sh run : Saved : ASA Version 7.2(3) ! hostname ciscoasa domain-name default.domain.invalid enable password .d0elOgsWyGLJtSL encrypted names ! interface Vlan1 nameif outside security-level 0 pppoe client vpdn group VAS ip address pppoe setroute ! interface Vlan2 nameif inside security-level 100 ip address 196.218.254.250 255.255.255.0 ! interface Ethernet0/0 switchport access vlan 2 ! interface Ethernet0/1 shutdown <--- More ---> ! interface Ethernet0/2 shutdown ! interface Ethernet0/3 shutdown ! interface Ethernet0/4 shutdown ! interface Ethernet0/5 shutdown ! interface Ethernet0/6 shutdown ! interface Ethernet0/7 ! passwd 2KFQnbNIdI.2KYOU encrypted ftp mode passive dns server-group DefaultDNS domain-name default.domain.invalid object-group service SSH tcp description ssh <--- More ---> port-object eq ssh access-list l2l_list extended permit ip host 196.218.254.100 host 10.1.19.4 access-list l2l_list extended permit ip host 196.218.254.100 host 10.16.19.4 access-list l2l_list extended permit ip host 196.218.254.100 host 10.6.3.166 access-list l2l_list extended permit ip host 196.218.254.100 host 10.3.3.133 access-list l2l_list extended permit ip host 196.218.254.101 host 10.3.3.133 access-list l2l_list extended permit ip host 196.218.254.101 host 10.1.19.4 access-list l2l_list extended permit ip host 196.218.254.101 host 10.16.19.4 access-list nat extended permit ip host 196.218.254.100 host 10.1.19.4 access-list nat extended permit ip host 196.218.254.100 host 10.16.19.4 access-list nat extended permit ip host 196.218.254.100 host 10.6.3.166 access-list nat extended permit ip host 196.218.254.100 host 10.3.3.133 access-list nat extended permit ip host 196.218.254.101 host 10.16.19.4 access-list nat extended permit ip host 196.218.254.101 host 10.1.19.4 access-list nat extended permit ip host 196.218.254.101 host 10.3.3.133 access-list nat extended permit ip host 196.218.254.100 host 213.139.63.207 access-list nat extended permit ip host 196.218.254.100 host 213.139.63.193 access-list nat extended permit ip host 196.218.254.101 host 213.139.63.207 access-list nat extended permit ip host 196.218.254.101 host 213.139.63.193 access-list extended permit tcp host 77.245.0.223 host 196.218.254.100 eq ssh access-list extended permit tcp host 77.245.0.223 host 196.245.218.100 eq ssh access-list outside_access_in extended permit tcp any host 196.218.254.6 eq 3389 access-list outside_access_in extended permit tcp any any eq 3389 access-list outside_access_in extended permit ip any interface outside <--- More ---> access-list outside_access_in extended permit udp any interface outside access-list outside_access_in extended permit ip any any access-list outside_access_in extended permit udp any any access-list outside_access_in extended permit tcp any any access-list outside_access_in extended permit tcp any interface outside access-list outside_access_in extended permit icmp any any echo-reply access-list outside_access_in extended permit icmp any any source-quench access-list outside_access_in extended permit icmp any any unreachable access-list outside_access_in extended permit icmp any any time-exceeded access-list ORANGE extended permit ip host 196.218.254.100 host 213.139.63.207 access-list ORANGE extended permit ip host 196.218.254.100 host 213.139.63.193 access-list ORANGE extended permit ip host 196.218.254.101 host 213.139.63.207 access-list ORANGE extended permit ip host 196.218.254.101 host 213.139.63.193 access-list inside_access_in extended permit ip any any access-list inside_access_in extended permit tcp any any access-list inside_access_in extended permit ip any interface inside access-list inside_access_in extended permit udp any interface inside access-list inside_access_in extended permit udp any any access-list inside_access_in extended permit ah any any access-list inside_access_in extended permit esp any any access-list inside_access_in extended permit gre any any access-list inside_access_in extended permit tcp any interface inside access-list inside_access_in extended permit icmp any any echo-reply access-list inside_access_in extended permit icmp any any source-quench <--- More ---> access-list inside_access_in extended permit icmp any any unreachable access-list inside_access_in extended permit icmp any any time-exceeded pager lines 24 logging enable logging asdm informational mtu outside 1492 mtu inside 1500 icmp unreachable rate-limit 20 burst-size 5 icmp permit any outside icmp permit any time-exceeded outside icmp permit any inside icmp permit 196.218.254.0 255.255.255.0 inside icmp permit any time-exceeded inside asdm image disk0:/asdm-523.bin no asdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 0 access-list nat nat (inside) 1 196.218.254.0 255.255.255.0 static (inside,outside) tcp interface www 196.218.254.100 www netmask 255.255.255.255 static (inside,outside) tcp interface ssh 196.218.254.100 ssh netmask 255.255.255.255 static (inside,outside) tcp interface telnet 196.218.254.250 telnet netmask 255.255.255.255 static (inside,outside) tcp interface https 196.218.254.250 https netmask 255.255.255.255 static (inside,outside) tcp interface 81 196.218.254.101 81 netmask 255.255.255.255 <--- More ---> static (inside,outside) tcp interface 3389 196.218.254.6 3389 netmask 255.255.255.255 access-group outside_access_in in interface outside route outside 0.0.0.0 0.0.0.0 80.90.160.113 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout uauth 0:05:00 absolute http server enable http 196.218.254.0 255.255.255.0 inside http 0.0.0.0 0.0.0.0 outside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec transform-set FirstSet esp-3des esp-md5-hmac crypto ipsec transform-set ORANGE_SET esp-3des esp-sha-hmac crypto map VASmap 1 match address l2l_list crypto map VASmap 1 set peer 84.23.96.6 crypto map VASmap 1 set transform-set FirstSet crypto map VASmap 20 match address ORANGE crypto map VASmap 20 set peer 213.139.32.52 213.139.32.53 crypto map VASmap 20 set transform-set ORANGE_SET crypto map VASmap interface outside crypto isakmp enable outside <--- More ---> crypto isakmp policy 1 authentication pre-share encryption 3des hash md5 group 2 lifetime 43200 crypto isakmp policy 30 authentication pre-share encryption 3des hash sha group 2 lifetime 28800 telnet 0.0.0.0 0.0.0.0 outside telnet 196.218.254.0 255.255.255.0 inside telnet timeout 5 ssh timeout 5 console timeout 0 vpdn group VAS request dialout pppoe vpdn group VAS localname swan@fastlink vpdn group VAS ppp authentication pap vpdn username swan@faslink password ********* store-local vpdn username swan@fastlink password ********* dhcpd address 196.218.254.1-196.218.254.249 inside dhcpd dns 80.90.160.130 4.2.2.2 interface inside <--- More ---> dhcpd enable inside ! ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect netbios inspect rsh inspect rtsp inspect skinny inspect esmtp inspect sqlnet inspect sunrpc <--- More ---> inspect tftp inspect sip inspect xdmcp inspect icmp inspect icmp error class class-default set connection decrement-ttl ! service-policy global_policy global username motasem password j0VMzWPBUZnTBVFv encrypted privilege 15 username cisco password 3USUcOPFUiMCO4Jk encrypted tunnel-group ******** type ipsec-l2l tunnel-group *********ipsec-attributes pre-shared-key * tunnel-group ********* type ipsec-l2l tunnel-group ********* ipsec-attributes pre-shared-key * tunnel-group ******** type ipsec-l2l tunnel-group ********** ipsec-attributes pre-shared-key * prompt hostname context Cryptochecksum:be35482b49c08414bed52713723d1761 : end ciscoasa#