topic I have now managed to break in Network Security

Port Forwarding on ASA 5505 Not Working... Help!

sarah.kingswell1 — Tue, 12 Mar 2019 06:21:26 GMT

Hello

I am attempting to setup a RDP Port Forward on my ASA 5505 but I am unable to access the host on the inside of the network from outside the network. I have created the correct NAT Rules and Access Rules (I think) but still it does not work. I can RDP the internal IP of the host and cannot see any firewall that would restrict connections from the outside interface to this host.

Internal Host = 172.26.0.19
External Interface = Outside_Arena

I have tried to configure with both CLI and ASDM. Have used the following commands in the CLI

object network FENDI_Laptop
host 172.26.0.19
nat (inside,outside) static interface service tcp 3389 3389

access-list FENDI-in extended permit tcp any host 172.26.0.19 eq 3389 log
access-group FENDI-in in interface outside_Arena

Please help I have spent hours trying to get this working and totally stuck.

Result of the command: "show config"
!
ASA Version 8.4(2)
!
hostname ********
domain-name ********
enable password ******** encrypted
passwd ******** encrypted
no names
name 172.26.0.32 DEMO.ILYNQ.COM_InternalIP description Used in NAT rule for port redir of pts 81 and 3389
name 172.26.0.26 UKFS_InternalIP description Used in NAT rule to port redirect FTP pt 21
name 92.237.118.233 VIRGIN_ISP_Gateway
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
switchport access vlan 32
!
interface Ethernet0/2
switchport access vlan 12
!
interface Ethernet0/3
switchport access vlan 12
!
interface Ethernet0/4
switchport access vlan 12
!
interface Ethernet0/5
switchport access vlan 12
!
interface Ethernet0/6
switchport access vlan 12
!
interface Ethernet0/7
!
interface Vlan12
nameif inside
security-level 100
ip address 172.26.0.1 255.255.255.0
!
interface Vlan32
nameif outside_Arena
security-level 0
ip address 95.130.99.137 255.255.255.240
!
boot system disk0:/asa842-k8.bin
ftp mode passive
clock timezone GMT/BST 0
clock summer-time GMT/BDT recurring last Sun Mar 1:00 last Sun Oct 2:00
dns server-group DefaultDNS
domain-name lynq.co.uk
same-security-traffic permit intra-interface
object network obj-172.26.0.0
subnet 172.26.0.0 255.255.255.0
object network obj-172.29.0.0
subnet 172.29.0.0 255.255.255.0
object network obj-172.27.0.0
subnet 172.27.0.0 255.255.255.0
object network obj-172.23.0.0
subnet 172.23.0.0 255.255.255.0
object network obj-172.25.0.0
subnet 172.25.0.0 255.255.255.0
object network obj-192.168.0.0
subnet 192.168.0.0 255.255.252.0
object network obj-10.100.100.0
subnet 10.100.100.0 255.255.255.0
object network obj-172.22.0.0
subnet 172.22.0.0 255.255.255.0
object network obj-192.168.40.0
subnet 192.168.40.0 255.255.255.0
object network obj-172.20.0.0
subnet 172.20.0.0 255.255.255.0
object network obj-92.237.118.236
host 92.237.118.236
object service obj-tcp-source-eq-80
service tcp source eq www
object service obj-tcp-source-eq-21
service tcp source eq ftp
object network obj-172.26.0.132
host 172.26.0.132
object network obj-92.237.118.237
host 92.237.118.237
object service obj-tcp-source-eq-3389
service tcp source eq 3389
object network obj-172.26.0.107
host 172.26.0.107
object network obj-92.237.118.238
host 92.237.118.238
object network obj-92.237.118.235
host 92.237.118.235
object network BT_ISP_Gateway
host 81.138.134.30
description BT ISP Router
object network obj-172.26.0.26
host 172.26.0.26
description FTP server
object service ftp
service tcp source eq ftp destination range 1 65535
object network BT_NatHidingStaticIP
host 81.138.134.25
object network NETWORK_OBJ_172.26.0.0_24
subnet 172.26.0.0 255.255.255.0
object network NETWORK_OBJ_172.30.0.0_24
subnet 172.30.0.0 255.255.255.0
object network NETWORK_OBJ_172.31.0.0_25
subnet 172.31.0.0 255.255.255.128
object network obj-172.30.0.0
subnet 172.30.0.0 255.255.255.0
object network NETWORK_OBJ_172.31.0.192_26
subnet 172.31.0.192 255.255.255.192
object network NETWORK_OBJ_192.168.50.0_26
subnet 192.168.50.0 255.255.255.192
object network NETWORK_OBJ_10.0.0.0_28
subnet 10.0.0.0 255.255.255.240
object network NETWORK_OBJ_10.11.1.0_27
subnet 10.11.1.0 255.255.255.224
object network 172.26.0.19
host 172.26.0.19
object service 8080
service tcp source eq 8080 destination eq 8080
object network Clarke-Aruba
subnet 172.31.0.0 255.255.255.0
object network FENDI_Laptop
host 172.26.0.19
object-group icmp-type DM_INLINE_ICMP_1
icmp-object echo
icmp-object echo-reply
icmp-object source-quench
icmp-object time-exceeded
icmp-object traceroute
icmp-object unreachable
object-group icmp-type DM_INLINE_ICMP_2
icmp-object echo
icmp-object echo-reply
icmp-object source-quench
icmp-object time-exceeded
icmp-object traceroute
icmp-object unreachable
object-group service DM_INLINE_TCP_1 tcp
port-object eq 3389
port-object eq 3390
port-object eq 81
port-object eq 82
port-object eq ftp
port-object eq www
object-group network DM_INLINE_NETWORK_2
network-object host 92.237.118.235
network-object host 92.237.118.236
network-object host 92.237.118.237
network-object host 92.237.118.238
object-group service DM_INLINE_TCP_2 tcp
port-object eq 3389
port-object eq 81
port-object eq 82
port-object eq ftp
port-object eq www
port-object eq https
object-group service DM_INLINE_TCP_3 tcp
port-object eq 3389
port-object eq www
object-group network DM_INLINE_NETWORK_3
network-object object obj-172.20.0.0
network-object object obj-172.29.0.0
network-object object obj-192.168.40.0
network-object object obj-172.23.0.0
network-object object obj-172.25.0.0
network-object object obj-10.100.100.0
network-object object obj-172.22.0.0
network-object object obj-192.168.0.0
network-object object obj-172.27.0.0
network-object object obj-172.30.0.0
network-object object Clarke-Aruba
object-group icmp-type DM_INLINE_ICMP_5
icmp-object echo
icmp-object echo-reply
icmp-object source-quench
icmp-object time-exceeded
icmp-object traceroute
icmp-object unreachable
object-group icmp-type DM_INLINE_ICMP_3
icmp-object echo
icmp-object echo-reply
icmp-object source-quench
icmp-object time-exceeded
icmp-object traceroute
icmp-object unreachable
object-group icmp-type DM_INLINE_ICMP_4
icmp-object echo
icmp-object echo-reply
icmp-object source-quench
icmp-object time-exceeded
icmp-object traceroute
icmp-object unreachable
object-group protocol DM_INLINE_PROTOCOL_1
protocol-object ip
protocol-object icmp
object-group network DM_INLINE_NETWORK_1
network-object 172.27.0.0 255.255.255.0
network-object object obj-172.20.0.0
network-object object obj-172.29.0.0
network-object object obj-192.168.40.0
object-group network DM_INLINE_NETWORK_4
network-object 172.30.0.0 255.255.255.0
network-object object Clarke-Aruba
object-group network DM_INLINE_NETWORK_5
network-object object Clarke-Aruba
network-object object NETWORK_OBJ_172.30.0.0_24
access-list inside_nat_outbound extended permit ip 172.26.0.0 255.255.255.0 any
access-list inside_access_in extended permit ip 172.26.0.0 255.255.255.0 any
access-list inside_access_in extended permit icmp any any object-group DM_INLINE_ICMP_1
access-list inside_access_in extended permit tcp any any
access-list dmz_access_in extended permit icmp any any object-group DM_INLINE_ICMP_2
access-list inside_nat0_outbound extended permit ip 172.26.0.0 255.255.255.0 172.23.0.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 172.26.0.0 255.255.255.0 172.25.0.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 172.26.0.0 255.255.255.0 192.168.0.0 255.255.252.0
access-list inside_nat0_outbound extended permit ip 172.26.0.0 255.255.255.0 10.100.100.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 172.26.0.0 255.255.255.0 172.22.0.0 255.255.255.0
access-list outside_Arena_cryptomap extended permit ip 172.26.0.0 255.255.255.0 object-group DM_INLINE_NETWORK_1
access-list outside_virgin_isp_access_in extended permit icmp any any object-group DM_INLINE_ICMP_3
access-list outside_virgin_isp_cryptomap_1 extended permit ip 172.26.0.0 255.255.255.0 172.23.0.0 255.255.255.0
access-list outside_bt_isp_access_in extended permit icmp any any object-group DM_INLINE_ICMP_5
access-list outside_bt_isp_access_in extended permit tcp any any eq ftp
access-list outside_virgin_isp_access_in_1 extended permit icmp any any object-group DM_INLINE_ICMP_4
access-list outside_virgin_isp_access_in_1 extended permit object-group DM_INLINE_PROTOCOL_1 any 192.168.0.0 255.255.252.0
access-list outside_virgin_isp_access_in_1 extended permit ip host 80.88.92.106 any
access-list outside_virgin_isp_access_in_1 extended permit icmp any any
access-list outside_virgin_isp_cryptomap_2 extended permit ip 172.26.0.0 255.255.255.0 object obj-10.100.100.0
access-list outside_Arena_cryptomap_1 extended permit ip 172.26.0.0 255.255.255.0 object-group DM_INLINE_NETWORK_4
access-list SplitTunnel standard permit 172.26.0.0 255.255.255.0
access-list NAT-EXEMPT extended permit ip 172.26.0.0 255.255.255.0 10.11.1.0 255.255.255.0
access-list FENDI-in extended permit tcp any host 172.26.0.19 eq 3389 log
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside_Arena 1500
ip local pool UKSSLUsers 172.31.0.200-172.31.0.240 mask 255.255.255.0
ip local pool AnyConnect 192.168.50.20-192.168.50.40 mask 255.255.255.0
ip local pool net-10 10.0.0.1-10.0.0.10 mask 255.255.255.0
ip local pool remotessl 10.11.1.2-10.11.1.20 mask 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-711.bin
no asdm history enable
arp timeout 14400
nat (inside,outside_Arena) source static obj-172.26.0.0 obj-172.26.0.0 destination static DM_INLINE_NETWORK_3 DM_INLINE_NETWORK_3 no-proxy-arp
nat (inside,outside_Arena) source dynamic obj-172.26.0.0 interface
nat (inside,outside_Arena) source static NETWORK_OBJ_172.26.0.0_24 NETWORK_OBJ_172.26.0.0_24 destination static DM_INLINE_NETWORK_5 DM_INLINE_NETWORK_5 no-proxy-arp route-lookup
!
object network FENDI_Laptop
nat (inside,outside_Arena) static interface service tcp 3389 3389
access-group inside_access_in in interface inside
access-group FENDI-in in interface outside_Arena
route outside_Arena 0.0.0.0 0.0.0.0 95.130.99.129 180
route outside_Arena 172.20.0.0 255.255.255.0 95.130.99.129 1
route outside_Arena 172.23.0.0 255.255.255.0 95.130.99.129 1
route outside_Arena 172.26.0.19 255.255.255.255 95.130.99.129 1
route outside_Arena 172.27.0.0 255.255.255.0 95.130.99.129 1
route outside_Arena 172.30.0.0 255.255.255.0 95.130.99.129 1
route outside_Arena 192.168.0.0 255.255.252.0 95.130.99.129 1
route outside_Arena 193.120.165.154 255.255.255.255 95.130.99.129 1
route outside_Arena 194.44.55.5 255.255.255.255 95.130.99.129 1
route outside_Arena 194.44.136.114 255.255.255.255 95.130.99.129 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
http server enable 8443
http 172.26.0.0 255.255.255.0 inside
http 194.44.136.114 255.255.255.255 outside_Arena
http 193.120.165.154 255.255.255.255 outside_Arena
http 194.44.55.0 255.255.255.0 outside_Arena
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
sysopt connection tcpmss 1350
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transport
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map outside_virgin_isp_map 1 match address outside_Arena_cryptomap
crypto map outside_virgin_isp_map 1 set peer 193.120.165.154
crypto map outside_virgin_isp_map 1 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_virgin_isp_map 2 match address outside_Arena_cryptomap_1
crypto map outside_virgin_isp_map 2 set pfs
crypto map outside_virgin_isp_map 2 set peer 80.88.92.105
crypto map outside_virgin_isp_map 2 set ikev1 transform-set ESP-3DES-SHA ESP-AES-256-SHA
crypto map outside_virgin_isp_map 5 match address outside_virgin_isp_cryptomap_1
crypto map outside_virgin_isp_map 5 set peer 194.44.136.114
crypto map outside_virgin_isp_map 5 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_virgin_isp_map 6 match address outside_virgin_isp_cryptomap_2
crypto map outside_virgin_isp_map 6 set peer 212.87.74.171
crypto map outside_virgin_isp_map 6 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_virgin_isp_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_virgin_isp_map interface outside_Arena
crypto ca trustpoint ASDM_TrustPoint0
enrollment self
fqdn vpnuk.lynq.co.uk
subject-name CN=LYNQUKASA
crl configure
crypto ca certificate chain ASDM_TrustPoint0
certificate 5b0ba155
308201e1 3082014a a0030201 0202045b 0ba15530 0d06092a 864886f7 0d010105
05003035 31123010 06035504 0313094c 594e5155 4b415341 311f301d 06092a86
4886f70d 01090216 1076706e 756b2e6c 796e712e 636f2e75 6b301e17 0d313530
37323231 30323635 395a170d 32353037 31393130 32363539 5a303531 12301006
03550403 13094c59 4e51554b 41534131 1f301d06 092a8648 86f70d01 09021610
76706e75 6b2e6c79 6e712e63 6f2e756b 30819f30 0d06092a 864886f7 0d010101
05000381 8d003081 89028181 00b34b55 c66162ec f3fb376f 9f24491e a71b931e
3332434d f826ed42 ea1620fb 4cfa0ee1 6080fb0c e1b3470e 1a6b8bc2 8f7234c6
e65616e3 362bea14 9f45f49d 5f919c14 1f98986b a579b466 21149480 3b75ebe9
826116a0 92811587 1cffb55a 895a4a52 e2b5243c 1dccfe5d 3347a8f6 55235e2f
990a4f09 0cb3af08 34f538fa 21020301 0001300d 06092a86 4886f70d 01010505
00038181 0055e50c def67359 c835c88a 69527106 1272ca5f c1834613 4bbe4d9c
4fb0c526 b79b7836 257a38ff 11550295 ef0c54ad 71fcd7ed d030d150 6a4ddc80
6068b088 de6c656f 0591223d e03d93de 04191ab6 3280332a 5cb2e489 e0aabf4c
b92c609a 87d5d784 7119f96b f004005c 717877fc 66bd8abc fd6d8a5d 11f2ff23
3a9059ed be
quit
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable outside_Arena client-services port 443
crypto ikev2 remote-access trustpoint ASDM_TrustPoint0
crypto ikev1 enable outside_Arena
crypto ikev1 policy 5
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 28800
!
track 1 rtr 123 reachability
!
track 100 rtr 1 reachability
telnet 172.26.0.0 255.255.255.0 inside
telnet 172.26.0.0 255.255.0.0 inside
telnet timeout 5
ssh 172.26.0.0 255.255.255.0 inside
ssh 194.44.136.114 255.255.255.255 outside_Arena
ssh 193.120.165.154 255.255.255.255 outside_Arena
ssh 194.44.55.0 255.255.255.0 outside_Arena
ssh timeout 30
console timeout 0
vpdn group BTFibre request dialout pppoe
vpdn group BTFibre localname D203277@hg52.btclick.com
vpdn group BTFibre ppp authentication chap
vpdn group btpppoe request dialout pppoe
vpdn group btpppoe localname D203277@hg52.btclick.com
vpdn group btpppoe ppp authentication pap
vpdn group bt_pppoe request dialout pppoe
vpdn group bt_pppoe localname D203277@hg52.btclick.com
vpdn group bt_pppoe ppp authentication pap
vpdn group PPPOE_BT request dialout pppoe
vpdn group PPPOE_BT localname D203277@hg52.btclick.com
vpdn group PPPOE_BT ppp authentication pap
vpdn group BTDSL request dialout pppoe
vpdn group BTDSL localname D203277@hg52.btclick.com
vpdn group BTDSL ppp authentication pap
vpdn group D203277@hg52.btclick.com request dialout pppoe
vpdn group D203277@hg52.btclick.com localname D203277@hg52.btclick.com
vpdn group D203277@hg52.btclick.com ppp authentication chap
vpdn username D203277@hg52.btclick.com password password1 store-local
vpdn username 01329221836@talktalkbusiness.net password J7R5K6F2J6 store-local

threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 65.55.56.206
tftp-server inside 172.26.0.26 \
ssl trust-point ASDM_TrustPoint0 outside_Arena
webvpn
enable outside_Arena
anyconnect image disk0:/anyconnect-win-2.5.2014-k9.pkg 1
anyconnect enable
tunnel-group-list enable
group-policy DfltGrpPolicy attributes
vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-clientless
group-policy GroupPolicy_RemoteSSL internal
group-policy GroupPolicy_RemoteSSL attributes
wins-server none
dns-server value 172.26.0.25
vpn-tunnel-protocol ssl-client
split-tunnel-policy tunnelspecified
split-tunnel-network-list value SplitTunnel
default-domain value lynq.co.uk
group-policy GroupPolicy_80.88.92.105 internal
group-policy GroupPolicy_80.88.92.105 attributes
vpn-tunnel-protocol ikev1
group-policy GroupPolicy_194.44.136.114 internal
group-policy GroupPolicy_194.44.136.114 attributes
vpn-tunnel-protocol ikev1
group-policy GroupPolicy_193.120.165.154 internal
group-policy GroupPolicy_193.120.165.154 attributes
vpn-tunnel-protocol ikev1
username tdb.admin password 66rOScYvr6BoMfol encrypted privilege 15
username paul.synnott password 3UDjotP6R7/M6C0B encrypted privilege 15
username sarah.kingswell password 5XyGsYkEdLoWOQiY encrypted privilege 15
username pete.hayes password aKXo6uAmPQjnwJ6q encrypted
username taras.chuhay password Yxj1fcjQ/tmX15oH encrypted privilege 15
username sean.timmins password ChKbOC6xl/qpg0kj encrypted privilege 15
username ciaran.raftery password 7IlPp0OBHDtzh4gY encrypted privilege 15
username colm.admin password 2MIbxjKQswsLMY/w encrypted privilege 15
tunnel-group 193.120.165.154 type ipsec-l2l
tunnel-group 193.120.165.154 general-attributes
default-group-policy GroupPolicy_193.120.165.154
tunnel-group 193.120.165.154 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 194.44.136.114 type ipsec-l2l
tunnel-group 194.44.136.114 general-attributes
default-group-policy GroupPolicy_194.44.136.114
tunnel-group 194.44.136.114 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 212.87.74.171 type ipsec-l2l
tunnel-group 212.87.74.171 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group RemoteSSL type remote-access
tunnel-group RemoteSSL general-attributes
address-pool remotessl
default-group-policy GroupPolicy_RemoteSSL
tunnel-group RemoteSSL webvpn-attributes
group-alias RemoteSSL enable
tunnel-group 80.88.92.105 type ipsec-l2l
tunnel-group 80.88.92.105 general-attributes
default-group-policy GroupPolicy_80.88.92.105
tunnel-group 80.88.92.105 ipsec-attributes
ikev1 pre-shared-key *****
peer-id-validate nocheck
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect pptp
inspect ip-options
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:c4d9ca18191a497c2a0aeb37c3c1a5d0

one of the most common

Karsten Iwen — Thu, 30 Jul 2015 10:37:05 GMT

one of the most common mistakes: The order of the NAT-statements is wrong:

no nat (inside,outside_Arena) source dynamic obj-172.26.0.0 interface
nat (inside,outside_Arena) after-auto source dynamic obj-172.26.0.0 interface

Thanks Karsten - How do I

sarah.kingswell1 — Thu, 30 Jul 2015 10:48:33 GMT

Thanks Karsten - How do I correct the order?

The solution is directly in

Karsten Iwen — Thu, 30 Jul 2015 10:55:53 GMT

The solution is directly in front of you, just look about 10 cm above ... 😉

Yep, thanks it's working now

sarah.kingswell1 — Thu, 30 Jul 2015 10:57:41 GMT

Yep, thanks it's working now

I have now managed to break

sarah.kingswell1 — Thu, 30 Jul 2015 12:14:53 GMT

I have now managed to break it by adding another port forward this time to another subnet that is connected by VPN.

The command I have run from the CLI

object network UK2008SRV_WEB
host 172.27.0.136
nat (inside,outside) static interface service tcp 80 80

access-list UK2008SRV-in extended permit tcp any host 172.27.0.136 eq 80 log
access-group UK2008SRV-in in interface outside_Arena

How do I now fix to get both port forwards working? Sorry this is confusing..

Result of the command: "show config"

ASA Version 8.4(2)
!
hostname LYNQUKASA
domain-name ********
enable password ******** encrypted
passwd ******** encrypted
no names
name 172.26.0.32 DEMO.ILYNQ.COM_InternalIP description Used in NAT rule for port redir of pts 81 and 3389
name 172.26.0.26 UKFS_InternalIP description Used in NAT rule to port redirect FTP pt 21
name 92.237.118.233 VIRGIN_ISP_Gateway
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
switchport access vlan 32
!
interface Ethernet0/2
switchport access vlan 12
!
interface Ethernet0/3
switchport access vlan 12
!
interface Ethernet0/4
switchport access vlan 12
!
interface Ethernet0/5
switchport access vlan 12
!
interface Ethernet0/6
switchport access vlan 12
!
interface Ethernet0/7
!
interface Vlan12
nameif inside
security-level 100
ip address 172.26.0.1 255.255.255.0
!
interface Vlan32
nameif outside_Arena
security-level 0
ip address 95.130.99.137 255.255.255.240
!
boot system disk0:/asa842-k8.bin
ftp mode passive
clock timezone GMT/BST 0
clock summer-time GMT/BDT recurring last Sun Mar 1:00 last Sun Oct 2:00
dns server-group DefaultDNS
domain-name lynq.co.uk
same-security-traffic permit intra-interface
object network obj-172.26.0.0
subnet 172.26.0.0 255.255.255.0
object network obj-172.29.0.0
subnet 172.29.0.0 255.255.255.0
object network obj-172.27.0.0
subnet 172.27.0.0 255.255.255.0
object network obj-172.23.0.0
subnet 172.23.0.0 255.255.255.0
object network obj-172.25.0.0
subnet 172.25.0.0 255.255.255.0
object network obj-192.168.0.0
subnet 192.168.0.0 255.255.252.0
object network obj-10.100.100.0
subnet 10.100.100.0 255.255.255.0
object network obj-172.22.0.0
subnet 172.22.0.0 255.255.255.0
object network obj-192.168.40.0
subnet 192.168.40.0 255.255.255.0
object network obj-172.20.0.0
subnet 172.20.0.0 255.255.255.0
object network obj-92.237.118.236
host 92.237.118.236
object service obj-tcp-source-eq-80
service tcp source eq www
object service obj-tcp-source-eq-21
service tcp source eq ftp
object network obj-172.26.0.132
host 172.26.0.132
object network obj-92.237.118.237
host 92.237.118.237
object service obj-tcp-source-eq-3389
service tcp source eq 3389
object network obj-172.26.0.107
host 172.26.0.107
object network obj-92.237.118.238
host 92.237.118.238
object network obj-92.237.118.235
host 92.237.118.235
object network BT_ISP_Gateway
host 81.138.134.30
description BT ISP Router
object network obj-172.26.0.26
host 172.26.0.26
description FTP server
object service ftp
service tcp source eq ftp destination range 1 65535
object network BT_NatHidingStaticIP
host 81.138.134.25
object network NETWORK_OBJ_172.26.0.0_24
subnet 172.26.0.0 255.255.255.0
object network NETWORK_OBJ_172.30.0.0_24
subnet 172.30.0.0 255.255.255.0
object network NETWORK_OBJ_172.31.0.0_25
subnet 172.31.0.0 255.255.255.128
object network obj-172.30.0.0
subnet 172.30.0.0 255.255.255.0
object network NETWORK_OBJ_172.31.0.192_26
subnet 172.31.0.192 255.255.255.192
object network NETWORK_OBJ_192.168.50.0_26
subnet 192.168.50.0 255.255.255.192
object network NETWORK_OBJ_10.0.0.0_28
subnet 10.0.0.0 255.255.255.240
object network NETWORK_OBJ_10.11.1.0_27
subnet 10.11.1.0 255.255.255.224
object network 172.26.0.19
host 172.26.0.19
object service 8080
service tcp source eq 8080 destination eq 8080
object network Clarke-Aruba
subnet 172.31.0.0 255.255.255.0
object network FENDI_Laptop
host 172.26.0.19
object network 172.26.0.1
host 172.26.0.1
description Internal IP for Router
object network UK2008SRV_WEB
host 172.27.0.136
object-group icmp-type DM_INLINE_ICMP_1
icmp-object echo
icmp-object echo-reply
icmp-object source-quench
icmp-object time-exceeded
icmp-object traceroute
icmp-object unreachable
object-group icmp-type DM_INLINE_ICMP_2
icmp-object echo
icmp-object echo-reply
icmp-object source-quench
icmp-object time-exceeded
icmp-object traceroute
icmp-object unreachable
object-group service DM_INLINE_TCP_1 tcp
port-object eq 3389
port-object eq 3390
port-object eq 81
port-object eq 82
port-object eq ftp
port-object eq www
object-group network DM_INLINE_NETWORK_2
network-object host 92.237.118.235
network-object host 92.237.118.236
network-object host 92.237.118.237
network-object host 92.237.118.238
object-group service DM_INLINE_TCP_2 tcp
port-object eq 3389
port-object eq 81
port-object eq 82
port-object eq ftp
port-object eq www
port-object eq https
object-group service DM_INLINE_TCP_3 tcp
port-object eq 3389
port-object eq www
object-group network DM_INLINE_NETWORK_3
network-object object obj-172.20.0.0
network-object object obj-172.29.0.0
network-object object obj-192.168.40.0
network-object object obj-172.23.0.0
network-object object obj-172.25.0.0
network-object object obj-10.100.100.0
network-object object obj-172.22.0.0
network-object object obj-192.168.0.0
network-object object obj-172.27.0.0
network-object object obj-172.30.0.0
network-object object Clarke-Aruba
object-group icmp-type DM_INLINE_ICMP_5
icmp-object echo
icmp-object echo-reply
icmp-object source-quench
icmp-object time-exceeded
icmp-object traceroute
icmp-object unreachable
object-group icmp-type DM_INLINE_ICMP_3
icmp-object echo
icmp-object echo-reply
icmp-object source-quench
icmp-object time-exceeded
icmp-object traceroute
icmp-object unreachable
object-group icmp-type DM_INLINE_ICMP_4
icmp-object echo
icmp-object echo-reply
icmp-object source-quench
icmp-object time-exceeded
icmp-object traceroute
icmp-object unreachable
object-group protocol DM_INLINE_PROTOCOL_1
protocol-object ip
protocol-object icmp
object-group network DM_INLINE_NETWORK_1
network-object 172.27.0.0 255.255.255.0
network-object object obj-172.20.0.0
network-object object obj-172.29.0.0
network-object object obj-192.168.40.0
object-group network DM_INLINE_NETWORK_4
network-object 172.30.0.0 255.255.255.0
network-object object Clarke-Aruba
object-group network DM_INLINE_NETWORK_5
network-object object Clarke-Aruba
network-object object NETWORK_OBJ_172.30.0.0_24
object-group protocol DM_INLINE_PROTOCOL_2
protocol-object udp
protocol-object tcp
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
access-list inside_nat_outbound extended permit ip 172.26.0.0 255.255.255.0 any
access-list inside_access_in extended permit ip 172.26.0.0 255.255.255.0 any
access-list inside_access_in extended permit icmp any any object-group DM_INLINE_ICMP_1
access-list inside_access_in extended permit object-group TCPUDP any any
access-list dmz_access_in extended permit icmp any any object-group DM_INLINE_ICMP_2
access-list inside_nat0_outbound extended permit ip 172.26.0.0 255.255.255.0 172.23.0.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 172.26.0.0 255.255.255.0 172.25.0.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 172.26.0.0 255.255.255.0 192.168.0.0 255.255.252.0
access-list inside_nat0_outbound extended permit ip 172.26.0.0 255.255.255.0 10.100.100.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 172.26.0.0 255.255.255.0 172.22.0.0 255.255.255.0
access-list outside_Arena_cryptomap extended permit ip 172.26.0.0 255.255.255.0 object-group DM_INLINE_NETWORK_1
access-list outside_virgin_isp_access_in extended permit icmp any any object-group DM_INLINE_ICMP_3
access-list outside_virgin_isp_cryptomap_1 extended permit ip 172.26.0.0 255.255.255.0 172.23.0.0 255.255.255.0
access-list outside_bt_isp_access_in extended permit icmp any any object-group DM_INLINE_ICMP_5
access-list outside_bt_isp_access_in extended permit tcp any any eq ftp
access-list outside_virgin_isp_access_in_1 extended permit icmp any any object-group DM_INLINE_ICMP_4
access-list outside_virgin_isp_access_in_1 extended permit object-group DM_INLINE_PROTOCOL_1 any 192.168.0.0 255.255.252.0
access-list outside_virgin_isp_access_in_1 extended permit ip host 80.88.92.106 any
access-list outside_virgin_isp_access_in_1 extended permit icmp any any
access-list outside_virgin_isp_cryptomap_2 extended permit ip 172.26.0.0 255.255.255.0 object obj-10.100.100.0
access-list outside_Arena_cryptomap_1 extended permit ip 172.26.0.0 255.255.255.0 object-group DM_INLINE_NETWORK_4
access-list SplitTunnel standard permit 172.26.0.0 255.255.255.0
access-list NAT-EXEMPT extended permit ip 172.26.0.0 255.255.255.0 10.11.1.0 255.255.255.0
access-list FENDI-in extended permit tcp any host 172.26.0.19 eq 3389 log
access-list UK2008SRV-in extended permit tcp any host 172.27.0.136 eq www log
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside_Arena 1500
ip local pool UKSSLUsers 172.31.0.200-172.31.0.240 mask 255.255.255.0
ip local pool AnyConnect 192.168.50.20-192.168.50.40 mask 255.255.255.0
ip local pool net-10 10.0.0.1-10.0.0.10 mask 255.255.255.0
ip local pool remotessl 10.11.1.2-10.11.1.20 mask 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-711.bin
no asdm history enable
arp timeout 14400
nat (inside,outside_Arena) source static obj-172.26.0.0 obj-172.26.0.0 destination static DM_INLINE_NETWORK_3 DM_INLINE_NETWORK_3 no-proxy-arp
nat (inside,outside_Arena) source static NETWORK_OBJ_172.26.0.0_24 NETWORK_OBJ_172.26.0.0_24 destination static DM_INLINE_NETWORK_5 DM_INLINE_NETWORK_5 no-proxy-arp route-lookup
!
object network FENDI_Laptop
nat (inside,outside_Arena) static interface service tcp 3389 3389
object network UK2008SRV_WEB
nat (inside,outside_Arena) static interface service tcp www www
!
nat (inside,outside_Arena) after-auto source dynamic obj-172.26.0.0 interface
access-group inside_access_in in interface inside
access-group UK2008SRV-in in interface outside_Arena
route outside_Arena 0.0.0.0 0.0.0.0 95.130.99.129 180
route outside_Arena 172.20.0.0 255.255.255.0 95.130.99.129 1
route outside_Arena 172.23.0.0 255.255.255.0 95.130.99.129 1
route outside_Arena 172.26.0.19 255.255.255.255 95.130.99.129 1
route outside_Arena 172.27.0.0 255.255.255.0 95.130.99.129 1
route outside_Arena 172.30.0.0 255.255.255.0 95.130.99.129 1
route outside_Arena 192.168.0.0 255.255.252.0 95.130.99.129 1
route outside_Arena 193.120.165.154 255.255.255.255 95.130.99.129 1
route outside_Arena 194.44.55.5 255.255.255.255 95.130.99.129 1
route outside_Arena 194.44.136.114 255.255.255.255 95.130.99.129 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
http server enable 8443
http 172.26.0.0 255.255.255.0 inside
http 194.44.136.114 255.255.255.255 outside_Arena
http 193.120.165.154 255.255.255.255 outside_Arena
http 194.44.55.0 255.255.255.0 outside_Arena
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
sysopt connection tcpmss 1350
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transport
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map outside_virgin_isp_map 1 match address outside_Arena_cryptomap
crypto map outside_virgin_isp_map 1 set peer 193.120.165.154
crypto map outside_virgin_isp_map 1 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_virgin_isp_map 2 match address outside_Arena_cryptomap_1
crypto map outside_virgin_isp_map 2 set pfs
crypto map outside_virgin_isp_map 2 set peer 80.88.92.105
crypto map outside_virgin_isp_map 2 set ikev1 transform-set ESP-3DES-SHA ESP-AES-256-SHA
crypto map outside_virgin_isp_map 5 match address outside_virgin_isp_cryptomap_1
crypto map outside_virgin_isp_map 5 set peer 194.44.136.114
crypto map outside_virgin_isp_map 5 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_virgin_isp_map 6 match address outside_virgin_isp_cryptomap_2
crypto map outside_virgin_isp_map 6 set peer 212.87.74.171
crypto map outside_virgin_isp_map 6 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_virgin_isp_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_virgin_isp_map interface outside_Arena
crypto ca trustpoint ASDM_TrustPoint0
enrollment self
fqdn vpnuk.lynq.co.uk
subject-name CN=LYNQUKASA
crl configure
crypto ca certificate chain ASDM_TrustPoint0
certificate 5b0ba155
308201e1 3082014a a0030201 0202045b 0ba15530 0d06092a 864886f7 0d010105
05003035 31123010 06035504 0313094c 594e5155 4b415341 311f301d 06092a86
4886f70d 01090216 1076706e 756b2e6c 796e712e 636f2e75 6b301e17 0d313530
37323231 30323635 395a170d 32353037 31393130 32363539 5a303531 12301006
03550403 13094c59 4e51554b 41534131 1f301d06 092a8648 86f70d01 09021610
76706e75 6b2e6c79 6e712e63 6f2e756b 30819f30 0d06092a 864886f7 0d010101
05000381 8d003081 89028181 00b34b55 c66162ec f3fb376f 9f24491e a71b931e
3332434d f826ed42 ea1620fb 4cfa0ee1 6080fb0c e1b3470e 1a6b8bc2 8f7234c6
e65616e3 362bea14 9f45f49d 5f919c14 1f98986b a579b466 21149480 3b75ebe9
826116a0 92811587 1cffb55a 895a4a52 e2b5243c 1dccfe5d 3347a8f6 55235e2f
990a4f09 0cb3af08 34f538fa 21020301 0001300d 06092a86 4886f70d 01010505
00038181 0055e50c def67359 c835c88a 69527106 1272ca5f c1834613 4bbe4d9c
4fb0c526 b79b7836 257a38ff 11550295 ef0c54ad 71fcd7ed d030d150 6a4ddc80
6068b088 de6c656f 0591223d e03d93de 04191ab6 3280332a 5cb2e489 e0aabf4c
b92c609a 87d5d784 7119f96b f004005c 717877fc 66bd8abc fd6d8a5d 11f2ff23
3a9059ed be
quit
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable outside_Arena client-services port 443
crypto ikev2 remote-access trustpoint ASDM_TrustPoint0
crypto ikev1 enable outside_Arena
crypto ikev1 policy 5
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 28800
!
track 1 rtr 123 reachability
!
track 100 rtr 1 reachability
telnet 172.26.0.0 255.255.255.0 inside
telnet 172.26.0.0 255.255.0.0 inside
telnet timeout 5
ssh 172.26.0.0 255.255.255.0 inside
ssh 194.44.136.114 255.255.255.255 outside_Arena
ssh 193.120.165.154 255.255.255.255 outside_Arena
ssh 194.44.55.0 255.255.255.0 outside_Arena
ssh timeout 30
console timeout 0
vpdn group BTFibre request dialout pppoe
vpdn group BTFibre localname D203277@hg52.btclick.com
vpdn group BTFibre ppp authentication chap
vpdn group btpppoe request dialout pppoe
vpdn group btpppoe localname D203277@hg52.btclick.com
vpdn group btpppoe ppp authentication pap
vpdn group bt_pppoe request dialout pppoe
vpdn group bt_pppoe localname D203277@hg52.btclick.com
vpdn group bt_pppoe ppp authentication pap
vpdn group PPPOE_BT request dialout pppoe
vpdn group PPPOE_BT localname D203277@hg52.btclick.com
vpdn group PPPOE_BT ppp authentication pap
vpdn group BTDSL request dialout pppoe
vpdn group BTDSL localname D203277@hg52.btclick.com
vpdn group BTDSL ppp authentication pap
vpdn group D203277@hg52.btclick.com request dialout pppoe
vpdn group D203277@hg52.btclick.com localname D203277@hg52.btclick.com
vpdn group D203277@hg52.btclick.com ppp authentication chap
vpdn username D203277@hg52.btclick.com password password1 store-local
vpdn username 01329221836@talktalkbusiness.net password J7R5K6F2J6 store-local