Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Cisco Community
- Technology and Support
- Security
- VPN
- ASA: I can't ping from my VPN network to Local network
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
483
Views
0
Helpful
0
Replies
ASA: I can't ping from my VPN network to Local network
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-21-2020 07:19 AM
I am trying to ping 192.168.201.X which is my local network from 10.60.1.X which is my vpn network. What did I miss?
here is my configuration:
EXSIF-ASAV-VM# show run
: Saved
: Saved
:
: Serial Number: 9AE3NKPFT2J
: Hardware: ASAv, 14336 MB RAM, CPU Xeon E5 series 2300 MHz, 1 CPU (4 cores)
:
ASA Version 9.13(1)
!
hostname EXSIF-ASAV-VM
enable password ***** pbkdf2
!
license smart
feature tier standard
throughput level 100M
names
no mac-address auto
ip local pool VPN_USERS 10.60.1.2-10.60.1.250 mask 255.255.255.0
: Serial Number: 9AE3NKPFT2J
: Hardware: ASAv, 14336 MB RAM, CPU Xeon E5 series 2300 MHz, 1 CPU (4 cores)
:
ASA Version 9.13(1)
!
hostname EXSIF-ASAV-VM
enable password ***** pbkdf2
!
license smart
feature tier standard
throughput level 100M
names
no mac-address auto
ip local pool VPN_USERS 10.60.1.2-10.60.1.250 mask 255.255.255.0
!
interface GigabitEthernet0/0
nameif INSIDE
security-level 100
ip address 192.168.201.5 255.255.255.0
!
interface GigabitEthernet0/1
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif OUTSIDE
security-level 0
ip address dhcp setroute
!
ftp mode passive
dns domain-lookup OUTSIDE
dns server-group DefaultDNS
name-server 168.63.129.16
object network NETWORK_OBJ_192.168.50.0_24
subnet 192.168.50.0 255.255.255.0
object network NETWORK_OBJ_192.168.201.0_24
subnet 192.168.201.0 255.255.255.0
object network VPN_USERS
subnet 10.60.1.0 255.255.255.0
object-group network AZURE-2LAN
network-object 10.123.1.0 255.255.255.0
network-object 192.168.201.0 255.255.255.0
network-object 10.123.2.0 255.255.255.0
network-object 10.123.3.0 255.255.255.0
object-group network EXSIF-LOCAL-NETWORK-2-AZURE
network-object 192.168.50.0 255.255.255.0
access-list OUTSIDE_cryptomap extended permit ip 192.168.201.0 255.255.255.0 192.168.50.0 255.255.255.0
access-list VPN_USERS extended permit ip 192.168.201.0 255.255.255.0 10.60.1.0 255.255.255.0
pager lines 23
logging enable
logging asdm informational
mtu OUTSIDE 1500
mtu INSIDE 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any INSIDE
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
arp rate-limit 16384
nat (INSIDE,OUTSIDE) source static NETWORK_OBJ_192.168.201.0_24 NETWORK_OBJ_192.168.201.0_24 destination static NETWORK_OBJ_192.168.50.0_24 NETWORK_OBJ_192.168.50.0_24 no-proxy-arp route-lookup
nat (INSIDE,OUTSIDE) source static NETWORK_OBJ_192.168.201.0_24 NETWORK_OBJ_192.168.201.0_24 destination static VPN_USERS VPN_USERS no-proxy-arp route-lookup
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
timeout conn-holddown 0:00:15
timeout igp stale-route 0:01:10
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
aaa authentication http console LOCAL
aaa authentication login-history
http server enable
http 0.0.0.0 0.0.0.0 OUTSIDE
no snmp-server location
no snmp-server contact
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transport
crypto ipsec ikev2 ipsec-proposal Phase2
protocol esp encryption aes-256
protocol esp integrity sha-1
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec security-association lifetime seconds 3600
crypto ipsec security-association pmtu-aging infinite
crypto map OUTSIDE_map 1 match address OUTSIDE_cryptomap
crypto map OUTSIDE_map 1 set peer 173.220.251.118
crypto map OUTSIDE_map 1 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map OUTSIDE_map 1 set ikev2 ipsec-proposal Phase2 AES256 AES192 AES 3DES DES
crypto map OUTSIDE_map interface OUTSIDE
crypto ca trustpoint _SmartCallHome_ServerCA
no validation-usage
crl configure
crypto ca trustpoint azurevpn.exsif.com.TP2020
enrollment terminal
fqdn azurevpn.exsif.com
subject-name CN=azurevpn.exsif.com, O=EXSIF, OU=ICT,L=NEWYORK,ST=NEWYORK,C=US
serial-number
keypair azurevpn.exsif.com.key
crl configure
crypto ca trustpoint azurevpn.exsif.com.TP2020-2
enrollment terminal
no validation-usage
crl configure
crypto ca trustpool policy
auto-import
crypto ca certificate chain _SmartCallHome_ServerCA
certificate ca 0509
308205b7 3082039f a0030201 02020205 09300d06 092a8648 86f70d01 01050500
3045310b 30090603 55040613 02424d31 19301706 0355040a 13105175 6f566164
6973204c 696d6974 6564311b 30190603 55040313 1251756f 56616469 7320526f
6f742043 41203230 1e170d30 36313132 34313832 3730305a 170d3331 31313234
31383233 33335a30 45310b30 09060355 04061302 424d3119 30170603 55040a13
1051756f 56616469 73204c69 6d697465 64311b30 19060355 04031312 51756f56
61646973 20526f6f 74204341 20323082 0222300d 06092a86 4886f70d 01010105
00038202 0f003082 020a0282 0201009a 18ca4b94 0d002daf 03298af0 0f81c8ae
4c19851d 089fab29 4485f32f 81ad321e 9046bfa3 86261a1e fe7e1c18 3a5c9c60
172a3a74 8333307d 615411cb edabe0e6 d2a27ef5 6b6f18b7 0a0b2dfd e93eef0a
c6b310e9 dcc24617 f85dfda4 daff9e49 5a9ce633 e62496f7 3fba5b2b 1c7a35c2
d667feab 66508b6d 28602bef d760c3c7 93bc8d36 91f37ff8 db1113c4 9c7776c1
aeb7026a 817aa945 83e205e6 b956c194 378f4871 6322ec17 6507958a 4bdf8fc6
5a0ae5b0 e35f5e6b 11ab0cf9 85eb44e9 f80473f2 e9fe5c98 8cf573af 6bb47ecd
d45c022b 4c39e1b2 95952d42 87d7d5b3 9043b76c 13f1dedd f6c4f889 3fd175f5
92c391d5 8a88d090 ecdc6dde 89c26571 968b0d03 fd9cbf5b 16ac92db eafe797c
adebaff7 16cbdbcd 252be51f fb9a9fe2 51cc3a53 0c48e60e bdc9b476 0652e611
13857263 0304e004 362b2019 02e874a7 1fb6c956 66f07525 dc67c10e 616088b3
3ed1a8fc a3da1db0 d1b12354 df44766d ed41d8c1 b222b653 1cdf351d dca1772a
31e42df5 e5e5dbc8 e0ffe580 d70b63a0 ff33a10f ba2c1515 ea97b3d2 a2b5bef2
8c961e1a 8f1d6ca4 6137b986 7333d797 969e237d 82a44c81 e2a1d1ba 675f9507
a32711ee 16107bbc 454a4cb2 04d2abef d5fd0c51 ce506a08 31f991da 0c8f645c
03c33a8b 203f6e8d 673d3ad6 fe7d5b88 c95efbcc 61dc8b33 77d34432 35096204
921610d8 9e2747fb 3b21e3f8 eb1d5b02 03010001 a381b030 81ad300f 0603551d
130101ff 04053003 0101ff30 0b060355 1d0f0404 03020106 301d0603 551d0e04
1604141a 8462bc48 4c332504 d4eed0f6 03c41946 d1946b30 6e060355 1d230467
30658014 1a8462bc 484c3325 04d4eed0 f603c419 46d1946b a149a447 3045310b
30090603 55040613 02424d31 19301706 0355040a 13105175 6f566164 6973204c
696d6974 6564311b 30190603 55040313 1251756f 56616469 7320526f 6f742043
41203282 02050930 0d06092a 864886f7 0d010105 05000382 0201003e 0a164d9f
065ba8ae 715d2f05 2f67e613 4583c436 f6f3c026 0c0db547 645df8b4 72c946a5
03182755 89787d76 ea963480 1720dce7 83f88dfc 07b8da5f 4d2e67b2 84fdd944
fc775081 e67cb4c9 0d0b7253 f8760707 4147960c fbe08226 93558cfe 221f6065
7c5fe726 b3f73290 9850d437 7155f692 2178f795 79faf82d 26876656 3077a637
78335210 58ae3f61 8ef26ab1 ef187e4a 5963ca8d a256d5a7 2fbc561f cf39c1e2
fb0aa815 2c7d4d7a 63c66c97 443cd26f c34a170a f890d257 a21951a5 2d9741da
074fa950 da908d94 46e13ef0 94fd1000 38f53be8 40e1b46e 561a20cc 6f588ded
2e458fd6 e9933fe7 b12cdf3a d6228cdc 84bb226f d0f8e4c6 39e90488 3cc3baeb
557a6d80 9924f56c 01fbf897 b0945beb fdd26ff1 77680d35 6423acb8 55a103d1
4d4219dc f8755956 a3f9a849 79f8af0e b911a07c b76aed34 d0b62662 381a870c
f8e8fd2e d3907f07 912a1dd6 7e5c8583 99b03808 3fe95ef9 3507e4c9 626e577f
a75095f7 bac89be6 8ea201c5 d666bf79 61f33c1c e1b9825c 5da0c3e9 d848bd19
a2111419 6eb2861b 683e4837 1a88b75d 965e9cc7 ef276208 e291195c d2f121dd
ba174282 97718153 31a99ff6 7d62bf72 e1a3931d cc8a265a 0938d0ce d70d8016
b478a53a 874c8d8a a5d54697 f22c10b9 bc5422c0 01506943 9ef4b2ef 6df8ecda
f1e3b1ef df918f54 2a0b25c1 2619c452 100565d5 8210eac2 31cd2e
quit
crypto ca certificate chain azurevpn.exsif.com.TP2020
certificate ca 00c3dedf76cfd786bea1af8befefa4dd38
30820606 308203ee a0030201 02021100 c3dedf76 cfd786be a1af8bef efa4dd38
300d0609 2a864886 f70d0101 0c050030 8188310b 30090603 55040613 02555331
13301106 03550408 130a4e65 77204a65 72736579 31143012 06035504 07130b4a
65727365 79204369 7479311e 301c0603 55040a13 15546865 20555345 52545255
5354204e 6574776f 726b312e 302c0603 55040313 25555345 52547275 73742052
53412043 65727469 66696361 74696f6e 20417574 686f7269 7479301e 170d3134
30393234 30303030 30305a17 0d323430 39323332 33353935 395a307a 310b3009
06035504 06130255 53310b30 09060355 04081302 56413110 300e0603 55040713
07486572 6e646f6e 3121301f 06035504 0a13184e 6574776f 726b2053 6f6c7574
696f6e73 204c2e4c 2e432e31 29302706 03550403 13204e65 74776f72 6b20536f
6c757469 6f6e7320 4f562053 65727665 72204341 20323082 0122300d 06092a86
4886f70d 01010105 00038201 0f003082 010a0282 01010084 c118db4b b4e9e407
8bd064d6 6764a19c f0333ce8 761d94e2 d5184728 b7133ae4 f3297095 1bb92568
b67c177d 744ef3e0 932b6251 36a4d958 11f373a8 7c360bc8 3ca5a2fd 118bdc11
aecc565b 71dbfa98 4d9f965c 3b7b21e4 bfaca2c4 9a99f28d 28cf8de3 909fdac7
f3ac2d19 03847e7d b2af0f8b c2c86f2b b99e9819 3cc28089 c66c845e a8b63317
d78dd1d2 17c7f217 a37f8f5d a250c792 ad4f7740 a79c74ec 7906fe72 f11d7b18
3a2b2ba1 7982f0d7 1ac039e7 3823a68b 8888d9dd fdfb9ef3 232fe273 a737f0b8
efcb129e 227e9a68 073aa5fa 65fc8c4b 4f3e0aa1 cca7e0fb fe6de7f5 e6077015
fd98596d c061d087 80941d26 97046b18 b1be7830 77557902 03010001 a3820176
30820172 301f0603 551d2304 18301680 145379bf 5aaa2b4a cf5480e1 d89bc09d
f2b20366 cb301d06 03551d0e 04160414 2033cdb7 61f6a586 4fdcc9d7 736abc0a
516598ec 300e0603 551d0f01 01ff0404 03020186 30120603 551d1301 01ff0408
30060101 ff020100 301d0603 551d2504 16301406 082b0601 05050703 0106082b
06010505 07030230 23060355 1d20041c 301a300e 060c2b06 01040186 0e010201
03013008 06066781 0c010202 30500603 551d1f04 49304730 45a043a0 41863f68
7474703a 2f2f6372 6c2e7573 65727472 7573742e 636f6d2f 55534552 54727573
74525341 43657274 69666963 6174696f 6e417574 686f7269 74792e63 726c3076
06082b06 01050507 0101046a 3068303f 06082b06 01050507 30028633 68747470
3a2f2f63 72742e75 73657274 72757374 2e636f6d 2f555345 52547275 73745253
41416464 54727573 7443412e 63727430 2506082b 06010505 07300186 19687474
703a2f2f 6f637370 2e757365 72747275 73742e63 6f6d300d 06092a86 4886f70d
01010c05 00038202 010022a4 303700fa 974f79f7 4962ed32 4e06ac21 26e531fb
a0894869 a3d527f4 c1b8a14c e39ace53 22a6b0bb 5ad0b739 33a85fa3 61ecfd84
6e345831 03d40088 952c06d1 443ad20a 0532bbac cbf0831c 2d955287 29467797
dd443b67 703e610d 98b1f992 b6fab8eb 8ace5042 ed11e1da c8d70c30 4b8f2a24
b873a6df 84c9a48e 2f8c1d33 c5fef9d9 9dc7e4ec 46476b54 a41a344f 7fbb9b3d
1de157b8 1e9eb470 94cb851a 62b4e512 0a92b6ac 47169c6c f1f965ee 71293d44
456e81bb 9c740e94 ac0a81a7 44d0e59d 23e1d48c 18b6ba7b b53599b2 73fb30c5
a0f6d48f 087bacd2 a6dfce61 1f96a1b9 7d359d09 3e3e9942 4d35ec47 90772e38
8a63440f eb1f7748 656f761d 9acebb30 fc5408d6 7eccf64d df3f3ac7 16e61872
dfd862a2 4690b08f ce9ce7dd aea990ab ed2567c6 ed26360a 071ea4f4 7c827daf
23c18833 7b43999d 990d2c88 f2aba54f dfd57b2d a02f708b f3de525a c7960a28
b94cc47a 3b1ecb78 10998f48 9984b5c7 69a269ae a5ff07cb 7bd8d62b 2f73594a
231b1c17 f3c08422 552330e2 130774be bc542f9b 012a6071 f06d30f5 bf7e9c0d
4f606e4b 3c55b8ca 63ab76f5 db88b9c1 dd9c183a 960c9e0d f276ae1b c99ac1e9
2b6b3afb 39a91551 8dcee0ec 27efa3dd 33db9bca e099504f 9b479785 869c77ff
1fc5041e 50585bf7 7d8ab99f 2c9ac671 b6855499 aada7845 336b18a5 561b9f83
6e529b31 4940ce5f 1a55
quit
certificate 00f88d452e91b64aa8bd17992afcfe2767
308206b4 3082059c a0030201 02021100 f88d452e 91b64aa8 bd17992a fcfe2767
300d0609 2a864886 f70d0101 0b050030 7a310b30 09060355 04061302 5553310b
30090603 55040813 02564131 10300e06 03550407 13074865 726e646f 6e312130
1f060355 040a1318 4e657477 6f726b20 536f6c75 74696f6e 73204c2e 4c2e432e
31293027 06035504 0313204e 6574776f 726b2053 6f6c7574 696f6e73 204f5620
53657276 65722043 41203230 1e170d32 30303131 36303030 3030305a 170d3231
30313039 32333539 35395a30 81ae310b 30090603 55040613 02555331 0e300c06
03550411 13053130 35373731 11300f06 03550408 13084e65 7720596f 726b3111
300f0603 55040713 08507572 63686173 65312030 1e060355 04091317 32373030
20576573 74636865 73746572 20417665 6e756531 1d301b06 0355040a 13144558
53494620 576f726c 64776964 6520496e 632e310b 30090603 55040b13 02495431
1b301906 03550403 1312617a 75726576 706e2e65 78736966 2e636f6d 30820122
300d0609 2a864886 f70d0101 01050003 82010f00 3082010a 02820101 0099d6ea
e7deb7bc 04b03ab1 bea4de52 278f52b6 94930cf8 25584b00 f3f5e4ba 5868ac7e
0ab08c74 d7ef0631 99c81cdc 7ed1c951 09afad42 529e364a f8fcf693 17157fd6
1fa72f81 44e28417 a03b4ecc 1c7f3337 69490e54 2164ec31 2afe92a0 77b2cfa2
2c40a444 0c1c1fe7 b95d9fd4 24ce353d ce4d786e 5762cd30 1780c190 b04be696
5bcfcc1d 8d7c33f3 e2d868d4 648dae4b 02667ec4 63a131f7 3638ad4d c3d4554f
3ddeab20 4f41aef5 3afdf114 7313aa67 792ca13e 0c2cf932 085448f8 22bfdc54
fda83530 d026804e d7636031 a1e89331 b3377068 46ea01ac f5be0eee 5e90c329
9588acc9 216be287 6cc18910 44c3a6dc 421ba7e4 be1d1ca0 52b34eba 45020301
0001a382 02fe3082 02fa301f 0603551d 23041830 16801420 33cdb761 f6a5864f
dcc9d773 6abc0a51 6598ec30 1d060355 1d0e0416 041436d3 ebd5fd1f 3de005d0
e4b1dbc5 b6d648ac 150f300e 0603551d 0f0101ff 04040302 05a0300c 0603551d
130101ff 04023000 301d0603 551d2504 16301406 082b0601 05050703 0106082b
06010505 07030230 75060355 1d20046e 306c3060 060c2b06 01040186 0e010201
03013050 304e0608 2b060105 05070201 16426874 74703a2f 2f777777 2e6e6574
776f726b 736f6c75 74696f6e 732e636f 6d2f6c65 67616c2f 53534c2d 6c656761
6c2d7265 706f7369 746f7279 2d637073 2e6a7370 30080606 67810c01 02023049
0603551d 1f044230 40303ea0 3ca03a86 38687474 703a2f2f 63726c2e 6e657473
6f6c7373 6c2e636f 6d2f4e65 74776f72 6b536f6c 7574696f 6e734f56 53657276
65724341 322e6372 6c307b06 082b0601 05050701 01046f30 6d304406 082b0601
05050730 02863868 7474703a 2f2f6372 742e6e65 74736f6c 73736c2e 636f6d2f
4e657477 6f726b53 6f6c7574 696f6e73 4f565365 72766572 4341322e 63727430
2506082b 06010505 07300186 19687474 703a2f2f 6f637370 2e6e6574 736f6c73
736c2e63 6f6d3035 0603551d 11042e30 2c821261 7a757265 76706e2e 65787369
662e636f 6d821677 77772e61 7a757265 76706e2e 65787369 662e636f 6d308201
03060a2b 06010401 d6790204 020481f4 0481f100 ef007500 7d3ef2f8 8fff8855
6824c2c0 ca9e5289 792bc50e 78097f2e 6a976899 7e22f0d7 0000016f aed88610
00000403 00463044 022004e5 b54ca36b 829a983f 5ff1e078 8d918216 6d4e3168
cbd910d2 a227e44e 9b850220 65601323 fb7f515f a2ad8f7f 2dc4275d 100d8315
1b8b2c11 c83a2215 f0ef5445 00760044 94652eb0 eeceafc4 4007d8a8 fe28c0da
e682bed8 cb31b53f d33396b5 b681a800 00016fae d8860800 00040300 47304502
2100a5fe a03b5fab aeeb1eaf b6f2b087 e7999c98 192b1938 f4feaa29 d79c8458
81510220 4674ab82 2f6203da 96c43592 b9f44c5e f36f03a8 e6da7bf3 480f0ef3
5d493132 300d0609 2a864886 f70d0101 0b050003 82010100 63ce9007 50643e6a
19447199 92ac3a8b 0eb8e93d bef68125 84567360 3df7781f 3de0bd3c 3b5e896a
13d805a8 06b93920 7094c976 8d0596a1 df2956ed 87cdb1b9 7acad372 8cd5407a
85b14e00 28626fba e4a68b73 4463233c edc119bd 681ef3e0 96a7507c b595ac41
58967a03 664a393b 16c6758b fdcf0418 fbf2c128 c4d7a1fd 4bc30ff7 493b5911
ee702b8e 485a30af 08b07e34 cf0bc330 7a435fb4 de385dd4 8abe7c73 e551b5ee
c4568c7a ece1ee09 d1490d53 be9d554e 4bf74e73 12ba92ae 89113f57 ab9cf315
738405e6 3d20c749 297f08d9 974d5326 c9834d16 65b78621 0d13de0e 4ec97654
2910c829 7aed8d07 215a238a 24d71175 06e52027 7469a59c
quit
crypto ca certificate chain azurevpn.exsif.com.TP2020-2
certificate ca 00c3dedf76cfd786bea1af8befefa4dd38
30820606 308203ee a0030201 02021100 c3dedf76 cfd786be a1af8bef efa4dd38
300d0609 2a864886 f70d0101 0c050030 8188310b 30090603 55040613 02555331
13301106 03550408 130a4e65 77204a65 72736579 31143012 06035504 07130b4a
65727365 79204369 7479311e 301c0603 55040a13 15546865 20555345 52545255
5354204e 6574776f 726b312e 302c0603 55040313 25555345 52547275 73742052
53412043 65727469 66696361 74696f6e 20417574 686f7269 7479301e 170d3134
30393234 30303030 30305a17 0d323430 39323332 33353935 395a307a 310b3009
06035504 06130255 53310b30 09060355 04081302 56413110 300e0603 55040713
07486572 6e646f6e 3121301f 06035504 0a13184e 6574776f 726b2053 6f6c7574
696f6e73 204c2e4c 2e432e31 29302706 03550403 13204e65 74776f72 6b20536f
6c757469 6f6e7320 4f562053 65727665 72204341 20323082 0122300d 06092a86
4886f70d 01010105 00038201 0f003082 010a0282 01010084 c118db4b b4e9e407
8bd064d6 6764a19c f0333ce8 761d94e2 d5184728 b7133ae4 f3297095 1bb92568
b67c177d 744ef3e0 932b6251 36a4d958 11f373a8 7c360bc8 3ca5a2fd 118bdc11
aecc565b 71dbfa98 4d9f965c 3b7b21e4 bfaca2c4 9a99f28d 28cf8de3 909fdac7
f3ac2d19 03847e7d b2af0f8b c2c86f2b b99e9819 3cc28089 c66c845e a8b63317
d78dd1d2 17c7f217 a37f8f5d a250c792 ad4f7740 a79c74ec 7906fe72 f11d7b18
3a2b2ba1 7982f0d7 1ac039e7 3823a68b 8888d9dd fdfb9ef3 232fe273 a737f0b8
efcb129e 227e9a68 073aa5fa 65fc8c4b 4f3e0aa1 cca7e0fb fe6de7f5 e6077015
fd98596d c061d087 80941d26 97046b18 b1be7830 77557902 03010001 a3820176
30820172 301f0603 551d2304 18301680 145379bf 5aaa2b4a cf5480e1 d89bc09d
f2b20366 cb301d06 03551d0e 04160414 2033cdb7 61f6a586 4fdcc9d7 736abc0a
516598ec 300e0603 551d0f01 01ff0404 03020186 30120603 551d1301 01ff0408
30060101 ff020100 301d0603 551d2504 16301406 082b0601 05050703 0106082b
06010505 07030230 23060355 1d20041c 301a300e 060c2b06 01040186 0e010201
03013008 06066781 0c010202 30500603 551d1f04 49304730 45a043a0 41863f68
7474703a 2f2f6372 6c2e7573 65727472 7573742e 636f6d2f 55534552 54727573
74525341 43657274 69666963 6174696f 6e417574 686f7269 74792e63 726c3076
06082b06 01050507 0101046a 3068303f 06082b06 01050507 30028633 68747470
3a2f2f63 72742e75 73657274 72757374 2e636f6d 2f555345 52547275 73745253
41416464 54727573 7443412e 63727430 2506082b 06010505 07300186 19687474
703a2f2f 6f637370 2e757365 72747275 73742e63 6f6d300d 06092a86 4886f70d
01010c05 00038202 010022a4 303700fa 974f79f7 4962ed32 4e06ac21 26e531fb
a0894869 a3d527f4 c1b8a14c e39ace53 22a6b0bb 5ad0b739 33a85fa3 61ecfd84
6e345831 03d40088 952c06d1 443ad20a 0532bbac cbf0831c 2d955287 29467797
dd443b67 703e610d 98b1f992 b6fab8eb 8ace5042 ed11e1da c8d70c30 4b8f2a24
b873a6df 84c9a48e 2f8c1d33 c5fef9d9 9dc7e4ec 46476b54 a41a344f 7fbb9b3d
1de157b8 1e9eb470 94cb851a 62b4e512 0a92b6ac 47169c6c f1f965ee 71293d44
456e81bb 9c740e94 ac0a81a7 44d0e59d 23e1d48c 18b6ba7b b53599b2 73fb30c5
a0f6d48f 087bacd2 a6dfce61 1f96a1b9 7d359d09 3e3e9942 4d35ec47 90772e38
8a63440f eb1f7748 656f761d 9acebb30 fc5408d6 7eccf64d df3f3ac7 16e61872
dfd862a2 4690b08f ce9ce7dd aea990ab ed2567c6 ed26360a 071ea4f4 7c827daf
23c18833 7b43999d 990d2c88 f2aba54f dfd57b2d a02f708b f3de525a c7960a28
b94cc47a 3b1ecb78 10998f48 9984b5c7 69a269ae a5ff07cb 7bd8d62b 2f73594a
231b1c17 f3c08422 552330e2 130774be bc542f9b 012a6071 f06d30f5 bf7e9c0d
4f606e4b 3c55b8ca 63ab76f5 db88b9c1 dd9c183a 960c9e0d f276ae1b c99ac1e9
2b6b3afb 39a91551 8dcee0ec 27efa3dd 33db9bca e099504f 9b479785 869c77ff
1fc5041e 50585bf7 7d8ab99f 2c9ac671 b6855499 aada7845 336b18a5 561b9f83
6e529b31 4940ce5f 1a55
quit
crypto ikev2 policy 1
encryption 3des
integrity sha
group 2
prf sha
lifetime seconds 86400
crypto ikev2 enable OUTSIDE
crypto ikev2 enable INSIDE
crypto ikev1 enable OUTSIDE
crypto ikev1 enable INSIDE
crypto ikev1 policy 1
authentication pre-share
encryption 3des
hash sha
group 2
lifetime none
telnet timeout 5
ssh stricthostkeycheck
ssh 0.0.0.0 0.0.0.0 OUTSIDE
ssh timeout 60
ssh version 2
ssh key-exchange group dh-group14-sha256
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl trust-point azurevpn.exsif.com.TP2020 OUTSIDE
webvpn
enable OUTSIDE
http-headers
hsts-server
enable
max-age 31536000
include-sub-domains
no preload
hsts-client
enable
x-content-type-options
x-xss-protection
content-security-policy
anyconnect image disk0:/anyconnect-win-4.8.01090-webdeploy-k9.pkg 1
anyconnect enable
tunnel-group-list enable
cache
disable
error-recovery disable
group-policy GroupPolicy_173.220.251.118 internal
group-policy GroupPolicy_173.220.251.118 attributes
vpn-tunnel-protocol ikev1 ikev2
group-policy VPN_USERS internal
group-policy VPN_USERS attributes
wins-server none
dns-server value 8.8.8.8
vpn-idle-timeout 86400
vpn-session-timeout 86400
vpn-tunnel-protocol ssl-client
split-tunnel-policy tunnelspecified
split-tunnel-network-list value OUTSIDE_cryptomap
default-domain value exsif.com
address-pools value VPN_USERS
webvpn
url-list none
anyconnect mtu 1300
anyconnect ssl keepalive 20
anyconnect ask enable default anyconnect
dynamic-access-policy-record DfltAccessPolicy
username cseadmin password ***** pbkdf2 privilege 15
username testvpn password ***** pbkdf2 privilege 15
tunnel-group 173.220.251.118 type ipsec-l2l
tunnel-group 173.220.251.118 general-attributes
default-group-policy GroupPolicy_173.220.251.118
tunnel-group 173.220.251.118 ipsec-attributes
ikev1 pre-shared-key *****
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
tunnel-group VPN_USERS type remote-access
tunnel-group VPN_USERS general-attributes
address-pool VPN_USERS
default-group-policy VPN_USERS
tunnel-group VPN_USERS webvpn-attributes
group-alias VPN_USERS enable
tunnel-group SSLVPN-EXSIF type remote-access
tunnel-group SSLVPN-EXSIF general-attributes
default-group-policy VPN_USERS
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
no tcp-inspection
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
!
service-policy global_policy global
prompt hostname context
call-home reporting anonymous
call-home
profile License
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination transport-method http
Cryptochecksum:cb5f7e70ba953ac264e411d08ebc7dfe
: end
EXSIF-ASAV-VM# $
interface GigabitEthernet0/0
nameif INSIDE
security-level 100
ip address 192.168.201.5 255.255.255.0
!
interface GigabitEthernet0/1
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif OUTSIDE
security-level 0
ip address dhcp setroute
!
ftp mode passive
dns domain-lookup OUTSIDE
dns server-group DefaultDNS
name-server 168.63.129.16
object network NETWORK_OBJ_192.168.50.0_24
subnet 192.168.50.0 255.255.255.0
object network NETWORK_OBJ_192.168.201.0_24
subnet 192.168.201.0 255.255.255.0
object network VPN_USERS
subnet 10.60.1.0 255.255.255.0
object-group network AZURE-2LAN
network-object 10.123.1.0 255.255.255.0
network-object 192.168.201.0 255.255.255.0
network-object 10.123.2.0 255.255.255.0
network-object 10.123.3.0 255.255.255.0
object-group network EXSIF-LOCAL-NETWORK-2-AZURE
network-object 192.168.50.0 255.255.255.0
access-list OUTSIDE_cryptomap extended permit ip 192.168.201.0 255.255.255.0 192.168.50.0 255.255.255.0
access-list VPN_USERS extended permit ip 192.168.201.0 255.255.255.0 10.60.1.0 255.255.255.0
pager lines 23
logging enable
logging asdm informational
mtu OUTSIDE 1500
mtu INSIDE 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any INSIDE
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
arp rate-limit 16384
nat (INSIDE,OUTSIDE) source static NETWORK_OBJ_192.168.201.0_24 NETWORK_OBJ_192.168.201.0_24 destination static NETWORK_OBJ_192.168.50.0_24 NETWORK_OBJ_192.168.50.0_24 no-proxy-arp route-lookup
nat (INSIDE,OUTSIDE) source static NETWORK_OBJ_192.168.201.0_24 NETWORK_OBJ_192.168.201.0_24 destination static VPN_USERS VPN_USERS no-proxy-arp route-lookup
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
timeout conn-holddown 0:00:15
timeout igp stale-route 0:01:10
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
aaa authentication http console LOCAL
aaa authentication login-history
http server enable
http 0.0.0.0 0.0.0.0 OUTSIDE
no snmp-server location
no snmp-server contact
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transport
crypto ipsec ikev2 ipsec-proposal Phase2
protocol esp encryption aes-256
protocol esp integrity sha-1
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec security-association lifetime seconds 3600
crypto ipsec security-association pmtu-aging infinite
crypto map OUTSIDE_map 1 match address OUTSIDE_cryptomap
crypto map OUTSIDE_map 1 set peer 173.220.251.118
crypto map OUTSIDE_map 1 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map OUTSIDE_map 1 set ikev2 ipsec-proposal Phase2 AES256 AES192 AES 3DES DES
crypto map OUTSIDE_map interface OUTSIDE
crypto ca trustpoint _SmartCallHome_ServerCA
no validation-usage
crl configure
crypto ca trustpoint azurevpn.exsif.com.TP2020
enrollment terminal
fqdn azurevpn.exsif.com
subject-name CN=azurevpn.exsif.com, O=EXSIF, OU=ICT,L=NEWYORK,ST=NEWYORK,C=US
serial-number
keypair azurevpn.exsif.com.key
crl configure
crypto ca trustpoint azurevpn.exsif.com.TP2020-2
enrollment terminal
no validation-usage
crl configure
crypto ca trustpool policy
auto-import
crypto ca certificate chain _SmartCallHome_ServerCA
certificate ca 0509
308205b7 3082039f a0030201 02020205 09300d06 092a8648 86f70d01 01050500
3045310b 30090603 55040613 02424d31 19301706 0355040a 13105175 6f566164
6973204c 696d6974 6564311b 30190603 55040313 1251756f 56616469 7320526f
6f742043 41203230 1e170d30 36313132 34313832 3730305a 170d3331 31313234
31383233 33335a30 45310b30 09060355 04061302 424d3119 30170603 55040a13
1051756f 56616469 73204c69 6d697465 64311b30 19060355 04031312 51756f56
61646973 20526f6f 74204341 20323082 0222300d 06092a86 4886f70d 01010105
00038202 0f003082 020a0282 0201009a 18ca4b94 0d002daf 03298af0 0f81c8ae
4c19851d 089fab29 4485f32f 81ad321e 9046bfa3 86261a1e fe7e1c18 3a5c9c60
172a3a74 8333307d 615411cb edabe0e6 d2a27ef5 6b6f18b7 0a0b2dfd e93eef0a
c6b310e9 dcc24617 f85dfda4 daff9e49 5a9ce633 e62496f7 3fba5b2b 1c7a35c2
d667feab 66508b6d 28602bef d760c3c7 93bc8d36 91f37ff8 db1113c4 9c7776c1
aeb7026a 817aa945 83e205e6 b956c194 378f4871 6322ec17 6507958a 4bdf8fc6
5a0ae5b0 e35f5e6b 11ab0cf9 85eb44e9 f80473f2 e9fe5c98 8cf573af 6bb47ecd
d45c022b 4c39e1b2 95952d42 87d7d5b3 9043b76c 13f1dedd f6c4f889 3fd175f5
92c391d5 8a88d090 ecdc6dde 89c26571 968b0d03 fd9cbf5b 16ac92db eafe797c
adebaff7 16cbdbcd 252be51f fb9a9fe2 51cc3a53 0c48e60e bdc9b476 0652e611
13857263 0304e004 362b2019 02e874a7 1fb6c956 66f07525 dc67c10e 616088b3
3ed1a8fc a3da1db0 d1b12354 df44766d ed41d8c1 b222b653 1cdf351d dca1772a
31e42df5 e5e5dbc8 e0ffe580 d70b63a0 ff33a10f ba2c1515 ea97b3d2 a2b5bef2
8c961e1a 8f1d6ca4 6137b986 7333d797 969e237d 82a44c81 e2a1d1ba 675f9507
a32711ee 16107bbc 454a4cb2 04d2abef d5fd0c51 ce506a08 31f991da 0c8f645c
03c33a8b 203f6e8d 673d3ad6 fe7d5b88 c95efbcc 61dc8b33 77d34432 35096204
921610d8 9e2747fb 3b21e3f8 eb1d5b02 03010001 a381b030 81ad300f 0603551d
130101ff 04053003 0101ff30 0b060355 1d0f0404 03020106 301d0603 551d0e04
1604141a 8462bc48 4c332504 d4eed0f6 03c41946 d1946b30 6e060355 1d230467
30658014 1a8462bc 484c3325 04d4eed0 f603c419 46d1946b a149a447 3045310b
30090603 55040613 02424d31 19301706 0355040a 13105175 6f566164 6973204c
696d6974 6564311b 30190603 55040313 1251756f 56616469 7320526f 6f742043
41203282 02050930 0d06092a 864886f7 0d010105 05000382 0201003e 0a164d9f
065ba8ae 715d2f05 2f67e613 4583c436 f6f3c026 0c0db547 645df8b4 72c946a5
03182755 89787d76 ea963480 1720dce7 83f88dfc 07b8da5f 4d2e67b2 84fdd944
fc775081 e67cb4c9 0d0b7253 f8760707 4147960c fbe08226 93558cfe 221f6065
7c5fe726 b3f73290 9850d437 7155f692 2178f795 79faf82d 26876656 3077a637
78335210 58ae3f61 8ef26ab1 ef187e4a 5963ca8d a256d5a7 2fbc561f cf39c1e2
fb0aa815 2c7d4d7a 63c66c97 443cd26f c34a170a f890d257 a21951a5 2d9741da
074fa950 da908d94 46e13ef0 94fd1000 38f53be8 40e1b46e 561a20cc 6f588ded
2e458fd6 e9933fe7 b12cdf3a d6228cdc 84bb226f d0f8e4c6 39e90488 3cc3baeb
557a6d80 9924f56c 01fbf897 b0945beb fdd26ff1 77680d35 6423acb8 55a103d1
4d4219dc f8755956 a3f9a849 79f8af0e b911a07c b76aed34 d0b62662 381a870c
f8e8fd2e d3907f07 912a1dd6 7e5c8583 99b03808 3fe95ef9 3507e4c9 626e577f
a75095f7 bac89be6 8ea201c5 d666bf79 61f33c1c e1b9825c 5da0c3e9 d848bd19
a2111419 6eb2861b 683e4837 1a88b75d 965e9cc7 ef276208 e291195c d2f121dd
ba174282 97718153 31a99ff6 7d62bf72 e1a3931d cc8a265a 0938d0ce d70d8016
b478a53a 874c8d8a a5d54697 f22c10b9 bc5422c0 01506943 9ef4b2ef 6df8ecda
f1e3b1ef df918f54 2a0b25c1 2619c452 100565d5 8210eac2 31cd2e
quit
crypto ca certificate chain azurevpn.exsif.com.TP2020
certificate ca 00c3dedf76cfd786bea1af8befefa4dd38
30820606 308203ee a0030201 02021100 c3dedf76 cfd786be a1af8bef efa4dd38
300d0609 2a864886 f70d0101 0c050030 8188310b 30090603 55040613 02555331
13301106 03550408 130a4e65 77204a65 72736579 31143012 06035504 07130b4a
65727365 79204369 7479311e 301c0603 55040a13 15546865 20555345 52545255
5354204e 6574776f 726b312e 302c0603 55040313 25555345 52547275 73742052
53412043 65727469 66696361 74696f6e 20417574 686f7269 7479301e 170d3134
30393234 30303030 30305a17 0d323430 39323332 33353935 395a307a 310b3009
06035504 06130255 53310b30 09060355 04081302 56413110 300e0603 55040713
07486572 6e646f6e 3121301f 06035504 0a13184e 6574776f 726b2053 6f6c7574
696f6e73 204c2e4c 2e432e31 29302706 03550403 13204e65 74776f72 6b20536f
6c757469 6f6e7320 4f562053 65727665 72204341 20323082 0122300d 06092a86
4886f70d 01010105 00038201 0f003082 010a0282 01010084 c118db4b b4e9e407
8bd064d6 6764a19c f0333ce8 761d94e2 d5184728 b7133ae4 f3297095 1bb92568
b67c177d 744ef3e0 932b6251 36a4d958 11f373a8 7c360bc8 3ca5a2fd 118bdc11
aecc565b 71dbfa98 4d9f965c 3b7b21e4 bfaca2c4 9a99f28d 28cf8de3 909fdac7
f3ac2d19 03847e7d b2af0f8b c2c86f2b b99e9819 3cc28089 c66c845e a8b63317
d78dd1d2 17c7f217 a37f8f5d a250c792 ad4f7740 a79c74ec 7906fe72 f11d7b18
3a2b2ba1 7982f0d7 1ac039e7 3823a68b 8888d9dd fdfb9ef3 232fe273 a737f0b8
efcb129e 227e9a68 073aa5fa 65fc8c4b 4f3e0aa1 cca7e0fb fe6de7f5 e6077015
fd98596d c061d087 80941d26 97046b18 b1be7830 77557902 03010001 a3820176
30820172 301f0603 551d2304 18301680 145379bf 5aaa2b4a cf5480e1 d89bc09d
f2b20366 cb301d06 03551d0e 04160414 2033cdb7 61f6a586 4fdcc9d7 736abc0a
516598ec 300e0603 551d0f01 01ff0404 03020186 30120603 551d1301 01ff0408
30060101 ff020100 301d0603 551d2504 16301406 082b0601 05050703 0106082b
06010505 07030230 23060355 1d20041c 301a300e 060c2b06 01040186 0e010201
03013008 06066781 0c010202 30500603 551d1f04 49304730 45a043a0 41863f68
7474703a 2f2f6372 6c2e7573 65727472 7573742e 636f6d2f 55534552 54727573
74525341 43657274 69666963 6174696f 6e417574 686f7269 74792e63 726c3076
06082b06 01050507 0101046a 3068303f 06082b06 01050507 30028633 68747470
3a2f2f63 72742e75 73657274 72757374 2e636f6d 2f555345 52547275 73745253
41416464 54727573 7443412e 63727430 2506082b 06010505 07300186 19687474
703a2f2f 6f637370 2e757365 72747275 73742e63 6f6d300d 06092a86 4886f70d
01010c05 00038202 010022a4 303700fa 974f79f7 4962ed32 4e06ac21 26e531fb
a0894869 a3d527f4 c1b8a14c e39ace53 22a6b0bb 5ad0b739 33a85fa3 61ecfd84
6e345831 03d40088 952c06d1 443ad20a 0532bbac cbf0831c 2d955287 29467797
dd443b67 703e610d 98b1f992 b6fab8eb 8ace5042 ed11e1da c8d70c30 4b8f2a24
b873a6df 84c9a48e 2f8c1d33 c5fef9d9 9dc7e4ec 46476b54 a41a344f 7fbb9b3d
1de157b8 1e9eb470 94cb851a 62b4e512 0a92b6ac 47169c6c f1f965ee 71293d44
456e81bb 9c740e94 ac0a81a7 44d0e59d 23e1d48c 18b6ba7b b53599b2 73fb30c5
a0f6d48f 087bacd2 a6dfce61 1f96a1b9 7d359d09 3e3e9942 4d35ec47 90772e38
8a63440f eb1f7748 656f761d 9acebb30 fc5408d6 7eccf64d df3f3ac7 16e61872
dfd862a2 4690b08f ce9ce7dd aea990ab ed2567c6 ed26360a 071ea4f4 7c827daf
23c18833 7b43999d 990d2c88 f2aba54f dfd57b2d a02f708b f3de525a c7960a28
b94cc47a 3b1ecb78 10998f48 9984b5c7 69a269ae a5ff07cb 7bd8d62b 2f73594a
231b1c17 f3c08422 552330e2 130774be bc542f9b 012a6071 f06d30f5 bf7e9c0d
4f606e4b 3c55b8ca 63ab76f5 db88b9c1 dd9c183a 960c9e0d f276ae1b c99ac1e9
2b6b3afb 39a91551 8dcee0ec 27efa3dd 33db9bca e099504f 9b479785 869c77ff
1fc5041e 50585bf7 7d8ab99f 2c9ac671 b6855499 aada7845 336b18a5 561b9f83
6e529b31 4940ce5f 1a55
quit
certificate 00f88d452e91b64aa8bd17992afcfe2767
308206b4 3082059c a0030201 02021100 f88d452e 91b64aa8 bd17992a fcfe2767
300d0609 2a864886 f70d0101 0b050030 7a310b30 09060355 04061302 5553310b
30090603 55040813 02564131 10300e06 03550407 13074865 726e646f 6e312130
1f060355 040a1318 4e657477 6f726b20 536f6c75 74696f6e 73204c2e 4c2e432e
31293027 06035504 0313204e 6574776f 726b2053 6f6c7574 696f6e73 204f5620
53657276 65722043 41203230 1e170d32 30303131 36303030 3030305a 170d3231
30313039 32333539 35395a30 81ae310b 30090603 55040613 02555331 0e300c06
03550411 13053130 35373731 11300f06 03550408 13084e65 7720596f 726b3111
300f0603 55040713 08507572 63686173 65312030 1e060355 04091317 32373030
20576573 74636865 73746572 20417665 6e756531 1d301b06 0355040a 13144558
53494620 576f726c 64776964 6520496e 632e310b 30090603 55040b13 02495431
1b301906 03550403 1312617a 75726576 706e2e65 78736966 2e636f6d 30820122
300d0609 2a864886 f70d0101 01050003 82010f00 3082010a 02820101 0099d6ea
e7deb7bc 04b03ab1 bea4de52 278f52b6 94930cf8 25584b00 f3f5e4ba 5868ac7e
0ab08c74 d7ef0631 99c81cdc 7ed1c951 09afad42 529e364a f8fcf693 17157fd6
1fa72f81 44e28417 a03b4ecc 1c7f3337 69490e54 2164ec31 2afe92a0 77b2cfa2
2c40a444 0c1c1fe7 b95d9fd4 24ce353d ce4d786e 5762cd30 1780c190 b04be696
5bcfcc1d 8d7c33f3 e2d868d4 648dae4b 02667ec4 63a131f7 3638ad4d c3d4554f
3ddeab20 4f41aef5 3afdf114 7313aa67 792ca13e 0c2cf932 085448f8 22bfdc54
fda83530 d026804e d7636031 a1e89331 b3377068 46ea01ac f5be0eee 5e90c329
9588acc9 216be287 6cc18910 44c3a6dc 421ba7e4 be1d1ca0 52b34eba 45020301
0001a382 02fe3082 02fa301f 0603551d 23041830 16801420 33cdb761 f6a5864f
dcc9d773 6abc0a51 6598ec30 1d060355 1d0e0416 041436d3 ebd5fd1f 3de005d0
e4b1dbc5 b6d648ac 150f300e 0603551d 0f0101ff 04040302 05a0300c 0603551d
130101ff 04023000 301d0603 551d2504 16301406 082b0601 05050703 0106082b
06010505 07030230 75060355 1d20046e 306c3060 060c2b06 01040186 0e010201
03013050 304e0608 2b060105 05070201 16426874 74703a2f 2f777777 2e6e6574
776f726b 736f6c75 74696f6e 732e636f 6d2f6c65 67616c2f 53534c2d 6c656761
6c2d7265 706f7369 746f7279 2d637073 2e6a7370 30080606 67810c01 02023049
0603551d 1f044230 40303ea0 3ca03a86 38687474 703a2f2f 63726c2e 6e657473
6f6c7373 6c2e636f 6d2f4e65 74776f72 6b536f6c 7574696f 6e734f56 53657276
65724341 322e6372 6c307b06 082b0601 05050701 01046f30 6d304406 082b0601
05050730 02863868 7474703a 2f2f6372 742e6e65 74736f6c 73736c2e 636f6d2f
4e657477 6f726b53 6f6c7574 696f6e73 4f565365 72766572 4341322e 63727430
2506082b 06010505 07300186 19687474 703a2f2f 6f637370 2e6e6574 736f6c73
736c2e63 6f6d3035 0603551d 11042e30 2c821261 7a757265 76706e2e 65787369
662e636f 6d821677 77772e61 7a757265 76706e2e 65787369 662e636f 6d308201
03060a2b 06010401 d6790204 020481f4 0481f100 ef007500 7d3ef2f8 8fff8855
6824c2c0 ca9e5289 792bc50e 78097f2e 6a976899 7e22f0d7 0000016f aed88610
00000403 00463044 022004e5 b54ca36b 829a983f 5ff1e078 8d918216 6d4e3168
cbd910d2 a227e44e 9b850220 65601323 fb7f515f a2ad8f7f 2dc4275d 100d8315
1b8b2c11 c83a2215 f0ef5445 00760044 94652eb0 eeceafc4 4007d8a8 fe28c0da
e682bed8 cb31b53f d33396b5 b681a800 00016fae d8860800 00040300 47304502
2100a5fe a03b5fab aeeb1eaf b6f2b087 e7999c98 192b1938 f4feaa29 d79c8458
81510220 4674ab82 2f6203da 96c43592 b9f44c5e f36f03a8 e6da7bf3 480f0ef3
5d493132 300d0609 2a864886 f70d0101 0b050003 82010100 63ce9007 50643e6a
19447199 92ac3a8b 0eb8e93d bef68125 84567360 3df7781f 3de0bd3c 3b5e896a
13d805a8 06b93920 7094c976 8d0596a1 df2956ed 87cdb1b9 7acad372 8cd5407a
85b14e00 28626fba e4a68b73 4463233c edc119bd 681ef3e0 96a7507c b595ac41
58967a03 664a393b 16c6758b fdcf0418 fbf2c128 c4d7a1fd 4bc30ff7 493b5911
ee702b8e 485a30af 08b07e34 cf0bc330 7a435fb4 de385dd4 8abe7c73 e551b5ee
c4568c7a ece1ee09 d1490d53 be9d554e 4bf74e73 12ba92ae 89113f57 ab9cf315
738405e6 3d20c749 297f08d9 974d5326 c9834d16 65b78621 0d13de0e 4ec97654
2910c829 7aed8d07 215a238a 24d71175 06e52027 7469a59c
quit
crypto ca certificate chain azurevpn.exsif.com.TP2020-2
certificate ca 00c3dedf76cfd786bea1af8befefa4dd38
30820606 308203ee a0030201 02021100 c3dedf76 cfd786be a1af8bef efa4dd38
300d0609 2a864886 f70d0101 0c050030 8188310b 30090603 55040613 02555331
13301106 03550408 130a4e65 77204a65 72736579 31143012 06035504 07130b4a
65727365 79204369 7479311e 301c0603 55040a13 15546865 20555345 52545255
5354204e 6574776f 726b312e 302c0603 55040313 25555345 52547275 73742052
53412043 65727469 66696361 74696f6e 20417574 686f7269 7479301e 170d3134
30393234 30303030 30305a17 0d323430 39323332 33353935 395a307a 310b3009
06035504 06130255 53310b30 09060355 04081302 56413110 300e0603 55040713
07486572 6e646f6e 3121301f 06035504 0a13184e 6574776f 726b2053 6f6c7574
696f6e73 204c2e4c 2e432e31 29302706 03550403 13204e65 74776f72 6b20536f
6c757469 6f6e7320 4f562053 65727665 72204341 20323082 0122300d 06092a86
4886f70d 01010105 00038201 0f003082 010a0282 01010084 c118db4b b4e9e407
8bd064d6 6764a19c f0333ce8 761d94e2 d5184728 b7133ae4 f3297095 1bb92568
b67c177d 744ef3e0 932b6251 36a4d958 11f373a8 7c360bc8 3ca5a2fd 118bdc11
aecc565b 71dbfa98 4d9f965c 3b7b21e4 bfaca2c4 9a99f28d 28cf8de3 909fdac7
f3ac2d19 03847e7d b2af0f8b c2c86f2b b99e9819 3cc28089 c66c845e a8b63317
d78dd1d2 17c7f217 a37f8f5d a250c792 ad4f7740 a79c74ec 7906fe72 f11d7b18
3a2b2ba1 7982f0d7 1ac039e7 3823a68b 8888d9dd fdfb9ef3 232fe273 a737f0b8
efcb129e 227e9a68 073aa5fa 65fc8c4b 4f3e0aa1 cca7e0fb fe6de7f5 e6077015
fd98596d c061d087 80941d26 97046b18 b1be7830 77557902 03010001 a3820176
30820172 301f0603 551d2304 18301680 145379bf 5aaa2b4a cf5480e1 d89bc09d
f2b20366 cb301d06 03551d0e 04160414 2033cdb7 61f6a586 4fdcc9d7 736abc0a
516598ec 300e0603 551d0f01 01ff0404 03020186 30120603 551d1301 01ff0408
30060101 ff020100 301d0603 551d2504 16301406 082b0601 05050703 0106082b
06010505 07030230 23060355 1d20041c 301a300e 060c2b06 01040186 0e010201
03013008 06066781 0c010202 30500603 551d1f04 49304730 45a043a0 41863f68
7474703a 2f2f6372 6c2e7573 65727472 7573742e 636f6d2f 55534552 54727573
74525341 43657274 69666963 6174696f 6e417574 686f7269 74792e63 726c3076
06082b06 01050507 0101046a 3068303f 06082b06 01050507 30028633 68747470
3a2f2f63 72742e75 73657274 72757374 2e636f6d 2f555345 52547275 73745253
41416464 54727573 7443412e 63727430 2506082b 06010505 07300186 19687474
703a2f2f 6f637370 2e757365 72747275 73742e63 6f6d300d 06092a86 4886f70d
01010c05 00038202 010022a4 303700fa 974f79f7 4962ed32 4e06ac21 26e531fb
a0894869 a3d527f4 c1b8a14c e39ace53 22a6b0bb 5ad0b739 33a85fa3 61ecfd84
6e345831 03d40088 952c06d1 443ad20a 0532bbac cbf0831c 2d955287 29467797
dd443b67 703e610d 98b1f992 b6fab8eb 8ace5042 ed11e1da c8d70c30 4b8f2a24
b873a6df 84c9a48e 2f8c1d33 c5fef9d9 9dc7e4ec 46476b54 a41a344f 7fbb9b3d
1de157b8 1e9eb470 94cb851a 62b4e512 0a92b6ac 47169c6c f1f965ee 71293d44
456e81bb 9c740e94 ac0a81a7 44d0e59d 23e1d48c 18b6ba7b b53599b2 73fb30c5
a0f6d48f 087bacd2 a6dfce61 1f96a1b9 7d359d09 3e3e9942 4d35ec47 90772e38
8a63440f eb1f7748 656f761d 9acebb30 fc5408d6 7eccf64d df3f3ac7 16e61872
dfd862a2 4690b08f ce9ce7dd aea990ab ed2567c6 ed26360a 071ea4f4 7c827daf
23c18833 7b43999d 990d2c88 f2aba54f dfd57b2d a02f708b f3de525a c7960a28
b94cc47a 3b1ecb78 10998f48 9984b5c7 69a269ae a5ff07cb 7bd8d62b 2f73594a
231b1c17 f3c08422 552330e2 130774be bc542f9b 012a6071 f06d30f5 bf7e9c0d
4f606e4b 3c55b8ca 63ab76f5 db88b9c1 dd9c183a 960c9e0d f276ae1b c99ac1e9
2b6b3afb 39a91551 8dcee0ec 27efa3dd 33db9bca e099504f 9b479785 869c77ff
1fc5041e 50585bf7 7d8ab99f 2c9ac671 b6855499 aada7845 336b18a5 561b9f83
6e529b31 4940ce5f 1a55
quit
crypto ikev2 policy 1
encryption 3des
integrity sha
group 2
prf sha
lifetime seconds 86400
crypto ikev2 enable OUTSIDE
crypto ikev2 enable INSIDE
crypto ikev1 enable OUTSIDE
crypto ikev1 enable INSIDE
crypto ikev1 policy 1
authentication pre-share
encryption 3des
hash sha
group 2
lifetime none
telnet timeout 5
ssh stricthostkeycheck
ssh 0.0.0.0 0.0.0.0 OUTSIDE
ssh timeout 60
ssh version 2
ssh key-exchange group dh-group14-sha256
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl trust-point azurevpn.exsif.com.TP2020 OUTSIDE
webvpn
enable OUTSIDE
http-headers
hsts-server
enable
max-age 31536000
include-sub-domains
no preload
hsts-client
enable
x-content-type-options
x-xss-protection
content-security-policy
anyconnect image disk0:/anyconnect-win-4.8.01090-webdeploy-k9.pkg 1
anyconnect enable
tunnel-group-list enable
cache
disable
error-recovery disable
group-policy GroupPolicy_173.220.251.118 internal
group-policy GroupPolicy_173.220.251.118 attributes
vpn-tunnel-protocol ikev1 ikev2
group-policy VPN_USERS internal
group-policy VPN_USERS attributes
wins-server none
dns-server value 8.8.8.8
vpn-idle-timeout 86400
vpn-session-timeout 86400
vpn-tunnel-protocol ssl-client
split-tunnel-policy tunnelspecified
split-tunnel-network-list value OUTSIDE_cryptomap
default-domain value exsif.com
address-pools value VPN_USERS
webvpn
url-list none
anyconnect mtu 1300
anyconnect ssl keepalive 20
anyconnect ask enable default anyconnect
dynamic-access-policy-record DfltAccessPolicy
username cseadmin password ***** pbkdf2 privilege 15
username testvpn password ***** pbkdf2 privilege 15
tunnel-group 173.220.251.118 type ipsec-l2l
tunnel-group 173.220.251.118 general-attributes
default-group-policy GroupPolicy_173.220.251.118
tunnel-group 173.220.251.118 ipsec-attributes
ikev1 pre-shared-key *****
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
tunnel-group VPN_USERS type remote-access
tunnel-group VPN_USERS general-attributes
address-pool VPN_USERS
default-group-policy VPN_USERS
tunnel-group VPN_USERS webvpn-attributes
group-alias VPN_USERS enable
tunnel-group SSLVPN-EXSIF type remote-access
tunnel-group SSLVPN-EXSIF general-attributes
default-group-policy VPN_USERS
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
no tcp-inspection
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
!
service-policy global_policy global
prompt hostname context
call-home reporting anonymous
call-home
profile License
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination transport-method http
Cryptochecksum:cb5f7e70ba953ac264e411d08ebc7dfe
: end
EXSIF-ASAV-VM# $
Labels:
- Labels:
-
VPN
0 Replies 0
Learn, share, save
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide
Customers Also Viewed These Support Documents