cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
207
Views
5
Helpful
6
Replies
Beginner

NAT Translation question

I am wondering If it is possible to connect to a server over a single VPN tunnel via 2 IP addresses by using NAT.

I have setup a test environment with 2 CIsco ASAs, the tunnel is up and I can ping from my internal workstation (192.168.1.1) to the remote Server (172.16.1.1) absolutely fine.
 
I added an object with another IP (10.10.1.1) and have create a NAT rule on the remote end so that traffic from 192.168.1.1 to 10.10.1.1 translates to 172.16.1.1 (The endpoint I wish to connect)
 
The ping to this server does not work until I cancel the ping to 172.16.1.1, once this has cancelled the connection comes up and vice versa If I wish to then ping back to 172.16.1.1.
 
My question is, Is this even possible or am I attempting the impossible? I have a relatively basic knowledge of Cisco firewall rules and mainly use ASDM where I can Im afraid.I have put time intpo this but cannot get it working so thought Id ask. 
 
Any help would be really appreciated :) I have attached a really simple diagram
6 REPLIES 6
VIP Advisor

Re: NAT Translation question

Hi

You want to communicate between machine A to B using 2 IPs on machine B side (real and natted IP) when using specific ports?

Can you share your actual config then I can help you adapt it?

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
Beginner

Re: NAT Translation question

That is correct Francesco,

 

I shall share shortly.

 

Many thanks Jason 

Beginner

Re: NAT Translation question

No Problem Francesco, No rush, I appreciate your time and am keen to learn.

It wouldn't let me add the local config yesterday so here it is:

Local Config:


ASA Version 9.3(2)
!
hostname CheltenhamASA
enable password GmsUF/CfjnnZbM9z encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd 2KFQnbNIdI.2KYOU encrypted
names
ip local pool Client-to-Site 192.168.9.1-192.168.9.101 mask 255.255.255.0
ip local pool DMZ-VPN 192.168.10.2-192.168.10.101 mask 255.255.255.0
ip local pool Win10-Pool 192.168.198.1-192.168.198.254 mask 255.255.255.0
!
interface GigabitEthernet0/0
nameif outside
security-level 0
pppoe client vpdn group BTINFINITY
ip address 217.46.225.177 255.255.255.255 pppoe
!
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface GigabitEthernet0/2
nameif DMZ
security-level 50
ip address 192.168.2.1 255.255.255.0
!
interface GigabitEthernet0/3
nameif DMZ2_Visitor_Network
security-level 53
ip address 172.23.91.1 255.255.255.0
!
interface GigabitEthernet0/4
description DMZ for PreProd
nameif DMZ3
security-level 52
ip address 192.168.4.1 255.255.255.0
!
interface GigabitEthernet0/5
nameif DMZ4
security-level 51
ip address 192.168.5.1 255.255.255.0
!
interface Management0/0
management-only
nameif management
security-level 100
ip address 192.168.3.1 255.255.255.0
!
boot system disk0:/asa932-smp-k8.bin
ftp mode passive
clock timezone GMT/BST 0
clock summer-time GMT/BDT recurring last Sun Mar 1:00 last Sun Oct 2:00
dns domain-lookup outside
dns domain-lookup inside
dns domain-lookup DMZ
dns domain-lookup DMZ2_Visitor_Network
dns domain-lookup management
same-security-traffic permit intra-interface
object network Dar_Internal_Network
subnet 10.25.1.0 255.255.255.0
object network Ghana_Internal_Network
subnet 10.17.1.0 255.255.255.0
object network Iloilo_Internal_Network
subnet 10.14.1.0 255.255.255.0
object network Kenya_Internal_Network
subnet 10.22.1.0 255.255.255.0
object network Moshi_Internal_Network
subnet 10.25.2.0 255.255.255.0
object network Cheltenham_Office_Internal_Network
subnet 192.168.1.0 255.255.255.0
object network Cheltenham_HeadOffice_DMZ_Network
subnet 192.168.2.0 255.255.255.0
object service Airtel_Money_In
service tcp destination eq 8000
description Airtel Money to USSD App Server
object service Airtel_Money_Out
service tcp destination eq 9640
description USSD App Server to Airtel Money Server
object service Airtel_SMSC
service tcp destination eq 9000
description Airtel SMSC Server
object service Airtel_USSD_In
service tcp destination eq 8000
object service Airtel_USSD_Out
service tcp destination eq 10500
object network DMZ_Network
subnet 192.168.2.0 255.255.255.0
object network Grameenphone_AgentPortal_DB_server
host 192.168.206.147
object network Grameenphone_AgentPortal_Web_Server
host 192.168.206.146
object network NAT_DMZ_IP_Range_For_Grameenphone
subnet 10.1.91.16 255.255.255.248
description Used to NAT DMZ servers connecting to Grameenphone
object network NAT_Inside_IP_Range_For_Grameenphone
subnet 10.1.91.24 255.255.255.248
description Used to NAT Internal Network when connecting to Grameenphone
object network MUKHOGPTST01_Internal_IP_Address
host 192.168.2.21
object network MUKHOGPTST01_NAT_IP_Address_For_Grameenphone
host 10.1.91.17
description NAT'd IP of MUKHOGPTST01 for Grameenphone
object network NAT_Inside_IP_Range_to_Single_IP_For_Grameenphone
host 10.1.91.25
object network Grameenphone_TransportDB_server
host 10.10.15.208
object service Airtel_SFTP
service tcp destination eq 2222
object service http8080
service tcp destination eq 8080
object service Port_1957
service tcp destination eq 1957
object service Airtel_Ghana_FTP_in
service tcp destination eq 2222
object network Grameenphone_TransportDB_server2
host 10.10.20.206
object service http5555
service tcp destination eq 5555
object network GrameenPhone_MobiCash_Test_server
host 10.163.33.129
object service https8181
service tcp destination eq 8181
description Used to connect to web services on test agent portal
object network Mahindra_Comviva_India
host 203.101.110.166
object service https8282
service tcp destination eq 8282
object service AirTel_Zambia_SMSC
service tcp destination eq 16920
object service AirTel_Zambia_SFTP
service tcp destination eq 922
object network Grameenphone_MobiCash_Live_server
host 10.163.33.44
object network Public_IP4
host 217.46.225.180
description Used by MUKHOANTST01, MUKHOKETST01 when connecting to Airtel
object service Airtel_Nigeria_SMS
service tcp destination eq 31110
object service Airtel_Nigeria_USSD
service tcp destination eq 10500
object network NETWORK_OBJ_192.168.1.224_27
subnet 192.168.1.224 255.255.255.224
object service Airtel_Nigeria_FTP
service tcp destination eq 3000
object network NETWORK_OBJ_192.168.1.0_24
subnet 192.168.1.0 255.255.255.0
object network NETWORK_OBJ_192.168.2.0_24
subnet 192.168.2.0 255.255.255.0
object service Port_1958
service tcp destination eq 1958
object network NETWORK_OBJ_192.168.2.224_27
subnet 192.168.2.224 255.255.255.224
object service Port_1960
service tcp destination eq 1960
object service Port_2223
service tcp destination eq 2223
object network NETWORK_OBJ_192.168.9.128_28
subnet 192.168.9.128 255.255.255.240
object service Port_1959
service tcp destination eq 1959
object service Port_2224
service tcp destination eq 2224
object service Port_921
service tcp destination eq 921
object service Port_2225
service tcp destination eq 2225
object network MUKCEPAPPTST31
host 192.168.2.159
description TEST CEP - Inbound App Server - USSD, Webservices, FTP etc.
object service Port_1970
service tcp destination eq 1970
object network MUKHOSQLTST01
host 192.168.2.131
object network GrameenPhone_MobiCash_Test_server_2
host 10.13.1.29
object network MUKCEPAPPTST51
host 192.168.2.158
object network NETWORK_OBJ_192.168.9.0_25
subnet 192.168.9.0 255.255.255.128
object network NETWORK_OBJ_192.168.10.0_25
subnet 192.168.10.0 255.255.255.128
object service Port_22
service tcp destination eq ssh
object network Mahindra_Comviva_1
host 10.177.50.4
object network Mahindra_Comviva_2
host 10.177.50.5
object network Mahindra_Comviva_3
host 10.177.50.6
object network Mahindra_Comviva_4
host 10.177.50.21
object network Mahindra_Comviva_5
host 10.177.25.14
object network Delhi_Internal_Network
subnet 10.23.0.0 255.255.252.0
object network MEIslamabadOfficeNetwork
subnet 10.40.1.0 255.255.255.0
object network GrameenPhone_Flexible_MFS_test_Bed_Nirvoy+_APi
host 10.10.22.67
description Nirvoy Plus Customer Validation
object service Airtel_Ghana_SMPP
service tcp destination eq 2775
object network ME_Azure_India_Internal_Network
subnet 10.50.0.0 255.255.0.0
object service Octopus
service tcp destination eq 10888
object network MUKCEPAPPTST04
host 192.168.2.161
object network MUKHODC02
host 192.168.1.12
description Cheltenham Head Office Domain Controller
object network MUKCEPADSTST01
host 192.168.2.150
description Apptest.local Domain Controller (Head Office)
object service PORT_53
service udp destination eq domain
object service Port_53
service tcp destination eq domain
object network MUKCEPWEBTST01
host 192.168.4.157
object network MUKCEPSQLTST01
host 192.168.2.154
object network MUKCEPAPPTST05
host 192.168.2.166
object network MUKCEPAPPTST01
host 192.168.2.152
object network MUKHOADSTST01
host 192.168.2.164
object service ADFS_49443
service tcp destination eq 49443
object service HTTP_8080
service tcp destination eq 8080
object service LDAP_445
service tcp destination eq 445
object network DMZ3_network
subnet 192.168.4.0 255.255.255.0
object network DMZ4_network
subnet 192.168.5.0 255.255.255.0
object network MUKHOEXTWEBTST01
host 192.168.5.2
object network MUKHOEXTADSTST01
host 192.168.4.2
object network MUKHOAPPTST01
host 192.168.2.163
object network MUKHODEV03
host 192.168.2.171
object network Manila_Internal_Network
subnet 10.70.1.0 255.255.255.0
object network MUKPREEXTADS01
host 192.168.4.3
description PreProd External AD Box
object network MUKPREEXTWEB01
host 192.168.5.3
description PreProd External Web Box
object network MUKCEPSQLTST02
host 192.168.2.162
object network MUKHOSQLTST03
host 192.168.2.155
object network MUKHOPREDWH01
host 192.168.2.174
object service Port_1434
service tcp destination eq 1434
object service Port_1433
service tcp destination eq 1433
object network MUKAPPEXT01
host 192.168.4.4
object service RPCEndpointMapper
service tcp source range 49152 65535 destination eq 135
description Required for joining the WAP server to a domain
object service KerberosPasswordChangeTCP
service tcp destination eq 464
description Required for joining the WAP server to a domain
object service KerberosPasswordChangeUDP
service tcp destination eq 464
description Required for joining the WAP server to a domain
object service RPCforLSASAMNetlogon
service tcp destination range 49152 65535
description Required for joining the WAP server to a domain
object service ldap
service udp destination eq 389
object service ldapGC
service tcp destination eq 3268
description Required for joining the WAP server to a domain
object service ldapGCSSL
service tcp destination eq 3269
description Required for joining the WAP server to a domain
object service ldapSSL
service tcp destination eq ldaps
description Required for joining the WAP server to a domain
object service KerberosTCP
service tcp destination eq 88
description Required for joining the WAP server to a domain
object service KerberosUDP
service udp destination eq 88
description Required for joining the WAP server to a domain
object service Port_8080-8089
service tcp destination range 8080 8089
object network MUKHODEVJIRA01
host 192.168.2.170
object network MUKPREAPPEXT01
host 192.168.4.5
object service SQL-TCP
service tcp destination eq 1433
object service SQL-UDP
service udp destination eq 1433
object network DMZ2_Network
subnet 172.23.91.0 255.255.255.0
object network MEIslamabadBahriaOfficeNetwork
subnet 10.41.1.0 255.255.255.0
object network MUKHOPREJIRA01
host 192.168.2.151
object network ME_Azure_Test_Network
subnet 172.16.0.0 255.255.252.0
object network UFONE_TEST_IP
host 172.16.15.202
object network UFONE_VAS_IP
host 172.16.23.189
object network UFONE_SMSC_IP
host 172.31.219.87
object network UFONE_VAS_IP_2
host 172.16.23.213
object network UFONE_VAS_IP_3
host 172.16.105.211
object network UFONE_VAS_IP_4
host 172.16.23.214
object network UFONE_VAS_IP_5
host 172.16.23.215
object network UFONE_VAS_SFTP
host 172.16.15.242
object network NETWORK_OBJ_192.168.198.0_24
subnet 192.168.198.0 255.255.255.0
object network ME_Azure_PreProd_Network
subnet 172.17.1.0 255.255.255.0
object network ME_Azure_Test_Network_Internal
subnet 172.16.1.0 255.255.255.0
object network VM-ME-Test-App1-NAT-IP
host 172.16.100.1
object network Jason-Laptop
host 192.168.1.166
object network Jason-Laptop-NAT
host 172.16.200.1
object-group network DM_INLINE_NETWORK_1
object-group service DM_INLINE_TCP_1 tcp
port-object eq ftp
port-object eq ftp-data
object-group network Grameenphone_AgentPortal_Servers
network-object object Grameenphone_AgentPortal_DB_server
network-object object Grameenphone_AgentPortal_Web_Server
object-group network DM_INLINE_NETWORK_2
group-object Grameenphone_AgentPortal_Servers
network-object object Grameenphone_TransportDB_server
network-object object Grameenphone_TransportDB_server2
network-object object Grameenphone_MobiCash_Live_server
network-object object GrameenPhone_MobiCash_Test_server
network-object object GrameenPhone_MobiCash_Test_server_2
network-object object Mahindra_Comviva_1
network-object object Mahindra_Comviva_2
network-object object Mahindra_Comviva_3
network-object object Mahindra_Comviva_4
network-object object Mahindra_Comviva_5
network-object object GrameenPhone_Flexible_MFS_test_Bed_Nirvoy+_APi
object-group network DM_INLINE_NETWORK_7
network-object object Cheltenham_Office_Internal_Network
network-object object NAT_Inside_IP_Range_to_Single_IP_For_Grameenphone
network-object object MUKHOGPTST01_NAT_IP_Address_For_Grameenphone
object-group network NAT_DMZ_&_Inside_Ranges_For_Grameenphone
network-object object NAT_Inside_IP_Range_For_Grameenphone
network-object object NAT_DMZ_IP_Range_For_Grameenphone
object-group network DM_INLINE_NETWORK_8
group-object Grameenphone_AgentPortal_Servers
network-object object Grameenphone_TransportDB_server
network-object object Grameenphone_TransportDB_server2
network-object object Grameenphone_MobiCash_Live_server
network-object object Mahindra_Comviva_1
network-object object Mahindra_Comviva_2
network-object object Mahindra_Comviva_3
network-object object Mahindra_Comviva_4
network-object object Mahindra_Comviva_5
object-group service DM_INLINE_SERVICE_4
service-object icmp
service-object object https8181
object-group service DM_INLINE_SERVICE_5
service-object icmp
service-object object https8181
object-group network DM_INLINE_NETWORK_10
network-object object Grameenphone_TransportDB_server
network-object object Grameenphone_TransportDB_server2
object-group network DM_INLINE_NETWORK_11
network-object object MUKHOGPTST01_Internal_IP_Address
network-object object MUKHOGPTST01_NAT_IP_Address_For_Grameenphone
object-group network DM_INLINE_NETWORK_12
network-object object MUKHOGPTST01_Internal_IP_Address
network-object object MUKHOGPTST01_NAT_IP_Address_For_Grameenphone
object-group network DM_INLINE_NETWORK_18
network-object object Grameenphone_MobiCash_Live_server
network-object object GrameenPhone_MobiCash_Test_server
network-object object GrameenPhone_MobiCash_Test_server_2
network-object object GrameenPhone_Flexible_MFS_test_Bed_Nirvoy+_APi
object-group network DM_INLINE_NETWORK_26
network-object object Mahindra_Comviva_1
network-object object Mahindra_Comviva_2
network-object object Mahindra_Comviva_3
network-object object Mahindra_Comviva_4
network-object object Mahindra_Comviva_5
network-object object Mahindra_Comviva_India
object-group network DM_INLINE_NETWORK_27
network-object object MUKHOAPPTST01
network-object object MUKHOEXTADSTST01
object-group network DM_INLINE_NETWORK_29
network-object object GrameenPhone_Flexible_MFS_test_Bed_Nirvoy+_APi
network-object object Mahindra_Comviva_India
object-group network DM_INLINE_NETWORK_31
network-object object Cheltenham_Office_Internal_Network
network-object object Cheltenham_HeadOffice_DMZ_Network
object-group network DM_INLINE_NETWORK_41
network-object 192.168.1.0 255.255.255.0
network-object object Cheltenham_Office_Internal_Network
object-group protocol DM_INLINE_PROTOCOL_1
protocol-object ip
protocol-object icmp
object-group protocol DM_INLINE_PROTOCOL_2
protocol-object ip
protocol-object icmp
object-group network DM_INLINE_NETWORK_42
network-object 192.168.1.0 255.255.255.0
network-object 192.168.2.0 255.255.255.0
object-group network DM_INLINE_NETWORK_60
network-object 192.168.1.0 255.255.255.0
network-object 192.168.2.0 255.255.255.0
object-group service DM_INLINE_SERVICE_15
service-object ip
service-object object Port_22
object-group network DM_INLINE_NETWORK_32
network-object 192.168.1.0 255.255.255.0
network-object 192.168.2.0 255.255.255.0
object-group network DM_INLINE_NETWORK_36
network-object object Cheltenham_Office_Internal_Network
network-object object DMZ_Network
object-group network DM_INLINE_NETWORK_62
network-object object NETWORK_OBJ_192.168.1.0_24
network-object object NETWORK_OBJ_192.168.2.0_24
network-object object DMZ3_network
network-object object DMZ4_network
object-group network DM_INLINE_NETWORK_71
network-object 192.168.1.0 255.255.255.0
network-object object DMZ_Network
network-object object DMZ3_network
network-object object DMZ4_network
object-group service DM_INLINE_SERVICE_17
service-object ip
service-object icmp
service-object object HTTP_8080
service-object tcp destination eq www
service-object tcp destination eq https
service-object object RPCEndpointMapper
service-object udp destination eq ntp
service-object object KerberosPasswordChangeTCP
service-object object KerberosPasswordChangeUDP
service-object object ldap
service-object tcp destination eq ldap
service-object object ldapGC
service-object object ldapSSL
service-object object KerberosTCP
service-object object KerberosUDP
service-object tcp-udp destination eq domain
object-group service DM_INLINE_SERVICE_16
service-object ip
service-object icmp
service-object object ADFS_49443
object-group service DM_INLINE_TCP_2 tcp
port-object eq www
port-object eq https
object-group network DM_INLINE_NETWORK_73
network-object object MUKHODEV03
network-object object MUKHOEXTADSTST01
object-group network DM_INLINE_NETWORK_3
network-object object Cheltenham_HeadOffice_DMZ_Network
network-object object Cheltenham_Office_Internal_Network
object-group service DM_INLINE_SERVICE_18
service-object ip
service-object icmp
service-object object HTTP_8080
service-object tcp destination eq www
service-object tcp destination eq https
object-group service DM_INLINE_SERVICE_19
service-object ip
service-object icmp
service-object object ADFS_49443
service-object object HTTP_8080
service-object object KerberosPasswordChangeTCP
service-object object KerberosPasswordChangeUDP
service-object object KerberosTCP
service-object object KerberosUDP
service-object object RPCEndpointMapper
service-object object ldap
service-object object ldapGC
service-object object ldapGCSSL
service-object tcp-udp destination eq domain
service-object tcp destination eq www
service-object tcp destination eq https
service-object tcp destination eq ldap
object-group network DM_INLINE_NETWORK_77
network-object object MUKCEPSQLTST02
network-object object MUKHOSQLTST03
network-object object MUKHOPREDWH01
object-group service DM_INLINE_SERVICE_20
service-object ip
service-object tcp destination eq www
service-object tcp destination eq https
object-group network DM_INLINE_NETWORK_78
network-object object MUKCEPADSTST01
network-object object MUKHOADSTST01
object-group service DM_INLINE_SERVICE_21
service-object ip
service-object tcp destination eq www
service-object object Port_1434
service-object object Port_1433
object-group network DM_INLINE_NETWORK_79
network-object object Cheltenham_HeadOffice_DMZ_Network
network-object object Cheltenham_Office_Internal_Network
object-group service DM_INLINE_SERVICE_22
service-object ip
service-object icmp
service-object object HTTP_8080
service-object tcp destination eq www
service-object tcp destination eq https
object-group network DM_INLINE_NETWORK_80
network-object object MUKCEPAPPTST05
network-object object MUKPREAPPEXT01
object-group network DM_INLINE_NETWORK_45
network-object object MUKHOPREJIRA01
network-object object MUKPREEXTADS01
object-group protocol DM_INLINE_PROTOCOL_3
protocol-object ip
protocol-object icmp
object-group protocol DM_INLINE_PROTOCOL_4
protocol-object ip
protocol-object icmp
object-group network DM_INLINE_NETWORK_6
network-object object MUKCEPAPPTST31
network-object object MUKCEPAPPTST51
object-group network DM_INLINE_NETWORK_14
network-object object MUKCEPAPPTST31
network-object object MUKCEPAPPTST51
object-group network DM_INLINE_NETWORK_15
network-object object MUKCEPAPPTST31
network-object object MUKCEPAPPTST51
object-group network DM_INLINE_NETWORK_16
network-object object MUKCEPAPPTST31
network-object object MUKCEPAPPTST51
object-group network DM_INLINE_NETWORK_19
network-object object UFONE_TEST_IP
network-object object UFONE_VAS_IP
network-object object UFONE_SMSC_IP
network-object object UFONE_VAS_IP_2
network-object object UFONE_VAS_IP_3
network-object object UFONE_VAS_IP_4
network-object object UFONE_VAS_IP_5
object-group network DM_INLINE_NETWORK_20
network-object object UFONE_TEST_IP
network-object object UFONE_VAS_IP
network-object object UFONE_SMSC_IP
network-object object UFONE_VAS_IP_2
network-object object UFONE_VAS_IP_3
network-object object UFONE_VAS_IP_4
network-object object UFONE_VAS_IP_5
object-group network DM_INLINE_NETWORK_21
network-object object UFONE_SMSC_IP
network-object object UFONE_TEST_IP
network-object object UFONE_VAS_IP
network-object object UFONE_VAS_IP_2
network-object object UFONE_VAS_IP_3
network-object object UFONE_VAS_IP_4
network-object object UFONE_VAS_IP_5
object-group network DM_INLINE_NETWORK_17
network-object object UFONE_SMSC_IP
network-object object UFONE_TEST_IP
network-object object UFONE_VAS_IP
network-object object UFONE_VAS_IP_2
network-object object UFONE_VAS_IP_3
network-object object UFONE_VAS_IP_4
network-object object UFONE_VAS_IP_5
object-group network DM_INLINE_NETWORK_4
network-object object Cheltenham_Office_Internal_Network
network-object object MUKHODEVJIRA01
object-group network DM_INLINE_NETWORK_9
network-object object ME_Azure_PreProd_Network
network-object object ME_Azure_Test_Network_Internal
network-object object VM-ME-Test-App1-NAT-IP
object-group network DM_INLINE_NETWORK_5
network-object object ME_Azure_PreProd_Network
network-object object ME_Azure_Test_Network_Internal
object-group network DM_INLINE_NETWORK_13
network-object object ME_Azure_PreProd_Network
network-object object ME_Azure_Test_Network
access-list outside_cryptomap_1 extended permit ip 192.168.1.0 255.255.255.0 object Ghana_Internal_Network
access-list outside_cryptomap extended permit ip 192.168.1.0 255.255.255.0 object Kenya_Internal_Network
access-list outside_cryptomap_4 extended permit ip object Cheltenham_Office_Internal_Network object Manila_Internal_Network
access-list outside_cryptomap_3 extended permit ip object Cheltenham_Office_Internal_Network object Dar_Internal_Network
access-list outside_cryptomap_2 extended permit ip object-group DM_INLINE_NETWORK_60 object Iloilo_Internal_Network
access-list outside_access_in extended permit ip object VM-ME-Test-App1-NAT-IP object Cheltenham_Office_Internal_Network
access-list outside_access_in extended permit ip object-group DM_INLINE_NETWORK_5 object-group DM_INLINE_NETWORK_4
access-list outside_access_in extended permit object-group DM_INLINE_PROTOCOL_3 object-group DM_INLINE_NETWORK_17 object-group DM_INLINE_NETWORK_14
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_15 object-group DM_INLINE_NETWORK_7 object-group Grameenphone_AgentPortal_Servers
access-list outside_access_in extended permit tcp any object MUKCEPWEBTST01 object-group DM_INLINE_TCP_2
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_5 object-group DM_INLINE_NETWORK_18 object-group DM_INLINE_NETWORK_12
access-list outside_access_in extended permit tcp object-group DM_INLINE_NETWORK_10 object MUKHOGPTST01_NAT_IP_Address_For_Grameenphone eq www
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_4 object-group DM_INLINE_NETWORK_26 object-group DM_INLINE_NETWORK_11
access-list outside_access_in remark Allow access to Cheltenham Office Servers from Remote Access VPN - GF 28-11-2014
access-list outside_access_in extended permit ip 192.168.1.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list outside_access_in remark Allow access to Cheltenham Office Servers from Remote Access VPN - GF 09-01-2015
access-list outside_access_in extended permit ip 192.168.2.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list outside_access_in extended permit ip object Iloilo_Internal_Network object Cheltenham_HeadOffice_DMZ_Network
access-list Client-to-Site_splitTunnelAcl standard permit 192.168.1.0 255.255.255.0
access-list DMZ_access_in extended permit ip object MUKHODEVJIRA01 object ME_Azure_Test_Network
access-list DMZ_access_in extended permit object-group DM_INLINE_PROTOCOL_4 object-group DM_INLINE_NETWORK_6 object-group DM_INLINE_NETWORK_21
access-list DMZ_access_in extended permit ip object MUKHODEVJIRA01 object MUKHODC02
access-list DMZ_access_in extended permit object-group DM_INLINE_SERVICE_20 object-group DM_INLINE_NETWORK_77 192.168.1.0 255.255.255.0
access-list DMZ_access_in extended permit ip object-group DM_INLINE_NETWORK_78 object MUKHODC02
access-list DMZ_access_in extended permit ip object MUKCEPAPPTST04 192.168.1.0 255.255.255.0
access-list DMZ_access_in extended permit object-group DM_INLINE_SERVICE_21 192.168.4.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list DMZ_access_in extended deny ip 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list DMZ_access_in extended permit ip 192.168.2.0 255.255.255.0 any
access-list outside_cryptomap_5 extended permit ip 192.168.1.0 255.255.255.0 object Moshi_Internal_Network
access-list outside_cryptomap_6 extended permit ip object Cheltenham_Office_Internal_Network object MEIslamabadBahriaOfficeNetwork
access-list outside_cryptomap_7 extended permit ip object-group NAT_DMZ_&_Inside_Ranges_For_Grameenphone object-group DM_INLINE_NETWORK_2
access-list outside_cryptomap_8 extended permit ip object Cheltenham_Office_Internal_Network object MEIslamabadBahriaOfficeNetwork
access-list outside_cryptomap_11 extended permit ip object MUKHOGPTST01_NAT_IP_Address_For_Grameenphone object Mahindra_Comviva_India
access-list Client-to-Site_2_splitTunnelAcl standard permit 192.168.1.0 255.255.255.0
access-list Client-to-Site-DMZ1_splitTunnelAcl standard permit 192.168.2.0 255.255.255.0
access-list Client-to-Site-DMZ_splitTunnelAcl_1 standard permit 192.168.2.0 255.255.255.0
access-list DMZ-VPN_splitTunnelAcl standard permit 192.168.2.0 255.255.255.0
access-list TESTVPN_splitTunnelAcl standard permit 192.168.1.0 255.255.255.0
access-list DMZ_2_splitTunnelAcl standard permit 192.168.2.0 255.255.255.0
access-list DMZVPN_splitTunnelAcl standard permit 192.168.2.0 255.255.255.0
access-list TESTVPN_splitTunnelAcl_1 standard permit 192.168.1.0 255.255.255.0
access-list TESTVPN_splitTunnelAcl_1 standard permit 192.168.2.0 255.255.255.0
access-list VPNTEST_splitTunnelAcl standard permit 192.168.1.0 255.255.255.0
access-list UKOFFICE_splitTunnelAcl standard permit 192.168.1.0 255.255.255.0
access-list Client-to-Site_splitTunnelAcl_1 standard permit 192.168.1.0 255.255.255.0
access-list DMZ-VPN_splitTunnelAcl_1 standard permit 192.168.2.0 255.255.255.0
access-list outside_cryptomap_22 extended permit ip object-group DM_INLINE_NETWORK_71 object Delhi_Internal_Network
access-list outside_cryptomap_24 extended permit ip object-group DM_INLINE_NETWORK_32 object ME_Azure_India_Internal_Network
access-list outside_cryptomap_25 extended permit ip interface inside object ME_Azure_India_Internal_Network
access-list DefaultRAGroup_splitTunnelAcl standard permit 192.168.1.0 255.255.255.0
access-list DMZ4_access_in extended permit object-group DM_INLINE_SERVICE_17 object MUKHOEXTWEBTST01 object-group DM_INLINE_NETWORK_27
access-list DMZ4_access_in extended permit object-group DM_INLINE_SERVICE_22 object MUKHOEXTWEBTST01 object MUKAPPEXT01
access-list DMZ4_access_in extended permit object Port_8080-8089 object MUKHOEXTWEBTST01 object MUKHODEVJIRA01
access-list DMZ4_access_in extended permit object-group DM_INLINE_SERVICE_18 object MUKPREEXTWEB01 object-group DM_INLINE_NETWORK_80
access-list DMZ4_access_in extended permit object-group DM_INLINE_SERVICE_16 object MUKHOEXTWEBTST01 object-group DM_INLINE_NETWORK_73
access-list DMZ4_access_in extended permit object-group DM_INLINE_SERVICE_19 object MUKPREEXTWEB01 object-group DM_INLINE_NETWORK_45
access-list andysvpn_splitTunnelAcl standard permit 192.168.1.0 255.255.255.0
access-list JasonTest_splitTunnelAcl standard permit 192.168.1.0 255.255.255.0
access-list outside_cryptomap_14 extended permit ip object-group DM_INLINE_NETWORK_79 object MEIslamabadOfficeNetwork
access-list outside_cryptomap_12 extended permit ip object-group DM_INLINE_NETWORK_16 object-group DM_INLINE_NETWORK_19 inactive
access-list DefaultRAGroup_splitTunnelAcl_1 standard permit 192.168.1.0 255.255.255.0
access-list outside_cryptomap_13 extended permit ip object-group DM_INLINE_NETWORK_3 object-group DM_INLINE_NETWORK_9
pager lines 24
logging enable
logging buffer-size 10000
logging buffered debugging
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu DMZ 1500
mtu DMZ2_Visitor_Network 1500
mtu DMZ3 1500
mtu DMZ4 1500
mtu management 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-732.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (outside,inside) source static VM-ME-Test-App1-NAT-IP VM-ME-Test-App1-NAT-IP destination static Cheltenham_Office_Internal_Network Cheltenham_Office_Internal_Network
nat (outside,inside) source static DM_INLINE_NETWORK_13 DM_INLINE_NETWORK_13 destination static Cheltenham_Office_Internal_Network Cheltenham_Office_Internal_Network
nat (outside,DMZ) source static ME_Azure_Test_Network ME_Azure_Test_Network destination static MUKHODEVJIRA01 MUKHODEVJIRA01
nat (DMZ,outside) source static DM_INLINE_NETWORK_15 DM_INLINE_NETWORK_15 destination static DM_INLINE_NETWORK_20 DM_INLINE_NETWORK_20
nat (inside,outside) source static Cheltenham_Office_Internal_Network Cheltenham_Office_Internal_Network destination static Manila_Internal_Network Manila_Internal_Network
nat (outside,inside) source static Cheltenham_Office_Internal_Network Cheltenham_Office_Internal_Network destination static Cheltenham_Office_Internal_Network Cheltenham_Office_Internal_Network
nat (inside,outside) source static Cheltenham_Office_Internal_Network Cheltenham_Office_Internal_Network destination static MEIslamabadOfficeNetwork MEIslamabadOfficeNetwork
nat (DMZ,outside) source static Cheltenham_HeadOffice_DMZ_Network Cheltenham_HeadOffice_DMZ_Network destination static MEIslamabadOfficeNetwork MEIslamabadOfficeNetwork
nat (DMZ,outside) source static MUKHOGPTST01_Internal_IP_Address MUKHOGPTST01_NAT_IP_Address_For_Grameenphone destination static DM_INLINE_NETWORK_29 DM_INLINE_NETWORK_29
nat (DMZ,outside) source static MUKHOGPTST01_Internal_IP_Address MUKHOGPTST01_Internal_IP_Address destination static DM_INLINE_NETWORK_8 DM_INLINE_NETWORK_8
nat (inside,outside) source static Cheltenham_Office_Internal_Network NAT_Inside_IP_Range_to_Single_IP_For_Grameenphone destination static Grameenphone_AgentPortal_Servers Grameenphone_AgentPortal_Servers
nat (inside,outside) source static Cheltenham_Office_Internal_Network Cheltenham_Office_Internal_Network destination static Dar_Internal_Network Dar_Internal_Network no-proxy-arp route-lookup
nat (inside,outside) source static Cheltenham_Office_Internal_Network Cheltenham_Office_Internal_Network destination static Ghana_Internal_Network Ghana_Internal_Network no-proxy-arp route-lookup
nat (inside,outside) source static Cheltenham_Office_Internal_Network Cheltenham_Office_Internal_Network destination static Iloilo_Internal_Network Iloilo_Internal_Network no-proxy-arp route-lookup
nat (inside,outside) source static Cheltenham_Office_Internal_Network Cheltenham_Office_Internal_Network destination static Kenya_Internal_Network Kenya_Internal_Network no-proxy-arp route-lookup
nat (inside,outside) source static Cheltenham_Office_Internal_Network Cheltenham_Office_Internal_Network destination static Moshi_Internal_Network Moshi_Internal_Network no-proxy-arp route-lookup
nat (any,any) source static DM_INLINE_NETWORK_62 DM_INLINE_NETWORK_62 destination static Delhi_Internal_Network Delhi_Internal_Network no-proxy-arp
nat (any,any) source static DM_INLINE_NETWORK_36 DM_INLINE_NETWORK_36 destination static ME_Azure_India_Internal_Network ME_Azure_India_Internal_Network
nat (inside,outside) source dynamic Cheltenham_Office_Internal_Network interface
nat (DMZ,outside) source dynamic DMZ_Network interface
nat (DMZ3,outside) source dynamic DMZ3_network interface
nat (DMZ4,outside) source dynamic DMZ4_network interface
nat (inside,outside) source static any any destination static NETWORK_OBJ_192.168.1.224_27 NETWORK_OBJ_192.168.1.224_27 no-proxy-arp route-lookup
nat (inside,outside) source static NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_192.168.1.0_24 destination static NETWORK_OBJ_192.168.1.224_27 NETWORK_OBJ_192.168.1.224_27 no-proxy-arp route-lookup
nat (DMZ,outside) source static NETWORK_OBJ_192.168.2.0_24 NETWORK_OBJ_192.168.2.0_24 destination static NETWORK_OBJ_192.168.1.224_27 NETWORK_OBJ_192.168.1.224_27 no-proxy-arp route-lookup
nat (DMZ,outside) source static any any destination static NETWORK_OBJ_192.168.2.224_27 NETWORK_OBJ_192.168.2.224_27 no-proxy-arp route-lookup
nat (DMZ,outside) source static NETWORK_OBJ_192.168.2.0_24 NETWORK_OBJ_192.168.2.0_24 destination static NETWORK_OBJ_192.168.2.224_27 NETWORK_OBJ_192.168.2.224_27 no-proxy-arp route-lookup
nat (inside,outside) source static DM_INLINE_NETWORK_41 DM_INLINE_NETWORK_41 destination static NETWORK_OBJ_192.168.1.224_27 NETWORK_OBJ_192.168.1.224_27 no-proxy-arp route-lookup
nat (DMZ,DMZ) source static NETWORK_OBJ_192.168.2.0_24 NETWORK_OBJ_192.168.2.0_24 destination static NETWORK_OBJ_192.168.2.224_27 NETWORK_OBJ_192.168.2.224_27 no-proxy-arp route-lookup
nat (inside,outside) source static NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_192.168.1.0_24 destination static NETWORK_OBJ_192.168.9.128_28 NETWORK_OBJ_192.168.9.128_28 no-proxy-arp route-lookup
nat (inside,outside) source static DM_INLINE_NETWORK_42 DM_INLINE_NETWORK_42 destination static NETWORK_OBJ_192.168.9.128_28 NETWORK_OBJ_192.168.9.128_28 no-proxy-arp route-lookup
nat (DMZ,outside) source static Cheltenham_HeadOffice_DMZ_Network Cheltenham_HeadOffice_DMZ_Network destination static Iloilo_Internal_Network Iloilo_Internal_Network
nat (inside,outside) source static NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_192.168.1.0_24 destination static NETWORK_OBJ_192.168.9.0_25 NETWORK_OBJ_192.168.9.0_25 no-proxy-arp route-lookup
nat (DMZ,outside) source static NETWORK_OBJ_192.168.2.0_24 NETWORK_OBJ_192.168.2.0_24 destination static NETWORK_OBJ_192.168.10.0_25 NETWORK_OBJ_192.168.10.0_25 no-proxy-arp route-lookup
nat (inside,outside) source static Cheltenham_Office_Internal_Network Cheltenham_Office_Internal_Network destination static MEIslamabadBahriaOfficeNetwork MEIslamabadBahriaOfficeNetwork
nat (inside,outside) source static Cheltenham_Office_Internal_Network Cheltenham_Office_Internal_Network destination static NETWORK_OBJ_192.168.198.0_24 NETWORK_OBJ_192.168.198.0_24 no-proxy-arp route-lookup
access-group outside_access_in in interface outside
access-group DMZ_access_in in interface DMZ
access-group DMZ4_access_in in interface DMZ4
route outside 0.0.0.0 0.0.0.0 217.46.225.182 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
http server enable
http 192.168.3.0 255.255.255.0 management
http 0.0.0.0 0.0.0.0 outside
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
sysopt noproxyarp outside
sysopt noproxyarp inside
sysopt noproxyarp DMZ
sysopt noproxyarp DMZ2_Visitor_Network
sysopt noproxyarp management
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set azure-ipsec-proposal-set esp-aes-256 esp-sha-hmac
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec security-association lifetime seconds 3600
crypto ipsec security-association lifetime kilobytes 102400000
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-192-SHA ESP-AES-256-SHA ESP-3DES-SHA ESP-DES-SHA ESP-AES-128-SHA-TRANS ESP-AES-192-SHA-TRANS ESP-AES-256-SHA-TRANS ESP-3DES-SHA-TRANS ESP-DES-SHA-TRANS
crypto map outside_map0 1 match address outside_cryptomap
crypto map outside_map0 1 set peer 197.254.104.126
crypto map outside_map0 1 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map0 2 match address outside_cryptomap_1
crypto map outside_map0 2 set pfs group1
crypto map outside_map0 2 set peer 41.73.158.134
crypto map outside_map0 2 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map0 3 match address outside_cryptomap_2
crypto map outside_map0 3 set pfs group1
crypto map outside_map0 3 set peer 210.213.145.114
crypto map outside_map0 3 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map0 4 match address outside_cryptomap_3
crypto map outside_map0 4 set pfs group1
crypto map outside_map0 4 set peer 196.249.64.214
crypto map outside_map0 4 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map0 5 match address outside_cryptomap_4
crypto map outside_map0 5 set peer 103.107.159.114
crypto map outside_map0 5 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map0 6 match address outside_cryptomap_5
crypto map outside_map0 6 set pfs group1
crypto map outside_map0 6 set peer 41.222.60.185
crypto map outside_map0 6 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map0 7 match address outside_cryptomap_6
crypto map outside_map0 7 set peer 203.99.57.110
crypto map outside_map0 7 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map0 8 match address outside_cryptomap_8
crypto map outside_map0 8 set peer 203.99.57.110
crypto map outside_map0 8 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map0 8 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map outside_map0 9 match address outside_cryptomap_7
crypto map outside_map0 9 set peer 119.30.37.30
crypto map outside_map0 9 set ikev1 transform-set ESP-3DES-SHA
crypto map outside_map0 11 match address outside_cryptomap_12
crypto map outside_map0 11 set peer 202.125.152.237
crypto map outside_map0 11 set ikev1 transform-set ESP-3DES-SHA
crypto map outside_map0 11 set nat-t-disable
crypto map outside_map0 12 match address outside_cryptomap_11
crypto map outside_map0 12 set peer 202.56.229.158
crypto map outside_map0 12 set ikev1 transform-set ESP-3DES-MD5
crypto map outside_map0 13 match address outside_cryptomap_13
crypto map outside_map0 13 set peer 51.140.228.169
crypto map outside_map0 13 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map0 15 match address outside_cryptomap_22
crypto map outside_map0 15 set peer 180.151.84.210
crypto map outside_map0 15 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map0 25 match address outside_cryptomap_24
crypto map outside_map0 25 set peer 52.172.184.232
crypto map outside_map0 25 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map0 26 match address outside_cryptomap_25
crypto map outside_map0 26 set peer 52.172.184.232
crypto map outside_map0 26 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map0 26 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map outside_map0 28 match address outside_cryptomap_14
crypto map outside_map0 28 set peer 124.109.43.62
crypto map outside_map0 28 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map0 28 set ikev2 ipsec-proposal DES 3DES AES AES192 AES256
crypto map outside_map0 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map0 interface outside
crypto map DMZ_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map DMZ_map interface DMZ
crypto ca trustpoint ASDM_Launcher_Access_TrustPoint_0
enrollment self
subject-name CN=192.168.1.1,CN=CheltenhamASA
crl configure
crypto ca trustpoint ASDM_TrustPoint0
enrollment self
subject-name CN=CheltenhamASA01
keypair digicert.key
crl configure
crypto ca trustpoint ASDM_Launcher_Access_TrustPoint_1
enrollment self
subject-name CN=192.168.1.1,CN=CheltenhamASA
crl configure
crypto ca trustpoint ASDM_TrustPoint1
enrollment terminal
crl configure
crypto ca trustpoint ASDM_Launcher_Access_TrustPoint_2
enrollment self
subject-name CN=192.168.1.1,CN=CheltenhamASA
crl configure
crypto ca trustpool policy
crypto ca certificate chain ASDM_Launcher_Access_TrustPoint_0
certificate f0ff9f59
3082020f 30820178 a0030201 020204f0 ff9f5930 0d06092a 864886f7 0d010105
0500304c 31163014 06035504 03130d43 68656c74 656e6861 6d415341 31143012
06035504 03130b31 39322e31 36382e31 2e31311c 301a0609 2a864886 f70d0109
02160d43 68656c74 656e6861 6d415341 301e170d 31373039 30363039 31333039
5a170d32 37303930 34303931 3330395a 304c3116 30140603 55040313 0d436865
6c74656e 68616d41 53413114 30120603 55040313 0b313932 2e313638 2e312e31
311c301a 06092a86 4886f70d 01090216 0d436865 6c74656e 68616d41 53413081
9f300d06 092a8648 86f70d01 01010500 03818d00 30818902 818100d4 db5f0fee
d349c540 810f3d49 18ad1653 45c0515d 750667ac 20d4f01f d94f09a8 5d8c9f57
370b63ea 9c02080e fd3c7e6e 6fd70f3b b7b73036 71b25d8d 474d60c8 516e87db
7eaa79c6 fb5ac55f 1f1c49a2 e44fc15c 29aa7de6 661ba2a6 27005e97 d2b707ce
13538ff6 a342422f b7f4766d 42aa4b81 7caa1c5d dd1776d7 1cc27502 03010001
300d0609 2a864886 f70d0101 05050003 81810063 889299e0 338658af 9b6881b8
faadb541 479f9679 08ebc21c 63f2b93a 9c2ac4a5 66d8d5cc f028bd8b 620d64df
e6eb29bb de1bcf23 c347fb29 06f4d377 5f28d240 c6abedff b4db1841 b7c91d58
878d35e5 b426d8b7 6abac562 ce1ead6c b36fe2f9 967dabc4 622789c2 364b497a
2396a1c4 a24041b6 d063873d 1fd1abe3 909c67
quit
crypto ca certificate chain ASDM_TrustPoint0
certificate 30437c5a
308202ec 308201d4 a0030201 02020430 437c5a30 0d06092a 864886f7 0d010105
05003038 31183016 06035504 03130f43 68656c74 656e6861 6d415341 3031311c
301a0609 2a864886 f70d0109 02160d43 68656c74 656e6861 6d415341 301e170d
31383033 30393134 33373337 5a170d32 38303330 36313433 3733375a 30383118
30160603 55040313 0f436865 6c74656e 68616d41 53413031 311c301a 06092a86
4886f70d 01090216 0d436865 6c74656e 68616d41 53413082 0122300d 06092a86
4886f70d 01010105 00038201 0f003082 010a0282 01010095 30a57224 7b6b258d
a934b0b3 9afa1730 c02e0848 296cbc30 f4fa1c65 e45d1bf6 4f38968c 9c7221d2
7f1116e0 ca98d34b 5db8d796 4c7d67a5 eae58af5 f7103371 5b03fba2 7482e3c6
0820e470 5937940c b892fbff 218df08a 60b725aa f3314c35 865f5ed3 d075ea38
48a7a201 6e9258cf 1333913a f41f69c4 6e35a245 e76adca7 48d2f689 0a594d2b
3b248126 37628a99 9e8fe3bb f6868ae1 f7014d89 f0b5cf4e 62594916 b641a5a0
2a5870c2 452cbc6c 1e1c8ff9 1df62a40 bd38f25c 36149912 6501a1c8 9cdd0132
0440b178 97c26711 0ef26e18 4dd89132 7f0f8d93 70a5357c 01058da8 410adaea
9131227c 350b7f84 547e7b04 f59c2a03 747a35ac bb791502 03010001 300d0609
2a864886 f70d0101 05050003 82010100 6eeceae6 f6ae6cfd 5f28d6c0 ed118bbf
0ad54be5 01d1de4c c9e4d8cb 8007454b 17be808b 799df0be f9c6dece 778425e8
07cb328d da667277 367ce600 f6d19398 3383419b 5c4fced1 d0413711 cc2d5a77
7185a14f 36e1e842 86620342 aaff01f1 2642217a ed7f5aec dfccc16d 89362fe0
28e0f92b 3fb59cc3 88bee860 21807b56 5863d24e bdbdd206 1c138545 40c675bf
100741ca 1308d53e d7b92073 8c3e7e86 61e9a29f 3ff4eb73 3fe49b30 66ac4b8f
4f2a1eac 4172ef14 b2a5e782 50a22804 035a1c5a e30a1fc6 0a8fd9aa 830bc249
5cbafe91 db36e4ba c2ab26f1 4ff15f7e 9172da51 a70c7351 d01ad120 ae3d3722
5a19bcca c3a2c58b 5868324e ac345b7c
quit
crypto ca certificate chain ASDM_Launcher_Access_TrustPoint_1
certificate 31437c5a
3082020f 30820178 a0030201 02020431 437c5a30 0d06092a 864886f7 0d010105
0500304c 31163014 06035504 03130d43 68656c74 656e6861 6d415341 31143012
06035504 03130b31 39322e31 36382e31 2e31311c 301a0609 2a864886 f70d0109
02160d43 68656c74 656e6861 6d415341 301e170d 31383033 30393134 33393530
5a170d32 38303330 36313433 3935305a 304c3116 30140603 55040313 0d436865
6c74656e 68616d41 53413114 30120603 55040313 0b313932 2e313638 2e312e31
311c301a 06092a86 4886f70d 01090216 0d436865 6c74656e 68616d41 53413081
9f300d06 092a8648 86f70d01 01010500 03818d00 30818902 818100d4 db5f0fee
d349c540 810f3d49 18ad1653 45c0515d 750667ac 20d4f01f d94f09a8 5d8c9f57
370b63ea 9c02080e fd3c7e6e 6fd70f3b b7b73036 71b25d8d 474d60c8 516e87db
7eaa79c6 fb5ac55f 1f1c49a2 e44fc15c 29aa7de6 661ba2a6 27005e97 d2b707ce
13538ff6 a342422f b7f4766d 42aa4b81 7caa1c5d dd1776d7 1cc27502 03010001
300d0609 2a864886 f70d0101 05050003 81810065 841893b6 9552afd5 b2788027
0375274e d80e7749 f14eb0f7 789e86fa 346b8176 7acfd679 f67e8ec6 d06892f5
f468f414 8ab1647f 15900f8c f76ade3c f61167fe c441a242 fade2cc1 82b8c160
a36eec02 ad5fe244 902554e8 8919b6a8 d7265441 d48fe1cb 0da57ac1 fa19bc18
166f1ef9 efd7e5a3 375f3d4a 6aa5bd50 dee963
quit
crypto ca certificate chain ASDM_Launcher_Access_TrustPoint_2
certificate 2d02ba5b
3082020f 30820178 a0030201 0202042d 02ba5b30 0d06092a 864886f7 0d010105
0500304c 31163014 06035504 03130d43 68656c74 656e6861 6d415341 31143012
06035504 03130b31 39322e31 36382e31 2e31311c 301a0609 2a864886 f70d0109
02160d43 68656c74 656e6861 6d415341 301e170d 31383130 31313133 32353531
5a170d32 38313030 38313332 3535315a 304c3116 30140603 55040313 0d436865
6c74656e 68616d41 53413114 30120603 55040313 0b313932 2e313638 2e312e31
311c301a 06092a86 4886f70d 01090216 0d436865 6c74656e 68616d41 53413081
9f300d06 092a8648 86f70d01 01010500 03818d00 30818902 818100d4 db5f0fee
d349c540 810f3d49 18ad1653 45c0515d 750667ac 20d4f01f d94f09a8 5d8c9f57
370b63ea 9c02080e fd3c7e6e 6fd70f3b b7b73036 71b25d8d 474d60c8 516e87db
7eaa79c6 fb5ac55f 1f1c49a2 e44fc15c 29aa7de6 661ba2a6 27005e97 d2b707ce
13538ff6 a342422f b7f4766d 42aa4b81 7caa1c5d dd1776d7 1cc27502 03010001
300d0609 2a864886 f70d0101 05050003 81810005 9682584c c24acdd3 76c2be77
05b2090e 15ab3362 c13cc7c4 63030823 c78435a4 087dfedc 094b184c f0ae2f41
ccd3b7b3 2a46fb7c 476324b0 3299235c fd402527 98b67fc1 b7ba428b 5796098f
30eb858e 915779b7 fcbb5713 7c9cca42 9cc5ab2d 1b5327ac b4935996 ed8dcd6a
16641e58 25595048 6c07c856 378f8645 c8cd18
quit
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable outside
crypto ikev1 enable outside
crypto ikev1 enable inside
crypto ikev1 enable DMZ
crypto ikev1 policy 5
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 28800
crypto ikev1 policy 10
authentication crack
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 20
authentication rsa-sig
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 30
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 40
authentication crack
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 50
authentication rsa-sig
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 60
authentication pre-share
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 70
authentication crack
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 80
authentication rsa-sig
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 90
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 100
authentication crack
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 110
authentication rsa-sig
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 120
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 130
authentication crack
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 140
authentication rsa-sig
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 150
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 160
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 28800
telnet timeout 5
ssh stricthostkeycheck
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
vpdn group BTINFINITY request dialout pppoe
vpdn group BTINFINITY localname D155207@hg29.btclick.com
vpdn group BTINFINITY ppp authentication chap
vpdn username D155207@hg29.btclick.com password *****
no vpn-addr-assign aaa
vpn-sessiondb max-anyconnect-premium-or-essentials-limit 2
dhcpd address 172.23.91.100-172.23.91.150 DMZ2_Visitor_Network
!
dhcpd address 192.168.4.100-192.168.4.150 DMZ3
!
dhcpd address 192.168.5.2-192.168.5.10 DMZ4
!
dhcpd address 192.168.3.2-192.168.3.254 management
dhcpd enable management
!
threat-detection basic-threat
threat-detection statistics host
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl trust-point ASDM_Launcher_Access_TrustPoint_2 inside
ssl trust-point ASDM_Launcher_Access_TrustPoint_2 inside vpnlb-ip
webvpn
enable outside
enable inside
error-recovery disable
group-policy DefaultRAGroup internal
group-policy DefaultRAGroup attributes
dns-server value 192.168.1.12
vpn-tunnel-protocol l2tp-ipsec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value DefaultRAGroup_splitTunnelAcl
default-domain value cheltenham1.local
group-policy DefaultRAGroup_1 internal
group-policy DefaultRAGroup_1 attributes
wins-server none
dns-server none
vpn-tunnel-protocol l2tp-ipsec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value DefaultRAGroup_splitTunnelAcl_1
default-domain none
group-policy DfltGrpPolicy attributes
vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-client
group-policy GroupPolicy_51.140.228.169 internal
group-policy GroupPolicy_51.140.228.169 attributes
vpn-tunnel-protocol ikev1
group-policy GroupPolicy_202.56.229.158 internal
group-policy GroupPolicy_202.56.229.158 attributes
vpn-tunnel-protocol ikev1
group-policy GroupPolicy_202.125.152.237 internal
group-policy GroupPolicy_202.125.152.237 attributes
vpn-tunnel-protocol ikev1
group-policy GroupPolicy_197.254.104.126 internal
group-policy GroupPolicy_197.254.104.126 attributes
vpn-tunnel-protocol ikev1
group-policy GroupPolicy_196.249.64.214 internal
group-policy GroupPolicy_196.249.64.214 attributes
vpn-tunnel-protocol ikev1
group-policy GroupPolicy_103.107.159.114 internal
group-policy GroupPolicy_103.107.159.114 attributes
vpn-tunnel-protocol ikev1
group-policy GroupPolicy_41.188.183.102 internal
group-policy GroupPolicy_41.188.183.102 attributes
vpn-tunnel-protocol ikev1
group-policy GroupPolicy_52.172.184.232 internal
group-policy GroupPolicy_52.172.184.232 attributes
vpn-tunnel-protocol ikev1
group-policy GroupPolicy_124.109.43.62 internal
group-policy GroupPolicy_124.109.43.62 attributes
vpn-tunnel-protocol ikev1 ikev2
group-policy GroupPolicy2 internal
group-policy GroupPolicy2 attributes
vpn-tunnel-protocol ikev1
group-policy GroupPolicy1 internal
group-policy GroupPolicy1 attributes
vpn-tunnel-protocol ikev1
group-policy GroupPolicy_119.30.37.30 internal
group-policy GroupPolicy_119.30.37.30 attributes
vpn-tunnel-protocol ikev1
group-policy GroupPolicy_180.151.84.210 internal
group-policy GroupPolicy_180.151.84.210 attributes
vpn-tunnel-protocol ikev1
group-policy GroupPolicy_203.99.57.110 internal
group-policy GroupPolicy_203.99.57.110 attributes
vpn-tunnel-protocol ikev1
group-policy DMZ-VPN internal
group-policy DMZ-VPN attributes
wins-server none
dns-server none
vpn-tunnel-protocol ikev1
split-tunnel-policy tunnelspecified
split-tunnel-network-list value DMZ-VPN_splitTunnelAcl_1
default-domain none
group-policy DMZ internal
group-policy DMZ attributes
vpn-tunnel-protocol ikev1
split-tunnel-policy tunnelspecified
group-policy Client-to-Site-JH internal
group-policy Client-to-Site-JH attributes
dns-server value 192.168.1.12
vpn-tunnel-protocol ikev1
group-policy andysvpn internal
group-policy andysvpn attributes
dns-server value 192.168.1.12
vpn-tunnel-protocol ikev1
split-tunnel-policy tunnelspecified
split-tunnel-network-list value andysvpn_splitTunnelAcl
group-policy Client-to-Site internal
group-policy Client-to-Site attributes
dns-server value 192.168.1.12
vpn-tunnel-protocol ikev1
split-tunnel-policy tunnelspecified
split-tunnel-network-list value Client-to-Site_splitTunnelAcl_1
dynamic-access-policy-record DfltAccessPolicy
username ssrinivas password Zl..4xOwMzGiQHBS encrypted
username ssrinivas attributes
service-type remote-access
username scartwright password A21RLKLGu7epkeoj encrypted
username scartwright attributes
service-type remote-access
username ssharma password aOhEiWMsbYB/3qRA encrypted
username ssharma attributes
service-type remote-access
username bscholefield password 9McJKkBdwTYcObD2 encrypted
username bscholefield attributes
service-type remote-access
username sbutler password T0B5MnsSzR9EMTB7 encrypted
username sbutler attributes
service-type remote-access
username tenigbonjaiye password tlOHw0b0inny1VQy encrypted
username tenigbonjaiye attributes
service-type remote-access
username terry password phh3sG.9dp2xDiX. encrypted
username terry attributes
service-type remote-access
username jhumphries password FxVpCBDwuIUspwFa encrypted privilege 15
username spotter password 8VT8fDv5x68SbT3g encrypted
username spotter attributes
service-type remote-access
username dpatra password O1sSPL0YCbq5JGNq encrypted privilege 15
username gconcepcion password eCDG6kWlUgXgGxd/ encrypted privilege 15
username admin password f0A8d9z8qJ2fI9rD encrypted privilege 15
username mkhan password aePPGJNdCQBdg.H6 encrypted
username mkhan attributes
service-type remote-access
username aweekes password hu0gXXuHU7eGxKgg encrypted
username aweekes attributes
service-type remote-access
username sjones password /sF/iztVLs4x3iGn encrypted privilege 15
username mtetteh password oeL1VDxI1a902AZy encrypted privilege 15
username akeating password groEplV5KrvtkF6o encrypted
username akeating attributes
service-type remote-access
username coralynco password b1LV6wA9nddcB6/4 encrypted
username coralynco attributes
service-type remote-access
username smclean password UT4yh.qU8XwrWKX/ encrypted
username smclean attributes
service-type remote-access
username anahar password IwFQ0ETPE5D6dDUF encrypted
username anahar attributes
service-type remote-access
tunnel-group DefaultRAGroup general-attributes
address-pool Win10-Pool
default-group-policy DefaultRAGroup_1
tunnel-group DefaultRAGroup ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group DefaultRAGroup ppp-attributes
no authentication chap
no authentication ms-chap-v1
authentication ms-chap-v2
tunnel-group 103.107.159.114 type ipsec-l2l
tunnel-group 103.107.159.114 general-attributes
default-group-policy GroupPolicy_103.107.159.114
tunnel-group 103.107.159.114 ipsec-attributes
ikev1 pre-shared-key *****
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
tunnel-group 41.73.158.134 type ipsec-l2l
tunnel-group 41.73.158.134 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 210.213.145.114 type ipsec-l2l
tunnel-group 210.213.145.114 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 203.99.57.110 type ipsec-l2l
tunnel-group 203.99.57.110 general-attributes
default-group-policy GroupPolicy_203.99.57.110
tunnel-group 203.99.57.110 ipsec-attributes
ikev1 pre-shared-key *****
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
tunnel-group 217.146.95.107 type ipsec-l2l
tunnel-group 217.146.95.107 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group Client-to-Site type remote-access
tunnel-group Client-to-Site general-attributes
address-pool Client-to-Site
default-group-policy Client-to-Site
tunnel-group Client-to-Site ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 41.222.60.185 type ipsec-l2l
tunnel-group 41.222.60.185 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 119.30.37.30 type ipsec-l2l
tunnel-group 119.30.37.30 general-attributes
default-group-policy GroupPolicy_119.30.37.30
tunnel-group 119.30.37.30 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 41.188.183.102 type ipsec-l2l
tunnel-group 41.188.183.102 general-attributes
default-group-policy GroupPolicy_41.188.183.102
tunnel-group 41.188.183.102 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 202.56.229.158 type ipsec-l2l
tunnel-group 202.56.229.158 general-attributes
default-group-policy GroupPolicy_202.56.229.158
tunnel-group 202.56.229.158 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 197.254.104.126 type ipsec-l2l
tunnel-group 197.254.104.126 general-attributes
default-group-policy GroupPolicy_197.254.104.126
tunnel-group 197.254.104.126 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group DMZ-VPN type remote-access
tunnel-group DMZ-VPN general-attributes
address-pool DMZ-VPN
default-group-policy DMZ-VPN
tunnel-group DMZ-VPN ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 52.172.184.232 type ipsec-l2l
tunnel-group 52.172.184.232 general-attributes
default-group-policy GroupPolicy_52.172.184.232
tunnel-group 52.172.184.232 ipsec-attributes
ikev1 pre-shared-key *****
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
tunnel-group andysvpn type remote-access
tunnel-group andysvpn general-attributes
address-pool Client-to-Site
default-group-policy andysvpn
tunnel-group andysvpn ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 180.151.84.210 type ipsec-l2l
tunnel-group 180.151.84.210 general-attributes
default-group-policy GroupPolicy_180.151.84.210
tunnel-group 180.151.84.210 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 124.109.43.62 type ipsec-l2l
tunnel-group 124.109.43.62 general-attributes
default-group-policy GroupPolicy_124.109.43.62
tunnel-group 124.109.43.62 ipsec-attributes
ikev1 pre-shared-key *****
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
tunnel-group 196.249.64.214 type ipsec-l2l
tunnel-group 196.249.64.214 general-attributes
default-group-policy GroupPolicy2
tunnel-group 196.249.64.214 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 51.141.122.15 type ipsec-l2l
tunnel-group 202.125.152.237 type ipsec-l2l
tunnel-group 202.125.152.237 general-attributes
default-group-policy GroupPolicy_202.125.152.237
tunnel-group 202.125.152.237 ipsec-attributes
ikev1 pre-shared-key *****
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
tunnel-group 51.140.228.169 type ipsec-l2l
tunnel-group 51.140.228.169 general-attributes
default-group-policy GroupPolicy_51.140.228.169
tunnel-group 51.140.228.169 ipsec-attributes
ikev1 pre-shared-key *****
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
inspect pptp
!
service-policy global_policy global
prompt hostname context
!
jumbo-frame reservation
!
no call-home reporting anonymous
hpm topN enable
Cryptochecksum:566fca5f30077fb686b7ed2f39b5c9d9
: end

Highlighted
VIP Advisor

Re: NAT Translation question

I believe your crypto acl for this specific case is :
access-list outside_cryptomap_13 extended permit ip object-group DM_INLINE_NETWORK_3 object-group DM_INLINE_NETWORK_9

 

Anyways, the config should looks like: (make sure 10.10.1.1 is allowed in your crypto acl)

When host 192.168.1.1 tries to communicate with 10.10.1.1 it will be forwarded to 172.16.1.1. However all other hosts within the source subnet 192.168.1.0/24 will communicate with other end using their real IP 172.16.1.0/24. Is it what you wanted?

 

object network IP_REAL
host 192.168.1.1
object network IP_REMOTE_REAL
host 172.16.1.1
object network IP_REMOTE_NAT
host 10.10.1.1
object network IP_REAL_SUBNET
subnet 192.168.1.0 255.255.255.0
object network IP_REMOTE_REAL_SUBNET
subnet 172.16.1.0 255.255.255.0
!
nat (inside,outside) 1 source static IP_REAL IP_REAL destination static IP_REMOTE_NAT IP_REMOTE_REAL no-proxy-arp route-lookup
nat (inside,outside) 2 source static IP_REAL_SUBNET IP_REAL_SUBNET destination static IP_REMOTE_REAL_SUBNET IP_REMOTE_REAL_SUBNET no-proxy-arp route-lookup
!

 

On the other end you will need to adapt it by inverting the source and destination like:

nat (inside,outside) 1 source static IP_REMOTE_REAL IP_REMOTE_NAT destination static IP_REAL IP_REAL no-proxy-arp route-lookup

 

* Adapt the nat order number on where you want to insert these nats. You have a lot and don't know what they're used for. Just make sure the 1st nat in my example is above the 2nd to make it work otherwise it won't work

PS: Please be careful with your nat (any,any), try to specify the real source and destination name.


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
Beginner

Re: NAT Translation question

Thanks Francesco,

 

I have picked this firewall infrastructure up from previous employees of the company so there are a lot of rules that maybe redundant, I just need to go through and tidy up when I have some time.

 

Thanks for your help I will try what you say and feedback. Very much appreciated.

 

Jason 

VIP Advisor

Re: NAT Translation question

No problem. Let me know. We're here to help!

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards