 0, #pkts decaps failed (rcv): 0 #pkts invalid prot (rcv): 0, #pkts verify failed: 0 #pkts invalid identity (rcv): 0, #pkts invalid len (rcv): 0 #pkts replay rollover (send): 0, #pkts replay rollover (rcv): 0 #pkts replay failed (rcv): 0 #pkts min mtu frag failed (send): 0, #pkts bad frag offset (rcv): 0 #pkts internal err (send): 0, #pkts internal err (rcv): 0 local crypto endpt.: 94.236.50.116, remote crypto endpt.: 80.176.122.226 path mtu 1500, ipsec overhead 58, media mtu 1500 current outbound spi: 0C4EC58E inbound esp sas: spi: 0x63DA9184 (1675268484) transform: esp-3des esp-sha-hmac none in use settings ={L2L, Tunnel, PFS Group 2, } slot: 0, conn_id: 1, crypto-map: outside_map sa timing: remaining key lifetime (sec): 1075 IV size: 8 bytes replay detection support: Y outbound esp sas: spi: 0x0C4EC58E (206488974) transform: esp-3des esp-sha-hmac none in use settings ={L2L, Tunnel, PFS Group 2, } slot: 0, conn_id: 1, crypto-map: outside_map sa timing: remaining key lifetime (sec): 1075 IV size: 8 bytes replay detection support: Y show run all : Saved : ASA Version 7.2(3) ! command-alias exec h help command-alias exec lo logout command-alias exec p ping command-alias exec s show terminal width 80 hostname fw-892858-226285 domain-name lon3.rackspace.com enable password UnkoVLR91qhlKUaq encrypted no fips enable names ! interface Ethernet0/0 speed 1000 duplex full nameif outside security-level 0 ip address 94.236.50.116 255.255.255.248 ! interface Ethernet0/1 speed 100 duplex full nameif inside security-level 100 ip address 192.168.100.1 255.255.255.0 ! interface Ethernet0/2 speed 100 duplex full nameif dmz security-level 25 ip address 192.168.101.1 255.255.255.0 ! interface Ethernet0/3 speed 100 duplex full nameif drac security-level 75 ip address 192.168.103.1 255.255.255.0 ! interface Management0/0 speed auto duplex auto shutdown no nameif no security-level no ip address management-only ! passwd 6zW5fF5ALmg.7zkI encrypted regex _default_GoToMyPC-tunnel "machinekey" regex _default_GoToMyPC-tunnel_2 "[/\\]erc[/\\]Poll" regex _default_yahoo-messenger "YMSG" regex _default_httport-tunnel "photo[.]exectech[-]va[.]com" regex _default_gnu-http-tunnel_uri "[/\\]index[.]html" regex _default_firethru-tunnel_1 "firethru[.]com" regex _default_gator "Gator" regex _default_firethru-tunnel_2 "[/\\]cgi[-]bin[/\\]proxy" regex _default_shoutcast-tunneling-protocol "1" regex _default_http-tunnel "[/\\]HT_PortLog.aspx" regex _default_x-kazaa-network "[xX]-[kK][aA][zZ][aA][aA]-[nN][eE][tT][wW][oO][rR][kK]" regex _default_msn-messenger "[Aa][Pp][Pp][Ll][Ii][Cc][Aa][Tt][Ii][Oo][Nn][/\\][Xx][-][Mm][Ss][Nn][-][Mm][Ee][Ss][Ss][Ee][Nn][Gg][Ee][Rr]" regex _default_aim-messenger "[Hh][Tt][Tt][Pp][.][Pp][Rr][Oo][Xx][Yy][.][Ii][Cc][Qq][.][Cc][Oo][Mm]" regex _default_gnu-http-tunnel_arg "crap" regex _default_icy-metadata "[iI][cC][yY]-[mM][eE][tT][aA][dD][aA][tT][aA]" regex _default_windows-media-player-tunnel "NSPlayer" ftp mode passive clock timezone GMT/BST 0 clock summer-time GMT/BDT recurring last Sun Mar 1:00 last Sun Oct 2:00 60 dns server-group DefaultDNS domain-name lon3.rackspace.com object-group network rackspace-ips network-object 64.39.0.0 255.255.254.0 network-object 72.3.130.0 255.255.255.192 network-object 10.0.0.0 255.240.0.0 network-object 64.39.2.144 255.255.255.240 network-object 69.20.0.0 255.255.254.0 network-object 66.216.93.64 255.255.255.240 network-object host 212.100.224.20 network-object 212.100.225.32 255.255.255.224 network-object 72.3.128.0 255.255.254.0 network-object host 83.138.149.133 network-object host 83.138.151.69 network-object host 83.138.138.174 network-object 209.61.136.64 255.255.255.192 network-object 69.20.0.64 255.255.255.224 network-object 212.100.255.192 255.255.255.240 network-object 66.216.65.192 255.255.255.224 network-object host 92.52.76.140 network-object 72.3.223.8 255.255.255.248 network-object 120.136.32.96 255.255.255.240 network-object host 83.138.151.80 network-object host 83.138.151.81 network-object host 92.52.127.142 network-object host 92.52.127.143 network-object host 212.100.224.6 network-object host 212.100.224.7 network-object 72.32.94.80 255.255.255.248 network-object 66.216.70.224 255.255.255.240 network-object 72.4.112.112 255.255.255.240 network-object 92.52.121.80 255.255.255.240 network-object 120.136.35.16 255.255.255.240 network-object host 92.52.120.227 network-object 66.216.125.0 255.255.255.224 network-object 66.216.111.0 255.255.255.128 network-object 83.138.146.192 255.255.255.224 network-object 72.32.192.0 255.255.255.0 network-object 74.205.2.0 255.255.255.0 network-object 92.52.126.0 255.255.254.0 network-object 120.136.33.0 255.255.255.128 network-object 120.136.34.16 255.255.255.240 network-object 67.192.155.96 255.255.255.224 network-object 64.49.200.192 255.255.255.224 network-object 89.234.21.64 255.255.255.240 network-object 69.20.80.0 255.255.255.240 network-object 89.234.31.0 255.255.255.0 network-object host 66.216.65.214 object-group network web-servers network-object host 94.236.50.88 network-object host 94.236.50.89 network-object host 94.236.50.90 network-object host 94.236.50.91 network-object host 94.236.52.144 network-object host 94.236.52.145 network-object host 94.236.52.146 network-object host 94.236.52.147 network-object host 94.236.52.148 network-object host 94.236.52.149 object-group network KC description KC Network ranges network-object 172.16.9.0 255.255.255.0 network-object 172.16.0.0 255.255.255.0 object-group network Rackspace-Private network-object 192.168.100.0 255.255.252.0 object-group service nfs tcp port-object range sunrpc sunrpc port-object range 2049 2049 object-group service nfsudp udp port-object range sunrpc sunrpc port-object range 2049 2049 access-list 100 extended permit ip any any access-list 101 extended permit icmp any any access-list 101 extended permit ip object-group rackspace-ips any access-list 101 extended permit ip host 78.86.119.49 any access-list 101 extended permit ip host 80.176.122.226 any access-list 101 extended permit tcp any object-group web-servers eq www access-list 101 extended permit tcp any object-group web-servers eq https access-list 101 extended permit tcp any host 94.236.50.91 eq smtp access-list 101 extended permit tcp any any eq 8080 access-list 101 extended permit ip host 78.136.2.98 any access-list 101 extended permit ip host 78.136.2.99 any access-list 101 extended permit ip host 78.136.2.100 any access-list 101 extended permit ip host 93.97.195.68 any access-list 101 extended permit ip host 78.136.2.105 any access-list 99 extended permit icmp any any access-list 99 extended permit tcp 192.168.101.0 255.255.255.0 192.168.100.0 255.255.255.0 eq 3306 access-list 99 extended permit udp 192.168.101.0 255.255.255.0 192.168.100.0 255.255.255.0 object-group nfsudp access-list 99 extended permit tcp 192.168.101.0 255.255.255.0 192.168.100.0 255.255.255.0 object-group nfs access-list 99 extended deny ip 192.168.101.0 255.255.255.0 192.168.100.0 255.255.255.0 access-list 99 extended deny ip 192.168.101.0 255.255.255.0 192.168.103.0 255.255.255.0 access-list 99 extended permit ip any any access-list 98 extended permit icmp any any access-list 98 extended deny ip any any access-list 102 extended permit ip 192.168.100.0 255.255.255.0 192.168.105.0 255.255.255.0 access-list 102 extended permit ip 192.168.101.0 255.255.255.0 192.168.105.0 255.255.255.0 access-list 102 extended permit ip 192.168.103.0 255.255.255.0 192.168.105.0 255.255.255.0 access-list 102 extended permit ip 192.168.100.0 255.255.252.0 172.16.9.0 255.255.255.0 access-list 102 extended permit ip 192.168.100.0 255.255.252.0 172.16.0.0 255.255.255.0 access-list 103 extended permit ip 192.168.100.0 255.255.255.0 192.168.105.0 255.255.255.0 access-list 103 extended permit ip 192.168.101.0 255.255.255.0 192.168.105.0 255.255.255.0 access-list 103 extended permit ip 192.168.103.0 255.255.255.0 192.168.105.0 255.255.255.0 access-list outside_1_cryptomap extended permit ip any any access-list outside_1_cryptomap_1 extended permit ip object-group Rackspace-Private object-group KC access-list outside_2_cryptomap extended permit ip object-group Rackspace-Private object-group KC pager lines 24 logging enable logging buffer-size 4096 logging asdm-buffer-size 100 logging monitor debugging logging asdm informational logging flash-minimum-free 3076 logging flash-maximum-allocation 1024 logging rate-limit 1 10 message 620002 logging rate-limit 1 10 message 717015 logging rate-limit 1 10 message 717018 logging rate-limit 1 10 message 201013 logging rate-limit 1 10 message 201012 logging rate-limit 1 10 message 405002 logging rate-limit 1 10 message 421007 logging rate-limit 1 10 message 405001 logging rate-limit 1 10 message 421001 logging rate-limit 1 10 message 421002 logging rate-limit 1 10 message 710002 logging rate-limit 1 10 message 209003 logging rate-limit 1 10 message 209004 logging rate-limit 1 10 message 209005 logging rate-limit 1 10 message 431002 logging rate-limit 1 10 message 431001 logging rate-limit 1 10 message 110003 logging rate-limit 1 10 message 110002 logging rate-limit 1 10 message 450001 mtu outside 1500 mtu inside 1500 mtu dmz 1500 mtu drac 1500 ip local pool ippool 192.168.105.1-192.168.105.254 no failover failover lan unit secondary failover polltime unit 1 holdtime 15 failover polltime interface 5 holdtime 25 failover interface-policy 1 icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-523.bin no asdm history enable arp timeout 14400 no nat-control nat (inside) 0 access-list 102 nat (dmz) 0 access-list 102 nat (drac) 0 access-list 102 static (dmz,outside) 94.236.50.88 192.168.101.88 netmask 255.255.255.255 static (dmz,outside) 94.236.50.89 192.168.101.89 netmask 255.255.255.255 static (dmz,outside) 94.236.50.90 192.168.101.90 netmask 255.255.255.255 static (dmz,outside) 94.236.50.91 192.168.101.91 netmask 255.255.255.255 static (inside,outside) 94.236.50.94 192.168.100.94 netmask 255.255.255.255 static (inside,outside) 94.236.50.95 192.168.100.95 netmask 255.255.255.255 static (dmz,outside) 94.236.52.144 192.168.101.144 netmask 255.255.255.255 static (dmz,outside) 94.236.52.145 192.168.101.145 netmask 255.255.255.255 static (dmz,outside) 94.236.52.146 192.168.101.146 netmask 255.255.255.255 static (dmz,outside) 94.236.52.147 192.168.101.147 netmask 255.255.255.255 static (dmz,outside) 94.236.52.148 192.168.101.148 netmask 255.255.255.255 static (dmz,outside) 94.236.52.149 192.168.101.149 netmask 255.255.255.255 static (dmz,outside) 94.236.52.157 192.168.101.157 netmask 255.255.255.255 static (dmz,outside) 94.236.52.158 192.168.101.158 netmask 255.255.255.255 static (dmz,outside) 94.236.52.159 192.168.101.159 netmask 255.255.255.255 access-group 101 in interface outside access-group 100 in interface inside access-group 99 in interface dmz access-group 99 in interface drac route outside 0.0.0.0 0.0.0.0 94.236.50.113 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ reactivation-mode depletion deadtime 5 aaa-server RADIUS protocol radius reactivation-mode depletion deadtime 5 aaa authentication enable console LOCAL aaa authentication ssh console LOCAL aaa authentication http console LOCAL http server enable 443 http 192.168.100.0 255.255.255.0 inside http 192.168.105.0 255.255.255.0 inside http 80.176.122.226 255.255.255.255 outside snmp-server location Rackspace no snmp-server contact snmp-server community stjames1 snmp-server enable traps snmp authentication linkup linkdown coldstart no snmp-server enable traps syslog no snmp-server enable traps ipsec start stop no snmp-server enable traps entity config-change fru-insert fru-remove no snmp-server enable traps remote-access session-threshold-exceeded snmp-server enable snmp-server listen-port 161 fragment size 200 outside fragment chain 24 outside fragment timeout 5 outside fragment size 200 inside fragment chain 24 inside fragment timeout 5 inside fragment size 200 dmz fragment chain 24 dmz fragment timeout 5 dmz fragment size 200 drac fragment chain 24 drac fragment timeout 5 drac service password-recovery crypto ipsec transform-set rackset esp-3des esp-sha-hmac crypto ipsec transform-set rackset1 esp-3des esp-sha-hmac crypto ipsec security-association lifetime seconds 28800 crypto ipsec security-association lifetime kilobytes 4608000 crypto ipsec fragmentation before-encryption outside crypto ipsec fragmentation before-encryption inside crypto ipsec fragmentation before-encryption dmz crypto ipsec fragmentation before-encryption drac crypto ipsec df-bit copy-df outside crypto ipsec df-bit copy-df inside crypto ipsec df-bit copy-df dmz crypto ipsec df-bit copy-df drac crypto dynamic-map rack 65365 set transform-set rackset crypto dynamic-map rack 65365 set security-association lifetime seconds 28800 crypto dynamic-map rack 65365 set security-association lifetime kilobytes 4608000 crypto map outside_map 1 match address outside_1_cryptomap_1 crypto map outside_map 1 set pfs group2 crypto map outside_map 1 set connection-type bi-directional crypto map outside_map 1 set peer 80.176.122.226 crypto map outside_map 1 set transform-set rackset crypto map outside_map 1 set security-association lifetime seconds 28800 crypto map outside_map 1 set security-association lifetime kilobytes 4608000 crypto map outside_map 1 set inheritance rule crypto map outside_map 1 set phase1-mode main crypto map outside_map 2 match address outside_2_cryptomap crypto map outside_map 2 set pfs group2 crypto map outside_map 2 set connection-type bi-directional crypto map outside_map 2 set peer 78.86.119.49 crypto map outside_map 2 set transform-set rackset1 crypto map outside_map 2 set security-association lifetime seconds 28800 crypto map outside_map 2 set security-association lifetime kilobytes 4608000 crypto map outside_map 2 set inheritance rule crypto map outside_map 2 set phase1-mode main crypto map outside_map interface outside crypto isakmp identity address crypto isakmp enable outside crypto isakmp policy 6 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 crypto isakmp nat-traversal 20 vpn-addr-assign aaa vpn-addr-assign dhcp vpn-addr-assign local no vpn-sessiondb max-session-limit no vpn-sessiondb max-webvpn-session-limit no remote-access threshold telnet timeout 5 ssh 10.0.0.0 255.240.0.0 outside ssh 64.39.0.0 255.255.254.0 outside ssh 72.3.128.0 255.255.254.0 outside ssh 72.3.130.0 255.255.255.192 outside ssh 69.20.0.0 255.255.254.0 outside ssh 212.100.225.32 255.255.255.224 outside ssh 72.3.223.8 255.255.255.248 outside ssh 83.138.138.174 255.255.255.255 outside ssh 72.32.94.80 255.255.255.248 outside ssh 66.216.70.224 255.255.255.240 outside ssh 72.4.112.112 255.255.255.240 outside ssh 92.52.121.80 255.255.255.240 outside ssh 120.136.35.16 255.255.255.240 outside ssh 209.61.136.64 255.255.255.192 outside ssh 69.20.0.64 255.255.255.224 outside ssh 212.100.255.192 255.255.255.240 outside ssh 74.205.2.0 255.255.255.0 outside ssh 89.234.31.0 255.255.255.0 outside ssh 192.168.100.0 255.255.255.0 inside ssh 192.168.105.0 255.255.255.0 inside ssh 172.16.9.0 255.255.255.0 inside ssh timeout 15 ssh version 2 console timeout 5 management-access inside l2tp tunnel hello 60 priority-queue outside queue-limit 0 tx-ring-limit -1 priority-queue inside queue-limit 0 tx-ring-limit -1 priority-queue dmz queue-limit 0 tx-ring-limit -1 priority-queue drac queue-limit 0 tx-ring-limit -1 ! class-map type inspect http match-all _default_gator match request header user-agent regex _default_gator class-map type inspect http match-all _default_msn-messenger match response header content-type regex _default_msn-messenger class-map type inspect http match-all _default_yahoo-messenger match request body regex _default_yahoo-messenger class-map type inspect http match-all _default_windows-media-player-tunnel match request header user-agent regex _default_windows-media-player-tunnel class-map type inspect http match-all _default_gnu-http-tunnel match request args regex _default_gnu-http-tunnel_arg match request uri regex _default_gnu-http-tunnel_uri class-map type inspect http match-all _default_firethru-tunnel match request header host regex _default_firethru-tunnel_1 match request uri regex _default_firethru-tunnel_2 class-map type inspect http match-all _default_aim-messenger match request header host regex _default_aim-messenger class-map type inspect http match-all _default_http-tunnel match request uri regex _default_http-tunnel class-map type inspect http match-all _default_kazaa match response header regex _default_x-kazaa-network count gt 0 class-map type inspect http match-all _default_shoutcast-tunneling-protocol match request header regex _default_icy-metadata regex _default_shoutcast-tunneling-protocol class-map class-default match any class-map inspection_default match default-inspection-traffic class-map type inspect http match-all _default_GoToMyPC-tunnel match request args regex _default_GoToMyPC-tunnel match request uri regex _default_GoToMyPC-tunnel_2 class-map type inspect http match-all _default_httport-tunnel match request header host regex _default_httport-tunnel ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum 512 no message-length maximum server no message-length maximum client dns-guard protocol-enforcement nat-rewrite no id-randomization no id-mismatch no tsig enforced policy-map type inspect h323 _default_h323_map description Default H.323 policymap parameters no rtp-conformance policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 _default_h323_map inspect h323 ras _default_h323_map inspect rsh inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp class class-default policy-map type inspect sip _default_sip_map description Default SIP policymap parameters im no ip-address-privacy traffic-non-sip no rtp-conformance policy-map type inspect dns _default_dns_map description Default DNS policy-map parameters no message-length maximum no message-length maximum server no message-length maximum client dns-guard protocol-enforcement nat-rewrite no id-randomization no id-mismatch no tsig enforced policy-map type inspect ipsec-pass-thru _default_ipsec_passthru_map description Default IPSEC-PASS-THRU policy-map parameters esp per-client-max 0 timeout 0:10:00 policy-map type inspect esmtp _default_esmtp_map description Default ESMTP policy-map parameters mask-banner no mail-relay no special-character no allow-tls match cmd line length gt 512 drop-connection match cmd RCPT count gt 100 drop-connection match body line length gt 1000 log match header line length gt 1000 drop-connection match sender-address length gt 320 drop-connection match MIME filename length gt 255 drop-connection match ehlo-reply-parameter others mask ! service-policy global_policy global ntp server 83.138.151.80 source outside ssl server-version any ssl client-version any ssl encryption aes256-sha1 aes128-sha1 3des-sha1 des-sha1 rc4-md5 webvpn memory-size percent 25 port 443 character-encoding none no http-proxy no https-proxy default-idle-timeout 1800 no csd enable no svc enable customization DfltCustomization title text WebVPN Service title style background-color:white;color:maroon;border-bottom:5px groove #669999;font-size:larger;vertical-align:middle;text-align:left;font-weight:bold username-prompt text USERNAME: username-prompt style color:black;font-weight:bold;text-align:right password-prompt text PASSWORD: password-prompt style color:black;font-weight:bold;text-align:right group-prompt text GROUP: group-prompt style color:black;font-weight:bold;text-align:right login-button text Login login-button style border:1px solid black;background-color:white;font-weight:bold;font-size:80% clear-button text Clear clear-button style border:1px solid black;background-color:white;font-weight:bold;font-size:80% login-title text Login login-title style background-color:#666666;color:white login-message text Please enter your username and password. login-message style background-color:#CCCCCC;color:black logout-title text Logout logout-title style background-color:#666666;color:white logout-message text Goodbye. logout-message style background-color:#999999;color:black web-applications title text Web Applications web-applications title style background-color:#99CCCC;color:black;font-weight:bold;text-transform:uppercase web-applications message text Enter Web Address (URL) web-applications message style background-color:#99CCCC;color:maroon;font-size:smaller web-applications dropdown text Web Bookmarks web-applications dropdown style border:1px solid black;font-weight:bold;color:black;font-size:80% browse-networks title text Browse Networks browse-networks title style background-color:#99CCCC;color:black;font-weight:bold;text-transform:uppercase browse-networks message text Enter Network Path browse-networks message style background-color:#99CCCC;color:maroon;font-size:smaller browse-networks dropdown text File Folder Bookmarks browse-networks dropdown style border:1px solid black;font-weight:bold;color:black;font-size:80% application-access title text Application Access application-access title style background-color:#99CCCC;color:black;font-weight:bold;text-transform:uppercase application-access message text Start Application Client application-access message style background-color:#99CCCC;color:maroon;font-size:smaller application-access window text Close this window when you finish using Application Access.
Please wait for the table to be displayed before starting applications. application-access window style background-color:#99CCCC;color:black;font-weight:bold web-bookmarks link style color:#669999;border-bottom: 1px solid #669999;text-decoration:none web-bookmarks title text Web Bookmarks web-bookmarks title style color:#669999;background-color:#99CCCC;font-weight:bold file-bookmarks link style color:#669999;border-bottom: 1px solid #669999;text-decoration:none file-bookmarks title text File Folder Bookmarks file-bookmarks title style color:#669999;background-color:#99CCCC;font-weight:bold page style background-color:white;font-family:Arial,Helv,sans-serif border style background-color:#669999;color:white dialog title style background-color:#669999;color:white dialog message style background-color:#99CCCC;color:black dialog border style border:1px solid black;border-collapse:collapse no logo application-access hide-details disable no tunnel-group-list enable rewrite order 65535 enable resource-mask * cache disable max-object-size 1000 min-object-size 0 cache-compressed no cache-static-content lmfactor 20 expiry-time 1 no auto-signon group-policy DfltGrpPolicy internal group-policy DfltGrpPolicy attributes banner none wins-server none dns-server none dhcp-network-scope none vpn-access-hours none vpn-simultaneous-logins 3 vpn-idle-timeout 30 vpn-session-timeout none vpn-filter none vpn-tunnel-protocol IPSec l2tp-ipsec webvpn password-storage disable ip-comp disable re-xauth disable group-lock none pfs disable ipsec-udp disable ipsec-udp-port 10000 split-tunnel-policy tunnelall split-tunnel-network-list none default-domain none split-dns none intercept-dhcp 255.255.255.255 disable secure-unit-authentication disable user-authentication disable user-authentication-idle-timeout 30 ip-phone-bypass disable leap-bypass disable nem disable backup-servers keep-client-config msie-proxy server none msie-proxy method no-modify msie-proxy except-list none msie-proxy local-bypass disable nac disable nac-sq-period 300 nac-reval-period 36000 nac-default-acl none address-pools none smartcard-removal-disconnect enable client-firewall none client-access-rule none webvpn functions url-entry html-content-filter none homepage none keep-alive-ignore 4 http-comp gzip filter none url-list none customization value DfltCustomization port-forward none port-forward-name value Application Access sso-server none deny-message value Login was successful, but because certain criteria have not been met or due to some specific group policy, you do not have permission to use any of the VPN features. Contact your IT administrator for more information svc none svc keep-installer installed svc keepalive none svc rekey time none svc rekey method none svc dpd-interval client none svc dpd-interval gateway none svc compression deflate no vpn-nac-exempt group-policy keycriteria internal group-policy keycriteria attributes vpn-idle-timeout 30 vpn-tunnel-protocol IPSec split-tunnel-policy tunnelspecified split-tunnel-network-list value 103 default-domain value rackspace.com nem enable no vpn-nac-exempt username kc-admin password JIZaAza5O2Cw924s encrypted privilege 15 tunnel-group DefaultL2LGroup type ipsec-l2l tunnel-group DefaultL2LGroup general-attributes no accounting-server-group default-group-policy DfltGrpPolicy tunnel-group DefaultL2LGroup ipsec-attributes no pre-shared-key peer-id-validate req no chain no trust-point isakmp keepalive threshold 10 retry 2 tunnel-group DefaultRAGroup type ipsec-ra tunnel-group DefaultRAGroup general-attributes no address-pool authentication-server-group LOCAL no accounting-server-group default-group-policy DfltGrpPolicy no dhcp-server no nac-authentication-server-group no strip-realm no password-management no override-account-disable no strip-group no authorization-required authorization-dn-attributes CN OU tunnel-group DefaultRAGroup ipsec-attributes no pre-shared-key peer-id-validate req no chain no trust-point isakmp keepalive threshold 300 retry 2 no radius-sdi-xauth isakmp ikev1-user-authentication xauth tunnel-group DefaultRAGroup ppp-attributes no authentication pap authentication chap authentication ms-chap-v1 no authentication ms-chap-v2 no authentication eap-proxy tunnel-group DefaultWEBVPNGroup type webvpn tunnel-group DefaultWEBVPNGroup general-attributes no address-pool authentication-server-group LOCAL no accounting-server-group default-group-policy DfltGrpPolicy no dhcp-server no password-management no override-account-disable no authorization-required authorization-dn-attributes CN OU tunnel-group DefaultWEBVPNGroup webvpn-attributes hic-fail-group-policy DfltGrpPolicy customization DfltCustomization authentication aaa dns-group DefaultDNS tunnel-group keycriteria type ipsec-ra tunnel-group keycriteria general-attributes address-pool ippool authentication-server-group LOCAL no accounting-server-group default-group-policy keycriteria no dhcp-server no nac-authentication-server-group no strip-realm no password-management no override-account-disable no strip-group no authorization-required authorization-dn-attributes CN OU tunnel-group keycriteria ipsec-attributes pre-shared-key * peer-id-validate req no chain no trust-point isakmp keepalive threshold 300 retry 2 no radius-sdi-xauth isakmp ikev1-user-authentication xauth tunnel-group keycriteria ppp-attributes no authentication pap authentication chap authentication ms-chap-v1 no authentication ms-chap-v2 no authentication eap-proxy tunnel-group 80.176.122.226 type ipsec-l2l tunnel-group 80.176.122.226 general-attributes no accounting-server-group default-group-policy DfltGrpPolicy tunnel-group 80.176.122.226 ipsec-attributes pre-shared-key * peer-id-validate req no chain no trust-point isakmp keepalive threshold 10 retry 2 tunnel-group 78.86.119.49 type ipsec-l2l tunnel-group 78.86.119.49 general-attributes no accounting-server-group default-group-policy DfltGrpPolicy tunnel-group 78.86.119.49 ipsec-attributes pre-shared-key * peer-id-validate req no chain no trust-point isakmp keepalive threshold 10 retry 2 imap4s port 993 no server outstanding 20 name-separator : server-separator @ authentication-server-group LOCAL no authorization-server-group no accounting-server-group default-group-policy DfltGrpPolicy no authentication no authorization-required authorization-dn-attributes CN OU pop3s port 995 no server outstanding 20 name-separator : server-separator @ authentication-server-group LOCAL no authorization-server-group no accounting-server-group default-group-policy DfltGrpPolicy no authentication no authorization-required authorization-dn-attributes CN OU smtps port 988 no server outstanding 20 name-separator : server-separator @ authentication-server-group LOCAL no authorization-server-group no accounting-server-group default-group-policy DfltGrpPolicy authentication aaa no authorization-required authorization-dn-attributes CN OU prompt hostname context auto-update device-id hostname auto-update poll-period 720 0 5 auto-update timeout 0 compression svc http-comp Cryptochecksum:3ee37686add3775be4824db0d5dd9acb : end