Cisco ASA 5515 - Anyconnect users cannot ping other users Anyconnect. How can I allow icmp between Anyconnect users traffic?
Configuration of the ASA is below!
ASA Version 9.1 (1)
!
ASA host name
domain xxx.xx
names of
local pool VPN_CLIENT_POOL 192.168.12.1 - 192.168.12.254 255.255.255.0 IP mask
!
interface GigabitEthernet0/0
nameif inside
security-level 100
192.168.11.1 IP address 255.255.255.0
!
interface GigabitEthernet0/1
Description Interface_to_VPN
nameif outside
security-level 0
IP 111.222.333.444 255.255.255.240
!
interface GigabitEthernet0/2
Shutdown
No nameif
no level of security
no ip address
!
interface GigabitEthernet0/3
Shutdown
No nameif
no level of security
no ip address
!
interface GigabitEthernet0/4
Shutdown
No nameif
no level of security
no ip address
!
interface GigabitEthernet0/5
Shutdown
No nameif
no level of security
no ip address
!
interface Management0/0
management only
nameif management
security-level 100
192.168.5.1 IP address 255.255.255.0
!
passive FTP mode
DNS server-group DefaultDNS
www.ww domain name
permit same-security-traffic intra-interface
the object of the LAN network
subnet 192.168.11.0 255.255.255.0
LAN description
network of the SSLVPN_POOL object
255.255.255.0 subnet 192.168.12.0
VPN_CLIENT_ACL list standard access allowed 192.168.11.0 255.255.255.0
pager lines 24
Enable logging
asdm of logging of information
Within 1500 MTU
Outside 1500 MTU
management of MTU 1500
no failover
ICMP unreachable rate-limit 1 burst-size 1
ASDM image disk0: / asdm - 711.bin
don't allow no asdm history
ARP timeout 14400
no permit-nonconnected arp
NAT (exterior, Interior) static source SSLVPN_POOL SSLVPN_POOL static destination LAN LAN
Route outside 0.0.0.0 0.0.0.0 111.222.333.443 1
Timeout xlate 03:00
Pat-xlate timeout 0:00:30
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
Floating conn timeout 0:00:00
dynamic-access-policy-registration DfltAccessPolicy
WebVPN
list of URLS no
identity of the user by default-domain LOCAL
the ssh LOCAL console AAA authentication
AAA authentication http LOCAL console
LOCAL AAA authorization exec
Enable http server
http 192.168.5.0 255.255.255.0 management
No snmp server location
No snmp Server contact
Server enable SNMP traps snmp authentication linkup, linkdown warmstart of cold start
Crypto ipsec pmtu aging infinite - the security association
Crypto ca trustpoint ASDM_TrustPoint5
Terminal registration
E-mail [email protected] / * /
name of the object CN = ASA
address-IP 111.222.333.444
Configure CRL
Crypto ca trustpoint ASDM_TrustPoint6
Terminal registration
domain name full vpn.domain.com
E-mail [email protected] / * /
name of the object CN = vpn.domain.com
address-IP 111.222.333.444
pair of keys sslvpn
Configure CRL
trustpool crypto ca policy
string encryption ca ASDM_TrustPoint6 certificates
Telnet timeout 5
SSH 192.168.11.0 255.255.255.0 inside
SSH timeout 30
Console timeout 0
No ipv6-vpn-addr-assign aaa
no local ipv6-vpn-addr-assign
192.168.5.2 management - dhcpd addresses 192.168.5.254
!
a basic threat threat detection
Statistics-list of access threat detection
no statistical threat detection tcp-interception
SSL-trust outside ASDM_TrustPoint6 point
WebVPN
allow outside
CSD image disk0:/csd_3.5.2008-k9.pkg
AnyConnect image disk0:/anyconnect-win-3.1.04066-k9.pkg 1
AnyConnect enable
tunnel-group-list activate
attributes of Group Policy DfltGrpPolicy
Ikev1 VPN-tunnel-Protocol l2tp ipsec without ssl-client
internal VPN_CLIENT_POLICY group policy
VPN_CLIENT_POLICY group policy attributes
WINS server no
value of server DNS 192.168.11.198
VPN - 5 concurrent connections
VPN-session-timeout 480
client ssl-VPN-tunnel-Protocol
Split-tunnel-policy tunnelspecified
value of Split-tunnel-network-list VPN_CLIENT_ACL
myComp.local value by default-field
the address value VPN_CLIENT_POOL pools
WebVPN
activate AnyConnect ssl dtls
AnyConnect Dungeon-Installer installed
AnyConnect ssl keepalive 20
time to generate a new key 30 AnyConnect ssl
AnyConnect ssl generate a new method ssl key
AnyConnect client of dpd-interval 30
dpd-interval gateway AnyConnect 30
AnyConnect dtls lzs compression
AnyConnect modules value vpngina
value of customization DfltCustomization
internal IT_POLICY group policy
IT_POLICY group policy attributes
WINS server no
value of server DNS 192.168.11.198
VPN - connections 3
VPN-session-timeout 120
Protocol-tunnel-VPN-client ssl clientless ssl
Split-tunnel-policy tunnelspecified
value of Split-tunnel-network-list VPN_CLIENT_ACL
field default value societe.com
the address value VPN_CLIENT_POOL pools
WebVPN
activate AnyConnect ssl dtls
AnyConnect Dungeon-Installer installed
AnyConnect ssl keepalive 20
AnyConnect dtls lzs compression
value of customization DfltCustomization
username vpnuser password PA$ encrypted $WORD
vpnuser username attributes
VPN-group-policy VPN_CLIENT_POLICY
type of remote access service
Username vpnuser2 password PA$ encrypted $W
username vpnuser2 attributes
type of remote access service
username admin password ADMINPA$ $ encrypted privilege 15
VPN Tunnel-group type remote access
General-attributes of VPN Tunnel-group
address VPN_CLIENT_POOL pool
Group Policy - by default-VPN_CLIENT_POLICY
VPN Tunnel-group webvpn-attributes
the aaa authentication certificate
enable VPN_to_R group-alias
type tunnel-group IT_PROFILE remote access
attributes global-tunnel-group IT_PROFILE
address VPN_CLIENT_POOL pool
Group Policy - by default-IT_POLICY
tunnel-group IT_PROFILE webvpn-attributes
the aaa authentication certificate
enable IT Group-alias
!
class-map inspection_default
match default-inspection-traffic
!
!
type of policy-card inspect dns preset_dns_map
parameters
maximum message length automatic of customer
message-length maximum 512
Policy-map global_policy
class inspection_default
inspect the preset_dns_map dns
inspect the ftp
inspect h323 h225
inspect the h323 ras
inspect the rsh
inspect the rtsp
inspect esmtp
inspect sqlnet
inspect the skinny
inspect sunrpc
inspect xdmcp
inspect the sip
inspect the netbios
inspect the tftp
Review the ip options
inspect the icmp
!
global service-policy global_policy
context of prompt hostname
no remote anonymous reporting call
: end
Hello
Here's what you'll need:
permit same-security-traffic intra-interface
VPN_CLIENT_ACL standard access list allow 192.168.12.0 255.255.255.0
destination NAT (outside, outside) SSLVPN_POOL SSLVPN_POOL SSLVPN_POOL SSLVPN_POOL static static source
Patrick
Tags: Cisco Security
Similar Questions
-
Hello!
I have a 5515 ASA with the configuration below. I have configure the ASA as remote access with anyconnect VPN server, now my problem is that I can connect but I can not ping.
ASA Version 9.1 (1)
!
ASA host name
domain xxx.xx
names of
local pool VPN_CLIENT_POOL 192.168.12.1 - 192.168.12.254 255.255.255.0 IP mask
!
interface GigabitEthernet0/0
nameif inside
security-level 100
192.168.11.1 IP address 255.255.255.0
!
interface GigabitEthernet0/1
Description Interface_to_VPN
nameif outside
security-level 0
IP 111.222.333.444 255.255.255.240
!
interface GigabitEthernet0/2
Shutdown
No nameif
no level of security
no ip address
!
interface GigabitEthernet0/3
Shutdown
No nameif
no level of security
no ip address
!
interface GigabitEthernet0/4
Shutdown
No nameif
no level of security
no ip address
!
interface GigabitEthernet0/5
Shutdown
No nameif
no level of security
no ip address
!
interface Management0/0
management only
nameif management
security-level 100
192.168.5.1 IP address 255.255.255.0
!
passive FTP mode
DNS server-group DefaultDNS
www.ww domain name
permit same-security-traffic intra-interface
the object of the LAN network
subnet 192.168.11.0 255.255.255.0
LAN description
network of the SSLVPN_POOL object
255.255.255.0 subnet 192.168.12.0
VPN_CLIENT_ACL list standard access allowed 192.168.11.0 255.255.255.0
pager lines 24
Enable logging
asdm of logging of information
Within 1500 MTU
Outside 1500 MTU
management of MTU 1500
no failover
ICMP unreachable rate-limit 1 burst-size 1
ASDM image disk0: / asdm - 711.bin
don't allow no asdm history
ARP timeout 14400
no permit-nonconnected arp
NAT (exterior, Interior) static source SSLVPN_POOL SSLVPN_POOL static destination LAN LAN
Route outside 0.0.0.0 0.0.0.0 111.222.333.443 1
Timeout xlate 03:00
Pat-xlate timeout 0:00:30
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
Floating conn timeout 0:00:00
dynamic-access-policy-registration DfltAccessPolicy
WebVPN
list of URLS no
identity of the user by default-domain LOCAL
the ssh LOCAL console AAA authentication
AAA authentication http LOCAL console
LOCAL AAA authorization exec
Enable http server
http 192.168.5.0 255.255.255.0 management
No snmp server location
No snmp Server contact
Server enable SNMP traps snmp authentication linkup, linkdown warmstart of cold start
Crypto ipsec pmtu aging infinite - the security association
Crypto ca trustpoint ASDM_TrustPoint5
Terminal registration
E-mail [email protected] / * /
name of the object CN = ASA
address-IP 111.222.333.444
Configure CRL
Crypto ca trustpoint ASDM_TrustPoint6
Terminal registration
domain name full vpn.domain.com
E-mail [email protected] / * /
name of the object CN = vpn.domain.com
address-IP 111.222.333.444
pair of keys sslvpn
Configure CRL
trustpool crypto ca policy
string encryption ca ASDM_TrustPoint6 certificates
Telnet timeout 5
SSH 192.168.11.0 255.255.255.0 inside
SSH timeout 30
Console timeout 0
No ipv6-vpn-addr-assign aaa
no local ipv6-vpn-addr-assign
192.168.5.2 management - dhcpd addresses 192.168.5.254
!
a basic threat threat detection
Statistics-list of access threat detection
no statistical threat detection tcp-interception
SSL-trust outside ASDM_TrustPoint6 point
WebVPN
allow outside
CSD image disk0:/csd_3.5.2008-k9.pkg
AnyConnect image disk0:/anyconnect-win-3.1.04066-k9.pkg 1
AnyConnect enable
tunnel-group-list activate
attributes of Group Policy DfltGrpPolicy
Ikev1 VPN-tunnel-Protocol l2tp ipsec without ssl-client
internal VPN_CLIENT_POLICY group policy
VPN_CLIENT_POLICY group policy attributes
WINS server no
value of server DNS 192.168.11.198
VPN - 5 concurrent connections
VPN-session-timeout 480
client ssl-VPN-tunnel-Protocol
Split-tunnel-policy tunnelspecified
value of Split-tunnel-network-list VPN_CLIENT_ACL
myComp.local value by default-field
the address value VPN_CLIENT_POOL pools
WebVPN
activate AnyConnect ssl dtls
AnyConnect Dungeon-Installer installed
AnyConnect ssl keepalive 20
time to generate a new key 30 AnyConnect ssl
AnyConnect ssl generate a new method ssl key
AnyConnect client of dpd-interval 30
dpd-interval gateway AnyConnect 30
AnyConnect dtls lzs compression
AnyConnect modules value vpngina
value of customization DfltCustomization
internal IT_POLICY group policy
IT_POLICY group policy attributes
WINS server no
value of server DNS 192.168.11.198
VPN - connections 3
VPN-session-timeout 120
Protocol-tunnel-VPN-client ssl clientless ssl
Split-tunnel-policy tunnelspecified
value of Split-tunnel-network-list VPN_CLIENT_ACL
field default value societe.com
the address value VPN_CLIENT_POOL pools
WebVPN
activate AnyConnect ssl dtls
AnyConnect Dungeon-Installer installed
AnyConnect ssl keepalive 20
AnyConnect dtls lzs compression
value of customization DfltCustomization
username vpnuser password PA$ encrypted $WORD
vpnuser username attributes
VPN-group-policy VPN_CLIENT_POLICY
type of remote access service
Username vpnuser2 password PA$ encrypted $W
username vpnuser2 attributes
type of remote access service
username admin password ADMINPA$ $ encrypted privilege 15
VPN Tunnel-group type remote access
General-attributes of VPN Tunnel-group
address VPN_CLIENT_POOL pool
Group Policy - by default-VPN_CLIENT_POLICY
VPN Tunnel-group webvpn-attributes
the aaa authentication certificate
enable VPN_to_R group-alias
type tunnel-group IT_PROFILE remote access
attributes global-tunnel-group IT_PROFILE
address VPN_CLIENT_POOL pool
Group Policy - by default-IT_POLICY
tunnel-group IT_PROFILE webvpn-attributes
the aaa authentication certificate
enable IT Group-alias
!
class-map inspection_default
match default-inspection-traffic
!
!
type of policy-card inspect dns preset_dns_map
parameters
maximum message length automatic of customer
message-length maximum 512
Policy-map global_policy
class inspection_default
inspect the preset_dns_map dns
inspect the ftp
inspect h323 h225
inspect the h323 ras
inspect the rsh
inspect the rtsp
inspect esmtp
inspect sqlnet
inspect the skinny
inspect sunrpc
inspect xdmcp
inspect the sip
inspect the netbios
inspect the tftp
Review the ip options
inspect the icmp
!
global service-policy global_policy
context of prompt hostname
no remote anonymous reporting call
: end
Help me please! Thank you!
Hello
Please set ACLs to allow ICMP between these two subnets (192.168.11.0 and 192.168.12.0) and check. It should ping. Let me know if it does not work.
Thank you
swap
-
We use Flash Pro CC creating animations with legends and export to html 5. We must translate the captions in other languages. How can we download translation of texts in our flash animations so we can use them in html5 using CreateJS? I use the Flash on a Mac OSX 10.10.3
Are you familiar with JavaScript?
It does not completely answer your question, but the text displayed on the screen from any language (ActionScript/CreateJS / [insert the programming language]) generally all following the same path. Each language has a file stored in some form of key = value style, named through the language and the country of your choice, for example en_US.json
Any language would allow the user to choose regional settings. The application would then grab the appropriate file and everywhere where the text is needed, the script must be using a (usually global or singleton) variable/service that can get the text of the requested key.
for example if I wanted a user to have a confirmation of dialogue who said 'are you sure?"with buttons for 'Yes' and 'No', I would have (for me), an Englishman, USA base file en_US.json with these values, for example:
en_US. JSON example:
{
'CONFIRM_YES_NO': ' are you sure?
'YES': '' Yes. ''
'NO': 'no '.
}
Then you use simply JS/AJAX to read this file. You analyze, or simply JSON decode in an object, or manually, depending on what suits your needs. When you want to display any text, you use the object (variable, maintenance, etc.) you have stored these values.
for example calling to display function confirm dialogue:
Nickname... but if you understand...
and this comes from jQuery UI (see here)
function confirmDialog() {}
$(«#dialog-confirmer»).dialog({)
Title: LocalizationObject ['CONFIRM_YES_NO'],
buttons:]
{
text: LocalizationObject ["YES"],
Click: function() {/ / do something for 'yes '.
}
{
text: LocalizationObject ["NO"],
Click: function() {/ / do something to the 'no '.
}
]
});
}
Please consider loosely. 'LocalizationObject' is a variable object or service that returns the appropriate text for the key that you provide. In this case, he provided the key 'CONFIRM_YES_NO', 'YES' and 'NO', which must be on the right answer for this key, localized.
Again, this is not a manual on how to do it via Flash Pro but it's the general conceptual way you could do it in any language. There are a variety of other ways to do it, but it's a very simple way, as long as you keep your key names at least wake up verbose. A key name such as LocalizationObject ["ABC123"] is not really tell you what the key can be referred. Also nest them contributes greatly, as LocalizationObject ["UI'] ['DIALOGUES'] ['CONFIRM'] ['YES_NO'] = ' are you sure? It just shows I nested the title of the dialog within the user interface, because it is the text that appears in the user interface rather than content. Then inside dialog boxes that may contain a variety of different dialog boxes. Then inside her CONFIRM type of dialogue. Finally, the type is a dialogue YES_NO type (as opposed to OK_CANCEL or JUST_OK, etc.). Whole set makes it easy to understand what the text of reading: UI YES_NO confirm DIALOG boxes.
I hope that from here you can see that you need to review everywhere you display text on the screen and centralize it in a sort of object (function or variable) of your choice. You must store the external language files to prevent unnecessarily load the other languages as well as an easy to modify Setup.
The rest is just using basic JavaScript.
Just be ready for the most difficult challenge. At least for me. The size of the text in several languages is very different, and in some cases requires the loading of special fonts. This can make layout in a very difficult dynamic environment. Always thinking all text how big or small can be in any particular and plan field on this size more and shrink so that to handle this situation correctly.
-
I want to create a 2 cells in demand for numbers, the 1st cell is a dropdown menu with items of text, when choosing an item, that it would be represented by a numeric value in the other cell. How can I do?
You can use vlookup() like this:
(1) crate a table like this:
the first line is a heading row
the first column contains the same list of items in the context menu
the second column contains the corresponding values
name of the table 'value '.
In another table (where the pop-up menu), you can use the table of choice of 'Value' like this:
create a drop-down list in cell B1
Select cell C1 and type (or copy and paste) the formula:
= VLOOKUP (B1, Value::A:B, 2, 0)
short hand for this is:
C1 = VLOOKUP (B1, Value::A:B, 2, 0)
now change the pop-up to display the value in the change of cell C1
-
When I try to run Windows Update I have the 'Internet Exporer cannot display the webpage'. How can I fix it? I have Windows XP
Thanks for the help. Discovered that my security on the tools setting was set to medium-high heat. Passed to way according to the instructions of the active-x and now able to access Windows updates.
-
I formatted and reinstalled xp to correct some problems and my multimedia audio and video vga drivers were lost. I do not have a CD with info and the Add Hardware Wizard cannot find the drivers. How can I fix it?
You may be able to download the drivers from the web site of the manufacturer of the computer.
-
My taskbar is suddenly vertically on the right side of my screen instead of at the bottom. (default) Ive tried to bring it back to its original spot by clicking and now an empty space, but cannot get a reaction. How can I get that back to the default?
Right-click on the taskbar and make sure the taskbar are not locked. Then move it using the left mouse button. Microsoft® Security MVP, 2004-2009
-
How can we get the details of the traffic for the spaces for example, users access report by space (for all users), DB tables can be used to get information, such as for example: users who have logged in - never
You can use analytics. WebCenter Analytics comes with a number of events out-of-the-box for which it brings together measures which are very useful.
You can check in the WebCenter Analytics database schema. WebCenter Analytics Dashboards are present in the scheme of ACTIVITIES and are modeled in the form of a star schema.
The schema includes 2 types of tables. FACTS analytical tables are used to store instances of specific events. For each event, a specific FACT table is present, for example for page views, the views of space, connections and so on. These tables contain a timestamp for the moment, that the event is occurred and integer ID these descriptive reference data stored in DIMENSION tables.
DIMENSION tables contain descriptive information about the entities associated with events. Size examples are pages, applications, groupspaces, users and so on.
See the details of the table all the under http://docs.oracle.com/cd/E23943_01/webcenter.1111/e10148/jpsdg_app_aschema.htm#JPSDG10767
If you want to custom event.that track, as you can get. see this blog entry
Quobell technology - portal WebCenter: WebCenter Analytics: define and save custom events
-
Original title: multiple monitors
I'm trying to connect two monitors and one using the hdmi port and the other vga. How can I get the pc to recognize the two?
Hi David,
Thanks for posting your query on the Microsoft Community.
I suggest you refer to the Microsoft Help Articles below and try the steps mentioned.
Check out the link:
http://Windows.Microsoft.com/en-in/Windows-8/how-connect-multiple-monitors#1TC=T1
You can also check:
http://Windows.Microsoft.com/en-in/Windows-8/get-best-display-monitor
Hope this information helps. Please let us know if you need any other help with Windows in the future. We will be happy to help you.
-
We have an important customer who said they don't want their employees who receive emails from marketing except a specific list of their management team. Also, we do not want the employees of our customers who decide to opt-in to receive emails from our registration page if they use their work email address.
How can I allow only a specific list of employees (management team) to receive marketing emails, but exclude all others in the same company?
One way is to create a list of sharing, "company A does not include." Build a program in the program generator with a charger that looks for the domain "company A". Place a filter in the program on a decision rule with the emails to management teams; If they are in the filter (that is, they are on the management team), remove them program, if they are not (that is, they are not the management team), add them to the list of sharing "excludes company A. Then you can add the list of sharing "Company A excludes" as an exclusion on your segments or implement a model that they will automatically as an exclusion.
They oppose all non management team emails? If they are, as an extra precaution, you could add the "exclude company A" to master exclusion list.
-
I lost my photoshop elements 8 with windows after a problem with my computer. I have my serial number, but cannot use my cd. How can I download this version?
Download & install instructions https://forums.adobe.com/thread/2003339 can help
-includes a link to access a page to download the Adobe programs if you do not have a disk or drive
Also go to https://forums.adobe.com/community/creative_cloud/creative_cloud_faq
-
Hi, the last time adobe take money september18. I always locked up photoshop and other applications. How can I pay myself? Sorry for my English
You can renew or restart a membership that has expired. Please refer to: survivor or restart your Creative Cloud membership.
Guinot
-
My module 'Library' suddenly disappeared and I cannot access my images. How can I find my files if there is no button 'library '?
You have just inadvertently hidden.
Modules and billboards / masking is a little known feature of Lightroom, which seems to put the fear of God into unsuspecting newbies who are not aware of the feature.
Right-click (CTRL click on Mac) on the Module names and restore the checkmark to the library.
-
W/AnyConnect on ASA IP phones. Cannot call other remote phones
I have a CUCM BEING environment with a number of remote users with 8961 phones connect to an ASA via AnyConnect 5501. Phones register very well and can make inbound/outbound calls as well as four-digit dialing to other users of the site of the company.
The problem is when a remote user attempts to four digits to dial another phone remotely. The called phone rings but there is dead air answered once and then the line goes dead.
This looks like a problem with routing for me. Can someone point me in the right direction to get the AnyConnect customer to be able to communicate with each other?
I have attached the config for the SAA.
Thank you!
Use your favorite search engine and look for "trafficking in the interface of the security" start with.
Sent by Cisco Support technique iPad App
-
Cisco ASA 5505 VPN L2TP cannot access the internal network
Hello
I'm trying to configure Cisco VPN L2TP to my office. After a successful login, I can't access the internal network.
Can you jhelp me to find the problem?
I have Cisco ASA:
within the network - 192.168.1.0
VPN - 192.168.168.0 network
I have the router to 192.168.1.2 and I cannot ping or access this router.
Here is my config:
ASA Version 8.4 (3)
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan1
nameif inside
security-level 100
IP 192.168.1.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
IP 198.X.X.A 255.255.255.248
!
passive FTP mode
permit same-security-traffic intra-interface
the net-all purpose network
subnet 0.0.0.0 0.0.0.0
network vpn_local object
192.168.168.0 subnet 255.255.255.0
network inside_nw object
subnet 192.168.1.0 255.255.255.0
outside_access_in list extended access permit icmp any any echo response
outside_access_in list extended access deny ip any any newspaper
pager lines 24
Enable logging
asdm of logging of information
Within 1500 MTU
Outside 1500 MTU
IP local pool sales_addresses 192.168.168.1 - 192.168.168.254
ICMP unreachable rate-limit 1 burst-size 1
don't allow no asdm history
ARP timeout 14400
NAT dynamic interface of net-all source (indoor, outdoor)
NAT (inside, outside) source inside_nw destination inside_nw static static vpn_local vpn_local
NAT (exterior, Interior) source vpn_local destination vpn_local static static inside_nw inside_nw-route search
!
network vpn_local object
dynamic NAT interface (outdoors, outdoor)
network inside_nw object
NAT dynamic interface (indoor, outdoor)
Access-group outside_access_in in interface outside
Route outside 0.0.0.0 0.0.0.0 198.X.X.B 1
Timeout xlate 03:00
Pat-xlate timeout 0:00:30
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
Floating conn timeout 0:00:00
dynamic-access-policy-registration DfltAccessPolicy
identity of the user by default-domain LOCAL
AAA authentication enable LOCAL console
the ssh LOCAL console AAA authentication
AAA authentication http LOCAL console
Enable http server
http 192.168.1.0 255.255.255.0 inside
No snmp server location
No snmp Server contact
Server enable SNMP traps snmp authentication linkup, linkdown warmstart of cold start
IKEv1 crypto ipsec transform-set my-transform-set-ikev1 esp-3des esp-sha-hmac
transport in transform-set my-transform-set-ikev1 ikev1 crypto ipsec mode
Crypto-map Dynamics dyno 10 set transform-set my-transformation-set-ikev1 ikev1
card crypto 20-isakmp ipsec vpn Dynamics dyno
vpn outside crypto map interface
Crypto isakmp nat-traversal 3600
Crypto ikev1 allow outside
IKEv1 crypto policy 10
preshared authentication
3des encryption
sha hash
Group 2
life 86400
Telnet timeout 5
SSH 192.168.1.0 255.255.255.0 inside
SSH timeout 30
Console timeout 0
management-access inside
dhcpd address 192.168.1.5 - 192.168.1.132 inside
dhcpd dns 75.75.75.75 76.76.76.76 interface inside
dhcpd allow inside
!
a basic threat threat detection
Statistics-list of access threat detection
no statistical threat detection tcp-interception
WebVPN
internal sales_policy group policy
attributes of the strategy of group sales_policy
Server DNS 75.75.75.75 value 76.76.76.76
Protocol-tunnel-VPN l2tp ipsec
user name-
user name-
attributes global-tunnel-group DefaultRAGroup
address sales_addresses pool
Group Policy - by default-sales_policy
IPSec-attributes tunnel-group DefaultRAGroup
IKEv1 pre-shared-key *.
tunnel-group DefaultRAGroup ppp-attributes
ms-chap-v2 authentication
!
class-map inspection_default
match default-inspection-traffic
!
!
type of policy-card inspect dns preset_dns_map
parameters
maximum message length automatic of customer
message-length maximum 512
Policy-map global_policy
class inspection_default
inspect the preset_dns_map dns
inspect the ftp
inspect h323 h225
inspect the h323 ras
inspect the rsh
inspect the rtsp
inspect esmtp
inspect sqlnet
inspect the skinny
inspect sunrpc
inspect xdmcp
inspect the sip
inspect the netbios
inspect the tftp
Review the ip options
!
global service-policy global_policy
context of prompt hostname
no remote anonymous reporting call
Cryptochecksum:5d1fc9409c87ecdc1e06f06980de6c13
: end
Thanks for your help.
You must test with 'real' traffic on 192.168.1.2 and if you use ping, you must add icmp-inspection:
Policy-map global_policy
class inspection_default
inspect the icmp
--
Don't stop once you have upgraded your network! Improve the world by lending money to low-income workers:
http://www.Kiva.org/invitedBy/karsteni
Maybe you are looking for
-
My Satellite A215-S7422 don't dΘmarre
I have the laptop since yesterday and it won't start. I turn it on, but the system don't swich on I can't do anything with this olny if I remove the battery. What do I do?
-
computer pc laptop pavilion g4-2202tx windows 7driver download
my pc is pavilion g4-2202TX windows 8 os .This is not supported for my business software because I change windows8 os to windows 7 .so please give me drivers windows 7
-
On request a laptop Dell ' 01 is able to shut down the system "Hibernate"?
11/04/2012; At said Dell Lattitude running Windows XP. Which method array or specific Hub must this operating agency run, allowing this unit to "Hibernate" (stop) of routine? If this equipment is not 'Standby' within its ' functor or the ability to b
-
How do I synce my family photo'sfile on my hard drive of exeternal with a file of the same name on a usb flashdisc
-
Status bar is missing from the taskbar.
Original title: I use to have a button on my task bar that would allow me to increase or decrease the size of the window I look at one percent. How can I get that back? Before that I had to install a new hard drive, I had a button on my task bar tha