01-29-2011 08:23 AM - edited 03-03-2019 06:11 AM
I have had problems with failover not reacting correct. Its ok for a while then something happens that causes a conlfict between the primary and secondary. Heres the config maybe someone can see something weird in it that cisco and I cant.
ASA Version 8.3(1)
!
terminal width 120
hostname FW1
domain-name SKESC2
enable password ETdSSY4CyQBtqMIU encrypted
passwd xx encrypted
multicast-routing
names
!
interface GigabitEthernet0/0
description Outside Interface will be 70.33.206.2 connection from Peer 1
nameif outside
security-level 0
ip address x.x.x.x 255.255.255.224 standby 70.33.206.3
!
interface GigabitEthernet0/1
description Management connection on the x.x.x.x network
nameif inside
security-level 100
ip address x.x.x.x 255.255.255.0 standby x.x.x.x
!
interface GigabitEthernet0/2
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/2.10
description DMZ network, x.x.x.x used for outward facing servers.
vlan 10
nameif DMZ
security-level 50
ip address x.x.x.x 255.255.255.0 standby x.x.x.x
!
interface GigabitEthernet0/2.20
description x.x.x.x network used for all database servers. PROTECTED INSIDE THE NETWORK.
vlan 20
nameif NONDMZ
security-level 100
ip address x.x.x.x 255.255.255.0 standby x.x.x.x
!
interface GigabitEthernet0/2.30
description x.x.x.x used for any develepment virtual machines.
vlan 30
nameif WSLAN
security-level 51
ip address x.x.x.x 255.255.255.0 standby x.x.x.x
!
interface GigabitEthernet0/2.40
vlan 40
nameif DMZ1
security-level 50
ip address x.x.x.x 255.255.255.0 standby x.x.x.x
!
interface GigabitEthernet0/3
description LAN Failover Interface
!
interface Management0/0
description Not used at this time
shutdown
nameif management
security-level 100
ip address x.x.x.x 255.255.255.0 standby x.x.x.x
!
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns domain-lookup outside
dns domain-lookup inside
dns domain-lookup DMZ
dns domain-lookup NONDMZ
dns domain-lookup WSLAN
dns domain-lookup management
dns server-group DefaultDNS
name-server x.x.x.x
name-server x.x.x.x
domain-name SKESC2
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network local
subnet x.x.x.x 255.255.255.0
object network pool
object network outside
subnet 0.0.0.0 0.0.0.0
object network obj_x.x.x.x
subnet x.x.x.x 255.255.255.0
object network obj_x.x.x.x
subnet x.x.x.x 255.255.255.0
object network obj_x.x.x.x
subnet x.x.x.x 255.255.255.0
object network obj_x.x.x.x
subnet x.x.x.x 255.255.255.0
object network obj_x.x.x.x
subnet x.x.x.x 255.255.255.0
object network obj_x.x.x.x
subnet x.x.x.x 255.255.255.0
object network obj_x.x.x.x
subnet x.x.x.x 255.255.255.0
object network obj_x.x.x.x
subnet x.x.x.x 255.255.255.0
object network A_x.x.x.x
host x.x.x.x
object network wslan_subnet
subnet x.x.x.x 255.255.255.0
object network DMZ_subnet
subnet x.x.x.x 255.255.255.0
object network NONDMZ_subnet
subnet x.x.x.x 255.255.255.0
object network Man_subnet
subnet x.x.x.x 255.255.255.0
object network A_x.x.x.x
host x.x.x.x
object network obj_x.x.x.x
subnet x.x.x.x 255.255.255.0
object network A_x.x.x.x
host x.x.x.x
object network A_x.x.x.x
host x.x.x.x
object network A_x.x.x.x
host x.x.x.x
object network A_x.x.x.x
host x.x.x.x
object network NETWORK_OBJ_x.x.x.x_24
subnet x.x.x.x 255.255.255.0
object network NETWORK_OBJ_x.x.x.x_25
subnet x.x.x.x 255.255.255.128
object network A_x.x.x.x
host x.x.x.x
object network PublicServer_NAT10
host x.x.x.x
object network inside
subnet x.x.x.x 255.255.255.0
object network insideout
subnet x.x.x.x 255.255.255.0
object network wslanout
subnet x.x.x.x 255.255.255.0
object network dmzout
subnet x.x.x.x 255.255.255.0
object network NONDMZ
subnet x.x.x.x 255.255.255.0
object network DMZ1
subnet x.x.x.x 255.255.255.0
object network PublicServer_NAT11
host x.x.x.x
object network PublicServer_NAT12
host x.x.x.x
object network PublicServer_NAT13
host x.x.x.x
object network PublicServer_NAT14
host x.x.x.x
object network PublicServer_NAT15
host x.x.x.x
object network PublicServer_NAT17
host x.x.x.x
object network NETWORK_OBJ_x.x.x.x_24
subnet x.x.x.x 255.255.255.0
object network NETWORK_OBJ_x.x.x.x_24
subnet x.x.x.x 255.255.255.0
object-group service Https tcp
port-object eq https
object-group service DBC udp
description DBC
port-object eq xxxx
object-group service DM_INLINE_SERVICE_1
service-object tcp
service-object tcp destination eq www
object-group service DM_INLINE_SERVICE_2
service-object ip
service-object tcp destination eq www
object-group service DB01access tcp-udp
description db01access
port-object eq xxxx
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
object-group service Terranet tcp
description Access to terranet server for updates
port-object eq sqlnet
object-group service DB02all tcp-udp
description xxxx
port-object eq xxxx
port-object eq xxxx
object-group network DM_INLINE_NETWORK_2
network-object host x.x.x.x
network-object host x.x.x.x
object-group service DM_INLINE_TCP_3 tcp
group-object Https
port-object eq ftp
port-object eq www
object-group service DM_INLINE_TCP_4 tcp
port-object eq ftp
port-object eq www
access-list management_access_in extended permit object-group DM_INLINE_SERVICE_2 any any
access-list split standard permit x.x.x.x 255.255.255.0
access-list split standard permit x.x.x.x 255.255.255.0
access-list split standard permit x.x.x.x 255.255.255.0
access-list split standard permit x.x.x.x 255.255.255.0
access-list DMZ_access_in extended permit ip any any log debugging
access-list Geomatics_splitTunnelAcl standard permit x.x.x.x 255.255.255.0
access-list filter extended permit object-group TCPUDP any host x.x.x.x object-group DB02all
access-list outside_access extended permit tcp any host x.x.x.x eq https
access-list outside_access extended permit tcp any host x.x.x.x object-group Terranet
access-list outside_access extended permit tcp any host x.x.x.x eq https
access-list outside_access extended permit tcp any host x.x.x.x eq https
access-list outside_access extended permit tcp any host x.x.x.x object-group DM_INLINE_TCP_3
access-list outside_access remark SKEINC.com x.x.x.x Web server
access-list outside_access extended permit tcp any host x.x.x.x object-group DM_INLINE_TCP_4
access-list outside_access remark Terranet for updates to data
access-list outside_access extended permit tcp object-group DM_INLINE_NETWORK_2 host x.x.x.x object-group Terranet
access-list AP01toDB01 extended permit object-group TCPUDP host x.x.x.x host 172.16.20.20 object-group DB01access
access-list AP01toDB01 extended permit object-group TCPUDP host x.x.x.x host 172.16.20.20 object-group DB01access log warnings
access-list AP01toDB01 extended permit object-group TCPUDP host x.x.x.x host 172.16.20.20 object-group DB01access
access-list outside_mpc extended permit ip any any
access-list global_mpc extended permit ip any any
access-list DMZ1_splitTunnelAcl standard permit x.x.x.x 255.255.255.0
access-list SKE_splitTunnelAcl standard permit x.x.x.x 255.255.255.0
access-list Webvpn webtype deny url any log default
pager lines 24
logging enable
logging timestamp
logging standby
logging list Alertsforskip level alerts
logging buffer-size 10000
logging asdm-buffer-size 512
logging buffered debugging
logging trap notifications
logging asdm informational
logging from-address xx@xx.com
logging facility 16
logging host inside x.x.x.x
logging debug-trace
logging permit-hostdown
mtu outside 1500
mtu inside 1500
mtu DMZ 1500
mtu NONDMZ 1500
mtu WSLAN 1500
mtu DMZ1 1500
mtu management 1500
ip local pool DMZ1 x.x.x.x-x.x.x.x mask 255.255.255.0
ip local pool VPNPOOL x.x.x.x-x.x.x.x
ip local pool NONDMZpool x.x.x.x-x.x.x.x
ip local pool WSLANpool x.x.x.x-x.x.x.x
ip local pool DMZ x.x.x.x-x.x.x.x
ip local pool Geomatics x.x.x.x-x.x.x.x mask 255.255.255.0
ip verify reverse-path interface outside
ip verify reverse-path interface inside
ip verify reverse-path interface DMZ
ip verify reverse-path interface NONDMZ
ip verify reverse-path interface WSLAN
ip verify reverse-path interface DMZ1
ip verify reverse-path interface management
failover
failover lan unit primary
failover lan interface Failover GigabitEthernet0/3
failover key Password01
failover interface ip Failover x.x.x.x 255.255.255.0 standby x.x.x.x
no monitor-interface inside
no monitor-interface management
icmp unreachable rate-limit 1 burst-size 1
icmp permit any outside
icmp permit any WSLAN
asdm image disk0:/asdm-631.bin
asdm history enable
arp timeout 14400
nat (inside,outside) source static obj_x.x.x.x obj_x.x.x.x destination static obj_x.x.x.x obj_x.x.x.x
nat (WSLAN,outside) source static obj_x.x.x.x obj_x.x.x.x destination static obj_x.x.x.x obj_x.x.x.x
nat (NONDMZ,outside) source static obj_x.x.x.x obj_x.x.x.x destination static obj_x.x.x.x obj_x.x.x.x
nat (DMZ,outside) source static obj_x.x.x.x obj_x.x.x.x destination static obj_x.x.x.x obj_x.x.x.x
nat (DMZ,NONDMZ) source static any any
nat (DMZ,outside) source static obj_x.x.x.x obj_x.x.x.x destination static obj_x.x.x.x obj_x.x.x.x
nat (DMZ1,outside) source static NETWORK_OBJ_x.x.x.x_24 NETWORK_OBJ_x.x.x.x_24 destination static NETWORK_OBJ_x.x.x.x_25 NETWORK_OBJ_x.x.x.x_25
nat (NONDMZ,outside) source static NETWORK_OBJ_x.x.x.x_24 NETWORK_OBJ_x.x.x.x_24 destination static NETWORK_OBJ_x.x.x.x_25 NETWORK_OBJ_x.x.x.x_25
nat (inside,outside) source static NETWORK_OBJ_x.x.x.x_24 NETWORK_OBJ_x.x.x.x_24 destination static NETWORK_OBJ_x.x.x.x_24 NETWORK_OBJ_x.x.x.x_24
!
object network insideout
nat (inside,outside) dynamic interface
object network wslanout
nat (WSLAN,outside) dynamic interface
object network dmzout
nat (DMZ,outside) dynamic interface
object network NONDMZ
nat (NONDMZ,outside) dynamic interface
object network DMZ1
nat (DMZ1,outside) dynamic interface
object network PublicServer_NAT11
nat (DMZ1,outside) static A_x.x.x.x
object network PublicServer_NAT12
nat (DMZ,outside) static A_x.x.x.x
object network PublicServer_NAT13
nat (DMZ,outside) static A_x.x.x.x
object network PublicServer_NAT14
nat (DMZ,outside) static A_x.x.x.x
object network PublicServer_NAT15
nat (DMZ,outside) static A_x.x.x.x
object network PublicServer_NAT17
nat (WSLAN,outside) static A_x.x.x.x
access-group outside_access in interface outside
access-group DMZ_access_in in interface DMZ
route outside 0.0.0.0 0.0.0.0 x.x.x.x 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
webvpn
port-forward disable
file-browsing disable
file-entry disable
http-proxy disable
url-entry disable
always-on-vpn disable
aaa authentication ssh console LOCAL
http server enable
http server idle-timeout 60
http x.x.x.x 255.255.255.0 management
http x.x.x.x 255.255.255.0 inside
http x.x.x.x 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
service resetoutside
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac
crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA
ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map vpnmap 65355 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map vpnmap interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh x.x.x.x 255.255.255.0 inside
ssh x.x.x.x 255.255.255.0 inside
ssh timeout 60
console timeout 0
management-access inside
dhcpd address x.x.x.x-x.x.x.x inside
dhcpd dns x.x.x.x x.x.x.x interface inside
!
dhcpd auto_config outside interface management
!
threat-detection basic-threat
no threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server x.x.x.x source outside prefer
tftp-server inside x.x.x.x /firewallb
webvpn
group-policy NONDMZ internal
group-policy NONDMZ attributes
vpn-tunnel-protocol IPSec
group-lock value NONDMZ
split-tunnel-policy tunnelspecified
split-tunnel-network-list value split
group-policy DefaultRAGroup internal
group-policy DefaultRAGroup attributes
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelall
group-policy DfltGrpPolicy attributes
dns-server value x.x.x.x x.x.x.x
vpn-idle-timeout 240
vpn-tunnel-protocol IPSec
split-tunnel-network-list value split
group-policy Geomatics internal
group-policy Geomatics attributes
dns-server value x.x.x.x x.x.x.x
vpn-session-timeout none
vpn-filter value filter
vpn-tunnel-protocol IPSec
group-lock value Geomatics
split-tunnel-policy tunnelspecified
split-tunnel-network-list value Geomatics_splitTunnelAcl
group-policy WSLAN internal
group-policy WSLAN attributes
vpn-tunnel-protocol IPSec
group-lock value WSLAN
split-tunnel-policy tunnelspecified
split-tunnel-network-list value split
group-policy NewVpn internal
group-policy NewVpn attributes
vpn-idle-timeout none
vpn-session-timeout none
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value split
group-policy SKE internal
group-policy SKE attributes
dns-server value x.x.x.x x.x.x.x
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value SKE_splitTunnelAcl
group-policy DMZ internal
group-policy DMZ attributes
vpn-tunnel-protocol IPSec
group-lock value DMZ
split-tunnel-policy tunnelspecified
split-tunnel-network-list value split
username SShtepaYu password xx encrypted
username SShtepaYu attributes
vpn-group-policy SKE
vpn-session-timeout none
group-lock value SKE
service-type remote-access
username GVatulieA password xx encrypted
username GVatulieA attributes
vpn-group-policy Geomatics
vpn-session-timeout none
group-lock value Geomatics
service-type remote-access
username WVatulieA password xx encrypted
username WVatulieA attributes
vpn-group-policy WSLAN
vpn-session-timeout none
group-lock value WSLAN
service-type remote-access
username SBaskwillS password xx encrypted
username SBaskwillS attributes
vpn-group-policy SKE
vpn-session-timeout none
group-lock value SKE
service-type remote-access
username SBishopMa password xx encrypted
username SBishopMa attributes
vpn-group-policy SKE
vpn-session-timeout none
group-lock value SKE
service-type remote-access
username Guest1Ge password xx encrypted
username Guest1Ge attributes
vpn-group-policy Geomatics
vpn-session-timeout none
group-lock value Geomatics
service-type remote-access
username DVatulieA password xx encrypted
username DVatulieA attributes
vpn-group-policy DMZ
vpn-session-timeout none
group-lock value DMZ
service-type remote-access
username pskipton password xx encrypted privilege 15
username pskipton attributes
vpn-access-hours none
vpn-idle-timeout none
vpn-session-timeout none
username SpezzafS password xx encrypted
username SpezzafS attributes
vpn-group-policy Geomatics
vpn-session-timeout none
group-lock value Geomatics
service-type remote-access
username SPetrochO password xx encrypted
username SPetrochO attributes
vpn-group-policy SKE
vpn-session-timeout none
group-lock value SKE
service-type remote-access
username NMakarenL password xx encrypted
username NMakarenL attributes
vpn-group-policy NONDMZ
vpn-session-timeout none
group-lock value NONDMZ
service-type remote-access
username SPhilepeE password xx encrypted
username SPhilepeE attributes
vpn-group-policy SKE
vpn-session-timeout none
group-lock value SKE
service-type remote-access
username WSpezzafS password xx encrypted
username WSpezzafS attributes
vpn-group-policy WSLAN
vpn-session-timeout none
group-lock value WSLAN
service-type remote-access
username WSinnisSp password xx encrypted
username WSinnisSp attributes
vpn-group-policy WSLAN
vpn-session-timeout none
group-lock value WSLAN
service-type remote-access
username DPetrochO password xx encrypted
username DPetrochO attributes
vpn-group-policy DMZ
vpn-session-timeout none
group-lock value DMZ
service-type remote-access
username DPhilepeE password xx encrypted
username DPhilepeE attributes
vpn-group-policy DMZ
vpn-session-timeout none
group-lock value DMZ
service-type remote-access
username WShtepaYu password xx encrypted
username WShtepaYu attributes
vpn-group-policy WSLAN
vpn-session-timeout none
group-lock value WSLAN
service-type remote-access
username SVatulieA password xx encrypted
username SVatulieA attributes
vpn-group-policy SKE
vpn-session-timeout none
group-lock value SKE
service-type remote-access
username WBaskwillS password xx encrypted
username WBaskwillS attributes
vpn-group-policy WSLAN
vpn-session-timeout none
group-lock value WSLAN
service-type remote-access
username LiAmy125 password xx encrypted
username LiAmy125 attributes
vpn-group-policy Geomatics
vpn-session-timeout none
group-lock value Geomatics
service-type remote-access
username GBishopMa password xx encrypted
username GBishopMa attributes
vpn-group-policy Geomatics
vpn-session-timeout none
group-lock value Geomatics
service-type remote-access
username WBishopMa password xx encrypted
username WBishopMa attributes
vpn-group-policy WSLAN
vpn-session-timeout none
group-lock value WSLAN
service-type remote-access
username LinJosep password xx encrypted
username LinJosep attributes
vpn-group-policy Geomatics
vpn-session-timeout none
group-lock value Geomatics
service-type remote-access
username WBounsalA password xx encrypted
username WBounsalA attributes
vpn-group-policy WSLAN
vpn-session-timeout none
group-lock value WSLAN
service-type remote-access
username DBishopMa password xx encrypted
username DBishopMa attributes
vpn-group-policy DMZ
vpn-session-timeout none
group-lock value DMZ
service-type remote-access
username WPykePaul password xx encrypted
username WPykePaul attributes
vpn-group-policy WSLAN
vpn-session-timeout none
group-lock value WSLAN
service-type remote-access
username GPetrochO password xx encrypted
username GPetrochO attributes
vpn-group-policy Geomatics
vpn-session-timeout none
group-lock value Geomatics
service-type remote-access
username WPetrochO password xx encrypted
username WPetrochO attributes
vpn-group-policy WSLAN
vpn-session-timeout none
group-lock value WSLAN
service-type remote-access
username DShtepaYu password xx encrypted
username DShtepaYu attributes
vpn-group-policy DMZ
vpn-session-timeout none
group-lock value DMZ
service-type remote-access
username WPhilepeE password xx encrypted
username WPhilepeE attributes
vpn-group-policy WSLAN
vpn-session-timeout none
group-lock value WSLAN
service-type remote-access
username NVatulieA password xx encrypted
username NVatulieA attributes
vpn-group-policy NONDMZ
vpn-session-timeout none
group-lock value NONDMZ
service-type remote-access
username SkiptonP password xx encrypted
username HapersCa password xx encrypted
username HapersCa attributes
vpn-group-policy Geomatics
vpn-session-timeout none
group-lock value Geomatics
service-type remote-access
username PykePaul password xx encrypted
username PykePaul attributes
vpn-group-policy Geomatics
vpn-session-timeout none
group-lock value Geomatics
service-type remote-access
username DMakarenL password xx encrypted
username DMakarenL attributes
vpn-group-policy DMZ
vpn-session-timeout none
group-lock value DMZ
service-type remote-access
username KaticJas password xx encrypted
username KaticJas attributes
vpn-group-policy SKE
vpn-session-timeout none
group-lock value SKE
service-type remote-access
username GMakarenL password xx encrypted
username GMakarenL attributes
vpn-group-policy Geomatics
vpn-session-timeout none
group-lock value Geomatics
service-type remote-access
username WMakarenL password xx encrypted
username WMakarenL attributes
vpn-group-policy WSLAN
vpn-session-timeout none
group-lock value WSLAN
service-type remote-access
username SinnisSp password xx encrypted
username SinnisSp attributes
vpn-group-policy Geomatics
vpn-session-timeout none
group-lock value Geomatics
service-type remote-access
username WLinJosep password xx encrypted
username WLinJosep attributes
vpn-group-policy WSLAN
vpn-session-timeout none
group-lock value WSLAN
service-type remote-access
username WLiAmy125 password xx encrypted
username WLiAmy125 attributes
vpn-group-policy WSLAN
vpn-session-timeout none
group-lock value WSLAN
service-type remote-access
username MakarenL password xx encrypted
username MakarenL attributes
vpn-group-policy NewVpn
vpn-session-timeout none
group-lock value NewVpn
service-type remote-access
username NBishopMa password xx encrypted
username NBishopMa attributes
vpn-group-policy NONDMZ
vpn-session-timeout none
group-lock value NONDMZ
service-type remote-access
username RoscoeDa password xx encrypted
username RoscoeDa attributes
vpn-idle-timeout none
vpn-session-timeout none
service-type remote-access
username BounsalA password xx encrypted
username BounsalA attributes
vpn-group-policy Geomatics
vpn-session-timeout none
group-lock value Geomatics
service-type remote-access
username RoscoeLY password xx encrypted
username RoscoeLY attributes
vpn-idle-timeout none
vpn-session-timeout none
service-type remote-access
username NShtepaYu password xx encrypted
username NShtepaYu attributes
vpn-group-policy NONDMZ
vpn-session-timeout none
group-lock value NONDMZ
service-type remote-access
username ORCReplication password xx encrypted
username ORCReplication attributes
vpn-group-policy NONDMZ
vpn-simultaneous-logins 1
vpn-idle-timeout none
vpn-session-timeout none
group-lock value NONDMZ
service-type remote-access
username NPetrochO password xx encrypted
username NPetrochO attributes
vpn-group-policy NONDMZ
vpn-session-timeout none
group-lock value NONDMZ
service-type remote-access
username NPhilepeE password xx encrypted
username NPhilepeE attributes
vpn-group-policy NONDMZ
vpn-session-timeout none
group-lock value NONDMZ
service-type remote-access
username SMakarenL password xx encrypted
username SMakarenL attributes
vpn-group-policy SKE
vpn-session-timeout none
group-lock value SKE
service-type remote-access
username WHapersCa password xx encrypted
username WHapersCa attributes
vpn-group-policy WSLAN
vpn-session-timeout none
group-lock value WSLAN
service-type remote-access
username PolettoK password xx encrypted
username PolettoK attributes
vpn-group-policy SKE
vpn-session-timeout none
group-lock value SKE
service-type remote-access
username PolettoD password xx encrypted
username PolettoD attributes
service-type remote-access
username AndrewHiltz password xx encrypted
username AndrewHiltz attributes
service-type admin
tunnel-group DefaultRAGroup general-attributes
default-group-policy DefaultRAGroup
tunnel-group DefaultRAGroup ipsec-attributes
pre-shared-key xx
tunnel-group NewVpn type remote-access
tunnel-group NewVpn general-attributes
address-pool VPNPOOL
default-group-policy NewVpn
tunnel-group NewVpn ipsec-attributes
pre-shared-key xx
tunnel-group WSLAN type remote-access
tunnel-group WSLAN general-attributes
address-pool WSLANpool
default-group-policy WSLAN
tunnel-group WSLAN ipsec-attributes
pre-shared-key xx
tunnel-group NONDMZ type remote-access
tunnel-group NONDMZ general-attributes
address-pool NONDMZpool
default-group-policy NONDMZ
tunnel-group NONDMZ ipsec-attributes
pre-shared-key xx
tunnel-group DMZ type remote-access
tunnel-group DMZ general-attributes
address-pool DMZ
default-group-policy DMZ
tunnel-group DMZ ipsec-attributes
pre-shared-key xx
tunnel-group Geomatics type remote-access
tunnel-group Geomatics general-attributes
address-pool Geomatics
default-group-policy Geomatics
tunnel-group Geomatics ipsec-attributes
pre-shared-key xx
tunnel-group SKE type remote-access
tunnel-group SKE general-attributes
address-pool DMZ1
default-group-policy SKE
tunnel-group SKE ipsec-attributes
pre-shared-key xx
!
class-map global-class
match access-list global_mpc
class-map inspection_default
match default-inspection-traffic
class-map outside-class
match access-list outside_mpc
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
class global-class
ips inline fail-open sensor vs0
policy-map outside-policy
class outside-class
ips inline fail-open sensor vs0
!
service-policy global_policy global
service-policy outside-policy interface outside
prompt hostname context
Cryptochecksum:782d6951489e7b1ebeec99e876e24b16
: end
02-21-2011 01:11 AM
If you say there is a conflict and something goes wrong, there must be something in the log.
Can you post the log output when the error occurs?
That will give us more clues in where to look.
Regards,
Ian
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide