Hey guys; 

I'm kinda new to this and reading blogs and watching youtube; What i wanna accomplished is a remote vpn onto my asa 5510. But I'm having an issue establishing to a secure tcp port from my test computer onto my ASA Vpn. Can anyone take a look and see what am i missing or need to do. Here's my config for my asa and router.

Thanks

Router Config

R21#s
Building configuration...

Current configuration : 5100 bytes
!
version 15.1
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug uptime
service timestamps log uptime
service password-encryption
service udp-small-servers
service tcp-small-servers
!
hostname R21
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
memory-size iomem 20
!
no ipv6 cef
ip source-route
ip cef
!
multilink bundle-name authenticated
!
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-2117272201
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2117272201
revocation-check none
rsakeypair TP-self-signed-2117272201
!
!
crypto pki certificate chain TP-self-signed-2117272201
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32313137 32373232 3031301E 170D3136 31303239 30323437
35375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 31313732
37323230 3130819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100E13B BC5069D4 7A5E36F0 907AAB00 DE8C5C26 9AECFB42 F0F0D69A 6A4CD109
7835F7A6 99D3D999 C5AA4378 45874EAF DD759B1B A3CD1923 6AF1B82C 6F301E46
B16CD4EB 4AF6233C 4BB1912F F1BA89D1 09344171 9B047179 BDBC41A2 DF8C9360
03FF5685 1A7AFF72 F667D19E CA69F6DC D5C295FF 883B61D0 48AD3947 B3BBED59
0B5B0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 14E654E7 E7AA4EB3 5995C49B C1930F27 B753D683 61301D06
03551D0E 04160414 E654E7E7 AA4EB359 95C49BC1 930F27B7 53D68361 300D0609
2A864886 F70D0101 05050003 8181005F D3DC1797 416572AD AB3AAE34 34EE0A1F
E8EBD6BB A07438A1 F5A52EE6 E56F2B83 8ECF00D5 4011E2FA C7193EDB D9B04270
6CD8F1CF B58242A8 EB7ECC6E 32CED4A6 FE6B5438 602ACAC0 994F2806 235F3A69
13339EA7 C5DB34BA 6CEA1E3A D346934A 271D5390 8072EA11 9F6ED291 5BCC3193
31C44FD2 D28B5AF2 32ABE3C4 CDD931
quit
license udi pid CISCO1921/K9 sn FTX153581PG
!
redundancy
!
crypto isakmp policy 2
authentication pre-share
!
!
crypto ipsec transform-set ASA-IPSEC esp-des esp-sha-hmac
!
crypto map REMOTE 1 ipsec-isakmp
description REMOTE VPN ASA
set peer 10.85.x.2
set transform-set ASA-IPSEC
match address 100
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description OUT_NET
ip address 192.168.x.x 255.255.255.0
ip broadcast-address 192.168.x.255
ip helper-address 192.168.x.x
ip mask-reply
ip directed-broadcast
ip accounting output-packets
ip nat outside
ip nat enable
ip irdp
ip virtual-reassembly in
ip virtual-reassembly out
duplex full
speed auto
crypto map REMOTE
!
interface GigabitEthernet0/1
description IN_NET
ip address 10.85.x.x 255.255.255.240
ip broadcast-address 10.85.x.255
ip helper-address 10.85.x.x
ip mask-reply
ip directed-broadcast
ip accounting output-packets
ip nat inside
ip nat enable
ip irdp
ip virtual-reassembly in
duplex full
speed auto
!
ip forward-protocol nd
ip forward-protocol spanning-tree
!
no ip http server
no ip http secure-server
!
ip nat source list 50 interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 192.168.0.x
ip route 10.10.x.x 255.255.255.0 10.85.x.x
!
access-list 40 permit 0.0.0.2 255.255.255.240
access-list 50 permit 0.0.0.2 255.255.255.240
access-list 100 permit ip 192.168.x.x 0.0.0.255 x.x.x.0 0.0.0.255
access-list 100 remark REMOTE
access-list 100 remark IPSEC Rule
!
control-plane
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
session-timeout 120
access-class 40 in
exec-timeout 120 0
session-limit 5
login local
transport input all
line vty 5 14
session-timeout 120
access-class 40 in
exec-timeout 120 0
session-limit 5
login local
transport input all
!
scheduler allocate 20000 1000
!
webvpn gateway VPN
ip interface GigabitEthernet0/0 port 443
ssl encryption aes-sha1
ssl trustpoint TP-self-signed-2117272201
inservice
end

Firewall Config

interface Ethernet0/0
description Out
duplex full
nameif OutNet
security-level 0
ip address 10.85.x.x 255.255.255.240
!
interface Ethernet0/1
description Clients
duplex full
nameif Internal
security-level 100
ip address ClientFw 255.255.255.0
!
interface Ethernet0/1.5
description Services
vlan 15
nameif Services
security-level 100
ip address ServerFw 255.255.255.0
!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/3
duplex full
shutdown
no nameif
security-level 0
no ip address
!
interface Management0/0
duplex full
shutdown
nameif Manage
security-level 100
ip address 192.168.x.x 255.255.255.0
!
banner exec Welcome
banner login Welcome !!!!!!!!!!!!
banner motd Learn As Much As Possible !!!!!
banner asdm Welcome To JWALL !!!!!! Knowledge is Power !!!!!! Mney Rules the World !!!!!!!!!!!!!
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns domain-lookup Services
dns server-group DefaultDNS
name-server 8.8.8.8
domain-name Internal.com
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group protocol DM_INLINE_PROTOCOL_1
protocol-object ip
protocol-object icmp
protocol-object udp
protocol-object tcp
object-group protocol DM_INLINE_PROTOCOL_5
protocol-object ip
protocol-object icmp
protocol-object udp
protocol-object tcp
object-group service DNS udp
port-object eq domain
object-group service Remote tcp
port-object eq hostname
port-object eq login
port-object eq ssh
port-object eq 3389
port-object eq telnet
object-group service Transfer tcp
port-object eq ftp
port-object eq ftp-data
port-object eq nfs
port-object eq 115
port-object eq 69
port-object eq 989
port-object eq 990
object-group service Mail tcp
port-object eq 993
port-object eq 3535
port-object eq imap4
port-object eq smtp
port-object eq pop2
port-object eq pop3
object-group service Time udp
port-object eq ntp
port-object eq time
object-group service Web tcp
port-object eq 8008
port-object eq 8080
port-object eq www
port-object eq https
object-group network DM_INLINE_NETWORK_1
network-object 0.0.0.0 0.0.0.0
network-object Client 255.255.255.0
network-object Service 255.255.255.0
network-object Out 255.255.255.240
object-group network DM_INLINE_NETWORK_2
network-object 0.0.0.0 0.0.0.0
network-object Client 255.255.255.0
network-object Service 255.255.255.0
network-object Out 255.255.255.240
object-group network DM_INLINE_NETWORK_4
network-object Client 255.255.255.0
network-object 0.0.0.0 0.0.0.0
object-group network DM_INLINE_NETWORK_5
network-object Client 255.255.255.0
network-object 0.0.0.0 0.0.0.0
object-group service Backup tcp
port-object eq 1500
port-object eq 1501
port-object eq 1581
port-object eq 1582
port-object eq 1583
port-object eq 11090
object-group service Print tcp
port-object eq 170
port-object eq 631
object-group service Transfer2 udp
port-object eq 944
port-object eq nfs
object-group service Update tcp
port-object eq 8530
port-object eq 8531
object-group service VM tcp
port-object eq 6600
port-object eq 8222
port-object eq 8333
port-object eq 8887
port-object eq 8888
port-object eq 902
port-object eq 903
object-group service VPN tcp
port-object eq 1701
port-object eq pptp
object-group service VPN2 udp
port-object eq 1707
object-group service Xbox tcp
port-object eq 3074
object-group network DM_INLINE_NETWORK_6
network-object 0.0.0.0 0.0.0.0
network-object Client 255.255.255.0
network-object Service 255.255.255.0
object-group protocol DM_INLINE_PROTOCOL_6
protocol-object ip
protocol-object udp
protocol-object tcp
object-group network DM_INLINE_NETWORK_7
network-object Service 255.255.255.0
network-object 0.0.0.0 0.0.0.0
object-group network DM_INLINE_NETWORK_10
network-object 0.0.0.0 0.0.0.0
network-object Client 255.255.255.0
network-object Service 255.255.255.0
object-group network DM_INLINE_NETWORK_9
network-object Service 255.255.255.0
network-object 0.0.0.0 0.0.0.0
object-group protocol DM_INLINE_PROTOCOL_7
protocol-object ip
protocol-object udp
protocol-object tcp
object-group service AP tcp
port-object eq 7734
port-object eq 7752
object-group service Xbox1 udp
port-object eq 88
port-object eq isakmp
port-object eq 3074
object-group service AP1 udp
port-object eq 7351
object-group network DM_INLINE_NETWORK_8
network-object Service 255.255.255.0
network-object Out 255.255.255.240
object-group network DM_INLINE_NETWORK_11
network-object Client 255.255.255.0
network-object Out 255.255.255.240
object-group network DM_INLINE_NETWORK_12
network-object Client 255.255.255.0
network-object Out 255.255.255.240
object-group network DM_INLINE_NETWORK_13
network-object Service 255.255.255.0
network-object Out 255.255.255.240
object-group service RealTime udp
port-object eq 16384
port-object eq 16385
port-object eq 16386
port-object eq 16387
object-group service Apple tcp
port-object eq 5223
object-group service NetBios udp
port-object eq netbios-ns
object-group service IKA udp
port-object eq isakmp
object-group service DM_INLINE_UDP_1 udp
group-object AP1
group-object DNS
group-object NetBios
group-object RealTime
group-object Xbox1
group-object IKA
object-group service Flash tcp
port-object eq 843
object-group service Ident tcp
port-object eq ident
object-group service DM_INLINE_TCP_1 tcp
group-object AP
group-object Apple
group-object Web
group-object Flash
group-object Ident
object-group service DM_INLINE_TCP_2 tcp
group-object Update
group-object Web
group-object Ident
object-group service DM_INLINE_TCP_3 tcp
group-object Backup
group-object Print
group-object Transfer
group-object VM
group-object Ident
object-group service DM_INLINE_TCP_4 tcp
group-object Backup
group-object Print
group-object Transfer
group-object VM
group-object Ident
object-group network DM_INLINE_NETWORK_15
network-object Client 255.255.255.0
network-object Service 255.255.255.0
object-group network DM_INLINE_NETWORK_16
network-object Client 255.255.255.0
network-object Service 255.255.255.0
object-group service DM_INLINE_TCP_5 tcp
group-object Print
group-object Remote
group-object Transfer
group-object VPN
group-object Backup
object-group network DM_INLINE_NETWORK_17
network-object Client 255.255.255.0
network-object Service 255.255.255.0
object-group network DM_INLINE_NETWORK_14
network-object Service 255.255.255.0
network-object Client 255.255.255.0
object-group network DM_INLINE_NETWORK_18
network-object 0.0.0.0 0.0.0.0
network-object Client 255.255.255.0
network-object Service 255.255.255.0
object-group protocol DM_INLINE_PROTOCOL_3
protocol-object ip
protocol-object udp
protocol-object tcp
object-group protocol DM_INLINE_PROTOCOL_2
protocol-object ip
protocol-object icmp
protocol-object udp
protocol-object tcp
object-group service DM_INLINE_UDP_2 udp
group-object DNS
group-object IKA
group-object Time
object-group network DM_INLINE_NETWORK_3
network-object VpN 255.255.255.240
network-object Out 255.255.255.240
access-list Services_nat0_outbound extended permit ip Service 255.255.255.0 Client 255.255.255.0
access-list Internal_nat0_outbound extended permit ip Client 255.255.255.0 Service 255.255.255.0
access-list Manage_access_in extended permit object-group DM_INLINE_PROTOCOL_1 Manage 255.255.255.0 Manage 255.255.255.0
access-list Services_access_in extended permit udp Service 255.255.255.0 Client 255.255.255.0 object-group Transfer2
access-list Services_access_in extended permit tcp Service 255.255.255.0 any object-group DM_INLINE_TCP_2
access-list Services_access_in extended permit icmp Service 255.255.255.0 object-group DM_INLINE_NETWORK_12
access-list Services_access_in extended permit tcp Service 255.255.255.0 Client 255.255.255.0 object-group DM_INLINE_TCP_4
access-list Services_access_in extended permit tcp Service 255.255.255.0 object-group DM_INLINE_NETWORK_11 object-group Remote
access-list Services_access_in extended permit tcp Service 255.255.255.0 object-group DM_INLINE_NETWORK_5 object-group Mail
access-list Services_access_in extended permit udp Service 255.255.255.0 object-group DM_INLINE_NETWORK_4 object-group DM_INLINE_UDP_2
access-list Services_access_in extended deny object-group DM_INLINE_PROTOCOL_6 Service 255.255.255.0 object-group DM_INLINE_NETWORK_6
access-list Internal_access_in extended permit tcp Client 255.255.255.0 any object-group DM_INLINE_TCP_1
access-list Internal_access_in extended permit udp Client 255.255.255.0 any object-group DM_INLINE_UDP_1
access-list Internal_access_in extended permit tcp Client 255.255.255.0 Service 255.255.255.0 object-group DM_INLINE_TCP_3
access-list Internal_access_in extended permit udp Client 255.255.255.0 Service 255.255.255.0 object-group Transfer2
access-list Internal_access_in extended permit icmp Client 255.255.255.0 object-group DM_INLINE_NETWORK_13
access-list Internal_access_in extended permit tcp Client 255.255.255.0 object-group DM_INLINE_NETWORK_7 object-group Mail
access-list Internal_access_in extended permit udp Client 255.255.255.0 object-group DM_INLINE_NETWORK_9 object-group Time
access-list Internal_access_in extended permit tcp Client 255.255.255.0 object-group DM_INLINE_NETWORK_8 object-group Remote
access-list Internal_access_in extended deny object-group DM_INLINE_PROTOCOL_7 Client 255.255.255.0 object-group DM_INLINE_NETWORK_10
access-list OutNet_access_in extended permit object-group DM_INLINE_PROTOCOL_2 any object-group DM_INLINE_NETWORK_3
access-list global_mpc extended permit object-group DM_INLINE_PROTOCOL_5 object-group DM_INLINE_NETWORK_1 object-group DM_INLINE_NETWORK_2
access-list VpN remark VpN
access-list VpN standard permit VpN 255.255.255.240
access-list OutNet_nat0_outbound extended permit ip VpN 255.255.255.240 object-group DM_INLINE_NETWORK_14
pager lines 24
logging enable
logging asdm-buffer-size 150
logging console debugging
logging monitor debugging
logging buffered debugging
logging trap debugging
logging history debugging
logging asdm debugging
mtu OutNet 1500
mtu Internal 1998
mtu Services 1998
mtu Manage 1500
ip local pool VpN 10.84.x.x-10.84.x.x mask 255.255.255.240
ip verify reverse-path interface Manage
ip audit name Attack attack action drop
ip audit name Info info action alarm
ip audit interface OutNet Info
ip audit interface OutNet Attack
ip audit interface Internal Info
ip audit interface Internal Attack
ip audit interface Services Info
ip audit interface Services Attack
ip audit interface Manage Info
ip audit interface Manage Attack
no failover
icmp unreachable rate-limit 10 burst-size 10
icmp permit Out 255.255.255.240 echo OutNet
icmp permit Client 255.255.255.0 Internal
icmp permit Service 255.255.255.0 Services
asdm history enable
arp timeout 14400
global (OutNet) 85 interface
nat (OutNet) 0 access-list OutNet_nat0_outbound
nat (Internal) 0 access-list Internal_nat0_outbound
nat (Internal) 85 Client 255.255.255.0
nat (Services) 0 access-list Services_nat0_outbound
nat (Services) 85 Service 255.255.255.0
access-group OutNet_access_in in interface OutNet
access-group Internal_access_in in interface Internal
access-group Services_access_in in interface Services
access-group Manage_access_in in interface Manage
route OutNet 0.0.0.0 0.0.0.0 10.85.x.x 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
network-acl OutNet_nat0_outbound
webvpn
svc ask enable default svc
eou allow none
aaa authentication enable console LOCAL
aaa authentication http console LOCAL
aaa authentication ssh console LOCAL
aaa authentication serial console LOCAL
aaa authentication secure-http-client
aaa local authentication attempts max-fail 5
http server enable
http server idle-timeout 30
http Manage 255.255.255.0 Manage
http Client 255.255.255.0 Internal
http authentication-certificate Manage
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
sysopt connection tcpmss 0
auth-prompt prompt Enter !!!!!!!
auth-prompt accept Granted !!!!!!!!
auth-prompt reject FUCKER !!!!!!!
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set reverse-route
crypto map OutNet_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map OutNet_map interface OutNet
crypto ca trustpoint LOCAL-CA-SERVER
subject-name CN=FW.Internal.com
keypair VpN
ocsp url http://10.85.x.x/
proxy-ldc-issuer
crl configure
crypto ca trustpoint ASDM_VpN
enrollment self
subject-name CN=FW.Internal.com
keypair VpN
proxy-ldc-issuer
crl configure
crypto ca server
crypto ca certificate map REMOTE 10
crypto ca certificate chain LOCAL-CA-SERVER
certificate ca 01
3082020d 30820176 a0030201 02020101 300d0609 2a864886 f70d0101 05050030
1a311830 16060355 0403130f 46572e49 6e746572 6e616c2e 636f6d30 1e170d31
36313033 30303535 3830305a 170d3139 31303330 30353538 30305a30 1a311830
16060355 0403130f 46572e49 6e746572 6e616c2e 636f6d30 819f300d 06092a86
4886f70d 01010105 0003818d 00308189 02818100 e9f6f3e3 6365232c 23cec18d
5b4be900 76a6e3df 59167284 4f4df2d5 b277aefc a5cd459e 2e995139 0973cdd7
61ea0871 bbe1138f dac567fd 2580f683 1aa06699 a642248d 52f64bc2 6ee9fbc7
aea37eac 46b4e4fd 90b31285 01f7d59e 740bc43e 1a8a254f 0ecfd2aa 65a7e9a6
1da3905b 5ef56fd4 dd240576 e200974c 17d5417b 02030100 01a36330 61300f06
03551d13 0101ff04 05300301 01ff300e 0603551d 0f0101ff 04040302 0186301f
0603551d 23041830 16801487 5b670028 65e9f152 c1898a36 95a091f4 3b80df30
1d060355 1d0e0416 0414875b 67002865 e9f152c1 898a3695 a091f43b 80df300d
06092a86 4886f70d 01010505 00038181 003bcbb8 3723b723 721733b5 6037495d
1c45999e b73857dd 8120f6a9 f6ca0a90 43eeeefe 418900bb 4d364076 c79b103f
61764a28 2f72f9d1 a116a4de f35cce78 5cfc9213 8a4aece9 8aef528e 0467d17b
1c402b0d 7f01baaf b90a2bd0 53f80455 cddb73d4 2f9e26fa 1dd9d62f 722e8794
8381dbed 5c4f4fc4 780ebfa2 1e3e6a9b 94
quit
crypto ca certificate chain ASDM_VpN
certificate 91ea1458
30820250 308201b9 a0030201 02020491 ea145830 0d06092a 864886f7 0d010105
0500303a 31183016 06035504 03130f46 572e496e 7465726e 616c2e63 6f6d311e
301c0609 2a864886 f70d0109 02160f46 572e496e 7465726e 616c2e63 6f6d301e
170d3136 31303331 30353030 34305a17 0d323631 30323930 35303034 305a303a
31183016 06035504 03130f46 572e496e 7465726e 616c2e63 6f6d311e 301c0609
2a864886 f70d0109 02160f46 572e496e 7465726e 616c2e63 6f6d3081 9f300d06
092a8648 86f70d01 01010500 03818d00 30818902 818100e7 c1f61e19 fc75cf7a
23995242 af1d5960 a8797f34 3e622441 f534c664 ce0706ab e0f3147a 550df661
59f37789 124a3fa4 02511d48 f86b3554 1ad96ca6 98bb8291 e8b752be 20abdfba
a178a932 f6673b32 b58960b3 c3a12036 4efbba98 87ee003b 140dd890 b5f23765
a41e866d cf4178a5 2e3fbcd8 14a4ca9a 4f68df90 419bc502 03010001 a3633061
300f0603 551d1301 01ff0405 30030101 ff300e06 03551d0f 0101ff04 04030201
86301f06 03551d23 04183016 8014e51e d92d9c46 4edd26a7 1dff69f4 ba89295f
4616301d 0603551d 0e041604 14e51ed9 2d9c464e dd26a71d ff69f4ba 89295f46
16300d06 092a8648 86f70d01 01050500 03818100 8c33c608 bbc994b3 d8cb8bd0
c5fb9d34 75384a3c bfbb97a2 a5b63567 1ce8305b 2dc6a0e1 93a30b92 7f4d9132
d056268f c4b44a70 9e765989 1a93c943 69ab69dd 60b440f6 c4894b7e 9374ff70
a44a77a0 975f6300 916a8b68 f6017d56 3baf4b33 942d614b 587969cb df8d3fae
1f1d0a19 cc856133 4e650dbd ee97c1c1 ab35e672
quit
crypto isakmp enable OutNet
crypto isakmp policy 5
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 10
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
crypto isakmp policy 30
authentication rsa-sig
encryption 3des
hash sha
group 2
lifetime 86400
client-update enable
telnet timeout 5
ssh scopy enable
ssh Client 255.255.255.0 Internal
ssh Service 255.255.255.0 Services
ssh timeout 30
console timeout 0
management-access Manage
l2tp tunnel hello 120
dhcpd address 10.10.x.x-10.10.x.xInternal
dhcpd dns 8.8.8.8 interface Internal
dhcpd lease 604800 interface Internal
dhcpd domain Internal.com interface Internal
dhcpd option 3 ip ClientFw interface Internal
dhcpd option 15 ascii Internal.com interface Internal
dhcpd option 29 hex 01 interface Internal
dhcpd option 30 hex 01 interface Internal
dhcpd option 31 hex 01 interface Internal
dhcpd enable Internal
!
vpn load-balancing
interface lbpublic OutNet
interface lbprivate Internal
threat-detection basic-threat
threat-detection scanning-threat shun
threat-detection statistics host
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
ntp server 8.8.8.8 source OutNet
ntp server 10.10.1x.x source Services
ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1 null-sha1 rc4-md5 des-sha1
ssl trust-point ASDM_VpN OutNet
webvpn
enable OutNet
svc image disk0:/anyconnect-win-2.5.2017-k9.pkg 1
svc enable
tunnel-group-list enable
internal-password enable
certificate-group-map REMOTE 10 Remote
group-policy DfltGrpPolicy attributes
banner value Welcome !!!!
dns-server value 8.8.8.8 8.8.4.4
vpn-tunnel-protocol IPSec l2tp-ipsec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value VpN
split-dns value 10.10.15.5
address-pools value VpN
webvpn
svc rekey method ssl
svc ask none default svc
group-policy Remote internal
group-policy Remote attributes
dns-server value 8.8.8.8
vpn-tunnel-protocol IPSec l2tp-ipsec svc
default-domain value Internal.com
username JEJ password cX0yeH.p3WpM25f0 encrypted privilege 15
username JEJ attributes
vpn-tunnel-protocol IPSec l2tp-ipsec svc
group-lock value Remote
webvpn
svc ask none default svc
tunnel-group DefaultWEBVPNGroup webvpn-attributes
authentication certificate
tunnel-group Remote type remote-access
tunnel-group Remote general-attributes
address-pool (OutNet) VpN
address-pool VpN
authentication-server-group (OutNet) LOCAL
authorization-server-group LOCAL
default-group-policy Remote
tunnel-group Remote webvpn-attributes
authentication aaa certificate
tunnel-group Remote ipsec-attributes
pre-shared-key *****
trust-point ASDM_VpN
tunnel-group-map enable rules
tunnel-group-map default-group Remote
tunnel-group-map REMOTE 10 Remote
!
class-map inspection_default
match access-list global_mpc
match default-inspection-traffic
class-map type inspect http match-all asdm_high_security_methods
match not request method get
match not request method head
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
id-randomization
id-mismatch action log
policy-map type inspect ftp FTP
description FTP
parameters
mask-banner
mask-syst-reply
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect http
policy-map type inspect http HTTP
parameters
protocol-violation action drop-connection log
class asdm_high_security_methods
drop-connection
match request header non-ascii
drop-connection
!
service-policy global_policy global
prompt hostname context
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:787a6d20ebd1b7d1581f26eafda3d77d
: end