ASA Version 7.2(3) ! hostname ciscoasa domain-name shrew.net enable password XXX encrypted names ! interface Vlan1 nameif inside security-level 100 ip address 10.1.2.20 255.255.255.0 ! interface Vlan2 nameif outside security-level 0 ip address 10.1.1.20 255.255.255.0 ! interface Ethernet0/0 switchport access vlan 2 ! interface Ethernet0/1 ! interface Ethernet0/2 ! interface Ethernet0/3 ! interface Ethernet0/4 ! interface Ethernet0/5 ! interface Ethernet0/6 ! interface Ethernet0/7 ! passwd 2KFQnbNIdI.2KYOU encrypted banner motd Welcome to the shrew.net ciscoasa. ftp mode passive dns domain-lookup inside dns server-group DefaultDNS domain-name shrew.net dns server-group server-group-dns name-server 10.1.2.100 domain-name shrew.net object-group network group-inside-vpnclient description All inside accessible networks network-object 10.1.2.0 255.255.255.0 access-list acl-nonat extended permit ip any any access-list acl-vpnclient extended permit ip object-group group-inside-vpnclient any pager lines 24 logging enable logging timestamp logging monitor debugging logging buffered debugging logging asdm informational logging queue 2000 mtu inside 1500 mtu outside 1500 ip local pool ippool-vpnclient 10.2.20.1-10.2.20.126 mask 255.255.255.0 icmp unreachable rate-limit 1 burst-size 1 icmp permit any inside icmp permit any outside asdm image disk0:/asdm-523.bin no asdm history enable arp timeout 14400 nat-control global (outside) 1 interface nat (inside) 0 access-list acl-nonat nat (outside) 0 access-list acl-nonat route outside 0.0.0.0 0.0.0.0 10.1.1.3 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout uauth 0:05:00 absolute aaa authentication ssh console LOCAL username bill password XXX encrypted username bob password XXX encrypted no snmp-server location no snmp-server contact crypto ipsec transform-set xform-3des-md5 esp-3des esp-md5-hmac crypto dynamic-map dcmap-vpnclient 1 set transform-set xform-3des-md5 crypto map cmap-vpncient 65535 ipsec-isakmp dynamic dcmap-vpnclient crypto map cmap-vpncient interface outside crypto isakmp enable outside crypto isakmp identity address crypto isakmp nat-traversal 10 crypto isakmp policy 1 authentication pre-share encryption 3des hash md5 group 2 lifetime 86400 telnet timeout 5 ssh 10.1.2.0 255.255.255.0 inside ssh timeout 60 console timeout 0 ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp ! service-policy global_policy global group-policy group-policy-default internal group-policy group-policy-default attributes banner value Welcome to the shrew.net ciscoasa wins-server value 10.1.2.100 10.1.2.1 dns-server value 10.1.2.100 10.1.2.1 vpn-tunnel-protocol IPSec password-storage disable re-xauth disable pfs disable split-tunnel-policy tunnelspecified split-tunnel-network-list value acl-vpnclient default-domain value shrew.net split-dns value shrew.net example.com tunnel-group vpnclient type ipsec-ra tunnel-group vpnclient general-attributes address-pool ippool-vpnclient default-group-policy group-policy-default tunnel-group vpnclient ipsec-attributes pre-shared-key * prompt hostname context Cryptochecksum:ec92d237727104acd06e53fe6d87b3a5