computerjock33
Technical User
I am VERY new to cisco but have our 5520 out of the box, interfaces configured and ran the wizzard for remote access vpn. I have client 4.8 (tried 5 already) installed/configured. I can connect from the test laptop using a verizon aircard and can ping the core router inside the network and telnet to it..I can ping the windows AD servers by ip and name.....but I am unable to connect to my shared network drives and internal websites. Im guessing there are some acl's or other configs I need to add? here is my config.....again this setup is taking it right out of box and configing what little I know how....
Password:
Type help or '?' for a list of available commands.
cdpasa1> en
Password: *******
cdpasa1# show config
: Saved
: Written by enable_15 at 09:06:30.182 UTC Fri Feb 29 2008
!
ASA Version 7.0(7)
!
hostname cdpasa1
domain-name xx.com
enable password BWaQlcykry5AAxTH encrypted
names
dns-guard
!
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address x.x.x.2 255.255.255.224
!
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 10.2.30.13 255.255.192.0
!
interface GigabitEthernet0/2
nameif dmz
security-level 4
ip address 10.2.69.253 255.255.255.0
!
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
!
passwd BWaQlcykry5AAxTH encrypted
ftp mode passive
access-list inside_nat0_outbound extended permit ip 10.2.0.0 255.255.0.0 10.2.15
.0 255.255.255.128
access-list cdpvpn_splitTunnelAcl standard permit 10.2.0.0 255.255.0.0
pager lines 24
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu dmz 1500
mtu management 1500
ip local pool vpnpool 10.2.15.50-10.2.15.100 mask 255.255.192.0
no failover
asdm image disk0:/asdm-507.bin
asdm location 10.2.15.0 255.255.255.128 inside
no asdm history enable
arp timeout 14400
global (outside) 1 x.x.x.5-x.x.x.10
nat (inside) 0 access-list inside_nat0_outbound
route outside 0.0.0.0 0.0.0.0 x.x.x.2 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
group-policy cdpvpn internal
group-policy cdpvpn attributes
dns-server value 10.2.20.226 10.2.30.28
split-tunnel-policy tunnelspecified
split-tunnel-network-list value cdpvpn_splitTunnelAcl
default-domain value cecodoor.com
webvpn
username administrator password q9GpTpcDIJAP0oyU encrypted privilege 0
username administrator attributes
vpn-group-policy cdpvpn
webvpn
username mtimmons password srZIgkUKmdG5YShq encrypted privilege 0
username mtimmons attributes
vpn-group-policy cdpvpn
webvpn
username chays password FGccKypISxbnWXPY encrypted privilege 0
username chays attributes
vpn-group-policy cdpvpn
webvpn
username mcampbell password LEE375M0IU08b8wE encrypted privilege 0
username mcampbell attributes
vpn-group-policy cdpvpn
webvpn
http server enable
http 10.2.0.0 255.255.0.0 inside
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
isakmp enable outside
isakmp enable inside
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
tunnel-group cdpvpn type ipsec-ra
tunnel-group cdpvpn general-attributes
default-group-policy cdpvpn
dhcp-server 10.2.20.226
tunnel-group cdpvpn ipsec-attributes
pre-shared-key *
telnet 10.2.0.0 255.255.0.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd lease 3600
dhcpd ping_timeout 50
dhcpd enable management
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect dns maximum-length 512
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect http
!
service-policy global_policy global
Cryptochecksum:b454086ee40e79a486e088b4b72446f5
cdpasa1#
thanks for any help offered!!!!!!
Password:
Type help or '?' for a list of available commands.
cdpasa1> en
Password: *******
cdpasa1# show config
: Saved
: Written by enable_15 at 09:06:30.182 UTC Fri Feb 29 2008
!
ASA Version 7.0(7)
!
hostname cdpasa1
domain-name xx.com
enable password BWaQlcykry5AAxTH encrypted
names
dns-guard
!
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address x.x.x.2 255.255.255.224
!
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 10.2.30.13 255.255.192.0
!
interface GigabitEthernet0/2
nameif dmz
security-level 4
ip address 10.2.69.253 255.255.255.0
!
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
!
passwd BWaQlcykry5AAxTH encrypted
ftp mode passive
access-list inside_nat0_outbound extended permit ip 10.2.0.0 255.255.0.0 10.2.15
.0 255.255.255.128
access-list cdpvpn_splitTunnelAcl standard permit 10.2.0.0 255.255.0.0
pager lines 24
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu dmz 1500
mtu management 1500
ip local pool vpnpool 10.2.15.50-10.2.15.100 mask 255.255.192.0
no failover
asdm image disk0:/asdm-507.bin
asdm location 10.2.15.0 255.255.255.128 inside
no asdm history enable
arp timeout 14400
global (outside) 1 x.x.x.5-x.x.x.10
nat (inside) 0 access-list inside_nat0_outbound
route outside 0.0.0.0 0.0.0.0 x.x.x.2 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
group-policy cdpvpn internal
group-policy cdpvpn attributes
dns-server value 10.2.20.226 10.2.30.28
split-tunnel-policy tunnelspecified
split-tunnel-network-list value cdpvpn_splitTunnelAcl
default-domain value cecodoor.com
webvpn
username administrator password q9GpTpcDIJAP0oyU encrypted privilege 0
username administrator attributes
vpn-group-policy cdpvpn
webvpn
username mtimmons password srZIgkUKmdG5YShq encrypted privilege 0
username mtimmons attributes
vpn-group-policy cdpvpn
webvpn
username chays password FGccKypISxbnWXPY encrypted privilege 0
username chays attributes
vpn-group-policy cdpvpn
webvpn
username mcampbell password LEE375M0IU08b8wE encrypted privilege 0
username mcampbell attributes
vpn-group-policy cdpvpn
webvpn
http server enable
http 10.2.0.0 255.255.0.0 inside
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
isakmp enable outside
isakmp enable inside
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
tunnel-group cdpvpn type ipsec-ra
tunnel-group cdpvpn general-attributes
default-group-policy cdpvpn
dhcp-server 10.2.20.226
tunnel-group cdpvpn ipsec-attributes
pre-shared-key *
telnet 10.2.0.0 255.255.0.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd lease 3600
dhcpd ping_timeout 50
dhcpd enable management
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect dns maximum-length 512
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect http
!
service-policy global_policy global
Cryptochecksum:b454086ee40e79a486e088b4b72446f5
cdpasa1#
thanks for any help offered!!!!!!