show run : Saved : ASA Version 8.2(5) ! hostname tarantula enable password qJ1HF8mYVfYvevtR encrypted passwd H30fDESZyWjGep0s encrypted names ! interface Ethernet0/0 nameif outside_mto security-level 0 ip address 206.55.85.210 255.255.255.240 ! interface Ethernet0/1 nameif inside security-level 100 ip address 172.18.0.253 255.255.240.0 ! interface Ethernet0/2 nameif dmz security-level 50 ip address 172.18.100.1 255.255.255.0 ! interface Ethernet0/3 speed 100 duplex full nameif telus security-level 0 ip address 207.134.161.98 255.255.255.248 ! interface Management0/0 nameif management security-level 100 ip address 192.168.1.1 255.255.255.0 management-only ! ! time-range Weekend_migrate absolute end 16:57 21 January 2008 ! boot system disk0:/asa825-k8.bin ftp mode passive clock timezone EST -5 clock summer-time EDT recurring same-security-traffic permit intra-interface object-group service svc_lan_to_wan_allowed service-object udp eq domain service-object tcp eq www service-object tcp eq ftp service-object tcp eq https service-object tcp eq 3389 object-group service web tcp description http and https access port-object eq www port-object eq https object-group service rdp tcp description Remote desktop port-object eq 3389 object-group icmp-type Valid-ICMP description Icmp types used for echo, traceroute and PMTU icmp-object echo-reply icmp-object time-exceeded icmp-object unreachable object-group protocol TCPUDP protocol-object udp protocol-object tcp object-group network RFC1918-subnets network-object 10.0.0.0 255.0.0.0 network-object 172.16.0.0 255.240.0.0 network-object 192.168.0.0 255.255.0.0 object-group service XMPP service-object tcp eq 5222 service-object tcp eq 5223 service-object tcp eq 5224 service-object tcp eq 5228 service-object tcp eq 5229 service-object tcp eq 5269 access-list outbound remark XMPP access-list outbound extended permit object-group XMPP any any access-list outbound extended permit ip host 172.18.5.218 any access-list outbound remark PBX access-list outbound extended permit ip host 172.18.0.50 any access-list outbound extended permit ip 172.16.0.0 255.255.240.0 10.50.50.0 255.255.255.0 access-list outbound extended permit ip 192.168.96.0 255.255.248.0 10.50.50.0 255.255.255.0 access-list outbound remark outbound access for Aktino servers access-list outbound extended permit ip 10.10.8.0 255.255.252.0 any access-list outbound remark allow access to CDMS PA Server Monitor access-list outbound extended permit tcp host 172.18.0.8 host 66.11.35.220 eq 81 access-list outbound remark Allow outbound access for git access-list outbound extended permit tcp 172.18.0.0 255.255.240.0 any eq 9418 access-list outbound remark outbound access to cpanel for hp117.hostpapa.com access-list outbound extended permit tcp 172.18.0.0 255.255.240.0 host 70.33.246.190 eq 2083 access-list outbound remark outbound smtp access-list outbound extended permit tcp 172.18.0.0 255.255.240.0 any eq 465 access-list outbound extended permit tcp 172.18.0.0 255.255.240.0 any eq 587 access-list outbound remark Allow outbound access from Jean-Francois Mailhots PC access-list outbound extended permit tcp host 172.18.5.160 any eq 8080 access-list outbound extended permit tcp host 172.18.5.160 any eq 6500 access-list outbound remark Allow access to www.positrontelecom.com cpanel access-list outbound extended permit tcp 172.18.0.0 255.255.240.0 host 198.1.127.130 eq 2082 access-list outbound extended permit tcp 172.18.0.0 255.255.240.0 host 70.33.246.190 eq 2082 access-list outbound extended permit tcp 172.18.0.0 255.255.240.0 host 174.120.118.187 eq 2082 access-list outbound remark Allow outbound NTP traffic access-list outbound extended permit udp host 172.18.1.253 any eq ntp access-list outbound extended permit udp host 172.18.0.10 any eq ntp access-list outbound extended permit udp host 172.18.0.8 any eq ntp access-list outbound extended permit udp 172.18.0.0 255.255.240.0 any eq ntp access-list outbound remark VPN tunnel tunnel access - all IP access-list outbound extended permit ip 172.18.0.0 255.255.0.0 10.40.0.0 255.255.0.0 access-list outbound remark Allow external WEB access access-list outbound extended permit tcp 172.18.0.0 255.255.240.0 any object-group web access-list outbound extended permit tcp 192.168.36.0 255.255.255.0 any eq www access-list outbound extended permit tcp 192.168.36.0 255.255.255.0 any eq https access-list outbound extended permit tcp 172.18.0.0 255.255.240.0 host 74.55.91.90 eq 2083 access-list outbound remark Allow email delivery from mail server access-list outbound extended permit tcp host 172.18.0.8 any eq smtp access-list outbound extended permit tcp host 172.18.0.10 any eq smtp access-list outbound remark Allow Telnet to outside access-list outbound extended permit tcp any any eq telnet access-list outbound remark Allow FTP to outside access-list outbound extended permit tcp 172.18.0.0 255.255.240.0 any eq ftp access-list outbound remark Ping allowed access-list outbound extended permit icmp any any echo access-list outbound remark Allow outbound VPN connections with NAT traversal access-list outbound extended permit udp any any eq 4500 access-list outbound extended permit udp any any eq isakmp access-list outbound remark Alllow all access to CDMS network during migration weekend access-list outbound extended permit ip any 64.254.232.224 255.255.255.224 time-range Weekend_migrate access-list outbound remark Allow DNS lookups access-list outbound extended permit object-group TCPUDP any any eq domain access-list outbound remark Allow RDP to DMZ access-list outbound extended permit tcp 172.18.0.0 255.255.240.0 172.18.100.0 255.255.255.0 object-group rdp access-list outbound remark Allow access from inside to remote VPN clients access-list outbound extended permit ip 172.18.0.0 255.255.240.0 172.19.2.0 255.255.255.224 access-list outbound extended permit ip 172.18.16.0 255.255.255.0 172.19.2.0 255.255.255.224 access-list outbound extended permit ip 192.168.96.0 255.255.248.0 172.18.99.0 255.255.255.0 access-list outbound extended permit ip 172.18.0.0 255.255.240.0 172.18.99.0 255.255.255.0 access-list outbound extended permit tcp 172.18.0.0 255.255.240.0 host 69.93.183.26 eq 2083 access-list outbound remark Allow external SSH access access-list outbound extended permit tcp any any eq ssh access-list outbound remark 20081103 HN INC34267 access-list outbound extended permit tcp any any eq pop3 access-list outbound remark Permit VNC access from inside to DMZ Server access-list outbound extended permit tcp 172.18.0.0 255.255.240.0 host 172.18.100.100 eq 5901 access-list outbound remark permit PPTP access to Aktino access-list outbound extended permit tcp 172.18.0.0 255.255.240.0 host 66.238.111.238 eq pptp access-list outbound extended permit gre 172.18.0.0 255.255.240.0 host 66.238.111.238 access-list outbound extended permit ip 192.168.36.0 255.255.255.0 10.50.50.0 255.255.255.0 access-list outbound extended permit ip 172.18.0.0 255.255.240.0 10.50.50.0 255.255.255.0 access-list outbound extended permit ip 172.18.0.0 255.255.240.0 192.168.201.0 255.255.255.0 access-list outbound extended permit ip 172.18.0.0 255.255.240.0 192.168.202.0 255.255.255.0 access-list outbound remark Permit outbound POP3 access-list outbound extended permit tcp 172.18.0.0 255.255.240.0 any eq pop3 access-list outbound extended permit tcp 172.18.0.0 255.255.240.0 any eq 995 access-list outbound remark Allow outbound smtp traffic on port 587 access-list outbound extended permit tcp host 172.18.1.100 any eq 587 access-list outbound remark BES access outbound access-list outbound extended permit tcp host 172.18.0.30 any eq 3101 access-list outbound remark allow Outbound AOL AIM access access-list outbound extended permit tcp 172.18.0.0 255.255.240.0 any eq aol access-list outbound remark permit outbound BlackBerry Server Traffic access-list outbound extended permit tcp host 172.18.0.20 any eq 3101 access-list outbound remark Permit outbound IMAP traffic access-list outbound extended permit tcp 172.18.0.0 255.255.240.0 any eq imap4 access-list outbound extended permit tcp 172.18.0.0 255.255.240.0 any eq 993 access-list outbound remark permit outbound access for UPS access-list outbound extended permit tcp host 172.18.5.192 any eq https access-list outbound extended permit tcp host 172.18.5.192 any eq 1024 access-list outbound remark Explicit deny access-list outbound extended deny ip any any log warnings access-list nonat remark Kirkland access-list nonat extended permit ip 172.18.0.0 255.255.240.0 10.40.0.0 255.255.0.0 access-list nonat remark Remote VPN clients access-list nonat extended permit ip 172.18.0.0 255.255.240.0 172.19.2.0 255.255.255.224 access-list nonat remark CDMS Trusted Network access-list nonat extended permit ip 172.18.0.0 255.255.240.0 192.168.205.0 255.255.255.0 access-list nonat extended permit ip 172.18.16.0 255.255.255.0 172.19.2.0 255.255.255.224 access-list nonat extended permit ip host 172.18.1.253 172.19.2.0 255.255.255.224 access-list nonat extended permit ip 172.18.0.0 255.255.240.0 172.18.99.0 255.255.255.0 access-list nonat extended permit ip 10.10.0.0 255.255.0.0 172.18.99.0 255.255.255.0 access-list nonat extended permit ip 172.18.0.0 255.255.240.0 192.168.201.0 255.255.255.0 access-list nonat extended permit ip 172.18.0.0 255.255.240.0 192.168.202.0 255.255.255.0 access-list nonat extended permit ip 192.168.37.0 255.255.255.0 172.18.99.0 255.255.255.0 access-list nonat extended permit ip 192.168.36.0 255.255.255.0 172.18.99.0 255.255.255.0 access-list nonat extended permit ip host 172.18.0.66 192.168.198.0 255.255.255.0 access-list nonat extended permit ip 172.18.0.0 255.255.240.0 10.50.50.0 255.255.255.0 access-list nonat extended permit ip 192.168.36.0 255.255.255.0 10.50.50.0 255.255.255.0 access-list nonat extended permit ip 10.50.50.0 255.255.255.0 172.18.99.0 255.255.255.0 access-list nonat extended permit ip 10.10.8.0 255.255.252.0 10.50.50.0 255.255.255.0 access-list nonat extended permit ip 172.16.0.0 255.255.240.0 10.50.50.0 255.255.255.0 access-list nonat extended permit ip 192.168.96.0 255.255.248.0 172.18.99.0 255.255.255.0 access-list nonat extended permit ip 192.168.96.0 255.255.248.0 10.50.50.0 255.255.255.0 access-list inbound remark IMAP access for Blackberry access-list inbound extended permit tcp any host 216.218.41.238 eq imap4 access-list inbound extended permit tcp any host 216.218.41.238 object-group web access-list inbound extended permit tcp any host 216.218.41.238 eq smtp access-list inbound remark Ping, Traceroute and PMTU replies access-list inbound extended permit icmp any any object-group Valid-ICMP access-list inbound remark allow web to DMZ host access-list inbound extended permit tcp any host 216.218.41.236 eq https access-list inbound extended permit tcp any host 216.218.41.236 eq www access-list inbound remark Explicit deny rule access-list inbound extended deny ip any any access-list remotevpn_splitTunnelAcl standard permit 172.18.0.0 255.255.240.0 access-list remotevpn_splitTunnelAcl standard permit 10.40.0.0 255.255.0.0 access-list remotevpn_splitTunnelAcl standard permit 10.10.0.0 255.255.0.0 access-list remotevpn_splitTunnelAcl standard permit 192.168.36.0 255.255.255.0 access-list remotevpn_splitTunnelAcl standard permit 192.168.37.0 255.255.255.0 access-list remotevpn_splitTunnelAcl standard permit 10.50.50.0 255.255.255.0 access-list remotevpn_splitTunnelAcl standard permit 192.168.96.0 255.255.248.0 access-list crypto_acl_50 extended permit ip 172.18.0.0 255.255.240.0 192.168.201.0 255.255.255.0 access-list crypto_acl_20 extended permit ip 172.18.0.0 255.255.240.0 192.168.205.0 255.255.255.0 access-list telusvpn_splitTunnelAcl standard permit 172.18.16.0 255.255.255.0 access-list telusvpn_splitTunnelAcl standard permit host 172.18.1.253 access-list mrpcap remark Capture for MRP system at Kirkland access-list mrpcap extended permit tcp any host 10.40.4.3 eq 1570 access-list mrpcap extended permit tcp host 10.40.4.3 eq 1570 any access-list pptpcap extended permit ip any host 66.238.111.238 access-list pptpcap extended permit ip host 66.238.111.238 any access-list crypto_acl_30 extended permit ip 172.18.0.0 255.255.240.0 10.50.50.0 255.255.255.0 access-list crypto_acl_30 extended permit ip 192.168.36.0 255.255.255.0 10.50.50.0 255.255.255.0 access-list crypto_acl_30 extended permit ip 10.10.8.0 255.255.252.0 10.50.50.0 255.255.255.0 access-list crypto_acl_30 extended permit ip 172.16.0.0 255.255.240.0 10.50.50.0 255.255.255.0 access-list crypto_acl_30 extended permit ip 192.168.96.0 255.255.248.0 10.50.50.0 255.255.255.0 access-list capcal remark Capture for Web server in California access-list capcal extended deny tcp any any eq 3389 access-list capcal extended permit ip host 172.18.0.11 any access-list capcal extended permit ip any host 172.18.0.11 access-list crypto_acl_40 extended permit ip 172.18.0.0 255.255.240.0 192.168.36.0 255.255.255.0 access-list MTLtoCAL202_filter extended permit ip 172.18.0.0 255.255.240.0 192.168.202.0 255.255.255.0 access-list MTLtoCAL202_filter extended deny ip any any access-list crypto_acl_60 extended permit ip 172.18.0.0 255.255.240.0 192.168.202.0 255.255.255.0 access-list dmz_in extended permit tcp host 172.18.100.100 host 172.18.0.10 eq smtp access-list dmz_in extended deny ip any object-group RFC1918-subnets access-list dmz_in extended permit ip any any access-list dmz_in extended deny ip any any access-list inbound_mto remark inbound access to FS2 access-list inbound_mto extended permit tcp any host 206.55.85.220 eq 65100 access-list inbound_mto extended permit tcp any host 206.55.85.220 eq www access-list inbound_mto remark inbound access to PBX access-list inbound_mto extended permit udp any host 206.55.85.221 eq sip access-list inbound_mto extended permit udp any host 206.55.85.221 range 10000 12000 access-list inbound_mto remark Positron Access ticketmaster access-list inbound_mto extended permit tcp any host 206.55.85.219 eq www access-list inbound_mto remark Positron Access Customer Portal access-list inbound_mto extended permit tcp any host 206.55.85.218 eq www access-list inbound_mto remark Califorina VPN traffic access-list inbound_mto extended permit ip 10.50.50.0 255.255.255.0 172.18.0.0 255.255.240.0 access-list inbound_mto extended permit ip 10.50.50.0 255.255.255.0 10.10.8.0 255.255.252.0 access-list inbound_mto extended permit ip 10.50.50.0 255.255.255.0 192.168.96.0 255.255.248.0 access-list inbound_mto extended permit ip 10.50.50.0 255.255.255.0 192.168.36.0 255.255.255.0 access-list inbound_mto remark Eminc VPN Access access-list inbound_mto extended permit ip 192.168.198.0 255.255.255.0 host 172.18.0.66 access-list inbound_mto extended permit tcp any host 206.55.85.215 eq 9040 access-list inbound_mto extended permit tcp any host 206.55.85.215 eq 9041 access-list inbound_mto extended permit tcp any host 206.55.85.215 eq 9042 access-list inbound_mto extended permit tcp any host 206.55.85.215 eq 9043 access-list inbound_mto extended permit tcp any host 206.55.85.215 eq 9044 access-list inbound_mto extended permit tcp any host 206.55.85.215 eq 8040 access-list inbound_mto extended permit tcp any host 206.55.85.215 eq 8041 access-list inbound_mto extended permit tcp any host 206.55.85.215 eq 8042 access-list inbound_mto extended permit tcp any host 206.55.85.215 eq 8043 access-list inbound_mto extended permit tcp any host 206.55.85.215 eq 8044 access-list inbound_mto remark Permitted VPN Traffic access-list inbound_mto extended permit ip 192.168.205.0 255.255.255.0 172.18.0.0 255.255.240.0 access-list inbound_mto extended permit ip 192.168.36.0 255.255.255.0 172.18.0.0 255.255.240.0 access-list inbound_mto extended permit ip 192.168.201.0 255.255.255.0 172.18.0.0 255.255.240.0 inactive access-list inbound_mto extended permit ip 192.168.202.0 255.255.255.0 172.18.0.0 255.255.240.0 inactive access-list inbound_mto extended permit ip 172.18.99.0 255.255.255.0 192.168.36.0 255.255.255.0 access-list inbound_mto extended permit ip 172.18.99.0 255.255.255.0 172.18.0.0 255.255.240.0 access-list inbound_mto extended permit ip 172.18.99.0 255.255.255.0 192.168.96.0 255.255.248.0 access-list inbound_mto extended permit ip 172.18.99.0 255.255.255.0 10.50.50.0 255.255.255.0 access-list inbound_mto extended permit tcp any host 206.55.85.213 eq https access-list inbound_mto remark IMAP access for Blackberry access-list inbound_mto extended permit tcp any host 206.55.85.211 eq imap4 access-list inbound_mto extended permit tcp any host 206.55.85.211 eq 993 access-list inbound_mto extended permit tcp any host 206.55.85.211 object-group web access-list inbound_mto extended permit tcp 64.254.232.224 255.255.255.224 host 206.55.85.211 eq smtp access-list inbound_mto extended permit tcp 208.81.64.0 255.255.248.0 host 206.55.85.211 eq smtp access-list inbound_mto extended permit tcp 208.65.144.0 255.255.248.0 host 206.55.85.211 eq smtp access-list inbound_mto remark Ping, Traceroute and PMTU replies access-list inbound_mto extended permit icmp any any object-group Valid-ICMP access-list inbound_mto remark OWA Access to POSIDC01 access-list inbound_mto remark allow web to DMZ host access-list inbound_mto extended permit tcp any host 206.55.85.212 eq https access-list inbound_mto remark Allow Enigma and SMT Laval http access to 206.55.85.214 access-list inbound_mto extended permit tcp host 74.13.243.26 host 206.55.85.214 eq www access-list inbound_mto extended permit tcp host 69.70.154.58 host 206.55.85.214 eq www access-list inbound_mto extended permit tcp any host 206.55.85.217 eq ftp access-list inbound_mto extended permit tcp any host 206.55.85.217 range 60000 60004 access-list inbound_mto remark Explicit deny rule access-list inbound_mto extended deny ip any any access-list nat_outbound extended permit ip 172.18.0.0 255.255.240.0 any access-list nat_outbound extended permit ip 192.168.36.0 255.255.255.0 any access-list eminc_splitTunnelAcl standard permit host 172.18.0.66 pager lines 24 logging enable logging timestamp logging monitor debugging logging buffered notifications logging trap notifications logging asdm notifications logging host inside 172.18.0.11 logging host inside 192.168.205.223 no logging message 106006 no logging message 106023 no logging message 106100 mtu outside_mto 1500 mtu inside 1500 mtu dmz 1500 mtu telus 1500 mtu management 1500 ip local pool vpnpool 172.19.2.10-172.19.2.20 mask 255.255.255.0 ip local pool vpnpool2 172.18.99.10-172.18.99.50 mask 255.255.255.0 ip local pool anyconnect 172.18.99.51-172.18.99.70 mask 255.255.255.0 ip local pool emincpool_new 192.168.198.10-192.168.198.15 mask 255.255.255.0 icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-713.bin no asdm history enable arp timeout 14400 nat-control global (outside_mto) 5 172.18.1.200-172.18.1.239 netmask 255.255.240.0 global (outside_mto) 1 interface nat (outside_mto) 5 172.18.99.0 255.255.255.0 nat (inside) 0 access-list nonat nat (inside) 1 access-list nat_outbound nat (inside) 1 172.18.0.0 255.255.240.0 nat (dmz) 1 192.168.10.0 255.255.255.0 static (inside,outside_mto) tcp 206.55.85.214 www 172.18.0.12 www netmask 255.255.255.255 static (inside,outside_mto) tcp 206.55.85.212 https 172.18.0.33 https netmask 255.255.255.255 static (inside,outside_mto) tcp 206.55.85.213 https 172.18.0.34 https netmask 255.255.255.255 static (inside,outside_mto) tcp 206.55.85.215 9040 172.18.0.40 9040 netmask 255.255.255.255 static (inside,outside_mto) tcp 206.55.85.215 9041 172.18.0.41 9041 netmask 255.255.255.255 static (inside,outside_mto) tcp 206.55.85.215 9042 172.18.0.42 9042 netmask 255.255.255.255 static (inside,outside_mto) tcp 206.55.85.215 9043 172.18.0.43 9043 netmask 255.255.255.255 static (inside,outside_mto) tcp 206.55.85.215 8040 172.18.0.40 8040 netmask 255.255.255.255 static (inside,outside_mto) tcp 206.55.85.215 8041 172.18.0.41 8041 netmask 255.255.255.255 static (inside,outside_mto) tcp 206.55.85.215 8042 172.18.0.42 8042 netmask 255.255.255.255 static (inside,outside_mto) tcp 206.55.85.215 8043 172.18.0.43 8043 netmask 255.255.255.255 static (inside,outside_mto) tcp 206.55.85.215 9044 172.18.0.44 9044 netmask 255.255.255.255 static (inside,outside_mto) tcp 206.55.85.215 8044 172.18.0.44 8044 netmask 255.255.255.255 static (inside,outside_mto) tcp 206.55.85.218 www 10.10.10.19 www netmask 255.255.255.255 dns static (inside,outside_mto) tcp 206.55.85.219 www 10.10.10.45 www netmask 255.255.255.255 dns static (inside,dmz) 172.18.0.0 172.18.0.0 netmask 255.255.240.0 static (inside,outside_mto) 206.55.85.217 172.18.0.20 netmask 255.255.255.255 static (inside,outside_mto) 206.55.85.211 172.18.0.8 netmask 255.255.255.255 static (inside,outside_mto) 206.55.85.221 172.18.0.50 netmask 255.255.255.255 static (inside,outside_mto) 206.55.85.220 172.18.0.67 netmask 255.255.255.255 access-group inbound_mto in interface outside_mto access-group outbound in interface inside access-group dmz_in in interface dmz route outside_mto 0.0.0.0 0.0.0.0 206.55.85.209 1 route inside 10.10.8.0 255.255.252.0 172.18.1.253 1 route outside_mto 64.254.232.246 255.255.255.255 206.55.85.209 1 route inside 172.18.16.0 255.255.240.0 172.18.1.253 1 route inside 192.168.36.0 255.255.255.0 172.18.0.24 1 route inside 192.168.96.0 255.255.248.0 172.18.1.253 1 timeout xlate 3:00:00 timeout conn 6:30:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 dynamic-access-policy-record DfltAccessPolicy aaa-server ias protocol radius reactivation-mode timed aaa-server ias (inside) host 172.18.0.8 key ***** aaa authentication ssh console LOCAL aaa authentication http console LOCAL http server enable 9443 http 64.254.232.224 255.255.255.224 outside_mto http 192.168.1.0 255.255.255.0 management http 172.18.0.0 255.255.240.0 inside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart no sysopt connection permit-vpn crypto ipsec transform-set trsf_set_1 esp-3des esp-md5-hmac crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec security-association lifetime seconds 28800 crypto ipsec security-association lifetime kilobytes 4608000 crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 crypto dynamic-map dynmap 100 set pfs crypto dynamic-map dynmap 100 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-3DES-SHA ESP-3DES-MD5 crypto dynamic-map dynmap2 100 set pfs crypto dynamic-map dynmap2 100 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-3DES-SHA ESP-3DES-MD5 crypto dynamic-map dynmap2 100 set reverse-route crypto map pwr_pti 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP crypto map outside_map 10 set peer 206.162.183.146 crypto map outside_map 10 set transform-set ESP-3DES-MD5 ESP-3DES-SHA crypto map outside_map 20 match address crypto_acl_20 crypto map outside_map 20 set peer 64.254.232.248 crypto map outside_map 20 set transform-set ESP-AES-128-SHA crypto map outside_map 65535 ipsec-isakmp dynamic dynmap crypto map mto_map 20 match address crypto_acl_20 crypto map mto_map 20 set peer 64.254.232.248 crypto map mto_map 20 set transform-set ESP-AES-128-SHA crypto map mto_map 30 match address crypto_acl_30 crypto map mto_map 30 set peer 108.80.74.166 crypto map mto_map 30 set transform-set ESP-AES-128-SHA crypto map mto_map 50 match address crypto_acl_50 crypto map mto_map 50 set pfs crypto map mto_map 50 set peer 69.239.83.34 crypto map mto_map 50 set transform-set ESP-3DES-MD5 ESP-3DES-SHA crypto map mto_map 65535 ipsec-isakmp dynamic dynmap2 crypto map mto_map interface outside_mto crypto ca trustpoint localtrust enrollment self fqdn sslvpn.positronaccess.ca subject-name CN=sslvpn.positronaccess.ca keypair sslvpnkeypair crl configure crypto ca certificate chain localtrust certificate 31 3082020c 30820175 a0030201 02020131 300d0609 2a864886 f70d0101 04050030 4c312130 1f060355 04031318 73736c76 706e2e70 6f736974 726f6e61 63636573 732e6361 31273025 06092a86 4886f70d 01090216 1873736c 76706e2e 706f7369 74726f6e 61636365 73732e63 61301e17 0d303931 31313331 35343634 395a170d 31393131 31313135 34363439 5a304c31 21301f06 03550403 13187373 6c76706e 2e706f73 6974726f 6e616363 6573732e 63613127 30250609 2a864886 f70d0109 02161873 736c7670 6e2e706f 73697472 6f6e6163 63657373 2e636130 819f300d 06092a86 4886f70d 01010105 0003818d 00308189 02818100 944bd0f0 5be259a4 ab480cd7 634a0845 0947463e 18d618c4 e8dcc655 9a067b3a 5e6204bf 1774611c 505f21e2 ef0fdda6 684f4cc0 2b9f1862 d2bda097 001aba53 558a217f bc3234e9 c1dac7e2 60ef15ed 2ba9e993 ca9e55c5 41903f4b f2724eab 0d5fd99b 9ff6adcd 8d84c629 dd6c18ac 08cd0963 5505772d 12e7d08a a3afb505 02030100 01300d06 092a8648 86f70d01 01040500 03818100 26c0ff66 367ac388 5a843084 b153bd14 f5c64a78 ad3da46c 96a57fe8 62409f7b 313dbfb6 8f2d7c39 b47c061c f901ff2e 510fa7d5 e6d68a56 1c9c7250 dc9c0669 1ffe2fd0 0bbcbe47 4fb5d054 6fe5ea31 593a3d18 145b40b8 ce38272b fc8023e6 c89c1d32 dcbf33eb d5d586a0 92e0857b 364b5b33 04cc9791 982615c3 238ae30a quit crypto isakmp enable outside_mto crypto isakmp policy 30 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 crypto isakmp policy 50 authentication pre-share encryption 3des hash md5 group 2 lifetime 86400 crypto isakmp policy 100 authentication pre-share encryption 3des hash md5 group 2 lifetime 28800 crypto isakmp nat-traversal 25 telnet timeout 5 ssh 64.254.232.224 255.255.255.224 outside_mto ssh 172.18.0.0 255.255.240.0 inside ssh 192.168.1.0 255.255.255.0 management ssh timeout 30 console timeout 0 management-access inside dhcpd address 172.18.100.100-172.18.100.110 dmz dhcpd enable dmz ! dhcpd address 192.168.1.2-192.168.1.254 management dhcpd enable management ! threat-detection basic-threat threat-detection statistics port threat-detection statistics protocol threat-detection statistics access-list no threat-detection statistics tcp-intercept ntp server 199.212.17.21 ntp server 199.212.17.22 ntp server 132.246.168.148 ntp server 209.87.233.53 ssl trust-point localtrust telus webvpn port 4000 enable outside_mto enable inside anyconnect-essentials svc image disk0:/anyconnect-macosx-i386-2.5.6005-k9.pkg 1 svc image disk0:/anyconnect-win-2.5.6005-k9.pkg 2 svc enable tunnel-group-list enable cache disable cache-static-content enable group-policy telusvpn internal group-policy telusvpn attributes vpn-tunnel-protocol IPSec split-tunnel-policy tunnelspecified split-tunnel-network-list value telusvpn_splitTunnelAcl group-policy DfltGrpPolicy attributes dns-server value 172.18.0.10 default-domain value positron.ca group-policy remotevpn internal group-policy remotevpn attributes vpn-tunnel-protocol IPSec split-tunnel-policy tunnelspecified split-tunnel-network-list value remotevpn_splitTunnelAcl group-policy eminc internal group-policy eminc attributes vpn-tunnel-protocol IPSec split-tunnel-policy tunnelspecified split-tunnel-network-list value eminc_splitTunnelAcl group-policy anyconnect internal group-policy anyconnect attributes dns-server value 172.18.0.10 vpn-tunnel-protocol svc split-tunnel-policy tunnelspecified split-tunnel-network-list value remotevpn_splitTunnelAcl default-domain value positron.ca address-pools value anyconnect username cdmsadmin password r1fEOl.0ABOQ0DBc encrypted privilege 0 username cdmsadmin attributes vpn-group-policy remotevpn username cdmscw password E06YXFMZ6GqLC9FT encrypted privilege 15 username cdmscattools password STKyo6r2inPLK761 encrypted privilege 15 username cdmstb password EeAxd01VuTvo2Wkq encrypted privilege 15 username silvio password iNKVlS6xHpxKogi1 encrypted privilege 0 username silvio attributes vpn-group-policy remotevpn username shaskill_eminc password Mns73JQe/qQoaZqX encrypted privilege 0 username shaskill_eminc attributes group-lock value eminc username cocong_eminc password XLik/iKUBPsMOqiw encrypted privilege 0 username cocong_eminc attributes group-lock value eminc username jfmailhot password GhT9b/yfp/bahZRh encrypted privilege 15 username npham password eQ/n5ppYZ.zJV1/P encrypted privilege 0 username npham attributes group-lock value eminc tunnel-group DefaultL2LGroup ipsec-attributes pre-shared-key ***** tunnel-group tun_1 type ipsec-l2l tunnel-group 206.162.183.146 type ipsec-l2l tunnel-group 206.162.183.146 ipsec-attributes pre-shared-key ***** tunnel-group remotevpn type remote-access tunnel-group remotevpn general-attributes address-pool vpnpool2 authentication-server-group ias LOCAL default-group-policy remotevpn tunnel-group remotevpn ipsec-attributes pre-shared-key ***** tunnel-group 64.254.232.248 type ipsec-l2l tunnel-group 64.254.232.248 ipsec-attributes pre-shared-key ***** tunnel-group cdmsvpn type remote-access tunnel-group cdmsvpn general-attributes address-pool vpnpool2 default-group-policy remotevpn tunnel-group cdmsvpn ipsec-attributes pre-shared-key ***** tunnel-group telusvpn type remote-access tunnel-group telusvpn general-attributes address-pool vpnpool default-group-policy telusvpn tunnel-group telusvpn ipsec-attributes pre-shared-key ***** tunnel-group 69.239.83.34 type ipsec-l2l tunnel-group 69.239.83.34 ipsec-attributes pre-shared-key ***** tunnel-group anyconnect type remote-access tunnel-group anyconnect general-attributes authentication-server-group ias LOCAL default-group-policy anyconnect tunnel-group anyconnect webvpn-attributes group-alias anyconnect enable tunnel-group 67.23.220.98 type ipsec-l2l tunnel-group 67.23.220.98 ipsec-attributes pre-shared-key ***** tunnel-group eminc type remote-access tunnel-group eminc general-attributes address-pool emincpool_new default-group-policy eminc tunnel-group eminc ipsec-attributes pre-shared-key ***** tunnel-group 108.80.74.166 type ipsec-l2l tunnel-group 108.80.74.166 ipsec-attributes pre-shared-key ***** ! class-map inspection_default match default-inspection-traffic class-map pptp-port match port tcp eq pptp ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect icmp inspect ip-options class pptp-port inspect pptp ! service-policy global_policy global prompt hostname context no call-home reporting anonymous call-home profile CiscoTAC-1 no active destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address email callhome@cisco.com destination transport-method http subscribe-to-alert-group diagnostic subscribe-to-alert-group environment subscribe-to-alert-group inventory periodic monthly subscribe-to-alert-group configuration periodic monthly subscribe-to-alert-group telemetry periodic daily Cryptochecksum:bb54038c15e0c8c614b40baf28e166c4 : end tarantula#