Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4832
Views
5
Helpful
6
Replies

Site to Site VPN - Destination Net Unreachable

Go to solution
bored28
Level 1
Level 1

‎02-20-2019 02:45 PM - edited ‎02-22-2019 06:36 AM

Hey Folks, 

 

I've been trying to get traffic passing between these two asa's for a while.  I have Site A and Site B tunnel up, but traffic is not flowing completely.  I can ping from Site B to Site A but when I try to Ping from Site A to Site B, I get Destination Net Unreachable.  I'm trying to ping from 192.168.10.10 to 10.1.44.1 in the remote network but they fail.   Pings from 10.1.44.1 to 192.168.10.10 are successful. 

 

Here is the run conf on Site A.  I'd appreciate a second set of eyes.  

 

!
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address xxxx 255.255.255.248
!
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 192.168.10.1 255.255.255.0
!
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/4
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/5
no nameif
security-level 100
no ip address
!
interface GigabitEthernet0/5.560
shutdown
vlan 560
nameif mgtplanegw
security-level 0
ip address 172.17.56.1 255.255.255.0
!
interface GigabitEthernet0/6
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/7
shutdown
nameif SLC-Network
security-level 0
no ip address
!
interface GigabitEthernet0/7.1000
vlan 1000
nameif 1000
security-level 100
ip address 10.0.0.1 255.255.255.0
!
interface GigabitEthernet0/7.1001
vlan 1001
nameif 1001
security-level 100
ip address 10.1.1.1 255.255.255.0
!
interface GigabitEthernet0/7.1002
nve-only
vlan 1002
nameif 1002
security-level 100
ip address 10.1.2.1 255.255.255.0
!
interface GigabitEthernet0/7.1003
vlan 1003
nameif 1003
security-level 100
ip address 10.1.3.1 255.255.255.0
!
interface GigabitEthernet0/7.1004
vlan 1004
nameif 1004
security-level 100
ip address 10.1.4.1 255.255.255.0
!
interface Management0/0
management-only
nameif management
security-level 100
ip address 192.168.7.1 255.255.255.0
!
ftp mode passive
clock timezone MST -7
clock summer-time MDT recurring
dns server-group DefaultDNS
domain-name petrasystems.com
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network 10.254.0.0
subnet 10.254.0.0 255.255.0.0
object network 10.40.0.0_16
subnet 10.40.0.0 255.255.0.0
object network 172.254.1.0_24
subnet 172.254.1.0 255.255.255.0
object network host_10.1.1.2
host 10.1.1.2
object network static_nat_xxxx
host xxxx
description statis nat to jumpbox
object network 10.1.1.0_24
subnet 10.1.1.0 255.255.255.0
description 10.1.1.0_24
object network obj_Inside_Test_Nat
object network 10-1-2-0
subnet 10.1.2.0 255.255.255.0
object network net_any
subnet 0.0.0.0 0.0.0.0
object network Tunnel_Gateway
host 169.254.13.13
object network VLAN-Interface
host 10.1.1.1
object network 10.40.0.0
host 10.40.49.131
object network Remote-VTI
host 169.254.13.14
object network 169.254.13.12
host 169.254.13.12
object network 10.40.38.59
host 10.40.38.59
description SNMP
object network 172.16.1.0_26
subnet 172.16.1.0 255.255.255.192
object network 172.17.56.0_24
subnet 172.17.56.0 255.255.255.0
object network 172.26.1.0
subnet 172.26.1.0 255.255.255.0
object network NETWORK_OBJ_192.168.10.0_24
subnet 192.168.10.0 255.255.255.0
object network ATT-1
range 10.1.32.1 10.1.63.254
description ATT-1
object network ATT-2
range 10.2.32.1 10.2.63.254
description ATT-2
object network xxxx
host 255.255.255.255
description FW02
object network NETWORK_OBJ_172.16.1.0_24
subnet 172.16.1.0 255.255.255.0
object-group protocol DM_INLINE_PROTOCOL_2
protocol-object ip
protocol-object icmp
object-group protocol DM_INLINE_PROTOCOL_1
protocol-object ip
protocol-object icmp
object-group protocol DM_INLINE_PROTOCOL_6
protocol-object ip
protocol-object icmp
access-list outside_cryptomap extended permit ip object NETWORK_OBJ_192.168.10.0_24 any
access-list 102 extended permit object-group DM_INLINE_PROTOCOL_2 any any
access-list 1001_access_in extended permit object-group DM_INLINE_PROTOCOL_1 any any
access-list SLC-Network_access_in extended permit ip any any
access-list Inside_Test_access_in extended permit object-group DM_INLINE_PROTOCOL_6 any any
access-list outside_access_in_1 extended permit ip any object NETWORK_OBJ_192.168.10.0_24
access-list outside_access_in_1 extended permit ip object NETWORK_OBJ_192.168.10.0_24 any
access-list inside_access_in extended permit ip any any
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu mgtplanegw 1500
mtu SLC-Network 1500
mtu 1000 1500
mtu 1001 1500
mtu 1002 1500
mtu 1003 1500
mtu 1004 1500
mtu management 1500
mtu inside 1500
no failover
no monitor-interface service-module
icmp unreachable rate-limit 1 burst-size 1
icmp permit any echo SLC-Network
icmp permit any echo-reply SLC-Network
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
arp rate-limit 16384
nat (inside,outside) source dynamic net_any interface
nat (inside,outside) source static NETWORK_OBJ_192.168.10.0_24 NETWORK_OBJ_192.168.10.0_24 no-proxy-arp route-lookup
access-group outside_access_in_1 in interface outside
access-group inside_access_in in interface inside
!
route-map Trial permit 1
match interface outside
match metric 1
set ip next-hop xxxx

!
route outside 0.0.0.0 0.0.0.0 xxxx 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
timeout conn-holddown 0:00:15
timeout igp stale-route 0:01:10
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
aaa authentication login-history
http server enable
http 172.23.0.0 255.255.255.0 management
http 192.168.7.0 255.255.255.0 management
http 10.1.0.0 255.255.0.0 SLC-Network
http xxxx 255.255.255.255 outside
http xxxx 255.255.255.255 outside
snmp-server host 1000 10.40.38.59 community ***** version 2c
snmp-server location xxxx
snmp-server contact xxxx
snmp-server community *****
sysopt connection tcpmss 1379
crypto ipsec ikev1 transform-set ipsec-prop-vpn-b76286a2-0 esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set myset esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transport
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec profile ipsec-vpn-b76286a2-0
set ikev1 transform-set ipsec-prop-vpn-b76286a2-0
set pfs group2
set security-association lifetime seconds 3600
crypto ipsec profile myset
set ikev1 transform-set myset
set pfs group2
set security-association lifetime seconds 3600
responder-only
crypto ipsec security-association replay window-size 128
crypto ipsec security-association pmtu-aging infinite
crypto ipsec df-bit clear-df outside
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-192-SHA ESP-AES-256-SHA ESP-3DES-SHA ESP-DES-SHA ESP-AES-128-SHA-TRANS ESP-AES-192-SHA-TRANS ESP-AES-256-SHA-TRANS ESP-3DES-SHA-TRANS ESP-DES-SHA-TRANS
crypto map outside_map 1 match address outside_cryptomap
crypto map outside_map 1 set peer xxxx
crypto map outside_map 1 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 1 set ikev2 ipsec-proposal DES 3DES AES AES192 AES256
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto ca trustpoint ASDM_TrustPoint0
enrollment self
subject-name CN=ciscoasa
keypair 
crl configure
crypto ca trustpool policy
crypto ca certificate chain ASDM_TrustPoint0
certificate 0ceeea5a
308202d4 308201bc a0030201 0202040c eeea5a30 0d06092a 864886f7 0d01010b
0500302c 3111300f 06035504 03130863 6973636f 61736131 17301506 092a8648
86f70d01 09021608 63697363 6f617361 301e170d 31383035 30373136 34323436
5a170d32 38303530 34313634 3234365a 302c3111 300f0603 55040313 08636973
636f6173 61311730 1506092a 864886f7 0d010902 16086369 73636f61 73613082
0122300d 06092a86 4886f70d 01010105 00038201 0f003082 010a0282 010100ae
d5de8bbe 0299a6f3 61892482 bebed3f6 c7b27d34 3a0d0e1b 6eeab969 ca2f510f
319a198e d0331fd6 cfbcc7a2 75e285c5 a014a3d2 f4b6b7cd 9b8d7ad1 919f461d
10dce8b6 1a2420fd 79871720 32baedb0 b93b1e12 628c6e83 850cc344 6e6ba943
32083e4e fade2bb5 0c82fc46 2f332a3f 0dc5c853 2594bfc1 dbf93b76 27c2a13e
04a0ac93 e56779e4 600efa21 601948a6 63cf0915 579c1d77 bdff991d a7b481ec
0fa74391 0ac03b0e cca5b9e4 b88d530f 7d561695 3906b29e 998c3f68 f678ff3c
05aa9994 20eb0863 2551deb7 b7d72a06 2e33d4c9 facd0884 e16f6aa0 a8c9d66b
1c0ba35e 6b27309a 5f4b37b2 7d37dde1 3f19ef02 11a54479 ebfe6157 be929b02
03010001 300d0609 2a864886 f70d0101 0b050003 82010100 0b64f2ad 41bf8318
ed87cb3a 90b1da5d 82d3f11c 164ec2a7 f6bb8948 799aefd1 b822688c 693e8d3d
e10f81b3 1d5afdf6 ee2ddc9b f7ac19de 4df24bbe 13bb8114 f0d333b2 434260bb
e5483355 79fbe25e 4774bbc6 16344a6c 060cdc2d 3604ce12 7913ab4d ee600b1d
357644bc 281ee1fd 8a751d20 4ebbd247 48e3cfca 15f3940a 8a974fa2 1db47f31
1012f268 59c3d54c 61c18daa ee8b3dca c0231b8f 7eb846d4 dd0400fe 5f313e22
9f9e19c5 6f2c40be 6c9c63f3 375327b1 ab4a3ac6 e07fb7f9 3ad82f3d 4af07fa4
17c8eac0 5076f238 6db37b56 c997326f 208251db ec65725a 657a13c2 e539080a
5339556e 5ff755d1 25d2fba1 b409e66d 152a16a4 fe8adb13
quit
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-256
integrity sha256
group 19
prf sha256
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable outside
crypto ikev1 enable outside
crypto ikev1 policy 1
authentication pre-share
encryption des
hash md5
group 2
lifetime 3600
telnet timeout 5
ssh scopy enable
ssh stricthostkeycheck
ssh xxxx 255.255.255.255 outside
ssh xxxx 255.255.255.255 outside
ssh 10.0.0.0 255.0.0.0 SLC-Network
ssh 10.1.0.0 255.255.0.0 SLC-Network
ssh 172.23.0.0 255.255.255.0 management
ssh 192.168.7.0 255.255.255.0 management
ssh 192.168.10.0 255.255.255.0 inside
ssh timeout 30
ssh key-exchange group dh-group14-sha1
console timeout 0
management-access 1000
dhcpd address 192.168.7.91-192.168.7.254 management
dhcpd enable management
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server xxxx source outside prefer
group-policy DefaultRAGroup internal
group-policy DefaultRAGroup attributes
vpn-tunnel-protocol l2tp-ipsec
default-domain value petrasystems.com
group-policy GroupPolicy_xxxx internal
group-policy GroupPolicy_xxxx attributes
vpn-tunnel-protocol ikev1 ikev2
dynamic-access-policy-record DfltAccessPolicy

tunnel-group DefaultRAGroup general-attributes
address-pool 172.16.1.1
default-group-policy DefaultRAGroup
tunnel-group DefaultRAGroup ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group xxxx type ipsec-l2l
tunnel-group xxxx general-attributes
default-group-policy GroupPolicy_xxxx
tunnel-group xxxx ipsec-attributes
ikev1 pre-shared-key *****
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
no tcp-inspection
policy-map global_policy
class inspection_default
inspect icmp
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:c9220488d6af70e38b53d1822d00a938
: end

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jaderson Pessoa
VIP Alumni
VIP Alumni
In response to bored28

‎02-22-2019 04:14 AM

Dear bored28,

Please, confirm for me, this crypto maps are configurations to perform your tunnel A and B?

CONFIG ON SIDE A

crypto map outside_map 1 match address outside_cryptomap
crypto map outside_map 1 set peer 8.12.246.122
crypto map outside_map 1 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 1 set ikev2 ipsec-proposal DES 3DES AES AES192 AES256
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside

 

access-list outside_cryptomap extended permit ip object NETWORK_OBJ_192.168.10.0_24 any

object network NETWORK_OBJ_192.168.10.0_24
subnet 192.168.10.0 255.255.255.0

 

CONFIG ON SIDE B

crypto map outside_map 14 match address outside_cryptomap_13
crypto map outside_map 14 set peer 69.27.238.6
crypto map outside_map 14 set ikev1 transform-set ESP-AES-256-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside

 

 

access-list outside_cryptomap_13 extended permit ip object-group netJMEDN object-group

 

there aren't no networks advertise on this object group. netJMEDN

Jaderson Pessoa
*** Rate All Helpful Responses ***

View solution in original post

6 Replies 6

Go to solution
bored28
Level 1
Level 1

‎02-21-2019 02:23 PM

Geez, not a single reply. Either i'm going something non-standard or i haven't explained the problem very well. This has been killing me. I get ICMPs to pass from the remote network to the local network but not the other way around.

As an FYI, the remote asa is a hub got multiple site to site tunnels coming in. However, since i get destination net unreachable, i keep thinking the traffic just isnt getting to the tunnel. But who knows, i'm at a loss.
0 Helpful

Go to solution
Jaderson Pessoa
VIP Alumni
VIP Alumni
In response to bored28

‎02-21-2019 05:30 PM

Could provide configuration from your site B?
Its possible?

I thinking about rules incorrectly order.
Jaderson Pessoa
*** Rate All Helpful Responses ***
0 Helpful

Go to solution
bored28
Level 1
Level 1
In response to Jaderson Pessoa

‎02-21-2019 06:57 PM - edited ‎02-22-2019 06:37 AM

Site B

 

ASA Version 9.1(3)
!
hostname 
domain-name 
enable password z4QCcc7Khg9LmLsZ encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd fACwTWLwmjniyPW7 encrypted
no names
name 172.26.2.0 vlan2
name 192.168.33.0 vlan33 description Lloyd OH

name 172.26.0.0 vlan172
name 172.16.14.0 vlan116
name 172.26.128.0 vlan828
name 192.168.168.18 hostSMSAppServer
name 172.26.150.0 vlan850
name 172.26.1.0 vlan101
name 172.26.7.0 vlan107
name 172.26.8.0 vlan108
name 172.26.9.0 vlan109
name 192.168.10.0 netVPN
name 10.1.0.0 netLANtest
name 192.168.168.14 hostPETNJDC01
name 192.168.33.15 hostPETNJDRDC
name 192.168.33.10 hostPETNJDREXCH
name 192.168.168.68 hostPETNJMSCG01
name 192.168.168.29 hostADPHandPunch
name 192.168.168.15 host-TS

name 192.168.168.25 hostAppleTV
name 192.168.168.12 hostPETNJMSDC02
name 192.168.168.20 hostPSAPPS

name 192.168.168.149 hostMarlabsConsultant


name 192.168.168.42 hostPETNJEXCH01-1
name 192.168.168.43 hostPETNJEXCH01-2 description Postini Relay

name 10.121.19.0 netTelargo.t-mobile.com
name 172.26.7.63 hostSKURAN
name 172.26.10.108 hostSKURAN-W
name 172.26.111.51 hostSaumilLap
name 10.79.37.0 netO2WylessNet
name 10.16.27.0 netWylessNet
name xxxx ext xxxx
name xxxx ext xxxx
name 192.168.168.0 vlan167
name 172.26.111.0 vlan811
name 172.26.112.0 vlan812
dns-guard
ip local pool FTO 172.30.7.201-172.30.7.230 mask 255.255.255.0
!
interface GigabitEthernet0/0
speed 1000
duplex full
nameif outside
security-level 0
ip address xxxx 255.255.255.224
!
interface GigabitEthernet0/1
speed 1000
duplex full
nameif inside
security-level 100
ip address 172.26.232.6 255.255.255.240
!
interface GigabitEthernet0/2
shutdown
no nameif
security-level 100
no ip address
!
interface GigabitEthernet0/3
description LAN Failover Interface
!
interface Management0/0
management-only
nameif management
security-level 100
ip address 172.26.211.6 255.255.255.0
!
banner login Please logon. NO Authorized access or you will be banished ...
banner motd How are you doing today !!!
boot system disk0:/asa913-k8.bin
boot system disk0:/asa846-k8.bin
boot system disk0:/asa844-1-k8.bin
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns domain-lookup outside
dns domain-lookup inside
dns server-group DefaultDNS
name-server 8.8.8.8
name-server 8.8.4.4
domain-name 
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network vlan811
subnet 172.26.111.0 255.255.255.0
description Created during name migration
object network vlan812
subnet 172.26.112.0 255.255.255.0
description Created during name migration
object network vlan167
subnet 192.168.168.0 255.255.255.0
description Created during name migration
object network vlan828
subnet 172.26.128.0 255.255.255.0
description Created during name migration
object network vlan109
subnet 172.26.9.0 255.255.255.0
object network netJMvlan301
subnet 172.30.1.0 255.255.255.0
object network netJMvlan307
subnet 172.30.7.0 255.255.255.0
object network vlan107
subnet 172.26.7.0 255.255.255.0
object network vlan108
subnet 172.26.8.0 255.255.255.0
object network vlan110
subnet 172.26.10.0 255.255.255.0
object network netJMvlan350
subnet 172.30.50.0 255.255.255.0
object network vlan816
subnet 172.26.116.0 255.255.252.0
object network vlan103
subnet 172.26.3.0 255.255.255.0
object network hostPetraNOC1
host 172.26.101.151
object network hostNOC2
host 172.26.101.152
object network hostNOC3
host 172.26.101.153
object network hostNOC4
host 172.26.101.154
object network hostSMS18
host 192.168.168.18
object network hostSMS57
host 172.26.1.57
object network hostSMS58
host 172.26.1.58
object network hostSMS59
host 172.26.1.59
object network hostSMS60
host 172.26.1.60
object network netAttMobility1
subnet 10.1.32.0 255.255.224.0
object network netTMOBGen
subnet 10.215.216.0 255.255.255.0
object network netTMOBUK1
subnet 10.16.27.0 255.255.255.0
object network netTMOBUK2
subnet 10.79.37.0 255.255.255.0
object network netTMOBUS
subnet 10.121.19.0 255.255.255.0
object network vlan101
subnet 172.26.1.0 255.255.255.0
object network hostHPQC
host 192.168.168.20
object network host-TeamForge
host 192.168.168.60
object network netJMvlan101
subnet 172.22.1.0 255.255.255.0
object network netZainJordan
subnet 10.79.19.0 255.255.255.0
object network hostSMS86
host 172.26.1.86
object network host-TEST-AP
host 172.26.10.128
object network hostZainTestHost
host 172.18.89.130
object network netZain
subnet 10.179.0.0 255.255.254.0
object network netAttFTO
subnet 10.2.32.0 255.255.224.0
object network hostSPNet116
host xxxx
object network hostSPTestAPNet49
host 172.26.132.49
object network hosCorpMgmt
host 172.22.1.35
object network hosDevSMSWeb
host 172.22.3.102
object network vlan150
subnet 172.26.50.0 255.255.255.0
object network host-shark
host 172.26.9.31
object network hostINTDev803-41
host 172.26.103.41
object network hostINTDev803-42
host 172.26.103.42
object network hostINTDev803-43
host 172.26.103.43
object network hostINTDev803-44
host 172.26.103.44
object network hostINTDev803-45
host 172.26.103.45
object network hostINTDev803-46
host 172.26.103.46
object network hostINTDev803-47
host 172.26.103.47
object network hostINTDev803-48
host 172.26.103.48
object network vlan111
subnet 172.26.11.0 255.255.255.0
object network vlan801
subnet 172.26.101.0 255.255.255.0
object network vlan803
subnet 172.26.103.0 255.255.255.0
object network vlan307
subnet 172.30.7.0 255.255.255.0
object network hostNagmon
host 172.26.1.101
object network hostSMS121
host 172.30.7.121
object network hostSMS110
host 172.30.7.110
object network ednwavlds01
host 172.30.1.127
object network REMOTE_NET
subnet 100.0.16.0 255.255.240.0
object network hostINTDev803-100
host 172.26.103.100
description Integration
object network hostINTDev803-106
host 172.26.103.106
description Integration
object network hostINTDev803-105
host 172.26.103.105
description Kitchen AP
object network netJSPmob
subnet 10.179.32.0 255.255.224.0
object network 172.26.232.0_28
subnet 172.26.232.0 255.255.255.240
object network grebox
host 192.168.3.10
description Prod grebox
object network hostLog111
host 172.26.1.111
object network hostLog112
host 172.26.1.112
object network test1
subnet 10.179.32.0 255.255.224.0
object network test2
host 172.26.1.58
object network test3
host 172.26.1.59
object network grebox.test
host 192.158.3.5
description Test GREBOX (original NC implementation)
object network vlan840
subnet 172.26.200.0 255.255.255.0
object network BangkokLTI
subnet 10.179.192.0 255.255.192.0
description Bangkok LTI
object network CWD_PROD
subnet 172.26.200.0 255.255.255.0
description Production Systems
object network proddb1
host 172.26.1.81
description SQL Server DB
object network spnnoc1
host 172.26.1.102
description NOC management host
object network custnet
subnet 10.180.0.0 255.252.0.0
description xxxx
object network custnetWAPA
subnet 10.178.0.0 255.255.0.0
description Engineering
object network custnet
subnet 10.128.224.0 255.255.224.0
description xxxx
object network custnet_LAB
subnet 10.215.128.0 255.255.192.0
description  Lab Environment
object network host-JMI-115
host 172.30.1.115
object network host-JMI-121
host 172.30.1.121
object network host-db-assetmgr
host 172.26.1.81
object network host-db-manufacturingmgr
host 172.26.1.56
object network host-healthmetrics-254
host 172.26.1.254
object network BoulderTest
subnet 192.168.10.0 255.255.255.0
object-group protocol DM_INLINE_PROTOCOL_2
protocol-object udp
protocol-object tcp
object-group protocol DM_INLINE_PROTOCOL_3
protocol-object udp
protocol-object tcp
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
object-group protocol DM_INLINE_PROTOCOL_4
protocol-object udp
protocol-object tcp
object-group protocol DM_INLINE_PROTOCOL_5
protocol-object udp
protocol-object tcp
object-group service DM_INLINE_TCP_2 tcp
port-object eq ftp
port-object eq ftp-data
object-group protocol DM_INLINE_PROTOCOL_6
protocol-object udp
protocol-object tcp
object-group protocol DM_INLINE_PROTOCOL_7
protocol-object udp
protocol-object tcp
object-group protocol DM_INLINE_PROTOCOL_1
protocol-object udp
protocol-object tcp
object-group network hostSMS
network-object object hostSMS18
network-object object hostSMS57
network-object object hostSMS58
network-object object hostSMS59
network-object object hostSMS60
network-object object hostSMS86
network-object object proddb1
network-object object spnnoc1
object-group network netJMEDN
network-object object netJMvlan301
network-object object netJMvlan350
object-group network DM_INLINE_NETWORK_1
network-object object hostJMICorpMgmt
network-object object hostJMIDevSMSWeb
network-object object hostZainTestHost
network-object object netAttMobility1
network-object object netAttFTO
group-object netJMEDN
network-object object netTMOBGen
network-object object netTMOBUK1
network-object object netTMOBUK2
network-object object netTMOBUS
network-object object netZain
network-object object netZain
network-object object netJSPmob
network-object object host-JMI-115
network-object object host-JMI-121
object-group network netJMNPN
network-object object netJMvlan307
object-group network DM_INLINE_NETWORK_2
group-object hostSMS
group-object netJMEDN
group-object netJMNPN
object-group network DM_INLINE_NETWORK_11
network-object object hostZainTestHost
network-object object netZain
object-group service DM_INLINE_TCP_3 tcp
port-object eq 8080
port-object eq 83
object-group network hostINTDev803
network-object object hostINTDev803-41
network-object object hostINTDev803-42
network-object object hostINTDev803-43
network-object object hostINTDev803-44
network-object object hostINTDev803-45
network-object object hostINTDev803-47
network-object object hostINTDev803-48
network-object object hostINTDev803-100
network-object object hostINTDev803-106
network-object object hostINTDev803-105
network-object object hostINTDev803-46
object-group network DM_INLINE_NETWORK_7
network-object object vlan812
network-object object vlan111
object-group network DM_INLINE_NETWORK_8
group-object hostSMS
group-object netJMEDN
group-object netJMNPN
object-group network hostNOCPCs
network-object object hostNOC1
network-object object hostNOC2
network-object object hostNOC3
network-object object hostNOC4
object-group network netCWD
network-object object vlan840
object-group network Units
description Engineering Demos
network-object object xxxx
network-object object custne
network-object object custn
network-object object custnet_LAB
object-group network DM_INLINE_NETWORK_9
group-object hostSMS
network-object object netAttMobility1
network-object object netTMOBGen
network-object object netTMOBUK1
network-object object netTMOBUK2
network-object object netTMOBUS
network-object object vlan816
network-object object netZain
network-object object host-TEST-AP
network-object object netZain
network-object object netAttFTO
group-object hostNOCPCs
network-object object hostZain TestHost
group-object hostINTDev803
network-object object vlan812
network-object object hostNagmon
network-object object vlan307
network-object object vlan811
network-object object BangkokLTI
network-object object CWD_PROD
group-object netCWD
group-object Units
object-group network DM_INLINE_NETWORK_10
network-object object vlan167
object-group service DM_INLINE_TCP_4 tcp
port-object eq 8443
port-object eq ssh
object-group network DM_INLINE_NETWORK_4
group-object hostSMS
group-object netJMEDN
group-object netJMNPN
object-group network DM_INLINE_NETWORK_6
network-object object netTMOBUK1
network-object object netTMOBUK2
object-group network DM_INLINE_NETWORK_3
network-object object hostZainTestHost
network-object object netAttMobility1
network-object object netAttFTO
group-object netJMEDN
network-object object netTMOBGen
network-object object netTMOBUK1
network-object object netTMOBUK2
network-object object netTMOBUS
network-object object netZainx
network-object object netZainx
network-object object netJSPmob
network-object object grebox
object-group network DM_INLINE_NETWORK_14
group-object netJMNPN
network-object object netJMvlan301
network-object object netJMvlan350
network-object object hostSMS57
network-object object hostSMS58
network-object object hostSMS59
network-object object hostSMS60
object-group network DM_INLINE_NETWORK_15
network-object object hostSMS57
network-object object hostSMS58
network-object object hostSMS59
network-object object hostSMS60
network-object object netJMvlan301
network-object object netJMvlan307
network-object object netJMvlan350
object-group network DM_INLINE_NETWORK_17
network-object object netAttMobility1
network-object object netAttFTO
object-group network DM_INLINE_NETWORK_12
group-object hostSMS
network-object object vlan307
network-object object hostNagmon
network-object object netJSPmob
network-object object host-db-assetmgr
network-object object hostINTDev803-46
network-object object host-healthmetrics-254
object-group network DM_INLINE_NETWORK_13
network-object object test2
network-object object test3
object-group network hostLOGs
network-object object hostPetraLog111
network-object object hostPetraLog112
object-group network DM_INLINE_NETWORK_5
network-object object test2
network-object object test3
object-group network DM_INLINE_NETWORK_18
network-object object grebox
network-object object grebox.test
object-group network DM_INLINE_NETWORK_19
group-object hostSMS
group-object netJMEDN
group-object netJMNPN
object-group network DM_INLINE_NETWORK_20
network-object object netTMOBUK1
network-object object netTMOBUK2
object-group network DM_INLINE_NETWORK_21
group-object hostSMS
group-object netJMEDN
group-object netJMNPN
object-group network DM_INLINE_NETWORK_22
network-object object CWD_PROD
group-object Units
network-object object grebox
access-list vlan111_access_in extended permit icmp object vlan811 any4 inactive
access-list vlan111_access_in extended permit ip object vlan811 any4 inactive
access-list vlan111_access_in extended permit ip object vlan811 object vlan812 inactive
access-list vlan112_access_in extended permit icmp object vlan812 any4 inactive
access-list vlan112_access_in extended permit ip object vlan812 any4 inactive
access-list vlan112_access_in extended permit ip object vlan812 object vlan811 inactive
access-list inside168_access_in extended permit icmp object vlan167 any4 inactive
access-list inside168_access_in extended permit tcp object vlan167 any4 eq ftp inactive
access-list inside_access_out extended permit ip 172.26.232.0 255.255.255.240 10.179.32.0 255.255.224.0 inactive
access-list inside_access_out extended permit udp any4 any4 eq ntp
access-list inside_access_out extended permit udp any4 any4 eq domain
access-list inside_access_out extended deny udp any4 any4 eq 135
access-list inside_access_out extended deny udp any4 any4 eq 139
access-list inside_access_out extended deny tcp any4 any4 eq 135 log errors
access-list inside_access_out extended deny tcp any4 any4 eq 137
access-list inside_access_out extended deny tcp any4 any4 eq 138
access-list inside_access_out extended deny tcp any4 any4 eq netbios-ssn
access-list inside_access_out extended deny tcp any4 any4 eq 445
access-list inside_access_out extended deny tcp any4 any4 eq 593
access-list inside_access_out extended deny tcp any4 any4 eq 4444
access-list inside_access_out extended deny udp any4 any4 eq tftp
access-list inside_access_out extended deny udp any4 any4 eq netbios-ns log errors
access-list inside_access_out extended deny udp any4 any4 eq netbios-dgm
access-list outside_cryptomap extended permit ip any object-group DM_INLINE_NETWORK_17
access-list split-tunnel remark ATT Demo Network
access-list split-tunnel standard permit 10.2.32.0 255.255.224.0
access-list outside_cryptomap_4 extended permit ip object-group DM_INLINE_NETWORK_8 object netTMOBUS
access-list outside_cryptomap_5 extended permit ip object-group DM_INLINE_NETWORK_4 object-group DM_INLINE_NETWORK_6
access-list outside_cryptomap_2 extended permit ip object-group DM_INLINE_NETWORK_2 object netTMOBGen
access-list outside_cryptomap_6 extended permit ip object-group DM_INLINE_NETWORK_9 object-group netJMEDN
access-list outside_cryptomap_7 extended permit ip object-group DM_INLINE_NETWORK_14 object netZain 
access-list outside_cryptomap_8 extended permit ip object-group DM_INLINE_NETWORK_15 object-group DM_INLINE_NETWORK_11
access-list outside_cryptomap_9 extended permit ip object hostSPTestAPNet49 object hostSPNet116
access-list outside_cryptomap_11 extended permit ip object-group DM_INLINE_NETWORK_3 object-group DM_INLINE_NETWORK_7
access-list outside_cryptomap_1 extended permit ip object-group DM_INLINE_NETWORK_1 object-group DM_INLINE_NETWORK_12
access-list split-for-FTO extended permit ip any object netAttFTO
access-list outside_cryptomap_10 extended permit ip object-group DM_INLINE_NETWORK_19 object-group DM_INLINE_NETWORK_20
access-list outside_cryptomap_12 extended permit ip object-group DM_INLINE_NETWORK_21 object netTMOBUS
access-list outside_cryptomap_13 extended permit ip object-group netJMEDN object-group DM_INLINE_NETWORK_22
access-list outside_cryptomap_3 extended permit ip any object xxxx
access-list outside_cryptomap_14 extended permit ip any object xxxx
pager lines 24
logging enable
logging timestamp
logging standby
logging emblem
logging buffer-size 32767
logging asdm-buffer-size 500
logging monitor debugging
logging trap debugging
logging asdm debugging

logging queue 8192
logging debug-trace
logging permit-hostdown
mtu outside 1500
mtu inside 1500
mtu management 1500
ip verify reverse-path interface outside
ip verify reverse-path interface inside
failover
failover lan unit secondary
failover lan interface folink GigabitEthernet0/3
failover key *****
failover interface ip folink 10.1.1.1 255.255.255.0 standby 10.1.1.2
no monitor-interface management
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-713.bin
asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (outside,outside) source static xxxx xxxx no-proxy-arp route-lookup
nat (outside,outside) source static test1 test1 destination static DM_INLINE_NETWORK_5 DM_INLINE_NETWORK_5 no-proxy-arp route-lookup
nat (inside,outside) source static 172.26.232.0_28 172.26.232.0_28 destination static netJSPmob netJSPmob no-proxy-arp route-lookup inactive
nat (outside,outside) source static netJMEDN netJMEDN destination static netJSPmob netJSPmob no-proxy-arp route-lookup
nat (outside,outside) source static DM_INLINE_NETWORK_18 DM_INLINE_NETWORK_18 destination static DM_INLINE_NETWORK_13 DM_INLINE_NETWORK_13 no-proxy-arp route-lookup
!
object network obj_any
nat (inside,outside) dynamic interface
access-group inside_access_out in interface inside
route outside 0.0.0.0 0.0.0.0 xxxx 1
route inside 172.26.65.0 255.255.255.0 172.26.232.1 1
route inside 172.26.211.0 255.255.255.0 172.26.232.1 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy

no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transport
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec security-association lifetime seconds 86400
crypto ipsec security-association lifetime kilobytes unlimited
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES AES192 AES256
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set security-association lifetime seconds 86400
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set reverse-route
crypto map outside_map 1 match address outside_cryptomap
crypto map outside_map 1 set pfs
crypto map outside_map 1 set peer xxxx
crypto map outside_map 1 set ikev1 transform-set ESP-AES-256-MD5
crypto map outside_map 1 set security-association lifetime seconds 86400
crypto map outside_map 1 set security-association lifetime kilobytes unlimited
crypto map outside_map 2 match address outside_cryptomap_1
crypto map outside_map 2 set pfs
crypto map outside_map 2 set peer xxxx
crypto map outside_map 2 set ikev1 transform-set ESP-AES-256-MD5
crypto map outside_map 2 set security-association lifetime seconds 86400
crypto map outside_map 3 match address outside_cryptomap_2
crypto map outside_map 3 set pfs
crypto map outside_map 3 set peer xxxx
crypto map outside_map 3 set ikev1 transform-set ESP-3DES-SHA
crypto map outside_map 3 set security-association lifetime seconds 86400
crypto map outside_map 4 match address outside_cryptomap_14
crypto map outside_map 4 set peer xxxx
crypto map outside_map 4 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 4 set ikev2 ipsec-proposal AES AES192 AES256 3DES DES
crypto map outside_map 5 match address outside_cryptomap_4
crypto map outside_map 5 set pfs
crypto map outside_map 5 set peer xxxx 
crypto map outside_map 5 set ikev1 transform-set ESP-3DES-SHA
crypto map outside_map 5 set security-association lifetime seconds 86400
crypto map outside_map 6 match address outside_cryptomap_5
crypto map outside_map 6 set pfs group1
crypto map outside_map 6 set peer xxxx
crypto map outside_map 6 set ikev1 transform-set ESP-3DES-MD5
crypto map outside_map 7 match address outside_cryptomap_6
crypto map outside_map 7 set pfs
crypto map outside_map 7 set peer xxxx
crypto map outside_map 7 set ikev1 transform-set ESP-AES-256-MD5
crypto map outside_map 8 match address outside_cryptomap_7
crypto map outside_map 8 set pfs
crypto map outside_map 8 set peer xxxx
crypto map outside_map 8 set ikev1 transform-set ESP-AES-256-MD5
crypto map outside_map 8 set security-association lifetime seconds 86400
crypto map outside_map 9 match address outside_cryptomap_8
crypto map outside_map 9 set pfs
crypto map outside_map 9 set peer xxxx
crypto map outside_map 9 set ikev1 transform-set ESP-AES-256-MD5
crypto map outside_map 10 match address outside_cryptomap_9
crypto map outside_map 10 set pfs
crypto map outside_map 10 set peer xxxxx
crypto map outside_map 10 set ikev1 transform-set ESP-AES-256-SHA
crypto map outside_map 10 set security-association lifetime seconds 86400
crypto map outside_map 10 set nat-t-disable
crypto map outside_map 11 match address outside_cryptomap_10
crypto map outside_map 11 set pfs
crypto map outside_map 11 set peer xxxx
crypto map outside_map 11 set ikev1 transform-set ESP-3DES-MD5
crypto map outside_map 11 set ikev2 ipsec-proposal AES AES192 AES256 3DES DES
crypto map outside_map 12 match address outside_cryptomap_11
crypto map outside_map 12 set pfs
crypto map outside_map 12 set peer xxxx
crypto map outside_map 12 set ikev1 transform-set ESP-AES-256-MD5
crypto map outside_map 12 set security-association lifetime seconds 86400
crypto map outside_map 12 set security-association lifetime kilobytes unlimited
crypto map outside_map 13 match address outside_cryptomap_12
crypto map outside_map 13 set peer 207.189.176.97
crypto map outside_map 13 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 14 match address outside_cryptomap_13
crypto map outside_map 14 set peer xxxx
crypto map outside_map 14 set ikev1 transform-set ESP-AES-256-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto ca trustpool policy
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable outside
crypto ikev1 enable outside
crypto ikev1 policy 60
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime none
crypto ikev1 policy 90
authentication pre-share
encryption des
hash sha
group 2
lifetime none
crypto ikev1 policy 120
authentication pre-share
encryption 3des
hash sha
group 2
lifetime none
crypto ikev1 policy 150
authentication pre-share
encryption 3des
hash md5
group 2
lifetime none
telnet xxxx 255.255.255.255 outside
telnet 174.128.18.100 255.255.255.255 outside
telnet 172.26.232.0 255.255.255.240 inside
telnet timeout 5
ssh xxx 255.255.255.255 outside
ssh 172.26.1.0 255.255.255.0 inside
ssh timeout 5
ssh key-exchange group dh-group14-sha1
console timeout 0
management-access outside
no vpn-addr-assign aaa
no vpn-addr-assign dhcp
vpn-addr-assign local reuse-delay 30
no ipv6-vpn-addr-assign aaa
no ipv6-vpn-addr-assign local
threat-detection basic-threat
threat-detection statistics host
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp authenticate
ntp server xxx source outside
group-policy DemoFTO internal
group-policy DemoFTO attributes
banner value Welcome to Petra Demo FTO
dns-server value 8.8.8.8 8.8.4.4
vpn-tunnel-protocol ikev1
split-tunnel-policy tunnelspecified
split-tunnel-network-list value split-tunnel
address-pools value FTO
group-policy DfltGrpPolicy attributes
vpn-tunnel-protocol ikev2 ssl-clientless
group-policy GroupPolicy1 internal
group-policy GroupPolicy1 attributes
vpn-tunnel-protocol ikev1
group-policy GroupPolicy_xxx internal
group-policy GroupPolicy_xxxx attributes
vpn-filter none
vpn-tunnel-protocol ikev1 ikev2
group-policy vpnGrpPolicy internal
group-policy vpnGrpPolicy attributes
banner value Welcome to the Petra Solar VPN
wins-server value 172.26.1.28 172.26.1.29
dns-server value 172.26.1.28 172.26.1.29
dhcp-network-scope 172.26.2.0
vpn-idle-timeout none
vpn-tunnel-protocol ssl-client
split-tunnel-policy tunnelspecified
split-tunnel-network-list value split-tunnel
default-domain value 
group-policy sts internal
group-policy sts attributes
vpn-idle-timeout none
vpn-tunnel-protocol ikev1
group-policy stsATT internal
group-policy stsATT attributes
vpn-idle-timeout none
vpn-tunnel-protocol ikev1
group-policy stsSPNet internal
group-policy stsSPNet attributes
vpn-idle-timeout none
vpn-tunnel-protocol ikev1
group-policy stsCWD internal
group-policy stsCWD attributes
vpn-tunnel-protocol ikev1
group-policy sts internal
group-policy sts attributes
vpn-idle-timeout none
vpn-tunnel-protocol ikev1
group-policy stsi internal
group-policy sts attributes
vpn-idle-timeout none
vpn-tunnel-protocol ikev1
group-policy stsSPN internal
group-policy stsSPN attributes
vpn-idle-timeout none
vpn-tunnel-protocol ikev1
group-policy sts internal
group-policy sts attributes
vpn-idle-timeout none
vpn-tunnel-protocol ikev1
group-policy stsJMIEDN internal
group-policy stsJMIEDN attributes
vpn-idle-timeout none
vpn-tunnel-protocol ikev1
group-policy stsZain internal
group-policy stsZain attributes
vpn-idle-timeout none
vpn-tunnel-protocol ikev1
group-policy st internal
group-policy st attributes
vpn-idle-timeout none
vpn-tunnel-protocol ikev1
username password RsR7pzqrIbiI8.es encrypted
username  attributes
service-type remote-access
username  password 0O948aBbVCYJ.Qos encrypted privilege 15
username  attributes
service-type admin
username  password iyrQfZEArQqySw1v encrypted
tunnel-group DefaultL2LGroup ipsec-attributes
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
tunnel-group 209.183.33.233 type ipsec-l2l
tunnel-group xxxx general-attributes
default-group-policy stsATT
tunnel-group xxxx ipsec-attributes
ikev1 pre-shared-key *****
isakmp keepalive threshold 60 retry 5
tunnel-group VPN type remote-access
tunnel-group VPN general-attributes
authentication-server-group (inside) VPN
authorization-server-group VPN
default-group-policy vpnGrpPolicy
dhcp-server 192.168.168.19
tunnel-group VPN webvpn-attributes
group-alias VPN enable
tunnel-group VPN ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group xxxx type ipsec-l2l
tunnel-group xxxx general-attributes
default-group-policy stsTMobileDallas
tunnel-group xxxx ipsec-attributes
ikev1 pre-shared-key *****
isakmp keepalive threshold 60 retry 5
tunnel-group xxxx type ipsec-l2l
tunnel-group xxxx general-attributes
default-group-policy stsTMobileCincinnati
tunnel-group xxxx ipsec-attributes
ikev1 pre-shared-key *****
isakmp keepalive threshold 60 retry 5
tunnel-group xxxx type ipsec-l2l
tunnel-group xxxx general-attributes
default-group-policy stsTMobileGen
tunnel-group xxxxx ipsec-attributes
ikev1 pre-shared-key *****
isakmp keepalive threshold 60 retry 10
tunnel-group xxx type ipsec-l2l
tunnel-group xxx general-attributes
default-group-policy stsJMIEDN
tunnel-group xxxx ipsec-attributes
ikev1 pre-shared-key *****
isakmp keepalive threshold 60 retry 10
tunnel-group xxxx type ipsec-l2l
tunnel-group xxxx general-attributes
default-group-policy stsZain
tunnel-group xxxx ipsec-attributes
ikev1 pre-shared-key *****
isakmp keepalive threshold 60 retry 5
tunnel-group xxxx type ipsec-l2l
tunnel-group xxxx general-attributes
default-group-policy stsSPNet
tunnel-group xxxx ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group xxxx type ipsec-l2l
tunnel-group xxxx general-attributes
default-group-policy xxx
tunnel-group xxxx ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group xxxx type ipsec-l2l
tunnel-group xxxx general-attributes
default-group-policy stsSPN
tunnel-group xxxx ipsec-attributes
ikev1 pre-shared-key *****
isakmp keepalive threshold 60 retry 2
tunnel-group xxxx type ipsec-l2l
tunnel-group xxxx4 general-attributes
default-group-policy stsxxxx
tunnel-group xxxx ipsec-attributes
ikev1 pre-shared-key *****
isakmp keepalive threshold 60 retry 10
tunnel-group DemoFTO type remote-access
tunnel-group DemoFTO general-attributes
address-pool FTO
authentication-server-group (inside) LOCAL
default-group-policy DemoFTO
tunnel-group DemoFTO ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group xxxx type ipsec-l2l
tunnel-group xxxx general-attributes
default-group-policy stsCWD
tunnel-group xxxx ipsec-attributes
ikev1 pre-shared-key *****
isakmp keepalive threshold 60 retry 2
tunnel-group xxxx type ipsec-l2l
tunnel-group xxxx general-attributes
default-group-policy stsTMobileUK
tunnel-group xxxx ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group xxxx type ipsec-l2l
tunnel-group xxxx general-attributes
default-group-policy GroupPolicy1
tunnel-group xxxx ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group xxxx type ipsec-l2l
tunnel-group xxxx general-attributes
default-group-policy GroupPolicy_xxxx
tunnel-group xxxx ipsec-attributes
ikev1 pre-shared-key *****
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
class class-default
user-statistics accounting
!
service-policy global_policy global
smtp-server xxxx
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:c8ee961d3faa13d93df6998e80f0e250
: end

0 Helpful

Go to solution
Jaderson Pessoa
VIP Alumni
VIP Alumni
In response to bored28

‎02-22-2019 04:14 AM

Dear bored28,

Please, confirm for me, this crypto maps are configurations to perform your tunnel A and B?

CONFIG ON SIDE A

crypto map outside_map 1 match address outside_cryptomap
crypto map outside_map 1 set peer 8.12.246.122
crypto map outside_map 1 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 1 set ikev2 ipsec-proposal DES 3DES AES AES192 AES256
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside

 

access-list outside_cryptomap extended permit ip object NETWORK_OBJ_192.168.10.0_24 any

object network NETWORK_OBJ_192.168.10.0_24
subnet 192.168.10.0 255.255.255.0

 

CONFIG ON SIDE B

crypto map outside_map 14 match address outside_cryptomap_13
crypto map outside_map 14 set peer 69.27.238.6
crypto map outside_map 14 set ikev1 transform-set ESP-AES-256-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside

 

 

access-list outside_cryptomap_13 extended permit ip object-group netJMEDN object-group

 

there aren't no networks advertise on this object group. netJMEDN

Jaderson Pessoa
*** Rate All Helpful Responses ***

Go to solution
bored28
Level 1
Level 1
In response to Jaderson Pessoa

‎02-21-2019 07:22 PM

Thank you in advance for any help. 

0 Helpful

Go to solution
Jaderson Pessoa
VIP Alumni
VIP Alumni
In response to bored28

‎03-19-2019 05:29 AM - edited ‎03-19-2019 05:29 AM

@bored28 , Do your problem was solved?

 

Regards,

Jaderson Pessoa
*** Rate All Helpful Responses ***
0 Helpful
Customers Also Viewed These Support Documents