About Connection

9675
!
interface Management0/0
management-only
nameif management
security-level 100
ip address 192.168.30.241 255.255.255.0 standby 192.168.30.242
!
banner login CMARTDC
banner login ********************************************************************
banner login * ^^^Unauthorized Use or Access Prohibited^^^ *
banner login * For Authorized Official Use Only *
banner login * You must have explicit permission to accesss or *
banner login * configure this device. All activities performed *
banner login * on this device are logged. Disconnect immediately *
banner login * if you are not an authorized user. Violators will *
banner login * be prosecuted to the fullest extent of the law. *
banner login * There is no right to privacy on this device. *
banner login ********************************************************************
ftp mode passive
clock timezone MMT 6 30
dns server-group DefaultDNS
domain-name cmartho.com
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network DMZ
subnet 192.168.2.0 255.255.255.0
object network DMZ-NAT
subnet 192.168.2.0 255.255.255.0
object network DMZ-NAT2
subnet 192.168.2.0 255.255.255.0
object network ANY-VPN-POOL
subnet 172.16.10.0 255.255.255.0
object network CMART-CLIENT
range 192.168.10.0 192.168.249.255
object network RV-HOST
subnet 192.168.39.0 255.255.255.0
object network MPT_Internet
subnet 192.168.2.0 255.255.255.0
object network OCMLM
subnet 10.45.40.0 255.255.255.0
description OCMLM (MPT Internet)
object network YTP_Public_GW
host 122.248.120.1
description YTP Public Gateway
object network WIRELESS_VIP
subnet 192.168.201.0 255.255.255.0
object network WIRELESS_GUEST
subnet 192.168.202.0 255.255.255.0
object network WIRELESS_VIP_NAT
subnet 192.168.201.0 255.255.255.0
object network WIRELESS_GUEST_NAT
subnet 192.168.202.0 255.255.255.0
object network ICT2
subnet 192.168.203.0 255.255.255.0
object network ICT3
subnet 192.168.203.0 255.255.255.0
object network Admin
subnet 192.168.215.0 255.255.255.0
object network Wire_VIP_1stFL
subnet 192.168.207.0 255.255.255.0
object network Wire_VIP_GroundFL
subnet 192.168.208.0 255.255.255.0
object network Marketing
subnet 192.168.214.0 255.255.255.0
object network ICT_Department
subnet 192.168.203.0 255.255.255.0
object network HR
subnet 192.168.204.0 255.255.255.0
object network Ground_Floor
subnet 192.168.205.0 255.255.255.0
object network 1st_Floor
subnet 192.168.206.0 255.255.255.0
object network E-Commera
host 122.248.120.11
description E-Commera
object network E-commence
host 192.168.2.145
description Gold-Server
object network Gold_Server
host 192.168.2.191
object network MCS_Padomar
subnet 192.168.152.0 255.255.255.0
description MCS_Padomar
object network MCS_Padomar_GW
host 172.10.10.253
description MCS_Padomar_GW
object network MCS_SSL
subnet 192.168.153.0 255.255.255.0
description MCS_SSL
object network MCS_local_GW
host 192.168.2.23
description MCS_local_GW
object network InsideGW
host 192.168.2.1
description 2Network Gateway
object network 1st_Floor(MPT)
range 192.168.205.240 192.168.205.250
object network 1st_Floor2(MPT)
range 192.168.206.240 192.168.206.250
object network Inside_User_YTP
range 192.168.2.0 192.168.2.239
object network WAREHOUSE
subnet 192.168.3.0 255.255.255.0
object network test-outsite
host 192.167.1.1
description test-outsite
object network MPT-Kerio_Route
host 100.95.95.244
object network 65pyay
subnet 10.148.16.0 255.255.255.0
object network test-outside-mhk
subnet 192.168.152.0 255.255.255.0
object network Inside-mhk
subnet 192.168.2.0 255.255.255.0
object network FTP_SRV
host 192.168.2.145
description FTP Server
object network YTP-Public-Outside-IP
host 122.248.120.12
description YTP Public IP
object service e-comm
service tcp source eq 8081
object network 145
host 192.168.2.145
object network FTP-SRV
object network FTP_SRV2
host 192.168.2.145
object network 192.168.2.197
host 192.168.2.197
object service 8081
service tcp destination eq 8081
object network Warehouse-LAN
subnet 192.168.70.0 255.255.255.0
object network e-com
host 192.168.2.197
object network testVPN
subnet 192.168.253.0 255.255.255.0
object network SAP_ERP_PRD_VM
subnet 192.168.101.0 255.255.255.0
object network SAP_ERP_UAT_VM
subnet 192.168.102.0 255.255.255.0
object network SAP_ERP_MGMT
subnet 192.168.103.0 255.255.255.0
object-group service DM_INLINE_SERVICE_1
service-object icmp
service-object icmp echo
service-object icmp echo-reply
service-object icmp time-exceeded
service-object icmp unreachable
service-object icmp
object-group service ftp-group tcp
port-object eq ftp
port-object eq ftp-data
object-group network DM_INLINE_NETWORK_1
network-object object FTP_SRV
network-object object FTP_SRV2
access-list Inside_access_in extended permit ip any any
access-list YTP-PUBLIC-Outside_access_in extended permit ip any any
access-list YTP-MPLS-Outside_access_in extended permit ip any any
access-list MPT-INTERNET_cryptomap_65535.65535 extended permit ip any any
access-list SPLIT_TUNNEL standard permit 192.168.2.0 255.255.255.0
access-list YTP-PUBLIC-Outside_access_in_1 extended permit ip any any
access-list YTP-MPLS-2-Outside_access_in extended permit ip any any
access-list MPT-INTERNET_access_in extended permit object-group DM_INLINE_SERVICE_1
any any
access-list MPT-INTERNET_access_in extended permit ip any any
access-list YTP-PUBLIC-Outside_cryptomap_65535.65535 extended permit ip any any
access-list YTP-MPLS-Outside_access_in_1 extended permit ip any any
access-list YTP-PUBLIC-Outside_access_in_2 extended permit object 8081 object
192.168.2.197 object E-Commera inactive
access-list YTP-PUBLIC-Outside_access_in_2 extended permit tcp any object YTP-
Public-Outside-IP eq 8081
access-list YTP-PUBLIC-Outside_access_in_2 extended permit tcp any eq ftp object-
group DM_INLINE_NETWORK_1 object-group ftp-group
access-list YTP-PUBLIC-Outside_access_in_2 extended permit ip any any inactive
access-list YTP-PUBLIC-Outside_access_in_2 extended permit object-group
DM_INLINE_SERVICE_2 any any
access-list SFR_REDIRECT extended permit ip any any log default inactive
access-list MPT-INTERNET_cryptomap_65535.65535_3 extended permit ip object DMZ
object testVPN
object CMART-CLIENT
access-list ICT_Department_access_in extended permit ip any any
access-list Ground_Floor_access_in extended permit ip any any
access-list HR_Department_access_in extended permit ip any any
access-list Admin_access_in extended permit ip any any
access-list 1st_Floor_access_in extended permit ip any any
access-list Wire_VIP_1stFL_access_in extended permit ip any any
access-list Marketing_access_in extended permit ip any any
access-list Wire_VIP_GroundFL_access_in extended permit ip any any
access-list wireless_Link__Guest_access_in extended permit ip any any
access-list wireless_Link_VIP_access_in extended permit ip any any
access-list ICT-USER standard permit 192.168.203.0 255.255.255.0
access-list Inside-DMZ extended permit ip any any log
access-list Inside_access_in_1 extended permit ip any any
access-list MPT-INTERNET-FIBER_access_in extended permit ip any any
access-list WAREHOUSE extended permit ip any any log
access-list Warehouse_local_access_in extended permit ip any any
access-list MCS_access_in extended permit ip any any
access-list Inside_User_YTP extended permit ip object Inside_User_YTP any
access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol
access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 631
access-list AnyConnect_Client_Local_Print remark Windows' printing port
access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol
access-list AnyConnect_Client_Local_Print extended permit udp any4 host 224.0.0.251
eq 5353
access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name
Resolution protocol
eq 5355
access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol
access-list test-outside_access_in extended permit ip any any
access-list test-outside->Inside extended permit icmp object test-outside-mhk
object Inside-mhk inactive
access-list test-outside->Inside extended permit icmp 192.168.152.0 255.255.255.0
192.168.2.0 255.255.255.0 inactive
access-list test-outside->Inside extended permit ip any any
access-list test-outside_access_out extended permit ip any any
access-list SAP_ERP_PRD_VM_access_in extended permit ip any any
access-list SAP_ERP_MGMT_access_in extended permit ip any any
access-list SAP_ERP_vMotion_access_in extended permit ip any any
access-list SAP_ERP_UAT_VM_access_in extended permit ip any any
access-list SAP_ERP_PRD_VM_access_out extended permit ip any any
access-list SAP_ERP_UAT_VM_access_out extended permit ip any any
access-list SAP_ERP_MGMT_access_out extended permit ip any any
access-list SAP_ERP_vMotion_access_out extended permit ip any any
access-list MCS_access_out extended permit ip any any
pager lines 30
logging enable
logging asdm informational
no logging message 106015
mtu MPT-INTERNET 1500
mtu YTP-PUBLIC-Outside 1500
mtu YTP-MPLS-Outside 1500
mtu YTP-MPLS-2-Outside 1500
mtu Inside 1500
mtu wireless_Link_VIP 1500
mtu wireless_Link__Guest 1500
mtu ICT_Department 1500
mtu HR_Department 1500
mtu Ground_Floor 1500
mtu 1st_Floor 1500
mtu Wire_VIP_1stFL 1500
mtu Wire_VIP_GroundFL 1500
mtu Marketing 1500
mtu Admin 1500
mtu Warehouse_local 1500
mtu SAP_ERP_PRD_VM 1500
mtu SAP_ERP_UAT_VM 1500
mtu SAP_ERP_MGMT 1500
mtu MPT-INTERNET-FIBER 1500
mtu Warehouse 1500
mtu MCS 1500
mtu test-outside 1500
mtu management 1500
no failover
failover lan unit primary
no monitor-interface MPT-INTERNET
no monitor-interface YTP-PUBLIC-Outside
no monitor-interface YTP-MPLS-Outside
no monitor-interface YTP-MPLS-2-Outside
no monitor-interface management
no monitor-interface service-module
icmp unreachable rate-limit 1 burst-size 1
icmp permit any echo MPT-INTERNET
icmp permit any echo-reply MPT-INTERNET
icmp permit any time-exceeded MPT-INTERNET
icmp permit any unreachable MPT-INTERNET
icmp permit any MPT-INTERNET
icmp permit any YTP-PUBLIC-Outside
icmp permit any echo YTP-PUBLIC-Outside
icmp permit any echo-reply YTP-PUBLIC-Outside
icmp permit any time-exceeded YTP-PUBLIC-Outside
icmp permit any unreachable YTP-PUBLIC-Outside
icmp permit any YTP-MPLS-2-Outside
icmp permit any management
asdm image disk0:/asdm-752-153.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (Inside,Warehouse) source static DMZ DMZ destination static Warehouse-LAN
Warehouse-LAN
nat (wireless_Link_VIP,Warehouse) source static WIRELESS_VIP_NAT WIRELESS_VIP_NAT
destination static Warehouse-LAN Warehouse-LAN
nat (Inside,YTP-PUBLIC-Outside) source static DMZ DMZ destination static testVPN
testVPN no-proxy-arp route-lookup
nat (Inside,YTP-PUBLIC-Outside) source static DMZ DMZ destination static CMART-
CLIENT CMART-CLIENT no-proxy-arp route-lookup
nat (Inside,MPT-INTERNET) source static DMZ DMZ destination static CMART-CLIENT
CMART-CLIENT no-proxy-arp route-lookup
nat (YTP-PUBLIC-Outside,MPT-INTERNET) source static DMZ DMZ destination static
CMART-CLIENT CMART-CLIENT no-proxy-arp route-lookup
nat (YTP-PUBLIC-Outside,YTP-MPLS-2-Outside) source static DMZ DMZ destination
static CMART-CLIENT CMART-CLIENT no-proxy-arp route-lookup
nat (Inside,YTP-MPLS-Outside) source static DMZ DMZ destination static CMART-CLIENT
nat (Inside,YTP-MPLS-2-Outside) source static DMZ DMZ destination static CMART-
nat (YTP-PUBLIC-Outside,MPT-INTERNET) source static DMZ DMZ destination static ANY-
VPN-POOL ANY-VPN-POOL no-proxy-arp route-lookup
nat (Inside,MPT-INTERNET) source static DMZ DMZ destination static ANY-VPN-POOL
ANY-VPN-POOL no-proxy-arp route-lookup
nat (Inside,YTP-PUBLIC-Outside) source static DMZ DMZ destination static ANY-VPN-
POOL ANY-VPN-POOL no-proxy-arp route-lookup
nat (Warehouse,YTP-PUBLIC-Outside) source static WAREHOUSE WAREHOUSE destination
static ANY-VPN-POOL ANY-VPN-POOL no-proxy-arp
!
nat (Inside,MPT-INTERNET-FIBER) dynamic interface
nat (Inside,YTP-PUBLIC-Outside) dynamic interface
nat (wireless_Link_VIP,MPT-INTERNET-FIBER) dynamic interface
nat (wireless_Link__Guest,MPT-INTERNET-FIBER) dynamic interface
nat (Admin,MPT-INTERNET-FIBER) dynamic interface
nat (Wire_VIP_1stFL,MPT-INTERNET-FIBER) dynamic interface
nat (Wire_VIP_GroundFL,MPT-INTERNET-FIBER) dynamic interface
nat (Marketing,MPT-INTERNET-FIBER) dynamic interface
nat (ICT_Department,MPT-INTERNET-FIBER) dynamic interface
object network HR
nat (HR_Department,MPT-INTERNET-FIBER) dynamic interface
nat (Ground_Floor,MPT-INTERNET-FIBER) dynamic interface
nat (1st_Floor,MPT-INTERNET-FIBER) dynamic interface
nat (Inside,YTP-PUBLIC-Outside) static interface service tcp ftp ftp
nat (Inside,YTP-PUBLIC-Outside) static interface service tcp ftp-data ftp-data
nat (Inside,YTP-PUBLIC-Outside) static interface service tcp 8081 8081
nat (SAP_ERP_PRD_VM,MPT-INTERNET-FIBER) dynamic interface
nat (SAP_ERP_UAT_VM,MPT-INTERNET-FIBER) dynamic interface
nat (SAP_ERP_MGMT,MPT-INTERNET-FIBER) dynamic interface
access-group MPT-INTERNET_access_in in interface MPT-INTERNET
access-group YTP-PUBLIC-Outside_access_in_2 in interface YTP-PUBLIC-Outside
access-group YTP-MPLS-Outside_access_in_1 in interface YTP-MPLS-Outside
access-group YTP-MPLS-2-Outside_access_in in interface YTP-MPLS-2-Outside
access-group Inside-DMZ in interface Inside
access-group Inside-DMZ out interface Inside
access-group wireless_Link_VIP_access_in in interface wireless_Link_VIP
access-group wireless_Link__Guest_access_in in interface wireless_Link__Guest
access-group ICT_Department_access_in in interface ICT_Department
access-group HR_Department_access_in in interface HR_Department
access-group Ground_Floor_access_in in interface Ground_Floor
access-group 1st_Floor_access_in in interface 1st_Floor
access-group Wire_VIP_1stFL_access_in in interface Wire_VIP_1stFL
access-group Wire_VIP_GroundFL_access_in in interface Wire_VIP_GroundFL
access-group Marketing_access_in in interface Marketing
access-group Admin_access_in in interface Admin
access-group Warehouse_local_access_in in interface Warehouse_local
access-group SAP_ERP_PRD_VM_access_in in interface SAP_ERP_PRD_VM
access-group SAP_ERP_PRD_VM_access_out out interface SAP_ERP_PRD_VM
access-group SAP_ERP_UAT_VM_access_in in interface SAP_ERP_UAT_VM
access-group SAP_ERP_UAT_VM_access_out out interface SAP_ERP_UAT_VM
access-group SAP_ERP_MGMT_access_in in interface SAP_ERP_MGMT
access-group SAP_ERP_MGMT_access_out out interface SAP_ERP_MGMT
access-group MPT-INTERNET-FIBER_access_in in interface MPT-INTERNET-FIBER
access-group WAREHOUSE in interface Warehouse
access-group WAREHOUSE out interface Warehouse
access-group MCS_access_in in interface MCS
access-group MCS_access_out out interface MCS
access-group test-outside->Inside in interface test-outside
access-group test-outside_access_out out interface test-outside
access-group test-outside->Inside global
!
route-map SAP_ERP_UAT_VM permit 1
match interface SAP_ERP_UAT_VM
match route-type external type-1 external type-2 internal local nssa-external
type-1 nssa-external type-2
set ip default next-hop 100.95.32.105
!
route-map SAP_ERP_PRD_VM permit 1
match interface SAP_ERP_PRD_VM
!
route-map test-Inside permit 2
!
route-map WIRELESS_VIP permit 1
match interface wireless_Link_VIP
set interface MPT-INTERNET-FIBER
!
route-map Inside-routemap permit 1
match interface Inside
!
route-map SAP_ERP_MGMT permit 1
match interface SAP_ERP_MGMT
!
route-map HR-DEPT permit 1
match interface HR_Department
!
route-map 1ST-FLOOR permit 1
match interface 1st_Floor
!
route-map WIRE-VIP-GROUND permit 1
match interface Wire_VIP_GroundFL
!
route-map MARKETING permit 1
match interface Marketing
!
route-map Warehouse permit 1
match interface Warehouse
!
route-map ADMIN-routemap permit 1
match interface Admin
!
route-map GROUND-FLOOR permit 1
match interface Ground_Floor
!
route-map WIRE-VIP-1ST permit 1
match interface Wire_VIP_1stFL
!
route-map ICT-routemap permit 1
match ip address Inside_User_YTP
match interface ICT_Department
!
route-map WIRELESS-GUEST permit 1
match interface wireless_Link__Guest
!
route YTP-PUBLIC-Outside 0.0.0.0 0.0.0.0 122.248.120.1 1 track 101
route MPT-INTERNET 0.0.0.0 0.0.0.0 203.81.79.233 2
route MPT-INTERNET-FIBER 0.0.0.0 0.0.0.0 100.95.32.105 3
route management 0.0.0.0 0.0.0.0 192.168.30.1 40
route test-outside 0.0.0.0 0.0.0.0 192.167.1.1 80
route YTP-MPLS-Outside 10.148.0.0 255.255.255.0 10.148.148.1 1
route YTP-PUBLIC-Outside 103.27.118.0 255.255.255.0 122.248.120.1 1
route Warehouse 192.168.5.0 255.255.255.0 192.168.3.50 1
route Warehouse 192.168.70.0 255.255.255.0 192.168.3.11 1
route Inside 192.168.153.0 255.255.255.0 192.168.2.23 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
user-identity default-domain LOCAL
aaa authentication enable console LOCAL
aaa authentication telnet console LOCAL
aaa authentication ssh console LOCAL
http server enable 4444
http 0.0.0.0 0.0.0.0 management
http 0.0.0.0 0.0.0.0 YTP-PUBLIC-Outside
http 0.0.0.0 0.0.0.0 Inside
http redirect management 80
snmp-server host Inside 192.168.2.6 community ***** version 2c
no snmp-server location
no snmp-server contact
snmp-server community *****
sla monitor 101
type echo protocol ipIcmpEcho 8.8.8.8 interface YTP-PUBLIC-Outside
num-packets 10
frequency 30
sla monitor schedule 101 life forever start-time now
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transport
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map CITYMART_CRYPTO_MAP 65535 match address MPT-
INTERNET_cryptomap_65535.65535_3
crypto dynamic-map CITYMART_CRYPTO_MAP 65535 set pfs
crypto dynamic-map CITYMART_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-
SHA ESP-AES-192-SHA ESP-AES-256-SHA
crypto dynamic-map CITYMART_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192
AES
crypto dynamic-map CITYMART_CRYPTO_MAP 65535 set reverse-route
crypto map CITYMART_Outside 65535 ipsec-isakmp dynamic CITYMART_CRYPTO_MAP
crypto map CITYMART_Outside interface MPT-INTERNET
crypto map CITYMART_Outside interface YTP-PUBLIC-Outside
crypto map CITYMART_Outside interface YTP-MPLS-Outside
crypto map CITYMART_Outside interface YTP-MPLS-2-Outside
crypto map CITYMART_Outside interface Warehouse
crypto ca trustpool policy
crypto isakmp identity address
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
encryption aes-192
integrity sha
group 5 2
prf sha
encryption aes
integrity sha
group 5 2 1
prf sha
crypto ikev2 enable MPT-INTERNET client-services port 443
crypto ikev2 enable YTP-PUBLIC-Outside client-services port 443
crypto ikev2 enable MPT-INTERNET-FIBER
crypto ikev1 enable MPT-INTERNET
crypto ikev1 enable YTP-PUBLIC-Outside
crypto ikev1 enable YTP-MPLS-Outside
crypto ikev1 enable YTP-MPLS-2-Outside
crypto ikev1 enable Warehouse_local
crypto ikev1 enable Warehouse
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
encryption aes-192
hash sha
group 2
lifetime 86400
encryption aes-256
hash sha
group 2
lifetime 86400
encryption 3des
hash sha
group 2
lifetime 86400
!
track 101 rtr 101 reachability
telnet 0.0.0.0 0.0.0.0 Inside
telnet timeout 5
ssh stricthostkeycheck
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
dhcp-client client-id interface YTP-PUBLIC-Outside
threat-detection basic-threat
threat-detection statistics host
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 192.168.2.250 source Inside prefer
webvpn
enable MPT-INTERNET
enable YTP-PUBLIC-Outside
enable MPT-INTERNET-FIBER
anyconnect image disk0:/anyconnect-macosx-i386-4.2.02075-k9.pkg 2
anyconnect image disk0:/anyconnect-win-4.2.02075-k9.pkg 3
anyconnect enable
tunnel-group-list enable
cache
disable
error-recovery disable
group-policy GroupPolicy1 internal
group-policy GroupPolicy1 attributes
vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec ssl-client
group-policy ANYCONNECT_POLICY internal
group-policy ANYCONNECT_POLICY attributes
dns-server value 192.168.2.250
vpn-tunnel-protocol ssl-client ssl-clientless
password-storage disable
split-tunnel-policy tunnelspecified
split-tunnel-network-list value SPLIT_TUNNEL
webvpn
anyconnect keep-installer installed
anyconnect dpd-interval client 500
anyconnect ask none default anyconnect
dynamic-access-policy-record DfltAccessPolicy
username parkson password sleJ/sBwr.FMKPX. encrypted
username parkson attributes
service-type remote-access
username asc password sGL0EqCDUc/aDSZO encrypted privilege 15
username nlhtoo password kzEpy5Q.ANNh0VSZ encrypted
username nlhtoo attributes
username moehein password fKxFzgpXeIH368uF encrypted
username moehein attributes
username arnel password m8LZ0LNpaEkstQMC encrypted
username arnel attributes
username bank password PTs0SrtQlPHg1Znk encrypted
username bank attributes
username olivier password 7l96nCls3rpjHadf encrypted
username olivier attributes
username spl-mgr password vv0wWkyFJHsU/uOQ encrypted
username spl-mgr attributes
username seyc-stock password GaXp.hMzFt22w3Xp encrypted
username seyc-stock attributes
username seyc-central password KuaD1ECN5Jhy4mI. encrypted
username seyc-central attributes
username sunfish password TFEvRKamfJdGyJ6C encrypted
username sunfish attributes
username wailinn password 6w/DHqYi0DzfqonI encrypted
username wailinn attributes
username vpnuser password tAtXXvCxpjX0dUEC encrypted
username vpnuser attributes
username dcadmin-exec password dF166nBiYhHR.Yn8 encrypted
username dcadmin-exec attributes
username haglinv password Evs/WCESJVcCp8nA encrypted
username haglinv attributes
username office-tab password yvDtX0/MGItHDaDM encrypted
username office-tab attributes
username haglmgr password gX4agkXzFb0/gJLW encrypted
username haglmgr attributes
username akksnr password iG7Jcwhk1/PpJZBr encrypted
username akksnr attributes
username cisco password 3USUcOPFUiMCO4Jk encrypted privilege 15
username hr-director password 3wgO82TxQOgVREY0 encrypted
username hr-director attributes
username wlin password LDlBQEzp2xVB/vRb encrypted privilege 15
username wlin attributes
service-type admin
username ocpt01 password FGneiipdHhL0KD6T encrypted
username ocpt01 attributes
username thaung password Pb3OUmQftWrOITdZ encrypted
username ocdpmgr password 0S/ODF1xVWhbscmu encrypted
username ocdpmgr attributes
username ocot03 password WkS7BdziPVIGsKAj encrypted
username ocot03 attributes
username amhlaing password aVEibZblYXuaY7qv encrypted
username eyc-central password cjSL9iEMS8akLqrR encrypted
username eyc-central attributes
username herve password 9lwTUwFVMZK8lHeV encrypted
username cmpl-mgr password 5vL/vS0panhMUcBr encrypted
username cmpl-mgr attributes
username cmpfs password pmxe5ioz58kT4kPG encrypted
username cmpfs attributes
username c-kitchen password uCGrKGkVI/h.lKux encrypted
username c-kitchen attributes
username cmnaing password /GYKG3dfTzmSNyEj encrypted
tunnel-group DefaultL2LGroup general-attributes
default-group-policy GroupPolicy1
tunnel-group DefaultL2LGroup ipsec-attributes
ikev1 pre-shared-key *****
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
tunnel-group ANY_TUNNEL type remote-access
tunnel-group ANY_TUNNEL general-attributes
address-pool ANY_VPN_POOL
default-group-policy ANYCONNECT_POLICY
tunnel-group ANY_TUNNEL webvpn-attributes
group-alias SSL_USERS enable
!
class-map sfr
match access-list SFR_REDIRECT
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
class sfr
sfr fail-open
inspect http
class class-default
user-statistics accounting
inspect ftp
policy-map type inspect dns migrated_dns_map_1
parameters
!
service-policy global_policy global
prompt hostname context
!
jumbo-frame reservation
!
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http
https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
hpm topN enable
Cryptochecksum:239ace089da6b113956a8272119e6067
: end
City-ASA#
City-ASA#
City-ASA#
City-ASA#
City-ASA# sh ip route
^
ERROR: % Invalid input detected at '^' marker.
City-ASA# sh rouet
^
ERROR: % Invalid input detected at '^' marker.
City-ASA# sh route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is 122.248.120.1 to network 0.0.0.0
S* 0.0.0.0 0.0.0.0 [1/0] via 122.248.120.1, YTP-PUBLIC-Outside

S 10.148.0.0 255.255.255.0 [1/0] via 10.148.148.1, YTP-MPLS-Outside
C 10.148.148.0 255.255.255.0 is directly connected, YTP-MPLS-Outside
L 10.148.148.254 255.255.255.255
is directly connected, YTP-MPLS-Outside
C 100.95.32.0 255.255.255.0 is directly connected, MPT-INTERNET-FIBER
L 100.95.32.106 255.255.255.255
is directly connected, MPT-INTERNET-FIBER
S 103.27.118.0 255.255.255.0
[1/0] via 122.248.120.1, YTP-PUBLIC-Outside
C 122.248.120.0 255.255.255.0 is directly connected, YTP-PUBLIC-Outside
L 122.248.120.12 255.255.255.255
is directly connected, YTP-PUBLIC-Outside
S 172.16.10.15 255.255.255.255
[1/0] via 122.248.120.1, YTP-PUBLIC-Outside
C 192.168.2.0 255.255.255.0 is directly connected, Inside
L 192.168.2.1 255.255.255.255 is directly connected, Inside
C 192.168.3.0 255.255.255.0 is directly connected, Warehouse
L 192.168.3.209 255.255.255.255 is directly connected, Warehouse
S 192.168.5.0 255.255.255.0 [1/0] via 192.168.3.50, Warehouse
S 192.168.13.0 255.255.255.0 [1/0] via 122.248.120.1, YTP-PUBLIC-Outside
S 192.168.21.0 255.255.255.0 [1/0] via 192.168.3.254, Warehouse
S 192.168.26.0 255.255.255.0 [1/0] via 192.168.3.200, Warehouse
S 192.168.50.0 255.255.255.0 [1/0] via 192.168.3.50, Warehouse
S 192.168.70.0 255.255.255.0 [1/0] via 192.168.3.11, Warehouse
C 192.168.101.0 255.255.255.0 is directly connected, SAP_ERP_PRD_VM
L 192.168.101.254 255.255.255.255 is directly connected, SAP_ERP_PRD_VM
C 192.168.102.0 255.255.255.0 is directly connected, SAP_ERP_UAT_VM
L 192.168.102.254 255.255.255.255 is directly connected, SAP_ERP_UAT_VM
C 192.168.103.0 255.255.255.0 is directly connected, SAP_ERP_MGMT
L 192.168.103.254 255.255.255.255 is directly connected, SAP_ERP_MGMT
C 192.168.152.0 255.255.255.0 is directly connected, test-outside
L 192.168.152.1 255.255.255.255 is directly connected, test-outside
S 192.168.153.0 255.255.255.0 [1/0] via 192.168.2.23, Inside
C 192.168.201.0 255.255.255.0 is directly connected, wireless_Link_VIP
L 192.168.201.254 255.255.255.255
is directly connected, wireless_Link_VIP
C 192.168.202.0 255.255.255.0
is directly connected, wireless_Link__Guest
L 192.168.202.254 255.255.255.255
is directly connected, wireless_Link__Guest
C 192.168.203.0 255.255.255.0 is directly connected, ICT_Department
L 192.168.203.254 255.255.255.255 is directly connected, ICT_Department
C 192.168.204.0 255.255.255.0 is directly connected, HR_Department
L 192.168.204.254 255.255.255.255 is directly connected, HR_Department
C 192.168.205.0 255.255.255.0 is directly connected, Ground_Floor
L 192.168.205.254 255.255.255.255 is directly connected, Ground_Floor
C 192.168.206.0 255.255.255.0 is directly connected, 1st_Floor
L 192.168.206.254 255.255.255.255 is directly connected, 1st_Floor
C 192.168.207.0 255.255.255.0 is directly connected, Wire_VIP_1stFL
L 192.168.207.254 255.255.255.255 is directly connected, Wire_VIP_1stFL
C 192.168.208.0 255.255.255.0 is directly connected, Wire_VIP_GroundFL
L 192.168.208.254 255.255.255.255
is directly connected, Wire_VIP_GroundFL
C 192.168.214.0 255.255.255.0 is directly connected, Marketing
L 192.168.214.254 255.255.255.255 is directly connected, Marketing
C 192.168.215.0 255.255.255.0 is directly connected, Admin
L 192.168.215.254 255.255.255.255 is directly connected, Admin
C 192.168.230.0 255.255.255.0 is directly connected, MCS
L 192.168.230.1 255.255.255.255 is directly connected, MCS
City-ASA# sh run
: Saved
:
: Serial Number: FCH1950J19C
: Hardware: ASA5525, 8192 MB RAM, CPU Lynnfield 2394 MHz, 1 CPU (4 cores)
:
ASA Version 9.5(2)
!
hostname City-ASA
enable password 2KFQnbNIdI.2KYOU encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny udp any4 any4 eq domain
names
ip local pool ANY_VPN_POOL 172.16.10.10-172.16.10.110 mask 255.255.255.0
!
interface GigabitEthernet0/0
nameif MPT-INTERNET
security-level 0
ip address 203.81.79.234 255.255.255.252
!
nameif YTP-PUBLIC-Outside
security-level 0
ip address 122.248.120.12 255.255.255.0
!
nameif YTP-MPLS-Outside
security-level 0
ip address 10.148.148.254 255.255.255.0
!
nameif YTP-MPLS-2-Outside
security-level 0
ip address 10.148.12.254 255.255.255.0
!
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/4.1
vlan 301
nameif Inside
security-level 100
ip address 192.168.2.1 255.255.255.0
policy-route route-map Inside-routemap
!
vlan 201
nameif wireless_Link_VIP
security-level 100
ip address 192.168.201.254 255.255.255.0
policy-route route-map WIRELESS_VIP
!
vlan 202
nameif wireless_Link__Guest
security-level 100
ip address 192.168.202.254 255.255.255.0
policy-route route-map WIRELESS-GUEST
!
vlan 203
nameif ICT_Department
security-level 100
ip address 192.168.203.254 255.255.255.0
policy-route route-map ICT-routemap
ipv6 nd managed-config-flag
!
vlan 204
nameif HR_Department
security-level 100
ip address 192.168.204.254 255.255.255.0
policy-route route-map HR-DEPT
!
vlan 205
nameif Ground_Floor
security-level 100
ip address 192.168.205.254 255.255.255.0
policy-route route-map GROUND-FLOOR
!
vlan 206
nameif 1st_Floor
security-level 100
ip address 192.168.206.254 255.255.255.0
policy-route route-map 1ST-FLOOR
!
vlan 207
nameif Wire_VIP_1stFL
security-level 100
ip address 192.168.207.254 255.255.255.0
policy-route route-map WIRE-VIP-1ST
!
vlan 208
nameif Wire_VIP_GroundFL
security-level 100
ip address 192.168.208.254 255.255.255.0
policy-route route-map WIRE-VIP-GROUND
!
vlan 214
nameif Marketing
security-level 100
ip address 192.168.214.254 255.255.255.0
policy-route route-map MARKETING
!
vlan 215
nameif Admin
security-level 100
ip address 192.168.215.254 255.255.255.0
policy-route route-map ADMIN-routemap
!
vlan 213
nameif Warehouse_local
security-level 100
no ip address
!
vlan 101
nameif SAP_ERP_PRD_VM
security-level 100
ip address 192.168.101.254 255.255.255.0
policy-route route-map SAP_ERP_PRD_VM
!
vlan 102
nameif SAP_ERP_UAT_VM
security-level 100
ip address 192.168.102.254 255.255.255.0
policy-route route-map SAP_ERP_UAT_VM
!
vlan 103
nameif SAP_ERP_MGMT
security-level 100
ip address 192.168.103.254 255.255.255.0
policy-route route-map SAP_ERP_MGMT
!
no nameif
no security-level
no ip address
!
vlan 304
nameif MPT-INTERNET-FIBER
security-level 0
ip address 100.95.32.106 255.255.255.0
!
vlan 240
nameif Warehouse
security-level 100
ip address 192.168.3.209 255.255.255.0
policy-route route-map Warehouse
!
vlan 230
nameif MCS
security-level 100
ip address 192.168.230.1 255.255.255.0
!
vlan 401
nameif test-outside
security-level 100
ip address 192.168.152.1 255.255.255.0
!
no nameif
no security-level
no ip address
!
no nameif
no security-level
no ip address
!
interface Management0/0
management-only
nameif management
security-level 100
ip address 192.168.30.241 255.255.255.0 standby 192.168.30.242
!
banner login CMARTDC
banner login ********************************************************************
banner login * ^^^Unauthorized Use or Access Prohibited^^^ *
banner login * For Authorized Official Use Only *
banner login * You must have explicit permission to accesss or *
banner login * configure this device. All activities performed *
banner login * on this device are logged. Disconnect immediately *
banner login * if you are not an authorized user. Violators will *
banner login * be prosecuted to the fullest extent of the law. *
banner login * There is no right to privacy on this device. *
banner login ********************************************************************
ftp mode passive
clock timezone MMT 6 30
dns server-group DefaultDNS
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network DMZ
subnet 192.168.2.0 255.255.255.0
object network DMZ-NAT
subnet 192.168.2.0 255.255.255.0
subnet 192.168.2.0 255.255.255.0
object network ANY-VPN-POOL
subnet 172.16.10.0 255.255.255.0
object network CMART-CLIENT
range 192.168.10.0 192.168.249.255
object network RV-HOST
subnet 192.168.39.0 255.255.255.0
subnet 192.168.2.0 255.255.255.0
object network OCMLM
subnet 10.45.40.0 255.255.255.0
description OCMLM (MPT Internet)
object network YTP_Public_GW
host 122.248.120.1
description YTP Public Gateway
subnet 192.168.201.0 255.255.255.0
subnet 192.168.202.0 255.255.255.0
object network WIRELESS_VIP_NAT
subnet 192.168.201.0 255.255.255.0
object network WIRELESS_GUEST_NAT
subnet 192.168.202.0 255.255.255.0
object network ICT2
subnet 192.168.203.0 255.255.255.0
object network ICT3
subnet 192.168.203.0 255.255.255.0
subnet 192.168.215.0 255.255.255.0
subnet 192.168.207.0 255.255.255.0
subnet 192.168.208.0 255.255.255.0
subnet 192.168.214.0 255.255.255.0
subnet 192.168.203.0 255.255.255.0
object network HR
subnet 192.168.204.0 255.255.255.0
subnet 192.168.205.0 255.255.255.0
subnet 192.168.206.0 255.255.255.0
object network E-Commera
host 122.248.120.11
description E-Commera
object network E-commence
host 192.168.2.145
description Gold-Server
object network Gold_Server
host 192.168.2.191
object network MCS_Padomar
subnet 192.168.152.0 255.255.255.0
description MCS_Padomar
object network MCS_Padomar_GW
host 172.10.10.253
description MCS_Padomar_GW
object network MCS_SSL
subnet 192.168.153.0 255.255.255.0
description MCS_SSL
object network MCS_local_GW
host 192.168.2.23
description MCS_local_GW
object network InsideGW
host 192.168.2.1
description 2Network Gateway
object network 1st_Floor(MPT)
range 192.168.205.240 192.168.205.250
range 192.168.206.240 192.168.206.250
object network Inside_User_YTP
range 192.168.2.0 192.168.2.239
object network WAREHOUSE
subnet 192.168.3.0 255.255.255.0
object network test-outsite
host 192.167.1.1
description test-outsite
object network MPT-Kerio_Route
host 100.95.95.244
object network 65pyay
subnet 10.148.16.0 255.255.255.0
object network test-outside-mhk
subnet 192.168.152.0 255.255.255.0
object network Inside-mhk
subnet 192.168.2.0 255.255.255.0
host 192.168.2.145
description FTP Server
object network YTP-Public-Outside-IP
host 122.248.120.12
description YTP Public IP
object service e-comm
service tcp source eq 8081
object network 145
host 192.168.2.145
object network FTP-SRV
host 192.168.2.145
host 192.168.2.197
object service 8081
service tcp destination eq 8081
object network Warehouse-LAN
subnet 192.168.70.0 255.255.255.0
object network e-com
host 192.168.2.197
object network testVPN
subnet 192.168.253.0 255.255.255.0
subnet 192.168.101.0 255.255.255.0
subnet 192.168.102.0 255.255.255.0
subnet 192.168.103.0 255.255.255.0
service-object icmp
service-object icmp
object-group service ftp-group tcp
port-object eq ftp
port-object eq ftp-data
object-group network DM_INLINE_NETWORK_1
network-object object FTP_SRV
network-object object FTP_SRV2
access-list Inside_access_in extended permit ip any any
access-list YTP-PUBLIC-Outside_access_in extended permit ip any any
access-list YTP-MPLS-Outside_access_in extended permit ip any any
access-list MPT-INTERNET_cryptomap_65535.65535 extended permit ip any any
access-list YTP-PUBLIC-Outside_access_in_1 extended permit ip any any
access-list YTP-MPLS-2-Outside_access_in extended permit ip any any
access-list MPT-INTERNET_access_in extended permit object-group DM_INLINE_SERVICE_1
any any
access-list MPT-INTERNET_access_in extended permit ip any any
access-list YTP-PUBLIC-Outside_cryptomap_65535.65535 extended permit ip any any
access-list YTP-MPLS-Outside_access_in_1 extended permit ip any any
access-list YTP-PUBLIC-Outside_access_in_2 extended permit object 8081 object
192.168.2.197 object E-Commera inactive
access-list YTP-PUBLIC-Outside_access_in_2 extended permit tcp any object YTP-
Public-Outside-IP eq 8081
access-list YTP-PUBLIC-Outside_access_in_2 extended permit tcp any eq ftp object-
group DM_INLINE_NETWORK_1 object-group ftp-group
access-list YTP-PUBLIC-Outside_access_in_2 extended permit ip any any inactive
access-list YTP-PUBLIC-Outside_access_in_2 extended permit object-group
DM_INLINE_SERVICE_2 any any
access-list SFR_REDIRECT extended permit ip any any log default inactive
object testVPN
object CMART-CLIENT
access-list ICT_Department_access_in extended permit ip any any
access-list Ground_Floor_access_in extended permit ip any any
access-list HR_Department_access_in extended permit ip any any
access-list Admin_access_in extended permit ip any any
access-list 1st_Floor_access_in extended permit ip any any
access-list Wire_VIP_1stFL_access_in extended permit ip any any
access-list Marketing_access_in extended permit ip any any
access-list Wire_VIP_GroundFL_access_in extended permit ip any any
access-list wireless_Link__Guest_access_in extended permit ip any any
access-list wireless_Link_VIP_access_in extended permit ip any any
access-list ICT-USER standard permit 192.168.203.0 255.255.255.0
access-list Inside-DMZ extended permit ip any any log
access-list Inside_access_in_1 extended permit ip any any
access-list MPT-INTERNET-FIBER_access_in extended permit ip any any
access-list WAREHOUSE extended permit ip any any log
access-list Warehouse_local_access_in extended permit ip any any
access-list MCS_access_in extended permit ip any any
access-list Inside_User_YTP extended permit ip object Inside_User_YTP any
access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol
access-list AnyConnect_Client_Local_Print remark Windows' printing port
access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol
eq 5353
access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name
Resolution protocol
eq 5355
access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol
access-list test-outside_access_in extended permit ip any any
access-list test-outside->Inside extended permit icmp object test-outside-mhk
object Inside-mhk inactive
access-list test-outside->Inside extended permit icmp 192.168.152.0 255.255.255.0
192.168.2.0 255.255.255.0 inactive
access-list test-outside->Inside extended permit ip any any
access-list test-outside_access_out extended permit ip any any
access-list SAP_ERP_PRD_VM_access_in extended permit ip any any
access-list SAP_ERP_MGMT_access_in extended permit ip any any
access-list SAP_ERP_vMotion_access_in extended permit ip any any
access-list SAP_ERP_UAT_VM_access_in extended permit ip any any
access-list SAP_ERP_PRD_VM_access_out extended permit ip any any
access-list SAP_ERP_UAT_VM_access_out extended permit ip any any
access-list SAP_ERP_MGMT_access_out extended permit ip any any
access-list SAP_ERP_vMotion_access_out extended permit ip any any
access-list MCS_access_out extended permit ip any any
pager lines 30
logging enable
logging asdm informational
mtu MPT-INTERNET 1500
mtu YTP-PUBLIC-Outside 1500
mtu YTP-MPLS-Outside 1500
mtu YTP-MPLS-2-Outside 1500
mtu Inside 1500
mtu wireless_Link_VIP 1500
mtu wireless_Link__Guest 1500
mtu ICT_Department 1500
mtu HR_Department 1500
mtu Ground_Floor 1500
mtu 1st_Floor 1500
mtu Wire_VIP_1stFL 1500
mtu Wire_VIP_GroundFL 1500
mtu Marketing 1500
mtu Admin 1500
mtu Warehouse_local 1500
mtu SAP_ERP_PRD_VM 1500
mtu SAP_ERP_UAT_VM 1500
mtu SAP_ERP_MGMT 1500
mtu MPT-INTERNET-FIBER 1500
mtu Warehouse 1500
mtu MCS 1500
mtu test-outside 1500
mtu management 1500
no failover
failover lan unit primary
no monitor-interface MPT-INTERNET
no monitor-interface YTP-PUBLIC-Outside
no monitor-interface YTP-MPLS-Outside
no monitor-interface YTP-MPLS-2-Outside
no monitor-interface management
no monitor-interface service-module
icmp unreachable rate-limit 1 burst-size 1
icmp permit any echo MPT-INTERNET
icmp permit any echo-reply MPT-INTERNET
icmp permit any time-exceeded MPT-INTERNET
icmp permit any unreachable MPT-INTERNET
icmp permit any MPT-INTERNET
icmp permit any YTP-PUBLIC-Outside
icmp permit any echo YTP-PUBLIC-Outside
icmp permit any echo-reply YTP-PUBLIC-Outside
icmp permit any time-exceeded YTP-PUBLIC-Outside
icmp permit any unreachable YTP-PUBLIC-Outside
icmp permit any YTP-MPLS-2-Outside
icmp permit any management
asdm image disk0:/asdm-752-153.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (Inside,Warehouse) source static DMZ DMZ destination static Warehouse-LAN
Warehouse-LAN
nat (wireless_Link_VIP,Warehouse) source static WIRELESS_VIP_NAT WIRELESS_VIP_NAT
destination static Warehouse-LAN Warehouse-LAN
nat (Inside,YTP-PUBLIC-Outside) source static DMZ DMZ destination static testVPN
testVPN no-proxy-arp route-lookup
nat (Inside,YTP-PUBLIC-Outside) source static DMZ DMZ destination static CMART-
nat (Inside,MPT-INTERNET) source static DMZ DMZ destination static CMART-CLIENT
nat (YTP-PUBLIC-Outside,MPT-INTERNET) source static DMZ DMZ destination static
CMART-CLIENT CMART-CLIENT no-proxy-arp route-lookup
nat (YTP-PUBLIC-Outside,YTP-MPLS-2-Outside) source static DMZ DMZ destination
static CMART-CLIENT CMART-CLIENT no-proxy-arp route-lookup
nat (Inside,YTP-MPLS-Outside) source static DMZ DMZ destination static CMART-CLIENT
nat (Inside,YTP-MPLS-2-Outside) source static DMZ DMZ destination static CMART-
nat (YTP-PUBLIC-Outside,MPT-INTERNET) source static DMZ DMZ destination static ANY-
VPN-POOL ANY-VPN-POOL no-proxy-arp route-lookup
nat (Inside,MPT-INTERNET) source static DMZ DMZ destination static ANY-VPN-POOL
ANY-VPN-POOL no-proxy-arp route-lookup
nat (Inside,YTP-PUBLIC-Outside) source static DMZ DMZ destination static ANY-VPN-
POOL ANY-VPN-POOL no-proxy-arp route-lookup
nat (Warehouse,YTP-PUBLIC-Outside) source static WAREHOUSE WAREHOUSE destination
static ANY-VPN-POOL ANY-VPN-POOL no-proxy-arp
!
nat (Inside,MPT-INTERNET-FIBER) dynamic interface
nat (Inside,YTP-PUBLIC-Outside) dynamic interface
nat (wireless_Link_VIP,MPT-INTERNET-FIBER) dynamic interface
nat (wireless_Link__Guest,MPT-INTERNET-FIBER) dynamic interface
nat (Admin,MPT-INTERNET-FIBER) dynamic interface
nat (Wire_VIP_1stFL,MPT-INTERNET-FIBER) dynamic interface
nat (Wire_VIP_GroundFL,MPT-INTERNET-FIBER) dynamic interface
nat (Marketing,MPT-INTERNET-FIBER) dynamic interface
nat (ICT_Department,MPT-INTERNET-FIBER) dynamic interface
object network HR
nat (HR_Department,MPT-INTERNET-FIBER) dynamic interface
nat (Ground_Floor,MPT-INTERNET-FIBER) dynamic interface
nat (Inside,YTP-PUBLIC-Outside) static interface service tcp ftp ftp
nat (Inside,YTP-PUBLIC-Outside) static interface service tcp ftp-data ftp-data
nat (Inside,YTP-PUBLIC-Outside) static interface service tcp 8081 8081
nat (SAP_ERP_PRD_VM,MPT-INTERNET-FIBER) dynamic interface
nat (SAP_ERP_UAT_VM,MPT-INTERNET-FIBER) dynamic interface
nat (SAP_ERP_MGMT,MPT-INTERNET-FIBER) dynamic interface
access-group MPT-INTERNET_access_in in interface MPT-INTERNET
access-group YTP-PUBLIC-Outside_access_in_2 in interface YTP-PUBLIC-Outside
access-group YTP-MPLS-Outside_access_in_1 in interface YTP-MPLS-Outside
access-group YTP-MPLS-2-Outside_access_in in interface YTP-MPLS-2-Outside
access-group Inside-DMZ in interface Inside
access-group Inside-DMZ out interface Inside
access-group wireless_Link_VIP_access_in in interface wireless_Link_VIP
access-group wireless_Link__Guest_access_in in interface wireless_Link__Guest
access-group ICT_Department_access_in in interface ICT_Department
access-group HR_Department_access_in in interface HR_Department
access-group Ground_Floor_access_in in interface Ground_Floor
access-group 1st_Floor_access_in in interface 1st_Floor
access-group Wire_VIP_1stFL_access_in in interface Wire_VIP_1stFL
access-group Wire_VIP_GroundFL_access_in in interface Wire_VIP_GroundFL
access-group Marketing_access_in in interface Marketing
access-group Admin_access_in in interface Admin
access-group Warehouse_local_access_in in interface Warehouse_local
access-group SAP_ERP_PRD_VM_access_in in interface SAP_ERP_PRD_VM
access-group SAP_ERP_PRD_VM_access_out out interface SAP_ERP_PRD_VM
access-group SAP_ERP_UAT_VM_access_in in interface SAP_ERP_UAT_VM
access-group SAP_ERP_UAT_VM_access_out out interface SAP_ERP_UAT_VM
access-group SAP_ERP_MGMT_access_in in interface SAP_ERP_MGMT
access-group SAP_ERP_MGMT_access_out out interface SAP_ERP_MGMT
access-group MPT-INTERNET-FIBER_access_in in interface MPT-INTERNET-FIBER
access-group WAREHOUSE in interface Warehouse
access-group WAREHOUSE out interface Warehouse
access-group MCS_access_in in interface MCS
access-group MCS_access_out out interface MCS
access-group test-outside->Inside in interface test-outside
access-group test-outside_access_out out interface test-outside
access-group test-outside->Inside global
!
route-map SAP_ERP_UAT_VM permit 1
match interface SAP_ERP_UAT_VM
!
route-map SAP_ERP_PRD_VM permit 1
match interface SAP_ERP_PRD_VM
!
route-map test-Inside permit 2
!
route-map WIRELESS_VIP permit 1
match interface wireless_Link_VIP
!
route-map Inside-routemap permit 1
match interface Inside
!
route-map SAP_ERP_MGMT permit 1
match interface SAP_ERP_MGMT
!
route-map HR-DEPT permit 1
match interface HR_Department
!
route-map 1ST-FLOOR permit 1
match interface 1st_Floor
!
route-map WIRE-VIP-GROUND permit 1
match interface Wire_VIP_GroundFL
!
route-map MARKETING permit 1
match interface Marketing
!
route-map Warehouse permit 1
match interface Warehouse
!
route-map ADMIN-routemap permit 1
match interface Admin
!
route-map GROUND-FLOOR permit 1
match interface Ground_Floor
!
route-map WIRE-VIP-1ST permit 1
match interface Wire_VIP_1stFL
!
route-map ICT-routemap permit 1
match ip address Inside_User_YTP
match interface ICT_Department
!
route-map WIRELESS-GUEST permit 1
match interface wireless_Link__Guest
!
route MPT-INTERNET 0.0.0.0 0.0.0.0 203.81.79.233 2
route MPT-INTERNET-FIBER 0.0.0.0 0.0.0.0 100.95.32.105 3
route management 0.0.0.0 0.0.0.0 192.168.30.1 40
route test-outside 0.0.0.0 0.0.0.0 192.167.1.1 80
route Warehouse 192.168.5.0 255.255.255.0 192.168.3.50 1
route Warehouse 192.168.70.0 255.255.255.0 192.168.3.11 1
route Inside 192.168.153.0 255.255.255.0 192.168.2.23 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
user-identity default-domain LOCAL
aaa authentication enable console LOCAL
aaa authentication telnet console LOCAL
aaa authentication ssh console LOCAL
http server enable 4444
http 0.0.0.0 0.0.0.0 management
http 0.0.0.0 0.0.0.0 YTP-PUBLIC-Outside
http 0.0.0.0 0.0.0.0 Inside
http redirect management 80
snmp-server host Inside 192.168.2.6 community ***** version 2c
no snmp-server location
no snmp-server contact
snmp-server community *****
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transport
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map CITYMART_CRYPTO_MAP 65535 match address MPT-
INTERNET_cryptomap_65535.65535_3
crypto dynamic-map CITYMART_CRYPTO_MAP 65535 set pfs
crypto dynamic-map CITYMART_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-
SHA ESP-AES-192-SHA ESP-AES-256-SHA
crypto dynamic-map CITYMART_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192
AES
crypto dynamic-map CITYMART_CRYPTO_MAP 65535 set reverse-route
crypto map CITYMART_Outside 65535 ipsec-isakmp dynamic CITYMART_CRYPTO_MAP
crypto map CITYMART_Outside interface MPT-INTERNET
crypto map CITYMART_Outside interface YTP-PUBLIC-Outside
crypto map CITYMART_Outside interface YTP-MPLS-Outside
crypto map CITYMART_Outside interface YTP-MPLS-2-Outside
crypto map CITYMART_Outside interface Warehouse
crypto ca trustpool policy
crypto isakmp identity address
encryption aes-256
integrity sha
group 5 2
prf sha
encryption aes-192
integrity sha
group 5 2
prf sha
encryption aes
integrity sha
group 5 2 1
prf sha
crypto ikev2 enable MPT-INTERNET client-services port 443
crypto ikev2 enable YTP-PUBLIC-Outside client-services port 443
crypto ikev1 enable MPT-INTERNET
crypto ikev1 enable YTP-PUBLIC-Outside
crypto ikev1 enable YTP-MPLS-Outside
crypto ikev1 enable YTP-MPLS-2-Outside
crypto ikev1 enable Warehouse_local
crypto ikev1 enable Warehouse
encryption aes
hash sha
group 2
lifetime 86400
encryption aes-192
hash sha
group 2
lifetime 86400
encryption aes-256
hash sha
group 2
lifetime 86400
encryption 3des
hash sha
group 2
lifetime 86400
telnet 0.0.0.0 0.0.0.0 Inside
telnet timeout 5
ssh stricthostkeycheck
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
dhcp-client client-id interface YTP-PUBLIC-Outside
threat-detection basic-threat
threat-detection statistics host
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 192.168.2.250 source Inside prefer
webvpn
enable MPT-INTERNET
enable YTP-PUBLIC-Outside
enable MPT-INTERNET-FIBER
anyconnect image disk0:/anyconnect-macosx-i386-4.2.02075-k9.pkg 2
anyconnect image disk0:/anyconnect-win-4.2.02075-k9.pkg 3
anyconnect enable
tunnel-group-list enable
cache
disable
error-recovery disable
group-policy GroupPolicy1 internal
group-policy GroupPolicy1 attributes
vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec ssl-client
group-policy ANYCONNECT_POLICY internal
group-policy ANYCONNECT_POLICY attributes
dns-server value 192.168.2.250
vpn-tunnel-protocol ssl-client ssl-clientless
split-tunnel-policy tunnelspecified
split-tunnel-network-list value SPLIT_TUNNEL
webvpn
anyconnect keep-installer installed
anyconnect dpd-interval client 500
anyconnect ask none default anyconnect
dynamic-access-policy-record DfltAccessPolicy
username parkson password sleJ/sBwr.FMKPX. encrypted
username parkson attributes
username asc password sGL0EqCDUc/aDSZO encrypted privilege 15
username nlhtoo password kzEpy5Q.ANNh0VSZ encrypted
username nlhtoo attributes
username moehein password fKxFzgpXeIH368uF encrypted
username moehein attributes
username arnel password m8LZ0LNpaEkstQMC encrypted
username arnel attributes
username bank password PTs0SrtQlPHg1Znk encrypted
username bank attributes
username olivier password 7l96nCls3rpjHadf encrypted
username olivier attributes
username spl-mgr password vv0wWkyFJHsU/uOQ encrypted
username spl-mgr attributes
username seyc-stock password GaXp.hMzFt22w3Xp encrypted
username seyc-stock attributes
username seyc-central password KuaD1ECN5Jhy4mI. encrypted
username seyc-central attributes
username sunfish password TFEvRKamfJdGyJ6C encrypted
username sunfish attributes
username wailinn password 6w/DHqYi0DzfqonI encrypted
username wailinn attributes
username vpnuser password tAtXXvCxpjX0dUEC encrypted
username vpnuser attributes
username dcadmin-exec password dF166nBiYhHR.Yn8 encrypted
username dcadmin-exec attributes
username haglinv password Evs/WCESJVcCp8nA encrypted
username haglinv attributes
username office-tab password yvDtX0/MGItHDaDM encrypted
username office-tab attributes
username haglmgr password gX4agkXzFb0/gJLW encrypted
username haglmgr attributes
username akksnr password iG7Jcwhk1/PpJZBr encrypted
username akksnr attributes
username cisco password 3USUcOPFUiMCO4Jk encrypted privilege 15
username hr-director password 3wgO82TxQOgVREY0 encrypted
username hr-director attributes
username wlin password LDlBQEzp2xVB/vRb encrypted privilege 15
username wlin attributes
service-type admin
username thaung password Pb3OUmQftWrOITdZ encrypted
username ocdpmgr password 0S/ODF1xVWhbscmu encrypted
username ocdpmgr attributes
username amhlaing password aVEibZblYXuaY7qv encrypted
username eyc-central password cjSL9iEMS8akLqrR encrypted
username eyc-central attributes
username herve password 9lwTUwFVMZK8lHeV encrypted
username cmpl-mgr password 5vL/vS0panhMUcBr encrypted
username cmpl-mgr attributes
username cmpfs password pmxe5ioz58kT4kPG encrypted
username cmpfs attributes
username c-kitchen password uCGrKGkVI/h.lKux encrypted
username c-kitchen attributes
username cmnaing password /GYKG3dfTzmSNyEj encrypted
tunnel-group DefaultL2LGroup general-attributes
default-group-policy GroupPolicy1
tunnel-group DefaultL2LGroup ipsec-attributes
ikev1 pre-shared-key *****
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
tunnel-group ANY_TUNNEL type remote-access
tunnel-group ANY_TUNNEL general-attributes
address-pool ANY_VPN_POOL
default-group-policy ANYCONNECT_POLICY
tunnel-group ANY_TUNNEL webvpn-attributes
group-alias SSL_USERS enable
!
class-map sfr
match access-list SFR_REDIRECT
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
class sfr
sfr fail-open
inspect http
class class-default
user-statistics accounting
inspect ftp
policy-map type inspect dns migrated_dns_map_1
parameters
!
service-policy global_policy global
prompt hostname context
!
jumbo-frame reservation
!
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http
https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
hpm topN enable

About Connection

Încărcat de

Informații document

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

About Connection

Încărcat de

Drepturi de autor:

Formate disponibile

9675

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

S* 0.0.0.0 0.0.0.0 [1/0] via 122.248.120.1, YTP-PUBLIC-Outside

S-ar putea să vă placă și