nameif Gatling_GCC_LAN security-level 100 ip address 10.10.0.6 255.255.254.0 ! interface Ethernet0/1 description CGC_VPN nameif Gatling_VPN security-level 50 ip address 147.109.253.xxx 255.255.255.248 ! interface Ethernet0/2 description WAN interface to NetTas nameif Gatling_GCC_WAN security-level 0 ip address 147.109.239.xxx 255.255.255.240 ! interface Management0/0 description Gatling Management nameif Galtling_Management_Port security-level 100 ip address 192.168.100.1 255.255.255.0 management-only ! passwd 2KFQnbNIdI.2KYOU encrypted banner exec GCC Gatling Firewall - Enable Mode banner login GCC Gatling Firewall ftp mode passive clock timezone EST 10 clock summer-time EDT recurring 1 Sun Oct 2:00 last Sun Mar 3:00 dns domain-lookup Gatling_GCC_LAN dns domain-lookup Gatling_GCC_WAN dns name-server 10.10.0.88 dns name-server 10.10.0.89 dns name-server 147.109.250.13 dns name-server 202.7.15.13 dns name-server 10.10.5.5 dns name-server 10.10.24.100 object-group service POPS tcp description POPS Traffic allow access-list Gatling_GCC_LAN_access_in remark Web Access access-list Gatling_GCC_LAN_access_in extended permit tcp 10.10.0.0 255.255.0.0 eq www interface Gatling_GCC_WAN access-list Gatling_GCC_LAN_access_in remark HTTPS Traffic out access-list Gatling_GCC_LAN_access_in extended permit tcp 10.10.0.0 255.255.0.0 eq https interface Gatling_GCC_WAN access-list Gatling_GCC_LAN_access_in extended permit tcp interface Gatling_GCC_LAN eq ssh interface Gatling_GCC_WAN eq ssh access-list Gatling_GCC_LAN_access_in extended permit icmp interface Gatling_GCC_LAN any access-list Gatling_GCC_LAN_access_in extended permit icmp interface Gatling_GCC_LAN interface Gatling_VPN access-list Gatling_GCC_WAN_access_out remark POP3 Traffic access-list Gatling_GCC_WAN_access_out extended permit tcp 10.10.0.0 255.255.0.0 eq pop3 interface Gatling_GCC_WAN eq pop3 access-list Gatling_GCC_WAN_access_in remark COMSTRA FULL ACCESS access-list Gatling_GCC_WAN_access_in extended permit tcp 203.127.116.0 255.255.255.0 interface Gatling_GCC_LAN access-list Gatling_GCC_LAN_nat0_outbound extended permit ip interface Gatling_GCC_LAN 172.16.0.0 255.255.255.192 access-list Gatling_GCC_LAN_nat0_outbound extended permit ip 10.10.0.0 255.255.0.0 172.16.0.0 255.255.0.0 access-list Gatling_VPN_authentication_Gosling-06 remark AAA to Gosling-06 access-list Gatling_VPN_authentication_Gosling-06 extended permit tcp interface Gatling_VPN interface Gatling_GCC_LAN access-list Gatling_VPN extended permit udp any host 147.109.253.xxx eq isakmp access-list Gatling_VPN extended permit ah any host 147.109.253.xxx access-list Gatling_VPN extended permit esp any host 147.109.253.xxx access-list Gatling_VPN remark Tunnel Traffic access-list Gatling_VPN extended permit udp any host 147.109.253.xxx eq 4500 access-list Gatling_VPN extended permit tcp 172.16.0.0 255.255.255.0 host 10.10.0.13 eq 3389 pager lines 24 logging enable logging buffer-size 16384 logging console debugging logging buffered errors logging history critical logging asdm informational logging mail emergencies logging from-address gatling@gcc.tas.gov.au logging recipient-address infotech@gcc.tas.gov.au level emergencies logging recipient-address helpdesk@gcc.tas.gov.au level alerts logging flash-bufferwrap logging flash-minimum-free 4000 logging flash-maximum-allocation 2000 mtu Gatling_GCC_LAN 1500 mtu Gatling_VPN 1500 mtu Gatling_GCC_WAN 1500 mtu Galtling_Management_Port 1500 ip local pool VPN_Pool 172.16.0.1-172.16.0.51 mask 255.255.255.0 ip verify reverse-path interface Gatling_GCC_LAN ip verify reverse-path interface Gatling_VPN ip verify reverse-path interface Gatling_GCC_WAN icmp permit any Gatling_GCC_LAN icmp permit any Gatling_VPN icmp deny any Gatling_GCC_WAN asdm image disk0:/asdm505.bin asdm history enable arp timeout 14400 nat-control global (Gatling_GCC_LAN) 10 interface nat (Gatling_GCC_LAN) 0 access-list Gatling_GCC_LAN_nat0_outbound nat (Gatling_VPN) 0 172.16.0.0 255.255.255.0 dns outside nat (Galtling_Management_Port) 10 0.0.0.0 0.0.0.0 access-group Gatling_GCC_WAN_access_in in interface Gatling_GCC_WAN access-group Gatling_GCC_WAN_access_out out interface Gatling_GCC_WAN route Gatling_GCC_WAN 0.0.0.0 0.0.0.0 147.109.239.xxx 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute url-list Remote_Access "yale-v" cifs://10.10.0.13 port-forward Remote_Desktop/Terminal_Services 3389 10.10.0.13 3389 aaa-server Gosling-06 protocol radius aaa-server Gosling-06 (Gatling_GCC_LAN) host 10.10.0.130 retry-interval 5 key GATLING-KEY authentication-port 1812 accounting-port 1813 acl-netmask-convert auto-detect aaa-server partnerauth protocol radius aaa-server partnerauth (Gatling_GCC_LAN) host 10.10.0.130 timeout 5 key GATLING-KEY group-policy DfltGrpPolicy attributes banner value GCC WEB VPN wins-server none dns-server none dhcp-network-scope none vpn-access-hours none vpn-simultaneous-logins 3 vpn-idle-timeout 30 vpn-session-timeout none vpn-filter none vpn-tunnel-protocol IPSec password-storage disable ip-comp disable re-xauth disable group-lock value DefaultRAGroup pfs disable ipsec-udp disable ipsec-udp-port 10000 split-tunnel-policy tunnelall split-tunnel-network-list none default-domain none split-dns none secure-unit-authentication enable user-authentication enable user-authentication-idle-timeout 30 ip-phone-bypass disable leap-bypass disable nem disable backup-servers keep-client-config client-firewall none client-access-rule none webvpn functions url-entry file-access file-entry file-browsing port-forward-name value Application Access group-policy GCC_VPN internal group-policy GCC_VPN attributes banner value Welcome to the Glenorchy Council Network wins-server value 10.10.0.90 10.10.0.91 dns-server value 10.10.0.88 10.10.0.89 vpn-tunnel-protocol IPSec webvpn group-lock value GCC_VPN webvpn username cisco password iIIyGlCGSKcTdMsg encrypted privilege 15 username comstra password WQoizql7mYcPrpu5 encrypted privilege 15 aaa authentication enable console LOCAL aaa authentication http console LOCAL aaa authentication ssh console LOCAL aaa authentication telnet console LOCAL aaa authentication match Gatling_VPN_authentication_Gosling-06 Gatling_VPN Gosling-06 aaa authorization command LOCAL aaa accounting enable console Gosling-06 http server enable http 10.10.0.0 255.255.255.255 Gatling_GCC_LAN http 10.10.0.0 255.255.254.0 Gatling_GCC_LAN http 147.109.239.181 255.255.255.255 Gatling_GCC_WAN http 192.168.1.0 255.255.255.0 Galtling_Management_Port snmp-server location Computer Room snmp-server contact infotech@gcc.tas.gov.au snmp-server community GCC snmp-server enable traps snmp authentication linkup linkdown coldstart sysopt connection tcpmss 0 sysopt noproxyarp Gatling_GCC_LAN sysopt noproxyarp Galtling_Management_Port auth-prompt prompt user prompt auth-prompt accept In like Flyn!! auth-prompt reject user rejected crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto dynamic-map Gatling_VPN_dyn_map 20 set transform-set ESP-3DES-SHA crypto dynamic-map Gatling_VPN_dyn_map 40 set transform-set ESP-3DES-SHA crypto map Gatling_VPN_map 65535 ipsec-isakmp dynamic Gatling_VPN_dyn_map crypto map Gatling_VPN_map interface Gatling_VPN isakmp identity auto isakmp enable Gatling_VPN isakmp policy 10 authentication pre-share isakmp policy 10 encryption 3des isakmp policy 10 hash sha isakmp policy 10 group 2 isakmp policy 10 lifetime 86400 isakmp nat-traversal 20 isakmp ipsec-over-tcp port 10000 tunnel-group GCC_VPN type ipsec-ra tunnel-group GCC_VPN general-attributes address-pool VPN_Pool authentication-server-group Gosling-06 authentication-server-group (Gatling_VPN) Gosling-06 accounting-server-group Gosling-06 default-group-policy GCC_VPN tunnel-group GCC_VPN ipsec-attributes pre-shared-key * radius-with-expiry no vpn-addr-assign aaa vpn-sessiondb max-session-limit 25 telnet 10.10.0.0 255.255.254.0 Gatling_GCC_LAN telnet timeout 5 ssh 10.10.0.0 255.255.255.255 Gatling_GCC_LAN ssh 147.109.239.179 255.255.255.255 Gatling_GCC_WAN ssh timeout 5 console timeout 0 dhcpd address 192.168.100.2-192.168.100.10 Galtling_Management_Port dhcpd dns 10.10.0.88 10.10.0.89 dhcpd wins 10.10.0.90 10.10.0.91 dhcpd lease 3600 dhcpd ping_timeout 50 dhcpd domain glenorchy.tas.gov.au dhcpd enable Galtling_Management_Port ntp server 10.10.0.12 source Gatling_GCC_LAN prefer tftp-server Gatling_GCC_LAN 10.10.1.122 d:\install\asa_config2 webvpn nbns-server 10.10.0.90 master timeout 2 retry 2 nbns-server 10.10.0.91 timeout 2 retry 2 nbns-server 10.10.5.5 timeout 2 retry 2 imap4s enable Gatling_GCC_WAN server 10.10.0.115 default-group-policy DfltGrpPolicy pop3s enable Gatling_GCC_WAN server 10.10.0.115 default-group-policy DfltGrpPolicy smtps enable Gatling_GCC_WAN server 10.10.0.115 default-group-policy DfltGrpPolicy smtp-server 10.10.0.15 10.10.0.115 client-update enable Cryptochecksum:e5a2c6ff8cca8293e4fe6ec1ccd5b0b5 : end Gatling-06# sh route S 0.0.0.0 0.0.0.0 [1/0] via 147.109.239.xxx, Gatling_GCC_WAN C 10.10.0.0 255.255.254.0 is directly connected, Gatling_GCC_LAN C 147.109.239.xxx 255.255.255.240 is directly connected, Gatling_GCC_WAN C 147.109.253.xxx 255.255.255.248 is directly connected, Gatling_VPN Gatling-06# sh start erro nat 0 0.0.0.0 will be identity translated for outbound *** Output from config line 110, "nat (Gatling_GCC_LAN) 0 ..." nat 0 172.16.0.0 will be identity translated for outbound *** Output from config line 112, "nat (Gatling_VPN) 0 172...." ERROR: Invalid tunnel group name *** Output from config line 225, "tunnel-group-map default..." Gatling-06#