Saved
:
ASA Version 8.0(3) 
!
hostname ciscoasa
domain-name cisco.com
enable password e03WqSiCmCIg/5x8 encrypted
names
!
interface GigabitEthernet0/0
 description ***** To Router *****
 nameif Outside
 security-level 0
 ip address 85.154.246.106 255.255.255.248 
!
interface GigabitEthernet0/1
 description ***** To Local Area Network *****
 nameif inside
 security-level 100
 ip address 10.10.1.254 255.255.255.0 
!
interface GigabitEthernet0/2
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet0/3
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Management0/0
 shutdown
 no nameif
 no security-level
 no ip address
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
dns server-group DefaultDNS
 domain-name cisco.com
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
access-list ahmedkarkar_splitTunnelAcl standard permit any 
access-list Outside_access_in extended permit ip any any 
access-list Outside_access_in extended permit tcp any any 
access-list Outside_access_in extended permit udp any any 
access-list inside_access_in extended permit tcp any any 
access-list inside_access_in extended permit ip any any 
access-list inside_access_in extended permit udp any any 
access-list Outside_nat0_outbound extended permit ip any 10.0.0.0 255.0.0.0 
access-list kfcalkhuwair_splitTunnelAcl standard permit any 
access-list inside_nat0_outbound extended permit ip any 10.10.1.200 255.255.255.252 
pager lines 24
logging enable
logging asdm informational
mtu Outside 1500
mtu inside 1500
ip local pool mqplaza-pool 10.10.1.153 mask 255.255.255.0
ip local pool ruwi-pool 10.10.1.152 mask 255.255.255.0
ip local pool Qurum_pool 10.10.1.150 mask 255.255.255.0
ip local pool kwair_pool 10.10.1.151 mask 255.255.255.0
ip local pool Ahmedkarkar 10.10.1.116 mask 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-603.bin
no asdm history enable
arp timeout 14400
global (Outside) 1 interface
nat (Outside) 0 access-list Outside_nat0_outbound
nat (Outside) 1 10.0.0.0 255.0.0.0
nat (inside) 0 access-list inside_nat0_outbound
access-group Outside_access_in in interface Outside
access-group inside_access_in in interface inside
route Outside 0.0.0.0 0.0.0.0 85.154.246.105 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL 
aaa authentication telnet console LOCAL 
http server enable
http 192.168.1.0 255.255.255.255 inside
http 0.0.0.0 0.0.0.0 inside
http 0.0.0.0 0.0.0.0 Outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac 
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac 
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac 
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac 
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac 
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac 
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac 
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac 
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac 
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac 
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs 
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map Outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map Outside_map interface Outside
crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map inside_map interface inside
crypto isakmp enable Outside
crypto isakmp enable inside
crypto isakmp policy 5
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
crypto isakmp policy 10
 authentication pre-share
 encryption des
 hash sha
 group 2
 lifetime 86400
crypto isakmp policy 65535
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 Outside
ssh timeout 60
console timeout 0
vpn load-balancing 
 interface lbpublic Outside
threat-detection basic-threat
threat-detection statistics access-list
group-policy ahmedkarkar internal
group-policy ahmedkarkar attributes
 vpn-tunnel-protocol IPSec l2tp-ipsec 
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value ahmedkarkar_splitTunnelAcl
group-policy kfcalkhuwair internal
group-policy kfcalkhuwair attributes
 vpn-tunnel-protocol IPSec l2tp-ipsec 
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value kfcalkhuwair_splitTunnelAcl
username ahmedkarkar password xKOwPy4e2SKNGf2F encrypted privilege 0
username ahmedkarkar attributes
 vpn-group-policy ahmedkarkar
username americana password 1gymv1ZRJwSQDkLl encrypted privilege 15
tunnel-group kfc12702 type remote-access
tunnel-group kfc12702 general-attributes
 address-pool ruwi-pool
tunnel-group kfc12702 ipsec-attributes
 pre-shared-key *
tunnel-group kfc12701 type remote-access
tunnel-group kfc12701 general-attributes
 address-pool Qurum_pool
tunnel-group kfc12701 ipsec-attributes
 pre-shared-key *
tunnel-group kfc12704 type remote-access
tunnel-group kfc12704 general-attributes
 address-pool kwair_pool
tunnel-group kfc12704 ipsec-attributes
 pre-shared-key *
tunnel-group ahmedkarkar type remote-access
tunnel-group ahmedkarkar general-attributes
 address-pool Ahmedkarkar
tunnel-group ahmedkarkar ipsec-attributes
 pre-shared-key *
tunnel-group kfc12711 type remote-access
tunnel-group kfc12711 general-attributes
 address-pool mqplaza-pool
tunnel-group kfc12711 ipsec-attributes
 pre-shared-key *
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map 
  inspect ftp 
  inspect h323 h225 
  inspect h323 ras 
  inspect netbios 
  inspect rsh 
  inspect rtsp 
  inspect skinny  
  inspect esmtp 
  inspect sqlnet 
  inspect sunrpc 
  inspect tftp 
  inspect sip  
  inspect xdmcp 
  inspect ipsec-pass-thru 
  inspect icmp 
  inspect icmp error 
  inspect ctiqbe 
  inspect dcerpc 
  inspect http 
  inspect ils 
  inspect mgcp 
  inspect pptp 
  inspect snmp 
  inspect waas 
!
service-policy global_policy global
prompt hostname context 
Cryptochecksum:3886fe7733866946d4f3ab65f6c05831
: end
asdm image disk0:/asdm-603.bin
no asdm history enable