: Saved : ASA Version 8.0(3) ! hostname Fugen-FW domain-name federationportal.com enable password 49xGx7RBTzMSkVNZ encrypted names name 172.16.1.0 network161 name 172.16.2.0 network162 dns-guard ! interface Ethernet0/0 duplex full nameif outside security-level 0 ip address 63.146.69.170 255.255.255.248 ospf cost 10 ! interface Ethernet0/1 duplex full nameif internal security-level 100 ip address 192.168.48.254 255.255.255.0 ospf cost 10 ! interface Ethernet0/2 duplex full nameif fugen-dmz security-level 50 ip address 192.168.254.254 255.255.255.0 ospf cost 10 ! interface Ethernet0/3 nameif fg-idsys security-level 70 ip address 192.168.70.254 255.255.255.0 ! interface Management0/0 nameif management security-level 100 ip address 192.168.1.1 255.255.255.0 ospf cost 10 management-only ! passwd 49xGx7RBTzMSkVNZ encrypted boot system disk0:/asa803-k8.bin boot system disk0:/asa722-k8.bin boot system disk0:/disk0 ftp mode passive clock timezone PST -8 clock summer-time PDT recurring dns domain-lookup outside dns server-group 161DNS name-server 172.16.1.101 dns server-group 162DNS name-server 172.16.2.101 dns server-group DefaultDNS name-server 205.171.3.65 domain-name federationportal.com dns server-group fugen object-group service RomeIdPGroup tcp description This group is for Rome IdP CardSpace Demo 6000,6001,6080,6443 port-object range 6000 6000 port-object range 6001 6001 port-object range 6080 6080 port-object range 6443 6443 object-group service TurinIdPGroup tcp description This group is for the Turin IdP Demo port-object range 5000 5000 port-object range 5001 5001 port-object range 5080 5080 port-object range 5443 5443 object-group service VeniceIdPGroup tcp description This group of port numbers is for Venice IdP port-object range 4000 4000 port-object range 4001 4001 port-object range 4080 4080 port-object range 4443 4443 object-group protocol TCPUDP protocol-object udp protocol-object tcp access-list inbound extended permit tcp any host 63.146.69.171 eq www access-list inbound extended permit tcp any host 63.146.69.171 eq https access-list inbound extended permit tcp any host 63.146.69.172 eq ssh access-list inbound extended permit tcp any host 63.146.69.173 eq ssh access-list inbound extended permit tcp any host 63.146.69.171 eq 8080 access-list inbound extended permit tcp any host 63.146.69.174 eq 7000 access-list inbound extended permit tcp any host 63.146.69.174 eq 7001 access-list inbound extended permit tcp any host 63.146.69.174 eq https access-list inbound extended permit tcp any host 63.146.69.174 eq www access-list inbound extended permit tcp any host 63.146.69.171 eq 1080 access-list inbound extended permit tcp any host 63.146.69.171 eq 1443 access-list inbound extended permit tcp any host 63.146.69.174 object-group RomeIdPGroup access-list inbound extended permit tcp any host 63.146.69.174 object-group VeniceIdPGroup access-list inbound extended permit tcp any host 63.146.69.174 object-group TurinIdPGroup access-list 200 standard permit 192.168.0.0 255.255.0.0 access-list 200 standard permit 172.31.0.0 255.255.0.0 access-list 200 standard permit network161 255.255.255.0 access-list 200 standard permit network162 255.255.255.0 access-list fugendmz extended permit icmp any any echo-reply access-list fugendmz extended permit ip any any access-list 111 extended permit ip 192.168.49.0 255.255.255.0 192.168.50.0 255.255.255.0 access-list 111 extended permit ip 172.31.0.0 255.255.255.0 192.168.50.0 255.255.255.0 access-list 111 extended permit ip any 10.100.100.0 255.255.255.0 access-list 111 extended permit ip network161 255.255.255.0 192.168.50.0 255.255.255.0 access-list 111 extended permit ip network162 255.255.255.0 192.168.50.0 255.255.255.0 access-list 112 extended permit ip 192.168.48.0 255.255.255.0 192.168.50.0 255.255.255.0 access-list 201 standard permit 192.168.101.0 255.255.255.0 access-list 202 standard permit 192.168.49.0 255.255.255.0 access-list 202 standard permit 192.168.101.0 255.255.255.0 access-list 203 standard permit 192.168.49.0 255.255.255.0 access-list internal_access_out extended permit udp 192.168.48.0 255.255.255.0 eq ntp 63.146.69.168 255.255.255.248 eq ntp access-list fgdev extended permit ip any host 172.31.0.1 access-list fugen-dmz extended permit ip any 63.146.69.168 255.255.255.248 access-list 161 standard permit network161 255.255.255.0 access-list 162 standard permit network162 255.255.255.0 access-list split standard permit network161 255.255.255.0 access-list split standard permit network162 255.255.255.0 access-list fg-idsys extended permit ip any any access-list fg-idsys extended permit icmp any any echo-reply access-list fg-idsys extended permit ip any 63.146.69.168 255.255.255.248 pager lines 24 logging enable logging console debugging logging asdm informational mtu outside 1500 mtu internal 1500 mtu fugen-dmz 1500 mtu management 1500 mtu fg-idsys 1500 ip local pool fugen 192.168.50.1-192.168.50.254 mask 255.255.255.0 ip local pool cisco 10.100.100.1-10.100.100.100 mask 255.255.255.0 icmp unreachable rate-limit 1 burst-size 1 icmp permit any fugen-dmz asdm image disk0:/asdm-603.bin no asdm history enable arp timeout 14400 nat-control global (outside) 1 interface global (fugen-dmz) 1 interface global (fg-idsys) 1 interface nat (internal) 0 access-list 112 nat (internal) 1 192.168.48.0 255.255.255.0 nat (fugen-dmz) 0 access-list 111 nat (fugen-dmz) 1 192.168.49.0 255.255.255.0 nat (fugen-dmz) 1 192.168.100.0 255.255.255.0 nat (fugen-dmz) 1 192.168.101.0 255.255.255.0 nat (fugen-dmz) 1 172.16.0.0 255.255.0.0 nat (fugen-dmz) 1 172.31.0.0 255.255.0.0 nat (fg-idsys) 1 network161 255.255.255.0 nat (fg-idsys) 1 network162 255.255.255.0 alias (fugen-dmz) 192.168.101.155 200.198.184.106 255.255.255.255 static (fugen-dmz,outside) 63.146.69.171 192.168.49.10 netmask 255.255.255.255 dns static (fugen-dmz,outside) 63.146.69.173 172.31.0.154 netmask 255.255.255.255 static (fugen-dmz,outside) 63.146.69.174 192.168.49.13 netmask 255.255.255.255 access-group inbound in interface outside access-group internal_access_out out interface internal route outside 0.0.0.0 0.0.0.0 63.146.69.169 1 route fg-idsys network161 255.255.255.0 192.168.70.1 1 route fg-idsys network162 255.255.255.0 192.168.70.1 1 route fugen-dmz 172.31.0.0 255.255.0.0 192.168.254.1 1 route fugen-dmz 192.168.49.0 255.255.255.0 192.168.254.1 1 route fugen-dmz 192.168.100.0 255.255.255.0 192.168.254.1 1 route fugen-dmz 192.168.101.0 255.255.255.0 192.168.254.1 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout uauth 0:05:00 absolute dynamic-access-policy-record DfltAccessPolicy aaa authentication ssh console LOCAL http server enable http 192.168.1.0 255.255.255.0 management http 192.168.48.0 255.255.255.0 internal http 0.0.0.0 0.0.0.0 outside http redirect outside 80 no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart no crypto isakmp nat-traversal telnet 192.168.48.0 255.255.255.0 internal telnet timeout 5 ssh 71.130.100.153 255.255.255.255 outside ssh 64.104.208.109 255.255.255.255 outside ssh 192.168.48.2 255.255.255.255 internal ssh 192.168.101.154 255.255.255.255 fugen-dmz ssh 172.31.0.154 255.255.255.255 fugen-dmz ssh timeout 20 console timeout 0 dhcpd dns 205.171.3.65 ! dhcpd address 192.168.48.100-192.168.48.150 internal dhcpd enable internal ! dhcpd address 192.168.1.2-192.168.1.254 management dhcpd enable management ! threat-detection basic-threat threat-detection statistics ntp server 66.7.96.1 source outside ntp server 209.132.176.4 source outside ntp server 155.97.17.169 source outside prefer tftp-server internal 192.168.48.104 C:\Users\Sudarsan\tftp\configs webvpn enable outside svc image disk0:/sslclient-win-1.1.0.154.pkg 1 svc image disk0:/sslclient-win-1.1.0.154.pkg 2 svc image disk0:/anyconnect-win-2.1.0148-k9.pkg 3 svc enable tunnel-group-list enable group-policy DfltGrpPolicy attributes vpn-tunnel-protocol IPSec svc webvpn group-policy FugenSSL internal group-policy FugenSSL attributes dns-server value 172.31.0.1 vpn-tunnel-protocol IPSec svc webvpn split-tunnel-policy tunnelspecified split-tunnel-network-list value 200 split-dns value federationportal.com address-pools value fugen webvpn svc keep-installer installed svc rekey time 30 svc rekey method ssl svc ask enable group-policy userssl1 internal group-policy userssl1 attributes dns-server value 192.168.101.3 vpn-tunnel-protocol svc webvpn split-tunnel-policy tunnelspecified split-tunnel-network-list value 201 split-dns value adagency.com travelagency.com socialphotos.com fugenisp.com cafederation.com address-pools value fugen webvpn svc keep-installer installed svc rekey time 60 svc ask enable group-policy userssl3 internal group-policy userssl3 attributes dns-server value 192.168.49.1 vpn-tunnel-protocol svc webvpn split-tunnel-policy tunnelspecified split-tunnel-network-list value 203 address-pools value fugen webvpn svc keep-installer installed svc rekey time 60 svc ask enable group-policy userssl2 internal group-policy userssl2 attributes dns-server value 172.31.0.251 172.31.0.252 vpn-tunnel-protocol svc webvpn split-tunnel-policy tunnelspecified split-tunnel-network-list value 200 address-pools value fugen webvpn svc keep-installer installed svc rekey time 60 svc ask enable group-policy 161 internal group-policy 161 attributes dns-server value 172.16.1.101 vpn-tunnel-protocol IPSec svc webvpn split-tunnel-policy tunnelspecified split-tunnel-network-list value 161 split-dns value google.com group-policy 162 internal group-policy 162 attributes dns-server value 172.16.2.101 vpn-tunnel-protocol IPSec svc webvpn split-tunnel-policy tunnelspecified split-tunnel-network-list value 162 split-dns value yahoo.com group-policy contro internal group-policy contro attributes vpn-filter value fgdev vpn-tunnel-protocol svc webvpn address-pools value fugen webvpn svc keep-installer installed svc ask enable username gvishal password 7bn3eta2EVg.Wf5X encrypted username deven password 78LR0RaXadGGe.Rq encrypted username deven attributes vpn-group-policy FugenSSL username sampo password q6opmpbiYs6e7xXq encrypted username guest011 password UiUOeeh0YljY7yem encrypted username guest011 attributes vpn-group-policy FugenSSL username guru password 5JeCkwqbCwFqZ5ZZ encrypted username guru attributes vpn-group-policy FugenSSL username rajs password XQHASoMxryU8eAh/ encrypted username rajs attributes vpn-group-policy FugenSSL username svinayak password 1SebFemfEG44SHum encrypted username svinayak attributes vpn-group-policy FugenSSL username user161 password rHQQ9r5HREJzUaNj encrypted username user161 attributes vpn-group-policy 161 vpn-tunnel-protocol IPSec svc webvpn username user162 password B8eHASpLC9r7BXBX encrypted username user162 attributes vpn-group-policy 162 vpn-tunnel-protocol IPSec svc webvpn username haishi password GKFua8MTyjSX2tHn encrypted username haishi attributes vpn-group-policy FugenSSL vpn-simultaneous-logins 1 vpn-tunnel-protocol svc webvpn webvpn svc keep-installer installed svc ask enable username lena password 33hWFrj95rALLyUE encrypted username lena attributes vpn-group-policy FugenSSL username jpinmadurai password OIVl.VZ8D197IDlH encrypted username jpinmadurai attributes vpn-group-policy FugenSSL vpn-simultaneous-logins 3 vpn-tunnel-protocol IPSec svc webvpn homepage value http://www.cisco.com svc ask none default svc username symlabs password ND9t/ImtKq/HkhiS encrypted username symlabs attributes vpn-group-policy userssl2 username shankar password Bjy4xGcnIeZh1jun encrypted username robert password 3pMYBc5nFyf2dBxm encrypted username robert attributes vpn-group-policy FugenSSL username hemma password zwhpBN9xSk26Lh0o encrypted username hemma attributes vpn-group-policy FugenSSL username nprabakar password rAlBxUlQt/v8btIm encrypted username nprabakar attributes vpn-group-policy FugenSSL username vijay password bCHFKvuj9PY7t.e6 encrypted username vijay attributes vpn-group-policy FugenSSL vpn-tunnel-protocol IPSec svc webvpn webvpn svc keep-installer installed svc ask enable tunnel-group fugen type remote-access tunnel-group fugen general-attributes address-pool fugen default-group-policy FugenSSL tunnel-group fugen webvpn-attributes group-alias Fugen-SSLVPN enable tunnel-group SymLabsAccess type remote-access tunnel-group fugentunnel type remote-access tunnel-group fugentunnel general-attributes address-pool fugen tunnel-group usersslgroup1 type remote-access tunnel-group usersslgroup1 general-attributes address-pool fugen default-group-policy userssl1 tunnel-group 161 type remote-access tunnel-group 161 general-attributes address-pool cisco default-group-policy 161 tunnel-group 161 webvpn-attributes group-alias "161 networks" enable group-alias 172.16 disable group-alias 172.16. disable group-alias networks disable tunnel-group 162 type remote-access tunnel-group 162 general-attributes address-pool cisco default-group-policy 162 tunnel-group 162 webvpn-attributes group-alias "162 networks" enable ! class-map inspection_default match default-inspection-traffic ! ! policy-map global_policy class inspection_default inspect xdmcp inspect icmp ! service-policy global_policy global prompt hostname context Cryptochecksum:de1781a5d07b475a0d9404d4a970618e : end asdm image disk0:/asdm-603.bin asdm location network161 255.255.255.0 internal asdm location network162 255.255.255.0 internal no asdm history enable