- Cisco Community
- Technology and Support
- Security
- VPN
- need immediate help with an ASA to ASA tunnel
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
need immediate help with an ASA to ASA tunnel
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-23-2012 08:00 PM
I am trying to setup a site to site tunnel and am having issues. Can someone take a look at the config and let me know what Im missing?
Site B Branch Site
names
!
interface GigabitEthernet0/0
no nameif
security-level 100
no ip address
!
interface GigabitEthernet0/1
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/3
nameif outside
security-level 0
ip address 66.104.153.226 255.255.255.224
ospf cost 10
!
interface Management0/0
description inside
nameif management
security-level 100
ip address 10.0.0.1 255.255.255.252
ospf cost 10
!
.
ftp mode passive
clock timezone CST -6
clock summer-time CDT recurring
dns server-group DefaultDNS
domain-name fredsinc.com
same-security-traffic permit intra-interface
access-list VPN-TO-HUB extended permit ip any any
access-list NONAT extended permit ip any any
access-list outside_in extended permit icmp any any echo-reply
access-list outside_in extended deny ip any any log
pager lines 24
logging buffered errors
logging asdm informational
mtu outside 1500
mtu management 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (management) 0 access-list NONAT
access-group outside_in in interface outside
route outside 0.0.0.0 0.0.0.0 66.104.153.225 1
route management 10.151.0.0 255.255.0.0 10.0.0.2 1
route management 192.168.0.0 255.255.0.0 10.0.0.2 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication telnet console LOCAL
aaa authentication ssh console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 management
http 192.168.0.0 255.255.0.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map IPSEC 50 match address VPN-TO-HUB
crypto map IPSEC 50 set peer 68.153.103.10
crypto map IPSEC 50 set transform-set ESP-DES-SHA
crypto map IPSEC interface outside
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 50
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet 192.168.0.0 255.255.0.0 management
telnet timeout 5
ssh 192.168.0.0 255.255.0.0 management
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
username admin password eY/fQXw7Ure8Qrz7 encrypted
tunnel-group 68.153.103.10 type ipsec-l2l
tunnel-group 68.153.103.10 ipsec-attributes
pre-shared-key *
isakmp keepalive threshold 30 retry 5
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
------------------------------------------------------------------------------HUB SITE-------------------------------------------------------------------------------------------
The Hub site is an ASA5520
- Labels:
-
VPN
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-23-2012 08:40 PM
access-list VPN-TO-HUB permit ip any any
local ident (addr/mask/prot/port): (192.168.0.0/255.255.0.0/0/0)
remote ident (addr/mask/prot/port): (193.50.0.0/255.255.0.0/0/0)
current_peer: 68.153.103.10
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors: 0, #recv errors: 0
local crypto endpt.: 66.104.153.226, remote crypto endpt.: 68.153.103.10
path mtu 1500, ipsec overhead 58, media mtu 1500
current outbound spi: 133B72C8
inbound esp sas:
spi: 0x016D5523 (23942435)
transform: esp-des esp-sha-hmac no compression
in use settings ={L2L, Tunnel, }
slot: 0, conn_id: 745472, crypto-map: IPSEC
sa timing: remaining key lifetime (kB/sec): (3915000/27208)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x00000001
outbound esp sas:
spi: 0x133B72C8 (322663112)
transform: esp-des esp-sha-hmac no compression
in use settings ={L2L, Tunnel, }
slot: 0, conn_id: 745472, crypto-map: IPSEC
sa timing: remaining key lifetime (kB/sec): (3915000/27208)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x00000001
Crypto map tag: IPSEC, seq num: 50, local addr: 66.104.153.226
access-list VPN-TO-HUB permit ip any any
local ident (addr/mask/prot/port): (192.168.0.0/255.255.0.0/0/0)
remote ident (addr/mask/prot/port): (172.0.0.0/255.0.0.0/0/0)
current_peer: 68.153.103.10
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors: 0, #recv errors: 0
local crypto endpt.: 66.104.153.226, remote crypto endpt.: 68.153.103.10
path mtu 1500, ipsec overhead 58, media mtu 1500
current outbound spi: 7C1DE84B
inbound esp sas:
spi: 0xCB1ADE2E (3407535662)
transform: esp-des esp-sha-hmac no compression
in use settings ={L2L, Tunnel, }
slot: 0, conn_id: 745472, crypto-map: IPSEC
sa timing: remaining key lifetime (kB/sec): (3915000/27187)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x00000001
outbound esp sas:
spi: 0x7C1DE84B (2082334795)
transform: esp-des esp-sha-hmac no compression
in use settings ={L2L, Tunnel, }
slot: 0, conn_id: 745472, crypto-map: IPSEC
sa timing: remaining key lifetime (kB/sec): (3915000/27167)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x00000001
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-23-2012 08:42 PM
sho crypto isakmp sa
Active SA: 1
Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)
Total IKE SA: 1
1 IKE Peer: 68.153.103.10
Type : L2L Role : responder
Rekey : no State : MM_ACTIVE
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-23-2012 08:59 PM
looks like th tunnel is up but i am not getting any traffic across it. any suggestions?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-23-2012 09:58 PM
Hello Kdmyles,
First thing I know:
-crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto isakmp policy 50
-encryption 3des
The encryption on phase one is different than the one used on phase2!!
Please change that and let me know if you see any other difference.
We also need to see the other site of the tunnel!!
Julio
Rate helpful posts
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-23-2012 10:14 PM
: Saved
:
ASA Version 8.0(4)
!
hostname asafw
domain-name sinc.com
enable password .Wqd6HMXuJGU4WkG encrypted
passwd .Wqd6HMXuJGU4WkG encrypted
names
name 10.140.10.145 Valu-Lnk-Host-1
name 206.201.53.129 Valu-Lnk-Host-2
name 206.201.50.65 Valu-Lnk-Host-3
name 193.50.25.49 MEMCCA01
name 193.50.25.50 MEMCCA02
name 193.50.25.73 HostA
name 206.201.53.145 Valu-Lnk-Host-4
name 10.255.1.34 incomm-router-virtual
name 10.255.1.35 incomm-router-sprint
name 10.255.1.36 incomm-router-att
name 10.255.1.19 PRE_Sol_rtr
name 66.0.125.66 PreSolutions_Host01
name 66.0.125.68 PreSolutions_Host02
name 66.0.125.69 PreSolutions_Host03
name 193.50.25.69 memrtstest
name 62.80.124.20 Blocked_FTP_Host
name 132.176.71.40 Blocked-FTP-Host
name 10.1.36.0 Dial_Access_Pool
name 10.9.10.0 CANTON-REGIONAL_OFFICE
name 192.168.99.0 TechLab_Network
name 193.50.25.45 CallXpress
name 10.150.0.24 Callxpress
name 10.99.98.35 test
name 203.131.164.16 Blocked_FTP
name 193.50.25.58 DC04
name 192.43.244.18 Time description GovtTimeServer
name 207.46.130.100 TimeWin description Windows.com
name 75.202.217.136 SinmanTest
name 193.50.65.58 SInmanLap description Test of Camera
name 63.150.185.10 eRxHosts description eRxHosts
name 193.50.45.15 eRxServer
name 68.88.50.88 WWW.sinc.com
name 172.31.253.30 PharmHostSystem description Pharmacy Host System
name 172.31.253.11 PharmRemHost
name 193.50.25.170 CSI-KVM description KVM for MEMCSI01
name 193.50.25.169 MEMCSI01 description ConceptShoppingServer
name 10.10.70.0 Store1070 description 1070
name 10.11.35.0 Store1135
name 10.11.65.0 Store1165
name 10.27.90.0 Store2790
name 10.28.50.0 Store2850
name 193.50.25.175 MEMEML02
name 10.99.98.11 Store9998 description LabMachine
name 172.25.16.4 SInman description Director IT laptop
name 172.25.16.5 MCarter description Engineer desktop
name 193.50.15.200 QxNConveyerController description Controller
name 193.50.35.164 Charles_Norwood description Imports Consultant
name 68.153.103.139 Imports_Static_NAT description Used by Imports Consultant for VPN
name 193.50.25.15 memrts03
name 68.153.103.138 Norwood_Test description NAT VPN Test for Imports
name 172.25.16.166 Imports_Test_Lap
name 60.217.229.0 APNICFTPAttack
name 81.57.79.193 FTP_Attacker_10202009 description FTP_Attacker_10202009
name 88.191.27.0 FTP_Attacker_10102009 description FtpAttacker
name 210.51.226.0 FTP_Attacker_12012009
name 64.95.64.198 Retrans
name 193.50.55.176 Traffic
name 172.22.0.0 Thompson
name 202.107.195.150 FTPATTACKER6172010
name 198.199.226.224 CATALINA_DC description CATALINA DATACENTER HOSTS
name 193.50.25.205 CATALINA_NAT description NAT ADDRESS FOR CATALINA DC HOSTS
!
interface GigabitEthernet0/0
description LAN/STATE Failover Interface
!
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 193.50.5.46 255.255.255.0 standby 193.50.5.80
ospf cost 10
!
interface GigabitEthernet0/2
nameif sDMZ
security-level 10
ip address 172.24.24.1 255.255.255.0 standby 172.24.24.2
ospf cost 10
!
interface GigabitEthernet0/3
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/3.76
vlan 76
nameif Valu-Lnk
security-level 15
ip address 10.255.1.1 255.255.255.240 standby 10.255.1.14
ospf cost 10
!
interface GigabitEthernet0/3.77
vlan 77
nameif PRE_Solutions
security-level 15
ip address 10.255.1.17 255.255.255.240 standby 10.255.1.30
ospf cost 10
!
interface GigabitEthernet0/3.78
vlan 78
nameif incomm
security-level 15
ip address 10.255.1.33 255.255.255.240 standby 10.255.1.46
ospf cost 10
!
interface GigabitEthernet0/3.79
description TO CATALINA ROUTER VIA VENDOR SWITCH
shutdown
vlan 79
nameif CATALINA
security-level 15
ip address 10.255.1.49 255.255.255.240
!
interface Management0/0
nameif outside
security-level 0
ip address 68.153.103.10 255.255.255.0 standby 68.153.103.30
ospf cost 10
!
banner motd ************************************************************************
boot system disk0:/asa804-k8.bin
ftp mode passive
clock timezone CST -6
clock summer-time CDT recurring
dns server-group DefaultDNS
domain-name sinc.com
same-security-traffic permit intra-interface
object-group network CreditCard-Hosts
description Hosts for Credit Card transactions
network-object MEMCCA01 255.255.255.255
network-object MEMCCA02 255.255.255.255
network-object HostA 255.255.255.255
network-object memrtstest 255.255.255.255
network-object host 193.50.25.3
network-object host 193.50.25.4
network-object host memrts03
object-group network Valu-Lnk-Hosts
description Hosts at Valu-Lnk
network-object Valu-Lnk-Host-1 255.255.255.255
network-object Valu-Lnk-Host-2 255.255.255.255
network-object Valu-Lnk-Host-3 255.255.255.255
network-object Valu-Lnk-Host-4 255.255.255.255
object-group service Valu-Lnk-Services tcp
description remote access for Valu-Lnk
port-object eq ftp
port-object eq 5629
port-object eq 5729
object-group network CreditCard-Hosts_real
description Hosts for Credit Card transactions
network-object MEMCCA01 255.255.255.255
network-object MEMCCA02 255.255.255.255
network-object HostA 255.255.255.255
network-object host 193.50.25.3
network-object host 193.50.25.4
object-group network incomm-routers
description incomm routers
network-object incomm-router-virtual 255.255.255.255
network-object incomm-router-sprint 255.255.255.255
network-object incomm-router-att 255.255.255.255
object-group network PreSolutions_Hosts
description Hosts on PreSolutions network
network-object PreSolutions_Host01 255.255.255.255
network-object PreSolutions_Host02 255.255.255.255
network-object PreSolutions_Host03 255.255.255.255
object-group network PDX
network-object 10.10.10.29 255.255.255.255
network-object 10.10.20.29 255.255.255.255
network-object 10.10.25.29 255.255.255.255
network-object 10.10.35.29 255.255.255.255
network-object 10.10.45.29 255.255.255.255
network-object 10.10.53.29 255.255.255.255
network-object 10.10.60.29 255.255.255.255
network-object 10.10.63.29 255.255.255.255
network-object 10.10.70.29 255.255.255.255
network-object 10.10.75.29 255.255.255.255
network-object 10.10.80.29 255.255.255.255
network-object 10.10.83.29 255.255.255.255
network-object 10.10.85.29 255.255.255.255
network-object 10.10.88.29 255.255.255.255
network-object 10.10.90.29 255.255.255.255
network-object 10.10.95.29 255.255.255.255
network-object 10.11.0.29 255.255.255.255
network-object 10.11.10.29 255.255.255.255
network-object 10.11.13.29 255.255.255.255
network-object 10.11.15.29 255.255.255.255
network-object 10.11.25.29 255.255.255.255
network-object 10.11.30.29 255.255.255.255
network-object 10.11.35.29 255.255.255.255
network-object 10.11.45.29 255.255.255.255
network-object 10.11.55.29 255.255.255.255
network-object 10.11.60.29 255.255.255.255
network-object 10.11.65.29 255.255.255.255
network-object 10.11.70.29 255.255.255.255
network-object 10.11.85.29 255.255.255.255
network-object 10.11.88.29 255.255.255.255
network-object 10.11.90.29 255.255.255.255
network-object 10.12.0.29 255.255.255.255
network-object 10.12.3.29 255.255.255.255
network-object 10.12.5.29 255.255.255.255
network-object 10.12.7.29 255.255.255.255
network-object 10.12.8.29 255.255.255.255
network-object 10.12.10.29 255.255.255.255
network-object 10.12.12.29 255.255.255.255
network-object 10.12.15.29 255.255.255.255
network-object 10.12.20.29 255.255.255.255
network-object 10.12.35.29 255.255.255.255
network-object 10.12.40.29 255.255.255.255
network-object 10.12.53.29 255.255.255.255
network-object 10.12.55.29 255.255.255.255
network-object 10.12.58.29 255.255.255.255
network-object 10.12.63.29 255.255.255.255
network-object 10.12.65.29 255.255.255.255
network-object 10.12.78.29 255.255.255.255
network-object 10.12.90.29 255.255.255.255
network-object 10.12.95.29 255.255.255.255
network-object 10.12.98.29 255.255.255.255
network-object 10.13.0.29 255.255.255.255
network-object 10.13.5.29 255.255.255.255
network-object 10.13.10.29 255.255.255.255
network-object 10.13.20.29 255.255.255.255
network-object 10.13.23.29 255.255.255.255
network-object 10.13.30.29 255.255.255.255
network-object 10.13.40.29 255.255.255.255
network-object 10.13.55.29 255.255.255.255
network-object 10.13.60.29 255.255.255.255
network-object 10.13.68.29 255.255.255.255
network-object 10.13.70.29 255.255.255.255
network-object 10.13.80.29 255.255.255.255
network-object 10.13.85.29 255.255.255.255
network-object 10.13.88.29 255.255.255.255
network-object 10.14.0.29 255.255.255.255
network-object 10.14.5.29 255.255.255.255
network-object 10.14.20.29 255.255.255.255
network-object 10.14.28.29 255.255.255.255
network-object 10.14.30.29 255.255.255.255
network-object 10.14.40.29 255.255.255.255
network-object 10.14.50.29 255.255.255.255
network-object 10.14.60.29 255.255.255.255
network-object 10.14.70.29 255.255.255.255
network-object 10.14.78.29 255.255.255.255
network-object 10.15.10.29 255.255.255.255
network-object 10.15.15.29 255.255.255.255
network-object 10.15.18.29 255.255.255.255
network-object 10.15.20.29 255.255.255.255
network-object 10.15.25.29 255.255.255.255
network-object 10.15.30.29 255.255.255.255
network-object 10.15.33.29 255.255.255.255
network-object 10.15.35.29 255.255.255.255
network-object 10.15.38.29 255.255.255.255
network-object 10.15.40.29 255.255.255.255
network-object 10.15.50.29 255.255.255.255
network-object 10.15.60.29 255.255.255.255
network-object 10.15.70.29 255.255.255.255
network-object 10.15.83.29 255.255.255.255
network-object 10.16.8.29 255.255.255.255
network-object 10.16.15.29 255.255.255.255
network-object 10.29.80.29 255.255.255.255
network-object 10.29.90.29 255.255.255.255
network-object 10.30.5.29 255.255.255.255
network-object 10.30.10.29 255.255.255.255
network-object 10.30.45.29 255.255.255.255
network-object 10.30.50.29 255.255.255.255
network-object 10.30.55.29 255.255.255.255
network-object 10.30.70.29 255.255.255.255
network-object 10.31.10.29 255.255.255.255
network-object 10.32.10.29 255.255.255.255
network-object 10.32.20.29 255.255.255.255
network-object 10.32.25.29 255.255.255.255
network-object 10.32.30.29 255.255.255.255
network-object 10.32.35.29 255.255.255.255
network-object 10.32.40.29 255.255.255.255
network-object 10.32.45.29 255.255.255.255
network-object 10.32.50.29 255.255.255.255
network-object 10.32.55.29 255.255.255.255
network-object 10.32.70.29 255.255.255.255
network-object 10.32.75.29 255.255.255.255
network-object 10.33.0.29 255.255.255.255
network-object 10.33.10.29 255.255.255.255
network-object 10.33.25.29 255.255.255.255
network-object 10.33.40.29 255.255.255.255
network-object 10.33.65.29 255.255.255.255
network-object 10.33.70.29 255.255.255.255
network-object 10.34.10.29 255.255.255.255
network-object 10.34.15.29 255.255.255.255
network-object 10.35.15.29 255.255.255.255
network-object 10.35.60.29 255.255.255.255
network-object 10.35.75.29 255.255.255.255
network-object 10.36.15.29 255.255.255.255
network-object 10.36.33.29 255.255.255.255
network-object 10.36.37.29 255.255.255.255
network-object 10.36.50.29 255.255.255.255
network-object 10.36.65.29 255.255.255.255
network-object 10.36.90.29 255.255.255.255
network-object 10.36.95.29 255.255.255.255
network-object 10.37.30.29 255.255.255.255
network-object 10.37.40.29 255.255.255.255
network-object 10.37.45.29 255.255.255.255
network-object 10.37.50.29 255.255.255.255
network-object 10.37.60.29 255.255.255.255
network-object 10.37.80.29 255.255.255.255
network-object 10.37.85.29 255.255.255.255
network-object 10.37.90.29 255.255.255.255
network-object 10.38.5.29 255.255.255.255
network-object 10.38.60.29 255.255.255.255
network-object 10.38.70.29 255.255.255.255
network-object 10.38.71.29 255.255.255.255
network-object 10.39.20.29 255.255.255.255
network-object 10.39.25.29 255.255.255.255
network-object 10.39.26.29 255.255.255.255
network-object 10.39.30.29 255.255.255.255
network-object 10.39.35.29 255.255.255.255
network-object 10.39.55.29 255.255.255.255
network-object 10.76.0.29 255.255.255.255
network-object 10.77.80.29 255.255.255.255
network-object 10.78.40.29 255.255.255.255
network-object 10.24.30.29 255.255.255.255
network-object 10.24.38.29 255.255.255.255
network-object 10.24.40.29 255.255.255.255
network-object 10.24.45.29 255.255.255.255
network-object 10.24.60.29 255.255.255.255
network-object 10.25.0.29 255.255.255.255
network-object 10.25.3.29 255.255.255.255
network-object 10.25.5.29 255.255.255.255
network-object 10.25.20.29 255.255.255.255
network-object 10.25.50.29 255.255.255.255
network-object 10.25.55.29 255.255.255.255
network-object 10.25.95.29 255.255.255.255
network-object 10.26.0.29 255.255.255.255
network-object 10.26.20.29 255.255.255.255
network-object 10.26.30.29 255.255.255.255
network-object 10.26.40.29 255.255.255.255
network-object 10.26.45.29 255.255.255.255
network-object 10.26.60.29 255.255.255.255
network-object 10.26.70.29 255.255.255.255
network-object 10.27.40.29 255.255.255.255
network-object 10.27.50.29 255.255.255.255
network-object 10.27.58.29 255.255.255.255
network-object 10.28.5.29 255.255.255.255
network-object 10.28.23.29 255.255.255.255
network-object 10.28.45.29 255.255.255.255
network-object 10.28.50.29 255.255.255.255
network-object 10.28.70.29 255.255.255.255
network-object 10.28.80.29 255.255.255.255
network-object 10.28.83.29 255.255.255.255
network-object 10.28.90.29 255.255.255.255
network-object 10.28.95.29 255.255.255.255
network-object 10.29.0.29 255.255.255.255
network-object 10.29.1.29 255.255.255.255
network-object 10.29.5.29 255.255.255.255
network-object 10.29.15.29 255.255.255.255
network-object 10.29.25.29 255.255.255.255
network-object 10.29.35.29 255.255.255.255
network-object 10.29.45.29 255.255.255.255
network-object 10.29.55.29 255.255.255.255
network-object 10.29.58.29 255.255.255.255
network-object 10.29.60.29 255.255.255.255
network-object 10.29.70.29 255.255.255.255
network-object 10.17.83.29 255.255.255.255
network-object 10.30.48.29 255.255.255.255
network-object 10.31.75.29 255.255.255.255
network-object 10.21.28.29 255.255.255.255
network-object 10.39.33.29 255.255.255.255
network-object 10.16.98.29 255.255.255.255
network-object 10.16.5.29 255.255.255.255
object-group service PDXSystems tcp
description RX
port-object eq 5050
object-group service BZLink tcp
port-object eq 2443
port-object eq 2080
port-object eq 2081
port-object eq 2444
object-group network sDMZServers
description Servers In DMZ
network-object host 172.24.24.4
network-object host 172.24.24.5
network-object host 172.24.24.6
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
object-group network eRx224
description Hosts at eRx
network-object 63.150.185.224 255.255.255.224
object-group network BlockedHosts-ftp
network-object host Blocked-FTP-Host
network-object host Blocked_FTP
network-object host 61.153.22.180
network-object host Blocked_FTP_Host
network-object host 211.161.1.133
network-object host 60.199.244.147
network-object host 203.66.166.191
network-object host 205.234.174.252
network-object host 211.236.190.62
network-object host 221.139.2.6
network-object host 61.100.153.182
network-object host 218.10.251.191
network-object host 218.10.251.197
network-object host 59.106.12.179
network-object host 219.151.6.106
network-object APNICFTPAttack 255.255.255.0
network-object FTP_Attacker_10102009 255.255.255.0
network-object host FTPATTACKER6172010
object-group network DM_INLINE_NETWORK_4
network-object host Blocked-FTP-Host
group-object BlockedHosts-ftp
object-group service DM_INLINE_SERVICE_2
service-object ip
service-object udp
service-object tcp
service-object tcp eq ftp
service-object tcp eq ftp-data
object-group network DM_INLINE_NETWORK_2
network-object host eRxServer
network-object host 193.50.65.166
object-group service eRx tcp
description TCP Port Required
port-object eq 5608
object-group protocol DM_INLINE_PROTOCOL_1
protocol-object ip
protocol-object tcp
object-group icmp-type Ping
icmp-object echo
icmp-object echo-reply
icmp-object traceroute
icmp-object unreachable
object-group service DM_INLINE_SERVICE_4
service-object ip
service-object icmp
service-object tcp
service-object icmp echo
service-object icmp echo-reply
service-object icmp unreachable
object-group network DM_INLINE_NETWORK_5
network-object host eRxServer
network-object host 193.50.65.166
object-group network DM_INLINE_NETWORK_6
network-object host eRxServer
network-object host 193.50.65.166
object-group service RDC tcp
description Test of RDC
port-object eq 3389
object-group network ExternalTimeServers
network-object host Time
network-object host TimeWin
network-object host 216.200.93.8
object-group service DM_INLINE_SERVICE_9
service-object icmp
service-object icmp echo
service-object icmp echo-reply
service-object icmp traceroute
object-group network ConceptShoppingExternal
description NetworkSegmentAtVendor
network-object 192.168.144.0 255.255.255.0
object-group service DM_INLINE_SERVICE_21
service-object ip
service-object icmp
service-object icmp echo
service-object icmp unreachable
object-group service DM_INLINE_SERVICE_12
service-object icmp
service-object icmp echo
service-object icmp echo-reply
service-object icmp time-exceeded
service-object icmp traceroute
service-object icmp unreachable
object-group service DM_INLINE_SERVICE_15
service-object udp
service-object tcp eq domain
service-object udp eq dnsix
service-object udp eq domain
service-object tcp-udp eq domain
service-object udp eq nameserver
service-object tcp eq smtp
service-object tcp eq https
object-group service DM_INLINE_SERVICE_23
service-object udp
service-object tcp-udp eq domain
service-object tcp eq domain
service-object udp eq dnsix
service-object udp eq domain
service-object udp eq nameserver
object-group service DM_INLINE_SERVICE_20
service-object tcp eq www
service-object udp eq www
object-group service DM_INLINE_SERVICE_24
service-object tcp-udp eq www
service-object tcp eq www
service-object udp eq www
service-object tcp eq https
object-group service IMAP4
service-object tcp eq 993
object-group protocol DM_INLINE_PROTOCOL_2
protocol-object udp
protocol-object tcp
object-group service DM_INLINE_SERVICE_17
service-object icmp
service-object icmp echo
service-object icmp echo-reply
service-object icmp information-reply
service-object icmp information-request
service-object icmp time-exceeded
object-group service DM_INLINE_SERVICE_18
service-object ip
service-object icmp echo
service-object icmp echo-reply
service-object icmp traceroute
service-object icmp unreachable
object-group service DM_INLINE_SERVICE_19
service-object ip
service-object icmp echo
service-object icmp echo-reply
service-object icmp traceroute
service-object icmp unreachable
object-group service DM_INLINE_SERVICE_25
service-object ip
service-object icmp echo
service-object icmp echo-reply
service-object icmp traceroute
service-object icmp unreachable
object-group service DM_INLINE_SERVICE_26
service-object icmp
service-object icmp echo
service-object icmp echo-reply
service-object icmp traceroute
service-object icmp unreachable
object-group service DM_INLINE_SERVICE_7
service-object ip
service-object icmp
service-object udp
service-object tcp
service-object icmp echo
service-object icmp echo-reply
service-object icmp traceroute
service-object tcp eq 3389
object-group service DM_INLINE_SERVICE_27
service-object ip
service-object icmp
service-object udp
service-object tcp
service-object icmp echo
service-object icmp echo-reply
service-object tcp eq 3389
service-object icmp traceroute
object-group service DM_INLINE_TCP_2 tcp
port-object eq ftp
port-object eq ftp-data
object-group service DM_INLINE_TCP_3 tcp
port-object eq ftp
port-object eq ftp-data
object-group service DM_INLINE_TCP_4 tcp
port-object eq ftp
port-object eq ftp-data
object-group service DM_INLINE_SERVICE_28
service-object icmp
service-object icmp echo
service-object icmp echo-reply
service-object icmp time-exceeded
service-object icmp traceroute
service-object icmp unreachable
object-group service DM_INLINE_TCP_5 tcp
port-object eq ftp
port-object eq ftp-data
object-group service DMZServers
object-group network Visa_Inc_Data_Security_Alert
description Visa Malicious IPs - 1/2009
network-object host 12.210.14.103
network-object host 174.36.196.207
network-object host 193.11.110.32
network-object host 194.146.248.7
network-object host 200.115.173.25
network-object host 202.71.103.77
network-object host 203.190.172.18
network-object host 203.190.175.39
network-object host 207.255.204.160
network-object host 208.43.74.19
network-object 212.126.0.0 255.255.0.0
network-object host 213.84.163.246
network-object host 216.196.173.93
network-object host 216.244.34.155
network-object host 216.55.126.167
network-object host 216.55.162.167
network-object host 216.55.164.44
network-object host 216.55.169.234
network-object host 216.55.185.9
network-object host 216.80.124.225
network-object host 24.159.22.70
network-object host 58.65.239.58
network-object host 62.21.81.104
network-object host 64.247.58.239
network-object host 65.111.171.20
network-object host 65.111.171.21
network-object host 66.36.229.201
network-object host 67.182.137.29
network-object host 67.85.92.181
network-object host 68.50.185.130
network-object host 68.94.212.161
network-object host 69.110.26.21
network-object host 69.14.110.49
network-object host 69.141.149.138
network-object host 69.212.211.243
network-object host 69.244.206.15
network-object host 69.70.122.98
network-object host 70.162.2.249
network-object host 71.238.147.129
network-object host 71.239.155.202
network-object host 72.242.241.189
network-object host 72.36.215.253
network-object host 74.138.172.183
network-object host 74.53.114.16
network-object host 74.54.131.130
network-object host 74.62.212.143
network-object host 75.118.180.255
network-object host 75.64.114.45
network-object host 76.100.75.1
network-object host 76.204.117.205
network-object host 76.22.3.137
network-object host 76.239.29.46
network-object host 76.242.106.40
network-object host 77.253.108.16
network-object host 77.253.115.137
network-object host 79.118.160.231
network-object host 79.139.245.79
network-object host 79.9.108.226
network-object host 82.13.14.61
network-object host 82.232.177.64
network-object host 83.110.17.228
network-object host 83.4.164.214
network-object host 83.55.141.204
network-object host 83.99.227.209
network-object host 85.17.105.34
network-object host 85.17.239.11
network-object host 85.221.136.196
network-object host 85.221.138.252
network-object host 85.221.196.131
network-object host 88.156.44.152
network-object host 88.214.208.44
network-object host 89.114.215.182
network-object host 89.32.130.86
network-object host 89.37.240.118
network-object host 89.37.241.180
network-object host 89.37.241.241
network-object host 89.37.242.28
network-object host 89.43.45.159
network-object host 89.43.45.232
network-object host 89.76.218.105
network-object host 89.76.220.36
network-object host 90.15.59.86
network-object host 91.145.136.65
network-object host 91.177.6.209
network-object host 91.189.139.168
network-object host 91.193.63.15
network-object host 59.106.12.179
network-object APNICFTPAttack 255.255.255.0
object-group service DM_INLINE_TCP_1 tcp
port-object eq ftp
port-object eq ftp-data
object-group service DM_INLINE_SERVICE_1
service-object ip
service-object tcp
service-object tcp-udp eq www
service-object tcp eq ftp
service-object tcp eq ftp-data
service-object tcp eq www
service-object tcp eq https
object-group network DM_INLINE_NETWORK_7
network-object 172.25.0.0 255.255.0.0
network-object 193.50.0.0 255.255.0.0
object-group service DM_INLINE_TCP_6 tcp
port-object eq pop2
port-object eq pop3
port-object eq 995
port-object eq imap4
port-object eq 993
object-group service DM_INLINE_SERVICE_3
service-object icmp
service-object icmp traceroute
service-object icmp unreachable
service-object icmp echo
service-object icmp echo-reply
object-group service InComm tcp
port-object eq 6107
object-group service DM_INLINE_SERVICE_6
service-object ip
service-object tcp eq ftp
service-object tcp eq ftp-data
object-group service DM_INLINE_TCP_7 tcp
port-object eq ftp
port-object eq ftp-data
object-group network DM_INLINE_NETWORK_1
network-object host FTP_Attacker_10202009
network-object FTP_Attacker_10102009 255.255.255.0
network-object FTP_Attacker_12012009 255.255.255.0
object-group network DM_INLINE_NETWORK_3
network-object FTP_Attacker_12012009 255.255.255.0
network-object host FTP_Attacker_10202009
object-group service CATALINA_SERVICE tcp
description REQUIRED PORT ACCESS FOR CATALINA
port-object eq 3000
object-group service CATALINA_SERVICES
description ICMP AND TCP SERVICES FOR CATALINA
service-object icmp echo
service-object icmp echo-reply
service-object tcp eq 3000
service-object icmp traceroute
service-object icmp unreachable
object-group service DM_INLINE_SERVICE_5
service-object tcp-udp eq www
service-object tcp eq https
object-group service DM_INLINE_SERVICE_8
service-object ip
service-object tcp eq ftp
service-object tcp eq ftp-data
object-group service DM_INLINE_SERVICE_10
service-object ip
service-object tcp eq ftp
service-object tcp eq ftp-data
object-group network DM_INLINE_NETWORK_8
network-object host 211.161.1.133
network-object host 218.15.0.0
object-group network DM_INLINE_NETWORK_9
network-object host CATALINA_NAT
network-object CATALINA_DC 255.255.255.224
access-list acl_outside remark Secure IMAP Connection for Webmail
access-list acl_outside extended permit object-group IMAP4 any host 68.153.103.175
access-list acl_outside extended permit tcp any host 68.153.103.152 eq ssh log debugging inactive
access-list acl_outside extended deny tcp object-group DM_INLINE_NETWORK_3 any object-group DM_INLINE_TCP_7 log debugging
access-list acl_outside remark Blocking all POP email due to email virus - 3/5/09
access-list acl_outside extended deny tcp any any object-group DM_INLINE_TCP_6 log debugging
access-list acl_outside remark Visa Malicious IPs - 1/2009
access-list acl_outside extended deny object-group DM_INLINE_SERVICE_1 object-group Visa_Inc_Data_Security_Alert any log debugging
access-list acl_outside remark Added 1/5/09 - Failed Server Login from outside address
access-list acl_outside extended deny tcp 220.241.24.0 255.255.255.0 any object-group DM_INLINE_TCP_1 log debugging
access-list acl_outside remark Added 1/6/09 - Failed Server Logins from outside IP
access-list acl_outside extended deny tcp 222.134.154.0 255.255.255.0 any object-group DM_INLINE_TCP_5 log debugging
access-list acl_outside extended deny object-group DM_INLINE_SERVICE_8 object-group DM_INLINE_NETWORK_8 any log debugging
access-list acl_outside extended deny tcp host 219.151.6.106 any object-group DM_INLINE_TCP_3 log debugging
access-list acl_outside extended deny ip host 219.151.6.106 any log debugging
access-list acl_outside extended deny object-group DM_INLINE_SERVICE_2 object-group DM_INLINE_NETWORK_4 any log
access-list acl_outside extended deny tcp 63.96.78.0 255.255.255.0 any eq smtp
access-list acl_outside extended deny tcp 63.96.77.0 255.255.255.0 any eq smtp
access-list acl_outside extended deny tcp 71.95.164.0 255.255.255.0 any eq smtp
access-list acl_outside extended deny ip host Blocked_FTP any log
access-list acl_outside extended deny ip host Blocked_FTP_Host any log
access-list acl_outside extended deny ip host 24.33.13.176 any
access-list acl_outside extended deny tcp any host 68.153.103.5 eq www
access-list acl_outside extended deny tcp any host 68.153.103.5 eq smtp
access-list acl_outside extended permit tcp any host 68.153.103.151 object-group DM_INLINE_TCP_4 log debugging
access-list acl_outside extended permit object-group DM_INLINE_SERVICE_24 any host 68.153.103.150 log debugging
access-list acl_outside extended permit tcp any host 68.153.103.26 eq ftp log debugging
access-list acl_outside extended permit icmp any host 68.153.103.25 log
access-list acl_outside extended permit icmp any any echo-reply log debugging
access-list acl_outside extended permit icmp any any log debugging
access-list acl_outside extended permit icmp any host 193.50.35.0 traceroute log debugging inactive
access-list acl_outside extended permit tcp any host 68.153.103.5 eq https
access-list acl_outside extended permit tcp any host 68.153.103.10 eq smtp log emergencies
access-list acl_outside extended permit tcp any host 68.153.103.175 eq https log warnings
access-list acl_outside extended permit tcp any host 68.153.103.175 eq smtp log debugging inactive
access-list acl_outside extended permit object-group DM_INLINE_SERVICE_5 any host 68.153.103.12 log debugging
access-list acl_outside extended permit icmp any host 68.153.103.26
access-list acl_outside extended permit tcp any host 68.153.103.12 object-group BZLink log
access-list acl_outside extended deny ip host Store9998 any log debugging
access-list acl_Valu-Lnk extended permit icmp any any echo-reply
access-list acl_Valu-Lnk extended permit icmp any any unreachable
access-list acl_Valu-Lnk extended permit icmp any any time-exceeded
access-list acl_Valu-Lnk extended permit icmp any any echo
access-list acl_Valu-Lnk extended permit tcp object-group Valu-Lnk-Hosts object-group CreditCard-Hosts object-group Valu-Lnk-Services log debugging
access-list inside_out extended permit tcp 10.16.20.0 255.255.255.0 any eq www
access-list inside_out extended permit tcp 10.22.85.0 255.255.255.0 any eq www
access-list inside_out extended permit tcp 10.0.0.29 255.0.0.255 any eq www
access-list inside_out extended permit tcp 10.0.0.29 255.0.0.255 any eq https
access-list inside_out extended permit tcp 10.12.10.0 255.255.255.0 any eq www
access-list inside_out extended permit tcp 10.12.10.0 255.255.255.0 any eq https
access-list inside_out extended permit tcp 10.23.15.0 255.255.255.0 any eq www
access-list inside_out extended permit tcp CANTON-REGIONAL_OFFICE 255.255.255.0 any eq www
access-list inside_out extended permit object-group DM_INLINE_SERVICE_12 193.50.0.0 255.255.0.0 any log debugging
access-list inside_out extended permit object-group DM_INLINE_SERVICE_28 host 172.25.0.0 any log debugging
access-list inside_out extended deny tcp 10.0.0.0 255.0.0.0 any eq www
access-list inside_out extended permit ip any any
access-list acl_incomm extended permit icmp any any echo-reply
access-list acl_incomm extended permit icmp any any unreachable
access-list acl_incomm extended permit icmp any any time-exceeded
access-list acl_incomm extended permit ip object-group incomm-routers object-group CreditCard-Hosts log debugging
access-list acl_incomm extended deny ip any any
access-list acl_PRE_Solutions_inbound extended permit object-group DM_INLINE_SERVICE_3 any any log debugging
access-list acl_PRE_Solutions_inbound extended permit ip host PRE_Sol_rtr host 66.0.125.19
access-list acl_PRE_Solutions_inbound extended permit ip object-group PreSolutions_Hosts object-group CreditCard-Hosts log debugging
access-list acl_PRE_Solutions_inbound extended permit ip host 66.147.174.179 host 193.50.25.0
access-list acl_PRE_Solutions_inbound extended permit ip object-group CreditCard-Hosts any log debugging inactive
access-list acl_PRE_Solutions_inbound extended permit ip any any log debugging inactive
access-list acl_PRE_Solutions_inbound extended deny ip any any log debugging
access-list IPS extended permit ip any any
access-list inside_nat0_outbound extended permit ip any 10.1.37.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip any 10.113.113.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 10.113.113.0 255.255.255.0 any
access-list inside_nat0_outbound extended permit ip host 193.50.25.12 172.17.171.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip object-group PDX 172.17.171.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip object-group DM_INLINE_NETWORK_2 object-group eRx224
access-list inside_nat0_outbound extended permit ip object-group DM_INLINE_NETWORK_5 object-group eRx224
access-list inside_nat0_outbound extended permit ip object-group DM_INLINE_NETWORK_6 object-group eRx224
access-list inside_nat0_outbound extended permit ip any 10.45.10.0 255.255.255.0
access-list inside_nat0_outbound extended permit icmp any any
access-list sVPNSplit extended permit ip 10.1.37.0 255.255.255.0 any
access-list sVPNSplit extended permit object-group DM_INLINE_SERVICE_17 10.1.37.0 255.255.255.0 any
access-list sDMZ_In extended deny tcp host 219.151.6.106 any object-group DM_INLINE_TCP_2 log debugging
access-list sDMZ_In extended deny object-group DM_INLINE_SERVICE_10 host 211.161.1.133 any log debugging
access-list sDMZ_In extended deny object-group DM_INLINE_SERVICE_6 object-group DM_INLINE_NETWORK_1 object-group sDMZServers log debugging
access-list sDMZ_In extended deny ip host 219.151.6.106 any log debugging
access-list sDMZ_In extended deny ip host 59.106.12.179 any log debugging
access-list sDMZ_In extended deny tcp host 59.106.12.179 any eq ftp log debugging
access-list sDMZ_In extended deny tcp host 59.106.12.179 any log debugging
access-list sDMZ_In extended permit icmp any any echo-reply inactive
access-list sDMZ_In extended permit tcp host 172.24.24.150 host 193.50.5.43 eq smtp log debugging
access-list sDMZ_In extended permit tcp any object-group sDMZServers eq ftp log debugging
access-list sDMZ_In extended permit object-group DM_INLINE_SERVICE_20 any host 172.24.24.101 log debugging
access-list sDMZ_In extended permit ip any host 172.24.24.150 log debugging
access-list sDMZ_In extended deny object-group DM_INLINE_SERVICE_23 host 172.24.24.150 193.50.0.0 255.255.0.0 log debugging
access-list sDMZ_In extended permit object-group DM_INLINE_SERVICE_15 host 172.24.24.150 any log debugging
access-list sDMZ_In extended permit object-group TCPUDP any host 172.24.24.150 eq domain
access-list sDMZ_In extended deny object-group DM_INLINE_PROTOCOL_2 host 172.24.24.150 193.50.0.0 255.255.0.0 eq www
access-list sDMZ_In extended permit object-group DM_INLINE_PROTOCOL_2 host 172.24.24.150 any eq www log debugging
access-list sDMZ_In extended permit object-group TCPUDP host 172.24.24.150 any eq www
access-list sDMZ_In extended permit ip host 172.24.24.101 host 193.50.25.10
access-list sDMZ_In extended permit tcp host 172.24.24.101 host 193.50.25.10 eq 9443
access-list sDMZ_In extended permit tcp host 172.24.24.101 host 193.50.25.10 eq 9080
access-list sDMZ_In extended deny ip any object-group DM_INLINE_NETWORK_7
access-list sDMZ_In extended permit ip host 172.24.24.101 any log debugging
access-list outside_cryptomap_1 extended permit object-group DM_INLINE_SERVICE_7 10.1.47.0 255.255.255.248 any log debugging
access-list outside_cryptomap_1 extended permit object-group DM_INLINE_SERVICE_27 10.1.37.0 255.255.255.0 any log debugging
access-list eRX_ACL extended permit object-group DM_INLINE_SERVICE_4 object-group eRx224 host 193.50.65.166 log debugging
access-list outside_1_cryptomap extended permit ip object-group DM_INLINE_NETWORK_6 object-group eRx224
access-list outside_cryptomap_65535.1 extended permit object-group DM_INLINE_SERVICE_18 any any
access-list outside_cryptomap_65535.1_1 extended permit object-group DM_INLINE_SERVICE_19 any any
access-list noNAT extended permit ip 193.50.0.0 255.255.0.0 10.1.37.0 255.255.255.0
access-list noNAT extended permit ip 10.1.37.0 255.255.255.0 193.50.5.0 255.255.255.0 log debugging
access-list noNAT extended permit object-group DM_INLINE_SERVICE_26 10.1.37.0 255.255.255.0 193.50.5.0 255.255.255.0 log debugging
access-list noNAT extended permit ip 10.0.0.0 255.0.0.0 10.1.37.0 255.255.255.0
access-list outside_cryptomap_65535.1_2 extended permit object-group DM_INLINE_SERVICE_25 any any
access-list nonat extended permit ip 193.50.5.0 255.255.255.0 10.1.37.0 255.255.255.0
access-list nonat extended permit ip 193.50.0.0 255.255.0.0 10.1.37.0 255.255.255.0
access-list nonat extended permit ip 10.0.0.0 255.0.0.0 10.1.37.0 255.255.255.0
access-list inside_nat0_outbound_1 extended permit ip any 10.1.37.0 255.255.255.0
access-list inside_nat0_outbound_1 extended permit ip 10.0.0.0 255.128.0.0 object-group DM_INLINE_NETWORK_9
access-list inside_nat0_outbound_1 extended permit ip 10.0.0.0 255.128.0.0 host CATALINA_NAT
access-list cap extended permit ip host 207.14.29.6 any inactive
access-list cap extended permit ip any host 207.14.29.6 inactive
access-list CATALINA_access_in remark ALLOWS TRAFFIC FROM CATALINA DATACENTER TO STORE IP RANGE
access-list CATALINA_access_in extended permit object-group CATALINA_SERVICES CATALINA_DC 255.255.255.224 10.0.0.0 255.128.0.0
access-list CATALINA_access_in remark ALLOWS STORE TRAFFIC TO THE CATALINA_NAT IP ADDRESS
access-list CATALINA_access_in extended permit object-group CATALINA_SERVICES 10.0.0.0 255.128.0.0 host CATALINA_NAT
pager lines 24
logging enable
logging timestamp
logging list SInman level emergencies
logging list SInman level emergencies class auth
logging list SInman level emergencies class nac
logging monitor informational
logging buffered informational
logging trap warnings
logging asdm informational
logging mail emergencies
logging from-address ASA@sinc.com
logging device-id ipaddress inside
logging host inside 193.50.25.53
logging class auth monitor informational asdm errors
logging class ids mail alerts
logging class session mail warnings
logging class nacpolicy mail emergencies
mtu inside 1500
mtu sDMZ 1500
mtu Valu-Lnk 1500
mtu PRE_Solutions 1500
mtu incomm 1500
mtu outside 1500
mtu CATALINA 1500
ip local pool test 10.1.47.1-10.1.47.2 mask 255.255.255.0
ip local pool sVPNClntPool 10.1.37.2-10.1.37.127 mask 255.255.255.128
failover
failover lan unit primary
failover lan interface Failover GigabitEthernet0/0
failover key *****
failover replication http
failover link Failover GigabitEthernet0/0
failover interface ip Failover 172.17.171.1 255.255.255.252 standby 172.17.171.2
icmp unreachable rate-limit 1 burst-size 1
icmp permit 193.50.0.0 255.255.0.0 inside
icmp permit host MCarter inside
icmp permit host SInman inside
asdm image disk0:/asdm-61551.bin
no asdm history enable
arp timeout 14400
global (inside) 3 CATALINA_NAT
global (outside) 1 interface
global (outside) 2 68.153.103.4
nat (inside) 0 access-list inside_nat0_outbound_1
nat (inside) 0 193.50.25.13 255.255.255.255
nat (inside) 1 172.16.69.0 255.255.255.0
nat (inside) 1 0.0.0.0 0.0.0.0
nat (Valu-Lnk) 0 0.0.0.0 0.0.0.0
nat (PRE_Solutions) 2 0.0.0.0 0.0.0.0
nat (CATALINA) 3 CATALINA_DC 255.255.255.224 outside
static (inside,outside) udp interface ntp 193.50.5.3 ntp netmask 255.255.255.255
static (inside,outside) tcp interface smtp 193.50.25.150 smtp netmask 255.255.255.255
static (outside,inside) tcp MEMEML02 smtp 68.153.103.175 smtp netmask 255.255.255.255
static (inside,outside) tcp Retrans 3389 Traffic 3389 netmask 255.255.255.255
static (PRE_Solutions,outside) 68.153.103.4 PRE_Sol_rtr netmask 255.255.255.255
static (sDMZ,outside) 68.153.103.12 172.24.24.101 netmask 255.255.255.255
static (sDMZ,outside) 68.153.103.26 172.24.24.102 netmask 255.255.255.255
static (sDMZ,outside) 68.153.103.150 172.24.24.150 netmask 255.255.255.255
static (sDMZ,outside) 68.153.103.151 172.24.24.104 netmask 255.255.255.255
static (inside,Valu-Lnk) MEMCCA01 MEMCCA01 netmask 255.255.255.255
static (inside,Valu-Lnk) 193.50.25.3 193.50.25.3 netmask 255.255.255.255
static (inside,Valu-Lnk) 193.50.25.4 193.50.25.4 netmask 255.255.255.255
static (inside,Valu-Lnk) MEMCCA02 MEMCCA02 netmask 255.255.255.255
static (inside,Valu-Lnk) HostA HostA netmask 255.255.255.255
static (inside,PRE_Solutions) MEMCCA01 MEMCCA01 netmask 255.255.255.255
static (inside,PRE_Solutions) MEMCCA02 MEMCCA02 netmask 255.255.255.255
static (inside,PRE_Solutions) 193.50.25.3 193.50.25.3 netmask 255.255.255.255
static (inside,PRE_Solutions) 193.50.25.4 193.50.25.4 netmask 255.255.255.255
static (inside,incomm) 193.50.25.3 193.50.25.3 netmask 255.255.255.255
static (inside,incomm) 193.50.25.4 193.50.25.4 netmask 255.255.255.255
static (inside,PRE_Solutions) memrts03 memrts03 netmask 255.255.255.255
static (inside,incomm) MEMCCA01 MEMCCA01 netmask 255.255.255.255
static (inside,incomm) MEMCCA02 MEMCCA02 netmask 255.255.255.255
static (inside,incomm) HostA HostA netmask 255.255.255.255
static (inside,outside) 68.153.103.175 MEMEML02 netmask 255.255.255.255
static (inside,outside) Imports_Static_NAT Charles_Norwood netmask 255.255.255.255
static (inside,sDMZ) 193.50.0.0 193.50.0.0 netmask 255.255.0.0
static (inside,sDMZ) 172.18.0.0 172.18.0.0 netmask 255.255.0.0
static (inside,sDMZ) 172.25.0.0 172.25.0.0 netmask 255.255.0.0
static (inside,sDMZ) 10.0.0.0 10.0.0.0 netmask 255.128.0.0
access-group sDMZ_In in interface sDMZ
access-group acl_Valu-Lnk in interface Valu-Lnk
access-group acl_PRE_Solutions_inbound in interface PRE_Solutions
access-group acl_incomm in interface incomm
access-group acl_outside in interface outside
access-group CATALINA_access_in in interface CATALINA
route outside 0.0.0.0 0.0.0.0 68.153.103.1 1
route inside 10.0.0.0 255.0.0.0 193.50.5.1 1
route Valu-Lnk Valu-Lnk-Host-1 255.255.255.255 10.255.1.3 1
route inside 10.150.0.0 255.255.0.0 193.50.5.1 1
route inside 10.150.0.11 255.255.255.255 193.50.5.1 1
route inside Callxpress 255.255.255.255 193.50.5.1 1
route PRE_Solutions 66.0.125.64 255.255.255.248 PRE_Sol_rtr 1
route PRE_Solutions 66.147.174.179 255.255.255.255 PRE_Sol_rtr 1
route PRE_Solutions 66.147.174.198 255.255.255.255 PRE_Sol_rtr 1
route inside 172.18.0.0 255.255.0.0 193.50.5.1 1
route inside Thompson 255.255.255.0 193.50.5.1 1
route inside 172.25.0.0 255.255.0.0 193.50.5.1 1
route inside 172.31.253.0 255.255.255.0 193.50.5.1 1
route inside 192.168.85.0 255.255.255.0 193.50.5.1 1
route inside 192.168.90.0 255.255.255.0 193.50.5.1 1
route inside 192.168.95.0 255.255.255.0 193.50.5.1 1
route inside TechLab_Network 255.255.255.0 193.50.5.1 1
route inside 192.168.168.0 255.255.255.0 193.50.5.1 1
route inside 193.50.2.0 255.255.255.0 193.50.5.1 1
route inside 193.50.15.0 255.255.255.0 193.50.5.1 1
route inside QxNConveyerController 255.255.255.255 193.50.5.3 1
route inside 193.50.20.0 255.255.255.0 193.50.5.1 1
route inside 193.50.21.0 255.255.255.0 193.50.5.1 1
route inside 193.50.25.0 255.255.255.0 193.50.5.1 1
route inside CallXpress 255.255.255.255 193.50.5.1 1
route inside 193.50.26.0 255.255.255.0 193.50.5.1 1
route inside 193.50.28.0 255.255.255.0 193.50.5.1 1
route inside 193.50.29.0 255.255.255.0 193.50.5.1 1
route inside 193.50.30.0 255.255.255.0 193.50.5.1 1
route inside 193.50.31.0 255.255.255.0 193.50.5.1 1
route inside 193.50.35.0 255.255.255.0 193.50.5.1 1
route inside 193.50.45.0 255.255.255.0 193.50.5.1 1
route inside 193.50.55.0 255.255.255.0 193.50.5.1 1
route inside 193.50.65.0 255.255.255.0 193.50.5.1 1
route inside 193.50.75.0 255.255.255.0 193.50.5.1 1
route CATALINA CATALINA_DC 255.255.255.224 10.255.1.50 1
route Valu-Lnk Valu-Lnk-Host-3 255.255.255.255 10.255.1.3 1
route Valu-Lnk Valu-Lnk-Host-2 255.255.255.255 10.255.1.3 1
route Valu-Lnk Valu-Lnk-Host-4 255.255.255.255 10.255.1.3 1
route inside 206.227.246.195 255.255.255.255 193.50.5.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
aaa-server sAD protocol nt
aaa-server sAD (inside) host DC04
nt-auth-domain-controller 193.50.25.58
aaa-server sAD (inside) host 193.50.25.131
nt-auth-domain-controller memdc03
aaa authentication ssh console LOCAL
aaa authentication enable console LOCAL
aaa authorization command LOCAL
aaa authorization exec authentication-server
http server enable
http 172.25.16.222 255.255.255.255 inside
http 172.25.16.216 255.255.255.255 inside
http 172.25.16.223 255.255.255.255 inside
http 193.50.5.35 255.255.255.255 inside
http 193.50.25.0 255.255.255.0 inside
http 193.50.35.0 255.255.255.0 inside
http SInman 255.255.255.255 inside
http MCarter 255.255.255.255 inside
http 172.25.16.11 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
service resetoutside
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 1 set pfs
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 1 set transform-set ESP-AES-256-SHA ESP-AES-256-MD5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 1 set security-association lifetime seconds 28800
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 1 set security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 1 set nat-t-disable
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 1 set reverse-route
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set security-association lifetime seconds 28800
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set security-association lifetime kilobytes 4608000
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set peer eRxHosts
crypto map outside_map 1 set transform-set ESP-AES-256-MD5
crypto map outside_map 1 set security-association lifetime seconds 28800
crypto map outside_map 1 set security-association lifetime kilobytes 4608000
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption aes-256
hash md5
group 5
lifetime 86400
crypto isakmp policy 15
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime none
crypto isakmp policy 30
authentication pre-share
encryption aes-256
hash sha
group 5
lifetime 86400
crypto isakmp policy 50
authentication pre-share
encryption 3des
hash md5
group 5
lifetime 86400
crypto isakmp policy 70
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 90
authentication pre-share
encryption 3des
hash sha
group 5
lifetime 86400
crypto isakmp policy 110
authentication pre-share
encryption des
hash md5
group 5
lifetime 86400
no crypto isakmp nat-traversal
client-update enable
no vpn-addr-assign aaa
no vpn-addr-assign dhcp
telnet timeout 5
ssh 193.50.5.35 255.255.255.255 inside
ssh 193.50.25.0 255.255.255.0 inside
ssh 193.50.35.0 255.255.255.0 inside
ssh MCarter 255.255.255.255 inside
ssh SInman 255.255.255.255 inside
ssh 172.25.16.11 255.255.255.255 inside
ssh 172.25.16.223 255.255.255.255 inside
ssh 172.25.16.216 255.255.255.255 inside
ssh 172.25.16.222 255.255.255.255 inside
ssh timeout 15
console timeout 0
threat-detection basic-threat
threat-detection statistics
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
ssl encryption aes128-sha1 aes256-sha1 3des-sha1
webvpn
enable outside
svc image disk0:/anyconnect-win-2.2.0133-k9.pkg 1
svc image disk0:/anyconnect-linux-2.2.0133-k9.pkg 2
svc image disk0:/anyconnect-macosx-i386-2.2.0133-k9.pkg 3
svc image disk0:/anyconnect-macosx-powerpc-2.3.0254-k9.pkg 5 regex "PPC Mac OS X"
svc enable
tunnel-group-list enable
group-policy DfltGrpPolicy attributes
vpn-filter value outside_cryptomap_1
vpn-tunnel-protocol IPSec l2tp-ipsec
group-policy svpn internal
group-policy svpn attributes
dns-server value 193.50.25.250 193.50.25.58
vpn-simultaneous-logins 100
vpn-tunnel-protocol IPSec svc
split-tunnel-policy tunnelall
split-tunnel-network-list value sVPNSplit
default-domain value sinc.com
intercept-dhcp enable
address-pools value sVPNClntPool
webvpn
svc keep-installer installed
group-policy GroupPolicy1 internal
group-policy GroupPolicy1 attributes
vpn-filter value outside_cryptomap_1
vpn-tunnel-protocol IPSec l2tp-ipsec svc
username KMyles password mOZnt.jTcuvPtt13 encrypted privilege 15
username SInman password BD5Yr9HRiZM.eMub encrypted privilege 15
tunnel-group DefaultWEBVPNGroup general-attributes
authentication-server-group sAD
tunnel-group sWebVPN type remote-access
tunnel-group sWebVPN general-attributes
authentication-server-group sAD
default-group-policy svpn
tunnel-group sWebVPN webvpn-attributes
nbns-server 193.50.25.250 timeout 2 retry 2
nbns-server DC04 timeout 2 retry 2
group-alias WebVPN enable
!
class-map my-ips-class
match access-list IPS
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
class my-ips-class
ips promiscuous fail-open
!
service-policy global_policy global
smtp-server 193.50.25.30
privilege cmd level 3 mode exec command perfmon
privilege cmd level 3 mode exec command ping
privilege cmd level 3 mode exec command who
privilege cmd level 3 mode exec command logging
privilege cmd level 3 mode exec command failover
privilege show level 5 mode exec command import
privilege show level 5 mode exec command running-config
privilege show level 3 mode exec command reload
privilege show level 3 mode exec command mode
privilege show level 3 mode exec command firewall
privilege show level 3 mode exec command interface
privilege show level 3 mode exec command clock
privilege show level 3 mode exec command dns-hosts
privilege show level 3 mode exec command access-list
privilege show level 3 mode exec command logging
privilege show level 3 mode exec command ip
privilege show level 3 mode exec command failover
privilege show level 3 mode exec command asdm
privilege show level 3 mode exec command arp
privilege show level 3 mode exec command route
privilege show level 3 mode exec command ospf
privilege show level 3 mode exec command aaa-server
privilege show level 3 mode exec command aaa
privilege show level 3 mode exec command eigrp
privilege show level 3 mode exec command crypto
privilege show level 3 mode exec command vpn-sessiondb
privilege show level 3 mode exec command ssh
privilege show level 3 mode exec command dhcpd
privilege show level 3 mode exec command vpn
privilege show level 3 mode exec command blocks
privilege show level 3 mode exec command wccp
privilege show level 3 mode exec command webvpn
privilege show level 3 mode exec command uauth
privilege show level 3 mode exec command compression
privilege show level 3 mode configure command interface
privilege show level 3 mode configure command clock
privilege show level 3 mode configure command access-list
privilege show level 3 mode configure command logging
privilege show level 3 mode configure command ip
privilege show level 3 mode configure command failover
privilege show level 5 mode configure command asdm
privilege show level 3 mode configure command arp
privilege show level 3 mode configure command route
privilege show level 3 mode configure command aaa-server
privilege show level 3 mode configure command aaa
privilege show level 3 mode configure command crypto
privilege show level 3 mode configure command ssh
privilege show level 3 mode configure command dhcpd
privilege show level 5 mode configure command privilege
privilege clear level 3 mode exec command dns-hosts
privilege clear level 3 mode exec command logging
privilege clear level 3 mode exec command arp
privilege clear level 3 mode exec command aaa-server
privilege clear level 3 mode exec command crypto
privilege cmd level 3 mode configure command failover
privilege clear level 3 mode configure command logging
privilege clear level 3 mode configure command arp
privilege clear level 3 mode configure command crypto
privilege clear level 3 mode configure command aaa-server
prompt hostname context
Cryptochecksum:8e5505087d305904d9a4b90371478889
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-23-2012 10:52 PM
Hello,
Ok I did not expect that ¨interesting¨ config lol.
Questions?
1-Where is the tunnel-group for the site to site connection
2-Where is the NO_NAT configuration for the traffic going to the other VPN site.
3-The crypto map ACL is pointing to this;network-object 63.150.185.224 255.255.255.224
Are you sure you have provided the right ASAs configuration!!!!!
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-23-2012 11:45 PM
I know it is a mess ..which makes it more difficult for me to follow....
HUB
access-list branch1-vpn extended permit ip 172.0.0.0 255.0.0.0 192.168.0.0 255.255.0.0
access-list branch1-vpn extended permit ip 172.0.0.0 255.0.0.0 10.151.0.0 255.255.0.0
access-list branch1-vpn extended permit ip 193.0.0.0 255.0.0.0 192.168.0.0 255.255.0.0
access-list branch1-vpn extended permit ip 10.150.0.0 255.255.0.0 192.168.0.0 255.255.0.0
crypto map outside_map 50 match address branch1-vpn
crypto map outside_map 50 set peer 66.106.153.226
crypto map outside_map 50 set transform-set espsha3desproto
crypto map outside_map 50 set security-association lifetime seconds 28800
crypto map outside_map 50 set security-association lifetime kilobytes 4608000
crypto isakmp policy 50
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
tunnel-group 66.104.153.226 type ipsec-l2l
tunnel-group 66.104.153.226 ipsec-attributes
pre-shared-key *
isakmp keepalive threshold 30 retry 5
!
There are no isakmp sas
DublinAsaFW# sho log
Revised branch
!
interface GigabitEthernet0/0
no nameif
security-level 100
no ip address
!
interface GigabitEthernet0/1
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/3
nameif outside
security-level 0
ip address 66.104.153.226 255.255.255.224
ospf cost 10
!
interface Management0/0
description inside
nameif management
security-level 100
ip address 10.0.0.1 255.255.255.252
ospf cost 10
!
ftp mode passive
clock timezone CST -6
clock summer-time CDT recurring
same-security-traffic permit intra-interface
access-list VPN-TO-HUB extended permit ip any any
access-list NONAT extended permit ip any any
access-list outside_in extended permit icmp any any echo-reply
access-list outside_in extended deny ip any any log
pager lines 24
logging buffered errors
logging asdm informational
mtu outside 1500
mtu management 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (management) 0 access-list NONAT
access-group outside_in in interface outside
route outside 0.0.0.0 0.0.0.0 66.104.153.225 1
route management 10.151.0.0 255.255.0.0 10.0.0.2 1
route management 192.168.0.0 255.255.0.0 10.0.0.2 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication telnet console LOCAL
aaa authentication ssh console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 management
http 192.168.0.0 255.255.0.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set espsha3desproto esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map IPSEC 50 match address VPN-TO-HUB
crypto map IPSEC 50 set peer 68.153.103.10
crypto map IPSEC 50 set transform-set espsha3desproto
crypto map IPSEC interface outside
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 50
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet 192.168.0.0 255.255.0.0 management
telnet timeout 5
ssh 192.168.0.0 255.255.0.0 management
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
username admin password eY/fQXw7Ure8Qrz7 encrypted
tunnel-group 68.153.103.10 type ipsec-l2l
tunnel-group 68.153.103.10 ipsec-attributes
pre-shared-key *
isakmp keepalive threshold 30 retry 5
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:521706aeea115eb51b05e31dfae29905
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-23-2012 11:50 PM
since the changes the tunnel has not re-established.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-24-2012 04:40 PM
the tunnel is up now but now users at the branch cannot get to internet ...i do not want to split tunnel but if i have to
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide