more system:running-config
Cryptochecksum: ac9d6650 b10a551c 8cd74337 b8de8aa8
: Saved
: Written by <removed> at 15:21:32.648 PST Wed Feb 26 2014
!
ASA Version 9.1(1)
!
hostname Kanai-ASA5505
domain-name <domain>
enable password <removed> encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd <removed> encrypted
names
ip local pool vpnpool 192.168.10.158-192.168.10.170 mask 255.255.255.0
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.10.180 255.255.255.0
 ospf cost 10
!
interface Vlan2
 nameif outside
 security-level 0
 ip address <ip_40316bf5a8> 255.255.255.252
 ospf cost 10
!
interface Vlan5
 no nameif
 security-level 50
 no ip address
!
boot system disk0:/asa911-k8.bin
ftp mode passive
clock timezone PST -8
clock summer-time PDT recurring
dns domain-lookup inside
dns domain-lookup outside
dns server-group DefaultDNS
 name-server 192.168.10.190
 domain-name <domain>
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network obj-192.168.10.96
 subnet 192.168.10.96 255.255.255.240
object network obj-192.168.10.0
 subnet 192.168.10.0 255.255.255.0
object network obj-192.168.0.0
 subnet 192.168.0.0 255.255.255.0
object network obj-192.168.22.0
 subnet 192.168.22.0 255.255.255.0
object network obj-192.168.10.0-NAT
 subnet 192.168.10.0 255.255.255.0
object network obj-192.168.10.188
 host 192.168.10.188
object network obj-192.168.10.190-RDP
 host 192.168.10.190
object network NETWORK_OBJ_192.168.10.128_26
 subnet 192.168.10.128 255.255.255.192
object network 192.168.10.197
 host 192.168.10.197
object network obj-192.168.10.197
 host 192.168.10.197
object network obj-192.168.99.0
 subnet 192.168.99.0 255.255.255.0
access-list in-out extended permit ip any4 any4
access-list splitvpn standard permit 192.168.10.0 255.255.255.0
access-list cryptomap1 extended permit ip 192.168.10.0 255.255.255.0 192.168.0.0 255.255.255.0
access-list cryptomap1 extended permit ip 192.168.10.0 255.255.255.0 192.168.99.0 255.255.255.0
access-list cryptomap2 extended permit ip 192.168.10.0 255.255.255.0 192.168.22.0 255.255.255.0
access-list out-in remark Remote Desktop for Solar
access-list out-in extended permit tcp any4 host 192.168.10.188 eq 3389
access-list out-in remark Remote Desktop for DGSTV
access-list out-in extended permit tcp any4 object 192.168.10.197 eq 3389
access-list out-in extended permit tcp host <ip_8c94c0a24c> host 192.168.10.190 eq 3389
access-list out-in extended permit ip 192.168.10.0 255.255.255.0 192.168.10.0 255.255.255.0
access-list out-in extended permit ip 192.168.22.0 255.255.255.0 any
access-list out-in extended permit ip 192.168.0.0 255.255.255.0 any
access-list splitvpn2 extended permit ip 192.168.10.0 255.255.255.0 192.168.10.0 255.255.255.0
pager lines 24
logging enable
logging monitor debugging
logging asdm informational
mtu inside 1500
mtu outside 1500
ip verify reverse-path interface outside
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-712.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (inside,outside) source static obj-192.168.10.0 obj-192.168.10.0 destination static obj-192.168.99.0 obj-192.168.99.0 no-proxy-arp route-lookup
nat (inside,outside) source static obj-192.168.10.0 obj-192.168.10.0 destination static obj-192.168.10.0 obj-192.168.10.0 no-proxy-arp route-lookup
nat (inside,outside) source static obj-192.168.10.0 obj-192.168.10.0 destination static obj-192.168.22.0 obj-192.168.22.0 no-proxy-arp route-lookup
nat (inside,outside) source static obj-192.168.10.0 obj-192.168.10.0 destination static obj-192.168.0.0 obj-192.168.0.0 no-proxy-arp route-lookup
nat (inside,outside) source static any any destination static NETWORK_OBJ_192.168.10.128_26 NETWORK_OBJ_192.168.10.128_26 no-proxy-arp route-lookup
!
object network obj-192.168.10.0-NAT
 nat (inside,outside) dynamic interface
object network obj-192.168.10.188
 nat (inside,outside) static interface service tcp 3389 3389
object network obj-192.168.10.190-RDP
 nat (inside,outside) static interface service tcp 3389 33190
object network obj-192.168.10.197
 nat (inside,outside) static interface service tcp 3389 3390
access-group in-out in interface inside
access-group out-in in interface outside
route outside 0.0.0.0 0.0.0.0 <ip_ec887fc383> 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server DCNS-Radius protocol radius
aaa-server DCNS-Radius (inside) host 192.168.10.190
 key tvi88&Eibf%NdhwR0CtE0#bFwuCpxCMcIy!AlpBchCRA7ygkHtPOqWyQDarybR3q
 <domain>mon-pw tvi88&Eibf%NdhwR0CtE0#bFwuCpxCMcIy!AlpBchCRA7ygkHtPOqWyQDarybR3q
user-identity default-domain LOCAL
nac-policy DfltGrpPolicy-nac-framework-create nac-framework
 reval-period 36000
 sq-period 300
aaa authentication http console LOCAL
aaa authentication ssh console LOCAL
aaa authentication telnet console LOCAL
aaa authentication enable console LOCAL
http server enable
http <ip_8c94c0a24c> 255.255.255.255 outside
http 192.168.10.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
no sysopt connection permit-vpn
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set Sitetunnel esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set Clienttunnel esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set SiteTunnel esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transport
crypto ipsec ikev2 ipsec-proposal DES
 protocol esp encryption des
 protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
 protocol esp encryption 3des
 protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
 protocol esp encryption aes
 protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
 protocol esp encryption aes-192
 protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES256
 protocol esp encryption aes-256
 protocol esp integrity sha-1 md5
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map outside_dyn_map 20 set pfs group1
crypto dynamic-map outside_dyn_map 20 set ikev1 transform-set ESP-3DES-SHA ESP-AES-256-SHA ESP-AES-128-SHA-TRANS ESP-AES-192-SHA-TRANS ESP-AES-256-SHA-TRANS ESP-3DES-SHA-TRANS ESP-DES-SHA-TRANS
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 10 match address cryptomap1
crypto map outside_map 10 set peer <ip_42abf11fc8>
crypto map outside_map 10 set ikev1 transform-set Sitetunnel SiteTunnel
crypto map outside_map 10 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map outside_map 20 match address cryptomap2
crypto map outside_map 20 set peer <ip_75211a13f8>
crypto map outside_map 20 set ikev1 transform-set Sitetunnel SiteTunnel
crypto map outside_map 20 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map inside_map interface inside
crypto ca trustpool policy
crypto ikev2 policy 1
 encryption aes-256
 integrity sha
 group 5 2
 prf sha
 lifetime seconds 86400
crypto ikev2 policy 10
 encryption aes-192
 integrity sha
 group 5 2
 prf sha
 lifetime seconds 86400
crypto ikev2 policy 20
 encryption aes
 integrity sha
 group 5 2
 prf sha
 lifetime seconds 86400
crypto ikev2 policy 30
 encryption 3des
 integrity sha
 group 5 2
 prf sha
 lifetime seconds 86400
crypto ikev2 policy 40
 encryption des
 integrity sha
 group 5 2
 prf sha
 lifetime seconds 86400
crypto ikev1 enable outside
crypto ikev1 policy 10
 authentication pre-share
 encryption 3des
 hash md5
 group 2
 lifetime 86400
crypto ikev1 policy 30
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 100
 authentication pre-share
 encryption des
 hash md5
 group 2
 lifetime 86500
crypto ikev1 policy 110
 authentication pre-share
 encryption aes
 hash sha
 group 2
 lifetime 86500
telnet 192.168.10.0 255.255.255.0 inside
telnet timeout 5
ssh 192.168.10.0 255.255.255.0 inside
ssh <ip_8c94c0a24c> 255.255.255.255 outside
ssh <ip_521ce9bf1b> 255.255.255.255 outside
ssh timeout 5
console timeout 0
management-access inside

threat-detection basic-threat
threat-detection statistics host
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl encryption rc4-md5 rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1
group-policy DefaultRAGroup internal
group-policy DefaultRAGroup attributes
 dns-server value 192.168.10.190
 vpn-tunnel-protocol l2tp-ipsec
 default-domain value <domain>
group-policy DfltGrpPolicy attributes
 vpn-tunnel-protocol ikev1 ikev2 ssl-clientless
 ipsec-udp enable
group-policy canoefp internal
group-policy canoefp attributes
 dns-server value 192.168.10.190
 vpn-tunnel-protocol ikev1
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value splitvpn2
 default-domain value <domain>
 split-dns value <domain>
group-policy L2LVPN internal
group-policy L2LVPN attributes
 vpn-idle-timeout none
 vpn-session-timeout none
username <removed> password <removed> encrypted
username <removed> attributes
 vpn-group-policy canoefp
username <removed> password <removed> encrypted
username <removed> attributes
 vpn-group-policy canoefp
username <removed> password <removed> encrypted
username <removed> attributes
 vpn-group-policy canoefp
username <removed> password <removed> encrypted
username <removed> attributes
 vpn-group-policy canoefp
username <removed> password <removed> encrypted privilege 15
username <removed> password <removed> encrypted privilege 15
username <removed> attributes
 vpn-group-policy canoefp
username <removed> password <removed> encrypted
username <removed> attributes
 vpn-group-policy canoefp
username <removed> password <removed> encrypted
username <removed> attributes
 vpn-group-policy canoefp
username <removed> password <removed> encrypted privilege 15
username <removed> password <removed> encrypted privilege 15
username <removed> password <removed> encrypted
username <removed> attributes
 vpn-group-policy canoefp
tunnel-group DefaultL2LGroup general-attributes
 default-group-policy L2LVPN
tunnel-group DefaultL2LGroup ipsec-attributes
 ikev1 pre-shared-key <removed>
tunnel-group DefaultRAGroup general-attributes
 address-pool vpnpool
 authentication-server-group DCNS-Radius
 default-group-policy DefaultRAGroup
tunnel-group DefaultRAGroup ipsec-attributes
 ikev1 pre-shared-key <removed>
tunnel-group canoefp type remote-access
tunnel-group canoefp general-attributes
 address-pool vpnpool
 authentication-server-group DCNS-Radius LOCAL
 default-group-policy canoefp
tunnel-group canoefp ipsec-attributes
 ikev1 pre-shared-key <removed>
tunnel-group <ip_42abf11fc8> type ipsec-l2l
tunnel-group <ip_42abf11fc8> general-attributes
 default-group-policy L2LVPN
tunnel-group <ip_42abf11fc8> ipsec-attributes
 ikev1 pre-shared-key <removed>
tunnel-group <ip_75211a13f8> type ipsec-l2l
tunnel-group <ip_75211a13f8> general-attributes
 default-group-policy L2LVPN
tunnel-group <ip_75211a13f8> ipsec-attributes
 ikev1 pre-shared-key <removed>
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns migrated_dns_map_1
 parameters
  message-length maximum client auto
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns migrated_dns_map_1
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect ip-options
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip
  inspect xdmcp
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
 profile CiscoTAC-1
  no active
  destination address http https://tools.<domain>/its/service/oddce/services/DDCEService
  destination address email callhome@<domain>
  destination transport-method http
  subscribe-to-alert-group diagnostic
  subscribe-to-alert-group environment
  subscribe-to-alert-group inventory periodic monthly
  subscribe-to-alert-group configuration periodic monthly
  subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:ac9d6650b10a551c8cd74337b8de8aa8
: end