Result of the command: "sh run" : Saved : PIX Version 7.2(1)19 ! hostname icorda-fw1 domain-name icorda.mst enable password $$$$$$$$$$$$$$$ encrypted names name 217.136.224.210 Thermelec_ADSL name 81.241.255.75 Deroose_ADSL name 10.2.1.254 icorda-ipt1 name 67.133.239.34 ftpav.ca.com name 192.168.153.0 RemoteOffice name 10.1.252.0 UserVPN name 10.1.1.14 ICORDA-MX07 name 10.1.1.15 ICORDA-MX07_Relay dns-guard ! interface Ethernet0 nameif outside security-level 0 ip address 234.32.114.85 255.255.255.248 ! interface Ethernet1 nameif inside security-level 100 ip address 10.1.1.32 255.255.0.0 ! interface Ethernet1.2 vlan 2 nameif IPT security-level 70 ip address 10.2.1.253 255.255.255.0 ! interface Ethernet1.10 vlan 10 nameif WirelessPublic security-level 30 ip address 10.2.2.254 255.255.255.0 ! interface Ethernet2 nameif dmz security-level 50 ip address 172.16.254.1 255.255.255.0 ! passwd 2KFQnbNIdI.2KYOU encrypted regex videostreaming "[Vv][Ii][Dd][Ee][Oo]" regex www.sportwereld.be "[Ww][Ww][Ww].[Ss][Pp][Oo][Rr][Tt][Ww][Ee][Rr][Ee][Ll][Dd].[Bb][Ee]" regex MMS-streaming "[Xx]-[Mm][Mm][Ss]" regex any ".?" regex www.test.be "[Ww][Ww][Ww].[Tt][Ee][Ss][Tt].[Bb][Ee]" regex www.hln.be "[Ww][Ww][Ww].[Hh][Ll][Nn].[Bb][Ee]" regex streampower.be "[Ss][Tt][Rr][Ee][Aa][Mm][Pp][Oo][Ww][Ee][Rr].[Bb][Ee]" regex www.basketovl.be "[Ww][Ww][Ww].[Bb][Aa][Ss][Kk][Ee][Tt][Oo][Vv][Ll].[Bb][Ee]" regex audiostreaming "[Aa][Uu][Dd][Ii][Oo]" regex q-music "/[Ss][Tt][Aa][Tt][Ii][Cc]/[Aa][Ss][Xx]/" ! time-range UpdatesDMZ periodic daily 2:50 to 3:30 ! banner exec Restricted Access Rules Applied. All access is logged. banner exec Unauthorized access will be taken action on in the fullest extend of the Law. banner exec Managed by Icorda NV - +32-9-2276676 - info@icorda.be banner login Restricted Access Rules Applied. All access is logged. banner login Unauthorized access will be taken action on in the fullest extend of the Law. banner login Managed by Icorda NV - +32-9-2276676 - info@icorda.be boot system flash:/pix712.bin ftp mode passive clock timezone CEST 1 clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00 dns server-group DefaultDNS domain-name icorda.mst same-security-traffic permit intra-interface object-group service NetbiosWorms_TCP tcp description Filter to stop Netbios and Worms port-object range 137 netbios-ssn port-object eq 593 port-object eq 69 port-object eq 135 port-object eq 445 port-object eq 1863 object-group service NetbiosWorms_UDP udp port-object range netbios-ns 139 port-object eq 135 object-group service DMZServices tcp description Services permitted from the interal network to the DMZ Zone port-object eq 6050 port-object eq 1433 port-object range ftp-data ftp port-object eq 13421 port-object eq 3389 port-object eq www port-object eq https port-object eq 6051 object-group service PL-IS1_inside2dmz_TCP tcp port-object eq 5900 port-object eq 3306 port-object eq imap4 port-object eq smtp port-object eq telnet port-object eq 8080 port-object eq 8000 object-group service ISA1_outside2dmz_TCP tcp port-object eq 995 port-object eq www port-object eq https port-object eq smtp port-object eq ftp port-object eq ftp-data object-group service AS400_TCP tcp port-object range ftp-data ftp port-object range 8470 8476 port-object eq 8480 port-object eq telnet port-object range 5555 5556 port-object eq daytime port-object eq 449 port-object eq 9480 port-object eq 397 object-group service PL-IS1_outside2dmz_TCP tcp port-object eq smtp port-object eq www port-object eq imap4 port-object eq ftp object-group network DMZ_Servers network-object 172.16.254.3 255.255.255.255 object-group network DNS_Servers network-object 10.1.1.1 255.255.255.255 network-object 10.1.1.4 255.255.255.255 object-group service IS2-IBASE_outside2dmz_TCP tcp port-object eq https port-object eq www port-object eq ftp port-object eq ftp-data object-group service IS2_outside2dmz_TCP tcp port-object eq ftp port-object eq www object-group network DMZ_Servers_ref network-object 234.32.114.82 255.255.255.255 network-object 234.32.114.85 255.255.255.255 object-group service IS2_dmz2Deroose_TCP tcp port-object eq 1433 port-object eq ftp object-group service RemoteSupport_out2in_tcp tcp port-object range 15500 15503 object-group service IM_Ports_tcp tcp port-object eq 1863 port-object eq 7001 port-object eq 5050 port-object eq telnet object-group service im_proxy_ports_tcp tcp port-object eq 8000 port-object eq 8080 port-object eq www object-group service StreamingPorts_TCP tcp port-object eq 1736 port-object eq 1755 port-object eq 1790 port-object eq 2979 port-object eq 537 port-object eq rtsp object-group service StreamingPorts_UDP udp port-object eq 1736 port-object eq 1755 port-object eq 1790 port-object eq 2979 port-object eq 537 port-object eq 554 object-group network SMTPServersIntern network-object host ICORDA-MX07 network-object host 10.1.1.4 network-object host ICORDA-MX07_Relay access-list inside_access_in extended deny tcp 10.1.0.0 255.255.0.0 any object-group IM_Ports_tcp inactive access-list inside_access_in extended permit ip 10.1.0.0 255.255.0.0 172.16.254.0 255.255.255.0 access-list inside_access_in extended permit tcp 10.1.0.0 255.255.0.0 192.168.250.0 255.255.255.0 object-group AS400_TCP access-list inside_access_in extended permit tcp 10.1.0.0 255.255.0.0 object-group DMZ_Servers object-group DMZServices access-list inside_access_in extended permit tcp 10.1.0.0 255.255.0.0 host 172.16.254.6 eq https access-list inside_access_in extended permit tcp 10.1.0.0 255.255.0.0 host 172.16.254.6 eq www access-list inside_access_in extended permit icmp 10.1.0.0 255.255.0.0 172.16.254.0 255.255.255.0 echo access-list inside_access_in extended deny ip 10.1.0.0 255.255.0.0 172.16.0.0 255.255.0.0 access-list inside_access_in extended deny ip 10.1.0.0 255.255.0.0 10.2.2.0 255.255.255.0 access-list inside_access_in extended permit ip 10.1.0.0 255.255.0.0 UserVPN 255.255.255.0 access-list inside_access_in extended permit ip 10.1.0.0 255.255.0.0 10.2.1.0 255.255.255.0 access-list inside_access_in extended deny ip 10.1.0.0 255.255.0.0 10.2.1.0 255.255.255.0 access-list inside_access_in extended deny tcp 10.1.0.0 255.255.0.0 any object-group StreamingPorts_TCP inactive access-list inside_access_in extended deny udp 10.1.0.0 255.255.0.0 any object-group StreamingPorts_UDP inactive access-list inside_access_in extended deny tcp 10.1.0.0 255.255.0.0 any object-group NetbiosWorms_TCP access-list inside_access_in extended deny udp 10.1.0.0 255.255.0.0 any object-group NetbiosWorms_UDP access-list inside_access_in extended permit ip 10.1.0.0 255.255.0.0 any access-list inside_access_in remark HAMACHI IPT test (PL) access-list inside_access_in extended permit ip 5.0.0.0 255.0.0.0 10.2.1.0 255.255.255.0 access-list outside_access_in extended permit ip UserVPN 255.255.255.0 10.1.0.0 255.255.0.0 access-list outside_access_in extended permit ip UserVPN 255.255.255.0 10.2.1.0 255.255.255.0 access-list outside_access_in extended permit tcp UserVPN 255.255.255.0 172.16.254.0 255.255.255.0 object-group DMZServices access-list outside_access_in extended permit ip RemoteOffice 255.255.255.0 234.32.0.0 255.255.0.0 access-list outside_access_in extended permit ip RemoteOffice 255.255.255.0 10.2.1.0 255.255.255.0 access-list outside_access_in extended permit tcp RemoteOffice 255.255.255.0 172.16.254.0 255.255.255.0 object-group DMZServices access-list outside_access_in extended deny ip UserVPN 255.255.255.0 any access-list outside_access_in extended deny ip RemoteOffice 255.255.255.0 any access-list outside_access_in extended deny ip 192.168.250.0 255.255.255.0 any access-list outside_access_in extended permit tcp any host 234.32.114.83 eq smtp access-list outside_access_in extended permit tcp any host 234.32.114.84 object-group IS2-IBASE_outside2dmz_TCP access-list outside_access_in extended permit tcp any host 234.32.114.82 object-group IS2_outside2dmz_TCP access-list outside_access_in extended permit tcp host Deroose_ADSL host 234.32.114.82 eq 1433 access-list outside_access_in extended permit tcp any host 234.32.114.81 object-group ISA1_outside2dmz_TCP access-list outside_access_in extended permit tcp any host 234.32.114.85 eq 1443 access-list outside_access_in extended permit tcp any interface outside eq https access-list outside_access_in extended permit tcp any interface outside eq www access-list outside_access_in extended permit tcp any interface outside object-group RemoteSupport_out2in_tcp access-list outside_access_in extended permit icmp any any echo-reply access-list outside_access_in extended permit icmp any any time-exceeded access-list outside_access_in extended permit icmp any any unreachable access-list dmz_access_in extended permit ip 172.16.254.0 255.255.255.0 10.1.0.0 255.255.0.0 access-list dmz_access_in extended permit icmp 172.16.254.0 255.255.255.0 any echo-reply access-list dmz_access_in extended permit tcp 172.16.254.0 255.255.255.0 host 10.1.1.7 eq 8080 access-list dmz_access_in extended permit udp 172.16.254.0 255.255.255.0 object-group DNS_Servers eq domain access-list dmz_access_in extended permit udp 172.16.254.0 255.255.255.0 object-group DNS_Servers eq ntp access-list dmz_access_in extended permit tcp object-group DMZ_Servers host 10.1.1.1 eq smtp access-list dmz_access_in extended permit tcp object-group DMZ_Servers object-group SMTPServersIntern eq smtp access-list dmz_access_in extended permit tcp host 172.16.254.3 host 10.1.1.5 eq 1604 access-list dmz_access_in extended permit tcp host 172.16.254.3 host 10.1.1.18 eq 1433 access-list dmz_access_in extended permit tcp host 172.16.254.3 host ftpav.ca.com eq ftp access-list dmz_access_in extended permit tcp host 172.16.254.3 host Deroose_ADSL object-group IS2_dmz2Deroose_TCP access-list dmz_access_in extended permit tcp host 172.16.254.3 any eq www access-list inside_nat0_outbound extended permit ip 10.1.0.0 255.255.0.0 172.16.254.0 255.255.255.0 access-list inside_nat0_outbound extended permit ip 10.1.0.0 255.255.0.0 192.168.250.0 255.255.255.0 access-list inside_nat0_outbound extended permit ip 10.1.0.0 255.255.0.0 UserVPN 255.255.255.0 access-list inside_nat0_outbound extended permit ip 10.1.0.0 255.255.0.0 10.2.1.0 255.255.255.0 access-list inside_nat0_outbound extended permit ip 10.1.0.0 255.255.0.0 10.2.2.0 255.255.255.0 access-list inside_nat0_outbound extended permit ip 10.1.0.0 255.255.0.0 RemoteOffice 255.255.255.192 access-list outside_cryptomap_20 extended permit ip 10.1.0.0 255.255.0.0 192.168.250.0 255.255.255.0 access-list dmz_nat0_outbound extended permit ip 172.16.254.0 255.255.255.0 UserVPN 255.255.255.0 access-list dmz_nat0_outbound extended permit ip 172.16.254.0 255.255.255.0 RemoteOffice 255.255.255.0 access-list IcordaVPNGroup_splitTunnelAcl standard permit 10.1.0.0 255.255.0.0 access-list IcordaVPNGroup_splitTunnelAcl standard permit 172.16.254.0 255.255.255.0 access-list IcordaVPNGroup_splitTunnelAcl standard permit 10.2.1.0 255.255.255.0 access-list ThermelecVPNGroup_splitTunnelAcl standard permit host 172.16.254.3 access-list ThermelecVPNAccess extended permit tcp 10.1.252.64 255.255.255.192 host 172.16.254.3 eq 1433 access-list WirelessPublic_access_in extended deny ip any 10.1.0.0 255.255.0.0 access-list WirelessPublic_access_in extended permit tcp 10.2.2.0 255.255.255.0 172.16.254.0 255.255.255.0 object-group ISA1_outside2dmz_TCP access-list WirelessPublic_access_in extended deny ip any 172.16.254.0 255.255.255.0 access-list WirelessPublic_access_in extended deny tcp any any eq 3389 access-list WirelessPublic_access_in extended deny tcp any any eq ssh access-list WirelessPublic_access_in extended permit ip 10.2.2.0 255.255.255.0 any access-list IPTDemoACL standard permit 192.168.123.0 255.255.255.0 access-list IPTDemoVPN_splitTunnelAcl standard permit 10.2.1.0 255.255.255.0 access-list outside_cryptomap_dyn_15 extended permit ip 172.16.254.0 255.255.255.0 RemoteOffice 255.255.255.192 access-list outside_cryptomap_dyn_15 extended permit ip 10.2.1.0 255.255.255.0 RemoteOffice 255.255.255.192 access-list outside_cryptomap_dyn_15 extended permit ip 10.1.0.0 255.255.0.0 RemoteOffice 255.255.255.192 access-list IPT_access_in extended permit ip 10.2.1.0 255.255.255.0 10.1.0.0 255.255.0.0 access-list IPT_access_in extended permit ip 10.2.1.0 255.255.255.0 RemoteOffice 255.255.255.0 access-list IPT_access_in extended permit ip 10.2.1.0 255.255.255.0 UserVPN 255.255.255.192 access-list IPT_access_in extended permit ip 10.2.1.0 255.255.255.0 any access-list IPT_nat0_outbound extended permit ip 10.2.1.0 255.255.255.0 UserVPN 255.255.255.0 access-list IPT_nat0_outbound extended permit ip 10.2.1.0 255.255.255.0 RemoteOffice 255.255.255.192 access-list IPT_nat0_inbound extended permit ip 10.2.1.0 255.255.255.0 10.1.0.0 255.255.0.0 access-list 199 extended permit ip host 10.1.1.3 interface IPT access-list 199 extended permit ip interface IPT host 10.1.1.3 access-list dmz_mpc extended permit tcp host 172.16.254.3 any eq www pager lines 24 logging enable logging timestamp logging list Auth_Filter level debugging class auth logging monitor debugging logging trap debugging logging asdm debugging logging facility 16 logging host inside 10.1.1.11 mtu outside 1500 mtu inside 1500 mtu IPT 1500 mtu WirelessPublic 1500 mtu dmz 1500 ip local pool UserVPNPool 10.1.252.1-10.1.252.62 mask 255.255.255.192 ip local pool ThermelecVPNPool 10.1.252.65-10.1.252.126 mask 255.255.255.192 asdm image flash:/asdm521-54.bin asdm history enable arp timeout 14400 global (outside) 10 interface nat (inside) 0 access-list inside_nat0_outbound nat (inside) 10 10.1.0.0 255.255.0.0 nat (IPT) 0 access-list IPT_nat0_outbound nat (IPT) 0 access-list IPT_nat0_inbound outside nat (IPT) 10 10.2.1.0 255.255.255.0 nat (WirelessPublic) 10 10.2.2.0 255.255.255.0 nat (dmz) 0 access-list dmz_nat0_outbound static (dmz,outside) tcp interface www 172.16.254.6 www netmask 255.255.255.255 static (dmz,outside) tcp interface https 172.16.254.6 https netmask 255.255.255.255 static (inside,outside) tcp interface 1443 10.1.1.11 https netmask 255.255.255.255 static (dmz,outside) 234.32.114.81 172.16.254.5 netmask 255.255.255.255 dns static (dmz,outside) 234.32.114.82 172.16.254.3 netmask 255.255.255.255 dns static (dmz,outside) 124.8.14.84 172.16.254.4 netmask 255.255.255.255 dns static (inside,outside) 193.178.214.8 10.1.1.20 netmask 255.255.255.255 dns access-group outside_access_in in interface outside access-group inside_access_in in interface inside access-group IPT_access_in in interface IPT access-group WirelessPublic_access_in in interface WirelessPublic access-group dmz_access_in in interface dmz route outside 0.0.0.0 0.0.0.0 194.80.9.3 1 route inside 5.0.0.0 255.0.0.0 10.1.1.11 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout uauth 0:05:00 absolute aaa-server IcordaRadius protocol radius aaa-server IcordaRadius host 10.1.1.1 key IcordaRADIUS aaa-server Vasco protocol radius reactivation-mode depletion deadtime 1 max-failed-attempts 5 aaa-server Vasco host 10.1.1.13 key RadiusVASCO group-policy DfltGrpPolicy attributes banner none wins-server none dns-server none dhcp-network-scope none vpn-access-hours none vpn-simultaneous-logins 3 vpn-idle-timeout 30 vpn-session-timeout none vpn-filter none vpn-tunnel-protocol IPSec password-storage disable ip-comp enable re-xauth disable group-lock none pfs enable ipsec-udp disable ipsec-udp-port 10000 split-tunnel-policy tunnelall split-tunnel-network-list none default-domain none split-dns none intercept-dhcp 255.255.255.255 disable secure-unit-authentication disable user-authentication disable user-authentication-idle-timeout 30 ip-phone-bypass disable leap-bypass disable nem disable backup-servers keep-client-config msie-proxy server none msie-proxy method no-modify msie-proxy except-list none msie-proxy local-bypass disable nac disable nac-sq-period 300 nac-reval-period 36000 nac-default-acl none address-pools none client-firewall none client-access-rule none group-policy GroupPolicy1 internal group-policy GroupPolicy1 attributes wins-server value 10.1.1.3 dns-server value 10.1.1.3 10.1.1.4 dhcp-network-scope none vpn-access-hours none vpn-simultaneous-logins 3 vpn-idle-timeout 30 vpn-session-timeout none vpn-filter none vpn-tunnel-protocol IPSec l2tp-ipsec split-tunnel-policy tunnelspecified split-tunnel-network-list value IcordaVPNGroup_splitTunnelAcl default-domain value icorda.mst split-dns none group-policy GP_Vasco internal group-policy GP_Vasco attributes banner value OPGELET - U hebt een VASCO Token nodig om op dit netwerk aan te melden. banner value Hebt u uw domain paswoord gebruikt, dan zal contact met u opgenomen worden banner value om een Token te verkrijgen. banner value ------------------------------------------------------------------------------------------------ banner value Welkom op het Icorda netwerk. banner value Deze verbinding is enkel toegelaten voor Icorda werknemers. banner value Alle toegang en clientgegevens worden gelogd. banner value Misbruik is strafbaar banner value Info : Icorda NV - +32-9-227.66.76 - info@icorda.be wins-server none dns-server value 10.1.1.1 10.1.1.4 dhcp-network-scope none vpn-access-hours none vpn-simultaneous-logins 999 vpn-idle-timeout none vpn-session-timeout none vpn-filter none vpn-tunnel-protocol IPSec password-storage disable ip-comp enable re-xauth disable group-lock none pfs enable ipsec-udp disable ipsec-udp-port 10000 split-tunnel-policy tunnelspecified split-tunnel-network-list value IcordaVPNGroup_splitTunnelAcl default-domain value icorda.mst split-dns none backup-servers keep-client-config client-firewall none client-access-rule none group-policy GP_ThermelecUserVPN internal group-policy GP_ThermelecUserVPN attributes vpn-access-hours none vpn-simultaneous-logins 10 vpn-idle-timeout 30 vpn-session-timeout none vpn-filter value ThermelecVPNAccess vpn-tunnel-protocol IPSec password-storage disable ip-comp enable re-xauth disable group-lock none pfs enable ipsec-udp disable ipsec-udp-port 10000 split-tunnel-policy tunnelspecified split-tunnel-network-list value ThermelecVPNGroup_splitTunnelAcl default-domain none split-dns none backup-servers keep-client-config client-firewall none group-policy IcordaVPNGroup internal group-policy IcordaVPNGroup attributes banner value Welkom op het Icorda netwerk. banner value Deze verbinding is enkel toegelaten voor Icorda werknemers. banner value Alle toegang en clientgegevens worden gelogd. banner value Misbruik is strafbaar banner value Info : Icorda NV - +32-9-227.66.76 - info@icorda.be wins-server none dns-server value 10.1.1.1 10.1.1.4 dhcp-network-scope none vpn-access-hours none vpn-simultaneous-logins 100 vpn-idle-timeout none vpn-session-timeout none vpn-filter none vpn-tunnel-protocol IPSec password-storage disable ip-comp disable re-xauth disable group-lock none pfs enable ipsec-udp disable ipsec-udp-port 10000 split-tunnel-policy tunnelspecified split-tunnel-network-list value IcordaVPNGroup_splitTunnelAcl default-domain value icorda.mst split-dns none backup-servers keep-client-config username icorda $$$$$$$$$$$$$$$$ encrypted privilege 15 aaa authentication ssh console LOCAL aaa authentication telnet console LOCAL http server enable http 10.1.10.0 255.255.255.0 inside http 10.1.1.0 255.255.255.240 inside snmp-server host inside 10.1.1.11 poll community public snmp-server host inside 10.1.254.165 poll community public version 2c snmp-server location Icorda NV, Gent snmp-server contact Icorda NV, Pieter Lambrecht, +32-9-227.66.76 snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto dynamic-map outside_dyn_map 15 match address outside_cryptomap_dyn_15 crypto dynamic-map outside_dyn_map 15 set pfs crypto dynamic-map outside_dyn_map 15 set transform-set ESP-3DES-MD5 crypto dynamic-map outside_dyn_map 20 set pfs crypto dynamic-map outside_dyn_map 20 set transform-set ESP-AES-256-MD5 ESP-3DES-MD5 crypto dynamic-map outside_dyn_map 20 set reverse-route crypto map outside_map 20 match address outside_cryptomap_20 crypto map outside_map 20 set pfs group5 crypto map outside_map 20 set peer 81.241.238.156 crypto map outside_map 20 set transform-set ESP-AES-256-MD5 crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map crypto map outside_map interface outside crypto isakmp identity address crypto isakmp enable outside crypto isakmp policy 1 authentication pre-share encryption aes-256 hash md5 group 2 lifetime 86400 crypto isakmp policy 5 authentication pre-share encryption 3des hash md5 group 2 lifetime 86400 crypto isakmp policy 10 authentication pre-share encryption aes-256 hash md5 group 5 lifetime 86400 crypto isakmp policy 30 authentication pre-share encryption aes hash md5 group 2 lifetime 86400 crypto isakmp policy 50 authentication pre-share encryption aes hash md5 group 5 lifetime 86400 crypto isakmp policy 65535 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 crypto isakmp nat-traversal 20 crypto isakmp disconnect-notify crypto isakmp reload-wait tunnel-group DefaultL2LGroup ipsec-attributes pre-shared-key * tunnel-group 81.241.238.156 type ipsec-l2l tunnel-group 81.241.238.156 ipsec-attributes pre-shared-key * tunnel-group IcordaVPNGroup type ipsec-ra tunnel-group IcordaVPNGroup general-attributes address-pool UserVPNPool authentication-server-group IcordaRadius LOCAL default-group-policy IcordaVPNGroup strip-realm strip-group tunnel-group IcordaVPNGroup ipsec-attributes pre-shared-key * tunnel-group ThermelecVPNGroup type ipsec-ra tunnel-group ThermelecVPNGroup general-attributes address-pool ThermelecVPNPool authentication-server-group IcordaRadius default-group-policy GP_ThermelecUserVPN strip-realm strip-group tunnel-group ThermelecVPNGroup ipsec-attributes pre-shared-key * tunnel-group VascoGroup type ipsec-ra tunnel-group VascoGroup general-attributes address-pool UserVPNPool authentication-server-group Vasco authorization-server-group Vasco accounting-server-group Vasco default-group-policy GP_Vasco strip-realm strip-group tunnel-group VascoGroup ipsec-attributes pre-shared-key * chain tunnel-group IcordaShrew type ipsec-ra tunnel-group IcordaShrew general-attributes address-pool UserVPNPool authentication-server-group IcordaRadius default-group-policy GroupPolicy1 tunnel-group IcordaShrew ipsec-attributes pre-shared-key * no vpn-addr-assign aaa no vpn-addr-assign dhcp telnet 10.1.1.0 255.255.255.240 inside telnet timeout 5 ssh 10.1.1.0 255.255.255.240 inside ssh timeout 5 console timeout 0 dhcpd dns 195.238.2.21 195.238.2.22 dhcpd domain icorda.public ! dhcpd address 10.2.2.100-10.2.2.200 WirelessPublic dhcpd dns 195.238.2.21 195.238.2.22 interface WirelessPublic dhcpd domain icorda.public interface WirelessPublic dhcpd enable WirelessPublic ! priority-queue outside priority-queue inside ! class-map outside-class-smtp match port tcp eq smtp class-map filter_http_dmzout match access-list dmz_mpc class-map type regex match-any allow_dmz_http_sites match regex www.basketovl.be match regex www.sportwereld.be match regex www.hln.be class-map prioritySIP match dscp cs5 class-map inspection_default match default-inspection-traffic class-map type regex match-any any match regex any class-map type inspect http match-all audiocast match request header regex audiostreaming regex class any class-map global-class_VPN-DSCP match dscp af31 ef match tunnel-group DefaultL2LGroup ! ! policy-map type inspect im cvcv description sqdfqsdf parameters policy-map type inspect esmtp SMTP-medium-nobannermask parameters no mask-banner match MIME filename length gt 255 drop-connection match sender-address length gt 320 drop-connection match cmd RCPT count gt 100 drop-connection match body line length gt 998 drop-connection match cmd line length gt 512 drop-connection policy-map type inspect dns migrated_dns_map_1 parameters message-length maximum 512 policy-map global_policy class inspection_default inspect dns migrated_dns_map_1 inspect ftp inspect h323 h225 inspect h323 ras inspect netbios inspect rsh inspect sqlnet inspect sunrpc inspect tftp inspect xdmcp inspect pptp inspect ctiqbe inspect http inspect rtsp inspect sip class global-class_VPN-DSCP priority class prioritySIP inspect sip priority policy-map outside-policy class outside-class-smtp police output 163500 1500 policy-map type inspect http Outgoing_DMZ_http parameters protocol-violation action drop-connection log match not request header host regex class allow_dmz_http_sites drop-connection log policy-map dmz-policy class filter_http_dmzout inspect http Outgoing_DMZ_http policy-map type inspect http Block_streaming parameters match request header host regex streampower.be drop-connection log match response header content-type regex audiostreaming drop-connection log match response header content-type regex videostreaming drop-connection log match response header content-type regex MMS-streaming drop-connection log match request args regex q-music drop-connection log ! service-policy global_policy global service-policy outside-policy interface outside service-policy dmz-policy interface dmz ntp server 195.13.23.5 source outside prompt hostname context Cryptochecksum:347b8cebc324e1a585fd04500fa111da : end