Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
479
Views
0
Helpful
5
Replies

problem with my asa 5520 remote vpn connection

samira.nasr1
Level 1
Level 1

‎03-08-2016 10:12 PM

Hello  , i have a problem with my asa 5520 Remote VPN Connection with local network access , the VPn is working fine and connected , but the problem is i can't reach my inside network connection of 192.168.126.x , here is my configuration , can you help me please

ASA Version 8.0(3)

!

hostname HQ-EB-FW01

domain-name msiohm.net

enable password 4inqRLI7y7.JHRaC encrypted

names

name 192.168.126.5 Antivirus

name 192.168.126.6 Asnad

name 192.168.126.11 BDC

name 192.168.126.2 Bimegari

name 192.168.126.3 Citrix

name 192.168.126.10 DC

name 192.168.126.4 Edarimali

name 192.168.126.57 Monitoring

name 192.168.126.7 Tellgoya

name 10.10.10.1 VPNPDA

name 172.16.126.0 SHAHRESTANHA

name 192.168.0.112 Bimaran

name 192.168.0.202 FTP

name 192.168.0.102 IRANIAN

name 192.168.0.103 IRANIAN2

name 192.168.0.120 Quality

name 192.168.0.111 Roostaeian

name 172.50.150.0 vpnhamedan

name 172.20.150.5 dell

name 172.30.100.2 Router

name 172.20.150.100 testapp

name 172.20.150.150 cafenet

name 172.20.150.151 modirlaptop

name 192.168.0.219 daramad

name 192.168.0.34 E_learning

name 192.20.150.201 sw1

name 192.20.150.202 sw2

name 192.168.0.33 portalsetad

name 192.168.0.218 intranet

name 192.168.126.9 citrix2

name 192.168.102.2 ardebil

name 172.20.150.12 Esmaili

name 192.168.0.22 e-learning

name 192.168.118.0 Video description Video

name 172.20.150.13 Mahdian

name 172.20.150.11 Tokhmechi

name 172.20.150.15 IP-Herasat

name 172.22.1.0 AsnadPzk-V1

name 172.22.1.64 AsnadPzk-V2

name 172.22.3.0 Cammera

name 172.22.168.0 E-commerce-submodule

name 172.22.65.0 ESX-hosts

name 172.22.0.128 Edari

name 172.22.2.192 Guest

name 172.22.0.64 Herasat

name 172.22.2.0 IT

name 172.22.184.0 Internet-submodule

name 172.22.0.192 Mali

name 172.22.254.0 Mng-VLAN description All management hosts

name 172.22.1.128 Nezarat

name 172.22.1.192 Ravabt-QC

name 172.22.64.0 Server-hosts

name 172.22.66.0 Storage-hosts

name 172.22.176.32 VPN-Users description Remote access in EB

name 172.22.128.0 WAN-submodule

name 172.0.0.0 test

name 192.168.126.13 new-Asnad

name 172.22.0.0 HQ-SB_Clients

name 172.22.64.65 SF-Kerio

dns-guard

!

interface GigabitEthernet0/0

 nameif Core-1

 security-level 0

 no ip address

 ospf cost 10

!

interface GigabitEthernet0/0.20

 vlan 20

 nameif SVI-20

 security-level 90

 ip address 172.22.10.252 255.255.255.0

!

interface GigabitEthernet0/0.111

 vlan 111

 nameif SVI-111

 security-level 90

 ip address 192.168.126.252 255.255.255.0

!

interface GigabitEthernet0/0.112

 vlan 112

 nameif SF-Host-v2

 security-level 80

 ip address 172.22.64.91 255.255.240.0

!

interface GigabitEthernet0/0.121

 vlan 121

 nameif HQ-SB-SVI01

 security-level 100

 ip address 172.22.48.50 255.255.255.252

!

interface GigabitEthernet0/0.122

 vlan 122

 nameif HQ-SF-SVI01

 security-level 100

 ip address 172.22.48.54 255.255.255.252

!

interface GigabitEthernet0/0.123

 vlan 123

 nameif HQ-EB-SVI01

 security-level 60

 ip address 172.22.48.58 255.255.255.252

!

interface GigabitEthernet0/0.124

 vlan 124

 nameif HQ-MB-SVI01

 security-level 80

 ip address 172.22.48.62 255.255.255.252

!

interface GigabitEthernet0/0.125

 vlan 125

 nameif HQ-EB-SVI02

 security-level 40

 ip address 172.22.48.65 255.255.255.252

!

interface GigabitEthernet0/0.126

 vlan 126

 nameif HQ-EB-SVI03

 security-level 40

 ip address 172.22.48.69 255.255.255.252

!

interface GigabitEthernet0/0.601

 vlan 601

 nameif ISP-1

 security-level 0

 pppoe client vpdn group ADSL-Access

 ip address pppoe

!

interface GigabitEthernet0/1

 nameif Client

 security-level 50

 ip address 172.20.150.1 255.255.0.0

 ospf cost 10

!

interface GigabitEthernet0/2

 nameif WAN

 security-level 0

 no ip address

 ospf cost 10

!

interface GigabitEthernet0/3

 no nameif

 no security-level

 no ip address

!

interface Management0/0

 nameif internet

 security-level 0

 ip address 192.168.0.90 255.255.255.0

!

passwd 2KFQnbNIdI.2KYOU encrypted

!

time-range wsus

 periodic daily 1:05 to 5:59

!

ftp mode passive

clock timezone IRST 3 30

dns server-group DefaultDNS

 retries 10

 timeout 10

 domain-name msiohm.net

same-security-traffic permit inter-interface

same-security-traffic permit intra-interface

object-group network DM_INLINE_NETWORK_1

 network-object host DC

 network-object host BDC

object-group network DM_INLINE_NETWORK_2

 network-object host DC

 network-object host BDC

object-group network DM_INLINE_NETWORK_3

 network-object host DC

 network-object host BDC

object-group service DC tcp

 port-object eq 1025

 port-object eq 135

 port-object eq 445

 port-object eq cifs

 port-object eq domain

 port-object eq netbios-ssn

 port-object eq 1026

object-group service DCTCPUDP tcp-udp

 port-object eq 389

 port-object eq 88

 port-object eq domain

object-group service DCUDP udp

 port-object eq domain

 port-object eq netbios-dgm

 port-object eq netbios-ns

 port-object eq ntp

object-group service SQL tcp

 port-object eq 1433

object-group service DM_INLINE_TCP_1 tcp

 group-object SQL

 port-object eq www

object-group protocol TCPUDP

 protocol-object udp

 protocol-object tcp

object-group service ASNAD tcp

 port-object eq 445

 port-object eq www

 port-object eq sqlnet

object-group network DM_INLINE_NETWORK_4

 network-object host DC

 network-object host BDC

object-group network DM_INLINE_NETWORK_5

 network-object host DC

 network-object host BDC

object-group network DM_INLINE_NETWORK_6

 network-object host DC

 network-object host BDC

object-group service UDPNTP udp

 port-object eq 1529

object-group service remote tcp

 port-object eq 3389

object-group service tcpntp tcp

 port-object eq 123

object-group network DM_INLINE_NETWORK_7

 network-object host 192.168.0.214

 network-object host 192.168.0.215

object-group service DM_INLINE_TCP_2 tcp

 port-object eq citrix-ica

 port-object eq www

object-group service DM_INLINE_TCP_3 tcp

 port-object eq 81

 port-object eq www

 port-object eq 8081

 port-object eq 8082

 port-object eq 8083

 port-object eq 82

 port-object eq 8443

 port-object eq 8444

 port-object eq 8801

object-group network management

 network-object host Tokhmechi

 network-object host Esmaili

 network-object host Mahdian

 network-object host testapp

object-group network DM_INLINE_NETWORK_9

 network-object SHAHRESTANHA 255.255.255.0

 network-object 192.168.0.0 255.255.0.0

object-group network SERVERS

 network-object host DC

 network-object host BDC

 network-object host Bimegari

 network-object host Citrix

 network-object host Edarimali

 network-object host Monitoring

 network-object host Antivirus

 network-object host Asnad

 network-object host Tellgoya

 network-object host citrix2

 network-object host 192.168.126.1

object-group network WEBSITE

 network-object host IRANIAN

 network-object host IRANIAN2

 network-object host Roostaeian

 network-object host Bimaran

 network-object host Quality

 network-object host daramad

 network-object host E_learning

 network-object host portalsetad

 network-object host intranet

 network-object host e-learning

object-group service DM_INLINE_TCP_6 tcp

 port-object eq citrix-ica

 port-object eq www

object-group service DM_INLINE_TCP_7 tcp

 port-object eq domain

 port-object eq www

 port-object eq https

 port-object eq ftp

object-group network DM_INLINE_NETWORK_10

 network-object host IRANIAN

 network-object host IRANIAN2

object-group service DM_INLINE_TCP_8 tcp

 port-object eq ftp

 port-object eq ftp-data

 port-object eq www

object-group service DM_INLINE_TCP_12 tcp

 port-object eq 1433

 port-object eq 445

object-group network DM_INLINE_NETWORK_12

 network-object host 192.168.0.216

 network-object host 192.168.0.30

object-group service tftp udp

 port-object eq tftp

object-group network Switches

 network-object host 172.20.150.200

 network-object host 172.20.150.201

 network-object host 172.20.150.202

object-group service snmp-net udp

 port-object eq netbios-ns

 port-object eq snmp

object-group network interne

 network-object host cafenet

 network-object host modirlaptop

object-group service DM_INLINE_TCP_13 tcp

 port-object eq www

 port-object eq https

object-group network sitedaramad

 network-object host 172.16.126.148

object-group network DNS-Rostaean

 network-object host 192.168.0.214

 network-object host 192.168.0.215

object-group network DM_INLINE_NETWORK_13

 network-object 192.167.0.0 255.255.0.0

 network-object 192.168.0.0 255.255.0.0

object-group service ftp-ftp-data tcp

 port-object eq ftp

 port-object eq ftp-data

object-group network DM_INLINE_NETWORK_15

 network-object 192.167.0.0 255.255.0.0

 network-object 192.168.0.0 255.255.0.0

object-group service DM_INLINE_SERVICE_1

 service-object tcp eq 13000

 service-object tcp eq 14000

 service-object tcp eq 445

 service-object udp eq 15000

 service-object tcp eq 15000

object-group network DM_INLINE_NETWORK_16

 network-object host Citrix

 network-object host citrix2

 network-object host new-Asnad

object-group service DM_INLINE_TCP_9 tcp

 port-object eq 8081

 port-object eq 8082

 port-object eq 8083

 port-object eq 81

 port-object eq 82

 port-object eq 8443

 port-object eq 8444

 port-object eq 8801

 port-object eq www

object-group service DM_INLINE_TCP_10 tcp

 port-object eq citrix-ica

 port-object eq www

object-group network DM_INLINE_NETWORK_17

 network-object host Citrix

 network-object host new-Asnad

object-group network DM_INLINE_NETWORK_19

 network-object host 172.20.150.21

 network-object host 172.20.150.71

object-group network DM_INLINE_NETWORK_20

 network-object host 172.20.150.21

 network-object host 172.20.150.71

object-group network DM_INLINE_NETWORK_22

 network-object 192.167.0.0 255.255.0.0

 network-object 192.168.0.0 255.255.0.0

object-group network DM_INLINE_NETWORK_11

 network-object host Bimegari

 network-object host Citrix

 network-object host Asnad

 network-object host citrix2

object-group network DM_INLINE_NETWORK_14

 network-object host 172.20.150.55

 network-object host 172.20.150.42

 network-object host 172.20.150.57

 network-object host 172.20.150.58

 network-object host 172.20.150.56

 network-object host 172.20.150.53

 network-object host 172.16.126.22

 network-object host 172.20.150.88

object-group network DM_INLINE_NETWORK_23

 network-object host 192.168.0.44

 network-object host 46.209.97.44

 network-object host 46.209.97.70

 network-object host 87.247.178.44

object-group network DM_INLINE_NETWORK_24

 network-object host 172.20.150.41

 network-object host 172.20.150.63

 network-object host 172.20.150.81

 network-object host 172.20.150.82

 network-object host 172.20.150.40

 network-object host Tokhmechi

 network-object host 172.20.150.26

object-group network DM_INLINE_NETWORK_25

 network-object host 172.16.126.102

 network-object host 172.16.126.24

 network-object host 172.16.126.250

 network-object host 172.16.126.40

 network-object host 172.16.126.51

 network-object host 172.16.126.5

 network-object host 172.16.126.70

 network-object host 172.16.126.83

 network-object host 172.16.126.156

object-group network DM_INLINE_NETWORK_27

 network-object host 192.168.0.41

 network-object host 46.209.97.11

object-group network DM_INLINE_NETWORK_26

 network-object host 10.8.12.32

 network-object host 10.8.12.36

 network-object host 10.30.5.140

 network-object host 46.209.253.174

 network-object host 192.146.59.30

 network-object host 78.157.60.22

 network-object host 212.80.31.100

object-group network DM_INLINE_NETWORK_29

 network-object host 46.209.253.174

 network-object host 46.209.97.15

 network-object host 78.39.207.17

object-group network DM_INLINE_NETWORK_30

 network-object host 192.168.90.40

 network-object host 192.168.90.6

 network-object host 192.168.126.99

object-group network DM_INLINE_NETWORK_28

 network-object host 79.175.173.147

 network-object host 80.69.251.126

 network-object host 74.205.112.44

 network-object host 212.68.44.17

object-group network DM_INLINE_NETWORK_31

 network-object host 192.168.90.36

 network-object host 192.168.90.40

object-group network DM_INLINE_NETWORK_33

 network-object host 46.209.97.17

 network-object host 87.247.178.17

 network-object host 192.168.0.43

 network-object host Citrix

object-group network DM_INLINE_NETWORK_32

 network-object host Tokhmechi

 network-object host 172.20.150.71

object-group network DM_INLINE_NETWORK_34

 network-object host Tokhmechi

 network-object host 172.20.150.24

object-group network DM_INLINE_NETWORK_35

 network-object host Monitoring

 network-object host Antivirus

 network-object host Citrix

object-group network DM_INLINE_NETWORK_36

 network-object host 192.168.0.39

 network-object host 46.209.97.15

 network-object host 87.247.178.15

object-group protocol PPTP

 protocol-object ip

 protocol-object icmp

 protocol-object pim

 protocol-object pcp

 protocol-object snp

 protocol-object udp

 protocol-object igmp

 protocol-object ipinip

 protocol-object gre

 protocol-object esp

 protocol-object ah

 protocol-object icmp6

 protocol-object tcp

 protocol-object eigrp

 protocol-object ospf

 protocol-object igrp

 protocol-object nos

 group-object TCPUDP

object-group network DM_INLINE_NETWORK_18

 network-object host 172.20.150.48

 group-object management

 network-object host Tokhmechi

object-group network DM_INLINE_NETWORK_21

 network-object host 172.20.150.48

 group-object management

object-group service udp udp

 port-object eq 13000

 port-object eq 14000

 port-object eq 15000

 port-object eq 18000

object-group network DM_INLINE_NETWORK_37

 network-object host Tokhmechi

 network-object host 172.20.150.18

 network-object host Mahdian

 network-object host 172.20.150.63

 network-object host 172.20.150.81

 network-object host 172.20.150.36

 network-object host 172.20.150.158

 network-object host 172.20.150.149

 network-object host 172.20.150.143

 network-object host 172.20.150.144

object-group network DM_INLINE_NETWORK_38

 network-object host 172.20.150.29

 network-object host 172.20.150.42

object-group service DM_INLINE_SERVICE_3

 service-object ip

 service-object tcp eq https

 service-object tcp-udp eq www

object-group network DM_INLINE_NETWORK_41

 network-object 172.20.0.0 255.255.0.0

 network-object host 172.20.150.92

object-group service DM_INLINE_SERVICE_2

 service-object ip

 service-object tcp eq www

 service-object tcp eq https

object-group network DM_INLINE_NETWORK_39

 network-object host Bimegari

 network-object host citrix2

object-group network DM_INLINE_NETWORK_43

 network-object host 192.168.0.60

 network-object host 192.168.0.61

 network-object host 192.168.0.90

 network-object 172.24.0.0 255.255.192.0

 network-object 172.23.0.0 255.255.192.0

object-group protocol DM_INLINE_PROTOCOL_1

 protocol-object ip

 protocol-object udp

object-group network DM_INLINE_NETWORK_46

 network-object host Bimegari

 network-object host citrix2

object-group network DM_INLINE_NETWORK_44

 network-object host Citrix

 network-object host Asnad

object-group network DM_INLINE_NETWORK_47

 network-object host Citrix

 network-object host Asnad

object-group network DM_INLINE_NETWORK_48

 network-object host Esmaili

 network-object host 172.22.10.11

object-group network DM_INLINE_NETWORK_50

 network-object host e-learning

 group-object WEBSITE

object-group service DM_INLINE_SERVICE_4

 service-object ip

 service-object tcp eq www

object-group network DM_INLINE_NETWORK_40

 network-object host 172.20.150.24

 network-object host 172.20.150.28

object-group network DM_INLINE_NETWORK_51

 network-object host 192.168.0.53

 network-object host 87.247.178.50

object-group network DM_INLINE_NETWORK_8

 network-object SHAHRESTANHA 255.255.255.0

 network-object 192.167.0.0 255.255.0.0

 network-object 192.168.0.0 255.255.0.0

object-group network DM_INLINE_NETWORK_49

 network-object host Roostaeian

 network-object host 192.168.0.0

object-group service DM_INLINE_SERVICE_5

 service-object ip

 service-object tcp eq ssh

 service-object tcp eq https

 service-object tcp eq sqlnet

object-group network DM_INLINE_NETWORK_52

 network-object host Bimaran

 network-object host 192.168.0.44

object-group service DM_INLINE_SERVICE_6

 service-object ip

 service-object tcp eq 3389

object-group service DM_INLINE_SERVICE_7

 service-object ip

 service-object tcp eq 3389

 service-object tcp eq sqlnet

 service-object tcp eq 1433

object-group service DM_INLINE_SERVICE_8

 service-object ip

 service-object tcp eq www

 service-object tcp eq https

object-group network DM_INLINE_NETWORK_54

 network-object host Tokhmechi

 network-object host 172.20.150.52

 network-object host 172.20.150.44

 network-object host 172.20.150.45

 network-object host 172.20.150.49

 network-object host 172.20.150.87

object-group service DM_INLINE_SERVICE_9

 service-object ip

 service-object tcp eq www

object-group network HQ-Clients

 description All of clients in HQ

 network-object HQ-SB_Clients 255.255.255.192

 network-object Edari 255.255.255.192

 network-object Mali 255.255.255.192

 network-object Herasat 255.255.255.192

 network-object AsnadPzk-V1 255.255.255.192

 network-object Nezarat 255.255.255.192

 network-object Ravabt-QC 255.255.255.192

 network-object AsnadPzk-V2 255.255.255.192

 network-object IT 255.255.255.192

 network-object Guest 255.255.255.192

 network-object Cammera 255.255.255.192

object-group network HQ-Edge-Block

 network-object WAN-submodule 255.255.224.0

 network-object E-commerce-submodule 255.255.248.0

 network-object VPN-Users 255.255.255.224

 network-object Internet-submodule 255.255.248.0

object-group network HQ-Management-Block

 network-object Mng-VLAN 255.255.255.0

object-group network HQ-Server-Farm

 network-object Server-hosts 255.255.255.0

 network-object ESX-hosts 255.255.255.0

 network-object Storage-hosts 255.255.255.0

object-group network DM_INLINE_NETWORK_55

 network-object host new-Asnad

 group-object SERVERS

object-group network DM_INLINE_NETWORK_57

 network-object host Roostaeian

 network-object host 192.168.0.118

 network-object host 192.168.0.217

object-group service DM_INLINE_SERVICE_10

 service-object ip

 service-object tcp eq ssh

 service-object tcp eq sqlnet

 service-object tcp eq https

 service-object tcp eq 3389

object-group network DM_INLINE_NETWORK_42

 network-object host 87.247.178.50

 network-object host 64.79.89.107

object-group network DM_INLINE_NETWORK_53

 network-object host 172.20.150.63

 network-object host 172.20.150.81

object-group network DM_INLINE_NETWORK_56

 network-object host 10.0.192.99

 network-object host 192.168.0.130

 network-object host 46.225.251.135

 network-object host 46.225.251.133

 network-object host 87.247.178.8

 network-object host 192.168.0.131

 network-object host 192.168.0.42

 network-object host 87.247.178.16

 network-object host 46.225.251.138

object-group network DM_INLINE_NETWORK_58

 network-object host Tokhmechi

 network-object host 172.20.150.149

 network-object host 172.20.150.158

 network-object host 172.20.150.143

 network-object host 172.20.150.147

 network-object host 172.20.150.85

 network-object host 172.22.6.1

object-group service DM_INLINE_SERVICE_11

 service-object ip

 service-object tcp eq www

 service-object tcp eq https

object-group network DM_INLINE_NETWORK_59

 network-object host Esmaili

 network-object host Tokhmechi

 network-object host 172.20.150.118

object-group network DM_INLINE_NETWORK_60

 network-object host 192.168.126.19

 network-object host Antivirus

object-group network SF_Internet-Trusted

 description Trusted servers to access to the internet

 network-object host SF-Kerio

object-group protocol DM_INLINE_PROTOCOL_2

 protocol-object ip

 protocol-object icmp

object-group service DM_INLINE_SERVICE_12

 service-object tcp eq domain

 service-object udp eq domain

object-group network DM_INLINE_NETWORK_61

 network-object host 192.168.126.19

 network-object host Antivirus

access-list Client_access_in extended permit tcp 172.20.0.0 255.255.0.0 object-group DM_INLINE_NETWORK_1 object-group DC log debugging inactive

access-list Client_access_in extended permit udp 172.20.0.0 255.255.0.0 object-group DM_INLINE_NETWORK_2 object-group DCUDP log debugging inactive

access-list Client_access_in extended permit object-group TCPUDP 172.20.0.0 255.255.0.0 object-group DM_INLINE_NETWORK_3 object-group DCTCPUDP log debugging inactive

access-list Client_access_in extended permit tcp 172.20.0.0 255.255.0.0 object-group DM_INLINE_NETWORK_17 object-group DM_INLINE_TCP_1 log debugging inactive

access-list Client_access_in extended permit tcp 172.20.0.0 255.255.0.0 object-group DM_INLINE_NETWORK_47 object-group ASNAD log debugging inactive

access-list Client_access_in extended permit tcp 172.20.0.0 255.255.0.0 object-group DM_INLINE_NETWORK_16 object-group DM_INLINE_TCP_2 log debugging inactive

access-list Client_access_in extended permit tcp 172.20.0.0 255.255.0.0 host Antivirus object-group DM_INLINE_TCP_3 log debugging inactive

access-list Client_access_in extended permit udp 172.20.0.0 255.255.0.0 host Monitoring eq ntp log debugging inactive

access-list Client_access_in extended permit tcp 172.20.0.0 255.255.0.0 host Monitoring object-group tcpntp log debugging inactive

access-list Client_access_in extended permit udp 172.20.0.0 255.255.0.0 host Monitoring object-group UDPNTP log debugging inactive

access-list Client_access_in extended permit tcp object-group DM_INLINE_NETWORK_18 object-group DM_INLINE_NETWORK_55 eq 3389 log debugging inactive

access-list Client_access_in extended permit tcp object-group management SHAHRESTANHA 255.255.255.0 eq 3389 inactive

access-list Client_access_in extended permit tcp object-group management SHAHRESTANHA 255.255.255.0 eq 445 inactive

access-list Client_access_in extended permit tcp object-group DM_INLINE_NETWORK_21 object-group SERVERS eq 445 inactive

access-list Client_access_in extended permit icmp 172.20.0.0 255.255.0.0 any inactive

access-list Client_access_in extended permit tcp 172.20.0.0 255.255.0.0 object-group WEBSITE eq www inactive

access-list Client_access_in extended permit udp 172.20.0.0 255.255.0.0 object-group DM_INLINE_NETWORK_7 eq domain log debugging inactive

access-list Client_access_in extended permit tcp object-group DM_INLINE_NETWORK_19 host 192.168.101.2 object-group DM_INLINE_TCP_12 inactive

access-list Client_access_in extended permit udp object-group DM_INLINE_NETWORK_20 host 192.168.101.2 eq 9300 inactive

access-list Client_access_in extended permit icmp object-group Switches host Monitoring inactive

access-list Client_access_in extended permit udp 172.20.0.0 255.255.0.0 any eq domain inactive

access-list Client_access_in extended permit tcp object-group interne any object-group DM_INLINE_TCP_13 log debugging inactive

access-list Client_access_in extended permit object-group DM_INLINE_SERVICE_1 172.20.0.0 255.255.0.0 host Antivirus inactive

access-list Client_access_in extended permit ip host Tokhmechi host citrix2 inactive

access-list Client_access_in extended permit tcp 172.20.0.0 255.255.0.0 host Bimegari eq 1433 log debugging inactive

access-list Client_access_in extended permit ip host Esmaili object-group DM_INLINE_NETWORK_30 log debugging inactive

access-list Client_access_in extended permit icmp any any inactive

access-list Client_access_in extended permit tcp 172.20.0.0 255.255.0.0 object-group DM_INLINE_NETWORK_22 eq 1433 log debugging inactive

access-list Client_access_in remark taeed daro

access-list Client_access_in extended permit ip object-group DM_INLINE_NETWORK_14 object-group DM_INLINE_NETWORK_33 inactive

access-list Client_access_in remark otomasion & saite sazman

access-list Client_access_in extended permit ip object-group DM_INLINE_NETWORK_41 object-group DM_INLINE_NETWORK_23 log debugging inactive

access-list Client_access_in remark shairpoint

access-list Client_access_in extended permit ip host Tokhmechi host 192.168.0.48 inactive

access-list Client_access_in remark ebsc

access-list Client_access_in extended permit ip 172.20.0.0 255.255.0.0 object-group DM_INLINE_NETWORK_36 inactive

access-list Client_access_in remark refahi

access-list Client_access_in extended permit ip 172.20.0.0 255.255.0.0 host 192.168.0.224 inactive

access-list Client_access_in remark rostaean

access-list Client_access_in extended permit ip object-group DM_INLINE_NETWORK_24 object-group DM_INLINE_NETWORK_27 inactive

access-list Client_access_in remark timex

access-list Client_access_in extended permit ip host 172.20.150.31 object-group DM_INLINE_NETWORK_25 inactive

access-list Client_access_in remark karmandiran

access-list Client_access_in extended permit ip host 172.20.150.27 object-group DM_INLINE_NETWORK_26 log debugging inactive

access-list Client_access_in remark omor banovan

access-list Client_access_in extended permit ip host 172.20.150.48 host intranet inactive

access-list Client_access_in remark dastrasi daftar keifiat be shakheshaye arzyabi amalkard & bsc & site sazman

access-list Client_access_in extended permit ip host 172.20.150.20 object-group DM_INLINE_NETWORK_29 inactive

access-list Client_access_in remark farabar

access-list Client_access_in extended permit ip object-group DM_INLINE_NETWORK_37 host 192.168.0.62 inactive

access-list Client_access_in remark dastrasi ravabet omomi be site khabargozariha

access-list Client_access_in extended permit ip host 172.20.150.20 object-group DM_INLINE_NETWORK_28 inactive

access-list Client_access_in remark chap bein ostani khozestan

access-list Client_access_in extended permit ip host Tokhmechi host 192.168.112.2 inactive

access-list Client_access_in remark dastrasi be mashhad baraye bardashtan noskheh jadid bimegari

access-list Client_access_in extended permit ip host Tokhmechi object-group DM_INLINE_NETWORK_31 inactive

access-list Client_access_in remark test daryaft fish hoghoghi doktor

access-list Client_access_in extended permit ip object-group DM_INLINE_NETWORK_34 host 192.168.0.42 log debugging inactive

access-list Client_access_in remark amozesh electronic

access-list Client_access_in extended permit ip object-group DM_INLINE_NETWORK_32 host e-learning inactive

access-list Client_access_in remark e-learning

access-list Client_access_in extended permit ip 172.20.0.0 255.255.0.0 host e-learning log debugging inactive

access-list Client_access_in remark herseptin

access-list Client_access_in extended permit ip object-group DM_INLINE_NETWORK_38 host 195.146.34.43 inactive

access-list Client_access_in remark fish hoghoghi,azmoon amalkard

access-list Client_access_in extended permit object-group DM_INLINE_SERVICE_3 172.20.0.0 255.255.0.0 object-group DM_INLINE_NETWORK_42 log debugging inactive

access-list Client_access_in remark omor maliati

access-list Client_access_in extended permit ip host 172.20.150.23 host 82.99.209.140 inactive

access-list Client_access_in remark td

access-list Client_access_in extended permit ip host Tokhmechi host 192.168.0.43 inactive

access-list Client_access_in extended permit ip object-group DM_INLINE_NETWORK_59 any inactive

access-list Client_access_in remark video konferans

access-list Client_access_in extended permit object-group DM_INLINE_PROTOCOL_1 object-group DM_INLINE_NETWORK_48 object-group DM_INLINE_NETWORK_43 log debugging

access-list Client_access_in remark kargozin & hoghogh

access-list Client_access_in extended permit ip object-group DM_INLINE_NETWORK_40 object-group DM_INLINE_NETWORK_51 inactive

access-list Client_access_in remark dastrsi be site pishkhan dolat

access-list Client_access_in extended permit ip host Mahdian host 78.39.207.7 inactive

access-list Client_access_in remark dastrasi be zohdi

access-list Client_access_in extended permit ip host 172.20.150.14 host 78.39.207.17 inactive

access-list Client_access_in remark arzeshyabi bimarestanha

access-list Client_access_in extended permit ip host Mahdian host 77.104.85.179 inactive

access-list Client_access_in remark ftp sazman

access-list Client_access_in extended permit ip host Tokhmechi host 192.168.0.75 inactive

access-list Client_access_in remark dastrasi khanom ghanaei be saite tajhizat pezeshgi

access-list Client_access_in extended permit object-group DM_INLINE_SERVICE_9 object-group DM_INLINE_NETWORK_54 host 212.95.152.100 log debugging inactive

access-list Client_access_in remark site 1690

access-list Client_access_in extended permit ip object-group DM_INLINE_NETWORK_53 host 10.2.3.65 log debugging inactive

access-list Client_access_in remark movaghat baraye test replication

access-list Client_access_in extended permit ip host Tokhmechi host 192.168.126.50 inactive

access-list Client_access_in remark dastresi taeed daro be site sazman beaye gheymat daro

access-list Client_access_in extended permit ip host 172.20.150.55 host intranet inactive

access-list Client_access_in remark bimesalamat,nps,panel bimeh,daramad

access-list Client_access_in extended permit object-group DM_INLINE_SERVICE_11 object-group DM_INLINE_NETWORK_58 object-group DM_INLINE_NETWORK_56 log debugging inactive

access-list Client_access_in remark test baraye moshkel ping 10

access-list Client_access_in extended permit ip 172.20.0.0 255.255.0.0 host DC inactive

access-list Client_access_in remark taeed daro

access-list Client_access_in remark otomasion & saite sazman

access-list Client_access_in remark shairpoint

access-list Client_access_in remark ebsc

access-list Client_access_in remark refahi

access-list Client_access_in remark rostaean

access-list Client_access_in remark timex

access-list Client_access_in remark karmandiran

access-list Client_access_in remark omor banovan

access-list Client_access_in remark dastrasi daftar keifiat be shakheshaye arzyabi amalkard & bsc & site sazman

access-list Client_access_in remark farabar

access-list Client_access_in remark dastrasi ravabet omomi be site khabargozariha

access-list Client_access_in remark chap bein ostani khozestan

access-list Client_access_in remark dastrasi be mashhad baraye bardashtan noskheh jadid bimegari

access-list Client_access_in remark test daryaft fish hoghoghi doktor

access-list Client_access_in remark amozesh electronic

access-list Client_access_in remark e-learning

access-list Client_access_in remark herseptin

access-list Client_access_in remark fish hoghoghi,azmoon amalkard

access-list Client_access_in remark omor maliati

access-list Client_access_in remark td

access-list Client_access_in remark video konferans

access-list Client_access_in remark kargozin & hoghogh

access-list Client_access_in remark dastrsi be site pishkhan dolat

access-list Client_access_in remark dastrasi be zohdi

access-list Client_access_in remark arzeshyabi bimarestanha

access-list Client_access_in remark ftp sazman

access-list Client_access_in remark dastrasi khanom ghanaei be saite tajhizat pezeshgi

access-list Client_access_in remark site 1690

access-list Client_access_in remark movaghat baraye test replication

access-list Client_access_in remark dastresi taeed daro be site sazman beaye gheymat daro

access-list Client_access_in remark bimesalamat,nps,panel bimeh,daramad

access-list Client_access_in remark test baraye moshkel ping 10

access-list Client_nat0_outbound extended permit ip 172.20.0.0 255.255.0.0 192.168.126.0 255.255.255.0

access-list Internet_access_in extended permit icmp host VPNPDA host Monitoring log debugging

access-list Internet_access_in extended permit tcp host VPNPDA host Monitoring object-group remote log debugging

access-list Internet_access_in extended permit ip host VPNPDA host Monitoring log debugging

access-list Internet_access_in extended permit icmp any any log debugging

access-list Internet_access_in extended permit tcp host Antivirus any eq www log debugging inactive

access-list Internet_access_in extended permit ip any any inactive

access-list Internet_access_in extended permit tcp any host Monitoring object-group DM_INLINE_TCP_8 inactive

access-list Internet_access_in extended permit tcp vpnhamedan 255.255.255.0 host BDC eq 445

access-list Internet_access_in extended deny ip vpnhamedan 255.255.255.0 any

access-list WAN_access_in extended permit ip SHAHRESTANHA 255.255.255.0 192.168.0.0 255.255.0.0 log debugging inactive

access-list WAN_access_in extended permit tcp SHAHRESTANHA 255.255.255.0 object-group DM_INLINE_NETWORK_4 object-group DC log debugging inactive

access-list WAN_access_in extended permit udp SHAHRESTANHA 255.255.255.0 object-group DM_INLINE_NETWORK_5 object-group DCTCPUDP log debugging inactive

access-list WAN_access_in extended permit object-group TCPUDP SHAHRESTANHA 255.255.255.0 object-group DM_INLINE_NETWORK_6 object-group DCTCPUDP log debugging inactive

access-list WAN_access_in extended permit tcp SHAHRESTANHA 255.255.255.0 object-group DM_INLINE_NETWORK_39 object-group SQL log debugging inactive

access-list WAN_access_in extended permit tcp SHAHRESTANHA 255.255.255.0 host Asnad object-group ASNAD log debugging inactive

access-list WAN_access_in extended permit tcp SHAHRESTANHA 255.255.255.0 host Citrix object-group DM_INLINE_TCP_6 log debugging inactive

access-list WAN_access_in extended permit tcp object-group DM_INLINE_NETWORK_15 object-group DM_INLINE_NETWORK_46 object-group SQL log debugging inactive

access-list WAN_access_in extended permit icmp any any log debugging inactive

access-list WAN_access_in remark replication

access-list WAN_access_in extended permit object-group DM_INLINE_SERVICE_7 object-group DM_INLINE_NETWORK_12 host citrix2 log debugging inactive

access-list WAN_access_in extended permit udp host Router host Monitoring eq tftp inactive

access-list WAN_access_in extended permit udp host Router host Monitoring eq ntp inactive

access-list WAN_access_in extended permit object-group DM_INLINE_SERVICE_4 SHAHRESTANHA 255.255.255.0 object-group DM_INLINE_NETWORK_50 log debugging inactive

access-list WAN_access_in extended permit ip SHAHRESTANHA 255.255.255.0 host daramad inactive

access-list WAN_access_in extended permit tcp 192.168.0.0 255.255.0.0 object-group DM_INLINE_NETWORK_44 eq sqlnet inactive

access-list WAN_access_in extended permit tcp SHAHRESTANHA 255.255.255.0 host Antivirus object-group DM_INLINE_TCP_9 inactive

access-list WAN_access_in remark dastrasi be ezafehkar

access-list WAN_access_in extended permit ip host 172.16.126.155 host citrix2 inactive

access-list WAN_access_in remark bar asas payam aghaye ebrahimi sazman

access-list WAN_access_in extended permit tcp host 192.168.0.228 host Asnad eq sqlnet inactive

access-list WAN_access_in remark dastrasi bimegari be farabar

access-list WAN_access_in extended permit ip SHAHRESTANHA 255.255.255.0 host 192.168.0.62 inactive

access-list WAN_access_in remark e-learning

access-list WAN_access_in extended permit ip SHAHRESTANHA 255.255.255.0 host e-learning log debugging inactive

access-list WAN_access_in extended permit ip host 192.168.118.2 host Esmaili inactive

access-list WAN_access_in remark bein ostani orumieh

access-list WAN_access_in extended permit ip host 192.168.106.220 host Bimegari inactive

access-list WAN_access_in extended permit ip host 192.168.104.2 host Monitoring inactive

access-list WAN_access_in extended permit ip host 192.168.0.201 host Antivirus inactive

access-list WAN_access_in remark bimeh hamegani

access-list WAN_access_in extended permit object-group DM_INLINE_SERVICE_2 SHAHRESTANHA 255.255.255.0 host 46.225.251.133 log debugging inactive

access-list WAN_access_in remark farshid

access-list WAN_access_in extended permit ip host 192.168.107.36 host Asnad inactive

access-list WAN_access_in remark nameh ba shomare shenase 1722552

access-list WAN_access_in extended permit object-group DM_INLINE_SERVICE_5 object-group DM_INLINE_NETWORK_49 host Asnad log debugging inactive

access-list WAN_access_in extended permit ip host 192.168.0.0 host citrix2 log debugging inactive

access-list WAN_access_in remark Temp to access ASNAD server from 192.168.0.0/16-RDP

access-list WAN_access_in extended permit object-group DM_INLINE_SERVICE_6 192.168.0.0 255.255.0.0 host Asnad inactive

access-list WAN_access_in remark fish hoghogh

access-list WAN_access_in extended permit object-group DM_INLINE_SERVICE_8 SHAHRESTANHA 255.255.255.0 host 87.247.178.50 log debugging inactive

access-list WAN_access_in remark replication asnad(nameh shomare shenase 1892659)

access-list WAN_access_in extended permit object-group DM_INLINE_SERVICE_10 object-group DM_INLINE_NETWORK_57 host Asnad inactive

access-list WAN_access_in remark azmoon arziabi amalkard

access-list WAN_access_in extended permit ip SHAHRESTANHA 255.255.255.0 host 64.79.89.107 log debugging inactive

access-list WAN_access_in extended permit ip any any log debugging

access-list WAN_access_in remark replication

access-list WAN_access_in remark dastrasi be ezafehkar

access-list WAN_access_in remark bar asas payam aghaye ebrahimi sazman

access-list WAN_access_in remark dastrasi bimegari be farabar

access-list WAN_access_in remark e-learning

access-list WAN_access_in remark bein ostani orumieh

access-list WAN_access_in remark bimeh hamegani

access-list WAN_access_in remark farshid

access-list WAN_access_in remark nameh ba shomare shenase 1722552

access-list WAN_access_in remark Temp to access ASNAD server from 192.168.0.0/16-RDP

access-list WAN_access_in remark fish hoghogh

access-list WAN_access_in remark replication asnad(nameh shomare shenase 1892659)

access-list WAN_access_in remark azmoon arziabi amalkard

access-list WAN_access_in extended permit ip Server-hosts 255.255.240.0 any

access-list WAN_access_in remark replication

access-list WAN_access_in remark dastrasi be ezafehkar

access-list WAN_access_in remark bar asas payam aghaye ebrahimi sazman

access-list WAN_access_in remark dastrasi bimegari be farabar

access-list WAN_access_in remark e-learning

access-list WAN_access_in remark bein ostani orumieh

access-list WAN_access_in remark bimeh hamegani

access-list WAN_access_in remark farshid

access-list WAN_access_in remark nameh ba shomare shenase 1722552

access-list WAN_access_in remark Temp to access ASNAD server from 192.168.0.0/16-RDP

access-list WAN_access_in remark fish hoghogh

access-list WAN_access_in remark replication asnad(nameh shomare shenase 1892659)

access-list WAN_access_in remark azmoon arziabi amalkard

access-list Servers_access_in extended permit ip host Monitoring any log debugging inactive

access-list Servers_access_in extended permit ip host Antivirus any log debugging

access-list Servers_access_in extended permit tcp object-group DM_INLINE_NETWORK_35 any object-group DM_INLINE_TCP_7 log debugging inactive

access-list Servers_access_in extended permit icmp any any log debugging inactive

access-list Servers_access_in extended permit tcp host Bimegari object-group DM_INLINE_NETWORK_10 eq 8080 inactive

access-list Servers_access_in extended permit udp host Monitoring object-group SERVERS object-group snmp-net inactive

access-list Servers_access_in extended permit udp host Monitoring object-group Switches object-group snmp-net inactive

access-list Servers_access_in extended permit tcp object-group DM_INLINE_NETWORK_11 object-group DM_INLINE_NETWORK_13 eq 1433 inactive

access-list Servers_access_in extended permit gre any any inactive

access-list Servers_access_in extended permit ip host Citrix host 192.168.0.62 inactive

access-list Servers_access_in extended permit ip host Monitoring host 192.168.1.1 inactive

access-list Servers_access_in extended permit ip host Citrix any inactive

access-list Servers_nat0_outbound extended permit ip 192.168.126.0 255.255.255.0 172.20.0.0 255.255.0.0

access-list Servers_nat0_outbound extended permit ip 192.168.126.0 255.255.255.0 object-group DM_INLINE_NETWORK_9

access-list Servers_nat0_outbound extended permit ip any host VPNPDA

access-list Servers_nat0_outbound extended permit ip any vpnhamedan 255.255.255.0

access-list Servers_nat0_outbound extended permit ip host Monitoring 172.30.0.0 255.255.0.0

access-list Servers_nat0_outbound extended permit ip 192.168.126.0 255.255.255.0 192.167.0.0 255.255.0.0

access-list 10 extended permit tcp vpnhamedan 255.255.255.0 host BDC eq 445 log debugging

access-list 10 extended permit udp vpnhamedan 255.255.255.0 host BDC eq domain log debugging

access-list 10 extended permit icmp vpnhamedan 255.255.255.0 host BDC log debugging

access-list 10 extended permit tcp vpnhamedan 255.255.255.0 host Citrix object-group DM_INLINE_TCP_10

access-list Client_nat_outbound extended permit ip 172.20.0.0 255.255.0.0 object-group DM_INLINE_NETWORK_8

access-list internet_access_in extended permit icmp any any

access-list internet_access_in_1 extended permit icmp any any log debugging inactive

access-list internet_access_in_1 extended permit ip any 192.168.0.0 255.255.0.0 inactive

access-list internet_access_in_1 extended permit ip any any inactive

access-list WAN_nat_outbound extended permit ip any object-group DM_INLINE_NETWORK_52

access-list Client_nat_outbound_1 extended permit ip host IP-Herasat host 192.168.0.90

access-list Mng-Interface_nat0_outbound extended permit ip any vpnhamedan 255.255.255.0

access-list Mng-Interface_nat0_outbound extended permit ip any 10.20.30.0 255.255.255.240

access-list HQ-SB-SVI01_access_in extended permit ip any any

access-list HQ-SB-SVI01_nat_outbound extended permit ip 172.22.48.52 255.255.255.252 192.168.0.0 255.255.255.0

access-list SVI-20_access_in extended permit ip any any

access-list HQ-EB-SVI02_access_in extended permit ip any any

access-list HQ-EB-SVI03_access_in extended permit ip any any

access-list HQ-MB-SVI01_access_in extended permit ip any any

access-list ISP-1_access_in extended permit object-group DM_INLINE_PROTOCOL_2 172.22.144.16 255.255.255.240 any

access-list ISP-1_access_in extended permit ip any any

access-list HQ-EB-SVI01_access_in extended permit ip any any

access-list HQ-SF-SVI01_access_in extended permit ip any any

access-list HQ-EB-SVI01_nat_outbound extended permit ip object-group DM_INLINE_NETWORK_60 any

access-list HQ-SB-SVI01_nat0_outbound extended permit ip any 172.22.144.16 255.255.255.240

access-list HQ-SB-SVI01_nat0_outbound extended permit ip any 10.20.30.0 255.255.255.240

access-list SF-Host-v2_nat_outbound extended permit ip any any

access-list SVI-111_access_in extended permit ip any any

access-list SVI-111_nat_outbound extended permit ip object-group DM_INLINE_NETWORK_61 any

access-list SVI-111_nat_outbound extended permit object-group DM_INLINE_SERVICE_12 host DC any

access-list SF-Host-v2_access_in extended permit ip any any

access-list SF-Host-v2_access_in extended permit udp any any eq echo

access-list SF-Host-v2_access_in extended permit ip interface WAN any

access-list ISP-1_nat_outbound extended permit ip 172.22.144.16 255.255.255.240 192.168.126.0 255.255.255.0

access-list SF-Host-v2_nat_static extended permit ip host BDC any

access-list SVI-111_nat0_outbound extended permit ip host 192.168.126.130 192.168.250.0 255.255.255.0

access-list SVI-111_nat0_outbound extended permit ip host Monitoring 192.168.250.0 255.255.255.0

access-list SVI-111_nat0_outbound extended permit ip host 192.168.126.18 192.168.250.0 255.255.255.0

access-list SVI-111_nat0_outbound extended permit ip host Monitoring 192.168.1.96 255.255.255.240

access-list SVI-111_nat0_outbound extended permit ip host 192.168.126.252 192.168.250.0 255.255.255.128

access-list SVI-111_nat0_outbound extended permit ip host 192.168.126.18 192.168.250.0 255.255.255.128

access-list SVI-111_nat0_outbound extended permit ip host Monitoring 192.168.250.0 255.255.255.128

access-list VPN-Cepco-Prof extended permit ip any host Monitoring

access-list VPN-Cepco-Prof extended permit ip 192.168.250.0 255.255.255.0 192.168.126.0 255.255.255.0

access-list ISP-1_nat0_outbound extended permit ip 192.168.250.0 255.255.255.0 192.168.126.0 255.255.255.0

access-list iran_splitTunnelAcl standard permit host 192.168.126.252

access-list iran_splitTunnelAcl standard permit host 192.168.126.18

access-list iran_splitTunnelAcl standard permit host Monitoring

pager lines 24

logging enable

logging list Filter-vpn level debugging class vpn

logging asdm Filter-vpn

logging host Core-1 Monitoring 17/6014

logging debug-trace

logging class vpn trap debugging asdm debugging

mtu Core-1 1500

mtu SVI-20 1500

mtu SVI-111 1500

mtu SF-Host-v2 1500

mtu HQ-SB-SVI01 1500

mtu HQ-SF-SVI01 1500

mtu HQ-EB-SVI01 1500

mtu HQ-MB-SVI01 1500

mtu HQ-EB-SVI02 1500

mtu HQ-EB-SVI03 1500

mtu ISP-1 1492

mtu Client 1500

mtu WAN 1500

mtu internet 1500

ip local pool VPNPool 10.20.30.1-10.20.30.10 mask 255.255.255.0

ip local pool VPN_ProfCepco 192.168.250.1-192.168.250.100 mask 255.255.255.0

ip local pool pool 192.168.1.100-192.168.1.111 mask 255.255.255.0

ip verify reverse-path interface Core-1

ip verify reverse-path interface Client

ip verify reverse-path interface WAN

no failover

failover lan unit secondary

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-603.bin

no asdm history enable

arp timeout 14400

nat-control

global (SVI-111) 1 interface

global (SVI-111) 2 192.168.126.0 netmask 255.255.255.0

global (ISP-1) 1 interface

nat (Core-1) 0 access-list Servers_nat0_outbound

nat (Core-1) 1 Antivirus 255.255.255.255

nat (Core-1) 1 Monitoring 255.255.255.255

nat (SVI-111) 0 access-list SVI-111_nat0_outbound

nat (SVI-111) 1 access-list SVI-111_nat_outbound

nat (SF-Host-v2) 1 access-list SF-Host-v2_nat_outbound

nat (HQ-SB-SVI01) 0 access-list HQ-SB-SVI01_nat0_outbound

nat (HQ-SB-SVI01) 5 access-list HQ-SB-SVI01_nat_outbound

nat (HQ-EB-SVI01) 1 access-list HQ-EB-SVI01_nat_outbound

nat (ISP-1) 0 access-list ISP-1_nat0_outbound

nat (ISP-1) 1 access-list ISP-1_nat_outbound outside

nat (Client) 0 access-list Client_nat0_outbound outside

nat (Client) 5 access-list Client_nat_outbound

nat (Client) 2 access-list Client_nat_outbound_1

nat (Client) 1 172.20.0.0 255.255.0.0

nat (WAN) 1 access-list WAN_nat_outbound

nat (WAN) 1 SHAHRESTANHA 255.255.255.0

nat (WAN) 0 0.0.0.0 0.0.0.0

static (SF-Host-v2,Client) interface  access-list SF-Host-v2_nat_static

access-group Servers_access_in in interface Core-1

access-group SVI-20_access_in in interface SVI-20

access-group SVI-111_access_in in interface SVI-111

access-group SF-Host-v2_access_in in interface SF-Host-v2

access-group HQ-SB-SVI01_access_in in interface HQ-SB-SVI01

access-group HQ-SF-SVI01_access_in in interface HQ-SF-SVI01

access-group HQ-EB-SVI01_access_in in interface HQ-EB-SVI01

access-group HQ-MB-SVI01_access_in in interface HQ-MB-SVI01

access-group HQ-EB-SVI02_access_in in interface HQ-EB-SVI02

access-group HQ-EB-SVI03_access_in in interface HQ-EB-SVI03

access-group ISP-1_access_in in interface ISP-1

access-group Client_access_in in interface Client

access-group WAN_access_in in interface WAN

access-group internet_access_in_1 in interface internet

route ISP-1 0.0.0.0 0.0.0.0 192.168.1.1 2

route HQ-EB-SVI01 HQ-SB_Clients 255.255.240.0 172.22.48.61 1

route internet 172.22.144.16 255.255.255.240 192.168.126.252 1

route HQ-EB-SVI01 192.168.126.0 255.255.255.0 172.22.48.61 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout uauth 0:05:00 absolute

dynamic-access-policy-record DfltAccessPolicy

aaa-server nttac+ protocol radius

 accounting-mode simultaneous

aaa-server nttac+ (Core-1) host DC

 key h@med@nr@d!us

aaa authentication telnet console LOCAL

aaa authentication enable console LOCAL

http server enable

http 172.22.144.16 255.255.255.240 ISP-1

http 192.168.126.0 255.255.255.0 SVI-111

http 172.22.10.0 255.255.255.0 SVI-20

http 192.168.126.0 255.255.255.0 Core-1

snmp-server host Core-1 Monitoring community h@med@n321

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

service resetoutside

crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac

crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac

crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac

crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac

crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac

crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac

crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac

crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac

crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac

crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport

crypto ipsec transform-set Trans esp-3des esp-sha-hmac

crypto dynamic-map internet_dyn_map 1 set transform-set TRANS_ESP_3DES_SHA

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 1 set pfs

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 1 set transform-set Trans ESP-3DES-SHA TRANS_ESP_3DES_SHA

crypto map ISP-1_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP

crypto map ISP-1_map interface ISP-1

crypto isakmp enable ISP-1

crypto isakmp policy 10

 authentication pre-share

 encryption des

 hash sha

 group 2

 lifetime 86400

crypto isakmp policy 20

 authentication pre-share

 encryption 3des

 hash sha

 group 2

 lifetime 86400

crypto isakmp policy 40

 authentication pre-share

 encryption 3des

 hash sha

 group 1

 lifetime 86400

no vpn-addr-assign aaa

no vpn-addr-assign dhcp

telnet Monitoring 255.255.255.255 Core-1

telnet 192.168.126.0 255.255.255.0 SVI-111

telnet timeout 5

ssh Monitoring 255.255.255.255 Core-1

ssh dell 255.255.255.255 Client

ssh Mahdian 255.255.255.255 Client

ssh Esmaili 255.255.255.255 Client

ssh Tokhmechi 255.255.255.255 Client

ssh timeout 5

console timeout 0

management-access ISP-1

vpdn group NetBime request dialout pppoe

vpdn group NetBime localname 8118249694

vpdn group NetBime ppp authentication pap

vpdn group bimeh request dialout pppoe

vpdn group bimeh localname 8118249694

vpdn group bimeh ppp authentication pap

vpdn group Inetent request dialout pppoe

vpdn group Inetent localname 8118280452

vpdn group Inetent ppp authentication pap

vpdn group ADSL-Access request dialout pppoe

vpdn group ADSL-Access localname 8138323209

vpdn group ADSL-Access ppp authentication pap

vpdn username 8138323209 password *********

vpn load-balancing

 interface lbpublic Client

 interface lbprivate Client

threat-detection basic-threat

threat-detection statistics

ntp authentication-key 2020 md5 *

ntp authenticate

ntp trusted-key 2020

ntp server Monitoring key 2020 source Core-1

webvpn

 enable SVI-111

group-policy DfltGrpPolicy attributes

 vpn-tunnel-protocol webvpn

 address-pools value VPNPool

group-policy Cepco internal

group-policy Cepco attributes

 vpn-filter value VPN-Cepco-Prof

 vpn-tunnel-protocol IPSec

 address-pools value VPN_ProfCepco

group-policy remotecisco internal

group-policy remotecisco attributes

 vpn-tunnel-protocol IPSec

group-policy iran internal

group-policy iran attributes

 vpn-filter value VPN-Cepco-Prof

 vpn-tunnel-protocol IPSec

 split-tunnel-policy tunnelspecified

 split-tunnel-network-list value VPN-Cepco-Prof

 address-pools value VPN_ProfCepco

username test password cE.3X0M19qMPuOxG encrypted

username test attributes

 vpn-group-policy Cepco

 vpn-filter value VPN-Cepco-Prof

username admin password iozxKRsjq3scAhWk encrypted privilege 15

username cepco password UfZhn0D9poEve2s5 encrypted privilege 0

username cepco attributes

 vpn-group-policy remotecisco

username amir password 7ohTzBGBDzDQhzBR encrypted

username amir attributes

 memberof iran

tunnel-group DefaultRAGroup general-attributes

 address-pool (Client) VPNPool

 address-pool (internet) VPNPool

 address-pool VPNPool

 authentication-server-group (internet) LOCAL

 authentication-server-group (Client) LOCAL

 strip-realm

 strip-group

tunnel-group DefaultRAGroup ipsec-attributes

 pre-shared-key *

 isakmp keepalive threshold 60 retry 10

tunnel-group DefaultRAGroup ppp-attributes

 authentication ms-chap-v2

tunnel-group Cepco type remote-access

tunnel-group Cepco general-attributes

 address-pool VPNPool

 default-group-policy Cepco

tunnel-group Cepco ipsec-attributes

 pre-shared-key *

tunnel-group remotecisco type remote-access

tunnel-group remotecisco general-attributes

 address-pool pool

 default-group-policy remotecisco

tunnel-group remotecisco ipsec-attributes

 pre-shared-key *

tunnel-group iran type remote-access

tunnel-group iran general-attributes

 address-pool VPN_ProfCepco

 default-group-policy iran

tunnel-group iran ipsec-attributes

 pre-shared-key *

!

class-map global-class

 match any

class-map inspection_default

!

!

policy-map type inspect dns preset_dns_map

 parameters

  message-length maximum 512

policy-map global_policy

 description ips

 class inspection_default

  inspect netbios

  inspect dns

  inspect ftp

  inspect http

  inspect icmp

  inspect pptp

  inspect snmp

  inspect tftp

  inspect sqlnet

 class global-class

  ips inline fail-open

  inspect http

!

service-policy global_policy global

prompt hostname context

Cryptochecksum:ff5c0eb7a14836db897696886c39a39d

: end

asdm image disk0:/asdm-603.bin

asdm location Bimegari 255.255.255.255 Core-1

asdm location Citrix 255.255.255.255 Core-1

asdm location Edarimali 255.255.255.255 Core-1

asdm location Antivirus 255.255.255.255 Core-1

asdm location Asnad 255.255.255.255 Core-1

asdm location Tellgoya 255.255.255.255 Core-1

asdm location DC 255.255.255.255 Core-1

asdm location BDC 255.255.255.255 Core-1

asdm location Monitoring 255.255.255.255 Core-1

asdm location IRANIAN 255.255.255.255 Core-1

asdm location IRANIAN2 255.255.255.255 Core-1

asdm location Roostaeian 255.255.255.255 Core-1

asdm location Bimaran 255.255.255.255 Core-1

asdm location Quality 255.255.255.255 Core-1

asdm location FTP 255.255.255.255 Core-1

asdm location Router 255.255.255.255 Core-1

asdm location testapp 255.255.255.255 Core-1

asdm location cafenet 255.255.255.255 Core-1

asdm location modirlaptop 255.255.255.255 Core-1

asdm location portalsetad 255.255.255.255 Core-1

asdm location intranet 255.255.255.255 Core-1

asdm location citrix2 255.255.255.255 Core-1

asdm location ardebil 255.255.255.255 Core-1

asdm location 172.16.126.152 255.255.255.254 Core-1

asdm location 172.20.150.24 255.255.255.255 Core-1

asdm location Video 255.255.255.0 Core-1

asdm location new-Asnad 255.255.255.255 Core-1

asdm location HQ-SB_Clients 255.255.240.0 HQ-SB-SVI01

asdm location SF-Kerio 255.255.255.255 HQ-SB-SVI01

no asdm history enable

 

Labels:
0 Helpful
5 Replies 5

Philip D'Ath
VIP Alumni
VIP Alumni

‎03-09-2016 03:51 PM

There are many issues.  I assume we are talking about the Cepco VPN.

Replace the below:

access-list VPN-Cepco-Prof extended permit ip any host Monitoring
access-list VPN-Cepco-Prof extended permit ip 192.168.250.0 255.255.255.0 192.168.126.0

with:

access-list VPN-Cepco-Profstandard standard permit 192.168.126.0 255.255.255.0

Add this line:

access-list SVI-111_nat0_outbound extended permit ip any 192.168.126.0 255.255.255.0
0 Helpful

samira.nasr1
Level 1
Level 1
In response to Philip D'Ath

‎03-16-2016 01:21 AM

hello .i did every thing you mention it , but still i can't reach my inside network

0 Helpful

Philip D'Ath
VIP Alumni
VIP Alumni
In response to samira.nasr1

‎03-16-2016 12:25 PM

Can you post a fresh config as an attachment please.

0 Helpful

samira.nasr1
Level 1
Level 1
In response to Philip D'Ath

‎03-17-2016 12:53 AM

hi

Preview file
55 KB
0 Helpful

Aditya Ganjoo
Cisco Employee
Cisco Employee
In response to samira.nasr1

‎03-17-2016 01:01 AM

Hi,

You are using a wrong no-nat ACL:

no access-list SVI-111_nat0_outbound extended permit ip any 192.168.126.0 255.255.255.0

access-list SVI-111_nat0_outbound extended permit ip  192.168.126.0 255.255.255.0 any 

Regards,

Aditya

Please rate helpful posts.

0 Helpful
Customers Also Viewed These Support Documents