ASA Version 9.0(2) ! interface GigabitEthernet0/0 nameif comcastpublic ip address Y.Y.Y.Y ! object network VPNPC host Z.Z.Z.Z description VPN PC S2S object network REMOTE subnet B.B.B.B 255.255.255.0 access-list comcastpublic_access_in extended permit object SSH object VPNPC object REMOTE access-list comcastpublic_cryptomap_3 extended permit tcp object VPNPC object REMOTE eq ssh nat (private,comcastpublic) source static VPNPC VPNPC destination static REMOTE REMOTE no-proxy-arp route-lookup nat (comcastpublic,private) source static any any destination static ! nat (private,comcastpublic) after-auto source dynamic any interface dns access-group comcastpublic_access_in in interface comcastpublic crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac crypto ipsec ikev2 ipsec-proposal 3DES protocol esp encryption 3des protocol esp integrity sha-1 md5 crypto ipsec security-association pmtu-aging infinite crypto map comcastpublic_map 4 match address comcastpublic_cryptomap_3 crypto map comcastpublic_map 4 set peer A.A.A.A crypto map comcastpublic_map 4 set ikev1 transform-set ESP-3DES-SHA crypto map comcastpublic_map 4 set ikev2 ipsec-proposal 3DES crypto map comcastpublic_map 4 set security-association lifetime seconds 86400 crypto map comcastpublic_map 4 set security-association lifetime kilobytes 28800 crypto map comcastpublic_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP crypto map comcastpublic_map interface comcastpublic crypto ikev2 policy 2 encryption 3des integrity sha group 2 prf sha lifetime seconds 28800 crypto ikev2 policy 30 encryption 3des integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 enable comcastpublic crypto ikev1 enable comcastpublic crypto ikev1 policy 1 authentication pre-share encryption 3des hash sha group 2 lifetime 28800 crypto ikev1 policy 8 authentication pre-share encryption 3des hash sha group 2 lifetime 3600 crypto ikev1 policy 100 authentication crack encryption 3des hash sha group 2 lifetime 86400 crypto ikev1 policy 110 authentication rsa-sig encryption 3des hash sha group 2 lifetime 86400 crypto ikev1 policy 120 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 ! group-policy GroupPolicy_A.A.A.A internal group-policy GroupPolicy_A.A.A.A attributes vpn-tunnel-protocol ikev1 ikev2 tunnel-group A.A.A.A type ipsec-l2l tunnel-group A.A.A.A general-attributes default-group-policy GroupPolicy_A.A.A.A tunnel-group A.A.A.A ipsec-attributes ikev1 pre-shared-key ***** ikev2 remote-authentication pre-shared-key ***** ikev2 local-authentication pre-shared-key ***** !