:
ASA Version 7.0(7) 
!
hostname FW-1a
domain-name fiqa.com
!
interface Ethernet0/0
 nameif outside
 security-level 0
 ip address 68.72.236.254 255.255.255.0 
!
interface Ethernet0/1
 nameif inside
 security-level 100
 ip address 10.100.0.254 255.255.248.0 
!
interface Ethernet0/2
 nameif delta
 security-level 50
 ip address 10.10.12.254 255.255.255.0 
!
interface Management0/0
 nameif management
 security-level 100
 ip address 192.168.1.1 255.255.255.0 
 management-only
!
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring 1 Sun Apr 2:00 last Sun Oct 2:00
same-security-traffic permit intra-interface
object-group service webprotocols tcp
 port-object eq www
 port-object eq https
object-group service dnsprotocol tcp-udp
 port-object eq domain
object-group service ftpprotocol tcp-udp
 port-object eq 20
 port-object eq 21
object-group protocol tcp-udp
 protocol-object tcp
 protocol-object udp
object-group network PublicWebServers
 network-object host 68.72.236.201
 network-object host 68.72.236.202
 network-object host 68.72.236.204
 network-object host 68.72.236.121
 network-object host 68.72.236.122
 network-object host 68.72.236.221
object-group network PublicSMTPServers
 network-object host 68.72.236.206
 network-object host 68.72.236.25
object-group network PublicFTPServers
 network-object host 68.72.236.202
object-group network InternalSQLServers
 network-object host 10.100.1.54
 network-object host 10.200.1.31
 network-object host 10.200.1.32
 network-object host 10.200.1.33
object-group network InternalSMTPServers
 network-object host 10.100.1.5
object-group network StarTeamServer
 network-object host 10.100.1.7
object-group network PublicWebServers_real
 network-object 10.10.12.201 255.255.255.255
 network-object 10.10.12.202 255.255.255.255
 network-object 10.10.12.204 255.255.255.255
object-group network PublicFTPServers_real
 network-object 10.10.12.202 255.255.255.255
object-group network PublicSMTPServers_real
 network-object 10.10.12.206 255.255.255.255
object-group service DomainAuthentication tcp-udp
 port-object eq 389
 port-object eq 88
 port-object eq 123
object-group network PublicSMTPServers_real1
 network-object 10.10.12.206 255.255.255.255
 network-object 10.10.12.25 255.255.255.255
object-group network PPTPServers
 network-object host 68.72.236.121
object-group service PPTPprotocols tcp
 port-object eq pptp
object-group protocol GREProtocol
 protocol-object gre
object-group network PublicWebServers_real1
 network-object 10.10.12.201 255.255.255.255
 network-object 10.10.12.202 255.255.255.255
 network-object 10.10.12.204 255.255.255.255
 network-object 10.10.12.121 255.255.255.255
 network-object 10.10.12.122 255.255.255.255
 network-object 10.10.12.221 255.255.255.255
object-group network PPTPServers_real
 network-object 10.10.12.121 255.255.255.255
object-group network PublicFTPServers_real1
 network-object 10.10.12.202 255.255.255.255
 network-object 10.10.12.37 255.255.255.255
object-group service FTPSProtocol tcp-udp
 port-object eq 21
 port-object eq 50000
 port-object eq 50001
 port-object eq 50002
 port-object eq 50003
 port-object eq 50004
 port-object eq 990
 port-object eq www
 port-object eq 443
object-group network PublicFTPSServers
 network-object host 68.72.236.37
object-group network PublicFTPSServers_real
 network-object 10.10.12.37 255.255.255.255
access-list no-nat-inside extended permit ip 10.0.0.0 255.0.0.0 10.10.12.0 255.255.255.0 
access-list no-nat-inside extended permit ip any 10.10.13.0 255.255.255.0 
access-list no-nat-delta extended permit ip 10.10.12.0 255.255.255.0 10.0.0.0 255.0.0.0 
access-list from-inside-coming-in extended permit tcp any any 
access-list from-inside-coming-in extended permit udp any any 
access-list from-inside-coming-in extended permit icmp any any 
access-list from-inside-coming-in extended permit ip any any 
access-list from-outside-coming-in extended permit tcp any object-group PublicWebServers object-group webprotocols 
access-list from-outside-coming-in extended permit object-group tcp-udp any object-group PublicFTPServers object-group ftpprotocol 
access-list from-outside-coming-in extended permit tcp any object-group PublicSMTPServers eq smtp 
access-list from-outside-coming-in extended permit icmp any any echo-reply 
access-list from-outside-coming-in extended permit tcp any object-group PPTPServers object-group PPTPprotocols 
access-list from-outside-coming-in extended permit object-group GREProtocol any object-group PPTPServers 
access-list from-outside-coming-in extended permit object-group tcp-udp any object-group PublicFTPSServers object-group FTPSProtocol 
access-list from-outside-coming-in extended permit tcp host 68.72.236.38 19.0.0.0 255.0.0.0 
access-list from-outside-coming-in extended permit udp host 68.72.236.38 19.0.0.0 255.0.0.0 
access-list from-outside-coming-in extended permit icmp host 68.72.236.38 19.0.0.0 255.0.0.0 
access-list from-delta-coming-in extended permit tcp 10.10.12.0 255.255.255.0 any eq www 
access-list from-delta-coming-in extended permit tcp 10.10.12.0 255.255.255.0 any eq https 
access-list from-delta-coming-in extended permit tcp 10.10.12.0 255.255.255.0 any eq ftp 
access-list from-delta-coming-in extended permit tcp 10.10.12.0 255.255.255.0 any eq ftp-data 
access-list from-delta-coming-in extended permit udp 10.10.12.0 255.255.255.0 any eq 20 
access-list from-delta-coming-in extended permit udp 10.10.12.0 255.255.255.0 any eq 21 
access-list from-delta-coming-in extended permit udp 10.10.12.0 255.255.255.0 any eq domain 
access-list from-delta-coming-in extended permit tcp 10.10.12.0 255.255.255.0 any eq domain 
access-list from-delta-coming-in extended permit tcp 10.10.12.0 255.255.255.0 object-group InternalSQLServers eq 1433 
access-list from-delta-coming-in extended permit tcp 10.10.12.0 255.255.255.0 object-group InternalSMTPServers eq smtp 
access-list from-delta-coming-in extended permit tcp 10.10.12.0 255.255.255.0 object-group StarTeamServer eq 49201 
access-list from-delta-coming-in extended permit tcp 10.10.12.0 255.255.255.0 any eq smtp 
access-list from-delta-coming-in extended permit icmp any any echo-reply 
access-list from-delta-coming-in extended permit object-group tcp-udp host 10.10.12.221 host 10.100.1.1 object-group DomainAuthentication 
access-list from-delta-coming-in extended permit tcp host 10.10.12.25 any 
access-list from-delta-coming-in extended permit udp host 10.10.12.25 any 
access-list from-delta-coming-in extended permit gre host 10.10.12.121 any 
access-list from-delta-coming-in extended permit tcp host 10.10.12.221 10.0.0.0 255.0.0.0 eq 3389 
access-list from-delta-coming-in extended permit tcp 10.10.12.0 255.255.255.0 10.0.0.0 255.0.0.0 eq ssh 
access-list from-delta-coming-in extended permit icmp any any echo 
access-list from-delta-coming-in extended permit udp 10.10.12.0 255.255.255.0 any eq ntp 
access-list from-delta-coming-in extended permit tcp host 10.10.12.37 any eq 6366 
access-list from-delta-coming-in extended permit tcp host 10.10.12.37 any range 6367 6416 
access-list from-delta-coming-in extended permit tcp 10.10.12.0 255.255.255.0 10.143.0.0 255.255.255.0 eq 902 
access-list outside_nat0_outbound extended permit ip host 68.72.236.38 19.0.0.0 255.0.0.0 
access-list outside_cryptomap_20 extended permit ip host 68.72.236.39 19.0.0.0 255.0.0.0 
access-list outside_cryptomap_20 extended permit tcp host 68.72.236.39 19.0.0.0 255.0.0.0 
access-list outside_cryptomap_20 extended permit udp host 68.72.236.39 19.0.0.0 255.0.0.0 
access-list outside_cryptomap_20 extended permit icmp host 68.72.236.39 19.0.0.0 255.0.0.0 
access-list policy-nat extended permit ip host 10.10.12.39 19.0.0.0 255.0.0.0 
pager lines 24
logging enable
logging console debugging
logging buffered warnings
logging asdm informational
mtu management 1500
mtu outside 1500
mtu inside 1500
mtu delta 1500
ip local pool VPNPHONEPOOL 10.10.13.1-10.10.13.254 mask 255.255.255.0
asdm image disk0:/asdm-507.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (outside) 0 access-list outside_nat0_outbound
nat (inside) 0 access-list no-nat-inside
nat (inside) 1 10.0.0.0 255.0.0.0
nat (delta) 0 access-list no-nat-delta
nat (delta) 1 10.10.12.0 255.255.255.0
static (delta,outside) 68.72.236.201 10.10.12.201 netmask 255.255.255.255 
static (delta,outside) 68.72.236.202 10.10.12.202 netmask 255.255.255.255 
static (delta,outside) 68.72.236.203 10.10.12.203 netmask 255.255.255.255 
static (delta,outside) 68.72.236.204 10.10.12.204 netmask 255.255.255.255 
static (delta,outside) 68.72.236.205 10.10.12.205 netmask 255.255.255.255 
static (delta,outside) 68.72.236.206 10.10.12.206 netmask 255.255.255.255 
static (delta,outside) 68.72.236.25 10.10.12.25 netmask 255.255.255.255 
static (delta,outside) 68.72.236.121 10.10.12.121 netmask 255.255.255.255 
static (delta,outside) 68.72.236.122 10.10.12.122 netmask 255.255.255.255 
static (delta,outside) 68.72.236.221 10.10.12.221 netmask 255.255.255.255 
static (delta,outside) 68.72.236.23 10.10.12.23 netmask 255.255.255.255 
static (delta,outside) 68.72.236.37 10.10.12.37 netmask 255.255.255.255 
static (delta,outside) 68.72.236.39  access-list policy-nat 
access-group from-outside-coming-in in interface outside
access-group from-inside-coming-in in interface inside
access-group from-delta-coming-in in interface delta
route outside 0.0.0.0 0.0.0.0 68.72.236.2 1
route inside 10.243.0.0 255.255.255.0 10.100.0.15 1
route inside 10.235.0.0 255.255.255.0 10.100.0.15 1
route inside 10.225.0.0 255.255.255.0 10.100.0.15 1
route inside 10.206.0.0 255.255.255.0 10.100.0.15 1
route inside 10.205.0.0 255.255.255.0 10.100.0.15 1
route inside 10.201.0.0 255.255.255.0 10.100.0.15 1
route inside 10.143.0.0 255.255.255.0 10.100.7.17 1
route inside 10.141.0.0 255.255.255.0 10.100.7.17 1
route inside 10.135.0.0 255.255.255.0 10.100.7.11 1
route inside 10.130.0.0 255.255.255.0 10.100.1.201 1
route inside 10.125.0.0 255.255.255.0 10.100.1.201 1
route inside 10.105.0.0 255.255.255.0 10.100.7.11 1
route inside 10.30.11.0 255.255.255.0 10.100.0.14 1
route inside 10.20.11.0 255.255.255.0 10.100.0.15 1
route inside 10.10.11.0 255.255.255.0 10.100.1.0 1
route inside 10.0.135.0 255.255.255.0 10.100.0.14 1
route inside 10.0.130.0 255.255.255.0 10.100.0.14 1
route inside 10.0.110.0 255.255.255.0 10.100.0.14 1
route inside 10.0.105.0 255.255.255.0 10.100.0.14 1
route inside 10.200.0.0 255.255.248.0 10.100.7.11 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
group-policy VPNPHONE internal
group-policy VPNPHONE attributes
 wins-server none
 dns-server none
 dhcp-network-scope none
 vpn-access-hours none
 vpn-simultaneous-logins 3
 vpn-idle-timeout 2
 vpn-session-timeout none
 vpn-filter none
 vpn-tunnel-protocol IPSec 
 password-storage disable
 ip-comp disable
 re-xauth disable
 group-lock value VPNPHONE
 pfs disable
 ipsec-udp disable
 ipsec-udp-port 10000
 split-tunnel-policy tunnelall
 split-tunnel-network-list none
 default-domain none
 split-dns none
 secure-unit-authentication disable
 user-authentication disable
 user-authentication-idle-timeout none
 ip-phone-bypass disable
 leap-bypass disable
 nem disable
 backup-servers keep-client-config
 client-firewall none
 client-access-rule none
 webvpn
aaa authentication ssh console LOCAL 
http server enable
http 192.168.1.0 255.255.255.0 management
http 10.100.4.214 255.255.255.255 inside
http 10.100.5.25 255.255.255.255 inside
http 10.100.1.0 255.255.255.0 inside
http 10.200.4.84 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
sysopt noproxyarp delta
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac 
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac 
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac 
crypto ipsec transform-set TUNNEL_ESP_3DES_None esp-3des esp-none 
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac 
crypto ipsec transform-set ESP-3DES esp-3des esp-md5-hmac 
crypto dynamic-map outside_dyn_map 20 set pfs 
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-AES-128-SHA
crypto dynamic-map outside_dyn_map 20 set reverse-route
crypto dynamic-map outside_dyn_map 40 set transform-set ESP-AES-128-SHA
crypto map outside_map 20 match address outside_cryptomap_20
crypto map outside_map 20 set peer 136.1.1.103 
crypto map outside_map 20 set transform-set ESP-3DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
isakmp identity address 
isakmp enable outside
isakmp policy 10 authentication rsa-sig
isakmp policy 10 encryption 3des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption 3des
isakmp policy 20 hash md5
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
tunnel-group VPNPHONE type ipsec-ra
tunnel-group VPNPHONE general-attributes
 address-pool VPNPHONEPOOL
 default-group-policy VPNPHONE
tunnel-group VPNPHONE ipsec-attributes
 pre-shared-key *
 isakmp keepalive disable
tunnel-group 136.1.1.103 type ipsec-l2l
tunnel-group 136.1.1.103 ipsec-attributes
 pre-shared-key *
telnet timeout 5
ssh 10.100.4.214 255.255.255.255 inside
ssh 10.100.5.25 255.255.255.255 inside
ssh 10.100.1.0 255.255.255.0 inside
ssh 10.200.4.84 255.255.255.255 inside
ssh timeout 5
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd lease 3600
dhcpd ping_timeout 50
dhcpd enable management
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map global_policy
 class inspection_default
  inspect dns maximum-length 512 
  inspect ftp 
  inspect h323 h225 
  inspect h323 ras 
  inspect rsh 
  inspect rtsp 
  inspect sqlnet 
  inspect skinny 
  inspect sunrpc 
  inspect xdmcp 
  inspect sip 
  inspect netbios 
  inspect tftp 
!
service-policy global_policy global
ntp authenticate
ntp server 10.100.1.1 source inside prefer
Cryptochecksum:63793ac0b59f6a6160feacba7b5dd52a
: end