Result of mand: "more system:running-config" Cryptochecksum: 63d53cf0 3494401c fd20f9bc 3bab6a0d : Saved : Written by at 22:31:25.740 PST Tue Feb 25 2014 ! ASA Version 9.1(1) ! hostname Werstberk-ASA5510 domain-name timber. enable password encrypted xlate per-session deny tcp any4 any4 xlate per-session deny tcp any4 any6 xlate per-session deny tcp any6 any4 xlate per-session deny tcp any6 any6 xlate per-session deny udp any4 any4 eq domain xlate per-session deny udp any4 any6 eq domain xlate per-session deny udp any6 any4 eq domain xlate per-session deny udp any6 any6 eq domain xlate per-session deny tcp any4 any4 xlate per-session deny tcp any4 any6 xlate per-session deny tcp any6 any4 xlate per-session deny tcp any6 any6 xlate per-session deny udp any4 any4 eq domain xlate per-session deny udp any4 any6 eq domain xlate per-session deny udp any6 any4 eq domain xlate per-session deny udp any6 any6 eq domain passwd encrypted names dns-guard ip local pool ClientVpnPool 10.20.20.1-10.20.20.254 mask 255.255.255.0 ip local pool AnyConnectPool 192.168.99.1-192.168.99.100 mask 255.255.255.0 ! interface Ethernet0/0 shutdown nameif outside security-level 0 no ip address ospf cost 10 ! interface Ethernet0/1 nameif inside security-level 100 ip address 192.168.0.254 255.255.255.0 ospf cost 10 ! interface Ethernet0/2 description DMZ nameif dmz security-level 50 ip address 192.168.99.254 255.255.255.0 ospf cost 10 ! interface Ethernet0/3 nameif outside2 security-level 0 ip address 255.255.255.252 ospf cost 10 ! interface Management0/0 management-only shutdown nameif management security-level 100 ip address 192.168.1.1 255.255.255.0 ospf cost 10 ! boot system disk0:/asa911-k8.bin ftp mode passive clock timezone PST -8 dns domain-lookup outside dns domain-lookup inside dns server-group DefaultDNS name-server 192.168.0.17 name-server 192.168.0.19 name-server name-server domain-name timber. same-security-traffic permit inter-interface same-security-traffic permit intra-interface object network obj-192.168.0.0 subnet 192.168.0.0 255.255.255.0 object network obj-10.0.0.0 subnet 10.0.0.0 255.255.255.0 object network obj-10.20.20.0 subnet 10.20.20.0 255.255.255.0 object network obj-192.168.1.0 subnet 192.168.1.0 255.255.255.0 object network obj-192.168.20.0 subnet 192.168.20.0 255.255.255.0 object network obj-192.168.21.0 subnet 192.168.21.0 255.255.255.0 object network obj-192.168.22.0 subnet 192.168.22.0 255.255.255.0 object network obj-192.168.10.0 subnet 192.168.10.0 255.255.255.0 object network obj-192.168.0.205-01 host 192.168.0.205 description For Calibre object network obj-192.168.0.206-01 host 192.168.0.206 object network obj-192.168.0.50 host 192.168.0.50 object network obj-192.168.0.50-01 host 192.168.0.50 object network obj-192.168.0.59 host 192.168.0.59 object network obj-192.168.0.59-01 host 192.168.0.59 object network obj-192.168.0.205 host 192.168.0.205 object network obj_any subnet 0.0.0.0 0.0.0.0 object network NETWORK_OBJ_192.168.99.0_24 subnet 192.168.99.0 255.255.255.0 object-group network DM_INLINE_NETWORK_1 network-object 192.168.0.0 255.255.255.0 network-object object NETWORK_OBJ_192.168.99.0_24 access-list GammonClientVpn-SplitTunnel extended permit ip 192.168.0.0 255.255.255.0 10.20.20.0 255.255.255.0 access-list out-in extended permit icmp any4 any4 time-exceeded access-list out-in extended permit icmp any4 any4 traceroute access-list out-in extended permit icmp any4 any4 unreachable access-list out-in extended permit icmp any4 any4 echo-reply access-list out-in extended permit tcp any4 interface outside2 eq www access-list out-in extended permit tcp any4 interface outside eq www access-list out-in extended permit udp any4 interface outside eq www access-list out-in remark Permit VNC connections access-list out-in extended permit tcp any4 interface outside eq 5900 access-list out-in remark Permit LisaSync connections access-list out-in extended permit tcp any4 interface outside access-list out-in remark torrents access-list out-in extended permit tcp any4 interface outside eq 23689 access-list out-in extended permit tcp any4 interface outside eq 8222 access-list out-in extended permit udp any4 interface outside eq 8222 access-list out-in extended permit tcp any4 interface outside eq 8333 access-list out-in extended permit udp any4 interface outside eq 8333 access-list out-in extended permit tcp any4 interface outside eq 902 access-list out-in extended permit udp any4 interface outside eq 902 access-list out-in extended permit tcp any4 interface outside eq 904 access-list out-in extended permit udp any4 interface outside eq 904 access-list out-in extended permit tcp any4 interface outside eq pptp access-list out-in extended deny tcp any4 interface outside eq 3389 access-list out-in extended permit udp any4 interface outside eq 6800 access-list out-in extended permit tcp any4 interface outside eq 6800 access-list out-in extended permit udp any4 interface outside2 eq www access-list out-in remark Permit VNC connections access-list out-in extended permit tcp any4 interface outside2 eq 5900 access-list out-in remark Permit LisaSync connections access-list out-in extended permit tcp any4 interface outside2 access-list out-in remark torrents access-list out-in extended permit tcp any4 interface outside2 eq 23689 access-list out-in extended permit tcp any4 interface outside2 eq 8222 access-list out-in extended permit udp any4 interface outside2 eq 8222 access-list out-in extended permit tcp any4 interface outside2 eq 8333 access-list out-in extended permit udp any4 interface outside2 eq 8333 access-list out-in extended permit tcp any4 interface outside2 eq 902 access-list out-in extended permit udp any4 interface outside2 eq 902 access-list out-in extended permit tcp any4 interface outside2 eq 904 access-list out-in extended permit udp any4 interface outside2 eq 904 access-list out-in extended permit tcp any4 interface outside2 eq pptp access-list out-in extended deny tcp any4 interface outside2 eq 3389 access-list out-in extended permit udp any4 interface outside2 eq 6800 access-list out-in extended permit tcp any4 interface outside2 eq 6800 access-list out-in extended permit ip any4 any4 access-list inside_access_out remark test to stop internet browsing access-list inside_access_out extended deny ip host 192.168.0.8 any4 inactive access-list inside_access_out remark blocking www access-list inside_access_out extended deny ip host 192.168.0.20 any4 inactive access-list insideout remark Block all external IP traffic (to block internet) access-list insideout extended deny ip host 192.168.0.6 any4 access-list insideout remark Block all external IP traffic (to block internet) access-list insideout extended deny ip host 192.168.0.8 any4 access-list insideout remark Block all external IP traffic (to block internet) access-list insideout extended deny ip host 192.168.0.9 any4 access-list insideout remark Block all external IP traffic (to block internet) access-list insideout extended deny ip host 192.168.0.12 any4 access-list insideout remark Block all external IP traffic (to block internet) access-list insideout extended deny ip host 192.168.0.14 any4 access-list insideout remark Block all external IP traffic (to block internet) access-list insideout extended deny ip host 192.168.0.21 any4 access-list insideout remark Block all external IP traffic (to block internet) access-list insideout extended deny ip host 192.168.0.89 any4 access-list insideout remark Block all external IP traffic (to block internet) access-list insideout extended deny ip host 192.168.0.221 any4 access-list insideout extended permit ip any4 any4 access-list insideout remark Allow this IP to access Orova network. (Rule required when Internet access blocked below) access-list insideout extended permit ip host 192.168.0.8 10.0.0.0 255.255.255.0 access-list insideout remark Allow this IP to access Orova network. (Rule required when Internet access blocked below) access-list insideout extended permit ip host 192.168.0.6 10.0.0.0 255.255.255.0 access-list insideout remark Allow this IP to access Orova network. (Rule required when Internet access blocked below) access-list insideout extended permit ip host 192.168.0.9 10.0.0.0 255.255.255.0 access-list insideout remark Allow puter to send & receive e-mail via Bluehost. access-list insideout extended permit ip host 192.168.0.14 host access-list insideout remark Allow this IP to access Orova network. (Rule required when Internet access blocked below) access-list insideout extended permit ip host 192.168.0.20 10.0.0.0 255.255.255.0 access-list insideout remark Allow this IP to access Orova Network. (Rule required when Internet access blocked below) access-list insideout extended permit ip host 192.168.0.21 10.0.0.0 255.255.255.0 access-list insideout remark Allow puter to access Rovee's network via the VPN. access-list insideout extended permit ip host 192.168.0.208 192.168.22.0 255.255.255.0 access-list TEST extended permit ip host host access-list TEST extended permit ip host host access-list out extended permit tcp any4 host eq www access-list out extended permit tcp host eq www any4 access-list inside extended permit tcp any4 host 192.168.0.50 eq www access-list inside extended permit tcp host 192.168.0.50 eq www any4 access-list outsidein extended deny tcp any4 any4 eq smtp access-list outsidein extended permit ip any4 any4 access-list cryptomap2-Orova2 extended permit ip 192.168.0.0 255.255.255.0 192.168.20.0 255.255.255.0 access-list out-in_migration_1 extended permit icmp any4 any4 time-exceeded access-list out-in_migration_1 extended permit icmp any4 any4 traceroute access-list out-in_migration_1 extended permit icmp any4 any4 unreachable access-list out-in_migration_1 extended permit tcp any4 interface outside eq www access-list out-in_migration_1 extended permit udp any4 interface outside eq www access-list out-in_migration_1 remark Permit VNC connections access-list out-in_migration_1 extended permit tcp any4 interface outside eq 5900 access-list out-in_migration_1 remark Permit LisaSync connections access-list out-in_migration_1 extended permit tcp any4 interface outside access-list out-in_migration_1 remark torrents access-list out-in_migration_1 extended permit tcp any4 interface outside eq 23689 access-list out-in_migration_1 extended permit tcp any4 interface outside eq 8222 access-list out-in_migration_1 extended permit udp any4 interface outside eq 8222 access-list out-in_migration_1 extended permit tcp any4 interface outside eq 8333 access-list out-in_migration_1 extended permit udp any4 interface outside eq 8333 access-list out-in_migration_1 extended permit tcp any4 interface outside eq 902 access-list out-in_migration_1 extended permit udp any4 interface outside eq 902 access-list out-in_migration_1 extended permit tcp any4 interface outside eq 904 access-list out-in_migration_1 extended permit udp any4 interface outside eq 904 access-list out-in_migration_1 extended permit tcp any4 interface outside eq pptp access-list out-in_migration_1 extended deny tcp any4 interface outside eq 3389 access-list out-in_migration_1 extended permit udp any4 interface outside eq 6800 access-list out-in_migration_1 extended permit tcp any4 interface outside eq 6800 access-list out-in_migration_1 remark Permit Calibre connections access-list out-in_migration_1 extended permit tcp any4 host 192.168.0.205 eq 26657 access-list out-in_migration_1 extended permit tcp any4 host 192.168.0.206 eq 37432 access-list out-in_migration_1 extended permit tcp any4 host 192.168.0.59 eq 6800 access-list out-in_migration_1 extended permit tcp any4 host 192.168.0.205 eq 18945 access-list out-in_migration_1 extended deny tcp any4 0.0.0.0 0.0.0.0 eq 3389 access-list out-in_migration_1 extended permit udp any4 host 192.168.0.59 eq 6800 access-list out-in_migration_1 extended permit ip any4 any4 access-list cryptomap3-Loomby extended permit ip 192.168.0.0 255.255.255.0 192.168.21.0 255.255.255.0 access-list cryptomap3-Loomby extended permit ip 192.168.99.0 255.255.255.0 192.168.21.0 255.255.255.0 access-list cryptomap4-Rovee extended permit ip object-group DM_INLINE_NETWORK_1 192.168.22.0 255.255.255.0 access-list cryptomap5-Kanai extended permit ip 192.168.0.0 255.255.255.0 192.168.10.0 255.255.255.0 access-list cryptomap5-Kanai extended permit ip 192.168.99.0 255.255.255.0 192.168.10.0 255.255.255.0 access-list outside_cryptomap extended permit ip 192.168.0.0 255.255.255.0 10.0.0.0 255.255.255.0 access-list outside_cryptomap extended permit ip 192.168.0.0 255.255.255.0 192.168.22.0 255.255.255.0 access-list outside_cryptomap extended permit ip 192.168.0.0 255.255.255.0 192.168.20.0 255.255.255.0 access-list outside_cryptomap extended permit ip 192.168.0.0 255.255.255.0 192.168.21.0 255.255.255.0 access-list NoNAT extended permit ip 192.168.0.0 255.255.255.0 10.0.0.0 255.255.255.0 access-list NoNAT extended permit ip 192.168.0.0 255.255.255.0 10.20.20.0 255.255.255.0 access-list NoNAT extended permit ip 192.168.0.0 255.255.255.0 192.168.1.0 255.255.255.0 access-list NoNAT extended permit ip 192.168.0.0 255.255.255.0 192.168.20.0 255.255.255.0 access-list NoNAT extended permit ip 192.168.0.0 255.255.255.0 192.168.21.0 255.255.255.0 access-list NoNAT extended permit ip 192.168.0.0 255.255.255.0 192.168.22.0 255.255.255.0 access-list NoNAT extended permit ip 192.168.0.0 255.255.255.0 192.168.10.0 255.255.255.0 access-list AnyConnectSplitTunnel extended permit ip 192.168.0.0 255.255.255.0 192.168.99.0 255.255.255.0 access-list AnyConnectSplitTunnel extended permit ip object obj-192.168.22.0 192.168.99.0 255.255.255.0 access-list AnyConnectSplitTunnel extended permit ip object obj-192.168.21.0 192.168.99.0 255.255.255.0 access-list AnyConnectSplitTunnel extended permit ip object obj-10.0.0.0 192.168.99.0 255.255.255.0 access-list AnyConnectSplitTunnel extended permit ip object obj-192.168.20.0 192.168.99.0 255.255.255.0 access-list AnyConnectSplitTunnel extended permit ip object obj-192.168.10.0 192.168.99.0 255.255.255.0 access-list AnyConnect_Client_Local_Print extended deny ip any4 any4 access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq lpd access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 631 access-list AnyConnect_Client_Local_Print remark Windows' printing port access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 9100 access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol access-list AnyConnect_Client_Local_Print extended permit udp any4 host eq 5353 access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name Resolution protocol access-list AnyConnect_Client_Local_Print extended permit udp any4 host eq 5355 access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 137 access-list AnyConnect_Client_Local_Print extended permit udp any4 any4 eq netbios-ns pager lines 24 logging enable logging monitor debugging logging buffered debugging logging history debugging logging asdm debugging logging class webvpn asdm debugging logging class svc asdm debugging logging class ssl asdm debugging mtu outside 1500 mtu inside 1500 mtu dmz 1500 mtu outside2 1500 mtu management 1500 ip verify reverse-path interface outside icmp unreachable rate-limit 1 burst-size 1 icmp permit any outside icmp permit any inside icmp permit any outside2 asdm image disk0:/asdm-715-100.bin no asdm history enable arp timeout 14400 no arp permit-nonconnected nat (inside,any) source static obj-192.168.0.0 obj-192.168.0.0 destination static obj-10.20.20.0 obj-10.20.20.0 no-proxy-arp route-lookup nat (inside,any) source static obj-192.168.0.0 obj-192.168.0.0 destination static obj-192.168.1.0 obj-192.168.1.0 no-proxy-arp route-lookup nat (inside,any) source static obj-192.168.0.0 obj-192.168.0.0 destination static obj-192.168.20.0 obj-192.168.20.0 no-proxy-arp route-lookup nat (inside,any) source static obj-192.168.0.0 obj-192.168.0.0 destination static obj-192.168.21.0 obj-192.168.21.0 no-proxy-arp route-lookup nat (inside,any) source static obj-192.168.0.0 obj-192.168.0.0 destination static obj-192.168.22.0 obj-192.168.22.0 no-proxy-arp route-lookup nat (inside,any) source static obj-192.168.0.0 obj-192.168.0.0 destination static obj-192.168.10.0 obj-192.168.10.0 no-proxy-arp route-lookup nat (inside,any) source static obj-192.168.0.0 obj-192.168.0.0 destination static obj-10.0.0.0 obj-10.0.0.0 no-proxy-arp route-lookup nat (inside,outside2) source static any any destination static NETWORK_OBJ_192.168.99.0_24 NETWORK_OBJ_192.168.99.0_24 no-proxy-arp route-lookup ! object network obj-192.168.0.205-01 nat (inside,outside2) static interface service tcp 26657 26657 object network obj-192.168.0.206-01 nat (inside,outside2) static interface service tcp 37432 37432 object network obj-192.168.0.59 nat (inside,outside2) static interface service tcp 6800 6800 object network obj-192.168.0.59-01 nat (inside,outside2) static interface service udp 6800 6800 object network obj_any nat (inside,outside2) dynamic interface access-group out-in in interface outside access-group outsidein out interface outside access-group insideout in interface inside access-group out-in_migration_1 in interface outside2 route outside2 0.0.0.0 0.0.0.0 1 timeout xlate 3:00:00 timeout pat-xlate 0:00:30 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 ldap attribute-map memberOf map-name memberOf Tunneling-Protocols map-value memberOf "CN=Cisco VPN Users,CN=Users,DC=timber,DC=gammonbros," 52 dynamic-access-policy-record DfltAccessPolicy aaa-server GBros-LDAP protocol ldap aaa-server GBros-LDAP (inside) host 192.168.0.17 server-port 389 ldap-base-dn DC=timber,DC=gammonbros, ldap-scope subtree ldap-naming-attribute sAMAccountName ldap-login-password ldap-login-dn CN=Cisco ASDM Admin,CN=Users,DC=timber,DC=gammonbros, server-type microsoft ldap-attribute-map memberOf user-identity default-domain LOCAL nac-policy DfltGrpPolicy-nac-framework-create nac-framework reval-period 36000 sq-period 300 aaa authentication telnet console LOCAL aaa authentication http console LOCAL aaa authentication ssh console LOCAL http server enable http 10.20.20.0 255.255.255.0 inside http 192.168.0.0 255.255.255.0 inside http 255.255.255.255 outside2 no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart service resetinbound service resetoutside crypto ipsec ikev1 transform-set Sitetunnel esp-des esp-md5-hmac crypto ipsec ikev1 transform-set Clienttunnel esp-3des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec ikev1 transform-set SiteTunnel esp-aes esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transport crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transport crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transport crypto ipsec ikev2 ipsec-proposal DES protocol esp encryption des protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal 3DES protocol esp encryption 3des protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES protocol esp encryption aes protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES192 protocol esp encryption aes-192 protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES256 protocol esp encryption aes-256 protocol esp integrity sha-1 md5 crypto ipsec security-association pmtu-aging infinite crypto dynamic-map clientvpn 20 set ikev1 transform-set Clienttunnel crypto dynamic-map dyn-sitevpn 10 set ikev1 transform-set SiteTunnel Sitetunnel crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES crypto map sitevpn 3 match address cryptomap3-Loomby crypto map sitevpn 3 set peer crypto map sitevpn 3 set ikev1 transform-set Sitetunnel SiteTunnel crypto map sitevpn 4 match address cryptomap4-Rovee crypto map sitevpn 4 set peer crypto map sitevpn 4 set ikev1 transform-set Sitetunnel SiteTunnel crypto map sitevpn 5 match address cryptomap5-Kanai crypto map sitevpn 5 set peer crypto map sitevpn 5 set ikev1 transform-set Sitetunnel SiteTunnel crypto map sitevpn 10 ipsec-isakmp dynamic dyn-sitevpn crypto map sitevpn 2000 ipsec-isakmp dynamic clientvpn crypto map sitevpn interface outside2 crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP crypto map outside_map interface outside crypto ca trustpoint self enrollment self fqdn vpn. subject-name CN=vpn. keypair sslvpnkeypair crl configure crypto ca trustpool policy crypto ca certificate chain self certificate quit crypto ikev2 policy 1 encryption aes-256 integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 10 encryption aes-192 integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 20 encryption aes integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 30 encryption 3des integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 40 encryption des integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 enable outside crypto ikev1 enable outside2 crypto ikev1 policy 10 authentication pre-share encryption aes hash sha group 2 lifetime 86500 crypto ikev1 policy 100 authentication pre-share encryption des hash md5 group 2 lifetime 86500 crypto ikev1 policy 120 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 telnet 10.20.20.0 255.255.255.0 inside telnet 192.168.0.0 255.255.255.0 inside telnet timeout 5 ssh scopy enable ssh 0.0.0.0 0.0.0.0 outside ssh 192.168.0.0 255.255.255.0 inside ssh 10.20.20.0 255.255.255.0 inside ssh 255.255.255.255 outside2 ssh 0.0.0.0 0.0.0.0 outside2 ssh timeout 40 console timeout 0 management-access inside dhcpd address 192.168.1.2-192.168.1.254 management dhcpd enable management ! threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept webvpn enable outside enable outside2 anyconnect-essentials anyconnect image disk0:/anyconnect-win-3.1.05152-k9.pkg 1 anyconnect image disk0:/anyconnect-macosx-i386-3.1.05152-k9.pkg 2 anyconnect image disk0:/anyconnect-linux-64-3.1.05152-k9.pkg 3 anyconnect image disk0:/anyconnect-linux-3.1.05152-k9.pkg 4 anyconnect profiles AnyConnect_client_profile disk0:/AnyConnect_client_profile.xml anyconnect enable tunnel-group-list enable group-policy DfltGrpPolicy attributes vpn-idle-timeout none vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-clientless nac-settings value DfltGrpPolicy-nac-framework-create webvpn anyconnect ssl keepalive none anyconnect dpd-interval client none anyconnect dpd-interval gateway none anyconnect pression deflate customization value DfltCustomization group-policy GroupPolicy_AnyConnect internal group-policy GroupPolicy_AnyConnect attributes wins-server none dns-server value 192.168.0.17 192.168.0.19 vpn-tunnel-protocol ssl-client split-tunnel-policy tunnelspecified split-tunnel-network-list value AnyConnectSplitTunnel default-domain value vpn. webvpn anyconnect profiles value AnyConnect_client_profile type user group-policy GammonClientVpn internal group-policy GammonClientVpn attributes banner value You are now connected to Gammon Bros Werstberk VPN Network. If you are not an authorized user please disconnect Immediately. If you need assistance, contact . wins-server none dns-server value 192.168.0.17 192.168.0.19 vpn-idle-timeout 1440 vpn-tunnel-protocol ikev1 split-tunnel-policy tunnelspecified split-tunnel-network-list value GammonClientVpn-SplitTunnel default-domain value timber. group-policy GammonBrosClientvpn internal group-policy GammonBrosClientvpn attributes banner value You are now connected to Gammon Bros Werstberk VPN Network. If you are not an authorized user please disconnect Immediately. If you need assistance, contact . wins-server none dns-server value 192.168.0.17 192.168.0.19 vpn-idle-timeout 1440 vpn-tunnel-protocol ikev1 ssl-clientless split-tunnel-policy tunnelspecified split-tunnel-network-list value GammonClientVpn-SplitTunnel default-domain value timber. group-policy L2LVPN internal group-policy L2LVPN attributes vpn-idle-timeout none vpn-session-timeout none vpn-tunnel-protocol ikev1 username password encrypted privilege 5 username attributes vpn-group-policy GammonClientVpn vpn-tunnel-protocol ikev1 l2tp-ipsec username password encrypted username attributes vpn-group-policy GammonClientVpn vpn-tunnel-protocol ikev1 l2tp-ipsec username password encrypted privilege 15 username attributes vpn-group-policy GroupPolicy_AnyConnect username password encrypted privilege 15 username password encrypted privilege 5 username attributes vpn-group-policy GammonClientVpn vpn-tunnel-protocol ikev1 l2tp-ipsec username password encrypted username attributes vpn-group-policy GammonClientVpn username password encrypted privilege 15 username attributes vpn-group-policy GammonClientVpn vpn-tunnel-protocol ikev1 l2tp-ipsec username password encrypted username attributes vpn-group-policy GammonClientVpn vpn-tunnel-protocol ikev1 l2tp-ipsec username password encrypted username attributes vpn-group-policy GammonClientVpn username password encrypted username attributes vpn-group-policy GammonClientVpn service-type remote-access username password encrypted privilege 5 username attributes vpn-group-policy GammonClientVpn vpn-tunnel-protocol ikev1 l2tp-ipsec username password encrypted privilege 5 username attributes vpn-group-policy GammonClientVpn vpn-tunnel-protocol ikev1 l2tp-ipsec username password encrypted privilege 5 username attributes vpn-group-policy GammonClientVpn vpn-tunnel-protocol ikev1 l2tp-ipsec username password encrypted username attributes vpn-group-policy GroupPolicy_AnyConnect username password encrypted username attributes vpn-group-policy GammonClientVpn vpn-tunnel-protocol ikev1 l2tp-ipsec username password encrypted privilege 5 username attributes vpn-group-policy GammonClientVpn vpn-tunnel-protocol ikev1 l2tp-ipsec username password encrypted username password encrypted privilege 5 username attributes vpn-group-policy GammonClientVpn vpn-tunnel-protocol ikev1 l2tp-ipsec username password encrypted username attributes vpn-group-policy GammonClientVpn vpn-tunnel-protocol ikev1 l2tp-ipsec username password encrypted privilege 15 username password encrypted privilege 15 username attributes vpn-group-policy GroupPolicy_AnyConnect username password encrypted privilege 15 username attributes vpn-group-policy GammonClientVpn vpn-tunnel-protocol ikev1 l2tp-ipsec username password encrypted privilege 5 username attributes vpn-group-policy GammonClientVpn vpn-tunnel-protocol ikev1 l2tp-ipsec username password encrypted username attributes vpn-group-policy GammonClientVpn vpn-tunnel-protocol ikev1 l2tp-ipsec username password encrypted username attributes vpn-group-policy GammonBrosClientvpn tunnel-group DefaultL2LGroup general-attributes default-group-policy L2LVPN tunnel-group DefaultL2LGroup ipsec-attributes ikev1 pre-shared-key tunnel-group DefaultRAGroup general-attributes address-pool ClientVpnPool default-group-policy GammonClientVpn tunnel-group DefaultRAGroup ipsec-attributes ikev1 pre-shared-key tunnel-group DefaultRAGroup ppp-attributes authentication ms-chap-v2 tunnel-group GammonClientVpn type remote-access tunnel-group GammonClientVpn general-attributes address-pool ClientVpnPool default-group-policy GammonClientVpn tunnel-group GammonClientVpn ipsec-attributes ikev1 pre-shared-key tunnel-group GammonBrosClientvpn type remote-access tunnel-group GammonBrosClientvpn general-attributes address-pool ClientVpnPool authentication-server-group GBros-LDAP default-group-policy GammonBrosClientvpn tunnel-group GammonBrosClientvpn ipsec-attributes ikev1 pre-shared-key tunnel-group type ipsec-l2l tunnel-group general-attributes default-group-policy L2LVPN tunnel-group ipsec-attributes ikev1 pre-shared-key tunnel-group type ipsec-l2l tunnel-group general-attributes default-group-policy L2LVPN tunnel-group ipsec-attributes ikev1 pre-shared-key tunnel-group type ipsec-l2l tunnel-group general-attributes default-group-policy L2LVPN tunnel-group ipsec-attributes ikev1 pre-shared-key tunnel-group AnyConnect type remote-access tunnel-group AnyConnect general-attributes address-pool AnyConnectPool default-group-policy GroupPolicy_AnyConnect tunnel-group AnyConnect webvpn-attributes group-alias AnyConnect enable tunnel-group-map default-group GammonClientVpn ! class-map VpnQos class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum 512 policy-map VpnQos class VpnQos priority policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect ip-options inspect icmp inspect icmp error ! service-policy global_policy global prompt hostname context no call-home reporting anonymous call-home profile CiscoTAC-1 no active destination address http https://tools./its/service/oddce/services/DDCEService destination address email callhome@ destination transport-method http subscribe-to-alert-group diagnostic subscribe-to-alert-group environment subscribe-to-alert-group inventory periodic monthly subscribe-to-alert-group configuration periodic monthly subscribe-to-alert-group telemetry periodic daily Cryptochecksum:63d53cf03494401cfd20f9bc3bab6a0d : end