cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2159
Views
0
Helpful
4
Replies

site to site vpn access blocked

catalystexpress
Level 1
Level 1

Hi All,

I have two sites connected using ASA5510 version 6.4(5)

   site A                                                     site B

10.8.0.0/20 -- ASA -------internet ------------ASA -- 10.6.0.0/24

From site A, i can vnc, rdp, telenet and ssh to site B, however from site B am not able to rdp, vnc telnet or ssh to site A (i can ping site A devices)

guess am missing something in the policy but not sure if its in site A or Site B

can anyone please help me here...

many thanks for the support

4 Replies 4

The easiest is to post your config ...

The ASA controls the traffic that is allowed through the tunnel at different places.

First the traffic has to be allowed on the ACL of the inside interface (if configured). Then you could have a vpn-filter in the group-policy of the tunnel-group.

And if you have configured "no sysopt connection permit-vpn", then the outside interface has to allow the incoming traffic from the tunnel.

To find out on which ASA to look for the problem you can look at the counters in "show crypto ipsec sa".

BTW: 6.4(5) is only the version od the ASDM, the ASA-version is on the line above that in "show version".

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

Thank you for the advice Karsten

I tried to find out from the logs which acl is droping but not able to figure it, am very new to asa and just started to learn

hope to get some more help

many thanks

cheers..

the config

MNL-FW01#

MNL-FW01#

MNL-FW01#

MNL-FW01# show run

: Saved

:

ASA Version 8.2(5)

!

hostname MNL-FW01

enable password TpK12twtOrqWm59s encrypted

passwd ANFl5LylAjxit8w1 encrypted

names

dns-guard

!

interface Ethernet0/0

nameif outside

security-level 0

ip address x.x.x.x xxxxxx standby x.x.x.x

!

interface Ethernet0/1

shutdown

no nameif

no security-level

no ip address

!

interface Ethernet0/2

shutdown

no nameif

no security-level

no ip address

!

interface Ethernet0/3

description LAN/STATE Failover Interface

!

interface Management0/0

description 802.1q Trunking Interface

no nameif

no security-level

no ip address

!

interface Management0/0.81

description Server-VLAN

vlan 81

nameif server-vlan

security-level 100

ip address 10.8.1.253 255.255.255.0 standby 10.8.1.6

!

interface Management0/0.82

description Data-VLAN

vlan 82

nameif data-vlan

security-level 100

ip address 10.8.2.253 255.255.255.0 standby 10.8.2.6

!

interface Management0/0.83

description Voice-GW-link

vlan 83

nameif voice-gw-link

security-level 100

ip address 10.8.3.5 255.255.255.248 standby 10.8.3.6

!

interface Management0/0.84

description IPT-VLAN

vlan 84

nameif IPT-vlan

security-level 100

ip address 10.8.4.253 255.255.255.0 standby 10.8.4.6

!

interface Management0/0.85

description IPC-VLAN

vlan 85

nameif IPC-vlan

security-level 100

ip address 10.8.5.253 255.255.255.0 standby 10.8.5.6

!

interface Management0/0.86

description Wifi

vlan 86

nameif wifi

security-level 100

ip address 10.8.6.253 255.255.255.0 standby 10.8.6.6

!

boot system disk0:/asa825-k8.bin

ftp mode passive

clock timezone GMT 8

same-security-traffic permit inter-interface

object-group network DENY-HOST

network-object 64.12.xx 255.255.255.255

network-object 64.12.xx 255.255.255.255

network-object 64.12.xx 255.255.255.255

network-object 64.12.xx 255.255.255.255

network-object 64.12.200.89 255.255.255.255

network-object 66.163.168.107 255.255.255.255

network-object 66.163.168.117 255.255.255.255

network-object 66.163.169.143 255.255.255.255

network-object 66.163.169.148 255.255.255.255

network-object 66.163.169.149 255.255.255.255

network-object 66.163.169.150 255.255.255.255

network-object 66.163.169.212 255.255.255.255

network-object 66.163.169.213 255.255.255.255

network-object 66.163.172.100 255.255.255.255

network-object 66.163.172.80 255.255.255.255

network-object 66.163.172.81 255.255.255.255

network-object 66.163.172.82 255.255.255.255

network-object 66.163.172.83 255.255.255.255

network-object 66.163.172.93 255.255.255.255

network-object 66.163.172.94 255.255.255.255

network-object 66.163.172.99 255.255.255.255

network-object 66.163.173.200 255.255.255.255

network-object 66.163.174.117 255.255.255.255

network-object 66.163.174.118 255.255.255.255

network-object 66.163.174.119 255.255.255.255

network-object 66.163.174.120 255.255.255.255

network-object 66.163.174.121 255.255.255.255

network-object 66.163.174.122 255.255.255.255

network-object 66.163.174.123 255.255.255.255

network-object 66.163.174.124 255.255.255.255

network-object 66.163.174.125 255.255.255.255

network-object 66.163.174.126 255.255.255.255

network-object 66.163.174.49 255.255.255.255

network-object 66.163.174.77 255.255.255.255

network-object 66.163.174.78 255.255.255.255

network-object 207.46.104.0 255.255.255.0

network-object 207.46.106.0 255.255.255.0

network-object 207.46.110.0 255.255.255.0

network-object 204.71.200.36 255.255.255.255

network-object 204.71.200.37 255.255.255.255

network-object 204.71.201.134 255.255.255.255

network-object 204.71.201.141 255.255.255.255

network-object 205.188.153.249 255.255.255.255

network-object 205.188.179.0 255.255.255.0

network-object 205.188.179.233 255.255.255.255

network-object 216.136.128.144 255.255.255.255

network-object 216.136.128.145 255.255.255.255

network-object 216.136.128.167 255.255.255.255

network-object 216.136.131.64 255.255.255.255

network-object 216.136.172.75 255.255.255.255

network-object 216.136.173.141 255.255.255.255

network-object 216.136.173.142 255.255.255.255

network-object 216.136.173.168 255.255.255.255

network-object 216.136.173.169 255.255.255.255

network-object 216.136.173.180 255.255.255.255

network-object 216.136.173.183 255.255.255.255

network-object 216.136.173.184 255.255.255.255

network-object 216.136.225.27 255.255.255.255

network-object 216.136.225.28 255.255.255.255

network-object 216.136.226.13 255.255.255.255

network-object 216.136.226.19 255.255.255.255

network-object 216.136.227.20 255.255.255.255

network-object 216.136.227.21 255.255.255.255

network-object 216.136.227.22 255.255.255.255

network-object 216.136.227.23 255.255.255.255

network-object 216.136.227.24 255.255.255.255

network-object 216.136.227.25 255.255.255.255

network-object 216.136.227.74 255.255.255.255

network-object 216.136.227.76 255.255.255.255

network-object 216.136.227.77 255.255.255.255

network-object 216.136.227.78 255.255.255.255

network-object 216.136.227.79 255.255.255.255

object-group network Bloomberg

network-object 199.105.176.0 255.255.248.0

network-object 199.105.184.0 255.255.248.0

network-object 205.183.246.0 255.255.255.0

network-object 208.134.161.0 255.255.255.0

network-object 69.184.0.0 255.255.0.0

object-group network Bloomberg_Internet

network-object 160.43.250.0 255.255.255.0

network-object 205.216.112.0 255.255.255.0

network-object 208.22.56.0 255.255.255.0

network-object 208.22.57.0 255.255.255.0

network-object 69.191.192.0 255.255.192.0

network-object 206.156.53.0 255.255.255.0

object-group network Radianz

network-object host xxx

network-object host xxx

network-object host xxx

network-object host xxx

network-object host xxx

network-object host xxx

network-object xxx

object-group network FortexTrade

network-object host 6zzzz

network-object host zzzzz

object-group service Fortex-Trading tcp

port-object eq 28160

port-object range 28170 28180

port-object eq 29990

port-object eq 29991

port-object eq 29999

port-object range 30002 30004

port-object eq 30003

port-object eq 30004

port-object eq 38000

port-object eq 38001

object-group network Internal_DNS_Server

network-object host 10.8.1.24

network-object host 10.8.1.25

access-list acl_outside extended permit icmp any any echo

access-list acl_outside extended permit icmp any any echo-reply

access-list acl_outside extended permit icmp any any time-exceeded

access-list acl_server-vlan extended permit icmp any any echo

access-list acl_server-vlan extended permit icmp any any echo-reply

access-list acl_server-vlan extended permit icmp any any time-exceeded

access-list acl_server-vlan extended permit ip any 10.0.0.0 255.0.0.0

access-list acl_server-vlan extended permit udp object-group Internal_DNS_Server any eq domain

access-list acl_server-vlan extended permit tcp any object-group Bloomberg range 8194 8294

access-list acl_server-vlan extended permit udp any object-group Bloomberg range 48129 48137

access-list acl_server-vlan extended permit tcp any object-group Bloomberg_Internet range 8194 8198

access-list acl_server-vlan extended permit tcp any object-group Bloomberg_Internet range 8209 8220

access-list acl_server-vlan extended permit tcp any object-group Bloomberg_Internet range 8290 8294

access-list acl_server-vlan extended permit udp any object-group Bloomberg_Internet range 48129 48137

access-list acl_server-vlan extended permit ip any object-group Radianz

access-list acl_server-vlan extended deny tcp any any eq smtp

access-list acl_server-vlan extended deny ip any object-group DENY-HOST

access-list acl_server-vlan extended permit tcp any any eq 5050

access-list acl_server-vlan extended permit tcp any any eq www

access-list acl_server-vlan extended permit tcp any any eq https

access-list acl_server-vlan extended permit tcp any any eq 8080

access-list acl_server-vlan extended permit tcp any host 217.196.241.182 eq citrix-ica

access-list acl_server-vlan extended permit tcp any any eq 12606

access-list acl_server-vlan extended permit tcp any host 194.74.155.165 eq 11997

access-list acl_server-vlan extended permit tcp any host 194.74.155.165 eq 11995

access-list acl_server-vlan extended permit tcp any host 62.189.50.196 eq 15002

access-list acl_server-vlan extended permit tcp any host 204.4.185.73 eq ftp-data

access-list acl_server-vlan extended permit tcp any host 204.4.185.73 eq ftp

access-list acl_server-vlan extended permit tcp any host 209.108.213.166 range 9000 9002

access-list acl_server-vlan extended permit tcp any 207.235.60.160 255.255.255.240 range 9000 9002

access-list acl_server-vlan extended permit tcp any host 168.215.139.154 eq 3389

access-list acl_server-vlan extended permit tcp any any eq 2525

access-list acl_server-vlan extended permit tcp any host 216.203.48.216 eq ftp-data

access-list acl_server-vlan extended permit tcp any host 216.203.48.216 eq ftp

access-list acl_server-vlan extended permit tcp any host 75.124.69.113 range 9000 9002

access-list acl_server-vlan extended permit tcp any host 207.235.60.170 range 9101 9102

access-list acl_server-vlan extended permit tcp any host 207.235.60.170 range 9201 9202

access-list acl_server-vlan extended permit tcp any host 209.191.171.21 eq 8202

access-list acl_server-vlan extended permit tcp 10.0.0.0 255.0.0.0 host 216.203.57.121 eq 90

access-list acl_server-vlan extended permit tcp any host 207.235.60.170 range 9000 9002

access-list acl_server-vlan extended permit tcp 10.8.0.0 255.255.240.0 host 203.233.91.71 eq 4512

access-list acl_server-vlan extended permit tcp 10.8.0.0 255.255.240.0 host 216.203.57.31 eq ftp

access-list acl_server-vlan extended permit tcp 10.8.0.0 255.255.240.0 object-group FortexTrade object-group Fortex-Trading

access-list acl_server-vlan extended permit tcp 10.8.0.0 255.255.240.0 host 141.146.44.21 eq ftp

access-list acl_server-vlan extended permit tcp 10.8.0.0 255.255.240.0 host 213.86.119.250 eq 9009

access-list acl_server-vlan extended permit tcp 10.8.0.0 255.255.240.0 host 80.169.159.169 eq 9009

access-list acl_server-vlan extended permit udp any any eq domain

access-list acl_data-vlan extended permit icmp any any echo

access-list acl_data-vlan extended permit icmp any any echo-reply

access-list acl_data-vlan extended permit icmp any any time-exceeded

access-list acl_data-vlan extended permit ip any 10.0.0.0 255.0.0.0

access-list acl_data-vlan extended permit udp object-group Internal_DNS_Server any eq domain

access-list acl_data-vlan extended permit tcp any object-group Bloomberg range 8194 8294

access-list acl_data-vlan extended permit udp any object-group Bloomberg range 48129 48137

access-list acl_data-vlan extended permit tcp any object-group Bloomberg_Internet range 8194 8198

access-list acl_data-vlan extended permit tcp any object-group Bloomberg_Internet range 8209 8220

access-list acl_data-vlan extended permit tcp any object-group Bloomberg_Internet range 8290 8294

access-list acl_data-vlan extended permit udp any object-group Bloomberg_Internet range 48129 48137

access-list acl_data-vlan extended permit ip any object-group Radianz

access-list acl_data-vlan extended deny tcp any any eq smtp

access-list acl_data-vlan extended deny ip any object-group DENY-HOST

access-list acl_data-vlan extended permit tcp any any eq 5050

access-list acl_data-vlan extended permit tcp any any eq www

access-list acl_data-vlan extended permit tcp any any eq https

access-list acl_data-vlan extended permit tcp any any eq 8080

access-list acl_data-vlan extended permit tcp any host 217.196.241.182 eq citrix-ica

access-list acl_data-vlan extended permit tcp any any eq 12606

access-list acl_data-vlan extended permit tcp any host 194.74.155.165 eq 11997

access-list acl_data-vlan extended permit tcp any host 194.74.155.165 eq 11995

access-list acl_data-vlan extended permit tcp any host 62.189.50.196 eq 15002

access-list acl_data-vlan extended permit tcp any host 2xxxx eq ftp-data

access-list acl_data-vlan extended permit tcp any host 2xxxx eq ftp

access-list acl_data-vlan extended permit tcp any host 209.108.213.166 range 9000 9002

access-list acl_data-vlan extended permit tcp any 207.235.60.160 255.255.255.240 range 9000 9002

access-list acl_data-vlan extended permit tcp any host 168.215.139.154 eq 3389

access-list acl_data-vlan extended permit tcp any any eq 2525

access-list acl_data-vlan extended permit tcp any host 216.203.48.216 eq ftp-data

access-list acl_data-vlan extended permit tcp any host 216.203.48.216 eq ftp

access-list acl_data-vlan extended permit tcp any host 75.124.69.113 range 9000 9002

access-list acl_data-vlan extended permit tcp any host 207.235.60.170 range 9101 9102

access-list acl_data-vlan extended permit tcp any host 207.235.60.170 range 9201 9202

access-list acl_data-vlan extended permit tcp any host 209.191.171.21 eq 8202

access-list acl_data-vlan extended permit tcp 10.0.0.0 255.0.0.0 host 216.203.57.121 eq 90

access-list acl_data-vlan extended permit tcp any host 207.235.60.170 range 9000 9002

access-list acl_data-vlan extended permit tcp 10.8.0.0 255.255.240.0 host 203.233.91.71 eq 4512

access-list acl_data-vlan extended permit tcp 10.8.0.0 255.255.240.0 host 216.203.57.31 eq ftp

access-list acl_data-vlan extended permit tcp 10.8.0.0 255.255.240.0 object-group FortexTrade object-group Fortex-Trading

access-list acl_data-vlan extended permit tcp 10.8.0.0 255.255.240.0 host 141.146.44.21 eq ftp

access-list acl_data-vlan extended permit tcp 10.8.0.0 255.255.240.0 host 213.86.119.250 eq 9009

access-list acl_data-vlan extended permit tcp 10.8.0.0 255.255.240.0 host 80.169.159.169 eq 9009

access-list acl_data-vlan extended permit udp any any eq domain

access-list acl_voice-gw-link extended permit icmp any any echo

access-list acl_voice-gw-link extended permit icmp any any echo-reply

access-list acl_voice-gw-link extended permit icmp any any time-exceeded

access-list acl_voice-gw-link extended permit ip any 10.0.0.0 255.0.0.0

access-list acl_IPT-vlan extended permit icmp any any echo

access-list acl_IPT-vlan extended permit icmp any any echo-reply

access-list acl_IPT-vlan extended permit icmp any any time-exceeded

access-list acl_IPT-vlan extended permit ip any 10.0.0.0 255.0.0.0

access-list acl_IPC-vlan extended permit icmp any any echo

access-list acl_IPC-vlan extended permit icmp any any echo-reply

access-list acl_IPC-vlan extended permit icmp any any time-exceeded

access-list acl_IPC-vlan extended permit ip any 10.0.0.0 255.0.0.0

access-list acl_wifi extended permit icmp any any echo

access-list acl_wifi extended permit icmp any any echo-reply

access-list acl_wifi extended permit icmp any any time-exceeded

access-list acl_wifi extended permit ip any 10.0.0.0 255.0.0.0

access-list acl_wifi extended permit udp object-group Internal_DNS_Server any eq domain

access-list acl_wifi extended permit tcp any object-group Bloomberg range 8194 8294

access-list acl_wifi extended permit udp any object-group Bloomberg range 48129 48137

access-list acl_wifi extended permit tcp any object-group Bloomberg_Internet range 8194 8198

access-list acl_wifi extended permit tcp any object-group Bloomberg_Internet range 8209 8220

access-list acl_wifi extended permit tcp any object-group Bloomberg_Internet range 8290 8294

access-list acl_wifi extended permit udp any object-group Bloomberg_Internet range 48129 48137

access-list acl_wifi extended permit ip any object-group Radianz

access-list acl_wifi extended deny tcp any any eq smtp

access-list acl_wifi extended deny ip any object-group DENY-HOST

access-list acl_wifi extended permit tcp any any eq 5050

access-list acl_wifi extended permit tcp any any eq www

access-list acl_wifi extended permit tcp any any eq https

access-list acl_wifi extended permit tcp any any eq 8080

access-list acl_wifi extended permit tcp any host 217.196.241.182 eq citrix-ica

access-list acl_wifi extended permit tcp any any eq 12606

access-list acl_wifi extended permit tcp any host 194.74.155.165 eq 11997

access-list acl_wifi extended permit tcp any host 194.74.155.165 eq 11995

access-list acl_wifi extended permit tcp any host 62.189.50.196 eq 15002

access-list acl_wifi extended permit tcp any host 204.4.185.73 eq ftp-data

access-list acl_wifi extended permit tcp any host 204.4.185.73 eq ftp

access-list acl_wifi extended permit tcp any host 209.108.213.166 range 9000 9002

access-list acl_wifi extended permit tcp any 207.235.60.160 255.255.255.240 range 9000 9002

access-list acl_wifi extended permit tcp any host 168.215.139.154 eq 3389

access-list acl_wifi extended permit tcp any any eq 2525

access-list acl_wifi extended permit tcp any host 216.203.48.216 eq ftp-data

access-list acl_wifi extended permit tcp any host 216.203.48.216 eq ftp

access-list acl_wifi extended permit tcp any host 75.124.69.113 range 9000 9002

access-list acl_wifi extended permit tcp any host 207.235.60.170 range 9101 9102

access-list acl_wifi extended permit tcp any host 207.235.60.170 range 9201 9202

access-list acl_wifi extended permit tcp any host 209.191.171.21 eq 8202

access-list acl_wifi extended permit tcp 10.0.0.0 255.0.0.0 host 216.203.57.121 eq 90

access-list acl_wifi extended permit tcp any host 207.235.60.170 range 9000 9002

access-list acl_wifi extended permit tcp 10.8.0.0 255.255.240.0 host 203.233.91.71 eq 4512

access-list acl_wifi extended permit tcp 10.8.0.0 255.255.240.0 host 216.203.57.31 eq ftp

access-list acl_wifi extended permit tcp 10.8.0.0 255.255.240.0 object-group FortexTrade object-group Fortex-Trading

access-list acl_wifi extended permit tcp 10.8.0.0 255.255.240.0 host 141.146.44.21 eq ftp

access-list acl_wifi extended permit tcp 10.8.0.0 255.255.240.0 host 213.86.119.250 eq 9009

access-list acl_wifi extended permit tcp 10.8.0.0 255.255.240.0 host 80.169.159.169 eq 9009

access-list MNL-GFI_LAN extended permit ip 10.8.0.0 255.255.240.0 10.0.0.0 255.0.0.0

access-list acl_nat0 extended permit ip 10.8.0.0 255.255.240.0 10.0.0.0 255.0.0.0

pager lines 24

logging enable

logging timestamp

logging buffer-size 10000

logging buffered warnings

logging trap warnings

logging history warnings

logging asdm warnings

logging host outside 10.6.1.96

mtu outside 1500

mtu server-vlan 1500

mtu data-vlan 1500

mtu voice-gw-link 1500

mtu IPT-vlan 1500

mtu IPC-vlan 1500

mtu wifi 1500

failover

failover lan unit primary

failover lan interface failoverlink Ethernet0/3

failover replication http

failover link failoverlink Ethernet0/3

failover interface ip failoverlink 172.16.1.1 255.255.255.0 standby 172.16.1.2

monitor-interface server-vlan

monitor-interface data-vlan

monitor-interface voice-gw-link

monitor-interface IPT-vlan

monitor-interface IPC-vlan

monitor-interface wifi

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-645.bin

no asdm history enable

arp timeout 14400

global (outside) 1 interface

nat (server-vlan) 0 access-list acl_nat0

nat (server-vlan) 1 10.8.1.0 255.255.255.0

nat (data-vlan) 0 access-list acl_nat0

nat (data-vlan) 1 10.8.2.0 255.255.255.0

nat (voice-gw-link) 0 access-list acl_nat0

nat (IPT-vlan) 0 access-list acl_nat0

nat (IPC-vlan) 0 access-list acl_nat0

nat (wifi) 0 access-list acl_nat0

nat (wifi) 1 10.8.6.0 255.255.255.0

access-group acl_outside in interface outside

access-group acl_server-vlan in interface server-vlan

access-group acl_data-vlan in interface data-vlan

access-group acl_voice-gw-link in interface voice-gw-link

access-group acl_IPT-vlan in interface IPT-vlan

access-group acl_IPC-vlan in interface IPC-vlan

access-group acl_wifi in interface wifi

route outside 0.0.0.0 0.0.0.0 xxxxxxxx 1

route voice-gw-link 10.8.3.11 255.255.255.255 10.8.3.1 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

dynamic-access-policy-record DfltAccessPolicy

url-server (server-vlan) vendor websense host 10.8.1.101 timeout 30 protocol UDP

version 4

filter url http 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow longurl-truncate

filter https 443 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow

http server enable

snmp-server host outside 10.6.1.96 poll community *****

no snmp-server location

no snmp-server contact

snmp-server community *****

snmp-server enable traps snmp authentication linkup linkdown coldstart

snmp-server enable traps syslog

service resetoutside

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

crypto map VPN-SG 10 match address MNL-GFI_LAN

crypto map VPN-SG 10 set peer xxxxxxx

crypto map VPN-SG 10 set transform-set ESP-3DES-SHA

crypto map VPN-SG interface outside

crypto isakmp enable outside

crypto isakmp policy 10

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400

telnet 10.0.0.0 255.0.0.0 server-vlan

telnet timeout 5

ssh 10.0.0.0 255.0.0.0 server-vlan

ssh timeout 5

console timeout 0

dhcprelay server 10.8.1.24 server-vlan

dhcprelay server 10.8.1.25 server-vlan

dhcprelay enable data-vlan

dhcprelay enable IPT-vlan

dhcprelay enable IPC-vlan

dhcprelay enable wifi

dhcprelay timeout 60

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

ntp server 10.6.1.96

username mnlnetwork password trt1kvoyHnm2sHvb encrypted privilege 15

tunnel-group xxxxxxxxxx type ipsec-l2l

tunnel-group xxxxxxxxxx ipsec-attributes

pre-shared-key *****

!

class-map voice_traffic

match dscp cs3  af31  ef

class-map inspection_default

match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

parameters

  message-length maximum client auto

  message-length maximum 512

policy-map QoS_Policy

class voice_traffic

  priority

policy-map global_policy

class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect rsh

  inspect rtsp

  inspect esmtp

  inspect sqlnet

  inspect skinny 

  inspect sunrpc

  inspect xdmcp

  inspect sip 

  inspect netbios

  inspect tftp

  inspect ip-options

!

service-policy global_policy global

prompt hostname context

no call-home reporting anonymous

Cryptochecksum:076c4a5a6576786d4f61433c1c9d9056

: end

MNL-FW01#

MNL-FW01#

MNL-FW01#

MNL-FW01# wr m   

That config looks fine, what about the other config?

Sent from Cisco Technical Support iPad App

thank you  for the help, got it fixed there was no acl permit on site B ASA config once i added it ..everything works..

many thanks

cheers

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: