Server Access Via ASA

Similar Messages

• Plex Media Server Access Via Closed Port

  Hey All,
  I'm running Plex Media Server on my home server (running Arch of course) and am curious how it is able to run and be accessed on port 25244 when both my router and iptables config do not have this port opened? I can access the server via port 32400, but if I go into the app settings and connect it to a myPlex account, it allows the server to be mapped to 25244.
  Thanks in advance!
  - James

  Hi dlw,
  Thanks for the reply.  I have installed plex server on my home PC (which I was going to use as the server pc - a windowns 7 - 64bit) and then install plex on my ipad so that I can watch films and listen to music held on my PC.
  I've installed the lastest versions of silverlight and flash and also installed the plex server software.  However, when I right click on the tray icom and select media manager it tries to open http://www.localhost.com:32400/manage/ in firefox but keeps getting timed out.  
  Haven't got a clue why or how to resolve it, but slowly trying me insane.

• Single Sign On (SSO) Internet Access via ASA

  Good Afternoon,
  I'm looking for a way for users to authenticate through the ASA to determine whether or not they are granted access to the Internet. I would like to provide two separate Active Directory groups, for example, GRP-NO-INTERNET and GRP-INTERNET. When a user accesses the Internet I would like the firewall to obtain a SSO credential and query AD to see if they have access or not and respond accordingly.
  I'm currently working with TAC to investigate the possibility of using DAP but was curious if others have successfully tested this or what other options may be available. The end result would be to eliminate the credentials prompt by the firewall and have the authentication done in the background (somehow) without user interaction.
  Thanks in advance to anyone's suggestions.
  -Mike

  Actually, it should be possible starting ASA 8.4.2. You will have to configure an AD Agent on Windows. Please see the following link
  http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/access_idfw.html
  Please rate if it helps. Kind regards

• Shared Services and Essbase Server Access Question

  Hi,
  It seems that we have to assign Essbase Server access at the individual username level and that groups don't work when it comes to Essbase Server Access. Is this correct or are we doing something wrong and groups do work with Essbase Server access? We are on 11.1.1.3 Essbase/Planning/Shared Services.
  Thanks

  You can provision Essbase Server Access via groups but it must be the very first thing provisioned and pushed to Essbase. Then after that, provision your groups with other accesses such as Planning, Reports etc....

• Securely Access Exchange Server 2007 through ASA 5510 using Outlook

  Is there any way to access a MS Exchange Server 2007 on Windows server 2008 through an ASA 5510 running 8.4 with a full MS Outlook client (not using OWA - web browser)?  OWA is currently working fine but I was wondering if access via the full Outlook client is possible and more importantly...is it opening up too many ports on my 5510?  Any help is much appreciated!
  ~John

  Hi John,
  For that scenario, a remote access VPN is probably the best way to go (either the traditional IPSec client or SSL VPN/AnyConnect). This config guide lists your options on the ASA:
  http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/vpn_ike.html
  -Mike

• Accessing Home Dir's via ASA SSL VPN

  I have an ASA 5540 and an ACS 4.0. i am configuring an SSL based VPN for users in an active directory. I want to give the users access to their Windows Home Dir and have created a CIFS link in the URL list in the tunnel group policy for those users.
  I want to give the users access to \\SERVER\Share\%username% as it is described in windows terms. how do a go about this in the ASA, as the above does not work at all? the ASA wants to use the / instead of \ in the CIFS shares. It works fine for normal shares and hidden share specified with $, but not using the %username% variable.
  The documentation on SSL VPNS on both ASA and ACS 4.0 is terrible.
  Best regards,
  Neal Lewis

  This question might be a bit outdated, yet I stumbled across it since even in times of OS 8.4(3), I've had exactly the same problem. Menawhile I've found the solution to it:
  You can work with the usual WebVPN variables which ASA offers for single sign-on (SSO) purposes. The following example works for my customer for a profile in which he applies two-factor authentication and allows his users to access their Windows home share using SSO (using the secondary WebVPN login information, which is their AD login name, accessed via LDAP):
  Bookmark URL:
  cifs:///CSCO_WEBVPN_SECONDARY_USERNAME%24 (where %24 is a code substitution for the '$' sign)
  SSO config:
  group-policy attributes
    webvpn
      auto-signon allow ip auth-type ntlm username CSCO_WEBVPN_SECONDARY_USERNAME password CSCO_WEBVPN_SECONDARY_PASSWORD
  There are two important things to consider, though:
  The share name *must* match the user's login name
  The folder effectively has to be configured to be a share (not just an ordinary folder). My tests have shown that it doesn't work even if that desired, ordinary destination folder is a subfolder of an accessible share.
  Hope that helps other people.
  Toni

• Can a SQL SERVER table be accessed via Oracle Forms

  My boss asked me this question today. I am pretty sure the answer is "no", but thought it better to throw it out to the crowd:
  "Can a SQL SERVER table be accessed via Oracle Forms?"

  Yes, this is possible using Oracle's Transparent Gateway. Check out the My Oracle Support (formerly Metalink) document "How To Create A Form Based on SQL Server Table" (Doc ID: 564915.1) for all of the details. This document is based on Forms 10g (10.1.2.0.2) so you may need to upgrade your Forms version if you are not already at this version at a minimum.
  Hope this helps,
  Craig B-)
  If someone's response is helpful or correct, please mark it accordingly.

• Unable to access cisco asa via https or asdm!! connection interrupted message appears on the browser

  Hey guys,
  I am unable to access cisco asa device using https and cannot lunch asdm, after recent power failure at our location. I have asdm installed on my machine and whenever i try to access the asdm, receive Error: unable to lunch device manager from X.X.X.X The following is log from java console
  Trying for ASDM version file; url = https://x.x.x.x/admin/
  javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
  When i try to access it from the browser it show error message
  "The connection was interrupted"
  I am running CISCO ASA 8.3 (1)
  with asdm image as asdm 7.1.3
  JAVA version installed Java 7 update 71
  I have added the https:> to exception site list and set security level to medium,
  even ssh access is not working !!
  I would appreciate if anyone can help me out!!
  Thanks
  Fareed

  Hey lcaruso,
  thanks for information!!
  i was able to connection through console as suggested and regenerated the rsa key .. was able to connection through ssh, but the issue with the asdm or web access was not resolved. 
  I have tried few of the steps as suggested on 
  https://supportforums.cisco.com/document/49741/asa-pixfwsm-unable-manage-unit-sshtelnetasdm#collect_captures
  capture output 
  ZHHFP-FIREWALL1(config)# sh cap capin
  139 packets captured
     1: 18:50:17.654720 802.1Q vlan#1 P0 192.168.160.113.58084 > 192.168.160.126.8
  443: S 2567327150:2567327150(0) win 8192 <mss 1260,nop,wscale 8,nop,nop,sackOK>
     2: 18:50:17.654812 802.1Q vlan#1 P0 192.168.160.126.8443 > 192.168.160.113.58
  084: S 590825877:590825877(0) ack 2567327151 win 8192 <mss 1380>
     3: 18:50:17.655621 802.1Q vlan#1 P0 192.168.160.113.58084 > 192.168.160.126.8
  443: . ack 590825878 win 65520
     4: 18:50:17.656078 802.1Q vlan#1 P0 192.168.160.113.58084 > 192.168.160.126.8
  443: P 2567327151:2567327332(181) ack 590825878 win 65520
     5: 18:50:17.656139 802.1Q vlan#1 P0 192.168.160.126.8443 > 192.168.160.113.58
  084: . ack 2567327332 win 8192
     6: 18:50:17.656475 802.1Q vlan#1 P0 192.168.160.126.8443 > 192.168.160.113.58
  084: FP 590825878:590825878(0) ack 2567327332 win 8192
     7: 18:50:17.657696 802.1Q vlan#1 P0 192.168.160.113.58084 > 192.168.160.126.8
  443: . ack 590825879 win 65520
     8: 18:50:17.657802 802.1Q vlan#1 P0 192.168.160.113.58084 > 192.168.160.126.8
  443: F 2567327332:2567327332(0) ack 590825879 win 65520
     9: 18:50:17.657848 802.1Q vlan#1 P0 192.168.160.126.8443 > 192.168.160.113.58
  084: . ack 2567327333 win 8192
    10: 18:50:17.658108 802.1Q vlan#1 P0 192.168.160.113.58085 > 192.168.160.126.8
  443: S 1351758892:1351758892(0) win 8192 <mss 1260,nop,wscale 8,nop,nop,sackOK>
  also i have downgraded the java to 1.6_45 but still not luck.
  error message i received on java console
  Trying for IDM. url=https://x.x.x.x/idm/idm.jnlp/
  javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
  at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
  at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
  at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
  at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
  at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
  at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
  at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
  at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
  at com.cisco.launcher.w.a(Unknown Source)
  at com.cisco.launcher.s.for(Unknown Source)
  at com.cisco.launcher.s.new(Unknown Source)
  at com.cisco.launcher.s.access$000(Unknown Source)
  at com.cisco.launcher.s$2.a(Unknown Source)
  at com.cisco.launcher.g$2.run(Unknown Source)
  at java.lang.Thread.run(Unknown Source)
  Caused by: java.io.EOFException: SSL peer shut down incorrectly
  at sun.security.ssl.InputRecord.read(Unknown Source)
  ... 15 more
  Any help would be highly appreciated!!
  Thanks
  Fareed 

• Access via Proxy Server to App Store

  Hello,
  Is it possible to have access via our network and internet proxy by using the Cisco VN Client (Port 8080)?
  Has anyone done that before?
  Surfing in the internet works. When accessing the App Sore, the user / password has been requested again.
  After entering it, I do not get access.
  Any idea - why?
  Thanks and regards,
  Patrick

  Are you performing any filtering? Not only are components loading from *.apple.com but also streamhost.com (particularly the top app lists etc)

• VPN Access to an IP that can be accessed via EIGRP

  I have a question. I have a VPN that sits on the external interface using the IP of 10.5.79.X/20. I have a production network connected to a corporate network using MPLS and EIGRP to share the routes. The production network can access the corporate network, but the the VPN users can't. I need to be able to access anything on that network which is mainly a 172.18.0.0 summarized by EIGRP network. I had this working before, but can't get it working again about my Firewall dumped on me.
  ASA Version 8.4(2)
  hostname hp-asa-5510-DR
  enable password 1qF1n5PuI7A.2DV. encrypted
  passwd 1qF1n5PuI7A.2DV. encrypted
  names
  dns-guard
  interface Ethernet0/0
  speed 100
  duplex full
  nameif external
  security-level 0
  ip address *142.189.26 255.255.255.252
  interface Ethernet0/1
  nameif internal
  security-level 100
  ip address 10.5.64.6 255.255.240.0
  interface Ethernet0/1.1
  vlan 2
  nameif Guest
  security-level 90
  ip address 192.168.3.1 255.255.255.0
  interface Ethernet0/2
  shutdown
  no nameif
  no security-level
  no ip address
  interface Ethernet0/3
  shutdown
  no nameif
  no security-level
  no ip address
  interface Management0/0
  nameif management
  security-level 100
  ip address 192.168.1.1 255.255.255.0
  management-only
  boot system disk0:/asa842-k8.bin
  boot system disk0:/asa821-k8.bin
  ftp mode passive
  clock timezone CST -6
  clock summer-time CDT recurring
  dns domain-lookup external
  dns domain-lookup internal
  dns server-group DefaultDNS
  name-server 208.67.222.222
  dns server-group Guest
  name-server 10.5.64.197
  name-server 8.8.8.8
  same-security-traffic permit inter-interface
  same-security-traffic permit intra-interface
  object network obj-10.5.65.239
  host 10.5.65.239
  object network obj-10.5.65.253
  host 10.5.65.253
  object network obj-10.5.65.42
  host 10.5.65.42
  object network obj-10.5.65.219
  host 10.5.65.219
  object network obj_any
  subnet 0.0.0.0 0.0.0.0
  object network Cegedim
  subnet 10.5.250.0 255.255.255.248
  description dendrite site to site VPN
  object network dfb
  subnet 10.5.0.0 255.255.0.0
  object network lausanne
  subnet 192.168.250.0 255.255.255.0
  description Lausanne
  object network dfbgroup
  subnet 10.5.0.0 255.255.0.0
  object network DPT
  subnet 10.5.16.0 255.255.240.0
  object network hpbexch
  host 10.5.64.198
  object network hpbmsvpn
  host 10.5.64.196
  object network kacehost
  host 10.5.65.189
  object network hpbsentry
  host 10.5.64.194
  object network hpbMDM
  host 10.5.64.195
  object network hperoom
  host 10.5.65.211
  description healthpoint eroom server
  object network spintranet
  host 10.5.65.185
  description sharepoint intranet
  object network spsales
  host 10.5.65.194
  description sharepoint sales
  object network spteams
  host 10.5.65.183
  description sharepoint teams
  object network Guest
  subnet 192.168.3.0 255.255.255.0
  object network Crystal
  host 10.5.65.203
  object network ERPLN
  host 10.5.65.234
  object network ERPLNDB
  host 10.5.65.237
  object service dpt
  service tcp source range 1 65000 destination range 1 65000
  description dpt ports
  object network Documentum
  host 10.5.17.216
  object network DPTDocumentum
  host 10.5.17.216
  description Documentum
  object network EzDocs
  host 10.5.17.235
  description EzDocs
  object network Aerosol
  subnet 10.5.32.0 255.255.240.0
  object network Brooks
  subnet 10.5.128.0 255.255.240.0
  object network DPTScience
  subnet 10.5.48.0 255.255.240.0
  object network LakeWood
  subnet 10.5.80.0 255.255.240.0
  object network Plant
  subnet 10.5.0.0 255.255.240.0
  object network warehouse
  subnet 10.5.240.0 255.255.240.0
  object network NotesApps
  host 10.5.65.235
  object network DPTNotes
  host 10.5.17.246
  object network DNSServer
  host 10.5.64.197
  object network GuestNetwork
  subnet 192.168.3.0 255.255.255.0
  object network KACE
  host 10.5.65.189
  object network mdm2
  host 10.5.64.195
  object network guesterooms
  host 10.5.65.211
  object network DNSServer2
  host 10.5.64.199
  object network asa_LAN
  host 10.5.64.6
  object network guestspsales
  host 10.5.65.194
  object network JohnsonControlServer
  host 10.5.65.33
  description JC Server
  object network guestexchange
  host 10.5.64.198
  description Guest Exchange
  object network guestmobile2
  host 10.5.64.194
  object network DPTDocB
  host 10.5.17.215
  object-group service EDI tcp
  port-object eq 50080
  port-object eq 6080
  port-object eq www
  object-group service Exchange tcp
  port-object eq 587
  port-object eq www
  port-object eq https
  port-object eq smtp
  object-group service Lotus-Sametime tcp
  port-object eq 1503
  port-object eq 1516
  port-object eq 1533
  port-object eq 8081
  port-object range 8082 8084
  port-object range 9092 9094
  port-object eq www
  port-object eq https
  port-object eq lotusnotes
  port-object eq rtsp
  object-group protocol TCPUDP
  protocol-object udp
  protocol-object tcp
  object-group service VPN-MS tcp-udp
  port-object eq 1701
  port-object eq 1723
  port-object eq 4500
  port-object eq 500
  object-group network Verizon-Servers
  network-object 216.82.240.0 255.255.240.0
  network-object 85.158.136.0 255.255.248.0
  network-object 193.109.254.0 255.255.254.0
  network-object 194.106.220.0 255.255.254.0
  network-object 195.245.230.0 255.255.254.0
  network-object 62.231.131.0 255.255.255.0
  network-object 64.124.170.128 255.255.255.240
  network-object 212.125.74.44 255.255.255.255
  network-object 195.216.16.211 255.255.255.255
  object-group network FDA_SecureEmail
  network-object host 150.148.2.65
  network-object host 150.148.2.66
  object-group network Web-Server-Stuff
  network-object host 204.71.89.34
  network-object host 204.71.89.35
  network-object host 204.71.89.33
  network-object host 66.240.207.149
  network-object host 68.168.88.169
  network-object host 50.112.164.102
  object-group service DFB-eRoom tcp
  port-object eq www
  port-object eq https
  object-group network EDI-Customers
  network-object host 129.33.204.13
  network-object host 143.112.144.25
  network-object host 160.109.101.195
  network-object host 198.89.160.113
  network-object host 199.230.128.125
  network-object host 199.230.128.85
  network-object host 205.233.244.208
  network-object host 198.89.170.134
  network-object host 198.89.170.135
  network-object host 199.230.128.54
  object-group service MDM tcp
  description MobileIron ports
  port-object eq 9997
  port-object eq 9998
  port-object eq https
  object-group network OpenDNS
  description OpenDNS Servers
  network-object host 208.67.220.220
  network-object host 208.67.222.222
  network-object host 8.8.8.8
  network-object host 68.113.206.10
  object-group network healthpoint
  network-object 10.5.64.0 255.255.240.0
  object-group network vpnpool
  network-object 10.5.79.0 255.255.255.0
  object-group network dfb_group
  network-object object dfbgroup
  object-group network lausanne_group
  network-object 192.168.250.0 255.255.255.0
  object-group network DPTNetwork
  network-object object DPT
  network-object object Aerosol
  network-object object Brooks
  network-object object LakeWood
  network-object object Plant
  object-group network DM_INLINE_NETWORK_1
  network-object object Cegedim
  network-object object lausanne
  group-object DPTNetwork
  network-object object DPTNotes
  object-group service DFB-Allow tcp
  port-object eq 1025
  port-object eq 1119
  port-object eq 1120
  port-object range 1222 1225
  port-object eq 1433
  port-object eq 1503
  port-object eq 1516
  port-object eq 1533
  port-object range 16384 16403
  port-object eq 1755
  port-object eq 1919
  port-object eq 1935
  port-object range 2195 2196
  port-object eq 3050
  port-object eq 3080
  port-object eq 3101
  port-object eq 3244
  port-object eq 3264
  port-object eq 3306
  port-object eq 3389
  port-object eq 3724
  port-object eq 4000
  port-object eq 402
  port-object range 4080 4081
  port-object eq 4085
  port-object eq 50080
  port-object eq 5085
  port-object range 5220 5223
  port-object eq 5297
  port-object eq 5298
  port-object eq 5353
  port-object eq 5550
  port-object eq 5678
  port-object eq 58570
  port-object eq 5900
  port-object eq 6080
  port-object eq 6112
  port-object eq 6114
  port-object eq 6900
  port-object eq 7800
  port-object eq 8010
  port-object eq 8080
  port-object eq 8084
  port-object eq 81
  port-object eq 9081
  port-object eq 9090
  port-object eq 9997
  port-object eq aol
  port-object eq citrix-ica
  port-object eq echo
  port-object eq ftp
  port-object eq ftp-data
  port-object eq www
  port-object eq https
  port-object eq lotusnotes
  port-object eq rtsp
  port-object eq sip
  port-object eq sqlnet
  port-object eq ssh
  port-object eq 442
  object-group network webservers
  network-object host 204.71.89.34
  network-object host 204.71.89.35
  object-group network DM_INLINE_NETWORK_2
  network-object object KACE
  network-object object guesterooms
  network-object object guestspsales
  network-object object JohnsonControlServer
  network-object object mdm2
  object-group network DM_INLINE_NETWORK_3
  network-object host 10.5.65.230
  network-object host 10.5.65.232
  network-object object hpbexch
  object-group service DM_INLINE_TCP_1 tcp
  port-object eq www
  port-object eq https
  object-group service kace tcp
  port-object eq 52230
  port-object eq www
  port-object eq https
  port-object eq 445
  port-object eq netbios-ssn
  object-group service DM_INLINE_TCP_0 tcp
  port-object eq www
  port-object eq https
  object-group service DM_INLINE_SERVICE_1
  service-object ip
  service-object tcp destination eq www
  service-object tcp destination eq https
  object-group service DM_INLINE_TCP_2 tcp
  port-object eq www
  port-object eq https
  object-group network VLAN_Switches
  network-object host 192.168.10.10
  network-object host 192.168.10.11
  network-object host 192.168.10.12
  network-object host 192.168.10.13
  network-object host 192.168.10.14
  network-object host 192.168.10.15
  network-object host 192.168.10.16
  network-object host 192.168.10.17
  network-object host 192.168.10.1
  object-group network Crystal_ERP
  description Crystal Enterprise and Infor LN
  network-object object Crystal
  network-object object ERPLN
  network-object object ERPLNDB
  network-object object NotesApps
  object-group service DM_INLINE_SERVICE_2
  service-object ip
  service-object tcp destination eq www
  service-object tcp destination eq https
  object-group network GuestDNS
  description DNS Servers for Guest
  network-object object DNSServer
  network-object object DNSServer2
  object-group service DM_INLINE_TCP_3 tcp
  port-object eq 3389
  port-object eq 3390
  object-group network DM_INLINE_NETWORK_4
  group-object healthpoint
  group-object vpnpool
  access-list external_access_out extended permit object-group DM_INLINE_SERVICE_1 192.168.3.0 255.255.255.0 any
  access-list external_access_out remark Production ACL
  access-list external_access_out extended permit tcp any any object-group DFB-Allow
  access-list external_access_out extended permit icmp any any
  access-list external_access_out extended permit tcp any object-group Web-Server-Stuff
  access-list external_access_out remark Site to Site connections
  access-list external_access_out extended permit ip any object-group DM_INLINE_NETWORK_1
  access-list external_access_out extended permit udp any object-group OpenDNS eq domain
  access-list external_access_out extended permit ip object-group DM_INLINE_NETWORK_3 any
  access-list split standard permit 10.5.64.0 255.255.240.0
  access-list split standard permit 10.5.250.0 255.255.255.248
  access-list split standard permit 10.5.128.0 255.255.240.0
  access-list split standard permit 10.5.144.0 255.255.240.0
  access-list split standard permit 10.5.16.0 255.255.240.0
  access-list split standard permit 10.5.32.0 255.255.240.0
  access-list split standard permit 10.5.96.0 255.255.240.0
  access-list split standard permit 10.5.80.0 255.255.240.0
  access-list split standard permit 10.5.48.0 255.255.240.0
  access-list split standard permit 10.5.0.0 255.255.240.0
  access-list split remark lausanne
  access-list split standard permit 192.168.250.0 255.255.255.0
  access-list split standard permit 172.18.0.0 255.255.0.0
  access-list split remark HP
  access-list external_access_in extended permit object-group DM_INLINE_SERVICE_2 any 192.168.3.0 255.255.255.0
  access-list external_access_in remark Sharepoint
  access-list external_access_in extended permit tcp any object spsales object-group DM_INLINE_TCP_2
  access-list external_access_in remark Sharepoint
  access-list external_access_in extended permit tcp any object spteams object-group DM_INLINE_TCP_1
  access-list external_access_in remark Sharepoint
  access-list external_access_in extended permit tcp any object spintranet object-group DM_INLINE_TCP_0
  access-list external_access_in remark healthpoint erooms
  access-list external_access_in extended permit tcp any object hperoom object-group DFB-eRoom
  access-list external_access_in remark MDM2 VSP
  access-list external_access_in extended permit tcp any object hpbMDM object-group MDM
  access-list external_access_in remark New Sentry
  access-list external_access_in extended permit tcp any object hpbsentry eq https
  access-list external_access_in remark kace mgmt appliacne
  access-list external_access_in extended permit tcp any object kacehost object-group kace
  access-list external_access_in remark authentication server
  access-list external_access_in extended permit object-group TCPUDP any object hpbmsvpn object-group VPN-MS
  access-list external_access_in extended permit gre any object hpbmsvpn
  access-list external_access_in remark HPB.NET new forest Exchange
  access-list external_access_in extended permit tcp any object hpbexch object-group Exchange
  access-list external_access_in remark EDI Inbound
  access-list external_access_in extended permit tcp any host 10.5.65.42 object-group EDI
  access-list AnyConnect_Client_Local_Print extended deny ip any any
  access-list AnyConnect_Client_Local_Print extended permit tcp any any eq lpd
  access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol
  access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 631
  access-list AnyConnect_Client_Local_Print remark Windows' printing port
  access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 9100
  access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol
  access-list AnyConnect_Client_Local_Print extended permit udp any host 224.0.0.251 eq 5353
  access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name Resolution protocol
  access-list AnyConnect_Client_Local_Print extended permit udp any host 224.0.0.252 eq 5355
  access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol
  access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 137
  access-list AnyConnect_Client_Local_Print extended permit udp any any eq netbios-ns
  access-list external_cryptomap extended permit ip object-group healthpoint object Cegedim
  access-list external_cryptomap_1 extended permit ip object-group dfb_group object-group lausanne_group
  access-list external_cryptomap_2 extended permit ip object-group DM_INLINE_NETWORK_4 object-group DPTNetwork
  access-list Guest_access_in extended deny tcp 192.168.3.0 255.255.255.0 object-group GuestDNS object-group DM_INLINE_TCP_3 inactive
  access-list Guest_access_in extended permit ip 192.168.3.0 255.255.255.0 object-group GuestDNS inactive
  access-list Guest_access_in extended permit ip 192.168.3.0 255.255.255.0 object-group DM_INLINE_NETWORK_2
  access-list Guest_access_in extended deny ip 192.168.3.0 255.255.255.0 10.5.64.0 255.255.240.0
  access-list Guest_access_in extended permit ip 192.168.3.0 255.255.255.0 any
  access-list Guest_access_out extended permit ip any any inactive
  access-list Guest_access_out extended permit ip any 192.168.3.0 255.255.255.0
  no pager
  logging enable
  logging buffer-size 1045786
  logging asdm informational
  mtu external 1500
  mtu internal 1500
  mtu Guest 1500
  mtu management 1500
  ip local pool HPVPNClients 10.5.79.0-10.5.79.254 mask 255.255.255.0
  ip verify reverse-path interface external
  no failover
  icmp unreachable rate-limit 1 burst-size 1
  icmp permit any external
  icmp permit any internal
  asdm image disk0:/asdm-645.bin
  no asdm history enable
  arp external *142.189.93 0024.c4c0.4cc0
  arp timeout 14400
  nat (internal,external) source static dfb dfb destination static vpnpool vpnpool route-lookup
  nat (internal,external) source static dfb dfb destination static lausanne lausanne
  nat (internal,external) source static healthpoint healthpoint destination static Cegedim Cegedim
  nat (external,internal) source static DPTNetwork DPTNetwork destination static Crystal_ERP Crystal_ERP no-proxy-arp
  nat (internal,external) source static healthpoint healthpoint destination static DPTDocumentum DPTDocumentum unidirectional
  nat (internal,external) source static healthpoint healthpoint destination static DPTDocB DPTDocB unidirectional
  nat (internal,external) source static healthpoint healthpoint destination static EzDocs EzDocs unidirectional
  nat (internal,external) source static healthpoint healthpoint destination static DPTNotes DPTNotes unidirectional
  object network obj-10.5.65.239
  nat (internal,external) static *142.189.82
  object network obj-10.5.65.253
  nat (internal,external) static *142.189.83
  object network obj-10.5.65.42
  nat (internal,external) static *142.189.84
  object network obj-10.5.65.219
  nat (internal,external) static *142.189.87
  object network obj_any
  nat (internal,external) dynamic interface dns
  object network hpbexch
  nat (internal,external) static *142.189.91
  object network hpbmsvpn
  nat (internal,external) static *142.189.82
  object network kacehost
  nat (internal,external) static *142.189.90
  object network hpbsentry
  nat (internal,external) static *142.189.92
  object network hpbMDM
  nat (internal,external) static *142.189.93
  object network hperoom
  nat (internal,external) static *142.189.88
  object network spintranet
  nat (internal,external) static *142.189.85
  object network spsales
  nat (internal,external) static *142.189.89
  object network spteams
  nat (internal,external) static *142.189.94
  object network GuestNetwork
  nat (Guest,external) dynamic interface
  access-group external_access_in in interface external
  access-group external_access_out out interface external
  access-group Guest_access_in in interface Guest
  access-group Guest_access_out out interface Guest
  route external 0.0.0.0 0.0.0.0 *142.189.25 1
  route external 10.5.16.0 255.255.240.0 *142.189.25 1
  route external 10.5.32.0 255.255.240.0 *142.189.25 1
  route external 10.5.80.0 255.255.240.0 *142.189.25 1
  route external 10.5.128.0 255.255.240.0 *142.189.25 1
  route external 10.5.240.0 255.255.240.0 *142.189.25 1
  route external 10.5.250.0 255.255.255.248 *142.189.25 1
  route internal 172.18.0.0 255.255.255.255 10.5.64.1 1
  route external 192.168.250.0 255.255.255.0 *142.189.25 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  dynamic-access-policy-record DfltAccessPolicy
  aaa-server VPN-RADAuth protocol radius
  aaa-server VPN-RADAuth (internal) host 10.5.65.253
  key *****
  radius-common-pw *****
  aaa-server VPN-RADAuth (internal) host 10.5.65.240
  key *****
  aaa-server VPN-RADAuthHPB protocol radius
  aaa-server VPN-RADAuthHPB (internal) host 10.5.64.196
  key *****
  radius-common-pw *****
  user-identity default-domain LOCAL
  aaa authentication ssh console LOCAL
  http server enable
  http 192.168.1.0 255.255.255.0 management
  http 10.5.0.0 255.255.0.0 internal
  http 0.0.0.0 0.0.0.0 external
  http 0.0.0.0 0.0.0.0 internal
  snmp-server host internal 10.5.65.210 community ***** version 2c
  snmp-server location Healthpoint.Vickery
  snmp-server contact Jonathan Henry
  snmp-server community *****
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
  crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
  crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
  crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
  crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
  crypto ipsec ikev2 ipsec-proposal AES256
  protocol esp encryption aes-256
  protocol esp integrity sha-1 md5
  crypto ipsec ikev2 ipsec-proposal AES192
  protocol esp encryption aes-192
  protocol esp integrity sha-1 md5
  crypto ipsec ikev2 ipsec-proposal AES
  protocol esp encryption aes
  protocol esp integrity sha-1 md5
  crypto ipsec ikev2 ipsec-proposal 3DES
  protocol esp encryption 3des
  protocol esp integrity sha-1 md5
  crypto ipsec ikev2 ipsec-proposal DES
  protocol esp encryption des
  protocol esp integrity sha-1 md5
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
  crypto map external_map 1 match address external_cryptomap
  crypto map external_map 1 set peer 64.126.222.190
  crypto map external_map 1 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
  crypto map external_map 2 match address external_cryptomap_1
  crypto map external_map 2 set pfs
  crypto map external_map 2 set peer 109.164.216.164
  crypto map external_map 2 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
  crypto map external_map 3 match address external_cryptomap_2
  crypto map external_map 3 set peer 12.197.232.98
  crypto map external_map 3 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
  crypto map external_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
  crypto map external_map interface external
  crypto ca trustpoint _SmartCallHome_ServerCA
  crl configure
  crypto ca trustpoint ASDM_TrustPoint0
  keypair ASDM_TrustPoint0
  crl configure
  crypto ca certificate chain _SmartCallHome_ServerCA
  certificate ca 6ecc7aa5a7032009b8cebcf4e952d491
      308205ec 308204d4 a0030201 0202106e cc7aa5a7 032009b8 cebcf4e9 52d49130
      0d06092a 864886f7 0d010105 05003081 ca310b30 09060355 04061302 55533117
      30150603 55040a13 0e566572 69536967 6e2c2049 6e632e31 1f301d06 0355040b
      13165665 72695369 676e2054 72757374 204e6574 776f726b 313a3038 06035504
      0b133128 63292032 30303620 56657269 5369676e 2c20496e 632e202d 20466f72
      20617574 686f7269 7a656420 75736520 6f6e6c79 31453043 06035504 03133c56
      65726953 69676e20 436c6173 73203320 5075626c 69632050 72696d61 72792043
      65727469 66696361 74696f6e 20417574 686f7269 7479202d 20473530 1e170d31
      30303230 38303030 3030305a 170d3230 30323037 32333539 35395a30 81b5310b
      30090603 55040613 02555331 17301506 0355040a 130e5665 72695369 676e2c20
      496e632e 311f301d 06035504 0b131656 65726953 69676e20 54727573 74204e65
      74776f72 6b313b30 39060355 040b1332 5465726d 73206f66 20757365 20617420
      68747470 733a2f2f 7777772e 76657269 7369676e 2e636f6d 2f727061 20286329
      3130312f 302d0603 55040313 26566572 69536967 6e20436c 61737320 33205365
      63757265 20536572 76657220 4341202d 20473330 82012230 0d06092a 864886f7
      0d010101 05000382 010f0030 82010a02 82010100 b187841f c20c45f5 bcab2597
      a7ada23e 9cbaf6c1 39b88bca c2ac56c6 e5bb658e 444f4dce 6fed094a d4af4e10
      9c688b2e 957b899b 13cae234 34c1f35b f3497b62 83488174 d188786c 0253f9bc
      7f432657 5833833b 330a17b0 d04e9124 ad867d64 12dc744a 34a11d0a ea961d0b
      15fca34b 3bce6388 d0f82d0c 948610ca b69a3dca eb379c00 48358629 5078e845
      63cd1941 4ff595ec 7b98d4c4 71b350be 28b38fa0 b9539cf5 ca2c23a9 fd1406e8
      18b49ae8 3c6e81fd e4cd3536 b351d369 ec12ba56 6e6f9b57 c58b14e7 0ec79ced
      4a546ac9 4dc5bf11 b1ae1c67 81cb4455 33997f24 9b3f5345 7f861af3 3cfa6d7f
      81f5b84a d3f58537 1cb5a6d0 09e4187b 384efa0f 02030100 01a38201 df308201
      db303406 082b0601 05050701 01042830 26302406 082b0601 05050730 01861868
      7474703a 2f2f6f63 73702e76 65726973 69676e2e 636f6d30 12060355 1d130101
      ff040830 060101ff 02010030 70060355 1d200469 30673065 060b6086 480186f8
      45010717 03305630 2806082b 06010505 07020116 1c687474 70733a2f 2f777777
      2e766572 69736967 6e2e636f 6d2f6370 73302a06 082b0601 05050702 02301e1a
      1c687474 70733a2f 2f777777 2e766572 69736967 6e2e636f 6d2f7270 61303406
      03551d1f 042d302b 3029a027 a0258623 68747470 3a2f2f63 726c2e76 65726973
      69676e2e 636f6d2f 70636133 2d67352e 63726c30 0e060355 1d0f0101 ff040403
      02010630 6d06082b 06010505 07010c04 61305fa1 5da05b30 59305730 55160969
      6d616765 2f676966 3021301f 30070605 2b0e0302 1a04148f e5d31a86 ac8d8e6b
      c3cf806a d448182c 7b192e30 25162368 7474703a 2f2f6c6f 676f2e76 65726973
      69676e2e 636f6d2f 76736c6f 676f2e67 69663028 0603551d 11042130 1fa41d30
      1b311930 17060355 04031310 56657269 5369676e 4d504b49 2d322d36 301d0603
      551d0e04 1604140d 445c1653 44c1827e 1d20ab25 f40163d8 be79a530 1f060355
      1d230418 30168014 7fd365a7 c2ddecbb f03009f3 4339fa02 af333133 300d0609
      2a864886 f70d0101 05050003 82010100 0c8324ef ddc30cd9 589cfe36 b6eb8a80
      4bd1a3f7 9df3cc53 ef829ea3 a1e697c1 589d756c e01d1b4c fad1c12d 05c0ea6e
      b2227055 d9203340 3307c265 83fa8f43 379bea0e 9a6c70ee f69c803b d937f47a
      6decd018 7d494aca 99c71928 a2bed877 24f78526 866d8705 404167d1 273aeddc
      481d22cd 0b0b8bbc f4b17bfd b499a8e9 762ae11a 2d876e74 d388dd1e 22c6df16
      b62b8214 0a945cf2 50ecafce ff62370d ad65d306 4153ed02 14c8b558 28a1ace0
      5becb37f 954afb03 c8ad26db e6667812 4ad99f42 fbe198e6 42839b8f 8f6724e8
      6119b5dd cdb50b26 058ec36e c4c875b8 46cfe218 065ea9ae a8819a47 16de0c28
      6c2527b9 deb78458 c61f381e a4c4cb66
    quit
  crypto ca certificate chain ASDM_TrustPoint0
  certificate 4b54478c1754b7
      30820563 3082044b a0030201 0202074b 54478c17 54b7300d 06092a86 4886f70d
      01010505 003081ca 310b3009 06035504 06130255 53311030 0e060355 04081307
      4172697a 6f6e6131 13301106 03550407 130a5363 6f747473 64616c65 311a3018
      06035504 0a131147 6f446164 64792e63 6f6d2c20 496e632e 31333031 06035504
      0b132a68 7474703a 2f2f6365 72746966 69636174 65732e67 6f646164 64792e63
      6f6d2f72 65706f73 69746f72 79313030 2e060355 04031327 476f2044 61646479
      20536563 75726520 43657274 69666963 6174696f 6e204175 74686f72 69747931
      11300f06 03550405 13083037 39363932 3837301e 170d3131 30313036 31393533
      33395a17 0d313331 31323932 31343730 315a305b 311a3018 06035504 0a13112a
      2e686561 6c746870 6f696e74 2e636f6d 3121301f 06035504 0b131844 6f6d6169
      6e20436f 6e74726f 6c205661 6c696461 74656431 1a301806 03550403 13112a2e
      6865616c 7468706f 696e742e 636f6d30 82012230 0d06092a 864886f7 0d010101
      05000382 010f0030 82010a02 82010100 c6609ef2 c19c47e9 016ce654 d151146e
      5d213545 ca896f4e cbb2624c 5ea6d7f0 7f18a82b e441020b 74d6ebd4 b7ef34c9
      97b80ce0 6eb1c1cc 3b296909 8a0a2ad7 2473fb60 ff0c9320 ec9b3fe3 82a501c4
      3c3855bd e0822ce1 e1d1fb03 4609639f 9359653b 091b6b48 5ce22806 234a55e5
      6f80ebba cfb68a22 6cd1e64e 756f22b5 13a6178d 9ffcfbbb 5ca4b773 50089a8b
      7e966a23 d4711a49 44c101fc a6b68e26 6a8d57f3 2fed1f6f ce6b0535 498c5c97
      bf0577fa 9d9a1e37 4ff3b9f0 913dac74 3f4d26c9 09aac485 ccd5dfb9 7aa226e8
      89075829 eff0cf99 b642e679 5a9dfe74 e5899e30 e07b6bbf a92fab33 cb8d7f65
      1d974861 8b02d78b bc7908a9 e70b1b59 02030100 01a38201 ba308201 b6300f06
      03551d13 0101ff04 05300301 0100301d 0603551d 25041630 1406082b 06010505
      07030106 082b0601 05050703 02300e06 03551d0f 0101ff04 04030205 a0303306
      03551d1f 042c302a 3028a026 a0248622 68747470 3a2f2f63 726c2e67 6f646164
      64792e63 6f6d2f67 6473312d 32382e63 726c304d 0603551d 20044630 44304206
      0b608648 0186fd6d 01071701 30333031 06082b06 01050507 02011625 68747470
      733a2f2f 63657274 732e676f 64616464 792e636f 6d2f7265 706f7369 746f7279
      2f308180 06082b06 01050507 01010474 30723024 06082b06 01050507 30018618
      68747470 3a2f2f6f 6373702e 676f6461 6464792e 636f6d2f 304a0608 2b060105
      05073002 863e6874 74703a2f 2f636572 74696669 63617465 732e676f 64616464
      792e636f 6d2f7265 706f7369 746f7279 2f67645f 696e7465 726d6564 69617465
      2e637274 301f0603 551d2304 18301680 14fdac61 32936c45 d6e2ee85 5f9abae7
      769968cc e7302d06 03551d11 04263024 82112a2e 6865616c 7468706f 696e742e
      636f6d82 0f686561 6c746870 6f696e74 2e636f6d 301d0603 551d0e04 16041475
      346fa066 c4b0cb48 a6aaf4d5 d03124fd 1babaf30 0d06092a 864886f7 0d010105
      05000382 01010080 81fec403 103ecd08 88f17283 68154d3e 92da6355 58c50ea9
      b6d2a2d1 86428614 44b3f27b ae00352d 0339f481 22d2bc3c 1f7a8458 495a337f
      f939fa9d 76c9635c ac1f5452 8ec504ae 6c90dfc2 70e3b620 c34aedb3 12f8facd
      ce45e918 af358576 b6711324 f5d53b62 77c2bb0d 6ff7a26c 1863c7fe eae6ee42
      c1855066 e994db91 af755c47 b257545f ee29c6ab 57104a27 890f7f9c f95898c8
      ed30eda7 9e86ebd4 c6007d3b 640e2312 3875410b 79ddff84 11454b83 7126ebbb
      ce9c916a d5839e2b 095310e0 51e7e0cd d71c4830 ec1177c8 0407c147 afa2a33a
      d058fa1b de4b2771 8af206c6 27e17249 1afbd515 d3f2845d a3699196 a9a7044c
      5738a868 e01e59
    quit
  crypto ikev2 policy 1
  encryption aes-256
  integrity sha
  group 5 2
  prf sha
  lifetime seconds 86400
  crypto ikev2 policy 10
  encryption aes-192
  integrity sha
  group 5 2
  prf sha
  lifetime seconds 86400
  crypto ikev2 policy 20
  encryption aes
  integrity sha
  group 5 2
  prf sha
  lifetime seconds 86400
  crypto ikev2 policy 30
  encryption 3des
  integrity sha
  group 5 2
  prf sha
  lifetime seconds 86400
  crypto ikev2 policy 40
  encryption des
  integrity sha
  group 5 2
  prf sha
  lifetime seconds 86400
  crypto ikev1 enable external
  crypto ikev1 policy 1
  authentication pre-share
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 2
  authentication pre-share
  encryption 3des
  hash md5
  group 2
  lifetime 86400
  crypto ikev1 policy 3
  authentication pre-share
  encryption 3des
  hash sha
  group 1
  lifetime 86400
  crypto ikev1 policy 4
  authentication pre-share
  encryption 3des
  hash md5
  group 1
  lifetime 86400
  crypto ikev1 policy 10
  authentication crack
  encryption aes-256
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 20
  authentication rsa-sig
  encryption aes-256
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 30
  authentication pre-share
  encryption aes-256
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 40
  authentication crack
  encryption aes-192
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 50
  authentication rsa-sig
  encryption aes-192
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 60
  authentication pre-share
  encryption aes-192
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 70
  authentication crack
  encryption aes
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 80
  authentication rsa-sig
  encryption aes
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 90
  authentication pre-share
  encryption aes
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 100
  authentication crack
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 110
  authentication rsa-sig
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 130
  authentication crack
  encryption des
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 140
  authentication rsa-sig
  encryption des
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 150
  authentication pre-share
  encryption des
  hash sha
  group 2
  lifetime 86400
  telnet 10.5.0.0 255.255.0.0 internal
  telnet 192.168.1.0 255.255.255.0 management
  telnet timeout 5
  ssh 10.5.0.0 255.255.0.0 internal
  ssh timeout 5
  console timeout 0
  no vpn-addr-assign aaa
  no vpn-addr-assign dhcp
  dhcpd address 192.168.1.2-192.168.1.254 management
  dhcpd enable management
  threat-detection basic-threat
  threat-detection statistics port
  threat-detection statistics protocol
  threat-detection statistics access-list
  threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
  ntp server 10.5.65.242 source internal
  ssl trust-point ASDM_TrustPoint0 external
  webvpn
  enable external
  enable internal
  anyconnect-essentials
  anyconnect image disk0:/anyconnect-win-2.5.0217-k9.pkg 1
  anyconnect profiles HP_Basic disk0:/HP_Basic.xml
  anyconnect enable
  tunnel-group-list enable
  group-policy DfltGrpPolicy attributes
  vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-clientless
  group-policy GroupPolicy1 internal
  group-policy GroupPolicy1 attributes
  vpn-tunnel-protocol ikev1 ikev2
  group-policy HPVPN internal
  group-policy HPVPN attributes
  banner value You are now connected to Healthpoint, Ltd.
  wins-server none
  dns-server value 10.5.64.199 10.5.64.197
  dhcp-network-scope none
  vpn-idle-timeout none
  vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec ssl-client ssl-clientless
  ip-comp disable
  ipsec-udp enable
  split-tunnel-policy tunnelspecified
  split-tunnel-network-list value split
  default-domain value hpb.net
  split-dns none
  split-tunnel-all-dns disable
  user-authentication-idle-timeout none
  address-pools value HPVPNClients
  client-firewall none
  client-access-rule none
  webvpn
    anyconnect keep-installer installed
    anyconnect ssl compression none
    anyconnect profiles value HP_Basic type user
    anyconnect ask enable default anyconnect timeout 5
    http-comp none
  username bcline password Wpo.Polan03mKRJ9 encrypted privilege 15
  username jhenry password wX50UveiwuBH7p7v encrypted privilege 15
  username ittemp password zpQoWfp93rOS3NU7 encrypted privilege 5
  tunnel-group HPVPN type remote-access
  tunnel-group HPVPN general-attributes
  address-pool HPVPNClients
  authentication-server-group VPN-RADAuth
  authentication-server-group (external) VPN-RADAuth
  default-group-policy HPVPN
  password-management password-expire-in-days 3
  tunnel-group HPVPN webvpn-attributes
  group-alias HPVPN enable
  tunnel-group HPVPN ipsec-attributes
  ikev1 pre-shared-key *****
  tunnel-group 64.126.222.190 type ipsec-l2l
  tunnel-group 64.126.222.190 ipsec-attributes
  ikev1 pre-shared-key *****
  ikev2 remote-authentication pre-shared-key *****
  ikev2 local-authentication pre-shared-key *****
  tunnel-group 109.164.216.164 type ipsec-l2l
  tunnel-group 109.164.216.164 ipsec-attributes
  ikev1 pre-shared-key *****
  ikev2 remote-authentication pre-shared-key *****
  ikev2 local-authentication pre-shared-key *****
  tunnel-group 12.197.232.98 type ipsec-l2l
  tunnel-group 12.197.232.98 ipsec-attributes
  ikev1 pre-shared-key *****
  tunnel-group HPB type remote-access
  tunnel-group HPB general-attributes
  address-pool HPVPNClients
  authentication-server-group VPN-RADAuthHPB
  authentication-server-group (external) VPN-RADAuthHPB
  default-group-policy HPVPN
  password-management password-expire-in-days 3
  tunnel-group HPB webvpn-attributes
  group-alias HPB disable
  group-alias HPVPN_NEW enable
  tunnel-group HPB ipsec-attributes
  ikev1 pre-shared-key *****
  tunnel-group HPB ppp-attributes
  authentication ms-chap-v2
  class-map inspection_default
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum 512
    no dns-guard
  policy-map global_policy
  class inspection_default
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect sqlnet
    inspect skinny 
    inspect sunrpc
    inspect xdmcp
    inspect sip 
    inspect netbios
    inspect tftp
    inspect ip-options
    inspect icmp
    inspect dns
  service-policy global_policy global
  prompt hostname context
  service call-home
  call-home reporting anonymous
  call-home
  contact-email-addr
  profile CiscoTAC-1
    destination address
    destination address email [email protected]
    destination transport-method http
    subscribe-to-alert-group diagnostic
    subscribe-to-alert-group environment
    subscribe-to-alert-group inventory periodic monthly
    subscribe-to-alert-group configuration periodic monthly
    subscribe-to-alert-group telemetry periodic daily
  Cryptochecksum:f3c293700f62ee55af87105015fe4cd0
  : end

  You have to options:
  1. The router that is internal must have a static route to the ASA to reach the VPN networks and must have a distribute static so that other routers that form part of EIGRP know how to route to the VPN networks.
  2. You can configure on the ASA "set reverse-route" on the crypto map then configure EIGRP on the ASA and add redistribute static so that routes learned via VPN (considered static routes) can be pushed through EIGRP.

• Web-UI error message "Access via 'NULL' object reference not possible"

  I need some help, I'm not a Basis person but I need to get this connection problem resolve.
  This problem is in our DEV ICWeb system.  After logging in to Web-UI, I got a error message "Access via 'NULL' object reference not possible".  We have 3 clients (100, 220, & 310) in DEV and all 3 clients are giving me the same error message.
  From the help.sap.com, I found this topic http://help.sap.com/saphelp_nwes70/helpdata/en/84/43f0d786304e19a652a8f80909a8ec/content.htm
  but in the document it asked to go to SM59 to check the ESH_APPL_WS_TEMPLATEENGINE destination.  But we don't have that destination setup in all our systems.
  Here is the complete error message:
  Error when processing your request
  What has happened?
  The URL http://crm-dev.staff.copa:8000/sap/bc/bsp/sap/crm_ui_frame/BSPWDApplication.do was not called due to an error.
  Note
  ■The following error text was processed in the system CD1 : Access via 'NULL' object reference not possible.
  ■The error occurred on the application server CRM-DEV_CD1_00 and in the work process 0 .
  ■The termination type was: RABAX_STATE
  ■The ABAP call stack was:
  Method: GET_DATA_LOSS_HANDLER of program CL_CRM_UI_CORE_APPL_CONTROLLERCP
  Method: GET_DATA_LOSS_HANDLER of program CL_CRM_UI_CORE_APPL_CONTROLLERCP
  Method: EH_TRIGGER_NAVIGATION of program CL_CRM_UI_CORE_APPL_CONTROLLERCP
  Method: SET_WORKAREA_CONTENT of program CL_CRM_UI_CORE_APPL_CONTROLLERCP
  Method: PROCESS_NAV_QUEUE of program CL_BSP_WD_VIEW_MANAGER========CP
  Method: DO_INIT of program CL_CRM_UI_FRAME_APP_CONTROLLERCP
  Method: DO_INIT of program CL_BSP_CTRL_ADAPTER===========CP
  Method: GET_PAGE_CONTEXT_CURRENT of program CL_BSP_CONTEXT================CP
  Method: ON_REQUEST_ENTER of program CL_BSP_RUNTIME================CP
  Method: ON_REQUEST of program CL_BSP_RUNTIME================CP
  What can I do?
  ■If the termination type was RABAX_STATE, then you can find more information on the cause of the termination in the system CD1 in transaction ST22.
  ■If the termination type was ABORT_MESSAGE_STATE, then you can find more information on the cause of the termination on the application server CRM-DEV_CD1_00 in transaction SM21.

  Hi Michael,
  Refer to the link below and check the procedure.
  http://help.sap.com/saphelp_nwes70/helpdata/en/84/43f0d786304e19a652a8f80909a8ec/content.htm
  Regards,
  Arjun

• The following error text was processed in the system IDS : Access via 'NULL' object reference not possible.

  Hi all ,
  Im getting the below error , actually recently i created my own custom table zstudent, later i wrote select query to fetch data from the same and dump at internal table and then bind this to the table node.
  But im getting below error, even i removed the select query still same error is occuring.
  Error when processing your request
    What has happened?
  The URL http://********00.*****b.com:8000/sap/bc/webdynpro/sap/zdemo_student/ was not called due to an error.
  Note
  The following error text was processed in the system IDS : Access via 'NULL' object reference not possible.
  The error occurred on the application server axsids00_IDS_00 and in the work process 0 .
  The termination type was: RABAX_STATE
  The ABAP call stack was:
  Method: WDDOINIT of program /1BCWDY/YUSM2Q74A826Y0JY1I4V==CP
  Method: IF_WDR_COMPONENT_DELEGATE~WD_DO_INIT of program /1BCWDY/YUSM2Q74A826Y0JY1I4V==CP
  Method: DO_INIT of program CL_WDR_DELEGATING_COMPONENT===CP
  Method: INIT_CONTROLLER of program CL_WDR_CONTROLLER=============CP
  Method: INIT_CONTROLLER of program CL_WDR_COMPONENT==============CP
  Method: INIT of program CL_WDR_CONTROLLER=============CP
  Method: INIT of program CL_WDR_CLIENT_COMPONENT=======CP
  Method: INIT of program CL_WDR_CLIENT_APPLICATION=====CP
  Method: IF_WDR_RUNTIME~CREATE of program CL_WDR_MAIN_TASK==============CP
  Method: HANDLE_REQUEST of program CL_WDR_CLIENT_ABSTRACT_HTTP===CP

  Thanks Rama,
  Acutally i accidentally commented the lo_nd_student = wd_context ....etc
  this line was commented .
  i have one small requirement to fetch data from local customised table and fill the same to internal table and bind that to table node.
  my table node is student having attributes as name , city and number , all are of type strings.
  now i created one custom table zstudent having ID - char of length 10,
  name of type string
  city of type string
  num of type string
  i have inserted records
  but when i use select query to fill data from this zstudent to my internal table of type lt_student type wd_this->elements_student ,
  im getting same above error.

• Is it possible to have a VI "run when opened" when accessed via Internet Explorer?

  I am trying to get a remote panel application to "run when opened" when is accessed via Internet explorer. I have multiple remote panel licenses on the server and the VI is Re-entrant. The application works well except for this issue. Having the VI "Run When Opened" via IE is very important to the user. As is, when IE opens, the user must click on the panel image once to get the VI's attention and then again on the start arrow to run the program. Is there any way around this or a way to simplify the process?
  Thanks.
  Solved!
  Go to Solution.

  This is actually the intended operation of remote front panels, however, we can simplify the operation to meet closer with what your customer wants.  Basically, if you were to always have your program run in somewhat of an idle state, you can use the Application Control>>Property node for 'RemotePanel.ConnToClients' property to determine when a user is connected and run the proccess of the program as soon as a connection is detected.  When no connection is detected you could have the program run in an idle state.  The attached screenshot shows a general way to do this.  Have a good evening!
  -Bob
  -Bob
  Attachments:
  idle state.JPG ‏45 KB

• Getting error "Access via null" when running the web dynpro application

  Hi experts,
  I am getting the below error while executing my web dynpro application
  500 SAP Internal Server Error
  ERROR: Access via 'NULL' object reference not possible. (termination: RABAX_STATE)
  I am getting the error only when I am calling a method create manufacturer from my web dynpro program. If i comment this code my application works fine
  CALL METHOD wd_this->mo_ch_instance->create_manufacturer
    EXPORTING
      gi_manufacturer = ls_manufacturer
    IMPORTING
      lv_message      = lv_status
  i have created a attribute mo_ch_instance of type YSRM70CL_CH_SW_MD  where YSRM70CL_CH_SW_MD is the class which has the create_manufacturer method that i am using in my code.
  Kindly let me know whats the issue.
  Regards,
  Vinod

  Hi,
  if   wd_this->mo_ch_instance is not initial.
  CALL METHOD wd_this->mo_ch_instance->create_manufacturer
  EXPORTING
  gi_manufacturer = ls_manufacturer
  IMPORTING
  lv_message = lv_status
  endif.
  Check wether you have created the object for that class r not.
  Regards,
  Lekha.

• IC WEBCLIENT: Access via 'NULL' object reference not possible

  Hi,
  Iam working in ABAP, and learning CRM ABAP on CRM5.0 IDES Demo system I was trying to create a new WebIC by copying one view from CRM_IC to ZCRM_IC bsp application. Following are the steps I following according to Cook book documentation.
  1. I copied BuPaDisplayCustomer view and controller from CRM_IC to ZCRM_IC from
      BSP_WD_WORKBENCH by selecting CRM_IC and runtime profile = 'DEFAULT'.
  2. Created a runtime profile from SPRO->CRM->IC Webclient->Customer specific modifications->Define
     runtime profile.
  3. Copied the 'DEFAULT' runtime profile to my new profile 'Z_COOKBOOK'. Assign 'ZCRM_IC' by
     clicking on 'Controller and substitues'.
     BSP       Replaced Controller         BSP                 ReplacmentController
     CRM_IC BuPaMoreContactView    Z_CRM_IC         BuPaMoreContactView 
  4. Define IC Webclient profile:
      SPRO->CRM->IC Webclient->Define IC Webclient profile->Copy the DEFAULT profile and assign it to
      'Z_COOKBOOK',
  5. Assigned the Webclient profile to the user from t-code 'PPOMW'. Selected 'USER' from the 
      existing 'Position' and Goto->Detail object->Enhanced obj descrption.Selected IC webclient from the
     list and created Infotype assigned Webclient profile 'Z_COOKBOOK'.
  6. Execute the ZCRM_IC from SE80 by rightclick and Test. Here is my problem,Iam receiving the
     following error in the webpage.
       The following error text was processed in the system CR7 :
             Access via 'NULL' object reference not possible.
      The error occurred on the application server CR7_01 and in the work process 0 .
      The termination type was: RABAX_STATE
  The ABAP call stack was:
        Method: SET_MODELS of program CL_CRM_IC_BUPADISPCUSTOME=====CP
        Method: SET_MODELS of program CL_CRM_IC_BUPADISPCUSTOME=====CP
        Method: SET_MODELS of program CL_CRM_IC_BUPADISPCUSTOME_IMPLCP
        Method: DO_REQUEST of program CL_BSP_WD_VIEW_CONTROLLER=====CP
        Method: DO_REQUEST of program CL_BSP_CTRL_ADAPTER===========CP
        Method: ON_REQUEST of program CL_BSP_RUNTIME================CP
        Method: IF_HTTP_EXTENSION~HANDLE_REQUEST of program CL_HTTP_EXT_BSP===============CP
        Method: EXECUTE_REQUEST_FROM_MEMORY of program CL_HTTP_SERVER================CP
        Function: HTTP_DISPATCH_REQUEST of program SAPLHTTP_RUNTIME
        Module: %_HTTP_START of program SAPMHTTP
  I check the CRM services and all are active, using IE8 web browser. I just copied the view and controller
  from CRM_IC into Custom BSP application i.e., ZCRM_IC.
  Above error is occuring even If i run the standard CRM_IC BSP application and select one simple view.
  from SE80.
  Not sure whether any additional configuration or any special roles to be assigned to the Webclient profile.
  Thanks,
  Venn.

  hello swapna,
  we are facing the same error while accessing the leave request link, all jco are testing fine, i checked backend connection and its fine, please tel me how did u resolved that issue,
  Thanks in advance.....
  ajay