Result of the command: "sh run" : Saved : ASA Version 8.0(2) ! hostname LNDCBLFW01 domain-name mydomain.com enable password *** encrypted names dns-guard ! interface GigabitEthernet0/0 nameif Outside security-level 0 ip address 100.1.0.146 255.255.255.240 standby 100.1.0.147 ! interface GigabitEthernet0/1 no nameif no security-level no ip address ! interface GigabitEthernet0/1.54 vlan 54 nameif inside security-level 100 ip address 172.16.1.1 255.255.255.0 standby 172.16.1.2 ! interface GigabitEthernet0/1.57 vlan 57 nameif crossConnect security-level 25 ip address 10.251.1.1 255.255.255.240 standby 10.251.1.2 ! interface GigabitEthernet0/2 no nameif no security-level no ip address ! interface GigabitEthernet0/2.56 vlan 56 nameif DMZ security-level 50 ip address 100.2.83.1 255.255.255.192 standby 100.2.83.1 ! interface GigabitEthernet0/2.60 vlan 60 nameif DMZ-2 security-level 50 ip address 100.14.8.1 255.255.255.128 standby 100.14.8.2 ! interface GigabitEthernet0/3 description LAN/STATE Failover Interface ! interface Management0/0 shutdown nameif management security-level 100 no ip address management-only ! passwd *** encrypted boot system disk0:/asa802-k8.bin ftp mode passive clock timezone MST -7 clock summer-time MDT recurring dns server-group DefaultDNS domain-name mydomain.com same-security-traffic permit inter-interface object-group service Phone service-object udp range 1024 65535 object-group service UDP-Phone udp port-object range 1024 65535 object-group service Phones udp group-object UDP-Phone object-group service UDP udp group-object UDP-Phone object-group network LignupServers network-object host 100.2.83.8 object-group network NatpassGroup network-object host 100.2.83.11 network-object host 100.2.83.7 object-group network NextoneServers network-object host 100.2.83.42 network-object host 100.2.83.43 network-object host 100.2.83.44 network-object host 100.2.83.45 network-object host 100.2.83.46 network-object host 100.2.83.48 network-object host 100.2.83.49 network-object host 100.2.83.50 network-object host 100.2.83.51 network-object host 100.2.83.41 object-group network WebServers network-object host 100.2.83.10 network-object host 100.2.83.13 network-object host 100.2.83.14 network-object host 100.2.83.17 network-object host 100.2.83.18 network-object host 100.2.83.24 network-object host 100.2.83.25 network-object host 100.2.83.26 network-object host 100.2.83.27 network-object host 100.2.83.28 network-object host 100.2.83.29 network-object host 100.2.83.30 network-object host 100.2.83.31 network-object host 100.2.83.5 network-object host 100.2.83.6 network-object host 100.2.83.9 object-group service WebServices tcp description Port List for Access to Web Server port-object eq 1701 port-object eq 8000 port-object eq 8080 port-object eq ftp port-object eq ftp-data port-object eq www port-object eq https object-group network Packet-Servers network-object host 100.2.83.33 network-object host 100.2.83.47 object-group network mansina network-object 172.31.67.0 255.255.255.192 object-group network DM_INLINE_NETWORK_1 network-object host 100.2.83.42 network-object host 100.2.83.43 access-list Outside_access_in remark VOIP Access to Lignup Servers access-list Outside_access_in extended permit udp any object-group LignupServers range 1024 65535 log disable access-list Outside_access_in remark VOIP Access to Natpass access-list Outside_access_in extended permit udp any object-group NatpassGroup range 1024 65535 log disable access-list Outside_access_in remark Web Server Access access-list Outside_access_in extended permit tcp any object-group WebServers object-group WebServices log disable access-list Outside_access_in remark Desktop Perspective Access to WS02 access-list Outside_access_in extended permit icmp any host 100.2.83.6 log disable access-list Outside_access_in remark VOIP Access to Nextone Servers access-list Outside_access_in extended permit udp any object-group NextoneServers range 1024 65535 log disable access-list Outside_access_in extended permit icmp any any echo-reply log disable access-list Outside_access_in extended permit icmp any object-group NextoneServers log disable access-list Outside_access_in extended permit udp any object-group Packet-Servers object-group UDP-Phone log disable access-list inside-nonat extended permit ip 172.16.1.0 255.255.255.0 100.2.83.0 255.255.255.192 access-list inside-nonat extended permit ip 172.16.1.0 255.255.255.0 10.0.0.0 255.255.255.0 access-list inside-nonat extended permit ip 172.16.1.0 255.255.255.0 10.251.1.0 255.255.255.240 access-list inside-nonat extended permit ip 172.16.1.0 255.255.255.0 10.0.10.0 255.255.255.0 access-list inside-nonat extended permit ip 172.16.1.0 255.255.255.0 10.251.2.0 255.255.255.240 access-list inside-nonat extended permit ip 172.16.1.0 255.255.255.0 100.14.31.0 255.255.255.0 access-list inside-nonat extended permit ip 172.16.1.0 255.255.255.0 100.14.8.0 255.255.255.128 access-list permit_dmz extended permit ip 100.2.83.0 255.255.255.0 172.16.1.0 255.255.255.0 access-list permit_dmz extended permit ip any any access-list dmz-nonat extended permit ip 100.2.83.0 255.255.255.0 any access-list crossconnect-access-in extended permit ip any any access-list Verizon_VPN1 extended permit ip host 100.2.83.8 63.110.102.224 255.255.255.224 access-list Outside_cryptomap_1 extended permit ip 100.2.83.0 255.255.255.192 63.110.102.224 255.255.255.224 access-list Outside_cryptomap_6 extended permit ip object-group DM_INLINE_NETWORK_1 object-group mansina access-list Outside_cryptomap extended permit ip 100.2.83.0 255.255.255.192 65.211.120.224 255.255.255.224 access-list Outside_cryptomap_2 extended permit ip 100.2.83.0 255.255.255.192 63.77.76.224 255.255.255.224 access-list Outside_cryptomap_3 extended permit ip 100.2.83.0 255.255.255.192 65.243.172.224 255.255.255.224 access-list Outside_cryptomap_4 extended permit ip 100.2.83.0 255.255.255.192 65.217.40.192 255.255.255.224 access-list DMZ-2_nat0_outbound extended permit ip 100.14.8.0 255.255.255.128 any pager lines 24 logging enable logging asdm-buffer-size 512 logging asdm warnings logging host crossConnect 100.14.31.4 mtu Outside 1500 mtu inside 1500 mtu crossConnect 1500 mtu DMZ 1500 mtu management 1500 mtu DMZ-2 1500 failover failover lan unit primary failover lan interface Failover GigabitEthernet0/3 failover link Failover GigabitEthernet0/3 failover interface ip Failover 172.17.1.10 255.255.255.0 standby 172.17.1.11 monitor-interface inside monitor-interface DMZ monitor-interface DMZ-2 icmp unreachable rate-limit 1 burst-size 1 icmp permit any inside asdm image disk0:/asdm-602.bin asdm history enable arp timeout 14400 nat-control global (Outside) 1 interface nat (inside) 0 access-list inside-nonat nat (inside) 1 172.16.1.0 255.255.255.0 nat (DMZ) 0 access-list dmz-nonat nat (management) 0 0.0.0.0 0.0.0.0 nat (DMZ-2) 0 access-list DMZ-2_nat0_outbound access-group Outside_access_in in interface Outside access-group crossconnect-access-in in interface crossConnect access-group permit_dmz in interface DMZ route Outside 0.0.0.0 0.0.0.0 100.14.84.145 1 route crossConnect 10.0.0.0 255.255.255.0 10.251.1.5 1 route crossConnect 10.0.10.0 255.255.255.0 10.251.1.5 1 route crossConnect 10.251.2.0 255.255.255.240 10.251.1.5 1 route crossConnect 100.14.31.0 255.255.255.0 10.251.1.5 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout uauth 0:05:00 absolute dynamic-access-policy-record DfltAccessPolicy http server enable http 192.168.1.0 255.255.255.0 management http 172.16.1.0 255.255.255.0 inside http * 255.255.255.0 crossConnect snmp-server host inside * community * version 2c no snmp-server location no snmp-server contact snmp-server community * snmp-server enable traps snmp authentication linkup linkdown coldstart service resetoutside crypto ipsec transform-set Verizon_IPSEC esp-3des esp-md5-hmac crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac crypto map outside_cryptomap 1 match address Verizon_VPN1 crypto map outside_cryptomap 1 set pfs crypto map outside_cryptomap 1 set peer * crypto map outside_cryptomap 1 set transform-set Verizon_IPSEC crypto map Outside_map 1 match address Outside_cryptomap_1 crypto map Outside_map 1 set pfs crypto map Outside_map 1 set peer * crypto map Outside_map 1 set transform-set ESP-3DES-MD5 Verizon_IPSEC crypto map Outside_map 2 match address Outside_cryptomap crypto map Outside_map 2 set pfs crypto map Outside_map 2 set peer * crypto map Outside_map 2 set transform-set Verizon_IPSEC crypto map Outside_map 2 set security-association lifetime seconds 86400 crypto map Outside_map 3 match address Outside_cryptomap_2 crypto map Outside_map 3 set pfs crypto map Outside_map 3 set peer * crypto map Outside_map 3 set transform-set Verizon_IPSEC crypto map Outside_map 3 set security-association lifetime seconds 86400 crypto map Outside_map 4 match address Outside_cryptomap_3 crypto map Outside_map 4 set pfs crypto map Outside_map 4 set peer * crypto map Outside_map 4 set transform-set Verizon_IPSEC crypto map Outside_map 4 set security-association lifetime seconds 86400 crypto map Outside_map 5 match address Outside_cryptomap_4 crypto map Outside_map 5 set pfs crypto map Outside_map 5 set peer * crypto map Outside_map 5 set transform-set Verizon_IPSEC crypto map Outside_map 5 set security-association lifetime seconds 86400 crypto map Outside_map 6 match address Outside_cryptomap_6 crypto map Outside_map 6 set peer 200.115.231.132 crypto map Outside_map 6 set transform-set ESP-3DES-MD5 Verizon_IPSEC crypto map Outside_map 6 set nat-t-disable crypto map Outside_map interface Outside crypto isakmp enable Outside crypto isakmp policy 1 authentication pre-share encryption 3des hash md5 group 2 lifetime 86400 crypto isakmp policy 2 authentication pre-share encryption 3des hash md5 group 2 lifetime 28800 no crypto isakmp nat-traversal telnet timeout 5 ssh 0.0.0.0 0.0.0.0 Outside ssh 172.16.1.0 255.255.255.0 inside ssh 10.0.0.0 255.255.255.0 crossConnect ssh 0.0.0.0 0.0.0.0 management ssh timeout 15 console timeout 0 management-access inside priority-queue Outside tx-ring-limit 80 threat-detection basic-threat threat-detection statistics port threat-detection statistics protocol threat-detection statistics access-list ! class-map global-class match port udp range 1024 65535 class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns migrated_dns_map_2 parameters message-length maximum 512 policy-map global_policy class inspection_default inspect dns migrated_dns_map_2 inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect netbios inspect esmtp class global-class priority ! service-policy global_policy global group-policy DfltGrpPolicy attributes vpn-tunnel-protocol IPSec l2tp-ipsec tunnel-group * type ipsec-l2l tunnel-group * ipsec-attributes pre-shared-key * tunnel-group 200.115.231.132 type ipsec-l2l tunnel-group 200.115.231.132 ipsec-attributes pre-shared-key * tunnel-group * type ipsec-l2l tunnel-group * ipsec-attributes pre-shared-key * tunnel-group * type ipsec-l2l tunnel-group * ipsec-attributes pre-shared-key * tunnel-group * type ipsec-l2l tunnel-group * ipsec-attributes pre-shared-key * tunnel-group * type ipsec-l2l tunnel-group * ipsec-attributes pre-shared-key * prompt hostname context : end