07-03-2014 12:35 PM
Trying to connect to another company via their VPN setup. Can connect to it when outside of our network. Let me know if you need more information. TIA!
Log from VPN client:
Cisco Systems VPN Client Version 5.0.07.0290
Copyright (C) 1998-2010 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 6.1.7601 Service Pack 1
147 11:40:01.472 07/03/14 Sev=Info/4 CM/0x63100002
Begin connection process
148 11:40:01.495 07/03/14 Sev=Info/4 CM/0x63100004
Establish secure connection
149 11:40:01.495 07/03/14 Sev=Info/4 CM/0x63100024
Attempt connection with server "RochesterVPN.XX.XXX"
150 11:40:01.501 07/03/14 Sev=Info/6 IKE/0x6300003B
Attempting to establish a connection with 161.242.XX.XXX.
151 11:40:01.505 07/03/14 Sev=Info/4 IKE/0x63000001
Starting IKE Phase 1 Negotiation
152 11:40:01.508 07/03/14 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to 161.242.XX.XXX
153 11:40:01.513 07/03/14 Sev=Info/4 IPSEC/0x63700008
IPSec driver successfully started
154 11:40:01.513 07/03/14 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
155 11:40:01.513 07/03/14 Sev=Info/4 IPSEC/0x6370000D
Key(s) deleted by Interface (172.30.235.172)
156 11:40:01.653 07/03/14 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 161.242.XX.XXX
157 11:40:01.653 07/03/14 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK AG (SA, KE, NON, ID, HASH, VID(Unity), VID(Xauth), VID(dpd), VID(Nat-T), NAT-D, NAT-D, VID(Frag), VID(?), VID(?)) from 161.242.XX.XXX
158 11:40:01.653 07/03/14 Sev=Info/5 IKE/0x63000001
Peer is a Cisco-Unity compliant peer
159 11:40:01.653 07/03/14 Sev=Info/5 IKE/0x63000001
Peer supports XAUTH
160 11:40:01.653 07/03/14 Sev=Info/5 IKE/0x63000001
Peer supports DPD
161 11:40:01.653 07/03/14 Sev=Info/5 IKE/0x63000001
Peer supports NAT-T
162 11:40:01.653 07/03/14 Sev=Info/5 IKE/0x63000001
Peer supports IKE fragmentation payloads
163 11:40:01.653 07/03/14 Sev=Info/5 IKE/0x63000001
Peer supports DWR Code and DWR Text
164 11:40:01.659 07/03/14 Sev=Info/6 IKE/0x63000001
IOS Vendor ID Contruction successful
165 11:40:01.659 07/03/14 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONT
166 11:40:01.660 07/03/14 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
167 11:40:01.660 07/03/14 Sev=Info/4 IKE/0x63000083
IKE Port in use - Local Port = 0xF593, Remote Port = 0x1194
168 11:40:01.660 07/03/14 Sev=Info/5 IKE/0x63000072
Automatic NAT Detection Status:
Remote end is NOT behind a NAT device
This end IS behind a NAT device
169 11:40:01.660 07/03/14 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
170 11:40:11.742 07/03/14 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
171 11:40:13.309 07/03/14 Sev=Info/6 GUI/0x63B0000D
Disconnecting VPN connection.
172 11:40:13.309 07/03/14 Sev=Info/4 CM/0x63100006
Abort connection attempt before Phase 1 SA up
173 11:40:13.309 07/03/14 Sev=Info/4 IKE/0x63000001
IKE received signal to terminate VPN connection
174 11:40:13.309 07/03/14 Sev=Info/4 IKE/0x63000017
Marking IKE SA for deletion (I_Cookie=D89195EC0EA7A23A
175 11:40:13.309 07/03/14 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, DWR) to 161.242.XX.XXX
176 11:40:13.310 07/03/14 Sev=Info/4 IKE/0x6300004B
Discarding IKE SA negotiation (I_Cookie=D89195EC0EA7A23A
177 11:40:13.311 07/03/14 Sev=Info/5 CM/0x63100025
Initializing CVPNDrv
178 11:40:13.320 07/03/14 Sev=Info/6 CM/0x63100046
Set tunnel established flag in registry to 0.
179 11:40:14.322 07/03/14 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
180 11:40:14.322 07/03/14 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
181 11:40:14.322 07/03/14 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
182 11:40:14.322 07/03/14 Sev=Info/4 IPSEC/0x6370000A
IPSec driver successfully stopped
==========================
Scrubbed ASA config:
ASA Version 8.4(4)1
!
hostname remoteASA
domain-name
dns-guard
!
interface GigabitEthernet0/0
shutdown
nameif SAN
security-level 99
ip address 192. 255.255.255.0
!
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 172. 255.255.255.0
ospf cost 10
!
interface GigabitEthernet0/2
nameif DMZ
security-level 50
ip address 10. 255.255.255.0
ospf cost 10
ospf network point-to-point non-broadcast
!
interface GigabitEthernet0/3
nameif outside
security-level 0
ip address 255.255.255.240
ospf cost 10
ospf network point-to-point non-broadcast
!
interface Management0/0
shutdown
nameif Management
security-level 100
ip address 10. 255.255.255.0
ospf cost 10
ospf network point-to-point non-broadcast
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
o
object-group network DM_INLINE_NETWORK_2
group-object DROP_DoNotRoute
group-object VulnScannerIPs
object-group service DM_INLINE_SERVICE_1
service-object icmp echo
service-object icmp echo-reply
service-object tcp destination eq domain
service-object udp destination eq domain
object-group network DM_INLINE_NETWORK_5
network-object object AD3
network-object object AD4
object-group service DM_INLINE_SERVICE_2
service-object object IPSEC-udp
service-object esp
service-object object View-AJP13
service-object object View-JMS
object-group network DM_INLINE_NETWORK_6
network-object object Xerox
network-object object TestMonitor2
access-list Outside_authentication_BA_Auth extended permit tcp any host 64. eq www
access-list Outside_authentication_BA_Auth extended permit tcp any host 64. eq https
access-list Outside_authentication_BA_Auth extended permit tcp any host 64. eq 3389 inactive
access-list inside_nat0_outbound extended permit ip 255.255.255.0 object-group _LAN
access-list inside_nat0_outbound extended permit ip object-group _LAN 1920255.255.255.0
access-list acl_nonat extended permit ip object-group _LAN object-group bbb_LAN
access-list acl_nonat extended permit ip object-group _LAN object lePointLAN
access-list acl_nonat extended permit ip object-group _LAN XX.XX10.0 255.255.255.0
access-list acl_nonat extended permit ip XX.XX10.0 255.255.255.0 object-group bbb_LAN
access-list acl_nonat extended permit ip object-group bbb_LAN XX.XX10.0 255.255.255.0
access-list acl_nonat extended permit ip object-group _LAN XXX.XXX5.0 255.255.255.0
access-list acl_nonat extended permit ip object-group _LAN XXX.XXX4.0 255.255.255.0
access-list acl_nonat extended permit ip XXX.XXX0.0 255.255.0.0 XXX.XXX5.0 255.255.255.0
access-list acl_nonat extended permit ip XXX.XXX200.0 255.255.255.0 XXX.XXX4.0 255.255.255.0
access-list acl_nonat extended permit ip XXX.XXX0.0 255.255.0.0 XX.XX10.0 255.255.255.0
access-list acl_nonat extended permit ip object-group _LAN object-group TestPool
access-list acl_nonat extended permit ip object-group _LAN object-group ccc_LAN
access-list acl_nonat extended permit ip object-group TestPool object-group _LAN
access-list outside_cryptomap extended permit ip 172. 255.255.0.0 192.1 255.255.255.0 inactive
access-list inside_access_out extended deny ip any object-group DM_INLINE_NETWORK_4 log notifications
access-list inside_access_out extended permit object-group DM_INLINE_SERVICE_10 object-group _LAN host 161.242.XX.XXX
access-list inside_access_out extended permit ip object-group _LAN XXX.XXX4.0 255.255.255.0
access-list inside_access_out extended permit ip object-group _LAN XXX.XXX5.0 255.255.255.0
access-list inside_access_out extended permit ip object-group _LAN object-group bbb_LAN
access-list inside_access_out extended permit ip object-group _LAN object lePointLAN inactive
access-list inside_access_out extended permit ip object _UTM any
access-list inside_access_out extended permit ip object-group DM_INLINE_NETWORK_10 object-group ccc_LAN
access-list inside_access_out extended permit object-group TCPUDP object-group DNSServers any eq domain
access-list inside_access_out extended permit tcp host XXX.XXX210.56 host 54. object-group DM_INLINE_TCP_2
access-list inside_access_out extended deny object-group TCPUDP any any eq domain
access-list inside_access_out extended permit tcp any any object-group RDP
access-list inside_access_out extended permit tcp object AntiSpam any eq smtp
access-list inside_access_out extended permit tcp object AntiSpamVM any eq smtp
access-list inside_access_out extended permit tcp host XXX.XXX210.58 any eq smtp
access-list inside_access_out extended deny ip any host 216.
access-list inside_access_out extended deny ip any host 204.
access-list inside_access_out extended deny ip any host 216.
access-list inside_access_out extended permit ip host XXX.XXX10.7 any
access-list inside_access_out extended permit udp any any eq syslog
access-list inside_access_out extended permit ip object-group _LAN host XXX.XXX10.17
access-list inside_access_out extended permit tcp object EX2007 any eq smtp inactive
access-list inside_access_out extended permit ip XXX.XXX5.0 255.255.255.0 any inactive
access-list inside_access_out extended deny ip any host 67.
access-list inside_access_out extended deny ip host XXX.XXX10.24 any
access-list inside_access_out extended deny tcp any any range 135 netbios-ssn log notifications
access-list inside_access_out extended deny udp any any range 135 139
access-list inside_access_out extended deny tcp any any eq 445
access-list inside_access_out extended deny udp any any eq tftp inactive
access-list inside_access_out extended deny udp any any eq syslog inactive
access-list inside_access_out extended permit udp object-group DM_INLINE_NETWORK_6 object-group DM_INLINE_NETWORK_1 range snmp snmptrap
access-list inside_access_out extended deny udp any any range snmp snmptrap
access-list inside_access_out extended deny tcp any any range 6660 6669
access-list inside_access_out extended deny tcp any any eq pop3
access-list inside_access_out extended deny object-group TCPUDP any any eq kerberos
access-list inside_access_out extended permit object Web8080 XXX.XXX0.0 255.255.0.0 any
access-list inside_access_out extended permit object Web8000 XXX.XXX0.0 255.255.0.0 any
access-list inside_access_out extended permit object Web8765 XXX.XXX0.0 255.255.0.0 any
access-list inside_access_out extended permit object Web8443 XXX.XXX0.0 255.255.0.0 any
access-list inside_access_out extended permit object Web81 XXX.XXX0.0 255.255.0.0 any
access-list inside_access_out extended permit tcp XXX.XXX0.0 255.255.0.0 any object-group DM_INLINE_TCP_1
access-list inside_access_out extended deny tcp any any eq smtp
access-list inside_access_out extended permit ip XXX.XXX0.0 255.255.0.0 any
access-list inside_access_out extended permit ip XXX.XXX4.0 255.255.255.0 any
access-list inside_access_out extended permit ip object-group _LAN host XXX.XXX210.113
access-list inside_access_out extended deny ip any any
!
tcp-map mss-map
!
mtu inside 1500
mtu DMZ 1500
mtu outside 1500
mtu Management 1500
ip local pool ClientPool XX.XX10.1-XX.XX10.254 mask 255.255.255.0
ip local pool InsidePool XXX.XXX10.200-XXX.XXX10.220 mask 255.255.255.0
ip audit signature 2004 disable
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
icmp permit any DMZ
icmp permit host 64. outside
asdm image disk1:/asdm-649-103.bin
no asdm history enable
arp timeout 14400
nat (inside,any) source static _LAN _LAN destination static bbb_LAN bbb_LAN no-proxy-arp
nat (inside,any) source static _LAN _LAN destination static obj-XX.XX10.0 obj-XX.XX10.0 no-proxy-arp
nat (inside,any) source static _LAN _LAN destination static lePointLAN lePointLAN no-proxy-arp
nat (inside,any) source static obj-XX.XX10.0 obj-XX.XX10.0 destination static bbb_LAN bbb_LAN no-proxy-arp
nat (inside,any) source static bbb_LAN bbb_LAN destination static obj-XX.XX10.0 obj-XX.XX10.0 no-proxy-arp
nat (inside,any) source static _LAN _LAN destination static obj-XXX.XXX5.0 obj-XXX.XXX5.0 no-proxy-arp
nat (inside,any) source static _LAN _LAN destination static obj-XXX.XXX4.0 obj-XXX.XXX4.0 no-proxy-arp
nat (inside,outside) source static _LAN _LAN destination static ccc_LAN ccc_LAN
nat (inside,outside) source static HOST_CUBE_LOOPBACK HOST_CUBE_LOOPBACK destination static ccc_LAN ccc_LAN
nat (inside,any) source static obj-XXX.XXX0.0 obj-XXX.XXX0.0 destination static obj-XXX.XXX5.0 obj-XXX.XXX5.0 no-proxy-arp
nat (inside,any) source static obj-XXX.XXX0.0 obj-XXX.XXX0.0 destination static obj-XX.XX10.0 obj-XX.XX10.0 no-proxy-arp
nat (SAN,any) source static SAN SAN destination static obj-XXX.XXX4.0 obj-XXX.XXX4.0 no-proxy-arp
!
object network AntiSpam
nat (inside,any) static 64. service tcp smtp smtp
object network obj-172.
nat (inside,outside) static 64. service tcp 3389 3389
object network obj-172.
nat (inside,outside) static 64. service tcp https https
object network obj-172.
nat (inside,outside) static 64. service tcp 3389 3389
object network obj-172.
nat (inside,outside) static interface service tcp 5001 5001
object network obj-172.
nat (inside,outside) static interface service udp 5001 5001
object network obj-172.
nat (inside,outside) static securemail.law.com
object network Check_PC
nat (inside,outside) static 64.
object network obj_any
nat (inside,inside) dynamic
object network obj_any-01
nat (inside,outside) dynamic interface
object network obj_any-02
nat (DMZ,outside) dynamic interface
object network obj-XX.XX1.9
nat (DMZ,outside) static 64.
object network obj-XX.XX1.6
nat (DMZ,outside) static 64.
!
nat (inside,outside) after-auto source static obj-172. service http http
access-group SAN_access_in in interface SAN
access-group inside_access_out in interface inside
access-group DMZ_access_in in interface DMZ
access-group Outside_access_in in interface outside
!
route-map vpn-routes permit 10
match ip address filter-default-static-route
!
route-map vpn-routes permit 20
match interface outside
set metric-type type-2
!
!
router ospf 1
network 172255.255.0.0 area 0
area 0
log-adj-changes
redistribute static metric 10
!
route outside 0.0.0.0 0.0.0.0 64. 1
route inside XXX.XXX0.0 255.255.0.0 XXX.XXX10.5 1
route inside XXX.XXX99.0 255.255.255.252 XXX.XXX10.5 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 3:00:00 absolute uauth 0:30:00 inactivity
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
ldap attribute-map LDAPMAP
map-name sAMAccountName IETF-Radius-Class
map-value sAMAccountName sAMAccountName Tunnel-Group-Lock
dynamic-access-policy-record DfltAccessPolicy
description "WebAccess"
webvpn
url-list value Intranet
url-entry enable
aaa-server BA_Auth protocol radius
aaa-server BA_Auth (inside) host 172.
key *****
aaa-server BA_Auth (inside) host 172.
key *****
aaa-server LDAP protocol ldap
aaa-server LDAP (inside) host 172.
server-port 636
ldap-base-dn OU=Users,OU=,dc=net
ldap-scope subtree
ldap-naming-attribute sAMAccountName
ldap-login-password *****
ldap-login-dn cn=Administrator,cn=users,dc=,dc=net
ldap-over-ssl enable
server-type microsoft
ldap-attribute-map LDAPMAP
aaa-server LDAP (inside) host 172.
server-port 636
ldap-base-dn OU=Users,OU=,dc=,dc=net
ldap-scope subtree
ldap-naming-attribute sAMAccountName
ldap-login-password *****
ldap-login-dn cn=Administrator,cn=users,dc=,dc=net
ldap-over-ssl enable
server-type microsoft
ldap-attribute-map LDAPMAP
user-identity default-domain LOCAL
eou allow none
nac-policy DfltGrpPolicy-nac-framework-create nac-framework
reval-period 36000
sq-period 300
aaa authentication match Outside_authentication_BA_Auth outside BA_Auth
aaa authentication enable console LOCAL
aaa authentication ssh console LOCAL
aaa authorization command LOCAL
aaa authentication secure-http-client
aaa authentication listener http outside port 1080 redirect
aaa authentication listener https outside port 1443 redirect
http server enable
sysopt connection tcpmss 1460
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set TRANS_ESP_3DES_SHA mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto dynamic-map outside_dyn_map 20 set pfs
crypto dynamic-map outside_dyn_map 20 set ikev1 transform-set ESP-3DES-SHA ESP-AES-256-SHA
crypto dynamic-map outside_dyn_map 20 set security-association lifetime seconds 28800
crypto dynamic-map outside_dyn_map 20 set security-association lifetime kilobytes 4608000
crypto dynamic-map outside_dyn_map 20 set reverse-route
crypto dynamic-map outside_dyn_map 40 set pfs
crypto dynamic-map outside_dyn_map 40 set ikev1 transform-set TRANS_ESP_3DES_SHA
crypto dynamic-map outside_dyn_map 40 set security-association lifetime seconds 28800
crypto dynamic-map outside_dyn_map 40 set security-association lifetime kilobytes 4608000
crypto dynamic-map outside_dyn_map 40 set reverse-route
crypto dynamic-map lePoint 3 match address outside_cryptomap_2
crypto dynamic-map lePoint 3 set pfs
crypto dynamic-map lePoint 3 set reverse-route
crypto map inside_map 1 match address outside_cryptomap
crypto map inside_map 1 set pfs
crypto map inside_map 1 set connection-type answer-only
crypto map inside_map 1 set peer 216.
crypto map inside_map 1 set ikev1 phase1-mode aggressive
crypto map inside_map 1 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-192-SHA ESP-AES-256-SHA ESP-3DES-SHA
crypto map inside_map 1 set security-association lifetime seconds 28800
crypto map inside_map 1 set security-association lifetime kilobytes 4608000
crypto map inside_map 1 set reverse-route
crypto map inside_map 2 match address outside_cryptomap_1
crypto map inside_map 2 set pfs
crypto map inside_map 2 set connection-type answer-only
crypto map inside_map 2 set peer 208.
crypto map inside_map 2 set ikev1 phase1-mode aggressive
crypto map inside_map 2 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-192-SHA ESP-AES-256-SHA ESP-3DES-SHA
crypto map inside_map 2 set reverse-route
crypto map inside_map 3 ipsec-isakmp dynami
crypto map inside_map 4 match address outside_cryptomap_3
crypto map inside_map 4 set pfs
crypto map inside_map 4 set peer 63.
crypto map inside_map 4 set ikev1 phase1-mode aggressive
crypto map inside_map 4 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-192-SHA ESP-AES-256-SHA ESP-3DES-SHA
crypto map inside_map 4 set reverse-route
crypto map inside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map inside_map interface outside
crypto isakmp identity address
crypto isakmp disconnect-notify
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5
prf sha
lifetime seconds 86400
crypto ikev1 enable outside
crypto ikev1 policy 1
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 31
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
group-delimiter @
!
class-map ipsecpassthru-traffic
match access-list ipsecpassthru
class-map inspection_default
match default-inspection-traffic
class-map mss-class
match access-list mss-list
class-map http-map1
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map type inspect ipsec-pass-thru iptmap
parameters
esp
ah
policy-map inspection_policy
class ipsecpassthru-traffic
inspect ipsec-pass-thru iptmap
policy-map global_policy
class http-map1
set connection advanced-options mss-map
class inspection_default
inspect pptp
inspect ftp
inspect ip-options
inspect ipsec-pass-thru
class class-default
policy-map type inspect esmtp esmtp_map
parameters
allow-tls action log
policy-map type inspect dns migrated_dns_map_1
parameters
message-length maximum 512
policy-map mss-class
class mss-class
set connection advanced-options mss-map
inspect ipsec-pass-thru iptmap
policy-map type inspect ftp Test
parameters
!
service-policy global_policy global
service-policy mss-class interface outside
smtp-server
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: