/gist:3276764

## gistfile1.txt
: Saved
:
ASA Version 8.4(4)1
!
hostname asa
domain-name securesub.net
enable password XXX encrypted
passwd XXX encrypted
names
name 192.168.0.11 DAN_NIX
name 192.168.0.1 ASA_INSIDE
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
 switchport monitor Ethernet0/0
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan1
 description \\LAN Connection to Switch\\
 nameif inside
 security-level 100
 ip address ASA_INSIDE 255.255.255.0
!
interface Vlan2
 description //OUT TO FIOS///
 nameif outside
 security-level 0
 ip address dhcp setroute
!
boot system disk0:/asa844-1-k8.bin
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns domain-lookup inside
dns domain-lookup outside
dns server-group DefaultDNS
 name-server 192.168.0.25
 name-server 4.2.2.2
 domain-name securesub.net
same-security-traffic permit intra-interface
object network INSIDE_LAN
 subnet 192.168.0.0 255.255.255.0
object network CAFFEINATED-SSH
 host 192.168.0.22
object network ASA_INSIDE
 host 192.168.0.1
object network ASA-ASDM_SSLVPN
 host 192.168.0.1
object network AnyConnect_VPN_USERS
 description Anyconnet VPN Range
object network ANYCONNECT_VPN_USERS
object network ANYCONNECT_VPN_POOL
object network ANYCONNECT_VPN
 subnet 192.168.0.200 255.255.255.248
object network EXCHANGE_SMTP(SSL)
 host 192.168.0.4
object network Dans-Desktop
 host 192.168.0.10
object network EXCHANGE_OWA
 host 192.168.0.4
object network EXCHANGE_ACTIVESYNC
 host 192.168.0.4
object network EXCHANGE_IMAP
 host 192.168.0.4
object network EXCHANGE_SMTP
 host 192.168.0.4
object network ESX_5_SERVER
 host 192.168.0.5
 description ESX5 Server
object network DansDesktop
 host 192.168.0.10
 description DansDesktop
object network RRAS
 host 192.168.0.4
object network RDWeb_App
 host 192.168.0.4
object network RRAS_L2TP_IKE
 host 192.168.0.4
object network RRAS_L2TP_IPSEC
 host 192.168.0.4
object network VPN-POOL
 host 192.168.0.200
object network DD-WRT
 host 192.168.0.101
object network SWITCH
 host 192.168.0.2
object network ESX_MANAGEMENT
 host 192.168.0.3
object network WDTV
 host 192.168.0.7
object network FREENAS
 host 192.168.0.12
object network CANON_PRINTER
 host 192.168.0.26
object network Ventrilo_tcp
 host 192.168.0.6
 description Ventrilo Server
object network ventrilo_udp
 host 192.168.0.6
object network Vent_data_tcp
 host 192.168.0.6
object network vent_data_udp
 host 192.168.0.6
object network US.LOGON.BATTLE.NET
 host 12.129.206.130
 description Ysera
object network YSERA
 host 199.107.6.199
object network IIS_OWA
 host 192.168.0.4
object service https
 service tcp source eq https destination eq https
object network Minecraft
 host 192.168.0.22
object network Media-Server
 host 192.168.0.6
object service 6in4
 service 41
object network ipv6_remote_endpoint
 host 216.66.22.2
object network ipv6_local_endpoint
 host 192.168.0.25
object network DNS_lookup
 host 192.168.0.25
object network DNS_transfer
 host 192.168.0.25
object-group network obj-192.168.0.0
object-group service metasploit_range tcp
 port-object range 4444 4454
object-group protocol TCPUDP
 protocol-object udp
 protocol-object tcp
object-group network INTERNAL_ONLY_DEVICES
 network-object object CANON_PRINTER
 network-object object DD-WRT
 network-object object ESX_5_SERVER
 network-object object ESX_MANAGEMENT
 network-object object FREENAS
 network-object object SWITCH
 network-object object WDTV
object-group service Vent tcp-udp
 port-object eq 6011
 port-object eq 3784
object-group service World_of_Warcraft tcp
 port-object eq 3724
 port-object eq 6112
 port-object range 6881 6999
object-group network Ventrilo
 network-object object Vent_data_tcp
 network-object object vent_data_udp
 network-object object Ventrilo_tcp
 network-object object ventrilo_udp
object-group service Battlenet_login tcp
 port-object eq 1119
object-group service irc_ports tcp
 port-object eq 8001
object-group service minecraft tcp
 port-object eq 25565
object-group service Vent_3784 tcp
 port-object eq 3784
object-group service Vent_3784_udp udp
 port-object eq 3784
access-list outside_access_in extended permit tcp any object CAFFEINATED-SSH eq ssh
access-list outside_access_in extended permit tcp any object ASA_INSIDE eq 8080
access-list inside_nat0_outbound extended permit ip 192.168.0.0 255.255.255.0 192.168.0.0 255.255.255.0
access-list ALLOWED_FROM_OUTSIDE extended permit ip 192.168.0.0 255.255.255.0 object ANYCONNECT_VPN
access-list ALLOWED_FROM_OUTSIDE extended permit object-group TCPUDP any object CAFFEINATED-SSH object-group Vent log emergencies
access-list ALLOWED_FROM_OUTSIDE extended permit tcp any object DansDesktop eq 64620
access-list ALLOWED_FROM_OUTSIDE extended permit tcp any object EXCHANGE_ACTIVESYNC eq www
access-list ALLOWED_FROM_OUTSIDE extended permit tcp any object RDWeb_App eq 3389
access-list ALLOWED_FROM_OUTSIDE extended permit tcp any object EXCHANGE_OWA eq https
access-list ALLOWED_FROM_OUTSIDE extended permit tcp any object EXCHANGE_SMTP(SSL) eq 587
access-list ALLOWED_FROM_OUTSIDE extended permit tcp any object CAFFEINATED-SSH eq ssh
access-list ALLOWED_FROM_OUTSIDE extended permit tcp any object ASA-ASDM_SSLVPN eq www
access-list ALLOWED_FROM_OUTSIDE extended permit tcp any object EXCHANGE_IMAP eq 993
access-list ALLOWED_FROM_OUTSIDE extended permit tcp any object EXCHANGE_SMTP eq smtp
access-list ALLOWED_FROM_OUTSIDE extended permit tcp any object RRAS eq pptp
access-list ALLOWED_FROM_OUTSIDE extended permit gre any object RRAS
access-list outside_access_in_1 extended permit ip any any
access-list outside_access_in_1 extended permit 41 any any
access-list inside_access_in_1 extended permit 41 any any
access-list inside_access_in_1 extended permit ip any any
access-list global_access extended permit icmp any any echo
access-list global_access extended permit icmp any any echo-reply
access-list global_access extended permit tcp any object US.LOGON.BATTLE.NET object-group Battlenet_login log emergencies
access-list global_access extended permit tcp any any object-group World_of_Warcraft log emergencies
access-list global_access extended permit tcp any any eq 8001 log emergencies
access-list global_access extended deny tcp any any eq finger
access-list global_access extended deny ip object-group INTERNAL_ONLY_DEVICES interface outside
access-list global_access extended permit ip 192.168.0.0 255.255.255.0 any
access-list global_access extended permit tcp any object Dans-Desktop eq 64620
access-list global_access extended permit object-group TCPUDP any object DNS_lookup eq domain
access-list global_access extended permit tcp any object Media-Server eq 64621
access-list global_access extended permit tcp any object EXCHANGE_ACTIVESYNC eq www
access-list global_access extended permit tcp any object RDWeb_App eq 3389
access-list global_access extended permit tcp any object EXCHANGE_SMTP(SSL) eq 587
access-list global_access extended permit tcp any object CAFFEINATED-SSH eq ssh
access-list global_access extended permit tcp any object ASA-ASDM_SSLVPN eq www
access-list global_access extended permit tcp any object EXCHANGE_IMAP eq 993
access-list global_access extended permit tcp any object EXCHANGE_SMTP eq smtp
access-list global_access extended permit tcp any object RRAS eq pptp
access-list global_access extended permit gre any object RRAS
access-list global_access extended permit tcp any object EXCHANGE_OWA eq https
access-list global_access extended permit tcp any object Minecraft object-group minecraft
access-list global_access extended permit tcp any object Vent_data_tcp object-group Vent_3784
access-list global_access extended permit udp any object vent_data_udp object-group Vent_3784_udp
access-list BAH-PKI-LAB remark BAH-PKI-LAB ACCESS
access-list BAH-PKI-LAB standard permit 10.100.60.0 255.255.255.0
access-list BAH-PKI-LAB remark Vandyke WIFI
access-list BAH-PKI-LAB standard permit 192.168.5.0 255.255.255.0
access-list BAH-PKI-LAB remark BAH-PKI-LAB ACCESS
access-list BAH-PKI-LAB remark Vandyke WIFI
access-list inside_access_in extended permit ip any any
access-list irc extended permit tcp any any eq 8001 log emergencies interval 1
access-list irc extended permit tcp object CAFFEINATED-SSH any object-group irc_ports log debugging interval 10
access-list ipv6tunnel extended permit object 6in4 object ipv6_remote_endpoint object ipv6_local_endpoint
pager lines 24
logging enable
logging emblem
logging console emergencies
logging monitor emergencies
logging buffered emergencies
logging trap emergencies
logging history emergencies
logging asdm emergencies
logging mail emergencies
logging from-address asa@coffee.no-ip.info
logging host inside 192.168.0.22 format emblem
logging message 101001 level emergencies
mtu inside 1500
mtu outside 1500
ip local pool VPN 192.168.0.200-192.168.0.205 mask 255.255.255.0
ipv6 local pool SecuresubIPV6 2001:470:8:1044::100/64 10
ipv6 access-list outside_access_ipv6_in permit icmp6 interface outside interface inside echo
ipv6 access-list outside_access_ipv6_in permit icmp6 interface outside interface inside echo-reply
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-649-103.bin
no asdm history enable
arp timeout 14400
nat (inside,outside) source static INSIDE_LAN INSIDE_LAN destination static ANYCONNECT_VPN ANYCONNECT_VPN
nat (inside,outside) source static ipv6_local_endpoint interface destination static ipv6_remote_endpoint ipv6_remote_endpoint
!
object network INSIDE_LAN
 nat (inside,outside) dynamic interface
object network CAFFEINATED-SSH
 nat (inside,outside) static interface service tcp ssh ssh
object network EXCHANGE_SMTP(SSL)
 nat (inside,outside) static interface service tcp 587 587
object network EXCHANGE_OWA
 nat (inside,outside) static interface service tcp https https
object network EXCHANGE_ACTIVESYNC
 nat (inside,outside) static interface service tcp www www
object network EXCHANGE_IMAP
 nat (inside,outside) static interface service tcp 993 993
object network EXCHANGE_SMTP
 nat (inside,outside) static interface service tcp smtp smtp
object network DansDesktop
 nat (inside,outside) static interface service tcp 64620 64620
object network RRAS
 nat (inside,outside) static interface service tcp pptp pptp
object network RDWeb_App
 nat (inside,outside) static interface service tcp 3389 3389
object network Ventrilo_tcp
 nat (any,outside) static interface service tcp 3784 3784
object network ventrilo_udp
 nat (any,outside) static interface service udp 3784 3784
object network Vent_data_tcp
 nat (any,outside) static interface service tcp 6011 6011
object network vent_data_udp
 nat (any,outside) static interface service udp 6011 6011
object network IIS_OWA
 nat (any,outside) static interface service tcp https https
object network Minecraft
 nat (any,outside) static interface service tcp 25565 25565
object network Media-Server
 nat (any,outside) static interface service tcp 64621 64621
object network DNS_lookup
 nat (any,outside) static interface service tcp domain domain
object network DNS_transfer
 nat (any,outside) static interface service udp domain domain
!
nat (outside,outside) after-auto source dynamic ANYCONNECT_VPN interface
access-group ipv6tunnel in interface outside
access-group outside_access_ipv6_in in interface outside
access-group global_access global
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
http server enable 8080
http server idle-timeout 10
http 0.0.0.0 0.0.0.0 inside
http 0.0.0.0 0.0.0.0 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec ikev2 ipsec-proposal AES256
 protocol esp encryption aes-256
 protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
 protocol esp encryption aes-192
 protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
 protocol esp encryption aes
 protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
 protocol esp encryption 3des
 protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal DES
 protocol esp encryption des
 protocol esp integrity sha-1 md5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto ca trustpoint ASDM_TrustPoint1
 enrollment terminal
 crl configure
crypto ca trustpoint securesub
 revocation-check ocsp
 keypair securesub
 ocsp url http://192.168.0.22:3502
 crl configure
crypto ca certificate chain ASDM_TrustPoint1
 certificate ca XXXXX
  quit
crypto ca certificate chain securesub
 certificate XXXXX
  quit
crypto ikev2 policy 1
 encryption aes-256
 integrity sha
 group 5
 prf sha
 lifetime seconds 86400
crypto ikev2 policy 10
 encryption aes-192
 integrity sha
 group 5
 prf sha
 lifetime seconds 86400
crypto ikev2 policy 20
 encryption aes
 integrity sha
 group 5
 prf sha
 lifetime seconds 86400
crypto ikev2 policy 30
 encryption 3des
 integrity sha
 group 5
 prf sha
 lifetime seconds 86400
crypto ikev2 policy 40
 encryption des
 integrity sha
 group 5
 prf sha
 lifetime seconds 86400
crypto ikev2 remote-access trustpoint securesub
crypto ikev1 policy 10
 authentication pre-share
 encryption des
 hash sha
 group 2
 lifetime 86400
telnet timeout 5
ssh 192.168.0.0 255.255.255.0 inside
ssh timeout 60
ssh key-exchange group dh-group1-sha1
console timeout 0
management-access inside

dhcpd auto_config outside
!
dhcpd dns 129.250.35.250 129.250.35.251 interface inside
!
threat-detection basic-threat
threat-detection statistics
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
ssl trust-point securesub outside
ssl trust-point securesub inside
webvpn
 port 8080
 enable outside
 anyconnect-essentials
 anyconnect image disk0:/anyconnect-win-3.0.5080-k9.pkg 1
 anyconnect profiles coffee_anyconnect_client_profile disk0:/coffee_anyconnect_client_profile.xml
 anyconnect enable
 tunnel-group-list enable
group-policy DefaultRAGroup internal
group-policy DfltGrpPolicy attributes
 vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-clientless
group-policy GroupPolicy_coffee_anyconnect internal
group-policy GroupPolicy_coffee_anyconnect attributes
 wins-server none
 dns-server value 192.168.0.25 4.2.2.2
 vpn-tunnel-protocol ikev2 ssl-client
 split-tunnel-policy excludespecified
 split-tunnel-network-list value BAH-PKI-LAB
 default-domain value securesub
 webvpn
  anyconnect keep-installer installed
  anyconnect ssl rekey time 30
  anyconnect ssl rekey method ssl
  anyconnect profiles value coffee_anyconnect_client_profile type user
  anyconnect ask enable default anyconnect timeout 5
group-policy coffee_clientless internal
group-policy coffee_clientless attributes
 vpn-tunnel-protocol ssl-clientless
 webvpn
  url-list value dans
  anyconnect ask none default anyconnect
 service-type remote-access
username dano password XXXXXX encrypted privilege 15
tunnel-group coffee_anyconnect type remote-access
tunnel-group coffee_anyconnect general-attributes
 address-pool VPN
 ipv6-address-pool SecuresubIPV6
 default-group-policy GroupPolicy_coffee_anyconnect
tunnel-group coffee_anyconnect webvpn-attributes
 authentication aaa certificate
 group-alias coffee_anyconnect disable
 group-alias securesub enable
tunnel-group coffee_clientless type remote-access
tunnel-group coffee_clientless general-attributes
 default-group-policy coffee_clientless
!
class-map global-class
 match default-inspection-traffic
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map FTPPOLICY
 class inspection_default
  inspect ftp
policy-map global-policy
 class global-class
  inspect esmtp
  inspect ipsec-pass-thru
!
service-policy global-policy global
prompt hostname context
no call-home reporting anonymous
call-home
 profile CiscoTAC-1
  no active
  destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
  destination address email callhome@cisco.com
  destination transport-method http
  subscribe-to-alert-group diagnostic
  subscribe-to-alert-group environment
  subscribe-to-alert-group inventory periodic monthly
  subscribe-to-alert-group configuration periodic monthly
  subscribe-to-alert-group telemetry periodic daily
hpm topN enable
Cryptochecksum:a92a6de1278b17f8c59b7af2be9e525e
: end
asdm image disk0:/asdm-649-103.bin
no asdm history enable
	: Saved
	:
	ASA Version 8.4(4)1
	!
	hostname asa
	domain-name securesub.net
	enable password XXX encrypted
	passwd XXX encrypted
	names
	name 192.168.0.11 DAN_NIX
	name 192.168.0.1 ASA_INSIDE
	!
	interface Ethernet0/0
	switchport access vlan 2
	!
	interface Ethernet0/1
	!
	interface Ethernet0/2
	!
	interface Ethernet0/3
	!
	interface Ethernet0/4
	!
	interface Ethernet0/5
	switchport monitor Ethernet0/0
	!
	interface Ethernet0/6
	!
	interface Ethernet0/7
	!
	interface Vlan1
	description \\LAN Connection to Switch\\
	nameif inside
	security-level 100
	ip address ASA_INSIDE 255.255.255.0
	!
	interface Vlan2
	description //OUT TO FIOS///
	nameif outside
	security-level 0
	ip address dhcp setroute
	!
	boot system disk0:/asa844-1-k8.bin
	ftp mode passive
	clock timezone EST -5
	clock summer-time EDT recurring
	dns domain-lookup inside
	dns domain-lookup outside
	dns server-group DefaultDNS
	name-server 192.168.0.25
	name-server 4.2.2.2
	domain-name securesub.net
	same-security-traffic permit intra-interface
	object network INSIDE_LAN
	subnet 192.168.0.0 255.255.255.0
	object network CAFFEINATED-SSH
	host 192.168.0.22
	object network ASA_INSIDE
	host 192.168.0.1
	object network ASA-ASDM_SSLVPN
	host 192.168.0.1
	object network AnyConnect_VPN_USERS
	description Anyconnet VPN Range
	object network ANYCONNECT_VPN_USERS
	object network ANYCONNECT_VPN_POOL
	object network ANYCONNECT_VPN
	subnet 192.168.0.200 255.255.255.248
	object network EXCHANGE_SMTP(SSL)
	host 192.168.0.4
	object network Dans-Desktop
	host 192.168.0.10
	object network EXCHANGE_OWA
	host 192.168.0.4
	object network EXCHANGE_ACTIVESYNC
	host 192.168.0.4
	object network EXCHANGE_IMAP
	host 192.168.0.4
	object network EXCHANGE_SMTP
	host 192.168.0.4
	object network ESX_5_SERVER
	host 192.168.0.5
	description ESX5 Server
	object network DansDesktop
	host 192.168.0.10
	description DansDesktop
	object network RRAS
	host 192.168.0.4
	object network RDWeb_App
	host 192.168.0.4
	object network RRAS_L2TP_IKE
	host 192.168.0.4
	object network RRAS_L2TP_IPSEC
	host 192.168.0.4
	object network VPN-POOL
	host 192.168.0.200
	object network DD-WRT
	host 192.168.0.101
	object network SWITCH
	host 192.168.0.2
	object network ESX_MANAGEMENT
	host 192.168.0.3
	object network WDTV
	host 192.168.0.7
	object network FREENAS
	host 192.168.0.12
	object network CANON_PRINTER
	host 192.168.0.26
	object network Ventrilo_tcp
	host 192.168.0.6
	description Ventrilo Server
	object network ventrilo_udp
	host 192.168.0.6
	object network Vent_data_tcp
	host 192.168.0.6
	object network vent_data_udp
	host 192.168.0.6
	object network US.LOGON.BATTLE.NET
	host 12.129.206.130
	description Ysera
	object network YSERA
	host 199.107.6.199
	object network IIS_OWA
	host 192.168.0.4
	object service https
	service tcp source eq https destination eq https
	object network Minecraft
	host 192.168.0.22
	object network Media-Server
	host 192.168.0.6
	object service 6in4
	service 41
	object network ipv6_remote_endpoint
	host 216.66.22.2
	object network ipv6_local_endpoint
	host 192.168.0.25
	object network DNS_lookup
	host 192.168.0.25
	object network DNS_transfer
	host 192.168.0.25
	object-group network obj-192.168.0.0
	object-group service metasploit_range tcp
	port-object range 4444 4454
	object-group protocol TCPUDP
	protocol-object udp
	protocol-object tcp
	object-group network INTERNAL_ONLY_DEVICES
	network-object object CANON_PRINTER
	network-object object DD-WRT
	network-object object ESX_5_SERVER
	network-object object ESX_MANAGEMENT
	network-object object FREENAS
	network-object object SWITCH
	network-object object WDTV
	object-group service Vent tcp-udp
	port-object eq 6011
	port-object eq 3784
	object-group service World_of_Warcraft tcp
	port-object eq 3724
	port-object eq 6112
	port-object range 6881 6999
	object-group network Ventrilo
	network-object object Vent_data_tcp
	network-object object vent_data_udp
	network-object object Ventrilo_tcp
	network-object object ventrilo_udp
	object-group service Battlenet_login tcp
	port-object eq 1119
	object-group service irc_ports tcp
	port-object eq 8001
	object-group service minecraft tcp
	port-object eq 25565
	object-group service Vent_3784 tcp
	port-object eq 3784
	object-group service Vent_3784_udp udp
	port-object eq 3784
	access-list outside_access_in extended permit tcp any object CAFFEINATED-SSH eq ssh
	access-list outside_access_in extended permit tcp any object ASA_INSIDE eq 8080
	access-list inside_nat0_outbound extended permit ip 192.168.0.0 255.255.255.0 192.168.0.0 255.255.255.0
	access-list ALLOWED_FROM_OUTSIDE extended permit ip 192.168.0.0 255.255.255.0 object ANYCONNECT_VPN
	access-list ALLOWED_FROM_OUTSIDE extended permit object-group TCPUDP any object CAFFEINATED-SSH object-group Vent log emergencies
	access-list ALLOWED_FROM_OUTSIDE extended permit tcp any object DansDesktop eq 64620
	access-list ALLOWED_FROM_OUTSIDE extended permit tcp any object EXCHANGE_ACTIVESYNC eq www
	access-list ALLOWED_FROM_OUTSIDE extended permit tcp any object RDWeb_App eq 3389
	access-list ALLOWED_FROM_OUTSIDE extended permit tcp any object EXCHANGE_OWA eq https
	access-list ALLOWED_FROM_OUTSIDE extended permit tcp any object EXCHANGE_SMTP(SSL) eq 587
	access-list ALLOWED_FROM_OUTSIDE extended permit tcp any object CAFFEINATED-SSH eq ssh
	access-list ALLOWED_FROM_OUTSIDE extended permit tcp any object ASA-ASDM_SSLVPN eq www
	access-list ALLOWED_FROM_OUTSIDE extended permit tcp any object EXCHANGE_IMAP eq 993
	access-list ALLOWED_FROM_OUTSIDE extended permit tcp any object EXCHANGE_SMTP eq smtp
	access-list ALLOWED_FROM_OUTSIDE extended permit tcp any object RRAS eq pptp
	access-list ALLOWED_FROM_OUTSIDE extended permit gre any object RRAS
	access-list outside_access_in_1 extended permit ip any any
	access-list outside_access_in_1 extended permit 41 any any
	access-list inside_access_in_1 extended permit 41 any any
	access-list inside_access_in_1 extended permit ip any any
	access-list global_access extended permit icmp any any echo
	access-list global_access extended permit icmp any any echo-reply
	access-list global_access extended permit tcp any object US.LOGON.BATTLE.NET object-group Battlenet_login log emergencies
	access-list global_access extended permit tcp any any object-group World_of_Warcraft log emergencies
	access-list global_access extended permit tcp any any eq 8001 log emergencies
	access-list global_access extended deny tcp any any eq finger
	access-list global_access extended deny ip object-group INTERNAL_ONLY_DEVICES interface outside
	access-list global_access extended permit ip 192.168.0.0 255.255.255.0 any
	access-list global_access extended permit tcp any object Dans-Desktop eq 64620
	access-list global_access extended permit object-group TCPUDP any object DNS_lookup eq domain
	access-list global_access extended permit tcp any object Media-Server eq 64621
	access-list global_access extended permit tcp any object EXCHANGE_ACTIVESYNC eq www
	access-list global_access extended permit tcp any object RDWeb_App eq 3389
	access-list global_access extended permit tcp any object EXCHANGE_SMTP(SSL) eq 587
	access-list global_access extended permit tcp any object CAFFEINATED-SSH eq ssh
	access-list global_access extended permit tcp any object ASA-ASDM_SSLVPN eq www
	access-list global_access extended permit tcp any object EXCHANGE_IMAP eq 993
	access-list global_access extended permit tcp any object EXCHANGE_SMTP eq smtp
	access-list global_access extended permit tcp any object RRAS eq pptp
	access-list global_access extended permit gre any object RRAS
	access-list global_access extended permit tcp any object EXCHANGE_OWA eq https
	access-list global_access extended permit tcp any object Minecraft object-group minecraft
	access-list global_access extended permit tcp any object Vent_data_tcp object-group Vent_3784
	access-list global_access extended permit udp any object vent_data_udp object-group Vent_3784_udp
	access-list BAH-PKI-LAB remark BAH-PKI-LAB ACCESS
	access-list BAH-PKI-LAB standard permit 10.100.60.0 255.255.255.0
	access-list BAH-PKI-LAB remark Vandyke WIFI
	access-list BAH-PKI-LAB standard permit 192.168.5.0 255.255.255.0
	access-list BAH-PKI-LAB remark BAH-PKI-LAB ACCESS
	access-list BAH-PKI-LAB remark Vandyke WIFI
	access-list inside_access_in extended permit ip any any
	access-list irc extended permit tcp any any eq 8001 log emergencies interval 1
	access-list irc extended permit tcp object CAFFEINATED-SSH any object-group irc_ports log debugging interval 10
	access-list ipv6tunnel extended permit object 6in4 object ipv6_remote_endpoint object ipv6_local_endpoint
	pager lines 24
	logging enable
	logging emblem
	logging console emergencies
	logging monitor emergencies
	logging buffered emergencies
	logging trap emergencies
	logging history emergencies
	logging asdm emergencies
	logging mail emergencies
	logging from-address asa@coffee.no-ip.info
	logging host inside 192.168.0.22 format emblem
	logging message 101001 level emergencies
	mtu inside 1500
	mtu outside 1500
	ip local pool VPN 192.168.0.200-192.168.0.205 mask 255.255.255.0
	ipv6 local pool SecuresubIPV6 2001:470:8:1044::100/64 10
	ipv6 access-list outside_access_ipv6_in permit icmp6 interface outside interface inside echo
	ipv6 access-list outside_access_ipv6_in permit icmp6 interface outside interface inside echo-reply
	no failover
	icmp unreachable rate-limit 1 burst-size 1
	asdm image disk0:/asdm-649-103.bin
	no asdm history enable
	arp timeout 14400
	nat (inside,outside) source static INSIDE_LAN INSIDE_LAN destination static ANYCONNECT_VPN ANYCONNECT_VPN
	nat (inside,outside) source static ipv6_local_endpoint interface destination static ipv6_remote_endpoint ipv6_remote_endpoint
	!
	object network INSIDE_LAN
	nat (inside,outside) dynamic interface
	object network CAFFEINATED-SSH
	nat (inside,outside) static interface service tcp ssh ssh
	object network EXCHANGE_SMTP(SSL)
	nat (inside,outside) static interface service tcp 587 587
	object network EXCHANGE_OWA
	nat (inside,outside) static interface service tcp https https
	object network EXCHANGE_ACTIVESYNC
	nat (inside,outside) static interface service tcp www www
	object network EXCHANGE_IMAP
	nat (inside,outside) static interface service tcp 993 993
	object network EXCHANGE_SMTP
	nat (inside,outside) static interface service tcp smtp smtp
	object network DansDesktop
	nat (inside,outside) static interface service tcp 64620 64620
	object network RRAS
	nat (inside,outside) static interface service tcp pptp pptp
	object network RDWeb_App
	nat (inside,outside) static interface service tcp 3389 3389
	object network Ventrilo_tcp
	nat (any,outside) static interface service tcp 3784 3784
	object network ventrilo_udp
	nat (any,outside) static interface service udp 3784 3784
	object network Vent_data_tcp
	nat (any,outside) static interface service tcp 6011 6011
	object network vent_data_udp
	nat (any,outside) static interface service udp 6011 6011
	object network IIS_OWA
	nat (any,outside) static interface service tcp https https
	object network Minecraft
	nat (any,outside) static interface service tcp 25565 25565
	object network Media-Server
	nat (any,outside) static interface service tcp 64621 64621
	object network DNS_lookup
	nat (any,outside) static interface service tcp domain domain
	object network DNS_transfer
	nat (any,outside) static interface service udp domain domain
	!
	nat (outside,outside) after-auto source dynamic ANYCONNECT_VPN interface
	access-group ipv6tunnel in interface outside
	access-group outside_access_ipv6_in in interface outside
	access-group global_access global
	timeout xlate 3:00:00
	timeout pat-xlate 0:00:30
	timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
	timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
	timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
	timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
	timeout tcp-proxy-reassembly 0:01:00
	timeout floating-conn 0:00:00
	dynamic-access-policy-record DfltAccessPolicy
	user-identity default-domain LOCAL
	aaa authentication ssh console LOCAL
	http server enable 8080
	http server idle-timeout 10
	http 0.0.0.0 0.0.0.0 inside
	http 0.0.0.0 0.0.0.0 outside
	no snmp-server location
	no snmp-server contact
	snmp-server enable traps snmp authentication linkup linkdown coldstart
	crypto ipsec ikev2 ipsec-proposal AES256
	protocol esp encryption aes-256
	protocol esp integrity sha-1 md5
	crypto ipsec ikev2 ipsec-proposal AES192
	protocol esp encryption aes-192
	protocol esp integrity sha-1 md5
	crypto ipsec ikev2 ipsec-proposal AES
	protocol esp encryption aes
	protocol esp integrity sha-1 md5
	crypto ipsec ikev2 ipsec-proposal 3DES
	protocol esp encryption 3des
	protocol esp integrity sha-1 md5
	crypto ipsec ikev2 ipsec-proposal DES
	protocol esp encryption des
	protocol esp integrity sha-1 md5
	crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
	crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
	crypto map outside_map interface outside
	crypto ca trustpoint ASDM_TrustPoint1
	enrollment terminal
	crl configure
	crypto ca trustpoint securesub
	revocation-check ocsp
	keypair securesub
	ocsp url http://192.168.0.22:3502
	crl configure
	crypto ca certificate chain ASDM_TrustPoint1
	certificate ca XXXXX
	quit
	crypto ca certificate chain securesub
	certificate XXXXX
	quit
	crypto ikev2 policy 1
	encryption aes-256
	integrity sha
	group 5
	prf sha
	lifetime seconds 86400
	crypto ikev2 policy 10
	encryption aes-192
	integrity sha
	group 5
	prf sha
	lifetime seconds 86400
	crypto ikev2 policy 20
	encryption aes
	integrity sha
	group 5
	prf sha
	lifetime seconds 86400
	crypto ikev2 policy 30
	encryption 3des
	integrity sha
	group 5
	prf sha
	lifetime seconds 86400
	crypto ikev2 policy 40
	encryption des
	integrity sha
	group 5
	prf sha
	lifetime seconds 86400
	crypto ikev2 remote-access trustpoint securesub
	crypto ikev1 policy 10
	authentication pre-share
	encryption des
	hash sha
	group 2
	lifetime 86400
	telnet timeout 5
	ssh 192.168.0.0 255.255.255.0 inside
	ssh timeout 60
	ssh key-exchange group dh-group1-sha1
	console timeout 0
	management-access inside

	dhcpd auto_config outside
	!
	dhcpd dns 129.250.35.250 129.250.35.251 interface inside
	!
	threat-detection basic-threat
	threat-detection statistics
	threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
	ssl trust-point securesub outside
	ssl trust-point securesub inside
	webvpn
	port 8080
	enable outside
	anyconnect-essentials
	anyconnect image disk0:/anyconnect-win-3.0.5080-k9.pkg 1
	anyconnect profiles coffee_anyconnect_client_profile disk0:/coffee_anyconnect_client_profile.xml
	anyconnect enable
	tunnel-group-list enable
	group-policy DefaultRAGroup internal
	group-policy DfltGrpPolicy attributes
	vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-clientless
	group-policy GroupPolicy_coffee_anyconnect internal
	group-policy GroupPolicy_coffee_anyconnect attributes
	wins-server none
	dns-server value 192.168.0.25 4.2.2.2
	vpn-tunnel-protocol ikev2 ssl-client
	split-tunnel-policy excludespecified
	split-tunnel-network-list value BAH-PKI-LAB
	default-domain value securesub
	webvpn
	anyconnect keep-installer installed
	anyconnect ssl rekey time 30
	anyconnect ssl rekey method ssl
	anyconnect profiles value coffee_anyconnect_client_profile type user
	anyconnect ask enable default anyconnect timeout 5
	group-policy coffee_clientless internal
	group-policy coffee_clientless attributes
	vpn-tunnel-protocol ssl-clientless
	webvpn
	url-list value dans
	anyconnect ask none default anyconnect
	service-type remote-access
	username dano password XXXXXX encrypted privilege 15
	tunnel-group coffee_anyconnect type remote-access
	tunnel-group coffee_anyconnect general-attributes
	address-pool VPN
	ipv6-address-pool SecuresubIPV6
	default-group-policy GroupPolicy_coffee_anyconnect
	tunnel-group coffee_anyconnect webvpn-attributes
	authentication aaa certificate
	group-alias coffee_anyconnect disable
	group-alias securesub enable
	tunnel-group coffee_clientless type remote-access
	tunnel-group coffee_clientless general-attributes
	default-group-policy coffee_clientless
	!
	class-map global-class
	match default-inspection-traffic
	class-map inspection_default
	match default-inspection-traffic
	!
	!
	policy-map type inspect dns preset_dns_map
	parameters
	message-length maximum 512
	policy-map FTPPOLICY
	class inspection_default
	inspect ftp
	policy-map global-policy
	class global-class
	inspect esmtp
	inspect ipsec-pass-thru
	!
	service-policy global-policy global
	prompt hostname context
	no call-home reporting anonymous
	call-home
	profile CiscoTAC-1
	no active
	destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
	destination address email callhome@cisco.com
	destination transport-method http
	subscribe-to-alert-group diagnostic
	subscribe-to-alert-group environment
	subscribe-to-alert-group inventory periodic monthly
	subscribe-to-alert-group configuration periodic monthly
	subscribe-to-alert-group telemetry periodic daily
	hpm topN enable
	Cryptochecksum:a92a6de1278b17f8c59b7af2be9e525e
	: end
	asdm image disk0:/asdm-649-103.bin
	no asdm history enable