Result of the command: "group-policy test attributes"

group-policy test attributes

                  ^

ERROR: % Invalid input detected at '^' marker.

Result of the command: "anyconnect ssl dtls enable"

anyconnect ssl dtls enable

^

ERROR: % Invalid input detected at '^' marker.

Hi Jessie,

I think you got it all wrong.

He gave you a sample configuration and you have to enable the DTLS in the group-policy that you are using.

I hope you got it.

Thanks

Jeet

Actually, I do not. Can you please show me the command?

Thank you

Jessie

Jessie,

Those are the commands but you need to chnage the name "test " with the group-policy that you are getting (or using).

Thanks

Jeet Kumar

Jessie,

Please share your configuration of ASA. I will let you know the exact commands you need to put on ASA.

Regards,

Naresh

Thank you

-----------------------------------------------------------------------------------------------------------------------------

!

interface Vlan1

nameif inside

security-level 100

ip address 192.168.0.3 255.255.255.0

!

interface Vlan2

nameif outside

security-level 0

ip address 208.x.x.162 255.255.255.248

!

interface Vlan5

shutdown

no forward interface Vlan1

nameif dmz

security-level 50

ip address dhcp setroute

!

interface Ethernet0/0

switchport access vlan 2

!

interface Ethernet0/1

!

interface Ethernet0/2

!

interface Ethernet0/3

!

interface Ethernet0/4

!

interface Ethernet0/5

!

interface Ethernet0/6

!

interface Ethernet0/7

!

ftp mode passive

clock timezone PST -8

clock summer-time PDT recurring

dns domain-lookup inside

dns server-group DefaultDNS

name-server 192.168.0.4

name-server 208.x.x.11

same-security-traffic permit intra-interface

object-group protocol TCPUDP

protocol-object udp

protocol-object tcp

object-group service TS-780 tcp-udp

port-object eq 780

object-group service Graphon tcp-udp

port-object eq 491

object-group service Allworx-2088 udp

port-object eq 2088

object-group service allworx-15000 udp

port-object range 15000 15511

object-group service allworx-2088 udp

port-object eq 2088

object-group service allworx-5060 udp

port-object eq sip

object-group service allworx-8081 tcp

port-object eq 8081

object-group service allworx-web tcp

port-object eq 8080

object-group service allworx udp

port-object range 16001 16010

object-group service allworx- udp

port-object range 16384 16393

object-group service remote tcp-udp

port-object eq 779

object-group service billing1 tcp-udp

port-object eq 8080

object-group service billing-1521 tcp-udp

port-object eq 1521

object-group service billing-6233 tcp-udp

port-object range 6233 6234

object-group service billing2-3389 tcp-udp

port-object eq 3389

object-group service olivia-3389 tcp-udp

port-object eq 3389

object-group service olivia-777 tcp-udp

port-object eq 777

object-group network group

network-object host 192.168.0.15

network-object host 192.168.0.4

object-group service allworx1 tcp-udp

description 8080

port-object eq 8080

object-group service allworx_15000 udp

port-object range 15000 15511

object-group service allworx_16384 udp

port-object range 16384 16393

object-group service DM_INLINE_UDP_1 udp

group-object allworx_16384

port-object range 16384 16403

object-group service allworx-5061 udp

port-object range 5061 5062

object-group service ananit tcp-udp

port-object eq 880

access-list outside_access_in extended permit object-group TCPUDP any host 208.x.x.164 object-group billing-6233

access-list outside_access_in extended permit object-group TCPUDP any host 208.x.x.164 object-group billing-1521

access-list outside_access_in extended permit object-group TCPUDP any host 208.x.x.164 object-group billing2-3389

access-list outside_access_in extended permit tcp any host 208.x.x.164 eq https

access-list outside_access_in extended permit tcp any host 208.x.x.164 eq www

access-list outside_access_in extended permit tcp any host 208.x.x.164 eq ftp

access-list outside_access_in extended permit object-group TCPUDP any host 208.x.x.164 object-group billing1

access-list outside_access_in extended permit object-group TCPUDP any host 208.x.x.162 eq domain

access-list outside_access_in extended permit tcp any host 208.x.x.162 eq www

access-list outside_access_in extended permit object-group TCPUDP any host 208.x.x.162 object-group remote

access-list outside_access_in extended permit tcp any host 208.x.x.162 eq smtp

access-list outside_access_in extended permit object-group TCPUDP any host 208.x.x.162 object-group olivia-777

access-list outside_access_in extended permit udp any host 208.x.x.162 object-group Allworx-2088 inactive

access-list outside_access_in extended permit udp any host 208.x.x.162 object-group allworx-5060 inactive

access-list outside_access_in extended permit tcp any host 208.x.x.162 object-group allworx-web inactive

access-list outside_access_in extended permit tcp any host 208.x.x.162 object-group allworx-8081 inactive

access-list outside_access_in extended permit udp any host 208.x.x.162 object-group allworx-15000 inactive

access-list outside_access_in extended permit udp any host 208.x.x.162 object-group DM_INLINE_UDP_1 inactive

access-list outside_access_in extended permit udp any host 208.x.x.162 object-group allworx-5061 inactive

access-list outside_access_in extended permit object-group TCPUDP any host 208.x.x.162 object-group ananit inactive

access-list inside_nat0_outbound extended permit ip 192.168.0.0 255.255.255.0 172.16.0.0 255.255.0.0

access-list inside_nat0_outbound extended permit ip 192.168.0.0 255.255.255.0 192.168.1.0 255.255.255.0

access-list inside_nat0_outbound extended permit ip 192.168.0.0 255.255.255.0 192.168.100.0 255.255.255.0

access-list outside_20_cryptomap extended permit ip 192.168.0.0 255.255.255.0 172.16.0.0 255.255.0.0

access-list ping extended permit icmp any any echo-reply

access-list inside_access_in extended permit ip any any

access-list outside_cryptomap extended permit ip 192.168.0.0 255.255.255.0 192.168.1.0 255.255.255.0

access-list 1 standard permit 192.168.0.0 255.255.255.0

pager lines 24

logging enable

logging buffered notifications

logging asdm informational

mtu inside 1500

mtu outside 1500

mtu dmz 1500

ip local pool remote_pool 192.168.100.30-192.168.100.60 mask 255.255.255.0

ip local pool remote 192.168.0.20-192.168.0.50 mask 255.255.255.0

icmp unreachable rate-limit 1 burst-size 1

no asdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 0 access-list inside_nat0_outbound

nat (inside) 1 0.0.0.0 0.0.0.0

nat (outside) 1 192.168.0.0 255.255.255.0

nat (outside) 1 192.168.100.0 255.255.255.0

alias (inside) 192.168.0.4 99.x.x.65 255.255.255.255

static (inside,outside) tcp interface smtp 192.168.0.4 smtp netmask 255.255.255.255

static (inside,outside) tcp interface domain 192.168.0.4 domain netmask 255.255.255.255

static (inside,outside) tcp interface www 192.168.0.4 www netmask 255.255.255.255

static (inside,outside) tcp interface 777 192.168.0.15 777 netmask 255.255.255.255

static (inside,outside) tcp interface 779 192.168.0.4 779 netmask 255.255.255.255

static (inside,outside) udp interface domain 192.168.0.4 domain netmask 255.255.255.255

static (inside,outside) tcp interface 880 192.168.0.16 880 netmask 255.255.255.255

static (inside,outside) tcp 208.x.x.164 3389 192.168.0.185 3389 netmask 255.255.255.255

access-group inside_access_in in interface inside

access-group outside_access_in in interface outside

route outside 0.0.0.0 0.0.0.0 208.x.x.161 1

route inside 192.168.50.0 255.255.255.0 192.168.0.1 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

dynamic-access-policy-record DfltAccessPolicy

http server enable

http 192.168.0.0 255.255.255.0 inside

http 192.168.0.3 255.255.255.255 inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

sysopt noproxyarp inside

crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac

crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac

crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac

crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac

crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac

crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac

crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac

crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac

crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

crypto map outside_map 1 match address outside_cryptomap

crypto map outside_map 1 set pfs

crypto map outside_map 1 set peer 108.x.x.97

crypto map outside_map 1 set transform-set ESP-3DES-SHA

crypto map outside_map 20 match address outside_20_cryptomap

crypto map outside_map 20 set pfs

crypto map outside_map 20 set peer 69.x.x.54

crypto map outside_map 20 set transform-set ESP-3DES-SHA

crypto map outside_map interface outside

crypto isakmp enable outside

crypto isakmp policy 5

authentication pre-share

encryption 3des

hash sha

group 2

lifetime none

crypto isakmp policy 30

authentication pre-share

encryption 3des

hash sha

group 1

lifetime none

telnet timeout 5

ssh timeout 5

console timeout 0

dhcp-client client-id interface dmz

dhcpd auto_config outside

!

dhcpd address 192.168.0.20-192.168.0.50 inside

dhcpd dns 192.168.0.4 208.x.x.11 interface inside

dhcpd enable inside

!

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

webvpn

enable outside

svc image disk0:/anyconnect-win-2.5.2014-k9.pkg 1

svc enable

tunnel-group-list enable

group-policy DfltGrpPolicy attributes

group-policy olivia internal

group-policy olivia attributes

dns-server value 192.168.0.4

vpn-tunnel-protocol svc webvpn

webvpn

  url-list none

  svc ask enable

tunnel-group 69.x.x.54 type ipsec-l2l

tunnel-group 69.x.x.54 ipsec-attributes

pre-shared-key *

tunnel-group 108.x.x.97 type ipsec-l2l

tunnel-group 108.x.x.97 ipsec-attributes

pre-shared-key *

tunnel-group olivia type remote-access

tunnel-group olivia general-attributes

address-pool remote_pool

default-group-policy olivia

tunnel-group olivia webvpn-attributes

group-alias olivia enable

!

class-map global-class

match default-inspection-traffic

!

!

policy-map global-policy

class global-class

  inspect icmp

!

service-policy global-policy global

prompt hostname context

: end

asdm location 208.x.x.164 255.255.255.255 inside

asdm location 192.168.0.15 255.255.255.255 inside

asdm location 192.168.50.0 255.255.255.0 inside

asdm location 192.168.1.0 255.255.255.0 inside

no asdm history enable

Try following commands:-

group-policy ollivia attributes

webvpn     

  anyconnect ssl dtls enable

anyconnect ssl compression none

anyconnect dtls compression none

Regards,

Naresh

Result of the command: "anyconnect ssl dtls enable"

anyconnect ssl dtls enable

^

ERROR: % Invalid input detected at '^' marker.

Try

group-policy ollivia attributes

webvpn

svc dtls enable

svc compression none

Thanks

Result of the command: "svc dtls enable"

svc dtls enable

^

ERROR: % Invalid input detected at '^' marker.