09-05-2012 01:37 AM
Hi All,
I have two sites connected using ASA5510 version 6.4(5)
site A site B
10.8.0.0/20 -- ASA -------internet ------------ASA -- 10.6.0.0/24
From site A, i can vnc, rdp, telenet and ssh to site B, however from site B am not able to rdp, vnc telnet or ssh to site A (i can ping site A devices)
guess am missing something in the policy but not sure if its in site A or Site B
can anyone please help me here...
many thanks for the support
09-05-2012 02:03 AM
The easiest is to post your config ...
The ASA controls the traffic that is allowed through the tunnel at different places.
First the traffic has to be allowed on the ACL of the inside interface (if configured). Then you could have a vpn-filter in the group-policy of the tunnel-group.
And if you have configured "no sysopt connection permit-vpn", then the outside interface has to allow the incoming traffic from the tunnel.
To find out on which ASA to look for the problem you can look at the counters in "show crypto ipsec sa".
BTW: 6.4(5) is only the version od the ASDM, the ASA-version is on the line above that in "show version".
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
09-05-2012 02:14 AM
Thank you for the advice Karsten
I tried to find out from the logs which acl is droping but not able to figure it, am very new to asa and just started to learn
hope to get some more help
many thanks
cheers..
the config
MNL-FW01#
MNL-FW01#
MNL-FW01#
MNL-FW01# show run
: Saved
:
ASA Version 8.2(5)
!
hostname MNL-FW01
enable password TpK12twtOrqWm59s encrypted
passwd ANFl5LylAjxit8w1 encrypted
names
dns-guard
!
interface Ethernet0/0
nameif outside
security-level 0
ip address x.x.x.x xxxxxx standby x.x.x.x
!
interface Ethernet0/1
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/3
description LAN/STATE Failover Interface
!
interface Management0/0
description 802.1q Trunking Interface
no nameif
no security-level
no ip address
!
interface Management0/0.81
description Server-VLAN
vlan 81
nameif server-vlan
security-level 100
ip address 10.8.1.253 255.255.255.0 standby 10.8.1.6
!
interface Management0/0.82
description Data-VLAN
vlan 82
nameif data-vlan
security-level 100
ip address 10.8.2.253 255.255.255.0 standby 10.8.2.6
!
interface Management0/0.83
description Voice-GW-link
vlan 83
nameif voice-gw-link
security-level 100
ip address 10.8.3.5 255.255.255.248 standby 10.8.3.6
!
interface Management0/0.84
description IPT-VLAN
vlan 84
nameif IPT-vlan
security-level 100
ip address 10.8.4.253 255.255.255.0 standby 10.8.4.6
!
interface Management0/0.85
description IPC-VLAN
vlan 85
nameif IPC-vlan
security-level 100
ip address 10.8.5.253 255.255.255.0 standby 10.8.5.6
!
interface Management0/0.86
description Wifi
vlan 86
nameif wifi
security-level 100
ip address 10.8.6.253 255.255.255.0 standby 10.8.6.6
!
boot system disk0:/asa825-k8.bin
ftp mode passive
clock timezone GMT 8
same-security-traffic permit inter-interface
object-group network DENY-HOST
network-object 64.12.xx 255.255.255.255
network-object 64.12.xx 255.255.255.255
network-object 64.12.xx 255.255.255.255
network-object 64.12.xx 255.255.255.255
network-object 64.12.200.89 255.255.255.255
network-object 66.163.168.107 255.255.255.255
network-object 66.163.168.117 255.255.255.255
network-object 66.163.169.143 255.255.255.255
network-object 66.163.169.148 255.255.255.255
network-object 66.163.169.149 255.255.255.255
network-object 66.163.169.150 255.255.255.255
network-object 66.163.169.212 255.255.255.255
network-object 66.163.169.213 255.255.255.255
network-object 66.163.172.100 255.255.255.255
network-object 66.163.172.80 255.255.255.255
network-object 66.163.172.81 255.255.255.255
network-object 66.163.172.82 255.255.255.255
network-object 66.163.172.83 255.255.255.255
network-object 66.163.172.93 255.255.255.255
network-object 66.163.172.94 255.255.255.255
network-object 66.163.172.99 255.255.255.255
network-object 66.163.173.200 255.255.255.255
network-object 66.163.174.117 255.255.255.255
network-object 66.163.174.118 255.255.255.255
network-object 66.163.174.119 255.255.255.255
network-object 66.163.174.120 255.255.255.255
network-object 66.163.174.121 255.255.255.255
network-object 66.163.174.122 255.255.255.255
network-object 66.163.174.123 255.255.255.255
network-object 66.163.174.124 255.255.255.255
network-object 66.163.174.125 255.255.255.255
network-object 66.163.174.126 255.255.255.255
network-object 66.163.174.49 255.255.255.255
network-object 66.163.174.77 255.255.255.255
network-object 66.163.174.78 255.255.255.255
network-object 207.46.104.0 255.255.255.0
network-object 207.46.106.0 255.255.255.0
network-object 207.46.110.0 255.255.255.0
network-object 204.71.200.36 255.255.255.255
network-object 204.71.200.37 255.255.255.255
network-object 204.71.201.134 255.255.255.255
network-object 204.71.201.141 255.255.255.255
network-object 205.188.153.249 255.255.255.255
network-object 205.188.179.0 255.255.255.0
network-object 205.188.179.233 255.255.255.255
network-object 216.136.128.144 255.255.255.255
network-object 216.136.128.145 255.255.255.255
network-object 216.136.128.167 255.255.255.255
network-object 216.136.131.64 255.255.255.255
network-object 216.136.172.75 255.255.255.255
network-object 216.136.173.141 255.255.255.255
network-object 216.136.173.142 255.255.255.255
network-object 216.136.173.168 255.255.255.255
network-object 216.136.173.169 255.255.255.255
network-object 216.136.173.180 255.255.255.255
network-object 216.136.173.183 255.255.255.255
network-object 216.136.173.184 255.255.255.255
network-object 216.136.225.27 255.255.255.255
network-object 216.136.225.28 255.255.255.255
network-object 216.136.226.13 255.255.255.255
network-object 216.136.226.19 255.255.255.255
network-object 216.136.227.20 255.255.255.255
network-object 216.136.227.21 255.255.255.255
network-object 216.136.227.22 255.255.255.255
network-object 216.136.227.23 255.255.255.255
network-object 216.136.227.24 255.255.255.255
network-object 216.136.227.25 255.255.255.255
network-object 216.136.227.74 255.255.255.255
network-object 216.136.227.76 255.255.255.255
network-object 216.136.227.77 255.255.255.255
network-object 216.136.227.78 255.255.255.255
network-object 216.136.227.79 255.255.255.255
object-group network Bloomberg
network-object 199.105.176.0 255.255.248.0
network-object 199.105.184.0 255.255.248.0
network-object 205.183.246.0 255.255.255.0
network-object 208.134.161.0 255.255.255.0
network-object 69.184.0.0 255.255.0.0
object-group network Bloomberg_Internet
network-object 160.43.250.0 255.255.255.0
network-object 205.216.112.0 255.255.255.0
network-object 208.22.56.0 255.255.255.0
network-object 208.22.57.0 255.255.255.0
network-object 69.191.192.0 255.255.192.0
network-object 206.156.53.0 255.255.255.0
object-group network Radianz
network-object host xxx
network-object host xxx
network-object host xxx
network-object host xxx
network-object host xxx
network-object host xxx
network-object xxx
object-group network FortexTrade
network-object host 6zzzz
network-object host zzzzz
object-group service Fortex-Trading tcp
port-object eq 28160
port-object range 28170 28180
port-object eq 29990
port-object eq 29991
port-object eq 29999
port-object range 30002 30004
port-object eq 30003
port-object eq 30004
port-object eq 38000
port-object eq 38001
object-group network Internal_DNS_Server
network-object host 10.8.1.24
network-object host 10.8.1.25
access-list acl_outside extended permit icmp any any echo
access-list acl_outside extended permit icmp any any echo-reply
access-list acl_outside extended permit icmp any any time-exceeded
access-list acl_server-vlan extended permit icmp any any echo
access-list acl_server-vlan extended permit icmp any any echo-reply
access-list acl_server-vlan extended permit icmp any any time-exceeded
access-list acl_server-vlan extended permit ip any 10.0.0.0 255.0.0.0
access-list acl_server-vlan extended permit udp object-group Internal_DNS_Server any eq domain
access-list acl_server-vlan extended permit tcp any object-group Bloomberg range 8194 8294
access-list acl_server-vlan extended permit udp any object-group Bloomberg range 48129 48137
access-list acl_server-vlan extended permit tcp any object-group Bloomberg_Internet range 8194 8198
access-list acl_server-vlan extended permit tcp any object-group Bloomberg_Internet range 8209 8220
access-list acl_server-vlan extended permit tcp any object-group Bloomberg_Internet range 8290 8294
access-list acl_server-vlan extended permit udp any object-group Bloomberg_Internet range 48129 48137
access-list acl_server-vlan extended permit ip any object-group Radianz
access-list acl_server-vlan extended deny tcp any any eq smtp
access-list acl_server-vlan extended deny ip any object-group DENY-HOST
access-list acl_server-vlan extended permit tcp any any eq 5050
access-list acl_server-vlan extended permit tcp any any eq www
access-list acl_server-vlan extended permit tcp any any eq https
access-list acl_server-vlan extended permit tcp any any eq 8080
access-list acl_server-vlan extended permit tcp any host 217.196.241.182 eq citrix-ica
access-list acl_server-vlan extended permit tcp any any eq 12606
access-list acl_server-vlan extended permit tcp any host 194.74.155.165 eq 11997
access-list acl_server-vlan extended permit tcp any host 194.74.155.165 eq 11995
access-list acl_server-vlan extended permit tcp any host 62.189.50.196 eq 15002
access-list acl_server-vlan extended permit tcp any host 204.4.185.73 eq ftp-data
access-list acl_server-vlan extended permit tcp any host 204.4.185.73 eq ftp
access-list acl_server-vlan extended permit tcp any host 209.108.213.166 range 9000 9002
access-list acl_server-vlan extended permit tcp any 207.235.60.160 255.255.255.240 range 9000 9002
access-list acl_server-vlan extended permit tcp any host 168.215.139.154 eq 3389
access-list acl_server-vlan extended permit tcp any any eq 2525
access-list acl_server-vlan extended permit tcp any host 216.203.48.216 eq ftp-data
access-list acl_server-vlan extended permit tcp any host 216.203.48.216 eq ftp
access-list acl_server-vlan extended permit tcp any host 75.124.69.113 range 9000 9002
access-list acl_server-vlan extended permit tcp any host 207.235.60.170 range 9101 9102
access-list acl_server-vlan extended permit tcp any host 207.235.60.170 range 9201 9202
access-list acl_server-vlan extended permit tcp any host 209.191.171.21 eq 8202
access-list acl_server-vlan extended permit tcp 10.0.0.0 255.0.0.0 host 216.203.57.121 eq 90
access-list acl_server-vlan extended permit tcp any host 207.235.60.170 range 9000 9002
access-list acl_server-vlan extended permit tcp 10.8.0.0 255.255.240.0 host 203.233.91.71 eq 4512
access-list acl_server-vlan extended permit tcp 10.8.0.0 255.255.240.0 host 216.203.57.31 eq ftp
access-list acl_server-vlan extended permit tcp 10.8.0.0 255.255.240.0 object-group FortexTrade object-group Fortex-Trading
access-list acl_server-vlan extended permit tcp 10.8.0.0 255.255.240.0 host 141.146.44.21 eq ftp
access-list acl_server-vlan extended permit tcp 10.8.0.0 255.255.240.0 host 213.86.119.250 eq 9009
access-list acl_server-vlan extended permit tcp 10.8.0.0 255.255.240.0 host 80.169.159.169 eq 9009
access-list acl_server-vlan extended permit udp any any eq domain
access-list acl_data-vlan extended permit icmp any any echo
access-list acl_data-vlan extended permit icmp any any echo-reply
access-list acl_data-vlan extended permit icmp any any time-exceeded
access-list acl_data-vlan extended permit ip any 10.0.0.0 255.0.0.0
access-list acl_data-vlan extended permit udp object-group Internal_DNS_Server any eq domain
access-list acl_data-vlan extended permit tcp any object-group Bloomberg range 8194 8294
access-list acl_data-vlan extended permit udp any object-group Bloomberg range 48129 48137
access-list acl_data-vlan extended permit tcp any object-group Bloomberg_Internet range 8194 8198
access-list acl_data-vlan extended permit tcp any object-group Bloomberg_Internet range 8209 8220
access-list acl_data-vlan extended permit tcp any object-group Bloomberg_Internet range 8290 8294
access-list acl_data-vlan extended permit udp any object-group Bloomberg_Internet range 48129 48137
access-list acl_data-vlan extended permit ip any object-group Radianz
access-list acl_data-vlan extended deny tcp any any eq smtp
access-list acl_data-vlan extended deny ip any object-group DENY-HOST
access-list acl_data-vlan extended permit tcp any any eq 5050
access-list acl_data-vlan extended permit tcp any any eq www
access-list acl_data-vlan extended permit tcp any any eq https
access-list acl_data-vlan extended permit tcp any any eq 8080
access-list acl_data-vlan extended permit tcp any host 217.196.241.182 eq citrix-ica
access-list acl_data-vlan extended permit tcp any any eq 12606
access-list acl_data-vlan extended permit tcp any host 194.74.155.165 eq 11997
access-list acl_data-vlan extended permit tcp any host 194.74.155.165 eq 11995
access-list acl_data-vlan extended permit tcp any host 62.189.50.196 eq 15002
access-list acl_data-vlan extended permit tcp any host 2xxxx eq ftp-data
access-list acl_data-vlan extended permit tcp any host 2xxxx eq ftp
access-list acl_data-vlan extended permit tcp any host 209.108.213.166 range 9000 9002
access-list acl_data-vlan extended permit tcp any 207.235.60.160 255.255.255.240 range 9000 9002
access-list acl_data-vlan extended permit tcp any host 168.215.139.154 eq 3389
access-list acl_data-vlan extended permit tcp any any eq 2525
access-list acl_data-vlan extended permit tcp any host 216.203.48.216 eq ftp-data
access-list acl_data-vlan extended permit tcp any host 216.203.48.216 eq ftp
access-list acl_data-vlan extended permit tcp any host 75.124.69.113 range 9000 9002
access-list acl_data-vlan extended permit tcp any host 207.235.60.170 range 9101 9102
access-list acl_data-vlan extended permit tcp any host 207.235.60.170 range 9201 9202
access-list acl_data-vlan extended permit tcp any host 209.191.171.21 eq 8202
access-list acl_data-vlan extended permit tcp 10.0.0.0 255.0.0.0 host 216.203.57.121 eq 90
access-list acl_data-vlan extended permit tcp any host 207.235.60.170 range 9000 9002
access-list acl_data-vlan extended permit tcp 10.8.0.0 255.255.240.0 host 203.233.91.71 eq 4512
access-list acl_data-vlan extended permit tcp 10.8.0.0 255.255.240.0 host 216.203.57.31 eq ftp
access-list acl_data-vlan extended permit tcp 10.8.0.0 255.255.240.0 object-group FortexTrade object-group Fortex-Trading
access-list acl_data-vlan extended permit tcp 10.8.0.0 255.255.240.0 host 141.146.44.21 eq ftp
access-list acl_data-vlan extended permit tcp 10.8.0.0 255.255.240.0 host 213.86.119.250 eq 9009
access-list acl_data-vlan extended permit tcp 10.8.0.0 255.255.240.0 host 80.169.159.169 eq 9009
access-list acl_data-vlan extended permit udp any any eq domain
access-list acl_voice-gw-link extended permit icmp any any echo
access-list acl_voice-gw-link extended permit icmp any any echo-reply
access-list acl_voice-gw-link extended permit icmp any any time-exceeded
access-list acl_voice-gw-link extended permit ip any 10.0.0.0 255.0.0.0
access-list acl_IPT-vlan extended permit icmp any any echo
access-list acl_IPT-vlan extended permit icmp any any echo-reply
access-list acl_IPT-vlan extended permit icmp any any time-exceeded
access-list acl_IPT-vlan extended permit ip any 10.0.0.0 255.0.0.0
access-list acl_IPC-vlan extended permit icmp any any echo
access-list acl_IPC-vlan extended permit icmp any any echo-reply
access-list acl_IPC-vlan extended permit icmp any any time-exceeded
access-list acl_IPC-vlan extended permit ip any 10.0.0.0 255.0.0.0
access-list acl_wifi extended permit icmp any any echo
access-list acl_wifi extended permit icmp any any echo-reply
access-list acl_wifi extended permit icmp any any time-exceeded
access-list acl_wifi extended permit ip any 10.0.0.0 255.0.0.0
access-list acl_wifi extended permit udp object-group Internal_DNS_Server any eq domain
access-list acl_wifi extended permit tcp any object-group Bloomberg range 8194 8294
access-list acl_wifi extended permit udp any object-group Bloomberg range 48129 48137
access-list acl_wifi extended permit tcp any object-group Bloomberg_Internet range 8194 8198
access-list acl_wifi extended permit tcp any object-group Bloomberg_Internet range 8209 8220
access-list acl_wifi extended permit tcp any object-group Bloomberg_Internet range 8290 8294
access-list acl_wifi extended permit udp any object-group Bloomberg_Internet range 48129 48137
access-list acl_wifi extended permit ip any object-group Radianz
access-list acl_wifi extended deny tcp any any eq smtp
access-list acl_wifi extended deny ip any object-group DENY-HOST
access-list acl_wifi extended permit tcp any any eq 5050
access-list acl_wifi extended permit tcp any any eq www
access-list acl_wifi extended permit tcp any any eq https
access-list acl_wifi extended permit tcp any any eq 8080
access-list acl_wifi extended permit tcp any host 217.196.241.182 eq citrix-ica
access-list acl_wifi extended permit tcp any any eq 12606
access-list acl_wifi extended permit tcp any host 194.74.155.165 eq 11997
access-list acl_wifi extended permit tcp any host 194.74.155.165 eq 11995
access-list acl_wifi extended permit tcp any host 62.189.50.196 eq 15002
access-list acl_wifi extended permit tcp any host 204.4.185.73 eq ftp-data
access-list acl_wifi extended permit tcp any host 204.4.185.73 eq ftp
access-list acl_wifi extended permit tcp any host 209.108.213.166 range 9000 9002
access-list acl_wifi extended permit tcp any 207.235.60.160 255.255.255.240 range 9000 9002
access-list acl_wifi extended permit tcp any host 168.215.139.154 eq 3389
access-list acl_wifi extended permit tcp any any eq 2525
access-list acl_wifi extended permit tcp any host 216.203.48.216 eq ftp-data
access-list acl_wifi extended permit tcp any host 216.203.48.216 eq ftp
access-list acl_wifi extended permit tcp any host 75.124.69.113 range 9000 9002
access-list acl_wifi extended permit tcp any host 207.235.60.170 range 9101 9102
access-list acl_wifi extended permit tcp any host 207.235.60.170 range 9201 9202
access-list acl_wifi extended permit tcp any host 209.191.171.21 eq 8202
access-list acl_wifi extended permit tcp 10.0.0.0 255.0.0.0 host 216.203.57.121 eq 90
access-list acl_wifi extended permit tcp any host 207.235.60.170 range 9000 9002
access-list acl_wifi extended permit tcp 10.8.0.0 255.255.240.0 host 203.233.91.71 eq 4512
access-list acl_wifi extended permit tcp 10.8.0.0 255.255.240.0 host 216.203.57.31 eq ftp
access-list acl_wifi extended permit tcp 10.8.0.0 255.255.240.0 object-group FortexTrade object-group Fortex-Trading
access-list acl_wifi extended permit tcp 10.8.0.0 255.255.240.0 host 141.146.44.21 eq ftp
access-list acl_wifi extended permit tcp 10.8.0.0 255.255.240.0 host 213.86.119.250 eq 9009
access-list acl_wifi extended permit tcp 10.8.0.0 255.255.240.0 host 80.169.159.169 eq 9009
access-list MNL-GFI_LAN extended permit ip 10.8.0.0 255.255.240.0 10.0.0.0 255.0.0.0
access-list acl_nat0 extended permit ip 10.8.0.0 255.255.240.0 10.0.0.0 255.0.0.0
pager lines 24
logging enable
logging timestamp
logging buffer-size 10000
logging buffered warnings
logging trap warnings
logging history warnings
logging asdm warnings
logging host outside 10.6.1.96
mtu outside 1500
mtu server-vlan 1500
mtu data-vlan 1500
mtu voice-gw-link 1500
mtu IPT-vlan 1500
mtu IPC-vlan 1500
mtu wifi 1500
failover
failover lan unit primary
failover lan interface failoverlink Ethernet0/3
failover replication http
failover link failoverlink Ethernet0/3
failover interface ip failoverlink 172.16.1.1 255.255.255.0 standby 172.16.1.2
monitor-interface server-vlan
monitor-interface data-vlan
monitor-interface voice-gw-link
monitor-interface IPT-vlan
monitor-interface IPC-vlan
monitor-interface wifi
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-645.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (server-vlan) 0 access-list acl_nat0
nat (server-vlan) 1 10.8.1.0 255.255.255.0
nat (data-vlan) 0 access-list acl_nat0
nat (data-vlan) 1 10.8.2.0 255.255.255.0
nat (voice-gw-link) 0 access-list acl_nat0
nat (IPT-vlan) 0 access-list acl_nat0
nat (IPC-vlan) 0 access-list acl_nat0
nat (wifi) 0 access-list acl_nat0
nat (wifi) 1 10.8.6.0 255.255.255.0
access-group acl_outside in interface outside
access-group acl_server-vlan in interface server-vlan
access-group acl_data-vlan in interface data-vlan
access-group acl_voice-gw-link in interface voice-gw-link
access-group acl_IPT-vlan in interface IPT-vlan
access-group acl_IPC-vlan in interface IPC-vlan
access-group acl_wifi in interface wifi
route outside 0.0.0.0 0.0.0.0 xxxxxxxx 1
route voice-gw-link 10.8.3.11 255.255.255.255 10.8.3.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
url-server (server-vlan) vendor websense host 10.8.1.101 timeout 30 protocol UDP
version 4
filter url http 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow longurl-truncate
filter https 443 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow
http server enable
snmp-server host outside 10.6.1.96 poll community *****
no snmp-server location
no snmp-server contact
snmp-server community *****
snmp-server enable traps snmp authentication linkup linkdown coldstart
snmp-server enable traps syslog
service resetoutside
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map VPN-SG 10 match address MNL-GFI_LAN
crypto map VPN-SG 10 set peer xxxxxxx
crypto map VPN-SG 10 set transform-set ESP-3DES-SHA
crypto map VPN-SG interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet 10.0.0.0 255.0.0.0 server-vlan
telnet timeout 5
ssh 10.0.0.0 255.0.0.0 server-vlan
ssh timeout 5
console timeout 0
dhcprelay server 10.8.1.24 server-vlan
dhcprelay server 10.8.1.25 server-vlan
dhcprelay enable data-vlan
dhcprelay enable IPT-vlan
dhcprelay enable IPC-vlan
dhcprelay enable wifi
dhcprelay timeout 60
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 10.6.1.96
username mnlnetwork password trt1kvoyHnm2sHvb encrypted privilege 15
tunnel-group xxxxxxxxxx type ipsec-l2l
tunnel-group xxxxxxxxxx ipsec-attributes
pre-shared-key *****
!
class-map voice_traffic
match dscp cs3 af31 ef
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map QoS_Policy
class voice_traffic
priority
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:076c4a5a6576786d4f61433c1c9d9056
: end
MNL-FW01#
MNL-FW01#
MNL-FW01#
MNL-FW01# wr m
09-05-2012 08:18 AM
That config looks fine, what about the other config?
Sent from Cisco Technical Support iPad App
09-06-2012 01:11 AM
thank you for the help, got it fixed there was no acl permit on site B ASA config once i added it ..everything works..
many thanks
cheers
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide