- Cisco Community
- Technology and Support
- Security
- Network Security
- ASA5505 outside to inside
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
ASA5505 outside to inside
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-31-2014 11:46 PM - edited 03-11-2019 09:01 PM
Hello friends, i have a webserver on my private 192.168.100.41, i want to access it from inside but it's not working ... i can access it only from outside . What should i change in the configuration that i can access it from my inside network?
i have the following configuration of my ASA5505
name 192.168.100.0 DATAnetwork description DATA network
name 10.20.100.0 VIDEOnetwork description Video network
name 10.10.100.0 VOICEnetwork description Voice network
name 192.168.101.0 KDL-data-network description Kyustendil data network
name 213.149.137.21 outside1-ipaddress description Outside1 interface IP address
name 10.1.2.0 KDL-inside-network description Kyustendil inside network
name 10.20.101.0 KDL-video-network description Kyustendil video network
name 10.10.101.0 KDL-voice-network description Kyustendil Voice network
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
switchport access vlan 3
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan1
nameif inside
security-level 100
ip address 10.1.1.1 255.0.0.0
!
interface Vlan2
nameif outside1
security-level 0
ip address dhcp setroute
!
interface Vlan3
no forward interface Vlan2
nameif outside2
security-level 1
no ip address
!
ftp mode passive
clock timezone EEST 2
clock summer-time EEDT recurring last Sun Mar 3:00 last Sun Oct 4:00
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network obj-10.1.1.96
subnet 10.1.1.96 255.255.255.240
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network outside1-ipaddress
host 213.149.137.21
description Created during name migration
object network 78.128.53.25-ivan
host 78.128.53.25
object network 10.1.1.0-ivaninside
subnet 10.1.1.0 255.255.255.0
object network 78.128.53.0-ivannetwork
subnet 78.128.53.0 255.255.255.0
object network 192.168.10.0-ivaninside
subnet 192.168.10.0 255.255.255.0
object network Site-B-svetli-inside
subnet 192.168.8.0 255.255.255.0
object network Home_Network_Svetli
subnet 192.168.8.0 255.255.255.0
object network radka-inside
subnet 192.168.1.0 255.255.255.0
object network 24.218.56.0
subnet 24.218.56.0 255.255.255.0
description USA Network
object network 24.218.56.234
host 24.218.56.234
description USA Host
object network TestRDP
host 192.168.100.51
description TestRDP
object network rbi_FTP
host 192.168.100.31
description rbi_FTP
object network rbiFTP
host 192.168.100.15
description rbiFTP
object network testRDP
host 192.168.100.51
description testRDP
object network IS_FTP
host 192.168.100.16
description IS_FTP
object network RBI_FTP
host 192.168.100.31
description RBI_FTP
object network IS_WEB
host 192.168.100.16
description IS_WEB
object network IS_RDP
host 192.168.100.16
description IS_RDP
object network IS_8443
host 192.168.100.16
description IS_8443
object network IS_VPN
host 192.168.100.16
description IS_VPN
object network IS_VPN2
host 192.168.100.16
description IS_VPN2
object network IS_Many
host 192.168.100.16
description IS_Many
object network router
host 192.168.100.1
description router
object network rbi_server
host 192.168.100.25
description rbi_server
object network rbi_server_inside
host 192.168.100.25
description rbi_server_inside
object network IS_VPN_UDP
host 192.168.100.16
description IS_VPN_UDP
object network server
host 192.168.100.25
description server
object network RBI_SERVER
host 192.168.100.41
description RBI_SERVER
object network Outside_
host 213.149.137.21
description Outside_
object network boiko_jar
subnet 10.10.101.0 255.255.255.0
description boiko_jar
object network boiko_jarHost
host 213.149.140.213
object network voiceto
subnet 192.168.100.0 255.255.255.0
object network rbi_vpn_test
range 10.10.102.1 10.10.102.100
object network NETWORK_OBJ_10.1.2.0_24
subnet 10.1.2.0 255.255.255.0
object network NETWORK_OBJ_10.1.1.0_24
subnet 10.1.1.0 255.255.255.0
object network NETWORK_OBJ_10.10.100.0_24
subnet 10.10.100.0 255.255.255.0
object network NETWORK_OBJ_10.10.105.0_24
subnet 10.10.105.0 255.255.255.0
object network Svetli_Home_Network
subnet 10.10.105.0 255.255.255.0
object network Svetli_Home_Host
host 77.77.58.22
object network test_voice_phone
host 10.10.100.1
object network NETWORK_OBJ_10.10.110.0_26
subnet 10.10.110.0 255.255.255.192
object network NETWORK_OBJ_10.10.110.0_25
subnet 10.10.110.0 255.255.255.128
object network NETWORK_OBJ_10.20.120.0_25
subnet 10.20.120.0 255.255.255.128
object network test_voice
host 10.10.100.1
object network TEST_SCCP
host 192.168.100.1
description TEST_SCCP
object network TESTTEST
host 10.10.100.1
description TESTTEST
object network NETWORK_OBJ_10.20.100.0_24
subnet 10.20.100.0 255.255.255.0
object network bbb
host 192.168.100.41
description bbb
object network 1935
host 192.168.100.41
description 1935
object network 9123
host 192.168.100.41
description 9123
object network RBI_SERVER_1935
host 192.168.100.41
description RBI_SERVER_1935
object network RBI_SERVER_9123
host 192.168.100.41
description RBI_SERVER_9123
object network RBI_SERVER_22
host 192.168.100.41
description RBI_SERVER_22
object-group network DM_INLINE_NETWORK_5
network-object object 192.168.10.0-ivaninside
network-object object Svetli_Home_Network
object-group network DM_INLINE_NETWORK_2
network-object 10.1.1.0 255.255.255.0
network-object VOICEnetwork 255.255.255.0
network-object VIDEOnetwork 255.255.255.0
network-object DATAnetwork 255.255.255.0
object-group service DM_INLINE_SERVICE_1
service-object esp
service-object ah
service-object udp destination eq 4500
service-object udp destination eq isakmp
object-group network DM_INLINE_NETWORK_6
network-object 10.1.1.0 255.255.255.0
network-object VOICEnetwork 255.255.255.0
network-object VIDEOnetwork 255.255.255.0
network-object DATAnetwork 255.255.255.0
object-group network DM_INLINE_NETWORK_7
network-object KDL-inside-network 255.255.255.0
network-object KDL-voice-network 255.255.255.0
network-object KDL-video-network 255.255.255.0
network-object KDL-data-network 255.255.255.0
object-group network DM_INLINE_NETWORK_1
network-object 10.1.1.0 255.255.255.0
network-object KDL-inside-network 255.255.255.0
network-object VOICEnetwork 255.255.255.0
network-object KDL-voice-network 255.255.255.0
network-object VIDEOnetwork 255.255.255.0
network-object KDL-video-network 255.255.255.0
network-object DATAnetwork 255.255.255.0
network-object KDL-data-network 255.255.255.0
network-object object Home_Network_Svetli
network-object object radka-inside
object-group network DM_INLINE_NETWORK_4
network-object VOICEnetwork 255.255.255.0
network-object VIDEOnetwork 255.255.255.0
network-object DATAnetwork 255.255.255.0
object-group network DM_INLINE_NETWORK_3
network-object object IS_VPN
network-object object IS_VPN2
network-object object IS_VPN_UDP
object-group network DM_INLINE_NETWORK_8
network-object object 192.168.10.0-ivaninside
network-object object Svetli_Home_Network
object-group network DM_INLINE_NETWORK_9
network-object VOICEnetwork 255.255.255.0
network-object VIDEOnetwork 255.255.255.0
network-object DATAnetwork 255.255.255.0
object-group service DM_INLINE_SERVICE_3
service-object icmp
service-object tcp
service-object tcp destination eq www
service-object tcp destination eq https
access-list EZVPN_GROUP_KDL_splitTunnelAcl standard permit 10.1.1.0 255.255.255.0
access-list EZVPN_GROUP_KDL_splitTunnelAcl standard permit 192.168.100.0 255.255.255.0
access-list EZVPN_GROUP_KDL_splitTunnelAcl standard permit 10.20.100.0 255.255.255.0
access-list EZVPN_GROUP_KDL_splitTunnelAcl standard permit 10.10.100.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip object-group DM_INLINE_NETWORK_6 object-group DM_INLINE_NETWORK_7
access-list inside_nat0_outbound extended permit ip object-group DM_INLINE_NETWORK_1 10.1.1.96 255.255.255.240
access-list inside_access_in extended permit ip any any
access-list inside_access_in extended permit ip object RBI_SERVER interface outside1
access-list outside1_access_in remark Allow ICMP messages
access-list outside1_access_in extended permit icmp any object outside1-ipaddress
access-list EZVPN_GROUP_1_splitTunnelAcl standard permit 10.1.1.0 255.255.255.0
access-list EZVPN_GROUP_1_splitTunnelAcl standard permit 10.1.2.0 255.255.255.0
access-list EZVPN_GROUP_1_splitTunnelAcl standard permit 10.10.100.0 255.255.255.0
access-list EZVPN_GROUP_1_splitTunnelAcl standard permit 10.10.101.0 255.255.255.0
access-list EZVPN_GROUP_1_splitTunnelAcl standard permit 10.20.100.0 255.255.255.0
access-list EZVPN_GROUP_1_splitTunnelAcl standard permit 10.20.101.0 255.255.255.0
access-list EZVPN_GROUP_1_splitTunnelAcl standard permit 192.168.100.0 255.255.255.0
access-list EZVPN_GROUP_1_splitTunnelAcl standard permit 192.168.101.0 255.255.255.0
access-list outside1_2_cryptomap remark VPN traffic Dupnitsa-Kyustendil
access-list outside1_2_cryptomap extended permit ip object-group DM_INLINE_NETWORK_6 object-group DM_INLINE_NETWORK_7
access-list RBI_RILA_splitTunnelAcl standard permit 10.20.100.0 255.255.255.0
access-list RBI_RILA_splitTunnelAcl standard permit 192.168.100.0 255.255.255.0
access-list RBI_RILA_splitTunnelAcl standard permit 10.1.1.0 255.255.255.0
access-list RBI_RILA_splitTunnelAcl standard permit 10.10.100.0 255.255.255.0
access-list outside1_cryptomap_1 extended permit ip object-group DM_INLINE_NETWORK_4 object 192.168.10.0-ivaninside
access-list outside1_access_in_1 extended permit ip any any
access-list outside1_access_in_1 extended permit ip any object testRDP
access-list outside1_access_in_1 extended permit ip any object IS_FTP
access-list outside1_access_in_1 extended permit ip any object RBI_FTP
access-list outside1_access_in_1 extended permit ip any object IS_RDP
access-list outside1_access_in_1 extended permit ip any object IS_8443
access-list outside1_access_in_1 extended permit ip any object-group DM_INLINE_NETWORK_3
access-list outside1_access_in_1 extended permit tcp any object IS_Many eq ftp
access-list outside1_access_in_1 extended permit object-group DM_INLINE_SERVICE_3 any object RBI_SERVER
access-list outside1_cryptomap extended permit ip object-group DM_INLINE_NETWORK_9 object Svetli_Home_Network
access-list rbi123_splitTunnelAcl standard permit 10.10.100.0 255.255.255.0
access-list all_splitTunnelAcl standard permit 10.10.100.0 255.255.255.0
access-list all_splitTunnelAcl standard permit 10.20.100.0 255.255.255.0
access-list all_splitTunnelAcl standard permit 192.168.100.0 255.255.255.0
access-list rbi_voice_splitTunnelAcl standard permit 10.10.100.0 255.255.255.0
access-list rbi_voice_splitTunnelAcl standard permit 192.168.100.0 255.255.255.0
access-list rbi_voice_splitTunnelAcl standard permit 10.10.110.0 255.255.255.0
access-list 24.218.56.234 standard permit any
access-list AnyConnect_Client_Local_Print extended permit tcp any any eq lpd
access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol
access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 631
access-list AnyConnect_Client_Local_Print remark Windows' printing port
access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 9100
access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol
access-list AnyConnect_Client_Local_Print extended permit udp any host 224.0.0.251 eq 5353
access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name Resolution protocol
access-list AnyConnect_Client_Local_Print extended permit udp any host 224.0.0.252 eq 5355
access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol
access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 137
access-list AnyConnect_Client_Local_Print extended permit udp any any eq netbios-ns
access-list rbi_splitTunnelAcl_1 standard permit 192.168.100.0 255.255.255.0
access-list rbi_splitTunnelAcl_1 standard permit 192.168.50.0 255.255.255.0
access-list rbi_splitTunnelAcl_1 standard permit 10.10.100.0 255.255.255.0
access-list rbi_voice_splitTunnelAcl_1 standard permit 10.10.100.0 255.255.255.0
access-list rbi_voice_splitTunnelAcl_1 standard permit 192.168.100.0 255.255.255.0
access-list rbi_voice_splitTunnelAcl_2 standard permit 10.10.100.0 255.255.255.0
access-list rbi_voice_splitTunnelAcl_2 standard permit 192.168.100.0 255.255.255.0
access-list rbi_all_splitTunnelAcl standard permit 10.10.100.0 255.255.255.0
access-list rbi_all_splitTunnelAcl standard permit 10.20.100.0 255.255.255.0
access-list rbi_all_splitTunnelAcl standard permit 192.168.100.0 255.255.255.0
access-list rbi_conference_splitTunnelAcl standard permit 10.20.100.0 255.255.255.0
access-list OUTSIDE_IN_ACL extended permit icmp any any echo-reply
access-list OUTSIDE_IN_ACL extended permit icmp any any time-exceeded
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside1 1500
mtu outside2 1500
ip local pool EZVPN_POOL_1 10.1.1.101-10.1.1.110 mask 255.255.255.0
ip local pool 192.168.1.1 192.168.1.2-192.168.1.55 mask 255.255.255.0
ip local pool 10.1.1.1 10.1.1.2-10.1.1.11 mask 255.255.0.0
ip local pool rbi_voice 10.10.110.1-10.10.110.100 mask 255.255.255.0
ip local pool rbi_Test 10.20.120.1-10.20.120.100 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
nat (inside,any) source static DM_INLINE_NETWORK_1 DM_INLINE_NETWORK_1 destination static obj-10.1.1.96 obj-10.1.1.96 no-proxy-arp route-lookup
nat (inside,outside1) source static any any destination static DM_INLINE_NETWORK_8 DM_INLINE_NETWORK_8 no-proxy-arp route-lookup
nat (inside,outside1) source static DM_INLINE_NETWORK_9 DM_INLINE_NETWORK_9 destination static DM_INLINE_NETWORK_5 DM_INLINE_NETWORK_5 no-proxy-arp route-lookup
nat (inside,outside1) source static NETWORK_OBJ_10.20.100.0_24 NETWORK_OBJ_10.20.100.0_24 destination static NETWORK_OBJ_10.20.120.0_25 NETWORK_OBJ_10.20.120.0_25 no-proxy-arp route-lookup
!
object network obj_any
nat (inside,outside1) dynamic interface
object network testRDP
nat (inside,outside1) static interface service tcp 3389 3389
object network IS_FTP
nat (inside,outside1) static interface service tcp ftp ftp
object network RBI_FTP
nat (inside,outside1) static interface service tcp ftp 1222
object network IS_WEB
nat (inside,outside1) static interface service tcp 8080 8080
object network IS_RDP
nat (inside,outside1) static interface service tcp 3390 3390
object network IS_8443
nat (inside,outside1) static interface service tcp 8443 8443
object network IS_VPN
nat (inside,outside1) static interface service tcp 1194 1194
object network IS_VPN2
nat (inside,outside1) static interface service udp 1194 1194
object network IS_VPN_UDP
nat (inside,outside1) static interface service udp 1194 1194
object network RBI_SERVER
nat (inside,outside1) static interface service tcp www www
object network RBI_SERVER_1935
nat (inside,outside1) static interface service tcp 1935 1935
object network RBI_SERVER_9123
nat (inside,outside1) static interface service tcp 9123 9123
object network RBI_SERVER_22
nat (inside,outside1) static interface service tcp ssh 2222
access-group inside_access_in in interface inside per-user-override
access-group OUTSIDE_IN_ACL in interface outside1
route outside1 0.0.0.0 0.0.0.0 213.149.137.254 1
route inside VOICEnetwork 255.255.255.0 10.1.1.2 1
route inside VIDEOnetwork 255.255.255.0 10.1.1.2 1
route inside DATAnetwork 255.255.255.0 10.1.1.2 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication enable console LOCAL
aaa authentication http console LOCAL
aaa authentication serial console LOCAL
aaa authentication ssh console LOCAL
http server enable
http 0.0.0.0 0.0.0.0 inside
http 88.203.215.145 255.255.255.255 outside1
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-256-SHA ESP-AES-128-SHA ESP-AES-256-MD5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set reverse-route
crypto map outside1_map 1 match address outside1_cryptomap
crypto map outside1_map 1 set pfs
crypto map outside1_map 1 set peer 77.77.58.22
crypto map outside1_map 1 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside1_map 2 match address outside1_2_cryptomap
crypto map outside1_map 2 set pfs
crypto map outside1_map 2 set peer 77.77.21.252
crypto map outside1_map 2 set ikev1 transform-set ESP-AES-256-SHA
crypto map outside1_map 3 match address outside1_cryptomap_1
crypto map outside1_map 3 set pfs
crypto map outside1_map 3 set peer 78.128.53.25
crypto map outside1_map 3 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside1_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside1_map interface outside1
crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map inside_map interface inside
crypto ca trustpoint ASDM_TrustPoint1
enrollment terminal
crl configure
crypto ca trustpoint ASDM_TrustPoint0
enrollment terminal
subject-name CN=RILA-DUP-ASA5505
crl configure
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable inside client-services port 443
crypto ikev2 enable outside1 client-services port 443
crypto ikev1 enable inside
crypto ikev1 enable outside1
crypto ikev1 policy 10
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 inside
ssh 0.0.0.0 0.0.0.0 outside1
ssh 0.0.0.0 0.0.0.0 outside2
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
management-access inside
vpnclient mode client-mode
vpnclient vpngroup 123 password *****
vpnclient username svetli password *****
dhcpd auto_config outside1
!
dhcpd address 10.1.1.11-10.1.1.254 inside
dhcpd auto_config outside1 interface inside
dhcpd enable inside
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
enable inside
enable outside1
anyconnect image disk0:/anyconnect-win-2.5.2014-k9.pkg 1
anyconnect image disk0:/anyconnect-linux-2.5.2014-k9.pkg 2
anyconnect image disk0:/anyconnect-macosx-i386-2.5.2014-k9.pkg 3
anyconnect enable
tunnel-group-list enable
group-policy rbi_all internal
group-policy rbi_all attributes
vpn-tunnel-protocol ikev1
split-tunnel-policy tunnelspecified
split-tunnel-network-list value rbi_all_splitTunnelAcl
group-policy RBI_RILA internal
group-policy RBI_RILA attributes
vpn-filter value rbi_splitTunnelAcl_1
vpn-tunnel-protocol ikev1 ssl-clientless
split-tunnel-policy tunnelspecified
split-tunnel-network-list value RBI_RILA_splitTunnelAcl
group-policy rbi_voice internal
group-policy rbi_voice attributes
vpn-tunnel-protocol ikev1
split-tunnel-policy tunnelspecified
split-tunnel-network-list value rbi_voice_splitTunnelAcl_2
group-policy rbi_conference internal
group-policy rbi_conference attributes
vpn-tunnel-protocol ikev1
split-tunnel-policy tunnelspecified
split-tunnel-network-list value rbi_conference_splitTunnelAcl
group-policy DfltGrpPolicy attributes
vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-client ssl-clientless
group-policy all internal
group-policy all attributes
vpn-filter value all_splitTunnelAcl
vpn-tunnel-protocol ikev1
split-tunnel-policy tunnelspecified
split-tunnel-network-list value all_splitTunnelAcl
group-policy GroupPolicy_78.128.53.25 internal
group-policy GroupPolicy_78.128.53.25 attributes
vpn-tunnel-protocol ikev1
group-policy GroupPolicy_24.218.56.234 internal
group-policy GroupPolicy_24.218.56.234 attributes
vpn-filter value 24.218.56.234
vpn-tunnel-protocol ikev1
group-policy GroupPolicy_77.77.58.22 internal
group-policy GroupPolicy_77.77.58.22 attributes
vpn-tunnel-protocol ikev1
group-policy VPN_GROUP_KDL internal
group-policy VPN_GROUP_KDL attributes
dns-server value 192.168.100.1 10.1.1.1
vpn-tunnel-protocol ikev1 ssl-client
default-domain none
group-policy EZVPN_GROUP_1 internal
group-policy EZVPN_GROUP_1 attributes
vpn-tunnel-protocol ikev1
split-tunnel-policy tunnelspecified
split-tunnel-network-list value EZVPN_GROUP_1_splitTunnelAcl
group-policy EZVPN_GROUP_KDL internal
group-policy EZVPN_GROUP_KDL attributes
dns-server value 88.88.96.4
vpn-tunnel-protocol ikev1 ikev2 ssl-client ssl-clientless
password-storage enable
split-tunnel-policy tunnelspecified
split-tunnel-network-list value EZVPN_GROUP_KDL_splitTunnelAcl
default-domain none
nem enable
username deviceadmin password 217DqLXc8UyYndim encrypted privilege 15
username deviceadmin attributes
vpn-group-policy EZVPN_GROUP_1
vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-client ssl-clientless
username AdminRila password kFTiM27icYQBMGsx encrypted privilege 15
username AdminRila attributes
vpn-group-policy EZVPN_GROUP_1
vpn-tunnel-protocol ikev1
username svetli password A/ALvetA5hdOrYwm encrypted privilege 0
username svetli attributes
vpn-group-policy all
username joro password II7UBwPooAIm1O.a encrypted privilege 0
username boiko password klC2XQVDQwBu3hn2 encrypted privilege 0
username viktor password XHzfZZkqJdHaAF2w encrypted privilege 0
tunnel-group DefaultRAGroup general-attributes
address-pool EZVPN_POOL_1
tunnel-group DefaultRAGroup ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group DefaultRAGroup ppp-attributes
authentication pap
authentication ms-chap-v2
tunnel-group EZVPN_GROUP_KDL type remote-access
tunnel-group EZVPN_GROUP_KDL general-attributes
address-pool EZVPN_POOL_1
tunnel-group EZVPN_GROUP_KDL ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 77.77.21.252 type ipsec-l2l
tunnel-group 77.77.21.252 general-attributes
default-group-policy VPN_GROUP_KDL
tunnel-group 77.77.21.252 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group EZVPN_GROUP_1 type remote-access
tunnel-group EZVPN_GROUP_1 general-attributes
address-pool EZVPN_POOL_1
default-group-policy EZVPN_GROUP_1
tunnel-group EZVPN_GROUP_1 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 24.218.56.234 type ipsec-l2l
tunnel-group 24.218.56.234 general-attributes
default-group-policy GroupPolicy_24.218.56.234
tunnel-group 24.218.56.234 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 78.128.53.25 type ipsec-l2l
tunnel-group 78.128.53.25 general-attributes
default-group-policy GroupPolicy_78.128.53.25
tunnel-group 78.128.53.25 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group rbi_voice type remote-access
tunnel-group rbi_voice general-attributes
address-pool rbi_voice
default-group-policy rbi_voice
tunnel-group rbi_voice ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 77.77.58.22 type ipsec-l2l
tunnel-group 77.77.58.22 general-attributes
default-group-policy GroupPolicy_77.77.58.22
tunnel-group 77.77.58.22 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group rbi_all type remote-access
tunnel-group rbi_all general-attributes
address-pool rbi_Test
default-group-policy rbi_all
tunnel-group rbi_all ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group rbi_conference type remote-access
tunnel-group rbi_conference general-attributes
address-pool rbi_Test
default-group-policy rbi_conference
tunnel-group rbi_conference ipsec-attributes
ikev1 pre-shared-key *****
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:24ef41ec4c58cbcf18870ab064db8be2
: end
- Labels:
-
NGFW Firewalls
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-01-2014 12:11 AM
"Hello friends, i have a webserver on my private 192.168.100.41, i want to access it from inside but it's not working"
Are you accessing the server via URL or by using the IP? if you are using a URL please check which IP address it is resolving to. If it is resolving to the public IP then this is your problem.
Please post a network diagram and explane exactly how traffic is supposed to flow.
--
Please remember to rate and select a correct answer
Please remember to select a correct answer and rate helpful posts
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-02-2014 01:33 AM
The issue may caused by asymmetric routing issue
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:
