cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
798
Views
5
Helpful
2
Replies

VPN issues

Hello all,

i have installed and connected the two laptops with cisco vpn clients /IPsec/ to the asa5505, the laptops get ip 10.10.110.x from the asa ip pool, and i have ping between laptop1 and the asa and laptop2 and the asa, but i don't have ping between the two laptops . I have created the Ipsec with split tunneling group2 . What am i doing wrong? Thanks!

2 Replies 2

tmplatform
Level 1
Level 1

Hi, I think you need this command to allow Client to client communication.

same-security-traffic permit intra-interface

Regards

Allister

Hello mate, i have used the command, and allowed 10.10.110.0/24 but nothing happened. I don't see in Status on the vpn client the 10.10.110.0/24

Here is the configuration

 

names
name 192.168.100.0 DATAnetwork description DATA network
name 10.20.100.0 VIDEOnetwork description Video network
name 10.10.100.0 VOICEnetwork description Voice network
name 192.168.101.0 KDL-data-network description Kyustendil data network
name 213.149.137.21 outside1-ipaddress description Outside1 interface IP address
name 10.1.2.0 KDL-inside-network description Kyustendil inside network
name 10.20.101.0 KDL-video-network description Kyustendil video network
name 10.10.101.0 KDL-voice-network description Kyustendil Voice network
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
 switchport access vlan 3
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 10.1.1.1 255.0.0.0
!
interface Vlan2
 nameif outside1
 security-level 0
 ip address dhcp setroute
!
interface Vlan3
 no forward interface Vlan2
 nameif outside2
 security-level 1
 no ip address
!
ftp mode passive
clock timezone EEST 2
clock summer-time EEDT recurring last Sun Mar 3:00 last Sun Oct 4:00
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network obj-10.1.1.96
 subnet 10.1.1.96 255.255.255.240
object network obj_any
 subnet 0.0.0.0 0.0.0.0
object network outside1-ipaddress
 host 213.149.137.21
 description Created during name migration
object network 78.128.53.25-ivan
 host 78.128.53.25
object network 10.1.1.0-ivaninside
 subnet 10.1.1.0 255.255.255.0
object network 78.128.53.0-ivannetwork
 subnet 78.128.53.0 255.255.255.0
object network 192.168.10.0-ivaninside
 subnet 192.168.10.0 255.255.255.0
object network Site-B-svetli-inside
 subnet 192.168.8.0 255.255.255.0
object network Home_Network_Svetli
 subnet 192.168.8.0 255.255.255.0
object network radka-inside
 subnet 192.168.1.0 255.255.255.0
object network 24.218.56.0
 subnet 24.218.56.0 255.255.255.0
 description USA Network
object network 24.218.56.234
 host 24.218.56.234
 description USA Host
object network TestRDP
 host 192.168.100.51
 description TestRDP
object network rbi_FTP
 host 192.168.100.31
 description rbi_FTP
object network rbiFTP
 host 192.168.100.15
 description rbiFTP
object network testRDP
 host 192.168.100.51
 description testRDP
object network IS_FTP
 host 192.168.100.16
 description IS_FTP
object network RBI_FTP
 host 192.168.100.31
 description RBI_FTP
object network IS_WEB
 host 192.168.100.16
 description IS_WEB
object network IS_RDP
 host 192.168.100.16
 description IS_RDP
object network IS_8443
 host 192.168.100.16
 description IS_8443
object network IS_VPN
 host 192.168.100.16
 description IS_VPN
object network IS_VPN2
 host 192.168.100.16
 description IS_VPN2
object network IS_Many
 host 192.168.100.16
 description IS_Many
object network router
 host 192.168.100.1
 description router
object network rbi_server
 host 192.168.100.25
 description rbi_server
object network rbi_server_inside
 host 192.168.100.25
 description rbi_server_inside
object network IS_VPN_UDP
 host 192.168.100.16
 description IS_VPN_UDP
object network server
 host 192.168.100.25
 description server
object network RBI_SERVER
 host 192.168.100.48
 description RBI_SERVER
object network Outside_
 host 213.149.137.21
 description Outside_
object network boiko_jar
 subnet 10.10.101.0 255.255.255.0
 description boiko_jar
object network boiko_jarHost
 host 213.149.140.213
object network voiceto
 subnet 192.168.100.0 255.255.255.0
object network rbi_vpn_test
 range 10.10.102.1 10.10.102.100
object network NETWORK_OBJ_10.1.2.0_24
 subnet 10.1.2.0 255.255.255.0
object network NETWORK_OBJ_10.1.1.0_24
 subnet 10.1.1.0 255.255.255.0
object network NETWORK_OBJ_10.10.100.0_24
 subnet 10.10.100.0 255.255.255.0
object network NETWORK_OBJ_10.10.105.0_24
 subnet 10.10.105.0 255.255.255.0
object network Svetli_Home_Network
 subnet 10.10.105.0 255.255.255.0
object network Svetli_Home_Host
 host 77.77.58.22
object network test_voice_phone
 host 10.10.100.1
object network NETWORK_OBJ_10.10.110.0_26
 subnet 10.10.110.0 255.255.255.192
object network NETWORK_OBJ_10.10.110.0_25
 subnet 10.10.110.0 255.255.255.128
object network NETWORK_OBJ_10.20.120.0_25
 subnet 10.20.120.0 255.255.255.128
object network test_voice
 host 10.10.100.1
object-group network DM_INLINE_NETWORK_5
 network-object VOICEnetwork 255.255.255.0
 network-object 10.10.110.0 255.255.255.0
 network-object DATAnetwork 255.255.255.0
object-group network DM_INLINE_NETWORK_2
 network-object 10.1.1.0 255.255.255.0
 network-object VOICEnetwork 255.255.255.0
 network-object VIDEOnetwork 255.255.255.0
 network-object DATAnetwork 255.255.255.0
object-group service DM_INLINE_SERVICE_1
 service-object esp
 service-object ah
 service-object udp destination eq 4500
 service-object udp destination eq isakmp
object-group network DM_INLINE_NETWORK_6
 network-object 10.1.1.0 255.255.255.0
 network-object VOICEnetwork 255.255.255.0
 network-object VIDEOnetwork 255.255.255.0
 network-object DATAnetwork 255.255.255.0
object-group network DM_INLINE_NETWORK_7
 network-object KDL-inside-network 255.255.255.0
 network-object KDL-voice-network 255.255.255.0
 network-object KDL-video-network 255.255.255.0
 network-object KDL-data-network 255.255.255.0
object-group network DM_INLINE_NETWORK_1
 network-object 10.1.1.0 255.255.255.0
 network-object KDL-inside-network 255.255.255.0
 network-object VOICEnetwork 255.255.255.0
 network-object KDL-voice-network 255.255.255.0
 network-object VIDEOnetwork 255.255.255.0
 network-object KDL-video-network 255.255.255.0
 network-object DATAnetwork 255.255.255.0
 network-object KDL-data-network 255.255.255.0
 network-object object Home_Network_Svetli
 network-object object radka-inside
object-group network DM_INLINE_NETWORK_4
 network-object VOICEnetwork 255.255.255.0
 network-object VIDEOnetwork 255.255.255.0
 network-object DATAnetwork 255.255.255.0
object-group network DM_INLINE_NETWORK_3
 network-object object IS_VPN
 network-object object IS_VPN2
 network-object object IS_VPN_UDP
object-group network DM_INLINE_NETWORK_9
 network-object VOICEnetwork 255.255.255.0
 network-object VIDEOnetwork 255.255.255.0
 network-object DATAnetwork 255.255.255.0
object-group service DM_INLINE_SERVICE_3
 service-object icmp
 service-object tcp
 service-object tcp destination eq www
 service-object tcp destination eq https
access-list EZVPN_GROUP_KDL_splitTunnelAcl standard permit 10.1.1.0 255.255.255.0
access-list EZVPN_GROUP_KDL_splitTunnelAcl standard permit 192.168.100.0 255.255.255.0
access-list EZVPN_GROUP_KDL_splitTunnelAcl standard permit 10.20.100.0 255.255.255.0
access-list EZVPN_GROUP_KDL_splitTunnelAcl standard permit 10.10.100.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip object-group DM_INLINE_NETWORK_6 object-group DM_INLINE_NETWORK_7
access-list inside_nat0_outbound extended permit ip object-group DM_INLINE_NETWORK_1 10.1.1.96 255.255.255.240
access-list inside_access_in extended permit ip any any
access-list inside_access_in extended permit ip 10.10.110.0 255.255.255.0 any
access-list outside1_access_in remark Allow ICMP messages
access-list outside1_access_in extended permit icmp any object outside1-ipaddress
access-list EZVPN_GROUP_1_splitTunnelAcl standard permit 10.1.1.0 255.255.255.0
access-list EZVPN_GROUP_1_splitTunnelAcl standard permit 10.1.2.0 255.255.255.0
access-list EZVPN_GROUP_1_splitTunnelAcl standard permit 10.10.100.0 255.255.255.0
access-list EZVPN_GROUP_1_splitTunnelAcl standard permit 10.10.101.0 255.255.255.0
access-list EZVPN_GROUP_1_splitTunnelAcl standard permit 10.20.100.0 255.255.255.0
access-list EZVPN_GROUP_1_splitTunnelAcl standard permit 10.20.101.0 255.255.255.0
access-list EZVPN_GROUP_1_splitTunnelAcl standard permit 192.168.100.0 255.255.255.0
access-list EZVPN_GROUP_1_splitTunnelAcl standard permit 192.168.101.0 255.255.255.0
access-list outside1_2_cryptomap remark VPN traffic Dupnitsa-Kyustendil
access-list outside1_2_cryptomap extended permit ip object-group DM_INLINE_NETWORK_6 object-group DM_INLINE_NETWORK_7
access-list RBI_RILA_splitTunnelAcl standard permit 10.20.100.0 255.255.255.0
access-list RBI_RILA_splitTunnelAcl standard permit 192.168.100.0 255.255.255.0
access-list RBI_RILA_splitTunnelAcl standard permit 10.1.1.0 255.255.255.0
access-list RBI_RILA_splitTunnelAcl standard permit 10.10.100.0 255.255.255.0
access-list outside1_cryptomap_1 extended permit ip object-group DM_INLINE_NETWORK_4 object 192.168.10.0-ivaninside
access-list outside1_access_in_1 extended permit ip any any
access-list outside1_access_in_1 extended permit ip any object testRDP
access-list outside1_access_in_1 extended permit ip any object IS_FTP
access-list outside1_access_in_1 extended permit ip any object RBI_FTP
access-list outside1_access_in_1 extended permit ip any object IS_RDP
access-list outside1_access_in_1 extended permit ip any object IS_8443
access-list outside1_access_in_1 extended permit ip any object-group DM_INLINE_NETWORK_3
access-list outside1_access_in_1 extended permit tcp any object IS_Many eq ftp
access-list outside1_access_in_1 extended permit object-group DM_INLINE_SERVICE_3 any object RBI_SERVER
access-list outside1_cryptomap extended permit ip object-group DM_INLINE_NETWORK_9 object Svetli_Home_Network
access-list rbi123_splitTunnelAcl standard permit 10.10.100.0 255.255.255.0
access-list all_splitTunnelAcl standard permit 10.10.100.0 255.255.255.0
access-list all_splitTunnelAcl standard permit 10.20.100.0 255.255.255.0
access-list all_splitTunnelAcl standard permit 192.168.100.0 255.255.255.0
access-list rbi_voice_splitTunnelAcl standard permit 10.10.100.0 255.255.255.0
access-list rbi_voice_splitTunnelAcl standard permit 10.10.110.0 255.255.255.0
access-list rbi_voice_splitTunnelAcl standard permit 192.168.100.0 255.255.255.0
access-list 24.218.56.234 standard permit any
access-list AnyConnect_Client_Local_Print extended permit tcp any any eq lpd
access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol
access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 631
access-list AnyConnect_Client_Local_Print remark Windows' printing port
access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 9100
access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol
access-list AnyConnect_Client_Local_Print extended permit udp any host 224.0.0.251 eq 5353
access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name Resolution protocol
access-list AnyConnect_Client_Local_Print extended permit udp any host 224.0.0.252 eq 5355
access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol
access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 137
access-list AnyConnect_Client_Local_Print extended permit udp any any eq netbios-ns
access-list rbi_splitTunnelAcl_1 standard permit 192.168.100.0 255.255.255.0
access-list rbi_splitTunnelAcl_1 standard permit 192.168.50.0 255.255.255.0
access-list rbi_splitTunnelAcl_1 standard permit 10.10.100.0 255.255.255.0
access-list rbi_voice_splitTunnelAcl_1 standard permit 10.10.100.0 255.255.255.0
access-list rbi_voice_splitTunnelAcl_1 standard permit 10.10.110.0 255.255.255.0
access-list rbi_voice_splitTunnelAcl_1 standard permit 192.168.100.0 255.255.255.0
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside1 1500
mtu outside2 1500
ip local pool EZVPN_POOL_1 10.1.1.101-10.1.1.110 mask 255.255.255.0
ip local pool 192.168.1.1 192.168.1.2-192.168.1.55 mask 255.255.255.0
ip local pool 10.1.1.1 10.1.1.2-10.1.1.11 mask 255.255.0.0
ip local pool rbi_voice 10.10.110.1-10.10.110.100 mask 255.255.255.0
ip local pool rbi_Test 10.20.120.1-10.20.120.100 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
nat (inside,any) source static DM_INLINE_NETWORK_1 DM_INLINE_NETWORK_1 destination static obj-10.1.1.96 obj-10.1.1.96 no-proxy-arp route-lookup
nat (inside,outside1) source static any any destination static Svetli_Home_Network Svetli_Home_Network no-proxy-arp route-lookup
nat (inside,outside1) source static DM_INLINE_NETWORK_9 DM_INLINE_NETWORK_9 destination static Svetli_Home_Network Svetli_Home_Network no-proxy-arp route-lookup
nat (inside,outside1) source static DM_INLINE_NETWORK_5 DM_INLINE_NETWORK_5 destination static NETWORK_OBJ_10.10.110.0_25 NETWORK_OBJ_10.10.110.0_25 no-proxy-arp route-lookup
!
object network obj_any
 nat (inside,outside1) dynamic interface
object network testRDP
 nat (inside,outside1) static interface service tcp 3389 3389
object network IS_FTP
 nat (inside,outside1) static interface service tcp ftp ftp
object network RBI_FTP
 nat (inside,outside1) static interface service tcp ftp 1222
object network IS_WEB
 nat (inside,outside1) static interface service tcp 8080 8080
object network IS_RDP
 nat (inside,outside1) static interface service tcp 3390 3390
object network IS_8443
 nat (inside,outside1) static interface service tcp 8443 8443
object network IS_VPN
 nat (inside,outside1) static interface service tcp 1194 1194
object network IS_VPN2
 nat (inside,outside1) static interface service udp 1194 1194
object network IS_VPN_UDP
 nat (inside,outside1) static interface service udp 1194 1194
object network RBI_SERVER
 nat (inside,outside1) static interface service tcp www www
access-group inside_access_in in interface inside per-user-override
access-group outside1_access_in_1 in interface outside1 per-user-override
route outside1 0.0.0.0 0.0.0.0 213.149.137.254 1
route inside VOICEnetwork 255.255.255.0 10.1.1.2 1
route inside VIDEOnetwork 255.255.255.0 10.1.1.2 1
route inside DATAnetwork 255.255.255.0 10.1.1.2 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication enable console LOCAL
aaa authentication http console LOCAL
aaa authentication serial console LOCAL
aaa authentication ssh console LOCAL
http server enable
http 0.0.0.0 0.0.0.0 inside
http 88.203.215.145 255.255.255.255 outside1
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev2 ipsec-proposal AES256
 protocol esp encryption aes-256
 protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
 protocol esp encryption aes-192
 protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
 protocol esp encryption aes
 protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
 protocol esp encryption 3des
 protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal DES
 protocol esp encryption des
 protocol esp integrity sha-1 md5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-256-SHA ESP-AES-128-SHA ESP-AES-256-MD5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set reverse-route
crypto map outside1_map 1 match address outside1_cryptomap
crypto map outside1_map 1 set pfs
crypto map outside1_map 1 set peer 77.77.58.22
crypto map outside1_map 1 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside1_map 2 match address outside1_2_cryptomap
crypto map outside1_map 2 set pfs
crypto map outside1_map 2 set peer 77.77.21.252
crypto map outside1_map 2 set ikev1 transform-set ESP-AES-256-SHA
crypto map outside1_map 3 match address outside1_cryptomap_1
crypto map outside1_map 3 set pfs
crypto map outside1_map 3 set peer 78.128.53.25
crypto map outside1_map 3 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside1_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside1_map interface outside1
crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map inside_map interface inside
crypto ca trustpoint ASDM_TrustPoint1
 enrollment terminal
 crl configure
crypto ca trustpoint ASDM_TrustPoint0
 enrollment terminal
 subject-name CN=RILA-DUP-ASA5505
 crl configure
crypto ikev2 policy 1
 encryption aes-256
 integrity sha
 group 5 2
 prf sha
 lifetime seconds 86400
crypto ikev2 policy 10
 encryption aes-192
 integrity sha
 group 5 2
 prf sha
 lifetime seconds 86400
crypto ikev2 policy 20
 encryption aes
 integrity sha
 group 5 2
 prf sha
 lifetime seconds 86400
crypto ikev2 policy 30
 encryption 3des
 integrity sha
 group 5 2
 prf sha
 lifetime seconds 86400
crypto ikev2 policy 40
 encryption des
 integrity sha
 group 5 2
 prf sha
 lifetime seconds 86400
crypto ikev2 enable inside client-services port 443
crypto ikev2 enable outside1 client-services port 443
crypto ikev1 enable inside
crypto ikev1 enable outside1
crypto ikev1 policy 10
 authentication pre-share
 encryption aes-256
 hash sha
 group 2
 lifetime 86400
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 inside
ssh 0.0.0.0 0.0.0.0 outside1
ssh 0.0.0.0 0.0.0.0 outside2
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
management-access inside

vpnclient mode client-mode
vpnclient vpngroup 123 password *****
vpnclient username svetli password *****
dhcpd auto_config outside1
!
dhcpd address 10.1.1.11-10.1.1.254 inside
dhcpd auto_config outside1 interface inside
dhcpd enable inside
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
 enable inside
 enable outside1
 anyconnect image disk0:/anyconnect-win-2.5.2014-k9.pkg 1
 anyconnect image disk0:/anyconnect-linux-2.5.2014-k9.pkg 2
 anyconnect image disk0:/anyconnect-macosx-i386-2.5.2014-k9.pkg 3
 anyconnect enable
 tunnel-group-list enable
group-policy RBI_RILA internal
group-policy RBI_RILA attributes
 vpn-filter value rbi_splitTunnelAcl_1
 vpn-tunnel-protocol ikev1 ssl-clientless
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value RBI_RILA_splitTunnelAcl
group-policy rbi_voice internal
group-policy rbi_voice attributes
 vpn-tunnel-protocol ikev1
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value rbi_voice_splitTunnelAcl
group-policy DfltGrpPolicy attributes
 vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-client ssl-clientless
group-policy all internal
group-policy all attributes
 vpn-filter value all_splitTunnelAcl
 vpn-tunnel-protocol ikev1
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value all_splitTunnelAcl
group-policy GroupPolicy_78.128.53.25 internal
group-policy GroupPolicy_78.128.53.25 attributes
 vpn-tunnel-protocol ikev1
group-policy GroupPolicy_24.218.56.234 internal
group-policy GroupPolicy_24.218.56.234 attributes
 vpn-filter value 24.218.56.234
 vpn-tunnel-protocol ikev1
group-policy GroupPolicy_77.77.58.22 internal
group-policy GroupPolicy_77.77.58.22 attributes
 vpn-tunnel-protocol ikev1
group-policy VPN_GROUP_KDL internal
group-policy VPN_GROUP_KDL attributes
 dns-server value 192.168.100.1 10.1.1.1
 vpn-tunnel-protocol ikev1 ssl-client
 default-domain none
group-policy EZVPN_GROUP_1 internal
group-policy EZVPN_GROUP_1 attributes
 vpn-tunnel-protocol ikev1
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value EZVPN_GROUP_1_splitTunnelAcl
group-policy EZVPN_GROUP_KDL internal
group-policy EZVPN_GROUP_KDL attributes
 dns-server value 88.88.96.4
 vpn-tunnel-protocol ikev1 ikev2 ssl-client ssl-clientless
 password-storage enable
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value EZVPN_GROUP_KDL_splitTunnelAcl
 default-domain none
 nem enable
username deviceadmin password 217DqLXc8UyYndim encrypted privilege 15
username deviceadmin attributes
 vpn-group-policy EZVPN_GROUP_1
 vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-client ssl-clientless
username AdminRila password kFTiM27icYQBMGsx encrypted privilege 15
username AdminRila attributes
 vpn-group-policy EZVPN_GROUP_1
 vpn-tunnel-protocol ikev1
username svetli password A/ALvetA5hdOrYwm encrypted privilege 0
username svetli attributes
 vpn-group-policy all
username joro password II7UBwPooAIm1O.a encrypted privilege 0
username boiko password klC2XQVDQwBu3hn2 encrypted privilege 0
username viktor password XHzfZZkqJdHaAF2w encrypted privilege 0
tunnel-group DefaultRAGroup general-attributes
 address-pool EZVPN_POOL_1
tunnel-group DefaultRAGroup ipsec-attributes
 ikev1 pre-shared-key *****
tunnel-group DefaultRAGroup ppp-attributes
 authentication pap
 authentication ms-chap-v2
tunnel-group EZVPN_GROUP_KDL type remote-access
tunnel-group EZVPN_GROUP_KDL general-attributes
 address-pool EZVPN_POOL_1
tunnel-group EZVPN_GROUP_KDL ipsec-attributes
 ikev1 pre-shared-key *****
tunnel-group 77.77.21.252 type ipsec-l2l
tunnel-group 77.77.21.252 general-attributes
 default-group-policy VPN_GROUP_KDL
tunnel-group 77.77.21.252 ipsec-attributes
 ikev1 pre-shared-key *****
tunnel-group EZVPN_GROUP_1 type remote-access
tunnel-group EZVPN_GROUP_1 general-attributes
 address-pool EZVPN_POOL_1
 default-group-policy EZVPN_GROUP_1
tunnel-group EZVPN_GROUP_1 ipsec-attributes
 ikev1 pre-shared-key *****
tunnel-group 24.218.56.234 type ipsec-l2l
tunnel-group 24.218.56.234 general-attributes
 default-group-policy GroupPolicy_24.218.56.234
tunnel-group 24.218.56.234 ipsec-attributes
 ikev1 pre-shared-key *****
tunnel-group 78.128.53.25 type ipsec-l2l
tunnel-group 78.128.53.25 general-attributes
 default-group-policy GroupPolicy_78.128.53.25
tunnel-group 78.128.53.25 ipsec-attributes
 ikev1 pre-shared-key *****
tunnel-group rbi_voice type remote-access
tunnel-group rbi_voice general-attributes
 address-pool rbi_voice
 default-group-policy rbi_voice
tunnel-group rbi_voice ipsec-attributes
 ikev1 pre-shared-key *****
tunnel-group 77.77.58.22 type ipsec-l2l
tunnel-group 77.77.58.22 general-attributes
 default-group-policy GroupPolicy_77.77.58.22
tunnel-group 77.77.58.22 ipsec-attributes
 ikev1 pre-shared-key *****
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum client auto
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny  
  inspect sunrpc
  inspect xdmcp
  inspect sip  
  inspect netbios
  inspect tftp
  inspect ip-options
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:c3458334035ace216dcdd6a693687d1d
: end