dns-guard ! interface Ethernet0 speed 100 duplex full nameif outside security-level 0 ip address * 255.255.255.240 ! interface Ethernet1 speed 100 duplex full nameif inside security-level 100 ip address * 255.255.255.0 ! interface Ethernet2 speed 100 duplex full shutdown nameif easynet security-level 10 ip address * 255.255.255.248 ! interface Ethernet3 speed 100 duplex full nameif isa security-level 50 ip address * 255.255.255.0 ! interface Ethernet4 shutdown no nameif no security-level no ip address ! interface Ethernet5 shutdown no nameif no security-level no ip address ! boot system flash:/pix722.bin ftp mode passive clock timezone GMT/BST 0 clock summer-time GMT/BDT recurring last Sun Mar 1:00 last Sun Oct 2:00 dns server-group DefaultDNS domain-name * object-group service netbios_ports tcp-udp port-object range 137 139 port-object eq 445 object-group service sunrpc tcp-udp port-object eq sunrpc object-group service snmp tcp-udp port-object eq 161 object-group service blocked-services tcp-udp group-object netbios_ports group-object sunrpc group-object snmp object-group network local_net network-object * 255.255.255.0 object-group network *-public network-object *.0 255.255.255.0 object-group network *-srv network-object host * object-group network spit-dns network-object host dns2 network-object host ns1 object-group network ez-dns network-object host * network-object host * object-group network allowed-dns group-object spit-dns group-object ez-dns object-group network *_net network-object *.1.0 255.255.255.0 object-group network rick_net network-object *.253.0 255.255.255.0 object-group network *_net network-object *.252.0 255.255.255.0 object-group network *-mgmt network-object *.128.0 255.255.255.0 object-group network *-network network-object *.136.32 255.255.255.224 object-group network *-neil-network network-object *.202.0 255.255.255.0 object-group network *-*-network network-object *.203.0 255.255.255.0 object-group network vpn_clients network-object *.250.0 255.255.255.0 object-group network *_net network-object *.147.0 255.255.255.0 object-group network helent_net network-object *.145.0 255.255.255.0 object-group network paulo_net network-object *.143.0 255.255.255.0 object-group network *l_net network-object *.5.0 255.255.255.0 access-list splittunnel extended permit ip object-group local_net object-group vpn_clients access-list insideout extended permit tcp host exchange any eq smtp access-list insideout extended permit tcp host *.128.70 any eq smtp access-list insideout extended permit tcp host *.128.105 any eq smtp access-list insideout extended permit tcp host *.128.72 any eq smtp access-list insideout extended permit tcp host *.128.113 any eq smtp access-list insideout extended permit tcp host *.128.115 any eq smtp access-list insideout extended permit tcp host *.128.220 any eq smtp access-list insideout extended permit tcp host *.128.156 any eq smtp access-list insideout extended permit tcp host *.128.24 any eq smtp access-list insideout extended permit tcp host *.128.33 any eq smtp access-list insideout extended permit tcp host *.128.68 any eq smtp access-list insideout extended permit tcp host *.128.134 any eq smtp access-list insideout extended permit tcp host *.128.155 any eq smtp access-list insideout extended permit tcp host *.128.137 any eq smtp access-list insideout extended deny tcp any any eq smtp access-list insideout extended permit ip any any access-list outsidein extended permit icmp any any echo-reply access-list outsidein extended permit icmp any any time-exceeded access-list outsidein extended permit icmp any any unreachable access-list outsidein extended permit icmp any any echo access-list outsidein extended permit tcp host * host exchange-nat eq smtp access-list outsidein extended permit tcp any host ISA eq https access-list nonat extended permit ip any *.0.0 255.255.0.0 access-list nonat extended permit ip any *.0.0 255.255.0.0 access-list nonat extended permit ip object-group *_net object-group *-network access-list nonat extended permit ip object-group *_net object-group *-*-network access-list nonat extended permit ip object-group *_net object-group *-neil-network access-list nonat extended permit ip * 255.255.255.0 *.5.0 255.255.255.0 access-list nonat extended permit ip host *.128.243 *.0.0 255.255.255.0 access-list nonat extended permit ip 192.169.128.0 255.255.255.0 *.145.0 255.255.255.0 access-list nonat extended permit ip object-group *_net host *-host access-list nonat extended permit ip object-group local_net host *-host access-list nonat extended permit ip host *.128.43 *.0.0 255.255.255.0 access-list nonat extended permit ip *.1.0 255.255.255.0 *.253.0 255.255.255.0 access-list nonat extended permit ip * 255.255.255.0 *.253.0 255.255.255.0 access-list nonat extended permit ip *.1.0 255.255.255.0 *.250.0 255.255.255.0 access-list nonat extended permit ip * 255.255.255.0 *.250.0 255.255.255.0 access-list nonat extended permit ip * 255.255.255.0 172.17.17.0 255.255.255.248 access-list nonat extended permit ip * 255.255.255.0 *.1.0 255.255.255.0 access-list nonat extended permit ip * 255.255.255.0 172.18.18.0 255.255.255.240 access-list *Nvpn extended permit ip object-group *_net object-group *-neil-network access-list *Pvpn extended permit ip object-group *_net object-group *-*-network access-list helenvpn extended permit ip object-group local_net object-group helent_net access-list * extended permit ip host *.128.243 *.0.0 255.255.255.0 access-list * extended permit ip host *.128.43 *.0.0 255.255.255.0 access-list *vpn extended permit ip object-group local_net host *-host access-list *vpn extended permit ip object-group *_net host *-host access-list easynetin extended permit icmp any any echo-reply access-list easynetin extended permit icmp any any time-exceeded access-list easynetin extended permit icmp any any unreachable access-list easynetin extended permit icmp any any echo access-list split extended permit ip object-group local_net *.250.0 255.255.255.0 access-list split extended permit ip object-group *_net *.250.0 255.255.255.0 access-list split extended permit ip host *.30.6 *.250.0 255.255.255.0 access-list * extended permit ip * 255.255.255.0 *.17.0 255.255.255.248 access-list *god extended permit ip * 255.255.255.0 *.1.0 255.255.255.0 access-list * extended permit ip * 255.255.255.0 *.18.0 255.255.255.240 pager lines 24 logging enable logging timestamp logging console warnings logging buffered debugging logging trap warnings logging asdm informational logging host inside *.128.253 17/1025 mtu outside 1500 mtu inside 1500 mtu easynet 1500 mtu isa 1500 ip local pool vpn-clients *.250.1-*.250.254 ip local pool rickvpn *.250.1-*.250.2 no failover icmp unreachable rate-limit 1 burst-size 1 asdm image flash:/asdm-521.bin asdm history enable arp timeout 14400 nat-control global (outside) 1 outside-nat global (easynet) 1 easynet-nat nat (inside) 0 access-list nonat nat (inside) 1 * 255.255.255.0 static (inside,outside) exchange-nat exchange netmask 255.255.255.255 static (isa,outside) ISA isa netmask 255.255.255.255 access-group outsidein in interface outside access-group insideout in interface inside access-group easynetin in interface easynet route outside * 255.255.255.255 *.65 1 route outside * 255.255.255.255 *.65 1 route outside * 255.255.255.255 *.65 1 route outside * 255.255.255.255 *.65 1 route outside *lnet 255.255.255.240 *.65 1 route outside * 255.255.255.255 *.65 1 route outside * 255.255.255.0 *.65 1 route outside *.128.0 255.255.224.0 *.65 1 route outside * 255.255.255.255 *.65 1 route outside * 255.255.255.252 *.65 1 route outside * 255.255.128.0 *.65 1 route outside * 255.255.0.0 *.65 1 route outside *.0 255.255.224.0 *.65 1 route outside * 255.255.255.255 *.65 1 route outside * 255.255.255.255 *.65 1 route outside * 255.255.255.255 *.65 1 route outside * 255.255.255.255 *.65 1 route outside * 255.255.255.192 *.65 1 route outside 0.0.0.0 0.0.0.0 *.65 254 route outside * 255.255.255.255 *.65 1 route inside *.1.0 255.255.255.0 *.128.192 1 route easynet * 255.255.255.248 *.17.1 1 route easynet 0.0.0.0 0.0.0.0 *.17.1 1 timeout xlate 0:30:00 timeout conn 0:40:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout uauth 0:25:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius aaa-server partnerauth protocol radius aaa-server partnerauth host *.128.253 timeout 5 key * aaa-server partnerauth host *.128.246 key * group-policy * internal group-policy * attributes wins-server value *.128.246 *.128.253 dns-server value *.128.246 *.128.253 vpn-idle-timeout 30 split-tunnel-policy tunnelspecified split-tunnel-network-list value split group-policy *test internal group-policy *test attributes vpn-idle-timeout 30 group-policy * internal group-policy * attributes wins-server value *.128.246 *.128.253 dns-server value *.128.246 *.128.253 vpn-idle-timeout 30 split-tunnel-policy tunnelspecified split-tunnel-network-list value splittunnel group-policy * internal group-policy * attributes wins-server value *.128.246 *.128.253 dns-server value *.128.246 *.128.253 vpn-idle-timeout 30 split-tunnel-policy tunnelspecified split-tunnel-network-list value splittunnel url-server (inside) vendor websense host *.128.224 timeout 10 protocol TCP version 4 connections 5 filter url except 0.0.0.0 0.0.0.0 *.0.0 255.255.128.0 allow filter url except 0.0.0.0 0.0.0.0 *.128.0 255.255.224.0 allow filter url except 0.0.0.0 0.0.0.0 *.0 255.255.224.0 allow filter https except 0.0.0.0 0.0.0.0 *.0 255.255.224.0 allow filter https except 0.0.0.0 0.0.0.0 *.128.0 255.255.224.0 allow filter https except 0.0.0.0 0.0.0.0 *.0.0 255.255.128.0 allow filter ftp 443 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow filter url http 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow longurl-truncate http server enable http *.128.134 255.255.255.255 inside http *.128.113 255.255.255.255 inside no snmp-server location no snmp-server contact snmp-server community public snmp-server enable traps snmp authentication linkup linkdown coldstart service resetinbound service resetoutside crypto ipsec transform-set aes-256-sha esp-aes-256 esp-sha-hmac crypto ipsec transform-set 3des-sha esp-3des esp-sha-hmac crypto ipsec transform-set 3des-md5 esp-3des esp-md5-hmac crypto dynamic-map dynmap 10 set transform-set aes-256-sha 3des-md5 crypto map spit-map 30 match address *vpn crypto map spit-map 30 set peer *-gw crypto map spit-map 30 set transform-set aes-256-sha crypto map spit-map 40 match address * crypto map spit-map 40 set peer *.85.30 crypto map spit-map 40 set transform-set aes-256-sha crypto map spit-map 55 match address *Nvpn crypto map spit-map 55 set peer *-neil-gw crypto map spit-map 55 set transform-set aes-256-sha crypto map spit-map 60 match address *Pvpn crypto map spit-map 60 set peer *-*-gw crypto map spit-map 60 set transform-set aes-256-sha crypto map spit-map 70 match address *god crypto map spit-map 70 set peer *goddard crypto map spit-map 70 set transform-set aes-256-sha crypto map spit-map 110 match address * crypto map spit-map 110 set peer *.155.226 crypto map spit-map 110 set transform-set 3des-sha crypto map spit-map 120 match address helenvpn crypto map spit-map 120 set peer helen-gw2 crypto map spit-map 120 set transform-set 3des-md5 crypto map spit-map 130 match address * crypto map spit-map 130 set peer *.85.98 crypto map spit-map 130 set transform-set aes-256-sha crypto map spit-map 200 ipsec-isakmp dynamic dynmap crypto map spit-map interface outside crypto map * 200 ipsec-isakmp dynamic dynmap crypto map * interface easynet crypto isakmp identity address crypto isakmp enable outside crypto isakmp enable easynet crypto isakmp policy 1 authentication pre-share encryption aes-256 hash sha group 2 lifetime 36000 crypto isakmp policy 2 authentication pre-share encryption aes-192 hash sha group 2 lifetime 36000 crypto isakmp policy 3 authentication pre-share encryption aes hash sha group 2 lifetime 36000 crypto isakmp policy 5 authentication pre-share encryption aes hash md5 group 2 lifetime 36000 crypto isakmp policy 10 authentication pre-share encryption 3des hash sha group 2 lifetime 36000 crypto isakmp policy 15 authentication pre-share encryption 3des hash md5 group 2 lifetime 36000 crypto isakmp policy 65535 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 crypto isakmp nat-traversal 20 ! track 100 rtr 1 reachability tunnel-group DefaultRAGroup general-attributes authentication-server-group (outside) partnerauth authentication-server-group (easynet) partnerauth tunnel-group DefaultRAGroup ipsec-attributes isakmp keepalive threshold 10 retry 2 tunnel-group *.92.8 type ipsec-l2l tunnel-group *.92.8 ipsec-attributes pre-shared-key * tunnel-group *.155.226 type ipsec-l2l tunnel-group *.155.226 ipsec-attributes pre-shared-key * tunnel-group *.92.26 type ipsec-l2l tunnel-group *.92.26 ipsec-attributes pre-shared-key * tunnel-group *.146.74 type ipsec-l2l tunnel-group *.146.74 ipsec-attributes pre-shared-key * tunnel-group *.85.30 type ipsec-l2l tunnel-group *.85.30 ipsec-attributes pre-shared-key * tunnel-group *.86.110 type ipsec-l2l tunnel-group *.86.110 ipsec-attributes pre-shared-key * tunnel-group *.96.238 type ipsec-l2l tunnel-group *.96.238 ipsec-attributes pre-shared-key * tunnel-group * type ipsec-ra tunnel-group * general-attributes address-pool vpn-clients authentication-server-group (outside) partnerauth authentication-server-group (easynet) partnerauth default-group-policy * tunnel-group * ipsec-attributes pre-shared-key * tunnel-group * type ipsec-ra tunnel-group * general-attributes address-pool vpn-clients authentication-server-group (outside) partnerauth authentication-server-group (easynet) partnerauth default-group-policy * tunnel-group * ipsec-attributes pre-shared-key * tunnel-group *test type ipsec-ra tunnel-group *test general-attributes authentication-server-group (outside) partnerauth authentication-server-group (easynet) partnerauth default-group-policy *test tunnel-group * type ipsec-ra tunnel-group * general-attributes address-pool *vpn authentication-server-group (outside) partnerauth authentication-server-group (easynet) partnerauth default-group-policy * tunnel-group * ipsec-attributes pre-shared-key * tunnel-group *.85.98 type ipsec-l2l tunnel-group *.85.98 ipsec-attributes pre-shared-key * telnet *.5.0 255.255.255.0 outside telnet * 255.255.255.0 inside telnet *.251.0 255.255.255.0 inside telnet *.254.0 255.255.255.0 inside telnet *.251.0 255.255.255.0 easynet telnet *.254.0 255.255.255.0 easynet telnet timeout 50 ssh *.254.0 255.255.255.0 outside ssh * 255.255.255.0 inside ssh *.251.0 255.255.255.0 inside ssh *.254.0 255.255.255.0 inside ssh *.251.0 255.255.255.0 easynet ssh *.254.0 255.255.255.0 easynet ssh timeout 50 ssh version 1 console timeout 0 ! class-map class_sip_udp match port udp eq sip class-map inspection_default match default-inspection-traffic ! ! policy-map global_policy class inspection_default inspect ftp inspect h323 h225 inspect h323 ras inspect http inspect ils inspect pptp inspect rsh inspect rtsp inspect skinny inspect sqlnet inspect sunrpc inspect tftp inspect xdmcp inspect netbios class class_sip_udp inspect sip ! service-policy global_policy global url-block url-mempool 2048 url-block url-size 4 url-block block 64 ntp server *.128.218 source inside ntp server * source outside ntp server * source outside ssl encryption 3des-sha1 rc4-md5 aes256-sha1 prompt hostname context