I have a 5510 that i have configured for L2TP over IPSEC, not using AnyConnect.  As of right now i have two open issues that i cannot figure out.  The first, and most prevelant being, VPN clients are unable to ping/access any of the hosts that are assigned a static NAT from the inside interface to the outside interface.  I was able to circumvent this by adding another static NAT to the public interface for the incoming clients, but this caused intermittent connectivity issues with inside hosts. 

The second issue involves DNS.  I have configured two DNS servers, both of which reside on the internal network and are in the split_tunnel ACL for VPN clients, but no clients are using this DNS.  What is the workaround for using split tunneling AND internal DNS servers, if any?

I'm looking for any help someone might be able to give as i've had two different CCNA's look at this numerous times to no avail.  The config is below.

To sum up, and put this in perspective i need to be able to do the following...

     VPN CLIENT (10.1.50.x) -> splitTunnel -> int G0/2 (COMCAST_PUBLIC) -> int G0/3(outside)(10.1.4.x) -> STATIC NAT from G0/0(inside)(10.103.x.x) -> NAT (10.1.4.x)

A ping from a VPN client to any internal host works fine, unless it is one that is NAT'd.  You can see in the config where i added the extra STATIC NAT to try and fix the issue.  And this works perfectly across the tunnel but only intermittenly from the internal 10.1.4.x network.

As well as any help with DNS.  Please advise, thank you.

-tony

: Saved

:

ASA Version 8.2(1)

!

hostname fw-01

enable password HOB2xUbkoBliqazl encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

names

name 10.103.6.0 K2CONT description K2 Control Network

name 10.103.5.0 K2FTP description K2 FTP Network

name 10.103.1.0 NET description Internal Network Core Subnet

name 10.1.4.0 WBND description WBND Business Network

name 178.3.200.173 WCIU-INEWS0 description WCIU iNEWS Server

name 178.3.200.174 WCIU-INEWS1 description WCIU iNEWS Server

name 10.103.2.50 ENG-PC description Engineering PC

name 10.103.2.56 NAV-PC description Navigator PC

name 10.103.2.77 PF-SVR-01 description Pathfire Server 01

name 69.55.236.230 RTISVR description "Rootlike Technologies, Inc. Server"

name 69.55.236.228 RTISVR1 description "Rootlike Technologies, Inc. Server"

name 10.103.2.0 GEN-NET description General Broadcast Network

name 10.103.4.0 INEWS-NET description INEWS Network

name 10.103.4.84 INEWS0 description WBND iNEWS Server 0

name 10.103.4.85 INEWS1 description WBND iNEWS Server 1

name 10.103.3.0 TELE-NET description TELEMETRICS Network

name 10.1.4.22 NAT-INEWS0 description "Public NAT address of iNEWS server 0"

name 10.1.4.23 NAT-INEWS1 description "Public NAT address of iNEWS server 1"

name 10.1.4.20 NAT-K2-FTP0 description "Public NAT address of K2 FTP Server 0"

name 10.1.4.21 NAT-K2-FTP1 description "Public NAT address of K2 FTP Server 0"

name 10.103.4.80 MOSGW description "MOS Gateway."

name 10.1.4.24 NAT-MOSGW description "Public NAT address of MOS Gateway."

name 10.103.2.74 PF-DUB-01 description PathFire Dub Workstation

name 209.118.74.10 PF-EXT-0 description PF External Server 0

name 209.118.74.19 PF-EXT-1 description PF External Server 1

name 209.118.74.26 PF-EXT-2 description PF External Server 2

name 209.118.74.80 PF-EXT-3 description PF External Server 3

name 10.103.4.37 PIXPWR description Pixel Power System 0

name 10.1.4.26 NAT-PIXPWR description "Public NAT address of PixelPower System 0"

name 10.103.4.121 ignite

name 10.103.3.89 telemetrics

name 10.1.4.50 vpn_3000

name 10.103.5.4 K2-FTP0 description K2 FTP Server 0

name 10.103.5.5 K2-FTP1 description K2 FTP Server 1

name 10.1.4.40 NAT-ENG-PC description Engineering HP

name 10.103.2.107 ENG-NAS description ENG-NAS-6TB

name 10.1.1.0 WCIU description WCIU

name 178.3.200.0 WCIU_Broadcast description WCIU_Broadcast

name 10.2.1.0 A-10.2.1.0 description WCIU 2

name 10.1.50.0 VPN-POOL description VPN ACCESS

!

interface Ethernet0/0

description "Internal Network 10.103.1.0/24"

nameif inside

security-level 100

ip address 10.103.1.1 255.255.255.0

!

interface Ethernet0/1

shutdown

no nameif

security-level 0

no ip address

!

interface Ethernet0/2

nameif COMCAST_PUBLIC

security-level 0

ip address 173.161.x.x 255.255.255.240

!

interface Ethernet0/3

description "WBND Business Network 10.1.4.0/24"

nameif outside

security-level 0

ip address 10.1.4.8 255.255.255.0

!

interface Management0/0

nameif management

security-level 100

ip address 192.168.1.1 255.255.255.0

management-only

!

ftp mode passive

clock timezone Indiana -4

same-security-traffic permit inter-interface

same-security-traffic permit intra-interface

object-group icmp-type ICMP-OK

description "ICMP types we want to permit."

icmp-object echo

icmp-object echo-reply

icmp-object traceroute

icmp-object unreachable

icmp-object time-exceeded

object-group network INTERNAL-ALL

description "All internal networks."

network-object NET 255.255.255.0

network-object GEN-NET 255.255.255.0

network-object TELE-NET 255.255.255.0

network-object INEWS-NET 255.255.255.0

network-object K2FTP 255.255.255.0

network-object K2CONT 255.255.255.0

object-group service W3C

description "HTTP/S"

service-object tcp eq www

service-object tcp eq https

object-group service FTP-ALL

description "FTP Active/Passive."

service-object tcp eq ftp

service-object tcp eq ftp-data

object-group service INEWS-CLI

description "Ports required for INEWS client/server communications."

service-object tcp eq telnet

service-object tcp eq login

service-object tcp eq 600

service-object tcp eq 49153

service-object tcp eq 49152

service-object tcp-udp eq 1020

service-object tcp-udp eq 1019

group-object W3C

group-object FTP-ALL

service-object tcp eq ssh

service-object tcp-udp eq 1034

service-object tcp-udp eq 1035

object-group service NET-BASE

description "Base network services required by all."

service-object tcp-udp eq 123

service-object udp eq domain

object-group network INEWS-SVR

description "iNEWS Servers."

network-object INEWS0 255.255.255.255

network-object INEWS1 255.255.255.255

object-group network WCIU-INEWS

description "iNEWS Servers at WCIU."

network-object WCIU-INEWS0 255.255.255.255

network-object WCIU-INEWS1 255.255.255.255

object-group network K2-FTP

description "K2 Servers"

network-object host K2-FTP0

network-object host K2-FTP1

object-group network PF-SYS

description Internal PathFire Systems

network-object host PF-DUB-01

network-object host PF-SVR-01

object-group network INET-ALLOWED

description "Hosts that are allowed Internet access (HTTP/FTP) and a few other basic protocols.

network-object host ENG-PC

network-object host NAV-PC

network-object host PF-SVR-01

group-object INEWS-SVR

group-object K2-FTP

group-object PF-SYS

network-object host PIXPWR

network-object K2CONT 255.255.255.0

object-group service GoToAssist

description "Port required for Citrix GoToAssist remote support sessions (along with HTTP/S)"

service-object tcp eq 8200

object-group service DM_INLINE_SERVICE_1

group-object FTP-ALL

group-object W3C

service-object tcp eq ssh

service-object tcp eq telnet

group-object GoToAssist

object-group network RTI

network-object host RTISVR1

network-object host RTISVR

object-group network NAT-K2-SVR

description "Public NAT addresses of K2 Servers."

network-object host NAT-K2-FTP0

network-object host NAT-K2-FTP1

object-group network NAT-INEWS-SVR

description "Public NAT addresses of iNEWS servers."

network-object host NAT-INEWS0

network-object host NAT-INEWS1

object-group service INEWS-SVCS

description "Ports required for iNEWS inter-server communication.

group-object INEWS-CLI

service-object tcp eq 1022

service-object tcp eq 1023

service-object tcp eq 2048

service-object tcp eq 698

service-object tcp eq 699

object-group service MOS

description "Ports used for MOS Gateway Services."

service-object tcp eq 10540

service-object tcp eq 10541

service-object tcp eq 6826

service-object tcp eq 10591

object-group network DM_INLINE_NETWORK_1

network-object host WCIU-INEWS0

network-object host WCIU-INEWS1

object-group network DM_INLINE_NETWORK_2

network-object GEN-NET 255.255.255.0

network-object INEWS-NET 255.255.255.0

object-group network PF-Svrs

description External PathfFire Servers

network-object host PF-EXT-0

network-object host PF-EXT-1

network-object host PF-EXT-2

network-object host PF-EXT-3

object-group service PF

description PathFire Services

group-object FTP-ALL

service-object tcp eq 1901

service-object tcp eq 24999

service-object udp range 6652 6654

service-object udp range 6680 6691

object-group service GVG-SDB

description "Ports required by GVG SDB Client/Server Communication."

service-object tcp eq 2000

service-object tcp eq 2001

service-object tcp eq 3000

service-object tcp eq 3001

object-group service MS-SVCS

description "Ports required for Microsoft networking."

service-object tcp-udp eq 135

service-object tcp eq 445

service-object tcp eq ldap

service-object tcp eq ldaps

service-object tcp eq 3268

service-object tcp eq 3269

service-object tcp-udp eq cifs

service-object tcp-udp eq domain

service-object tcp-udp eq kerberos

service-object tcp eq netbios-ssn

service-object udp eq kerberos

service-object udp eq netbios-ns

service-object tcp-udp eq 139

service-object udp eq netbios-dgm

service-object tcp eq cifs

service-object tcp eq kerberos

service-object udp eq cifs

service-object udp eq domain

service-object udp eq ntp

object-group service DM_INLINE_SERVICE_2

group-object MS-SVCS

group-object NET-BASE

group-object GVG-SDB

group-object W3C

object-group service DM_INLINE_SERVICE_3

group-object GVG-SDB

group-object MS-SVCS

group-object W3C

object-group service PIXEL-PWR

description "Pixel Power Services"

service-object tcp-udp eq 10250

object-group service DM_INLINE_SERVICE_4

group-object FTP-ALL

group-object GoToAssist

group-object NET-BASE

group-object PIXEL-PWR

group-object W3C

group-object MS-SVCS

service-object ip

object-group service DM_INLINE_SERVICE_5

group-object MS-SVCS

group-object NET-BASE

group-object PIXEL-PWR

group-object W3C

object-group service IG-TELE tcp-udp

port-object range 2500 49501

object-group protocol TCPUDP

protocol-object udp

protocol-object tcp

object-group protocol DM_INLINE_PROTOCOL_1

protocol-object ip

protocol-object tcp

object-group network DM_INLINE_NETWORK_3

network-object host ENG-PC

network-object host NAT-ENG-PC

object-group protocol DM_INLINE_PROTOCOL_2

protocol-object ip

protocol-object udp

protocol-object icmp

object-group network DM_INLINE_NETWORK_4

network-object WCIU 255.255.255.0

network-object WBND 255.255.255.0

network-object WCIU_Broadcast 255.255.255.0

object-group network il2k_test

network-object 207.32.225.0 255.255.255.0

object-group network DM_INLINE_NETWORK_8

network-object WCIU 255.255.255.0

network-object WBND 255.255.255.0

network-object A-10.2.1.0 255.255.255.0

object-group service DM_INLINE_SERVICE_8

service-object ip

group-object INEWS-CLI

service-object icmp

service-object udp

object-group service DM_INLINE_SERVICE_6

service-object ip

group-object MS-SVCS

object-group network DM_INLINE_NETWORK_5

network-object WCIU 255.255.255.0

network-object WBND 255.255.255.0

network-object A-10.2.1.0 255.255.255.0

object-group service DM_INLINE_SERVICE_7

service-object ip

service-object icmp

service-object udp

group-object INEWS-CLI

object-group network DM_INLINE_NETWORK_9

network-object host NAT-INEWS0

network-object host INEWS0

object-group protocol DM_INLINE_PROTOCOL_3

protocol-object ip

protocol-object icmp

protocol-object tcp

object-group network VPN-POOL

description "IP range assigned to dial-up IPSec VPN."

network-object VPN-POOL 255.255.255.0

object-group network DM_INLINE_NETWORK_6

network-object WBND 255.255.255.0

network-object WCIU_Broadcast 255.255.255.0

network-object A-10.2.1.0 255.255.255.0

network-object WCIU 255.255.255.0

network-object VPN-POOL 255.255.255.0

object-group network DM_INLINE_NETWORK_7

network-object WBND 255.255.255.0

network-object VPN-POOL 255.255.255.0

network-object A-10.2.1.0 255.255.255.0

network-object WCIU 255.255.255.0

object-group network DM_INLINE_NETWORK_10

network-object TELE-NET 255.255.255.0

network-object host ignite

access-list inbound extended permit object-group DM_INLINE_SERVICE_5 any host NAT-PIXPWR

access-list inbound extended permit object-group FTP-ALL any host NAT-K2-FTP1

access-list inbound extended permit object-group FTP-ALL any host NAT-K2-FTP0

access-list inbound extended permit object-group INEWS-CLI any host NAT-INEWS1

access-list inbound extended permit object-group INEWS-CLI any host NAT-INEWS0

access-list inbound extended permit object-group INEWS-SVCS object-group DM_INLINE_NETWORK_1 object-group NAT-INEWS-SVR

access-list inbound extended permit object-group DM_INLINE_SERVICE_7 object-group DM_INLINE_NETWORK_5 host NAT-INEWS1

access-list inbound extended permit object-group DM_INLINE_SERVICE_8 object-group DM_INLINE_NETWORK_8 object-group DM_INLINE_NETWORK_9

access-list inbound extended permit object-group MOS WBND 255.255.255.0 host NAT-MOSGW

access-list inbound extended permit icmp WBND 255.255.255.0 K2FTP 255.255.255.0 object-group ICMP-OK

access-list inbound extended permit object-group FTP-ALL WBND 255.255.255.0 object-group NAT-K2-SVR

access-list inbound extended permit object-group FTP-ALL WBND 255.255.255.0 K2FTP 255.255.255.0

access-list inbound extended permit object-group DM_INLINE_PROTOCOL_2 object-group DM_INLINE_NETWORK_4 object-group DM_INLINE_NETWORK_3

access-list inbound extended permit icmp any any object-group ICMP-OK

access-list inbound extended permit object-group DM_INLINE_PROTOCOL_1 host ignite host telemetrics

access-list inbound extended permit object-group MS-SVCS any WBND 255.255.255.0

access-list inbound extended permit ip any any

access-list inbound extended permit object-group DM_INLINE_PROTOCOL_2 WBND 255.255.255.0 object-group DM_INLINE_NETWORK_3

access-list inbound extended permit object-group MS-SVCS any any

access-list inbound extended permit object-group INEWS-CLI WBND 255.255.255.0 object-group NAT-INEWS-SVR

access-list inbound extended permit object-group DM_INLINE_PROTOCOL_3 any WBND 255.255.255.0

access-list inbound extended permit ip any 173.161.x.x 255.255.255.240

access-list inbound extended permit ip any 207.32.225.0 255.255.255.0

access-list inbound extended permit ip WBND 255.255.255.0 host 70.194.x.x

access-list outbound extended deny ip object-group DM_INLINE_NETWORK_10 any

access-list outbound extended permit object-group DM_INLINE_SERVICE_4 host PIXPWR any

access-list outbound extended permit object-group INEWS-SVCS object-group INEWS-SVR object-group WCIU-INEWS

access-list outbound extended permit object-group INEWS-CLI object-group DM_INLINE_NETWORK_2 object-group WCIU-INEWS

access-list outbound extended permit object-group DM_INLINE_SERVICE_1 object-group INET-ALLOWED any

access-list outbound extended permit object-group NET-BASE object-group INTERNAL-ALL any

access-list outbound extended permit icmp any any object-group ICMP-OK

access-list outbound extended permit ip GEN-NET 255.255.255.0 any

access-list outbound extended permit ip host ignite host telemetrics

access-list outbound extended permit ip host NAV-PC host 10.103.2.18

access-list outbound extended permit ip any GEN-NET 255.255.255.0

access-list DefaultRAGroup_splitTunnelAcl standard permit WBND 255.255.255.0

access-list DefaultRAGroup_splitTunnelAcl standard permit WCIU 255.255.255.0

access-list DefaultRAGroup_splitTunnelAcl standard permit VPN-POOL 255.255.255.0

access-list DefaultRAGroup_splitTunnelAcl standard permit WCIU_Broadcast 255.255.255.0

access-list DefaultRAGroup_splitTunnelAcl standard permit A-10.2.1.0 255.255.255.0

access-list DefaultRAGroup_splitTunnelAcl standard permit 10.3.1.0 255.255.255.0

access-list DefaultRAGroup_splitTunnelAcl standard permit 10.3.200.0 255.255.255.0

access-list outside_nat0_outbound extended permit ip NET 255.255.255.0 object-group INTERNAL-ALL

access-list COMCAST_access_in extended permit ip any any

access-list COMCAST_PUBLIC_access_in extended permit ip any any

access-list outside_access_in extended permit ip any any

pager lines 24

logging enable

logging timestamp

logging buffer-size 100000

logging asdm-buffer-size 512

logging monitor notifications

logging buffered notifications

logging asdm notifications

mtu inside 1500

mtu COMCAST_PUBLIC 1500

mtu outside 1500

mtu management 1500

ip local pool VPN-POOL 10.1.50.1-10.1.50.254 mask 255.255.255.0

ipv6 access-list inside_access_ipv6_in deny ip any any

ipv6 access-list inside_access_ipv6_in remark "ACL denying all outbound IPv6 traffic (and logging it)."

ipv6 access-list inside_access_ipv6_in remark "ACL denying all outbound IPv6 traffic (and logging it)."

ipv6 access-list inside_access_ipv6_in remark "ACL denying all outbound IPv6 traffic (and logging it)."

ipv6 access-list outside_access_ipv6_in deny ip any any

ipv6 access-list outside_access_ipv6_in remark "ACL denying all inbound IPv6 traffic (and logging it)."

ipv6 access-list outside_access_ipv6_in remark "ACL denying all inbound IPv6 traffic (and logging it)."

ipv6 access-list outside_access_ipv6_in remark "ACL denying all inbound IPv6 traffic (and logging it)."

no failover

icmp unreachable rate-limit 1 burst-size 1

icmp permit any inside

icmp permit any COMCAST_PUBLIC

icmp permit any echo outside

icmp permit any echo-reply outside

icmp permit any unreachable outside

no asdm history enable

arp timeout 14400

global (COMCAST_PUBLIC) 1 173.161.x.x

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0 dns

static (inside,outside) NAT-K2-FTP0 K2-FTP0 netmask 255.255.255.255 dns

static (inside,outside) NAT-K2-FTP1 K2-FTP1 netmask 255.255.255.255 dns

static (inside,outside) NAT-INEWS0 INEWS0 netmask 255.255.255.255 dns

static (inside,outside) NAT-INEWS1 INEWS1 netmask 255.255.255.255 dns

static (inside,outside) NAT-MOSGW MOSGW netmask 255.255.255.255 dns

static (inside,outside) NAT-PIXPWR PIXPWR netmask 255.255.255.255 dns

static (inside,outside) NAT-ENG-PC ENG-PC netmask 255.255.255.255 dns

static (inside,COMCAST_PUBLIC) 10.1.4.39 ENG-NAS netmask 255.255.255.255 dns

access-group outbound in interface inside per-user-override

access-group inside_access_ipv6_in in interface inside per-user-override

access-group outbound in interface COMCAST_PUBLIC

access-group outside_access_in in interface outside

access-group outside_access_ipv6_in in interface outside

route COMCAST_PUBLIC 0.0.0.0 0.0.0.0 173.161.x.x 1

route outside 0.0.0.0 0.0.0.0 10.1.4.1 100

route outside WCIU 255.255.255.0 10.1.4.11 1

route outside A-10.2.1.0 255.255.255.0 10.1.4.1 1

route inside 10.11.1.0 255.255.255.0 10.103.1.73 1

route inside GEN-NET 255.255.255.0 10.103.1.2 1

route inside TELE-NET 255.255.255.0 10.103.1.2 1

route inside INEWS-NET 255.255.255.0 10.103.1.2 1

route inside K2FTP 255.255.255.0 10.103.1.62 1

route inside K2CONT 255.255.255.0 10.103.1.62 1

route outside WCIU_Broadcast 255.255.255.0 10.1.4.1 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

dynamic-access-policy-record DfltAccessPolicy

aaa-server DOMCON protocol radius

accounting-mode simultaneous

aaa-server DOMCON (outside) host 10.1.4.17

timeout 5

key Tr3at!Ne

acl-netmask-convert auto-detect

aaa authentication ssh console LOCAL

aaa authentication http console LOCAL

aaa authentication telnet console LOCAL

aaa authorization command LOCAL

aaa authorization exec LOCAL

http server enable

http 192.168.1.0 255.255.255.0 management

http NET 255.255.255.0 inside

http GEN-NET 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec transform-set il2k-trans esp-aes-256 esp-sha-hmac

crypto ipsec transform-set il2k-transform-set esp-3des esp-sha-hmac

crypto ipsec transform-set il2k-transform-set mode transport

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set peer WBND

crypto dynamic-map dyno 10 set transform-set il2k-transform-set il2k-trans

crypto map VPN 10 ipsec-isakmp dynamic dyno

crypto map VPN interface COMCAST_PUBLIC

crypto map VPN interface outside

crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP

crypto isakmp identity address

crypto isakmp enable inside

crypto isakmp enable COMCAST_PUBLIC

crypto isakmp enable outside

crypto isakmp policy 10

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400

crypto isakmp ipsec-over-tcp port 10000

crypto isakmp disconnect-notify

telnet timeout 5

ssh scopy enable

ssh NET 255.255.255.0 inside

ssh GEN-NET 255.255.255.0 inside

ssh VPN-POOL 255.255.255.0 COMCAST_PUBLIC

ssh 10.103.1.224 255.255.255.240 outside

ssh WBND 255.255.255.0 outside

ssh 192.168.1.0 255.255.255.0 management

ssh timeout 20

console timeout 0

management-access inside

dhcpd address 192.168.1.2-192.168.1.254 management

dhcpd enable management

!

threat-detection basic-threat

threat-detection statistics port

threat-detection statistics protocol

threat-detection statistics access-list

threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200

ntp server 10.103.2.52 source inside prefer

webvpn

enable inside

enable outside

svc image disk0:/anyconnect-macosx-i386-2.4.1012-k9.pkg 1

group-policy DefaultRAGroup internal

group-policy DefaultRAGroup attributes

dns-server value 10.1.4.17 10.1.1.21

vpn-tunnel-protocol l2tp-ipsec

ipsec-udp enable

group-policy DfltGrpPolicy attributes

dns-server value 10.1.4.17 10.1.1.21

vpn-simultaneous-logins 100

vpn-idle-timeout 120

vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn

split-tunnel-policy tunnelspecified

split-tunnel-network-list value DefaultRAGroup_splitTunnelAcl

default-domain value MAINSERV

intercept-dhcp enable

address-pools value VPN-POOL

group-policy il2k internal

group-policy il2k attributes

dns-server value 10.1.4.17

vpn-tunnel-protocol l2tp-ipsec

ipsec-udp enable

username DefaultRAGroup password F1C2vupePix5SQn3t9BAZg== nt-encrypted

username tsimons password F1C2vupePix5SQn3t9BAZg== nt-encrypted privilege 15

username interlink password 4QnXXKO..Ry/9yKL encrypted

username iphone password TQrRGN4aXV4OVyavS5T/Ow== nt-encrypted

username iphone attributes

service-type remote-access

username hriczo password OSruMCto90cxZoWxHllC5A== nt-encrypted

username hriczo attributes

service-type remote-access

username cheighway password LqxYepmj5N6LE2zMU+CuPA== nt-encrypted privilege 15

username cheighway attributes

vpn-group-policy il2k

service-type admin

username jason password D8PHWEPGhNLOBxNHo0nQmQ== nt-encrypted

username roscor password jLkgabJ1qUf3hXax encrypted

username roscor attributes

service-type admin

tunnel-group DefaultRAGroup general-attributes

address-pool VPN-POOL

authentication-server-group DOMCON LOCAL

authentication-server-group (outside) LOCAL

authentication-server-group (inside) LOCAL

default-group-policy DefaultRAGroup

tunnel-group DefaultRAGroup ipsec-attributes

pre-shared-key *

tunnel-group DefaultRAGroup ppp-attributes

authentication ms-chap-v2

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

parameters

  message-length maximum 512

policy-map global_policy

class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect rsh

  inspect rtsp

  inspect esmtp

  inspect sqlnet

  inspect skinny 

  inspect sunrpc

  inspect xdmcp

  inspect sip 

  inspect netbios

  inspect tftp

!

service-policy global_policy global

prompt hostname context

Cryptochecksum:4b7c375a2b09feacdf760d10092cf73f

: end