Hello guys,
firstly this is my first discussion abt ASA,
i'm using 5515 with 9.2 and on other ASA 5505 i have no problem to configure port forwarding
This is my startup config, maybe You can read and check out why i cannot get local machine with ip 192.168.11.6 and port 80 from outside (internet).
I made network object and network service and access-list for this.
I'm still trying but with no luck. Maybe this is a stupid mistake ?
ASA Version 9.2(2)4
!
hostname ASA
enable password *** encrypted
names
ip local pool vpn_pool_zarzadzanie 192.168.13.240-192.168.13.250 mask 255.255.255.0
ip local pool vpn_pool_e 192.168.11.240-192.168.11.250 mask 255.255.255.0
ip local pool vpn_pool_gosc 192.168.12.240-192.168.12.250 mask 255.255.255.0
ip local pool vpn_pool_serwery 192.168.10.240-192.168.10.250 mask 255.255.255.0
ip local pool vpn_pool_serwis 192.168.0.100-192.168.0.150 mask 255.255.255.0
!
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address *** 255.255.255.252
!
interface GigabitEthernet0/1
nameif inside
security-level 100
no ip address
!
interface GigabitEthernet0/1.2
vlan 2
nameif serwery
security-level 100
ip address 192.168.10.1 255.255.255.0
!
interface GigabitEthernet0/1.3
vlan 3
nameif e
security-level 0
ip address 192.168.11.1 255.255.255.0
!
interface GigabitEthernet0/1.4
vlan 4
nameif gosc
security-level 100
ip address 192.168.12.1 255.255.255.0
!
interface GigabitEthernet0/1.5
vlan 5
nameif zarzadzanie
security-level 0
ip address 192.168.13.1 255.255.255.0
!
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/4
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/5
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
management-only
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
!
boot system disk0:/asa922-4-smp-k8.bin
ftp mode passive
dns domain-lookup outside
dns domain-lookup inside
dns domain-lookup serwery
dns domain-lookup e
dns domain-lookup gosc
dns domain-lookup zarzadzanie
dns server-group DefaultDNS
name-server 62.21.99.95
name-server 62.21.99.94
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network NETWORK_OBJ_192.168.13.0_27
subnet 192.168.13.0 255.255.255.0
object network network_e
subnet 192.168.11.0 255.255.255.0
object network pc-konferencja
host 192.168.11.6
object service service tcp destination eq www
object service https_443
service tcp destination eq https
object service 10000-10200
service tcp destination range 10000 10200
object-group service http_https_10000-10200 tcp
port-object eq www
port-object eq https
port-object range 10000 10200
access-list global_access extended permit ip any any
access-list e_access_in extended permit ip any any
access-list zarzadzanie_lan standard permit 192.168.13.0 255.255.255.0
access-list vacl_audyt extended permit ip any any
access-list e_lan standard permit 192.168.11.0 255.255.255.0
access-list gosc_lan standard permit 192.168.12.0 255.255.255.0
access-list serwery_lan standard permit 192.168.10.0 255.255.255.0
access-list vpn_serwis extended permit ip any any
access-list vpn_ntworks standard permit 192.168.0.0 255.255.0.0
access-list outside_inside extended permit tcp any object pc-konferencja object-group http_https_10000-10200
pager lines 24
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu serwery 1500
mtu e 1500
mtu gosc 1500
mtu zarzadzanie 1500
mtu management 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any outside
icmp permit any inside
icmp permit any serwery
icmp permit any e
icmp permit any gosc
icmp permit any zarzadzanie
asdm image disk0:/asdm-7221.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (any,outside) source dynamic any interface dns
nat (zarzadzanie,outside) source static any any destination static NETWORK_OBJ_192.168.13.0_27 NETWORK_OBJ_192.168.13.0_27 no-proxy-arp route-lookup
nat (e,outside) source static any any destination static network_e network_e no-proxy-arp route-lookup
nat (zarzadzanie,outside) source static any any destination static obj_any obj_any
nat (e,outside) source static any any destination static obj_any obj_any
nat (gosc,outside) source static any any destination static obj_any obj_any
access-group outside_inside in interface outside
access-group global_access global
router rip
network 192.168.10.0
network 192.168.11.0
network 192.168.12.0
network 192.168.13.0
version 2
!
route outside 0.0.0.0 0.0.0.0 *** 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication enable console LOCAL
aaa authentication ssh console LOCAL
http server enable ***
http 192.168.1.0 255.255.255.0 management
http 192.168.13.0 255.255.255.0 zarzadzanie
http 192.168.11.0 255.255.255.0 e
http 192.168.0.0 255.255.255.0 zarzadzanie
no snmp-server location
no snmp-server contact
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto ca trustpool policy
crypto ikev1 enable outside
crypto ikev1 policy 10
authentication crack
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 20
authentication rsa-sig
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 30
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 40
authentication crack
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 50
authentication rsa-sig
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 60
authentication pre-share
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 70
authentication crack
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 80
authentication rsa-sig
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 90
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 100
authentication crack
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 110
authentication rsa-sig
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 120
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 130
authentication crack
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 140
authentication rsa-sig
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 150
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
telnet timeout 5
no ssh stricthostkeycheck
ssh 0.0.0.0 0.0.0.0 zarzadzanie
ssh timeout 30
ssh key-exchange group dh-group1-sha1
console timeout 0
management-access zarzadzanie
dhcpd dns 62.21.99.95 interface serwery
!
dhcpd address 192.168.11.100-192.168.11.239 e
dhcpd dns 62.21.99.95 interface e
dhcpd enable e
!
dhcpd address 192.168.12.20-192.168.12.239 gosc
dhcpd dns 62.21.99.95 interface gosc
dhcpd enable gosc
!
dhcpd address 192.168.13.50-192.168.13.70 zarzadzanie
dhcpd enable zarzadzanie
!
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1
webvpn
anyconnect-essentials
group-policy serwis internal
group-policy serwis attributes
vpn-filter value vpn_serwis
vpn-tunnel-protocol ikev1 ssl-client
ipsec-udp enable
split-tunnel-policy tunnelspecified
split-tunnel-network-list value vpn_ntworks
group-policy e internal
group-policy e attributes
dns-server value 62.21.99.95 62.21.99.94
vpn-tunnel-protocol ikev1 ssl-client
ipsec-udp enable
split-tunnel-policy tunnelspecified
split-tunnel-network-list value e_lan
group-policy serwery internal
group-policy serwery attributes
dns-server value 62.21.99.95 62.21.99.94
vpn-tunnel-protocol ikev1 ssl-client
ipsec-udp enable
split-tunnel-policy tunnelspecified
split-tunnel-network-list value serwery_lan
group-policy gosc internal
group-policy gosc attributes
dns-server value 62.21.99.95 62.21.99.94
vpn-tunnel-protocol ikev1 ssl-client
ipsec-udp enable
split-tunnel-policy tunnelspecified
split-tunnel-network-list value gosc_lan
group-policy zarzadzanie internal
group-policy zarzadzanie attributes
dns-server value 62.21.99.95 62.21.99.94
vpn-tunnel-protocol ikev1 ssl-client
ipsec-udp enable
split-tunnel-policy tunnelspecified
split-tunnel-network-list value zarzadzanie_lan
username admin password *** encrypted privilege 15
username admin attributes
vpn-group-policy zarzadzanie
username serwis password *** encrypted privilege 0
username serwis attributes
vpn-group-policy serwis
tunnel-group e type remote-access
tunnel-group e general-attributes
address-pool vpn_pool_e
default-group-policy e
tunnel-group e ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group zarzadzanie type remote-access
tunnel-group zarzadzanie general-attributes
address-pool vpn_pool_zarzadzanie
default-group-policy zarzadzanie
tunnel-group zarzadzanie ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group serwery type remote-access
tunnel-group serwery general-attributes
address-pool vpn_pool_serwery
default-group-policy serwery
tunnel-group serwery ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group gosc type remote-access
tunnel-group gosc general-attributes
address-pool vpn_pool_gosc
default-group-policy gosc
tunnel-group gosc ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group serwis type remote-access
tunnel-group serwis general-attributes
address-pool vpn_pool_serwis
default-group-policy serwis
tunnel-group serwis ipsec-attributes
ikev1 pre-shared-key *****
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
: end
Regards!
Chris
firstly this is my first discussion abt ASA,
i'm using 5515 with 9.2 and on other ASA 5505 i have no problem to configure port forwarding
This is my startup config, maybe You can read and check out why i cannot get local machine with ip 192.168.11.6 and port 80 from outside (internet).
I made network object and network service and access-list for this.
I'm still trying but with no luck. Maybe this is a stupid mistake ?
ASA Version 9.2(2)4
!
hostname ASA
enable password *** encrypted
names
ip local pool vpn_pool_zarzadzanie 192.168.13.240-192.168.13.250 mask 255.255.255.0
ip local pool vpn_pool_e 192.168.11.240-192.168.11.250 mask 255.255.255.0
ip local pool vpn_pool_gosc 192.168.12.240-192.168.12.250 mask 255.255.255.0
ip local pool vpn_pool_serwery 192.168.10.240-192.168.10.250 mask 255.255.255.0
ip local pool vpn_pool_serwis 192.168.0.100-192.168.0.150 mask 255.255.255.0
!
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address *** 255.255.255.252
!
interface GigabitEthernet0/1
nameif inside
security-level 100
no ip address
!
interface GigabitEthernet0/1.2
vlan 2
nameif serwery
security-level 100
ip address 192.168.10.1 255.255.255.0
!
interface GigabitEthernet0/1.3
vlan 3
nameif e
security-level 0
ip address 192.168.11.1 255.255.255.0
!
interface GigabitEthernet0/1.4
vlan 4
nameif gosc
security-level 100
ip address 192.168.12.1 255.255.255.0
!
interface GigabitEthernet0/1.5
vlan 5
nameif zarzadzanie
security-level 0
ip address 192.168.13.1 255.255.255.0
!
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/4
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/5
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
management-only
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
!
boot system disk0:/asa922-4-smp-k8.bin
ftp mode passive
dns domain-lookup outside
dns domain-lookup inside
dns domain-lookup serwery
dns domain-lookup e
dns domain-lookup gosc
dns domain-lookup zarzadzanie
dns server-group DefaultDNS
name-server 62.21.99.95
name-server 62.21.99.94
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network NETWORK_OBJ_192.168.13.0_27
subnet 192.168.13.0 255.255.255.0
object network network_e
subnet 192.168.11.0 255.255.255.0
object network pc-konferencja
host 192.168.11.6
object service service tcp destination eq www
object service https_443
service tcp destination eq https
object service 10000-10200
service tcp destination range 10000 10200
object-group service http_https_10000-10200 tcp
port-object eq www
port-object eq https
port-object range 10000 10200
access-list global_access extended permit ip any any
access-list e_access_in extended permit ip any any
access-list zarzadzanie_lan standard permit 192.168.13.0 255.255.255.0
access-list vacl_audyt extended permit ip any any
access-list e_lan standard permit 192.168.11.0 255.255.255.0
access-list gosc_lan standard permit 192.168.12.0 255.255.255.0
access-list serwery_lan standard permit 192.168.10.0 255.255.255.0
access-list vpn_serwis extended permit ip any any
access-list vpn_ntworks standard permit 192.168.0.0 255.255.0.0
access-list outside_inside extended permit tcp any object pc-konferencja object-group http_https_10000-10200
pager lines 24
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu serwery 1500
mtu e 1500
mtu gosc 1500
mtu zarzadzanie 1500
mtu management 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any outside
icmp permit any inside
icmp permit any serwery
icmp permit any e
icmp permit any gosc
icmp permit any zarzadzanie
asdm image disk0:/asdm-7221.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (any,outside) source dynamic any interface dns
nat (zarzadzanie,outside) source static any any destination static NETWORK_OBJ_192.168.13.0_27 NETWORK_OBJ_192.168.13.0_27 no-proxy-arp route-lookup
nat (e,outside) source static any any destination static network_e network_e no-proxy-arp route-lookup
nat (zarzadzanie,outside) source static any any destination static obj_any obj_any
nat (e,outside) source static any any destination static obj_any obj_any
nat (gosc,outside) source static any any destination static obj_any obj_any
access-group outside_inside in interface outside
access-group global_access global
router rip
network 192.168.10.0
network 192.168.11.0
network 192.168.12.0
network 192.168.13.0
version 2
!
route outside 0.0.0.0 0.0.0.0 *** 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication enable console LOCAL
aaa authentication ssh console LOCAL
http server enable ***
http 192.168.1.0 255.255.255.0 management
http 192.168.13.0 255.255.255.0 zarzadzanie
http 192.168.11.0 255.255.255.0 e
http 192.168.0.0 255.255.255.0 zarzadzanie
no snmp-server location
no snmp-server contact
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto ca trustpool policy
crypto ikev1 enable outside
crypto ikev1 policy 10
authentication crack
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 20
authentication rsa-sig
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 30
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 40
authentication crack
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 50
authentication rsa-sig
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 60
authentication pre-share
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 70
authentication crack
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 80
authentication rsa-sig
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 90
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 100
authentication crack
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 110
authentication rsa-sig
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 120
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 130
authentication crack
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 140
authentication rsa-sig
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 150
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
telnet timeout 5
no ssh stricthostkeycheck
ssh 0.0.0.0 0.0.0.0 zarzadzanie
ssh timeout 30
ssh key-exchange group dh-group1-sha1
console timeout 0
management-access zarzadzanie
dhcpd dns 62.21.99.95 interface serwery
!
dhcpd address 192.168.11.100-192.168.11.239 e
dhcpd dns 62.21.99.95 interface e
dhcpd enable e
!
dhcpd address 192.168.12.20-192.168.12.239 gosc
dhcpd dns 62.21.99.95 interface gosc
dhcpd enable gosc
!
dhcpd address 192.168.13.50-192.168.13.70 zarzadzanie
dhcpd enable zarzadzanie
!
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1
webvpn
anyconnect-essentials
group-policy serwis internal
group-policy serwis attributes
vpn-filter value vpn_serwis
vpn-tunnel-protocol ikev1 ssl-client
ipsec-udp enable
split-tunnel-policy tunnelspecified
split-tunnel-network-list value vpn_ntworks
group-policy e internal
group-policy e attributes
dns-server value 62.21.99.95 62.21.99.94
vpn-tunnel-protocol ikev1 ssl-client
ipsec-udp enable
split-tunnel-policy tunnelspecified
split-tunnel-network-list value e_lan
group-policy serwery internal
group-policy serwery attributes
dns-server value 62.21.99.95 62.21.99.94
vpn-tunnel-protocol ikev1 ssl-client
ipsec-udp enable
split-tunnel-policy tunnelspecified
split-tunnel-network-list value serwery_lan
group-policy gosc internal
group-policy gosc attributes
dns-server value 62.21.99.95 62.21.99.94
vpn-tunnel-protocol ikev1 ssl-client
ipsec-udp enable
split-tunnel-policy tunnelspecified
split-tunnel-network-list value gosc_lan
group-policy zarzadzanie internal
group-policy zarzadzanie attributes
dns-server value 62.21.99.95 62.21.99.94
vpn-tunnel-protocol ikev1 ssl-client
ipsec-udp enable
split-tunnel-policy tunnelspecified
split-tunnel-network-list value zarzadzanie_lan
username admin password *** encrypted privilege 15
username admin attributes
vpn-group-policy zarzadzanie
username serwis password *** encrypted privilege 0
username serwis attributes
vpn-group-policy serwis
tunnel-group e type remote-access
tunnel-group e general-attributes
address-pool vpn_pool_e
default-group-policy e
tunnel-group e ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group zarzadzanie type remote-access
tunnel-group zarzadzanie general-attributes
address-pool vpn_pool_zarzadzanie
default-group-policy zarzadzanie
tunnel-group zarzadzanie ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group serwery type remote-access
tunnel-group serwery general-attributes
address-pool vpn_pool_serwery
default-group-policy serwery
tunnel-group serwery ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group gosc type remote-access
tunnel-group gosc general-attributes
address-pool vpn_pool_gosc
default-group-policy gosc
tunnel-group gosc ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group serwis type remote-access
tunnel-group serwis general-attributes
address-pool vpn_pool_serwis
default-group-policy serwis
tunnel-group serwis ipsec-attributes
ikev1 pre-shared-key *****
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
: end
Regards!
Chris