yAfbCY1S

1THUMBWAR-ASA# show run
2: Saved
3:
4ASA Version 8.2(1) 
5!
6hostname THUMBWAR-ASA
7enable password 8Ry2YjIyt7RRXU24 encrypted
8passwd 2KFQnbNIdI.2KYOU encrypted
9names
10name 209.31.18.0 A-209.31.18.0 description VoicePulse subnet
11name 64.61.93.0 A-64.61.93.0 description VoicePulse subnet
12name 67.108.9.160 A-67.108.9.160 description VoicePulse subnet
13!
14interface Vlan1
15 nameif inside
16 security-level 100
17 ip address 192.168.1.1 255.255.255.0 
18!
19interface Vlan2
20 nameif outside
21 security-level 0
22 ip address 24.43.70.202 255.255.255.248 
23!
24interface Ethernet0/0
25 switchport access vlan 2
26!
27interface Ethernet0/1
28!
29interface Ethernet0/2
30!
31interface Ethernet0/3
32!
33interface Ethernet0/4
34!
35interface Ethernet0/5
36!
37interface Ethernet0/6
38!
39interface Ethernet0/7
40!
41ftp mode passive
42object-group service NAT-T udp
43 port-object eq 4500
44object-group network DM_INLINE_NETWORK_1
45 network-object A-209.31.18.0 255.255.255.0
46 network-object A-64.61.93.0 255.255.255.0
47 network-object A-67.108.9.160 255.255.255.224
48object-group network DM_INLINE_NETWORK_2
49 network-object A-209.31.18.0 255.255.255.0
50 network-object A-64.61.93.0 255.255.255.0
51 network-object A-67.108.9.160 255.255.255.224
52object-group service VoicePulseUDP udp
53 port-object range 10000 20000
54 port-object eq 4569
55object-group service DM_INLINE_UDP_1 udp
56 group-object VoicePulseUDP
57 port-object eq sip
58object-group service VoicePulseTCP tcp
59 port-object eq 5222
60 port-object eq 6600
61object-group service VOIPTCP tcp
62 group-object VoicePulseTCP
63object-group service VoicePulseVOIPTCP tcp
64 group-object VoicePulseTCP
65object-group service DM_INLINE_TCP_1 tcp
66 port-object eq ftp
67 port-object eq www
68 port-object eq https
69 port-object eq 5900
70object-group service DM_INLINE_SERVICE_1
71 service-object tcp-udp eq www 
72 service-object tcp eq ftp 
73 service-object tcp eq https 
74 service-object tcp eq ftp-data 
75access-list outside_access_in extended permit udp object-group DM_INLINE_NETWORK_1 host 24.43.70.203 object-group DM_INLINE_UDP_1 
76access-list outside_access_in extended permit tcp object-group DM_INLINE_NETWORK_2 host 24.43.70.203 object-group VoicePulseTCP 
77access-list outside_access_in extended permit tcp any host 24.43.70.204 object-group DM_INLINE_TCP_1 
78access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_1 any host 24.43.70.205 
79access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0 
80access-list inside_nat0_outbound extended permit ip any 192.168.2.0 255.255.255.0 
81access-list thumbwar_splitTunnelAcl standard permit 192.168.1.0 255.255.255.0 
82access-list inside_access_in extended permit ip any any 
83pager lines 24
84logging monitor debugging
85mtu inside 1500
86mtu outside 1500
87ip local pool VPNPool 192.168.2.1-192.168.2.254 mask 255.255.255.0
88icmp unreachable rate-limit 1 burst-size 1
89no asdm history enable
90arp timeout 14400
91global (outside) 10 interface
92nat (inside) 0 access-list inside_nat0_outbound
93nat (inside) 10 192.168.1.0 255.255.255.0
94static (inside,outside) 24.43.70.203 192.168.1.12 netmask 255.255.255.255 
95static (inside,outside) 24.43.70.204 192.168.1.64 netmask 255.255.255.255 
96static (inside,outside) 24.43.70.205 192.168.1.30 netmask 255.255.255.255 
97access-group inside_access_in in interface inside control-plane
98access-group outside_access_in in interface outside
99route outside 0.0.0.0 0.0.0.0 24.43.70.201 1
100timeout xlate 3:00:00
101timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
102timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
103timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
104timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
105timeout tcp-proxy-reassembly 0:01:00
106dynamic-access-policy-record DfltAccessPolicy
107aaa authentication ssh console LOCAL 
108aaa authentication http console LOCAL 
109http server enable
110http 192.168.1.0 255.255.255.0 inside
111http 0.0.0.0 0.0.0.0 outside
112no snmp-server location
113no snmp-server contact
114snmp-server enable traps snmp authentication linkup linkdown coldstart
115crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac 
116crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac 
117crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac 
118crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac 
119crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac 
120crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac 
121crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac 
122crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac 
123crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac 
124crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac 
125crypto ipsec security-association lifetime seconds 28800
126crypto ipsec security-association lifetime kilobytes 4608000
127crypto dynamic-map outside_dyn_map 1 set pfs 
128crypto dynamic-map outside_dyn_map 1 set transform-set ESP-AES-256-SHA
129crypto dynamic-map outside_dyn_map 1 set reverse-route
130crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
131crypto map outside_map interface outside
132crypto isakmp enable outside
133crypto isakmp policy 10
134 authentication pre-share
135 encryption aes-256
136 hash sha
137 group 2
138 lifetime 86400
139telnet timeout 5
140ssh 192.168.1.0 255.255.255.0 inside
141ssh 0.0.0.0 0.0.0.0 outside
142ssh timeout 5
143ssh version 2
144console timeout 0
145management-access inside
146dhcpd address 192.168.1.100-192.168.1.254 inside
147dhcpd dns 192.168.1.12 66.75.164.90 interface inside
148dhcpd enable inside
149!
150
151priority-queue inside
152priority-queue outside
153threat-detection basic-threat
154threat-detection statistics port
155threat-detection statistics protocol
156threat-detection statistics access-list
157threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
158webvpn
159group-policy DfltGrpPolicy attributes
160 vpn-tunnel-protocol IPSec webvpn
161group-policy thumbwar internal
162group-policy thumbwar attributes
163 wins-server none
164 dns-server value 192.168.1.64
165 split-tunnel-policy tunnelspecified
166 split-tunnel-network-list value thumbwar_splitTunnelAcl
167 split-dns value thumbwar.tv 
168username XXXXXXXX password XXXXXXXX encrypted privilege 15
169username XXXXXXXX password XXXXXXXX encrypted privilege 15
170username XXXXXXXX password XXXXXXXX encrypted privilege 15
171tunnel-group thumbwar type remote-access
172tunnel-group thumbwar general-attributes
173 address-pool VPNPool
174 default-group-policy thumbwar
175tunnel-group thumbwar ipsec-attributes
176 pre-shared-key XXXXXXX
177!
178class-map misc_UDP
179 match port udp eq 4569
180class-map SIP_Signaling
181 match port udp eq sip
182class-map misc_TCP
183 match port tcp eq 6600
184class-map RTP_voice_packets
185 match rtp 10000 10000
186class-map inspection_default
187 match default-inspection-traffic
188class-map misc_TCP2
189 match port tcp eq 5222
190!
191!
192policy-map type inspect dns preset_dns_map
193 parameters
194  message-length maximum 512
195policy-map global_policy
196 description VoIP Prioritization
197 class inspection_default
198  inspect dns preset_dns_map 
199  inspect ftp 
200  inspect h323 h225 
201  inspect h323 ras 
202  inspect netbios 
203  inspect rsh 
204  inspect rtsp 
205  inspect skinny  
206  inspect esmtp 
207  inspect sqlnet 
208  inspect sunrpc 
209  inspect tftp 
210  inspect sip  
211  inspect xdmcp 
212 class SIP_Signaling
213  priority
214 class RTP_voice_packets
215  priority
216 class misc_TCP
217  priority
218 class misc_TCP2
219  priority    
220 class misc_UDP
221  priority
222!
223service-policy global_policy global
224prompt hostname context 
225Cryptochecksum:106f4bc9f276afb3c0969112f2085d31
226: end