Drakes-HOVE-ASA5500# sh run : Saved : ASA Version 7.1(2) ! hostname test-ASA5500 domain-name local.com enable password MMsIqSF3sVRifT.I encrypted names ! interface Ethernet0/0 nameif outside security-level 0 ip address dhcp setroute ! interface Ethernet0/1 speed 100 duplex full nameif inside security-level 100 ip address 192.0.2.98 255.255.255.0 ! interface Ethernet0/2 shutdown no nameif no security-level no ip address ! interface Management0/0 nameif management security-level 50 no ip address management-only ! passwd sample encrypted ! ftp mode passive clock timezone GMT 0 clock summer-time BST recurring last Sun Mar 2:00 last Sun Oct 2:00 dns domain-lookup inside dns server-group DefaultDNS name-server 192.0.2.201 domain-name local.com access-list inside_nat0_outbound extended permit ip 192.0.2.0 255.255.255.0 host 192.0.2.50 access-list inside_nat0_outbound extended permit ip 192.0.2.0 255.255.255.0 host 192.0.2.51 access-list inside_nat0_outbound extended permit ip 192.0.2.0 255.255.255.0 host 192.0.2.52 access-list inside_nat0_outbound extended permit ip 192.0.2.0 255.255.255.0 host 192.0.2.53 access-list inside_nat0_outbound extended permit ip 192.0.2.0 255.255.255.0 host 192.0.2.54 access-list inside_nat0_outbound extended permit ip 192.0.2.0 255.255.255.0 host 192.0.2.55 access-list RemoteVPN_splitTunnelAcl extended permit ip 192.0.2.0 255.255.255.0 host 192.0.2.50 access-list RemoteVPN_splitTunnelAcl extended permit ip 192.0.2.0 255.255.255.0 host 192.0.2.51 access-list testGroupVPN_splitTunnelAcl extended permit ip 192.0.2.0 255.255.255.0 host 192.0.2.52 access-list testGroupVPN_splitTunnelAcl extended permit ip 192.0.2.0 255.255.255.0 host 192.0.2.53 access-list testGroupVPN_splitTunnelAcl extended permit ip 192.0.2.0 255.255.255.0 host 192.0.2.54 access-list testGroupVPN_splitTunnelAcl extended permit ip 192.0.2.0 255.255.255.0 host 192.0.2.55 pager lines 24 logging asdm informational mtu outside 1500 mtu inside 1500 mtu management 1500 ip local pool remoteVPNPool 192.0.2.50-192.0.2.51 mask 255.255.255.0 ip local pool testGroupVPNPool 192.0.2.52-192.0.2.55 mask 255.255.255.0 asdm image disk0:/asdm512-k8.bin no asdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 0 access-list inside_nat0_outbound nat (inside) 1 0.0.0.0 0.0.0.0 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute group-policy WEBVPNPOLICY internal group-policy WEBVPNPOLICY attributes banner value You now have Web VPN access to the test Extranet for Remote users. wins-server value 192.0.1.242 dns-server value 192.0.2.201 192.0.1.4 vpn-tunnel-protocol IPSec webvpn group-lock value DefaultWEBVPNGroup leap-bypass disable client-firewall none webvpn functions port-forward url-list value TESTSOFTWARE customization value customization1 port-forward-name value Application Access group-policy testGroupVPN internal group-policy testGroupVPN attributes wins-server value 192.0.1.243 dns-server value 192.0.2.201 192.0.1.3 split-tunnel-policy tunnelspecified split-tunnel-network-list value testGroupVPN_splitTunnelAcl default-domain value local.com group-policy RemoteVPN internal group-policy RemoteVPN attributes wins-server value 192.0.1.243 dns-server value 192.0.2.201 192.0.1.3 split-tunnel-policy tunnelspecified split-tunnel-network-list value RemoteVPN_splitTunnelAcl default-domain value local.com ! username admin password test encrypted privilege 15 ! username remote1 password PC2oJLp1f0QyDTXu encrypted privilege 15 username remote1 attributes vpn-group-policy RemoteVPN username itadmin password YEz/dSBPmMkRaqSA encrypted privilege 15 username itadmin attributes vpn-group-policy testGroupVPN aaa authentication ssh console LOCAL http server enable http 0.0.0.0 0.0.0.0 inside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-MD5 crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map crypto map outside_map interface outside isakmp enable outside isakmp policy 10 authentication pre-share isakmp policy 10 encryption 3des isakmp policy 10 hash sha isakmp policy 10 group 2 isakmp policy 10 lifetime 86400 tunnel-group DefaultWEBVPNGroup general-attributes default-group-policy WEBVPNPOLICY tunnel-group DefaultWEBVPNGroup webvpn-attributes hic-fail-group-policy WEBVPNPOLICY customization customization1 nbns-server 192.0.2.200 master timeout 2 retry 2 tunnel-group RemoteVPN type ipsec-ra tunnel-group RemoteVPN general-attributes address-pool RemoteVPNPool default-group-policy RemoteVPN tunnel-group RemoteVPN ipsec-attributes pre-shared-key * tunnel-group testGroupVPN type ipsec-ra tunnel-group testGroupVPN general-attributes address-pool testGroupVPNPool default-group-policy testGroupVPN tunnel-group testGroupVPN ipsec-attributes pre-shared-key * telnet 0.0.0.0 0.0.0.0 inside telnet timeout 5 ssh timeout 60 console timeout 0 ! class-map inspection_default match default-inspection-traffic ! ! policy-map global_policy class inspection_default inspect dns maximum-length 512 inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp ! service-policy global_policy global webvpn enable outside customization customization1 title text test Group WebVPN Service url-list CMIISOFTWARE "CMIISOFT" http://testc01/testclient/testhome.aspx 1 Cryptochecksum:e4cac5ab2453365f5bff24b3eb204e45 : end