ASA 5505 VPN clients can't ping router or other clients on network
I have a ASA5505 and it has a vpn set up. The VPN user connects using the Cisco VPN client. They can connect fine (the get an ip address from the ASA), but they can't ping the asa or any clients on the network. Here is the running config:
Result of the command: "show running-config"
: Saved
ASA Version 7.2(4)
hostname ASA
domain-name default.domain.invalid
enable password kdnFT44SJ1UFX5Us encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
name 10.0.0.4 Server
interface Vlan1
nameif inside
security-level 100
ip address 10.0.0.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
ftp mode passive
clock timezone MST -7
clock summer-time MDT recurring
dns domain-lookup inside
dns domain-lookup outside
dns server-group DefaultDNS
domain-name default.domain.invalid
access-list vpn_splitTunnelAcl standard permit any
access-list inside_nat0_outbound extended permit ip any 10.0.0.192 255.255.255.192
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool VPNpool 10.0.0.220-10.0.0.240 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-524.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp interface smtp Server smtp netmask 255.255.255.255
static (inside,outside) tcp interface pop3 Server pop3 netmask 255.255.255.255
static (inside,outside) tcp interface www Server www netmask 255.255.255.255
static (inside,outside) tcp interface https Server https netmask 255.255.255.255
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
http server enable 480
http 10.0.0.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 set pfs group1
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
group-policy vpn internal
group-policy vpn attributes
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value vpn_splitTunnelAcl
username admin password wwYXKJulWcFrrhXN encrypted privilege 15
username VPNuser password fRPIQoKPyxym36g7 encrypted privilege 15
username VPNuser attributes
vpn-group-policy vpn
tunnel-group vpn type ipsec-ra
tunnel-group vpn general-attributes
address-pool VPNpool
default-group-policy vpn
tunnel-group vpn ipsec-attributes
pre-shared-key *
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
service-policy global_policy global
prompt hostname context
Cryptochecksum:df7d1e4f34ee0e155cebe86465f367f5
: end
Any ideas what I need to add to get the vpn client to be able to ping the router and clients?
Thanks.
I tried that and it didn't work. As for upgrading the ASA version, I'd like to but this is an old router and I don't have a support contract with Cisco anymore, so I can't access the latest firmware.
here is the runnign config again:
Result of the command: "show startup-config"
: Saved
: Written by enable_15 at 01:48:37.789 MDT Wed Jun 20 2012
ASA Version 7.2(4)
hostname ASA
domain-name default.domain.invalid
enable password kdnFT44SJ1UFX5Us encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
name 10.0.0.4 Server
interface Vlan1
nameif inside
security-level 100
ip address 10.0.0.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
ftp mode passive
clock timezone MST -7
clock summer-time MDT recurring
dns domain-lookup inside
dns domain-lookup outside
dns server-group DefaultDNS
domain-name default.domain.invalid
access-list vpn_splitTunnelAcl standard permit any
access-list inside_nat0_outbound extended permit ip any 10.0.0.192 255.255.255.192
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool VPNpool 10.0.0.220-10.0.0.240 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-524.bin
asdm location Server 255.255.255.255 inside
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp interface smtp Server smtp netmask 255.255.255.255
static (inside,outside) tcp interface pop3 Server pop3 netmask 255.255.255.255
static (inside,outside) tcp interface www Server www netmask 255.255.255.255
static (inside,outside) tcp interface https Server https netmask 255.255.255.255
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
http server enable 480
http 10.0.0.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 set pfs group1
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
group-policy vpn internal
group-policy vpn attributes
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value vpn_splitTunnelAcl
username admin password wwYXKJulWcFrrhXN encrypted privilege 15
username VPNuser password fRPIQoKPyxym36g7 encrypted privilege 15
username VPNuser attributes
vpn-group-policy vpn
tunnel-group vpn type ipsec-ra
tunnel-group vpn general-attributes
address-pool VPNpool
default-group-policy vpn
tunnel-group vpn ipsec-attributes
pre-shared-key *
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect icmp
service-policy global_policy global
prompt hostname context
Cryptochecksum:78864f4099f215f4ebdd710051bdb493
Similar Messages
-
Quickvpn / client to gateway vpn rv042 can only ping router
I am setting up remote access using an RV042 router. Using quickvpn or a client-to gateway vpn and shrewsoft client, I can only access/ping the LAN side of the remote router and one machine on the remote network. The PPTP server and native Windows 7 connection provide access to all machines on the remote network.
I have 2 possible reasons for this and would like to find the real reason:
1) The remote RV042 is behind another router, and that router restricts access other than the PPTP traffic.
2) The VPN tunnels other than PPTP only allow access to the remote LAN side of the router and remote machines that have the remote router defined as their gateway in the IP configuration.
Any ideas?I've narrowed the problem down to option 2 above. If I change the gateway of a LAN resource to point to the LAN side of the router, it can be accessed through the VPN tunnel.
I haven't had time to see if adding routing entries can fix this problem. Any suggestions will be appreciated.
Also, I would appreciate an explanation of why the PPTP connection works. I will research this myself (eventually) but am already backed up with other projects.. -
ASA 5505 & VPN Client will not access remote lan
I have an ASA 5505 that is on the parimeter of a hub & spoke vpn network, when I connect to this device using the VPN client I can connect to any device accross the VPN ifrastructure with the exception of the subnet that the client is connected to, for instance:
VPN client internal network connects to 192.168.113.0 /24 and is issued that ip address 192.168.113.200, the VPN client can be pinged from another device in this network however the client cannot access anyting on this subnet, all other sites can be accesed ie. main site 192.168.16.0/24, second site 192.168.110/24 and third site 192.168.112/24. The ACL Manager has a single entry of "Source 192.168.113.0/24 Destination 192.168.0.0/16 and the "Standared ACL 192.168.8.8./16 permit.
What am I doing wrong?Thanks for getting back to me, I have carried out the steps as instructed, one interesting point is that the IP address that was issued to the VPN Client 192.168.113.200 does not appear in the output.
Result of the command: "show run all sysopt"
no sysopt connection timewait
sysopt connection tcpmss 1380
sysopt connection tcpmss minimum 0
sysopt connection permit-vpn
sysopt connection reclassify-vpn
no sysopt connection preserve-vpn-flows
no sysopt radius ignore-secret
no sysopt noproxyarp inside
no sysopt noproxyarp outside
========================================================================
Result of the command: "show capture drop"
3862 packets captured
1: 16:20:12.552675 eb4f.1df5.0453 1503.0100.16d1 0x97da 27: Drop-reason: (np-socket-closed) Dropped pending packets in a closed socket
2: 16:20:12.565980 802.1Q vlan#1 P0 192.168.113.2.1351 > 192.168.113.1.443: F 344642397:344642397(0) ack 2841808872 win 64834 Drop-reason: (tcp-not-syn) First TCP packet not SYN
3: 16:20:18.108469 df4c.9238.6de4 1503.0100.1615 0x80e6 27: Drop-reason: (np-socket-closed) Dropped pending packets in a closed socket
4: 16:20:49.326505 802.1Q vlan#1 P0 802.3 encap packet
5: 16:20:50.326582 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000 Drop-reason: (l2_acl) FP L2 rule drop
6: 16:20:51.326643 802.1Q vlan#1 P0 802.3 encap packet Drop-reason: (l2_acl) FP L2 rule drop
7: 16:20:52.326734 802.1Q vlan#1 P0 802.3 encap packet Drop-reason: (l2_acl) FP L2 rule drop
8: 16:20:53.326780 802.1Q vlan#1 P0 802.3 encap packet Drop-reason: (l2_acl) FP L2 rule drop
9: 16:20:54.326811 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000
10: 16:20:55.326933 802.1Q vlan#1 P0 802.3 encap packet Drop-reason: (l2_acl) FP L2 rule drop
11: 16:20:56.327024 802.1Q vlan#1 P0 802.3 encap packet
12: 16:20:57.327116 802.1Q vlan#1 P0 802.3 encap packet Drop-reason: (l2_acl) FP L2 rule drop
13: 16:20:58.327131 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000 Drop-reason: (l2_acl) FP L2 rule drop
14: 16:20:59.327207 802.1Q vlan#1 P0 802.3 encap packet
15: 16:21:00.327253 802.1Q vlan#1 P0 802.3 encap packet
16: 16:21:46.298202 802.1Q vlan#2 P0 188.47.231.204.4804 > x.x.x.x: S 1269179881:1269179881(0) win 65535 Drop-reason: (acl-drop) Flow is denied by configured rule
17: 16:21:49.249971 802.1Q vlan#2 P0 188.47.231.204.4804 >x.x.x.x: S 1269179881:1269179881(0) win 65535 Drop-reason: (acl-drop) Flow is denied by configured rule
18: 16:22:01.331449 802.1Q vlan#1 P0 802.3 encap packet Drop-reason: (l2_acl) FP L2 rule drop
19: 16:22:02.331541 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000 Drop-reason: (l2_acl) FP L2 rule drop
20: 16:22:02.847002 802.1Q vlan#1 P0 192.168.113.102.3601 > 192.168.16.7.389: . ack 776344922 win 0 Drop-reason: (tcp-3whs-failed) TCP failed 3 way handshake
21: 16:22:03.331617 802.1Q vlan#1 P0 802.3 encap packet
22: 16:22:04.331693 802.1Q vlan#1 P0 802.3 encap packet Drop-reason: (l2_acl) FP L2 rule drop
23: 16:22:05.331769 802.1Q vlan#1 P0 802.3 encap packet Drop-reason: (l2_acl) FP L2 rule drop
24: 16:22:06.331830 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000
25: 16:22:07.331907 802.1Q vlan#1 P0 802.3 encap packet Drop-reason: (l2_acl) FP L2 rule drop
26: 16:22:08.331937 802.1Q vlan#1 P0 802.3 encap packet
27: 16:22:09.332029 802.1Q vlan#1 P0 802.3 encap packet
28: 16:22:10.332075 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000
29: 16:22:11.332136 802.1Q vlan#1 P0 802.3 encap packet
30: 16:22:12.332258 802.1Q vlan#1 P0 802.3 encap packet Drop-reason: (l2_acl) FP L2 rule drop
31: 16:22:24.346081 802.1Q vlan#2 P0 46.108.60.22.80 > x.x.x.x: S 3922541222:3922541222(0) ack 1002562688 win 8192 Drop-reason: (sp-security-failed) Slowpath security checks failed
32: 16:22:30.981119 802.1Q vlan#1 P0 192.168.113.102.3597 > 192.168.16.7.135: . ack 2880086683 win 0 Drop-reason: (tcp-3whs-failed) TCP failed 3 way handshake
33: 16:22:33.120583 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 209 Drop-reason: (sp-security-failed) Slowpath security checks failed
34: 16:22:55.556016 802.1Q vlan#1 P0 192.168.113.103.56162 > 192.168.16.6.135: . ack 1318982887 win 0 Drop-reason: (tcp-3whs-failed) TCP failed 3 way handshake
35: 16:23:13.102671 802.1Q vlan#2 P0 192.168.16.24.2222 > 192.168.113.2.1358: . ack 965718404 win 65103
36: 16:23:13.336423 802.1Q vlan#1 P0 802.3 encap packet Drop-reason: (l2_acl) FP L2 rule drop
37: 16:23:14.336515 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000 Drop-reason: (l2_acl) FP L2 rule drop
38: 16:23:15.336591 802.1Q vlan#1 P0 802.3 encap packet Drop-reason: (l2_acl) FP L2 rule drop
39: 16:23:16.336621 802.1Q vlan#1 P0 802.3 encap packet Drop-reason: (l2_acl) FP L2 rule drop
40: 16:23:17.336698 802.1Q vlan#1 P0 802.3 encap packet Drop-reason: (l2_acl) FP L2 rule drop
41: 16:23:18.336774 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000 Drop-reason: (l2_acl) FP L2 rule drop
42: 16:23:19.336850 802.1Q vlan#1 P0 802.3 encap packet Drop-reason: (l2_acl) FP L2 rule drop
43: 16:23:20.336911 802.1Q vlan#1 P0 802.3 encap packet Drop-reason: (l2_acl) FP L2 rule drop
44: 16:23:21.337033 802.1Q vlan#1 P0 802.3 encap packet Drop-reason: (l2_acl) FP L2 rule drop
45: 16:23:22.337033 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000 Drop-reason: (l2_acl) FP L2 rule drop
46: 16:23:23.337125 802.1Q vlan#1 P0 802.3 encap packet Drop-reason: (l2_acl) FP L2 rule drop
47: 16:23:24.337156 802.1Q vlan#1 P0 802.3 encap packet Drop-reason: (l2_acl) FP L2 rule drop
48: 16:23:25.838900 788c.24f4.af1e 1503.0100.1644 0x6336 27:
49: 16:23:25.902602 802.1Q vlan#1 P0 192.168.113.2.1360 > 192.168.113.1.443: F 1261179433:1261179433(0) ack 346419241 win 65535 Drop-reason: (tcp-not-syn) First TCP packet not SYN
50: 16:23:26.172491 8aa9.7eaf.b518 1503.0100.162a 0xcc22 27:
51: 16:23:26.183858 802.1Q vlan#1 P0 192.168.113.2.1361 > 192.168.113.1.443: F 3073385160:3073385160(0) ack 330255452 win 65535
52: 16:23:26.411447 ac6e.3686.6139 1503.0100.16aa 0x15c4 27:
53: 16:23:26.412225 802.1Q vlan#1 P0 192.168.113.2.1362 > 192.168.113.1.443: F 3114673537:3114673537(0) ack 2528250261 win 65535
54: 16:23:54.887695 802.1Q vlan#1 P0 192.168.113.100.53324 > 192.168.16.5.1433: . ack 2023126490 win 0
55: 16:23:55.944577 802.1Q vlan#1 P0 192.168.113.100.53325 > 192.168.16.5.1433: . ack 94487779 win 0
56: 16:23:58.797871 802.1Q vlan#1 P0 192.168.113.2.1364 > 192.168.113.1.443: F 1356011818:1356011818(0) ack 2268294164 win 64505
57: 16:23:58.799153 580a.0f16.0e1a 1503.0100.1625 0x6642 27:
58: 16:24:12.472265 802.1Q vlan#1 P0 192.168.113.2.1366 > 192.168.113.1.443: F 2587530253:2587530253(0) ack 997846426 win 64501
59: 16:24:12.473059 c38c.f9d3.267b 1503.0100.16c9 0xe516 27:
60: 16:24:20.997476 802.1Q vlan#2 P0 192.168.16.7.1025 > 192.168.113.100.53333: . ack 3487921852 win 64975
61: 16:24:25.341443 802.1Q vlan#1 P0 802.3 encap packet
62: 16:24:26.341443 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000
63: 16:24:27.341535 802.1Q vlan#1 P0 802.3 encap packet
64: 16:24:28.341565 802.1Q vlan#1 P0 802.3 encap packet
65: 16:24:29.341687 802.1Q vlan#1 P0 802.3 encap packet
66: 16:24:30.341748 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000
67: 16:24:31.341779 802.1Q vlan#1 P0 802.3 encap packet
68: 16:24:31.744285 802.1Q vlan#2 P0 192.168.16.6.88 > 192.168.113.103.56171: . ack 712258524 win 65535
69: 16:24:32.341870 802.1Q vlan#1 P0 802.3 encap packet
70: 16:24:33.209385 802.1Q vlan#1 P0 192.168.113.103.56173 > 192.168.16.6.389: . ack 154944525 win 0
71: 16:24:33.341916 802.1Q vlan#1 P0 802.3 encap packet
72: 16:24:34.341962 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000
73: 16:24:35.342084 802.1Q vlan#1 P0 802.3 encap packet
74: 16:24:36.342160 802.1Q vlan#1 P0 802.3 encap packet
75: 16:24:46.196843 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 218
76: 16:24:47.981196 802.1Q vlan#1 P0 192.168.113.101.138 > 192.168.113.255.138: udp 214
77: 16:25:24.513370 802.1Q vlan#1 P0 192.168.113.2.1370 > 192.168.113.1.443: F 2400826:2400826(0) ack 249202338 win 64383
78: 16:25:24.514377 8684.9fef.d151 1503.0100.1680 0xdf2e 27:
79: 16:25:37.346326 802.1Q vlan#1 P0 802.3 encap packet
80: 16:25:38.346417 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000
81: 16:25:39.230350 802.1Q vlan#1 P0 192.168.113.100.53340 > 192.168.16.6.135: . ack 188710898 win 0
82: 16:25:39.230395 802.1Q vlan#1 P0 192.168.113.100.53341 > 192.168.16.7.135: . ack 2767236437 win 0
83: 16:25:39.232257 802.1Q vlan#1 P0 192.168.113.100.53343 > 192.168.16.7.1025: . ack 689444713 win 0
84: 16:25:39.346478 802.1Q vlan#1 P0 802.3 encap packet
85: 16:25:40.346509 802.1Q vlan#1 P0 802.3 encap packet
86: 16:25:41.346631 802.1Q vlan#1 P0 802.3 encap packet
87: 16:25:42.346661 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000
88: 16:25:43.346738 802.1Q vlan#1 P0 802.3 encap packet
89: 16:25:44.346844 802.1Q vlan#1 P0 802.3 encap packet
90: 16:25:45.346936 802.1Q vlan#1 P0 802.3 encap packet
91: 16:25:46.346936 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000
92: 16:25:47.347043 802.1Q vlan#1 P0 802.3 encap packet
93: 16:25:48.347119 802.1Q vlan#1 P0 802.3 encap packet
94: 16:25:59.497197 802.1Q vlan#1 P0 192.168.113.100.53350 > 192.168.16.8.1168: . ack 1640347657 win 0
95: 16:26:09.189016 802.1Q vlan#2 P0 112.204.234.145.39894 >x.x.x.x.5900: S 3415732392:3415732392(0) win 65535
96: 16:26:09.192906 802.1Q vlan#2 P0 112.204.234.145.39893 > x.x.x.x.5900: S 4277351748:4277351748(0) win 65535
97: 16:26:09.415917 802.1Q vlan#2 P0 112.204.234.145.39902 > x.x.x.x.5900: S 2622006339:2622006339(0) win 65535
98: 16:26:12.062389 802.1Q vlan#2 P0 112.204.234.145.39894 > x.x.x.x.5900: S 3415732392:3415732392(0) win 65535
99: 16:26:12.176840 802.1Q vlan#2 P0 112.204.234.145.39893 >x.x.x.x.5900: S 4277351748:4277351748(0) win 65535
100: 16:26:12.277222 802.1Q vlan#2 P0 112.204.234.145.39902 >x.x.x.x.5900: S 2622006339:2622006339(0) win 65535
101: 16:26:18.090418 802.1Q vlan#2 P0 79.26.104.252.2960 > x.x.x.x.445: S 2362092149:2362092149(0) win 65535
102: 16:26:21.016097 802.1Q vlan#2 P0 79.26.104.252.2960 > x.x.x.x.445: S 2362092149:2362092149(0) win 65535
103: 16:26:29.047269 802.1Q vlan#1 P0 192.168.113.100.53349 > 192.168.16.8.135: . ack 1602664145 win 0
104: 16:26:29.047315 802.1Q vlan#1 P0 192.168.113.100.53351 > 192.168.16.6.135: . ack 2983532581 win 0
105: 16:26:30.854707 802.1Q vlan#1 P0 192.168.113.103.138 > 192.168.113.255.138: udp 201
106: 16:26:31.566697 802.1Q vlan#1 P0 192.168.113.100.138 > 192.168.113.255.138: udp 211
107: 16:26:49.351254 802.1Q vlan#1 P0 802.3 encap packet
108: 16:26:50.351269 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000
109: 16:26:51.351345 802.1Q vlan#1 P0 802.3 encap packet
110: 16:26:52.351391 802.1Q vlan#1 P0 802.3 encap packet
111: 16:26:53.351498 802.1Q vlan#1 P0 802.3 encap packet
112: 16:26:54.351529 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000
113: 16:26:55.351681 802.1Q vlan#1 P0 802.3 encap packet
114: 16:26:56.351696 802.1Q vlan#1 P0 802.3 encap packet
115: 16:26:57.351742 802.1Q vlan#1 P0 802.3 encap packet
116: 16:26:58.351910 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000
117: 16:26:59.351925 802.1Q vlan#1 P0 802.3 encap packet
118: 16:27:00.352002 802.1Q vlan#1 P0 802.3 encap packet
119: 16:27:40.086131 802.1Q vlan#1 P0 192.168.113.2.1376 > 192.168.113.1.443: F 66250328:66250328(0) ack 15807648 win 64600
120: 16:27:40.086665 c969.9bb4.8522 1503.0100.160b 0xaa70 27:
121: 16:27:49.601043 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
122: 16:27:56.085536 802.1Q vlan#2 P0 192.168.16.113.61369 > 192.168.113.2.3389: . 1356749934:1356750395(461) ack 2198032306 win 32768
123: 16:28:01.356106 802.1Q vlan#1 P0 802.3 encap packet
124: 16:28:02.356198 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000
125: 16:28:03.356274 802.1Q vlan#1 P0 802.3 encap packet
126: 16:28:04.356320 802.1Q vlan#1 P0 802.3 encap packet
127: 16:28:05.356426 802.1Q vlan#1 P0 802.3 encap packet
128: 16:28:06.356487 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000
129: 16:28:07.356533 802.1Q vlan#1 P0 802.3 encap packet
130: 16:28:08.356625 802.1Q vlan#1 P0 802.3 encap packet
131: 16:28:09.356671 802.1Q vlan#1 P0 802.3 encap packet
132: 16:28:10.356747 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000
133: 16:28:11.356808 802.1Q vlan#1 P0 802.3 encap packet
134: 16:28:11.623350 802.1Q vlan#2 P0 192.168.16.113.61370 > 192.168.113.2.3389: . ack 236838803 win 32764
135: 16:28:12.356884 802.1Q vlan#1 P0 802.3 encap packet
136: 16:28:13.517597 802.1Q vlan#1 P0 192.168.113.2.1384 > 192.168.16.24.2222: . ack 358563673 win 0
137: 16:28:36.442390 802.1Q vlan#2 P0 192.168.16.6.88 > 192.168.113.2.1388: . ack 3605529264 win 65535
138: 16:28:41.392862 802.1Q vlan#1 P0 192.168.113.2.1402 > 192.168.16.6.389: . ack 3155576226 win 0
139: 16:28:46.584808 802.1Q vlan#2 P0 192.168.16.113.61370 > 192.168.113.2.3389: . ack 236894788 win 32682
140: 16:28:54.008468 802.1Q vlan#2 P0 195.57.0.146.18831 >x.x.x.x.445: S 3177136782:3177136782(0) win 65535
141: 16:28:56.157813 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 174
142: 16:28:57.070537 802.1Q vlan#2 P0 195.57.0.146.18831 > x.x.x.47.445: S 3177136782:3177136782(0) win 65535
143: 16:29:00.678492 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
144: 16:29:01.428475 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
145: 16:29:02.178625 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
146: 16:29:03.067943 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
147: 16:29:03.180090 802.1Q vlan#1 P0 192.168.113.2.1409 > 255.255.255.255.1434: udp 1
148: 16:29:03.196950 802.1Q vlan#2 P0 195.57.0.146.18831 > x.x.x.47.445: S 3177136782:3177136782(0) win 65535
149: 16:29:10.270951 802.1Q vlan#1 P0 192.168.113.21.138 > 192.168.113.255.138: udp 201
150: 16:29:13.361080 802.1Q vlan#1 P0 802.3 encap packet
151: 16:29:14.361156 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000
152: 16:29:15.361202 802.1Q vlan#1 P0 802.3 encap packet
153: 16:29:16.361263 802.1Q vlan#1 P0 802.3 encap packet
154: 16:29:17.361370 802.1Q vlan#1 P0 802.3 encap packet
155: 16:29:18.361431 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000
156: 16:29:19.361462 802.1Q vlan#1 P0 802.3 encap packet
157: 16:29:20.361523 802.1Q vlan#1 P0 802.3 encap packet
158: 16:29:21.361645 802.1Q vlan#1 P0 802.3 encap packet
159: 16:29:22.361675 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000
160: 16:29:23.361767 802.1Q vlan#1 P0 802.3 encap packet
161: 16:29:24.361828 802.1Q vlan#1 P0 802.3 encap packet
162: 16:29:26.454276 802.1Q vlan#1 P0 192.168.113.2.1379 > 192.168.16.6.135: . ack 1950662540 win 0
163: 16:29:55.650326 802.1Q vlan#2 P0 192.168.16.6.88 > 192.168.113.2.1413: . ack 1437557360 win 65535
164: 16:30:06.193486 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
165: 16:30:06.275788 802.1Q vlan#1 P0 192.168.113.2.1419 > 192.168.113.1.443: F 2901932674:2901932674(0) ack 2194877438 win 65535
166: 16:30:06.276108 f51d.deb4.fe29 1503.0100.1667 0xef26 27:
167: 16:30:06.458624 802.1Q vlan#1 P0 192.168.113.101.63801 > 23.51.192.60.443: R 2143801199:2143801199(0) ack 856889377 win 0
168: 16:30:06.943447 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
169: 16:30:07.693857 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
170: 16:30:11.228595 802.1Q vlan#2 P0 192.168.16.6.88 > 192.168.113.101.60989: . ack 1672597860 win 65535
171: 16:30:11.300765 802.1Q vlan#2 P0 192.168.16.6.88 > 192.168.113.101.60990: . ack 3222644503 win 64285
172: 16:30:11.535677 802.1Q vlan#2 P0 192.168.16.6.88 > 192.168.113.101.60992: . ack 4073444089 win 65535
173: 16:30:12.626234 802.1Q vlan#2 P0 192.168.16.6.1026 > 192.168.113.2.1395: . ack 1607137060 win 64650
174: 16:30:12.626676 802.1Q vlan#1 P0 192.168.113.2.1414 > 192.168.16.6.135: . ack 1802016687 win 0
175: 16:30:14.321028 802.1Q vlan#1 P0 192.168.113.100.53382 > 192.168.16.8.1168: . ack 3656217567 win 0
176: 16:30:20.957622 802.1Q vlan#1 P0 192.168.113.101.138 > 192.168.113.255.138: udp 214
177: 16:30:22.886520 802.1Q vlan#1 P0 192.168.113.101.137 > 192.168.113.255.137: udp 50
178: 16:30:23.650906 802.1Q vlan#1 P0 192.168.113.101.137 > 192.168.113.255.137: udp 50
179: 16:30:24.415261 802.1Q vlan#1 P0 192.168.113.101.137 > 192.168.113.255.137: udp 50
180: 16:30:25.366024 802.1Q vlan#1 P0 802.3 encap packet
181: 16:30:26.366069 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000
182: 16:30:27.366192 802.1Q vlan#1 P0 802.3 encap packet
183: 16:30:28.366298 802.1Q vlan#1 P0 802.3 encap packet
184: 16:30:29.366314 802.1Q vlan#1 P0 802.3 encap packet
185: 16:30:30.366344 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000
186: 16:30:31.366405 802.1Q vlan#1 P0 802.3 encap packet
187: 16:30:32.366512 802.1Q vlan#1 P0 802.3 encap packet
188: 16:30:33.366588 802.1Q vlan#1 P0 802.3 encap packet
189: 16:30:34.366603 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000
190: 16:30:35.366726 802.1Q vlan#1 P0 802.3 encap packet
191: 16:30:36.366787 802.1Q vlan#1 P0 802.3 encap packet
192: 16:30:41.354550 802.1Q vlan#2 P2 86.144.206.150.4500 > x.x.x.42.4500: udp 1
193: 16:31:41.317641 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
194: 16:31:41.410135 802.1Q vlan#2 P2 86.144.206.150.4500 > x.x.x.42.4500: udp 1
195: 16:31:42.067531 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
196: 16:31:42.625211 802.1Q vlan#1 P0 192.168.113.2.1425 > 192.168.16.6.1026: . ack 324632995 win 0
197: 16:31:42.817447 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
198: 16:31:43.621641 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
199: 16:31:44.364391 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
200: 16:31:45.114373 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
201: 16:32:17.514194 802.1Q vlan#2 P0 192.168.16.8.1145 > 192.168.113.102.1106: P ack 705237681 win 64410
202: 16:32:17.712991 802.1Q vlan#2 P0 192.168.16.8.1145 > 192.168.113.102.1106: . ack 705237697 win 64394
203: 16:32:19.914289 802.1Q vlan#1 P0 192.168.113.2.1441 > 192.168.113.1.443: F 3616971343:3616971343(0) ack 2537053001 win 64501
204: 16:32:19.914976 0aee.f71f.4e9f 1503.0100.1693 0x6f0c 27:
205: 16:32:29.859559 802.1Q vlan#1 P0 192.168.113.2.1442 > 192.168.113.1.443: F 1397115987:1397115987(0) ack 4256161373 win 64503
206: 16:32:29.860749 dd44.a305.9308 1503.0100.1656 0x8911 27:
207: 16:32:37.739189 802.1Q vlan#1 P0 192.168.113.100.50120 > 192.168.16.5.1433: . ack 2902970569 win 0
208: 16:32:44.122887 802.1Q vlan#1 P0 192.168.113.2.1443 > 192.168.113.1.443: F 2657615761:2657615761(0) ack 4200892746 win 64503
209: 16:32:44.124062 f6a1.d7ab.e83a 1503.0100.1680 0xc43a 27:
210: 16:32:47.656719 802.1Q vlan#1 P0 192.168.113.100.49261 > 192.168.16.7.1025: . ack 3158609488 win 0
211: 16:33:04.969783 802.1Q vlan#1 P0 192.168.113.2.1445 > 192.168.113.1.443: F 814444399:814444399(0) ack 1634267102 win 64503
212: 16:33:04.970881 aa38.dfad.c613 1503.0100.1676 0x82be 27:
213: 16:33:12.628095 802.1Q vlan#2 P0 192.168.16.6.1026 > 192.168.113.2.1435: . ack 2283288029 win 65171
214: 16:33:27.120065 802.1Q vlan#2 P0 192.168.16.8.1145 > 192.168.113.102.1106: P 1127604049:1127604142(93) ack 2305443558 win 64394
215: 16:33:27.720421 802.1Q vlan#2 P0 192.168.16.8.1145 > 192.168.113.102.1106: P 1127604049:1127604142(93) ack 2305443558 win 64394
216: 16:33:28.925199 802.1Q vlan#2 P0 192.168.16.8.1145 > 192.168.113.102.1106: P 1127604049:1127604142(93) ack 2305443558 win 65535
217: 16:33:30.033689 802.1Q vlan#2 P0 192.168.16.8.1145 > 192.168.113.102.1106: P 1127604049:1127604142(93) ack 2305443558 win 65535
218: 16:33:31.240466 802.1Q vlan#2 P0 192.168.16.8.1145 > 192.168.113.102.1106: P 1127604049:1127604142(93) ack 2305443558 win 65535
219: 16:33:33.658123 802.1Q vlan#2 P0 192.168.16.8.1145 > 192.168.113.102.1106: P 1127604049:1127604142(93) ack 2305443558 win 65535
220: 16:34:28.894362 802.1Q vlan#2 P0 78.8.246.9.4932 > x.x.x.47.445: S 3906206304:3906206304(0) win 65535
221: 16:34:31.868103 802.1Q vlan#2 P0 78.8.246.9.4932 > x.x.x.47.445: S 3906206304:3906206304(0) win 65535
222: 16:34:39.949657 802.1Q vlan#1 P0 192.168.113.102.138 > 192.168.113.255.138: udp 201
223: 16:35:01.222492 802.1Q vlan#1 P0 192.168.113.100.68 > 255.255.255.255.67: udp 300
224: 16:35:01.650952 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
225: 16:35:02.400995 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
226: 16:35:03.151084 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
227: 16:35:04.022093 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
228: 16:35:04.772146 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
229: 16:35:05.522220 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
230: 16:35:20.168295 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
231: 16:35:20.524264 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
232: 16:35:20.918333 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
233: 16:35:21.274354 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
234: 16:35:21.668346 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
235: 16:35:22.024412 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
236: 16:35:41.391978 802.1Q vlan#1 P0 192.168.113.102.138 > 192.168.113.255.138: udp 201
237: 16:35:41.734932 802.1Q vlan#2 P0 192.168.16.10.445 > 192.168.113.102.3524: . ack 2927988043 win 63730
238: 16:35:44.540041 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
239: 16:35:45.290100 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
240: 16:35:45.678050 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
241: 16:35:46.040143 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
242: 16:35:46.220005 802.1Q vlan#1 P0 192.168.113.100.138 > 192.168.113.255.138: udp 211
243: 16:35:46.428124 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
244: 16:35:47.178213 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
245: 16:35:48.479345 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
246: 16:35:49.229373 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
247: 16:35:49.979380 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
248: 16:36:01.674388 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 180
249: 16:36:01.674952 802.1Q vlan#1 P0 192.168.113.103.138 > 192.168.113.255.138: udp 181
250: 16:36:01.675074 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 218
251: 16:36:31.389170 802.1Q vlan#2 P0 192.168.16.6.88 > 192.168.113.103.56182: . ack 1459294663 win 65535
252: 16:36:31.674174 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 180
253: 16:36:32.426354 802.1Q vlan#1 P0 192.168.113.103.56183 > 192.168.16.6.389: . ack 3653264448 win 0
254: 16:36:32.426384 802.1Q vlan#1 P0 192.168.113.103.56183 > 192.168.16.6.389: . ack 3653264448 win 0
255: 16:37:01.673808 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 180
256: 16:37:05.540468 802.1Q vlan#1 P0 192.168.113.103.56179 > 192.168.16.6.1026: . ack 2381360421 win 0
257: 16:37:29.018050 802.1Q vlan#1 P0 0.0.0.0.68 > 255.255.255.255.67: udp 323
258: 16:37:29.019545 802.1Q vlan#1 P0 192.168.113.2.67 > 255.255.255.255.68: udp 327
259: 16:37:31.263887 802.1Q vlan#2 P0 192.168.16.7.88 > 192.168.113.100.49158: . ack 978836481 win 65297
260: 16:37:31.442710 802.1Q vlan#2 P0 192.168.16.7.88 > 192.168.113.100.49167: . ack 4028718881 win 65221
261: 16:37:31.524920 802.1Q vlan#2 P0 192.168.16.7.88 > 192.168.113.100.49170: . ack 1787569991 win 65535
262: 16:37:31.631391 802.1Q vlan#2 P0 192.168.16.7.88 > 192.168.113.100.49171: . ack 1175931771 win 65221
263: 16:37:31.673472 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 180
264: 16:37:31.910536 802.1Q vlan#2 P0 192.168.16.7.88 > 192.168.113.100.49175: . ack 1489216443 win 65535
265: 16:37:32.324140 802.1Q vlan#2 P0 192.168.16.7.88 > 192.168.113.100.49173: . ack 3658936090 win 65458
266: 16:37:32.368785 802.1Q vlan#1 P0 192.168.113.100.49165 > 192.168.16.6.389: . ack 72233897 win 0
267: 16:37:32.483510 802.1Q vlan#1 P0 192.168.113.100.138 > 192.168.113.255.138: udp 211
268: 16:37:32.531146 802.1Q vlan#1 P0 192.168.113.100.49157 > 192.168.16.7.389: . ack 4263416637 win 0
269: 16:37:32.736488 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
270: 16:37:32.998788 802.1Q vlan#2 P0 192.168.16.7.88 > 192.168.113.100.49182: . ack 3004547102 win 64245
271: 16:37:33.069179 802.1Q vlan#2 P0 192.168.16.7.88 > 192.168.113.100.49184: . ack 3786025013 win 65535
272: 16:37:33.111429 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 209
273: 16:37:33.486501 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
274: 16:37:34.236529 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
275: 16:37:34.548982 802.1Q vlan#2 P0 192.168.16.7.88 > 192.168.113.100.49190: . ack 713312844 win 65535
276: 16:37:35.396524 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
277: 16:37:36.149940 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
278: 16:37:36.914289 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
279: 16:37:37.630094 802.1Q vlan#1 P0 192.168.113.100.55930 > 192.168.16.7.53: . ack 1516588584 win 0
280: 16:37:37.727364 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
281: 16:37:38.477529 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
282: 16:37:39.227527 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
283: 16:37:39.458716 802.1Q vlan#1 P0 192.168.113.100.138 > 192.168.113.255.138: udp 181
284: 16:37:39.458853 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 218
285: 16:37:39.499577 802.1Q vlan#1 P0 192.168.113.100.68 > 255.255.255.255.67: udp 300
286: 16:37:39.548280 802.1Q vlan#1 P0 192.168.113.100.138 > 192.168.113.255.138: udp 211
287: 16:37:39.972529 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
288: 16:37:40.040555 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
289: 16:37:40.722618 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
290: 16:37:40.790608 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
291: 16:37:41.332029 802.1Q vlan#2 P0 192.168.16.7.88 > 192.168.113.100.55936: . ack 764822756 win 65297
292: 16:37:41.472631 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
293: 16:37:41.540667 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
294: 16:37:41.864167 802.1Q vlan#2 P0 192.168.16.6.389 > 192.168.113.100.55934: . ack 181110485 win 64773
295: 16:37:42.355694 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
296: 16:37:43.105829 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
297: 16:37:43.855821 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
298: 16:37:58.170080 802.1Q vlan#1 P0 192.168.113.100.49155 > 192.168.16.7.135: . ack 1966960952 win 0
299: 16:37:58.172064 802.1Q vlan#1 P0 192.168.113.100.49156 > 192.168.16.7.1025: . ack 1273630770 win 0
300: 16:38:01.673198 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 180
301: 16:38:01.673549 802.1Q vlan#1 P0 192.168.113.100.138 > 192.168.113.255.138: udp 181
302: 16:38:01.673655 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 218
303: 16:38:01.739082 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
304: 16:38:07.355511 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
305: 16:38:08.105554 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
306: 16:38:08.855592 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
307: 16:38:09.680613 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
308: 16:38:10.430748 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
309: 16:38:11.180776 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
310: 16:38:12.134957 802.1Q vlan#2 P0 192.168.16.6.88 > 192.168.113.100.55944: . ack 2246367695 win 65237
311: 16:38:12.209217 802.1Q vlan#2 P0 192.168.16.7.88 > 192.168.113.100.55945: . ack 2494919019 win 64264
312: 16:38:12.561845 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
313: 16:38:12.966197 802.1Q vlan#2 P0 192.168.16.7.88 > 192.168.113.100.55948: . ack 2086593126 win 65535
314: 16:38:13.311949 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
315: 16:38:13.761389 802.1Q vlan#2 P0 192.168.16.7.88 > 192.168.113.100.55950: . ack 2045545802 win 65535
316: 16:38:14.061977 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
317: 16:38:14.223499 802.1Q vlan#2 P0 192.168.16.7.88 > 192.168.113.100.55953: . ack 1713858377 win 64292
318: 16:38:14.736351 802.1Q vlan#1 P0 192.168.113.2.1460 > 192.168.16.24.2222: . ack 1683177201 win 0
319: 16:38:14.932019 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
320: 16:38:15.682093 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
321: 16:38:16.432137 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
322: 16:38:22.554490 802.1Q vlan#2 P0 84.233.195.62.80 > x.x.x.42.41099: . ack 4144961094 win 4824
323: 16:38:22.590560 802.1Q vlan#2 P0 84.233.195.62.80 > x.x.x.42.41099: R 2988301725:2988301725(0) win 0
324: 16:38:28.171164 802.1Q vlan#1 P0 192.168.113.100.55946 > 192.168.16.6.135: . ack 1977991697 win 0
325: 16:38:28.696192 802.1Q vlan#1 P0 192.168.113.103.56188 > 192.168.16.24.2222: . ack 2408117423 win 0
326: 16:38:31.672877 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 180
327: 16:38:32.107965 802.1Q vlan#1 P0 192.168.113.103.138 > 192.168.113.255.138: udp 201
328: 16:38:35.048642 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 218
329: 16:38:36.682948 802.1Q vlan#2 P0 192.168.16.7.88 > 192.168.113.100.55960: . ack 4217273847 win 65535
330: 16:38:37.418145 802.1Q vlan#1 P0 192.168.113.100.55959 > 192.168.16.8.1168: . ack 2927102471 win 0
331: 16:38:39.650906 802.1Q vlan#2 P0 192.168.16.7.88 > 192.168.113.100.55965: . ack 3654544597 win 64245
332: 16:38:58.170798 802.1Q vlan#1 P0 192.168.113.100.55947 > 192.168.16.6.1026: . ack 2221560240 win 0
333: 16:39:39.647915 802.1Q vlan#2 P0 46.214.148.199.6237 > x.x.x.42.445: S 4290339150:4290339150(0) win 65535
334: 16:39:42.649868 802.1Q vlan#2 P0 46.214.148.199.6237 > x.x.x.42.445: S 4290339150:4290339150(0) win 65535
335: 16:40:05.249987 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
336: 16:40:06.000000 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
337: 16:40:06.749976 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
338: 16:40:07.344052 802.1Q vlan#1 P0 192.168.113.100.138 > 192.168.113.255.138: udp 211
339: 16:40:08.801716 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
340: 16:40:09.252031 802.1Q vlan#2 P0 192.168.16.6.139 > 192.168.113.2.1483: P 3217152810:3217152814(4) ack 4243483819 win 65463
341: 16:40:09.566087 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
342: 16:40:10.330564 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
343: 16:40:11.073436 802.1Q vlan#2 P0 189.4.30.188.4049 > x.x.x.47.445: S 583807781:583807781(0) win 65535
344: 16:40:14.013030 802.1Q vlan#2 P0 189.4.30.188.4049 > x.x.x.47.445: S 583807781:583807781(0) win 65535
345: 16:40:21.073253 802.1Q vlan#2 P0 192.168.16.6.1026 > 192.168.113.2.1465: . ack 1572968133 win 64691
346: 16:40:53.498631 802.1Q vlan#2 P0 192.168.16.6.88 > 192.168.113.103.56193: . ack 2614204448 win 65535
347: 16:40:54.113168 802.1Q vlan#2 P0 192.168.16.6.88 > 192.168.113.103.56195: . ack 3619711523 win 65535
348: 16:42:05.264024 802.1Q vlan#1 P0 192.168.113.21.138 > 192.168.113.255.138: udp 201
349: 16:42:05.990610 802.1Q vlan#1 P0 802.3 encap packet
350: 16:42:06.582886 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000
351: 16:42:07.831057 802.1Q vlan#1 P0 802.3 encap packet
352: 16:42:08.623075 802.1Q vlan#1 P0 802.3 encap packet
353: 16:42:09.624509 802.1Q vlan#1 P0 802.3 encap packet
354: 16:42:10.593231 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000
355: 16:42:11.703485 802.1Q vlan#1 P0 802.3 encap packet
356: 16:42:12.813693 802.1Q vlan#1 P0 802.3 encap packet
357: 16:42:13.923383 802.1Q vlan#1 P0 802.3 encap packet
358: 16:42:14.963329 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000
359: 16:42:15.995477 802.1Q vlan#1 P0 802.3 encap packet
360: 16:42:17.103647 802.1Q vlan#1 P0 802.3 encap packet
361: 16:42:18.103495 802.1Q vlan#1 P0 802.3 encap packet
362: 16:42:19.203511 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000
363: 16:42:20.203572 802.1Q vlan#1 P0 802.3 encap packet
364: 16:42:21.203755 802.1Q vlan#1 P0 802.3 encap packet
365: 16:43:34.032896 802.1Q vlan#2 P0 210.4.15.147.1983 > x.x.x.42.445: S 4060018625:4060018625(0) win 65535
366: 16:43:36.924375 802.1Q vlan#2 P0 210.4.15.147.1983 > x.x.x.42.445: S 4060018625:4060018625(0) win 65535
367: 16:43:51.279053 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
368: 16:43:52.028944 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
369: 16:43:52.778905 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
370: 16:43:53.583481 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
371: 16:43:54.325849 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
372: 16:43:55.075771 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
373: 16:44:43.299133 802.1Q vlan#2 P0 84.46.240.12.4739 > x.x.x.42.445: S 2644276309:2644276309(0) win 65535
374: 16:44:46.355358 802.1Q vlan#2 P0 84.46.240.12.4739 > x.x.x.42.445: S 2644276309:2644276309(0) win 65535
375: 16:45:13.762640 802.1Q vlan#2 P0 14.136.113.23.58068 > x.x.x.42.23: S 628177666:628177666(0) win 5840
376: 16:45:13.764746 802.1Q vlan#2 P0 14.136.113.23.35631 > x.x.x.47.23: S 633610575:633610575(0) win 5840
377: 16:45:13.764914 802.1Q vlan#2 P0 14.136.113.23.36646 >x.x.x.x: S 627103517:627103517(0) win 5840
378: 16:46:47.038068 802.1Q vlan#1 P0 192.168.113.103.56196 > 192.168.16.6.135: . ack 1047348019 win 0
379: 16:47:35.921812 802.1Q vlan#2 P0 50.22.199.212.80 >x.x.x.x.48383: S 1930513355:1930513355(0) ack 1004916503 win 16384
380: 16:47:36.554201 802.1Q vlan#2 P0 66.231.182.111.80 > x.x.x.x.1024: S 2203310160:2203310160(0) ack 2592535424 win 5840
381: 16:48:57.603774 802.1Q vlan#2 P0 142.4.58.113.1859 >x.x.x.x.445: S 3585080814:3585080814(0) win 65535
382: 16:49:00.493123 802.1Q vlan#2 P0 142.4.58.113.1859 > x.x.x.x.445: S 3585080814:3585080814(0) win 65535
383: 16:49:23.626462 802.1Q vlan#1 P0 192.168.113.2.1536 > x.x.x.x.53: . ack 136785297 win 0
384: 16:49:26.492848 802.1Q vlan#2 P0 192.168.16.6.88 > 192.168.113.2.1537: . ack 2966267924 win 65535
385: 16:49:45.827883 802.1Q vlan#2 P0 62.75.244.214.80 > x.x.x.x.40215: S 2919672066:2919672066(0) ack 760938497 win 5840
386: 16:49:56.653225 802.1Q vlan#2 P0 220.132.215.144.4822 > x.x.x.x.23: S 2534918729:2534918729(0) win 5808
387: 16:49:56.655086 802.1Q vlan#2 P0 220.132.215.144.3935 > x.x.x.x.23: S 2538528904:2538528904(0) win 5808
388: 16:49:56.665477 802.1Q vlan#2 P0 220.132.215.144.3892 >x.x.x.x.23: S 2530221481:2530221481(0) win 5808
389: 16:50:05.196980 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
390: 16:50:05.946926 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
391: 16:50:06.696954 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
392: 16:50:33.087489 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 218
393: 16:50:34.330854 802.1Q vlan#1 P0 192.168.113.103.138 > 192.168.113.255.138: udp 201
394: 16:51:48.139961 802.1Q vlan#2 P0 41.84.159.34.3753 > x.x.x.x.445: S 1632777117:1632777117(0) win 65535
395: 16:51:51.117700 802.1Q vlan#2 P0 41.84.159.34.3753 >x.x.x.x.445: S 1632777117:1632777117(0) win 65535
396: 16:52:16.155723 802.1Q vlan#2 P0 118.157.40.230.17343 > x.x.x.x.45093: udp 30
397: 16:52:16.173620 802.1Q vlan#2 P0 118.157.40.230.17343 > x.x.x.x.45093: udp 20
398: 16:52:19.312148 802.1Q vlan#2 P0 118.157.40.230.17343 > x.x.x.x.45093: udp 20
399: 16:52:25.864243 802.1Q vlan#2 P0 118.157.40.230.17343 > x.x.x.x.45093: udp 20
400: 16:52:33.102457 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 209
401: 16:52:38.334028 802.1Q vlan#2 P0 118.157.40.230.17343 > x.x.x.x.45093: udp 20
402: 16:53:02.396128 802.1Q vlan#2 P0 118.157.40.230.17343 >x.x.x.x.45093: udp 20
403: 16:53:13.157355 802.1Q vlan#1 P0 192.168.113.2.1554 > 192.168.16.24.2222: . ack 460543479 win 0
404: 16:53:31.871552 802.1Q vlan#2 P0 118.157.40.230.17343 > x.x.x.x.45093: udp 20
405: 16:55:40.103220 802.1Q vlan#2 P0 79.13.79.231.2042 > x.x.x.x.445: S 3623912103:3623912103(0) win 65535
406: 16:55:42.940411 802.1Q vlan#2 P0 79.13.79.231.2042 > x.x.x.40.445: S 3623912103:3623912103(0) win 65535
407: 16:56:01.209049 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
408: 16:56:01.814548 802.1Q vlan#1 P0 192.168.113.2.1561 > 192.168.16.6.1026: . ack 3029302484 win 0
409: 16:56:01.958995 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
410: 16:56:02.709008 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
411: 16:56:03.515110 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
412: 16:56:04.255891 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
413: 16:56:05.005874 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
414: 16:56:35.329649 802.1Q vlan#2 P0 192.168.16.6.389 > 192.168.113.2.1573: . ack 2011530329 win 65280
415: 16:57:18.817050 802.1Q vlan#2 P0 192.168.16.6.88 > 192.168.113.103.56207: . ack 3180698784 win 65535
416: 16:57:18.887191 802.1Q vlan#2 P0 192.168.16.6.88 > 192.168.113.103.56208: . ack 2540987118 win 65535
417: 16:58:00.045529 802.1Q vlan#2 P0 192.168.16.6.135 > 192.168.113.2.1570: . ack 1936024672 win 65263
418: 16:58:03.923337 802.1Q vlan#1 P0 192.168.113.2.1571 > 192.168.16.6.1026: . ack 4000727925 win 0
419: 16:58:24.150276 802.1Q vlan#1 P0 192.168.113.2.1584 > 192.168.16.24.2222: . ack 1251414172 win 0
420: 16:58:39.814090 802.1Q vlan#2 P0 192.168.16.6.389 > 192.168.113.2.1231: R 3143068825:3143068825(0) win 0
421: 16:58:48.666560 802.1Q vlan#1 P0 192.168.113.103.56210 > 192.168.16.6.389: . ack 1501688799 win 0
422: 17:00:05.206547 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
423: 17:00:05.956508 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
424: 17:00:06.706506 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
425: 17:00:28.431206 802.1Q vlan#2 P0 71.244.82.240.4041 >x.x.x.x.445: S 362528713:362528713(0) win 65535
426: 17:00:31.485356 802.1Q vlan#2 P0 71.244.82.240.4041 > x.x.x.x.445: S 362528713:362528713(0) win 65535
427: 17:02:34.845735 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 218
428: 17:02:50.268998 802.1Q vlan#2 P0 128.68.207.98.1642 > x.x.x.x.445: S 3558079521:3558079521(0) win 65535
429: 17:02:51.441536 802.1Q vlan#2 P0 95.37.124.146.2470 > x.x.x.x.445: S 3847235035:3847235035(0) win 65535
430: 17:02:53.252779 802.1Q vlan#2 P0 128.68.207.98.1642 > x.x.x.x.445: S 3558079521:3558079521(0) win 65535
431: 17:02:54.298949 802.1Q vlan#2 P0 95.37.124.146.2470 > x.x.x.x.445: S 3847235035:3847235035(0) win 65535
432: 17:03:24.651104 802.1Q vlan#1 P0 192.168.113.2.1604 > 192.168.16.24.2222: . ack 927286160 win 0
433: 17:05:23.439979 802.1Q vlan#2 P0 221.132.33.39.3471 > x.x.x.x.445: S 2983629597:2983629597(0) win 65535
434: 17:05:25.237002 802.1Q vlan#2 P0 204.111.67.69.4533 > x.x.x.x.445: S 1412418025:1412418025(0) win 65535
435: 17:05:26.407663 802.1Q vlan#2 P0 221.132.33.39.3471 > x.x.x.x.445: S 2983629597:2983629597(0) win 65535
436: 17:05:28.156669 802.1Q vlan#2 P0 204.111.67.69.4533 >x.x.x.x.445: S 1412418025:1412418025(0) win 65535
437: 17:05:41.544069 802.1Q vlan#2 P0 106.3.103.188.40760 > x.x.x.x.445: S 1656511640:1656511640(0) win 65535
438: 17:05:44.548021 802.1Q vlan#2 P0 106.3.103.188.40760 > x.x.x.x.445: S 1656511640:1656511640(0) win 65535
439: 17:06:11.262620 802.1Q vlan#2 P0 95.51.201.5.2510 > x.x.x.x.445: S 3351917967:3351917967(0) win 65535
440: 17:06:14.298766 802.1Q vlan#2 P0 95.51.201.5.2510 > x.x.x.x.445: S 3351917967:3351917967(0) win 65535
441: 17:07:16.002975 802.1Q vlan#2 P0 37.59.0.72.22 > x.x.x.x.80: S 1208637086:1208637086(0) ack 1 win 14600
442: 17:07:33.093028 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 209
443: 17:08:11.139015 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
444: 17:08:11.888961 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
445: 17:08:12.638959 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
446: 17:08:13.446571 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
447: 17:08:14.185842 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
448: 17:08:14.935788 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
449: 17:10:05.434685 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
450: 17:10:06.184698 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
451: 17:10:06.934628 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
452: 17:13:48.562791 802.1Q vlan#2 P0 45.131.126.147.53949 >x.x.x.x.14768: . win 16384
453: 17:14:33.697626 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 218
454: 17:17:41.242846 802.1Q vlan#2 P0 174.138.175.180.5139 > x.x.x.x.5060: udp 417
455: 17:17:41.260789 802.1Q vlan#2 P0 174.138.175.180.5139 > x.x.x.x.5060: udp 418
456: 17:17:41.293014 802.1Q vlan#2 P0 174.138.175.180.5139 > x.x.x.x.5060: udp 418
457: 17:18:26.144813 802.1Q vlan#1 P0 192.168.113.2.1665 > 192.168.16.24.2222: . ack 3674161483 win 0
458: 17:18:47.300216 802.1Q vlan#2 P0 192.168.16.6.1026 > 192.168.113.2.1651: . ack 963481079 win 65535
459: 17:19:40.849702 802.1Q vlan#2 P0 93.63.181.21.62986 > x.x.x.x.445: S 274304149:274304149(0) win 65535
460: 17:19:43.733055 802.1Q vlan#2 P0 93.63.181.21.62986 > x.x.x.x.445: S 274304149:274304149(0) win 65535
461: 17:20:01.536120 802.1Q vlan#2 P0 31.47.40.58.2982 > x.x.x.x.445: S 2578199672:2578199672(0) win 16384
462: 17:20:04.582275 802.1Q vlan#2 P0 31.47.40.58.2982 > x.x.x.x.445: S 2578199672:2578199672(0) win 16384
463: 17:20:04.943875 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
464: 17:20:05.693888 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
465: 17:20:06.443900 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
466: 17:20:16.571320 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
467: 17:20:17.318800 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
468: 17:20:18.068798 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
469: 17:20:18.875885 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
470: 17:20:19.615645 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
471: 17:20:20.365627 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
472: 17:20:21.752738 802.1Q vlan#2 P0 192.168.16.6.139 > 192.168.113.2.1678: P 640741668:640741672(4) ack 2410017920 win 65463
473: 17:21:27.330320 802.1Q vlan#2 P0 109.3.51.11.80 >x.x.x.x.40328: R 0:0(0) ack 987376948 win 0
474: 17:22:33.083537 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 209
475: 17:23:13.037092 802.1Q vlan#1 P0 192.168.113.2.1686 > 192.168.16.24.2222: . ack 2164880831 win 0
476: 17:23:23.507862 802.1Q vlan#2 P0 192.168.16.24.2222 > 192.168.113.2.1687: . ack 3400485149 win 64451
477: 17:24:03.007293 802.1Q vlan#2 P0 114.34.110.185.35787 > x.x.x.x.23: S 475586745:475586745(0) win 5808
478: 17:24:03.013381 802.1Q vlan#2 P0 114.34.110.185.56372 > x.x.x.x.23: S 471207272:471207272(0) win 5808
479: 17:24:03.015410 802.1Q vlan#2 P0 114.34.110.185.37824 > x.x.x.x.23: S 470577274:470577274(0) win 5808
480: 17:25:10.359997 802.1Q vlan#2 P0 126.91.113.22.33902 > x.x.x.x.56490: udp 30
481: 17:25:10.379939 802.1Q vlan#2 P0 126.91.113.22.33902 > x.x.x.x..56490: udp 20
482: 17:25:13.498478 802.1Q vlan#2 P0 126.91.113.22.33902 > x.x.x.x.56490: udp 20
483: 17:25:19.907927 802.1Q vlan#2 P0 126.91.113.22.33902 > x.x.x.x.56490: udp 20
484: 17:25:32.359631 802.1Q vlan#2 P0 126.91.113.22.33902 > x.x.x.x.56490: udp 20
485: 17:25:56.363415 802.1Q vlan#2 P0 126.91.113.22.33902 > x.x.x.x.56490: udp 20
486: 17:26:25.632077 802.1Q vlan#2 P0 126.91.113.22.33902 > x.x.x.x.56490: udp 20
487: 17:26:36.299468 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 218
488: 17:29:27.531863 802.1Q vlan#2 P0 192.168.16.6.88 > 192.168.113.2.1703: . ack 3505140564 win 65535
489: 17:29:28.061977 802.1Q vlan#2 P0 192.168.16.6.88 > 192.168.113.2.1704: . ack 1723398161 win 65535
490: 17:30:04.984583 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
491: 17:30:05.734565 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
492: 17:30:06.484594 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
493: 17:31:08.448676 802.1Q vlan#1 P0 192.168.113.2.1705 > 192.168.16.6.135: . ack 329930795 win 0
494: 17:32:26.498753 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
495: 17:32:27.248720 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
496: 17:32:27.998681 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
497: 17:32:28.805210 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
498: 17:32:29.545565 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
499: 17:32:30.295669 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
500: 17:33:15.029081 802.1Q vlan#2 P0 37.59.0.72.22 > x.x.x.x.80: S 1846440469:1846440469(0) ack 1 win 14600
501: 17:34:32.666683 802.1Q vlan#2 P0 186.210.159.134.1497 >x.x.x.x.445: S 731294763:731294763(0) win 65535
502: 17:34:35.327314 802.1Q vlan#2 P0 192.168.16.6.88 > 192.168.113.2.1738: . ack 4248243050 win 65516
503: 17:34:35.604262 802.1Q vlan#2 P0 186.210.159.134.1497 > x.x.x.x.445: S 731294763:731294763(0) win 65535
504: 17:34:36.750998 802.1Q vlan#2 P0 192.168.16.6.88 > 192.168.113.2.1748: . ack 1292574253 win 65535
505: 17:34:37.026670 802.1Q vlan#1 P0 192.168.113.2.1741 > 192.168.16.6.389: . ack 3709459071 win 0
506: 17:34:53.094096 802.1Q vlan#2 P0 81.191.253.254.1679 > x.x.x.x.23: S 1795047884:1795047884(0) win 5840
507: 17:34:53.094126 802.1Q vlan#2 P0 81.191.253.254.1160 > x.x.x.x.23: S 1792069562:1792069562(0) win 5840
508: 17:34:53.102182 802.1Q vlan#2 P0 81.191.253.254.4513 > x.x.x.x.23: S 1799422964:1799422964(0) win 5840
509: 17:36:39.992441 802.1Q vlan#2 P0 192.168.16.6.1026 > 192.168.113.2.1739: . ack 577382098 win 64563
510: 17:36:43.723198 802.1Q vlan#2 P0 173.199.71.146.22 > x.x.x.x.80: R 0:0(0) ack 1 win 0
511: 17:37:33.073894 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 209
512: 17:38:24.955700 802.1Q vlan#1 P0 192.168.113.2.1761 > 192.168.16.24.2222: . ack 1222119482 win 0
513: 17:38:34.073040 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 218
514: 17:38:35.042249 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 218
515: 17:40:04.993661 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
516: 17:40:05.743674 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
517: 17:40:06.493718 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
518: 17:44:36.412759 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
519: 17:44:37.162757 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
520: 17:44:37.912886 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
521: 17:44:38.717217 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
522: 17:44:39.459616 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
523: 17:44:40.209766 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
524: 17:44:41.660412 802.1Q vlan#2 P0 46.108.60.22.80 > x.x.x.x.23736: S 1810069934:1810069934(0) ack 1517738109 win 8192
525: 17:46:36.157737 802.1Q vlan#1 P0 192.168.113.2.1789 > 192.168.16.6.135: . ack 89468705 win 0
526: 17:46:36.157782 802.1Q vlan#1 P0 192.168.113.2.1790 > 192.168.16.6.1026: . ack 3579387297 win 0
527: 17:47:40.965648 802.1Q vlan#2 P0 78.139.165.57.4297 > x.x.x.x.445: S 2908035217:2908035217(0) win 65535
528: 17:47:43.945385 802.1Q vlan#2 P0 78.139.165.57.4297 > x.x.x.x.445: S 2908035217:2908035217(0) win 65535
529: 17:49:57.610640 802.1Q vlan#2 P0 31.31.89.9.22 > x.x.x.x.80: S 1417858380:1417858380(0) ack 1 win 14600
530: 17:50:05.143699 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
531: 17:50:05.893630 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
532: 17:50:06.643658 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
533: 17:50:35.205967 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 218
534: 17:52:12.181204 802.1Q vlan#2 P0 91.227.122.90.80 > x.x.x.x.35714: S 3170841931:3170841931(0) ack 4036991100 win 5840
535: 17:52:33.064190 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 209
536: 17:53:09.887390 802.1Q vlan#2 P0 192.168.16.6.1026 > 192.168.113.2.1822: . ack 2934231246 win 65171
537: 17:53:12.554857 802.1Q vlan#1 P0 192.168.113.2.1826 > 192.168.16.24.2222: . ack 972433877 win 0
538: 17:56:46.342297 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
539: 17:56:47.092326 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
540: 17:56:47.842272 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
541: 17:56:48.648236 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
542: 17:56:49.389170 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
543: 17:56:50.139168 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
544: 17:57:13.840181 802.1Q vlan#2 P0 50.22.199.212.80 > x.x.x.x.56495: S 99028886:99028886(0) ack 4216075886 win 16384
545: 17:57:39.906081 802.1Q vlan#2 P0 114.26.202.181.4346 > x.x.x.x.445: S 1063524641:1063524641(0) win 65535
546: 17:57:43.000442 802.1Q vlan#2 P0 114.26.202.181.4346 > x.x.x.x.445: S 1063524641:1063524641(0) win 65535
547: 17:58:13.018858 802.1Q vlan#1 P0 192.168.113.2.1864 > 192.168.16.24.2222: . ack 4207183994 win 0
548: 17:59:39.260194 802.1Q vlan#2 P0 192.168.16.6.88 > 192.168.113.2.1872: . ack 1374926765 win 65535
549: 18:00:04.949566 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
550: 18:00:05.699579 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
551: 18:00:06.449576 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
552: 18:00:44.472158 802.1Q vlan#2 P0 212.70.128.163.2239 >x.x.x.x.445: S 490660798:490660798(0) win 65535
553: 18:00:47.456076 802.1Q vlan#2 P0 212.70.128.163.2239 > x.x.x.x.445: S 490660798:490660798(0) win 65535
554: 18:01:18.987894 802.1Q vlan#2 P0 114.43.54.76.3486 > x.x.x.x.445: S 4082553752:4082553752(0) win 65535
555: 18:01:21.981745 802.1Q vlan#2 P0 114.43.54.76.3486 > x.x.x.x.445: S 4082553752:4082553752(0) win 65535
556: 18:02:33.932477 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 218
557: 18:03:01.819980 802.1Q vlan#2 P0 46.108.60.22.80 > x.x.x.x.30843: S 1487269552:1487269552(0) ack 569782833 win 8192
558: 18:04:43.108270 802.1Q vlan#2 P0 192.168.16.6.389 > 192.168.113.2.1902: . ack 2909854688 win 65130
559: 18:05:26.707894 802.1Q vlan#2 P0 61.160.247.40.6000 > x.x.x.47.3389: S 476708864:476708864(0) win 16384
560: 18:05:26.715813 802.1Q vlan#2 P0 61.160.247.40.6000 > x.x.x.42.3389: S 983564288:983564288(0) win 16384
561: 18:05:26.731941 802.1Q vlan#2 P0 61.160.247.40.6000 > x.x.x.40.3389: S 1910964224:1910964224(0) win 16384
562: 18:06:12.440528 802.1Q vlan#2 P0 192.168.16.6.1026 > 192.168.113.2.1899: . ack 3842669121 win 64563
563: 18:07:27.736488 802.1Q vlan#2 P2 81.196.79.244.40632 > x.x.x.42.445: S 1550760725:1550760725(0) win 65535
564: 18:07:30.656155 802.1Q vlan#2 P2 81.196.79.244.40632 > x.x.x.42.445: S 1550760725:1550760725(0) win 65535
565: 18:07:33.054654 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 209
566: 18:08:13.949017 802.1Q vlan#1 P0 192.168.113.2.1915 > 192.168.16.24.2222: . ack 1717558933 win 0
567: 18:08:56.271973 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
568: 18:08:57.021956 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
569: 18:08:57.771902 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
570: 18:08:58.593307 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
571: 18:08:59.334394 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
572: 18:09:00.0843 -
Subnet mask 255.255.255.255 assigned to VPN client - can't ping LAN
Hi,
I configured PIX 501 with PPTP VPN to connect to the small office (PIX FW, Win 2000 Server, several Win clients, LAN IP 10.0.0.X/24):
ip local pool mypool 10.0.0.101-10.0.0.105
vpdn group mygroup accept dialin pptp
vpdn group mygroup ppp authentication mschap
vpdn group mygroup ppp encryption mppe 128 required
vpdn group mygroup client configuration address local mypool
vpdn group mygroup client configuration dns 10.0.0.15
vpdn group mygroup pptp echo 60
vpdn group mygroup client authentication local
vpdn username xxxx password *********
vpdn enable outside
I can connect to the office using Win VPN client, but I can't ping any hosts in the office network. I suspect that the reason for that is subnet mask assigned to the VPN client: 255.255.255.255. ipconfig of the VPN client:
PPP adapter Office:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 10.0.0.101
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
Default GW is missing too, but I think this is not the main problem.
Any way, what is wrong with my config? How to fix subnet mask assigned to clients? Or may be my assumption is wrong and this mask is ok? What is wrong then?
Any input will be greatly appreciated!
GeorgeThanks for the prompt reply.
Here it does:
PIX Version 6.3(4)
interface ethernet0 auto
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password xxxxxxxxxxxxxx encrypted
passwd xxxxxxxxxxxxxx encrypted
hostname OSTBERG-PIX
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list 80 permit ip 10.0.0.0 255.255.255.0 10.0.20.0 255.255.255.0
access-list inbound permit icmp any any
access-list inbound permit tcp any any eq pptp
access-list inbound permit gre any any
pager lines 24
mtu outside 1500
mtu inside 1500
ip address outside 66.189.xxx.xxx 255.255.252.0
ip address inside 10.0.0.23 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
ip local pool mypool 10.0.0.101-10.0.0.105
pdm location 10.0.0.0 255.255.255.0 inside
pdm location 10.0.0.15 255.255.255.255 inside
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
access-group inbound in interface outside
route outside 0.0.0.0 0.0.0.0 66.189.yyy.yyy 1
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
sysopt connection permit-pptp
telnet 10.0.0.23 255.255.255.255 inside
telnet 10.0.0.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
vpdn group mygroup accept dialin pptp
vpdn group mygroup ppp authentication mschap
vpdn group mygroup ppp encryption mppe 128 required
vpdn group mygroup client configuration address local mypool
vpdn group mygroup client configuration dns 10.0.0.15
vpdn group mygroup pptp echo 60
vpdn group mygroup client authentication local
vpdn username ********* password *********
vpdn enable outside
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd auto_config outside
terminal width 80
Cryptochecksum:xxx
: end
There are remnants of old config, I just recently took over this network, some lines look odd to me, but I did not touch what works. VPN config is all mine.
PIX internal 10.0.0.23 - is a gateway for the network. DNS server in LAN - 10.0.0.15.
I've been reading about the problem and came across several posts that this subnet mask is normal, but it puzzles me - how can this host communicate with anyone else if there is no room for other hosts in this network (according to the mask)?!
Thanks again!
George -
Hi! First of all I appologize for posting a similar question in another forum. I think this one is the right place.
Im trying to connect to a PIX 501 with easy vpn in nem mode with a ASA 5505. Currently running 7.2.2-22 (had to download a interim release due to dhcp problems with the ISP in 7.2.2) and ASDM 5.2.
The problem is that when using nem mode i cannot ping the other side at all. When using client mode this works fine but i need the two way traffic.
Our Head unit is 192.168.1.1 and the connecting ASA 5505 is 192.168.10.1. When I try to ping a machine (192.168.1.201) from the remote site I get this in the ASA log:
With network extension mode
302020 192.168.1.201 192.168.10.2 Built ICMP connection for faddr 192.168.1.201/0 gaddr 192.168.10.2/512 laddr 192.168.10.2/512
With only client mode
302020 192.168.1.201 192.168.10.2 Built ICMP connection for faddr 192.168.1.201/0 gaddr 192.168.1.9/1 laddr 192.168.10.2/512
It seemes to me that the ASA sets an incorrect gateway address in nem mode ?
The PIX 501 has been working fine for some years with software clients connecting.
Any ideas ?
Thanks!When configured in Easy VPN Network Extension Mode, the ASA 5505 does not hide the IP addresses of local hosts by substituting a public IP address. Therefore, hosts on the other side of the VPN connection can communicate directly with hosts on the local network.
Try this link:
http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/site2sit.html -
Hello, i have asa 5505. Users can connect to inside network (192.168.1.0) throught L2TP VPN and can ping inside network. Need to allow vpn users (192.168.2.0) to ping each other.
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
same-security-traffic permit inter-interface
access-list Local_LAN_Access remark VPN Client Local LAN Access
access-list Local_LAN_Access standard permit 192.168.1.0 255.255.255.0
access-list Inside_nat0_outbound extended permit ip any 192.168.3.0 255.255.255.0
access-list Inside_nat0_outbound extended permit ip any 192.168.2.0 255.255.255.0
access-list Inside_nat0_outbound extended permit ip any 192.168.4.0 255.255.255.0
access-list Inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 192.168.4.0 255.255.255.0
access-list vpn extended permit ip 192.168.3.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list Local_LAN_Access_l2tp remark l2tp Client Local LAN Access
access-list Local_LAN_Access_l2tp standard permit 192.168.1.0 255.255.255.0
access-list Local_LAN_Access_l2tp standard permit 192.168.2.0 255.255.255.0
access-list vpn_l2tp extended permit ip 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list split-tunnel standard permit 192.168.1.0 255.255.255.0
access-list split-tunnel remark match Anyconn client to tunnel traffic
ip local pool l2tp-ipsec_address 192.168.2.100-192.168.2.114 mask 255.255.255.0
nat-control
global (inside) 2 192.168.1.101
global (inside) 3 192.168.1.102
global (outside) 1 interface
nat (inside) 0 access-list Inside_nat0_outbound
nat (inside) 1 192.168.1.0 255.255.255.0
nat (outside) 2 access-list vpn
nat (outside) 3 access-list vpn_l2tp
crypto ipsec transform-set trans esp-3des esp-sha-hmac
crypto ipsec transform-set trans mode transport
crypto dynamic-map dyno 10 set transform-set trans
crypto map vpn 65535 ipsec-isakmp dynamic dyno
crypto map vpn interface outside
crypto isakmp enable outside
crypto isakmp policy 1
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 43200
crypto isakmp policy 10
authentication rsa-sig
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp nat-traversal 30
vpn-addr-assign local reuse-delay 5
group-policy l2tp-ipsec_policy internal
group-policy l2tp-ipsec_policy attributes
dns-server value 192.168.1.10
vpn-tunnel-protocol l2tp-ipsec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value Local_LAN_Access_l2tpHello,
You will have to configure hair pinning / u turning to get this working. Make sure the vpn pool is allowed in the split access-list for L2TP clients.
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00805734ae.shtml
Hope this helps.
Regards,
Dinesh Moudgil
P.S. Please rate helpful posts. -
10.5: VPN clients can't connect to each other
Hey all,
I've got a bit of an odd problem. Got my VPN server setup and working fine on 10.5.4. Clients can connect in, mount file shares, etc. However, if we have multiple clients connected in via VPN, they can't connect to each other. They can't ping each other or anything. I've checked firewalls, etc, on the client machines, and everything looks fine.
Machines within the network can ping and connect to them both, it's just when they're trying to connect to one another that the problem occurs. Any ideas why this might be, and any possible solutions?
Thanks in advance,
PaulOS X Server / VPN /The L2TP-VPN server did not respond
-
Cisco ASA 5510 - Cisco Client Can Connect To VPN But Can't Ping!
Hi,
I have an ASA 5510 with the configuration below. I have configure the ASA as remote access vpn server with cisco vpn client, my problem now is I can connect but I can't ping.
Config
ciscoasa# sh run
: Saved
ASA Version 8.0(3)
hostname ciscoasa
enable password 5QB4svsHoIHxXpF/ encrypted
names
name xxx.xxx.xxx.xxx SAP_router_IP_on_SAP
name xxx.xxx.xxx.xxx ISA_Server_second_external_IP
name xxx.xxx.xxx.xxx Mail_Server
name xxx.xxx.xxx.xxx IncomingIP
name xxx.xxx.xxx.xxx SAP
name xxx.xxx.xxx.xxx WebServer
name xxx.xxx.xxx.xxx cms_eservices_projects_sharepointold
name 192.168.2.2 isa_server_outside
interface Ethernet0/0
nameif outside
security-level 0
ip address IncomingIP 255.255.255.248
interface Ethernet0/1
nameif inside
security-level 100
ip address 192.168.2.1 255.255.255.0
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.253 255.255.255.0
management-only
passwd 123
ftp mode passive
clock timezone EEST 2
clock summer-time EEDT recurring last Sun Mar 3:00 last Sun Oct 4:00
object-group service TCP_8081 tcp
port-object eq 8081
object-group service DM_INLINE_TCP_1 tcp
port-object eq 3389
port-object eq ftp
port-object eq www
port-object eq https
port-object eq smtp
port-object eq pop3
port-object eq 3200
port-object eq 3300
port-object eq 3600
port-object eq 3299
port-object eq 3390
port-object eq 50000
port-object eq 3396
port-object eq 3397
port-object eq 3398
port-object eq imap4
port-object eq 587
port-object eq 993
port-object eq 8000
port-object eq 8443
port-object eq telnet
port-object eq 3901
group-object TCP_8081
port-object eq 1433
port-object eq 3391
port-object eq 3399
port-object eq 8080
port-object eq 3128
port-object eq 3900
port-object eq 3902
port-object eq 7777
port-object eq 3392
port-object eq 3393
port-object eq 3394
port-object eq 3395
port-object eq 92
port-object eq 91
port-object eq 3206
port-object eq 8001
port-object eq 8181
port-object eq 7778
port-object eq 8180
port-object eq 22222
port-object eq 11001
port-object eq 11002
port-object eq 1555
port-object eq 2223
port-object eq 2224
object-group service RDP tcp
port-object eq 3389
object-group service 3901 tcp
description 3901
port-object eq 3901
object-group service 50000 tcp
description 50000
port-object eq 50000
object-group service Enable_Transparent_Tunneling_UDP udp
port-object eq 4500
access-list inside_access_in remark connection to SAP
access-list inside_access_in extended permit ip 192.168.2.0 255.255.255.0 host SAP_router_IP_on_SAP
access-list inside_access_in remark VPN Outgoing - PPTP
access-list inside_access_in extended permit tcp 192.168.2.0 255.255.255.0 any eq pptp
access-list inside_access_in remark VPN Outgoing - GRE
access-list inside_access_in extended permit gre 192.168.2.0 255.255.255.0 any
access-list inside_access_in remark VPN - GRE
access-list inside_access_in extended permit gre any any
access-list inside_access_in remark VPN Outgoing - IKE Client
access-list inside_access_in extended permit udp 192.168.2.0 255.255.255.0 any eq isakmp
access-list inside_access_in remark VPN Outgoing - IPSecNAT - T
access-list inside_access_in extended permit udp 192.168.2.0 255.255.255.0 any eq 4500
access-list inside_access_in remark DNS Outgoing
access-list inside_access_in extended permit udp any any eq domain
access-list inside_access_in remark DNS Outgoing
access-list inside_access_in extended permit tcp any any eq domain
access-list inside_access_in remark Outoing Ports
access-list inside_access_in extended permit tcp 192.168.2.0 255.255.255.0 any object-group DM_INLINE_TCP_1
access-list inside_access_in extended permit ip 172.16.1.0 255.255.255.0 any
access-list outside_access_in extended permit ip any any
access-list outside_access_in extended permit tcp any any eq pptp
access-list outside_access_in extended permit gre any any
access-list outside_access_in extended permit gre any host Mail_Server
access-list outside_access_in extended permit tcp any host Mail_Server eq pptp
access-list outside_access_in extended permit esp any any
access-list outside_access_in extended permit ah any any
access-list outside_access_in extended permit udp any any eq isakmp
access-list outside_access_in extended permit udp any any object-group Enable_Transparent_Tunneling_UDP
access-list VPN standard permit 192.168.2.0 255.255.255.0
access-list corp_vpn extended permit ip 192.168.2.0 255.255.255.0 172.16.1.0 255.255.255.0
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu management 1500
ip local pool POOL 172.16.1.10-172.16.1.20 mask 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-603.bin
no asdm history enable
arp timeout 14400
nat-control
global (outside) 2 Mail_Server netmask 255.0.0.0
global (outside) 1 interface
global (inside) 2 interface
nat (inside) 0 access-list corp_vpn
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp Mail_Server 8001 ISA_Server_second_external_IP 8001 netmask 255.255.255.255
static (inside,outside) tcp Mail_Server 8000 ISA_Server_second_external_IP 8000 netmask 255.255.255.255
static (inside,outside) tcp Mail_Server pptp isa_server_outside pptp netmask 255.255.255.255
static (inside,outside) tcp Mail_Server smtp isa_server_outside smtp netmask 255.255.255.255
static (inside,outside) tcp Mail_Server 587 isa_server_outside 587 netmask 255.255.255.255
static (inside,outside) tcp Mail_Server 9444 isa_server_outside 9444 netmask 255.255.255.255
static (inside,outside) tcp Mail_Server 9443 isa_server_outside 9443 netmask 255.255.255.255
static (inside,outside) tcp Mail_Server 3389 isa_server_outside 3389 netmask 255.255.255.255
static (inside,outside) tcp Mail_Server 3390 isa_server_outside 3390 netmask 255.255.255.255
static (inside,outside) tcp Mail_Server 3901 isa_server_outside 3901 netmask 255.255.255.255
static (inside,outside) tcp SAP 50000 isa_server_outside 50000 netmask 255.255.255.255
static (inside,outside) tcp SAP 3200 isa_server_outside 3200 netmask 255.255.255.255
static (inside,outside) tcp SAP 3299 isa_server_outside 3299 netmask 255.255.255.255
static (inside,outside) tcp Mail_Server www isa_server_outside www netmask 255.255.255.255
static (inside,outside) tcp Mail_Server https isa_server_outside https netmask 255.255.255.255
static (inside,outside) tcp Mail_Server pop3 isa_server_outside pop3 netmask 255.255.255.255
static (inside,outside) tcp Mail_Server imap4 isa_server_outside imap4 netmask 255.255.255.255
static (inside,outside) tcp cms_eservices_projects_sharepointold 9999 isa_server_outside 9999 netmask 255.255.255.255
static (inside,outside) 192.168.2.0 access-list corp_vpn
access-group outside_access_in in interface outside
access-group inside_access_in in interface inside
route outside 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.2.0 255.255.255.0 inside
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set transet esp-des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map dynmap 10 set pfs
crypto dynamic-map dynmap 10 set transform-set transet ESP-3DES-SHA
crypto map cryptomap 10 ipsec-isakmp dynamic dynmap
crypto map cryptomap interface outside
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
crypto isakmp policy 30
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
no crypto isakmp nat-traversal
telnet 192.168.2.0 255.255.255.0 inside
telnet 192.168.1.0 255.255.255.0 management
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd dns xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx interface inside
dhcpd domain domain.local interface inside
threat-detection basic-threat
threat-detection statistics host
threat-detection statistics access-list
tftp-server management 192.168.1.123 /
group-policy mypolicy internal
group-policy mypolicy attributes
split-tunnel-policy tunnelspecified
split-tunnel-network-list value VPN
username vpdn password 123
username vpdn attributes
vpn-group-policy mypolicy
service-type remote-access
tunnel-group mypolicy type remote-access
tunnel-group mypolicy general-attributes
address-pool POOL
default-group-policy mypolicy
tunnel-group mypolicy ipsec-attributes
pre-shared-key *
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect pptp
service-policy global_policy global
prompt hostname context
Cryptochecksum:b8bb19b6cb05cfa9ee125ad7bc5444ac
: end
Thank you very much.Here is the output:
ciscoasa# packet-tracer input outside icmp 172.16.1.10 8 0 192.168.2.1
Phase: 1
Type: FLOW-LOOKUP
Subtype:
Result: ALLOW
Config:
Additional Information:
Found no matching flow, creating a new flow
Phase: 2
Type: UN-NAT
Subtype: static
Result: ALLOW
Config:
static (inside,outside) 192.168.2.0 access-list corp_vpn
nat-control
match ip inside 192.168.2.0 255.255.255.0 outside 172.16.1.0 255.255.255.0
static translation to 192.168.2.0
translate_hits = 0, untranslate_hits = 139
Additional Information:
NAT divert to egress interface inside
Untranslate 192.168.2.0/0 to 192.168.2.0/0 using netmask 255.255.255.0
Phase: 3
Type: ACCESS-LIST
Subtype: log
Result: ALLOW
Config:
access-group outside_access_in in interface outside
access-list outside_access_in extended permit ip any any
Additional Information:
Phase: 4
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 5
Type: CP-PUNT
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 6
Type: INSPECT
Subtype: np-inspect
Result: ALLOW
Config:
class-map inspection_default
match default-inspection-traffic
policy-map global_policy
class inspection_default
inspect icmp
service-policy global_policy global
Additional Information:
Phase: 7
Type: INSPECT
Subtype: np-inspect
Result: ALLOW
Config:
Additional Information:
Phase: 8
Type: VPN
Subtype: ipsec-tunnel-flow
Result: ALLOW
Config:
Additional Information:
Phase: 9
Type: NAT-EXEMPT
Subtype: rpf-check
Result: ALLOW
Config:
Additional Information:
Phase: 10
Type: NAT
Subtype: rpf-check
Result: ALLOW
Config:
static (inside,outside) 192.168.2.0 access-list corp_vpn
nat-control
match ip inside 192.168.2.0 255.255.255.0 outside 172.16.1.0 255.255.255.0
static translation to 192.168.2.0
translate_hits = 0, untranslate_hits = 140
Additional Information:
Phase: 11
Type: ACCESS-LIST
Subtype:
Result: DROP
Config:
Implicit Rule
Additional Information:
Result:
input-interface: outside
input-status: up
input-line-status: up
output-interface: inside
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule -
ASA 5505 VPN Can not connect clients
Hi,
I tried to search for an answer to this question but I couldn't find the answer.
I configured the VPN on the ASA, I can not get a client to connect to the ASA I've tried and search for an answer and I really need som help!
Any help is greatly appreciated.
: Saved
ASA Version 7.2(2)
hostname
domain-name
enable password
names
ddns update method
ddns both
interface Vlan1
nameif inside
security-level 100
ddns update hostname
ddns update
dhcp client update dns
ip address 192.168.1.1 255.255.255.0
ospf cost 10
interface Vlan2
nameif outside
security-level 0
ip address x.x.x.x 255.255.255.0
ospf cost 10
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
switchport access vlan 3
interface Ethernet0/6
interface Ethernet0/7
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
dns domain-lookup inside
dns domain-lookup outside
dns server-group DefaultDNS
name-server
name-server
domain-name
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
access-list EasyVPN_splitTunnelAcl standard permit 192.168.1.0 255.255.255.0
access-list OUTSIDE_IN_ACL extended permit ip any any
access-list OUTSIDE_IN_ACL extended permit icmp any interface outside
access-list Remote-VPN_splitTunnelAcl standard permit any
access-list DefaultRAGroup_splitTunnelAcl standard permit any
access-list Bild_splitTunnelAcl standard permit any
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool TKK 192.168.1.200-192.168.1.220 mask 255.255.255.224
ip local pool VPN-Pool 192.168.254.1-192.168.254.10 mask 255.255.255.0
no failover
monitor-interface inside
monitor-interface outside
icmp unreachable rate-limit 1 burst-size 1
icmp permit any outside
asdm image disk0:/asdm-522.bin
no asdm history enable
arp timeout 14400
nat-control
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
nat (outside) 0 access-list outside_nat0_outbound
static (inside,inside) tcp interface 3389 access-list inside_nat_static
static (inside,inside) tcp interface ftp access-list inside_nat_static_2
static (outside,inside) x.x.x.x 192.168.1.0 netmask 255.255.255.255 dns
access-group inside_access_in in interface inside
access-group inside_access_out out interface inside
access-group outside_access_in in interface outside
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
group-policy DefaultRAGroup internal
group-policy DefaultRAGroup attributes
vpn-tunnel-protocol l2tp-ipsec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value DefaultRAGroup_splitTunnelAcl
group-policy DfltGrpPolicy attributes
banner none
wins-server none
dns-server value 192.168.1.253
dhcp-network-scope none
vpn-access-hours none
vpn-simultaneous-logins 3
vpn-idle-timeout 30
vpn-session-timeout none
vpn-filter none
vpn-tunnel-protocol IPSec l2tp-ipsec webvpn
password-storage disable
ip-comp disable
re-xauth disable
group-lock none
pfs disable
ipsec-udp disable
ipsec-udp-port 10000
split-tunnel-policy tunnelall
split-tunnel-network-list none
default-domain none
split-dns none
intercept-dhcp 255.255.255.255 disable
secure-unit-authentication disable
user-authentication disable
user-authentication-idle-timeout 30
ip-phone-bypass disable
leap-bypass disable
nem disable
backup-servers keep-client-config
msie-proxy server none
msie-proxy method no-modify
msie-proxy except-list none
msie-proxy local-bypass disable
nac disable
nac-sq-period 300
nac-reval-period 36000
nac-default-acl none
address-pools none
client-firewall none
client-access-rule none
webvpn
functions url-entry
html-content-filter none
homepage none
keep-alive-ignore 4
http-comp gzip
filter none
url-list none
customization value DfltCustomization
port-forward none
port-forward-name value Application Access
sso-server none
deny-message value Login was successful, but because certain criteria have not been met or due to some specific group policy, you do not have permission
to use any of the VPN features. Contact your IT administrator for more information
svc none
svc keep-installer installed
svc keepalive none
svc rekey time none
svc rekey method none
svc dpd-interval client none
svc dpd-interval gateway none
svc compression deflate
group-policy EasyVPN internal
group-policy EasyVPN attributes
dns-server value 192.168.1.253
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value EasyVPN_splitTunnelAcl
default-domain value xxx.se
group-policy Remote-VPN internal
group-policy Remote-VPN attributes
dns-server value 192.168.1.253
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value Remote-VPN_splitTunnelAcl
default-domain value xxx.se
group-policy CiscoASA internal
group-policy CiscoASA attributes
dns-server value 192.168.1.253 x.x.x.x
vpn-tunnel-protocol IPSec webvpn
group-policy Bild internal
group-policy Bild attributes
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value Bild_splitTunnelAcl
username User attributes
vpn-group-policy DfltGrpPolicy
username Bild password encrypted privilege 0
username Bild attributes
vpn-group-policy Bild
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set TRANS_ESP_DES_SHA esp-des esp-sha-hmac
crypto ipsec transform-set TRANS_ESP_DES_SHA mode transport
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 set pfs
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-DES-SHA
crypto dynamic-map outside_dyn_map 40 set pfs
crypto dynamic-map outside_dyn_map 40 set transform-set ESP-DES-SHA
crypto dynamic-map outside_dyn_map 60 set pfs
crypto dynamic-map outside_dyn_map 60 set transform-set ESP-DES-SHA
crypto dynamic-map outside_dyn_map 80 set pfs
crypto dynamic-map outside_dyn_map 80 set transform-set ESP-DES-SHA
crypto dynamic-map outside_dyn_map 100 set pfs
crypto dynamic-map outside_dyn_map 100 set transform-set ESP-DES-SHA
crypto dynamic-map outside_dyn_map 120 set pfs
crypto dynamic-map outside_dyn_map 120 set transform-set ESP-DES-SHA
crypto dynamic-map outside_dyn_map 140 set pfs
crypto dynamic-map outside_dyn_map 140 set transform-set ESP-DES-SHA
crypto dynamic-map outside_dyn_map 160 set pfs
crypto dynamic-map outside_dyn_map 160 set transform-set ESP-DES-SHA
crypto dynamic-map outside_dyn_map 180 set pfs
crypto dynamic-map outside_dyn_map 180 set transform-set TRANS_ESP_DES_SHA
crypto dynamic-map outside_dyn_map 200 set pfs
crypto dynamic-map outside_dyn_map 200 set transform-set ESP-DES-SHA
crypto dynamic-map outside_dyn_map 220 set pfs
crypto dynamic-map outside_dyn_map 220 set transform-set ESP-DES-SHA
crypto dynamic-map inside_dyn_map 20 set pfs
crypto dynamic-map inside_dyn_map 20 set transform-set ESP-DES-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto map inside_map 65535 ipsec-isakmp dynamic inside_dyn_map
crypto map inside_map interface inside
crypto isakmp enable inside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
crypto isakmp nat-traversal 20
crypto isakmp ipsec-over-tcp port 10000
tunnel-group DefaultRAGroup general-attributes
address-pool vpn
default-group-policy DefaultRAGroup
tunnel-group DefaultRAGroup ipsec-attributes
pre-shared-key *
tunnel-group Bild type ipsec-ra
tunnel-group Bild general-attributes
address-pool TKK
default-group-policy Bild
tunnel-group Bild ipsec-attributes
pre-shared-key *
tunnel-group CiscoASA type ipsec-ra
tunnel-group CiscoASA general-attributes
address-pool vpn
default-group-policy CiscoASA
tunnel-group CiscoASA ipsec-attributes
pre-shared-key *
tunnel-group EasyVPN type ipsec-ra
tunnel-group EasyVPN general-attributes
address-pool vpn
default-group-policy EasyVPN
tunnel-group EasyVPN ipsec-attributes
pre-shared-key *
tunnel-group Remote-VPN type ipsec-ra
tunnel-group Remote-VPN general-attributes
address-pool VPN-Pool
default-group-policy Remote-VPN
tunnel-group Remote-VPN ipsec-attributes
pre-shared-key *
class-map global-class
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global-policy
class global-class
inspect ftp
inspect icmp
inspect pptp
service-policy global-policy global
prompt hostname context
Cryptochecksum:8cdda33b1993ba7bb33db88d996e939c
: endHi Fredrik,
I see your acl "outside_nat0_outbound" set on inside interface for no nat, but I do not see, the acl is being defined anywhere on your config.
I also strongly recommand create your vpn-pool to be different subnet rather being as same as your inside ip of your ASA.
so, let assume your vpn pool is 192.168.255.1-254/24
so, your no-nat for inside will look like this below.
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 192.168.255.0 255.255.255.0
Let me know, if this helps.
thanks -
Hello everyone,
First off, I apologize if this is something that I can google. My knowledge of network administration is all self-taught so if there is a guide to follow that I've missed please point me in the right direction, its often hard to Google terms for troubleshooting when your jargon isn't up to snuff.
The chief issue is that when pinging internal devices while connected to the results are very inconsistent.
Pinging 192.168.15.102 with 32 bytes of data:
Reply from 192.168.15.102: bytes=32 time=112ms TTL=128
Request timed out.
Request timed out.
Request timed out.
We've set up a IPSec VPN connection to a remote Cisco ASA 5505. There are no issues connecting, connection seems constant, packets good etc. At this point I can only assume I have configuration issues but I've been looking at this for so long, and coupled with my inexperience configuring these settings I have no clue where to start. My initial thoughts are that the LAN devices I am pinging are not sending their response back or the ASA doesn't know how to route packets back?
Here's a dump of the configuration:
Result of the command: "show config"
: Saved
: Written by enable_15 at 12:40:06.114 CDT Mon Sep 9 2013
ASA Version 8.2(5)
hostname VPN_Test
enable password D37rIydCZ/bnf1uj encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
name 192.168.15.0 internal-network
ddns update method DDNS_Update
ddns both
interval maximum 0 4 0 0
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
description VLAN to inside hosts
nameif inside
security-level 100
ddns update hostname 0.0.0.0
ddns update DDNS_Update
dhcp client update dns server both
ip address 192.168.15.1 255.255.255.0
interface Vlan2
description External VLAN to internet
nameif outside
security-level 0
ip address xx.xx.xx.xx 255.255.255.248
ftp mode passive
clock timezone CST -6
clock summer-time CDT recurring
dns server-group DefaultDNS
name-server 216.221.96.37
name-server 8.8.8.8
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group service DM_INLINE_TCP_1 tcp
port-object eq www
port-object eq https
access-list outside_access_in extended permit icmp any any
access-list outside_access_in extended deny icmp interface outside interface inside
access-list outside_access_in extended permit ip 192.168.15.192 255.255.255.192 any
access-list Remote_splitTunnelAcl standard permit internal-network 255.255.255.0
access-list inside_nat0_outbound extended permit ip internal-network 255.255.255.0 192.168.15.192 255.255.255.192
access-list inside_access_in remark Block Internet Traffic
access-list inside_access_in extended permit ip 192.168.15.192 255.255.255.192 any
access-list inside_access_in remark Block Internet Traffic
access-list inside_access_in extended permit ip interface inside interface inside
access-list inside_access_in extended permit ip any 192.168.15.192 255.255.255.192
access-list inside_access_in remark Block Internet Traffic
access-list inside_nat0_outbound_1 extended permit ip 192.168.15.192 255.255.255.192 any
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool VPN_IP_Pool 192.168.15.200-192.168.15.250 mask 255.255.255.0
ipv6 access-list inside_access_ipv6_in permit ip interface inside interface inside
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
icmp permit any echo-reply outside
icmp permit any outside
no asdm history enable
arp timeout 14400
nat-control
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 0 access-list inside_nat0_outbound_1 outside
nat (inside) 1 192.168.15.192 255.255.255.192
nat (inside) 1 0.0.0.0 0.0.0.0
access-group inside_access_in in interface inside
access-group inside_access_ipv6_in in interface inside
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 xx.xx.xx.xx 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.1.0 255.255.255.0 inside
http internal-network 255.255.255.0 inside
http yy.yy.yy.yy 255.255.255.255 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
sysopt connection timewait
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh timeout 5
console timeout 0
management-access inside
dhcpd auto_config outside
dhcpd address 192.168.15.200-192.168.15.250 inside
dhcpd enable inside
threat-detection basic-threat
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
ntp server 192.168.15.101 source inside
ntp server 192.168.15.100 source inside prefer
webvpn
group-policy Remote internal
group-policy Remote attributes
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value Remote_splitTunnelAcl
username StockUser password t6a0Nv8HUfWtUdKz encrypted privilege 0
username StockUser attributes
vpn-group-policy Remote
tunnel-group Remote type remote-access
tunnel-group Remote general-attributes
address-pool VPN_IP_Pool
default-group-policy Remote
tunnel-group Remote ipsec-attributes
pre-shared-key *
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:f4271785b86e45dd3a17bab8f60cd2f3Hi Graham,
My first question is do you have a site to site VPN or Remote access client VPN.
After checking your configuration i see that you do not have any Site to SIte VPN configuration so i am assuming that you ara facing issue with the VPN client.
And if i understood correctly you are able to connect the VPN client but you not able to access the internal resources properly.
I would recommend you to tey and make teh following changes.
Remove the following configuration first:
nat (inside) 0 access-list inside_nat0_outbound_1 outside
nat (inside) 1 192.168.15.192 255.255.255.192
You do not need the 1st one and i do not understand the reason of the second one
Second one is your pool IP subnet (192.168.15.200-192.168.15.250) and i am not sure why you have added this NAT.
If possible change your Pool subnet all together because we do not recommend to use th POOL ip which is simlar to your local LAN.
Try the above changes and let me know in case if you have any issue.
Thanks
Jeet Kumar -
ASA 5505 VPN can't access inside host
I have setup remote VPN access on a ASA 5505 but cannot access the host or ASA when I login using the VPN. I can connect with the Cisco VPN client and the VPN light is on on the ASA and it shows that I'm connected. I have the correct Ip address but I cannot ping or connect to any of the internal addresses. I cannot find what I'm missing. I have the VPN bypassing the interface ACLs. Since I can login but not go anywhere I feel certian I missed something.
part of config below
interface Vlan1
nameif inside
security-level 100
ip address 10.1.1.1 255.255.255.0
ip local pool xxxx 10.1.1.50-10.1.1.55 mask 255.255.255.0
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 set pfs
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 40 set pfs
crypto dynamic-map outside_dyn_map 40 set transform-set ESP-3DES-SHA
crypto dynamic-map inside_dyn_map 20 set pfs
crypto dynamic-map inside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto map inside_map 65535 ipsec-isakmp dynamic inside_dyn_map
crypto map inside_map interface inside
crypto isakmp enable inside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
service-policy global_policy global
group-policy xxxxxxx internal
group-policy xxxxxxx attributes
banner value xxxxx Disaster Recovery Site
wins-server none
dns-server value 24.xxx.xxx.xx
vpn-access-hours none
vpn-simultaneous-logins 3
vpn-idle-timeout 30
vpn-session-timeout none
vpn-filter none
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelall
default-domain none
secure-unit-authentication disable
user-authentication disable
user-authentication-idle-timeout none
ip-phone-bypass disable
leap-bypass disable
nem disable
nac disable
nac-sq-period 300
nac-reval-period 36000
nac-default-acl none
address-pools value xxxxxx
smartcard-removal-disconnect enable
client-firewall none
webvpn
functions url-entry
vpn-nac-exempt none
no vpn-addr-assign aaa
no vpn-addr-assign dhcp
tunnel-group xxxx type ipsec-ra
tunnel-group xxxx general-attributes
address-pool xxxx
default-group-policy xxxx
tunnel-group blountdr ipsec-attributes
pre-shared-key *I get the banner and IP adress info...
This is what the client log provides...
1 13:45:32.942 05/30/08 Sev=Warning/2 CVPND/0xE3400013
AddRoute failed to add a route: code 87
Destination 172.20.255.255
Netmask 255.255.255.255
Gateway 10.1.2.1
Interface 10.1.2.5
2 13:45:32.942 05/30/08 Sev=Warning/2 CM/0xA3100024
Unable to add route. Network: ac14ffff, Netmask: ffffffff, Interface: a010205, Gateway: a010201. -
Vpn-asa 5505 - connects fine, can't use resources
Using Remote Client VPN to access internal Lan behind an ASA 5505 device. The connection is working fine. But once I connect, I can't access any computer shared folders etc. The only thing I can do is access the ASA 5505 through the ASDM 7.1 I can only ping the device 10.0.0.1 but nothing else. The funny thing is that this was working fine, then in an attempt to speed up the VPN ACCESS (it is pretty slow), I went into the ASDM configuration software to look around. Didn't think I changed anything, but now, it's not working. Here is a copy of the backup cpg.
Any ideas. Please respond with ASDM COMMANDS.. I'm a novice at the command line stuff.
Thanks.
-brett
config:
: Saved
: Written by enable_15 at 09:19:26.379 UTC Sat Feb 15 2014
ASA Version 9.1(4)
hostname ciscoasa
domain-name hnedu.com
enable password mnpTCRVkk1.ZjiWJ encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd 2KFQnbNIdI.2KYOU encrypted
names
ip local pool VPNUsers 10.0.0.80-10.0.0.99 mask 255.255.0.0
interface Ethernet0/0
switchport access vlan 2
speed 100
duplex full
interface Ethernet0/1
speed 100
duplex full
interface Ethernet0/2
speed 100
duplex full
interface Ethernet0/3
speed 100
duplex full
interface Ethernet0/4
speed 100
duplex full
interface Ethernet0/5
speed 100
duplex full
interface Ethernet0/6
speed 100
duplex full
interface Ethernet0/7
speed 100
duplex full
interface Vlan1
nameif inside
security-level 100
ip address 10.0.0.1 255.255.0.0
interface Vlan2
description External Connection
no forward interface Vlan1
nameif outside
security-level 0
ip address 209.117.123.226 255.255.255.224
boot system disk0:/asa914-k8.bin
ftp mode passive
dns domain-lookup inside
dns domain-lookup outside
dns server-group DefaultDNS
name-server 10.0.0.2
name-server 10.0.0.4
domain-name hnedu.com
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network obj-10.0.0.0
subnet 10.0.0.0 255.255.0.0
object network obj-10.0.0.64
subnet 10.0.0.64 255.255.255.192
object network obj-10.0.0.6
host 10.0.0.6
object network obj-10.0.3.48
host 10.0.3.48
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network NETWORK_OBJ_10.0.0.64_26
subnet 10.0.0.64 255.255.255.192
object-group network RDP_static
object-group service RemoteDesktop tcp-udp
description Windows Remote Desktop Access
port-object eq 3389
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
access-list inside_access_in extended permit ip any4 any4
access-list Napoleons_splitTunnelAcl standard permit 10.0.0.0 255.255.0.0
access-list inside_nat0_outbound extended permit ip 10.0.0.0 255.255.0.0 10.0.0.64 255.255.255.192
access-list outside_access_in extended permit tcp any4 host 10.0.0.6 eq www
access-list outside_access_in remark remote desktop to cproom desktop
access-list outside_access_in extended permit object-group TCPUDP any4 host 10.0.3.48 eq 3389
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-715-100.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (inside,any) source static obj-10.0.0.0 obj-10.0.0.0 destination static obj-10.0.0.64 obj-10.0.0.64 no-proxy-arp route-lookup
object network obj-10.0.0.6
nat (inside,outside) static 209.117.123.227
object network obj-10.0.3.48
nat (inside,outside) static 209.117.123.228
object network obj_any
nat (inside,outside) dynamic interface
access-group inside_access_in in interface inside control-plane
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 209.117.123.225 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
http server enable
http 192.168.1.0 255.255.255.0 inside
http 10.0.0.0 255.255.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map inside_map interface inside
crypto ca trustpoint _SmartCallHome_ServerCA
crl configure
crypto ca trustpool policy
crypto ca certificate chain _SmartCallHome_ServerCA
certificate ca 6ecc7aa5a7032009b8cebcf4e952d491
308205ec 308204d4 a0030201 0202106e cc7aa5a7 032009b8 cebcf4e9 52d49130
0d06092a 864886f7 0d010105 05003081 ca310b30 09060355 04061302 55533117
30150603 55040a13 0e566572 69536967 6e2c2049 6e632e31 1f301d06 0355040b
13165665 72695369 676e2054 72757374 204e6574 776f726b 313a3038 06035504
0b133128 63292032 30303620 56657269 5369676e 2c20496e 632e202d 20466f72
20617574 686f7269 7a656420 75736520 6f6e6c79 31453043 06035504 03133c56
65726953 69676e20 436c6173 73203320 5075626c 69632050 72696d61 72792043
65727469 66696361 74696f6e 20417574 686f7269 7479202d 20473530 1e170d31
30303230 38303030 3030305a 170d3230 30323037 32333539 35395a30 81b5310b
30090603 55040613 02555331 17301506 0355040a 130e5665 72695369 676e2c20
496e632e 311f301d 06035504 0b131656 65726953 69676e20 54727573 74204e65
74776f72 6b313b30 39060355 040b1332 5465726d 73206f66 20757365 20617420
68747470 733a2f2f 7777772e 76657269 7369676e 2e636f6d 2f727061 20286329
3130312f 302d0603 55040313 26566572 69536967 6e20436c 61737320 33205365
63757265 20536572 76657220 4341202d 20473330 82012230 0d06092a 864886f7
0d010101 05000382 010f0030 82010a02 82010100 b187841f c20c45f5 bcab2597
a7ada23e 9cbaf6c1 39b88bca c2ac56c6 e5bb658e 444f4dce 6fed094a d4af4e10
9c688b2e 957b899b 13cae234 34c1f35b f3497b62 83488174 d188786c 0253f9bc
7f432657 5833833b 330a17b0 d04e9124 ad867d64 12dc744a 34a11d0a ea961d0b
15fca34b 3bce6388 d0f82d0c 948610ca b69a3dca eb379c00 48358629 5078e845
63cd1941 4ff595ec 7b98d4c4 71b350be 28b38fa0 b9539cf5 ca2c23a9 fd1406e8
18b49ae8 3c6e81fd e4cd3536 b351d369 ec12ba56 6e6f9b57 c58b14e7 0ec79ced
4a546ac9 4dc5bf11 b1ae1c67 81cb4455 33997f24 9b3f5345 7f861af3 3cfa6d7f
81f5b84a d3f58537 1cb5a6d0 09e4187b 384efa0f 02030100 01a38201 df308201
db303406 082b0601 05050701 01042830 26302406 082b0601 05050730 01861868
7474703a 2f2f6f63 73702e76 65726973 69676e2e 636f6d30 12060355 1d130101
ff040830 060101ff 02010030 70060355 1d200469 30673065 060b6086 480186f8
45010717 03305630 2806082b 06010505 07020116 1c687474 70733a2f 2f777777
2e766572 69736967 6e2e636f 6d2f6370 73302a06 082b0601 05050702 02301e1a
1c687474 70733a2f 2f777777 2e766572 69736967 6e2e636f 6d2f7270 61303406
03551d1f 042d302b 3029a027 a0258623 68747470 3a2f2f63 726c2e76 65726973
69676e2e 636f6d2f 70636133 2d67352e 63726c30 0e060355 1d0f0101 ff040403
02010630 6d06082b 06010505 07010c04 61305fa1 5da05b30 59305730 55160969
6d616765 2f676966 3021301f 30070605 2b0e0302 1a04148f e5d31a86 ac8d8e6b
c3cf806a d448182c 7b192e30 25162368 7474703a 2f2f6c6f 676f2e76 65726973
69676e2e 636f6d2f 76736c6f 676f2e67 69663028 0603551d 11042130 1fa41d30
1b311930 17060355 04031310 56657269 5369676e 4d504b49 2d322d36 301d0603
551d0e04 1604140d 445c1653 44c1827e 1d20ab25 f40163d8 be79a530 1f060355
1d230418 30168014 7fd365a7 c2ddecbb f03009f3 4339fa02 af333133 300d0609
2a864886 f70d0101 05050003 82010100 0c8324ef ddc30cd9 589cfe36 b6eb8a80
4bd1a3f7 9df3cc53 ef829ea3 a1e697c1 589d756c e01d1b4c fad1c12d 05c0ea6e
b2227055 d9203340 3307c265 83fa8f43 379bea0e 9a6c70ee f69c803b d937f47a
6decd018 7d494aca 99c71928 a2bed877 24f78526 866d8705 404167d1 273aeddc
481d22cd 0b0b8bbc f4b17bfd b499a8e9 762ae11a 2d876e74 d388dd1e 22c6df16
b62b8214 0a945cf2 50ecafce ff62370d ad65d306 4153ed02 14c8b558 28a1ace0
5becb37f 954afb03 c8ad26db e6667812 4ad99f42 fbe198e6 42839b8f 8f6724e8
6119b5dd cdb50b26 058ec36e c4c875b8 46cfe218 065ea9ae a8819a47 16de0c28
6c2527b9 deb78458 c61f381e a4c4cb66
quit
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev1 enable inside
crypto ikev1 enable outside
crypto ikev1 policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
management-access inside
vpn-addr-assign local reuse-delay 5
vpn-sessiondb max-other-vpn-limit 10
vpn-sessiondb max-anyconnect-premium-or-essentials-limit 2
dhcp-client update dns server none
dhcpd dns 10.0.0.2 10.0.0.4
dhcpd wins 10.0.0.2 10.0.0.4
dhcpd domain hnedu.com
dhcpd option 5 ip 10.0.0.2 10.0.0.4 interface inside
dhcpd option 6 ip 10.0.0.2 10.0.0.2 interface inside
dhcprelay server 10.0.0.2 inside
dhcprelay server 10.0.0.4 inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
group-policy DfltGrpPolicy attributes
vpn-tunnel-protocol ikev1 ikev2 ssl-clientless
group-policy Napoleons internal
group-policy Napoleons attributes
wins-server value 10.0.0.2 10.0.0.4
dns-server value 10.0.0.2 10.0.0.4
vpn-tunnel-protocol ikev1 l2tp-ipsec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value Napoleons_splitTunnelAcl
default-domain value hnedu.com
group-policy Napoleon internal
group-policy Napoleon attributes
wins-server value 10.0.0.2 10.0.0.4
dns-server value 10.0.0.2 10.0.0.4
vpn-tunnel-protocol ikev1
split-tunnel-policy tunnelspecified
split-tunnel-network-list value Napoleons_splitTunnelAcl
default-domain value hnedu.com
username bpenza password LTg/b/c3kPWfC8KM encrypted privilege 0
username bpenza attributes
vpn-group-policy Napoleons
username baudette password nPZIRfshkE7WcaDQ encrypted
username baudette attributes
vpn-group-policy Napoleons
tunnel-group Napoleons type remote-access
tunnel-group Napoleons general-attributes
address-pool VPNUsers
default-group-policy Napoleons
tunnel-group Napoleons ipsec-attributes
ikev1 pre-shared-key Holyname12
tunnel-group Napoleon type remote-access
tunnel-group Napoleon general-attributes
address-pool VPNUsers
default-group-policy Napoleon
tunnel-group Napoleon ipsec-attributes
ikev1 pre-shared-key Holyname12
policy-map global-policy
class class-default
user-statistics accounting
service-policy global-policy global
prompt hostname context
call-home reporting anonymous
Cryptochecksum:eb9d34735b125eb61d8f7d93247ad9b7
: endYou need to discuss this issue with your network administrator. I suspect the network ports that allow VPN access to the system you want to use may be closed.
You also need to confirm that the VPN software you are using is compatible with the network you are trying to access. Where I work, the VPN software that comes with Mac OS X is not
compatible with the network so I have to use VPN software that was provided by my employer. You might be in the same situation. -
ASA 5505 VPN can't access inside hosts
I have configured VPN on the 5505 using ASDM and I'm able to connect to the 5505 and the client is also getting an IP-address from the configured pool.
The Cisco VPN client shows an error in the log: AddRoute failed to add a route: code 87
CiscoNo I can't ping anything.
And here is the route -print after connection
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 0c 29 48 d4 50 ...... VMware Accelerated AMD PCNet Adapter - Packet Scheduler Miniport
0x10004 ...00 05 9a 3c 78 00 ...... Cisco Systems VPN Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.222.101 192.168.222.100 1
85.82.25.170 255.255.255.255 192.168.129.2 192.168.129.130 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.129.0 255.255.255.0 192.168.129.130 192.168.129.130 10
192.168.129.0 255.255.255.0 192.168.222.101 192.168.222.100 10
192.168.129.130 255.255.255.255 127.0.0.1 127.0.0.1 10
192.168.129.254 255.255.255.255 192.168.129.130 192.168.129.130 1
192.168.129.255 255.255.255.255 192.168.129.130 192.168.129.130 10
192.168.222.100 255.255.255.255 127.0.0.1 127.0.0.1 10
192.168.222.255 255.255.255.255 192.168.222.100 192.168.222.100 10
224.0.0.0 240.0.0.0 192.168.129.130 192.168.129.130 10
224.0.0.0 240.0.0.0 192.168.222.100 192.168.222.100 10
255.255.255.255 255.255.255.255 192.168.129.130 192.168.129.130 1
255.255.255.255 255.255.255.255 192.168.222.100 192.168.222.100 1
Default Gateway: 192.168.222.101
===========================================================================
Persistent Routes:
None -
Hi!
I wish someone can help me on this, I'm a new guy on cisco firewalls and I'm currently implementing cisco asa 5512x, here are the details:
ISP -> Firewall -> Core switch -> Internal LAN
after installing the cisco asa and terminating the appropriate lan for the outside and inside interfaces, internet seems intermittent and cisco vpn client can connect with internet connection but can't ping internal LAN.
here's my configuration from my firewall.
ASA Version 8.6(1)2
hostname ciscofirewall
enable password 2KFQnbNIdI.2KYOU encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address 203.x.x.x 255.255.255.0
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 10.152.11.15 255.255.255.0
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/4
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/5
shutdown
no nameif
no security-level
no ip address
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
ftp mode passive
dns domain-lookup outside
dns domain-lookup inside
dns server-group DefaultDNS
name-server 4.2.2.2 -------> public DNS
name-server 8.8.8.8 -------> public
name-server 203.x.x.x ----> Clients DNS
name-server 203.x.x.x -----> Clients DNS
same-security-traffic permit intra-interface
object network net_access
subnet 10.0.0.0 255.0.0.0
object network citrix_server
host 10.152.11.21
object network NETWORK_OBJ_10.10.10.0_28
subnet 10.10.10.0 255.255.255.240
object network NETWORK_OBJ_10.0.0.0_8
subnet 10.0.0.0 255.0.0.0
object network InterconHotel
subnet 10.152.11.0 255.255.255.0
access-list net_surf extended permit ip any any
access-list net_surf extended permit ip object NETWORK_OBJ_10.10.10.0_28 object InterconHotel
access-list outside_access extended permit tcp any object citrix_server eq www
access-list outside_access extended permit ip object NETWORK_OBJ_10.10.10.0_28 any
access-list outsidevpn_splitTunnelAcl standard permit 10.152.11.0 255.255.255.0
access-list LAN_Users remark LAN_clients
access-list LAN_Users standard permit any
access-list vpnpool extended permit ip 10.10.10.0 255.255.255.248 any
pager lines 24
logging enable
logging asdm informational
mtu management 1500
mtu outside 1500
mtu inside 1500
ip local pool vpnpool 10.10.10.1-10.10.10.6 mask 255.255.255.248
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
nat (inside,outside) source static NETWORK_OBJ_10.10.10.0_28 NETWORK_OBJ_10.10.10.0_28 destination static NETWORK_OBJ_10.10.10.0_28 NETWORK_OBJ_10.10.10.0_28 no-proxy-arp route-lookup
object network net_access
nat (inside,outside) dynamic interface
object network citrix_server
nat (inside,outside) static 203.177.18.234 service tcp www www
object network NETWORK_OBJ_10.10.10.0_28
nat (any,outside) dynamic interface
object network InterconHotel
nat (inside,outside) dynamic interface dns
access-group outside_access in interface outside
access-group net_surf out interface outside
route outside 0.0.0.0 0.0.0.0 203.x.x.x 1
route outside 10.10.10.0 255.255.255.248 10.152.11.15 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication telnet console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 management
http 10.0.0.100 255.255.255.255 inside
http 10.10.10.0 255.255.255.240 outside
http 0.0.0.0 0.0.0.0 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map inside_map interface inside
crypto ikev1 enable outside
crypto ikev1 enable inside
crypto ikev1 policy 10
authentication crack
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 20
authentication rsa-sig
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 30
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 40
authentication crack
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 50
authentication rsa-sig
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 60
authentication pre-share
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 70
authentication crack
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 80
authentication rsa-sig
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 90
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 100
authentication crack
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 110
authentication rsa-sig
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 120
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 130
authentication crack
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 140
authentication rsa-sig
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 150
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
client-update enable
telnet 10.152.11.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
threat-detection basic-threat
threat-detection statistics
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
webvpn
enable outside
anyconnect-essentials
group-policy outsidevpn internal
group-policy outsidevpn attributes
dns-server value 203.x.x.x 203.x.x.x
vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-client
split-tunnel-policy tunnelall
split-tunnel-network-list value outsidevpn_splitTunnelAcl
default-domain value interconti.com
address-pools value vpnpool
username test1 password i1lji/GiOWB67bAs encrypted privilege 5
username test1 attributes
vpn-group-policy outsidevpn
username mnlha password WlzjmENGEEZmT9LA encrypted
username mnlha attributes
vpn-group-policy outsidevpn
username cisco password 3USUcOPFUiMCO4Jk encrypted privilege 15
tunnel-group outsidevpn type remote-access
tunnel-group outsidevpn general-attributes
address-pool (inside) vpnpool
address-pool vpnpool
authentication-server-group (outside) LOCAL
default-group-policy outsidevpn
tunnel-group outsidevpn ipsec-attributes
ikev1 pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
inspect http
inspect ipsec-pass-thru
class class-default
user-statistics accounting
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
hpm topN enable
Cryptochecksum:edc30dda08e5800fc35b72dd6e1d88d7
: end
thanks. please help.I think you should change your nat-exemption rule to smth more general, like
nat (inside,outside) source static any any destination static NETWORK_OBJ_10.10.10.0_28 NETWORK_OBJ_10.10.10.0_28 no-proxy-arp route-lookup
'cause your inside networks are not the same as your vpn-pool subnet.
Plus, if you're trying to reach inside subnets, different from 10.152.11.0 255.255.255.0 (ip from wich subnet is assignet to your inside interface, and for wich above nat exception should be enough), you should check if routing is configured from that subnets to your vpn-pool-subnet through the ASA. -
I will include a post of my config. I have the clients connecting through the VPN tunnel on the 180.0.0.0/24 network, 192.168.1.0/24 is the primary network for the office.
I can connect to the VPN and I do recieve the correct address assignment. I belive tunneling may be setup correct in the aspect that I can still connect to the internet while on the VPN, but I can not ping any hosts on the 192.168.1.0 network. In the debug log from the ASDM I can see pings reaching the ASA, but no responce is received on the client.
6
Feb 21 2013
21:54:26
180.0.0.1
53508
192.168.1.1
0
Built inbound ICMP connection for faddr 180.0.0.1/53508 gaddr 192.168.1.1/0 laddr 192.168.1.1/0 (christopher)
Any help would be greatly appreciated, I am currently presuring my CCNP so I would like to get a deeper understanding of how to solve these issues.
-Chris
hostname RegencyRE-ASA
domain-name regencyrealestate.info
enable password 2/VA7dRFkv6fjd1X encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
name 180.0.0.0 Regency
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
description link to REGENCYSERVER
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
description link to RegencyRE-AP
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.120 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address x.x.x.x 255.255.255.248
ftp mode passive
clock timezone PST -8
clock summer-time PDT recurring
dns domain-lookup inside
dns domain-lookup outside
dns server-group DefaultDNS
name-server 208.67.220.220
name-server 208.67.222.222
domain-name regencyrealestate.info
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 Regency 255.255.255.224
access-list RegencyRE_splitTunnelAcl standard permit 192.168.1.0 255.255.255.0
access-list outside_access_in extended permit icmp any any
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool Regency 180.0.0.1-180.0.0.20 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
icmp permit any outside
asdm location Regency 255.255.255.0 inside
asdm location 192.168.0.0 255.255.0.0 inside
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 12.186.110.2 1
route inside 192.0.0.0 255.0.0.0 192.168.1.102 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
aaa authentication serial console LOCAL
http server enable 8443
http 0.0.0.0 0.0.0.0 outside
http 0.0.0.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 inside
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 15
ssh version 2
console timeout 0
dhcprelay server 192.168.1.102 inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 69.25.96.13 source outside prefer
ntp server 216.171.124.36 source outside prefer
webvpn
group-policy RegencyRE internal
group-policy RegencyRE attributes
dns-server value 208.67.220.220 208.67.222.222
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value RegencyRE_splitTunnelAcl
username adriana password encrypted privilege 0
username christopher password encrypted privilege 15
username irene password encrypted privilege 0
tunnel-group RegencyRE type remote-access
tunnel-group RegencyRE general-attributes
address-pool Regency
default-group-policy RegencyRE
tunnel-group RegencyRE ipsec-attributes
pre-shared-key R3&eNcY1.
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:35bc3a41701f7f8e9dde5fa35532896d
: endLooking at a previous ASA 5520 I configured when I ping hosts I see the following in the logs. I know there is something obvious I am missing.
6
Feb 21 2013
22:01:49
302020
170.0.0.1
13317
172.16.0.253
0
Built inbound ICMP connection for faddr 170.0.0.1/13317 gaddr 172.16.0.253/0 laddr 172.16.0.253/0 (cxv1)
6
Feb 21 2013
22:01:49
302020
172.16.0.253
0
170.0.0.1
13317
Built outbound ICMP connection for faddr 170.0.0.1/13317 gaddr 172.16.0.253/0 laddr 172.16.0.253/0
Maybe you are looking for
-
in SAP we r giving short text while creating any object ... what is the purpose of it ?? can we search the objects using the search texts ??? How ?? STEP BY STEP process pls.. Thanks Raj
-
Generate 32-Bit Images with MapViewer?
Hi, is there any posibilitiy to generate 32-bit images with an alpha-channel (RGBA)? Currently I can only produce 24-bit images without an Alpha-Channel (RGB). Regards Kerstin
-
Just Got a Refurb Zen Micro, Can Anyone Please Help - Clic
Hi all, Just got a Zen Micro 6GB refurb today, when i first tried it (before hooking upto a PC) the clicker didnt work. I hooked it upto my PC and transferred some tracks, when i disconnected however my device started playing up. When i turned the de
-
My computer can not find my new airport express?
I have my airport express connected via the ethernet, downloaded the utility folder but the light continues to flash amber and when I open the airprot utility it cannot find the airport. It is plugged in and right beside me so it is not a range issue
-
Can someone tell me how to expand all email messages in mail 5.2
as a default, so that my conversation is not strung together? I'm missing messages becuase I cannot figure this out.... tku! pat