Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2078
Views
0
Helpful
3
Replies

VPN Access to an IP that can be accessed via EIGRP

Go to solution
ccarter81
Level 1
Level 1

‎11-19-2013 09:09 AM - edited ‎03-11-2019 08:07 PM

I have a question. I have a VPN that sits on the external interface using the IP of 10.5.79.X/20. I have a production network connected to a corporate network using MPLS and EIGRP to share the routes. The production network can access the corporate network, but the the VPN users can't. I need to be able to access anything on that network which is mainly a 172.18.0.0 summarized by EIGRP network. I had this working before, but can't get it working again about my Firewall dumped on me.

ASA Version 8.4(2)

!

hostname hp-asa-5510-DR

enable password 1qF1n5PuI7A.2DV. encrypted

passwd 1qF1n5PuI7A.2DV. encrypted

names

dns-guard

!

interface Ethernet0/0

speed 100

duplex full

nameif external

security-level 0

ip address *142.189.26 255.255.255.252

!

interface Ethernet0/1

nameif internal

security-level 100

ip address 10.5.64.6 255.255.240.0

!

interface Ethernet0/1.1

vlan 2

nameif Guest

security-level 90

ip address 192.168.3.1 255.255.255.0

!

interface Ethernet0/2

shutdown

no nameif

no security-level

no ip address

!

interface Ethernet0/3

shutdown

no nameif

no security-level

no ip address

!

interface Management0/0

nameif management

security-level 100

ip address 192.168.1.1 255.255.255.0

management-only

!

boot system disk0:/asa842-k8.bin

boot system disk0:/asa821-k8.bin

ftp mode passive

clock timezone CST -6

clock summer-time CDT recurring

dns domain-lookup external

dns domain-lookup internal

dns server-group DefaultDNS

name-server 208.67.222.222

dns server-group Guest

name-server 10.5.64.197

name-server 8.8.8.8

same-security-traffic permit inter-interface

same-security-traffic permit intra-interface

object network obj-10.5.65.239

host 10.5.65.239

object network obj-10.5.65.253

host 10.5.65.253

object network obj-10.5.65.42

host 10.5.65.42

object network obj-10.5.65.219

host 10.5.65.219

object network obj_any

subnet 0.0.0.0 0.0.0.0

object network Cegedim

subnet 10.5.250.0 255.255.255.248

description dendrite site to site VPN

object network dfb

subnet 10.5.0.0 255.255.0.0

object network lausanne

subnet 192.168.250.0 255.255.255.0

description Lausanne

object network dfbgroup

subnet 10.5.0.0 255.255.0.0

object network DPT

subnet 10.5.16.0 255.255.240.0

object network hpbexch

host 10.5.64.198

object network hpbmsvpn

host 10.5.64.196

object network kacehost

host 10.5.65.189

object network hpbsentry

host 10.5.64.194

object network hpbMDM

host 10.5.64.195

object network hperoom

host 10.5.65.211

description healthpoint eroom server

object network spintranet

host 10.5.65.185

description sharepoint intranet

object network spsales

host 10.5.65.194

description sharepoint sales

object network spteams

host 10.5.65.183

description sharepoint teams

object network Guest

subnet 192.168.3.0 255.255.255.0

object network Crystal

host 10.5.65.203

object network ERPLN

host 10.5.65.234

object network ERPLNDB

host 10.5.65.237

object service dpt

service tcp source range 1 65000 destination range 1 65000

description dpt ports

object network Documentum

host 10.5.17.216

object network DPTDocumentum

host 10.5.17.216

description Documentum

object network EzDocs

host 10.5.17.235

description EzDocs

object network Aerosol

subnet 10.5.32.0 255.255.240.0

object network Brooks

subnet 10.5.128.0 255.255.240.0

object network DPTScience

subnet 10.5.48.0 255.255.240.0

object network LakeWood

subnet 10.5.80.0 255.255.240.0

object network Plant

subnet 10.5.0.0 255.255.240.0

object network warehouse

subnet 10.5.240.0 255.255.240.0

object network NotesApps

host 10.5.65.235

object network DPTNotes

host 10.5.17.246

object network DNSServer

host 10.5.64.197

object network GuestNetwork

subnet 192.168.3.0 255.255.255.0

object network KACE

host 10.5.65.189

object network mdm2

host 10.5.64.195

object network guesterooms

host 10.5.65.211

object network DNSServer2

host 10.5.64.199

object network asa_LAN

host 10.5.64.6

object network guestspsales

host 10.5.65.194

object network JohnsonControlServer

host 10.5.65.33

description JC Server

object network guestexchange

host 10.5.64.198

description Guest Exchange

object network guestmobile2

host 10.5.64.194

object network DPTDocB

host 10.5.17.215

object-group service EDI tcp

port-object eq 50080

port-object eq 6080

port-object eq www

object-group service Exchange tcp

port-object eq 587

port-object eq www

port-object eq https

port-object eq smtp

object-group service Lotus-Sametime tcp

port-object eq 1503

port-object eq 1516

port-object eq 1533

port-object eq 8081

port-object range 8082 8084

port-object range 9092 9094

port-object eq www

port-object eq https

port-object eq lotusnotes

port-object eq rtsp

object-group protocol TCPUDP

protocol-object udp

protocol-object tcp

object-group service VPN-MS tcp-udp

port-object eq 1701

port-object eq 1723

port-object eq 4500

port-object eq 500

object-group network Verizon-Servers

network-object 216.82.240.0 255.255.240.0

network-object 85.158.136.0 255.255.248.0

network-object 193.109.254.0 255.255.254.0

network-object 194.106.220.0 255.255.254.0

network-object 195.245.230.0 255.255.254.0

network-object 62.231.131.0 255.255.255.0

network-object 64.124.170.128 255.255.255.240

network-object 212.125.74.44 255.255.255.255

network-object 195.216.16.211 255.255.255.255

object-group network FDA_SecureEmail

network-object host 150.148.2.65

network-object host 150.148.2.66

object-group network Web-Server-Stuff

network-object host 204.71.89.34

network-object host 204.71.89.35

network-object host 204.71.89.33

network-object host 66.240.207.149

network-object host 68.168.88.169

network-object host 50.112.164.102

object-group service DFB-eRoom tcp

port-object eq www

port-object eq https

object-group network EDI-Customers

network-object host 129.33.204.13

network-object host 143.112.144.25

network-object host 160.109.101.195

network-object host 198.89.160.113

network-object host 199.230.128.125

network-object host 199.230.128.85

network-object host 205.233.244.208

network-object host 198.89.170.134

network-object host 198.89.170.135

network-object host 199.230.128.54

object-group service MDM tcp

description MobileIron ports

port-object eq 9997

port-object eq 9998

port-object eq https

object-group network OpenDNS

description OpenDNS Servers

network-object host 208.67.220.220

network-object host 208.67.222.222

network-object host 8.8.8.8

network-object host 68.113.206.10

object-group network healthpoint

network-object 10.5.64.0 255.255.240.0

object-group network vpnpool

network-object 10.5.79.0 255.255.255.0

object-group network dfb_group

network-object object dfbgroup

object-group network lausanne_group

network-object 192.168.250.0 255.255.255.0

object-group network DPTNetwork

network-object object DPT

network-object object Aerosol

network-object object Brooks

network-object object LakeWood

network-object object Plant

object-group network DM_INLINE_NETWORK_1

network-object object Cegedim

network-object object lausanne

group-object DPTNetwork

network-object object DPTNotes

object-group service DFB-Allow tcp

port-object eq 1025

port-object eq 1119

port-object eq 1120

port-object range 1222 1225

port-object eq 1433

port-object eq 1503

port-object eq 1516

port-object eq 1533

port-object range 16384 16403

port-object eq 1755

port-object eq 1919

port-object eq 1935

port-object range 2195 2196

port-object eq 3050

port-object eq 3080

port-object eq 3101

port-object eq 3244

port-object eq 3264

port-object eq 3306

port-object eq 3389

port-object eq 3724

port-object eq 4000

port-object eq 402

port-object range 4080 4081

port-object eq 4085

port-object eq 50080

port-object eq 5085

port-object range 5220 5223

port-object eq 5297

port-object eq 5298

port-object eq 5353

port-object eq 5550

port-object eq 5678

port-object eq 58570

port-object eq 5900

port-object eq 6080

port-object eq 6112

port-object eq 6114

port-object eq 6900

port-object eq 7800

port-object eq 8010

port-object eq 8080

port-object eq 8084

port-object eq 81

port-object eq 9081

port-object eq 9090

port-object eq 9997

port-object eq aol

port-object eq citrix-ica

port-object eq echo

port-object eq ftp

port-object eq ftp-data

port-object eq www

port-object eq https

port-object eq lotusnotes

port-object eq rtsp

port-object eq sip

port-object eq sqlnet

port-object eq ssh

port-object eq 442

object-group network webservers

network-object host 204.71.89.34

network-object host 204.71.89.35

object-group network DM_INLINE_NETWORK_2

network-object object KACE

network-object object guesterooms

network-object object guestspsales

network-object object JohnsonControlServer

network-object object mdm2

object-group network DM_INLINE_NETWORK_3

network-object host 10.5.65.230

network-object host 10.5.65.232

network-object object hpbexch

object-group service DM_INLINE_TCP_1 tcp

port-object eq www

port-object eq https

object-group service kace tcp

port-object eq 52230

port-object eq www

port-object eq https

port-object eq 445

port-object eq netbios-ssn

object-group service DM_INLINE_TCP_0 tcp

port-object eq www

port-object eq https

object-group service DM_INLINE_SERVICE_1

service-object ip

service-object tcp destination eq www

service-object tcp destination eq https

object-group service DM_INLINE_TCP_2 tcp

port-object eq www

port-object eq https

object-group network VLAN_Switches

network-object host 192.168.10.10

network-object host 192.168.10.11

network-object host 192.168.10.12

network-object host 192.168.10.13

network-object host 192.168.10.14

network-object host 192.168.10.15

network-object host 192.168.10.16

network-object host 192.168.10.17

network-object host 192.168.10.1

object-group network Crystal_ERP

description Crystal Enterprise and Infor LN

network-object object Crystal

network-object object ERPLN

network-object object ERPLNDB

network-object object NotesApps

object-group service DM_INLINE_SERVICE_2

service-object ip

service-object tcp destination eq www

service-object tcp destination eq https

object-group network GuestDNS

description DNS Servers for Guest

network-object object DNSServer

network-object object DNSServer2

object-group service DM_INLINE_TCP_3 tcp

port-object eq 3389

port-object eq 3390

object-group network DM_INLINE_NETWORK_4

group-object healthpoint

group-object vpnpool

access-list external_access_out extended permit object-group DM_INLINE_SERVICE_1 192.168.3.0 255.255.255.0 any

access-list external_access_out remark Production ACL

access-list external_access_out extended permit tcp any any object-group DFB-Allow

access-list external_access_out extended permit icmp any any

access-list external_access_out extended permit tcp any object-group Web-Server-Stuff

access-list external_access_out remark Site to Site connections

access-list external_access_out extended permit ip any object-group DM_INLINE_NETWORK_1

access-list external_access_out extended permit udp any object-group OpenDNS eq domain

access-list external_access_out extended permit ip object-group DM_INLINE_NETWORK_3 any

access-list split standard permit 10.5.64.0 255.255.240.0

access-list split standard permit 10.5.250.0 255.255.255.248

access-list split standard permit 10.5.128.0 255.255.240.0

access-list split standard permit 10.5.144.0 255.255.240.0

access-list split standard permit 10.5.16.0 255.255.240.0

access-list split standard permit 10.5.32.0 255.255.240.0

access-list split standard permit 10.5.96.0 255.255.240.0

access-list split standard permit 10.5.80.0 255.255.240.0

access-list split standard permit 10.5.48.0 255.255.240.0

access-list split standard permit 10.5.0.0 255.255.240.0

access-list split remark lausanne

access-list split standard permit 192.168.250.0 255.255.255.0

access-list split standard permit 172.18.0.0 255.255.0.0

access-list split remark HP

access-list external_access_in extended permit object-group DM_INLINE_SERVICE_2 any 192.168.3.0 255.255.255.0

access-list external_access_in remark Sharepoint

access-list external_access_in extended permit tcp any object spsales object-group DM_INLINE_TCP_2

access-list external_access_in remark Sharepoint

access-list external_access_in extended permit tcp any object spteams object-group DM_INLINE_TCP_1

access-list external_access_in remark Sharepoint

access-list external_access_in extended permit tcp any object spintranet object-group DM_INLINE_TCP_0

access-list external_access_in remark healthpoint erooms

access-list external_access_in extended permit tcp any object hperoom object-group DFB-eRoom

access-list external_access_in remark MDM2 VSP

access-list external_access_in extended permit tcp any object hpbMDM object-group MDM

access-list external_access_in remark New Sentry

access-list external_access_in extended permit tcp any object hpbsentry eq https

access-list external_access_in remark kace mgmt appliacne

access-list external_access_in extended permit tcp any object kacehost object-group kace

access-list external_access_in remark authentication server

access-list external_access_in extended permit object-group TCPUDP any object hpbmsvpn object-group VPN-MS

access-list external_access_in extended permit gre any object hpbmsvpn

access-list external_access_in remark HPB.NET new forest Exchange

access-list external_access_in extended permit tcp any object hpbexch object-group Exchange

access-list external_access_in remark EDI Inbound

access-list external_access_in extended permit tcp any host 10.5.65.42 object-group EDI

access-list AnyConnect_Client_Local_Print extended deny ip any any

access-list AnyConnect_Client_Local_Print extended permit tcp any any eq lpd

access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol

access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 631

access-list AnyConnect_Client_Local_Print remark Windows' printing port

access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 9100

access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol

access-list AnyConnect_Client_Local_Print extended permit udp any host 224.0.0.251 eq 5353

access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name Resolution protocol

access-list AnyConnect_Client_Local_Print extended permit udp any host 224.0.0.252 eq 5355

access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol

access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 137

access-list AnyConnect_Client_Local_Print extended permit udp any any eq netbios-ns

access-list external_cryptomap extended permit ip object-group healthpoint object Cegedim

access-list external_cryptomap_1 extended permit ip object-group dfb_group object-group lausanne_group

access-list external_cryptomap_2 extended permit ip object-group DM_INLINE_NETWORK_4 object-group DPTNetwork

access-list Guest_access_in extended deny tcp 192.168.3.0 255.255.255.0 object-group GuestDNS object-group DM_INLINE_TCP_3 inactive

access-list Guest_access_in extended permit ip 192.168.3.0 255.255.255.0 object-group GuestDNS inactive

access-list Guest_access_in extended permit ip 192.168.3.0 255.255.255.0 object-group DM_INLINE_NETWORK_2

access-list Guest_access_in extended deny ip 192.168.3.0 255.255.255.0 10.5.64.0 255.255.240.0

access-list Guest_access_in extended permit ip 192.168.3.0 255.255.255.0 any

access-list Guest_access_out extended permit ip any any inactive

access-list Guest_access_out extended permit ip any 192.168.3.0 255.255.255.0

no pager

logging enable

logging buffer-size 1045786

logging asdm informational

mtu external 1500

mtu internal 1500

mtu Guest 1500

mtu management 1500

ip local pool HPVPNClients 10.5.79.0-10.5.79.254 mask 255.255.255.0

ip verify reverse-path interface external

no failover

icmp unreachable rate-limit 1 burst-size 1

icmp permit any external

icmp permit any internal

asdm image disk0:/asdm-645.bin

no asdm history enable

arp external *142.189.93 0024.c4c0.4cc0

arp timeout 14400

nat (internal,external) source static dfb dfb destination static vpnpool vpnpool route-lookup

nat (internal,external) source static dfb dfb destination static lausanne lausanne

nat (internal,external) source static healthpoint healthpoint destination static Cegedim Cegedim

nat (external,internal) source static DPTNetwork DPTNetwork destination static Crystal_ERP Crystal_ERP no-proxy-arp

nat (internal,external) source static healthpoint healthpoint destination static DPTDocumentum DPTDocumentum unidirectional

nat (internal,external) source static healthpoint healthpoint destination static DPTDocB DPTDocB unidirectional

nat (internal,external) source static healthpoint healthpoint destination static EzDocs EzDocs unidirectional

nat (internal,external) source static healthpoint healthpoint destination static DPTNotes DPTNotes unidirectional

!

object network obj-10.5.65.239

nat (internal,external) static *142.189.82

object network obj-10.5.65.253

nat (internal,external) static *142.189.83

object network obj-10.5.65.42

nat (internal,external) static *142.189.84

object network obj-10.5.65.219

nat (internal,external) static *142.189.87

object network obj_any

nat (internal,external) dynamic interface dns

object network hpbexch

nat (internal,external) static *142.189.91

object network hpbmsvpn

nat (internal,external) static *142.189.82

object network kacehost

nat (internal,external) static *142.189.90

object network hpbsentry

nat (internal,external) static *142.189.92

object network hpbMDM

nat (internal,external) static *142.189.93

object network hperoom

nat (internal,external) static *142.189.88

object network spintranet

nat (internal,external) static *142.189.85

object network spsales

nat (internal,external) static *142.189.89

object network spteams

nat (internal,external) static *142.189.94

object network GuestNetwork

nat (Guest,external) dynamic interface

access-group external_access_in in interface external

access-group external_access_out out interface external

access-group Guest_access_in in interface Guest

access-group Guest_access_out out interface Guest

route external 0.0.0.0 0.0.0.0 *142.189.25 1

route external 10.5.16.0 255.255.240.0 *142.189.25 1

route external 10.5.32.0 255.255.240.0 *142.189.25 1

route external 10.5.80.0 255.255.240.0 *142.189.25 1

route external 10.5.128.0 255.255.240.0 *142.189.25 1

route external 10.5.240.0 255.255.240.0 *142.189.25 1

route external 10.5.250.0 255.255.255.248 *142.189.25 1

route internal 172.18.0.0 255.255.255.255 10.5.64.1 1

route external 192.168.250.0 255.255.255.0 *142.189.25 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

dynamic-access-policy-record DfltAccessPolicy

aaa-server VPN-RADAuth protocol radius

aaa-server VPN-RADAuth (internal) host 10.5.65.253

key *****

radius-common-pw *****

aaa-server VPN-RADAuth (internal) host 10.5.65.240

key *****

aaa-server VPN-RADAuthHPB protocol radius

aaa-server VPN-RADAuthHPB (internal) host 10.5.64.196

key *****

radius-common-pw *****

user-identity default-domain LOCAL

aaa authentication ssh console LOCAL

http server enable

http 192.168.1.0 255.255.255.0 management

http 10.5.0.0 255.255.0.0 internal

http 0.0.0.0 0.0.0.0 external

http 0.0.0.0 0.0.0.0 internal

snmp-server host internal 10.5.65.210 community ***** version 2c

snmp-server location Healthpoint.Vickery

snmp-server contact Jonathan Henry

snmp-server community *****

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac

crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac

crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac

crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac

crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac

crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac

crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac

crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac

crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac

crypto ipsec ikev2 ipsec-proposal AES256

protocol esp encryption aes-256

protocol esp integrity sha-1 md5

crypto ipsec ikev2 ipsec-proposal AES192

protocol esp encryption aes-192

protocol esp integrity sha-1 md5

crypto ipsec ikev2 ipsec-proposal AES

protocol esp encryption aes

protocol esp integrity sha-1 md5

crypto ipsec ikev2 ipsec-proposal 3DES

protocol esp encryption 3des

protocol esp integrity sha-1 md5

crypto ipsec ikev2 ipsec-proposal DES

protocol esp encryption des

protocol esp integrity sha-1 md5

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES

crypto map external_map 1 match address external_cryptomap

crypto map external_map 1 set peer 64.126.222.190

crypto map external_map 1 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5

crypto map external_map 2 match address external_cryptomap_1

crypto map external_map 2 set pfs

crypto map external_map 2 set peer 109.164.216.164

crypto map external_map 2 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5

crypto map external_map 3 match address external_cryptomap_2

crypto map external_map 3 set peer 12.197.232.98

crypto map external_map 3 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5

crypto map external_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP

crypto map external_map interface external

crypto ca trustpoint _SmartCallHome_ServerCA

crl configure

crypto ca trustpoint ASDM_TrustPoint0

keypair ASDM_TrustPoint0

crl configure

crypto ca certificate chain _SmartCallHome_ServerCA

certificate ca 6ecc7aa5a7032009b8cebcf4e952d491

    308205ec 308204d4 a0030201 0202106e cc7aa5a7 032009b8 cebcf4e9 52d49130

    0d06092a 864886f7 0d010105 05003081 ca310b30 09060355 04061302 55533117

    30150603 55040a13 0e566572 69536967 6e2c2049 6e632e31 1f301d06 0355040b

    13165665 72695369 676e2054 72757374 204e6574 776f726b 313a3038 06035504

    0b133128 63292032 30303620 56657269 5369676e 2c20496e 632e202d 20466f72

    20617574 686f7269 7a656420 75736520 6f6e6c79 31453043 06035504 03133c56

    65726953 69676e20 436c6173 73203320 5075626c 69632050 72696d61 72792043

    65727469 66696361 74696f6e 20417574 686f7269 7479202d 20473530 1e170d31

    30303230 38303030 3030305a 170d3230 30323037 32333539 35395a30 81b5310b

    30090603 55040613 02555331 17301506 0355040a 130e5665 72695369 676e2c20

    496e632e 311f301d 06035504 0b131656 65726953 69676e20 54727573 74204e65

    74776f72 6b313b30 39060355 040b1332 5465726d 73206f66 20757365 20617420

    68747470 733a2f2f 7777772e 76657269 7369676e 2e636f6d 2f727061 20286329

    3130312f 302d0603 55040313 26566572 69536967 6e20436c 61737320 33205365

    63757265 20536572 76657220 4341202d 20473330 82012230 0d06092a 864886f7

    0d010101 05000382 010f0030 82010a02 82010100 b187841f c20c45f5 bcab2597

    a7ada23e 9cbaf6c1 39b88bca c2ac56c6 e5bb658e 444f4dce 6fed094a d4af4e10

    9c688b2e 957b899b 13cae234 34c1f35b f3497b62 83488174 d188786c 0253f9bc

    7f432657 5833833b 330a17b0 d04e9124 ad867d64 12dc744a 34a11d0a ea961d0b

    15fca34b 3bce6388 d0f82d0c 948610ca b69a3dca eb379c00 48358629 5078e845

    63cd1941 4ff595ec 7b98d4c4 71b350be 28b38fa0 b9539cf5 ca2c23a9 fd1406e8

    18b49ae8 3c6e81fd e4cd3536 b351d369 ec12ba56 6e6f9b57 c58b14e7 0ec79ced

    4a546ac9 4dc5bf11 b1ae1c67 81cb4455 33997f24 9b3f5345 7f861af3 3cfa6d7f

    81f5b84a d3f58537 1cb5a6d0 09e4187b 384efa0f 02030100 01a38201 df308201

    db303406 082b0601 05050701 01042830 26302406 082b0601 05050730 01861868

    7474703a 2f2f6f63 73702e76 65726973 69676e2e 636f6d30 12060355 1d130101

    ff040830 060101ff 02010030 70060355 1d200469 30673065 060b6086 480186f8

    45010717 03305630 2806082b 06010505 07020116 1c687474 70733a2f 2f777777

    2e766572 69736967 6e2e636f 6d2f6370 73302a06 082b0601 05050702 02301e1a

    1c687474 70733a2f 2f777777 2e766572 69736967 6e2e636f 6d2f7270 61303406

    03551d1f 042d302b 3029a027 a0258623 68747470 3a2f2f63 726c2e76 65726973

    69676e2e 636f6d2f 70636133 2d67352e 63726c30 0e060355 1d0f0101 ff040403

    02010630 6d06082b 06010505 07010c04 61305fa1 5da05b30 59305730 55160969

    6d616765 2f676966 3021301f 30070605 2b0e0302 1a04148f e5d31a86 ac8d8e6b

    c3cf806a d448182c 7b192e30 25162368 7474703a 2f2f6c6f 676f2e76 65726973

    69676e2e 636f6d2f 76736c6f 676f2e67 69663028 0603551d 11042130 1fa41d30

    1b311930 17060355 04031310 56657269 5369676e 4d504b49 2d322d36 301d0603

    551d0e04 1604140d 445c1653 44c1827e 1d20ab25 f40163d8 be79a530 1f060355

    1d230418 30168014 7fd365a7 c2ddecbb f03009f3 4339fa02 af333133 300d0609

    2a864886 f70d0101 05050003 82010100 0c8324ef ddc30cd9 589cfe36 b6eb8a80

    4bd1a3f7 9df3cc53 ef829ea3 a1e697c1 589d756c e01d1b4c fad1c12d 05c0ea6e

    b2227055 d9203340 3307c265 83fa8f43 379bea0e 9a6c70ee f69c803b d937f47a

    6decd018 7d494aca 99c71928 a2bed877 24f78526 866d8705 404167d1 273aeddc

    481d22cd 0b0b8bbc f4b17bfd b499a8e9 762ae11a 2d876e74 d388dd1e 22c6df16

    b62b8214 0a945cf2 50ecafce ff62370d ad65d306 4153ed02 14c8b558 28a1ace0

    5becb37f 954afb03 c8ad26db e6667812 4ad99f42 fbe198e6 42839b8f 8f6724e8

    6119b5dd cdb50b26 058ec36e c4c875b8 46cfe218 065ea9ae a8819a47 16de0c28

    6c2527b9 deb78458 c61f381e a4c4cb66

  quit

crypto ca certificate chain ASDM_TrustPoint0

certificate 4b54478c1754b7

    30820563 3082044b a0030201 0202074b 54478c17 54b7300d 06092a86 4886f70d

    01010505 003081ca 310b3009 06035504 06130255 53311030 0e060355 04081307

    4172697a 6f6e6131 13301106 03550407 130a5363 6f747473 64616c65 311a3018

    06035504 0a131147 6f446164 64792e63 6f6d2c20 496e632e 31333031 06035504

    0b132a68 7474703a 2f2f6365 72746966 69636174 65732e67 6f646164 64792e63

    6f6d2f72 65706f73 69746f72 79313030 2e060355 04031327 476f2044 61646479

    20536563 75726520 43657274 69666963 6174696f 6e204175 74686f72 69747931

    11300f06 03550405 13083037 39363932 3837301e 170d3131 30313036 31393533

    33395a17 0d313331 31323932 31343730 315a305b 311a3018 06035504 0a13112a

    2e686561 6c746870 6f696e74 2e636f6d 3121301f 06035504 0b131844 6f6d6169

    6e20436f 6e74726f 6c205661 6c696461 74656431 1a301806 03550403 13112a2e

    6865616c 7468706f 696e742e 636f6d30 82012230 0d06092a 864886f7 0d010101

    05000382 010f0030 82010a02 82010100 c6609ef2 c19c47e9 016ce654 d151146e

    5d213545 ca896f4e cbb2624c 5ea6d7f0 7f18a82b e441020b 74d6ebd4 b7ef34c9

    97b80ce0 6eb1c1cc 3b296909 8a0a2ad7 2473fb60 ff0c9320 ec9b3fe3 82a501c4

    3c3855bd e0822ce1 e1d1fb03 4609639f 9359653b 091b6b48 5ce22806 234a55e5

    6f80ebba cfb68a22 6cd1e64e 756f22b5 13a6178d 9ffcfbbb 5ca4b773 50089a8b

    7e966a23 d4711a49 44c101fc a6b68e26 6a8d57f3 2fed1f6f ce6b0535 498c5c97

    bf0577fa 9d9a1e37 4ff3b9f0 913dac74 3f4d26c9 09aac485 ccd5dfb9 7aa226e8

    89075829 eff0cf99 b642e679 5a9dfe74 e5899e30 e07b6bbf a92fab33 cb8d7f65

    1d974861 8b02d78b bc7908a9 e70b1b59 02030100 01a38201 ba308201 b6300f06

    03551d13 0101ff04 05300301 0100301d 0603551d 25041630 1406082b 06010505

    07030106 082b0601 05050703 02300e06 03551d0f 0101ff04 04030205 a0303306

    03551d1f 042c302a 3028a026 a0248622 68747470 3a2f2f63 726c2e67 6f646164

    64792e63 6f6d2f67 6473312d 32382e63 726c304d 0603551d 20044630 44304206

    0b608648 0186fd6d 01071701 30333031 06082b06 01050507 02011625 68747470

    733a2f2f 63657274 732e676f 64616464 792e636f 6d2f7265 706f7369 746f7279

    2f308180 06082b06 01050507 01010474 30723024 06082b06 01050507 30018618

    68747470 3a2f2f6f 6373702e 676f6461 6464792e 636f6d2f 304a0608 2b060105

    05073002 863e6874 74703a2f 2f636572 74696669 63617465 732e676f 64616464

    792e636f 6d2f7265 706f7369 746f7279 2f67645f 696e7465 726d6564 69617465

    2e637274 301f0603 551d2304 18301680 14fdac61 32936c45 d6e2ee85 5f9abae7

    769968cc e7302d06 03551d11 04263024 82112a2e 6865616c 7468706f 696e742e

    636f6d82 0f686561 6c746870 6f696e74 2e636f6d 301d0603 551d0e04 16041475

    346fa066 c4b0cb48 a6aaf4d5 d03124fd 1babaf30 0d06092a 864886f7 0d010105

    05000382 01010080 81fec403 103ecd08 88f17283 68154d3e 92da6355 58c50ea9

    b6d2a2d1 86428614 44b3f27b ae00352d 0339f481 22d2bc3c 1f7a8458 495a337f

    f939fa9d 76c9635c ac1f5452 8ec504ae 6c90dfc2 70e3b620 c34aedb3 12f8facd

    ce45e918 af358576 b6711324 f5d53b62 77c2bb0d 6ff7a26c 1863c7fe eae6ee42

    c1855066 e994db91 af755c47 b257545f ee29c6ab 57104a27 890f7f9c f95898c8

    ed30eda7 9e86ebd4 c6007d3b 640e2312 3875410b 79ddff84 11454b83 7126ebbb

    ce9c916a d5839e2b 095310e0 51e7e0cd d71c4830 ec1177c8 0407c147 afa2a33a

    d058fa1b de4b2771 8af206c6 27e17249 1afbd515 d3f2845d a3699196 a9a7044c

    5738a868 e01e59

  quit

crypto ikev2 policy 1

encryption aes-256

integrity sha

group 5 2

prf sha

lifetime seconds 86400

crypto ikev2 policy 10

encryption aes-192

integrity sha

group 5 2

prf sha

lifetime seconds 86400

crypto ikev2 policy 20

encryption aes

integrity sha

group 5 2

prf sha

lifetime seconds 86400

crypto ikev2 policy 30

encryption 3des

integrity sha

group 5 2

prf sha

lifetime seconds 86400

crypto ikev2 policy 40

encryption des

integrity sha

group 5 2

prf sha

lifetime seconds 86400

crypto ikev1 enable external

crypto ikev1 policy 1

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400

crypto ikev1 policy 2

authentication pre-share

encryption 3des

hash md5

group 2

lifetime 86400

crypto ikev1 policy 3

authentication pre-share

encryption 3des

hash sha

group 1

lifetime 86400

crypto ikev1 policy 4

authentication pre-share

encryption 3des

hash md5

group 1

lifetime 86400

crypto ikev1 policy 10

authentication crack

encryption aes-256

hash sha

group 2

lifetime 86400

crypto ikev1 policy 20

authentication rsa-sig

encryption aes-256

hash sha

group 2

lifetime 86400

crypto ikev1 policy 30

authentication pre-share

encryption aes-256

hash sha

group 2

lifetime 86400

crypto ikev1 policy 40

authentication crack

encryption aes-192

hash sha

group 2

lifetime 86400

crypto ikev1 policy 50

authentication rsa-sig

encryption aes-192

hash sha

group 2

lifetime 86400

crypto ikev1 policy 60

authentication pre-share

encryption aes-192

hash sha

group 2

lifetime 86400

crypto ikev1 policy 70

authentication crack

encryption aes

hash sha

group 2

lifetime 86400

crypto ikev1 policy 80

authentication rsa-sig

encryption aes

hash sha

group 2

lifetime 86400

crypto ikev1 policy 90

authentication pre-share

encryption aes

hash sha

group 2

lifetime 86400

crypto ikev1 policy 100

authentication crack

encryption 3des

hash sha

group 2

lifetime 86400

crypto ikev1 policy 110

authentication rsa-sig

encryption 3des

hash sha

group 2

lifetime 86400

crypto ikev1 policy 130

authentication crack

encryption des

hash sha

group 2

lifetime 86400

crypto ikev1 policy 140

authentication rsa-sig

encryption des

hash sha

group 2

lifetime 86400

crypto ikev1 policy 150

authentication pre-share

encryption des

hash sha

group 2

lifetime 86400

telnet 10.5.0.0 255.255.0.0 internal

telnet 192.168.1.0 255.255.255.0 management

telnet timeout 5

ssh 10.5.0.0 255.255.0.0 internal

ssh timeout 5

console timeout 0

no vpn-addr-assign aaa

no vpn-addr-assign dhcp

dhcpd address 192.168.1.2-192.168.1.254 management

dhcpd enable management

!

threat-detection basic-threat

threat-detection statistics port

threat-detection statistics protocol

threat-detection statistics access-list

threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200

ntp server 10.5.65.242 source internal

ssl trust-point ASDM_TrustPoint0 external

webvpn

enable external

enable internal

anyconnect-essentials

anyconnect image disk0:/anyconnect-win-2.5.0217-k9.pkg 1

anyconnect profiles HP_Basic disk0:/HP_Basic.xml

anyconnect enable

tunnel-group-list enable

group-policy DfltGrpPolicy attributes

vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-clientless

group-policy GroupPolicy1 internal

group-policy GroupPolicy1 attributes

vpn-tunnel-protocol ikev1 ikev2

group-policy HPVPN internal

group-policy HPVPN attributes

banner value You are now connected to Healthpoint, Ltd.

wins-server none

dns-server value 10.5.64.199 10.5.64.197

dhcp-network-scope none

vpn-idle-timeout none

vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec ssl-client ssl-clientless

ip-comp disable

ipsec-udp enable

split-tunnel-policy tunnelspecified

split-tunnel-network-list value split

default-domain value hpb.net

split-dns none

split-tunnel-all-dns disable

user-authentication-idle-timeout none

address-pools value HPVPNClients

client-firewall none

client-access-rule none

webvpn

  anyconnect keep-installer installed

  anyconnect ssl compression none

  anyconnect profiles value HP_Basic type user

  anyconnect ask enable default anyconnect timeout 5

  http-comp none

username bcline password Wpo.Polan03mKRJ9 encrypted privilege 15

username jhenry password wX50UveiwuBH7p7v encrypted privilege 15

username ittemp password zpQoWfp93rOS3NU7 encrypted privilege 5

tunnel-group HPVPN type remote-access

tunnel-group HPVPN general-attributes

address-pool HPVPNClients

authentication-server-group VPN-RADAuth

authentication-server-group (external) VPN-RADAuth

default-group-policy HPVPN

password-management password-expire-in-days 3

tunnel-group HPVPN webvpn-attributes

group-alias HPVPN enable

tunnel-group HPVPN ipsec-attributes

ikev1 pre-shared-key *****

tunnel-group 64.126.222.190 type ipsec-l2l

tunnel-group 64.126.222.190 ipsec-attributes

ikev1 pre-shared-key *****

ikev2 remote-authentication pre-shared-key *****

ikev2 local-authentication pre-shared-key *****

tunnel-group 109.164.216.164 type ipsec-l2l

tunnel-group 109.164.216.164 ipsec-attributes

ikev1 pre-shared-key *****

ikev2 remote-authentication pre-shared-key *****

ikev2 local-authentication pre-shared-key *****

tunnel-group 12.197.232.98 type ipsec-l2l

tunnel-group 12.197.232.98 ipsec-attributes

ikev1 pre-shared-key *****

tunnel-group HPB type remote-access

tunnel-group HPB general-attributes

address-pool HPVPNClients

authentication-server-group VPN-RADAuthHPB

authentication-server-group (external) VPN-RADAuthHPB

default-group-policy HPVPN

password-management password-expire-in-days 3

tunnel-group HPB webvpn-attributes

group-alias HPB disable

group-alias HPVPN_NEW enable

tunnel-group HPB ipsec-attributes

ikev1 pre-shared-key *****

tunnel-group HPB ppp-attributes

authentication ms-chap-v2

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

parameters

  message-length maximum 512

  no dns-guard

policy-map global_policy

class inspection_default

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect rsh

  inspect rtsp

  inspect sqlnet

  inspect skinny 

  inspect sunrpc

  inspect xdmcp

  inspect sip 

  inspect netbios

  inspect tftp

  inspect ip-options

  inspect icmp

  inspect dns

!

service-policy global_policy global

prompt hostname context

service call-home

call-home reporting anonymous

call-home

contact-email-addr

profile CiscoTAC-1

  destination address

  destination address email callhome@cisco.com

  destination transport-method http

  subscribe-to-alert-group diagnostic

  subscribe-to-alert-group environment

  subscribe-to-alert-group inventory periodic monthly

  subscribe-to-alert-group configuration periodic monthly

  subscribe-to-alert-group telemetry periodic daily

Cryptochecksum:f3c293700f62ee55af87105015fe4cd0

: end

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
jumora
Level 7
Level 7

‎11-19-2013 09:43 AM

You have to options:

1. The router that is internal must have a static route to the ASA to reach the VPN networks and must have a distribute static so that other routers that form part of EIGRP know how to route to the VPN networks.

2. You can configure on the ASA "set reverse-route" on the crypto map then configure EIGRP on the ASA and add redistribute static so that routes learned via VPN (considered static routes) can be pushed through EIGRP.

Value our effort and rate the assistance!

View solution in original post

0 Helpful
3 Replies 3

Go to solution
jumora
Level 7
Level 7

‎11-19-2013 09:43 AM

You have to options:

1. The router that is internal must have a static route to the ASA to reach the VPN networks and must have a distribute static so that other routers that form part of EIGRP know how to route to the VPN networks.

2. You can configure on the ASA "set reverse-route" on the crypto map then configure EIGRP on the ASA and add redistribute static so that routes learned via VPN (considered static routes) can be pushed through EIGRP.

Value our effort and rate the assistance!
0 Helpful

Go to solution
ccarter81
Level 1
Level 1

‎11-19-2013 10:04 AM

I figured it out. It was my NAT exemption. I did a static NAT to the network objects and added a static route. Bam. Thanks for the reply though.


Sent from Cisco Technical Support Android App

0 Helpful

Go to solution
jumora
Level 7
Level 7
In response to ccarter81

‎11-19-2013 10:07 AM

Rate the assistance please

Value our effort and rate the assistance!
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card