Greetings,
I have a ASA 5510 and I have setup VPN with split tunneling, I can connect, get and IP, however I can not pass traffic (internet or internal network). When I ping, i can ping my issued IP as well as the interface IP of the ASA. All I need to do is VPN in to connect to servers and allow local web surfing.
ASA Version 8.0(2)
!
hostname ciscoasa
domain-name mydomain.org
enable password ***********. encrypted
names
!
interface Ethernet0/0
nameif Inside
security-level 50
ip address 192.168.10.253 255.255.255.0
!
interface Ethernet0/1
nameif Outside
security-level 0
ip address 209.***.***.118 255.255.255.0
!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/3
shutdown
no nameif
security-level 0
no ip address
!
interface Management0/0
shutdown
no nameif
no security-level
no ip address
management-only
!
passwd *********. encrypted
banner login **** Unauthorised Access is Strictly Forbidden ****
banner login ******* To logon enter appropriate password ******
banner login *********** ALL LOGIN ATTEMPS ARE LOGGED **********
boot system disk0:/asa802-k8.bin
ftp mode passive
dns domain-lookup Inside
dns domain-lookup Outside
dns server-group DefaultDNS
timeout 5
name-server 209.***.***.18
domain-name c-uphd.org
dns server-group mydomain.local
timeout 5
name-server 192.168.10.1
name-server 192.168.10.9
name-server 209.***.***.18
domain-name cuphd.local
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
access-list Outside_access_in extended permit tcp any host 209.***.***.114 eq smtp
access-list Outside_access_in extended permit tcp any host 209.***.***.114 eq https
access-list Outside_access_in extended permit tcp any host 209.***.***.114 eq www
access-list Outside_access_in extended permit icmp any host 209.***.***.114
access-list Outside_access_in extended permit tcp any host 209.***.***.114 eq 3589
access-list Outside_access_in extended permit tcp any host 209.***.***.114 eq 1306
access-list Outside_cryptomap extended permit ip any 192.168.10.0 255.255.255.0
access-list Inside_access_out extended permit tcp any any eq imap4
access-list Inside_access_out extended permit tcp any any eq https
access-list Inside_access_out extended permit tcp any any eq 3389
access-list Inside_access_out extended permit tcp any any eq smtp
access-list Inside_access_out extended permit tcp any any eq telnet
access-list Inside_access_out extended permit icmp any any
access-list Inside_access_out extended permit tcp any any eq www
access-list inside_access_out extended permit tcp any any eq smtp
access-list management_nat0_outbound extended permit ip any 192.168.10.20 255.255.255.252
access-list Inside_access_in extended permit tcp host 192.168.10.30 any
access-list Inside_access_in extended permit tcp host 192.168.10.31 any
access-list Inside_access_in extended permit tcp host 192.168.10.32 any
access-list Inside_access_in extended permit tcp host 192.168.10.33 any
access-list Inside_access_in extended permit tcp host 192.168.10.34 any
access-list Inside_access_in extended permit tcp host 192.168.10.35 any
access-list Inside_access_in extended permit tcp host 192.168.10.36 any
access-list Inside_access_in extended permit tcp host 192.168.10.37 any
access-list Inside_access_in extended permit tcp host 192.168.10.38 any
access-list Inside_access_in extended permit tcp host 192.168.10.39 any
access-list Inside_access_in extended permit tcp host 192.168.10.40 any
access-list Inside_access_in extended permit tcp host 192.168.10.41 any
access-list Inside_access_in extended permit tcp host 192.168.10.42 any
access-list Inside_access_in extended permit tcp host 192.168.10.43 any
access-list Inside_access_in extended permit tcp host 192.168.10.44 any
access-list Inside_access_in extended deny tcp any host 66.151.149.78
access-list Inside_access_in extended deny tcp any host 69.147.112.160
access-list Inside_access_in extended deny tcp any host 208.65.153.238
access-list Inside_access_in extended deny tcp any host 208.65.153.251
access-list Inside_access_in extended deny tcp any host 208.65.153.253
access-list Inside_access_in extended deny tcp any host 216.178.38.104
access-list Inside_access_in extended deny tcp any host 216.178.38.116
access-list Inside_access_in extended deny tcp any host 216.178.38.121
access-list Inside_access_in extended deny tcp any host 216.178.38.129
access-list Inside_access_in extended deny tcp any host 216.178.38.130
access-list Inside_access_in extended deny tcp any host 216.178.38.131
access-list Inside_access_in extended deny tcp any host 216.178.39.15
access-list Inside_access_in extended deny tcp any host 216.178.39.16
access-list Inside_access_in extended deny tcp any host 216.178.39.74
access-list Inside_access_in extended deny tcp any host 69.36.250.253
access-list Inside_access_in extended deny tcp any host 74.208.12.174
access-list Inside_access_in extended deny tcp any host 193.238.160.62
access-list Inside_access_in extended deny tcp any host 8.6.13.62
access-list Inside_access_in extended deny tcp any host 216.32.90.26
access-list Inside_access_in extended deny tcp any host 64.13.152.67
access-list Inside_access_in extended deny tcp any host 204.15.20.80
access-list Inside_access_in extended deny tcp any host 69.63.178.11
access-list Inside_access_in extended deny tcp any host 69.63.178.12
access-list Inside_access_in extended deny tcp any host 69.63.176.10
access-list Inside_access_in extended deny tcp any host 69.63.176.11
access-list Inside_access_in extended deny tcp any host 69.63.176.140
access-list Inside_access_in extended deny tcp any host 74.86.15.130
access-list Inside_access_in extended deny tcp any host 205.188.104.106
access-list Inside_access_in extended deny tcp any host 209.126.247.210
access-list Inside_access_in extended deny tcp any host 216.112.126.107
access-list Inside_access_in extended deny tcp any host 213.251.177.151
access-list Inside_access_in extended deny tcp any host 85.114.159.46
access-list Inside_access_in extended deny tcp any host 64.72.122.87
access-list Inside_access_in extended deny tcp any host 64.72.122.81
access-list Inside_access_in extended deny tcp any host 64.151.89.6
access-list Inside_access_in extended deny tcp any host 85.92.145.14
access-list Inside_access_in extended deny tcp any host 89.149.226.157
access-list Inside_access_in extended deny tcp any host 216.178.39.14
access-list Inside_access_in extended deny tcp any host 216.178.39.12
access-list Inside_access_in extended deny tcp any host 216.178.39.11
access-list Inside_access_in extended deny tcp any host 216.178.39.13
access-list Inside_access_in extended deny tcp any host 216.178.38.124
access-list Inside_access_in extended deny tcp any host 216.178.39.107
access-list Inside_access_in extended deny tcp any host 216.178.39.108
access-list Inside_access_in extended deny tcp any host 216.178.39.106
access-list Inside_access_in extended deny tcp any host 216.178.39.109
access-list Inside_access_in extended deny tcp any host 216.178.38.140
access-list Inside_access_in extended deny tcp any host 216.178.38.134
access-list Inside_access_in extended deny tcp any host 65.54.183.203
access-list Inside_access_in extended deny tcp any host 72.14.223.18
access-list Inside_access_in extended deny tcp any host 72.14.223.19
access-list Inside_access_in extended deny tcp any host 72.14.223.83
access-list Inside_access_in extended deny tcp any host 213.114.36.59
access-list Inside_access_in extended deny tcp any host 210.17.245.108
access-list Inside_access_in extended permit ip any any
access-list Split_Tunnel_list standard permit any
access-list outside_access_in remark Access Rule to allow ISAKMP to
pager lines 24
logging enable
logging list email level debugging class email
logging asdm notifications
logging from-address helpdesk@mydomain.org
logging class vpn asdm debugging
logging rate-limit 1 1 level 4
logging rate-limit 4 1 level 5
logging rate-limit 6 1 level 6
mtu Inside 1500
mtu Outside 1500
ip local pool TestNet 192.168.40.1-192.168.40.250 mask 255.255.255.0
ip verify reverse-path interface Outside
ip audit attack action alarm drop
icmp unreachable rate-limit 1 burst-size 1
icmp permit any Inside
icmp permit any Outside
asdm image disk0:/asdm-602.bin
no asdm history enable
arp timeout 14400
nat-control
global (Outside) 1 209.***.***.114 netmask 255.255.255.0
nat (Inside) 1 0.0.0.0 0.0.0.0
static (Inside,Outside) tcp 209.***.***.114 255.255.255.255
static (Inside,Outside) tcp 209.***.***.114 smtp 192.168.10.7 smtp netmask 255.255.255.255
static (Inside,Outside) tcp 209.***.***.114 3589 192.168.10.9 3389 netmask 255.255.255.255
static (Inside,Outside) tcp 209.***.***.114 1306 192.168.10.32 3389 netmask 255.255.255.255
static (Inside,Outside) tcp 209.***.***.114 https 192.168.10.13 https netmask 255.255.255.255
access-group Inside_access_in in interface Inside
access-group Inside_access_out out interface Inside
access-group Outside_access_in in interface Outside
route Outside 0.0.0.0 0.0.0.0 209.254.201.118 255
route Inside 10.24.15.0 255.255.255.0 192.168.10.254 1
route Inside 10.30.10.0 255.255.255.0 192.168.10.254 1
route Inside 192.168.1.0 255.255.255.0 192.168.10.254 1
route Inside 192.168.11.0 255.255.255.0 192.168.10.254 1
route Inside 192.168.20.0 255.255.255.0 192.168.10.254 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
aaa-server RADIUS protocol radius
aaa-server RADIUS host 192.168.10.9
key radiuskey
radius-common-pw radiuskey
nac-policy DfltGrpPolicy-nac-framework-create nac-framework
reval-period 36000
sq-period 300
http server enable
http 192.168.10.0 255.255.255.0 Inside
snmp-server host Inside 192.168.10.33 community public
snmp-server location Kenyon
no snmp-server contact
snmp-server community PublicH34lth
snmp-server enable traps snmp authentication linkup linkdown coldstart
snmp-server enable traps ipsec start stop
snmp-server enable traps entity config-change fru-insert fru-remove
snmp-server enable traps remote-access session-threshold-exceeded
sysopt connection tcpmss 0
sysopt noproxyarp Inside
crypto ipsec transform-set DES-SHA-TRANS esp-des esp-sha-hmac
crypto ipsec transform-set DES-SHA-TRANS mode transport
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac
crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport
crypto ipsec transform-set Windows-VPN esp-3des esp-md5-hmac
crypto ipsec transform-set Windows-VPN mode transport
crypto ipsec transform-set TRANS_ESP_3DES_MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set TRANS_ESP_3DES_MD5 mode transport
crypto dynamic-map Outside_dyn_map 20 set transform-set DES-SHA-TRANS
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 TRANS_ESP_3DES_SHA
crypto dynamic-map outside_dyn_map 20 set transform-set TRANS_ESP_3DES_MD5
crypto map Outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map 20 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface Outside
crypto ca trustpoint ASDM_TrustPoint0
enrollment self
fqdn ciscoasa
subject-name CN=ciscoasa
no client-types
proxy-ldc-issuer
crl configure
crypto isakmp enable Outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
crypto isakmp policy 20
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 40
authentication crack
encryption 3des
hash sha
group 2
lifetime 86400
client-update enable
no vpn-addr-assign aaa
no vpn-addr-assign dhcp
telnet 192.168.10.0 255.255.255.0 Inside
telnet timeout 5
ssh timeout 5
console timeout 0
priority-queue Inside
queue-limit 488
tx-ring-limit 8
threat-detection basic-threat
threat-detection statistics
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
group-policy DefaultRAGroup internal
group-policy DefaultRAGroup attributes
dns-server value 192.168.10.1 192.168.10.9
vpn-access-hours none
vpn-simultaneous-logins 5
vpn-idle-timeout 30
vpn-session-timeout none
vpn-filter none
vpn-tunnel-protocol IPSec l2tp-ipsec
ip-comp enable
split-tunnel-policy tunnelspecified
split-tunnel-network-list value Split_Tunnel_list
default-domain value cuphd.local
client-firewall none
group-policy DfltGrpPolicy attributes
vpn-tunnel-protocol IPSec l2tp-ipsec
msie-proxy method auto-detect
nac-settings value DfltGrpPolicy-nac-framework-create
webvpn
svc dpd-interval client none
svc dpd-interval gateway none
tunnel-group DefaultRAGroup general-attributes
address-pool TestNet
authentication-server-group RADIUS
default-group-policy DefaultRAGroup
authorization-dn-attributes use-entire-name
tunnel-group DefaultRAGroup ipsec-attributes
pre-shared-key *
peer-id-validate nocheck
chain
tunnel-group DefaultRAGroup ppp-attributes
no authentication chap
authentication ms-chap-v2
tunnel-group-map enable rules
smtp-server 192.168.10.2
prompt hostname context
no compression svc http-comp
Cryptochecksum:08a962e25877ea0835131cebffcf11a8
: end
asdm image disk0:/asdm-602.bin
asdm location 192.168.10.0 255.255.255.0 Inside
no asdm history enable
I have a ASA 5510 and I have setup VPN with split tunneling, I can connect, get and IP, however I can not pass traffic (internet or internal network). When I ping, i can ping my issued IP as well as the interface IP of the ASA. All I need to do is VPN in to connect to servers and allow local web surfing.
ASA Version 8.0(2)
!
hostname ciscoasa
domain-name mydomain.org
enable password ***********. encrypted
names
!
interface Ethernet0/0
nameif Inside
security-level 50
ip address 192.168.10.253 255.255.255.0
!
interface Ethernet0/1
nameif Outside
security-level 0
ip address 209.***.***.118 255.255.255.0
!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/3
shutdown
no nameif
security-level 0
no ip address
!
interface Management0/0
shutdown
no nameif
no security-level
no ip address
management-only
!
passwd *********. encrypted
banner login **** Unauthorised Access is Strictly Forbidden ****
banner login ******* To logon enter appropriate password ******
banner login *********** ALL LOGIN ATTEMPS ARE LOGGED **********
boot system disk0:/asa802-k8.bin
ftp mode passive
dns domain-lookup Inside
dns domain-lookup Outside
dns server-group DefaultDNS
timeout 5
name-server 209.***.***.18
domain-name c-uphd.org
dns server-group mydomain.local
timeout 5
name-server 192.168.10.1
name-server 192.168.10.9
name-server 209.***.***.18
domain-name cuphd.local
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
access-list Outside_access_in extended permit tcp any host 209.***.***.114 eq smtp
access-list Outside_access_in extended permit tcp any host 209.***.***.114 eq https
access-list Outside_access_in extended permit tcp any host 209.***.***.114 eq www
access-list Outside_access_in extended permit icmp any host 209.***.***.114
access-list Outside_access_in extended permit tcp any host 209.***.***.114 eq 3589
access-list Outside_access_in extended permit tcp any host 209.***.***.114 eq 1306
access-list Outside_cryptomap extended permit ip any 192.168.10.0 255.255.255.0
access-list Inside_access_out extended permit tcp any any eq imap4
access-list Inside_access_out extended permit tcp any any eq https
access-list Inside_access_out extended permit tcp any any eq 3389
access-list Inside_access_out extended permit tcp any any eq smtp
access-list Inside_access_out extended permit tcp any any eq telnet
access-list Inside_access_out extended permit icmp any any
access-list Inside_access_out extended permit tcp any any eq www
access-list inside_access_out extended permit tcp any any eq smtp
access-list management_nat0_outbound extended permit ip any 192.168.10.20 255.255.255.252
access-list Inside_access_in extended permit tcp host 192.168.10.30 any
access-list Inside_access_in extended permit tcp host 192.168.10.31 any
access-list Inside_access_in extended permit tcp host 192.168.10.32 any
access-list Inside_access_in extended permit tcp host 192.168.10.33 any
access-list Inside_access_in extended permit tcp host 192.168.10.34 any
access-list Inside_access_in extended permit tcp host 192.168.10.35 any
access-list Inside_access_in extended permit tcp host 192.168.10.36 any
access-list Inside_access_in extended permit tcp host 192.168.10.37 any
access-list Inside_access_in extended permit tcp host 192.168.10.38 any
access-list Inside_access_in extended permit tcp host 192.168.10.39 any
access-list Inside_access_in extended permit tcp host 192.168.10.40 any
access-list Inside_access_in extended permit tcp host 192.168.10.41 any
access-list Inside_access_in extended permit tcp host 192.168.10.42 any
access-list Inside_access_in extended permit tcp host 192.168.10.43 any
access-list Inside_access_in extended permit tcp host 192.168.10.44 any
access-list Inside_access_in extended deny tcp any host 66.151.149.78
access-list Inside_access_in extended deny tcp any host 69.147.112.160
access-list Inside_access_in extended deny tcp any host 208.65.153.238
access-list Inside_access_in extended deny tcp any host 208.65.153.251
access-list Inside_access_in extended deny tcp any host 208.65.153.253
access-list Inside_access_in extended deny tcp any host 216.178.38.104
access-list Inside_access_in extended deny tcp any host 216.178.38.116
access-list Inside_access_in extended deny tcp any host 216.178.38.121
access-list Inside_access_in extended deny tcp any host 216.178.38.129
access-list Inside_access_in extended deny tcp any host 216.178.38.130
access-list Inside_access_in extended deny tcp any host 216.178.38.131
access-list Inside_access_in extended deny tcp any host 216.178.39.15
access-list Inside_access_in extended deny tcp any host 216.178.39.16
access-list Inside_access_in extended deny tcp any host 216.178.39.74
access-list Inside_access_in extended deny tcp any host 69.36.250.253
access-list Inside_access_in extended deny tcp any host 74.208.12.174
access-list Inside_access_in extended deny tcp any host 193.238.160.62
access-list Inside_access_in extended deny tcp any host 8.6.13.62
access-list Inside_access_in extended deny tcp any host 216.32.90.26
access-list Inside_access_in extended deny tcp any host 64.13.152.67
access-list Inside_access_in extended deny tcp any host 204.15.20.80
access-list Inside_access_in extended deny tcp any host 69.63.178.11
access-list Inside_access_in extended deny tcp any host 69.63.178.12
access-list Inside_access_in extended deny tcp any host 69.63.176.10
access-list Inside_access_in extended deny tcp any host 69.63.176.11
access-list Inside_access_in extended deny tcp any host 69.63.176.140
access-list Inside_access_in extended deny tcp any host 74.86.15.130
access-list Inside_access_in extended deny tcp any host 205.188.104.106
access-list Inside_access_in extended deny tcp any host 209.126.247.210
access-list Inside_access_in extended deny tcp any host 216.112.126.107
access-list Inside_access_in extended deny tcp any host 213.251.177.151
access-list Inside_access_in extended deny tcp any host 85.114.159.46
access-list Inside_access_in extended deny tcp any host 64.72.122.87
access-list Inside_access_in extended deny tcp any host 64.72.122.81
access-list Inside_access_in extended deny tcp any host 64.151.89.6
access-list Inside_access_in extended deny tcp any host 85.92.145.14
access-list Inside_access_in extended deny tcp any host 89.149.226.157
access-list Inside_access_in extended deny tcp any host 216.178.39.14
access-list Inside_access_in extended deny tcp any host 216.178.39.12
access-list Inside_access_in extended deny tcp any host 216.178.39.11
access-list Inside_access_in extended deny tcp any host 216.178.39.13
access-list Inside_access_in extended deny tcp any host 216.178.38.124
access-list Inside_access_in extended deny tcp any host 216.178.39.107
access-list Inside_access_in extended deny tcp any host 216.178.39.108
access-list Inside_access_in extended deny tcp any host 216.178.39.106
access-list Inside_access_in extended deny tcp any host 216.178.39.109
access-list Inside_access_in extended deny tcp any host 216.178.38.140
access-list Inside_access_in extended deny tcp any host 216.178.38.134
access-list Inside_access_in extended deny tcp any host 65.54.183.203
access-list Inside_access_in extended deny tcp any host 72.14.223.18
access-list Inside_access_in extended deny tcp any host 72.14.223.19
access-list Inside_access_in extended deny tcp any host 72.14.223.83
access-list Inside_access_in extended deny tcp any host 213.114.36.59
access-list Inside_access_in extended deny tcp any host 210.17.245.108
access-list Inside_access_in extended permit ip any any
access-list Split_Tunnel_list standard permit any
access-list outside_access_in remark Access Rule to allow ISAKMP to
pager lines 24
logging enable
logging list email level debugging class email
logging asdm notifications
logging from-address helpdesk@mydomain.org
logging class vpn asdm debugging
logging rate-limit 1 1 level 4
logging rate-limit 4 1 level 5
logging rate-limit 6 1 level 6
mtu Inside 1500
mtu Outside 1500
ip local pool TestNet 192.168.40.1-192.168.40.250 mask 255.255.255.0
ip verify reverse-path interface Outside
ip audit attack action alarm drop
icmp unreachable rate-limit 1 burst-size 1
icmp permit any Inside
icmp permit any Outside
asdm image disk0:/asdm-602.bin
no asdm history enable
arp timeout 14400
nat-control
global (Outside) 1 209.***.***.114 netmask 255.255.255.0
nat (Inside) 1 0.0.0.0 0.0.0.0
static (Inside,Outside) tcp 209.***.***.114 255.255.255.255
static (Inside,Outside) tcp 209.***.***.114 smtp 192.168.10.7 smtp netmask 255.255.255.255
static (Inside,Outside) tcp 209.***.***.114 3589 192.168.10.9 3389 netmask 255.255.255.255
static (Inside,Outside) tcp 209.***.***.114 1306 192.168.10.32 3389 netmask 255.255.255.255
static (Inside,Outside) tcp 209.***.***.114 https 192.168.10.13 https netmask 255.255.255.255
access-group Inside_access_in in interface Inside
access-group Inside_access_out out interface Inside
access-group Outside_access_in in interface Outside
route Outside 0.0.0.0 0.0.0.0 209.254.201.118 255
route Inside 10.24.15.0 255.255.255.0 192.168.10.254 1
route Inside 10.30.10.0 255.255.255.0 192.168.10.254 1
route Inside 192.168.1.0 255.255.255.0 192.168.10.254 1
route Inside 192.168.11.0 255.255.255.0 192.168.10.254 1
route Inside 192.168.20.0 255.255.255.0 192.168.10.254 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
aaa-server RADIUS protocol radius
aaa-server RADIUS host 192.168.10.9
key radiuskey
radius-common-pw radiuskey
nac-policy DfltGrpPolicy-nac-framework-create nac-framework
reval-period 36000
sq-period 300
http server enable
http 192.168.10.0 255.255.255.0 Inside
snmp-server host Inside 192.168.10.33 community public
snmp-server location Kenyon
no snmp-server contact
snmp-server community PublicH34lth
snmp-server enable traps snmp authentication linkup linkdown coldstart
snmp-server enable traps ipsec start stop
snmp-server enable traps entity config-change fru-insert fru-remove
snmp-server enable traps remote-access session-threshold-exceeded
sysopt connection tcpmss 0
sysopt noproxyarp Inside
crypto ipsec transform-set DES-SHA-TRANS esp-des esp-sha-hmac
crypto ipsec transform-set DES-SHA-TRANS mode transport
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac
crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport
crypto ipsec transform-set Windows-VPN esp-3des esp-md5-hmac
crypto ipsec transform-set Windows-VPN mode transport
crypto ipsec transform-set TRANS_ESP_3DES_MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set TRANS_ESP_3DES_MD5 mode transport
crypto dynamic-map Outside_dyn_map 20 set transform-set DES-SHA-TRANS
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 TRANS_ESP_3DES_SHA
crypto dynamic-map outside_dyn_map 20 set transform-set TRANS_ESP_3DES_MD5
crypto map Outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map 20 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface Outside
crypto ca trustpoint ASDM_TrustPoint0
enrollment self
fqdn ciscoasa
subject-name CN=ciscoasa
no client-types
proxy-ldc-issuer
crl configure
crypto isakmp enable Outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
crypto isakmp policy 20
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 40
authentication crack
encryption 3des
hash sha
group 2
lifetime 86400
client-update enable
no vpn-addr-assign aaa
no vpn-addr-assign dhcp
telnet 192.168.10.0 255.255.255.0 Inside
telnet timeout 5
ssh timeout 5
console timeout 0
priority-queue Inside
queue-limit 488
tx-ring-limit 8
threat-detection basic-threat
threat-detection statistics
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
group-policy DefaultRAGroup internal
group-policy DefaultRAGroup attributes
dns-server value 192.168.10.1 192.168.10.9
vpn-access-hours none
vpn-simultaneous-logins 5
vpn-idle-timeout 30
vpn-session-timeout none
vpn-filter none
vpn-tunnel-protocol IPSec l2tp-ipsec
ip-comp enable
split-tunnel-policy tunnelspecified
split-tunnel-network-list value Split_Tunnel_list
default-domain value cuphd.local
client-firewall none
group-policy DfltGrpPolicy attributes
vpn-tunnel-protocol IPSec l2tp-ipsec
msie-proxy method auto-detect
nac-settings value DfltGrpPolicy-nac-framework-create
webvpn
svc dpd-interval client none
svc dpd-interval gateway none
tunnel-group DefaultRAGroup general-attributes
address-pool TestNet
authentication-server-group RADIUS
default-group-policy DefaultRAGroup
authorization-dn-attributes use-entire-name
tunnel-group DefaultRAGroup ipsec-attributes
pre-shared-key *
peer-id-validate nocheck
chain
tunnel-group DefaultRAGroup ppp-attributes
no authentication chap
authentication ms-chap-v2
tunnel-group-map enable rules
smtp-server 192.168.10.2
prompt hostname context
no compression svc http-comp
Cryptochecksum:08a962e25877ea0835131cebffcf11a8
: end
asdm image disk0:/asdm-602.bin
asdm location 192.168.10.0 255.255.255.0 Inside
no asdm history enable