dcvfw# sh run : Saved : ASA Version 7.2(2)22 ! hostname dcvfw domain-name default.domain.invalid interface Ethernet0/1 description Interface Connected to Internal Netwrok nameif inside security-level 100 ip address 10.10.10.2 255.255.255.252 ! interface Ethernet0/2 nameif adsl security-level 0 ip address 10.10.10.6 255.255.255.252 dns domain-lookup adsl dns server-group DefaultDNS name-server 213.42.20.20 domain-name default.domain.invalid same-security-traffic permit intra-interface access-list ICMP extended permit icmp any any access-list ICMP extended permit ip any any access-list 200 extended permit ip 23.x.x.0 255.255.255.128 3.x.x.0 255.255.255.0 access-list nonat extended permit ip 23.x.x.0 255.255.255.128 3.x.x.0 255.255.255.0 pager lines 24 logging monitor debugging logging asdm informational mtu inside 1500 mtu adsl 1500 icmp unreachable rate-limit 1 burst-size 1 icmp permit any inside asdm image disk0:/asdm-522.bin no asdm history enable arp timeout 14400 global (adsl) 1 interface nat (inside) 0 access-list nonat nat (inside) 1 0.0.0.0 0.0.0.0 route inside 23.x.x.0 255.255.255.128 10.10.10.1 1 route adsl 0.0.0.0 0.0.0.0 10.10.10.5 1 aaa authentication serial console LOCAL aaa authentication telnet console LOCAL aaa authentication ssh console LOCAL http server enable http 23.x.x.0 255.255.255.128 inside crypto ipsec transform-set myset esp-3des esp-sha-hmac crypto map mymap 10 match address 200 crypto map mymap 10 set peer 213.xx.x.xxx crypto map mymap 10 set transform-set myset crypto map mymap interface adsl crypto isakmp enable adsl crypto isakmp policy 10 authentication pre-share encryption 3des hash sha group 2 lifetime 28800 crypto isakmp nat-traversal 20 tunnel-group DefaultL2LGroup ipsec-attributes isakmp keepalive threshold 30 retry 3 tunnel-group DefaultRAGroup ipsec-attributes isakmp keepalive threshold 30 retry 3 tunnel-group 213.xx.x.xxx type ipsec-l2l tunnel-group 213.xx.x.xxx ipsec-attributes pre-shared-key * isakmp keepalive threshold 30 retry 3 tunnel-group group1 type ipsec-l2l management-access inside