access-list Outside_access_in_1 extended permit icmp object-group CAG_Ext_AdFinis-Citrix object-group CAG_Local_AdFinis-BS object-group SG_I_OI_ICMP inactive
access-list Outside_access_in_1 extended permit tcp object-group CAG_Ext_AdFinis-Citrix object-group CAG_Local_AdFinis-BS object-group SG_T_OI_AdFinis
access-list Outside_access_in_1 extended permit tcp object-group CAG_Ext_AdFinis-Citrix object-group CAG_Cameras_All object-group SG_T_OI_WebCam
access-list Outside_access_in_1 extended deny icmp any4 interface Outside
access-list Outside_access_in_1 extended deny ip any any

nat (Inside,Outside) source static CAG_Local_AdFinis-VPN CAG_Local_AdFinis-VPN destination static DM_INLINE_NETWORK_12 DM_INLINE_NETWORK_12 no-proxy-arp route-lookup

crypto ipsec ikev2 ipsec-proposal AdFinis
 protocol esp encryption aes-gcm-256 aes-256 aes-192 aes
 protocol esp integrity sha-256

crypto ipsec security-association replay disable
crypto ipsec security-association pmtu-aging infinite

crypto map Outside_map 1 match address Outside_cryptomap
crypto map Outside_map 1 set pfs group14
crypto map Outside_map 1 set peer 95.128.34.75
crypto map Outside_map 1 set ikev2 ipsec-proposal AdFinis
crypto map Outside_map 1 set security-association lifetime seconds 3600
crypto map Outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map Outside_map interface Outside


crypto ikev2 policy 1
 encryption aes-256
 integrity sha256
 group 24 14
 prf sha256
 lifetime seconds 3600
crypto ikev2 enable Outside

tunnel-group 95.128.34.75 type ipsec-l2l
tunnel-group 95.128.34.75 general-attributes
 default-group-policy CAG_GP_AdFinis
tunnel-group 95.128.34.75 ipsec-attributes
 isakmp keepalive threshold 12 retry 2
 ikev2 remote-authentication pre-shared-key *****
 ikev2 local-authentication pre-shared-key *****
!