Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1839
Views
0
Helpful
3
Replies

CISCO ASA 5510 Issue

Go to solution
Hassan Ali Hassan Ali Gazal
Level 1
Level 1

‎03-17-2015 11:20 AM - edited ‎03-11-2019 10:38 PM

Dear All,

 

I have a strange issue, i have two sites both of them connected through IPSEC on two router (IPSEC is configures on routers not ASA) in the first site "SITE-1" i have segment ( 192.168.1.0/24 and 192.168.10.0/24)  for second site (SITE-2) i have segment ( 172.16.10.0/24 and 172.16.20.0/24), for more details:

1. segment 172.16.10.0/24 it's Gateway is Core Switch (172.16.10.1)

2. segment 172.16.20.0/24 it's Gateway is Core Switch (172.16.20.1)

3. segment 192.168.1.0/24 it's Gateway is Core Switch (192.168.1.1)

4. segment 192.168.10.0/24 it's Gateway is Firewall (192.168.10.254)

 

Now segment (172.16.10.x) can reach segments (192.168.x.x) and segment (172.16.20.x) can reach only segment 192.168.1.x and can't reach 192.168.10.x.  please help in this issue, check the attached diagram below

 

http://postimg.org/image/4z3nq8ykd/

 

Thanks

Labels:
Preview file
102 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marius Gunnerud
VIP
VIP

‎03-17-2015 12:53 PM

Normally the issue lies either in the crypto ACLs not being configured correctly or the NAT exempt / identity NAT is misconfigured.  Another posibility is that you might have a routing issue on the one router or perhaps even a routing issue on the ASA.

Would you be able to post the running config for router and ASAs at both sites (remove public IPs and passwords)?

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Marius Gunnerud
VIP
VIP

‎03-17-2015 12:53 PM

Normally the issue lies either in the crypto ACLs not being configured correctly or the NAT exempt / identity NAT is misconfigured.  Another posibility is that you might have a routing issue on the one router or perhaps even a routing issue on the ASA.

Would you be able to post the running config for router and ASAs at both sites (remove public IPs and passwords)?

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Go to solution
Hassan Ali Hassan Ali Gazal
Level 1
Level 1
In response to Marius Gunnerud

‎03-18-2015 03:02 AM

ACL in Site-1:

access-list 141 permit ip 172.16.10.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 141 permit ip 172.16.10.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 141 permit ip 172.16.20.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 141 permit ip 172.16.20.0 0.0.0.255 192.168.10.0 0.0.0.255
 

ASA Site-1:

:
ASA Version 8.2(1)
!

interface Ethernet0/0
 nameif outside-link
 security-level 0
 ip address x.x.x.x x.x.x.x
!
interface Ethernet0/1
 nameif inside
 security-level 100
 ip address 172.16.30.249 255.255.255.0
!
interface Ethernet0/2
 nameif wireless
 security-level 98
 ip address 172.16.40.1 255.255.255.0
!
interface Management0/0
 shutdown
 no nameif
 security-level 0
 no ip address
 management-only
!
regex applicationheader "application/.*"
regex contenttype "content-type"
!
time-range ah
!
ftp mode passive
clock timezone EEST 2
clock summer-time EEDT recurring last Fri Apr 0:00 last Fri Sep 0:00
dns domain-lookup outside-link
dns domain-lookup inside
dns domain-lookup wireless
dns domain-lookup outside-wimax
dns server-group DefaultDNS
 object-group service 1
 service-object ip
 service-object icmp
 service-object pim
 service-object pcp
 service-object snp
 service-object udp
 service-object igmp
 service-object ipinip
 service-object gre
 service-object esp
 service-object ah
 service-object icmp6
 service-object tcp
 service-object eigrp
 service-object ospf
 service-object igrp
 service-object nos
 service-object icmp alternate-address
 service-object icmp conversion-error
 service-object icmp echo
 service-object icmp echo-reply
 service-object icmp information-reply
 service-object icmp information-request
 service-object icmp mask-reply
 service-object icmp mask-request
 service-object icmp mobile-redirect
 service-object icmp parameter-problem
 service-object icmp redirect
 service-object icmp router-advertisement
 service-object icmp router-solicitation
 service-object icmp source-quench
 service-object icmp time-exceeded
 service-object icmp timestamp-reply
 service-object icmp timestamp-request
 service-object icmp traceroute
 service-object icmp unreachable
 service-object icmp6 echo
 service-object icmp6 echo-reply
 service-object icmp6 membership-query
 service-object icmp6 membership-reduction
 service-object icmp6 membership-report
 service-object icmp6 neighbor-advertisement
 service-object icmp6 neighbor-redirect
 service-object icmp6 neighbor-solicitation
 service-object icmp6 packet-too-big
 service-object icmp6 parameter-problem
 service-object icmp6 router-advertisement
 service-object icmp6 router-renumbering
 service-object icmp6 router-solicitation
 service-object icmp6 time-exceeded
 service-object icmp6 unreachable
 service-object tcp-udp eq cifs
 service-object tcp-udp eq discard
 service-object tcp-udp eq domain
 service-object tcp-udp eq echo
 service-object tcp-udp eq www
 service-object tcp-udp eq kerberos
 service-object tcp-udp eq nfs
 service-object tcp-udp eq pim-auto-rp
 service-object tcp-udp eq sip
 service-object tcp-udp eq sunrpc
 service-object tcp-udp eq tacacs
 service-object tcp-udp eq talk
 service-object tcp eq aol
 service-object tcp eq bgp
 service-object tcp eq chargen
 service-object tcp eq cifs
 service-object tcp eq citrix-ica
 service-object tcp eq ctiqbe
 service-object tcp eq daytime
 service-object tcp eq discard
 service-object tcp eq domain
 service-object tcp eq echo
 service-object tcp eq exec
 service-object tcp eq finger
 service-object tcp eq ftp
 service-object tcp eq ftp-data
 service-object tcp eq gopher
 service-object tcp eq h323
 service-object tcp eq hostname
 service-object tcp eq www
 service-object tcp eq https
 service-object tcp eq ident
 service-object tcp eq imap4
 service-object tcp eq irc
 service-object tcp eq kerberos
 service-object tcp eq klogin
 service-object tcp eq kshell
 service-object tcp eq ldap
 service-object tcp eq ldaps
 service-object tcp eq login
 service-object tcp eq lotusnotes
 service-object tcp eq lpd
 service-object tcp eq netbios-ssn
 service-object tcp eq nfs
 service-object tcp eq nntp
 service-object tcp eq pcanywhere-data
 service-object tcp eq pim-auto-rp
 service-object tcp eq pop2
 service-object tcp eq pop3
 service-object tcp eq pptp
 service-object tcp eq rsh
 service-object tcp eq rtsp
 service-object tcp eq sip
 service-object tcp eq smtp
 service-object tcp eq sqlnet
 service-object tcp eq ssh
 service-object tcp eq sunrpc
 service-object tcp eq tacacs
 service-object tcp eq talk
 service-object tcp eq telnet
 service-object tcp eq uucp
 service-object tcp eq whois
 service-object udp eq biff
 service-object udp eq bootpc
 service-object udp eq bootps
 service-object udp eq cifs
 service-object udp eq discard
 service-object udp eq dnsix
 service-object udp eq domain
 service-object udp eq echo
 service-object udp eq www
 service-object udp eq isakmp
 service-object udp eq kerberos
 service-object udp eq mobile-ip
 service-object udp eq nameserver
 service-object udp eq netbios-dgm
 service-object udp eq netbios-ns
 service-object udp eq nfs
 service-object udp eq ntp
 service-object udp eq pcanywhere-status
 service-object udp eq pim-auto-rp
 service-object udp eq radius
 service-object udp eq radius-acct
 service-object udp eq rip
 service-object udp eq secureid-udp
 service-object udp eq sip
 service-object udp eq snmp
 service-object udp eq snmptrap
 service-object udp eq sunrpc
 service-object udp eq syslog
 service-object udp eq tacacs
 service-object udp eq talk
 service-object udp eq tftp
 service-object udp eq time
 service-object udp eq who
 service-object udp eq xdmcp
object-group protocol TCPUDP
 protocol-object udp
 protocol-object tcp
object-group service newport
 description Micros
 service-object tcp eq 4444
object-group service Allow-ports tcp
 port-object eq www
 port-object eq https
 port-object eq pop3
 port-object eq smtp
 port-object eq ssh
 port-object eq telnet
object-group service deny-port
 service-object tcp eq www
object-group network facebook
 network-object 31.13.0.0 255.255.0.0
object-group service block tcp
 port-object eq www
 port-object eq https
object-group service RDP tcp-udp
 port-object eq 3389
object-group service 7003 tcp-udp
 port-object eq 7003
object-group service http tcp
 description http
 port-object eq 8080
object-group service Youxel
 description Youxel
 service-object tcp eq 5555
 service-object tcp eq 5556
 service-object tcp eq 5560
access-list inside_access_in extended permit ip 172.16.20.0 255.255.255.0 local-network 255.255.255.0
access-list inside_access_in extended permit ip any 172.16.20.0 255.255.255.0
access-list inside_access_in extended permit ip local-network 255.255.255.0 local-network 255.255.255.0
access-list inside_access_in extended permit ip any local-network 255.255.255.0
access-list inside_access_in extended permit ip host 172.16.10.44 any
access-list inside_access_in extended permit ip host 172.16.10.14 any
access-list inside_access_in extended permit ip host 172.16.10.11 any
access-list inside_access_in extended permit ip host 172.16.10.17 any
access-list inside_access_in extended permit ip host 172.16.10.23 any
access-list inside_access_in extended permit ip host 172.16.10.22 any
access-list inside_access_in extended permit ip host 172.16.10.18 any
access-list inside_access_in extended permit ip host 172.16.10.13 any
access-list inside_access_in extended permit ip host 172.16.10.27 any
access-list inside_access_in extended permit ip Kwt-network-1 255.255.255.0 any
access-list inside_access_in extended permit ip host 172.16.10.25 any
access-list inside_access_in extended permit ip host 172.16.10.19 any
access-list inside_access_in remark Mohamed Hussein
access-list inside_access_in extended permit ip host 172.16.50.50 any
access-list inside_access_in remark Mahmoud Nahhas
access-list inside_access_in extended permit ip host 172.16.50.55 any
access-list inside_access_in extended permit ip host 172.16.10.48 any
access-list inside_access_in extended deny ip host 172.16.50.69 any
access-list inside_access_in extended permit ip host 172.16.10.100 any
access-list inside_access_in extended permit ip host 172.16.10.12 any
access-list inside_access_in extended permit ip host 172.16.50.150 any
access-list inside_access_in extended permit ip local-network 255.255.255.0 any
access-list inside_access_in extended permit ip user_network 255.255.255.0 any
access-list inside_access_in remark Wael Baioumy
access-list inside_access_in extended permit ip host 172.16.50.64 any
access-list inside_access_in extended permit ip host 172.16.50.68 any
access-list inside_access_in remark Mohamed Abdo
access-list inside_access_in extended permit ip host 172.16.50.53 any
access-list inside_access_in extended permit ip host 172.16.10.30 any
access-list inside_access_in extended permit ip host 172.16.50.57 any
access-list inside_access_in extended permit ip host 172.16.50.51 any
access-list inside_access_in remark Osama Salah
access-list inside_access_in extended permit ip host 172.16.50.58 any
access-list inside_access_in remark Wael Sayeh
access-list inside_access_in extended permit ip host 172.16.50.54 any
access-list inside_access_in remark Mahmoud Hekal
access-list inside_access_in extended permit ip host 172.16.50.60 any
access-list inside_access_in remark Amir
access-list inside_access_in extended permit ip host 172.16.50.63 any
access-list inside_access_in extended permit ip host 172.16.10.24 any
access-list inside_access_in remark call manager EGY
access-list inside_access_in extended permit ip host 172.16.10.51 any
access-list inside_access_in extended deny ip host M.hussein any
access-list inside_access_in extended permit ip host M.Nahhas any
access-list inside_access_in extended permit ip host Wbaioumy any
access-list inside_access_in extended permit ip host 172.16.10.141 any
access-list inside_access_in extended permit ip host Azaki any
access-list inside_access_in extended permit ip host Hdesklaptop any
access-list inside_access_in extended permit ip host admin-assistant any
access-list inside_access_in extended permit ip host 172.16.10.146 any
access-list inside_access_in extended permit ip host AhmedRabie any
access-list inside_access_in extended permit ip host AhmedShokair any
access-list inside_access_in extended permit ip host 172.16.10.150 any
access-list inside_access_in extended permit ip host GamalAbdElHamid any
access-list inside_access_in extended permit ip host Mhekal any
access-list inside_access_in extended permit ip host Wsayeh any
access-list inside_access_in extended permit ip host Aelsharawy any
access-list inside_access_in extended permit ip host free any
access-list inside_access_in extended permit ip host HDesk02 any
access-list inside_access_in extended permit ip host Mzein any
access-list inside_access_in extended permit ip host Mahmoud-Saeed any
access-list inside_access_in extended permit ip host Screen1-lapdell any
access-list inside_access_in extended permit ip host 172.16.10.160 any
access-list inside_access_in extended permit ip host 172.16.10.161 any
access-list inside_access_in extended permit ip host Screen2-lapHP any
access-list inside_access_in extended permit ip host 172.16.10.163 any
access-list inside_access_in extended permit ip host 172.16.10.164 any
access-list inside_access_in extended permit ip host Helpdesk-Laptop any
access-list inside_access_in extended permit ip host 172.16.10.166 any
access-list inside_access_in extended permit ip host 172.16.10.167 any
access-list inside_access_in extended permit ip host HDesk01 any
access-list inside_access_in extended permit ip host 172.16.10.169 any
access-list inside_access_in extended permit ip host 172.16.10.170 any
access-list inside_access_in extended permit ip host 172.16.10.173 any
access-list inside_access_in extended permit ip host 172.16.10.31 any
access-list inside_access_in extended permit ip 172.18.10.0 255.255.255.240 any
access-list inside_access_in extended permit ip host Ibrahim--hp any
access-list inside_access_in extended permit ip host 172.16.10.70 any
access-list inside_access_in extended permit ip host 172.16.20.165 any
access-list inside_access_in extended permit ip 172.16.0.0 255.255.0.0 any
access-list inside_access_in extended permit ip 80.80.80.0 255.255.255.0 any
access-list inside_access_in extended permit ip host 172.16.150.0 any

access-list inside_nat0_outbound extended permit ip any 172.16.10.192 255.255.255.224
access-list inside_nat0_outbound extended permit ip 172.18.10.0 255.255.255.240 any
access-list inside_nat0_outbound extended permit ip any 172.18.10.0 255.255.255.240
access-list inside_nat0_outbound extended permit ip any 172.19.10.0 255.255.255.224
access-list inside_nat0_outbound extended permit ip local-network 255.255.255.0 192.0.0.0 255.0.0.0
access-list inside_nat0_outbound extended permit ip 172.16.0.0 255.255.0.0 host 13.13.13.13
access-list inside_nat0_outbound extended permit ip local-network 255.255.255.0 172.16.99.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip local-network 255.255.255.0 172.16.107.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip local-network 255.255.255.0 172.16.104.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip local-network 255.255.255.0 172.16.125.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 172.16.0.0 255.255.0.0 10.0.0.0 255.0.0.0
access-list inside_nat0_outbound extended permit ip 172.16.0.0 255.255.0.0 host 14.14.14.14
access-list inside_nat0_outbound extended permit ip 172.16.20.0 255.255.255.0 Kwt-network-10 255.255.255.0
access-list inside_nat0_outbound extended permit ip 172.16.20.0 255.255.255.0 100.100.100.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip local-network 255.255.255.0 100.100.100.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 172.16.0.0 255.255.0.0 Kwt-network-1 255.255.255.0
pager lines 24
logging enable
logging timestamp
logging standby
logging trap critical
logging asdm informational
logging facility 19
logging host inside 172.16.10.13
no logging message 106015
no logging message 313001
no logging message 313008
no logging message 106023
no logging message 710003
no logging message 106100
no logging message 302015
no logging message 302014
no logging message 302013
no logging message 302018
no logging message 302017
no logging message 302016
no logging message 302021
no logging message 302020
flow-export destination inside 172.16.50.51 9996
mtu outside-link 1500
mtu inside 1500
mtu wireless 1500
mtu outside-wimax 1500
ip local pool vpnpool 172.18.10.0-172.18.10.15 mask 255.255.255.240
ip local pool VPNpoolWimax 172.19.10.0-172.19.10.25 mask 255.255.255.0
ip verify reverse-path interface outside-link
ip verify reverse-path interface inside
ip verify reverse-path interface wireless
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-621.bin
no asdm history enable
arp timeout 14400
global (outside-link) 1 x.x.x.x netmask 255.0.0.0
global (outside-link) 30 x.x.x.x netmask 255.0.0.0
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 local-network 255.255.255.0
nat (inside) 1 172.16.20.0 255.255.255.0
nat (inside) 1 172.16.30.0 255.255.255.0
nat (wireless) 1 Wireless-Network 255.255.255.0
access-group Outside_access_in in interface outside-link
access-group inside_access_in in interface inside
access-group inside_wireless_in in interface wireless
access-group outside-wimax_access_in in interface outside-wimax
route outside-link 0.0.0.0 0.0.0.0 x.x.x.x 1
route outside-link 10.0.0.0 255.0.0.0 x.x.x.x 1
route outside-link 13.13.13.13 255.255.255.255 x.x.x.x 1
route outside-link 100.100.100.0 255.255.255.0 x.x.x.x 1
route inside local-network 255.255.255.0 172.16.30.1 1
route inside 172.16.20.0 255.255.255.0 172.16.30.1 1
route outside-link 172.16.99.0 255.255.255.0 x.x.x.x 1
route outside-link 172.16.104.0 255.255.255.0 x.x.x.x 1
route outside-link 172.16.107.0 255.255.255.0 x.x.x.x 1
route outside-link 172.16.125.0 255.255.255.0 x.x.x.x 1
route inside 172.16.150.0 255.255.255.0 172.16.30.1 1
route outside-link 192.0.0.0 255.0.0.0 x.x.x.x 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
aaa authentication enable console LOCAL
aaa authorization command LOCAL
aaa local authentication attempts max-fail 5
http server enable
http 172.16.10.100 255.255.255.255 inside
http 172.16.10.123 255.255.255.255 inside
http 172.16.10.121 255.255.255.255 inside
http 172.16.50.50 255.255.255.255 inside
http 172.16.50.51 255.255.255.255 inside
http 172.16.10.40 255.255.255.255 inside
http 172.16.10.33 255.255.255.255 inside
http 0.0.0.0 0.0.0.0 inside
http 172.16.50.72 255.255.255.255 inside
http 192.168.1.215 255.255.255.255 inside
http 172.16.10.13 255.255.255.255 inside
http Ibrahim--hp 255.255.255.255 inside
http 192.168.1.142 255.255.255.255 inside
http 172.16.30.0 255.255.255.0 inside
snmp-server host inside 172.16.10.31 community ##UpsMon##
snmp-server host inside 172.16.50.51 community ##UpsMon##
snmp-server host inside 172.16.10.33 community ##UpsMon#
no snmp-server location
no snmp-server contact
snmp-server community *****
snmp-server enable traps snmp authentication linkup linkdown coldstart
sla monitor 123
 type echo protocol ipIcmpEcho 8.8.8.8 interface outside-wimax
sla monitor schedule 123 life forever start-time now
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-aes esp-sha-hmac
crypto ipsec transform-set UPS-ShayaEgypt esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside-link
crypto map wireless_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map wireless_map interface wireless
crypto map ISA_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside-wimax_map 1 match address outside-wimax_1_cryptomap
crypto map outside-wimax_map 1 set pfs
crypto map outside-wimax_map 1 set peer 168.187.162.17
crypto map outside-wimax_map 1 set transform-set ESP-AES-128-SHA
crypto map outside-wimax_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside-wimax_map interface outside-wimax
crypto ca trustpoint ASDM_TrustPoint1
 enrollment self
 subject-name CN=41.178.0.139
 crl configure
crypto ca server
 shutdown
crypto ca certificate chain ASDM_TrustPoint1
 certificate 54cb9954
    308201f5 3082015e a0030201 02020454 cb995430 0d06092a 864886f7 0d010104
    0500303f 31153013 06035504 03130c34 312e3137 382e302e 31333931 26302406
    092a8648 86f70d01 09021617 55505345 47595054 2d415341 2e757073 6b77742e
    636f6d30 1e170d31 34313232 33323030 3634345a 170d3234 31323230 32303036
    34345a30 3f311530 13060355 0403130c 34312e31 37382e30 2e313339 31263024
    06092a86 4886f70d 01090216 17555053 45475950 542d4153 412e7570 736b7774
    2e636f6d 30819f30 0d06092a 864886f7 0d010101 05000381 8d003081 89028181
    00b77fcb b99f8d4e d0ac815e b6a02679 f79b2801 a211ed7a 530e5d9f f8ee1b0f
    9d977a9e 1e305e33 3cb61cf0 720af25f de2d601c 2438cdfc 113700c2 ac5152b3
    1e31eee3 0ff27301 6cd2b081 8d232ccc 23bb5a5f 28466737 6d6545bc 22e4c767
    a1d17284 389261df d1261920 630532fd 5bfd14b5 a4399ba8 9af484d5 34310c27
    55020301 0001300d 06092a86 4886f70d 01010405 00038181 00b11dac 788df047
    efe0cfe5 30be4baa 9345976d 05551d13 ba7373fd 2a58378d 542c59ef a22e9c4f
    3d13ee1f 9e1b42f2 069200bf 878f2e51 01c36465 2fe59b1c a45c10bd df270583
    2cac6f22 3a07be71 c6be88cc 0b31414f c3cc2008 7bd22384 1c77dcde e87d88b1
    b138fd24 ed2a8c5e be8d81c2 e31e4fd6 5128551d bbc21665 a6
  quit
crypto isakmp enable outside-link
crypto isakmp enable wireless
crypto isakmp enable outside-wimax
crypto isakmp policy 10
 authentication pre-share
 encryption aes
 hash sha
 group 2
 lifetime 86400
crypto isakmp disconnect-notify
!
track 1 rtr 123 reachability
telnet timeout 5
ssh 172.16.10.100 255.255.255.255 inside
ssh 172.16.10.123 255.255.255.255 inside
ssh 172.16.10.121 255.255.255.255 inside
ssh 172.16.50.50 255.255.255.255 inside
ssh 172.16.50.51 255.255.255.255 inside
ssh 172.16.10.40 255.255.255.255 inside
ssh 172.16.10.33 255.255.255.255 inside
ssh 172.16.50.72 255.255.255.255 inside
ssh 0.0.0.0 0.0.0.0 inside
ssh 192.168.1.215 255.255.255.255 inside
ssh 172.16.10.13 255.255.255.255 inside
ssh timeout 5
ssh version 2
console timeout 10
management-access inside
priority-queue inside
threat-detection basic-threat
threat-detection statistics
threat-detection statistics tcp-intercept rate-interval 40 burst-rate 400 average-rate 200
webvpn
group-policy test-47 internal
group-policy test-47 attributes
 dns-server value 172.16.10.48
 vpn-idle-timeout none
 vpn-session-timeout none
 vpn-tunnel-protocol IPSec svc
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value test-47
 default-domain value upskwt.com
 user-authentication-idle-timeout none
group-policy EGYWIMAX internal
group-policy EGYWIMAX attributes
 dns-server value 172.16.10.48
 vpn-tunnel-protocol IPSec webvpn
 split-tunnel-network-list value Split_tunnel_list
 default-domain value upskwt
group-policy DfltGrpPolicy attributes
 vpn-tunnel-protocol IPSec webvpn
 split-tunnel-policy excludespecified
group-policy EGYUPS internal
group-policy EGYUPS attributes
 dns-server value 172.16.10.48
 vpn-idle-timeout none
 vpn-session-timeout none
 vpn-tunnel-protocol IPSec svc webvpn
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value Split_tunnel_list
 default-domain value upskwt.com
 user-authentication-idle-timeout none
!
class-map global-class
 match access-list global_mpc
class-map type regex match-any DomainBlockList
class-map type inspect http match-all BlockDomainsClass
 match request header host regex class DomainBlockList
class-map inside-class
 match access-list inside_mpc
class-map type regex match-any URLBlockList
class-map type inspect http match-all asdm_medium_security_methods
 match not request method head
 match not request method post
 match not request method get
class-map inspection_default
 match default-inspection-traffic
class-map type inspect http match-any block-url-class
class-map qos
 description qos
class-map type inspect http match-all AppHeaderClass
 match request header regex contenttype regex applicationheader
class-map type inspect http match-all asdm_high_security_methods
 match not request method head
 match not request method get
class-map type inspect http match-all BlockURLsClass
 match request uri regex class URLBlockList
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map type inspect http block-url-policy
 parameters
  protocol-violation action drop-connection
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny  
  inspect sunrpc
  inspect xdmcp
  inspect sip  
  inspect netbios
  inspect tftp
  inspect icmp error
  inspect icmp
  inspect ipsec-pass-thru
  inspect http
 class global-class
  ips inline fail-open sensor vs0
policy-map inside-policy
 class inside-class
  police input 8000000 4000
  police output 8000000 4000
 class Ibrahim-QOS
  inspect http
!
service-policy global_policy global
service-policy inside-policy interface inside
service-policy wireless-policy interface wireless
prompt hostname context
Cryptochecksum:c6c1b79bdff175be247c3e99a99e4175

 

ACL-SITE 2:

access-list 120 permit ip 192.168.1.0 0.0.0.255 172.16.10.0 0.0.0.255
access-list 120 permit ip 192.168.10.0 0.0.0.255 172.16.10.0 0.0.0.255
access-list 120 permit ip 192.168.1.0 0.0.0.255 172.16.20.0 0.0.0.255
access-list 120 permit ip 192.168.10.0 0.0.0.255 172.16.20.0 0.0.0.255

 

ASA SITE-2:


ASA Version 8.0(4)
!

name 192.168.30.100 CWSNMS
name 192.168.40.0 wireless-network
name 192.168.1.70 Khaled
name 192.168.1.5 DomainController
name 192.168.1.8 ISA-Server
name 192.168.1.0 Local-Network
name 192.168.10.0 Power-Card-Network
name 192.168.1.225 SQL-Server
name 192.168.1.221 KasperSky
name 192.168.1.205 EmailSecurity
name 192.168.1.1 Core-Switch
name 192.168.1.237 Baracude-LoadBalancer
name 192.168.1.238 VIP-APPServers
name 192.168.1.239 VIP-CommServers
name 192.168.196.0 QNBVPN
name 172.16.10.0 Egypt-network
name 192.168.1.222 FraudDB
name 192.168.1.223 FraudAPP
name 192.168.1.144 Madam-Entisar
name 192.168.24.135 Reb-Server
name 192.168.40.156 Yasser-Laptop
name 192.168.1.217 UFS-Server2
name 192.168.1.219 Monitoring-Server2
name 192.168.40.89 Murtaza-Laptop
name 192.168.1.174 Murtaza-LAN
name 192.168.1.154 Shamsheer
name 192.168.1.9 Cyberroam
name 192.168.1.54 camera-machine
name 192.168.1.23 E-netpc
name 192.168.1.235 Pin-mgmt
name 192.168.40.93 Zakaria-Laptop
name 192.168.1.76 MAY
name 192.168.1.127 call-center
name 192.168.1.165 UFS-Server-New
name 192.168.1.226 ServerAX2009
name 192.168.1.27 khulud
name 192.168.1.22 freelan1
name 192.168.1.199 network-PC
name 192.168.1.188 HR-PC
name 192.168.1.74 HelpdeskEGY
name 192.168.1.94 YasmeenPC
name 192.168.1.41 Ahmed-Mandoob
name 192.168.1.216 kwufsweb-serve
name 192.168.1.168 Citrixsr-server
name 192.168.40.56 Moatasem-Lap
name 192.168.40.92 Alia-Baghli-lap-wifi
name 192.168.1.231 RSKWCOMM2-Server
name 192.168.1.20 Murtaza-Lap1
name 192.168.1.30 Yaseer-PC
name 192.168.1.228 RSKWAAP1-Server
name 192.168.1.229 RSKWAAP2-Server
name 192.168.1.230 RSKWCOMM1-Server
name 192.168.1.227 UPS-MENA-Server
name 192.168.1.21 Moatasem-PC
name 192.168.1.60 SMS_server
name 192.168.1.206 Testing-Machine-master
name 192.168.1.68 mnahhas-kydr2n6
name 192.168.1.214 kwufsweb2-shaya
name 192.168.40.96 EntisarSuwaidiIPhone
name 192.168.40.97 EntisarSuwaidiSamsung
name 192.168.40.57 Moatasem-Lap2
name 192.168.20.12 Yasmeen-20
name 192.168.20.17 Fahad-Mandoob-L20
name 192.168.20.20 Moatasem-L20
name 192.168.20.22 Yaseer-L20
name 192.168.20.14 IkbalWalid-L20
name 192.168.20.15 khulud-L20
name 192.168.20.21 Madam-Entisar-L20
name 192.168.20.19 MAY-L20
name 192.168.20.13 Shamsheer-L20
name 192.168.20.23 Alia-L20
name 192.168.20.18 Ahmed-Mandoob-L20
name 192.168.20.11 Zakaria-L20
name 192.168.40.111 Jaber
name 192.168.20.16 Jaber-L20
name 192.168.40.35 Zakaria-wifi
name 192.168.40.106 Alia-wifi
name 192.168.40.116 Murtaza-wifi
name 192.168.40.142 Hassanwifi
name 192.168.40.36 Zakaria-wifi2
name 62.150.4.8 Q.NET
name 10.0.11.0 Kwt-network-voice
name 10.0.10.0 Kwt-Call-center
name 172.16.150.0 EGY-network-voice
name 192.168.30.0 Switch-manage-Vlan
name 10.0.111.0 Kwt-Lan-voice
name 192.168.1.184 Sharawy
name 192.168.40.100 Sharawy-1
name 192.168.40.50 muneera-laptop
name 192.168.1.6 TEST-SERVER
name 192.168.1.253 IPS-MODULE description IPS Module ip address
name 64.39.96.0 IPS-OUTSIDE
name 192.168.40.16 Rabie-wifi-1
name 192.168.40.17 Rabie-wifi-2
name 60.60.60.2 ISA-EXT
name 192.168.1.200 testswitch
name 192.168.1.145 Madam-Entisar2
name 192.168.40.60 test3
name 192.168.1.100 user-it
name 192.168.20.0 User-network
name 192.168.1.33 yesser-gamil
name 192.168.40.20 guest1
name 192.168.40.21 guest2
name 192.168.20.24 Moatasem-l20-24
name 192.168.1.113 network-PC-2
name 192.168.40.22 guest3
name 192.168.1.146 Madam-Entisar-3
name 192.168.1.131 Barracuda-firwall
name 192.168.1.130 Web-services-for-barracuda
name 192.168.1.132 Barracuda-mange
name 172.16.20.0 EGY-Network-user
name 192.168.20.50 muneera-L20
name 192.168.40.25 AlaaCall-center
name 192.168.40.24 BanderCall-center
name 192.168.40.23 M.alqutanCall-Center
name 192.168.40.26 M.salahCall-center
name 192.168.50.0 IT-VLAN
name 192.168.50.25 Imran
name 192.168.1.142 Hassan
name 192.168.1.102 callcenterpc
name 192.168.1.14 Rabie
name 192.168.20.31 Christine-Pinto-L20
!
interface Ethernet0/0
 nameif Outside
 security-level 0
 ip address x.x.x.x
!
interface Ethernet0/1
 nameif inside
 security-level 97
 ip address 192.168.1.254 255.255.255.0 standby 192.168.1.243
!
interface Ethernet0/2
 nameif Wireless
 security-level 100
 ip address 192.168.40.1 255.255.255.0
!
interface Ethernet0/3
 nameif Power_Card
 security-level 100
 ip address 192.168.10.254 255.255.255.0 standby 192.168.10.243
!
interface Management0/0
 description LAN Failover Interface
!
ftp mode passive
clock timezone KUWAIT 3
object-group network PowerCardAccess
 network-object host Murtaza-Lap1
 network-object host E-netpc
 network-object host khulud
 network-object host 192.168.1.28
 network-object host Yaseer-PC
 network-object host 192.168.1.37
 network-object host Ahmed-Mandoob
 network-object host 192.168.1.43
 network-object host 192.168.1.49
 network-object host 192.168.1.53
 network-object host 192.168.1.55
 network-object host Khaled
object-group protocol TCPUDP
 protocol-object udp
 protocol-object tcp
object-group service se-pop3 tcp
 port-object eq 995
object-group service Wireless
 service-object tcp eq https
 service-object tcp eq ldap
 service-object tcp eq netbios-ssn
 service-object udp eq domain
 service-object udp eq netbios-dgm
 service-object udp eq netbios-ns
 service-object tcp eq 445
 service-object tcp eq 587
 service-object tcp eq 993
 service-object tcp eq 465
 service-object tcp eq smtp
object-group service Wireless-tcp tcp
 port-object eq www
 port-object eq https
object-group service Wireless-udp udp
 port-object eq 445
 port-object eq domain
 port-object eq netbios-dgm
 port-object eq netbios-ns
object-group network Wireless-Group
 network-object host Alia-wifi
 network-object host Murtaza-wifi
 network-object host Hassanwifi
 network-object host Yasser-Laptop
 network-object host Rabie-wifi-1
 network-object host Zakaria-wifi
 network-object host muneera-laptop
 network-object host Moatasem-Lap2
 network-object host Alia-Baghli-lap-wifi
 network-object host EntisarSuwaidiIPhone
 network-object host EntisarSuwaidiSamsung
 network-object host Moatasem-Lap
 network-object host guest1
 network-object host guest2
 network-object host guest3
 network-object host M.alqutanCall-Center
 network-object host BanderCall-center
 network-object host AlaaCall-center
 network-object host M.salahCall-center
access-list Wireless_nat0_outbound extended permit ip wireless-network 255.255.255.0 host DomainController
access-list inside_access_in extended permit ip Kwt-Call-center 255.255.255.0 any
access-list inside_access_in extended permit ip host 192.168.1.38 any
access-list inside_access_in extended permit ip host 100.100.100.100 any
access-list inside_access_in extended permit ip host 192.168.1.4 any
access-list inside_access_in extended permit ip host 192.168.1.101 any
access-list inside_access_in extended permit ip host 192.168.1.7 any
access-list inside_access_in extended permit ip host 192.168.1.218 any
access-list inside_access_in extended permit ip host 192.168.1.186 any
access-list inside_access_in extended permit ip host 192.18.1.27 any
access-list inside_access_in extended permit ip EGY-Network-user 255.255.255.0 any
access-list inside_access_in extended permit ip host 192.168.1.15 any
access-list inside_access_in extended permit ip host 192.168.1.187 any
access-list inside_access_in extended permit ip host Rabie any
access-list inside_access_in extended permit ip host Yaseer-L20 any
access-list inside_access_in extended permit ip host Imran any
access-list inside_access_in extended permit ip host yesser-gamil any
access-list inside_access_in extended permit ip host TEST-SERVER any
access-list inside_access_in extended permit ip host Jaber-L20 any
access-list inside_access_in extended permit ip host testswitch any
access-list inside_access_in extended permit ip User-network 255.255.255.0 any
access-list inside_access_in extended deny ip Switch-manage-Vlan 255.255.255.0 any
access-list inside_access_in extended permit ip host muneera-L20 any
access-list inside_access_in extended permit ip host KasperSky any
access-list inside_access_in extended permit ip host UFS-Server2 any
access-list inside_access_in extended permit ip host Christine-Pinto-L20 any
access-list inside_access_in extended permit ip host Zakaria-L20 any
access-list inside_access_in extended permit ip host network-PC any
access-list inside_access_in extended permit ip host network-PC-2 any
access-list inside_access_in extended permit ip host Hassan any
access-list inside_access_in extended permit ip host user-it any
access-list inside_access_in extended permit ip host Fahad-Mandoob-L20 any
access-list inside_access_in extended permit ip host MAY-L20 any
access-list inside_access_in extended permit ip host callcenterpc any
access-list inside_access_in extended permit ip host mnahhas-kydr2n6 any
access-list inside_access_in extended permit ip host HelpdeskEGY any
access-list inside_access_in extended permit ip host Yasmeen-20 any
access-list inside_access_in extended permit ip host IkbalWalid-L20 any
access-list inside_access_in extended permit ip host Ahmed-Mandoob-L20 any
access-list inside_access_in extended permit ip host kwufsweb-serve any
access-list inside_access_in extended permit ip host VIP-CommServers any
access-list inside_access_in extended permit ip host VIP-APPServers any
access-list inside_access_in extended permit ip host Web-services-for-barracuda any
access-list inside_access_in extended permit ip host Barracuda-firwall any
access-list inside_access_in extended permit ip host Barracuda-mange any
access-list inside_access_in extended permit ip host Baracude-LoadBalancer any
access-list inside_access_in extended permit ip host FraudAPP any
access-list inside_access_in extended permit ip host call-center any
access-list inside_access_in extended permit ip host Alia-L20 any
access-list inside_access_in extended permit ip host Murtaza-LAN any
access-list inside_access_in extended permit ip host Citrixsr-server any
access-list inside_access_in extended permit ip host UFS-Server-New any
access-list inside_access_in extended permit ip host FraudDB any
access-list inside_access_in extended permit ip host Madam-Entisar any
access-list inside_access_in extended permit ip host Madam-Entisar2 any
access-list inside_access_in extended permit ip host Madam-Entisar-3 any
access-list inside_access_in extended permit ip host Madam-Entisar-L20 any
access-list inside_access_in extended permit ip host RSKWCOMM2-Server any
access-list inside_access_in extended permit ip host kwufsweb2-shaya any
access-list inside_access_in extended permit ip host Testing-Machine-master any
access-list inside_access_in extended permit ip host Shamsheer-L20 any
access-list inside_access_in extended permit ip host EmailSecurity any
access-list inside_access_in extended permit ip host RSKWCOMM1-Server any
access-list inside_access_in extended deny ip host ISA-Server any
access-list inside_access_in extended permit ip host khulud-L20 any
access-list inside_access_in extended permit ip host UPS-MENA-Server any
access-list inside_access_in extended permit ip host SQL-Server any
access-list inside_access_in extended permit ip host ServerAX2009 any
access-list inside_access_in extended permit ip host Moatasem-L20 any
access-list inside_access_in extended permit ip host Moatasem-l20-24 any
access-list inside_access_in extended permit ip host Murtaza-Lap1 any
access-list inside_access_in extended permit ip host DomainController any
access-list inside_access_in extended permit ip host SMS_server any

access-list Power_Card_nat0_outbound extended permit ip Power-Card-Network 255.255.255.0 Local-Network 255.255.255.0
access-list Power_Card_nat0_outbound extended permit ip Power-Card-Network 255.255.255.0 EGY-Network-user 255.255.255.0
access-list Power_Card_nat0_outbound extended permit ip Power-Card-Network 255.255.255.0 Egypt-network 255.255.255.0
access-list Power_Card_nat0_outbound extended permit ip Power-Card-Network 255.255.255.0 IT-VLAN 255.255.255.0
access-list Power_Card_nat0_outbound extended permit ip any 192.166.10.0 255.255.255.224

access-list inside_nat0_outbound extended permit ip any 192.168.80.0 255.255.255.224
access-list inside_nat0_outbound extended permit ip any 192.166.10.0 255.255.255.224
access-list inside_nat0_outbound extended permit ip 192.166.10.0 255.255.255.224 any
 access-list inside_powercard_in extended permit ip host 192.168.10.189 host 172.16.20.160
access-list inside_powercard_in extended permit ip Power-Card-Network 255.255.255.0 EGY-Network-user 255.255.255.0
access-list inside_powercard_in extended permit ip Power-Card-Network 255.255.255.0 Local-Network 255.255.255.0
access-list inside_powercard_in extended permit ip Power-Card-Network 255.255.255.0 IT-VLAN 255.255.255.0
access-list inside_powercard_in extended permit ip Power-Card-Network 255.255.255.0 Egypt-network 255.255.255.0
access-list inside_powercard_in extended deny ip Power-Card-Network 255.255.255.0 any

wireless-tcp
pager lines 24
logging enable
logging timestamp
logging list IPSEC level informational class vpn
logging list auth level debugging
logging buffer-size 100000
logging monitor debugging
logging buffered debugging
logging trap warnings
logging history critical
logging asdm debugging
logging host inside 192.168.1.160
logging host inside 192.168.1.163
logging host inside user-it
mtu Outside 1500
mtu inside 1500
mtu Wireless 1500
mtu Power_Card 1500
ip verify reverse-path interface Outside
ip verify reverse-path interface inside
ip verify reverse-path interface Wireless
ip verify reverse-path interface Power_Card
failover
failover lan unit primary
failover lan interface Failover Management0/0
failover key cisco
failover replication http
failover interface ip Failover 128.127.10.1 255.255.255.252 standby 128.127.10.2
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-715-100.bin
asdm location 172.16.30.0 255.255.255.248 Outside
asdm location 172.16.1.10 255.255.255.255 Wireless
asdm location Moatasem-Lap2 255.255.255.255 Power_Card
asdm location Rabie-wifi-1 255.255.255.255 Power_Card
asdm location Yasmeen-20 255.255.255.255 Power_Card
asdm location Fahad-Mandoob-L20 255.255.255.255 Power_Card
asdm location Moatasem-L20 255.255.255.255 Power_Card
asdm location Yaseer-L20 255.255.255.255 Power_Card
asdm location IkbalWalid-L20 255.255.255.255 Power_Card
asdm location khulud-L20 255.255.255.255 Power_Card
asdm location Madam-Entisar-L20 255.255.255.255 Power_Card
asdm location MAY-L20 255.255.255.255 Power_Card
asdm location Shamsheer-L20 255.255.255.255 Power_Card
asdm location Alia-L20 255.255.255.255 Power_Card
asdm location Ahmed-Mandoob-L20 255.255.255.255 Power_Card
asdm location Jaber-L20 255.255.255.255 Power_Card
asdm location Hassanwifi 255.255.255.255 Power_Card
asdm location Zakaria-wifi2 255.255.255.255 Power_Card
asdm location muneera-laptop 255.255.255.255 Power_Card
asdm location TEST-SERVER 255.255.255.255 Power_Card
asdm location IPS-MODULE 255.255.255.255 Power_Card
asdm location IPS-OUTSIDE 255.255.240.0 Power_Card
asdm location Rabie-wifi-2 255.255.255.255 Wireless
asdm location ISA-EXT 255.255.255.255 Wireless
asdm location testswitch 255.255.255.255 Wireless
asdm location Madam-Entisar2 255.255.255.255 Wireless
asdm location test3 255.255.255.255 Wireless
asdm location yesser-gamil 255.255.255.255 Wireless
asdm location guest1 255.255.255.255 Wireless
asdm location guest2 255.255.255.255 Wireless
asdm location Moatasem-l20-24 255.255.255.255 Wireless
asdm location network-PC-2 255.255.255.255 Wireless
asdm location guest3 255.255.255.255 Wireless
asdm location Madam-Entisar-3 255.255.255.255 Wireless
asdm location Web-services-for-barracuda 255.255.255.255 Wireless
asdm location Barracuda-firwall 255.255.255.255 Wireless
asdm location Barracuda-mange 255.255.255.255 Wireless
asdm location muneera-L20 255.255.255.255 Wireless
asdm location M.alqutanCall-Center 255.255.255.255 Wireless
asdm location BanderCall-center 255.255.255.255 Wireless
asdm location AlaaCall-center 255.255.255.255 Wireless
asdm location M.salahCall-center 255.255.255.255 Wireless
asdm location IT-VLAN 255.255.255.0 Wireless
asdm location Imran 255.255.255.255 Wireless
asdm location callcenterpc 255.255.255.255 Wireless
asdm location Christine-Pinto-L20 255.255.255.255 Wireless
no asdm history enable
arp timeout 14400
global (Outside) 1 62.150.4.10
global (Outside) 2 62.150.4.11 netmask 255.255.255.240
global (Outside) 3 62.150.4.12 netmask 255.0.0.0
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 2 100.100.100.100 255.255.255.255
nat (inside) 1 Kwt-Call-center 255.255.255.0
nat (inside) 1 Local-Network 255.255.255.0
nat (inside) 3 User-network 255.255.255.0
nat (inside) 1 IT-VLAN 255.255.255.0
nat (Power_Card) 0 access-list Power_Card_nat0_outbound
nat (Power_Card) 1 192.168.10.160 255.255.255.255
nat (Power_Card) 1 Power-Card-Network 255.255.255.0
access-group Outside_access_in in interface Outside
access-group inside_access_in in interface inside
access-group Wireless_access_in in interface Wireless
access-group inside_powercard_in in interface Power_Card
route Outside 0.0.0.0 0.0.0.0 62.150.4.1 1
route inside Kwt-Call-center 255.255.255.0 Core-Switch 1
route inside 100.100.100.0 255.255.255.0 Core-Switch 1
route inside Egypt-network 255.255.255.0 Core-Switch 1
route inside EGY-Network-user 255.255.255.0 Core-Switch 1
route inside 172.16.50.0 255.255.255.0 Core-Switch 1
route inside EGY-network-voice 255.255.255.0 Core-Switch 1
route inside User-network 255.255.255.0 Core-Switch 1
route inside Switch-manage-Vlan 255.255.255.0 Core-Switch 1
route inside IT-VLAN 255.255.255.0 Core-Switch 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
aaa authentication enable console LOCAL
aaa authorization command LOCAL
aaa local authentication attempts max-fail 6
http server enable
http Rabie 255.255.255.255 inside
http Hassan 255.255.255.255 inside
http user-it 255.255.255.255 inside
http 192.168.50.142 255.255.255.255 inside
http 192.168.50.14 255.255.255.255 inside
http Murtaza-Lap1 255.255.255.255 inside
http 192.168.10.151 255.255.255.255 Power_Card
snmp-server host inside user-it community ups123 version 2c
no snmp-server location
no snmp-server contact
snmp-server community ups123
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-AES esp-aes-256 esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map inside_dyn_map 20 set transform-set ESP-3DES-MD5
crypto dynamic-map inside_dyn_map 20 set security-association lifetime seconds 28800
crypto dynamic-map inside_dyn_map 20 set security-association lifetime kilobytes 4608000
crypto dynamic-map Outside_dyn_map 20 set pfs
crypto dynamic-map Outside_dyn_map 20 set transform-set ESP-AES-128-SHA
crypto dynamic-map Outside_dyn_map 20 set security-association lifetime seconds 28800
crypto dynamic-map Outside_dyn_map 20 set security-association lifetime kilobytes 4608000
crypto dynamic-map Outside_dyn_map 40 set transform-set ESP-AES-128-SHA
crypto dynamic-map Outside_dyn_map 40 set security-association lifetime seconds 28800
crypto dynamic-map Outside_dyn_map 40 set security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set security-association lifetime seconds 28800
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set security-association lifetime kilobytes 4608000
crypto map inside_map 65535 ipsec-isakmp dynamic inside_dyn_map
crypto map inside_map interface inside
crypto map Outside_map 90 set transform-set ESP-3DES-MD5
crypto map Outside_map 90 set security-association lifetime seconds 28800
crypto map Outside_map 90 set security-association lifetime kilobytes 4608000
crypto map Outside_map 110 set security-association lifetime seconds 28800
crypto map Outside_map 110 set security-association lifetime kilobytes 4608000
crypto map Outside_map 65535 ipsec-isakmp dynamic Outside_dyn_map
crypto map Outside_map interface Outside
crypto map outside_map 110 set security-association lifetime seconds 28800
crypto map outside_map 110 set security-association lifetime kilobytes 4608000
crypto map Power_Card_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map Power_Card_map interface Power_Card
crypto isakmp enable Outside
crypto isakmp enable inside
crypto isakmp enable Power_Card
crypto isakmp policy 10
 authentication pre-share
 encryption aes
 hash sha
 group 2
 lifetime 86400
crypto isakmp policy 100
 authentication pre-share
 encryption aes-256
 hash sha
 group 5
 lifetime 86400
telnet timeout 5
ssh Murtaza-Laptop 255.255.255.255 inside
ssh 192.168.50.14 255.255.255.255 inside
ssh Rabie 255.255.255.255 inside
ssh Hassan 255.255.255.255 inside
ssh 172.16.20.160 255.255.255.255 inside
ssh timeout 10
ssh version 2
console timeout 10
dhcpd dns 8.8.8.8 4.2.2.2
dhcpd auto_config Wireless
!
dhcpd address 192.168.1.10-testswitch inside
!
threat-detection basic-threat
threat-detection statistics host
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 192.168.1.7 source inside
!
class-map global-class
 match any
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map global_policy
 class inspection_default
  inspect ftp
  inspect http
  inspect icmp
  inspect icmp error
  inspect ipsec-pass-thru
  inspect dns
  inspect esmtp
  inspect h323 h225
  inspect h323 ras
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect sip  
  inspect skinny  
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect xdmcp
 class global-class
  ips inline fail-open
 class class-default
policy-map global-
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:5ea47a0075f03af6f2a5ee035f035b7d
: end

 

0 Helpful

Go to solution
Marius Gunnerud
VIP
VIP
In response to Hassan Ali Hassan Ali Gazal

‎03-18-2015 02:46 PM

Your issue is most likely on the router IPsec configuration.  You the no nat should be done on the routers and not the ASAs with regard to sending traffic over the VPN tunnel.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card