ASA Version 8.0(3) ! names name 192.168.1.1 Internal_Core_Router_int name 66.160.x.x Internal_Core_Router_ext name 66.160.x.x AGF_Contivity100_ext name 172.16.0.225 AGF_Contivity100_int name 12.14.217.30 AGF dns-guard ! interface Ethernet0/0 speed 100 duplex full nameif outside security-level 0 ip address 66.160.x.x 255.255.255.224 ! interface Ethernet0/1 speed 100 duplex full nameif inside security-level 100 ip address 192.168.1.2 255.255.255.0 ! interface Ethernet0/2 nameif AGF_VPN security-level 90 ip address 172.16.0.226 255.255.255.248 ! interface Ethernet0/3 shutdown no nameif no security-level no ip address ! interface Management0/0 shutdown nameif management security-level 100 no ip address management-only ! object-group network All_Internal_Nets description All internal networks network-object 192.168.1.0 255.255.255.0 network-object 192.168.2.0 255.255.255.0 network-object 192.168.3.0 255.255.255.0 network-object 192.168.4.0 255.255.255.0 network-object 192.168.101.0 255.255.255.0 network-object 192.168.102.0 255.255.255.0 network-object 192.168.103.0 255.255.255.0 network-object 192.168.104.0 255.255.255.0 object-group service Allowed_Outbound_TCP tcp description All TCP ports allowed outbound to the Internet port-object eq www port-object eq https port-object eq ftp port-object eq ftp-data port-object eq domain port-object eq ssh port-object eq smtp port-object eq 1433 port-object eq 3389 object-group service Allowed_Outbound_UDP udp description All UDP ports allowed outbound to the Internet port-object eq domain port-object eq 1433 port-object eq 20 port-object eq 21 port-object eq 3389 object-group service AGF_Services service-object icmp echo service-object tcp eq 12070 service-object tcp eq 12071 service-object tcp eq www object-group service AGF_VPN_Services service-object esp service-object ah service-object tcp eq www service-object udp eq isakmp access-list inside_access_in remark Allow all return traffic to remote access VPN users. access-list inside_access_in extended permit ip object-group All_Internal_Nets 192.168.50.0 255.255.255.128 access-list inside_access_in extended permit tcp object-group All_Internal_Nets any object-group Allowed_Outbound_TCP access-list inside_access_in extended permit udp object-group All_Internal_Nets any object-group Allowed_Outbound_UDP access-list inside_access_in extended permit object-group AGF_Services object-group All_Internal_Nets host AGF_Contivity100_int access-list inside_access_in extended permit icmp object-group All_Internal_Nets any echo access-list outside_access_in extended permit tcp host 216.x.x.x host Internal_Core_Router_ext eq telnet access-list outside_access_in extended permit tcp host 208.x.x.x host RouteView_ext eq 1717 access-list outside_access_in extended permit tcp any host Portal_ext object-group Allowed_Inbound_To_Portal access-list outside_access_in extended permit object-group TCPUDP object-group EdisonTechnologyGroup host EdisonExchange_ext object-group SQL_Services access-list outside_access_in extended permit tcp object-group External_Hosts_Accessing_Numa host Numa_ext eq ftp access-list outside_access_in extended permit object-group TCPUDP object-group External_Hosts_Accessing_Numa host Numa_ext object-group Oracle_Services access-list outside_access_in extended permit object-group TCPUDP object-group External_Hosts_Accessing_Sun host Sun_ext object-group Oracle_Services access-list outside_access_in extended permit object-group AGF_VPN_Services host AGF host AGF_Contivity100_ext access-list outside_access_in extended permit tcp host 216.x.x.x host Portal_ext eq smtp access-list outside_access_in extended permit tcp host Sun_Tech_Support host NewSun_ext eq ssh access-list outside_access_in extended permit icmp any any echo-reply access-list outside_access_in extended permit icmp any any traceroute access-list outside_access_in extended permit tcp host 64.122.x.x host RouteView_ext object-group Allowed_Inbound_To_RouteView access-list MarloRemoteAccessVPN_splitTunnelAcl standard permit 192.168.0.0 255.255.0.0 access-list inside_nat0_outbound extended permit ip any 192.168.50.0 255.255.255.128 access-list outside_cryptomap extended permit ip GERS_Local 255.255.255.192 GERS_Remote 255.255.255.192 access-list AGF_VPN_access_in extended permit object-group AGF_Services object-group All_Internal_Nets host AGF_Contivity100_int inactive access-list AGF_VPN_access_in extended permit object-group AGF_Services host AGF_Contivity100_int object-group All_Internal_Nets access-list AGF_VPN_access_in extended permit object-group AGF_VPN_Services host AGF host AGF_Contivity100_int ! ! global (outside) 1 66.160.x.x global (AGF_VPN) 1 interface nat (inside) 0 access-list inside_nat0_outbound nat (inside) 1 192.168.0.0 255.255.0.0 nat (AGF_VPN) 1 172.16.0.0 255.255.255.248 nat (AGF_VPN) 1 172.16.0.224 255.255.255.248 nat (AGF_VPN) 1 172.16.0.0 255.255.255.0 ! static (AGF_VPN,outside) AGF_Contivity100_ext AGF_Contivity100_int netmask 255.255.255.255 access-group outside_access_in in interface outside access-group inside_access_in in interface inside access-group AGF_VPN_access_in in interface AGF_VPN route outside 0.0.0.0 0.0.0.0 66.160.x.x 1 route inside 192.168.0.0 255.255.0.0 Internal_Core_Router_int 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout uauth 0:05:00 absolute ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns migrated_dns_map_1 parameters message-length maximum 512 policy-map global_policy class inspection_default inspect dns migrated_dns_map_1 inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp ! service-policy global_policy global prompt hostname context