cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1740
Views
5
Helpful
1
Replies

Site-to-Site VPN Troubles

WestlakeIT
Level 1
Level 1

I'm trying to set up a site-to-site VPN between an ASA 5515 on 9.1(1) and an ASA 5505 on 9.2(4).  I'm currently using ASDM to access and manage both devices.

 

Using the VPN wizard I was able to get the VPN up and working once, but I was unable to ping through the VPN, though both routers said they were connnected.  I deleted the VPN thinking I may have configured it wrong and went to do it again.  When I clicked "Finished" on the VPN wizard for the remote ASA, it threw an error "no split-tunnel-all-dns command failed," I tried rebooting without saving the configuration and when I tried to set up the VPN again, I got the same error again.  It stopped throwing the error after that, but now I can't even get the routers to connect the VPN at all.  I know the IP addressing is correct, I have changed nothing else in the setup, and I know the preshared keys are matching.  I looked through the config file but I'm not seeing what the issue is myself.

We are trying to connect the "OUTSIDE1" interface from the local ASA (the 64.xxx.xxx.xxx address) to the "outside" interface on the remote ASA (the 12.xxx.xxx.xxx address).

Here is the current running-config of the local ASA (the 5515)

Cryptochecksum: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
: Saved
: Written by netadmin at 16:34:42.462 PDT Thu Sep 9 2021
!
ASA Version 9.1(1)
!
hostname XX-XXXX
enable password XXXXXXXXXXXXXX encrypted
xlate per-session permit tcp any4 any4 eq ftp
passwd XXXXXXXXXXXX encrypted
multicast-routing
names
ip local pool VPNPOOL 10.xxx.xxx.xxx-10.xxx.xxx.xxx
!
interface GigabitEthernet0/0
speed 100
duplex full
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/0.50
vlan 50
nameif OUTSIDE
security-level 0
ip address xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
!
interface GigabitEthernet0/1
nameif DMZ1
security-level 50
ip address xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
!
interface GigabitEthernet0/2
nameif CUSTOMER
security-level 100
ip address 192.168.xxx.xxx 255.255.xxx.xxx
!
interface GigabitEthernet0/3
nameif OUTSIDE1
security-level 0
ip address 64.xxx.xxx.xxx 255.xxx.xxx.xxx
!
interface GigabitEthernet0/4
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/4.171
vlan 171
nameif UC
security-level 100
ip address xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
!
interface GigabitEthernet0/4.172
vlan 172
nameif VOIP
security-level 100
ip address xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
!
interface GigabitEthernet0/4.190
description Guest Wi-Fi VLAN Network
vlan 190
nameif GUEST
security-level 49
ip address xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
!
interface GigabitEthernet0/5
nameif DMZ
security-level 0
ip address xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
!
interface Management0/0
management-only
nameif management
security-level 100
ip address xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
!
pim rp-address xxx.xxx.xxx.xxx
banner login ===================================================================
banner login WESTLAKE PRODUCE COMPANY
banner login ===================================================================
banner login Authorized Access only.
banner login This system is the property of WESTLAKE PRODUCE COMPANY.
banner login UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED.
banner login You must have explicit permission to access this device.
banner login All activities performed on this device are logged.
banner login Any violations of access policy will result in disciplinary action.
banner login ===================================================================
banner motd ===================================================================
banner motd WESTLAKE PRODUCE COMPANY
banner motd ===================================================================
banner motd Authorized Access only.
banner motd This system is the property of WESTLAKE PRODUCE COMPANY.
banner motd UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED.
banner motd You must have explicit permission to access this device.
banner motd All activities performed on this device are logged.
banner motd Any violations of access policy will result in disciplinary action.
banner motd ===================================================================
boot system disk0:/asa911-smp-k8.bin
ftp mode passive
clock timezone PST -8
clock summer-time PDT recurring
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network OBJ-ANY
subnet 0.0.0.0 0.0.0.0
object network OBJ-CUSTOMER
subnet 192.168.xxx.xxx 255.255.xxx.xxx
object network H-192.168.xxx.xxx-T587
host 192.168.xxx.xxx
object network H-192.168.xxx.xxx-T25
host 192.168.xxx.xxx
object network H-192.168.xxx.xxx-T110
host 192.168.xxx.xxx
object network H-192.168.xxx.xxx-T443
host 192.168.xxx.xxx
object network H-192.168.xxx.xxx-T8080
host 192.168.xxx.xxx
object network H-192.168.xxx.xxx-T8000
host 192.168.xxx.xxx
object network H-192.168.xxx.xxx-T8001
host 192.168.xxx.xxx
object network H-192.168.xxx.xxx-T8002
host 192.168.xxx.xxx
object network H-192.168.xxx.xxx-T8003
host 192.168.xxx.xxx
object network H-192.168.xxx.xxx-T8004
host 192.168.xxx.xxx
object network H-192.168.xxx.xxx-T3389
host 192.168.xxx.xxx
object network H-192.168.xxx.xxx-T5631
host 192.168.xxx.xxx
object network H-192.168.xxx.xxx-U5632
host 192.168.xxx.xxx
object network H-192.168.xxx.xxx-T5678
host 192.168.xxx.xxx
object network H-192.168.xxx.xxx-T1723
host 192.168.xxx.xxx
object network H-192.168.xxx.xxx-T2512
host 192.168.xxx.xxx
object network H-192.168.xxx.xxx-T2513
host 192.168.xxx.xxx
object network H-192.168.xxx.xxx-U1494
host 192.168.xxx.xxx
object network H-192.168.xxx.xxx-T1494
host 192.168.xxx.xxx
object network H-192.168.xxx.xxx-T1604
host 192.168.xxx.xxx
object network H-192.168.xxx.xxx-T2598
host 192.168.xxx.xxx
object network H-192.168.xxx.xxx-U2598
host 192.168.xxx.xxx
object network H-192.168.xxx.xxx-T81
host 192.168.xxx.xxx
object network H-192.168.xxx.xxx-T80
host 192.168.xxx.xxx
object network H-192.168.xxx.xxx-U81
host 192.168.xxx.xxx
object network H-192.168.xxx.xxx-U1604
host 192.168.xxx.xxx
object network OBJ-LOCAL
subnet 192.168.xxx.xxx 255.255.xxx.xxx
object network OBJ-REMOTE
subnet 192.168.xxx.xxx 255.255.xxx.xxx
object network H-192.168.xxx.xxx-T22
host 192.168.xxx.xxx
object network OBJ-VPNLOCAL
subnet 192.168.xxx.xxx 255.255.xxx.xxx
object network OBJ-VPNPOOL
subnet 10.xxx.xxx.xxx 255.xxx.xxx.xxx
object network TEMP-LOCAL
subnet 192.168.xxx.xxx 255.255.xxx.xxx
object network TEMP-POOL10
subnet 192.168.xxx.xxx 255.255.xxx.xxx
object network TEMP-POOL20
subnet 192.168.xxx.xxx 255.255.xxx.xxx
object network OBJ-CUSTOMER-01
subnet 192.168.xxx.xxx 255.255.xxx.xxx
object network H1-192.168.xxx.xxx-T587
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-T25
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-T110
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-T443
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-T8080
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-T8000
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-T8001
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-T8002
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-T8003
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-T8004
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-T3389
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-T5631
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-U5632
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-T5678
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-T1723
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-T2512
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-T2513
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-U1494
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-T1494
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-T1604
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-T2598
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-U2598
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-T81
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-T80
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-U81
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-U1604
host 192.168.xxx.xxx
object network H-192.168.xxx.xxx-T64433
host 192.168.xxx.xxx
object network H-192.168.xxx.xxx-T20
host 192.168.xxx.xxx
object network H-192.168.xxx.xxx-T21
host 192.168.xxx.xxx
object network H-192.168.xxx.xxx-T50000
host 192.168.xxx.xxx
object network OBJ-FTP
host 192.168.xxx.xxx
object service PASSIVEFTP
service tcp destination range 50000 55000
object network H-192.168.xxx.xxx-T50001
host 192.168.xxx.xxx
object network H-192.168.xxx.xxx-T50002
host 192.168.xxx.xxx
object network H-192.168.xxx.xxx-T50003
host 192.168.xxx.xxx
object network H-192.168.xxx.xxx-T50004
host 192.168.xxx.xxx
object network H-192.168.xxx.xxx-T50005
host 192.168.xxx.xxx
object network H-192.168.xxx.xxx-T50006
host 192.168.xxx.xxx
object network H-192.168.xxx.xxx-T50007
host 192.168.xxx.xxx
object network H-192.168.xxx.xxx-T50008
host 192.168.xxx.xxx
object network H-192.168.xxx.xxx-T50009
host 192.168.xxx.xxx
object network H-192.168.xxx.xxx-T50010
host 192.168.xxx.xxx
object network H-192.168.xxx.xxx-T50011
host 192.168.xxx.xxx
object network H-192.168.xxx.xxx-T50012
host 192.168.xxx.xxx
object network H-192.168.xxx.xxx-T50013
host 192.168.xxx.xxx
object network H-192.168.xxx.xxx-T50014
host 192.168.xxx.xxx
object network H-192.168.xxx.xxx-T50015
host 192.168.xxx.xxx
object network H-192.168.xxx.xxx-T50016
host 192.168.xxx.xxx
object network H-192.168.xxx.xxx-T50017
host 192.168.xxx.xxx
object network H-192.168.xxx.xxx-T50018
host 192.168.xxx.xxx
object network H-192.168.xxx.xxx-T50019
host 192.168.xxx.xxx
object network H-192.168.xxx.xxx-T50020
host 192.168.xxx.xxx
object network H-192.168.xxx.xxx-T50021
host 192.168.xxx.xxx
object network H-192.168.xxx.xxx-T50022
host 192.168.xxx.xxx
object network H-192.168.xxx.xxx-T50023
host 192.168.xxx.xxx
object network H-192.168.xxx.xxx-T50024
host 192.168.xxx.xxx
object network H-192.168.xxx.xxx-T50025
host 192.168.xxx.xxx
object network H-192.168.xxx.xxx-T50026
host 192.168.xxx.xxx
object network H-192.168.xxx.xxx-T50027
host 192.168.xxx.xxx
object network H-192.168.xxx.xxx-T50028
host 192.168.xxx.xxx
object network H-192.168.xxx.xxx-T50029
host 192.168.xxx.xxx
object network H-192.168.xxx.xxx-T50030
host 192.168.xxx.xxx
object network H-192.168.xxx.xxx-T50031
host 192.168.xxx.xxx
object network H-192.168.xxx.xxx-T50032
host 192.168.xxx.xxx
object network H-192.168.xxx.xxx-T50033
host 192.168.xxx.xxx
object network H-192.168.xxx.xxx-T50034
host 192.168.xxx.xxx
object network H-192.168.xxx.xxx-T50035
host 192.168.xxx.xxx
object network H-192.168.xxx.xxx-T50036
host 192.168.xxx.xxx
object network H-192.168.xxx.xxx-T50037
host 192.168.xxx.xxx
object network H-192.168.xxx.xxx-T50038
host 192.168.xxx.xxx
object network H-192.168.xxx.xxx-T50039
host 192.168.xxx.xxx
object network H-192.168.xxx.xxx-T50040
host 192.168.xxx.xxx
object network H-192.168.xxx.xxx-T50041
host 192.168.xxx.xxx
object network H-192.168.xxx.xxx-T50042
host 192.168.xxx.xxx
object network H-192.168.xxx.xxx-T50043
host 192.168.xxx.xxx
object network H-192.168.xxx.xxx-T50044
host 192.168.xxx.xxx
object network H-192.168.xxx.xxx-T50045
host 192.168.xxx.xxx
object network H-192.168.xxx.xxx-T50046
host 192.168.xxx.xxx
object network H-192.168.xxx.xxx-T50047
host 192.168.xxx.xxx
object network H-192.168.xxx.xxx-T50048
host 192.168.xxx.xxx
object network H-192.168.xxx.xxx-T50049
host 192.168.xxx.xxx
object network H-192.168.xxx.xxx-T50050
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-T22
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-T64433
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-T20
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-T21
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-T50000
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-T50001
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-T50002
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-T50003
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-T50004
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-T50005
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-T50006
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-T50007
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-T50008
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-T50009
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-T50010
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-T50011
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-T50012
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-T50013
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-T50014
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-T50015
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-T50016
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-T50017
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-T50018
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-T50019
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-T50020
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-T50021
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-T50022
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-T50023
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-T50024
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-T50025
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-T50026
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-T50027
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-T50028
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-T50029
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-T50030
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-T50031
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-T50032
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-T50033
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-T50034
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-T50035
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-T50036
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-T50037
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-T50038
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-T50039
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-T50040
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-T50041
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-T50042
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-T50043
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-T50044
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-T50045
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-T50046
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-T50047
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-T50048
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-T50049
host 192.168.xxx.xxx
object network H1-192.168.xxx.xxx-T50050
host 192.168.xxx.xxx
object network H-10.xxx.xxx.xxx
host 10.xxx.xxx.xxx
object network H192.168.xxx.xxx
host 192.168.xxx.xxx
object network ParallelsAlt
host 192.168.xxx.xxx
object network NETWORK_OBJ_10.xxx.xxx.xxx_24
subnet 10.xxx.xxx.xxx 255.xxx.xxx.xxx
object network NETWORK_OBJ_192.168.xxx.xxx_24
subnet 192.168.xxx.xxx 255.255.xxx.xxx
object-group service TCP-UCEXPRESS tcp
port-object range sip 5061
port-object eq 8443
port-object eq 5222
port-object eq 5269
port-object eq https
object-group service UDP-UCEXPRESS udp
port-object range sip 5061
port-object range 3478 3483
port-object range 24000 29999
port-object range 36000 59999
object-group network REAL-UCEXPRESS
network-object host 10.xxx.xxx.xxx
object-group network PARALLELS1
network-object host 192.168.xxx.xxx
object-group service TCP-PARALLELS tcp
port-object eq www
port-object eq 20020
port-object eq https
access-list OUTSIDE_IN extended permit tcp any host 192.168.xxx.xxx eq 587
access-list OUTSIDE_IN extended permit tcp any host 192.168.xxx.xxx eq smtp
access-list OUTSIDE_IN extended permit tcp any host 192.168.xxx.xxx eq pop3
access-list OUTSIDE_IN extended permit tcp any host 192.168.xxx.xxx eq https
access-list OUTSIDE_IN extended permit tcp any host 192.168.xxx.xxx eq 8080
access-list OUTSIDE_IN extended permit tcp any host 192.168.xxx.xxx eq www
access-list OUTSIDE_IN extended permit tcp any host 192.168.xxx.xxx eq www
access-list OUTSIDE_IN extended permit tcp any host 192.168.xxx.xxx eq www
access-list OUTSIDE_IN extended permit tcp any host 192.168.xxx.xxx eq www
access-list OUTSIDE_IN extended permit tcp any host 192.168.xxx.xxx eq 3389
access-list OUTSIDE_IN extended permit tcp any host 192.168.xxx.xxx eq pcanywhere-data
access-list OUTSIDE_IN extended permit udp any host 192.168.xxx.xxx eq pcanywhere-status
access-list OUTSIDE_IN extended permit tcp any host 192.168.xxx.xxx eq 5678
access-list OUTSIDE_IN extended permit tcp any host 192.168.xxx.xxx eq pptp
access-list OUTSIDE_IN extended permit tcp any host 192.168.xxx.xxx eq 2512
access-list OUTSIDE_IN extended permit tcp any host 192.168.xxx.xxx eq 2513
access-list OUTSIDE_IN extended permit udp any host 192.168.xxx.xxx eq 1494
access-list OUTSIDE_IN extended permit tcp any host 192.168.xxx.xxx eq citrix-ica
access-list OUTSIDE_IN extended permit udp any host 192.168.xxx.xxx eq 1604
access-list OUTSIDE_IN extended permit tcp any host 192.168.xxx.xxx eq 1604
access-list OUTSIDE_IN extended permit tcp any host 192.168.xxx.xxx eq 2598
access-list OUTSIDE_IN extended permit udp any host 192.168.xxx.xxx eq 2598
access-list OUTSIDE_IN extended permit tcp any host 192.168.xxx.xxx eq 81
access-list OUTSIDE_IN extended permit tcp any host 192.168.xxx.xxx eq www
access-list OUTSIDE_IN extended permit udp any host 192.168.xxx.xxx eq www
access-list OUTSIDE_IN extended permit tcp any host 192.168.xxx.xxx eq 8001
access-list OUTSIDE_IN extended permit tcp any host 192.168.xxx.xxx eq 5222
access-list OUTSIDE_IN extended permit tcp any host 192.168.xxx.xxx eq 5269
access-list OUTSIDE_IN extended permit tcp host 107.xxx.xxx.xxx host 192.168.xxx.xxx eq ftp
access-list OUTSIDE_IN extended permit tcp host 107.xxx.xxx.xxx host 192.168.xxx.xxx eq 64433
access-list OUTSIDE_IN extended permit tcp host 107.xxx.xxx.xxx host 192.168.xxx.xxx eq ftp-data
access-list OUTSIDE_IN extended permit tcp host 107.xxx.xxx.xxx host 192.168.xxx.xxx
access-list OUTSIDE_IN extended permit tcp host 96.xxx.xxx.xxx host 192.168.xxx.xxx eq ftp
access-list OUTSIDE_IN extended permit tcp host 96.xxx.xxx.xxx host 192.168.xxx.xxx eq 64433
access-list OUTSIDE_IN extended permit tcp host 96.xxx.xxx.xxx host 192.168.xxx.xxx eq ftp-data
access-list OUTSIDE_IN extended permit tcp host 96.xxx.xxx.xxx host 192.168.xxx.xxx
access-list OUTSIDE_IN extended permit tcp host 34.xxx.xxx.xxx host 192.168.xxx.xxx eq ftp
access-list OUTSIDE_IN extended permit tcp host 34.xxx.xxx.xxx host 192.168.xxx.xxx eq ftp-data
access-list OUTSIDE_IN extended permit tcp host 34.xxx.xxx.xxx host 192.168.xxx.xxx eq 64433
access-list OUTSIDE_IN extended permit tcp host 34.xxx.xxx.xxx host 192.168.xxx.xxx
access-list SPLITTUNNEL standard permit 192.168.xxx.xxx 255.255.xxx.xxx
access-list SPLITTUNNEL standard permit 192.168.xxx.xxx 255.255.xxx.xxx
access-list SPLITTUNNEL standard permit 192.168.xxx.xxx 255.255.xxx.xxx
access-list SPLITTUNNEL standard permit 192.168.xxx.xxx 255.255.xxx.xxx
access-list SPLITTUNNEL standard permit 172.xxx.xxx.xxx 255.xxx.xxx.xxx
access-list SPLITTUNNEL standard permit 172.xxx.xxx.xxx 255.xxx.xxx.xxx
access-list TEMP-ACL extended permit ip 192.168.xxx.xxx 255.255.xxx.xxx 192.168.xxx.xxx 255.255.xxx.xxx
access-list OUTSIDE1_IN extended permit tcp any host 192.168.xxx.xxx eq 587
access-list OUTSIDE1_IN extended permit tcp any host 192.168.xxx.xxx eq smtp
access-list OUTSIDE1_IN extended permit tcp any host 192.168.xxx.xxx eq pop3
access-list OUTSIDE1_IN extended permit tcp any host 192.168.xxx.xxx eq https
access-list OUTSIDE1_IN extended permit tcp any host 192.168.xxx.xxx eq 8080
access-list OUTSIDE1_IN extended permit tcp any host 192.168.xxx.xxx eq www
access-list OUTSIDE1_IN extended permit tcp any host 192.168.xxx.xxx eq www
access-list OUTSIDE1_IN extended permit tcp any host 192.168.xxx.xxx eq www
access-list OUTSIDE1_IN extended permit tcp any host 192.168.xxx.xxx eq www
access-list OUTSIDE1_IN extended permit tcp any host 192.168.xxx.xxx eq 3389
access-list OUTSIDE1_IN extended permit tcp any host 192.168.xxx.xxx eq pcanywhere-data
access-list OUTSIDE1_IN extended permit udp any host 192.168.xxx.xxx eq pcanywhere-status
access-list OUTSIDE1_IN extended permit tcp any host 192.168.xxx.xxx eq 5678
access-list OUTSIDE1_IN extended permit tcp any host 192.168.xxx.xxx eq pptp
access-list OUTSIDE1_IN extended permit tcp any host 192.168.xxx.xxx eq 2512
access-list OUTSIDE1_IN extended permit tcp any host 192.168.xxx.xxx eq 2513
access-list OUTSIDE1_IN extended permit udp any host 192.168.xxx.xxx eq 1494
access-list OUTSIDE1_IN extended permit tcp any host 192.168.xxx.xxx eq citrix-ica
access-list OUTSIDE1_IN extended permit udp any host 192.168.xxx.xxx eq 1604
access-list OUTSIDE1_IN extended permit tcp any host 192.168.xxx.xxx eq 1604
access-list OUTSIDE1_IN extended permit tcp any host 192.168.xxx.xxx eq 2598
access-list OUTSIDE1_IN extended permit udp any host 192.168.xxx.xxx eq 2598
access-list OUTSIDE1_IN extended permit tcp any host 192.168.xxx.xxx eq 81
access-list OUTSIDE1_IN extended permit tcp any host 192.168.xxx.xxx eq www
access-list OUTSIDE1_IN extended permit udp any host 192.168.xxx.xxx eq www
access-list OUTSIDE1_IN extended permit tcp any host 192.168.xxx.xxx eq 8001
access-list OUTSIDE1_IN extended permit tcp any host 192.168.xxx.xxx eq 5222
access-list OUTSIDE1_IN extended permit tcp any host 192.168.xxx.xxx eq 5269
access-list OUTSIDE1_IN extended permit tcp host 107.xxx.xxx.xxx host 192.168.xxx.xxx eq ftp
access-list OUTSIDE1_IN extended permit tcp host 107.xxx.xxx.xxx host 192.168.xxx.xxx eq 64433
access-list OUTSIDE1_IN extended permit tcp host 107.xxx.xxx.xxx host 192.168.xxx.xxx eq ftp-data
access-list OUTSIDE1_IN extended permit tcp host 107.xxx.xxx.xxx host 192.168.xxx.xxx
access-list OUTSIDE1_IN extended permit tcp host 96.xxx.xxx.xxx host 192.168.xxx.xxx eq ftp
access-list OUTSIDE1_IN extended permit tcp host 96.xxx.xxx.xxx host 192.168.xxx.xxx eq 64433
access-list OUTSIDE1_IN extended permit tcp host 96.xxx.xxx.xxx host 192.168.xxx.xxx eq ftp-data
access-list OUTSIDE1_IN extended permit tcp host 96.xxx.xxx.xxx host 192.168.xxx.xxx
access-list OUTSIDE1_IN extended permit tcp host 34.xxx.xxx.xxx host 192.168.xxx.xxx eq ftp
access-list OUTSIDE1_IN extended permit tcp host 34.xxx.xxx.xxx host 192.168.xxx.xxx eq ftp-data
access-list OUTSIDE1_IN extended permit tcp host 34.xxx.xxx.xxx host 192.168.xxx.xxx eq 64433
access-list OUTSIDE1_IN extended permit tcp host 34.xxx.xxx.xxx host 192.168.xxx.xxx
access-list OUTSIDE1_IN extended permit tcp any object-group REAL-UCEXPRESS object-group TCP-UCEXPRESS
access-list OUTSIDE1_IN extended permit udp any object-group REAL-UCEXPRESS object-group UDP-UCEXPRESS
access-list OUTSIDE1_IN extended permit tcp any object-group PARALLELS1 object-group TCP-PARALLELS
access-list OUTSIDE1_cryptomap extended permit ip 192.168.xxx.xxx 255.255.xxx.xxx 10.xxx.xxx.xxx 255.xxx.xxx.xxx
pager lines 24
logging enable
logging buffer-size 51200
logging buffered notifications
logging asdm informational
mtu OUTSIDE 1500
mtu DMZ1 1500
mtu CUSTOMER 1500
mtu OUTSIDE1 1500
mtu UC 1500
mtu VOIP 1500
mtu GUEST 1500
mtu DMZ 1500
mtu management 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-66114.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (CUSTOMER,OUTSIDE1) source static OBJ-LOCAL OBJ-LOCAL destination static OBJ-REMOTE OBJ-REMOTE no-proxy-arp route-lookup
nat (CUSTOMER,OUTSIDE) source static OBJ-LOCAL OBJ-LOCAL destination static OBJ-REMOTE OBJ-REMOTE no-proxy-arp route-lookup
nat (CUSTOMER,OUTSIDE) source static OBJ-VPNLOCAL OBJ-VPNLOCAL destination static OBJ-VPNPOOL OBJ-VPNPOOL no-proxy-arp route-lookup
nat (CUSTOMER,OUTSIDE1) source static OBJ-VPNLOCAL OBJ-VPNLOCAL destination static OBJ-VPNPOOL OBJ-VPNPOOL no-proxy-arp route-lookup
nat (CUSTOMER,OUTSIDE1) source static NETWORK_OBJ_192.168.xxx.xxx_24 NETWORK_OBJ_192.168.xxx.xxx_24 destination static NETWORK_OBJ_10.xxx.xxx.xxx_24 NETWORK_OBJ_10.xxx.xxx.xxx_24 no-proxy-arp route-lookup
!
object network OBJ-CUSTOMER
nat (CUSTOMER,OUTSIDE) dynamic interface
object network H-192.168.xxx.xxx-T587
nat (CUSTOMER,OUTSIDE) static interface service tcp 587 587
object network H-192.168.xxx.xxx-T25
nat (CUSTOMER,OUTSIDE) static interface service tcp smtp smtp
object network H-192.168.xxx.xxx-T110
nat (CUSTOMER,OUTSIDE) static interface service tcp pop3 pop3
object network H-192.168.xxx.xxx-T443
nat (CUSTOMER,OUTSIDE) static interface service tcp https https
object network H-192.168.xxx.xxx-T8080
nat (CUSTOMER,OUTSIDE) static interface service tcp 8080 8080
object network H-192.168.xxx.xxx-T8000
nat (CUSTOMER,OUTSIDE) static interface service tcp www 8000
object network H-192.168.xxx.xxx-T8001
nat (CUSTOMER,OUTSIDE) static interface service tcp 8001 8001
object network H-192.168.xxx.xxx-T8002
nat (CUSTOMER,OUTSIDE) static interface service tcp www 8002
object network H-192.168.xxx.xxx-T8003
nat (CUSTOMER,OUTSIDE) static interface service tcp www 8003
object network H-192.168.xxx.xxx-T8004
nat (CUSTOMER,OUTSIDE) static interface service tcp www 8004
object network H-192.168.xxx.xxx-T3389
nat (CUSTOMER,OUTSIDE) static interface service tcp 3389 3389
object network H-192.168.xxx.xxx-T5631
nat (CUSTOMER,OUTSIDE) static interface service tcp pcanywhere-data pcanywhere-data
object network H-192.168.xxx.xxx-U5632
nat (CUSTOMER,OUTSIDE) static interface service udp pcanywhere-status pcanywhere-status
object network H-192.168.xxx.xxx-T5678
nat (CUSTOMER,OUTSIDE) static interface service tcp 5678 5678
object network H-192.168.xxx.xxx-T1723
nat (CUSTOMER,OUTSIDE) static interface service tcp pptp pptp
object network H-192.168.xxx.xxx-T2512
nat (CUSTOMER,OUTSIDE) static interface service tcp 2512 2512
object network H-192.168.xxx.xxx-T2513
nat (CUSTOMER,OUTSIDE) static interface service tcp 2513 2513
object network H-192.168.xxx.xxx-U1494
nat (CUSTOMER,OUTSIDE) static interface service udp 1494 1494
object network H-192.168.xxx.xxx-T1494
nat (CUSTOMER,OUTSIDE) static interface service tcp citrix-ica citrix-ica
object network H-192.168.xxx.xxx-T1604
nat (CUSTOMER,OUTSIDE) static interface service tcp 1604 1604
object network H-192.168.xxx.xxx-T2598
nat (CUSTOMER,OUTSIDE) static interface service tcp 2598 2598
object network H-192.168.xxx.xxx-U2598
nat (CUSTOMER,OUTSIDE) static interface service udp 2598 2598
object network H-192.168.xxx.xxx-T81
nat (CUSTOMER,OUTSIDE) static interface service tcp 81 81
object network H-192.168.xxx.xxx-T80
nat (CUSTOMER,OUTSIDE) static interface service tcp www www
object network H-192.168.xxx.xxx-U81
nat (CUSTOMER,OUTSIDE) static interface service udp 81 81
object network H-192.168.xxx.xxx-U1604
nat (CUSTOMER,OUTSIDE) static interface service udp 1604 1604
object network OBJ-CUSTOMER-01
nat (CUSTOMER,OUTSIDE1) dynamic interface
object network H1-192.168.xxx.xxx-T587
nat (CUSTOMER,OUTSIDE1) static interface service tcp 587 587
object network H1-192.168.xxx.xxx-T25
nat (CUSTOMER,OUTSIDE1) static interface service tcp smtp smtp
object network H1-192.168.xxx.xxx-T110
nat (CUSTOMER,OUTSIDE1) static interface service tcp pop3 pop3
object network H1-192.168.xxx.xxx-T443
nat (CUSTOMER,OUTSIDE1) static interface service tcp https https
object network H1-192.168.xxx.xxx-T8080
nat (CUSTOMER,OUTSIDE1) static interface service tcp 8080 8080
object network H1-192.168.xxx.xxx-T8000
nat (CUSTOMER,OUTSIDE1) static interface service tcp www 8000
object network H1-192.168.xxx.xxx-T8001
nat (CUSTOMER,OUTSIDE1) static interface service tcp 8001 8001
object network H1-192.168.xxx.xxx-T8002
nat (CUSTOMER,OUTSIDE1) static interface service tcp www 8002
object network H1-192.168.xxx.xxx-T8003
nat (CUSTOMER,OUTSIDE1) static interface service tcp www 8003
object network H1-192.168.xxx.xxx-T8004
nat (CUSTOMER,OUTSIDE1) static interface service tcp www 8004
object network H1-192.168.xxx.xxx-T3389
nat (CUSTOMER,OUTSIDE1) static interface service tcp 3389 3389
object network H1-192.168.xxx.xxx-T5631
nat (CUSTOMER,OUTSIDE1) static interface service tcp pcanywhere-data pcanywhere-data
object network H1-192.168.xxx.xxx-U5632
nat (CUSTOMER,OUTSIDE1) static interface service udp pcanywhere-status pcanywhere-status
object network H1-192.168.xxx.xxx-T5678
nat (CUSTOMER,OUTSIDE1) static interface service tcp 5678 5678
object network H1-192.168.xxx.xxx-T1723
nat (CUSTOMER,OUTSIDE1) static interface service tcp pptp pptp
object network H1-192.168.xxx.xxx-T2512
nat (CUSTOMER,OUTSIDE1) static interface service tcp 2512 2512
object network H1-192.168.xxx.xxx-T2513
nat (CUSTOMER,OUTSIDE1) static interface service tcp 2513 2513
object network H1-192.168.xxx.xxx-U1494
nat (CUSTOMER,OUTSIDE1) static interface service udp 1494 1494
object network H1-192.168.xxx.xxx-T1494
nat (CUSTOMER,OUTSIDE1) static interface service tcp citrix-ica citrix-ica
object network H1-192.168.xxx.xxx-T1604
nat (CUSTOMER,OUTSIDE1) static interface service tcp 1604 1604
object network H1-192.168.xxx.xxx-T2598
nat (CUSTOMER,OUTSIDE1) static interface service tcp 2598 2598
object network H1-192.168.xxx.xxx-U2598
nat (CUSTOMER,OUTSIDE1) static interface service udp 2598 2598
object network H1-192.168.xxx.xxx-T81
nat (CUSTOMER,OUTSIDE1) static interface service tcp 81 81
object network H1-192.168.xxx.xxx-T80
nat (CUSTOMER,OUTSIDE1) static interface service tcp www www
object network H1-192.168.xxx.xxx-U81
nat (CUSTOMER,OUTSIDE1) static interface service udp 81 81
object network H1-192.168.xxx.xxx-U1604
nat (CUSTOMER,OUTSIDE1) static interface service udp 1604 1604
object network H-192.168.xxx.xxx-T64433
nat (CUSTOMER,OUTSIDE1) static interface service tcp 64433 64433
object network H-192.168.xxx.xxx-T20
nat (CUSTOMER,OUTSIDE) static interface service tcp ftp-data ftp-data
object network H-192.168.xxx.xxx-T21
nat (CUSTOMER,OUTSIDE) static interface service tcp ftp ftp
object network H-192.168.xxx.xxx-T50000
nat (CUSTOMER,OUTSIDE1) static interface service tcp 50000 50000
object network H-192.168.xxx.xxx-T50001
nat (CUSTOMER,OUTSIDE1) static interface service tcp 50001 50001
object network H-192.168.xxx.xxx-T50002
nat (CUSTOMER,OUTSIDE1) static interface service tcp 50002 50002
object network H-192.168.xxx.xxx-T50003
nat (CUSTOMER,OUTSIDE1) static interface service tcp 50003 50003
object network H-192.168.xxx.xxx-T50004
nat (CUSTOMER,OUTSIDE1) static interface service tcp 50004 50004
object network H-192.168.xxx.xxx-T50005
nat (CUSTOMER,OUTSIDE1) static interface service tcp 50005 50005
object network H-192.168.xxx.xxx-T50006
nat (CUSTOMER,OUTSIDE1) static interface service tcp 50006 50006
object network H-192.168.xxx.xxx-T50007
nat (CUSTOMER,OUTSIDE1) static interface service tcp 50007 50007
object network H-192.168.xxx.xxx-T50008
nat (CUSTOMER,OUTSIDE1) static interface service tcp 50008 50008
object network H-192.168.xxx.xxx-T50009
nat (CUSTOMER,OUTSIDE1) static interface service tcp 50009 50009
object network H-192.168.xxx.xxx-T50010
nat (CUSTOMER,OUTSIDE1) static interface service tcp 50010 50010
object network H-192.168.xxx.xxx-T50011
nat (CUSTOMER,OUTSIDE1) static interface service tcp 50011 50011
object network H-192.168.xxx.xxx-T50012
nat (CUSTOMER,OUTSIDE1) static interface service tcp 50012 50012
object network H-192.168.xxx.xxx-T50013
nat (CUSTOMER,OUTSIDE1) static interface service tcp 50013 50013
object network H-192.168.xxx.xxx-T50014
nat (CUSTOMER,OUTSIDE1) static interface service tcp 50014 50014
object network H-192.168.xxx.xxx-T50015
nat (CUSTOMER,OUTSIDE1) static interface service tcp 50015 50015
object network H-192.168.xxx.xxx-T50016
nat (CUSTOMER,OUTSIDE1) static interface service tcp 50016 50016
object network H-192.168.xxx.xxx-T50017
nat (CUSTOMER,OUTSIDE1) static interface service tcp 50017 50017
object network H-192.168.xxx.xxx-T50018
nat (CUSTOMER,OUTSIDE1) static interface service tcp 50018 50018
object network H-192.168.xxx.xxx-T50019
nat (CUSTOMER,OUTSIDE1) static interface service tcp 50019 50019
object network H-192.168.xxx.xxx-T50020
nat (CUSTOMER,OUTSIDE1) static interface service tcp 50020 50020
object network H-192.168.xxx.xxx-T50021
nat (CUSTOMER,OUTSIDE1) static interface service tcp 50021 50021
object network H-192.168.xxx.xxx-T50022
nat (CUSTOMER,OUTSIDE1) static interface service tcp 50022 50022
object network H-192.168.xxx.xxx-T50023
nat (CUSTOMER,OUTSIDE1) static interface service tcp 50023 50023
object network H-192.168.xxx.xxx-T50024
nat (CUSTOMER,OUTSIDE1) static interface service tcp 50024 50024
object network H-192.168.xxx.xxx-T50025
nat (CUSTOMER,OUTSIDE1) static interface service tcp 50025 50025
object network H-192.168.xxx.xxx-T50026
nat (CUSTOMER,OUTSIDE1) static interface service tcp 50026 50026
object network H-192.168.xxx.xxx-T50027
nat (CUSTOMER,OUTSIDE1) static interface service tcp 50027 50027
object network H-192.168.xxx.xxx-T50028
nat (CUSTOMER,OUTSIDE1) static interface service tcp 50028 50028
object network H-192.168.xxx.xxx-T50029
nat (CUSTOMER,OUTSIDE1) static interface service tcp 50029 50029
object network H-192.168.xxx.xxx-T50030
nat (CUSTOMER,OUTSIDE1) static interface service tcp 50030 50030
object network H-192.168.xxx.xxx-T50031
nat (CUSTOMER,OUTSIDE1) static interface service tcp 50031 50031
object network H-192.168.xxx.xxx-T50032
nat (CUSTOMER,OUTSIDE1) static interface service tcp 50032 50032
object network H-192.168.xxx.xxx-T50033
nat (CUSTOMER,OUTSIDE1) static interface service tcp 50033 50033
object network H-192.168.xxx.xxx-T50034
nat (CUSTOMER,OUTSIDE1) static interface service tcp 50034 50034
object network H-192.168.xxx.xxx-T50035
nat (CUSTOMER,OUTSIDE1) static interface service tcp 50035 50035
object network H-192.168.xxx.xxx-T50036
nat (CUSTOMER,OUTSIDE1) static interface service tcp 50036 50036
object network H-192.168.xxx.xxx-T50037
nat (CUSTOMER,OUTSIDE1) static interface service tcp 50037 50037
object network H-192.168.xxx.xxx-T50038
nat (CUSTOMER,OUTSIDE1) static interface service tcp 50038 50038
object network H-192.168.xxx.xxx-T50039
nat (CUSTOMER,OUTSIDE1) static interface service tcp 50039 50039
object network H-192.168.xxx.xxx-T50040
nat (CUSTOMER,OUTSIDE1) static interface service tcp 50040 50040
object network H-192.168.xxx.xxx-T50041
nat (CUSTOMER,OUTSIDE1) static interface service tcp 50041 50041
object network H-192.168.xxx.xxx-T50042
nat (CUSTOMER,OUTSIDE1) static interface service tcp 50042 50042
object network H-192.168.xxx.xxx-T50043
nat (CUSTOMER,OUTSIDE1) static interface service tcp 50043 50043
object network H-192.168.xxx.xxx-T50044
nat (CUSTOMER,OUTSIDE1) static interface service tcp 50044 50044
object network H-192.168.xxx.xxx-T50045
nat (CUSTOMER,OUTSIDE1) static interface service tcp 50045 50045
object network H-192.168.xxx.xxx-T50046
nat (CUSTOMER,OUTSIDE1) static interface service tcp 50046 50046
object network H-192.168.xxx.xxx-T50047
nat (CUSTOMER,OUTSIDE1) static interface service tcp 50047 50047
object network H-192.168.xxx.xxx-T50048
nat (CUSTOMER,OUTSIDE1) static interface service tcp 50048 50048
object network H-192.168.xxx.xxx-T50049
nat (CUSTOMER,OUTSIDE1) static interface service tcp 50049 50049
object network H-192.168.xxx.xxx-T50050
nat (CUSTOMER,OUTSIDE1) static interface service tcp 50050 50050
object network H1-192.168.xxx.xxx-T20
nat (CUSTOMER,OUTSIDE1) static interface service tcp ftp-data ftp-data
object network H1-192.168.xxx.xxx-T21
nat (CUSTOMER,OUTSIDE1) static interface service tcp ftp ftp
object network H-10.255.255.9
nat (DMZ1,OUTSIDE1) static 64.xxx.xxx.xxx
object network ParallelsAlt
nat (any,any) static 64.xxx.xxx.xxx
access-group OUTSIDE_IN in interface OUTSIDE
access-group OUTSIDE1_IN in interface OUTSIDE1
route OUTSIDE1 0.0.0.0 0.0.0.0 64.xxx.xxx.xxx 1 track 100
route OUTSIDE1 0.0.0.0 0.0.0.0 64.xxx.xxx.xxx 1
route OUTSIDE 0.0.0.0 0.0.0.0 152.xxx.xxx.xxx 251
route UC 172.xxx.xxx.xxx 255.xxx.xxx.xxx 172.xxx.xxx.xxx 1
route DMZ 192.168.xxx.xxx 255.255.xxx.xxx 192.168.xxx.xxx 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
aaa authentication telnet console LOCAL
aaa authentication serial console LOCAL
http server enable
http 192.168.xxx.xxx 255.255.xxx.xxx management
http 192.168.xxx.xxx 255.255.xxx.xxx CUSTOMER
http authentication-certificate CUSTOMER
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
sla monitor 100
type echo protocol ipIcmpEcho 64.xxx.xxx.xxx interface OUTSIDE1
timeout 3000
frequency 5
sla monitor schedule 100 life forever start-time now
crypto ipsec ikev1 transform-set TRSET esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map OUTSIDE_DYN_MAP 10 set ikev1 transform-set TRSET
crypto map VPNMAP 1 match address OUTSIDE1_cryptomap
crypto map VPNMAP 1 set peer 12.xxx.xxx.xxx
crypto map VPNMAP 1 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map VPNMAP 65535 ipsec-isakmp dynamic OUTSIDE_DYN_MAP
crypto map VPNMAP interface OUTSIDE
crypto map VPNMAP interface OUTSIDE1
crypto ca trustpool policy
crypto isakmp identity address
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev1 enable OUTSIDE
crypto ikev1 enable OUTSIDE1
crypto ikev1 policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
!
track 10 rtr 100 reachability
telnet 10.xxx.xxx.xxx 255.xxx.xxx.xxx DMZ1
telnet 192.168.xxx.xxx 255.255.xxx.xxx CUSTOMER
telnet timeout 5
ssh 107.xxx.xxx.xxx 255.xxx.xxx.xxx OUTSIDE
ssh 192.168.xxx.xxx 255.255.xxx.xxx CUSTOMER
ssh 192.168.xxx.xxx 255.255.xxx.xxx CUSTOMER
ssh 192.168.xxx.xxx 255.255.xxx.xxx CUSTOMER
ssh 192.168.xxx.xxx 255.255.xxx.xxx CUSTOMER
ssh 192.168.xxx.xxx 255.255.xxx.xxx CUSTOMER
ssh 107.xxx.xxx.xxx 255.xxx.xxx.xxx OUTSIDE1
ssh 0.0.0.0 0.0.0.0 OUTSIDE1
ssh timeout 15
ssh version 2
console timeout 0
dhcprelay server 192.168.xxx.xxx CUSTOMER
dhcprelay enable VOIP
dhcprelay setroute CUSTOMER
dhcprelay timeout 90
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 10.xxx.xxx.xxx
webvpn
port 444
enable OUTSIDE1
anyconnect image disk0:/anyconnect-win-3.1.05160-k9.pkg 1
anyconnect image disk0:/anyconnect-macosx-i386-2.5.2014-k9.pkg 2
anyconnect enable
tunnel-group-list enable
group-policy DfltGrpPolicy attributes
vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-clientless
group-policy GroupPolicy_12.220.143.93 internal
group-policy GroupPolicy_12.220.143.93 attributes
vpn-tunnel-protocol ikev1
group-policy vpn-clients-policy internal
group-policy vpn-clients-policy attributes
dns-server value 192.168.xxx.xxx 192.168.xxx.xxx
vpn-idle-timeout 30
split-tunnel-policy tunnelspecified
split-tunnel-network-list value SPLITTUNNEL
default-domain value westlake-miller.com
group-policy ANY internal
group-policy ANY attributes
dns-server value 192.168.xxx.xxx 192.168.xxx.xxx
vpn-tunnel-protocol ssl-client
split-tunnel-policy tunnelspecified
split-tunnel-network-list value SPLITTUNNEL
default-domain value westlake-miller.com
webvpn
anyconnect keep-installer installed
anyconnect dpd-interval client 20
anyconnect ask none default anyconnect
username salim password XXXXXXXXXXXXXXXXX encrypted
username netadmin password XXXXXXXXXXXXXXXXXXX encrypted privilege 15
tunnel-group 71.xxx.xxx.xxx type ipsec-l2l
tunnel-group 71.xxx.xxx.xxx ipsec-attributes
ikev1 pre-shared-key XXXXXXXXXXXXXXXXX
tunnel-group RVPN type remote-access
tunnel-group RVPN general-attributes
address-pool VPNPOOL
default-group-policy vpn-clients-policy
tunnel-group RVPN ipsec-attributes
ikev1 pre-shared-key XXXXXXXXXXXXXXX
tunnel-group ANY type remote-access
tunnel-group ANY general-attributes
address-pool VPNPOOL
default-group-policy ANY
tunnel-group ANY webvpn-attributes
group-alias WL enable
tunnel-group 12.xxx.xxx.xxx type ipsec-l2l
tunnel-group 12.xxx.xxx.xxx ipsec-attributes
ikev1 pre-shared-key XXXXXXXXXXXXXXX
peer-id-validate nocheck
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
inspect pptp
inspect ftp
inspect sip
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:XXXXXXXXXXXXXXXXXXXXXXXXXX
: end

 

 

And here is the current running-config for the remote ASA (the 5505)

: Saved

:

: Serial Number: XXXXXXXXXXXXXX

: Hardware:   ASA5505, 512 MB RAM, CPU Geode 500 MHz

: Written by enable_15 at 00:48:46.409 UTC Wed Jan 2 2008

!

ASA Version 9.2(4)

!

hostname XXXXXXXX

enable password XXXXXXXXXXX encrypted

names

!

interface Ethernet0/0

 switchport access vlan 2

!

interface Ethernet0/1

!

interface Ethernet0/2

!

interface Ethernet0/3

!

interface Ethernet0/4

!

interface Ethernet0/5

!

interface Ethernet0/6

!

interface Ethernet0/7

!

interface Vlan1

 nameif inside

 security-level 100

 ip address 10.xxx.xxx.xxx 255.xxx.xxx.xxx

!

interface Vlan2

 nameif outside

 security-level 0

 ip address 12.xxx.xxx.xxx 255.255.255.xxx

!

ftp mode passive

dns domain-lookup outside

dns server-group DefaultDNS

 name-server 12.xxx.xxx.xxx

 name-server 12.xxx.xxx.xxx

object network obj_any

 subnet 0.0.0.0 0.0.0.0

object network NETWORK_OBJ_192.168.xxx.xxx_24

 subnet 192.168.xxx.xxx  255.255.xxx.xxx

object network NETWORK_OBJ_10.xxx.xxx.xxx_24

 subnet 10.xxx.xxx.xxx 255.255.255.0

access-list outside_cryptomap_1 extended permit ip 10.xxx.xxx.xxx 255.xxx.xxx.xxx 192.168.xxx.xxx 255.255.xxx.xxx

pager lines 24

logging asdm informational

mtu inside 1500

mtu outside 1500

no failover

icmp unreachable rate-limit 1 burst-size 1

no asdm history enable

arp timeout 14400

no arp permit-nonconnected

nat (inside,outside) source static NETWORK_OBJ_10.xxx.xxx.xxx_24 NETWORK_OBJ_10.xxx.xxx.xxx_24 destination static NETWORK_OBJ_192.168.xxx.xxx_24 NETWORK_OBJ_192.168.xxx.xxx_24 no-proxy-arp route-lookup

!

object network obj_any

 nat (inside,outside) dynamic interface

!

nat (inside,outside) after-auto source dynamic any interface

route outside 0.0.0.0 0.0.0.0 12.xxx.xxx.xxx 1

timeout xlate 3:00:00

timeout pat-xlate 0:00:30

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

dynamic-access-policy-record DfltAccessPolicy

user-identity default-domain LOCAL

http server enable

http 0.0.0.0 0.0.0.0 outside

http 0.0.0.0 0.0.0.0 inside

no snmp-server location

no snmp-server contact

crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac

crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac

crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac

crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac

crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac

crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac

crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac

crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport

crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac

crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transport

crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac

crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport

crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac

crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transport

crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac

crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport

crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac

crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transport

crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac

crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac

crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport

crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac

crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transport

crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac

crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac

crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac

crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport

crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac

crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transport

crypto ipsec ikev2 ipsec-proposal DES

 protocol esp encryption des

 protocol esp integrity sha-1 md5

crypto ipsec ikev2 ipsec-proposal 3DES

 protocol esp encryption 3des

 protocol esp integrity sha-1 md5

crypto ipsec ikev2 ipsec-proposal AES

 protocol esp encryption aes

 protocol esp integrity sha-1 md5

crypto ipsec ikev2 ipsec-proposal AES192

 protocol esp encryption aes-192

 protocol esp integrity sha-1 md5

crypto ipsec ikev2 ipsec-proposal AES256

 protocol esp encryption aes-256

 protocol esp integrity sha-1 md5

crypto ipsec security-association pmtu-aging infinite

crypto map outside_map 1 match address outside_cryptomap_1

crypto map outside_map 1 set peer 64.xxx.xxx.xxx

crypto map outside_map 1 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5

crypto map outside_map 1 set ikev2 ipsec-proposal DES 3DES AES AES192 AES256

crypto map outside_map interface outside

crypto ca trustpool policy

crypto ikev2 policy 1

 encryption aes-256

 integrity sha

 group 5 2

 prf sha

 lifetime seconds 86400

crypto ikev2 policy 10

 encryption aes-192

 integrity sha

 group 5 2

 prf sha

 lifetime seconds 86400

crypto ikev2 policy 20

 encryption aes

 integrity sha

 group 5 2

 prf sha

 lifetime seconds 86400

crypto ikev2 policy 30

 encryption 3des

 integrity sha

 group 5 2

 prf sha

 lifetime seconds 86400

crypto ikev2 policy 40

 encryption des

 integrity sha

 group 5 2

 prf sha

 lifetime seconds 86400

crypto ikev1 enable outside

crypto ikev1 policy 10

 authentication crack

 encryption aes-256

 hash sha

 group 2

 lifetime 86400

crypto ikev1 policy 20

 authentication rsa-sig

 encryption aes-256

 hash sha

 group 2

 lifetime 86400

crypto ikev1 policy 30

 authentication pre-share

 encryption aes-256

 hash sha

 group 2

 lifetime 86400

crypto ikev1 policy 40

 authentication crack

 encryption aes-192

 hash sha

 group 2

 lifetime 86400

crypto ikev1 policy 50

 authentication rsa-sig

 encryption aes-192

 hash sha

 group 2

 lifetime 86400

crypto ikev1 policy 60

 authentication pre-share

 encryption aes-192

 hash sha

 group 2

 lifetime 86400

crypto ikev1 policy 70

 authentication crack

 encryption aes

 hash sha

 group 2

 lifetime 86400

crypto ikev1 policy 80

 authentication rsa-sig

 encryption aes

 hash sha

 group 2

 lifetime 86400

crypto ikev1 policy 90

 authentication pre-share

 encryption aes

 hash sha

 group 2

 lifetime 86400

crypto ikev1 policy 100

 authentication crack

 encryption 3des

 hash sha

 group 2

 lifetime 86400

crypto ikev1 policy 110

 authentication rsa-sig

 encryption 3des

 hash sha

 group 2

 lifetime 86400

crypto ikev1 policy 120

 authentication pre-share

 encryption 3des

 hash sha

 group 2

 lifetime 86400

crypto ikev1 policy 130

 authentication crack

 encryption des

 hash sha

 group 2

 lifetime 86400

crypto ikev1 policy 140

 authentication rsa-sig

 encryption des

 hash sha

 group 2

 lifetime 86400

crypto ikev1 policy 150

 authentication pre-share

 encryption des

 hash sha

 group 2

 lifetime 86400

telnet timeout 5

no ssh stricthostkeycheck

ssh 10.xxx.xxx.xxx 255.xxx.xxx.xxx inside

ssh timeout 5

ssh key-exchange group dh-group1-sha1

console timeout 0

 

dhcpd auto_config outside

!

dhcpd dns 12.xxx.xxx 12.xxx.xxx.xxx interface inside

!

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

group-policy DfltGrpPolicy attributes

 vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-clientless

group-policy GroupPolicy_64.xxx.xxx.xxx internal

group-policy GroupPolicy_64.xxx.xxx.xxx attributes

 vpn-tunnel-protocol ikev1

tunnel-group 64.xxx.xxx.xxx type ipsec-l2l

tunnel-group 64.xxx.xxx.xxx ipsec-attributes

 ikev1 pre-shared-key XXXXXXXXXXXXXXXXXXXXXXXX

 peer-id-validate nocheck

 ikev2 remote-authentication pre-shared-key XXXXXXXXXXXXXXXXX

 ikev2 local-authentication pre-shared-key XXXXXXXXXXXXXXXXXX

!

class-map inspection_default

 match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

 parameters

  message-length maximum client auto

  message-length maximum 512

policy-map global_policy

 class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect rsh

  inspect rtsp

  inspect esmtp

  inspect sqlnet

  inspect skinny 

  inspect sunrpc

  inspect xdmcp

  inspect sip 

  inspect netbios

  inspect tftp

  inspect ip-options

!

service-policy global_policy global

prompt hostname context

no call-home reporting anonymous

Cryptochecksum:XXXXXXXXXXXXXXXXXXXXXXXXXXXX

: end

1 Accepted Solution

Accepted Solutions

WestlakeIT
Level 1
Level 1

Okay, I redid the VPN wizard again, I didn't change anything in the setup either, it's suddenly working!  I do not know why, but it's working.

View solution in original post

1 Reply 1

WestlakeIT
Level 1
Level 1

Okay, I redid the VPN wizard again, I didn't change anything in the setup either, it's suddenly working!  I do not know why, but it's working.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: