Cant access asdm from vpn

I am vpn'ing in to an ASA, and once I'm in, I can access everything on the lan. However, I can not connect to the firewall with the ASDM. Can someone check out this config and see if there is something missing?
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2012.10.24 10:13:00 =~=~=~=~=~=~=~=~=~=~=~=
show u run
: Saved
ASA Version 8.4(4)1
hostname Bryan-ASA
enable password Z77JKH8dh1FhRD4u encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
<--- More --->
interface Vlan1
nameif inside
security-level 100
ip address 10.50.0.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
boot system disk0:/asa844-1-k8.bin
ftp mode passive
same-security-traffic permit intra-interface
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network NETWORK_OBJ_10.50.0.0_24
subnet 10.50.0.0 255.255.255.0
object network obj-10.0.0.0-01
subnet 10.0.0.0 255.0.0.0
object network obj-10.0.0.0
subnet 10.0.0.0 255.0.0.0
object network obj-10.50.0.0
subnet 10.50.0.0 255.255.255.0
<--- More --->
object network obj-10.50.0.90
host 10.50.0.90
object-group network RFC1918
network-object 192.168.0.0 255.255.0.0
network-object 10.0.0.0 255.0.0.0
object-group network rfc1918
access-list inside extended permit icmp any any
access-list inside extended permit ip any any
access-list outside-acl extended permit tcp any object obj-10.50.0.90 eq 41790
access-list ips extended permit ip any any
access-list traffic_for_ips extended permit ip any any
access-list split-acl standard permit 10.50.0.0 255.255.255.0
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool VPN-POOL 10.50.0.225-10.50.0.240 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-649-103.bin
no asdm history enable
arp timeout 14400
nat (inside,outside) source dynamic RFC1918 interface
nat (inside,outside) source static obj-10.0.0.0 obj-10.0.0.0 destination static obj-10.0.0.0 obj-10.0.0.0 route-lookup
<--- More --->
object network obj_any
nat (inside,outside) dynamic interface
object network obj-10.50.0.90
nat (inside,outside) static interface service tcp 41790 41790
access-group outside-acl in interface outside
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
http server enable
http 10.50.0.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev1 transform-set CIMCO_MAN_TRANS esp-3des esp-md5-hmac
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set CIMCO_MAN_TRANS
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set reverse-route
<--- More --->
crypto map OUTSIDE_MAP 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map OUTSIDE_MAP interface outside
crypto ca trustpoint ASDM_TrustPoint0
enrollment self
subject-name CN=Bryan-ASA
crl configure
crypto ikev1 enable outside
crypto ikev1 policy 100
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
telnet 10.50.0.0 255.255.255.0 inside
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 30
ssh 0.0.0.0 0.0.0.0 inside
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
management-access inside
dhcpd auto_config outside
<--- More --->
dhcpd address 10.50.0.10-10.50.0.40 inside
dhcpd dns 4.2.2.2 interface inside
dhcpd enable inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl trust-point ASDM_TrustPoint0 outside
webvpn
enable outside
anyconnect image disk0:/anyconnect-win-2.5.6005-k9.pkg 1
anyconnect profiles AnyConnect disk0:/anyconnect.xml
anyconnect enable
tunnel-group-list enable
group-policy DfltGrpPolicy attributes
dns-server value 4.2.2.2
vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-client ssl-clientless
split-tunnel-policy tunnelspecified
split-tunnel-network-list value split-acl
webvpn
anyconnect profiles value AnyConnect type user
group-policy VPNCLIENT internal
group-policy VPNCLIENT attributes
<--- More --->
dns-server value 4.2.2.2
vpn-tunnel-protocol ikev1
split-tunnel-policy tunnelspecified
split-tunnel-network-list value split-acl
default-domain value randall.local
webvpn
anyconnect profiles value AnyConnect type user
username bryan password 9yyVnd5p1Ke6w1Iu encrypted privilege 15
username john password nFEF0Xku7smzSs4N encrypted privilege 15
tunnel-group DefaultRAGroup general-attributes
address-pool VPN-POOL
tunnel-group DefaultWEBVPNGroup general-attributes
address-pool VPN-POOL
tunnel-group VPNCLIENT type remote-access
tunnel-group VPNCLIENT general-attributes
address-pool VPN-POOL
default-group-policy VPNCLIENT
tunnel-group VPNCLIENT ipsec-attributes
ikev1 pre-shared-key *****
ikev1 user-authentication none
class-map inspection_default
match default-inspection-traffic
<--- More --->
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
<--- More --->
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:a1ca799b8bae183cc32eeb34ca2272bb
: end
Bryan-ASA# exit
Logoff

Protocol Socket    Local Address               Foreign Address         State
TCP       0004a08f 10.50.0.1:23                0.0.0.0:*               LISTEN
TCP       0006d84f 10.50.0.1:22                0.0.0.0:*               LISTEN
SSL       0009887f 76.87.25.242:443            0.0.0.0:*               LISTEN
DTLS      000ab97f 76.87.25.242:443            0.0.0.0:*               LISTEN
TCP       009de4af 76.87.25.242:22             0.0.0.0:*               LISTEN
SSL       017204df 10.50.0.1:443               0.0.0.0:*               LISTEN
TCP       021cf6a8 76.87.25.242:22             65.208.141.66:58154     ESTAB

Similar Messages

HT5372 i cant access icloud from the under the settings tab in an ipad mini....

I got my daughter an ipad mini for xmas this year. I set it up under my account, but as she was using it. it seemed like it would be easier if she had her own account. I deleted my info and did a factory reset. I then set it up under her own user id and everything was fine.
My problem is....i cant access icloud from her ipad under the settings tab....it isnt highlighted.
I can sign on at icloud.com so i know the user id is valid.
Im not very tech savy and i really dont know a whole lot about mac products.
Any help would be great!
Thanks

Hello fgrprez
If you are unable to find the iCloud section in settings, navigate to Settings > iCloud or Settings > Mail, Contacts ,Calendars. If you choose the option to view it within Mai, Contacts, Calendars section and you do not see an iCloud account, then add it with the Add Account button.
iCloud: Change iCloud feature settings
http://support.apple.com/kb/PH2613
Regards,
-Norm G.

I cant access facebook from my cell.It keeps giving me unsupported content type.

I cant access facebook from my cell.It keeps giving me unsupported content type.
LG - EnV2

Issue finally resolved reported to facebook last night via
https://www.facebook.com/help/contact.php?show_form=mobile_bug
Finally about to access facebook on En2 Phone after two days

Ive backed up my phone and restored it after updating the software and now a lot of my apps have waiting next to them and i cant access them from the interface

Ive backed up my phone and restored it after updating the software and now a lot of my apps are greyed out and i cant access them via the phone interface
I can only access them via the App store

I did plug it into itunes and then backed it up to the cloud (im actually wondering if thats my problem)
then restored it from the cloud.
Maybe I should restore it from the computer (when its plugged into itunes?)
thanks sberman

Cant Access Gmail from my Nokia C2-01

On the Microsoft help page the following appears:
"The Mail app for Nokia Asha and Series 40 phones will be discontinued on 17 November 2014. After this date, you will not be able to use the Mail app to send and receive new email, or read existing emails.
But don't worry. You can continue to have email on your Nokia phone by using the browser to access your email provider's website."
However when I try to access Gmail from my Nokia phone using the http gmail.com link Gmail blocks me. It thinks I am a hacker based in America and forces me to change my password. Please advise.

Unfortunately your post is off topic here, in the TechNet Site Feedback forum, because it is not Feedback about the TechNet Website or Subscription. This is only one forum among the many that are on the TechNet Discussion Forums, and given
your post, you likely chose the wrong forum. This is a standard response I’ve written up in advance to help many people (thousands, really.) who post their question in this forum in error, but please don’t ignore it. The links I share below I’ve
collected to help you get right where you need to go with your issue.
For technical issues with Microsoft products that you would run into as an
end user of those products, one great source of info and help is
http://answers.microsoft.com, which has sections for Windows, Hotmail, Office, IE, and other products. Office related forums are also here:
http://office.microsoft.com/en-us/support/contact-us-FX103894077.aspx
For Technical issues with Microsoft products that you might have as an
IT professional (like technical installation issues, or other IT issues), you should head to the TechNet Discussion forums at
http://social.technet.microsoft.com/forums/en-us, and search for your product name.
For issues with products you might have as a Developer (like how to talk to APIs, what version of software do what, or other developer issues), you should head to the MSDN discussion forums at
http://social.msdn.microsoft.com/forums/en-us, and search for your product or issue.
If you’re asking a question particularly about one of the Microsoft Dynamics products, a great place to start is here:
http://community.dynamics.com/
If you really think your issue is related to the subscription or the TechNet Website, and I screwed up, I apologize! Please repost your question to the discussion forum and include much more detail about your problem, that could include screenshots
of the issue (do not include subscription information or product keys in your screenshots!), and/or links to the problem you’re seeing.
If you really had no idea where to post this question but you still posted it here, you still shouldn’t have because we have a forum just for you! It’s called the Where is the forum for…? forum and it’s here:
http://social.msdn.microsoft.com/forums/en-us/whatforum/
Moving to off topic.
Thanks, Mike
MSDN and TechNet Subscriptions Support
Did Microsoft call you out of the blue about your computer?
No, they didn't.

Connect to firewall SSH or ASDM from VPN

Hello,
I've created an AnyConnect VPN which the client is assigned an IP from the IP Pool 10.20.20.0/255.255.255.224.
I've tried to create an entry in the management access tab with the following settings, and it is not working;
Type:ASDM/HTTPS, Interface:Inside, IP Address 10.20.20.0, Mask: 255.255.255.224.
I've also tried setting the interface to outside - no improvement.
Any tips are welcome.

Hi Brendan,
Please check these three basic things:
1- The internal network of the ASA is included in the split-tunnel ACL (if configured).
2- Make sure you have the following command: management-access inside
3- Make sure that the identity NAT entry for this traffic has the route lookup at the end. *
ie. nat (inside,outside) source static LAN LAN destination AnyConnect AnyConnect no-proxy-arp route-lookup *
* Assuming that you are running 8.4+
HTH.
Portu.

Ive uploaded firefox 4 and now I cant access messenger from the browser, it say unavailable, but it works as a stand alone prog.. cant find a setting to reactivate.. Please advise TY!

Im on Win 7 Ultimate and had Firefox working fine with messenger in the browser & could use the pop up chat box. Since the upload I get the message that messenger is currently not available, but it works fine when I activate it as a stand alone prog. but I want it back in my browser.. cant find any setting or pref. to activate it... have cleared cache and history, restarted, even reloaded a messenger from Windows essencials.. no difference.. it been like this for 5 days since the update.. anyone got a solution? thanks alot for your help.

DFU mode:
http://www.iclarified.com/entry/index.php?enid=1034

Cant access files from Mavericks Partition

I have OS X Lion and Mavericks installed on the one SSD of my MBP. I want to access my music, pictures, movies and so fourth from my Mavericks Partition on my Lion one. But whenever I goto the Mavericks partition folder there are all these small stop signs on each folder, denying me access. I have tried right clicking and going to share and allowing all users access. But this doesn't work. And suggestions on how I can access the data on both OSs??

Generally, that's what you see when accessing files stored under a different User name. Are you using the same User name for both partitions? I always use the same user name for different OS X partitions.

Puzzler... Cant access RRAS with VPN connected client

I have a series of 4 VMs running server 2012 r2;
dc- my domain and wsus server
rds- my remote desktop server for remoteapps, RRAS for connecting to VPN
sql- sql server for database needed for one of the apps published
av- hosts kaspersky and manages backups
So, I have a VPN set up through RRAS and am connecting with it and all is well. I can ping every computer on the network EXCEPT the rds server. I can ping from the rds server to the vpn client.
I am trying to use a remote app over the vpn but the remote app is unable to reach the rds server.
Does something have to be setup manually to loopback traffic to the rds server when it is coming in on the same server through RRAS?
Any insight would be appreciated!
Matt

Hi,
According to your description, my understanding is that rds installed RRAS and configured it as VPN server, VPN client successfully ping internal clients, but failed to ping the VPN server.
Are there 2 NICs on the VPN server? One connects to internal and another connects to external?
In general, a ping packet is sent by the client from its own IP address to the external IP address of VPN server, it will be unpacked once the VPN server receives it, and the VPN server will dispatch this pack due to the internal IP address. So, if this
packet is sent to the VPN server, when it unpack the packet and find it is sent to itself, the VPN server should reply to this packet.
You may try to turn off firewall/anti-virus software temporally, and then check to see if it can successfully ping. Besides, use a monitoring tool(Network Monitor, Wireshark ) to
capture packets on both client and VPN server, check to see if the packets are sent/answered to the correctly destination.
Best Regards,
Eve Wang
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

Cant access menu from my Blackberry Z10

My phone went for repairs it had a challenge with software. Its only a week now I cannot access my menu not even a phone book. I can make and receive calls but it doesnt record.
I cant imagine a weekend without a phone :Censored

Zozokaimmy wrote:
ive switched it on and off but still it remains the same
No, that is doing nothing.
Do a simple reboot on the BlackBerry in this manner: With the BlackBerry device POWERED ON, remove the battery for a minute, and then reinsert the battery to reboot. A reboot in this manner is prescribed for most glitches and operating system errors, and you will lose no data on the device doing this.
1. If any post helps you please click the below the post(s) that helped you.
2. Please resolve your thread by marking the post "Solution?" which solved it for you!
3. Install free BlackBerry Protect today for backups of contacts and data.
4. Guide to Unlocking your BlackBerry & Unlock Codes
Join our BBM Channels (Beta)
BlackBerry Support Forums Channel
PIN: C0001B7B4 Display/Scan Bar Code
Knowledge Base Updates
PIN: C0005A9AA Display/Scan Bar Code

Cant access serviceability from one CUCM server to the next

If I log into my pub and serviceability, I try to access my other subs. I keep getting an error when trying to access the other servers from the drop down list. Although, everything is replicating throughout the cluster, I can log into another CUCM and only use serviceability for that one server also.
Im going to do a reset tonight on the cluster. the logs are clean and clear on RTMT on all servers. It's very odd. I thought maybe a security password would be wrong, but there are no errors anywhere on any server in the cluster.

Hi,
there is a bug associated to this issue
Unified Serviceability Tools can not connect to other nodes
CSCud67438
Description
Symptom:
Cisco Unified Serviceability pages Tools -> Service Activation or Control Center Feature or Network Services can not connect to other nodes in the cluster.When another node is selected the Status indicates Connection to the Server cannot be established (Unknown Error)
Conditions:
CCMService Tomcat logs indicates the following error message when attempting to connect to other nodes in the cluster,
{http://xml.apache.org/axis/}stackTrace:javax.net.ssl.SSLException: Certificate not verified.
Workaround:
We have the following workarounds
- Accessing SUB serviceability pages directly
- Restarting tomcat on PUB ( once ) after the upgradeFor SNMP configuration where same Community string needs to be added or modified on all nodes, again using a Subscriber node instead of the Publisher also seems to work in this case.
regds,
aman

Cant access dashboards from home wireless network via my personal 10.1.3.4

Hi,
I installed 10.1.3.4 on my laptop at work - which worked fine. though when attempting dashboards via presentation layer at home the url cannot be displayed. I believe it is because i am using a static ip & at home on my wireless i get assigned any old ip. can anyone advise how to get around this?

Yes, It has impact. You create groups in the Repository & Answers and assign the object level permissions.
You Populate Group Variable during authentication via LDAP server. Once you login with X name you see the authorized groups in the my account.
For dashboard A - For group Executive - User X - You have given full access.
Now you have changed the Group name to AD_Executive. When You Login variable values would be
User - X
Group - Ad_Executive
Dashboard A - No permissions.
If you have a scenario of changing the group names then get Groups from database using Init block after authorization.

Cant access iTunes from my iPhone......

When I click on the iTunes icon I only get access to the iTunes U site?? What's wrong?

The iTunes account can be accessed from any computer with iTunes installed by simply logging into the account.
This does not mean that the media from your iTunes library will magically appear on another computer. The media is only where you put it.

HELP!!! PLEASE CANT ACCESS STORE

i have 3 users with 1 administrator and the other 2 with parental control. All of the songs that me and my kids put into our ipods are in the itunes of one of the standard users with parental control. I cant access store from that user or the other standard user but I can access it from the administrator, which has no songs whatsoever. I tried putting itunes on the allow list of parental control but nothing. I dont know what to do. We dont want to transfer the songs to the admin. HELP

sorry also meant to say it is sayng network connection has timed out
not changed isp
not installed any new software, sheeh!!!

I cant access wifi

Hi,
I can access internet from vodafone when I activated the BB pack but I cant access internet from wifi from my office event though it shows as connected and signal strength is too good but still i didnt access I tried to change the advanced system settings and I didnt find anywhere so I just go by the search option and it shows this application is disabled on this device by your carrier. So could some one help me to get the rid of this.
Regards,
Yasar. B

Hi and Welcome to the Community!
You need to check multiple WiFi networks to be sure...if you can access fine from any other WiFi networks, then it's the one you are trying to use that fails that has the restrictions, and you need to talk to those admins.
Good luck and let us know!
Occam's Razor nearly always applies when troubleshooting technology issues!
If anyone has been helpful to you, please show your appreciation by clicking the button inside of their post. Please click here and read, along with the threads to which it links, for helpful information to guide you as you proceed. I always recommend that you treat your BlackBerry like any other computing device, including using a regular backup schedule...click here for an article with instructions.
Join our BBM Channels
BSCF General Channel
PIN: C0001B7B4 Display/Scan Bar Code
Knowledge Base Updates
PIN: C0005A9AA Display/Scan Bar Code

Cant access asdm from vpn

Similar Messages

Maybe you are looking for