Queries DNS & SCAN in EBS on 12.2 RAC

Similar Questions

• How to send queries dns to non-standard port in windows 8

  I want to send queries dns to nonstandard port (other then 53). I found this article that describes how do (in the windows registry to add HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DNS\Parameters   SendOnNonDnsPort parameter of type dword with the value of the port desired). Unfortunately I could not find this path in the registry of Windows 8 (he has only HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\) and creation, it did not help. So, how can I can change this port, without having to install any additional software?

  Hi Edward,.

  The question you posted would be better suited in the TechNet Forums. I would recommend posting your query in the link below.

  http://social.technet.Microsoft.com/forums/en/category/w8itpro

  Good day!

• RVS4000 selective loss of DNS queries

  Is there a configuration option or a known bug that would cause a selective RVS4000 or garble queries DNS

  coming on the LAN side by side WAN, yet allow HTTP, SSH and Ping through without problem?  I think I have

  very strong evidence that this problem is due to my new satellite ISP, but they insist on sound ' beause router DNS

  requests go by with the deleted router.  The same router, configuration and complete the installation has worked with my

  old cable ISP.

  After a lot of frustration (because of the EFAH05W be incorrectly labeled a 'hub',

  When he is in fact a switch and thus will not support the packet sniffing), I am set me up

  with Wireshark, an old, borrowed hub and a portable separate sniffing

  packs from the side WAN.  Good DNS responses were indeed

  Since name servers, but the RVS4000 was rejecting, return a

  ICMP MOUSSOKI 'no such port' for the name server.  I thought that the router has calendar

  its NAT rule when connected via satellite (which has round-trip latency

  of about 1.3 sec.)  After not finding no way to reconfigure the RVS4000 to hold the

  NAT rules any longer, I tried the Netgear RP614v4, just because that was what they had

  for the local store.  Which corrects the problem.

  (I tried this other router earlier and DNS worked but HTTP has failed.  Must

  were the experimental errors, everything works now.)

• DNS services using data much more than before with iOS 10?

  Hello

  I have upgraded to iOS 10, since the GM became available.

  A few days ago I noticed a spike in my use of the data on the report of my career, and I went to check on the iPhone, which was the cause. To my surprise, the culprit was DNS Services. The 515 MB I had used since the last reset (I have reset the same day as my service provider, on September 13) 466 MB were the DNS Services.

  On the carrier app I see that there are seven 16 490 MB consumed, compared with an average of 15 to 20Mb per day. So I guess that most of these 466 MB were made that day.

  466 MB of DNS queries are now something like 5 billion queries. Without WiFi connectivity, I was this day a total of 90 minutes maybe. Now, I did not use the iPhone except to listen to music (60 minutes walking the dog, another 30 on the car). I can't figure out how or what makes these applications.

  I reset network settings that day and things were back to "normal". Except that today ' today I see that there is an another 20 MB of queries DNS deployed since the 16th century. 20 MB of DNS request are always * a * much.

  Has anyone else noticed a greater amount of DNS requests with 10 iOS?

  Now the weird part is that everything was normal before the 16th century. And I installed the GM the day, it was released (which was... 1 week or two before?) and I were on the betas since weeks before. I can't remember or see something different or special made 16. A few days earlier, IIRC, there are a few updates to the carrier, but why or how, which would produce an increase in DNS queries?

  I tried to speak with the Apple Support, but the girl I mentioned with just told me incorrect and illogical things and got offended when I asked if she knew what a DNS query and closed the chat session. I guess I won't get any help there.

  Just for comparison: iPhone from a friend a total of 6.1 MB of DNS services for almost a year of use. I'm sure that the values will be around that mark if someone check their info.

  So, is it possible to follow what requests have been made (by which App, or what name has been resolved) so I can try to locate it?

  I'm trying to restore the iPhone, hoping that things will return to normal, but without knowing what and why it happened there is just a long shot.

• Updated Airport Extreme 7.7.7 is DNS Horrible Performance

  Since the update to the 7.7.7 firmware yesterday, all queries DNS to Airport Extreme now take several * seconds * to complete.  Of course, this makes the horribly slow general Internet usage.

  All the DNS requests sent directly to my access provider or for servers Google public DNS receive responses immediately, as expected, even if they go through a NAT. Airport Extreme bit whatever Airport Extreme is configured to use DNS servers, this is the local DNS service that responds slowly.

  It's pathetically broken.  More than SIX SECONDS to respond to a request, according to my Mac.

  20:48 (amy) 34% time host t ALL www.cnn.com

  www.CNN.com is an alias for turner.map.fastly.net.

  0.004U 0.011 s 0:06.08 0.1% + 0 + 0 k 0 + 0io 90pf + 0w

  20:49 (amy) 35% time host t ALL www.cnn.com 8.8.8.8

  With the help of the domain server:

  Name: 8.8.8.8

  Address: 8.8.8.8 #53

  Alias:

  www.CNN.com is an alias for turner.map.fastly.net.

  0.004U 0.005 s 0:00.02 0.0% 0 + 0 k 0 + 0io 8pf + 0w

  Please help me faster domain choise

• How can I disable not only LINK prefetching, but DNS prefetching in FF7/FF8?

  I have a local file (intranet) with hundreds of links to various sites, which is my FireFox home page.

  I wish all IP addresses these links to ask constantly, when I will be clicking on about one at any point in time.

  Even with [link] preloading disabled in topic: config, queries [DNS] are always preloading. There was a certain way, I think, to turn it off in the FF3 or configuration, but I cant find it in the new versions.

  Problem solved! I was looking in: config for the name "network.dns.disablePrefetch", so I could set to true. I couldn't find this in the config more, so I asked the question.

  Turns, same FF8 still obey this setting, although effective input must be explicitly. To do this, if someone is need of this info:

  1. Open Firefox and type about: config in the address bar.
  2. Right click on the list of topics; New > > Boolean.
  3. The name of the Boolean: 'network.dns.disablePrefetch' (exactly as indicated, but not including the quotes).
  4. Value: True

• Login screen - DNS issue

  We seem to be affected by intermittent empty login screen on my company's website, but only for the microsoft login page, the login page Skype charges well.

  Loading Skype upward, you get this screen:

  

  And users choose 'Microsoft account '. They should then see this screen:

  

  Instead they get this:

  

  Inside, there is a warning message stating the following:

  "This page contains errors. Go back'

  The site uses OpenDNS to filter queries DNS for computers and politics is quite locked.

  On any affected PC, if:

  -Close Skype

  -Run the DNS settings to something like 8.8.8.8 (google DNS server)

  -Load Skype

  The login screen (image 2) loads normally. The user can connect and I can then folding the DNS settings on the OpenDNS server and there is no other problem.

  Which means that Skype is trying to communicate with a Microsoft/Skype server somewhere on the interent and because it is not on my whitelist OpenDNS it gets blocked and it fails as in Fig. 3.

  My question can someone tell me what is the server? I went through the OpenDNS logs and the white list a bunch of stuff from microsoft and other things related to the certificates, but still no luck.

  Evetually I took the suggestion of Techfreak and sniffed packets with wireshark. Was annoyed to discover that the root cause of the problem is strangely named sb.symcd.com.

  Some quick Google-fu led me to a page that said that this area should be on a whitelist for Lync facilities. Hmm.

  Why microsoft couldn't use Server intuitive/descriptive names more is a mystery. In any case, I have whitelisted *. symcd.com and of the limited testing it seems to be resolved.

• ASA DNS DHCP

  Dear

  I'm under VPN site to site B to site a.

  site A: 192.168.1.1/24

  site b: 192.168.2.1/24

  The siteB. I used after DNS in site B ASA 5505 DHCP.

  dhcpd dns 192.168.1.1 202.66.192.68

  When the site to another tunnel works.  It's normal queries DNS for site B to site A DNS.  However, if the other tunnel site is disconnected, site B unable to request A DNS site and don't skip DNS of second 202.66.192.68.

  Can someone help to solve.  I want to siteB can use secondary DNS: 202.66.192.68 when the tunnel is not connected.  Thank you

  Alan.

  Hi Alan,

  The fact that you disconnect your VPN makes me think you don't need permanent connectivity, so perhaps better to configure VPN remote client and configure the dns server as a VPN Group Policy attribute? It gives more flexibility DNS, split-dns service and so on. Do not know what is the exact, but I don't think that the things you are trying to reach are sustainable with VPN l2l.

  Concerning

  Mariusz

• Nslookup scan ip not to pings in node rac

  All,

  I intend to install 11.2.0.1 cars on my laptop. Initially, I configured the dns in separate vmware and configured node of rac1. DNS and rac1 public ip addresses are pings from each other and the host machine. But the rac-scan ip is only the ping to the dns server requests and not pings Server rac1.  This will be no problem if the dns server running on 32-bit and rac nodes running on the 64-bit server? Please let me know if I miss anything here. Thanks again.

  On posting on this forum. I used [code] [/ code] to format the code previously. But this time it does not work. Also it has no option to preview the code before posting.

  use spaces to separate multiple tags, I'm not clear about this. I read https://forums.oracle.com/thread/865295 this article how to view the code. He is said to use. If you guide me how to format the code I can use in the future.

  SE host: 8 64-bit Windows

  Guest OS - 1: dns 32-bit Linux

  \

  [root@dns32 ~] # uname - a

  Linux dns32.testenv.com 2.6.18 - 164.el5 #1 SMP Thu Sep 3 02:16:47 EDT 2009 i686 i686 i386 GNU/Linux

  \

  
  

  Guest OS - 2: rac1 Linux 64-bit

  \

  [root@rac1 ~] # uname - a

  Linux 2.6.18 - 194.el5 #1 SMP rac1 kills Mar 29 22:10:29 EDT 2010 x86_64 x86_64 x86_64 GNU/Linux

  \

  Guest OS-3: rac2 - remains to set up Linux 64-bit

  @ dns server

  ***************

  \

  [root@dns32 ~] # nslookup rac-scan

  Server: 192.168.1.26

  Address: 192.168.1.26 #53

  Name: rac - scan.testenv.com

  Address: 192.168.1.57

  Name: rac - scan.testenv.com

  Address: 192.168.1.58

  Name: rac - scan.testenv.com

  Address: 192.168.1.59

  [root@dns32 ~] # cat /etc/resolv.conf

  Search testenv.com

  nameserver 192.168.1.26

  [root@dns32 ~] # ifconfig - a

  eth0 Link encap HWaddr 00: 0C: 29:EF:03:D3

  INET addr:192.168.1.26 Bcast:192.168.1.255 mask: 255.255.255.0

  ADR inet6: fe80::20c:29ff:feef:3 d 3/64 Scope: link

  RUNNING BROADCAST MULTICAST MTU:1500 metric: 1

  Fall of RX packets: 2802 errors: 0:0 overruns: 0 frame: 0

  Dropped packets: 2691 TX errors: 0:0 overruns: 0 carrier: 0

  collisions: 0 txqueuelen:1000

  RX bytes: 210115 (205,1 KiB) TX bytes: 208344 (203.4 KiB)

  Basis of interruption: 67 address: 0 x 2024

  Lo encap:Local Loopback link

  INET addr:127.0.0.1 mask: 255.0.0.0

  ADR inet6:: 1/128 Scope: host

  RACE of LOOPING 16436 Metric: 1

  Fall of RX packets: 2308 errors: 0:0 overruns: 0 frame: 0

  Dropped packets: 2308 TX errors: 0:0 overruns: 0 carrier: 0

  collisions: 0 txqueuelen:0

  RX bytes: 5494207 (5.2 MiB) TX bytes: 5494207 (5.2 MiB)

  Sit0 link encap:IPv6 - in-IPv4

  NOARP MTU:1480 metric: 1

  Fall of RX packets: 0 errors: 0:0 overruns: 0 frame: 0

  Dropped TX packets: 0 errors: 0:0 overruns: 0 carrier: 0

  collisions: 0 txqueuelen:0

  RX bytes: 0 (0.0 b) TX bytes: 0 (0.0 b)

  [root@dns32 ~] # ping 192.168.1.26

  PING 192.168.1.26 (192.168.1.26) 56 (84) bytes of data.

  64 bytes of 192.168.1.26: icmp_seq = 1 ttl = 64 time = 0.200 ms

  ---192.168.1.26 ping statistics

  1 packets transmitted, received 1, 0% packet loss, time 0ms s

  RTT min/avg/max/leg = 0.200/0.200/0.200/0.000 ms

  [root@dns32 ~] # ping 192.168.1.27

  PING 192.168.1.27 (192.168.1.27) 56 (84) bytes of data.

  64 bytes of 192.168.1.27: icmp_seq = 1 ttl = 64 time = 0,330 ms

  -192.168.1.27 - ping statistics

  1 packets transmitted, received 1, 0% packet loss, time 0ms s

  RTT min/avg/max/leg = 0.330/0.330/0.330/0.000 ms

  \

  @rac1 node:

  ***********************

  \

  [root@rac1 ~] # cat /etc/resolv.conf

  Search testenv.com

  nameserver 192.168.1.26

  [root@rac1 ~] # nslookup rac-scan

  ;; connection has expired; no servers could be reached

  [root@rac1 ~] # ifconfig - a

  eth0 Link encap HWaddr 00: 0C: 29:75:A9:39

  INET addr:192.168.1.27 Bcast:192.168.1.255 mask: 255.255.255.0

  ADR inet6: fe80::20c:29ff:fe75:a939 / 64 Scope: link

  RUNNING BROADCAST MULTICAST MTU:1500 metric: 1

  Fall of RX packets: 500 errors: 0:0 overruns: 0 frame: 0

  Dropped packets: 357 TX errors: 0:0 overruns: 0 carrier: 0

  collisions: 0 txqueuelen:1000

  RX bytes: 52333 (51.1 KiB) TX bytes: 39556 (38.6 KiB)

  eth1 Link encap HWaddr 00: 0C: 29:75:A9:43

  INET addr:192.168.2.37 Bcast:192.168.2.255 mask: 255.255.255.0

  ADR inet6: fe80::20c:29ff:fe75:a943 / 64 Scope: link

  RUNNING BROADCAST MULTICAST MTU:1500 metric: 1

  Fall of RX packets: 160 errors: 0:0 overruns: 0 frame: 0

  Dropped packets: 50 TX errors: 0:0 overruns: 0 carrier: 0

  collisions: 0 txqueuelen:1000

  RX bytes: 20359 (19.8 KiB) TX bytes: 6518 (6.3 KiB)

  Lo encap:Local Loopback link

  INET addr:127.0.0.1 mask: 255.0.0.0

  ADR inet6:: 1/128 Scope: host

  RACE of LOOPING 16436 Metric: 1

  Fall of RX packets: 1940 errors: 0:0 overruns: 0 frame: 0

  Dropped packets: 1940 TX errors: 0:0 overruns: 0 carrier: 0

  collisions: 0 txqueuelen:0

  RX bytes: 4783881 (4.5 MiB) TX bytes: 4783881 (4.5 MiB)

  Sit0 link encap:IPv6 - in-IPv4

  NOARP MTU:1480 metric: 1

  Fall of RX packets: 0 errors: 0:0 overruns: 0 frame: 0

  Dropped TX packets: 0 errors: 0:0 overruns: 0 carrier: 0

  collisions: 0 txqueuelen:0

  RX bytes: 0 (0.0 b) TX bytes: 0 (0.0 b)

  [root@rac1 ~] # ping 192.168.1.26

  PING 192.168.1.26 (192.168.1.26) 56 (84) bytes of data.

  64 bytes of 192.168.1.26: icmp_seq = 1 ttl = 64 time = 0.284 ms

  64 bytes of 192.168.1.26: icmp_seq = 2 ttl = 64 time = 0,456 ms

  ---192.168.1.26 ping statistics

  2 packets transmitted, 2 received, 0% packet loss, time 1000ms

  RTT min/avg/max/leg = 0.284/0.370/0.456/0.086 ms

  [root@rac1 ~] # ping 192.168.1.27

  PING 192.168.1.27 (192.168.1.27) 56 (84) bytes of data.

  64 bytes of 192.168.1.27: icmp_seq = 1 ttl = 64 time = 0.032 ms

  -192.168.1.27 - ping statistics

  1 packets transmitted, received 1, 0% packet loss, time 0ms s

  RTT min/avg/max/leg = 0.032/0.032/0.032/0.000 ms

  \

  Thank you

  Arul

  As noted are not yet able to nslookup your public ip address of your output.

  There could be a problem in your dns configuration.

  post the named.conf and your zone file entry.

• Configure FCAC with TAF Oracle11g r2 instead of use the SCAN

  Dear Expert
  
  We deploy the RAC on Redhat Linux5.5 Os Oracle11g r2 with IBM equipment in our Production of 64-bit Client site.
  
  We do not have any DNS server available to configure the Oracle RAC SCAN feature.
  
  We want to use the functionality of the FCAC Oracle11g r2 TAF database.
  
  Please provide suggestions and solutions to the same.

  Hi Markus,.

  MarkusM wrote:
  Hello

  In addition to what jrstern correctly pointed out, the paper that is linked here: http://levipereira.wordpress.com/2010/12/18/single-client-access-name-scan-by-barb-lundhild/ is obsolete.

  I did correct paper. The blog is updated. "this post has been updated 23/02/2011 at 16:25.

  Kind regards
  Levi Pereira

• Need help on design for 2 EBS with RAC environment

  Hi all

  We currently have 4 servers with 256 GB of RAM, 1 TB HDD and 8 cores. Our requirement is to configure two EBS 12.1.3 with DB RAC environment. We want to take advantage of these 4 server to accommodate the two EBS since the configuration of the server (application server 2 with HA and 2 DB for RAC servers) are quite high, because the concurrent users on each EBS are not more than 200.

  So our problem is as below:

  Say we have these server 4A, B, C and D. We have 1 create multi instance node, with DB on server A & B (CARS) and application on the server C & D. Now if we want to install the second case, with the same architecture on the same servers that we do.

  (1) use the same grid infrastructure and create DB for 2nd instance cluster even. (how?)

  (2) install another grid infrastructure and create totally another cluster for this instance.

  You can do the following for a case of BSE, and perform similar operations for a 2nd on the same grid. Check after the link. He detailed information EBS on RAC Setup

  Install EBS R12 on 11g RAC Oracle ASM

  
  

  High level steps are:

  
  

  • Install and Configure Grid Infrastructure on cluster 2 nodes.
  • Create the DATA starts EAM and FRA with a sufficient size.
  • Install theSoftware to the database of this Cluster Homeon.
  • Install the EBS by using a quick installation on the database node 1 (out of the BOX Non-RAC on 1 node installation
  • Install BSE using rapid installation on nodes of applications.
  • Convert the database of 11 GR 1 material not RAC RAC Database.

• 11 GR 2 CARS vs.  11 GR 1 material RAC to EBS R12.1

  Hi hussein/helios
  
  
  We have just started creating CARS for 11 GR 1 material - EBS R12.1 where we met a lot of problems :(
  Then here's the client asking for new requirements. Instead of 11 GR 1 material, her force us to upgrade to DB 11 GR 2 and then BECAUSE he huhuhhu
  
  Y at - it notes metalink separated for installation of the EBS R12.1.1 - 11 GR 2 - RAC? agains R12.1.1 EBS - 11 GR 1 RAC matter?
  
  Kindly give me the commentary on this configuration/configuration please...
  
  
  Thank you very much
  
  Ms. K

  Hello

  Refer to the last doc for the GR 11, 1 material doc (doc contains links to all versions of Oracle database that can be configured with R12).

  Thank you
  Hussein

• Internet via the Bravia KDL-32EX710

  Hello dear colleagues,
  We bought the TV Bravia KDL-32EX710 and connected through a router to the internet, but the problem is that I get an error "server list cannot be updated. Can you please give a hint how to solve this and this that features this TV to Internet (I guess that access to social networks such as Youtube and so on).
  Additional information: the network connection to my internet is ok: I checked Bravia KDL-32EX710 gets correct DHCP configurations and I recorded on a network gateway queries DNS of Bravia KDL-32EX710, I also connected computer to this cord - connected to the Bravia KDL-32EX710 and I can access the internet from this computer through this cord. So I guess that some configurations of addition are needed on the Bravia KDL-32EX710. Fill please how to watch this type of Internet TV content.
  Thanks in advance!

  I found the solution: the first step - is to record a TV on internet.sony.tv with code that TV displays, so TV access all the features of the internet!

• WRT54G2 help please!

  Well, well, I spent most of this morning trying to get my WRT54G2 work in my new apartment, but no matter what I try, I always wrap with what it is impossible to connect to the internet.  My computer recognizes and connects to the router, but nothing beyond.

  When I try to fix the problem, I always get the same message on my DNS (I go through for my DNS OpenDNS), and I just don't understand.

  Can someone please help me before go me crazy?

  (PS - it worked like a charm before moved me, so it is a new problem)

  You said you use OpenDNS for your DNS. The IP address OU are getting is one of them.

  Where have you configured OpenDNS? On your PC?

  I would recommend setting the PC to automatically obtain DNS servers, perform a factory reset on your router, then turn off your modem, the PC and the router, connect the router to the modem and the PC to the router. Turn on the modem, wait a few minutes, turn on the router, wait a few minutes, then turn on the PC.

  Your PC should now get IP from your router, as it is the DNS server, and you SHOULD be able to access the internet.

  Your router must be able to connect to a cable ISP out of the box, without modification.

  Make sure that if you switch between the PC and the router is connected to a cable modem, which you power cycle the modem cable before feeding the next device connected, it recognizes, so the new address MAC to which it is connected.

  If this does not work, you may need to contact your ISP to find out if there is anything they have to do if you chnge the device connected to the modem.

  Once you're connected to the internet, configure your router to use OpenDNS instead of the ones provided Cox servers. In this way, all the devices on your network that use DHCP to obtain IP/DNS will use OpenDNS (they will display the IP address of your router, but router will make queries DNS of OpenDNS

• HTTPS protocol between the client vpn and host of the internet through tunnel ipsec-parody

  Hello

  We have a cisco ASA 5505 and try to get the next job:

  ip (192.168.75.5) - connected to the Cisco ASA 5505 VPN client

  the customer gets a specific route for an internet address (79.143.218.35 255.255.255.255 192.168.75.1 192.168.75.5 100)

  When I try to access the url of the client, I get a syn sent with netstat

  When I try trace ASA package, I see the following:

  1

  FLOW-SEARCH

  ALLOW

  Not found no corresponding stream, creating a new stream

  2

  ROUTE SEARCH

  entry

  ALLOW

  in 0.0.0.0 0.0.0.0 outdoors

  3

  ACCESS-LIST

  Journal

  ALLOW

  Access-group outside_access_in in interface outside

  outside_access_in list extended access permitted tcp everything any https eq

  access-list outside_access_in note hyperion outside inside

  4

  IP-OPTIONS

  ALLOW

  5

  CP-PUNT

  ALLOW

  6

  VPN

  IPSec-tunnel-flow

  ALLOW

  7

  IP-OPTIONS

  ALLOW

  8

  VPN

  encrypt

  ALLOW

  outdoors

  upward

  upward

  outdoors

  upward

  upward

  drop

  (ipsec-parody) Parody of detected IPSEC

  When I try the reverse (i.e. from the internet host to vpn client), it seems to work:

  1

  FLOW-SEARCH

  ALLOW

  Not found no corresponding stream, creating a new stream

  2

  ROUTE SEARCH

  entry

  ALLOW

  in 192.168.75.5 255.255.255.255 outside

  3

  ACCESS-LIST

  Journal

  ALLOW

  Access-group outside_access_in in interface outside

  outside_access_in of access allowed any ip an extended list

  4

  IP-OPTIONS

  ALLOW

  5

  VPN

  IPSec-tunnel-flow

  ALLOW

  6

  VPN

  encrypt

  ALLOW

  My question is why this phenomenon happens and how solve us this problem?

  Thanks in advance, Sipke

  our running-config:

  : Saved

  :

  ASA Version 8.0 (4)

  !

  ciscoasa hostname

  domain somedomain

  activate the password - encrypted

  passwd - encrypted

  names of

  name 10.10.1.0 Hyperion

  name 164.140.159.x xxxx

  name 192.168.72.25 xxxx

  name 192.168.72.24 xxxx

  name 192.168.72.196 xxxx

  name 192.168.75.0 vpn clients

  name 213.206.236.0 xxxx

  name 143.47.160.0 xxxx

  name 141.143.32.0 xxxx

  name 141.143.0.0 xxxx

  name 192.168.72.27 xxxx

  name 10.1.11.0 xxxx

  name 10.1.2.240 xxxx

  name 10.1.1.0 xxxx

  name 10.75.2.1 xxxx

  name 10.75.2.23 xxxx

  name 192.168.72.150 xxxx

  name 192.168.33.0 xxxx

  name 192.168.72.26 xxxx

  name 192.168.72.5 xxxx

  name 192.168.23.0 xxxx

  name 192.168.34.0 xxxx

  name 79.143.218.35 inethost

  !

  interface Vlan1

  nameif inside

  security-level 100

  IP 192.168.72.254 255.255.255.0

  OSPF cost 10

  !

  interface Vlan2

  nameif outside

  security-level 0

  IP address 193.173.x.x 255.255.255.240

  OSPF cost 10

  !

  interface Vlan3

  Shutdown

  nameif dmz

  security-level 50

  192.168.50.1 IP address 255.255.255.0

  OSPF cost 10

  !

  interface Vlan23

  nameif wireless

  security-level 80

  192.168.40.1 IP address 255.255.255.0

  OSPF cost 10

  !

  interface Ethernet0/0

  switchport access vlan 2

  !

  interface Ethernet0/1

  !

  interface Ethernet0/2

  !

  interface Ethernet0/3

  !

  interface Ethernet0/4

  !

  interface Ethernet0/5

  switchport access vlan 3

  !

  interface Ethernet0/6

  switchport access vlan 23

  !

  interface Ethernet0/7

  !

  passive FTP mode

  clock timezone THATS 1

  clock to summer time CEDT recurring last Sun Mar 02:00 last Sun Oct 03:00

  DNS lookup field inside

  DNS server-group DefaultDNS

  domain pearle.local

  permit same-security-traffic inter-interface

  permit same-security-traffic intra-interface

  object-group Protocol TCPUDP

  object-protocol udp

  object-tcp protocol

  object-group service RDP - tcp

  Remote Desktop Protocol Description

  EQ port 3389 object

  object-group service UDP - udp VC

  range of object-port 60000 60039

  object-group VC - TCP tcp service

  60000 60009 object-port Beach

  object-group service tcp Fortis

  1501 1501 object-port Beach

  Beach of port-object 1502-1502

  Beach of port-object sqlnet sqlnet

  1584 1584 object-port Beach

  1592 1592 object-port Beach

  object-group service tcp fortis

  1592 1592 object-port Beach

  Beach of port-object 1502-1502

  1584 1584 object-port Beach

  Beach of port-object sqlnet sqlnet

  1501 1501 object-port Beach

  1500 1500 object-port Beach

  the DM_INLINE_NETWORK_1 object-group network

  object-network 192.168.50.0 255.255.255.0

  object-network 192.168.72.0 255.255.255.0

  object-network 192.168.40.0 255.255.255.0

  object-network VPN_Pool_2 255.255.255.0

  the DM_INLINE_NETWORK_2 object-group network

  object-network 192.168.50.0 255.255.255.0

  object-network 192.168.72.0 255.255.255.0

  object-group network inside-networks

  object-network 192.168.72.0 255.255.255.0

  WingFTP_TCP tcp service object-group

  Secure FTP description

  port-object eq 989

  port-object eq 990

  DM_INLINE_TCP_1 tcp service object-group

  port-object eq ftp

  port-object eq ftp - data

  Group object WingFTP_TCP

  DM_INLINE_TCP_2 tcp service object-group

  port-object eq ftp

  port-object eq ftp - data

  Group object WingFTP_TCP

  the DM_INLINE_NETWORK_3 object-group network

  object-network 192.168.72.0 255.255.255.0

  object-network VPN_Pool_2 255.255.255.0

  the DM_INLINE_NETWORK_4 object-group network

  object-network 192.168.72.0 255.255.255.0

  object-network VPN_Pool_2 255.255.255.0

  object-group network Oracle

  network-object OracleTwo 255.255.224.0

  network-object OracleOne 255.255.240.0

  network-object OracleThree 255.255.224.0

  the DM_INLINE_NETWORK_5 object-group network

  network-object Grandvision 255.255.255.0

  network-object Grandvision2 255.255.255.240

  object-network Grandvision3 255.255.255.0

  host of the object-Network Grandvision4

  host of the object-Network GrandVision_PC

  the DM_INLINE_NETWORK_6 object-group network

  network-object Grandvision 255.255.255.0

  network-object Grandvision2 255.255.255.240

  object-network Grandvision3 255.255.255.0

  host of the object-Network Grandvision4

  host of the object-Network GrandVision_PC

  the DM_INLINE_NETWORK_7 object-group network

  network-object Grandvision 255.255.255.0

  network-object Grandvision2 255.255.255.240

  object-network Grandvision3 255.255.255.0

  host of the object-Network GrandVision_PC

  the DM_INLINE_NETWORK_8 object-group network

  network-object Grandvision 255.255.255.0

  network-object Grandvision2 255.255.255.240

  object-network Grandvision3 255.255.255.0

  host of the object-Network GrandVision_PC

  object-group service DM_INLINE_SERVICE_2

  the purpose of the ip service

  EQ-3389 tcp service object

  the DM_INLINE_NETWORK_9 object-group network

  network-object OracleThree 255.255.0.0

  network-object OracleTwo 255.255.224.0

  network-object OracleOne 255.255.240.0

  object-group service DM_INLINE_SERVICE_3

  the purpose of the ip service

  EQ-3389 tcp service object

  Atera tcp service object-group

  Atera Webbased monitoring description

  8001 8001 object-port Beach

  8002 8002 object-port Beach

  8003 8003 object-port Beach

  WingFTP_UDP udp service object-group

  port-object eq 989

  port-object eq 990

  WingFTP tcp service object-group

  Description range of ports for the transmission of data

  object-port range 1024-1054

  HTTPS_redirected tcp service object-group

  Description redirect WingFTP Server

  port-object eq 40200

  Note to inside_access_in to access list ICMP test protocol inside outside

  inside_access_in list extended access allow icmp 192.168.72.0 255.255.255.0 any

  Note to inside_access_in to access list ICMP test protocol inside outside

  access-list inside_access_in note HTTP inside outside

  inside_access_in list extended access allowed object-group TCPUDP 192.168.72.0 255.255.255.0 any eq www

  access-list inside_access_in note queries DNS inside to outside

  inside_access_in list extended access allowed object-group TCPUDP 192.168.72.0 255.255.255.0 no matter what eq field

  access-list inside_access_in note the HTTPS protocol inside and outside

  inside_access_in list extended access permitted tcp 192.168.72.0 255.255.255.0 any https eq

  Note to inside_access_in to access list ICMP test protocol inside outside

  access-list inside_access_in note 7472 Epo-items inside outside

  inside_access_in list extended access permitted tcp 192.168.72.0 255.255.255.0 any eq 7472

  access-list inside_access_in note POP3 inside outside

  inside_access_in list extended access permitted tcp 192.168.72.0 255.255.255.0 any eq pop3

  inside_access_in list extended access permit udp host LifeSize-PE-HQ any object-group UDP - VC

  inside_access_in list extended access permit tcp host LifeSize-PE-HQ all eq h323

  access-list inside_access_in note video conference services

  inside_access_in list extended access permit tcp host LifeSize-PE-HQ any object-group VC - TCP

  inside_access_in list extended access permitted tcp 192.168.72.0 255.255.255.0 any

  Note to inside_access_in to access list Fortis

  inside_access_in list extended access permitted tcp 192.168.72.0 255.255.255.0 any object-group Fortis

  access extensive list ip 192.168.40.0 inside_access_in allow 255.255.255.0 any

  inside_access_in list extended access permitted tcp 192.168.40.0 255.255.255.0 any

  inside_access_in list extended access permitted tcp 192.168.40.0 255.255.255.0 any eq www

  inside_access_in list extended access permitted tcp 192.168.40.0 255.255.255.0 any https eq

  inside_access_in allowed all Hyperion 255.255.255.0 ip extended access list

  inside_access_in list extended access udp allowed any any eq isakmp

  inside_access_in list extended access udp allowed any any eq ntp

  inside_access_in list extended access udp allowed any any eq 4500

  inside_access_in list of allowed ip extended access any Oracle object-group

  inside_access_in list extended access udp allowed any any eq 10000

  access-list inside_access_in note PPTP inside outside

  inside_access_in list extended access permit tcp any any eq pptp

  access-list inside_access_in note WILL inside outside

  inside_access_in list extended access will permit a full

  Note to inside_access_in to access the Infrastructure of the RIM BES server list

  inside_access_in list extended access permit tcp host BESServer any eq 3101

  inside_access_in list extended access permit tcp any any DM_INLINE_TCP_2 object-group

  inside_access_in list extended access permit tcp any any HTTPS_redirected object-group

  access extensive list ip Hyperion 255.255.255.0 inside_access_in 255.255.255.0 allow VPN_Pool_2

  inside_access_in list extended access permit udp any host 86.109.255.177 eq 1194

  access extensive list ip 192.168.72.0 inside_access_in allow 255.255.255.0 DM_INLINE_NETWORK_7 object-group

  access extensive list ip VPN_Pool_2 inside_access_in allow 255.255.255.0 any

  inside_access_in list extended access deny ip any any inactive debug log

  Note to outside_access_in to access list ICMP test protocol outside inside

  outside_access_in list extended access permit icmp any one

  access-list outside_access_in Note SMTP outside inside

  outside_access_in list extended access permit tcp any any eq smtp

  outside_access_in list extended access udp allowed any any eq ntp disable journal

  access-list outside_access_in note 7472 EPO-items outside inside

  outside_access_in list extended access permit tcp any any eq 7472

  outside_access_in list extended access permit tcp any any object-group inactive RDP

  outside_access_in list extended access permit tcp any any eq www

  outside_access_in list extended access permit tcp any any HTTPS_redirected object-group

  outside_access_in list extended access permitted tcp everything any https eq

  access-list outside_access_in note hyperion outside inside

  outside_access_in list extended access permitted tcp Hyperion 255.255.255.0 DM_INLINE_NETWORK_4 object-group

  outside_access_in to access Hyperion 255.255.255.0 ip extended list object-group DM_INLINE_NETWORK_3 allow

  outside_access_in list extended access permit tcp any host LifeSize-PE-HQ eq h323

  outside_access_in list extended access permit tcp any host LifeSize-PE-HQ object-group VC - TCP

  outside_access_in list extended access permit udp any host group-object-LifeSize-PE-HQ UDP - VC

  outside_access_in of access allowed any ip an extended list

  outside_access_in list extended access udp allowed any any eq 4500

  outside_access_in list extended access udp allowed any any eq isakmp

  outside_access_in list extended access udp allowed any any eq 10000

  outside_access_in list extended access will permit a full

  outside_access_in list extended access permit tcp any any eq pptp

  outside_access_in list extended access permit tcp any any DM_INLINE_TCP_1 object-group

  outside_access_in list extended access allowed object-group ip DM_INLINE_NETWORK_8 192.168.72.0 255.255.255.0 inactive

  outside_access_in list extended access permit tcp any any Atera object-group

  outside_access_in list extended access deny ip any any inactive debug log

  outside_1_cryptomap list extended access allowed object-group Hyperion DM_INLINE_NETWORK_2 255.255.255.0 ip

  outside_1_cryptomap to access extended list ip 192.168.50.0 allow Hyperion 255.255.255.0 255.255.255.0

  access extensive list ip 192.168.72.0 inside_nat0_outbound allow Hyperion 255.255.255.0 255.255.255.0

  inside_nat0_outbound list of allowed ip extended access all 193.172.182.64 255.255.255.240

  inside_nat0_outbound list of allowed ip extended access all 192.168.72.192 255.255.255.192

  inside_nat0_outbound list of allowed ip extended access all 192.168.72.0 255.255.255.0

  access extensive list ip 192.168.72.0 inside_nat0_outbound allow 255.255.255.0 VPN_Pool_2 255.255.255.0

  access extensive list ip 192.168.72.0 inside_nat0_outbound allow 255.255.255.0 DM_INLINE_NETWORK_5 object-group

  inside_nat0_outbound list of allowed ip extended access all GrandVisionSoesterberg 255.255.255.0

  inside_nat0_outbound list of allowed ip extended access any Swabach 255.255.255.0

  access-list 200 scope allow tcp all fortis of fortis host object-group

  access extensive list ip VPN_Pool_2 outside_nat0_outbound allow 255.255.255.0 DM_INLINE_NETWORK_9 object-group

  outside_cryptomap_2 list extended access allowed object-group Hyperion DM_INLINE_NETWORK_1 255.255.255.0 ip

  outside_cryptomap_2 to access extended list ip 192.168.50.0 allow Hyperion 255.255.255.0 255.255.255.0

  Note Wireless_access_in of access list, select Hyperion / wifi access NAT rule.

  Access extensive list ip 192.168.40.0 Wireless_access_in allow Hyperion inactive 255.255.255.0 255.255.255.0

  Wireless_access_in list extended access deny ip 192.168.40.0 255.255.255.0 192.168.72.0 255.255.255.0

  Comment by Wireless_access_in-list of the traffic Internet access

  Access extensive list ip 192.168.40.0 Wireless_access_in allow 255.255.255.0 any

  standard access list splittunnelclientvpn allow 192.168.72.0 255.255.255.0

  splittunnelclientvpn list standard access allowed Hyperion 255.255.255.0

  standard access list splittunnelclientvpn allow Pearleshare 255.255.255.0

  splittunnelclientvpn list standard access allowed host 85.17.235.22

  splittunnelclientvpn list standard access allowed OracleThree 255.255.224.0

  standard access list splittunnelclientvpn allow 143.47.128.0 255.255.240.0

  splittunnelclientvpn list standard access allowed host inethost

  Standard access list SplittnlHyperion allow OracleThree 255.255.0.0

  Standard access list SplittnlOOD allow OracleThree 255.255.0.0

  Standard access list SplittnlOOD allow 143.47.128.0 255.255.240.0

  access extensive list ip 192.168.72.0 outside_cryptomap allow 255.255.255.0 DM_INLINE_NETWORK_6 object-group

  outside_cryptomap_1 list of allowed ip extended access all GrandVisionSoesterberg 255.255.255.0

  outside_cryptomap_3 list of allowed ip extended access any Swabach 255.255.255.0

  192.168.72.0 IP Access-list extended sheep 255.255.255.0 GrandVisionSoesterberg 255.255.255.0 allow

  192.168.72.0 IP Access-list extended sheep 255.255.255.0 VPN_Pool_2 255.255.255.0 allow

  pager lines 24

  Enable logging

  asdm of logging of information

  Within 1500 MTU

  Outside 1500 MTU

  MTU 1500 dmz

  MTU 1500 wireless

  local pool VPN_DHCP 192.168.72.220 - 192.168.72.235 255.255.255.0 IP mask

  mask 192.168.75.1 - 192.168.75.50 255.255.255.0 IP local pool VPN_Range_2

  no failover

  ICMP unreachable rate-limit 1 burst-size 1

  ICMP allow any inside

  ICMP allow all outside

  ASDM image disk0: / asdm - 613.bin

  don't allow no asdm history

  ARP timeout 14400

  Global 1 interface (outside)

  NAT (inside) 0 access-list sheep

  NAT (inside) 1 0.0.0.0 0.0.0.0

  NAT (wireless) 1 192.168.40.0 255.255.255.0

  public static tcp (indoor, outdoor) interface smtp smtp Mailsrv_Pearle_Europe netmask 255.255.255.255

  public static tcp (indoor, outdoor) interface ftp ftp netmask 255.255.255.255 Pearle-DC02

  public static 990 Pearle-DC02 990 netmask 255.255.255.255 interface tcp (indoor, outdoor)

  static (inside, outside) tcp 3389 3389 Mailsrv_Pearle_Europe netmask 255.255.255.255 interface

  public static tcp (indoor, outdoor) interface www Pearle-DC02 www netmask 255.255.255.255

  public static 40200 Pearle-DC02 40200 netmask 255.255.255.255 interface tcp (indoor, outdoor)

  public static tcp (indoor, outdoor) interface https Exchange2010 https netmask 255.255.255.255

  public static tcp (indoor, outdoor) interface h323 h323 LifeSize-PE-HQ netmask 255.255.255.255

  public static 60000 60000 LifeSize-PE-HQ netmask 255.255.255.255 interface tcp (indoor, outdoor)

  public static 60001 LifeSize-PE-HQ 60001 netmask 255.255.255.255 interface tcp (indoor, outdoor)

  public static 60002 LifeSize-PE-HQ 60002 netmask 255.255.255.255 interface tcp (indoor, outdoor)

  public static 60003 LifeSize-PE-HQ 60003 netmask 255.255.255.255 interface tcp (indoor, outdoor)

  public static 60004 LifeSize-PE-HQ 60004 netmask 255.255.255.255 interface tcp (indoor, outdoor)

  public static 60005 LifeSize-PE-HQ 60005 netmask 255.255.255.255 interface tcp (indoor, outdoor)

  public static 60006 LifeSize-PE-HQ 60006 netmask 255.255.255.255 interface tcp (indoor, outdoor)

  public static 60007 LifeSize-PE-HQ 60007 netmask 255.255.255.255 interface tcp (indoor, outdoor)

  public static 60008 LifeSize-PE-HQ 60008 netmask 255.255.255.255 interface tcp (indoor, outdoor)

  public static 60009 LifeSize-PE-HQ 60009 netmask 255.255.255.255 interface tcp (indoor, outdoor)

  public static (inside, outside) udp interface 60001 LifeSize-PE-HQ 60001 netmask 255.255.255.255

  public static (inside, outside) udp interface 60002 LifeSize-PE-HQ 60002 netmask 255.255.255.255

  public static (inside, outside) udp interface 60003 LifeSize-PE-HQ 60003 netmask 255.255.255.255

  public static (inside, outside) udp interface 60004 LifeSize-PE-HQ 60004 netmask 255.255.255.255

  public static (inside, outside) udp interface 60005 LifeSize-PE-HQ 60005 netmask 255.255.255.255

  public static (inside, outside) udp interface 60006 LifeSize-PE-HQ 60006 netmask 255.255.255.255

  public static (inside, outside) udp interface 60007 LifeSize-PE-HQ 60007 netmask 255.255.255.255

  public static (inside, outside) udp interface 60008 LifeSize-PE-HQ 60008 netmask 255.255.255.255

  public static (inside, outside) udp interface 60009 LifeSize-PE-HQ 60009 netmask 255.255.255.255

  public static (inside, outside) udp interface 60010 LifeSize-PE-HQ 60010 netmask 255.255.255.255

  public static (inside, outside) udp interface 60011 LifeSize-PE-HQ 60011 netmask 255.255.255.255

  public static (inside, outside) udp interface 60012 LifeSize-PE-HQ 60012 netmask 255.255.255.255

  public static (inside, outside) udp interface 60013 LifeSize-PE-HQ 60013 netmask 255.255.255.255

  public static (inside, outside) udp interface 60014 LifeSize-PE-HQ 60014 netmask 255.255.255.255

  public static (inside, outside) udp interface 60015 LifeSize-PE-HQ 60015 netmask 255.255.255.255

  public static (inside, outside) udp interface 60016 LifeSize-PE-HQ 60016 netmask 255.255.255.255

  public static (inside, outside) udp interface 60017 LifeSize-PE-HQ 60017 netmask 255.255.255.255

  public static (inside, outside) udp interface 60018 LifeSize-PE-HQ 60018 netmask 255.255.255.255

  public static (inside, outside) udp interface 60019 LifeSize-PE-HQ 60019 netmask 255.255.255.255

  public static (inside, outside) udp interface 60020 LifeSize-PE-HQ 60020 netmask 255.255.255.255

  public static (inside, outside) udp interface 60021 60021 LifeSize-PE-HQ netmask 255.255.255.255

  public static (inside, outside) udp interface 60022 LifeSize-PE-HQ 60022 netmask 255.255.255.255

  public static (inside, outside) udp interface 60023 LifeSize-PE-HQ 60023 netmask 255.255.255.255

  public static (inside, outside) udp interface 60024 LifeSize-PE-HQ 60024 netmask 255.255.255.255

  public static (inside, outside) udp interface 60025 LifeSize-PE-HQ 60025 netmask 255.255.255.255

  public static (inside, outside) udp interface 60026 LifeSize-PE-HQ 60026 netmask 255.255.255.255

  public static (inside, outside) udp interface 60027 LifeSize-PE-HQ 60027 netmask 255.255.255.255

  public static (inside, outside) udp interface 60028 LifeSize-PE-HQ 60028 netmask 255.255.255.255

  public static (inside, outside) udp interface 60029 LifeSize-PE-HQ 60029 netmask 255.255.255.255

  public static (inside, outside) udp interface 60030 LifeSize-PE-HQ 60030 netmask 255.255.255.255

  public static (inside, outside) udp interface 60031 LifeSize-PE-HQ 60031 netmask 255.255.255.255

  public static (inside, outside) udp interface 60032 LifeSize-PE-HQ 60032 netmask 255.255.255.255

  public static (inside, outside) udp interface 60033 LifeSize-PE-HQ 60033 netmask 255.255.255.255

  public static (inside, outside) udp interface 60034 LifeSize-PE-HQ 60034 netmask 255.255.255.255

  public static (inside, outside) udp interface 60035 LifeSize-PE-HQ 60035 netmask 255.255.255.255

  public static (inside, outside) udp interface 60036 LifeSize-PE-HQ 60036 netmask 255.255.255.255

  public static (inside, outside) udp interface 60037 LifeSize-PE-HQ 60037 netmask 255.255.255.255

  public static (inside, outside) udp interface 60038 LifeSize-PE-HQ 60038 netmask 255.255.255.255

  public static (inside, outside) udp interface 60039 LifeSize-PE-HQ 60039 netmask 255.255.255.255

  public static (inside, outside) udp interface 60040 60040 LifeSize-PE-HQ netmask 255.255.255.255

  public static Mailsrv_Pearle_Europe 7472 netmask 255.255.255.255 7472 interface tcp (indoor, outdoor)

  public static LanSweep-XP netmask 255.255.255.255 8001 8001 interface tcp (indoor, outdoor)

  public static 8002 8002 LanSweep-XP netmask 255.255.255.255 interface tcp (indoor, outdoor)

  public static LanSweep-XP netmask 255.255.255.255 8003 8003 interface tcp (indoor, outdoor)

  static (inside, outside) 193.173.12.194 tcp https Pearle-DC02 https netmask 255.255.255.255

  inside_access_in access to the interface inside group

  Access-group outside_access_in in interface outside

  Access-group Wireless_access_in in wireless interface

  Route outside 0.0.0.0 0.0.0.0 193.173.12.206 1

  Route outside OracleThree 255.255.224.0 193.173.12.198 1

  Route outside 143.47.128.0 255.255.240.0 193.173.12.198 1

  Route inside 172.27.0.0 255.255.255.0 Pearle-DC02 1

  Timeout xlate 03:00

  Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

  Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00

  Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00

  Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

  dynamic-access-policy-registration DfltAccessPolicy

  AAA authentication LOCAL telnet console

  the ssh LOCAL console AAA authentication

  Enable http server

  http 192.168.40.0 255.255.255.0 Wireless

  http 192.168.1.0 255.255.255.0 inside

  http 192.168.72.0 255.255.255.0 inside

  http GrandVisionSoesterberg 255.255.255.0 inside

  SNMP-server host inside 192.168.33.29 survey community public version 2 c

  location of Server SNMP Schiphol

  contact Server SNMP SSmeekes

  SNMP-Server Public community

  Server enable SNMP traps snmp authentication linkup, linkdown cold start

  Crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac

  Crypto ipsec transform-set ESP-DES-SHA esp - esp-sha-hmac

  Crypto ipsec transform-set ESP-DES-MD5 esp - esp-md5-hmac

  Crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac

  Crypto ipsec transform-set ESP-3DES-MD5-esp-3des esp-md5-hmac

  Crypto ipsec transform-set ESP-AES-256-SHA 256 - aes - esp esp-sha-hmac

  Crypto ipsec transform-set ESP-AES-128-SHA aes - esp esp-sha-hmac

  Crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac

  Crypto ipsec transform-set ESP-AES-128-MD5-esp - aes esp-md5-hmac

  Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac

  Crypto ipsec transform-set esp-aes-256 GRANDVISION esp-md5-hmac

  life crypto ipsec security association seconds 28800

  Crypto ipsec kilobytes of life - safety 4608000 association

  Dynamic crypto map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs

  Crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 value transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA MD5-ESP-3DES ESP-DES-SHA ESP-DES-MD5

  Dynamic crypto map SYSTEM_DEFAULT_CRYPTO_MAP 65535 define security association lifetime 28800 seconds

  cryptographic kilobytes 4608000 life of the set - the association of security of the 65535 SYSTEM_DEFAULT_CRYPTO_MAP of the dynamic-map

  card crypto outside_map0 1 match address outside_cryptomap_1

  outside_map0 card crypto 1jeu pfs

  outside_map0 card crypto 1jeu peer 212.78.223.182

  outside_map0 card crypto 1jeu transform-set ESP ESP-3DES-SHA-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-ESP ESP-3DES-MD5 MD5-DES-SHA ESP-DES-MD5

  outside_map0 map 1 lifetime of security association set seconds 28800 crypto

  card crypto outside_map0 1 set security-association life kilobytes 4608000

  card crypto game 2 outside_map0 address outside_cryptomap_2

  outside_map0 crypto map peer set 2 193.173.12.193

  card crypto outside_map0 2 game of transformation-ESP ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5-DES-SHA ESP-DES-MD5

  life card crypto outside_map0 2 set security-association seconds 28800

  card crypto outside_map0 2 set security-association life kilobytes 4608000

  card crypto outside_map0 3 match address outside_1_cryptomap

  outside_map0 card crypto 3 set pfs

  outside_map0 card crypto 3 peers set 193.172.182.66

  outside_map0 crypto map 3 the value transform-set ESP-3DES-SHA

  life card crypto outside_map0 3 set security-association seconds 28800

  card crypto outside_map0 3 set security-association life kilobytes 4608000

  card crypto outside_map0 game 4 address outside_cryptomap

  outside_map0 card crypto 4 peers set 213.56.81.58

  outside_map0 4 set transform-set GRANDVISION crypto card

  life card crypto outside_map0 4 set security-association seconds 28800

  card crypto outside_map0 4 set security-association life kilobytes 4608000

  card crypto outside_map0 5 match address outside_cryptomap_3

  outside_map0 card crypto 5 set pfs

  outside_map0 crypto card 5 peers set 86.109.255.177

  outside_map0 card crypto 5 game of transformation-ESP ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5-DES-SHA ESP-DES-MD5

  life card crypto outside_map0 5 set security-association seconds 28800

  card crypto outside_map0 5 set security-association life kilobytes 4608000

  Crypto map outside_map0 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP

  outside_map0 interface card crypto outside

  crypto ISAKMP allow inside

  crypto ISAKMP allow outside

  crypto ISAKMP enable dmz

  crypto ISAKMP enable wireless

  crypto ISAKMP policy 5

  preshared authentication

  3des encryption

  sha hash

  Group 2

  life 86400

  Telnet 192.168.72.0 255.255.255.0 inside

  Telnet timeout 5

  SSH 192.168.72.0 255.255.255.0 inside

  SSH GrandVisionSoesterberg 255.255.255.0 inside

  SSH 213.144.239.0 255.255.255.192 outside

  SSH timeout 5

  Console timeout 0

  management-access inside

  dhcpd dns 194.151.228.18 is 10.10.1.100

  dhcpd outside auto_config

  !

  dhcpd address 192.168.72.253 - 192.168.72.253 inside

  !

  dhcpd address dmz 192.168.50.10 - 192.168.50.50

  dhcpd enable dmz

  !

  dhcpd address wireless 192.168.40.10 - 192.168.40.99

  dhcpd dns 194.151.228.18 wireless interface

  dhcpd activate wireless

  !

  a basic threat threat detection

  host of statistical threat detection

  statistical threat detection port

  Statistical threat detection Protocol

  Statistics-list of access threat detection

  no statistical threat detection tcp-interception

  Group Policy "pearle_vpn_Hyp only" internal

  attributes of Group Policy "pearle_vpn_Hyp only".

  value of server WINS 192.168.72.25

  value of server DNS 192.168.72.25

  Protocol-tunnel-VPN IPSec l2tp ipsec

  Split-tunnel-policy tunnelspecified

  value of Split-tunnel-network-list SplittnlHyperion

  Split-dns value pearle.local

  internal pearle_vpn_OOD_only group policy

  attributes of the strategy of group pearle_vpn_OOD_only

  value of Split-tunnel-network-list SplittnlOOD

  internal pearle_vpn group policy

  attributes of the strategy of group pearle_vpn

  value of server WINS 192.168.72.25

  value of server DNS 192.168.72.25

  Protocol-tunnel-VPN IPSec l2tp ipsec svc

  Split-tunnel-policy tunnelspecified

  value of Split-tunnel-network-list splittunnelclientvpn

  Pearle.local value by default-field

  Split-dns value pearle.local

  username anyone password encrypted password

  username something conferred

  VPN-group-policy pearle_vpn_OOD_only

  type of remote access service

  tunnel-group 193 type ipsec-l2l

  tunnel-group 193 ipsec-attributes

  pre-shared-key *.

  tunnel-group 193.173.12.193 type ipsec-l2l

  IPSec-attributes tunnel-group 193.173.12.193

  pre-shared-key *.

  NOCHECK Peer-id-validate

  type tunnel-group pearle_vpn remote access

  tunnel-group pearle_vpn General-attributes

  address pool VPN_Range_2

  Group Policy - by default-pearle_vpn

  pearle_vpn group of tunnel ipsec-attributes

  pre-shared-key *.

  type tunnel-group Pearle_VPN_2 remote access

  attributes global-tunnel-group Pearle_VPN_2

  address pool VPN_Range_2

  strategy-group-by default "pearle_vpn_Hyp only".

  IPSec-attributes tunnel-group Pearle_VPN_2

  pre-shared-key *.

  tunnel-group 213.56.81.58 type ipsec-l2l

  IPSec-attributes tunnel-group 213.56.81.58

  pre-shared-key *.

  tunnel-group 212.78.223.182 type ipsec-l2l

  IPSec-attributes tunnel-group 212.78.223.182

  pre-shared-key *.

  tunnel-group 86.109.255.177 type ipsec-l2l

  IPSec-attributes tunnel-group 86.109.255.177

  pre-shared-key *.

  !

  class-map inspection_default

  match default-inspection-traffic

  !

  !

  type of policy-card inspect dns preset_dns_map

  parameters

  message-length maximum 512

  Policy-map global_policy

  class inspection_default

  inspect the preset_dns_map dns

  inspect the ftp

  inspect h323 h225

  inspect the h323 ras

  inspect the rsh

  inspect the rtsp

  inspect the skinny

  inspect sunrpc

  inspect xdmcp

  inspect the sip

  inspect the netbios

  inspect the tftp

  inspect the pptp

  !

  global service-policy global_policy

  context of prompt hostname

  Cryptochecksum:7d4d9c7ca7c865d9e40f5d77ed1238eb

  : end

  ASDM image disk0: / asdm - 613.bin

  ASDM BESServer 255.255.255.255 inside location

  ASDM VPN_Pool_2 255.255.255.0 inside location

  ASDM OracleTwo 255.255.224.0 inside location

  ASDM OracleOne 255.255.240.0 inside location

  ASDM OracleThree 255.255.224.0 inside location

  ASDM location Exchange2010 255.255.255.255 inside

  ASDM location Grandvision 255.255.255.0 inside

  ASDM Grandvision2 255.255.255.240 inside location

  ASDM Grandvision3 255.255.255.0 inside location

  ASDM Grandvision4 255.255.255.255 inside location

  ASDM GrandVision_PC 255.255.255.255 inside location

  ASDM location LanSweep-XP 255.255.255.255 inside

  ASDM GrandVisionSoesterberg 255.255.255.0 inside location

  ASDM location Pearle-DC02 255.255.255.255 inside

  ASDM location Pearle-WDS 255.255.255.255 inside

  ASDM location Swabach 255.255.255.0 inside

  ASDM GrandVisionSoesterberg2 255.255.255.0 inside location

  don't allow no asdm history

  Where is that host (inethost)? Inside of the ASA, or on the internet (on the outside)?

  If it is outside, you must configure the NAT for the pool of vpn as you turn on the SAA.

  NAT (outside) 1 192.168.75.0 255.255.255.0