ASA Version 7.2(2) ! hostname philPA-6888-ASA5505 domain-name xxxxx.com enable password XXXXXXXXX encrypted names ! interface Vlan1 nameif inside security-level 100 ip address 192.168.121.254 255.255.255.0 ! interface Vlan2 nameif DSLoutside security-level 0 ip address 77.26.170.25 255.255.255.248 ! interface Vlan12 backup interface Vlan2 nameif T1outside security-level 0 ip address 75.0.163.242 255.255.255.248 ! interface Ethernet0/0 switchport access vlan 2 ! interface Ethernet0/1 switchport access vlan 12 ! interface Ethernet0/2 ! interface Ethernet0/3 ! interface Ethernet0/4 ! interface Ethernet0/5 ! interface Ethernet0/6 ! interface Ethernet0/7 ! passwd xxxxxxxx encrypted ftp mode passive clock timezone mo -7 clock summer-time MDT recurring dns server-group DefaultDNS domain-name xxxxxx.com access-list T1outside_20_cryptomap extended permit ip 192.168.121.0 255.255.255.0 192.168.114.0 255.255.255.0 access-list inside_nat0_outbound extended permit ip 192.168.121.0 255.255.255.0 192.168.114.0 255.255.255.0 access-list ipsec-peer extended permit ip 192.168.121.0 255.255.255.0 192.168.114.0 255.255.255.0 access-list nonat extended permit ip 192.168.121.0 255.255.255.0 192.168.114.0 255.255.255.0 access-list out_in extended permit icmp any any access-list out_in extended permit gre any any access-list dslout extended permit icmp any any pager lines 35 logging enable logging timestamp logging monitor debugging logging buffered warnings logging asdm informational logging device-id hostname mtu inside 1500 mtu DSLoutside 1500 mtu T1outside 1500 no failover icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-522.bin no asdm history enable arp timeout 14400 global (DSLoutside) 1 interface global (T1outside) 1 interface nat (inside) 0 access-list nonat nat (inside) 1 192.168.121.0 255.255.255.0 nat (inside) 1 0.0.0.0 0.0.0.0 access-group dslout in interface DSLoutside access-group out_in in interface T1outside route T1outside 0.0.0.0 0.0.0.0 74.0.162.241 1 track 1 route DSLoutside 0.0.0.0 0.0.0.0 71.36.170.30 2 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius username xxxxxx password xxxxxxxxx encrypted privilege 15 url-server (inside) vendor websense host 192.168.114.125 timeout 30 protocol TCP version 4 connections 5 url-cache dst 100 aaa authentication ssh console LOCAL filter url 443 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow filter url http 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow http server enable http 0.0.0.0 0.0.0.0 inside http 192.168.114.0 255.255.255.0 inside http 192.168.121.0 255.255.255.0 inside http redirect inside 80 no snmp-server location no snmp-server contact snmp-server community public snmp-server enable traps snmp authentication linkup linkdown coldstart sla monitor 123 type echo protocol ipIcmpEcho 4.2.2.2 interface T1outside timeout 1000 frequency 3 sla monitor schedule 123 life forever start-time now crypto ipsec transform-set xxxxxVPN esp-des esp-sha-hmac crypto ipsec transform-set myset esp-3des esp-sha-hmac crypto map mymap 99 match address ipsec-peer crypto map mymap 99 set peer 12.23.118.2 crypto map mymap 99 set transform-set myset crypto map mymap interface DSLoutside crypto map mymap interface T1outside crypto isakmp identity address crypto isakmp enable DSLoutside crypto isakmp enable T1outside crypto isakmp policy 1 authentication pre-share encryption des hash md5 group 2 lifetime 86400 crypto isakmp policy 2 authentication pre-share encryption des hash sha group 1 lifetime 3600 crypto isakmp policy 3 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 crypto isakmp nat-traversal 20 ! track 1 rtr 123 reachability tunnel-group DefaultL2LGroup ipsec-attributes isakmp keepalive threshold 10 retry 3 tunnel-group DefaultRAGroup ipsec-attributes isakmp keepalive threshold 10 retry 3 tunnel-group 12.23.118.2 type ipsec-l2l tunnel-group 12.23.118.2 ipsec-attributes pre-shared-key * telnet 192.168.121.0 255.255.255.0 inside telnet 192.168.114.0 255.255.255.0 inside telnet 0.0.0.0 0.0.0.0 inside telnet 0.0.0.0 0.0.0.0 DSLoutside telnet 0.0.0.0 0.0.0.0 T1outside telnet timeout 5 ssh 0.0.0.0 0.0.0.0 inside ssh 0.0.0.0 0.0.0.0 DSLoutside ssh 0.0.0.0 0.0.0.0 T1outside ssh timeout 60 console timeout 0 management-access inside dhcpd dns 192.168.114.152 192.168.114.57 dhcpd wins 192.168.114.152 192.168.114.57 dhcpd ping_timeout 750 dhcpd domain rinchem.com ! dhcpd address 192.168.121.107-192.168.121.139 inside dhcpd enable inside ! ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect http inspect rsh inspect rtsp inspect sip inspect skinny inspect esmtp inspect sqlnet inspect tftp inspect pptp ! service-policy global_policy global url-block url-mempool 128 url-block url-size 4 url-block block 128 ntp trusted-key 1 ntp server 192.168.114.152 key 1 source inside webvpn csd image disk0:/securedesktop-asa-3.1.1.29-k9.pkg csd enable prompt hostname context Cryptochecksum:84e68bead5547ba6b5c6b96067932c65 : end