ASA 5505 Connected To Linksys Router

Hello, I have a cable modem internet connection and my cable modem is connected to an ASA 5505.  The inside interface of the ASA has an IP address of 192.168.2.2 and is connected to a Linksys router's internet port which has an IP address of 192.168.2.1.  The Linksys router then has a local area network of 192.168.1.0 and all my clients are on that network.  Everything is working fine except in my ASA logs all the traffic shows up as the router's external address which is 192.168.2.1.  I would like to see the 192.168.1.x address of the clients in the ASA firewall.  I've tried making some changes to the Linksys router but that hasn't resolved it.  Is there any changes I can make on the ASA to get this to work?   Below is some of the config:
ASA Version 8.2(5)
hostname djchristasa
enable password k7X9tTHKoCUET/3Z encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 192.168.2.2 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
ASA Version 8.2(5)
hostname djchristasa
enable password k7X9tTHKoCUET/3Z encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 192.168.2.2 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
I didn't post ACL's and some other things.  Please let me know if you need more.
Thanks,
Dave

Dave
The Linksys doing NAT is the reason why the ASA sees all the traffic as having source address as 192.168.2.1. The only way for the ASA to see the original 192.168.1.x address is to change the Linksys to not do NAT.
One thing that I notice is that there is not a route statement in what you posted for the 192.168.1.0 network. It is not clear whether the route does exist and you did not post it or whether the route does not exist. But if it does not exist it would certainly be a reason why you lose Internet connectivity when you change the Linksys to not perform NAT. (the ASA would have no knowledge of how to forward to the network and would drop all the traffic). Try adding the route to the ASA and changing the Linksys to not perform NAT and let us know if it works.
HTH
Rick

Similar Messages

  • Vpn-asa 5505 - connects fine, can't use resources

    Using Remote Client VPN to access internal Lan behind an ASA 5505 device.  The connection is working fine. But once I connect, I can't access any computer shared folders etc.   The only thing I can do is access the ASA 5505 through the ASDM 7.1    I can only ping the device 10.0.0.1  but nothing else.    The funny thing is that this was working fine,  then in an attempt to speed up the VPN ACCESS (it is pretty slow),  I went into the ASDM configuration software to look around.   Didn't think I changed anything, but now,  it's not working.   Here is a copy of the backup cpg. 
    Any ideas.   Please respond with  ASDM COMMANDS.. I'm a novice at the command line stuff.
    Thanks.
    -brett
    config:
    : Saved
    : Written by enable_15 at 09:19:26.379 UTC Sat Feb 15 2014
    ASA Version 9.1(4)
    hostname ciscoasa
    domain-name hnedu.com
    enable password mnpTCRVkk1.ZjiWJ encrypted
    xlate per-session deny tcp any4 any4
    xlate per-session deny tcp any4 any6
    xlate per-session deny tcp any6 any4
    xlate per-session deny tcp any6 any6
    xlate per-session deny udp any4 any4 eq domain
    xlate per-session deny udp any4 any6 eq domain
    xlate per-session deny udp any6 any4 eq domain
    xlate per-session deny udp any6 any6 eq domain
    passwd 2KFQnbNIdI.2KYOU encrypted
    names
    ip local pool VPNUsers 10.0.0.80-10.0.0.99 mask 255.255.0.0
    interface Ethernet0/0
    switchport access vlan 2
    speed 100
    duplex full
    interface Ethernet0/1
    speed 100
    duplex full
    interface Ethernet0/2
    speed 100
    duplex full
    interface Ethernet0/3
    speed 100
    duplex full
    interface Ethernet0/4
    speed 100
    duplex full
    interface Ethernet0/5
    speed 100
    duplex full
    interface Ethernet0/6
    speed 100
    duplex full
    interface Ethernet0/7
    speed 100
    duplex full
    interface Vlan1
    nameif inside
    security-level 100
    ip address 10.0.0.1 255.255.0.0
    interface Vlan2
    description External Connection
    no forward interface Vlan1
    nameif outside
    security-level 0
    ip address 209.117.123.226 255.255.255.224
    boot system disk0:/asa914-k8.bin
    ftp mode passive
    dns domain-lookup inside
    dns domain-lookup outside
    dns server-group DefaultDNS
    name-server 10.0.0.2
    name-server 10.0.0.4
    domain-name hnedu.com
    same-security-traffic permit inter-interface
    same-security-traffic permit intra-interface
    object network obj-10.0.0.0
    subnet 10.0.0.0 255.255.0.0
    object network obj-10.0.0.64
    subnet 10.0.0.64 255.255.255.192
    object network obj-10.0.0.6
    host 10.0.0.6
    object network obj-10.0.3.48
    host 10.0.3.48
    object network obj_any
    subnet 0.0.0.0 0.0.0.0
    object network NETWORK_OBJ_10.0.0.64_26
    subnet 10.0.0.64 255.255.255.192
    object-group network RDP_static
    object-group service RemoteDesktop tcp-udp
    description Windows Remote Desktop Access
    port-object eq 3389
    object-group protocol TCPUDP
    protocol-object udp
    protocol-object tcp
    access-list inside_access_in extended permit ip any4 any4
    access-list Napoleons_splitTunnelAcl standard permit 10.0.0.0 255.255.0.0
    access-list inside_nat0_outbound extended permit ip 10.0.0.0 255.255.0.0 10.0.0.64 255.255.255.192
    access-list outside_access_in extended permit tcp any4 host 10.0.0.6 eq www
    access-list outside_access_in remark remote desktop to cproom desktop
    access-list outside_access_in extended permit object-group TCPUDP any4 host 10.0.3.48 eq 3389
    pager lines 24
    logging asdm informational
    mtu inside 1500
    mtu outside 1500
    icmp unreachable rate-limit 1 burst-size 1
    asdm image disk0:/asdm-715-100.bin
    no asdm history enable
    arp timeout 14400
    no arp permit-nonconnected
    nat (inside,any) source static obj-10.0.0.0 obj-10.0.0.0 destination static obj-10.0.0.64 obj-10.0.0.64 no-proxy-arp route-lookup
    object network obj-10.0.0.6
    nat (inside,outside) static 209.117.123.227
    object network obj-10.0.3.48
    nat (inside,outside) static 209.117.123.228
    object network obj_any
    nat (inside,outside) dynamic interface
    access-group inside_access_in in interface inside control-plane
    access-group outside_access_in in interface outside
    route outside 0.0.0.0 0.0.0.0 209.117.123.225 1
    timeout xlate 3:00:00
    timeout pat-xlate 0:00:30
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    timeout floating-conn 0:00:00
    dynamic-access-policy-record DfltAccessPolicy
    user-identity default-domain LOCAL
    http server enable
    http 192.168.1.0 255.255.255.0 inside
    http 10.0.0.0 255.255.0.0 inside
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
    crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
    crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
    crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
    crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
    crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
    crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
    crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
    crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
    crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
    crypto ipsec security-association pmtu-aging infinite
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
    crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
    crypto map outside_map interface outside
    crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
    crypto map inside_map interface inside
    crypto ca trustpoint _SmartCallHome_ServerCA
    crl configure
    crypto ca trustpool policy
    crypto ca certificate chain _SmartCallHome_ServerCA
    certificate ca 6ecc7aa5a7032009b8cebcf4e952d491
        308205ec 308204d4 a0030201 0202106e cc7aa5a7 032009b8 cebcf4e9 52d49130
        0d06092a 864886f7 0d010105 05003081 ca310b30 09060355 04061302 55533117
        30150603 55040a13 0e566572 69536967 6e2c2049 6e632e31 1f301d06 0355040b
        13165665 72695369 676e2054 72757374 204e6574 776f726b 313a3038 06035504
        0b133128 63292032 30303620 56657269 5369676e 2c20496e 632e202d 20466f72
        20617574 686f7269 7a656420 75736520 6f6e6c79 31453043 06035504 03133c56
        65726953 69676e20 436c6173 73203320 5075626c 69632050 72696d61 72792043
        65727469 66696361 74696f6e 20417574 686f7269 7479202d 20473530 1e170d31
        30303230 38303030 3030305a 170d3230 30323037 32333539 35395a30 81b5310b
        30090603 55040613 02555331 17301506 0355040a 130e5665 72695369 676e2c20
        496e632e 311f301d 06035504 0b131656 65726953 69676e20 54727573 74204e65
        74776f72 6b313b30 39060355 040b1332 5465726d 73206f66 20757365 20617420
        68747470 733a2f2f 7777772e 76657269 7369676e 2e636f6d 2f727061 20286329
        3130312f 302d0603 55040313 26566572 69536967 6e20436c 61737320 33205365
        63757265 20536572 76657220 4341202d 20473330 82012230 0d06092a 864886f7
        0d010101 05000382 010f0030 82010a02 82010100 b187841f c20c45f5 bcab2597
        a7ada23e 9cbaf6c1 39b88bca c2ac56c6 e5bb658e 444f4dce 6fed094a d4af4e10
        9c688b2e 957b899b 13cae234 34c1f35b f3497b62 83488174 d188786c 0253f9bc
        7f432657 5833833b 330a17b0 d04e9124 ad867d64 12dc744a 34a11d0a ea961d0b
        15fca34b 3bce6388 d0f82d0c 948610ca b69a3dca eb379c00 48358629 5078e845
        63cd1941 4ff595ec 7b98d4c4 71b350be 28b38fa0 b9539cf5 ca2c23a9 fd1406e8
        18b49ae8 3c6e81fd e4cd3536 b351d369 ec12ba56 6e6f9b57 c58b14e7 0ec79ced
        4a546ac9 4dc5bf11 b1ae1c67 81cb4455 33997f24 9b3f5345 7f861af3 3cfa6d7f
        81f5b84a d3f58537 1cb5a6d0 09e4187b 384efa0f 02030100 01a38201 df308201
        db303406 082b0601 05050701 01042830 26302406 082b0601 05050730 01861868
        7474703a 2f2f6f63 73702e76 65726973 69676e2e 636f6d30 12060355 1d130101
        ff040830 060101ff 02010030 70060355 1d200469 30673065 060b6086 480186f8
        45010717 03305630 2806082b 06010505 07020116 1c687474 70733a2f 2f777777
        2e766572 69736967 6e2e636f 6d2f6370 73302a06 082b0601 05050702 02301e1a
        1c687474 70733a2f 2f777777 2e766572 69736967 6e2e636f 6d2f7270 61303406
        03551d1f 042d302b 3029a027 a0258623 68747470 3a2f2f63 726c2e76 65726973
        69676e2e 636f6d2f 70636133 2d67352e 63726c30 0e060355 1d0f0101 ff040403
        02010630 6d06082b 06010505 07010c04 61305fa1 5da05b30 59305730 55160969
        6d616765 2f676966 3021301f 30070605 2b0e0302 1a04148f e5d31a86 ac8d8e6b
        c3cf806a d448182c 7b192e30 25162368 7474703a 2f2f6c6f 676f2e76 65726973
        69676e2e 636f6d2f 76736c6f 676f2e67 69663028 0603551d 11042130 1fa41d30
        1b311930 17060355 04031310 56657269 5369676e 4d504b49 2d322d36 301d0603
        551d0e04 1604140d 445c1653 44c1827e 1d20ab25 f40163d8 be79a530 1f060355
        1d230418 30168014 7fd365a7 c2ddecbb f03009f3 4339fa02 af333133 300d0609
        2a864886 f70d0101 05050003 82010100 0c8324ef ddc30cd9 589cfe36 b6eb8a80
        4bd1a3f7 9df3cc53 ef829ea3 a1e697c1 589d756c e01d1b4c fad1c12d 05c0ea6e
        b2227055 d9203340 3307c265 83fa8f43 379bea0e 9a6c70ee f69c803b d937f47a
        6decd018 7d494aca 99c71928 a2bed877 24f78526 866d8705 404167d1 273aeddc
        481d22cd 0b0b8bbc f4b17bfd b499a8e9 762ae11a 2d876e74 d388dd1e 22c6df16
        b62b8214 0a945cf2 50ecafce ff62370d ad65d306 4153ed02 14c8b558 28a1ace0
        5becb37f 954afb03 c8ad26db e6667812 4ad99f42 fbe198e6 42839b8f 8f6724e8
        6119b5dd cdb50b26 058ec36e c4c875b8 46cfe218 065ea9ae a8819a47 16de0c28
        6c2527b9 deb78458 c61f381e a4c4cb66
      quit
    crypto ikev2 policy 1
    encryption aes-256
    integrity sha
    group 5 2
    prf sha
    lifetime seconds 86400
    crypto ikev2 policy 10
    encryption aes-192
    integrity sha
    group 5 2
    prf sha
    lifetime seconds 86400
    crypto ikev2 policy 20
    encryption aes
    integrity sha
    group 5 2
    prf sha
    lifetime seconds 86400
    crypto ikev2 policy 30
    encryption 3des
    integrity sha
    group 5 2
    prf sha
    lifetime seconds 86400
    crypto ikev2 policy 40
    encryption des
    integrity sha
    group 5 2
    prf sha
    lifetime seconds 86400
    crypto ikev1 enable inside
    crypto ikev1 enable outside
    crypto ikev1 policy 10
    authentication pre-share
    encryption 3des
    hash sha
    group 2
    lifetime 86400
    telnet timeout 5
    ssh timeout 5
    ssh key-exchange group dh-group1-sha1
    console timeout 0
    management-access inside
    vpn-addr-assign local reuse-delay 5
    vpn-sessiondb max-other-vpn-limit 10
    vpn-sessiondb max-anyconnect-premium-or-essentials-limit 2
    dhcp-client update dns server none
    dhcpd dns 10.0.0.2 10.0.0.4
    dhcpd wins 10.0.0.2 10.0.0.4
    dhcpd domain hnedu.com
    dhcpd option 5 ip 10.0.0.2 10.0.0.4 interface inside
    dhcpd option 6 ip 10.0.0.2 10.0.0.2 interface inside
    dhcprelay server 10.0.0.2 inside
    dhcprelay server 10.0.0.4 inside
    threat-detection basic-threat
    threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    group-policy DfltGrpPolicy attributes
    vpn-tunnel-protocol ikev1 ikev2 ssl-clientless
    group-policy Napoleons internal
    group-policy Napoleons attributes
    wins-server value 10.0.0.2 10.0.0.4
    dns-server value 10.0.0.2 10.0.0.4
    vpn-tunnel-protocol ikev1 l2tp-ipsec
    split-tunnel-policy tunnelspecified
    split-tunnel-network-list value Napoleons_splitTunnelAcl
    default-domain value hnedu.com
    group-policy Napoleon internal
    group-policy Napoleon attributes
    wins-server value 10.0.0.2 10.0.0.4
    dns-server value 10.0.0.2 10.0.0.4
    vpn-tunnel-protocol ikev1
    split-tunnel-policy tunnelspecified
    split-tunnel-network-list value Napoleons_splitTunnelAcl
    default-domain value hnedu.com
    username bpenza password LTg/b/c3kPWfC8KM encrypted privilege 0
    username bpenza attributes
    vpn-group-policy Napoleons
    username baudette password nPZIRfshkE7WcaDQ encrypted
    username baudette attributes
    vpn-group-policy Napoleons
    tunnel-group Napoleons type remote-access
    tunnel-group Napoleons general-attributes
    address-pool VPNUsers
    default-group-policy Napoleons
    tunnel-group Napoleons ipsec-attributes
    ikev1 pre-shared-key Holyname12
    tunnel-group Napoleon type remote-access
    tunnel-group Napoleon general-attributes
    address-pool VPNUsers
    default-group-policy Napoleon
    tunnel-group Napoleon ipsec-attributes
    ikev1 pre-shared-key Holyname12
    policy-map global-policy
    class class-default
      user-statistics accounting
    service-policy global-policy global
    prompt hostname context
    call-home reporting anonymous
    Cryptochecksum:eb9d34735b125eb61d8f7d93247ad9b7
    : end

    You need to discuss this issue with your network administrator. I suspect the network ports that allow VPN access to the system you want to use may be closed.
    You also need to confirm that the VPN software you are using is compatible with the network you are trying to access. Where I work, the VPN software that comes with Mac OS X is not
    compatible with the network so I have to use VPN software that was provided by my employer. You might be in the same situation.

  • ASA 5505 VPN with backup route

    We are looking to set up a site-to-site VPN with a backup over a T1. We have a remote site with a  1841 router. This router has a PTP T1 back to a secondary location with a 2811. Due to location, the only option we had to get additional bandwidth was to have a cable modem installed. We want to set a site-to-site up to our primary location, with a backup route over the T1 in the event the cable modem goes down. We have an ASA 5505 at the remote location, and an ASA 5540 at the primary. In addition, we want to split the traffic across the two connections. Since the wireless controllers are anchored back to the secondary location, we want to send that traffic over the PTP T1 and the rest of the traffic over the VPN. We also need to have a backup route for the wireless traffic to send across the VPN in the event the T1 goes down.

    Go to this link and scroll down to  Site to Site VPN (L2L) with IOS  and Site to Site VPN (L2L) with ASA, you can use the links example depicting your scenario requirements, where one end is dynamic and other static for Ipsec L2L  IOS-to-ASA or ASA-to-IOS.
    The best solution obiosly is having  static IP addressing, make that clear with your client  , but  these exmaples are very good solution for your problem.
    Keep in mind that the DHCP dynamic side will  always be the initiator to  bring up the tunnel , not the static side.
    http://www.cisco.com/en/US/products/ps6120/prod_configuration_examples_list.html
    Regards

  • Site to Site VPN between ASA 5505 and Cisco 800 router

    Evening all,
    Hoping that someboy can see the error of my ways.  It seems very like the problem that i read here: https://supportforums.cisco.com/thread/2016300
    We have a cisco 800 in a remote site which we wanted to use for a site to site vpn.  Went through the steps on the ASA 5505 and the 800 and have got to the stage were the tunnel is up and connected.  Getting traffic through it is another matter.  Remote network is 172.20.224.0/20 and the server network behind the ASA is 192.168.168.0/24. The tunnel does intiate when you send traffic from 172 ......to 192.......  Both the ASA and 800 report the tunnel is up.  If i look at the stats using ccp on the 800 i can see the encapsulation packets graph shooting up but nothing cominbg back.  I did packet captures on the 5505 and could not see anything coming from the tunnel so i dont belive its making it to the ASA.  Here is the config from the 800:
    Building configuration...
    Current configuration : 6488 bytes
    version 12.4
    no service pad
    service timestamps debug uptime
    service timestamps log uptime
    no service password-encryption
    hostname hhp-sty-backup
    boot-start-marker
    boot-end-marker
    logging message-counter syslog
    logging buffered 4096
    enable secret 5 $1$jI1i$/kZbRk2WHD5h0HtfuQVej1
    aaa new-model
    aaa authentication login default local
    aaa authorization exec default local
    aaa authorization auth-proxy default local
    aaa session-id common
    crypto pki trustpoint TP-self-signed-1347488939
    enrollment selfsigned
    subject-name cn=IOS-Self-Signed-Certificate-1347488939
    revocation-check none
    rsakeypair TP-self-signed-1347488939
    crypto pki certificate chain TP-self-signed-1347488939
    certificate self-signed 02
      30820255 308201BE A0030201 02020102 300D0609 2A864886 F70D0101 04050030
      31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
      69666963 6174652D 31333437 34383839 3339301E 170D3032 30333031 30313336
      33375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
      4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 33343734
      38383933 3930819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
      8100E714 7B0ADB41 19F60528 A8A5C43B 5CD2D1CD DCCF2E08 8B38D444 36EAB9B7
      0E93CEF7 660F979E E27915B9 E44812A5 794EA03D BA66752B FD0F7EBF D6342513
      D6410E4E 098CE838 C3BADD0A 5F3505FE 22CA776F 89B19510 F0852225 3600F046
      4D57D2E2 FE4AAD1E 8BE4BF80 7B27369E BFA65160 BC769BC9 00A13741 E336D0EA
      8A810203 010001A3 7D307B30 0F060355 1D130101 FF040530 030101FF 30280603
      551D1104 21301F82 1D686870 2D737479 2D626163 6B75702E 796F7572 646F6D61
      696E2E63 6F6D301F 0603551D 23041830 168014FA 4A8C4DF6 629638DE 87D7B60A
      0F5BB40F EA6AED30 1D060355 1D0E0416 0414FA4A 8C4DF662 9638DE87 D7B60A0F
      5BB40FEA 6AED300D 06092A86 4886F70D 01010405 00038181 00BBE577 6EF63FE7
      789766D5 37841812 298D4885 1CD06D07 4C625369 C3403106 89EE1398 73495432
      66C49CB1 36A5B2F8 D77A8C46 5AFE4112 EA5917D9 81542640 80EF2D36 54A85CC6
      C3FFFFB8 39A648DD 2ABA2B13 4137BE07 760E46C0 74401DA7 482E3FA2 A64B70FF
      447AA1B2 52E37240 29987085 532BBE3B C2E2E54A 54CA1D13 0E
                quit
    dot11 syslog
    ip source-route
    ip dhcp excluded-address 10.10.10.1
    ip dhcp pool inside
    ip dhcp pool lan_network
       network 172.20.224.0 255.255.240.0
       dns-server 8.8.8.8 8.8.4.4
       default-router 172.20.224.1
       lease 7
    ip cef
    no ip domain lookup
    ip domain name yourdomain.com
    password encryption aes
    username pix privilege 15 secret 5 $1$Z.wA$lBmj36AJx/cbK1RjmfGJh1
    username admin privilege 15 password 0 434Zaty
    crypto isakmp policy 1
    encr 3des
    authentication pre-share
    group 2
    crypto isakmp key password address 217.36.32.222
    crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
    crypto map SDM_CMAP_1 1 ipsec-isakmp
    description Tunnel to217.36.32.222
    set peer 217.36.32.222
    set transform-set ESP-3DES-SHA
    match address 100
    archive
    log config
      hidekeys
    interface ATM0
    no ip address
    no atm ilmi-keepalive
    pvc 0/38
      encapsulation aal5mux ppp dialer
      dialer pool-member 1
    dsl operating-mode auto
    interface FastEthernet0
    interface FastEthernet1
    interface FastEthernet2
    interface FastEthernet3
    interface Vlan1
    description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
    ip address 172.20.224.1 255.255.240.0
    ip nat inside
    ip virtual-reassembly
    ip tcp adjust-mss 1452
    interface Dialer0
    ip address negotiated
    ip nat outside
    ip virtual-reassembly
    encapsulation ppp
    dialer pool 1
    no cdp enable
    ppp authentication chap callin
    ppp chap hostname B6*******.btclick.com
    ppp chap password 0 H*******
    crypto map SDM_CMAP_1
    ip forward-protocol nd
    ip route 0.0.0.0 0.0.0.0 Dialer0
    ip http server
    ip http authentication local
    ip http secure-server
    ip http timeout-policy idle 60 life 86400 requests 10000
    ip nat inside source route-map SDM_RMAP_1 interface Dialer0 overload
    access-list 1 remark CCP_ACL Category=16
    access-list 1 permit 172.4.0.0 0.240.255.255
    access-list 10 permit 195.12.1.35
    access-list 10 permit 172.4.0.0 0.240.255.255
    access-list 100 remark CCP_ACL Category=4
    access-list 100 remark IPSec Rule
    access-list 100 permit ip 172.20.224.0 0.0.15.255 192.168.168.0 0.0.0.255
    access-list 101 remark CCP_ACL Category=2
    access-list 101 remark IPSec Rule
    access-list 101 deny   ip 172.20.224.0 0.0.15.255 192.168.168.0 0.0.0.255
    access-list 101 permit ip 172.4.0.0 0.240.255.255 any
    route-map SDM_RMAP_1 permit 1
    match ip address 101
    control-plane
    banner exec ^C
    % Password expiration warning.
    Cisco Configuration Professional (Cisco CP) is installed on this device
    and it provides the default username "cisco" for  one-time use. If you have
    already used the username "cisco" to login to the router and your IOS image
    supports the "one-time" user option, then this username has already expired.
    You will not be able to login to the router with this username after you exit
    this session.
    It is strongly suggested that you create a new username with a privilege level
    of 15 using the following command.
    username <myuser> privilege 15 secret 0 <mypassword>
    Replace <myuser> and <mypassword> with the username and password you
    want to use.
    ^C
    banner login ^C
    Cisco Configuration Professional (Cisco CP) is installed on this device.
    This feature requires the one-time use of the username "cisco" with the
    password "cisco". These default credentials have a privilege level of 15.
    YOU MUST USE CISCO CP or the CISCO IOS CLI TO CHANGE THESE 
    PUBLICLY-KNOWN CREDENTIALS
    Here are the Cisco IOS commands.
    username <myuser>  privilege 15 secret 0 <mypassword>
    no username cisco
    Replace <myuser> and <mypassword> with the username and password you want
    to use.
    IF YOU DO NOT CHANGE THE PUBLICLY-KNOWN CREDENTIALS, YOU WILL
    NOT BE ABLE TO LOG INTO THE DEVICE AGAIN AFTER YOU HAVE LOGGED OFF.
    For more information about Cisco CP please follow the instructions in the
    QUICK START GUIDE for your router or go to http://www.cisco.com/go/ciscocp
    ^C
    line con 0
    no modem enable
    stopbits 1
    line aux 0
    line vty 0 4
    access-class 10 in
    privilege level 15
    password 434Zaty
    transport input telnet ssh
    scheduler max-task-time 5000
    end
    Any help will be most gratefully recieved.

    Rick,
    Thanks for replying.  Here is the output from the 800 Show Crypto command:
    interface: Dialer0
        Crypto map tag: SDM_CMAP_1, local addr 81.136.160.237
       protected vrf: (none)
       local  ident (addr/mask/prot/port): (172.20.224.0/255.255.240.0/0/0)
       remote ident (addr/mask/prot/port): (192.168.168.0/255.255.255.0/0/0)
       current_peer 217.36.32.222 port 500
         PERMIT, flags={origin_is_acl,}
        #pkts encaps: 10928, #pkts encrypt: 10928, #pkts digest: 10928
        #pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
        #pkts compressed: 0, #pkts decompressed: 0
        #pkts not compressed: 0, #pkts compr. failed: 0
        #pkts not decompressed: 0, #pkts decompress failed: 0
        #send errors 2, #recv errors 0
         local crypto endpt.: 81.136.160.237, remote crypto endpt.: 217.36.32.222
         path mtu 1500, ip mtu 1500, ip mtu idb Virtual-Access2
         current outbound spi: 0x0(0)
         inbound esp sas:
         inbound ah sas:
         inbound pcp sas:
         outbound esp sas:
         outbound ah sas:
         outbound pcp sas:
    interface: Virtual-Access2
        Crypto map tag: SDM_CMAP_1, local addr 81.136.160.237
       protected vrf: (none)
       local  ident (addr/mask/prot/port): (172.20.224.0/255.255.240.0/0/0)
       remote ident (addr/mask/prot/port): (192.168.168.0/255.255.255.0/0/0)
       current_peer 217.36.32.222 port 500
         PERMIT, flags={origin_is_acl,}
        #pkts encaps: 10928, #pkts encrypt: 10928, #pkts digest: 10928
        #pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
        #pkts compressed: 0, #pkts decompressed: 0
        #pkts not compressed: 0, #pkts compr. failed: 0
        #pkts not decompressed: 0, #pkts decompress failed: 0
        #send errors 2, #recv errors 0
         local crypto endpt.: 81.136.160.237, remote crypto endpt.: 217.36.32.222
         path mtu 1500, ip mtu 1500, ip mtu idb Virtual-Access2
         current outbound spi: 0x0(0)
         inbound esp sas:
         inbound ah sas:
         inbound pcp sas:
         outbound esp sas:
         outbound ah sas:
         outbound pcp sas:
    and this is the running config frm our ASA at HQ:
    Result of the command: "sh run"
    : Saved
    ASA Version 8.2(1)
    hostname secure-access
    domain-name hhp.com
    enable password UWWykvGjAPmxufUo encrypted
    passwd 2KFQnbNIdI.2KYOU encrypted
    names
    interface Vlan1
    nameif inside
    security-level 100
    ip address 192.168.168.1 255.255.255.0
    interface Vlan2
    nameif outside
    security-level 0
    pppoe client vpdn group BT
    ip address 217.36.32.222 255.255.255.255 pppoe
    interface Vlan12
    nameif DMZ
    security-level 50
    ip address 192.168.169.1 255.255.255.0
    interface Vlan22
    nameif Wireless_HHP
    security-level 100
    ip address 172.16.36.1 255.255.254.0
    interface Vlan32
    nameif CNES
    security-level 100
    ip address 187.187.168.1 255.255.0.0
    interface Ethernet0/0
    switchport access vlan 2
    interface Ethernet0/1
    interface Ethernet0/2
    switchport access vlan 12
    interface Ethernet0/3
    switchport access vlan 22
    interface Ethernet0/4
    switchport access vlan 32
    interface Ethernet0/5
    switchport access vlan 12
    interface Ethernet0/6
    switchport access vlan 12
    interface Ethernet0/7
    ftp mode passive
    dns domain-lookup inside
    dns domain-lookup outside
    dns domain-lookup DMZ
    dns domain-lookup Wireless_HHP
    dns domain-lookup CNES
    dns server-group DefaultDNS
    name-server 192.168.168.2
    domain-name hhp.com
    same-security-traffic permit inter-interface
    same-security-traffic permit intra-interface
    object-group network NET-cnes_HHP-Sty
    network-object 172.20.224.0 255.255.240.0
    object-group network NET-cnes_HHP-Balivanich
    network-object 172.20.192.0 255.255.240.0
    object-group network Oak-DC1
    network-object 192.168.168.2 255.255.255.255
    object-group network Maple-DC2
    network-object 192.168.168.3 255.255.255.255
    object-group network HHP_Domain_Controllers
    group-object Oak-DC1
    group-object Maple-DC2
    object-group network PC-Support
    network-object 187.187.60.1 255.255.255.255
    network-object 187.187.60.2 255.255.255.254
    network-object 187.187.60.4 255.255.255.254
    network-object 187.187.60.6 255.255.255.255
    object-group network ELM-ActiveH
    network-object 192.168.168.6 255.255.255.255
    object-group network Pine-GP
    network-object 192.168.168.12 255.255.255.255
    object-group network HHP_Application_Servers
    group-object ELM-ActiveH
    group-object Pine-GP
    object-group network Fern-TS1
    network-object 192.168.168.4 255.255.255.255
    object-group network Fir-TS2
    network-object 192.168.168.5 255.255.255.255
    object-group network HHP_Terminal_Servers
    group-object Fern-TS1
    group-object Fir-TS2
    object-group service Global_Catalog_LDAP
    description (Generated by Cisco SM from Object "Global Catalog LDAP")
    service-object tcp eq 3268
    object-group service Global_Catalog_LDAP_SSL
    description (Generated by Cisco SM from Object "Global Catalog LDAP SSL")
    service-object tcp eq 3269
    object-group service UDP-389
    description UDP port for LDAP
    service-object udp eq 389
    object-group service TCP-88
    description TCP Port 88
    service-object tcp eq 88
    object-group service TCP-445
    description SMB
    service-object tcp eq 445
    object-group network John_-_Laptop
    description John's Laptop
    network-object 187.187.10.65 255.255.255.255
    object-group network Graham_-_PC
    description Graham Morrison's PC
    network-object 187.187.10.90 255.255.255.255
    object-group network john_test
    network-object 187.187.40.7 255.255.255.255
    object-group network Iain_PC
    description Iain Macaulay IT
    network-object 187.187.10.19 255.255.255.255
    object-group network John_-_PC
    description John MacPhail's PC
    network-object 187.187.10.7 255.255.255.255
    object-group network it-alahen-lap
    network-object 187.187.10.230 255.255.255.255
    object-group network Catriona_-_Laptop
    description Catriona's Laptop
    network-object 187.187.10.60 255.255.255.255
    object-group network Graham_-_Laptop
    network-object 187.186.10.120 255.255.255.255
    object-group network it-innive-xp
    description Innes MacIver's PC
    network-object 187.187.10.14 255.255.255.255
    object-group network it-alahen-xp
    description Desktop
    network-object 187.187.10.229 255.255.255.255
    object-group network Cat_-_PC
    description Catriona Macmillan's PC
    network-object 187.187.10.4 255.255.255.255
    object-group network it-davdon-xp
    description Desktop
    network-object 187.187.160.7 255.255.255.255
    object-group network cat-laptop
    description Catriona's Laptop addresses
    network-object 187.187.77.81 255.255.255.255
    network-object 187.187.77.82 255.255.255.255
    object-group network Catriona_old_pc
    network-object 187.187.10.44 255.255.255.255
    object-group network cat-tablet
    description Catriona's Tablet ip address's
    network-object 187.187.77.78 255.255.255.254
    object-group network DSO-SQLServer
    description Task Database Server
    network-object 187.187.1.33 255.255.255.255
    object-group network it-finfernew-xp
    description Findlay Ferguson PC
    network-object 187.187.10.153 255.255.255.255
    object-group network PC_Support
    group-object John_-_Laptop
    group-object Graham_-_PC
    group-object john_test
    group-object Iain_PC
    group-object John_-_PC
    group-object it-alahen-lap
    group-object Catriona_-_Laptop
    group-object Graham_-_Laptop
    group-object it-alahen-xp
    group-object Cat_-_PC
    group-object it-davdon-xp
    group-object cat-laptop
    group-object Catriona_old_pc
    group-object cat-tablet
    group-object it-innive-xp
    network-object 187.187.1.128 255.255.255.255
    network-object 187.187.10.76 255.255.255.255
    group-object DSO-SQLServer
    network-object 187.187.15.234 255.255.255.255
    network-object 187.187.4.60 255.255.255.255
    network-object 187.187.10.134 255.255.255.255
    network-object 172.18.194.22 255.255.255.255
    group-object it-finfernew-xp
    object-group network Entire_CNE
    description Entire CNE range
    network-object 187.0.0.0 255.0.0.0
    object-group network NET-cnes_HHP-Sty-Staff
    network-object 172.20.225.0 255.255.255.0
    object-group network NET-cnes_HHP-Balivanich-staff
    network-object 172.20.193.0 255.255.255.0
    object-group network Alder-Intranet
    network-object 192.168.168.13 255.255.255.255
    object-group network Aspen-ISA
    network-object 192.168.168.10 255.255.255.255
    object-group service tcp-8080
    description TCP Port 8080
    service-object tcp eq 8080
    object-group network Beech-External
    network-object 217.36.32.210 255.255.255.255
    object-group network it-csm
    description cisco security manager
    network-object 187.187.1.72 255.255.255.255
    object-group network Juniper-External
    description Internet Server
    network-object 217.36.32.211 255.255.255.255
    object-group network HHP_Server_Network
    network-object 192.168.168.0 255.255.255.0
    object-group network Messagelabs_Incoming_HHP
    network-object 67.219.240.0 255.255.240.0
    network-object 95.131.104.0 255.255.248.0
    network-object 193.109.254.0 255.255.254.0
    network-object 195.245.230.0 255.255.254.0
    network-object 216.82.240.0 255.255.240.0
    network-object 85.158.136.0 255.255.248.0
    network-object 117.120.16.0 255.255.248.0
    network-object 194.106.220.0 255.255.254.0
    object-group network Angus-Maclean-PC
    network-object 187.187.10.250 255.255.255.255
    object-group service RDP
    service-object tcp eq 3389
    object-group network it-dbserver
    description Database Server (Live)
    network-object 187.187.1.65 255.255.255.255
    object-group network it-sql-test
    description Test SQL / database server
    network-object 187.187.1.81 255.255.255.255
    object-group service DNS-Resolving
    description Domain Name Server
    service-object tcp eq domain
    service-object udp eq domain
    object-group network Beech-Exchange
    network-object 192.168.168.91 255.255.255.255
    object-group network Messagelabs_-_Incoming
    description List of MessageLab addresses that SMTP connections are accepted from
    network-object 212.125.75.0 255.255.255.224
    network-object 216.82.240.0 255.255.240.0
    network-object 195.216.16.211 255.255.255.255
    network-object 194.205.110.128 255.255.255.224
    network-object 194.106.220.0 255.255.254.0
    network-object 193.109.254.0 255.255.254.0
    network-object 62.231.131.0 255.255.255.0
    network-object 62.173.108.208 255.255.255.240
    network-object 62.173.108.16 255.255.255.240
    network-object 212.125.74.44 255.255.255.255
    network-object 195.245.230.0 255.255.254.0
    network-object 85.158.136.0 255.255.248.0
    object-group network MIS_Support
    network-object 192.168.168.250 255.255.255.254
    object-group network it-donadon-xp
    description Donald Macdonald's PC
    network-object 187.187.10.13 255.255.255.255
    object-group network Angela_PC
    network-object 187.187.10.155 255.255.255.255
    object-group network Katie_PC
    network-object 187.187.10.151 255.255.255.255
    object-group network Pauline_PC
    network-object 187.187.10.12 255.255.255.255
    object-group network it-paye-net
    network-object 187.187.1.92 255.255.255.255
    object-group network MessageLabs-Towers
    description Message Labs IP Address ranges
    network-object 216.82.240.0 255.255.240.0
    network-object 67.219.240.0 255.255.240.0
    network-object 85.158.136.0 255.255.248.0
    network-object 95.131.104.0 255.255.248.0
    network-object 117.120.16.0 255.255.248.0
    network-object 193.109.254.0 255.255.254.0
    network-object 194.106.220.0 255.255.254.0
    network-object 195.245.230.0 255.255.254.0
    network-object 62.231.131.0 255.255.255.0
    network-object 212.125.75.16 255.255.255.240
    object-group network NET_cnes-castlebay-staff
    network-object 172.19.17.0 255.255.255.0
    object-group network NET_cnes_tarbert_staff
    description NET_cnes_tarbert_staff
    network-object 172.19.33.0 255.255.255.0
    object-group network Juniper
    network-object 192.168.169.5 255.255.255.255
    object-group network HHP_DMZ_Network
    network-object 192.168.169.0 255.255.255.0
    object-group network Ash
    network-object 192.168.168.100 255.255.255.255
    object-group service UDP-445
    service-object udp eq 445
    object-group service tcp-udp-135-139
    service-object tcp-udp range 135 139
    object-group network HHP-ELM
    description HHP's ELM ActiveH server
    network-object 187.187.1.203 255.255.255.255
    object-group network CNES-Ext-GW
    description CNES External Address
    network-object 194.83.245.242 255.255.255.255
    object-group service IPSEC
    description IPSEC
    service-object 57
    service-object ah
    service-object esp
    service-object udp eq isakmp
    object-group network Alamur-PC
    network-object 187.187.10.15 255.255.255.255
    object-group network Iain-Nicolson-PC
    network-object 187.187.10.159 255.255.255.255
    object-group network HHP_Remote_Access_Pool
    network-object 192.168.168.200 255.255.255.248
    network-object 192.168.168.208 255.255.255.240
    network-object 192.168.168.224 255.255.255.252
    network-object 192.168.168.228 255.255.255.254
    object-group network Holly-AV
    network-object 192.168.168.9 255.255.255.255
    object-group service AVG_Ports
    description For AVG server to HHP PCs
    service-object tcp-udp eq 6150
    service-object tcp-udp eq 6051
    service-object tcp-udp eq 445
    service-object tcp-udp eq 138
    service-object tcp-udp eq 135
    service-object tcp-udp eq 6054
    service-object tcp-udp eq 4158
    service-object tcp-udp eq 139
    service-object tcp-udp eq 137
    object-group network CNES_Access
    network-object 192.168.168.230 255.255.255.254
    network-object 192.168.168.232 255.255.255.248
    network-object 192.168.168.240 255.255.255.248
    network-object 192.168.168.248 255.255.255.254
    object-group network HHP-068
    description BACS PC
    network-object 172.20.225.6 255.255.255.255
    object-group network Banyan
    network-object 192.168.168.105 255.255.255.255
    object-group service TCP81
    description TCP Port 81
    service-object tcp eq 81
    object-group network Gavin_-_new_PC
    network-object 187.187.10.150 255.255.255.255
    object-group network Secudoors
    network-object 172.20.224.4 255.255.255.255
    access-list outside_access_in remark Time sync to external ntp server
    access-list outside_access_in extended permit udp host 192.108.114.23 object-group HHP_Domain_Controllers eq ntp
    access-list outside_access_in extended permit tcp object-group MessageLabs-Towers object-group Beech-External eq smtp
    access-list outside_access_in extended permit ip host 81.136.160.237 object-group HHP_Server_Network
    access-list outside_access_in extended permit ip object-group CNES_Access object-group HHP_Server_Network
    access-list outside_access_in extended permit ip object-group MIS_Support object-group HHP_Server_Network
    access-list outside_access_in extended permit ip object-group HHP_Remote_Access_Pool object-group HHP_Server_Network
    access-list outside_access_in extended permit tcp any object-group Juniper-External eq www
    access-list outside_access_in extended permit tcp any object-group Juniper-External eq https
    access-list outside_access_in extended deny ip any any
    access-list outside_access_in_1 extended permit ip any any
    access-list CSM_FW_ACL_Wireless_HHP extended permit ip object-group NET-cnes_HHP-Balivanich object-group HHP_Server_Network
    access-list CSM_FW_ACL_Wireless_HHP extended permit ip object-group NET-cnes_HHP-Sty object-group HHP_Server_Network
    access-list CSM_FW_ACL_Wireless_HHP extended permit tcp object-group HHP-068 any eq www
    access-list CSM_FW_ACL_Wireless_HHP extended permit tcp object-group HHP-068 any eq domain
    access-list CSM_FW_ACL_Wireless_HHP extended permit udp object-group HHP-068 any eq domain
    access-list CSM_FW_ACL_Wireless_HHP extended permit tcp object-group HHP-068 any eq https
    access-list CSM_FW_ACL_Wireless_HHP extended permit object-group DNS-Resolving object-group HHP-068 any
    access-list CSM_FW_ACL_Wireless_HHP extended permit object-group tcp-8080 object-group HHP-068 any
    access-list CSM_FW_ACL_Wireless_HHP extended permit ip host 172.20.193.53 object-group CNES-Ext-GW
    access-list CSM_FW_ACL_Wireless_HHP extended permit ip object-group Secudoors any
    access-list CSM_FW_ACL_inside extended permit ip object-group HHP_Server_Network object-group NET-cnes_HHP-Balivanich
    access-list CSM_FW_ACL_inside extended permit ip object-group HHP_Server_Network object-group NET-cnes_HHP-Sty
    access-list CSM_FW_ACL_inside extended permit ip object-group HHP_Application_Servers object-group PC_Support
    access-list CSM_FW_ACL_inside extended permit ip object-group HHP_Domain_Controllers object-group PC_Support
    access-list CSM_FW_ACL_inside extended permit ip object-group HHP_Terminal_Servers object-group PC_Support
    access-list CSM_FW_ACL_inside extended permit tcp object-group Oak-DC1 any eq domain
    access-list CSM_FW_ACL_inside extended permit udp object-group Oak-DC1 any eq domain
    access-list CSM_FW_ACL_inside extended permit object-group DNS-Resolving object-group Oak-DC1 any
    access-list CSM_FW_ACL_inside extended permit tcp object-group Maple-DC2 any eq domain
    access-list CSM_FW_ACL_inside extended permit udp object-group Maple-DC2 any eq domain
    access-list CSM_FW_ACL_inside extended permit object-group DNS-Resolving object-group Maple-DC2 any
    access-list CSM_FW_ACL_inside extended permit tcp object-group Aspen-ISA any eq www
    access-list CSM_FW_ACL_inside extended permit tcp object-group Aspen-ISA any eq domain
    access-list CSM_FW_ACL_inside extended permit udp object-group Aspen-ISA any eq domain
    access-list CSM_FW_ACL_inside extended permit tcp object-group Aspen-ISA any eq https
    access-list CSM_FW_ACL_inside extended permit object-group DNS-Resolving object-group Aspen-ISA any
    access-list CSM_FW_ACL_inside extended permit object-group tcp-8080 object-group Aspen-ISA any
    access-list CSM_FW_ACL_inside remark For Symantec Liveupdates
    access-list CSM_FW_ACL_inside extended permit tcp object-group Banyan any eq ftp
    access-list CSM_FW_ACL_inside extended permit tcp object-group Banyan any eq www
    access-list CSM_FW_ACL_inside extended permit tcp object-group Banyan any eq https
    access-list CSM_FW_ACL_inside remark IPSec VPN access from ELm to CNES
    access-list CSM_FW_ACL_inside extended permit object-group IPSEC object-group ELM-ActiveH object-group CNES-Ext-GW
    access-list CSM_FW_ACL_inside extended permit udp object-group ELM-ActiveH object-group CNES-Ext-GW eq 4500
    access-list CSM_FW_ACL_inside extended permit tcp object-group ELM-ActiveH object-group CNES-Ext-GW eq 4500
    access-list CSM_FW_ACL_inside extended permit icmp object-group HHP_Server_Network object-group HHP_DMZ_Network
    access-list CSM_FW_ACL_inside remark Time sync to external ntp server
    access-list CSM_FW_ACL_inside extended permit udp object-group HHP_Domain_Controllers host 192.108.114.23 eq ntp
    access-list CSM_FW_ACL_inside extended permit tcp object-group Beech-Exchange object-group Messagelabs_-_Incoming eq smtp
    access-list CSM_FW_ACL_inside extended permit tcp object-group Aspen-ISA object-group Juniper eq www
    access-list CSM_FW_ACL_inside extended permit tcp object-group Aspen-ISA object-group Juniper eq https
    access-list CSM_FW_ACL_inside extended permit ip object-group Holly-AV object-group Juniper
    access-list CSM_FW_ACL_inside extended deny ip any any
    access-list CSM_FW_ACL_CNES extended permit ip object-group PC_Support object-group HHP_Server_Network
    access-list CSM_FW_ACL_CNES extended permit ip object-group PC_Support object-group HHP_DMZ_Network
    access-list CSM_FW_ACL_CNES extended permit ip object-group PC_Support object-group NET-cnes_HHP-Balivanich
    access-list CSM_FW_ACL_CNES extended permit ip object-group PC_Support object-group NET-cnes_HHP-Sty
    access-list CSM_FW_ACL_CNES extended permit tcp object-group it-csm any eq ssh
    access-list CSM_FW_ACL_CNES extended permit tcp object-group it-csm any eq www
    access-list CSM_FW_ACL_CNES extended permit tcp object-group it-csm any eq https
    access-list CSM_FW_ACL_CNES remark Aim's access to Active H server: DSO SQL
    access-list CSM_FW_ACL_CNES remark server's access (Task)
    access-list CSM_FW_ACL_CNES remark IT Ops - mapped drive for FTP transfer to and from E450/Elm of Entitlement Adjustments
    access-list CSM_FW_ACL_CNES remark and Tenancy Changes
    access-list CSM_FW_ACL_CNES extended permit ip object-group it-sql-test object-group ELM-ActiveH
    access-list CSM_FW_ACL_CNES extended permit ip object-group DSO-SQLServer object-group ELM-ActiveH
    access-list CSM_FW_ACL_CNES extended permit ip object-group it-paye-net object-group ELM-ActiveH
    access-list CSM_FW_ACL_CNES extended permit ip object-group Angela_PC object-group ELM-ActiveH
    access-list CSM_FW_ACL_CNES extended permit ip object-group Katie_PC object-group ELM-ActiveH
    access-list CSM_FW_ACL_CNES extended permit ip object-group Pauline_PC object-group ELM-ActiveH
    access-list CSM_FW_ACL_CNES remark donald and Findlay RDP access to Active H
    access-list CSM_FW_ACL_CNES extended permit object-group RDP object-group it-donadon-xp object-group ELM-ActiveH
    access-list CSM_FW_ACL_CNES extended permit object-group RDP object-group it-donadon-xp object-group HHP_Terminal_Servers
    access-list CSM_FW_ACL_CNES extended permit object-group RDP object-group it-finfernew-xp object-group ELM-ActiveH
    access-list CSM_FW_ACL_CNES extended permit object-group RDP object-group it-finfernew-xp object-group HHP_Terminal_Servers
    access-list CSM_FW_ACL_CNES extended permit ip object-group Angus-Maclean-PC object-group Alder-Intranet
    access-list CSM_FW_ACL_CNES extended permit ip object-group Angus-Maclean-PC host 192.168.168.17
    access-list CSM_FW_ACL_CNES extended permit ip object-group Angus-Maclean-PC object-group Juniper
    access-list CSM_FW_ACL_CNES extended permit ip object-group Iain-Nicolson-PC object-group Alder-Intranet
    access-list CSM_FW_ACL_CNES extended permit ip object-group Iain-Nicolson-PC host 192.168.168.17
    access-list CSM_FW_ACL_CNES extended permit ip object-group Iain-Nicolson-PC object-group Juniper
    access-list CSM_FW_ACL_CNES extended permit ip object-group it-davdon-xp object-group Alder-Intranet
    access-list CSM_FW_ACL_CNES extended permit ip object-group it-davdon-xp host 192.168.168.17
    access-list CSM_FW_ACL_CNES extended permit ip object-group it-davdon-xp object-group Juniper
    access-list CSM_FW_ACL_CNES extended permit ip object-group Alamur-PC object-group Alder-Intranet
    access-list CSM_FW_ACL_CNES extended permit ip object-group Alamur-PC host 192.168.168.17
    access-list CSM_FW_ACL_CNES extended permit ip object-group Alamur-PC object-group Juniper
    access-list CSM_FW_ACL_CNES extended permit ip object-group Gavin_-_new_PC object-group Alder-Intranet
    access-list CSM_FW_ACL_CNES extended permit ip object-group Gavin_-_new_PC host 192.168.168.17
    access-list CSM_FW_ACL_CNES extended permit ip object-group Gavin_-_new_PC object-group Juniper
    access-list CSM_FW_ACL_CNES extended permit object-group RDP object-group NET_cnes-castlebay-staff object-group HHP_Server_Network
    access-list CSM_FW_ACL_CNES extended permit object-group RDP object-group NET_cnes_tarbert_staff object-group HHP_Server_Network
    access-list MIS_splitTunnelAcl standard permit 192.168.168.0 255.255.255.0
    access-list inside_nat0_outbound extended permit ip object-group HHP_Server_Network 192.168.168.250 255.255.255.254
    access-list inside_nat0_outbound extended permit ip object-group HHP_Server_Network 192.168.168.224 255.255.255.224
    access-list CSM_FW_ACL_DMZ extended permit ip object-group HHP_DMZ_Network object-group PC_Support
    access-list CSM_FW_ACL_DMZ extended permit icmp object-group HHP_DMZ_Network object-group HHP_Server_Network
    access-list CSM_FW_ACL_DMZ extended permit ip object-group Juniper object-group Angus-Maclean-PC
    access-list CSM_FW_ACL_DMZ extended permit ip object-group Juniper object-group Holly-AV
    access-list CSM_FW_ACL_DMZ extended permit tcp object-group Juniper object-group Beech-Exchange eq smtp
    access-list CSM_FW_ACL_DMZ extended permit tcp object-group Juniper object-group HHP_Domain_Controllers eq domain
    access-list CSM_FW_ACL_DMZ extended permit udp object-group Juniper object-group HHP_Domain_Controllers eq domain
    access-list CSM_FW_ACL_DMZ remark for backups to USB drive on ASH
    access-list CSM_FW_ACL_DMZ extended permit object-group TCP-445 object-group Juniper object-group Ash
    access-list CSM_FW_ACL_DMZ extended permit object-group UDP-445 object-group Juniper object-group Ash
    access-list CSM_FW_ACL_DMZ extended permit object-group tcp-udp-135-139 object-group Juniper object-group Ash
    access-list CSM_FW_ACL_DMZ extended deny ip any any
    access-list CNES_Support_splitTunnelAcl standard permit 192.168.168.0 255.255.255.0
    access-list RemoteAccess_splitTunnelAcl standard permit 192.168.168.0 255.255.255.0
    access-list outside_cryptomap extended permit ip object-group HHP_Server_Network object-group NET-cnes_HHP-Sty
    pager lines 24
    logging enable
    logging asdm informational
    mtu inside 1500
    mtu outside 1492
    mtu DMZ 1500
    mtu Wireless_HHP 1500
    mtu CNES 1500
    ip local pool CNES_Access 192.168.168.230-192.168.168.249
    ip local pool MIS_Support 192.168.168.250-192.168.168.251
    ip local pool OLM-VPN-Pool 192.168.168.252
    ip local pool HHP_Remote_Access_Pool 192.168.168.200-192.168.168.229
    no failover
    icmp unreachable rate-limit 1 burst-size 1
    no asdm history enable
    arp timeout 14400
    nat-control
    global (outside) 1 interface
    nat (inside) 0 access-list inside_nat0_outbound
    nat (inside) 1 0.0.0.0 0.0.0.0
    nat (Wireless_HHP) 1 172.20.193.53 255.255.255.255
    nat (Wireless_HHP) 1 172.20.225.0 255.255.255.0
    static (inside,CNES) 192.168.168.0 192.168.168.0 netmask 255.255.255.0
    static (CNES,inside) 187.187.0.0 255.255.0.0 netmask 255.255.0.0
    static (Wireless_HHP,inside) 172.20.224.0 172.20.224.0 netmask 255.255.240.0
    static (inside,Wireless_HHP) 192.168.168.0 192.168.168.0 netmask 255.255.255.0
    static (CNES,Wireless_HHP) 187.187.0.0 187.187.0.0 netmask 255.255.0.0
    static (inside,outside) 217.36.32.210 192.168.168.91 netmask 255.255.255.255
    static (DMZ,outside) 217.36.32.211 192.168.169.5 netmask 255.255.255.255
    static (inside,DMZ) 192.168.168.0 192.168.168.0 netmask 255.255.255.0
    static (CNES,DMZ) 187.0.0.0 187.0.0.0 netmask 255.0.0.0
    access-group CSM_FW_ACL_inside in interface inside
    access-group outside_access_in_1 in interface outside control-plane
    access-group outside_access_in in interface outside
    access-group CSM_FW_ACL_DMZ in interface DMZ
    access-group CSM_FW_ACL_Wireless_HHP in interface Wireless_HHP
    access-group CSM_FW_ACL_CNES in interface CNES
    route outside 0.0.0.0 0.0.0.0 81.148.0.157 1
    route Wireless_HHP 172.20.192.0 255.255.240.0 172.16.36.3 1
    route Wireless_HHP 172.20.224.0 255.255.240.0 172.16.36.2 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    dynamic-access-policy-record DfltAccessPolicy
    aaa-server HHP protocol ldap
    aaa-server HHP (inside) host 192.168.168.2
    timeout 5
    ldap-base-dn dc=hhp,dc=com
    ldap-scope subtree
    ldap-naming-attribute sAMAccountName
    ldap-login-password *
    ldap-login-dn cn=gramor,cn=users,dc=hhp,dc=com
    server-type microsoft
    aaa-server HHP_1 protocol ldap
    aaa-server HHP_1 (inside) host 192.168.168.2
    timeout 5
    ldap-base-dn dc=hhp,dc=com
    ldap-scope subtree
    ldap-naming-attribute sAMAccountName
    ldap-login-password *
    ldap-login-dn cn=administrator,cn=users,dc=hhp,dc=com
    server-type microsoft
    aaa-server HHP_3 protocol ldap
    aaa-server HHP_3 (inside) host 192.168.168.2
    timeout 5
    ldap-base-dn dc=hhp,dc=com
    ldap-scope subtree
    ldap-naming-attribute sAMAccountName
    ldap-login-password *
    ldap-login-dn cn=administrator,cn=users,dc=hhp,dc=com
    server-type microsoft
    aaa authentication ssh console LOCAL
    aaa authentication http console LOCAL
    http server enable
    http 192.168.1.0 255.255.255.0 inside
    http 192.168.168.0 255.255.255.0 inside
    http 0.0.0.0 0.0.0.0 outside
    http 194.83.245.242 255.255.255.255 outside
    http 187.187.1.72 255.255.255.255 CNES
    http 187.187.10.90 255.255.255.255 CNES
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
    crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
    crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
    crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
    crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
    crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
    crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
    crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
    crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
    crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
    crypto ipsec security-association lifetime seconds 28800
    crypto ipsec security-association lifetime kilobytes 4608000
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
    crypto dynamic-map outside_map_dynamic 2 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
    crypto map outside_map 1 match address outside_cryptomap
    crypto map outside_map 1 set peer 81.136.160.237
    crypto map outside_map 1 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
    crypto map outside_map 30001 ipsec-isakmp dynamic outside_map_dynamic
    crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
    crypto map outside_map interface outside
    crypto ca trustpoint ASDM_TrustPoint0
    enrollment terminal
    fqdn none
    subject-name O=Hebridean Housing Partnership Limited,CN=secure-access.hebrideanhousing.co.uk,L=Isle of Lewis,ST=Scotland,C=GB
    keypair SSL_Certificate
    crl configure
    crypto ca trustpoint ASDM_TrustPoint1
    enrollment terminal
    fqdn none
    crl configure
    crypto ca certificate chain ASDM_TrustPoint0
    certificate 0100000000012790a5c005
        30820530 30820418 a0030201 02020b01 00000000 012790a5 c005300d 06092a86
        4886f70d 01010505 00306a31 23302106 0355040b 131a4f72 67616e69 7a617469
        6f6e2056 616c6964 6174696f 6e204341 31133011 06035504 0a130a47 6c6f6261
        6c536967 6e312e30 2c060355 04031325 476c6f62 616c5369 676e204f 7267616e
        697a6174 696f6e20 56616c69 64617469 6f6e2043 41301e17 0d313030 33323431
        34313835 385a170d 31333033 32343134 31383534 5a308197 310b3009 06035504
        06130247 42311130 0f060355 04081308 53636f74 6c616e64 31163014 06035504
        07130d49 736c6520 6f66204c 65776973 312e302c 06035504 0a132548 65627269
        6465616e 20486f75 73696e67 20506172 746e6572 73686970 204c696d 69746564
        312d302b 06035504 03132473 65637572 652d6163 63657373 2e686562 72696465
        616e686f 7573696e 672e636f 2e756b30 82012230 0d06092a 864886f7 0d010101
        05000382 010f0030 82010a02 82010100 def181d9 c34c58a8 9abcc849 7d8ad0a9
        3c64c77f f3126c81 30911f41 5903a92c 81fb374b 2fe2680e 10b26dce 81ca0c23
        af2c9f9a 52295e8c d2223fa6 7c4c386d 51c6fb16 a47688e6 e47e2410 b0283503
        fd72abd3 e59d3b02 cd47706e babf948c 4e0282a3 5f789ff7 8041b2db ceac64eb
        3e163b38 3a8ecc25 0c4802a8 d17fecd9 f1a36288 29202df4 b20ae891 f95ce055
        6e670559 3d075024 7f3ac7ef 26218154 a7f6a399 34c43c4a 97c2c88c c4588ee4
        77cc2ad8 b1bd868d d55c2b9b 727e9904 66d0fb52 c212abd7 a06f28f1 ad2aa04b
        3d7b3094 c59c00d4 cf51fefb d8bfa101 8ba9c4ba 5cf629ff c50716d3 71019a98
        8fa55b83 6b158b6d 1043f092 646ef07d 02030100 01a38201 a7308201 a3301f06
        03551d23 04183016 80147d6d 2aec66ab a75136ab 0269f170 8fc4590b 9a1f3049
        06082b06 01050507 0101043d 303b3039 06082b06 01050507 3002862d 68747470
        3a2f2f73 65637572 652e676c 6f62616c 7369676e 2e6e6574 2f636163 6572742f
        6f726776 312e6372 74303f06 03551d1f 04383036 3034a032 a030862e 68747470
        3a2f2f63 726c2e67 6c6f6261 6c736967 6e2e6e65 742f4f72 67616e69 7a617469
        6f6e5661 6c312e63 726c301d 0603551d 0e041604 14d398d5 ddf29355 15b04750
        baccc6b3 0f97a6c9 94302f06 03551d11 04283026 82247365 63757265 2d616363
        6573732e 68656272 69646561 6e686f75 73696e67 2e636f2e 756b3009 0603551d
        13040230 00300e06 03551d0f 0101ff04 04030205 a0302906 03551d25 04223020
        06082b06 01050507 03010608 2b060105 05070302 060a2b06 01040182 370a0303
        304b0603 551d2004 44304230 4006092b 06010401 a0320114 30333031 06082b06
        01050507 02011625 68747470 3a2f2f77 77772e67 6c6f6261 6c736967 6e2e6e65
        742f7265 706f7369 746f7279 2f301106 09608648 0186f842 01010404 030206c0
        300d0609 2a864886 f70d0101 05050003 82010100 8af3be01 c4830d83 9b347355
        de7496ef bd76b86c ee92f32f 1157ef11 6ad949b6 611537ad 81f06408 73ec6fe2
        6466675c cf31a80f bead422d ec574f95 55fe0b7a 97e271e7 0220c7b1 53376843
        ff7f7280 f9bfdee6 3584e123 00c37d9f 5004b766 9469ead5 f002744c fd50271c
        6bcdb54c e5db85aa 9760a330 d72464a2 bc8ecdff d80bbc27 7551e97c ee9b7078
        9207f9d6 b969a47a 6df722b6 14ce803d 8d4bb9e9 4695e8e6 d453950e 06506594
        ec7652ea 365cdf94 90e2f7ee 855dadb5 c0459d73 bb6d01a8 3c076718 7f80de40
        c5eb9e0e 17c93087 fd5c5fc1 fd6401fe 7e5038b1 3da1d250 01ccd8be 964d5557
        b320c4c1 0015d1b7 daad7527 930b0c90 7711704f
      quit
    crypto ca certificate chain ASDM_TrustPoint1
    certificate ca 0400000000011e44a5f52a
        30820467 3082034f a0030201 02020b04 00000000 011e44a5 f52a300d 06092a86
        4886f70d 01010505 00305731 0b300906 03550406 13024245 31193017 06035504
        0a131047 6c6f6261 6c536967 6e206e76 2d736131 10300e06 0355040b 1307526f
        6f742043 41311b30 19060355 04031312 476c6f62 616c5369 676e2052 6f6f7420
        4341301e 170d3037 30343131 31323030 30305a17 0d313730 34313131 32303030
        305a306a 31233021 06035504 0b131a4f 7267616e 697a6174 696f6e20 56616c69
        64617469 6f6e2043 41311330 11060355 040a130a 476c6f62 616c5369 676e312e
        302c0603 55040313 25476c6f 62616c53 69676e20 4f726761 6e697a61 74696f6e
        2056616c 69646174 696f6e20 43413082 0122300d 06092a86 4886f70d 01010105
        00038201 0f003082 010a0282 010100a1 2fc4bcce 8703e967 c189c8e5 93fc7db4
        ad9ef663 4e6ae89c 2c7389a2 01f48f21 f8fd259d 58166d86 f6ee4957 757e75ea
        22117e3d fbc74241 dcfcc50c 9155807b eb64331d 9bf9ca38 e9abc625 43512540
        f4e47e18 556aa98f 103a401e d65783ef 7f2f342f 2dd2f653 c2190db7 edc981f5
        462cb423 425e9d13 0375ecea 6afc577c c936973b 98dc1313 ecec41fa 5d34eab9
        93e71016 65cc9c92 fdf5c59d 3e4ab909 fce45f1e 695f4df4 567244b1 1d2303c8
        36f66588 c8bf3916 458e1e26 6c5116c5 2a0038c5 a4136995 7dab013b a8c414b4
        80daac1a 4420d5fe a9067b14 27afe030 21dd90f4 a9d52319 2e1e03e6 c1df9529
        e4c19443 dd3e90aa cb4bc9be 8ad33902 03010001 a382011f 3082011b 300e0603
        551d0f01 01ff0404 03020106 30120603 551d1301 01ff0408 30060101 ff020100
        301d0603 551d0e04 1604147d 6d2aec66 aba75136 ab0269f1 708fc459 0b9a1f30
        4b060355 1d200444 30423040 06092b06 010401a0 32011430 33303106 082b0601
        05050702 01162568 7474703a 2f2f7777 772e676c 6f62616c 7369676e 2e6e6574
        2f726570 6f736974 6f72792f 30330603 551d1f04 2c302a30 28a026a0 24862268
        7474703a 2f2f6372 6c2e676c 6f62616c 7369676e 2e6e6574 2f726f6f 742e6372
        6c301106 09608648 0186f842 01010404 03020204 30200603 551d2504 19301706
        0a2b0601 04018237 0a030306 09608648 0186f842 0401301f 0603551d 23041830
        16801460 7b661a45 0d97ca89 502f7d04 cd34a8ff fcfd4b30 0d06092a 864886f7
        0d010105 05000382 01010079 47fc15d7 4c79df0f 7a9eced4 7c4b63c9 89b57b3f
        9912e89c 8c9a492f e04e954a edc7bcbe f1a2db8e 931dba71 54aa4bd9 89222487
        c504a8ac 8252a052 f8b8e14f a1276663 214a39e7 c7c54e5f b2d61d13 6d30e9ce
        d7a21cbc 290a733c 5b2349fe d6ffcab0 4ff5f267 98c04711 f8b748a6 9009d642
        beeab1b9 5342c39c 20c9fba1 5bb5566d 8781c860 acc4b972 270a8e1e a8b12ecd
        32a27857 b09cf895 bb438e8c 31866e53 0dc61205 ba416ea8 35300918 1d0261ff
        fdee35de 6ac33bd0 4d4b4e50 b256360c 445dda1a 652ae698 56a96333 2e04e7ae
        e8f48eb7 b2da7dc0 c8e2aea6 282fe3c9 73bdfc07 4134b7aa 6eeea7db d1933ced
        90ec3292 88d9c823 6c7421
      quit
    crypto isakmp identity hostname
    crypto isakmp enable outside
    crypto isakmp policy 10
    authentication pre-share
    encryption 3des
    hash sha
    group 2
    lifetime 86400
    crypto isakmp policy 30
    authentication pre-share
    encryption 3des
    hash sha
    group 1
    lifetime 86400
    telnet 0.0.0.0 0.0.0.0 inside
    telnet timeout 5
    ssh 187.187.1.41 255.255.255.255 inside
    ssh 187.187.1.72 255.255.255.255 inside
    ssh 187.187.77.81 255.255.255.255 inside
    ssh 187.187.10.19 255.255.255.255 inside
    ssh 187.187.10.229 255.255.255.255 inside
    ssh 187.187.160.7 255.255.255.255 inside
    ssh 187.187.1.41 255.255.255.255 outside
    ssh 187.187.1.72 255.255.255.255 outside
    ssh 187.187.77.81 255.255.255.255 outside
    ssh 187.187.10.19 255.255.255.255 outside
    ssh 187.187.10.229 255.255.255.255 outside
    ssh 187.187.160.7 255.255.255.255 outside
    ssh timeout 15
    console timeout 0
    vpdn group BT request dialout pppoe
    vpdn group BT localname B*******.btclick.com
    vpdn group BT ppp authentication chap
    vpdn username B*******@hg39.btclick.com password *********
    dhcpd auto_config outside
    threat-detection basic-threat
    threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    ssl trust-point ASDM_TrustPoint0 outside
    ssl trust-point ASDM_TrustPoint0 outside vpnlb-ip
    webvpn
    enable inside
    enable outside
    group-policy HHP_Remote_Access_1 internal
    group-policy HHP_Remote_Access_1 attributes
    wins-server value 192.168.168.2 192.168.168.2
    dns-server value 192.168.168.2 192.168.168.3
    vpn-tunnel-protocol IPSec
    split-tunnel-policy tunnelspecified
    split-tunnel-network-list value CNES_Support_splitTunnelAcl
    group-policy HHP_Remote_Access internal
    group-policy HHP_Remote_Access attributes
    wins-server value 192.168.168.2 192.168.168.2
    dns-server value 192.168.168.2 192.168.168.3
    vpn-tunnel-protocol IPSec
    split-tunnel-policy tunnelspecified
    split-tunnel-network-list value CNES_Support_splitTunnelAcl
    group-policy Omfax internal
    group-policy Omfax attributes
    wins-server value 192.168.168.2 192.168.168.3
    dns-server value 192.168.168.2 192.168.168.3
    vpn-tunnel-protocol IPSec webvpn
    webvpn
      svc ask none default webvpn
    group-policy MIS_1 internal
    group-policy MIS_1 attributes
    wins-server value 192.168.168.2 192.168.168.3
    dns-server value 192.168.168.2 192.168.168.3
    vpn-tunnel-protocol IPSec
    split-tunnel-policy tunnelspecified
    split-tunnel-network-list value MIS_splitTunnelAcl
    default-domain value hhp.com
    group-policy RemoteAccess internal
    group-policy RemoteAccess attributes
    wins-server value 192.168.168.2 192.168.168.3
    dns-server value 192.168.168.2 192.168.168.3
    vpn-tunnel-protocol IPSec
    split-tunnel-policy tunnelspecified
    split-tunnel-network-list value RemoteAccess_splitTunnelAcl
    group-policy CNES_Access internal
    group-policy CNES_Access attributes
    wins-server value 192.168.168.2 192.168.168.3
    dns-server value 192.168.168.2 192.168.168.3
    vpn-tunnel-protocol IPSec
    split-tunnel-policy tunnelspecified
    split-tunnel-network-list value CNES_Support_splitTunnelAcl
    group-policy HHP internal
    group-policy HHP attributes
    dhcp-network-scope none
    vpn-access-hours none
    vpn-idle-timeout none
    vpn-session-timeout none
    vpn-filter none
    vpn-tunnel-protocol IPSec webvpn
    password-storage disable
    ip-comp disable
    re-xauth disable
    group-lock none
    pfs disable
    ipsec-udp disable
    split-tunnel-policy tunnelall
    split-tunnel-network-list none
    split-dns none
    secure-unit-authentication disable
    user-authentication disable
    user-authentication-idle-timeout none
    ip-phone-bypass disable
    leap-bypass disable
    nem disable
    backup-servers keep-client-config
    client-firewall none
    webvpn
      url-list value Severs
      filter none
      homepage none
      port-forward disable
      http-proxy disable
      sso-server none
      svc dtls none
      svc keep-installer none
      svc rekey time none
      svc rekey method none
      svc dpd-interval client none
      svc dpd-interval gateway none
      svc compression none
      svc modules none
      svc profiles none
      svc ask none default webvpn
      customization none
      http-comp none
      user-storage none
      storage-key none
      hidden-shares none
      smart-tunnel disable
      activex-relay disable
      file-entry disable
      file-browsing disable
      url-entry disable
      deny-message none
    group-policy MIS internal
    group-policy MIS attributes
    wins-server value 192.168.168.2 192.168.168.3
    dns-server value 192.168.168.2 192.168.168.3
    vpn-tunnel-protocol IPSec
    split-tunnel-policy tunnelspecified
    split-tunnel-network-list value MIS_splitTunnelAcl
    username test password Kg/Rgy23do7gPGTv encrypted privilege 0
    username test attributes
    vpn-group-policy HHP_Remote_Access
    username catneil password yOgiHCGobUNIkjcN encrypted privilege 0
    username omfax password pvUaCLwilGmQVifd encrypted privilege 0
    username backup password IHQbl.JAoESlM9Jv encrypted privilege 0
    username misadmin password 8IZXmHa67HIJYHK1 encrypted
    username misadmin attributes
    service-type remote-access
    username gramor password ne829U0rGFVEedhY encrypted privilege 15
    username gramor attributes
    vpn-group-policy HHP_Remote_Access
    webvpn
      url-list value Severs
    username aim_user password 5OQaWCdB18qiHlOn encrypted privilege 0
    username aim_user attributes
    vpn-group-policy CNES_Support
    username katask password 2WsX.HoqKXuiqkDk encrypted privilege 0
    username katask attributes
    vpn-group-policy CNES_Support
    username janboyd password ZEUyykwzME6hII2i encrypted privilege 0
    username marmor password C5n48AiRLXwxAeBQ encrypted privilege 0
    username marste password amwTL584WdiT87Tb encrypted privilege 0
    username helmah password RvU8c.3w0H3/MJz4 encrypted privilege 0
    username anglea password wGlUJDBrmJI.uz./ encrypted privilege 0
    username anglea attributes
    vpn-group-policy CNES_Support
    username fiobuc password 5Uispw90wqvDYerQ encrypted privilege 0
    tunnel-group DefaultRAGroup general-attributes
    authentication-server-group HHP_1
    tunnel-group DefaultWEBVPNGroup general-attributes
    authentication-server-group HHP_1
    default-group-policy HHP
    tunnel-group DefaultWEBVPNGroup webvpn-attributes
    nbns-server 192.168.168.2 timeout 2 retry 2
    nbns-server 192.168.168.3 timeout 2 retry 2
    tunnel-group WebVPN type remote-access
    tunnel-group WebVPN general-attributes
    authentication-server-group HHP_3
    default-group-policy HHP
    username-from-certificate UID
    tunnel-group CNES_Access

  • ASA 5505 Connection Limit and TIME_WAIT Freezing Device

    My little ASA 5505 is working great and I am quite happy with the purchase now that I've solved a number of the issues we had, thank you all very much for the help.
    The next issue I have is rather annoying.  The device appears to be artificially crippled and limited to 10,000 connections.  This isn't a "CPU limit" it's just some fake limit in the device as far as I can tell.
    The problem we have is that we are only using around 500-600 connections and CPU usage is only like 25%, and yet the connection count is pegged at 10,000 and locks us out of our network.
    I am pretty sure this is because there are a lot of "dead" TIME_WAIT connections hanging around not being used.  In our application we only have the couple hundred connections but they do move around a bit every now and then.
    Is there anyway to get the device to ignore the "dead" connections and not count them towards the artificial limit on the device given that it's pretty clear the CPU / etc., is not utilized sufficiently.  These aren't real connections, we only have a couple 100 established, they do just move around a bit however.
    We are really only using 500-700 connections according to our servers, the others are just sitting in TIME_WAIT doing nothing.
    Anyone had this issue before or can offer solutions or workarounds?

    Hello,
    Have you checked the output of 'show conn' and 'show local-host' at a time when the connection count is maxed out? If the ASA is not removing idle connections, you should open a TAC case to have this investigated. Otherwise, the above commands should show you which hosts are maxing out the connections and you can take steps to remediate those problem hosts.
    -Mike

  • Intel MacBook Connecting to Linksys Router

    Hey Discussions,
    I'm getting ready to purchase a MacBook. Currently, my setup is a G4 Mac mini that is wirelessly connected to a Belkin repeater (which is repeating the signal of a Linksys router). I've heard rumblings that Linksys routers are being funny with the new Intel processors. Now, since I do have that repeater and since the repeater creates a new wireless network in addition to the weaker Linksys one in my present location, would I have any problems getting the MacBook to connect to either of the wireless networks? This sounds like a problem that will have to be solved by experience.
    Thanks!
    -Mateo

    Hmmm...I hope it will be simple. But I don't know if the fact that I have that repeater creating an entirely new network will be to my advantage or disadvantage. I guess we'll find that out on Friday!

  • Airport will not connect to Linksys router after iDisk sync force quit

    Hi,
    Hoping someone can help me here, kinda at my wits end.
    A week ago I was video ichatting and restarted my MacBook because the video feed was sluggish. I thought a restart would help.
    Unknown to me was that my iDisk was syncing. I recieved an warning dialogue box and was given the option of canceling the restart or force quitting the iDisk sync. I choose to force quit and proceed with the restart. After choosing to continue with the force quit I received an error message, it had the phrase "Mirror Agent" in it, and then my MacPro restarted.
    Since that first restart, I have not been able to connect, using Airport, to my Linksys Wireless router (model # WRT54 GX4).
    This is where it gets strange. Airport sees the router, displays a signal strength, shows up on my list of perfered networks...it displays all of the signs of a fully connected router but when I try to access the web, check mail or use iChat I cannot because Safari, Mail and iChat tell me that I am not connected to the internet.
    When I ran the network dianogistic tool, it first asked me why I would want to run it because it thought I was already connected. After running the tool it still came back with the same results, I was connect to the internet. But I still couldn't launch Safari, it just hung.
    This is where it gets really wierd. My wife, she's on a HP, can connect, using her built-in wireless card. Even after changing the Firmware on the Linksys router, her pc can still connect.
    And here's the icing on the cake. There are some unprotected wireless networks on my street. I can connected to those but not my own! Something has to be blocking the signal between my AirPort card and the Linksys router. Does that make sense?
    And if there is one saving grace to all of this, I still can connect to the web using the built-in Ethernet.
    Here's what I have tried:
    Removed Perfered Network, restarted MAC, added network back, still no connectivity.
    Removed security (was using WPA/WPA2) from the router still no connectivity.
    Removed Airport Keychain, restarted MAC, added router back, still no connectivity.
    Repaired the permissions on my HD, someone at work told me to try that, still no connectivity.
    Updated firmware to Linksys router to version 1.00.20, no connectivity.
    Rebooted Linksys router and cable modem, still no connectivity.
    Thank you to all in advance for reading my rambling note and forgiving my poor spelling (it is way past my bedtime and the keys are really blurry). I am still very new to Mac's and appreiciate any help that you can provide.
    Cheers,
    Alan
    [email protected]

    Sounds like you have two wireless networks on the same channel.
    Change the channel on the Airport Express.
    iFelix

  • G4 iMac w/ethernet connection to Linksys router - not happening.

    Hi,
    My main goal is to provide wireless service to a new Toshiba notebook. I haven't been able to do that completely.
    I bought a Linksys WRT54G broadband router in order to connect to my Westell Wirespeed modem (Verizon dsl service) and subsequently connect (via ethernet cable because I don't have an airport card ) my G4 iMac to the router and transmit signal to the new notebook from the router. My iMac has always had connection when connected to the Westell modem but it now won't connect when wired to the Linksys router. Is it a compatibility issue between the iMac and the Linksys router? Or something else?
    This is the way the Linksys instructions say to connect everything. I have tried many times to restart, power down, power up all the components.
    Thank you.
    vanessa_b

    Nevermind. When in doubt, call technical service...that's my new motto!

  • Can I connect another Linksys router to my current Linksys router?

    Hello everybody,
    I have 3 computers in my house. One computer which is used by my brother and he downloads a ton of porn, music, and opens a lot of ports for online gaming. Needless to say he is a very high risk user. I would like to isolate his computer from mine and my sisters.
    Can I use two seperate routers? One router which he connects to and my sister and I connect to the other router. Will this prevent any possible file sharing between my computer and my brothers? Is this a safe way to isolate my computer from his? Please let me know how I can do this. Thanks a lot!!!

    yes it is possible.
    Here's what you do:
    1. connect your computer to the new router (your router) to the regular port/s 1,2,3,4.
    2. Access the set up page of the router (at this point there is no internet connection)>> click start, click run typed in the run field http://192.168.1.1 and enter
    3. Leave the username blank and password is admin for the router (unless you changed it)
    4. On the set up page>>> you'll see there local ip address on boxes 192.168.1.1>> change it to 192.168.2.1, then save settings and power cycle your router.
    5. Connect now your router to his router>> to do this, run a cable from the regular port of his router to the "internet or WAN port" on your router. Reboot your computer and your router.
    ** on this way his computer should not be able to talk to your computers coz of the different IP address range**

  • Cisco asa 5505 with Router 881w Configuration Help

    Hello all,
    I'm having trouble setting up a second vlan to route to the internet. I have a Cisco ASA 5505 connected to my ISP(OUTSIDE) and a Cisco 881w (INSIDE) router in the back of my firewall. My vlan 10 with the network 192.168.5.1 255.255.255.0 works with pat, however vlan 15 that is on my 881w router does not route to the internet at all. I can only ping from 192.168.15.15 network to 192.168.5.1 I would like some advice on how can I make this set up work. Attached with this discussion is a picture of my topology.
    Thanks in advance.
    here are the show runs:
    Cisco ASA 5505 show run:
    ASA Version 8.3(1)
    names
    interface Vlan1
     no nameif
     no security-level
     no ip address
    interface Vlan5
     mac-address xxxx.xxxx.xxxx
     nameif OUTSIDE
     security-level 0
     ip address dhcp setroute
    interface Vlan10
     nameif INSIDE
     security-level 100
     ip address 192.168.5.1 255.255.255.0
    interface Ethernet0/0
     switchport access vlan 5
    interface Ethernet0/1
     switchport access vlan 10
    interface Ethernet0/2
    interface Ethernet0/3
     shutdown
    interface Ethernet0/4
     shutdown
    interface Ethernet0/5
     shutdown
    interface Ethernet0/6
     shutdown
    interface Ethernet0/7
     shutdown
    ftp mode passive
    clock timezone CST -6
    clock summer-time CDT recurring
    object network INTERNAL_LAN
     subnet 192.168.5.0 255.255.255.0
    object network PRIVATE_LAN_192
     subnet 192.168.15.0 255.255.255.224
     description PRIVATE_LAN_192
    access-list INSIDE_access_in extended permit ip any any
    access-list INSIDE_access_in extended deny ip any any
    access-list OUTSIDE_access_in extended permit ip any any
    access-list OUTSIDE_access_in extended deny ip any any
    pager lines 24
    logging enable
    mtu OUTSIDE 1500
    mtu INSIDE 1500
    ip verify reverse-path interface OUTSIDE
    ip verify reverse-path interface INSIDE
    no failover
    icmp unreachable rate-limit 1 burst-size 1
    no asdm history enable
    arp timeout 14400
    object network INTERNAL_LAN
     nat (INSIDE,OUTSIDE) dynamic interface
    object network PRIVATE_LAN_192
     nat (INSIDE,OUTSIDE) dynamic interface
    access-group OUTSIDE_access_in in interface OUTSIDE
    access-group INSIDE_access_in in interface INSIDE
    route INSIDE 192.168.15.0 255.255.255.224 192.168.5.2 1
    dynamic-access-policy-record DfltAccessPolicy
    http server enable
    dhcpd dns 8.8.8.8 75.75.76.76
    dhcpd address 192.168.5.10-192.168.5.100 INSIDE
    dhcpd enable INSIDE
    Router 881w show run:
    Current configuration : 4912 bytes
    version 12.4
    no ip source-route
    ip dhcp excluded-address 192.168.15.1 192.168.15.10
    ip dhcp pool PRIVATE_LAN
       network 192.168.15.0 255.255.255.224
    interface FastEthernet0
     switchport trunk allowed vlan 1,15,1002-1005
     switchport mode trunk
    interface FastEthernet1
    interface FastEthernet2
    interface FastEthernet3
    interface FastEthernet4
     ip address 192.168.5.2 255.255.255.0
     duplex auto
     speed auto
    interface wlan-ap0
     description Service module interface to manage the embedded AP
     no ip address
     arp timeout 0
    interface Wlan-GigabitEthernet0
     description Internal switch interface connecting to the embedded AP
    interface Vlan1
     no ip address
    interface Vlan15
     ip address 192.168.15.1 255.255.255.224
    no ip forward-protocol nd
    ip route 0.0.0.0 0.0.0.0 FastEthernet4
    no ip http server
    ip http authentication local
    ip http secure-server

    The cable modem does not have any configuration. I cant add any to it. Its a cisco dpc3008. From vlan 10 i have no problem to get to the internet with the above  configuration. My problem is just vlan 15.

  • Cisco ASA 5505 - 2 questions - VPN Licensing; Routing

    Hi,
    I have a client that has a Cisco ASA 5505 security appliance.  Currently it is setup as a "proof of concept" for clientless browser-based SSL VPN.  The device came with 2 licenses for this service, and we need to increase that somewhere between 10-25 users.  25 users is the max on this device I believe.
    I have searched Cisco.com and tried Googling the ASA 5505 for licensing but I can't find the correct license that I need for this.
    The second question I have is routing capability.  We have a WAN connection to another branch of the computer from this location where the ASA 5505 is located.  A Cisco 2851 is used for this connection.  We are wanting to bring in a high speed Internet connection for the VPN access and Internet access.  What I need to know is can we put the WAN and Internet connections behind the ASA 5505 and have that route appropriately to the branch WAN for that traffic and all other traffic to the Internet?
    Thanks!
    --Kent

    Hi Kent,
    Thank you for your question.  This community is for Cisco Small Business products and your question is in reference to a Cisco Elite/Classic product.  Please post your question in the Cisco NetPro forums located here: http://forums.cisco.com/eforum/servlet/NetProf?page=main (http://forums.cisco.com/eforum/servlet/NetProf?page=main) This forum has subject matter experts on Cisco Elite/Classic products that may be able to answer your question.
    Regards,
    David Dunlap
    SBSC Engineer

  • Cisco ASA 5505 - outside can't DHPC as router use same range

    Hi
    Im new to the ASA and is trying to setup at test net. The ASA is connected to my router on port zero using DHPC.
    (Or i guess its not as the router use the same ip range as ASA does inside).
    I tried to set a static IP in the same range (eg. 192.168.1.20) but then get the message "cannot overlap with the subnet of interface inside".
    So I belive that is why it dont get a IP from my router - it does show up in the router DHPC table as 192.168.1.5 but ASDM home says outside "no IP address".
    I tried to change the inside range of the ASA but if I change the inside IP i loose connection.
    (Had to restore factory-default useing the console).
    I guess I could setup another range using the console, but how?
    How can I setup this test net?

    If I need to save I did not. (I have not used the console before).
    Found the: "write memory" and reload command.
    I cant connect to the asa using ADSM-IDM Launcher (from PC connected to the inside lan).
    It seems that the asa DHPC server does not work.
    And: show running-config
    ciscoasa# show running-config
    : Saved
    ASA Version 8.2(5)
    hostname ciscoasa
    enable password 8Ry2YjIyt7RRXU24 encrypted
    passwd 2KFQnbNIdI.2KYOU encrypted
    names
    interface Ethernet0/0
    switchport access vlan 2
    interface Ethernet0/1
    interface Ethernet0/2
    interface Ethernet0/3
    interface Ethernet0/4
    interface Ethernet0/5
    interface Ethernet0/6
    interface Ethernet0/7
    interface Vlan1
    nameif inside
    security-level 100
    ip address 192.168.2.1 255.255.255.0
    interface Vlan2
    nameif outside
    security-level 0
    no ip address
    ftp mode passive
    pager lines 24
    logging asdm informational
    mtu inside 1500
    mtu outside 1500
    icmp unreachable rate-limit 1 burst-size 1
    no asdm history enable
    arp timeout 14400
    global (outside) 1 interface
    nat (inside) 1 0.0.0.0 0.0.0.0
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    timeout floating-conn 0:00:00
    dynamic-access-policy-record DfltAccessPolicy
    http server enable
    http 192.168.1.0 255.255.255.0 inside
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    crypto ipsec security-association lifetime seconds 28800
    crypto ipsec security-association lifetime kilobytes 4608000
    telnet timeout 5
    ssh timeout 5
    console timeout 0
    dhcp-client client-id interface outside
    dhcpd auto_config outside
    threat-detection basic-threat
    threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    webvpn
    class-map inspection_default
    match default-inspection-traffic
    policy-map type inspect dns preset_dns_map
    parameters
      message-length maximum client auto
      message-length maximum 512
    policy-map global_policy
    class inspection_default
      inspect dns preset_dns_map
      inspect ftp
      inspect h323 h225
      inspect h323 ras
      inspect rsh
      inspect rtsp
      inspect esmtp
      inspect sqlnet
      inspect skinny 
      inspect sunrpc
      inspect xdmcp
      inspect sip 
      inspect netbios
      inspect tftp
      inspect ip-options
    service-policy global_policy global
    prompt hostname context
    no call-home reporting anonymous
    Cryptochecksum:5085ad55b43198c7490b2edfee450906
    : end

  • Cisco ASA 5505 - Can't Login from Public & Local IP Anymore!

    Hello,
    We've a Cisco ASA 5505 connected directly to Verizon FiOS Circuit (ONT) box using Ethernet cable. As per the existing documention that I have, the previous configured this as a dedicated router to establish a seperate VPN connection our software provider. They assigned both Public Static and Local Static IP address. When I try to ping the public IP address, it says request time out; so the public IP address is no longer working.
    When I ping the local IP address of 192.168.100.11, it responds. The SolarWind tool also shows Always UP signal. How can I login into this router either from remotely or locally to check the configuration, backup and do the fimrware upgrade?
    I also tried to connect my laptop directly to the ASA 5505 router LAN port. After 3 minutes, I'm able to connect to Internet without any issues. However I don't know the IP address to use to login.
    Any advice would be greatly appreciated. Thank you.
    UPDATE: I'm able to find the way! I need to use https to login! I'm able to download ASDM tool and login! Thanks to these resources:
    http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008067e9f9.shtml
    http://cyruslab.wordpress.com/2010/09/09/how-to-download-asdm-from-asa5505-and-install-it/

    Hi Srinath,
    If that ASA5505 has factory-default configuration on it , then it probably has 192.168.1.1 ip address on the LAN side and has got dhcp server turned on to provide you ip address dynamically the moment you hook up a machine to it directly or through a switch.
    If you've access to ASDM.
    You can go the Configuration Tab>>Device Management>>Device Access and turn on the SSH & Telnet from the LAN interface because by default only HTTPS/ASDM is enabled on LAN interface.
    You will still need to generate crypto keys and create a username in order to get ssh working
    For this you can click at the TOP at TOOLS>> Command Line Interface.
    And in the box below type this
    crypto key generate rsa modulus 1024
    add a username
    username <> password <> priv 15
    and enable aaa authentication for ssh like this
    aaa authentication ssh console LOCAL
    Let me know if this helps.
    Puneet

  • I have an Officejet 8500a Plus, but he can't find my Linksys Router

    I just bought an Officejet 8500a Plus printer,
    It can't find my Linksys router (WPA), all the other networks in this area are visible except our Linksys Router, with WPA security.
    Tried to configure it with the software, connect the printer with USB, and tried to connect the linksys router, it say's: You're out of range of your wifi acces point(something like that)
    HELP?
    This question was solved.
    View Solution.

    Here are a few tips:
    1. Make sure 802.11g is present.  Other wireless modes (like 802.11n) are OK, but g must be present.
    2. Broadcast your SSID and do not use MAC filtering.
    3. Make sure your router has the latest firmware.
    Say thanks by clicking "Kudos" "thumbs up" in the post that helped you.
    I am employed by HP

  • DSL Modem + Linksys Router

    Hello
    I have DSL Modem connected with linksys router and linksys router is connected with normal switch all our workstations are directly connected with switch. now let me tell you the configuration also.
    DSL MODEM
    ISP DEDICATED IP : ***.***.**.**
    LOCAL IP : 192.168.1.1
    DHCP ENABLED
    LINKSYSROUTER
    DHCP ENABLED
    LOCAL IP: 192.168.2.1
    LINK IP: 192.168.1.5 (Assigned by DSL MODEM DHCP)
    DNS: Assigned by DSL Modem
    WORKSTATION
    LOCAL IP: Assigned by Linksys router for e.g 192.168.2.100
    Now my problem is that after every one hour we get disconnect from the router when we ping the router 192.168.2.1 from workstation it says "Request timed out" and when we give a power cycle to router its repling by ping command, I am also using WLAN on this router.

    Why so difficult?
    DSL MODEM
    ISP DEDICATED IP : ***.***.**.**
    LOCAL IP : 192.168.1.1
    DHCP ENABLED
    set dhcp range from .50 to .200
    LINKSYSROUTER
    DHCP disabled
    LOCAL IP: 192.168.1.2
    LINK IP: not used, only use the router side(wan=empty)
    DNS: fixed to 192.168.1.1
    WORKSTATION
    LOCAL IP: Assigned by DSL for e.g 192.168.1.50...200
    You might need to add a static LAN route on the linksys like
    192.168.1.0 -> 192.168.1.1 (mask 255.255.255.0)
    Message Edited by linkwpw on 04-09-200704:57 AM

Maybe you are looking for

  • Add redirect to Submit button on PDF Form

    I need someone that knows javascript to help me out!  I have saved the FormsCentral PDF Form locally and opened it up with Acrobat Pro XI, saved it as a copy, and then opened the new document in Acrobat Pro XI.  I am able to see the javascript that t

  • Ghost image of a video embedded in a tabbed panel (preview mode)

    What am I doing wrong? Am using a tabbed Widget (3 tabs): the first tab with a picture gallery widget (simplest form). Tabs 2 and 3 with 1 HTML embedded youTube video on each tabbed panel.  Everything was coming together great and when I previewed th

  • 'Change' authorization when manager raises SC as a requisitionar.

    Hello, First let me explain the regular functionality. When a requisitionar (with role SAP_BBP_STAL_EMPLOYEE) orders the shopping cart and the same is gone to manager ( with role SAP_BBP_STAL_MANAGER), the manager can change but employee can not. i.e

  • ApplicationStorageDirectory files not loading on iOS

    Hi All, I'm building a game and I have a persistance manager class that manages loading/saving my players game state to the File.applicationStorageDirectory. I am able to save my player's game to the applicationStorageDirectory, but when I try to loa

  • To De-interlace, or Not to De-interlace?

    Okay, I'm just now starting to understand what 720p is and 1080i is. I mean, I knew what it meant, but now I really understand. Progressive, and Interlaced. So my question is this. I have analog video I captured from old home videos from 8mm and VHS