Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

ASA5510 Remote VPN users cant stay connected...

Status
Not open for further replies.

toosober

IS-IT--Management
Aug 29, 2005
29
US
We have an ASA5510 we are using for all of our VPN connections. We have site-to-site connections setup to ASA5505s that have no issues. We also have mobile units that connect using a remote VPN connection. The mobile units are constantly dropping and sometimes take up to 5 minutes to reconnect.

Can someone please look at the scrubbed-config below and see if we have something configured incorrectly?

Thanks in advance!



!
hostname VPN-ASA
domain-name cisco.org
enable password encrypted
passwd encrypted
names
dns-guard
!
interface Ethernet0/0
nameif Outside
security-level 0
ip address xxx.xxx.xxx.xxx 255.255.255.192
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 192.168.110.162 255.255.255.224
!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
shutdown
nameif management
security-level 0
no ip address
management-only
!
boot system disk0:/asa804-k8.bin
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns server-group DefaultDNS
domain-name cisco.org
object-group network Test-VPN
network-object 10.252.253.0 255.255.255.0
object-group network cisco
network-object 192.168.0.0 255.255.0.0
network-object 172.30.0.0 255.255.255.0
network-object 172.20.0.0 255.255.0.0
object-group network A
network-object 10.252.2.0 255.255.255.0
object-group network B
network-object 10.252.5.0 255.255.255.0
object-group network C
network-object 10.252.3.0 255.255.255.0
object-group network D
network-object 10.252.6.0 255.255.255.0
object-group network E
network-object 10.252.252.0 255.255.255.0
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
object-group network F
network-object 10.252.250.0 255.255.255.0
object-group network G
network-object 10.252.248.0 255.255.255.0
object-group network H
network-object 10.252.244.0 255.255.255.0
object-group network I
network-object 10.252.246.0 255.255.255.0
object-group network J
network-object 10.252.7.0 255.255.255.0
object-group network K
network-object 10.252.8.0 255.255.255.0
object-group network L
network-object 10.252.9.0 255.255.255.0
object-group network M
network-object 10.252.242.0 255.255.255.0
object-group network N
network-object 10.252.240.0 255.255.255.0
object-group network O
network-object 10.252.238.0 255.255.255.0
object-group network P
network-object 10.252.236.0 255.255.255.0
object-group network Q
network-object 10.252.4.0 255.255.255.0
object-group network R
network-object 10.252.10.0 255.255.255.0
object-group network S
network-object 10.252.11.0 255.255.255.0
object-group network T
network-object 10.252.12.0 255.255.255.0
object-group network U
network-object 10.252.13.0 255.255.255.0
object-group network V
network-object 10.252.14.0 255.255.255.0
object-group network W
network-object 10.252.15.0 255.255.255.0
object-group network X
network-object 10.252.16.0 255.255.255.0
object-group network Y
network-object 10.252.17.0 255.255.255.0
object-group network Z
network-object 10.252.18.0 255.255.255.0
object-group network AA
network-object 10.252.19.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip any 10.251.200.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip object-group cisco 10.252.253.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip object-group cisco 10.252.2.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip object-group cisco 10.252.4.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip object-group cisco 10.252.5.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip object-group cisco 10.252.3.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip object-group cisco 10.252.6.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip object-group cisco 10.252.252.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip host 192.168.159.27 10.252.251.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip object-group cisco 10.252.250.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip object-group cisco 10.252.248.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip object-group cisco 10.252.246.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip object-group cisco 10.252.244.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip object-group cisco 10.252.7.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip object-group cisco 10.252.8.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip object-group cisco 10.252.9.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip object-group cisco 10.252.242.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip object-group cisco 10.252.240.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip object-group cisco 10.252.236.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip object-group cisco 10.252.238.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip object-group cisco 10.252.10.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip host 192.168.159.27 10.252.11.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip host 172.30.0.27 10.252.11.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip host 192.168.159.27 10.252.12.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip host 172.30.0.27 10.252.12.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip host 192.168.159.27 10.252.13.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip host 172.30.0.27 10.252.13.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip object-group cisco 10.252.14.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip object-group cisco 10.252.15.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip object-group cisco 10.252.16.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip object-group cisco 10.252.17.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip object-group cisco 10.252.18.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip object-group cisco 10.252.19.0 255.255.255.0
access-list CISCO extended permit ip 10.251.200.0 255.255.255.0 192.168.110.160 255.255.255.224
access-list CISCO extended permit ip 10.251.200.0 255.255.255.0 192.168.0.0 255.255.0.0
access-list CISCO extended permit ip 192.168.0.0 255.255.0.0 10.251.200.0 255.255.255.0
access-list CISCO extended permit ip 192.168.110.160 255.255.255.224 10.251.200.0 255.255.255.224
access-list Outside_cryptomap_99 extended permit ip object-group cisco 10.252.253.0 255.255.255.0
access-list Outside_cryptomap_1 extended permit ip object-group cisco 10.252.2.0 255.255.255.0
access-list Outside_cryptomap_3 extended permit ip object-group cisco 10.252.4.0 255.255.255.0
access-list Outside_cryptomap_4 extended permit ip object-group cisco 10.252.5.0 255.255.255.0
access-list Outside_cryptomap_5 extended permit ip object-group cisco 10.252.3.0 255.255.255.0
access-list Outside_cryptomap_6 extended permit ip object-group cisco 10.252.6.0 255.255.255.0
access-list Outside_cryptomap_7 extended permit ip object-group cisco 10.252.252.0 255.255.255.0
access-list Outside_cryptomap_7 extended permit ip host 192.168.159.27 10.252.251.0 255.255.255.0
access-list Outside_cryptomap_8 extended permit ip object-group cisco 10.252.250.0 255.255.255.0
access-list Outside_cryptomap_8 extended permit ip host 192.168.159.27 10.252.249.0 255.255.255.0
access-list Outside_cryptomap_9 extended permit ip object-group cisco 10.252.248.0 255.255.255.0
access-list Outside_cryptomap_9 extended permit ip host 192.168.159.27 10.252.247.0 255.255.255.0
access-list Outside_cryptomap_10 extended permit ip object-group cisco 10.252.246.0 255.255.255.0
access-list Outside_cryptomap_10 extended permit ip host 192.168.159.27 10.252.245.0 255.255.255.0
access-list Outside_cryptomap_2 extended permit ip object-group cisco 10.252.244.0 255.255.255.0
access-list Outside_cryptomap_2 extended permit ip host 192.168.159.27 10.252.243.0 255.255.255.0
access-list Outside_cryptomap_11 extended permit ip object-group cisco 10.252.7.0 255.255.255.0
access-list Outside_cryptomap_12 extended permit ip object-group cisco 10.252.8.0 255.255.255.0
access-list Outside_cryptomap_14 extended permit ip object-group cisco 10.252.242.0 255.255.255.0
access-list Outside_cryptomap_14 extended permit ip host 192.168.159.27 10.252.241.0 255.255.255.0
access-list Outside_cryptomap_15 extended permit ip object-group cisco 10.252.240.0 255.255.255.0
access-list Outside_cryptomap_15 extended permit ip host 192.168.159.27 10.252.239.0 255.255.255.0
access-list Outside_cryptomap_16 extended permit ip object-group cisco 10.252.238.0 255.255.255.0
access-list Outside_cryptomap_16 extended permit ip host 192.168.159.27 10.252.237.0 255.255.255.0
access-list Outside_cryptomap_17 extended permit ip object-group cisco 10.252.9.0 255.255.255.0
access-list Outside_cryptomap_18 extended permit ip object-group cisco 10.252.236.0 255.255.255.0
access-list Outside_cryptomap_18 extended permit ip host 192.168.159.27 10.252.235.0 255.255.255.0
access-list Outside_cryptomap_19 extended permit ip object-group cisco 10.252.10.0 255.255.255.0
access-list Outside_cryptomap_13 extended permit ip host 192.168.159.27 10.252.11.0 255.255.255.0
access-list Outside_cryptomap_13 extended permit ip host 172.30.0.27 10.252.11.0 255.255.255.0
access-list Outside_cryptomap_20 extended permit ip host 172.30.0.27 10.252.12.0 255.255.255.0
access-list Outside_cryptomap_20 extended permit ip host 192.168.159.27 10.252.12.0 255.255.255.0
access-list Outside_cryptomap_21 extended permit ip host 192.168.159.27 10.252.13.0 255.255.255.0
access-list Outside_cryptomap_21 extended permit ip host 172.30.0.27 10.252.13.0 255.255.255.0
access-list Outside_cryptomap_22 extended permit ip object-group cisco 10.252.14.0 255.255.255.0
access-list Outside_cryptomap_23 extended permit ip object-group cisco 10.252.15.0 255.255.255.0
access-list Outside_cryptomap_24 extended permit ip object-group cisco 10.252.16.0 255.255.255.0
access-list Outside_cryptomap_25 extended permit ip object-group cisco 10.252.17.0 255.255.255.0
access-list Outside_cryptomap_26 extended permit ip object-group cisco 10.252.18.0 255.255.255.0
access-list Outside_cryptomap_27 extended permit ip object-group cisco 10.252.19.0 255.255.255.0
pager lines 24
logging enable
logging timestamp
logging emblem
logging trap informational
logging asdm informational
mtu Outside 1500
mtu inside 1500
mtu management 1500
icmp unreachable rate-limit 1 burst-size 1
icmp permit any Outside
asdm image disk0:/asdm-615.bin
no asdm history enable
arp timeout 14400
nat (inside) 0 access-list inside_nat0_outbound
route Outside 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx 1
route inside 172.20.0.0 255.255.0.0 192.168.110.190 1
route inside 172.30.0.0 255.255.0.0 192.168.110.190 1
route inside 192.168.0.0 255.255.0.0 192.168.110.190 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
aaa-server CISCO protocol radius
http server enable
http 192.168.159.27 255.255.255.255 inside
http 172.30.0.0 255.255.255.0 inside
snmp-server host inside 172.30.0.19 community cisco
snmp-server location
snmp-server contact
snmp-server community cisco
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-3DES-SHA ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set security-association lifetime seconds 28800
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set security-association lifetime kilobytes 4608000
crypto map Outside_map 1 match address Outside_cryptomap_1
crypto map Outside_map 1 set pfs
crypto map Outside_map 1 set peer xxx.xxx.xxx.xxx
crypto map Outside_map 1 set transform-set ESP-3DES-SHA
crypto map Outside_map 1 set security-association lifetime seconds 28800
crypto map Outside_map 1 set security-association lifetime kilobytes 4608000
crypto map Outside_map 2 match address Outside_cryptomap_2
crypto map Outside_map 2 set pfs
crypto map Outside_map 2 set peer xxx.xxx.xxx.xxx
crypto map Outside_map 2 set transform-set ESP-3DES-SHA
crypto map Outside_map 2 set security-association lifetime seconds 28800
crypto map Outside_map 2 set security-association lifetime kilobytes 4608000
crypto map Outside_map 3 match address Outside_cryptomap_3
crypto map Outside_map 3 set pfs
crypto map Outside_map 3 set peer xxx.xxx.xxx.xxx
crypto map Outside_map 3 set transform-set ESP-3DES-SHA
crypto map Outside_map 3 set security-association lifetime seconds 28800
crypto map Outside_map 3 set security-association lifetime kilobytes 4608000
crypto map Outside_map 4 match address Outside_cryptomap_4
crypto map Outside_map 4 set pfs
crypto map Outside_map 4 set peer xxx.xxx.xxx.xxx
crypto map Outside_map 4 set transform-set ESP-3DES-SHA
crypto map Outside_map 4 set security-association lifetime seconds 28800
crypto map Outside_map 4 set security-association lifetime kilobytes 4608000
crypto map Outside_map 5 match address Outside_cryptomap_5
crypto map Outside_map 5 set pfs
crypto map Outside_map 5 set peer xxx.xxx.xxx.xxx
crypto map Outside_map 5 set transform-set ESP-3DES-SHA
crypto map Outside_map 5 set security-association lifetime seconds 28800
crypto map Outside_map 5 set security-association lifetime kilobytes 4608000
crypto map Outside_map 6 match address Outside_cryptomap_6
crypto map Outside_map 6 set pfs
crypto map Outside_map 6 set peer xxx.xxx.xxx.xxx
crypto map Outside_map 6 set transform-set ESP-3DES-SHA
crypto map Outside_map 6 set security-association lifetime seconds 28800
crypto map Outside_map 6 set security-association lifetime kilobytes 4608000
crypto map Outside_map 7 match address Outside_cryptomap_7
crypto map Outside_map 7 set pfs
crypto map Outside_map 7 set peer xxx.xxx.xxx.xxx
crypto map Outside_map 7 set transform-set ESP-3DES-SHA
crypto map Outside_map 7 set security-association lifetime seconds 28800
crypto map Outside_map 7 set security-association lifetime kilobytes 4608000
crypto map Outside_map 8 match address Outside_cryptomap_8
crypto map Outside_map 8 set pfs
crypto map Outside_map 8 set peer xxx.xxx.xxx.xxx
crypto map Outside_map 8 set transform-set ESP-3DES-SHA
crypto map Outside_map 8 set security-association lifetime seconds 28800
crypto map Outside_map 8 set security-association lifetime kilobytes 4608000
crypto map Outside_map 9 match address Outside_cryptomap_9
crypto map Outside_map 9 set pfs
crypto map Outside_map 9 set peer xxx.xxx.xxx.xxx
crypto map Outside_map 9 set transform-set ESP-3DES-SHA
crypto map Outside_map 9 set security-association lifetime seconds 28800
crypto map Outside_map 9 set security-association lifetime kilobytes 4608000
crypto map Outside_map 10 match address Outside_cryptomap_10
crypto map Outside_map 10 set pfs
crypto map Outside_map 10 set peer xxx.xxx.xxx.xxx
crypto map Outside_map 10 set transform-set ESP-3DES-SHA
crypto map Outside_map 10 set security-association lifetime seconds 28800
crypto map Outside_map 10 set security-association lifetime kilobytes 4608000
crypto map Outside_map 11 match address Outside_cryptomap_11
crypto map Outside_map 11 set pfs
crypto map Outside_map 11 set peer xxx.xxx.xxx.xxx
crypto map Outside_map 11 set transform-set ESP-3DES-SHA
crypto map Outside_map 11 set security-association lifetime seconds 28800
crypto map Outside_map 11 set security-association lifetime kilobytes 4608000
crypto map Outside_map 12 match address Outside_cryptomap_12
crypto map Outside_map 12 set pfs
crypto map Outside_map 12 set peer xxx.xxx.xxx.xxx
crypto map Outside_map 12 set transform-set ESP-3DES-SHA
crypto map Outside_map 12 set security-association lifetime seconds 28800
crypto map Outside_map 12 set security-association lifetime kilobytes 4608000
crypto map Outside_map 13 match address Outside_cryptomap_13
crypto map Outside_map 13 set pfs
crypto map Outside_map 13 set peer xxx.xxx.xxx.xxx
crypto map Outside_map 13 set transform-set ESP-3DES-SHA
crypto map Outside_map 13 set security-association lifetime seconds 28800
crypto map Outside_map 13 set security-association lifetime kilobytes 4608000
crypto map Outside_map 13 set phase1-mode aggressive
crypto map Outside_map 14 match address Outside_cryptomap_14
crypto map Outside_map 14 set pfs
crypto map Outside_map 14 set peer xxx.xxx.xxx.xxx
crypto map Outside_map 14 set transform-set ESP-3DES-SHA
crypto map Outside_map 14 set security-association lifetime seconds 28800
crypto map Outside_map 14 set security-association lifetime kilobytes 4608000
crypto map Outside_map 15 match address Outside_cryptomap_15
crypto map Outside_map 15 set pfs
crypto map Outside_map 15 set peer xxx.xxx.xxx.xxx
crypto map Outside_map 15 set transform-set ESP-3DES-SHA
crypto map Outside_map 15 set security-association lifetime seconds 28800
crypto map Outside_map 15 set security-association lifetime kilobytes 4608000
crypto map Outside_map 16 match address Outside_cryptomap_16
crypto map Outside_map 16 set pfs
crypto map Outside_map 16 set peer xxx.xxx.xxx.xxx
crypto map Outside_map 16 set transform-set ESP-3DES-SHA
crypto map Outside_map 16 set security-association lifetime seconds 28800
crypto map Outside_map 16 set security-association lifetime kilobytes 4608000
crypto map Outside_map 17 match address Outside_cryptomap_17
crypto map Outside_map 17 set pfs
crypto map Outside_map 17 set peer xxx.xxx.xxx.xxx
crypto map Outside_map 17 set transform-set ESP-3DES-SHA
crypto map Outside_map 17 set security-association lifetime seconds 28800
crypto map Outside_map 17 set security-association lifetime kilobytes 4608000
crypto map Outside_map 18 match address Outside_cryptomap_18
crypto map Outside_map 18 set pfs
crypto map Outside_map 18 set peer xxx.xxx.xxx.xxx
crypto map Outside_map 18 set transform-set ESP-3DES-SHA
crypto map Outside_map 18 set security-association lifetime seconds 28800
crypto map Outside_map 18 set security-association lifetime kilobytes 4608000
crypto map Outside_map 19 match address Outside_cryptomap_19
crypto map Outside_map 19 set pfs
crypto map Outside_map 19 set peer xxx.xxx.xxx.xxx
crypto map Outside_map 19 set transform-set ESP-3DES-SHA
crypto map Outside_map 19 set security-association lifetime seconds 28800
crypto map Outside_map 19 set security-association lifetime kilobytes 4608000
crypto map Outside_map 20 match address Outside_cryptomap_20
crypto map Outside_map 20 set pfs
crypto map Outside_map 20 set peer xxx.xxx.xxx.xxx
crypto map Outside_map 20 set transform-set ESP-3DES-SHA
crypto map Outside_map 20 set security-association lifetime seconds 28800
crypto map Outside_map 20 set security-association lifetime kilobytes 4608000
crypto map Outside_map 21 match address Outside_cryptomap_21
crypto map Outside_map 21 set pfs
crypto map Outside_map 21 set peer xxx.xxx.xxx.xxx
crypto map Outside_map 21 set transform-set ESP-3DES-SHA
crypto map Outside_map 21 set security-association lifetime seconds 28800
crypto map Outside_map 21 set security-association lifetime kilobytes 4608000
crypto map Outside_map 22 match address Outside_cryptomap_22
crypto map Outside_map 22 set pfs
crypto map Outside_map 22 set peer xxx.xxx.xxx.xxx
crypto map Outside_map 22 set transform-set ESP-3DES-SHA
crypto map Outside_map 22 set security-association lifetime seconds 28800
crypto map Outside_map 22 set security-association lifetime kilobytes 4608000
crypto map Outside_map 23 match address Outside_cryptomap_23
crypto map Outside_map 23 set pfs
crypto map Outside_map 23 set peer xxx.xxx.xxx.xxx
crypto map Outside_map 23 set transform-set ESP-3DES-SHA
crypto map Outside_map 23 set security-association lifetime seconds 28800
crypto map Outside_map 23 set security-association lifetime kilobytes 4608000
crypto map Outside_map 24 match address Outside_cryptomap_24
crypto map Outside_map 24 set pfs
crypto map Outside_map 24 set peer xxx.xxx.xxx.xxx
crypto map Outside_map 24 set transform-set ESP-3DES-SHA
crypto map Outside_map 24 set security-association lifetime seconds 28800
crypto map Outside_map 24 set security-association lifetime kilobytes 4608000
crypto map Outside_map 25 match address Outside_cryptomap_25
crypto map Outside_map 25 set pfs
crypto map Outside_map 25 set peer xxx.xxx.xxx.xxx
crypto map Outside_map 25 set transform-set ESP-3DES-SHA
crypto map Outside_map 25 set security-association lifetime seconds 28800
crypto map Outside_map 25 set security-association lifetime kilobytes 4608000
crypto map Outside_map 26 match address Outside_cryptomap_26
crypto map Outside_map 26 set pfs
crypto map Outside_map 26 set peer xxx.xxx.xxx.xxx
crypto map Outside_map 26 set transform-set ESP-3DES-SHA
crypto map Outside_map 26 set security-association lifetime seconds 28800
crypto map Outside_map 26 set security-association lifetime kilobytes 4608000
crypto map Outside_map 27 match address Outside_cryptomap_27
crypto map Outside_map 27 set pfs
crypto map Outside_map 27 set peer xxx.xxx.xxx.xxx
crypto map Outside_map 27 set transform-set ESP-3DES-SHA
crypto map Outside_map 27 set security-association lifetime seconds 28800
crypto map Outside_map 27 set security-association lifetime kilobytes 4608000
crypto map Outside_map 99 match address Outside_cryptomap_99
crypto map Outside_map 99 set pfs
crypto map Outside_map 99 set peer xxx.xxx.xxx.xxx
crypto map Outside_map 99 set transform-set ESP-3DES-SHA
crypto map Outside_map 99 set security-association lifetime seconds 28800
crypto map Outside_map 99 set security-association lifetime kilobytes 4608000
crypto map Outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map Outside_map interface Outside
crypto isakmp enable Outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
no vpn-addr-assign dhcp
no vpn-addr-assign local
telnet 192.168.159.27 255.255.255.255 inside
telnet 172.30.0.0 255.255.255.0 inside
telnet timeout 1440
ssh 172.30.0.0 255.255.255.0 inside
ssh timeout 5
console timeout 0
management-access inside
no threat-detection basic-threat
no threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 192.168.81.1 prefer
webvpn
enable Outside
svc image disk0:/sslclient-win-1.1.4.179-anyconnect.pkg 1
svc enable
group-policy SSLTest internal
group-policy SSLTest attributes
vpn-tunnel-protocol svc
group-policy acme internal
group-policy acme attributes
wins-server value 192.168.0.50 192.168.0.51
dns-server value 192.168.0.50 192.168.0.51
vpn-idle-timeout 1
vpn-tunnel-protocol IPSec l2tp-ipsec webvpn
split-tunnel-policy tunnelspecified
split-tunnel-network-list value CISCO
default-domain value cisco.org
group-policy aircard internal
group-policy aircard attributes
wins-server value 192.168.0.50 192.168.0.51
dns-server value 192.168.0.50 192.168.0.51
vpn-tunnel-protocol IPSec
default-domain value cisco.org
username def22 password encrypted
username def22 attributes
vpn-framed-ip-address 10.251.200.122 255.255.255.0
username def12 password encrypted
username def12 attributes
vpn-framed-ip-address 10.251.200.112 255.255.255.0
username def01 password encrypted
username def01 attributes
vpn-framed-ip-address 10.251.200.101 255.255.255.0
username def30 password encrypted
username def30 attributes
vpn-framed-ip-address 10.251.200.130 255.255.255.0
username def10 password encrypted
username def10 attributes
vpn-framed-ip-address 10.251.200.110 255.255.255.0
username def20 password encrypted
username def20 attributes
vpn-framed-ip-address 10.251.200.120 255.255.255.0
username def27 password encrypted
username def27 attributes
vpn-framed-ip-address 10.251.200.127 255.255.255.0
username def17 password encrypted
username def17 attributes
vpn-framed-ip-address 10.251.200.117 255.255.255.0
username def06 password encrypted
username def06 attributes
vpn-framed-ip-address 10.251.200.106 255.255.255.0
username def15 password encrypted
username def15 attributes
vpn-framed-ip-address 10.251.200.115 255.255.255.0
username def24 password encrypted
username def24 attributes
vpn-framed-ip-address 10.251.200.124 255.255.255.0
username def04 password encrypted
username def04 attributes
vpn-framed-ip-address 10.251.200.104 255.255.255.0
username def09 password encrypted
username def09 attributes
vpn-framed-ip-address 10.251.200.109 255.255.255.0
username def18 password encrypted
username def18 attributes
vpn-framed-ip-address 10.251.200.118 255.255.255.0
username def28 password encrypted
username def28 attributes
vpn-framed-ip-address 10.251.200.128 255.255.255.0
username ghi64 password encrypted
username ghi64 attributes
vpn-framed-ip-address 10.251.200.164 255.255.255.0
username ghi74 password encrypted
username ghi74 attributes
vpn-framed-ip-address 10.251.200.174 255.255.255.0
username ghi54 password encrypted
username ghi54 attributes
vpn-framed-ip-address 10.251.200.154 255.255.255.0
username ghi55 password encrypted
username ghi55 attributes
vpn-framed-ip-address 10.251.200.155 255.255.255.0
username ghi65 password encrypted
username ghi65 attributes
vpn-framed-ip-address 10.251.200.165 255.255.255.0
username ghi75 password encrypted
username ghi75 attributes
vpn-framed-ip-address 10.251.200.175 255.255.255.0
username ghi66 password encrypted
username ghi66 attributes
vpn-framed-ip-address 10.251.200.166 255.255.255.0
username ghi56 password encrypted
username ghi56 attributes
vpn-framed-ip-address 10.251.200.156 255.255.255.0
username ghi76 password encrypted
username ghi76 attributes
vpn-framed-ip-address 10.251.200.176 255.255.255.0
username ghi57 password encrypted
username ghi57 attributes
vpn-framed-ip-address 10.251.200.157 255.255.255.0
username ghi67 password 3iRao4j4e1XMSyIA encrypted
username ghi67 attributes
vpn-framed-ip-address 10.251.200.167 255.255.255.0
username ghi77 password encrypted
username ghi77 attributes
vpn-framed-ip-address 10.251.200.177 255.255.255.0
username ghi60 password encrypted
username ghi60 attributes
vpn-framed-ip-address 10.251.200.160 255.255.255.0
username ghi70 password encrypted
username ghi70 attributes
vpn-framed-ip-address 10.251.200.170 255.255.255.0
username ghi80 password encrypted
username ghi80 attributes
vpn-framed-ip-address 10.251.200.180 255.255.255.0
username ghi50 password encrypted
username ghi50 attributes
vpn-framed-ip-address 10.251.200.150 255.255.255.0
username ghi61 password encrypted
username ghi61 attributes
vpn-framed-ip-address 10.251.200.161 255.255.255.0
username ghi71 password encrypted
username ghi71 attributes
vpn-framed-ip-address 10.251.200.171 255.255.255.0
username ghi51 password encrypted
username ghi51 attributes
vpn-framed-ip-address 10.251.200.151 255.255.255.0
username ghi59a password encrypted
username ghi59a attributes
vpn-framed-ip-address 10.251.200.59 255.255.255.0
username ghi52 password encrypted
username ghi52 attributes
vpn-framed-ip-address 10.251.200.152 255.255.255.0
username ghi62 password encrypted
username ghi62 attributes
vpn-framed-ip-address 10.251.200.162 255.255.255.0
username ghi72 password encrypted
username ghi72 attributes
vpn-framed-ip-address 10.251.200.172 255.255.255.0
username ghi53 password encrypted
username ghi53 attributes
vpn-framed-ip-address 10.251.200.153 255.255.255.0
username ghi63 password encrypted
username ghi63 attributes
vpn-framed-ip-address 10.251.200.163 255.255.255.0
username ghi73 password encrypted
username ghi73 attributes
vpn-framed-ip-address 10.251.200.173 255.255.255.0
username ghi58 password encrypted
username ghi58 attributes
vpn-framed-ip-address 10.251.200.158 255.255.255.0
username ghi68 password encrypted
username ghi68 attributes
vpn-framed-ip-address 10.251.200.168 255.255.255.0
username ghi78 password encrypted
username ghi78 attributes
vpn-framed-ip-address 10.251.200.178 255.255.255.0
username ghi59 password encrypted
username ghi59 attributes
vpn-framed-ip-address 10.251.200.159 255.255.255.0
username ghi69 password encrypted
username ghi69 attributes
vpn-framed-ip-address 10.251.200.169 255.255.255.0
username ghi79 password encrypted
username ghi79 attributes
vpn-framed-ip-address 10.251.200.179 255.255.255.0
username abc4 password encrypted
username abc4 attributes
vpn-framed-ip-address 10.251.200.204 255.255.255.0
username abc14 password encrypted
username abc14 attributes
vpn-framed-ip-address 10.251.200.214 255.255.255.0
username abc24 password encrypted
username abc24 attributes
vpn-framed-ip-address 10.251.200.224 255.255.255.0
username abc34 password encrypted
username abc34 attributes
vpn-framed-ip-address 10.251.200.234 255.255.255.0
username abc5 password encrypted
username abc5 attributes
vpn-framed-ip-address 10.251.200.205 255.255.255.0
username abc15 password encrypted
username abc15 attributes
vpn-framed-ip-address 10.251.200.215 255.255.255.0
username abc25 password encrypted
username abc25 attributes
vpn-framed-ip-address 10.251.200.225 255.255.255.0
username abc35 password encrypted
username abc35 attributes
vpn-framed-ip-address 10.251.200.235 255.255.255.0
username abc6 password encrypted
username abc6 attributes
vpn-framed-ip-address 10.251.200.206 255.255.255.0
username abc16 password encrypted
username abc16 attributes
vpn-framed-ip-address 10.251.200.216 255.255.255.0
username abc26 password encrypted
username abc26 attributes
vpn-framed-ip-address 10.251.200.226 255.255.255.0
username abc7 password pa4ud4ipVWpupbNH encrypted
username abc7 attributes
vpn-framed-ip-address 10.251.200.207 255.255.255.0
username abc17 password encrypted
username abc17 attributes
vpn-framed-ip-address 10.251.200.217 255.255.255.0
username abc27 password encrypted
username abc27 attributes
vpn-framed-ip-address 10.251.200.227 255.255.255.0
username abc10 password encrypted
username abc10 attributes
vpn-framed-ip-address 10.251.200.210 255.255.255.0
username abc20 password encrypted
username abc20 attributes
vpn-framed-ip-address 10.251.200.220 255.255.255.0
username abc30 password encrypted
username abc30 attributes
vpn-framed-ip-address 10.251.200.230 255.255.255.0
username abc1 password encrypted
username abc1 attributes
vpn-framed-ip-address 10.251.200.201 255.255.255.0
username abc11 password encrypted
username abc11 attributes
vpn-framed-ip-address 10.251.200.211 255.255.255.0
username abc21 password encrypted
username abc21 attributes
vpn-framed-ip-address 10.251.200.221 255.255.255.0
username abc31 password encrypted
username abc31 attributes
vpn-framed-ip-address 10.251.200.231 255.255.255.0
username abc2 password encrypted
username abc2 attributes
vpn-framed-ip-address 10.251.200.202 255.255.255.0
username abc12 password encrypted
username abc12 attributes
vpn-framed-ip-address 10.251.200.212 255.255.255.0
username abc22 password encrypted
username abc22 attributes
vpn-framed-ip-address 10.251.200.222 255.255.255.0
username abc32 password encrypted
username abc32 attributes
vpn-framed-ip-address 10.251.200.232 255.255.255.0
username abc3 password encrypted
username abc3 attributes
vpn-framed-ip-address 10.251.200.203 255.255.255.0
username abc13 password encrypted
username abc13 attributes
vpn-framed-ip-address 10.251.200.213 255.255.255.0
username abc23 password encrypted
username abc23 attributes
vpn-framed-ip-address 10.251.200.223 255.255.255.0
username abc33 password ariT6.M.jkZCO57J encrypted
username abc33 attributes
vpn-framed-ip-address 10.251.200.233 255.255.255.0
username abc8 password encrypted
username abc8 attributes
vpn-framed-ip-address 10.251.200.208 255.255.255.0
username abc18 password encrypted
username abc18 attributes
vpn-framed-ip-address 10.251.200.218 255.255.255.0
username abc28 password encrypted
username abc28 attributes
vpn-framed-ip-address 10.251.200.228 255.255.255.0
username abc9 password encrypted
username abc9 attributes
vpn-framed-ip-address 10.251.200.209 255.255.255.0
username abc19 password encrypted
username abc19 attributes
vpn-framed-ip-address 10.251.200.219 255.255.255.0
username abc29 password encrypted
username abc29 attributes
vpn-framed-ip-address 10.251.200.229 255.255.255.0
tunnel-group acme type remote-access
tunnel-group acme general-attributes
default-group-policy acme
tunnel-group acme ipsec-attributes
pre-shared-key *
tunnel-group acme ppp-attributes
authentication ms-chap-v2
tunnel-group SSLTest type remote-access
tunnel-group SSLTest general-attributes
authentication-server-group CISCO
default-group-policy SSLTest
tunnel-group xxx.xxx.xxx.xxx type ipsec-l2l
tunnel-group xxx.xxx.xxx.xxx ipsec-attributes
pre-shared-key *
tunnel-group xxx.xxx.xxx.xxx type ipsec-l2l
tunnel-group xxx.xxx.xxx.xxx ipsec-attributes
pre-shared-key *
tunnel-group xxx.xxx.xxx.xxx type ipsec-l2l
tunnel-group xxx.xxx.xxx.xxx ipsec-attributes
pre-shared-key *
tunnel-group xxx.xxx.xxx.xxx type ipsec-l2l
tunnel-group xxx.xxx.xxx.xxx ipsec-attributes
pre-shared-key *
tunnel-group xxx.xxx.xxx.xxx type ipsec-l2l
tunnel-group xxx.xxx.xxx.xxx ipsec-attributes
pre-shared-key *
tunnel-group xxx.xxx.xxx.xxx type ipsec-l2l
tunnel-group xxx.xxx.xxx.xxx ipsec-attributes
pre-shared-key *
tunnel-group xxx.xxx.xxx.xxx type ipsec-l2l
tunnel-group xxx.xxx.xxx.xxx ipsec-attributes
pre-shared-key *
tunnel-group xxx.xxx.xxx.xxx type ipsec-l2l
tunnel-group xxx.xxx.xxx.xxx ipsec-attributes
pre-shared-key *
tunnel-group xxx.xxx.xxx.xxx type ipsec-l2l
tunnel-group xxx.xxx.xxx.xxx ipsec-attributes
pre-shared-key *
tunnel-group xxx.xxx.xxx.xxx type ipsec-l2l
tunnel-group xxx.xxx.xxx.xxx ipsec-attributes
pre-shared-key *
tunnel-group xxx.xxx.xxx.xxx type ipsec-l2l
tunnel-group xxx.xxx.xxx.xxx ipsec-attributes
pre-shared-key *
tunnel-group xxx.xxx.xxx.xxx type ipsec-l2l
tunnel-group xxx.xxx.xxx.xxx ipsec-attributes
pre-shared-key *
tunnel-group xxx.xxx.xxx.xxx type ipsec-l2l
tunnel-group xxx.xxx.xxx.xxx ipsec-attributes
pre-shared-key *
tunnel-group xxx.xxx.xxx.xxx type ipsec-l2l
tunnel-group xxx.xxx.xxx.xxx ipsec-attributes
pre-shared-key *
tunnel-group xxx.xxx.xxx.xxx type ipsec-l2l
tunnel-group xxx.xxx.xxx.xxx ipsec-attributes
pre-shared-key *
tunnel-group xxx.xxx.xxx.xxx type ipsec-l2l
tunnel-group xxx.xxx.xxx.xxx ipsec-attributes
pre-shared-key *
tunnel-group xxx.xxx.xxx.xxx type ipsec-l2l
tunnel-group xxx.xxx.xxx.xxx ipsec-attributes
pre-shared-key *
tunnel-group xxx.xxx.xxx.xxx type ipsec-l2l
tunnel-group xxx.xxx.xxx.xxx ipsec-attributes
pre-shared-key *
tunnel-group xxx.xxx.xxx.xxx type ipsec-l2l
tunnel-group xxx.xxx.xxx.xxx ipsec-attributes
pre-shared-key *
tunnel-group xxx.xxx.xxx.xxx type ipsec-l2l
tunnel-group xxx.xxx.xxx.xxx ipsec-attributes
pre-shared-key *
tunnel-group xxx.xxx.xxx.xxx type ipsec-l2l
tunnel-group xxx.xxx.xxx.xxx ipsec-attributes
pre-shared-key *
tunnel-group xxx.xxx.xxx.xxx type ipsec-l2l
tunnel-group xxx.xxx.xxx.xxx ipsec-attributes
pre-shared-key *
tunnel-group xxx.xxx.xxx.xxx type ipsec-l2l
tunnel-group xxx.xxx.xxx.xxx ipsec-attributes
pre-shared-key *
tunnel-group xxx.xxx.xxx.xxx type ipsec-l2l
tunnel-group xxx.xxx.xxx.xxx ipsec-attributes
pre-shared-key *
tunnel-group xxx.xxx.xxx.xxx type ipsec-l2l
tunnel-group xxx.xxx.xxx.xxx ipsec-attributes
pre-shared-key *
tunnel-group xxx.xxx.xxx.xxx type ipsec-l2l
tunnel-group xxx.xxx.xxx.xxx ipsec-attributes
pre-shared-key *
tunnel-group xxx.xxx.xxx.xxx type ipsec-l2l
tunnel-group xxx.xxx.xxx.xxx ipsec-attributes
pre-shared-key *
tunnel-group xxx.xxx.xxx.xxx type ipsec-l2l
tunnel-group xxx.xxx.xxx.xxx ipsec-attributes
pre-shared-key *
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
policy-map type inspect ipsec-pass-thru ACME
parameters
esp
ah
policy-map type inspect dns migrated_dns_map_1
parameters
message-length maximum 512
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:ac1192323be48d862cf6bd99d5119801



 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top