interface Ethernet0/0 nameif outside security-level 0 ip address 222.255.128.130 255.255.255.248 ospf cost 10 ! interface Ethernet0/1 nameif inside security-level 100 ip address 168.241.14.10 255.255.255.0 ospf cost 10 ! interface Ethernet0/2 nameif inside2 security-level 100 ip address 168.241.15.10 255.255.255.0 ospf cost 10 ! interface Ethernet0/3 shutdown no nameif no security-level no ip address ! interface Management0/0 shutdown no nameif no security-level no ip address ! passwd 2KFQnbNIdI.2KYOU encrypted ftp mode passive clock timezone ICT 7 dns server-group DefaultDNS domain-name cisco.com same-security-traffic permit inter-interface same-security-traffic permit intra-interface object-group network remote-site network-object 168.241.0.0 255.255.128.0 network-object 168.241.128.0 255.255.192.0 network-object 168.241.192.0 255.255.224.0 object-group network vpn-group network-object 192.168.2.0 255.255.255.0 object-group network US_networks network-object 168.241.0.0 255.255.128.0 network-object 168.241.128.0 255.255.192.0 network-object 168.241.192.0 255.255.224.0 object-group network 168.241.0.0 network-object 168.241.14.0 255.255.255.0 network-object 168.241.15.0 255.255.255.0 object-group protocol TCPUDP protocol-object udp protocol-object tcp object-group network DM_INLINE_NETWORK_3 network-object 168.241.14.0 255.255.255.0 network-object 168.241.15.0 255.255.255.0 object-group network Dey_Cut description AllowInternet network-object 168.241.15.144 255.255.255.240 network-object 168.241.15.160 255.255.255.224 network-object 168.241.15.192 255.255.255.192 object-group network InternetAccess description Allow network-object 63.251.168.0 255.255.255.0 network-object host 199.81.216.50 network-object host 203.113.131.69 network-object host 209.197.110.206 network-object host 203.212.189.253 network-object 60.254.131.0 255.255.255.0 network-object host 202.151.162.130 network-object host 203.162.1.145 network-object host 222.255.120.5 network-object host 199.41.238.47 object-group protocol DM_INLINE_PROTOCOL_1 protocol-object udp protocol-object tcp object-group protocol DM_INLINE_PROTOCOL_2 protocol-object udp protocol-object tcp object-group protocol DM_INLINE_PROTOCOL_3 protocol-object udp protocol-object tcp object-group protocol DM_INLINE_PROTOCOL_4 protocol-object udp protocol-object tcp object-group protocol DM_INLINE_PROTOCOL_5 protocol-object udp protocol-object tcp access-list outside_access_in extended permit ip any any access-list outside_access_in extended permit ip any host NATed-TEST-PC inactive access-list outside_cryptomap extended permit ip object-group DM_INLINE_NETWORK_3 object-group remote-site access-list inside_nat0_outbound extended permit ip 168.241.14.0 255.255.255.0 object-group US_networks access-list inside_nat0_outbound extended permit ip 168.241.14.0 255.255.255.0 object-group vpn-group access-list sccgroup_splitTunnelAcl standard permit 168.241.14.0 255.255.255.0 access-list HTTP_LIST extended permit tcp any host 203.210.209.216 eq https access-list inside_access_in extended permit ip 168.241.14.0 255.255.255.0 any access-list inside2_nat0_outbound extended permit ip 168.241.15.0 255.255.255.0 object-group US_networks access-list inside2_nat0_outbound extended permit ip 168.241.15.0 255.255.255.0 object-group vpn-group access-list inside2_access_in extended permit ip object-group Dey_Cut any access-list inside2_access_in extended permit ip 168.241.15.0 255.255.255.0 168.241.0.0 255.255.0.0 access-list inside2_access_in extended permit ip 168.241.15.0 255.255.255.0 object-group InternetAccess access-list inside2_access_in extended deny object-group TCPUDP 168.241.15.0 255.255.255.0 any eq www access-list inside2_access_in extended permit ip 168.241.15.0 255.255.255.0 any access-list outside2_access_in extended permit ip any any access-list outside2_access_in_1 extended permit ip any any ! tcp-map TMAP exceed-mss allow ! pager lines 24 logging enable logging timestamp logging buffer-size 40960 logging buffered notifications logging trap informational logging asdm notifications logging host inside 168.241.14.22 mtu outside 1500 mtu inside 1500 mtu inside2 1500 ip local pool VPN_Pool 192.168.2.1-192.168.2.10 mask 255.255.255.0 icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-602.bin no asdm history enable arp timeout 14400 global (outside) 1 222.255.128.134 netmask 255.255.255.248 nat (inside) 0 access-list inside_nat0_outbound nat (inside) 1 168.241.14.0 255.255.255.0 nat (inside2) 0 access-list inside2_nat0_outbound nat (inside2) 1 168.241.15.0 255.255.255.0 access-group outside_access_in in interface outside access-group inside_access_in in interface inside access-group inside2_access_in in interface inside2 ! router ospf 1 router-id 168.241.14.10 network 168.241.14.0 255.255.255.0 area 0 network 168.241.15.0 255.255.255.0 area 0 area 0 log-adj-changes redistribute static ! route outside 0.0.0.0 0.0.0.0 222.255.128.129 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout uauth 0:05:00 absolute dynamic-access-policy-record DfltAccessPolicy http server enable http 0.0.0.0 0.0.0.0 inside2 http 192.168.1.0 255.255.255.0 inside http 168.241.14.0 255.255.255.0 inside http 0.0.0.0 0.0.0.0 outside snmp-server enable traps snmp authentication linkup linkdown coldstart snmp-server enable traps entity config-change crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 crypto map outside_map4 1 match address outside_cryptomap crypto map outside_map4 1 set peer 168.241.243.2 crypto map outside_map4 1 set transform-set ESP-3DES-MD5 crypto map outside_map4 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP crypto map outside_map4 interface outside crypto isakmp enable outside crypto isakmp enable inside2 crypto isakmp policy 1 authentication pre-share encryption 3des hash md5 group 2 lifetime 86400 crypto isakmp policy 30 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 no crypto isakmp nat-traversal telnet 192.168.2.0 255.255.255.0 outside telnet 168.241.14.0 255.255.255.0 inside telnet timeout 5 ssh timeout 5 console timeout 0 dhcpd option 3 ip 168.241.14.1 ! dhcpd address 168.241.14.141-168.241.14.250 inside dhcpd lease 7200 interface inside dhcpd option 3 ip 168.241.14.10 interface inside dhcpd option 6 ip 203.162.0.11 203.190.163.147 interface inside dhcpd enable inside ! dhcpd address 168.241.15.150-168.241.15.250 inside2 dhcpd lease 7200 interface inside2 dhcpd option 3 ip 168.241.15.10 interface inside2 dhcpd option 6 ip 203.162.0.11 203.190.163.147 interface inside2 dhcpd enable inside2 ! threat-detection basic-threat threat-detection statistics ! class-map HTTP match access-list HTTP_LIST class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect netbios inspect rsh inspect rtsp inspect skinny inspect esmtp inspect sqlnet inspect sunrpc inspect tftp inspect sip inspect xdmcp class HTTP set connection advanced-options TMAP ! service-policy global_policy global ntp server 207.46.130.100 source outside prefer group-policy AAAAAA internal group-policy AAAAAA attributes vpn-tunnel-protocol IPSec split-tunnel-policy tunnelspecified split-tunnel-network-list value AAAAAA_splitTunnelAcl tunnel-group 168.241.243.2 type ipsec-l2l tunnel-group 168.241.243.2 ipsec-attributes pre-shared-key * peer-id-validate nocheck tunnel-group AAAAAA type remote-access tunnel-group AAAAAA general-attributes address-pool VPN_Pool default-group-policy AAAAAA tunnel-group AAAAA ipsec-attributes pre-shared-key * prompt hostname context Cryptochecksum:a459716baaf507cc0c68c54a4651c555 : end