BobbyD1120
MIS
We changed our ISP and now our routing is not working. We have a Cisco ASA 5250 and changed the external interface IP to one of our static IP's. We also added a default route send all traffic over the external interface. However we are now unable to get any incoming traffic to any of our servers or incoming mail. Below is a copy of our current config w/ xxx = external and yyy = internal IP
****************
EUnloadASA(config)# show conf
: Saved
: Written by enable_15 at 01:17:41.618 EST Thu Nov 18 2010
!
ASA Version 8.0(5)
!
hostname SEUnloadASA
domain-name xxxyyy.COM
enable password MJukvhaIiX4Qqxg1 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
name yyy.yyy.yyy.101 SQL1
name yyy.yyy.yyy.230 A-yyy.yyy.yyy.230 description IIS
dns-guard
!
interface GigabitEthernet0/0
nameif Outside
security-level 0
ip address xxx.xxx.xxx.29 255.255.255.248
!
interface GigabitEthernet0/1
nameif Inside
security-level 100
ip address yyy.yyy.yyy.243 255.255.255.0
!
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
shutdown
nameif management
security-level 100
no ip address
management-only
!
boot system disk0:/asa805-k8.bin
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns domain-lookup Outside
dns domain-lookup Inside
dns server-group DefaultDNS
name-server A-yyy.yyy.yyy.230
domain-name xxxyyy.COM
object-group service 3389 tcp-udp
description 3389
port-object eq 3390
object-group service Mail_Web tcp
description Mail Port 25 and Web Port 80
port-object eq 993
port-object eq imap4
port-object eq www
port-object eq smtp
port-object eq https
port-object eq 6001
port-object eq 6002
port-object eq 6004
port-object eq ftp
port-object eq 8080
port-object eq 5274
port-object eq 51768
port-object eq 4345
port-object eq 8082
port-object eq 4343
group-object 3389
object-group service SQL tcp
port-object eq 1433
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
access-list scs_out extended deny tcp host yyy.yyy.yyy.200 any eq www
access-list scs_out extended permit tcp any any eq smtp
access-list scs_out extended permit tcp any any eq www
access-list Inside_nat0_outbound extended permit ip any host yyy.yyy.yyy.5
access-list Inside_nat0_outbound extended permit ip any yyy.yyy.yyy.0 255.255.255.
224
access-list Outside extended permit tcp host xxx.xxx.xxx.29 host A-yyy.yyy.yyy.230 o
bject-group Mail_Web
pager lines 24
logging enable
logging asdm informational
mtu Outside 1500
mtu Inside 1500
mtu management 1500
ip local pool pool2 yyy.yyy.yyy.6-yyy.yyy.yyy.16 mask 255.255.255.0
ip local pool G2RemoteSSL yyy.yyy.yyy.215-yyy.yyy.yyy.217 mask 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-623.bin
no asdm history enable
arp timeout 14400
global (Outside) 10 interface
nat (Inside) 0 access-list Inside_nat0_outbound
nat (Inside) 10 0.0.0.0 0.0.0.0
static (Inside,Inside) A-yyy.yyy.yyy.230 xxx.xxx.xxx.29 netmask 255.255.255.255
access-group Outside in interface Outside
route Outside 0.0.0.0 0.0.0.0 xxx.xxx.xxx.30 1
route Outside xxx.xxx.xxx.26 255.255.255.255 A-yyy.yyy.yyy.230 1
route Outside xxx.xxx.xxx.28 255.255.255.255 yyy.yyy.yyy.243 1
route Outside xxx.xxx.xxx.29 255.255.255.255 xxx.xxx.xxx.30 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server SEU-IIS protocol kerberos
aaa-server SEU-IIS (Inside) host A-yyy.yyy.yyy.230
timeout 5
kerberos-realm xxxyyy.COM
http server enable
http yyy.yyy.yyy.0 255.255.255.0 Inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map Outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto dynamic-map Outside_dyn_map 40 set transform-set ESP-3DES-SHA
crypto dynamic-map Outside_dyn_map 60 set transform-set ESP-3DES-SHA
crypto map Outside_map 65535 ipsec-isakmp dynamic Outside_dyn_map
crypto map Outside_map interface Outside
crypto ca trustpoint localtrust
enrollment self
fqdn SEUsslvpn.xxxyyy.com
subject-name CN=SEUsslvpn.xxxyyy.com
keypair SEUsslvpnkeypair
crl configure
crypto ca trustpoint ASDM_TrustPoint0
enrollment self
subject-name CN=SEUnloadASA.xxxyyy.com
keypair sslvpnkeypair
crl configure
crypto ca certificate chain localtrust
certificate 31
30820200 30820169 a0030201 02020131 300d0609 2a864886 f70d0101 04050030
46311e30 1c060355 04031315 53455573 736c7670 6e2e6469 762d6c6f 672e636f
6d312430 2206092a 864886f7 0d010902 16155345 5573736c 76706e2e 6469762d
6c6f672e 636f6d30 1e170d31 30303130 34313631 3430335a 170d3230 30313032
31363134 30335a30 46311e30 1c060355 04031315 53455573 736c7670 6e2e6469
762d6c6f 672e636f 6d312430 2206092a 864886f7 0d010902 16155345 5573736c
76706e2e 6469762d 6c6f672e 636f6d30 819f300d 06092a86 4886f70d 01010105
0003818d 00308189 02818100 c81b3280 bca09682 3812e1cb f5d6d046 3a2c951d
2df3e6ed 270e9a80 c85ae9f0 e76fc761 d249204f 1416c775 12796050 84fef88a
ea473b8e 8b7463e5 0aedd02c 9854feee e7265942 fa9efef1 43c07e88 d8786c5a
6830df1e 3604374e 3939cf4e 75db453d 94059cfe d6871dcc f3d26bc9 2ba431e9
c499a0ad cfbe3ebb 7f05922d 02030100 01300d06 092a8648 86f70d01 01040500
03818100 8e4bfd46 1f846e09 63b84017 a7fcf8de 8dffb21d afb880dd 8bebf803
d6102153 43467c1c 0458297c f0847d21 942c5a1f d2ddca5a 248d82a0 74128afb
dd380b49 076e376e de6364ce 91a6964d 20ca5fd7 0c478cef 2c795a55 7dc9cdfa
0c5dbe92 f012a835 f7f64991 62dcdbf7 6d6c2df5 e0bbbaa9 b0b84a8a 6ee2be47 b6f1
a51c
quit
crypto ca certificate chain ASDM_TrustPoint0
certificate fd3c424b
3082020b 30820174 a0030201 020204fd 3c424b30 0d06092a 864886f7 0d010104
0500304a 3120301e 06035504 03131753 45556e6c 6f616441 53412e64 69762d6c
6f672e63 6f6d3126 30240609 2a864886 f70d0109 02161753 45556e6c 6f616441
53412e44 49562d4c 4f472e43 4f4d301e 170d3130 30313034 31393039 34395a17
0d323030 31303231 39303934 395a304a 3120301e 06035504 03131753 45556e6c
6f616441 53412e64 69762d6c 6f672e63 6f6d3126 30240609 2a864886 f70d0109
02161753 45556e6c 6f616441 53412e44 49562d4c 4f472e43 4f4d3081 9f300d06
092a8648 86f70d01 01010500 03818d00 30818902 818100bd d99ba020 3ee9f12d
f5f8698e a858e98a 81af9392 b5933e24 09dd3662 78fe318e 68197454 d3a13942
d4cd53d1 ee6fd94a 1554cefd a6d43e40 4bf0c0c9 6df78e71 6e930174 7a6d4d4b
3c4f36b9 b0d31aca 694a7262 64d50dd9 76b2bfe2 e125c599 00deb292 02c1d9fa
c4bb9513 625f5ebc de091c4b 3f5d543e fd8d33f8 ddb6ed02 03010001 300d0609
2a864886 f70d0101 04050003 818100a0 4aeea524 6e703e78 bea5778a 8ef0e015
25b722ab ad5fe1fb e002feb8 16d79314 a8c89da9 d8a71323 a8b8d8a8 96ab468b
7929bfdf cecd4858 3f13d25e 11e3cb4b a3d9f39e 7fe2eb66 7198d607 2fa20e87
137b5673 86146450 c0684a1a 8e7b0aaa d61e81bc 51f9271c a18dd23a 4975091a
e499effc 8da77f2e 5ba571eb c51593
quit
crypto isakmp identity hostname
crypto isakmp enable Outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
no crypto isakmp nat-traversal
telnet yyy.yyy.yyy.0 255.255.255.0 Inside
telnet timeout 5
ssh 74.168.49.8 255.255.255.248 Outside
ssh 74.168.49.0 255.255.255.0 Outside
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection scanning-threat
threat-detection statistics
threat-detection statistics tcp-intercept rate-interval 90 burst-rate 400 averag
e-rate 200
ntp server A-yyy.yyy.yyy.230 source Inside prefer
ssl trust-point ASDM_TrustPoint0 Outside
webvpn
enable Outside
svc image disk0:/anyconnect-win-2.4.0202-k9.pkg 1
svc enable
tunnel-group-list enable
internal-password enable
group-policy SSLClientPolicy internal
group-policy SSLClientPolicy attributes
dns-server value yyy.yyy.yyy.230
vpn-tunnel-protocol svc
default-domain value xxxyyy.com
address-pools value pool2
group-policy test internal
group-policy test attributes
dns-server value yyy.yyy.yyy.230
vpn-tunnel-protocol IPSec l2tp-ipsec
default-domain value DIV-US.COM
group-policy GroupPolicy1 internal
group-policy GroupPolicy1 attributes
vpn-tunnel-protocol IPSec svc webvpn
webvpn
svc keep-installer installed
svc rekey time 30
svc rekey method ssl
svc ask enable
group-policy remote_users internal
group-policy remote_users attributes
dns-server value yyy.yyy.yyy.230
vpn-tunnel-protocol IPSec l2tp-ipsec webvpn
default-domain value div-us.com
group-policy Diversity internal
group-policy Diversity attributes
wins-server value yyy.yyy.yyy.230
dns-server value yyy.yyy.yyy.230
vpn-tunnel-protocol IPSec l2tp-ipsec webvpn
default-domain value xxxyyy.COM
group-policy AnyConnectGP internal
group-policy AnyConnectGP attributes
vpn-tunnel-protocol svc webvpn
webvpn
url-list value ServerList
svc ask enable
username ggaskill password GADyxZQZfVsde5DY encrypted privilege 0
username ggaskill attributes
vpn-group-policy remote_users
username G2CC password sS1KcD2t95NUKfUW encrypted privilege 15
username msheffield password qbzqAz0idizU48Ft encrypted privilege 0
username msheffield attributes
vpn-group-policy Diversity
tunnel-group DefaultWEBVPNGroup general-attributes
address-pool G2RemoteSSL
tunnel-group remote_users type remote-access
tunnel-group remote_users general-attributes
address-pool pool2
authentication-server-group SEU-IIS
default-group-policy remote_users
dhcp-server A-yyy.yyy.yyy.230
tunnel-group remote_users webvpn-attributes
authentication aaa certificate
tunnel-group remote_users ipsec-attributes
pre-shared-key *
tunnel-group test type remote-access
tunnel-group test general-attributes
address-pool G2RemoteSSL
default-group-policy test
dhcp-server A-yyy.yyy.yyy.230
tunnel-group test ipsec-attributes
pre-shared-key *
tunnel-group Diversity type remote-access
tunnel-group Diversity general-attributes
address-pool pool2
authentication-server-group SEU-IIS
default-group-policy Diversity
tunnel-group Diversity ipsec-attributes
pre-shared-key *
tunnel-group SSLClientProfile type remote-access
tunnel-group SSLClientProfile general-attributes
default-group-policy SSLClientPolicy
tunnel-group SSLClientProfile webvpn-attributes
group-alias SSLVPNClient enable
!
class-map CSC_ClassMap
match access-list scs_out
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns migrated_dns_map_1
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns migrated_dns_map_1
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
class CSC_ClassMap
csc fail-open
!
service-policy global_policy global
smtp-server yyy.yyy.yyy.230
prompt hostname context
Cryptochecksum:636fee87b2469177f4cef2166a636c1f
****************
EUnloadASA(config)# show conf
: Saved
: Written by enable_15 at 01:17:41.618 EST Thu Nov 18 2010
!
ASA Version 8.0(5)
!
hostname SEUnloadASA
domain-name xxxyyy.COM
enable password MJukvhaIiX4Qqxg1 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
name yyy.yyy.yyy.101 SQL1
name yyy.yyy.yyy.230 A-yyy.yyy.yyy.230 description IIS
dns-guard
!
interface GigabitEthernet0/0
nameif Outside
security-level 0
ip address xxx.xxx.xxx.29 255.255.255.248
!
interface GigabitEthernet0/1
nameif Inside
security-level 100
ip address yyy.yyy.yyy.243 255.255.255.0
!
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
shutdown
nameif management
security-level 100
no ip address
management-only
!
boot system disk0:/asa805-k8.bin
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns domain-lookup Outside
dns domain-lookup Inside
dns server-group DefaultDNS
name-server A-yyy.yyy.yyy.230
domain-name xxxyyy.COM
object-group service 3389 tcp-udp
description 3389
port-object eq 3390
object-group service Mail_Web tcp
description Mail Port 25 and Web Port 80
port-object eq 993
port-object eq imap4
port-object eq www
port-object eq smtp
port-object eq https
port-object eq 6001
port-object eq 6002
port-object eq 6004
port-object eq ftp
port-object eq 8080
port-object eq 5274
port-object eq 51768
port-object eq 4345
port-object eq 8082
port-object eq 4343
group-object 3389
object-group service SQL tcp
port-object eq 1433
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
access-list scs_out extended deny tcp host yyy.yyy.yyy.200 any eq www
access-list scs_out extended permit tcp any any eq smtp
access-list scs_out extended permit tcp any any eq www
access-list Inside_nat0_outbound extended permit ip any host yyy.yyy.yyy.5
access-list Inside_nat0_outbound extended permit ip any yyy.yyy.yyy.0 255.255.255.
224
access-list Outside extended permit tcp host xxx.xxx.xxx.29 host A-yyy.yyy.yyy.230 o
bject-group Mail_Web
pager lines 24
logging enable
logging asdm informational
mtu Outside 1500
mtu Inside 1500
mtu management 1500
ip local pool pool2 yyy.yyy.yyy.6-yyy.yyy.yyy.16 mask 255.255.255.0
ip local pool G2RemoteSSL yyy.yyy.yyy.215-yyy.yyy.yyy.217 mask 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-623.bin
no asdm history enable
arp timeout 14400
global (Outside) 10 interface
nat (Inside) 0 access-list Inside_nat0_outbound
nat (Inside) 10 0.0.0.0 0.0.0.0
static (Inside,Inside) A-yyy.yyy.yyy.230 xxx.xxx.xxx.29 netmask 255.255.255.255
access-group Outside in interface Outside
route Outside 0.0.0.0 0.0.0.0 xxx.xxx.xxx.30 1
route Outside xxx.xxx.xxx.26 255.255.255.255 A-yyy.yyy.yyy.230 1
route Outside xxx.xxx.xxx.28 255.255.255.255 yyy.yyy.yyy.243 1
route Outside xxx.xxx.xxx.29 255.255.255.255 xxx.xxx.xxx.30 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server SEU-IIS protocol kerberos
aaa-server SEU-IIS (Inside) host A-yyy.yyy.yyy.230
timeout 5
kerberos-realm xxxyyy.COM
http server enable
http yyy.yyy.yyy.0 255.255.255.0 Inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map Outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto dynamic-map Outside_dyn_map 40 set transform-set ESP-3DES-SHA
crypto dynamic-map Outside_dyn_map 60 set transform-set ESP-3DES-SHA
crypto map Outside_map 65535 ipsec-isakmp dynamic Outside_dyn_map
crypto map Outside_map interface Outside
crypto ca trustpoint localtrust
enrollment self
fqdn SEUsslvpn.xxxyyy.com
subject-name CN=SEUsslvpn.xxxyyy.com
keypair SEUsslvpnkeypair
crl configure
crypto ca trustpoint ASDM_TrustPoint0
enrollment self
subject-name CN=SEUnloadASA.xxxyyy.com
keypair sslvpnkeypair
crl configure
crypto ca certificate chain localtrust
certificate 31
30820200 30820169 a0030201 02020131 300d0609 2a864886 f70d0101 04050030
46311e30 1c060355 04031315 53455573 736c7670 6e2e6469 762d6c6f 672e636f
6d312430 2206092a 864886f7 0d010902 16155345 5573736c 76706e2e 6469762d
6c6f672e 636f6d30 1e170d31 30303130 34313631 3430335a 170d3230 30313032
31363134 30335a30 46311e30 1c060355 04031315 53455573 736c7670 6e2e6469
762d6c6f 672e636f 6d312430 2206092a 864886f7 0d010902 16155345 5573736c
76706e2e 6469762d 6c6f672e 636f6d30 819f300d 06092a86 4886f70d 01010105
0003818d 00308189 02818100 c81b3280 bca09682 3812e1cb f5d6d046 3a2c951d
2df3e6ed 270e9a80 c85ae9f0 e76fc761 d249204f 1416c775 12796050 84fef88a
ea473b8e 8b7463e5 0aedd02c 9854feee e7265942 fa9efef1 43c07e88 d8786c5a
6830df1e 3604374e 3939cf4e 75db453d 94059cfe d6871dcc f3d26bc9 2ba431e9
c499a0ad cfbe3ebb 7f05922d 02030100 01300d06 092a8648 86f70d01 01040500
03818100 8e4bfd46 1f846e09 63b84017 a7fcf8de 8dffb21d afb880dd 8bebf803
d6102153 43467c1c 0458297c f0847d21 942c5a1f d2ddca5a 248d82a0 74128afb
dd380b49 076e376e de6364ce 91a6964d 20ca5fd7 0c478cef 2c795a55 7dc9cdfa
0c5dbe92 f012a835 f7f64991 62dcdbf7 6d6c2df5 e0bbbaa9 b0b84a8a 6ee2be47 b6f1
a51c
quit
crypto ca certificate chain ASDM_TrustPoint0
certificate fd3c424b
3082020b 30820174 a0030201 020204fd 3c424b30 0d06092a 864886f7 0d010104
0500304a 3120301e 06035504 03131753 45556e6c 6f616441 53412e64 69762d6c
6f672e63 6f6d3126 30240609 2a864886 f70d0109 02161753 45556e6c 6f616441
53412e44 49562d4c 4f472e43 4f4d301e 170d3130 30313034 31393039 34395a17
0d323030 31303231 39303934 395a304a 3120301e 06035504 03131753 45556e6c
6f616441 53412e64 69762d6c 6f672e63 6f6d3126 30240609 2a864886 f70d0109
02161753 45556e6c 6f616441 53412e44 49562d4c 4f472e43 4f4d3081 9f300d06
092a8648 86f70d01 01010500 03818d00 30818902 818100bd d99ba020 3ee9f12d
f5f8698e a858e98a 81af9392 b5933e24 09dd3662 78fe318e 68197454 d3a13942
d4cd53d1 ee6fd94a 1554cefd a6d43e40 4bf0c0c9 6df78e71 6e930174 7a6d4d4b
3c4f36b9 b0d31aca 694a7262 64d50dd9 76b2bfe2 e125c599 00deb292 02c1d9fa
c4bb9513 625f5ebc de091c4b 3f5d543e fd8d33f8 ddb6ed02 03010001 300d0609
2a864886 f70d0101 04050003 818100a0 4aeea524 6e703e78 bea5778a 8ef0e015
25b722ab ad5fe1fb e002feb8 16d79314 a8c89da9 d8a71323 a8b8d8a8 96ab468b
7929bfdf cecd4858 3f13d25e 11e3cb4b a3d9f39e 7fe2eb66 7198d607 2fa20e87
137b5673 86146450 c0684a1a 8e7b0aaa d61e81bc 51f9271c a18dd23a 4975091a
e499effc 8da77f2e 5ba571eb c51593
quit
crypto isakmp identity hostname
crypto isakmp enable Outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
no crypto isakmp nat-traversal
telnet yyy.yyy.yyy.0 255.255.255.0 Inside
telnet timeout 5
ssh 74.168.49.8 255.255.255.248 Outside
ssh 74.168.49.0 255.255.255.0 Outside
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection scanning-threat
threat-detection statistics
threat-detection statistics tcp-intercept rate-interval 90 burst-rate 400 averag
e-rate 200
ntp server A-yyy.yyy.yyy.230 source Inside prefer
ssl trust-point ASDM_TrustPoint0 Outside
webvpn
enable Outside
svc image disk0:/anyconnect-win-2.4.0202-k9.pkg 1
svc enable
tunnel-group-list enable
internal-password enable
group-policy SSLClientPolicy internal
group-policy SSLClientPolicy attributes
dns-server value yyy.yyy.yyy.230
vpn-tunnel-protocol svc
default-domain value xxxyyy.com
address-pools value pool2
group-policy test internal
group-policy test attributes
dns-server value yyy.yyy.yyy.230
vpn-tunnel-protocol IPSec l2tp-ipsec
default-domain value DIV-US.COM
group-policy GroupPolicy1 internal
group-policy GroupPolicy1 attributes
vpn-tunnel-protocol IPSec svc webvpn
webvpn
svc keep-installer installed
svc rekey time 30
svc rekey method ssl
svc ask enable
group-policy remote_users internal
group-policy remote_users attributes
dns-server value yyy.yyy.yyy.230
vpn-tunnel-protocol IPSec l2tp-ipsec webvpn
default-domain value div-us.com
group-policy Diversity internal
group-policy Diversity attributes
wins-server value yyy.yyy.yyy.230
dns-server value yyy.yyy.yyy.230
vpn-tunnel-protocol IPSec l2tp-ipsec webvpn
default-domain value xxxyyy.COM
group-policy AnyConnectGP internal
group-policy AnyConnectGP attributes
vpn-tunnel-protocol svc webvpn
webvpn
url-list value ServerList
svc ask enable
username ggaskill password GADyxZQZfVsde5DY encrypted privilege 0
username ggaskill attributes
vpn-group-policy remote_users
username G2CC password sS1KcD2t95NUKfUW encrypted privilege 15
username msheffield password qbzqAz0idizU48Ft encrypted privilege 0
username msheffield attributes
vpn-group-policy Diversity
tunnel-group DefaultWEBVPNGroup general-attributes
address-pool G2RemoteSSL
tunnel-group remote_users type remote-access
tunnel-group remote_users general-attributes
address-pool pool2
authentication-server-group SEU-IIS
default-group-policy remote_users
dhcp-server A-yyy.yyy.yyy.230
tunnel-group remote_users webvpn-attributes
authentication aaa certificate
tunnel-group remote_users ipsec-attributes
pre-shared-key *
tunnel-group test type remote-access
tunnel-group test general-attributes
address-pool G2RemoteSSL
default-group-policy test
dhcp-server A-yyy.yyy.yyy.230
tunnel-group test ipsec-attributes
pre-shared-key *
tunnel-group Diversity type remote-access
tunnel-group Diversity general-attributes
address-pool pool2
authentication-server-group SEU-IIS
default-group-policy Diversity
tunnel-group Diversity ipsec-attributes
pre-shared-key *
tunnel-group SSLClientProfile type remote-access
tunnel-group SSLClientProfile general-attributes
default-group-policy SSLClientPolicy
tunnel-group SSLClientProfile webvpn-attributes
group-alias SSLVPNClient enable
!
class-map CSC_ClassMap
match access-list scs_out
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns migrated_dns_map_1
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns migrated_dns_map_1
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
class CSC_ClassMap
csc fail-open
!
service-policy global_policy global
smtp-server yyy.yyy.yyy.230
prompt hostname context
Cryptochecksum:636fee87b2469177f4cef2166a636c1f