sh run : Saved : ASA Version 8.0(3) ! hostname ASA enable password 2KFQnbNIdI.2KYOU encrypted names dns-guard ! interface GigabitEthernet0/0 nameif Outside security-level 0 ip address ******************* ! interface GigabitEthernet0/1 nameif Trunk security-level 100 no ip address ! interface GigabitEthernet0/1.1 vlan 3 nameif Inside security-level 100 ip address 10.10.1.1 255.255.255.224 ! <--- More ---> interface GigabitEthernet0/1.2 vlan 100 nameif Edari security-level 70 ip address 10.1.0.1 255.255.255.0 ! interface GigabitEthernet0/1.5 no vlan no nameif no security-level no ip address ! interface GigabitEthernet0/2 nameif test security-level 20 ip address 172.20.1.1 255.255.255.0 ! interface GigabitEthernet0/2.211 vlan 211 nameif 211 security-level 20 ip address 10.2.11.1 255.255.255.0 ! interface GigabitEthernet0/2.213 <--- More ---> vlan 213 nameif 213 security-level 20 no ip address ! interface GigabitEthernet0/2.214 vlan 214 nameif 214 security-level 20 no ip address ! interface GigabitEthernet0/2.215 vlan 215 nameif 215 security-level 20 no ip address ! interface GigabitEthernet0/2.218 vlan 218 nameif 218 security-level 20 no ip address ! interface GigabitEthernet0/2.219 <--- More ---> vlan 219 nameif 219 security-level 20 no ip address ! interface GigabitEthernet0/2.220 vlan 220 nameif 220 security-level 20 no ip address ! interface GigabitEthernet0/2.221 vlan 221 nameif 221 security-level 20 no ip address ! interface GigabitEthernet0/2.222 vlan 222 nameif 222 security-level 20 no ip address ! interface GigabitEthernet0/2.224 <--- More ---> vlan 224 nameif 224 security-level 20 no ip address ! interface GigabitEthernet0/2.225 vlan 225 nameif 225 security-level 20 no ip address ! interface GigabitEthernet0/2.226 vlan 226 nameif 226 security-level 20 no ip address ! interface GigabitEthernet0/2.227 vlan 227 nameif 227 security-level 20 no ip address ! interface GigabitEthernet0/3 <--- More ---> ! interface GigabitEthernet0/3.1 description LAN Failover Interface vlan 200 ! interface GigabitEthernet0/3.2 description STATE Failover Interface vlan 201 ! interface Management0/0 nameif management security-level 100 ip address 192.168.1.1 255.255.255.0 management-only ! passwd 2KFQnbNIdI.2KYOU encrypted ftp mode passive access-list Dmz extended permit ip 10.0.0.0 255.0.0.0 host 10.10.1.2 access-list Dmz extended permit ip host 10.10.1.2 any access-list Dmz extended permit ip any host 10.10.1.2 access-list Dmz extended permit ip host 10.10.1.11 host 10.2.11.5 access-list Dmz extended permit ip host 10.10.1.12 host 10.2.11.5 access-list Dmz extended permit ip any host 10.10.1.12 access-list Dmz extended permit ip host 10.10.1.12 any <--- More ---> access-list Dmz extended permit ip any host 10.10.1.11 access-list Dmz extended permit ip host 10.10.1.11 any access-list Dmz extended permit ip host 10.10.1.6 any access-list Dmz extended permit ip host 10.10.1.5 any access-list Permit-Internet extended permit ip any ******************** access-list 211 extended permit ip host 10.2.11.5 host 10.10.1.11 access-list 211 extended permit ip host 10.2.11.5 host 10.10.1.12 access-list 211 extended permit ip host 10.2.11.6 host 10.10.1.11 access-list 211 extended permit ip host 10.2.11.6 host 10.10.1.12 pager lines 24 logging asdm informational mtu Outside 1500 mtu Trunk 1500 mtu Inside 1500 mtu Edari 1500 mtu 211 1500 mtu 213 1500 mtu 214 1500 mtu 215 1500 mtu 218 1500 mtu 219 1500 mtu 220 1500 mtu 221 1500 mtu 222 1500 <--- More ---> mtu 224 1500 mtu 225 1500 mtu 226 1500 mtu 227 1500 mtu management 1500 mtu test 1500 failover failover lan unit primary failover lan interface Failover GigabitEthernet0/3.1 failover polltime interface 2 holdtime 10 failover key ***** failover replication http failover link stateful GigabitEthernet0/3.2 failover interface ip Failover 172.32.1.1 255.255.255.0 standby 172.32.1.2 failover interface ip stateful 172.32.2.1 255.255.255.0 standby 172.32.2.2 monitor-interface Inside monitor-interface Edari icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-508.bin no asdm history enable arp timeout 14400 global (Outside) 1 interface nat (Edari) 1 192.168.10.0 255.255.255.224 access-group Permit-Internet in interface Outside <--- More ---> access-group Dmz in interface Inside access-group Dmz out interface Inside access-group 211 in interface 211 route Outside 0.0.0.0 0.0.0.0 ************ 1 route test 10.30.0.0 255.255.255.0 172.20.1.2 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout uauth 0:05:00 absolute dynamic-access-policy-record DfltAccessPolicy aaa-server pix protocol radius aaa-server pix host 10.10.1.2 key cisco aaa authentication ssh console LOCAL http 192.168.1.0 255.255.255.0 management no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart service resetoutside crypto ipsec transform-set Askariye-Security esp-3des esp-md5-hmac crypto ipsec transform-set Askariye-Security mode transport crypto dynamic-map dynmap 10 set transform-set Askariye-Security crypto map mymap 10 ipsec-isakmp dynamic dynmap <--- More ---> crypto map mymap interface Outside crypto map mymap interface Trunk crypto map mymap interface Edari crypto map mymap interface 211 crypto map mymap interface test crypto isakmp identity address crypto isakmp enable Outside crypto isakmp enable Trunk crypto isakmp enable Edari crypto isakmp enable 211 crypto isakmp enable test crypto isakmp policy 10 authentication pre-share encryption 3des hash md5 group 2 lifetime 86400 telnet 0.0.0.0 0.0.0.0 Inside telnet 0.0.0.0 0.0.0.0 Edari telnet timeout 5 ssh 0.0.0.0 0.0.0.0 Outside ssh 0.0.0.0 0.0.0.0 Inside ssh 0.0.0.0 0.0.0.0 Edari ssh timeout 5 <--- More ---> ssh version 2 console timeout 0 dhcprelay server 10.10.1.2 Inside dhcprelay enable Edari dhcprelay enable 211 dhcprelay setroute Inside dhcprelay setroute Edari dhcprelay setroute 211 dhcprelay timeout 60 threat-detection basic-threat threat-detection statistics access-list group-policy DefaultRAGroup internal group-policy DefaultRAGroup attributes vpn-simultaneous-logins 5000 vpn-idle-timeout 20 vpn-tunnel-protocol IPSec l2tp-ipsec default-domain value Toosbank.corp user-authentication-idle-timeout 10 username ****************** encrypted tunnel-group DefaultL2LGroup ipsec-attributes isakmp keepalive threshold 30 retry 2 tunnel-group DefaultRAGroup general-attributes authentication-server-group pix accounting-server-group pix <--- More ---> tunnel-group DefaultRAGroup ipsec-attributes pre-shared-key * isakmp keepalive disable tunnel-group DefaultWEBVPNGroup ipsec-attributes isakmp keepalive threshold 30 retry 2 ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns migrated_dns_map_1 parameters message-length maximum 512 policy-map global_policy class inspection_default inspect dns migrated_dns_map_1 inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny <--- More ---> inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp ! service-policy global_policy global prompt hostname context Cryptochecksum:a6297aba04386bd18307903e402ad3eb : end ASA#