This is an old revision of the document!
Table of Contents
Firewall Notes
This document contains some notes on the current firewall configuration. The running firewall configuration can be exported to admin.chem.byu.edu by doing the following on admin.chem.byu.edu:
touch /tftpboot/network/firewall chmod a+rw /tftpboot/network/firewall
Then on the firewall, after running enable, enter:
write net 192.168.105.12:network/firewall
After the config is successfully written out, you will want to remove the excessive permissions on the file on admin.chem.byu.edu:
chmod go-rwx /tftpboot/network/firewall
If you want to reverse the process, you must make the file on admin.chem.byu.edu readable to the tftp server with chmod and then you can pull from it over tftp.
Firewall config and notes
: Saved : Written by admin at 12:49:34.518 MDT Tue Aug 6 2013 ! ASA Version 8.2(3) ! hostname Chemfire domain-name chem.byu.edu enable password 8Ry2YjIyt7RRXU24 encrypted passwd 2KFQnbNIdI.2KYOU encrypted
Since we need to pass multicast traffic for Campus IPTV, multicast routing must be enabled:
multicast-routing
Several host names are set to make the rules a bit easier to understand and write. However it appears there area some host names that are old and maybe obsolete:
no names name 192.168.105.10 NS1 name 192.168.105.37 Celeborn name 192.168.105.36 Galadriel name 192.168.200.6 purgatory name 192.168.103.0 net_103 name 192.168.200.50 www_ext name 192.168.104.0 net_104 name 192.168.200.0 dmz_any name 192.168.100.0 net_100 name 192.168.200.10 mail name 192.168.105.0 net_105 name 192.168.105.18 SQL name 192.168.101.0 net_101 name 192.168.105.12 Admin name 192.168.102.0 net_102 name 192.168.200.100 camera name 128.187.0.0 BYUnet_public name 10.0.0.0 BYUNet_private name 192.168.104.240 reg_240 name 192.168.101.240 reg_101 name 192.168.103.240 reg_103 name 192.168.100.240 reg_100 name 192.168.105.240 reg_105 name 192.168.100.51 nmrlab name 192.168.102.240 reg_102 name 192.168.4.0 WirelessNet name 192.168.105.16 ccs_int name 192.168.200.51 ccs_ext name 192.168.0.0 inside_any name 192.168.200.53 chemmgmt_proxy name 192.168.200.52 www_rhel5 description RHEL 5 external webserver. name 192.168.105.43 secure_rhel5 description RHEL 5 internal webserver. name 192.168.105.19 sql_rhel6 description RHEL 6 MySQL/Postgres server. name 192.168.105.58 chemmgmt-server name 192.168.105.75 pchem-server name 192.168.200.56 archiver description Ubuntu server for grad student. name 192.168.105.85 cortana name 192.168.105.38 mail-int_rhel5 description RHEL 5 internal mail server. name 192.168.200.12 mail-ext2 name 192.168.200.57 www_rhel6 description RHEL 6 external webserver. !
Interfaces
Untrusted
The main, untrusted interface is Ethernet0/0. It is assigned an address that covers all the public IP addresses that we use in the department. The address is 128.187.3.3/25, which means it effectively has addresses 3 through 126. Some of these are NATed to DMZ addresses, and some are used in a pool for outbound communications.
interface Ethernet0/0 nameif outside security-level 0 ip address 128.187.3.3 255.255.255.128 standby 128.187.3.2 !
Trusted
The following interface is used to carry all traffic from the inside, or trusted network, to the outside world, the DMZ, or VPN hosts. It is not a VLAN trunk; it's just a access port on the core's 106 VLAN (??). The core has the address 192.168.106.1, and the firewall has the address of 192.168.106.254 (with 192.168.106.253 as the backup, which becomes 106.254 when it comes into service).
interface Ethernet0/1 nameif inside security-level 100 ip address 192.168.106.254 255.255.255.0 standby 192.168.106.253 !
DMZ
Although the DMZ is not an actual VLAN, the firewall defines a subnet for it and acts as a router for DMZ traffic.
interface Ethernet0/2 nameif dmz security-level 50 ip address 192.168.200.1 255.255.255.0 standby 192.168.200.2 !
interface Ethernet0/3 shutdown no nameif no security-level no ip address !
interface Management0/0 description LAN/STATE Failover Interface !
Campus IPTV defines a multicast rendezvous point that the firewall needs to know of:
pim rp-address 10.3.3.199
boot system disk0:/asa823-k8.bin ftp mode passive clock timezone MST -7 clock summer-time MDT recurring dns server-group DefaultDNS domain-name chem.byu.edu same-security-traffic permit intra-interface
Campus IPTV comes from several multicast addresses, which we group together to make the rules easier to write:
object-group network MULTICAST_GROUPS network-object host 239.226.16.1 network-object host 239.226.16.2 network-object host 239.226.16.4 network-object host 239.226.16.7 network-object host 239.226.16.8 network-object host 239.226.16.5 network-object host 239.226.16.16 network-object host 239.226.16.6 network-object host 239.226.16.17 network-object host 239.226.16.21 network-object host 239.226.16.22 network-object host 239.226.16.3 network-object host 239.226.16.12 network-object host 239.226.16.13 network-object host 239.226.16.9 network-object host 239.226.16.14 network-object host 239.226.16.19 network-object host 239.226.16.18 network-object host 239.226.16.10 network-object host 239.226.16.11 network-object host 239.226.16.15 network-object host 239.226.16.20 network-object host 239.226.16.23 network-object host 239.226.16.24 network-object host 239.226.16.25 network-object host 239.226.16.26 network-object host 239.226.16.27 network-object host 239.226.16.28 network-object host 239.226.16.29 network-object host 239.226.16.30 network-object host 239.226.16.31 network-object host 239.226.16.32 network-object host 239.226.16.33 network-object host 239.226.16.34 network-object host 239.226.16.37 network-object host 239.226.16.35 network-object host 239.226.16.36 network-object host 239.226.16.38 network-object host 239.226.16.39 network-object host 239.226.16.40 network-object host 239.226.16.41 network-object host 239.226.16.42 network-object host 239.226.16.43 network-object host 239.226.16.44 network-object host 239.226.16.45 network-object host 239.226.16.46 network-object host 239.226.255.0 network-object host 239.226.255.1 network-object host 239.226.255.2
For convenience, a protocol group is defined to let a rule be made for both a tcp and udp port in the same line.
object-group protocol TCPUDP protocol-object udp protocol-object tcp
Access Controls Rules
From the DMZ to the Trusted Network
The following lines appear to be obsolete. the ip addresses resolve to ns1 and ns2, but neither server hosts LDAP currently. And port 88 is a kerberos port. Kerberos is at kerberos.chem.byu.edu which is really on admin.chem.byu.edu. So it appears these lines can be removed:
access-list dmz_in extended permit tcp any host 192.168.105.36 eq 88 access-list dmz_in extended permit tcp any host 192.168.105.36 eq ldap access-list dmz_in extended permit tcp any host 192.168.105.36 eq ldaps access-list dmz_in extended permit tcp any host 192.168.105.37 eq ldap access-list dmz_in extended permit tcp any host 192.168.105.37 eq ldaps
DNS and time servers need to be accessible from the DMZ:
access-list dmz_in extended permit udp any host 192.168.105.10 eq domain access-list dmz_in extended permit udp any host 192.168.105.10 eq ntp access-list dmz_in extended permit tcp any host 192.168.105.10 eq domain
Purgatory may ssh or telnet into any trusted host:
access-list dmz_in extended permit tcp host 192.168.200.6 192.168.0.0 255.255.128.0 eq ssh access-list dmz_in extended permit tcp host 192.168.200.6 192.168.0.0 255.255.128.0 eq telnet
This appears to be obsolete as well. This rule was to allow a sysadmin to ssh into purgatory and forward web connections so that the vpn concentrator could be controlled via its web interface. The VPN concentrator is now part of this firewall, so this code is useless:
access-list dmz_in extended permit tcp host 192.168.200.6 host 192.168.108.6 eq www access-list dmz_in extended permit tcp host 192.168.200.6 host 192.168.108.6 eq https
access-list dmz_in extended permit tcp host 192.168.200.6 host 192.168.105.36 eq 5900 access-list dmz_in extended permit tcp host 192.168.200.50 host 192.168.105.12 eq https access-list dmz_in extended permit tcp host 192.168.200.50 host 192.168.105.43 eq www access-list dmz_in extended permit tcp host 192.168.200.50 host 192.168.105.43 eq https access-list dmz_in extended permit tcp host 192.168.200.50 host 192.168.105.43 eq 8080 access-list dmz_in extended permit tcp host 192.168.200.50 host 192.168.105.43 eq 8180 access-list dmz_in extended permit tcp host 192.168.200.50 host 192.168.105.18 eq 3306 access-list dmz_in remark New SQL access-list dmz_in extended permit tcp host 192.168.200.50 host 192.168.105.19 eq 3306 access-list dmz_in extended permit tcp host 192.168.200.50 host 192.168.105.18 eq 5432 access-list dmz_in remark New SQL access-list dmz_in extended permit tcp host 192.168.200.50 host 192.168.105.19 eq 5432 access-list dmz_in extended permit tcp any host 192.168.105.18 eq ldap access-list dmz_in extended permit tcp any host 192.168.105.18 eq ldaps access-list dmz_in extended permit tcp any host 192.168.105.12 eq 3128 access-list dmz_in extended permit tcp host 192.168.200.10 host 192.168.105.18 eq 5432 access-list dmz_in extended permit tcp host 192.168.200.10 host 192.168.105.19 eq 5432 access-list dmz_in extended permit tcp host 192.168.200.10 host 192.168.105.18 eq 3306 access-list dmz_in extended permit tcp host 192.168.200.10 host 192.168.105.19 eq 3306 access-list dmz_in extended permit tcp host 192.168.200.52 host 192.168.105.12 eq https access-list dmz_in extended permit tcp host 192.168.200.57 host 192.168.105.12 eq https inactive access-list dmz_in extended permit tcp host 192.168.200.52 host 192.168.105.18 eq 3306 inactive access-list dmz_in remark New SQL access-list dmz_in extended permit tcp host 192.168.200.57 host 192.168.105.19 eq 3306 access-list dmz_in remark New SQL access-list dmz_in extended permit tcp host 192.168.200.52 host 192.168.105.19 eq 3306 access-list dmz_in extended permit tcp host 192.168.200.52 host 192.168.105.18 eq 5432 inactive access-list dmz_in remark New SQL access-list dmz_in extended permit tcp host 192.168.200.52 host 192.168.105.19 eq 5432 access-list dmz_in remark New SQL access-list dmz_in extended permit tcp host 192.168.200.57 host 192.168.105.19 eq 5432 access-list dmz_in extended permit tcp host 192.168.200.52 host 192.168.105.38 eq www access-list dmz_in extended permit tcp host 192.168.200.52 host 192.168.105.38 eq https access-list dmz_in extended permit tcp host 192.168.200.52 host 192.168.105.38 eq 8080 access-list dmz_in extended permit tcp host 192.168.200.52 host 192.168.105.38 eq 8081 access-list dmz_in extended permit tcp host 192.168.200.50 host 192.168.105.43 eq 8081 access-list dmz_in extended permit icmp any any access-list dmz_in extended permit tcp host 192.168.200.10 any eq smtp access-list dmz_in extended permit tcp host 192.168.200.10 any eq domain access-list dmz_in extended permit tcp host 192.168.200.10 any eq ident access-list dmz_in extended permit udp host 192.168.200.10 any eq 113 access-list dmz_in extended permit udp host 192.168.200.10 any eq domain access-list dmz_in extended permit tcp host 192.168.200.6 128.187.0.0 255.255.0.0 eq ssh access-list dmz_in extended permit tcp host 192.168.200.6 128.187.0.0 255.255.0.0 eq ftp access-list dmz_in extended permit tcp host 192.168.200.6 128.187.0.0 255.255.0.0 eq 8500 access-list dmz_in extended permit tcp host 192.168.200.6 10.0.0.0 255.0.0.0 eq ssh access-list dmz_in extended permit tcp host 192.168.200.6 10.0.0.0 255.0.0.0 eq ftp access-list dmz_in extended permit tcp host 192.168.200.52 host 192.168.105.43 eq www access-list dmz_in extended permit tcp host 192.168.200.52 host 192.168.105.43 eq https access-list dmz_in extended permit tcp host 192.168.200.52 host 192.168.105.43 eq 8080 access-list dmz_in extended permit tcp host 192.168.200.52 host 192.168.105.43 eq 8180 access-list dmz_in extended permit tcp any host 192.168.105.12 eq ldap access-list dmz_in extended permit tcp any host 192.168.105.12 eq ldaps access-list dmz_in extended permit tcp host 192.168.200.52 host 192.168.105.12 eq ssh access-list dmz_in extended permit tcp any host 192.168.105.45 eq ldap access-list dmz_in extended permit tcp any host 192.168.105.45 eq ldaps access-list dmz_in extended permit udp any host 192.168.105.36 eq 88 access-list dmz_in extended permit tcp host 192.168.200.52 host 192.168.105.43 eq 8081 access-list dmz_in extended permit tcp host 192.168.200.52 host 192.168.105.43 eq 8009 access-list dmz_in extended permit tcp host 192.168.200.52 host 192.168.105.75 eq www access-list dmz_in extended permit tcp host 192.168.200.52 host 192.168.105.43 eq 8010 access-list dmz_in extended permit tcp any host 192.168.105.13 eq ldap access-list dmz_in extended permit tcp any host 192.168.105.13 eq ldaps access-list dmz_in extended permit tcp any host 192.168.101.150 eq ldap access-list dmz_in extended permit tcp any host 192.168.101.150 eq ldaps access-list dmz_in extended permit tcp host 192.168.200.10 host 192.168.105.90 eq 5432 access-list dmz_in extended permit tcp host 192.168.200.10 host 192.168.105.90 eq 3306 access-list dmz_in extended permit tcp host 192.168.200.52 host 192.168.105.90 eq 3306 access-list dmz_in extended permit tcp host 192.168.200.52 host 192.168.105.90 eq 5432 access-list dmz_in extended permit tcp host 192.168.200.10 host 192.168.105.43 eq https access-list dmz_in extended permit udp any host 192.168.105.50 eq 88 access-list dmz_in extended permit tcp any host 192.168.105.50 eq 88 access-list dmz_in extended permit tcp any host 192.168.105.50 eq ldap access-list dmz_in extended permit tcp any host 192.168.105.50 eq ldaps access-list dmz_in extended permit tcp host 192.168.200.10 any eq 2703 access-list dmz_in extended permit tcp host 192.168.200.50 host 192.168.105.43 eq 8181 access-list dmz_in extended permit tcp host 192.168.200.52 host 192.168.105.38 eq 8181 access-list dmz_in extended permit tcp host 192.168.200.52 host 192.168.105.43 eq 8181 access-list dmz_in extended permit tcp host 192.168.200.52 host 192.168.105.58 eq www access-list dmz_in extended permit tcp host 192.168.200.52 host 192.168.105.58 eq https access-list dmz_in extended permit tcp host 192.168.200.52 host 192.168.105.58 eq 8080 access-list dmz_in extended permit tcp host 192.168.200.52 host 192.168.105.58 eq 8081 access-list dmz_in extended permit tcp host 192.168.200.60 192.168.0.0 255.255.128.0 eq ssh access-list dmz_in extended permit tcp host 192.168.200.62 192.168.0.0 255.255.128.0 eq ssh access-list dmz_in extended permit tcp host 192.168.200.61 192.168.0.0 255.255.128.0 eq ssh access-list dmz_in extended permit tcp any host 192.168.105.54 eq 2222 access-list dmz_in extended permit tcp host 192.168.200.12 host 192.168.105.18 eq 5432 access-list dmz_in extended permit tcp host 192.168.200.12 host 192.168.105.19 eq 5432 access-list dmz_in extended permit tcp host 192.168.200.12 host 192.168.105.18 eq 3306 access-list dmz_in extended permit tcp host 192.168.200.12 host 192.168.105.19 eq 3306 access-list dmz_in extended permit tcp host 192.168.200.12 host 192.168.105.43 eq https access-list dmz_in extended permit tcp host 192.168.200.10 host 192.168.105.38 eq imap4 access-list dmz_in extended permit tcp host 192.168.200.10 host 192.168.105.38 eq pop3 access-list dmz_in extended permit tcp host 192.168.200.10 host 192.168.105.38 eq 995 access-list dmz_in extended permit tcp host 192.168.200.10 host 192.168.105.38 eq 993 access-list dmz_in extended permit tcp host 192.168.200.52 host 192.168.105.38 eq imap4 access-list dmz_in extended permit tcp host 192.168.200.52 host 192.168.105.38 eq pop3 access-list dmz_in extended permit tcp host 192.168.200.52 host 192.168.105.38 eq 995 access-list dmz_in extended permit tcp host 192.168.200.52 host 192.168.105.38 eq 993 access-list dmz_in extended permit tcp host 192.168.200.52 host 192.168.105.38 eq smtp access-list dmz_in extended permit tcp host 192.168.200.52 host 192.168.105.62 eq ssh access-list dmz_in extended permit tcp host 192.168.200.52 any eq domain access-list dmz_in extended permit tcp host 192.168.200.57 any eq domain access-list dmz_in extended permit udp host 192.168.200.52 any eq domain access-list dmz_in extended permit udp host 192.168.200.57 any eq domain access-list dmz_in extended permit tcp host 192.168.200.12 host 192.168.105.38 eq 993 access-list dmz_in extended permit tcp host 192.168.200.12 host 192.168.105.38 eq 995 access-list dmz_in extended permit tcp host 192.168.200.12 host 192.168.105.38 eq imap4 access-list dmz_in extended permit tcp host 192.168.200.12 host 192.168.105.38 eq pop3 access-list dmz_in extended permit tcp host 192.168.200.12 host 192.168.105.90 eq 3306 access-list dmz_in extended permit tcp host 192.168.200.12 host 192.168.105.90 eq 5432 access-list dmz_in extended permit tcp host 192.168.200.12 host 192.168.105.12 eq ssh access-list dmz_in extended permit tcp host 192.168.200.10 host 192.168.105.12 eq ssh access-list dmz_in extended permit tcp host 192.168.200.12 any eq 2703 access-list dmz_in extended permit tcp host 192.168.200.12 any eq domain access-list dmz_in extended permit tcp host 192.168.200.12 any eq ident access-list dmz_in extended permit tcp host 192.168.200.12 any eq smtp access-list dmz_in extended permit tcp host 192.168.200.12 host 192.168.105.38 eq www access-list dmz_in extended permit tcp host 192.168.200.10 host 192.168.105.38 eq www access-list dmz_in extended permit tcp host 192.168.200.10 host 192.168.105.38 eq https access-list dmz_in extended permit tcp host 192.168.200.12 host 192.168.105.38 eq https access-list dmz_in extended permit tcp host 192.168.200.52 host 192.168.105.56 eq www access-list dmz_in extended permit tcp host 192.168.200.10 host 192.168.105.82 eq pop3 access-list dmz_in extended permit tcp host 192.168.200.10 host 192.168.105.82 eq imap4 access-list dmz_in extended permit tcp host 192.168.200.10 host 192.168.105.82 eq 993 access-list dmz_in extended permit tcp host 192.168.200.10 host 192.168.105.82 eq 995 access-list dmz_in extended permit tcp host 192.168.200.6 host 192.168.111.26 eq 9100 access-list dmz_in extended permit tcp host 192.168.200.55 host 192.168.105.12 eq https access-list dmz_in extended permit tcp host 192.168.200.55 host 192.168.105.43 eq www access-list dmz_in extended permit tcp host 192.168.200.55 host 192.168.105.43 eq https access-list dmz_in extended permit tcp host 192.168.200.55 host 192.168.105.43 eq 8080 access-list dmz_in extended permit tcp host 192.168.200.55 host 192.168.105.43 eq 8180 access-list dmz_in extended permit tcp host 192.168.200.55 host 192.168.105.18 eq 3306 inactive access-list dmz_in extended permit tcp host 192.168.200.55 host 192.168.105.19 eq 3306 access-list dmz_in extended permit tcp host 192.168.200.55 host 192.168.105.18 eq 5432 inactive access-list dmz_in extended permit tcp host 192.168.200.55 host 192.168.105.19 eq 5432 access-list dmz_in extended permit tcp host 192.168.200.55 host 192.168.105.56 eq www access-list dmz_in extended permit tcp host 192.168.200.55 any eq www access-list dmz_in extended permit tcp host 192.168.200.55 host 192.168.105.12 eq ssh access-list dmz_in extended permit tcp host 192.168.200.52 any eq www access-list dmz_in extended permit tcp host 192.168.200.54 host 192.168.105.18 eq 3306 inactive access-list dmz_in extended permit tcp host 192.168.200.54 host 192.168.105.19 eq 3306 access-list dmz_in extended permit udp any host 192.168.105.11 eq domain access-list dmz_in extended permit udp any host 192.168.105.65 eq domain access-list dmz_in extended permit udp any host 192.168.105.64 eq domain access-list dmz_in extended permit udp any host 192.168.105.63 eq domain access-list dmz_in extended permit udp any host 192.168.105.62 eq domain access-list dmz_in extended permit udp any host 192.168.105.61 eq domain access-list dmz_in extended permit udp any host 192.168.105.60 eq domain access-list dmz_in extended permit tcp host 192.168.200.13 host 192.168.105.12 eq ssh access-list dmz_in extended permit tcp host 192.168.200.13 host 192.168.105.38 eq 993 access-list dmz_in extended permit tcp host 192.168.200.13 host 192.168.105.38 eq 995 access-list dmz_in extended permit tcp host 192.168.200.13 host 192.168.105.38 eq imap4 access-list dmz_in extended permit tcp host 192.168.200.13 host 192.168.105.38 eq pop3 access-list dmz_in extended permit tcp host 192.168.200.60 host 192.168.105.18 eq 3306 inactive access-list dmz_in extended permit tcp host 192.168.200.60 host 192.168.105.19 eq 3306 access-list dmz_in extended permit tcp host 192.168.200.10 host 192.168.105.83 eq imap4 access-list dmz_in extended permit tcp host 192.168.200.10 host 192.168.105.83 eq pop3 access-list dmz_in extended permit tcp host 192.168.200.12 host 192.168.105.83 eq imap4 access-list dmz_in extended permit tcp host 192.168.200.12 host 192.168.105.83 eq pop3 access-list dmz_in extended permit tcp any host 192.168.105.12 eq 88 access-list dmz_in extended permit udp any host 192.168.105.12 eq 88 access-list dmz_in extended permit tcp host 192.168.200.52 host 192.168.105.12 eq 8877 access-list dmz_in extended permit tcp host 192.168.200.52 host 192.168.105.12 eq 8878 access-list dmz_in extended permit tcp host 192.168.200.57 host 192.168.105.12 eq 8877 access-list dmz_in extended permit tcp host 192.168.200.57 host 192.168.105.12 eq 8878 access-list dmz_in extended permit tcp host 192.168.200.61 host 192.168.105.18 eq 3306 inactive access-list dmz_in extended permit tcp host 192.168.200.61 host 192.168.105.19 eq 3306 access-list dmz_in extended permit tcp any host 192.168.105.85 eq ssh access-list dmz_in remark Rules for “archiver,” a server for a graduate student in Dr. Prince's lab. access-list dmz_in extended permit tcp host 192.168.200.56 any eq www access-list dmz_in remark Rules for “archiver,” a server for a graduate student in Dr. Prince's lab. access-list dmz_in extended permit tcp host 192.168.200.56 any eq https access-list dmz_in extended permit tcp host 192.168.200.57 any eq www access-list dmz_in extended permit tcp host 192.168.200.57 any eq https access-list inside_in extended permit icmp any any access-list inside_in extended permit ip any any access-list outside_in remark Block access From C&C Server access-list outside_in extended deny ip host 208.73.210.29 any access-list outside_in remark Block access to a Trojan.VBCrypt's C&C server. access-list outside_in extended deny ip host 50.17.199.47 any access-list outside_in remark Block access to a Trojan.Refroso's C&C server. access-list outside_in extended deny ip host 121.14.231.53 any access-list outside_in remark Block access to a Trojan.Refroso's C&C server. access-list outside_in extended deny ip host 121.14.231.54 any access-list outside_in remark Block access to a Trojan.Refroso's C&C server. access-list outside_in extended deny ip host 121.14.231.55 any access-list outside_in remark Block access to a Trojan.Refroso's C&C server. access-list outside_in extended deny ip host 121.14.231.72 any access-list outside_in remark Block access to a Trojan.Refroso's C&C server. access-list outside_in extended deny object-group TCPUDP host 121.14.231.53 any access-list outside_in remark Block access to a Trojan.Refroso's C&C server. access-list outside_in extended deny object-group TCPUDP host 121.14.231.54 any access-list outside_in remark Block access to a Trojan.Refroso's C&C server. access-list outside_in extended deny object-group TCPUDP host 121.14.231.55 any access-list outside_in remark Block access to a Trojan.Refroso's C&C server. access-list outside_in extended deny object-group TCPUDP host 121.14.231.72 any access-list outside_in remark Pass through for Life Sciences' webcam. access-list outside_in extended permit tcp host 128.187.102.173 host 128.187.3.50 eq 8080 access-list outside_in remark Pass through for Life Sciences' webcam. access-list outside_in extended permit tcp host 128.187.102.173 host 128.187.3.50 eq 8888 access-list outside_in remark Pass through from Garrett's home machine to Life Sciences' webcam. access-list outside_in extended permit tcp host 69.169.159.33 host 128.187.3.50 eq 8080 access-list outside_in remark Pass through from Garrett's home machine to Life Sciences' webcam. access-list outside_in extended permit tcp host 69.169.159.33 host 128.187.3.50 eq 8888 access-list outside_in extended permit tcp any host 128.187.3.6 eq ftp access-list outside_in extended permit tcp any host 128.187.3.6 eq ssh access-list outside_in extended permit tcp any host 128.187.3.6 eq telnet access-list outside_in extended permit tcp any host 128.187.3.5 eq smtp access-list outside_in extended permit tcp any host 128.187.3.5 eq domain access-list outside_in extended permit tcp any host 128.187.3.5 eq www access-list outside_in extended permit tcp any host 128.187.3.5 eq pop3 access-list outside_in extended permit tcp any host 128.187.3.5 eq imap4 access-list outside_in extended permit tcp any host 128.187.3.5 eq 993 access-list outside_in extended permit tcp any host 128.187.3.5 eq 995 access-list outside_in extended permit udp any host 128.187.3.5 eq domain access-list outside_in extended permit tcp any host 128.187.3.7 eq www access-list outside_in extended permit tcp any host 128.187.3.7 eq https access-list outside_in extended permit tcp any host 128.187.3.7 eq 8080 access-list outside_in extended permit tcp any host 128.187.3.9 eq www access-list outside_in extended permit tcp any host 128.187.3.9 eq https access-list outside_in extended permit tcp any host 128.187.3.9 eq 8080 access-list outside_in extended permit tcp any host 128.187.3.10 eq www access-list outside_in extended permit tcp any host 128.187.3.10 eq 8080 access-list outside_in extended permit tcp any host 128.187.3.10 eq https access-list outside_in extended permit tcp any host 128.187.3.11 eq www access-list outside_in extended permit tcp any host 128.187.3.11 eq 8080 access-list outside_in extended permit tcp any host 128.187.3.11 eq https access-list outside_in extended permit tcp any host 128.187.3.12 eq www access-list outside_in extended permit tcp any host 128.187.3.12 eq 8080 access-list outside_in extended permit tcp any host 128.187.3.12 eq https access-list outside_in extended permit tcp any host 128.187.3.8 eq www access-list outside_in extended permit tcp any host 128.187.3.8 eq https access-list outside_in extended permit icmp any host 128.187.3.6 access-list outside_in extended permit icmp any host 128.187.3.5 access-list outside_in extended permit icmp any host 128.187.3.7 access-list outside_in extended permit icmp any host 128.187.3.8 access-list outside_in extended permit icmp any host 128.187.3.9 access-list outside_in extended permit icmp any host 128.187.3.10 access-list outside_in extended permit icmp any host 128.187.3.11 access-list outside_in extended permit icmp any host 128.187.3.12 access-list outside_in extended permit icmp any host 128.187.3.13 access-list outside_in extended permit icmp any any echo-reply access-list outside_in extended permit tcp any host 128.187.3.5 eq https access-list outside_in extended permit tcp any host 128.187.3.5 eq 465 access-list outside_in extended permit icmp any host 128.187.3.14 access-list outside_in extended permit tcp any host 128.187.3.14 eq www access-list outside_in extended permit tcp any host 128.187.3.14 eq ssh access-list outside_in extended permit icmp any host 128.187.3.4 access-list outside_in extended permit tcp any host 128.187.3.4 eq 9999 access-list outside_in extended permit tcp any host 128.187.3.14 eq 3389 access-list outside_in extended permit icmp any any access-list outside_in extended permit tcp any host 128.187.3.9 eq smtp access-list outside_in extended permit tcp any host 128.187.3.9 eq 8181 access-list outside_in extended permit tcp any host 128.187.3.4 eq 9002 access-list outside_in extended permit tcp any host 128.187.3.4 eq 9003 access-list outside_in extended permit tcp any host 128.187.3.4 eq 9005 access-list outside_in extended permit tcp any host 128.187.3.9 eq pop3 access-list outside_in extended permit tcp any host 128.187.3.9 eq imap4 access-list outside_in extended permit tcp any host 128.187.3.9 eq 993 access-list outside_in extended permit tcp any host 128.187.3.9 eq 995 access-list outside_in extended permit tcp any host 128.187.3.15 eq 465 access-list outside_in extended permit tcp any host 128.187.3.15 eq 993 access-list outside_in extended permit tcp any host 128.187.3.15 eq 995 access-list outside_in extended permit tcp any host 128.187.3.15 eq domain access-list outside_in extended permit tcp any host 128.187.3.15 eq imap4 access-list outside_in extended permit tcp any host 128.187.3.15 eq pop3 access-list outside_in extended permit tcp any host 128.187.3.15 eq smtp access-list outside_in extended permit tcp any host 128.187.3.15 eq www access-list outside_in extended permit tcp any host 128.187.3.15 eq https access-list outside_in extended permit udp any host 128.187.3.15 eq domain access-list outside_in extended permit ip any object-group MULTICAST_GROUPS access-list outside_in extended permit tcp any host 128.187.3.6 eq 5500 access-list outside_in remark Xirrus Wireless Access Point to Radius Server access-list outside_in extended permit udp host 10.3.92.253 host 128.187.3.5 eq 1812 access-list outside_in remark Xirrus Wireless Access Point to Radius Server access-list outside_in extended permit udp host 10.3.92.253 host 128.187.3.5 eq 1813 access-list outside_in remark Xirrus Wireless Access Point to Radius Server access-list outside_in extended permit udp host 10.3.92.253 host 128.187.3.15 eq 1812 access-list outside_in remark Xirrus Wireless Access Point to Radius Server access-list outside_in extended permit udp host 10.3.92.253 host 128.187.3.15 eq 1813 access-list outside_in extended permit udp host 10.23.7.18 host 128.187.3.5 eq 1812 access-list outside_in extended permit udp host 10.23.7.18 host 128.187.3.15 eq 1812 access-list outside_in extended permit udp host 10.23.7.19 host 128.187.3.5 eq 1812 access-list outside_in extended permit udp host 10.23.7.19 host 128.187.3.15 eq 1812 access-list outside_in extended permit udp host 10.23.7.20 host 128.187.3.5 eq 1812 access-list outside_in extended permit udp host 10.23.7.20 host 128.187.3.15 eq 1812 access-list outside_in extended permit udp host 10.23.7.21 host 128.187.3.5 eq 1812 access-list outside_in extended permit udp host 10.23.7.21 host 128.187.3.15 eq 1812 access-list outside_in extended permit udp host 10.23.8.2 host 128.187.3.5 eq 1812 access-list outside_in extended permit udp host 10.23.8.2 host 128.187.3.5 eq 1813 access-list outside_in extended permit udp host 10.23.8.2 host 128.187.3.15 eq 1812 access-list outside_in extended permit udp host 10.23.8.2 host 128.187.3.15 eq 1813 access-list outside_in extended permit udp host 10.23.8.251 host 128.187.3.5 eq 1812 access-list outside_in extended permit udp host 10.23.8.251 host 128.187.3.5 eq 1813 access-list outside_in extended permit udp host 10.23.8.251 host 128.187.3.15 eq 1812 access-list outside_in extended permit udp host 10.23.8.251 host 128.187.3.15 eq 1813 access-list outside_in extended permit tcp 128.187.0.0 255.255.0.0 host 128.187.3.12 eq ssh access-list outside_in extended permit tcp 10.0.0.0 255.0.0.0 host 128.187.3.12 eq ssh access-list outside_in extended permit tcp any host 128.187.3.5 eq 3210 access-list outside_in extended permit tcp any host 128.187.3.15 eq 3210 access-list outside_in extended permit tcp any host 128.187.3.9 eq 1443 access-list outside_in extended permit tcp any host 128.187.3.5 eq 587 access-list outside_in extended permit tcp any host 128.187.3.115 eq 587 access-list VPN-BYU-NETS-SPLIT extended permit ip 192.168.100.0 255.255.255.0 192.168.108.0 255.255.255.0 access-list VPN-BYU-NETS-SPLIT extended permit ip 192.168.101.0 255.255.255.0 192.168.108.0 255.255.255.0 access-list VPN-BYU-NETS-SPLIT extended permit ip 192.168.102.0 255.255.255.0 192.168.108.0 255.255.255.0 access-list VPN-BYU-NETS-SPLIT extended permit ip 192.168.103.0 255.255.255.0 192.168.108.0 255.255.255.0 access-list VPN-BYU-NETS-SPLIT extended permit ip 192.168.104.0 255.255.255.0 192.168.108.0 255.255.255.0 access-list VPN-BYU-NETS-SPLIT extended permit ip 192.168.105.0 255.255.255.0 192.168.108.0 255.255.255.0 access-list VPN-BYU-NETS-SPLIT extended permit ip 192.168.200.0 255.255.255.0 192.168.108.0 255.255.255.0 access-list VPN-BYU-NETS-SPLIT extended permit ip 10.8.0.0 255.255.0.0 192.168.108.0 255.255.255.0 access-list VPN-BYU-NETS-SPLIT extended permit ip 10.0.0.0 255.0.0.0 192.168.108.0 255.255.255.0 access-list NO-NAT extended permit ip 192.168.100.0 255.255.255.0 192.168.108.0 255.255.255.0 access-list NO-NAT extended permit ip 192.168.101.0 255.255.255.0 192.168.108.0 255.255.255.0 access-list NO-NAT extended permit ip 192.168.102.0 255.255.255.0 192.168.108.0 255.255.255.0 access-list NO-NAT extended permit ip 192.168.103.0 255.255.255.0 192.168.108.0 255.255.255.0 access-list NO-NAT extended permit ip 192.168.104.0 255.255.255.0 192.168.108.0 255.255.255.0 access-list NO-NAT extended permit ip 192.168.105.0 255.255.255.0 192.168.108.0 255.255.255.0 access-list NO-NAT extended permit ip 192.168.200.0 255.255.255.0 192.168.108.0 255.255.255.0 access-list NO-NAT extended permit ip 10.8.0.0 255.255.0.0 192.168.108.0 255.255.255.0 access-list NO-NAT extended permit ip 10.0.0.0 255.0.0.0 192.168.108.0 255.255.255.0 access-list inside_access_in remark Posible compromised machine registered to Daniel Austin. access-list inside_access_in extended deny ip host 192.168.102.81 any access-list inside_access_in remark Block access to C&C Server access-list inside_access_in extended deny ip any host 208.73.210.29 access-list inside_access_in remark Block access to a Trojan.VBCrypt's C&C server. access-list inside_access_in extended deny ip any host 50.17.199.47 access-list inside_access_in remark Block access to a Trojan.Refroso's C&C server. access-list inside_access_in extended deny ip any host 121.14.231.53 access-list inside_access_in remark Block access to a Trojan.Refroso's C&C server. access-list inside_access_in extended deny ip any host 121.14.231.54 access-list inside_access_in remark Block access to a Trojan.Refroso's C&C server. access-list inside_access_in extended deny ip any host 121.14.231.55 access-list inside_access_in remark Block access to a Trojan.Refroso's C&C server. access-list inside_access_in extended deny ip any host 121.14.231.72 access-list inside_access_in remark Block access to a Trojan.Refroso's C&C server. access-list inside_access_in extended deny object-group TCPUDP any host 121.14.231.53 access-list inside_access_in remark Block access to a Trojan.Refroso's C&C server. access-list inside_access_in extended deny object-group TCPUDP any host 121.14.231.54 access-list inside_access_in remark Block access to a Trojan.Refroso's C&C server. access-list inside_access_in extended deny object-group TCPUDP any host 121.14.231.55 access-list inside_access_in remark Block access to a Trojan.Refroso's C&C server. access-list inside_access_in extended deny object-group TCPUDP any host 121.14.231.72 access-list inside_access_in remark Allow CSR access to software.byu.edu. access-list inside_access_in extended permit ip 192.168.105.0 255.255.255.0 host 128.187.16.167 inactive access-list inside_access_in remark Deny access to software.byu.edu. access-list inside_access_in extended deny ip any host 128.187.16.167 inactive access-list inside_access_in extended permit ip any host 128.187.16.167 access-list inside_access_in extended permit ip any 192.168.200.0 255.255.255.0 access-list inside_access_in extended permit tcp any 192.168.200.0 255.255.255.0 eq ssh inactive access-list inside_access_in extended permit tcp any 192.168.200.0 255.255.255.0 eq www inactive access-list inside_access_in extended permit tcp any 192.168.200.0 255.255.255.0 eq https inactive access-list inside_access_in extended permit tcp any 128.187.0.0 255.255.0.0 eq hostname inactive access-list inside_access_in extended permit tcp host 192.168.105.10 10.8.0.0 255.255.0.0 inactive access-list inside_access_in extended permit ip any any access-list public_access_in extended permit object-group TCPUDP any any eq www access-list public_access_in extended permit tcp any any eq https pager lines 24 logging enable logging timestamp logging buffer-size 40960 logging monitor informational logging buffered informational logging history informational logging asdm informational logging host inside 192.168.105.12 mtu outside 1500 mtu inside 1500 mtu dmz 1500 ip local pool VPN-POOL 192.168.108.1-192.168.108.254 failover failover lan unit primary failover lan interface FAIL Management0/0 failover link FAIL Management0/0 failover interface ip FAIL 192.168.254.1 255.255.255.0 standby 192.168.254.2 icmp unreachable rate-limit 1 burst-size 1 icmp permit any outside icmp permit any inside icmp permit any dmz asdm image disk0:/asdm-633.bin no asdm history enable arp timeout 14400 global (outside) 1 128.187.3.17-128.187.3.29 global (outside) 1 128.187.3.30 nat (outside) 0 access-list NO-NAT nat (outside) 1 192.168.108.0 255.255.255.0 nat (inside) 0 access-list NO-NAT nat (inside) 1 192.168.0.0 255.255.128.0 nat (dmz) 0 access-list NO-NAT static (dmz,outside) 128.187.3.5 192.168.200.10 netmask 255.255.255.255 static (dmz,outside) 128.187.3.4 192.168.200.100 netmask 255.255.255.255 static (dmz,outside) 128.187.3.6 192.168.200.6 netmask 255.255.255.255 static (dmz,outside) 128.187.3.8 192.168.200.51 netmask 255.255.255.255 static (dmz,outside) 128.187.3.9 192.168.200.52 netmask 255.255.255.255 static (dmz,outside) 128.187.3.10 192.168.200.53 netmask 255.255.255.255 static (dmz,outside) 128.187.3.11 192.168.200.54 netmask 255.255.255.255 static (dmz,outside) 128.187.3.12 192.168.200.55 netmask 255.255.255.255 static (dmz,outside) 128.187.3.13 192.168.200.56 netmask 255.255.255.255 static (inside,dmz) 192.168.105.0 192.168.105.0 netmask 255.255.255.0 static (inside,dmz) 192.168.100.0 192.168.100.0 netmask 255.255.255.0 static (inside,dmz) 192.168.101.0 192.168.101.0 netmask 255.255.255.0 static (inside,dmz) 192.168.102.0 192.168.102.0 netmask 255.255.255.0 static (inside,dmz) 192.168.103.0 192.168.103.0 netmask 255.255.255.0 static (inside,dmz) 192.168.104.0 192.168.104.0 netmask 255.255.255.0 static (inside,dmz) 192.168.4.0 192.168.4.0 netmask 255.255.252.0 static (inside,dmz) 192.168.122.0 192.168.122.0 netmask 255.255.255.0 static (inside,dmz) 192.168.111.0 192.168.111.0 netmask 255.255.255.0 static (inside,outside) 128.187.3.50 192.168.102.26 netmask 255.255.255.255 static (dmz,outside) 128.187.3.14 192.168.200.57 netmask 255.255.255.255 static (dmz,outside) 128.187.3.15 192.168.200.12 netmask 255.255.255.255 access-group outside_in in interface outside access-group inside_access_in in interface inside access-group dmz_in in interface dmz route outside 0.0.0.0 0.0.0.0 128.187.3.1 1 route inside 192.168.4.0 255.255.252.0 192.168.106.1 1 route inside 192.168.100.0 255.255.255.0 192.168.106.1 1 route inside 192.168.101.0 255.255.255.0 192.168.106.1 1 route inside 192.168.102.0 255.255.255.0 192.168.106.1 1 route inside 192.168.103.0 255.255.255.0 192.168.106.1 1 route inside 192.168.104.0 255.255.255.0 192.168.106.1 1 route inside 192.168.105.0 255.255.255.0 192.168.106.1 1 route inside 192.168.111.0 255.255.255.0 192.168.106.1 1 route inside 192.168.122.0 255.255.255.0 192.168.106.1 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 dynamic-access-policy-record DfltAccessPolicy aaa-server RADIUS-VPN protocol radius aaa-server RADIUS-VPN (inside) host 192.168.105.12 key chemistry authentication-port 1812 accounting-port 1813 aaa authentication ssh console LOCAL aaa authentication enable console LOCAL aaa authentication telnet console LOCAL aaa authentication http console LOCAL aaa authentication serial console LOCAL aaa authentication secure-http-client http server enable http 192.168.106.0 255.255.255.0 inside http 192.168.105.0 255.255.255.0 inside http 174.52.36.203 255.255.255.255 outside http redirect outside 80 snmp-server host inside 192.168.105.12 community chemistry snmp-server location ServerRoom snmp-server contact Chemistry CSRs snmp-server community chemistry snmp-server enable traps snmp authentication linkup linkdown coldstart service resetoutside crypto ipsec transform-set ESP-AES-SHA esp-aes esp-sha-hmac crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac crypto ipsec security-association lifetime seconds 28800 crypto ipsec security-association lifetime kilobytes 4608000 crypto dynamic-map DYN-VPN-MAP 100 set transform-set ESP-AES-256-SHA ESP-AES-SHA ESP-3DES-SHA crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP crypto map outside_map interface outside crypto ca trustpoint firewall_internal_digicert keypair firewall_internal_digicert no client-types crl configure crypto ca trustpoint chemca enrollment terminal crl configure crypto ca trustpoint testing subject-name CN=vpn.chem.byu.edu keypair testing crl configure crypto ca trustpoint chemca_vpncert enrollment terminal subject-name CN=vpn.chem.byu.edu crl configure crypto ca trustpoint DigiCertCA enrollment terminal crl configure crypto ca trustpoint DigiCertCA-RGTest enrollment terminal no client-types crl configure crypto ca trustpoint DigiCertCA2-RGTest enrollment terminal crl configure crypto ca certificate chain firewall_internal_digicert certificate 0ea54a4ad3a54290a6ed9e79fc5e6697
30820728 30820610 a0030201 0202100e a54a4ad3 a54290a6 ed9e79fc 5e669730 0d06092a 864886f7 0d010105 05003066 310b3009 06035504 06130255 53311530 13060355 040a130c 44696769 43657274 20496e63 31193017 06035504 0b131077 77772e64 69676963 6572742e 636f6d31 25302306 03550403 131c4469 67694365 72742048 69676820 41737375 72616e63 65204341 2d33301e 170d3130 31313039 30303030 30305a17 0d313331 31313232 33353935 395a3081 94310b30 09060355 04061302 5553310d 300b0603 55040813 04557461 68310e30 0c060355 04071305 50726f76 6f312130 1f060355 040a1318 42726967 68616d20 596f756e 6720556e 69766572 73697479 31233021 06035504 0b131a43 68656d69 73747279 20616e64 2042696f 6368656d 69737472 79311e30 1c060355 04031315 66697265 77616c6c 2e636865 6d2e6279 752e6564 75308201 22300d06 092a8648 86f70d01 01010500 0382010f 00308201 0a028201 0100aef1 20597d4f c3770e17 4d237999 09e88dec 696d03b4 e04e8599 c989ee09 dc51ced4 23631a49 fb3bed0b 5f594dcf 335be7f8 701a653f 033efba4 d84e308b 64cd1b6c 87cb0f98 d923786f 95dc9493 f8c31259 b3536e25 fbc0fc6f 1fdf2b51 849882ba 7ac67df8 3ad4ff63 cc46d218 19df7f7c 631d5e03 eb6e29bc 1d005aba 7d743521 0f6d97fa 576daffa 807ba925 997cc8e0 bf9e0c07 940819eb a5c7ed25 c7186243 1aaaa3e2 8b573fdb 3db615e5 0a472f7b d15642b4 60b149bb 90969e49 d3e4a7e6 0ac745b6 e562812f e7220a31 849e6043 f61e328c 01364f9a 455c2605 44bd162f 6d8864e7 e91e18e3 c0b0b94b c99eb425 d7ca6cbb 0f992097 05825e40 7c830203 010001a3 8203a130 82039d30 1f060355 1d230418 30168014 50ea7389 db29fb10 8f9ee501 20d4de79 994883f7 301d0603 551d0e04 160414bc 47e4024f 223285e3 31c3c312 54ae4dae 93b17e30 70060355 1d110469 30678215 66697265 77616c6c 2e636865 6d2e6279 752e6564 75820866 69726577 616c6c82 16666972 6577616c 6c312e63 68656d2e 6279752e 65647582 16666972 6577616c 6c322e63 68656d2e 6279752e 65647582 09666972 6577616c 6c318209 66697265 77616c6c 32307b06 082b0601 05050701 01046f30 6d302406 082b0601 05050730 01861868 7474703a 2f2f6f63 73702e64 69676963 6572742e 636f6d30 4506082b 06010505 07300286 39687474 703a2f2f 63616365 7274732e 64696769 63657274 2e636f6d 2f446967 69436572 74486967 68417373 7572616e 63654341 2d332e63 7274300e 0603551d 0f0101ff 04040302 05a0300c 0603551d 130101ff 04023000 30650603 551d1f04 5e305c30 2ca02aa0 28862668 7474703a 2f2f6372 6c332e64 69676963 6572742e 636f6d2f 6361332d 32303130 682e6372 6c302ca0 2aa02886 26687474 703a2f2f 63726c34 2e646967 69636572 742e636f 6d2f6361 332d3230 3130682e 63726c30 8201c606 03551d20 048201bd 308201b9 308201b5 060b6086 480186fd 6c010300 01308201 a4303a06 082b0601 05050702 01162e68 7474703a 2f2f7777 772e6469 67696365 72742e63 6f6d2f73 736c2d63 70732d72 65706f73 69746f72 792e6874 6d308201 6406082b 06010505 07020230 8201561e 82015200 41006e00 79002000 75007300 65002000 6f006600 20007400 68006900 73002000 43006500 72007400 69006600 69006300 61007400 65002000 63006f00 6e007300 74006900 74007500 74006500 73002000 61006300 63006500 70007400 61006e00 63006500 20006f00 66002000 74006800 65002000 44006900 67006900 43006500 72007400 20004300 50002f00 43005000 53002000 61006e00 64002000 74006800 65002000 52006500 6c007900 69006e00 67002000 50006100 72007400 79002000 41006700 72006500 65006d00 65006e00 74002000 77006800 69006300 68002000 6c006900 6d006900 74002000 6c006900 61006200 69006c00 69007400 79002000 61006e00 64002000 61007200 65002000 69006e00 63006f00 72007000 6f007200 61007400 65006400 20006800 65007200 65006900 6e002000 62007900 20007200 65006600 65007200 65006e00 63006500 2e301d06 03551d25 04163014 06082b06 01050507 03010608 2b060105 05070302 300d0609 2a864886 f70d0101 05050003 82010100 921cfbb6 825c8bbd 076e1652 7055d013 99dd54db 0e304aa7 e08711b7 9c807a22 5771baaf 71d1b1e1 52293baf f09d5142 1fbd2f48 b50dfd1f 9bd1e87a 6c8288d9 70c05500 91ce4740 6a64ea03 275a1d28 da8f6a35 8aa4f611 0b58b672 6017a9fa a17d529d b5f78a52 c5d2b85f c690feac 5adba33e 563f9adb 67c65797 4c578971 57218346 aa6a5cca ad7bf24e cb2a03a0 2404c1af 0c78e788 62236d24 f9dbeb96 8661874d 7b644ffa 9b6a5fbf 6b2b2f5c 7e7c2874 fb0ad034 23ae894f c60d8d4f 1950d24a d96ca6f2 db665944 56b58731 3972caf9 0fd420bb e0551390 85249d96 735e621f 49db6732 0fe91245 43530532 c0ee38d0 f69a527b 0df15265 59b47813 quit
certificate ca 0851f959814145cabde024e212c9c20e
30820655 3082053d a0030201 02021008 51f95981 4145cabd e024e212 c9c20e30 0d06092a 864886f7 0d010105 0500306c 310b3009 06035504 06130255 53311530 13060355 040a130c 44696769 43657274 20496e63 31193017 06035504 0b131077 77772e64 69676963 6572742e 636f6d31 2b302906 03550403 13224469 67694365 72742048 69676820 41737375 72616e63 65204556 20526f6f 74204341 301e170d 30373034 30333030 30303030 5a170d32 32303430 33303030 3030305a 3066310b 30090603 55040613 02555331 15301306 0355040a 130c4469 67694365 72742049 6e633119 30170603 55040b13 10777777 2e646967 69636572 742e636f 6d312530 23060355 0403131c 44696769 43657274 20486967 68204173 73757261 6e636520 43412d33 30820122 300d0609 2a864886 f70d0101 01050003 82010f00 3082010a 02820101 00bf610a 29101f5e fe343751 08f81efb 22ed61be 0b0d704c 50632675 15b94188 97b6f0a0 15bb0860 e042e805 29108736 8a2865a8 ef310774 6d36972f 28466604 c72a7926 7a99d58e c36d4fa0 5eadbc3d 91c2597b 5e366cc0 53cf0008 323e1064 58101369 c70cee9c 425100f9 0544ee24 ce7a1fed 8c11bd12 a8f315f4 1c7a3169 011ba7e6 5dc09a6c 7e099ee7 52444a10 3a23e49b b603afa8 9cb45b9f d44bad92 8cceb511 2aaa3718 8db4c2b8 d85c068c f8ff23bd 355ed47c 3e7e830e 91960598 c3b21fe3 c865eba9 7b5da02c ccfc3cd9 6dedccfa 4b438cc9 d4b8a561 1cb240b6 2812dfb9 f85ffed3 b2c9ef3d b41e4b7c 1c4c9936 9e3debec a7685e1d df676e5e fb020301 0001a382 02f73082 02f3300e 0603551d 0f0101ff 04040302 01863082 01c60603 551d2004 8201bd30 8201b930 8201b506 0b608648 0186fd6c 01030002 308201a4 303a0608 2b060105 05070201 162e6874 74703a2f 2f777777 2e646967 69636572 742e636f 6d2f7373 6c2d6370 732d7265 706f7369 746f7279 2e68746d 30820164 06082b06 01050507 02023082 01561e82 01520041 006e0079 00200075 00730065 0020006f 00660020 00740068 00690073 00200043 00650072 00740069 00660069 00630061 00740065 00200063 006f006e 00730074 00690074 00750074 00650073 00200061 00630063 00650070 00740061 006e0063 00650020 006f0066 00200074 00680065 00200044 00690067 00690043 00650072 00740020 00430050 002f0043 00500053 00200061 006e0064 00200074 00680065 00200052 0065006c 00790069 006e0067 00200050 00610072 00740079 00200041 00670072 00650065 006d0065 006e0074 00200077 00680069 00630068 0020006c 0069006d 00690074 0020006c 00690061 00620069 006c0069 00740079 00200061 006e0064 00200061 00720065 00200069 006e0063 006f0072 0070006f 00720061 00740065 00640020 00680065 00720065 0069006e 00200062 00790020 00720065 00660065 00720065 006e0063 0065002e 300f0603 551d1301 01ff0405 30030101 ff303406 082b0601 05050701 01042830 26302406 082b0601 05050730 01861868 7474703a 2f2f6f63 73702e64 69676963 6572742e 636f6d30 818f0603 551d1f04 81873081 843040a0 3ea03c86 3a687474 703a2f2f 63726c33 2e646967 69636572 742e636f 6d2f4469 67694365 72744869 67684173 73757261 6e636545 56526f6f 7443412e 63726c30 40a03ea0 3c863a68 7474703a 2f2f6372 6c342e64 69676963 6572742e 636f6d2f 44696769 43657274 48696768 41737375 72616e63 65455652 6f6f7443 412e6372 6c301f06 03551d23 04183016 8014b13e c36903f8 bf4701d4 98261a08 02ef6364 2bc3301d 0603551d 0e041604 1450ea73 89db29fb 108f9ee5 0120d4de 79994883 f7300d06 092a8648 86f70d01 01050500 03820101 005d4f84 f1a888d3 a3b2bc9c 6de52949 77e1e7d6 dca9d835 aec971dc e5dbdc9d 242190a6 cfb7011c 9bd45797 91d77516 a512d7b9 3d2e893d 39698ad6 3537f9f1 21c45b40 ad59a92f 5f3a0029 43277103 e4bd3032 55a6fe84 0e0b9b38 192c437c ac43bf75 31e5231c 4555b769 0891b5cf d7d5b15e ee9f94e4 d67ab918 c3b8d652 631c10ba 8b2f6d5d cc0538f4 56056def 9eece861 360c144b 85145a0c 834f225c 59cb8c8a 71dafac5 108458cf 07eee390 c2f5f929 c75a2371 f959b464 2b88b0a7 36c79a20 61ebfa4e b5ae6b1b e4e3ece2 d93c4149 a820a454 f5928dbb c0552004 a6d8b017 16cce3d0 c8b43de5 d984c6d3 f66e6d78 c97943e8 7a37ff5c 3549bfa1 c5 quit
crypto ca certificate chain chemca certificate ca 01
30820514 3082047d a0030201 02020101 300d0609 2a864886 f70d0101 04050030 819d3128 30260603 55040313 1f436865 6d697374 72792043 65727469 66696361 74652041 7574686f 72697479 310b3009 06035504 06130255 53310e30 0c060355 04071305 50726f76 6f310d30 0b060355 04081304 55746168 31233021 06035504 0a131a43 68656d69 73747279 20616e64 2042696f 6368656d 69737472 79312030 1e06092a 864886f7 0d010901 16116373 72734063 68656d2e 6279752e 65647530 1e170d30 34303531 30313535 3831325a 170d3234 31323331 31353538 31325a30 819d3128 30260603 55040313 1f436865 6d697374 72792043 65727469 66696361 74652041 7574686f 72697479 310b3009 06035504 06130255 53310e30 0c060355 04071305 50726f76 6f310d30 0b060355 04081304 55746168 31233021 06035504 0a131a43 68656d69 73747279 20616e64 2042696f 6368656d 69737472 79312030 1e06092a 864886f7 0d010901 16116373 72734063 68656d2e 6279752e 65647530 819f300d 06092a86 4886f70d 01010105 0003818d 00308189 02818100 e08be81b 38d08b25 81bb3798 f6fb7a43 2dd5f173 8930d721 50220eb3 c758806e 83cd1f2d 324cb7b4 37de1959 999fd3ef 7affc138 0d660909 0b54d9a9 caa24445 e4023fa5 17e50a49 a13f6c99 9893c952 200fc984 f87b4c2a e335ceeb 1beb6066 f3b2fec4 c4639d19 e7e9a177 d32903fa 3cc4afd4 d04c5057 6773de60 8375e2e3 02030100 01a38202 60308202 5c300f06 03551d13 0101ff04 05300301 01ff301d 0603551d 0e041604 14f092d2 07b68654 c7ae189f c61303b0 37f25786 943081ca 0603551d 230481c2 3081bf80 14f092d2 07b68654 c7ae189f c61303b0 37f25786 94a181a3 a481a030 819d3128 30260603 55040313 1f436865 6d697374 72792043 65727469 66696361 74652041 7574686f 72697479 310b3009 06035504 06130255 53310e30 0c060355 04071305 50726f76 6f310d30 0b060355 04081304 55746168 31233021 06035504 0a131a43 68656d69 73747279 20616e64 2042696f 6368656d 69737472 79312030 1e06092a 864886f7 0d010901 16116373 72734063 68656d2e 6279752e 65647582 0101300b 0603551d 0f040403 02010630 11060960 86480186 f8420101 04040302 00073025 06096086 480186f8 42010204 18161668 7474703a 2f2f6361 2e636865 6d2e6279 752e6564 75303006 09608648 0186f842 01030423 16216874 74703a2f 2f63612e 6368656d 2e627975 2e656475 2f726576 6f636174 696f6e30 32060960 86480186 f8420104 04251623 68747470 3a2f2f63 612e6368 656d2e62 79752e65 64752f63 61726576 6f636174 696f6e30 31060960 86480186 f8420107 04241622 68747470 3a2f2f63 612e6368 656d2e62 79752e65 64752f63 65727472 656e6577 616c302e 06096086 480186f8 42010804 21161f68 7474703a 2f2f6361 2e636865 6d2e6279 752e6564 752f6361 706f6c69 6379302d 06096086 480186f8 42010c04 20161e68 74747073 3a2f2f73 65637572 652e6368 656d2e62 79752e65 64752f63 61301e06 09608648 0186f842 010d0411 160f7863 61206365 72746966 69636174 65300d06 092a8648 86f70d01 01040500 03818100 850c5176 067535c6 0b3b8562 a82bc5d4 807570d5 b50779d4 cdf28fd0 8addbe19 5594fc69 ac404dc6 21f72bd2 8048f2bc ed1bde18 cbfaa540 f33485cb c126de7c 5ac5b9b4 a5678c28 59581257 e9aff988 02859ad3 02920804 5d49adae c628b017 58a1c9ec b4b27b41 19c19230 1a666cb0 ae44f332 727a4df4 6fe8f683 d6696e64 quit
crypto ca certificate chain testing certificate 0bbc6aa187164900bce4d1c645c3331a
308206a8 30820590 a0030201 0202100b bc6aa187 164900bc e4d1c645 c3331a30 0d06092a 864886f7 0d010105 05003066 310b3009 06035504 06130255 53311530 13060355 040a130c 44696769 43657274 20496e63 31193017 06035504 0b131077 77772e64 69676963 6572742e 636f6d31 25302306 03550403 131c4469 67694365 72742048 69676820 41737375 72616e63 65204341 2d33301e 170d3130 31313035 30303030 30305a17 0d313331 31313232 33353935 395a306a 310b3009 06035504 06130275 73310d30 0b060355 04081304 55746168 310e300c 06035504 07130550 726f766f 3121301f 06035504 0a131842 72696768 616d2059 6f756e67 20556e69 76657273 69747931 19301706 03550403 13107670 6e2e6368 656d2e62 79752e65 64753082 0122300d 06092a86 4886f70d 01010105 00038201 0f003082 010a0282 010100e2 2057ca85 0abe9558 a549988d c30c919a cc0706e1 dcefe928 0a23a22a 2e1178d6 6d7cbbdb 402203c7 8fe6f784 ea61e76a 42d82bbc 2395e432 a547bd5f 892317ae 3f9fa2d1 72164697 9bfcdabd a13e18a3 ff195347 cb58cd0b d205f11c fd11edb2 c12d2c1b ef557a86 e9d826a0 1b473c58 1a1d9fa6 ffc3df73 f0e4d027 38eb7c6b 5173b3a8 e09ddeaf 34d2a1af 299115c0 0cbe77f7 80ffc63b 0e448928 492193d1 b9dfdcac ce8c901c 2ce77b6d 593bc6d7 a00f24d9 a0779744 44a37f92 0be2c656 8da42a79 7c9fa916 e5072a2c 0715849a 1bee594a 7a1bd9b9 96954fbe c64019ac 8bf926e0 fa483d25 02a37c4c d58475fe 155c668b b691f9f3 4a171b8e ee34f302 03010001 a382034c 30820348 301f0603 551d2304 18301680 1450ea73 89db29fb 108f9ee5 0120d4de 79994883 f7301d06 03551d0e 04160414 a99572c9 99126d57 fe853d70 f24e6b39 14ac5ffa 301b0603 551d1104 14301282 1076706e 2e636865 6d2e6279 752e6564 75307b06 082b0601 05050701 01046f30 6d302406 082b0601 05050730 01861868 7474703a 2f2f6f63 73702e64 69676963 6572742e 636f6d30 4506082b 06010505 07300286 39687474 703a2f2f 63616365 7274732e 64696769 63657274 2e636f6d 2f446967 69436572 74486967 68417373 7572616e 63654341 2d332e63 7274300e 0603551d 0f0101ff 04040302 05a0300c 0603551d 130101ff 04023000 30650603 551d1f04 5e305c30 2ca02aa0 28862668 7474703a 2f2f6372 6c332e64 69676963 6572742e 636f6d2f 6361332d 32303130 682e6372 6c302ca0 2aa02886 26687474 703a2f2f 63726c34 2e646967 69636572 742e636f 6d2f6361 332d3230 3130682e 63726c30 8201c606 03551d20 048201bd 308201b9 308201b5 060b6086 480186fd 6c010300 01308201 a4303a06 082b0601 05050702 01162e68 7474703a 2f2f7777 772e6469 67696365 72742e63 6f6d2f73 736c2d63 70732d72 65706f73 69746f72 792e6874 6d308201 6406082b 06010505 07020230 8201561e 82015200 41006e00 79002000 75007300 65002000 6f006600 20007400 68006900 73002000 43006500 72007400 69006600 69006300 61007400 65002000 63006f00 6e007300 74006900 74007500 74006500 73002000 61006300 63006500 70007400 61006e00 63006500 20006f00 66002000 74006800 65002000 44006900 67006900 43006500 72007400 20004300 50002f00 43005000 53002000 61006e00 64002000 74006800 65002000 52006500 6c007900 69006e00 67002000 50006100 72007400 79002000 41006700 72006500 65006d00 65006e00 74002000 77006800 69006300 68002000 6c006900 6d006900 74002000 6c006900 61006200 69006c00 69007400 79002000 61006e00 64002000 61007200 65002000 69006e00 63006f00 72007000 6f007200 61007400 65006400 20006800 65007200 65006900 6e002000 62007900 20007200 65006600 65007200 65006e00 63006500 2e301d06 03551d25 04163014 06082b06 01050507 03010608 2b060105 05070302 300d0609 2a864886 f70d0101 05050003 82010100 98d034cd 65852025 954a3fd8 f1803b4c 0239f372 ebda784d a510f8c3 dc9d798e b433c43e ff2515d4 fed359e4 7536e0c4 3d82c2d5 9b74be13 7d09f752 c0fc9868 42ca1f99 a302c568 277903b0 dda05b02 2d8552d9 7bb989a1 0846c0fd c271098b 4fec7091 70161d00 d056f6c3 ef18d287 6598f7b5 e6e5c137 570206e5 24b08086 1adcf224 2359b396 520793f1 79d4d95b 97e9c5ec 08b09bbd 7732462b 716d17d7 3144f35e 67726523 540d37af 7772e140 f166988e 83743979 a283f1f7 f262edd7 0b8dd467 b4fea5ab d1b372b0 40453df0 87aac19f 347b9b4e d99cf3bc 4a3642dd f3b76228 171698ac 0d696e16 da0875ab dfa7cda1 d3cd82fd ed9995f6 4bd124fc quit
crypto ca certificate chain DigiCertCA certificate ca 0851f959814145cabde024e212c9c20e
30820655 3082053d a0030201 02021008 51f95981 4145cabd e024e212 c9c20e30 0d06092a 864886f7 0d010105 0500306c 310b3009 06035504 06130255 53311530 13060355 040a130c 44696769 43657274 20496e63 31193017 06035504 0b131077 77772e64 69676963 6572742e 636f6d31 2b302906 03550403 13224469 67694365 72742048 69676820 41737375 72616e63 65204556 20526f6f 74204341 301e170d 30373034 30333030 30303030 5a170d32 32303430 33303030 3030305a 3066310b 30090603 55040613 02555331 15301306 0355040a 130c4469 67694365 72742049 6e633119 30170603 55040b13 10777777 2e646967 69636572 742e636f 6d312530 23060355 0403131c 44696769 43657274 20486967 68204173 73757261 6e636520 43412d33 30820122 300d0609 2a864886 f70d0101 01050003 82010f00 3082010a 02820101 00bf610a 29101f5e fe343751 08f81efb 22ed61be 0b0d704c 50632675 15b94188 97b6f0a0 15bb0860 e042e805 29108736 8a2865a8 ef310774 6d36972f 28466604 c72a7926 7a99d58e c36d4fa0 5eadbc3d 91c2597b 5e366cc0 53cf0008 323e1064 58101369 c70cee9c 425100f9 0544ee24 ce7a1fed 8c11bd12 a8f315f4 1c7a3169 011ba7e6 5dc09a6c 7e099ee7 52444a10 3a23e49b b603afa8 9cb45b9f d44bad92 8cceb511 2aaa3718 8db4c2b8 d85c068c f8ff23bd 355ed47c 3e7e830e 91960598 c3b21fe3 c865eba9 7b5da02c ccfc3cd9 6dedccfa 4b438cc9 d4b8a561 1cb240b6 2812dfb9 f85ffed3 b2c9ef3d b41e4b7c 1c4c9936 9e3debec a7685e1d df676e5e fb020301 0001a382 02f73082 02f3300e 0603551d 0f0101ff 04040302 01863082 01c60603 551d2004 8201bd30 8201b930 8201b506 0b608648 0186fd6c 01030002 308201a4 303a0608 2b060105 05070201 162e6874 74703a2f 2f777777 2e646967 69636572 742e636f 6d2f7373 6c2d6370 732d7265 706f7369 746f7279 2e68746d 30820164 06082b06 01050507 02023082 01561e82 01520041 006e0079 00200075 00730065 0020006f 00660020 00740068 00690073 00200043 00650072 00740069 00660069 00630061 00740065 00200063 006f006e 00730074 00690074 00750074 00650073 00200061 00630063 00650070 00740061 006e0063 00650020 006f0066 00200074 00680065 00200044 00690067 00690043 00650072 00740020 00430050 002f0043 00500053 00200061 006e0064 00200074 00680065 00200052 0065006c 00790069 006e0067 00200050 00610072 00740079 00200041 00670072 00650065 006d0065 006e0074 00200077 00680069 00630068 0020006c 0069006d 00690074 0020006c 00690061 00620069 006c0069 00740079 00200061 006e0064 00200061 00720065 00200069 006e0063 006f0072 0070006f 00720061 00740065 00640020 00680065 00720065 0069006e 00200062 00790020 00720065 00660065 00720065 006e0063 0065002e 300f0603 551d1301 01ff0405 30030101 ff303406 082b0601 05050701 01042830 26302406 082b0601 05050730 01861868 7474703a 2f2f6f63 73702e64 69676963 6572742e 636f6d30 818f0603 551d1f04 81873081 843040a0 3ea03c86 3a687474 703a2f2f 63726c33 2e646967 69636572 742e636f 6d2f4469 67694365 72744869 67684173 73757261 6e636545 56526f6f 7443412e 63726c30 40a03ea0 3c863a68 7474703a 2f2f6372 6c342e64 69676963 6572742e 636f6d2f 44696769 43657274 48696768 41737375 72616e63 65455652 6f6f7443 412e6372 6c301f06 03551d23 04183016 8014b13e c36903f8 bf4701d4 98261a08 02ef6364 2bc3301d 0603551d 0e041604 1450ea73 89db29fb 108f9ee5 0120d4de 79994883 f7300d06 092a8648 86f70d01 01050500 03820101 005d4f84 f1a888d3 a3b2bc9c 6de52949 77e1e7d6 dca9d835 aec971dc e5dbdc9d 242190a6 cfb7011c 9bd45797 91d77516 a512d7b9 3d2e893d 39698ad6 3537f9f1 21c45b40 ad59a92f 5f3a0029 43277103 e4bd3032 55a6fe84 0e0b9b38 192c437c ac43bf75 31e5231c 4555b769 0891b5cf d7d5b15e ee9f94e4 d67ab918 c3b8d652 631c10ba 8b2f6d5d cc0538f4 56056def 9eece861 360c144b 85145a0c 834f225c 59cb8c8a 71dafac5 108458cf 07eee390 c2f5f929 c75a2371 f959b464 2b88b0a7 36c79a20 61ebfa4e b5ae6b1b e4e3ece2 d93c4149 a820a454 f5928dbb c0552004 a6d8b017 16cce3d0 c8b43de5 d984c6d3 f66e6d78 c97943e8 7a37ff5c 3549bfa1 c5 quit
crypto ca certificate chain DigiCertCA-RGTest certificate ca 0851f959814145cabde024e212c9c20e
30820655 3082053d a0030201 02021008 51f95981 4145cabd e024e212 c9c20e30 0d06092a 864886f7 0d010105 0500306c 310b3009 06035504 06130255 53311530 13060355 040a130c 44696769 43657274 20496e63 31193017 06035504 0b131077 77772e64 69676963 6572742e 636f6d31 2b302906 03550403 13224469 67694365 72742048 69676820 41737375 72616e63 65204556 20526f6f 74204341 301e170d 30373034 30333030 30303030 5a170d32 32303430 33303030 3030305a 3066310b 30090603 55040613 02555331 15301306 0355040a 130c4469 67694365 72742049 6e633119 30170603 55040b13 10777777 2e646967 69636572 742e636f 6d312530 23060355 0403131c 44696769 43657274 20486967 68204173 73757261 6e636520 43412d33 30820122 300d0609 2a864886 f70d0101 01050003 82010f00 3082010a 02820101 00bf610a 29101f5e fe343751 08f81efb 22ed61be 0b0d704c 50632675 15b94188 97b6f0a0 15bb0860 e042e805 29108736 8a2865a8 ef310774 6d36972f 28466604 c72a7926 7a99d58e c36d4fa0 5eadbc3d 91c2597b 5e366cc0 53cf0008 323e1064 58101369 c70cee9c 425100f9 0544ee24 ce7a1fed 8c11bd12 a8f315f4 1c7a3169 011ba7e6 5dc09a6c 7e099ee7 52444a10 3a23e49b b603afa8 9cb45b9f d44bad92 8cceb511 2aaa3718 8db4c2b8 d85c068c f8ff23bd 355ed47c 3e7e830e 91960598 c3b21fe3 c865eba9 7b5da02c ccfc3cd9 6dedccfa 4b438cc9 d4b8a561 1cb240b6 2812dfb9 f85ffed3 b2c9ef3d b41e4b7c 1c4c9936 9e3debec a7685e1d df676e5e fb020301 0001a382 02f73082 02f3300e 0603551d 0f0101ff 04040302 01863082 01c60603 551d2004 8201bd30 8201b930 8201b506 0b608648 0186fd6c 01030002 308201a4 303a0608 2b060105 05070201 162e6874 74703a2f 2f777777 2e646967 69636572 742e636f 6d2f7373 6c2d6370 732d7265 706f7369 746f7279 2e68746d 30820164 06082b06 01050507 02023082 01561e82 01520041 006e0079 00200075 00730065 0020006f 00660020 00740068 00690073 00200043 00650072 00740069 00660069 00630061 00740065 00200063 006f006e 00730074 00690074 00750074 00650073 00200061 00630063 00650070 00740061 006e0063 00650020 006f0066 00200074 00680065 00200044 00690067 00690043 00650072 00740020 00430050 002f0043 00500053 00200061 006e0064 00200074 00680065 00200052 0065006c 00790069 006e0067 00200050 00610072 00740079 00200041 00670072 00650065 006d0065 006e0074 00200077 00680069 00630068 0020006c 0069006d 00690074 0020006c 00690061 00620069 006c0069 00740079 00200061 006e0064 00200061 00720065 00200069 006e0063 006f0072 0070006f 00720061 00740065 00640020 00680065 00720065 0069006e 00200062 00790020 00720065 00660065 00720065 006e0063 0065002e 300f0603 551d1301 01ff0405 30030101 ff303406 082b0601 05050701 01042830 26302406 082b0601 05050730 01861868 7474703a 2f2f6f63 73702e64 69676963 6572742e 636f6d30 818f0603 551d1f04 81873081 843040a0 3ea03c86 3a687474 703a2f2f 63726c33 2e646967 69636572 742e636f 6d2f4469 67694365 72744869 67684173 73757261 6e636545 56526f6f 7443412e 63726c30 40a03ea0 3c863a68 7474703a 2f2f6372 6c342e64 69676963 6572742e 636f6d2f 44696769 43657274 48696768 41737375 72616e63 65455652 6f6f7443 412e6372 6c301f06 03551d23 04183016 8014b13e c36903f8 bf4701d4 98261a08 02ef6364 2bc3301d 0603551d 0e041604 1450ea73 89db29fb 108f9ee5 0120d4de 79994883 f7300d06 092a8648 86f70d01 01050500 03820101 005d4f84 f1a888d3 a3b2bc9c 6de52949 77e1e7d6 dca9d835 aec971dc e5dbdc9d 242190a6 cfb7011c 9bd45797 91d77516 a512d7b9 3d2e893d 39698ad6 3537f9f1 21c45b40 ad59a92f 5f3a0029 43277103 e4bd3032 55a6fe84 0e0b9b38 192c437c ac43bf75 31e5231c 4555b769 0891b5cf d7d5b15e ee9f94e4 d67ab918 c3b8d652 631c10ba 8b2f6d5d cc0538f4 56056def 9eece861 360c144b 85145a0c 834f225c 59cb8c8a 71dafac5 108458cf 07eee390 c2f5f929 c75a2371 f959b464 2b88b0a7 36c79a20 61ebfa4e b5ae6b1b e4e3ece2 d93c4149 a820a454 f5928dbb c0552004 a6d8b017 16cce3d0 c8b43de5 d984c6d3 f66e6d78 c97943e8 7a37ff5c 3549bfa1 c5 quit
crypto ca certificate chain DigiCertCA2-RGTest certificate ca 428740a5
30820442 308203ab a0030201 02020442 8740a530 0d06092a 864886f7 0d010105 05003081 c3310b30 09060355 04061302 55533114 30120603 55040a13 0b456e74 72757374 2e6e6574 313b3039 06035504 0b133277 77772e65 6e747275 73742e6e 65742f43 50532069 6e636f72 702e2062 79207265 662e2028 6c696d69 7473206c 6961622e 29312530 23060355 040b131c 28632920 31393939 20456e74 72757374 2e6e6574 204c696d 69746564 313a3038 06035504 03133145 6e747275 73742e6e 65742053 65637572 65205365 72766572 20436572 74696669 63617469 6f6e2041 7574686f 72697479 301e170d 30363130 30313035 30303030 5a170d31 34303732 36313831 3531355a 306c310b 30090603 55040613 02555331 15301306 0355040a 130c4469 67694365 72742049 6e633119 30170603 55040b13 10777777 2e646967 69636572 742e636f 6d312b30 29060355 04031322 44696769 43657274 20486967 68204173 73757261 6e636520 45562052 6f6f7420 43413082 0122300d 06092a86 4886f70d 01010105 00038201 0f003082 010a0282 010100c6 cce573e6 fbd4bbe5 2d2d32a6 dfe5813f c9cd2549 b6712ac3 d5943467 a20a1cb0 5f69a640 b1c4b7b2 8fd098a4 a941593a d3dc94d6 3cdb7438 a44acc4d 2582f74a a5531238 eef3496d 71917e63 b6aba65f c3a484f8 4f6251be f8c5ecdb 3892e306 e508910c c4284155 fbcb5a89 157e71e8 35bf4d72 093dbe3a 38505b77 311b8db3 c724459a a7ac6d00 145a04b7 ba13eb51 0a984141 224e6561 87814150 a6795c89 de194a57 d52ee65d 1c532c7e 98cd1a06 16a46873 d0340413 5ca171d3 5a7c55db 5e64e137 87305604 e511b429 8012f179 3988a202 117c2766 b788b778 f2ca0aa8 38ab0a64 c2bf665d 9584c1a1 251e875d 1a500b20 12cc41bb 6e0b5138 b84bcb02 03010001 a3820113 3082010f 30120603 551d1301 01ff0408 30060101 ff020101 30270603 551d2504 20301e06 082b0601 05050703 0106082b 06010505 07030206 082b0601 05050703 04303306 082b0601 05050701 01042730 25302306 082b0601 05050730 01861768 7474703a 2f2f6f63 73702e65 6e747275 73742e6e 65743033 0603551d 1f042c30 2a3028a0 26a02486 22687474 703a2f2f 63726c2e 656e7472 7573742e 6e65742f 73657276 6572312e 63726c30 1d060355 1d0e0416 0414b13e c36903f8 bf4701d4 98261a08 02ef6364 2bc3300b 0603551d 0f040403 02010630 1f060355 1d230418 30168014 f0176213 553db3ff 0a006bfb 508497f3 ed62d01a 30190609 2a864886 f67d0741 00040c30 0a1b0456 372e3103 02008130 0d06092a 864886f7 0d010105 05000381 8100480e 2b6f2062 4c2893a3 243d58ab 21cf80f8 9a97906a 22ed5a7c 473699e7 798475ab 248f920a d56104ae c36a5cb2 ccd9e444 876fdb8f 3862f744 369dbabc 6e07c4d4 8de81fd1 0b60a3b5 9cce63be ed67dcf8 bade6ec9 25cb5bb5 9d76700b df4272f8 4f411164 a5d2eafc d5af11f4 1538679c 20a84b77 5a913242 32e785b3 df36 quit
crypto isakmp enable outside crypto isakmp policy 15 authentication pre-share encryption aes-256 hash sha group 2 lifetime 86400 crypto isakmp policy 20 authentication pre-share encryption aes-192 hash sha group 5 lifetime 86400 crypto isakmp policy 30 authentication pre-share encryption aes hash sha group 5 lifetime 86400 crypto isakmp policy 40 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 vpn-addr-assign local reuse-delay 5 remote-access threshold session-threshold-exceeded 25 telnet 192.168.105.0 255.255.255.0 inside telnet 192.168.106.0 255.255.255.0 inside telnet timeout 5 ssh scopy enable ssh 174.52.36.203 255.255.255.255 outside ssh 192.168.105.0 255.255.255.0 inside ssh 192.168.106.0 255.255.255.0 inside ssh 0.0.0.0 0.0.0.0 inside ssh timeout 5 console timeout 0 management-access inside threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept ntp server 192.168.105.10 ntp server 192.43.244.18 ssl encryption aes256-sha1 aes128-sha1 3des-sha1 ssl trust-point DigiCertCA ssl trust-point testing outside ssl trust-point firewall_internal_digicert inside webvpn enable outside anyconnect-essentials svc image disk0:/anyconnect-wince-ARMv4I-2.5.0217-k9.pkg 1 regex “Windows CE” svc image disk0:/anyconnect-win-2.5.0217-k9.pkg 2 regex “Windows NT” svc image disk0:/anyconnect-macosx-i386-2.5.0217-k9.pkg 3 regex “Intel Mac OS X” svc image disk0:/anyconnect-linux-2.5.0217-k9.pkg 4 regex “Linux” svc enable group-policy DfltGrpPolicy attributes wins-server value 192.168.105.10 dns-server value 192.168.105.10 192.168.105.11 vpn-tunnel-protocol IPSec svc ipsec-udp enable split-tunnel-policy tunnelspecified split-tunnel-network-list value VPN-BYU-NETS-SPLIT default-domain value chem.byu.edu address-pools value VPN-POOL username admin password FgibczyVGBcddWL6 encrypted privilege 15 username rgardner password VUYUqAgt9MbginSm encrypted privilege 15 username sivco password ppoI03NdjneYjuGd encrypted username sivco attributes service-type remote-access username cisco password 3USUcOPFUiMCO4Jk encrypted privilege 15 tunnel-group DefaultRAGroup general-attributes authentication-server-group RADIUS-VPN LOCAL tunnel-group DefaultWEBVPNGroup general-attributes authentication-server-group RADIUS-VPN LOCAL tunnel-group Faculty type remote-access tunnel-group Faculty general-attributes authentication-server-group RADIUS-VPN tunnel-group Faculty ipsec-attributes pre-shared-key facadmin tunnel-group admin type remote-access tunnel-group admin general-attributes authentication-server-group RADIUS-VPN tunnel-group admin ipsec-attributes pre-shared-key cH3mAdM1n tunnel-group cpmsdo type remote-access tunnel-group cpmsdo general-attributes authentication-server-group RADIUS-VPN tunnel-group cpmsdo ipsec-attributes pre-shared-key “An apple a day” ! class-map inspection_default match default-inspection-traffic class-map class_snmp match port udp eq snmp ! ! policy-map type inspect dns preset_dns_map parameters
message-length maximum client auto message-length maximum 4096
policy-map global_policy class inspection_default
inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect pptp inspect ip-options inspect icmp
class class_snmp
inspect snmp
! service-policy global_policy global prompt hostname priority state call-home profile CiscoTAC-1
no active destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address email callhome@cisco.com destination transport-method http subscribe-to-alert-group diagnostic subscribe-to-alert-group environment subscribe-to-alert-group inventory periodic monthly subscribe-to-alert-group configuration periodic monthly subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:7c2abb046ce98aebff24c2e08a006762 : end </code>
