1604 ASA : Saved : : Serial Number: JMX191240UB : Hardware: ASA5505, 512 MB RAM, CPU Geode 500 MHz : ASA Version 9.2(4) ! hostname 1604-ASA01 enable password 8Ry2YjIyt7RRXU24 encrypted xlate per-session deny tcp any4 any4 xlate per-session deny tcp any4 any6 xlate per-session deny tcp any6 any4 xlate per-session deny tcp any6 any6 xlate per-session deny udp any4 any4 eq domain xlate per-session deny udp any4 any6 eq domain xlate per-session deny udp any6 any4 eq domain xlate per-session deny udp any6 any6 eq domain passwd 2KFQnbNIdI.2KYOU encrypted names ! interface Ethernet0/0 switchport access vlan 2 ! interface Ethernet0/1 ! interface Ethernet0/2 ! interface Ethernet0/3 ! interface Ethernet0/4 ! interface Ethernet0/5 ! interface Ethernet0/6 ! interface Ethernet0/7 ! interface Vlan1 nameif inside security-level 100 ip address 192.168.5.100 255.255.255.0 ! interface Vlan2 nameif outside security-level 0 ip address dhcp setroute ! boot system disk0:/asa924-k8.bin ftp mode passive object network obj_any subnet 0.0.0.0 0.0.0.0 object network SHF-DYB subnet 192.168.2.0 255.255.255.0 object network SHF-NY37th subnet 192.168.1.0 255.255.255.0 object network SHF-SP subnet 192.168.3.0 255.255.255.0 object network SHF-1604LAN subnet 192.168.5.0 255.255.255.0 object-group network SHF-remotesubnets network-object 192.168.1.0 255.255.255.0 network-object 192.168.4.0 255.255.255.0 network-object 192.168.2.0 255.255.255.0 network-object 192.168.3.0 255.255.255.0 network-object 10.10.0.0 255.255.255.0 access-list from_outside extended permit icmp any any echo access-list VPN_2_DYB extended permit ip object SHF-1604LAN object-group SHF-remotesubnets pager lines 24 logging asdm informational mtu inside 1500 mtu outside 1500 icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-751-90.bin no asdm history enable arp timeout 14400 no arp permit-nonconnected nat (inside,outside) source static SHF-1604LAN SHF-1604LAN destination static SHF-remotesubnets SHF-remotesubnets no-proxy-arp route-lookup ! object network obj_any nat (inside,outside) dynamic interface ! nat (inside,outside) after-auto source dynamic any interface timeout xlate 3:00:00 timeout pat-xlate 0:00:30 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 dynamic-access-policy-record DfltAccessPolicy user-identity default-domain LOCAL aaa authentication ssh console LOCAL http server enable http 192.168.5.0 255.255.255.0 inside no snmp-server location no snmp-server contact crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec security-association pmtu-aging infinite crypto map CmapOutside_VPN2DYB 1 match address VPN_2_DYB crypto map CmapOutside_VPN2DYB 1 set peer 108.58.38.146 crypto map CmapOutside_VPN2DYB 1 set ikev1 transform-set ESP-3DES-SHA crypto map CmapOutside_VPN2DYB interface outside crypto ca trustpoint _SmartCallHome_ServerCA no validation-usage crl configure crypto ca trustpool policy crypto ca certificate chain _SmartCallHome_ServerCA crypto isakmp nat-traversal 30 crypto ikev1 enable outside crypto ikev1 policy 10 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 telnet timeout 5 ssh stricthostkeycheck ssh 0.0.0.0 0.0.0.0 inside ssh 0.0.0.0 0.0.0.0 outside ssh timeout 10 ssh key-exchange group dh-group1-sha1 console timeout 0 dhcpd dns 192.168.2.50 8.8.8.8 dhcpd wins 192.168.2.50 ! dhcpd address 192.168.5.40-192.168.5.71 inside dhcpd enable inside ! threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept username wca password gEau71zRzDvNer0O encrypted tunnel-group 108.58.38.146 type ipsec-l2l tunnel-group 108.58.38.146 ipsec-attributes ikev1 pre-shared-key ***** ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum client auto message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect ip-options inspect icmp ! service-policy global_policy global prompt hostname context call-home reporting anonymous Cryptochecksum:07f9344b94945d7f631d9d0b27bb2bc5 : end