We recently purchased an ASA 5505. We had a pix501 before this and had cisco TAC translate the config from that into a language readable by the ASA. Switched everything over and it all works. VPN tunnels come up. Internet connectivity.. VPN clients can connect.. It's all good.. And that lasts for about a day.. Then the connection drops down to 0 kbps input on the outside connection every 5 minutes or so. People lose remote desktop connections (to other networks), applications running off of remote servers will fail, etc. etc.
We went over this with cisco and they said the config looks good, so they decided it was probably hardware and sent a new device. The new device did the exact same thing....
I suspect it's a problem with the ISP, but I don't know what??
Any thoughts would be appreciated..
here's the current config
ASA Version 7.2(4)
!
hostname *
domain-name *
no names
name 216.150.25.52 tcssql2
name 216.150.25.51 tcsweb2
name 216.150.24.205 tcssql1
name 216.150.24.204 tcsweb1
name 192.168.1.10 req-srv-1
name 66.132.221.236 ttweb1
name 66.132.221.238 ttweb2
name 66.132.221.241 ttsql1
name 66.132.221.243 ttsql2
name 66.132.221.245 ttwitness
name 66.132.221.235 ttwebin
name 216.54.66.173 *
name 216.54.66.172 *
name 192.168.1.20 *
name 192.168.1.121 *
name 192.168.100.0 dmz
name 192.168.100.165 test
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
speed 100
duplex full
!
interface Vlan2
nameif outside
security-level 0
ip address 216.54.66.174 255.255.255.0
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
ftp mode passive
clock timezone CST -6
clock summer-time CDT recurring
object-group service usftp tcp
port-object range 2121 2121
access-list inside_outbound_nat0_acl permit ip any 192.168.1.80 255.255.255.240
access-list inside_outbound_nat0_acl permit ip 192.168.1.0 255.255.255.0 host 216.150.24.205
access-list inside_outbound_nat0_acl permit ip 192.168.1.0 255.255.255.0 host 216.150.25.52
access-list inside_outbound_nat0_acl permit ip 192.168.1.0 255.255.255.0 host 216.150.25.51
access-list inside_outbound_nat0_acl permit ip 192.168.1.0 255.255.255.0 host 216.150.24.204
access-list inside_outbound_nat0_acl permit ip 192.168.1.0 255.255.255.0 192.168.1.80 255.255.255.240
access-list inside_outbound_nat0_acl permit ip 192.168.1.0 255.255.255.0 172.16.2.0 255.255.255.0
access-list inside_outbound_nat0_acl permit ip 192.168.1.0 255.255.255.0 192.168.10.0 255.255.255.0
access-list inside_outbound_nat0_acl permit ip 192.168.1.0 255.255.255.0 10.0.0.0 255.255.255.0
access-list inside_outbound_nat0_acl permit ip 192.168.1.0 255.255.255.0 host 66.132.221.236
access-list inside_outbound_nat0_acl permit ip 192.168.1.0 255.255.255.0 host 66.132.221.243
access-list inside_outbound_nat0_acl permit ip 192.168.1.0 255.255.255.0 host 66.132.221.241
access-list inside_outbound_nat0_acl permit ip 192.168.1.0 255.255.255.0 host 66.132.221.245
access-list inside_outbound_nat0_acl permit ip 192.168.1.0 255.255.255.0 host 66.132.221.238
access-list outside_cryptomap_dyn_20 permit ip any 192.168.1.80 255.255.255.240
access-list 101 permit tcp host 216.54.66.173 eq www host 216.54.66.174 eq 8090
access-list 101 permit tcp any host 216.54.66.174 eq 2121
access-list 101 permit tcp any interface outside eq 2122
access-list 101 permit tcp any host 216.54.66.174 eq smtp
access-list 101 permit tcp any host 216.54.66.174 eq imap4
access-list 101 permit tcp any host 216.54.66.174 eq 9300
access-list 101 permit tcp any host 216.54.66.174 eq https
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any unreachable
access-list 101 permit icmp any any time-exceeded
access-list 101 permit tcp any host 216.54.66.174 eq pop3
access-list 101 permit tcp any host 216.54.66.174 eq 8088
access-list 101 permit tcp any host 216.54.66.174 eq 8085
access-list 101 permit tcp any host 216.54.66.174 eq www
access-list 101 permit tcp any host 216.54.66.173 eq www
access-list 101 permit tcp any host 216.54.66.172 eq www
access-list 101 permit tcp any host 216.54.66.172 eq https
access-list 101 permit tcp any host 216.54.66.173 eq 88
access-list 101 permit tcp any host 216.54.66.171 eq https
access-list 101 permit tcp any host 192.168.100.165 eq www
access-list 101 permit tcp any host 216.54.66.170 eq https
access-list 101 permit tcp any host 216.54.66.169 eq https
access-list outside_cryptomap_30_1 permit ip 192.168.1.0 255.255.255.0 192.168.10.0 255.255.255.0
access-list outside_cryptomap_20_1 permit ip 192.168.1.0 255.255.255.0 host 216.150.24.205
access-list outside_cryptomap_20_1 permit ip 192.168.1.0 255.255.255.0 host 216.150.25.52
access-list outside_cryptomap_20_1 permit ip 192.168.1.0 255.255.255.0 host 216.150.25.51
access-list outside_cryptomap_20_1 permit ip 192.168.1.0 255.255.255.0 host 216.150.24.204
access-list require_splitTunnelAcl permit ip 192.168.1.0 255.255.255.0 any
access-list outside_cryptomap_dyn_20_1 permit ip any 192.168.1.80 255.255.255.240
access-list outside_cryptomap_50 permit ip 192.168.1.0 255.255.255.0 10.0.0.0 255.255.255.0
access-list outside_cryptomap_70 permit ip 192.168.1.0 255.255.255.0 host 66.132.221.236
access-list outside_cryptomap_70 permit ip 192.168.1.0 255.255.255.0 host 66.132.221.243
access-list outside_cryptomap_70 permit ip 192.168.1.0 255.255.255.0 host 66.132.221.241
access-list outside_cryptomap_70 permit ip 192.168.1.0 255.255.255.0 host 66.132.221.245
access-list outside_cryptomap_70 permit ip 192.168.1.0 255.255.255.0 host 66.132.221.238
pager lines 24
logging enable
logging monitor debugging
logging buffered debugging
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool requireippool 192.168.1.85-192.168.1.95
ip local pool pptp-pool 172.16.2.1-172.16.2.254
icmp unreachable rate-limit 1 burst-size 1
asdm history enable
arp timeout 14400
nat-control
global (outside) 1 interface
nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) tcp interface 2121 192.168.1.10 2121 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 2122 192.168.1.20 2122 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface pop3 192.168.1.10 pop3 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 9300 192.168.1.155 9300 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 3389 192.168.1.155 3389 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 8088 192.168.1.20 8088 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 8090 192.168.1.121 81 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 8085 192.168.1.20 https netmask 255.255.255.255 0 0
static (inside,outside) tcp 216.54.66.172 81 192.168.1.20 81 netmask 255.255.255.255 0 0
static (inside,outside) tcp 216.54.66.173 www 192.168.1.121 www netmask 255.255.255.255 0 0
static (inside,outside) tcp 216.54.66.172 www 192.168.1.21 www netmask 255.255.255.255 0 0
static (inside,outside) tcp 216.54.66.172 https 192.168.1.21 https netmask 255.255.255.255 0 0
static (inside,outside) tcp 216.54.66.173 88 192.168.1.158 www netmask 255.255.255.255 0 0
static (inside,outside) tcp 216.54.66.171 https 192.168.1.19 https netmask 255.255.255.255 0 0
static (inside,outside) tcp 192.168.100.165 www 192.168.1.162 www netmask 255.255.255.255 0 0
static (inside,outside) tcp 216.54.66.169 https 192.168.1.40 https netmask 255.255.255.255 0 0
static (inside,outside) tcp interface https 192.168.1.30 https netmask 255.255.255.255 0 0
static (inside,outside) tcp interface imap4 192.168.1.30 imap4 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface www 192.168.1.30 www netmask 255.255.255.255 0 0
static (inside,outside) tcp interface smtp 192.168.1.30 smtp netmask 255.255.255.255 0 0
access-group 101 in interface outside
route outside 0.0.0.0 0.0.0.0 216.54.66.161 1
route outside 192.168.100.0 255.255.255.0 192.168.100.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
tftp-server inside 192.168.1.153 /pixconfig
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto dynamic-map outside_dyn_map_1 20 match address outside_cryptomap_dyn_20_1
crypto dynamic-map outside_dyn_map_1 20 set transform-set ESP-3DES-MD5
crypto map outside_map_1 20 match address outside_cryptomap_20_1
crypto map outside_map_1 20 set peer 216.150.25.76
crypto map outside_map_1 20 set transform-set ESP-AES-128-SHA
crypto map outside_map_1 30 match address outside_cryptomap_30_1
crypto map outside_map_1 30 set peer 24.153.242.215
crypto map outside_map_1 30 set transform-set ESP-AES-128-SHA
crypto map outside_map_1 50 match address outside_cryptomap_50
crypto map outside_map_1 50 set peer 68.15.131.130
crypto map outside_map_1 50 set transform-set ESP-3DES-SHA
crypto map outside_map_1 70 match address outside_cryptomap_70
crypto map outside_map_1 70 set peer 66.132.221.239
crypto map outside_map_1 70 set transform-set ESP-AES-128-SHA
crypto map outside_map_1 65535 ipsec-isakmp dynamic outside_dyn_map_1
crypto map outside_map_1 client authentication LOCAL
crypto map outside_map_1 interface outside
isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto isakmp policy 20
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
crypto isakmp policy 40
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 60
ssh 206.126.161.217 255.255.255.255 outside
ssh timeout 60
console timeout 0
management-access inside
dhcpd address 192.168.1.50-192.168.1.75 inside
dhcpd dns 216.54.2.10 216.54.2.11
dhcpd lease 3600
dhcpd ping_timeout 750
tunnel-group 66.132.221.239 type ipsec-l2l
tunnel-group 66.132.221.239 ipsec-attributes
pre-shared-key *
tunnel-group 68.15.131.130 type ipsec-l2l
tunnel-group 68.15.131.130 ipsec-attributes
pre-shared-key *
tunnel-group 24.153.242.215 type ipsec-l2l
tunnel-group 24.153.242.215 ipsec-attributes
pre-shared-key *
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:aeeed4dd5fb2a85b58da1976715607a1
: end
We went over this with cisco and they said the config looks good, so they decided it was probably hardware and sent a new device. The new device did the exact same thing....
I suspect it's a problem with the ISP, but I don't know what??
Any thoughts would be appreciated..
here's the current config
ASA Version 7.2(4)
!
hostname *
domain-name *
no names
name 216.150.25.52 tcssql2
name 216.150.25.51 tcsweb2
name 216.150.24.205 tcssql1
name 216.150.24.204 tcsweb1
name 192.168.1.10 req-srv-1
name 66.132.221.236 ttweb1
name 66.132.221.238 ttweb2
name 66.132.221.241 ttsql1
name 66.132.221.243 ttsql2
name 66.132.221.245 ttwitness
name 66.132.221.235 ttwebin
name 216.54.66.173 *
name 216.54.66.172 *
name 192.168.1.20 *
name 192.168.1.121 *
name 192.168.100.0 dmz
name 192.168.100.165 test
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
speed 100
duplex full
!
interface Vlan2
nameif outside
security-level 0
ip address 216.54.66.174 255.255.255.0
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
ftp mode passive
clock timezone CST -6
clock summer-time CDT recurring
object-group service usftp tcp
port-object range 2121 2121
access-list inside_outbound_nat0_acl permit ip any 192.168.1.80 255.255.255.240
access-list inside_outbound_nat0_acl permit ip 192.168.1.0 255.255.255.0 host 216.150.24.205
access-list inside_outbound_nat0_acl permit ip 192.168.1.0 255.255.255.0 host 216.150.25.52
access-list inside_outbound_nat0_acl permit ip 192.168.1.0 255.255.255.0 host 216.150.25.51
access-list inside_outbound_nat0_acl permit ip 192.168.1.0 255.255.255.0 host 216.150.24.204
access-list inside_outbound_nat0_acl permit ip 192.168.1.0 255.255.255.0 192.168.1.80 255.255.255.240
access-list inside_outbound_nat0_acl permit ip 192.168.1.0 255.255.255.0 172.16.2.0 255.255.255.0
access-list inside_outbound_nat0_acl permit ip 192.168.1.0 255.255.255.0 192.168.10.0 255.255.255.0
access-list inside_outbound_nat0_acl permit ip 192.168.1.0 255.255.255.0 10.0.0.0 255.255.255.0
access-list inside_outbound_nat0_acl permit ip 192.168.1.0 255.255.255.0 host 66.132.221.236
access-list inside_outbound_nat0_acl permit ip 192.168.1.0 255.255.255.0 host 66.132.221.243
access-list inside_outbound_nat0_acl permit ip 192.168.1.0 255.255.255.0 host 66.132.221.241
access-list inside_outbound_nat0_acl permit ip 192.168.1.0 255.255.255.0 host 66.132.221.245
access-list inside_outbound_nat0_acl permit ip 192.168.1.0 255.255.255.0 host 66.132.221.238
access-list outside_cryptomap_dyn_20 permit ip any 192.168.1.80 255.255.255.240
access-list 101 permit tcp host 216.54.66.173 eq www host 216.54.66.174 eq 8090
access-list 101 permit tcp any host 216.54.66.174 eq 2121
access-list 101 permit tcp any interface outside eq 2122
access-list 101 permit tcp any host 216.54.66.174 eq smtp
access-list 101 permit tcp any host 216.54.66.174 eq imap4
access-list 101 permit tcp any host 216.54.66.174 eq 9300
access-list 101 permit tcp any host 216.54.66.174 eq https
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any unreachable
access-list 101 permit icmp any any time-exceeded
access-list 101 permit tcp any host 216.54.66.174 eq pop3
access-list 101 permit tcp any host 216.54.66.174 eq 8088
access-list 101 permit tcp any host 216.54.66.174 eq 8085
access-list 101 permit tcp any host 216.54.66.174 eq www
access-list 101 permit tcp any host 216.54.66.173 eq www
access-list 101 permit tcp any host 216.54.66.172 eq www
access-list 101 permit tcp any host 216.54.66.172 eq https
access-list 101 permit tcp any host 216.54.66.173 eq 88
access-list 101 permit tcp any host 216.54.66.171 eq https
access-list 101 permit tcp any host 192.168.100.165 eq www
access-list 101 permit tcp any host 216.54.66.170 eq https
access-list 101 permit tcp any host 216.54.66.169 eq https
access-list outside_cryptomap_30_1 permit ip 192.168.1.0 255.255.255.0 192.168.10.0 255.255.255.0
access-list outside_cryptomap_20_1 permit ip 192.168.1.0 255.255.255.0 host 216.150.24.205
access-list outside_cryptomap_20_1 permit ip 192.168.1.0 255.255.255.0 host 216.150.25.52
access-list outside_cryptomap_20_1 permit ip 192.168.1.0 255.255.255.0 host 216.150.25.51
access-list outside_cryptomap_20_1 permit ip 192.168.1.0 255.255.255.0 host 216.150.24.204
access-list require_splitTunnelAcl permit ip 192.168.1.0 255.255.255.0 any
access-list outside_cryptomap_dyn_20_1 permit ip any 192.168.1.80 255.255.255.240
access-list outside_cryptomap_50 permit ip 192.168.1.0 255.255.255.0 10.0.0.0 255.255.255.0
access-list outside_cryptomap_70 permit ip 192.168.1.0 255.255.255.0 host 66.132.221.236
access-list outside_cryptomap_70 permit ip 192.168.1.0 255.255.255.0 host 66.132.221.243
access-list outside_cryptomap_70 permit ip 192.168.1.0 255.255.255.0 host 66.132.221.241
access-list outside_cryptomap_70 permit ip 192.168.1.0 255.255.255.0 host 66.132.221.245
access-list outside_cryptomap_70 permit ip 192.168.1.0 255.255.255.0 host 66.132.221.238
pager lines 24
logging enable
logging monitor debugging
logging buffered debugging
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool requireippool 192.168.1.85-192.168.1.95
ip local pool pptp-pool 172.16.2.1-172.16.2.254
icmp unreachable rate-limit 1 burst-size 1
asdm history enable
arp timeout 14400
nat-control
global (outside) 1 interface
nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) tcp interface 2121 192.168.1.10 2121 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 2122 192.168.1.20 2122 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface pop3 192.168.1.10 pop3 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 9300 192.168.1.155 9300 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 3389 192.168.1.155 3389 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 8088 192.168.1.20 8088 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 8090 192.168.1.121 81 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 8085 192.168.1.20 https netmask 255.255.255.255 0 0
static (inside,outside) tcp 216.54.66.172 81 192.168.1.20 81 netmask 255.255.255.255 0 0
static (inside,outside) tcp 216.54.66.173 www 192.168.1.121 www netmask 255.255.255.255 0 0
static (inside,outside) tcp 216.54.66.172 www 192.168.1.21 www netmask 255.255.255.255 0 0
static (inside,outside) tcp 216.54.66.172 https 192.168.1.21 https netmask 255.255.255.255 0 0
static (inside,outside) tcp 216.54.66.173 88 192.168.1.158 www netmask 255.255.255.255 0 0
static (inside,outside) tcp 216.54.66.171 https 192.168.1.19 https netmask 255.255.255.255 0 0
static (inside,outside) tcp 192.168.100.165 www 192.168.1.162 www netmask 255.255.255.255 0 0
static (inside,outside) tcp 216.54.66.169 https 192.168.1.40 https netmask 255.255.255.255 0 0
static (inside,outside) tcp interface https 192.168.1.30 https netmask 255.255.255.255 0 0
static (inside,outside) tcp interface imap4 192.168.1.30 imap4 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface www 192.168.1.30 www netmask 255.255.255.255 0 0
static (inside,outside) tcp interface smtp 192.168.1.30 smtp netmask 255.255.255.255 0 0
access-group 101 in interface outside
route outside 0.0.0.0 0.0.0.0 216.54.66.161 1
route outside 192.168.100.0 255.255.255.0 192.168.100.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
tftp-server inside 192.168.1.153 /pixconfig
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto dynamic-map outside_dyn_map_1 20 match address outside_cryptomap_dyn_20_1
crypto dynamic-map outside_dyn_map_1 20 set transform-set ESP-3DES-MD5
crypto map outside_map_1 20 match address outside_cryptomap_20_1
crypto map outside_map_1 20 set peer 216.150.25.76
crypto map outside_map_1 20 set transform-set ESP-AES-128-SHA
crypto map outside_map_1 30 match address outside_cryptomap_30_1
crypto map outside_map_1 30 set peer 24.153.242.215
crypto map outside_map_1 30 set transform-set ESP-AES-128-SHA
crypto map outside_map_1 50 match address outside_cryptomap_50
crypto map outside_map_1 50 set peer 68.15.131.130
crypto map outside_map_1 50 set transform-set ESP-3DES-SHA
crypto map outside_map_1 70 match address outside_cryptomap_70
crypto map outside_map_1 70 set peer 66.132.221.239
crypto map outside_map_1 70 set transform-set ESP-AES-128-SHA
crypto map outside_map_1 65535 ipsec-isakmp dynamic outside_dyn_map_1
crypto map outside_map_1 client authentication LOCAL
crypto map outside_map_1 interface outside
isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto isakmp policy 20
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
crypto isakmp policy 40
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 60
ssh 206.126.161.217 255.255.255.255 outside
ssh timeout 60
console timeout 0
management-access inside
dhcpd address 192.168.1.50-192.168.1.75 inside
dhcpd dns 216.54.2.10 216.54.2.11
dhcpd lease 3600
dhcpd ping_timeout 750
tunnel-group 66.132.221.239 type ipsec-l2l
tunnel-group 66.132.221.239 ipsec-attributes
pre-shared-key *
tunnel-group 68.15.131.130 type ipsec-l2l
tunnel-group 68.15.131.130 ipsec-attributes
pre-shared-key *
tunnel-group 24.153.242.215 type ipsec-l2l
tunnel-group 24.153.242.215 ipsec-attributes
pre-shared-key *
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:aeeed4dd5fb2a85b58da1976715607a1
: end