! hostname Milfrank enable password 87AFhHRPnZAUkW/H encrypted passwd 87AFhHRPnZAUkW/H encrypted names ! interface Vlan1 nameif inside security-level 100 ip address 192.168.111.254 255.255.255.0 ! interface Vlan2 nameif outside security-level 0 ip address 192.168.254.253 255.255.255.0 ! interface Ethernet0/0 switchport access vlan 2 ! interface Ethernet0/1 ! interface Ethernet0/2 ! interface Ethernet0/3 ! interface Ethernet0/4 ! interface Ethernet0/5 ! interface Ethernet0/6 ! interface Ethernet0/7 ! boot system disk0:/asa805-k8.bin ftp mode passive access-list 101 extended permit ip 192.168.111.0 255.255.255.0 10.0.0.0 255.255. 0.0 access-list 101 extended permit ip 192.168.111.0 255.255.255.0 192.168.10.0 255. 255.255.0 access-list 101 extended permit ip 192.168.111.0 255.255.255.0 192.168.254.0 255 .255.255.0 access-list acl_in extended permit tcp any host 192.168.254.253 eq smtp access-list acl_in extended permit icmp any any pager lines 24 logging asdm informational mtu inside 1500 mtu outside 1500 ip local pool vpnpool 192.168.254.1-192.168.254.50 icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-524.bin no asdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 0 access-list 101 nat (inside) 1 0.0.0.0 0.0.0.0 static (inside,outside) tcp interface smtp 192.168.111.250 smtp netmask 255.255. 255.255 access-group acl_in in interface outside route outside 0.0.0.0 0.0.0.0 192.168.254.254 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 dynamic-access-policy-record DfltAccessPolicy http server enable http 192.168.1.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec transform-set AESset esp-aes-256 esp-sha-hmac crypto ipsec transform-set myset esp-des esp-md5-hmac crypto ipsec security-association lifetime seconds 28800 crypto ipsec security-association lifetime kilobytes 4608000 crypto dynamic-map dynmap 100 set transform-set AESset crypto dynamic-map 100 1 match address nonat crypto dynamic-map 100 1 set reverse-route crypto dynamic-map 100 2 match address 101 crypto map Milfrank 10 match address 101 crypto map Milfrank 10 set peer (remote IP) crypto map Milfrank 10 set transform-set AESset crypto map Milfrank 100 ipsec-isakmp dynamic dynmap crypto map Milfrank interface outside crypto isakmp identity address crypto isakmp enable outside crypto isakmp policy 10 authentication pre-share encryption aes-256 hash sha group 2 lifetime 86400 crypto isakmp policy 11 authentication pre-share encryption des hash md5 group 2 lifetime 86400 crypto isakmp nat-traversal 25 no vpn-addr-assign aaa no vpn-addr-assign dhcp telnet 0.0.0.0 0.0.0.0 inside telnet timeout 5 ssh timeout 5 console timeout 0 threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept group-policy VPNClt internal group-policy VPNClt attributes vpn-filter value 101 vpn-tunnel-protocol IPSec split-tunnel-policy tunnelspecified split-tunnel-network-list value 101 username Milfrank password tMS.AI3Vm/Tc1c7K encrypted tunnel-group (remote IP) type ipsec-l2l tunnel-group (remote IP) ipsec-attributes pre-shared-key * isakmp keepalive threshold 30 retry 2 tunnel-group VPNClt type remote-access tunnel-group VPNClt general-attributes address-pool vpnpool default-group-policy VPNClt tunnel-group VPNClt ipsec-attributes pre-shared-key * ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum 512 policy-map global_policy class inspection_default inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect icmp ! prompt hostname context