show running-config 

: Saved

:

ASA Version 8.4(2) 

!

hostname asa

domain-name test.lab

enable password XejxZFfyt2wxqfff encrypted

passwd XejxZFfyt2wxqfff encrypted

names

dns-guard

!

interface GigabitEthernet0

 nameif outside

 security-level 0

 ip address  

!

interface GigabitEthernet1

 nameif inside

 security-level 100

 ip address 192.168.1.230 255.255.255.0 

!

ftp mode passive

dns domain-lookup inside

dns server-group DefaultDNS

 name-server 192.168.1.10

 domain-name planet-express.internal

same-security-traffic permit inter-interface

same-security-traffic permit intra-interface

object network VPN-Address-Pool

 description VPN-Address-Pool

object network inside-network

 subnet 192.168.1.0 255.255.255.0

 description inside-network

object network VPN-Pool

 subnet 10.10.10.0 255.255.255.0

object network AnyConnect-VPN-Pool

object network LAN

 subnet 192.168.1.0 255.255.255.0

object network asa

 host 192.168.1.230

access-list inside_access_in extended permit ip any any 

pager lines 24

logging enable

logging asdm informational

mtu outside 1500

mtu inside 1500

ip local pool VPN-Address-Pool 10.10.10.10-10.10.10.254 mask 255.255.255.0

no failover

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-715-100.bin

no asdm history enable

arp timeout 14400

nat (any,inside) source dynamic VPN-Pool interface inactive

access-group inside_access_in in interface inside

route inside 0.0.0.0 0.0.0.0 192.168.1.254 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

dynamic-access-policy-record DfltAccessPolicy

aaa-server planet-express protocol nt

aaa-server planet-express (inside) host farnsworth.planet-express.internal

 nt-auth-domain-controller 192.168.1.10

user-identity default-domain LOCAL

aaa authentication ssh console LOCAL 

aaa authentication http console LOCAL 

http server enable 444

http 192.168.1.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart

crypto ipsec ikev2 ipsec-proposal DES

 protocol esp encryption des

 protocol esp integrity sha-1 md5

crypto ipsec ikev2 ipsec-proposal 3DES

 protocol esp encryption 3des

 protocol esp integrity sha-1 md5

crypto ipsec ikev2 ipsec-proposal AES

 protocol esp encryption aes

 protocol esp integrity sha-1 md5

crypto ipsec ikev2 ipsec-proposal AES192

 protocol esp encryption aes-192

 protocol esp integrity sha-1 md5

crypto ipsec ikev2 ipsec-proposal AES256

 protocol esp encryption aes-256

 protocol esp integrity sha-1 md5

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES

crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP

crypto map inside_map interface inside

crypto ca trustpoint ASDM_TrustPoint0

 enrollment self

 subject-name CN=test

 keypair key-2048

 crl configure

crypto ca certificate chain ASDM_TrustPoint0

 certificate 2ee76b53

      quit

crypto ikev2 policy 1

 encryption aes-256

 integrity sha

 group 5 2

 prf sha

 lifetime seconds 86400

crypto ikev2 policy 10

 encryption aes-192

 integrity sha

 group 5 2

 prf sha

 lifetime seconds 86400

crypto ikev2 policy 20

 encryption aes

 integrity sha

 group 5 2

 prf sha

 lifetime seconds 86400

crypto ikev2 policy 30

 encryption 3des

 integrity sha

 group 5 2

 prf sha

 lifetime seconds 86400

crypto ikev2 policy 40

 encryption des

 integrity sha

 group 5 2

 prf sha

 lifetime seconds 86400

crypto ikev2 enable inside client-services port 443

crypto ikev2 remote-access trustpoint ASDM_TrustPoint0

telnet timeout 60

ssh 192.168.1.0 255.255.255.0 inside

ssh timeout 60

ssh version 2

console timeout 0

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

ssl trust-point ASDM_TrustPoint0 inside

webvpn

 enable inside

 anyconnect image disk0:/anyconnect-win-3.1.05160-k9.pkg 1

 anyconnect image disk0:/anyconnect-macosx-i386-3.1.05160-k9.pkg 2

 anyconnect image disk0:/anyconnect-linux-64-3.1.05160-k9.pkg 3

 anyconnect image disk0:/anyconnect-linux-3.1.05160-k9.pkg 4

 anyconnect profiles AnyConnect_client_profile disk0:/AnyConnect_client_profile.xml

 anyconnect enable

 tunnel-group-list enable

group-policy GroupPolicy_AnyConnect internal

group-policy GroupPolicy_AnyConnect attributes

 wins-server none

 dns-server value 192.168.1.10

 vpn-tunnel-protocol ikev2 ssl-client 

 default-domain value test.lab

 webvpn

  anyconnect profiles value AnyConnect_client_profile type user

group-policy Portal-Group-Policy internal

group-policy Portal-Group-Policy attributes

 wins-server none

 dns-server value 192.168.1.10

 vpn-tunnel-protocol ssl-clientless

 default-domain value test.lab

 webvpn

  url-list value Administrator

username admin password Cisco encrypted privilege 15

tunnel-group Portal type remote-access

tunnel-group Portal general-attributes

 address-pool VPN-Address-Pool

 default-group-policy Portal-Group-Policy

tunnel-group Portal webvpn-attributes

 group-alias Portal enable

 group-alias portal disable

tunnel-group AnyConnect type remote-access

tunnel-group AnyConnect general-attributes

 address-pool VPN-Address-Pool

 default-group-policy GroupPolicy_AnyConnect

tunnel-group AnyConnect webvpn-attributes

 group-alias AnyConnect enable

!

class-map global-class

 match default-inspection-traffic

!

!             

policy-map global-policy

 class global-class

  inspect dns 

  inspect ftp 

  inspect http 

  inspect icmp 

  inspect icmp error 

!

service-policy global-policy global

prompt hostname context 

no call-home reporting anonymous

call-home

 profile CiscoTAC-1

  no active

  destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService

  destination address email callhome@cisco.com

  destination transport-method http

  subscribe-to-alert-group diagnostic

  subscribe-to-alert-group environment

  subscribe-to-alert-group inventory periodic monthly

  subscribe-to-alert-group configuration periodic monthly

  subscribe-to-alert-group telemetry periodic daily

crashinfo save disable

Cryptochecksum:

: end