sh run : Saved : ASA Version 8.0(2) ! hostname m1 domain-name .mil enable names name 16.23.104.142 mil dns-guard ! interface GigabitEthernet0/0 speed 100 duplex full nameif outside security-level 0 ip address 14.15.162.21 255.255.255.224 ! interface GigabitEthernet0/1 speed 100 duplex full nameif inside security-level 100 ip address 19.11.5.6 255.255.255.0 ! interface GigabitEthernet0/2 shutdown no nameif no security-level no ip address ! interface GigabitEthernet0/3 shutdown no nameif no security-level no ip address ! interface Management0/0 speed 100 duplex full nameif ASA_Management security-level 100 ip address 19.16.5.2 255.255.255.0 management-only ! regex _default_gator "Gator" regex _default_firethru-tunnel_2 "[/\\]cgi[-]bin[/\\]proxy" regex _default_shoutcast-tunneling-protocol "1" regex _default_http-tunnel "[/\\]HT_PortLog.aspx" regex _default_x-kazaa-network "[xX]-[kK][aA][zZ][aA][aA]-[nN][eE][tT][wW][oO][rR][kK]" regex _default_msn-messenger "[Aa][Pp][Pp][Ll][Ii][Cc][Aa][Tt][Ii][Oo][Nn][/\\][Xx][-][Mm][Ss][Nn][-][Mm][Ee][Ss][Ss][Ee][Nn][Gg][Ee][Rr]" regex _default_GoToMyPC-tunnel_2 "[/\\]erc[/\\]Poll" regex _default_gnu-http-tunnel_uri "[/\\]index[.]html" regex _default_aim-messenger "[Hh][Tt][Tt][Pp][.][Pp][Rr][Oo][Xx][Yy][.][Ii][Cc][Qq][.][Cc][Oo][Mm]" regex _default_gnu-http-tunnel_arg "crap" regex _default_icy-metadata "[iI][cC][yY]-[mM][eE][tT][aA][dD][aA][tT][aA]" regex _default_GoToMyPC-tunnel "machinekey" regex _default_windows-media-player-tunnel "NSPlayer" regex _default_yahoo-messenger "YMSG" regex _default_httport-tunnel "photo[.]exectech[-]va[.]com" regex _default_firethru-tunnel_1 "firethru[.]com" ! time-range Unrestricted ! boot system disk0:/asa802-k8.bin ftp mode passive clock timezone EST -5 clock summer-time EDT recurring 2 Sun Mar 2:00 1 Sun Nov 2:00 60 dns domain-lookup inside dns server-group DefaultDNS timeout 5 name-server 16.23.224.3 name-server 16.23.224.4 domain-name jds.mil object-group service DEFAULT-BLK-PPS tcp-udp port-object eq 513 port-object eq 1090 port-object eq 1170 port-object eq 1234 port-object eq 1243 port-object eq 1245 port-object eq 1349 port-object eq 1492 port-object eq 1600 port-object eq 1807 port-object eq 1981 port-object eq 1999 port-object eq 2001 port-object eq 2023 port-object eq 2115 port-object eq 2140 port-object eq 2222 port-object eq 2565 port-object eq 2583 port-object eq 2744 port-object eq 2766 port-object eq 2772 port-object eq 2773 port-object eq 2774 port-object eq 2801 port-object eq 6667 port-object eq 6711 port-object eq 6712 port-object eq 6713 port-object eq 6776 port-object eq 7000 port-object eq 7215 port-object eq 12345 port-object eq 12346 port-object eq 27374 port-object eq 27573 port-object eq 27665 port-object eq 31335 port-object eq 31337 port-object eq 31338 port-object eq 33270 port-object eq 39168 port-object eq 54283 port-object eq 65000 object-group network _NET description JTFCS internal network network-object 16.23.224.0 255.255.255.128 network-object 16.23.225.0 255.255.255.0 object-group network NC_L2L description NC Site to Site network-object 16.23.18.32 255.255.255.224 network-object 16.23.18.64 255.255.255.224 network-object 16.23.90.0 255.255.255.0 network-object 16.23.91.0 255.255.255.0 network-object host 164.236.1.100 object-group network _NET_VOIP description Internal network plus support for voip to ERCS network-object 16.23.224.0 255.255.255.128 network-object host 16.23.224.123 network-object host 16.23.224.31 network-object host 16.23.225.10 object-group network ERCS_NET_VOIP description ERCS internal net and voip subnet network-object 19.16.10.0 255.255.255.0 network-object 21.4.17.0 255.255.255.0 object-group network _DNS description JTFCS DNS servers network-object host 16.23.224.3 network-object host 16.23.224.4 object-group network _RPC description CS RPC Servers for VPNDN network-object host 16.23.224.3 network-object host 16.23.224.4 network-object host 16.23.224.10 network-object host 16.23.224.44 object-group network _LDAP description CS LDAP Servers network-object host 16.23.224.10 network-object host 16.23.224.3 network-object host 16.23.224.4 object-group network JTFCS_KERBOS description CS Kerbos servers network-object host 16.23.224.3 network-object host 16.23.224.4 object-group network JTFCS_KPASS description CS DC servers for changing password network-object host 16.23.224.3 network-object host 16.23.224.4 object-group network JTFCS_SMB description CS Server message block network-object host 16.23.224.10 network-object host 16.23.224.3 network-object host 16.23.224.4 network-object host 16.23.225.10 object-group network JTFCS_NTP description CS NTP servers network-object host 16.23.224.3 network-object host 16.23.224.4 object-group network JTFCS_HBSS description CS network segments for HBSS network-object 16.23.225.0 255.255.255.0 network-object 16.23.227.0 255.255.255.0 network-object 16.23.224.0 255.255.255.128 object-group network DCDINS_KITS description Dataline mobile kit segments network-object 16.23.226.16 255.255.255.248 network-object 16.23.226.24 255.255.255.248 network-object 16.23.226.8 255.255.255.248 object-group network DM_INLINE_NETWORK_1 network-object 16.23.224.0 255.255.255.128 network-object 16.23.225.0 255.255.255.0 access-list inside remark temp access-list inside extended permit icmp host 16.23.224.44 host 192.168.20.3 access-list inside remark temp access-list inside extended permit ip object-group _NET host 19.16.20.3 access-list inside remark servers to Heavy server segment via tunnel access-list inside extended permit ip object-group _NET 21.4.17.0 255.255.255.0 access-list inside remark servers to NC via tunnel access-list inside extended permit ip 16.23.224.0 255.255.255.128 object-group NC_L2L access-list inside remark clients to NC Remedy via tunnel access-list inside extended permit ip 16.23.225.0 255.255.255.0 host 16.23.1.100 access-list inside remark clients to NC HBSS via tunnel access-list inside extended permit ip object-group _HBSS 16.23.24.16 255.255.255.240 access-list inside extended deny ip any any access-list outside extended deny ip any any access-list outside_20_cryptomap remark Garrison server replication with NC access-list outside_20_cryptomap extended permit ip object-group DM_INLINE_NETWORK_1 object-group NC_L2L access-list outside_20_cryptomap remark clients to NC ePO server for HBSS access-list outside_20_cryptomap extended permit ip object-group JTFCS_HBSS 16.23.24.16 255.255.255.240 access-list inside_nat0_outbound remark servers to NC bypass Nat access-list inside_nat0_outbound extended permit ip 16.23.224.0 255.255.255.128 object-group NC_L2L access-list inside_nat0_outbound remark clients to NC HBSS bypass Nat access-list inside_nat0_outbound extended permit ip object-group JTFCS_HBSS 16.23.24.16 255.255.255.240 access-list inside_nat0_outbound remark clients to NC Remedy bypass NAT access-list inside_nat0_outbound extended permit ip 16.23.225.0 255.255.255.0 host 164.236.1.100 access-list inside_nat0_outbound remark servers to Heavy servers and voip bypass Nat access-list inside_nat0_outbound extended permit ip object-group _NET object-group ERCS_NET_VOIP access-list inside_nat0_outbound remark to vpn client bypass Nat access-list inside_nat0_outbound extended permit ip object-group _NET 19.16.20.0 255.255.255.0 access-list inside_nat0_outbound remark proxy to vpn clients bypass Nat access-list inside_nat0_outbound extended permit ip host 16.23.224.202 19.16.20.0 255.255.255.0 access-list inside_nat0_outbound remark servers to Dataline kits bypass Nat access-list inside_nat0_outbound extended permit ip object-group _NET object-group DCDINS_KITS access-list inside_nat0_outbound remark proxy to Dataline kits bypass Nat access-list inside_nat0_outbound extended permit ip host 16.23.224.202 object-group DCDINS_KITS access-list remote_clients remark temp access-list remote_clients extended permit icmp any any access-list remote_clients remark temp access-list remote_clients extended permit ip any any access-list remote_clients extended deny tcp any any object-group DEFAULT-BLK-PPS access-list remote_clients extended deny udp any any object-group DEFAULT-BLK-PPS access-list remote_clients remark vpn clients to filter access-list remote_clients extended permit tcp 19.16.2.0 255.255.255.0 object-group _RPC eq 135 access-list remote_clients remark vpn clients to filter access-list remote_clients extended permit tcp 19.16.2.0 255.255.255.0 object-group _RPC range 1024 65535 access-list remote_clients remark vpn clients to filter access-list remote_clients extended permit tcp 19.16.2.0 255.255.255.0 object-group _LDAP eq ldap access-list remote_clients remark vpn clients to filter access-list remote_clients extended permit udp 19.16.2.0 255.255.255.0 object-group _LDAP eq 389 access-list remote_clients remark vpn clients to filter access-list remote_clients extended permit udp 19.16.2.0 255.255.255.0 object-group _DNS eq domain access-list remote_clients remark vpn clients to filter access-list remote_clients extended permit tcp 19.16.2.0 255.255.255.0 object-group _KERBOS eq 88 access-list remote_clients remark vpn clients to filter access-list remote_clients extended permit udp 19.16.2.0 255.255.255.0 object-group _KERBOS eq 88 access-list remote_clients remark vpn clients to filter access-list remote_clients extended permit tcp 19.16.2.0 255.255.255.0 object-group _KPASS eq 464 access-list remote_clients remark vpn clients to filter access-list remote_clients extended permit udp 19.16.2.0 255.255.255.0 object-group _NTP eq ntp access-list remote_clients remark vpn clients to filter access-list remote_clients extended permit tcp 19.16.2.0 255.255.255.0 host 16.23.225.10 eq 445 access-list remote_clients remark vpn clients to filter access-list remote_clients extended permit tcp 19.16.2.0 255.255.255.0 host 16.23.224.10 eq www access-list remote_clients remark vpn clients to filter access-list remote_clients extended permit tcp 19.16.2.0 255.255.255.0 host 16.23.224.21 eq www access-list remote_clients remark vpn clients to filter access-list remote_clients extended permit tcp 19.16.2.0 255.255.255.0 host 16.23.224.25 eq 3389 access-list remote_clients remark vpn clients to filter access-list remote_clients extended permit tcp 19.16.2.0 255.255.255.0 host 16.23.224.202 eq 8080 access-list remote_clients extended deny ip any any access-list DCDINS-KITS_L2L remark Dataline kits to servers filter access-list DCDINS-KITS_L2L extended permit ip object-group DCDINS_KITS object-group JTFCS_NET access-list DCDINS-KITS_L2L remark Dataline kits to Garrison proxy for web browsing filter access-list DCDINS-KITS_L2L extended permit tcp object-group DCDINS_KITS host 16.23.224.202 eq 8080 access-list DCDINS-KITS_L2L extended deny ip any any access-list outside_40_cryptomap remark to Heavy tunnel access-list outside_40_cryptomap extended permit ip object-group JTFCS_NET_VOIP object-group ERCS_NET_VOIP access-list NC_L2L remark NC segments to servers filter access-list NC_L2L extended permit ip object-group NC_L2L 16.23.224.0 255.255.255.128 access-list NC_L2L remark NC Remedy to clients filter access-list NC_L2L extended permit ip host 16.23.1.100 16.23.225.0 255.255.255.0 access-list NC_L2L remark NC HBSS to clients filter access-list NC_L2L extended permit ip 16.23.24.16 255.255.255.240 object-group _HBSS access-list NC_L2L extended deny ip any any access-list ERCS_L2L remark Heavy server sgement and voip to servers callmanager and voice gateway filter access-list ERCS_L2L extended permit ip object-group ERCS_NET_VOIP object-group _NET_VOIP access-list ERCS_L2L extended deny ip any any access-list Def_Deny extended deny ip any any pager lines 24 logging enable logging timestamp logging buffer-size 4096 logging asdm-buffer-size 250 logging trap informational logging asdm informational logging from-address .mil logging facility 21 logging device-id hostname logging host inside 16.23.224.25 logging host inside 16.23.224.205 logging flash-minimum-free 3076 logging flash-maximum-allocation 1024 logging rate-limit 1 1 message 402116 logging rate-limit 1 10 message 620002 logging rate-limit 1 10 message 717015 logging rate-limit 1 10 message 717018 logging rate-limit 1 10 message 201013 logging rate-limit 1 10 message 201012 logging rate-limit 1 10 message 405002 logging rate-limit 1 10 message 421007 logging rate-limit 1 10 message 405001 logging rate-limit 1 10 message 421001 logging rate-limit 1 10 message 421002 logging rate-limit 2 5 message 199011 logging rate-limit 1 10 message 199010 logging rate-limit 2 5 message 199012 logging rate-limit 1 10 message 710002 logging rate-limit 1 10 message 209003 logging rate-limit 1 10 message 209004 logging rate-limit 1 10 message 209005 logging rate-limit 1 10 message 431002 logging rate-limit 1 10 message 431001 logging rate-limit 1 10 message 110003 logging rate-limit 1 10 message 110002 logging rate-limit 1 10 message 216004 logging rate-limit 1 10 message 450001 mtu outside 1500 mtu inside 1500 mtu ASA_Management 1500 ip local pool CS_USERS 19.16.2.1-19.16.2.254 mask 255.255.255.0 no failover failover lan unit secondary failover polltime unit 1 holdtime 15 failover polltime interface 5 holdtime 25 failover interface-policy 1 icmp unreachable rate-limit 1 burst-size 1 icmp permit host 19.11.5.99 inside icmp permit 16.23.225.0 255.255.255.0 echo inside icmp permit host 16.23.224.25 echo inside icmp permit host 16.23.224.44 inside icmp deny any inside icmp permit 16.23.225.0 255.255.255.0 ASA_Management icmp permit 16.23.224.0 255.255.255.0 ASA_Management icmp permit 19.168.5.0 255.255.255.0 ASA_Management icmp deny any ASA_Management asdm image disk0:/asdm-602.bin asdm history enable arp timeout 14400 no nat-control global (outside) 1 interface nat (inside) 0 access-list inside_nat0_outbound nat (inside) 1 0.0.0.0 0.0.0.0 access-group outside in interface outside access-group inside in interface inside route outside 0.0.0.0 0.0.0.0 14.15.1.65 1 route inside 14.24.59.203 255.255.255.255 19.11.5.1 1 route inside 16.23.224.0 255.255.255.0 19.11.5.1 1 route inside 16.23.225.0 255.255.255.0 19.11.5.1 1 route inside 16.23.227.0 255.255.255.0 19.11.5.1 1 route ASA_Management 19.16.5.0 255.255.255.0 19.16.5.2 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout uauth 0:05:00 absolute ldap attribute-map AD-LDAP map-name memberof Tunneling-Protocols map-value memberof "CN=_VPN,OU=VPN ACCESS,OU=Groups Local,DC=jtfcs,DC=ds,DC=mil" 20 dynamic-access-policy-record CS_USERS action continue priority 1 dynamic-access-policy-record DfltAccessPolicy action terminate aaa-server AD-LDAP protocol ldap aaa-server AD-LDAP host 164.236.224.3 server-port 389 ldap-base-dn DC=JTFCS,DC=DS,DC=MIL ldap-scope subtree ldap-naming-attribute userPrincipalName ldap-login-password * ldap-login-dn CN=cacpublish,CN=U,DC=j,DC=ds,DC=m server-type microsoft ldap-attribute-map AD-LDAP aaa-server AD-LDAP host 164.236.224.4 server-port 389 ldap-base-dn DC=JTFCS,DC=DS,DC=MIL ldap-scope subtree ldap-naming-attribute userPrincipalName ldap-login-password * ldap-login-dn CN=cacpublish,CN=U,DC=j,DC=ds,DC=m server-type microsoft ldap-attribute-map AD-LDAP eou allow none nac-policy DfltGrpPolicy-nac-framework-create nac-framework reval-period 36000 sq-period 300 aaa authentication serial console LOCAL aaa authentication telnet console LOCAL aaa authentication ssh console LOCAL http server enable 443 http 16.23.225.52 255.255.255.255 inside http 16.23.225.69 255.255.255.255 inside http 14.24.5.203 255.255.255.255 inside http 19.16.5.0 255.255.255.0 ASA_Management http 19.11.5.99 255.255.255.255 inside http 16.23.224.25 255.255.255.255 inside http 16.23.225.68 255.255.255.255 inside http redirect outside 80 no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart no snmp-server enable traps syslog no snmp-server enable traps ipsec start stop no snmp-server enable traps entity config-change fru-insert fru-remove no snmp-server enable traps remote-access session-threshold-exceeded snmp-server enable snmp-server listen-port 161 fragment size 200 outside fragment chain 24 outside fragment timeout 5 outside fragment size 200 inside fragment chain 24 inside fragment timeout 5 inside fragment size 200 ASA_Management fragment chain 24 ASA_Management fragment timeout 5 ASA_Management sysopt connection tcpmss 1360 service password-recovery crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec transform-set router-set esp-3des esp-md5-hmac crypto ipsec security-association lifetime seconds 28800 crypto ipsec security-association lifetime kilobytes 4608000 crypto ipsec fragmentation before-encryption outside crypto ipsec fragmentation before-encryption inside crypto ipsec fragmentation before-encryption ASA_Management crypto ipsec df-bit copy-df outside crypto ipsec df-bit copy-df inside crypto ipsec df-bit copy-df ASA_Management crypto dynamic-map outside_dyn_map 40 set transform-set router-set crypto dynamic-map outside_dyn_map 40 set security-association lifetime seconds 28800 crypto dynamic-map outside_dyn_map 40 set security-association lifetime kilobytes 4608000 crypto dynamic-map outside_dyn_map 50 set transform-set ESP-AES-256-SHA crypto dynamic-map outside_dyn_map 50 set security-association lifetime seconds 28800 crypto dynamic-map outside_dyn_map 50 set security-association lifetime kilobytes 4608000 crypto map outside_map 20 match address outside_20_cryptomap crypto map outside_map 20 set pfs group2 crypto map outside_map 20 set connection-type bi-directional crypto map outside_map 20 set peer 16.23.0.21 crypto map outside_map 20 set transform-set ESP-AES-256-SHA crypto map outside_map 20 set security-association lifetime seconds 28800 crypto map outside_map 20 set security-association lifetime kilobytes 4608000 crypto map outside_map 20 set inheritance rule crypto map outside_map 20 set phase1-mode main crypto map outside_map 40 match address outside_40_cryptomap crypto map outside_map 40 set connection-type bi-directional crypto map outside_map 40 set peer 21.4.17.253 crypto map outside_map 40 set transform-set ESP-AES-256-SHA crypto map outside_map 40 set security-association lifetime seconds 28800 crypto map outside_map 40 set security-association lifetime kilobytes 4608000 crypto map outside_map 40 set inheritance rule crypto map outside_map 40 set phase1-mode main crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map crypto map outside_map interface outside crypto ca trustpoint DODRoot-2 revocation-check ocsp enrollment retry period 1 enrollment retry count 0 enrollment terminal fqdn none no email subject-name CN=sl,OU=U,OU=PKI,OU=D,O=U,C=U no serial-number no ip-address no password keypair DOD-PKI client-types ipsec ssl accept-subordinates id-cert-issuer id-usage ssl-ipsec no ignore-ipsec-keyusage ocsp disable-nonce ocsp url http://.mil match certificate DefaultCertificateMap override ocsp trustpoint ASDM_TrustPoint1 10 url http://.mil no proxy-ldc-issuer crl configure policy cdp cache-time 60 no enforcenextupdate no protocol http no protocol ldap no protocol scep crypto ca trustpoint DODRoot-3 revocation-check ocsp enrollment retry period 1 enrollment retry count 0 enrollment terminal fqdn none no email subject-name CN=sl,OU=U,OU=PKI,OU=D,O=U,C=US no serial-number no ip-address no password keypair DOD-PKI client-types ipsec ssl accept-subordinates id-cert-issuer id-usage ssl-ipsec no ignore-ipsec-keyusage ocsp disable-nonce ocsp url http://mil match certificate DefaultCertificateMap override ocsp trustpoint ASDM_TrustPoint1 10 url http://mil no proxy-ldc-issuer crl configure policy cdp cache-time 60 no enforcenextupdate no protocol http no protocol ldap no protocol scep crypto ca trustpoint DOD-CA13 revocation-check none enrollment retry period 1 enrollment retry count 0 enrollment terminal fqdn none no email subject-name CN=.mil,OU=USA,OU=PKI,OU=DOD,O=U. S. Government,C=US no serial-number no ip-address no password keypair DOD-PKI client-types ipsec ssl accept-subordinates id-cert-issuer id-usage ssl-ipsec no ignore-ipsec-keyusage no proxy-ldc-issuer crl configure policy cdp cache-time 60 enforcenextupdate no protocol http no protocol ldap no protocol scep crypto ca trustpoint ASDM_TrustPoint0 revocation-check none enrollment retry period 1 enrollment retry count 0 enrollment terminal fqdn monrcsv1 no email subject-name CN=m no serial-number no ip-address no password keypair DoD-1024-a no client-types accept-subordinates id-cert-issuer id-usage ssl-ipsec no ignore-ipsec-keyusage no proxy-ldc-issuer crl configure policy cdp cache-time 60 enforcenextupdate protocol http protocol ldap protocol scep crypto ca trustpoint ASDM_TrustPoint2 revocation-check none enrollment retry period 1 enrollment retry count 0 enrollment terminal no fqdn no email no subject-name no serial-number no ip-address no password client-types ipsec ssl accept-subordinates id-cert-issuer id-usage ssl-ipsec no ignore-ipsec-keyusage no proxy-ldc-issuer crl configure policy cdp cache-time 60 enforcenextupdate protocol http protocol ldap protocol scep crypto ca certificate map DefaultCertificateMap 10 subject-name ne "" crypto ca certificate map DefaultCertificateMap 20 subject-name ne "" crypto ca certificate chain DODRoot-2 certificate ca 05 30820370 30820258 a0030201 02020105 300d0609 2a864886 f70d0101 05050030 5b310b30 09060355 04061302 55533118 30160603 55040a13 0f552e53 2e20476f 7665726e 6d656e74 310c300a 06035504 0b130344 6f44310c 300a0603 55040b13 03504b49 31163014 06035504 03130d44 6f442052 6f6f7420 43412032 301e170d 30343132 31333135 30303130 5a170d32 39313230 35313530 3031305a 305b310b 30090603 55040613 02555331 18301606 0355040a 130f552e 532e2047 6f766572 6e6d656e 74310c30 0a060355 040b1303 446f4431 0c300a06 0355040b 1303504b 49311630 14060355 0403130d 446f4420 526f6f74 20434120 32308201 22300d06 092a8648 86f70d01 01010500 0382010f 00308201 0a028201 0100c02c c1f68d3b acff3f3c d671beb8 742207ec 704115fc ab40e307 aac1c3d8 9ffeda4c 3abf3fc8 d8287b4b 3601c0ac 4525c3d2 0e0a8f85 1864103d 1a13702a 6f8ed7dc 8d93b341 0f3821cd adabc23d 2a05d357 11370dcd 8c51f993 e3cc4649 218e14b4 cdcb143e 38cd7231 eeab12f2 65ea342e 565dffee 6375cb6d ba9134fc 9ef3f42d 1cbe50c4 42df5988 ff6ab3fa a86c3dcb 56717105 96bb9f80 e5804559 6741b0eb c3ad60a4 80750617 9c0ef443 e0990e1b fb7ff5b3 ccb28182 b1fd32c1 b8be41a4 64b5603a 5a51308c cede412c 19475c49 1064b974 a98741af 7d6ebac1 b8a1bf65 313a0467 f9b5bb8e 928a0063 b8b1e68c 385f83ff 50d53ba2 5d6bb210 cc630203 010001a3 3f303d30 1d060355 1d0e0416 04144974 bb0c5eba 7afe0254 ef7ba0c6 95c60980 7096300b 0603551d 0f040403 02018630 0f060355 1d130101 ff040530 030101ff 300d0609 2a864886 f70d0101 05050003 82010100 98918d3f 89c8bbf5 c0697329 3b35acba b308763d 700992e9 84442101 7d14761b ee516c1d 8d15372d 7b3169f4 9a44b8af 46cc34fa 23cb0327 19d28321 752be7e0 1b9926dc 844095e8 a8d2ccf6 585c66ef 3f4a9710 821dba0a a2dd5b06 2b9da764 4eeb2e01 35a4b43f 13ad55e4 d573a869 9b11f198 f2311e6f 40d4f878 9f8e91a0 6f700490 66aa062b cee17a92 b57de1e0 d196e7a1 3a2dccb1 9d1f0544 ed8799d3 4d1a7039 c1040ce5 7ed9f1af d7200ef1 227a25a4 7399cc3f a4072796 a8a295ed 82b916d3 9e0b87c2 c1f288f5 62df68df c7bc6951 edb15cdc 5454290f 09399aac 03c1db0c 4dae6f0a 7a1649f1 bf91d238 94d3f695 2cb76cc9 quit crypto ca certificate chain DODRoot-3 certificate ca 04 30820267 308201d0 a0030201 02020104 300d0609 2a864886 f70d0101 05050030 61310b30 09060355 04061302 55533118 30160603 55040a13 0f552e53 2e20476f 7665726e 6d656e74 310c300a 06035504 0b130344 6f44310c 300a0603 55040b13 03504b49 311c301a 06035504 03131344 6f442043 4c415353 20332052 6f6f7420 4341301e 170d3030 30353139 31333133 30305a17 0d323030 35313431 33313330 305a3061 310b3009 06035504 06130255 53311830 16060355 040a130f 552e532e 20476f76 65726e6d 656e7431 0c300a06 0355040b 1303446f 44310c30 0a060355 040b1303 504b4931 1c301a06 03550403 1313446f 4420434c 41535320 3320526f 6f742043 4130819f 300d0609 2a864886 f70d0101 01050003 818d0030 81890281 8100b530 fe64beea cc6ded81 2cf77fe9 19ba0e69 6a28e1a9 a9cb9558 1ff1e69a 6953e088 3f91c551 b96397a8 e6218c13 5e363ca8 57faf870 2c4c6acb bf30a74c 16e4325c f812b051 f816578d 2fb44dfa 2ea894e8 2a61d457 0d47ce6e 2c2f7e98 67cc0008 abb69616 35c28591 e55ba00a c7665262 f3617595 17aebc2a 5629a5e0 2b530203 010001a3 2f302d30 1d060355 1d0e0416 04146c9c a5f05c8f 6d418dc4 173b9057 c20fa3cd 6dfe300c 0603551d 13040530 030101ff 300d0609 2a864886 f70d0101 05050003 818100af 7144f997 23cc6869 8c430741 ba8820b3 220041c8 98a0551c cd3f6eb1 935cadfa 189abb1c 736ffd24 428f879f 51cfbe86 9fe9d78a 484f08d9 6994ac3f e60f2d97 0f289376 4f62dfff a0cd61f8 a6860c31 3420dc7f 2fa8fb39 be95ee38 590262c1 de6c154f e0df9dbb e4797324 fd636495 f74aa899 1f486595 quit crypto ca certificate chain DOD-CA13 certificate 00882f 308203e4 3082034d a0030201 02020300 882f300d 06092a86 4886f70d 01010505 00305731 0b300906 03550406 13025553 31183016 06035504 0a130f55 2e532e20 476f7665 726e6d65 6e74310c 300a0603 55040b13 03446f44 310c300a 06035504 0b130350 4b493112 30100603 55040313 09444f44 2043412d 3133301e 170d3037 30363139 31323131 33375a17 0d313030 36313931 32313133 375a3070 310b3009 06035504 06130255 53311830 16060355 040a130f 552e532e 20476f76 65726e6d 656e7431 0c300a06 0355040b 1303446f 44310c30 0a060355 040b1303 504b4931 0c300a06 0355040b 13035553 41311d30 1b060355 04031314 73726133 2e6d6f6e 726f652e 61726d79 2e6d696c 30819f30 0d06092a 864886f7 0d010101 05000381 8d003081 89028181 00c2e231 2f002716 c0e44913 be6a23fb 7e1f92aa 23b8a919 e2c6f877 2f59cf5d e5eafc45 e1e263f8 a14ed478 9c5835b8 c22211d0 907e8839 ef0463d9 9562c301 6a02efb6 166fa9f7 2a86f4a1 52eff8bb c98c1fa1 da5f9a18 ddc00957 fb5bd283 65054dad 2a5fb334 8c6b5c8b fa6b0962 bf833091 ab593f4d 37ed8994 34b2885f 23020301 0001a382 01a33082 019f301f 0603551d 23041830 16801464 644325a4 6ce70d22 1d65acc0 e47537cc 04dada30 1d060355 1d0e0416 04142f94 38c98093 47287c6f 09764c82 4e75f750 db2f300e 0603551d 0f0101ff 04040302 05a03081 c9060355 1d1f0481 c13081be 3030a02e a02c862a 68747470 3a2f2f63 726c2e67 64732e64 6973612e 6d696c2f 67657463 726c3f44 4f442532 3043412d 31333081 89a08186 a0818386 81806c64 61703a2f 2f63726c 2e676473 2e646973 612e6d69 6c2f636e 25336444 4f442532 3043412d 31332532 636f7525 3364504b 49253263 6f752533 64446f44 2532636f 25336455 2e532e25 3230476f 7665726e 6d656e74 25326363 25336455 533f6365 72746966 69636174 65726576 6f636174 696f6e6c 6973743b 62696e61 72793069 06082b06 01050507 0101045d 305b3037 06082b06 01050507 3002862b 68747470 3a2f2f63 726c2e67 64732e64 6973612e 6d696c2f 67657473 69676e3f 444f4425 32304341 2d313330 2006082b 06010505 07300186 14687474 703a2f2f 6f637370 2e646973 612e6d69 6c301606 03551d20 040f300d 300b0609 60864801 6502010b 05300d06 092a8648 86f70d01 01050500 03818100 cdf0ea66 e5b645ad 67ada4c1 15485399 4e5bd0cb ee16fa2f f938b59c 47ac2af9 9676fbc2 31669ac4 b2527fb4 890f6fbb bade17e5 71f1eee9 e8b87a6e acbb4107 84369442 d87a142a d3ccb98a d29eb16d b7ea3b9d 99f47e9f 8dab8a3a 9af0541d 5183d9fe d4325f9a 55132e07 a0030b53 30768b28 bbfd5677 quit certificate ca 17 30820434 3082031c a0030201 02020117 300d0609 2a864886 f70d0101 05050030 5b310b30 09060355 04061302 55533118 30160603 55040a13 0f552e53 2e20476f 7665726e 6d656e74 310c300a 06035504 0b130344 6f44310c 300a0603 55040b13 03504b49 31163014 06035504 03130d44 6f442052 6f6f7420 43412032 301e170d 30363031 32333136 34393234 5a170d31 32303132 32313634 3932345a 3057310b 30090603 55040613 02555331 18301606 0355040a 130f552e 532e2047 6f766572 6e6d656e 74310c30 0a060355 040b1303 446f4431 0c300a06 0355040b 1303504b 49311230 10060355 04031309 444f4420 43412d31 3330819f 300d0609 2a864886 f70d0101 01050003 818d0030 81890281 8100d234 f57cb690 d9ec0944 a5acde3d acd1b2ff 41da73f5 ba8e2899 41d55192 f68c00c8 714d253f b82e0f5a ef9b4b81 6cce721a 9a43b3b7 61d7c0d4 8ac24312 4dceadb4 e382733a f035ee50 fd16bae0 956b6162 39a644a8 ea4d26f4 975e6930 3547dab0 d828fa51 6f14bc9a 83382189 3366298e 0ee1e553 3b942ee3 ff6c1348 12dd0203 010001a3 82018930 82018530 0e060355 1d0f0101 ff040403 02018630 1f060355 1d230418 30168014 4974bb0c 5eba7afe 0254ef7b a0c695c6 09807096 301d0603 551d0e04 16041464 644325a4 6ce70d22 1d65acc0 e47537cc 04dada30 0c060355 1d240405 30038001 00300f06 03551d13 0101ff04 05300301 01ff3030 0603551d 20042930 27300b06 09608648 01650201 0b05300b 06096086 48016502 010b0930 0b060960 86480165 02010b0a 3081e106 03551d1f 0481d930 81d6303a a038a036 86346874 74703a2f 2f63726c 2e636861 6d622e64 6973612e 6d696c2f 67657463 726c3f44 6f442532 30526f6f 74253230 43412532 30323081 97a08194 a0819186 818e6c64 61703a2f 2f63726c 2e636861 6d622e64 6973612e 6d696c2f 636e2533 64446f44 25323052 6f6f7425 32304341 25323032 2532636f 75253364 504b4925 32636f75 25336444 6f442532 636f2533 64552e53 2e253230 476f7665 726e6d65 6e742532 63632533 64555325 33666365 72746966 69636174 65726576 6f636174 696f6e6c 69737425 33626269 6e617279 300d0609 2a864886 f70d0101 05050003 82010100 2fb663a2 722492db 78a64777 c83c434d 521f03a5 a67f72b8 a33f2ea1 de833b53 04f9db2a 36c0a88e 3c5df373 b7b8e8ae 78f707ea c430a3e9 094b82f6 12eda8b5 cf705442 4aa11885 8b6f837b 9ea579f3 2b6058d8 4efeffc3 c2ee2eee 0fa178bd e4bc6013 30bd5d32 f54cfd75 1a10bd29 2f5e7596 643006ed 193ed122 770a3e70 56f0ba4b a2054694 0d03029b a66d2a40 90036b34 18f80187 eed6bc63 b6adc489 fa827c61 4e9643c8 d08897bd ac15a6be 4d9942fd a09daad7 946baa1b 5d751a30 26e0adbf 77ae489a fee7ee78 244d0b71 55bd26ff ff9bf21e da48487b c4e4de3c 707ba0ad 5c82662c 4513e85c 5718b71e 95c2fd95 181c0607 quit crypto ca certificate chain ASDM_TrustPoint2 certificate ca 00 30820389 30820271 a0030201 02020100 300d0609 2a864886 f70d0101 05050030 60310b30 09060355 04061302 55533118 30160603 55040a13 0f552e53 2e20476f 7665726e 6d656e74 310c300a 06035504 0b130344 6f44310c 300a0603 55040b13 03504b49 311b3019 06035504 03131244 4f44204f 43535020 53532032 30343820 31301e17 0d303830 32323031 39303434 345a170d 31313034 31303139 30343434 5a306031 0b300906 03550406 13025553 31183016 06035504 0a130f55 2e532e20 476f7665 726e6d65 6e74310c 300a0603 55040b13 03446f44 310c300a 06035504 0b130350 4b49311b 30190603 55040313 12444f44 204f4353 50205353 20323034 38203130 82012230 0d06092a 864886f7 0d010101 05000382 010f0030 82010a02 82010100 df4ba8a2 aca0cfc2 ac6057b3 131bef5a 1d6a3f82 4d1c26a8 f8284a7b 7d92b5f1 539d0248 6a2d0bb8 b6df7d98 5e8cc9ad 2b9afc11 e85cef5e 16395ecf f0f80543 95efc4b2 860c7b42 f6016e37 37ffd181 1a7cda97 a5d837e3 2b63b35f a3618210 e40fb459 b86beb86 bfa72380 7e1ee3f1 71565045 1b90a51e 657c09da 1def41ce 38849fd2 938390f4 82b6c804 e50354b2 3d65a77a 88131923 00368fdd bb8fea4f 0d97eed0 dad10395 7daf3f44 b24f42a9 80e22c89 5348d529 31677d9e fa58606b 275dce8c a3ccdaa6 0853f0fd c5dfe33f 673b0db3 bc4eaffe 6180447c 3492664a 476568aa f96479c6 87cabc74 b72c7204 bf8d535f 0e5ba6c2 12dc10a5 0e26d483 02030100 01a34e30 4c300906 03551d13 04023000 30200603 551d2501 01ff0416 30140608 2b060105 05070301 06082b06 01050507 0309301d 0603551d 0e041604 149afe11 3204cfa4 93aedfd9 4960cee9 55848354 bc300d06 092a8648 86f70d01 01050500 03820101 0079ece7 31b71971 82c57a12 3d718132 365d68c2 75b257c5 20d9ccd3 50f51a6c 7dae053f 759371e1 f5a60ea6 2f50b146 25e2785b 0024b3d9 cdaa9505 8df82656 90f6495b 3fb67a5c ab7f090b 585db278 cd7ec64c fe23f640 3c45db6b 1573daed 58f8c568 3a186c8b 4f7d8f29 089fd8e5 66bfb9b4 ca69b59d 78d6e4d7 02cf69f2 243113f5 996eafb5 92cb9158 68240943 26e5c4db 5b77bc91 f08ffd00 bc9ee0e1 13459590 5e386e22 d611c974 cf1a63a1 1edce56d 5a5501bf dc008d1f 8716223b 9fd90d1b 903b9381 9ad493b8 1594783d 958616d5 14386c47 d6d5e087 5e9a0a8e b1326cb0 06fd7d9d 7922f8c9 f3a6266b 6321bc78 8fd47fe5 7d54ca5e quit crypto isakmp identity auto crypto isakmp enable outside crypto isakmp policy 10 authentication pre-share encryption aes-256 hash sha group 2 lifetime 86400 crypto isakmp policy 20 authentication rsa-sig encryption 3des hash sha group 2 lifetime 86400 crypto isakmp policy 30 authentication pre-share encryption 3des hash md5 group 2 lifetime 86400 no crypto isakmp nat-traversal no vpn-addr-assign aaa no vpn-addr-assign dhcp telnet timeout 5 ssh 19.11.5.99 255.255.255.255 inside ssh 16.23.224.25 255.255.255.255 inside ssh 16.23.225.68 255.255.255.255 inside ssh 14.24.59.203 255.255.255.255 inside ssh 16.23.225.69 255.255.255.255 inside ssh 16.23.225.36 255.255.255.255 inside ssh 16.23.225.52 255.255.255.255 inside ssh 19.16.5.0 255.255.255.0 ASA_Management ssh timeout 30 ssh version 2 console timeout 30 threat-detection basic-threat threat-detection statistics access-list ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum 1024 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect netbios inspect rsh inspect rtsp inspect skinny inspect sqlnet inspect sunrpc inspect tftp inspect sip inspect xdmcp ! service-policy global_policy global ntp server 16.23.224.4 source inside tftp-server ASA_Management 19.16.5.10 /network/tftp/ASA_6_9_08 ssl encryption aes256-sha1 3des-sha1 ssl trust-point DOD-CA13 outside ssl certificate-authentication interface outside port 443 webvpn enable outside csd image disk0:/securedesktop-asa-3.2.0.136-k9.pkg svc image disk0:/anyconnect-win-2.0.0343-k9.pkg 1 svc image disk0:/anyconnect-win-2.1.0148-k9.pkg 2 svc profiles JTFCS-DEFAULT disk0:/JTFCS_PROFILE.xml svc enable onscreen-keyboard all certificate-group-map DefaultCertificateMap 20 DefaultWEBVPNGroup group-policy DfltGrpPolicy attributes vpn-simultaneous-logins 0 vpn-filter value Def_Deny vpn-tunnel-protocol IPSec nac-settings value DfltGrpPolicy-nac-framework-create webvpn svc dpd-interval client none svc dpd-interval gateway none svc compression none activex-relay disable file-entry disable file-browsing disable url-entry disable group-policy DCDINS-KITS internal group-policy DCDINS-KITS attributes vpn-filter value DCDINS-KITS_L2L vpn-tunnel-protocol IPSec group-policy ERCS_L2L internal group-policy ERCS_L2L attributes vpn-filter value ERCS_L2L vpn-tunnel-protocol IPSec group-policy NC_L2L internal group-policy NC_L2L attributes vpn-filter value NC_L2L vpn-tunnel-protocol IPSec group-policy _CAC internal group-policy _CAC attributes banner value !! Welcome Users !! banner value Use of this computer system, authorized or unauthorized, constitutes consent to banner value monitoring of this system. Unauthorized use may subject you to criminal prosecution. Evidence of banner value unauthorized use collected during monitoring may be used for administrative, criminal, or other banner value adverse action. Use of this system constitutes consent to monitoring for these purposes. wins-server value 16.23.224.8 dns-server value 16.23.224.3 16.23.224.4 vpn-simultaneous-logins 3 vpn-idle-timeout 30 vpn-filter value remote_clients vpn-tunnel-protocol svc password-storage disable split-tunnel-policy tunnelall default-domain value .mil backup-servers keep-client-config msie-proxy server value m.mil:8080 msie-proxy method use-server msie-proxy except-list value 16.23.224.* 16.23.225.* *.mil msie-proxy local-bypass enable address-pools value CS_USERS webvpn svc dtls none svc mtu 1406 svc keepalive 120 svc rekey time 30 svc rekey method ssl svc dpd-interval client 30 svc dpd-interval gateway 30 svc ask none default webvpn tunnel-group DefaultL2LGroup general-attributes default-group-policy DCDINS-KITS tunnel-group DefaultL2LGroup ipsec-attributes pre-shared-key * tunnel-group DefaultRAGroup general-attributes authorization-server-group AD-LDAP default-group-policy _CAC authorization-required authorization-dn-attributes UPN tunnel-group DefaultRAGroup ipsec-attributes chain trust-point DOD-CA13 isakmp ikev1-user-authentication none tunnel-group DefaultRAGroup ppp-attributes no authentication chap no authentication ms-chap-v1 tunnel-group DefaultWEBVPNGroup general-attributes authorization-server-group AD-LDAP default-group-policy _CAC authorization-required authorization-dn-attributes UPN tunnel-group DefaultWEBVPNGroup webvpn-attributes customization JT authentication certificate group-alias CS_USERS(DEFAULT) enable group-alias _WebVPN(Default) enable group-url https://mil/cs-users enable tunnel-group DefaultWEBVPNGroup ipsec-attributes peer-id-validate nocheck chain isakmp ikev1-user-authentication none tunnel-group DefaultWEBVPNGroup ppp-attributes no authentication chap no authentication ms-chap-v1 tunnel-group 16.23.0.21 type ipsec-l2l tunnel-group 16.23.0.21 general-attributes default-group-policy NC_L2L tunnel-group 16.23.0.21 ipsec-attributes pre-shared-key * tunnel-group 21.4.17.253 type ipsec-l2l tunnel-group 21.4.17.253 general-attributes default-group-policy ERCS_L2L tunnel-group 21.4.17.253 ipsec-attributes pre-shared-key * tunnel-group-map enable rules no tunnel-group-map enable ou no tunnel-group-map enable ike-id no tunnel-group-map enable peer-ip tunnel-group-map DefaultCertificateMap 10 DefaultRAGroup smtps port 25 default-group-policy DfltGrpPolicy authorization-dn-attributes UID smtp-server 16.23.224.44 prompt hostname context no compression svc http-comp