: Saved : ASA Version 8.2(5) ! hostname asa5510 names ! interface Ethernet0/0 nameif outside security-level 0 ip address 101.231.102.14 255.255.255.252 ! interface Ethernet0/1 nameif inside security-level 100 ip address 192.168.80.1 255.255.255.0 ! interface Ethernet0/2 shutdown no nameif no security-level no ip address ! interface Ethernet0/3 nameif aryaka security-level 100 ip address 192.0.2.11 255.255.255.248 ! interface Management0/0 nameif management security-level 100 ip address 192.168.1.1 255.255.255.0 management-only ! ftp mode passive same-security-traffic permit inter-interface same-security-traffic permit intra-interface access-list 1 standard permit any access-list Server extended permit tcp any interface outside eq ftp access-list Server extended permit tcp any interface outside eq www access-list Server extended permit tcp any any access-list Server extended permit ip any any access-list Server extended permit gre any any access-list Server extended permit udp any any access-list Server extended permit esp any any access-list Server extended permit tcp any interface outside eq 4000 access-list no-nat extended permit ip 192.168.80.0 255.255.255.0 192.168.70.0 255.255.255.0 access-list vpnclient_splitTunnelAcl standard permit 192.168.80.0 255.255.255.0 access-list outside extended permit tcp any any eq 4000 access-list outside extended permit ip 192.168.80.0 255.255.255.0 192.0.2.0 255.255.255.0 access-list outside extended permit ip 192.0.2.0 255.255.255.0 192.168.80.0 255.255.255.0 access-list outside extended permit tcp any any eq 2222 access-list outside extended permit tcp any host 192.0.2.9 eq ssh access-list aryaka extended permit ip any any access-list aryaka extended permit tcp any host 192.0.2.9 pager lines 24 logging asdm informational mtu outside 1500 mtu inside 1500 mtu aryaka 1500 mtu management 1500 ip local pool vpnpool 192.168.70.50-192.168.70.99 mask 255.255.255.0 icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-645.bin no asdm history enable arp timeout 14400 nat-control global (outside) 1 interface nat (inside) 0 access-list no-nat nat (inside) 1 0.0.0.0 0.0.0.0 nat (aryaka) 1 0.0.0.0 0.0.0.0 static (inside,outside) tcp interface ftp 192.168.80.10 ftp netmask 255.255.255.255 static (inside,outside) tcp interface www 192.168.80.10 www netmask 255.255.255.255 static (aryaka,outside) tcp interface 4000 192.0.2.9 ssh netmask 255.255.255.255 access-group outside in interface outside route outside 0.0.0.0 0.0.0.0 101.231.102.13 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 dynamic-access-policy-record DfltAccessPolicy aaa authentication ssh console LOCAL http server enable http 192.168.1.0 255.255.255.0 management http 0.0.0.0 0.0.0.0 inside http 0.0.0.0 0.0.0.0 outside http 0.0.0.0 0.0.0.0 management no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec transform-set vpnset esp-des esp-md5-hmac crypto ipsec security-association lifetime seconds 28800 crypto ipsec security-association lifetime kilobytes 4608000 crypto dynamic-map outside-dyn-map 10 set transform-set vpnset crypto dynamic-map outside-dyn-map 10 set security-association lifetime seconds 288000 crypto dynamic-map outside-dyn-map 10 set reverse-route crypto map outside-map 10 ipsec-isakmp dynamic outside-dyn-map crypto map outside-map interface outside crypto isakmp enable outside crypto isakmp policy 1 authentication pre-share encryption des hash md5 group 2 lifetime 43200 telnet 0.0.0.0 0.0.0.0 inside telnet timeout 5 ssh 0.0.0.0 0.0.0.0 outside ssh 0.0.0.0 0.0.0.0 inside ssh timeout 5 ssh version 1 console timeout 0 dhcpd dns 192.168.80.10 210.22.84.3 dhcpd lease 30000 ! dhcpd address 192.168.80.100-192.168.80.200 inside dhcpd enable inside ! dhcpd address 192.168.1.2-192.168.1.254 management dhcpd enable management ! threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept webvpn group-policy vpnclient internal group-policy vpnclient attributes dns-server value 210.22.80.3 vpn-tunnel-protocol IPSec split-tunnel-policy tunnelspecified split-tunnel-network-list value vpnclient_splitTunnelAcl default-domain value East-point.com tunnel-group vpnclient type remote-access tunnel-group vpnclient general-attributes address-pool vpnpool default-group-policy vpnclient tunnel-group vpnclient ipsec-attributes pre-shared-key ***** ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum client auto message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect ip-options ! service-policy global_policy global prompt hostname context no call-home reporting anonymous call-home profile CiscoTAC-1 no active destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address email callhome@cisco.com destination transport-method http subscribe-to-alert-group diagnostic subscribe-to-alert-group environment subscribe-to-alert-group inventory periodic monthly subscribe-to-alert-group configuration periodic monthly subscribe-to-alert-group telemetry periodic daily Cryptochecksum:0cab51b7fc8c03ebda612006c16009de