Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
297
Views
0
Helpful
1
Replies

VPN connects but can't reach internal resources

simpsonbl05
Level 1
Level 1

‎11-12-2015 08:06 AM

We recently added a fiber cirucuit to our main building (the 5510 below) and I restored a backup of our other 5510 and changed the IP's over. I've been trying to configure a 5505 at one of our remote offices and I am able to ping the new 5510, but I can't reach anything beyond it (ie 192.168.1.101). Any help would be appreciated.

5510:


ASA Version 8.2(5)
!
hostname Mainoffice


names
!
interface Ethernet0/0
nameif outside
security-level 0
ip address 70.X.X.162 255.255.255.248
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 192.168.1.2 255.255.255.0
!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
no nameif
no security-level
no ip address
!
boot system disk0:/asa825-k8.bin
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
object-group protocol DM_INLINE_PROTOCOL_1
protocol-object ip
protocol-object icmp
object-group protocol DM_INLINE_PROTOCOL_3
protocol-object ip
protocol-object icmp
object-group protocol DM_INLINE_PROTOCOL_2
protocol-object ip
protocol-object icmp
protocol-object udp
protocol-object tcp
object-group protocol DM_INLINE_PROTOCOL_4
protocol-object ip
protocol-object icmp
access-list outside_1_cryptomap extended permit ip 192.168.1.0 255.255.255.0 10.0.63.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 10.0.64.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 10.0.58.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 10.0.19.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 10.0.65.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 10.0.67.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 10.0.9.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 10.0.2.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 10.0.21.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 10.0.26.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 10.0.27.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 10.0.35.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 10.0.40.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 10.0.3.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 10.0.5.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 10.0.8.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 10.0.15.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 10.0.16.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 10.0.18.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 10.0.22.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 10.0.23.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 10.0.31.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 10.0.34.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 10.0.37.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 10.0.39.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 10.0.43.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 10.0.45.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 10.0.50.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 10.0.54.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 10.0.56.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 10.0.59.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 10.0.61.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 10.0.68.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 10.0.74.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 10.0.76.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 10.0.77.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 10.0.78.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 10.0.73.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 10.0.29.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 10.0.1.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 10.0.20.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 10.0.25.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 10.0.33.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 10.0.71.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 10.0.10.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 10.0.41.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 10.0.42.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 10.0.12.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 10.0.51.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 10.0.75.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 10.0.63.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 10.0.6.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 10.0.48.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 10.0.72.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 10.0.57.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 10.0.3.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list outside_2_cryptomap extended permit ip 192.168.1.0 255.255.255.0 10.0.58.0 255.255.255.0
access-list outside_4_cryptomap extended permit ip 192.168.1.0 255.255.255.0 10.0.65.0 255.255.255.0
access-list outside_access_in extended permit object-group DM_INLINE_PROTOCOL_4 any any
access-list outside_access_in extended permit object-group DM_INLINE_PROTOCOL_2 any host 70.X.X.163 inactive
access-list outside_5_cryptomap extended permit ip 192.168.1.0 255.255.255.0 10.0.67.0 255.255.255.0
access-list outside_6_cryptomap extended permit ip 192.168.1.0 255.255.255.0 10.0.9.0 255.255.255.0
access-list outside_7_cryptomap extended permit ip 192.168.1.0 255.255.255.0 10.0.39.0 255.255.255.0
access-list outside_8_cryptomap extended permit ip 192.168.1.0 255.255.255.0 10.0.21.0 255.255.255.0
access-list outside_9_cryptomap extended permit ip 192.168.1.0 255.255.255.0 10.0.26.0 255.255.255.0
access-list outside_10_cryptomap extended permit ip 192.168.1.0 255.255.255.0 10.0.27.0 255.255.255.0
access-list outside_11_cryptomap extended permit ip 192.168.1.0 255.255.255.0 10.0.35.0 255.255.255.0
access-list outside_12_cryptomap extended permit ip 192.168.1.0 255.255.255.0 10.0.40.0 255.255.255.0
access-list outside_13_cryptomap extended permit ip 192.168.1.0 255.255.255.0 10.0.3.0 255.255.255.0
access-list outside_14_cryptomap extended permit ip 192.168.1.0 255.255.255.0 10.0.5.0 255.255.255.0
access-list outside_15_cryptomap extended permit ip 192.168.1.0 255.255.255.0 10.0.8.0 255.255.255.0
access-list outside_16_cryptomap extended permit ip 192.168.1.0 255.255.255.0 10.0.78.0 255.255.255.0
access-list outside_17_cryptomap extended permit ip 192.168.1.0 255.255.255.0 10.0.16.0 255.255.255.0
access-list outside_18_cryptomap extended permit ip 192.168.1.0 255.255.255.0 10.0.18.0 255.255.255.0
access-list outside_19_cryptomap extended permit ip 192.168.1.0 255.255.255.0 10.0.22.0 255.255.255.0
access-list outside_20_cryptomap extended permit ip 192.168.1.0 255.255.255.0 10.0.15.0 255.255.255.0
access-list outside_21_cryptomap extended permit ip 192.168.1.0 255.255.255.0 10.0.31.0 255.255.255.0
access-list outside_22_cryptomap extended permit ip 192.168.1.0 255.255.255.0 10.0.34.0 255.255.255.0
access-list outside_23_cryptomap extended permit ip 192.168.1.0 255.255.255.0 10.0.37.0 255.255.255.0
access-list outside_24_cryptomap extended permit ip 192.168.1.0 255.255.255.0 10.0.2.0 255.255.255.0
access-list outside_25_cryptomap extended permit ip 192.168.1.0 255.255.255.0 10.0.43.0 255.255.255.0
access-list outside_26_cryptomap extended permit ip 192.168.1.0 255.255.255.0 10.0.45.0 255.255.255.0
access-list outside_27_cryptomap extended permit ip 192.168.1.0 255.255.255.0 10.0.50.0 255.255.255.0
access-list outside_29_cryptomap extended permit ip 192.168.1.0 255.255.255.0 10.0.56.0 255.255.255.0
access-list outside_30_cryptomap extended permit ip 192.168.1.0 255.255.255.0 10.0.59.0 255.255.255.0
access-list outside_31_cryptomap extended permit ip 192.168.1.0 255.255.255.0 10.0.61.0 255.255.255.0
access-list outside_32_cryptomap extended permit ip 192.168.1.0 255.255.255.0 10.0.42.0 255.255.255.0
access-list outside_33_cryptomap extended permit ip 192.168.1.0 255.255.255.0 10.0.54.0 255.255.255.0
access-list outside_34_cryptomap extended permit ip 192.168.1.0 255.255.255.0 10.0.76.0 255.255.255.0
access-list outside_35_cryptomap extended permit ip 192.168.1.0 255.255.255.0 10.0.77.0 255.255.255.0
access-list outside_36_cryptomap extended permit ip 192.168.1.0 255.255.255.0 10.0.33.0 255.255.255.0
access-list outside_38_cryptomap extended permit ip 192.168.1.0 255.255.255.0 10.0.29.0 255.255.255.0
access-list outside_39_cryptomap_1 extended permit ip 192.168.1.0 255.255.255.0 10.0.1.0 255.255.255.0
access-list outside_40_cryptomap extended permit ip 192.168.1.0 255.255.255.0 10.0.20.0 255.255.255.0
access-list outside_41_cryptomap extended permit ip 192.168.1.0 255.255.255.0 10.0.25.0 255.255.255.0
access-list outside_43_cryptomap extended permit ip 192.168.1.0 255.255.255.0 10.0.71.0 255.255.255.0
access-list outside_37_cryptomap extended permit ip 192.168.1.0 255.255.255.0 10.0.57.0 255.255.255.0
access-list outside_28_cryptomap extended permit ip 192.168.1.0 255.255.255.0 10.0.41.0 255.255.255.0
access-list outside_47_cryptomap extended permit ip 192.168.1.0 255.255.255.0 10.0.12.0 255.255.255.0
access-list outside_48_cryptomap extended permit ip 192.168.1.0 255.255.255.0 10.0.51.0 255.255.255.0
access-list outside_49_cryptomap extended permit ip 192.168.1.0 255.255.255.0 10.0.75.0 255.255.255.0
access-list outside_51_cryptomap extended permit ip 192.168.1.0 255.255.255.0 10.0.6.0 255.255.255.0
access-list outside_55_cryptomap extended permit ip 192.168.1.0 255.255.255.0 10.0.10.0 255.255.255.0
access-list outside_cryptomap extended permit ip 192.168.1.0 255.255.255.0 10.0.19.0 255.255.255.0
access-list outside_45_cryptomap extended permit ip 192.168.1.0 255.255.255.0 10.0.48.0 255.255.255.0
access-list outside_17_cryptomap_1 extended permit ip 192.168.1.0 255.255.255.0 10.0.74.0 255.255.255.0
access-list outside_42_cryptomap extended permit ip 192.168.1.0 255.255.255.0 10.0.72.0 255.255.255.0
pager lines 20
logging enable
logging timestamp
logging buffer-size 1000000
logging buffered debugging
logging trap warnings
logging asdm informational
no logging message 111005
mtu outside 1500
mtu inside 1500
ip local pool vpnpool1 192.168.100.1-192.168.100.10
ip local pool Remote_Access_VPN_Pool 192.168.1.53-192.168.1.54 mask 255.255.255.0
ip audit name Counter_DDOS attack action reset
ip audit attack action reset
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any outside
icmp permit any inside
asdm image disk0:/asdm-645.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) 70.X.X.163 192.168.1.5 netmask 255.255.255.255
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 70.X.X.161 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication enable console LOCAL
aaa authentication http console LOCAL
aaa authentication serial console LOCAL
aaa authentication ssh console LOCAL
http server enable
http 205.X.X.0 255.255.254.0 outside
http 10.0.58.0 255.255.255.0 inside
http 192.168.1.0 255.255.255.0 inside
http 78.X.X.3 255.255.255.255 outside
http 71.X.X.3 255.255.255.255 outside
http 70.X.X.0 255.255.255.0 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA-TRANS mode transport
crypto ipsec transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-AES-128-MD5-TRANS mode transport
crypto ipsec transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA-TRANS mode transport
crypto ipsec transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5-TRANS mode transport
crypto ipsec transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-SHA-TRANS mode transport
crypto ipsec transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-MD5-TRANS mode transport
crypto ipsec transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA-TRANS mode transport
crypto ipsec transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5-TRANS mode transport
crypto ipsec transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-SHA-TRANS mode transport
crypto ipsec transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac
crypto ipsec transform-set ESP-DES-MD5-TRANS mode transport
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map0 1 match address outside_1_cryptomap
crypto map outside_map0 1 set pfs
crypto map outside_map0 1 set peer 69.X.X.15
crypto map outside_map0 1 set transform-set ESP-3DES-SHA
crypto map outside_map0 2 match address outside_2_cryptomap
crypto map outside_map0 2 set pfs
crypto map outside_map0 2 set peer 67.X.X.12
crypto map outside_map0 2 set transform-set ESP-3DES-SHA
crypto map outside_map0 3 match address outside_cryptomap
crypto map outside_map0 3 set pfs
crypto map outside_map0 3 set peer 69.X.X.101
crypto map outside_map0 3 set transform-set ESP-3DES-SHA
crypto map outside_map0 4 match address outside_4_cryptomap
crypto map outside_map0 4 set pfs
crypto map outside_map0 4 set peer 65.X.X.132
crypto map outside_map0 4 set transform-set ESP-3DES-SHA
crypto map outside_map0 5 match address outside_5_cryptomap
crypto map outside_map0 5 set pfs
crypto map outside_map0 5 set peer 67.X.X.17
crypto map outside_map0 5 set transform-set ESP-3DES-SHA
crypto map outside_map0 6 match address outside_6_cryptomap
crypto map outside_map0 6 set pfs
crypto map outside_map0 6 set peer 67.X.X.91
crypto map outside_map0 6 set transform-set ESP-3DES-SHA
crypto map outside_map0 7 match address outside_7_cryptomap
crypto map outside_map0 7 set pfs
crypto map outside_map0 7 set peer 184.X.X.167
crypto map outside_map0 7 set transform-set ESP-3DES-SHA
crypto map outside_map0 8 match address outside_8_cryptomap
crypto map outside_map0 8 set pfs
crypto map outside_map0 8 set peer 184.X.X.17
crypto map outside_map0 8 set transform-set ESP-3DES-SHA
crypto map outside_map0 9 match address outside_9_cryptomap
crypto map outside_map0 9 set pfs
crypto map outside_map0 9 set peer 63.X.X.145
crypto map outside_map0 9 set transform-set ESP-3DES-SHA
crypto map outside_map0 10 match address outside_10_cryptomap
crypto map outside_map0 10 set pfs
crypto map outside_map0 10 set peer 67.X.X.11
crypto map outside_map0 10 set transform-set ESP-3DES-SHA
crypto map outside_map0 11 match address outside_11_cryptomap
crypto map outside_map0 11 set pfs
crypto map outside_map0 11 set peer 205.X.X.4
crypto map outside_map0 11 set transform-set ESP-3DES-SHA
crypto map outside_map0 12 match address outside_12_cryptomap
crypto map outside_map0 12 set pfs
crypto map outside_map0 12 set peer 184.X.X.203
crypto map outside_map0 12 set transform-set ESP-3DES-SHA
crypto map outside_map0 13 match address outside_13_cryptomap
crypto map outside_map0 13 set pfs
crypto map outside_map0 13 set peer 67.X.X.13
crypto map outside_map0 13 set transform-set ESP-3DES-SHA
crypto map outside_map0 14 match address outside_14_cryptomap
crypto map outside_map0 14 set pfs
crypto map outside_map0 14 set peer 63.X.X.179
crypto map outside_map0 14 set transform-set ESP-3DES-SHA
crypto map outside_map0 15 match address outside_15_cryptomap
crypto map outside_map0 15 set pfs
crypto map outside_map0 15 set peer 69.X.X.150
crypto map outside_map0 15 set transform-set ESP-3DES-SHA
crypto map outside_map0 16 match address outside_16_cryptomap
crypto map outside_map0 16 set pfs
crypto map outside_map0 16 set peer 67.X.X.147
crypto map outside_map0 16 set transform-set ESP-3DES-SHA
crypto map outside_map0 17 match address outside_17_cryptomap_1
crypto map outside_map0 17 set pfs
crypto map outside_map0 17 set peer 184.X.X.27
crypto map outside_map0 17 set transform-set ESP-3DES-SHA
crypto map outside_map0 18 match address outside_18_cryptomap
crypto map outside_map0 18 set pfs
crypto map outside_map0 18 set peer 65.X.X.19
crypto map outside_map0 18 set transform-set ESP-3DES-SHA
crypto map outside_map0 19 match address outside_19_cryptomap
crypto map outside_map0 19 set pfs
crypto map outside_map0 19 set peer 65.X.X.44
crypto map outside_map0 19 set transform-set ESP-3DES-SHA
crypto map outside_map0 20 match address outside_20_cryptomap
crypto map outside_map0 20 set pfs
crypto map outside_map0 20 set peer 69.X.X.156
crypto map outside_map0 20 set transform-set ESP-3DES-SHA
crypto map outside_map0 21 match address outside_21_cryptomap
crypto map outside_map0 21 set pfs
crypto map outside_map0 21 set peer 69.X.X.22
crypto map outside_map0 21 set transform-set ESP-3DES-SHA
crypto map outside_map0 22 match address outside_22_cryptomap
crypto map outside_map0 22 set pfs
crypto map outside_map0 22 set peer 67.X.X.10
crypto map outside_map0 22 set transform-set ESP-3DES-SHA
crypto map outside_map0 23 match address outside_23_cryptomap
crypto map outside_map0 23 set pfs
crypto map outside_map0 23 set peer 184.X.X.131
crypto map outside_map0 23 set transform-set ESP-3DES-SHA
crypto map outside_map0 24 match address outside_24_cryptomap
crypto map outside_map0 24 set pfs
crypto map outside_map0 24 set peer 69.X.X.28
crypto map outside_map0 24 set transform-set ESP-3DES-SHA
crypto map outside_map0 25 match address outside_25_cryptomap
crypto map outside_map0 25 set pfs
crypto map outside_map0 25 set peer 69.X.X.29
crypto map outside_map0 25 set transform-set ESP-3DES-SHA
crypto map outside_map0 26 match address outside_26_cryptomap
crypto map outside_map0 26 set pfs
crypto map outside_map0 26 set peer 65.X.X.138
crypto map outside_map0 26 set transform-set ESP-3DES-SHA
crypto map outside_map0 27 match address outside_27_cryptomap
crypto map outside_map0 27 set pfs
crypto map outside_map0 27 set peer 65.X.X.136
crypto map outside_map0 27 set transform-set ESP-3DES-SHA
crypto map outside_map0 28 match address outside_28_cryptomap
crypto map outside_map0 28 set pfs
crypto map outside_map0 28 set peer 69.X.X.44
crypto map outside_map0 28 set transform-set ESP-3DES-SHA
crypto map outside_map0 29 match address outside_29_cryptomap
crypto map outside_map0 29 set pfs
crypto map outside_map0 29 set peer 67.X.X.141
crypto map outside_map0 29 set transform-set ESP-3DES-SHA
crypto map outside_map0 30 match address outside_30_cryptomap
crypto map outside_map0 30 set pfs
crypto map outside_map0 30 set peer 184.X.X.130
crypto map outside_map0 30 set transform-set ESP-3DES-SHA
crypto map outside_map0 31 match address outside_31_cryptomap
crypto map outside_map0 31 set pfs
crypto map outside_map0 31 set peer 69.X.X.137
crypto map outside_map0 31 set transform-set ESP-3DES-SHA
crypto map outside_map0 32 match address outside_32_cryptomap
crypto map outside_map0 32 set pfs
crypto map outside_map0 32 set peer 184.X.X.133
crypto map outside_map0 32 set transform-set ESP-3DES-SHA
crypto map outside_map0 33 match address outside_33_cryptomap
crypto map outside_map0 33 set pfs
crypto map outside_map0 33 set peer 65.X.X.133
crypto map outside_map0 33 set transform-set ESP-3DES-SHA
crypto map outside_map0 34 match address outside_34_cryptomap
crypto map outside_map0 34 set pfs
crypto map outside_map0 34 set peer 67.X.X.22
crypto map outside_map0 34 set transform-set ESP-3DES-SHA
crypto map outside_map0 35 match address outside_35_cryptomap
crypto map outside_map0 35 set pfs
crypto map outside_map0 35 set peer 67.X.X.146
crypto map outside_map0 35 set transform-set ESP-3DES-SHA
crypto map outside_map0 36 match address outside_36_cryptomap
crypto map outside_map0 36 set pfs
crypto map outside_map0 36 set peer 184.X.X.148
crypto map outside_map0 36 set transform-set ESP-3DES-SHA
crypto map outside_map0 37 match address outside_37_cryptomap
crypto map outside_map0 37 set pfs
crypto map outside_map0 37 set peer 98.X.X.182
crypto map outside_map0 37 set transform-set ESP-3DES-SHA
crypto map outside_map0 38 match address outside_38_cryptomap
crypto map outside_map0 38 set pfs
crypto map outside_map0 38 set peer 184.X.X.2
crypto map outside_map0 38 set transform-set ESP-3DES-SHA
crypto map outside_map0 39 match address outside_39_cryptomap_1
crypto map outside_map0 39 set pfs
crypto map outside_map0 39 set peer 98.X.X.150
crypto map outside_map0 39 set transform-set ESP-3DES-SHA
crypto map outside_map0 40 match address outside_40_cryptomap
crypto map outside_map0 40 set pfs
crypto map outside_map0 40 set peer 67.X.X.29
crypto map outside_map0 40 set transform-set ESP-3DES-SHA
crypto map outside_map0 41 match address outside_41_cryptomap
crypto map outside_map0 41 set pfs
crypto map outside_map0 41 set peer 71.X.X.157
crypto map outside_map0 41 set transform-set ESP-3DES-SHA
crypto map outside_map0 42 match address outside_42_cryptomap
crypto map outside_map0 42 set pfs
crypto map outside_map0 42 set peer 151.X.X.118
crypto map outside_map0 42 set transform-set ESP-3DES-SHA
crypto map outside_map0 43 match address outside_43_cryptomap
crypto map outside_map0 43 set pfs
crypto map outside_map0 43 set peer 67.X.X.210
crypto map outside_map0 43 set transform-set ESP-3DES-SHA
crypto map outside_map0 45 match address outside_45_cryptomap
crypto map outside_map0 45 set pfs
crypto map outside_map0 45 set peer 98.X.X.102
crypto map outside_map0 45 set transform-set ESP-3DES-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-128-SHA ESP-AES-256-SHA ESP-3DES-MD5 ESP-AES-192-MD5 ESP-DES-MD5 ESP-DES-SHA ESP-AES-256-MD5
crypto map outside_map0 47 match address outside_47_cryptomap
crypto map outside_map0 47 set pfs
crypto map outside_map0 47 set peer 74.X.X.226
crypto map outside_map0 47 set transform-set ESP-3DES-SHA
crypto map outside_map0 48 match address outside_48_cryptomap
crypto map outside_map0 48 set pfs
crypto map outside_map0 48 set peer 74.X.X.216
crypto map outside_map0 48 set transform-set ESP-3DES-SHA
crypto map outside_map0 49 match address outside_49_cryptomap
crypto map outside_map0 49 set pfs
crypto map outside_map0 49 set peer 74.X.X.223
crypto map outside_map0 49 set transform-set ESP-3DES-SHA
crypto map outside_map0 51 match address outside_51_cryptomap
crypto map outside_map0 51 set pfs
crypto map outside_map0 51 set peer 98.X.X.98
crypto map outside_map0 51 set transform-set ESP-3DES-SHA
crypto map outside_map0 55 match address outside_55_cryptomap
crypto map outside_map0 55 set pfs
crypto map outside_map0 55 set peer 67.X.X.133
crypto map outside_map0 55 set transform-set ESP-3DES-SHA
crypto map outside_map0 interface outside
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
no crypto isakmp nat-traversal
vpn-addr-assign local reuse-delay 10
telnet 192.168.1.0 255.255.255.0 inside
telnet timeout 5
ssh 65.X.X.232 255.255.255.255 outside
ssh 207.X.X.0 255.255.255.0 outside
ssh 205.X.X.0 255.255.254.0 outside
ssh 71.X.X.3 255.255.255.255 outside
ssh 171.X.X.212 255.255.255.255 outside
ssh 70.X.X.0 255.255.255.0 outside
ssh 192.168.0.0 255.255.0.0 inside
ssh timeout 20
console timeout 0
management-access inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
username name password njXn.tsqrNJNPDm2 encrypted privilege 15
username name password DfO7NBd5PZ1b0kZ1 encrypted privilege 15
tunnel-group 65.X.X.132 type ipsec-l2l
tunnel-group 65.X.X.132 ipsec-attributes
pre-shared-key *****
tunnel-group 67.X.X.12 type ipsec-l2l
tunnel-group 67.X.X.12 ipsec-attributes
pre-shared-key *****
tunnel-group 69.X.X.101 type ipsec-l2l
tunnel-group 69.X.X.101 ipsec-attributes
pre-shared-key *****
tunnel-group 69.X.X.156 type ipsec-l2l
tunnel-group 69.X.X.156 ipsec-attributes
pre-shared-key *****
tunnel-group 184.X.X.167 type ipsec-l2l
tunnel-group 184.X.X.167 ipsec-attributes
pre-shared-key *****
tunnel-group 67.X.X.91 type ipsec-l2l
tunnel-group 67.X.X.91 ipsec-attributes
pre-shared-key *****
tunnel-group 69.X.X.28 type ipsec-l2l
tunnel-group 69.X.X.28 ipsec-attributes
pre-shared-key *****
tunnel-group 98.X.X.150 type ipsec-l2l
tunnel-group 98.X.X.150 ipsec-attributes
pre-shared-key *****
tunnel-group 63.X.X.145 type ipsec-l2l
tunnel-group 63.X.X.145 ipsec-attributes
pre-shared-key *****
tunnel-group 67.X.X.11 type ipsec-l2l
tunnel-group 67.X.X.11 ipsec-attributes
pre-shared-key *****
tunnel-group 184.X.X.130 type ipsec-l2l
tunnel-group 184.X.X.130 ipsec-attributes
pre-shared-key *****
tunnel-group 67.X.X.13 type ipsec-l2l
tunnel-group 67.X.X.13 ipsec-attributes
pre-shared-key *****
tunnel-group 184.X.X.27 type ipsec-l2l
tunnel-group 184.X.X.27 ipsec-attributes
pre-shared-key *****
tunnel-group 69.X.X.150 type ipsec-l2l
tunnel-group 69.X.X.150 ipsec-attributes
pre-shared-key *****
tunnel-group 67.X.X.147 type ipsec-l2l
tunnel-group 67.X.X.147 ipsec-attributes
pre-shared-key *****
tunnel-group 98.X.X.182 type ipsec-l2l
tunnel-group 98.X.X.182 ipsec-attributes
pre-shared-key *****
tunnel-group 65.X.X.44 type ipsec-l2l
tunnel-group 65.X.X.44 ipsec-attributes
pre-shared-key *****
tunnel-group 184.X.X.133 type ipsec-l2l
tunnel-group 184.X.X.133 ipsec-attributes
pre-shared-key *****
tunnel-group 69.X.X.22 type ipsec-l2l
tunnel-group 69.X.X.22 ipsec-attributes
pre-shared-key *****
tunnel-group 67.X.X.10 type ipsec-l2l
tunnel-group 67.X.X.10 ipsec-attributes
pre-shared-key *****
tunnel-group 184.X.X.131 type ipsec-l2l
tunnel-group 184.X.X.131 ipsec-attributes
pre-shared-key *****
tunnel-group 65.X.X.138 type ipsec-l2l
tunnel-group 65.X.X.138 ipsec-attributes
pre-shared-key *****
tunnel-group 69.X.X.29 type ipsec-l2l
tunnel-group 69.X.X.29 ipsec-attributes
pre-shared-key *****
tunnel-group 205.X.X.4 type ipsec-l2l
tunnel-group 205.X.X.4 ipsec-attributes
pre-shared-key *****
tunnel-group 65.X.X.136 type ipsec-l2l
tunnel-group 65.X.X.136 ipsec-attributes
pre-shared-key *****
tunnel-group 69.X.X.44 type ipsec-l2l
tunnel-group 69.X.X.44 ipsec-attributes
pre-shared-key *****
tunnel-group 67.X.X.141 type ipsec-l2l
tunnel-group 67.X.X.141 ipsec-attributes
pre-shared-key *****
tunnel-group 184.X.X.203 type ipsec-l2l
tunnel-group 184.X.X.203 ipsec-attributes
pre-shared-key *****
tunnel-group 69.X.X.137 type ipsec-l2l
tunnel-group 69.X.X.137 ipsec-attributes
pre-shared-key *****
tunnel-group 67.X.X.146 type ipsec-l2l
tunnel-group 67.X.X.146 ipsec-attributes
pre-shared-key *****
tunnel-group 65.X.X.133 type ipsec-l2l
tunnel-group 65.X.X.133 ipsec-attributes
pre-shared-key *****
tunnel-group 67.X.X.22 type ipsec-l2l
tunnel-group 67.X.X.22 ipsec-attributes
pre-shared-key *****
tunnel-group 184.X.X.148 type ipsec-l2l
tunnel-group 184.X.X.148 ipsec-attributes
pre-shared-key *****
tunnel-group 184.X.X.2 type ipsec-l2l
tunnel-group 184.X.X.2 ipsec-attributes
pre-shared-key *****
tunnel-group 67.X.X.17 type ipsec-l2l
tunnel-group 67.X.X.17 ipsec-attributes
pre-shared-key *****
tunnel-group 151.X.X.118 type ipsec-l2l
tunnel-group 151.X.X.118 ipsec-attributes
pre-shared-key *****
tunnel-group 67.X.X.29 type ipsec-l2l
tunnel-group 67.X.X.29 ipsec-attributes
pre-shared-key *****
tunnel-group 71.X.X.157 type ipsec-l2l
tunnel-group 71.X.X.157 ipsec-attributes
pre-shared-key *****
tunnel-group 67.X.X.210 type ipsec-l2l
tunnel-group 67.X.X.210 ipsec-attributes
pre-shared-key *****
tunnel-group 74.X.X.226 type ipsec-l2l
tunnel-group 74.X.X.226 ipsec-attributes
pre-shared-key *****
tunnel-group 74.X.X.216 type ipsec-l2l
tunnel-group 74.X.X.216 ipsec-attributes
pre-shared-key *****
tunnel-group 74.X.X.223 type ipsec-l2l
tunnel-group 74.X.X.223 ipsec-attributes
pre-shared-key *****
tunnel-group 98.X.X.98 type ipsec-l2l
tunnel-group 98.X.X.98 ipsec-attributes
pre-shared-key *****
tunnel-group 98.X.X.102 type ipsec-l2l
tunnel-group 98.X.X.102 ipsec-attributes
pre-shared-key *****
tunnel-group 67.X.X.133 type ipsec-l2l
tunnel-group 67.X.X.133 ipsec-attributes
pre-shared-key *****
tunnel-group 63.X.X.179 type ipsec-l2l
tunnel-group 63.X.X.179 ipsec-attributes
pre-shared-key *****
tunnel-group 65.X.X.19 type ipsec-l2l
tunnel-group 65.X.X.19 ipsec-attributes
pre-shared-key *****
tunnel-group 69.X.X.15 type ipsec-l2l
tunnel-group 69.X.X.15 ipsec-attributes
pre-shared-key *****
tunnel-group 184.X.X.17 type ipsec-l2l
tunnel-group 184.X.X.17 ipsec-attributes
pre-shared-key *****
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
inspect icmp error
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:bec9707023a384891051d603b2fb99b5
: end

5505:


ASA Version 8.2(5)
!
hostname site67
domain-name mydomainname.com
enable password ePA6LS.q1.UWLn.s encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
name 170.X.X.0 ADP description ADP website
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan1
nameif inside
security-level 100
ip address 10.0.67.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address 67.X.X.17 255.255.255.128
!
banner login Warning Notice!!!
banner login This system is monitored and all IP addresses are logged.
banner login Please disconnect immediately if you are not an authorized users.
banner login Unauthorized activity will be reported to a law enforcement agency.
boot system disk0:/asa825-k8.bin
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns server-group DefaultDNS
domain-name shortstopfoodmarts.com
object-group protocol DM_INLINE_PROTOCOL_1
protocol-object ip
protocol-object icmp
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 host 10.0.67.2 192.168.1.0 255.255.255.0
access-list inside_access_in remark ADP
access-list inside_access_in extended permit ip host 10.0.67.2 ADP 255.255.0.0
access-list inside_access_in extended deny object-group TCPUDP host 10.0.67.2 any eq www
access-list inside_access_in extended permit ip any any
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip host 10.0.67.2 192.168.1.0 255.255.255.0
access-list outside_access_in extended permit ip 192.168.1.0 255.255.255.0 host 10.0.67.2
access-list outside_access_in remark ADP
access-list outside_access_in extended permit ip ADP 255.255.0.0 host 10.0.67.2
access-list outside_access_in extended permit icmp any any
access-list outside_cryptomap extended permit ip 10.0.67.0 255.255.255.0 192.168.1.0 255.255.255.0
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-645-206.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
access-group inside_access_in in interface inside
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 67.X.X.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication enable console LOCAL
aaa authentication http console LOCAL
aaa authentication serial console LOCAL
aaa authentication ssh console LOCAL
http server enable
http 10.0.67.2 255.255.255.255 inside
http 205.X.X.0 255.255.254.0 outside
http 78.X.X.3 255.255.255.255 outside
http 71.X.X.3 255.255.255.255 outside
http 192.168.1.0 255.255.255.255 outside
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map outside_map0 1 match address outside_cryptomap
crypto map outside_map0 1 set pfs
crypto map outside_map0 1 set peer 70.X.X.162
crypto map outside_map0 1 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map0 interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
no crypto isakmp nat-traversal
telnet 10.0.67.2 255.255.255.255 inside
telnet timeout 5
ssh 192.168.1.0 255.255.255.255 outside
ssh 207.X.X.0 255.255.255.0 outside
ssh 205.X.X.0 255.255.254.0 outside
ssh 71.X.X.3 255.255.255.255 outside
ssh timeout 5
console timeout 0
management-access inside
dhcpd auto_config outside
!

threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
username name password njXn.tsqrNJNPDm2 encrypted privilege 15
tunnel-group 70.X.X.162 type ipsec-l2l
tunnel-group 70.X.X.162 ipsec-attributes
pre-shared-key *****
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect ip-options
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:ec2d9a3c679b78210e63b340c6e55e81
: end

Labels:
0 Helpful
1 Reply 1

swj
Cisco Employee
Cisco Employee

‎11-12-2015 09:22 PM

Hi Sim, 

From the configuation i identified your NAT-Excempt is not correct on 5505. From the crypto map configuration it should be between networks, However your nat exmpet points only to one ip 10.0.67.2, please correct it then your traffic will flow between the networks. Pointing the below for the same. 

access-list outside_cryptomap extended permit ip 10.0.67.0 255.255.255.0 192.168.1.0 255.255.255.0

access-list inside_nat0_outbound extended permit ip host 10.0.67.2 192.168.1.0 255.255.255.0 ------> Correct the nat statment to entire network 

Let me know the update. 

Thnaks,

Swj

0 Helpful
Customers Also Viewed These Support Documents