Generic TCP proxy?

My ISP has a bad configured proxy under my connection, filtering HTTP (80).
This means that many sites report me as banned, even If I never visited them. I wanted to know if exists something like a generic tcp proxy, to send all my conections there.
I own a VPS server on lineo (london datacenter), and I have the idea of turning it in my personal proxy. Can I do it with iptables rules?
I know the existence of squid, but I've heard its only HTTP, and also a madness to configure.
suggestions?

A VPN set as the default route would probably work. I imagine there are instructions on the wiki for this.
You can also use tsocks + SSH. There is an option to force tsocks to load with every program.

Similar Messages

  • Best Performance: HTTP accelerator or generic tcp proxy

    Hi,
    We want to publish an application based on HTTPS. ( vmware view). Which would be a better choice, the HTTP accelerator, or the Generic TCP proxy, in terms of performance (lowest latency) ?
    Kind regards,
    Hen

    Hi,
    I am unable to identify a bottleneck.
    The proxy is generally performing fine, only the vmware view connection through generic TCP proxy shows a delay.
    Kind regards,
    Hen
    Originally Posted by phxazcraig
    In article <[email protected]>, Hennys wrote:
    > I had not yet done the tuneup.ncf. Have done it now, see if it makes
    > any difference. other things were already done according to tip 23.
    >
    The tuneup settings are from Novell, and they work together with proxy
    settings to allow the proxy to work faster, and handle heavier loads.
    Have a look at the proxy console statistics and see if you can get an
    idea if there is a bottleneck somewhere. Perhaps disk I/O. Perhaps a
    DNS server problem (check proxy console option 4).
    Craig Johnson
    Novell Support Connection SysOp
    *** For a current patch list, tips, handy files and books on
    BorderManager, go to Craig Johnson Consulting - BorderManager, NetWare, and More ***

  • Generic TCP proxy: how to create Access rule ?

    Hi,
    I have configured a Generic TCP proxy on the public address, port 6300 of our bordermanager server that points to an internal server 192.168.10.148 on port 80. I have configured the filter exceptions for port 6300.
    I have also tried to create an ACL rule to give everyone on the internet access to the Generic TCP in different ways, but I'm unable to succeed. I can see in the proxy statistics, number of ACL denials increasing each time I try to connect so the problem is in the ACL rule.
    The rule I think should be right but isn't working is the following:
    Allow:
    source: host Ip Addresses:
    IP: equals any (the Internet)
    Destination: Host IP addresses:
    192.168.10.148 (the internal server)
    Origin server port:
    6300 (the port on the public interface on which the Generic TCP proxy is listening).
    What am I doing wrong ?

    hennys,
    It appears that in the past few days you have not received a response to your
    posting. That concerns us, and has triggered this automated reply.
    Has your problem been resolved? If not, you might try one of the following options:
    - Visit http://support.novell.com and search the knowledgebase and/or check all
    the other self support options and support programs available.
    - You could also try posting your message again. Make sure it is posted in the
    correct newsgroup. (http://forums.novell.com)
    Be sure to read the forum FAQ about what to expect in the way of responses:
    http://forums.novell.com/faq.php
    If this is a reply to a duplicate posting, please ignore and accept our apologies
    and rest assured we will issue a stern reprimand to our posting bot.
    Good luck!
    Your Novell Product Support Forums Team
    http://support.novell.com/forums/

  • Generic TPC proxy & terminal server

    Hi :
    I am using Generic TCP to forward a TS request that os a TS server that is behind a Bordermanager 3.8 SP1.
    Is that correct to use ?
    I have a slow response, like it buffers for a time and then releases everything.
    Is there anything to do or to fine tune that or is a bug or ma misconfiguration ?
    Regards
    Calil

    In article <[email protected]>, Calil wrote:
    > I am using Generic TCP Proxy to forward TS requests to a TS server that
    > is behind a Bordermanager 3.8 SP1.
    > Is that correct to use ?
    I do it a lot. I prefer NAT, but generic proxy works fine. (NAT works
    even if proxy isn't loaded...)
    > I have a slow response to the users that are in the Internet accessing
    > that TS server, it seems that Border server is buffering data for a time
    > and then releasing everything, so If open a notepad, I type a keystroke,
    > I wait for a while and then I see the characters.
    That is not normal in my experience, unless your internet bandwidth is all
    used up and everything to the internet is slow. I do a LOT of work
    remotely, through BMgr servers, and I have a very good feel for the speeds
    of remote access. Remote access doesn't feel that slow unless something
    is wrong, or you are down in the 56k or less available bandwidth left on
    busy circuits.
    > Is there anything to do
    > or to fine tune
    > or is a bug
    > or a misconfiguration ?
    You definitely want to tune the server, even if the generic proxy seemed
    OK. See tip #23 at the URL below, and also tips 1 and 63.
    Check for basic communications issue, like duplex mismatch on the server
    NIC's, viruses eating bandwidth, etc.
    I would put a PC on the public side of BMgr, and give it a public address.
    (Disconnect the router and use its address for a test if you have to).
    That way you can rule out internet bandwidth as a factor. If generic
    proxy is fast then, you start looking at the ISP, router and WAN link. If
    the generic proxy is slow, you start looking at the server, and traffic
    to/from the server.
    Craig Johnson
    Novell Support Connection SysOp
    *** For a current patch list, tips, handy files and books on
    BorderManager, go to http://www.craigjconsulting.com ***

  • How to determine if extend TCP proxy isn't running?

    I've setup a Coherence cluster using nodes Coh-A and Coh-B.  I have a TCP proxy running on both the nodes on port 9098.
    My application is able to the talk (i.e., both get and set) to the cluster through the TCP proxies.   All is fine when the coherence servers are up and running.  I was curious to see the behavior of the system when coherence servers are down.  My requirement is such that, it should have no impact on the system if coherence is down.  The application should instead bypass Coherence and go the database.  But this isn't happening (logs below).  Is there any way to check if the coherence server is reachable (up and running) before trying to access the cache from the application code?
    2013-11-13 16:30:12.060/1660.501 Oracle Coherence GE 3.7.1.0 <D5> (thread=[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)', member=n/a): Connecting Socket to 10.246.28.18:9098
    2013-11-13 16:30:12.062/1660.502 Oracle Coherence GE 3.7.1.0 <Info> (thread=[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)', member=n/a): Error connecting Socket to 10.246.28.18:9098: java.net.ConnectException: Connection refused
    2013-11-13 16:30:12.062/1660.502 Oracle Coherence GE 3.7.1.0 <D5> (thread=[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)', member=n/a): Connecting Socket to 10.246.28.3:9098
    2013-11-13 16:30:12.063/1660.503 Oracle Coherence GE 3.7.1.0 <Info> (thread=[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)', member=n/a): Error connecting Socket to 10.246.28.3:9098: java.net.ConnectException: Connection refused
    2013-11-13 16:30:12,117 [[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] ERROR errors.GrailsExceptionResolver  - Exception occurred when processing request: [GET] /api/cafe/601272
    Stacktrace follows:
    com.tangosol.net.messaging.ConnectionException: could not establish a connection to one of the following addresses: [10.246.28.18:9098, 10.246.28.3:9098]; make sure the "remote-addresses" configuration element contains an address and port of a running TcpAcceptor
            at com.tangosol.coherence.component.util.daemon.queueProcessor.service.peer.initiator.TcpInitiator.openConnection(TcpInitiator.CDB:120)
            at com.tangosol.coherence.component.util.daemon.queueProcessor.service.peer.Initiator.ensureConnection(Initiator.CDB:11)
            at com.tangosol.coherence.component.net.extend.remoteService.RemoteCacheService.openChannel(RemoteCacheService.CDB:5)
            at com.tangosol.coherence.component.net.extend.RemoteService.ensureChannel(RemoteService.CDB:6)
            at com.tangosol.coherence.component.net.extend.remoteService.RemoteCacheService.createRemoteNamedCache(RemoteCacheService.CDB:12)
            at com.tangosol.coherence.component.net.extend.remoteService.RemoteCacheService.ensureCache(RemoteCacheService.CDB:27)
            at com.tangosol.coherence.component.util.SafeNamedCache$CacheAction.run(SafeNamedCache.CDB:3)
            at java.security.AccessController.doPrivileged(Native Method)
    Thanks,
    Anand

    Cant we catch the mentioned exception and if that appears we can redirect the query to database

  • New parameter "timeout tcp-proxy-reassembly" in ASA 8.2

    I couldn't find much in the config guide or web site for this. Can someone tell me which situations this would come into play? Here is the CLI help:
    "Configure idle timeout after which buffered packets waiting for reassembly in tcp-proxy are dropped"

    Hi.
    I've had a very interesting discussion with a TAC engineer about this command.
    The engineer mentions that, with this command, ASA behaves in the following way:
    When the ASA receive a fragmented data, it puts the fragments in the buffer to be able to reassemble it and then sent it. When the buffer exceed the limit, the ASA start dropping the reassemble packets so the reason for the packet drop is always the buffer limit exceed . by using the command “tcp-proxy-reassembly”, the ASA wait for an idle time which is determined by this command, the reason why we need this idle time is that the ASA after dropping the fragmented packet still keeps the connection in the conn table open waiting to reassemble the fragments and send it , but this will not happen as the fragment was dropped , so this will keep the connection in the conn table and exhaust the ASA memory by a lot of connections that are not really used.   After dropping the fragment the ASA waits for the timeout specified by the tcp-proxy-reassembly to delete the connection from the connection table.
    So in summary the ASA uses this command not to delete the fragment after the timeout , it uses this command to delete the connection after the drop of the fragment (which is caused by the buffer limit) with the time.
    So keep in mind when you use it.
    Best regards,
    Ernesto.

  • Transparent TCP Proxy

    Has anyone used a transparent TCP Proxy solution as a performance enhancement tool (via caching or buffering)?
    Does Cisco has anything? WAAS looks the closest but it more like a point to point solution (wan acceleration). I am looking after something like a PROXY (device in the middle).
    Thanks

    Hello Tivig,
    look for WCCPv2 it allows one or more routers to redirect to a group of web caches
    It is supported also on multilayer switches and it is not limited to WEB traffic
    see
    http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/31sga/configuration/guide/wccp.html
    Hope to help
    Giuseppe

  • Extend TCP Proxy vs. Client load balancing

    I am unclear how proxy and client load balancing interact with respect to custom address providers. If I define my own address provider, and I do NOT set the load-balancer parameter to client in the client configuration, will the proxy still do load balancing of connections as described in http://docs.oracle.com/cd/E24290_01/coh.371/e22839/gs_configextend.htm#BEBCICDA ?
    Edited by: user5179040 on Mar 23, 2012 9:43 AM

    Hi,
    The <load-balancer> element is only configured in the <proxy-scheme> and not at the client side. This parameter "proxy" dictates the proxy to use the specified strategy for load balancing client connections across proxies. The parameter "client" offloads the responsibility of load balancing to client across proxies or randomly select proxies.
    I am unclear how proxy and client load balancing interact with respect to custom address providers. If I define my own address provider, and I do NOT set the load-balancer parameter to client in the client configuration, will the proxy still do load balancing of connections as described in http://docs.oracle.com/cd/E24290_01/coh.371/e22839/gs_configextend.htm#BEBCICDA ?
    Hope this helps!
    Cheers,
    NJ

  • Generic File Proxy

    Hi,
    We have around 10 file to file scenarios from SAP R/3 to external system.All the scenarios are 1 to 1 mapping, no complex mapping is involved.
    For these interfaces i want to created one genric proxy, which will be used by all of them.
    Please anybody can give me an idea, how can i make this work.
    Thanks
    Srinivas

    Hi Srinivas,
    I think its a good idea to do it as this will reduce the number of development  and support time.
    You can follow the following approach:
    1. Make a master structure for the sender file structure. This master structure will include all the fields from sender 10 interfaces.
    2. Similarly create a master structure for reciever interface. Make sure you set the occurence of all the target fields as 0..1 if you set the occurrence 1 then whenver that field is not populated in the target structure; PI mapping will give runtime error.
    3. Do your message mapping as it is.
    3. Create the  ID objects including File sender and reciever as it is. (Configure FCC properly!!)
    Let us know if you face any issue with this approach..

  • Border manager as reverse proxy with Sharepoint 2007

    hello
    need to implement an extranet based solution of Windows Sharepoint 2007, clients may need to traverse a BM reverse proxy server in order to hit the sharepoint environment. have a few questions
    1. does it work well? or at all?
    2. is the SSL session from the client terminated at the BM level
    3. will be using SSL, can i install certs at the BM level for the site?
    any other tips??

    Originally Posted by phxazcraig
    In article <[email protected]>, Gwelsh123 wrote:
    > 1. does it work well? or at all?
    Should work.
    > 2. is the SSL session from the client terminated at the BM level
    Yes, if you use proxy, sessions are always between client and proxy,
    and another session between proxy and origin server.
    > 3. will be using SSL, can i install certs at the BM level for the
    > site?
    I'm not quite sure what you mean. If you want to encrypt the data, I
    think you would be best off doing a generic tcp proxy for port 443, and
    have the cert on the endpoint (sharepoint) server, but perhaps that
    would give cert errors due to the addressing.
    Craig Johnson
    Novell Support Connection SysOp
    *** For a current patch list, tips, handy files and books on
    BorderManager, go to Craig Johnson Consulting - BorderManager, NetWare, and More ***
    Im sure when using ISA as the reverse proxy, you install the SSL certs on the ISA box, and then you can use an internally generated cert on the web servers.
    I also read somewhere that BM dosent support webdav?
    do novell provide any documentation on this sort of configuration
    we have a BM server already, there is an external firewall which forwards traffic to various websites to a specific port on the BM server, which then proxies the requests internall. it dosent seem particularly smart, more like a glorified port forwarder?

  • Port forwarding

    wondering if anyone could walk me through port forwarding on a westell e90 610015-06 router. I am trying to set up  TCP and UDP for a P2P program(e-mule). After several attempts i can't seem to set it up. Thanks!

    Here is what I have set up
    Services:
    1. imapssl_993t_in all 993
    2. imapssl_993t_out 993 all
    Exceptions
    1. imapssl_993t_in Public Any Public PUBLIC_IP_OF_BM_SERVER (I only want it coming in on this address)
    2. imapssl_993t_out Public PUBLIC_IP_OF_BM_SERVER Public Any
    Proxy - Generic TCP
    original (internal_ip_of_imap_server) port:993 Proxy address: PUBLIC_IP_OF_BM_SERVER port:993
    Access rule
    Very generic, just allow original port with value of 993.
    >>> akeaveney<[email protected]> 1/9/2013 11:46 AM >>>
    JackCunha;2122118 Wrote:
    > BM 3.8, fully patched; NW 6.5.8. An internet backup service says I need
    > to forward external port 443 to the internal backup server's port 4282.
    > I have a stateful filter exception for port 443 on my BM server, with
    > the destination being the public address of the BM public NIC. Can i
    > accomplish what want to do. If so, how?
    I am trying to setup this at the moment, yet for IMAP access from
    outside to internally. I don't want to hijack the thread, yet someone
    might be able to help us both.
    I have setup the generic tcp proxy under the BM Server in Imanager and
    setup the private address and public proxy address with the port numbers
    I want. I also allowed a filter exception from all interfaces to public
    and allow the destination as the BM public address, but this still won't
    work for me,
    Is there something I am missing? I have tried it with the filters down,
    but it doesn't seem to be doing the mapping.
    Many thanks,
    Anthony
    akeaveney
    akeaveney's Profile: http://forums.novell.com/member.php?userid=6365
    View this thread: http://forums.novell.com/showthread.php?t=442041

  • BM 3.8 Port Forwarding?

    Hello,
    Does Bordermanager port forward? I am using Groupwise 6.5 along with
    bordermanager, web access, vpn and other things on the same box.I am
    installing a Barracuda Spam Firewall hardware appliance that I need to
    redirect all mail traffic to and then back into GW. The problem is my
    public mail address is also used for web,vpn etc. so I can't simply NAT to
    the barracuda. I would like to simply port forward port 25 of my public
    address to the Barracuda private address and then on to the GWIA.
    A collegue told me there is no port forwarding in BM and that I would have
    to add a secondary public address, change my MX record, and static NAT to
    the Barracuda with that. While that sounds like a reasonable approach I
    would like to avoid changing my MX record and be able to easily go back and
    forth while I test the barracuda appliance. This is a live corporate email
    system and I need to cause as little disruption as possible.
    If there is a way to port forward SMTP traffic to a private address please
    let me know the best way to do it . THANKS!
    -Dave

    Thanks very much for your reply! I will defnitley give the generic proxy a
    try. Thanks for the tip about changing the proxy.cfg file. Are there any
    other potential gotchas on using this proxy? Any other BM configs that need
    to be adjusted to make this proxy work? Also where exactly is proxy.cfg? I
    have not been able to find it on my Bordermanager server.
    -Dave
    > BM doesn't have true port forwarding, but it has a similar function:
    > Generic TCP proxy. With it, you configure BM to proxy (forward) TCP
    > traffic on a specific pulbi IP/port to a specific server/port on the
    > private LAN. However, by default BM won't let you create a generic TCP
    > proxy on port 25, because it conflicts with the SMTP proxy (another
    > feature of BM, which you don't want to use :-) To get around that you
    > need to add this to the [Extra Configuration] section of the proxy.cfg
    >
    > AllowGTCPProxyToUsePort25=1
    >
    > Good luck with the Barracuda... we love ours :-)
    >
    > --
    > Jim
    > Support Sysop

  • BM access rule and port for Web Manager

    The Netware Webacess and the Netware Web Manager is working fine
    internally. What are the ports to open and the rules to create on the
    Border Manager so it can be access froum outside. How to configure the BM
    Omar

    In article <MLMqe.411$[email protected]>, wrote:
    > The Netware Webacess and the Netware Web Manager is working fine
    > internally. What are the ports to open and the rules to create on the
    > Border Manager so it can be access froum outside. How to configure the BM
    >
    WebAccess just (normally) wants port 80. You can static NAT it, or reverse
    proxy it through BMgr. Older versions of BMgr (3.6 or earlier) put in
    default filter exceptions for reverse proxy (both port 80 and 443), but
    later versions require you to add your own filter exceptions.
    NetWare Web Manager - do you mean for Novonyz Web Server? If so, the port
    used depends on what you configured for it. You could use static NAT, or
    generic tcp proxy, or (I think) reverse proxy for whatever port Web Manager
    is using. Newer web manager for Apache uses port 2200, I think.
    Craig Johnson
    Novell Support Connection SysOp
    *** For a current patch list, tips, handy files and books on
    BorderManager, go to http://www.craigjconsulting.com ***

  • Mutiple servers using port 443

    Hi,
    I am looking to set up several websites that utilise port 443 for SSL
    behind
    my firewall.
    I understand that the reverse proxy in BM will only forward from port
    443 to
    port 443.
    As I only have one public IP address I was looking to use ports such
    as
    51443, 52443 and redirect to port 443 on the various internal servers.
    Is this possible using the generic TCP proxy or is there another way
    of
    doing this I am using BM 3.6
    All suggestions gratefully rec'd
    David

    presumably if that failed I could use a hardware firewall such as a
    cisco
    PIX to do the job.
    set up some sort of DMZ and put the servers in there.
    "Craig Johnson" <[email protected]> wrote in message
    news:[email protected]..
    > In article <skPnb.461$[email protected]>, David
    > Quickfall wrote:
    > > Is this possible using the generic TCP proxy or is there another
    way of
    > > doing this I am using BM 3.6
    > >
    > Generic proxy will work fine, (and in fact it probably works better
    than
    > using reverse proxy for 443). Set up one generic proxy for each
    port.
    >
    > I don't know if you can successfully use the port translation
    ability of
    > generic proxy here. (Proxy port 444 to 443). I don't think that
    works
    > for SSL.
    >
    > Craig Johnson
    > Novell Support Connection SysOp
    > *** For a current patch list, tips, handy files and books on
    > BorderManager, go to http://www.craigjconsulting.com ***
    >

  • %ASA-7-710005: TCP request discarded error in Client to Site VPN in CISCO ASA 5510

    Hi Friends,
    I'm trying to built client to site VPN in CISCO ASA 5510 8.4(4) and getting below error while connecting cisco VPN client software. Also, I'm getting below log in ASA. Please help me to reslove.
    Error in CISCO VPN Client Software:
    Secure VPN Connection Terminated locally by the client.
    Reason : 414 : Failed to establish a TCP connection.
    Error in CISCO ASA 5510
    %ASA-7-710005: TCP request discarded from <Public IP> /49276 to outside:<Outside Interface IP of my ASA> /10000
    ASA Configuration:
    XYZ# sh run
    : Saved
    ASA Version 8.4(4)
    hostname XYZ
    domain-name XYZ
    enable password 3uLkVc9JwRA1/OXb level 3 encrypted
    enable password R/x90UjisGVJVlh2 encrypted
    passwd 2KFQnbNIdI.2KYOU encrypted
    names
    interface Ethernet0/0
    nameif outside_rim
    security-level 0
    ip address 1.1.1.1 255.255.255.252
    interface Ethernet0/1
    duplex full
    nameif XYZ_DMZ
    security-level 50
    ip address 172.1.1.1 255.255.255.248
    interface Ethernet0/2
    speed 100
    duplex full
    nameif outside
    security-level 0
    ip address 2.2.2.2 255.255.255.252
    interface Ethernet0/3
    speed 100
    duplex full
    nameif inside
    security-level 100
    ip address 3.3.3.3 255.255.255.224
    interface Management0/0
    shutdown
    no nameif
    no security-level
    no ip address
    boot system disk0:/asa844-k8.bin
    ftp mode passive
    dns domain-lookup outside
    dns server-group DefaultDNS
    name-server xx.xx.xx.xx
    name-server xx.xx.xx.xx
    name-server xx.xx.xx.xx
    name-server xx.xx.xx.xx
    domain-name XYZ
    object network obj-172.17.10.3
    host 172.17.10.3
    object network obj-10.1.134.0
    subnet 10.1.134.0 255.255.255.0
    object network obj-208.75.237.0
    subnet 208.75.237.0 255.255.255.0
    object network obj-10.7.0.0
    subnet 10.7.0.0 255.255.0.0
    object network obj-172.17.2.0
    subnet 172.17.2.0 255.255.255.0
    object network obj-172.17.3.0
    subnet 172.17.3.0 255.255.255.0
    object network obj-172.19.2.0
    subnet 172.19.2.0 255.255.255.0
    object network obj-172.19.3.0
    subnet 172.19.3.0 255.255.255.0
    object network obj-172.19.7.0
    subnet 172.19.7.0 255.255.255.0
    object network obj-10.1.0.0
    subnet 10.1.0.0 255.255.0.0
    object network obj-10.2.0.0
    subnet 10.2.0.0 255.255.0.0
    object network obj-10.3.0.0
    subnet 10.3.0.0 255.255.0.0
    object network obj-10.4.0.0
    subnet 10.4.0.0 255.255.0.0
    object network obj-10.6.0.0
    subnet 10.6.0.0 255.255.0.0
    object network obj-10.9.0.0
    subnet 10.9.0.0 255.255.0.0
    object network obj-10.11.0.0
    subnet 10.11.0.0 255.255.0.0
    object network obj-10.12.0.0
    subnet 10.12.0.0 255.255.0.0
    object network obj-172.19.1.0
    subnet 172.19.1.0 255.255.255.0
    object network obj-172.21.2.0
    subnet 172.21.2.0 255.255.255.0
    object network obj-172.16.2.0
    subnet 172.16.2.0 255.255.255.0
    object network obj-10.19.130.201
    host 10.19.130.201
    object network obj-172.30.2.0
    subnet 172.30.2.0 255.255.255.0
    object network obj-172.30.3.0
    subnet 172.30.3.0 255.255.255.0
    object network obj-172.30.7.0
    subnet 172.30.7.0 255.255.255.0
    object network obj-10.10.1.0
    subnet 10.10.1.0 255.255.255.0
    object network obj-10.19.130.0
    subnet 10.19.130.0 255.255.255.0
    object network obj-XXXXXXXX
    host XXXXXXXX
    object network obj-145.248.194.0
    subnet 145.248.194.0 255.255.255.0
    object network obj-10.1.134.100
    host 10.1.134.100
    object network obj-10.9.124.100
    host 10.9.124.100
    object network obj-10.1.134.101
    host 10.1.134.101
    object network obj-10.9.124.101
    host 10.9.124.101
    object network obj-10.1.134.102
    host 10.1.134.102
    object network obj-10.9.124.102
    host 10.9.124.102
    object network obj-115.111.99.133
    host 115.111.99.133
    object network obj-10.8.108.0
    subnet 10.8.108.0 255.255.255.0
    object network obj-115.111.99.129
    host 115.111.99.129
    object network obj-195.254.159.133
    host 195.254.159.133
    object network obj-195.254.158.136
    host 195.254.158.136
    object network obj-209.164.192.0
    subnet 209.164.192.0 255.255.224.0
    object network obj-209.164.208.19
    host 209.164.208.19
    object network obj-209.164.192.126
    host 209.164.192.126
    object network obj-10.8.100.128
    subnet 10.8.100.128 255.255.255.128
    object network obj-115.111.99.130
    host 115.111.99.130
    object network obj-10.10.0.0
    subnet 10.10.0.0 255.255.0.0
    object network obj-115.111.99.132
    host 115.111.99.132
    object network obj-10.10.1.45
    host 10.10.1.45
    object network obj-10.99.132.0
    subnet 10.99.132.0 255.255.255.0
    object-group network Serversubnet
    network-object 10.10.1.0 255.255.255.0
    network-object 10.10.5.0 255.255.255.192
    object-group network XYZ_destinations
    network-object 10.1.0.0 255.255.0.0
    network-object 10.2.0.0 255.255.0.0
    network-object 10.3.0.0 255.255.0.0
    network-object 10.4.0.0 255.255.0.0
    network-object 10.6.0.0 255.255.0.0
    network-object 10.7.0.0 255.255.0.0
    network-object 10.11.0.0 255.255.0.0
    network-object 10.12.0.0 255.255.0.0
    network-object 172.19.1.0 255.255.255.0
    network-object 172.19.2.0 255.255.255.0
    network-object 172.19.3.0 255.255.255.0
    network-object 172.19.7.0 255.255.255.0
    network-object 172.17.2.0 255.255.255.0
    network-object 172.17.3.0 255.255.255.0
    network-object 172.16.2.0 255.255.255.0
    network-object 172.16.3.0 255.255.255.0
    network-object host 10.50.2.206
    object-group network XYZ_us_admin
    network-object 10.3.1.245 255.255.255.255
    network-object 10.5.33.7 255.255.255.255
    network-object 10.211.5.7 255.255.255.255
    network-object 10.3.33.7 255.255.255.255
    network-object 10.211.3.7 255.255.255.255
    object-group network XYZ_blr_networkdevices
    network-object 10.200.10.0 255.255.255.0
    access-list XYZ extended permit ip 10.19.130.0 255.255.255.0 145.248.194.0 255.255.255.0
    access-list XYZ extended permit ip 10.19.130.0 255.255.255.0 host 172.16.2.21
    access-list XYZ extended permit ip 10.19.130.0 255.255.255.0 host 172.16.2.22
    access-list XYZ extended permit ip 10.19.130.0 255.255.255.0 host XXXXXXXX
    access-list XYZ_PAT extended permit ip 10.19.130.0 255.255.255.0 any
    access-list XYZ_PAT extended permit ip 10.1.134.0 255.255.255.0 host 195.254.159.133
    access-list XYZ_PAT extended permit ip 10.1.134.0 255.255.255.0 host 195.254.158.136
    access-list XYZ_PAT extended permit ip 10.1.134.0 255.255.255.0 any
    access-list XYZ_PAT extended permit ip 10.1.134.0 255.255.255.0 209.164.192.0 255.255.224.0
    access-list XYZ_PAT extended permit ip 10.1.134.0 255.255.255.0 host 209.164.208.19
    access-list XYZ_PAT extended permit ip 10.1.134.0 255.255.255.0 host 209.164.192.126
    access-list nonat extended permit ip 10.1.134.0 255.255.255.0 208.75.237.0 255.255.255.0
    access-list nonat extended permit ip 10.1.134.0 255.255.255.0 10.7.0.0 255.255.0.0
    access-list nonat extended permit ip 10.1.134.0 255.255.255.0 172.17.2.0 255.255.255.0
    access-list nonat extended permit ip 10.1.134.0 255.255.255.0 172.17.3.0 255.255.255.0
    access-list nonat extended permit ip 10.1.134.0 255.255.255.0 172.19.2.0 255.255.255.0
    access-list nonat extended permit ip 10.1.134.0 255.255.255.0 172.19.3.0 255.255.255.0
    access-list nonat extended permit ip 10.1.134.0 255.255.255.0 172.19.7.0 255.255.255.0
    access-list nonat extended permit ip 10.1.134.0 255.255.255.0 10.1.0.0 255.255.0.0
    access-list nonat extended permit ip 10.1.134.0 255.255.255.0 10.2.0.0 255.255.0.0
    access-list nonat extended permit ip 10.1.134.0 255.255.255.0 10.3.0.0 255.255.0.0
    access-list nonat extended permit ip 10.1.134.0 255.255.255.0 10.4.0.0 255.255.0.0
    access-list nonat extended permit ip 10.1.134.0 255.255.255.0 10.6.0.0 255.255.0.0
    access-list nonat extended permit ip 10.1.134.0 255.255.255.0 10.9.0.0 255.255.0.0
    access-list nonat extended permit ip 10.1.134.0 255.255.255.0 10.11.0.0 255.255.0.0
    access-list nonat extended permit ip 10.1.134.0 255.255.255.0 10.12.0.0 255.255.0.0
    access-list nonat extended permit ip 10.1.134.0 255.255.255.0 172.19.1.0 255.255.255.0
    access-list nonat extended permit ip 10.1.134.0 255.255.255.0 172.21.2.0 255.255.255.0
    access-list nonat extended permit ip 10.1.134.0 255.255.255.0 172.16.2.0 255.255.255.0
    access-list nonat extended permit ip host 10.19.130.201 172.30.2.0 255.255.255.0
    access-list nonat extended permit ip host 10.19.130.201 172.30.3.0 255.255.255.0
    access-list nonat extended permit ip host 10.19.130.201 172.30.7.0 255.255.255.0
    access-list nonat extended permit ip object-group Serversubnet object-group XYZ_destinations
    access-list nonat extended permit ip 10.10.1.0 255.255.255.0 10.2.0.0 255.255.0.0
    access-list nonat extended permit ip 10.19.130.0 255.255.255.0 host XXXXXXXX
    access-list nonat extended permit ip 10.19.130.0 255.255.255.0 145.248.194.0 255.255.255.0
    access-list Guest_PAT extended permit ip 10.8.108.0 255.255.255.0 any
    access-list Cacib extended permit ip 10.8.100.128 255.255.255.128 145.248.194.0 255.255.255.0
    access-list Cacib_PAT extended permit ip 10.8.100.128 255.255.255.128 any
    access-list New_Edge extended permit ip 10.1.134.0 255.255.255.0 208.75.237.0 255.255.255.0
    access-list XYZ_global extended permit ip 10.7.0.0 255.255.0.0 10.1.134.0 255.255.255.0
    access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 10.7.0.0 255.255.0.0
    access-list XYZ_global extended permit ip 172.17.2.0 255.255.255.0 10.1.134.0 255.255.255.0
    access-list XYZ_global extended permit ip 172.17.3.0 255.255.255.0 10.1.134.0 255.255.255.0
    access-list XYZ_global extended permit ip 172.19.2.0 255.255.255.0 10.1.134.0 255.255.255.0
    access-list XYZ_global extended permit ip 172.19.3.0 255.255.255.0 10.1.134.0 255.255.255.0
    access-list XYZ_global extended permit ip 172.19.7.0 255.255.255.0 10.1.134.0 255.255.255.0
    access-list XYZ_global extended permit ip 10.1.0.0 255.255.0.0 10.1.134.0 255.255.255.0
    access-list XYZ_global extended permit ip 10.2.0.0 255.255.0.0 10.1.134.0 255.255.255.0
    access-list XYZ_global extended permit ip 10.3.0.0 255.255.0.0 10.1.134.0 255.255.255.0
    access-list XYZ_global extended permit ip 10.4.0.0 255.255.0.0 10.1.134.0 255.255.255.0
    access-list XYZ_global extended permit ip 10.6.0.0 255.255.0.0 10.1.134.0 255.255.255.0
    access-list XYZ_global extended permit ip 10.9.0.0 255.255.0.0 10.1.134.0 255.255.255.0
    access-list XYZ_global extended permit ip 10.11.0.0 255.255.0.0 10.1.134.0 255.255.255.0
    access-list XYZ_global extended permit ip 10.12.0.0 255.255.0.0 10.1.134.0 255.255.255.0
    access-list XYZ_global extended permit ip 172.19.1.0 255.255.255.0 10.1.134.0 255.255.255.0
    access-list XYZ_global extended permit ip 172.21.2.0 255.255.255.0 10.1.134.0 255.255.255.0
    access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 172.17.2.0 255.255.255.0
    access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 172.17.3.0 255.255.255.0
    access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 172.19.2.0 255.255.255.0
    access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 172.19.3.0 255.255.255.0
    access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 172.19.7.0 255.255.255.0
    access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 10.1.0.0 255.255.0.0
    access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 10.2.0.0 255.255.0.0
    access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 10.3.0.0 255.255.0.0
    access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 10.4.0.0 255.255.0.0
    access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 10.6.0.0 255.255.0.0
    access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 10.9.0.0 255.255.0.0
    access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 10.11.0.0 255.255.0.0
    access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 10.12.0.0 255.255.0.0
    access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 172.19.1.0 255.255.255.0
    access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 172.21.2.0 255.255.255.0
    access-list XYZ_global extended permit ip 172.16.2.0 255.255.255.0 10.1.134.0 255.255.255.0
    access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 172.16.2.0 255.255.255.0
    access-list XYZ_global extended permit ip 172.30.2.0 255.255.255.0 host 10.19.130.201
    access-list XYZ_global extended permit ip host 10.19.130.201 172.30.2.0 255.255.255.0
    access-list XYZ_global extended permit ip 172.30.3.0 255.255.255.0 host 10.19.130.201
    access-list XYZ_global extended permit ip host 10.19.130.201 172.30.3.0 255.255.255.0
    access-list XYZ_global extended permit ip 172.30.7.0 255.255.255.0 host 10.19.130.201
    access-list XYZ_global extended permit ip host 10.19.130.201 172.30.7.0 255.255.255.0
    access-list XYZ_global extended permit ip object-group Serversubnet object-group XYZ_destinations
    access-list XYZ_global extended permit ip object-group XYZ_destinations object-group Serversubnet
    access-list ML_VPN extended permit ip host 115.111.99.129 209.164.192.0 255.255.224.0
    access-list ML_VPN extended permit ip host 115.111.99.129 host 209.164.208.19
    access-list ML_VPN extended permit ip host 115.111.99.129 host 209.164.192.126
    access-list Da_VPN extended permit ip host 10.9.124.100 host 10.125.81.88
    access-list Da_VPN extended permit ip host 10.9.124.101 host 10.125.81.88
    access-list Da_VPN extended permit ip host 10.9.124.102 host 10.125.81.88
    access-list Da_VPN extended permit ip host 10.9.124.100 10.125.81.0 255.255.255.0
    access-list Da_VPN extended permit ip host 10.9.124.101 10.125.81.0 255.255.255.0
    access-list Da_VPN extended permit ip host 10.9.124.102 10.125.81.0 255.255.255.0
    access-list Sr_PAT extended permit ip 10.10.0.0 255.255.0.0 any
    access-list Da_Pd_VPN extended permit ip host 10.9.124.100 10.125.80.64 255.255.255.192
    access-list Da_Pd_VPN extended permit ip host 10.9.124.100 10.125.64.0 255.255.240.0
    access-list Da_Pd_VPN extended permit ip host 10.9.124.100 host 10.125.85.46
    access-list Da_Pd_VPN extended permit ip host 10.9.124.100 host 10.125.86.46
    access-list Da_Pd_VPN extended permit ip host 10.9.124.101 10.125.80.64 255.255.255.192
    access-list Da_Pd_VPN extended permit ip host 10.9.124.101 10.125.64.0 255.255.240.0
    access-list Da_Pd_VPN extended permit ip host 10.9.124.101 host 10.125.85.46
    access-list Da_Pd_VPN extended permit ip host 10.9.124.101 host 10.125.86.46
    access-list Da_Pd_VPN extended permit ip host 10.9.124.102 10.125.80.64 255.255.255.192
    access-list Da_Pd_VPN extended permit ip host 10.9.124.102 10.125.64.0 255.255.240.0
    access-list Da_Pd_VPN extended permit ip host 10.9.124.102 host 10.125.85.46
    access-list Da_Pd_VPN extended permit ip host 10.9.124.102 host 10.125.86.46
    access-list XYZ_reliance extended permit ip 10.19.130.0 255.255.255.0 145.248.194.0 255.255.255.0
    access-list coextended permit ip host 2.2.2.2 host XXXXXXXX
    access-list coextended permit ip host XXXXXXXXhost 2.2.2.2
    access-list ci extended permit ip 10.1.134.0 255.255.255.0 208.75.237.0 255.255.255.0
    access-list ci extended permit ip 208.75.237.0 255.255.255.0 10.1.134.0 255.255.255.0
    access-list acl-outside extended permit ip host 57.66.81.159 host 172.17.10.3
    access-list acl-outside extended permit ip host 80.169.223.179 host 172.17.10.3
    access-list acl-outside extended permit ip any host 172.17.10.3
    access-list acl-outside extended permit tcp any host 10.10.1.45 eq https
    access-list acl-outside extended permit tcp any any eq 10000
    access-list acl-outside extended deny ip any any log
    pager lines 10
    logging enable
    logging buffered debugging
    mtu outside_rim 1500
    mtu XYZ_DMZ 1500
    mtu outside 1500
    mtu inside 1500
    ip local pool XYZ_c2s_vpn_pool 172.30.10.51-172.30.10.254
    icmp unreachable rate-limit 1 burst-size 1
    icmp permit any outside
    icmp permit any inside
    no asdm history enable
    arp timeout 14400
    nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-208.75.237.0 obj-208.75.237.0 no-proxy-arp route-lookup
    nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-10.7.0.0 obj-10.7.0.0 no-proxy-arp route-lookup
    nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-172.17.2.0 obj-172.17.2.0 no-proxy-arp route-lookup
    nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-172.17.3.0 obj-172.17.3.0 no-proxy-arp route-lookup
    nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-172.19.2.0 obj-172.19.2.0 no-proxy-arp route-lookup
    nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-172.19.3.0 obj-172.19.3.0 no-proxy-arp route-lookup
    nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-172.19.7.0 obj-172.19.7.0 no-proxy-arp route-lookup
    nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-10.1.0.0 obj-10.1.0.0 no-proxy-arp route-lookup
    nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-10.2.0.0 obj-10.2.0.0 no-proxy-arp route-lookup
    nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-10.3.0.0 obj-10.3.0.0 no-proxy-arp route-lookup
    nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-10.4.0.0 obj-10.4.0.0 no-proxy-arp route-lookup
    nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-10.6.0.0 obj-10.6.0.0 no-proxy-arp route-lookup
    nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-10.9.0.0 obj-10.9.0.0 no-proxy-arp route-lookup
    nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-10.11.0.0 obj-10.11.0.0 no-proxy-arp route-lookup
    nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-10.12.0.0 obj-10.12.0.0 no-proxy-arp route-lookup
    nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-172.19.1.0 obj-172.19.1.0 no-proxy-arp route-lookup
    nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-172.21.2.0 obj-172.21.2.0 no-proxy-arp route-lookup
    nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-172.16.2.0 obj-172.16.2.0 no-proxy-arp route-lookup
    nat (inside,any) source static obj-10.19.130.201 obj-10.19.130.201 destination static obj-172.30.2.0 obj-172.30.2.0 no-proxy-arp route-lookup
    nat (inside,any) source static obj-10.19.130.201 obj-10.19.130.201 destination static obj-172.30.3.0 obj-172.30.3.0 no-proxy-arp route-lookup
    nat (inside,any) source static obj-10.19.130.201 obj-10.19.130.201 destination static obj-172.30.7.0 obj-172.30.7.0 no-proxy-arp route-lookup
    nat (inside,any) source static Serversubnet Serversubnet destination static XYZ_destinations XYZ_destinations no-proxy-arp route-lookup
    nat (inside,any) source static obj-10.10.1.0 obj-10.10.1.0 destination static obj-10.2.0.0 obj-10.2.0.0 no-proxy-arp route-lookup
    nat (inside,any) source static obj-10.19.130.0 obj-10.19.130.0 destination static obj-XXXXXXXX obj-XXXXXXXX no-proxy-arp route-lookup
    nat (inside,any) source static obj-10.19.130.0 obj-10.19.130.0 destination static obj-145.248.194.0 obj-145.248.194.0 no-proxy-arp route-lookup
    nat (inside,outside) source static obj-10.1.134.100 obj-10.9.124.100
    nat (inside,outside) source static obj-10.1.134.101 obj-10.9.124.101
    nat (inside,outside) source static obj-10.1.134.102 obj-10.9.124.102
    nat (inside,outside) source dynamic obj-10.8.108.0 interface
    nat (inside,outside) source dynamic obj-10.19.130.0 obj-115.111.99.129
    nat (inside,outside) source dynamic obj-10.1.134.0 obj-115.111.99.129 destination static obj-195.254.159.133 obj-195.254.159.133
    nat (inside,outside) source dynamic obj-10.1.134.0 obj-115.111.99.129 destination static obj-195.254.158.136 obj-195.254.158.136
    nat (inside,outside) source dynamic obj-10.1.134.0 obj-115.111.99.129
    nat (inside,outside) source dynamic obj-10.1.134.0 obj-115.111.99.129 destination static obj-209.164.192.0 obj-209.164.192.0
    nat (inside,outside) source dynamic obj-10.1.134.0 obj-115.111.99.129 destination static obj-209.164.208.19 obj-209.164.208.19
    nat (inside,outside) source dynamic obj-10.1.134.0 obj-115.111.99.129 destination static obj-209.164.192.126 obj-209.164.192.126
    nat (inside,outside) source dynamic obj-10.8.100.128 obj-115.111.99.130
    nat (inside,outside) source dynamic obj-10.10.0.0 obj-115.111.99.132
    nat (inside,outside) source static obj-10.10.1.45 obj-115.111.99.133
    nat (inside,outside) source dynamic obj-10.99.132.0 obj-115.111.99.129
    object network obj-172.17.10.3
    nat (XYZ_DMZ,outside) static 115.111.99.134
    access-group acl-outside in interface outside
    route outside 0.0.0.0 0.0.0.0 115.111.23.129 1
    route outside 0.0.0.0 0.0.0.0 115.254.127.130 10
    route inside 10.10.0.0 255.255.0.0 10.8.100.1 1
    route inside 10.10.1.0 255.255.255.0 10.8.100.1 1
    route inside 10.10.5.0 255.255.255.192 10.8.100.1 1
    route inside 10.8.100.128 255.255.255.128 10.8.100.1 1
    route inside 10.8.108.0 255.255.255.0 10.8.100.1 1
    route inside 10.19.130.0 255.255.255.0 10.8.100.1 1
    route inside 10.99.4.0 255.255.255.0 10.99.130.254 1
    route inside 10.99.132.0 255.255.255.0 10.8.100.1 1
    route inside 10.1.134.0 255.255.255.0 10.8.100.1 1
    route outside 208.75.237.0 255.255.255.0 115.111.23.129 1
    timeout xlate 3:00:00
    timeout pat-xlate 0:00:30
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    timeout floating-conn 0:00:00
    dynamic-access-policy-record DfltAccessPolicy
    user-identity default-domain LOCAL
    aaa authentication telnet console LOCAL
    aaa authorization command LOCAL
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    crypto ipsec ikev1 transform-set vpn2 esp-aes-256 esp-sha-hmac
    crypto ipsec ikev1 transform-set vpn6 esp-aes-256 esp-md5-hmac
    crypto ipsec ikev1 transform-set vpn5 esp-aes-256 esp-sha-hmac
    crypto ipsec ikev1 transform-set vpn7 esp-aes-256 esp-md5-hmac
    crypto ipsec ikev1 transform-set vpn4 esp-aes-256 esp-sha-hmac
    crypto ipsec ikev1 transform-set vpn1 esp-aes-256 esp-sha-hmac
    crypto ipsec ikev1 transform-set vpn_reliance esp-aes-256 esp-sha-hmac
    crypto ipsec ikev1 transform-set c2s_vpn esp-3des esp-md5-hmac
    crypto ipsec security-association lifetime seconds 86400
    crypto dynamic-map dyn1 1 set ikev1 transform-set c2s_vpn
    crypto dynamic-map dyn1 1 set reverse-route
    crypto map vpn 1 match address XYZ
    crypto map vpn 1 set peer XYZ Peer IP
    crypto map vpn 1 set ikev1 transform-set vpn1
    crypto map vpn 1 set security-association lifetime seconds 3600
    crypto map vpn 1 set security-association lifetime kilobytes 4608000
    crypto map vpn 2 match address NE
    crypto map vpn 2 set peer NE_Peer IP
    crypto map vpn 2 set ikev1 transform-set vpn2
    crypto map vpn 2 set security-association lifetime seconds 3600
    crypto map vpn 2 set security-association lifetime kilobytes 4608000
    crypto map vpn 4 match address ML_VPN
    crypto map vpn 4 set pfs
    crypto map vpn 4 set peer ML_Peer IP
    crypto map vpn 4 set ikev1 transform-set vpn4
    crypto map vpn 4 set security-association lifetime seconds 3600
    crypto map vpn 4 set security-association lifetime kilobytes 4608000
    crypto map vpn 5 match address XYZ_global
    crypto map vpn 5 set peer XYZ_globa_Peer IP
    crypto map vpn 5 set ikev1 transform-set vpn5
    crypto map vpn 5 set security-association lifetime seconds 3600
    crypto map vpn 5 set security-association lifetime kilobytes 4608000
    crypto map vpn 6 match address Da_VPN
    crypto map vpn 6 set peer Da_VPN_Peer IP
    crypto map vpn 6 set ikev1 transform-set vpn6
    crypto map vpn 6 set security-association lifetime seconds 3600
    crypto map vpn 6 set security-association lifetime kilobytes 4608000
    crypto map vpn 7 match address Da_Pd_VPN
    crypto map vpn 7 set peer Da_Pd_VPN_Peer IP
    crypto map vpn 7 set ikev1 transform-set vpn6
    crypto map vpn 7 set security-association lifetime seconds 3600
    crypto map vpn 7 set security-association lifetime kilobytes 4608000
    crypto map vpn interface outside
    crypto map vpn_reliance 1 match address XYZ_rim
    crypto map vpn_reliance 1 set peer XYZ_rim_Peer IP
    crypto map vpn_reliance 1 set ikev1 transform-set vpn_reliance
    crypto map vpn_reliance 1 set security-association lifetime seconds 3600
    crypto map vpn_reliance 1 set security-association lifetime kilobytes 4608000
    crypto map vpn_reliance interface outside_rim
    crypto map mymap 1 ipsec-isakmp dynamic dyn1
    crypto isakmp identity address
    no crypto isakmp nat-traversal
    crypto ikev1 enable outside_rim
    crypto ikev1 enable outside
    crypto ikev1 policy 1
    authentication pre-share
    encryption aes-256
    hash sha
    group 5
    lifetime 28800
    crypto ikev1 policy 2
    authentication pre-share
    encryption aes-256
    hash sha
    group 5
    lifetime 86400
    crypto ikev1 policy 4
    authentication pre-share
    encryption aes-256
    hash sha
    group 5
    lifetime 28000
    crypto ikev1 policy 5
    authentication pre-share
    encryption aes-256
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 100
    authentication pre-share
    encryption 3des
    hash sha
    group 2
    lifetime 43200
    crypto ikev1 policy 65535
    authentication pre-share
    encryption 3des
    hash sha
    group 2
    lifetime 86400
    telnet 10.8.100.0 255.255.255.224 inside
    telnet timeout 5
    ssh timeout 5
    ssh key-exchange group dh-group1-sha1
    console timeout 0
    no threat-detection basic-threat
    no threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    group-policy XYZ_c2s_vpn internal
    username testadmin password oFJjANE3QKoA206w encrypted
    tunnel-group XXXXXXXX type ipsec-l2l
    tunnel-group XXXXXXXX ipsec-attributes
    ikev1 pre-shared-key *****
    tunnel-group XXXXXXXXtype ipsec-l2l
    tunnel-group XXXXXXXXipsec-attributes
    ikev1 pre-shared-key *****
    tunnel-group XXXXXXXX type ipsec-l2l
    tunnel-group XXXXXXXX ipsec-attributes
    ikev1 pre-shared-key *****
    tunnel-group XXXXXXXX type ipsec-l2l
    tunnel-group XXXXXXXX ipsec-attributes
    ikev1 pre-shared-key *****
    tunnel-group XXXXXXXX type ipsec-l2l
    tunnel-group XXXXXXXX ipsec-attributes
    ikev1 pre-shared-key *****
    tunnel-group XXXXXXXX type ipsec-l2l
    tunnel-group XXXXXXXX ipsec-attributes
    ikev1 pre-shared-key *****
    tunnel-group XXXXXXXX type ipsec-l2l
    tunnel-group XXXXXXXX ipsec-attributes
    ikev1 pre-shared-key *****
    tunnel-group XYZ_c2s_vpn type remote-access
    tunnel-group XYZ_c2s_vpn general-attributes
    address-pool XYZ_c2s_vpn_pool
    tunnel-group XYZ_c2s_vpn ipsec-attributes
    ikev1 pre-shared-key *****
    class-map inspection_default
    match default-inspection-traffic
    policy-map type inspect dns preset_dns_map
    parameters
      message-length maximum 512
    policy-map global_policy
    class inspection_default
      inspect dns preset_dns_map
      inspect ftp
      inspect h323 h225
      inspect h323 ras
      inspect netbios
      inspect rsh
      inspect rtsp
      inspect skinny 
      inspect esmtp
      inspect sqlnet
      inspect sunrpc
      inspect tftp
      inspect sip 
      inspect xdmcp
      inspect icmp
      inspect ip-options
    service-policy global_policy global
    privilege show level 3 mode exec command running-config
    privilege show level 3 mode exec command logging
    privilege show level 3 mode exec command crypto
    prompt hostname context
    no call-home reporting anonymous
    call-home
    profile CiscoTAC-1
      no active
      destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
      destination address email [email protected]
      destination transport-method http
      subscribe-to-alert-group diagnostic
      subscribe-to-alert-group environment
      subscribe-to-alert-group inventory periodic monthly
      subscribe-to-alert-group configuration periodic monthly
      subscribe-to-alert-group telemetry periodic daily
    Cryptochecksum:caa7476cd348ed89b95d37d4e3c9e1d8
    : end
    XYZ#

    Thanks Javier.
    But i have revised the VPN confuration. Below are the latest configs. with this latest configs. I'm getting username & password screen while connecting cisco vpn client software. once we entered the login credential. it shows "security communication channel" then it goes to "not connected" state. Can you help me to fix this.
    access-list ACL-RA-SPLIT standard permit host 10.10.1.3
    access-list ACL-RA-SPLIT standard permit host 10.10.1.13
    access-list ACL-RA-SPLIT standard permit host 10.91.130.201
    access-list nonat line 1 extended permit ip host 10.10.1.3 172.30.10.0 255.255.255.0
    access-list nonat line 2 extended permit ip host 10.10.1.13 172.30.10.0 255.255.255.0
    access-list nonat line 3 extended permit ip host 10.91.130.201 172.30.10.0 255.255.255.0
    ip local pool CO-C2S-VPOOL 172.30.10.51-172.30.10.254 mask 255.255.255.0
    group-policy CO-C2S internal
    group-policy CO-C2S attributes
    vpn-tunnel-protocol IPSec
    split-tunnel-policy tunnelspecified
    split-tunnel-network-list vlauel ACL-RA-SPLIT
    dns-server value 10.10.1.3
    tunnel-group TUN-RA-SPLIT type remote-access
    tunnel-group TUN-RA-SPLIT general-attributes
    default-group-policy CO-C2S
    address-pool CO-C2S-VPOOL
    tunnel-group TUN-RA-SPLIT ipsec-attributes
    pre-shared-key sekretk3y
    username ra-user1 password passw0rd1 priv 1
    group-policy CO-C2S internal
    group-policy CO-C2S attributes
    vpn-tunnel-protocol IPSec
    split-tunnel-policy tunnelspecified
    split-tunnel-network-list vlauel ACL-RA-SPLIT
    dns-server value 10.10.1.3
    tunnel-group TUN-RA-SPLIT type remote-access
    tunnel-group TUN-RA-SPLIT general-attributes
    default-group-policy CO-C2S
    address-pool CO-C2S-VPOOL
    tunnel-group TUN-RA-SPLIT ipsec-attributes
    pre-shared-key *********
    username ******* password ******** priv 1
    crypto ipsec transform-set 3DES esp-3des esp-sha-hmac
    crypto dynamic-map dynmap 10 set transform-set 3DES
    crypto map Outside_Map 500 ipsec-isakmp dynamic dynmap
    crypto isakmp identify address
    crypto isakmp enable outside
    crypto isakmp policy 100
    authentication pre-share
    encr 3des
    hash sha
    crypto ipsec transform-set 3DES esp-3des esp-sha-hmac
    crypto dynamic-map dynmap 10 set transform-set 3DES
    crypto map Outside_Map 500 ipsec-isakmp dynamic dynmap
    crypto map vpn interface outside
    crypto isakmp identify address
    crypto isakmp enable outside
    crypto isakmp policy 100
    authentication pre-share
    encr 3des
    hash sha
    group 1
    lifetime 3600

Maybe you are looking for

  • How do I download a movie from my camcorder?

    I have a JVC GZ-HD6U camcorder. How do I download the movies to my MacBook Air?

  • Retrieving lots of rows through XSQL servlet

    Hi Steve! I am currently trying to break XSQL-servlet in order to have some proof of usability for our customers. During one of these 'sessions' I discovered that the XSQL servlet throws me out with an exception error (out of memory) when I try to re

  • Excess Report

    Which report or module can I use to get all the exCess material and dead stock ? Thanks Polo Ramirez [email protected]

  • Loading Table Data

    Using OMW I succesfully managed to capture my access database and migrate it to Oracle. When is time to load the "table data" I get multiple errors one of them being: Integrity constraint violated-parent key not found. What is the best way to go abou

  • Migration from Flex 4 to Ext JS

    Hi All - Could anyone please let me know if there is a tool / way to convert my Flex 4 application into Ext JS/JQuery/HTML 5 ? Even 70% achievement would do. Thanks in advance.