Unable to access homehub3 config
For some strange reason I'm unable to access the homehub3 config pages by the link bthomehub.home, I have rebooted the router and I get the same issues over wifi and wired. I just wanted to know if anyone else has had this issue and if so how did they fix it? It's not a big issue it’s just that I like to keep an eye on my connection time.
*The page just gives a time out/server not found in both firefox and IE*
Thanks in advance for help.
Solved!
Go to Solution.
Ah 192.168.1.254 works for the router config! thanks very much for your help, removing the google dns also works
Similar Messages
-
P7N Diamond, unable to access RAID Config during Boot
I've got a P7N Diamond motherboard, with 6 disks attached, one SSD (boot) and I recently installed 5 1.5TB disks as well. These I would like to run in RAID 5 mode. I've enabled RAID for those channels in the BIOS, but I am unable to access the RAID config that's supposed to be available during bootup. The system also has an ADAPTEC RAID 1430SA ROHS SINGLE PCI-E LP 4-PORT controller with two disks attached, could this be messing things up? (I DO get an option to access this RAID config, but it fails claiming too little free memory (!) (It's a system with 4GB installed)) In Windows 7, the 5 disks shows up in the NV Raid as "Free disks", but I'm not able to do anything with them except setting SMART info. In the Windows Disk management they don't show up at all.
So, anyone got any ideas on how to access the raid config (F10) during boot?
All suggestions appreciated
Thanks,
ZemThe error regarding "too little free memory" isn't related to system RAM but to bios ROM address space. As already stated, the Adaptec card is causing the conflict with the NV RAID controller bios. This is actually a very common issue when trying to run multiple disk controllers in a single system and isn't any fault of the mobo. There's only so much addressable space for BIOS to reside in.
You may be able to free up some address space by disabling the LAN Option (boot) ROM in CMOS and setting the JMicron controller to IDE instead of RAID. Even better would be to disable the JMicron controller entirely.
If, after doing so, the Adaptec controller is still not able to work with the NV controller in RAID mode, then I'm afraid you're out of luck. -
Wrt54g ver5, unable to access the config pages
wrt54g ver5
firmware ver 1.02.5
i am unable to access the internal web pages on wrt54g ver 5
can access the internet fine. it seems to be a memory corruption problem
i has been doing more and more timesSince the router works, it is doubtful (but still possible) that the firmware is corrupted. More likely there is another explanation for your problem. Here are my tips for viewing your router's web pages:
You do not need an Internet connection. The router's "web pages" are built into the router.
Use Internet Explorer, it usually works.
JavaScript must be enabled.
Use a computer that is wired to the router.
In the non-working computer, temporarily turn off your software firewall.
Point your browser to 192.168.1.1 , then login to your router. Your user name should be left blank. Your password is "admin" (with no quotes), unless you changed it.
If you are using Zone Alarm, right click on the ZA icon in the system tray (lower right corner of screen) and then click "Shutdown ZoneAlarm", and see if this fixes your problem. If this does not work, try the following with Zone Alarm: Open the ZAISS control center, go to Privacy, then temporarily turn off Ad Blocking and Cookie Control, and see if that fixes your problem.
Some Zone Alarm users have reported that adding 192.168.1.1 to their list of "trusted" addresses fixed the problem. This trick might also work with other firewalls.
If you are using Noton Internet Security with the Add-on Pack, be sure to turn off the Pop-up Blocker, and the Ad blocker. Some users have reported that they needed to uninstall the entire Norton Add-on Pack.
If you cannot get anything at 192.168.1.1 then perhaps this is not your router's address. Go to "Start" > All Programs > Accessories > Command Prompt.
A black DOS box will appear. Type in "ipconfig" (with no quotes), then hit the Enter key. Look at the "Default Gateway". Is it 192.168.1.1 ? Point your browser to the "Default Gateway", then login to your router.
If the above fails, disconnect your modem from the router, and try again. If this corrects your problem, then most likely you have a "modem-router" rather than an ordinary modem. Report back with this problem, and also state the make and exact model number of your modem (not the router).
If all of the above fails, power down your entire system, unplug it from the wall, wait one minute, then power up and try again.
If all of the above tips fail, then reset the router to factory defaults: Power down the router and disconnect all wires from it. Wait one minute. Power up the router, allow it to fully boot (1-2 minutes), then press and hold the reset button for 30 seconds, then release the button and allow the router to reset and reboot ( 2-3 minutes). Power down router. Wait one minute. Connect one computer, by wire, to a LAN port on the router. Boot up system. It should work.
If you still have trouble, then you need to download and install (or re-install) the latest firmware for your router. After the firmware upgrade, you must reset the router to factory defaults, then setup the router again from scratch. If you saved a router configuration file, DO NOT use it. -
Unable to access "Cache Hierarchy Server" config pages
BM 3.9 SP2
NetWare 6.5 SP8
In iManager I am unable to access the Cache Hierarachy Server/Client config pages.
In IE7 the page is just blank
In FireFox I get the error "The timer value cannot exceed 1 hour"
Does anybody know how to fix this - it is urgent!
Thank you in advancelaurabuckley,
It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Visit http://support.novell.com and search the knowledgebase and/or check all
the other self support options and support programs available.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.novell.com)
Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.novell.com/faq.php
If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Product Support Forums Team
http://forums.novell.com/ -
Unable to access applications in workspace,shared services
Hi ,
I am Unable to access applications in workspace and shared services on EPM 11.1.1.3. It happened after normal shutdown/startup scripts were run.
But when I reconfigure the Weblogic web server and run the services again I can access the applications.This is happening frequently now.
Is this anything related to user profiles on the server as we are migrating these to other server.
Can any one help me with this .
Please find the Shared services log below:
<22-Oct-2010 10:25:19 o'clock BST> <Notice> <WebLogicServer> <BEA-000395> <Following extensions directory contents added to the end of the classpath:
D:\bea\weblogic92\platform\lib\p13n\p13n-schemas.jar;D:\bea\weblogic92\platform\lib\p13n\p13n_common.jar;D:\bea\weblogic92\platform\lib\p13n\p13n_system.jar;D:\bea\weblogic92\platform\lib\wlp\netuix_common.jar;D:\bea\weblogic92\platform\lib\wlp\netuix_schemas.jar;D:\bea\weblogic92\platform\lib\wlp\netuix_system.jar;D:\bea\weblogic92\platform\lib\wlp\wsrp-common.jar>
<22-Oct-2010 10:25:21 o'clock BST> <Info> <WebLogicServer> <BEA-000377> <Starting WebLogic Server with BEA JRockit(R) Version R27.4.0-90_CR358515-94243-1.5.0_12-20080118-1154-windows-ia32 from BEA Systems, Inc.>
<22-Oct-2010 10:25:25 o'clock BST> <Info> <Management> <BEA-141107> <Version: WebLogic Server 9.2 MP3 Mon Mar 10 08:28:41 EDT 2008 1096261 >
<22-Oct-2010 10:25:29 o'clock BST> <Emergency> <Management> <BEA-141151> <The admin server could not be reached at http://localhost:7001.>
<22-Oct-2010 10:25:29 o'clock BST> <Info> <Configuration Management> <BEA-150018> <This server is being started in managed server independence mode in the absence of the admin server.>
<22-Oct-2010 10:25:29 o'clock BST> <Info> <WebLogicServer> <BEA-000215> <Loaded License : D:\bea\license.bea>
<22-Oct-2010 10:25:29 o'clock BST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STARTING>
<22-Oct-2010 10:25:29 o'clock BST> <Info> <WorkManager> <BEA-002900> <Initializing self-tuning thread pool>
<22-Oct-2010 10:25:30 o'clock BST> <Notice> <Log Management> <BEA-170019> <The server log file D:\Hyperion\deployments\WebLogic9\servers\SharedServices9\logs\SharedServices9.log is opened. All server side log events will be written to this file.>
<22-Oct-2010 10:25:47 o'clock BST> <Notice> <Security> <BEA-090082> <Security initializing using security realm myrealm.>
<22-Oct-2010 10:25:57 o'clock BST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STANDBY>
<22-Oct-2010 10:25:57 o'clock BST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STARTING>
log dir isD:\Hyperion\logs\SharedServices9
urlManifest zip:D:/Hyperion/deployments/temp/servers/SharedServices9/tmp/_WL_user/interop/tthmcu/war/WEB-INF/lib/interop-mmc.jar!/META-INF/MANIFEST.MF
Shared Services Version: 11.1.1.3.24
Shared Services Drop Number: 6
Attempting to verify the database configuration
Attempting to verify the database configuration
Database configuration test passed.
22 Oct 2010 10:26:38 - org.apache.slide.common.Domain - INFO - Auto-Initializing Domain
22 Oct 2010 10:26:38 - org.apache.slide.common.Domain - INFO - Configuration found in classpath
22 Oct 2010 10:26:38 - org.apache.slide.common.Domain - INFO - Domain configuration : {org.apache.slide.lock=true, org.apache.slide.versioncontrol=true, org.apache.slide.debug=false, org.apache.slide.search=true, org.apache.slide.security=true, org.apache.slide.urlEncoding=UTF-8, org.apache.slide.domain=D:/Hyperion/deployments/WebLogic9/SharedServices9/config/Domain.xml}
configURL: file:///D:/Hyperion/deployments/WebLogic9/SharedServices9/config/CSS.xml
Done initialize: com.hyperion.css.CSSAPIImpl@283baf
connection pool registered:dbcpPool-org.apache.commons.pool.impl.GenericObjectPool@27efaa
connection pool registered:dbcpPool-org.apache.commons.pool.impl.GenericObjectPool@454a3b
CMSOfflineServlet Initialized
Adding audit listener
Shared Services Initialized Successfully
<22-Oct-2010 10:26:56 o'clock BST> <Warning> <Log Management> <BEA-170011> <The LogBroadcaster on this server failed to broadcast log messages to the admin server. The Admin server may not be running. Message broadcasts to the admin server will be disabled.>
<22-Oct-2010 10:26:56 o'clock BST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to ADMIN>
<22-Oct-2010 10:26:56 o'clock BST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to RESUMING>
<22-Oct-2010 10:26:57 o'clock BST> <Notice> <Security> <BEA-090171> <Loading the identity certificate and private key stored under the alias hyperion from the jks keystore file D:\hyperion_SSL_Repository\hyperion.jks.>
<22-Oct-2010 10:26:58 o'clock BST> <Notice> <Security> <BEA-090169> <Loading trusted certificates from the jks keystore file D:\bea\JROCKI~1\jre\lib\security\cacerts.>
<22-Oct-2010 10:26:58 o'clock BST> <Notice> <Server> <BEA-002613> <Channel "DefaultSecure" is now listening on 10.86.57.43:28443 for protocols iiops, t3s, ldaps, https.>
<22-Oct-2010 10:26:58 o'clock BST> <Notice> <Server> <BEA-002613> <Channel "DefaultSecure[1]" is now listening on 10.87.248.108:28443 for protocols iiops, t3s, ldaps, https.>
<22-Oct-2010 10:26:58 o'clock BST> <Notice> <Server> <BEA-002613> <Channel "DefaultSecure[2]" is now listening on 127.0.0.1:28443 for protocols iiops, t3s, ldaps, https.>
<22-Oct-2010 10:26:58 o'clock BST> <Warning> <Server> <BEA-002611> <Hostname "127.0.0.1", maps to multiple IP addresses: 10.86.57.43, 10.87.248.108, 127.0.0.1>
<22-Oct-2010 10:26:58 o'clock BST> <Warning> <Server> <BEA-002611> <Hostname "LGWHYPWEB.uk.baa.com", maps to multiple IP addresses: 10.86.57.43, 10.87.248.108, 127.0.0.1>
<22-Oct-2010 10:26:58 o'clock BST> <Notice> <WebLogicServer> <BEA-000358> <Started WebLogic Independent Managed Server "SharedServices9" for domain "WebLogic9" running in Production Mode>
<22-Oct-2010 10:26:58 o'clock BST> <Warning> <Server> <BEA-002611> <Hostname "LGWWEB026.uk.baa.com", maps to multiple IP addresses: 10.86.57.43, 10.87.248.108, 127.0.0.1>
<22-Oct-2010 10:26:58 o'clock BST> <Warning> <JMX> <BEA-149510> <Unable to establish JMX Connectivity with the Adminstration Server AdminServer at <JMXServiceURL:null>.>
<22-Oct-2010 10:26:58 o'clock BST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to RUNNING>
<22-Oct-2010 10:26:58 o'clock BST> <Notice> <WebLogicServer> <BEA-000360> <Server started in RUNNING mode>
<22-Oct-2010 10:27:08 o'clock BST> <Warning> <Security> <BEA-090475> <Plaintext data for protocol HTTP was received from peer LGWHYPWEB.uk.baa.com - 10.86.57.43 instead of an SSL handshake.>
<22-Oct-2010 10:28:36 o'clock BST> <Warning> <Security> <BEA-090475> <Plaintext data for protocol HTTP was received from peer lgwdbs026.uk.baa.com - 10.86.41.33 instead of an SSL handshake.>
22-Oct-2010 10:28:38, /files, HEAD, 401 "Unauthorized", 125 ms, %v
22-Oct-2010 10:28:38, /files, HEAD, 200 "OK", 266 ms, %v
22-Oct-2010 10:28:40, /files, HEAD, 401 "Unauthorized", 16 ms, %v
22-Oct-2010 10:28:41, /files, HEAD, 200 "OK", 94 ms, %v
22-Oct-2010 10:28:42, /files, HEAD, 401 "Unauthorized", 0 ms, %v
22-Oct-2010 10:28:42, /files, HEAD, 200 "OK", 93 ms, %v
22-Oct-2010 10:28:43, /files, HEAD, 401 "Unauthorized", 0 ms, %v
22-Oct-2010 10:28:43, /files, HEAD, 200 "OK", 94 ms, %v
22-Oct-2010 10:28:44, /files, HEAD, 401 "Unauthorized", 0 ms, %v
22-Oct-2010 10:28:44, /files, HEAD, 200 "OK", 78 ms, %v
22-Oct-2010 10:28:45, /files, HEAD, 401 "Unauthorized", 0 ms, %v
22-Oct-2010 10:28:45, /files, HEAD, 200 "OK", 93 ms, %v
22-Oct-2010 10:28:47, /files, HEAD, 401 "Unauthorized", 0 ms, %v
22-Oct-2010 10:28:47, /files, HEAD, 200 "OK", 78 ms, %v
22-Oct-2010 10:28:48, /files, HEAD, 401 "Unauthorized", 0 ms, %v
22-Oct-2010 10:28:48, /files, HEAD, 200 "OK", 78 ms, %v
<22-Oct-2010 10:29:40 o'clock BST> <Warning> <Security> <BEA-090475> <Plaintext data for protocol HTTP was received from peer lgwapp026.uk.baa.com - 10.86.51.104 instead of an SSL handshake.>
<22-Oct-2010 10:30:16 o'clock BST> <Warning> <Security> <BEA-090475> <Plaintext data for protocol HTTP was received from peer lgwapp026.uk.baa.com - 10.86.51.104 instead of an SSL handshake.>
<22-Oct-2010 10:32:25 o'clock BST> <Warning> <Security> <BEA-090475> <Plaintext data for protocol HTTP was received from peer LGWHYPWEB.uk.baa.com - 10.86.57.43 instead of an SSL handshake.>
22-Oct-2010 10:32:43, /files, HEAD, 401 "Unauthorized", 0 ms, %v
22-Oct-2010 10:32:43, /files, HEAD, 200 "OK", 78 ms, %v
22-Oct-2010 10:32:44, /files, HEAD, 401 "Unauthorized", 0 ms, %v
22-Oct-2010 10:32:44, /files, HEAD, 200 "OK", 63 ms, %v
22-Oct-2010 10:32:45, /files, HEAD, 401 "Unauthorized", 0 ms, %v
22-Oct-2010 10:32:45, /files, HEAD, 200 "OK", 63 ms, %v
<22-Oct-2010 10:32:46 o'clock BST> <Warning> <Security> <BEA-090475> <Plaintext data for protocol HTTP was received from peer LGWHYPWEB.uk.baa.com - 10.86.57.43 instead of an SSL handshake.>
<22-Oct-2010 10:34:00 o'clock BST> <Warning> <Security> <BEA-090475> <Plaintext data for protocol HTTP was received from peer LGWHYPWEB.uk.baa.com - 10.86.57.43 instead of an SSL handshake.>
<22-Oct-2010 10:35:28 o'clock BST> <Warning> <Security> <BEA-090475> <Plaintext data for protocol HTTP was received from peer LGWHYPWEB.uk.baa.com - 10.86.57.43 instead of an SSL handshake.>
log dir isD:\Hyperion\logs\SharedServices9
urlManifest zip:D:/Hyperion/deployments/temp/servers/SharedServices9/tmp/_WL_user/interop/tthmcu/war/WEB-INF/lib/interop-mmc.jar!/META-INF/MANIFEST.MF
Shared Services Version: 11.1.1.3.24
Shared Services Drop Number: 6
Populating Application Info
Getting LCM callback info from Registry for product: HUB
LCM Callback: https://LGWWEB026.uk.baa.com:28443/interop/framework/lcm/HSSMigration
Populating Product Info
Thanks in advance
Edited by: 790426 on 25-Oct-2010 06:17You must first check if you have configured the web server to include the hfm/planning products.
Then you can refer to the thread below:
Not able to see Consolidation Administration
The latter definitely applies to version 9.3.1, but it could be helpful. -
Unable to access/lan2lan ping from VPN Fortigate to Cisco ASA 5505
Problem : Unable to access user A to user B
User A --- router A (122, fortigate 80c) --- (Site to Site VPN between fortigate & cisco asa) --- router B (93, cisco Asa 5505{in front asa got cisco800[81] before to internet} ) --- User B
After using wizard to configure the cisco ASA site to site VPN, the site-to-site tunnel is up.
Ping is unsuccessful from user A to user B
Ping is successful from user B to user A, data is accessable
After done the packet tracer from user A to user B,
Result :
Flow-lookup
Action : allow
Info: Found no matching flow, creating a new flow
Route-lookup
Action : allow
Info : 192.168.5.203 255.255.255.255 identity
Access-list
Action : drop
Config Implicit Rule
Result - The packet is dropped
Input Interface : inside
Output Interface : NP Identify Ifc
Info: (acl-drop)flow is denied by configured rule
Below is Cisco ASA 5505's show running-config
ASA Version 8.2(1)
hostname Asite
domain-name ssms1.com
enable password ZZZZ encrypted
passwd WWWW encrypted
names
name 82 B-firewall description Singapore office firewall
name 192.168.1.0 B-inside-subnet description Singapore office internal LAN IP
name 192.168.200.0 A-inside-VLAN12 description A-inside-VLAN12 (fortinet)
name 192.168.2.0 fw-inside-subnet description A office internal LAN IP
name 122 A-forti
interface Vlan1
nameif inside
security-level 100
ip address 192.168.5.203 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 93 255.255.255.240
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/7
ftp mode passive
dns server-group DefaultDNS
domain-name ssms1.com
object-group network obj_any
network-object 0.0.0.0 0.0.0.0
access-list inside_nat0_outbound extended permit ip any 80 255.255.255.240
access-list inside_nat0_outbound extended permit ip fw-inside-subnet 255.255.255.0 B-inside-subnet 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.5.0 255.255.255.0 A-inside-VLAN12 255.255.255.0
access-list outside_cryptomap extended permit ip fw-inside-subnet 255.255.255.0 B-inside-subnet 255.255.255.0
access-list Outside_nat-inbound extended permit ip A-inside-VLAN12 255.255.255.0 192.168.5.0 255.255.255.0
access-list Outside_nat-inbound extended permit ip host A-forti 192.168.5.0 255.255.255.0
access-list outside_1_cryptomap extended permit ip 192.168.5.0 255.255.255.0 A-inside-VLAN12 255.255.255.0
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-631.bin
no asdm history enable
arp timeout 14400
global (outside) 101 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 101 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 81 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http B-inside-subnet 255.255.255.0 inside
http fw-inside-subnet 255.255.255.0 inside
http 0.0.0.0 255.255.255.255 outside
http 0.0.0.0 0.0.0.0 outside
http 192.168.5.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set pfs
crypto map outside_map 1 set peer A-forti
crypto map outside_map 1 set transform-set ESP-3DES-SHA
crypto map outside_map 2 match address outside_cryptomap
crypto map outside_map 2 set peer B-firewall
crypto map outside_map 2 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 20
authentication pre-share
encryption aes-192
hash md5
group 2
lifetime 86400
crypto isakmp policy 30
authentication pre-share
encryption aes-256
hash md5
group 2
lifetime 86400
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
dhcpd address 192.168.5.10-192.168.5.20 inside
dhcpd dns 165 165 interface inside
dhcpd enable inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
group-policy DfltGrpPolicy attributes
vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn
username admin password XXX encrypted privilege 15
tunnel-group 122 type ipsec-l2l
tunnel-group 122 ipsec-attributes
pre-shared-key *
class-map inspection_default
match default-inspection-traffic
class-map outside-class
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
message-length maximum client auto
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect icmp
policy-map outside-policy
description ok
class outside-class
inspect dns
inspect esmtp
inspect ftp
inspect h323 h225
inspect h323 ras
inspect icmp
inspect icmp error
inspect netbios
inspect rsh
inspect rtsp
inspect sip
inspect skinny
inspect sqlnet
inspect sunrpc
inspect tftp
inspect xdmcp
service-policy global_policy global
service-policy outside-policy interface outside
prompt hostname context
Cryptochecksum: XXX
: end
Kindly need your expertise&help to solve the problemany1 can help me ?
-
ASA 5505 unable to access ASDM ( just needs some ports ope and FWDing setup)
I was able to access the ASDM launcher in the browser yesterday via https://192.168.111.1/admin and I was stuck there as the browser version says that my ASA image does not work with my ASDM version... So i tried some trouble shooting and think that i may have changed the image to an image that does not exist. (I'm not sure where it is that I would actually place that image either) Now i am unable to access through the browser at all.
Anyways, I am ok with SSH/CLI and have been using my firewall in this manner. I am walking into this companies current configuration and simply need to do the following:
I need to OPEN ports 9000, 85, 40085, 49005 so that my mobile device can pull my security cameras in the office
I need to set port forwarding so that any connections that hit outside-in ip address 205.214.36.53:1610 >>> http://192.168.111.30:1610/AndroidWS/ for our new mobile CRM.
I have been through some of your related discussions and am falling short somewhere. Please help
here is my "show run" and my "dir"
ciscoasa(config)# show run
: Saved
ASA Version 9.0(2)
hostname ciscoasa
domain-name scec.local
enable password ol40hHpZTtZQFXMJ encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd ol40hHpZTtZQFXMJ encrypted
names
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif INSIDE
security-level 100
ip address 192.168.111.1 255.255.255.0
interface Vlan2
nameif OUTSIDE
security-level 0
ip address 205.214.236.50 255.255.255.240
boot system disk0:/asa902-k8.bin
boot system disk0:/asa825-k8.bin
boot system disk0:/asa831-k8.bin
ftp mode passive
dns domain-lookup INSIDE
dns domain-lookup OUTSIDE
dns server-group DefaultDNS
name-server 192.168.111.50
name-server 8.8.8.8
domain-name scec.local
object network LAN
subnet 192.168.111.0 255.255.255.0
object network SERVER1
host 192.168.111.50
object network SERVER1_PUBLIC
host 205.214.236.51
object network SERVER2
host 192.168.111.20
object network SERVER2_PUBLIC
host 205.214.236.52
object network SERVER3
host 192.168.111.30
object network SERVER3_PUBLIC
host 205.214.236.53
object network SERVER4
host 192.168.111.40
object network SERVER4_PUBLIC
host 205.214.236.54
object network SERVER5
host 192.168.111.10
object network SERVER5_PUBLIC
host 205.214.236.55
object-group service SERVER1_PORTS tcp
port-object eq www
port-object eq https
port-object eq smtp
port-object eq pop3
port-object eq imap4
port-object eq 3389
object-group service SERVER2_PORTS tcp
port-object eq 3389
object-group service SERVER3_PORTS tcp
port-object eq 3389
object-group service SERVER4_PORTS tcp
port-object eq 3389
object-group service SERVER5_PORTS tcp
port-object eq 3389
port-object eq www
port-object eq https
access-list OUTSIDE_IN extended deny ip 10.0.0.0 255.0.0.0 any log
access-list OUTSIDE_IN extended deny ip 172.16.0.0 255.240.0.0 any log
access-list OUTSIDE_IN extended deny ip 192.168.0.0 255.255.0.0 any log
access-list OUTSIDE_IN extended deny ip 127.0.0.0 255.0.0.0 any log
access-list OUTSIDE_IN extended deny ip 0.0.0.0 255.255.255.0 any log
access-list OUTSIDE_IN extended deny ip 244.0.0.0 255.255.255.240 any log
access-list OUTSIDE_IN extended deny ip host 255.255.255.255 any log
access-list OUTSIDE_IN extended permit icmp any any echo-reply
access-list OUTSIDE_IN extended permit icmp any any time-exceeded
access-list OUTSIDE_IN extended permit icmp any any unreachable
access-list OUTSIDE_IN extended permit tcp any object SERVER1 object-group SERVER1_PORTS
access-list OUTSIDE_IN extended permit tcp any object SERVER2 object-group SERVER2_PORTS
access-list OUTSIDE_IN extended permit tcp any object SERVER3 object-group SERVER3_PORTS
access-list OUTSIDE_IN extended permit tcp any object SERVER4 object-group SERVER4_PORTS
access-list OUTSIDE_IN extended permit tcp any object SERVER5 object-group SERVER5_PORTS
access-list inside-out extended permit ip any any
pager lines 24
logging asdm informational
mtu INSIDE 1500
mtu OUTSIDE 1500
ip audit name OUTSIDE_ATTACK attack action alarm drop
ip audit name OUTSIDE_INFO info action alarm
ip audit name INSIDE_ATTACK attack action alarm drop reset
ip audit name INSIDE_INFO info action alarm
ip audit interface INSIDE INSIDE_INFO
ip audit interface OUTSIDE OUTSIDE_INFO
ip audit interface OUTSIDE OUTSIDE_ATTACK
ip audit signature 2000 disable
ip audit signature 2001 disable
ip audit signature 2004 disable
ip audit signature 2005 disable
ip audit signature 6051 disable
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-509.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (INSIDE,OUTSIDE) source static SERVER1 SERVER1_PUBLIC
nat (INSIDE,OUTSIDE) source static SERVER2 SERVER2_PUBLIC
nat (INSIDE,OUTSIDE) source static SERVER3 SERVER3_PUBLIC
nat (INSIDE,OUTSIDE) source static SERVER4 SERVER4_PUBLIC
nat (INSIDE,OUTSIDE) source static SERVER5 SERVER5_PUBLIC
object network LAN
nat (INSIDE,OUTSIDE) dynamic interface
access-group inside-out in interface INSIDE
access-group OUTSIDE_IN in interface OUTSIDE
route OUTSIDE 0.0.0.0 0.0.0.0 205.214.236.49 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
aaa authentication enable console LOCAL
aaa authorization exec LOCAL
http server enable
http 0.0.0.0 0.0.0.0 INSIDE
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 INSIDE
ssh 0.0.0.0 0.0.0.0 OUTSIDE
ssh timeout 5
ssh version 2
console timeout 0
dhcpd option 3 ip 192.168.111.1
dhcpd address 192.168.111.100-192.168.111.200 INSIDE
dhcpd dns 192.168.111.50 8.8.8.8 interface INSIDE
dhcpd enable INSIDE
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
username wti password OIEBfkGT1DRShCnN encrypted privilege 15
username admin password g/t7o/eHDKMomDrS encrypted privilege 15
username vpnuser password 8DcFkqJ9hi39UQw. encrypted privilege 15
username sysadmin password mi1AUI982JWkJuWt encrypted
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:6dd04d2527e7929343ebd090969e18a1
: end
ciscoasa(config)# dir
Directory of disk0:/
148 -rwx 15390720 09:08:54 Jul 31 2013 asa825-k8.bin
149 -rwx 27611136 09:43:48 Oct 31 2013 asa902-k8.bin
150 -rwx 2048 00:00:00 Jan 01 1980 FSCK0000.REC
20 drwx 2048 09:12:16 Jul 31 2013 coredumpinfo
151 -rwx 16280544 09:14:46 Jul 31 2013 asdm-645.bin
10 drwx 2048 09:19:42 Jul 31 2013 log
19 drwx 2048 09:20:08 Jul 31 2013 crypto_archive
153 -rwx 14240396 14:14:18 Jun 11 2014 asdm-631.bin
154 -rwx 4096 00:00:00 Jan 01 1980 FSCK0001.REC
155 -rwx 12998641 09:20:28 Jul 31 2013 csd_3.5.2008-k9.pkg
156 drwx 2048 09:20:30 Jul 31 2013 sdesktop
157 -rwx 6487517 09:20:32 Jul 31 2013 anyconnect-macosx-i386-2.5.2014-k9.pkg
158 -rwx 6689498 09:20:36 Jul 31 2013 anyconnect-linux-2.5.2014-k9.pkg
159 -rwx 4678691 09:20:38 Jul 31 2013 anyconnect-win-2.5.2014-k9.pkg
160 -rwx 4096 00:00:00 Jan 01 1980 FSCK0002.REC
161 -rwx 4096 00:00:00 Jan 01 1980 FSCK0003.REC
162 -rwx 4096 00:00:00 Jan 01 1980 FSCK0004.REC
163 -rwx 6144 00:00:00 Jan 01 1980 FSCK0005.REC
164 -rwx 6144 00:00:00 Jan 01 1980 FSCK0006.REC
165 -rwx 6144 00:00:00 Jan 01 1980 FSCK0007.REC
166 -rwx 22528 00:00:00 Jan 01 1980 FSCK0008.REC
167 -rwx 38912 00:00:00 Jan 01 1980 FSCK0009.REC
168 -rwx 34816 00:00:00 Jan 01 1980 FSCK0010.REC
169 -rwx 43008 00:00:00 Jan 01 1980 FSCK0011.REC
170 -rwx 2048 00:00:00 Jan 01 1980 FSCK0012.REC
171 -rwx 26624 00:00:00 Jan 01 1980 FSCK0013.REC
172 -rwx 2048 00:00:00 Jan 01 1980 FSCK0014.REC
173 -rwx 26624 00:00:00 Jan 01 1980 FSCK0015.REC
174 -rwx 2048 00:00:00 Jan 01 1980 FSCK0016.REC
175 -rwx 2505 09:46:08 Oct 31 2013 8_2_5_0_startup_cfg.sav
176 -rwx 1189 09:46:12 Oct 31 2013 upgrade_startup_errors_201310310946.log
177 -rwx 100 16:42:40 Jun 10 2014 upgrade_startup_errors_201406101642.log
178 -rwx 100 14:52:26 Jun 11 2014 upgrade_startup_errors_201406111452.log
127004672 bytes total (21886976 bytes free)
Please let me know if you need any other information from me so that i can get our mobile devices to connect to the new CRM from outside the network and allow the owner access on his mobile device to the company cameras.
************** (NOTE: I can do both of these things currently from within the network without any issues)*************
THANKSJgreene -
This doesn't specifically answer your question, but if you want to get ASDM functionality back you need to load a newer version onto flash memory and then point the ASA to that with the configuration command:
asdm image disk0:/asdm-version.bin
You are running ASA Version 9.0(2) so you need at least version 7 of ASDM to support that. Interestingly enough your "asdm image" statement in your config points to asdm-509.bin and you have asdm-631.bin and asdm-645.bin on flash. None of those will work. I suggest loading up asdm-721.bin and changing the asdm image statement accordingly. I am pretty sure a reboot is required after that is done.
Good Luck!
-Jeff -
Unable to access cisco asa via https or asdm!! connection interrupted message appears on the browser
Hey guys,
I am unable to access cisco asa device using https and cannot lunch asdm, after recent power failure at our location. I have asdm installed on my machine and whenever i try to access the asdm, receive Error: unable to lunch device manager from X.X.X.X The following is log from java console
Trying for ASDM version file; url = https://x.x.x.x/admin/
javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
When i try to access it from the browser it show error message
"The connection was interrupted"
I am running CISCO ASA 8.3 (1)
with asdm image as asdm 7.1.3
JAVA version installed Java 7 update 71
I have added the https:> to exception site list and set security level to medium,
even ssh access is not working !!
I would appreciate if anyone can help me out!!
Thanks
FareedHey lcaruso,
thanks for information!!
i was able to connection through console as suggested and regenerated the rsa key .. was able to connection through ssh, but the issue with the asdm or web access was not resolved.
I have tried few of the steps as suggested on
https://supportforums.cisco.com/document/49741/asa-pixfwsm-unable-manage-unit-sshtelnetasdm#collect_captures
capture output
ZHHFP-FIREWALL1(config)# sh cap capin
139 packets captured
1: 18:50:17.654720 802.1Q vlan#1 P0 192.168.160.113.58084 > 192.168.160.126.8
443: S 2567327150:2567327150(0) win 8192 <mss 1260,nop,wscale 8,nop,nop,sackOK>
2: 18:50:17.654812 802.1Q vlan#1 P0 192.168.160.126.8443 > 192.168.160.113.58
084: S 590825877:590825877(0) ack 2567327151 win 8192 <mss 1380>
3: 18:50:17.655621 802.1Q vlan#1 P0 192.168.160.113.58084 > 192.168.160.126.8
443: . ack 590825878 win 65520
4: 18:50:17.656078 802.1Q vlan#1 P0 192.168.160.113.58084 > 192.168.160.126.8
443: P 2567327151:2567327332(181) ack 590825878 win 65520
5: 18:50:17.656139 802.1Q vlan#1 P0 192.168.160.126.8443 > 192.168.160.113.58
084: . ack 2567327332 win 8192
6: 18:50:17.656475 802.1Q vlan#1 P0 192.168.160.126.8443 > 192.168.160.113.58
084: FP 590825878:590825878(0) ack 2567327332 win 8192
7: 18:50:17.657696 802.1Q vlan#1 P0 192.168.160.113.58084 > 192.168.160.126.8
443: . ack 590825879 win 65520
8: 18:50:17.657802 802.1Q vlan#1 P0 192.168.160.113.58084 > 192.168.160.126.8
443: F 2567327332:2567327332(0) ack 590825879 win 65520
9: 18:50:17.657848 802.1Q vlan#1 P0 192.168.160.126.8443 > 192.168.160.113.58
084: . ack 2567327333 win 8192
10: 18:50:17.658108 802.1Q vlan#1 P0 192.168.160.113.58085 > 192.168.160.126.8
443: S 1351758892:1351758892(0) win 8192 <mss 1260,nop,wscale 8,nop,nop,sackOK>
also i have downgraded the java to 1.6_45 but still not luck.
error message i received on java console
Trying for IDM. url=https://x.x.x.x/idm/idm.jnlp/
javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
at com.cisco.launcher.w.a(Unknown Source)
at com.cisco.launcher.s.for(Unknown Source)
at com.cisco.launcher.s.new(Unknown Source)
at com.cisco.launcher.s.access$000(Unknown Source)
at com.cisco.launcher.s$2.a(Unknown Source)
at com.cisco.launcher.g$2.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: java.io.EOFException: SSL peer shut down incorrectly
at sun.security.ssl.InputRecord.read(Unknown Source)
... 15 more
Any help would be highly appreciated!!
Thanks
Fareed -
Unable to access secondary subnet via VPN
I am having a problem with clients accessing a secondary subnet via VPN.
Clients on VPN are given the address on the 192.168.15.0 subnet. Once connected they can access 192.168.16.0 (Production subnet) fine, but are unable to access the 192.168.8.0 secondary subnet. If you are on the 192.168.16.0 subnet in the office you can access 192.168.8.0 subnet fine. The traffic is coming in via an ASA 5510 then traverses a Juniper firewall and a MPLS router to the secondary subnet. I'm not sure if it's a nat issue or not. Any help would be helpful.
Below is the config of the ASA. Thank you in advance
ASA Version 8.2(5)
hostname charlotte
domain-name tg.local
enable password v4DuEgO1ZTlkUiaA encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
name 192.168.254.0 Peak10 description Peak10
name 192.168.116.0 Charlotte_Phones description Charlotte_Phones
name 192.168.15.0 Charlotte_SSL_VPN_Clients description Charlotte_SSL_VPN_Client s
name 192.168.17.0 Charlotte_Wireless_Data description Charlotte_Wireless_Data
name 192.168.117.0 Charlotte_Wireless_Phones description Charlotte_Wireless_Phon es
name 192.168.5.0 Huntersville description Huntersville
name 192.168.16.1 SRX_Gateway description Juniper_SRX
name 192.168.108.0 Canton_Data description Canton_Data
name 192.168.8.0 Canton_Phones description Canton_Phones
name 192.168.9.0 Canton_Wireless_Data description Canton_Wireless_Data
name 192.168.109.0 Canton_Wireless_Phones description Canton_Wireless_Phones
name 192.168.16.4 TEST_IP description TEST_IP
name 192.168.16.2 CantonGW description Canton GW 192.168.16.2
name 192.168.5.1 HuntersvilleGW
name 10.176.0.0 RS_Cloud description 10.176.0.0/12
name 172.16.8.0 RS_172.16.8.0
name 172.16.48.0 RS_172.16.48.0
name 172.16.52.0 RS_172.16.52.0
name 10.208.0.0 RS_Cloud_New
name 10.178.0.0 RS_10.178.0.0 description Rackspace DEV servers
name 10.178.0.6 RS_10.178.0.6
name 172.16.20.0 RS_172.16.20.0
interface Ethernet0/0
nameif Outside
security-level 0
ip address 70.63.165.219 255.255.255.248
interface Ethernet0/1
nameif Inside
security-level 100
ip address 192.168.16.202 255.255.255.0
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
banner login ASA Login - Unauthorized access is prohibited
banner login ASA Login - Unauthorized access is prohibited
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns domain-lookup Outside
dns domain-lookup Inside
dns domain-lookup management
dns server-group DefaultDNS
name-server 192.168.16.122
name-server 8.8.8.8
domain-name tg.local
dns server-group defaultdns
name-server 192.168.16.122
domain-name tg.local
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group network DM_INLINE_NETWORK_2
network-object Charlotte_SSL_VPN_Clients 255.255.255.0
network-object 192.168.16.0 255.255.255.0
network-object Canton_Phones 255.255.255.0
object-group network DM_INLINE_NETWORK_3
network-object Charlotte_SSL_VPN_Clients 255.255.255.0
network-object Huntersville 255.255.255.0
object-group network DM_INLINE_NETWORK_4
network-object Charlotte_SSL_VPN_Clients 255.255.255.0
network-object Huntersville 255.255.255.0
object-group network DM_INLINE_NETWORK_10
network-object RS_Cloud 255.240.0.0
network-object 172.16.0.0 255.255.252.0
network-object RS_172.16.8.0 255.255.252.0
network-object RS_172.16.48.0 255.255.252.0
network-object RS_172.16.52.0 255.255.252.0
network-object RS_Cloud_New 255.240.0.0
network-object RS_10.178.0.0 255.255.0.0
network-object RS_172.16.20.0 255.255.252.0
network-object 172.16.0.0 255.255.0.0
network-object Canton_Phones 255.255.255.0
object-group network DM_INLINE_NETWORK_7
network-object RS_Cloud 255.240.0.0
network-object 172.16.0.0 255.255.252.0
network-object RS_172.16.8.0 255.255.252.0
network-object RS_172.16.48.0 255.255.240.0
network-object RS_172.16.52.0 255.255.252.0
network-object RS_Cloud_New 255.240.0.0
network-object RS_10.178.0.0 255.255.0.0
network-object RS_172.16.20.0 255.255.252.0
network-object 172.16.0.0 255.255.0.0
object-group network DM_INLINE_NETWORK_8
network-object Charlotte_SSL_VPN_Clients 255.255.255.0
network-object 192.168.16.0 255.255.255.0
network-object Charlotte_Wireless_Data 255.255.255.0
network-object Canton_Data 255.255.255.0
network-object Canton_Phones 255.255.255.0
object-group network DM_INLINE_NETWORK_9
network-object Charlotte_SSL_VPN_Clients 255.255.255.0
network-object 192.168.16.0 255.255.255.0
network-object Charlotte_Wireless_Data 255.255.255.0
network-object Canton_Data 255.255.255.0
network-object Canton_Phones 255.255.255.0
object-group network DM_INLINE_NETWORK_11
network-object Charlotte_SSL_VPN_Clients 255.255.255.0
network-object 192.168.16.0 255.255.255.0
network-object Charlotte_Wireless_Data 255.255.255.0
object-group network DM_INLINE_NETWORK_12
network-object RS_Cloud 255.240.0.0
network-object 172.16.0.0 255.255.252.0
network-object RS_172.16.8.0 255.255.252.0
network-object RS_172.16.20.0 255.255.252.0
network-object 172.16.0.0 255.255.0.0
object-group network DM_INLINE_NETWORK_13
network-object Charlotte_SSL_VPN_Clients 255.255.255.0
network-object 192.168.16.0 255.255.255.0
network-object Charlotte_Wireless_Data 255.255.255.0
network-object Canton_Phones 255.255.255.0
network-object Canton_Data 255.255.255.0
network-object Canton_Wireless_Data 255.255.255.0
object-group network DM_INLINE_NETWORK_14
network-object RS_Cloud 255.240.0.0
network-object RS_172.16.48.0 255.255.252.0
network-object RS_172.16.52.0 255.255.252.0
network-object RS_Cloud_New 255.240.0.0
network-object RS_10.178.0.0 255.255.0.0
network-object RS_172.16.20.0 255.255.252.0
network-object 172.16.0.0 255.255.0.0
network-object 172.16.0.0 255.255.252.0
object-group network DM_INLINE_NETWORK_5
network-object Charlotte_SSL_VPN_Clients 255.255.255.0
network-object 192.168.16.0 255.255.255.0
network-object Charlotte_Wireless_Data 255.255.255.0
network-object Canton_Phones 255.255.255.0
network-object Canton_Data 255.255.255.0
network-object Canton_Wireless_Data 255.255.255.0
object-group network DM_INLINE_NETWORK_6
network-object RS_Cloud 255.240.0.0
network-object RS_Cloud_New 255.240.0.0
network-object 172.16.0.0 255.255.252.0
network-object RS_172.16.8.0 255.255.252.0
network-object RS_172.16.20.0 255.255.252.0
network-object 172.16.0.0 255.255.0.0
network-object Canton_Phones 255.255.255.0
object-group network tgnc074.tg.local
object-group icmp-type DM_INLINE_ICMP_1
icmp-object echo
icmp-object echo-reply
icmp-object traceroute
icmp-object unreachable
object-group service DM_INLINE_SERVICE_1
service-object ip
service-object tcp eq https
object-group icmp-type DM_INLINE_ICMP_2
icmp-object echo
icmp-object echo-reply
icmp-object traceroute
icmp-object unreachable
object-group service DM_INLINE_SERVICE_2
service-object ip
service-object icmp echo
service-object icmp echo-reply
service-object icmp traceroute
service-object icmp unreachable
object-group service DM_INLINE_SERVICE_3
service-object ip
service-object icmp echo
service-object icmp echo-reply
object-group network DM_INLINE_NETWORK_1
network-object Charlotte_SSL_VPN_Clients 255.255.255.0
object-group service DM_INLINE_SERVICE_4
service-object ip
service-object icmp echo
service-object icmp echo-reply
service-object icmp traceroute
service-object icmp unreachable
object-group service DM_INLINE_SERVICE_5
service-object ip
service-object icmp echo
service-object icmp echo-reply
service-object icmp traceroute
service-object icmp unreachable
object-group network DM_INLINE_NETWORK_15
network-object Canton_Data 255.255.255.0
network-object host CantonGW
object-group service DM_INLINE_SERVICE_6
service-object ip
service-object icmp echo
service-object icmp echo-reply
service-object icmp traceroute
service-object icmp unreachable
object-group service DM_INLINE_SERVICE_7
service-object ip
service-object icmp echo
service-object icmp echo-reply
service-object icmp traceroute
service-object icmp unreachable
access-list Inside_access_in extended permit object-group DM_INLINE_SERVICE_2 Ch arlotte_SSL_VPN_Clients 255.255.255.0 any
access-list Inside_access_in extended permit object-group DM_INLINE_SERVICE_5 ho st SRX_Gateway Charlotte_SSL_VPN_Clients 255.255.255.0
access-list Inside_access_in extended permit object-group DM_INLINE_SERVICE_7 Ch arlotte_SSL_VPN_Clients 255.255.255.0 host SRX_Gateway
access-list Inside_access_in extended permit icmp any any object-group DM_INLINE _ICMP_1
access-list Inside_access_in remark Permit all in Char_ORD_VPN
access-list Inside_access_in extended permit ip object-group DM_INLINE_NETWORK_7 object-group DM_INLINE_NETWORK_8
access-list Inside_access_in remark Permit all out Char_ORD_VPN
access-list Inside_access_in extended permit object-group DM_INLINE_SERVICE_1 ob ject-group DM_INLINE_NETWORK_9 object-group DM_INLINE_NETWORK_10
access-list Inside_access_in extended permit ip Charlotte_SSL_VPN_Clients 255.25 5.255.0 any
access-list Inside_access_in remark Permit all in Char_ORD_VPN
access-list Inside_access_in remark Permit all out Char_ORD_VPN
access-list Inside_access_in extended permit ip object-group DM_INLINE_NETWORK_9 object-group DM_INLINE_NETWORK_10 log disable
access-list Tunneled_Network_List standard permit 192.168.16.0 255.255.255.0
access-list Tunneled_Network_List standard permit Charlotte_Phones 255.255.255.0
access-list Tunneled_Network_List standard permit Charlotte_Wireless_Data 255.25 5.255.0
access-list Tunneled_Network_List standard permit Charlotte_Wireless_Phones 255. 255.255.0
access-list Tunneled_Network_List standard permit Peak10 255.255.255.0
access-list Tunneled_Network_List standard permit Canton_Data 255.255.255.0
access-list Tunneled_Network_List standard permit Canton_Phones 255.255.255.0
access-list Tunneled_Network_List standard permit Canton_Wireless_Data 255.255.2 55.0
access-list Tunneled_Network_List standard permit Canton_Wireless_Phones 255.255 .255.0
access-list Tunneled_Network_List standard permit Huntersville 255.255.255.0
access-list Tunneled_Network_List standard permit 172.16.0.0 255.255.252.0
access-list Tunneled_Network_List standard permit RS_172.16.8.0 255.255.252.0
access-list Tunneled_Network_List standard permit RS_Cloud 255.240.0.0
access-list Tunneled_Network_List standard permit RS_Cloud_New 255.240.0.0
access-list Tunneled_Network_List standard permit RS_172.16.20.0 255.255.252.0
access-list Tunneled_Network_List standard permit Charlotte_SSL_VPN_Clients 255. 255.255.0
access-list Tunneled_Network_List standard permit 172.16.0.0 255.255.0.0
access-list Inside_nat0_outbound extended permit ip Charlotte_SSL_VPN_Clients 25 5.255.255.0 object-group DM_INLINE_NETWORK_2
access-list Inside_nat0_outbound extended permit ip object-group DM_INLINE_NETWO RK_11 object-group DM_INLINE_NETWORK_12
access-list Inside_nat0_outbound extended permit ip object-group DM_INLINE_NETWO RK_5 object-group DM_INLINE_NETWORK_6
access-list Inside_nat0_outbound extended permit ip object-group DM_INLINE_NETWO RK_1 object-group DM_INLINE_NETWORK_2
access-list Limited_Access extended permit ip Charlotte_SSL_VPN_Clients 255.255. 255.0 host TEST_IP
access-list Limited__VPN_Acccess_List standard permit host 192.168.16.123
access-list Limited__VPN_Acccess_List standard permit Huntersville 255.255.255.0
access-list Limited__VPN_Acccess_List standard permit host 192.168.16.124
access-list Limited__VPN_Acccess_List standard permit 192.168.16.0 255.255.255.0
access-list Limited__VPN_Acccess_List standard permit host 172.16.8.52
access-list Limited__VPN_Acccess_List standard permit Canton_Phones 255.255.255. 0
access-list Limited__VPN_Acccess_List remark ORD-VM-DEV1
access-list Limited__VPN_Acccess_List standard permit host RS_10.178.0.6
access-list Limited__VPN_Acccess_List remark ORD-VM-DEV2
access-list Limited__VPN_Acccess_List standard permit host 10.178.192.103
access-list Limited__VPN_Acccess_List standard permit host 192.168.8.10
access-list Limited__VPN_Acccess_List standard permit RS_172.16.8.0 255.255.252. 0
access-list Limited__VPN_Acccess_List standard permit 172.16.0.0 255.255.0.0
access-list Limited__VPN_Acccess_List standard permit host 10.178.133.26
access-list Limited__VPN_Acccess_List standard permit RS_Cloud_New 255.240.0.0
access-list Limited__VPN_Acccess_List standard permit host CantonGW
access-list Limited__VPN_Acccess_List standard permit host SRX_Gateway
access-list Limited__VPN_Acccess_List standard permit host 192.168.8.1
access-list Limited__VPN_Acccess_List standard permit RS_Cloud 255.240.0.0
access-list Limited__VPN_Acccess_List standard permit any
access-list Limited__VPN_Acccess_List remark TGTFS
access-list Limited__VPN_Acccess_List remark TGDEV
access-list Limited__VPN_Acccess_List remark TGTFS
access-list Limited__VPN_Acccess_List remark TGDEV
access-list Outside_cryptomap extended permit ip 192.168.16.0 255.255.255.0 Huntersville 255.255.255.0
access-list Outside_cryptomap extended permit ip Huntersville 255.255.255.0 Charlotte_SSL_VPN_Clients 255.255.255.0
access-list Huntersville_nat_outbound extended permit ip Charlotte_SSL_VPN_Clients 255.255.255.0 Huntersville 255.255.255.0
access-list Huntersville_nat_outbound extended permit ip Huntersville 255.255.255.0 Charlotte_SSL_VPN_Clients 255.255.255.0
access-list Huntersville_nat_outbound extended permit ip Canton_Phones 255.255.255.0 Charlotte_SSL_VPN_Clients 255.255.255.0
access-list Huntersville_nat_outbound extended permit ip Charlotte_SSL_VPN_Clients 255.255.255.0 Canton_Phones 255.255.255.0
access-list Outside_2_cryptomap extended permit ip object-group DM_INLINE_NETWORK_5 object-group DM_INLINE_NETWORK_6
access-list Outside_cryptomap_1 extended permit ip object-group DM_INLINE_NETWORK_13 object-group DM_INLINE_NETWORK_14
access-list Outside_access_in extended permit icmp any any object-group DM_INLINE_ICMP_2 log disable
access-list Outside_access_in extended permit object-group DM_INLINE_SERVICE_3 any Charlotte_SSL_VPN_Clients 255.255.255.0
access-list Outside_access_in extended permit ip Huntersville 255.255.255.0 any log disable
access-list Outside_access_in extended permit ip Charlotte_SSL_VPN_Clients 255.255.255.0 any log disable
access-list Outside_access_in extended permit object-group DM_INLINE_SERVICE_4 host SRX_Gateway Charlotte_SSL_VPN_Clients 255.255.255.0 inactive
access-list Outside_cryptomap_2 extended permit ip object-group DM_INLINE_NETWORK_5 object-group DM_INLINE_NETWORK_6
access-list Outside_cryptomap_2 extended permit ip 192.168.16.0 255.255.255.0 RS_172.16.20.0 255.255.252.0
access-list Canton_nat_outbound extended permit object-group DM_INLINE_SERVICE_6 Charlotte_SSL_VPN_Clients 255.255.255.0 object-group DM_INLINE_NETWORK_15
access-list splitacl standard permit 192.168.16.0 255.255.255.0
pager lines 24
logging enable
logging console emergencies
logging monitor informational
logging asdm informational
mtu Outside 1500
mtu Inside 1500
mtu management 1500
ip local pool SSL_VPN_Pool 192.168.15.10-192.168.15.254 mask 255.255.255.0
ip local pool New_VPN_Pool 192.168.16.50-192.168.16.200 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
icmp permit any Inside
no asdm history enable
arp timeout 14400
nat (Outside) 0 access-list Huntersville_nat_outbound
nat (Inside) 0 access-list Inside_nat0_outbound
access-group Outside_access_in in interface Outside
access-group Inside_access_in in interface Inside
route Outside 0.0.0.0 0.0.0.0 70.63.165.217 1
route Inside Canton_Phones 255.255.255.0 CantonGW 1
route Inside Canton_Wireless_Data 255.255.255.0 CantonGW 1
route Inside Charlotte_SSL_VPN_Clients 255.255.255.0 SRX_Gateway 1
route Inside Charlotte_Wireless_Data 255.255.255.0 SRX_Gateway 1
route Inside Canton_Data 255.255.255.0 CantonGW 1
route Inside Canton_Wireless_Phones 255.255.255.0 CantonGW 1
route Inside Charlotte_Phones 255.255.255.0 SRX_Gateway 1
route Inside 192.168.116.219 255.255.255.255 CantonGW 1
route Inside Charlotte_Wireless_Phones 255.255.255.0 SRX_Gateway 1
route Inside Peak10 255.255.255.0 SRX_Gateway 1
timeout xlate 3:00:00
timeout conn 8:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
dynamic-access-policy-record TGAD_AccessPolicy
aaa-server TGAD protocol ldap
aaa-server TGAD (Inside) host 192.168.16.122
ldap-base-dn DC=tg,DC=local
ldap-scope subtree
ldap-naming-attribute sAMAccountName
ldap-login-password *****
ldap-login-dn CN=vpn user,CN=Users,DC=tg,DC=local
server-type microsoft
aaa authentication ssh console LOCAL
aaa authentication enable console LOCAL
aaa authentication http console LOCAL
aaa authentication serial console LOCAL
aaa authentication telnet console LOCAL
aaa local authentication attempts max-fail 10
http server enable
http 192.168.1.0 255.255.255.0 management
http 192.168.16.0 255.255.255.0 Inside
http Charlotte_SSL_VPN_Clients 255.255.255.0 Inside
no snmp-server location
no snmp-server contact
snmp-server community *****
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map Outside_map0 1 match address Outside_cryptomap
crypto map Outside_map0 1 set pfs
crypto map Outside_map0 1 set peer 74.218.175.168
crypto map Outside_map0 1 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map Outside_map0 2 match address Outside_cryptomap_2
crypto map Outside_map0 2 set peer 192.237.229.119
crypto map Outside_map0 2 set transform-set ESP-3DES-MD5
crypto map Outside_map0 3 match address Outside_cryptomap_1
crypto map Outside_map0 3 set peer 174.143.192.65
crypto map Outside_map0 3 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map Outside_map0 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map Outside_map0 interface Outside
crypto map Inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map Inside_map interface Inside
crypto ca trustpoint ASDM_TrustPoint0
enrollment self
subject-name CN=charlotte
crl configure
crypto ca trustpoint ASDM_TrustPoint1
enrollment self
subject-name CN=charlotte
proxy-ldc-issuer
crl configure
crypto ca certificate chain ASDM_TrustPoint1
certificate 48676150
3082024c 308201b5 a0030201 02020448 67615030 0d06092a 864886f7 0d010105
05003038 31123010 06035504 03130963 6861726c 6f747465 31223020 06092a86
4886f70d 01090216 13636861 726c6f74 74652e74 68696e6b 67617465 301e170d
31323039 32353038 31373333 5a170d32 32303932 33303831 3733335a 30383112
30100603 55040313 09636861 726c6f74 74653122 30200609 2a864886 f70d0109
02161363 6861726c 6f747465 2e746869 6e6b6761 74653081 9f300d06 092a8648
86f70d01 01010500 03818d00 30818902 8181008e d3e1ac63 a8a39dab 02170491
2bf104d2 732c7fd7 7065758b 03bb9772 c8ab9faf 0e5e9e93 bfb57eea a849c875
7899d261 8d426c37 9749d3d7 c86ca8e0 1d978069 3d43e7c5 569bb738 37e9bb31
0ebd5065 01eb7a05 87933d2d 786a722e 8eee16e7 3207510b f5e7e704 cbddbda2
a6b9ae45 efaba898 b8c921b6 2b05c0fb 1b0a9b02 03010001 a3633061 300f0603
551d1301 01ff0405 30030101 ff300e06 03551d0f 0101ff04 04030201 86301f06
03551d23 04183016 8014fb93 35da7dd5 15d8e2ad 8e05ccf7 b5c333cc 95ac301d
0603551d 0e041604 14fb9335 da7dd515 d8e2ad8e 05ccf7b5 c333cc95 ac300d06
092a8648 86f70d01 01050500 03818100 6851ae52 5383c6f6 9e3ea714 85b2c5a0
fd720959 a0b91899 806bad7a 08e2208e de22cad0 6692b09a 7152b21e 3bbfce68
cc9f1391 8c460a04 a15e1a9e b18f829d 6d42d9bd ed5346bd 73a402f7 21e0c746
02757fb6 b60405a9 ac3b9070 8c0f2fba d12f157b 85dd0a8b 2e9cf830 90a19412
c7af1667 37b5ed8e c023ea4d 0c434609
quit
crypto isakmp enable Outside
crypto isakmp enable Inside
crypto isakmp policy 10
authentication crack
encryption aes-256
hash sha
group 2
lifetime 86400
crypto isakmp policy 20
authentication rsa-sig
encryption aes-256
hash sha
group 2
lifetime 86400
crypto isakmp policy 30
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto isakmp policy 40
authentication crack
encryption aes-192
hash sha
group 2
lifetime 86400
crypto isakmp policy 50
authentication rsa-sig
encryption aes-192
hash sha
group 2
lifetime 86400
crypto isakmp policy 60
authentication pre-share
encryption aes-192
hash sha
group 2
lifetime 86400
crypto isakmp policy 70
authentication crack
encryption aes
hash sha
group 2
lifetime 86400
crypto isakmp policy 80
authentication rsa-sig
encryption aes
hash sha
group 2
lifetime 86400
crypto isakmp policy 90
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto isakmp policy 100
authentication crack
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 110
authentication rsa-sig
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 120
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 130
authentication crack
encryption des
hash sha
group 2
lifetime 86400
crypto isakmp policy 140
authentication rsa-sig
encryption des
hash sha
group 2
lifetime 86400
crypto isakmp policy 150
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
crypto isakmp policy 170
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
no vpn-addr-assign aaa
no vpn-addr-assign dhcp
vpn-addr-assign local reuse-delay 5
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 Outside
ssh 172.221.228.164 255.255.255.255 Outside
ssh Charlotte_SSL_VPN_Clients 255.255.255.0 Inside
ssh 192.168.16.0 255.255.255.0 Inside
ssh timeout 5
console timeout 0
management-access Inside
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
threat-detection basic-threat
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
ssl trust-point ASDM_TrustPoint1 Outside
webvpn
enable Outside
enable Inside
anyconnect-essentials
svc image disk0:/anyconnect-win-2.5.2014-k9.pkg 1 regex "Windows NT"
svc enable
group-policy DfltGrpPolicy attributes
dns-server value 192.168.16.122 8.8.8.8
vpn-idle-timeout none
vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn
split-tunnel-policy tunnelspecified
split-tunnel-network-list value Limited__VPN_Acccess_List
default-domain value tg.local
split-dns value tg.local
group-policy LimitedAccessGroupPolicy internal
group-policy LimitedAccessGroupPolicy attributes
wins-server none
dns-server value 192.168.16.122 8.8.8.8
vpn-tunnel-protocol svc
split-tunnel-policy tunnelspecified
split-tunnel-network-list value Limited__VPN_Acccess_List
default-domain value thinkgate.local
split-tunnel-all-dns disable
group-policy GroupPolicy2 internal
group-policy GroupPolicy2 attributes
vpn-tunnel-protocol IPSec
group-policy GroupPolicy1 internal
group-policy GroupPolicy1 attributes
wins-server none
dns-server value 192.168.16.122 8.8.8.8
vpn-tunnel-protocol svc
default-domain value tg.local
group-policy Site-to-Site_Policy internal
group-policy Site-to-Site_Policy attributes
vpn-tunnel-protocol IPSec l2tp-ipsec
tunnel-group DefaultRAGroup general-attributes
default-group-policy LimitedAccessGroupPolicy
tunnel-group DefaultWEBVPNGroup general-attributes
address-pool SSL_VPN_Pool
tunnel-group LimitedAccessTunnelGroup type remote-access
tunnel-group LimitedAccessTunnelGroup general-attributes
address-pool SSL_VPN_Pool
default-group-policy LimitedAccessGroupPolicy
tunnel-group 208.104.76.178 type ipsec-l2l
tunnel-group 208.104.76.178 ipsec-attributes
pre-shared-key *****
tunnel-group 74.218.175.168 type ipsec-l2l
tunnel-group 74.218.175.168 ipsec-attributes
pre-shared-key *****
tunnel-group TGAD_ConnectionProfile type remote-access
tunnel-group TGAD_ConnectionProfile general-attributes
authentication-server-group TGAD
default-group-policy GroupPolicy1
tunnel-group 174.143.192.65 type ipsec-l2l
tunnel-group 174.143.192.65 general-attributes
default-group-policy GroupPolicy2
tunnel-group 174.143.192.65 ipsec-attributes
pre-shared-key *****
tunnel-group 192.237.229.119 type ipsec-l2l
tunnel-group 192.237.229.119 ipsec-attributes
pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:ef741b4905b43dc36d0f621e06508840
: end
charlotte#What does the packet-tracer say, what does the IPsec associations say (packets encrypted/decrypted)?
This might be faster that going through your hundreds of lines of config. -
Unable to Access SSL WebVPN Login Page
I am unable to access the SSL WebVPN login html page. I tried using FF, Chrome, and IE via https://24.43.XXX.XXX. All I get is "Page cannot be displayed". I am stumped here, any help would be greatly appreciated.
PLAN-FW# show run
: Saved
ASA Version 9.1(1)
hostname PLAN-FW
domain-name intranet.example.com
enable password s9HtiQv6kkqqiJhc encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd 2KFQnbNIdI.2KYOU encrypted
names
ip local pool VPN-Clients 192.168.5.2-192.168.5.220 mask 255.255.255.0
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address 24.43.XXX.XXX 255.255.255.252
interface GigabitEthernet0/1
channel-group 1 mode active
no nameif
no security-level
no ip address
interface GigabitEthernet0/2
channel-group 1 mode active
no nameif
no security-level
no ip address
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/4
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/5
shutdown
no nameif
no security-level
no ip address
interface Management0/0
management-only
nameif Management
security-level 100
ip address 192.168.1.1 255.255.255.0
interface Port-channel1
nameif DR-01
security-level 100
ip address 10.0.0.1 255.255.255.252
ftp mode passive
dns domain-lookup outside
dns server-group DefaultDNS
name-server 8.8.8.8
name-server 4.2.2.2
domain-name intranet.example.com
object network obj-internet
subnet 0.0.0.0 0.0.0.0
object network obj-vlan100
subnet 10.0.100.0 255.255.254.0
object network NETWORK_OBJ_192.168.5.0_24
subnet 192.168.5.0 255.255.255.0
pager lines 24
mtu outside 1500
mtu DR-01 1500
mtu Management 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-713.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (DR-01,outside) source static any any destination static NETWORK_OBJ_192.168.5.0_24 NETWORK_OBJ_192.168.5.0_24 no-proxy-arp route-lookup
object network obj-vlan100
nat (DR-01,outside) dynamic interface
route outside 0.0.0.0 0.0.0.0 24.43.XXX.XXX 1
route DR-01 10.0.0.0 255.255.255.252 10.0.0.2 1
route DR-01 10.0.100.0 255.255.254.0 10.0.0.2 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 Management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto ca trustpoint SELF-TP
enrollment self
fqdn intranet.example.com
subject-name CN=intranet.example.com
keypair myrsakey
crl configure
crypto ca trustpool policy
crypto ca certificate chain SELF-TP
certificate 4fb08954
30820203 3082016c a0030201 0202044f b0895430 0d06092a 864886f7 0d010105
05003046 311e301c 06035504 03131569 6e747261 6e65742e 70656c61 74726f6e
2e636f6d 31243022 06092a86 4886f70d 01090216 15696e74 72616e65 742e7065
6c617472 6f6e2e63 6f6d301e 170d3134 31323136 31313237 32315a17 0d323431
32313331 31323732 315a3046 311e301c 06035504 03131569 6e747261 6e65742e
70656c61 74726f6e 2e636f6d 31243022 06092a86 4886f70d 01090216 15696e74
quit
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable outside client-services port 443
crypto ikev2 remote-access trustpoint SELF-TP
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl trust-point SELF-TP outside
webvpn
enable outside
anyconnect image disk0:/anyconnect-win-2.5.2014-k9.pkg 1
anyconnect image disk0:/anyconnect-macosx-i386-2.5.2014-k9.pkg 2
anyconnect profiles Example_Intranet_client_profile disk0:/Example_Intranet_client_profile.xml
anyconnect enable
tunnel-group-list enable
group-policy "GroupPolicy_Example Intranet" internal
group-policy "GroupPolicy_Example Intranet" attributes
wins-server none
dns-server value 8.8.8.8 4.2.2.2
vpn-tunnel-protocol ikev2 ssl-client
default-domain value intranet.example.com
webvpn
anyconnect profiles value Example_Intranet_client_profile type user
username test1 password GxmPkeumVbHvz58J encrypted privilege 15
username test2 password t.GxS9C3hRYHni61 encrypted
username test3 password M9Szy/s33Cm6Crby encrypted
username test4 password hMXxQZTu8agZnzki encrypted
tunnel-group "Example Intranet" type remote-access
tunnel-group "Example Intranet" general-attributes
address-pool VPN-Clients
default-group-policy "GroupPolicy_Example Intranet"
tunnel-group "Example Intranet" webvpn-attributes
group-alias "Example Intranet" enable
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly 10
subscribe-to-alert-group configuration periodic monthly 10
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:4976c27fbf11ae4589d27b4f16107a41
: end
Directory of disk0:/
10 drwx 4096 08:15:36 Sep 19 2014 log
20 drwx 4096 08:16:04 Sep 19 2014 crypto_archive
21 drwx 4096 08:16:12 Sep 19 2014 coredumpinfo
114 -rwx 37416960 08:24:28 Sep 19 2014 asa911-smp-k8.bin
115 -rwx 18097844 08:26:28 Sep 19 2014 asdm-713.bin
116 -rwx 69318656 08:27:50 Sep 19 2014 asacx-5500x-boot-9.1.1-1-RelWithDebInfo.x86_64.img
117 -rwx 12998641 08:47:34 Sep 19 2014 csd_3.5.2008-k9.pkg
118 drwx 4096 08:47:36 Sep 19 2014 sdesktop
119 -rwx 6487517 08:47:38 Sep 19 2014 anyconnect-macosx-i386-2.5.2014-k9.pkg
120 -rwx 6689498 08:47:40 Sep 19 2014 anyconnect-linux-2.5.2014-k9.pkg
121 -rwx 4678691 08:47:42 Sep 19 2014 anyconnect-win-2.5.2014-k9.pkg
122 -rwx 200 14:26:42 Dec 08 2014 upgrade_startup_errors_201412081426.log
129 -rwx 338 11:59:35 Dec 16 2014 Example_Intranet_client_profile.xml
8238202880 bytes total (4860497920 bytes free)
Cisco Adaptive Security Appliance Software Version 9.1(1)
Device Manager Version 7.1(3)
Compiled on Wed 28-Nov-12 11:15 PST by builders
System image file is "disk0:/asa911-smp-k8.bin"
Config file at boot was "startup-config"
PLAN-FW up 5 days 5 hours
Hardware: ASA5515, 8192 MB RAM, CPU Clarkdale 3059 MHz, 1 CPU (4 cores)
ASA: 4096 MB RAM, 1 CPU (1 core)
Internal ATA Compact Flash, 8192MB
BIOS Flash MX25L6445E @ 0xffbb0000, 8192KB
Encryption hardware device : Cisco ASA-55xx on-board accelerator (revision 0x1)
Boot microcode : CNPx-MC-BOOT-2.00
SSL/IKE microcode : CNPx-MC-SSL-PLUS-T020
IPSec microcode : CNPx-MC-IPSEC-MAIN-0022
Number of accelerators: 1
Baseboard Management Controller (revision 0x1) Firmware Version: 2.4
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 100 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Security Contexts : 2 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 100 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 250 perpetual
Total VPN Peers : 250 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
IPS Module : Disabled perpetual
Cluster : Disabled perpetual
This platform has an ASA 5515 Security Plus license.Hi Nathan,
Are you using Ikev2 to connect. If not then can you please remove the following command and then try again:
no crypto ikev2 enable outside client-services port 443
Thanks
Jeet Kumar -
Unable to access internal networks over Remote acces VPN
Hi,
I have set up a Remote access VPN from Home to Cisco ASA 5512-X.
I am able to connect successfully and even getting a valid IP address from VPN pool 172.21.3.1-. However I am unable to access any of the internal resources.
Internal Network: 172.20.0.0 255.255.0.0
Please if someone can help identifying the issue.
Below is the running config:-
Result of the command: "sh run"
: Saved
ASA Version 9.1(1)
hostname ASA
domain-name M8fl.com
enable password Aoz9GlxLLvkWrTUy encrypted
passwd Gc1jA6zbgOsj63RW encrypted
names
ip local pool vpnclients 172.21.3.1-172.21.3.20 mask 255.255.0.0
ip local pool test 172.21.3.21-172.21.3.40 mask 255.255.255.0
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 172.20.254.250 255.255.0.0
interface GigabitEthernet0/2
description vodafone 100mb internet 195.11.180.40_29
speed 100
duplex full
nameif outside1
security-level 1
ip address 195.11.180.42 255.255.255.248
interface GigabitEthernet0/3
description Voice
nameif Voice
security-level 80
ip address 192.168.2.1 255.255.255.252
interface GigabitEthernet0/4
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/5
shutdown
no nameif
no security-level
no ip address
interface Management0/0
management-only
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
boot system disk0:/asa911-smp-k8.bin
ftp mode passive
clock timezone GMT 0
dns domain-lookup inside
dns domain-lookup outside1
dns domain-lookup management
dns server-group DefaultDNS
name-server 10.0.0.4
name-server 172.20.0.100
domain-name M8fl.com
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network VLAN1
subnet 172.20.0.0 255.255.0.0
object network NETWORK_OBJ_172.20.3.0_27
subnet 172.21.3.0 255.255.255.224
object network Voice_Net
subnet 172.21.20.0 255.255.255.0
object network PBX_Internal
host 192.168.2.2
description PBX Internal
object network Voice_External
host 195.11.180.43
description For PBX
object network Raith_Remote_Network
subnet 192.168.20.0 255.255.255.0
description Raith Remote Network
object network NETWORK_OBJ_172.21.3.0_27
subnet 172.21.3.0 255.255.255.224
object network NETWORK_OBJ_172.21.3.0_26
subnet 172.21.3.0 255.255.255.192
object-group network azure-networks
network-object 10.0.0.0 255.0.0.0
object-group network onprem-networks
network-object 172.20.0.0 255.255.0.0
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
object-group service test_PPTP
service-object ip
service-object tcp destination eq pptp
access-list azure-vpn-acl extended permit ip object-group onprem-networks object-group azure-networks
access-list outside_access_in extended permit ip object-group azure-networks object-group onprem-networks
access-list outside_access_in extended permit icmp any any
access-list outside_access_in extended permit ip any any
access-list inside_access_in extended permit ip any any log disable
access-list inside_access_in_1 extended permit ip object-group onprem-networks object-group azure-networks
access-list inside_access_in_1 extended permit ip any object Voice_Net log debugging
access-list inside_access_in_1 extended permit ip any any
access-list outside_access_in_1 extended permit ip object-group azure-networks object-group onprem-networks
access-list outside_access_in_1 extended permit icmp any any
access-list outside_access_in_1 extended permit ip any any inactive
access-list Voice_access_in extended permit ip any any log debugging
access-list outside_cryptomap extended permit ip object-group onprem-networks object Raith_Remote_Network
pager lines 24
logging enable
logging buffer-size 40000
logging buffered notifications
logging asdm debugging
mtu outside 1500
mtu inside 1500
mtu outside1 1500
mtu Voice 1500
mtu management 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-66114.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (inside,outside1) source static onprem-networks onprem-networks destination static azure-networks azure-networks
nat (inside,outside1) source dynamic VLAN1 interface
nat (inside,Voice) source static VLAN1 VLAN1 destination static Voice_Net Voice_Net no-proxy-arp route-lookup
nat (Voice,outside1) source static PBX_Internal Voice_External
nat (inside,outside) source static onprem-networks onprem-networks destination static Raith_Remote_Network Raith_Remote_Network no-proxy-arp route-lookup
nat (inside,outside1) source static any any destination static NETWORK_OBJ_172.21.3.0_27 NETWORK_OBJ_172.21.3.0_27 no-proxy-arp route-lookup
nat (inside,outside1) source static any any destination static NETWORK_OBJ_172.21.3.0_26 NETWORK_OBJ_172.21.3.0_26 no-proxy-arp route-lookup
access-group outside_access_in in interface outside
access-group inside_access_in_1 in interface inside
access-group outside_access_in_1 in interface outside1
access-group Voice_access_in in interface Voice
route outside1 0.0.0.0 0.0.0.0 195.11.180.41 10
route inside 172.21.20.0 255.255.255.0 172.20.20.253 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
aaa authentication http console LOCAL
http server enable 444
http 192.168.1.0 255.255.255.0 management
http 172.20.0.0 255.255.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
sysopt connection tcpmss 1350
sysopt noproxyarp outside
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set azure-ipsec-proposal-set esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA mode transport
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec security-association lifetime seconds 3600
crypto ipsec security-association lifetime kilobytes 102400000
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-3DES-SHA
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set security-association lifetime seconds 28800
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set security-association lifetime kilobytes 4608000
crypto map outside_map interface outside
crypto ca trustpoint ASDM_TrustPoint0
enrollment terminal
subject-name CN=ASA
crl configure
crypto ca trustpool policy
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 28800
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable outside
crypto ikev1 enable outside
crypto ikev1 enable outside1
crypto ikev1 policy 10
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 28800
crypto ikev1 policy 20
authentication rsa-sig
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 30
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 40
authentication crack
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 50
authentication rsa-sig
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 60
authentication pre-share
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 70
authentication crack
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 80
authentication rsa-sig
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 90
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 100
authentication crack
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 110
authentication rsa-sig
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 120
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 130
authentication crack
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 140
authentication rsa-sig
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 150
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
telnet 172.20.0.0 255.255.0.0 inside
telnet timeout 5
ssh 172.20.0.0 255.255.0.0 inside
ssh timeout 5
ssh version 2
console timeout 0
dhcpd address 172.20.2.1-172.20.2.254 inside
dhcpd dns 10.0.0.4 172.20.0.100 interface inside
dhcpd enable inside
dhcpd dns 172.21.20.254 interface Voice
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
tftp-server inside 172.20.2.34 /tftp
webvpn
enable outside1
anyconnect image disk0:/anyconnect-win-2.5.2014-k9.pkg 1
anyconnect image disk0:/anyconnect-linux-2.5.2014-k9.pkg 2
anyconnect image disk0:/anyconnect-macosx-i386-2.5.2014-k9.pkg 3
anyconnect enable
tunnel-group-list enable
internal-password enable
group-policy DefaultRAGroup_2 internal
group-policy DefaultRAGroup_2 attributes
dns-server value 10.0.0.4 172.20.0.100
vpn-tunnel-protocol l2tp-ipsec
default-domain value
group-policy DefaultRAGroup_3 internal
group-policy DefaultRAGroup_3 attributes
dns-server value 10.0.0.4 172.20.0.100
vpn-tunnel-protocol ikev1 l2tp-ipsec
default-domain value
group-policy DefaultRAGroup internal
group-policy DefaultRAGroup attributes
dns-server value 10.0.0.4 172.20.0.100
vpn-tunnel-protocol l2tp-ipsec
default-domain value
group-policy DefaultRAGroup_1 internal
group-policy DefaultRAGroup_1 attributes
dns-server value 10.0.0.4 172.20.0.100
vpn-tunnel-protocol l2tp-ipsec
default-domain value
group-policy DfltGrpPolicy attributes
vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-client ssl-clientless
group-policy RA_VPN internal
group-policy RA_VPN attributes
dns-server value 8.8.8.8 4.2.2.2
vpn-tunnel-protocol ikev1
default-domain value
group-policy "GroupPolicy_Anyconnect _profile" internal
group-policy "GroupPolicy_Anyconnect _profile" attributes
wins-server none
dns-server value 8.8.8.8
vpn-tunnel-protocol ssl-client ssl-clientless
default-domain none
webvpn
file-browsing enable
group-policy GroupPolicy_89.241.208.14 internal
group-policy GroupPolicy_89.241.208.14 attributes
vpn-tunnel-protocol ikev1
username test2 password encrypted privilege 15
username test1 password nt-encrypted privilege 0
username test1 attributes
vpn-group-policy DefaultRAGroup_2
username test password encrypted privilege 15
username test attributes
vpn-group-policy DefaultRAGroup_1
username EdwardM password encrypted privilege 15
username vpntest password encrypted privilege 0
username vpntest attributes
vpn-group-policy RA_VPN
username vpntest3 password nt-encrypted privilege 15
username vpntest3 attributes
service-type remote-access
username rhunton password encrypted privilege 15
username rhunton attributes
service-type admin
username e.melaugh password encrypted privilege 15
username netx password encrypted privilege 15
username netx attributes
service-type remote-access
username colin password encrypted privilege 15
username colin attributes
service-type remote-access
tunnel-group DefaultL2LGroup ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group DefaultRAGroup general-attributes
address-pool vpnclients
default-group-policy DefaultRAGroup_3
tunnel-group DefaultRAGroup ipsec-attributes
ikev1 pre-shared-key *****
isakmp keepalive disable
tunnel-group DefaultRAGroup ppp-attributes
no authentication chap
authentication ms-chap-v2
tunnel-group "Anyconnect _profile" type remote-access
tunnel-group "Anyconnect _profile" general-attributes
address-pool vpnclients
default-group-policy "GroupPolicy_Anyconnect _profile"
tunnel-group "Anyconnect _profile" webvpn-attributes
group-alias "Anyconnect _profile" enable
tunnel-group 137.117.215.177 type ipsec-l2l
tunnel-group 137.117.215.177 ipsec-attributes
ikev1 pre-shared-key *****
peer-id-validate nocheck
isakmp keepalive disable
tunnel-group 89.241.208.14 type ipsec-l2l
tunnel-group 89.241.208.14 general-attributes
default-group-policy GroupPolicy_89.241.208.14
tunnel-group 89.241.208.14 ipsec-attributes
ikev1 pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect pptp
policy-map type inspect ipsec-pass-thru Fairhurst
description to allow vpn to fairhurst network
parameters
esp
ah
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:f4185106b309478da7804dc22d2c1a85
: endHi,
You seem to have this nat (inside,outside1) source dynamic VLAN1 interface at line 2 which is causing the identity Nat/ Nat exempt to fail.
It is always good to use the packet tracer feature on the ASA to see what exactly is happening.
Try this
nat (inside,outside1) 1 source static VLAN1 VLAN1 destination static NETWORK_OBJ_172.21.3.0_27 NETWORK_OBJ_172.21.3.0_27 no-pr route-lo
Let me know how it goes for you.
Regards,
Nitish Emmanuel -
"Unable to set shared config DC." when running setup /RecoverServer
Hi guys,
I'm hoping for a bit of assistance. I have stepped into an environment where there is one production Exchange 2010 server and one Exchange 2013 server. The Exchange 2013 server is in a unrecoverable state however it contains the domain administrators mailbox
and therefore I cannot remove it manually. As it was a vm, I took it offline, created an identical server (name, os version(Windows 2008 R2 with latest updates), ip address etc.), installed all the prerequisite components and then ran setup /m:RecoverServer
/IAcceptExchangeServerLicenseTerms. Everything runs through successfully until it gets to the Mailbox role: Transport service where it fails with "Unable to set shared config DC.". After some searching on Google,
it suggests that ipv6 is disabled on the DC. We have two DC's in our environment and both have ipv6 enabled as does the exchange server. If I try to re-run the installation for the role alone, i.e. Setup /mode:install /IAcceptExchangeServerLicenseTerms
/role:HubTransport, it fails with "The machine is not configured for installing "BridgeheadRole" Datacenter Role."
Any help would be greatly appreciated.Thanks Amit, I understand there's no hubtransport role in 2013 but this is the error that it's throwing:
PS D:\> .\setup /m:RecoverServer /IAcceptExchangeServerLicenseTerms
Welcome to Microsoft Exchange Server 2013 Service Pack 1 Unattended Setup
Copying Files...
File copy complete. Setup will now collect additional information needed for
installation.
Languages
Mailbox role: Transport service
Mailbox role: Client Access service
Mailbox role: Unified Messaging service
Mailbox role: Mailbox service
Management tools
Client Access role: Client Access Front End service
Client Access role: Front End Transport service
Performing Microsoft Exchange Server Prerequisite Check
Configuring Prerequisites COMPLETED
Prerequisite Analysis FAILED
A Setup failure previously occurred while installing the HubTransportRole r
ole. Either run Setup again for just this role, or remove the role using Control
Panel.
For more information, visit: http://technet.microsoft.com/library(EXCHG.150
)/ms.exch.setupreadiness.InstallWatermark.aspx
The Exchange Server setup operation didn't complete. More details can be found
in ExchangeSetup.log located in the <SystemDrive>:\ExchangeSetupLogs folder.
Any other thoughts? -
I am using the firefox version 17 and when i drag and drop an image on my website. It gives me the following error.
Unable to access local files due to browser security settings. To overcome this, follow these steps: (1) Enter "about:config" in the URL field; (2) Right click and select New->Boolean; (3) Enter "signed.applets.codebase_principal_support" (without the quotes) as a new preference name; (4) Click OK and try loading the file again. Or go to the homepage for a link to the tutorial on how to do it.
I have completed the above steps and it is still showing the same error message. Any help would be highly appreciated.
Thanks.Thanks kumars ,
I have a specific drag and drop area on our website. This works fine for all earlier releases of Firefox after these security settings
"(1) Enter "about:config" in the URL field; (2) Right click and select New->Boolean; (3) Enter "signed.applets.codebase_principal_support" (without the quotes) as a new preference name; (4) Click OK and try loading the file again."
Bust these settings not work for me in Firefox 17.
Yes the drag and drop functionality is java script based and i am not using any script blocker addons. -
Unable to access the Firewall through ASDM
Hi All,
Thanks in advance ,
in my organisatin we are facing one issue with launching of ASDM in ASA 5520 , when wer are trying to access the Firewall through ASDM we are unable to access that , see the java error loggs below , yes i know if we reload the firewall then this problem will solve , but my organisation management donsent want to reload the firewall , other procedure is to upgrage the ASDM version , just let me know the procedure for this
Using JRE version 1.7.0_25 Java HotSpot(TM) Client VM
User home directory = C:\Users\shussain
c: clear console window
f: finalize objects on finalization queue
g: garbage collect
h: display this help message
m: print memory usage
q: hide console
s: dump system properties
ASDM Application Logging Started at Tue Aug 20 11:04:48 AST 2013
Local Launcher Version = 1.5.30
Local Launcher Version Display = 1.5(30)
OK button clicked
Trying for ASDM Version file; url =
https://192.168.50.2/admin/
Server Version = 6.1(3)
Server Launcher Version = 1.5.30, size = 319488 bytes
invoking SGZ Loader..
Cache location = C:/Users/shussain/.asdm/cache
Exception in thread "SGZ Loader: launchSgzApplet" java.lang.NumberFormatException: For input string: "1 year 192"
at java.lang.NumberFormatException.forInputString(Unknown Source)
at java.lang.Integer.parseInt(Unknown Source)
at java.lang.Integer.parseInt(Unknown Source)
at com.cisco.pdm.Check.h(DashoA10*..:1358)
at com.cisco.pdm.Check.c(DashoA10*..:858)
at com.cisco.pdm.Check.a(DashoA10*..:438)
at com.cisco.pdm.PDMApplet.start(DashoA10*..:132)
at com.cisco.nm.dice.loader.r.run(DashoA19*..:410)dear marvin,
find my firewall sh version output, and asdm version ,
ciscoasa# sh ver
Cisco Adaptive Security Appliance Software Version 8.0(4)
Device Manager Version 6.1(3)
Compiled on Thu 07-Aug-08 20:53 by builders
System image file is "disk0:/asa804-k8.bin"
Config file at boot was "startup-config"
ciscoasa up 1 year 193 days
Hardware: ASA5520, 512 MB RAM, CPU Pentium 4 Celeron 2000 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB
Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
Boot microcode : CN1000-MC-BOOT-2.00
SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.05
0: Ext: GigabitEthernet0/0 : address is 0021.a09a.ba76, irq 9
1: Ext: GigabitEthernet0/1 : address is 0021.a09a.ba77, irq 9
2: Ext: GigabitEthernet0/2 : address is 0021.a09a.ba78, irq 9
3: Ext: GigabitEthernet0/3 : address is 0021.a09a.ba79, irq 9
4: Ext: Management0/0 : address is 0021.a09a.ba7a, irq 11
5: Int: Internal-Data0/0 : address is 0000.0001.0002, irq 11
6: Int: Internal-Control0/0 : address is 0000.0001.0001, irq 5
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs : 150
Inside Hosts : Unlimited
Failover : Active/Active
VPN-DES : Enabled
VPN-3DES-AES : Disabled
Security Contexts : 2
GTP/GPRS : Disabled
VPN Peers : 750
WebVPN Peers : 2
AnyConnect for Mobile : Disabled
AnyConnect for Linksys phone : Disabled
Advanced Endpoint Assessment : Disabled
UC Proxy Sessions : 2
This platform has an ASA 5520 VPN Plus license.
Serial Number: JMX1304L0HA
Running Activation Key: 0x0313c076 0x58bdf52e 0xa83245ac 0xb460b058 0x88201caa
Configuration register is 0x1
Configuration last modified by enable_15 at 10:18:47.850 AST Wed Aug 21 2013
ciscoasa#
ciscoasa# sh run asdm
asdm image disk0:/asdm-613.bin
asdm location internal-network1 255.255.0.0 internal -
How to access my configs n customization in my project
Hi Gurus,
I am a learner...n i have done all my configs n customization by creating a new Project in my IDES system.
However, when i am trying to use them through Easy Access Screen, i am unable to use those configs.
For Ex. I have configured new Sales District, Legal Statuses, Customer Classification etc. but when i am creating a new Customer Master through XD01, all these customizations don't appear.
Please tell what more i need to do to start using it in my project.
Thanks,
Khushal AgrawalDear Laxmipathi Sir,
Well Yes..actually....i have made all the fields as above madatory n have customized them.
But while creating customer master, when i go for matchcode for say in Sales District...it does not displays any entries. Neither can i enter any text their n since i made it REQUIRED field, i am unable to progress further...so i need to eixt.
Is it so beacuse i have created a Project for myself. Earlier it used to take.
Please suggest a solution.
Thanks
Khushal Agrawal
Maybe you are looking for
-
Hello, A while back I posted a thread asking about using the font manager "Suitecase" and Final Cut Pro. It was clear that Suitecase should not be used with Final Cut. I work at an ad agency and we have a database of 4000 fonts. Does anyone know of a
-
Page level totals in a matrix report
hi all, Is it possible to have any kind of page level totals in a matrix report?? i tried it manually, but it gave me an error as follows, REP-1266: Column '<column name>': Page Level columns are not allowed in a Cross Product. Thanks Martin
-
Please help with this slow internet
Can someone please help me with this slow internet. I have been looking on this forum for a while and have tried about everything I can do. I bought a new macbook, a new airport extreme base station, and have high speed internet. I can connect with a
-
Content target link opens in a new window!!
hi i'm designing this HTML website with dreamweaver 8, it's a frameset devided into 3 frames top frame(navigation) , left frame (ads) and right/middle frame (content frame) and i have the flash navigation menu placed on the top frame, when a link is
-
We have created two different OU using LDAP adapters for two separate AD's and configured under one Tree Top adapter in OVD. In user profile we have a user attribute email which is common in both the OU's. As a requirement, we want to populate the us