Cannot access ASDM on 5505
I'm new to the forum/discussions so forgive me if this is already posted. I read through various posts and followed troubleshooting in them, but I can not even access ASDM. I deleted the old ASDM versions and upgraded to ASDM 7.1 (1) 52 that shows compatible with ASA 8.2 (1). I am inside a NAT address connected to Eth 0/5, 192.168.1.5/24. I can ping and SSH for the FW but no ASDM. FW going traffic and all the rest works fine. Please notify. Thank you.
JEREMY - ASA # display the worm
Cisco Adaptive Security Appliance Version 8.2 software (1)
Version 7.1 Device Manager (1) 52
JEREMY - ASA # display running asdm
ASDM image disk0: / asdm-711 - 52.bin
don't allow no asdm history
JEREMY - ASA # http see race
Enable http server
http 192.168.1.0 255.255.255.0 inside
JEREMY - ASA # show run
: Saved
:
ASA Version 8.2 (1)
!
JEREMY - ASA host name
enable the OMIT encrypted password
OMIT encrypted passwd
names of
!
interface Vlan1
nameif inside
security-level 100
IP 192.168.1.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
IP 134.121.11.153 255.255.248.0
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
banner exec
OMIT BANNER STATEMENTS
passive FTP mode
clock timezone PST - 8
clock summer-time recurring PDT
permit same-security-traffic intra-interface
outside_access_in deny ip extended access list a whole
pager lines 24
Enable logging
timestamp of the record
logging asdm-buffer-size 250
logging trap information
asdm of logging of information
forest management - ipaddress outside device id
host of logging out to OMIT
Outside 1500 MTU
Within 1500 MTU
IP verify reverse path to the outside interface
IP audit attack action fall
ICMP unreachable rate-limit 1 burst-size 1
ICMP allow any inside
ASDM image disk0: / asdm-711 - 52.bin
don't allow no asdm history
ARP timeout 14400
Global interface 10 (external)
NAT (inside) 10 192.168.1.0 255.255.255.0
Access-group outside_access_in in interface outside
Route outside 0.0.0.0 0.0.0.0 134.121.15.254 1
Timeout xlate 03:00
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-registration DfltAccessPolicy
AAA authentication enable LOCAL console
AAA authentication http LOCAL console
LOCAL AAA authentication serial console
the ssh LOCAL console AAA authentication
LOCAL AAA authorization command
LOCAL AAA authorization exec
Enable http server
http 192.168.1.0 255.255.255.0 inside
No snmp server location
No snmp Server contact
Server enable SNMP traps snmp authentication linkup, linkdown cold start
life crypto ipsec security association seconds 28800
Crypto ipsec kilobytes of life - safety 4608000 association
Telnet timeout 5
SSH 192.168.0.0 255.255.255.0 inside
SSH 192.168.1.0 255.255.255.0 inside
SSH timeout 10
SSH version 2
Console timeout 0
management-access inside
a basic threat threat detection
threat detection statistics
a statistical threat detection tcp-interception rate-interval 30 burst-400-rate average rate 200
NTP server FAILED
Des-sha1 encryption SSL
WebVPN
OMITTED , OMIT encrypted privilege 15 password username
!
class-map inspection_default
match default-inspection-traffic
!
!
type of policy-card inspect dns preset_dns_map
parameters
message-length maximum 512
Policy-map global_policy
class inspection_default
inspect the preset_dns_map dns
inspect the ftp
inspect h323 h225
inspect the h323 ras
inspect the rsh
inspect the rtsp
inspect esmtp
inspect sqlnet
inspect the skinny
inspect sunrpc
inspect xdmcp
inspect the sip
inspect the netbios
inspect the tftp
inspect the icmp
!
global service-policy global_policy
context of prompt hostname
crashinfo console disable
Cryptochecksum:3c8669ae6960ca4cc206db58ffbf3c21
: end
It is probably the string:
Des-sha1 encryption SSL
This weak encryption algorithm is not compatible with most modern browsers and the current Java releases that depend on ASSISTANT Deputy Ministers. Try adding encryption, for example:
SSL encryption des-sha1 sha1-aes256
Make sure that you first activation 3DES / AES ('see the version' or 'show the activation key' will confirm the feature license is active).
Tags: Cisco Security
Similar Questions
-
ASDM 6.4; ASA 5510 version 8.4 (1) - cannot access ASDM
Hello Experts,
I want access to ASDM since my PC of management. I can ping to MANAGEMENT PC as well as do SSH connection but I can't go ASDM browser.
Please guide me.
Here are the usful details:
Running configuration
See the ciscoasa # running: Saved:ASA Version 8.4 (1)!ciscoasa hostnameactivate 9jNfZuG3TC5tCVH0 encrypted password2KFQnbNIdI.2KYOU encrypted passwdnames of!interface Ethernet0/0nameif insidesecurity-level 90IP 192.168.1.1 255.255.255.0!interface Ethernet0/1ShutdownNo nameifno level of securityno ip address!interface Ethernet0/2ShutdownNo nameifno level of securityno ip address!interface Ethernet0/3ShutdownNo nameifno level of securityno ip address!interface Management0/0ShutdownNo nameifno level of securityno ip address!passive FTP modepager lines 24MTU 1500 insideICMP unreachable rate-limit 1 burst-size 1ASDM image disk0: / asdm - 641.bindon't allow no asdm historyARP timeout 14400Timeout xlate 03:00Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolutetimeout tcp-proxy-reassembly 0:01:00dynamic-access-policy-registration DfltAccessPolicythe ssh LOCAL console AAA authenticationEnable http serverhttp 192.168.1.5 255.255.255.255 insideNo snmp server locationNo snmp Server contactServer enable SNMP traps snmp authentication linkup, linkdown warmstart of cold startTelnet timeout 5SSH 192.168.1.0 255.255.255.0 insideSSH timeout 5Console timeout 0a basic threat threat detectionStatistics-list of access threat detectionno statistical threat detection tcp-interceptionWebVPNusername admin privilege 15 encrypted password e1z89R3cZe9Kt6Ib!class-map inspection_defaultmatch default-inspection-traffic!!type of policy-card inspect dns preset_dns_mapparametersmaximum message length automatic of customermessage-length maximum 512Policy-map global_policyclass inspection_defaultinspect the preset_dns_map dnsinspect the ftpinspect h323 h225inspect the h323 rasReview the ip optionsinspect the netbiosinspect the rshinspect the rtspinspect the skinnyinspect esmtpinspect sqlnetinspect sunrpcinspect the tftpinspect the sipinspect xdmcp!global service-policy global_policycontext of prompt hostnamecall-homeProfile of CiscoTAC-1no active accounthttp https://tools.cisco.com/its/service/oddce/services/DDCEService destination addressemail address of destination [email protected] / * /destination-mode http transportSubscribe to alert-group diagnosisSubscribe to alert-group environmentSubscribe to alert-group monthly periodic inventorymonthly periodicals to subscribe to alert-group configurationdaily periodic subscribe to alert-group telemetryCryptochecksum:afe73d128f7510e1bf9463fd698fa7fb: endSuccessful PING Bothwaysciscoasa (config) # ping 192.168.1.1Type to abort escape sequence.Send 5, echoes ICMP 100 bytes to 192.168.1.1, time-out is 2 seconds:!!!!!Success rate is 100 per cent (5/5), round-trip min/avg/max = 1/1/1 msciscoasa (config) # ping 192.168.1.5Type to abort escape sequence.Send 5, echoes ICMP 100 bytes to 192.168.1.5, time-out is 2 seconds:!!!!!Success rate is 100 per cent (5/5), round-trip min/avg/max = 1/1/1 msoutput ciscoasa (config) #.Thank you :-)
Please let us know the output of:
view worm | I have 3DES
Show ssl
The bits of this production key would ensure that your license 3DES / AES is active and your ASA supports strong cryptographic algorithms (encryption).
-
I'm vpn'ing in an ASA, and once I have, I can access everything on the local network. However, I can not connect to the firewall with ASSISTANT Deputy Ministers. Can someone check this config and see if there is something missing?
= ~ = ~ = ~ = ~ = ~ = ~ = ~ = ~ = ~ = ~ = ~ = PuTTY log 2012.10.24 10:13 = ~ = ~ = ~ = ~ = ~ = ~ = ~ = ~ = ~ = ~ = ~ =.
Show u run
: Saved
:
ASA 4,0000 Version 1
!
Bryan - ASA host name
activate the encrypted password of Z77JKH8dh1FhRD4u
2KFQnbNIdI.2KYOU encrypted passwd
names of
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
<--- more="" ---="">
!
interface Vlan1
nameif inside
security-level 100
IP 10.50.0.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
IP address dhcp setroute
!
boot system Disk0: / asa844-1 - k8.bin
passive FTP mode
permit same-security-traffic intra-interface
network obj_any object
subnet 0.0.0.0 0.0.0.0
network of the NETWORK_OBJ_10.50.0.0_24 object
10.50.0.0 subnet 255.255.255.0
network object obj - 10.0.0.0 - 01
subnet 10.0.0.0 255.0.0.0
network object obj - 10.0.0.0
subnet 10.0.0.0 255.0.0.0
network object obj - 10.50.0.0
10.50.0.0 subnet 255.255.255.0
<--- more="" ---="">
network object obj - 10.50.0.90
Home 10.50.0.90
object-group network RFC1918
object-network 192.168.0.0 255.255.0.0
object-network 10.0.0.0 255.0.0.0
object-group network rfc1918
extended permitted inside a whole icmp access list
access inside extended ip permit list an entire
extended permitted outside-acl access list tcp any object obj - 10.50.0.90 eq 41790
allowed IP extended ip access list a whole
allow traffic_for_ips to access extensive ip list a whole
Standard split-acl access-list allowed 10.50.0.0 255.255.255.0
pager lines 24
asdm of logging of information
Within 1500 MTU
Outside 1500 MTU
10.50.0.225 mask - local 10.50.0.240 pool POOL VPN IP 255.255.255.0
ICMP unreachable rate-limit 1 burst-size 1
ASDM image disk0: / asdm-649 - 103.bin
don't allow no asdm history
ARP timeout 14400
NAT dynamic interface of RFC1918 source (indoor, outdoor)
NAT (inside, outside) source static obj - 10.0.0.0 obj - 10.0.0.0 destination static obj - 10.0.0.0 obj - 10.0.0.0 - route search
!
<--- more="" ---="">
network obj_any object
NAT dynamic interface (indoor, outdoor)
network object obj - 10.50.0.90
NAT (inside, outside) interface static 41790 41790 tcp service
Access-group acl outside in external interface
Timeout xlate 03:00
Pat-xlate timeout 0:00:30
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
Floating conn timeout 0:00:00
dynamic-access-policy-registration DfltAccessPolicy
identity of the user by default-domain LOCAL
the ssh LOCAL console AAA authentication
Enable http server
http 10.50.0.0 255.255.255.0 inside
No snmp server location
No snmp Server contact
Server enable SNMP traps snmp authentication linkup, linkdown warmstart of cold start
Crypto ipsec transform-set esp-3des esp-md5-hmac CIMCO_MAN_TRANS ikev1
Dynamic crypto map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set CIMCO_MAN_TRANS ikev1
Crypto than dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 the value reverse-road
<--- more="" ---="">
card crypto OUTSIDE_MAP 65535-isakmp dynamic ipsec SYSTEM_DEFAULT_CRYPTO_MAP
OUTSIDE_MAP interface card crypto outside
Crypto ca trustpoint ASDM_TrustPoint0
registration auto
name of the object CN = Bryan - ASA
Configure CRL
Crypto ikev1 allow outside
IKEv1 crypto policy 100
preshared authentication
3des encryption
md5 hash
Group 2
life 86400
Telnet 10.50.0.0 255.255.255.0 inside
Telnet 0.0.0.0 0.0.0.0 inside
Telnet timeout 30
SSH 0.0.0.0 0.0.0.0 inside
SSH 0.0.0.0 0.0.0.0 outdoors
SSH timeout 5
SSH group dh-Group1-sha1 key exchange
Console timeout 0
management-access inside
dhcpd outside auto_config
<--- more="" ---="">
!
dhcpd address 10.50.0.10 - 10.50.0.40 inside
interface dns 4.2.2.2 dhcpd inside
dhcpd allow inside
!
a basic threat threat detection
Statistics-list of access threat detection
no statistical threat detection tcp-interception
SSL-trust outside ASDM_TrustPoint0 point
WebVPN
allow outside
AnyConnect image disk0:/anyconnect-win-2.5.6005-k9.pkg 1
AnyConnect profiles AnyConnect disk0: / anyconnect.xml
AnyConnect enable
tunnel-group-list activate
attributes of Group Policy DfltGrpPolicy
4.2.2.2 DNS server value
L2TP ipsec VPN-tunnel-Protocol ikev1 ssl-clientless ssl-client
Split-tunnel-policy tunnelspecified
Split-tunnel-network-list value split-acl
WebVPN
AnyConnect value AnyConnect user type profiles
internal group VPNCLIENT strategy
attributes VPNCLIENT-group policy
<--- more="" ---="">
4.2.2.2 DNS server value
Ikev1 VPN-tunnel-Protocol
Split-tunnel-policy tunnelspecified
Split-tunnel-network-list value split-acl
Randall.local value by default-field
WebVPN
AnyConnect value AnyConnect user type profiles
bryan 9yyVnd5p1Ke6w1Iu of encrypted privilege 15 password username
john nFEF0Xku7smzSs4N of encrypted privilege 15 password username
attributes global-tunnel-group DefaultRAGroup
address VPN-POOL pool
attributes global-tunnel-group DefaultWEBVPNGroup
address VPN-POOL pool
tunnel-group VPNCLIENT type remote access
tunnel-group VPNCLIENT-global attributes
address VPN-POOL pool
Group Policy - by default-VPNCLIENT
tunnel-group VPNCLIENT ipsec-attributes
IKEv1 pre-shared-key *.
authentication of the user IKEv1 no
!
class-map inspection_default
match default-inspection-traffic
!
<--- more="" ---="">
!
type of policy-card inspect dns preset_dns_map
parameters
maximum message length automatic of customer
message-length maximum 512
Policy-map global_policy
class inspection_default
inspect the preset_dns_map dns
inspect the ftp
inspect h323 h225
inspect the h323 ras
inspect the rsh
inspect the rtsp
inspect esmtp
inspect sqlnet
inspect the skinny
inspect sunrpc
inspect xdmcp
inspect the sip
inspect the netbios
inspect the tftp
Review the ip options
inspect the icmp
!
<--- more="" ---="">
global service-policy global_policy
context of prompt hostname
no remote anonymous reporting call
Cryptochecksum:a1ca799b8bae183cc32eeb34ca2272bb
: end
Bryan - ASA # exit
Closure of session
Thanks for the update John!
You did a great job with your ASA and we confirmed that.
Please mark this message as answered and any useful answer
Good day.
-
ASA 5505 VPN established, cannot access inside the network
Hi, I recently got an ASA 5505, and I spent weeks to find a way to set up a VPN on it.
After a few days, I finally found the solution to connect to my ASA with a VPN client yet and cannot access devices that are connected to the ASA.
Here is my config:
ASA Version 8.2 (5)
!
hostname asa01
domain kevinasa01.net
activate 8Ry2YjIyt7RRXU24 encrypted password
2KFQnbNIdI.2KYOU encrypted passwd
names of
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
switchport access vlan 5
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan1
nameif inside
security-level 100
IP 192.168.1.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
IP address dhcp setroute
!
interface Vlan5
No nameif
security-level 50
IP 172.16.1.1 255.255.255.0
!
passive FTP mode
DNS server-group DefaultDNS
domain kevinasa01.net
permit same-security-traffic intra-interface
Remote_Kevin_splitTunnelAcl list standard access allowed 192.168.1.0 255.255.255.0
inside_nat0_outbound to access ip 192.168.1.0 scope list allow 255.255.255.0 192.168.254.0 255.255.255.240
inside_nat0_outbound list of allowed ip extended access all 192.168.254.0 255.255.255.0
inside_nat0_outbound list of allowed ip extended access entire 192.168.1.0 255.255.255.0
sheep - in extended Access-list allow IP 192.168.254.0 255.255.255.0 192.168.1.0 255.255.255.0
access extensive list ip 192.168.254.0 outside_access_in allow 255.255.255.0 any
access extensive list ip 192.168.254.0 inside_access_in allow 255.255.255.0 any
pager lines 24
asdm of logging of information
Outside 1500 MTU
Within 1500 MTU
pool pool 192.168.254.1 - 192.168.254.10 255.255.255.0 IP mask
ICMP unreachable rate-limit 1 burst-size 1
don't allow no asdm history
ARP timeout 14400
Global 1 interface (outside)
NAT (outside) 1 192.168.254.0 255.255.255.0
NAT (inside) 0 access-list sheep - in
NAT (inside) 1 192.168.1.0 255.255.255.0
NAT (inside) 1 0.0.0.0 0.0.0.0
Access-group outside_access_in in interface outside
Timeout xlate 03:00
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
Floating conn timeout 0:00:00
dynamic-access-policy-registration DfltAccessPolicy
Enable http server
http 192.168.1.0 255.255.255.0 inside
No snmp server location
No snmp Server contact
Server enable SNMP traps snmp authentication linkup, linkdown cold start
Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac
Crypto ipsec transform-set ESP-3DES-MD5-esp-3des esp-md5-hmac
Crypto ipsec transform-set ESP-DES-MD5 esp - esp-md5-hmac
Crypto ipsec transform-set ESP-AES-128-SHA aes - esp esp-sha-hmac
Crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
Crypto ipsec transform-set ESP-AES-128-MD5-esp - aes esp-md5-hmac
Crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
Crypto ipsec transform-set ESP-AES-256-SHA 256 - aes - esp esp-sha-hmac
Crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
Crypto ipsec transform-set ESP-DES-SHA esp - esp-sha-hmac
life crypto ipsec security association seconds 28800
Crypto ipsec kilobytes of life - safety 4608000 association
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 pfs Group1 set
Crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 value transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA MD5-ESP-3DES ESP-DES-SHA ESP-DES-MD5
outside_map card crypto 65535-isakmp dynamic ipsec SYSTEM_DEFAULT_CRYPTO_MAP
outside_map interface card crypto outside
crypto ISAKMP allow outside
crypto ISAKMP policy 10
preshared authentication
3des encryption
sha hash
Group 2
life 86400
Telnet timeout 5
SSH timeout 5
Console timeout 0
management-access inside
dhcpd outside auto_config
!
dhcpd address 192.168.1.5 - 192.168.1.36 inside
dhcpd allow inside
!a basic threat threat detection
Statistics-list of access threat detection
no statistical threat detection tcp-interception
WebVPN
internal Remote_Kevin group strategy
attributes of Group Policy Remote_Kevin
value of server DNS 192.168.1.12 192.168.1.13
VPN - connections 3
Protocol-tunnel-VPN IPSec
Split-tunnel-policy tunnelspecified
value of Split-tunnel-network-list Remote_Kevin_splitTunnelAcl
kevinasa01.NET value by default-field
username kevin mz6JxJib/sQqvsw9 password encrypted privilege 0
username kevin attributes
VPN-group-policy Remote_Kevin
type tunnel-group Remote_Kevin remote access
attributes global-tunnel-group Remote_Kevin
address-pool
Group Policy - by default-Remote_Kevin
IPSec-attributes tunnel-group Remote_Kevin
pre-shared key *.
!
class-map inspection_default
match default-inspection-traffic
!
!
type of policy-card inspect dns preset_dns_map
parameters
maximum message length automatic of customer
message-length maximum 512
Policy-map global_policy
class inspection_default
inspect the preset_dns_map dns
inspect the ftp
inspect h323 h225
inspect the h323 ras
inspect the rsh
inspect the rtsp
inspect esmtp
inspect sqlnet
inspect the skinny
inspect sunrpc
inspect xdmcp
inspect the sip
inspect the netbios
inspect the tftp
Review the ip options
inspect the icmp
inspect the icmp error
!
global service-policy global_policy
context of prompt hostname
no remote anonymous reporting call
Cryptochecksum:2bb1da52d1993eb9b13c2f6dc97c16cd
: endThank you
Hello
I read your message quickly through my cell phone. I don't know why you have spent your config twice. Maybe a typo issue.
I see the acl sheep in the wrong way. I mean 192.168.254 are your pool VPN and 192.168.1.0 your local LAN.
The acl must be:
sheep - in extended access-list permit ip 192.168.1.0 255.255.255.0 192.168.254.0 255.255.255.0
For nat (inside), you have 2 lines:
NAT (inside) 1 192.168.1.0 255.255.255.0 ==> it is redundant as the 1 below does the same thing with more networks if there is inside side. You can delete it.
NAT (inside) 1 0.0.0.0 0.0.0.0Why are you doing this nat (outside)?
NAT (outside) 1 192.168.254.0 255.255.255.0
Here are the first questions that I have seen by reading through my mobile. Let's change this and let me know. I'll take a look later with a computer (tonight or tomorrow)
Thank you.
PS: Please do not forget to rate and score as good response if this solves your problem.
-
Cannot access the AIP SSM via ASDM
CISCO recommendations below:
Cannot access the AIP SSM via ASDM
Problem:
This error message appears on the GUI.
Error connecting to sensor. Error Loading Sensor error
Solution:
Make sure that the IPS SSM management interface is up/down and check his IP address configured, default gateway and the subnet mask. It is the interface to access the software from Cisco Adaptive Security Device Manager (ASDM) on the local computer. Try to ping the address of management of IPS SSM IP interface on the local computer that you want to access the ASDM. If it is impossible to do a ping check the ACLs on the sensor
----------------------------------------------------------------------------------------------------------------------------------------------
I've tried everything recommended above. I can ping the host ASDM the FW and the SSM-10 module. Well, I ping the host machine and the SSM of the ASDM. I opened as wide as possible ACL. I changed the IP addresses and masks several times. The management of the ASA port and the SSM and the PC are on the same subnet.
A trace of package from the PC to the SSM shows that it is blocked by an ACL rule, and yet I opened wide. I've seen this kind of problem before and it was solved by applying the double static NAT, but I don't know how to do that if all the IP addresses are on the same subnet.
Tried everything, need help from high level.
The IDM software that comes with ASDM does not support java 1.7. The portion of the ASDM ASA supports 1.7 but launch the IPS cmdlet works only with 1.6. The TAC enginner suggested that I use the IME (IPS Manager Express) which is available for free on the Cisco's (http://www.cisco.com/en/US/products/ps9610/tsd_products_support_general_information.html) Web site.
I've been playing with it today, and so far it seems to work pretty well.
-
ASA 5505 VPN cannot access inside the host
I have access remote VPN configuration on an ASA 5505, but cannot access the host or the AAS when I connect through the VPN. I can connect with the Cisco VPN client and the VPN is on on the SAA and it shows that I am connected. I have the correct Ip address, but I can't ping or you connect to one of the internal addresses. I can't find what I'm missing. I have the VPN without going through the ACL interface. Because I can connect but not going anywhere I'm sure I missed something.
framework for configuration below
interface Vlan1
nameif inside
security-level 100
10.1.1.1 IP address 255.255.255.0
IP local pool xxxx 10.1.1.50 - 10.1.1.55 mask 255.255.255.0
Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac
Crypto-map dynamic outside_dyn_map 20 set pfs
Crypto-map dynamic outside_dyn_map 20 the value transform-set ESP-3DES-SHA
PFS set 40 crypto dynamic-map outside_dyn_map
Crypto-map dynamic outside_dyn_map 40 value transform-set ESP-3DES-SHA
Crypto-map dynamic inside_dyn_map 20 set pfs
Crypto-map dynamic inside_dyn_map 20 the value transform-set ESP-3DES-SHA
map outside_map 65535-isakmp ipsec crypto dynamic outside_dyn_map
outside_map interface card crypto outside
map inside_map 65535-isakmp ipsec crypto dynamic inside_dyn_map
inside crypto map inside_map interface
crypto ISAKMP allow inside
crypto ISAKMP allow outside
crypto ISAKMP policy 10
preshared authentication
3des encryption
sha hash
Group 2
life 86400
global service-policy global_policy
XXXXXXX strategy of Group internal
attributes of the strategy group xxxxxxx
banner value xxxxx Site Recovery
WINS server no
24.xxx.xxx.xx value of DNS server
VPN-access-hour no
VPN - connections 3
VPN-idle-timeout 30
VPN-session-timeout no
VPN-filter no
Protocol-tunnel-VPN IPSec
Split-tunnel-policy tunnelall
by default no
disable secure authentication unit
disable authentication of the user
user-authentication-idle-timeout no
disable the IP-phone-bypass
disable the leap-bypass
disable the NEM
disable the NAC
NAC-sq-period 300
NAC-reval-period 36000
NAC-by default-acl no
the address value xxxxxx pools
enable Smartcard-Removal-disconnect
the firewall client no
WebVPN
url-entry functions
Free VPN of CNA no
No vpn-addr-assign aaa
No dhcp vpn-addr-assign
tunnel-group xxxx type ipsec-ra
tunnel-group xxxx general attributes
xxxx address pool
Group Policy - by default-xxxx
blountdr group of tunnel ipsec-attributes
pre-shared-key *.
Missing nat exemption for vpn clients. Add the following and you should be good to go.
inside_nat0_outbound list of allowed ip extended access any 192.168.10.0 255.255.255.0
NAT (inside) 0-list of access inside_nat0_outbound
-
Why my VPN clients cannot access network drives and resources?
I have a cisco asa 5505 configured to be a VPN gateway. I can dial using the anyconnect VPN client. The remote user is assigned an IP address to my specifications. However... The remote user cannot access network such as disks in network resources or the fax server. I've done everything I can to set the right settings NAT and ACLs, but in vain. I write my config... If someone can track down the problem. It would be appreciated!
: Saved
:
ASA Version 8.2 (5)
!
ciscoasa hostname
Cisco domain name
activate the password xxxxxxxxxxxxx
passwd xxxxxxxxxxxxxxxxx
names of
name 68.191.xxx.xxx outdoors
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan1
nameif inside
security-level 100
IP 192.168.201.200 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
IP address outside 255.255.255.0
!
passive FTP mode
DNS domain-lookup outside
DNS lookup field inside
DNS server-group DefaultDNS
192.168.201.1 server name
Cisco domain name
permit same-security-traffic inter-interface
permit same-security-traffic intra-interface
object-group Protocol TCPUDP
object-protocol udp
object-tcp protocol
object-group network obj - 192.168.201.0
FREE access-list extended ip 192.168.201.0 NAT allow 255.255.255.0 192.168.201.0 255.255.255.0
NAT-FREE 192.168.202.0 permits all ip extended access list 255.255.255.0
FREE access-list extended ip 192.168.202.0 NAT allow 255.255.255.0 any
Extended access list-NAT-FREE enabled a whole icmp
allow any scope to an entire ip access list
allow any scope to the object-group TCPUDP an entire access list
allow any scope to an entire icmp access list
inside_access_in of access allowed any ip an extended list
inside_access_in list extended access allow TCPUDP of object-group a
inside_access_in list extended access permit icmp any one
outside_access_in of access allowed any ip an extended list
outside_access_in list extended access allow TCPUDP of object-group a
outside_access_in list extended access permit icmp any one
Standard access list DefaultRAGroup_splitTunnelAcl allow 192.168.201.0 255.255.255.0
access extensive list ip 192.168.202.0 inside_nat0_outbound allow 255.255.255.0 192.168.201.0 255.255.255.0
inside_nat0_outbound list extended access permit icmp any one
inside_nat0_outbound_1 of access allowed any ip an extended list
pager lines 24
Enable logging
asdm of logging of information
Outside 1500 MTU
Within 1500 MTU
mask 192.168.202.1 - 192.168.202.50 255.255.255.0 IP local pool KunduVPN
ICMP unreachable rate-limit 1 burst-size 1
don't allow no asdm history
ARP timeout 14400
NAT-control
Global 1 interface (outside)
NAT (inside) 0 inside_nat0_outbound_1 list of outdoor access
NAT (inside) 1 192.168.201.0 255.255.255.0
Access-group outside_access_in in interface outside
inside_access_in access to the interface inside group
Route inside 0.0.0.0 0.0.0.0 192.168.201.1 1
Route inside 0.0.0.0 255.255.255.255 outdoor 1
Timeout xlate 03:00
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
Floating conn timeout 0:00:00
dynamic-access-policy-registration DfltAccessPolicy
Enable http server
http 192.168.201.0 255.255.255.0 inside
http 0.0.0.0 0.0.0.0 outdoors
No snmp server location
No snmp Server contact
Server enable SNMP traps snmp authentication linkup, linkdown cold start
Crypto ipsec transform-set esp-3des esp-sha-hmac TRANS_ESP_3DES_SHA
Crypto ipsec transform-set transit mode TRANS_ESP_3DES_SHA
Crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
Crypto ipsec transform-set ESP-DES-SHA esp - esp-sha-hmac
Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac
Crypto ipsec transform-set ESP-DES-MD5 esp - esp-md5-hmac
Crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
Crypto ipsec transform-set ESP-3DES-MD5-esp-3des esp-md5-hmac
Crypto ipsec transform-set ESP-AES-256-SHA 256 - aes - esp esp-sha-hmac
Crypto ipsec transform-set ESP-AES-128-SHA aes - esp esp-sha-hmac
Crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
Crypto ipsec transform-set ESP-AES-128-MD5-esp - aes esp-md5-hmac
life crypto ipsec security association seconds 28800
Crypto ipsec kilobytes of life - safety 4608000 association
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 pfs Group1 set
Crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 value transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA MD5-ESP-3DES ESP-DES-SHA ESP-DES-MD5
outside_map card crypto 65535-isakmp dynamic ipsec SYSTEM_DEFAULT_CRYPTO_MAP
outside_map interface card crypto outside
Crypto ca trustpoint ASDM_TrustPoint0
registration auto
name of the object CN = ciscoasa
Keypairs xxx
Proxy-loc-transmitter
Configure CRL
XXXXXXXXXXXXXXXXXXXXXXXX
quit smoking
crypto ISAKMP allow outside
crypto ISAKMP allow inside
crypto ISAKMP policy 10
authentication crack
aes-256 encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 20
authentication rsa - sig
aes-256 encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 30
preshared authentication
aes-256 encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 40
authentication crack
aes-192 encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 50
authentication rsa - sig
aes-192 encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 60
preshared authentication
aes-192 encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 70
authentication crack
aes encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 80
authentication rsa - sig
aes encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 90
preshared authentication
aes encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 100
authentication crack
3des encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 110
authentication rsa - sig
3des encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 120
preshared authentication
3des encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 130
authentication crack
the Encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 140
authentication rsa - sig
the Encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 150
preshared authentication
the Encryption
sha hash
Group 2
life 86400
Telnet timeout 5
SSH timeout 5
Console timeout 0
dhcpd outside auto_config
!
a basic threat threat detection
Statistics-list of access threat detection
no statistical threat detection tcp-interception
SSL-trust outside ASDM_TrustPoint0 point
WebVPN
allow outside
allow inside
SVC disk0:/anyconnect-win-2.5.2014-k9.pkg 1 image
enable SVC
tunnel-group-list activate
internal DefaultRAGroup group strategy
attributes of Group Policy DefaultRAGroup
value of 192.168.201.1 DNS server
VPN-tunnel-Protocol svc webvpn
Split-tunnel-policy tunnelspecified
value of Split-tunnel-network-list DefaultRAGroup_splitTunnelAcl
Cisco by default field value
attributes of Group Policy DfltGrpPolicy
Protocol-tunnel-VPN IPSec l2tp ipsec svc webvpn
WebVPN
SVC request enable
internal KunduVPN group strategy
attributes of Group Policy KunduVPN
WINS server no
value of 192.168.201.1 DNS server
VPN-tunnel-Protocol svc webvpn
Cisco by default field value
username xxxx
username xxxxx
VPN-group-policy DfltGrpPolicy
attributes global-tunnel-group DefaultRAGroup
address VPNIP pool
Group Policy - by default-DefaultRAGroup
IPSec-attributes tunnel-group DefaultRAGroup
pre-shared key *.
tunnel-group DefaultRAGroup ppp-attributes
ms-chap-v2 authentication
type tunnel-group KunduVPN remote access
attributes global-tunnel-group KunduVPN
address (inside) VPNIP pool
address pool KunduVPN
authentication-server-group (inside) LOCAL
Group Policy - by default-KunduVPN
tunnel-group KunduVPN webvpn-attributes
enable KunduVPN group-alias
allow group-url https://68.191.xxx.xxx/KunduVPN
!
class-map inspection_default
match default-inspection-traffic
!
!
type of policy-card inspect dns preset_dns_map
parameters
maximum message length automatic of customer
message-length maximum 512
Policy-map global_policy
class inspection_default
inspect the preset_dns_map dns
inspect the ftp
inspect h323 h225
inspect the h323 ras
inspect the rsh
inspect the rtsp
inspect esmtp
inspect sqlnet
inspect the skinny
inspect sunrpc
inspect xdmcp
inspect the sip
inspect the netbios
inspect the tftp
Review the ip options
!
global service-policy global_policy
context of prompt hostname
no remote anonymous reporting call
Cryptochecksum:c0e4540d4a07f2c544f0eddb653627cc
: end
don't allow no asdm history
Hello
What is the IP address of the hosts/servers LAN Gateway?
If this is not the ASA 'inside' interface IP address then I assume that the problem with VPN is simply routing.
For example, if your hosts/servers LAN wireless LAN gateway router then the following would happen to your Clients VPN connections.
- Forms of customers login VPN users through configuring wireless routers static PAT (Port Forward) to interface "inside" ASA
- Client VPN sends traffic through the VPN to ASA and again the host of the server or LAN.
- Host/server LAN sees the connection from a network other than the LAN (192.168.202.0/24) and therefore to forward traffic to the default gateway that would likely be the wireless router.
- Wireless router has no route to the network 192.168.202.0/24 (VPN Pool) and therefore uses its default route to the external network to forward traffic.
- Client VPN host never received the traffic back as transmitted sound on the external network and abandoned by the ISP
So if the above assumption is correct, then you would at least need a configuration of the road on the wireless router that tells the device to transfer traffic to the network 192.168.202.0/24 to the 192.168.201.200 gateway IP address (which is the SAA)
I would like to know if the installation is as described above.
-Jouni
-
asa5512 V8.6 nat web server cannot access
Hi all
asa5512 V8.6 nat web server cannot access.
my home pc can access www.cisco.com, but external client cannot access my web server inside...
all of my config, I do not know what is wrong.
Thank youe help.
ciscoasa #.
See the ciscoasa # running
ciscoasa # show running-config
: Saved
:
ASA 1.0000 Version 2
!
ciscoasa hostname
activate 2KFQnbNIdI.2KYOU encrypted password
2KFQnbNIdI.2KYOU encrypted passwd
names of
!
interface GigabitEthernet0/0
nameif outside
security-level 0
address IP XXX1 255.255.255.240
!
interface GigabitEthernet0/1
Shutdown
No nameif
no level of security
no ip address
!
interface GigabitEthernet0/2
Shutdown
No nameif
no level of security
no ip address
!
interface GigabitEthernet0/3
Description link to 3560 G0/1
Speed 1000
full duplex
nameif inside
security-level 100
192.168.1.13 IP address 255.255.255.0
!
interface GigabitEthernet0/4
Shutdown
No nameif
no level of security
no ip address
!
interface GigabitEthernet0/5
Shutdown
No nameif
no level of security
no ip address
!
interface Management0/0
nameif management
security-level 100
IP 192.168.100.1 address 255.255.255.0
!
!
time-range k3used
absolute starting 08:00 January 1, 2008
daily periodical 0:00 to 23:59
periodical daily 09:00-18:00
!
passive FTP mode
clock timezone BeiJing 8
network object obj - 192.168.1.0
subnet 192.168.1.0 255.255.255.0
network object obj - 192.168.200.0
192.168.200.0 subnet 255.255.255.0
network object obj - 192.168.1.2
host 192.168.1.2
network object obj - 192.168.1.2 - 01
host 192.168.1.2
network object obj - 192.168.1.19
Home 192.168.1.19
network object obj - 192.168.1.20
host 192.168.1.20
network object obj - 192.168.1.88
Home 192.168.1.88
network object obj - 192.168.1.1
host 192.168.1.1
network object obj - 192.168.1.2 - 02
host 192.168.1.2
network object obj - 192.168.1.6
host 192.168.1.6
object obj - X.X.X.3 network
Home X.X.X.3
object obj-tcp-source-eq-25 service
tcp source eq smtp service
obj-tcp-source-eq-110 service object
tcp source eq Microsoft pop3 service
object obj - X.X.X.10 network
Home X.X.X.10
obj-tcp-source-eq-8086 service object
tcp source eq 8086 service
obj-tcp-source-eq-80 service object
tcp source eq www service
network object obj - 192.168.1.1 - 01
host 192.168.1.1
obj-tcp-source-eq-3389 service object
source eq 3389 tcp service
obj-tcp-source-eq-9877 service object
tcp source eq 9877 service
obj-tcp-source-eq-21 service object
tcp source eq ftp service
object obj-tcp-source-eq-20 service
tcp source eq ftp service - data
network object obj - 192.168.2.88
Home 192.168.2.88
network object obj - 192.168.2.88 - 01
Home 192.168.2.88
network object obj - 192.168.2.88 - 02
Home 192.168.2.88
network object obj - 192.168.1.19 - 01
Home 192.168.1.19
network object obj - 192.168.2.2
host 192.168.2.2
network object obj - 192.168.2.2 - 01
host 192.168.2.2
network object obj - 192.168.2.2 - 02
host 192.168.2.2
network object obj - 192.168.3.2
host 192.168.3.2
network object obj - 192.168.3.2 - 01
host 192.168.3.2
network object obj - 192.168.3.2 - 02
host 192.168.3.2
object obj - X.X.X.9 network
Home X.X.X.9
obj-tcp-source-eq-8087 service object
tcp source eq 8087 service
network object obj - 192.168.1.200
host 192.168.1.200
network object obj - 192.168.1.200 - 01
host 192.168.1.200
network object obj - 192.168.1.30
host 192.168.1.30
network object obj - 192.168.1.30 - 01
host 192.168.1.30
network object obj - 192.168.1.1 - 02
host 192.168.1.1
object obj - X.X.X.6 network
Home X.X.X.6
obj-tcp-source-eq-8088 service object
tcp source eq 8088 service
network object obj - 192.168.3.5
Home 192.168.3.5
network object obj - 192.168.3.5 - 01
Home 192.168.3.5
network object obj - 192.168.3.5 - 02
Home 192.168.3.5
network object obj - 192.168.3.5 - 03
Home 192.168.3.5
network object obj - 192.168.3.5 - 04
Home 192.168.3.5
network object obj - 192.168.2.0
Subnet 192.168.2.0 255.255.255.0
network object obj - 192.168.3.0
subnet 192.168.3.0 255.255.255.0
network object obj - 192.168.4.0
subnet 192.168.4.0 255.255.255.0
network object obj - 192.168.5.0
192.168.5.0 subnet 255.255.255.0
network object obj - 192.168.6.0
192.168.6.0 subnet 255.255.255.0
network object obj - 192.168.7.0
192.168.7.0 subnet 255.255.255.0
network object obj - 192.168.8.0
192.168.8.0 subnet 255.255.255.0
vpn_list to access ip 192.168.1.0 scope list allow 255.255.255.0 192.168.200.0 255.255.255.0
vpn_list to access extended list ip 192.168.200.0 allow 255.255.255.0 192.168.1.0 255.255.255.0
access-list 101 extended deny ip any host 58.215.78.113
access-list 101 extended deny ip any host 61.139.126.81
access-list 101 extended deny ip any host 61.152.94.154
access-list 101 extended allow host ip 192.168.4.2 all
access-list 101 extended allow host ip 192.168.4.3 all
access-list 101 extended allow host ip 192.168.4.4 all
access-list 101 extended allow host ip 192.168.4.5 all
access-list 101 extended allow host ip 192.168.4.7 everything
access-list 101 extended permit ip host 192.168.4.8 all
access-list 101 extended permit ip host 192.168.4.9 all
access-list 101 extended permit ip host 192.168.4.10 all
access-list 101 extended allow host ip 192.168.4.11 all
access-list 101 extended allow host ip 192.168.4.12 all
access-list 101 extended allow host ip 192.168.4.13 all
access-list 101 extended allow host ip 192.168.4.14 all
access-list 101 extended allow host ip 192.168.4.15 all
access-list 101 extended allow host ip 192.168.4.16 all
access-list 101 extended allow host 192.168.4.18 ip everything
access-list 101 extended allow host ip 192.168.4.19 all
access-list 101 extended allow host ip 192.168.4.20 all
access-list 101 extended allow host ip 192.168.4.180 all
access-list 101 extended deny ip 192.168.4.0 255.255.255.0 any
access-list 101 extended allow host ip 192.168.2.176 all
access-list 101 extended allow icmp a whole
access-list 101 extended allow host ip 192.168.2.3 everything
access-list 101 extended allow host ip 192.168.2.164 all
access-list 101 extended allow host ip 192.168.2.171 all
access-list 101 extended allow host ip 192.168.2.142 all
access-list 101 extended allow host ip 192.168.2.180 all
access-list 101 extended allow host ip 192.168.2.149 all
access-list 101 extended allow host ip 192.168.2.201 all
access-list 101 extended allow host ip 192.168.2.170 all
access-list 101 extended allow host ip 192.168.2.168 all
access-list 101 extended allow host ip 192.168.2.103 everything
access-list 101 extended allow host ip 192.168.2.34 all
access-list 101 extended allow host ip 192.168.2.174 all
access-list 101 extended allow host ip 192.168.2.199 all
access-list 101 extended allow host ip 192.168.2.253 everything
access-list 101 extended allow host ip 192.168.2.236 all
access-list 101 extended allow host ip 192.168.2.214 all
access-list 101 extended allow host ip 192.168.2.110 everything
access-list 101 extended allow host ip 192.168.2.127 all
access-list 101 extended allow host ip 192.168.2.178 all
access-list 101 extended allow host ip 192.168.2.21 all
access-list 101 extended allow host ip 192.168.2.24 all
access-list 101 extended allow host ip 192.168.2.251 all
access-list 101 extended allow host ip 192.168.2.33 all
access-list 101 extended allow host ip 192.168.2.120 all
access-list 101 extended allow host ip 192.168.2.85 all
access-list 101 extended allow host ip 192.168.2.137 all
access-list 101 extended allow host ip 192.168.2.113 all
access-list 101 extended allow ip 192.168.2.20 host everything
access-list 101 extended allow host ip 192.168.2.101 everything
access-list 101 extended allow host ip 192.168.2.106 all
access-list 101 extended allow host ip 192.168.2.140 all
access-list 101 extended allow host ip 192.168.2.215 all
access-list 101 extended allow host ip 192.168.2.107 all
access-list 101 extended allow host ip 192.168.2.234 all
access-list 101 extended allow host ip 192.168.2.15 all
access-list 101 extended allow host ip 192.168.2.55 all
access-list 101 extended allow host ip 192.168.2.41 all
access-list 101 extended permit ip host 192.168.2.13 all
access-list 101 extended allow host ip 192.168.2.133 everything
access-list 101 extended allow host ip 192.168.2.73 all
access-list 101 extended allow host ip 192.168.2.172 all
access-list 101 extended allow host ip 192.168.2.175 all
access-list 101 extended allow host ip 192.168.2.88 all
access-list 101 extended allow host ip 192.168.2.188 all
access-list 101 extended allow host ip 192.168.2.136 all
access-list 101 extended allow host ip 192.168.2.74 all
access-list 101 extended allow host ip 192.168.2.12 everything
access-list 101 extended allow host ip 192.168.2.100 everything
access-list 101 extended allow host ip of 192.168.2.102 everything
access-list 101 extended allow host ip 192.168.2.152 all
access-list 101 extended allow ip 192.168.2.4 host everything
access-list 101 extended allow host ip 192.168.2.5 everything
access-list 101 extended allow host ip 192.168.2.6 everything
access-list 101 extended allow host ip 192.168.2.14 all
access-list 101 extended allow host ip 192.168.2.19 all
access-list 101 extended permit ip host 192.168.2.16 all
access-list 101 extended allow host ip 192.168.2.17 all
access-list 101 extended allow host ip 192.168.2.18 all
access-list 101 extended allow host ip 192.168.2.22 all
access-list 101 extended allow host ip 192.168.2.23 all
access-list 101 extended allow host ip 192.168.2.115 all
access-list 101 extended allow host ip 192.168.2.116 all
access-list 101 extended allow host ip 192.168.2.117 all
access-list 101 extended allow host ip 192.168.2.118 all
access-list 101 extended allow host ip 192.168.2.119 all
access-list 101 extended allow host ip 192.168.2.150 all
access-list 101 extended allow host ip 192.168.2.128 all
access-list 101 extended deny ip 192.168.2.0 255.255.255.0 any
access-list 101 extended allow ip 192.168.3.2 host everything
access-list 101 extended allow host ip 192.168.3.3 everything
access-list 101 extended permit ip host 192.168.3.4 everything
access-list 101 extended allow host ip 192.168.3.5 all
access-list 101 extended allow host ip 192.168.3.6 all
access-list 101 extended allow host ip 192.168.3.7 all
access-list 101 extended allow host ip 192.168.3.8 all
access-list 101 extended allow host ip 192.168.3.9 all
access-list 101 extended allow host ip 192.168.3.10 everything
access-list 101 extended allow host ip 192.168.3.11 all
access-list 101 extended allow host ip 192.168.3.12 all
access-list 101 extended allow host ip 192.168.3.13 all
access-list 101 extended allow host ip 192.168.3.14 all
access-list 101 extended allow host ip 192.168.3.15 everything
access-list 101 extended allow host ip 192.168.3.16 all
access-list 101 extended allow host ip 192.168.3.17 everything
access-list 101 extended allow host ip 192.168.3.18 all
access-list 101 extended allow host ip 192.168.3.19 all
access-list 101 extended allow host ip 192.168.3.20 everything
access-list 101 extended permit ip host 192.168.3.21 all
access-list 101 extended allow host ip 192.168.3.22 all
access-list 101 extended allow host ip 192.168.3.23 all
access-list 101 extended allow host ip 192.168.3.24 everything
access-list 101 extended allow host ip 192.168.3.25 all
access-list 101 extended allow host ip 192.168.3.26 all
access-list 101 extended allow host ip 192.168.3.27 all
access-list 101 extended allow host ip 192.168.3.28 all
access-list 101 extended allow host ip 192.168.3.29 all
access-list 101 extended allow host ip 192.168.3.30 all
access-list 101 extended allow host ip 192.168.3.31 all
access-list 101 extended allow host ip 192.168.3.32 all
access-list 101 extended allow host ip 192.168.3.33 all
access-list 101 extended allow host ip 192.168.3.34 all
access-list 101 extended allow host ip 192.168.3.35 all
access-list 101 extended allow host ip 192.168.3.36 all
access-list 101 extended allow host ip 192.168.3.37 all
access-list 101 extended allow host ip 192.168.3.38 all
access-list 101 extended allow host ip 192.168.3.39 all
access-list 101 extended allow host ip 192.168.3.40 all
access-list 101 extended allow host ip 192.168.3.41 all
access-list 101 extended allow host ip 192.168.3.42 all
access-list 101 extended allow host ip 192.168.3.43 all
access-list 101 extended allow host ip 192.168.3.86 all
access-list 101 extended allow host ip 192.168.3.88 all
access-list 101 extended allow host ip 192.168.3.89 all
access-list 101 extended allow host ip 192.168.3.56 all
access-list 101 extended allow host ip 192.168.3.55 all
access-list 101 extended allow host ip 192.168.3.96 all
access-list 101 extended allow host ip 192.168.3.97 all
access-list 101 extended allow host ip 192.168.3.98 all
access-list 101 extended allow host ip 192.168.3.116 all
access-list 101 extended allow host ip 192.168.3.111 all
access-list 101 extended allow host ip 192.168.3.175 all
access-list 101 extended allow host ip 192.168.3.176 all
access-list 101 extended allow host ip 192.168.3.201 all
access-list 101 extended allow host ip 192.168.3.202 all
access-list 101 extended allow host ip 192.168.3.203 all
access-list 101 extended allow host ip 192.168.3.204 all
access-list 101 extended allow host ip 192.168.3.205 all
access-list 101 extended allow host ip 192.168.3.206 all
access-list 101 extended allow host ip 192.168.3.207 all
access-list 101 extended allow host ip 192.168.3.208 all
access-list 101 extended allow host ip 192.168.3.209 all
access-list 101 extended allow host ip 192.168.3.210 all
access-list 101 extended allow host ip 192.168.3.213 all
access-list 101 extended allow host ip 192.168.3.214 all
access-list 101 extended allow host ip 192.168.3.215 all
access-list 101 extended allow host ip 192.168.3.101 all
access-list 101 extended allow host ip 192.168.3.102 all
access-list 101 extended allow host ip 192.168.3.103 all
access-list 101 extended allow host ip 192.168.3.106 all
access-list 101 extended allow host ip 192.168.3.107 all
access-list 101 extended allow host ip 192.168.3.152 all
access-list 101 extended allow host ip 192.168.3.151 all
access-list 101 extended allow host ip 192.168.3.153 all
access-list 101 extended allow host ip 192.168.3.195 all
access-list 101 extended allow host ip 192.168.3.45 all
access-list 101 extended allow host ip 192.168.3.46 all
access-list 101 extended allow host ip 192.168.3.199 all
access-list 101 extended allow host ip 192.168.3.157 all
access-list 101 extended refuse 192.168.3.0 ip 255.255.255.0 any
access-list 101 extended allow tcp a whole
access list 101 scope ip allow a whole
vpnclient_splitTunnelAcl list standard access allowed 192.168.1.0 255.255.255.0
2 extended access-list permit ip 192.168.2.0 255.255.255.0 any
3 extended access-list allow ip 192.168.3.0 255.255.255.0 any
4 extended access-list allow ip 192.168.4.0 255.255.255.0 any
access-list extended 500 k permit ip host XXX1 everything
access-list extended 500 k allow icmp host XXX1 everything
access-list 102 extended allow host ip 192.168.1.6 everything
access-list extended 100 permit tcp any host 192.168.1.1 eq www
access-list extended 100 permit tcp any host 192.168.1.1 eq 8080
access-list extended 100 permit tcp any host X.X.X.4
access-list extended 100 permit ip any host X.X.X.4
access-list extended 100 permit icmp any host X.X.X.4
access-list extended 100 permit tcp any host 192.168.1.6 eq smtp
access-list extended 100 permit tcp any host 192.168.1.6 eq pop3
access-list extended 100 permit tcp any host 192.168.1.6 eq www
access-list extended 100 permit tcp any host 192.168.1.6
access-list 100 scope ip allow any host 192.168.1.6
access-list extended 100 permit icmp any host 192.168.1.6
access-list extended 100 permit tcp any host 192.168.1.19 eq 3389
access-list extended 100 permit tcp any host 192.168.1.20 eq 3389
access-list extended 100 permit tcp any host 192.168.1.88 eq 3389
access-list extended 100 permit tcp any host X.X.X.12
access-list extended 100 permit ip any host X.X.X.12
access-list extended 100 permit icmp any host X.X.X.12
access-list extended 100 permit tcp any host 192.168.1.6 eq 8086
access-list extended 100 permit tcp any host 192.168.1.1 eq 3389
access-list extended 100 permit tcp any host 192.168.1.6 eq 3389
access-list extended 100 permit tcp any host 192.168.1.6 eq ftp
access-list extended 100 permit tcp any host 192.168.1.6 eq ftp - data
access-list extended 100 permit tcp any host 192.168.2.88 eq 3389
access-list extended 100 permit tcp any host 192.168.2.88 eq 12172
access-list extended 100 permit tcp any host 192.168.2.2 eq 3389
access-list extended 100 permit tcp any host 192.168.2.2 eq 9116
access-list extended 100 permit tcp any host 192.168.3.2 eq 25243
access-list extended 100 permit tcp any host 192.168.3.2 eq 3389
access-list extended 100 permit tcp any host 192.168.1.200 eq www
access-list extended 100 permit tcp any host 192.168.1.200 eq 12001
access-list extended 100 permit tcp any host 192.168.1.30 eq 3389
access-list extended 100 permit tcp any host 192.168.3.5 eq 4160
access-list extended 100 permit tcp any host 192.168.3.5 eq 11111
access-list extended 100 permit tcp any host 192.168.3.5 eq 3389
access-list extended 100 permit tcp any host X.X.X.10
access-list extended 100 permit udp any host 192.168.2.88 eq 12172
access-list extended 100 permit udp any host 192.168.2.2 eq 9116
access-list extended 100 permit udp any host 192.168.3.2 eq 25243
access-list extended 100 permit udp any host 192.168.3.5 eq 4170
access-list extended 100 permit udp any host 192.168.3.5 eq 11111
access-list extended 100 permit ip any host X.X.X.10
access-list extended 100 permit tcp any host 192.168.1.6 eq 8087
access-list extended 100 permit tcp any host X.X.X.9
access-list extended 100 permit ip any host X.X.X.9
access-list extended 100 permit tcp any host 192.168.1.30 eq www
access-list extended 100 permit tcp any host X.X.X.5
access-list extended 100 permit ip any host X.X.X.5
access-list extended 100 permit icmp a whole
access-list extended 100 permit tcp any host 192.168.1.6 eq 8088
access-list extended 100 permit ip any host X.X.X.6
access-list extended 100 permit tcp any host X.X.X.6
access list extended 100 permit tcp host 61.186.169.129 host 192.168.1.2 eq 5872 times-range k3used
access list extended 100 permit tcp host 61.186.169.129 host 192.168.1.2 eq 8088 times-range k3used
access list extended 100 permit tcp host 61.186.169.129 host 192.168.1.2 eq 3389 times-range k3used
allowed extended access list 100 tcp host 61.186.169.129 host 192.168.1.19 eq www time-range k3used
access-list extended 100 permit tcp host 61.186.169.129 X.X.X.2 time-range k3used
access list extended 100 permit tcp host 61.186.169.130 host 192.168.1.2 eq 5872 times-range k3used
access list extended 100 permit tcp host 61.186.169.130 host 192.168.1.2 eq 8088 times-range k3used
access list extended 100 permit tcp host 61.186.169.130 host 192.168.1.2 eq 3389 times-range k3used
allowed extended access list 100 tcp host 61.186.169.130 host 192.168.1.19 eq www time-range k3used
access-list extended 100 permit tcp host 61.186.169.130 X.X.X.2 time-range k3used
access list extended 100 permit tcp host 61.186.169.131 host 192.168.1.2 eq 5872 times-range k3used
access list extended 100 permit tcp host 61.186.169.131 host 192.168.1.2 eq 8088 times-range k3used
access list extended 100 permit tcp host 61.186.169.131 host 192.168.1.2 eq 3389 times-range k3used
allowed extended access list 100 tcp host 61.186.169.131 host 192.168.1.19 eq www time-range k3used
access-list extended 100 permit tcp host 61.186.169.131 X.X.X.2 time-range k3used
access list extended 100 permit tcp host 61.186.169.132 host 192.168.1.2 eq 5872 times-range k3used
access list extended 100 permit tcp host 61.186.169.132 host 192.168.1.2 eq 8088 times-range k3used
access list extended 100 permit tcp host 61.186.169.132 host 192.168.1.2 eq 3389 times-range k3used
allowed extended access list 100 tcp host 61.186.169.132 host 192.168.1.19 eq www time-range k3used
access-list extended 100 permit tcp host 61.186.169.132 X.X.X.2 time-range k3used
access list extended 100 permit tcp host 61.186.169.133 host 192.168.1.2 eq 5872 times-range k3used
access list extended 100 permit tcp host 61.186.169.133 host 192.168.1.2 eq 8088 times-range k3used
access list extended 100 permit tcp host 61.186.169.133 host 192.168.1.2 eq 3389 times-range k3used
allowed extended access list 100 tcp host 61.186.169.133 host 192.168.1.19 eq www time-range k3used
access-list extended 100 permit tcp host 61.186.169.133 X.X.X.2 time-range k3used
access-list extended 100 permit ip host 61.186.169.129 X.X.X.2 time-range k3used
access-list extended 100 permit ip host 61.186.169.130 X.X.X.2 time-range k3used
access-list extended 100 permit ip host 61.186.169.131 X.X.X.2 time-range k3used
access-list extended 100 permit ip host 61.186.169.132 X.X.X.2 time-range k3used
access-list extended 100 permit ip host 61.186.169.133 X.X.X.2 time-range k3used
access-list extended 100 permit icmp host 61.186.169.129 X.X.X.2 time-range k3used
access-list extended 100 permit icmp host 61.186.169.130 X.X.X.2 time-range k3used
access-list extended 100 permit icmp host 61.186.169.131 X.X.X.2 time-range k3used
access-list extended 100 permit icmp host 61.186.169.132 X.X.X.2 time-range k3used
access-list extended 100 permit icmp host 61.186.169.133 X.X.X.2 time-range k3used
access list extended 100 permit tcp host 183.64.106.194 host 192.168.1.2 eq 5872 times-range k3used
access list extended 100 permit tcp host 183.64.106.194 host 192.168.1.2 eq 8088 times-range k3used
access list extended 100 permit tcp host 183.64.106.194 host 192.168.1.2 eq 3389 times-range k3used
allowed extended access list 100 tcp host 183.64.106.194 host 192.168.1.19 eq www time-range k3used
access-list extended 100 permit tcp host 183.64.106.194 X.X.X.2 time-range k3used
access-list extended 100 permit ip host 183.64.106.194 X.X.X.2 time-range k3used
access-list extended 100 permit icmp host 183.64.106.194 X.X.X.2 time-range k3used
access list extended 100 permit tcp host 183.64.106.195 host 192.168.1.2 eq 5872 times-range k3used
access list extended 100 permit tcp host 183.64.106.195 host 192.168.1.2 eq 8088 times-range k3used
access list extended 100 permit tcp host 183.64.106.195 host 192.168.1.2 eq 3389 times-range k3used
allowed extended access list 100 tcp host 183.64.106.195 host 192.168.1.19 eq www time-range k3used
access-list extended 100 permit tcp host 183.64.106.195 X.X.X.2 time-range k3used
access-list extended 100 permit ip host 183.64.106.195 X.X.X.2 time-range k3used
access-list extended 100 permit icmp host 183.64.106.195 X.X.X.2 time-range k3used
access list extended 100 permit tcp host 14.107.162.32 host 192.168.1.2 eq 5872 times-range k3used
access list extended 100 permit tcp host 14.107.162.32 host 192.168.1.2 eq 8088 times-range k3used
access list extended 100 permit tcp host 14.107.162.32 host 192.168.1.2 eq 3389 times-range k3used
allowed extended access list 100 tcp host 14.107.162.32 host 192.168.1.19 eq www time-range k3used
access-list extended 100 permit tcp host 14.107.162.32 X.X.X.2 time-range k3used
access-list extended 100 permit ip host 14.107.162.32 X.X.X.2 time-range k3used
access-list extended 100 permit icmp host 14.107.162.32 X.X.X.2 time-range k3used
access list extended 100 permit tcp host 14.107.247.121 host 192.168.1.2 eq 5872 times-range k3used
access list extended 100 permit tcp host 14.107.247.121 host 192.168.1.2 eq 8088 times-range k3used
access list extended 100 permit tcp host 14.107.247.121 host 192.168.1.2 eq 3389 times-range k3used
allowed extended access list 100 tcp host 14.107.247.121 host 192.168.1.19 eq www time-range k3used
access-list extended 100 permit tcp host 14.107.247.121 X.X.X.2 time-range k3used
access-list extended 100 permit ip host 14.107.247.121 X.X.X.2 time-range k3used
access-list extended 100 permit icmp host 14.107.247.121 X.X.X.2 time-range k3used
access list extended 100 permit tcp host 61.128.208.106 host 192.168.1.2 eq 5872 times-range k3used
access list extended 100 permit tcp host 61.128.208.106 host 192.168.1.2 eq 8088 times-range k3used
access list extended 100 permit tcp host 61.128.208.106 host 192.168.1.2 eq 3389 times-range k3used
allowed extended access list 100 tcp host 61.128.208.106 host 192.168.1.19 eq www time-range k3used
access-list extended 100 permit tcp host 61.128.208.106 X.X.X.2 time-range k3used
access-list extended 100 permit ip host 61.128.208.106 X.X.X.2 time-range k3used
access-list extended 100 permit icmp host 61.128.208.106 X.X.X.2 time-range k3used
access-list 100 extended tcp refuse any host 192.168.1.2 eq 5872
access-list 100 extended tcp refuse any host 192.168.1.2 eq 8088
access-list 100 extended tcp refuse any host 192.168.1.2 eq 3389
access-list 100 extended tcp refuse any host 192.168.1.19 eq www
access-list 100 extended tcp refuse any host X.X.X.2
access-list extended 100 deny ip any host X.X.X.2
access-list extended 100 refuse icmp any host X.X.X.2
pager lines 24
Outside 1500 MTU
Within 1500 MTU
management of MTU 1500
IP local pool 192.168.200.1 - 192.168.200.20 mask 255.255.255.0 vpn_pool
ICMP unreachable rate-limit 1 burst-size 1
don't allow no asdm history
ARP timeout 14400
NAT (inside, all) source static obj - obj - 192.168.1.0 destination 192.168.1.0 static obj - 192.168.200.0 obj - 192.168.200.0 non-proxy-arp
NAT (inside, all) source static obj - 192.168.200.0 obj - 192.168.200.0 destination static obj - 192.168.1.0 obj - 192.168.1.0 non-proxy-arp
NAT (inside, outside) source static obj - 192.168.1.6 obj - X.X.X.3 service obj-tcp-source-eq-25 obj-tcp-source-eq-25
NAT (inside, outside) source static obj - 192.168.1.6 obj - X.X.X.3 service obj-tcp-source-eq-110 obj-tcp-source-eq-110
NAT (inside, outside) source static obj - 192.168.1.6 obj - X.X.X.10 service obj-tcp-source-eq-8086 obj-tcp-source-eq-80
NAT (inside, outside) source static obj - 192.168.1.6 obj - X.X.X.10 service obj-tcp-source-eq-3389 obj-tcp-source-eq-9877
NAT (inside, outside) source static obj - 192.168.1.6 obj - X.X.X.10 service obj-tcp-source-eq-21 obj-tcp-source-eq-21
NAT (inside, outside) source static obj - 192.168.1.6 obj - X.X.X.10 service obj-tcp-source-eq-20 obj-tcp-source-eq-20
NAT (inside, outside) source static obj - 192.168.1.6 obj - X.X.X.9 service obj-tcp-source-eq-8087 obj-tcp-source-eq-80
NAT (inside, outside) source static obj - 192.168.1.6 obj - X.X.X.6 service obj-tcp-source-eq-8088 obj-tcp-source-eq-80
NAT (inside, outside) source static obj - 192.168.1.6 obj - X.X.X.3 service obj-tcp-source-eq-80 obj-tcp-source-eq-80
NAT (inside, outside) source dynamic obj - 192.168.1.6 obj - X.X.X.3
!
network object obj - 192.168.1.0
NAT dynamic interface (indoor, outdoor)
network object obj - 192.168.200.0
NAT dynamic interface (indoor, outdoor)
network object obj - 192.168.1.2
NAT (inside, outside) Static X.X.X.2 5872 5872 tcp service
network object obj - 192.168.1.2 - 01
NAT (inside, outside) Static X.X.X.2 8088 8088 tcp service
network object obj - 192.168.1.19
NAT (inside, outside) Static X.X.X.12 tcp 3389 8001 service
network object obj - 192.168.1.20
NAT (inside, outside) Static X.X.X.12 tcp 3389 8002 service
network object obj - 192.168.1.88
NAT (inside, outside) Static X.X.X.12 tcp 3389 12345 service
network object obj - 192.168.1.1
NAT (inside, outside) Static X.X.X.4 tcp www www service
network object obj - 192.168.1.2 - 02
NAT (inside, outside) Static X.X.X.2 service tcp 3389 8005
network object obj - 192.168.1.1 - 01
NAT (inside, outside) Static X.X.X.10 tcp 3389 9876 service
network object obj - 192.168.2.88
NAT (inside, outside) Static X.X.X.10 tcp 3389 3129 service
network object obj - 192.168.2.88 - 01
NAT (inside, outside) Static X.X.X.10 12172 12172 tcp service
network object obj - 192.168.2.88 - 02
NAT (inside, outside) Static X.X.X.10 service udp 12172 12172
network object obj - 192.168.1.19 - 01
NAT (inside, outside) Static X.X.X.2 service tcp www 8056
network object obj - 192.168.2.2
NAT (inside, outside) Static X.X.X.10 3389 3128 tcp service
network object obj - 192.168.2.2 - 01
NAT (inside, outside) Static X.X.X.10 9116 9116 tcp service
network object obj - 192.168.2.2 - 02
NAT (inside, outside) Static X.X.X.10 service udp 9116 9116
network object obj - 192.168.3.2
NAT (inside, outside) Static X.X.X.10 25243 25243 tcp service
network object obj - 192.168.3.2 - 01
NAT (inside, outside) Static X.X.X.10 service udp 25243 25243
network object obj - 192.168.3.2 - 02
NAT (inside, outside) Static X.X.X.10 tcp 3389 3130 service
network object obj - 192.168.1.200
NAT (inside, outside) Static X.X.X.10 service tcp www 1114
network object obj - 192.168.1.200 - 01
NAT (inside, outside) Static X.X.X.10 12001 12001 tcp service
network object obj - 192.168.1.30
NAT (inside, outside) Static X.X.X.5 tcp www www service
network object obj - 192.168.1.30 - 01
NAT (inside, outside) Static X.X.X.10 tcp 3389 9878 service
network object obj - 192.168.1.1 - 02
NAT (inside, outside) Static X.X.X.4 8080 8080 tcp service
network object obj - 192.168.3.5
NAT (inside, outside) Static X.X.X.10 4160 4160 tcp service
network object obj - 192.168.3.5 - 01
NAT (inside, outside) Static X.X.X.10 service udp 4170 4170
network object obj - 192.168.3.5 - 02
NAT (inside, outside) Static X.X.X.10 11111 11111 tcp service
network object obj - 192.168.3.5 - 03
NAT (inside, outside) Static X.X.X.10 tcp 3389 3127 service
network object obj - 192.168.3.5 - 04
NAT (inside, outside) Static X.X.X.10 11111 11111 udp service
network object obj - 192.168.2.0
NAT dynamic interface (indoor, outdoor)
network object obj - 192.168.3.0
NAT dynamic interface (indoor, outdoor)
network object obj - 192.168.4.0
NAT dynamic interface (indoor, outdoor)
network object obj - 192.168.5.0
NAT dynamic interface (indoor, outdoor)
network object obj - 192.168.6.0
NAT dynamic interface (indoor, outdoor)
network object obj - 192.168.7.0
NAT dynamic interface (indoor, outdoor)
network object obj - 192.168.8.0
NAT dynamic interface (indoor, outdoor)
Access-group 100 in external interface
Access-group 101 in the interface inside
Route outside 0.0.0.0 0.0.0.0 X.X.X.14 1
Route inside 192.168.2.0 255.255.255.0 192.168.1.12 1
Route inside 192.168.3.0 255.255.255.0 192.168.1.12 1
Route inside 192.168.4.0 255.255.255.0 192.168.1.12 1
Route inside 192.168.5.0 255.255.255.0 192.168.1.12 1
Route inside 192.168.6.0 255.255.255.0 192.168.1.12 1
Timeout xlate 03:00
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
Floating conn timeout 0:00:00
dynamic-access-policy-registration DfltAccessPolicy
identity of the user by default-domain LOCAL
Enable http server
No snmp server location
No snmp Server contact
Server enable SNMP traps snmp authentication linkup, linkdown warmstart of cold start
Crypto ipsec transform-set esp - esp-md5-hmac ikev1 vpn_set
Crypto-map dynamic vpn_map 10 set transform-set vpn_set ikev1
Crypto-map dynamic vpn_map 10 the value reverse-road
vpnmap 10 card crypto ipsec-isakmp dynamic vpn_map
vpnmap interface card crypto outside
Crypto ikev1 allow outside
IKEv1 crypto policy 1
preshared authentication
the Encryption
md5 hash
Group 2
life 86400
IKEv1 crypto policy 65535
preshared authentication
3des encryption
sha hash
Group 2
life 86400
Telnet 0.0.0.0 0.0.0.0 inside
Telnet 192.168.1.0 255.255.255.0 inside
Telnet timeout 5
SSH 0.0.0.0 0.0.0.0 outdoors
SSH timeout 30
SSH version 1
Console timeout 0
a basic threat threat detection
Statistics-list of access threat detection
no statistical threat detection tcp-interception
Server NTP 192.43.244.18
internal group vpnclient strategy
vpnclient group policy attributes
value of server DNS 61.128.128.68
Ikev1 VPN-tunnel-Protocol
Split-tunnel-policy tunnelspecified
value of Split-tunnel-network-list vpnclient_splitTunnelAcl
cisco 3USUcOPFUiMCO4Jk encrypted password username
type tunnel-group vpn_group remote access
tunnel-group vpn_group General-attributes
address vpn_pool pool
Group Policy - by default-vpnclient
vpn_group group of tunnel ipsec-attributes
IKEv1 pre-shared-key *.
!
class-map 500 k
matches the access list 500 k
class-map inspection_default
match default-inspection-traffic
class-map 2
matches the access list 2
PAM-class 3
matches the access list 3
class-map 4
corresponds to the list of access-4
!
!
type of policy-card inspect dns preset_dns_map
parameters
maximum message length automatic of customer
message-length maximum 512
Policy-map global_policy
class inspection_default
inspect the preset_dns_map dns
inspect the ftp
inspect h323 h225
inspect the h323 ras
Review the ip options
inspect the netbios
inspect the rsh
inspect the rtsp
inspect the skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect the tftp
inspect the sip
inspect xdmcp
Policy-map 500 k
500 k class
Policy-map 2
class 2
class 3
class 4
!
global service-policy global_policy
context of prompt hostname
remote anonymous reporting call invites 2
call-home
Profile of CiscoTAC-1
no active account
http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address
email address of destination [email protected] / * /
destination-mode http transport
Subscribe to alert-group diagnosis
Subscribe to alert-group environment
Subscribe to alert-Group 13 monthly periodic inventory
Subscribe to alert-group configuration periodic monthly 13
daily periodic subscribe to alert-group telemetry
Cryptochecksum:ecead54d7c85807eb47c7cdaf7d7e82a
: end
ciscoasa# $
ciscoasa #.
ciscoasa #.
Hello
You have changed the source IP address of the order I suggested?
There is no reason to use the 192.168.1.1 IP address as the source of this command "packet - trace" that the source will NEVER be this IP address, because it is a private IP not routable on the public Internet.
Then you can try with the order I suggested.
entry Packet-trace out tcp 1.1.1.1 12345 61.186.236.4 80
I guess that the above command / test failed because you were using the real server IP address as the IP source for the test.
-Jouni
-
Cannot access page Plugin-based PDB (protein Data Base)
OS: MacOS Yosemite 10.10.3. Cannot access the http://www.callutheran.edu/Academic_P.../lzipmast.htm Web page that uses a plugin of the PDB. I don't know if there are plugins for this format (s?), in FireFox, or anything else besides. Safari reports that "the sype file not specified", so maybe there is a mistake in the Web page itself (humor: "these biologists are sloppy with their microscopes to $5 million and more, but they don't know much about computers..")
This page has not been modified since before that Firefox is a browser. There is probably a plugin for Internet Explorer v6 that will display that content. But you'll need a computer with Windows XP SP1 which is never updated Internet Explorer, and then find and install the plugin to make it work.
You can download the file directly, if you want to try to find a program that will open its doors this: http://www.callutheran.edu/Academic_Programs/Departments/BioDev/omm/lzipper/pdbs/lzipdna1.pdb
-
Firefox starts, but cannot access any website.same issue is experienced with Chrome, not Explorer
Hello, I have a problem with surfing with Firefox. The browser starts but cannot access any Web site. The same question is experienced with Google Chrome. However, Internet Explorer works smoothly. Thank you
Some problems occurs when your Internet security program has been implemented.
trust the previous version of Firefox, but not more acknowledges your
update as being approved. Now how do I solve the problem: to allow
Firefox to connect to the Internet- Make sure your Internet security software is up-to-date (for example, you are using the latest version).
- Delete Firefox to list your program of programs approved or recognized. For detailed instructions, see
Configure the firewall so that Firefox can access the Internet. {web link}
-
TypeError: Error #1009: cannot access a property or method of a null object reference?
Mr President.
I updated firefox and always this type of problem
every time I tried to open the flash game site iam getting this question. sometimes IE browser cannot open it too much.
"".... TypeError: Error #1009: cannot access a property or method of a null object reference.
to ASGames / fun_Menu)
to ASGames / frame2)
at flash.display::MovieClip/gotoAndStop()
to WeddingTianaDressup_fla::Timeline_102 / playGames ()... » »but the same site can be opened in other browsers in the same pc... but the same site a user goes to another computer on the browser firefox itself. How do not know where is the problem... ?
so please, some can help hu?Dear Sir.
Thanks for your answer...! I did what you said but it doesn't work. new iam having the same problem...! -
cannot access the internet after upgrading to firefox 30.0 on windows 7
After the upgrade to firefox 30.0 on windows 7, cannot access the internet. FF 30.0 works OK under Vista
Sometimes it's because of your security software thinking that the upgrade may not be legitimate. You can consult this article: problems connecting to websites after Firefox update.
-
Cannot access Firefox shows the missing profile or inaccessible is there an easy solution?
cannot access Firefox shows the missing profile or unreachable is there a solution I'm not a computer expert
Hello d2burnett, tryp press windows key + R and open %appdata%\Mozilla\Firefox\ - then rename the file called profiles.ini to something like oldprofiles.ini...
-
Facebook cannot access the photo library
When I try (on a Macbook Pro) 'create album' or 'add photos' on the women's FB page, I can see, but cannot access its photo library. Why? I can, however, access the photos directory - unfortunately, uses Photo pictures are not stored there. Apple told me that they no longer support iPhoto, but were instead switching to 'Photos '. So that's where all the images are imported from the camera. WTH? It shouldn't be this difficult.
When you use a web browser or any other application that uses the media browser, you can access your own library of Photos of system, but not of other libraries of Photos. Only libraries can be designated as the library of the system at the same time.
The photo library of the system will be available from the sidebar of the selector Panel of file like this:
-
has sent that a gift of music to a friend in france Spain and friend album cannot access the gift
Hi, I bought an album in itunes with a french account and sent to a friend with a Spanish account. It cannot access my gift.
Generally gifts iTunes Store cannot be exchanged outside the country of issue. Have your friend return the gift.
iTunes: send gifts iTunes - http://support.apple.com/HT201783 - 'learning to send gifts iTunes from the iTunes Store, iBooks Store and App Store. In the iTunes Store, you can offer an amount in dollars or pounds, audio books, music, movies, TV shows or applications on your iPhone, iPod touch, iPad, Mac or PC. »
"When you buy a gift from iTunes, you must have a credit card valid at the folder; You cannot buy an iTunes gift with in-store credit. If you use the sharing of family and ask to buy is activated on your account, you are unable to buy gifts. You cannot redeem gifts purchased outside the country of purchase. For example, an iTunes gift bought in France cannot be exchanged outside the France iTunes store. You can contact the Apple Support to cancel an iTunes gift until two days before the scheduled delivery. »
Maybe you are looking for
-
Need to Fingerprint software for x 32 windows Satellite A200
I installed Windows 7 x 86 on my Satellite A200 (PSAE6), and I do not have driver for Fingerprint Software.It s available for x 32 install but don t work Please help me find Fingerprint Software for fingerprint sensor. Post edited by: Mikizla-nk
-
DesignJet T770: DesignJet T770 will not print in color
After you move a DesignJet T770 44 inch queue from a Windows 2003 server to a Server Windows 2012 R2 the T770 will not print in color. The general tab on the properties T770 printer States ' color: No. '. Yet once on the printer properties on the ta
-
Need the rubber of the mouse for my Satellite Pro 4600
Hiya. I have a satellite pro 4600 and I need the rubber mouse in the middle of the keyboard like mine is really worn. No idea where I could purchase one? Thank you. [email protected]
-
HP 110-219: replacement motherboard
Hello guys. its my first time posting a question and I would ask to recommend what motherboard to buy as a replacement for my current. I would like to put a graphic as a 960 gtx card but the motherboard doesn't have pcie connectors and the graphics c
-
I have installed new copy of windows 7 the previous day, but the date has been set on March 22, 2010 on my pc, rather than actual March 21 2010.Can therefor slice past updates?