I am a Cisco noob - CISCO ASA

jaszam0623 · ‎04-15-2014

ASA Version 9.1(5)
!
hostname ciscoasa212
domain-name XXXXX.com
enable password XXXXX encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd XXXXX.XXXXX encrypted
names
XXXX

svr1
XXXX

svr2
XXXX

svr
XXXX
XXXX

ip local pool sdi_pool x.x.x.x-xx.xxx.xxx.xxx mask 255.0.0.0
!
interface GigabitEthernet0/0
description Internet connection to outside
nameif inet_outside
security-level 100
ip address xxx.xxx.247.146 255.255.255.128
!
interface GigabitEthernet0/1
description OCC Network
nameif occ
security-level 100
ip address xx.1.1.11 255.0.0.0
!
interface GigabitEthernet0/2
nameif dmz
security-level 100
ip address xx.xx.1.11 255.255.0.0
!
interface GigabitEthernet0/3
nameif city
security-level 100
ip address xxx.xxx.46.108 255.255.255.0
!
interface GigabitEthernet0/4
nameif leads
security-level 100
ip address xxx.xxx.167.11 255.255.0.0
!
interface GigabitEthernet0/5
nameif Heartbeat
security-level 100
ip address xxx.xxx.11.11 255.255.0.0
!
interface GigabitEthernet0/6
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/7
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
management-only
nameif management
security-level 100
ip address xxx.xx.212.212 255.255.0.0
!
interface Management0/1
shutdown
no nameif
no security-level
no ip address
!
interface TenGigabitEthernet0/8
shutdown
no nameif
no security-level
no ip address
!
interface TenGigabitEthernet0/9
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/0
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/1
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/2
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/3
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/4
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/5
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/6
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/7
shutdown
no nameif
no security-level
no ip address
!
interface TenGigabitEthernet1/8
shutdown
no nameif
no security-level
no ip address
!
interface TenGigabitEthernet1/9
shutdown
no nameif
no security-level
no ip address
!
boot system disk0:/asa915-smp-k8.bin
boot system disk0:/asa914-smp-k8.bin
ftp mode passive
clock timezone CST -6
clock summer-time CDT recurring
dns domain-lookup inet_outside
dns domain-lookup occ
dns domain-lookup dmz
dns domain-lookup city
dns domain-lookup leads
dns server-group DefaultDNS
name-server xx.xxx.247.23
name-server xx.xxx.247.24
domain-name xxxx.com
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network FEMA-Interactive-Courses-01
host xxx.xxx.27.113
description Created during name migration
object network FEMA-Interactive-Courses-02
host xxx.xxx.27.115
description Created during name migration
object network CityEmail
host xxx.xxx.239.29
description Created during name migration
object network FEMA-Training-site
host xxx.xxx.1.22
description Created during name migration
object network Flight-stats
host xx.xx.3.174
description Created during name migration
object network Flychicago
host xx.xxx.247.130
description Created during name migration
object network Crossmatch-support
host xxx.xx.222.172
description Created during name migration
object network GoToAssist
host xxx.xxx.210.200
description Created during name migration
object network GoToAssist-secure
host xxx.xxx.210.202
description Created during name migration
object network Crossmatch-FTP-site
host xx.xx.11.201
description Created during name migration
object network AAAE-VPN-Host
host xx.xxx.28.2
description Created during name migration
object network City-Groupwise
host xxx.xxx.145.217
description Created during name migration
object network Ohare.com
host xx.xxx.247.22
description Created during name migration
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network leads
host 10.32.122.31
description LEADS2000 server
object service Projectwise-5799_5800
service tcp destination range 5799 5800
object service leads_prox
service tcp destination range 3930 3931
object service netbios-tcp
service tcp destination eq netbios-ssn
object service netbios-udp
service udp destination range netbios-ns netbios-dgm
object service nextiva_dont_know_2
service tcp destination eq 445
object network occ-network
subnet xx.0.0.0 255.0.0.0
object network NETWORK_OBJ_xx.0.0.0_28
subnet xx.0.0.0 255.255.255.240
object network NETWORK_OBJ_xx.101.0.0_28
subnet xx.101.0.0 255.255.255.240
object service Pidgin-5222
service tcp destination eq 5222
description Pidgin-5222
object service smtp-25
service tcp destination eq smtp
description smtp 25
object service smtp-465
service tcp destination eq 465
description smtp 465
object service smtp-587
service tcp destination eq 587
description smtp 587
object service ftps_14147
service tcp destination eq 14147
object service ftps_990
service tcp destination eq 990
object service nextiva_ESM_server
service tcp destination eq 1425
object service nextiva_ESM_server2
service tcp destination eq 1427
object service nextiva_ESM_server2_udp
service udp destination eq 1427
object service nextiva_ESM_server_udp
service udp destination eq 1425
object service nextiva_client
service tcp destination eq 5005
object service nextiva_client_udp
service udp destination eq 5005
object service nextiva_comm_daemon
service tcp destination range 8075 8076
object service nextiva_comm_daemon_udp
service udp destination range 8075 8076
object service nextiva_discovery_udp
service udp destination eq 50004
object service nextiva_dont_know
service tcp destination eq 57069
object service finger
service tcp destination eq finger
description finger-79
object service h323_tcp_1720
service tcp destination eq h323
object service h323_udp_1719
service udp destination eq 1719
object service http_alt_1
service tcp destination eq 8080
object service https_alt_
service tcp destination eq 2083
object service https_alt_1
service tcp destination eq 8443
object service ica
service tcp destination eq citrix-ica
object service veridt_tcp_3001
service tcp destination eq 3001
description veridt_tcp_3001
object service veridt_udp_3001
service udp destination eq 3001
description veridt_udp_3001
object service iiop
service tcp destination eq 683
description IIOP Proxy
object service idap
service tcp destination eq ldap
object service ironmail-admin
service tcp destination eq 10443
description HTTPS Proxy
object service ironmail-support
service tcp destination eq 20022
object service msn
service tcp destination eq 569
object service mssql
service tcp destination eq 1433
description MS-SQL Proxy
object service news
service tcp destination eq nntp
object service nextiva_ftp_14147
service tcp destination eq 14147
object service nextive_ftp_990
service tcp destination eq 990
object network NETWORK_OBJ_xx.101.101.96_27
subnet xx.101.101.96 255.255.255.224
object network ACS-Net
host xx.3.3.200
description ACS Node Server
object network ACSTest1
host xx.3.3.61
description New ACS Test Server
object network ACStest1_ILO
host xx.6.6.161
description Lights Out Card
object network AmberAlertBackup
host xx.2.6.34
description Trybus Amber BU
object network Area53
host xx.3.3.80
description Jim Prowatch test
object network BDGMDW-FRGR21
host xx.2.2.71
description mdw crossmatch
object network ubuntu_john_s
host xx.1.7.65
description johns ubuntu desk
object-group network Internet-Hosts-restricted-CAD
description CAD Internet access group
network-object object FEMA-Interactive-Courses-01
network-object object FEMA-Interactive-Courses-02
network-object object CityEmail
network-object object FEMA-Training-site
network-object object Flight-stats
network-object object Flychicago
object-group network Internet-Hosts-restricted-Fingerprints
description Fingerprint PCs in badging
network-object object Crossmatch-support
network-object object GoToAssist
network-object object GoToAssist-secure
network-object object Crossmatch-FTP-site
network-object object AAAE-VPN-Host
object-group network Internet-restricted-CityToSDI-Admin
network-object object CityEmail
network-object object City-Groupwise
network-object object Flychicago
network-object object Ohare.com
object-group service City_Proxies
service-object tcp destination eq ftp
service-object tcp destination eq www
service-object tcp destination eq https
service-object tcp destination eq smtp
service-object tcp destination eq telnet
service-object icmp
service-object object netbios-tcp
service-object object netbios-udp
service-object object nextiva_dont_know_2
object-group service DMZ_Proxies
service-object icmp
service-object object netbios-tcp
service-object object netbios-udp
service-object tcp destination eq ftp
service-object tcp destination eq www
object-group service Internet_Services
description internet services service group
service-object object Projectwise-5799_5800
service-object object netbios-tcp
service-object object netbios-udp
service-object tcp-udp destination eq 5222
service-object tcp destination eq ftp
service-object tcp destination eq www
service-object tcp destination eq https
service-object tcp destination eq pop3
service-object tcp destination eq smtp
service-object tcp destination eq telnet
service-object udp destination eq ntp
object-group service LEADS_Proxies
service-object object leads_prox
service-object tcp destination eq www
service-object tcp destination eq https
object-group network Internet-SDI
description Open internet access
network-object
object-group service Internet_Services_Restricted
description Restricted Access
service-object object netbios-tcp
service-object object netbios-udp
service-object object smtp-25
service-object object smtp-465
service-object object smtp-587
service-object tcp destination eq www
service-object tcp destination eq https
access-list tgroup_splitTunnelAcl standard permit xx.0.0.0 255.0.0.0
access-list AnyConnect_Client_Local_Print extended deny ip any4 any4
access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq lpd
access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol
access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 631
access-list AnyConnect_Client_Local_Print remark Windows' printing port
access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 9100
access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol
access-list AnyConnect_Client_Local_Print extended permit udp any4 host 224.0.0.251 eq 5353
access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name Resolution protocol
access-list AnyConnect_Client_Local_Print extended permit udp any4 host 224.0.0.252 eq 5355
access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol
access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 137
access-list AnyConnect_Client_Local_Print extended permit udp any4 any4 eq netbios-ns
pager lines 24
logging enable
logging asdm informational
mtu inet_outside 1500
mtu occ 1500
mtu dmz 1500
mtu city 1500
mtu leads 1500
mtu Heartbeat 1500
mtu management 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-716.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (occ,inet_outside) source static any any destination static NETWORK_OBJ_xx.0.0.0_28 NETWORK_OBJ_xx.0.0.0_28 no-proxy-arp route-lookup
nat (occ,inet_outside) source static any any destination static NETWORK_OBJ_xx.101.0.0_28 NETWORK_OBJ_xx.101.0.0_28 no-proxy-arp route-lookup
nat (inet_outside,inet_outside) source static occ-network occ-network destination static NETWORK_OBJ_xx.101.0.0_28 NETWORK_OBJ_xx.101.0.0_28 no-proxy-arp route-lookup
nat (occ,inet_outside) source static occ-network occ-network destination static NETWORK_OBJ_xx.101.101.96_27 NETWORK_OBJ_xx.101.101.96_27 no-proxy-arp route-lookup
nat (occ,inet_outside) source static any any destination static NETWORK_OBJ_xx.101.101.96_27 NETWORK_OBJ_xx.101.101.96_27 no-proxy-arp route-lookup
!
object network obj_any
nat (management,inet_outside) dynamic interface
route management 0.0.0.0 0.0.0.0 172.30.1.1 1
route city 10.1.0.0 255.255.0.0 xxx.xxx.46.254 1
route leads xx.xx.0.0 255.255.0.0 xx.xx.167.1 1
route occ xx.xxx.128.0 255.255.255.0 xxx.xxx.46.254 1
route occ xx.0.0.0 255.0.0.0 xx.1.1.1 1
route occ xx.17.27.41 255.255.255.255 xxx.xxx.247.254 1
route city xxx.xxx.0.0 255.255.0.0 xxx.xxx.4.254 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
webvpn
url-list value SDIPedia
file-browsing enable
file-entry enable
http-proxy enable
url-entry enable
user-identity default-domain LOCAL
http server enable
http xx.0.0.0 255.0.0.0 management
http xx.0.0.0 255.0.0.0 management
http xxx.30.0.0 255.255.0.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transport
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-192-SHA ESP-AES-256-SHA ESP-3DES-SHA ESP-DES-SHA ESP-AES-128-SHA-TRANS ESP-AES-192-SHA-TRANS ESP-AES-256-SHA-TRANS ESP-3DES-SHA-TRANS ESP-DES-SHA-TRANS
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map occ_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map occ_map interface occ
crypto map inet_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map inet_map interface inet_outside
crypto ca trustpoint _SmartCallHome_ServerCA
revocation-check crl ocsp none
crl configure
crypto ca trustpoint ASDM_TrustPoint0
enrollment terminal
subject-name CN=ciscoasa212
crl configure
crypto ca trustpoint ASDM_TrustPoint1
enrollment self
subject-name CN=ciscoasa212
proxy-ldc-issuer
crl configure
crypto ca trustpool policy
crypto ca certificate map DefaultCertificateMap 10
crypto ca certificate chain _SmartCallHome_ServerCA
certificate ca xx xxx
13165665 a4c4cb66
quit
crypto ca certificate chain ASDM_TrustPoint1
certificate 9a44e952
ea42f36b
quit
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable inet_outside client-services port 443
crypto ikev2 remote-access trustpoint ASDM_TrustPoint1
crypto ikev1 enable inet_outside
crypto ikev1 enable occ
crypto ikev1 policy 10
authentication crack
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 20
authentication rsa-sig
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 30
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 40
authentication crack
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 50
authentication rsa-sig
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 60
authentication pre-share
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 70
authentication crack
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 80
authentication rsa-sig
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 90
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 100
authentication crack
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 110
authentication rsa-sig
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 120
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 130
authentication crack
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 140
authentication rsa-sig
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 150
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh stricthostkeycheck
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
!
tls-proxy maximum-session 1000
!
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
ssl encryption 3des-sha1 rc4-sha1 aes128-sha1 aes256-sha1 rc4-md5
ssl trust-point ASDM_TrustPoint1 inet_outside
webvpn
enable inet_outside
anyconnect image disk0:/anyconnect-win-2.5.2014-k9.pkg 1
anyconnect image disk0:/anyconnect-linux-2.5.2014-k9.pkg 2
anyconnect image disk0:/anyconnect-macosx-i386-2.5.2014-k9.pkg 3
anyconnect profiles AnyVPN_client_profile disk0:/AnyVPN_client_profile.xml
anyconnect enable
tunnel-group-list enable
group-policy DfltGrpPolicy attributes
dns-server value xx.xx.247.23 xx.xxx.247.24
vpn-tunnel-protocol ikev1 ikev2 ssl-client ssl-clientless
default-domain value ohare.com
group-policy DfltVPNPolicy internal
group-policy DfltVPNPolicy attributes
vpn-tunnel-protocol ssl-clientless
webvpn
url-list value SDIPedia
anyconnect ask none default webvpn
customization value DfltCustomization
group-policy GroupPolicy_AnyVPN internal
group-policy GroupPolicy_AnyVPN attributes
banner value Welcome to SDi
wins-server none
dns-server value xx.xxx.247.23 xx.xxx.247.24
vpn-tunnel-protocol ikev2 ssl-client ssl-clientless
default-domain value ohare.com
address-pools value sdi_pool
webvpn
anyconnect profiles value AnyVPN_client_profile type user
anyconnect ask none default webvpn
group-policy GroupPolicy_profile_name internal
group-policy GroupPolicy_profile_name attributes
wins-server none
dns-server value xx.xxx.247.23 xx.xxx.247.24
vpn-tunnel-protocol ssl-client
default-domain value ohare.com
webvpn
customization value DfltCustomization
username xxxmarco password xxxxxx encrypted privilege 15
username xxxmarco attributes
vpn-group-policy DfltGrpPolicy
webvpn
url-entry enable
url-list value SDIPedia
smart-tunnel tunnel-policy tunnelall
username xxxlis password xxxxx encrypted
username xxxlis attributes
vpn-group-policy DfltGrpPolicy
service-type remote-access
webvpn
url-list value xxxPedia
tunnel-group DefaultL2LGroup general-attributes
default-group-policy DfltVPNPolicy
tunnel-group DefaultRAGroup ipsec-attributes
ikev1 pre-shared-key xxxxxxxxxx
tunnel-group DefaultWEBVPNGroup general-attributes
authentication-server-group (occ) LOCAL
authorization-server-group (occ) LOCAL
username-from-certificate use-entire-name
tunnel-group DefaultWEBVPNGroup ipsec-attributes
ikev1 pre-shared-key xxxxxxxx
tunnel-group AnyVPN type remote-access
tunnel-group AnyVPN general-attributes
address-pool sdi_pool
default-group-policy GroupPolicy_AnyVPN
tunnel-group AnyVPN webvpn-attributes
group-alias AnyVPN enable
tunnel-group-map enable rules
tunnel-group-map default-group DefaultWEBVPNGroup
tunnel-group-map DefaultCertificateMap 10 DefaultWEBVPNGroup
!
!
prompt hostname context
auto-update device-id ipaddress inet_outside
service call-home
call-home reporting anonymous
call-home
contact-email-addr xxxxxxx@gmail.com
profile CiscoTAC-1
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:xxxxx

mvsheik123 · ‎04-15-2014

I believe your exit point to internet is 'inet-outside'. In that case you need to have a default route point to Next hop (Gateway to ASA).

route intet_outside 0.0.0.0 0.0.0.0 <nexthop IP> 1

Also, you may want to add additional 'nat' statements based on your requirement for the internal hosts to goto internet.

nat (management,inet_outside) dynamic interface
nat (city,inet_outside) dynamic interface

Or You may also try --- nat (any, inet_outside) dynamic interface.

hth

MS

jaszam0623 · ‎04-16-2014

I followed your instruction and still no luck.

mvsheik123 · ‎04-17-2014

Hi,

Hope you fixed the issue by this time. If not, make sure you are able to ping your service provider gateway from ASA. If it is successful, then it is related to ASA config. Let me know it goes and pls post updated relative configuration.

Thx

MS

jaszam0623 · ‎06-10-2014

I am a Cisco noob - CISCO ASA 5585 / ASDM 7.1I have a simple network - need to have the inside network access the outside(internet) I cannot seem to accomplish that. I have gotten the VPN portal working and that's it I entered all the ip for the clients but cannot get to the internet from any of them.

Result of the command: "sho ru"

: Saved
:
ASA Version 9.1(5)
!
hostname Firewall01
domain-name XXXX.com
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
ip local pool sdi_pool 86.101.101.101-86.101.101.125 mask 255.0.0.0
!
interface GigabitEthernet0/0
description Outside - Internet connection
duplex full
nameif Outside-Inet
security-level 0
ip address 70.142.2XX.1XX 255.0.0.0
!
interface GigabitEthernet0/1
description Inside Network
nameif Inside_OCC
security-level 50
ip address 86.X.X.11 255.0.0.0
!
interface GigabitEthernet0/2
nameif DMZ
security-level 50
ip address 10.4.1.11 255.255.0.0
!
interface GigabitEthernet0/3
nameif City
security-level 50
ip address 192.168.46.108 255.255.255.0
!
interface GigabitEthernet0/4
nameif Leads
security-level 50
ip address 10.34.XXX.11 255.255.0.0
!
interface GigabitEthernet0/5
nameif Heartbeat
security-level 100
ip address 10.100.11.11 255.255.0.0
!
interface GigabitEthernet0/6
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/7
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
management-only
nameif Management
security-level 100
ip address 172.3XX.2XX.2XX 255.255.0.0
!
interface Management0/1
shutdown
no nameif
no security-level
no ip address
!
interface TenGigabitEthernet0/8
shutdown
no nameif
no security-level
no ip address
!
interface TenGigabitEthernet0/9
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/0
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/1
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/2
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/3
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/4
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/5
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/6
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/7
shutdown
no nameif
no security-level
no ip address
!
interface TenGigabitEthernet1/8
shutdown
no nameif
no security-level
no ip address
!
interface TenGigabitEthernet1/9
shutdown
no nameif
no security-level
no ip address
!
boot system disk0:/asa915-smp-k8.bin
ftp mode passive
clock timezone CST -6
clock summer-time CDT recurring
dns domain-lookup Outside-Inet
dns domain-lookup Inside_OCC
dns server-group DefaultDNS
name-server 70.142.XXX.23
name-server 70.142.XXX.24
domain-name XXX.com
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network neverfail
host 86.188.2XX.2XX
description Ask XXX
object network Stop_Forum_Spam
host 85.17.27.41
object network XXX_Mobility
subnet 10.215.128.0 255.255.255.0
description XXXMobility
object network XXX
subnet 85.0.0.0 255.0.0.0
description XXX
object network XXX_VPN_Host
subnet 64.0.0.0 255.0.0.0
description AAAE VPN Host
object network City_10_servers
subnet 10.1.0.0 255.255.0.0
description City 10 Servers
object network City_Side
subnet 192.168.0.0 255.255.0.0
description City Side
object network XXX_Network
subnet 10.32.0.0 255.255.0.0
description XXXNetwork
object network emanual
host 10.32.122.61
object network leads
host 10.32.122.31
description XXXserver
object network sosphoto
host 10.32.122.226
object network XXX
host 10.32.122.70
object network media-gateway-sys3-united
host 192.168.200.102
object network sdi-dmz
host 10.4.3.21
object network spr
host 10.4.3.21
object network appserver
host 10.4.3.31
object network fusionsvr
host 10.4.3.41
description IMCpedia server
object network sdipedia
host 10.4.3.31
object network imcpedia
host 10.3.4.41
object network veridt-1
host 216.XXX.XXX.29
description Verdit panel in Madison
object network veridt-2
host 216.XXX.XXX.30
description verdit panel in Madison
object network firew-virtual
host 70.142.XXX.XXX
description cluster address
object network firew1-inet-outside
host 70.142.XXX.XXX
description Outside Internet burb
object network firew2-inet
host 70.142.XXX.XXX
description F2 Outside internet
object network inet_primary_DNS_resolver
host 70.142.XXX.23
description Network object for outside-inet burb primary
object network inet_secondary_DNS_resolver
host 70.142.XXX.24
description Network object for outside-inet burb secondary
object network www.XXX.com
host 70.142.XXX.22
object network mail.XXX.com
host 70.142.247.25
description XXXX.com mail server
object network sdicmms
host 86.X.X.100
description iMaint server
object network sdi-cmms-lightsout
host 86.X.X.101
object network sdi-nick
host 86.X.X.127
description -name-
object network sdi-don
host 86.X.X.128
description -name-
object network cmms-1
host 86.X.X.151
description iMaint workstation SDI office
object network nas-box-1
host 86.X.X.23
description Buffalo TeraStation TS-RXL 494
object network nas-box-2
host 86.X.X.25
description Buffalo TerStation TS-RXL 494
object network -name-
host 86.X.X.223
description -name-
object network -name-
host 86.X.X.221
description -name-
object network -name-
host 86.X.X.222
description -name-
object network -name-
host 86.X.X.21
description -name-
object network -name-
host 86.X.X.38
object network -name-
host 86.X.X.33
object network -name-
host 86.X.X.34
description -name-
object network -name-
host 86.X.X.49
object network -name-
host 86.X.X.41
object network -name-
host 86.X.X.48
description -name-
object network -name-
host 86.X.X.57
description -name-
object network -name-
description -name-
object network -name-
host 86.X.X.56
description -name-
object network -name-
host 86.X.X.51
description -name-
despcription -name-
host 86.X.X.59
description -name-
object network -name-
host 86.X.X.29
description -name-
object network -name-
host 86.X.X.60
description -name-
object network -name-
host 86.X.X.61
description -name-
object network -name-
host 86.X.X.62
description -name-
object network -name-
host 86.X.X.63
description -name-
object network -name-
host 86.X.X.66
description -name-
object network -name-
host 86.X.X.65
description -name-
object network -name-
host 86.X.X.67
description -name-
object network -name-
host 86.X.X.68
description -name-
object network -name-
host 86.X.X.69
object network -name-
host 86.X.X.74
description -name-
object network -name-
host 86.X.X.75
description -name-
object network -name-
host 86.X.X.76
description -name-
object network tjc
host 86.X.X.70
description -name-
object network -name-
host 86.X.X.79
description -name-
object network -name-
host 86.X.X.78
description -name-
object network -name-
host 86.X.X.86
description -name-
object network -name-
host 86.X.X.81
description -name-
object network -name-
host 86.X.X.85
description -name-
object network -name-
host 86.X.X.62
description -name-
object network -name-
host 86.X.X.34
description -name-
object network -name-
host 86.X.X.47
object network -name-
host 86.X.X.66
description -name-
object network -name-
host 86.X.X.48
description -name-
object network -name-
host 86.X.X.1
description -name-
object network -name-
host 86.X.X.2
description -name-
object network -name-
host 86.X.X.3
description -name-
object network -name-
host 86.X.X.4
description -name-
object network mrt
host 86.X.X.100
description -name-
object network -name-
host 86.X.X.33
description -name-
object network -name-
host 86.X.X.48
description -name-
object network -name-
host 86.X.X.41
description -name-
object network -name-
host 86.X.X.21
description -name-
object network -name-
host 86.X.X.44
description -name-
object network s -name-
host 86.X.X.48
description -name-
object network -name-
host 86.X.X.48
description -name-
object network NETWORK_OBJ_86.101.101.96_27
subnet 86.101.101.96 255.255.255.224
object network ACS-Net
host 86.X.X.200
description ACS node server info
object network -name-
host 86.X.X.25
object network -name-
host 86.X.X.21
object network -name-
host 86.X.X.23
object network -name-
host 86.X.X.24
object network -name-
host 86.X.X.31
object network -name-
host 86.X.X.32
object network -name-
host 86.X.X.33
object network -name-
host 86.X.X.34
object network -name-
host 86.X.X.22
object network -name-
host 86.X.X.21
description -name-#1
object network dps2
host 86.X.X.22
description -name-#2
object network -name-
host 86.X.X.40
object network -name-
host 86.X.X.15
description -name- -name--name-1
object network -name-
host 86.X.X.16
description -name- -name- -name-2
object network -name-
host 86.X.X.17
description -name- -name-
object network -name-
host 86.X.X.42
object network -name-
host 86.X.X.41
object network -name-
host 86.X.X.50
description -name--name- -name-
object network -name-
host 86.X.X.61
description New -name-Test Server
object network -name-
host 86.X.X.69
description -name-
object network -name-
host 86.X.X.70
object network -name-
host 86.X.X.77
description -name-
object network -name-
host 86.X.X.80
description -name-
object network -name-
host 86.X.X.46
object network -name-- -name-
host 86.X.X.61
description -name-
object network -name-
host 86.X.X.51
object network -name-
host 86.X.X.52
object network -name-
host 86.X.X.53
object network -name-
host 86.X.X.54
object network -name-
host 86.X.X.55
object network -name-
host 86.X.X.56
object network -name-
host 86.X.X.66
description -name-
object network -name-
host 86.X.X.67
description -name-
object network -name-
host 86.X.X.40
object network -name-
host 86.X.X.42
description -name-
object network -name-
host 86.X.X.59
description -name-
object network -name-
host 86.X.X.21
description -name-
object network -name-
host 86.X.X.22
description -name-
object network -name-
host 86.X.X.45
object network -name-
host 86.X.X.42
description -name-
object network -name-
host 86.X.X.57
object network -name-
host 86.X.X.58
description -name-
-name-
host 86.X.X.21
description -name-2012
object network -name-
host 86.X.X.22
description Crossmatch 2012
object network -name-
host 86.X.X.23
description -name-
object network -name-
host 86.X.X.26
description -name-
object network -name-
host 86.X.X.39
description -name-
object network -name-
host 86.X.X.48
description -name-
object network -name-
host 86.X.X.42
description CTI -name-
object network CTI_ -name-
host 86.X.X.21
-name-
object network CTI_bdg-comply1
host 86.X.X.41
description CTI Martha C
object network -name-
host 86.X.X.65
description CTI Marie B - -name-
object network -name-
host 172.30.213.213
description -name-
object network -name-
host 192.168.1.10
description -name-
object network -name-
host 192.168.1.9
object network -name-
host 192.168.200.59
description -name-
object network -name-
host 192.168.200.79
description -name-
object network -name-
host 192.168.200.99
description -name-
object network -name-
host 192.168.200.20
description -name-
object network -name-
host 192.168.200.13
description -name-
object network -name-
host 192.168.200.14
description -name-
object network -name-
host 192.168.200.15
description -name-
object network -name-
host 192.168.46.104
description -name-
object network -name-
host 192.168.46.106
description IMC -name-
object network -name-
host 192.168.46.106
description -name-
object network -name-
host 192.168.46.4
description -name-
object network -name-
host 192.168.66.50
description -name--name-
object network -name-
host 192.168.66.13
description -name-
object network -name-
host 192.168.66.133
description -name-
object network -name-
host 192.168.51.221
object network -name-
host 85.X.X.34
object network -name-
host 85.X.X.162
description NEEDS REASSIGNMENT
object network -name-
host 85.X.X.158
object network -name-
host 85.X.X.27
description -name-
object network -name-
host 85.X.X.65
object network -name-
host 85.X.X.75
description NEEDS REASSIGNMENT
object network s -name-
host 85.X.X.23
description -name-
object network -name-
host 85.X.X.21
description mdw
object network -name-
host 85.X.X.71
description -name-
object network -name-
host 85.X.X.55
object network -name-
host 85.X.X.163
object network -name-
host 85.X.X.76
description new crossmatch
object network cadadmin
host 85.X.X.153
description -name-
object network caddisp1
host 85.X.X.141
description -name-
object network caddisp2
host 85.X.X.142
description -name-
object network caddisp3
host 85.X.X.143
description -name-
object network caddisp4
host 85.X.X.154
object network cadmanager
host 85.X.X.151
object network cadsuper
host 85.X.X.150
description -name-
object network mcccadacs
host 85.X.X.155
description spare -name-
object network -name-
host 85.X.X.187
object network m -name-
host 85.X.X.21
object network m -name-
host 85.X.X.31
object network -name-
host 85.X.X.21
description NEEDS REASSIGNMENT Dan B.
object network -name-
description -name-
object network -name-
host 85.X.X.76
description -name-
object network -name-
host 85.X.X.76
description Email printer MDW
object network -name-
host 85.X.X.36
description NEEDS REASSIGNMENT
object network -name-
host 85.X.X.27
description -name-
object network -name-
host 85.X.X.23
description Mike M -name-
object network sd -name-
host 85.X.X.24
description NEEDS REASSIGNMENT
object network s -name-
host 85.X.X.25
description NEEDS REASSIGNMENT
object network -name-
host 85.X.X.25
description NEEDS REASSIGNMENT clone config
object network -name-
host 85.X.X.69
description -name-
object network bdg-mdw-front
host 85.X.X.121
object network -name-
host 85.X.X.56
description -name-
object network m -name-
host 85.X.X.17
object network mdwdcsvr4
host 85.X.X.18
description -name-
object network m -name-
host 85.X.X.1
object network -name-
host 85.X.X.2
object network -name-
host 85.X.X.42
object network -name-
host 85.X.X.150
description Mike -name-
object network fusion
host 86.X.X.72
object network fusion1
host 86.X.X.71
description Nick M CAD Machine
object network fusion3
host 86.X.X.73
object network fusion4
host 86.X.X.74
object network fusion5
host 86.X.X.75
object network fusion6
host 86.X.X.76
object network mcc-10-153-master
host 86.X.X.44
description mcc room 10-153
object network mcc-master
host 86.X.X.43
description mcc computer room
object network occ-master
host 86.X.X.41
object network bdg-bio1
host 86.X.X.101
description driver testing - Apr 2014
object network -name-
host 86.X.X.102
description Compliance - -name-
object network -name-
host 86.X.X.11
object network -name-
host 86.X.X.104
description spare03 - Unknown
object network vm-bdgtest
host 86.X.X.10
description VMWare
object network bdg-bio5
host 86.X.X.105
description Badging
object network dvr-test-ops1
host 86.X.X.111
description driver test machine temp
object network -name-
host 86.X.X.114
description -name-
object network dvr-test-ops15
host 86.X.X.125
description driver test in trailers
object network -name-
host 86.X.X.188
description -name-
object network ECHELON
host 86.X.X.93
description -name-
object network -name-
host 86.X.X.92
description -name-
object network -name-
host 86.X.X.91
description -name-
object network -name-
host 86.X.X.63
description Compliance - old new Marie
object network drvtest10
host 86.X.X.60
description -name-
object network -name-
host 86.X.X.84
description -name-
object network -name-
host 86.X.X.24
description -name-
object network bdg-dir
host 86.X.X.23
description -name-
object network bdg-frntLeft
host 86.X.X.25
description -name-
object network bdg-frntRight
host 86.X.X.26
description -name-
object network bdg-vio2
host 86.X.X.22
description -name-
object network bdg-dvrtst
host 86.X.X.28
object network -name-
host 86.X.X.229
description -name-
object network -name-
host 86.X.X.29
description -name-
object network dvr-test-pit1
host 86.X.X.211
description burn pit
object network clone-mstr-cmply
host 86.X.X.252
description Compliance master for cloning
object network clone-mstr-dt
host 86.X.X.251
description Driver Test master for cloning
object network bdg-ccodes
host 86.X.X.37
description -name-
object network sdi-rollcall
host 86.X.X.102
description -name-
object network -name-
host 86.X.X.103
object network -name-
host 86.X.X.13
object network -name-
host 86.X.X.102
object network s -name-
host 86.X.X.11
object network -name-
host 86.X.X.31 -name-
-name-
host 86.97.108.119
description -name-
object network -name-
host 86.X.X.14
description Laptop
object network -name-
host 86.X.X.99
description -name-
object network tchathas-lt
host 86.X.X.98
description Company Laptop
object network -name-
host 86.X.X.11
object network -name--ilo2
host 86.X.X.12
object network -name--ilo3
host 86.X.X.13
object network -name-
host 86.X.X.1
description acs 1
object network -name-
host 86.X.X.3
description acs 3
object network -name--Video
host 86.X.X.21
description -name-Vid Machine
object network sdi-01253
host 86.X.X.22
description -name-laptop
object network -name-
host 86.X.X.23
description -name-- Main
object network -name-
host 86.X.X.24
description -name-
object network -name--prowatch
host 86.X.X.70
description -name-laptop - virtual
object network -name-
host 86.X.X.71
description badging datacard test
object network areaS4
host 86.X.X.69
description -name-new laptop
object network -name--Jason
host 86.X.X.30
description TEMP
object network -name-
host 86.X.X.99
description -name-Laptop
object network -name-_ILO
host 86.X.X.161
description Lights out on ACS
object network -name-
host 86.X.X.40
description acsorac4a
object network ally-server
host 86.X.X.6
object service -name-_prox
service tcp destination range 3930 3931
object service ping
service icmp
object service -name-_client_tcp
service tcp destination eq 5005
description tcp
object service -name-_client_udp
service udp destination eq 5005
description udp
object service -name-_comm_daemon_tcp
service tcp destination range 8075 8076
description tcp
object service -name-_comm_daemon_udp
service udp destination range 8075 8076
object service -name-_discovery
service udp destination eq 50004
object service -name-_dont_know
service tcp destination eq 57069
object service -name-_ESM_server
service tcp destination range 1425 1427
object service -name-_ESM_server_2
service udp destination range 1425 1427
object service -name-_dont_know_2
service tcp destination eq 445
object service -name-_ftp_tcp
service tcp destination eq 990
description tcp
object service -name-_ftp_udp
service udp destination eq 14147
object network jas_win7
host 86.X.X.64
object-group network CTI
description CTI Employees
network-object object CTI_Krz1
network-object object CTI_Krz2
network-object object CTI_bdg-comply2
network-object object CTI_bdg-scan
network-object object CTI_bdg-comply1
network-object object comply-audit2
network-object object comply-audit3
network-object object comply-audit4
object-group service Internet_Services
service-object tcp destination eq ftp
service-object tcp destination eq www
service-object tcp destination eq https
service-object tcp destination eq pop3
service-object tcp destination eq smtp
service-object tcp destination eq telnet
service-object udp destination eq ntp
service-object ip
service-object icmp
object-group service DMZ_proxies
service-object object ping
service-object tcp-udp destination eq www
service-object tcp destination eq ftp
service-object tcp destination eq netbios-ssn
service-object udp destination eq netbios-dgm
object-group service Leads_proxies
service-object object Leads_prox
service-object tcp-udp destination eq www
service-object tcp destination eq https
object-group service Restricted_proxie
service-object tcp destination eq smtp
access-list Inside_OCC_access_out extended permit object-group Internet_Services any any
access-list Outside-Inet_access_in extended permit object-group Internet_Services any any
pager lines 24
logging asdm informational
mtu Outside-Inet 1500
mtu Management 1500
mtu Inside_OCC 1500
mtu Heartbeat 1500
mtu DMZ 1500
mtu City 1500
mtu Leads 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-716.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (Heartbeat,Outside-Inet) source static any any destination static NETWORK_OBJ_86.101.101.96_27 NETWORK_OBJ_86.101.101.96_27 no-proxy-arp route-lookup
access-group Outside-Inet_access_in in interface Outside-Inet
access-group Inside_OCC_access_out out interface Inside_OCC
route Outside-Inet 0.0.0.0 0.0.0.0 70.142.XXX.XXX.1
route City 10.1.0.0 255.255.0.0 192.168.46.254 1
route Leads 10.32.0.0 255.255.0.0 10.34.167.1 1
route City 10.215.128.0 255.255.255.0 192.168.46.254 1
route Outside-Inet 64.0.0.0 255.0.0.0 70.142.247.254 1
route Inside_OCC 85.0.0.0 255.0.0.0 86.X.X.1 1
route Outside-Inet 85.17.27.41 255.255.255.255 70.142.247.254 1
route Outside-Inet 86.188.250.211 255.255.255.255 70.142.247.254 1
route City 192.168.0.0 255.255.0.0 192.168.46.254 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
http server enable
http 172.30.0.0 255.255.0.0 Management
http redirect Management 80
http redirect Outside-Inet 80
http redirect Inside_OCC 80
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-192-SHA ESP-AES-256-SHA ESP-3DES-SHA ESP-DES-SHA ESP-AES-128-SHA-TRANS ESP-AES-192-SHA-TRANS ESP-AES-256-SHA-TRANS ESP-3DES-SHA-TRANS ESP-DES-SHA-TRANS
crypto map Outside-Inet_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map Outside-Inet_map interface Outside-Inet
crypto ca trustpoint _SmartCallHome_ServerCA
crl configure
crypto ca trustpool policy
crypto ca certificate chain _SmartCallHome_ServerCA
certificate ca 6ecc7aa5a7032009b8cebcf4e952d491
quit
crypto ikev1 enable Outside-Inet
crypto ikev1 policy 10
authentication crack
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 20
authentication rsa-sig
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 30
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 40
authentication crack
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 50
authentication rsa-sig
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 60
authentication pre-share
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 70
authentication crack
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 80
authentication rsa-sig
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 90
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 100
authentication crack
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 110
authentication rsa-sig
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 120
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 130
authentication crack
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 140
authentication rsa-sig
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 150
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh stricthostkeycheck
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
vpn-sessiondb max-other-vpn-limit 5000
vpn-sessiondb max-anyconnect-premium-or-essentials-limit 2
!
tls-proxy maximum-session 1000
!
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
enable Outside-Inet
enable Inside_OCC
anyconnect image disk0:/anyconnect-win-2.5.2014-k9.pkg 1
anyconnect enable
tunnel-group-list enable
group-policy DefaultRAGroup internal
group-policy DefaultRAGroup attributes
dns-server value 70.142.247.23 70.142.247.24
vpn-tunnel-protocol ssl-client
default-domain value OHARE.com
group-policy DfltGrpPolicy attributes
webvpn
url-list value SDi_Bookmarks
group-policy GroupPolicy_anysdi internal
group-policy GroupPolicy_anysdi attributes
wins-server none
dns-server value 70.142.247.23 70.142.247.24
vpn-tunnel-protocol ssl-client ssl-clientless
default-domain value OHARE.com
username XXXpassword LiA7XLXkzis2vzf7 encrypted privilege 15
username XXXattributes
vpn-group-policy DfltGrpPolicy
username XXXpassword SlPtNjsxS9tKOMGg encrypted privilege 15
username XXXattributes
service-type remote-access
tunnel-group DefaultRAGroup general-attributes
address-pool sdi_pool
default-group-policy DefaultRAGroup
tunnel-group DefaultRAGroup ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group DefaultRAGroup ppp-attributes
authentication pap
authentication ms-chap-v2
authentication eap-proxy
tunnel-group Remotein type remote-access
tunnel-group anysdi type remote-access
tunnel-group anysdi general-attributes
address-pool sdi_pool
default-group-policy GroupPolicy_anysdi
tunnel-group anysdi webvpn-attributes
group-alias anysdi enable
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
!
service-policy global_policy global
prompt hostname context
auto-update device-id hardware-serial
call-home reporting anonymous
Cryptochecksum:2999bd618aa000b91dbae5d699e59bea
: end

ASA 5585 V9.1 I cannot get internet access nor vpn access from the outside