lsdasa# show run : Saved : ASA Version 8.0(2) ! hostname lsdasa enable password tKyyy3u.t.7HhSZ1 encrypted names dns-guard ! interface GigabitEthernet0/0 nameif Outside security-level 0 ip address 200.200.200.200 255.255.255.224 ! interface GigabitEthernet0/1 nameif DMZ1 security-level 50 ip address 172.16.1.1 255.255.255.0 ! interface GigabitEthernet0/2 nameif DMZ2-test security-level 60 ip address 172.20.1.1 255.255.255.0 ! interface GigabitEthernet0/3 nameif Inside security-level 100 ip address 192.168.189.1 255.255.255.248 ! interface Management0/0 nameif management security-level 100 ip address 192.168.1.1 255.255.255.0 management-only ! passwd UxTPu6B/TBxzw.9C encrypted boot system disk0:/asa802-k8.bin ftp mode passive clock timezone EST -5 clock summer-time EDT recurring dns domain-lookup Outside dns domain-lookup DMZ1 ! access-list dmz2in extended permit icmp any any access-list dmz2in extended permit ip any any access-list testvpn_splitTunnelAcl extended permit ip any any pager lines 24 logging enable logging timestamp logging trap informational logging asdm critical logging facility 16 logging host management 192.168.1.101 logging permit-hostdown logging class auth trap informational asdm informational mtu Outside 1500 mtu DMZ1 1500 mtu DMZ2-test 1500 mtu Inside 1500 mtu management 1500 ip local pool testvpn 172.16.100.1-172.16.100.254 mask 255.255.255.0 ip verify reverse-path interface Outside no failover icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-602.bin no asdm history enable arp timeout 14400 nat-control global (Outside) 1 200.200.200.202 netmask 255.255.255.224 global (DMZ1) 1 172.16.1.33-172.16.1.254 netmask 255.255.255.0 global (DMZ1) 1 172.16.1.32 nat (Outside) 1 172.16.100.0 255.255.255.0 nat (Inside) 1 0.0.0.0 0.0.0.0 tcp 3000 1000 ************static commands ommitted*************************************************** access-group out2in in interface Outside access-group dmz2in in interface DMZ1 route Outside 0.0.0.0 0.0.0.0 200.200.200.201 1 route Inside 10.0.0.0 255.0.0.0 192.168.189.6 1 route Inside 192.168.0.0 255.255.0.0 192.168.189.6 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout uauth 0:05:00 absolute dynamic-access-policy-record DfltAccessPolicy description "VPN users" network-acl dmz2in webvpn url-list none file-browsing enable file-entry enable http-proxy enable url-entry enable aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius aaa-server vpn protocol radius aaa-server vpn host 10.N.N.N timeout 5 key lpsd^pn1 http server enable http 192.168.1.0 255.255.255.0 management snmp-server location Admin snmp-server contact LSD Technology snmp-server community ID10t snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto dynamic-map Outside_dyn_map 20 set transform-set ESP-3DES-MD5 crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 crypto map Outside_map 65535 ipsec-isakmp dynamic Outside_dyn_map crypto map Outside_map interface Outside crypto isakmp identity hostname crypto isakmp enable Outside crypto isakmp policy 10 authentication pre-share encryption 3des hash md5 group 2 lifetime 86400 telnet timeout 5 ssh timeout 5 console timeout 5 dhcpd address 192.168.1.2-192.168.1.254 management dhcpd enable management ! vpn load-balancing interface lbpublic DMZ1 interface lbprivate DMZ1 threat-detection basic-threat threat-detection statistics ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns MY_DNS_INSPECT_MAP parameters message-length maximum 512 policy-map global_policy class inspection_default inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect dns MY_DNS_INSPECT_MAP ! service-policy global_policy global webvpn enable Outside group-policy testvpn internal group-policy testvpn attributes dns-server value 172.16.1.10 216.157.209.60 vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn split-tunnel-policy tunnelspecified split-tunnel-network-list value techvpn_splitTunnelAcl default-domain value test.local split-dns value 172.16.1.10 216.157.209.52 address-pools value techvpn webvpn url-list none group-policy DfltGrpPolicy attributes password-storage enable ip-comp enable re-xauth enable pfs enable ipsec-udp enable split-tunnel-policy tunnelspecified split-tunnel-network-list value testvpn_splitTunnelAcl split-dns value 172.16.1.10 216.157.209.52 tunnel-group testvpn type remote-access tunnel-group testvpn general-attributes address-pool testvpn default-group-policy techvpn tunnel-group testvpn ipsec-attributes pre-shared-key * tunnel-group LSD type remote-access tunnel-group LSD general-attributes default-group-policy techvpn no tunnel-group-map enable ou no tunnel-group-map enable ike-id no tunnel-group-map enable peer-ip tunnel-group-map default-group testvpn imap4s enable Outside default-group-policy DfltGrpPolicy pop3s enable Outside default-group-policy DfltGrpPolicy smtps enable Outside default-group-policy DfltGrpPolicy smtp-server 200.200.200.10 prompt hostname context : end