- Cisco Community
- Technology and Support
- Security
- VPN
- Using Remote Access with Client or Clientless to do XAUTH Against Cisco ACS integrated with MS AD
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Using Remote Access with Client or Clientless to do XAUTH Against Cisco ACS integrated with MS AD
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-23-2012 12:51 PM
Hello All,
I am currently having issue with the authentication VPN users on my AAA server which is a Cisco ACS v4.2 integratd already with my MS AD.
The ACS server is working just fine when authenticating users over WIFI using their AD credentials, but as soon as i use XAUTH it fails and i get a error on the "Failed Attempts" Reports saying "internal Error".
Has anyone ever see this issue before?
I tried thi with both PSK-XAUTH and now with AnyConnect SSL Clientless via WebGUI and same results.
Any help would be very much appreciated.
- Labels:
-
Remote Access
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-23-2012 11:42 PM
Can you pls share your configuration?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-24-2012 09:20 AM
Configuration to which the ASA or to my ACS?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-24-2012 11:04 PM
ASA pls
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-06-2012 01:03 PM
Sorry for the delay....
: Saved
:
ASA Version 8.4(1)
!
hostname asa1
domain-name SRPVPN.net
enable password jIM.eZnDiVyNt8Ms encrypted
passwd jIM.eZnDiVyNt8Ms encrypted
names
name fe80::a00:27ff:fe63:b398 ipv6-public
name fe82::a00:27ff:fe63:b398 ipv6-private
name 10.14.205.0 Waterloo
dns-guard
!
interface Ethernet0/0
nameif Public
security-level 0
ip address x.x.x..205 255.255.255.0
!
interface Ethernet0/1
nameif Private
security-level 100
ip address x.x.1.90 255.255.128.0
!
interface Ethernet0/2
shutdown
nameif Public-IPv6
security-level 0
no ip address
ipv6 address 2000::1212/64
ipv6 enable
!
interface Ethernet0/3
shutdown
nameif temp
security-level 0
ip address 192.167.10.10 255.255.255.0
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.205 255.255.255.0
management-only
!
banner login 123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
boot system disk0:/asa841-k8.bin
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns domain-lookup Public
dns domain-lookup Private
dns domain-lookup management
dns server-group DefaultDNS
name-server x.x.1.2
name-server x.x.1.241
domain-name SRPVPN.net
same-security-traffic permit intra-interface
object network obj-x.x.1.0
subnet x.x.1.0 255.255.255.0
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network NETWORK_OBJ_x.x.2.100_30
subnet x.x.2.100 255.255.255.252
object network 10.90.0.0
subnet 10.90.0.0 255.255.0.0
object network NETWORK_OBJ_x.x.2.64_26
subnet x.x.2.64 255.255.255.192
object network 10.14.205.0
subnet 10.14.205.0 255.255.255.0
object network Relay1
host x.x.x.x
object service Relay-Port
service tcp destination eq 4279
description Relay Port
object network Relay2
host x.x.x.x
object network NETWORK_OBJ_x.x.1.64_26
subnet x.x.1.64 255.255.255.192
object network x.x.0.0_17
subnet x.x.0.0 255.255.128.0
description x.x.0.0\17
object network x.x.0.1
host x.x.0.1
description Priv Gateway
object network NETWORK_OBJ_x.x.6.0_24
subnet x.x.6.0 255.255.255.0
object network NETWORK_OBJ_x.x.6.254
host x.x.6.254
access-list outside_cryptomap_dyn_20 extended permit ip host 0.0.0.0 host 10.251.78.20
access-list outside_cryptomap_dyn_20 extended permit ip host 10.251.78.20 any
access-list outside_cryptomap_dyn_20 extended deny ip any any
access-list inside_nat0_outbound extended permit ip any x.x.1.0 255.255.255.0
access-list 1 standard permit x.x.0.0 255.255.128.0
access-list 1 standard permit x.x.128.0 255.255.128.0
access-list Public_authentication extended permit tcp any any
access-list inspection extended permit ip object x.x.0.0_17 10.0.0.0 255.0.0.0
access-list Private_access_in extended permit tcp object x.x.0.0_17 any eq ssh
access-list 200_Subnets standard permit host x.x.1.1
access-list 200_Subnets standard permit host x.x.1.2
access-list 200_Subnets standard permit host x.x.1.3
access-list 200_Subnets standard permit host x.x.1.4
access-list 200_Subnets standard permit host x.x.1.5
access-list 200_Subnets standard permit host x.x.1.6
access-list 200_Subnets standard permit host x.x.1.7
access-list 200_Subnets standard permit host x.x.1.8
access-list 200_Subnets standard permit host x.x.1.9
access-list 200_Subnets standard permit host x.x.1.10
access-list 200_Subnets standard permit host x.x.1.11
access-list 200_Subnets standard permit host x.x.1.12
access-list 200_Subnets standard permit host x.x.1.13
access-list 200_Subnets standard permit host x.x.1.14
access-list 200_Subnets standard permit host x.x.1.15
access-list 200_Subnets standard permit host x.x.1.16
access-list 200_Subnets standard permit host x.x.1.17
access-list 200_Subnets standard permit host x.x.1.18
access-list 200_Subnets standard permit host x.x.1.19
access-list 200_Subnets standard permit host x.x.1.20
access-list 200_Subnets standard permit host x.x.1.21
access-list 200_Subnets standard permit host x.x.1.22
access-list 200_Subnets standard permit host x.x.1.23
access-list 200_Subnets standard permit host x.x.1.24
access-list 200_Subnets standard permit host x.x.1.25
access-list 200_Subnets standard permit host x.x.1.26
access-list 200_Subnets standard permit host x.x.1.27
access-list 200_Subnets standard permit host x.x.1.28
access-list 200_Subnets standard permit host x.x.1.29
access-list 200_Subnets standard permit host x.x.1.30
access-list 200_Subnets standard permit host x.x.1.31
access-list 200_Subnets standard permit host x.x.1.32
access-list 200_Subnets standard permit host x.x.1.33
access-list 200_Subnets standard permit host x.x.1.34
access-list 200_Subnets standard permit host x.x.1.35
access-list 200_Subnets standard permit host x.x.1.36
access-list 200_Subnets standard permit host x.x.1.37
access-list 200_Subnets standard permit host x.x.1.38
access-list 200_Subnets standard permit host x.x.1.39
access-list 200_Subnets standard permit host x.x.1.40
access-list 200_Subnets standard permit host x.x.1.41
access-list 200_Subnets standard permit host x.x.1.42
access-list 200_Subnets standard permit host x.x.1.43
access-list 200_Subnets standard permit host x.x.1.44
access-list 200_Subnets standard permit host x.x.1.45
access-list 200_Subnets standard permit host x.x.1.46
access-list 200_Subnets standard permit host x.x.1.47
access-list 200_Subnets standard permit host x.x.1.48
access-list 200_Subnets standard permit host x.x.1.49
access-list 200_Subnets standard permit host x.x.1.50
access-list 200_Subnets standard permit host x.x.1.51
access-list 200_Subnets standard permit host x.x.1.52
access-list 200_Subnets standard permit host x.x.1.53
access-list 200_Subnets standard permit host x.x.1.54
access-list 200_Subnets standard permit host x.x.1.55
access-list 200_Subnets standard permit host x.x.1.56
access-list 200_Subnets standard permit host x.x.1.57
access-list 200_Subnets standard permit host x.x.1.58
access-list 200_Subnets standard permit host x.x.1.59
access-list 200_Subnets standard permit host x.x.1.60
access-list 200_Subnets standard permit host x.x.1.61
access-list 200_Subnets standard permit host x.x.1.62
access-list 200_Subnets standard permit host x.x.1.63
access-list 200_Subnets standard permit host x.x.1.64
access-list 200_Subnets standard permit host x.x.1.65
access-list 200_Subnets standard permit host x.x.1.66
access-list 200_Subnets standard permit host x.x.1.67
access-list 200_Subnets standard permit host x.x.1.68
access-list 200_Subnets standard permit host x.x.1.69
access-list 200_Subnets standard permit host x.x.1.70
access-list 200_Subnets standard permit host x.x.1.71
access-list 200_Subnets standard permit host x.x.1.72
access-list 200_Subnets standard permit host x.x.1.73
access-list 200_Subnets standard permit host x.x.1.74
access-list 200_Subnets standard permit host x.x.1.75
access-list 200_Subnets standard permit host x.x.1.76
access-list 200_Subnets standard permit host x.x.1.77
access-list 200_Subnets standard permit host x.x.1.78
access-list 200_Subnets standard permit host x.x.1.79
access-list 200_Subnets standard permit host x.x.1.80
access-list 200_Subnets standard permit host x.x.1.81
access-list 200_Subnets standard permit host x.x.1.82
access-list 200_Subnets standard permit host x.x.1.83
access-list 200_Subnets standard permit host x.x.1.84
access-list 200_Subnets standard permit host x.x.1.85
access-list 200_Subnets standard permit host x.x.1.86
access-list 200_Subnets standard permit host x.x.1.87
access-list 200_Subnets standard permit host x.x.1.88
access-list 200_Subnets standard permit host x.x.1.89
access-list 200_Subnets standard permit host x.x.1.90
access-list 200_Subnets standard permit host x.x.1.91
access-list 200_Subnets standard permit host x.x.1.92
access-list 200_Subnets standard permit host x.x.1.93
access-list 200_Subnets standard permit host x.x.1.94
access-list 200_Subnets standard permit host x.x.1.95
access-list 200_Subnets standard permit host x.x.1.96
access-list 200_Subnets standard permit host x.x.1.97
access-list 200_Subnets standard permit host x.x.1.98
access-list 200_Subnets standard permit host x.x.1.99
access-list 200_Subnets standard permit host x.x.1.100
access-list 200_Subnets standard permit host x.x.1.101
access-list 200_Subnets standard permit host x.x.1.102
access-list 200_Subnets standard permit host x.x.1.103
access-list 200_Subnets standard permit host x.x.1.104
access-list 200_Subnets standard permit host x.x.1.105
access-list 200_Subnets standard permit host x.x.1.106
access-list 200_Subnets standard permit host x.x.1.107
access-list 200_Subnets standard permit host x.x.1.108
access-list 200_Subnets standard permit host x.x.1.109
access-list 200_Subnets standard permit host x.x.1.110
access-list 200_Subnets standard permit host x.x.1.111
access-list 200_Subnets standard permit host x.x.1.112
access-list 200_Subnets standard permit host x.x.1.113
access-list 200_Subnets standard permit host x.x.1.114
access-list 200_Subnets standard permit host x.x.1.115
access-list 200_Subnets standard permit host x.x.1.116
access-list 200_Subnets standard permit host x.x.1.117
access-list 200_Subnets standard permit host x.x.1.118
access-list 200_Subnets standard permit host x.x.1.119
access-list 200_Subnets standard permit host x.x.1.120
access-list 200_Subnets standard permit host x.x.1.121
access-list 200_Subnets standard permit host x.x.1.122
access-list 200_Subnets standard permit host x.x.1.123
access-list 200_Subnets standard permit host x.x.1.124
access-list 200_Subnets standard permit host x.x.1.125
access-list 200_Subnets standard permit host x.x.1.126
access-list 200_Subnets standard permit host x.x.1.127
access-list 200_Subnets standard permit host x.x.1.128
access-list 200_Subnets standard permit host x.x.1.129
access-list 200_Subnets standard permit host x.x.1.130
access-list 200_Subnets standard permit host x.x.1.131
access-list 200_Subnets standard permit host x.x.1.132
access-list 200_Subnets standard permit host x.x.1.133
access-list 200_Subnets standard permit host x.x.1.134
access-list 200_Subnets standard permit host x.x.1.135
access-list 200_Subnets standard permit host x.x.1.136
access-list 200_Subnets standard permit host x.x.1.137
access-list 200_Subnets standard permit host x.x.1.138
access-list 200_Subnets standard permit host x.x.1.139
access-list 200_Subnets standard permit host x.x.1.140
access-list 200_Subnets standard permit host x.x.1.141
access-list 200_Subnets standard permit host x.x.1.142
access-list 200_Subnets standard permit host x.x.1.143
access-list 200_Subnets standard permit host x.x.1.144
access-list 200_Subnets standard permit host x.x.1.145
access-list 200_Subnets standard permit host x.x.1.146
access-list 200_Subnets standard permit host x.x.1.147
access-list 200_Subnets standard permit host x.x.1.148
access-list 200_Subnets standard permit host x.x.1.149
access-list 200_Subnets standard permit host x.x.1.150
access-list 200_Subnets standard permit host x.x.1.151
access-list 200_Subnets standard permit host x.x.1.152
access-list 200_Subnets standard permit host x.x.1.153
access-list 200_Subnets standard permit host x.x.1.154
access-list 200_Subnets standard permit host x.x.1.155
access-list 200_Subnets standard permit host x.x.1.156
access-list 200_Subnets standard permit host x.x.1.157
access-list 200_Subnets standard permit host x.x.1.158
access-list 200_Subnets standard permit host x.x.1.159
access-list 200_Subnets standard permit host x.x.1.160
access-list 200_Subnets standard permit host x.x.1.161
access-list 200_Subnets standard permit host x.x.1.162
access-list 200_Subnets standard permit host x.x.1.163
access-list 200_Subnets standard permit host x.x.1.164
access-list 200_Subnets standard permit host x.x.1.165
access-list 200_Subnets standard permit host x.x.1.166
access-list 200_Subnets standard permit host x.x.1.167
access-list 200_Subnets standard permit host x.x.1.168
access-list 200_Subnets standard permit host x.x.1.169
access-list 200_Subnets standard permit host x.x.1.170
access-list 200_Subnets standard permit host x.x.1.171
access-list 200_Subnets standard permit host x.x.1.172
access-list 200_Subnets standard permit host x.x.1.173
access-list 200_Subnets standard permit host x.x.1.174
access-list 200_Subnets standard permit host x.x.1.175
access-list 200_Subnets standard permit host x.x.1.176
access-list 200_Subnets standard permit host x.x.1.177
access-list 200_Subnets standard permit host x.x.1.178
access-list 200_Subnets standard permit host x.x.1.179
access-list 200_Subnets standard permit host x.x.1.180
access-list 200_Subnets standard permit host x.x.1.181
access-list 200_Subnets standard permit host x.x.1.182
access-list 200_Subnets standard permit host x.x.1.183
access-list 200_Subnets standard permit host x.x.1.184
access-list 200_Subnets standard permit host x.x.1.185
access-list 200_Subnets standard permit host x.x.1.186
access-list 200_Subnets standard permit host x.x.1.187
access-list 200_Subnets standard permit host x.x.1.188
access-list 200_Subnets standard permit host x.x.1.189
access-list 200_Subnets standard permit host x.x.1.190
access-list 200_Subnets standard permit host x.x.1.191
access-list 200_Subnets standard permit host x.x.1.192
access-list 200_Subnets standard permit host x.x.1.193
access-list 200_Subnets standard permit host x.x.1.194
access-list 200_Subnets standard permit host x.x.1.195
access-list 200_Subnets standard permit host x.x.1.196
access-list 200_Subnets standard permit host x.x.1.197
access-list 200_Subnets standard permit host x.x.1.198
access-list 200_Subnets standard permit host x.x.1.199
access-list 200_Subnets standard permit host x.x.1.200
access-list 10_Subnets standard permit host x.x.1.1
access-list 10_Subnets standard permit host x.x.1.2
access-list 10_Subnets standard permit host x.x.1.3
access-list 10_Subnets standard permit host x.x.1.4
access-list 10_Subnets standard permit host x.x.1.5
access-list 10_Subnets standard permit host x.x.1.6
access-list 10_Subnets standard permit host x.x.1.7
access-list 10_Subnets standard permit host x.x.1.8
access-list 10_Subnets standard permit host x.x.1.9
access-list 10_Subnets standard permit host x.x.1.10
access-list 2_Subnets standard permit host x.x.1.1
access-list 2_Subnets standard permit host x.x.1.2
access-list 1_Subnet standard permit host x.x.1.1
pager lines 24
logging enable
logging standby
logging asdm informational
mtu Public 1500
mtu Private 1500
mtu Public-IPv6 1500
mtu temp 1500
mtu management 1500
ip local pool subnetmask255 x.x.6.253 mask 255.255.255.255
ip local pool Miss_second_subnet x.x.2.93-x.x.2.99 mask 255.255.255.0
ip local pool srpvpn_pool x.x.6.1-x.x.6.252 mask 255.255.128.0
ip local pool netmask255 x.x.6.254 mask 255.255.255.255
ipv6 enforce-eui64 Public-IPv6
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any Public
icmp permit any Private
asdm image disk0:/asdm-643.bin
no asdm history enable
arp timeout 14400
nat (Private,any) source static any any destination static obj-x.x.1.0 obj-x.x.1.0 unidirectional
nat (any,any) source static any any
nat (Private,Public) source static any any destination static NETWORK_OBJ_x.x.2.100_30 NETWORK_OBJ_x.x.2.100_30
nat (Private,Public) source static any any destination static NETWORK_OBJ_x.x.2.64_26 NETWORK_OBJ_x.x.2.64_26
nat (Private,Public) source static any any destination static NETWORK_OBJ_x.x.1.64_26 NETWORK_OBJ_x.x.1.64_26
nat (Private,Public) source static any any destination static NETWORK_OBJ_x.x.6.0_24 NETWORK_OBJ_x.x.6.0_24
nat (Private,Private) source static any any destination static NETWORK_OBJ_x.x.6.0_24 NETWORK_OBJ_x.x.6.0_24
nat (Private,Public) source static any any destination static NETWORK_OBJ_x.x.6.254 NETWORK_OBJ_x.x.6.254
!
object network obj_any
nat (Private,Public) dynamic interface
access-group Private_access_in in interface Private control-plane
route Public 0.0.0.0 0.0.0.0 x.x.x..254 1
route Private 0.0.0.0 0.0.0.0 x.x.0.1 tunneled
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server RSA protocol sdi
aaa-server RSA (Private) host x.x.1.4
aaa-server Radius protocol radius
aaa-server Radius (Private) host x.x.1.4
key *****
authentication-port 1812
accounting-port 1813
radius-common-pw *****
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ (Private) host x.x.1.3
key *****
aaa-server AAA_RADIUS protocol radius
aaa-server AAA_RADIUS (Private) host x.x.1.3
key *****
radius-common-pw *****
aaa-server RSA_SDI protocol sdi
aaa-server RSA_SDI (Private) host x.x.1.4
aaa authentication match Public_authentication Public RSA
aaa authentication ssh console TACACS+ LOCAL
aaa authentication telnet console TACACS+ LOCAL
aaa authentication http console TACACS+ LOCAL
aaa authentication enable console AAA_RADIUS LOCAL
aaa authentication serial console AAA_RADIUS LOCAL
http server enable
http x.x.0.0 255.255.128.0 Private
http redirect Private 80
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set TRANS_ESP_3DES_SHA mode transport
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec fragmentation after-encryption Public
crypto ipsec fragmentation after-encryption Private
crypto dynamic-map outside_dyn_map 20 set ikev1 transform-set ESP-DES-MD5 ESP-AES-128-SHA ESP-AES-256-SHA ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-MD5
crypto dynamic-map outside_dyn_map 20 set security-association lifetime seconds 28800
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface Public
crypto map Private_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map Private_map interface Private
crypto ca trustpoint TP2
enrollment terminal
subject-name C=CA
no client-types
crl configure
crypto ca trustpoint ASDM_TrustPoint8
crl configure
crypto ca trustpoint ASDM_TrustPoint10
crl configure
crypto ca trustpoint ASDM_TrustPoint11
crl configure
crypto ca trustpoint ASDM_TrustPoint12
crl configure
crypto ca trustpoint ASDM_TrustPoint13
crl configure
crypto ca trustpoint ASDM_TrustPoint14
crl configure
crypto ca trustpoint ASDM_TrustPoint15
crl configure
crypto ca trustpoint ASDM_TrustPoint16
crl configure
crypto ca trustpoint ASDM_TrustPoint17
crl configure
crypto ca trustpoint ASDM_TrustPoint18
crl configure
crypto ca trustpoint ASDM_TrustPoint1
crl configure
crypto ca trustpoint Alan-Gateway
crl configure
crypto ca trustpoint ASDM_TrustPoint5
crl configure
crypto ca trustpoint ASDM_TrustPoint19
crl configure
crypto ca trustpoint ASDM_TrustPoint21
enrollment terminal
subject-name CN=Alan-Gateway,OU=IOT,O=RIM,C=CA,St=ON,L=Missassuaga
keypair KP1
crl configure
crypto ca trustpoint ASDM_TrustPoint23
crl configure
crypto ca trustpoint ASDM_TrustPoint24
crl configure
crypto ca trustpoint ASDM_TrustPoint26
crl configure
crypto ca trustpoint ASDM_TrustPoint27
enrollment url http://interca2.srpvpn.net:80/certsrv
subject-name CN=CiscoASA5510
keypair KP1
crl configure
crypto ca trustpoint ASDM_TrustPoint28
enrollment url http://interca2.srpvpn.net:80/certsrv/mscep_admin
crl configure
crypto ca trustpoint root2_srpvpn_net
enrollment terminal
crl configure
crypto ca trustpoint Interca3_srpvpn_net
enrollment terminal
crl configure
crypto ca trustpoint server_srpvpn_net
crl configure
crypto ca trustpoint ASDM_TrustPoint2
keypair ASDM_TrustPoint2
crl configure
crypto ca trustpoint asa1.srpvpn.net_subaltname_ip
keypair asa1.srpvpn.net_subaltname_ip
crl configure
crypto ca trustpoint SQM_Enterprise_Root_CA
enrollment terminal
crl configure
crypto ca trustpoint ASDM_TrustPoint0
enrollment terminal
crl configure
crypto ca trustpoint ASDM_TrustPoint4
enrollment terminal
crl configure
crypto ca trustpoint ASDM_TrustPoint6
enrollment terminal
crl configure
crypto ca trustpoint ASDM_TrustPoint7
crl configure
crypto ca trustpoint asa1.testnet.net
crl configure
crypto ca trustpoint ASDM_TrustPoint9
enrollment terminal
crl configure
crypto ca trustpoint ASDM_TrustPoint20
enrollment terminal
crl configure
crypto ca trustpoint ASDM_TrustPoint22
enrollment terminal
crl configure
crypto ca trustpoint ASDM_TrustPoint25
enrollment terminal
crl configure
crypto ca trustpoint asa1_bbsca
keypair asa1_bbsca
crl configure
crypto ca certificate map certgroup 30
subject-name attr dc eq net
subject-name attr dc eq srpvpn
issuer-name attr cn eq interca3
crypto ca certificate map xauthpkigroup 20
subject-name attr dc eq srpvpn
issuer-name attr cn eq interca3
subject-name attr dc eq net
crypto ca certificate map vpnpki 25
subject-name attr cn co interca3
crypto ca certificate chain TP2
certificate ca 00822976f41432ba82
3082029b 30820204 02090082 2976f414 32ba8230 0d06092a 864886f7 0d010105
05003081 91310b30 09060355 04061302 43413110 300e0603 55040813 074f6e74
6172696f 3111300f 06035504 07130857 61746572 6c6f6f31 0c300a06 0355040a
13035249 4d311030 0e060355 040b1307 574c414e 494f5431 11300f06 03550403
1308696f 742d7465 7374312a 30280609 2a864886 f70d0109 01161b69 6f742d74
65737440 77696e74 6573746e 65742e72 696d2e6e 6574301e 170d3039 30393330
31383539 34395a17 0d313930 39323831 38353934 395a3081 91310b30 09060355
04061302 43413110 300e0603 55040813 074f6e74 6172696f 3111300f 06035504
07130857 61746572 6c6f6f31 0c300a06 0355040a 13035249 4d311030 0e060355
040b1307 574c414e 494f5431 11300f06 03550403 1308696f 742d7465 7374312a
30280609 2a864886 f70d0109 01161b69 6f742d74 65737440 77696e74 6573746e
65742e72 696d2e6e 65743081 9f300d06 092a8648 86f70d01 01010500 03818d00
30818902 818100e3 758b76b0 c43934e7 22f72095 a48e8f5a a97e0075 226fff51
e334acaf e4fd009b 2504d2f5 7b4c7180 8e7050e1 ed1e7d6b dbbdf376 f0462684
4769a301 d0ba72a1 60d97725 d0750b05 bddd0d39 89db1889 3c247ee9 01d309a7
7cafe50f da172595 eac380d8 24caf53e 521317e1 c02308fa 8985cc4e c299c2da
f15abd3d 97e97102 03010001 300d0609 2a864886 f70d0101 05050003 81810093
a9fcdac5 6ab3d239 dccdcee0 4e622043 2d649250 4bafc2da 1792ec9c 779ada05
a1d4b68f 5c2b56c7 04ae9059 137cb94b a21873c4 d6b9a0f7 496a9537 da6f1224
fc14260b 0b9f60de 748e1baa abd4617e c821d6bc 6f9a7425 a0a5221a 86e161aa
3bf5d501 d157c5d6 5f80ddb4 066270d7 76dfd84b 53dd90f9 6639fdae 2a3fe2
quit
crypto ca certificate chain root2_srpvpn_net
certificate ca 39ea08a3e2fabcb845a2e9bb5410181d
30820381 30820269 a0030201 02021039 ea08a3e2 fabcb845 a2e9bb54 10181d30
0d06092a 864886f7 0d010105 05003047 31133011 060a0992 268993f2 2c640119
16036e65 74311630 14060a09 92268993 f22c6401 19160673 72707670 6e311830
16060355 0403130f 73727076 706e2d52 4f4f5432 2d434130 1e170d31 31313131
38313731 3932365a 170d3231 31313138 31373239 32355a30 47311330 11060a09
92268993 f22c6401 1916036e 65743116 3014060a 09922689 93f22c64 01191606
73727076 706e3118 30160603 55040313 0f737270 76706e2d 524f4f54 322d4341
30820122 300d0609 2a864886 f70d0101 01050003 82010f00 3082010a 02820101
00c42e89 dfbdbc26 70af1829 72d7de57 c75580bb 4081772e 79add22c 084712f7
9b71767b b74d87a1 f90731e0 74cbe941 e88e719c ea90beb8 efd6e804 072685ec
a938213c 8d3c3e38 f7b7f65f 7ded46bb 8fcfd1c6 1289e45e 69a2ee0b 247971f1
cc4ef31c 02c90778 2974192a 3c28f6ee 12b3b588 aff4c1ce 956953e0 0c72b494
842d7d7f 513c8931 0017ee5f 1577a060 0c238768 6e2b0245 c6fb5278 5a2dd1d9
2ea52548 bfee3c3d 170e57d1 f30b7cb1 b4632878 c135974b f4a91839 0b606541
892732e9 c6a72cdc f621d1a3 743ae9d2 212553de ee5a2bbb 4d5bff45 e8997bac
221f95db bfc46f28 f95fc5bc 03e97849 23e94e0c 3f7e3e5e a9b2ec28 d7a3c9eb
bb020301 0001a369 30673013 06092b06 01040182 37140204 061e0400 43004130
0e060355 1d0f0101 ff040403 02018630 0f060355 1d130101 ff040530 030101ff
301d0603 551d0e04 16041453 0be78b97 a52f3bbd b5f861d4 38decd0c 11460c30
1006092b 06010401 82371501 04030201 00300d06 092a8648 86f70d01 01050500
03820101 006d7016 697cdb5c 1605e1bc 65c62d2b 9ca78442 73b4fc13 2079c056
065e85ef 1d8e230d ef08e181 1eefb0cd 443dadea 103a4a18 0414b21a c2caf492
6033467d e77eefdd 0e190268 533065a1 4077c677 05f36ad1 98d74727 786a30ea
1553d5b2 a5fb433a b91502dc df225853 71ad5d29 4dcaa1a1 c8fd8f2d e8e6db05
76ce4428 a38624d4 eff602bb 060dc265 5b2d373d 41bd8115 eb880be6 83c0823e
fd8541d3 1d7a9151 6ebb87a4 110f5a58 52598f7c 9270dd87 75617998 1df44696
12be6d4f 85e57c81 86a6853a 63be7f4a 189c873f e633bd32 5fb277c6 4c980cd7
789b0d40 f2ed8d37 9f19790d a06cc7c2 51bceaee bdcc7c55 bec6cc19 04496de4
63218128 63
quit
crypto ca certificate chain Interca3_srpvpn_net
certificate ca 610aaab6000000000002
3082052f 30820417 a0030201 02020a61 0aaab600 00000000 02300d06 092a8648
86f70d01 01050500 30473113 3011060a 09922689 93f22c64 01191603 6e657431
16301406 0a099226 8993f22c 64011916 06737270 76706e31 18301606 03550403
130f7372 7076706e 2d524f4f 54322d43 41301e17 0d313131 31313831 37333735
395a170d 31363131 31363137 33373539 5a304031 13301106 0a099226 8993f22c
64011916 036e6574 31163014 060a0992 268993f2 2c640119 16067372 7076706e
3111300f 06035504 03130869 6e746572 63613330 82012230 0d06092a 864886f7
0d010101 05000382 010f0030 82010a02 82010100 de2451e9 6765ec7b f349c11b
f7c6c65a db2c1a3e 7da31588 1448ae27 6361ccf8 cfdff2c7 c1c092be 6a4556d6
134a3d23 341b900f 6baafee8 8f488374 c8a9cecf 06f9cd06 496c0611 32e6548d
05a45750 54147322 0aef8304 9a8131b6 3e9825d6 413395a3 7dc87d64 6a883a4b
ff144d9f 36caee7c c17c9774 3ba4e669 7fdfed8c 3543193b b60d68b5 9b0a511c
2419b504 58e5b5da 3f01cca0 ef2efc98 28d5014a 2f559caa 2a5884ad ca70896a
a9064319 77cc6b22 dc4d6fca 3a57b000 9aea889c 92878a3e ab110443 99cf31d4
6ceb9389 6bed6705 7107db2e ba338bf1 b1b99683 bc0f2d43 7435be90 2097192a
b79521f7 b175c519 3ff180c9 fe6411d1 f52e2281 02030100 01a38202 22308202
1e301006 092b0601 04018237 15010403 02010030 1d060355 1d0e0416 0414f142
b4c5cfe4 551d690e 36be0e0c 3e0f351b 5de33019 06092b06 01040182 37140204
0c1e0a00 53007500 62004300 41300e06 03551d0f 0101ff04 04030201 86300f06
03551d13 0101ff04 05300301 01ff301f 0603551d 23041830 16801453 0be78b97
a52f3bbd b5f861d4 38decd0c 11460c30 81ca0603 551d1f04 81c23081 bf3081bc
a081b9a0 81b68681 b36c6461 703a2f2f 2f434e3d 73727076 706e2d52 4f4f5432
2d43412c 434e3d72 6f6f7432 2c434e3d 4344502c 434e3d50 75626c69 63253230
4b657925 32305365 72766963 65732c43 4e3d5365 72766963 65732c43 4e3d436f
6e666967 75726174 696f6e2c 44433d73 72707670 6e2c4443 3d6e6574 3f636572
74696669 63617465 5265766f 63617469 6f6e4c69 73743f62 6173653f 6f626a65
6374436c 6173733d 63524c44 69737472 69627574 696f6e50 6f696e74 3081c006
082b0601 05050701 010481b3 3081b030 81ad0608 2b060105 05073002 8681a06c
6461703a 2f2f2f43 4e3d7372 7076706e 2d524f4f 54322d43 412c434e 3d414941
2c434e3d 5075626c 69632532 304b6579 25323053 65727669 6365732c 434e3d53
65727669 6365732c 434e3d43 6f6e6669 67757261 74696f6e 2c44433d 73727076
706e2c44 433d6e65 743f6341 43657274 69666963 6174653f 62617365 3f6f626a
65637443 6c617373 3d636572 74696669 63617469 6f6e4175 74686f72 69747930
0d06092a 864886f7 0d010105 05000382 01010012 9754e0a9 3dfd853c 3de69d92
1d18ce95 ba518c6f c2a60b70 5be6b419 922032e0 5df043c6 87c7cdbd 0afada0d
f147b529 a365f300 8433c00d 28ad1a50 e3e6aea1 6974b6e6 97f3cc51 57856811
44e96de6 e91d1c28 1e3ef6f3 48f03b3e 803216c7 be3a056c 9e379aeb 2b6fd1e1
3b0cc359 902794ca dfae139b bf26a2b9 66eb8ef1 a9482056 93a4ffa3 9298d646
bb9cbb1e 133b2302 28072e54 c86c26bf acc97835 2e999892 c181af57 115126cc
72c89fbd f80ee610 9cc3544e c0e1daf7 1b4b1f8e 8d1761f5 a1541dad a7fbb7d4
a78dd2a5 2d0a5337 cb36c5e6 e9be0074 de21955e eed24ea3 ecc2204f 82be116e
e16b0687 e17ed989 3cff3217 4f662ae9 4818c6
quit
crypto ca certificate chain ASDM_TrustPoint2
certificate 6113fc93000000000006
3082056b 30820453 a0030201 02020a61 13fc9300 00000000 06300d06 092a8648
86f70d01 01050500 30403113 3011060a 09922689 93f22c64 01191603 6e657431
16301406 0a099226 8993f22c 64011916 06737270 76706e31 11300f06 03550403
1308696e 74657263 6133301e 170d3131 31313138 31373533 32325a17 0d313431
31313831 38303332 325a3045 31133011 060a0992 268993f2 2c640119 16036e65
74311630 14060a09 92268993 f22c6401 19160673 72707670 6e311630 14060355
0403130d 73727076 706e2d73 65727665 72308201 22300d06 092a8648 86f70d01
01010500 0382010f 00308201 0a028201 0100b5b1 d902612e 9d63db80 ba413343
003326ab 57226e2c a8955acd 876d319d 07cb2f2f b4a15b71 ad85d416 a05f0a96
e2eec00b 5fceceb7 8f39da12 e11170e4 5d4ac48a 1de4f3de 4e0a18f1 4838b1a3
e953d5d3 f446122b dfe7ed99 12f4d3db a3030b2a 0bddb486 dd009799 f44d9eda
4d640ff0 c86045ef 6dca959d 422209d3 a717f9d2 34701b90 bbeec92b ff7ca53a
683a56d5 4a0c5e39 40228759 89693de3 7ab7ff60 ccc7ddc8 dab4bb26 a265dc62
4b91ecf2 84f04312 3758a58d 5ee5c18a 428cbffa 5e7508b8 64c41673 d647ffeb
f2dedcc5 ba7382a2 271ec5ec 8689f3ce 8001a05a 683b4800 36bf6fcb 820e66b4
ba3ff662 cffe296a de4fcacf 27805f2c f79f0203 010001a3 82026030 82025c30
3d06092b 06010401 82371507 0430302e 06262b06 01040182 37150881 f3c74282
a5e93282 99833186 86d13f84 99a47136 84dbeb78 82aeff67 02016402 0106301d
0603551d 25041630 1406082b 06010505 07030106 082b0601 05050703 02300e06
03551d0f 0101ff04 04030205 a0302706 092b0601 04018237 150a041a 3018300a
06082b06 01050507 0301300a 06082b06 01050507 0302301d 0603551d 0e041604
14834c5d 9374a262 c4f985a5 9669cffc 3bc56a5d 2f301f06 03551d23 04183016
8014f142 b4c5cfe4 551d690e 36be0e0c 3e0f351b 5de33081 c6060355 1d1f0481
be3081bb 3081b8a0 81b5a081 b28681af 6c646170 3a2f2f2f 434e3d69 6e746572
6361332c 434e3d69 6e746572 6361332c 434e3d43 44502c43 4e3d5075 626c6963
2532304b 65792532 30536572 76696365 732c434e 3d536572 76696365 732c434e
3d436f6e 66696775 72617469 6f6e2c44 433d7372 7076706e 2c44433d 6e65743f
63657274 69666963 61746552 65766f63 6174696f 6e4c6973 743f6261 73653f6f
626a6563 74436c61 73733d63 524c4469 73747269 62757469 6f6e506f 696e7430
81b90608 2b060105 05070101 0481ac30 81a93081 a606082b 06010505 07300286
81996c64 61703a2f 2f2f434e 3d696e74 65726361 332c434e 3d414941 2c434e3d
5075626c 69632532 304b6579 25323053 65727669 6365732c 434e3d53 65727669
6365732c 434e3d43 6f6e6669 67757261 74696f6e 2c44433d 73727076 706e2c44
433d6e65 743f6341 43657274 69666963 6174653f 62617365 3f6f626a 65637443
6c617373 3d636572 74696669 63617469 6f6e4175 74686f72 69747930 0d06092a
864886f7 0d010105 05000382 0101009b 07302a5b bea9d18a 99acc833 953090d1
6a4bb651 cf214300 9786fe09 ee333913 abf13673 f345fcb2 760f05c8 f81682db
0e78398a cf439226 5fd32972 ea3e41b3 fa5bf19a 87787d35 988f7f4b a1f13a9a
855063e7 7ae452b5 da5594b6 0743593a bb3bacc0 c137cb0e 3e5fe65e 8fe72b6c
7d826fc8 6ff14257 ff98569f fc0755f5 b8147362 a928ad8f d6a4833c 5bcb4f88
3709096e 2ed1f608 9b125d1d 831e6fe4 f9fa1f57 0d30522b 65642dd7 202b340a
6356ac89 c0ad8674 2195eb8a 98d7b0c0 117cc70f a1122769 1704e643 1b20c9ab
7bbe388e 8db9656a 832b50fc 26b36df7 89b5feff 4e864af8 3f7f15cc 46947263
8e985403 e4316b56 00b493e3 728ab9
quit
crypto ca certificate chain asa1.srpvpn.net_subaltname_ip
certificate 7b2f4173000000000095
30820573 3082045b a0030201 02020a7b 2f417300 00000000 95300d06 092a8648
86f70d01 01050500 30403113 3011060a 09922689 93f22c64 01191603 6e657431
16301406 0a099226 8993f22c 64011916 06737270 76706e31 11300f06 03550403
1308696e 74657263 6133301e 170d3131 31323136 32303238 34365a17 0d313431
32313632 30333834 365a303c 31133011 060a0992 268993f2 2c640119 16036e65
74311630 14060a09 92268993 f22c6401 19160673 72707670 6e310d30 0b060355
04031304 61736131 30820122 300d0609 2a864886 f70d0101 01050003 82010f00
3082010a 02820101 00a5239f fa60e193 2cadcd65 2b5b3a8e f0b89439 5d556498
93e3c58f e8e446ae c9b2bfd6 f913e7a9 6bfe22ea 6dbeac99 37f00ea6 b9fddbe3
969800a2 5300732e ee11bc1b 9b62d2d5 1f9f3a36 4f08d3f1 161419b2 cdcb4769
27c28899 4d1d5908 20508bb9 f652d0dd f7a17e2a 30fff490 de9babf2 445cac70
cb3585af 0d0c1e6c 8d57dc30 dcd2050c 47fb44df 16b37027 1cf4a084 3bc46b78
039557e3 4178e17d 14c71f3a 4299e4f1 37b45b8c a0c38f1f fed9daf1 f4936130
b20dcc04 b0079aa7 cf65d9b5 542fa7e3 a6c36c4e d781fcad 7771b05c 0aef76d5
3ff06ac2 1de91403 b4eae770 6196fc79 55931aee 3f4b7046 d172bcb5 45209908
13082fa0 834c8a2c fd020301 0001a382 02713082 026d303d 06092b06 01040182
37150704 30302e06 262b0601 04018237 150881f3 c74282a5 e9328299 83318686
d13f8499 a4713684 dbeb7882 aeff6702 01640201 06301d06 03551d25 04163014
06082b06 01050507 03010608 2b060105 05070302 300e0603 551d0f01 01ff0404
030205a0 30270609 2b060104 01823715 0a041a30 18300a06 082b0601 05050703
01300a06 082b0601 05050703 02301d06 03551d0e 04160414 a59d5dd6 49917e57
94f0177c c2fd04c4 158134b1 300f0603 551d1104 08300687 040a89cd cd301f06
03551d23 04183016 8014f142 b4c5cfe4 551d690e 36be0e0c 3e0f351b 5de33081
c6060355 1d1f0481 be3081bb 3081b8a0 81b5a081 b28681af 6c646170 3a2f2f2f
434e3d69 6e746572 6361332c 434e3d69 6e746572 6361332c 434e3d43 44502c43
4e3d5075 626c6963 2532304b 65792532 30536572 76696365 732c434e 3d536572
76696365 732c434e 3d436f6e 66696775 72617469 6f6e2c44 433d7372 7076706e
2c44433d 6e65743f 63657274 69666963 61746552 65766f63 6174696f 6e4c6973
743f6261 73653f6f 626a6563 74436c61 73733d63 524c4469 73747269 62757469
6f6e506f 696e7430 81b90608 2b060105 05070101 0481ac30 81a93081 a606082b
06010505 07300286 81996c64 61703a2f 2f2f434e 3d696e74 65726361 332c434e
3d414941 2c434e3d 5075626c 69632532 304b6579 25323053 65727669 6365732c
434e3d53 65727669 6365732c 434e3d43 6f6e6669 67757261 74696f6e 2c44433d
73727076 706e2c44 433d6e65 743f6341 43657274 69666963 6174653f 62617365
3f6f626a 65637443 6c617373 3d636572 74696669 63617469 6f6e4175 74686f72
69747930 0d06092a 864886f7 0d010105 05000382 01010042 6b2edbcc babedac4
fcd05d62 1065d188 fcd5c2cf 2a7b16b0 f2dcfbdb a74afb3d d3a2018d 74d297fd
0d62b2a1 950c861f 07188af1 fd70e08a c35c2b9f 8c0ed6eb f568d5df d282bf67
6d8308b5 ee9b484d a2801827 2790b933 09cdfffd f0b32ffb 9671c544 fab10ae0
9ebd9207 dc773b34 49ea6b85 47b55437 44c4bd58 005433d6 ed471499 963b754a
7bfdc824 29f68549 a409030d bbe0eafc 620305e9 bb566a6f 3b0aeae7 58530984
67853d28 0b3e43dd 7150a0b6 8f57b96b 82eab29c 04055234 88f3d5ac 2f0e9409
31c40f1a 2f999713 d4a52c09 15ad6426 a6bb7792 7d70148c 32c11f4b 82fd9698
fab74bb1 ecd1fa30 d8934b1a 6fec592c 8eed808a c4dfbc
quit
crypto ca certificate chain ASDM_TrustPoint25
certificate ca 25040d89a6b54190485ee9166c30a83b
30820716 308204fe a0030201 02021025 040d89a6 b5419048 5ee9166c 30a83b30
0d06092a 864886f7 0d010105 05003079 31133011 060a0992 268993f2 2c640119
16036e65 74311330 11060a09 92268993 f22c6401 19160372 696d3117 3015060a
09922689 93f22c64 01191607 74657374 6e657431 13301106 0a099226 8993f22c
64011916 03626273 311f301d 06035504 03131642 42532053 74616e64 616c6f6e
6520526f 6f742043 41302017 0d303731 31323931 35313834 345a180f 32303537
31313239 31353237 34305a30 79311330 11060a09 92268993 f22c6401 1916036e
65743113 3011060a 09922689 93f22c64 01191603 72696d31 17301506 0a099226
8993f22c 64011916 07746573 746e6574 31133011 060a0992 268993f2 2c640119
16036262 73311f30 1d060355 04031316 42425320 5374616e 64616c6f 6e652052
6f6f7420 43413082 0222300d 06092a86 4886f70d 01010105 00038202 0f003082
020a0282 020100aa dcb64278 9882ac68 37db98b1 78ddf6b3 6e2a0178 de0d83b0
ba035fac d3bf6d5c 703ad2d3 715bd800 e1370456 f5e9c58c e339a3ff 64afef75
4c749e84 288c52e8 d5c8f5f7 c39d5be2 65031319 0c4ad8a9 332c6709 369f1236
44570e25 fe5a0eeb 2a6effb6 8a0d2cf2 4078680e e39303d9 6a09cb90 9d352140
1d8218aa 5f32e770 2cd98737 0bfd23e3 06128aea 210e674b c9afd3d7 cd487400
143fbe49 08972291 93adf759 e0c723d5 3b0846b7 da8f4371 6de36c52 217b82c7
cbadb1bf ebf8b6dc 74b5d616 c3798ad9 88cd4143 9cbfae29 5d53e036 9e31947d
a37af83c 43264bf6 ae61e72f 82a4d360 d4adc668 40c8afa4 358300d5 4c5d8f68
4e353c3b 700d0e52 ca38994d 7b193ee0 e22a9853 cac699cf c82695a9 9bf1bcb9
8d126476 e4dcc0cd d1c31d80 12a02185 85cacfa5 04a1e653 1e3fbae4 63ca6c2d
82e98735 72a418b0 42fc2b3d 735ff48c 571cbcb6 8e3992b1 11fa7611 e510bc1a
7c6a97cc 293e74b7 0a3127b3 6e21a4e0 4c72b680 f5042334 c720736c 0ee14522
5a2ef2c2 b3b52fe6 a925170c b80a8cc7 990ffc37 77d0cb21 d7a31b1c c0b07233
a0eca279 1f585c12 b6eee75f a0aaf1ff d3d70552 fc5c26a8 b5dd3847 35b148ca
d8acf104 7da5a6d5 9825b2d5 ba598b96 8aa18af1 9d926a66 20009305 b04c8579
1a1e4c24 fe06bec1 7f5cd89b 940e9bcc 97e09166 037968e7 c205edf0 09987d9d
6ae93f51 91d40702 03010001 a3820196 30820192 300b0603 551d0f04 04030201
86300f06 03551d13 0101ff04 05300301 01ff301d 0603551d 0e041604 14fe75a6
42dd9271 e7f449ed 56dd62b9 0918bc24 04308201 3f060355 1d1f0482 01363082
01323082 012ea082 012aa082 01268681 d26c6461 703a2f2f 2f434e3d 42425325
32305374 616e6461 6c6f6e65 25323052 6f6f7425 32304341 2c434e3d 4242532d
43413031 2c434e3d 4344502c 434e3d50 75626c69 63253230 4b657925 32305365
72766963 65732c43 4e3d5365 72766963 65732c43 4e3d436f 6e666967 75726174
696f6e2c 44433d62 62732c44 433d7465 73746e65 742c4443 3d72696d 2c44433d
6e65743f 63657274 69666963 61746552 65766f63 6174696f 6e4c6973 743f6261
73653f6f 626a6563 74436c61 73733d63 524c4469 73747269 62757469 6f6e506f
696e7486 4f687474 703a2f2f 6262732d 63613031 2e626273 2e746573 746e6574
2e72696d 2e6e6574 2f436572 74456e72 6f6c6c2f 42425325 32305374 616e6461
6c6f6e65 25323052 6f6f7425 32304341 2e63726c 30100609 2b060104 01823715
01040302 0100300d 06092a86 4886f70d 01010505 00038202 01000096 ad4aff21
d0d5de45 f9cf7d62 d2186155 4e21acb3 3cb53a90 4198d70e f4312f63 34849eca
09dbbded 5682100b ae44df4f fa507d69 2f38f3c7 aff7a75a bedffcf1 5de49a54
4d97cbff 6e14226d c4d4dace 78a531e1 5c5dc7c3 86acedcc 01f8270d 4f60b631
eaaddc5d f478ee33 036cc0c4 c8420486 bffb6d86 397bb229 4527175f dff26da1
0a100b38 66896a44 1dbea005 66d6544e e5b275cf ad02628d 8124b4da 04ef477d
1632997b afc585b9 e586b7a5 662dab93 7e77c11a d8d68ca9 b006959c 9c11c7de
c523d867 5a16fb74 2d7ffc97 aec1403c 3364aa70 76efb6d1 59d7af6b 538d89c3
d90cd4d1 f22570a3 14c31b40 abdd0e41 a27fa549 fe6652f6 326dc121 cf2d25b0
8a7383ab 7de5fed1 1bdcf80d 7486214b 0796e87b 567ec07c 4ae39414 8c3cbd26
bb9e8e25 c46db9ef 8e94131a b4376898 cf1740df 8c305520 2c0ac444 5392050b
c72396bd de7d6681 e1de4e92 b8bd63c5 83e533d6 2544fce7 5de36dc6 9f108300
79cf67b3 9bff18d0 1ec191a6 0a700fdc 1c50705a e3753e53 f914519c 4286708b
f2acea0c 6f4bbc44 2e1c78ab 57d5c315 5adda461 ae36abb8 03e65cba b0c61272
dfcc8387 21df413d 1e485a48 5b092bf6 ba54b417 36f96fd2 8a286d09 7766edbf
e4c8b823 82454612 251efa2f 8ffabe83 f708330b d28c7a3f a74b68c1 98ee521a
c20993fa cf6eeadd acabffa3 26ef9943 c5d79e4c 179dcf73 b4d5
quit
crypto ca certificate chain asa1_bbsca
certificate 1b4554780000000012b2
308206a6 3082048e a0030201 02020a1b 45547800 00000012 b2300d06 092a8648
86f70d01 01050500 30793113 3011060a 09922689 93f22c64 01191603 6e657431
13301106 0a099226 8993f22c 64011916 0372696d 31173015 060a0992 268993f2
2c640119 16077465 73746e65 74311330 11060a09 92268993 f22c6401 19160362
6273311f 301d0603 55040313 16424253 20537461 6e64616c 6f6e6520 526f6f74
20434130 1e170d31 32303332 30313232 3531335a 170d3238 30333230 31323335
31335a30 3c311330 11060a09 92268993 f22c6401 1916036e 65743116 3014060a
09922689 93f22c64 01191606 73727076 706e310d 300b0603 55040313 04617361
3130819f 300d0609 2a864886 f70d0101 01050003 818d0030 81890281 8100cb7e
05ff7070 302e6b84 2ece0bae f1abfe12 44c87ee7 0501e7ab ce9dc6d5 85ec6ac3
221e0296 dec9c951 feb42277 8813add5 8dfd3956 f2a5732e 1570cef3 33086383
c104a16b d808291f 1aebcf39 f8e9d6a6 2763776d e44a3d3c 30cb7d02 feb93f04
3a2e4d58 08ab938a 3352c667 388006ab d4f8fcaf 9f21a228 dcf159f9 46310203
010001a3 8202ef30 8202eb30 2106092b 06010401 82371402 04141e12 00570065
00620053 00650072 00760065 0072300b 0603551d 0f040403 0205a030 1d060355
1d250416 30140608 2b060105 05070301 06082b06 01050507 03023027 06092b06
01040182 37150a04 1a301830 0a06082b 06010505 07030130 0a06082b 06010505
07030230 1d060355 1d0e0416 0414695d 26064698 5e158ffc c8d5100d fb5ec806
48b8300f 0603551d 11040830 0687040a 89cdcd30 1f060355 1d230418 30168014
fe75a642 dd9271e7 f449ed56 dd62b909 18bc2404 3082013f 0603551d 1f048201
36308201 32308201 2ea08201 2aa08201 268681d2 6c646170 3a2f2f2f 434e3d42
42532532 30537461 6e64616c 6f6e6525 3230526f 6f742532 3043412c 434e3d42
42532d43 4130312c 434e3d43 44502c43 4e3d5075 626c6963 2532304b 65792532
30536572 76696365 732c434e 3d536572 76696365 732c434e 3d436f6e 66696775
72617469 6f6e2c44 433d6262 732c4443 3d746573 746e6574 2c44433d 72696d2c
44433d6e 65743f63 65727469 66696361 74655265 766f6361 74696f6e 4c697374
3f626173 653f6f62 6a656374 436c6173 733d6352 4c446973 74726962 7574696f
6e506f69 6e74864f 68747470 3a2f2f62 62732d63 6130312e 6262732e 74657374
6e65742e 72696d2e 6e65742f 43657274 456e726f 6c6c2f42 42532532 30537461
6e64616c 6f6e6525 3230526f 6f742532 3043412e 63726c30 81dc0608 2b060105
05070101 0481cf30 81cc3081 c906082b 06010505 07300286 81bc6c64 61703a2f
2f2f434e 3d424253 25323053 74616e64 616c6f6e 65253230 526f6f74 25323043
412c434e 3d414941 2c434e3d 5075626c 69632532 304b6579 25323053 65727669
6365732c 434e3d53 65727669 6365732c 434e3d43 6f6e6669 67757261 74696f6e
2c44433d 6262732c 44433d74 6573746e 65742c44 433d7269 6d2c4443 3d6e6574
3f634143 65727469 66696361 74653f62 6173653f 6f626a65 6374436c 6173733d
63657274 69666963 6174696f 6e417574 686f7269 7479300d 06092a86 4886f70d
01010505 00038202 01000c18 6b8869d7 7f82d48c cfd965b0 ffa131a1 d5f8845c
5108b6eb 92bd072e 1d1ea93f f2a4ebae 3c4a3a85 9f3e81d9 9fddd809 3b2b03ce
ee06b6ed 7c37c938 6311e768 a0b9a742 60f1bd58 4b261123 2a243c22 3ac1acad
e0884255 9c4892a5 5f56906b c711aea9 ec136b8f e98c1406 a52a34df f68e3d9b
051fd93c 451701d5 1bcb1d9a c8b170f8 9eb7b396 9d826d53 d371d236 402062a0
7df3827e 7e132349 45336f90 3fbe7a56 82d092c4 e9551b14 3b19d6c7 82f690fc
e012b691 db239dd7 7f1cdb19 35dccc2e 6e17253e 56728bf1 e9bad3fb 07f2ab9c
648b7087 84940f9d 22f1223f 66ec5342 78b8d43a 60915437 0655beaf 5b32dfac
104b9339 8b7a127b ad42fadd 5f2cb046 d8b74e31 8c59c5f2 e46ce551 fc8ba279
f8074211 edb4321c b38bc790 fc2e0851 75016ebe a47d62a0 063f25a0 b1cc7282
62f198cf 1995e552 06aae233 22e3e281 c1bf5832 bb0848dc f2755ea9 afc133c9
acb3195e 82e2e617 8c1c5e85 1dc2d0b8 df18d4d4 19b32b66 04fa311d daeff808
82d23183 0c534899 87d88069 ae9dfcf6 3d253188 99cc07fd e1822124 ba00d0bc
2653ca9f 02236c97 11eece43 c23a18a1 f6885c51 e682ff9b a3b76c83 09a10c3f
0805b2a7 93ab0c5e bd503dca 804a61f8 7a4ee7d0 6335a273 1179163b 6f8ec9be
d2f28043 1793fc2e be8ff049 e5e517a5 6208a6e1 4a86381f 0015de47 08df1100
88ab9970 81a8beab 7947
quit
crypto ikev2 redirect during-init
crypto ikev1 enable Public
crypto ikev1 enable Private
crypto ikev1 enable Public-IPv6
crypto ikev1 ipsec-over-tcp port 10000
crypto ikev1 policy 5
authentication pre-share
encryption des
hash md5
group 1
lifetime 86400
crypto ikev1 policy 6
authentication pre-share
encryption des
hash sha
group 1
lifetime 86400
crypto ikev1 policy 10
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 25
authentication rsa-sig
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 26
authentication pre-share
encryption aes
hash md5
group 2
lifetime 86400
crypto ikev1 policy 27
authentication pre-share
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 28
authentication pre-share
encryption aes-192
hash md5
group 2
lifetime 86400
crypto ikev1 policy 30
authentication pre-share
encryption aes-256
hash sha
group 5
lifetime 86400
crypto ikev1 policy 35
authentication rsa-sig
encryption aes-256
hash sha
group 5
lifetime 86400
crypto ikev1 policy 36
authentication pre-share
encryption aes-256
hash md5
group 5
lifetime 86400
crypto ikev1 policy 40
authentication pre-share
encryption 3des
hash md5
group 1
lifetime 86400
crypto ikev1 policy 41
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 42
authentication pre-share
encryption 3des
hash sha
group 1
lifetime 86400
crypto ikev1 policy 62
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 82
authentication rsa-sig
encryption 3des
hash sha
group 2
lifetime 86400
telnet x.x.1.0 255.255.255.0 Private
telnet x.x.0.0 255.255.128.0 Private
telnet timeout 5
ssh x.x.0.0 255.255.128.0 Private
ssh timeout 5
ssh version 2
console timeout 0
management-access Private
vpn load-balancing
priority 10
interface lbpublic Public
interface lbprivate Private
cluster key *****
cluster ip address x.x.x..220
cluster encryption
participate
dhcp-client client-id interface temp
dhcpd dns x.x.x.171.96.38
dhcpd domain wintestnet.rim.net
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
tftp-server Private x.x.x.169 asdm-621.bin
webvpn
enable Public
enable Private
group-policy rsagroup internal
group-policy rsagroup attributes
vpn-tunnel-protocol ikev1
group-lock value rsagroup
group-policy rsasdigroup internal
group-policy rsasdigroup attributes
vpn-tunnel-protocol ikev1
group-policy DefaultRAGroup internal
group-policy DefaultRAGroup attributes
vpn-tunnel-protocol ikev1 l2tp-ipsec
default-domain value srpvpn.net
group-policy 200subnets internal
group-policy 200subnets attributes
dns-server value x.x.1.2 x.x.1.241
vpn-tunnel-protocol ikev1
split-tunnel-policy tunnelspecified
split-tunnel-network-list value 200_Subnets
default-domain value srpvpn.net
group-policy DfltGrpPolicy attributes
banner value Welcome to RIM VPN IOT MISSISSAUGA ASA1!
dns-server value x.x.1.2 x.x.1.241
vpn-idle-timeout none
vpn-tunnel-protocol ikev1 l2tp-ipsec
password-storage enable
default-domain value srpvpn.net
address-pools value srpvpn_pool
group-policy loadbalxauthpskgroup internal
group-policy loadbalxauthpskgroup attributes
vpn-tunnel-protocol ikev1 l2tp-ipsec
group-policy loadbalxauthpkigroup internal
group-policy loadbalxauthpkigroup attributes
vpn-tunnel-protocol ikev1 l2tp-ipsec
group-policy bannergroup internal
group-policy bannergroup attributes
banner value !START BANNER- 12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678912345 678 - END BANNER!
group-policy GroupPolicy1 internal
group-policy GroupPolicy1 attributes
vpn-tunnel-protocol ikev1 l2tp-ipsec
group-policy certgroup internal
group-policy certgroup attributes
wins-server none
dns-server value x.x.1.2 x.x.1.241
vpn-simultaneous-logins 10
vpn-tunnel-protocol ikev1
default-domain value srpvpn.net
group-policy subnetgroup internal
group-policy subnetgroup attributes
wins-server none
dns-server value x.x.1.2 x.x.1.241
vpn-tunnel-protocol ikev1 ikev2
split-tunnel-policy tunnelspecified
split-tunnel-network-list value 1
default-domain value srpvpn.net
group-policy vpnpsk internal
group-policy vpnpsk attributes
wins-server none
dns-server value x.x.1.2 x.x.1.241
vpn-idle-timeout none
vpn-session-timeout none
vpn-tunnel-protocol ikev1
group-lock value vpnpsk
default-domain value srpvpn.net
client-access-rule none
webvpn
anyconnect dpd-interval gateway 20
group-policy vpnpki internal
group-policy vpnpki attributes
wins-server none
dns-server value x.x.1.2 x.x.1.241
vpn-tunnel-protocol ikev1
group-lock value vpnpki
default-domain value srpvpn.net
group-policy subnetnetmask255 internal
group-policy subnetnetmask255 attributes
wins-server none
dns-server value x.x.1.2 x.x.1.241
vpn-tunnel-protocol ikev1
group-lock value subnetnetmask255
split-tunnel-policy tunnelspecified
split-tunnel-network-list value 1
default-domain value srpvpn.net
address-pools value subnetmask255
client-access-rule none
group-policy vpnpskdpd internal
group-policy vpnpskdpd attributes
wins-server none
dns-server value x.x.1.2 x.x.1.241
vpn-idle-timeout none
vpn-session-timeout none
vpn-tunnel-protocol ikev1
group-lock value vpnpsk
default-domain value srpvpn.net
client-access-rule none
webvpn
anyconnect dpd-interval gateway 20
group-policy vpnpfs internal
group-policy vpnpfs attributes
wins-server none
dns-server value x.x.1.2 x.x.1.241
vpn-tunnel-protocol ikev1
pfs enable
default-domain value srpvpn.net
group-policy besadmin_policy internal
group-policy besadmin_policy attributes
banner value You have just connected to ASA1 at RIM VPN IOT Labs in Mississauga
vpn-tunnel-protocol ikev1 l2tp-ipsec
password-storage enable
group-policy xauthpskgroup internal
group-policy xauthpskgroup attributes
wins-server none
dns-server value x.x.1.2 x.x.1.241
vpn-simultaneous-logins 20
vpn-tunnel-protocol ikev1
default-domain value srpvpn.net
group-policy xauthpskpfsgroup internal
group-policy xauthpskpfsgroup attributes
vpn-tunnel-protocol ikev1
pfs enable
group-policy xauthpskdpdgroup internal
group-policy xauthpskdpdgroup attributes
vpn-access-hours none
vpn-simultaneous-logins 5
vpn-idle-timeout none
vpn-session-timeout none
vpn-tunnel-protocol ikev1 l2tp-ipsec
webvpn
anyconnect ssl keepalive none
anyconnect dpd-interval client none
anyconnect dpd-interval gateway none
group-policy xauthpsknodpdgroup internal
group-policy xauthpsknodpdgroup attributes
vpn-access-hours none
vpn-simultaneous-logins 5
vpn-idle-timeout none
vpn-session-timeout none
vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-clientless
group-lock none
group-policy xauthpkigroup2 internal
group-policy xauthpkigroup2 attributes
dns-server value x.x.1.2 x.x.1.241
vpn-tunnel-protocol ikev1
default-domain value srpvpn.net
group-policy netmask255 internal
group-policy netmask255 attributes
dns-server value x.x.1.2 x.x.1.241
vpn-tunnel-protocol ikev1
default-domain value srpvpn.net
username srplabadmin password 9IGekr3RKTEBHD1o encrypted privilege 15
username asa1 password 9sgdVO7SMcuwdTUg encrypted
username asa1 attributes
vpn-group-policy vpnpki
service-type remote-access
username 200subnetsuser password nIM5qERzIn/N3muQ encrypted
username 200subnetsuser attributes
vpn-group-policy 200subnets
service-type remote-access
username subnetuser password URXRJR8WoEA7Qu2b encrypted
username subnetuser attributes
vpn-group-policy subnetgroup
group-lock value subnetgroup
service-type remote-access
username besadminsrnd password VprIEpSQ28F23BkF encrypted
username besadminsrnd attributes
service-type remote-access
username besautomcat password ULSr1V9NLBH.2oZ3 encrypted
username besautomcat attributes
service-type remote-access
tunnel-group DefaultRAGroup general-attributes
accounting-server-group AAA_RADIUS
tunnel-group DefaultRAGroup ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group DefaultRAGroup ppp-attributes
authentication pap
authentication ms-chap-v2
authentication eap-proxy
tunnel-group DefaultWEBVPNGroup general-attributes
accounting-server-group AAA_RADIUS
tunnel-group xauthpkigroup2 type remote-access
tunnel-group xauthpkigroup2 general-attributes
address-pool srpvpn_pool
authentication-server-group AAA_RADIUS
accounting-server-group AAA_RADIUS
default-group-policy xauthpkigroup2
tunnel-group xauthpkigroup2 ipsec-attributes
peer-id-validate cert
chain
ikev1 trust-point ASDM_TrustPoint2
tunnel-group certgroup type remote-access
tunnel-group certgroup general-attributes
authentication-server-group AAA_RADIUS
accounting-server-group AAA_RADIUS
default-group-policy certgroup
tunnel-group certgroup ipsec-attributes
peer-id-validate cert
chain
ikev1 trust-point ASDM_TrustPoint2
tunnel-group netmask255 type remote-access
tunnel-group netmask255 general-attributes
address-pool netmask255
authentication-server-group AAA_RADIUS
accounting-server-group AAA_RADIUS
default-group-policy netmask255
tunnel-group netmask255 ipsec-attributes
ikev1 pre-shared-key *****
ikev1 user-authentication none
tunnel-group besadmingroup type remote-access
tunnel-group besadmingroup general-attributes
authentication-server-group AAA_RADIUS
accounting-server-group AAA_RADIUS
default-group-policy besadmin_policy
tunnel-group besadmingroup ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 200subnets type remote-access
tunnel-group 200subnets general-attributes
authentication-server-group AAA_RADIUS
accounting-server-group AAA_RADIUS
default-group-policy 200subnets
tunnel-group 200subnets ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group subnetgroup type remote-access
tunnel-group subnetgroup general-attributes
authentication-server-group AAA_RADIUS
accounting-server-group AAA_RADIUS
default-group-policy subnetgroup
tunnel-group subnetgroup ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group besautomationSVVgroup type remote-access
tunnel-group besautomationSVVgroup general-attributes
authentication-server-group AAA_RADIUS
tunnel-group besautomationSVVgroup ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group vpnpsk type remote-access
tunnel-group vpnpsk general-attributes
authentication-server-group AAA_RADIUS
authorization-server-group LOCAL
accounting-server-group AAA_RADIUS
default-group-policy vpnpsk
tunnel-group vpnpsk ipsec-attributes
ikev1 pre-shared-key *****
ikev1 user-authentication none
tunnel-group vpnpki type remote-access
tunnel-group vpnpki general-attributes
authentication-server-group AAA_RADIUS LOCAL
authorization-server-group LOCAL
accounting-server-group AAA_RADIUS
default-group-policy vpnpki
tunnel-group vpnpki ipsec-attributes
ikev1 pre-shared-key *****
peer-id-validate nocheck
chain
ikev1 trust-point ASDM_TrustPoint2
isakmp keepalive threshold 30 retry 2
ikev1 user-authentication none
tunnel-group vpnpfs type remote-access
tunnel-group vpnpfs general-attributes
authentication-server-group AAA_RADIUS
authorization-server-group LOCAL
accounting-server-group AAA_RADIUS
default-group-policy vpnpfs
tunnel-group vpnpfs ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group rsagroup type remote-access
tunnel-group rsagroup general-attributes
authentication-server-group Radius
accounting-server-group AAA_RADIUS
default-group-policy rsagroup
tunnel-group rsagroup ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group rsasdigroup type remote-access
tunnel-group rsasdigroup general-attributes
authentication-server-group RSA
accounting-server-group AAA_RADIUS
default-group-policy rsasdigroup
tunnel-group rsasdigroup ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group vpnpskdpd type remote-access
tunnel-group vpnpskdpd general-attributes
accounting-server-group AAA_RADIUS
default-group-policy vpnpskdpd
tunnel-group vpnpskdpd ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group subnetnetmask255 type remote-access
tunnel-group subnetnetmask255 general-attributes
authentication-server-group AAA_RADIUS
accounting-server-group AAA_RADIUS
default-group-policy subnetnetmask255
tunnel-group subnetnetmask255 ipsec-attributes
ikev1 pre-shared-key *****
ikev1 user-authentication none
tunnel-group xauthpskgroup type remote-access
tunnel-group xauthpskgroup general-attributes
address-pool srpvpn_pool
authentication-server-group AAA_RADIUS
accounting-server-group AAA_RADIUS
default-group-policy xauthpskgroup
tunnel-group xauthpskgroup ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group udsdevsv&v type remote-access
tunnel-group udsdevsv&v general-attributes
address-pool srpvpn_pool
authentication-server-group AAA_RADIUS
accounting-server-group AAA_RADIUS
tunnel-group udsdevsv&v ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group xauthpskpfsgroup type remote-access
tunnel-group xauthpskpfsgroup general-attributes
address-pool srpvpn_pool
authentication-server-group AAA_RADIUS
accounting-server-group AAA_RADIUS
default-group-policy xauthpskpfsgroup
tunnel-group xauthpskpfsgroup ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group xauthpskdpdgroup type remote-access
tunnel-group xauthpskdpdgroup general-attributes
address-pool srpvpn_pool
authentication-server-group AAA_RADIUS
accounting-server-group AAA_RADIUS
default-group-policy xauthpskdpdgroup
tunnel-group xauthpskdpdgroup ipsec-attributes
ikev1 pre-shared-key *****
isakmp keepalive threshold 30 retry 3
tunnel-group xauthpsknodpdgroup type remote-access
tunnel-group xauthpsknodpdgroup general-attributes
authentication-server-group AAA_RADIUS
accounting-server-group AAA_RADIUS
default-group-policy xauthpsknodpdgroup
tunnel-group xauthpsknodpdgroup ipsec-attributes
ikev1 pre-shared-key *****
isakmp keepalive disable
tunnel-group loadbalxauthpskgroup type remote-access
tunnel-group loadbalxauthpskgroup general-attributes
address-pool srpvpn_pool
authentication-server-group AAA_RADIUS
default-group-policy loadbalxauthpskgroup
tunnel-group loadbalxauthpskgroup ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group loadbalxauthpkigroup type remote-access
tunnel-group loadbalxauthpkigroup general-attributes
address-pool srpvpn_pool
authentication-server-group AAA_RADIUS
default-group-policy loadbalxauthpkigroup
tunnel-group loadbalxauthpkigroup ipsec-attributes
ikev1 pre-shared-key *****
chain
ikev1 trust-point asa1.srpvpn.net_subaltname_ip
tunnel-group-map enable rules
no tunnel-group-map enable ou
no tunnel-group-map enable ike-id
no tunnel-group-map enable peer-ip
tunnel-group-map certgroup 30 certgroup
tunnel-group-map xauthpkigroup 20 xauthpkigroup2
tunnel-group-map vpnpki 25 vpnpki
!
class-map sip_inspect
match access-list inspection
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map type inspect sip allow_sip
parameters
max-forwards-validation action drop log
state-checking action drop log
uri-non-sip action mask log
match called-party regex _default_GoToMyPC-tunnel
drop log
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
policy-map mypolicy
class sip_inspect
inspect sip
policy-map type inspect dns migrated_dns_map_1
parameters
message-length maximum 512
!
service-policy global_policy global
prompt hostname context
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:37f0bca67c14cd1ad7845d6f6e469e89
: end
asdm image disk0:/asdm-643.bin
asdm location ipv6-public/128 Private
asdm location ipv6-private/128 Private
asdm location x.x.x..205 255.255.255.255 Private
asdm location Waterloo 255.255.255.0 Private
no asdm history enable
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-13-2012 04:56 AM
Can you pls run "debug radius all" when you try to authenticate via SSL VPN and share the debug output pls.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-22-2013 01:06 PM
Sorry for the delay on this.....
Here ist he failed Web Clientless SSL attempt.
Note with this same ACS server i am able to use my domain credentials and login via a Cisco 4400 WLC using EAP-FAST and works fine.
Also on the ACS server i get this error when trying this authentication.
Failed
| 02/22/2013 | 15:58:04 | Authen failed | amilanoski | Admin Group | 10.137.x.x | (Default) | Internal error | .. | .. | 23715840 | 172.16.1.220 | .. | .. | .. | .. | .. | BBOSVPN_Lab_Tahoe_and_RIM14 | .. |
Passed
| 02/22/2013 | 15:03:28 | Authen failed | amilanoski | Admin Group | 34-bb-1f-05-9c-9d | (Default) | EAP-FAST user was provisioned with a new PAC | .. | .. | 3 | 10.137.205.199 | .. | .. | 43 | EAP-FAST | .. | wlcs1.bboslab.testnet.rim.net | .. |
asa2# debug radius all
asa2# radius mkreq: 0x4985
alloc_rip 0xae5038a8
new request 0x4985 --> 46 (0xae5038a8)
got user 'amilanoski'
got password
add_req 0xae5038a8 session 0x4985 id 46
RADIUS_REQUEST
radius.c: rad_mkpkt
rad_mkpkt: ip:source-ip=x.x.52.211
RADIUS packet decode (authentication request)
--------------------------------------
Raw packet data (length = 148).....
01 2e 00 94 44 2d 62 f3 b0 29 ae 4f dc e5 ba 6b | ....D-b..).O...k
c8 61 86 47 01 0c 61 6d 69 6c 61 6e 6f 73 6b 69 | .a.G..amilanoski
02 12 2c b6 b3 d4 56 b9 04 7b 5d 19 28 fc 6e 2f | ..,...V..{].(.n/
3b 00 05 06 01 69 e0 00 1e 10 31 30 2e 31 33 37 | ;....i....x.x
2e 32 30 35 2e 32 31 38 1f 0f 31 30 2e 31 33 37 | .205.218..x.x
2e 35 32 2e 32 31 31 3d 06 00 00 00 05 42 0f 31 | .52.211=.....B.1
30 2e 31 33 37 2e 35 32 2e 32 31 31 04 06 ac 10 | 0.137.52.211....
01 dc 1a 22 00 00 00 09 01 1c 69 70 3a 73 6f 75 | ..."......ip:sou
72 63 65 2d 69 70 3d 31 30 2e 31 33 37 2e 35 32 | rce-ip=x.x.52
2e 32 31 31 | .211
Parsed packet data.....
Radius: Code = 1 (0x01)
Radius: Identifier = 46 (0x2E)
Radius: Length = 148 (0x0094)
Radius: Vector: 442D62F3B029AE4FDCE5BA6BC8618647
Radius: Type = 1 (0x01) User-Name
Radius: Length = 12 (0x0C)
Radius: Value (String) =
61 6d 69 6c 61 6e 6f 73 6b 69 | amilanoski
Radius: Type = 2 (0x02) User-Password
Radius: Length = 18 (0x12)
Radius: Value (String) =
2c b6 b3 d4 56 b9 04 7b 5d 19 28 fc 6e 2f 3b 00 | ,...V..{].(.n/;.
Radius: Type = 5 (0x05) NAS-Port
Radius: Length = 6 (0x06)
Radius: Value (Hex) = 0x169E000
Radius: Type = 30 (0x1E) Called-Station-Id
Radius: Length = 16 (0x10)
Radius: Value (String) =
31 30 2e 31 33 37 2e 32 30 35 2e 32 31 38 | x.x.205.218
Radius: Type = 31 (0x1F) Calling-Station-Id
Radius: Length = 15 (0x0F)
Radius: Value (String) =
31 30 2e 31 33 37 2e 35 32 2e 32 31 31 | x.x.52.211
Radius: Type = 61 (0x3D) NAS-Port-Type
Radius: Length = 6 (0x06)
Radius: Value (Hex) = 0x5
Radius: Type = 66 (0x42) Tunnel-Client-Endpoint
Radius: Length = 15 (0x0F)
Radius: Value (String) =
31 30 2e 31 33 37 2e 35 32 2e 32 31 31 | x.x.52.211
Radius: Type = 4 (0x04) NAS-IP-Address
Radius: Length = 6 (0x06)
Radius: Value (IP Address) = 172.16.1.220 (0xAC1001DC)
Radius: Type = 26 (0x1A) Vendor-Specific
Radius: Length = 34 (0x22)
Radius: Vendor ID = 9 (0x00000009)
Radius: Type = 1 (0x01) Cisco-AV-pair
Radius: Length = 28 (0x1C)
Radius: Value (String) =
69 70 3a 73 6f 75 72 63 65 2d 69 70 3d 31 30 2e | ip:source-ip=x.
31 33 37 2e 35 32 2e 32 31 31 | x.52.211
send pkt 172.16.1.3/1645
RADIUS_SENT:server response timeout
RADIUS_DELETE
remove_req 0xae501784 session 0x4984 id 45
free_rip 0xae501784
RADIUS_SENT:server response timeout
RADIUS_DELETE
remove_req 0xae5038a8 session 0x4985 id 46
free_rip 0xae5038a8
radius: send queue empty
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide