отмена
Отображаются результаты для 
Вместо этого искать 
Вы имели в виду: 
cancel
Объявления
228
Просмотры
5
Полезный материал
5
Ответы
Tenzo
Beginner

Cisco ASA 5505 VPN Site-to-Site (односторонний пинг)

Доброго всем дня.

От предыдущего админа досталась настроенная Cisco ASA 5505. Но один VPN он так и не смог поднять.

Мои потуги тоже были напрасны!

С удаленным Peer 185.79.245.152.

После "поднятия" VPN удаленный хост пингует наш хост, а мы нет.

Куда копать?

 

Спойлер

Result of the command: "sh run"

: Saved
:
: Serial Number: *****
: Hardware: ASA5505, 512 MB RAM, CPU Geode 500 MHz
:
ASA Version 9.2(2)
!
hostname brlasa2
enable password ***** encrypted
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
xlate per-session deny tcp any4 any4
passwd ***** encrypted
names
ip local pool l2tp_pool 192.168.168.210-192.168.168.230 mask 255.255.255.0
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
switchport access vlan 12
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
switchport access vlan 22
!
interface Ethernet0/7
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.186.112 255.255.255.0
!
interface Vlan2
backup interface Vlan12
nameif outside
security-level 0
ip address 212.98.173.85 255.255.255.0
!
interface Vlan12
nameif vlan3
security-level 0
ip address 192.168.187.112 255.255.255.0
!
interface Vlan22
nameif insideLocal
security-level 100
ip address 192.168.1.111 255.255.255.0
!
boot system disk0:/asa922-k8.bin
ftp mode passive
clock timezone EEST 2
clock summer-time EEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
dns domain-lookup inside
dns domain-lookup outside
dns domain-lookup vlan3
dns domain-lookup insideLocal
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network 192.168.0.0
subnet 192.168.0.0 255.255.128.0
description LOCAL
object network NewServer
host 192.168.186.77
object network 192.168.186.112
host 192.168.186.112
object network 192.168.186.0
subnet 192.168.186.0 255.255.255.0
object network 192.168.187.0
subnet 192.168.187.0 255.255.255.0
object network 192.168.186.100
host 192.168.186.100
object service 445
service tcp destination eq 445
object service tcp139
service tcp destination range 135 netbios-ssn
object service udp135139
service udp destination range 135 139
object service 7777
service tcp destination eq 55555
object service http
service tcp destination eq www
object network NETWORK_OBJ_212.98.173.85
host 212.98.173.85
object network 212.98.173.85
host 212.98.173.85
object network NETWORK_OBJ_192.168.186.0_24
subnet 192.168.186.0 255.255.255.0
object network Velcom_Local_FTP
host 192.168.117.130
object network Velcom_Local_SMS
host 10.254.132.35
object network Life_Local_SMS
host 81.30.80.50
object network Life_local_1
host 81.30.80.50
object service TCP8088
service tcp destination eq 8088
object service TCP8882
service tcp destination eq 8882
object service TCP8888
service tcp destination eq 8888
object service TCP8080
service tcp destination eq 8080
object service TCP8883
service tcp destination eq 8883
object service TCP8000
service tcp destination eq 8000
object network Life_Local_SMS2
host 81.30.80.42
object network 81.25.34.6
host 81.25.34.6
object network Center1010
host 86.57.244.69
object network Center2254
host 176.60.62.113
object network Center2314
host 82.209.229.31
object network Center3000
host 82.209.221.112
object network Center4010
host 93.125.101.93
object network Center5001
host 95.50.248.193
object network Center8100
host 77.239.176.187
object service FTP
service tcp destination eq ftp
object service FTP21
service tcp destination eq 2121
object network 192.168.187.1
host 192.168.187.1
object network 209.239.124.0
subnet 209.239.124.0 255.255.255.0
object network Center2254_2
host 93.125.59.69
object service TCP49161
service tcp destination eq 49161
object service MyChat
service tcp destination eq 2004
object service 2638
service tcp destination eq 2638
object network BelAvto178.124.157.150
host 178.124.157.150
object service TCP48161
service tcp destination eq 48161
object service TCP8501
service tcp destination eq 8501
object network 213.184.248.180
host 213.184.248.180
object service MyChatUpdate
service tcp destination range 20000 20030
object service https
service tcp destination eq https
object service 8889
service tcp destination eq 8889
object service 8890
service tcp destination eq 8890
object service FtpInTransport
service tcp destination range 51100 51200
object service TCP8899
service tcp destination eq 8899
object service TCP7070
service tcp destination eq 7070
object service TCP5050
service tcp destination eq 5050
object service MyChatWeb
service tcp destination eq 8079
object network UnitedCompany
host 80.249.92.159
object service TCP48163
service tcp destination eq 48163
object service TCP48164
service tcp destination eq 48164
object network A100-1
host 212.98.173.158
object network A100-2
host 212.98.173.164
object network A100-3
host 212.98.173.246
object network A100-4
host 82.209.249.86
object network Velcom_Local_NewSMS
host 10.254.85.15
object network UnitedCompany2
host 178.124.163.216
object network Velcom_Local_NewFTP
host 10.254.48.37
object network 2314_Velcom
host 37.17.6.168
object network Center2254_3
host 176.60.80.55
object service TCP8885
service tcp destination eq 8885
object service TCP8887
service tcp destination eq 8887
object service TCP48169
service tcp destination eq 48169
description Base centr 5001
object network Center5001_2
host 83.3.124.173
object network Center5001_3
host 176.60.62.113
object network Center2248
host 86.57.173.210
object service TCP48170
service tcp destination eq 48170
description Base centr 2248
object network Center4020
host 82.209.212.146
object network Center7000
host 92.241.111.65
object network Center7000_2
host 89.179.73.194
object network Center2250
host 176.60.82.3
object network Center2247
host 178.124.207.104
object network Center8100_2
host 95.158.39.252
object network Center1015
host 82.209.206.169
object network Center8100_3g
host 93.180.253.106
object service TCP8886
service tcp destination eq 8886
description TRM Urovnemer
object network Center8100_Tmp
host 185.166.65.199
description Vremenno
object network Center6940
host 37.17.57.233
object service TCP48165
service tcp destination eq 48165
description Base centr 6940
object service TCP48171
service tcp destination eq 48171
description Base center 6916
object network Center6916
host 217.23.122.38
object network Center6916_2
host 217.23.122.36
object service TCP48166
service tcp destination eq 48166
description Base center 6930
object network Center6930
subnet 82.209.243.0 255.255.255.248
object network Center7000_3
host 212.3.141.96
object network UnitedCompany3
host 86.57.139.242
object network TATOIL-azs14
subnet 192.168.14.0 255.255.255.0
object network TATAZS14
subnet 192.168.14.0 255.255.255.0
object network Local_for_MTS
subnet 192.168.186.0 255.255.255.0
object network MTS_local
host 10.128.193.185
description MTS_LOCAL_FTP
object network Center6930_2
host 178.124.167.42
object network A100-5
host 212.98.173.88
object service TCP48167
service tcp destination eq 48167
description Bace centr 6950
object network Center6950
host 93.85.82.248
object service TCP48168
service tcp destination eq 48174
description Base centr 6928
object network Center6928
host 93.85.94.230
object service TCP48173
service tcp destination eq 48173
description Base center 6927
object network Center6927_1
host 86.57.245.221
object network Center6927_2
host 91.149.191.122
object network Center6927_3
host 37.17.98.193
object network A100-6
host 212.98.173.31
object network A100-7
host 212.98.173.240
object network A100-8
host 212.98.173.241
object network A100-9
host 212.98.173.82
object network NAS4560
host 192.168.1.101
object network Center6927_4
host 86.57.237.226
object network Center6927_5
host 86.57.237.252
object network Center6927_6
host 86.57.237.253
object network Center6927_7
host 86.57.237.254
object network Center6927_8
host 86.57.235.15
object network Center6916_3
host 178.124.147.178
object network NETWORK_OBJ_192.168.1.0_24
subnet 192.168.1.0 255.255.255.0
object network NETWORK_OBJ_192.168.5.0_27
subnet 192.168.5.0 255.255.255.224
object network NETWORK_OBJ_192.168.99.0_24
subnet 192.168.99.0 255.255.255.0
object network NETWORK_OBJ_192.168.192.128_25
subnet 192.168.192.128 255.255.255.128
object network NETWORK_OBJ_192.168.186.192_26
subnet 192.168.186.192 255.255.255.192
object network Kapsch_FTP
host 128.140.240.131
object network NETWORK_OBJ_192.168.186.77
host 192.168.186.77
object network Kapsch
host 128.140.240.4
object service FTP_Kapsch
service tcp destination eq ssh
object network NETWORK_OBJ_128.140.240.0_24
subnet 128.140.240.0 255.255.255.0
object network NETWORK_OBJ_10.128.30.53
host 10.128.30.53
object network server1c
host 192.168.1.113
description Server1C
object service RabbitMQ_15672
service tcp destination eq 15672
description RabbitMQ_15672
object service RabbitMQ_5672
service tcp destination eq 5672
description RabbitMQ_5672
object network TECS
host 185.24.100.16
object service TECS_FTP
service tcp destination eq 22522
description TECS FTP
object network BelGazPromBank
host 93.125.122.251
object network BelOil
host 10.93.236.36
object network Admin-PC
host 192.168.1.110
object network Chupyrkin
host 192.168.1.233
object network Admin-PC_192.168.104.29
host 192.168.104.29
object network BGPB_172.22.103.3
host 172.22.103.3
object network BGPB_172.22.103.4
host 172.22.103.4
object network Backuper-PC_192.168.104.28
host 192.168.104.28
object network Manager-PC_192.168.104.27
host 192.168.104.27
object service BGPB_4500
service tcp destination eq 4500
object network BGPB_93.125.122.129
host 93.125.122.129
object network Backuper-PC
host 192.168.1.30
object network Manager-PC
host 192.168.1.23
object service BGPB_1414
service tcp destination eq 1414
object network 192.168.186.121
host 192.168.186.121
object service NAS-D4_44444-to-8080
service tcp destination eq 44444
object service NAS-D4_9099-to-9090
service tcp destination eq 9099
object service TCP9090
service tcp destination eq 9090
object service TCP9099
service tcp destination eq 9099
object network Komarov-PC
host 192.168.1.200
object network Komarov-PC_172.31.181.218
host 172.31.181.218
object network Lemeshevsky-PC
host 192.168.1.163
object network Lemeshevsky-PC_172.31.181.219
host 172.31.181.219
object network Test-PC
host 192.168.1.130
object network Test-PC_172.31.181.220
host 172.31.181.220
object network Diebold_Nixdorf_193.179.205.39
host 193.179.205.39
object network Diebold_Nixdorf_193.179.205.40
host 193.179.205.40
object network Admin-PC_172.31.181.217
host 172.31.181.217
object service Diebold_Nixdorf_1415
service tcp destination eq 1415
object network Admin-PC_172.16.11.110
host 172.16.11.110
object network Komarov-PC_172.16.11.200
host 172.16.11.200
object network Lemeshevsky-PC_172.16.11.163
host 172.16.11.163
object network Test-PC_172.16.11.130
host 172.16.11.130
object network equensWorldline_192.168.233.42
host 192.168.233.42
object network equensWorldline_192.168.233.43
host 192.168.233.43
object network equensWorldline_192.168.233.61
host 192.168.233.61
object service equensWorldline_60843
service tcp destination eq 60843
object service equensWorldline_61143
service tcp destination eq 61143
object network Admin-PC_172.16.10.110
host 172.16.10.110
object network Komarov-PC_172.16.10.200
host 172.16.10.200
object network Lemeshevsky-PC_172.16.10.163
host 172.16.10.163
object network Test-PC_172.16.10.130
host 172.16.10.130
object network CRT_172.31.21.123
host 172.31.21.123
object network CRT_172.31.45.33
host 172.31.45.33
object network DKV
host 89.106.184.89
object service Diebold_Nixdorf_11066
service tcp destination eq 11066
object service CRT_8001
service tcp destination eq 8001
object network Lukashevich-PC
host 192.168.1.179
object network CRT_185.79.245.152
host 185.79.245.152
object network CRT_10.67.1.1
host 10.67.1.1
object network Lemeshevsky-PC_172.16.10.136
host 172.16.10.163
object service CRT_8002
service tcp destination eq 8002
object-group protocol DM_INLINE_PROTOCOL_1
protocol-object ip
protocol-object icmp
protocol-object tcp
object-group service DM_INLINE_SERVICE_1
service-object ip
service-object udp
service-object object 445
service-object tcp
service-object object tcp139
service-object object udp135139
service-object tcp destination eq cifs
service-object tcp destination eq netbios-ssn
service-object udp destination eq netbios-dgm
service-object udp destination eq netbios-ns
service-object tcp-udp destination eq cifs
service-object udp destination eq cifs
service-object object FTP
service-object tcp destination eq ftp-data
object-group protocol DM_INLINE_PROTOCOL_2
protocol-object ip
protocol-object icmp
protocol-object udp
object-group protocol DM_INLINE_PROTOCOL_3
protocol-object ip
protocol-object icmp
protocol-object tcp
object-group protocol DM_INLINE_PROTOCOL_4
protocol-object ip
protocol-object icmp
protocol-object tcp
object-group network DM_INLINE_NETWORK_1
network-object object Velcom_Local_FTP
network-object object Velcom_Local_SMS
network-object object Velcom_Local_NewSMS
network-object object Velcom_Local_NewFTP
object-group network DM_INLINE_NETWORK_2
network-object object Velcom_Local_FTP
network-object object Velcom_Local_SMS
object-group protocol DM_INLINE_PROTOCOL_5
protocol-object ip
protocol-object icmp
protocol-object udp
protocol-object tcp
object-group protocol DM_INLINE_PROTOCOL_6
protocol-object ip
protocol-object icmp
protocol-object udp
protocol-object tcp
object-group network DM_INLINE_NETWORK_3
network-object object Diebold_Nixdorf_193.179.205.39
network-object object Diebold_Nixdorf_193.179.205.40
object-group protocol DM_INLINE_PROTOCOL_7
protocol-object ip
protocol-object icmp
protocol-object udp
protocol-object tcp
object-group network DM_INLINE_NETWORK_4
network-object object Diebold_Nixdorf_193.179.205.39
network-object object Diebold_Nixdorf_193.179.205.40
object-group network DM_INLINE_NETWORK_5
network-object object Life_local_1
network-object object Life_Local_SMS2
object-group protocol DM_INLINE_PROTOCOL_8
protocol-object ip
protocol-object icmp
protocol-object udp
protocol-object tcp
object-group network DM_INLINE_NETWORK_6
network-object object Life_Local_SMS2
network-object object Life_local_1
object-group service DM_INLINE_SERVICE_2
service-object object TCP8882
service-object object TCP8888
service-object object TCP8080
service-object object TCP8883
service-object tcp destination eq www
service-object object TCP8000
service-object object MyChat
service-object object TCP48161
service-object object TCP8501
service-object tcp destination eq https
service-object object 8889
service-object object 8890
service-object object TCP8899
service-object object TCP7070
service-object object TCP5050
service-object object 2638
service-object object TCP8088
service-object object MyChatWeb
service-object object TCP48163
service-object object TCP48164
service-object object TCP8885
service-object object TCP8887
service-object object TCP48169
service-object object TCP48170
service-object object MyChatUpdate
service-object object TCP8886
service-object object TCP48165
service-object object TCP48171
service-object object TCP48166
service-object object TCP48167
service-object object TCP48173
service-object object TCP48168
service-object object TCP9090
service-object object TCP9099
object-group network Center2314Lan
network-object object 2314_Velcom
network-object object Center2314
object-group network DM_INLINE_NETWORK_8
network-object object Center1010
network-object object Center2254_2
network-object object Center2314
network-object object Center3000
network-object object Center4010
network-object object Center5001
network-object object Center8100
network-object object Center2254
object-group network DM_INLINE_NETWORK_9
network-object object 81.25.34.6
network-object object Center1010
network-object object Center2314
network-object object Center3000
network-object object Center4010
network-object object Center5001
network-object object Center8100
network-object object Center2254_2
network-object object 213.184.248.180
network-object object Center2254_3
network-object object Center2254
network-object object BelGazPromBank
network-object object BGPB_93.125.122.129
network-object object Diebold_Nixdorf_193.179.205.39
network-object object Diebold_Nixdorf_193.179.205.40
network-object object equensWorldline_192.168.233.42
network-object object equensWorldline_192.168.233.43
network-object object equensWorldline_192.168.233.61
network-object object CRT_172.31.21.123
network-object object CRT_172.31.45.33
network-object object DKV
network-object object CRT_10.67.1.1
object-group service DM_INLINE_SERVICE_3
service-object object TCP8088
service-object tcp destination eq ftp
service-object object FTP21
service-object object FtpInTransport
service-object object 2638
service-object object TECS_FTP
service-object object BGPB_1414
service-object object BGPB_4500
service-object object Diebold_Nixdorf_1415
service-object object equensWorldline_60843
service-object object equensWorldline_61143
service-object object Diebold_Nixdorf_11066
service-object object CRT_8001
object-group network DM_INLINE_NETWORK_11
network-object object 212.98.173.85
network-object object NewServer
object-group network DM_INLINE_NETWORK_10
network-object object Center1010
network-object object Center2254_2
network-object object Center2314
network-object object Center3000
network-object object Center4010
network-object object Center5001
network-object object Center8100
network-object object Center2254
object-group network DM_INLINE_NETWORK_12
network-object object Center3000
network-object object Center4010
object-group network DM_INLINE_NETWORK_13
network-object object Center3000
network-object object Center4010
network-object object Center1010
network-object object Center2254_2
group-object Center2314Lan
network-object object Center2254_3
network-object object Center2254
object-group network A100
network-object object A100-1
network-object object A100-2
network-object object A100-3
network-object object A100-4
network-object object A100-5
network-object object A100-6
network-object object A100-7
network-object object A100-8
network-object object A100-9
object-group network DM_INLINE_NETWORK_14
network-object object UnitedCompany
network-object object UnitedCompany2
object-group network DM_INLINE_NETWORK_15
network-object object UnitedCompany
network-object object UnitedCompany2
network-object object UnitedCompany3
object-group network Center5001_
network-object object Center5001
network-object object Center5001_2
network-object object Center5001_3
object-group network DM_INLINE_NETWORK_16
network-object object Center7000
network-object object Center7000_2
network-object object Center7000_3
object-group network DM_INLINE_NETWORK_17
network-object object Center1010
network-object object Center2314
group-object Center2314Lan
network-object object Center3000
network-object object Center4010
network-object object Center7000
network-object object Center7000_2
network-object object Center8100
network-object object Center8100_2
network-object object Center2254
object-group network TATOIL-azs
network-object object TATOIL-azs14
object-group protocol DM_INLINE_PROTOCOL_9
protocol-object icmp
protocol-object ip
protocol-object udp
protocol-object tcp
object-group network Cernter6927
network-object object Center6927_1
network-object object Center6927_2
network-object object Center6927_3
network-object object Center6927_4
network-object object Center6927_5
network-object object Center6927_6
network-object object Center6927_7
network-object object Center6927_8
object-group service DM_INLINE_SERVICE_4
service-object ip
service-object icmp
service-object tcp destination eq ssh
object-group protocol DM_INLINE_PROTOCOL_10
protocol-object ip
protocol-object icmp
protocol-object udp
protocol-object tcp
object-group service RabbitMQ tcp
port-object eq 15672
port-object eq 5672
object-group service DM_INLINE_SERVICE_5
service-object ip
service-object icmp
service-object object TECS_FTP
object-group service DM_INLINE_SERVICE_7
service-object ip
service-object icmp
service-object udp
service-object tcp
service-object tcp destination eq www
service-object tcp destination eq https
object-group protocol DM_INLINE_PROTOCOL_11
protocol-object ip
protocol-object icmp
object-group protocol DM_INLINE_PROTOCOL_12
protocol-object ip
protocol-object icmp
protocol-object udp
protocol-object tcp
object-group protocol DM_INLINE_PROTOCOL_13
protocol-object ip
protocol-object icmp
protocol-object udp
protocol-object tcp
object-group network DM_INLINE_NETWORK_7
network-object object Admin-PC
network-object object Chupyrkin
network-object object NewServer
object-group protocol DM_INLINE_PROTOCOL_14
protocol-object ip
protocol-object icmp
object-group network DM_INLINE_NETWORK_19
network-object object BGPB_172.22.103.3
network-object object BGPB_172.22.103.4
object-group network DM_INLINE_NETWORK_18
network-object object BGPB_172.22.103.3
network-object object BGPB_172.22.103.4
object-group network DM_INLINE_NETWORK_20
network-object object Admin-PC_192.168.104.29
network-object object Backuper-PC_192.168.104.28
network-object object Manager-PC_192.168.104.27
object-group network DM_INLINE_NETWORK_21
network-object object BGPB_172.22.103.3
network-object object BGPB_172.22.103.4
object-group network DM_INLINE_NETWORK_22
network-object object BGPB_172.22.103.3
network-object object BGPB_172.22.103.4
object-group network DM_INLINE_NETWORK_23
network-object object Diebold_Nixdorf_193.179.205.39
network-object object Diebold_Nixdorf_193.179.205.40
object-group network DM_INLINE_NETWORK_24
network-object object Diebold_Nixdorf_193.179.205.39
network-object object Diebold_Nixdorf_193.179.205.40
object-group network DM_INLINE_NETWORK_25
network-object object equensWorldline_192.168.233.42
network-object object equensWorldline_192.168.233.43
network-object object equensWorldline_192.168.233.61
object-group network DM_INLINE_NETWORK_26
network-object object equensWorldline_192.168.233.42
network-object object equensWorldline_192.168.233.43
network-object object equensWorldline_192.168.233.61
object-group network DM_INLINE_NETWORK_27
network-object object equensWorldline_192.168.233.42
network-object object equensWorldline_192.168.233.43
network-object object equensWorldline_192.168.233.61
object-group network DM_INLINE_NETWORK_28
network-object object equensWorldline_192.168.233.42
network-object object equensWorldline_192.168.233.43
network-object object equensWorldline_192.168.233.61
object-group network DM_INLINE_NETWORK_29
network-object object Admin-PC_172.16.11.110
network-object object Komarov-PC_172.16.11.200
network-object object Lemeshevsky-PC_172.16.11.163
network-object object Test-PC_172.16.11.130
object-group network DM_INLINE_NETWORK_30
network-object object equensWorldline_192.168.233.42
network-object object equensWorldline_192.168.233.43
network-object object equensWorldline_192.168.233.61
object-group protocol DM_INLINE_PROTOCOL_15
protocol-object ip
protocol-object icmp
protocol-object tcp
object-group network DM_INLINE_NETWORK_31
network-object object Admin-PC_172.31.181.217
network-object object Komarov-PC_172.31.181.218
network-object object Lemeshevsky-PC_172.31.181.219
network-object object Test-PC_172.31.181.220
object-group network DM_INLINE_NETWORK_32
network-object object Diebold_Nixdorf_193.179.205.39
network-object object Diebold_Nixdorf_193.179.205.40
object-group network DM_INLINE_NETWORK_33
network-object object CRT_172.31.21.123
network-object object CRT_172.31.45.33
object-group service DM_INLINE_SERVICE_6
service-object ip
service-object icmp
service-object tcp
service-object object Diebold_Nixdorf_11066
object-group network DM_INLINE_NETWORK_34
network-object object CRT_172.31.21.123
network-object object CRT_172.31.45.33
object-group network DM_INLINE_NETWORK_35
network-object object CRT_172.31.21.123
network-object object CRT_172.31.45.33
object-group network DM_INLINE_NETWORK_36
network-object object CRT_172.31.21.123
network-object object CRT_172.31.45.33
object-group protocol DM_INLINE_PROTOCOL_30
protocol-object ip
protocol-object icmp
protocol-object tcp
object-group protocol DM_INLINE_PROTOCOL_25
protocol-object ip
protocol-object icmp
protocol-object udp
protocol-object tcp
object-group network DM_INLINE_NETWORK_39
network-object object Admin-PC_172.16.10.110
network-object object Komarov-PC_172.16.10.200
network-object object Lemeshevsky-PC_172.16.10.163
network-object object Test-PC_172.16.10.130
object-group network DM_INLINE_NETWORK_40
network-object object Admin-PC_172.16.10.110
network-object object Komarov-PC_172.16.10.200
network-object object Lemeshevsky-PC_172.16.10.163
network-object object Test-PC_172.16.10.130
object-group protocol DM_INLINE_PROTOCOL_16
protocol-object ip
protocol-object icmp
protocol-object tcp
object-group protocol DM_INLINE_PROTOCOL_17
protocol-object ip
protocol-object icmp
protocol-object tcp
object-group protocol DM_INLINE_PROTOCOL_18
protocol-object ip
protocol-object icmp
protocol-object tcp
protocol-object udp
object-group protocol DM_INLINE_PROTOCOL_19
protocol-object ip
protocol-object icmp
protocol-object tcp
object-group protocol DM_INLINE_PROTOCOL_20
protocol-object ip
protocol-object icmp
protocol-object tcp
object-group protocol DM_INLINE_PROTOCOL_21
protocol-object ip
protocol-object icmp
protocol-object tcp
object-group service DM_INLINE_SERVICE_9
service-object ip
service-object icmp
service-object tcp
service-object object equensWorldline_60843
object-group protocol DM_INLINE_PROTOCOL_22
protocol-object ip
protocol-object icmp
protocol-object tcp
object-group network DM_INLINE_NETWORK_37
network-object object Admin-PC_172.16.10.110
network-object object Komarov-PC_172.16.10.200
network-object object Lemeshevsky-PC_172.16.10.136
network-object object Test-PC_172.16.10.130
object-group protocol DM_INLINE_PROTOCOL_23
protocol-object ip
protocol-object icmp
protocol-object udp
protocol-object tcp
object-group protocol DM_INLINE_PROTOCOL_24
protocol-object ip
protocol-object icmp
protocol-object udp
protocol-object tcp
object-group protocol DM_INLINE_PROTOCOL_28
protocol-object ip
protocol-object icmp
protocol-object tcp
object-group protocol DM_INLINE_PROTOCOL_29
protocol-object ip
protocol-object icmp
protocol-object tcp
object-group protocol DM_INLINE_PROTOCOL_32
protocol-object ip
protocol-object icmp
protocol-object tcp
object-group protocol DM_INLINE_PROTOCOL_26
protocol-object ip
protocol-object icmp
protocol-object tcp
object-group protocol DM_INLINE_PROTOCOL_27
protocol-object ip
protocol-object icmp
protocol-object tcp
protocol-object udp
object-group protocol DM_INLINE_PROTOCOL_31
protocol-object ip
protocol-object icmp
protocol-object udp
protocol-object tcp
object-group protocol DM_INLINE_PROTOCOL_33
protocol-object ip
protocol-object icmp
protocol-object tcp
object-group protocol DM_INLINE_PROTOCOL_35
protocol-object ip
protocol-object icmp
protocol-object udp
protocol-object tcp
object-group protocol DM_INLINE_PROTOCOL_34
protocol-object ip
protocol-object icmp
access-list inside_access_out extended permit object-group DM_INLINE_PROTOCOL_2 any any
access-list vlan3_access_in extended permit object-group DM_INLINE_PROTOCOL_1 any any
access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_5 object-group DM_INLINE_NETWORK_2 192.168.186.0 255.255.255.0
access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_4 any any
access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_8 object-group DM_INLINE_NETWORK_5 object 192.168.186.0
access-list vlan3_access_out extended permit object-group DM_INLINE_PROTOCOL_3 any any
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_1 any object 192.168.186.100
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_2 any object NewServer
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_3 object-group DM_INLINE_NETWORK_9 object-group DM_INLINE_NETWORK_11
access-list outside_cryptomap extended permit object-group DM_INLINE_PROTOCOL_6 object 192.168.186.0 object-group DM_INLINE_NETWORK_1
access-list outside_cryptomap_1 extended permit object-group DM_INLINE_SERVICE_9 object-group DM_INLINE_NETWORK_29 object-group DM_INLINE_NETWORK_30
access-list global_access extended permit object-group DM_INLINE_PROTOCOL_9 any any
access-list outside_cryptomap_2 extended permit ip object 192.168.186.0 object TATOIL-azs14
access-list outside_cryptomap_3 extended permit ip object NewServer object MTS_local
access-list AnyConnect_Client_Local_Print extended permit ip any4 any4
access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq lpd
access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol
access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 631
access-list AnyConnect_Client_Local_Print remark Windows' printing port
access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 9100
access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol
access-list AnyConnect_Client_Local_Print extended permit udp any4 host 224.0.0.251 eq 5353
access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name Resolution protocol
access-list AnyConnect_Client_Local_Print extended permit udp any4 host 224.0.0.252 eq 5355
access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol
access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 137
access-list AnyConnect_Client_Local_Print extended permit udp any4 any4 eq netbios-ns
access-list outside_cryptomap_4 extended permit object-group DM_INLINE_SERVICE_4 object 192.168.186.0 object Kapsch_FTP
access-list outside_cryptomap_5 extended permit object-group DM_INLINE_SERVICE_5 object 192.168.186.0 object TECS
access-list outside_cryptomap_6 extended permit object-group DM_INLINE_PROTOCOL_13 object-group DM_INLINE_NETWORK_7 object BelOil
access-list outside_cryptomap_7 extended permit object-group DM_INLINE_PROTOCOL_14 object-group DM_INLINE_NETWORK_20 object-group DM_INLINE_NETWORK_19
access-list outside_cryptomap_8 extended permit object-group DM_INLINE_PROTOCOL_22 object-group DM_INLINE_NETWORK_31 object-group DM_INLINE_NETWORK_32
access-list outside_cryptomap_9 extended permit object-group DM_INLINE_PROTOCOL_34 object-group DM_INLINE_NETWORK_37 object CRT_10.67.1.1
access-list outside_cryptomap_12 extended permit object-group DM_INLINE_PROTOCOL_26 object-group DM_INLINE_NETWORK_39 object CRT_172.31.21.123
access-list outside_cryptomap_13 extended permit object-group DM_INLINE_PROTOCOL_27 object-group DM_INLINE_NETWORK_40 object CRT_172.31.45.33
pager lines 24
logging enable
logging asdm informational
no logging message 106015
no logging message 313001
no logging message 313008
no logging message 106023
no logging message 710003
no logging message 106100
no logging message 302015
no logging message 302014
no logging message 302013
no logging message 302018
no logging message 302017
no logging message 302016
no logging message 302021
no logging message 302020
flow-export destination insideLocal 192.168.1.109 9996
flow-export template timeout-rate 1
flow-export active refresh-interval 60
mtu inside 1500
mtu outside 1500
mtu vlan3 1500
mtu insideLocal 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-731-101.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (insideLocal,outside) source static Admin-PC Admin-PC_192.168.104.29 destination static DM_INLINE_NETWORK_18 DM_INLINE_NETWORK_18 no-proxy-arp
nat (insideLocal,outside) source static Backuper-PC Backuper-PC_192.168.104.28 destination static DM_INLINE_NETWORK_21 DM_INLINE_NETWORK_21 no-proxy-arp
nat (insideLocal,outside) source static Manager-PC Manager-PC_192.168.104.27 destination static DM_INLINE_NETWORK_22 DM_INLINE_NETWORK_22 no-proxy-arp
nat (insideLocal,outside) source static Lukashevich-PC Admin-PC_172.16.11.110 destination static DM_INLINE_NETWORK_25 DM_INLINE_NETWORK_25 no-proxy-arp
nat (insideLocal,outside) source static Lemeshevsky-PC Lemeshevsky-PC_172.16.11.163 destination static DM_INLINE_NETWORK_26 DM_INLINE_NETWORK_26 no-proxy-arp
nat (insideLocal,outside) source static Komarov-PC Komarov-PC_172.16.11.200 destination static DM_INLINE_NETWORK_27 DM_INLINE_NETWORK_27 no-proxy-arp
nat (insideLocal,outside) source static Test-PC Test-PC_172.16.11.130 destination static DM_INLINE_NETWORK_28 DM_INLINE_NETWORK_28 no-proxy-arp
nat (insideLocal,outside) source static Lukashevich-PC Admin-PC_172.31.181.217 destination static DM_INLINE_NETWORK_4 DM_INLINE_NETWORK_4 no-proxy-arp
nat (insideLocal,outside) source static Lemeshevsky-PC Lemeshevsky-PC_172.31.181.219 destination static DM_INLINE_NETWORK_23 DM_INLINE_NETWORK_23 no-proxy-arp
nat (insideLocal,outside) source static Komarov-PC Komarov-PC_172.31.181.218 destination static DM_INLINE_NETWORK_3 DM_INLINE_NETWORK_3 no-proxy-arp
nat (insideLocal,outside) source static Test-PC Test-PC_172.31.181.220 destination static DM_INLINE_NETWORK_24 DM_INLINE_NETWORK_24 no-proxy-arp
nat (insideLocal,outside) source static Admin-PC Admin-PC_172.16.10.110 destination static DM_INLINE_NETWORK_33 DM_INLINE_NETWORK_33 no-proxy-arp
nat (insideLocal,outside) source static Lemeshevsky-PC Lemeshevsky-PC_172.16.10.136 destination static DM_INLINE_NETWORK_34 DM_INLINE_NETWORK_34 no-proxy-arp
nat (insideLocal,outside) source static Komarov-PC Komarov-PC_172.16.10.200 destination static DM_INLINE_NETWORK_35 DM_INLINE_NETWORK_35 no-proxy-arp
nat (insideLocal,outside) source static Test-PC Test-PC_172.16.10.130 destination static DM_INLINE_NETWORK_36 DM_INLINE_NETWORK_36 no-proxy-arp
nat (outside,inside) source static any interface destination static interface 192.168.186.100 service tcp139 tcp139
nat (outside,inside) source static any interface destination static interface 192.168.186.100 service 445 445
nat (outside,inside) source static any interface destination static interface 192.168.186.100 service udp135139 udp135139
nat (outside,inside) source static any interface destination static interface 192.168.186.121 service NAS-D4_9099-to-9090 TCP9090
nat (outside,inside) source static any interface destination static interface 192.168.186.121 service NAS-D4_44444-to-8080 TCP8080
nat (outside,inside) source static any interface destination static interface 192.168.186.100 service 7777 http
nat (inside,outside) source static NETWORK_OBJ_192.168.186.0_24 NETWORK_OBJ_192.168.186.0_24 destination static DM_INLINE_NETWORK_1 DM_INLINE_NETWORK_1 no-proxy-arp route-lookup
nat (inside,outside) source static Local_for_MTS Local_for_MTS destination static MTS_local MTS_local no-proxy-arp route-lookup
nat (inside,outside) source static 192.168.186.0 192.168.186.0 destination static DM_INLINE_NETWORK_1 DM_INLINE_NETWORK_1 no-proxy-arp route-lookup
nat (inside,outside) source static 192.168.186.0 interface destination static DM_INLINE_NETWORK_6 DM_INLINE_NETWORK_6 unidirectional
nat (outside,inside) source static any any destination static interface NewServer service TCP8899 TCP8899
nat (outside,inside) source static any any destination static interface NewServer service TCP8888 TCP8888
nat (outside,inside) source static any any destination static interface NewServer service TCP8000 TCP8000
nat (outside,inside) source static any any destination static interface NewServer service TCP8080 TCP8080
nat (outside,inside) source static any any destination static interface NewServer service TCP7070 TCP7070
nat (outside,inside) source static any any destination static interface NewServer service TCP8501 TCP8501
nat (outside,inside) source static any any destination static interface NewServer service TCP8883 TCP8883
nat (outside,inside) source static any any destination static interface NewServer service http http
nat (outside,inside) source static any any destination static interface NewServer service MyChatWeb MyChatWeb
nat (outside,inside) source static any any destination static interface NewServer service MyChatUpdate MyChatUpdate
nat (outside,inside) source static any any destination static interface NewServer service MyChat MyChat
nat (outside,inside) source static BelAvto178.124.157.150 BelAvto178.124.157.150 destination static interface NewServer service TCP48161 TCP48161
nat (outside,inside) source static DM_INLINE_NETWORK_10 DM_INLINE_NETWORK_10 destination static interface NewServer service FtpInTransport FtpInTransport
nat (outside,inside) source static DM_INLINE_NETWORK_8 DM_INLINE_NETWORK_8 destination static interface NewServer service FTP21 FTP21
nat (outside,inside) source static 213.184.248.180 213.184.248.180 destination static interface NewServer service FtpInTransport FtpInTransport
nat (outside,inside) source static 213.184.248.180 213.184.248.180 destination static interface NewServer service FTP21 FTP21
nat (outside,inside) source static any any destination static interface NewServer service https https
nat (outside,inside) source static any any destination static interface NewServer service TCP5050 TCP5050
nat (outside,inside) source static any any destination static interface NewServer service 8889 8889
nat (outside,inside) source static any any destination static interface NewServer service 8890 8890
nat (outside,inside) source static DM_INLINE_NETWORK_13 DM_INLINE_NETWORK_13 destination static interface NewServer service 2638 2638
nat (outside,inside) source static any any destination static interface NewServer service TCP8088 TCP8088
nat (outside,inside) source static A100 A100 destination static interface NewServer service TCP48164 TCP48164
nat (outside,inside) source static DM_INLINE_NETWORK_15 DM_INLINE_NETWORK_15 destination static interface NewServer service TCP48163 TCP48163
nat (outside,inside) source static any any destination static interface NewServer service TCP8886 TCP8886 description TerminalOnline1
nat (outside,inside) source static any any destination static interface NewServer service TCP8885 TCP8885 description TerminalOnline1
nat (outside,inside) source static any any destination static interface NewServer service TCP8887 TCP8887 description TerminalOnline2
nat (outside,inside) source static any any destination static interface NewServer service TCP8882 TCP8882 description TerminalOnline3
nat (outside,inside) source static Center1010 Center1010 destination static interface NewServer service TCP48170 TCP48170
nat (outside,inside) source static Center2247 Center2247 destination static interface NewServer service TCP48170 TCP48170
nat (outside,inside) source static Center2250 Center2250 destination static interface NewServer service TCP48170 TCP48170
nat (outside,inside) source static Center6950 Center6950 destination static interface NewServer service TCP48167 TCP48167
nat (outside,inside) source static Center4020 Center4020 destination static interface NewServer service TCP48170 TCP48170
nat (outside,inside) source static Center8100_Tmp Center8100_Tmp destination static interface NewServer service TCP48170 TCP48170
nat (outside,inside) source static Center8100_3g Center8100_3g destination static interface NewServer service TCP48170 TCP48170
nat (outside,inside) source static Center8100_2 Center8100_2 destination static interface NewServer service TCP48170 TCP48170
nat (outside,inside) source static DM_INLINE_NETWORK_16 DM_INLINE_NETWORK_16 destination static interface NewServer service TCP48170 TCP48170
nat (outside,inside) source static Center1015 Center1015 destination static interface NewServer service TCP48170 TCP48170
nat (outside,inside) source static Center2248 Center2248 destination static interface NewServer service TCP48170 TCP48170
nat (outside,inside) source static Center6916_3 Center6916_3 destination static interface NewServer service TCP48171 TCP48171
nat (outside,inside) source static Center6916_2 Center6916_2 destination static interface NewServer service TCP48171 TCP48171
nat (outside,inside) source static Cernter6927 Cernter6927 destination static interface NewServer service TCP48173 TCP48173
nat (outside,inside) source static Center6916 Center6916 destination static interface NewServer service TCP48171 TCP48171
nat (outside,inside) source static Center6930_2 Center6930_2 destination static interface NewServer service TCP48166 TCP48166
nat (outside,inside) source static Center6930 Center6930 destination static interface NewServer service TCP48166 TCP48166
nat (outside,inside) source static Center6940 Center6940 destination static interface NewServer service TCP48165 TCP48165
nat (outside,inside) source static Center6928 Center6928 destination static interface NewServer service TCP48168 TCP48168
nat (outside,inside) source static Center5001_ Center5001_ destination static interface NewServer service TCP48169 TCP48169
nat (inside,outside) source static 192.168.186.0 192.168.186.0 destination static TATOIL-azs TATOIL-azs no-proxy-arp route-lookup
nat (inside,outside) source static 192.168.186.0 192.168.186.0 destination static TATOIL-azs14 TATOIL-azs14 no-proxy-arp route-lookup
nat (outside,insideLocal) source static any any destination static interface NAS4560 service FTP FTP
nat (inside,outside) source static NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_192.168.1.0_24 destination static NETWORK_OBJ_192.168.5.0_27 NETWORK_OBJ_192.168.5.0_27 no-proxy-arp route-lookup
nat (outside,outside) source static any any destination static NETWORK_OBJ_192.168.99.0_24 NETWORK_OBJ_192.168.99.0_24 no-proxy-arp route-lookup
nat (inside,outside) source static any any destination static NETWORK_OBJ_192.168.99.0_24 NETWORK_OBJ_192.168.99.0_24 no-proxy-arp route-lookup
nat (insideLocal,outside) source static any any destination static NETWORK_OBJ_192.168.192.128_25 NETWORK_OBJ_192.168.192.128_25 no-proxy-arp route-lookup
nat (outside,outside) source static any any destination static NETWORK_OBJ_192.168.192.128_25 NETWORK_OBJ_192.168.192.128_25 no-proxy-arp route-lookup
nat (inside,outside) source static any any destination static NETWORK_OBJ_192.168.192.128_25 NETWORK_OBJ_192.168.192.128_25 no-proxy-arp route-lookup
nat (inside,outside) source static any any destination static NETWORK_OBJ_192.168.186.192_26 NETWORK_OBJ_192.168.186.192_26 no-proxy-arp route-lookup
nat (inside,outside) source static NETWORK_OBJ_192.168.186.0_24 NETWORK_OBJ_192.168.186.0_24 destination static Kapsch_FTP Kapsch_FTP no-proxy-arp route-lookup
nat (inside,outside) source static NETWORK_OBJ_192.168.186.77 NETWORK_OBJ_192.168.186.77 destination static Kapsch_FTP Kapsch_FTP no-proxy-arp route-lookup
nat (inside,outside) source static 192.168.186.0 192.168.186.0 destination static NETWORK_OBJ_10.128.30.53 NETWORK_OBJ_10.128.30.53 no-proxy-arp route-lookup
nat (inside,outside) source static 192.168.186.0 192.168.186.0 destination static Kapsch_FTP Kapsch_FTP no-proxy-arp route-lookup
nat (inside,outside) source static NewServer NewServer destination static MTS_local MTS_local no-proxy-arp route-lookup
nat (inside,outside) source static 192.168.186.0 192.168.186.0 destination static TECS TECS no-proxy-arp route-lookup
nat (inside,outside) source static NETWORK_OBJ_192.168.186.77 NETWORK_OBJ_192.168.186.77 destination static TECS TECS no-proxy-arp
nat (inside,outside) source static 192.168.186.0 192.168.186.0 destination static BelOil BelOil no-proxy-arp route-lookup
nat (inside,outside) source static NewServer NewServer destination static BelOil BelOil no-proxy-arp route-lookup
nat (inside,outside) source static DM_INLINE_NETWORK_7 DM_INLINE_NETWORK_7 destination static BelOil BelOil no-proxy-arp route-lookup
nat (insideLocal,outside) source static Admin-PC Admin-PC_172.16.10.110 destination static CRT_10.67.1.1 CRT_10.67.1.1 no-proxy-arp
nat (insideLocal,outside) source static Komarov-PC Komarov-PC_172.16.10.200 destination static CRT_10.67.1.1 CRT_10.67.1.1 no-proxy-arp
nat (insideLocal,outside) source static Lemeshevsky-PC Lemeshevsky-PC_172.16.10.136 destination static CRT_10.67.1.1 CRT_10.67.1.1 no-proxy-arp
nat (insideLocal,outside) source static Test-PC Test-PC_172.16.10.130 destination static CRT_10.67.1.1 CRT_10.67.1.1 no-proxy-arp
!
nat (insideLocal,outside) after-auto source dynamic NAS4560 interface
nat (inside,outside) after-auto source dynamic any interface
access-group inside_access_in in interface inside
access-group inside_access_out out interface inside
access-group outside_access_in in interface outside
access-group vlan3_access_in in interface vlan3
access-group vlan3_access_out out interface vlan3
access-group global_access global
route outside 0.0.0.0 0.0.0.0 212.98.173.1 1
route vlan3 0.0.0.0 0.0.0.0 192.168.187.1 11
route outside 10.67.1.1 255.255.255.255 185.79.245.152 1
route outside 172.22.103.3 255.255.255.255 93.125.122.129 1
route outside 172.22.103.4 255.255.255.255 93.125.122.129 1
route outside 172.31.21.123 255.255.255.255 52.28.178.40 1
route outside 172.31.45.33 255.255.255.255 18.185.22.43 1
route inside 192.168.0.0 255.255.128.0 192.168.186.77 1
route outside 192.168.233.42 255.255.255.255 89.106.184.89 1
route outside 192.168.233.43 255.255.255.255 89.106.184.89 1
route outside 192.168.233.61 255.255.255.255 89.106.184.89 1
route outside 193.179.205.39 255.255.255.255 193.179.205.34 1
route outside 193.179.205.40 255.255.255.255 192.179.205.34 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
http server enable 44443
http 192.168.1.0 255.255.255.0 inside
http 192.168.186.0 255.255.255.0 inside
http 178.163.161.250 255.255.255.255 outside
http 178.163.161.250 255.255.255.255 vlan3
no snmp-server location
no snmp-server contact
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transport
crypto ipsec ikev2 ipsec-proposal AES256-SHA1
protocol esp encryption aes-256
protocol esp integrity sha-1
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-192-SHA ESP-AES-256-SHA ESP-3DES-SHA ESP-DES-SHA ESP-AES-128-SHA-TRANS ESP-AES-192-SHA-TRANS ESP-AES-256-SHA-TRANS ESP-3DES-SHA-TRANS ESP-DES-SHA-TRANS
crypto map outside_map2 1 match address outside_cryptomap
crypto map outside_map2 1 set pfs
crypto map outside_map2 1 set peer 178.163.163.138
crypto map outside_map2 1 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map2 1 set ikev2 pre-shared-key *****
crypto map outside_map2 2 match address outside_cryptomap_1
crypto map outside_map2 2 set pfs group5
crypto map outside_map2 2 set peer 89.106.184.89
crypto map outside_map2 2 set ikev1 transform-set ESP-AES-256-SHA
crypto map outside_map2 3 match address outside_cryptomap_2
crypto map outside_map2 3 set peer 46.56.152.247
crypto map outside_map2 3 set ikev2 ipsec-proposal DES 3DES AES AES192 AES256
crypto map outside_map2 4 match address outside_cryptomap_3
crypto map outside_map2 4 set peer 217.21.61.251
crypto map outside_map2 4 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map2 5 match address outside_cryptomap_4
crypto map outside_map2 5 set pfs group14
crypto map outside_map2 5 set peer 128.140.240.4
crypto map outside_map2 5 set ikev2 ipsec-proposal AES256-SHA1
crypto map outside_map2 5 set ikev2 pre-shared-key *****
crypto map outside_map2 5 set security-association lifetime seconds 3600
crypto map outside_map2 6 match address outside_cryptomap_5
crypto map outside_map2 6 set pfs group14
crypto map outside_map2 6 set peer 185.24.100.2
crypto map outside_map2 6 set ikev2 ipsec-proposal AES256-SHA1 DES 3DES AES AES192 AES256
crypto map outside_map2 7 match address outside_cryptomap_6
crypto map outside_map2 7 set pfs group5
crypto map outside_map2 7 set peer 91.90.222.252
crypto map outside_map2 7 set ikev1 transform-set ESP-AES-256-SHA
crypto map outside_map2 8 match address outside_cryptomap_7
crypto map outside_map2 8 set pfs group5
crypto map outside_map2 8 set peer 93.125.122.129
crypto map outside_map2 8 set ikev1 transform-set ESP-AES-256-SHA
crypto map outside_map2 9 match address outside_cryptomap_8
crypto map outside_map2 9 set pfs group5
crypto map outside_map2 9 set peer 193.179.205.34
crypto map outside_map2 9 set ikev1 transform-set ESP-AES-256-SHA
crypto map outside_map2 9 set security-association lifetime seconds 3600
crypto map outside_map2 10 match address outside_cryptomap_9
crypto map outside_map2 10 set pfs group5
crypto map outside_map2 10 set peer 185.79.245.152
crypto map outside_map2 10 set ikev1 transform-set ESP-AES-256-SHA
crypto map outside_map2 13 match address outside_cryptomap_12
crypto map outside_map2 13 set pfs group5
crypto map outside_map2 13 set peer 52.28.178.40
crypto map outside_map2 13 set ikev1 transform-set ESP-AES-256-SHA
crypto map outside_map2 14 match address outside_cryptomap_13
crypto map outside_map2 14 set pfs group5
crypto map outside_map2 14 set peer 18.185.22.43
crypto map outside_map2 14 set ikev1 transform-set ESP-AES-256-SHA
crypto map outside_map2 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map2 interface outside
crypto map insideLocal_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map insideLocal_map interface insideLocal
crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map inside_map interface inside
crypto ca trustpoint ASDM_Launcher_Access_TrustPoint_0
enrollment self
subject-name CN=192.168.1.77,CN=brlasa2
crl configure
crypto ca trustpoint ASDM_Launcher_Access_TrustPoint_1
enrollment self
subject-name CN=192.168.1.77,CN=brlasa2
crl configure
crypto ca trustpool policy
crypto ca server
shutdown
lifetime ca-certificate 2190
lifetime certificate 730
crypto ca certificate chain ASDM_Launcher_Access_TrustPoint_0
certificate 69a8b454
308201f9 30820162 a0030201 02020469 a8b45430 0d06092a 864886f7 0d010105
05003041 3110300e 06035504 03130762 726c6173 61323115 30130603 55040313
0c313932 2e313638 2e312e37 37311630 1406092a 864886f7 0d010902 16076272
6c617361 32301e17 0d313530 31313630 37303631 385a170d 32353031 31333037
30363138 5a304131 10300e06 03550403 13076272 6c617361 32311530 13060355
0403130c 3139322e 3136382e 312e3737 31163014 06092a86 4886f70d 01090216
0762726c 61736132 30819f30 0d06092a 864886f7 0d010101 05000381 8d003081
89028181 00b48c0a 25587ad4 1121b483 2f6b2771 c7502cab 01afd275 21993251
76c6ca00 e690edba f63455fb 91608d9d f94db6fd 920400cc a3fe872a 9dd88633
f7b9c71f db5b5193 99c9387f bf4f3873 af9b038a d46e5c86 5f27e390 e186c1e2
9ed846fc 4f3d2431 78c77249 d8add6d8 21ef258b 8f00f979 ac6c8e59 9337ce42
a6056676 a9020301 0001300d 06092a86 4886f70d 01010505 00038181 001849dd
71593899 6428ccc5 c0968095 bdb665d9 1561487a 9a36b1bf b488e332 4b526505
e164dc85 66aa5923 3641eacb 02b31ee6 3e38f8d5 fac64da0 813ad2d5 7c07141d
02edcd79 d0daa883 c65795b5 95fd808c 34b31058 5eb9c528 396ad8e2 ed933ebe
8487e250 fdfe4092 b0e729f4 7a2256e2 bd825be0 388877ae 1ac73964 0a
quit
crypto ca certificate chain ASDM_Launcher_Access_TrustPoint_1
certificate 6aa8b454
308201f9 30820162 a0030201 0202046a a8b45430 0d06092a 864886f7 0d010105
05003041 3110300e 06035504 03130762 726c6173 61323115 30130603 55040313
0c313932 2e313638 2e312e37 37311630 1406092a 864886f7 0d010902 16076272
6c617361 32301e17 0d313530 31313930 30343833 385a170d 32353031 31363030
34383338 5a304131 10300e06 03550403 13076272 6c617361 32311530 13060355
0403130c 3139322e 3136382e 312e3737 31163014 06092a86 4886f70d 01090216
0762726c 61736132 30819f30 0d06092a 864886f7 0d010101 05000381 8d003081
89028181 00b48c0a 25587ad4 1121b483 2f6b2771 c7502cab 01afd275 21993251
76c6ca00 e690edba f63455fb 91608d9d f94db6fd 920400cc a3fe872a 9dd88633
f7b9c71f db5b5193 99c9387f bf4f3873 af9b038a d46e5c86 5f27e390 e186c1e2
9ed846fc 4f3d2431 78c77249 d8add6d8 21ef258b 8f00f979 ac6c8e59 9337ce42
a6056676 a9020301 0001300d 06092a86 4886f70d 01010505 00038181 00689a0b
c48b6596 5503c0aa 55c406f3 c422c744 c7ef4a9e 475d9515 ef1ea719 35a298c6
8840416a 27a4e919 13289356 c727f699 d55914ac a9001c2d fc62ea1f 7cd3ee48
7180b2fb b5deb2f4 080fe5ed 3f98c793 3398bff2 66529a02 472fdc76 cdb5ab69
a2195f00 5cffce5b a226b859 2c870efd ea5c38e2 f045beb8 6683b9a5 28
quit
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5
prf sha
lifetime seconds 28800
crypto ikev2 policy 10
encryption aes-256
integrity sha256
group 14
prf sha256
lifetime seconds 86400
crypto ikev2 enable inside
crypto ikev2 enable outside
crypto ikev2 enable insideLocal
crypto ikev1 enable inside
crypto ikev1 enable outside
crypto ikev1 enable vlan3
crypto ikev1 enable insideLocal
crypto ikev1 policy 2
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 3
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 4
authentication pre-share
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 5
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 6
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 7
authentication pre-share
encryption aes-256
hash sha
group 5
lifetime 86400
telnet 178.163.161.250 255.255.255.255 outside
telnet timeout 5
ssh stricthostkeycheck
ssh 178.163.161.250 255.255.255.255 outside
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
vpn-sessiondb max-other-vpn-limit 25
vpn-sessiondb max-anyconnect-premium-or-essentials-limit 25
l2tp tunnel hello 120

dhcpd auto_config outside
!
threat-detection basic-threat
threat-detection statistics host
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 213.138.110.176
ssl trust-point ASDM_Launcher_Access_TrustPoint_1
webvpn
application-type citrix-receiver default tunnel-group DefaultRAGroup
group-policy DefaultRAGroup internal
group-policy DefaultRAGroup attributes
wins-server none
dns-server none
vpn-tunnel-protocol ikev1 l2tp-ipsec
default-domain none
group-policy DfltGrpPolicy attributes
vpn-tunnel-protocol ssl-clientless
group-policy GroupPolicy_93.125.122.129 internal
group-policy GroupPolicy_93.125.122.129 attributes
vpn-tunnel-protocol ikev1
group-policy GroupPolicy_89.106.184.89 internal
group-policy GroupPolicy_89.106.184.89 attributes
vpn-tunnel-protocol ikev1
group-policy GroupPolicy_46.56.152.247 internal
group-policy GroupPolicy_46.56.152.247 attributes
vpn-tunnel-protocol ikev2
group-policy GroupPolicy_128.140.240.4 internal
group-policy GroupPolicy_128.140.240.4 attributes
vpn-tunnel-protocol ikev2
group-policy GroupPolicy_193.179.205.34 internal
group-policy GroupPolicy_193.179.205.34 attributes
vpn-tunnel-protocol ikev1
group-policy GroupPolicy_18.185.22.43 internal
group-policy GroupPolicy_18.185.22.43 attributes
vpn-tunnel-protocol ikev1
group-policy GroupPolicy_185.24.100.2 internal
group-policy GroupPolicy_185.24.100.2 attributes
vpn-tunnel-protocol ikev2
group-policy GroupPolicy_91.90.222.252 internal
group-policy GroupPolicy_91.90.222.252 attributes
vpn-tunnel-protocol ikev1
group-policy GroupPolicy_185.79.245.152 internal
group-policy GroupPolicy_185.79.245.152 attributes
vpn-tunnel-protocol ikev1
ip-comp disable
pfs enable
webvpn
anyconnect ssl compression none
anyconnect dtls compression none
group-policy GroupPolicy1 internal
group-policy GroupPolicy1 attributes
vpn-tunnel-protocol ikev1
split-tunnel-all-dns disable
group-policy GroupPolicy_217.21.61.251 internal
group-policy GroupPolicy_217.21.61.251 attributes
vpn-tunnel-protocol ikev1
group-policy GroupPolicy_52.28.178.40 internal
group-policy GroupPolicy_52.28.178.40 attributes
vpn-tunnel-protocol ikev1
username evgen password *****== nt-encrypted
username evgen attributes
vpn-group-policy DefaultRAGroup
vpn-framed-ip-address 192.168.1.221 255.255.255.0
username danila password *****== nt-encrypted
username danila attributes
vpn-group-policy DefaultRAGroup
vpn-framed-ip-address 192.168.1.212 255.255.255.0
username buhelena password *****== nt-encrypted
username buhelena attributes
vpn-group-policy DefaultRAGroup
vpn-framed-ip-address 192.168.1.222 255.255.255.0
username murzak password *****== nt-encrypted
username murzak attributes
vpn-group-policy DefaultRAGroup
vpn-framed-ip-address 192.168.1.224 255.255.255.0
username gomozov password *****== nt-encrypted
username gomozov attributes
vpn-group-policy DefaultRAGroup
vpn-framed-ip-address 192.168.1.220 255.255.255.0
username elena password *****== nt-encrypted
username elena attributes
vpn-group-policy DefaultRAGroup
vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec
vpn-framed-ip-address 192.168.1.217 255.255.255.0
username ludmila password *****== nt-encrypted
username ludmila attributes
vpn-group-policy DefaultRAGroup
vpn-framed-ip-address 192.168.1.218 255.255.255.0
username vladtest password *****== nt-encrypted
username vladtest attributes
vpn-group-policy DefaultRAGroup
vpn-framed-ip-address 192.168.1.223 255.255.255.0
username vlad password *****== nt-encrypted
username vlad attributes
vpn-group-policy DefaultRAGroup
vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec
vpn-framed-ip-address 192.168.1.216 255.255.255.0
username chief password *****== nt-encrypted
username chief attributes
vpn-group-policy DefaultRAGroup
vpn-framed-ip-address 192.168.1.213 255.255.255.0
username director password *****== nt-encrypted
username director attributes
vpn-group-policy DefaultRAGroup
vpn-framed-ip-address 192.168.1.214 255.255.255.0
username dimach password *****== nt-encrypted
username dimach attributes
vpn-group-policy DefaultRAGroup
vpn-framed-ip-address 192.168.1.211 255.255.255.0
username alexey password *****== nt-encrypted privilege 15
username alexey attributes
vpn-group-policy DefaultRAGroup
vpn-framed-ip-address 192.168.1.210 255.255.255.0
username igorm password *****== nt-encrypted
username igorm attributes
vpn-group-policy DefaultRAGroup
vpn-framed-ip-address 192.168.1.219 255.255.255.0
username vinogradov password *****== nt-encrypted
username vinogradov attributes
vpn-group-policy DefaultRAGroup
vpn-framed-ip-address 192.168.1.225 255.255.255.0
username vika password *****== nt-encrypted
username vika attributes
vpn-group-policy DefaultRAGroup
vpn-framed-ip-address 192.168.1.226 255.255.255.0
username ivan password *****== nt-encrypted
username ivan attributes
vpn-group-policy DefaultRAGroup
vpn-framed-ip-address 192.168.1.215 255.255.255.0
tunnel-group DefaultRAGroup general-attributes
address-pool l2tp_pool
default-group-policy DefaultRAGroup
tunnel-group DefaultRAGroup ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group DefaultRAGroup ppp-attributes
no authentication chap
no authentication ms-chap-v1
authentication ms-chap-v2
tunnel-group DefaultWEBVPNGroup ppp-attributes
no authentication chap
no authentication ms-chap-v1
tunnel-group 178.163.163.138 type ipsec-l2l
tunnel-group 178.163.163.138 general-attributes
default-group-policy GroupPolicy1
tunnel-group 178.163.163.138 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 89.106.184.89 type ipsec-l2l
tunnel-group 89.106.184.89 general-attributes
default-group-policy GroupPolicy_89.106.184.89
tunnel-group 89.106.184.89 ipsec-attributes
ikev1 pre-shared-key *****
isakmp keepalive threshold 30 retry 5
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
tunnel-group 46.56.152.247 type ipsec-l2l
tunnel-group 46.56.152.247 general-attributes
default-group-policy GroupPolicy_46.56.152.247
tunnel-group 46.56.152.247 ipsec-attributes
ikev1 pre-shared-key *****
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
tunnel-group 217.21.61.251 type ipsec-l2l
tunnel-group 217.21.61.251 general-attributes
default-group-policy GroupPolicy_217.21.61.251
tunnel-group 217.21.61.251 ipsec-attributes
ikev1 pre-shared-key *****
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
tunnel-group 128.140.240.4 type ipsec-l2l
tunnel-group 128.140.240.4 general-attributes
default-group-policy GroupPolicy_128.140.240.4
tunnel-group 128.140.240.4 ipsec-attributes
ikev1 pre-shared-key *****
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
tunnel-group 185.24.100.2 type ipsec-l2l
tunnel-group 185.24.100.2 general-attributes
default-group-policy GroupPolicy_185.24.100.2
tunnel-group 185.24.100.2 ipsec-attributes
ikev1 pre-shared-key *****
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
tunnel-group 91.90.222.252 type ipsec-l2l
tunnel-group 91.90.222.252 general-attributes
default-group-policy GroupPolicy_91.90.222.252
tunnel-group 91.90.222.252 ipsec-attributes
ikev1 pre-shared-key *****
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
tunnel-group 93.125.122.129 type ipsec-l2l
tunnel-group 93.125.122.129 general-attributes
default-group-policy GroupPolicy_93.125.122.129
tunnel-group 93.125.122.129 ipsec-attributes
ikev1 pre-shared-key *****
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
tunnel-group 193.179.205.34 type ipsec-l2l
tunnel-group 193.179.205.34 general-attributes
default-group-policy GroupPolicy_193.179.205.34
tunnel-group 193.179.205.34 ipsec-attributes
ikev1 pre-shared-key *****
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
tunnel-group 185.79.245.152 type ipsec-l2l
tunnel-group 185.79.245.152 general-attributes
default-group-policy GroupPolicy_185.79.245.152
tunnel-group 185.79.245.152 ipsec-attributes
ikev1 pre-shared-key *****
isakmp keepalive threshold 30 retry 5
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
tunnel-group 52.28.178.40 type ipsec-l2l
tunnel-group 52.28.178.40 general-attributes
default-group-policy GroupPolicy_52.28.178.40
tunnel-group 52.28.178.40 ipsec-attributes
ikev1 pre-shared-key *****
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
tunnel-group 18.185.22.43 type ipsec-l2l
tunnel-group 18.185.22.43 general-attributes
default-group-policy GroupPolicy_18.185.22.43
tunnel-group 18.185.22.43 ipsec-attributes
ikev1 pre-shared-key *****
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
!
class-map global-class
description flow_export_class
match any
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
description flow_export_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
inspect pptp
class global-class
flow-export event-type all destination 192.168.1.109
class class-default
user-statistics accounting
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:5d51becaa2a0c04aaeb0750bc2040f45
: end

Спасибо за любую подсказку!

 

UPD: Может упростив проблему мне кто сможет быстрее ответить?

 

VPN Site-to-Site
(172.16.10.110/32) 212.98.173.85 ===== 185.79.245.152 (10.67.1.1/32)
Pre-shared Key, IPsec IKEv1, Port (8001) и т.д.
Маршрут до 10.67.1.1 через route add на локальном добавлен.
Маршрут до 10.67.1.1 в Cisco ASA добавлен.
По данным Cisco ASA 5505 (Monitoring > VPN > VPN Statistics > Sessions) VPN поднимается, но идут только Тх по 260 Bytes (при запуске cmd telnet 10.67.1.1 8001 с локального ПК) и Тх по 60 Bytes (при запуске cmd ping 10.67.1.1 с локального ПК).
С локального же компьютера cmd ping 10.67.1.1 и telnet 10.67.1.1 8001 не работают:
C:\WINDOWS\system32>telnet 10.67.1.1 8001
Подключение к 10.67.1.1...Не удалось открыть подключение к этому узлу, на порт 8001: Сбой подключения
C:\WINDOWS\system32>ping 10.67.1.1 -t
Обмен пакетами с 10.67.1.1 по с 32 байтами данных:
Превышен интервал ожидания для запроса.
Превышен интервал ожидания для запроса.

 

Файервол на компе выключен, антивирус выключен

 

А вот с той стороны ping 172.16.10.110 проходит прекрасно!

 

1 УТВЕРЖДЕННОЕ РЕШЕНИЕ

Утвержденные решения

Итак, судя по этому выводу:

access-list outside_cryptomap_9 extended permit ip host 172.16.10.110 host 10.67.1.1
local ident (addr/mask/prot/port): (172.16.10.110/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (10.67.1.1/255.255.255.255/0/0)
current_peer: 185.79.245.152


#pkts encaps: 1037, #pkts encrypt: 1037, #pkts digest: 1037
#pkts decaps: 479, #pkts decrypt: 479, #pkts verify: 479
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 1037, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#TFC rcvd: 0, #TFC sent: 0
#Valid ICMP Errors rcvd: 0, #Invalid ICMP Errors rcvd: 0
#send errors: 0, #recv errors: 0

Мы видим полностью функциональный туннель. Пакеты ходят в обе стороны. Я встречал проблему, когда из-за разницы в версии ОС, туннель поднимался только при инициировании с одной стороны. Лечилось либо апгрейдом до последней рекомендованной версии либо переконфигурацией на IKEv2.

 

Просмотреть решение в исходном сообщении

5 ОТВЕТ 5
Sergey Lisitsin
Collaborator

Добрый день,

 

покажите пожалуйста вывод команд:

 

show crypto isa sa

show crypto ipsec sa

 

Здравствуйте!

"show crypto isa sa":

Спойлер

Result of the command: "show crypto isa sa"

IKEv1 SAs:

Active SA: 4
Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)
Total IKE SA: 4

1 IKE Peer: 93.125.122.129
Type : L2L Role : initiator
Rekey : no State : MM_ACTIVE
2 IKE Peer: 185.79.245.152
Type : L2L Role : responder
Rekey : no State : MM_ACTIVE
3 IKE Peer: 178.163.163.138
Type : L2L Role : initiator
Rekey : no State : MM_ACTIVE
4 IKE Peer: 46.53.245.140
Type : user Role : responder
Rekey : no State : MM_ACTIVE

IKEv2 SAs:

Session-id:35, Status:UP-ACTIVE, IKE count:1, CHILD count:1

Tunnel-id Local Remote Status Role
2379480985 212.98.173.85/500 128.140.240.4/500 READY INITIATOR
Encr: AES-CBC, keysize: 256, Hash: SHA256, DH Grp:14, Auth sign: PSK, Auth verify: PSK
Life/Active Time: 86400/163 sec
Child sa: local selector 192.168.186.0/0 - 192.168.186.255/65535
remote selector 128.140.240.131/0 - 128.140.240.131/65535
ESP spi in/out: 0xc64c5464/0xf768606

"show crypto ipsec sa":

Спойлер

Result of the command: "show crypto ipsec sa"

interface: outside
Crypto map tag: SYSTEM_DEFAULT_CRYPTO_MAP, seq num: 65535, local addr: 212.98.173.85

local ident (addr/mask/prot/port): (212.98.173.85/255.255.255.255/17/1701)
remote ident (addr/mask/prot/port): (46.53.245.140/255.255.255.255/17/0)
current_peer: 46.53.245.140, username: ivan
dynamic allocated peer ip: 192.168.1.215
dynamic allocated peer ip(ipv6): 0.0.0.0

#pkts encaps: 150864, #pkts encrypt: 150864, #pkts digest: 150864
#pkts decaps: 90927, #pkts decrypt: 90927, #pkts verify: 90927
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 150864, #pkts comp failed: 0, #pkts decomp failed: 0
#post-frag successes: 0, #post-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#TFC rcvd: 0, #TFC sent: 0
#Valid ICMP Errors rcvd: 0, #Invalid ICMP Errors rcvd: 0
#send errors: 0, #recv errors: 0

local crypto endpt.: 212.98.173.85/4500, remote crypto endpt.: 46.53.245.140/1054
path mtu 1500, ipsec overhead 82(52), media mtu 1500
PMTU time remaining (sec): 0, DF policy: copy-df
ICMP error validation: disabled, TFC packets: disabled
current outbound spi: 5E225074
current inbound spi : F56D3F8B

inbound esp sas:
spi: 0xF56D3F8B (4117577611)
transform: esp-aes esp-sha-hmac no compression
in use settings ={RA, Transport, NAT-T-Encaps, IKEv1, }
slot: 0, conn_id: 1630208, crypto-map: SYSTEM_DEFAULT_CRYPTO_MAP
sa timing: remaining key lifetime (kB/sec): (232934/1959)
IV size: 16 bytes
replay detection support: Y
Anti replay bitmap:
0xFFFFFFFF 0xFFFFFFFF
outbound esp sas:
spi: 0x5E225074 (1579307124)
transform: esp-aes esp-sha-hmac no compression
in use settings ={RA, Transport, NAT-T-Encaps, IKEv1, }
slot: 0, conn_id: 1630208, crypto-map: SYSTEM_DEFAULT_CRYPTO_MAP
sa timing: remaining key lifetime (kB/sec): (195407/1959)
IV size: 16 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x00000001

Crypto map tag: outside_map2, seq num: 8, local addr: 212.98.173.85

access-list outside_cryptomap_7 extended permit ip host 192.168.104.28 host 172.22.103.4
local ident (addr/mask/prot/port): (192.168.104.28/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (172.22.103.4/255.255.255.255/0/0)
current_peer: 93.125.122.129


#pkts encaps: 127266, #pkts encrypt: 127266, #pkts digest: 127266
#pkts decaps: 89488, #pkts decrypt: 89488, #pkts verify: 89488
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 127266, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#TFC rcvd: 0, #TFC sent: 0
#Valid ICMP Errors rcvd: 0, #Invalid ICMP Errors rcvd: 0
#send errors: 0, #recv errors: 0

local crypto endpt.: 212.98.173.85/4500, remote crypto endpt.: 93.125.122.129/4500
path mtu 1500, ipsec overhead 82(52), media mtu 1500
PMTU time remaining (sec): 0, DF policy: copy-df
ICMP error validation: disabled, TFC packets: disabled
current outbound spi: 8A7AF4EA
current inbound spi : 554EA523

inbound esp sas:
spi: 0x554EA523 (1431217443)
transform: esp-aes-256 esp-sha-hmac no compression
in use settings ={L2L, Tunnel, NAT-T-Encaps, PFS Group 5, IKEv1, }
slot: 0, conn_id: 856064, crypto-map: outside_map2
sa timing: remaining key lifetime (kB/sec): (3908997/8768)
IV size: 16 bytes
replay detection support: Y
Anti replay bitmap:
0xFFFFFFFF 0xFFFFFFFF
outbound esp sas:
spi: 0x8A7AF4EA (2323313898)
transform: esp-aes-256 esp-sha-hmac no compression
in use settings ={L2L, Tunnel, NAT-T-Encaps, PFS Group 5, IKEv1, }
slot: 0, conn_id: 856064, crypto-map: outside_map2
sa timing: remaining key lifetime (kB/sec): (3912017/8768)
IV size: 16 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x00000001

Crypto map tag: outside_map2, seq num: 5, local addr: 212.98.173.85

access-list outside_cryptomap_4 extended permit ip 192.168.186.0 255.255.255.0 host 128.140.240.131
local ident (addr/mask/prot/port): (192.168.186.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (128.140.240.131/255.255.255.255/0/0)
current_peer: 128.140.240.4


#pkts encaps: 36, #pkts encrypt: 36, #pkts digest: 36
#pkts decaps: 31, #pkts decrypt: 31, #pkts verify: 31
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 36, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#TFC rcvd: 0, #TFC sent: 0
#Valid ICMP Errors rcvd: 0, #Invalid ICMP Errors rcvd: 0
#send errors: 0, #recv errors: 0

local crypto endpt.: 212.98.173.85/500, remote crypto endpt.: 128.140.240.4/500
path mtu 1500, ipsec overhead 74(44), media mtu 1500
PMTU time remaining (sec): 0, DF policy: copy-df
ICMP error validation: disabled, TFC packets: disabled
current outbound spi: 0F768606
current inbound spi : C64C5464

inbound esp sas:
spi: 0xC64C5464 (3326891108)
transform: esp-aes-256 esp-sha-hmac no compression
in use settings ={L2L, Tunnel, PFS Group 14, IKEv2, }
slot: 0, conn_id: 1650688, crypto-map: outside_map2
sa timing: remaining key lifetime (kB/sec): (3962875/3383)
IV size: 16 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0xFFFFFFFF
outbound esp sas:
spi: 0x0F768606 (259425798)
transform: esp-aes-256 esp-sha-hmac no compression
in use settings ={L2L, Tunnel, PFS Group 14, IKEv2, }
slot: 0, conn_id: 1650688, crypto-map: outside_map2
sa timing: remaining key lifetime (kB/sec): (3916783/3383)
IV size: 16 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x00000001

Crypto map tag: outside_map2, seq num: 1, local addr: 212.98.173.85

access-list outside_cryptomap extended permit ip 192.168.186.0 255.255.255.0 host 10.254.85.15
local ident (addr/mask/prot/port): (192.168.186.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (10.254.85.15/255.255.255.255/0/0)
current_peer: 178.163.163.138


#pkts encaps: 10829, #pkts encrypt: 10829, #pkts digest: 10829
#pkts decaps: 9162, #pkts decrypt: 9162, #pkts verify: 9162
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 10829, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#TFC rcvd: 0, #TFC sent: 0
#Valid ICMP Errors rcvd: 0, #Invalid ICMP Errors rcvd: 0
#send errors: 0, #recv errors: 0

local crypto endpt.: 212.98.173.85/0, remote crypto endpt.: 178.163.163.138/0
path mtu 1500, ipsec overhead 74(44), media mtu 1500
PMTU time remaining (sec): 0, DF policy: copy-df
ICMP error validation: disabled, TFC packets: disabled
current outbound spi: 59816271
current inbound spi : 0258524B

inbound esp sas:
spi: 0x0258524B (39342667)
transform: esp-aes-256 esp-sha-hmac no compression
in use settings ={L2L, Tunnel, PFS Group 2, IKEv1, }
slot: 0, conn_id: 1646592, crypto-map: outside_map2
sa timing: remaining key lifetime (kB/sec): (4373583/1395)
IV size: 16 bytes
replay detection support: Y
Anti replay bitmap:
0xFFFFFFFF 0xFFFFFFFF
outbound esp sas:
spi: 0x59816271 (1501651569)
transform: esp-aes-256 esp-sha-hmac no compression
in use settings ={L2L, Tunnel, PFS Group 2, IKEv1, }
slot: 0, conn_id: 1646592, crypto-map: outside_map2
sa timing: remaining key lifetime (kB/sec): (4373462/1395)
IV size: 16 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x00000001

Crypto map tag: outside_map2, seq num: 10, local addr: 212.98.173.85

access-list outside_cryptomap_9 extended permit ip host 172.16.10.110 host 10.67.1.1
local ident (addr/mask/prot/port): (172.16.10.110/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (10.67.1.1/255.255.255.255/0/0)
current_peer: 185.79.245.152


#pkts encaps: 1037, #pkts encrypt: 1037, #pkts digest: 1037
#pkts decaps: 479, #pkts decrypt: 479, #pkts verify: 479
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 1037, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#TFC rcvd: 0, #TFC sent: 0
#Valid ICMP Errors rcvd: 0, #Invalid ICMP Errors rcvd: 0
#send errors: 0, #recv errors: 0

local crypto endpt.: 212.98.173.85/0, remote crypto endpt.: 185.79.245.152/0
path mtu 1500, ipsec overhead 74(44), media mtu 1500
PMTU time remaining (sec): 0, DF policy: copy-df
ICMP error validation: disabled, TFC packets: disabled
current outbound spi: C63820C7
current inbound spi : F91E41F4

inbound esp sas:
spi: 0xF91E41F4 (4179509748)
transform: esp-aes-256 esp-sha-hmac no compression
in use settings ={L2L, Tunnel, PFS Group 5, IKEv1, }
slot: 0, conn_id: 1642496, crypto-map: outside_map2
sa timing: remaining key lifetime (kB/sec): (4373966/763)
IV size: 16 bytes
replay detection support: Y
Anti replay bitmap:
0xFFFFFFFF 0xFFFFFFFF
outbound esp sas:
spi: 0xC63820C7 (3325567175)
transform: esp-aes-256 esp-sha-hmac no compression
in use settings ={L2L, Tunnel, PFS Group 5, IKEv1, }
slot: 0, conn_id: 1642496, crypto-map: outside_map2
sa timing: remaining key lifetime (kB/sec): (4373934/763)
IV size: 16 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x00000001

С той стороны запустили пинг на постоянку.

Спасибо за отклик!

 

UPD: Когда запущен пинг нашего хоста с их стороны, то VPN полностью поднимается! Мы их пингуем и по телнету заходим!
Мистика...

 

 

По итогу имеем при наших неизменных настройках:
Если с той стороны начинают пинговать хост-->хост, то:
- по мониторингу Cisco VPN поднят, Rx растет
- проходит пинг хост-->хост от нас к ним (начинает расти и Tx на Cisco)
- мы можем зайти со своего хоста по telnet на их хост (начинает расти и Tx на Cisco)
Если с той стороны прекращают пинговать хост-->хост, то:
- по мониторингу Cisco VPN поднят, Rx и Tx по нулям
- пинг хост-->хост от нас к ним не проходит, но начинает расти Tx на Cisco
- мы не можем зайти со своего хоста по telnet на их хост, но начинает расти Tx на Cisco
Куда и кому (нам или им) рыть/копать?

Итак, судя по этому выводу:

access-list outside_cryptomap_9 extended permit ip host 172.16.10.110 host 10.67.1.1
local ident (addr/mask/prot/port): (172.16.10.110/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (10.67.1.1/255.255.255.255/0/0)
current_peer: 185.79.245.152


#pkts encaps: 1037, #pkts encrypt: 1037, #pkts digest: 1037
#pkts decaps: 479, #pkts decrypt: 479, #pkts verify: 479
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 1037, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#TFC rcvd: 0, #TFC sent: 0
#Valid ICMP Errors rcvd: 0, #Invalid ICMP Errors rcvd: 0
#send errors: 0, #recv errors: 0

Мы видим полностью функциональный туннель. Пакеты ходят в обе стороны. Я встречал проблему, когда из-за разницы в версии ОС, туннель поднимался только при инициировании с одной стороны. Лечилось либо апгрейдом до последней рекомендованной версии либо переконфигурацией на IKEv2.

 

Просмотреть решение в исходном сообщении

Спасибо огромное за участие в решении проблемы!

Всегда рад помочь