cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5340
Views
0
Helpful
22
Replies

I cant establish the VPN Site-To-Site, ASA 5506- Cisco 800 series

MikeGodoy12
Level 1
Level 1

 

 

 

 

Hello, im trying to configure a VPN between a ASA 5506-X  and SmallBusiness 800 but i have these errores, previously i had and Asa 5510 and the VPN works, when i migrate to the new ASA the VPN doesnt work, i atthached the configuration of two devices, i hope you can Help me

 

Cisco Small business 

dst                                src                  state    conn-id             status
181.209.173.202 190.56.38.50 NO_STATUS       0          ACTIVE (deleted)

 

i dont know if something is missing in the config

Config of Cliente Smaill 

business

crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key L182ii364N address 181.209.173.202
crypto isakmp keepalive 300
!
!
crypto ipsec transform-set myset esp-3des esp-md5-hmac
mode tunnel
crypto ipsec nat-transparency spi-matching
!
!
!
crypto map ASA-G 10 ipsec-isakmp
set peer 181.209.173.202
set security-association lifetime seconds 28800
set transform-set myset
set pfs group2
match address 120

 

Config ASA 

 

interface GigabitEthernet1/1
description outside
duplex full
nameif outside
security-level 0
ip address 181.209.173.202 255.255.255.248
!
interface GigabitEthernet1/2
description inside
speed 100
duplex full
nameif inside
security-level 100
ip address Host_10.150.86.65 255.255.255.224
!
interface GigabitEthernet1/3
description inside_170
speed 100
duplex full
nameif inside_170
security-level 100
ip address Host_10.150.71.161 255.255.255.224

 

crypto ipsec ikev1 transform-set Guatemala-ipsec-proposal-set esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set Teleperformance esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set myset esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set AES esp-aes esp-sha-hmac
crypto ipsec ikev2 ipsec-proposal 8714
protocol esp encryption 3des
protocol esp integrity md5
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map outside_dyn_map 1 set ikev1 transform-set myset
crypto dynamic-map outside_dyn_map 65535 set ikev1 transform-set ESP-AES-256-SHA
crypto map mymap 1 set pfs
crypto map mymap 1 set peer 189.211.83.76
crypto map mymap 1 set ikev1 transform-set myset
crypto map mymap 20 set peer 201.116.117.162
crypto map mymap 20 set ikev1 transform-set myset
crypto map mymap 100 set pfs
crypto map mymap 100 set peer 190.56.250.174 190.56.250.173
crypto map mymap 100 set ikev1 transform-set ESP-3DES-MD5
crypto map mymap 100 set security-association lifetime seconds 86400
crypto map mymap 120 set pfs
crypto map mymap 120 set peer 190.56.141.162 190.56.141.161
crypto map mymap 120 set ikev1 transform-set ESP-3DES-MD5
crypto map mymap 120 set security-association lifetime seconds 86400
crypto map mymap 130 set pfs
crypto map mymap 130 set peer 190.56.156.54 190.56.156.53
crypto map mymap 130 set ikev1 transform-set ESP-3DES-MD5
crypto map mymap 130 set security-association lifetime seconds 86400
crypto map mymap 140 set pfs
crypto map mymap 140 set peer 190.56.166.26 190.56.166.25
crypto map mymap 140 set ikev1 transform-set ESP-3DES-MD5
crypto map mymap 140 set security-association lifetime seconds 86400
crypto map mymap 150 set pfs
crypto map mymap 150 set peer 190.56.242.22 190.56.242.21
crypto map mymap 150 set ikev1 transform-set ESP-3DES-MD5
crypto map mymap 150 set security-association lifetime seconds 86400
crypto map mymap 160 match address outside_cryptomap
crypto map mymap 160 set pfs
crypto map mymap 160 set peer 190.56.38.50 190.56.38.49
crypto map mymap 160 set ikev1 transform-set ESP-3DES-MD5
crypto map mymap 160 set ikev2 ipsec-proposal 8714
crypto map mymap 160 set security-association lifetime seconds 28800
crypto map mymap 170 set pfs
crypto map mymap 170 set peer 186.151.162.58
crypto map mymap 170 set ikev1 transform-set ESP-3DES-MD5
crypto map mymap 170 set security-association lifetime seconds 28800
crypto map mymap 180 set pfs
crypto map mymap 180 set peer 190.56.152.234 190.56.152.233
crypto map mymap 180 set ikev1 transform-set ESP-3DES-MD5
crypto map mymap 180 set security-association lifetime seconds 86400
crypto map mymap 190 set pfs
crypto map mymap 190 set peer 190.149.255.210 190.149.255.209
crypto map mymap 190 set ikev1 transform-set ESP-3DES-MD5
crypto map mymap 190 set security-association lifetime seconds 86400
crypto map mymap 200 set pfs
crypto map mymap 200 set peer 186.151.219.2 186.151.219.1
crypto map mymap 200 set ikev1 transform-set ESP-3DES-MD5
crypto map mymap 200 set security-association lifetime seconds 86400
crypto map mymap 210 set pfs
crypto map mymap 210 set peer 186.151.218.2 186.151.218.1
crypto map mymap 210 set ikev1 transform-set ESP-3DES-MD5
crypto map mymap 210 set security-association lifetime seconds 86400
crypto map mymap 220 set pfs
crypto map mymap 220 set peer 216.230.148.230 216.230.148.229
crypto map mymap 220 set ikev1 transform-set ESP-3DES-MD5
crypto map mymap 220 set security-association lifetime seconds 86400
crypto map mymap 230 set pfs
crypto map mymap 230 set peer 190.149.247.105 190.149.247.104
crypto map mymap 230 set ikev1 transform-set ESP-3DES-MD5
crypto map mymap 230 set security-association lifetime seconds 86400
crypto map mymap 240 set pfs
crypto map mymap 240 set peer 190.56.153.150 190.56.153.149
crypto map mymap 240 set ikev1 transform-set ESP-3DES-MD5
crypto map mymap 240 set security-association lifetime seconds 86400
crypto map mymap 250 set pfs
crypto map mymap 250 set peer 186.151.211.54 186.151.211.53
crypto map mymap 250 set ikev1 transform-set ESP-3DES-MD5
crypto map mymap 250 set security-association lifetime seconds 86400
crypto map mymap 260 set pfs
crypto map mymap 260 set peer 186.151.120.38 186.151.120.37
crypto map mymap 260 set ikev1 transform-set ESP-3DES-MD5
crypto map mymap 260 set security-association lifetime seconds 86400
crypto map mymap 270 set pfs
crypto map mymap 270 set peer 190.149.236.2 190.149.236.1
crypto map mymap 270 set ikev1 transform-set ESP-3DES-MD5
crypto map mymap 270 set security-association lifetime seconds 86400
crypto map mymap 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map mymap interface outside
crypto map outside_map 160 set ikev1 transform-set AES
crypto ca trustpool policy
crypto isakmp identity address
no crypto isakmp nat-traversal
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev1 enable outside
crypto ikev1 enable inside
crypto ikev1 enable inside_170
crypto ikev1 policy 1
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 10
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 20
authentication rsa-sig
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 40
authentication pre-share
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 50
authentication rsa-sig
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 70
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 80
authentication rsa-sig
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 110
authentication rsa-sig
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 130
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 140
authentication rsa-sig
encryption des
hash sha
group 2
lifetime 86400
telnet 10.150.35.47 255.255.255.255 inside
telnet 10.150.86.93 255.255.255.255 inside
telnet 10.150.35.48 255.255.255.255 inside
telnet 10.150.35.46 255.255.255.255 inside
telnet timeout 5
ssh stricthostkeycheck
ssh 201.144.254.80 255.255.255.240 outside
ssh 201.116.50.64 255.255.255.240 outside
ssh 201.144.8.128 255.255.255.224 outside
ssh 187.210.23.33 255.255.255.255 outside
ssh 201.116.117.160 255.255.255.240 outside
ssh 10.150.86.93 255.255.255.255 inside
ssh 10.150.35.45 255.255.255.255 inside
ssh 10.150.17.3 255.255.255.255 inside
ssh 10.150.35.46 255.255.255.255 inside
ssh 10.150.35.47 255.255.255.255 inside
ssh timeout 60
ssh version 2
ssh key-exchange group dh-group1-sha1
console timeout 0
management-access inside

dhcpd auto_config outside
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
group-policy DfltGrpPolicy attributes
vpn-idle-timeout none
group-policy mygroup internal
group-policy mygroup attributes
vpn-tunnel-protocol ikev1
group-policy GroupPolicy1 internal
group-policy GroupPolicy1 attributes
vpn-tunnel-protocol ikev1
dynamic-access-policy-record DfltAccessPolicy
username admin password vrC24sa9Gv0hr7EZ encrypted privilege 15
username mgodoy password $sha512$5000$Eez/a4SjnXt6Yqxd8aPy6w==$BdeEsfIN3XbWbnrCRGIwFA== pbkdf2 privilege 15
username lviveros password 7OK8mg9CxKHD2gY2 encrypted
username SOCscitum password BZGfkV6bw8vCVwod encrypted privilege 15
tunnel-group DefaultL2LGroup ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group DefaultRAGroup ipsec-attributes
ikev1 user-authentication none
tunnel-group 201.1136.117.162 type ipsec-l2l
tunnel-group 201.1136.117.162 ipsec-attributes
ikev1 pre-shared-key *****
isakmp keepalive disable
tunnel-group mygroup type ipsec-l2l
tunnel-group mygroup ipsec-attributes
ikev1 pre-shared-key *****
isakmp keepalive disable
tunnel-group 201.136.117.162 type ipsec-l2l
tunnel-group 201.116.117.162 type ipsec-l2l
tunnel-group 201.116.117.162 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group TeleperformanceRemoto type ipsec-l2l
tunnel-group TeleperformanceRemoto ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 189.211.83.76 type ipsec-l2l
tunnel-group 189.211.83.76 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group "Tunel Tiendas Filiales" type ipsec-l2l
tunnel-group "Tunel Tiendas Filiales" general-attributes
default-group-policy GroupPolicy1
tunnel-group "Tunel Tiendas Filiales" ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 190.56.250.174 type ipsec-l2l
tunnel-group 190.56.250.174 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 190.56.141.162 type ipsec-l2l
tunnel-group 190.56.141.162 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 190.56.156.54 type ipsec-l2l
tunnel-group 190.56.156.54 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 190.56.166.26 type ipsec-l2l
tunnel-group 190.56.166.26 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 190.56.242.22 type ipsec-l2l
tunnel-group 190.56.242.22 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 190.56.38.50 type ipsec-l2l
tunnel-group 190.56.38.50 ipsec-attributes
ikev1 pre-shared-key *****
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
tunnel-group 186.151.162.58 type ipsec-l2l
tunnel-group 186.151.162.58 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 190.56.152.234 type ipsec-l2l
tunnel-group 190.56.152.234 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 190.149.255.210 type ipsec-l2l
tunnel-group 190.149.255.210 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 186.151.219.2 type ipsec-l2l
tunnel-group 186.151.219.2 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 186.151.218.2 type ipsec-l2l
tunnel-group 186.151.218.2 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 216.230.148.230 type ipsec-l2l
tunnel-group 216.230.148.230 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 190.149.247.105 type ipsec-l2l
tunnel-group 190.149.247.105 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 190.56.153.150 type ipsec-l2l
tunnel-group 190.56.153.150 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 186.151.211.54 type ipsec-l2l
tunnel-group 186.151.211.54 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 186.151.120.38 type ipsec-l2l
tunnel-group 186.151.120.38 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 190.149.236.2 type ipsec-l2l
tunnel-group 190.149.236.2 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 190.150.68.225 type ipsec-l2l
tunnel-group 190.150.68.225 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 190.149.247.106 type ipsec-l2l
tunnel-group 190.149.247.106 ipsec-attributes
ikev1 pre-shared-key *****
!

1 Accepted Solution

Accepted Solutions

The router is obviously attempting to establish a VPN, "Death by retransmission P1" this usually indicates no response from peer (the ASA) or something is blocking the communication between the router and ASA.

I have noted that you don't appear to have the command "crypto ikev1 enable outside" in this latest configuration - it was however in the initial post configuration. Please check the ASA configuration again and confirm.

If this fails please enable debugs on both the router and ASA and upload the output as attachments.

View solution in original post

22 Replies 22

MikeGodoy12
Level 1
Level 1
the IP Public of remote site is 190.56.38.50

Hi,
You have an ISAKMP policy on the router using 3DES, MD5, DH2 and Pre-Shared Key but there does not appear to be an IKEv1 Policy configured the same on the ASA. You should either modify the router's ISAKMP Policy to match an ASA IKEv1 Policy or create an new IKEv1 Policy on the ASA to match the router's.

 

ROUTER's ISAKMP Policy
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2

 

HTH

Hello, i try to configure ikev 1 but i have questions

 

ikev1 is the same of isakmp?  because the ASA doesnt accept the command

 

configuration to apply ASA:

 

crypto isakmp policy 1
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
crypto isakmp policy 65535
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400

 

Results of ASA:

 

ASA-GUATEMALA(config)# crypto isakmp ?

configure mode commands/options:
disconnect-notify Enable disconnect notification to peers
identity Set identity type (address, hostname or key-id)
nat-traversal Enable and configure nat-traversal
reload-wait Wait for voluntary termination of existing connections
before reboot
ASA-GUATEMALA(config)# crypto ?

configure mode commands/options:
ca Certification authority
dynamic-map Configure a dynamic crypto map
ikev1 Configure IKEv1 policy
ikev2 Configure IKEv2 policy
ipsec Configure transform-set, IPSec SA lifetime, and fragmentation
isakmp Configure ISAKMP
key Long term key operations
map Configure a crypto map

exec mode commands/options:
ca Certification authority
ASA-GUATEMALA(config)# crypto ike
ASA-GUATEMALA(config)# crypto ikev1 ?

configure mode commands/options:
am-disable Disable inbound aggressive mode connections
enable Enable IKEv1 on the specified interface
ipsec-over-tcp Enable and configure IPSec over TCP
limit Enable limits on IKEv1 SAs
policy Set IKEv1 policy suite
ASA-GUATEMALA(config)# crypto ikev1 poli
ASA-GUATEMALA(config)# crypto ikev1 policy
ERROR: % Incomplete command
ASA-GUATEMALA(config)# crypto ikev1 policy 1
ASA-GUATEMALA(config-ikev1-policy)# authentication pre-share
ASA-GUATEMALA(config-ikev1-policy)# encryption 3des
ASA-GUATEMALA(config-ikev1-policy)# hash md5
ASA-GUATEMALA(config-ikev1-policy)# group 2
ASA-GUATEMALA(config-ikev1-policy)# lifetime 86400

 

Its Correct or what command i have to use?

 

i checked the last backup of another ASA and this configuration is missing:

 

crypto isakmp policy 1
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400


crypto isakmp policy 65535
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400

 

Yes, ISAKMP is the same as IKEv1. You've got a newer firmware version on this ASA, they've just changed the syntax.

You already had an IKEv1 Policy 1, it had a hash of SHA instead of MD5 - so it looks like you've amended that existing Policy (not sure if it was in use for other VPNs).

Deepak Kumar
VIP Alumni
VIP Alumni

HI,

I went through the ASA & router configuration and found that the Router is configured with IKEv1 and ASA is configured with IKEv2.

 

Here it is an example:

The Router is configured with IKEv1

crypto isakmp policy 10
 encr 3des
 hash md5
 authentication pre-share
 group 2
crypto isakmp key L182ii364N address 181.209.173.202
crypto isakmp keepalive 300
!

The ASA is configured with IKEv2.

crypto ipsec ikev2 ipsec-proposal 8714
 protocol esp encryption 3des
 protocol esp integrity md5
!
crypto map mymap 160 match address outside_cryptomap
crypto map mymap 160 set pfs
crypto map mymap 160 set peer 190.56.38.50 190.56.38.49
crypto map mymap 160 set ikev1 transform-set ESP-3DES-MD5
crypto map mymap 160 set ikev2 ipsec-proposal 8714
crypto map mymap 160 set security-association lifetime seconds 28800

 

Both IKE protocol (Version 1 and Version 2) are not compatible with each other. 

 

 Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

The ASA crypto map for the c800 peer is in fact configured with both a IKEv1 Transform-Set and IKEv2 IPSec Proposal - this is Phase 2 (IPSec SA). The router does not have an IKEv2 Proposal configured so will not even attempt to use IKEv2, it would attempt to establish a IKEv1/ISAKMP SA. The ASA would need an IKEv1 Policy configuration with the same algorithms.

The router's ISAKMP Policy is not equivalent to the IKEv2 IPSec Proposal on the ASA, if that's was being implied here?

Obviously using IKEv2 would be better, as long as more secure algorithms (AES, SHA, DH 19 etc) were configured.

Thanks for your reply

 

im trying to configure ikev1 but the ASA dont execute teh following commands are correct?

 

configuration to apply ASA:

 

crypto isakmp policy 1
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
crypto isakmp policy 65535
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400

 

 but de ASA return me :

 

ASA-GUATEMALA(config)# crypto isakmp ?

configure mode commands/options:
disconnect-notify Enable disconnect notification to peers
identity Set identity type (address, hostname or key-id)
nat-traversal Enable and configure nat-traversal
reload-wait Wait for voluntary termination of existing connections
before reboot
ASA-GUATEMALA(config)# crypto ?

configure mode commands/options:
ca Certification authority
dynamic-map Configure a dynamic crypto map
ikev1 Configure IKEv1 policy
ikev2 Configure IKEv2 policy
ipsec Configure transform-set, IPSec SA lifetime, and fragmentation
isakmp Configure ISAKMP
key Long term key operations
map Configure a crypto map

exec mode commands/options:
ca Certification authority
ASA-GUATEMALA(config)# crypto ike
ASA-GUATEMALA(config)# crypto ikev1 ?

configure mode commands/options:
am-disable Disable inbound aggressive mode connections
enable Enable IKEv1 on the specified interface
ipsec-over-tcp Enable and configure IPSec over TCP
limit Enable limits on IKEv1 SAs
policy Set IKEv1 policy suite
ASA-GUATEMALA(config)# crypto ikev1 poli
ASA-GUATEMALA(config)# crypto ikev1 policy
ERROR: % Incomplete command
ASA-GUATEMALA(config)# crypto ikev1 policy 1
ASA-GUATEMALA(config-ikev1-policy)# authentication pre-share
ASA-GUATEMALA(config-ikev1-policy)# encryption 3des
ASA-GUATEMALA(config-ikev1-policy)# hash md5
ASA-GUATEMALA(config-ikev1-policy)# group 2
ASA-GUATEMALA(config-ikev1-policy)# lifetime 86400

 

Its Correct or what command i have to use?

 

i checked the last backup of another ASA and this configuration is missing:

 

crypto isakmp policy 1
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400


crypto isakmp policy 65535
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400

Captura.JPG

then i have to apply these commands?

 

configuration to apply ASA:

 

crypto isakmp policy 1
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
crypto isakmp policy 65535
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400

 

Results of ASA:

 

ASA-GUATEMALA(config)# crypto isakmp ?

configure mode commands/options:
disconnect-notify Enable disconnect notification to peers
identity Set identity type (address, hostname or key-id)
nat-traversal Enable and configure nat-traversal
reload-wait Wait for voluntary termination of existing connections
before reboot
ASA-GUATEMALA(config)# crypto ?

configure mode commands/options:
ca Certification authority
dynamic-map Configure a dynamic crypto map
ikev1 Configure IKEv1 policy
ikev2 Configure IKEv2 policy
ipsec Configure transform-set, IPSec SA lifetime, and fragmentation
isakmp Configure ISAKMP
key Long term key operations
map Configure a crypto map

exec mode commands/options:
ca Certification authority
ASA-GUATEMALA(config)# crypto ike
ASA-GUATEMALA(config)# crypto ikev1 ?

configure mode commands/options:
am-disable Disable inbound aggressive mode connections
enable Enable IKEv1 on the specified interface
ipsec-over-tcp Enable and configure IPSec over TCP
limit Enable limits on IKEv1 SAs
policy Set IKEv1 policy suite
ASA-GUATEMALA(config)# crypto ikev1 poli
ASA-GUATEMALA(config)# crypto ikev1 policy
ERROR: % Incomplete command
ASA-GUATEMALA(config)# crypto ikev1 policy 1
ASA-GUATEMALA(config-ikev1-policy)# authentication pre-share
ASA-GUATEMALA(config-ikev1-policy)# encryption 3des
ASA-GUATEMALA(config-ikev1-policy)# hash md5
ASA-GUATEMALA(config-ikev1-policy)# group 2
ASA-GUATEMALA(config-ikev1-policy)# lifetime 86400

 

I set as ikev1, Its Correct or what command i have to use?

 

i checked the last backup of another ASA and this configuration is missing:

 

crypto isakmp policy 1
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400


crypto isakmp policy 65535
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400

Hi,

What is the firmware version on your router? Better is go with IKEv2 on router also.

Here is the configuration:

 

crypto ikev2 proposal PHASE1PROPOSAL
encryption 3Des
integrity MD5
group 2

crypto ikev2 policy IKEV2POLICY
proposal PHASE1PROPOSAL
crypto ikev2 keyring PHASE1KEY
peer remote
address 181.209.173.202
pre-shared-key L182ii364N
!
crypto ikev2 profile PHAE1PROFILE
authentication remote pre-share
authentication local pre-share
keyring local PHASE1KEY

lifetime 28800
!
crypto ipsec transform-set TSET esp-3des esp-md5-hmac
!
crypto ipsec profile PHASE2PROFIL
set transform-set TSET
set ikev2-profile PHAE1PROFILE
exit
!
crypto map VPN 10 ipsec-isakmp
set peer 181.209.173.202
set ikev2-profile PHAE1PROFILE
match address 120

!

interface GigabitEthernet2
description $ES_WAN$
no crypto map ASA-G

crypto map VPN

!

!

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

Hello Deepak, thanks for your replies, 

 

The ASA is firmware :

 

ASA-GUATEMALA# sh ver

Cisco Adaptive Security Appliance Software Version 9.8(2)
Firepower Extensible Operating System Version 2.2(2.52)

Compiled on Sun 27-Aug-17 13:06 PDT by builders
System image file is "disk0:/asa982-lfbff-k8.SPA"
Config file at boot was "startup-config"

ASA-GUATEMALA up 6 days 23 hours

Hardware: ASA5506, 4096 MB RAM, CPU Atom C2000 series 1250 MHz, 1 CPU (4 cores)
Internal ATA Compact Flash, 8000MB
BIOS Flash M25P64 @ 0xfed01000, 16384KB

Encryption hardware device : Cisco ASA Crypto on-board accelerator (revision 0x1)
Number of accelerators: 1

 

 

Router Firmware

 

VPN-8714#sh ver
Cisco IOS Software, C860 Software (C860VAE2-ADVSECK9-M), Version 15.6(3)M1, RELE ASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2016 by Cisco Systems, Inc.
Compiled Fri 02-Dec-16 14:01 by prod_rel_team

ROM: System Bootstrap, Version 12.4(20160812:080043) [pallavik-v153_3r_m_throttl e-rommon 112], RELEASE SOFTWARE (fc1)

VPN-8714 uptime is 1 week, 5 days, 19 hours, 7 minutes
System returned to ROM by power-on
System image file is "flash:c860vae2-advseck9-mz.SPA.156-3.M1.bin"
Last reload type: Normal Reload
Last reload reason: power-on

 

i want to configure with  ikev1, because all the remote sites are configured ikev1, then the config is the following

 

Remote peer config:

crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key L182ii364N address 181.209.173.202
crypto isakmp keepalive 300
!
!
crypto ipsec transform-set myset esp-3des esp-md5-hmac
mode tunnel
crypto ipsec nat-transparency spi-matching
!
!
!
crypto map ASA-G 10 ipsec-isakmp
set peer 181.209.173.202
set security-association lifetime seconds 86400
set transform-set myset
set pfs group2
match address 120
!

 

ASA Config:

 

crypto ikev1 policy 1
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400

 

crypto map mymap 160 set pfs
crypto map mymap 160 set peer 190.56.38.50 190.56.38.49
crypto map mymap 160 set ikev1 transform-set ESP-3DES-MD5
crypto map mymap 160 set security-association lifetime seconds 86400

 

tunnel-group 190.56.38.50 type ipsec-l2l
tunnel-group 190.56.38.50 ipsec-attributes
ikev1 pre-shared-key *****

 

Do you think is correct?

 

AGAIN SO THANKS

 

 

 

 

 

I configured the IKEv1 in ASA but i have the same error, some idea?

Thanks for all ur replies

 

Debug ISAKMP router remote

 

004394: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE...
004395: ISAKMP: (0):: incrementing error counter on sa, attempt 4 of 5: retransmit phase 1
004396: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE
004397: ISAKMP-PAK: (0):sending packet to 181.209.173.202 my_port 500 peer_port 500 (I) MM_NO_STATE
004398: ISAKMP: (0):Sending an IKE IPv4 Packet.
004399: ISAKMP: (0):set new node 0 to QM_IDLE
004400: ISAKMP-ERROR: (0):SA is still budding. Attached new ipsec request to it. (local 190.56.38.50, remote 181.209.173.202)
004401: ISAKMP-ERROR: (0):Error while processing SA request: Failed to initialize SA
004402: ISAKMP-ERROR: (0):Error while processing KMI message 0, error 2.
004403: ISAKMP: (0):purging node -299997790
004404: ISAKMP: (0):purging node 720300476
004405: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE...
004406: ISAKMP: (0):: incrementing error counter on sa, attempt 5 of 5: retransmit phase 1
004407: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE
004408: ISAKMP-PAK: (0):sending packet to 181.209.173.202 my_port 500 peer_port 500 (I) MM_NO_STATE
004409: ISAKMP: (0):Sending an IKE IPv4 Packet.
004410: ISAKMP: (0):set new node 0 to QM_IDLE
004411: ISAKMP-ERROR: (0):SA is still budding. Attached new ipsec request to it. (local 190.56.38.50, remote 181.209.173.202)
004412: ISAKMP-ERROR: (0):Error while processing SA request: Failed to initialize SA
004413: ISAKMP-ERROR: (0):Error while processing KMI message 0, error 2.
004414: ISAKMP: (0):purging SA., sa=D42444D0, delme=D42444D0
004415: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE...
004416: ISAKMP: (0):peer does not do paranoid keepalives.
004417: ISAKMP-ERROR: (0):deleting SA reason "Death by retransmission P1" state (I) MM_NO_STATE (peer 181.209.173.202)
004418: ISAKMP-ERROR: (0):deleting SA reason "Death by retransmission P1" state (I) MM_NO_STATE (peer 181.209.173.202)
004419: ISAKMP: (0):Unlocking peer struct 0xD381C4D0 for isadb_mark_sa_deleted(), count 0
004420: ISAKMP: (0):Deleting peer node by peer_reap for 181.209.173.202: D381C4D0
004421: ISAKMP: (0):deleting node -410245171 error FALSE reason "IKE deleted"
004422: ISAKMP: (0):deleting node 770258192 error FALSE reason "IKE deleted"
004423: ISAKMP: (0):deleting node -178811868 error FALSE reason "IKE deleted"
004424: ISAKMP: (0):deleting node -1593750287 error FALSE reason "IKE deleted"
004425: ISAKMP: (0):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
004426: ISAKMP: (0):Old State = IKE_I_MM1 New State = IKE_DEST_SA

004427: ISAKMP: (0):SA request profile is (NULL)
004428: ISAKMP: (0):Created a peer struct for 181.209.173.202, peer port 500
004429: ISAKMP: (0):New peer created peer = 0xD004F560 peer_handle = 0x800000E4
004430: ISAKMP: (0):Locking peer struct 0xD004F560, refcount 1 for isakmp_initiator
004431: ISAKMP: (0):local port 500, remote port 500
004432: ISAKMP: (0):set new node 0 to QM_IDLE
004433: ISAKMP: (0):Find a dup sa in the avl tree during calling isadb_insert sa = D4D450A0
004434: ISAKMP: (0):Can not start Aggressive mode, trying Main mode.
004435: ISAKMP: (0):found peer pre-shared key matching 181.209.173.202
004436: ISAKMP: (0):Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM
004437: ISAKMP: (0):Old State = IKE_READY New State = IKE_I_MM1

004438: ISAKMP: (0):beginning Main Mode exchange
004439: ISAKMP-PAK: (0):sending packet to 181.209.173.202 my_port 500 peer_port 500 (I) MM_NO_STATE
004440: ISAKMP: (0):Sending an IKE IPv4 Packet.
004441: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE...
004442: ISAKMP: (0):: incrementing error counter on sa, attempt 1 of 5: retransmit phase 1
004443: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE
004444: ISAKMP-PAK: (0):sending packet to 181.209.173.202 my_port 500 peer_port 500 (I) MM_NO_STATE
004445: ISAKMP: (0):Sending an IKE IPv4 Packet.

 

ASA config

 

ASA-GUATEMALA# sh run
: Saved

:
: Serial Number: JAD230304B1
: Hardware: ASA5506, 4096 MB RAM, CPU Atom C2000 series 1250 MHz, 1 CPU (4 cores)
:
ASA Version 9.8(2)
!
hostname ASA-GUATEMALA
domain-name default.domain.invalid

names
name 10.152.238.192 Microtik
name 10.150.101.0 Filiales_CA description Tiendas Filiales
name 10.150.71.161 Host_10.150.71.161
name 10.150.86.72 Host_10.150.86.72
name 10.150.86.91 Host_10.150.86.91
name 10.152.232.248 Host_10.152.232.248
name 10.150.86.65 Host_10.150.86.65

!
interface GigabitEthernet1/1
description outside
duplex full
nameif outside
security-level 0
ip address 181.209.173.202 255.255.255.248
!
interface GigabitEthernet1/2
description inside
speed 100
duplex full
nameif inside
security-level 100
ip address Host_10.150.86.65 255.255.255.224
!
interface GigabitEthernet1/3
description inside2
speed 100
duplex full
no nameif
security-level 100
ip address Host_10.150.71.161 255.255.255.224
!
interface GigabitEthernet1/4
bridge-group 1
nameif inside_3
security-level 100
!
interface GigabitEthernet1/5
bridge-group 1
nameif inside_4
security-level 100
!
interface GigabitEthernet1/6
bridge-group 1
nameif inside_5
security-level 100
!
interface GigabitEthernet1/7
bridge-group 1
nameif inside_6
security-level 100
!
interface GigabitEthernet1/8
bridge-group 1
nameif inside_7
security-level 100
!
interface Management1/1
management-only
no nameif
no security-level
no ip address
!
interface BVI1
no nameif
security-level 100
ip address 192.168.1.1 255.255.255.0
!
boot system disk0:/asa805-31-k8.bin
ftp mode passive
dns server-group DefaultDNS
domain-name default.domain.invalid
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network obj_any1
subnet 0.0.0.0 0.0.0.0
object network obj_any2
subnet 0.0.0.0 0.0.0.0
object network obj_any3
subnet 0.0.0.0 0.0.0.0
object network obj_any4
subnet 0.0.0.0 0.0.0.0
object network obj_any5
subnet 0.0.0.0 0.0.0.0
object network obj_any6
subnet 0.0.0.0 0.0.0.0
object network obj_any7
subnet 0.0.0.0 0.0.0.0
object network obj_any
subnet 0.0.0.0 0.0.0.0
object-group network GuatemalaLocal
network-object 10.150.71.160 255.255.255.224
network-object 10.150.86.64 255.255.255.224
object-group network GuatemalaRemoto
network-object 10.150.32.0 255.255.255.0
network-object 10.150.35.0 255.255.255.0
network-object 10.150.252.0 255.255.255.0
network-object 10.150.253.192 255.255.255.252
network-object 10.150.253.224 255.255.255.224
network-object 10.150.94.224 255.255.255.224
network-object 10.150.96.0 255.255.255.224
network-object 10.150.16.0 255.255.252.0
network-object 10.150.47.0 255.255.255.0
network-object 10.150.100.32 255.255.255.224
network-object 10.150.96.32 255.255.255.224
network-object 10.150.98.64 255.255.255.224
object-group service TCP_1273
service-object tcp destination eq 1273
object-group service TCP_1723
service-object tcp destination eq pptp
object-group service TCP_4370
service-object tcp destination eq 4370
object-group service TCP_47
service-object tcp destination eq 47
object-group service TCP_81
service-object tcp destination eq 81
object-group service TCP_8291
service-object tcp destination eq 8291
object-group service DM_INLINE_SERVICE_1
group-object TCP_1273
group-object TCP_4370
group-object TCP_47
group-object TCP_81
group-object TCP_8291
service-object tcp destination eq www
service-object tcp destination eq pptp
object-group protocol DM_INLINE_PROTOCOL_1
protocol-object ip
protocol-object icmp
object-group protocol DM_INLINE_PROTOCOL_2
protocol-object ip
protocol-object icmp
object-group network Tiendas_Remotas
network-object 10.150.86.96 255.255.255.224
object-group network TeleperformanceRemoto
description Conexin Microtik
network-object 10.152.231.0 255.255.255.128
network-object Microtik 255.255.255.240
network-object 10.152.232.240 255.255.255.240
network-object host Host_10.152.232.248
object-group network PrdTeleperformance
network-object 10.152.231.0 255.255.255.128
object-group network Filiales_CA
description Tiendas Filiales
network-object Filiales_CA 255.255.255.224
object-group network GuatemalaRemot
access-list acl_outside extended permit icmp any any
access-list acl_outside extended permit object-group DM_INLINE_SERVICE_1 any interface outside log
access-list acl_inside extended permit icmp any any
access-list acl_inside extended permit object-group DM_INLINE_PROTOCOL_2 10.150.86.64 255.255.255.224 10.150.71.160 255.255.255.224
access-list acl_inside extended permit ip host 10.150.86.66 any
access-list acl_inside extended permit ip host 10.150.86.67 any
access-list acl_inside extended permit ip host 10.150.86.68 any
access-list acl_inside extended permit ip host 10.150.86.69 any
access-list acl_inside extended permit ip host 10.150.86.70 any
access-list acl_inside extended permit ip host 10.150.86.71 any
access-list acl_inside extended permit ip host 10.150.86.73 any
access-list acl_inside extended permit ip host 10.150.86.74 any
access-list acl_inside extended permit ip host 10.150.86.75 any
access-list acl_inside extended permit ip host 10.150.86.77 any
access-list acl_inside extended permit ip host 10.150.86.79 any
access-list acl_inside extended permit ip host 10.150.86.81 any
access-list acl_inside extended permit ip host 10.150.86.82 any
access-list acl_inside extended permit ip host 10.150.86.83 any
access-list acl_inside extended permit ip host 10.150.86.84 any
access-list acl_inside extended permit ip host 10.150.86.85 any
access-list acl_inside extended permit ip host 10.150.86.86 any
access-list acl_inside extended permit ip host 10.150.86.87 any
access-list acl_inside extended permit ip host 10.150.86.89 any
access-list acl_inside extended permit ip host 10.150.86.90 any
access-list acl_inside extended permit ip host 10.150.86.92 any
access-list acl_inside extended permit ip host 10.150.71.164 any
access-list acl_inside extended permit ip host 10.150.86.93 any
access-list acl_inside extended permit tcp host 10.150.86.74 any
access-list acl_inside extended permit ip host 10.150.86.80 any
access-list acl_inside extended permit ip host 10.150.86.78 any
access-list acl_inside extended permit ip host 10.150.71.170 any
access-list acl_inside extended permit ip 10.150.32.0 255.255.255.0 10.150.100.192 255.255.255.224
access-list acl_inside extended permit ip 10.150.35.0 255.255.255.0 10.150.100.192 255.255.255.224
access-list acl_inside extended permit ip 10.150.32.0 255.255.255.0 10.150.86.96 255.255.255.224
access-list acl_inside extended permit ip 10.150.35.0 255.255.255.0 10.150.86.96 255.255.255.224
access-list acl_inside extended permit ip 10.150.32.0 255.255.255.0 10.150.86.128 255.255.255.224
access-list acl_inside extended permit ip 10.150.35.0 255.255.255.0 10.150.86.128 255.255.255.224
access-list acl_inside extended permit ip 10.150.32.0 255.255.255.0 10.150.68.224 255.255.255.224
access-list acl_inside extended permit ip 10.150.35.0 255.255.255.0 10.150.68.224 255.255.255.224
access-list acl_inside extended permit ip 10.150.32.0 255.255.255.0 10.150.68.160 255.255.255.224
access-list acl_inside extended permit ip 10.150.35.0 255.255.255.0 10.150.68.160 255.255.255.224
access-list acl_inside extended permit ip 10.150.32.0 255.255.255.0 10.150.95.0 255.255.255.224
access-list acl_inside extended permit ip 10.150.35.0 255.255.255.0 10.150.95.0 255.255.255.224
access-list acl_inside extended permit ip 10.150.32.0 255.255.255.0 10.150.94.224 255.255.255.224
access-list acl_inside extended permit ip 10.150.35.0 255.255.255.0 10.150.94.224 255.255.255.224
access-list acl_inside extended permit ip 10.150.32.0 255.255.255.0 10.150.96.32 255.255.255.224
access-list acl_inside extended permit ip 10.150.35.0 255.255.255.0 10.150.96.32 255.255.255.224
access-list acl_inside extended permit ip 10.150.32.0 255.255.255.0 10.150.96.0 255.255.255.224
access-list acl_inside extended permit ip 10.150.35.0 255.255.255.0 10.150.96.0 255.255.255.224
access-list acl_inside extended permit ip 10.150.32.0 255.255.255.0 10.150.97.160 255.255.255.224
access-list acl_inside extended permit ip 10.150.35.0 255.255.255.0 10.150.97.160 255.255.255.224
access-list acl_inside extended permit ip 10.150.32.0 255.255.255.0 10.150.97.192 255.255.255.224
access-list acl_inside extended permit ip 10.150.35.0 255.255.255.0 10.150.97.192 255.255.255.224
access-list acl_inside extended permit ip 10.150.32.0 255.255.255.0 10.150.98.0 255.255.255.224
access-list acl_inside extended permit ip 10.150.35.0 255.255.255.0 10.150.98.0 255.255.255.224
access-list acl_inside extended permit ip 10.150.32.0 255.255.255.0 10.150.98.64 255.255.255.224
access-list acl_inside extended permit ip 10.150.35.0 255.255.255.0 10.150.98.64 255.255.255.224
access-list acl_inside extended permit ip 10.150.32.0 255.255.255.0 10.150.98.160 255.255.255.224
access-list acl_inside extended permit ip 10.150.35.0 255.255.255.0 10.150.98.160 255.255.255.224
access-list acl_inside extended permit ip 10.150.32.0 255.255.255.0 10.150.99.128 255.255.255.224
access-list acl_inside extended permit ip 10.150.35.0 255.255.255.0 10.150.99.128 255.255.255.224
access-list acl_inside extended permit ip 10.150.32.0 255.255.255.0 10.150.100.32 255.255.255.224
access-list acl_inside extended permit ip 10.150.35.0 255.255.255.0 10.150.100.32 255.255.255.224
access-list acl_inside extended permit ip 10.150.32.0 255.255.255.0 10.150.74.192 255.255.255.224
access-list acl_inside extended permit ip 10.150.35.0 255.255.255.0 10.150.74.192 255.255.255.224
access-list acl_inside extended permit ip 10.150.49.0 255.255.255.0 10.150.100.192 255.255.255.224
access-list acl_inside extended permit ip 10.150.49.0 255.255.255.0 10.150.86.96 255.255.255.224
access-list acl_inside extended permit ip 10.150.49.0 255.255.255.0 10.150.86.128 255.255.255.224
access-list acl_inside extended permit ip 10.150.49.0 255.255.255.0 10.150.68.224 255.255.255.224
access-list acl_inside extended permit ip 10.150.49.0 255.255.255.0 10.150.68.160 255.255.255.224
access-list acl_inside extended permit ip 10.150.49.0 255.255.255.0 10.150.95.0 255.255.255.224
access-list acl_inside extended permit ip 10.150.49.0 255.255.255.0 10.150.94.224 255.255.255.224
access-list acl_inside extended permit ip 10.150.49.0 255.255.255.0 10.150.96.32 255.255.255.224
access-list acl_inside extended permit ip 10.150.49.0 255.255.255.0 10.150.96.0 255.255.255.224
access-list acl_inside extended permit ip 10.150.49.0 255.255.255.0 10.150.97.160 255.255.255.224
access-list acl_inside extended permit ip 10.150.49.0 255.255.255.0 10.150.97.192 255.255.255.224
access-list acl_inside extended permit ip 10.150.49.0 255.255.255.0 10.150.98.0 255.255.255.224
access-list acl_inside extended permit ip 10.150.49.0 255.255.255.0 10.150.98.64 255.255.255.224
access-list acl_inside extended permit ip 10.150.49.0 255.255.255.0 10.150.98.160 255.255.255.224
access-list acl_inside extended permit ip 10.150.49.0 255.255.255.0 10.150.99.128 255.255.255.224
access-list acl_inside extended permit ip 10.150.49.0 255.255.255.0 10.150.100.32 255.255.255.224
access-list acl_inside extended permit ip 10.150.49.0 255.255.255.0 10.150.74.192 255.255.255.224
access-list acl_inside extended permit ip 10.150.86.64 255.255.255.224 10.150.95.0 255.255.255.224
access-list acl_inside extended permit ip 10.150.86.64 255.255.255.224 10.150.68.160 255.255.255.224
access-list acl_inside extended permit ip 10.150.86.64 255.255.255.224 10.150.97.160 255.255.255.224
access-list acl_inside extended permit ip 10.150.86.64 255.255.255.224 10.150.68.224 255.255.255.224
access-list acl_inside extended permit ip 10.150.86.64 255.255.255.224 10.150.97.192 255.255.255.224
access-list acl_inside extended permit ip 10.150.86.64 255.255.255.224 10.150.98.0 255.255.255.224
access-list acl_inside extended permit ip 10.150.86.64 255.255.255.224 10.150.99.128 255.255.255.224
access-list acl_inside extended permit ip 10.150.86.64 255.255.255.224 10.150.100.192 255.255.255.224
access-list acl_inside extended permit ip 10.150.86.64 255.255.255.224 10.150.74.192 255.255.255.224
access-list acl_inside extended permit ip 10.150.86.64 255.255.255.224 10.150.98.64 255.255.255.224
access-list acl_inside extended permit ip 10.150.47.0 255.255.255.0 10.150.86.96 255.255.255.224
access-list acl_inside extended permit ip 10.150.47.0 255.255.255.0 10.150.86.128 255.255.255.224
access-list acl_inside extended permit ip 10.150.47.0 255.255.255.0 10.150.86.160 255.255.255.224
access-list acl_inside extended permit ip 10.150.47.0 255.255.255.0 10.150.97.160 255.255.255.224
access-list acl_inside extended permit ip 10.150.47.0 255.255.255.0 10.150.97.192 255.255.255.224
access-list acl_inside extended permit ip 10.150.47.0 255.255.255.0 10.150.98.0 255.255.255.224
access-list acl_inside extended permit ip 10.150.47.0 255.255.255.0 10.150.99.128 255.255.255.224
access-list acl_inside extended permit ip 10.150.47.0 255.255.255.0 10.150.100.192 255.255.255.224
access-list acl_inside extended permit ip 10.150.47.0 255.255.255.0 10.150.68.224 255.255.255.224
access-list acl_inside extended permit ip 10.150.47.0 255.255.255.0 10.150.95.0 255.255.255.224
access-list acl_inside extended permit ip 10.150.47.0 255.255.255.0 10.150.74.192 255.255.255.224
access-list acl_inside extended permit ip 10.150.47.0 255.255.255.0 10.150.68.160 255.255.255.224
access-list acl_inside extended permit ip 10.150.36.0 255.255.255.0 10.150.86.96 255.255.255.224
access-list acl_inside extended permit ip 10.150.36.0 255.255.255.0 10.150.92.64 255.255.255.224
access-list acl_inside extended permit ip 10.150.36.0 255.255.255.0 10.150.86.64 255.255.255.224
access-list acl_inside extended permit ip 10.150.36.0 255.255.255.0 10.150.86.128 255.255.255.224
access-list acl_inside extended permit ip 10.150.36.0 255.255.255.0 10.150.68.160 255.255.255.224
access-list acl_inside extended permit ip 10.150.36.0 255.255.255.0 10.150.68.224 255.255.255.224
access-list acl_inside extended permit ip 10.150.36.0 255.255.255.0 10.150.95.0 255.255.255.224
access-list acl_inside extended permit ip 10.150.36.0 255.255.255.0 10.150.94.224 255.255.255.224
access-list acl_inside extended permit ip 10.150.36.0 255.255.255.0 10.150.96.0 255.255.255.224
access-list acl_inside extended permit ip 10.150.36.0 255.255.255.0 10.150.96.32 255.255.255.224
access-list acl_inside extended permit ip 10.150.36.0 255.255.255.0 10.150.97.160 255.255.255.224
access-list acl_inside extended permit ip 10.150.36.0 255.255.255.0 10.150.97.192 255.255.255.224
access-list acl_inside extended permit ip 10.150.36.0 255.255.255.0 10.150.98.0 255.255.255.224
access-list acl_inside extended permit ip 10.150.36.0 255.255.255.0 10.150.98.64 255.255.255.224
access-list acl_inside extended permit ip 10.150.36.0 255.255.255.0 10.150.96.192 255.255.255.224
access-list acl_inside extended permit ip 10.150.36.0 255.255.255.0 10.150.98.160 255.255.255.224
access-list acl_inside extended permit ip 10.150.36.0 255.255.255.0 10.150.99.128 255.255.255.224
access-list acl_inside extended permit ip 10.150.36.0 255.255.255.0 10.150.100.32 255.255.255.224
access-list acl_inside extended permit ip 10.150.36.0 255.255.255.0 10.150.100.192 255.255.255.224
access-list acl_inside extended permit ip 10.150.36.0 255.255.255.0 10.150.100.160 255.255.255.224
access-list acl_inside extended permit ip 10.150.36.0 255.255.255.0 10.150.74.192 255.255.255.224
access-list acl_inside extended permit ip 10.150.36.0 255.255.255.0 10.150.86.224 255.255.255.224
access-list acl_inside extended permit ip host 10.150.71.165 any
access-list acl_inside extended permit ip host 10.150.86.72 any
access-list inside_nat0_outbound extended permit ip object-group GuatemalaLocal object-group GuatemalaRemoto
access-list inside_nat0_outbound extended permit ip 10.150.86.64 255.255.255.224 10.150.71.160 255.255.255.224
access-list inside_nat0_outbound extended permit ip object-group GuatemalaLocal object-group TeleperformanceRemoto
access-list inside_nat0_outbound extended permit ip 10.150.86.64 255.255.255.224 10.150.47.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 10.150.86.64 255.255.255.224 10.150.100.192 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.32.0 255.255.255.0 10.150.100.192 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.35.0 255.255.255.0 10.150.100.192 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.86.64 255.255.255.224 10.150.86.96 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.32.0 255.255.255.0 10.150.86.96 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.35.0 255.255.255.0 10.150.86.96 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.86.64 255.255.255.224 10.150.86.128 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.32.0 255.255.255.0 10.150.86.128 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.35.0 255.255.255.0 10.150.86.128 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.86.64 255.255.255.224 10.150.68.224 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.32.0 255.255.255.0 10.150.68.224 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.35.0 255.255.255.0 10.150.68.224 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.86.64 255.255.255.224 10.150.68.160 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.32.0 255.255.255.0 10.150.68.160 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.35.0 255.255.255.0 10.150.68.160 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.32.0 255.255.255.0 10.150.95.0 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.35.0 255.255.255.0 10.150.95.0 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.86.64 255.255.255.224 10.150.94.224 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.32.0 255.255.255.0 10.150.94.224 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.35.0 255.255.255.0 10.150.94.224 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.32.0 255.255.255.0 10.150.96.32 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.35.0 255.255.255.0 10.150.96.32 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.86.64 255.255.255.224 10.150.96.0 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.32.0 255.255.255.0 10.150.96.0 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.35.0 255.255.255.0 10.150.96.0 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.86.64 255.255.255.224 10.150.97.160 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.32.0 255.255.255.0 10.150.97.160 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.35.0 255.255.255.0 10.150.97.160 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.86.64 255.255.255.224 10.150.97.192 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.32.0 255.255.255.0 10.150.97.192 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.35.0 255.255.255.0 10.150.97.192 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.86.64 255.255.255.224 10.150.98.0 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.32.0 255.255.255.0 10.150.98.0 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.35.0 255.255.255.0 10.150.98.0 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.32.0 255.255.255.0 10.150.98.64 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.35.0 255.255.255.0 10.150.98.64 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.32.0 255.255.255.0 10.150.98.160 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.35.0 255.255.255.0 10.150.98.160 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.86.64 255.255.255.224 10.150.99.128 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.32.0 255.255.255.0 10.150.99.128 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.35.0 255.255.255.0 10.150.99.128 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.32.0 255.255.255.0 10.150.100.32 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.35.0 255.255.255.0 10.150.100.32 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.86.64 255.255.255.224 10.150.74.192 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.35.0 255.255.255.0 10.150.74.192 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.86.64 255.255.255.224 10.150.98.160 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.86.64 255.255.255.224 10.150.49.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 10.150.49.0 255.255.255.0 10.150.100.192 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.49.0 255.255.255.0 10.150.86.96 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.49.0 255.255.255.0 10.150.86.128 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.49.0 255.255.255.0 10.150.68.224 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.49.0 255.255.255.0 10.150.68.160 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.49.0 255.255.255.0 10.150.95.0 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.49.0 255.255.255.0 10.150.94.224 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.49.0 255.255.255.0 10.150.96.32 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.49.0 255.255.255.0 10.150.96.0 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.49.0 255.255.255.0 10.150.97.160 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.49.0 255.255.255.0 10.150.98.0 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.49.0 255.255.255.0 10.150.98.64 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.49.0 255.255.255.0 10.150.98.160 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.49.0 255.255.255.0 10.150.99.128 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.49.0 255.255.255.0 10.150.74.192 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.86.64 255.255.255.224 10.150.100.32 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.32.0 255.255.255.0 10.150.74.192 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.49.0 255.255.255.0 10.150.97.192 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.49.0 255.255.255.0 10.150.100.32 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.71.160 255.255.255.224 10.150.47.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 10.150.71.160 255.255.255.224 10.150.100.192 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.71.160 255.255.255.224 10.150.86.96 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.71.160 255.255.255.224 10.150.86.128 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.71.160 255.255.255.224 10.150.68.224 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.71.160 255.255.255.224 10.150.68.160 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.71.160 255.255.255.224 10.150.95.0 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.71.160 255.255.255.224 10.150.94.224 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.71.160 255.255.255.224 10.150.96.0 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.71.160 255.255.255.224 10.150.97.160 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.71.160 255.255.255.224 10.150.97.192 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.71.160 255.255.255.224 10.150.98.0 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.71.160 255.255.255.224 10.150.99.128 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.71.160 255.255.255.224 10.150.74.192 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.71.160 255.255.255.224 10.150.98.160 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.71.160 255.255.255.224 10.150.49.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 10.150.71.160 255.255.255.224 10.150.100.32 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.86.64 255.255.255.224 10.150.95.0 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.36.0 255.255.255.0 10.150.86.96 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.86.64 255.255.255.224 10.150.92.64 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.86.64 255.255.255.224 10.150.86.64 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.86.64 255.255.255.224 10.150.96.32 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.86.64 255.255.255.224 10.150.98.64 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.86.64 255.255.255.224 10.150.96.192 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.86.64 255.255.255.224 10.150.100.160 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.86.64 255.255.255.224 10.150.86.224 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.150.36.0 255.255.255.0 10.150.86.128 255.255.255.224
access-list outside_20_cryptomap extended permit ip object-group GuatemalaLocal object-group GuatemalaRemoto
access-list Secundaria_nat0_outbound extended permit ip object-group GuatemalaLocal object-group TeleperformanceRemoto
access-list Secundaria_nat0_outbound extended permit ip 10.150.71.160 255.255.255.224 10.150.86.64 255.255.255.224
access-list Secundaria_access_in extended permit object-group DM_INLINE_PROTOCOL_1 10.150.71.160 255.255.255.224 10.150.86.64 255.255.255.224
access-list Secundaria_access_in extended permit ip host 10.150.71.165 any
access-list outside_cryptomap extended permit ip 10.150.86.64 255.255.255.224 object-group TeleperformanceRemoto
access-list outside_cryptomap extended permit ip 10.150.71.160 255.255.255.224 object-group TeleperformanceRemoto
access-list outside_1_cryptomap extended permit ip object-group GuatemalaLocal object-group TeleperformanceRemoto
access-list outside_cryptomap_1 extended permit ip object-group GuatemalaLocal object-group Filiales_CA
access-list VPN-8741 extended permit ip 10.150.16.0 255.255.252.0 10.150.100.192 255.255.255.224
access-list VPN-8741 extended permit ip 10.150.32.0 255.255.255.0 10.150.100.192 255.255.255.224
access-list VPN-8741 extended permit ip 10.150.33.0 255.255.255.0 10.150.100.192 255.255.255.224
access-list VPN-8741 extended permit ip 10.150.35.0 255.255.255.0 10.150.100.192 255.255.255.224
access-list VPN-8741 extended permit ip 10.150.41.0 255.255.255.0 10.150.100.192 255.255.255.224
access-list VPN-8741 extended permit ip 10.150.47.0 255.255.255.0 10.150.100.192 255.255.255.224
access-list VPN-8741 extended permit ip 10.150.48.0 255.255.255.0 10.150.100.192 255.255.255.224
access-list VPN-8741 extended permit ip 10.150.49.0 255.255.255.0 10.150.100.192 255.255.255.224
access-list VPN-8741 extended permit ip 10.150.58.0 255.255.255.0 10.150.100.192 255.255.255.224
access-list VPN-8741 extended permit ip 10.150.68.224 255.255.255.224 10.150.100.192 255.255.255.224
access-list VPN-8741 extended permit ip 10.150.84.0 255.255.255.224 10.150.100.192 255.255.255.224
access-list VPN-8741 extended permit ip 10.150.86.64 255.255.255.224 10.150.100.192 255.255.255.224
access-list VPN-8741 extended permit ip 10.150.89.0 255.255.255.224 10.150.100.192 255.255.255.224
access-list VPN-8741 extended permit ip 10.150.90.192 255.255.255.224 10.150.100.192 255.255.255.224
access-list VPN-8741 extended permit ip 10.150.92.64 255.255.255.224 10.150.100.192 255.255.255.224
access-list VPN-8741 extended permit ip 10.150.94.32 255.255.255.224 10.150.100.192 255.255.255.224
access-list VPN-8741 extended permit ip 10.150.253.192 255.255.255.224 10.150.100.192 255.255.255.224
access-list VPN-8741 extended permit ip 10.150.253.224 255.255.255.224 10.150.100.192 255.255.255.224
access-list VPN-8741 extended permit ip 10.150.63.0 255.255.255.0 10.150.100.192 255.255.255.224
access-list VPN-8741 extended permit ip 10.150.71.160 255.255.255.224 10.150.100.192 255.255.255.224
access-list VPN-8741 extended permit ip 10.150.36.0 255.255.255.0 10.150.100.192 255.255.255.224
access-list outside_cryptomap_65535.1 extended permit ip any object-group GuatemalaLocal
access-list VPN-8704 extended permit ip 10.150.16.0 255.255.252.0 10.150.86.96 255.255.255.224
access-list VPN-8704 extended permit ip 10.150.32.0 255.255.255.0 10.150.86.96 255.255.255.224
access-list VPN-8704 extended permit ip 10.150.33.0 255.255.255.0 10.150.86.96 255.255.255.224
access-list VPN-8704 extended permit ip 10.150.35.0 255.255.255.0 10.150.86.96 255.255.255.224
access-list VPN-8704 extended permit ip 10.150.41.0 255.255.255.0 10.150.86.96 255.255.255.224
access-list VPN-8704 extended permit ip 10.150.47.0 255.255.255.0 10.150.86.96 255.255.255.224
access-list VPN-8704 extended permit ip 10.150.48.0 255.255.255.0 10.150.86.96 255.255.255.224
access-list VPN-8704 extended permit ip 10.150.49.0 255.255.255.0 10.150.86.96 255.255.255.224
access-list VPN-8704 extended permit ip 10.150.86.64 255.255.255.224 10.150.86.96 255.255.255.224
access-list VPN-8704 extended permit ip 10.150.58.0 255.255.255.0 10.150.86.96 255.255.255.224
access-list VPN-8704 extended permit ip 10.150.71.160 255.255.255.224 10.150.86.96 255.255.255.224
access-list VPN-8704 extended permit ip 10.150.36.0 255.255.255.0 10.150.86.96 255.255.255.224
access-list VPN-8704 extended permit ip 10.150.36.0 255.255.255.0 10.150.92.64 255.255.255.224
access-list VPN-8705 extended permit ip 10.150.16.0 255.255.252.0 10.150.86.128 255.255.255.224
access-list VPN-8705 extended permit ip 10.150.32.0 255.255.255.0 10.150.86.128 255.255.255.224
access-list VPN-8705 extended permit ip 10.150.33.0 255.255.255.0 10.150.86.128 255.255.255.224
access-list VPN-8705 extended permit ip 10.150.35.0 255.255.255.0 10.150.86.128 255.255.255.224
access-list VPN-8705 extended permit ip 10.150.41.0 255.255.255.0 10.150.86.128 255.255.255.224
access-list VPN-8705 extended permit ip 10.150.47.0 255.255.255.0 10.150.86.128 255.255.255.224
access-list VPN-8705 extended permit ip 10.150.48.0 255.255.255.0 10.150.86.128 255.255.255.224
access-list VPN-8705 extended permit ip 10.150.49.0 255.255.255.0 10.150.86.128 255.255.255.224
access-list VPN-8705 extended permit ip 10.150.58.0 255.255.255.0 10.150.86.128 255.255.255.224
access-list VPN-8705 extended permit ip 10.150.86.64 255.255.255.224 10.150.86.128 255.255.255.224
access-list VPN-8705 extended permit ip 10.150.71.160 255.255.255.224 10.150.86.128 255.255.255.224
access-list VPN-8705 extended permit ip 10.150.36.0 255.255.255.0 10.150.86.64 255.255.255.224
access-list VPN-8705 extended permit ip 10.150.36.0 255.255.255.0 10.150.86.128 255.255.255.224
access-list VPN-8712 extended permit ip 10.150.16.0 255.255.252.0 10.150.68.160 255.255.255.224
access-list VPN-8712 extended permit ip 10.150.32.0 255.255.255.0 10.150.68.160 255.255.255.224
access-list VPN-8712 extended permit ip 10.150.33.0 255.255.255.0 10.150.68.160 255.255.255.224
access-list VPN-8712 extended permit ip 10.150.35.0 255.255.255.0 10.150.68.160 255.255.255.224
access-list VPN-8712 extended permit ip 10.150.41.0 255.255.255.0 10.150.68.160 255.255.255.224
access-list VPN-8712 extended permit ip 10.150.47.0 255.255.255.0 10.150.68.160 255.255.255.224
access-list VPN-8712 extended permit ip 10.150.48.0 255.255.255.0 10.150.68.160 255.255.255.224
access-list VPN-8712 extended permit ip 10.150.49.0 255.255.255.0 10.150.68.160 255.255.255.224
access-list VPN-8712 extended permit ip 10.150.58.0 255.255.255.0 10.150.68.160 255.255.255.224
access-list VPN-8712 extended permit ip 10.150.86.64 255.255.255.224 10.150.68.160 255.255.255.224
access-list VPN-8712 extended permit ip 10.150.71.160 255.255.255.224 10.150.68.160 255.255.255.224
access-list VPN-8712 extended permit ip 10.150.36.0 255.255.255.0 10.150.68.160 255.255.255.224
access-list VPN-8713 extended permit ip 10.150.16.0 255.255.252.0 10.150.68.224 255.255.255.224
access-list VPN-8713 extended permit ip 10.150.32.0 255.255.255.0 10.150.68.224 255.255.255.224
access-list VPN-8713 extended permit ip 10.150.33.0 255.255.255.0 10.150.68.224 255.255.255.224
access-list VPN-8713 extended permit ip 10.150.35.0 255.255.255.0 10.150.68.224 255.255.255.224
access-list VPN-8713 extended permit ip 10.150.41.0 255.255.255.0 10.150.68.224 255.255.255.224
access-list VPN-8713 extended permit ip 10.150.47.0 255.255.255.0 10.150.68.224 255.255.255.224
access-list VPN-8713 extended permit ip 10.150.48.0 255.255.255.0 10.150.68.224 255.255.255.224
access-list VPN-8713 extended permit ip 10.150.49.0 255.255.255.0 10.150.68.224 255.255.255.224
access-list VPN-8713 extended permit ip 10.150.58.0 255.255.255.0 10.150.68.224 255.255.255.224
access-list VPN-8713 extended permit ip 10.150.86.64 255.255.255.224 10.150.68.224 255.255.255.224
access-list VPN-8713 extended permit ip 10.150.71.160 255.255.255.224 10.150.68.224 255.255.255.224
access-list VPN-8713 extended permit ip 10.150.36.0 255.255.255.0 10.150.68.224 255.255.255.224
access-list VPN-8714 extended permit ip 10.150.16.0 255.255.252.0 10.150.95.0 255.255.255.224
access-list VPN-8714 extended permit ip 10.150.32.0 255.255.255.0 10.150.95.0 255.255.255.224
access-list VPN-8714 extended permit ip 10.150.33.0 255.255.255.0 10.150.95.0 255.255.255.224
access-list VPN-8714 extended permit ip 10.150.35.0 255.255.255.0 10.150.95.0 255.255.255.224
access-list VPN-8714 extended permit ip 10.150.41.0 255.255.255.0 10.150.95.0 255.255.255.224
access-list VPN-8714 extended permit ip 10.150.47.0 255.255.255.0 10.150.95.0 255.255.255.224
access-list VPN-8714 extended permit ip 10.150.48.0 255.255.255.0 10.150.95.0 255.255.255.224
access-list VPN-8714 extended permit ip 10.150.49.0 255.255.255.0 10.150.95.0 255.255.255.224
access-list VPN-8714 extended permit ip 10.150.58.0 255.255.255.0 10.150.95.0 255.255.255.224
access-list VPN-8714 extended permit ip 10.150.86.64 255.255.255.224 10.150.95.0 255.255.255.224
access-list VPN-8714 extended permit ip 10.150.71.160 255.255.255.224 10.150.95.0 255.255.255.224
access-list VPN-8714 extended permit ip 10.150.36.0 255.255.255.0 10.150.95.0 255.255.255.224
access-list VPN-8715 extended permit ip 10.150.32.0 255.255.255.0 10.150.94.224 255.255.255.224
access-list VPN-8715 extended permit ip 10.150.33.0 255.255.255.0 10.150.94.224 255.255.255.224
access-list VPN-8715 extended permit ip 10.150.35.0 255.255.255.0 10.150.94.224 255.255.255.224
access-list VPN-8715 extended permit ip 10.150.41.0 255.255.255.0 10.150.94.224 255.255.255.224
access-list VPN-8715 extended permit ip 10.150.47.0 255.255.255.0 10.150.94.224 255.255.255.224
access-list VPN-8715 extended permit ip 10.150.48.0 255.255.255.0 10.150.94.224 255.255.255.224
access-list VPN-8715 extended permit ip 10.150.49.0 255.255.255.0 10.150.94.224 255.255.255.224
access-list VPN-8715 extended permit ip 10.150.58.0 255.255.255.0 10.150.94.224 255.255.255.224
access-list VPN-8715 extended permit ip 10.150.86.64 255.255.255.224 10.150.94.224 255.255.255.224
access-list VPN-8715 extended permit ip 10.150.16.0 255.255.252.0 10.150.94.224 255.255.255.224
access-list VPN-8715 extended permit ip 10.150.71.160 255.255.255.224 10.150.94.224 255.255.255.224
access-list VPN-8715 extended permit ip 10.150.36.0 255.255.255.0 10.150.94.224 255.255.255.224
access-list VPN-8717 extended permit ip 10.150.16.0 255.255.252.0 10.150.96.0 255.255.255.224
access-list VPN-8717 extended permit ip 10.150.32.0 255.255.255.0 10.150.96.0 255.255.255.224
access-list VPN-8717 extended permit ip 10.150.33.0 255.255.255.0 10.150.96.0 255.255.255.224
access-list VPN-8717 extended permit ip 10.150.35.0 255.255.255.0 10.150.96.0 255.255.255.224
access-list VPN-8717 extended permit ip 10.150.41.0 255.255.255.0 10.150.96.0 255.255.255.224
access-list VPN-8717 extended permit ip 10.150.47.0 255.255.255.0 10.150.96.0 255.255.255.224
access-list VPN-8717 extended permit ip 10.150.48.0 255.255.255.0 10.150.96.0 255.255.255.224
access-list VPN-8717 extended permit ip 10.150.49.0 255.255.255.0 10.150.96.0 255.255.255.224
access-list VPN-8717 extended permit ip 10.150.58.0 255.255.255.0 10.150.96.0 255.255.255.224
access-list VPN-8717 extended permit ip 10.150.86.64 255.255.255.224 10.150.96.0 255.255.255.224
access-list VPN-8717 extended permit ip 10.150.71.160 255.255.255.224 10.150.96.0 255.255.255.224
access-list VPN-8717 extended permit ip 10.150.36.0 255.255.255.0 10.150.96.0 255.255.255.224
access-list VPN-8718 extended permit ip 10.150.16.0 255.255.252.0 10.150.96.32 255.255.255.224
access-list VPN-8718 extended permit ip 10.150.32.0 255.255.255.0 10.150.96.32 255.255.255.224
access-list VPN-8718 extended permit ip 10.150.33.0 255.255.255.0 10.150.96.32 255.255.255.224
access-list VPN-8718 extended permit ip 10.150.35.0 255.255.255.0 10.150.96.32 255.255.255.224
access-list VPN-8718 extended permit ip 10.150.41.0 255.255.255.0 10.150.96.32 255.255.255.224
access-list VPN-8718 extended permit ip 10.150.47.0 255.255.255.0 10.150.96.32 255.255.255.224
access-list VPN-8718 extended permit ip 10.150.48.0 255.255.255.0 10.150.96.32 255.255.255.224
access-list VPN-8718 extended permit ip 10.150.49.0 255.255.255.0 10.150.96.32 255.255.255.224
access-list VPN-8718 extended permit ip 10.150.58.0 255.255.255.0 10.150.96.32 255.255.255.224
access-list VPN-8718 extended permit ip 10.150.86.64 255.255.255.224 10.150.96.32 255.255.255.224
access-list VPN-8718 extended permit ip 10.150.71.160 255.255.255.224 10.150.96.32 255.255.255.224
access-list VPN-8718 extended permit ip 10.150.36.0 255.255.255.0 10.150.96.32 255.255.255.224
access-list VPN-8720 extended permit ip 10.150.16.0 255.255.252.0 10.150.97.160 255.255.255.224
access-list VPN-8720 extended permit ip 10.150.32.0 255.255.255.0 10.150.97.160 255.255.255.224
access-list VPN-8720 extended permit ip 10.150.33.0 255.255.255.0 10.150.97.160 255.255.255.224
access-list VPN-8720 extended permit ip 10.150.35.0 255.255.255.0 10.150.97.160 255.255.255.224
access-list VPN-8720 extended permit ip 10.150.41.0 255.255.255.0 10.150.97.160 255.255.255.224
access-list VPN-8720 extended permit ip 10.150.47.0 255.255.255.0 10.150.97.160 255.255.255.224
access-list VPN-8720 extended permit ip 10.150.48.0 255.255.255.0 10.150.97.160 255.255.255.224
access-list VPN-8720 extended permit ip 10.150.49.0 255.255.255.0 10.150.97.160 255.255.255.224
access-list VPN-8720 extended permit ip 10.150.58.0 255.255.255.0 10.150.97.160 255.255.255.224
access-list VPN-8720 extended permit ip 10.150.86.64 255.255.255.224 10.150.97.160 255.255.255.224
access-list VPN-8720 extended permit ip 10.150.71.160 255.255.255.224 10.150.97.160 255.255.255.224
access-list VPN-8720 extended permit ip 10.150.36.0 255.255.255.0 10.150.97.160 255.255.255.224
access-list VPN-8721 extended permit ip 10.150.16.0 255.255.252.0 10.150.97.192 255.255.255.224
access-list VPN-8721 extended permit ip 10.150.32.0 255.255.255.0 10.150.97.192 255.255.255.224
access-list VPN-8721 extended permit ip 10.150.33.0 255.255.255.0 10.150.97.192 255.255.255.224
access-list VPN-8721 extended permit ip 10.150.35.0 255.255.255.0 10.150.97.192 255.255.255.224
access-list VPN-8721 extended permit ip 10.150.41.0 255.255.255.0 10.150.97.192 255.255.255.224
access-list VPN-8721 extended permit ip 10.150.47.0 255.255.255.0 10.150.97.192 255.255.255.224
access-list VPN-8721 extended permit ip 10.150.48.0 255.255.255.0 10.150.97.192 255.255.255.224
access-list VPN-8721 extended permit ip 10.150.49.0 255.255.255.0 10.150.97.192 255.255.255.224
access-list VPN-8721 extended permit ip 10.150.58.0 255.255.255.0 10.150.97.192 255.255.255.224
access-list VPN-8721 extended permit ip 10.150.86.64 255.255.255.224 10.150.97.192 255.255.255.224
access-list VPN-8721 extended permit ip 10.150.71.160 255.255.255.224 10.150.97.192 255.255.255.224
access-list VPN-8721 extended permit ip 10.150.36.0 255.255.255.0 10.150.97.192 255.255.255.224
access-list VPN-8723 extended permit ip 10.150.16.0 255.255.252.0 10.150.98.0 255.255.255.224
access-list VPN-8723 extended permit ip 10.150.32.0 255.255.255.0 10.150.98.0 255.255.255.224
access-list VPN-8723 extended permit ip 10.150.33.0 255.255.255.0 10.150.98.0 255.255.255.224
access-list VPN-8723 extended permit ip 10.150.35.0 255.255.255.0 10.150.98.0 255.255.255.224
access-list VPN-8723 extended permit ip 10.150.41.0 255.255.255.0 10.150.98.0 255.255.255.224
access-list VPN-8723 extended permit ip 10.150.47.0 255.255.255.0 10.150.98.0 255.255.255.224
access-list VPN-8723 extended permit ip 10.150.48.0 255.255.255.0 10.150.98.0 255.255.255.224
access-list VPN-8723 extended permit ip 10.150.49.0 255.255.255.0 10.150.98.0 255.255.255.224
access-list VPN-8723 extended permit ip 10.150.58.0 255.255.255.0 10.150.98.0 255.255.255.224
access-list VPN-8723 extended permit ip 10.150.86.64 255.255.255.224 10.150.98.0 255.255.255.224
access-list VPN-8723 extended permit ip 10.150.71.160 255.255.255.224 10.150.98.0 255.255.255.224
access-list VPN-8723 extended permit ip 10.150.36.0 255.255.255.0 10.150.98.0 255.255.255.224
access-list VPN-8724 extended permit ip 10.150.16.0 255.255.252.0 10.150.98.64 255.255.255.224
access-list VPN-8724 extended permit ip 10.150.32.0 255.255.255.0 10.150.98.64 255.255.255.224
access-list VPN-8724 extended permit ip 10.150.33.0 255.255.255.0 10.150.98.64 255.255.255.224
access-list VPN-8724 extended permit ip 10.150.35.0 255.255.255.0 10.150.98.64 255.255.255.224
access-list VPN-8724 extended permit ip 10.150.41.0 255.255.255.0 10.150.98.64 255.255.255.224
access-list VPN-8724 extended permit ip 10.150.47.0 255.255.255.0 10.150.98.64 255.255.255.224
access-list VPN-8724 extended permit ip 10.150.48.0 255.255.255.0 10.150.98.64 255.255.255.224
access-list VPN-8724 extended permit ip 10.150.49.0 255.255.255.0 10.150.98.64 255.255.255.224
access-list VPN-8724 extended permit ip 10.150.58.0 255.255.255.0 10.150.98.64 255.255.255.224
access-list VPN-8724 extended permit ip 10.150.86.64 255.255.255.224 10.150.98.64 255.255.255.224
access-list VPN-8724 extended permit ip 10.150.71.160 255.255.255.224 10.150.98.64 255.255.255.224
access-list VPN-8724 extended permit ip 10.150.36.0 255.255.255.0 10.150.98.64 255.255.255.224
access-list VPN-8729 extended permit ip 10.150.16.0 255.255.252.0 10.150.98.160 255.255.255.224
access-list VPN-8729 extended permit ip 10.150.32.0 255.255.255.0 10.150.98.160 255.255.255.224
access-list VPN-8729 extended permit ip 10.150.33.0 255.255.255.0 10.150.98.160 255.255.255.224
access-list VPN-8729 extended permit ip 10.150.35.0 255.255.255.0 10.150.98.160 255.255.255.224
access-list VPN-8729 extended permit ip 10.150.41.0 255.255.255.0 10.150.98.160 255.255.255.224
access-list VPN-8729 extended permit ip 10.150.47.0 255.255.255.0 10.150.98.160 255.255.255.224
access-list VPN-8729 extended permit ip 10.150.48.0 255.255.255.0 10.150.98.160 255.255.255.224
access-list VPN-8729 extended permit ip 10.150.49.0 255.255.255.0 10.150.98.160 255.255.255.224
access-list VPN-8729 extended permit ip 10.150.58.0 255.255.255.0 10.150.98.160 255.255.255.224
access-list VPN-8729 extended permit ip 10.150.86.64 255.255.255.224 10.150.98.160 255.255.255.224
access-list VPN-8729 extended permit ip 10.150.71.160 255.255.255.224 10.150.98.160 255.255.255.224
access-list VPN-8729 extended permit ip 10.150.36.0 255.255.255.0 10.150.96.192 255.255.255.224
access-list VPN-8735 extended permit ip 10.150.16.0 255.255.252.0 10.150.99.128 255.255.255.224
access-list VPN-8735 extended permit ip 10.150.32.0 255.255.255.0 10.150.99.128 255.255.255.224
access-list VPN-8735 extended permit ip 10.150.33.0 255.255.255.0 10.150.99.128 255.255.255.224
access-list VPN-8735 extended permit ip 10.150.35.0 255.255.255.0 10.150.99.128 255.255.255.224
access-list VPN-8735 extended permit ip 10.150.41.0 255.255.255.0 10.150.99.128 255.255.255.224
access-list VPN-8735 extended permit ip 10.150.47.0 255.255.255.0 10.150.99.128 255.255.255.224
access-list VPN-8735 extended permit ip 10.150.48.0 255.255.255.0 10.150.99.128 255.255.255.224
access-list VPN-8735 extended permit ip 10.150.49.0 255.255.255.0 10.150.99.128 255.255.255.224
access-list VPN-8735 extended permit ip 10.150.58.0 255.255.255.0 10.150.99.128 255.255.255.224
access-list VPN-8735 extended permit ip 10.150.86.64 255.255.255.224 10.150.99.128 255.255.255.224
access-list VPN-8735 extended permit ip 10.150.71.160 255.255.255.224 10.150.99.128 255.255.255.224
access-list VPN-8735 extended permit ip 10.150.36.0 255.255.255.0 10.150.98.160 255.255.255.224
access-list VPN-8739 extended permit ip 10.150.16.0 255.255.252.0 10.150.100.32 255.255.255.224
access-list VPN-8739 extended permit ip 10.150.32.0 255.255.255.0 10.150.100.32 255.255.255.224
access-list VPN-8739 extended permit ip 10.150.33.0 255.255.255.0 10.150.100.32 255.255.255.224
access-list VPN-8739 extended permit ip 10.150.35.0 255.255.255.0 10.150.100.32 255.255.255.224
access-list VPN-8739 extended permit ip 10.150.41.0 255.255.255.0 10.150.100.32 255.255.255.224
access-list VPN-8739 extended permit ip 10.150.47.0 255.255.255.0 10.150.100.32 255.255.255.224
access-list VPN-8739 extended permit ip 10.150.48.0 255.255.255.0 10.150.100.32 255.255.255.224
access-list VPN-8739 extended permit ip 10.150.49.0 255.255.255.0 10.150.100.32 255.255.255.224
access-list VPN-8739 extended permit ip 10.150.58.0 255.255.255.0 10.150.100.32 255.255.255.224
access-list VPN-8739 extended permit ip 10.150.86.64 255.255.255.224 10.150.100.32 255.255.255.224
access-list VPN-8739 extended permit ip 10.150.71.160 255.255.255.224 10.150.100.32 255.255.255.224
access-list VPN-8739 extended permit ip 10.150.36.0 255.255.255.0 10.150.100.32 255.255.255.224
access-list VPN-8754 extended permit ip 10.150.16.0 255.255.252.0 10.150.74.192 255.255.255.224
access-list VPN-8754 extended permit ip 10.150.32.0 255.255.255.0 10.150.74.192 255.255.255.224
access-list VPN-8754 extended permit ip 10.150.33.0 255.255.255.0 10.150.74.192 255.255.255.224
access-list VPN-8754 extended permit ip 10.150.35.0 255.255.255.0 10.150.74.192 255.255.255.224
access-list VPN-8754 extended permit ip 10.150.41.0 255.255.255.0 10.150.74.192 255.255.255.224
access-list VPN-8754 extended permit ip 10.150.47.0 255.255.255.0 10.150.74.192 255.255.255.224
access-list VPN-8754 extended permit ip 10.150.48.0 255.255.255.0 10.150.74.192 255.255.255.224
access-list VPN-8754 extended permit ip 10.150.49.0 255.255.255.0 10.150.74.192 255.255.255.224
access-list VPN-8754 extended permit ip 10.150.58.0 255.255.255.0 10.150.74.192 255.255.255.224
access-list VPN-8754 extended permit ip 10.150.86.64 255.255.255.224 10.150.74.192 255.255.255.224
access-list VPN-8754 extended permit ip 10.150.71.160 255.255.255.224 10.150.74.192 255.255.255.224
access-list VPN-8754 extended permit ip 10.150.36.0 255.255.255.0 10.150.74.192 255.255.255.224
access-list VPN-8707 extended permit ip 10.150.36.0 255.255.255.0 10.150.86.96 255.255.255.224
access-list VPN-8709 extended permit ip 10.150.36.0 255.255.255.0 10.150.86.128 255.255.255.224
access-list VPN-8742 extended permit ip 10.150.36.0 255.255.255.0 10.150.100.160 255.255.255.224
access-list VPN-8755 extended permit ip 10.150.36.0 255.255.255.0 10.150.86.224 255.255.255.224
access-list acl_inside2 extended permit icmp any any
access-list acl_inside2 extended permit ip host 10.150.71.169 any
access-list acl_inside2 extended permit ip host 10.150.71.165 any
access-list acl-inside extended permit ip host 10.150.86.65 any
pager lines 24
logging enable
logging timestamp
logging console warnings
logging buffered debugging
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu inside_3 1500
mtu inside_4 1500
mtu inside_5 1500
mtu inside_6 1500
mtu inside_7 1500
no failover
no monitor-interface service-module
icmp unreachable rate-limit 1 burst-size 1
icmp permit any outside
asdm image disk0:/asdm-743.bin
asdm history enable
arp timeout 14400
no arp permit-nonconnected
arp rate-limit 16384
!
object network obj_any3
nat (inside_3,outside) dynamic interface
object network obj_any4
nat (inside_4,outside) dynamic interface
object network obj_any5
nat (inside_5,outside) dynamic interface
object network obj_any6
nat (inside_6,outside) dynamic interface
object network obj_any7
nat (inside_7,outside) dynamic interface
object network obj_any
nat (inside,outside) dynamic interface
access-group acl_outside in interface outside
route outside 0.0.0.0 0.0.0.0 181.209.173.201 1
route inside 10.150.32.0 255.255.255.0 Host_10.150.86.72 1
route inside 10.150.35.0 255.255.255.0 Host_10.150.86.72 1
route inside 10.150.36.0 255.255.255.0 Host_10.150.86.72 1
route inside 10.150.47.0 255.255.255.0 Host_10.150.86.72 1
route inside 10.150.49.0 255.255.255.0 Host_10.150.86.72 1
route inside 10.150.86.64 255.255.255.224 Host_10.150.71.161 1
timeout xlate 1:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
timeout conn-holddown 0:00:15
timeout igp stale-route 0:01:10
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
aaa authentication login-history
http server enable
http 192.168.1.0 255.255.255.0 inside_3
http 192.168.1.0 255.255.255.0 inside_4
http 192.168.1.0 255.255.255.0 inside_5
http 192.168.1.0 255.255.255.0 inside_6
http 192.168.1.0 255.255.255.0 inside_7
http 201.144.254.80 255.255.255.240 outside
http 201.144.8.128 255.255.255.224 outside
http 201.116.50.64 255.255.255.240 outside
http 187.210.23.33 255.255.255.255 outside
http 201.116.117.160 255.255.255.240 outside
http 10.150.35.45 255.255.255.255 inside
http 10.150.35.46 255.255.255.255 inside
snmp-server host inside 10.150.32.25 community ***** version 2c
snmp-server host inside 10.150.32.43 poll community ***** version 2c
snmp-server host outside 201.144.8.142 poll community ***** version 2c
snmp-server location ASA Guatemala
snmp-server contact SOC SCITUM
snmp-server community *****
service sw-reset-button
crypto ipsec ikev1 transform-set Guatemala-ipsec-proposal-set esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set Teleperformance esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set myset esp-3des esp-md5-hmac
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map outside_dyn_map 1 match address outside_cryptomap_65535.1
crypto dynamic-map outside_dyn_map 1 set ikev1 transform-set myset
crypto dynamic-map outside_dyn_map 65535 set ikev1 transform-set ESP-AES-256-SHA
crypto map mymap 1 match address outside_1_cryptomap
crypto map mymap 1 set pfs
crypto map mymap 1 set peer 189.211.83.76
crypto map mymap 1 set ikev1 transform-set myset
crypto map mymap 20 match address outside_20_cryptomap
crypto map mymap 20 set peer 201.116.117.162
crypto map mymap 20 set ikev1 transform-set myset
crypto map mymap 100 match address VPN-8741
crypto map mymap 100 set pfs
crypto map mymap 100 set peer 190.56.250.174 190.56.250.173
crypto map mymap 100 set ikev1 transform-set ESP-3DES-MD5
crypto map mymap 100 set security-association lifetime seconds 86400
crypto map mymap 120 match address VPN-8704
crypto map mymap 120 set pfs
crypto map mymap 120 set peer 190.56.141.162 190.56.141.161
crypto map mymap 120 set ikev1 transform-set ESP-3DES-MD5
crypto map mymap 120 set security-association lifetime seconds 86400
crypto map mymap 130 match address VPN-8705
crypto map mymap 130 set pfs
crypto map mymap 130 set peer 190.56.156.54 190.56.156.53
crypto map mymap 130 set ikev1 transform-set ESP-3DES-MD5
crypto map mymap 130 set security-association lifetime seconds 86400
crypto map mymap 140 match address VPN-8712
crypto map mymap 140 set pfs
crypto map mymap 140 set peer 190.56.166.26 190.56.166.25
crypto map mymap 140 set ikev1 transform-set ESP-3DES-MD5
crypto map mymap 140 set security-association lifetime seconds 86400
crypto map mymap 150 match address VPN-8713
crypto map mymap 150 set pfs
crypto map mymap 150 set peer 190.56.242.22 190.56.242.21
crypto map mymap 150 set ikev1 transform-set ESP-3DES-MD5
crypto map mymap 150 set security-association lifetime seconds 86400
crypto map mymap 160 match address VPN-8714
crypto map mymap 160 set pfs
crypto map mymap 160 set peer 190.56.38.50 190.56.38.49
crypto map mymap 160 set ikev1 transform-set ESP-3DES-MD5
crypto map mymap 160 set security-association lifetime seconds 86400
crypto map mymap 170 match address VPN-8715
crypto map mymap 170 set pfs
crypto map mymap 170 set peer 186.151.162.58
crypto map mymap 170 set ikev1 transform-set ESP-3DES-MD5
crypto map mymap 170 set security-association lifetime seconds 28800
crypto map mymap 180 match address VPN-8717
crypto map mymap 180 set pfs
crypto map mymap 180 set peer 190.56.152.234 190.56.152.233
crypto map mymap 180 set ikev1 transform-set ESP-3DES-MD5
crypto map mymap 180 set security-association lifetime seconds 86400
crypto map mymap 190 match address VPN-8718
crypto map mymap 190 set pfs
crypto map mymap 190 set peer 190.149.255.210 190.149.255.209
crypto map mymap 190 set ikev1 transform-set ESP-3DES-MD5
crypto map mymap 190 set security-association lifetime seconds 86400
crypto map mymap 200 match address VPN-8720
crypto map mymap 200 set pfs
crypto map mymap 200 set peer 186.151.219.2 186.151.219.1
crypto map mymap 200 set ikev1 transform-set ESP-3DES-MD5
crypto map mymap 200 set security-association lifetime seconds 86400
crypto map mymap 210 match address VPN-8721
crypto map mymap 210 set pfs
crypto map mymap 210 set peer 186.151.218.2 186.151.218.1
crypto map mymap 210 set ikev1 transform-set ESP-3DES-MD5
crypto map mymap 210 set security-association lifetime seconds 86400
crypto map mymap 220 match address VPN-8723
crypto map mymap 220 set pfs
crypto map mymap 220 set peer 216.230.148.230 216.230.148.229
crypto map mymap 220 set ikev1 transform-set ESP-3DES-MD5
crypto map mymap 220 set security-association lifetime seconds 86400
crypto map mymap 230 match address VPN-8724
crypto map mymap 230 set pfs
crypto map mymap 230 set peer 190.149.247.105 190.149.247.104
crypto map mymap 230 set ikev1 transform-set ESP-3DES-MD5
crypto map mymap 230 set security-association lifetime seconds 86400
crypto map mymap 240 match address VPN-8729
crypto map mymap 240 set pfs
crypto map mymap 240 set peer 190.56.153.150 190.56.153.149
crypto map mymap 240 set ikev1 transform-set ESP-3DES-MD5
crypto map mymap 240 set security-association lifetime seconds 86400
crypto map mymap 250 match address VPN-8735
crypto map mymap 250 set pfs
crypto map mymap 250 set peer 186.151.211.54 186.151.211.53
crypto map mymap 250 set ikev1 transform-set ESP-3DES-MD5
crypto map mymap 250 set security-association lifetime seconds 86400
crypto map mymap 260 match address VPN-8739
crypto map mymap 260 set pfs
crypto map mymap 260 set peer 186.151.120.38 186.151.120.37
crypto map mymap 260 set ikev1 transform-set ESP-3DES-MD5
crypto map mymap 260 set security-association lifetime seconds 86400
crypto map mymap 270 match address VPN-8754
crypto map mymap 270 set pfs
crypto map mymap 270 set peer 190.149.236.2 190.149.236.1
crypto map mymap 270 set ikev1 transform-set ESP-3DES-MD5
crypto map mymap 270 set security-association lifetime seconds 86400
crypto map mymap 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map mymap interface outside
crypto ca trustpool policy
crypto isakmp identity address
no crypto isakmp nat-traversal
crypto ikev1 policy 1
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
telnet 10.150.35.47 255.255.255.255 inside
telnet 10.150.86.93 255.255.255.255 inside
telnet 10.150.35.48 255.255.255.255 inside
telnet 10.150.35.46 255.255.255.255 inside
telnet timeout 5
ssh stricthostkeycheck
ssh 201.144.254.80 255.255.255.240 outside
ssh 201.116.50.64 255.255.255.240 outside
ssh 201.144.8.128 255.255.255.224 outside
ssh 187.210.23.33 255.255.255.255 outside
ssh 201.116.117.160 255.255.255.240 outside
ssh 10.150.86.93 255.255.255.255 inside
ssh 10.150.35.45 255.255.255.255 inside
ssh 10.150.17.3 255.255.255.255 inside
ssh 10.150.35.46 255.255.255.255 inside
ssh 10.150.35.47 255.255.255.255 inside
ssh timeout 60
ssh version 2
ssh key-exchange group dh-group1-sha1
console timeout 0
management-access inside

dhcpd auto_config outside
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
group-policy DfltGrpPolicy attributes
vpn-idle-timeout none
group-policy mygroup internal
group-policy mygroup attributes
vpn-tunnel-protocol ikev1
group-policy GroupPolicy1 internal
group-policy GroupPolicy1 attributes
vpn-tunnel-protocol ikev1
dynamic-access-policy-record DfltAccessPolicy

tunnel-group DefaultL2LGroup ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group DefaultRAGroup ipsec-attributes
ikev1 user-authentication none
tunnel-group 201.1136.117.162 type ipsec-l2l
tunnel-group 201.1136.117.162 ipsec-attributes
ikev1 pre-shared-key *****
isakmp keepalive disable
tunnel-group mygroup type ipsec-l2l
tunnel-group mygroup ipsec-attributes
ikev1 pre-shared-key *****
isakmp keepalive disable
tunnel-group 201.136.117.162 type ipsec-l2l
tunnel-group 201.116.117.162 type ipsec-l2l
tunnel-group 201.116.117.162 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group TeleperformanceRemoto type ipsec-l2l
tunnel-group TeleperformanceRemoto ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 189.211.83.76 type ipsec-l2l
tunnel-group 189.211.83.76 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group "Tunel Tiendas Filiales" type ipsec-l2l
tunnel-group "Tunel Tiendas Filiales" general-attributes
default-group-policy GroupPolicy1
tunnel-group "Tunel Tiendas Filiales" ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 190.56.250.174 type ipsec-l2l
tunnel-group 190.56.250.174 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 190.56.141.162 type ipsec-l2l
tunnel-group 190.56.141.162 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 190.56.156.54 type ipsec-l2l
tunnel-group 190.56.156.54 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 190.56.166.26 type ipsec-l2l
tunnel-group 190.56.166.26 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 190.56.242.22 type ipsec-l2l
tunnel-group 190.56.242.22 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 190.56.38.50 type ipsec-l2l
tunnel-group 190.56.38.50 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 186.151.162.58 type ipsec-l2l
tunnel-group 186.151.162.58 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 190.56.152.234 type ipsec-l2l
tunnel-group 190.56.152.234 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 190.149.255.210 type ipsec-l2l
tunnel-group 190.149.255.210 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 186.151.219.2 type ipsec-l2l
tunnel-group 186.151.219.2 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 186.151.218.2 type ipsec-l2l
tunnel-group 186.151.218.2 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 216.230.148.230 type ipsec-l2l
tunnel-group 216.230.148.230 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 190.149.247.105 type ipsec-l2l
tunnel-group 190.149.247.105 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 190.56.153.150 type ipsec-l2l
tunnel-group 190.56.153.150 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 186.151.211.54 type ipsec-l2l
tunnel-group 186.151.211.54 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 186.151.120.38 type ipsec-l2l
tunnel-group 186.151.120.38 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 190.149.236.2 type ipsec-l2l
tunnel-group 190.149.236.2 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 190.150.68.225 type ipsec-l2l
tunnel-group 190.150.68.225 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 190.149.247.106 type ipsec-l2l
tunnel-group 190.149.247.106 ipsec-attributes
ikev1 pre-shared-key *****
!
class-map netflow-export-class
class-map inspection_default
match default-inspection-traffic
class-map flow_export_class
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
no tcp-inspection
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
inspect icmp error
policy-map flow_export_policy
class flow_export_class
!
service-policy global_policy global
privilege cmd level 10 mode exec command show
prompt hostname context
call-home reporting anonymous prompt 1

 

 

 

 

Config Remote router

The router is obviously attempting to establish a VPN, "Death by retransmission P1" this usually indicates no response from peer (the ASA) or something is blocking the communication between the router and ASA.

I have noted that you don't appear to have the command "crypto ikev1 enable outside" in this latest configuration - it was however in the initial post configuration. Please check the ASA configuration again and confirm.

If this fails please enable debugs on both the router and ASA and upload the output as attachments.

Hi,
I didn't find debug logs. Where is it?

Regards,
Deepak Kumar
Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!