hostname asa
domain-name xxxxxxxxx.de
enable password 8Ry2YjIyt7RRXU24 encrypted
names
name 192.168.1.2 CLIENT
name 192.168.1.0 KUNDEN_LAN
name 192.168.200.0 VPN_POOL
dns-guard
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
interface Vlan11
nameif outside
security-level 0
pppoe client vpdn group test
ip address pppoe setroute
!
interface Ethernet0/0
switchport access vlan 11
!
interface Ethernet0/1
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
dns domain-lookup outside
dns server-group DefaultDNS
domain-name xxxxxxxxxxxx.de
access-list inside_nat0_outbound extended permit ip any VPN_POOL 255.255.255.248
access-list inside_access_in extended permit icmp host VPN_POOL any echo-reply
access-list inside_access_in extended permit ip host VPN_POOL any
access-list inside_access_in extended permit ip host CLIENT any
access-list inside_access_in extended permit icmp host CLIENT any echo-reply
access-list inside_access_in extended permit icmp host CLIENT any echo
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool VPN_POOL 192.168.200.1-192.168.200.5 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-522.bin
no asdm history enable
arp timeout 14400
global (inside) 2 interface
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 KUNDEN_LAN 255.255.255.0
access-group inside_access_in in interface inside
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
group-policy xxxxxx internal
group-policy xxxxxx attributes
vpn-tunnel-protocol IPSec
username xxxxxx password nCe7k1IF8VqW6ktZ encrypted privilege 0
username xxxxxx attributes
vpn-group-policy altro_test
http server enable
http CLIENT 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto dynamic-map outside_dyn_map 20 set pfs
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-AES-256-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption aes-256
hash md5
group 2
lifetime 86400
crypto isakmp policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
tunnel-group xxxxxx type ipsec-ra
tunnel-group xxxxxx general-attributes
address-pool VPN_POOL
default-group-policy xxxxxx
tunnel-group altro_test ipsec-attributes
pre-shared-key *
telnet timeout 5
ssh timeout 5
console timeout 0
vpdn group test request dialout pppoe
vpdn group test localname 0016157483565200420037940001@t-online.de
vpdn group test ppp authentication pap
vpdn username xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx@t-online.de password ********* store-local
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect icmp
inspect http
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:ce023164fbab6adc826e00a5af5065c6
: end