- Cisco Community
- Technology and Support
- Security
- VPN
- Proceed to post the
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Cisco Client VPN - RDP hangs at Securing connection
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-13-2015 12:34 AM
Hello,
I am currently having an issue with ipsec ikev1 vpn cisco client and RDP. When I connect using the cisco client I can ping almost anything on the lan but can't access anything via RDP or any other protocol. If I try to access asdm it tries to initiate he connection but then fails. When I try to connect to any servers via RDP it also initiates the connection and allows me to enter my credentials, but gets stuck at "Securing Connection." The odd part is we are also testing the anyconnect client and that seems to work without any issues. Has anyone come across this issue?
- Labels:
-
VPN
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-13-2015 08:29 AM
Hi,
On this case make sure that there is not a VPN filter applied to the group policy, so it is closing out the ports to be used. Also make sure the MTU given by the VPN client is 1400 or 1500 so the packets won't be fragmented. Is this happening on all OS?
David Castro,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-13-2015 02:30 PM
Thank you for the reply.
Looking at the filters I do have my extended acl on that group policy. If I remove it and try to ping any hosts it denies and actually comes up in the log. When I uncheck "Inherit" from the "Filter" section and select my extended acl I am able to ping my hosts but thats about it. Again what I find weird is that with anyconnect it works fine.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-13-2015 06:09 PM
Proceed to post the configuration and pecify which is the tunnel gorup and group policy!
David Castro,
Regards
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-14-2015 10:10 AM
Here is the config. I have put a "<---for ravpn comment" for everything hope I got everything. Also the attached image shows a lot of the bypassed packets while connected. Thanks for taking a look
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
names
ip local pool ip_pool_one 10.4.4.120-10.4.4.130 mask 255.255.255.0
ip local pool AnyC-vpn150 192.168.150.1-192.168.150.250 mask 255.255.255.0
ip local pool ravpn100 192.168.100.100-192.168.100.150 mask 255.255.255.0<--ip pool for ravpn
!
interface Ethernet0/0
nameif inside
security-level 100
ip address 10.4.4.2 255.255.255.0
!
interface Ethernet0/1
nameif Outside
security-level 0
ip address 1.1.1.2 255.255.255.224
!
interface Ethernet0/2
no nameif
security-level 3
no ip address
!
boot system disk0:/asa915-k8.bin
ftp mode passive
clock timezone PST -8
clock summer-time PDT recurring
dns domain-lookup inside
dns domain-lookup Outside
dns domain-lookup man
dns server-group DefaultDNS
name-server 10.4.4.45
name-server 10.4.4.44
domain-name domain.com
dns server-group domaininc.com
name-server 10.4.4.45
name-server 10.4.4.44
domain-name domaininc.com
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network obj-10.4.4.0
subnet 10.4.4.0 255.255.255.0
object network obj-10.0.0.0
subnet 10.0.0.0 255.0.0.0
object network SitetoSiteColo
subnet 172.16.0.0 255.255.0.0
object network obj-10.5.5.0
subnet 10.5.5.0 255.255.255.0
object network Colo-vpn200
subnet 192.168.200.0 255.255.255.0
object network AnyC-vpn150
subnet 192.168.150.0 255.255.255.0
object network NETWORK_OBJ_192.168.150.0_24
subnet 192.168.150.0 255.255.255.0
object network NETWORK_OBJ_192.168.100.0_24 <--- For ravpn
subnet 192.168.100.0 255.255.255.0
object-group network everyone
description All internal ip's
network-object 10.2.10.0 255.255.255.0
network-object 10.4.4.0 255.255.255.0
network-object 192.168.1.0 255.255.255.0
group-object tls
object-group service RDP tcp
description Remote Desktop
port-object eq 3389
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
object-group service DM_INLINE_SERVICE_1
service-object gre
service-object tcp destination eq pptp
object-group service DM_INLINE_TCP_2 tcp
group-object Mail
group-object tls
group-object webmail
object-group service DM_INLINE_SERVICE_2
service-object gre
service-object tcp destination eq pptp
object-group service DM_INLINE_SERVICE_3
service-object gre
service-object tcp destination eq pptp
object-group protocol DM_INLINE_PROTOCOL_1
protocol-object ip
protocol-object udp
protocol-object tcp
object-group protocol DM_INLINE_PROTOCOL_2
protocol-object ip
protocol-object tcp
object-group protocol DM_INLINE_PROTOCOL_3
protocol-object ip
protocol-object tcp
object-group service DM_INLINE_SERVICE_4
service-object tcp destination eq domain
service-object udp destination eq domain
object-group service DM_INLINE_TCP_3 tcp
port-object eq smtp
group-object web
object-group network DM_INLINE_NETWORK_1
network-object object NETWORK_OBJ_10.0.0.0_8
network-object object NETWORK_OBJ_172.16.1.0_24
network-object object obj-10.5.5.0
object-group network DM_INLINE_NETWORK_2
network-object object NETWORK_OBJ_10.0.0.0_8
network-object object NETWORK_OBJ_172.16.1.0_24
network-object object NETWORK_OBJ_192.168.150.0_24
access-list Servers_access_in extended permit tcp 192.168.1.0 255.255.255.0 any4
access-list Servers_access_in extended permit tcp 10.4.4.0 255.255.255.0 any4
access-list Servers_access_in extended permit icmp 10.4.4.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list Servers_access_in extended permit tcp 10.4.4.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list Servers_access_in extended permit ip 10.4.4.0 255.255.255.0 any4
access-list Servers_access_in extended permit udp any4 any4
access-list Servers_access_in extended permit ip 10.4.4.0 255.255.255.0 10.5.5.0 255.255.255.0
access-list Servers_access_in extended permit tcp 10.4.4.0 255.255.255.0 10.5.5.0 255.255.255.0
access-list Servers_access_in extended permit ip 10.4.4.0 255.255.255.0 object obj-10.5.5.0
access-list Servers_access_in extended permit ip 10.4.4.0 255.255.255.0 172.16.1.0 255.255.255.0
access-list Servers_access_in extended permit ip 172.16.1.0 255.255.255.0 10.4.4.0 255.255.255.0
access-list Servers_access_in extended permit ip object obj-10.5.5.0 10.4.4.0 255.255.255.0
access-list Servers_access_in extended permit ip object AnyC-vpn150 any
access-list capin extended permit icmp host 192.168.1.33 host 10.4.4.60
access-list Servers_access_out extended permit tcp 10.4.4.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list Servers_access_out extended permit icmp any4 any4
access-list Servers_access_out extended permit tcp 10.4.4.0 255.255.255.0 any4
access-list Servers_access_out extended permit tcp any4 any4
access-list Servers_access_out extended permit udp any4 any4
access-list Servers_access_out extended permit icmp any4 192.168.2.0 255.255.255.0
access-list Servers_access_out extended permit tcp any4 192.168.2.0 255.255.255.0
access-list Servers_access_out extended permit ip any4 10.0.0.0 255.255.255.0
access-list Servers_access_out extended permit tcp any4 10.0.0.0 255.255.255.0
access-list Management_nat0_outbound extended permit ip any4 10.4.4.0 255.255.255.0
access-list Outside_cryptomap extended permit ip 10.4.4.0 255.255.255.0 object NETWORK_OBJ_172.16.1.0_24
access-list Outside_cryptomap extended permit ip 10.4.4.0 255.255.255.0 object obj-10.5.5.0
access-list Outside_cryptomap extended permit ip 10.4.4.0 255.255.255.0 object Colo-vpn200
access-list Outside_cryptomap extended permit ip object AnyC-vpn150 object obj-10.5.5.0
access-list Outside_cryptomap extended permit ip object AnyC-vpn150 object NETWORK_OBJ_172.16.1.0_24
access-list infrominternet extended permit icmp any any
access-list vpn-AnyC remark VPN for AnyC
access-list vpn-AnyC extended permit ip object NETWORK_OBJ_10.4.4.0_24 object AnyC-vpn150
access-list vpn-AnyC extended permit ip object obj-10.5.5.0 object AnyC-vpn150
access-list vpn-AnyC extended permit ip object NETWORK_OBJ_172.16.1.0_24 object AnyC-vpn150
access-list splitvpnravpn standard permit 192.168.100.0 255.255.255.0
access-list ravpn_splitTunnelAcl standard permit 10.0.0.0 255.0.0.0 <--- For ravpn
access-list ravpn_splitTunnelAcl standard permit 172.16.1.0 255.255.255.0 <--- For ravpn
access-list ravpn_splitTunnelAcl standard permit 192.168.150.0 255.255.255.0 <--- For ravpn
access-list ravpnusers1_splitTunnelAcl standard permit 10.0.0.0 255.0.0.0
access-list ravpnusers1_splitTunnelAcl standard permit 172.16.1.0 255.255.255.0
access-list ravpnusers1_splitTunnelAcl standard permit 10.5.5.0 255.255.255.0
pager lines 24
logging enable
logging buffered warnings
logging trap warnings
logging asdm warnings
logging permit-hostdown
mtu inside 1500
mtu Outside 1500
mtu man 1500
mtu Management 1500
ip verify reverse-path interface man
no famanver
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
icmp permit any Outside
icmp permit any man
asdm image disk0:/asdm-722.bin
no asdm history enable
arp timeout 14400
arp permit-nonconnected
nat (inside,any) source static obj-10.4.4.0 obj-10.4.4.0 destination static obj-192.168.4.0 obj-192.168.4.0 no-proxy-arp
nat (inside,any) source static obj-10.4.4.0 obj-10.4.4.0 destination static obj-192.168.3.0 obj-192.168.3.0 no-proxy-arp
nat (inside,any) source static obj-10.4.4.0 obj-10.4.4.0 destination static obj-192.168.2.0 obj-192.168.2.0 no-proxy-arp
nat (inside,any) source static obj-10.4.4.0 obj-10.4.4.0 destination static obj-10.0.0.0 obj-10.0.0.0 no-proxy-arp route-lookup
nat (inside,Outside) source static NETWORK_OBJ_10.4.4.0_24 NETWORK_OBJ_10.4.4.0_24 destination static NETWORK_OBJ_172.16.1.0_24 NETWORK_OBJ_172.16.1.0_24 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.4.4.0 obj-10.4.4.0 destination static obj-10.5.5.0 obj-10.5.5.0 no-proxy-arp route-lookup
nat (Management,inside) source static any any destination static obj-10.4.4.0 obj-10.4.4.0 no-proxy-arp route-lookup
nat (Management,Outside) source static any any destination static obj-10.4.4.0 obj-10.4.4.0 no-proxy-arp route-lookup
nat (Management,man) source static any any destination static obj-10.4.4.0 obj-10.4.4.0 no-proxy-arp route-lookup
nat (Management,Management) source static any any destination static obj-10.4.4.0 obj-10.4.4.0 no-proxy-arp route-lookup
nat (inside,Outside) source static NETWORK_OBJ_10.4.4.0_24 NETWORK_OBJ_10.4.4.0_24 destination static SitetoSiteColo SitetoSiteColo no-proxy-arp route-lookup inactive
nat (inside,Outside) source static NETWORK_OBJ_10.4.4.0_24 NETWORK_OBJ_10.4.4.0_24 destination static NETWORK_OBJ_172.16.0.0_16 NETWORK_OBJ_172.16.0.0_16 no-proxy-arp route-lookup inactive
nat (inside,Outside) source static NETWORK_OBJ_10.4.4.0_24 NETWORK_OBJ_10.4.4.0_24 destination static Colo-vpn200 Colo-vpn200 no-proxy-arp route-lookup
nat (inside,Outside) source static NETWORK_OBJ_10.4.4.0_24 NETWORK_OBJ_10.4.4.0_24 destination static AnyC-vpn150 AnyC-vpn150 no-proxy-arp route-lookup
nat (Outside,Outside) source static AnyC-vpn150 AnyC-vpn150 destination static SitetoSiteColo SitetoSiteColo no-proxy-arp route-lookup
nat (Outside,Outside) source static SitetoSiteColo SitetoSiteColo destination static AnyC-vpn150 AnyC-vpn150 no-proxy-arp route-lookup
nat (inside,Outside) source static NETWORK_OBJ_10.4.4.0_24 NETWORK_OBJ_10.4.4.0_24 destination static NETWORK_OBJ_192.168.150.0_24 NETWORK_OBJ_192.168.150.0_24 no-proxy-arp route-lookup
nat (inside,Outside) source static obj-10.4.4.0 obj-10.4.4.0 destination static NETWORK_OBJ_192.168.150.0_24 NETWORK_OBJ_192.168.150.0_24 no-proxy-arp route-lookup
nat (inside,Outside) source static DM_INLINE_NETWORK_1 DM_INLINE_NETWORK_1 destination static NETWORK_OBJ_192.168.100.0_24 NETWORK_OBJ_192.168.100.0_24 no-proxy-arp route-lookup <--- For ravpn
nat (inside,Outside) source static DM_INLINE_NETWORK_2 DM_INLINE_NETWORK_2 destination static NETWORK_OBJ_192.168.100.0_24 NETWORK_OBJ_192.168.100.0_24 no-proxy-arp route-lookup<--- For ravpn
!
nat (inside,man) dynamic interface
access-group Servers_access_in in interface inside
access-group Servers_access_out out interface inside
access-group infrominternet in interface Outside
access-group Outside_access_in in interface man
route Outside 0.0.0.0 0.0.0.0 1.1.1.1 1
route inside 10.2.10.0 255.255.255.0 10.4.4.1 1
route inside 192.168.1.0 255.255.255.0 10.4.4.1 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
dynamic-access-policy-record DfltAccessPolicy
aaa-server ravpnusers protocol ldap
aaa-server ravpnusers (inside) host dc.domain.local
timeout 5
ldap-base-dn DC=domain, DC=local
ldap-group-base-dn DC=domain, DC=local
ldap-scope subtree
ldap-naming-attribute sAMAccountName
ldap-login-password *****
ldap-login-dn CN=user, CN=Users, DC=domain,DC=local
sasl-mechanism digest-md5
server-type microsoft
user-identity default-domain LOCAL
eou clientless password *****
nac-policy DfltGrpPolicy-nac-framework-create nac-framework
reval-period 36000
sq-period 300
aaa authentication telnet console LOCAL
aaa authentication ssh console LOCAL
aaa authorization command LOCAL
http server enable
http 192.168.2.0 255.255.255.0 inside
http 10.4.4.150 255.255.255.255 inside
http 10.4.4.0 255.255.255.0 inside
http 192.168.10.0 255.255.255.0 Management
http 192.168.1.0 255.255.255.0 Outside
http 10.4.4.36 255.255.255.255 inside
http 192.168.150.0 255.255.255.0 inside
snmp-server location AnyC Office
snmp-server contact Contact
snmp-server community *****
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transport
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map AnyCvpn 200 set pfs
crypto dynamic-map AnyCvpn 200 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map Outside_map0 1 match address Outside_cryptomap
crypto map Outside_map0 1 set peer 2.2.2.2
crypto map Outside_map0 1 set ikev1 transform-set ESP-AES-128-SHA
crypto map Outside_map0 300 ipsec-isakmp dynamic AnyCvpn
crypto map Outside_map0 interface Outside
crypto ca trustpool policy
crypto isakmp identity address
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable Outside
crypto ikev1 enable Outside
crypto ikev1 ipsec-over-tcp port 10000
crypto ikev1 policy 5
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 10
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 15
authentication pre-share
encryption aes-256
hash sha
group 5
lifetime 86400
telnet 10.4.4.0 255.255.255.0 inside
telnet 192.168.1.0 255.255.255.0 Outside
telnet 192.168.10.0 255.255.255.0 Management
telnet timeout 5
ssh stricthostkeycheck
ssh 10.4.4.0 255.255.255.0 inside
ssh 192.168.2.0 255.255.255.0 inside
ssh 192.168.150.0 255.255.255.0 inside
ssh 0.0.0.0 0.0.0.0 man
ssh timeout 60
ssh key-exchange group dh-group1-sha1
console timeout 0
management-access inside
dhcpd address 192.168.10.2-192.168.10.200 Management
!
threat-detection statistics host
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
ntp server 10.4.4.45 source inside prefer
ntp server 50.19.108.85
tftp-server inside 10.4.4.60 asdm-523.bin
webvpn
enable Outside
anyconnect image disk0:/anyconnect-win-3.1.07021-k9.pkg 1
anyconnect enable
group-policy DfltGrpPolicy attributes
vpn-simultaneous-logins 6
vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-client ssl-clientless
ip-comp enable
split-tunnel-network-list value Servers_nat0_outbound
nac-settings value DfltGrpPolicy-nac-framework-create
webvpn
anyconnect ssl keepalive none
anyconnect dpd-interval client none
anyconnect dpd-interval gateway none
customization value DfltCustomization
group-policy ravpn internal <--- For ravpn
group-policy ravpn attributes <--- For ravpn
dns-server value 10.4.4.45 10.4.4.44
vpn-tunnel-protocol ikev1
split-tunnel-policy tunnelspecified
split-tunnel-network-list value ravpn_splitTunnelAcl <--- For ravpn
default-domain value domain.com
group-policy AnyC-vpn internal
group-policy AnyC-vpn attributes
dns-server value 10.4.4.45 10.4.4.44
vpn-tunnel-protocol ikev1 ssl-client ssl-clientless
ipsec-udp enable
split-tunnel-policy tunnelspecified
split-tunnel-network-list value vpn-AnyCsall
default-domain value domain.com
user-authentication enable
address-pools value AnyC-vpn150
group-policy AnyC-vpn, internal
group-policy AnyC-vpn, attributes
dns-server value 10.4.4.45 10.4.4.44
vpn-tunnel-protocol ssl-client
default-domain value domain.com
group-policy "AnyC-vpn, ravpnusers" internal
group-policy "AnyC-vpn, ravpnusers" attributes
dns-server value 10.4.4.45 10.4.4.44
vpn-tunnel-protocol ssl-client
default-domain value domain.com
tunnel-group DefaultRAGroup general-attributes
default-group-policy AnyC-vpn
tunnel-group DefaultWEBVPNGroup general-attributes
address-pool AnyC-vpn150
authentication-server-group ravpnusers
default-group-policy AnyC-vpn
tunnel-group DefaultWEBVPNGroup ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 2.2.2.2 type ipsec-l2l
tunnel-group 2.2.2.2 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group AnyC-vpn type remote-access
tunnel-group AnyC-vpn general-attributes
address-pool AnyC-vpn150
authentication-server-group ravpnusers
default-group-policy AnyC-vpn
tunnel-group AnyC-vpn ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group ravpn type remote-access<--- For ravpn
tunnel-group ravpn general-attributes<--- For ravpn
address-pool ravpn100<--- For ravpn
authentication-server-group ravpnusers<--- For ravpn
default-group-policy ravpn<--- For ravpn
tunnel-group ravpn ipsec-attributes<--- For ravpn
ikev1 pre-shared-key *****<--- For ravpn
!
cColos-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
cColos inspection_default
inspect ip-options
inspect icmp
inspect icmp error
policy-map global-policy
cColos inspection_default
inspect ftp
inspect http
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-16-2015 02:53 PM
I wonder if anyone know's if there is any reason why the wizard on ASDM no longer has the Transform sets? Any links to the proper setup for IPSEC vpn for ASA 9.1.5?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide