×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

ASA 5510 RDP Problem!

Unanswered Question
Jun 14th, 2012
User Badges:

hi,


Im trying to troubleshoot an ASA 5510 8.3 set up in routed mode providing NAT and IPSEC remote access for a site.

the problem i'm facing is when we try to RDP from the Vpn tunnel users 192.168.9.0/24 to the inside network 192.168.0.0/24 the connection hangs for a while and the we get an error on RDP.

RDP works locally, I also enabled telnet on the machine i'm trying to RDP to and it also fails I wanted to telnet adding the RDP port.


other traffic like windows shares, ping, http, skinny, all work fine and split tunneling is enabled. I can even control asdm from the VPN connection


I tried Nat exemption (old nat 0) from inside to VPN

reduced MTU outside to 1300/1260/1100,

sysopt connection tcp-mss (same above values)

df bit clear

timeout 0:0:0

crypto isakmp nat-transversal 20

and nothing seems to fix it.


also when i run asdm packet tracer source VPN IP dest inside IP with tcp port 3389 the flows completes but it drops the packet after the las Vpn step with a IPSec spoof detected error???


i'm starting to think that the tcp SYN packet is taking the wrong path back to the VPN user with all those Nat rules in the config.


has anyone experienced this?? help is appreciated


here is the config (Alert!! I found a lot of NAT and network objects garbage in there "BUT" everything needed for the VPN user works except of course for RDP I wonder if it has something to do with the issue)



interface Ethernet0/0

nameif outside

security-level 0

ip address X.X.X.X 255.255.255.248

!

interface Ethernet0/1

nameif inside

security-level 100

ip address 192.168.0.48 255.255.255.0

!

interface Ethernet0/2

shutdown

no nameif

no security-level

no ip address

!

interface Ethernet0/3

shutdown

no nameif

no security-level

no ip address

!

interface Management0/0

shutdown

no nameif

no security-level

no ip address

management-only

!

boot config disk0:/.p

ftp mode passive

dns server-group DefaultDNS

domain-name clubqc.local

dns server-group defaultdns

domain-name clubqc.loca

same-security-traffic permit inter-interface

same-security-traffic permit intra-interface

object network obj_any

subnet 0.0.0.0 0.0.0.0

description obj_XXXXXXXX

object network obj_XXXXXXXX

host 6XXXXXXXXX

description XXXXXXXXX

object network NETWORK_OBJ_192.168.7.0_24

subnet 192.168.7.0 255.255.255.0

object network NETWORK_OBJ_192.168.0.0_24

subnet 192.168.0.0 255.255.255.0

object network NETWORK_OBJ_192.168.8.0_29

subnet 192.168.8.0 255.255.255.248

object network NETWORK_OBJ_192.168.8.8_29

subnet 192.168.8.8 255.255.255.248

object network NETWORK_OBJ_192.168.8.16_29

subnet 192.168.8.16 255.255.255.248

object network NETWORK_OBJ_192.168.8.24_29

subnet 192.168.8.24 255.255.255.248

object network NETWORK_OBJ_192.168.8.32_29

subnet 192.168.8.32 255.255.255.248

object network NETWORK_OBJ_192.168.8.40_29

subnet 192.168.8.40 255.255.255.248

object network NETWORK_OBJ_192.168.8.48_29

subnet 192.168.8.48 255.255.255.248

object network NETWORK_OBJ_192.168.8.56_29

subnet 192.168.8.56 255.255.255.248

object network NETWORK_OBJ_192.168.8.64_29

subnet 192.168.8.64 255.255.255.248

object network NETWORK_OBJ_192.168.8.72_29

subnet 192.168.8.72 255.255.255.248

object network obj_192.168.0.3_67_3389

host 192.168.0.3

description 192.168.0.3

object network obj_192.168.0.5_66_3389

host 192.168.0.5

description 192.168.0.5

object network obj_192.168.0.103_66_3389

host 192.168.0.103

description 192.168.0.103

object network obj_192.168.0.10_66_3389

host 192.168.0.10

description 192.168.0.10

object network obj_192.168.0.87_66_3389

host 192.168.0.87

description 192.168.0.87

object network obj_192.168.0.205_67_3389

host 192.168.0.205

description 192.168.0.205

object network obj_192.168.0.163_66_443

host 192.168.0.163

description 192.168.0.163

object network obj_192.168.0.253_66_1280

host 192.168.0.253

description 192.168.0.253

object network obj_192.168.0.253_66_5100

host 192.168.0.253

description 192.168.0.253

object network obj_192.168.0.253_66_5300

host 192.168.0.253

description 192.168.0.253

object network obj_192.168.0.253_67_1280

host 192.168.0.253

description 192.168.0.253

object network obj_192.168.0.253_67_5100

host 192.168.0.253

description 192.168.0.253

object network obj_192.168.0.253_67_5300

host 192.168.0.253

description 192.168.0.253

object network NETWORK_OBJ_192.168.9.0

subnet 192.168.9.0 255.255.255.0

object network NETWORK_OBJ_192.168.8.80_29

subnet 192.168.8.80 255.255.255.248

object network NETWORK_OBJ_192.168.8.0_24

subnet 192.168.8.0 255.255.255.0

object network NETWORK_OBJ_192.168.8.88_29

subnet 192.168.8.88 255.255.255.248

object network abj_XXXXXXXX

host XXXXXXXXXX

description XXXXXXXX

object service 3389

service tcp source eq 3389 destination eq 3389

description rdp

object-group service OBJ_OUTSIDE_66_PERMIT tcp

port-object eq 1280

port-object eq 3389

port-object eq 3395

port-object eq 3396

port-object eq 3397

port-object eq 3399

port-object eq 5100

port-object eq 5222

port-object eq 5300

port-object eq https

object-group service OBJ_OUTSIDE_67_PERMIT tcp

port-object eq 1280

port-object eq 3389

port-object eq 3399

port-object eq 5100

port-object eq 5222

port-object eq 5300

access-list outside_access_in extended permit tcp any object-group OBJ_OUTSIDE_66_PERMIT any object-group OBJ_OUTSIDE_66_PERMIT

access-list outside_access_in extended permit ip any any

access-list outside_cryptomap0 extended permit ip 192.168.0.0 255.255.255.0 192.168.8.0 255.255.255.248

access-list outside_cryptomap0 extended permit ip 192.168.7.0 255.255.255.0 192.168.8.0 255.255.255.248

access-list outside_cryptomap0 extended permit ip 192.168.9.0 255.255.255.0 192.168.8.0 255.255.255.248

access-list outside_cryptomap0 extended permit ip 192.168.8.0 255.255.255.0 192.168.8.0 255.255.255.248

access-list outside_cryptomap8 extended permit ip 192.168.0.0 255.255.255.0 192.168.8.8 255.255.255.248

access-list outside_cryptomap8 extended permit ip 192.168.7.0 255.255.255.0 192.168.8.8 255.255.255.248

access-list outside_cryptomap8 extended permit ip 192.168.9.0 255.255.255.0 192.168.8.8 255.255.255.248

access-list outside_cryptomap8 extended permit ip 192.168.8.0 255.255.255.0 192.168.8.8 255.255.255.248

access-list outside_cryptomap16 extended permit ip 192.168.0.0 255.255.255.0 192.168.8.16 255.255.255.248

access-list outside_cryptomap16 extended permit ip 192.168.7.0 255.255.255.0 192.168.8.16 255.255.255.248

access-list outside_cryptomap16 extended permit ip 192.168.9.0 255.255.255.0 192.168.8.16 255.255.255.248

access-list outside_cryptomap16 extended permit ip 192.168.8.0 255.255.255.0 192.168.8.16 255.255.255.248

access-list outside_cryptomap24 extended permit ip 192.168.0.0 255.255.255.0 192.168.8.24 255.255.255.248

access-list outside_cryptomap24 extended permit ip 192.168.7.0 255.255.255.0 192.168.8.24 255.255.255.248

access-list outside_cryptomap24 extended permit ip 192.168.9.0 255.255.255.0 192.168.8.24 255.255.255.248

access-list outside_cryptomap24 extended permit ip 192.168.8.0 255.255.255.0 192.168.8.24 255.255.255.248

access-list outside_cryptomap32 extended permit ip 192.168.0.0 255.255.255.0 192.168.8.32 255.255.255.248

access-list outside_cryptomap32 extended permit ip 192.168.7.0 255.255.255.0 192.168.8.32 255.255.255.248

access-list outside_cryptomap32 extended permit ip 192.168.9.0 255.255.255.0 192.168.8.32 255.255.255.248

access-list outside_cryptomap32 extended permit ip 192.168.8.0 255.255.255.0 192.168.8.32 255.255.255.248

access-list outside_cryptomap40 extended permit ip 192.168.0.0 255.255.255.0 192.168.8.40 255.255.255.248

access-list outside_cryptomap40 extended permit ip 192.168.7.0 255.255.255.0 192.168.8.40 255.255.255.248

access-list outside_cryptomap40 extended permit ip 192.168.9.0 255.255.255.0 192.168.8.40 255.255.255.248

access-list outside_cryptomap40 extended permit ip 192.168.8.0 255.255.255.0 192.168.8.40 255.255.255.248

access-list outside_cryptomap48 extended permit ip 192.168.0.0 255.255.255.0 192.168.8.48 255.255.255.248

access-list outside_cryptomap48 extended permit ip 192.168.7.0 255.255.255.0 192.168.8.48 255.255.255.248

access-list outside_cryptomap48 extended permit ip 192.168.9.0 255.255.255.0 192.168.8.48 255.255.255.248

access-list outside_cryptomap48 extended permit ip 192.168.8.0 255.255.255.0 192.168.8.48 255.255.255.248

access-list outside_cryptomap56 extended permit ip 192.168.0.0 255.255.255.0 192.168.8.56 255.255.255.248

access-list outside_cryptomap56 extended permit ip 192.168.7.0 255.255.255.0 192.168.8.56 255.255.255.248

access-list outside_cryptomap56 extended permit ip 192.168.9.0 255.255.255.0 192.168.8.56 255.255.255.248

access-list outside_cryptomap56 extended permit ip 192.168.8.0 255.255.255.0 192.168.8.56 255.255.255.248

access-list outside_cryptomap64 extended permit ip 192.168.0.0 255.255.255.0 192.168.8.64 255.255.255.248

access-list outside_cryptomap64 extended permit ip 192.168.7.0 255.255.255.0 192.168.8.64 255.255.255.248

access-list outside_cryptomap64 extended permit ip 192.168.9.0 255.255.255.0 192.168.8.64 255.255.255.248

access-list outside_cryptomap64 extended permit ip 192.168.8.0 255.255.255.0 192.168.8.64 255.255.255.248

access-list outside_cryptomap72 extended permit ip 192.168.0.0 255.255.255.0 192.168.8.72 255.255.255.248

access-list outside_cryptomap72 extended permit ip 192.168.7.0 255.255.255.0 192.168.8.72 255.255.255.248

access-list outside_cryptomap72 extended permit ip 192.168.9.0 255.255.255.0 192.168.8.72 255.255.255.248

access-list outside_cryptomap72 extended permit ip 192.168.8.0 255.255.255.0 192.168.8.72 255.255.255.248

access-list test_splitTunnelAcl standard permit 192.168.9.0 255.255.255.0

access-list test_splitTunnelAcl standard permit 192.168.0.0 255.255.255.0

access-list test_splitTunnelAcl standard permit 192.168.7.0 255.255.255.0

access-list test_splitTunnelAcl standard permit 192.168.8.0 255.255.255.0

access-list lan-in extended permit ip any any

access-list outside_cryptomap80 extended permit ip 192.168.0.0 255.255.255.0 192.168.8.80 255.255.255.248

access-list outside_cryptomap80 extended permit ip 192.168.7.0 255.255.255.0 192.168.8.80 255.255.255.248

access-list outside_cryptomap80 extended permit ip 192.168.9.0 255.255.255.0 192.168.8.80 255.255.255.248

access-list outside_cryptomap80 extended permit ip 192.168.8.0 255.255.255.0 192.168.8.80 255.255.255.248

access-list outside_cryptomap88 extended permit ip 192.168.0.0 255.255.255.0 192.168.8.88 255.255.255.248

access-list outside_cryptomap88 extended permit ip 192.168.7.0 255.255.255.0 192.168.8.88 255.255.255.248

access-list outside_cryptomap88 extended permit ip 192.168.9.0 255.255.255.0 192.168.8.88 255.255.255.248

access-list outside_cryptomap88 extended permit ip 192.168.8.0 255.255.255.0 192.168.8.88 255.255.255.248

access-list DefaultACL_vpn extended permit ip 192.168.7.0 255.255.255.0 any

access-list DefaultACL_vpn extended permit ip 192.168.8.0 255.255.255.0 any

access-list DefaultACL_vpn extended permit ip 192.168.0.0 255.255.255.0 any

access-list DefaultACL_vpn extended permit ip 192.168.9.0 255.255.255.0 any

access-list DefaultACL_vpn extended permit tcp 192.168.9.0 255.255.255.0 eq 3389 192.168.0.0 255.255.255.0 eq 3389

access-list DefaultACL_vpn extended permit tcp 192.168.0.0 255.255.255.0 eq 3389 192.168.9.0 255.255.255.0 eq 3389

access-list DefaultACL_vpn extended permit tcp interface outside eq 3389 192.168.0.0 255.255.255.0 eq 3389

access-list global_access extended permit ip any any

access-list global_access extended permit tcp any object-group OBJ_OUTSIDE_66_PERMIT any object-group OBJ_OUTSIDE_66_PERMIT

access-list inside_access_in extended permit ip any any

access-list inside_access_in extended permit tcp any any object-group OBJ_OUTSIDE_66_PERMIT

pager lines 24

logging enable

logging buffered debugging

logging asdm informational

mtu outside 1500

mtu inside 1500

ip local pool PoolVPN 192.168.9.100-192.168.9.200 mask 255.255.255.0

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-631.bin

asdm history enable

arp timeout 14400

nat (inside,outside) source static NETWORK_OBJ_192.168.0.0_24 NETWORK_OBJ_192.168.0.0_24 destination static NETWORK_OBJ_192.168.8.0_29 NETWORK_OBJ_192.168.8.0_29

nat (inside,outside) source static NETWORK_OBJ_192.168.0.0_24 NETWORK_OBJ_192.168.0.0_24 destination static NETWORK_OBJ_192.168.8.8_29 NETWORK_OBJ_192.168.8.8_29

nat (inside,outside) source static NETWORK_OBJ_192.168.0.0_24 NETWORK_OBJ_192.168.0.0_24 destination static NETWORK_OBJ_192.168.8.16_29 NETWORK_OBJ_192.168.8.16_29

nat (inside,outside) source static NETWORK_OBJ_192.168.0.0_24 NETWORK_OBJ_192.168.0.0_24 destination static NETWORK_OBJ_192.168.8.24_29 NETWORK_OBJ_192.168.8.24_29

nat (inside,outside) source static NETWORK_OBJ_192.168.0.0_24 NETWORK_OBJ_192.168.0.0_24 destination static NETWORK_OBJ_192.168.8.32_29 NETWORK_OBJ_192.168.8.32_29

nat (inside,outside) source static NETWORK_OBJ_192.168.0.0_24 NETWORK_OBJ_192.168.0.0_24 destination static NETWORK_OBJ_192.168.8.40_29 NETWORK_OBJ_192.168.8.40_29

nat (inside,outside) source static NETWORK_OBJ_192.168.0.0_24 NETWORK_OBJ_192.168.0.0_24 destination static NETWORK_OBJ_192.168.8.48_29 NETWORK_OBJ_192.168.8.48_29

nat (inside,outside) source static NETWORK_OBJ_192.168.0.0_24 NETWORK_OBJ_192.168.0.0_24 destination static NETWORK_OBJ_192.168.8.56_29 NETWORK_OBJ_192.168.8.56_29

nat (inside,outside) source static NETWORK_OBJ_192.168.0.0_24 NETWORK_OBJ_192.168.0.0_24 destination static NETWORK_OBJ_192.168.8.64_29 NETWORK_OBJ_192.168.8.64_29

nat (inside,outside) source static NETWORK_OBJ_192.168.0.0_24 NETWORK_OBJ_192.168.0.0_24 destination static NETWORK_OBJ_192.168.8.72_29 NETWORK_OBJ_192.168.8.72_29

nat (inside,outside) source static NETWORK_OBJ_192.168.0.0_24 NETWORK_OBJ_192.168.0.0_24 destination static NETWORK_OBJ_192.168.9.0 NETWORK_OBJ_192.168.9.0

nat (inside,outside) source static NETWORK_OBJ_192.168.7.0_24 NETWORK_OBJ_192.168.7.0_24 destination static NETWORK_OBJ_192.168.8.0_29 NETWORK_OBJ_192.168.8.0_29

nat (inside,outside) source static NETWORK_OBJ_192.168.7.0_24 NETWORK_OBJ_192.168.7.0_24 destination static NETWORK_OBJ_192.168.8.8_29 NETWORK_OBJ_192.168.8.8_29

nat (inside,outside) source static NETWORK_OBJ_192.168.7.0_24 NETWORK_OBJ_192.168.7.0_24 destination static NETWORK_OBJ_192.168.8.16_29 NETWORK_OBJ_192.168.8.16_29

nat (inside,outside) source static NETWORK_OBJ_192.168.7.0_24 NETWORK_OBJ_192.168.7.0_24 destination static NETWORK_OBJ_192.168.8.24_29 NETWORK_OBJ_192.168.8.24_29

nat (inside,outside) source static NETWORK_OBJ_192.168.7.0_24 NETWORK_OBJ_192.168.7.0_24 destination static NETWORK_OBJ_192.168.8.32_29 NETWORK_OBJ_192.168.8.32_29

nat (inside,outside) source static NETWORK_OBJ_192.168.7.0_24 NETWORK_OBJ_192.168.7.0_24 destination static NETWORK_OBJ_192.168.8.40_29 NETWORK_OBJ_192.168.8.40_29

nat (inside,outside) source static NETWORK_OBJ_192.168.7.0_24 NETWORK_OBJ_192.168.7.0_24 destination static NETWORK_OBJ_192.168.8.48_29 NETWORK_OBJ_192.168.8.48_29

nat (inside,outside) source static NETWORK_OBJ_192.168.7.0_24 NETWORK_OBJ_192.168.7.0_24 destination static NETWORK_OBJ_192.168.8.56_29 NETWORK_OBJ_192.168.8.56_29

nat (inside,outside) source static NETWORK_OBJ_192.168.7.0_24 NETWORK_OBJ_192.168.7.0_24 destination static NETWORK_OBJ_192.168.8.64_29 NETWORK_OBJ_192.168.8.64_29

nat (inside,outside) source static NETWORK_OBJ_192.168.7.0_24 NETWORK_OBJ_192.168.7.0_24 destination static NETWORK_OBJ_192.168.8.72_29 NETWORK_OBJ_192.168.8.72_29

nat (inside,outside) source static NETWORK_OBJ_192.168.7.0_24 NETWORK_OBJ_192.168.7.0_24 destination static NETWORK_OBJ_192.168.9.0 NETWORK_OBJ_192.168.9.0

nat (inside,outside) source static NETWORK_OBJ_192.168.7.0_24 NETWORK_OBJ_192.168.7.0_24 destination static NETWORK_OBJ_192.168.8.80_29 NETWORK_OBJ_192.168.8.80_29

nat (inside,outside) source static NETWORK_OBJ_192.168.0.0_24 NETWORK_OBJ_192.168.0.0_24 destination static NETWORK_OBJ_192.168.8.80_29 NETWORK_OBJ_192.168.8.80_29

nat (outside,outside) source static NETWORK_OBJ_192.168.8.0_24 NETWORK_OBJ_192.168.8.0_24 destination static NETWORK_OBJ_192.168.8.80_29 NETWORK_OBJ_192.168.8.80_29

nat (outside,outside) source static NETWORK_OBJ_192.168.9.0 NETWORK_OBJ_192.168.9.0 destination static NETWORK_OBJ_192.168.8.80_29 NETWORK_OBJ_192.168.8.80_29

nat (inside,outside) source static NETWORK_OBJ_192.168.7.0_24 NETWORK_OBJ_192.168.7.0_24 destination static NETWORK_OBJ_192.168.8.88_29 NETWORK_OBJ_192.168.8.88_29

nat (inside,outside) source static NETWORK_OBJ_192.168.0.0_24 NETWORK_OBJ_192.168.0.0_24 destination static NETWORK_OBJ_192.168.8.88_29 NETWORK_OBJ_192.168.8.88_29

nat (outside,outside) source static NETWORK_OBJ_192.168.8.0_24 NETWORK_OBJ_192.168.8.0_24 destination static NETWORK_OBJ_192.168.8.88_29 NETWORK_OBJ_192.168.8.88_29

nat (outside,outside) source static NETWORK_OBJ_192.168.9.0 NETWORK_OBJ_192.168.9.0 destination static NETWORK_OBJ_192.168.8.88_29 NETWORK_OBJ_192.168.8.88_29

nat (outside,outside) source static NETWORK_OBJ_192.168.8.0_24 NETWORK_OBJ_192.168.8.0_24 destination static NETWORK_OBJ_192.168.8.0_29 NETWORK_OBJ_192.168.8.0_29

nat (outside,outside) source static NETWORK_OBJ_192.168.9.0 NETWORK_OBJ_192.168.9.0 destination static NETWORK_OBJ_192.168.8.0_29 NETWORK_OBJ_192.168.8.0_29

nat (outside,outside) source static NETWORK_OBJ_192.168.8.0_24 NETWORK_OBJ_192.168.8.0_24 destination static NETWORK_OBJ_192.168.8.8_29 NETWORK_OBJ_192.168.8.8_29

nat (outside,outside) source static NETWORK_OBJ_192.168.9.0 NETWORK_OBJ_192.168.9.0 destination static NETWORK_OBJ_192.168.8.8_29 NETWORK_OBJ_192.168.8.8_29

nat (outside,outside) source static NETWORK_OBJ_192.168.9.0 NETWORK_OBJ_192.168.9.0 destination static NETWORK_OBJ_192.168.8.16_29 NETWORK_OBJ_192.168.8.16_29

nat (outside,outside) source static NETWORK_OBJ_192.168.8.0_24 NETWORK_OBJ_192.168.8.0_24 destination static NETWORK_OBJ_192.168.8.24_29 NETWORK_OBJ_192.168.8.24_29

nat (outside,outside) source static NETWORK_OBJ_192.168.9.0 NETWORK_OBJ_192.168.9.0 destination static NETWORK_OBJ_192.168.8.24_29 NETWORK_OBJ_192.168.8.24_29

nat (outside,outside) source static NETWORK_OBJ_192.168.8.0_24 NETWORK_OBJ_192.168.8.0_24 destination static NETWORK_OBJ_192.168.8.32_29 NETWORK_OBJ_192.168.8.32_29

nat (outside,outside) source static NETWORK_OBJ_192.168.9.0 NETWORK_OBJ_192.168.9.0 destination static NETWORK_OBJ_192.168.8.32_29 NETWORK_OBJ_192.168.8.32_29

nat (outside,outside) source static NETWORK_OBJ_192.168.8.0_24 NETWORK_OBJ_192.168.8.0_24 destination static NETWORK_OBJ_192.168.8.40_29 NETWORK_OBJ_192.168.8.40_29

nat (outside,outside) source static NETWORK_OBJ_192.168.9.0 NETWORK_OBJ_192.168.9.0 destination static NETWORK_OBJ_192.168.8.40_29 NETWORK_OBJ_192.168.8.40_29

nat (outside,outside) source static NETWORK_OBJ_192.168.8.0_24 NETWORK_OBJ_192.168.8.0_24 destination static NETWORK_OBJ_192.168.8.48_29 NETWORK_OBJ_192.168.8.48_29

nat (outside,outside) source static NETWORK_OBJ_192.168.9.0 NETWORK_OBJ_192.168.9.0 destination static NETWORK_OBJ_192.168.8.48_29 NETWORK_OBJ_192.168.8.48_29

nat (outside,outside) source static NETWORK_OBJ_192.168.8.0_24 NETWORK_OBJ_192.168.8.0_24 destination static NETWORK_OBJ_192.168.8.56_29 NETWORK_OBJ_192.168.8.56_29

nat (outside,outside) source static NETWORK_OBJ_192.168.9.0 NETWORK_OBJ_192.168.9.0 destination static NETWORK_OBJ_192.168.8.56_29 NETWORK_OBJ_192.168.8.56_29

nat (outside,outside) source static NETWORK_OBJ_192.168.8.0_24 NETWORK_OBJ_192.168.8.0_24 destination static NETWORK_OBJ_192.168.8.64_29 NETWORK_OBJ_192.168.8.64_29

nat (outside,outside) source static NETWORK_OBJ_192.168.9.0 NETWORK_OBJ_192.168.9.0 destination static NETWORK_OBJ_192.168.8.64_29 NETWORK_OBJ_192.168.8.64_29

nat (outside,outside) source static NETWORK_OBJ_192.168.8.0_24 NETWORK_OBJ_192.168.8.0_24 destination static NETWORK_OBJ_192.168.8.72_29 NETWORK_OBJ_192.168.8.72_29

nat (outside,outside) source static NETWORK_OBJ_192.168.9.0 NETWORK_OBJ_192.168.9.0 destination static NETWORK_OBJ_192.168.8.72_29 NETWORK_OBJ_192.168.8.72_29

nat (outside,outside) source static NETWORK_OBJ_192.168.8.0_24 NETWORK_OBJ_192.168.8.0_24 destination static NETWORK_OBJ_192.168.8.16_29 NETWORK_OBJ_192.168.8.16_29

!

object network obj_any

nat (inside,outside) dynamic interface

object network obj_192.168.0.5_66_3389

nat (inside,outside) static interface service tcp 3389 3389

object network obj_192.168.0.103_66_3389

nat (inside,outside) static interface service tcp 3389 3397

object network obj_192.168.0.10_66_3389

nat (inside,outside) static interface service tcp 3389 3399

object network obj_192.168.0.87_66_3389

nat (inside,outside) static interface service tcp 3389 3395

object network obj_192.168.0.163_66_443

nat (inside,outside) static interface service tcp https https

object network obj_192.168.0.253_66_1280

nat (inside,outside) static interface service tcp 1280 1280

object network obj_192.168.0.253_66_5100

nat (inside,outside) static interface service tcp 5100 5100

object network obj_192.168.0.253_66_5300

nat (inside,outside) static interface service tcp 5300 5300

object network abj_69.70.27.66

nat (outside,inside) static obj_192.168.0.5_66_3389 service tcp 3389 3389

!

nat (inside,inside) after-auto source static any abj_69.70.27.66 destination static abj_69.70.27.66 obj_192.168.0.5_66_3389 service 3389 3389

access-group outside_access_in in interface outside

access-group inside_access_in in interface inside

access-group global_access global

route outside 0.0.0.0 0.0.0.0 XXXXXXXX 1

route inside 192.168.7.0 255.255.255.0 192.168.0.150 1

route outside 0.0.0.0 0.0.0.0 192.168.0.150 tunneled

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

dynamic-access-policy-record DfltAccessPolicy

aaa-server RADIUSCPD protocol radius

aaa-server RADIUSCPD (inside) host 192.168.0.19

key *****

radius-common-pw *****

aaa authentication ssh console LOCAL

aaa authentication telnet console LOCAL

aaa authentication http console LOCAL

http server enable

http 192.168.0.0 255.255.255.255 inside

http 0.0.0.0 0.0.0.0 outside

http 0.0.0.0 0.0.0.0 inside

http 192.168.0.48 255.255.255.255 inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac

crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac

crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac

crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac

crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac

crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac

crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac

crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac

crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

crypto dynamic-map L2L_map 10 match address outside_cryptomap0

crypto dynamic-map L2L_map 10 set pfs

crypto dynamic-map L2L_map 10 set transform-set ESP-3DES-SHA

crypto dynamic-map L2L_map 10 set reverse-route

crypto dynamic-map L2L_map 20 match address outside_cryptomap8

crypto dynamic-map L2L_map 20 set pfs

crypto dynamic-map L2L_map 20 set transform-set ESP-3DES-SHA

crypto dynamic-map L2L_map 20 set reverse-route

crypto dynamic-map L2L_map 30 match address outside_cryptomap16

crypto dynamic-map L2L_map 30 set pfs

crypto dynamic-map L2L_map 30 set transform-set ESP-3DES-SHA

crypto dynamic-map L2L_map 30 set reverse-route

crypto dynamic-map L2L_map 40 match address outside_cryptomap24

crypto dynamic-map L2L_map 40 set pfs

crypto dynamic-map L2L_map 40 set transform-set ESP-3DES-SHA

crypto dynamic-map L2L_map 40 set reverse-route

crypto dynamic-map L2L_map 50 match address outside_cryptomap32

crypto dynamic-map L2L_map 50 set pfs

crypto dynamic-map L2L_map 50 set transform-set ESP-3DES-SHA

crypto dynamic-map L2L_map 50 set reverse-route

crypto dynamic-map L2L_map 60 match address outside_cryptomap40

crypto dynamic-map L2L_map 60 set pfs

crypto dynamic-map L2L_map 60 set transform-set ESP-3DES-SHA

crypto dynamic-map L2L_map 60 set reverse-route

crypto dynamic-map L2L_map 70 match address outside_cryptomap48

crypto dynamic-map L2L_map 70 set pfs

crypto dynamic-map L2L_map 70 set transform-set ESP-3DES-SHA

crypto dynamic-map L2L_map 70 set reverse-route

crypto dynamic-map L2L_map 80 match address outside_cryptomap56

crypto dynamic-map L2L_map 80 set pfs

crypto dynamic-map L2L_map 80 set transform-set ESP-3DES-SHA

crypto dynamic-map L2L_map 80 set reverse-route

crypto dynamic-map L2L_map 90 match address outside_cryptomap64

crypto dynamic-map L2L_map 90 set pfs

crypto dynamic-map L2L_map 90 set transform-set ESP-3DES-SHA

crypto dynamic-map L2L_map 90 set reverse-route

crypto dynamic-map L2L_map 100 match address outside_cryptomap72

crypto dynamic-map L2L_map 100 set pfs

crypto dynamic-map L2L_map 100 set transform-set ESP-3DES-SHA

crypto dynamic-map L2L_map 100 set reverse-route

crypto dynamic-map L2L_map 110 match address outside_cryptomap80

crypto dynamic-map L2L_map 110 set pfs

crypto dynamic-map L2L_map 110 set transform-set ESP-3DES-SHA

crypto dynamic-map L2L_map 110 set reverse-route

crypto dynamic-map L2L_map 120 match address outside_cryptomap88

crypto dynamic-map L2L_map 120 set pfs

crypto dynamic-map L2L_map 120 set transform-set ESP-3DES-SHA

crypto dynamic-map L2L_map 120 set reverse-route

crypto dynamic-map RA_map 65535 set transform-set ESP-3DES-SHA

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5

crypto map vpnmap 10 ipsec-isakmp dynamic L2L_map

crypto map vpnmap 65535 ipsec-isakmp dynamic RA_map

crypto map vpnmap interface outside

crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP

crypto map inside_map interface inside

crypto isakmp enable outside

crypto isakmp enable inside

crypto isakmp policy 5

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400

crypto isakmp policy 65535

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400

no vpn-addr-assign aaa

no vpn-addr-assign dhcp

vpn-sessiondb max-session-limit 100

telnet 192.168.9.0 255.255.255.0 inside

telnet 192.168.7.0 255.255.255.0 inside

telnet 192.168.0.0 255.255.255.0 inside

telnet 192.168.0.0 255.255.0.0 inside

telnet timeout 20

ssh 198.235.69.156 255.255.255.255 outside

ssh 0.0.0.0 0.0.0.0 inside

ssh timeout 20

console timeout 0

management-access inside

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

webvpn

enable outside

svc image disk0:/anyconnect-win-2.4.1012-k9.pkg 1

svc enable

group-policy DfltGrpPolicy attributes

vpn-tunnel-protocol webvpn

group-policy clubqc_vpn internal

group-policy clubqc_vpn attributes

dns-server value 192.168.0.10 192.168.0.11

vpn-tunnel-protocol IPSec l2tp-ipsec svc

split-tunnel-policy tunnelspecified

split-tunnel-network-list value DefaultACL_vpn

client-access-rule none

webvpn

svc firewall-rule client-interface public none

svc firewall-rule client-interface private none

username bell password """" encrypted

username dmichel password """" encrypted

username coordo_clubqc password """" encrypted

username amine password """"" encrypted

username clubqc_vpn password """" encrypted

tunnel-group DefaultL2LGroup ipsec-attributes

pre-shared-key *****

tunnel-group clubqc_vpn type remote-access

tunnel-group clubqc_vpn general-attributes

address-pool PoolVPN

authentication-server-group RADIUSCPD LOCAL

default-group-policy clubqc_vpn

tunnel-group clubqc_vpn ipsec-attributes

pre-shared-key *****

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

parameters

message-length maximum client auto

message-length maximum 512

policy-map global_policy

class inspection_default

inspect dns preset_dns_map

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp

inspect ip-options

inspect icmp

inspect pptp

!

service-policy global_policy global

prompt hostname context

call-home

profile CiscoTAC-1

no active

destination address http

https://tools.cisco.com/its/service/odd ... DCEService


destination address email

[email protected]


destination transport-method http

subscribe-to-alert-group diagnostic

subscribe-to-alert-group environment

subscribe-to-alert-group inventory periodic monthly

subscribe-to-alert-group configuration periodic monthly

subscribe-to-alert-group telemetry periodic daily




Sent from Cisco Technical Support iPhone App

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion