INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Jobs

Asa 5 hosts with public IP?

Asa 5 hosts with public IP?

(OP)
Hello everybody,
I have configured a ASA 5510 firewall with a default route 0.0.0.0 to 78.142.163.129
Outside Interface ip is 78.142.163.131

All hosts in my subnet are going out this outside interface about NAT with 78.142.163.140.
All is working perfectly.

But, now i want to make an special DMZ with five hosts with public IP-Adresses. So that every host has his own public IP-Adress. I want to configure on the host the public IP-Adress and go through the firewall without natting.

I have made a network(DMZ) with the public IPs: 86.59.104.224 255.255.255.240
The DMZ interface has the ip adress 86.59.104.226.

I have configured a second default route to 86.59.104.225 (Gate to the ISP).

I am not really sure how to configure nat, that the PCs can go out through the firewall with their own public ip adresses.
So i have nothing configured on the nat, because I don`t want a translated ip adress.

So the problem ist, my hosts cannot connect to the internet. PacketTracer in ASA says no problem. All packets are allowed, in and outgoing.

When i monitor the client i get the message:
An ICMP session is removed in the fast-path when stateful ICMP is enabled using the inspect icmp command
but i don`t know what the message is about?

I have also tested to give the dmz a private IP-Adress-network of 172.18.0.0 /24 and translate them in nat to one ipadress:
86.59.104.227, but also this isn`t working.

So i am frustrated and hope anybody can understand what I have written (not the best in english winky smile ) and can help me with a solution.
Here is my config:

CODE -->

: Saved
:
ASA Version 9.1(3) 
!
hostname ASA
domain-name hofburg-vie.local
enable password kvce8nG3DYyYgEJF encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd kvce8nG3DYyYgEJF encrypted
names
name 10.0.0.0 RFC1918 description interne Netze
name 10.2.0.0 client-vpn-user description User VPN
name 213.129.232.1 DNS-Server_Silverserver
name 87.230.90.208 allowed-external
name 78.142.163.140 extern-NAT
name 85.115.32.0 websense1 description websense1
name 116.50.56.0 websense3 description websense3
name 208.87.232.0 websense4 description websense4
name 78.142.163.142 extern_newsletter
name 128.130.149.0 temp_motor
name 78.142.163.132 extern_ebms
name 78.142.163.141 wlc.hofburg.com description wlc.hofburg.com
name 87.106.139.57 www.markeding.at
name 86.111.220.0 websense5 description websense5
name 103.1.196.0 websense6 description websense6
name 177.39.96.0 websense7 description websense7
name 196.216.238.0 websense8 description websense8
name 176.52.247.13 markeding.at
name 54.194.39.37 eu_aws_www2.hofburg.com
ip local pool client-vpn1 10.2.0.1-10.2.0.10 mask 255.255.255.0
ip local pool client-vpn 10.1.0.1-10.1.0.10 mask 255.255.255.0
!
interface Ethernet0/0
 description outside-ISP_LAN
 nameif outside
 security-level 0
 ip address 78.142.163.131 255.255.255.240 
!
interface Ethernet0/1
 description Verwaltungsnetz
 nameif inside
 security-level 100
 ip address 10.0.0.249 255.255.255.0 
!
interface Ethernet0/2
 no nameif
 no security-level
 no ip address
!
interface Ethernet0/2.20
 description Veranstaltungsnetz 2Mbit
 vlan 20
 nameif 2Mbit_20
 security-level 20
 ip address 10.20.0.1 255.255.252.0 
!
interface Ethernet0/2.21
 description Veranstaltungsnetz 2Mbit
 vlan 21
 nameif 2Mbit_21
 security-level 20
 ip address 10.21.0.1 255.255.252.0 
!
interface Ethernet0/2.22
 description Veranstaltungsnetz 2Mbit
 vlan 22
 nameif 2Mbit_22
 security-level 20
 ip address 10.22.0.1 255.255.252.0 
!
interface Ethernet0/2.23
 description Veranstaltungsnetz 2Mbit
 vlan 23
 nameif 2Mbit_23
 security-level 20
 ip address 10.23.0.1 255.255.252.0 
!
interface Ethernet0/2.40
 description Veranstaltungsnetz 4Mbit
 vlan 40
 nameif 4Mbit_40
 security-level 20
 ip address 10.40.0.1 255.255.252.0 
!
interface Ethernet0/2.41
 description Veranstaltungsnetz 4Mbit
 vlan 41
 nameif 4Mbit_41
 security-level 20
 ip address 10.41.0.1 255.255.252.0 
!
interface Ethernet0/2.42
 description Veranstaltungsnetz 4Mbit
 vlan 42
 nameif 4Mbit_42
 security-level 20
 ip address 10.42.0.1 255.255.252.0 
!
interface Ethernet0/2.43
 description Veranstaltungsnetz 4Mbit
 vlan 43
 nameif 4Mbit_43
 security-level 20
 ip address 10.43.0.1 255.255.252.0 
!
interface Ethernet0/2.44
 vlan 44
 nameif 4Mbit_44
 security-level 20
 ip address 10.44.0.1 255.255.252.0 
!
interface Ethernet0/2.45
 description Veranstaltungsnetz 4Mbit
 vlan 45
 nameif 4Mbit_45
 security-level 20
 ip address 10.45.0.1 255.255.252.0 
!
interface Ethernet0/2.46
 description Veranstaltungsnetz 4Mbit
 vlan 46
 nameif 4Mbit_46
 security-level 20
 ip address 10.46.0.1 255.255.252.0 
!
interface Ethernet0/2.47
 description Veranstaltungsnetz 4Mbit
 vlan 47
 nameif 4Mbit_47
 security-level 40
 ip address 10.47.0.1 255.255.252.0 
!
interface Ethernet0/2.60
 description Veranstaltungsnetz 6Mbit
 vlan 60
 nameif 6Mbit_60
 security-level 20
 ip address 10.60.0.1 255.255.252.0 
!
interface Ethernet0/2.61
 description Veranstaltungsnetz 6Mbit
 vlan 61
 nameif 6Mbit_61
 security-level 20
 ip address 10.61.0.1 255.255.252.0 
!
interface Ethernet0/2.62
 description Veranstaltungsnetz 6Mbit
 vlan 62
 nameif 6Mbit_62
 security-level 20
 ip address 10.62.0.1 255.255.252.0 
!
interface Ethernet0/2.63
 description Veranstaltungsnetz 6Mbit
 vlan 63
 nameif 6Mbit_63
 security-level 20
 ip address 10.63.0.1 255.255.252.0 
!
interface Ethernet0/2.100
 description Veranstaltungsnetz 10Mbit
 vlan 100
 nameif 10Mbit_100
 security-level 20
 ip address 10.100.0.1 255.255.254.0 
!
interface Ethernet0/2.140
 description Veranstaltungsnetz 14Mbit
 vlan 140
 nameif 14Mbit_140
 security-level 20
 ip address 10.140.0.1 255.255.254.0 
!
interface Ethernet0/2.180
 description Veranstaltungsnetz 18Mbit
 vlan 180
 nameif 18Mbit_180
 security-level 20
 ip address 10.180.0.1 255.255.254.0 
!
interface Ethernet0/2.201
 description Managment LAN
 vlan 201
 nameif mgmt
 security-level 90
 ip address 192.168.201.1 255.255.255.0 
!
interface Ethernet0/2.220
 description Veranstaltungsnetz 22Mbit
 vlan 220
 nameif 22Mbit_220
 security-level 20
 ip address 10.220.0.1 255.255.254.0 
!
interface Ethernet0/2.221
 description Veranstaltungsnetz 22Mbit
 vlan 221
 nameif 22Mbit_221
 security-level 20
 ip address 10.221.0.1 255.255.254.0 
!
interface Ethernet0/2.260
 description Veranstaltungsnetz 26Mbit
 vlan 260
 nameif 26Mbit_260
 security-level 20
 ip address 10.26.0.1 255.255.240.0 
!
interface Ethernet0/2.301
 description DMZ1
 vlan 301
 nameif DMZ1
 security-level 20
 ip address 86.59.104.226 255.255.255.240 
!
interface Ethernet0/2.302
 description DMZ2
 vlan 302
 nameif DMZ2
 security-level 20
 ip address 213.129.235.34 255.255.255.240 
!
interface Ethernet0/2.510
 description Tontechnik Netz
 shutdown
 vlan 510
 nameif tontechnik
 security-level 50
 ip address 192.168.51.1 255.255.255.0 
!
interface Ethernet0/2.600
 shutdown
 vlan 600
 nameif Videoueberwachung
 security-level 20
 ip address 192.168.23.1 255.255.255.0 
!
interface Ethernet0/2.1026
 description Lichtsteuerung
 vlan 1026
 nameif Lichtsteuerung
 security-level 30
 ip address 192.168.149.1 255.255.255.0 
!
interface Ethernet0/3
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Management0/0
 management-only
 nameif management
 security-level 100
 ip address 192.168.1.1 255.255.255.0 
!
!
time-range OEHV-Kongress
 absolute end 23:59 23 January 2013
!
boot system disk0:/asa913-k8.bin
ftp mode passive
clock timezone CEST 1
clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
dns domain-lookup outside
dns domain-lookup inside
dns domain-lookup 2Mbit_20
dns domain-lookup 2Mbit_21
dns domain-lookup 2Mbit_22
dns domain-lookup 2Mbit_23
dns domain-lookup 4Mbit_40
dns domain-lookup 4Mbit_41
dns domain-lookup 4Mbit_42
dns domain-lookup 4Mbit_43
dns domain-lookup 4Mbit_44
dns domain-lookup 4Mbit_45
dns domain-lookup 4Mbit_46
dns domain-lookup 4Mbit_47
dns domain-lookup 6Mbit_60
dns domain-lookup 6Mbit_61
dns domain-lookup 6Mbit_62
dns domain-lookup 6Mbit_63
dns domain-lookup 10Mbit_100
dns domain-lookup 14Mbit_140
dns domain-lookup 18Mbit_180
dns domain-lookup mgmt
dns domain-lookup 22Mbit_220
dns domain-lookup 22Mbit_221
dns domain-lookup 26Mbit_260
dns domain-lookup DMZ1
dns domain-lookup DMZ2
dns domain-lookup Lichtsteuerung
dns domain-lookup management
dns server-group DefaultDNS
 name-server 10.0.0.1
 domain-name hofburg-vie.local
same-security-traffic permit intra-interface
object network RFC1918
 subnet 10.0.0.0 255.255.255.0
 description Created during name migration
object network www.markeding.at
 host 87.106.139.57
 description Created during name migration
object network DNS-Server_Silverserver
 host 213.129.232.1
 description Created during name migration
object network websense6
 subnet 103.1.196.0 255.255.252.0
 description Created during name migration
object network websense3
 subnet 116.50.56.0 255.255.248.0
 description Created during name migration
object network websense7
 subnet 177.39.96.0 255.255.252.0
 description Created during name migration
object network websense8
 subnet 196.216.238.0 255.255.254.0
 description Created during name migration
object network websense4
 subnet 208.87.232.0 255.255.248.0
 description Created during name migration
object network websense1
 subnet 85.115.32.0 255.255.224.0
 description Created during name migration
object network websense5
 subnet 86.111.220.0 255.255.252.0
 description Created during name migration
object network eu_aws_www2.hofburg.com
 host 54.194.39.37
 description Created during name migration
object network obj-86.59.104.237
 host 86.59.104.237
object network obj-86.59.104.227
 host 86.59.104.227
object network obj-86.59.104.228
 host 86.59.104.228
object network obj-86.59.104.229
 host 86.59.104.229
object network obj-86.59.104.230
 host 86.59.104.230
object network obj-86.59.104.231
 host 86.59.104.231
object network obj-86.59.104.232
 host 86.59.104.232
object network obj-86.59.104.233
 host 86.59.104.233
object network obj-86.59.104.234
 host 86.59.104.234
object network obj-10.1.0.0
 subnet 10.1.0.0 255.255.255.240
object network client-vpn-user
 subnet 10.2.0.0 255.255.255.0
object network obj-10.0.0.110
 host 10.0.0.110
object network obj-10.20.32.0
 subnet 10.20.32.0 255.255.248.0
object network client-vpn-user-01
 subnet 10.2.0.0 255.255.255.240
object network obj-10.0.0.1
 host 10.0.0.1
object network extern-NAT
 host 78.142.163.140
object network obj-10.0.0.1-01
 host 10.0.0.1
object network obj-10.0.0.1-02
 host 10.0.0.1
object network obj-10.0.0.102
 host 10.0.0.102
object network obj-10.0.0.252
 host 10.0.0.252
object network obj-10.0.0.252-01
 host 10.0.0.252
object network obj-10.0.0.252-02
 host 10.0.0.252
object network obj-10.0.0.252-03
 host 10.0.0.252
object network obj-10.0.0.252-04
 host 10.0.0.252
object network obj-10.0.0.113
 host 10.0.0.113
object network obj-10.0.0.1-03
 host 10.0.0.1
object network obj-10.0.0.113-01
 host 10.0.0.113
object network obj-10.0.0.113-02
 host 10.0.0.113
object network obj-10.0.0.2
 host 10.0.0.2
object network obj-10.0.0.114
 host 10.0.0.114
object network extern_newsletter
 host 78.142.163.142
object network obj-10.0.0.114-01
 host 10.0.0.114
object network obj-10.0.0.114-02
 host 10.0.0.114
object network obj-10.0.0.113-03
 host 10.0.0.113
object network extern_ebms
 host 78.142.163.132
object network obj-10.0.0.112
 host 10.0.0.112
object network obj-10.0.0.112-01
 host 10.0.0.112
object network obj-10.0.0.1-04
 host 10.0.0.1
object network obj-10.0.0.113-04
 host 10.0.0.113
object network obj-10.0.0.114-03
 host 10.0.0.114
object network obj-10.20.0.0
 subnet 10.20.0.0 255.255.252.0
object network obj-10.21.0.0
 subnet 10.21.0.0 255.255.252.0
object network obj-10.22.0.0
 subnet 10.22.0.0 255.255.252.0
object network obj-10.23.0.0
 subnet 10.23.0.0 255.255.252.0
object network obj-10.40.0.0
 subnet 10.40.0.0 255.255.252.0
object network obj-10.41.0.0
 subnet 10.41.0.0 255.255.252.0
object network obj-10.42.0.0
 subnet 10.42.0.0 255.255.252.0
object network obj-10.43.0.0
 subnet 10.43.0.0 255.255.252.0
object network obj-10.44.0.0
 subnet 10.44.0.0 255.255.252.0
object network obj-10.45.0.0
 subnet 10.45.0.0 255.255.252.0
object network obj-10.46.0.0
 subnet 10.46.0.0 255.255.252.0
object network obj-10.47.0.0
 subnet 10.47.0.0 255.255.252.0
object network obj-10.60.0.0
 subnet 10.60.0.0 255.255.252.0
object network obj-10.61.0.0
 subnet 10.61.0.0 255.255.252.0
object network obj-10.62.0.0
 subnet 10.62.0.0 255.255.252.0
object network obj-10.63.0.0
 subnet 10.63.0.0 255.255.252.0
object network obj-10.100.0.0
 subnet 10.100.0.0 255.255.254.0
object network obj-10.140.0.0
 subnet 10.140.0.0 255.255.254.0
object network obj-10.180.0.0
 subnet 10.180.0.0 255.255.254.0
object network obj-10.220.0.0
 subnet 10.220.0.0 255.255.254.0
object network obj-10.221.0.0
 subnet 10.221.0.0 255.255.254.0
object network obj-10.26.0.0
 subnet 10.26.0.0 255.255.240.0
object network obj-213.129.235.35
 host 213.129.235.35
object network obj-213.129.235.36
 host 213.129.235.36
object network obj-213.129.235.37
 host 213.129.235.37
object network obj-213.129.235.38
 host 213.129.235.38
object network obj-213.129.235.39
 host 213.129.235.39
object network obj-213.129.235.40
 host 213.129.235.40
object network obj-213.129.235.41
 host 213.129.235.41
object network obj-213.129.235.42
 host 213.129.235.42
object network obj-192.168.23.0
 subnet 192.168.23.0 255.255.255.0
object network obj-192.168.201.0
 subnet 192.168.201.0 255.255.255.0
object network RFC1918_1
 subnet 10.0.0.0 255.0.0.0
 description Created during name migration
object network allowed-external
 host 87.230.90.208
 description Created during name migration
object network NETWORK_OBJ_10.1.0.0_28
 subnet 10.1.0.0 255.255.255.240
object network Object_86.59.104.227
 host 86.59.104.227
object network DMZ1-network
 subnet 86.59.104.224 255.255.255.240
object network DMZ1
 host 86.59.104.227
 description Testing
object-group service Mail-Ports
 description SMTP, SMTPS, IMAP, IMAPS, POP3, POP3S
 service-object tcp destination eq imap4 
 service-object tcp destination eq pop3 
 service-object tcp destination eq smtp 
 service-object tcp destination eq 465 
 service-object tcp destination eq 587 
 service-object tcp destination eq 993 
 service-object tcp destination eq 995 
object-group service VPN
 description Cisco IPsec
 service-object udp destination eq isakmp 
 service-object udp destination range 1194 1199 
 service-object gre 
 service-object esp 
 service-object ah 
 service-object tcp destination eq pptp 
 service-object udp destination eq 1701 
 service-object tcp-udp destination eq 50 
 service-object udp destination eq 4500 
 service-object tcp destination eq 1477 
 service-object udp destination eq 1477 
 service-object tcp-udp destination eq 10000 
object-group service Skype
 service-object tcp destination eq 16922 
object-group service Internet-Services-all
 description erlaubte outbound Services von Veranstaltungs-vlans ins Internet
 service-object tcp destination eq ftp 
 service-object tcp destination eq ftp-data 
 service-object tcp destination eq www 
 service-object tcp destination eq https 
 service-object udp destination eq domain 
 group-object Mail-Ports
 service-object icmp 
 group-object VPN
 group-object Skype
 service-object tcp source eq 8080 destination eq 8080 
 service-object tcp destination eq 3389 
 service-object tcp destination eq 480 
 service-object udp destination eq 2746 
 service-object tcp-udp destination eq 10443 
 service-object tcp-udp destination eq 691 
 service-object tcp destination eq sqlnet 
 service-object tcp destination eq ssh 
 service-object esp 
 service-object tcp-udp destination eq 161 
 service-object tcp destination eq 2095 
 service-object tcp destination eq 4125 
object-group protocol TCPUDP
 protocol-object udp
 protocol-object tcp
object-group service externe-services
 service-object tcp destination eq 3101 
 service-object tcp destination eq 8023 
 service-object tcp destination eq 8080 
 service-object tcp destination eq 8888 
 service-object tcp destination eq 9000 
 service-object tcp destination eq www 
 service-object tcp destination eq https 
 service-object udp destination eq 1195 
 service-object udp destination eq 1196 
 service-object udp destination eq 1197 
 service-object udp destination eq 1198 
 service-object udp destination eq 1199 
 service-object tcp destination eq 81 
object-group service externe-services-source-limit
 service-object tcp destination eq 1433 
 service-object udp destination eq 1434 
object-group service RDP
 service-object tcp destination eq 3389 
object-group service websense-smtp tcp
 port-object eq smtp
object-group service udp_hoch udp
 port-object range 2000 65535
object-group protocol DM_INLINE_PROTOCOL_1
 protocol-object ip
 protocol-object udp
 protocol-object tcp
object-group protocol DM_INLINE_PROTOCOL_2
 protocol-object ip
 protocol-object gre
object-group network DM_INLINE_NETWORK_1
 network-object object RFC1918
 network-object 192.168.201.0 255.255.255.0
object-group network DM_INLINE_NETWORK_2
 network-object 213.129.235.32 255.255.255.240
 network-object object RFC1918
 network-object object DMZ1-network
object-group network DM_INLINE_NETWORK_3
 network-object 213.129.235.32 255.255.255.240
 network-object 78.142.187.240 255.255.255.248
 network-object object RFC1918
 network-object object DMZ1-network
object-group network DM_INLINE_NETWORK_4
 network-object 192.168.149.0 255.255.255.0
 network-object 192.168.201.0 255.255.255.0
 network-object object RFC1918
object-group service externe-services-lockdown-mode
 service-object tcp destination eq 3101 
 service-object tcp destination eq https 
 service-object udp destination eq 1195 
 service-object udp destination eq 1196 
 service-object udp destination eq 1197 
 service-object udp destination eq 1198 
 service-object udp destination eq 1199 
object-group service DM_INLINE_SERVICE_2
 service-object icmp timestamp-reply
 service-object udp destination eq netbios-ns 
object-group service fs-test
 service-object tcp destination range 12000 12999 
 service-object tcp destination range 20000 30000 
 service-object tcp destination eq 8995 
object-group network marke-ding-restrictions
 network-object 209.85.148.0 255.255.255.0
 network-object host 37.235.63.30
 network-object host 78.47.198.196
 network-object host 85.126.82.60
 network-object object www.markeding.at
 network-object host 91.227.204.35
 network-object host 173.194.35.191
 network-object host 173.194.67.26
 network-object host 173.194.68.26
 network-object host 173.194.77.26
 network-object host 74.125.131.26
 network-object host 74.125.134.26
 network-object 74.125.227.0 255.255.255.0
 network-object 173.194.35.0 255.255.255.0
 network-object 176.52.247.0 255.255.255.0
 network-object host 88.80.208.166
 network-object object DNS-Server_Silverserver
 network-object object RFC1918
object-group service DM_INLINE_SERVICE_4
 service-object ip 
 group-object Internet-Services-all
object-group network websense-incoming
 description incoming websense smtp servers
 network-object object websense6
 network-object object websense3
 network-object object websense7
 network-object object websense8
 network-object object websense4
 network-object object websense1
 network-object 86.111.216.0 255.255.254.0
 network-object object websense5
 network-object object eu_aws_www2.hofburg.com
 network-object object DNS-Server_Silverserver
 network-object object RFC1918
 network-object object www.markeding.at
object-group protocol DM_INLINE_PROTOCOL_3
 protocol-object icmp
 protocol-object igmp
 protocol-object gre
 protocol-object esp
 protocol-object ah
 protocol-object eigrp
object-group service TEMP-VA
 service-object tcp destination eq 6000 
 service-object tcp destination eq 60124 
object-group network DM_INLINE_NETWORK_6
 network-object 213.129.235.32 255.255.255.240
 network-object 78.142.187.240 255.255.255.248
 network-object object DNS-Server_Silverserver
 network-object object RFC1918
 network-object object DMZ1-network
object-group protocol DM_INLINE_PROTOCOL_4
 protocol-object icmp
 protocol-object udp
 protocol-object igmp
 protocol-object gre
 protocol-object esp
 protocol-object ah
 protocol-object tcp
 protocol-object eigrp
object-group service streaming-ports
 service-object tcp destination eq 1935 
object-group service DM_INLINE_UDP_1 udp
 port-object eq 1195
 port-object eq 1196
 port-object eq 1197
 port-object eq 1198
 port-object eq 1199
object-group service DM_INLINE_TCP_1 tcp
 port-object eq 8080
 port-object eq www
 port-object eq https
object-group service DM_INLINE_SERVICE_1
 service-object tcp-udp destination eq 1433 
 service-object tcp destination eq www 
 service-object tcp destination eq 3101 
object-group service DM_INLINE_SERVICE_3
 service-object icmp 
 service-object tcp destination eq www 
 service-object tcp destination eq smtp 
 service-object tcp-udp destination eq 8044 
object-group network DM_INLINE_NETWORK_7
 network-object 213.129.235.32 255.255.255.240
 network-object object DMZ1-network
object-group service DM_INLINE_SERVICE_5
 service-object ip 
 group-object Internet-Services-all
object-group service DM_INLINE_SERVICE_7
 service-object ip 
 group-object Internet-Services-all
access-list 4Mbit_42_access_in extended permit udp 10.42.0.0 255.255.252.0 object DNS-Server_Silverserver eq domain 
access-list 4Mbit_42_access_in remark von allen Veranstaltungs-vlans ins Internet erlaubte services
access-list 4Mbit_42_access_in extended permit object-group Internet-Services-all 10.42.0.0 255.255.252.0 any4 
access-list 4Mbit_42_access_in extended deny ip 10.42.0.0 255.255.255.240 object RFC1918 
access-list 4Mbit_42_access_in extended permit ip 10.42.0.0 255.255.255.240 any4 
access-list 4Mbit_46_access_in extended permit udp 10.46.0.0 255.255.252.0 object DNS-Server_Silverserver eq domain 
access-list 4Mbit_46_access_in remark von allen Veranstaltungs-vlans ins Internet erlaubte services
access-list 4Mbit_46_access_in extended permit object-group Internet-Services-all 10.46.0.0 255.255.252.0 any4 
access-list 4Mbit_46_access_in extended permit ip 10.46.0.0 255.255.252.0 178.248.208.0 255.255.248.0 
access-list 4Mbit_46_access_in extended permit ip 10.46.0.0 255.255.252.0 213.152.4.0 255.255.255.0 
access-list 4Mbit_46_access_in extended permit ip 10.46.0.0 255.255.252.0 83.167.35.0 255.255.255.0 
access-list 4Mbit_46_access_in extended deny ip 10.46.0.0 255.255.255.240 object RFC1918 
access-list 4Mbit_46_access_in extended permit ip 10.46.0.0 255.255.255.240 any4 
access-list 6Mbit_61_access_in extended permit udp 10.61.0.0 255.255.252.0 object DNS-Server_Silverserver eq domain 
access-list 6Mbit_61_access_in remark von allen Veranstaltungs-vlans ins Internet erlaubte services
access-list 6Mbit_61_access_in extended permit object-group Internet-Services-all 10.61.0.0 255.255.252.0 any4 
access-list 6Mbit_61_access_in extended deny ip 10.61.0.0 255.255.255.240 object RFC1918 
access-list 6Mbit_61_access_in extended permit ip 10.61.0.0 255.255.255.240 any4 
access-list 22Mbit_221_access_in extended permit udp 10.221.0.0 255.255.254.0 object DNS-Server_Silverserver eq domain 
access-list 22Mbit_221_access_in remark von allen Veranstaltungs-vlans ins Internet erlaubte services
access-list 22Mbit_221_access_in extended permit object-group Internet-Services-all 10.221.0.0 255.255.254.0 any4 
access-list 22Mbit_221_access_in extended deny ip 10.221.0.0 255.255.255.240 object RFC1918 
access-list 22Mbit_221_access_in extended permit ip 10.221.0.0 255.255.255.240 any4 
access-list 10Mbit_101_access_in extended permit udp 10.101.0.0 255.255.254.0 object DNS-Server_Silverserver eq domain 
access-list 10Mbit_101_access_in remark von allen Veranstaltungs-vlans ins Internet erlaubte services
access-list 10Mbit_101_access_in extended permit object-group Internet-Services-all 10.101.0.0 255.255.254.0 any4 
access-list 10Mbit_101_access_in extended deny ip 10.101.0.0 255.255.255.240 object RFC1918 
access-list 10Mbit_101_access_in extended permit ip 10.101.0.0 255.255.255.240 any4 
access-list 4Mbit_45_access_in extended permit udp 10.45.0.0 255.255.252.0 object DNS-Server_Silverserver eq domain 
access-list 4Mbit_45_access_in remark von allen Veranstaltungs-vlans ins Internet erlaubte services
access-list 4Mbit_45_access_in extended permit object-group Internet-Services-all 10.45.0.0 255.255.252.0 any4 
access-list 4Mbit_45_access_in extended deny ip 10.45.0.0 255.255.255.240 object RFC1918 
access-list 4Mbit_45_access_in extended permit ip 10.45.0.0 255.255.255.240 any4 
access-list 4Mbit_45_access_in extended permit ip any4 any4 
access-list 6Mbit_60_access_in extended permit udp 10.60.0.0 255.255.252.0 object DNS-Server_Silverserver eq domain 
access-list 6Mbit_60_access_in remark von allen Veranstaltungs-vlans ins Internet erlaubte services
access-list 6Mbit_60_access_in extended permit object-group Internet-Services-all 10.60.0.0 255.255.252.0 any4 
access-list 6Mbit_60_access_in extended deny ip 10.60.0.0 255.255.255.240 object RFC1918 
access-list 6Mbit_60_access_in extended permit ip 10.60.0.0 255.255.255.240 any4 
access-list 2Mbit_21_access_in extended permit udp 10.21.0.0 255.255.252.0 object DNS-Server_Silverserver eq domain 
access-list 2Mbit_21_access_in remark von allen Veranstaltungs-vlans ins Internet erlaubte services
access-list 2Mbit_21_access_in extended permit object-group Internet-Services-all 10.21.0.0 255.255.252.0 any4 
access-list 2Mbit_21_access_in extended deny ip 10.21.0.0 255.255.255.240 object RFC1918 
access-list 2Mbit_21_access_in extended permit ip 10.21.0.0 255.255.255.240 any4 
access-list 2Mbit_23_access_in extended permit udp 10.23.0.0 255.255.252.0 object DNS-Server_Silverserver eq domain 
access-list 2Mbit_23_access_in remark von allen Veranstaltungs-vlans ins Internet erlaubte services
access-list 2Mbit_23_access_in extended permit object-group Internet-Services-all 10.23.0.0 255.255.252.0 any4 
access-list 2Mbit_23_access_in extended deny ip 10.23.0.0 255.255.255.240 object RFC1918 
access-list 2Mbit_23_access_in extended permit object-group DM_INLINE_PROTOCOL_2 10.23.0.0 255.255.255.240 any4 
access-list 18Mbit_180_access_in extended permit udp 10.180.0.0 255.255.254.0 object DNS-Server_Silverserver eq domain 
access-list 18Mbit_180_access_in remark von allen Veranstaltungs-vlans ins Internet erlaubte services
access-list 18Mbit_180_access_in extended permit object-group Internet-Services-all 10.180.0.0 255.255.254.0 any4 
access-list 18Mbit_180_access_in extended deny ip 10.180.0.0 255.255.255.240 object RFC1918 
access-list 18Mbit_180_access_in extended permit ip 10.180.0.0 255.255.255.240 any4 
access-list 2Mbit_20_access_in extended permit udp 10.20.0.0 255.255.252.0 object DNS-Server_Silverserver eq domain 
access-list 2Mbit_20_access_in remark von allen Veranstaltungs-vlans ins Internet erlaubte services
access-list 2Mbit_20_access_in extended permit object-group Internet-Services-all 10.20.0.0 255.255.252.0 any4 
access-list 2Mbit_20_access_in extended deny ip 10.20.0.0 255.255.255.240 object RFC1918 
access-list 2Mbit_20_access_in extended permit ip 10.20.0.0 255.255.255.240 any4 
access-list 2Mbit_20_access_in extended permit object-group DM_INLINE_PROTOCOL_1 any4 any4 inactive 
access-list 18Mbit_181_access_in extended permit udp 10.181.0.0 255.255.254.0 object DNS-Server_Silverserver eq domain 
access-list 18Mbit_181_access_in remark von allen Veranstaltungs-vlans ins Internet erlaubte services
access-list 18Mbit_181_access_in extended permit object-group Internet-Services-all 10.181.0.0 255.255.254.0 any4 
access-list 18Mbit_181_access_in extended deny ip 10.181.0.0 255.255.255.240 object RFC1918 
access-list 18Mbit_181_access_in extended permit ip 10.181.0.0 255.255.255.240 any4 
access-list 10Mbit_100_access_in extended permit udp 10.100.0.0 255.255.254.0 object DNS-Server_Silverserver eq domain 
access-list 10Mbit_100_access_in extended deny ip 10.100.0.0 255.255.255.240 object RFC1918 
access-list 10Mbit_100_access_in extended permit ip 10.100.0.0 255.255.255.240 any4 inactive 
access-list 10Mbit_100_access_in extended permit object-group Internet-Services-all 10.100.0.0 255.255.254.0 object-group marke-ding-restrictions 
access-list 10Mbit_100_access_in extended permit object-group Internet-Services-all 10.100.0.0 255.255.254.0 any4 inactive 
access-list 10Mbit_100_access_in extended permit ip any4 any4 
access-list 2Mbit_22_access_in extended permit udp 10.22.0.0 255.255.252.0 object DNS-Server_Silverserver eq domain 
access-list 2Mbit_22_access_in remark von allen Veranstaltungs-vlans ins Internet erlaubte services
access-list 2Mbit_22_access_in extended permit ip 10.22.0.0 255.255.252.0 any4 time-range OEHV-Kongress 
access-list 2Mbit_22_access_in remark von allen Veranstaltungs-vlans ins Internet erlaubte services
access-list 2Mbit_22_access_in extended permit object-group Internet-Services-all 10.22.0.0 255.255.252.0 any4 
access-list 2Mbit_22_access_in extended deny ip 10.22.0.0 255.255.255.240 object RFC1918 
access-list 2Mbit_22_access_in extended permit ip 10.22.0.0 255.255.255.240 any4 
access-list 6Mbit_62_access_in extended permit udp 10.62.0.0 255.255.252.0 object DNS-Server_Silverserver eq domain 
access-list 6Mbit_62_access_in remark von allen Veranstaltungs-vlans ins Internet erlaubte services
access-list 6Mbit_62_access_in extended permit object-group Internet-Services-all 10.62.0.0 255.255.252.0 any4 
access-list 6Mbit_62_access_in extended deny ip 10.62.0.0 255.255.255.240 object RFC1918 
access-list 6Mbit_62_access_in extended permit ip 10.62.0.0 255.255.255.240 any4 
access-list 4Mbit_40_access_in extended permit udp 10.40.0.0 255.255.252.0 object DNS-Server_Silverserver eq domain 
access-list 4Mbit_40_access_in remark von allen Veranstaltungs-vlans ins Internet erlaubte services
access-list 4Mbit_40_access_in extended permit object-group Internet-Services-all 10.40.0.0 255.255.252.0 any4 
access-list 4Mbit_40_access_in extended deny ip 10.40.0.0 255.255.255.240 object RFC1918 
access-list 4Mbit_40_access_in extended permit ip 10.40.0.0 255.255.255.240 any4 
access-list 4Mbit_47_access_in extended deny icmp object RFC1918 any4 timestamp-reply inactive 
access-list 4Mbit_47_access_in extended permit udp 10.47.0.0 255.255.252.0 object DNS-Server_Silverserver eq domain inactive 
access-list 4Mbit_47_access_in remark von allen Veranstaltungs-vlans ins Internet erlaubte services
access-list 4Mbit_47_access_in extended permit object-group Internet-Services-all 10.47.0.0 255.255.252.0 any4 inactive 
access-list 4Mbit_47_access_in extended permit ip host 10.0.0.1 10.47.0.0 255.255.252.0 inactive 
access-list 4Mbit_47_access_in extended permit ip 10.47.0.0 255.255.252.0 host 10.0.0.1 inactive 
access-list 4Mbit_47_access_in extended deny ip 10.47.0.0 255.255.252.0 object RFC1918 inactive 
access-list 4Mbit_47_access_in extended permit ip 10.47.0.0 255.255.252.0 any4 
access-list 4Mbit_47_access_in extended permit udp 10.47.0.0 255.255.252.0 any4 eq ntp inactive 
access-list 14Mbit_140_access_in remark openmail test
access-list 14Mbit_140_access_in extended permit tcp any4 any4 eq 5767 
access-list 14Mbit_140_access_in remark testssl
access-list 14Mbit_140_access_in extended permit tcp any4 any4 eq 993 
access-list 14Mbit_140_access_in remark testssl
access-list 14Mbit_140_access_in extended permit tcp any4 any4 eq 587 
access-list 14Mbit_140_access_in remark testssl
access-list 14Mbit_140_access_in extended permit tcp any4 any4 eq 421 
access-list 14Mbit_140_access_in remark testssl
access-list 14Mbit_140_access_in extended permit tcp any4 any4 eq 465 
access-list 14Mbit_140_access_in remark testssl
access-list 14Mbit_140_access_in extended permit tcp any4 any4 eq 995 
access-list 14Mbit_140_access_in extended permit udp 10.140.0.0 255.255.254.0 object DNS-Server_Silverserver eq domain 
access-list 14Mbit_140_access_in remark von allen Veranstaltungs-vlans ins Internet erlaubte services
access-list 14Mbit_140_access_in extended permit object-group Internet-Services-all 10.140.0.0 255.255.254.0 any4 
access-list 14Mbit_140_access_in extended deny ip 10.140.0.0 255.255.255.240 object RFC1918 
access-list 14Mbit_140_access_in extended permit ip 10.140.0.0 255.255.255.240 any4 
access-list 6Mbit_63_access_in extended permit udp 10.63.0.0 255.255.252.0 object DNS-Server_Silverserver eq domain 
access-list 6Mbit_63_access_in remark von allen Veranstaltungs-vlans ins Internet erlaubte services
access-list 6Mbit_63_access_in extended permit object-group Internet-Services-all 10.63.0.0 255.255.252.0 any4 
access-list 6Mbit_63_access_in extended deny ip 10.62.0.0 255.255.255.240 object RFC1918 
access-list 6Mbit_63_access_in extended permit ip 10.62.0.0 255.255.255.240 any4 
access-list 4Mbit_43_access_in extended permit udp 10.43.0.0 255.255.252.0 object DNS-Server_Silverserver eq domain 
access-list 4Mbit_43_access_in remark von allen Veranstaltungs-vlans ins Internet erlaubte services
access-list 4Mbit_43_access_in extended permit ip 10.43.0.0 255.255.252.0 any4 
access-list 4Mbit_43_access_in extended deny ip 10.43.0.0 255.255.252.0 object RFC1918 
access-list 4Mbit_43_access_in extended permit ip 10.43.0.0 255.255.255.240 any4 
access-list 4Mbit_43_access_in extended deny ip 10.43.0.0 255.255.255.240 object RFC1918 
access-list 4Mbit_44_access_in extended permit udp 10.44.0.0 255.255.252.0 object DNS-Server_Silverserver eq domain 
access-list 4Mbit_44_access_in remark von allen Veranstaltungs-vlans ins Internet erlaubte services
access-list 4Mbit_44_access_in extended permit object-group Internet-Services-all 10.44.0.0 255.255.252.0 any4 
access-list 4Mbit_44_access_in extended deny ip 10.44.0.0 255.255.255.240 object RFC1918 
access-list 4Mbit_44_access_in extended permit ip 10.44.0.0 255.255.255.240 any4 
access-list 14Mbit_141_access_in extended permit udp 10.141.0.0 255.255.254.0 object DNS-Server_Silverserver eq domain 
access-list 14Mbit_141_access_in remark von allen Veranstaltungs-vlans ins Internet erlaubte services
access-list 14Mbit_141_access_in extended permit object-group Internet-Services-all 10.141.0.0 255.255.254.0 any4 
access-list 14Mbit_141_access_in extended deny ip 10.141.0.0 255.255.255.240 object RFC1918 
access-list 14Mbit_141_access_in extended permit ip 10.141.0.0 255.255.255.240 any4 
access-list 4Mbit_41_access_in extended permit udp 10.41.0.0 255.255.252.0 object DNS-Server_Silverserver eq domain 
access-list 4Mbit_41_access_in remark von allen Veranstaltungs-vlans ins Internet erlaubte services
access-list 4Mbit_41_access_in extended permit object-group Internet-Services-all 10.41.0.0 255.255.252.0 any4 
access-list 4Mbit_41_access_in extended deny ip 10.41.0.0 255.255.252.0 object RFC1918 
access-list 4Mbit_41_access_in extended deny ip 10.41.0.0 255.255.255.240 object RFC1918 
access-list 4Mbit_41_access_in extended permit ip 10.41.0.0 255.255.252.0 any4 
access-list 4Mbit_41_access_in extended permit ip 10.41.0.0 255.255.255.240 any4 
access-list 26Mbit_260_access_in extended permit udp 10.26.0.0 255.255.240.0 object DNS-Server_Silverserver eq domain 
access-list 26Mbit_260_access_in remark von allen Veranstaltungs-vlans ins Internet erlaubte services
access-list 26Mbit_260_access_in extended permit object-group Internet-Services-all 10.26.0.0 255.255.240.0 any4 
access-list 26Mbit_260_access_in extended deny ip 10.26.0.0 255.255.255.240 object RFC1918 
access-list 26Mbit_260_access_in extended permit ip 10.26.0.0 255.255.255.240 any4 
access-list 26Mbit_260_access_in extended permit ip any4 any4 inactive 
access-list 26Mbit_260_access_in extended permit object-group TCPUDP any4 any4 
access-list 22Mbit_220_access_in extended permit udp 10.220.0.0 255.255.254.0 object DNS-Server_Silverserver eq domain 
access-list 22Mbit_220_access_in remark von allen Veranstaltungs-vlans ins Internet erlaubte services
access-list 22Mbit_220_access_in extended permit object-group Internet-Services-all 10.220.0.0 255.255.254.0 any4 
access-list 22Mbit_220_access_in extended deny ip 10.220.0.0 255.255.255.240 object RFC1918 
access-list 22Mbit_220_access_in extended permit ip 10.220.0.0 255.255.255.240 any4 
access-list hofburg_splitTunnelAcl standard permit 10.0.0.0 255.255.255.0 
access-list hofburg_splitTunnelAcl standard permit 192.168.201.0 255.255.255.0 
access-list management_nat0_outbound extended permit ip object RFC1918 10.1.0.0 255.255.255.240 
access-list management_nat0_outbound extended permit ip 192.168.201.0 255.255.255.0 10.1.0.0 255.255.255.240 
access-list 20-out extended deny ip object RFC1918 10.20.0.0 255.255.252.0 
access-list 20-out extended permit ip any4 10.20.0.0 255.255.252.0 
access-list 21-out extended deny ip object RFC1918 10.21.0.0 255.255.252.0 
access-list 21-out extended permit ip any4 10.21.0.0 255.255.252.0 
access-list 22-out extended deny ip object RFC1918 10.22.0.0 255.255.252.0 
access-list 22-out extended permit ip any4 10.22.0.0 255.255.252.0 
access-list 23-out extended deny ip object RFC1918 10.23.0.0 255.255.252.0 
access-list 23-out extended permit ip any4 10.23.0.0 255.255.252.0 
access-list 20-in extended deny ip 10.20.0.0 255.255.252.0 object RFC1918 
access-list 20-in extended permit ip 10.20.0.0 255.255.252.0 any4 
access-list 21-in extended deny ip 10.21.0.0 255.255.252.0 object RFC1918 
access-list 21-in extended permit ip 10.21.0.0 255.255.252.0 any4 
access-list 22-in extended deny ip 10.22.0.0 255.255.252.0 object RFC1918 
access-list 22-in extended permit ip 10.22.0.0 255.255.252.0 any4 
access-list 23-in extended deny ip 10.23.0.0 255.255.252.0 object RFC1918 
access-list 23-in extended permit ip 10.23.0.0 255.255.252.0 any4 
access-list 40-out extended deny ip object RFC1918 10.40.0.0 255.255.252.0 
access-list 40-out extended permit ip any4 10.40.0.0 255.255.252.0 
access-list 41-out extended deny ip object RFC1918 10.41.0.0 255.255.252.0 
access-list 41-out extended permit ip any4 10.41.0.0 255.255.252.0 
access-list 42-out extended deny ip object RFC1918 10.42.0.0 255.255.252.0 
access-list 42-out extended permit ip any4 10.42.0.0 255.255.252.0 
access-list 43-out extended deny ip object RFC1918 10.43.0.0 255.255.252.0 
access-list 43-out extended permit ip any4 10.43.0.0 255.255.252.0 
access-list 44-out extended deny ip object RFC1918 10.44.0.0 255.255.252.0 
access-list 44-out extended permit ip any4 10.44.0.0 255.255.252.0 
access-list 4Mbit_45_mpc extended deny ip object RFC1918 10.45.0.0 255.255.252.0 
access-list 4Mbit_45_mpc extended permit ip any4 10.45.0.0 255.255.252.0 
access-list 46-out extended deny ip object RFC1918 10.46.0.0 255.255.252.0 
access-list 46-out extended permit ip any4 10.46.0.0 255.255.252.0 
access-list 47-out extended deny ip object RFC1918 10.47.0.0 255.255.252.0 
access-list 47-out extended permit ip any4 10.47.0.0 255.255.252.0 
access-list 40-in extended deny ip 10.40.0.0 255.255.252.0 object RFC1918 
access-list 40-in extended permit ip 10.40.0.0 255.255.252.0 any4 
access-list 41-in extended deny ip 10.41.0.0 255.255.252.0 object RFC1918 
access-list 41-in extended permit ip 10.41.0.0 255.255.252.0 any4 
access-list 10-out extended permit ip host 10.0.0.113 any4 
access-list 10-in extended permit ip any4 host 10.0.0.113 
access-list client-vpn-user remark Lichtsteuerung netz
access-list client-vpn-user standard permit host 192.168.149.0 
access-list client-vpn-user-rest standard permit 10.0.0.0 255.255.255.0 
access-list client-vpn-user-rest-1 standard permit 10.0.0.0 255.255.255.0 
access-list client-vpn-user-rest-1 standard permit host 192.168.149.0 
access-list inside_nat0_outbound remark Retour Traffic ins ClientVPN netz Umgehung zu HideNAT
access-list inside_nat0_outbound extended permit ip object-group DM_INLINE_NETWORK_1 10.1.0.0 255.255.255.240 
access-list inside_nat0_outbound remark Retour Traffic Hide-NAT Ausnahme!
access-list inside_nat0_outbound extended permit ip object RFC1918 object client-vpn-user 
access-list inside_nat0_outbound extended permit ip any4 10.1.0.0 255.255.255.240 
access-list inside_nat0_outbound extended permit ip host 10.0.0.110 10.20.32.0 255.255.248.0 
access-list inside_nat0_outbound extended permit ip any4 object client-vpn-user-01 
access-list 110 extended deny ip object RFC1918_1 object RFC1918 
access-list 110 extended deny ip 192.168.0.0 255.255.0.0 object RFC1918 
access-list 110 extended permit ip any4 object RFC1918 
access-list 111 extended deny ip object RFC1918 192.168.0.0 255.255.0.0 
access-list 111 extended deny ip object RFC1918 object RFC1918_1 
access-list 111 extended permit ip object RFC1918 any4 
access-list 42-in extended deny ip 10.42.0.0 255.255.252.0 object RFC1918 
access-list 42-in extended permit ip 10.42.0.0 255.255.252.0 any4 
access-list 43-in extended deny ip 10.43.0.0 255.255.252.0 object RFC1918 
access-list 43-in extended permit ip 10.43.0.0 255.255.252.0 any4 
access-list 44-in extended deny ip 10.44.0.0 255.255.252.0 object RFC1918 
access-list 44-in extended permit ip 10.44.0.0 255.255.252.0 any4 
access-list 45-in extended deny ip 10.45.0.0 255.255.252.0 object RFC1918 
access-list 45-in extended permit ip 10.45.0.0 255.255.252.0 any4 
access-list 46-in extended deny ip 10.46.0.0 255.255.252.0 object RFC1918 
access-list 46-in extended permit ip 10.46.0.0 255.255.252.0 any4 
access-list 47-in extended deny ip 10.47.0.0 255.255.252.0 object RFC1918 
access-list 47-in extended permit ip 10.47.0.0 255.255.252.0 any4 
access-list 60-out extended deny ip object RFC1918 10.60.0.0 255.255.252.0 
access-list 60-out extended permit ip any4 10.60.0.0 255.255.252.0 
access-list 61-out extended deny ip object RFC1918 10.61.0.0 255.255.252.0 inactive 
access-list 61-out extended permit ip any4 10.61.0.0 255.255.252.0 inactive 
access-list 62-out extended deny ip object RFC1918 10.62.0.0 255.255.252.0 
access-list 62-out extended permit ip any4 10.62.0.0 255.255.252.0 
access-list 63-out extended deny ip object RFC1918 10.63.0.0 255.255.252.0 
access-list 63-out extended permit ip any4 10.63.0.0 255.255.252.0 
access-list 60-in extended deny ip object RFC1918 10.60.0.0 255.255.252.0 
access-list 60-in extended permit ip 10.60.0.0 255.255.252.0 any4 
access-list 61-in extended deny ip object RFC1918 10.61.0.0 255.255.252.0 inactive 
access-list 61-in extended permit ip 10.61.0.0 255.255.252.0 any4 inactive 
access-list 62-in extended deny ip object RFC1918 10.62.0.0 255.255.252.0 
access-list 62-in extended permit ip 10.62.0.0 255.255.252.0 any4 
access-list 63-in extended deny ip object RFC1918 10.63.0.0 255.255.252.0 
access-list 63-in extended permit ip 192.168.0.0 255.255.252.0 any4 
access-list 100-out extended deny ip object RFC1918 10.100.0.0 255.255.254.0 
access-list 100-out extended permit ip any4 10.100.0.0 255.255.254.0 
access-list 101-out extended deny ip object RFC1918 10.101.0.0 255.255.254.0 
access-list 101-out extended permit ip any4 10.101.0.0 255.255.254.0 
access-list 100-in extended deny ip 10.100.0.0 255.255.254.0 object RFC1918 
access-list 100-in extended permit ip 10.100.0.0 255.255.254.0 any4 
access-list 101-in extended deny ip 10.101.0.0 255.255.254.0 object RFC1918 
access-list 101-in extended permit ip 10.101.0.0 255.255.254.0 any4 
access-list 140-out extended deny ip object RFC1918 10.140.0.0 255.255.254.0 
access-list 140-out extended permit ip any4 10.140.0.0 255.255.254.0 
access-list 140-out extended deny ip 10.140.0.0 255.255.254.0 object RFC1918 
access-list 141-out extended deny ip object RFC1918 10.141.0.0 255.255.254.0 
access-list 141-out extended permit ip any4 10.141.0.0 255.255.254.0 
access-list 141-out extended deny ip 10.141.0.0 255.255.254.0 object RFC1918 
access-list 140-in extended permit ip 10.140.0.0 255.255.254.0 any4 
access-list 141-in extended permit ip 10.141.0.0 255.255.254.0 any4 
access-list 180-out extended deny ip object RFC1918 10.180.0.0 255.255.254.0 
access-list 180-out extended permit ip any4 10.180.0.0 255.255.254.0 
access-list 181-out extended deny ip object RFC1918 10.181.0.0 255.255.254.0 
access-list 181-out extended permit ip any4 10.181.0.0 255.255.254.0 
access-list 180-in extended deny ip 10.180.0.0 255.255.254.0 object RFC1918 
access-list 180-in extended permit ip 10.180.0.0 255.255.254.0 any4 
access-list 181-in extended deny ip 10.181.0.0 255.255.254.0 object RFC1918 
access-list 181-in extended permit ip 10.181.0.0 255.255.254.0 any4 
access-list 220-out extended deny ip object RFC1918 10.220.0.0 255.255.254.0 
access-list 220-out extended permit ip any4 10.220.0.0 255.255.254.0 
access-list 221-out extended deny ip object RFC1918 10.221.0.0 255.255.254.0 
access-list 221-out extended permit ip any4 10.221.0.0 255.255.254.0 
access-list 220-in extended deny ip 10.220.0.0 255.255.254.0 object RFC1918 
access-list 220-in extended permit ip 10.220.0.0 255.255.254.0 any4 
access-list 221-in extended deny ip 10.221.0.0 255.255.254.0 object RFC1918 
access-list 221-in extended permit ip 10.221.0.0 255.255.254.0 any4 
access-list 260-out extended deny ip object RFC1918 10.26.0.0 255.255.240.0 
access-list 260-out extended permit ip any4 10.26.0.0 255.255.240.0 
access-list 260-in extended deny ip 10.26.0.0 255.255.240.0 object RFC1918 
access-list 260-in extended permit ip 10.26.0.0 255.255.240.0 any4 
access-list dmz-out remark OZ Modified Commited Rate
access-list dmz-out extended permit ip any4 78.142.187.240 255.255.255.248 
access-list dmz-in extended deny ip 78.142.187.240 255.255.255.248 object RFC1918 
access-list dmz-in remark OZ Modified Commited Rate
access-list dmz-in extended permit ip 78.142.187.240 255.255.255.248 any4 
access-list inside_access_in extended deny object-group DM_INLINE_SERVICE_2 object RFC1918 object-group DM_INLINE_NETWORK_4 
access-list inside_access_in extended permit ip any4 any4 
access-list inside_access_in extended deny ip 192.168.50.0 255.255.255.0 object RFC1918 
access-list inside_access_in extended deny ip object RFC1918 192.168.50.0 255.255.255.0 
access-list wmcap1 extended permit tcp host 10.0.0.114 any4 eq smtp 
access-list wmcap1 extended permit tcp any4 host 10.0.0.114 eq smtp 
access-list wmcap1 extended permit tcp any4 object extern-NAT eq smtp 
access-list wmcap1 extended permit tcp host 78.142.163.131 any4 eq smtp 
access-list wmcap1 extended permit tcp any4 host 78.142.163.131 eq smtp 
access-list wmcap1 extended permit tcp host 10.0.0.112 any4 eq smtp 
access-list wmcap1 extended permit tcp any4 host 10.0.0.112 eq smtp 
access-list wmcap1 extended permit tcp object extern-NAT any4 eq smtp 
access-list Videoueberwachung_access_in extended permit ip any4 any4 
access-list DMZ1_mpc remark OZ Modified Commited Rate
access-list DMZ1_mpc extended permit ip any4 object DMZ1-network 
access-list DMZ1_mpc extended deny ip object RFC1918 object DMZ1-network 
access-list Videoueberwachung_mpc_1 extended deny ip host 78.142.163.138 object RFC1918 
access-list Videoueberwachung_mpc_1 extended permit ip host 78.142.163.138 any4 
access-list DMZ1_mpc_1 remark OZ Modified Commited Rate
access-list DMZ1_mpc_1 extended permit ip object DMZ1-network any4 
access-list DMZ1_mpc_1 extended deny ip object DMZ1-network object RFC1918 
access-list DMZ2_mpc extended deny ip 213.129.235.32 255.255.255.240 object RFC1918 
access-list DMZ2_mpc remark OZ Modified Commited Rate
access-list DMZ2_mpc extended permit ip 213.129.235.32 255.255.255.240 any4 
access-list DMZ2_mpc_1 extended deny ip object RFC1918 213.129.235.32 255.255.255.240 
access-list DMZ2_mpc_1 remark OZ Modified Commited Rate
access-list DMZ2_mpc_1 extended permit ip any4 213.129.235.32 255.255.255.240 
access-list Videoueberwachung_mpc extended deny ip object RFC1918 host 78.142.163.138 
access-list Videoueberwachung_mpc extended permit ip any4 host 78.142.163.138 
access-list DMZ1_access_in remark von DMZ aus keine Einschränkungen ins Internet
access-list DMZ1_access_in extended permit ip any4 any4 
access-list DMZ2_access_in remark von DMZ aus keine Einschränkungen ins Internet
access-list DMZ2_access_in extended permit object-group DM_INLINE_SERVICE_7 213.129.235.32 255.255.255.240 any4 
access-list outside_nat_static extended permit ip host 86.59.104.237 any4 
access-list 4Mbit_45_access_in_1 extended permit udp 10.45.0.0 255.255.252.0 object DNS-Server_Silverserver eq domain 
access-list 4Mbit_45_access_in_1 remark von allen Veranstaltungs-vlans ins Internet erlaubte services
access-list 4Mbit_45_access_in_1 extended permit ip 10.45.0.0 255.255.252.0 any4 
access-list 4Mbit_45_access_in_1 extended deny ip 10.45.0.0 255.255.255.240 object RFC1918 
access-list 4Mbit_45_access_in_1 extended permit ip 10.45.0.0 255.255.255.240 any4 
access-list only-dms remark dms
access-list only-dms standard permit host 10.0.0.121 
access-list DefaultRAGroup_splitTunnelAcl standard permit any4 
access-list outside_access_in remark Usiweb EBMS und co
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_1 any4 host 10.0.0.113 
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_3 any4 host 10.0.0.114 
access-list outside_access_in extended permit tcp any4 host 10.0.0.1 object-group DM_INLINE_TCP_1 
access-list outside_access_in remark OpenVPN
access-list outside_access_in extended permit udp any4 host 10.0.0.252 object-group DM_INLINE_UDP_1 
access-list outside_access_in remark Everything is allowed for the DMZ Network
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_4 object-group DM_INLINE_NETWORK_2 any4 
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_5 any4 object-group DM_INLINE_NETWORK_7 
access-list outside_access_in remark Client VPN admins & remote Wartung darf überall hin
access-list outside_access_in extended permit ip 10.1.0.0 255.255.255.240 any4 
access-list outside_access_in remark User dürfen per client VPN ins Lichtsteuerungsnetz
access-list outside_access_in extended permit ip object client-vpn-user 192.168.149.0 255.255.255.0 
access-list outside_access_in extended permit ip object client-vpn-user object RFC1918 
access-list outside_access_in remark Websense - Mailarchiva
access-list outside_access_in extended permit tcp object-group websense-incoming host 10.0.0.2 eq smtp 
pager lines 24
logging enable
logging timestamp
logging emblem
logging console emergencies
logging monitor emergencies
logging buffered debugging
logging trap notifications
logging asdm informational
logging from-address asa@hofburg.com
logging recipient-address f.schrittesser@hofburg.com level errors
logging recipient-address o.zieger@hofburg.com level errors
logging host mgmt 192.168.201.7
logging debug-trace
flow-export destination inside 10.0.0.139 9996
mtu outside 1500
mtu inside 1500
mtu 2Mbit_20 1500
mtu 2Mbit_21 1500
mtu 2Mbit_22 1500
mtu 2Mbit_23 1500
mtu 4Mbit_40 1500
mtu 4Mbit_41 1500
mtu 4Mbit_42 1500
mtu 4Mbit_43 1500
mtu 4Mbit_44 1500
mtu 4Mbit_45 1500
mtu 4Mbit_46 1500
mtu 4Mbit_47 1500
mtu 6Mbit_60 1500
mtu 6Mbit_61 1500
mtu 6Mbit_62 1500
mtu 6Mbit_63 1500
mtu 10Mbit_100 1500
mtu 14Mbit_140 1500
mtu 18Mbit_180 1500
mtu mgmt 1500
mtu 22Mbit_220 1500
mtu 22Mbit_221 1500
mtu 26Mbit_260 1500
mtu DMZ1 1500
mtu DMZ2 1500
mtu tontechnik 1500
mtu Videoueberwachung 1500
mtu Lichtsteuerung 1500
mtu management 1500
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
icmp permit any 2Mbit_20
icmp permit any 2Mbit_21
icmp permit any 2Mbit_22
icmp permit any 2Mbit_23
icmp permit any 4Mbit_40
icmp permit any 4Mbit_41
icmp permit any 4Mbit_42
icmp permit any 4Mbit_43
icmp permit any 4Mbit_46
icmp permit any 4Mbit_47
icmp permit any 6Mbit_60
icmp permit any 6Mbit_61
icmp permit any 6Mbit_62
icmp permit any 6Mbit_63
icmp permit any 10Mbit_100
icmp permit any 14Mbit_140
icmp permit any 18Mbit_180
icmp permit any mgmt
icmp permit any 22Mbit_220
icmp permit any 22Mbit_221
icmp permit any 26Mbit_260
icmp permit any Lichtsteuerung
asdm image disk0:/asdm-714.bin
asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (inside,any) source static DM_INLINE_NETWORK_1 DM_INLINE_NETWORK_1 destination static obj-10.1.0.0 obj-10.1.0.0 no-proxy-arp route-lookup
nat (inside,any) source static RFC1918 RFC1918 destination static client-vpn-user client-vpn-user no-proxy-arp route-lookup
nat (inside,any) source static any any destination static obj-10.1.0.0 obj-10.1.0.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.0.0.110 obj-10.0.0.110 destination static obj-10.20.32.0 obj-10.20.32.0 no-proxy-arp route-lookup
nat (inside,any) source static any any destination static client-vpn-user-01 client-vpn-user-01 no-proxy-arp route-lookup
nat (management,outside) source static RFC1918 RFC1918 destination static obj-10.1.0.0 obj-10.1.0.0 no-proxy-arp route-lookup
nat (management,outside) source static obj-192.168.201.0 obj-192.168.201.0 destination static obj-10.1.0.0 obj-10.1.0.0 no-proxy-arp route-lookup
nat (management,2Mbit_20) source static RFC1918 RFC1918 destination static obj-10.1.0.0 obj-10.1.0.0 no-proxy-arp route-lookup
nat (management,2Mbit_20) source static obj-192.168.201.0 obj-192.168.201.0 destination static obj-10.1.0.0 obj-10.1.0.0 no-proxy-arp route-lookup
nat (management,2Mbit_21) source static RFC1918 RFC1918 destination static obj-10.1.0.0 obj-10.1.0.0 no-proxy-arp route-lookup
nat (management,2Mbit_21) source static obj-192.168.201.0 obj-192.168.201.0 destination static obj-10.1.0.0 obj-10.1.0.0 no-proxy-arp route-lookup
nat (management,2Mbit_22) source static RFC1918 RFC1918 destination static obj-10.1.0.0 obj-10.1.0.0 no-proxy-arp route-lookup
nat (management,2Mbit_22) source static obj-192.168.201.0 obj-192.168.201.0 destination static obj-10.1.0.0 obj-10.1.0.0 no-proxy-arp route-lookup
nat (management,2Mbit_23) source static RFC1918 RFC1918 destination static obj-10.1.0.0 obj-10.1.0.0 no-proxy-arp route-lookup
nat (management,2Mbit_23) source static obj-192.168.201.0 obj-192.168.201.0 destination static obj-10.1.0.0 obj-10.1.0.0 no-proxy-arp route-lookup
nat (management,4Mbit_40) source static RFC1918 RFC1918 destination static obj-10.1.0.0 obj-10.1.0.0 no-proxy-arp route-lookup
nat (management,4Mbit_40) source static obj-192.168.201.0 obj-192.168.201.0 destination static obj-10.1.0.0 obj-10.1.0.0 no-proxy-arp route-lookup
nat (management,4Mbit_41) source static RFC1918 RFC1918 destination static obj-10.1.0.0 obj-10.1.0.0 no-proxy-arp route-lookup
nat (management,4Mbit_41) source static obj-192.168.201.0 obj-192.168.201.0 destination static obj-10.1.0.0 obj-10.1.0.0 no-proxy-arp route-lookup
nat (management,4Mbit_42) source static RFC1918 RFC1918 destination static obj-10.1.0.0 obj-10.1.0.0 no-proxy-arp route-lookup
nat (management,4Mbit_42) source static obj-192.168.201.0 obj-192.168.201.0 destination static obj-10.1.0.0 obj-10.1.0.0 no-proxy-arp route-lookup
nat (management,4Mbit_43) source static RFC1918 RFC1918 destination static obj-10.1.0.0 obj-10.1.0.0 no-proxy-arp route-lookup
nat (management,4Mbit_43) source static obj-192.168.201.0 obj-192.168.201.0 destination static obj-10.1.0.0 obj-10.1.0.0 no-proxy-arp route-lookup
nat (management,4Mbit_44) source static RFC1918 RFC1918 destination static obj-10.1.0.0 obj-10.1.0.0 no-proxy-arp route-lookup
nat (management,4Mbit_44) source static obj-192.168.201.0 obj-192.168.201.0 destination static obj-10.1.0.0 obj-10.1.0.0 no-proxy-arp route-lookup
nat (management,4Mbit_45) source static RFC1918 RFC1918 destination static obj-10.1.0.0 obj-10.1.0.0 no-proxy-arp route-lookup
nat (management,4Mbit_45) source static obj-192.168.201.0 obj-192.168.201.0 destination static obj-10.1.0.0 obj-10.1.0.0 no-proxy-arp route-lookup
nat (management,4Mbit_46) source static RFC1918 RFC1918 destination static obj-10.1.0.0 obj-10.1.0.0 no-proxy-arp route-lookup
nat (management,4Mbit_46) source static obj-192.168.201.0 obj-192.168.201.0 destination static obj-10.1.0.0 obj-10.1.0.0 no-proxy-arp route-lookup
nat (management,4Mbit_47) source static RFC1918 RFC1918 destination static obj-10.1.0.0 obj-10.1.0.0 no-proxy-arp route-lookup
nat (management,4Mbit_47) source static obj-192.168.201.0 obj-192.168.201.0 destination static obj-10.1.0.0 obj-10.1.0.0 no-proxy-arp route-lookup
nat (management,6Mbit_60) source static RFC1918 RFC1918 destination static obj-10.1.0.0 obj-10.1.0.0 no-proxy-arp route-lookup
nat (management,6Mbit_60) source static obj-192.168.201.0 obj-192.168.201.0 destination static obj-10.1.0.0 obj-10.1.0.0 no-proxy-arp route-lookup
nat (management,6Mbit_61) source static RFC1918 RFC1918 destination static obj-10.1.0.0 obj-10.1.0.0 no-proxy-arp route-lookup
nat (management,6Mbit_61) source static obj-192.168.201.0 obj-192.168.201.0 destination static obj-10.1.0.0 obj-10.1.0.0 no-proxy-arp route-lookup
nat (management,6Mbit_62) source static RFC1918 RFC1918 destination static obj-10.1.0.0 obj-10.1.0.0 no-proxy-arp route-lookup
nat (management,6Mbit_62) source static obj-192.168.201.0 obj-192.168.201.0 destination static obj-10.1.0.0 obj-10.1.0.0 no-proxy-arp route-lookup
nat (management,6Mbit_63) source static RFC1918 RFC1918 destination static obj-10.1.0.0 obj-10.1.0.0 no-proxy-arp route-lookup
nat (management,6Mbit_63) source static obj-192.168.201.0 obj-192.168.201.0 destination static obj-10.1.0.0 obj-10.1.0.0 no-proxy-arp route-lookup
nat (management,10Mbit_100) source static RFC1918 RFC1918 destination static obj-10.1.0.0 obj-10.1.0.0 no-proxy-arp route-lookup
nat (management,10Mbit_100) source static obj-192.168.201.0 obj-192.168.201.0 destination static obj-10.1.0.0 obj-10.1.0.0 no-proxy-arp route-lookup
nat (management,14Mbit_140) source static RFC1918 RFC1918 destination static obj-10.1.0.0 obj-10.1.0.0 no-proxy-arp route-lookup
nat (management,14Mbit_140) source static obj-192.168.201.0 obj-192.168.201.0 destination static obj-10.1.0.0 obj-10.1.0.0 no-proxy-arp route-lookup
nat (management,18Mbit_180) source static RFC1918 RFC1918 destination static obj-10.1.0.0 obj-10.1.0.0 no-proxy-arp route-lookup
nat (management,18Mbit_180) source static obj-192.168.201.0 obj-192.168.201.0 destination static obj-10.1.0.0 obj-10.1.0.0 no-proxy-arp route-lookup
nat (management,mgmt) source static RFC1918 RFC1918 destination static obj-10.1.0.0 obj-10.1.0.0 no-proxy-arp route-lookup
nat (management,mgmt) source static obj-192.168.201.0 obj-192.168.201.0 destination static obj-10.1.0.0 obj-10.1.0.0 no-proxy-arp route-lookup
nat (management,22Mbit_220) source static RFC1918 RFC1918 destination static obj-10.1.0.0 obj-10.1.0.0 no-proxy-arp route-lookup
nat (management,22Mbit_220) source static obj-192.168.201.0 obj-192.168.201.0 destination static obj-10.1.0.0 obj-10.1.0.0 no-proxy-arp route-lookup
nat (management,22Mbit_221) source static RFC1918 RFC1918 destination static obj-10.1.0.0 obj-10.1.0.0 no-proxy-arp route-lookup
nat (management,22Mbit_221) source static obj-192.168.201.0 obj-192.168.201.0 destination static obj-10.1.0.0 obj-10.1.0.0 no-proxy-arp route-lookup
nat (management,26Mbit_260) source static RFC1918 RFC1918 destination static obj-10.1.0.0 obj-10.1.0.0 no-proxy-arp route-lookup
nat (management,26Mbit_260) source static obj-192.168.201.0 obj-192.168.201.0 destination static obj-10.1.0.0 obj-10.1.0.0 no-proxy-arp route-lookup
nat (management,DMZ1) source static RFC1918 RFC1918 destination static obj-10.1.0.0 obj-10.1.0.0 no-proxy-arp route-lookup
nat (management,DMZ1) source static obj-192.168.201.0 obj-192.168.201.0 destination static obj-10.1.0.0 obj-10.1.0.0 no-proxy-arp route-lookup
nat (management,DMZ2) source static RFC1918 RFC1918 destination static obj-10.1.0.0 obj-10.1.0.0 no-proxy-arp route-lookup
nat (management,DMZ2) source static obj-192.168.201.0 obj-192.168.201.0 destination static obj-10.1.0.0 obj-10.1.0.0 no-proxy-arp route-lookup
nat (management,tontechnik) source static RFC1918 RFC1918 destination static obj-10.1.0.0 obj-10.1.0.0 no-proxy-arp route-lookup
nat (management,tontechnik) source static obj-192.168.201.0 obj-192.168.201.0 destination static obj-10.1.0.0 obj-10.1.0.0 no-proxy-arp route-lookup
nat (management,Videoueberwachung) source static RFC1918 RFC1918 destination static obj-10.1.0.0 obj-10.1.0.0 no-proxy-arp route-lookup
nat (management,Videoueberwachung) source static obj-192.168.201.0 obj-192.168.201.0 destination static obj-10.1.0.0 obj-10.1.0.0 no-proxy-arp route-lookup
nat (management,Lichtsteuerung) source static RFC1918 RFC1918 destination static obj-10.1.0.0 obj-10.1.0.0 no-proxy-arp route-lookup
nat (management,Lichtsteuerung) source static obj-192.168.201.0 obj-192.168.201.0 destination static obj-10.1.0.0 obj-10.1.0.0 no-proxy-arp route-lookup
nat (management,management) source static RFC1918 RFC1918 destination static obj-10.1.0.0 obj-10.1.0.0 no-proxy-arp route-lookup
nat (management,management) source static obj-192.168.201.0 obj-192.168.201.0 destination static obj-10.1.0.0 obj-10.1.0.0 no-proxy-arp route-lookup
nat (inside,outside) source static any any destination static NETWORK_OBJ_10.1.0.0_28 NETWORK_OBJ_10.1.0.0_28 no-proxy-arp route-lookup
nat (DMZ1,outside) source static any Object_86.59.104.227
!
object network RFC1918
 nat (inside,outside) dynamic interface
object network obj-10.0.0.1
 nat (inside,outside) static extern-NAT service tcp www www 
object network obj-10.0.0.1-01
 nat (inside,outside) static extern-NAT service tcp https https 
object network obj-10.0.0.1-02
 nat (inside,outside) static extern-NAT service tcp 8080 8080 
object network obj-10.0.0.102
 nat (inside,outside) static extern-NAT service tcp 8023 8023 
object network obj-10.0.0.252
 nat (inside,outside) static extern-NAT service udp 1195 1195 
object network obj-10.0.0.252-01
 nat (inside,outside) static extern-NAT service udp 1196 1196 
object network obj-10.0.0.252-02
 nat (inside,outside) static extern-NAT service udp 1198 1198 
object network obj-10.0.0.252-03
 nat (inside,outside) static extern-NAT service udp 1199 1199 
object network obj-10.0.0.252-04
 nat (inside,outside) static extern-NAT service udp 1197 1197 
object network obj-10.0.0.113
 nat (inside,outside) static extern-NAT service tcp 3101 3101 
object network obj-10.0.0.1-03
 nat (inside,outside) static extern-NAT service tcp 8888 8888 
object network obj-10.0.0.113-01
 nat (inside,outside) static extern-NAT service tcp 1433 1433 
object network obj-10.0.0.113-02
 nat (inside,outside) static extern-NAT service udp 1434 1434 
object network obj-10.0.0.2
 nat (inside,outside) static extern-NAT service tcp smtp smtp 
object network obj-10.0.0.114
 nat (inside,outside) static extern_newsletter service tcp smtp smtp 
object network obj-10.0.0.114-01
 nat (inside,outside) static extern_newsletter service tcp www www 
object network obj-10.0.0.114-02
 nat (inside,outside) static extern_newsletter service tcp 8080 8080 
object network obj-10.0.0.113-03
 nat (inside,outside) static extern_ebms service tcp www www 
object network obj-10.0.0.112
 nat (inside,outside) static extern-NAT service tcp 13292 13292 
object network obj-10.0.0.112-01
 nat (inside,outside) static extern-NAT service tcp 17100 17100 
object network obj-10.0.0.1-04
 nat (inside,outside) dynamic extern-NAT
object network obj-10.0.0.113-04
 nat (inside,outside) dynamic extern_ebms
object network obj-10.0.0.114-03
 nat (inside,outside) dynamic extern_newsletter
object network obj-10.20.0.0
 nat (2Mbit_20,outside) dynamic extern_ebms
object network obj-10.21.0.0
 nat (2Mbit_21,outside) dynamic extern_ebms
object network obj-10.22.0.0
 nat (2Mbit_22,outside) dynamic extern_ebms
object network obj-10.23.0.0
 nat (2Mbit_23,outside) dynamic extern_ebms
object network obj-10.40.0.0
 nat (4Mbit_40,outside) dynamic extern_ebms
object network obj-10.41.0.0
 nat (4Mbit_41,outside) dynamic extern_ebms
object network obj-10.42.0.0
 nat (4Mbit_42,outside) dynamic extern_ebms
object network obj-10.43.0.0
 nat (4Mbit_43,outside) dynamic extern_ebms
object network obj-10.44.0.0
 nat (4Mbit_44,outside) dynamic extern_ebms
object network obj-10.45.0.0
 nat (4Mbit_45,outside) dynamic extern_ebms
object network obj-10.46.0.0
 nat (4Mbit_46,outside) dynamic extern_ebms
object network obj-10.47.0.0
 nat (4Mbit_47,outside) dynamic extern_ebms
object network obj-10.60.0.0
 nat (6Mbit_60,outside) dynamic extern_ebms
object network obj-10.61.0.0
 nat (6Mbit_61,outside) dynamic extern_ebms
object network obj-10.62.0.0
 nat (6Mbit_62,outside) dynamic extern_ebms
object network obj-10.63.0.0
 nat (6Mbit_63,outside) dynamic extern_ebms
object network obj-10.100.0.0
 nat (10Mbit_100,outside) dynamic extern_ebms
object network obj-10.140.0.0
 nat (14Mbit_140,outside) dynamic extern_ebms
object network obj-10.180.0.0
 nat (18Mbit_180,outside) dynamic extern_ebms
object network obj-10.220.0.0
 nat (22Mbit_220,outside) dynamic extern_ebms
object network obj-10.221.0.0
 nat (22Mbit_221,outside) dynamic extern_ebms
object network obj-10.26.0.0
 nat (26Mbit_260,outside) dynamic extern_ebms
object network obj-192.168.23.0
 nat (Videoueberwachung,outside) dynamic extern-NAT
access-group outside_access_in in interface outside
access-group inside_access_in in interface inside
access-group 2Mbit_20_access_in in interface 2Mbit_20
access-group 2Mbit_21_access_in in interface 2Mbit_21
access-group 2Mbit_22_access_in in interface 2Mbit_22
access-group 2Mbit_23_access_in in interface 2Mbit_23
access-group 4Mbit_40_access_in in interface 4Mbit_40
access-group 4Mbit_41_access_in in interface 4Mbit_41
access-group 4Mbit_42_access_in in interface 4Mbit_42
access-group 4Mbit_43_access_in in interface 4Mbit_43
access-group 4Mbit_45_access_in_1 in interface 4Mbit_45
access-group 4Mbit_46_access_in in interface 4Mbit_46
access-group 4Mbit_47_access_in in interface 4Mbit_47
access-group 6Mbit_60_access_in in interface 6Mbit_60
access-group 6Mbit_61_access_in in interface 6Mbit_61
access-group 6Mbit_62_access_in in interface 6Mbit_62
access-group 6Mbit_63_access_in in interface 6Mbit_63
access-group 10Mbit_100_access_in in interface 10Mbit_100
access-group 14Mbit_140_access_in in interface 14Mbit_140
access-group 18Mbit_180_access_in in interface 18Mbit_180
access-group 22Mbit_220_access_in in interface 22Mbit_220
access-group 22Mbit_221_access_in in interface 22Mbit_221
access-group 26Mbit_260_access_in in interface 26Mbit_260
access-group DMZ1_access_in in interface DMZ1
access-group DMZ2_access_in in interface DMZ2
access-group Videoueberwachung_access_in in interface Videoueberwachung
route outside 0.0.0.0 0.0.0.0 78.142.163.129 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication enable console LOCAL 
aaa authentication serial console LOCAL 
aaa authentication ssh console LOCAL 
aaa authentication http console LOCAL 
http server enable
http 192.168.1.0 255.255.255.0 management
http RFC1918 255.0.0.0 inside
snmp-server host inside 10.0.0.115 community *****
no snmp-server location
no snmp-server contact
snmp-server community *****
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac 
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac 
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac 
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac 
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac 
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac 
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac 
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac 
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac 
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac 
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac 
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac 
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac 
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac 
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac 
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES256-SHA1_TRANS esp-aes-256 esp-sha-hmac 
crypto ipsec ikev1 transform-set ESP-AES256-SHA1_TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES256-SHA1 esp-aes-256 esp-sha-hmac 
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs 
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-192-SHA ESP-AES-256-SHA ESP-3DES-SHA ESP-DES-SHA ESP-AES-128-SHA-TRANS ESP-AES-192-SHA-TRANS ESP-AES-256-SHA-TRANS ESP-3DES-SHA-TRANS ESP-DES-SHA-TRANS
crypto dynamic-map DYN_OUTSIDE 10000 set ikev1 transform-set ESP-AES256-SHA1_TRANS
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map inside_map interface inside
crypto map mgmt_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map mgmt_map interface mgmt
crypto map management_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map management_map interface management
crypto map MAP_OUTSIDE 10000 ipsec-isakmp dynamic DYN_OUTSIDE
crypto map MAP_OUTSIDE interface outside
crypto ca trustpoint _SmartCallHome_ServerCA
 crl configure
crypto ca trustpoint RapidSSL_Wildcard
 keypair RapidSSL
 crl configure
crypto ca trustpool policy
crypto ca certificate chain _SmartCallHome_ServerCA
 certificate ca 6ecc7aa5a7032009b8cebcf4e952d491
    308205ec 308204d4 a0030201 0202106e cc7aa5a7 032009b8 cebcf4e9 52d49130 
    0d06092a 864886f7 0d010105 05003081 ca310b30 09060355 04061302 55533117 
    30150603 55040a13 0e566572 69536967 6e2c2049 6e632e31 1f301d06 0355040b 
    13165665 72695369 676e2054 72757374 204e6574 776f726b 313a3038 06035504 
    0b133128 63292032 30303620 56657269 5369676e 2c20496e 632e202d 20466f72 
    20617574 686f7269 7a656420 75736520 6f6e6c79 31453043 06035504 03133c56 
    65726953 69676e20 436c6173 73203320 5075626c 69632050 72696d61 72792043 
    65727469 66696361 74696f6e 20417574 686f7269 7479202d 20473530 1e170d31 
    30303230 38303030 3030305a 170d3230 30323037 32333539 35395a30 81b5310b 
    30090603 55040613 02555331 17301506 0355040a 130e5665 72695369 676e2c20 
    496e632e 311f301d 06035504 0b131656 65726953 69676e20 54727573 74204e65 
    74776f72 6b313b30 39060355 040b1332 5465726d 73206f66 20757365 20617420 
    68747470 733a2f2f 7777772e 76657269 7369676e 2e636f6d 2f727061 20286329 
    3130312f 302d0603 55040313 26566572 69536967 6e20436c 61737320 33205365 
    63757265 20536572 76657220 4341202d 20473330 82012230 0d06092a 864886f7 
    0d010101 05000382 010f0030 82010a02 82010100 b187841f c20c45f5 bcab2597 
    a7ada23e 9cbaf6c1 39b88bca c2ac56c6 e5bb658e 444f4dce 6fed094a d4af4e10 
    9c688b2e 957b899b 13cae234 34c1f35b f3497b62 83488174 d188786c 0253f9bc 
    7f432657 5833833b 330a17b0 d04e9124 ad867d64 12dc744a 34a11d0a ea961d0b 
    15fca34b 3bce6388 d0f82d0c 948610ca b69a3dca eb379c00 48358629 5078e845 
    63cd1941 4ff595ec 7b98d4c4 71b350be 28b38fa0 b9539cf5 ca2c23a9 fd1406e8 
    18b49ae8 3c6e81fd e4cd3536 b351d369 ec12ba56 6e6f9b57 c58b14e7 0ec79ced 
    4a546ac9 4dc5bf11 b1ae1c67 81cb4455 33997f24 9b3f5345 7f861af3 3cfa6d7f 
    81f5b84a d3f58537 1cb5a6d0 09e4187b 384efa0f 02030100 01a38201 df308201 
    db303406 082b0601 05050701 01042830 26302406 082b0601 05050730 01861868 
    7474703a 2f2f6f63 73702e76 65726973 69676e2e 636f6d30 12060355 1d130101 
    ff040830 060101ff 02010030 70060355 1d200469 30673065 060b6086 480186f8 
    45010717 03305630 2806082b 06010505 07020116 1c687474 70733a2f 2f777777 
    2e766572 69736967 6e2e636f 6d2f6370 73302a06 082b0601 05050702 02301e1a 
    1c687474 70733a2f 2f777777 2e766572 69736967 6e2e636f 6d2f7270 61303406 
    03551d1f 042d302b 3029a027 a0258623 68747470 3a2f2f63 726c2e76 65726973 
    69676e2e 636f6d2f 70636133 2d67352e 63726c30 0e060355 1d0f0101 ff040403 
    02010630 6d06082b 06010505 07010c04 61305fa1 5da05b30 59305730 55160969 
    6d616765 2f676966 3021301f 30070605 2b0e0302 1a04148f e5d31a86 ac8d8e6b 
    c3cf806a d448182c 7b192e30 25162368 7474703a 2f2f6c6f 676f2e76 65726973 
    69676e2e 636f6d2f 76736c6f 676f2e67 69663028 0603551d 11042130 1fa41d30 
    1b311930 17060355 04031310 56657269 5369676e 4d504b49 2d322d36 301d0603 
    551d0e04 1604140d 445c1653 44c1827e 1d20ab25 f40163d8 be79a530 1f060355 
    1d230418 30168014 7fd365a7 c2ddecbb f03009f3 4339fa02 af333133 300d0609 
    2a864886 f70d0101 05050003 82010100 0c8324ef ddc30cd9 589cfe36 b6eb8a80 
    4bd1a3f7 9df3cc53 ef829ea3 a1e697c1 589d756c e01d1b4c fad1c12d 05c0ea6e 
    b2227055 d9203340 3307c265 83fa8f43 379bea0e 9a6c70ee f69c803b d937f47a 
    6decd018 7d494aca 99c71928 a2bed877 24f78526 866d8705 404167d1 273aeddc 
    481d22cd 0b0b8bbc f4b17bfd b499a8e9 762ae11a 2d876e74 d388dd1e 22c6df16 
    b62b8214 0a945cf2 50ecafce ff62370d ad65d306 4153ed02 14c8b558 28a1ace0 
    5becb37f 954afb03 c8ad26db e6667812 4ad99f42 fbe198e6 42839b8f 8f6724e8 
    6119b5dd cdb50b26 058ec36e c4c875b8 46cfe218 065ea9ae a8819a47 16de0c28 
    6c2527b9 deb78458 c61f381e a4c4cb66
  quit
crypto ca certificate chain RapidSSL_Wildcard
 certificate 0c2867
    3082052d 30820415 a0030201 0202030c 2867300d 06092a86 4886f70d 01010505 
    00303c31 0b300906 03550406 13025553 31173015 06035504 0a130e47 656f5472 
    7573742c 20496e63 2e311430 12060355 0403130b 52617069 6453534c 20434130 
    1e170d31 33303532 30303033 3933345a 170d3134 30363232 30373336 34365a30 
    81bc3129 30270603 55040513 20693252 4954686a 6c432f6f 476d7856 4e743654 
    7a5a4451 6c365137 7a6a3348 73311330 11060355 040b130a 47543232 36343431 
    36313131 302f0603 55040b13 28536565 20777777 2e726170 69647373 6c2e636f 
    6d2f7265 736f7572 6365732f 63707320 28632931 33312f30 2d060355 040b1326 
    446f6d61 696e2043 6f6e7472 6f6c2056 616c6964 61746564 202d2052 61706964 
    53534c28 52293116 30140603 5504030c 0d2a2e68 6f666275 72672e63 6f6d3082 
    0122300d 06092a86 4886f70d 01010105 00038201 0f003082 010a0282 010100cd 
    0e72da4c 63f93412 f9645153 f637c593 409cd59f 3d5a75cb 5d325bf6 d4b18378 
    c2b739c3 680e288d 0feabb05 195788c5 79fc1ff0 43136cdf 38b402e9 28848811 
    8af0778e abd2b100 9c27f61e 8f3c97d5 4260d026 92cde437 39240ce4 6f69843b 
    46beca47 d70f78e7 51aa3d89 522ff6a9 4097f2aa b74fcc92 757dbf89 d8de96bb 
    35c3649b 5b31247b 3822249e 1e4c374d e3283a14 831576b4 e02b52dd dc659032 
    184431a5 9dfcd082 f1ecee47 b108d61a 8b5d0bcf d1d7a6f7 44f41528 e5bf94b9 
    046d0d23 7ff440fc 4e599c60 b2b3fde6 4beabf59 5a2acb39 791730ab 4ad92e8c 
    52f65811 1753ca20 34d92a01 a7f7aa09 546a683f af9cefb7 83ff98f8 1f18c302 
    03010001 a38201b5 308201b1 301f0603 551d2304 18301680 146b693d 6a18424a 
    dd8f0265 39fd3524 86789116 30300e06 03551d0f 0101ff04 04030205 a0301d06 
    03551d25 04163014 06082b06 01050507 03010608 2b060105 05070302 30250603 
    551d1104 1e301c82 0d2a2e68 6f666275 72672e63 6f6d820b 686f6662 7572672e 
    636f6d30 43060355 1d1f043c 303a3038 a036a034 86326874 74703a2f 2f726170 
    69647373 6c2d6372 6c2e6765 6f747275 73742e63 6f6d2f63 726c732f 72617069 
    6473736c 2e63726c 301d0603 551d0e04 1604143a 83de74b1 2aa6a1fa 448a63f1 
    7eed86d3 0c36d930 0c060355 1d130101 ff040230 00307806 082b0601 05050701 
    01046c30 6a302d06 082b0601 05050730 01862168 7474703a 2f2f7261 70696473 
    736c2d6f 6373702e 67656f74 72757374 2e636f6d 30390608 2b060105 05073002 
    862d6874 74703a2f 2f726170 69647373 6c2d6169 612e6765 6f747275 73742e63 
    6f6d2f72 61706964 73736c2e 63727430 4c060355 1d200445 30433041 060a6086 
    480186f8 45010736 30333031 06082b06 01050507 02011625 68747470 3a2f2f77 
    77772e67 656f7472 7573742e 636f6d2f 7265736f 75726365 732f6370 73300d06 
    092a8648 86f70d01 01050500 03820101 00975c41 bf68cd33 9da1424b f875d7fe 
    201b0f4d 4fbfa3a7 1efe35ad 5d9f517e e9c7d423 601825a0 5cd32ce5 2db2848d 
    1b78094c 16a47d8a 30d5a962 21ee3209 c1fa3622 596d23e7 793ef093 51a3ed14 
    fa473f52 0df90340 c0a2b1ef 59bb3964 ea4f4d43 1bb31180 e5055911 c119f750 
    ca9e11f5 7499a324 f630ad57 51dc5233 3b85057a f4783818 60ee0da6 71523fe7 
    de35738b 29728a66 9bf73cfa 78fa2542 4e6f8ea9 764b2308 caf861dc ee8a983b 
    cf78c6c2 2ef4bfb4 42c0aec1 eb0e130b 13f03613 0d012ab4 b019ff76 7d7dcb26 
    51a9c7aa 9d762fa4 e28094ef 0dac17f4 fd554638 4e47adf6 d0238dd7 2c35382a 
    a6054542 e7ce66b6 ae470a19 6dc7570d 17
  quit
crypto isakmp nat-traversal 60
crypto ikev1 enable outside
crypto ikev1 enable inside
crypto ikev1 enable mgmt
crypto ikev1 enable management
crypto ikev1 policy 1000
 authentication pre-share
 encryption aes-256
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 2000
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 3000
 authentication pre-share
 encryption aes
 hash sha
 group 2
 lifetime 86400
telnet timeout 20
ssh 0.0.0.0 0.0.0.0 outside
ssh RFC1918 255.0.0.0 inside
ssh timeout 60
ssh key-exchange group dh-group1-sha1
console timeout 0
management-access inside
dhcpd dns DNS-Server_Silverserver 8.8.8.8
!
dhcpd address 10.20.0.20-10.20.0.253 2Mbit_20
dhcpd option 3 ip 10.20.0.1 interface 2Mbit_20
dhcpd enable 2Mbit_20
!
dhcpd address 10.21.0.20-10.21.0.253 2Mbit_21
dhcpd option 3 ip 10.21.0.1 interface 2Mbit_21
dhcpd enable 2Mbit_21
!
dhcpd address 10.22.0.20-10.22.0.253 2Mbit_22
dhcpd option 3 ip 10.22.0.1 interface 2Mbit_22
dhcpd enable 2Mbit_22
!
dhcpd address 10.23.0.20-10.23.0.253 2Mbit_23
dhcpd option 3 ip 10.23.0.1 interface 2Mbit_23
dhcpd enable 2Mbit_23
!
dhcpd address 10.40.0.20-10.40.0.253 4Mbit_40
dhcpd option 3 ip 10.40.0.1 interface 4Mbit_40
dhcpd enable 4Mbit_40
!
dhcpd address 10.41.0.20-10.41.0.253 4Mbit_41
dhcpd option 3 ip 10.41.0.1 interface 4Mbit_41
dhcpd enable 4Mbit_41
!
dhcpd address 10.42.0.20-10.42.0.253 4Mbit_42
dhcpd option 3 ip 10.42.0.1 interface 4Mbit_42
dhcpd enable 4Mbit_42
!
dhcpd address 10.43.0.20-10.43.0.253 4Mbit_43
dhcpd option 3 ip 10.43.0.1 interface 4Mbit_43
dhcpd enable 4Mbit_43
!
dhcpd address 10.44.0.20-10.44.0.253 4Mbit_44
dhcpd option 3 ip 10.44.0.1 interface 4Mbit_44
dhcpd enable 4Mbit_44
!
dhcpd address 10.45.0.20-10.45.0.253 4Mbit_45
dhcpd option 3 ip 10.45.0.1 interface 4Mbit_45
dhcpd enable 4Mbit_45
!
dhcpd address 10.46.0.20-10.46.0.253 4Mbit_46
dhcpd option 3 ip 10.46.0.1 interface 4Mbit_46
dhcpd enable 4Mbit_46
!
dhcpd address 10.47.0.50-10.47.0.253 4Mbit_47
dhcpd option 3 ip 10.47.0.1 interface 4Mbit_47
dhcpd enable 4Mbit_47
!
dhcpd address 10.60.0.20-10.60.0.253 6Mbit_60
dhcpd option 3 ip 10.60.0.1 interface 6Mbit_60
dhcpd enable 6Mbit_60
!
dhcpd address 10.61.0.20-10.61.0.253 6Mbit_61
dhcpd option 3 ip 10.61.0.1 interface 6Mbit_61
dhcpd enable 6Mbit_61
!
dhcpd address 10.62.0.20-10.62.0.253 6Mbit_62
dhcpd option 3 ip 10.62.0.1 interface 6Mbit_62
!
dhcpd address 10.63.0.20-10.63.0.253 6Mbit_63
dhcpd option 3 ip 10.63.0.1 interface 6Mbit_63
!
dhcpd address 10.100.0.20-10.100.0.253 10Mbit_100
dhcpd option 3 ip 10.100.0.1 interface 10Mbit_100
dhcpd enable 10Mbit_100
!
dhcpd address 10.140.0.20-10.140.0.253 14Mbit_140
dhcpd option 3 ip 10.140.0.1 interface 14Mbit_140
dhcpd enable 14Mbit_140
!
dhcpd address 10.180.0.20-10.180.0.253 18Mbit_180
dhcpd option 3 ip 10.180.0.1 interface 18Mbit_180
dhcpd enable 18Mbit_180
!
dhcpd address 10.220.0.20-10.220.0.253 22Mbit_220
dhcpd option 3 ip 10.220.0.1 interface 22Mbit_220
dhcpd enable 22Mbit_220
!
dhcpd option 3 ip 10.221.0.1 interface 22Mbit_221
!
dhcpd address 10.26.0.20-10.26.0.253 26Mbit_260
dhcpd option 3 ip 10.26.0.1 interface 26Mbit_260
!
dhcpd address 192.168.51.50-192.168.51.90 tontechnik
dhcpd option 3 ip 192.168.51.1 interface tontechnik
!
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
!
threat-detection basic-threat
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
ntp server 86.59.113.115 source outside
ntp server 86.59.13.46 source outside
ntp server 193.171.23.163 source outside
ntp server 86.59.80.170 source outside
ntp server 80.92.126.65 source outside
webvpn
 anyconnect image disk0:/anyconnect-win-2.3.0254-k9.pkg 1
group-policy DefaultRAGroup internal
group-policy DefaultRAGroup attributes
 wins-server value 10.0.0.1
 dns-server value 10.0.0.1
 vpn-tunnel-protocol l2tp-ipsec 
 split-tunnel-policy excludespecified
 split-tunnel-network-list value hofburg_splitTunnelAcl
 intercept-dhcp enable
group-policy DfltGrpPolicy attributes
 dns-server value 10.0.0.1 213.129.232.1
 vpn-simultaneous-logins 5
 vpn-tunnel-protocol ikev1 l2tp-ipsec 
 ipsec-udp enable
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value hofburg_splitTunnelAcl
group-policy user-rest internal
group-policy user-rest attributes
 dns-server value 213.129.232.1
 vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-clientless
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value client-vpn-user-rest
group-policy user-rest-1 internal
group-policy user-rest-1 attributes
 dns-server value 213.129.232.1
 vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-clientless
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value client-vpn-user-rest-1
group-policy user internal
group-policy user attributes
 dns-server value 10.0.0.1 213.129.232.1
 vpn-tunnel-protocol ikev1 l2tp-ipsec 
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value client-vpn-user-rest
group-policy hofburg internal
group-policy hofburg attributes
 dns-server value 10.0.0.1 213.129.232.1
 vpn-tunnel-protocol ikev1 l2tp-ipsec 
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value hofburg_splitTunnelAcl
group-policy externalDMS internal
group-policy externalDMS attributes
 vpn-filter value only-dms
 vpn-tunnel-protocol ikev1 
username aschmiedl password 66q7uuQIbXYVNmVr encrypted
username aschmiedl attributes
 vpn-group-policy user-rest-1
 service-type remote-access
username zieger password ub27KyejaRfgC/+rV/FmIw== nt-encrypted
username zieger attributes
 vpn-group-policy DfltGrpPolicy
 vpn-tunnel-protocol ikev1 l2tp-ipsec 
username cpedretscher password UA3p3b/zgokkitDJfQjWGw== nt-encrypted
username fschrittesser password 2Yr6GSR9GnGcnq6f encrypted
username fschrittesser attributes
 vpn-group-policy hofburg
 service-type admin
username ozieger password gG05bthZJUMf26d5 encrypted
username ozieger attributes
 vpn-group-policy hofburg
username rdanler password sCmsWORyBVWLTTVF encrypted
username rdanler attributes
 vpn-group-policy hofburg
 service-type remote-access
username user1 password 1nDOEIkN955EJHUV encrypted
username user1 attributes
 vpn-group-policy user
username mkacerovsky password hAuD7slADRL9.x0q encrypted
username mkacerovsky attributes
 vpn-group-policy externalDMS
 service-type remote-access
username vpn1 password XNhcinVx3svkUKCF encrypted privilege 0
username vpn1 attributes
 vpn-group-policy hofburg
username kbc1 password tqXyW4MV6zJ7B5dR encrypted privilege 15
username ipad password gBbjYRd.E8YrcrE5 encrypted
username ipad attributes
 vpn-group-policy user-rest
 service-type remote-access
username bkonecny password xI6ZnYO769IhUuAC encrypted
username bkonecny attributes
 vpn-group-policy hofburg
 service-type remote-access
username elischka password ry1.JmFonb9WkgtX encrypted
username elischka attributes
 vpn-group-policy user-rest
 service-type remote-access
username mgudenus password .PORKN/wFUFMPs2i encrypted
username mgudenus attributes
 vpn-group-policy user-rest
 service-type remote-access
username sisworld password 8q8ReUTsgma431JS encrypted
username sisworld attributes
 service-type remote-access
username akaszay password jpxPx4REG80/VIPa encrypted
username akaszay attributes
 vpn-group-policy user-rest
 service-type remote-access
username domkar3 password Chunm/hwR26PnE/o encrypted
username domkar3 attributes
 vpn-group-policy user
 service-type remote-access
username domkar password Chunm/hwR26PnE/o encrypted
username domkar attributes
 vpn-group-policy user
 service-type remote-access
username domkar2 password Chunm/hwR26PnE/o encrypted
username domkar2 attributes
 vpn-group-policy user
 service-type remote-access
tunnel-group DefaultRAGroup general-attributes
 address-pool client-vpn
 address-pool client-vpn1
 default-group-policy DefaultRAGroup
tunnel-group DefaultRAGroup ipsec-attributes
 ikev1 pre-shared-key *****
 isakmp keepalive disable
tunnel-group DefaultRAGroup ppp-attributes
 no authentication chap
 no authentication ms-chap-v1
 authentication ms-chap-v2
tunnel-group hofburg type remote-access
tunnel-group hofburg general-attributes
 address-pool client-vpn
tunnel-group hofburg ipsec-attributes
 ikev1 pre-shared-key *****
tunnel-group user type remote-access
tunnel-group user general-attributes
 default-group-policy user
 dhcp-server 10.0.0.1
tunnel-group user ipsec-attributes
 ikev1 pre-shared-key *****
tunnel-group user1 type remote-access
tunnel-group user1 general-attributes
 address-pool client-vpn1
 default-group-policy user-rest
tunnel-group user1 ipsec-attributes
 ikev1 pre-shared-key *****
tunnel-group user2 type remote-access
tunnel-group user2 general-attributes
 address-pool client-vpn1
 default-group-policy user-rest-1
tunnel-group user2 ipsec-attributes
 ikev1 pre-shared-key *****
tunnel-group oz type remote-access
tunnel-group oz general-attributes
 address-pool client-vpn
 default-group-policy hofburg
tunnel-group oz ipsec-attributes
 ikev1 pre-shared-key *****
tunnel-group 81.189.60.50 type ipsec-l2l
tunnel-group 81.189.60.50 ipsec-attributes
 ikev1 pre-shared-key *****
tunnel-group upgrade type remote-access
tunnel-group upgrade general-attributes
 address-pool client-vpn
 default-group-policy hofburg
tunnel-group upgrade ipsec-attributes
 ikev1 pre-shared-key *****
tunnel-group dms type remote-access
tunnel-group dms general-attributes
 address-pool client-vpn
 default-group-policy externalDMS
tunnel-group dms ipsec-attributes
 ikev1 pre-shared-key *****
!
class-map vlan180-in
 match access-list 180-in
class-map vlan181-in
 match access-list 181-in
class-map global-class
 match default-inspection-traffic
class-map vlan140-in
 match access-list 140-in
class-map vlan141-in
 match access-list 141-in
class-map vlan260-in
 match access-list 260-in
class-map vlandmz-in
 match access-list dmz-in
class-map vlan100-in
 match access-list 100-in
class-map vlan221-in
 match access-list 221-in
class-map vlan101-in
 match access-list 101-in
class-map vlan220-in
 match access-list 220-in
class-map vlan42-out
 match access-list 42-out
class-map vlan60-out
 match access-list 60-out
class-map vlan43-out
 match access-list 43-out
class-map vlan61-out
 match access-list 61-out
class-map vlan40-out
 match access-list 40-out
class-map vlan62-out
 match access-list 62-out
class-map vlan41-out
 match access-list 41-out
class-map vlan63-out
 match access-list 63-out
class-map vlan20-out
 match access-list 20-out
class-map vlan46-out
 match access-list 46-out
class-map vlan21-out
 match access-list 21-out
class-map vlan47-out
 match access-list 47-out
class-map vlan22-out
 match access-list 22-out
class-map vlan44-out
 match access-list 44-out
class-map vlan10-out
 match access-list 110
class-map vlan23-out
 match access-list 23-out
class-map vlan45-out
 match access-list 4Mbit_45_mpc
class-map video-in
 match access-list Videoueberwachung_mpc_1
class-map vlanDMZ1-in
 match access-list DMZ1_mpc_1
class-map vlanDMZ2-in
 match access-list DMZ2_mpc
class-map vlan141-out
 match access-list 141-out
class-map vlan260-out
 match access-list 260-out
class-map vlan140-out
 match access-list 140-out
class-map vlandmz-out
 match access-list dmz-out
class-map vlan101-out
 match access-list 101-out
class-map vlan220-out
 match access-list 220-out
class-map vlan100-out
 match access-list 100-out
class-map vlan221-out
 match access-list 221-out
class-map vlan181-out
 match access-list 181-out
class-map vlan180-out
 match access-list 180-out
class-map video-out
 match access-list Videoueberwachung_mpc
class-map vlanDMZ1-out
 match access-list DMZ1_mpc
class-map vlanDMZ2-out
 match access-list DMZ2_mpc_1
class-map vlan43-in
 match access-list 43-in
class-map vlan61-in
 match access-list 61-in
class-map vlan42-in
 match access-list 42-in
class-map vlan60-in
 match access-list 60-in
class-map vlan41-in
 match access-list 41-in
class-map vlan63-in
 match access-list 63-in
class-map vlan40-in
 match access-list 40-in
class-map vlan62-in
 match access-list 62-in
class-map vlan21-in
 match access-list 21-in
class-map vlan47-in
 match access-list 47-in
class-map vlan20-in
 match access-list 20-in
class-map vlan46-in
 match access-list 46-in
class-map vlan10-in
 match access-list 111
class-map vlan23-in
 match access-list 23-in
class-map vlan45-in
 match access-list 45-in
class-map vlan22-in
 match access-list 22-in
class-map vlan44-in
 match access-list 44-in
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map vlan181-policy
 class vlan181-out
  police output 18432000
 class vlan181-in
  police input 18432000
policy-map vlan180-policy
 class vlan180-out
  police output 18432000
 class vlan180-in
  police input 18432000
policy-map vlan101-policy
 class vlan101-out
  police output 10240000
 class vlan101-in
  police input 10240000
policy-map vlan220-policy
 class vlan220-out
  police output 22528000
 class vlan220-in
  police input 22528000
policy-map vlan100-policy
 class vlan100-out
  police output 10240000 5120
 class vlan100-in
  police input 10240000 5120
policy-map vlan221-policy
 class vlan221-out
  police output 22528000
 class vlan221-in
  police input 22528000
policy-map vlandmz-policy
 class vlandmz-out
  police output 4096000 2048
 class vlandmz-in
  police input 4096000 2048
policy-map vlan141-policy
 class vlan141-out
  police output 14336000
 class vlan141-in
  police input 14336000
policy-map vlan260-policy
 class vlan260-out
  police output 41943000 26312
 class vlan260-in
  police input 41943000 26312
policy-map vlan140-policy
 class vlan140-out
  police output 14336000
 class vlan140-in
  police input 14336000
policy-map DMZ2
 class vlanDMZ2-out
  police output 4096000 2048
 class vlanDMZ2-in
  police input 4096000 2048
policy-map global-policy
 description shaping
 class global-class
  inspect dns 
  inspect esmtp 
  inspect ftp 
  inspect h323 h225 
  inspect h323 ras 
  inspect icmp 
  inspect netbios 
  inspect rsh 
  inspect rtsp 
  inspect sip  
  inspect skinny  
  inspect sqlnet 
  inspect sunrpc 
  inspect tftp 
  inspect xdmcp 
  inspect pptp 
policy-map vlanDMZ1-out
 class vlanDMZ1-in
  police input 10096000 5048
 class vlanDMZ1-out
  police output 10096000 5048
policy-map 4Mbit_44-policy
 class vlan44-out
  police output 4096000 2048
 class vlan44-in
  police input 4096000 2048
policy-map 4Mbit_45-policy
 class vlan45-out
  police output 4096000 2048
 class vlan45-in
  police input 4096000 2048
policy-map vlan22-policy
 class vlan22-out
  police output 2048000
 class vlan22-in
  police input 2048000
policy-map vlan44-policy
 class vlan44-out
  police output 4096000
 class vlan44-in
  police input 4096000
policy-map Videoueberwachung-policy
 class video-out
  police output 2000000 1500
 class video-in
  police input 2000000 1500
policy-map vlan10-policy
 class vlan10-out
  police output 26624000
 class vlan10-in
  police input 26624000
policy-map vlan23-policy
 class vlan23-out
  police output 2048000
 class vlan23-in
  police input 2048000
policy-map vlan45-policy
 class vlan45-in
  police input 4096000
policy-map vlan20-policy
 class vlan20-out
  police output 20480000 10240
 class vlan20-in
  police input 20480000 10240
policy-map vlan46-policy
 class vlan46-out
  police output 4096000 2048
 class vlan46-in
  police input 4096000 2048
policy-map vlan21-policy
 class vlan21-out
  police output 2048000
 class vlan21-in
  police input 2048000
policy-map vlan47-policy
 class vlan47-out
  police output 10024000 13312
 class vlan47-in
  police input 10024000 13312
policy-map vlan40-policy
 class vlan40-out
  police output 4096000 2048
 class vlan40-in
  police input 4096000 2048
policy-map vlan62-policy
 class vlan62-out
  police output 20971500 10484
 class vlan62-in
  police input 20971500 10484
policy-map vlan41-policy
 class vlan41-out
  police output 4096000
 class vlan41-in
  police input 4096000
policy-map vlan63-policy
 class vlan63-out
  police output 15728500 35720
 class vlan63-in
  police input 15728500 35720
policy-map vlan42-policy
 class vlan42-out
  police output 4096000
 class vlan42-in
  police input 4096000
policy-map vlan60-policy
 class vlan60-out
  police output 7144000
 class vlan60-in
  police input 7144000
policy-map vlan43-policy
 class vlan43-out
  police output 4096000
 class vlan43-in
  police input 4096000
policy-map vlan61-policy
 class vlan61-out
  police output 7144000
 class vlan61-in
  police input 7144000
!
service-policy global-policy global
service-policy vlan20-policy interface 2Mbit_20
service-policy vlan21-policy interface 2Mbit_21
service-policy vlan22-policy interface 2Mbit_22
service-policy vlan23-policy interface 2Mbit_23
service-policy vlan40-policy interface 4Mbit_40
service-policy vlan41-policy interface 4Mbit_41
service-policy vlan42-policy interface 4Mbit_42
service-policy vlan43-policy interface 4Mbit_43
service-policy 4Mbit_44-policy interface 4Mbit_44
service-policy 4Mbit_45-policy interface 4Mbit_45
service-policy vlan46-policy interface 4Mbit_46
service-policy vlan47-policy interface 4Mbit_47
service-policy vlan60-policy interface 6Mbit_60
service-policy vlan61-policy interface 6Mbit_61
service-policy vlan62-policy interface 6Mbit_62
service-policy vlan63-policy interface 6Mbit_63
service-policy vlan100-policy interface 10Mbit_100
service-policy vlan140-policy interface 14Mbit_140
service-policy vlan180-policy interface 18Mbit_180
service-policy vlan220-policy interface 22Mbit_220
service-policy vlan221-policy interface 22Mbit_221
service-policy vlan260-policy interface 26Mbit_260
service-policy vlanDMZ1-out interface DMZ1
service-policy DMZ2 interface DMZ2
service-policy Videoueberwachung-policy interface Videoueberwachung
prompt hostname context 
call-home reporting anonymous
call-home
 profile CiscoTAC-1
  no active
  destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
  destination address email callhome@cisco.com
  destination transport-method http
  subscribe-to-alert-group diagnostic
  subscribe-to-alert-group environment
  subscribe-to-alert-group inventory periodic monthly
  subscribe-to-alert-group configuration periodic monthly
  subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:8833e5bf7941396424a6244564712e36
: end
asdm image disk0:/asdm-714.bin
asdm location RFC1918 255.0.0.0 inside
asdm location client-vpn-user 255.255.255.0 inside
asdm location DNS-Server_Silverserver 255.255.255.255 inside
asdm location extern-NAT 255.255.255.255 inside
asdm location allowed-external 255.255.255.255 inside
asdm location websense1 255.255.224.0 inside
asdm location websense3 255.255.248.0 inside
asdm location websense4 255.255.248.0 inside
asdm location extern_newsletter 255.255.255.255 inside
asdm location extern_ebms 255.255.255.255 inside
asdm location wlc.hofburg.com 255.255.255.255 inside
asdm location 86.111.216.0 255.255.254.0 inside
asdm location websense6 255.255.252.0 inside
asdm location websense7 255.255.252.0 inside
asdm location websense8 255.255.254.0 inside
asdm history enable 

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Resources

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close