PIX newbie and issues

aschwartz71 · Feb 6, 2009

I am working with a company that wants to create a VPN tunnel with us, and I am working on that with them. I really know close to next to nothing about cisco, and am having some issues.
I am putting in this command
access-list VENDOR permit ip nw-srb-us-002 255.255.0.0 172.30.255.128 255.255.255.192

and when I look at the config, I see it listed with the word extended added to it, like this

access-list VENDOR extended permit ip nw-srb-us-002 255.255.0.0 172.30.255.128 255.255.255.192

I know I am not adding that, and I was told that it needs to not be there. I removed it (by typing no and then the command) and it removed it, couldnt find it, and then readded it again, and it came back with the extended in again. Any ideas on this.

Also, for some reason, when I am adding this line,
crypto map Outside_map 20 ipsec-isakmp
I get an unknown command error. Outside_map is listed already, so I know its a valid map_name.

Of course I am only going on what I was given by these clients, and they are not really a good help for me. I am looking into getting a service contract with cisco (I called, and of course it is out of service contract) but for now, I would love to know what I am doing wrong.

Thanks.

North323 · Feb 6, 2009

whats wrong with having 'extended' in your acl? you have a source and destination, that is an extended acl:

http://www.networkclue.com/routing/Cisco/access-lists/index.aspx

aschwartz71 · Feb 6, 2009

I believe that it shouldnt cause an issue then, thanks for the link

One other thing, any thoughts on why this wouldnt work??

crypto map Outside_map 20 ipsec-isakmp
I get an unknown command error. Outside_map is listed already, so I know its a valid map_name.

North323 · Feb 6, 2009

can you post a scrubbed config (no real IP's). its hard to trouble shoot with one command...

unclerico · Feb 6, 2009

chances are your map is listed as outside_map and not Outside_map

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

aschwartz71 · Feb 6, 2009

Heres my config. Thanks.

Result of the command: "show config"

: Saved
: Written by enable_15 at 09:34:24.821 EST Fri Feb 6 2009
!
PIX Version 8.0(3)12
!
hostname fw
domain-name wst.local
enable password encrypted
passwd encrypted
names
name 10.2.0.0 nw-mis-ca-001
name 10.1.0.0 nw-srb-us-001
name 172.16.0.0 nw-srb-us-002
name 172.16.0.2 server002 description Blackberry server
name 172.16.0.20 server020
name 10.1.30.0 VPN_Home_access
name 10.1.30.128 VPN_IT_Access
name 172.16.0.42 server042 description Websense Email filter
name 172.16.0.30 server030
dns-guard
!
interface Ethernet0
nameif Outside
security-level 0
ip address IP 255.255.255.128 standby IP
ospf cost 10
!
interface Ethernet1
nameif inside
security-level 100
ip address 10.1.24.1 255.255.224.0 standby 10.1.24.2
ospf cost 10
!
boot system flash:/pix.bin
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns domain-lookup inside
dns server-group DefaultDNS
name-server 172.16.0.1
domain-name wst.local
object-group service ACLG-PublicWebService tcp
port-object eq www
port-object eq https
object-group service ACLG-TerminalService tcp
port-object eq 3389
object-group service ACLG-PublicFTPService tcp
port-object eq ftp
object-group service ACLG-Public-EDI_In tcp
port-object eq 5080
port-object eq www
port-object eq https
object-group service ACLG-Public-EDI_Out tcp
port-object eq 5080
port-object eq ftp
port-object eq www
port-object eq https
port-object range 6366 6419
object-group network ng-srb-us-001
network-object nw-srb-us-001 255.255.224.0
network-object nw-srb-us-002 255.255.0.0
object-group service DM_INLINE_TCP_1 tcp
port-object eq 1537
port-object eq 1570
object-group network DM_INLINE_NETWORK_1
network-object nw-srb-us-001 255.255.224.0
network-object nw-srb-us-002 255.255.0.0
object-group network DM_INLINE_NETWORK_2
network-object nw-srb-us-001 255.255.224.0
network-object nw-srb-us-002 255.255.0.0
object-group network DM_INLINE_NETWORK_3
network-object host server020
network-object host 172.16.0.4
network-object host server042
object-group service test85 tcp
port-object eq 85
access-list inside_access_in extended permit tcp any any eq telnet
access-list inside_access_in extended permit tcp object-group DM_INLINE_NETWORK_3 any eq smtp
access-list inside_access_in extended permit tcp any any eq www
access-list inside_access_in extended permit tcp any any eq https
access-list inside_access_in extended permit tcp any any eq ftp
access-list inside_access_in extended permit udp any OutIP 255.255.255.128 eq snmp
access-list inside_access_in extended permit tcp any any eq aol
access-list inside_access_in extended permit udp any any eq ntp
access-list inside_access_in extended permit tcp any any eq 1863
access-list inside_access_in remark IBM Director
access-list inside_access_in extended permit tcp any any eq 7618
access-list inside_access_in extended permit icmp any any echo
access-list inside_access_in extended permit icmp any any echo-reply
access-list inside_access_in extended permit tcp any any eq domain
access-list inside_access_in extended permit udp any any eq domain
access-list inside_access_in extended permit tcp host 172.16.0.19 any eq 3101
access-list inside_access_in extended permit tcp host 172.16.0.225 any object-group ACLG-Public-EDI_Out
access-list inside_access_in extended permit ip any nw-mis-ca-001 255.255.224.0
access-list inside_access_in extended permit tcp any any object-group test85
access-list inside_access_in remark IBM Director
access-list inside_access_in remark IBM Director
access-list inside_access_in remark IBM Director
access-list inside_access_in remark IBM Director
access-list inside_access_in remark IBM Director
access-list inside_access_in remark IBM Director
access-list inside_access_in remark IBM Director
access-list inside_access_in remark IBM Director
access-list inside_access_in remark IBM Director
access-list inside_access_in remark IBM Director
access-list inside_access_in remark IBM Director
access-list Outside_access_in remark Terminal Services to Server038
access-list Outside_access_in extended permit tcp any host IN object-group ACLG-TerminalService
access-list Outside_access_in remark Terminal Services to Server026
access-list Outside_access_in extended permit tcp any host INobject-group ACLG-TerminalService
access-list Outside_access_in remark Terminal Services to SERVER039
access-list Outside_access_in extended permit tcp any host in.ip.11 object-group ACLG-TerminalService
access-list Outside_access_in remark ftp.p.com
access-list Outside_access_in extended permit tcp any host in.ip.16 object-group ACLG-PublicFTPService
access-list Outside_access_in extended permit tcp any host in.ip.18 object-group ACLG-PublicFTPService
access-list Outside_access_in extended permit tcp any host in.ip.19 object-group ACLG-PublicWebService
access-list Outside_access_in remark

http://www.ispfulfillment.com

access-list Outside_access_in extended permit tcp any host in.ip.29 object-group ACLG-PublicWebService
access-list Outside_access_in remark mail.ispfulfillment.com
access-list Outside_access_in extended permit tcp any host in.ip.30 eq smtp
access-list Outside_access_in remark

http://www.internationalsoftwarepartners.com

access-list Outside_access_in extended permit tcp any host in.ip.33 object-group ACLG-PublicWebService
access-list Outside_access_in remark mail.internationalsoftwarepartners.com
access-list Outside_access_in extended permit tcp any host in.ip.34 eq smtp
access-list Outside_access_in remark mail.lb-info.com
access-list Outside_access_in extended permit tcp any host in.ip.38 eq smtp
access-list Outside_access_in remark mail.wtg-info.com
access-list Outside_access_in extended permit tcp any host in.ip.42 eq smtp
access-list Outside_access_in remark mail.pp-info.com
access-list Outside_access_in extended permit tcp any host in.ip.46 eq smtp
access-list Outside_access_in remark mail.tx-info.com
access-list Outside_access_in extended permit tcp any host in.ip.50 eq smtp
access-list Outside_access_in remark

http://www.wtggroup.com

access-list Outside_access_in extended permit tcp any host in.ip.53 object-group ACLG-PublicWebService
access-list Outside_access_in remark mail.wtggroup.com
access-list Outside_access_in extended permit tcp any host in.ip.54 eq smtp
access-list Outside_access_in remark edi.wtg.com (OLD)
access-list Outside_access_in extended permit tcp any host in.ip.60 object-group ACLG-Public-EDI_In
access-list Outside_access_in remark

http://www.ppp.com

access-list Outside_access_in extended permit tcp any host in.ip.61 object-group ACLG-PublicWebService
access-list Outside_access_in remark mail.ppp.com
access-list Outside_access_in extended permit tcp any host in.ip.62 eq smtp
access-list Outside_access_in remark

http://www.wttech.com

access-list Outside_access_in extended permit tcp any host in.ip.65 object-group ACLG-PublicWebService
access-list Outside_access_in remark mail.wttech.com
access-list Outside_access_in extended permit tcp any host in.ip.66 eq smtp
access-list Outside_access_in remark

http://www.pp.com

access-list Outside_access_in extended permit tcp any host in.ip.69 object-group ACLG-PublicWebService
access-list Outside_access_in remark mail.pp.com
access-list Outside_access_in extended permit tcp any host in.ip.70 eq smtp
access-list Outside_access_in remark

http://www.pp.com

access-list Outside_access_in extended permit tcp any host in.ip.73 object-group ACLG-PublicWebService
access-list Outside_access_in remark mail.pp.com
access-list Outside_access_in extended permit tcp any host in.ip.74 eq smtp
access-list Outside_access_in remark quotes.pp.com
access-list Outside_access_in extended permit tcp any host in.ip.76 object-group ACLG-PublicWebService
access-list Outside_access_in remark

http://www.ppp.ca

access-list Outside_access_in extended permit tcp any host in.ip.77 object-group ACLG-PublicWebService
access-list Outside_access_in remark mail.ppp.ca
access-list Outside_access_in extended permit tcp any host in.ip.78 eq smtp
access-list Outside_access_in remark quotes.ppp.ca
access-list Outside_access_in extended permit tcp any host in.ip.80 object-group ACLG-PublicWebService
access-list Outside_access_in remark

http://www.lb.com

access-list Outside_access_in extended permit tcp any host in.ip.81 object-group ACLG-PublicWebService
access-list Outside_access_in remark mail.lb.com
access-list Outside_access_in extended permit tcp any host in.ip.82 eq smtp
access-list Outside_access_in remark ftp.lb.com
access-list Outside_access_in extended permit tcp any host in.ip.83 object-group ACLG-PublicFTPService
access-list Outside_access_in remark quotes.lb.com
access-list Outside_access_in extended permit tcp any host in.ip.84 object-group ACLG-PublicWebService
access-list Outside_access_in remark

http://www.lb.net

access-list Outside_access_in extended permit tcp any host in.ip.85 object-group ACLG-PublicWebService
access-list Outside_access_in remark mail.lb.net
access-list Outside_access_in extended permit tcp any host in.ip.86 eq smtp
access-list Outside_access_in remark

http://www.lb.ca

access-list Outside_access_in extended permit tcp any host in.ip.89 object-group ACLG-PublicWebService
access-list Outside_access_in remark mail.lb.ca
access-list Outside_access_in extended permit tcp any host in.ip.90 eq smtp
access-list Outside_access_in remark quotes.lb.ca
access-list Outside_access_in extended permit tcp any host in.ip.92 object-group ACLG-PublicWebService
access-list Outside_access_in remark

http://www.wttechnologies.com

access-list Outside_access_in extended permit tcp any host in.ip.93 object-group ACLG-PublicWebService
access-list Outside_access_in remark mail.wttechnologies.com
access-list Outside_access_in extended permit tcp any host in.ip.94 eq smtp
access-list Outside_access_in remark

http://www.wtg.com

access-list Outside_access_in extended permit tcp any host in.ip.97 object-group ACLG-PublicWebService
access-list Outside_access_in remark mail.wtg.com
access-list Outside_access_in extended permit tcp any host in.ip.98 eq smtp
access-list Outside_access_in remark ftp.wtg.com
access-list Outside_access_in extended permit tcp any host in.ip.99 object-group ACLG-PublicFTPService
access-list Outside_access_in remark quotes.wtg.com
access-list Outside_access_in extended permit tcp any host in.ip.100 object-group ACLG-PublicWebService
access-list Outside_access_in remark In use for Server Observe
access-list Outside_access_in extended permit tcp any host in.ip.102 object-group ACLG-PublicFTPService
access-list Outside_access_in remark edi.wtg.com
access-list Outside_access_in extended permit tcp any host in.ip.103 object-group ACLG-Public-EDI_In
access-list Outside_access_in remark ftp-edi.wtg.com
access-list Outside_access_in extended permit tcp any host in.ip.104 object-group ACLG-PublicFTPService
access-list Outside_access_in remark vn.us.wtg.com
access-list Outside_access_in extended permit tcp any host in.ip.105 object-group ACLG-PublicWebService
access-list Outside_access_in remark vntest.us.wtg.com
access-list Outside_access_in extended permit tcp any host in.ip.106 object-group ACLG-PublicWebService
access-list Outside_access_in remark vn.ca.wtg.com
access-list Outside_access_in extended permit tcp any host in.ip.107 object-group ACLG-PublicWebService
access-list Outside_access_in remark vntest.ca.wtg.com
access-list Outside_access_in extended permit tcp any host in.ip.108 object-group ACLG-PublicWebService
access-list Outside_access_in remark

http://www.tx.com

access-list Outside_access_in extended permit tcp any host in.ip.109 object-group ACLG-PublicWebService
access-list Outside_access_in remark mail.tx.com
access-list Outside_access_in extended permit tcp any host in.ip.110 eq smtp
access-list Outside_access_in remark ftp.tx.com
access-list Outside_access_in extended permit tcp any host in.ip.111 object-group ACLG-PublicFTPService
access-list Outside_access_in remark quotes.tx.com
access-list Outside_access_in extended permit tcp any host in.ip.112 object-group ACLG-PublicWebService
access-list Outside_access_in remark services.tx.com
access-list Outside_access_in extended permit tcp any host in.ip.113 object-group ACLG-PublicWebService
access-list Outside_access_in remark shop.tx.com
access-list Outside_access_in extended permit tcp any host in.ip.114 object-group ACLG-PublicWebService
access-list Outside_access_in remark owamail.wtg.com
access-list Outside_access_in extended permit tcp any host in.ip.117 eq www
access-list Outside_access_in remark hp.wtg.com
access-list Outside_access_in extended permit tcp any host in.ip.121 object-group DM_INLINE_TCP_1
access-list Outside_access_in remark owal.wtg.com
access-list Outside_access_in extended permit tcp any host in.ip.122 eq https
access-list Outside_access_in extended permit tcp VPN_Home_access 255.255.255.128 host 172.16.0.9 eq 3389
access-list Outside_access_in extended deny ip VPN_Home_access 255.255.255.128 any
access-list Outside_access_in extended permit ip VPN_IT_Access 255.255.255.128 any
access-list Outside_access_in extended permit ip nw-mis-ca-001 255.255.224.0 any
access-list Outside_access_in extended permit icmp any any echo
access-list Outside_access_in extended permit icmp any any echo-reply
access-list Outside_access_in remark Terminal Services to Server038
access-list Outside_access_in remark Vn.Pp.com
access-list Outside_access_in remark Terminal Services to SERVER009
access-list Outside_access_in remark Terminal Services to SERVER039
access-list Outside_access_in remark ftp.p.com
access-list Outside_access_in remark mail.lb-info.com
access-list Outside_access_in remark mail.wtg-info.com
access-list Outside_access_in remark mail.pp-info.com
access-list Outside_access_in remark mail.tx-info.com
access-list Outside_access_in remark

http://www.wtggroup.com

access-list Outside_access_in remark mail.wtggroup.com
access-list Outside_access_in remark edi.wtg.com (OLD)
access-list Outside_access_in remark

http://www.ppp.com

access-list Outside_access_in remark mail.ppp.com
access-list Outside_access_in remark

http://www.wttech.com

access-list Outside_access_in remark mail.wttech.com
access-list Outside_access_in remark

http://www.pp.com

access-list Outside_access_in remark mail.pp.com
access-list Outside_access_in remark

http://www.pp.com

access-list Outside_access_in remark mail.pp.com
access-list Outside_access_in remark quotes.pp.com
access-list Outside_access_in remark

http://www.ppp.ca

access-list Outside_access_in remark mail.ppp.ca
access-list Outside_access_in remark quotes.ppp.ca
access-list Outside_access_in remark

http://www.lb.com

access-list Outside_access_in remark mail.lb.com
access-list Outside_access_in remark quotes.lb.com
access-list Outside_access_in remark

http://www.lb.net

access-list Outside_access_in remark mail.lb.net
access-list Outside_access_in remark

http://www.lb.ca

access-list Outside_access_in remark mail.lb.ca
access-list Outside_access_in remark quotes.lb.ca
access-list Outside_access_in remark

http://www.wttechnologies.com

access-list Outside_access_in remark mail.wttechnologies.com
access-list Outside_access_in remark

http://www.wtg.com

access-list Outside_access_in remark mail.wtg.com
access-list Outside_access_in remark ftp.wtg.com
access-list Outside_access_in remark quotes.wtg.com
access-list Outside_access_in remark In use for Server Observe
access-list Outside_access_in remark edi.wtg.com
access-list Outside_access_in remark ftp-edi.wtg.com
access-list Outside_access_in remark vn.us.wtg.com
access-list Outside_access_in remark vntest.us.wtg.com
access-list Outside_access_in remark vn.ca.wtg.com
access-list Outside_access_in remark vntest.ca.wtg.com
access-list Outside_access_in remark

http://www.tx.com

access-list Outside_access_in remark mail.tx.com
access-list Outside_access_in remark quotes.tx.com
access-list Outside_access_in remark services.tx.com
access-list Outside_access_in remark shop.tx.com
access-list Outside_access_in remark owamail.wtg.com
access-list Outside_access_in remark hp.wtg.com
access-list Outside_access_in remark Terminal Services to Server038
access-list Outside_access_in remark Vn.Pp.com
access-list Outside_access_in remark Terminal Services to SERVER009
access-list Outside_access_in remark Terminal Services to SERVER039
access-list Outside_access_in remark ftp.p.com
access-list Outside_access_in remark mail.lb-info.com
access-list Outside_access_in remark mail.wtg-info.com
access-list Outside_access_in remark mail.pp-info.com
access-list Outside_access_in remark mail.tx-info.com
access-list Outside_access_in remark

http://www.wtggroup.com

access-list Outside_access_in remark mail.wtggroup.com
access-list Outside_access_in remark edi.wtg.com (OLD)
access-list Outside_access_in remark

http://www.ppp.com

access-list Outside_access_in remark mail.ppp.com
access-list Outside_access_in remark

http://www.wttech.com

access-list Outside_access_in remark mail.wttech.com
access-list Outside_access_in remark

http://www.pp.com

access-list Outside_access_in remark mail.pp.com
access-list Outside_access_in remark

http://www.pp.com

access-list Outside_access_in remark mail.pp.com
access-list Outside_access_in remark quotes.pp.com
access-list Outside_access_in remark

http://www.ppp.ca

access-list Outside_access_in remark mail.ppp.ca
access-list Outside_access_in remark quotes.ppp.ca
access-list Outside_access_in remark

http://www.lb.com

access-list Outside_access_in remark mail.lb.com
access-list Outside_access_in remark quotes.lb.com
access-list Outside_access_in remark

http://www.lb.net

access-list Outside_access_in remark mail.lb.net
access-list Outside_access_in remark

http://www.lb.ca

access-list Outside_access_in remark mail.lb.ca
access-list Outside_access_in remark quotes.lb.ca
access-list Outside_access_in remark

http://www.wttechnologies.com

access-list Outside_access_in remark mail.wttechnologies.com
access-list Outside_access_in remark

http://www.wtg.com

access-list Outside_access_in remark mail.wtg.com
access-list Outside_access_in remark ftp.wtg.com
access-list Outside_access_in remark quotes.wtg.com
access-list Outside_access_in remark In use for Server Observe
access-list Outside_access_in remark edi.wtg.com
access-list Outside_access_in remark ftp-edi.wtg.com
access-list Outside_access_in remark vn.us.wtg.com
access-list Outside_access_in remark vntest.us.wtg.com
access-list Outside_access_in remark vn.ca.wtg.com
access-list Outside_access_in remark vntest.ca.wtg.com
access-list Outside_access_in remark

http://www.tx.com

access-list Outside_access_in remark mail.tx.com
access-list Outside_access_in remark quotes.tx.com
access-list Outside_access_in remark services.tx.com
access-list Outside_access_in remark shop.tx.com
access-list Outside_access_in remark owamail.wtg.com
access-list Outside_access_in remark hp.wtg.com
access-list Outside_access_in remark Terminal Services to Server038
access-list Outside_access_in remark Vn.Pp.com
access-list Outside_access_in remark Terminal Services to SERVER009
access-list Outside_access_in remark Terminal Services to SERVER039
access-list Outside_access_in remark ftp.p.com
access-list Outside_access_in remark mail.lb-info.com
access-list Outside_access_in remark mail.wtg-info.com
access-list Outside_access_in remark mail.pp-info.com
access-list Outside_access_in remark mail.tx-info.com
access-list Outside_access_in remark

http://www.wtggroup.com

access-list Outside_access_in remark mail.wtggroup.com
access-list Outside_access_in remark edi.wtg.com (OLD)
access-list Outside_access_in remark

http://www.ppp.com

access-list Outside_access_in remark mail.ppp.com
access-list Outside_access_in remark

http://www.wttech.com

access-list Outside_access_in remark mail.wttech.com
access-list Outside_access_in remark

http://www.pp.com

access-list Outside_access_in remark mail.pp.com
access-list Outside_access_in remark

http://www.pp.com

access-list Outside_access_in remark mail.pp.com
access-list Outside_access_in remark quotes.pp.com
access-list Outside_access_in remark

http://www.ppp.ca

access-list Outside_access_in remark mail.ppp.ca
access-list Outside_access_in remark quotes.ppp.ca
access-list Outside_access_in remark

http://www.lb.com

access-list Outside_access_in remark mail.lb.com
access-list Outside_access_in remark quotes.lb.com
access-list Outside_access_in remark

http://www.lb.net

access-list Outside_access_in remark mail.lb.net
access-list Outside_access_in remark

http://www.lb.ca

access-list Outside_access_in remark mail.lb.ca
access-list Outside_access_in remark quotes.lb.ca
access-list Outside_access_in remark

http://www.wttechnologies.com

access-list Outside_access_in remark mail.wttechnologies.com
access-list Outside_access_in remark

http://www.wtg.com

access-list Outside_access_in remark mail.wtg.com
access-list Outside_access_in remark ftp.wtg.com
access-list Outside_access_in remark quotes.wtg.com
access-list Outside_access_in remark In use for Server Observe
access-list Outside_access_in remark edi.wtg.com
access-list Outside_access_in remark ftp-edi.wtg.com
access-list Outside_access_in remark vn.us.wtg.com
access-list Outside_access_in remark vntest.us.wtg.com
access-list Outside_access_in remark vn.ca.wtg.com
access-list Outside_access_in remark vntest.ca.wtg.com
access-list Outside_access_in remark

http://www.tx.com

access-list Outside_access_in remark mail.tx.com
access-list Outside_access_in remark quotes.tx.com
access-list Outside_access_in remark services.tx.com
access-list Outside_access_in remark shop.tx.com
access-list Outside_access_in remark owamail.wtg.com
access-list Outside_access_in remark hp.wtg.com
access-list Outside_access_in remark Terminal Services to Server038
access-list Outside_access_in remark Vn.Pp.com
access-list Outside_access_in remark Terminal Services to SERVER009
access-list Outside_access_in remark Terminal Services to SERVER039
access-list Outside_access_in remark ftp.p.com
access-list Outside_access_in remark mail.lb-info.com
access-list Outside_access_in remark mail.wtg-info.com
access-list Outside_access_in remark mail.pp-info.com
access-list Outside_access_in remark mail.tx-info.com
access-list Outside_access_in remark

http://www.wtggroup.com

access-list Outside_access_in remark mail.wtggroup.com
access-list Outside_access_in remark edi.wtg.com (OLD)
access-list Outside_access_in remark

http://www.ppp.com

access-list Outside_access_in remark mail.ppp.com
access-list Outside_access_in remark

http://www.wttech.com

access-list Outside_access_in remark mail.wttech.com
access-list Outside_access_in remark

http://www.pp.com

access-list Outside_access_in remark mail.pp.com
access-list Outside_access_in remark

http://www.pp.com

access-list Outside_access_in remark mail.pp.com
access-list Outside_access_in remark quotes.pp.com
access-list Outside_access_in remark

http://www.ppp.ca

access-list Outside_access_in remark mail.ppp.ca
access-list Outside_access_in remark quotes.ppp.ca
access-list Outside_access_in remark

http://www.lb.com

access-list Outside_access_in remark mail.lb.com
access-list Outside_access_in remark quotes.lb.com
access-list Outside_access_in remark

http://www.lb.net

access-list Outside_access_in remark mail.lb.net
access-list Outside_access_in remark

http://www.lb.ca

access-list Outside_access_in remark mail.lb.ca
access-list Outside_access_in remark quotes.lb.ca
access-list Outside_access_in remark

http://www.wttechnologies.com

access-list Outside_access_in remark mail.wttechnologies.com
access-list Outside_access_in remark

http://www.wtg.com

access-list Outside_access_in remark mail.wtg.com
access-list Outside_access_in remark ftp.wtg.com
access-list Outside_access_in remark quotes.wtg.com
access-list Outside_access_in remark In use for Server Observe
access-list Outside_access_in remark edi.wtg.com
access-list Outside_access_in remark ftp-edi.wtg.com
access-list Outside_access_in remark vn.us.wtg.com
access-list Outside_access_in remark vntest.us.wtg.com
access-list Outside_access_in remark vn.ca.wtg.com
access-list Outside_access_in remark vntest.ca.wtg.com
access-list Outside_access_in remark

http://www.tx.com

access-list Outside_access_in remark mail.tx.com
access-list Outside_access_in remark quotes.tx.com
access-list Outside_access_in remark services.tx.com
access-list Outside_access_in remark shop.tx.com
access-list Outside_access_in remark owamail.wtg.com
access-list Outside_access_in remark hp.wtg.com
access-list Outside_access_in remark Terminal Services to Server038
access-list Outside_access_in remark Terminal Services to Server026
access-list Outside_access_in remark Terminal Services to SERVER039
access-list Outside_access_in remark ftp.p.com
access-list Outside_access_in remark

http://www.ispfulfillment.com

access-list Outside_access_in remark mail.ispfulfillment.com
access-list Outside_access_in remark

http://www.internationalsoftwarepartners.com

access-list Outside_access_in remark mail.internationalsoftwarepartners.com
access-list Outside_access_in remark mail.lb-info.com
access-list Outside_access_in remark mail.wtg-info.com
access-list Outside_access_in remark mail.pp-info.com
access-list Outside_access_in remark mail.tx-info.com
access-list Outside_access_in remark

http://www.wtggroup.com

access-list Outside_access_in remark mail.wtggroup.com
access-list Outside_access_in remark edi.wtg.com (OLD)
access-list Outside_access_in remark

http://www.ppp.com

access-list Outside_access_in remark mail.ppp.com
access-list Outside_access_in remark

http://www.wttech.com

access-list Outside_access_in remark mail.wttech.com
access-list Outside_access_in remark

http://www.pp.com

access-list Outside_access_in remark mail.pp.com
access-list Outside_access_in remark

http://www.pp.com

access-list Outside_access_in remark mail.pp.com
access-list Outside_access_in remark quotes.pp.com
access-list Outside_access_in remark

http://www.ppp.ca

access-list Outside_access_in remark mail.ppp.ca
access-list Outside_access_in remark quotes.ppp.ca
access-list Outside_access_in remark

http://www.lb.com

access-list Outside_access_in remark mail.lb.com
access-list Outside_access_in remark ftp.lb.com
access-list Outside_access_in remark quotes.lb.com
access-list Outside_access_in remark

http://www.lb.net

access-list Outside_access_in remark mail.lb.net
access-list Outside_access_in remark

http://www.lb.ca

access-list Outside_access_in remark mail.lb.ca
access-list Outside_access_in remark quotes.lb.ca
access-list Outside_access_in remark

http://www.wttechnologies.com

access-list Outside_access_in remark mail.wttechnologies.com
access-list Outside_access_in remark

http://www.wtg.com

access-list Outside_access_in remark mail.wtg.com
access-list Outside_access_in remark ftp.wtg.com
access-list Outside_access_in remark quotes.wtg.com
access-list Outside_access_in remark In use for Server Observe
access-list Outside_access_in remark edi.wtg.com
access-list Outside_access_in remark ftp-edi.wtg.com
access-list Outside_access_in remark vn.us.wtg.com
access-list Outside_access_in remark vntest.us.wtg.com
access-list Outside_access_in remark vn.ca.wtg.com
access-list Outside_access_in remark vntest.ca.wtg.com
access-list Outside_access_in remark

http://www.tx.com

access-list Outside_access_in remark mail.tx.com
access-list Outside_access_in remark ftp.tx.com
access-list Outside_access_in remark quotes.tx.com
access-list Outside_access_in remark services.tx.com
access-list Outside_access_in remark shop.tx.com
access-list Outside_access_in remark owamail.wtg.com
access-list Outside_access_in remark hp.wtg.com
access-list Outside_access_in remark owal.wtg.com
access-list Outside_access_in remark Terminal Services to Server038
access-list Outside_access_in remark Vn.Pp.com
access-list Outside_access_in remark Terminal Services to SERVER009
access-list Outside_access_in remark Terminal Services to SERVER039
access-list Outside_access_in remark ftp.p.com
access-list Outside_access_in remark mail.lb-info.com
access-list Outside_access_in remark mail.wtg-info.com
access-list Outside_access_in remark mail.pp-info.com
access-list Outside_access_in remark mail.tx-info.com
access-list Outside_access_in remark

http://www.wtggroup.com

access-list Outside_access_in remark mail.wtggroup.com
access-list Outside_access_in remark edi.wtg.com (OLD)
access-list Outside_access_in remark

http://www.ppp.com

access-list Outside_access_in remark mail.ppp.com
access-list Outside_access_in remark

http://www.wttech.com

access-list Outside_access_in remark mail.wttech.com
access-list Outside_access_in remark

http://www.pp.com

access-list Outside_access_in remark mail.pp.com
access-list Outside_access_in remark

http://www.pp.com

access-list Outside_access_in remark mail.pp.com
access-list Outside_access_in remark quotes.pp.com
access-list Outside_access_in remark

http://www.ppp.ca

access-list Outside_access_in remark mail.ppp.ca
access-list Outside_access_in remark quotes.ppp.ca
access-list Outside_access_in remark

http://www.lb.com

access-list Outside_access_in remark mail.lb.com
access-list Outside_access_in remark quotes.lb.com
access-list Outside_access_in remark

http://www.lb.net

access-list Outside_access_in remark mail.lb.net
access-list Outside_access_in remark

http://www.lb.ca

access-list Outside_access_in remark mail.lb.ca
access-list Outside_access_in remark quotes.lb.ca
access-list Outside_access_in remark

http://www.wttechnologies.com

access-list Outside_access_in remark mail.wttechnologies.com
access-list Outside_access_in remark

http://www.wtg.com

access-list Outside_access_in remark mail.wtg.com
access-list Outside_access_in remark ftp.wtg.com
access-list Outside_access_in remark quotes.wtg.com
access-list Outside_access_in remark In use for Server Observe
access-list Outside_access_in remark edi.wtg.com
access-list Outside_access_in remark ftp-edi.wtg.com
access-list Outside_access_in remark vn.us.wtg.com
access-list Outside_access_in remark vntest.us.wtg.com
access-list Outside_access_in remark vn.ca.wtg.com
access-list Outside_access_in remark vntest.ca.wtg.com
access-list Outside_access_in remark

http://www.tx.com

access-list Outside_access_in remark mail.tx.com
access-list Outside_access_in remark quotes.tx.com
access-list Outside_access_in remark services.tx.com
access-list Outside_access_in remark shop.tx.com
access-list Outside_access_in remark owamail.wtg.com
access-list Outside_access_in remark hp.wtg.com
access-list Outside_access_in remark Terminal Services to Server038
access-list Outside_access_in remark Vn.Pp.com
access-list Outside_access_in remark Terminal Services to SERVER009
access-list Outside_access_in remark Terminal Services to SERVER039
access-list Outside_access_in remark ftp.p.com
access-list Outside_access_in remark mail.lb-info.com
access-list Outside_access_in remark mail.wtg-info.com
access-list Outside_access_in remark mail.pp-info.com
access-list Outside_access_in remark mail.tx-info.com
access-list Outside_access_in remark

http://www.wtggroup.com

access-list Outside_access_in remark mail.wtggroup.com
access-list Outside_access_in remark edi.wtg.com (OLD)
access-list Outside_access_in remark

http://www.ppp.com

access-list Outside_access_in remark mail.ppp.com
access-list Outside_access_in remark

http://www.wttech.com

access-list Outside_access_in remark mail.wttech.com
access-list Outside_access_in remark

http://www.pp.com

access-list Outside_access_in remark mail.pp.com
access-list Outside_access_in remark

http://www.pp.com

access-list Outside_access_in remark mail.pp.com
access-list Outside_access_in remark quotes.pp.com
access-list Outside_access_in remark

http://www.ppp.ca

access-list Outside_access_in remark mail.ppp.ca
access-list Outside_access_in remark quotes.ppp.ca
access-list Outside_access_in remark

http://www.lb.com

access-list Outside_access_in remark mail.lb.com
access-list Outside_access_in remark quotes.lb.com
access-list Outside_access_in remark

http://www.lb.net

access-list Outside_access_in remark mail.lb.net
access-list Outside_access_in remark

http://www.lb.ca

access-list Outside_access_in remark mail.lb.ca
access-list Outside_access_in remark quotes.lb.ca
access-list Outside_access_in remark

http://www.wttechnologies.com

access-list Outside_access_in remark mail.wttechnologies.com
access-list Outside_access_in remark

http://www.wtg.com

access-list Outside_access_in remark mail.wtg.com
access-list Outside_access_in remark ftp.wtg.com
access-list Outside_access_in remark quotes.wtg.com
access-list Outside_access_in remark In use for Server Observe
access-list Outside_access_in remark edi.wtg.com
access-list Outside_access_in remark ftp-edi.wtg.com
access-list Outside_access_in remark vn.us.wtg.com
access-list Outside_access_in remark vntest.us.wtg.com
access-list Outside_access_in remark vn.ca.wtg.com
access-list Outside_access_in remark vntest.ca.wtg.com
access-list Outside_access_in remark

http://www.tx.com

access-list Outside_access_in remark mail.tx.com
access-list Outside_access_in remark quotes.tx.com
access-list Outside_access_in remark services.tx.com
access-list Outside_access_in remark shop.tx.com
access-list Outside_access_in remark owamail.wtg.com
access-list Outside_access_in remark hp.wtg.com
access-list Outside_access_in remark Terminal Services to Server038
access-list Outside_access_in remark Vn.Pp.com
access-list Outside_access_in remark Terminal Services to SERVER009
access-list Outside_access_in remark Terminal Services to SERVER039
access-list Outside_access_in remark ftp.p.com
access-list Outside_access_in remark mail.lb-info.com
access-list Outside_access_in remark mail.wtg-info.com
access-list Outside_access_in remark mail.pp-info.com
access-list Outside_access_in remark mail.tx-info.com
access-list Outside_access_in remark

http://www.wtggroup.com

access-list Outside_access_in remark mail.wtggroup.com
access-list Outside_access_in remark edi.wtg.com (OLD)
access-list Outside_access_in remark

http://www.ppp.com

access-list Outside_access_in remark mail.ppp.com
access-list Outside_access_in remark

http://www.wttech.com

access-list Outside_access_in remark mail.wttech.com
access-list Outside_access_in remark

http://www.pp.com

access-list Outside_access_in remark mail.pp.com
access-list Outside_access_in remark

http://www.pp.com

access-list Outside_access_in remark mail.pp.com
access-list Outside_access_in remark quotes.pp.com
access-list Outside_access_in remark

http://www.ppp.ca

access-list Outside_access_in remark mail.ppp.ca
access-list Outside_access_in remark quotes.ppp.ca
access-list Outside_access_in remark

http://www.lb.com

access-list Outside_access_in remark mail.lb.com
access-list Outside_access_in remark quotes.lb.com
access-list Outside_access_in remark

http://www.lb.net

access-list Outside_access_in remark mail.lb.net
access-list Outside_access_in remark

http://www.lb.ca

access-list Outside_access_in remark mail.lb.ca
access-list Outside_access_in remark quotes.lb.ca
access-list Outside_access_in remark

http://www.wttechnologies.com

access-list Outside_access_in remark mail.wttechnologies.com
access-list Outside_access_in remark

http://www.wtg.com

access-list Outside_access_in remark mail.wtg.com
access-list Outside_access_in remark ftp.wtg.com
access-list Outside_access_in remark quotes.wtg.com
access-list Outside_access_in remark In use for Server Observe
access-list Outside_access_in remark edi.wtg.com
access-list Outside_access_in remark ftp-edi.wtg.com
access-list Outside_access_in remark vn.us.wtg.com
access-list Outside_access_in remark vntest.us.wtg.com
access-list Outside_access_in remark vn.ca.wtg.com
access-list Outside_access_in remark vntest.ca.wtg.com
access-list Outside_access_in remark

http://www.tx.com

access-list Outside_access_in remark mail.tx.com
access-list Outside_access_in remark quotes.tx.com
access-list Outside_access_in remark services.tx.com
access-list Outside_access_in remark shop.tx.com
access-list Outside_access_in remark owamail.wtg.com
access-list Outside_access_in remark hp.wtg.com
access-list Outside_access_in remark Terminal Services to Server038
access-list Outside_access_in remark Vn.Pp.com
access-list Outside_access_in remark Terminal Services to SERVER009
access-list Outside_access_in remark Terminal Services to SERVER039
access-list Outside_access_in remark ftp.p.com
access-list Outside_access_in remark mail.lb-info.com
access-list Outside_access_in remark mail.wtg-info.com
access-list Outside_access_in remark mail.pp-info.com
access-list Outside_access_in remark mail.tx-info.com
access-list Outside_access_in remark

http://www.wtggroup.com

access-list Outside_access_in remark mail.wtggroup.com
access-list Outside_access_in remark edi.wtg.com (OLD)
access-list Outside_access_in remark

http://www.ppp.com

access-list Outside_access_in remark mail.ppp.com
access-list Outside_access_in remark

http://www.wttech.com

access-list Outside_access_in remark mail.wttech.com
access-list Outside_access_in remark

http://www.pp.com

access-list Outside_access_in remark mail.pp.com
access-list Outside_access_in remark

http://www.pp.com

access-list Outside_access_in remark mail.pp.com
access-list Outside_access_in remark quotes.pp.com
access-list Outside_access_in remark

http://www.ppp.ca

access-list Outside_access_in remark mail.ppp.ca
access-list Outside_access_in remark quotes.ppp.ca
access-list Outside_access_in remark

http://www.lb.com

access-list Outside_access_in remark mail.lb.com
access-list Outside_access_in remark quotes.lb.com
access-list Outside_access_in remark

http://www.lb.net

access-list Outside_access_in remark mail.lb.net
access-list Outside_access_in remark

http://www.lb.ca

access-list Outside_access_in remark mail.lb.ca
access-list Outside_access_in remark quotes.lb.ca
access-list Outside_access_in remark

http://www.wttechnologies.com

access-list Outside_access_in remark mail.wttechnologies.com
access-list Outside_access_in remark

http://www.wtg.com

access-list Outside_access_in remark mail.wtg.com
access-list Outside_access_in remark ftp.wtg.com
access-list Outside_access_in remark quotes.wtg.com
access-list Outside_access_in remark In use for Server Observe
access-list Outside_access_in remark edi.wtg.com
access-list Outside_access_in remark ftp-edi.wtg.com
access-list Outside_access_in remark vn.us.wtg.com
access-list Outside_access_in remark vntest.us.wtg.com
access-list Outside_access_in remark vn.ca.wtg.com
access-list Outside_access_in remark vntest.ca.wtg.com
access-list Outside_access_in remark

http://www.tx.com

access-list Outside_access_in remark mail.tx.com
access-list Outside_access_in remark quotes.tx.com
access-list Outside_access_in remark services.tx.com
access-list Outside_access_in remark shop.tx.com
access-list Outside_access_in remark owamail.wtg.com
access-list Outside_access_in remark hp.wtg.com
access-list inside_nat0_outbound extended permit ip any VPN_Home_access 255.255.255.128
access-list inside_nat0_outbound extended permit ip any VPN_IT_Access 255.255.255.128
access-list inside_nat0_outbound extended permit ip nw-srb-us-002 255.255.0.0 VPN_Home_access 255.255.255.128
access-list inside_nat0_outbound extended permit ip any nw-mis-ca-001 255.255.224.0
access-list inside_nat0_outbound extended permit ip object-group DM_INLINE_NETWORK_2 nw-mis-ca-001 255.255.224.0
access-list Local_LAN_Shrewsburry standard permit nw-srb-us-001 255.255.224.0
access-list Local_LAN_Shrewsburry standard permit nw-srb-us-002 255.255.0.0
access-list Outside_cryptomap extended permit ip object-group DM_INLINE_NETWORK_1 nw-mis-ca-001 255.255.224.0
access-list Outside_1_cryptomap extended permit ip object-group ng-srb-us-001 nw-mis-ca-001 255.255.224.0
access-list ESCALATE extended permit ip nw-srb-us-002 255.255.0.0 172.30.255.128 255.255.255.192
access-list ESCALATE extended permit ip 172.30.22.128 255.255.255.192 172.30.255.128 255.255.255.192
pager lines 24
logging enable
logging asdm warnings
mtu Outside 1500
mtu inside 1500
ip local pool vpn-temp 10.1.1.0-10.1.1.255 mask 255.255.255.0
ip local pool vpn-home 10.1.30.1-10.1.30.127 mask 255.255.255.128
ip local pool vpn-it VPN_IT_Access-10.1.30.255 mask 255.255.255.128
ip verify reverse-path interface Outside
ip verify reverse-path interface inside
failover
failover lan unit primary
icmp unreachable rate-limit 1 burst-size 1
asdm image flash:/asdm.bin
asdm location nw-mis-ca-001 255.255.224.0 inside
asdm location server042 255.255.255.255 inside
no asdm history enable
arp timeout 14400
global (Outside) 1 in.ip.3 netmask 255.255.255.128
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,Outside) IP to IP

access-group Outside_access_in in interface Outside
access-group inside_access_in in interface inside
route Outside 0.0.0.0 0.0.0.0 in.ip.1 1
route inside nw-srb-us-001 255.255.224.0 10.1.249.1 1
route inside nw-srb-us-002 255.255.0.0 10.1.23.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
aaa-server RSA protocol sdi
aaa-server RSA (inside) host 172.16.0.16
aaa-server AD protocol nt
aaa-server AD (inside) host 172.16.0.1
nt-auth-domain-controller 172.16.0.1
http server enable
http 0.0.0.0 0.0.0.0 inside
snmp-server host inside server002 community public version 2c
snmp-server location US-Shrewsbury
snmp-server contact MIS Department
snmp-server community public
snmp-server enable traps snmp authentication linkup linkdown coldstart
snmp-server enable traps entity config-change
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac
crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set 3des esp-3des esp-sha-hmac
crypto dynamic-map Outside_dyn_map 20 set pfs
crypto dynamic-map Outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto map Outside_map 1 match address Outside_1_cryptomap
crypto map Outside_map 1 set pfs group7
crypto map Outside_map 1 set peer 207.236.81.82
crypto map Outside_map 1 set transform-set ESP-AES-256-SHA
crypto map Outside_map 65535 ipsec-isakmp dynamic Outside_dyn_map
crypto map Outside_map interface Outside
crypto isakmp identity address
crypto isakmp enable Outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 50
authentication pre-share
encryption aes-256
hash sha
group 7
lifetime 86400
no vpn-addr-assign aaa
no vpn-addr-assign dhcp
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
management-access inside
threat-detection basic-threat
threat-detection statistics
ntp server 172.16.0.1 source inside prefer
group-policy DefaultRAGroup internal
group-policy DefaultRAGroup attributes
wins-server value 172.16.0.1
dns-server value 172.16.0.1
vpn-tunnel-protocol l2tp-ipsec
default-domain value p.com
group-policy vpn-home-tunnel internal
group-policy vpn-home-tunnel attributes
dns-server value 172.16.0.1
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value Local_LAN_Shrewsburry
default-domain value wst.local
group-policy vpn-it-tunnel internal
group-policy vpn-it-tunnel attributes
wins-server value 172.16.0.1
dns-server value 172.16.0.1
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value Local_LAN_Shrewsburry
default-domain value wst.local
group-policy vpn-ms-tunnel internal
group-policy vpn-ms-tunnel attributes
wins-server value 172.16.0.1
dns-server value 172.16.0.1
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value Local_LAN_Shrewsburry
default-domain value p.com
tunnel-group DefaultRAGroup general-attributes
authentication-server-group AD
default-group-policy DefaultRAGroup
tunnel-group DefaultRAGroup ipsec-attributes
pre-shared-key *
tunnel-group DefaultRAGroup ppp-attributes
no authentication chap
no authentication ms-chap-v1
authentication ms-chap-v2
tunnel-group vpn-home-tunnel type remote-access
tunnel-group vpn-home-tunnel general-attributes
address-pool vpn-home
authentication-server-group RSA
default-group-policy vpn-home-tunnel
tunnel-group vpn-home-tunnel ipsec-attributes
pre-shared-key *
tunnel-group vpn-it-tunnel type remote-access
tunnel-group vpn-it-tunnel general-attributes
address-pool vpn-it
authentication-server-group RSA
default-group-policy vpn-it-tunnel
tunnel-group vpn-it-tunnel ipsec-attributes
pre-shared-key *
tunnel-group vpn-ms-tunnel type remote-access
tunnel-group vpn-ms-tunnel general-attributes
address-pool vpn-home
authentication-server-group AD
default-group-policy vpn-ms-tunnel
tunnel-group vpn-ms-tunnel ipsec-attributes
pre-shared-key *
tunnel-group 207.236.81.82 type ipsec-l2l
tunnel-group 207.236.81.82 ipsec-attributes
pre-shared-key *
tunnel-group 65.125.178.22 type ipsec-l2l
tunnel-group 65.125.178.22 ipsec-attributes
pre-shared-key *
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns migrated_dns_map_1
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns migrated_dns_map_1
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect ftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:e1b11234fc377aba26ad0b19a29e343c

North323 · Feb 9, 2009

shouldnt it be crypto 1 ipsec-isakmp ?

aschwartz71 · Feb 9, 2009

I am not positive. Here is what I was told to add.

access-list Vendor permit ip [Your server’s internal IP] 255.255.255.255 \ 172.30.255.128 255.255.255.192

access-list Vendor permit ip [vendor-provided NAT IP] 255.255.255.255 \ 172.30.255.128 255.255.255.192

isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400

isakmp key [Vendor-provided key] address (their IP Addr) netmask 255.255.255.255

isakmp identity address
isakmp enable outside
sysopt connection permit-ipsec

crypto ipsec transform-set vendor 3des esp-sha-hmac

then they wanted to create a map name, but I have one that exists, so I was to use that:

crypto map [map_name] interface outside
(We have a map_name called Outside_map, so I was going to use that.

static (inside,outside) [Vendor-provided IP] [Your server’s internal IP] \ netmask 255.255.255.255

crypto map Outside_map 20 ipsec-isakmp
crypto map Outside_map 20 match address Vendor
crypto map Outside_map 20 set peer (their IP)
crypto map Outside_map 20 set transform-set 3des

That first line is what always errors out on me. I hope this helps a bit more. I really appreciate your assist. I am actually learning some stuff here, which is a good thing.

North323 · Feb 9, 2009

what are you trying to accomplish? it looks like you already have a tunnel configured. Do you want another tunnel to a different location?

aschwartz71 · Feb 9, 2009

Yes, we currently do have one for a different use. This one is for a vendor to be able to connect directly to us, so we should have 2 when we are done. Is it not possible to have 2 at the same time? Or is the map name causing me an issue?

North323 · Feb 9, 2009

yes it is possible to have two tunnels. i would change the name from Outside_map to Vendor_map.

aschwartz71 · Feb 9, 2009

When I put in this command:

crypto map [map_name] interface outside
(substituting vendor_map for [map_name] )

I got an error
ERROR: unable to find interface "outside"

The guy that was "helping" me said to just use the map that already existed. That was why I didnt try that.

unclerico · Feb 9, 2009

your interface is labeled as Outside not outside. Case sensitivity

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

aschwartz71 · Feb 10, 2009

If I try either of those (Cap or lower) same result.

fw-srb-us-001(config)# crypto map Vendor_map Outside
^
ERROR: % Invalid input detected at '^' marker.
fw-srb-us-001(config)# crypto map Vendor_map outside
^
ERROR: % Invalid input detected at '^' marker.

North323 · Feb 10, 2009

when you are in config mode type in crypto ? see what commands are available. should have no issuse creating another tunnel

Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

PIX newbie and issues

aschwartz71

Technical User

North323

Technical User

aschwartz71

Technical User

North323

Technical User

unclerico

IS-IT--Management

aschwartz71

Technical User

North323

Technical User

aschwartz71

Technical User

North323

Technical User

aschwartz71

Technical User

North323

Technical User

aschwartz71

Technical User

unclerico

IS-IT--Management

aschwartz71

Technical User

North323

Technical User

Similar threads

Part and Inventory Search

Sponsor