login as: jfmailhot jfmailhot@172.18.0.253's password: Access denied jfmailhot@172.18.0.253's password: Type help or '?' for a list of available commands. POSI-MTL-ASA> login Username: jfmailhot Password: *********** POSI-MTL-ASA# show run : Saved : : Serial Number: JMX1144L23K : Hardware: ASA5510, 1024 MB RAM, CPU Pentium 4 Celeron 1600 MHz : ASA Version 9.1(7)29 ! hostname POSI-MTL-ASA enable password qJ1HF8mYVfYvevtR encrypted xlate per-session deny tcp any4 any4 xlate per-session deny tcp any4 any6 xlate per-session deny tcp any6 any4 xlate per-session deny tcp any6 any6 xlate per-session deny udp any4 any4 eq domain xlate per-session deny udp any4 any6 eq domain xlate per-session deny udp any6 any4 eq domain xlate per-session deny udp any6 any6 eq domain passwd H30fDESZyWjGep0s encrypted names ip local pool vpnpool2 172.18.99.10-172.18.99.50 mask 255.255.255.0 ip local pool anyconnect 172.18.99.51-172.18.99.70 mask 255.255.255.0 ip local pool positron_ra 172.18.99.75-172.18.99.100 mask 255.255.255.0 ! interface Ethernet0/0 nameif outside_mto security-level 0 ip address 206.55.85.210 255.255.255.240 ! interface Ethernet0/1 nameif inside security-level 100 ip address 172.18.0.253 255.255.240.0 ! interface Ethernet0/2 nameif dmz security-level 50 ip address 172.18.100.1 255.255.255.0 ! interface Ethernet0/3 nameif public_wifi security-level 10 ip address 10.233.233.1 255.255.255.0 ! interface Management0/0 management-only nameif management security-level 100 ip address 192.168.1.1 255.255.255.0 ! ! time-range Weekend_migrate absolute end 16:57 21 January 2008 ! boot system disk0:/asa917-29-k8.bin ftp mode passive clock timezone EST -5 clock summer-time EDT recurring same-security-traffic permit intra-interface object network obj-172.18.99.0 subnet 172.18.99.0 255.255.255.0 object network obj-172.18.1.200-172.18.1.239 range 172.18.1.200 172.18.1.239 object network obj-172.18.0.0 subnet 172.18.0.0 255.255.240.0 object network obj-192.168.205.0 subnet 192.168.205.0 255.255.255.0 object network obj-172.18.16.0 subnet 172.18.16.0 255.255.255.0 object network obj-172.19.2.0 subnet 172.19.2.0 255.255.255.224 object network obj-172.18.1.253 host 172.18.1.253 object network obj-192.168.201.0 subnet 192.168.201.0 255.255.255.0 object network obj-192.168.202.0 subnet 192.168.202.0 255.255.255.0 object network obj-192.168.37.0 subnet 192.168.37.0 255.255.255.0 object network obj-192.168.36.0 subnet 192.168.36.0 255.255.255.0 object network obj-172.18.0.66 host 172.18.0.66 object network obj-192.168.198.0 subnet 192.168.198.0 255.255.255.0 object network obj-10.50.50.0 subnet 10.50.50.0 255.255.255.0 object network obj-10.10.8.0 subnet 10.10.8.0 255.255.252.0 object network obj-172.16.0.0 subnet 172.16.0.0 255.255.240.0 object network obj-192.168.96.0 subnet 192.168.96.0 255.255.248.0 object network obj-172.18.0.57 host 172.18.0.57 object network obj-206.55.85.219 host 206.55.85.219 object service obj-tcp-source-eq-80 service tcp source eq www object network obj-172.18.0.8 host 172.18.0.8 object network obj-206.55.85.211 host 206.55.85.211 object network obj-172.18.0.50 host 172.18.0.50 object network obj-206.55.85.221 host 206.55.85.221 object network obj-172.18.0.67 host 172.18.0.67 object network obj-206.55.85.220 host 206.55.85.220 object network obj-172.18.0.28 host 172.18.0.28 object network obj-206.55.85.217 host 206.55.85.217 object network obj_any subnet 0.0.0.0 0.0.0.0 object network obj-0.0.0.0 host 0.0.0.0 object network obj_any-01 subnet 0.0.0.0 0.0.0.0 object network obj-192.168.10.0 subnet 192.168.10.0 255.255.255.0 object network obj_any-02 subnet 0.0.0.0 0.0.0.0 object network obj_any-03 subnet 0.0.0.0 0.0.0.0 object network obj_any-04 subnet 0.0.0.0 0.0.0.0 object network public_wifi subnet 10.233.233.0 255.255.255.0 object network obj-192.168.207.0 subnet 192.168.207.0 255.255.255.0 object network brx.calculator.positronaccess.com host 52.60.173.173 object network obj-172.18.0.33 host 172.18.0.33 object network TelecomOTRS host 172.18.0.43 object network obj-172.18.0.5 host 172.18.0.5 object network ERP01 host 172.18.0.15 object network FS2 host 172.18.0.67 object network MTLQCSS01 host 172.18.0.11 object network Posidc003 host 172.18.0.55 object network POSIEXCH host 172.18.0.5 object network SRVAGILE host 172.18.0.12 object network SRVAGILE05 host 172.18.0.19 object network cdms-monitor host 192.168.205.21 object network cdms-mgmt host 192.168.205.31 object network PositronVeeam1 host 172.18.0.103 object network PositronVeeam2 host 172.18.0.27 object network cdms-veeam-mgmt host 192.168.205.61 object-group service svc_lan_to_wan_allowed service-object udp destination eq domain service-object tcp destination eq www service-object tcp destination eq ftp service-object tcp destination eq https service-object tcp destination eq 3389 object-group service web tcp description http and https access port-object eq www port-object eq https object-group service rdp tcp description Remote desktop port-object eq 3389 object-group icmp-type Valid-ICMP description Icmp types used for echo, traceroute and PMTU icmp-object echo-reply icmp-object time-exceeded icmp-object unreachable object-group protocol TCPUDP protocol-object udp protocol-object tcp object-group network RFC1918-subnets network-object 10.0.0.0 255.0.0.0 network-object 172.16.0.0 255.240.0.0 network-object 192.168.0.0 255.255.0.0 object-group service XMPP service-object tcp destination eq 5222 service-object tcp destination eq 5223 service-object tcp destination eq 5224 service-object tcp destination eq 5228 service-object tcp destination eq 5229 service-object tcp destination eq 5269 object-group service ooma_tcp tcp port-object eq pop3 port-object eq domain port-object eq https port-object eq 5061 object-group service ooma_udp udp port-object eq domain port-object eq ntp port-object eq syslog port-object eq 1194 port-object eq 3386 port-object eq 3480 port-object range 10000 30000 object-group network spamhero network-object host 108.60.195.218 network-object host 108.60.195.213 network-object host 108.60.195.222 network-object host 208.53.48.218 network-object host 208.53.48.191 network-object host 208.53.48.71 network-object host 208.53.48.64 object-group network Positron-Servers network-object object FS2 network-object object ERP01 network-object object MTLQCSS01 network-object object Posidc003 network-object object POSIEXCH network-object object SRVAGILE network-object object SRVAGILE05 network-object object PositronVeeam1 network-object object PositronVeeam2 object-group network cdms-management network-object object cdms-monitor network-object object cdms-mgmt network-object object cdms-veeam-mgmt object-group service cdmspm tcp port-object eq 8041 port-object eq 8057 access-list outbound extended permit tcp any host 108.160.99.199 object-group cdmspm access-list outbound remark access to CDMS pswdmgmt access-list outbound extended permit tcp host 172.18.0.9 host 108.160.99.57 eq 9119 access-list outbound extended permit tcp 172.18.0.0 255.255.240.0 host 63.86.8.1 eq 3389 access-list outbound extended permit tcp any any eq 8080 access-list outbound remark outbound for new exchange access-list outbound extended permit tcp host 172.18.0.5 host 108.160.99.109 eq 82 access-list outbound extended permit tcp host 172.18.0.5 host 66.11.35.220 eq 82 access-list outbound extended permit tcp host 172.18.0.5 host 66.11.35.220 eq 81 access-list outbound extended permit tcp host 172.18.0.5 any4 eq smtp access-list outbound remark Outbound Access to brx.calculator.positronaccess.com access-list outbound extended permit tcp any object brx.calculator.positronaccess.com range 444 449 access-list outbound remark vpn traffic to cornwall access-list outbound extended permit ip 172.18.0.0 255.255.240.0 192.168.207.0 255.255.255.0 access-list outbound extended permit tcp any host 65.39.172.114 eq 8000 access-list outbound remark ourbound access for ooma access-list outbound extended permit tcp 172.18.0.0 255.255.240.0 any4 object-group ooma_tcp access-list outbound extended permit udp 172.18.0.0 255.255.240.0 any4 object-group ooma_udp access-list outbound remark Calix ACS access-list outbound extended permit tcp 172.18.0.0 255.255.240.0 host 64.84.30.230 eq 8080 access-list outbound extended permit tcp host 172.18.5.94 host 108.160.99.109 eq 82 access-list outbound extended permit tcp host 172.18.0.8 host 108.160.99.109 eq 82 access-list outbound extended permit tcp host 172.18.0.8 host 66.11.35.220 eq 82 access-list outbound extended permit ip host 172.18.5.70 any4 access-list outbound remark XMPP access-list outbound extended permit object-group XMPP any4 any4 access-list outbound extended permit ip host 172.18.5.218 any4 access-list outbound remark PBX access-list outbound extended permit ip host 172.18.0.50 any4 access-list outbound remark allow access to CDMS PA Server Monitor access-list outbound extended permit tcp host 172.18.0.8 host 66.11.35.220 eq 81 access-list outbound remark Allow outbound access for git access-list outbound extended permit tcp 172.18.0.0 255.255.240.0 any4 eq 9418 access-list outbound remark outbound access to cpanel for hp117.hostpapa.com access-list outbound extended permit tcp 172.18.0.0 255.255.240.0 host 70.33.246.190 eq 2083 access-list outbound remark outbound smtp access-list outbound extended permit tcp 172.18.0.0 255.255.240.0 any4 eq 465 access-list outbound extended permit tcp 172.18.0.0 255.255.240.0 any4 eq 587 access-list outbound remark Allow access to www.positrontelecom.com cpanel access-list outbound extended permit tcp 172.18.0.0 255.255.240.0 host 198.1.127.130 eq 2082 access-list outbound extended permit tcp 172.18.0.0 255.255.240.0 host 70.33.246.190 eq 2082 access-list outbound extended permit tcp 172.18.0.0 255.255.240.0 host 174.120.118.187 eq 2082 access-list outbound remark Allow outbound NTP traffic access-list outbound extended permit udp 172.18.0.0 255.255.240.0 any4 eq ntp access-list outbound remark VPN tunnel tunnel access - all IP access-list outbound extended permit ip 172.18.0.0 255.255.0.0 10.40.0.0 255.255.0.0 access-list outbound remark Allow external WEB access access-list outbound extended permit tcp 172.18.0.0 255.255.240.0 any4 object-group web access-list outbound extended permit tcp 192.168.36.0 255.255.255.0 any4 eq www access-list outbound extended permit tcp 192.168.36.0 255.255.255.0 any4 eq https access-list outbound extended permit tcp 172.18.0.0 255.255.240.0 host 74.55.91.90 eq 2083 access-list outbound remark Allow email delivery from mail server access-list outbound extended permit tcp host 172.18.0.8 any4 eq smtp access-list outbound extended permit tcp host 172.18.0.10 any4 eq smtp access-list outbound remark Allow Telnet to outside access-list outbound extended permit tcp any4 any4 eq telnet access-list outbound remark Allow FTP to outside access-list outbound extended permit tcp 172.18.0.0 255.255.240.0 any4 eq ftp access-list outbound remark Ping allowed access-list outbound extended permit icmp any4 any4 echo access-list outbound remark Allow outbound VPN connections with NAT traversal access-list outbound extended permit udp any4 any4 eq 4500 access-list outbound extended permit udp any4 any4 eq isakmp access-list outbound remark Alllow all access to CDMS network during migration weekend access-list outbound extended permit ip any4 64.254.232.224 255.255.255.224 time-range Weekend_migrate access-list outbound remark Allow DNS lookups access-list outbound extended permit object-group TCPUDP any4 any4 eq domain access-list outbound remark Allow RDP to DMZ access-list outbound extended permit tcp 172.18.0.0 255.255.240.0 172.18.100.0 255.255.255.0 object-group rdp access-list outbound remark Allow access from inside to remote VPN clients access-list outbound extended permit ip 172.18.0.0 255.255.240.0 172.19.2.0 255.255.255.224 access-list outbound extended permit ip 172.18.16.0 255.255.255.0 172.19.2.0 255.255.255.224 access-list outbound extended permit ip 192.168.96.0 255.255.248.0 172.18.99.0 255.255.255.0 access-list outbound extended permit ip 172.18.0.0 255.255.240.0 172.18.99.0 255.255.255.0 access-list outbound extended permit tcp 172.18.0.0 255.255.240.0 host 69.93.183.26 eq 2083 access-list outbound remark Allow external SSH access access-list outbound extended permit tcp any4 any4 eq ssh access-list outbound remark 20081103 HN INC34267 access-list outbound extended permit tcp any4 any4 eq pop3 access-list outbound remark Permit VNC access from inside to DMZ Server access-list outbound extended permit tcp 172.18.0.0 255.255.240.0 host 172.18.100.100 eq 5901 access-list outbound remark permit PPTP access to Aktino access-list outbound extended permit tcp 172.18.0.0 255.255.240.0 host 66.238.111.238 eq pptp access-list outbound extended permit gre 172.18.0.0 255.255.240.0 host 66.238.111.238 access-list outbound extended permit ip 172.18.0.0 255.255.240.0 192.168.201.0 255.255.255.0 access-list outbound extended permit ip 172.18.0.0 255.255.240.0 192.168.202.0 255.255.255.0 access-list outbound remark Permit outbound POP3 access-list outbound extended permit tcp 172.18.0.0 255.255.240.0 any4 eq pop3 access-list outbound extended permit tcp 172.18.0.0 255.255.240.0 any4 eq 995 access-list outbound remark Allow outbound smtp traffic on port 587 access-list outbound extended permit tcp host 172.18.1.100 any4 eq 587 access-list outbound remark allow Outbound AOL AIM access access-list outbound extended permit tcp 172.18.0.0 255.255.240.0 any4 eq aol access-list outbound remark Permit outbound IMAP traffic access-list outbound extended permit tcp 172.18.0.0 255.255.240.0 any4 eq imap4 access-list outbound extended permit tcp 172.18.0.0 255.255.240.0 any4 eq 993 access-list outbound remark permit outbound access for UPS access-list outbound extended permit tcp host 172.18.5.192 any4 eq https access-list outbound extended permit tcp host 172.18.5.192 any4 eq 1024 access-list outbound remark Explicit deny access-list outbound extended deny ip any4 any4 log warnings access-list nonat remark CDMS Trusted Network access-list nonat extended permit ip 172.18.0.0 255.255.240.0 192.168.205.0 255.255.255.0 access-list nonat extended permit ip 172.18.16.0 255.255.255.0 172.19.2.0 255.255.255.224 access-list nonat extended permit ip host 172.18.1.253 172.19.2.0 255.255.255.224 access-list nonat extended permit ip 172.18.0.0 255.255.240.0 172.18.99.0 255.255.255.0 access-list nonat extended permit ip 172.18.0.0 255.255.240.0 192.168.201.0 255.255.255.0 access-list nonat extended permit ip 172.18.0.0 255.255.240.0 192.168.202.0 255.255.255.0 access-list nonat extended permit ip 192.168.37.0 255.255.255.0 172.18.99.0 255.255.255.0 access-list nonat extended permit ip 192.168.36.0 255.255.255.0 172.18.99.0 255.255.255.0 access-list nonat extended permit ip host 172.18.0.66 192.168.198.0 255.255.255.0 access-list nonat extended permit ip 192.168.96.0 255.255.248.0 172.18.99.0 255.255.255.0 access-list inbound remark Ping, Traceroute and PMTU replies access-list inbound extended permit icmp any4 any4 object-group Valid-ICMP access-list inbound remark Explicit deny rule access-list inbound extended deny ip any4 any4 access-list remotevpn_splitTunnelAcl standard permit 172.18.0.0 255.255.240.0 access-list remotevpn_splitTunnelAcl standard permit 192.168.36.0 255.255.255.0 access-list remotevpn_splitTunnelAcl standard permit 192.168.37.0 255.255.255.0 access-list remotevpn_splitTunnelAcl standard permit 192.168.96.0 255.255.248.0 access-list crypto_acl_50 extended permit ip 172.18.0.0 255.255.240.0 192.168.201.0 255.255.255.0 access-list crypto_acl_20 extended permit ip object-group Positron-Servers object-group cdms-management access-list capcal remark Capture for Web server in California access-list capcal extended deny tcp any4 any4 eq 3389 access-list capcal extended permit ip host 172.18.0.11 any4 access-list capcal extended permit ip any4 host 172.18.0.11 access-list crypto_acl_40 extended permit ip 172.18.0.0 255.255.240.0 192.168.36.0 255.255.255.0 access-list MTLtoCAL202_filter extended permit ip 172.18.0.0 255.255.240.0 192.168.202.0 255.255.255.0 access-list MTLtoCAL202_filter extended deny ip any4 any4 access-list crypto_acl_60 extended permit ip 172.18.0.0 255.255.240.0 192.168.202.0 255.255.255.0 access-list nat_outbound extended permit ip 172.18.0.0 255.255.240.0 any4 access-list nat_outbound extended permit ip 192.168.36.0 255.255.255.0 any4 access-list flow_export_acl extended permit ip any any access-list inbound_mto remark inbound for new exchange access-list inbound_mto extended permit tcp any4 host 172.18.0.5 eq imap4 access-list inbound_mto extended permit tcp any4 host 172.18.0.5 eq 993 access-list inbound_mto extended permit tcp any4 host 172.18.0.5 object-group web access-list inbound_mto extended permit tcp object-group spamhero host 172.18.0.5 eq smtp access-list inbound_mto extended permit tcp host 65.39.172.114 host 172.18.0.5 eq smtp access-list inbound_mto extended permit tcp 208.81.64.0 255.255.248.0 host 172.18.0.5 eq smtp access-list inbound_mto extended permit tcp 208.65.144.0 255.255.248.0 host 172.18.0.5 eq smtp access-list inbound_mto remark Inbound Access to Telecom OTRS access-list inbound_mto extended permit tcp any host 172.18.0.43 eq 8043 access-list inbound_mto remark vpn traffic from cornwall access-list inbound_mto extended permit ip 192.168.207.0 255.255.255.0 host 172.18.0.17 access-list inbound_mto extended permit ip 192.168.207.0 255.255.255.0 host 172.18.0.31 access-list inbound_mto remark access from EMI access-list inbound_mto extended permit tcp 192.168.202.0 255.255.255.0 host 172.18.0.17 eq 3690 access-list inbound_mto remark inbound access to FS2 access-list inbound_mto extended permit tcp any4 host 172.18.0.33 eq www access-list inbound_mto extended permit tcp any4 host 172.18.0.33 eq 65100 access-list inbound_mto remark inbound access to PBX access-list inbound_mto extended permit udp any4 host 172.18.0.50 eq sip access-list inbound_mto extended permit udp any4 host 172.18.0.50 range 10000 12000 access-list inbound_mto remark Positron Access ticketmaster access-list inbound_mto extended permit tcp any4 host 172.18.0.57 eq www access-list inbound_mto remark Eminc VPN Access access-list inbound_mto extended permit ip 192.168.198.0 255.255.255.0 host 172.18.0.66 access-list inbound_mto remark Permitted VPN Traffic access-list inbound_mto extended permit ip 192.168.205.0 255.255.255.0 172.18.0.0 255.255.240.0 access-list inbound_mto extended permit ip 192.168.36.0 255.255.255.0 172.18.99.0 255.255.255.0 access-list inbound_mto extended permit ip 192.168.36.0 255.255.255.0 172.18.0.0 255.255.240.0 access-list inbound_mto extended permit ip 192.168.201.0 255.255.255.0 172.18.0.0 255.255.240.0 inactive access-list inbound_mto extended permit ip 192.168.202.0 255.255.255.0 172.18.0.0 255.255.240.0 inactive access-list inbound_mto extended permit ip 172.18.99.0 255.255.255.0 192.168.36.0 255.255.255.0 access-list inbound_mto extended permit ip 172.18.99.0 255.255.255.0 172.18.0.0 255.255.240.0 access-list inbound_mto extended permit ip 172.18.99.0 255.255.255.0 192.168.96.0 255.255.248.0 access-list inbound_mto remark Ping, Traceroute and PMTU replies access-list inbound_mto extended permit icmp any4 any4 object-group Valid-ICMP access-list inbound_mto extended permit tcp any4 host 172.18.0.28 eq ftp access-list inbound_mto extended permit tcp any4 host 172.18.0.28 range 60000 60004 access-list inbound_mto remark Explicit deny rule access-list inbound_mto extended deny ip any any access-list dmz_in extended permit tcp host 172.18.100.100 host 172.18.0.10 eq smtp access-list dmz_in remark Migration, ACE (line 2) expanded: deny ip any object-group RFC1918-subnets access-list dmz_in extended deny ip any4 10.0.0.0 255.0.0.0 access-list dmz_in extended deny ip any4 172.18.0.0 255.255.240.0 access-list dmz_in extended deny ip any4 172.16.0.0 255.240.0.0 access-list dmz_in extended deny ip any4 192.168.0.0 255.255.0.0 access-list dmz_in remark Migration: End of expansion access-list dmz_in extended permit ip any4 any4 access-list dmz_in extended deny ip any4 any4 access-list vpn_to_cornwall extended permit ip 172.18.0.0 255.255.240.0 192.168.207.0 255.255.255.0 pager lines 24 logging enable logging timestamp logging monitor debugging logging buffered informational logging trap warnings logging asdm notifications logging host inside 172.18.0.11 logging host inside 192.168.205.30 no logging message 106006 no logging message 106023 no logging message 106100 flow-export template timeout-rate 1 mtu outside_mto 1500 mtu inside 1500 mtu dmz 1500 mtu public_wifi 1500 mtu management 1500 icmp unreachable rate-limit 1 burst-size 1 no asdm history enable arp timeout 14400 no arp permit-nonconnected nat (inside,any) source static obj-172.18.0.0 obj-172.18.0.0 destination static obj-192.168.207.0 obj-192.168. 207.0 no-proxy-arp route-lookup nat (inside,any) source static obj-172.18.0.0 obj-172.18.0.0 destination static obj-192.168.205.0 obj-192.168. 205.0 no-proxy-arp route-lookup nat (inside,any) source static obj-172.18.16.0 obj-172.18.16.0 destination static obj-172.19.2.0 obj-172.19.2. 0 no-proxy-arp route-lookup nat (inside,any) source static obj-172.18.1.253 obj-172.18.1.253 destination static obj-172.19.2.0 obj-172.19. 2.0 no-proxy-arp route-lookup nat (inside,any) source static obj-172.18.0.0 obj-172.18.0.0 destination static obj-172.18.99.0 obj-172.18.99. 0 no-proxy-arp route-lookup nat (inside,any) source static obj-172.18.0.0 obj-172.18.0.0 destination static obj-192.168.201.0 obj-192.168. 201.0 no-proxy-arp route-lookup nat (inside,any) source static obj-172.18.0.0 obj-172.18.0.0 destination static obj-192.168.202.0 obj-192.168. 202.0 no-proxy-arp route-lookup nat (inside,any) source static obj-192.168.37.0 obj-192.168.37.0 destination static obj-172.18.99.0 obj-172.18 .99.0 no-proxy-arp route-lookup nat (inside,any) source static obj-192.168.36.0 obj-192.168.36.0 destination static obj-172.18.99.0 obj-172.18 .99.0 no-proxy-arp route-lookup nat (inside,any) source static obj-172.18.0.66 obj-172.18.0.66 destination static obj-192.168.198.0 obj-192.16 8.198.0 no-proxy-arp route-lookup nat (inside,any) source static obj-192.168.96.0 obj-192.168.96.0 destination static obj-172.18.99.0 obj-172.18 .99.0 no-proxy-arp route-lookup nat (inside,outside_mto) source static obj-172.18.0.57 obj-206.55.85.219 service obj-tcp-source-eq-80 obj-tcp- source-eq-80 nat (inside,dmz) source static obj-172.18.0.0 obj-172.18.0.0 nat (inside,outside_mto) source static obj-172.18.0.50 obj-206.55.85.221 nat (inside,outside_mto) source static obj-172.18.0.28 obj-206.55.85.217 nat (inside,outside_mto) source dynamic obj-172.18.0.0 interface nat (inside,outside_mto) source dynamic obj-192.168.36.0 interface nat (inside,outside_mto) source static obj-172.18.0.33 obj-206.55.85.220 nat (inside,outside_mto) source static obj-172.18.0.5 obj-206.55.85.211 ! object network obj-172.18.99.0 nat (outside_mto,outside_mto) dynamic obj-172.18.1.200-172.18.1.239 object network obj-172.18.0.0 nat (inside,outside_mto) dynamic interface object network obj_any nat (inside,outside_mto) dynamic obj-0.0.0.0 object network obj_any-01 nat (inside,dmz) dynamic obj-0.0.0.0 object network obj-192.168.10.0 nat (dmz,outside_mto) dynamic interface object network obj_any-02 nat (dmz,outside_mto) dynamic obj-0.0.0.0 object network obj_any-03 nat (management,outside_mto) dynamic obj-0.0.0.0 object network obj_any-04 nat (management,dmz) dynamic obj-0.0.0.0 object network public_wifi nat (public_wifi,outside_mto) dynamic interface object network TelecomOTRS nat (inside,outside_mto) static 206.55.85.215 access-group inbound_mto in interface outside_mto access-group outbound in interface inside access-group dmz_in in interface dmz route outside_mto 0.0.0.0 0.0.0.0 206.55.85.209 1 route inside 10.10.8.0 255.255.252.0 172.18.1.253 1 route outside_mto 64.254.232.246 255.255.255.255 206.55.85.209 1 route inside 172.18.16.0 255.255.240.0 172.18.1.253 1 route inside 192.168.36.0 255.255.255.0 172.18.0.24 1 route inside 192.168.96.0 255.255.248.0 172.18.1.253 1 timeout xlate 3:00:00 timeout pat-xlate 0:00:30 timeout conn 6:30:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 dynamic-access-policy-record DfltAccessPolicy aaa-server ias protocol radius aaa-server ias (inside) host 172.18.0.9 key ***** user-identity default-domain LOCAL aaa authentication ssh console LOCAL aaa authentication http console LOCAL http server enable 9443 http 192.168.1.0 255.255.255.0 management http 172.18.0.0 255.255.240.0 inside http 108.160.99.247 255.255.255.255 outside_mto http 108.160.99.109 255.255.255.255 outside_mto http 69.90.183.162 255.255.255.255 outside_mto snmp-server host inside 192.168.205.30 community ***** version 2c no snmp-server location no snmp-server contact no sysopt connection permit-vpn crypto ipsec ikev1 transform-set trsf_set_1 esp-3des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec security-association pmtu-aging infinite crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP -AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 crypto dynamic-map dynmap 100 set pfs crypto dynamic-map dynmap 100 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-3DES-SHA ESP-3DES-MD 5 crypto dynamic-map dynmap2 100 set pfs crypto dynamic-map dynmap2 100 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-3DES-SHA ESP-3DES-M D5 crypto dynamic-map dynmap2 100 set reverse-route crypto map pwr_pti 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP crypto map mto_map 20 match address crypto_acl_20 crypto map mto_map 20 set peer 64.34.144.162 crypto map mto_map 20 set ikev1 transform-set ESP-AES-256-SHA crypto map mto_map 20 set security-association lifetime seconds 28800 crypto map mto_map 50 match address crypto_acl_50 crypto map mto_map 50 set pfs crypto map mto_map 50 set peer 69.239.83.34 crypto map mto_map 50 set ikev1 transform-set ESP-3DES-MD5 ESP-3DES-SHA crypto map mto_map 60 match address vpn_to_cornwall crypto map mto_map 60 set peer 72.1.213.20 crypto map mto_map 60 set ikev1 transform-set ESP-AES-256-MD5 crypto map mto_map 65535 ipsec-isakmp dynamic dynmap2 crypto map mto_map interface outside_mto crypto ca trustpoint self enrollment self fqdn tarantula.positron.ca subject-name CN=tarantula.positron.ca keypair sslvpnkeypair crl configure crypto ca trustpoint ASDM_TrustPoint3 enrollment terminal crl configure crypto ca trustpoint ASDM_wild2021 keypair ASDM_wild2021 crl configure crypto ca trustpool policy crypto ca certificate chain self certificate f8e97257 30820308 308201f0 a0030201 020204f8 e9725730 0d06092a 864886f7 0d010105 05003046 311e301c 06035504 03131574 6172616e 74756c61 2e706f73 6974726f 6e2e6361 31243022 06092a86 4886f70d 01090216 15746172 616e7475 6c612e70 6f736974 726f6e2e 6361301e 170d3136 30363239 31323036 35365a17 0d323630 36323731 32303635 365a3046 311e301c 06035504 03131574 6172616e 74756c61 2e706f73 6974726f 6e2e6361 31243022 06092a86 4886f70d 01090216 15746172 616e7475 6c612e70 6f736974 726f6e2e 63613082 0122300d 06092a86 4886f70d 01010105 00038201 0f003082 010a0282 0101008a d172cf5d f0a86159 6159d0c2 bd03b63a 4b09a52d af8a115f 43f76b85 2be7cae1 3020d3ba 8d5912db 2d8f46bc 83f9ff44 beb8f0be 6951d114 5896d3eb 7975f411 98118078 f6cd2c1e d25f135a 704eb77b 955c20fd 8651166f 73d79cdb 14e875fc 1ba8c7a9 5103efbc 0888382b 93313486 c7d685d2 baab7955 ac10d5e2 4a7495c9 05d0a811 558d577e a0183a2c c2649309 d1dd1ab1 799cab83 564c7e86 e51fe2ca 8027a2c6 5edb3619 a071b6e9 9fe32eca adf4ff44 d661a577 d9c445d5 46f81bf1 04bcb533 c7e55954 5bb07fe0 dcae584d e494b923 fbc6fc2a ee736d56 edb0782e d542a542 aac41e72 64432423 8ae47a96 e58bb563 d0c21f4d 99413eac 20493b02 03010001 300d0609 2a864886 f70d0101 05050003 82010100 86db6bcb acaf0dbe f1333b74 a6a9d6f5 0e6a258f 23425671 fc5d6985 6c234731 0317d777 632b18ba 62e3cd33 d82be489 5f044030 0cd9107e a84ca6bc 6a21eae9 f6013704 75ba8cb9 566b4749 4fc5f23b 2b9ad84c 3036106f 68f44269 57b0548d dad4264a d00d1010 5e73bb5e b7d1e605 172dfdfa 15156c0b 660ad12d 6e6df8ce 819745c3 459fe5df ed556007 e6f2b095 d9019f04 22492133 0c506aba 818bc013 f7f67503 b29ab73f f1e969f5 9f1bc569 c0ca78cb e014c5b4 c57882db bd00b577 e1ea34f4 9d989e2f e449b20a 66dfb57d 7c3e5458 4b7b66b4 ccde1bed 95388432 ba7cce39 b33431a6 846070a1 7f31497c a1524b7a 6c5a9d3a 645aa0ef 5a113dc2 quit crypto ca certificate chain ASDM_TrustPoint3 certificate ca 0301 308204de 308203c6 a0030201 02020203 01300d06 092a8648 86f70d01 01050500 3063310b 30090603 55040613 02555331 21301f06 0355040a 13185468 6520476f 20446164 64792047 726f7570 2c20496e 632e3131 302f0603 55040b13 28476f20 44616464 7920436c 61737320 32204365 72746966 69636174 696f6e20 41757468 6f726974 79301e17 0d303631 31313630 31353433 375a170d 32363131 31363031 35343337 5a3081ca 310b3009 06035504 06130255 53311030 0e060355 04081307 4172697a 6f6e6131 13301106 03550407 130a5363 6f747473 64616c65 311a3018 06035504 0a131147 6f446164 64792e63 6f6d2c20 496e632e 31333031 06035504 0b132a68 7474703a 2f2f6365 72746966 69636174 65732e67 6f646164 64792e63 6f6d2f72 65706f73 69746f72 79313030 2e060355 04031327 476f2044 61646479 20536563 75726520 43657274 69666963 6174696f 6e204175 74686f72 69747931 11300f06 03550405 13083037 39363932 38373082 0122300d 06092a86 4886f70d 01010105 00038201 0f003082 010a0282 010100c4 2dd5158c 9c264cec 3235eb5f b859015a a6618159 3b7063ab e3dc3dc7 2ab8c933 d379e43a ed3c3023 848eb330 14b6b287 c33d9554 049edf99 dd0b251e 21de6529 7e35a8a9 54ebf6f7 3239d426 5595adef fbfe5886 d79ef400 8d8c2a0c bd4204ce a73f04f6 ee80f2aa ef52a169 66dabe1a ad5dda2c 66ea1a6b bbe51a51 4a002f48 c79875d8 b929c8ee f8666d0a 9cb3f3fc 787ca2f8 a3f2b5c3 f3b97a91 c1a7e625 2e9ca8ed 12656e6a f6124453 703095c3 9c2b582b 3d08744a f2be51b0 bf87d04c 27586bb5 35c59daf 1731f80b 8feead81 36058908 98cf3aaf 2587c049 eaa7fd67 f7458e97 cc1439e2 3685b57e 1a37fd16 f671119a 743016fe 1394a33f 840d4f02 03010001 a3820132 3082012e 301d0603 551d0e04 160414fd ac613293 6c45d6e2 ee855f9a bae77699 68cce730 1f060355 1d230418 30168014 d2c4b0d2 91d44c11 71b361cb 3da1fedd a86ad4e3 30120603 551d1301 01ff0408 30060101 ff020100 30330608 2b060105 05070101 04273025 30230608 2b060105 05073001 86176874 74703a2f 2f6f6373 702e676f 64616464 792e636f 6d304606 03551d1f 043f303d 303ba039 a0378635 68747470 3a2f2f63 65727469 66696361 7465732e 676f6461 6464792e 636f6d2f 7265706f 7369746f 72792f67 64726f6f 742e6372 6c304b06 03551d20 04443042 30400604 551d2000 30383036 06082b06 01050507 0201162a 68747470 3a2f2f63 65727469 66696361 7465732e 676f6461 6464792e 636f6d2f 7265706f 7369746f 7279300e 0603551d 0f0101ff 04040302 0106300d 06092a86 4886f70d 01010505 00038201 0100d286 c0ecbdf9 a1b667ee 660ba206 3a04508e 1572ac4a 749553cb 37cb4449 ef07906b 33d996f0 9456a513 30053c85 32217bc9 c70aa824 a490de46 d3252314 0367c210 d66f0f5d 7b7acc9f c5582ac1 c49e21a8 5af3aca4 46f39ee4 63cb2f90 a4292901 d9722c29 df370127 bc4fee68 d3218fc0 b3e4f509 edd210aa 53b4bef0 cc590bd6 3b961c95 2449dfce ecfda748 9114450e 3a366fda 45b345a2 41c9d4d7 444e3eb9 7476d5a2 13552cc6 87a3b599 ac068487 7f7506fc bf144c0e cc6ec4df 3db71271 f4e8f151 40222849 e01d4b87 a834cc06 a2dd125a d1863664 03356f6f 776eebf2 8550985e ab0353ad 9123631f 169ccdb9 b205633a e1f4681b 17053595 53ee quit crypto ca certificate chain ASDM_wild2021 certificate 525e98715bcba7f3 3082064a 30820532 a0030201 02020852 5e98715b cba7f330 0d06092a 864886f7 0d01010b 05003081 b4310b30 09060355 04061302 55533110 300e0603 55040813 07417269 7a6f6e61 31133011 06035504 07130a53 636f7474 7364616c 65311a30 18060355 040a1311 476f4461 6464792e 636f6d2c 20496e63 2e312d30 2b060355 040b1324 68747470 3a2f2f63 65727473 2e676f64 61646479 2e636f6d 2f726570 6f736974 6f72792f 31333031 06035504 03132a47 6f204461 64647920 53656375 72652043 65727469 66696361 74652041 7574686f 72697479 202d2047 32301e17 0d323130 31323531 37323633 345a170d 32323032 30353136 34343232 5a304231 21301f06 0355040b 1318446f 6d61696e 20436f6e 74726f6c 2056616c 69646174 6564311d 301b0603 5504030c 142a2e70 6f736974 726f6e61 63636573 732e636f 6d308201 22300d06 092a8648 86f70d01 01010500 0382010f 00308201 0a028201 0100da61 5d90bc46 afc96940 cad08bdd 18f26636 72f751fa be970ae5 10799936 81e1183c 352385e4 466ba6f4 ec9304cc f9030bac eb4171d0 e9d62ade b77479d3 083d6a21 5eaee98c ad64b42d 6ce2a484 390429fc 99fecc95 9fd0e7d4 bdbbe281 92f6c9a4 ac753a7a a98385d5 0b30a4f1 324e716d 4a777604 71c127ea 55beb69d 69a8534e 9670dfae 08b5ffde 4a9021f9 a9dd2f69 46683bc3 1a6718af c800220d a8b17a5b e272d832 04f81d74 052b2cbc 51c23acc ace054e1 945617d9 db2f4cf1 c5e0ef61 d948c526 636c3b78 7ec3ea57 47431066 89b5b091 3bf9c0a2 da82a6f2 4496cdb2 fa4462a9 fcc6b926 e3678c14 d6e9dcf3 73024352 83e1ffa1 41f68c29 15450203 010001a3 8202cf30 8202cb30 0c060355 1d130101 ff040230 00301d06 03551d25 04163014 06082b06 01050507 03010608 2b060105 05070302 300e0603 551d0f01 01ff0404 030205a0 30380603 551d1f04 31302f30 2da02ba0 29862768 7474703a 2f2f6372 6c2e676f 64616464 792e636f 6d2f6764 69673273 312d3236 34352e63 726c305d 0603551d 20045630 54304806 0b608648 0186fd6d 01071701 30393037 06082b06 01050507 0201162b 68747470 3a2f2f63 65727469 66696361 7465732e 676f6461 6464792e 636f6d2f 7265706f 7369746f 72792f30 08060667 810c0102 01307606 082b0601 05050701 01046a30 68302406 082b0601 05050730 01861868 7474703a 2f2f6f63 73702e67 6f646164 64792e63 6f6d2f30 4006082b 06010505 07300286 34687474 703a2f2f 63657274 69666963 61746573 2e676f64 61646479 2e636f6d 2f726570 6f736974 6f72792f 67646967 322e6372 74301f06 03551d23 04183016 801440c2 bd278ecc 348330a2 33d7fb6c b3f0b42c 80ce3033 0603551d 11042c30 2a82142a 2e706f73 6974726f 6e616363 6573732e 636f6d82 12706f73 6974726f 6e616363 6573732e 636f6d30 1d060355 1d0e0416 0414e5e1 7369fe9a ef22085d ccb88f9e 7f9048f6 d3313082 0104060a 2b060104 01d67902 04020481 f50481f2 00f00076 002979be f09e3939 21f05673 9f63a577 e5be577d 9c600af8 f94d5d26 5c255dc7 84000001 773a9553 5c000004 03004730 45022013 cfe83ec2 d9cd4bf9 2d0e2ee9 5a523d45 7fa023da 0e834d67 9405b786 dcd1e402 210087e8 73d2e976 0b52922c 8ed7458f 2b4967cd e935806a 6f891e62 e55923ff 0c010076 00224545 07595524 56963fa1 2ff1f76d 86e02326 63adc04b 7f5dc683 5c6ee20f 02000001 773a9554 84000004 03004730 45022100 bc1199f3 50370149 63d29d69 72ea9382 1e6d43b4 1279a941 e4275735 a8e185e2 02207ec9 cade7ed7 6bce1160 37a21343 7b345860 979d8f87 ce5f7e29 905fe04d 3fd7300d 06092a86 4886f70d 01010b05 00038201 0100b9bc f3bba6d2 66ed1168 67748ab0 168b42e2 3b2ae4ad 65c8ae14 cf5bc86f 0c87e3b0 3cdef9e7 359a8846 3161b852 06cf7247 408e033e 5d653104 12630f4e f20b2d14 1ea886bd c44a963a 48c04394 e4333c89 f2640cd4 ee31597d ea07ced7 8904b693 94a77da5 75641e19 3be7e29e 31d8ee04 fd6e4bff c81c1bc9 9ed2b42c 310aa5ac aa05652a 5c002a0d e58d0725 c18897d9 73bb6ac2 e646e0b8 9d22a210 48955249 fe45d77a 34bc7567 9ccf56a8 c74a540e da36220b a72561a5 89454f94 6cb4e591 831c278a 530e972e b6f09aac bc9fde56 2fb72836 ab70e6e9 f0da59aa 5bb132dc bd4a1b4b 1485bb52 b3acfd9a 0fa2399d 73e4b5e8 bbdab205 ab597889 1dd5 quit crypto isakmp nat-traversal 25 crypto ikev1 enable outside_mto crypto ikev1 policy 30 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 crypto ikev1 policy 50 authentication pre-share encryption 3des hash md5 group 2 lifetime 86400 crypto ikev1 policy 100 authentication pre-share encryption 3des hash md5 group 2 lifetime 28800 crypto ikev1 policy 110 authentication pre-share encryption aes-256 hash sha group 5 lifetime 86400 crypto ikev1 policy 150 authentication pre-share encryption aes-256 hash sha group 5 lifetime 28800 crypto ikev1 policy 65535 authentication pre-share encryption des hash sha group 2 lifetime 86400 telnet timeout 5 ssh stricthostkeycheck ssh 108.160.99.247 255.255.255.255 outside_mto ssh 108.160.99.109 255.255.255.255 outside_mto ssh 69.90.183.162 255.255.255.255 outside_mto ssh 172.18.0.0 255.255.240.0 inside ssh 192.168.1.0 255.255.255.0 management ssh timeout 30 ssh key-exchange group dh-group1-sha1 console timeout 0 management-access inside dhcpd address 172.18.100.100-172.18.100.110 dmz dhcpd enable dmz ! dhcpd address 10.233.233.150-10.233.233.200 public_wifi dhcpd dns 8.8.8.8 4.2.2.2 interface public_wifi dhcpd enable public_wifi ! dhcpd address 192.168.1.2-192.168.1.254 management dhcpd enable management ! threat-detection basic-threat threat-detection statistics port threat-detection statistics protocol threat-detection statistics access-list no threat-detection statistics tcp-intercept ntp server 199.212.17.21 ntp server 199.212.17.22 ntp server 132.246.168.148 ntp server 209.87.233.53 ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1 ssl trust-point ASDM_wild2021 outside_mto webvpn enable outside_mto anyconnect image disk0:/anyconnect-win-4.8.02042-webdeploy-k9.pkg 1 anyconnect image disk0:/anyconnect-macos-4.8.02042-webdeploy-k9.pkg 2 anyconnect enable tunnel-group-list enable cache disable group-policy DfltGrpPolicy attributes dns-server value 172.18.0.55 default-domain value positron.ca group-policy remotevpn internal group-policy remotevpn attributes vpn-tunnel-protocol ikev1 split-tunnel-policy tunnelspecified split-tunnel-network-list value remotevpn_splitTunnelAcl group-policy positron_ra internal group-policy positron_ra attributes dns-server value 172.18.0.55 172.18.0.8 vpn-tunnel-protocol ssl-client split-tunnel-policy tunnelspecified split-tunnel-network-list value remotevpn_splitTunnelAcl default-domain value positron.ca webvpn anyconnect ask enable username admin password JfuMOLciDOSC0q8o encrypted privilege 15 username jfmailhot password GhT9b/yfp/bahZRh encrypted privilege 15 tunnel-group DefaultL2LGroup ipsec-attributes ikev1 pre-shared-key ***** tunnel-group 206.162.183.146 type ipsec-l2l tunnel-group 206.162.183.146 ipsec-attributes ikev1 pre-shared-key ***** tunnel-group remotevpn type remote-access tunnel-group remotevpn general-attributes address-pool vpnpool2 authentication-server-group ias LOCAL default-group-policy remotevpn tunnel-group remotevpn ipsec-attributes ikev1 pre-shared-key ***** tunnel-group cdmsvpn type remote-access tunnel-group cdmsvpn general-attributes address-pool vpnpool2 default-group-policy remotevpn tunnel-group cdmsvpn ipsec-attributes ikev1 pre-shared-key ***** tunnel-group 69.239.83.34 type ipsec-l2l tunnel-group 69.239.83.34 ipsec-attributes ikev1 pre-shared-key ***** tunnel-group 67.23.220.98 type ipsec-l2l tunnel-group 67.23.220.98 ipsec-attributes ikev1 pre-shared-key ***** tunnel-group 64.34.144.162 type ipsec-l2l tunnel-group 64.34.144.162 ipsec-attributes ikev1 pre-shared-key ***** tunnel-group positron_ra type remote-access tunnel-group positron_ra general-attributes address-pool positron_ra authentication-server-group ias default-group-policy positron_ra tunnel-group positron_ra webvpn-attributes group-alias positron_ra enable tunnel-group 72.1.213.20 type ipsec-l2l tunnel-group 72.1.213.20 ipsec-attributes ikev1 pre-shared-key ***** ! class-map inspection_default match default-inspection-traffic class-map pptp-port match port tcp eq pptp class-map flow_export_class match access-list flow_export_acl ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum client auto policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect icmp inspect ip-options class pptp-port inspect pptp class flow_export_class ! service-policy global_policy global prompt hostname context no call-home reporting anonymous call-home profile CiscoTAC-1 no active destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address email callhome@cisco.com destination transport-method http subscribe-to-alert-group diagnostic subscribe-to-alert-group environment subscribe-to-alert-group inventory periodic monthly subscribe-to-alert-group configuration periodic monthly subscribe-to-alert-group telemetry periodic daily Cryptochecksum:b31e6f61552e6f03a85ad4c20891da6a : end POSI-MTL-ASA#