01 May, 2015

Cisco ASA 5500 Software Version 8.4(2)

ASA# show running-config all
: Saved
:
ASA Version 8.4(2)
!
command-alias exec h help
command-alias exec lo logout
command-alias exec p ping
command-alias exec s show
terminal width 80
hostname ASA
enable password 2KFQnbNIdI.2KYOU encrypted
no fips enable
passwd 2KFQnbNIdI.2KYOU encrypted
names
lacp system-priority 32768
!
interface GigabitEthernet0
 nameif management
 security-level 100
 ip address 192.168.0.10 255.255.255.0
 delay 10
 management-only
!
interface GigabitEthernet1
 shutdown
 no nameif
 no security-level
 no ip address
 delay 10
!
interface GigabitEthernet2
 shutdown
 no nameif
 no security-level
 no ip address
 delay 10
!
regex _default_GoToMyPC-tunnel "machinekey"
regex _default_GoToMyPC-tunnel_2 "[/\\]erc[/\\]Poll"
regex _default_yahoo-messenger "YMSG"
regex _default_httport-tunnel "photo[.]exectech[-]va[.]com"
regex _default_gnu-http-tunnel_uri "[/\\]index[.]html"
regex _default_firethru-tunnel_1 "firethru[.]com"
regex _default_gator "Gator"
regex _default_firethru-tunnel_2 "[/\\]cgi[-]bin[/\\]proxy"
regex _default_shoutcast-tunneling-protocol "1"
regex _default_http-tunnel "[/\\]HT_PortLog.aspx"
regex _default_x-kazaa-network "[xX]-[kK][aA][zZ][aA][aA]-[nN][eE][tT][wW][oO][rR][kK]"
regex _default_msn-messenger "[Aa][Pp][Pp][Ll][Ii][Cc][Aa][Tt][Ii][Oo][Nn][/\\][Xx][-][Mm][Ss][Nn][-][Mm][Ee][Ss][Ss][Ee][Nn][Gg][Ee][Rr]"
regex _default_aim-messenger "[Hh][Tt][Tt][Pp][.][Pp][Rr][Oo][Xx][Yy][.][Ii][Cc][Qq][.][Cc][Oo][Mm]"
regex _default_gnu-http-tunnel_arg "crap"
regex _default_icy-metadata "[iI][cC][yY]-[mM][eE][tT][aA][dD][aA][tT][aA]"
regex _default_windows-media-player-tunnel "NSPlayer"
checkheaps check-interval 60
checkheaps validate-checksum 60
ftp mode passive
clock timezone UTC 0
object service ah pre-defined
 service ah
 description This is a pre-defined object
object service eigrp pre-defined
 service eigrp
 description This is a pre-defined object
object service esp pre-defined
 service esp
 description This is a pre-defined object
object service gre pre-defined
 service gre
 description This is a pre-defined object
object service icmp pre-defined
 service icmp
 description This is a pre-defined object
object service icmp6 pre-defined
 service icmp6
 description This is a pre-defined object
object service igmp pre-defined
 service igmp
 description This is a pre-defined object
object service igrp pre-defined
 service igrp
 description This is a pre-defined object
object service ip pre-defined
 service ip
 description This is a pre-defined object
object service ipinip pre-defined
 service ipinip
 description This is a pre-defined object
object service ipsec pre-defined
 service esp
 description This is a pre-defined object
object service nos pre-defined
 service nos
 description This is a pre-defined object
object service ospf pre-defined
 service ospf
 description This is a pre-defined object
object service pcp pre-defined
 service pcp
 description This is a pre-defined object
object service pim pre-defined
 service pim
 description This is a pre-defined object
object service pptp pre-defined
 service gre
 description This is a pre-defined object
object service snp pre-defined
 service snp
 description This is a pre-defined object
object service tcp pre-defined
 service tcp
 description This is a pre-defined object
object service udp pre-defined
 service udp
 description This is a pre-defined object
object service tcp-aol pre-defined
 service tcp destination eq aol
 description This is a pre-defined object
object service tcp-bgp pre-defined
 service tcp destination eq bgp
 description This is a pre-defined object
object service tcp-chargen pre-defined
 service tcp destination eq chargen
 description This is a pre-defined object
object service tcp-cifs pre-defined
 service tcp destination eq cifs
 description This is a pre-defined object
object service tcp-citrix-ica pre-defined
 service tcp destination eq citrix-ica
 description This is a pre-defined object
object service tcp-ctiqbe pre-defined
 service tcp destination eq ctiqbe
 description This is a pre-defined object
object service tcp-daytime pre-defined
 service tcp destination eq daytime
 description This is a pre-defined object
object service tcp-discard pre-defined
 service tcp destination eq discard
 description This is a pre-defined object
object service tcp-domain pre-defined
 service tcp destination eq domain
 description This is a pre-defined object
object service tcp-echo pre-defined
 service tcp destination eq echo
 description This is a pre-defined object
object service tcp-exec pre-defined
 service tcp destination eq exec
 description This is a pre-defined object
object service tcp-finger pre-defined
 service tcp destination eq finger
 description This is a pre-defined object
object service tcp-ftp pre-defined
 service tcp destination eq ftp
 description This is a pre-defined object
object service tcp-ftp-data pre-defined
 service tcp destination eq ftp-data
 description This is a pre-defined object
object service tcp-gopher pre-defined
 service tcp destination eq gopher
 description This is a pre-defined object
object service tcp-ident pre-defined
 service tcp destination eq ident
 description This is a pre-defined object
object service tcp-imap4 pre-defined
 service tcp destination eq imap4
 description This is a pre-defined object
object service tcp-irc pre-defined
 service tcp destination eq irc
 description This is a pre-defined object
object service tcp-hostname pre-defined
 service tcp destination eq hostname
 description This is a pre-defined object
object service tcp-kerberos pre-defined
 service tcp destination eq kerberos
 description This is a pre-defined object
object service tcp-klogin pre-defined
 service tcp destination eq klogin
 description This is a pre-defined object
object service tcp-kshell pre-defined
 service tcp destination eq kshell
 description This is a pre-defined object
object service tcp-ldap pre-defined
 service tcp destination eq ldap
 description This is a pre-defined object
object service tcp-ldaps pre-defined
 service tcp destination eq ldaps
 description This is a pre-defined object
object service tcp-login pre-defined
 service tcp destination eq login
 description This is a pre-defined object
object service tcp-lotusnotes pre-defined
 service tcp destination eq lotusnotes
 description This is a pre-defined object
object service tcp-nfs pre-defined
 service tcp destination eq nfs
 description This is a pre-defined object
object service tcp-netbios-ssn pre-defined
 service tcp destination eq netbios-ssn
 description This is a pre-defined object
object service tcp-whois pre-defined
 service tcp destination eq whois
 description This is a pre-defined object
object service tcp-nntp pre-defined
 service tcp destination eq nntp
 description This is a pre-defined object
object service tcp-pcanywhere-data pre-defined
 service tcp destination eq pcanywhere-data
 description This is a pre-defined object
object service tcp-pim-auto-rp pre-defined
 service tcp destination eq pim-auto-rp
 description This is a pre-defined object
object service tcp-pop2 pre-defined
 service tcp destination eq pop2
 description This is a pre-defined object
object service tcp-pop3 pre-defined
 service tcp destination eq pop3
 description This is a pre-defined object
object service tcp-pptp pre-defined
 service tcp destination eq pptp
 description This is a pre-defined object
object service tcp-lpd pre-defined
 service tcp destination eq lpd
 description This is a pre-defined object
object service tcp-rsh pre-defined
 service tcp destination eq rsh
 description This is a pre-defined object
object service tcp-rtsp pre-defined
 service tcp destination eq rtsp
 description This is a pre-defined object
object service tcp-sip pre-defined
 service tcp destination eq sip
 description This is a pre-defined object
object service tcp-smtp pre-defined
 service tcp destination eq smtp
 description This is a pre-defined object
object service tcp-ssh pre-defined
 service tcp destination eq ssh
 description This is a pre-defined object
object service tcp-sunrpc pre-defined
 service tcp destination eq sunrpc
 description This is a pre-defined object
object service tcp-tacacs pre-defined
 service tcp destination eq tacacs
 description This is a pre-defined object
object service tcp-talk pre-defined
 service tcp destination eq talk
 description This is a pre-defined object
object service tcp-telnet pre-defined
 service tcp destination eq telnet
 description This is a pre-defined object
object service tcp-uucp pre-defined
 service tcp destination eq uucp
 description This is a pre-defined object
object service tcp-www pre-defined
 service tcp destination eq www
 description This is a pre-defined object
object service tcp-http pre-defined
 service tcp destination eq www
 description This is a pre-defined object
object service tcp-https pre-defined
 service tcp destination eq https
 description This is a pre-defined object
object service tcp-cmd pre-defined
 service tcp destination eq rsh
 description This is a pre-defined object
object service tcp-sqlnet pre-defined
 service tcp destination eq sqlnet
 description This is a pre-defined object
object service tcp-h323 pre-defined
 service tcp destination eq h323
 description This is a pre-defined object
object service tcp-udp-cifs pre-defined
 service tcp-udp destination eq cifs
 description This is a pre-defined object
object service tcp-udp-discard pre-defined
 service tcp-udp destination eq discard
 description This is a pre-defined object
object service tcp-udp-domain pre-defined
 service tcp-udp destination eq domain
 description This is a pre-defined object
object service tcp-udp-echo pre-defined
 service tcp-udp destination eq echo
 description This is a pre-defined object
object service tcp-udp-kerberos pre-defined
 service tcp-udp destination eq kerberos
 description This is a pre-defined object
object service tcp-udp-nfs pre-defined
 service tcp-udp destination eq nfs
 description This is a pre-defined object
object service tcp-udp-pim-auto-rp pre-defined
 service tcp-udp destination eq pim-auto-rp
 description This is a pre-defined object
object service tcp-udp-sip pre-defined
 service tcp-udp destination eq sip
 description This is a pre-defined object
object service tcp-udp-sunrpc pre-defined
 service tcp-udp destination eq sunrpc
 description This is a pre-defined object
object service tcp-udp-tacacs pre-defined
 service tcp-udp destination eq tacacs
 description This is a pre-defined object
object service tcp-udp-www pre-defined
 service tcp-udp destination eq www
 description This is a pre-defined object
object service tcp-udp-http pre-defined
 service tcp-udp destination eq www
 description This is a pre-defined object
object service tcp-udp-talk pre-defined
 service tcp-udp destination eq talk
 description This is a pre-defined object
object service udp-biff pre-defined
 service udp destination eq biff
 description This is a pre-defined object
object service udp-bootpc pre-defined
 service udp destination eq bootpc
 description This is a pre-defined object
object service udp-bootps pre-defined
 service udp destination eq bootps
 description This is a pre-defined object
object service udp-cifs pre-defined
 service udp destination eq cifs
 description This is a pre-defined object
object service udp-discard pre-defined
 service udp destination eq discard
 description This is a pre-defined object
object service udp-domain pre-defined
 service udp destination eq domain
 description This is a pre-defined object
object service udp-dnsix pre-defined
 service udp destination eq dnsix
 description This is a pre-defined object
object service udp-echo pre-defined
 service udp destination eq echo
 description This is a pre-defined object
object service udp-www pre-defined
 service udp destination eq www
 description This is a pre-defined object
object service udp-http pre-defined
 service udp destination eq www
 description This is a pre-defined object
object service udp-nameserver pre-defined
 service udp destination eq nameserver
 description This is a pre-defined object
object service udp-kerberos pre-defined
 service udp destination eq kerberos
 description This is a pre-defined object
object service udp-mobile-ip pre-defined
 service udp destination eq mobile-ip
 description This is a pre-defined object
object service udp-nfs pre-defined
 service udp destination eq nfs
 description This is a pre-defined object
object service udp-netbios-ns pre-defined
 service udp destination eq netbios-ns
 description This is a pre-defined object
object service udp-netbios-dgm pre-defined
 service udp destination eq netbios-dgm
 description This is a pre-defined object
object service udp-ntp pre-defined
 service udp destination eq ntp
 description This is a pre-defined object
object service udp-pcanywhere-status pre-defined
 service udp destination eq pcanywhere-status
 description This is a pre-defined object
object service udp-pim-auto-rp pre-defined
 service udp destination eq pim-auto-rp
 description This is a pre-defined object
object service udp-radius pre-defined
 service udp destination eq radius
 description This is a pre-defined object
object service udp-radius-acct pre-defined
 service udp destination eq radius-acct
 description This is a pre-defined object
object service udp-rip pre-defined
 service udp destination eq rip
 description This is a pre-defined object
object service udp-secureid-udp pre-defined
 service udp destination eq secureid-udp
 description This is a pre-defined object
object service udp-sip pre-defined
 service udp destination eq sip
 description This is a pre-defined object
object service udp-snmp pre-defined
 service udp destination eq snmp
 description This is a pre-defined object
object service udp-snmptrap pre-defined
 service udp destination eq snmptrap
 description This is a pre-defined object
object service udp-sunrpc pre-defined
 service udp destination eq sunrpc
 description This is a pre-defined object
object service udp-syslog pre-defined
 service udp destination eq syslog
 description This is a pre-defined object
object service udp-tacacs pre-defined
 service udp destination eq tacacs
 description This is a pre-defined object
object service udp-talk pre-defined
 service udp destination eq talk
 description This is a pre-defined object
object service udp-tftp pre-defined
 service udp destination eq tftp
 description This is a pre-defined object
object service udp-time pre-defined
 service udp destination eq time
 description This is a pre-defined object
object service udp-who pre-defined
 service udp destination eq who
 description This is a pre-defined object
object service udp-xdmcp pre-defined
 service udp destination eq xdmcp
 description This is a pre-defined object
object service udp-isakmp pre-defined
 service udp destination eq isakmp
 description This is a pre-defined object
object service icmp6-unreachable pre-defined
 service icmp6 unreachable
 description This is a pre-defined object
object service icmp6-packet-too-big pre-defined
 service icmp6 packet-too-big
 description This is a pre-defined object
object service icmp6-time-exceeded pre-defined
 service icmp6 time-exceeded
 description This is a pre-defined object
object service icmp6-parameter-problem pre-defined
 service icmp6 parameter-problem
 description This is a pre-defined object
object service icmp6-echo pre-defined
 service icmp6 echo
 description This is a pre-defined object
object service icmp6-echo-reply pre-defined
 service icmp6 echo-reply
 description This is a pre-defined object
object service icmp6-membership-query pre-defined
 service icmp6 membership-query
 description This is a pre-defined object
object service icmp6-membership-report pre-defined
 service icmp6 membership-report
 description This is a pre-defined object
object service icmp6-membership-reduction pre-defined
 service icmp6 membership-reduction
 description This is a pre-defined object
object service icmp6-router-renumbering pre-defined
 service icmp6 router-renumbering
 description This is a pre-defined object
object service icmp6-router-solicitation pre-defined
 service icmp6 router-solicitation
 description This is a pre-defined object
object service icmp6-router-advertisement pre-defined
 service icmp6 router-advertisement
 description This is a pre-defined object
object service icmp6-neighbor-solicitation pre-defined
 service icmp6 neighbor-solicitation
 description This is a pre-defined object
object service icmp6-neighbor-advertisement pre-defined
 service icmp6 neighbor-advertisement
 description This is a pre-defined object
object service icmp6-neighbor-redirect pre-defined
 service icmp6 neighbor-redirect
 description This is a pre-defined object
object service icmp-echo pre-defined
 service icmp echo
 description This is a pre-defined object
object service icmp-echo-reply pre-defined
 service icmp echo-reply
 description This is a pre-defined object
object service icmp-unreachable pre-defined
 service icmp unreachable
 description This is a pre-defined object
object service icmp-source-quench pre-defined
 service icmp source-quench
 description This is a pre-defined object
object service icmp-redirect pre-defined
 service icmp redirect
 description This is a pre-defined object
object service icmp-alternate-address pre-defined
 service icmp alternate-address
 description This is a pre-defined object
object service icmp-router-advertisement pre-defined
 service icmp router-advertisement
 description This is a pre-defined object
object service icmp-router-solicitation pre-defined
 service icmp router-solicitation
 description This is a pre-defined object
object service icmp-time-exceeded pre-defined
 service icmp time-exceeded
 description This is a pre-defined object
object service icmp-parameter-problem pre-defined
 service icmp parameter-problem
 description This is a pre-defined object
object service icmp-timestamp-request pre-defined
 service icmp timestamp-request
 description This is a pre-defined object
object service icmp-timestamp-reply pre-defined
 service icmp timestamp-reply
 description This is a pre-defined object
object service icmp-information-request pre-defined
 service icmp information-request
 description This is a pre-defined object
object service icmp-information-reply pre-defined
 service icmp information-reply
 description This is a pre-defined object
object service icmp-mask-request pre-defined
 service icmp mask-request
 description This is a pre-defined object
object service icmp-mask-reply pre-defined
 service icmp mask-reply
 description This is a pre-defined object
object service icmp-traceroute pre-defined
 service icmp traceroute
 description This is a pre-defined object
object service icmp-conversion-error pre-defined
 service icmp conversion-error
 description This is a pre-defined object
object service icmp-mobile-redirect pre-defined
 service icmp mobile-redirect
 description This is a pre-defined object
pager lines 24
logging buffer-size 4096
logging asdm-buffer-size 100
logging flash-minimum-free 3076
logging flash-maximum-allocation 1024
logging rate-limit 1 1 message 402116
logging rate-limit 1 10 message 620002
logging rate-limit 1 10 message 717015
logging rate-limit 1 10 message 717018
logging rate-limit 1 10 message 201013
logging rate-limit 1 10 message 201012
logging rate-limit 100 1 message 750003
logging rate-limit 100 1 message 750002
logging rate-limit 100 1 message 750004
logging rate-limit 1 10 message 419003
logging rate-limit 1 10 message 405002
logging rate-limit 1 10 message 421007
logging rate-limit 1 10 message 405001
logging rate-limit 1 10 message 421001
logging rate-limit 1 10 message 421002
logging rate-limit 1 10 message 337004
logging rate-limit 1 10 message 337005
logging rate-limit 1 10 message 337001
logging rate-limit 1 10 message 337002
logging rate-limit 1 10 message 337003
logging rate-limit 2 5 message 199011
logging rate-limit 1 10 message 199010
logging rate-limit 1 10 message 337009
logging rate-limit 2 5 message 199012
logging rate-limit 1 10 message 710002
logging rate-limit 1 10 message 209003
logging rate-limit 1 10 message 209004
logging rate-limit 1 10 message 209005
logging rate-limit 1 10 message 431002
logging rate-limit 1 10 message 431001
logging rate-limit 1 1 message 447001
logging rate-limit 1 10 message 110003
logging rate-limit 1 10 message 110002
logging rate-limit 1 10 message 216004
logging rate-limit 1 10 message 450001
flow-export template timeout-rate 30
mtu management 1500
no failover
failover lan unit secondary
failover polltime unit 1 holdtime 15
failover polltime interface 5 holdtime 25
failover interface-policy 1
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-649.bin
no asdm history enable
arp timeout 14400
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
 action continue
user-identity enable
user-identity domain LOCAL
user-identity default-domain LOCAL
user-identity action mac-address-mismatch remove-user-ip
user-identity inactive-user-timer minutes 60
user-identity poll-import-user-group-timer hours 8
user-identity ad-agent active-user-database full-download
user-identity ad-agent hello-timer seconds 30 retry-times 5
no user-identity user-not-found enable
aaa authentication ssh console LOCAL
http server enable 443
http 192.168.0.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
no snmp-server enable traps syslog
no snmp-server enable traps ipsec start stop
no snmp-server enable traps entity config-change fru-insert fru-remove fan-failure power-supply cpu-temperature
no snmp-server enable traps memory-threshold
no snmp-server enable traps interface-threshold
no snmp-server enable traps remote-access session-threshold-exceeded
no snmp-server enable traps connection-limit-reached
no snmp-server enable traps cpu threshold rising
no snmp-server enable traps ikev2 start stop
no snmp-server enable traps nat packet-discard
snmp-server enable
snmp-server listen-port 161
fragment size 200 management
fragment chain 24 management
fragment timeout 5 management
no fragment reassembly full management
no sysopt connection timewait
sysopt connection tcpmss 1380
sysopt connection tcpmss minimum 0
sysopt connection permit-vpn
sysopt connection reclassify-vpn
no sysopt connection preserve-vpn-flows
no sysopt radius ignore-secret
no sysopt noproxyarp management
service password-recovery
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto ipsec security-association replay window-size 64
crypto ipsec fragmentation before-encryption management
crypto ipsec df-bit copy-df management
crypto isakmp identity auto
crypto isakmp nat-traversal 20
crypto ikev2 cookie-challenge 50
crypto ikev2 limit max-in-negotiation-sa 100
no crypto ikev2 limit max-sa
crypto ikev2 redirect during-auth
telnet timeout 5
ssh 192.168.0.0 255.255.255.0 management
ssh timeout 5
ssh version 2
console timeout 0
vpn-addr-assign aaa
vpn-addr-assign dhcp
vpn-addr-assign local reuse-delay 0
no vpn-sessiondb max-other-vpn-limit
no vpn-sessiondb max-anyconnect-premium-or-essentials-limit
no remote-access threshold
l2tp tunnel hello 60
!
tls-proxy maximum-session 0
!
threat-detection rate dos-drop rate-interval 600 average-rate 100 burst-rate 400
threat-detection rate dos-drop rate-interval 3600 average-rate 80 burst-rate 320
threat-detection rate bad-packet-drop rate-interval 600 average-rate 100 burst-rate 400
threat-detection rate bad-packet-drop rate-interval 3600 average-rate 80 burst-rate 320
threat-detection rate acl-drop rate-interval 600 average-rate 400 burst-rate 800
threat-detection rate acl-drop rate-interval 3600 average-rate 320 burst-rate 640
threat-detection rate conn-limit-drop rate-interval 600 average-rate 100 burst-rate 400
threat-detection rate conn-limit-drop rate-interval 3600 average-rate 80 burst-rate 320
threat-detection rate icmp-drop rate-interval 600 average-rate 100 burst-rate 400
threat-detection rate icmp-drop rate-interval 3600 average-rate 80 burst-rate 320
threat-detection rate scanning-threat rate-interval 600 average-rate 5 burst-rate 10
threat-detection rate scanning-threat rate-interval 3600 average-rate 4 burst-rate 8
threat-detection rate syn-attack rate-interval 600 average-rate 100 burst-rate 200
threat-detection rate syn-attack rate-interval 3600 average-rate 80 burst-rate 160
threat-detection rate fw-drop rate-interval 600 average-rate 400 burst-rate 1600
threat-detection rate fw-drop rate-interval 3600 average-rate 320 burst-rate 1280
threat-detection rate inspect-drop rate-interval 600 average-rate 400 burst-rate 1600
threat-detection rate inspect-drop rate-interval 3600 average-rate 320 burst-rate 1280
threat-detection rate interface-drop rate-interval 600 average-rate 2000 burst-rate 8000
threat-detection rate interface-drop rate-interval 3600 average-rate 1600 burst-rate 6400
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl server-version any
ssl client-version any
ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1
webvpn
 memory-size percent 50
 port 443
 dtls port 443
 character-encoding none
 no http-proxy
 no https-proxy
 default-idle-timeout 1800
 portal-access-rule none
 no csd enable
 no anyconnect enable
 no tunnel-group-list enable
 no tunnel-group-preference group-url
 rewrite order 65535 enable resource-mask *
 no internal-password
 no onscreen-keyboard
 no default-language
 no smart-tunnel notification-icon
 no keepout
 cache
  no disable
  max-object-size 1000
  min-object-size 0
  no cache-static-content enable
  lmfactor 20
  expiry-time 1
  no auto-signon
 no error-recovery disable
 no mus password
 mus host mus.cisco.com
: # show import webvpn customization
: Template
: DfltCustomization
: # show import webvpn url-list
: Template
: # show import webvpn translation-table
: Translation Tables' Templates:
:   PortForwarder
:   banners
:   customization
:   url-list
:   webvpn
: Translation Tables:
:   fr                   PortForwarder
:   fr                   customization
:   fr                   webvpn
:   ja                   PortForwarder
:   ja                   customization
:   ja                   webvpn
:   ru                   PortForwarder
:   ru                   customization
:   ru                   webvpn
: # show import webvpn mst-translation
: No MS translation tables defined
: # show import webvpn webcontent
: No custom webcontent is loaded
: # show import webvpn AnyConnect-customization
: No OEM resources defined
: # show import webvpn plug-in
:
group-policy DfltGrpPolicy internal
group-policy DfltGrpPolicy attributes
 banner none
 wins-server none
 dns-server none
 dhcp-network-scope none
 vpn-access-hours none
 vpn-simultaneous-logins 3
 vpn-idle-timeout 30
 vpn-session-timeout none
 vpn-filter none
 ipv6-vpn-filter none
 vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec ssl-clientless
 password-storage disable
 ip-comp disable
 re-xauth disable
 group-lock none
 pfs disable
 ipsec-udp disable
 ipsec-udp-port 10000
 split-tunnel-policy tunnelall
 split-tunnel-network-list none
 default-domain none
 split-dns none
 split-tunnel-all-dns disable
 intercept-dhcp 255.255.255.255 disable
 secure-unit-authentication disable
 user-authentication disable
 user-authentication-idle-timeout 30
 ip-phone-bypass disable
 leap-bypass disable
 nem disable
 backup-servers keep-client-config
 msie-proxy server none
 msie-proxy method no-modify
 msie-proxy except-list none
 msie-proxy local-bypass disable
 msie-proxy pac-url none
 msie-proxy lockdown enable
 vlan none
 nac-settings none
 address-pools none
 ipv6-address-pools none
 smartcard-removal-disconnect enable
 scep-forwarding-url none
 client-firewall none
 client-access-rule none
 webvpn
  url-list none
  filter none
  homepage none
  html-content-filter none
  port-forward name Application Access
  port-forward disable
  http-proxy disable
  sso-server none
  anyconnect ssl dtls enable
  anyconnect mtu 1406
  anyconnect firewall-rule client-interface private none
  anyconnect firewall-rule client-interface public none
  anyconnect keep-installer installed
  anyconnect ssl keepalive 20
  anyconnect ssl rekey time none
  anyconnect ssl rekey method none
  anyconnect dpd-interval client 30
  anyconnect dpd-interval gateway 30
  anyconnect ssl compression none
  anyconnect modules none
  anyconnect profiles none
  anyconnect ask none
  customization none
  keep-alive-ignore 4
  http-comp gzip
  download-max-size 2147483647
  upload-max-size 2147483647
  post-max-size 2147483647
  user-storage none
  storage-objects value cookies,credentials
  storage-key none
  hidden-shares none
  smart-tunnel disable
  activex-relay enable
  unix-auth-uid 65534
  unix-auth-gid 65534
  file-entry enable
  file-browsing enable
  url-entry enable
  deny-message value Login was successful, but because certain criteria have not been met or due to some specific group policy, you do not have permission to use any of the VPN features. Contact your IT administrator for more information
  smart-tunnel auto-signon disable
  anyconnect ssl df-bit-ignore disable
  anyconnect routing-filtering-ignore disable
  smart-tunnel tunnel-policy tunnelall
  always-on-vpn profile-setting
username admin password f3UhLvUj1QsXsuK7 encrypted privilege 15
tunnel-group DefaultL2LGroup type ipsec-l2l
tunnel-group DefaultL2LGroup general-attributes
 no accounting-server-group
 default-group-policy DfltGrpPolicy
tunnel-group DefaultL2LGroup ipsec-attributes
 no ikev1 pre-shared-key
 peer-id-validate req
 no chain
 no ikev1 trust-point
 isakmp keepalive threshold 10 retry 2
 no ikev2 remote-authentication
 no ikev2 local-authentication
tunnel-group DefaultRAGroup type remote-access
tunnel-group DefaultRAGroup general-attributes
 no address-pool
 no ipv6-address-pool
 authentication-server-group LOCAL
 secondary-authentication-server-group none
 no accounting-server-group
 default-group-policy DfltGrpPolicy
 no dhcp-server
 no strip-realm
 no scep-enrollment enable
 no password-management
 no override-account-disable
 no strip-group
 no authorization-required
 username-from-certificate CN OU
 secondary-username-from-certificate CN OU
 authentication-attr-from-server primary
 authenticated-session-username primary
tunnel-group DefaultRAGroup webvpn-attributes
 customization DfltCustomization
 authentication aaa
 no override-svc-download
 no radius-reject-message
 no proxy-auth sdi
 no pre-fill-username ssl-client
 no pre-fill-username clientless
 no secondary-pre-fill-username ssl-client
 no secondary-pre-fill-username clientless
 dns-group DefaultDNS
 no without-csd
tunnel-group DefaultRAGroup ipsec-attributes
 no ikev1 pre-shared-key
 peer-id-validate req
 no chain
 no ikev1 trust-point
 no ikev1 radius-sdi-xauth
 isakmp keepalive threshold 300 retry 2
 ikev1 user-authentication xauth
 no ikev2 remote-authentication
 no ikev2 local-authentication
tunnel-group DefaultRAGroup ppp-attributes
 no authentication pap
 authentication chap
 authentication ms-chap-v1
 no authentication ms-chap-v2
 no authentication eap-proxy
tunnel-group DefaultWEBVPNGroup type remote-access
tunnel-group DefaultWEBVPNGroup general-attributes
 no address-pool
 no ipv6-address-pool
 authentication-server-group LOCAL
 secondary-authentication-server-group none
 no accounting-server-group
 default-group-policy DfltGrpPolicy
 no dhcp-server
 no strip-realm
 no scep-enrollment enable
 no password-management
 no override-account-disable
 no strip-group
 no authorization-required
 username-from-certificate CN OU
 secondary-username-from-certificate CN OU
 authentication-attr-from-server primary
 authenticated-session-username primary
tunnel-group DefaultWEBVPNGroup webvpn-attributes
 customization DfltCustomization
 authentication aaa
 no override-svc-download
 no radius-reject-message
 no proxy-auth sdi
 no pre-fill-username ssl-client
 no pre-fill-username clientless
 no secondary-pre-fill-username ssl-client
 no secondary-pre-fill-username clientless
 dns-group DefaultDNS
 no without-csd
tunnel-group DefaultWEBVPNGroup ipsec-attributes
 no ikev1 pre-shared-key
 peer-id-validate req
 no chain
 no ikev1 trust-point
 no ikev1 radius-sdi-xauth
 isakmp keepalive threshold 300 retry 2
 ikev1 user-authentication xauth
 no ikev2 remote-authentication
 no ikev2 local-authentication
tunnel-group DefaultWEBVPNGroup ppp-attributes
 no authentication pap
 authentication chap
 authentication ms-chap-v1
 no authentication ms-chap-v2
 no authentication eap-proxy
!
class-map type inspect http match-all _default_gator
 match request header user-agent regex _default_gator
class-map type inspect http match-all _default_msn-messenger
 match response header content-type regex _default_msn-messenger
class-map type inspect http match-all _default_yahoo-messenger
 match request body regex _default_yahoo-messenger
class-map type inspect http match-all _default_windows-media-player-tunnel
 match request header user-agent regex _default_windows-media-player-tunnel
class-map type inspect http match-all _default_gnu-http-tunnel
 match request args regex _default_gnu-http-tunnel_arg
 match request uri regex _default_gnu-http-tunnel_uri
class-map type inspect http match-all _default_firethru-tunnel
 match request header host regex _default_firethru-tunnel_1
 match request uri regex _default_firethru-tunnel_2
class-map type inspect http match-all _default_aim-messenger
 match request header host regex _default_aim-messenger
class-map type inspect http match-all _default_http-tunnel
 match request uri regex _default_http-tunnel
class-map type inspect http match-all _default_kazaa
 match response header regex _default_x-kazaa-network count gt 0
class-map type inspect http match-all _default_shoutcast-tunneling-protocol
 match request header regex _default_icy-metadata regex _default_shoutcast-tunneling-protocol
class-map class-default
 match any
class-map type inspect http match-all _default_GoToMyPC-tunnel
 match request args regex _default_GoToMyPC-tunnel
 match request uri regex _default_GoToMyPC-tunnel_2
class-map type inspect http match-all _default_httport-tunnel
 match request header host regex _default_httport-tunnel
!
!
policy-map type inspect rtsp _default_rtsp_map
 description Default RTSP policymap
 parameters
policy-map type inspect h323 _default_h323_map
 description Default H.323 policymap
 parameters
  no rtp-conformance
policy-map type inspect sip _default_sip_map
 description Default SIP policymap
 parameters
  im
  no ip-address-privacy
  traffic-non-sip
  no rtp-conformance
policy-map type inspect dns _default_dns_map
 description Default DNS policy-map
 parameters
  no message-length maximum client
  no message-length maximum
  no message-length maximum server
  dns-guard
  protocol-enforcement
  nat-rewrite
  no id-randomization
  no id-mismatch
  no tsig enforced
policy-map type inspect ipsec-pass-thru _default_ipsec_passthru_map
 description Default IPSEC-PASS-THRU policy-map
 parameters
  esp per-client-max 0 timeout 0:10:00
policy-map type inspect esmtp _default_esmtp_map
 description Default ESMTP policy-map
 parameters
  mask-banner
  no mail-relay
  no special-character
  no allow-tls
 match cmd line length gt 512
  drop-connection log
 match cmd RCPT count gt 100
  drop-connection log
 match body line length gt 998
  log
 match header line length gt 998
  drop-connection log
 match sender-address length gt 320
  drop-connection log
 match MIME filename length gt 255
  drop-connection log
 match ehlo-reply-parameter others
  mask
policy-map type inspect ip-options _default_ip_options_map
 description Default IP-OPTIONS policy-map
 parameters
  router-alert action allow
!
imap4s
 port 993
 no server
 outstanding 20
 name-separator :
 server-separator @
 authentication-server-group LOCAL
 no authorization-server-group
 no accounting-server-group
 default-group-policy DfltGrpPolicy
 no authentication
 no authorization-required
 authorization-dn-attributes CN OU
pop3s
 port 995
 no server
 outstanding 20
 name-separator :
 server-separator @
 authentication-server-group LOCAL
 no authorization-server-group
 no accounting-server-group
 default-group-policy DfltGrpPolicy
 no authentication
 no authorization-required
 authorization-dn-attributes CN OU
smtps
 port 988
 no server
 outstanding 20
 name-separator :
 server-separator @
 authentication-server-group LOCAL
 no authorization-server-group
 no accounting-server-group
 default-group-policy DfltGrpPolicy
 authentication aaa
 no authorization-required
 authorization-dn-attributes CN OU
prompt hostname context
auto-update device-id hostname
auto-update poll-period 720 0 5
auto-update timeout 0
compression anyconnect-ssl http-comp
no coredump enable
no call-home reporting anonymous
call-home
 alert-group all
 alert-group-config environment
  threshold cpu 85-90
  threshold memory 85-90
 event-queue-size 10
 rate-limit 10
 profile CiscoTAC-1
  no active
  destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
  destination address email callhome@cisco.com
  destination message-size-limit 3145728
  destination preferred-msg-format xml
  destination transport-method http
  subscribe-to-alert-group diagnostic severity informational
  subscribe-to-alert-group environment severity informational
  subscribe-to-alert-group inventory periodic monthly 21
  subscribe-to-alert-group configuration export minimum periodic monthly 21
  subscribe-to-alert-group telemetry periodic daily
no password encryption aes
hpm topN enable
crashinfo save disable
Cryptochecksum:8f5576ae5e005fbc3c2243a6fa8f7771
: end