ASA Version 7.0(6) ! hostname BARODAASA domain-name barodaventures.local enable password OLwrzN2..uVF.NHM encrypted names dns-guard ! interface Ethernet0/0 nameif outside security-level 0 ip address 208.x.x.x 255.255.255.0 ! interface Ethernet0/1 nameif inside security-level 100 ip address 192.168.1.1 255.255.255.252 ! interface Ethernet0/2 shutdown no nameif security-level 100 no ip address ! interface Management0/0 shutdown no nameif no security-level no ip address management-only ! passwd OLwrzN2..uVF.NHM encrypted ftp mode passive clock timezone PST -8 object-group service Remote_Access_Ports tcp port-object eq 3389 port-object eq 5900 object-group network Remote_Access_Hosts network-object host 208.x.x.x network-object host 208.x.x.x network-object host 208.x.x.x access-list 100 extended permit icmp any any access-list 100 extended permit udp any any eq isakmp access-list 100 extended permit esp any any access-list 100 extended permit tcp any host 208.x.x.x eq 3389 access-list 100 extended permit ip any host 208.x.x.x access-list 100 extended permit tcp any host 208.x.x.x range 41790 41799 access-list 100 extended permit tcp any object-group Remote_Access_Hosts object- group Remote_Access_Ports access-list 100 extended permit tcp any host 208.x.x.x eq 3389 access-list 100 extended permit tcp any host 208.x.x.x eq 5900 access-list 100 extended permit tcp any host 208.x.x.x eq smtp access-list 100 extended permit tcp any host 208.x.x.x eq www access-list 100 extended permit tcp any host 208.x.x.x range 8234 8235 access-list 100 extended permit tcp any host 208.x.x.x eq 3389 access-list 100 extended permit tcp any host 208.x.x.x eq 5900 access-list 100 extended permit tcp any host 208.x.x.x eq www access-list 100 extended permit tcp any host 208.x.x.x eq https access-list 100 extended permit tcp any host 208.x.x.x eq https access-list 100 extended permit tcp any host 208.x.x.x eq www access-list 100 extended permit tcp 216.x.x.x 255.255.255.0 host 208.x.x.x eq smtp access-list 100 extended permit tcp 216.x.x.x 255.255.255.0 host 208.x.x.x eq smtp access-list 100 extended permit tcp 213.x.x.x 255.255.255.0 host 208.x.x.x 0 eq smtp access-list 100 extended permit tcp 213.x.x.x 255.255.255.0 host 208.x.x.x 0 eq smtp access-list 100 extended permit tcp 207.x.x.x 255.255.255.0 host 208.x.x.x eq smtp access-list 100 extended permit tcp 207.x.x.x 255.255.255.192 host 208.x.x.x 10 eq smtp access-list 100 extended permit tcp host 206.x.x.x host 208.x.x.x eq smtp access-list 100 extended permit tcp 63.x.x.x 255.255.255.0 host 208.x.x.x eq smtp access-list 100 extended permit tcp host 12.x.x.x host 208.x.x.x eq smt p access-list 100 extended permit tcp host 12.x.x.x host 208.x.x.x eq smtp access-list 100 extended permit tcp 12.x.x.x 255.255.255.0 host 208.x.x.x eq smtp access-list 100 extended permit tcp any host 208.x.x.x eq 10000 access-list 100 extended permit udp any host 208.x.x.x eq 10000 access-list 100 extended permit tcp any host 208.x.x.x eq imap4 access-list 100 extended permit tcp any host 208.x.x.x eq 993 access-list NONAT extended permit ip 10.1.3.0 255.255.255.0 10.1.10.0 255.255.255.0 access-list NONAT extended permit ip 10.1.3.0 255.255.255.0 10.1.1.0 255.255.255.0 access-list NONAT extended permit ip 10.1.3.0 255.255.255.0 10.1.5.0 255.255.255.0 access-list NONAT extended permit ip 10.1.3.0 255.255.255.0 10.1.2.0 255.255.255.0 access-list NONAT extended permit ip 10.1.3.0 255.255.255.0 10.1.20.0 255.255.255.0 access-list NONAT extended permit ip 10.1.3.0 255.255.255.0 10.1.4.0 255.255.255.0 access-list NONAT extended permit ip 10.1.3.0 255.255.255.0 172.16.1.0 255.255.255.0 access-list NONAT extended permit ip 10.1.5.0 255.255.255.0 172.19.1.0 255.255.255.0 access-list ACACIASPLIT extended permit ip 10.1.5.0 255.255.255.0 172.19.1.0 255.255.255.0 access-list BARODA extended permit ip 10.1.3.0 255.255.255.0 10.1.10.0 255.255.255.0 access-list BARODA extended permit ip 10.1.3.0 255.255.255.0 10.1.1.0 255.255.255.0 access-list BARODA extended permit ip 10.1.3.0 255.255.255.0 10.1.20.0 255.255.255.0 access-list BARODA extended permit ip 10.1.3.0 255.255.255.0 10.1.4.0 255.255.255.0 access-list Acacia extended permit ip 10.1.3.0 255.255.255.0 10.1.5.0 255.255.255.0 access-list ROXBURY extended permit ip 10.1.3.0 255.255.255.0 10.1.2.0 255.255.255.0 access-list VPNCLIENT extended permit ip 10.1.3.0 255.255.255.0 172.16.1.0 255.255.255.0 access-list AllowTCP extended permit tcp any any ! tcp-map mss-map exceed-mss allow ! pager lines 24 logging enable logging timestamp logging trap informational logging device-id hostname logging host inside 10.1.3.10 logging permit-hostdown mtu outside 1500 mtu inside 1500 ip local pool vpnclientpool 172.16.1.1-172.16.1.50 mask 255.255.255.0 ip local pool ACACIAPOOL 172.19.1.1-172.19.1.50 mask 255.255.255.0 asdm image disk0:/asdm506.bin no asdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 0 access-list NONAT nat (inside) 1 0.0.0.0 0.0.0.0 static (inside,outside) 208.x.x.x 10.1.3.50 netmask 255.255.255.255 static (inside,outside) 208.x.x.x 10.1.3.10 netmask 255.255.255.255 static (inside,outside) 208.x.x.x 10.1.3.250 netmask 255.255.255.255 static (inside,outside) 208.x.x.x 10.1.3.25 netmask 255.255.255.255 static (outside,inside) 208.x.x.x 10.1.3.7 netmask 255.255.255.255 static (inside,outside) 208.x.x.x 10.1.3.15 netmask 255.255.255.255 static (inside,outside) 208.x.x.x 10.1.3.6 netmask 255.255.255.255 static (inside,outside) 208.x.x.x 10.1.3.7 netmask 255.255.255.255 static (inside,outside) 208.x.x.x 10.1.5.5 netmask 255.255.255.255 static (inside,outside) 208.x.x.x 10.1.5.200 netmask 255.255.255.255 static (inside,outside) 208.x.x.x 10.1.3.252 netmask 255.255.255.255 access-group 100 in interface outside route outside 0.0.0.0 0.0.0.0 208.x.x.x 1 route inside 10.1.3.0 255.255.255.0 192.168.1.2 1 route inside 10.1.5.0 255.255.255.0 192.168.1.2 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server partnerauth protocol radius aaa-server partnerauth host 10.1.3.10 timeout 5 key ydab2d aaa-server ACACIARADIUS protocol radius aaa-server ACACIARADIUS host 10.1.5.5 timeout 5 key il2btwac group-policy ACACIA internal group-policy ACACIA attributes wins-server value 10.1.5.5 dns-server value 10.1.5.5 vpn-idle-timeout 30 split-tunnel-policy tunnelspecified split-tunnel-network-list value ACACIASPLIT default-domain value acaciawealth.local webvpn group-policy BARODA internal group-policy BARODA attributes wins-server value 10.1.3.10 dns-server value 10.1.3.10 split-tunnel-policy tunnelspecified split-tunnel-network-list value VPNCLIENT default-domain value barodaventures.local webvpn http server enable http 192.168.1.0 255.255.255.0 inside snmp-server location Baroda Ventures snmp-server contact ckoo@groupoliver.com snmp-server community 9ice411 snmp-server enable traps snmp authentication linkup linkdown coldstart service resetinbound service resetoutside crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto dynamic-map outside_dyn_map 40 set transform-set ESP-3DES-MD5 crypto map VPNmap 100 match address BARODA crypto map VPNmap 100 set pfs crypto map VPNmap 100 set peer 65.x.x.x crypto map VPNmap 100 set transform-set ESP-3DES-MD5 crypto map VPNmap 200 match address ROXBURY crypto map VPNmap 200 set pfs crypto map VPNmap 200 set peer 206.x.x.x crypto map VPNmap 200 set transform-set ESP-3DES-MD5 crypto map VPNmap 300 match address Acacia crypto map VPNmap 300 set pfs crypto map VPNmap 300 set peer 65.x.x.x crypto map VPNmap 300 set transform-set ESP-3DES-MD5 crypto map VPNmap 800 ipsec-isakmp dynamic outside_dyn_map crypto map VPNmap interface outside isakmp identity address isakmp enable outside isakmp policy 10 authentication pre-share isakmp policy 10 encryption des isakmp policy 10 hash md5 isakmp policy 10 group 2 isakmp policy 10 lifetime 86400 isakmp policy 65535 authentication pre-share isakmp policy 65535 encryption des isakmp policy 65535 hash sha isakmp policy 65535 group 2 isakmp policy 65535 lifetime 86400 isakmp nat-traversal 20 tunnel-group DefaultRAGroup general-attributes authentication-server-group (outside) partnerauth tunnel-group DefaultRAGroup ipsec-attributes isakmp keepalive threshold 10 tunnel-group 65.x.x.x type ipsec-l2l tunnel-group 65.x.x.x ipsec-attributes pre-shared-key * tunnel-group 65.x.x.x type ipsec-l2l tunnel-group 65.x.x.x ipsec-attributes pre-shared-key * tunnel-group 206.x.x.x type ipsec-l2l tunnel-group 206.x.x.x ipsec-attributes pre-shared-key * tunnel-group BARODA type ipsec-ra tunnel-group BARODA general-attributes address-pool vpnclientpool authentication-server-group partnerauth default-group-policy BARODA tunnel-group BARODA ipsec-attributes pre-shared-key * isakmp keepalive threshold 10 tunnel-group ACACIA type ipsec-ra tunnel-group ACACIA general-attributes address-pool ACACIAPOOL authentication-server-group ACACIARADIUS default-group-policy ACACIA tunnel-group ACACIA ipsec-attributes pre-shared-key * isakmp keepalive threshold 10 telnet 0.0.0.0 0.0.0.0 inside telnet timeout 5 ssh 0.0.0.0 0.0.0.0 outside ssh timeout 5 console timeout 0 ! class-map all_tcp description "This class-map matches all TCP traffic" match access-list AllowTCP class-map inspection_default match default-inspection-traffic ! ! policy-map global_policy class inspection_default inspect dns maximum-length 512 inspect ftp inspect h323 h225 inspect h323 ras inspect netbios inspect rsh inspect rtsp inspect skinny inspect sqlnet inspect sunrpc inspect tftp inspect sip inspect xdmcp inspect icmp ! service-policy global_policy global ntp server 192.x.x.x source outside prefer ntp server 192.x.x.x source outside ntp server 38.x.x.x source outside ssl encryption des-sha1 rc4-md5 Cryptochecksum:fe26fd33061b382075d60c1f57afa7b3 : end