Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

NAT Translation error 305005

Status
Not open for further replies.
lynxul

lynxul

IS-IT--Management
Mar 10, 2008
11
0
0
DE
Hi All!

I keep receiving error 305005 on the nat translation of my backup line. The configs are below.

When the main line (outside) is up everything works fine, but when the secondary line (outside-backup) is connected to the same destination (10.85.125.128/26 + 10.85.125.192/26) I receive this error message.

NoNat is set up.

Here is the error:

Feb 07 2009 16:24:49 RO-FW01 : %ASA-3-305005: No translation group found for tcp src outside-backup:10.85.125.177/52782 dst inside:10.84.134.11/2000
Feb 07 2009 16:24:50 RO-FW01 : %ASA-3-305005: No translation group found for tcp src outside-backup:10.85.125.240/52341 dst inside:10.84.134.11/2000
Feb 07 2009 16:24:50 RO-FW01 : %ASA-3-305005: No translation group found for tcp src outside-backup:10.85.125.175/53049 dst inside:10.84.134.11/2000
Feb 07 2009 16:24:50 RO-FW01 : %ASA-3-305005: No translation group found for udp src outside-backup:10.85.125.215/55446 dst inside:10.84.8.12/53

And here are the configs:
interface Ethernet0/0
nameif outside
security-level 0
ip address 89.121.*.166 255.255.255.252
interface Ethernet0/3
nameif outside-backup
security-level 0
ip address 82.78.*.162 255.255.255.248
access-list np-nonat1-inside extended permit ip any any

nat-control
nat (inside) 0 access-list np-nonat1-inside


 
Sort by date Sort by votes
can you post your entire scrubbed config??

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
Upvote 0 Downvote
Can you be more specific? I cannot upload the whole configuration due to security considerations. But if there is another section that might be of interest please tell me.

Thank You!
 
Upvote 0 Downvote
By scrubbed config, he means to put X's in place of the middle 2 octets of any public addresses in your config, thus eliminating any security concerns.

Without being able to see the entire configuration it's often very difficult to pin-point configuration issues.
 
Upvote 0 Downvote
the "outside" interface works just fine. The issue is the "outside-backup" interface.

Here goes:


!
terminal width 511
hostname XX
!enable password <removed>
names
dns-guard
!
interface Ethernet0/0
nameif outside
security-level 0
ip address 89.X.X.166 255.255.255.252
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 10.84.36.13 255.255.128.0
!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/3
nameif outside-backup
security-level 0
ip address 82.X.X.162 255.255.255.248
!
interface Management0/0
shutdown
no nameif
no security-level
no ip address
!
!passwd <removed>
ftp mode passive
clock timezone EET 2
clock summer-time EEST recurring last Sun Mar 2:00 last Sun Oct 3:00
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
access-list ro-inside-in extended permit ip 10.84.0.0 255.252.0.0 10.0.0.0 255.252.0.0
access-list ro-inside-in extended permit icmp 10.254.2.72 255.255.255.252 10.254.2.0 255.255.255.252
access-list ro-inside-in extended permit tcp 10.254.2.72 255.255.255.252 gt 1023 10.254.2.0 255.255.255.252 eq bgp
access-list ro-inside-in extended permit ip 10.84.0.0 255.255.128.0 10.84.88.0 255.255.255.0
access-list ro-inside-in extended permit ip 10.84.0.0 255.255.128.0 10.85.125.128 255.255.255.192
access-list ro-inside-in extended permit ip 10.84.134.0 255.255.254.0 10.85.125.128 255.255.255.192
access-list ro-inside-in extended permit ip 10.254.84.0 255.255.255.252 10.254.84.100 255.255.255.252
access-list ro-inside-in extended permit ip 10.84.134.0 255.255.254.0 10.85.125.128 255.255.255.128
access-list ro-inside-in extended permit icmp 10.254.84.0 255.255.255.252 10.254.84.100 255.255.255.252
access-list ro-inside-in extended permit icmp 10.254.84.0 255.255.255.252 10.254.84.104 255.255.255.252
access-list ro-inside-in extended permit tcp 10.254.84.0 255.255.255.252 gt 1023 10.254.84.100 255.255.255.252 eq bgp
access-list ro-inside-in extended permit tcp 10.254.84.0 255.255.255.252 gt 1023 10.254.84.104 255.255.255.252 eq bgp
access-list ro-inside-in extended permit icmp 10.84.134.0 255.255.254.0 10.84.89.0 255.255.255.252 echo-reply
access-list ro-inside-in extended permit ip 10.84.0.0 255.252.0.0 10.84.88.0 255.255.255.0
access-list ro-inside-in extended permit ip 10.84.0.0 255.255.128.0 10.85.125.128 255.255.255.128
access-list ro-inside-in extended deny ip any any log
access-list ro-outside-in extended permit ip 10.0.0.0 255.252.0.0 10.84.0.0 255.252.0.0
access-list ro-outside-in extended permit icmp 10.254.2.0 255.255.255.252 10.254.2.72 255.255.255.252
access-list ro-outside-in extended permit tcp 10.254.2.0 255.255.255.252 gt 1023 10.254.2.72 255.255.255.252 eq bgp
access-list ro-outside-in extended permit ip 10.85.125.128 255.255.255.192 10.84.0.0 255.255.128.0
access-list ro-outside-in extended permit ip 10.85.125.128 255.255.255.192 10.84.134.0 255.255.254.0
access-list ro-outside-in extended permit ip 10.254.84.100 255.255.255.252 10.254.84.0 255.255.255.252
access-list ro-outside-in extended permit icmp 10.85.125.128 255.255.255.192 10.0.0.0 255.252.0.0
access-list ro-outside-in extended permit tcp 10.85.125.128 255.255.255.192 host 10.3.3.11 eq ftp
access-list ro-outside-in extended permit tcp 10.85.125.128 255.255.255.192 host 10.3.3.11 eq www
access-list ro-outside-in extended permit tcp 10.85.125.128 255.255.255.192 gt 1023 host 10.0.8.150 eq www
access-list ro-outside-in extended permit tcp 10.85.125.128 255.255.255.192 gt 1023 host 10.0.8.150 eq citrix-ica
access-list ro-outside-in extended permit tcp 10.85.125.128 255.255.255.192 gt 1023 host 10.0.8.150 eq 2598
access-list ro-outside-in extended permit tcp 10.85.125.128 255.255.255.192 gt 1023 host 10.0.8.161 eq www
access-list ro-outside-in extended permit tcp 10.85.125.128 255.255.255.192 gt 1023 host 10.0.8.161 eq citrix-ica
access-list ro-outside-in extended permit tcp 10.85.125.128 255.255.255.192 gt 1023 host 10.0.8.161 eq 2598
access-list ro-outside-in extended permit tcp 10.85.125.128 255.255.255.192 gt 1023 10.0.8.164 255.255.255.254 eq www
access-list ro-outside-in extended permit tcp 10.85.125.128 255.255.255.192 gt 1023 10.0.8.164 255.255.255.254 eq citrix-ica
access-list ro-outside-in extended permit tcp 10.85.125.128 255.255.255.192 gt 1023 10.0.8.164 255.255.255.254 eq 2598
access-list ro-outside-in extended permit tcp 10.254.84.100 255.255.255.252 gt 1023 10.254.84.0 255.255.255.252 eq bgp
access-list ro-outside-in extended permit tcp 10.85.125.128 255.255.255.192 gt 1023 host 10.3.3.11 eq https
access-list ro-outside-in extended permit tcp 10.85.125.128 255.255.255.192 gt 1023 host 10.3.3.11 eq 8080
access-list ro-outside-in extended permit tcp 10.85.125.128 255.255.255.192 gt 1023 host 10.0.8.202 eq 50080
access-list ro-outside-in extended permit tcp 10.85.125.128 255.255.255.192 gt 1023 host 10.0.8.202 range 58443 58444
access-list ro-outside-in extended permit udp 10.85.125.128 255.255.255.192 gt 1023 host 10.0.8.150 eq 1604
access-list ro-outside-in extended permit udp 10.85.125.128 255.255.255.192 gt 1023 host 10.0.8.161 eq 1604
access-list ro-outside-in extended permit udp 10.85.125.128 255.255.255.192 gt 1023 10.0.8.164 255.255.255.254 eq 1604
access-list ro-outside-in extended permit icmp 10.254.84.100 255.255.255.252 10.254.84.0 255.255.255.252
access-list ro-outside-in extended permit ip 10.85.125.128 255.255.255.128 10.84.0.0 255.255.128.0
access-list ro-outside-in extended permit ip 10.85.125.128 255.255.255.128 10.84.134.0 255.255.254.0
access-list ro-outside-in extended permit icmp 10.85.125.128 255.255.255.128 10.0.0.0 255.252.0.0
access-list ro-outside-in extended permit icmp 10.254.84.104 255.255.255.252 10.254.84.0 255.255.255.252
access-list ro-outside-in extended permit tcp 10.85.125.128 255.255.255.128 host 10.3.3.11 eq ftp
access-list ro-outside-in extended permit tcp 10.85.125.128 255.255.255.128 host 10.3.3.11 eq www
access-list ro-outside-in extended permit tcp 10.85.125.128 255.255.255.128 gt 1023 host 10.0.8.150 eq www
access-list ro-outside-in extended permit tcp 10.85.125.128 255.255.255.128 gt 1023 host 10.0.8.150 eq citrix-ica
access-list ro-outside-in extended permit tcp 10.85.125.128 255.255.255.128 gt 1023 host 10.0.8.150 eq 2598
access-list ro-outside-in extended permit tcp 10.85.125.128 255.255.255.128 gt 1023 host 10.0.8.161 eq www
access-list ro-outside-in extended permit tcp 10.85.125.128 255.255.255.128 gt 1023 host 10.0.8.161 eq citrix-ica
access-list ro-outside-in extended permit tcp 10.85.125.128 255.255.255.128 gt 1023 host 10.0.8.161 eq 2598
access-list ro-outside-in extended permit tcp 10.85.125.128 255.255.255.128 gt 1023 10.0.8.164 255.255.255.254 eq www
access-list ro-outside-in extended permit tcp 10.85.125.128 255.255.255.128 gt 1023 10.0.8.164 255.255.255.254 eq citrix-ica
access-list ro-outside-in extended permit tcp 10.85.125.128 255.255.255.128 gt 1023 10.0.8.164 255.255.255.254 eq 2598
access-list ro-outside-in extended permit tcp 10.254.84.104 255.255.255.252 gt 1023 10.254.84.0 255.255.255.252 eq bgp
access-list ro-outside-in extended permit tcp 10.85.125.128 255.255.255.128 gt 1023 host 10.3.3.11 eq https
access-list ro-outside-in extended permit tcp 10.85.125.128 255.255.255.128 gt 1023 host 10.3.3.11 eq 8080
access-list ro-outside-in extended permit tcp 10.85.125.128 255.255.255.128 gt 1023 host 10.0.8.202 eq 50080
access-list ro-outside-in extended permit tcp 10.85.125.128 255.255.255.128 gt 1023 host 10.0.8.202 range 58443 58444
access-list ro-outside-in extended permit udp 10.85.125.128 255.255.255.128 gt 1023 host 10.0.8.150 eq 1604
access-list ro-outside-in extended permit udp 10.85.125.128 255.255.255.128 gt 1023 host 10.0.8.161 eq 1604
access-list ro-outside-in extended permit udp 10.85.125.128 255.255.255.128 gt 1023 10.0.8.164 255.255.255.254 eq 1604
access-list ro-outside-in extended permit icmp 10.84.89.0 255.255.255.252 10.84.134.0 255.255.254.0 echo
access-list ro-outside-in extended permit tcp 10.84.89.0 255.255.255.252 10.84.134.0 255.255.254.0 eq ssh
access-list ro-outside-in extended permit tcp 10.84.89.0 255.255.255.252 10.84.134.0 255.255.254.0 eq www
access-list ro-outside-in extended permit tcp 10.84.89.0 255.255.255.252 10.84.134.0 255.255.254.0 eq 3389
access-list ro-outside-in extended permit tcp 10.84.89.0 255.255.255.252 gt 1023 10.84.134.0 255.255.254.0 eq telnet
access-list ro-outside-in extended permit tcp 10.84.89.0 255.255.255.252 gt 1023 10.84.134.0 255.255.254.0 eq https
access-list ro-outside-in extended permit tcp 10.84.89.0 255.255.255.252 gt 1023 10.84.134.0 255.255.254.0 eq 2000
access-list ro-outside-in extended permit tcp 10.84.89.0 255.255.255.252 gt 1023 10.84.134.0 255.255.254.0 range 5900 5963
access-list ro-outside-in extended permit tcp host 10.85.125.129 10.0.36.0 255.255.255.0 eq tacacs
access-list ro-outside-in extended permit tcp host 10.85.125.193 10.0.36.0 255.255.255.0 eq tacacs
access-list ro-outside-in extended permit tcp 10.85.125.128 255.255.255.192 host 10.84.8.13 eq 99
access-list ro-outside-in extended permit tcp 10.85.125.192 255.255.255.192 host 10.84.8.13 eq 99
access-list ro-outside-in extended permit tcp 10.85.125.128 255.255.255.128 gt 1023 10.3.3.170 255.255.255.254 eq www
access-list ro-outside-in extended permit tcp 10.85.125.128 255.255.255.128 gt 1023 10.3.8.0 255.255.255.0 eq citrix-ica
access-list ro-outside-in extended permit tcp 10.85.125.128 255.255.255.128 gt 1023 10.3.8.0 255.255.255.0 eq 2598
access-list ro-outside-in extended permit ip 10.84.88.0 255.255.255.0 10.84.0.0 255.252.0.0
access-list ro-outside-in extended permit ip 10.84.88.0 255.255.255.0 10.0.0.0 255.252.0.0
access-list ro-outside-in extended permit tcp host 10.85.125.130 10.0.36.0 255.255.255.0 eq tacacs
access-list ro-outside-in extended permit tcp host 10.85.125.194 10.0.36.0 255.255.255.0 eq tacacs
access-list ro-outside-in extended permit ip host 10.85.125.161 10.84.0.0 255.252.0.0
access-list ro-outside-in extended deny ip any any log
access-list np-nonat1-inside extended permit ip any any
access-list np-ipsec-vc49-tunnel1 extended permit ip 10.84.0.0 255.252.0.0 10.0.0.0 255.252.0.0
access-list np-ipsec-vc49-tunnel1 extended permit ip 10.254.2.72 255.255.255.252 10.254.2.0 255.255.255.252
access-list np-ipsec-vc3-tunnel1 extended permit ip 10.0.0.0 255.252.0.0 10.85.125.192 255.255.255.192
access-list np-ipsec-vc3-tunnel1 extended permit ip 10.84.0.0 255.255.128.0 10.85.125.192 255.255.255.192
access-list np-ipsec-vc3-tunnel1 extended permit ip 10.84.134.0 255.255.254.0 10.85.125.192 255.255.255.192
access-list np-ipsec-vc3-tunnel1 extended permit ip 10.254.84.0 255.255.255.252 10.254.84.104 255.255.255.252
access-list np-ipsec-vc1-tunnel1 extended permit ip 10.0.0.0 255.252.0.0 10.85.125.128 255.255.255.192
access-list np-ipsec-vc1-tunnel1 extended permit ip 10.84.0.0 255.255.128.0 10.85.125.128 255.255.255.192
access-list np-ipsec-vc1-tunnel1 extended permit ip 10.84.134.0 255.255.254.0 10.85.125.128 255.255.255.192
access-list np-ipsec-vc1-tunnel1 extended permit ip 10.254.84.0 255.255.255.252 10.254.84.100 255.255.255.252
access-list np-ipsec-vc11-tunnel1 extended permit ip 10.0.0.0 255.252.0.0 10.85.125.128 255.255.255.192
access-list np-ipsec-vc11-tunnel1 extended permit ip 10.84.0.0 255.255.128.0 10.85.125.128 255.255.255.192
access-list np-ipsec-vc11-tunnel1 extended permit ip 10.84.134.0 255.255.254.0 10.85.125.128 255.255.255.192
access-list np-ipsec-vc11-tunnel1 extended permit ip 10.254.84.0 255.255.255.252 10.254.84.100 255.255.255.252
access-list np-ipsec-vc31-tunnel1 extended permit ip 10.0.0.0 255.252.0.0 10.85.125.192 255.255.255.192
access-list np-ipsec-vc31-tunnel1 extended permit ip 10.84.0.0 255.255.128.0 10.85.125.192 255.255.255.192
access-list np-ipsec-vc31-tunnel1 extended permit ip 10.84.134.0 255.255.254.0 10.85.125.192 255.255.255.192
access-list np-ipsec-vc31-tunnel1 extended permit ip 10.254.84.0 255.255.255.252 10.254.84.104 255.255.255.252
pager lines 24
logging enable
logging timestamp
logging monitor warnings
logging buffered warnings
logging trap warnings
logging facility 23
logging device-id hostname
logging host inside 10.84.8.17
logging host inside 10.84.20.14
logging host outside 10.0.36.100
logging message 199001 level alerts
logging message 111008 level alerts
logging message 111005 level alerts
mtu outside 1500
mtu inside 1500
mtu outside-backup 1500
ip local pool np-pool-vc4-tunnel1 10.84.89.0-10.84.89.3
ip local pool np-pool-vc5-tunnel1 10.84.88.0-10.84.88.255
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
nat-control
nat (inside) 0 access-list np-nonat1-inside
access-group ro-outside-in in interface outside
access-group ro-inside-in in interface inside
access-group ro-outside-in in interface outside-backup
route outside 0.0.0.0 0.0.0.0 89.X.X.165 1 track 1
route outside-backup 0.0.0.0 0.0.0.0 82.X.X.161 10 track 2
route inside 10.84.134.0 255.255.254.0 10.84.32.1 1
route inside 10.254.2.72 255.255.255.252 10.84.32.1 1
route inside 10.254.84.0 255.255.255.252 10.84.32.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
aaa-server MANAGEMENT protocol tacacs+
aaa-server MANAGEMENT (outside) host 62.X.X.54
timeout 2
key ezd4fss8jfm4mjj8
aaa-server MANAGEMENT (outside) host 62.X.X.34
timeout 2
key ezd4fss8jfm4mjj8
aaa-server MANAGEMENT host 10.0.36.20
timeout 2
key ezd4fss8jfm4mjj8
aaa-server MANAGEMENT host 10.0.36.51
timeout 2
key ezd4fss8jfm4mjj8
aaa-server np-bbb1-radius protocol radius
aaa-server np-bbb1-radius (outside) host 62.X.X.55
timeout 5
key sscfraINT
authentication-port 1812
accounting-port 1813
aaa-server np-bbb1-radius (outside) host 62.X.X.33
timeout 5
key sscfraINT
authentication-port 1812
accounting-port 1813
group-policy RO-VoIP-Support internal
group-policy RO-VoIP-Support attributes
wins-server none
dns-server none
vpn-idle-timeout 600
split-tunnel-policy tunnelall
split-tunnel-network-list none
default-domain none
group-policy RO-RemoteUser internal
group-policy RO-RemoteUser attributes
wins-server none
dns-server value 10.84.8.11
vpn-idle-timeout 600
split-tunnel-policy tunnelall
split-tunnel-network-list none
default-domain value X.X.net
aaa authentication ssh console MANAGEMENT LOCAL
aaa authentication telnet console MANAGEMENT LOCAL
aaa authentication enable console MANAGEMENT LOCAL
snmp-server host inside 10.0.81.64 poll community L-RO-SNMP-RO
snmp-server host inside 10.84.8.17 poll community L-RO-SNMP-RO
no snmp-server location
no snmp-server contact
snmp-server community L-INT-SNMP-RO
snmp-server enable traps snmp authentication linkup linkdown coldstart
no sysopt connection permit-vpn
sla monitor 1
type echo protocol ipIcmpEcho 193.0.14.129 interface outside
num-packets 5
frequency 10
sla monitor schedule 1 life forever start-time now
sla monitor 2
type echo protocol ipIcmpEcho 199.7.83.42 interface outside-backup
num-packets 5
frequency 10
sla monitor schedule 2 life forever start-time now
crypto ipsec transform-set np-trans1-vc49-tunnel1 esp-3des esp-sha-hmac
crypto ipsec transform-set np-trans1-vc1-tunnel1 esp-aes-256 esp-sha-hmac
crypto ipsec transform-set np-trans1-vc3-tunnel1 esp-aes-256 esp-sha-hmac
crypto ipsec transform-set np-trans1-vc4-tunnel1 esp-3des esp-sha-hmac
crypto ipsec transform-set np-trans1-vc5-tunnel1 esp-3des esp-sha-hmac
crypto ipsec transform-set np-trans1-vc11-tunnel1 esp-aes-256 esp-sha-hmac
crypto ipsec transform-set np-trans1-vc31-tunnel1 esp-aes-256 esp-sha-hmac
crypto dynamic-map np-dmap-vc4-tunnel1 30004 set transform-set np-trans1-vc4-tunnel1
crypto dynamic-map np-dmap-vc5-tunnel1 30005 set transform-set np-trans1-vc5-tunnel1
crypto map np-cmap-outside 1 match address np-ipsec-vc1-tunnel1
crypto map np-cmap-outside 1 set pfs group5
crypto map np-cmap-outside 1 set peer 89.X.X.90
crypto map np-cmap-outside 1 set transform-set np-trans1-vc1-tunnel1
crypto map np-cmap-outside 3 match address np-ipsec-vc3-tunnel1
crypto map np-cmap-outside 3 set pfs group5
crypto map np-cmap-outside 3 set peer 89.X.X.250
crypto map np-cmap-outside 3 set transform-set np-trans1-vc3-tunnel1
crypto map np-cmap-outside 49 match address np-ipsec-vc49-tunnel1
crypto map np-cmap-outside 49 set pfs
crypto map np-cmap-outside 49 set peer 62.X.X.60
crypto map np-cmap-outside 49 set transform-set np-trans1-vc49-tunnel1
crypto map np-cmap-outside 30004 ipsec-isakmp dynamic np-dmap-vc4-tunnel1
crypto map np-cmap-outside 30005 ipsec-isakmp dynamic np-dmap-vc5-tunnel1
crypto map np-cmap-outside interface outside
crypto map np-cmap-outside-backup 11 match address np-ipsec-vc11-tunnel1
crypto map np-cmap-outside-backup 11 set pfs group5
crypto map np-cmap-outside-backup 11 set peer 89.X.X.90
crypto map np-cmap-outside-backup 11 set transform-set np-trans1-vc11-tunnel1
crypto map np-cmap-outside-backup 31 match address np-ipsec-vc31-tunnel1
crypto map np-cmap-outside-backup 31 set pfs group5
crypto map np-cmap-outside-backup 31 set peer 89.X.X.250
crypto map np-cmap-outside-backup 31 set transform-set np-trans1-vc31-tunnel1
crypto map np-cmap-outside-backup interface outside-backup
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp enable outside-backup
crypto isakmp policy 1
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 43200
crypto isakmp policy 100
authentication pre-share
encryption aes-256
hash sha
group 5
lifetime 86400
crypto isakmp nat-traversal 20
!
track 1 rtr 1 reachability
!
track 2 rtr 2 reachability
tunnel-group 62.X.X.60 type ipsec-l2l
tunnel-group 62.X.X.60 ipsec-attributes
pre-shared-key *
isakmp keepalive threshold 120 retry 10
tunnel-group 89.X.X.90 type ipsec-l2l
tunnel-group 89.X.X.90 ipsec-attributes
pre-shared-key *
isakmp keepalive threshold 120 retry 10
tunnel-group 89.X.X.250 type ipsec-l2l
tunnel-group 89.X.X.250 ipsec-attributes
pre-shared-key *
isakmp keepalive threshold 120 retry 10
tunnel-group RO-VoIP-Support type ipsec-ra
tunnel-group RO-VoIP-Support general-attributes
address-pool np-pool-vc4-tunnel1
authentication-server-group np-bbb1-radius
default-group-policy RO-VoIP-Support
tunnel-group RO-VoIP-Support ipsec-attributes
pre-shared-key *
isakmp keepalive threshold 120 retry 10
tunnel-group RO-RemoteUser type ipsec-ra
tunnel-group RO-RemoteUser general-attributes
address-pool np-pool-vc5-tunnel1
authentication-server-group np-bbb1-radius
default-group-policy RO-RemoteUser
tunnel-group RO-RemoteUser ipsec-attributes
pre-shared-key *
isakmp keepalive threshold 120 retry 10
telnet 10.0.81.0 255.255.255.0 outside
telnet 10.0.81.0 255.255.255.0 inside
telnet 10.84.0.0 255.255.128.0 inside
telnet timeout 5
ssh 10.0.36.22 255.255.255.255 outside
ssh 62.X.X.216 255.255.255.248 outside
ssh 62.X.X.0 255.255.255.128 outside
ssh 10.84.0.0 255.255.0.0 inside
ssh timeout 5
console timeout 0
management-access inside
!
class-map np-classmap-inspection_default
match default-inspection-traffic
class-map inspection_default
match default-inspection-traffic
!
policy-map type inspect dns migrated_dns_map_1
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns migrated_dns_map_1
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
policy-map np-policymap-global
class np-classmap-inspection_default
inspect ctiqbe
inspect esmtp
inspect ftp
inspect h323 h225
inspect h323 ras
inspect http
inspect icmp
inspect icmp error
inspect ils
inspect mgcp
inspect netbios
inspect pptp
inspect rsh
inspect rtsp
inspect sip
inspect skinny
inspect snmp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect xdmcp
!
service-policy np-policymap-global global
ntp server 10.84.32.1 source inside
prompt hostname context
Cryptochecksum:65c136a3bcabae76b9102feffc8630ef
: end

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

intel233
  • Locked
  • Question
Cisco ASA 5510 -Static NAT Help
Replies
8
Views
156
intel233
intel233
steve777777
  • Locked
  • Question
Cisco ASA VPN+NAT
Replies
0
Views
49
steve777777
steve777777
pbxnkey
  • Locked
  • Question
Cisco ASA VPN using Windows Client-Error 691
Replies
1
Views
53
pbxnkey
pbxnkey
dgoradia
  • Locked
  • Question
Second public IP NAT to LAN
Replies
0
Views
37
dgoradia
dgoradia
ttrsux
  • Locked
  • Question
Error opening IKE port 4500 on Interface outside
Replies
0
Views
52
ttrsux
ttrsux

Part and Inventory Search

Sponsor

Back
Top