Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
653
Views
0
Helpful
2
Replies

ASA5505 dropping vpn connections

nick.dennis
Level 1
Level 1

‎12-14-2009 11:30 AM

Hello,

We previously had a pix 506e which suddenly would no longer power on, we pay a 3rd party company to periodicaly backup our firewall config so we were able to purchase an ASA 5505 from them and have them restore our config to the 5505. Everything works however we noticed some strange problems: with one user they are connected and working away and all of a sudden Outlook will say trying to connect and then go to disconnected and they will have to disconnect the VPN client and then reconnect. With this same user they are also saying sometimes they can stay connected for hours and some days this problem will occur every 15-20 minutes. They had Cisco vpn client version 4.8 on their laptop so I downloaded version 5 from Cisco last week.

I've also noticed that when I am connected I've seen Outlook say trying to connect and then does connect but my telnet sessions that I had open got disconnected. This has happened even with Cisco vpn client version 5.

Can anyone tell me where I could look to try and troubleshoot this issue? I did enable logging on the users VPN client and changed the level to medium in hopes I could see something in his client logs if he told me what time it occured.

I believe this problem only started when we switched from the Pix 506e to the ASA 5505.

Labels:
0 Helpful
2 Replies 2

acomiskey
Level 10
Level 10

‎12-14-2009 12:13 PM

What version is running on the 5505? The pix must have been version 6.x where as the ASA is 7+.

I would verify the config was converted over correctly.

0 Helpful

nick.dennis
Level 1
Level 1
In response to acomiskey

‎12-14-2009 12:39 PM

I believe its version 8.2, it costs us money every time we need to contact this 3rd party company so if there is some other way I can get this resolved that would be better. The device does have 1 year of cisco maintance contract I believe, they had me sign up to cisco and put some information about the asa which I believe was for cisco support.

Here's a screenshot from the ASDM of the user connected: http://i50.tinypic.com/zmgt2w.jpg

here's the config if that would help (I put in the **** for the first 4 things because I wasn't sure if it was ok to leave that info there).

Result of the command: "show running-config"

: Saved
:
ASA Version 8.2(1)
!
hostname ****
domain-name ****
enable password ****
passwd ****
names
name 192.168.10.42 RCSLogixBOCS
name 172.16.0.17 testvpnip
name 192.168.10.55 SecurityCamera
name 192.168.11.12 bcs-es1
name 192.168.11.11 bcs-dc2
name 192.168.11.10 bcs-dc1
name 192.168.103.0 Orchard_SecurityCamera_VLAN
name 192.168.11.0 WindowsServer_VLAN
name 192.168.25.0 Squalicum_SecurityCamera_VLAN
name 192.168.101.0 Orchard_EngineRoom_VLAN
name 192.168.17.0 Squalicum_Generator_VLAN
name 192.168.14.0 Squalicum_EngineeringWS_VLAN
name 192.168.16.0 Squalicum_EngineRoom_VLAN
name 192.168.102.0 Orchard_Generator_VLAN
name 192.168.104.0 Orchard_Logix_VLAN
name 192.168.15.0 Squalicum_Hench_VLAN
name 192.168.27.0 Squalicum_WirelessCntrl_VLAN
name 192.168.105.0 Orchard_WirelessMgmt_VLAN
name 192.168.106.0 Orchard_WirelessClient_VLAN
name 192.168.10.0 Unix_Serial_Range
name 172.20.10.0 NSNW_Int
name 192.168.26.10 barracuda
name 192.168.16.11 hench02
name 192.168.16.10 hench01
name 192.168.17.10 Squalicum_Generator
name 192.168.102.10 Orchard_Generator
name 192.168.10.81 engr_refrig2
name 192.168.10.80 engr_refrig1
name 192.168.10.18 Archie
name 192.168.10.19 Flashconnect
!
interface Vlan1
nameif inside
security-level 100
ip address 172.16.0.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address 216.57.214.3 255.255.255.248
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
ftp mode passive
clock timezone PST -8
clock summer-time PDT recurring
dns server-group DefaultDNS
domain-name nsnw.us
object-group network Generators
network-object Orchard_Generator 255.255.255.255
network-object Squalicum_Generator 255.255.255.255
object-group network Engineering
network-object Squalicum_EngineeringWS_VLAN 255.255.255.0
network-object Squalicum_Hench_VLAN 255.255.255.0
network-object Squalicum_EngineRoom_VLAN 255.255.255.0
network-object Squalicum_Generator_VLAN 255.255.255.0
network-object Orchard_EngineRoom_VLAN 255.255.255.0
network-object Orchard_Generator_VLAN 255.255.255.0
network-object Orchard_Logix_VLAN 255.255.255.0
network-object engr_refrig1 255.255.255.255
network-object engr_refrig2 255.255.255.255
object-group network WirelessSupport
network-object Squalicum_WirelessCntrl_VLAN 255.255.255.0
network-object Orchard_WirelessMgmt_VLAN 255.255.255.0
network-object Orchard_WirelessClient_VLAN 255.255.255.0
object-group network Users
description Allow Normal Users Access
network-object WindowsServer_VLAN 255.255.255.0
network-object Unix_Serial_Range 255.255.255.0
object-group network SecurityCameras
network-object Unix_Serial_Range 255.255.255.0
network-object WindowsServer_VLAN 255.255.255.0
network-object Squalicum_SecurityCamera_VLAN 255.255.255.0
network-object Orchard_SecurityCamera_VLAN 255.255.255.0
object-group network Servers
network-object bcs-dc1 255.255.255.255
network-object bcs-dc2 255.255.255.255
network-object bcs-es1 255.255.255.255
access-list outside_access_in remark Allow inbound mail to Barracuda
access-list outside_access_in extended permit tcp any host 216.57.214.2 eq smtp
access-list outside_access_in extended permit tcp any host 216.57.214.2 eq www
access-list outside_access_in remark allow secure web inbound to web server
access-list outside_access_in extended permit tcp any host 216.57.214.2 eq https
access-list outside_access_in remark Inbound OWA
access-list outside_access_in extended permit tcp any host 216.57.214.4 eq https
access-list outside_access_in remark Allow inbound mail to Barracuda
access-list outside_access_in remark allow secure web inbound to web server
access-list outside_access_in remark Inbound OWA
access-list outside_access_in remark VPN Traffic
access-list outside_access_in remark VPN Traffic
access-list outside_access_in remark DMZ VPN Traffic
access-list outside_access_in remark Squalicum Generator
access-list outside_access_in remark Orchard Generator
access-list outside_access_in remark NSNW inbound RDP
access-list outside_access_in extended permit tcp any host 216.57.214.2 eq ftp
access-list outside_access_in extended permit icmp any any echo-reply
access-list outside_access_in extended permit icmp any any time-exceeded
access-list outside_access_in remark VPN Traffic
access-list outside_access_in extended permit ip 172.16.0.0 255.255.255.0 any
access-list outside_access_in remark VPN Traffic
access-list outside_access_in extended permit ip 172.16.3.0 255.255.255.0 any
access-list outside_access_in extended deny ip 172.16.1.0 255.255.255.0 216.57.214.0 255.255.255.0
access-list outside_access_in remark DMZ VPN Traffic
access-list outside_access_in extended permit ip 172.16.2.0 255.255.255.0 any
access-list outside_access_in remark Squalicum Generator
access-list outside_access_in extended permit tcp any host 216.57.214.2 eq 8000
access-list outside_access_in remark Orchard Generator
access-list outside_access_in extended permit tcp any host 216.57.214.2 eq 8001
access-list outside_access_in extended permit ip 192.168.200.0 255.255.255.0 any
access-list outside_access_in extended permit ip 192.168.201.0 255.255.255.0 object-group Users
access-list outside_access_in extended permit ip 192.168.202.0 255.255.255.0 object-group Engineering
access-list outside_access_in extended permit ip 192.168.202.0 255.255.255.0 object-group Servers
access-list outside_access_in extended permit ip 192.168.203.0 255.255.255.0 object-group WirelessSupport
access-list outside_access_in extended permit ip NSNW_Int 255.255.255.0 any
access-list outside_access_in extended permit ip 192.168.205.0 255.255.255.0 host hench01
access-list outside_access_in extended permit ip 192.168.205.0 255.255.255.0 host hench02
access-list outside_access_in extended permit icmp any any
access-list inside_access_in extended permit tcp any any eq domain log
access-list inside_access_in extended permit udp any any eq domain log
access-list inside_access_in extended permit icmp any any echo-reply
access-list inside_access_in extended permit ip any any
access-list inside_outbound_nat0_acl extended permit ip any 172.16.0.0 255.255.255.0
access-list inside_outbound_nat0_acl extended permit ip Squalicum_EngineRoom_VLAN 255.255.255.0 192.168.205.0 255.255.255.0
access-list inside_outbound_nat0_acl extended permit ip any 172.16.3.0 255.255.255.0
access-list inside_outbound_nat0_acl extended permit ip any 192.168.200.0 255.255.255.0
access-list inside_outbound_nat0_acl extended permit ip Unix_Serial_Range 255.255.255.0 192.168.201.0 255.255.255.0
access-list inside_outbound_nat0_acl extended permit ip WindowsServer_VLAN 255.255.255.0 192.168.201.0 255.255.255.0
access-list inside_outbound_nat0_acl extended permit ip WindowsServer_VLAN 255.255.255.0 192.168.202.0 255.255.255.0
access-list inside_outbound_nat0_acl extended permit ip Unix_Serial_Range 255.255.255.0 192.168.202.0 255.255.255.0
access-list inside_outbound_nat0_acl extended permit ip Squalicum_EngineeringWS_VLAN 255.255.255.0 192.168.202.0 255.255.255.0
access-list inside_outbound_nat0_acl extended permit ip Squalicum_Hench_VLAN 255.255.255.0 192.168.202.0 255.255.255.0
access-list inside_outbound_nat0_acl extended permit ip Squalicum_EngineRoom_VLAN 255.255.255.0 192.168.202.0 255.255.255.0
access-list inside_outbound_nat0_acl extended permit ip Squalicum_Generator_VLAN 255.255.255.0 192.168.202.0 255.255.255.0
access-list inside_outbound_nat0_acl extended permit ip Orchard_Logix_VLAN 255.255.255.0 192.168.202.0 255.255.255.0
access-list inside_outbound_nat0_acl extended permit ip Orchard_EngineRoom_VLAN 255.255.255.0 192.168.202.0 255.255.255.0
access-list inside_outbound_nat0_acl extended permit ip Orchard_Generator_VLAN 255.255.255.0 192.168.202.0 255.255.255.0
access-list inside_outbound_nat0_acl extended permit ip Orchard_WirelessMgmt_VLAN 255.255.255.0 192.168.203.0 255.255.255.0
access-list inside_outbound_nat0_acl extended permit ip Orchard_WirelessClient_VLAN 255.255.255.0 192.168.203.0 255.255.255.0
access-list inside_outbound_nat0_acl extended permit ip Squalicum_WirelessCntrl_VLAN 255.255.255.0 192.168.203.0 255.255.255.0
access-list inside_outbound_nat0_acl extended permit ip Unix_Serial_Range 255.255.255.0 192.168.204.0 255.255.255.0
access-list inside_outbound_nat0_acl extended permit ip WindowsServer_VLAN 255.255.255.0 192.168.204.0 255.255.255.0
access-list inside_outbound_nat0_acl extended permit ip Squalicum_SecurityCamera_VLAN 255.255.255.0 192.168.204.0 255.255.255.0
access-list inside_outbound_nat0_acl extended permit ip Orchard_SecurityCamera_VLAN 255.255.255.0 192.168.204.0 255.255.255.0
access-list outside_cryptomap_dyn_20 extended permit ip any 172.16.0.0 255.255.255.0
access-list outside_cryptomap_dyn_20 extended permit ip any 172.16.3.0 255.255.255.0
access-list outside_cryptomap_dyn_20 extended permit ip any 192.168.200.0 255.255.255.0
access-list bcs-vpn_splitTunnelAcl extended permit ip 192.168.0.0 255.255.0.0 any
access-list hench-vpn_splitTunnelAcl_1 extended permit ip Squalicum_EngineRoom_VLAN 255.255.255.0 any
access-list dmz_outbound_nat0_acl extended permit ip 192.168.20.0 255.255.255.0 172.16.2.0 255.255.255.0
access-list outside_cryptomap_dyn_60 extended permit ip any 172.16.2.0 255.255.255.0
access-list dmz_access_in remark dmz outbound rule
access-list dmz_access_in extended permit ip any any
access-list dmz_access_in extended permit tcp any any
access-list dmz_access_in remark dmz outbound rule
access-list bcs-user_splitTunnelAcl extended permit ip Unix_Serial_Range 255.255.255.0 any
access-list bcs-user_splitTunnelAcl extended permit ip WindowsServer_VLAN 255.255.255.0 any
access-list outside_cryptomap_dyn_80 extended permit ip any 192.168.201.0 255.255.255.0
access-list bcs-engineer_splitTunnelAcl extended permit ip WindowsServer_VLAN 255.255.255.0 any
access-list bcs-engineer_splitTunnelAcl extended permit ip Unix_Serial_Range 255.255.255.0 any
access-list bcs-engineer_splitTunnelAcl extended permit ip Squalicum_EngineeringWS_VLAN 255.255.255.0 any
access-list bcs-engineer_splitTunnelAcl extended permit ip Squalicum_Hench_VLAN 255.255.255.0 any
access-list bcs-engineer_splitTunnelAcl extended permit ip Squalicum_EngineRoom_VLAN 255.255.255.0 any
access-list bcs-engineer_splitTunnelAcl extended permit ip Squalicum_Generator_VLAN 255.255.255.0 any
access-list bcs-engineer_splitTunnelAcl extended permit ip Orchard_Logix_VLAN 255.255.255.0 any
access-list bcs-engineer_splitTunnelAcl extended permit ip Orchard_EngineRoom_VLAN 255.255.255.0 any
access-list bcs-engineer_splitTunnelAcl extended permit ip Orchard_Generator_VLAN 255.255.255.0 any
access-list outside_cryptomap_dyn_100 extended permit ip any 192.168.202.0 255.255.255.0
access-list bcs-wireless_splitTunnelAcl extended permit ip Orchard_WirelessMgmt_VLAN 255.255.255.0 any
access-list bcs-wireless_splitTunnelAcl extended permit ip Orchard_WirelessClient_VLAN 255.255.255.0 any
access-list bcs-wireless_splitTunnelAcl extended permit ip Squalicum_WirelessCntrl_VLAN 255.255.255.0 any
access-list outside_cryptomap_dyn_120 extended permit ip any 192.168.203.0 255.255.255.0
access-list bcs-usercam_splitTunnelAcl extended permit ip Unix_Serial_Range 255.255.255.0 any
access-list bcs-usercam_splitTunnelAcl extended permit ip WindowsServer_VLAN 255.255.255.0 any
access-list bcs-usercam_splitTunnelAcl extended permit ip Squalicum_SecurityCamera_VLAN 255.255.255.0 any
access-list bcs-usercam_splitTunnelAcl extended permit ip Orchard_SecurityCamera_VLAN 255.255.255.0 any
access-list outside_cryptomap_dyn_140 extended permit ip any 192.168.204.0 255.255.255.0
access-list outside_cryptomap_dyn_160 extended permit ip any 192.168.205.0 255.255.255.0
pager lines 24
logging enable
logging buffered emergencies
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool general-pool 192.168.200.1-192.168.200.254 mask 255.255.255.0
ip local pool user-pool 192.168.201.1-192.168.201.254 mask 255.255.255.0
ip local pool engineer-pool 192.168.202.1-192.168.202.254 mask 255.255.255.0
ip local pool wirelesssupport-pool 192.168.203.1-192.168.203.254 mask 255.255.255.0
ip local pool usercam-pool 192.168.204.1-192.168.204.254 mask 255.255.255.0
ip local pool hench-pool 192.168.205.1-192.168.205.254 mask 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp 216.57.214.2 smtp barracuda smtp netmask 255.255.255.255
static (inside,outside) tcp 216.57.214.2 8000 Squalicum_Generator www netmask 255.255.255.255
static (inside,outside) tcp 216.57.214.2 8001 Orchard_Generator www netmask 255.255.255.255
static (inside,outside) tcp 216.57.214.2 https Flashconnect https netmask 255.255.255.255
static (inside,outside) tcp 216.57.214.2 www Flashconnect www netmask 255.255.255.255
static (inside,outside) tcp 216.57.214.2 ftp 192.168.10.73 ftp netmask 255.255.255.255
static (inside,outside) 216.57.214.4 bcs-es1 netmask 255.255.255.255
access-group inside_access_in in interface inside
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 216.57.214.1 1
route inside 192.168.0.0 255.255.0.0 172.16.0.2 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server RADIUS protocol radius
aaa-server RADIUS (inside) host bcs-dc1
timeout 5
key BC5RADIU5
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ (outside) host 216.57.213.44
timeout 5
key 0snwr0uters
url-server (inside) vendor websense host bcs-dc2 timeout 10 protocol TCP version 4 connections 5
aaa authentication telnet console LOCAL
aaa authentication http console TACACS+ LOCAL
aaa authentication ssh console TACACS+ LOCAL
filter url 443 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0
filter ftp 21 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0
filter url http 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow
http server enable 5000
http 192.168.1.0 255.255.255.0 inside
http 216.57.213.0 255.255.255.224 outside
http 172.16.0.0 255.255.255.0 inside
http 192.168.0.0 255.255.0.0 inside
snmp-server host inside 192.168.10.76 community bc55nmp
snmp-server host inside bcs-es1 community bc55nmp
snmp-server host outside 216.57.213.44 community bc55nmp
snmp-server location BCS
no snmp-server contact
snmp-server community *****
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-AES-256-SHA ESP-3DES-SHA ESP-3DES-MD5
crypto dynamic-map outside_dyn_map 20 set security-association lifetime seconds 86400
crypto dynamic-map outside_dyn_map 20 set security-association lifetime kilobytes 4608000
crypto dynamic-map outside_dyn_map 40 set transform-set ESP-AES-256-SHA ESP-3DES-SHA ESP-3DES-MD5
crypto dynamic-map outside_dyn_map 60 match address outside_cryptomap_dyn_60
crypto dynamic-map outside_dyn_map 60 set transform-set ESP-AES-256-SHA ESP-3DES-SHA ESP-3DES-MD5
crypto dynamic-map outside_dyn_map 80 match address outside_cryptomap_dyn_80
crypto dynamic-map outside_dyn_map 80 set transform-set ESP-AES-256-SHA ESP-3DES-SHA ESP-3DES-MD5
crypto dynamic-map outside_dyn_map 100 match address outside_cryptomap_dyn_100
crypto dynamic-map outside_dyn_map 100 set transform-set ESP-AES-256-SHA ESP-DES-SHA ESP-3DES-MD5
crypto dynamic-map outside_dyn_map 120 match address outside_cryptomap_dyn_120
crypto dynamic-map outside_dyn_map 120 set transform-set ESP-AES-256-SHA ESP-3DES-SHA ESP-3DES-MD5
crypto dynamic-map outside_dyn_map 140 match address outside_cryptomap_dyn_140
crypto dynamic-map outside_dyn_map 140 set transform-set ESP-AES-256-SHA ESP-3DES-SHA ESP-3DES-MD5
crypto dynamic-map outside_dyn_map 160 match address outside_cryptomap_dyn_160
crypto dynamic-map outside_dyn_map 160 set transform-set ESP-AES-256-SHA ESP-3DES-SHA ESP-3DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto isakmp policy 20
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 30
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
telnet timeout 5
ssh Unix_Serial_Range 255.255.255.0 inside
ssh WindowsServer_VLAN 255.255.255.0 inside
ssh 216.57.213.40 255.255.255.248 outside
ssh 216.57.213.0 255.255.255.224 outside
ssh timeout 5
ssh version 2
console timeout 0
dhcpd auto_config outside
!

threat-detection basic-threat
threat-detection scanning-threat
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
threat-detection statistics host number-of-rate 3
no threat-detection statistics tcp-intercept
ntp server 216.57.213.53 source outside prefer
webvpn
group-policy DfltGrpPolicy attributes
dns-server value 192.168.11.10 192.168.11.11
default-domain value bcs.com
group-policy bcs-usercam internal
group-policy bcs-usercam attributes
split-tunnel-policy tunnelspecified
split-tunnel-network-list value bcs-usercam_splitTunnelAcl
group-policy bcs-vpn internal
group-policy bcs-vpn attributes
split-tunnel-policy tunnelspecified
split-tunnel-network-list value bcs-vpn_splitTunnelAcl
group-policy bcs-user internal
group-policy bcs-user attributes
split-tunnel-policy tunnelspecified
split-tunnel-network-list value bcs-user_splitTunnelAcl
group-policy bcs-engineer internal
group-policy bcs-engineer attributes
split-tunnel-policy tunnelspecified
split-tunnel-network-list value bcs-engineer_splitTunnelAcl
group-policy bcs-wireless internal
group-policy bcs-wireless attributes
split-tunnel-policy tunnelspecified
split-tunnel-network-list value bcs-wireless_splitTunnelAcl
group-policy hench-vpn internal
group-policy hench-vpn attributes
split-tunnel-policy tunnelspecified
split-tunnel-network-list value hench-vpn_splitTunnelAcl_1
username admin password fHRyC0/vFs3I7QAR encrypted privilege 15
username nsn-msp password mrfEoKJfOotToE7c encrypted privilege 15
tunnel-group bcs-vpn type remote-access
tunnel-group bcs-vpn general-attributes
address-pool general-pool
authentication-server-group RADIUS LOCAL
default-group-policy bcs-vpn
password-management
tunnel-group bcs-vpn ipsec-attributes
pre-shared-key *
tunnel-group bcs-user type remote-access
tunnel-group bcs-user general-attributes
address-pool user-pool
authentication-server-group RADIUS LOCAL
default-group-policy bcs-user
password-management
tunnel-group bcs-user ipsec-attributes
pre-shared-key *
tunnel-group bcs-engineer type remote-access
tunnel-group bcs-engineer general-attributes
address-pool engineer-pool
authentication-server-group RADIUS LOCAL
default-group-policy bcs-engineer
password-management
tunnel-group bcs-engineer ipsec-attributes
pre-shared-key *
tunnel-group bcs-wireless type remote-access
tunnel-group bcs-wireless general-attributes
address-pool wirelesssupport-pool
authentication-server-group RADIUS LOCAL
default-group-policy bcs-wireless
password-management
tunnel-group bcs-wireless ipsec-attributes
pre-shared-key *
tunnel-group bcs-usercam type remote-access
tunnel-group bcs-usercam general-attributes
address-pool usercam-pool
authentication-server-group RADIUS LOCAL
default-group-policy bcs-usercam
password-management
tunnel-group bcs-usercam ipsec-attributes
pre-shared-key *
tunnel-group hench-vpn type remote-access
tunnel-group hench-vpn general-attributes
address-pool hench-pool
authentication-server-group RADIUS LOCAL
default-group-policy hench-vpn
password-management
tunnel-group hench-vpn ipsec-attributes
pre-shared-key *
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
  inspect icmp
  inspect ftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:e66ee20991106f444c9f90f806f3e2d7
: end

0 Helpful
Customers Also Viewed These Support Documents