use dynamic-map
Hello
I was tasked to clean up a 8.2 (4) of 5510 running which has been migrated to a PIX a long time ago. In the research on the config, I don't know how these dyn cards are used. How these work and how can - I say if they actually are used? Thank you.
access-list outside_cryptomap_dyn_20 extended permit ip any 10.x.9.0 255.255.255.128
access-list outside_cryptomap_dyn_80 extended permit ip any 10.x.11.0 255.255.255.252
access-list outside_cryptomap_dyn_100 extended permit ip any host 10.x.11.2
access-list outside_cryptomap_dyn_180 extended permit ip any host 10.x.11.22
access-list outside_cryptomap_dyn_200 extended permit ip any 10.x.12.0 255.255.255.0
access-list outside_cryptomap_dyn_160 extended permit ip any host 10.x.11.21
access-list outside_cryptomap_dyn_220 extended permit ip any host 10.x.11.23
access-list outside_cryptomap_dyn_240 extended permit ip any host 10.x.11.24
access-list outside_cryptomap_dyn_260 extended permit ip any host 10.x.11.25
access-list outside_cryptomap_dyn_320 extended permit ip any host 10.x.11.26
access-list outside_cryptomap_dyn_340 extended permit ip any host 10.x.11.27
access-list outside_cryptomap_dyn_360 extended permit ip any host 10.x.11.28
access-list outside_cryptomap_dyn_380 extended permit ip any host 10.x.11.29
access-list outside_cryptomap_dyn_400 extended permit ip any 10.x.9.0 255.255.255.128
access-list outside_cryptomap_dyn_420 extended permit ip any host 10.x.11.24
access-list outside_cryptomap_dyn_500 extended permit ip any host 10.x.11.34
access-list outside_cryptomap_dyn_520 extended permit ip any host 10.x.11.29
crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_dyn_20
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 20 set security-association lifetime seconds 14400
crypto dynamic-map outside_dyn_map 40 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 60 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 80 match address outside_cryptomap_dyn_80
crypto dynamic-map outside_dyn_map 80 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 100 match address outside_cryptomap_dyn_100
crypto dynamic-map outside_dyn_map 100 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 120 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 140 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 160 match address outside_cryptomap_dyn_160
crypto dynamic-map outside_dyn_map 160 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 180 match address outside_cryptomap_dyn_180
crypto dynamic-map outside_dyn_map 180 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 200 match address outside_cryptomap_dyn_200
crypto dynamic-map outside_dyn_map 200 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 220 match address outside_cryptomap_dyn_220
crypto dynamic-map outside_dyn_map 220 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 240 match address outside_cryptomap_dyn_240
crypto dynamic-map outside_dyn_map 240 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 260 match address outside_cryptomap_dyn_260
crypto dynamic-map outside_dyn_map 260 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 280 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 300 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 320 match address outside_cryptomap_dyn_320
crypto dynamic-map outside_dyn_map 320 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 340 match address outside_cryptomap_dyn_340
crypto dynamic-map outside_dyn_map 340 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 360 match address outside_cryptomap_dyn_360
crypto dynamic-map outside_dyn_map 360 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 380 match address outside_cryptomap_dyn_380
crypto dynamic-map outside_dyn_map 380 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 400 match address outside_cryptomap_dyn_400
crypto dynamic-map outside_dyn_map 400 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 420 match address outside_cryptomap_dyn_420
crypto dynamic-map outside_dyn_map 420 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 440 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 460 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 480 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 500 match address outside_cryptomap_dyn_500
crypto dynamic-map outside_dyn_map 500 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 520 match address outside_cryptomap_dyn_520
crypto dynamic-map outside_dyn_map 520 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 540 set transform-set ESP-3DES-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
Hi Icaruso,
Dynamic maps are used for remote access vpn connections from outside your protected network. If you do not have any user to remote access, and then you unhesistatingly can delete all dynamic maps and corresponding crypto acl. The acl in the case of dynamic map crypto don't make much sense as the default value is "the network remote access vpn client" unless the vpn or split-acl filter is defined. In any case, I doubt if many dynamic maps are used in your network, as in the case of normal use, it is only one. Here is a link that you can refer to the remote access client configuration
Kind regards
Rohan
Tags: Cisco Security
Similar Questions
-
Several entries of the dynamic map (policies of the phase 2) on SAA
Hi all
I have a setup where I set up VPN remotely on my ASA. I came to a situation where I wanted to allow the two IPSEC client using cisco VPN client and android phone using L2TP/IPSEC
What is happening is that I want to use PFS for IPSEC clients, but my android phone does not support this. Then I tried to create two sequences in my dynamic crypto map, but the first sequence is always put in correspondence and therefore ike phase2 fails. If I put the sequence without PFS first, he will be first, and my client IPSEC uses both PFS...
If I remove the PFS, fine.
So is there a way either the AoA match to multiples of phase 2 policy, I mean not only several transform set in the same order, but also for pfs in my case.
My L2TP client using authentication rsa - sig and are dynamically mapped to a tunnel-group, so I thought maybe we can specify map entries different crypto depending on the authentication method, but it seems that the only option that we linked to this is for card crypto inherited, where we can choose the trustpoint for outbound connections.
So if anyone has an idea, I would be interested, otherwise, I guess I can leave without PFS...
Unfortunately not with PFS, as part of the overall transformation (for example: ESP-3DES, etc) then you can set several transformation under 1 dynamic map. However, not for PFS that you only have 1 option either turn or off as PFS is optional.
-
In the last day or two (8 August 2012) each time I start Firefox (14.01.01) I get a pop up that says "Google has disabled using the maps API for this application. He directs me to Google Maps terms & Conditions, but does not provide a solution to disable the pop up. I tried to disable Google Maps as an Add on Firefox, but still not the context menu.
It is easy to fix the problem or is this an attempt by Google to force me to Chrome, much like trying to crush Netscape in favour of Microsoft's Internet Explorer?I thought about it. It is not the browser itself. It happened that I had two pages that open when I started the browser (at home and at work) and it was one of them who had a Google map. They have had to fix their Web site.
Sorry Google, to think that you were an evil Empire! -
using google maps on FF, by default the Hebrew language. This does not happen in IE or chrome. where is the setting to control this on FF?
try to clear the cache and cookies from Google.com , and reload the page.
-
When using google maps via Firefox, after asking a place which is not the General section of North America who comes up regularly, the firefox screen becomes white with a narrow banner at the top. A message appears in the lower right corner that says something on display drivers having had a problem, but now have been recovered. However, the display is not recover and the message of the banner is that Firefox is not responding. When I go to restart Firefox if I'm about to restore, the page is still frozen.
I don't think there is a problem with my computer because it doesn't happen if I used to go to google maps, then G-cards works normally.
This phenomenon didn't happen before the last update Google or Firefox. I used Fiefox for some years and also Google Maps on previous computers and on this one and not had it before.
It is a relatively young computer (Asus EeSlate 121) less than a year. I have used Firefox since I bought it and until recently had no problem with Google Maps.I solved it myself, after the 'note' that was FF/Mozilla, just as I finished my message, commenting on what it was that my system was, I wnnt back to check my plug-ins, etc. I downloaded the latest Java, the TWO 32-bit AND 64-bit versions and latest Firefox.
Now everything works.
Thank you
B. -
Is cell required when you use the map applications of conduct?
Is cell required when you use the map applications of conduct?
Yes. GPS does not work with a Wi - Fi connection.
-
TomTom map is wrong in vietnam, pls use google map for the ios update, thank you
Map of Tomtom is very bad in vietnam, please use Google map for the ios update, thank you
We are fellow users on these forums, not support nor Apple iTunes.
TomTom are responsible for their own data to the card, if you have problems with their app and/or cards that you have tried to contact them?
-
You can use Bing Maps as a base in an Arc GIS Layer?
You want to use Bing maps as my base for a project GIS layer. Can I download it for free?
Hello
Sorry, but we don't support Bing or answer questions about Bing here. You should repost your question about Bing forums at http://www.bing.com/community/f/.
-
Hi, am new to the development of cascades of bb.
For my project, I have to use google maps to find the gps locations. Can anyone help import google map api in the development of waterfalls...
Sign up here to get api google products...
-
text using the map on the part of sharing
Hello
I want to share some text using the map on the part
but I am facing a problem
I have a list view, after loading data to the listview, I'm to that data to a property and then passing data for sharing
but unable to see the data, but if the text of a label, I can see this text
ListView { id: myListView1 property string p_sharing : "" dataModel: dataModel1 // Use a ListItemComponent to determine which property in the // data model is displayed for each list item listItemComponents: [ ListItemComponent { id: listiemm type: "item" Container { // property real p_font_size: 10 id:mainlist rightPadding: 20 leftPadding: 20 horizontalAlignment: HorizontalAlignment.Center verticalAlignment: VerticalAlignment.Center layout: StackLayout { orientation: LayoutOrientation.TopToBottom } Label { id: title horizontalAlignment: HorizontalAlignment.Right verticalAlignment: VerticalAlignment.Top text: ListItemData.title multiline: true onTextChanged: { mainlist.ListItem.view.p_sharing =title.text console.log("news Title label --->"+ mainlist.ListItem.view.p_sharing) } } }
outside the list, I have my share button and a label
ImageButton { id: btnshare1 onClicked: { share1.trigger("bb.action.SHARE") } attachedObjects: [ Invocation { id: share1 query { mimeType: "text/plain; charset=utf-8" invokeActionId: "bb.action.SHARE" data: ss1.encodeQString(myListView1.p_sharing) ; // data:myListView1.p_sharing } } ] defaultImageSource: "asset:///images/list.png" pressedImageSource: "asset:///images/list.png" disabledImageSource: "asset:///images/list.png" } attachedObjects: [ WebImageView { id: ss1 } ]
and here is the label
Label { id: lbl text:"abc"+ myListView1.p_sharing horizontalAlignment: HorizontalAlignment.Center }
I can see the value of the property in the label, but you see is not the text in the map sharing
any help?
TheMarco has published a tutorial on how to make this a few months back
https://forrst.com/posts/Adding_Social_Sharing_through_Invocation_to_your-FMZ
-
Change the mapped network drive letter
Letter h: is not available to map a network drive. Also, it is not listed in the disk management window. None of my other mapped network drives are no more. Where can I reallocate the letter of a mapped network drive? In addition, where to see a list of the letters in use by mapped network drives?
Tips on how to assign a drive letter:
http://TechNet.Microsoft.com/en-us/library/cc757491 (WS.10) .aspx
See also:
-
Use google maps, maps of microsoft (bing) instead of Blackberry Maps
I'm looking to develop a new application using the maps of Google or Microsoft, but I did not have any demo code to do this.
If simply open a browser window?
you have to check for google maps being installed first, then you can start with the settings:
http://www.BlackBerryForums.com/developer-forum/143263-here-s-how-start-Google-maps-landmark.html
-
L2l VPN using Dynamic IP - question
Dear all,
I have several sites with dynamic IP address.
HO, I have a cisco router with dynamic IP, in which internet VPN and terminated on SAA configured port forwarding.
I have 40 branches will be all dynamic ip. all L2L tunnels are running.
My problem is that of creates a branch to HO communication is perfect but to HO, I'm not able to access the ants of branch resources.
could someone help me solve this problem... Config is attached.
AHA!
I understand a little better Setup.
It seems that your routers are destination NAT, so all the tunnels seem to come from the subnet "172.16.40.0/23."
And indeed your hypothesis is correct problem seems to be related to the lack of correct roads pointing outward. (at least it seems that Yes for now).
However, reverse route injection should take care of it.
Speaking of which I noticed your field of tunnels on
Crypto dynamic-map alfa and not the default system.
Please add "crypto dynamic-map alfa 1 set reverse" and restart one of the tunnels (do not speak it, simply identify isakmp and ipsec for this session).
We'll see from there.
Marcin
-
Can I use dynamic subject line in email?
Hello
Can I use dynamic subject line in email?
Hi Sanjiv yadav, Yes, we do. For this we need to put dynamic content on this particular line or section. Thanks, Eloqua Expert
-
Y at - it a paper on how to use the map data the lookup value?
I'm looking for a documentation where I could find information about the game of card data and how to use the map data configured according to look.
Any help is very appreciated.
I found a few threads on data cards:
http://topliners.Eloqua.com/docs/doc-2434
http://topliners.Eloqua.com/docs/doc-2817
http://topliners.Eloqua.com/message/14058#14058
Maybe that can help you get started
Maybe you are looking for
-
Could someone please help? Deactivation of the system code 71572221
-
Feature touch screen of my XPS2720
The touch screen of my XPS2720 function does not work even after the bios update. the diagnosis says that he does not support stiletto and tactile.
-
Hard to reformat the disks on the Server Blade
We just installed a blade with 4 servers M620 m1000E chassis. I'm looking at a variety of new Virtualization options. One product claims a previous installation has failed and the obvious solution is to format the drive (mirrored 136 15K SAS) and r
-
Network blackBerry Smartphone problem
When I open the blackberry world it say check connection yournetwork and then try agaim
-
How to handle the error message from DB trigger
Hi allI try to delete a record in A table contains column a1 a2 and column when deleting a record in table A trigger is set to this topic so that it will check if combination of column a1, a2 of table A is present in table B that contains columns a1,