- Cisco Community
- Technology and Support
- Security
- VPN
- Re: site to site IPSEC Tuunel with dual ISP
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
site to site IPSEC Tuunel with dual ISP
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-30-2021 05:03 PM
Hello community how are you hope you are fine ..
i m facing problem regarding dual IPsec tunnel with HEAD OFFICE TO BRACNCH
Head office 2 ISP Branch also 2 ISP
Head office dual isp i setup isp1 down internet traffic going to isp2 but IPsec tunnel is not up when i disable remote branch isp1 then IPsec tunnel is up what is it problem how can fix this i want to if my head office isp1 down automatic tunnel failover on isp2 same like isp failover..i trying to fix this issue but still not success i need your support required .
Also share TOPLOGY OF NETWORK
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-30-2021 05:08 PM - edited 01-30-2021 05:50 PM
is this typo or diagram wrong?
ISP1- both the side same IP address ? ( 192.168.2.240 ?)
if this not typo, post the config both the side ASA ?
or visit your IP SLA and Tracking is correct. make sure both IPSec tunnel UP.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-30-2021 05:24 PM - edited 01-30-2021 05:32 PM
hostname HEAD-OFFICE-FIREWALL
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
!
license smart
throughput level 2G
names
ip local pool Remote-VPN-POOL 10.10.20.1-10.10.20.200 mask 255.255.255.0
ip local pool VPNPOOL 192.168.199.129-192.168.199.254 mask 255.255.255.128
ip local pool VPN-POOL 192.168.1.2-192.168.1.200 mask 255.255.255.0
ip local pool Any-Connect-Pool 1.1.1.10-1.1.1.200 mask 255.255.255.0
ip local pool L2TP-POOL 192.168.0.10-192.168.0.240 mask 255.255.255.0
!
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address 192.168.2.240 255.255.255.0
!
interface GigabitEthernet0/1
nameif outside-backup
security-level 0
ip address 172.16.20.240 255.255.255.0
!
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/4
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/5
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/6
nameif inside
security-level 100
ip address 70.1.1.1 255.255.255.252
!
interface Management0/0
shutdown
no nameif
no security-level
no ip address
!
ftp mode passive
object network NETWORK_OBJ_70.1.1.0_30
subnet 70.1.1.0 255.255.255.252
object network NETWORK_OBJ_10.177.82.0_24
subnet 10.177.82.0 255.255.255.0
object network PCMS_remote
subnet 10.10.20.0 255.255.255.0
object network UK-Network
subnet 192.168.197.0 255.255.255.0
object network NAT-Uwornx-LAN
subnet 10.177.82.0 255.255.255.0
object network ASA-TO-MIK
subnet 70.1.1.0 255.255.255.252
object network NGNTECH.COM-Network-Nat
subnet 10.177.82.0 255.255.255.0
object network NGNTECH.COM-Network-Backup-ISP
subnet 10.177.82.0 255.255.255.0
object network USA-LAN-FOR-BACKUP-ISP
subnet 192.168.197.0 255.255.255.0
object network NGNTECH.COM-LAN-NETWORK-FOR-IPSEC-BKP
subnet 10.177.82.0 255.255.255.0
object network NETWORK_OBJ_10.10.20.0_24
subnet 10.10.20.0 255.255.255.0
object network Corp-Subnet
subnet 10.177.82.0 255.255.255.0
object network L2TP-Subnet
subnet 192.168.199.128 255.255.255.128
object network Remote
subnet 1.1.1.0 255.255.255.0
object network l2tp-pool
subnet 192.168.1.0 255.255.255.0
object network NETWORK_OBJ_192.168.197.0_24
subnet 192.168.197.0 255.255.255.0
object network NETWORK_OBJ_1.1.1.0_24
subnet 1.1.1.0 255.255.255.0
object network NAT-POLICY-FOR-REOMTE-VPN
subnet 1.1.1.0 255.255.255.0
object network NETWORK_OBJ_192.168.0.0_24
subnet 192.168.0.0 255.255.255.0
object network L2TP-Pool
subnet 10.10.20.0 255.255.255.0
object network SWITCH-NAT
host 70.1.1.0
object network NGNTECH.COM-LAN-NETwork-NAT
subnet 10.177.82.0 255.255.255.0
object network UWORK-NETWORK-NAT-BACKUP
subnet 10.177.82.0 255.255.255.0
object network NEWORK-OBJ-for-BACKuP-TUNNEL
subnet 10.177.82.0 255.255.255.0
object network VIDEO-CONF-VLAN
subnet 172.16.3.0 255.255.255.0
object network GATE-WAY-TO-SWITCH-INTERFACE
host 70.1.1.2
object network VIDEO-CONF-NAT
subnet 172.16.3.0 255.255.255.0
object-group network DM_INLINE_NETWORK_1
network-object object NEWORK-OBJ-for-BACKuP-TUNNEL
network-object object VIDEO-CONF-VLAN
object-group network DM_INLINE_NETWORK_2
network-object 10.177.82.0 255.255.255.0
network-object object VIDEO-CONF-VLAN
object-group network DM_INLINE_NETWORK_3
network-object object UK-Network
network-object object VIDEO-CONF-VLAN
object-group network DM_INLINE_NETWORK_4
network-object 10.177.82.0 255.255.255.0
network-object object VIDEO-CONF-VLAN
access-list outside_cryptomap_2 extended permit ip object NETWORK_OBJ_10.177.82.0_24 object UK-Network
access-list outside_cryptomap extended permit ip object NETWORK_OBJ_10.177.82.0_24 object UK-Network
access-list outside_cryptomap_4 extended permit ip object-group DM_INLINE_NETWORK_4 object UK-Network
access-list DefaultRAGroup_splitTunnelAcl standard permit 192.168.197.0 255.255.255.0
access-list DefaultRAGroup_splitTunnelAcl standard permit 10.177.82.0 255.255.255.0
access-list REMOTE-VPN-FOR-UWROX_splitTunnelAcl standard permit 10.177.82.0 255.255.255.0
access-list REMOTE-VPN-FOR-UWROX_splitTunnelAcl standard permit 192.168.197.0 255.255.255.0
access-list Split-Tunnel-ACL standard permit 10.177.82.0 255.255.255.0
access-list vpn-acl extended permit ip 10.177.82.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list outside_access_in extended permit ip any any
access-list outside-backup_access_in extended permit ip any any
access-list AnyConnect_Client_Local_Print extended deny ip any4 any4
access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq lpd
access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol
access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 631
access-list AnyConnect_Client_Local_Print remark Windows' printing port
access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 9100
access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol
access-list AnyConnect_Client_Local_Print extended permit udp any4 host 224.0.0.251 eq 5353
access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name Resolution protocol
access-list AnyConnect_Client_Local_Print extended permit udp any4 host 224.0.0.252 eq 5355
access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol
access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 137
access-list AnyConnect_Client_Local_Print extended permit udp any4 any4 eq netbios-ns
access-list outside-backup_cryptomap extended permit ip object-group DM_INLINE_NETWORK_1 object USA-LAN-FOR-BACKUP-ISP
pager lines 23
logging enable
logging asdm informational
mtu outside 1500
mtu outside-backup 1500
mtu inside 1500
no failover
no monitor-interface service-module
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
arp rate-limit 8192
nat (inside,outside) source static NETWORK_OBJ_10.177.82.0_24 NETWORK_OBJ_10.177.82.0_24 destination static UK-Network UK-Network no-proxy-arp route-lookup
nat (inside,outside) source static DM_INLINE_NETWORK_2 DM_INLINE_NETWORK_2 destination static UK-Network UK-Network no-proxy-arp route-lookup
nat (inside,outside) source static NETWORK_OBJ_10.177.82.0_24 NETWORK_OBJ_10.177.82.0_24 destination static DM_INLINE_NETWORK_3 DM_INLINE_NETWORK_3 no-proxy-arp route-lookup
nat (inside,outside) source static DM_INLINE_NETWORK_4 DM_INLINE_NETWORK_4 destination static UK-Network UK-Network no-proxy-arp route-lookup
!
object network SWITCH-NAT
nat (any,outside) dynamic interface
object network NGNTECH.COM-LAN-NETwork-NAT
nat (any,outside) dynamic interface
object network UWORK-NETWORK-NAT-BACKUP
nat (any,outside-backup) dynamic interface
object network VIDEO-CONF-NAT
nat (inside,outside) dynamic interface
access-group outside_access_in in interface outside
access-group outside-backup_access_in in interface outside-backup
route outside 0.0.0.0 0.0.0.0 192.168.2.1 1 track 1
route outside-backup 0.0.0.0 0.0.0.0 172.16.20.1 254
route inside 10.177.82.0 255.255.255.0 70.1.1.2 1
route inside 172.16.3.0 255.255.255.0 70.1.1.2 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
timeout conn-holddown 0:00:15
timeout igp stale-route 0:01:10
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
aaa authentication login-history
http server enable
http 0.0.0.0 0.0.0.0 outside
http 172.16.20.0 255.255.255.0 outside-backup
no snmp-server location
no snmp-server contact
sla monitor 100
type echo protocol ipIcmpEcho 192.168.2.240 interface outside
timeout 1000
frequency 3
sla monitor schedule 100 life forever start-time now
sla monitor 123
type echo protocol ipIcmpEcho 8.8.8.8 interface outside
num-packets 3
frequency 10
sla monitor schedule 123 life forever start-time now
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA mode transport
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65534 set pfs
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65534 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-192-SHA ESP-AES-256-SHA ESP-3DES-SHA ESP-DES-SHA ESP-AES-128-SHA-TRANS ESP-AES-192-SHA-TRANS ESP-AES-256-SHA-TRANS ESP-3DES-SHA-TRANS ESP-DES-SHA-TRANS
crypto map outside_map 1 match address outside_cryptomap_2
crypto map outside_map 1 set peer 192.168.2.241
crypto map outside_map 1 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 1 set ikev2 ipsec-proposal DES 3DES AES AES192 AES256
crypto map outside_map 2 match address outside_cryptomap
crypto map outside_map 2 set peer 192.168.2.241
crypto map outside_map 2 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 2 set ikev2 ipsec-proposal DES 3DES AES AES192 AES256
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map L2TPVPN 1 match address outside_cryptomap_4
crypto map L2TPVPN 1 set peer 192.168.2.241 172.16.20.241
crypto map L2TPVPN 1 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map L2TPVPN 1 set ikev2 ipsec-proposal DES 3DES AES AES192 AES256
crypto map L2TPVPN interface outside
crypto map outside-backup_map 1 match address outside-backup_cryptomap
crypto map outside-backup_map 1 set peer 172.16.20.241
crypto map outside-backup_map 1 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside-backup_map 1 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map outside-backup_map interface outside-backup
crypto ca trustpoint _SmartCallHome_ServerCA
no validation-usage
crl configure
crypto ca trustpool policy
auto-import
crypto ca certificate chain _SmartCallHome_ServerCA
certificate ca 18dad19e267de8bb4a2158cdcc6b3b4a
308204d3 308203bb a0030201 02021018 dad19e26 7de8bb4a 2158cdcc 6b3b4a30
0d06092a 864886f7 0d010105 05003081 ca310b30 09060355 04061302 55533117
30150603 55040a13 0e566572 69536967 6e2c2049 6e632e31 1f301d06 0355040b
13165665 72695369 676e2054 72757374 204e6574 776f726b 313a3038 06035504
0b133128 63292032 30303620 56657269 5369676e 2c20496e 632e202d 20466f72
20617574 686f7269 7a656420 75736520 6f6e6c79 31453043 06035504 03133c56
65726953 69676e20 436c6173 73203320 5075626c 69632050 72696d61 72792043
65727469 66696361 74696f6e 20417574 686f7269 7479202d 20473530 1e170d30
36313130 38303030 3030305a 170d3336 30373136 32333539 35395a30 81ca310b
30090603 55040613 02555331 17301506 0355040a 130e5665 72695369 676e2c20
496e632e 311f301d 06035504 0b131656 65726953 69676e20 54727573 74204e65
74776f72 6b313a30 38060355 040b1331 28632920 32303036 20566572 69536967
6e2c2049 6e632e20 2d20466f 72206175 74686f72 697a6564 20757365 206f6e6c
79314530 43060355 0403133c 56657269 5369676e 20436c61 73732033 20507562
6c696320 5072696d 61727920 43657274 69666963 6174696f 6e204175 74686f72
69747920 2d204735 30820122 300d0609 2a864886 f70d0101 01050003 82010f00
3082010a 02820101 00af2408 08297a35 9e600caa e74b3b4e dc7cbc3c 451cbb2b
e0fe2902 f95708a3 64851527 f5f1adc8 31895d22 e82aaaa6 42b38ff8 b955b7b1
b74bb3fe 8f7e0757 ecef43db 66621561 cf600da4 d8def8e0 c362083d 5413eb49
ca595485 26e52b8f 1b9febf5 a191c233 49d84363 6a524bd2 8fe87051 4dd18969
7bc770f6 b3dc1274 db7b5d4b 56d396bf 1577a1b0 f4a225f2 af1c9267 18e5f406
04ef90b9 e400e4dd 3ab519ff 02baf43c eee08beb 378becf4 d7acf2f6 f03dafdd
75913319 1d1c40cb 74241921 93d914fe ac2a52c7 8fd50449 e48d6347 883c6983
cbfe47bd 2b7e4fc5 95ae0e9d d4d143c0 6773e314 087ee53f 9f73b833 0acf5d3f
3487968a ee53e825 15020301 0001a381 b23081af 300f0603 551d1301 01ff0405
30030101 ff300e06 03551d0f 0101ff04 04030201 06306d06 082b0601 05050701
0c046130 5fa15da0 5b305930 57305516 09696d61 67652f67 69663021 301f3007
06052b0e 03021a04 148fe5d3 1a86ac8d 8e6bc3cf 806ad448 182c7b19 2e302516
23687474 703a2f2f 6c6f676f 2e766572 69736967 6e2e636f 6d2f7673 6c6f676f
2e676966 301d0603 551d0e04 1604147f d365a7c2 ddecbbf0 3009f343 39fa02af
33313330 0d06092a 864886f7 0d010105 05000382 01010093 244a305f 62cfd81a
982f3dea dc992dbd 77f6a579 2238ecc4 a7a07812 ad620e45 7064c5e7 97662d98
097e5faf d6cc2865 f201aa08 1a47def9 f97c925a 0869200d d93e6d6e 3c0d6ed8
e6069140 18b9f8c1 eddfdb41 aae09620 c9cd6415 3881c994 eea28429 0b136f8e
db0cdd25 02dba48b 1944d241 7a05694a 584f60ca 7e826a0b 02aa2517 39b5db7f
e784652a 958abd86 de5e8116 832d10cc defda882 2a6d281f 0d0bc4e5 e71a2619
e1f4116f 10b595fc e7420532 dbce9d51 5e28b69e 85d35bef a57d4540 728eb70e
6b0e06fb 33354871 b89d278b c4655f0d 86769c44 7af6955c f65d3208 33a454b6
183f685c f2424a85 3854835f d1e82cf2 ac11d6a8 ed636a
quit
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable outside
crypto ikev2 enable outside-backup
crypto ikev1 enable outside
crypto ikev1 enable outside-backup
crypto ikev1 policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 20
authentication rsa-sig
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 40
authentication pre-share
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 50
authentication rsa-sig
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 70
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 80
authentication rsa-sig
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 110
authentication rsa-sig
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 130
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 140
authentication rsa-sig
encryption des
hash sha
group 2
lifetime 86400
!
track 1 rtr 123 reachability
!
track 100 rtr 100 reachability
telnet timeout 5
ssh stricthostkeycheck
ssh 192.168.2.0 255.255.255.0 outside
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 5
ssh version 2
ssh key-exchange group dh-group1-sha1
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
enable outside
anyconnect image disk0:/anyconnect-win-3.1.14018-k9.pkg 1
anyconnect enable
tunnel-group-list enable
cache
disable
error-recovery disable
group-policy SSLGROUPPOLICY internal
group-policy SSLGROUPPOLICY attributes
dns-server value 4.2.2.2
vpn-tunnel-protocol l2tp-ipsec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value Split-Tunnel-ACL
default-domain value corvit.com
intercept-dhcp enable
group-policy DefaultRAGroup internal
group-policy DefaultRAGroup attributes
dns-server value 8.8.8.8 4.2.2.2
vpn-tunnel-protocol l2tp-ipsec
default-domain value corvit-networks.com
group-policy GroupPolicy_192.168.2.241 internal
group-policy GroupPolicy_192.168.2.241 attributes
vpn-tunnel-protocol ikev1 ikev2
group-policy GroupPolicy_172.16.20.241 internal
group-policy GroupPolicy_172.16.20.241 attributes
vpn-tunnel-protocol ikev1 ikev2
dynamic-access-policy-record DfltAccessPolicy
username moon password 3AHgMtaG0czLZ17vna1NOA== nt-encrypted privilege 0
username moon attributes
vpn-group-policy DefaultRAGroup
username salman password $sha512$5000$J7aT9VwgvAf8pZYJpxLKNQ==$4JiT1S+V/pc0wYLARTresw== pbkdf2 privilege 15
username salman attributes
service-type remote-access
username saqib password $sha512$5000$K2WYh/Q674LmXVlmooqhgw==$YhvBBU4zM8c4QzkxPtZ9QQ== pbkdf2 privilege 15
username saqib attributes
service-type remote-access
username rehan password 3AHgMtaG0czLZ17vna1NOA== nt-encrypted
username humza password $sha512$5000$71crK0HkcEC0O65LRpnyiA==$Fo/vn2AbMIbMfwNBvVennA== pbkdf2
tunnel-group DefaultRAGroup general-attributes
address-pool Remote-VPN-POOL
address-pool VPNPOOL
address-pool L2TP-POOL
default-group-policy DefaultRAGroup
tunnel-group DefaultRAGroup ipsec-attributes
ikev1 pre-shared-key Corvit@123
tunnel-group DefaultRAGroup ppp-attributes
no authentication chap
authentication ms-chap-v2
tunnel-group 192.168.2.241 type ipsec-l2l
tunnel-group 192.168.2.241 general-attributes
default-group-policy GroupPolicy_192.168.2.241
tunnel-group 192.168.2.241 ipsec-attributes
ikev1 pre-shared-key Q1wertyup
ikev2 remote-authentication pre-shared-key Q1wertyup
ikev2 local-authentication pre-shared-key Q1wertyup
tunnel-group 172.16.20.241 type ipsec-l2l
tunnel-group 172.16.20.241 general-attributes
default-group-policy GroupPolicy_172.16.20.241
tunnel-group 172.16.20.241 ipsec-attributes
ikev1 pre-shared-key Q1wertyup
ikev2 remote-authentication pre-shared-key Q1wertyup
ikev2 local-authentication pre-shared-key Q1wertyup
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
no tcp-inspection
policy-map global_policy
class inspection_default
inspect ip-options
inspect netbios
inspect rtsp
inspect sunrpc
inspect tftp
inspect xdmcp
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect esmtp
inspect sqlnet
inspect sip
inspect skinny
inspect icmp
inspect ipsec-pass-thru
inspect pptp
policy-map type inspect dns migrated_dns_map_2
parameters
message-length maximum client auto
message-length maximum 512
no tcp-inspection
policy-map type inspect dns migrated_dns_map_1
parameters
message-length maximum client auto
message-length maximum 512
no tcp-inspection
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
profile License
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination transport-method http
Cryptochecksum:bfe9fe9d49e2b4d8e9db1c55aac02081
: end
______________________________________________________________________
BRANCH-FIREWALL
:
:
: Serial Number: 9A7NBB5H413
: Hardware: ASAv, 2048 MB RAM, CPU Pentium II 2500 MHz
: Written by enable_15 at 01:29:55.059 UTC Sun Jan 31 2021
!
ASA Version 9.8(1)
!
hostname BRANCH-FIREWALL
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
names
!
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address 192.168.2.241 255.255.255.0
!
interface GigabitEthernet0/1
nameif outside-BKP
security-level 0
ip address 172.16.20.241 255.255.255.0
!
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/4
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/5
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/6
nameif insdie
security-level 100
ip address 192.168.197.1 255.255.255.0
!
interface Management0/0
shutdown
no nameif
no security-level
no ip address
!
ftp mode passive
object network UK-Lan-Network
subnet 192.168.197.0 255.255.255.0
object network Uworn-Remote-Subnet
subnet 10.177.82.0 255.255.255.0
object network Remote-Subnet
subnet 70.1.1.0 255.255.255.252
object network NETWORK_OBJ_192.168.97.0_24
subnet 192.168.97.0 255.255.255.0
object network NETWORK_OBJ_192.168.197.0_24
subnet 192.168.197.0 255.255.255.0
object network 70-Network
subnet 70.1.1.0 255.255.255.252
object network USA_LAN-BACKUP-NAT
subnet 192.168.197.0 255.255.255.0
object network USA-LAN-NETWORK-BACKUP_ISP
subnet 192.168.197.0 255.255.255.0
object network NGNTECH.COM-LAN-NETWORK-FOR-BACKUP-Isp
subnet 10.177.82.0 255.255.255.0
object network UWORNX-VIDEO-CONF
subnet 172.16.3.0 255.255.255.0
object-group network DM_INLINE_NETWORK_1
network-object object Remote-Subnet
network-object object Uworn-Remote-Subnet
object-group network DM_INLINE_NETWORK_2
network-object object UWORNX-VIDEO-CONF
network-object object NGNTECH.COM-LAN-NETWORK-FOR-BACKUP-Isp
object-group network DM_INLINE_NETWORK_3
network-object object UK-Lan-Network
network-object object UWORNX-VIDEO-CONF
object-group network DM_INLINE_NETWORK_4
network-object object UWORNX-VIDEO-CONF
network-object object Uworn-Remote-Subnet
access-list outside_access_in_1 extended permit ip any any
access-list outside-BKP_access_in extended permit ip any any
access-list outside_cryptomap extended permit ip object UK-Lan-Network object-group DM_INLINE_NETWORK_4
access-list outside-BKP_cryptomap extended permit ip object UK-Lan-Network object-group DM_INLINE_NETWORK_2
pager lines 23
logging enable
logging asdm informational
mtu outside 1500
mtu outside-BKP 1500
mtu insdie 1500
no failover
no monitor-interface service-module
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
arp rate-limit 8192
nat (insdie,outside) source static NETWORK_OBJ_192.168.197.0_24 NETWORK_OBJ_192.168.197.0_24 destination static DM_INLINE_NETWORK_1 DM_INLINE_NETWORK_1 no-proxy-arp route-lookup
nat (insdie,outside) source static UK-Lan-Network UK-Lan-Network destination static Uworn-Remote-Subnet Uworn-Remote-Subnet no-proxy-arp route-lookup
nat (insdie,outside-BKP) source static UK-Lan-Network UK-Lan-Network destination static DM_INLINE_NETWORK_2 DM_INLINE_NETWORK_2 no-proxy-arp route-lookup
nat (insdie,outside) source static DM_INLINE_NETWORK_3 DM_INLINE_NETWORK_3 destination static Uworn-Remote-Subnet Uworn-Remote-Subnet no-proxy-arp route-lookup
nat (insdie,outside) source static UK-Lan-Network UK-Lan-Network destination static DM_INLINE_NETWORK_4 DM_INLINE_NETWORK_4 no-proxy-arp route-lookup
!
object network UK-Lan-Network
nat (any,outside) dynamic interface
object network USA_LAN-BACKUP-NAT
nat (insdie,outside-BKP) dynamic interface
access-group outside_access_in_1 in interface outside
access-group outside-BKP_access_in in interface outside-BKP
route outside 0.0.0.0 0.0.0.0 192.168.2.1 1 track 1
route outside-BKP 0.0.0.0 0.0.0.0 172.16.20.1 250
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
timeout conn-holddown 0:00:15
timeout igp stale-route 0:01:10
user-identity default-domain LOCAL
aaa authentication login-history
http server enable
http 0.0.0.0 0.0.0.0 outside
http 172.16.20.0 255.255.255.0 outside-BKP
no snmp-server location
no snmp-server contact
sla monitor 1
type echo protocol ipIcmpEcho 8.8.8.8 interface outside
sla monitor schedule 1 life forever start-time now
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transport
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec security-association pmtu-aging infinite
crypto map outside_map 1 match address outside_cryptomap
crypto map outside_map 1 set peer 192.168.2.240
crypto map outside_map 1 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 1 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map outside_map 1 set reverse-route
crypto map outside_map interface outside
crypto map outside-BKP_map 1 match address outside-BKP_cryptomap
crypto map outside-BKP_map 1 set peer 172.16.20.240
crypto map outside-BKP_map 1 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside-BKP_map 1 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map outside-BKP_map interface outside-BKP
crypto ca trustpoint _SmartCallHome_ServerCA
no validation-usage
crl configure
crypto ca trustpool policy
auto-import
crypto ca certificate chain _SmartCallHome_ServerCA
certificate ca 18dad19e267de8bb4a2158cdcc6b3b4a
308204d3 308203bb a0030201 02021018 dad19e26 7de8bb4a 2158cdcc 6b3b4a30
0d06092a 864886f7 0d010105 05003081 ca310b30 09060355 04061302 55533117
30150603 55040a13 0e566572 69536967 6e2c2049 6e632e31 1f301d06 0355040b
13165665 72695369 676e2054 72757374 204e6574 776f726b 313a3038 06035504
0b133128 63292032 30303620 56657269 5369676e 2c20496e 632e202d 20466f72
20617574 686f7269 7a656420 75736520 6f6e6c79 31453043 06035504 03133c56
65726953 69676e20 436c6173 73203320 5075626c 69632050 72696d61 72792043
65727469 66696361 74696f6e 20417574 686f7269 7479202d 20473530 1e170d30
36313130 38303030 3030305a 170d3336 30373136 32333539 35395a30 81ca310b
30090603 55040613 02555331 17301506 0355040a 130e5665 72695369 676e2c20
496e632e 311f301d 06035504 0b131656 65726953 69676e20 54727573 74204e65
74776f72 6b313a30 38060355 040b1331 28632920 32303036 20566572 69536967
6e2c2049 6e632e20 2d20466f 72206175 74686f72 697a6564 20757365 206f6e6c
79314530 43060355 0403133c 56657269 5369676e 20436c61 73732033 20507562
6c696320 5072696d 61727920 43657274 69666963 6174696f 6e204175 74686f72
69747920 2d204735 30820122 300d0609 2a864886 f70d0101 01050003 82010f00
3082010a 02820101 00af2408 08297a35 9e600caa e74b3b4e dc7cbc3c 451cbb2b
e0fe2902 f95708a3 64851527 f5f1adc8 31895d22 e82aaaa6 42b38ff8 b955b7b1
b74bb3fe 8f7e0757 ecef43db 66621561 cf600da4 d8def8e0 c362083d 5413eb49
ca595485 26e52b8f 1b9febf5 a191c233 49d84363 6a524bd2 8fe87051 4dd18969
7bc770f6 b3dc1274 db7b5d4b 56d396bf 1577a1b0 f4a225f2 af1c9267 18e5f406
04ef90b9 e400e4dd 3ab519ff 02baf43c eee08beb 378becf4 d7acf2f6 f03dafdd
75913319 1d1c40cb 74241921 93d914fe ac2a52c7 8fd50449 e48d6347 883c6983
cbfe47bd 2b7e4fc5 95ae0e9d d4d143c0 6773e314 087ee53f 9f73b833 0acf5d3f
3487968a ee53e825 15020301 0001a381 b23081af 300f0603 551d1301 01ff0405
30030101 ff300e06 03551d0f 0101ff04 04030201 06306d06 082b0601 05050701
0c046130 5fa15da0 5b305930 57305516 09696d61 67652f67 69663021 301f3007
06052b0e 03021a04 148fe5d3 1a86ac8d 8e6bc3cf 806ad448 182c7b19 2e302516
23687474 703a2f2f 6c6f676f 2e766572 69736967 6e2e636f 6d2f7673 6c6f676f
2e676966 301d0603 551d0e04 1604147f d365a7c2 ddecbbf0 3009f343 39fa02af
33313330 0d06092a 864886f7 0d010105 05000382 01010093 244a305f 62cfd81a
982f3dea dc992dbd 77f6a579 2238ecc4 a7a07812 ad620e45 7064c5e7 97662d98
097e5faf d6cc2865 f201aa08 1a47def9 f97c925a 0869200d d93e6d6e 3c0d6ed8
e6069140 18b9f8c1 eddfdb41 aae09620 c9cd6415 3881c994 eea28429 0b136f8e
db0cdd25 02dba48b 1944d241 7a05694a 584f60ca 7e826a0b 02aa2517 39b5db7f
e784652a 958abd86 de5e8116 832d10cc defda882 2a6d281f 0d0bc4e5 e71a2619
e1f4116f 10b595fc e7420532 dbce9d51 5e28b69e 85d35bef a57d4540 728eb70e
6b0e06fb 33354871 b89d278b c4655f0d 86769c44 7af6955c f65d3208 33a454b6
183f685c f2424a85 3854835f d1e82cf2 ac11d6a8 ed636a
quit
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable outside
crypto ikev2 enable outside-BKP
crypto ikev1 enable outside
crypto ikev1 enable outside-BKP
crypto ikev1 policy 10
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 20
authentication rsa-sig
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 40
authentication pre-share
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 50
authentication rsa-sig
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 70
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 80
authentication rsa-sig
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 100
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 110
authentication rsa-sig
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 130
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 140
authentication rsa-sig
encryption des
hash sha
group 2
lifetime 86400
!
track 1 rtr 1 reachability
telnet timeout 5
ssh stricthostkeycheck
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
group-policy GroupPolicy_192.168.2.240 internal
group-policy GroupPolicy_192.168.2.240 attributes
vpn-tunnel-protocol ikev1 ikev2
group-policy GroupPolicy_172.16.20.240 internal
group-policy GroupPolicy_172.16.20.240 attributes
vpn-tunnel-protocol ikev1 ikev2
dynamic-access-policy-record DfltAccessPolicy
tunnel-group 192.168.2.240 type ipsec-l2l
tunnel-group 192.168.2.240 general-attributes
default-group-policy GroupPolicy_192.168.2.240
tunnel-group 192.168.2.240 ipsec-attributes
ikev1 pre-shared-key Q1wertyup
ikev2 remote-authentication pre-shared-key Q1wertyup
ikev2 local-authentication pre-shared-key Q1wertyup
tunnel-group 172.16.20.240 type ipsec-l2l
tunnel-group 172.16.20.240 general-attributes
default-group-policy GroupPolicy_172.16.20.240
tunnel-group 172.16.20.240 ipsec-attributes
ikev1 pre-shared-key Q1wertyup
ikev2 remote-authentication pre-shared-key Q1wertyup
ikev2 local-authentication pre-shared-key Q1wertyup
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
no tcp-inspection
policy-map global_policy
class inspection_default
inspect ip-options
inspect netbios
inspect rtsp
inspect sunrpc
inspect tftp
inspect xdmcp
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect esmtp
inspect sqlnet
inspect sip
inspect skinny
policy-map type inspect dns migrated_dns_map_2
parameters
message-length maximum client auto
message-length maximum 512
no tcp-inspection
policy-map type inspect dns migrated_dns_map_1
parameters
message-length maximum client auto
message-length maximum 512
no tcp-inspection
!
service-policy global_policy global
prompt hostname context
call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
profile License
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination transport-method http
Cryptochecksum:c3aba79af73b8ad3754668ab9dba1893
: end
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-30-2021 05:09 PM - edited 01-30-2021 05:12 PM
no bala je its mistake 192.168.2.241
Head office ISP1 192.168.2.240 and BRANCH ISP-1 192.168.2.241
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-30-2021 06:00 PM - edited 02-07-2021 04:22 PM
...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-07-2021 04:01 PM
anybody can help me i m still stuck
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-07-2021 04:24 PM
Still not solve,
I make the config and your requirement.
this can be solve with
isakmp keepalive threshold 10 retry 2
this automatic down the IPSec L2L tunnel.
Note:-config it in both side.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide