ā11-22-2012 04:22 PM
Hi,
I did this configuration a lot of times, and it is the only thing that I have never had problem with.
So need people to connect through cisco vpn client using an ASA. I went through the wizard, configured everything etc.
When you connect with the client, the ASA doesnot repsond (you see a request on port 500 coming through, but nothing else). Debug isakmp and ipsec no output at all (term mon enable).
Following conf (the group is called "remotevpn"). Any thoughts?
cheers
hostname myhosntame
domain-name myomdain
enable password whatever
names
!
interface Ethernet0/0
description outside
speed 100
duplex full
nameif outside
security-level 0
ip address 1.1.1.1 255.255.255.248
!
interface Ethernet0/1
description inside
speed 100
duplex full
nameif ibc
security-level 100
ip address 2.2.2.2 255.255.255.248
!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/3
speed 100
duplex full
nameif dmz
security-level 50
ip address 3.3.3.3 255.255.255.0
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
!
ftp mode passive
clock timezone west
clock summer-time west recurring 1 Sun Oct 2:00 1 Sun Apr 2:00
<--- More --->
dns server-group DefaultDNS
name-server 3.3.3.3
domain-name mydomain
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
access-list NO-NAT extended permit ip 10.0.0.0 255.255.255.0 3.3.3.0.0 255.255.255.0
access-list NO-NAT extended permit ip 10.0.0.0 255.255.0.0 10.0.0.0 255.255.0.0
access-list NO-NAT extended permit ip 10.6.0.0 255.255.0.0 10.0.0.0 255.255.0.0
access-list NO-NAT extended permit ip 10.0.0.0 255.255.0.0 10.6.0.0 255.255.0.0
access-list NO-NAT extended permit ip any 10.7.1.0 255.255.255.0
access-list NAT extended permit ip 10.0.0.0 255.255.0.0 any
access-list NAT extended permit ip 10.6.0.0 255.255.0.0 any
access-list NAT extended permit ip host 10.203.99.18 any
access-list OUTSIDE-IN extended permit ip 203.16.214.0 255.255.255.0 any
access-list OUTSIDE-IN extended permit icmp any any time-exceeded
access-list OUTSIDE-IN extended permit icmp any any echo-reply
access-list OUTSIDE-IN extended permit tcp any host 1.1.1.41 eq 3101
access-list OUTSIDE-IN extended permit tcp any host 1.1.1.41 eq 8000 inactive
access-list OUTSIDE-IN extended permit tcp any host 1.1.1.42 eq www
access-list OUTSIDE-IN extended permit tcp any host 1.1.1.42 eq smtp
access-list OUTSIDE-IN extended permit tcp any host 1.1.1.42 eq https
access-list OUTSIDE-IN extended permit tcp any host 1.1.1.43 eq www
access-list OUTSIDE-IN extended permit tcp any host 1.1.1.43 eq smtp
access-list OUTSIDE-IN extended permit tcp any host 1.1.1.43 eq https
access-list OUTSIDE-IN extended deny ip any host 1.1.1.42
access-list OUTSIDE-IN extended deny ip any host 1.1.1.43
access-list SPLIT-TUN standard permit iphonevpn 255.255.255.0
access-list DMZ-ACL extended permit tcp host 3.3.3.0.200 any eq 2389
access-list DMZ-ACL extended permit tcp host 3.3.3.0.200 any eq 5043
access-list DMZ-ACL extended permit udp host 3.3.3.0.200 any eq 5043
access-list DMZ-ACL extended permit icmp host 3.3.3.0.200 any
access-list DMZ-NAT extended permit ip 3.3.3.0.0 255.255.255.0 any
access-list NoNAT-ACL extended permit ip 10.0.0.0 255.0.0.0 10.0.0.0 255.0.0.0
access-list DMZ-IN extended permit icmp 3.3.3.0.0 255.255.255.0 10.0.0.0 255.255.255.0
access-list DMZ-IN extended permit tcp 3.3.3.0.0 255.255.255.0 10.0.0.0 255.255.255.0 eq 3389
access-list DMZ-IN extended permit tcp 3.3.3.0.0 255.255.255.0 10.0.0.0 255.255.255.0 eq 5043
access-list DMZ-IN extended permit udp 3.3.3.0.0 255.255.255.0 10.0.0.0 255.255.255.0 eq 5043
pager lines 24
logging enable
logging timestamp
logging buffer-size 65536
logging buffered debugging
logging asdm informational
mtu outside 1500
mtu ibc 1500
mtu management 1500
mtu dmz 1500
ip local pool anyconnect-ipsec 10.7.1.10-10.7.1.240 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (ibc) 0 access-list NO-NAT
nat (ibc) 1 access-list NAT
nat (dmz) 0 access-list NoNAT-ACL
nat (dmz) 1 access-list DMZ-NAT
static (ibc,outside) tcp interface 3101 10.0.1.11 3101 netmask 255.255.255.255
static (ibc,outside) 1.1.1.42 10.0.0.10 netmask 255.255.255.255
static (ibc,outside) 1.1.1.43 10.0.1.10 netmask 255.255.255.255
access-group OUTSIDE-IN in interface outside
access-group DMZ-IN in interface dmz
!
router eigrp 100
no auto-summary
passive-interface default
no passive-interface ibc
<--- More --->
redistribute static
!
route outside 0.0.0.0 0.0.0.0 1.1.1.46 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server localusers protocol tacacs+
aaa-server localusers (ibc) host 10.193.0.1
key *****
aaa-server RADIUS protocol radius
aaa-server RADIUS (ibc) host 10.0.0.10
key *****
aaa authentication enable console LOCAL
aaa authentication ssh console LOCAL
http server enable
<--- More --->
snmp-server host ibc 10.193.0.1 community *****
no snmp-server location
no snmp-server contact
snmp-server community *****
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set IphoneVpn esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map outside_dyn_map 10 set pfs group1
crypto dynamic-map outside_dyn_map 10 set transform-set IphoneVpn
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 IphoneVpn
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map ibc_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map ibc_map interface ibc
<--- More --->
crypto map remotevpn 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map remotevpn interface outside
crypto ca trustpoint ASDM_TrustPoint3
enrollment terminal
crl configure
crypto ca trustpoint LOCAL-CA-SERVER
keypair LOCAL-CA-SERVER
crl configure
crypto ca trustpoint ASDM_TrustPoint5
enrollment self
keypair ASDM_TrustPoint4
crl configure
crypto ca trustpoint ASDM_TrustPoint0
enrollment terminal
crl configure
crypto ca trustpoint ASDM_TrustPoint6
enrollment terminal
no client-types
crl configure
crypto ca trustpoint ASDM_TrustPoint1
crl configure
crypto ca trustpoint ASDM_TrustPoint2
enrollment self
subject-name CN=myrhost-asa
<--- More --->
keypair iphone11
crl configure
crypto ca server
shutdown
cdp-url http://myrhost-ASA.myrhost.com.au/+CSCOCA+/asa_ca.crl
issuer-name CN=myrhost-ASA.myrhost.com.au
smtp from-address CertRequest@myrhost-ASA.myrhost.priv
crypto ca certificate map iphone 10
subject-name attr cn eq administrator
crypto ca certificate chain ASDM_TrustPoint3
certificate ca 54234ae5087e3b854276c16a33e062d8
308204a2 3082038a a0030201 02021054 234ae508 7e3b8542 76c16a33 e062d830
0d06092a 864886f7 0d010105 05003045 31143012 060a0992 268993f2 2c640119
16047072 69763119 3017060a 09922689 93f22c64 01191609 68696e64 6d617273
68311230 10060355 04031309 48696e64 6d617273 68301e17 0d303830 34333032
33333430 345a170d 31383035 30313233 34313435 5a304531 14301206 0a099226
8993f22c 64011916 04707269 76311930 17060a09 92268993 f22c6401 19160968
696e646d 61727368 31123010 06035504 03130948 696e646d 61727368 30820122
300d0609 2a864886 f70d0101 01050003 82010f00 3082010a 02820101 008c41a9
4052246e 71f162f8 cd0742b9 1aac74b4 f0dde6b1 5d11a2da f77c7697 1125d400
81284576 d3b27101 3ae3d294 b02d6754 1862bfbd 1c17817b e1cea207 3be8f0fb
d7351fc5 954c1cb3 c13f7bcc 12e0b889 e03a49d4 f0753f73 38b9c256 03a8adaa
ad6c5382 caa12464 00894401 bcf9d27f d8e5edd6 5c2e6a01 0e2721cf 5801d007
9662d259 1099832a 855043af e86c574d aa3dbf69 a995c861 a9bf667c 8696794e
<--- More --->
d2baa54f fe73bb23 c622e30b a2ff987d 86e1a7c4 ec0770ba 04ac9572 03de86a6
3c24ead5 b55a0018 c6e52208 b5b074b5 30177ddd 8b640255 e60f8a9c 4c2ff3ac
f54d7a15 b99798d1 78987286 1271996b 502abe1c 0b922c51 a6b18c84 e1020301
0001a382 018c3082 0188300b 0603551d 0f040403 02018630 0f060355 1d130101
ff040530 030101ff 301d0603 551d0e04 1604146d 59251602 5f10ea0c 71cfbdda
f49be4b1 0687b630 82010e06 03551d1f 04820105 30820101 3081fea0 81fba081
f88681b8 6c646170 3a2f2f2f 434e3d48 696e646d 61727368 2832292c 434e3d61
63742d73 76723031 2c434e3d 4344502c 434e3d50 75626c69 63253230 4b657925
32305365 72766963 65732c43 4e3d5365 72766963 65732c43 4e3d436f 6e666967
75726174 696f6e2c 44433d68 696e646d 61727368 2c44433d 70726976 3f636572
74696669 63617465 5265766f 63617469 6f6e4c69 73743f62 6173653f 6f626a65
6374436c 6173733d 63524c44 69737472 69627574 696f6e50 6f696e74 863b6874
74703a2f 2f616374 2d737672 30312e68 696e646d 61727368 2e707269 762f4365
7274456e 726f6c6c 2f48696e 646d6172 73682832 292e6372 6c301206 092b0601
04018237 15010405 02030200 02302306 092b0601 04018237 15020416 041481b1
d7c7603e 498287ec 3df54e65 ad7f0c92 6ca3300d 06092a86 4886f70d 01010505
00038201 01002e7f c27eca92 64dc6f35 27ec9be9 02724390 d05a061b f46d6bc2
96c0c809 9ed3d1a6 ef095277 5031848d cfded32a 0fe34b79 b6ff6b38 70192d1d
492901c5 d58ba1c2 592c3eee 78b9b894 d6d91db7 dd51bb6e 226436e8 3da2e3b7
112ba2f6 7369fbf3 1eb9d6ba d8165b25 1f4c0722 436453c3 c30abb38 92e4d62d
56001a25 b1042c21 7fabe217 26be7ed9 f1da9266 3f305de8 7903a4ea 4fce4e96
bb8dfe13 d0cb7181 1ea35375 c02783ae e8bf92fe 54cfa3f4 6a36f5c0 e31b05d1
d39c7521 b9724923 92c25bce a71e84de 5c4db0dd f4054ac3 9bf4a32f d6c5ea99
61c4c257 cf619cb8 969c9de8 49d2f62f 866f7ad2 cd4256dd a8f7e74f 15368cb9
<--- More --->
4f9ae258 d00f
quit
crypto ca certificate chain LOCAL-CA-SERVER
certificate ca 01
3082022b 30820194 a0030201 02020101 300d0609 2a864886 f70d0101 05050030
29312730 25060355 0403131e 48696e64 6d617273 682d4153 412e6869 6e646d61
7273682e 636f6d2e 6175301e 170d3132 31303232 30353034 34385a17 0d313531
30323230 35303434 385a3029 31273025 06035504 03131e48 696e646d 61727368
2d415341 2e68696e 646d6172 73682e63 6f6d2e61 7530819f 300d0609 2a864886
f70d0101 01050003 818d0030 81890281 8100b040 97d8afa3 a3af1b00 6e300a49
d5fe5c3a 9442418d e0087e69 a638f167 6be97084 d8d834ca add1f45b 3ee15251
67f65dda 234dcc88 46562e1d 29a85284 2c23048a 1df5dcf1 f1b527db 88dc356f
eca0d6ef f756a9cd 573390fb b27088e9 4665e28f a69dc2a1 436b7a92 82db1ef8
a2ed6b6e 439a7a60 0c768048 f8e3d7f9 d3510203 010001a3 63306130 0f060355
1d130101 ff040530 030101ff 300e0603 551d0f01 01ff0404 03020186 301f0603
551d2304 18301680 14b8e61f 861074f7 c68d1cfb 459ac98f 8d33230e 3f301d06
03551d0e 04160414 b8e61f86 1074f7c6 8d1cfb45 9ac98f8d 33230e3f 300d0609
2a864886 f70d0101 05050003 81810053 456a556a ada5bcfe 692bb218 8ffc5cc2
83e7f3ae d1c2a2ae 791101e1 9ee19839 a79f97a4 cd36849c 9177bdb7 e4c490b7
01aa9690 d6e387fa 58c2b728 72803455 c86a72de 1e339449 6fd18e0d c80b7d3b
aaf9f4dd 384e4495 90b5e882 31fac6a3 4f250b4c 40c41b4b 8c2af673 1ceff4a8
7b2fd602 88a87982 de1169b2 0cc144
quit
crypto ca certificate chain ASDM_TrustPoint5
<--- More --->
certificate f84bff6f69cca7944fc2e7dc5075fbc8
30820237 30820224 a0030201 020210f8 4bff6f69 cca7944f c2e7dc50 75fbc830
0906052b 0e03021d 0500305c 310b3009 06035504 06130241 55311130 0f060355
04071308 4164656c 61696465 310b3009 06035504 08130253 41311230 10060355
040a1309 48696e64 6d617273 68311930 17060355 04031310 68696e64 6d617273
682e636f 6d2e6175 301e170d 31323131 31353232 31313230 5a170d31 33313131
36303431 3132305a 305c310b 30090603 55040613 02415531 11300f06 03550407
13084164 656c6169 6465310b 30090603 55040813 02534131 12301006 0355040a
13094869 6e646d61 72736831 19301706 03550403 13106869 6e646d61 7273682e
636f6d2e 61753082 0122300d 06092a86 4886f70d 01010105 00038201 0f003082
010a0282 010100cd 481617b4 2ffae3a1 0fb69f7d 0c048bec 9f2b2d41 c0bdd362
bf2eec75 a0ebe429 fa4138ef f0040427 60740b23 83a7051d f6ff761b 536d2a3c
5e525208 b4008980 9525adbf 386f2800 9b9ed247 d5501d6d 9538e2a2 103dba57
67a6d203 50b92eba c8f8fdf8 dbe32bab 30d77fd9 d1515894 8a7d1f4e fd15b043
d963c0be d8274bec a9c35ebe be2a1d40 00c5e15e 24ec5fb7 b2f998da a79b3645
41aeaf68 c3c18d31 2a3aad23 22ca1183 86cee536 cc3de207 607e9436 5b840746
ecd24c76 6c8841dd 735c3727 c100588b 7fc9336d 0f2d93b0 64c08847 8f20740d
c73bf807 8e74e11d 927aa580 d03e6c1e 835d1c0a 9ef8b44c 76695435 fc44f851
12d3db52 38ba8902 03010001 30090605 2b0e0302 1d050003 020028
quit
crypto ca certificate chain ASDM_TrustPoint0
certificate ca 7373176e1f46
30820585 3082046d a0030201 02020673 73176e1f 46300d06 092a8648 86f70d01
01050500 3081ca31 0b300906 03550406 13025553 3110300e 06035504 08130741
<--- More --->
72697a6f 6e613113 30110603 55040713 0a53636f 74747364 616c6531 1a301806
0355040a 1311476f 44616464 792e636f 6d2c2049 6e632e31 33303106 0355040b
132a6874 74703a2f 2f636572 74696669 63617465 732e676f 64616464 792e636f
6d2f7265 706f7369 746f7279 3130302e 06035504 03132747 6f204461 64647920
53656375 72652043 65727469 66696361 74696f6e 20417574 686f7269 74793111
300f0603 55040513 08303739 36393238 37301e17 0d313231 31313630 31333233
315a170d 31333131 31363031 33323331 5a305931 19301706 0355040a 13106869
6e646d61 7273682e 636f6d2e 61753121 301f0603 55040b13 18446f6d 61696e20
436f6e74 726f6c20 56616c69 64617465 64311930 17060355 04031310 68696e64
6d617273 682e636f 6d2e6175 30820122 300d0609 2a864886 f70d0101 01050003
82010f00 3082010a 02820101 00cd4816 17b42ffa e3a10fb6 9f7d0c04 8bec9f2b
2d41c0bd d362bf2e ec75a0eb e429fa41 38eff004 04276074 0b2383a7 051df6ff
761b536d 2a3c5e52 5208b400 89809525 adbf386f 28009b9e d247d550 1d6d9538
e2a2103d ba5767a6 d20350b9 2ebac8f8 fdf8dbe3 2bab30d7 7fd9d151 58948a7d
1f4efd15 b043d963 c0bed827 4beca9c3 5ebebe2a 1d4000c5 e15e24ec 5fb7b2f9
98daa79b 364541ae af68c3c1 8d312a3a ad2322ca 118386ce e536cc3d e207607e
94365b84 0746ecd2 4c766c88 41dd735c 3727c100 588b7fc9 336d0f2d 93b064c0
88478f20 740dc73b f8078e74 e11d927a a580d03e 6c1e835d 1c0a9ef8 b44c7669
5435fc44 f85112d3 db5238ba 89020301 0001a382 01df3082 01db300f 0603551d
130101ff 04053003 01010030 1d060355 1d250416 30140608 2b060105 05070301
06082b06 01050507 0302300e 0603551d 0f0101ff 04040302 05a03033 0603551d
1f042c30 2a3028a0 26a02486 22687474 703a2f2f 63726c2e 676f6461 6464792e
636f6d2f 67647331 2d38302e 63726c30 53060355 1d20044c 304a3048 060b6086
480186fd 6d010717 01303930 3706082b 06010505 07020116 2b687474 703a2f2f
<--- More --->
63657274 69666963 61746573 2e676f64 61646479 2e636f6d 2f726570 6f736974
6f72792f 30818006 082b0601 05050701 01047430 72302406 082b0601 05050730
01861868 7474703a 2f2f6f63 73702e67 6f646164 64792e63 6f6d2f30 4a06082b
06010505 07300286 3e687474 703a2f2f 63657274 69666963 61746573 2e676f64
61646479 2e636f6d 2f726570 6f736974 6f72792f 67645f69 6e746572 6d656469
6174652e 63727430 1f060355 1d230418 30168014 fdac6132 936c45d6 e2ee855f
9abae776 9968cce7 304c0603 551d1104 45304382 1068696e 646d6172 73682e63
6f6d2e61 75821477 77772e68 696e646d 61727368 2e636f6d 2e617582 19696e74
72616e65 742e6869 6e646d61 7273682e 636f6d2e 6175301d 0603551d 0e041604
14fd5de8 76b2d259 7baabe76 1e649da4 c610c594 b9300d06 092a8648 86f70d01
01050500 03820101 00525e9a 18fd640c 03b138d2 1572adc4 595fc303 48e68942
72e575ea e5f8a48c 252ec5d8 281ca104 bfc41e37 3a6c3d92 042b82b0 f0999bab
7a9f9cf2 46e2e64f 2ccad19c c877a9e7 61295630 60ce4658 135d5271 ea4814b1
e25a0223 ad9e10b1 c42306ad 54d9675a 37a6dbda 3d75bbb0 9f7b5323 d88b66bb
21fe3127 816ed9cf 56f14b79 f8fd39b3 0e0fc42d c4f8223b 0a6673ce b78ab2cd
b58b14cc be6be12b f6e5db80 81ee33e8 7c1a6523 7f34671a c2517a9c 569c5aa1
02d6b086 97f6f390 2fcb948c 538fcd81 b8de0893 7d362b7d 4d377428 457b6532
76c5a918 ebf4aa74 133cf38d e19d2edd eb314135 f8ba057b f4b84fdc db9e01ac
b15a6568 f369b0ed ce
quit
crypto ca certificate chain ASDM_TrustPoint6
certificate ca 7373176e1f46
30820585 3082046d a0030201 02020673 73176e1f 46300d06 092a8648 86f70d01
01050500 3081ca31 0b300906 03550406 13025553 3110300e 06035504 08130741
<--- More --->
72697a6f 6e613113 30110603 55040713 0a53636f 74747364 616c6531 1a301806
0355040a 1311476f 44616464 792e636f 6d2c2049 6e632e31 33303106 0355040b
132a6874 74703a2f 2f636572 74696669 63617465 732e676f 64616464 792e636f
6d2f7265 706f7369 746f7279 3130302e 06035504 03132747 6f204461 64647920
53656375 72652043 65727469 66696361 74696f6e 20417574 686f7269 74793111
300f0603 55040513 08303739 36393238 37301e17 0d313231 31313630 31333233
315a170d 31333131 31363031 33323331 5a305931 19301706 0355040a 13106869
6e646d61 7273682e 636f6d2e 61753121 301f0603 55040b13 18446f6d 61696e20
436f6e74 726f6c20 56616c69 64617465 64311930 17060355 04031310 68696e64
6d617273 682e636f 6d2e6175 30820122 300d0609 2a864886 f70d0101 01050003
82010f00 3082010a 02820101 00cd4816 17b42ffa e3a10fb6 9f7d0c04 8bec9f2b
2d41c0bd d362bf2e ec75a0eb e429fa41 38eff004 04276074 0b2383a7 051df6ff
761b536d 2a3c5e52 5208b400 89809525 adbf386f 28009b9e d247d550 1d6d9538
e2a2103d ba5767a6 d20350b9 2ebac8f8 fdf8dbe3 2bab30d7 7fd9d151 58948a7d
1f4efd15 b043d963 c0bed827 4beca9c3 5ebebe2a 1d4000c5 e15e24ec 5fb7b2f9
98daa79b 364541ae af68c3c1 8d312a3a ad2322ca 118386ce e536cc3d e207607e
94365b84 0746ecd2 4c766c88 41dd735c 3727c100 588b7fc9 336d0f2d 93b064c0
88478f20 740dc73b f8078e74 e11d927a a580d03e 6c1e835d 1c0a9ef8 b44c7669
5435fc44 f85112d3 db5238ba 89020301 0001a382 01df3082 01db300f 0603551d
130101ff 04053003 01010030 1d060355 1d250416 30140608 2b060105 05070301
06082b06 01050507 0302300e 0603551d 0f0101ff 04040302 05a03033 0603551d
1f042c30 2a3028a0 26a02486 22687474 703a2f2f 63726c2e 676f6461 6464792e
636f6d2f 67647331 2d38302e 63726c30 53060355 1d20044c 304a3048 060b6086
480186fd 6d010717 01303930 3706082b 06010505 07020116 2b687474 703a2f2f
<--- More --->
63657274 69666963 61746573 2e676f64 61646479 2e636f6d 2f726570 6f736974
6f72792f 30818006 082b0601 05050701 01047430 72302406 082b0601 05050730
01861868 7474703a 2f2f6f63 73702e67 6f646164 64792e63 6f6d2f30 4a06082b
06010505 07300286 3e687474 703a2f2f 63657274 69666963 61746573 2e676f64
61646479 2e636f6d 2f726570 6f736974 6f72792f 67645f69 6e746572 6d656469
6174652e 63727430 1f060355 1d230418 30168014 fdac6132 936c45d6 e2ee855f
9abae776 9968cce7 304c0603 551d1104 45304382 1068696e 646d6172 73682e63
6f6d2e61 75821477 77772e68 696e646d 61727368 2e636f6d 2e617582 19696e74
72616e65 742e6869 6e646d61 7273682e 636f6d2e 6175301d 0603551d 0e041604
14fd5de8 76b2d259 7baabe76 1e649da4 c610c594 b9300d06 092a8648 86f70d01
01050500 03820101 00525e9a 18fd640c 03b138d2 1572adc4 595fc303 48e68942
72e575ea e5f8a48c 252ec5d8 281ca104 bfc41e37 3a6c3d92 042b82b0 f0999bab
7a9f9cf2 46e2e64f 2ccad19c c877a9e7 61295630 60ce4658 135d5271 ea4814b1
e25a0223 ad9e10b1 c42306ad 54d9675a 37a6dbda 3d75bbb0 9f7b5323 d88b66bb
21fe3127 816ed9cf 56f14b79 f8fd39b3 0e0fc42d c4f8223b 0a6673ce b78ab2cd
b58b14cc be6be12b f6e5db80 81ee33e8 7c1a6523 7f34671a c2517a9c 569c5aa1
02d6b086 97f6f390 2fcb948c 538fcd81 b8de0893 7d362b7d 4d377428 457b6532
76c5a918 ebf4aa74 133cf38d e19d2edd eb314135 f8ba057b f4b84fdc db9e01ac
b15a6568 f369b0ed ce
quit
crypto ca certificate chain ASDM_TrustPoint2
certificate 340a6e50
30820306 308201ee a0030201 02020434 0a6e5030 0d06092a 864886f7 0d010105
05003045 31163014 06035504 03130d68 696e646d 61727368 2d617361 312b3029
<--- More --->
06092a86 4886f70d 01090216 1c68696e 646d6172 73682d61 73612e68 696e646d
61727368 2e707269 76301e17 0d313231 31323132 33313733 325a170d 32323131
31393233 31373332 5a304531 16301406 03550403 130d6869 6e646d61 7273682d
61736131 2b302906 092a8648 86f70d01 0902161c 68696e64 6d617273 682d6173
612e6869 6e646d61 7273682e 70726976 30820122 300d0609 2a864886 f70d0101
01050003 82010f00 3082010a 02820101 00c7f9d0 3bb105e8 18bd2739 6535a4a8
91861adf b60cca48 86d14c11 e0723b2d b392a969 6edce9df bfca7c4c 50491bdf
6ed4c8e3 1f9e3701 6be5d085 b06b1f5d c367d8e5 78589069 64f4777f b99e9823
b664d12f e789f1da 90a8b0a4 79b09586 1a66c38b 62756689 02a228a6 2091e404
a6c32048 c3973c3a 31f1c366 a83123d3 bc175818 4d02e73f 5abf6a59 36a70693
40d12b8d 69b053f5 90a5127f b5d8e90e 77e4dbdc 32c2bc10 47fb3684 4c944195
65b5b83c aa6b5ddf d5a19017 5d6650d8 de13b09e 22515b6a 8d41ca92 73190dce
d9e9df19 336ef825 d1ae2538 2f4c9905 35cde9f0 3e07cba9 69ac2e31 12768cf3
c8533784 c82cec48 12465d45 e1df70cc cf020301 0001300d 06092a86 4886f70d
01010505 00038201 010009f0 bd80e99a cf157ffd e30f0e60 6cacb526 46db1c12
177aeaec f348b72c 5b7aff3e 303a4c9b 8a221806 75a8ae69 01fed696 beafbbe0
0a903e84 d860f0e2 0e47fa98 76304b1e 46cc5002 2b3de192 21291d2f 6f3c7335
aa7ac8a1 a417926c 51dcb392 8c08a2a5 7ef9ae0c 9353e7bf 1e2eb523 68f04e4f
c3853d3f a9169caa c20ead31 1569fbbb cbcf8a53 0b4f0ad6 ca8cfd8d 004a6f66
73153735 1d89cd1f 14ebcbee dd787d42 2906cc79 9f0b4f3c afb5bf01 36f0a97d
9553801d a84ea1aa 9782d88b fcffbcb8 50e8ae37 49635234 bd0a920b 9244c220
28a1616d 072908b1 10ecf634 30822a7f 56a7bdb1 2cef44c6 e0bf2ca9 0f57d037
14ea3df6 d8f78262 81dd
quit
<--- More --->
crypto isakmp enable outside
crypto isakmp enable ibc
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 65535
authentication rsa-sig
encryption 3des
hash md5
group 2
lifetime 86400
crypto isakmp nat-traversal 21
no vpn-addr-assign aaa
no vpn-addr-assign dhcp
vpn-addr-assign local reuse-delay 20
vpn-sessiondb max-session-limit 10
telnet timeout 5
ssh 1.1.1.4 255.255.255.252 outside
<--- More --->
ssh 3.3.3.3 255.255.255.255 ibc
ssh timeout 60
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 10.193.0.1 source ibc
ntp server 192.231.203.132 source outside
ssl trust-point ASDM_TrustPoint5 outside
ssl certificate-authentication interface outside port 443
webvpn
enable outside
svc image disk0:/anyconnect-win-2.5.2014-k9.pkg 1
svc enable
tunnel-group-list enable
group-policy DfltGrpPolicy attributes
dns-server value 10.0.0.10
vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn
default-domain value myrhost.priv
group-policy iphonevpnpolicy internal
group-policy iphonevpnpolicy attributes
<--- More --->
banner value myrhost VPN
wins-server none
dns-server value 10.0.0.10
vpn-simultaneous-logins 40
vpn-idle-timeout 30
vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn
split-tunnel-policy tunnelspecified
split-tunnel-network-list value SPLIT-TUN
default-domain value myrhost.priv
address-pools value iphonevpnpool
group-policy remotevpn internal
group-policy remotevpn attributes
dns-server value 10.0.0.10
vpn-tunnel-protocol IPSec svc
default-domain value myrhost.priv
vpn-group-policy remotevpn
<--- More --->
vpn-group-policy iphonevpnpolicy
vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn
group-lock value DefaultRAGroup
service-type remote-access
tunnel-group DefaultRAGroup general-attributes
address-pool iphonevpnpool
tunnel-group DefaultRAGroup webvpn-attributes
authentication certificate
tunnel-group DefaultRAGroup ipsec-attributes
pre-shared-key *****
trust-point ASDM_TrustPoint0
tunnel-group DefaultWEBVPNGroup general-attributes
address-pool iphonevpnpool
tunnel-group DefaultWEBVPNGroup webvpn-attributes
authentication certificate
tunnel-group remotevpn type remote-access
tunnel-group remotevpn general-attributes
address-pool anyconnect-ipsec
default-group-policy remotevpn
tunnel-group remotevpn ipsec-attributes
pre-shared-key *****
!
<--- More --->
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
<--- More --->
inspect ip-options
!
service-policy global_policy global
smtp-server 3.3.3.3
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:fd53ae4ccc0e63ae30352bb1ddb64879
: end
ā11-22-2012 05:51 PM
Hi,
Please add the following command:
crypto map outside_map interface outside
That should do it.
Portu.
Please rate any helpful posts
ā11-22-2012 05:52 PM
Actually I just noticed that you have any crypto maps, which one are you using?
Thanks.
ā11-22-2012 05:57 PM
thanks for your help, but unfortunately it didnt work, still same behaviour.
cheers
ā11-22-2012 05:58 PM
the groupvpn is called remotevpn
ā11-22-2012 06:08 PM
Are you trying to connect to the IP address of the outside interface?
Thanks.
ā11-22-2012 06:12 PM
yeap, thanks!
ā11-22-2012 07:09 PM
anyone any clues?
thanks
ā11-23-2012 08:52 PM
crypto dynamic-map outside_dyn_map 10 set pfs group1
crypto dynamic-map outside_dyn_map 10 set transform-set IphoneVpn
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 IphoneVpn
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map ibc_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map ibc_map interface ibc
crypto map remotevpn 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map remotevpn interface outside
Too many: ibc_map, outside_map, remotevpn. It will not work. Try to redo it with just one.
ā11-25-2012 07:52 PM
thanks for your help Eli.
That configuration has been created by ASDM, but the more i m using these devices, the more i think it is better to stay away from the actual gui.
cheers i ll let you know how i go.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide