IPv4 LAN over IPv6 WAN
With IPv6 I am most concerned today with receiving an IPv6 address from my ISP for my Spoke networks. I don't have plans to convert my Spoke LANs or Internal application servers to IPV6 anytime soon. Reviewing all the books and technical documentation out there, I don't see discussion about how to get my IPv4 traffic tunneled through the Internet via an IPv6 carrier, a 4to6 tunnel. Currently I'm running DMVPN which appears to support IPv6 tunnels, Native and 6to4. Can anyone provide direction or expertise on how to get IPv4 traffic between Enterprise locations with ISPs move to IPv6 addressing?
Thanks..
Ryan,
If this is a question of connecting LAN in different branches.
The decently scalable option is GRE (with DMVPN being the neatest).
On top ASA supports IPv4 in IPv6 IPsec (to other ASAs at this point).
You might have a bit more challanges if you want to provide access to non-intrernal resources, Internet, partner sites without IPv4 on WANs.
M.
Similar Messages
-
IPv4 DMVPN over IPv6 WAN - Configuration
Hello everyone,
I'm struggeling to get a DMVPN to work over an IPv6 WAN Network.
I have testet IPv6 connectivity from the Spoke (2001:2:2:2::1/64) to the Hub (2001:1:1:1::1/64) which is successful, there is also an IPv6 default route to my "ISP", I also have an crypto isakmp key for IPv6 addresses and my Tunnel Configuration looks like this:
Did anyone configure a scenario like this and could point me in the right direction ? :-)
Thanks in advance
Greetings,
Thomas
### HUB Configuration ###
interface Tunnel1
description ** DMVPN Intranet **
bandwidth 1000
ip vrf forwarding VPN
ip address 10.0.10.1 255.255.255.0
no ip redirects
ip mtu 1416
no ip next-hop-self eigrp 65351
no ip split-horizon eigrp 65351
ip pim sparse-mode
ip nhrp map multicast dynamic
ip nhrp network-id 1
ip nhrp holdtime 360
ip nhrp shortcut
ip nhrp redirect
ip tcp adjust-mss 1360
load-interval 30
ipv6 nhrp map multicast dynamic
ipv6 nhrp network-id 1
ipv6 nhrp holdtime 360
ipv6 nhrp shortcut
ipv6 nhrp redirect
keepalive 10 3
tunnel source GigabitEthernet0
tunnel mode gre multipoint
tunnel key 1
tunnel protection ipsec profile My-Profile shared
### Spoke Configuration ###
interface Tunnel1
description ** DMVPN Intranet **
ip vrf forwarding VPN
ip address 10.0.10.2 255.255.255.0
ip mtu 1416
ip pim sparse-mode
ip nhrp map 10.0.10.1 2001:1:1:1::1
ip nhrp map multicast 2001:1:1:1::1
ip nhrp network-id 1
ip nhrp holdtime 360
ip nhrp nhs 10.0.10.1
ip nhrp shortcut
ip tcp adjust-mss 1360
delay 1000
tunnel source GigabitEthernet0
tunnel mode gre multipoint
tunnel key 1
tunnel protection ipsec profile My-Profile sharedHi,
I got a solution for this.
My configuration is as follows, I missed the keyword "tunnel mode gre multipoint ipv6"
### Hub ###
interface Tunnel1
description ** DMVPN Intranet **
bandwidth 1000
ip vrf forwarding VPN
ip address 10.0.10.1 255.255.255.0
ip mtu 1416
no ip next-hop-self eigrp 65351
no ip split-horizon eigrp 65351
ip pim sparse-mode
ip nhrp map multicast dynamic
ip nhrp network-id 1
ip nhrp holdtime 360
ip nhrp shortcut
ip nhrp redirect
ip tcp adjust-mss 1360
load-interval 30
keepalive 10 3
tunnel source GigabitEthernet0
tunnel mode gre multipoint ipv6
tunnel key 1
tunnel protection ipsec profile My-Profile shared
### Spoke ###
interface Tunnel1
description ** DMVPN Intranet **
ip vrf forwarding VPN
ip address 10.0.10.2 255.255.255.0
ip mtu 1416
ip pim sparse-mode
ip nhrp map 10.0.10.1 2001:1:1:1::1
ip nhrp map multicast 2001:1:1:1::1
ip nhrp network-id 1
ip nhrp holdtime 360
ip nhrp nhs 10.0.10.1
ip nhrp shortcut
ip tcp adjust-mss 1360
delay 1000
tunnel source GigabitEthernet0
tunnel mode gre multipoint ipv6
tunnel key 1
tunnel protection ipsec profile My-Profile shared
end
Greetings
Thomas -
Unexpected case IPv4 tunnel over IPv6 ?
hi,
I wonder if there is one use case one can think of that is not possible with Cisco IOS:
Establish a IPsec tunnel over an IPv6 network tranporting both IPv4 and Ipv6 traffic. Even IPsec tunnel over an IPv6 network transporting IPv4 only does not work.
I tried several things in my lab but couldn't get it running.
I tried to search the net for my use case but I only find the other way round.
Question: is it possible to achieve connectivity of the following IPv4 addresses over an IIPsec tunnel over Ipv6 network?
Ultimately, the same tunnel should be capable transporting both. A dedicated Tunnel for IPv4 and IPv6 tunnel on the same routers would also be OK.
Svr A ( ) Svr B
+----+ , `,( .) +----+
| | +----+ ( .( ...) +----+ | |
| |---| R1 |---` .....)---| R2 |---| |
| | +----+ ( ......) +----+ | |
+----+ +----+
10.0.23.1/24 IPv6 only 10.0.42.1/24
networkSame/similar question but the case is instead of Site to Site VPN, it would be using the Cisco VPN Client. The host on the left side is connected to an IPv6-only network. They need to communicate with IPv4 devices across the Internet (behind a Cisco ASA).
Is this possible?
Cisco VPN Client ( ) Cisco ASA +----+ , `,( .) +----+ | | +----+ ( .( ...) +----+ | | | |---| R1 |---` .....)---| R2 |---| |----IPv4 network | | +----+ ( ......) +----+ | | +----+ +----+IPv6-only HOST IPv6 Network has IPv6 Interface on public side
alexander.koeppe wrote:hi,I wonder if there is one use case one can think of that is not possible with Cisco IOS:Establish a IPsec tunnel over an IPv6 network tranporting both IPv4 and Ipv6 traffic. Even IPsec tunnel over an IPv6 network transporting IPv4 only does not work.I tried several things in my lab but couldn't get it running.I tried to search the net for my use case but I only find the other way round.Question: is it possible to achieve connectivity of the following IPv4 addresses over an IIPsec tunnel over Ipv6 network?Ultimately, the same tunnel should be capable transporting both. A dedicated Tunnel for IPv4 and IPv6 tunnel on the same routers would also be OK. ,_ Svr A ( ) Svr B +----+ , `,( .) +----+ | | +----+ ( .( ...) +----+ | | | |---| R1 |---` .....)---| R2 |---| | | | +----+ ( ......) +----+ | | +----+ +----+ 10.0.23.1/24 IPv6 only 10.0.42.1/24 network -
Hi. I want use ipv4 before ipv6. For 2008 R2 i used fix "Microsoft Fix it 50410"
But this not support server 2012.
How i can correct change prefer on 2012?
Thank you!Please, tell me, WHY man, who create IPv6 began use this fe80::6c02:573b:178c:dd8f naming.
Blame that on the Internet Engineering Task Force (IETF) standards committee that came up with this naming convention back in 1998 (http://tools.ietf.org/html/rfc2460). <grin>
Not sure what you mean by "reliable source with describe 'native IPv6 for 8\12'". Microsoft has lots of documentation on IPv6 - I think the majority of it came out with Windows Server 2008 because that was the first release with the dual-stack as a
default. IpV6 was available for Windows Server 2003, but it was an add-on. Go to Barnesandnoble.com or amazon.com to find a good reference book on IPv6 if you want to learn more - they are not small books. It is the way the industry is moving
because it offers many advantages over IPv4 (which, by the way, has officially run out of addresses which can be handed out). Microsoft is simply helping customers move into future by providing a dual-stack that can automatically switch back and forth
between IPv4 applications and IPv6 applications without the end-user even knowing it goes on. Some things, like Direct Access, would be almost impossible to implement on IPv4, but becomes (relatively) easy when using IPv6.
tim -
Convert IPv4 address to IPv6 subnet on AD Sites
Hi,
We currently run IPv4 on our network. However, it looks like it's recommended to enable IPv6 on DFS servers according to this:
http://blogs.technet.com/askds/archive/2009/10/28/dfs-referrals-and-ipv6-outta-site.aspx
I'm having trouble creating an IPv6 subnet in AD Site and Services for my DFS servers since I'm note very familiar with IPv6. I think the IPv6 I see on the servers is the "converted" to IPv6 (see warning message below)??
DC and DFS servers are Win 2008 R2 Datacenter. It looks like the IPv6 address of the DFS servers are not "matching" the subnets I have created and therefore DFS is not associated with the correct sites causing clients to go over the WAN
to other DFS servers.
For example:
The IPv4 for my DFS servers are:
156.124.92.202/23
156.124.78.202/23
I created these IPv4 subnets:
156.124.92.0./23 --> SA-Site
156.124.78.0/23 --> AU-Site
IPv6 DHCP service is not enabled. No Static IPv6 set for the network connection. The "converted" IP seems to be
2002:9c7c:5cca::9c7c:5cca
2002:9c7c:4eca::9c7c:4eca
I created these IPv6 subnets
2002::9c7c:5c00/119
2002::9c7c:4e00/119
This is what I see on the DFS servers:
Validating the site associations on every domain controller of the following: SA-DFS-01
Warning: The server has IP addresses with conflicting site associations
Host name: SA-DFS-01
Site: SA-Site
Domain Controller: SA-AD-01
Host IP address
fe80::2c27:42f8:1294:ef4c%10
2002:9c7c:5cca::9c7c:5cca
Subnet-Site Mapping in AD
No mapping exists
No mapping exists
Host name: SA-DFS-01
Site: SA-Site
Domain Controller: AU-AD-01
Host IP address
fe80::2c27:42f8:1294:ef4c%10
2002:9c7c:5cca::9c7c:5cca
Subnet-Site Mapping in AD
No mapping exists
No mapping exists
Validating the site associations on every domain controller of the following: AU-DFS-01
Warning: The server has IP addresses with conflicting site associations
Host name: AU-DFS-01
Site: AU-Site
Domain Controller: SA-AD-01
Host IP address
2002:9c7c:4eca::9c7c:4eca
Subnet-Site Mapping in AD
No mapping exists
Warning: The server has IP addresses with conflicting site associations
Host name: AU-DFS-01
Site: AU-Site
Domain Controller: AU-AD-01
Host IP address
2002:9c7c:4eca::9c7c:4eca
Subnet-Site Mapping in AD
No mapping existsHi,
We currently run IPv4 on our network. However, it looks like it's recommended to enable IPv6 on DFS servers according to this:
http://blogs.technet.com/askds/archive/2009/10/28/dfs-referrals-and-ipv6-outta-site.aspx
I'm having trouble creating an IPv6 subnet in AD Site and Services for my DFS servers since I'm note very familiar with IPv6. I think the IPv6 I see on the servers is the "converted" to IPv6 (see warning message below)??
DC and DFS servers are Win 2008 R2 Datacenter. It looks like the IPv6 address of the DFS servers are not "matching" the subnets I have created and therefore DFS is not associated with the correct sites causing clients to go over the WAN
to other DFS servers.
For example:
The IPv4 for my DFS servers are:
156.124.92.202/23
156.124.78.202/23
I created these IPv4 subnets:
156.124.92.0./23 --> SA-Site
156.124.78.0/23 --> AU-Site
IPv6 DHCP service is not enabled. No Static IPv6 set for the network connection. The "converted" IP seems to be
2002:9c7c:5cca::9c7c:5cca
2002:9c7c:4eca::9c7c:4eca
I created these IPv6 subnets
2002::9c7c:5c00/119
2002::9c7c:4e00/119
This is what I see on the DFS servers:
Validating the site associations on every domain controller of the following: SA-DFS-01
Warning: The server has IP addresses with conflicting site associations
Host name: SA-DFS-01
Site: SA-Site
Domain Controller: SA-AD-01
Host IP address
fe80::2c27:42f8:1294:ef4c%10
2002:9c7c:5cca::9c7c:5cca
Subnet-Site Mapping in AD
No mapping exists
No mapping exists
Host name: SA-DFS-01
Site: SA-Site
Domain Controller: AU-AD-01
Host IP address
fe80::2c27:42f8:1294:ef4c%10
2002:9c7c:5cca::9c7c:5cca
Subnet-Site Mapping in AD
No mapping exists
No mapping exists
Validating the site associations on every domain controller of the following: AU-DFS-01
Warning: The server has IP addresses with conflicting site associations
Host name: AU-DFS-01
Site: AU-Site
Domain Controller: SA-AD-01
Host IP address
2002:9c7c:4eca::9c7c:4eca
Subnet-Site Mapping in AD
No mapping exists
Warning: The server has IP addresses with conflicting site associations
Host name: AU-DFS-01
Site: AU-Site
Domain Controller: AU-AD-01
Host IP address
2002:9c7c:4eca::9c7c:4eca
Subnet-Site Mapping in AD
No mapping exists
Hi,
The format seems to be incorrect. Please change them as following and check the result:
2002:9c7c:5cca::/48
2002:9c7c:4eca::/48
For more information about 6to4 address, please see:
http://technet.microsoft.com/en-us/library/cc756770(WS.10).aspx
http://technet.microsoft.com/en-us/library/cc757359(WS.10).aspx
Hope it helps.
This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question.
This can be beneficial to other community members reading the thread. -
Problem about the jmf when working over IPV6
I write a program about monitoring a RTP stream ,get the feedbacks about the stream by receving the RTCP reports and analysize the paramaters .Now the throny issues encountered is the code working perfect over the IPV4 network .but there are many exceptions when working over IPV6 the exceptions is as follows:
Exception in thread "RTCP Reporter" java.lang.NullPointerException
at com.sun.media.rtp.RTCPTransmitter.makereports(RTCPTransmitter.java:200)
at com.sun.media.rtp.RTCPTransmitter.report(RTCPTransmitter.java:106)
at com.sun.media.rtp.RTCPReporter.run(RTCPReporter.java:193)
at java.lang.Thread.run(Thread.java:619)
the session can be set up and can receive the stream .so I think it is ok of setting up the session with the IPV6 multicast address.strangely , the same particate in the session sends more than one feedbacks with different SSRC which is ought to be single.I cannot figure out.
I wonder whether there is any special setting when JMF working on the IPV6 network.I did not find materials about the JMF working on IPV6 network in Microsoft xp pc.
can any guys give me any tips?
Edited by: judyw115 on Sep 4, 2010 6:08 AMjudyw115 wrote:
Is there anyone giving me any advices?You realize this is a free forum and not paid tech support, right?
Drop the attitude and learn to be patient. -
So my 2012 server is set up on the LAN with a .local domain name.
Remote Desktop Services are set up and remoteapp stuff works fine on the LAN.
I've set up port forwarding so I can connect to the server over the WAN too, but remoteapp stuff is a bit different. I can connect to the server by specifying the correct IP address. Giving a Web browser the address
https://serverIPAddress/RDWeb
lets me get the login screen and see the range of apps for me to run. I select one, the connectoid is downloaded correctly (in Chrome) and I click on the downloaded connectoid.
Unfortunately, rather than pursuing the sensible IP-address approach that I started with, the connectoid has been given the server's name on the LAN: server.domain.local. Clearly, the client machine tries to look this up but DNS hasn't heard of
it because it's a .local address.
I cannot be the only one to have come across this apparent oversight on Microsoft's part. Any ideas as to how this can sensibly be overcome? Obviously, I could put the IP address translation into every client's hosts file (and I've done this and shown it
works) but I've got too many clients to mess about like this. Anybody know 'the Microsoft way' to fix this?
Thank you for checking this out -- I am confident the details of the problem are completely specified in this query but, if I'm wrong, please ask.
Many thanks again,
BiffoHi,
I would like to suggest you to follow the checklist.
Checklist: Make RemoteApp Programs Available from the Internet
http://technet.microsoft.com/en-us/library/cc772415.aspx
Thanks.
Jeremy Wu
TechNet Community Support -
Share disks over ethernet WAN port
If I turn on "Share disks over Ethernet WAN port", how do I access it from outside my LAN?
On a mac well in the finder press apple key+K type in your home external ip(255.255.255.255)
On a pc windows key +r, type cmd, enter, net use k: \\"external ip(255.255.255.255)"/"the name of share" -
Hi
I have an MS SQL Server 2005 Database Server and a Client computer on two different subnets.
There is also a DNS Server, which contains both an IPv4 (A) and IPv6 (AAAA) DNS record for the Database Server.
I've disabled IPv4 routing between the two subnets so that the Database Server is only accessible by IPv6 from the Client computer.
I am then unable to connect to the Database Server from the Client using JDBC.
I have tried increasing the loginTimeout in the JDBC connection string, but this doesn't appear to make any difference.
I get a java.net.ConnectException in about 20 seconds.
If I remove the IPv4 (A) record of the Database Server from the DNS Server, the JDBC connection then succeeds.
Does JDBC iterate over all the possible addresses of the Database Server?
Is the loginTimeout the correct parameter to try to increase, to allow it to iterate over the possible addresses?
There is a similar problem with MS SQL Client - see http://msdn.microsoft.com/en-us/library/ms378428(SQL.90).aspx
But increasing the connection timeout allows a successful connection.
Thanks
Alainjschell wrote:
ahkal01 wrote:
Alain: A machine may have multiple IPv6 addresses, as well as an IPv4 address.
You may not be able to get to the machine via all the addresses, depending on the network route.
If a driver gives up on the first DNS lookup (which probably will be the IPv4 address), it'll never try the IPv6 addresses. However that is NOT what you are testing.
As described in your first post there is a route. Routing works if the final location is found. After that a refused connection is a refused connection.
Alain: In my test, IPv4 routing is disabled between the two subnets. So there is no IPv4 routing between the two machines, only IPv6.
>
But even so, to me it is still two different IP addresses. Just as if you try to create your own replication by having two database servers on different IPv4 addresses. If the client is supposed to be using one address then the DNS should be set up that way.
Or use the address. Because the point is not the IP address, the point is the DNS look up.
Alain: With IPv6, it is common for computers to be assigned more than one address for routing under different hierarchies.
If you're saying that the DNS lookup should be set up to return only one IP address to client computers trying to connect to the DB Server, DNS will need to be set up differently depending on where the client computer is.
>
Again looking at it from the point of someone developing a driver the only option I would allow is that one might be able to specify a configuration value that says to try a IPv6 address first. That would be in the driver, not JDBC. So you can look to your driver for that.
There is a similar problem with MS SQL Client - see http://msdn.microsoft.com/en-us/library/ms378428(SQL.90).aspx
But increasing the connection timeout allows a successful connection.
I do not see anywhere in that link that it claims that the setup you are using would work Alain: apologies. It was the wrong url link.
I meant, http://blogs.msdn.com/sql_protocols/archive/2005/10/12/480192.aspx.The scenario there is SQL Server is configured to listen only on IPv6 addresses and disable all IPv4 addresses so that only IPv6 connection can be accepted. The workaround is to specify the IPv6 address of the target machine explicitly to force SNI to use IPv6 connection directly or to use longer timeout value. I don't see that in that blog.
It says that if you have addresses that some different behavior might result. It specifically refers to using an IPv4 address (not DNS) and failing on that and then attempting to use a IPv6 address (again not a DNS) and even in that case it might fail.
Alain: The blog is talking about a hostname resolving into multiple addresses. I quote from the blog, with bold for emphasis,
"In most cases, the connection string does not need to be modified if the <servername> is specified using server hostname or FQDN (Full Qualified Domain Name). If the server machine has dual-stack, *its hostname or FQDN will be resolved into multiple IP addresses*, including at lease one IPv4 address and multiple IPv6 addresses. *And SNI will attempt to establish connections using these IP addresses in order and use the first connection that succeeds*. IPv4 addresses are attempted first if both IPv4 and IPv6 addresses are present. This logic is transparent to the users of ODBC, OLEDB or ADO.NET.
And it doesn't say anything about that some clients already do this but merely that they can.
Alain: SNI does, from the quote above. A test also shows that it does try all the addresses that DNS returns, with the caveat that the connection timeout has to be increased.
Unfortunately it looks like the MS JDBC driver doesn't do likewise.
Myself I don't really consider that a valid option for most use cases for drivers. If I have a data center then I am not normally going to be using both types of addresses. And if I am both will work. And if there are variation in subnets then I would expect that if DNS is in use then it would be set up to correctly represent that.Thanks for your input on this thread. Much appreciated. -
Using DynDNS and Sharing disks over Ethernet WAN port
I am having issues accessing the AirDisk from outside my LAN. So here are the steps that I have taken:
In the AirPort Utility, I enable "Share disks over Ethernet WAN port".
Created a DynDNS account at http://www.dyndns.com so my hostname points to my IP address.
After reading a bunch of threads, mainly this one below, there are a few conflicting issues.
http://discussions.apple.com/thread.jspa?messageID=4105319
Someone mentioned you have to Setup Port Mapping to open up Personal File Sharing. But another said you don't have to set up Port Mapping. Well if you do, you're gonna run into a problem. This Apple article states you have to use a different port: http://docs.info.apple.com/article.html?artnum=305183
Someone said Remote Access only works via AFP not via SMB. Is this true?
Also do I have to enter my DynDNS hostname into the wide area bonour tab in the advanced tab?
What am I doing wrong?
Macbook Mac OS X (10.4.8) Airport Extreme NAre you aware of any DynDNS-like service that support Wide Area Bonjour?
None at the moment. One might hope that Apple's .Mac service would make use of it, but I don't think Apple has announced anything about that possibility.
Or as a practical matter is this a technology that only appears at the moment in private installations of OS X Server?
I've found the version of dnsextd that ships in Mac OS X 10.4 (not just the server version) to be a bit flaky. One hopes it will work a lot better in Mac OS X 10.5.
But since the AEBS doesn't support DynDNS update, as other routers do, it ends up requiring a server after all.
Wouldn't it be nice if DynDNS and similar services allowed you to configure DNS resource records manually? That way, it wouldn't matter what your home gateway/fileserver was capable of doing— you could just edit your DNS zone accordingly. -
Cannot export nfs-share over ipv6 in OS X 10.8
I've successfully exported my nfs share over ipv4 and can access this with a nfs-client from a linux machine. However, I'm not able to export the same share over ipv6.
In my /etc/exports I have:
/Volumes/Harddisk
-network 10.0.0.0
-mask 255.255.255.0
/Volumes/Harddisk
-network fd60:760d:98ec:8588::/64
However, from the linux client I can only mount the ipv4 share, but not the ipv6 share.
Is it possible to export nfs-shares over ipv6 in OS X 10.8?I would suggest testing a connection from a second Mac also running 10.8 via IPv6. At least then you know both will be using compatible versions. If that does not work then it would seem to be an IPv6 issue on the Mac server.
-
Do we support RADIUS over IPv6 in ACS 5.5?
Hi,
Could you please let me know if we support RADIUS over IPv6?It is hard to see the information in your screen shot but ACS 5.4 and later support IPv6 for network devices:
http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-4/user/guide/acsuserguide/net_resources.html
Also, if you type an invalid IP address in ACS you would get the following error:
A valid IPv4 address consists of four numbers (0-255) separated by periods, e.g. 123.0.255.3
A valid IPv6 address is n:n:n:n:n:n:n:n where the 'n's are either digits (0-9) or letters (A-F)
I hope this is what you were looking for!
Thank you for rating helpful posts! -
REMOTE RECORDINGS OVER THE WAN IN CCX 7
We have a customer
with CCX 7 local agents and recording services ( BUT NO QUALITY MONITORING)
Normally records all local agents calls ( colocated with CCX.
Now customer has remote agents via WAN and needs to record their conversations.
According specifications and PDI case the sutiationis:
"This deployment model can support silent monitoring and recording for agents at any WAN-connected site by using desktop monitoring. (Refer the Cisco Unified CCX Software and Hardware Compatibility Guide for a list of phones that support desktop monitoring). It can also support SPAN port monitoring for agents on the VLAN segment local to Cisco Unified CCX server. This deployment model does not incorporate additional remote Monitoring components, so silent monitoring and recording is not possible for agents who are using the Cisco IP Phone Agent at remote sites. Similarly, silent monitoring and recording is not possible for agents at remote sites who are using phones that do not support desktop monitoring."
http://www.cisco.com/en/US/docs/voice_ip_comm/cust_contact/contact_center/crs/express_7_0/design/guide/uccx70srnd.pdf
page 4-6
The list of phones not supported for desktop monitoring is listed in the compatibility guide.
http://www.cisco.com/en/US/docs/voice_ip_comm/cust_contact/contact_center/crs/express_compatibility/matrix/crscomtx.pdf
In other words CCX can support "silent monitoring and recording for agents at any WAN-connected site by using desktop monitoring"
But assume you use an IP Phone that supports desktop monitoring
AS RECORDING OPTION WITHOUT QUALITY MONITORING NEEDS MAC ADRESS OF AGENT how can CCX record agent calls taking into accoutn that MAC address is lost when traversing the WAN ...
So the question for this dsicussion is :
IS QUALITY MONITORING THE ONLY WAY TO RECORD REMOTE AGENTS OVER THE WAN OR ARE TEHRE OTHER OPTIONS WITHOUT IT??
Pease reply to [email protected]It is possible without QM. When using desktop monitoring, the phone is configured to Span to PC port. The agent must be running CAD and the PC running it must be attached to the PC port on the phone. CAD sees the spanned packets from the phone and then forwards them to the recording service on the CCX server. The big gotcha is that the NIC in the PC must not discard 802.1q-tagged packets. If the NIC discards them instead of forwarding them into the NDIS stack, CAD will never see them. Sometimes this takes a Google search and a registry setting change to fix if it doesn't work at first.
-
Unable to Access Remote LAN over IPSec VPN
I have a Cisco ASA 5540 setup with Remote Access VPN for users. Suddenly no one can access the remote LAN over VPN. Below is my config:
ASA Version 7.0(8)
hostname DC2ASA
domain-name yorktel.com
enable password d2XdVlFOzleWlH1j encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
dns-guard
interface GigabitEthernet0/0
description outside/savvis
nameif outside
security-level 0
ip address 216.33.198.4 255.255.255.0 standby 216.33.198.5
interface GigabitEthernet0/1
description inside
nameif inside
security-level 100
ip address 10.203.204.1 255.255.254.0 standby 10.203.204.2
interface GigabitEthernet0/2
nameif insidesan
security-level 100
ip address 10.203.206.1 255.255.254.0 standby 10.203.206.2
interface GigabitEthernet0/3
description LAN/STATE Failover Interface
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
ftp mode passive
object-group service FileMaker tcp-udp
port-object range 16000 16001
access-list outside-in extended permit ip 65.123.204.0 255.255.254.0 216.33.198.0 255.255.255.0 log
access-list outside-in extended permit ip 216.33.198.0 255.255.255.0 216.33.198.0 255.255.255.0 log
access-list outside-in extended permit icmp 216.33.198.0 255.255.255.0 216.33.198.0 255.255.255.0 log
access-list outside-in extended permit icmp any any
access-list outside-in extended permit icmp any any echo
access-list outside-in extended permit ip any host 216.33.198.22 inactive
access-list outside-in extended permit tcp any host 216.33.198.19
access-list outside-in extended permit udp any host 216.33.198.19
access-list outside-in extended permit ip any host 216.33.198.19
access-list outside-in extended permit tcp any host 216.33.198.10 eq 3389
access-list outside-in extended permit tcp any host 216.33.198.10 eq ftp inactive
access-list outside-in extended permit tcp any host 216.33.198.10 eq ftp-data inactive
access-list outside-in extended permit tcp any host 216.33.198.10 eq ssh inactive
access-list outside-in extended permit tcp any host 216.33.198.19 eq www
access-list outside-in extended permit tcp any host 216.33.198.19 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.19 eq https
access-list outside-in extended permit tcp any host 216.33.198.19 eq ftp-data
access-list outside-in extended permit tcp any host 216.33.198.19 eq ftp
access-list outside-in extended permit tcp any host 216.33.198.19 eq smtp
access-list outside-in extended permit tcp any host 216.33.198.19 eq pop3
access-list outside-in extended permit tcp any host 216.33.198.19 eq 587
access-list outside-in extended permit tcp any host 216.33.198.16 eq www
access-list outside-in extended permit tcp any host 216.33.198.16 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.16 eq https
access-list outside-in extended permit tcp any host 216.33.198.16 eq ftp-data
access-list outside-in extended permit tcp any host 216.33.198.16 eq ftp
access-list outside-in extended permit tcp any host 216.33.198.16 eq 8094
access-list outside-in extended permit tcp any host 216.33.198.16 eq 8096
access-list outside-in extended permit tcp any host 216.33.198.16 eq 8097
access-list outside-in extended permit tcp any host 216.33.198.16 eq 8090
access-list outside-in extended permit tcp any host 216.33.198.38 eq www
access-list outside-in extended permit tcp any host 216.33.198.38 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.38 eq https
access-list outside-in extended permit tcp any host 216.33.198.38 eq ftp
access-list outside-in extended permit tcp any host 216.33.198.38 eq ftp-data
access-list outside-in extended permit tcp any host 216.33.198.38 eq 8094
access-list outside-in extended permit tcp any host 216.33.198.38 eq 8096
access-list outside-in extended permit tcp any host 216.33.198.38 eq 8097
access-list outside-in extended permit tcp any host 216.33.198.38 eq 8090
access-list outside-in extended permit tcp any host 216.33.198.25 eq www
access-list outside-in extended permit tcp any host 216.33.198.25 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.25 eq https
access-list outside-in extended permit tcp any host 216.33.198.25 eq ftp-data
access-list outside-in extended permit tcp any host 216.33.198.25 eq ftp
access-list outside-in extended permit tcp any host 216.33.198.25 eq 8094
access-list outside-in extended permit tcp any host 216.33.198.25 eq 8096
access-list outside-in extended permit tcp any host 216.33.198.25 eq 8097
access-list outside-in extended permit tcp any host 216.33.198.25 eq 8090
access-list outside-in extended permit tcp any host 216.33.198.22 eq www
access-list outside-in extended permit tcp any host 216.33.198.22 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.22 eq https
access-list outside-in extended permit tcp any host 216.33.198.22 eq ftp-data
access-list outside-in extended permit tcp any host 216.33.198.22 eq ftp
access-list outside-in extended permit tcp any host 216.33.198.22 eq 8094
access-list outside-in extended permit tcp any host 216.33.198.22 eq 8096
access-list outside-in extended permit tcp any host 216.33.198.22 eq 8097
access-list outside-in extended permit tcp any host 216.33.198.22 eq 8090
access-list outside-in extended permit tcp any host 216.33.198.17 eq www
access-list outside-in extended permit tcp any host 216.33.198.17 eq rtsp
access-list outside-in extended permit udp any host 216.33.198.17 eq 5005
access-list outside-in extended permit tcp any host 216.33.198.17 eq 1755
access-list outside-in extended permit udp any host 216.33.198.17 eq 1755
access-list outside-in extended permit tcp any host 216.33.198.17 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.17 eq https
access-list outside-in extended permit tcp any host 216.33.198.17 eq ftp
access-list outside-in extended permit tcp any host 216.33.198.17 eq ftp-data
access-list outside-in extended permit tcp any host 216.33.198.17 eq 989
access-list outside-in extended permit tcp any host 216.33.198.17 eq 990
access-list outside-in extended permit tcp any host 216.33.198.24 eq www
access-list outside-in extended permit tcp any host 216.33.198.24 eq rtsp
access-list outside-in extended permit udp any host 216.33.198.24 eq 5005
access-list outside-in extended permit tcp any host 216.33.198.24 eq 1755
access-list outside-in extended permit udp any host 216.33.198.24 eq 1755
access-list outside-in extended permit udp any host 216.33.198.24
access-list outside-in extended permit tcp any host 216.33.198.24 eq 8090
access-list outside-in extended permit tcp any host 216.33.198.24 eq https
access-list outside-in extended permit tcp 209.67.5.96 255.255.255.224 any inactive
access-list outside-in extended permit udp 209.67.5.96 255.255.255.224 any inactive
access-list outside-in extended permit udp any host 216.33.198.17 inactive
access-list outside-in extended permit tcp any host 216.33.198.18 eq 1433
access-list outside-in extended permit tcp any host 216.33.198.18 eq 1434
access-list outside-in extended permit tcp any host 216.33.198.100 eq www
access-list outside-in extended permit tcp any host 216.33.198.101 eq www
access-list outside-in extended permit tcp any host 216.33.198.102 eq www
access-list outside-in extended permit tcp any host 216.33.198.103 eq www
access-list outside-in extended permit tcp any host 216.33.198.104 eq www
access-list outside-in extended permit tcp any host 216.33.198.105 eq www
access-list outside-in extended permit tcp any host 216.33.198.106 eq www
access-list outside-in extended permit tcp any host 216.33.198.107 eq www
access-list outside-in extended permit tcp any host 216.33.198.108 eq www
access-list outside-in extended permit tcp any host 216.33.198.109 eq www
access-list outside-in extended permit tcp any host 216.33.198.110 eq www
access-list outside-in extended permit tcp any host 216.33.198.100 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.101 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.102 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.103 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.104 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.105 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.106 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.107 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.108 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.109 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.110 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.100 eq ftp
access-list outside-in extended permit tcp any host 216.33.198.101 eq ftp
access-list outside-in extended permit tcp any host 216.33.198.102 eq ftp
access-list outside-in extended permit tcp any host 216.33.198.103 eq ftp
access-list outside-in extended permit tcp any host 216.33.198.104 eq ftp
access-list outside-in extended permit tcp any host 216.33.198.105 eq ftp
access-list outside-in extended permit tcp any host 216.33.198.106 eq ftp
access-list outside-in extended permit tcp any host 216.33.198.107 eq ftp
access-list outside-in extended permit tcp any host 216.33.198.108 eq ftp
access-list outside-in extended permit tcp any host 216.33.198.109 eq ftp
access-list outside-in extended permit tcp any host 216.33.198.110 eq ftp
access-list outside-in extended permit tcp any host 216.33.198.100 eq ftp-data
access-list outside-in extended permit tcp any host 216.33.198.101 eq ftp-data
access-list outside-in extended permit tcp any host 216.33.198.102 eq ftp-data
access-list outside-in extended permit tcp any host 216.33.198.103 eq ftp-data
access-list outside-in extended permit tcp any host 216.33.198.104 eq ftp-data
access-list outside-in extended permit tcp any host 216.33.198.105 eq ftp-data
access-list outside-in extended permit tcp any host 216.33.198.106 eq ftp-data
access-list outside-in extended permit tcp any host 216.33.198.107 eq ftp-data
access-list outside-in extended permit tcp any host 216.33.198.108 eq ftp-data
access-list outside-in extended permit tcp any host 216.33.198.109 eq ftp-data
access-list outside-in extended permit tcp any host 216.33.198.110 eq ftp-data
access-list outside-in extended permit tcp host 12.71.134.4 any
access-list outside-in extended permit udp host 12.71.134.4 any
access-list outside-in remark Allow Mark to access remote desktop from home office.
access-list outside-in extended permit tcp host 96.255.220.240 any
access-list outside-in remark Allow Mark to access remote desktop from home office.
access-list outside-in extended permit udp host 96.255.220.240 any
access-list outside-in extended permit tcp host 67.81.54.83 any
access-list outside-in remark Allow Chris to access remote desktop from home office.
access-list outside-in extended permit tcp host 100.1.41.196 any
access-list outside-in remark Allow Chris to access remote desktop from home office.
access-list outside-in extended permit udp host 100.1.41.196 any
access-list outside-in extended permit udp host 67.81.54.83 any
access-list outside-in remark Allow Jim Johnstone to remote in from home office.
access-list outside-in extended permit tcp host 96.225.44.46 any
access-list outside-in remark Allow Jim Johnstone to remote in from home office.
access-list outside-in extended permit udp host 96.225.44.46 any
access-list outside-in extended permit tcp host 64.19.183.67 any
access-list outside-in extended permit udp host 64.19.183.67 any
access-list outside-in remark Allow Steve Fisher to remote in from home office.
access-list outside-in extended permit tcp host 173.67.0.16 any
access-list outside-in remark Allow Steve Fisher to remote in from home office.
access-list outside-in extended permit udp host 173.67.0.16 any
access-list outside-in remark Allow remote desktop connections to remote.yorkcast.com
access-list outside-in extended permit tcp any host 216.33.198.20 eq 3389
access-list outside-in remark Allow remote desktop connections to remote.yorkcast.com
access-list outside-in extended permit tcp any host 216.33.198.20 eq ftp-data
access-list outside-in remark Allow remote desktop connections to remote.yorkcast.com
access-list outside-in extended permit tcp any host 216.33.198.20 eq ftp
access-list outside-in remark Allow remote desktop connections to remote.yorkcast.com
access-list outside-in extended permit tcp any host 216.33.198.20 eq www
access-list outside-in remark Allow remote desktop connections to remote.yorkcast.com
access-list outside-in extended permit tcp any host 216.33.198.20 eq https
access-list outside-in remark Allow remote desktop connections to remote.yorkcast.com
access-list outside-in extended permit tcp any host 216.33.198.20 inactive
access-list outside-in remark Allow remote desktop connections to remote.yorkcast.com
access-list outside-in extended permit udp any host 216.33.198.20 inactive
access-list outside-in remark Allow remote desktop connections to remote.yorkcast.com
access-list outside-in extended permit ip any host 216.33.198.20 inactive
access-list outside-in remark Allow remote desktop connections to ftp.yorkcast.com
access-list outside-in extended permit tcp any host 216.33.198.19 eq 3389 inactive
access-list outside-in remark Allow remote desktop connections to BMS-TV
access-list outside-in extended permit tcp any host 216.33.198.21 eq 3389
access-list outside-in remark Allow remote desktop connections to BMS-TV
access-list outside-in extended permit tcp any host 216.33.198.21 eq www
access-list outside-in remark Allow remote desktop connections to BMS-TV
access-list outside-in extended permit tcp any host 216.33.198.21 eq https
access-list outside-in extended permit tcp any host 216.33.198.21 eq 8080
access-list outside-in remark Allow remote desktop connections to BMS-TV
access-list outside-in extended permit tcp any host 216.33.198.21 eq ftp
access-list outside-in remark Allow remote desktop connections to BMS-TV
access-list outside-in extended permit tcp any host 216.33.198.21 eq ftp-data
access-list outside-in extended permit tcp any host 216.33.198.19 eq 3306
access-list outside-in extended permit udp any host 216.33.198.19 eq 3306
access-list outside-in remark Allow remote desktop connections to ftp.yorkcast.com
access-list outside-in extended permit tcp any host 216.33.198.23 eq 3389
access-list outside-in remark Allow remote desktop connections to ftp.yorkcast.com
access-list outside-in extended permit tcp any host 216.33.198.23 eq ftp
access-list outside-in remark Allow remote desktop connections to ftp.yorkcast.com
access-list outside-in extended permit tcp any host 216.33.198.23 eq www
access-list outside-in remark Allow remote desktop connections to ftp.yorkcast.com
access-list outside-in extended permit tcp any host 216.33.198.23 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.18 eq 3389 inactive
access-list outside-in extended permit tcp any host 216.33.198.17 inactive
access-list outside-in extended permit ip any host 216.33.198.17 inactive
access-list outside-in extended permit tcp any host 216.33.198.18 inactive
access-list outside-in extended permit udp any host 216.33.198.17 eq 554
access-list outside-in extended permit udp any host 216.33.198.24 eq 554
access-list outside-in remark Allow any access from Treasury
access-list outside-in extended permit tcp host 64.241.196.50 any
access-list outside-in remark Allow any access from Treasury
access-list outside-in extended permit udp host 64.241.196.50 any
access-list outside-in remark Allow any access from Treasury
access-list outside-in extended permit ip host 64.241.196.50 any
access-list outside-in extended permit tcp any host 216.33.198.26 eq ftp-data
access-list outside-in extended permit tcp any host 216.33.198.26 eq www
access-list outside-in extended permit tcp any host 216.33.198.26 eq https
access-list outside-in extended permit tcp any host 216.33.198.27 eq https
access-list outside-in extended permit tcp any host 216.33.198.27 eq www
access-list outside-in extended permit tcp any host 216.33.198.27 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.27 eq ftp
access-list outside-in extended permit tcp any host 216.33.198.27 eq ftp-data
access-list outside-in extended permit tcp any host 216.33.198.27 eq 8094
access-list outside-in extended permit tcp any host 216.33.198.27 eq 8096
access-list outside-in extended permit tcp any host 216.33.198.27 eq 8097
access-list outside-in extended permit tcp any host 216.33.198.27 eq 8090
access-list outside-in extended permit tcp any host 216.33.198.26 eq ftp inactive
access-list outside-in extended permit tcp any host 216.33.198.26 eq ssh inactive
access-list outside-in extended permit tcp any host 216.33.198.28 eq 81
access-list outside-in extended permit tcp any host 216.33.198.28 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.28 eq www
access-list outside-in extended permit tcp any host 216.33.198.28 eq ssh
access-list outside-in extended permit tcp any host 216.33.198.29 eq www
access-list outside-in extended permit tcp any host 216.33.198.28 eq 3389
access-list outside-in extended permit tcp any host 216.33.198.29 eq ssh
access-list outside-in extended permit tcp any host 216.33.198.30 eq ssh
access-list outside-in extended permit tcp any host 216.33.198.31 eq ssh
access-list outside-in extended permit tcp any host 216.33.198.20 object-group FileMaker
access-list outside-in extended permit tcp any host 216.33.198.20 eq 5003
access-list outside-in extended permit udp any host 216.33.198.20 eq 5003
access-list outside-in extended permit tcp any host 216.33.198.33 eq www
access-list outside-in extended permit tcp any host 216.33.198.33 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.33 eq https
access-list outside-in extended permit tcp any host 216.33.198.33 eq ftp-data
access-list outside-in extended permit tcp any host 216.33.198.33 eq ftp
access-list outside-in extended permit tcp any host 216.33.198.33 eq 8094
access-list outside-in extended permit tcp any host 216.33.198.33 eq 8096
access-list outside-in extended permit tcp any host 216.33.198.33 eq 8097
access-list outside-in extended permit tcp any host 216.33.198.33 eq 8090
access-list outside-in extended permit tcp any host 216.33.198.34 eq www
access-list outside-in extended permit tcp any host 216.33.198.34 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.34 eq https
access-list outside-in extended permit tcp any host 216.33.198.34 eq ftp-data
access-list outside-in extended permit tcp any host 216.33.198.34 eq ftp
access-list outside-in extended permit tcp any host 216.33.198.34 eq 8094
access-list outside-in extended permit tcp any host 216.33.198.34 eq 8096
access-list outside-in extended permit tcp any host 216.33.198.34 eq 8097
access-list outside-in extended permit tcp any host 216.33.198.34 eq 8090
access-list outside-in extended permit tcp any host 216.33.198.36 eq www
access-list outside-in extended permit tcp any host 216.33.198.36 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.36 eq https
access-list outside-in extended permit tcp any host 216.33.198.36 eq ftp-data
access-list outside-in extended permit tcp any host 216.33.198.36 eq ftp
access-list outside-in extended permit tcp any host 216.33.198.36 eq 8094
access-list outside-in extended permit tcp any host 216.33.198.36 eq 8096
access-list outside-in extended permit tcp any host 216.33.198.36 eq 8097
access-list outside-in extended permit tcp any host 216.33.198.36 eq 8090
access-list outside-in extended permit tcp any host 216.33.198.37 eq www
access-list outside-in extended permit tcp any host 216.33.198.37 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.37 eq https
access-list outside-in extended permit tcp any host 216.33.198.37 eq ftp
access-list outside-in extended permit tcp any host 216.33.198.37 eq ftp-data
access-list outside-in extended permit tcp any host 216.33.198.37 eq 8094
access-list outside-in extended permit tcp any host 216.33.198.37 eq 8096
access-list outside-in extended permit tcp any host 216.33.198.37 eq 8097
access-list outside-in extended permit tcp any host 216.33.198.37 eq 8090
access-list outside-in extended permit tcp any host 216.33.198.39 eq www
access-list outside-in extended permit tcp any host 216.33.198.39 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.39 eq https
access-list outside-in extended permit tcp any host 216.33.198.39 eq ftp-data
access-list outside-in extended permit tcp any host 216.33.198.39 eq ftp
access-list outside-in extended permit tcp any host 216.33.198.39 eq 8094
access-list outside-in extended permit tcp any host 216.33.198.39 eq 8096
access-list outside-in extended permit tcp any host 216.33.198.39 eq 8097
access-list outside-in extended permit tcp any host 216.33.198.39 eq 8090
access-list outside-in extended permit tcp any host 216.33.198.41 eq 3389
access-list outside-in extended permit tcp any host 216.33.198.41 eq www
access-list outside-in extended permit tcp any host 216.33.198.41 eq ftp
access-list outside-in extended permit tcp any host 216.33.198.41 eq ftp-data
access-list outside-in extended permit tcp any host 216.33.198.41 eq https
access-list outside-in extended permit tcp any host 216.33.198.41 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.42 eq 3389
access-list outside-in extended permit tcp any host 216.33.198.42 eq www
access-list outside-in extended permit tcp any host 216.33.198.42 eq https
access-list outside-in extended permit tcp any host 216.33.198.42 eq ftp
access-list outside-in extended permit tcp any host 216.33.198.42 eq ftp-data
access-list outside-in extended permit tcp any host 216.33.198.42 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.28
access-list inside-out extended permit tcp any host 216.33.198.17 eq rtsp
access-list inside-out extended permit udp any host 216.33.198.17 eq 5004
access-list inside-out extended permit udp any host 216.33.198.17 eq 5005
access-list inside-out extended permit tcp any host 216.33.198.17 eq 1755
access-list inside-out extended permit udp any host 216.33.198.17 eq 1755
access-list rtsp-acl extended deny tcp any host 216.33.198.17 eq rtsp
access-list rtsp-acl extended permit tcp any any eq rtsp
access-list inside_nat0_outbound extended permit ip 10.203.204.0 255.255.255.0 10.203.204.0 255.255.255.192
access-list inside_nat0_outbound extended permit ip any 10.203.204.48 255.255.255.240
access-list inside_nat0_outbound extended permit ip any 10.203.204.0 255.255.255.192
access-list inside_nat0_outbound extended permit ip host 10.203.204.19 10.203.204.32 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.203.204.0 255.255.255.0 192.168.250.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 10.203.204.0 255.255.255.0 192.168.252.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip any 10.203.204.144 255.255.255.240
access-list inside_nat0_outbound extended permit ip host 216.33.198.33 165.89.0.0 255.255.0.0
access-list inside_nat0_outbound extended permit ip host 216.33.198.19 165.89.0.0 255.255.0.0
access-list inside_nat0_outbound extended permit ip host 216.33.198.17 165.89.0.0 255.255.0.0
access-list inside_nat0_outbound extended permit ip host 216.33.198.24 165.89.0.0 255.255.0.0
access-list inside_nat0_outbound extended permit ip host 216.33.198.20 any inactive
access-list inside_nat0_outbound extended permit ip 216.33.198.0 255.255.255.0 165.89.0.0 255.255.0.0
access-list inside_nat0_outbound extended permit ip any 10.203.204.48 255.255.255.248
access-list inside_nat0_outbound extended permit ip any 216.33.198.56 255.255.255.248
access-list dc2vpn_splitTunnelAcl standard permit 10.203.204.0 255.255.255.0
access-list dc2vpn_splitTunnelAcl standard permit 192.168.250.0 255.255.255.0
access-list dc2vpn_splitTunnelAcl standard permit 192.168.252.0 255.255.255.0
access-list dc2vpn_splitTunnelAcl standard permit any
access-list outside_map standard permit any
access-list Split_Tunnel_List standard permit 10.203.204.0 255.255.255.0
access-list test_splitTunnelAcl standard permit any
access-list outside_access_out extended permit tcp any host 12.71.134.75 inactive
access-list outside_in extended permit tcp host 12.71.134.75 any eq smtp
access-list outside_nat0_inbound extended permit ip host 216.33.198.21 host 165.89.130.31
access-list outside_nat0_inbound extended permit ip host 216.33.198.21 host 165.89.18.102
access-list outside_nat0_inbound extended permit ip host 216.33.198.21 host 165.89.18.103
access-list outside_nat0_inbound extended permit ip host 216.33.198.21 host 165.89.18.104
access-list outside_nat0_inbound extended permit ip 216.33.198.0 255.255.255.0 165.89.0.0 255.255.0.0
access-list outside_cryptomap_80 extended permit ip 10.203.204.0 255.255.255.0 192.168.250.0 255.255.255.0
access-list outside_cryptomap_60 extended deny ip host 216.33.198.33 165.89.0.0 255.255.0.0
access-list outside_cryptomap_60 extended deny ip host 216.33.198.19 165.89.0.0 255.255.0.0
access-list outside_cryptomap_60 extended deny ip host 216.33.198.17 165.89.0.0 255.255.0.0
access-list outside_cryptomap_60 extended deny ip host 216.33.198.24 165.89.0.0 255.255.0.0
access-list outside_cryptomap_60 extended permit ip 216.33.198.0 255.255.255.0 165.89.0.0 255.255.0.0
access-list outside_cryptomap_100 extended permit ip 10.203.204.0 255.255.255.0 192.168.252.0 255.255.255.0
access-list dc2vpntest_splitTunnelAcl standard permit 10.203.204.0 255.255.255.0
pager lines 24
logging enable
logging asdm informational
logging ftp-bufferwrap
logging ftp-server 10.203.204.10 logs asa ****
mtu outside 1500
mtu inside 1500
mtu insidesan 1500
mtu management 1500
ip local pool vpnpool 10.203.204.60-10.203.204.65 mask 255.255.255.0
failover
failover lan unit secondary
failover lan interface failover GigabitEthernet0/3
failover polltime unit msec 999 holdtime 3
failover polltime interface 5
failover link failover GigabitEthernet0/3
failover interface ip failover 172.16.100.1 255.255.255.252 standby 172.16.100.2
monitor-interface outside
monitor-interface inside
monitor-interface insidesan
no monitor-interface management
icmp permit 65.123.204.0 255.255.254.0 outside
asdm image disk0:/asdm-508.bin
no asdm history enable
arp timeout 14400
nat-control
nat (outside) 0 access-list outside_nat0_inbound outside
nat (inside) 0 access-list inside_nat0_outbound
static (inside,outside) 216.33.198.10 10.203.204.10 netmask 255.255.255.255
static (inside,outside) 216.33.198.11 10.203.204.11 netmask 255.255.255.255
static (inside,outside) 216.33.198.12 10.203.204.12 netmask 255.255.255.255
static (inside,outside) 216.33.198.13 10.203.204.13 netmask 255.255.255.255
static (inside,outside) 216.33.198.14 10.203.204.14 netmask 255.255.255.255
static (inside,outside) 216.33.198.15 10.203.204.15 netmask 255.255.255.255
static (inside,outside) 216.33.198.16 10.203.204.16 netmask 255.255.255.255
static (inside,outside) 216.33.198.17 10.203.204.17 netmask 255.255.255.255
static (inside,outside) 216.33.198.18 10.203.204.18 netmask 255.255.255.255
static (inside,outside) 216.33.198.19 10.203.204.19 netmask 255.255.255.255
static (inside,outside) 216.33.198.20 10.203.204.20 netmask 255.255.255.255
static (inside,outside) 216.33.198.21 10.203.204.21 netmask 255.255.255.255
static (inside,outside) 216.33.198.22 10.203.204.22 netmask 255.255.255.255
static (inside,outside) 216.33.198.23 10.203.204.23 netmask 255.255.255.255
static (inside,outside) 216.33.198.24 10.203.204.24 netmask 255.255.255.255
static (inside,outside) 216.33.198.25 10.203.204.25 netmask 255.255.255.255
static (inside,outside) 216.33.198.26 10.203.204.26 netmask 255.255.255.255
static (inside,outside) 216.33.198.27 10.203.204.27 netmask 255.255.255.255
static (inside,outside) 216.33.198.28 10.203.204.28 netmask 255.255.255.255
static (inside,outside) 216.33.198.29 10.203.204.29 netmask 255.255.255.255
static (inside,outside) 216.33.198.30 10.203.204.30 netmask 255.255.255.255
static (inside,outside) 216.33.198.31 10.203.204.31 netmask 255.255.255.255
static (inside,outside) 216.33.198.32 10.203.204.32 netmask 255.255.255.255
static (inside,outside) 216.33.198.33 10.203.204.33 netmask 255.255.255.255
static (inside,outside) 216.33.198.34 10.203.204.34 netmask 255.255.255.255
static (inside,outside) 216.33.198.35 10.203.204.35 netmask 255.255.255.255
static (inside,outside) 216.33.198.36 10.203.204.36 netmask 255.255.255.255
static (inside,outside) 216.33.198.37 10.203.204.37 netmask 255.255.255.255
static (inside,outside) 216.33.198.38 10.203.204.38 netmask 255.255.255.255
static (inside,outside) 216.33.198.39 10.203.204.39 netmask 255.255.255.255
static (inside,outside) 216.33.198.40 10.203.204.40 netmask 255.255.255.255
static (inside,outside) 216.33.198.41 10.203.204.41 netmask 255.255.255.255
static (inside,outside) 216.33.198.42 10.203.204.42 netmask 255.255.255.255
static (inside,outside) 216.33.198.43 10.203.204.43 netmask 255.255.255.255
static (inside,outside) 216.33.198.44 10.203.204.44 netmask 255.255.255.255
static (inside,outside) 216.33.198.45 10.203.204.45 netmask 255.255.255.255
static (inside,outside) 216.33.198.46 10.203.204.46 netmask 255.255.255.255
static (inside,outside) 216.33.198.47 10.203.204.47 netmask 255.255.255.255
static (inside,outside) 216.33.198.48 10.203.204.48 netmask 255.255.255.255
static (inside,outside) 216.33.198.49 10.203.204.49 netmask 255.255.255.255
static (inside,outside) 216.33.198.50 10.203.204.50 netmask 255.255.255.255
static (inside,outside) 216.33.198.51 10.203.204.51 netmask 255.255.255.255
static (inside,outside) 216.33.198.52 10.203.204.52 netmask 255.255.255.255
static (inside,outside) 216.33.198.53 10.203.204.53 netmask 255.255.255.255
static (inside,outside) 216.33.198.54 10.203.204.54 netmask 255.255.255.255
static (inside,outside) 216.33.198.55 10.203.204.55 netmask 255.255.255.255
static (inside,outside) 216.33.198.56 10.203.204.56 netmask 255.255.255.255
static (inside,outside) 216.33.198.57 10.203.204.57 netmask 255.255.255.255
static (inside,outside) 216.33.198.58 10.203.204.58 netmask 255.255.255.255
static (inside,outside) 216.33.198.59 10.203.204.59 netmask 255.255.255.255
static (inside,outside) 216.33.198.60 10.203.204.60 netmask 255.255.255.255
static (inside,outside) 216.33.198.61 10.203.204.61 netmask 255.255.255.255
static (inside,outside) 216.33.198.62 10.203.204.62 netmask 255.255.255.255
static (inside,outside) 216.33.198.63 10.203.204.63 netmask 255.255.255.255
static (inside,outside) 216.33.198.64 10.203.204.64 netmask 255.255.255.255
static (inside,outside) 216.33.198.65 10.203.204.65 netmask 255.255.255.255
static (inside,outside) 216.33.198.66 10.203.204.66 netmask 255.255.255.255
static (inside,outside) 216.33.198.67 10.203.204.67 netmask 255.255.255.255
static (inside,outside) 216.33.198.68 10.203.204.68 netmask 255.255.255.255
static (inside,outside) 216.33.198.69 10.203.204.69 netmask 255.255.255.255
static (inside,outside) 216.33.198.70 10.203.204.70 netmask 255.255.255.255
static (inside,outside) 216.33.198.71 10.203.204.71 netmask 255.255.255.255
static (inside,outside) 216.33.198.100 10.203.204.100 netmask 255.255.255.255
static (inside,outside) 216.33.198.101 10.203.204.101 netmask 255.255.255.255
static (inside,outside) 216.33.198.102 10.203.204.102 netmask 255.255.255.255
static (inside,outside) 216.33.198.103 10.203.204.103 netmask 255.255.255.255
static (inside,outside) 216.33.198.104 10.203.204.104 netmask 255.255.255.255
static (inside,outside) 216.33.198.105 10.203.204.105 netmask 255.255.255.255
static (inside,outside) 216.33.198.106 10.203.204.106 netmask 255.255.255.255
static (inside,outside) 216.33.198.107 10.203.204.107 netmask 255.255.255.255
static (inside,outside) 216.33.198.108 10.203.204.108 netmask 255.255.255.255
static (inside,outside) 216.33.198.109 10.203.204.109 netmask 255.255.255.255
static (inside,outside) 216.33.198.110 10.203.204.110 netmask 255.255.255.255
static (inside,outside) 216.33.198.111 10.203.204.111 netmask 255.255.255.255
static (inside,outside) 216.33.198.112 10.203.204.112 netmask 255.255.255.255
static (inside,outside) 216.33.198.113 10.203.204.113 netmask 255.255.255.255
static (inside,outside) 216.33.198.114 10.203.204.114 netmask 255.255.255.255
static (inside,outside) 216.33.198.115 10.203.204.115 netmask 255.255.255.255
static (inside,outside) 216.33.198.116 10.203.204.116 netmask 255.255.255.255
static (inside,outside) 216.33.198.117 10.203.204.117 netmask 255.255.255.255
static (inside,outside) 216.33.198.118 10.203.204.118 netmask 255.255.255.255
static (inside,outside) 216.33.198.119 10.203.204.119 netmask 255.255.255.255
static (inside,outside) 216.33.198.120 10.203.204.120 netmask 255.255.255.255
static (inside,outside) 216.33.198.121 10.203.204.121 netmask 255.255.255.255
static (inside,outside) 216.33.198.122 10.203.204.122 netmask 255.255.255.255
static (inside,outside) 216.33.198.123 10.203.204.123 netmask 255.255.255.255
static (inside,outside) 216.33.198.124 10.203.204.124 netmask 255.255.255.255
static (inside,outside) 216.33.198.125 10.203.204.125 netmask 255.255.255.255
static (inside,outside) 216.33.198.126 10.203.204.126 netmask 255.255.255.255
static (inside,outside) 216.33.198.127 10.203.204.127 netmask 255.255.255.255
static (inside,outside) 216.33.198.128 10.203.204.128 netmask 255.255.255.255
static (inside,outside) 216.33.198.129 10.203.204.129 netmask 255.255.255.255
static (inside,outside) 216.33.198.130 10.203.204.130 netmask 255.255.255.255
static (inside,outside) 216.33.198.131 10.203.204.131 netmask 255.255.255.255
static (inside,outside) 216.33.198.132 10.203.204.132 netmask 255.255.255.255
static (inside,outside) 216.33.198.133 10.203.204.133 netmask 255.255.255.255
static (inside,outside) 216.33.198.134 10.203.204.134 netmask 255.255.255.255
static (inside,outside) 216.33.198.135 10.203.204.135 netmask 255.255.255.255
static (inside,outside) 216.33.198.136 10.203.204.136 netmask 255.255.255.255
static (inside,outside) 216.33.198.137 10.203.204.137 netmask 255.255.255.255
static (inside,outside) 216.33.198.138 10.203.204.138 netmask 255.255.255.255
static (inside,outside) 216.33.198.139 10.203.204.139 netmask 255.255.255.255
static (inside,outside) 216.33.198.140 10.203.204.140 netmask 255.255.255.255
static (inside,outside) 216.33.198.141 10.203.204.141 netmask 255.255.255.255
static (inside,outside) 216.33.198.142 10.203.204.142 netmask 255.255.255.255
static (inside,outside) 216.33.198.143 10.203.204.143 netmask 255.255.255.255
static (inside,outside) 216.33.198.144 10.203.204.144 netmask 255.255.255.255
static (inside,outside) 216.33.198.145 10.203.204.145 netmask 255.255.255.255
static (inside,outside) 216.33.198.146 10.203.204.146 netmask 255.255.255.255
static (inside,outside) 216.33.198.147 10.203.204.147 netmask 255.255.255.255
static (inside,outside) 216.33.198.148 10.203.204.148 netmask 255.255.255.255
static (inside,outside) 216.33.198.149 10.203.204.149 netmask 255.255.255.255
static (inside,outside) 216.33.198.150 10.203.204.150 netmask 255.255.255.255
static (inside,outside) 216.33.198.151 10.203.204.151 netmask 255.255.255.255
static (inside,outside) 216.33.198.152 10.203.204.152 netmask 255.255.255.255
static (inside,outside) 216.33.198.153 10.203.204.153 netmask 255.255.255.255
static (inside,outside) 216.33.198.154 10.203.204.154 netmask 255.255.255.255
static (inside,outside) 216.33.198.155 10.203.204.155 netmask 255.255.255.255
static (inside,outside) 216.33.198.156 10.203.204.156 netmask 255.255.255.255
static (inside,outside) 216.33.198.157 10.203.204.157 netmask 255.255.255.255
static (inside,outside) 216.33.198.158 10.203.204.158 netmask 255.255.255.255
static (inside,outside) 216.33.198.159 10.203.204.159 netmask 255.255.255.255
static (inside,outside) 216.33.198.160 10.203.204.160 netmask 255.255.255.255
static (inside,outside) 216.33.198.161 10.203.204.161 netmask 255.255.255.255
static (inside,outside) 216.33.198.162 10.203.204.162 netmask 255.255.255.255
static (inside,outside) 216.33.198.163 10.203.204.163 netmask 255.255.255.255
static (inside,outside) 216.33.198.164 10.203.204.164 netmask 255.255.255.255
static (inside,outside) 216.33.198.165 10.203.204.165 netmask 255.255.255.255
static (inside,outside) 216.33.198.166 10.203.204.166 netmask 255.255.255.255
static (inside,outside) 216.33.198.167 10.203.204.167 netmask 255.255.255.255
static (inside,outside) 216.33.198.168 10.203.204.168 netmask 255.255.255.255
static (inside,outside) 216.33.198.169 10.203.204.169 netmask 255.255.255.255
static (inside,outside) 216.33.198.170 10.203.204.170 netmask 255.255.255.255
static (inside,outside) 216.33.198.171 10.203.204.171 netmask 255.255.255.255
static (inside,outside) 216.33.198.172 10.203.204.172 netmask 255.255.255.255
static (inside,outside) 216.33.198.173 10.203.204.173 netmask 255.255.255.255
static (inside,outside) 216.33.198.174 10.203.204.174 netmask 255.255.255.255
static (inside,outside) 216.33.198.175 10.203.204.175 netmask 255.255.255.255
static (inside,outside) 216.33.198.176 10.203.204.176 netmask 255.255.255.255
static (inside,outside) 216.33.198.177 10.203.204.177 netmask 255.255.255.255
static (inside,outside) 216.33.198.178 10.203.204.178 netmask 255.255.255.255
static (inside,outside) 216.33.198.179 10.203.204.179 netmask 255.255.255.255
static (inside,outside) 216.33.198.180 10.203.204.180 netmask 255.255.255.255
static (inside,outside) 216.33.198.181 10.203.204.181 netmask 255.255.255.255
static (inside,outside) 216.33.198.182 10.203.204.182 netmask 255.255.255.255
static (inside,outside) 216.33.198.183 10.203.204.183 netmask 255.255.255.255
static (inside,outside) 216.33.198.184 10.203.204.184 netmask 255.255.255.255
static (inside,outside) 216.33.198.185 10.203.204.185 netmask 255.255.255.255
static (inside,outside) 216.33.198.186 10.203.204.186 netmask 255.255.255.255
static (inside,outside) 216.33.198.187 10.203.204.187 netmask 255.255.255.255
static (inside,outside) 216.33.198.188 10.203.204.188 netmask 255.255.255.255
static (inside,outside) 216.33.198.189 10.203.204.189 netmask 255.255.255.255
static (inside,outside) 216.33.198.190 10.203.204.190 netmask 255.255.255.255
static (inside,outside) 216.33.198.191 10.203.204.191 netmask 255.255.255.255
static (inside,outside) 216.33.198.192 10.203.204.192 netmask 255.255.255.255
static (inside,outside) 216.33.198.193 10.203.204.193 netmask 255.255.255.255
static (inside,outside) 216.33.198.194 10.203.204.194 netmask 255.255.255.255
static (inside,outside) 216.33.198.195 10.203.204.195 netmask 255.255.255.255
static (inside,outside) 216.33.198.196 10.203.204.196 netmask 255.255.255.255
static (inside,outside) 216.33.198.197 10.203.204.197 netmask 255.255.255.255
static (inside,outside) 216.33.198.198 10.203.204.198 netmask 255.255.255.255
static (inside,outside) 216.33.198.199 10.203.204.199 netmask 255.255.255.255
static (inside,outside) 216.33.198.200 10.203.204.200 netmask 255.255.255.255
access-group outside-in in interface outside
route outside 0.0.0.0 0.0.0.0 216.33.198.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
group-policy test internal
group-policy test attributes
dns-server value 10.203.204.14 10.203.204.15
split-tunnel-policy tunnelspecified
split-tunnel-network-list value test_splitTunnelAcl
default-domain value yorkmedia.local
webvpn
group-policy tunneltest internal
group-policy tunneltest attributes
dns-server value 10.203.204.14 4.2.2.2
default-domain value yorkmedia.local
webvpn
group-policy testpol internal
group-policy testpol attributes
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelall
split-tunnel-network-list value dc2vpn_splitTunnelAcl
webvpn
group-policy aes internal
group-policy aes attributes
dns-server value 10.203.204.14 10.203.204.15
vpn-tunnel-protocol IPSec
group-lock value aestest
webvpn
group-policy grouptest internal
group-policy grouptest attributes
dns-server value 10.203.204.14 4.2.2.2
default-domain value yorkmedia.local
webvpn
group-policy dc2vpntest internal
group-policy dc2vpntest attributes
split-tunnel-policy tunnelspecified
split-tunnel-network-list value dc2vpntest_splitTunnelAcl
webvpn
group-policy dc2vpn internal
group-policy dc2vpn attributes
dns-server value 10.203.204.14 10.203.204.15
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value dc2vpn_splitTunnelAcl
webvpn
group-policy BMSTV internal
group-policy BMSTV attributes
wins-server none
dns-server none
dhcp-network-scope none
vpn-access-hours none
vpn-simultaneous-logins 3
vpn-idle-timeout none
vpn-session-timeout none
vpn-filter none
vpn-tunnel-protocol IPSec
password-storage disable
ip-comp disable
re-xauth disable
group-lock none
pfs disable
ipsec-udp disable
ipsec-udp-port 10000
split-tunnel-policy tunnelall
split-tunnel-network-list none
default-domain none
split-dns none
secure-unit-authentication disable
user-authentication disable
user-authentication-idle-timeout none
ip-phone-bypass disable
leap-bypass disable
nem disable
backup-servers keep-client-config
client-firewall none
client-access-rule none
webvpn
username mmaxey password zSSKHLc.gx8szpy2 encrypted privilege 15
username mmaxey attributes
vpn-group-policy dc2vpn
webvpn
username jjohnstone password qElIg/rYW4OoTIEP encrypted privilege 15
username jjohnstone attributes
vpn-group-policy dc2vpntest
webvpn
username sragona password ZgCBom/StrITlFdU encrypted
username sragona attributes
vpn-group-policy dc2vpn
webvpn
username admin password 5zvQXQPrcnyHyGKm encrypted
username seng password PP8UcINDKi7BSsj2 encrypted
username seng attributes
vpn-group-policy dc2vpn
webvpn
username chauser password I3OIxCe8FBONQlhK encrypted
username chauser attributes
vpn-group-policy dc2vpn
webvpn
aaa authentication ssh console LOCAL
aaa authentication telnet console LOCAL
http server enable
http 65.123.204.0 255.255.254.0 outside
http 0.0.0.0 0.0.0.0 outside
http 10.203.204.0 255.255.254.0 inside
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map outside_dyn_map 20 set pfs group7
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-AES-256-SHA
crypto dynamic-map outside_dyn_map 20 set security-association lifetime seconds 28800
crypto dynamic-map outside_dyn_map 20 set security-association lifetime kilobytes 4608000
crypto map outside_map 60 match address outside_cryptomap_60
crypto map outside_map 60 set peer 165.89.240.1
crypto map outside_map 60 set transform-set ESP-3DES-SHA
crypto map outside_map 60 set security-association lifetime seconds 28800
crypto map outside_map 60 set security-association lifetime kilobytes 4608000
crypto map outside_map 80 match address outside_cryptomap_80
crypto map outside_map 80 set pfs
crypto map outside_map 80 set peer 64.19.183.67
crypto map outside_map 80 set transform-set ESP-3DES-SHA
crypto map outside_map 80 set security-association lifetime seconds 28800
crypto map outside_map 80 set security-association lifetime kilobytes 4608000
crypto map outside_map 100 match address outside_cryptomap_100
crypto map outside_map 100 set pfs
crypto map outside_map 100 set peer 64.241.196.50
crypto map outside_map 100 set transform-set ESP-3DES-SHA
crypto map outside_map 100 set security-association lifetime seconds 28800
crypto map outside_map 100 set security-association lifetime kilobytes 4608000
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
isakmp enable outside
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
isakmp policy 30 authentication pre-share
isakmp policy 30 encryption aes-256
isakmp policy 30 hash sha
isakmp policy 30 group 5
isakmp policy 30 lifetime 86400
isakmp policy 50 authentication pre-share
isakmp policy 50 encryption aes-256
isakmp policy 50 hash sha
isakmp policy 50 group 7
isakmp policy 50 lifetime 86400
isakmp nat-traversal 20
isakmp ipsec-over-tcp port 10000
tunnel-group DefaultRAGroup ipsec-attributes
pre-shared-key *
tunnel-group dc2vpn type ipsec-ra
tunnel-group dc2vpn general-attributes
address-pool vpnpool
default-group-policy dc2vpn
tunnel-group dc2vpn ipsec-attributes
pre-shared-key *
tunnel-group test type ipsec-ra
tunnel-group test general-attributes
default-group-policy test
tunnel-group test ipsec-attributes
pre-shared-key *
tunnel-group 165.89.240.1 type ipsec-l2l
tunnel-group 165.89.240.1 general-attributes
default-group-policy BMSTV
tunnel-group 165.89.240.1 ipsec-attributes
pre-shared-key *
isakmp keepalive threshold 3600 retry 2
tunnel-group 64.19.183.67 type ipsec-l2l
tunnel-group 64.19.183.67 ipsec-attributes
pre-shared-key *
tunnel-group 64.241.196.50 type ipsec-l2l
tunnel-group 64.241.196.50 ipsec-attributes
pre-shared-key *
isakmp keepalive disable
tunnel-group dc2vpntest type ipsec-ra
tunnel-group dc2vpntest general-attributes
default-group-policy dc2vpntest
tunnel-group dc2vpntest ipsec-attributes
pre-shared-key *
tunnel-group aestest type ipsec-ra
tunnel-group aestest general-attributes
address-pool vpnpool
default-group-policy aes
tunnel-group aestest ipsec-attributes
pre-shared-key *
tunnel-group TunnelGroup1 type ipsec-ra
tunnel-group TunnelGroup1 general-attributes
address-pool vpnpool
telnet 10.203.204.10 255.255.255.255 inside
telnet timeout 5
ssh 65.123.204.0 255.255.254.0 outside
ssh 10.203.204.0 255.255.254.0 inside
ssh timeout 5
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd lease 3600
dhcpd ping_timeout 50
class-map rtsp-traffic
match access-list rtsp-acl
class-map inspection_default
match default-inspection-traffic
policy-map global_policy
class inspection_default
inspect dns maximum-length 512
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect icmp
class rtsp-traffic
inspect rtsp
service-policy global_policy global
tftp-server inside 10.203.204.10 dc2asa01/config
Cryptochecksum:6d74d3994ea6764893c420f477568aac
: endYou have three site-site VPNs and a remote access VPN setup. so the statement "Suddenly no one can access the remote LAN over VPN. " is a bit ambiguous in that context.
From which source to what destination is not working for you? -
Any reported problems using jdbc over a WAN?
If im trying to connect to a Database that's on a WAN will I experience any issues in using jdbc to connect and execute queries to that database?
I know problems would come up if my wan network is slow, but has jdbc been able to handle long distance database queries? timeout values?but why?
is it because of security? If a company had a database with your personal info hanging out on the Web for anyone to query without any validation or security, how would you feel about it?
design pattern issues? It's just good layered design.
just doesnt make sense?Not in my opinion.
have u experienced/heard of any problems of
connecting to a database over a WAN and executing
queries?You don't say anything about who the client is. If the database is behind a firewall, outside clients shouldn't be able to access the port where the listener is running. Only port 80 should be open on that firewall.
So you either write a servlet that listens on port 80 for HTTP requests from a browser-based client OR you ask your firewall admin to punch a hole in the firewall and open up the port on which your database is listening for queries and use a Swing client.
If s/he agrees to do it, quit immediately. It means your company doesn't know anything about security.
%
Maybe you are looking for
-
Is there a resource fork with iTunes music files?
I want to put a few iTunes music files on an SD card and plug it into my Panasonic TV for sort of instant access. It worked and sounded OK, except I get two files on the SD card for every file in iTunes (the second one isn't recognized). I seem to re
-
Using Single Datasource to Access Multiple Databases
Hi, We would like to know the pros and cons of accessing multiple databases through a single datasource, versus accessing each database through its own datasource. Our environment includes multiple web servers w/ the latest version of ColdFusion MX 7
-
Workflow is starting with status Error.
Hi All, I am trigerring my workflow from an custom event, my workflow is getting trigerred but the status is showing as ERROR. I have already checked SWEL to check event creation, even in event simulation i am able to see that my workflow has been tr
-
Turning off alarms in selected calendars only.
I'm running Lion on a macbook and have an iPhone with IOS 5. I have three shared calendars. How do I turn off the alarms on the iPhone for the three shared calendars onlly. Would like to keep the alarms active on my two calendars.
-
Syncing iTunes on a new PC with my existing iPhone
Hello My friend has a new Windows 7 PC. His old one (with his old iTunes) died. He downloaded iTunes on the new PC and is trying to sync his iPhone to it. He logged into iTunes and the music store using the same info he uses to download apps on his i