WebVPN cannot access internal network on 2821

Similar Questions

• Cannot access internal network so AnyConnect SSL VPN, ASA 9.1 (6)

  Hello Cisco community support,

  I have a lab which consists of two virtual environments connected to a 3750-G switch that is connected to a 2901 router which is connected to an ASA 5512 - X which is connected to my ISP gateway. I configured SSL VPN using AnyConnect and can establish a VPN to the ASA from the outside but once connected, I can't access internal network resources or access the internet. My information network and ASA configuration is listed below. Thank you for any assistance you can offer.

  ISP network gateway: 10.1.10.0/24

  ASA to the router network: 10.1.40.0/30

  Pool DHCP VPN: 10.1.30.0/24

  Network of the range: 10.1.20.0/24

  Development network: 10.1.10.0/24

  : Saved
  :
  : Serial number: FCH18477CPT
  : Material: ASA5512, 4096 MB RAM, CPU Clarkdale 2793 MHz, 1 CPU (2 cores)
  :
  ASA 6,0000 Version 1
  !
  hostname ctcndasa01
  activate bcn1WtX5vuf3YzS3 encrypted password
  names of
  cnd-vpn-dhcp-pool 10.1.30.1 mask - 255.255.255.0 IP local pool 10.1.30.200
  !
  interface GigabitEthernet0/0
  nameif inside
  security-level 100
  IP 10.1.40.1 255.255.255.252
  !
  interface GigabitEthernet0/1
  nameif outside
  security-level 0
  address IP X.X.X.237 255.255.255.248
  !
  interface GigabitEthernet0/2
  Shutdown
  No nameif
  no level of security
  no ip address
  !
  interface GigabitEthernet0/3
  Shutdown
  No nameif
  no level of security
  no ip address
  !
  interface GigabitEthernet0/4
  Shutdown
  No nameif
  no level of security
  no ip address
  !
  interface GigabitEthernet0/5
  Shutdown
  No nameif
  no level of security
  no ip address
  !
  interface Management0/0
  management only
  nameif management
  security-level 100
  IP 192.168.1.1 255.255.255.0
  !
  boot system Disk0: / asa916-1-smp - k8.bin
  boot system Disk0: / asa912-smp - k8.bin
  passive FTP mode
  permit same-security-traffic intra-interface
  network of the NETWORK_OBJ_10.1.30.0_24 object
  10.1.30.0 subnet 255.255.255.0
  network obj_any object
  network obj_10.1.40.0 object
  10.1.40.0 subnet 255.255.255.0
  network obj_10.1.30.0 object
  10.1.30.0 subnet 255.255.255.0
  outside_access_in list extended access permitted ip object NETWORK_OBJ_10.1.30.0_24 all
  FREE access-list extended ip 10.1.40.0 NAT allow 255.255.255.0 10.1.30.0 255.255.255.0
  access-list 101 extended allow any4 any4-answer icmp echo
  access-list standard split allow 10.1.40.0 255.255.255.0
  pager lines 24
  Enable logging
  asdm of logging of information
  Within 1500 MTU
  Outside 1500 MTU
  management of MTU 1500
  ICMP unreachable rate-limit 1 burst-size 1
  ICMP allow any inside
  ICMP allow all outside
  ASDM image disk0: / asdm - 743.bin
  don't allow no asdm history
  ARP timeout 14400
  no permit-nonconnected arp
  NAT (inside, outside) source obj_10.1.40.0 destination obj_10.1.40.0 static static obj_10.1.30.0 obj_10.1.30.0 non-proxy-arp-search to itinerary
  NAT (inside, outside) static source any any static destination NETWORK_OBJ_10.1.30.0_24 NETWORK_OBJ_10.1.30.0_24 non-proxy-arp-search to itinerary
  Access-group outside_access_in in interface outside
  !
  Router eigrp 1
  Network 10.1.10.0 255.255.255.0
  Network 10.1.20.0 255.255.255.0
  Network 10.1.30.0 255.255.255.0
  Network 10.1.40.0 255.255.255.252
  !
  Route outside 0.0.0.0 0.0.0.0 10.1.10.1 1
  Timeout xlate 03:00
  Pat-xlate timeout 0:00:30
  Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
  Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
  Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  Floating conn timeout 0:00:00
  dynamic-access-policy-registration DfltAccessPolicy
  without activating the user identity
  identity of the user by default-domain LOCAL
  Enable http server
  http 192.168.1.0 255.255.255.0 management
  http 192.168.1.0 255.255.255.0 inside
  http X.X.X.238 255.255.255.255 outside
  No snmp server location
  No snmp Server contact
  Crypto ipsec pmtu aging infinite - the security association
  Crypto ca trustpoint ASDM_Launcher_Access_TrustPoint_0
  registration auto
  full domain name no
  name of the object CN = 10.1.30.254, CN = ctcndasa01
  ASDM_LAUNCHER key pair
  Configure CRL
  trustpool crypto ca policy
  string encryption ca ASDM_Launcher_Access_TrustPoint_0 certificates
  certificate c902a155
  308201cd 30820136 a0030201 020204c 0d06092a 864886f7 0d 010105 9 02a 15530
  0500302b 31133011 06035504 03130 has 63 61736130 31311430 12060355 74636e64
  0403130 31302e31 2e33302e 32353430 1e170d31 35303731 32303530 3133315a b
  170d 3235 30373039 30353031 33315 has 30 2 b 311330 0403130a 11060355 6374636e
  64617361 30313114 30120603 55040313 0b31302e 312e3330 2e323534 30819f30
  0d06092a 864886f7 010101 05000381 8 d 0d 003081 89028181 00a47cfc 6b5f8b9e
  9b106ad6 857ec34c 01028f71 d35fb7b5 6a61ea33 569fefca 3791657f eeee91f2
  705ab2ea 09207c4f dfbbc18a 749b19ae d3ca8aa7 3370510b a5a96fd4 f9e06332
  4355 db1a4b88 475f96a1 318f7031 40668a4d afa44384 819d fa164c05 2e586ccc
  3ea59b78 5976f685 2abbdcf6 f3b448e5 30aa96a8 1ed4e178 0001300 020301 4 d d
  06092a 86 01010505 00038181 0093656f 639e138e 90b69e66 b50190fc 4886f70d
  42d9b4a8 11828da4 e0765d9c 52d84f8b 8e70747e e760de88 c43dc5eb 1808bd0f
  fd2230c1 53f68ea1 00f3e956 97eb313e 26cc49d7 25b927b5 43d8d3fa f212fcaf
  59eb8104 98e3a1d9 e05d3bcb 428cd7c6 61b530f5 fe193d15 ef8c7f08 37ad16f5
  d8966b50 917a88bb f4f30d82 6f8b58ba 61
  quit smoking
  Telnet timeout 5
  SSH stricthostkeycheck
  SSH timeout 5
  SSH group dh-Group1-sha1 key exchange
  Console timeout 0
  VPN-addr-assign local reuse / 360 time
  management of 192.168.1.2 - dhcpd address 192.168.1.254
  enable dhcpd management
  !
  a basic threat threat detection
  Statistics-list of access threat detection
  no statistical threat detection tcp-interception
  Trust ASDM_Launcher_Access_TrustPoint_0 vpnlb-ip SSL-point
  SSL-trust outside ASDM_Launcher_Access_TrustPoint_0 point
  WebVPN
  allow outside
  AnyConnect image disk0:/anyconnect-linux-3.1.09013-k9.pkg 4
  AnyConnect image disk0:/anyconnect-macosx-i386-3.1.09013-k9.pkg 5
  AnyConnect image disk0:/anyconnect-win-3.1.09013-k9.pkg 6
  AnyConnect enable
  tunnel-group-list activate
  internal GroupPolicy_cnd-vpn group policy
  GroupPolicy_cnd-vpn group policy attributes
  WINS server no
  value of server DNS 8.8.8.8
  client ssl-VPN-tunnel-Protocol
  by default no
  xxxx GCOh1bma8K1tKZHa username encrypted password
  type tunnel-group cnd - vpn remote access
  tunnel-group global cnd-vpn-attributes
  address-cnd-vpn-dhcp-pool
  strategy-group-by default GroupPolicy_cnd-vpn
  tunnel-group cnd - vpn webvpn-attributes
  activation of the alias group cnd - vpn
  !
  ICMP-class class-map
  match default-inspection-traffic
  class-map inspection_default
  match default-inspection-traffic
  !
  !
  type of policy-card inspect dns preset_dns_map
  parameters
  maximum message length automatic of customer
  message-length maximum 512
  Policy-map icmp_policy
  icmp category
  inspect the icmp
  Policy-map global_policy
  class inspection_default
  inspect the preset_dns_map dns
  inspect the ftp
  inspect h323 h225
  inspect the h323 ras
  inspect the rsh
  inspect the rtsp
  inspect esmtp
  inspect sqlnet
  inspect the skinny
  inspect sunrpc
  inspect xdmcp
  inspect the sip
  inspect the netbios
  inspect the tftp
  Review the ip options
  inspect the icmp
  !
  global service-policy global_policy
  service-policy icmp_policy outside interface
  context of prompt hostname
  no remote anonymous reporting call
  Cryptochecksum:261228832f3b57983bcc2b4ed5a8a9d0
  : end
  ASDM image disk0: / asdm - 743.bin
  don't allow no asdm history

  Can you confirm that this is correct, your diagram shows your IP address public on ASA as 30 while you have assinged on 'outside' interface like 29?

• EZ - VPN Cisco cannot access internal network

  Hello

  I configured an EZ - VPN on my router, but after a login successful in the VPN, I can't ping my internal network or access all the resources. Also, I can't ping my router VPN Client IP address.

  Can someone take a look at my Config?

  Here is my config:

  Current configuration: 7730 bytes

  !

  ! Last configuration change at 16:24:55 UTC Tuesday, June 14, 2011 by suncci

  ! NVRAM config update at 20:21:30 UTC Friday, June 10, 2011 by suncci

  !

  version 12.4

  horodateurs service debug datetime msec

  Log service timestamps datetime msec

  no password encryption service

  !

  router host name

  !

  boot-start-marker

  boot-end-marker

  !

  no set record in buffered memory

  no console logging

  !

  AAA new-model

  !

  !

  AAA authentication login default local

  local AUTH_VPN AAA authentication login

  AAA authorization exec default local

  local AUTHORIZE_VPN AAA authorization network

  !

  !

  AAA - the id of the joint session

  IP cef

  !

  !

  !

  !

  name-server IP 208.67.222.222

  name of the IP-server 205.188.146.145

  !

  Authenticated MultiLink bundle-name Panel

  !

  !

  !

  !

  !

  !

  !

  !

  !

  !

  !

  !

  !

  Crypto pki trustpoint TP-self-signed-1861908046

  enrollment selfsigned

  name of the object cn = IOS - Self - signed - certificate - 1861908046

  revocation checking no

  rsakeypair TP-self-signed-1861908046

  !

  !

  TP-self-signed-1861908046 crypto pki certificate chain

  certificate self-signed 01

  3082023E 308201A 7 A0030201 02020101 300 D 0609 2A 864886 F70D0101 04050030

  2 060355 04031326 494F532D 53656 C 66 2 AND 536967 6E65642D 43657274 31312F30

  69666963 31383631 39303830 6174652D 3436301E 170 3032 30333031 30313431

  30365A 17 0D 323030 31303130 30303030 305A 3031 06035504 03132649 312F302D

  4F532D53 5369676E 656C662D 43 65727469 66696361 74652 31 38363139 65642D

  30383034 3630819F 300 D 0609 2A 864886 01050003, 818, 0030, 81890281 F70D0101

  8100AD30 FB88278D F9010218 AD58E479 21C00A39 76974 HAS 87 DF43C948 D56E65CC

  98F484A1 1F5BA429 449E416F B3C5729C 78598186 8873 HAS 168 DB9EEAAA B0521523

  C8011877 14888C9A 193E43E3 C3575491 74A940A2 B2970549 FE436E4A 4DA6FB23

  C 21, 20110 0CD3A8F6 32EAD292 648F9E32 7EE6C86F 181FC3C2 8F91DA66 A3886F5C

  0203 010001A 3 66306430 1 130101 FF040530 030101FF 30110603 0F060355 467D

  1104 A 0, 300882 06526F75 74657230 551D 1 230418 30168014 FD800727 1F060355

  5FA9AD41 6EAE99B0 1EDA2735 C0DBBBCC 301D 0603 551D0E04 160414FD 8007275F

  A9AD416E AE99B01E DA2735C0 DBBBCC30 0D06092A 864886F7 0D 010104 05000381

  810076CE E5030E51 5BD6FE9F A8A42483 53E7D250 CDE09E87 6AD77195 09D225AF

  25858304 034D146B C4970C31 F6EF496B 7F57C772 7A1F0DFE 8A06B878 919AFD58

  212E475A 0346ADA6 D629BDFC AE58C42A 36D971D1 3BAB8541 EAC0AA10 919816A 1

  E22F5015 52086757 2171A4C7 6832C2BC 89ADEF72 95A81A51 0B888B1C 9EE9EE58 8E65

  quit smoking

  !

  !

  username privilege 15 password 0 xxxxx xxxxxx

  Archives

  The config log

  hidekeys

  !

  !

  crypto ISAKMP policy 1

  BA aes

  preshared authentication

  Group 2

  !

  crypto ISAKMP policy 10

  BA 3des

  preshared authentication

  Group 2

  ISAKMP crypto nat keepalive 5

  !

  crypto ISAKMP client VPN-Sun-group configuration group

  key to 12345

  DNS 208.67.222.222

  pool VPN_Pool

  ACL VPN_Test

  Crypto isakmp ISAKMP_Profile_EZVPN profile

  Group of Sun-VPN-Group identity match

  list of authentication of client AUTH_VPN

  AUTHORIZE_VPN of ISAKMP authorization list.

  client configuration address respond

  Client configuration group Sun-VPN-Group

  virtual-model 1

  !

  !

  Crypto ipsec transform-set Sun-VPN aes - esp esp-sha-hmac

  !

  Profile of crypto ipsec IPSEC_Profile_EZVPN

  game of transformation-Sun-VPN

  ISAKMP_Profile_EZVPN Set isakmp-profile

  !

  !

  !

  !

  !

  !

  !

  !

  type of class-card inspect all internal match

  tcp protocol match

  udp Protocol game

  dns protocol game

  http protocol game

  https protocol game

  match icmp Protocol

  type of class-card inspect entire game Internet

  tcp protocol match

  udp Protocol game

  match icmp Protocol

  type of class-card inspect match, all the traffic-IntraNet-InterNet

  tcp protocol match

  udp Protocol game

  match icmp Protocol

  match the group-access InterNet-to-IntraNet-ACL name

  type of class-card inspect match, all the traffic-InterNet-IntraNet

  tcp protocol match

  udp Protocol game

  match icmp Protocol

  !

  !

  type of policy-card inspect InterNet-IntraNet-policy

  class type inspect traffic-IntraNet-InterNet

  inspect

  class class by default

  drop

  type of policy-card inspect IntraNet-InterNet-policy

  class type inspect traffic-InterNet-IntraNet

  inspect

  class class by default

  drop

  type of policy-card inspect sdm-policy-Internet

  class type inspect Internet

  inspect

  class class by default

  type of policy-card inspect internal sdm-policy

  class type inspect internal

  inspect

  class class by default

  drop

  !

  Security for the Internet zone

  security of the inner area

  the IntraNet zone security

  Description Interfaces all connected to the Intranet

  Security for the InterNet zone

  Description of all Interfaces connected to the Internet

  destination inner security zone-pair source sdm-zp-internal-self self

  type of service-strategy inspect sdm-policy-Internet

  zone-pair security IntraNet - InterNet source IntraNet InterNet destination

  type of service-strategy inspect IntraNet-InterNet-policy

  InterNet - IntraNet source InterNet destination IntraNet security zone-pair

  inspect the type of service-strategy InterNet-IntraNet-policy

  !

  !

  !

  !

  interface Loopback0

  IP 192.168.1.1 255.255.255.0

  !

  interface FastEthernet0/0

  Description external PPPOE Interface ETH - WAN$

  no ip address

  response to IP mask

  NAT outside IP

  IP virtual-reassembly

  automatic speed

  PPPoE enable global group

  PPPoE-client dial-pool-number 1

  No cdp enable

  !

  interface FastEthernet0/1

  switchport access vlan 10

  !

  interface FastEthernet0/2

  switchport access vlan 10

  !

  interface FastEthernet0/3

  switchport access vlan 10

  !

  interface FastEthernet0/4

  switchport access vlan 10

  !

  type of interface virtual-Template1 tunnel

  IP unnumbered Loopback0

  members of the IntraNet zone security

  source of Dialer1 tunnel

  ipv4 ipsec tunnel mode

  Tunnel IPSEC_Profile_EZVPN ipsec protection profile

  !

  interface Vlan10

  Description $FW_INSIDE$

  IP 192.168.0.3 255.255.255.0

  response to IP mask

  no ip redirection

  no ip unreachable

  IP nat inside

  IP virtual-reassembly

  members of the IntraNet zone security

  route IP cache flow

  !

  interface Dialer1

  Description $FW_OUTSIDE$

  the negotiated IP address

  no ip redirection

  no ip unreachable

  no ip proxy-arp

  IP mtu 1492

  NAT outside IP

  IP virtual-reassembly

  the Member's area InterNet security

  encapsulation ppp

  IP tcp adjust-mss 1452

  Dialer pool 1

  Dialer-Group 1

  No cdp enable

  PPP authentication chap callin pap

  PPP chap hostname pty/69733

  password PPP chap 0 DSLconnect

  PPP pap sent-username pty/69733 password 0 DSLconnect

  !

  IP pool local VPN_Pool 192.168.1.30 192.168.1.40

  IP forward-Protocol ND

  IP route 0.0.0.0 0.0.0.0 Dialer1

  IP route 192.168.1.0 255.255.255.0 Dialer1

  !

  !

  IP http server

  local IP http authentication

  IP http secure server

  IP nat inside source overload map route NAT interface Dialer1

  !

  InterNet-to-IntraNet-ACL extended IP access list

  permit tcp any 192.168.0.0 0.0.0.255

  allow udp all 192.168.0.0 0.0.0.255

  allow icmp any 192.168.0.0 0.0.0.255

  refuse an entire ip

  Internet extended IP access list

  Note Internet

  Remark SDM_ACL = 2 category

  Notice all THE

  allow a full tcp

  allow a udp

  allow icmp a whole

  allow an ip

  NAT extended IP access list

  Licensing ip 192.168.0.0 0.0.0.255 any

  deny ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255

  VPN_Test extended IP access list

  Licensing ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255

  !

  Remark SDM_ACL category of access list 1 = 2

  access-list 1 permit 192.168.0.0 0.0.0.255

  access-list 1 permit 192.168.1.0 0.0.0.255

  Note access-list 2 = 2 SDM_ACL category

  access-list 2 allow to 192.168.1.0 0.0.0.255

  access-list 5 permit one

  access-list 10 permit 192.168.0.0 0.0.0.255

  access-list 102 deny ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255

  access-list 102 permit ip 192.168.0.0 0.0.0.255 any

  not run cdp

  !

  !

  !

  route NAT allowed 10 map

  corresponds to the IP NAT

  !

  !

  !

  control plan

  !

  !

  !

  !

  !

  !

  !

  !

  !

  Line con 0

  line to 0

  line vty 0 4

  exec-timeout 30 12

  privilege level 15

  Synchronous recording

  transport input telnet ssh

  !

  NTP-period clock 17208070

  NTP 17.151.16.21 Server

  end

  As I've mentioned earlier, you can of course ping from router to 192.168.0.2 because they are in the same subnet. It uses ARP instead of routing to the device when you are pinging on the same subnet.

  The switch is configured with the correct default gateway? The switch must be configured with the default gateway 192.168.0.3.

  You also mention that you can ping 192.168.0.30 which is beyond the router. This means that it is not the router VPN configuration error, but rather the terminal that you are trying to ping since you can ping 192.168.0.30.

• Cannot access the network ERR_NETWORK_ACCESS_DENIED

  I have Windows 7.  Nothing works, I tried chrome (which will not even load) and Firefox (it has been a constant problem with gmail for well over a year).

  Cannot access the network

  ERR_NETWORK_ACCESS_DENIED
  Google Chrome has access to the network.

  Maybe it's because your firewall or antivirus software wrongly think that Google Chrome is an intruder on your computer and it blocks to connect to Internet.

  Chrome allow access to the network in your firewall or anti-virus settings.

  If it is already listed as a program allowed to access the network, try to remove from the list and Add again.

  I tried the above, but can't seem to solve the problem.  Thank you.

  Hello Paul,

  Thanks for posting your question on the Microsoft Community.

  I would like to know some information about the problem so that we can help you better.

  The same problem occurs when you use Internet explorer?

  Thank you for details on the question and your efforts to resolve.

  If the problem also occurs when you use Internet explorer, I suggest you use the steps in this article and check if it helps.
  Reference:
  Can't access some Web sites in Internet Explorer
  https://support.Microsoft.com/en-us/KB/967897

  Note: The feature reset the Internet Explorer settings can reset security settings or privacy settings that you have added to the list of Trusted Sites. Reset the Internet Explorer settings can also reset parental control settings. We recommend that you note these sites before you use the reset Internet Explorer settings. Reset Internet Explorer is not reversible, and all the previous settings are lost after reset.

  Also see this article:
  Understanding Windows Firewall settings
  http://Windows.Microsoft.com/en-us/Windows/understanding-firewall-settings#1TC=Windows-7

  Note: Firewall and Antivirus software can help protect your computer against viruses and other security threats. In most cases, you should not turn off your antivirus software and firewalls. If you need to disable temporarily to install other software, you should reactivate as soon as you are finished. If you are connected to the Internet or a network, while your antivirus software and firewall are disabled, your computer is vulnerable to attacks.

  To get help on Google chrome, I suggest you post your question on Google chrome forums.
  http://productforums.Google.com/d/Forum/chrome

  I hope this information helps.

  Please let us know if you need more help.

  Thank you

• N600 ea2700 cannot access internal Web sites

  I have a new router, n600 ea2700, replace a wrt54g2 for this.

  I have an internal Web server configuration, with port 80 redirection http to my iis7 Web with a server static ip address

  I can access my areas outside my internal network (IE my cell phone), but when I type in www.mydomain(s).com (one of them) in my browser on a wired computer or internal wireless I get "cannot display this page".

  I can ping the www.my... and get an answer to my router static ip (internet provider)

  I can type in my static ip of the Web server and get my splash screen for iis7

  I of the wrong with linksys phone and they could not understand, basically saying take the router at staples and get a different model.

  I think I'll ask here before I do it.  I would add that if I put the old wrt back I can't access no problem.

  Any ideas?

  Thank you!

  Sorry I misunderstood your OP.

  This is called "NAT Loopback" and is not available on the Smart Wifi routers.

  Honestly the firmware of the Wifi chip is not designed for custom networks from servers or DNS requirements.

• Help cannot access internal resources

  Hello I am trying to configure an ASA 5505 at home and connecting through the Cisco Secure mobility Client

  Internal network: 10.37.1.0/24

  Guest network: 10.37.2.0/24

  DHCP VPN: 10.37.3.0/24

  I am only able to connect with the local account of ASA, not LDAP as I want. After I connect I get my 10.37.1.0/24 (my internal network) secure route but I can't ping, RDP, SSH, etc. anything inside. I get the message below...

  4

  October 30, 2013

  12:08:36

  10.37.3.130

  Refuse icmp outside CBC: 10.37.3.130 dst host: SPIDERMAN (type 8, code 0) by access-group "outside_access_in" [0x0, 0x0]

  Any help would be greatly appreciated! Thank you.

  Registered

  : Written by enable_15 to the 09:09:04.925 EDT Wednesday, October 30, 2013

  !

  ASA Version 8.2 (5)

  !

  hostname aquaman

  domain batcave.local

  activate the encrypted password of O8X.8O1jZvTr6Rh3

  zHg4tACBjpuqj6q5 encrypted passwd

  names of

  name 10.37.1.99 GREEN-ARROW

  name OpenDNS1 description resolver1.opendns.com 208.67.222.222

  name OpenDNS2 description resolver2.opendns.com 208.67.220.220

  name 208.67.222.220 OpenDNS3 resolver3.opendns.com description

  name 208.67.220.222 OpenDNS4 resolver4.opendns.com description

  name 10.37.1.15 DU-HULK

  name 178.33.199.65 ComodoMX1 mxsrv1.spamgateway.comodo.com description

  name 178.33.199.66 ComodoMX2 mxsrv2.spamgateway.comodo.com description

  name 10.37.1.101 SPIDERMAN

  name 10.37.1.10 DAREDEVIL

  name 65.73.180.177 WorkIP

  name 10.37.1.254 OpenVPNAS

  name 10.37.3.0 VPN_DHCP

  name 10.37.2.10 GuestWirelessAP

  name 10.37.1.20 DU-FLASH

  name 10.37.1.200 BR_1

  name 10.37.1.201 BR_2

  name 10.37.1.30 IRONMAN

  name 10.37.1.25 WIKI

  !

  interface Ethernet0/0

  switchport access vlan 2

  !

  interface Ethernet0/1

  !

  interface Ethernet0/2

  !

  interface Ethernet0/3

  !

  interface Ethernet0/4

  !

  interface Ethernet0/5

  switchport access vlan 5

  !

  interface Ethernet0/6

  !

  interface Ethernet0/7

  !

  interface Vlan1

  nameif House

  security-level 100

  IP 10.37.1.1 255.255.255.0

  !

  interface Vlan2

  nameif outside

  security-level 0

  IP address dhcp setroute

  !

  interface Vlan5

  nameif comments

  security-level 50

  IP 10.37.2.254 255.255.255.0

  !

  !

  interval M-F_9-16

  periodical Monday to Friday 09:00 to 16:00

  !

  Banner motd

  boot system Disk0: / asa825 - k8.bin

  passive FTP mode

  clock timezone IS - 5

  clock to summer time EDT recurring

  DNS domain-lookup outside

  DNS server-group DefaultDNS

  Server name OpenDNS1

  Server name OpenDNS2

  Server name OpenDNS3

  Server name OpenDNS4

  domain batcave.local

  permit same-security-traffic inter-interface

  object-group service RDP - tcp

  Remote Desktop Protocol Description

  EQ port 3389 object

  object-group Protocol TCPUDP

  object-protocol udp

  object-tcp protocol

  the ComodoSpamFilter object-group network

  host of the object-Network ComodoMX1

  host of the object-Network ComodoMX2

  the OpenDNSServers object-group network

  host of the object-Network OpenDNS2

  host of the object-Network OpenDNS4

  host of the object-Network OpenDNS3

  host of the object-Network OpenDNS1

  VNC tcp service object-group

  EQ port 5900 object

  smartmail tcp service object-group

  object-port 9998 eq

  http2 tcp service object-group

  EQ object of port 8080

  RDP2 tcp service object-group

  port-object eq 3789

  DM_INLINE_TCP_1 tcp service object-group

  EQ port ssh object

  port-object eq telnet

  object-group network Netflix

  host of the object-Network BR_1

  the object-BR_2 Network host

  object-group service tcp MOP3

  port-object eq 3999

  outside_access_in list extended access permit tcp any interface outside of the object-group RDP log disable

  outside_access_in list extended access permit tcp any interface outside eq ftp log disable

  outside_access_in list extended access permit tcp any interface outside eq www disable journal

  outside_access_in list extended access permitted tcp object-group ComodoSpamFilter interface outside eq smtp log disable

  outside_access_in list extended access permit tcp any interface outside of the object-group smartmail disable journal

  access-list extended outside_access_in permit tcp host WorkIP log disable interface outside object-group VNC

  outside_access_in list extended access permit tcp any interface outside of the object-group http2 disable journal

  outside_access_in list extended access permit tcp any interface outside of the object-group RDP2 journal disable

  outside_access_in list extended access permit icmp any interface outside disable newspaper echo-reply

  home_access_in list extended access allowed object-group TCPUDP 10.37.1.0 255.255.255.0 OpenDNSServers eq field journal disable object-group

  home_access_in list extended access allowed host TCPUDP object-group SPIDERMAN turn off no matter what field eq journal

  home_access_in list extended access denied object-group TCPUDP 10.37.1.0 255.255.255.0 disable any log domain eq

  home_access_in allowed extended access list ip all all disable Journal

  guest_access_in list extended access allowed object-group TCPUDP 10.37.2.0 255.255.255.0 OpenDNSServers eq field journal disable object-group

  guest_access_in list extended access deny tcp 10.37.2.0 255.255.255.0 disable any newspaper ftp EQ

  guest_access_in list extended access deny tcp 10.37.2.0 255.255.255.0 disable any newspaper of DM_INLINE_TCP_1-group of objects

  guest_access_in list extended access deny tcp 10.37.2.0 255.255.255.0 disable any newspaper RDP-group of objects

  guest_access_in list extended access deny tcp 10.37.2.0 255.255.255.0 disable any newspaper VNC object-group

  guest_access_in list extended access denied object-group TCPUDP 10.37.2.0 255.255.255.0 disable any log domain eq

  guest_access_in to access extended list ip any any newspaper disable time-range allow M-F_9-16

  Standard access list Split_Tunnel_List allow 10.37.1.0 255.255.255.0

  pager lines 24

  Enable logging

  timestamp of the record

  logging trap notifications

  asdm of logging of information

  logging - the id of the device hostname

  logging host home-FLASH

  Home of MTU 1500

  Outside 1500 MTU

  Comments of MTU 1500

  local pool VPN_DHCP 10.37.3.130 - 10.37.3.139 255.255.255.0 IP mask

  no failover

  ICMP unreachable rate-limit 1 burst-size 1

  ICMP allow any home

  ICMP permitted outside the host WorkIP

  ICMP deny everything outside

  ICMP deny any guest

  ASDM image disk0: / asdm - 714.bin

  Location THE-HULK 255.255.255.255 ASDM home

  Location WIKI 255.255.255.255 ASDM home

  Location GREEN-ARROW 255.255.255.255 ASDM home

  Location OpenDNS2 255.255.255.255 ASDM home

  Location OpenDNS4 255.255.255.255 ASDM home

  Location OpenDNS3 255.255.255.255 ASDM home

  Location OpenDNS1 255.255.255.255 ASDM home

  Location ComodoMX1 255.255.255.255 ASDM home

  Location ComodoMX2 255.255.255.255 ASDM home

  Location SPIDERMAN 255.255.255.255 ASDM home

  Location DAREDEVIL 255.255.255.255 ASDM home

  Location WorkIP 255.255.255.255 ASDM home

  Location OpenVPNAS 255.255.255.255 ASDM home

  Location VPN_DHCP 255.255.255.0 ASDM home

  Location GuestWirelessAP 255.255.255.255 ASDM home

  Location LA-FLASH 255.255.255.255 ASDM home

  Location IRONMAN 255.255.255.255 ASDM home

  don't allow no asdm history

  ARP timeout 14400

  NAT-control

  Overall 101 (external) interface

  NAT (House) 101 0.0.0.0 0.0.0.0

  NAT (guest) 101 0.0.0.0 0.0.0.0

  3389 GREEN ARROW 3389 netmask 255.255.255.255 interface static tcp (home, outdoor)

  public static tcp (home, outside) THE-HULK netmask 255.255.255.255 ftp ftp interface

  public static tcp (home, outside) interface www THE-HULK www netmask 255.255.255.255

  public static tcp (home, outside) interface smtp smtp netmask 255.255.255.255 IRONMAN

  9998 IRONMAN 9998 netmask 255.255.255.255 interface static tcp (home, outdoor)

  5900 5900 SPIDERMAN netmask 255.255.255.255 interface static tcp (home, outdoor)

  public static (home, outside) udp interface tftp THE tftp netmask 255.255.255.255 FLASH

  3789 THE FLASH 3789 netmask 255.255.255.255 interface static tcp (home, outdoor)

  8080 8080 WIKI netmask 255.255.255.255 interface static tcp (home, outdoor)

  Access-group home_access_in in interface House

  Access-group outside_access_in in interface outside

  Access-group guest_access_in in the comments of the interface

  Timeout xlate 03:00

  Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

  Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00

  Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00

  Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

  timeout tcp-proxy-reassembly 0:01:00

  Floating conn timeout 0:00:00

  dynamic-access-policy-registration DfltAccessPolicy

  AAA-server protocol ldap BATCAVE

  AAA-server BATCAVE (home) host DAREDEVIL

  LDAP-base-dn = Users, OR =, DC = batcave, DC = local

  LDAP-group-base-dn memberOf = CN = Cisco VPN Users, OR = Groups, OU = staff, DC = batcave, DC = local

  LDAP-naming-attribute sAMAccountName

  LDAP-login-password npYDApHrdVjOTcj8kJha

  LDAP-connection-dn CN = Cisco account LDAP, OU = Service accounts, DC = batcave, DC = local

  microsoft server type

  the ssh LOCAL console AAA authentication

  LOCAL AAA authentication serial console

  LOCAL AAA authorization exec

  http server enable 3737

  http WorkIP 255.255.255.255 outside

  http 10.37.1.0 255.255.255.0 House

  redirect http outside 80

  http redirection 80 home

  No snmp server location

  No snmp Server contact

  Server enable SNMP traps snmp authentication linkup, linkdown cold start

  No vpn sysopt connection permit

  life crypto ipsec security association seconds 28800

  Crypto ipsec kilobytes of life - safety 4608000 association

  No vpn-addr-assign aaa

  VPN-addr-assign local reuse / time 5

  Telnet timeout 5

  SSH GREEN-ARROW 255.255.255.255 House

  SSH SPIDERMAN 255.255.255.255 House

  SSH daredevil 255.255.255.255 House

  SSH WorkIP 255.255.255.255 outside

  SSH timeout 10

  SSH version 2

  Console timeout 30

  dhcpd outside auto_config

  !

  dhcprelay Server DAREDEVIL home

  dhcprelay enable comments

  dhcprelay setroute comments

  time-out of 60 dhcprelay

  Host priority queue

  a basic threat threat detection

  Statistics-list of access threat detection

  no statistical threat detection tcp-interception

  NTP Server 64.90.182.55 prefer external source

  Server TFTP FLASH-home of THEftp://10.37.1.20/ t

  WebVPN

  Enable home

  allow outside

  SVC disk0:/anyconnect-win-3.1.04066-k9_3.pkg 1 image

  enable SVC

  attributes of Group Policy DfltGrpPolicy

  value of server DNS 10.37.1.10

  VPN - connections 1

  Protocol-tunnel-VPN IPSec l2tp ipsec svc webvpn

  Split-tunnel-policy tunnelspecified

  value of Split-tunnel-network-list Split_Tunnel_List

  Batcave.local value by default-field

  WebVPN

  SVC request to enable default webvpn

  aquaman encrypted KKOPGG99Bk0xyhXS privilege 15 password username

  jared YlQ4V6UbWiR/Dfov password user name encrypted privilege 15

  attributes global-tunnel-group DefaultWEBVPNGroup

  address VPN_DHCP pool

  type tunnel-group HomeVPN remote access

  attributes global-tunnel-group HomeVPN

  address VPN_DHCP pool

  authentication-server-group BATCAVE

  !

  !

  !

  type of policy-card inspect dns preset_dns_map

  parameters

  message-length maximum 512

  Policy-map global_policy

  !

  10.37.1.30 SMTP server

  context of prompt hostname

  no remote anonymous reporting call

  call-home

  Profile of CiscoTAC-1

  no active account

  http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address

  email address of destination [email protected] / * /

  destination-mode http transport

  Subscribe to alert-group diagnosis

  Subscribe to alert-group environment

  Subscribe to alert-group monthly periodic inventory

  monthly periodicals to subscribe to alert-group configuration

  daily periodic subscribe to alert-group telemetry

  Cryptochecksum:65c8e856cde7d73200dd38f670613c2b

  : end

  Hi Jared,

  Because your configuration has the statement without sysopt connection VPN-enabled -'re missing you an exempt nat rule. This is why you must configure an access list to allow traffic between your network VPN of RA and your inside the subnet - apply rule to your house where the 10.37.1.0/24 of the interface.

  Example:

  access extensive list ip 10.37.1.0 nonat_rule allow 255.255.255.0 10.37.3.0 255.255.255.0
  NAT (House) access 0-list nonat_rule

  Give that a try

  Concerning

• AnyConnect users can access internal network

  Hello!

  Just sat up a new Anyconnect VPN solution for a customer. It works almost perfect.

  Anyconnect users can reach the internal network storage. The anyconnect users can access the internet, but nothing on the network internal.

  (Deleted all the passwords and public IP addresses)

  ASA 4,0000 Version 1

  !

  ciscoasa hostname

  names of

  !

  interface Ethernet0/0

  switchport access vlan 2

  !

  interface Ethernet0/1

  !

  interface Ethernet0/2

  !

  interface Ethernet0/3

  !

  interface Ethernet0/4

  !

  interface Ethernet0/5

  !

  interface Ethernet0/6

  !

  interface Ethernet0/7

  !

  interface Vlan1

  nameif inside

  security-level 100

  IP 192.168.9.1 255.255.255.0

  !

  interface Vlan2

  nameif outside

  security-level 0

  IP address

  !

  passive FTP mode

  DNS domain-lookup outside

  DNS server-group DefaultDNS

  Server name 213.80.98.2

  Server name 213.80.101.3

  network obj_any object

  subnet 0.0.0.0 0.0.0.0

  access-list SHEEP extended ip 192.168.9.0 allow 255.255.255.0 192.168.9.0 255.255.255.0

  AnyConnect_Client_Local_Print deny ip extended access list a whole

  AnyConnect_Client_Local_Print list extended access permit tcp any any eq lpd

  Note AnyConnect_Client_Local_Print of access list IPP: Internet Printing Protocol

  AnyConnect_Client_Local_Print list extended access permit tcp any any eq 631

  print the access-list AnyConnect_Client_Local_Print Note Windows port

  AnyConnect_Client_Local_Print list extended access permit tcp any any eq 9100

  access-list AnyConnect_Client_Local_Print mDNS Note: multicast DNS protocol

  AnyConnect_Client_Local_Print list extended access permit udp any host 224.0.0.251 eq 5353

  AnyConnect_Client_Local_Print of access list LLMNR Note: link Local Multicast Name Resolution protocol

  AnyConnect_Client_Local_Print list extended access permit udp any host 224.0.0.252 eq 5355

  Note access list TCP/NetBIOS protocol AnyConnect_Client_Local_Print

  AnyConnect_Client_Local_Print list extended access permit tcp any any eq 137

  AnyConnect_Client_Local_Print list extended access udp allowed any any eq netbios-ns

  pager lines 24

  Enable logging

  logging of debug asdm

  Within 1500 MTU

  Outside 1500 MTU

  mask 192.168.9.50 - 192.168.9.80 255.255.255.0 IP local pool SSLClientPool

  ICMP unreachable rate-limit 1 burst-size 1

  don't allow no asdm history

  ARP timeout 14400

  NAT (inside, outside) source Dynamics one interface

  !

  network obj_any object

  NAT dynamic interface (indoor, outdoor)

  Route outside 0.0.0.0 0.0.0.0 1

  Timeout xlate 03:00

  Pat-xlate timeout 0:00:30

  Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

  Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00

  Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00

  Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

  timeout tcp-proxy-reassembly 0:01:00

  Floating conn timeout 0:00:00

  dynamic-access-policy-registration DfltAccessPolicy

  identity of the user by default-domain LOCAL

  AAA authentication enable LOCAL console

  AAA authentication http LOCAL console

  LOCAL AAA authentication serial console

  the ssh LOCAL console AAA authentication

  AAA authentication LOCAL telnet console

  Enable http server

  http 192.168.9.0 255.255.255.0 inside

  http 0.0.0.0 0.0.0.0 inside

  http 0.0.0.0 0.0.0.0 outdoors

  No snmp server location

  No snmp Server contact

  Server enable SNMP traps snmp authentication linkup, linkdown warmstart of cold start

  Telnet timeout 5

  SSH timeout 5

  SSH group dh-Group1-sha1 key exchange

  Console timeout 0

  dhcpd outside auto_config

  !

  dhcpd address 192.168.9.2 - 192.168.9.33 inside

  dhcpd ip interface 192.168.9.1 option 3 inside

  !

  a basic threat threat detection

  Statistics-list of access threat detection

  no statistical threat detection tcp-interception

  WebVPN

  allow outside

  AnyConnect image disk0:/anyconnect-win-2.5.3046-k9.pkg 1

  AnyConnect enable

  tunnel-group-list activate

  internal SSLClitentPolicy group strategy

  internal SSLClientPolicy group strategy

  attributes of Group Policy SSLClientPolicy

  value of server DNS 192.168.9.5

  client ssl-VPN-tunnel-Protocol

  the address value SSLClientPool pools

  attributes of Group Policy DfltGrpPolicy

  VPN-tunnel-Protocol ikev1, ikev2 ssl clientless ssl ipsec l2tp client

  VPN Tunnel-group type remote access

  type tunnel-group SSLClientProfile remote access

  attributes global-tunnel-group SSLClientProfile

  Group Policy - by default-SSLClientPolicy

  tunnel-group SSLClientProfile webvpn-attributes

  enable SSLVPNClient group-alias

  !

  class-map inspection_default

  match default-inspection-traffic

  !

  !

  type of policy-card inspect dns preset_dns_map

  parameters

  maximum message length automatic of customer

  message-length maximum 512

  Policy-map global_policy

  class inspection_default

  inspect the preset_dns_map dns

  inspect the ftp

  inspect h323 h225

  inspect the h323 ras

  inspect the rsh

  inspect the rtsp

  inspect esmtp

  inspect sqlnet

  inspect the skinny

  inspect sunrpc

  inspect xdmcp

  inspect the sip

  inspect the netbios

  inspect the tftp

  Review the ip options

  !

  global service-policy global_policy

  context of prompt hostname

  no remote anonymous reporting call

  Cryptochecksum:6a58e90dc61dfbf7ba15e059e5931609

  : end

  Looks like you got the permit vpn sysopt disable to enable:

  Sysopt connection permit VPN

  Also remove the dynamic NAT depending on whether you have already configured under the NAT object:

  No source (indoor, outdoor) nat Dynamics one interface

  Then 'clear xlate' once again and let us know if it works now.

• Cannot access the network - Get unspecified error 0 x 80004005

  Hi all

  I have a strange problem that I hope someone can help me with.

  I have a PC Windows Vista Ultimate, newly installed, all the patches applied. Any other installed apps don't except MS Office.

  Not my problem, I have a NAS drive on my network and can be accessed by different machines on my network (IE. \\NAS)

  However for some reason any my Vista machine has ceased to recognize this. Now I can only connect via an IP address (IE. ( \\192.168.0.2).

  Whenever I have try type \\NAS he says "Windows cannot access \\NAS... etc etc" with a "unspecified error 0 error Code 80004005 x.

  He used to work, but now it does which is very weird. When I click on diagnose says that it cannot find \\NAS. However, as this network drive has a web front end, when I type its IP address there is no problem at all and I can access it, but not through windows Explorer! I use a TP-Link wireless adapter. I have a LAN connector normal that I disabled and enabled with no effect (although I have not physically connected them)

  I can navigate to Windwos Vista machine to it seems to work very well.

  Any ideas?

  Thanks in advance.

  Neal.

  If the regular way, you connect a reader could not be used and that you were forced to connect by ip, get error 80004005 would make sense, because it means that the rights or false refused/insufficient access permissions. Your network can have a parameter saying denied access by ip address, so either you might find this setting, or find a way to solve the original problem, making it impossible to connect as normal to you.

  I would check the firewalls, because your firewall or the firewall of the NAS could have been changed to not connect to the NAS or do not allow you to connect, respectively.

• Cannot access the network drive or impossible to mount the network drive. Error "network path was not found.

  Original title: network path was not found

  HI, after the upgradation from windows xp sp2 to sp3 (next to the customer) I can't access the network drive or impossible to mount the network drive. ' ' It showa error "network path was not found.

  Hi gauravadavadkar,

  Thanks for posting your query in Microsoft Communities. Provide the following information:

  ·         Did you do changes on the computer before the show?

  ·         What is the full error message?

  ·         Work on a domain?

  Follow these methods.

  Method 1: Temporarily disable the security software.

  Note: Antivirus software can help protect your computer against viruses and other security threats. In most cases, you should not disable your antivirus software. If you do not disable temporarily to install other software, you must reactivate as soon as you are finished. If you are connected to the Internet or a network during the time that your antivirus software is disabled, your computer is vulnerable to attacks.

  Method 2: Follow these steps:

  Step 1: Start the computer in safe mode with networkand check if the problem persists.

  S tep 2: if the problem does not persist in safe mode with networking, perform a clean bootto see if there is a software conflict as the clean boot helps eliminate software conflicts.

  Note: After completing the steps in the clean boot troubleshooting, follow the steps to configure Windows to use a Normal startup state section of the article to start the computer to a Normal startupmode.

  After the clean boot used to resolve the problem, you can follow these steps to configure Windows XP to start normally.

  (a) click Startand then click run.

  (b) type msconfigand click OK.
  The System Configuration utility dialog box appears.

  (c) click on the general tab, click Normal Startup - load all device drivers and services, and then click OK.

  (d) when you are prompted, click restart to restart the computer.

  Method 3: Follow the steps in the article.

  How to troubleshoot a network home in Windows XP

  In Windows network connection issues

  You can read this article for more information:

  Windows wireless and wired network connection problems

  I hope this helps. Let us know if you need more assistance.

  Thank you.

• Cannot access the network without password drives?

  I had a failure of hard drive on my laptop and I can't access my network of resources to work after installing the new drive.  A dialog box opens for a username and password when I try to map a network drive.  No other computer in fact.  Vista is the problem, but what is the solution?

  You must create an identical user account and password on your Vista machine that corresponds to the remote computer. The error you get indicates that you did not do this. MS - MVP - Elephant Boy computers - don't panic!

• Cannot access the network using WiFi hotspot

  I have a lenovo ideapad z570 running windows 7 ultimate, processor intel pentium cpu B950 @2.10 GHZ 2 GB ram and 64-bit operating system. My problem is that when I create a wifi hotspot via intel my wifi technology, I so can not access the network on my android phone or the playstation 3. There is a sign yellow triangle on the wireless icon and I have the cursor on it, she reads, access to the internet network, unidentified network no internet access. I tried to update all the drivers, I even reinstalled the operating system after a wipe, same result. I tried to use programs such as connectify but same result. Please help me

  Original title: network
  

  There is a sign yellow triangle on the wireless icon and I have the cursor on it, she reads, access to the internet network, unidentified network no internet access. I tried to update all the drivers, I even reinstalled the operating system after a wipe, same result. I tried to use programs such as connectify but same result. Please help me

  Hello

  You try to use the Add-hock network so that you can access ac in android are as good as play station unit
  Like you would have checked in the id network properties material and device id, it yellow list means problem with driver, please try to update the BIOS and the driver appropriate with the hardware ID, if possible to install from the laptop power management

  IdeaPad Z570.please press fn + f5 and check the layout state of WIFI is turned on, current state should off
  Download these drivers and install it, then try again
  http://download.Lenovo.com/userfiles/Driver/en/downloads%20and%20Drivers/Z570/Win7/IN1WLN90WW5.exe

  http://download.Lenovo.com/userfiles/Driver/en/downloads%20and%20Drivers/Z370Z470/IN8STW09WW5.exe
  http://download.Lenovo.com/userfiles/Driver/en/downloads%20and%20Drivers/Z570/Win7/IN1MEI08WW5.exe
  http://download.Lenovo.com/userfiles/Driver/en/downloads%20and%20Drivers/Z570/Win7/IN1CHP30WW5.exe

• Help, please! Connected to the VPN, but cannot access internal servers.

  Hi friends,

  I'm a newbie on vpn stuff, I set up a base on a Cisco ASA 5505 vpn by using ASDM, and I was able to connect to it.  However, I can't ssh or RDP to one of the servers in the House after that I connected to the vpn.  Here is the configuration.  Help, please!

  ASA Version 8.2 (5)

  !

  hostname sc - asa

  domain abc.com

  enable the encrypted password xxxxxxxxx

  xxxxxxxxx encrypted passwd

  names of

  !

  interface Ethernet0/0

  switchport access vlan 2

  !

  interface Ethernet0/1

  !

  interface Ethernet0/2

  !

  interface Ethernet0/3

  !

  interface Ethernet0/4

  !

  interface Ethernet0/5

  !

  interface Ethernet0/6

  !

  interface Ethernet0/7

  !

  interface Vlan1

  nameif inside

  security-level 100

  IP 192.168.1.1 255.255.255.0

  !

  interface Vlan2

  nameif outside

  security-level 0

  IP address dhcp setroute

  !

  passive FTP mode

  DNS server-group DefaultDNS

  domain OpenDNS.com

  sc-pool_splitTunnelAcl-list of allowed access standard 192.168.1.0 255.255.255.0

  inside_nat0_outbound to access ip 192.168.1.0 scope list allow 255.255.255.0 192.168.1.96 255.255.255.240

  pager lines 24

  Enable logging

  asdm of logging of information

  Within 1500 MTU

  Outside 1500 MTU

  IP local pool sc-192.168.1.100 - 192.168.1.110 mask 255.255.255.0

  ICMP unreachable rate-limit 1 burst-size 1

  don't allow no asdm history

  ARP timeout 14400

  Global 1 interface (outside)

  NAT (inside) 0-list of access inside_nat0_outbound

  NAT (inside) 1 0.0.0.0 0.0.0.0

  Timeout xlate 03:00

  Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

  Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00

  Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00

  Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

  timeout tcp-proxy-reassembly 0:01:00

  Floating conn timeout 0:00:00

  dynamic-access-policy-registration DfltAccessPolicy

  Enable http server

  http 192.168.1.0 255.255.255.0 inside

  No snmp server location

  No snmp Server contact

  Server enable SNMP traps snmp authentication linkup, linkdown cold start

  Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac

  Crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac

  Crypto ipsec transform-set ESP-DES-SHA esp - esp-sha-hmac

  Crypto ipsec transform-set ESP-DES-MD5 esp - esp-md5-hmac

  Crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac

  Crypto ipsec transform-set ESP-3DES-MD5-esp-3des esp-md5-hmac

  Crypto ipsec transform-set ESP-AES-256-SHA 256 - aes - esp esp-sha-hmac

  Crypto ipsec transform-set ESP-AES-128-SHA aes - esp esp-sha-hmac

  Crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac

  Crypto ipsec transform-set ESP-AES-128-MD5-esp - aes esp-md5-hmac

  life crypto ipsec security association seconds 28800

  Crypto ipsec kilobytes of life - safety 4608000 association

  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 pfs Group1 set

  Crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 value transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA MD5-ESP-3DES ESP-DES-SHA ESP-DES-MD5

  outside_map card crypto 65535-isakmp dynamic ipsec SYSTEM_DEFAULT_CRYPTO_MAP

  outside_map interface card crypto outside

  crypto ISAKMP allow outside

  crypto ISAKMP policy 10

  preshared authentication

  3des encryption

  sha hash

  Group 2

  life 86400

  Telnet timeout 5

  SSH timeout 5

  Console timeout 0

  interface ID client DHCP-client to the outside

  dhcpd outside auto_config

  !

  dhcpd address 192.168.1.5 - 192.168.1.36 inside

  dhcpd dns 208.67.222.222 208.67.220.220 interface inside

  rental contract interface 86400 dhcpd inside

  dhcpd abc.com domain inside interface

  dhcpd allow inside

  !

  a basic threat threat detection

  Statistics-list of access threat detection

  no statistical threat detection tcp-interception

  SSL encryption rc4 - md5, rc4-aes128-sha1 aes256-3des-sha1 sha1 sha1

  WebVPN

  abc group policy - sc internal

  attributes of the strategy of group abc - sc

  value of server DNS 208.67.222.222 192.168.1.3

  Protocol-tunnel-VPN IPSec

  Split-tunnel-policy tunnelspecified

  Split-tunnel-network-list value abc-sc_splitTunnelAcl

  field default value abc.com

  a001 xxxxxxxxxxx encrypted password username

  a002 xxxxxxxxxxx encrypted password username

  username a003 encrypted password privilege 0 xxxxxxxxxxx

  a003 username attributes

  Strategy Group-VPN-abc-sc

  a004 xxxxxxxxxxx encrypted password privilege 0 username

  a004 username attributes

  Strategy Group-VPN-abc-sc

  a005 xxxxxxxxxxx encrypted password username

  a006 xxxxxxxxxxx encrypted password username

  username privilege 15 encrypted password xxxxxxxxxxx a007

  remote access to tunnel-group abc - sc type

  attributes global-tunnel-group-abc - sc

  address sc-pool pool

  Group Policy - by default-abc-sc

  tunnel-group abc - sc ipsec-attributes

  pre-shared key *.

  !

  class-map inspection_default

  match default-inspection-traffic

  !

  !

  type of policy-card inspect dns preset_dns_map

  parameters

  maximum message length automatic of customer

  message-length maximum 512

  Policy-map global_policy

  class inspection_default

  inspect the preset_dns_map dns

  inspect the ftp

  inspect h323 h225

  inspect the h323 ras

  inspect the rsh

  inspect the rtsp

  inspect esmtp

  inspect sqlnet

  inspect the skinny

  inspect sunrpc

  inspect xdmcp

  inspect the sip

  inspect the netbios

  inspect the tftp

  Review the ip options

  !

  global service-policy global_policy

  context of prompt hostname

  no remote anonymous reporting call

  Cryptochecksum:e7df4fa4b60a252d806ca5222d48883b

  : end

  Hello

  I would suggest you start by changing the pool VPN to something else than the current LAN network and see if that helps

  These should be the configuration required to achieve this goal

  • First remove us pool setup VPN VPN
  • Then we delete the VPN Pool and create again with an another address space
  • When then attach this new Pool of VPN again to the VPN configuration
  • In the last step, we add a NAT0 / exempt for this new pool VPN NAT configuration and remove the old ACL line for the former group of VPN

  attributes global-tunnel-group-abc - sc

  no address-sc-swimming pool

  no ip local pool sc 192.168.1.100 - 192.168.1.110 mask 255.255.255.0

  IP local pool sc-192.168.100.100 - 192.168.100.110 mask 255.255.255.0

  attributes global-tunnel-group-abc - sc

  address sc-pool pool

  inside_nat0_outbound to access ip 192.168.1.0 scope list allow 255.255.255.0 192.168.100.0 255.255.255.0

  No inside_nat0_outbound access ip 192.168.1.0 scope list allow 255.255.255.0 192.168.1.96 255.255.255.240

  -Jouni

• Cannot access remote network by VPN Site to Site ASA

  Hello everyone

  First of all I must say that I have configured the VPN site-to site a million times before.  Stuck with it. First of all I can't ping outside the interface of my ASA remote. Secondly, VPN is in place, but no connectivity between local networks

  ASA local:
  hostname gyd - asa
  domain bct.az
  activate the encrypted password of XeY1QWHKPK75Y48j
  XeY1QWHKPK75Y48j encrypted passwd
  names of
  DNS-guard
  !
  interface GigabitEthernet0/0
  Shutdown
  nameif vpnswc
  security-level 0
  IP 10.254.17.41 255.255.255.248
  !
  interface GigabitEthernet0/1
  Vpn-turan-Baku description
  nameif outside Baku
  security-level 0
  IP 10.254.17.9 255.255.255.248
  !
  interface GigabitEthernet0/2
  Vpn-ganja description
  nameif outside-Ganja
  security-level 0
  IP 10.254.17.17 255.255.255.248
  !
  interface GigabitEthernet0/2.30
  Description remote access
  VLAN 30
  nameif remote access
  security-level 0
  IP 85.*. *. * 255.255.255.0
  !
  interface GigabitEthernet0/3
  Description BCT_Inside
  nameif inside-Bct
  security-level 100
  IP 10.40.50.65 255.255.255.252
  !
  interface Management0/0
  nameif management
  security-level 100
  IP 192.168.251.1 255.255.255.0
  management only
  !
  boot system Disk0: / asa823 - k8.bin
  passive FTP mode
  DNS server-group DefaultDNS
  name-server 192.168.1.3
  domain bct.az
  permit same-security-traffic intra-interface
  object-group network obj - 192.168.121.0
  object-group network obj - 10.40.60.0
  object-group network obj - 10.40.50.0
  object-group network obj - 192.168.0.0
  object-group network obj - 172.26.0.0
  object-group network obj - 10.254.17.0
  object-group network obj - 192.168.122.0
  object-group service obj-tcp-eq-22
  object-group network obj - 10.254.17.18
  object-group network obj - 10.254.17.10
  object-group network obj - 10.254.17.26
  access-list 110 scope ip allow a whole
  NAT list extended access permit tcp any host 10.254.17.10 eq ssh
  NAT list extended access permit tcp any host 10.254.17.26 eq ssh
  access-list extended ip allowed any one sheep
  icmp_inside list extended access permit icmp any one
  icmp_inside of access allowed any ip an extended list
  access list nat-ganja extended permit tcp any host 10.254.17.18 eq ssh
  RDP list extended access permit tcp any host 192.168.45.3 eq 3389
  rdp extended permitted any one ip access list
  sheep-vpn access-list extended permits all ip 192.168.121.0 255.255.255.0
  NAT-vpn-internet access-list extended ip 192.168.121.0 allow 255.255.255.0 any
  NAT-vpn-internet access-list extended ip 172.26.0.0 allow 255.255.255.0 any
  NAT-vpn-internet access-list extended ip 192.168.122.0 allow 255.255.255.0 any
  access-list sheep-vpn-city scope ip 192.168.121.0 allow 255.255.255.0 10.40.60.0 255.255.255.0
  access-list sheep-vpn-city scope ip 192.168.121.0 allow 255.255.255.0 10.40.50.0 255.255.255.0
  access-list sheep-vpn-city scope ip 192.168.121.0 allow 255.255.255.0 192.168.0.0 255.255.0.0
  access-list sheep-vpn-city scope ip 192.168.121.0 allow 255.255.255.0 172.26.0.0 255.255.255.0
  access-list sheep-vpn-city scope ip 192.168.121.0 allow 255.255.255.0 10.254.17.0 255.255.255.0
  GHC-ganja-internet access-list extended ip 192.168.45.0 allow 255.255.255.0 any
  Standard access list Split_Tunnel_List allow 192.168.16.0 255.255.255.0
  azans 192.168.69.0 ip extended access-list allow 255.255.255.0 any
  permit inside_nat0_outbound to access extended list ip 192.168.0.0 255.255.0.0 192.168.121.0 255.255.255.0
  permit inside_nat0_outbound to access extended list ip 192.168.0.0 255.255.0.0 192.168.80.0 255.255.255.0
  pager lines 24
  Enable logging
  emblem of logging
  recording of debug console
  recording of debug trap
  asdm of logging of information
  Interior-Bct 192.168.1.27 host connection
  flow-export destination inside-Bct 192.168.1.27 9996
  vpnswc MTU 1500
  outside Baku MTU 1500
  outside-Ganja MTU 1500
  MTU 1500 remote access
  Interior-Bct MTU 1500
  management of MTU 1500
  IP local pool raccess 192.168.121.60 - 192.168.121.120 mask 255.255.255.0
  IP local pool ssl 192.168.121.130 - 192.168.121.200 mask 255.255.255.0
  no failover
  ICMP unreachable rate-limit 1 burst-size 1
  ICMP allow any outside Baku
  ICMP allow access remotely
  ICMP allow any interior-Bct
  ASDM image disk0: / asdm - 621.bin
  don't allow no asdm history
  ARP timeout 14400
  global (outside-Baku) 1 interface
  global (outside-Ganja) interface 2
  3 overall (RAS) interface
  azans access-list NAT 3 (outside-Ganja)
  NAT (remote access) 0 access-list sheep-vpn-city
  NAT 3 list nat-vpn-internet access (remote access)
  NAT (inside-Bct) 0-list of access inside_nat0_outbound
  NAT (inside-Bct) 2-nat-ganja access list
  NAT (inside-Bct) 1 access list nat
  Access-group rdp on interface outside-Ganja
  !
  Router eigrp 2008
  No Auto-resume
  neighbor 10.254.17.10 interface outside Baku
  neighbor 10.40.50.66 Interior-Bct interface
  Network 10.40.50.64 255.255.255.252
  Network 10.250.25.0 255.255.255.0
  Network 10.254.17.8 255.255.255.248
  Network 10.254.17.16 255.255.255.248
  redistribute static
  !
  Access remote 0.0.0.0 0.0.0.0 85.*. *. * 1
  Outside-Baku route 10.0.11.0 255.255.255.0 10.254.17.10 1
  Outside-Baku route 10.0.33.0 255.255.255.0 10.254.17.10 1
  Outside-Baku route 10.0.150.0 255.255.255.0 10.254.17.10 1
  Outside-Baku route 10.0.170.0 255.255.255.0 10.254.17.10 1
  Route outside Baku 10.254.17.24 255.255.255.248 10.254.17.10 1
  Route outside Baku 10.254.17.32 255.255.255.248 10.254.17.10 1
  Route outside Baku 192.1.1.0 255.255.255.0 10.254.17.10 1
  Outside-Baku route 192.168.27.0 255.255.255.0 10.254.17.10 1
  Outside-Baku route 192.168.39.0 255.255.255.0 10.254.17.10 1
  Route outside-Ganja 192.168.45.0 255.255.255.0 10.254.17.18 1
  Route outside-Ganja 192.168.66.0 255.255.255.0 10.254.17.18 1
  Route outside-Ganja 192.168.69.0 255.255.255.0 10.254.17.18 1
  Outside-Baku route 192.168.80.0 255.255.255.0 10.254.17.11 1
  Access remote 192.168.121.0 255.255.255.0 85.132.43.1 1
  Route outside-Ganja 192.168.184.0 255.255.255.0 10.254.17.18 1
  Route outside Baku 192.168.208.16 255.255.255.240 10.254.17.10 1
  Route outside-Ganja 192.168.208.112 255.255.255.240 10.254.17.18 1
  Route inside-Bct 192.168.254.0 255.255.255.0 10.40.50.66 1
  Timeout xlate 03:00
  Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
  Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
  Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  dynamic-access-policy-registration DfltAccessPolicy
  AAA-server protocol Ganymede GANYMEDE +.
  AAA-server GANYMEDE (Interior-Bct) 192.168.1.8
  key *.
  AAA-server GANYMEDE (Interior-Bct) 192.168.22.46
  key *.
  RADIUS protocol AAA-server TACACS1
  AAA-server TACACS1 (Interior-Bct) host 192.168.1.8
  key *.
  AAA-server TACACS1 (Interior-Bct) host 192.168.22.46
  key *.
  authentication AAA ssh console LOCAL GANYMEDE
  Console to enable AAA authentication RADIUS LOCAL
  Console Telnet AAA authentication RADIUS LOCAL
  AAA accounting ssh console GANYMEDE
  Console Telnet accounting AAA GANYMEDE
  Enable http server
  http 192.168.1.0 255.255.255.0 management
  http 192.168.1.0 255.255.255.0 Interior-Bct
  http 192.168.139.0 255.255.255.0 Interior-Bct
  http 192.168.0.0 255.255.255.0 Interior-Bct
  Survey community SNMP-server host inside-Bct 192.168.1.27
  No snmp server location
  No snmp Server contact
  Server enable SNMP traps snmp authentication linkup, linkdown cold start
  Crypto ipsec transform-set esp-3des esp-md5-hmac RIGHT
  Crypto ipsec transform-set newset aes - esp esp-md5-hmac
  Crypto ipsec transform-set esp-3des esp-sha-hmac myset2
  Crypto ipsec transform-set esp-3des esp-md5-hmac raccess
  Crypto ipsec transform-set esp-3des esp-sha-hmac vpnclienttrans
  Crypto ipsec transform-set vpnclienttrans transport mode
  life crypto ipsec security association seconds 2147483646
  Crypto ipsec kilobytes of life security-association 2147483646
  raccess 1 set transform-set vpnclienttrans crypto dyn1 dynamic-map
  correspondence address card crypto mymap 10 110
  card crypto mymap 10 peers set 10.254.17.10
  card crypto mymap 10 transform-set RIGHT
  correspondence address card crypto mymap 20 110
  card crypto mymap 20 peers set 10.254.17.11
  mymap 20 transform-set myset2 crypto card
  card crypto mymap interface outside Baku
  correspondence address card crypto ganja 10 110
  10 ganja crypto map peer set 10.254.17.18
  card crypto ganja 10 transform-set RIGHT
  card crypto interface outside-Ganja ganja
  correspondence address card crypto vpntest 20 110
  peer set card crypto vpntest 20 10.250.25.1
  newset vpntest 20 transform-set card crypto
  card crypto vpntest interface vpnswc
  vpnclientmap 30 card crypto ipsec-isakmp dynamic dyn1
  card crypto interface for remote access vpnclientmap
  Crypto ca trustpoint ASDM_TrustPoint0
  registration auto
  name of the object CN = gyd - asa .az .bct
  sslvpnkeypair key pair
  Configure CRL
  map of crypto DefaultCertificateMap 10 ca certificate

  crypto isakmp identity address
  ISAKMP crypto enable vpnswc
  ISAKMP crypto enable outside-Baku
  ISAKMP crypto enable outside-Ganja
  crypto ISAKMP enable remote access
  ISAKMP crypto enable Interior-Bct
  crypto ISAKMP policy 10
  preshared authentication
  3des encryption
  md5 hash
  Group 2
  life 86400
  crypto ISAKMP policy 20
  preshared authentication
  aes encryption
  md5 hash
  Group 2
  life 86400
  crypto ISAKMP policy 30
  preshared authentication
  3des encryption
  sha hash
  Group 2
  life 86400
  crypto ISAKMP policy 40
  preshared authentication
  aes encryption
  sha hash
  Group 2
  life 86400
  Crypto isakmp nat-traversal 30
  No vpn-addr-assign aaa
  Telnet timeout 5
  SSH 192.168.0.0 255.255.255.0 Interior-Bct
  SSH timeout 35
  Console timeout 0
  priority queue outside Baku
  queue-limit 2046
  TX-ring-limit 254
  a basic threat threat detection
  Statistics-list of access threat detection
  no statistical threat detection tcp-interception
  Server NTP 192.168.1.3
  SSL encryption, 3des-sha1 rc4 - md5 aes128-sha1 sha1-aes256
  SSL-trust point ASDM_TrustPoint0 to vpnlb-ip remote access
  SSL-trust ASDM_TrustPoint0 remote access point
  WebVPN
  turn on remote access
  SVC disk0:/anyconnect-win-2.4.1012-k9.pkg 1 image
  enable SVC
  tunnel-group-list activate
  attributes of Group Policy DfltGrpPolicy
  Protocol-tunnel-VPN IPSec l2tp ipsec svc webvpn
  internal group ssl policy
  attributes of group ssl policy
  banner welcome to SW value
  value of DNS-server 192.168.1.3
  Protocol-tunnel-VPN IPSec l2tp ipsec svc webvpn
  group-lock value SSL
  WebVPN
  value of the SPS URL-list
  internal vpn group policy
  attributes of vpn group policy
  value of DNS-server 192.168.1.3
  Protocol-tunnel-VPN IPSec l2tp ipsec
  disable the PFS
  BCT.AZ value by default-field
  ssl VPN-group-strategy
  WebVPN
  value of the SPS URL-list
  IPSec-attributes tunnel-group DefaultL2LGroup
  ISAKMP retry threshold 20 keepalive 5
  attributes global-tunnel-group DefaultRAGroup
  raccess address pool
  Group-RADIUS authentication server
  Group Policy - by default-vpn
  IPSec-attributes tunnel-group DefaultRAGroup
  pre-shared key *.
  ISAKMP retry threshold 20 keepalive 5
  IPSec-attributes tunnel-group DefaultWEBVPNGroup
  ISAKMP retry threshold 20 keepalive 5
  tunnel-group 10.254.17.10 type ipsec-l2l
  IPSec-attributes tunnel-group 10.254.17.10
  pre-shared key *.
  ISAKMP retry threshold 20 keepalive 5
  type SSL tunnel-group remote access
  attributes global-group-tunnel SSL
  ssl address pool
  Authentication (remote access) LOCAL servers group
  Group Policy - by default-ssl
  certificate-use-set-name username
  Group-tunnel SSL webvpn-attributes
  enable SSL group-alias
  Group-url https://85. *. *. * / activate
  tunnel-group 10.254.17.18 type ipsec-l2l
  IPSec-attributes tunnel-group 10.254.17.18
  pre-shared key *.
  ISAKMP retry threshold 20 keepalive 5
  tunnel-group 10.254.17.11 type ipsec-l2l
  IPSec-attributes tunnel-group 10.254.17.11
  pre-shared key *.
  ISAKMP retry threshold 20 keepalive 5
  type tunnel-group DefaultSWITGroup remote access
  attributes global-tunnel-group DefaultSWITGroup
  raccess address pool
  Group-RADIUS authentication server
  Group Policy - by default-vpn
  IPSec-attributes tunnel-group DefaultSWITGroup
  pre-shared key *.
  !
  type of policy-card inspect dns migrated_dns_map_1
  parameters
  message-length maximum 512
  Policy-map global_policy
  class inspection_default
  inspect the migrated_dns_map_1 dns
  inspect the rsh
  inspect the rtsp
  inspect sqlnet
  inspect sunrpc
  inspect xdmcp
  inspect the netbios
  Review the ip options
  class flow_export_cl
  flow-export-type of event all the destination 192.168.1.27
  class class by default
  flow-export-type of event all the destination 192.168.1.27
  Policy-map Voicepolicy
  class voice
  priority
  The class data
  police release 80000000
  !
  global service-policy global_policy
  service-policy interface outside Baku Voicepolicy
  context of prompt hostname

  Cryptochecksum:4f35f975ba7a0c11f7f46dfd541d266f
  : end
  GYD - asa #.

  ASA remote:
  ASA Version 8.2 (3)
  !
  ciscoasa hostname
  activate the encrypted password of XeY1QWHKPK75Y48j
  2KFQnbNIdI.2KYOU encrypted passwd
  names of
  DNS-guard
  !
  interface Ethernet0/0
  nameif inside
  security-level 100
  IP 192.168.80.14 255.255.255.0
  !
  interface Ethernet0/1
  nameif outside
  security-level 0
  IP 10.254.17.11 255.255.255.248
  !
  interface Ethernet0/2
  Shutdown
  No nameif
  no level of security
  no ip address
  !
  interface Ethernet0/3
  Shutdown
  No nameif
  no level of security
  no ip address
  !
  interface Management0/0
  Shutdown
  nameif management
  security-level 100
  no ip address
  management only
  !
  boot system Disk0: / asa823 - k8.bin
  passive FTP mode
  access-list 110 scope ip allow a whole
  192.168.80.0 IP Access-list extended sheep 255.255.255.0 allow 192.168.0.0 255.255.0.0
  pager lines 24
  Enable logging
  asdm of logging of information
  Outside 1500 MTU
  management of MTU 1500
  Within 1500 MTU
  no failover
  ICMP unreachable rate-limit 1 burst-size 1
  ICMP allow all outside
  ICMP allow any inside
  ASDM image disk0: / asdm - 621.bin
  don't allow no asdm history
  ARP timeout 14400
  NAT (inside) 0 access-list sheep
  Route outside 0.0.0.0 0.0.0.0 10.254.17.9 1
  Timeout xlate 03:00
  Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
  Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
  Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  dynamic-access-policy-registration DfltAccessPolicy
  Enable http server
  http 192.168.1.0 255.255.255.0 management
  http 192.168.80.0 255.255.255.0 inside
  No snmp server location
  No snmp Server contact
  Server enable SNMP traps snmp authentication linkup, linkdown cold start
  Crypto ipsec transform-set esp-3des esp-md5-hmac RIGHT
  Crypto ipsec transform-set newset aes - esp esp-md5-hmac
  Crypto ipsec transform-set esp-3des esp-sha-hmac myset2
  life crypto ipsec security association seconds 2147483646
  Crypto ipsec kilobytes of life security-association 2147483646
  correspondence address card crypto mymap 10 110
  card crypto mymap 10 peers set 10.254.17.9
  mymap 10 transform-set myset2 crypto card
  mymap outside crypto map interface
  crypto ISAKMP allow outside
  crypto ISAKMP policy 10
  preshared authentication
  3des encryption
  md5 hash
  Group 2
  life 86400
  crypto ISAKMP policy 20
  preshared authentication
  aes encryption
  md5 hash
  Group 2
  life 86400
  crypto ISAKMP policy 30
  preshared authentication
  3des encryption
  sha hash
  Group 2
  life 86400
  crypto ISAKMP policy 40
  preshared authentication
  aes encryption
  sha hash
  Group 2
  life 86400
  Telnet timeout 5
  SSH timeout 5
  Console timeout 0
  a basic threat threat detection
  Statistics-list of access threat detection
  no statistical threat detection tcp-interception
  WebVPN

  tunnel-group 10.254.17.9 type ipsec-l2l
  IPSec-attributes tunnel-group 10.254.17.9
  pre-shared key *.
  !
  class-map inspection_default
  match default-inspection-traffic
  !
  !
  type of policy-card inspect dns migrated_dns_map_1
  parameters
  maximum message length automatic of customer
  message-length maximum 512
  Policy-map global_policy
  class inspection_default
  inspect the migrated_dns_map_1 dns
  inspect the ftp
  inspect h323 h225
  inspect the h323 ras
  inspect the rsh
  inspect the rtsp
  inspect esmtp
  inspect sqlnet
  inspect the skinny
  inspect sunrpc
  inspect xdmcp
  inspect the sip
  inspect the netbios
  inspect the tftp
  Review the ip options
  !
  global service-policy global_policy
  context of prompt hostname

  Cryptochecksum:1c1ac60e2fb84f65269d15d53f27c21b
  : end
  ciscoasa # $

  Still, I can't ping ASA remote outside from outside of the Local interface. And there is no connectivity between the 192.168.80.0 distance and local don't say 192.168.1.0. I have run out of ideas

  Would appreciate any help. Thank you in advance...

  If the tunnel is up (phase 1), but no traffic passing the best test is the following:

  Add order management-access to the Interior , and then try to PING the intellectual property inside ASA counterpart.

  inside x.x.x.x ping --> x.x.x.x is the IP of the ASA peer inside

  The test above shows if the traffic passes through the tunnel (check encrypted/decrypted packets of sh cry ips its).

  Test on both directions.

  Please post the results.

  Federico.

• Cannot access Ethernet network

  I have recently updated my network router and has difficulties to get things to work. My Internet is wireless (no land line). For more than 6 years, I have used with success a Netgear MBR624GU 3 G Router wireless broadband that allowed me to access the Internet as well as to support a physical Ethernet network (with other computers, printers and a Sonos music system with the iTunes library on a NAS). The Netgear router was also on the Ethernet network (all with 192.168.2.0/24 IP addresses). There is also WiFi access for iPad, etc.

  Go now my new contract LTE brought me a router Huawei Mobile WiFi E5577C. There is no Ethernet port. I managed to access the Internet through it. However, I cannot now access the Ethernet - ping reports "Request Timeout" and printers and Sonos system are not accessible. This seems strange to me, I thought of a direct access to the physical network should be easy. I tried things like turn off Wi - Fi, but who did not have Ethernet access works. I put the Ethernet network with the highest priority in the order of Service, a second Wi - Fi connection. Currently I have two Ethernet and Wi - Fi configured manually (attribution 192.168.3.0 Wi - Fi and Ethernet 192.168.2.0 IP addresses, Wi - Fi with 192.168.3.2 as router - I also tried to use DHCP but with no more success). I also tried with and without the Netgear router that is also attached to the Ether net but that doesn't seem to make a difference.

  I thought that I have perhaps need a router different with a port Ethernet (like the Netgear) but, given that I have to pay for that myself, I know whether it is the only solution before spending money.

  I guess I understood something wrongly in this configuration. If anyone can give me any advice or suggest what I might try, I'll be very grateful. If I should post more detailed data, please let me know.

  You are going to have to implement some sort of IP routing or bridging of the connected to the wireless network, or you will need to implement local areas with several connections network with separate subnets.   You might need the static routes for devices with multiple network paths, but you will need at least to have your wireline and wireless in separate subnets.   This so that your network traffic can be set via Wi - Fi to the ISP, or via cables to other local devices.

  Or get a modem that has wired and wireless.   Or one that has a cable, if you are inclined to set up and manage your own network.

  If there is the budget and the desire to run your own network...  My usual preference involves isolated for each of the main functions and including the PSI at the edge device and devices configured to a minimum.   In other words, an ISP modem device with a wired connection and a "bridge" of the ISP connection mode.   Then a box of firewall router gateway controlled locally and a distinct feature of Wi - Fi and preferably one with an access point (AP) mode.   Get your own gateway firewall services, NAT and associated box.   Keep your ISP as simple as possible.   It is more boxes at the front, but when a box crashes or when you change your ISP, you may need to change only the ISP modem.  Other devices will not need to change.   There are positives and negatives of this approach points as, for example - you also manage all the security of your network and your configuration, 'in' your network 'behind' the ISP modem.   The ISP technicians can get only in what concerns the modem and only will help you with the part of your network.

  Network Bridge: works like a piece of wire to a wired network for most of the considerations.  Transparent background for IP network traffic.

  Network router: transfers the IP traffic between two or more different IP subnets.  Very well visible for IP network traffic.

  Welcome to IP network.

• Cannot access the network drive after trying to change the shared folder.

  I had a 80 GB drive connected to my E3000 for a few years and it worked without problem. I recently turned to a 250 GB Maxtor One Touch drive. When I plugged it, the router automatically creates a shared folder. I was able to connect to this folder without problem, but I wanted to share the whole score. When I made this adjustment and tried to save the settings, I temporarily lost access to the router. He gave me the standard page cannot be error message appears. When I got access changes seem to be made. When I try to access the drive of my laptop I get this error message, "the mapped network drive could be created", "the name specified network is no longer available". I rebooted and power rolled my router as well reconnected the drive.

  I think that since you have replaced your hard drive, old settings are configured may still on the hard drive of old. You can change the users and group so that it syncs with the new hard drive or start from scratch (reformat the hard drive).