Information recorded

Similar Questions

• calendar information record

  I have an ipad that contains a ton of information to the calendar.  I may have to send my iPad hitting the battery changed and do not want to lose all of the calendar information.  I know I can synchronize contacts information, but do not know how to save calendar information.  Please notify.

  Hello

  To save calendar information in an iPad, I suggest you to contact the Apple support. They will be able to provide better assistance.

  Here is the link: http://www.apple.com/support/ipad/

• Where is Geo Locaiton preferences saved site?

  I work for a library, and we have a custom profile for our audience when using Firefox. We have a set homepage link that asks the user to share their location. I want to know what file is that the information recorded on so I can set the preference of location geo homepage in advance.

  All these Site preferences are stored in the database permissions.sqlite file in the Firefox profile folder.

  • http://KB.mozillazine.org/Profile_folder_-_Firefox

  You can control and manage permissions for the domain in the tab currently selected through these steps:

  • Click the address bar onthe Site identity button"(globe/lock)
  • Click on 'More information' to open ' tools > Page Info "with the Security tab is selected
  • Go to the permissions tab (Tools > Page Info > permissions) to inspect the permissions for the domain currently selected tab

• After that update to Firefox 3.6.13 saved passwords no longer work

  Prior to the update to names of users and passwords saved 3.6.13 worked as it should (these fields are automatically filled). Now after installing 2.6.13 over the connection information recorded will be fill not entering into the web site. I can go into tools, options, security, passwords registered and all are still listed, but do not work. I have deleted a few thought Firefox would then ask to save the login data for the same site, but it's not. I tried to go back to my previous version of 3.5.16 passwords saved bur no longer works it is.

  It seems as if Firefox does not see the saved info.

  • Make sure that you do not run Firefox in private - browsing using Firefox without saving the story mode (permanent).
  • You enter private browsing mode, if you select: Tools > Options > privacy > History: Firefox will be: "don't forget the story ever.
  • To view the history settings and cookies, choose: Tools > Options > privacy, choose the setting Firefox will: use the custom settings for the story of
  • Uncheck the box: [] "automatically start Firefox in a private browsing session.

• SMU-4304 causing the ripple on the input signal?

  I have an SMU-1082 chassis that contains a high-6341 and a PXI-4304 module.  To check my code, I have connected the analog input (channel 0) of the 4304 to the digital output (PFI 12) of the 6341.  My program VI shows a ripple of Vpp 0.2 on the analog input that I'm not using a scope.

  The wiring is SMU-6341 [12 PFI, DGND]-> SCB - 68 a,--> TB-4304 [AI0 +, -]-> SMU-4304

  I have attached photos of the verses reach the graphical VI.  The scope is the AI0 + AI0-terminals and the TB-4304.

  Y at - it a supplement on the ground that I should use, or is - this normal for the-4304 to add the ripple?

  Thank you

  Ron

  Short answer, is that there is nothing wrong with what you see.

  You have connected a digital output signal low impedance to a digitizer analog high input impedance. Since a digital signal is essentially a square of variable in time wave and square wave have edges of transition that contain information of very high frequency, you will almost always see a form of "ripple" (see animation synthesis of fourier of a signal square from this Wikipedia page ). Thus, a digital output signal is more concerned with the synchronization and the upgrade to be a square wave perfect.

  In addition, you can see additional "ripple" because of differences between the SMU-4304 and the noculars that you have demonstrated. the noculars can be a combination of a bandwidth of upper entrance (which can come from various sources like low sampling frequency on the 4304 which would result in a higher frequency of information recorded by the noculars for smoother transitions to research) and, possibly, a lower input impedance (causing less, if any, the reflection of signal which would cause the ringing of the signal).

• Permanent deletion

  Hi guys

  I'm about to upgrade my laptop. Once I transferred my data to the new one I want to make sure that the data on my laptop 32 bit existing are completely cleaned the HARD drive and includes business and financial information. I was told that if I run a program like CCleaner and then perform a defrag which should be enough to prevent anyone ever call to any other data.

  Is this correct or is it to do?

  Kind regards

  Graham

  If you plan to sell or give your old laptop to someone, the first thing you need to decide is if you want to have an operating system (e.g., Windows) and any application or if you are ready to sell everything naked.

  If you don't require that the laptop have an operating system, the best way to proceed (short of physically remove the disk and keep it or destroy it physically) is to use Darik Boot and Nuke (DBAN).  You download an ISO file, use a program such as ImgBurn to create a bootable CD, the laptop with the boot CD that you created when DBAN is running, so effectively erases and replaces everything on the disc.

  If you want the laptop to be functional, you can not use DBAN unless you have the installation media to install Windows and everything you want to have on the laptop.  Unfortunately, most people don't have the Windows installation media - and DBAN will wipe away any hidden restore partition, so you can't count on that.

  Besides using Ccleaner in his usual fashion, you will also need to search and delete all the data files you do not want to leave behind, and then use the function 'clear clear' CCleaner to make sure these 'deleted' files cannot be easily resumed.  Even in this case, there could be personal information recorded in places you don't expect, including in the Windows registry.  All depends on how paranoid you are.

  For a little more on this subject, see the discussion here--> http://www.wilderssecurity.com/showthread.php?t=300890

  If I were you, I would choose one of the following 3 options:

  • wipe the drive with DBAN and rid you of the laptop with no operating system or anything else installed
  • wipe the drive with DBAN and reinstall Windows
  • Remove the disc, keep it to use as a backup drive or archive (in a 2.5 "external enclosure) and has the laptop without any hard disk

• When an employee leaves, how do you rename the computer?

  I have a working computer that has a name of employee, who is no longer with the company. How to change the strings of computer and leader whose name reflects the current user? When one currently saved files, it shows the author as the old person. Help! (no thanks, no real computer savvy)

  You always use the old profile to the previous employee or did you create a new profile for the new person who hired you?  You can change the information "recorded in ' in the register but which will not necessarily change things if your new employee still uses the old profile that most applications get the HKCU registry key information.

  Create a new profile for the new user, and then search the register for his previous name, everywhere where it is change it to function.

  John

• Time stamp on outgoing emails

  I'm on Windows Home Premium 64-bit and Microsoft Office Home and Student 2007.  I use Windows Mail for e-mail.  The date and time on my computer are correct, but when I send emails the stamp date on my emails is off by 2 1/2 hours.  I don't know how to solve this problem.  Help, please.  Thank you.

  Hi Michele R,

  Welcome to the Microsoft community newsgroups. I suggest you follow the steps below;

  Step 1: Set the time zone and time server computer.

  (I) click on the clock in the taskbar.

  (II) click on adjust Date/time.

  (III) click on the button to change time zone

  (IV) to change the time zone to the correct for your area and click OK

  (V) click on the time tab Internet and then click on change settings.

  (VI) click on automatically synchronize with a time server Internet, select a time server, and then click OK.

  For more information, see this Microsoft Help & how-to - link: set the clock. I would also say to you who want to change the display of dates, times, currencies and measures and change the country or region setting

  Step 2: Make sure that you set the correct time zone in the Webmail email account.

  In Hotmail, click Options > More Options > view and modify your personal information > recorded information and specify the time zone correct.

  Other than Hotmail e-mail services have similar profile settings, privacy settings or user account. No matter what service you use, the time zone must be set properly for your email to be time stamped correctly.

  If the problem persists it may be because of mail time server is / are placed incorrectly. In this case, you will need to take a look on the headers of messages in order to determine if this is the case. If it is established that the mail server is configured incorrectly, you must contact the owner of the mail server to correctly set it up.

  Let me know if it works. Good luck!

  Hope this information is useful.

  Thank you and best regards,

  KKS Vijay

  [If this post can help solve your problem, please click the 'Mark as answer' or 'Useful' at the top of this message.] [Marking a post as answer, or relatively useful, you help others find the answer more quickly.]

• the PC went to sleep automatically

  Dear friends,

  We use Beckhoff IPC with WIN7 in our device. But these days, the IPC went to bed without any manual operation. I activated the Option to and found sleep layout are all disabled:

  

  Then I checked the system event log and found the following information:

  

  I would like to know if "Button" means that the power button on the IPC and the "cover" means that the screen of the laptop? What an ICC and there is no cover and no one touched the power button when the IPC fell asleep. What should I check/do next?

  Any suggestion will be so appreciated! Thank you.

  Hi Ruth,.

  Thanks for your help.

  I want to answer your questions first:

  1. what happens if you disable sleep mode?

  Martin: The windows user interface login will appear if I move the mouse or press a key on the keyboard.

  2. did you of recent changes to the computer?
  Martin: No, the customer won't use it for the purpose of production. They have no change on the computer.

  3. What is the number of brand and model of the desktop computer?

  Martin: The PC is Beckhoff IPC(Industrial PC) and module C6930-0040

  I followed your instructions to check the display driver and found nothing abnormal. Then I downloaded the driver on the manufacturing site and reinstalled. Unfortunately, the black screen again and the same log information recorded in the system event log.

  I checked the log information of the events system with care and thought here 'Button' referred to as maybe two things:

  1 power button on the IPC Cabinet

  2 power/sleep keyboard key

  So, I checked the power button on the IPC first and found nothing abnormal. Then I took the keyboard and he shook vigorously... Ahhhh... black screen has arrived!

  I changed a whole new keyboard and mouse and I will keep my eyes open on the IPC status running in the following days.

  Thank you very much! Good day!

• Cisco ASA 5505 VPN Site to Site

  Hi all

  First post on the forums. I have worked with Cisco ASA 5505 for a few months and I recently bought a 2nd ASA to implement tunnel VPN Site to Site. It seems so simple in the number of videos watched on the internet. But when I did he surprise it did work for me... I've removed the tunnels, a number of times and tried to recreate. I use the VPN Wizard in the SMA to create the tunnel. Both the asa 5505 of are and have the same firmware even etc..

  I'd appreciate any help that can be directed to this problem please.  Slowly losing my mind

  Please see details below:

  Two ADMS are 7.1

  IOS

  ASA 1

  Nadia

  :

  ASA Version 9.0 (1)

  !

  hostname PAYBACK

  activate the encrypted password of HSMurh79NVmatjY0

  volatile xlate deny tcp any4 any4

  volatile xlate deny tcp any4 any6

  volatile xlate deny tcp any6 any4

  volatile xlate deny tcp any6 any6

  volatile xlate deny udp any4 any4 eq field

  volatile xlate deny udp any4 any6 eq field

  volatile xlate deny udp any6 any4 eq field

  volatile xlate deny udp any6 any6 eq field

  2KFQnbNIdI.2KYOU encrypted passwd

  names of

  local pool VPN1 192.168.50.1 - 192.168.50.254 255.255.255.0 IP mask

  !

  interface Ethernet0/0

  switchport access vlan 2

  Speed 100

  full duplex

  !

  interface Ethernet0/1

  link Trunk Description of SW1

  switchport trunk allowed vlan 1,10,20,30,40

  switchport trunk vlan 1 native

  switchport mode trunk

  !

  interface Ethernet0/2

  !

  interface Ethernet0/3

  !

  interface Ethernet0/4

  !

  interface Ethernet0/5

  !

  interface Ethernet0/6

  !

  interface Ethernet0/7

  !

  interface Vlan1

  No nameif

  no level of security

  no ip address

  !

  interface Vlan2

  nameif outside

  security-level 0

  IP 92.51.193.158 255.255.255.252

  !

  interface Vlan10

  nameif inside

  security-level 100

  IP 192.168.10.1 255.255.255.0

  !

  interface Vlan20

  nameif servers

  security-level 100

  address 192.168.20.1 255.255.255.0

  !

  Vlan30 interface

  nameif printers

  security-level 100

  192.168.30.1 IP address 255.255.255.0

  !

  interface Vlan40

  nameif wireless

  security-level 100

  192.168.40.1 IP address 255.255.255.0

  !

  connection line banner welcome to the Payback loyalty systems

  boot system Disk0: / asa901 - k8.bin

  passive FTP mode

  summer time clock GMT/IDT recurring last Sun Mar 01:00 last Sun Oct 02:00

  DNS domain-lookup outside

  DNS lookup field inside

  domain-lookup DNS servers

  DNS lookup domain printers

  DNS domain-lookup wireless

  DNS server-group DefaultDNS

  Server name 83.147.160.2

  Server name 83.147.160.130

  permit same-security-traffic inter-interface

  network obj_any object

  subnet 0.0.0.0 0.0.0.0

  ftp_server network object

  network of the Internal_Report_Server object

  Home 192.168.20.21

  Description address internal automated report server

  network of the Report_Server object

  Home 89.234.126.9

  Description of server automated reports

  service object RDP

  service destination tcp 3389 eq

  Description RDP to the server

  network of the Host_QA_Server object

  Home 89.234.126.10

  Description QA host external address

  network of the Internal_Host_QA object

  Home 192.168.20.22

  host of computer virtual Description for QA

  network of the Internal_QA_Web_Server object

  Home 192.168.20.23

  Description Web Server in the QA environment

  network of the Web_Server_QA_VM object

  Home 89.234.126.11

  Server Web Description in the QA environment

  service object SQL_Server

  destination eq 1433 tcp service

  network of the Demo_Server object

  Home 89.234.126.12

  Description server set up for the product demo

  network of the Internal_Demo_Server object

  Home 192.168.20.24

  Internal description of the demo server IP address

  network of the NETWORK_OBJ_192.168.20.0_24 object

  subnet 192.168.20.0 255.255.255.0

  network of the NETWORK_OBJ_192.168.50.0_26 object

  255.255.255.192 subnet 192.168.50.0

  network of the NETWORK_OBJ_192.168.0.0_16 object

  Subnet 192.168.0.0 255.255.0.0

  service object MSSQL

  destination eq 1434 tcp service

  MSSQL port description

  VPN network object

  192.168.50.0 subnet 255.255.255.0

  network of the NETWORK_OBJ_192.168.50.0_24 object

  192.168.50.0 subnet 255.255.255.0

  service object TS

  tcp destination eq 4400 service

  service of the TS_Return object

  tcp source eq 4400 service

  network of the External_QA_3 object

  Home 89.234.126.13

  network of the Internal_QA_3 object

  Home 192.168.20.25

  network of the Dev_WebServer object

  Home 192.168.20.27

  network of the External_Dev_Web object

  Home 89.234.126.14

  network of the CIX_Subnet object

  255.255.255.0 subnet 192.168.100.0

  network of the NETWORK_OBJ_192.168.10.0_24 object

  192.168.10.0 subnet 255.255.255.0

  network of the NETWORK_OBJ_84.39.233.50 object

  Home 84.39.233.50

  network of the NETWORK_OBJ_92.51.193.158 object

  Home 92.51.193.158

  network of the NETWORK_OBJ_192.168.100.0_24 object

  255.255.255.0 subnet 192.168.100.0

  network of the NETWORK_OBJ_192.168.1.0_24 object

  subnet 192.168.1.0 255.255.255.0

  object-group service DM_INLINE_SERVICE_1

  the tcp destination eq ftp service object

  the purpose of the tcp destination eq netbios-ssn service

  the purpose of the tcp destination eq smtp service

  service-object TS

  the Payback_Internal object-group network

  object-network 192.168.10.0 255.255.255.0

  object-network 192.168.20.0 255.255.255.0

  object-network 192.168.40.0 255.255.255.0

  object-group service DM_INLINE_SERVICE_3

  the purpose of the service tcp destination eq www

  the purpose of the tcp destination eq https service

  service-object TS

  service-object, object TS_Return

  object-group service DM_INLINE_SERVICE_4

  service-object RDP

  the purpose of the service tcp destination eq www

  the purpose of the tcp destination eq https service

  object-group service DM_INLINE_SERVICE_5

  purpose purpose of the MSSQL service

  service-object RDP

  service-object TS

  object-group Protocol TCPUDP

  object-protocol udp

  object-tcp protocol

  object-group service DM_INLINE_SERVICE_6

  service-object TS

  service-object, object TS_Return

  the purpose of the service tcp destination eq www

  the purpose of the tcp destination eq https service

  Note to outside_access_in to access list that this rule allows Internet the interal server.

  Notice on the outside_access_in of the access-list allowed:

  Comment from outside_access_in-list of FTP access

  Comment from outside_access_in-RDP access list

  Comment from outside_access_in-list of SMTP access

  Note to outside_access_in to access list Net Bios

  Comment from outside_access_in-SQL access list

  Comment from outside_access_in-list to access TS - 4400

  outside_access_in list extended access allowed object object-group DM_INLINE_SERVICE_1 any4 Internal_Report_Server

  access host access-list outside_access_in note rule internal QA

  Notice on the outside_access_in of the access-list allowed:

  Comment from outside_access_in-HTTP access list

  Comment from outside_access_in-RDP access list

  outside_access_in list extended access permitted tcp any4 object Internal_Host_QA eq www

  Notice on the outside_access_in of the access-list access to the internal Web server:

  Notice on the outside_access_in of the access-list allowed:

  Comment from outside_access_in-HTTP access list

  Comment from outside_access_in-RDP access list

  outside_access_in list extended access allowed object object-group DM_INLINE_SERVICE_3 any4 Internal_QA_Web_Server

  Note to outside_access_in to access list rule allowing access to the demo server

  Notice on the outside_access_in of the access-list allowed:

  Comment from outside_access_in-RDP access list

  Comment from outside_access_in-list to access MSSQL

  outside_access_in list extended access allowed object object-group DM_INLINE_SERVICE_4 any4 Internal_Demo_Server

  outside_access_in list extended access allowed object-group DM_INLINE_SERVICE_5 any object Internal_QA_3

  Note to outside_access_in access to the development Web server access list

  outside_access_in list extended access allowed object-group DM_INLINE_SERVICE_6 any object Dev_WebServer

  AnyConnect_Client_Local_Print deny any4 any4 ip extended access list

  AnyConnect_Client_Local_Print list extended access permitted tcp any4 any4 eq lpd

  Note AnyConnect_Client_Local_Print of access list IPP: Internet Printing Protocol

  AnyConnect_Client_Local_Print list extended access permitted tcp any4 any4 eq 631

  print the access-list AnyConnect_Client_Local_Print Note Windows port

  AnyConnect_Client_Local_Print list extended access permitted tcp any4 any4 eq 9100

  access-list AnyConnect_Client_Local_Print mDNS Note: multicast DNS protocol

  AnyConnect_Client_Local_Print list extended access permit udp host 224.0.0.251 any4 eq 5353

  AnyConnect_Client_Local_Print of access list LLMNR Note: link Local Multicast Name Resolution protocol

  AnyConnect_Client_Local_Print list extended access permit udp host 224.0.0.252 any4 eq 5355

  Note access list TCP/NetBIOS protocol AnyConnect_Client_Local_Print

  AnyConnect_Client_Local_Print list extended access permitted tcp any4 any4 EQ. 137

  AnyConnect_Client_Local_Print list extended access permitted udp any4 any4 eq netbios-ns

  Payback_VPN_splitTunnelAcl list standard access allowed 192.168.20.0 255.255.255.0

  permit outside_cryptomap to access extended list ip 192.168.10.0 255.255.255.0 192.168.100.0 255.255.255.0

  pager lines 24

  Enable logging

  information recording console

  asdm of logging of information

  address record

  [email protected] / * /.

  the journaling recipient

  [email protected] / * /.

  level alerts

  Outside 1500 MTU

  Within 1500 MTU

  MTU 1500 servers

  MTU 1500 printers

  MTU 1500 wireless

  no failover

  ICMP unreachable rate-limit 1 burst-size 1

  ASDM image disk0: / asdm-711 - 52.bin

  don't allow no asdm history

  ARP timeout 14400

  no permit-nonconnected arp

  NAT (inside, outside) source Dynamics one interface

  NAT (wireless, outdoors) source Dynamics one interface

  NAT (servers, outside) no matter what source dynamic interface

  NAT (servers, external) static source Internal_Report_Server Report_Server

  NAT (servers, external) static source Internal_Host_QA Host_QA_Server

  NAT (servers, external) static source Internal_QA_Web_Server Web_Server_QA_VM

  NAT (servers, external) static source Internal_Demo_Server Demo_Server

  NAT (servers, external) static source NETWORK_OBJ_192.168.20.0_24 NETWORK_OBJ_192.168.20.0_24 NETWORK_OBJ_192.168.50.0_24 NETWORK_OBJ_192.168.50.0_24 non-proxy-arp-search of route static destination

  NAT (servers, external) static source Internal_QA_3 External_QA_3

  NAT (servers, external) static source Dev_WebServer External_Dev_Web

  NAT (inside, outside) static source NETWORK_OBJ_192.168.10.0_24 NETWORK_OBJ_192.168.10.0_24 NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_192.168.1.0_24 non-proxy-arp-search of route static destination

  NAT (inside, outside) static source NETWORK_OBJ_192.168.10.0_24 NETWORK_OBJ_192.168.10.0_24 NETWORK_OBJ_192.168.100.0_24 NETWORK_OBJ_192.168.100.0_24 non-proxy-arp-search of route static destination

  Access-group outside_access_in in interface outside

  Route outside 0.0.0.0 0.0.0.0 92.51.193.157 1

  Timeout xlate 03:00

  Pat-xlate timeout 0:00:30

  Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

  Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00

  Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00

  Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

  timeout tcp-proxy-reassembly 0:01:00

  Floating conn timeout 0:00:00

  dynamic-access-policy-registration DfltAccessPolicy

  identity of the user by default-domain LOCAL
  the ssh LOCAL console AAA authentication
  Enable http server
  http 192.168.10.0 255.255.255.0 inside
  http 192.168.40.0 255.255.255.0 wireless
  No snmp server location
  No snmp Server contact
  Server enable SNMP traps snmp authentication linkup, linkdown cold start
  Crypto ipsec transform-set ikev1 ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
  Crypto ipsec transform-set ikev1 ESP-DES-SHA esp - esp-sha-hmac
  Crypto ipsec transform-set ikev1 esp ESP-DES-MD5-esp-md5-hmac
  Crypto ipsec transform-set ikev1 ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
  Crypto ipsec transform-set ikev1 ESP-3DES-MD5-esp-3des esp-md5-hmac
  Crypto ipsec transform-set ikev1 ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
  Crypto ipsec transform-set ikev1 ESP-AES-128-SHA aes - esp esp-sha-hmac
  Crypto ipsec transform-set ikev1 ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
  Crypto ipsec transform-set ikev1 ESP-AES-128-MD5-esp - aes esp-md5-hmac
  Crypto ipsec transform-set ikev1 SHA-ESP-3DES esp-3des esp-sha-hmac
  Crypto ipsec transform-set ikev1 ESP-AES-128-SHA-TRANS-aes - esp esp-sha-hmac
  Crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transit
  Crypto ipsec transform-set ikev1 ESP-AES-128-MD5-TRANS-aes - esp esp-md5-hmac
  Crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transit
  Crypto ipsec transform-set ikev1 ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
  Crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transit
  Crypto ipsec transform-set ikev1 ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac
  Crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transit
  Crypto ipsec transform-set ikev1 ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
  Crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transit
  Crypto ipsec transform-set ikev1 ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac
  Crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transit
  Crypto ipsec transform-set ikev1 ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
  Crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transit
  Crypto ipsec transform-set ikev1 ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac
  Crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transit
  Crypto ipsec transform-set ikev1 ESP-DES-SHA-TRANS esp - esp-sha-hmac
  Crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transit
  Crypto ipsec transform-set ikev1 ESP-DES-MD5-TRANS esp - esp-md5-hmac
  Crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transit
  Crypto ipsec ikev2 AES256 ipsec-proposal
  Protocol esp encryption aes-256
  Esp integrity sha - 1, md5 Protocol
  Crypto ipsec ikev2 ipsec-proposal AES192
  Protocol esp encryption aes-192
  Esp integrity sha - 1, md5 Protocol
  Crypto ipsec ikev2 ipsec-proposal AES
  Esp aes encryption protocol
  Esp integrity sha - 1, md5 Protocol
  Crypto ipsec ikev2 proposal ipsec 3DES
  Esp 3des encryption protocol
  Esp integrity sha - 1, md5 Protocol
  Crypto ipsec ikev2 ipsec-proposal OF
  encryption protocol esp
  Esp integrity sha - 1, md5 Protocol
  Crypto ipsec pmtu aging infinite - the security association
  card crypto outside_map 1 match address outside_cryptomap
  card crypto outside_map 1 set pfs
  peer set card crypto outside_map 1 84.39.233.50
  card crypto outside_map 1 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA MD5-ESP-3DES ESP-DES-SHA ESP-DES-MD5
  outside_map card crypto 1 set ikev2 AES256 AES192 AES 3DES ipsec-proposal OF
  outside_map interface card crypto outside
  trustpool crypto ca policy
  IKEv2 crypto policy 1
  aes-256 encryption
  integrity sha
  Group 5
  FRP sha
  second life 86400
  IKEv2 crypto policy 10
  aes-192 encryption
  integrity sha
  Group 5
  FRP sha
  second life 86400
  IKEv2 crypto policy 20
  aes encryption
  integrity sha
  Group 5
  FRP sha
  second life 86400
  IKEv2 crypto policy 30
  3des encryption
  integrity sha
  Group 5
  FRP sha
  second life 86400
  IKEv2 crypto policy 40
  the Encryption
  integrity sha
  Group 5
  FRP sha
  second life 86400
  Crypto ikev2 activate out of service the customer port 443
  Crypto ikev1 allow outside
  IKEv1 crypto policy 10
  preshared authentication
  3des encryption
  sha hash
  Group 2
  life 86400
  Telnet timeout 5
  SSH 77.75.100.208 255.255.255.240 outside
  SSH 192.168.10.0 255.255.255.0 inside
  SSH 192.168.40.0 255.255.255.0 wireless
  SSH timeout 5
  Console timeout 0

  dhcpd 192.168.0.1 dns
  dhcpd outside auto_config
  !
  dhcpd address 192.168.10.21 - 192.168.10.240 inside
  dhcpd dns 192.168.20.21 83.147.160.2 interface inside
  paybackloyalty.com dhcpd option 15 inside ascii interface
  dhcpd allow inside
  !
  dhcpd address 192.168.40.21 - 192.168.40.240 Wireless
  dhcpd dns 192.168.20.21 83.147.160.2 wireless interface
  dhcpd update dns of the wireless interface
  dhcpd option 15 ascii paybackloyalty.com wireless interface
  dhcpd activate wireless
  !
  a basic threat threat detection
  Statistics-list of access threat detection
  no statistical threat detection tcp-interception
  internal Payback_VPN group strategy
  attributes of Group Policy Payback_VPN
  VPN - 10 concurrent connections
  Ikev1 VPN-tunnel-Protocol
  Split-tunnel-policy tunnelspecified
  value of Split-tunnel-network-list Payback_VPN_splitTunnelAcl
  attributes of Group Policy DfltGrpPolicy
  value of 83.147.160.2 DNS server 83.147.160.130
  VPN-tunnel-Protocol ikev1, ikev2 clientless ssl
  internal GroupPolicy_84.39.233.50 group strategy
  attributes of Group Policy GroupPolicy_84.39.233.50
  VPN-tunnel-Protocol ikev1, ikev2
  Noelle XB/IpvYaATP.2QYm username encrypted password
  Noelle username attributes
  VPN-group-policy Payback_VPN
  type of remote access service
  username Éanna encrypted password privilege 0 vXILR9ZZQIsd1Naw
  Éanna attributes username
  VPN-group-policy Payback_VPN
  type of remote access service
  Michael qpbleUqUEchRrgQX of encrypted password username
  user name Michael attributes
  VPN-group-policy Payback_VPN
  type of remote access service
  username, password from Danny .7fEXdzESUk6S/cC encrypted privilege 0
  user name Danny attributes
  VPN-group-policy Payback_VPN
  type of remote access service
  Aileen tytrelqvV5VRX2pz encrypted password privilege 0 username
  user name Aileen attributes
  VPN-group-policy Payback_VPN
  type of remote access service
  Aidan aDu6YH0V5XaxpEPg encrypted password privilege 0 username
  Aidan username attributes
  VPN-group-policy Payback_VPN
  type of remote access service
  username password 6e6Djaz3W/XH59zX gordon encrypted privilege 15
  shane.c iqGMoWOnfO6YKXbw encrypted password username
  username shane.c attributes
  VPN-group-policy Payback_VPN
  type of remote access service
  Shane uYePLcrFadO9pBZx of encrypted password username
  user name Shane attributes
  VPN-group-policy Payback_VPN
  type of remote access service
  username, encrypted James TdYPv1pvld/hPM0d password
  user name James attributes
  VPN-group-policy Payback_VPN
  type of remote access service
  Mark yruxpddqfyNb.qFn of encrypted password username
  user name brand attributes
  type of service admin
  username password of Mary XND5FTEiyu1L1zFD encrypted
  user name Mary attributes
  VPN-group-policy Payback_VPN
  type of remote access service
  Massimo vs65MMo4rM0l4rVu encrypted password privilege 0 username
  Massimo username attributes
  VPN-group-policy Payback_VPN
  type of remote access service
  type tunnel-group Payback_VPN remote access
  attributes global-tunnel-group Payback_VPN
  VPN1 address pool
  Group Policy - by default-Payback_VPN
  IPSec-attributes tunnel-group Payback_VPN
  IKEv1 pre-shared-key *.
  tunnel-group 84.39.233.50 type ipsec-l2l
  tunnel-group 84.39.233.50 General-attributes
  Group - default policy - GroupPolicy_84.39.233.50
  IPSec-attributes tunnel-group 84.39.233.50
  IKEv1 pre-shared-key *.
  remote control-IKEv2 pre-shared-key authentication *.
  pre-shared-key authentication local IKEv2 *.
  !
  Global class-card class
  match default-inspection-traffic
  !
  !
  World-Policy policy-map
  Global category
  inspect the dns
  inspect the ftp
  inspect h323 h225
  inspect the h323 ras
  Review the ip options
  inspect the netbios
  inspect the pptp
  inspect the rsh
  inspect the rtsp
  inspect the sip
  inspect the snmp
  inspect sqlnet
  inspect sunrpc
  inspect the tftp
  inspect xdmcp
  inspect the icmp error
  inspect the icmp
  !
  service-policy-international policy global
  192.168.20.21 SMTP server
  context of prompt hostname
  no remote anonymous reporting call
  call-home
  Profile of CiscoTAC-1
  no active account
  http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address
  email address of destination [email protected] / * /
  destination-mode http transport
  Subscribe to alert-group diagnosis
  Subscribe to alert-group environment
  Subscribe to alert-group monthly periodic inventory
  monthly periodicals to subscribe to alert-group configuration
  daily periodic subscribe to alert-group telemetry
  Cryptochecksum:d06974501eb0327a5ed229c8445f4fe1

  ASA 2

  ASA Version 9.0 (1)

  !

  Payback-CIX hostname

  activate the encrypted password of HSMurh79NVmatjY0

  2KFQnbNIdI.2KYOU encrypted passwd

  names of

  !

  interface Ethernet0/0

  switchport access vlan 2

  Speed 100

  full duplex

  !

  interface Ethernet0/1

  Description this port connects to the local network VIRTUAL 100

  switchport access vlan 100

  !

  interface Ethernet0/2

  !

  interface Ethernet0/3

  switchport access vlan 100

  !

  interface Ethernet0/4

  switchport access vlan 100

  !

  interface Ethernet0/5

  switchport access vlan 100

  !

  interface Ethernet0/6

  switchport access vlan 100

  !

  interface Ethernet0/7

  switchport access vlan 100

  !

  interface Vlan2

  nameif outside

  security-level 0

  IP 84.39.233.50 255.255.255.240

  !

  interface Vlan100

  nameif inside

  security-level 100

  IP 192.168.100.1 address 255.255.255.0

  !

  banner welcome to Payback loyalty - CIX connection line

  passive FTP mode

  summer time clock gmt/idt recurring last Sun Mar 01:00 last Sun Oct 02:00

  DNS domain-lookup outside

  DNS lookup field inside

  DNS server-group defaultDNS

  Name-Server 8.8.8.8

  Server name 8.8.4.4

  permit same-security-traffic inter-interface

  network obj_any object

  subnet 0.0.0.0 0.0.0.0

  network of the host-CIX-1 object

  host 192.168.100.2

  Description This is the VM server host machine

  network object host-External_CIX-1

  Home 84.39.233.51

  Description This is the external IP address of the server the server VM host

  service object RDP

  source between 1-65535 destination eq 3389 tcp service

  network of the Payback_Office object

  Home 92.51.193.158

  service object MSQL

  destination eq 1433 tcp service

  network of the Development_OLTP object

  Home 192.168.100.10

  Description for Eiresoft VM

  network of the External_Development_OLTP object

  Home 84.39.233.52

  Description This is the external IP address for the virtual machine for Eiresoft

  network of the Eiresoft object

  Home 146.66.160.70

  Contractor s/n description

  network of the External_TMC_Web object

  Home 84.39.233.53

  Description Public address to the TMC Web server

  network of the TMC_Webserver object

  Home 192.168.100.19

  Internal description address TMC Webserver

  network of the External_TMC_OLTP object

  Home 84.39.233.54

  External targets OLTP IP description

  network of the TMC_OLTP object

  Home 192.168.100.18

  description of the interal target IP address

  network of the External_OLTP_Failover object

  Home 84.39.233.55

  IP failover of the OLTP Public description

  network of the OLTP_Failover object

  Home 192.168.100.60

  Server failover OLTP description

  network of the servers object

  subnet 192.168.20.0 255.255.255.0

  being Wired network

  192.168.10.0 subnet 255.255.255.0

  the subject wireless network

  192.168.40.0 subnet 255.255.255.0

  network of the NETWORK_OBJ_192.168.100.0_24 object

  255.255.255.0 subnet 192.168.100.0

  network of the NETWORK_OBJ_192.168.10.0_24 object

  192.168.10.0 subnet 255.255.255.0

  network of the Eiresoft_2nd object

  Home 137.117.217.29

  Description 2nd Eiresoft IP

  network of the Dev_Test_Webserver object

  Home 192.168.100.12

  Description address internal to the Test Server Web Dev

  network of the External_Dev_Test_Webserver object

  Home 84.39.233.56

  Description This is the PB Dev Test Webserver

  network of the NETWORK_OBJ_192.168.1.0_24 object

  subnet 192.168.1.0 255.255.255.0

  object-group service DM_INLINE_SERVICE_1

  service-object MSQL

  service-object RDP

  object-group service DM_INLINE_SERVICE_2

  service-object MSQL

  service-object RDP

  object-group service DM_INLINE_SERVICE_3

  service-object MSQL

  service-object RDP

  object-group service DM_INLINE_SERVICE_4

  service-object MSQL

  service-object RDP

  the tcp destination eq ftp service object

  object-group service DM_INLINE_SERVICE_5

  service-object MSQL

  service-object RDP

  the tcp destination eq ftp service object

  object-group service DM_INLINE_SERVICE_6

  service-object MSQL

  service-object RDP

  the Payback_Intrernal object-group network

  object-network servers

  Wired network-object

  wireless network object

  object-group service DM_INLINE_SERVICE_7

  service-object MSQL

  service-object RDP

  object-group service DM_INLINE_SERVICE_8

  service-object MSQL

  service-object RDP

  object-group service DM_INLINE_SERVICE_9

  service-object MSQL

  service-object RDP

  object-group service DM_INLINE_SERVICE_10

  service-object MSQL

  service-object RDP

  the tcp destination eq ftp service object

  object-group service DM_INLINE_SERVICE_11

  service-object RDP

  the tcp destination eq ftp service object

  outside_access_in list extended access allow object-group DM_INLINE_SERVICE_1 object Payback_Office object CIX-host-1

  Note to access list OLTP Development Office of recovery outside_access_in

  outside_access_in list extended access allow DM_INLINE_SERVICE_2 object Payback_Office object Development_OLTP object-group

  Comment from outside_access_in-access Eiresoft access list

  outside_access_in list extended access allow DM_INLINE_SERVICE_3 object Eiresoft object Development_OLTP object-group

  outside_access_in list extended access allow DM_INLINE_SERVICE_4 object Payback_Office object TMC_Webserver object-group

  Note to outside_access_in access to OLTP for target recovery Office Access list

  outside_access_in list extended access allow DM_INLINE_SERVICE_5 object Payback_Office object TMC_OLTP object-group

  outside_access_in list extended access allow DM_INLINE_SERVICE_6 object Payback_Office object OLTP_Failover object-group

  Note to outside_access_in access-list that's allowing access of the Eiresoft on the failover OLTP server

  outside_access_in list extended access allow DM_INLINE_SERVICE_7 object Eiresoft object OLTP_Failover object-group

  Comment from outside_access_in-access list access for the 2nd period of INVESTIGATION of Eiresoft

  outside_access_in list extended access allow DM_INLINE_SERVICE_8 object Eiresoft_2nd object Development_OLTP object-group

  Note to outside_access_in access from the 2nd IP Eiresoft access list

  outside_access_in list extended access allow DM_INLINE_SERVICE_9 object Eiresoft_2nd object OLTP_Failover object-group

  outside_access_in list extended access allow DM_INLINE_SERVICE_10 object Payback_Office object Dev_Test_Webserver object-group

  outside_access_in list extended access allow DM_INLINE_SERVICE_11 object Payback_Office object External_TMC_OLTP object-group

  outside_cryptomap to access extended list ip 192.168.100.0 allow 255.255.255.0 192.168.10.0 255.255.255.0

  pager lines 24

  Enable logging

  asdm of logging of information

  Outside 1500 MTU

  Within 1500 MTU

  ICMP unreachable rate-limit 1 burst-size 1

  don't allow no asdm history

  ARP timeout 14400

  no permit-nonconnected arp

  NAT (inside, outside) source Dynamics one interface

  NAT (inside, outside) static source CIX-host-1 External_CIX-host-1

  NAT (inside, outside) static source Development_OLTP External_Development_OLTP

  NAT (inside, outside) static source TMC_Webserver External_TMC_Web

  NAT (inside, outside) static source TMC_OLTP External_TMC_OLTP

  NAT (inside, outside) static source OLTP_Failover External_OLTP_Failover

  NAT (inside, outside) static source Dev_Test_Webserver External_Dev_Test_Webserver

  NAT (inside, outside) static source NETWORK_OBJ_192.168.100.0_24 NETWORK_OBJ_192.168.100.0_24 NETWORK_OBJ_192.168.10.0_24 NETWORK_OBJ_192.168.10.0_24 non-proxy-arp-search of route static destination

  NAT (inside, outside) static source NETWORK_OBJ_192.168.100.0_24 NETWORK_OBJ_192.168.100.0_24 NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_192.168.1.0_24 non-proxy-arp-search of route static destination

  Access-group outside_access_in in interface outside

  Route outside 0.0.0.0 0.0.0.0 84.39.233.49 1

  Timeout xlate 03:00

  Pat-xlate timeout 0:00:30

  Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

  Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00

  Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00

  Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

  timeout tcp-proxy-reassembly 0:01:00

  Floating conn timeout 0:00:00

  dynamic-access-policy-registration DfltAccessPolicy

  identity of the user by default-domain LOCAL

  the ssh LOCAL console AAA authentication

  Enable http server

  http 92.51.193.156 255.255.255.252 outside

  No snmp server location

  No snmp Server contact

  Server enable SNMP traps snmp authentication linkup, linkdown warmstart of cold start

  Crypto ipsec transform-set ikev1 ESP-AES-128-SHA aes - esp esp-sha-hmac

  Crypto ipsec transform-set ikev1 ESP-AES-128-MD5-esp - aes esp-md5-hmac

  Crypto ipsec transform-set ikev1 ESP-AES-192-SHA esp-aes-192 esp-sha-hmac

  Crypto ipsec transform-set ikev1 ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac

  Crypto ipsec transform-set ikev1 ESP-AES-256-SHA esp-aes-256 esp-sha-hmac

  Crypto ipsec transform-set ikev1 ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac

  Crypto ipsec transform-set ikev1 ESP-AES-128-SHA-TRANS-aes - esp esp-sha-hmac

  Crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transit

  Crypto ipsec transform-set ikev1 ESP-AES-128-MD5-TRANS-aes - esp esp-md5-hmac

  Crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transit

  Crypto ipsec transform-set ikev1 ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac

  Crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transit

  Crypto ipsec transform-set ikev1 ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac

  Crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transit

  Crypto ipsec transform-set ikev1 ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac

  Crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transit

  Crypto ipsec transform-set ikev1 ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac

  Crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transit

  Crypto ipsec transform-set ikev1 SHA-ESP-3DES esp-3des esp-sha-hmac

  Crypto ipsec transform-set ikev1 ESP-3DES-MD5-esp-3des esp-md5-hmac

  Crypto ipsec transform-set ikev1 ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac

  Crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transit

  Crypto ipsec transform-set ikev1 ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac

  Crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transit

  Crypto ipsec transform-set ikev1 ESP-DES-SHA esp - esp-sha-hmac

  Crypto ipsec transform-set ikev1 esp ESP-DES-MD5-esp-md5-hmac

  Crypto ipsec transform-set ikev1 ESP-DES-SHA-TRANS esp - esp-sha-hmac

  Crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transit

  Crypto ipsec transform-set ikev1 ESP-DES-MD5-TRANS esp - esp-md5-hmac

  Crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transit

  Crypto ipsec ikev2 ipsec-proposal OF

  encryption protocol esp
  Esp integrity sha - 1, md5 Protocol
  Crypto ipsec ikev2 proposal ipsec 3DES
  Esp 3des encryption protocol
  Esp integrity sha - 1, md5 Protocol
  Crypto ipsec ikev2 ipsec-proposal AES
  Esp aes encryption protocol
  Esp integrity sha - 1, md5 Protocol
  Crypto ipsec ikev2 ipsec-proposal AES192
  Protocol esp encryption aes-192
  Esp integrity sha - 1, md5 Protocol
  Crypto ipsec ikev2 AES256 ipsec-proposal
  Protocol esp encryption aes-256
  Esp integrity sha - 1, md5 Protocol
  Crypto ipsec pmtu aging infinite - the security association
  card crypto outside_map 1 match address outside_cryptomap
  card crypto outside_map 1 set pfs
  peer set card crypto outside_map 1 92.51.193.158
  card crypto outside_map 1 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA MD5-ESP-3DES ESP-DES-SHA ESP-DES-MD5
  outside_map card crypto 1jeu ikev2 AES AES192 AES256 3DES ipsec-proposal
  outside_map interface card crypto outside
  trustpool crypto ca policy
  IKEv2 crypto policy 1
  aes-256 encryption
  integrity sha
  Group 2 of 5
  FRP sha
  second life 86400
  IKEv2 crypto policy 10
  aes-192 encryption
  integrity sha
  Group 2 of 5
  FRP sha
  second life 86400
  IKEv2 crypto policy 20
  aes encryption
  integrity sha
  Group 2 of 5
  FRP sha
  second life 86400
  IKEv2 crypto policy 30
  3des encryption
  integrity sha
  Group 2 of 5
  FRP sha
  second life 86400
  IKEv2 crypto policy 40
  the Encryption
  integrity sha
  Group 2 of 5
  FRP sha
  second life 86400
  Crypto ikev2 allow outside
  Crypto ikev1 allow outside
  IKEv1 crypto policy 10
  authentication crack
  aes-256 encryption
  sha hash
  Group 2
  life 86400
  IKEv1 crypto policy 20
  authentication rsa - sig
  aes-256 encryption
  sha hash
  Group 2
  life 86400
  IKEv1 crypto policy 30
  preshared authentication
  aes-256 encryption
  sha hash
  Group 2
  life 86400
  IKEv1 crypto policy 40
  authentication crack
  aes-192 encryption
  sha hash
  Group 2
  life 86400
  IKEv1 crypto policy 50
  authentication rsa - sig
  aes-192 encryption
  sha hash
  Group 2
  life 86400
  IKEv1 crypto policy 60
  preshared authentication
  aes-192 encryption
  sha hash
  Group 2
  life 86400
  IKEv1 crypto policy 70
  authentication crack
  aes encryption
  sha hash
  Group 2
  life 86400
  IKEv1 crypto policy 80
  authentication rsa - sig
  aes encryption
  sha hash
  Group 2
  life 86400
  IKEv1 crypto policy 90
  preshared authentication
  aes encryption
  sha hash
  Group 2
  life 86400
  IKEv1 crypto policy 100
  authentication crack
  3des encryption
  sha hash
  Group 2
  life 86400
  IKEv1 crypto policy 110
  authentication rsa - sig
  3des encryption
  sha hash
  Group 2
  life 86400
  IKEv1 crypto policy 120
  preshared authentication
  3des encryption
  sha hash
  Group 2
  life 86400
  IKEv1 crypto policy 130
  authentication crack
  the Encryption
  sha hash
  Group 2
  life 86400
  IKEv1 crypto policy 140
  authentication rsa - sig
  the Encryption
  sha hash
  Group 2
  life 86400
  IKEv1 crypto policy 150
  preshared authentication
  the Encryption
  sha hash
  Group 2
  life 86400
  Telnet timeout 5
  SSH 77.75.100.208 255.255.255.240 outside
  SSH 92.51.193.156 255.255.255.252 outside
  SSH timeout 5
  Console timeout 0

  dhcpd outside auto_config
  !
  a basic threat threat detection
  Statistics-list of access threat detection
  no statistical threat detection tcp-interception
  internal GroupPolicy_92.51.193.158 group strategy
  attributes of Group Policy GroupPolicy_92.51.193.158
  VPN-tunnel-Protocol ikev1, ikev2
  username password 6e6Djaz3W/XH59zX gordon encrypted privilege 15
  tunnel-group 92.51.193.158 type ipsec-l2l
  tunnel-group 92.51.193.158 General-attributes
  Group - default policy - GroupPolicy_92.51.193.158
  IPSec-attributes tunnel-group 92.51.193.158
  IKEv1 pre-shared-key *.
  remote control-IKEv2 pre-shared-key authentication *.
  pre-shared-key authentication local IKEv2 *.
  !
  class-map inspection_default
  match default-inspection-traffic
  !
  !
  type of policy-card inspect dns preset_dns_map
  parameters
  maximum message length automatic of customer
  message-length maximum 512
  Policy-map global_policy
  class inspection_default
  inspect the preset_dns_map dns
  inspect the ftp
  inspect h323 h225
  inspect the h323 ras
  inspect the rsh
  inspect the rtsp
  inspect esmtp
  inspect sqlnet
  inspect the skinny
  inspect sunrpc
  inspect xdmcp
  inspect the sip
  inspect the netbios
  inspect the tftp
  Review the ip options
  inspect the icmp
  !
  global service-policy global_policy
  context of prompt hostname
  no remote anonymous reporting call
  Cryptochecksum:83b2069fa311e6037163ae74f9b2bec2
  : end

  Hello

  There are some clear problems I see on a quick glance. These are not related to the actual VPN configuration but rather the NAT configurations.

  All your configuration of NAT CLI format above are configured as manual NAT / double NAT in Section 1. This means that the appliance NAT configurations have been added to the same section of the NAT configurations and scheduling of the NAT inside this Section rules is the cause of the problem for the L2L VPN connection for some.

  Here are a few suggestions on what to change

  ASA1

  Minimal changes

  the object of the LAN network

  192.168.10.0 subnet 255.255.255.0

  being REMOTE-LAN network

  255.255.255.0 subnet 192.168.100.0

  NAT (inside, outside) 1 static source LAN LAN to static destination REMOTE - LAN LAN

  no nat source (indoor, outdoor) public static NETWORK_OBJ_192.168.10.0_24 NETWORK_OBJ_192.168.10.0_24 NETWORK_OBJ_192.168.100.0_24 NETWORK_OBJ_192.168.100.0_24 non-proxy-arp-search of route static destination

  That means foregoing is first of all create 'object' that contain the local LAN and remote LANs. Then, it creates a NAT0 rule and adds to the top rules NAT. (number 1). It is essentially of at least one of the problems preventing the VPN operation or traffic that cross.

  Finally, we remove the old rule that generated the ASDM. It would do the same thing if it has been moved to the top, but I generally find the creation of the 'object' with descriptive names easier on the eyes in the long term.

  Other suggestions

  These changes are not necessary with regard to the VPN L2L. Here are some suggestions how to clean a part of NAT configurations.

  PAT-SOURCE network object-group

  source networks internal PAT Description

  object-network 192.168.10.0 255.255.255.0

  object-network 192.168.20.0 255.255.255.0

  object-network 192.168.40.0 255.255.255.0

  NAT interface (it is, outside) the after-service automatic PAT-SOURCE dynamic source

  No source (indoor, outdoor) nat Dynamics one interface

  no nat (wireless, outdoors) source Dynamics one interface

  no nat (servers, outside) no matter what source dynamic interface

  The above configuration creates a "object-group" that lists all internal networks that you have dynamic PAT configured so far. It then uses the ' object-group ' in a command unique 'nat' to manage the dynamic PAT for all internal networks (with the exception of printers who had nothing at first). Then we remove the old PAT dynamic configurations.

  Contains the command "nat" "car after" because it moving this "nat" configuration to the bottom of the NAT rules. For this reason its less likely to cause problems in the future.

  network of the SERVERS object

  subnet 192.168.20.0 255.255.255.0

  network of the VPN-POOL object

  192.168.50.0 subnet 255.255.255.0

  NAT (servers, external) 2 static static source of destination of SERVERS SERVERS VPN-VPN-POOL

  no nat (servers, external) static source NETWORK_OBJ_192.168.20.0_24 NETWORK_OBJ_192.168.20.0_24 NETWORK_OBJ_192.168.50.0_24 NETWORK_OBJ_192.168.50.0_24 non-proxy-arp-search of route static destination

  The above configuration is supposed to create a NAT0 configuration for traffic between the network and the pool of Client VPN server. To my knowledge the old configuration that remove us is not used because the traffic would have matched PAT rule dynamic server yet rather than this rule which is later in the NAT configurations and would not be addressed.

  no nat source (indoor, outdoor) public static NETWORK_OBJ_192.168.10.0_24 NETWORK_OBJ_192.168.10.0_24 NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_192.168.1.0_24 non-proxy-arp-search of route static destination

  It seems to me that network 192.168.1.0/24 is not configured from anywhere in your network. Therefore, the above 'nat' configuration seems useless, can be deleted. If I missed something and its use in then of course do not remove it.

  ASA2

  Minimal changes

  the object of the LAN network

  255.255.255.0 subnet 192.168.100.0

  being REMOTE-LAN network

  192.168.10.0 subnet 255.255.255.0

  NAT (inside, outside) 1 static source LAN LAN to static destination REMOTE - LAN LAN

  no nat source (indoor, outdoor) public static NETWORK_OBJ_192.168.100.0_24 NETWORK_OBJ_192.168.100.0_24 NETWORK_OBJ_192.168.10.0_24 NETWORK_OBJ_192.168.10.0_24 non-proxy-arp-search of route static destination

  That means foregoing is first of all create 'object' that contain the local LAN and remote LANs. Then, it creates a NAT0 rule and adds to the top rules NAT. (number 1). It is essentially of at least one of the problems preventing the VPN operation or traffic that cross.

  Finally, we remove the old rule that generated the ASDM.

  Other suggestions

  PAT-SOURCE network object-group

  object-network 192.168.100.0 255.255.255.0

  NAT interface (it is, outside) the after-service automatic PAT-SOURCE dynamic source

  No source (indoor, outdoor) nat Dynamics one interface

  The above configuration is supposed to do the same thing with the other ASA. Although given that this network contains only a single subnet it cleans the "nat" configurations exist that much. But the order of the "nat" configurations is changed to avoid further problems with the NAT order.

  no nat source (indoor, outdoor) public static NETWORK_OBJ_192.168.100.0_24 NETWORK_OBJ_192.168.100.0_24 NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_192.168.1.0_24 non-proxy-arp-search of route static destination

  It seems to me that network 192.168.1.0/24 is not configured from anywhere in your network. Therefore, the above 'nat' configuration seems useless, can be deleted. If I missed something and its use in then of course do not remove it.

  I suggest trying the changes related to VPN L2L first NAT0 configurations and test traffic. So who gets the work of connectivity, then you could consider changing other NAT configurations. There are other things that could be changed also in what concerns THAT static NAT servers but that probably better left for another time.

  Hope this makes any sense and has helped

  Remember to mark a reply as the answer if it answered your question.

  Feel free to ask more if necessary

  -Jouni

• A possible bug related to the Cisco ASA "show access-list"?

  We had a strange problem in our configuration of ASA.

  In the "show running-config:

  Inside_access_in access-list CM000067 EXP:1/16/2014 OWN Note: IT_Security BZU:Network_Security JST:http_access

  Inside_access_in access-list CM000458 EXP:1/16/2014 OWN Note: IT_Security BZU:Network_Security JST:https_access

  Note to inside_access_in to access test 11111111111111111111111111 EXP:1/16/2014 OWN list: IT_Security BZU:Network_Security

  access-list extended inside_access_in permit tcp host 1.1.1.1 host 192.168.20.86 eq 81 Journal

  access-list inside_access_in note CM000260 EXP:1/16/2014 OWN: IT_Security BZU:Network_Security JST:netbios - dgm

  access-list inside_access_in note CM006598 EXP:1/16/2014 OWN: IT_Security BZU:Network_Security JST:netbios - ns

  access-list inside_access_in note CM000220 EXP:1/16/2014 OWN: IT_Security BZU:Network_Security JST:netbios - ssn

  access-list inside_access_in note CM000223 EXP:1/16/2014 OWN: IT_Security BZU:Network_Security JST:tcp / 445

  inside_access_in list extended access permitted tcp 172.31.254.0 255.255.255.0 any eq www log

  inside_access_in allowed extended access list tcp 172.31.254.0 255.255.255.0 any https eq connect

  inside_access_in list extended access permit udp 172.31.254.0 255.255.255.0 any eq netbios-dgm log

  inside_access_in list extended access permit udp 172.31.254.0 255.255.255.0 connect any eq netbios-ns

  inside_access_in list extended access permitted tcp 172.31.254.0 255.255.255.0 any eq netbios-ssn log

  inside_access_in list extended access permitted tcp 172.31.254.0 connect any EQ 445 255.255.255.0

  Inside_access_in access-list CM000280 EXP:1/16/2014 OWN Note: IT_Security BZU:Network_Security JST:domain

  inside_access_in list extended access permitted tcp object 172.31.254.2 any newspaper domain eq

  inside_access_in list extended access permitted udp object 172.31.254.2 any newspaper domain eq

  Inside_access_in access-list CM000220 EXP:1/16/2014 OWN Note: IT_Security BZU:Network_Security JST:catch_all

  inside_access_in list extended access permitted ip object 172.31.254.2 any newspaper

  Inside_access_in access-list CM0000086 EXP:1/16/2014 OWN Note: IT_Security BZU:Network_Security JST:SSH_internal

  inside_access_in list extended access permitted tcp 172.31.254.0 255.255.255.0 interface inside the eq ssh log

  Inside_access_in access-list CM0000011 EXP:1/16/2014 OWN Note: IT_Security BZU:Network_Security JST:PortRange

  inside_access_in list extended access allow object TCPPortRange 172.31.254.0 255.255.255.0 host log 192.168.20.91

  Inside_access_in access-list CM0000012 EXP:1/16/2014 OWN Note: IT_Security BZU:Network_Security JST:FTP

  access-list extended inside_access_in permitted tcp object inside_range 1024 45000 192.168.20.91 host range eq ftp log

  Inside_access_in access-list CM0000088 EXP:1/16/2014 OWN Note: IT_Security BZU:Network_Security JST:PortRange

  inside_access_in access list extended ip 192.168.20.0 255.255.255.0 allow no matter what paper

  Inside_access_in access-list CM0000014 EXP:1/16/2014 OWN Note: IT_Security BZU:Network_Security JST:DropIP

  inside_access_in list extended access permitted ip object windowsusageVM any newspaper

  inside_access_in list of allowed ip extended access any object testCSM

  inside_access_in access list extended ip 172.31.254.0 255.255.255.0 allow no matter what paper

  Inside_access_in access-list CM0000065 EXP:1/16/2014 OWN Note: IT_Security BZU:Network_Security JST:IP

  inside_access_in list extended access permit ip host 172.31.254.2 any log

  Inside_access_in access-list CM0000658 EXP:1/16/2014 OWN Note: IT_Security BZU:Network_Security

  inside_access_in list extended access permit tcp host 192.168.20.95 any log eq www

  In the "show access-list":

  access-list inside_access_in line 1 comment CM000067 EXP:1/16/2014 OWN: IT_Security BZU:Network_Security JST:http_access

  access-list inside_access_in line 2 Note CM000458 EXP:1/16/2014 OWN: IT_Security BZU:Network_Security JST:https_access

  Line note 3 access-list inside_access_in test 11111111111111111111111111 EXP:1/16/2014 OWN: IT_Security BZU:Network_Security

  4 extended access-list inside_access_in line allowed tcp host 1.1.1.1 host 192.168.20.86 eq newsletter interval 300 (hitcnt = 0) 81 0x0a 3bacc1

  line access list 5 Note CM000260 EXP:1/16/2014 OWN inside_access_in: IT_Security BZU:Network_Security JST:netbios - dgm

  line access list 6 Note CM006598 EXP:1/16/2014 OWN inside_access_in: IT_Security BZU:Network_Security JST:netbios - ns

  line access list 7 Note CM000220 EXP:1/16/2014 OWN inside_access_in: IT_Security BZU:Network_Security JST:netbios - ssn

  line access list 8 Note CM000223 EXP:1/16/2014 OWN inside_access_in: IT_Security BZU:Network_Security JST:tcp / 445

  allowed to Access-list inside_access_in line 9 extended tcp 172.31.254.0 255.255.255.0 any interval information eq www journal 300 (hitcnt = 0) 0 x 06 85254 has

  allowed to Access-list inside_access_in 10 line extended tcp 172.31.254.0 255.255.255.0 any https eq log of information interval 300 (hitcnt = 0) 0 x7e7ca5a7

  allowed for line access list 11 extended udp 172.31.254.0 inside_access_in 255.255.255.0 any netbios-dgm eq log of information interval 300 (hitcn t = 0) 0x02a111af

  allowed to Access-list inside_access_in line 12 extended udp 172.31.254.0 255.255.255.0 any netbios-ns eq log of information interval 300 (hitcnt = 0) 0 x 19244261

  allowed for line access list 13 extended tcp 172.31.254.0 inside_access_in 255.255.255.0 any netbios-ssn eq log of information interval 300 (hitcn t = 0) 0x0dbff051

  allowed to Access-list inside_access_in line 14 extended tcp 172.31.254.0 255.255.255.0 no matter what eq 445 300 (hitcnt = 0) registration information interval 0 x 7 b798b0e

  access-list inside_access_in 15 Note CM000280 EXP:1/16/2014 OWN line: IT_Security BZU:Network_Security JST:domain

  allowed to Access-list inside_access_in line 16 extended tcp object 172.31.254.2 any interval information journal field eq 300 (hitcnt = 0) 0x6c416 81 b

  allowed to Access-list inside_access_in line 16 extended host tcp 172.31.254.2 any interval information journal field eq 300 (hitcnt = 0) 0x6c416 81 b

  allowed to Access-list inside_access_in line 17 extended udp object 172.31.254.2 any interval information journal field eq 300 (hitcnt = 0) 227 0xc53bf

  allowed to Access-list inside_access_in line 17 extended udp host 172.31.254.2 all interval information journal field eq 300 (hitcnt = 0) 227 0xc53bf

  access-list inside_access_in 18 Note CM000220 EXP:1/16/2014 OWN line: IT_Security BZU:Network_Security JST:catch_all

  allowed to Access-list inside_access_in line 19 scope ip object 172.31.254.2 no matter what information recording interval 300 (hitcnt = 0) 0xd063707c

  allowed to Access-list inside_access_in line 19 scope ip host 172.31.254.2 any which information recording interval 300 (hitcnt = 0) 0xd063707c

  access-list inside_access_in line 20 note CM0000086 EXP:1/16/2014 OWN: IT_Security BZU:Network_Security JST:SSH_internal

  permit for line access list extended 21 tcp 172.31.254.0 inside_access_in 255.255.255.0 interface inside the eq ssh information recording interval 300 (hitcnt = 0) 0x4951b794

  access-list inside_access_in line 22 NOTE CM0000011 EXP:1/16/2014 OWN: IT_Security BZU:Network_Security JST:PortRange

  permit for access list 23 inside_access_in line scope object TCPPortRange 172.31.254.0 255.255.255.0 192.168.20.91 host registration information interval 300 (hitcnt = 0) 0x441e6d68

  allowed for line access list 23 extended tcp 172.31.254.0 inside_access_in 255.255.255.0 192.168.20.91 host range ftp smtp log information interval 300 (hitcnt = 0) 0x441e6d68

  access-list inside_access_in line 24 Note CM0000012 EXP:1/16/2014 OWN: IT_Security BZU:Network_Security JST:FTP

  25 extended access-list inside_access_in line allowed tcp object inside_range Beach 1024 45000 host 192.168.20.91 eq ftp interval 300 0xe848acd5 newsletter

  allowed for access list 25 extended range tcp 12.89.235.2 inside_access_in line 12.89.235.5 range 1024 45000 host 192.168.20.91 eq ftp interval 300 (hitcnt = 0) newsletter 0xe848acd5

  permit for access list 26 inside_access_in line scope ip 192.168.20.0 255.255.255.0 no interval 300 (hitcnt = 0) newsletter 0xb6c1be37

  access-list inside_access_in line 27 Note CM0000014 EXP:1/16/2014 OWN: IT_Security BZU:Network_Security JST:DropIP

  allowed to Access-list inside_access_in line 28 scope ip object windowsusageVM no matter what information recording interval 300 (hitcnt = 0) 0 x 22170368

  allowed to Access-list inside_access_in line 28 scope ip host 172.31.254.250 any which information recording interval 300 (hitcnt = 0) 0 x 22170368

  allowed to Access-list inside_access_in line 29 scope ip testCSM any object (hitcnt = 0) 0xa3fcb334

  allowed to Access-list inside_access_in line 29 scope ip any host 255.255.255.255 (hitcnt = 0) 0xa3fcb334

  permit for access list 30 inside_access_in line scope ip 172.31.254.0 255.255.255.0 no interval 300 (hitcnt = 0) newsletter 0xe361b6ed

  access-list inside_access_in line 31 Note CM0000065 EXP:1/16/2014 OWN: IT_Security BZU:Network_Security JST:IP

  allowed to Access-list inside_access_in line 32 scope ip host 172.31.254.2 any which information recording interval 300 (hitcnt = 0) 0xed7670e1

  access-list inside_access_in line 33 note CM0000658 EXP:1/16/2014 OWN: IT_Security BZU:Network_Security

  allowed to Access-list inside_access_in line 34 extended host tcp 192.168.20.95 any interval information eq www 300 newspapers (hitcnt = 0) 0x8d07d70b

  There is a comment in the running configuration: (line 26)

  Inside_access_in access-list CM0000088 EXP:1/16/2014 OWN Note: IT_Security BZU:Network_Security JST:PortRange

  This comment is missing in 'display the access-list '. In the access list, for all lines after this comment, the line number is more correct. This poses problems when trying to use the line number to insert a new rule.

  Everyone knows about this problem before? Is this a known issue? I am happy to provide more information if necessary.

  Thanks in advance.

  See the version:

  Cisco Adaptive Security Appliance Software Version 4,0000 1

  Version 7.1 Device Manager (3)

  Updated Friday, June 14, 12 and 11:20 by manufacturers

  System image file is "disk0: / asa844-1 - k8.bin.

  The configuration file to the startup was "startup-config '.

  fmciscoasa up to 1 hour 56 minutes

  Material: ASA5505, 512 MB RAM, 500 MHz Geode Processor

  Internal ATA Compact Flash, 128 MB

  BIOS Flash M50FW016 @ 0xfff00000, 2048KB

  Hardware encryption device: Cisco ASA-5505 Accelerator Board (revision 0 x 0)

  Start firmware: CN1000-MC-BOOT - 2.00

  SSL/IKE firmware: CNLite-MC-Smls-PLUS - 2.03

  Microcode IPSec:-CNlite-MC-IPSECm-HAND - 2.06

  Number of Accelerators: 1

  Could be linked to the following bug:

  CSCtq12090: ACL note line is missing when the object range is set to ACL

  The 8.4 fixed (6), so update to a newer version and observe again.

  --
  Don't stop once you have upgraded your network! Improve the world by lending money to low-income workers:
  http://www.Kiva.org/invitedBy/karsteni

• videos YouTube won't play in any browser

  Win7 Pro 64 bit, IE10.0.9200.16721.   Can't play youtube videos in ANY browser. I think it started after running a registry cleaner back in July.

  He spent two months trying to solve and still does not. Caches cleared, quit all programs, including firewalls and antivirus, nothing helps.

  Transfer files and settings to another drive (d), as move to new computer and didn't have fresh Win7 installed on C:. Migrate files and settings, all put upward, still does not work. Flash drive deleted, run uninstall tool flash to make sure that nothing indicating, reinstalled, still does not. IE uninstalled, reinstalled, still does not work. Have the latest version of Java and Shockwave plugins - I uninstalled and reinstalled.

  Figured maybe something migrated from files and settings saved important files d: C: reformatted, installed Win7 fees. Still does not work after the installation again. Think it's very weird request you AGAIN. Maybe new install of Win7 for C: pick up info off D: installing or reading old prefetch or registry of information recorded from the transfer?

  I tried IE10, Chrome and Firefox no success. By clicking on the link in the email or go to YouTube, player screen comes up with photo as if everything is normal. After clicking, snowy black screen with the message "year error has occurred, please try again later". And below, there is a link that says "learn more." I have been through all the steps and the steps twice around and do not yet have a solution. I can watch flash videos if they are shipped on a site like MSN or some new videos but links e-mail or going on the youtube site and clicking on videos will not work. Sometimes the ads will come and they will play very well up until the video should start, then the message.

  I'm starting to think I have to do a reformat and total fresh install Win7, desktop and all programs without the d: hanging... Very frustrated - one of the most difficult problems to fix in more than 20 years of lifting autour with computers... I was all over the Microsoft Forums and web research to find something that would work, but keep empty to come. Any help from any of you supergurus out there would be appreciated - thanks!

  What snake oil registry cleaner powder did you use?

  http://www.SevenForums.com/tutorials/3413-repair-install.html

• ASA VPN missing routes

  Hi and thanks for reading.

  I'm trying to configure IPSec VPN on the SAA. The initial phase was successful - I applied the certificate, anyconnect images, etc. and thus can connect to the gateway. The problem I face is that I can not reach one of VLAN internal, or I can't go outside... Any tips are appreciated, as I am running out of ideas.

  The ASA configuration is as follows:

  ASA 9.1 Version 2
  !
  ASA host name
  activate the password * encrypted
  names of
  local pool VPN_POOL 10.194.0.10 - 10.194.0.100 255.255.254.0 IP mask
  !
  interface GigabitEthernet0/0
  nameif outside
  security-level 0
  IP 123.44.120.22 255.255.255.248 watch 123.44.120.21
  !
  interface GigabitEthernet0/1
  No nameif
  no level of security
  no ip address
  !
  interface GigabitEthernet0/1.90
  VLAN 90
  nameif bn_management
  security-level 100
  IP 10.192.0.1 255.255.255.0 watch 10.192.0.2
  !
  interface GigabitEthernet0/1.100
  VLAN 100
  main nameif
  security-level 60
  IP 123.45.139.254 255.255.252.0 watch 123.45.139.253
  !
  interface GigabitEthernet0/1,110
  VLAN 110
  nameif vpn
  security-level 60
  IP 10.194.0.1 255.255.254.0 watch 10.194.0.2
  !
  interface GigabitEthernet0/1.120
  VLAN 120
  nameif v120
  security-level 70
  IP 10.194.2.1 255.255.254.0 watch 10.194.2.2
  !
  interface GigabitEthernet0/1,130
  VLAN 130
  nameif v130
  security-level 70
  IP 10.194.4.1 255.255.254.0 watch 10.194.4.2
  !
  interface GigabitEthernet0/1,200
  VLAN 200
  nameif v200
  security-level 40
  IP 10.196.0.1 255.255.252.0 watch 10.196.0.2
  !
  interface GigabitEthernet0/2
  Shutdown
  No nameif
  no level of security
  no ip address
  !
  interface GigabitEthernet0/3
  Shutdown
  No nameif
  no level of security
  no ip address
  !
  interface GigabitEthernet0/4
  Shutdown
  No nameif
  no level of security
  no ip address
  !
  interface GigabitEthernet0/5
  Shutdown
  No nameif
  no level of security
  no ip address
  !
  interface GigabitEthernet0/6
  Shutdown
  No nameif
  no level of security
  no ip address
  !
  interface GigabitEthernet0/7
  Failover LAN Interface Description
  !
  interface Management0/0
  management only
  nameif management
  security level 95
  IP 192.168.1.1 255.255.255.0 ensures 192.168.1.2
  !
  boot system Disk0: / asa912-smp - k8.bin
  passive FTP mode
  permit same-security-traffic inter-interface
  network management_private object
  10.192.0.0 subnet 255.255.255.0
  network v200_public object
  Home 123.44.120.19
  network v200_private object
  subnet 10.196.0.0 255.255.252.0
  network management_services_public object
  Home 123.44.120.20
  service of the WWW_PORTS object
  tcp destination eq https service
  network v120_private object
  10.194.2.0 subnet 255.255.254.0
  network v130_private object
  10.194.4.0 subnet 255.255.254.0
  network vpn_pool object
  10.194.0.0 subnet 255.255.254.0
  network vpn_public object
  Home 123.44.120.18
  object-group network of WEB servers
  host of the object-Network 123.45.136.200
  host of the object-Network 123.45.136.202
  the UW_SOURCE object-group network
  host of the object-Network 109.74.242.9
  host of the object-Network 109.74.242.11
  the UW_DESTINATION object-group network
  host of the object-Network 123.45.139.208
  the DOMAIN_CONTROLLER object-group network
  host of the object-Network 123.45.139.205
  object-group service VPN_PORTS tcp - udp
  port-object eq 1701
  EQ port 1723 object
  port-object eq 500
  EQ object of port 443
  port-object eq 50
  port-object eq 4500
  port-object eq 47
  the INTERNAL_SUBNETS object-group network
  Description object-group for internal subnets
  object-network 10.192.0.0 255.255.255.0
  network-object 10.196.0.0 255.255.252.0
  network-object 10.194.2.0 255.255.254.0
  network-object 10.194.4.0 255.255.254.0
  object-group network the Super USERS
  host of the object-Network 123.45.136.76
  host of the object-Network 123.45.136.80
  the v120_VLAN object-group network
  network-object 10.194.2.0 255.255.254.0
  the v120_SOURCES object-group network
  host of the object-Network 123.45.136.24
  the v130_VLAN object-group network
  network-object 10.194.4.0 255.255.254.0
  the v130_SOURCES object-group network
  host of the object-Network 123.45.136.76
  host of the object-Network 123.45.139.125
  host of the object-Network 123.45.136.129
  host of the object-Network 123.45.136.83
  host of the object-Network 123.45.136.10
  MAIN_IN list extended access allowed icmp object-group SUPER INTERNAL_SUBNETS a group of objects
  MAIN_IN list extended ip access allow the SUPER object-group INTERNAL_SUBNETS group of objects
  MAIN_IN list extended access permitted ip object-group v130_SOURCES-group of objects v130_VLAN
  MAIN_IN list extended access permitted ip object-group v120_SOURCES-group of objects v120_VLAN
  MAIN_IN list extended access deny ip any object-group INTERNAL_SUBNETS
  MAIN_IN of access allowed any ip an extended list
  access-list v200_IN note v200 TRAFFIC
  v200_IN list extended access permit icmp any one
  v200_IN list extended access permit tcp any object-group servers WEB eq www
  v200_IN list extended access permit tcp any object-group eq https WEB servers
  v200_IN of access allowed any ip an extended list
  Allow NETFLOW_HOSTS to access extensive ip list a whole
  access-list to note ALLOWED INCOMING TRAFFIC
  to the allowed extended access list icmp any object-group of WEB servers
  to the allowed extended access list tcp any object-group eq www WEB servers
  to the allowed extended access list tcp any object-group eq https WEB servers
  to allowed extended access list tcp any object-group objects VPN_PORTS DOMAIN_CONTROLLER-group
  to the list of allowed extensive access udp any object-group DOMAIN_CONTROLLER-group of VPN_PORTS objects
  access-list be extended permitted tcp object-group objects UW_DESTINATION eq 5000 UW_SOURCE-group
  access-list be extended permitted udp object-group objects UW_DESTINATION eq 5000 UW_SOURCE-group
  v130_IN of access allowed any ip an extended list
  v120_IN of access allowed any ip an extended list
  access-list VPN_IN note authorized vpn traffic
  VPN_IN list of allowed ip extended access any external interface
  VPN_IN of access allowed any ip an extended list
  pager lines 24
  Enable logging
  timestamp of the record
  information recording console
  asdm of logging of information
  the logging queue 0
  main host 123.45.136.30 record
  Debugging trace record
  message 313001 debug level logging
  message 713130 level of registration information
  message 713257 level of registration information
  registration of notifications of message 713228 level
  registration of notifications of message 713184 level
  flow-export destination main 123.45.136.30 2055
  timeout-rate flow-export model 1
  time of flow-export flow - create 60
  Outside 1500 MTU
  bn_management MTU 1500
  MTU 1500 main
  MTU 1500 VPN
  V120 MTU 1500
  v130 MTU 1500
  V200 MTU 1500
  management of MTU 1500
  failover
  primary failover lan unit
  FAILOVER_LINK GigabitEthernet0/7 failover LAN interface
  failover UI FAILOVER_LINK 172.16.0.1 ip 255.255.255.0 ensures 172.16.0.2
  the interface of the monitor bn_management
  the interface of the primary monitor
  Monitor-interface vpn
  the v120 monitor interface
  the v130 monitor interface
  the v200 monitor interface
  ICMP unreachable rate-limit 1 burst-size 1
  ICMP allow any vpn
  ASDM image disk0: / asdm-731 - 101.bin
  don't allow no asdm history
  ARP timeout 14400
  no permit-nonconnected arp
  NAT (bn_management, outside) source Dynamics management_private management_services_public
  NAT (v200, external) source Dynamics v200_private v200_public
  NAT (v120, external) source Dynamics v120_private management_services_public
  NAT (v130, external) source Dynamics v130_private management_services_public
  NAT (vpn, external) source Dynamics vpn_pool vpn_public
  Access-group compellingly in external interface
  Access-group MAIN_IN in the main interface
  Access-group interface vpn VPN_IN
  Access-group v120_IN in interface v120
  Access-group v130_IN in interface v130
  Access-group v200_IN in interface v200
  Route outside 0.0.0.0 0.0.0.0 123.44.120.17 1
  Timeout xlate 03:00
  Pat-xlate timeout 0:00:30
  Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
  Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
  Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  Floating conn timeout 0:00:00
  dynamic-access-policy-registration DfltAccessPolicy
  WebVPN
  SVC request to enable default svc
  AAA-server BN_AAA protocol ldap
  AAA-server (main) 123.45.139.201 BN_AAA
  Timeout 5
  Server auto-type detection
  identity of the user by default-domain LOCAL
  the ssh LOCAL console AAA authentication
  Enable http server
  http 192.168.1.0 255.255.255.0 management
  http 10.192.0.0 255.255.255.0 bn_management
  Main host community 123.45.136.30 SNMP server *.
  No snmp server location
  No snmp Server contact
  Community SNMP-server
  Server enable SNMP traps snmp authentication linkup, linkdown warmstart of cold start
  Crypto ipsec transform-set ikev1 ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
  Crypto ipsec transform-set ikev1 ESP-DES-SHA esp - esp-sha-hmac
  Crypto ipsec transform-set ikev1 SHA-ESP-3DES esp-3des esp-sha-hmac
  Crypto ipsec transform-set ikev1 esp ESP-DES-MD5-esp-md5-hmac
  Crypto ipsec transform-set ikev1 ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
  Crypto ipsec transform-set ikev1 ESP-3DES-MD5-esp-3des esp-md5-hmac
  Crypto ipsec transform-set ikev1 ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
  Crypto ipsec transform-set ikev1 ESP-AES-128-SHA aes - esp esp-sha-hmac
  Crypto ipsec transform-set ikev1 ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
  Crypto ipsec transform-set ikev1 ESP-AES-128-MD5-esp - aes esp-md5-hmac
  Crypto ipsec ikev2 ipsec-proposal OF
  encryption protocol esp
  Esp integrity sha - 1, md5 Protocol
  Crypto ipsec ikev2 proposal ipsec 3DES
  Esp 3des encryption protocol
  Esp integrity sha - 1, md5 Protocol
  Crypto ipsec ikev2 ipsec-proposal AES
  Esp aes encryption protocol
  Esp integrity sha - 1, md5 Protocol
  Crypto ipsec ikev2 ipsec-proposal AES192
  Protocol esp encryption aes-192
  Esp integrity sha - 1, md5 Protocol
  Crypto ipsec ikev2 AES256 ipsec-proposal
  Protocol esp encryption aes-256
  Esp integrity sha - 1, md5 Protocol
  Crypto ipsec pmtu aging infinite - the security association
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 define ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA MD5-ESP-3DES ESP-DES-SHA ESP-DES-MD5
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 define ikev2 AES256 AES192 AES 3DES ipsec-proposal OF
  outside_map card crypto 65535-isakmp dynamic ipsec SYSTEM_DEFAULT_CRYPTO_MAP
  outside_map interface card crypto outside
  TRENDMICRO crypto ca trustpoint
  Terminal registration
  domain name full vpn.asa - gw.co
  subject name CN = vpn.asa - gw.co, OR =, O = some, L = some, ST = some, C = GB
  VPN_SERVICE key pair
  Configure CRL
  Crypto ca trustpoint ASDM_TrustPoint0
  Terminal registration
  Configure CRL
  Crypto ca trustpoint ASDM_TrustPoint1
  Terminal registration
  Configure CRL
  Crypto ca trustpoint ASDM_Launcher_Access_TrustPoint_0
  registration auto
  name of the object CN = 10.192.0.1, CN = ASA
  Configure CRL
  trustpool crypto ca policy
  TRENDMICRO crypto ca certificate chain
  certificate 34cc4cb00ae501b8
  308204cd...
  quit smoking
  certificate ca 5b469990ec759d34
  30820478...
  quit smoking
  string encryption ca ASDM_TrustPoint0 certificates
  certificate ca 272b67229745d2438bf9774186aebd
  3082069c...
  quit smoking
  string encryption ca ASDM_TrustPoint1 certificates
  certificate ca 00bb401c43f55e4fb0
  308205ba...
  quit smoking
  string encryption ca ASDM_Launcher_Access_TrustPoint_0 certificates
  certificate of 590c 2254
  308202ea...
  quit smoking
  IKEv2 crypto policy 1
  aes-256 encryption
  integrity sha
  Group 2 of 5
  FRP sha
  second life 86400
  IKEv2 crypto policy 10
  aes-192 encryption
  integrity sha
  Group 2 of 5
  FRP sha
  second life 86400
  IKEv2 crypto policy 20
  aes encryption
  integrity sha
  Group 2 of 5
  FRP sha
  second life 86400
  IKEv2 crypto policy 30
  3des encryption
  integrity sha
  Group 2 of 5
  FRP sha
  second life 86400
  IKEv2 crypto policy 40
  the Encryption
  integrity sha
  Group 2 of 5
  FRP sha
  second life 86400
  Crypto ikev2 activate out of service the customer port 443
  trustpoint to ikev2 crypto TRENDMICRO remote access
  Crypto ikev1 allow outside
  IKEv1 crypto policy 10
  authentication crack
  aes-256 encryption
  sha hash
  Group 2
  life 86400
  IKEv1 crypto policy 20
  authentication rsa - sig
  aes-256 encryption
  sha hash
  Group 2
  life 86400
  IKEv1 crypto policy 30
  preshared authentication
  aes-256 encryption
  sha hash
  Group 2
  life 86400
  IKEv1 crypto policy 40
  authentication crack
  aes-192 encryption
  sha hash
  Group 2
  life 86400
  IKEv1 crypto policy 50
  authentication rsa - sig
  aes-192 encryption
  sha hash
  Group 2
  life 86400
  IKEv1 crypto policy 60
  preshared authentication
  aes-192 encryption
  sha hash
  Group 2
  life 86400
  IKEv1 crypto policy 70
  authentication crack
  aes encryption
  sha hash
  Group 2
  life 86400
  IKEv1 crypto policy 80
  authentication rsa - sig
  aes encryption
  sha hash
  Group 2
  life 86400
  IKEv1 crypto policy 90
  preshared authentication
  aes encryption
  sha hash
  Group 2
  life 86400
  IKEv1 crypto policy 100
  authentication crack
  3des encryption
  sha hash
  Group 2
  life 86400
  IKEv1 crypto policy 110
  authentication rsa - sig
  3des encryption
  sha hash
  Group 2
  life 86400
  IKEv1 crypto policy 120
  preshared authentication
  3des encryption
  sha hash
  Group 2
  life 86400
  IKEv1 crypto policy 130
  authentication crack
  the Encryption
  sha hash
  Group 2
  life 86400
  IKEv1 crypto policy 140
  authentication rsa - sig
  the Encryption
  sha hash
  Group 2
  life 86400
  IKEv1 crypto policy 150
  preshared authentication
  the Encryption
  sha hash
  Group 2
  life 86400
  Telnet timeout 5
  SSH 123.45.138.202 255.255.255.255 bn_management
  SSH 10.192.0.0 255.255.255.0 bn_management
  SSH 123.45.136.0 255.255.252.0 main
  SSH 123.45.138.202 255.255.255.255 main
  SSH 123.45.138.202 255.255.255.255 management
  SSH timeout 10
  SSH version 2
  SSH group dh-Group1-sha1 key exchange
  Console timeout 0
  access to the administration bn_management
  dhcpd dns 123.45.1.180 123.44.2.1
  !
  dhcpd address 10.192.0.200 - 10.192.0.230 bn_management
  bn_management enable dhcpd
  !
  dhcpd address 10.194.3.200 - 10.194.3.230 v120
  dhcpd enable v120
  !
  dhcpd address 10.196.0.32 - 10.196.1.31 v200
  !
  management of 192.168.1.3 - 192.168.1.254 addresses dhcpd
  !
  a basic threat threat detection
  host of statistical threat detection
  statistical threat detection port
  Statistical threat detection Protocol
  Statistics-list of access threat detection
  no statistical threat detection tcp-interception
  NTP 123.45.1.160 Server
  NTP 123.44.2.160 Server
  NTP 123.45.1.164 Server
  NTP 123.44.2.164 Server
  SSL encryption rc4-aes128-sha1 aes256-3des-sha1 sha1 sha1
  Trust ASDM_Launcher_Access_TrustPoint_0 bn_management vpnlb-ip SSL-point
  SSL-trust ASDM_Launcher_Access_TrustPoint_0 bn_management point
  SSL-trust TRENDMICRO out point
  WebVPN
  allow outside
  AnyConnect image disk0:/anyconnect-win-3.1.05182-k9.pkg 1
  AnyConnect image disk0:/anyconnect-macosx-i386-3.1.05182-k9.pkg 2
  AnyConnect image disk0:/anyconnect-linux-3.1.05182-k9.pkg 3
  AnyConnect profiles BN_VPN_client_profile disk0: / BN_VPN_client_profile.xml
  AnyConnect enable
  tunnel-group-list activate
  internal GroupPolicy_BN_VPN group strategy
  attributes of Group Policy GroupPolicy_BN_VPN
  WINS server no
  value of 123.45.1.1 DNS server 123.44.2.1
  L2TP ipsec VPN-tunnel-Protocol ikev1, ikev2
  value by default-domain asa - gw.co
  WebVPN
  AnyConnect value BN_VPN_client_profile type user profiles
  admin EoGC0ChIqyj0NIb5 encrypted privilege 15 password username
  rzachlod LnL.KcibQZ1OMF/d username encrypted password
  type tunnel-group BN_VPN remote access
  attributes global-tunnel-group BN_VPN
  address VPN_POOL pool
  Group Policy - by default-GroupPolicy_BN_VPN
  tunnel-group BN_VPN webvpn-attributes
  enable BN_VPN group-alias
  !
  class-map CX
  match any
  class-map inspection_default
  match default-inspection-traffic
  class-map NetFlow Traffic
  corresponds to the NETFLOW_HOSTS access list
  ins class-map
  !
  !
  type of policy-card inspect dns preset_dns_map
  parameters
  maximum message length automatic of customer
  message-length maximum 512
  Policy-map global_policy
  class inspection_default
  inspect the preset_dns_map dns
  inspect the ftp
  inspect h323 h225
  inspect the h323 ras
  inspect the rsh
  inspect the rtsp
  inspect esmtp
  inspect sqlnet
  inspect the skinny
  inspect sunrpc
  inspect xdmcp
  inspect the sip
  inspect the netbios
  inspect the tftp
  Review the ip options
  inspect the icmp
  inspect the icmp error
  inspect the pptp
  class NetFlow Traffic
  destination 123.45.136.30 flow - create a flow-export-type of event
  flow-export-type of event all the destination 123.45.136.30
  class CX
  cxsc rescue
  !
  global service-policy global_policy
  context of prompt hostname
  no remote anonymous reporting call
  Cryptochecksum:6be83997815380c8523971f8e7925de8
  : end

  The mention of VPN in the ACL refers to L2TP running on a Windows Server - I intend to replace this existing solution with IPSec to the ASA.

  The "details of the itinerary"on AnyConnect only shows the route 0.0.0.0/0. " After connecting to the ASA, I essentially ends in a black hole. I have the problem is with NAT, but after trying to sort on, I'm still stuck...

  My plan is to get VPN to work in the first instance and later to create a super users group, which allows access to the management of VLAN etc. I hope it's something trivial that I forgot, that I have set up the VPN to ASA in the past and doesn't not meet problems :/

  As always, tips are greatly appreciated!

  You can use an IP address for this traffic if you wish. And you can combine the NAT statements in a single statement. The config might look like this:

   object network PAT-OUTSIDE host a.b.c.23 nat (any,outside) after-auto source dynamic any PAT-OUTSIDE 

• port forwarding static pix501

  Hello!

  I really made efforts to make this work, but without success.

  What I'm trying to do is a port forwarding on tcp 4899. I searched forums, read articles and the manual, but it doesn't really work.

  Topology: Pix ISP modem DSL - lan

  Here is the config of my pov, working the 'best '.

  : Saved

  :

  6.3 (1) version PIX

  interface ethernet0 car

  interface ethernet1 100full

  ethernet0 nameif outside security0

  nameif ethernet1 inside the security100

  enable password xxxx

  passwd xxx

  pixfirewall hostname

  domain ciscopix.com

  fixup protocol ftp 21

  fixup protocol h323 h225 1720

  fixup protocol h323 ras 1718-1719

  fixup protocol http 80

  fixup protocol they 389

  fixup protocol rsh 514

  fixup protocol rtsp 554

  fixup protocol sip 5060

  fixup protocol sip udp 5060

  fixup protocol 2000 skinny

  fixup protocol smtp 25

  fixup protocol sqlnet 1521

  names of

  access-list 101 permit tcp any host xx.xx.xx.245 eq 4899

  pager lines 24

  information recording console

  Outside 1500 MTU

  Within 1500 MTU

  IP address outside xx.xx.xx.244 255.255.255.240

  IP address inside 192.168.29.91 255.255.255.0

  alarm action IP verification of information

  alarm action attack IP audit

  PDM logging 100 information

  history of PDM activate

  ARP timeout 14400

  Global 1 xx.xx.xx.245 (outside)

  NAT (inside) 1 0.0.0.0 0.0.0.0 0 0

  static (inside, outside) tcp xx.xx.xx.245 4899 192.168.29.4 4899 netmask 255.255.255.255 0 0

  Access-group 101 in external interface

  Route outside 0.0.0.0 0.0.0.0 xx.xx.xx.241 1

  Timeout xlate 0:05:00

  Timeout conn 01:00 half-closed 0:10:00 udp 0: CPP 02:00 0:10:00 01:00 h225

  H323 timeout 0:05:00 mgcp 0: sip from 05:00 0:30:00 sip_media 0:02:00

  Timeout, uauth 0:05:00 absolute

  GANYMEDE + Protocol Ganymede + AAA-server

  RADIUS Protocol RADIUS AAA server

  AAA-server local LOCAL Protocol

  Enable http server

  http 192.168.29.0 255.255.255.0 inside

  No snmp server location

  No snmp Server contact

  SNMP-Server Community public

  No trap to activate snmp Server

  enable floodguard

  Telnet timeout 5

  SSH timeout 5

  Console timeout 0

  dhcpd address 192.168.29.92 - 192.168.29.123 inside

  dhcpd lease 3600

  dhcpd ping_timeout 750

  dhcpd outside auto_config

  Terminal width 80

  Cryptochecksum:xxxx

  : end

  Here's a log of what happens when I try to establish a connection.

  609001: built internal local host: 192.168.29.4

  305011: built a static TCP translation of inside:192.168.29.4/4899 to outside:xx.xx.xx.245/4899

  302013: built of TCP connections incoming 582 for outside:yy.yy.yy.51/3289 (yy.yy.yy.51/3289) at inside:192.168.29.4/4899 (xx.xx.xx.245/4899)

  302014: disassembly of the TCP connection 582 for outside:yy.yy.yy.51/3289 to inside:192.168.29.4/4899 duration 0:02:01 bytes 0 SYN Timeout

  305012: static translation TCP disassembly of inside:192.168.29.4/4899 to outside:xx.xx.xx.245/4899 duration 0:02:15

  And IMO it looks as it should? But there is no data flow.

  Thank you! Peter

  Are you sure that the service is running on 192.168.29.4? "bytes 0 SYN Timeout"reveals as no response was sent from inside.

  After you add the static statement, did you make a clear xlate or restart the pix to reset the table of translation slot? (clear xlate is preferred, but naturally a reboot will be wipe off the table)

• Tunnel established but no traffic passing on the Site 2 Site VPN

  I have a cisco 2900 series construction of a site-2-site of the ASA 5510 vpn tunnel.  The tunnel works out very well, but I can't get the traffic through the tunnel.  I have read several other posts and tried a lot of suggestion (probably to break things in the process).  I don't know if I'm not nat all messed up or if my access lists on the router are goofy.  Any help is greatly appreciated.

  THE ASA CONFIG:

  ASA 4,0000 Version 1
  !
  hostname test-fw
  domain ficticious.local

  names of
  !
  interface Ethernet0/0
  nameif outside
  security-level 0
  IP address *. *. * 255.255.255. *.
  !
  interface Ethernet0/1
  nameif inside
  security-level 100
  IP 192.168.3.2 255.255.255.0
  !
  interface Ethernet0/2
  nameif DMZ - TNS
  security-level 10
  IP 192.168.31.1 255.255.255.0
  interface Ethernet0/3
  nameif DMZ-SMTP
  security-level 9
  192.168.32.1 IP address 255.255.255.0
  !
  interface Management0/0
  nameif cradelpoint
  security-level 1
  192.168.254.1 IP address 255.255.255.0
  !
  boot system Disk0: / asa844-1 - k8.bin
  passive FTP mode
  clock timezone IS - 5
  clock to summer time EDT recurring
  DNS server-group DefaultDNS
  domain ficticious.local
  network object obj - 172.16.3.2
  host 172.16.3.2
  network object obj - 172.16.7.2
  Home 172.16.7.2
  network object obj - 172.16.10.2
  Home 172.16.10.2
  network object obj - 172.16.13.2
  Home 172.16.13.2
  network object obj - 192.168.3.0
  subnet 192.168.3.0 255.255.255.0
  network object obj - 192.168.4.0
  subnet 192.168.4.0 255.255.255.0
  network object obj - 192.168.5.0
  192.168.5.0 subnet 255.255.255.0
  network object obj - 192.168.6.0
  192.168.6.0 subnet 255.255.255.0
  network object obj - 192.168.7.0
  192.168.7.0 subnet 255.255.255.0
  network object obj - 192.168.8.0
  192.168.8.0 subnet 255.255.255.0
  network object obj - 192.168.9.0
  192.168.9.0 subnet 255.255.255.0
  network object obj - 192.168.10.0
  192.168.10.0 subnet 255.255.255.0
  network object obj - 192.168.12.0
  255.255.255.0 subnet 192.168.12.0
  network object obj - 192.168.13.0
  192.168.13.0 subnet 255.255.255.0
  network object obj - 192.168.15.0
  192.168.15.0 subnet 255.255.255.0
  network object obj - 192.168.16.0
  192.168.16.0 subnet 255.255.255.0
  network object obj - 10.1.0.0
  10.1.0.0 subnet 255.255.0.0
  network object obj - 192.168.32.10
  Home 192.168.32.10
  network of the NETWORK_OBJ_192.168.20.0 object
  host 192.168.20.0
  network of the NETWORK_OBJ_192.168.20.0_24 object
  subnet 192.168.20.0 255.255.255.0
  network of the NETWORK_OBJ_192.168.3.0_24 object
  subnet 192.168.3.0 255.255.255.0
  network object obj - 192.168.0.0_16
  Subnet 192.168.0.0 255.255.0.0
  network of the NETWORK_OBJ_192.168.0.0_24 object
  192.168.0.0 subnet 255.255.255.0

  network of the NETWORK_OBJ_192.168.3.0 object
  host 192.168.3.0
  network of the NETWORK_OBJ_192.168.3.144_28 object
  subnet 192.168.3.144 255.255.255.240
  network object obj - 192.168.50.11
  network object obj - 192.168.30.10
  host 192.168.30.10
  network object obj - 192.168.40.10
  Home 192.168.40.10
  network object obj - 192.168.70.10
  Home 192.168.70.10
  network object obj - 192.168.150.10
  Home 192.168.150.10
  network object obj - 192.168.160.10
  Home 192.168.160.10
  network object obj - 10.10.10.10
  host 10.10.10.10
  network object obj - 192.168.120.10
  Home 192.168.120.10

  access-list extended Out-In deny an ip
  outside_1_cryptomap to access extended list ip 192.168.3.0 allow 255.255.255.0 192.168.0.0 255.255.255.0
  pager lines 24
  Enable logging
  timestamp of the record
  information recording console
  registration of information monitor
  debug logging in buffered memory
  recording of debug trap
  debugging in the history record
  asdm of logging of information

  Outside 1500 MTU
  Within 1500 MTU
  MTU 1500 DMZ - TNS
  MTU 1500 DMZ-SMTP
  cradelpoint MTU 1500

  no failover
  ICMP unreachable rate-limit 1 burst-size 1
  ICMP deny everything outside
  ICMP deny any inside
  ICMP deny all DMZ - TNS

  ARP timeout 14400
  NAT (inside, outside) static source any any static destination NETWORK_OBJ_192.168.3.144_28 NETWORK_OBJ_192.168.3.144_28 non-proxy-arp-search to itinerary
  NAT (inside, outside) static source all all NETWORK_OBJ_192.168.0.0_24 of NETWORK_OBJ_192.168.0.0_24 static destination
  !
  network object obj - 172.16.3.2
  NAT dynamic interface (indoor, outdoor)
  network object obj - 172.16.7.2
  NAT dynamic interface (indoor, outdoor)
  network object obj - 172.16.10.2
  NAT dynamic interface (indoor, outdoor)
  network object obj - 172.16.13.2
  NAT dynamic interface (indoor, outdoor)
  network object obj - 192.168.3.0
  NAT dynamic interface (indoor, outdoor)
  network object obj - 192.168.4.0
  NAT dynamic interface (indoor, outdoor)
  network object obj - 192.168.5.0
  NAT dynamic interface (indoor, outdoor)
  network object obj - 192.168.6.0
  NAT dynamic interface (indoor, outdoor)
  network object obj - 192.168.7.0
  NAT dynamic interface (indoor, outdoor)
  network object obj - 192.168.8.0
  NAT dynamic interface (indoor, outdoor)
  network object obj - 192.168.9.0
  NAT dynamic interface (indoor, outdoor)
  network object obj - 192.168.10.0
  NAT dynamic interface (indoor, outdoor)
  network object obj - 192.168.12.0
  NAT dynamic interface (indoor, outdoor)
  network object obj - 192.168.13.0
  NAT dynamic interface (indoor, outdoor)
  network object obj - 192.168.15.0
  NAT dynamic interface (indoor, outdoor)
  network object obj - 192.168.16.0
  NAT dynamic interface (indoor, outdoor)
  network object obj - 10.1.0.0
  NAT dynamic interface (indoor, outdoor)
  network object obj - 192.168.32.10
  NAT (DMZ-SMTP, outside) static 12.200.89.172
  network object obj - 192.168.50.11

  Route outside 0.0.0.0 0.0.0.0 *. *. *. * 1
  Route inside 10.1.0.0 255.255.0.0 192.168.3.1 1
  Route inside 10.10.0.0 255.255.0.0 192.168.3.1 1
  Route inside 10.200.0.0 255.255.0.0 192.168.3.1 1
  Route inside 172.16.3.2 255.255.255.255 192.168.3.1 1
  Route inside 172.16.7.2 255.255.255.255 192.168.3.1 1
  Route inside 172.16.10.2 255.255.255.255 192.168.3.1 1
  Route inside 172.16.13.2 255.255.255.255 192.168.3.1 1
  Route inside 192.168.4.0 255.255.255.0 192.168.3.1 1
  Route inside 192.168.5.0 255.255.255.0 192.168.3.1 1
  Route inside 192.168.6.0 255.255.255.0 192.168.3.1 1
  Route inside 192.168.7.0 255.255.255.0 192.168.3.1 1
  Route inside 192.168.8.0 255.255.255.0 192.168.3.1 1
  Route inside 192.168.9.0 255.255.255.0 192.168.3.1 1
  Route inside 192.168.10.0 255.255.255.0 192.168.3.1 1
  Route inside 192.168.12.0 255.255.255.0 192.168.3.1 1
  Route inside 192.168.13.0 255.255.255.0 192.168.3.1 1
  Route inside 192.168.15.0 255.255.255.0 192.168.3.1 1
  Route inside 192.168.16.0 255.255.255.0 192.168.3.1 1
  external route 192.168.20.0 255.255.255.0 *. *. *. * 1
  Route inside 192.168.30.0 255.255.255.0 192.168.3.1 1
  Route inside 192.168.40.0 255.255.255.0 192.168.3.1 1
  Route inside 192.168.50.0 255.255.255.0 192.168.3.1 1
  Route inside 192.168.70.0 255.255.255.0 192.168.3.1 1
  Route inside 192.168.100.0 255.255.255.0 192.168.3.1 1
  Route inside 192.168.120.0 255.255.255.0 192.168.3.1 1
  Route inside 192.168.150.0 255.255.255.0 192.168.3.1 1
  Route inside 192.168.160.0 255.255.255.0 192.168.3.1 1

  card crypto outside_map 1 match address outside_1_cryptomap
  card crypto outside_map 1 set peer 1.1.1.1
  card crypto 1 ikev1 transform-set cradelpoint_vpn set outside_map
  card crypto outside_map 1 the value reverse-road
  outside_map interface card crypto outside

  Telnet timeout 5
  SSH timeout 5
  Console timeout 0
  management-access inside
  a basic threat threat detection
  host of statistical threat detection
  statistical threat detection port
  Statistical threat detection Protocol
  Statistics-list of access threat detection
  no statistical threat detection tcp-interception
  NTP 10.1.2.13 Server prefer
  SSL-trust outside ASDM_TrustPoint0 point

  tunnel-group 1.1.1.1 type ipsec-l2l
  tunnel-group 1.1.1.1 ipsec-attributes
  IKEv1 pre-shared-key *.
  !
  class-map IPSclass
  match any
  class-map inspection_default
  match default-inspection-traffic
  !
  !
  type of policy-card inspect dns preset_dns_map
  parameters
  maximum message length automatic of customer
  message-length maximum 512
  Policy-map IPSpolicy
  class IPSclass
  IPS inline help
  Policy-map global_policy
  class inspection_default
  inspect the preset_dns_map dns
  inspect the ftp
  inspect h323 h225
  inspect the h323 ras
  Review the ip options
  inspect the netbios
  inspect the rsh
  inspect the rtsp
  inspect the skinny
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect the tftp
  inspect the sip
  inspect xdmcp
  class class by default
  Statistical accounting of user
  !

  Router config:

  Current configuration: 2605 bytes
  !
  ! Last modification of the configuration at 18:39:30 UTC Tuesday, August 7, 2012
  ! NVRAM config update at 19:50:03 UTC Monday, August 6, 2012
  ! NVRAM config update at 19:50:03 UTC Monday, August 6, 2012
  version 15.1
  horodateurs service debug datetime msec
  Log service timestamps datetime msec

  !
  router host name
  !
  boot-start-marker
  boot-end-marker
  !
  !
  activate the bonnefin password
  !
  No aaa new-model
  !
  !
  No ipv6 cef
  IP source-route
  IP cef
  !
  !
  !
  !
  !
  name-server IP 192.168.100.1
  !
  Authenticated MultiLink bundle-name Panel
  !
  !
  Crypto pki token removal timeout default 0
  !

  !
  !
  !
  redundancy
  crypto ISAKMP policy 2
  preshared authentication
  address of crypto isakmp key 6 IBETYOUCANTGUESS *. *. *. *
  !
  !
  Crypto ipsec transform-set esp-3des esp-sha-hmac cradelpoint_vpn
  !
  map SDM_CMAP_1 1 ipsec-isakmp crypto
  Description Tunnel to *. *. *. *
  set peer *. *. *. *
  Set transform-set cradelpoint_vpn
  match address 100
  !
  !
  !
  !
  !
  the Embedded-Service-Engine0/0 interface
  no ip address
  Shutdown
  !
  interface GigabitEthernet0/0
  no ip address

  Shutdown
  !
  interface GigabitEthernet0/0
  no ip address
  IP nat inside
  IP virtual-reassembly in
  automatic duplex
  automatic speed
  No cdp enable
  !
  interface GigabitEthernet0/0.1
  encapsulation dot1Q 1 native
  the IP 192.168.0.1 255.255.255.0
  IP nat inside
  IP virtual-reassembly in
  No cdp enable
  !
  interface GigabitEthernet0/0.2
  encapsulation dot1Q 2
  No cdp enable
  !
  interface GigabitEthernet0/0.3
  encapsulation dot1Q 3
  No cdp enable
  !
  interface GigabitEthernet0/1
  DHCP IP address
  automatic duplex
  automatic speed
  No cdp enable
  map SDM_CMAP_1 crypto
  !
  interface Serial0/0/0
  no ip address
  Shutdown
  no fair queue
  !
  IP forward-Protocol ND
  !
  no ip address of the http server
  no ip http secure server
  !
  overload of IP nat inside source list 110 interface GigabitEthernet0/1
  overload of IP nat inside source list sheep interface GigabitEthernet0/1
  IP route 0.0.0.0 0.0.0.0 192.168.100.1 254
  IP route 0.0.0.0 0.0.0.0 192.168.100.1 254
  IP route 192.168.3.0 255.255.255.0 192.168.3.1
  !
  Access-list 100 = 4 SDM_ACL category note
  Note access-list 100 IPSec rule
  access-list 100 permit ip 192.168.0.0 0.0.0.255 192.168.3.0 0.0.0.255
  access-list 110 deny ip 192.168.0.0 0.0.0.255 192.168.3.0 0.0.0.255
  !
  !
  !
  !
  sheep allowed 10 route map
  corresponds to the IP 110
  !
  !
  !
  control plan
  !
  !
  !
  Line con 0
  line to 0
  line 2
  no activation-character
  No exec
  preferred no transport
  transport of entry all
  transport output pad rlogin lapb - your MOP v120 udptn ssh telnet
  StopBits 1
  line vty 0 4
  opening of session
  transport of entry all
  !
  Scheduler allocate 20000 1000
  end

  Ahh, looks like the CradelPoint router could have dropped the ESP package, as we can see the router is to encrypt the packets, but the ASA receives nothing / decrypts, which means it does not even reach the ASA.

  Activate the NAT - T, so ESP is encapsulated in UDP/4500.

  On ASA:

  Crypto isakmp nat-traversal 30