sh log Syslog logging: enabled Facility: 20 Timestamp logging: enabled Standby logging: disabled Debug-trace logging: disabled Console logging: level emergencies, 0 messages logged Monitor logging: level emergencies, 0 messages logged Buffer logging: level informational, 132619 messages logged Trap logging: disabled Permit-hostdown logging: disabled History logging: disabled Device ID: disabled Mail logging: disabled ASDM logging: level informational, 132619 messages logged Dec 17 2015 14:52:15: %ASA-5-111008: User 'enable_15' executed the 'clear logging buffer' command. Dec 17 2015 14:52:15: %ASA-5-111010: User 'enable_15', running 'CLI' from IP 0.0.0.0, executed 'clear logging buffer' Dec 17 2015 14:52:27: %ASA-6-110002: Failed to locate egress interface for UDP from internet:61.61.61.2/64250 to 202.41.214.146/500 VPN001E06001# sh vpn-sessiondb ra-ikev1-ipsec INFO: There are presently no active sessions VPN001# sh running-config : Saved : ASA Version 9.1(2) ! hostname VPN001 enable password 2KFQnbNIdI.2KYOU encrypted xlate per-session deny tcp any4 any4 xlate per-session deny tcp any4 any6 xlate per-session deny tcp any6 any4 xlate per-session deny tcp any6 any6 xlate per-session deny udp any4 any4 eq domain xlate per-session deny udp any4 any6 eq domain xlate per-session deny udp any6 any4 eq domain xlate per-session deny udp any6 any6 eq domain passwd 2KFQnbNIdI.2KYOU encrypted names name 10.0.0.0 local-classA description ClassA name 172.16.0.0 local-classB description ClassB name 192.168.0.0 local-classC description ClassC ip local pool Test 172.16.26.101-172.16.26.200 ! interface GigabitEthernet0/0 nameif internet security-level 0 ip address 210.210.114.1 255.255.255.252 ! interface GigabitEthernet0/1 nameif local security-level 100 ip address 10.254.238.253 255.255.255.0 ! interface GigabitEthernet0/2 nameif dmz security-level 50 ip address 202.21.200.146 255.255.255.240 ! interface GigabitEthernet0/3 description LAN Failover Interface no nameif no security-level no ip address ! interface GigabitEthernet0/4 description STATE Failover Interface shutdown no nameif no security-level no ip address ! interface GigabitEthernet0/5 shutdown no nameif no security-level no ip address ! interface Management0/0 management-only nameif management security-level 100 ip address 10.91.137.226 255.255.255.0 ! ftp mode passive clock timezone JST 9 dns server-group DefaultDNS domain-name test.co.jp access-list ACL_IN remark Test access-list ACL_IN extended permit ip any any no pager logging enable logging timestamp logging list DAP level informational class auth logging list DAP level debugging class dap logging console emergencies logging monitor emergencies logging buffered informational logging asdm informational logging host local 172.16.2.11 format emblem mtu internet 1500 mtu local 1500 mtu dmz 1500 mtu management 1500 no failover icmp unreachable rate-limit 1 burst-size 1 no asdm history enable arp timeout 14400 no arp permit-nonconnected access-group ACL_IN in interface internet access-group ACL_IN out interface internet route internet 0.0.0.0 0.0.0.0 210.210.114.2 1 route local local-classA 255.0.0.0 10.254.238.254 1 route local local-classB 255.240.0.0 10.254.238.254 1 route local local-classC 255.255.0.0 10.254.238.254 1 timeout xlate 3:00:00 timeout pat-xlate 0:00:30 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 user-identity default-domain LOCAL http server enable http 10.0.8.0 255.255.255.0 local http 10.0.254.170 255.255.255.255 local http 172.16.21.0 255.255.255.0 local http 10.0.249.1 255.255.255.255 local http 10.0.249.2 255.255.255.255 local snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec ikev1 transform-set myset esp-3des esp-md5-hmac crypto ipsec ikev1 transform-set Test esp-3des esp-md5-hmac crypto ipsec security-association pmtu-aging infinite crypto dynamic-map Test 1 set ikev1 transform-set Test crypto dynamic-map Test 1 set security-association lifetime seconds 28800 crypto dynamic-map Test 1 set security-association lifetime kilobytes 4608000 crypto dynamic-map Test 1 set reverse-route crypto map Internet_map 1 ipsec-isakmp dynamic Test crypto map Internet_map interface dmz crypto ca trustpool policy crypto ikev1 enable dmz crypto ikev1 policy 1 authentication pre-share encryption 3des hash md5 group 2 lifetime 86400 crypto ikev1 policy 2 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 crypto ikev1 policy 3 authentication pre-share encryption 3des hash sha group 2 lifetime 28800 crypto ikev1 policy 65535 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 telnet local-classA 255.0.0.0 management ssh timeout 5 ssh key-exchange group dh-group1-sha1 console timeout 0 threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept username test password klG8DjnONmXulxVH encrypted tunnel-group Test type remote-access tunnel-group Test general-attributes address-pool Test tunnel-group Test ipsec-attributes ikev1 pre-shared-key ***** ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum client auto message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect ip-options inspect netbios inspect rsh inspect rtsp inspect skinny inspect esmtp inspect sqlnet inspect sunrpc inspect tftp inspect sip inspect xdmcp inspect icmp ! service-policy global_policy global prompt hostname context call-home reporting anonymous prompt 2 call-home profile CiscoTAC-1 no active destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address email callhome@cisco.com destination transport-method http subscribe-to-alert-group diagnostic subscribe-to-alert-group environment subscribe-to-alert-group inventory periodic monthly 20 subscribe-to-alert-group configuration periodic monthly 20 subscribe-to-alert-group telemetry periodic daily Cryptochecksum:3223497b9868ac9d4fce20b9dc3a48e6 : end VPN001#