/gist:2416876

## gistfile1.txt
: Saved
:
ASA Version 8.4(2)
!
hostname DANS-FW
domain-name securesub.net
enable password **** encrypted
passwd **** encrypted
names
name 192.168.0.11 DAN_NIX
name 192.168.0.1 ASA_INSIDE
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan1
 description \\LAN Connection to Switch\\
 nameif inside
 security-level 100
 ip address ASA_INSIDE 255.255.255.0
!
interface Vlan2
 description //OUT TO FIOS///
 nameif outside
 security-level 0
 ip address dhcp setroute
!
ftp mode passive
dns domain-lookup inside
dns domain-lookup outside
dns server-group DefaultDNS
 name-server 192.168.0.25
 name-server 4.2.2.2
 domain-name securesub.net
same-security-traffic permit intra-interface
object network INSIDE_LAN
 subnet 192.168.0.0 255.255.255.0
object network CAFFEINATED-SSH
 host 192.168.0.22
object network ASA_INSIDE
 host 192.168.0.1
object network ASA-ASDM_SSLVPN
 host 192.168.0.1
object network AnyConnect_VPN_USERS
 description Anyconnet VPN Range
object network ANYCONNECT_VPN_USERS
object network ANYCONNECT_VPN_POOL
object network ANYCONNECT_VPN
 subnet 192.168.0.200 255.255.255.248
object network EXCHANGE_SMTP(SSL)
 host 192.168.0.4
object network Dans-Desktop
 host 192.168.0.10
object network EXCHANGE_OWA
 host 192.168.0.4
object network EXCHANGE_ACTIVESYNC
 host 192.168.0.4
object network EXCHANGE_IMAP
 host 192.168.0.4
object network EXCHANGE_SMTP
 host 192.168.0.4
object network ESX_5_SERVER
 host 192.168.0.5
 description ESX5 Server
object network MEDIA_2K8
 host 192.168.0.6
 description MEDIA SERVER
object network RRAS
 host 192.168.0.4
object network RDWeb_App
 host 192.168.0.4
object network RRAS_L2TP_IKE
 host 192.168.0.4
object network RRAS_L2TP_IPSEC
 host 192.168.0.4
object network VPN-POOL
 host 192.168.0.200
object network DD-WRT
 host 192.168.0.101
object network SWITCH
 host 192.168.0.2
object network ESX_MANAGEMENT
 host 192.168.0.3
object network WDTV
 host 192.168.0.7
object network FREENAS
 host 192.168.0.12
object network CANON_PRINTER
 host 192.168.0.26
object network NETWORK_OBJ_192.168.0.200_29
 subnet 192.168.0.200 255.255.255.248
object-group network obj-192.168.0.0
object-group service metasploit_range tcp
 port-object range 4444 4454
object-group protocol TCPUDP
 protocol-object udp
 protocol-object tcp
object-group network INTERNAL_ONLY_DEVICES
 network-object object CANON_PRINTER
 network-object object DD-WRT
 network-object object ESX_5_SERVER
 network-object object ESX_MANAGEMENT
 network-object object FREENAS
 network-object object SWITCH
 network-object object WDTV
access-list outside_access_in extended permit tcp any object CAFFEINATED-SSH eq ssh
access-list outside_access_in extended permit tcp any object ASA_INSIDE eq 8080
access-list inside_nat0_outbound extended permit ip 192.168.0.0 255.255.255.0 192.168.0.0 255.255.255.0
access-list PERMIT_IPV6 extended permit ip 192.168.0.0 255.255.255.0 object ANYCONNECT_VPN
access-list outside_access_in_1 extended permit ip any any
access-list outside_access_in_1 extended permit 41 any any
access-list inside_access_in_1 extended permit 41 any any
access-list inside_access_in_1 extended permit ip any any
access-list global_access extended permit icmp any any echo
access-list global_access extended permit icmp any any echo-reply
access-list global_access extended deny ip object-group INTERNAL_ONLY_DEVICES interface outside
access-list global_access extended permit ip 192.168.0.0 255.255.255.0 any
access-list global_access extended permit tcp any object MEDIA_2K8 eq 64620
access-list global_access extended permit tcp any object EXCHANGE_ACTIVESYNC eq www
access-list global_access extended permit tcp any object RDWeb_App eq 3389
access-list global_access extended permit tcp any object EXCHANGE_OWA eq https
access-list global_access extended permit tcp any object EXCHANGE_SMTP(SSL) eq 587
access-list global_access extended permit tcp any object CAFFEINATED-SSH eq ssh
access-list global_access extended permit tcp any object ASA-ASDM_SSLVPN eq www
access-list global_access extended permit tcp any object EXCHANGE_IMAP eq 993
access-list global_access extended permit tcp any object EXCHANGE_SMTP eq smtp
access-list global_access extended permit tcp any object RRAS eq pptp
access-list global_access extended permit gre any object RRAS
access-list BAH-PKI-LAB remark BAH-PKI-LAB ACCESS
access-list BAH-PKI-LAB standard permit 10.100.60.0 255.255.255.0
access-list BAH-PKI-LAB remark Vandyke WIFI
access-list BAH-PKI-LAB standard permit 192.168.5.0 255.255.255.0
access-list BAH-PKI-LAB remark PIX 501@Vandyke
access-list BAH-PKI-LAB standard permit 172.16.0.0 255.255.255.0
pager lines 24
logging enable
logging console notifications
logging monitor errors
logging buffered notifications
logging asdm notifications
logging from-address asa@coffee.no-ip.info
mtu inside 1500
mtu outside 1500
ip local pool VPN 192.168.0.200-192.168.0.205 mask 255.255.255.0
ipv6 access-list outside_access_ipv6_in permit icmp6 interface outside interface inside echo
ipv6 access-list outside_access_ipv6_in permit icmp6 interface outside interface inside echo-reply
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-641.bin
no asdm history enable
arp timeout 14400
nat (inside,outside) source static INSIDE_LAN INSIDE_LAN destination static ANYCONNECT_VPN ANYCONNECT_VPN
nat (inside,outside) source static any any destination static NETWORK_OBJ_192.168.0.200_29 NETWORK_OBJ_192.168.0.200_29
!
object network INSIDE_LAN
 nat (inside,outside) dynamic interface
object network CAFFEINATED-SSH
 nat (inside,outside) static interface service tcp ssh ssh
object network EXCHANGE_SMTP(SSL)
 nat (inside,outside) static interface service tcp 587 587
object network EXCHANGE_OWA
 nat (inside,outside) static interface service tcp https https
object network EXCHANGE_ACTIVESYNC
 nat (inside,outside) static interface service tcp www www
object network EXCHANGE_IMAP
 nat (inside,outside) static interface service tcp 993 993
object network EXCHANGE_SMTP
 nat (inside,outside) static interface service tcp smtp smtp
object network MEDIA_2K8
 nat (inside,outside) static interface service tcp 64620 64620
object network RRAS
 nat (inside,outside) static interface service tcp pptp pptp
object network RDWeb_App
 nat (inside,outside) static interface service tcp 3389 3389
!
nat (outside,outside) after-auto source dynamic VPN-POOL interface
access-group PERMIT_IPV6 in interface outside
access-group outside_access_ipv6_in in interface outside
access-group global_access global
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
http server enable 8080
http 0.0.0.0 0.0.0.0 outside
http 0.0.0.0 0.0.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev2 ipsec-proposal AES256
 protocol esp encryption aes-256
 protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
 protocol esp encryption aes-192
 protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
 protocol esp encryption aes
 protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
 protocol esp encryption 3des
 protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal DES
 protocol esp encryption des
 protocol esp integrity sha-1 md5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto ca trustpoint ASDM_TrustPoint0
 enrollment self
 fqdn DANS-FW
 subject-name CN=DANS-FW
 keypair sslvpnkey
 no client-types
 crl configure
crypto ca certificate chain ASDM_TrustPoint0
 certificate 184b464e
    308201cb 30820134 a0030201 02020418 4b464e30 0d06092a 864886f7 0d010104
    0500302a 3110300e 06035504 03130744 414e532d 46573116 30140609 2a864886
    f70d0109 02160744 414e532d 4657301e 170d3131 30383133 30393539 35325a17
    0d323130 38313030 39353935 325a302a 3110300e 06035504 03130744 414e532d
    46573116 30140609 2a864886 f70d0109 02160744 414e532d 46573081 9f300d06
    092a8648 86f70d01 01010500 03818d00 30818902 818100ae 53e7e59e add0bfc1
    10013a1f 9d15be8e 3f5c63dd fa0c4ff7 87b19e5d 2180d901 9a637859 9d275561
    c0f0a362 a6347ae8 593d3d40 1be35bd7 95534670 f25ed53f ee877752 28074c86
    fa5457dd f0db3518 fdfa0155 28422e37 1d4d8d6b 496f8b78 f3bc97d7 5a7e87b5
    73627862 57e6b22c 5fdf437f f388eeee 1aca4991 b2d7a702 03010001 300d0609
    2a864886 f70d0101 04050003 81810096 baa4e96e ba0991bb 65550537 777cf341
    74f7b17b 4a446fc0 11e0c9a7 b235b2a2 ad6749fa d43a2329 4cecd850 6d3000e5
    d41c5e0f a2a12efe b77d373e 51ed8c76 6d0fb7da 0b72d714 1b6692ee 7f3dcfb7
    43f70596 af7e1139 7f8725a0 18a64a69 a49122fa 6fc85c0e 3a3fb658 7146aa09
    93b731ea 047ab713 74de300f c68599
  quit
crypto ikev2 policy 1
 encryption aes-256
 integrity sha
 group 5
 prf sha
 lifetime seconds 86400
crypto ikev2 policy 10
 encryption aes-192
 integrity sha
 group 5
 prf sha
 lifetime seconds 86400
crypto ikev2 policy 20
 encryption aes
 integrity sha
 group 5
 prf sha
 lifetime seconds 86400
crypto ikev2 policy 30
 encryption 3des
 integrity sha
 group 5
 prf sha
 lifetime seconds 86400
crypto ikev2 policy 40
 encryption des
 integrity sha
 group 5
 prf sha
 lifetime seconds 86400
crypto ikev2 remote-access trustpoint ASDM_TrustPoint0
crypto ikev1 enable outside
crypto ikev1 policy 10
 authentication pre-share
 encryption des
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 30
 authentication pre-share
 encryption 3des
 hash md5
 group 2
 lifetime 86400
telnet timeout 5
ssh 192.168.0.0 255.255.255.0 inside
ssh timeout 60
console timeout 0

dhcpd auto_config outside
!
dhcpd dns 129.250.35.250 129.250.35.251 interface inside
!
threat-detection basic-threat
threat-detection statistics
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
ssl trust-point ASDM_TrustPoint0 inside
ssl trust-point ASDM_TrustPoint0 outside
webvpn
 port 8080
 enable outside
 anyconnect image disk0:/anyconnect-dart-win-2.5.0217-k9.pkg 1
 anyconnect profiles coffee_anyconnect_client_profile disk0:/coffee_anyconnect_client_profile.xml
 anyconnect enable
 tunnel-group-list enable
group-policy DefaultRAGroup internal
group-policy DfltGrpPolicy attributes
 vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-clientless
group-policy GroupPolicy_coffee_anyconnect internal
group-policy GroupPolicy_coffee_anyconnect attributes
 wins-server none
 dns-server value 192.168.0.25
 vpn-tunnel-protocol ikev2 ssl-client
 split-tunnel-policy excludespecified
 split-tunnel-network-list value BAH-PKI-LAB
 default-domain value securesub
 webvpn
  anyconnect ssl rekey time 30
  anyconnect ssl rekey method ssl
  anyconnect profiles value coffee_anyconnect_client_profile type user
group-policy securesub_evpn internal
group-policy securesub_evpn attributes
 dns-server value 192.168.0.25 4.2.2.2
 vpn-tunnel-protocol ikev1
 split-tunnel-policy excludespecified
 split-tunnel-network-list value BAH-PKI-LAB
 default-domain value securesub.net
group-policy coffee_clientless internal
group-policy coffee_clientless attributes
 vpn-tunnel-protocol ssl-clientless
 webvpn
  url-list value dans
  anyconnect ask none default anyconnect
username dano password **** encrypted privilege 15
tunnel-group coffee_anyconnect type remote-access
tunnel-group coffee_anyconnect general-attributes
 address-pool VPN
 default-group-policy GroupPolicy_coffee_anyconnect
tunnel-group coffee_anyconnect webvpn-attributes
 group-alias coffee_anyconnect disable
 group-alias securesub enable
tunnel-group coffee_clientless type remote-access
tunnel-group coffee_clientless general-attributes
 default-group-policy coffee_clientless
tunnel-group securesub_evpn type remote-access
tunnel-group securesub_evpn general-attributes
 address-pool VPN
 default-group-policy securesub_evpn
tunnel-group securesub_evpn ipsec-attributes
 ikev1 pre-shared-key *****
!
class-map global-class
 match default-inspection-traffic
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map FTPPOLICY
 class inspection_default
  inspect ftp
policy-map global-policy
 class global-class
  inspect esmtp
  inspect ipsec-pass-thru
!
service-policy global-policy global
prompt hostname context
no call-home reporting anonymous
call-home
 profile CiscoTAC-1
  no active
  destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
  destination address email callhome@cisco.com
  destination transport-method http
  subscribe-to-alert-group diagnostic
  subscribe-to-alert-group environment
  subscribe-to-alert-group inventory periodic monthly
  subscribe-to-alert-group configuration periodic monthly
  subscribe-to-alert-group telemetry periodic daily
hpm topN enable
Cryptochecksum:b3aa3e1365fd354977d72a3c67d1d8b8
: end
asdm image disk0:/asdm-641.bin
no asdm history enable
	: Saved
	:
	ASA Version 8.4(2)
	!
	hostname DANS-FW
	domain-name securesub.net
	enable password **** encrypted
	passwd **** encrypted
	names
	name 192.168.0.11 DAN_NIX
	name 192.168.0.1 ASA_INSIDE
	!
	interface Ethernet0/0
	switchport access vlan 2
	!
	interface Ethernet0/1
	!
	interface Ethernet0/2
	!
	interface Ethernet0/3
	!
	interface Ethernet0/4
	!
	interface Ethernet0/5
	!
	interface Ethernet0/6
	!
	interface Ethernet0/7
	!
	interface Vlan1
	description \\LAN Connection to Switch\\
	nameif inside
	security-level 100
	ip address ASA_INSIDE 255.255.255.0
	!
	interface Vlan2
	description //OUT TO FIOS///
	nameif outside
	security-level 0
	ip address dhcp setroute
	!
	ftp mode passive
	dns domain-lookup inside
	dns domain-lookup outside
	dns server-group DefaultDNS
	name-server 192.168.0.25
	name-server 4.2.2.2
	domain-name securesub.net
	same-security-traffic permit intra-interface
	object network INSIDE_LAN
	subnet 192.168.0.0 255.255.255.0
	object network CAFFEINATED-SSH
	host 192.168.0.22
	object network ASA_INSIDE
	host 192.168.0.1
	object network ASA-ASDM_SSLVPN
	host 192.168.0.1
	object network AnyConnect_VPN_USERS
	description Anyconnet VPN Range
	object network ANYCONNECT_VPN_USERS
	object network ANYCONNECT_VPN_POOL
	object network ANYCONNECT_VPN
	subnet 192.168.0.200 255.255.255.248
	object network EXCHANGE_SMTP(SSL)
	host 192.168.0.4
	object network Dans-Desktop
	host 192.168.0.10
	object network EXCHANGE_OWA
	host 192.168.0.4
	object network EXCHANGE_ACTIVESYNC
	host 192.168.0.4
	object network EXCHANGE_IMAP
	host 192.168.0.4
	object network EXCHANGE_SMTP
	host 192.168.0.4
	object network ESX_5_SERVER
	host 192.168.0.5
	description ESX5 Server
	object network MEDIA_2K8
	host 192.168.0.6
	description MEDIA SERVER
	object network RRAS
	host 192.168.0.4
	object network RDWeb_App
	host 192.168.0.4
	object network RRAS_L2TP_IKE
	host 192.168.0.4
	object network RRAS_L2TP_IPSEC
	host 192.168.0.4
	object network VPN-POOL
	host 192.168.0.200
	object network DD-WRT
	host 192.168.0.101
	object network SWITCH
	host 192.168.0.2
	object network ESX_MANAGEMENT
	host 192.168.0.3
	object network WDTV
	host 192.168.0.7
	object network FREENAS
	host 192.168.0.12
	object network CANON_PRINTER
	host 192.168.0.26
	object network NETWORK_OBJ_192.168.0.200_29
	subnet 192.168.0.200 255.255.255.248
	object-group network obj-192.168.0.0
	object-group service metasploit_range tcp
	port-object range 4444 4454
	object-group protocol TCPUDP
	protocol-object udp
	protocol-object tcp
	object-group network INTERNAL_ONLY_DEVICES
	network-object object CANON_PRINTER
	network-object object DD-WRT
	network-object object ESX_5_SERVER
	network-object object ESX_MANAGEMENT
	network-object object FREENAS
	network-object object SWITCH
	network-object object WDTV
	access-list outside_access_in extended permit tcp any object CAFFEINATED-SSH eq ssh
	access-list outside_access_in extended permit tcp any object ASA_INSIDE eq 8080
	access-list inside_nat0_outbound extended permit ip 192.168.0.0 255.255.255.0 192.168.0.0 255.255.255.0
	access-list PERMIT_IPV6 extended permit ip 192.168.0.0 255.255.255.0 object ANYCONNECT_VPN
	access-list outside_access_in_1 extended permit ip any any
	access-list outside_access_in_1 extended permit 41 any any
	access-list inside_access_in_1 extended permit 41 any any
	access-list inside_access_in_1 extended permit ip any any
	access-list global_access extended permit icmp any any echo
	access-list global_access extended permit icmp any any echo-reply
	access-list global_access extended deny ip object-group INTERNAL_ONLY_DEVICES interface outside
	access-list global_access extended permit ip 192.168.0.0 255.255.255.0 any
	access-list global_access extended permit tcp any object MEDIA_2K8 eq 64620
	access-list global_access extended permit tcp any object EXCHANGE_ACTIVESYNC eq www
	access-list global_access extended permit tcp any object RDWeb_App eq 3389
	access-list global_access extended permit tcp any object EXCHANGE_OWA eq https
	access-list global_access extended permit tcp any object EXCHANGE_SMTP(SSL) eq 587
	access-list global_access extended permit tcp any object CAFFEINATED-SSH eq ssh
	access-list global_access extended permit tcp any object ASA-ASDM_SSLVPN eq www
	access-list global_access extended permit tcp any object EXCHANGE_IMAP eq 993
	access-list global_access extended permit tcp any object EXCHANGE_SMTP eq smtp
	access-list global_access extended permit tcp any object RRAS eq pptp
	access-list global_access extended permit gre any object RRAS
	access-list BAH-PKI-LAB remark BAH-PKI-LAB ACCESS
	access-list BAH-PKI-LAB standard permit 10.100.60.0 255.255.255.0
	access-list BAH-PKI-LAB remark Vandyke WIFI
	access-list BAH-PKI-LAB standard permit 192.168.5.0 255.255.255.0
	access-list BAH-PKI-LAB remark PIX 501@Vandyke
	access-list BAH-PKI-LAB standard permit 172.16.0.0 255.255.255.0
	pager lines 24
	logging enable
	logging console notifications
	logging monitor errors
	logging buffered notifications
	logging asdm notifications
	logging from-address asa@coffee.no-ip.info
	mtu inside 1500
	mtu outside 1500
	ip local pool VPN 192.168.0.200-192.168.0.205 mask 255.255.255.0
	ipv6 access-list outside_access_ipv6_in permit icmp6 interface outside interface inside echo
	ipv6 access-list outside_access_ipv6_in permit icmp6 interface outside interface inside echo-reply
	icmp unreachable rate-limit 1 burst-size 1
	asdm image disk0:/asdm-641.bin
	no asdm history enable
	arp timeout 14400
	nat (inside,outside) source static INSIDE_LAN INSIDE_LAN destination static ANYCONNECT_VPN ANYCONNECT_VPN
	nat (inside,outside) source static any any destination static NETWORK_OBJ_192.168.0.200_29 NETWORK_OBJ_192.168.0.200_29
	!
	object network INSIDE_LAN
	nat (inside,outside) dynamic interface
	object network CAFFEINATED-SSH
	nat (inside,outside) static interface service tcp ssh ssh
	object network EXCHANGE_SMTP(SSL)
	nat (inside,outside) static interface service tcp 587 587
	object network EXCHANGE_OWA
	nat (inside,outside) static interface service tcp https https
	object network EXCHANGE_ACTIVESYNC
	nat (inside,outside) static interface service tcp www www
	object network EXCHANGE_IMAP
	nat (inside,outside) static interface service tcp 993 993
	object network EXCHANGE_SMTP
	nat (inside,outside) static interface service tcp smtp smtp
	object network MEDIA_2K8
	nat (inside,outside) static interface service tcp 64620 64620
	object network RRAS
	nat (inside,outside) static interface service tcp pptp pptp
	object network RDWeb_App
	nat (inside,outside) static interface service tcp 3389 3389
	!
	nat (outside,outside) after-auto source dynamic VPN-POOL interface
	access-group PERMIT_IPV6 in interface outside
	access-group outside_access_ipv6_in in interface outside
	access-group global_access global
	timeout xlate 3:00:00
	timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
	timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
	timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
	timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
	timeout tcp-proxy-reassembly 0:01:00
	timeout floating-conn 0:00:00
	dynamic-access-policy-record DfltAccessPolicy
	user-identity default-domain LOCAL
	aaa authentication ssh console LOCAL
	http server enable 8080
	http 0.0.0.0 0.0.0.0 outside
	http 0.0.0.0 0.0.0.0 inside
	no snmp-server location
	no snmp-server contact
	snmp-server enable traps snmp authentication linkup linkdown coldstart
	crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
	crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
	crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
	crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
	crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
	crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
	crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
	crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
	crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
	crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
	crypto ipsec ikev2 ipsec-proposal AES256
	protocol esp encryption aes-256
	protocol esp integrity sha-1 md5
	crypto ipsec ikev2 ipsec-proposal AES192
	protocol esp encryption aes-192
	protocol esp integrity sha-1 md5
	crypto ipsec ikev2 ipsec-proposal AES
	protocol esp encryption aes
	protocol esp integrity sha-1 md5
	crypto ipsec ikev2 ipsec-proposal 3DES
	protocol esp encryption 3des
	protocol esp integrity sha-1 md5
	crypto ipsec ikev2 ipsec-proposal DES
	protocol esp encryption des
	protocol esp integrity sha-1 md5
	crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
	crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
	crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
	crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
	crypto map outside_map interface outside
	crypto ca trustpoint ASDM_TrustPoint0
	enrollment self
	fqdn DANS-FW
	subject-name CN=DANS-FW
	keypair sslvpnkey
	no client-types
	crl configure
	crypto ca certificate chain ASDM_TrustPoint0
	certificate 184b464e
	308201cb 30820134 a0030201 02020418 4b464e30 0d06092a 864886f7 0d010104
	0500302a 3110300e 06035504 03130744 414e532d 46573116 30140609 2a864886
	f70d0109 02160744 414e532d 4657301e 170d3131 30383133 30393539 35325a17
	0d323130 38313030 39353935 325a302a 3110300e 06035504 03130744 414e532d
	46573116 30140609 2a864886 f70d0109 02160744 414e532d 46573081 9f300d06
	092a8648 86f70d01 01010500 03818d00 30818902 818100ae 53e7e59e add0bfc1
	10013a1f 9d15be8e 3f5c63dd fa0c4ff7 87b19e5d 2180d901 9a637859 9d275561
	c0f0a362 a6347ae8 593d3d40 1be35bd7 95534670 f25ed53f ee877752 28074c86
	fa5457dd f0db3518 fdfa0155 28422e37 1d4d8d6b 496f8b78 f3bc97d7 5a7e87b5
	73627862 57e6b22c 5fdf437f f388eeee 1aca4991 b2d7a702 03010001 300d0609
	2a864886 f70d0101 04050003 81810096 baa4e96e ba0991bb 65550537 777cf341
	74f7b17b 4a446fc0 11e0c9a7 b235b2a2 ad6749fa d43a2329 4cecd850 6d3000e5
	d41c5e0f a2a12efe b77d373e 51ed8c76 6d0fb7da 0b72d714 1b6692ee 7f3dcfb7
	43f70596 af7e1139 7f8725a0 18a64a69 a49122fa 6fc85c0e 3a3fb658 7146aa09
	93b731ea 047ab713 74de300f c68599
	quit
	crypto ikev2 policy 1
	encryption aes-256
	integrity sha
	group 5
	prf sha
	lifetime seconds 86400
	crypto ikev2 policy 10
	encryption aes-192
	integrity sha
	group 5
	prf sha
	lifetime seconds 86400
	crypto ikev2 policy 20
	encryption aes
	integrity sha
	group 5
	prf sha
	lifetime seconds 86400
	crypto ikev2 policy 30
	encryption 3des
	integrity sha
	group 5
	prf sha
	lifetime seconds 86400
	crypto ikev2 policy 40
	encryption des
	integrity sha
	group 5
	prf sha
	lifetime seconds 86400
	crypto ikev2 remote-access trustpoint ASDM_TrustPoint0
	crypto ikev1 enable outside
	crypto ikev1 policy 10
	authentication pre-share
	encryption des
	hash sha
	group 2
	lifetime 86400
	crypto ikev1 policy 30
	authentication pre-share
	encryption 3des
	hash md5
	group 2
	lifetime 86400
	telnet timeout 5
	ssh 192.168.0.0 255.255.255.0 inside
	ssh timeout 60
	console timeout 0

	dhcpd auto_config outside
	!
	dhcpd dns 129.250.35.250 129.250.35.251 interface inside
	!
	threat-detection basic-threat
	threat-detection statistics
	threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
	ssl trust-point ASDM_TrustPoint0 inside
	ssl trust-point ASDM_TrustPoint0 outside
	webvpn
	port 8080
	enable outside
	anyconnect image disk0:/anyconnect-dart-win-2.5.0217-k9.pkg 1
	anyconnect profiles coffee_anyconnect_client_profile disk0:/coffee_anyconnect_client_profile.xml
	anyconnect enable
	tunnel-group-list enable
	group-policy DefaultRAGroup internal
	group-policy DfltGrpPolicy attributes
	vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-clientless
	group-policy GroupPolicy_coffee_anyconnect internal
	group-policy GroupPolicy_coffee_anyconnect attributes
	wins-server none
	dns-server value 192.168.0.25
	vpn-tunnel-protocol ikev2 ssl-client
	split-tunnel-policy excludespecified
	split-tunnel-network-list value BAH-PKI-LAB
	default-domain value securesub
	webvpn
	anyconnect ssl rekey time 30
	anyconnect ssl rekey method ssl
	anyconnect profiles value coffee_anyconnect_client_profile type user
	group-policy securesub_evpn internal
	group-policy securesub_evpn attributes
	dns-server value 192.168.0.25 4.2.2.2
	vpn-tunnel-protocol ikev1
	split-tunnel-policy excludespecified
	split-tunnel-network-list value BAH-PKI-LAB
	default-domain value securesub.net
	group-policy coffee_clientless internal
	group-policy coffee_clientless attributes
	vpn-tunnel-protocol ssl-clientless
	webvpn
	url-list value dans
	anyconnect ask none default anyconnect
	username dano password **** encrypted privilege 15
	tunnel-group coffee_anyconnect type remote-access
	tunnel-group coffee_anyconnect general-attributes
	address-pool VPN
	default-group-policy GroupPolicy_coffee_anyconnect
	tunnel-group coffee_anyconnect webvpn-attributes
	group-alias coffee_anyconnect disable
	group-alias securesub enable
	tunnel-group coffee_clientless type remote-access
	tunnel-group coffee_clientless general-attributes
	default-group-policy coffee_clientless
	tunnel-group securesub_evpn type remote-access
	tunnel-group securesub_evpn general-attributes
	address-pool VPN
	default-group-policy securesub_evpn
	tunnel-group securesub_evpn ipsec-attributes
	ikev1 pre-shared-key *****
	!
	class-map global-class
	match default-inspection-traffic
	class-map inspection_default
	match default-inspection-traffic
	!
	!
	policy-map type inspect dns preset_dns_map
	parameters
	message-length maximum 512
	policy-map FTPPOLICY
	class inspection_default
	inspect ftp
	policy-map global-policy
	class global-class
	inspect esmtp
	inspect ipsec-pass-thru
	!
	service-policy global-policy global
	prompt hostname context
	no call-home reporting anonymous
	call-home
	profile CiscoTAC-1
	no active
	destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
	destination address email callhome@cisco.com
	destination transport-method http
	subscribe-to-alert-group diagnostic
	subscribe-to-alert-group environment
	subscribe-to-alert-group inventory periodic monthly
	subscribe-to-alert-group configuration periodic monthly
	subscribe-to-alert-group telemetry periodic daily
	hpm topN enable
	Cryptochecksum:b3aa3e1365fd354977d72a3c67d1d8b8
	: end
	asdm image disk0:/asdm-641.bin
	no asdm history enable