established - VPN connection, but cannot connect to the server?
vpn connection AnyConnect is implemented - but cannot connect to the server? The server IP is 192.168.0.4
Thank you
ASA Version 8.2 (1)
!
hostname ciscoasa5505
names of
!
interface Vlan1
nameif inside
security-level 100
IP 192.168.0.3 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
IP 208.0.0.162 255.255.255.248
!
interface Vlan5
Shutdown
prior to interface Vlan1
nameif dmz
security-level 50
IP address dhcp setroute
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
passive FTP mode
clock timezone PST - 8
clock summer-time recurring PDT
DNS lookup field inside
DNS server-group DefaultDNS
192.168.0.4 server name
Server name 208.0.0.11
permit same-security-traffic intra-interface
object-group Protocol TCPUDP
object-protocol udp
object-tcp protocol
object-group service TS-780-tcp - udp
port-object eq 780
object-group service Graphon tcp - udp
port-object eq 491
Allworx-2088 udp service object-group
port-object eq 2088
object-group service allworx-15000 udp
15000 15511 object-port Beach
object-group service udp allworx-2088
port-object eq 2088
object-group service allworx-5060 udp
port-object eq sip
object-group service allworx-8081 tcp
EQ port 8081 object
object-group service web-allworx tcp
EQ object of port 8080
allworx udp service object-group
16001 16010 object-port Beach
object-group service allworx-udp
object-port range 16384-16393
object-group service remote tcp - udp
port-object eq 779
object-group service billing1 tcp - udp
EQ object of port 8080
object-group service billing-1521 tcp - udp
port-object eq 1521
object-group service billing-6233 tcp - udp
6233 6234 object-port Beach
object-group service billing2-3389 tcp - udp
EQ port 3389 object
object-group service olivia-3389 tcp - udp
EQ port 3389 object
object-group service olivia-777-tcp - udp
port-object eq 777
netgroup group of objects
network-object host 192.168.0.15
network-object host 192.168.0.4
object-group service allworx1 tcp - udp
8080 description
EQ object of port 8080
allworx_15000 udp service object-group
15000 15511 object-port Beach
allworx_16384 udp service object-group
object-port range 16384-16393
DM_INLINE_UDP_1 udp service object-group
purpose of group allworx_16384
object-port range 16384 16403
object-group service allworx-5061 udp
range of object-port 5061 5062
object-group service ananit tcp - udp
port-object eq 880
outside_access_in list extended access allowed object-group TCPUDP any host 208.0.0.164 object-group billing-6233
outside_access_in list extended access allowed object-group TCPUDP any host 208.0.0.164 object-group billing-1521
outside_access_in list extended access allowed object-group TCPUDP any host 208.0.0.164 object-group billing2-3389
outside_access_in list extended access permit tcp any host 208.0.0.164 eq https
outside_access_in list extended access permit tcp any host 208.0.0.164 eq www
outside_access_in list extended access permit tcp any host 208.0.0.164 eq ftp
outside_access_in list extended access allowed object-group TCPUDP any host 208.0.0.164 object-group billing1
outside_access_in list extended access allowed object-group TCPUDP any host 208.0.0.162 EQ field
outside_access_in list extended access permit tcp any host 208.0.0.162 eq www
outside_access_in list extended access allowed object-group TCPUDP any host 208.0.0.162 remote object-group
outside_access_in list extended access permit tcp any host 208.0.0.162 eq smtp
outside_access_in list extended access allowed object-group TCPUDP any host 208.0.0.162 object-group olivia-777
outside_access_in list extended access permit udp any host 208.0.0.162 - group Allworx-2088 idle object
outside_access_in list extended access permit udp any host 208.0.0.162 object-group inactive allworx-5060
outside_access_in list extended access permit tcp any host 208.0.0.162 object-group web-allworx inactive
outside_access_in list extended access permit tcp any host 208.0.0.162 object-group inactive allworx-8081
outside_access_in list extended access permit udp any host 208.0.0.162 object-group inactive allworx-15000
outside_access_in list extended access permit udp any host 208.0.0.162 DM_INLINE_UDP_1 idle object-group
outside_access_in list extended access permit udp any host 208.0.0.162 object-group inactive allworx-5061
outside_access_in list extended access allowed object-group TCPUDP any host 208.0.0.162 inactive ananit object-group
outside_access_in list extended access deny ip host 151.1.68.194 208.0.0.164
permit access ip 192.168.0.0 scope list inside_nat0_outbound 255.255.255.0 172.16.0.0 255.255.0.0
permit access ip 192.168.0.0 scope list inside_nat0_outbound 255.255.255.0 192.168.1.0 255.255.255.0
permit access ip 192.168.0.0 scope list outside_20_cryptomap 255.255.255.0 172.16.0.0 255.255.0.0
Ping list extended access permit icmp any any echo response
inside_access_in of access allowed any ip an extended list
permit access ip 192.168.0.0 scope list outside_cryptomap 255.255.255.0 192.168.1.0 255.255.255.0
access-list 1 standard allow 192.168.0.0 255.255.255.0
pager lines 24
Enable logging
logging buffered stored notifications
asdm of logging of information
Within 1500 MTU
Outside 1500 MTU
MTU 1500 dmz
IP local pool 192.168.100.30 - 192.168.100.60 mask 255.255.255.0 remote_pool
192.168.0.20 mask - distance local pool 255.255.255.0 IP 192.168.0.50
ICMP unreachable rate-limit 1 burst-size 1
don't allow no asdm history
ARP timeout 14400
Global 1 interface (outside)
NAT (inside) 0-list of access inside_nat0_outbound
NAT (inside) 1 0.0.0.0 0.0.0.0
NAT (outside) 1 192.168.0.0 255.255.255.0
alias (inside) 192.168.0.4 99.63.129.65 255.255.255.255
public static tcp (indoor, outdoor) interface 192.168.0.4 smtp smtp netmask 255.255.255.255
public static tcp (indoor, outdoor) interface field 192.168.0.4 netmask 255.255.255.255 area
public static tcp (indoor, outdoor) interface 192.168.0.4 www www netmask 255.255.255.255
public static tcp (indoor, outdoor) interface 777 192.168.0.15 777 netmask 255.255.255.255
public static tcp (indoor, outdoor) interface 779 192.168.0.4 779 netmask 255.255.255.255
public static (inside, outside) udp interface field 192.168.0.4 netmask 255.255.255.255 area
public static tcp (indoor, outdoor) interface 880 192.168.0.16 880 netmask 255.255.255.255
static (inside, outside) 208.0.0.164 tcp 3389 192.168.0.185 3389 netmask 255.255.255.255
inside_access_in access to the interface inside group
Access-group outside_access_in in interface outside
Route outside 0.0.0.0 0.0.0.0 208.0.0.161 1
Route inside 192.168.50.0 255.255.255.0 192.168.0.1 1
Timeout xlate 03:00
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-registration DfltAccessPolicy
Enable http server
http 192.168.0.0 255.255.255.0 inside
http 192.168.0.3 255.255.255.255 inside
No snmp server location
No snmp Server contact
Server enable SNMP traps snmp authentication linkup, linkdown cold start
Sysopt noproxyarp inside
Crypto ipsec transform-set ESP-AES-128-SHA aes - esp esp-sha-hmac
Crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
Crypto ipsec transform-set ESP-DES-MD5 esp - esp-md5-hmac
Crypto ipsec transform-set ESP-AES-256-SHA 256 - aes - esp esp-sha-hmac
Crypto ipsec transform-set ESP-AES-128-MD5-esp - aes esp-md5-hmac
Crypto ipsec transform-set ESP-DES-SHA esp - esp-sha-hmac
Crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
Crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
Crypto ipsec transform-set ESP-3DES-MD5-esp-3des esp-md5-hmac
Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac
life crypto ipsec security association seconds 28800
Crypto ipsec kilobytes of life - safety 4608000 association
card crypto outside_map 1 match address outside_cryptomap
card crypto outside_map 1 set pfs
peer set card crypto outside_map 1 108.0.0.97
card crypto outside_map 1 set of transformation-ESP-3DES-SHA
card crypto outside_map 20 match address outside_20_cryptomap
card crypto outside_map 20 set pfs
peer set card crypto outside_map 20 69.0.0.54
outside_map crypto 20 card value transform-set ESP-3DES-SHA
outside_map interface card crypto outside
crypto ISAKMP allow outside
crypto ISAKMP policy 5
preshared authentication
3des encryption
sha hash
Group 2
life no
crypto ISAKMP policy 30
preshared authentication
3des encryption
sha hash
Group 1
life no
Telnet timeout 5
SSH timeout 5
Console timeout 0
identifying client DHCP-client interface dmz
dhcpd outside auto_config
!
dhcpd address 192.168.0.20 - 192.168.0.50 inside
dhcpd dns 192.168.0.4 208.0.0.11 interface inside
dhcpd allow inside
!
a basic threat threat detection
Statistics-list of access threat detection
no statistical threat detection tcp-interception
WebVPN
allow outside
SVC disk0:/anyconnect-win-2.5.2014-k9.pkg 1 image
enable SVC
tunnel-group-list activate
attributes of Group Policy DfltGrpPolicy
internal group anyconnect strategy
attributes of the strategy group anyconnect
VPN-tunnel-Protocol svc webvpn
WebVPN
list of URLS no
SVC request enable
encrypted olivia Zta1M8bCsJst9NAs password username
username of graciela CdnZ0hm9o72q6Ddj encrypted password
tunnel-group 69.0.0.54 type ipsec-l2l
IPSec-attributes tunnel-group 69.0.0.54
pre-shared-key *.
tunnel-group 108.0.0.97 type ipsec-l2l
IPSec-attributes tunnel-group 108.0.0.97
pre-shared-key *.
tunnel-group anyconnect type remote access
tunnel-group anyconnect General attributes
remote address pool
strategy-group-by default anyconnect
tunnel-group anyconnect webvpn-attributes
Group-alias anyconnect enable
!
Global class-card class
match default-inspection-traffic
!
!
World-Policy policy-map
Global category
inspect the icmp
!
service-policy-international policy global
: end
ASDM location 208.0.0.164 255.255.255.255 inside
ASDM location 192.168.0.15 255.255.255.255 inside
ASDM location 192.168.50.0 255.255.255.0 inside
ASDM location 192.168.1.0 255.255.255.0 inside
don't allow no asdm history
Right now your nat 0 (NAT exemption) follows the access list:
permit access ip 192.168.0.0 scope list inside_nat0_outbound 255.255.255.0 172.16.0.0 255.255.0.0
permit access ip 192.168.0.0 scope list inside_nat0_outbound 255.255.255.0 192.168.1.0 255.255.255.0
Traffic back from your server to 192.168.0.4 in the pool of VPN (192.168.0.20 - 50) not correspond to this access list and thus be NATted. The TCP connection will not develop due to the failure of the Reverse Path Forwarding (RPF) - traffic is asymmetric NATted.
Then try to add an entry to the list of access as:
permit access ip 192.168.0.0 scope list inside_nat0_outbound 255.255.255.0 192.168.0.0 255.255.255.0
It's a bit paradoxical but necessary that your VPN pool is cut out in your interior space network. You could also do like André offers below and use a separate network, but you would still have to add an access list entry to exempt outgoing NAT traffic.
Tags: Cisco Security
Similar Questions
-
Safari Version 6.1.6 (7537.78.2) fails to open certain websites. "Safari cannot establish a connection to the server.
-
Hi I have a mcbook pro loaded with OSX X Yosemite 10.10.3. For some time on safari and firefox I can access https sites only and get an error message "Unable to connect", then then specifically line "Firefox can't establish a connection to the server www.seek.co.nz.
On the same network, I have an iMac OSX X Yosemite 10.10.5 running and can access http sites that my laptop will not. I compared the network settings and they are identical, I disabled the extension and erased the caches, but always without success. Any siggestions?
Hello. Take a look at this article, maybe this will help you. OS X Yosemite: If you can't connect to the Internet
-
Error when you try to import
WARNING: Unable to update the preferences of the user
Cannot establish a connection with the server of history. Service could be down. Please try again later.
Can you please try again? Please let us know if you still experience this issue.
-
localhost "mozilla firefox can't establish a connection to the server localhost:33331.
I get this error message when I try to open the site near word on localhost "mozilla firefox can't establish a connection to the server localhost:33331.
I installed wordpress on my computer using Microsoft Web Platform Installer. Downloaded wordpress set up with the name admin and PW. was able to connect market very well. Started to build the site. Next day when I rebooted the computer, I tried to connect using my credentials and can't. Help please.
Hello
Have you tried using another browser?
See this thread.
https://support.Mozilla.org/en-us/questions/1011967
Need more help, contact Firefox Support
-
I can't seem to access the websites that I usually like facebook, my banking online, itunes and even my netflix using Firefox. I get this message "Firefox can't establish a connection to the server." What this means and how can I fix. It's something that I can fix on my own or I have to bring my laptop to the computer repair people?
Hi AngieBismarck,
1. What is your default browser?
2 are you able to access Web sites using Internet Explorer?
You can check if you can access Web sites using IE.
If you encounter this problem only with Mozilla Firefox, you can check the link Firefox support at the address following:
You can also get in touch with Mozilla to get help on this issue:
Hope this information is useful.
-
Establish a connection with the server
Hello
Read the docs and came across two ways to establish a connection with the server of a customer.
' (1) easy login:-sqlplus hr@\"//mymachine.mydomain:port/MYDB\.
(2) name of network service:-sqlplus hr@MYDB.
While establishing a connection to a server, we use sql * net services (if not jdbc or odbc), which should be present at the server end and the customer. So what is the fundamental difference between the mechanisms of above two connections?
Thank you and best regards,
Saidi.See http://www.orafaq.com/wiki/EZCONNECT.
The difference is described in the first line.
----------
Sybrand Bakker
Senior Oracle DBA -
Safari cannot establish a connection to the server
I have try this site to opoen: https://www.infragrad org I get this error msg
Safari cannot establish a connection to 'www.infragard.org '.
all other web browsers work with this site no message.
Certificates? or what else?
IM using worm 6.2.8 in Mt lion
If Safari says cant Safari't establish a secure connection
https://support.Apple.com/en-us/HT204937
You have antivirus software installed?
If so, uninstall it.
-
This seems to be a fairly common problem, or variations of it. When I reinstall (repair) VMware Server (2.0.1), it corrects the problem. As soon as I reboot, I get the error once again and can no longer connect via the web access.
I don't have McAfee SecurityCenter to Comcast, and I'm trying to understand if there is a firewall issue. What makes no sense at all, it is this issue has occurred only recently, and I used VM for several months with several guests and almost no problems (through multiple reboots).
What are the most common reason for this problem?
Thank you.
I had the same problem, started the 'VMware VSS Writer' Service and set it to automatic.
Works now.
-
I can establish an internet connection via internet explore using a router at home, but whenever I try to connect using firefox, it said that it is impossible to connect.
One possible cause is security software (firewall) that blocks or limits Firefox without you informing on this subject, possibly after the detection of changes (update) for the Firefox program.
Delete all rules for Firefox in the list of permissions in the firewall and leave your firewall again ask permission to get full unlimited access to the internet for Firefox and the plugin-container.
See Server not found - the problems of connection and Configure the firewall so that Firefox can access the Internet and http://kb.mozillazine.org/Firewalls
-
This happened not long ago and used a restore point from an earlier date that solved the problem. That did not work this time.
One possible cause is security software (firewall) that blocks or limits Firefox or plugin-container process without informing you, possibly after the detection of changes (update) for the Firefox program.
Delete all rules for Firefox in the list of permissions in the firewall and leave your firewall again ask permission to get full unlimited access to the internet for Firefox and the plugin-container and the update process.
See:
-
Cannot move to the start page of Mozilla. Any site or search I run, I get a message that Mozilla can not establish a connection with the server.
See this support article - difficulty of problems connecting to websites after Firefox update
-
Error: could not connect to the server DAW!
HelloI just installed and created new repository for DAC but server DAC failled to start with error dialogbox to the client "error: could not establish a connection to the server DAW! I don't see the newspaper. I tried the modified online dac port still isn't working. Please notify. Thank you.
DAC server started after the update the hostname in the client configuration page.
-
VPN could not establish a connection to the security gateway
My VPN connection worked, but now after several hours I can not connect.
My LAN works. (Windows Server 2003)
The app:
Cisco Systems VPN Client
The error message:
Opening TCP to 209.189.224.138, port 10000...
Communicating with the gateway to 209.189.224.138...
Cannot establish a connection to the security gateway.
What could be the problem?
Thank you
Greg
Hi greg,.
on the properties of tunnel-> transport mode, click ipsec over UDP and try to connect... I think that, from now on, you connect via TCP 10000.
Concerning
REDA
-
Recently, I started out of the blue to get this message when I try to connect to an FTP of Dreamweaver. I have CC was last updated. I have like 50 sites, more on different servers and none of them will connect. So I don't know, it can't be a server problem. Yesterday, everything was fine. I made no change what so ever. I uninstalled Dreamweaver and reinstalled him and I get the same thing. It is not the site for 30 seconds and then exhale. As soon as I hit the button to connect as 1 second later, I get this error. I have reset all modems and routers, etc. I can't find anything online about this specific problem. I'm at my wits end. I have projects due, but cannot connect. It's Thanksgiving and trying to solve this problem instead of spending time with the family. Any help would be much appreciated.
"An FTP error occurred - cannot establish a connection to the host." Internal data error. Unable to send data from network. »
Nope, that is not the case, I have disabled this service and now it works fine!
He was not the firewall, but the update 25-nov2014 of Norton Protection against vulnerabilities. ! Norton is the note and fix it for the next update in the coming days...I have
Maybe you are looking for
-
Issue of ultra endurance with some settings Mode
Hey all,. Just got my z3c a few days ago, and I love so far. I noticed something weird with USM, however. I was turn on at night when I go to bed so I lose only a small amount of battery life, but the next day all my preferences seem to have been res
-
Original title: all my programs have become more associated with their shortcuts in my windows start. All my programs became most associated with their shortcuts. If I click on anything whatsoever on my desk, a window appears: "this file has no progr
-
Re: Wireless connection will not work on my HP M1217NFW
Hello I have the same problem as above. I use Mac OS X, so I can't use HP Print and Scan doctor. I followed the instructions at http://support.hp.com/us-en/document/c02680484 All is well until the next step: Mac OS X > Wireless network > First option
-
How do I do this in Adobe Muse?
I am designing a new layout for my site and I would like to embed videos or YouTube, Vimeo. or embedded directly in my Web site. I wish I could have the video thumbnails on the left scroll vertically very much and I would like to also power click o
-
Bridge thumbnails not made more for the .nef files after update
Bridge is no longer renders miniature .nef files when they are found on the camera's removable storage.The caching cache size, increased already cleared, lit prefer the images inlaid... no results.