MediaContactGate# sh run : Saved : : Serial Number: JMX1413L0EM : Hardware: ASA5520, 2048 MB RAM, CPU Pentium 4 Celeron 2000 MHz : ASA Version 9.1(7)19 ! hostname MediaContactGate domain-name test enable password 4HWTea1EPqZ9yXTO encrypted xlate per-session deny tcp any4 any4 xlate per-session deny tcp any4 any6 xlate per-session deny tcp any6 any4 xlate per-session deny tcp any6 any6 xlate per-session deny udp any4 any4 eq domain xlate per-session deny udp any4 any6 eq domain xlate per-session deny udp any6 any4 eq domain xlate per-session deny udp any6 any6 eq domain passwd 2KFQnbNIdI.2KYOU encrypted names ip local pool Pool_VPN 192.168.200.100-192.168.200.200 mask 255.255.255.0 ! interface GigabitEthernet0/0 description vers ISP nameif outside security-level 0 ip address 196.251.154.6 255.255.255.224 ! interface GigabitEthernet0/1 description vers rseau LAN nameif inside security-level 100 ip address 10.0.5.241 255.255.255.0 ! interface GigabitEthernet0/2 shutdown no nameif no security-level no ip address ! interface GigabitEthernet0/3 shutdown no nameif no security-level no ip address ! interface Management0/0 nameif management security-level 100 ip address 10.1.1.1 255.255.255.0 ! boot system disk0:/asa917-19-k8.bin ftp mode passive dns domain-lookup outside dns domain-lookup inside dns server-group DefaultDNS domain-name test same-security-traffic permit inter-interface same-security-traffic permit intra-interface object network NAT-LAN subnet 10.0.5.0 255.255.255.0 description Réseau autorise pour internet object network vpn-user subnet 192.168.200.0 255.255.255.0 object network NETWORK_OBJ_10.0.5.0_24 subnet 10.0.5.0 255.255.255.0 object network NETWORK_OBJ_192.168.200.0_24 subnet 192.168.200.0 255.255.255.0 object network ACtest subnet 192.168.200.0 255.255.255.0 access-list VPN-Split standard permit 10.0.5.0 255.255.255.0 access-list VPN-Split standard permit 10.77.0.0 255.255.0.0 access-list VPN-Split standard permit host 172.21.34.83 access-list VPN-Split standard permit host 10.10.214.227 access-list outside_access_in extended permit ip object NETWORK_OBJ_192.168.200.0_24 any access-list inside_access_in extended permit ip any any pager lines 24 logging enable logging asdm informational mtu outside 1500 mtu inside 1500 mtu management 1500 no failover icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-713.bin no asdm history enable arp timeout 14400 no arp permit-nonconnected nat (outside,inside) source dynamic NETWORK_OBJ_192.168.200.0_24 interface ! object network NAT-LAN nat (inside,outside) dynamic interface access-group outside_access_in in interface outside access-group inside_access_in in interface inside route outside 0.0.0.0 0.0.0.0 196.251.154.2 1 route inside 10.10.214.227 255.255.255.255 10.0.5.252 1 route inside 10.77.0.0 255.255.0.0 10.0.5.252 1 route inside 172.21.34.83 255.255.255.255 10.0.5.252 1 timeout xlate 3:00:00 timeout pat-xlate 0:00:30 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 dynamic-access-policy-record DfltAccessPolicy user-identity default-domain LOCAL aaa authentication enable console LOCAL aaa authentication telnet console LOCAL aaa authentication ssh console LOCAL http server enable http 10.0.5.0 255.255.255.0 inside no snmp-server location no snmp-server contact no sysopt connection permit-vpn crypto ipsec security-association pmtu-aging infinite crypto ca trustpoint ASDM_TrustPoint-AC enrollment self subject-name CN=MediaContactGate keypair RSA crl configure crypto ca trustpool policy crypto ca certificate chain ASDM_TrustPoint-AC certificate 53b7e95e 308202fe 308201e6 a0030201 02020453 b7e95e30 0d06092a 864886f7 0d010105 05003041 31193017 06035504 0313104d 65646961 436f6e74 61637447 61746531 24302206 092a8648 86f70d01 09021615 4d656469 61436f6e 74616374 47617465 2e746573 74301e17 0d323030 36313731 30313831 345a170d 33303036 31353130 31383134 5a304131 19301706 03550403 13104d65 64696143 6f6e7461 63744761 74653124 30220609 2a864886 f70d0109 0216154d 65646961 436f6e74 61637447 6174652e 74657374 30820122 300d0609 2a864886 f70d0101 01050003 82010f00 3082010a 02820101 0086be1e ddee1d7b 7ed9d4f3 dbc6d961 74e7add4 08834322 f99bffa3 82dfcc04 b9a54b23 c3064d91 84370c1b 82269269 b944b56d 3fb9c3e7 527eb0ae f7a34a8f 856e5e52 d2d17425 eeb62ff4 01a3ad05 0e53a6b7 0718c16b a6e9fbeb 14161112 3a51fe23 a02fdc26 4b52a5cc c4b57a84 166e8bdf 334de0f3 ca29308c 67948122 297acd74 04423032 132a10c8 36c1f603 b28d563b ecbd392b 7e5f8071 1ec06bd8 caa825a8 116cbad0 06afeecd be3e3d9b 77b1614e b78a8091 a84c1ae0 166514d4 2cfd4847 fd9e956f 7a72f0a0 03db4594 3283fd0b 0b87e5cf 17902ddf 86dcb0c2 1350fda2 f76d0888 d4724557 eeea0d11 3de50a08 29bfee9a 59a316a4 b24e7cf2 71020301 0001300d 06092a86 4886f70d 01010505 00038201 01004857 e82e6bd2 11122dc3 710eabd5 2f2b1dac f1af0058 b5e66a50 70ee4908 57240dfc 634dd213 bd5e0ca8 ae639c71 4feb863f 28a89509 a5543fb4 17f41327 0c5bad8c 38f514e0 267959bd c603f2b3 f4f2d479 8ffce99d e8583684 51bfba9e afcbb3ed 363c0153 96660837 5bff3d04 470bc45c d550d3e0 4465f32e 0a04092f d55936e3 960ccac1 053c15f4 b696e32b 41a9abe5 98a93303 c22b1ce6 a4544cd7 645eaea0 378530cc 7f771839 75e7bf7f a36417df 4ef8e5c5 a3c19188 84feb2e3 8ea88ff5 996319f3 479ab07f 1b88e1b0 7a3cc1d5 57c10295 63a23ec9 0219bb81 40ea466f 257c9d43 dbfa9468 4d969cbf f7ed86f3 8042d577 022579aa bdd8c61a 11a9 quit telnet timeout 5 ssh stricthostkeycheck ssh 10.0.5.0 255.255.255.0 inside ssh timeout 5 ssh key-exchange group dh-group1-sha1 console timeout 0 threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept ssl trust-point ASDM_TrustPoint-AC outside webvpn enable outside anyconnect image disk0:/anyconnect-win-4.7.01076-webdeploy-k9.pkg 1 anyconnect enable tunnel-group-list enable cache disable group-policy GroupPolicy_MCB-VPN internal group-policy GroupPolicy_MCB-VPN attributes wins-server value 10.0.5.1 dns-server value 10.0.5.1 vpn-tunnel-protocol ssl-client split-tunnel-policy tunnelspecified split-tunnel-network-list value VPN-Split default-domain value benin.groupmediacontact.com username AdminASA password 59c9EqI0EDNn.YsF encrypted privilege 15 username MEDIAMTN2 password //0ZXD0tztd9TUXi encrypted username MEDIAMTN password YK4Za0zJA73A.OsT encrypted tunnel-group MCB-VPN type remote-access tunnel-group MCB-VPN general-attributes address-pool Pool_VPN default-group-policy GroupPolicy_MCB-VPN tunnel-group MCB-VPN webvpn-attributes group-alias MCB-VPN enable ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect icmp ! service-policy global_policy global prompt hostname context no call-home reporting anonymous call-home profile CiscoTAC-1 no active destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address email callhome@cisco.com destination transport-method http subscribe-to-alert-group diagnostic subscribe-to-alert-group environment subscribe-to-alert-group inventory periodic monthly subscribe-to-alert-group configuration periodic monthly subscribe-to-alert-group telemetry periodic daily Cryptochecksum:24d9992a8a0ecf05e7907c5c3f643fe8 : end