Result of the command: "show running-config" : Saved : ASA Version 7.2(3) ! hostname ciscoasa domain-name companionhospice.pri enable password xxxxxxxx encrypted names ! interface Vlan1 nameif inside security-level 100 ip address 10.1.1.1 255.255.255.0 ! interface Vlan2 nameif outside security-level 0 ip address xx.xx.xx.xxx 255.255.255.248 ! interface Vlan3 no forward interface Vlan1 nameif dmz security-level 50 ip address dhcp ! interface Ethernet0/0 switchport access vlan 2 ! interface Ethernet0/1 ! interface Ethernet0/2 ! interface Ethernet0/3 ! interface Ethernet0/4 ! interface Ethernet0/5 ! interface Ethernet0/6 ! interface Ethernet0/7 ! passwd xxxxxxxxxxxxx encrypted ftp mode passive clock timezone PST -8 clock summer-time PDT recurring dns server-group DefaultDNS domain-name companionhospice.pri same-security-traffic permit inter-interface same-security-traffic permit intra-interface object-group service oasis tcp description Testing Oasis over the internet port-object range 1800 1800 port-object range ftp ftp port-object range 4500 4500 port-object range 500 500 port-object range 5080 5080 port-object range 709 709 port-object range www www object-group service Oasis udp port-object range 4500 4500 access-list outside_access_in extended permit tcp any interface outside eq smtp access-list outside_access_in extended permit icmp any any access-list outside_access_in extended permit tcp any interface outside eq pop3 access-list outside_access_in extended permit tcp any interface outside eq 3389 access-list outside_1_cryptomap extended permit ip 10.1.1.0 255.255.255.0 192.168.0.0 255.255.255.0 access-list inside_nat0_outbound extended permit ip 10.1.1.0 255.255.255.0 192.168.0.0 255.255.255.0 access-list inside_nat0_outbound extended permit ip 10.1.1.0 255.255.255.0 192.168.5.0 255.255.255.0 access-list inside_nat0_outbound extended permit ip 10.1.1.0 255.255.255.0 192.168.3.0 255.255.255.0 access-list inside_nat0_outbound extended permit ip 10.1.1.0 255.255.255.0 192.168.9.0 255.255.255.0 access-list inside_nat0_outbound extended permit ip any 192.168.2.0 255.255.255.0 access-list inside_nat0_outbound extended permit ip any 10.1.1.192 255.255.255.192 access-list outside_2_cryptomap extended permit ip 10.1.1.0 255.255.255.0 192.168.5.0 255.255.255.0 access-list outside_3_cryptomap extended permit ip 10.1.1.0 255.255.255.0 192.168.9.0 255.255.255.0 access-list outside_4_cryptomap extended permit ip 10.1.1.0 255.255.255.0 192.168.9.0 255.255.255.0 access-list trasksplit standard permit 10.1.1.0 255.255.255.0 access-list outside_5_cryptomap extended permit ip 10.1.1.0 255.255.255.0 192.168.3.0 255.255.255.0 pager lines 24 logging enable logging asdm informational mtu inside 1500 mtu outside 1500 mtu dmz 1500 ip local pool trask2 10.1.1.200-10.1.1.241 mask 255.255.255.0 icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-523.bin no asdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 0 access-list inside_nat0_outbound nat (inside) 1 0.0.0.0 0.0.0.0 static (inside,outside) tcp interface smtp 10.1.1.xx smtp netmask 255.255.255.255 static (inside,outside) tcp interface pop3 10.1.1.xx pop3 netmask 255.255.255.255 static (inside,outside) tcp interface 3389 10.1.1.xx 3389 netmask 255.255.255.255 access-group outside_access_in in interface outside route outside 0.0.0.0 0.0.0.0 xx.xx.xx.xxx 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout uauth 0:05:00 absolute http server enable http 10.1.1.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto dynamic-map outside_dyn_map 20 set pfs crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA crypto map outside_map 1 match address outside_1_cryptomap crypto map outside_map 1 set pfs crypto map outside_map 1 set peer xxx.57.71.72 crypto map outside_map 1 set transform-set ESP-3DES-MD5 ESP-3DES-SHA ESP-DES-MD5 ESP-DES-SHA crypto map outside_map 1 set nat-t-disable crypto map outside_map 2 match address outside_2_cryptomap crypto map outside_map 2 set pfs crypto map outside_map 2 set peer xxx.60.171.34 crypto map outside_map 2 set transform-set ESP-3DES-MD5 crypto map outside_map 3 match address outside_3_cryptomap crypto map outside_map 3 set pfs crypto map outside_map 3 set peer xxx.212.201.122 crypto map outside_map 3 set transform-set ESP-3DES-MD5 crypto map outside_map 5 match address outside_5_cryptomap crypto map outside_map 5 set pfs crypto map outside_map 5 set peer xxx.8.140.226 crypto map outside_map 5 set transform-set ESP-3DES-MD5 crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map crypto map outside_map interface outside crypto isakmp enable outside crypto isakmp policy 10 authentication pre-share encryption 3des hash sha group 2 lifetime 182400 crypto isakmp policy 30 authentication pre-share encryption des hash sha group 2 lifetime 86400 crypto isakmp policy 50 authentication pre-share encryption 3des hash md5 group 2 lifetime 86400 crypto isakmp policy 70 authentication crack encryption 3des hash sha group 2 lifetime 86400 no vpn-addr-assign aaa no vpn-addr-assign dhcp telnet timeout 5 ssh timeout 5 console timeout 0 dhcpd auto_config outside ! dhcpd address 10.1.1.2-10.1.1.254 inside ! ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum 512 policy-map type inspect im impolicy parameters match protocol msn-im yahoo-im drop-connection policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp policy-map type inspect http P2P_HTTP parameters match request uri regex _default_gator drop-connection log match request uri regex _default_x-kazaa-network drop-connection log ! service-policy global_policy global group-policy DfltGrpPolicy attributes banner none wins-server none dns-server none dhcp-network-scope none vpn-access-hours none vpn-simultaneous-logins 200 vpn-idle-timeout none vpn-session-timeout none vpn-filter none vpn-tunnel-protocol IPSec l2tp-ipsec webvpn password-storage disable ip-comp disable re-xauth disable group-lock none pfs enable ipsec-udp disable ipsec-udp-port 10000 split-tunnel-policy tunnelall split-tunnel-network-list none default-domain none split-dns none intercept-dhcp 255.255.255.255 disable secure-unit-authentication disable user-authentication disable user-authentication-idle-timeout none ip-phone-bypass disable leap-bypass disable nem disable backup-servers keep-client-config msie-proxy server none msie-proxy method no-modify msie-proxy except-list none msie-proxy local-bypass disable nac disable nac-sq-period 300 nac-reval-period 36000 nac-default-acl none address-pools none smartcard-removal-disconnect disable client-firewall none client-access-rule none webvpn functions url-entry html-content-filter none homepage none keep-alive-ignore 4 http-comp gzip filter none url-list none customization value DfltCustomization port-forward none port-forward-name value Application Access sso-server none deny-message value Login was successful, but because certain criteria have not been met or due to some specific group policy, you do not have permission to use any of the VPN features. Contact your IT administrator for more information svc none svc keep-installer installed svc keepalive none svc rekey time none svc rekey method none svc dpd-interval client none svc dpd-interval gateway none svc compression deflate group-policy companion internal group-policy companion attributes dns-server value 10.1.1.10 vpn-tunnel-protocol IPSec password-storage enable split-tunnel-policy tunnelspecified split-tunnel-network-list value trasksplit nem enable address-pools value trask2 username assistant password xxxxxxxxx encrypted username assistant attributes password-storage enable username michael password xxxxxxxxx encrypted username michael attributes password-storage enable username chris password xxxxxxxxx encrypted username judy password xxxxxxxxxx encrypted username judy attributes password-storage enable tunnel-group xxx.209.221.114 type ipsec-l2l tunnel-group xxx.209.221.114 ipsec-attributes pre-shared-key * isakmp keepalive disable tunnel-group xxx.60.171.34 type ipsec-l2l tunnel-group xxx.60.171.34 ipsec-attributes pre-shared-key * isakmp keepalive disable tunnel-group xxx.8.140.226 type ipsec-l2l tunnel-group xxx.8.140.226 ipsec-attributes pre-shared-key * isakmp keepalive disable tunnel-group xxx.212.201.122 type ipsec-l2l tunnel-group xxx.212.201.122 ipsec-attributes pre-shared-key * isakmp keepalive disable tunnel-group companion type ipsec-ra tunnel-group companion general-attributes address-pool (outside) trask2 address-pool trask2 default-group-policy companion tunnel-group companion ipsec-attributes pre-shared-key * isakmp keepalive disable tunnel-group xxx.57.71.72 type ipsec-l2l tunnel-group xxx.57.71.72 ipsec-attributes pre-shared-key * isakmp keepalive disable tunnel-group-map default-group xxx.209.221.114 prompt hostname context Cryptochecksum:056b24e6ba0a0dfe49b36f309f490a6a : end