Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA5510 -> 541W Tunnel problems

I have been asked to look over this - I am extremely familar with L2/L3 networking, and VPNs, just don't have as in-depth experience with ASA's and especially this new 541w prosumer product... here's the issue:

The end users are reporting that the tunnel is dropping at random  intervals (usually after a few hours) and will not come back up unless  the on-site tech disables the tunnel and re-enables it...

Site-A (ASA) has a VPN tunnel to Site-B (541W) - the tunnel works and passes LAN-LAN traffic with no problems.  The SA policies on both ends have a timeout of 28800 seconds and all phase1/2 settings are identical.  From the configs i've looked at, it appears that the ASA key time is 28800 seconds AND the ASA wants to regen after like 4gb'ish of data transfer in the tunnel,.  Additionally, the 541W only has settings to regen after 28800 seconds, NOT time+throughput...

Just want to clarify, that I am not the person who procured the equipment and did not set this up - just trying to resolve the issues.  Any input from the community would be helpful... below is the ASA sh run output -- unfortunately the 541W has no console access, and it's all GUI based - so i'm still looking for a way to get a config out of it...

ASA Version 8.0(2)

!

hostname ASA5510

domain-name xxxx.local

enable password kT7ddOacWl/bwJfJ encrypted

names

name 10.10.0.0 Side-A-Subnet

name 192.168.75.0 Side-B-Subnet

!

interface Ethernet0/0

  nameif Inside

  security-level 100

  ip address 10.10.0.1 255.255.0.0

!

interface Ethernet0/1

  nameif Outside

  security-level 0

  ip address xx.xx.100.162 255.255.255.248

!

interface Ethernet0/2

  shutdown

  no nameif

  no security-level

  no ip address

!

interface Ethernet0/3

  shutdown

  no nameif

  no security-level

  no ip address

!

interface Management0/0

  nameif management

  security-level 100

  ip address 192.168.1.1 255.255.255.0

  management-only

!

passwd SvJG6DqGzkQ17CsD encrypted

ftp mode passive

clock timezone EST -5

clock summer-time EDT recurring

dns domain-lookup Inside

dns server-group DefaultDNS

  name-server 10.10.0.2

  name-server 10.10.0.6

  domain-name dyadic.local

access-list 1 remark Tunnel local LAN only.

access-list 1 standard permit Side-A-Subnet 255.255.0.0

access-list Inside_nat0_outbound extended permit ip Side-A-Subnet

255.255.0.0 172.17.1.0 255.255.255.0

access-list Inside_nat0_outbound extended permit ip Side-A-Subnet

255.255.0.0 host xx.xx.131.249

access-list Inside_nat0_outbound extended permit ip Side-A-Subnet

255.255.0.0 Side-B-Subnet 255.255.255.0

access-list Outside_access_in extended permit tcp any host

72.242.100.162 eq imap4

access-list Outside_access_in extended permit icmp any any

access-list Outside_access_in extended permit tcp any host

72.242.100.162 eq smtp

access-list Outside_access_in extended permit tcp any host

72.242.100.162 eq pop3

access-list Outside_access_in extended permit tcp any host

72.242.100.162 eq https

access-list Outside_access_in extended permit tcp any host

72.242.100.162 eq domain

access-list Outside_access_in extended permit udp any host

72.242.100.162 eq ntp

access-list Outside_access_in remark Anti-spoofing

access-list Outside_access_in extended deny ip host 0.0.0.0 any

access-list Outside_access_in remark Anti-spoofing

access-list Outside_access_in extended deny ip 10.0.0.0 255.0.0.0 any

access-list Outside_access_in remark Anti-spoofing

access-list Outside_access_in extended deny ip 127.0.0.0 255.0.0.0 any

access-list Outside_access_in remark Anti-spoofing

access-list Outside_access_in extended deny ip 172.16.0.0 255.255.0.0 any

access-list Outside_access_in remark Anti-spoofing

access-list Outside_access_in extended deny ip 172.18.0.0 255.254.0.0 any

access-list Outside_access_in remark Anti-spoofing

access-list Outside_access_in extended deny ip 172.20.0.0 255.252.0.0 any

access-list Outside_access_in remark Anti-spoofing

access-list Outside_access_in extended deny ip 172.24.0.0 255.248.0.0 any

access-list Outside_access_in remark Anti-spoofing

access-list Outside_access_in extended deny ip 192.168.0.0 255.255.0.0 any

access-list Outside_access_in remark Anti-spoofing

access-list Outside_access_in extended deny ip 224.0.0.0 248.0.0.0 any

access-list Outside_access_in remark Anti-spoofing

access-list Outside_access_in extended deny ip 255.0.0.0 255.0.0.0 any

access-list Outside_access_in remark Attacker block

access-list Outside_access_in extended deny ip host xx.xx.108.150 any

access-list Outside_access_in extended permit ip host xx.xx.131.249

host xx.xx.100.162

access-list Outside_access_in extended permit ip Side-B-Subnet

255.255.255.0 Side-A-Subnet 255.255.0.0 inactive

access-list Inside_access_in remark Anti-spoofing

access-list Inside_access_in extended deny ip 127.0.0.0 255.0.0.0 any

access-list Inside_access_in remark Anti-spoofing

access-list Inside_access_in extended deny ip host 0.0.0.0 any

access-list Inside_access_in remark Anti-spoofing

access-list Inside_access_in extended deny ip 172.16.0.0 255.240.0.0 any

access-list Inside_access_in remark Anti-spoofing

access-list Inside_access_in extended deny ip 192.168.0.0 255.255.0.0 any

access-list Inside_access_in remark Anti-spoofing

access-list Inside_access_in extended deny ip 255.0.0.0 255.0.0.0 any

access-list Inside_access_in remark Anti-spoofing

access-list Inside_access_in extended deny ip 224.0.0.0 248.0.0.0 any

access-list Inside_access_in remark Humanclick.net Spyware

access-list Inside_access_in extended deny ip any host 198.65.119.24

access-list Inside_access_in remark Humanclick.net Spyware

access-list Inside_access_in extended deny ip any host 198.65.119.21

access-list Inside_access_in remark Bellsouth Toolbar

access-list Inside_access_in extended deny ip any host 216.77.188.46

access-list Inside_access_in remark Humanclick.net Spyware

access-list Inside_access_in extended deny ip any host 130.94.77.118

access-list Inside_access_in remark Kontiki Spyware

access-list Inside_access_in extended deny ip any host 65.77.227.20

access-list Inside_access_in remark Kontiki Spyware

access-list Inside_access_in extended deny ip any host 65.77.227.24

access-list Inside_access_in remark E&Y auditors

access-list Inside_access_in extended deny icmp any 0.1.0.0 255.255.255.0 echo

access-list Inside_access_in remark E&Y auditors

access-list Inside_access_in extended deny tcp any any eq 161

access-list Inside_access_in remark Permit all traffic to less secure networks

access-list Inside_access_in extended permit ip any any

access-list Inside_access_in extended permit ip Side-A-Subnet

255.255.0.0 Side-B-Subnet 255.255.255.0 inactive

access-list Outside_1_cryptomap extended permit ip Side-A-Subnet

255.255.0.0 Side-B-Subnet 255.255.255.0

pager lines 24

logging enable

logging timestamp

logging console alerts

logging monitor alerts

logging trap informational

logging asdm notifications

logging mail emergencies

level emergencies

logging host Inside 10.10.0.3

mtu Inside 1500

mtu Outside 1500

mtu management 1500

ip local pool RA 172.17.1.1-172.17.1.254 mask 255.255.255.0

ip verify reverse-path interface Outside

icmp unreachable rate-limit 1 burst-size 1

icmp deny any echo Outside

asdm image disk0:/asdm-602.bin

asdm history enable

arp timeout 14400

global (Outside) 1 interface

nat (Inside) 0 access-list Inside_nat0_outbound

nat (Inside) 1 Side-A-Subnet 255.255.0.0

static (Inside,Outside) tcp interface imap4 10.10.0.4 imap4 netmask

255.255.255.255

static (Inside,Outside) tcp interface smtp 10.10.0.7 smtp netmask

255.255.255.255

static (Inside,Outside) tcp interface pop3 10.10.0.4 pop3 netmask

255.255.255.255

static (Inside,Outside) tcp interface https 10.10.0.4 https netmask

255.255.255.255

static (Inside,Outside) tcp interface domain 10.10.0.7 domain netmask

255.255.255.255

static (Inside,Outside) udp interface domain 10.10.0.7 domain netmask

255.255.255.255

static (Inside,Outside) udp interface ntp 10.10.0.7 ntp netmask 255.255.255.255

access-group Inside_access_in in interface Inside

access-group Outside_access_in in interface Outside

route Outside 0.0.0.0 0.0.0.0 xx.xx.100.161 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:15:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout uauth 0:05:00 absolute

dynamic-access-policy-record DfltAccessPolicy

aaa-server RadiusAuthor protocol radius

aaa-server RadiusAuthor host 10.10.0.6

  key Monitor2016

  acl-netmask-convert auto-detect

nac-policy WebVPNGroupPolicy-nac-

framework-create nac-framework
  reval-period 36000
  sq-period 300
nac-policy DfltGrpPolicy-nac-framework-create nac-framework
  reval-period 36000
  sq-period 300
aaa authentication http console LOCAL
aaa authentication serial console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 management
http 10.10.0.4 255.255.255.255 Inside
http 10.10.0.3 255.255.255.255 Inside
http 10.10.0.2 255.255.255.255 Inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto dynamic-map Outside_dyn_map 1 set pfs
crypto dynamic-map Outside_dyn_map 1 set transform-set ESP-DES-MD5 ESP-DES-SHA
crypto dynamic-map Outside_dyn_map 1 set security-association lifetime
seconds 86400
crypto dynamic-map Outside_dyn_map 1 set reverse-route
crypto map Outside_map 1 match address Outside_1_cryptomap
crypto map Outside_map 1 set peer xx.xx.126.89
crypto map Outside_map 1 set transform-set ESP-DES-MD5
crypto map Outside_map 1 set phase1-mode aggressive
crypto map Outside_map 65535 ipsec-isakmp dynamic Outside_dyn_map
crypto map Outside_map interface Outside
crypto ca trustpoint rd
  enrollment terminal
  fqdn none
  subject-name CN=rd.xxxx.com,OU=R&D,O=Dyadic International
Inc,C=US,St=Florida,L=xxxx
  keypair VerisignKey
  crl configure
crypto ca trustpoint rd-root-ca
  enrollment terminal
  keypair VerisignKey
  crl configure
crypto ca trustpoint Thawte
  enrollment terminal
  fqdn none
  subject-name CN=webvpn.xxxx.com,OU=WebVPN,O=Dyadic International
Inc.,C=US,St=Florida,L=xxxx
  keypair ThawteKeyPair
  crl configure
crypto ca certificate chain rd
  certificate ca 63b1a5cdc59f78801da0636cf975467b
    308204c0 30820429 a0030201 02021063 b1a5cdc5 9f78801d a0636cf9 75467b30
    0d06092a 864886f7 0d010105 05003081 8c310b30 09060355 04061302 55533117
    30150603 55040a13 0e566572 69536967 6e2c2049 6e632e31 30302e06 0355040b
    1327466f 72205465 73742050 7572706f 73657320 4f6e6c79 2e20204e 6f206173
    73757261 6e636573 2e313230 30060355 04031329 56657269 5369676e 20547269
    616c2053 65637572 65205365 72766572 20546573 7420526f 6f742043 41301e17
    0d303530 32303930 30303030 305a170d 31353032 30383233 35393539 5a3081cb
    310b3009 06035504 06130255 53311730 15060355 040a130e 56657269 5369676e
    2c20496e 632e3130 302e0603 55040b13 27466f72 20546573 74205075 72706f73
    6573204f 6e6c792e 20204e6f 20617373 7572616e 6365732e 31423040 06035504
    0b133954 65726d73 206f6620 75736520 61742068 74747073 3a2f2f77 77772e76
    65726973 69676e2e 636f6d2f 6370732f 74657374 63612028 63293035 312d302b
    06035504 03132456 65726953 69676e20 54726961 6c205365 63757265 20536572
    76657220 54657374 20434130 82012230 0d06092a 864886f7 0d010101 05000382
    010f0030 82010a02 82010100 bb171add 4ce07ca3 5f003efc d02ec049 6fe8827f
    0d5f3382 9bf1bb07 5a32fe9f 35004748 5e1e2a41 437092c9 5673f9dd 988670b0
    00c130b9 8af1a91a a13ad410 43e99aa4 77ce653e 5ffa5f12 b411d9ab 37ba9532
    6bc13064 6c98e8e3 7b5a29e5 fd2728fa 95a0d2b6 a8d501ea 7e39d4fe 2aa32a92
    1346ddae ed7aaae6 7e208d9c 185006d6 84b2472e 30bd8fdd a551ee64 e66a61c2
    242b4f32 1a8b51db 10350ff3 820a664e e5198da8 b2ca495c 181e1276 e44b2416
    1811daa0 b15f6110 25d9c35e e4f0d3ee 2d96a8fd ef2764e6 20e8c632 9f57ab1b
    b67a774c 863a4b4e db4dbf60 c490a4e2 919b71ff 0338fbce 7c646ed7 0a5f5146
    42f2ff96 282db4fa c2ba40c1 02030100 01a38201 5c308201 58301206 03551d13
    0101ff04 08300601 01ff0201 00304b06 03551d20 04443042 3040060a 60864801
    86f84501 07153032 30300608 2b060105 05070201 16246874 7470733a 2f2f7777
    772e7665 72697369 676e2e63 6f6d2f63 70732f74 65737463 612f300e 0603551d
    0f0101ff 04040302 01063011 06096086 480186f8 42010104 04030201 06301d06
    03551d0e 04160414 66228e81 e03159dd 2a7fab46 c5360206 7027875a 3081b206
    03551d23 0481aa30 81a7a181 92a4818f 30818c31 0b300906 03550406 13025553
    31173015 06035504 0a130e56 65726953 69676e2c 20496e63 2e313030 2e060355
    040b1327 466f7220 54657374 20507572 706f7365 73204f6e 6c792e20 204e6f20
    61737375 72616e63 65732e31 32303006 03550403 13295665 72695369 676e2054
    7269616c 20536563 75726520 53657276 65722054 65737420 526f6f74 20434182
    1020a897 aedb8202 dec136a0 4e26bd87 73300d06 092a8648 86f70d01 01050500
    03818100 4b3e6ff2 cdff4a3c d1bd8da5 2aa7f6df 86113a22 f9d594b5 d75a1467
    6300369d 87e1b8b0 e22b5fb0 6e6c9c30 e5c12466 887dc15b f494e841 330fda22
    022f535e f448703e 6ad2607e 9f22bd7c 1d9a0733 a26a21d2 8885b300 97908eea
    80f90f77 8cd7b0fa 97ae8f80 2176f18d 9ff28aff ed58bfad 70dfeee0
eae90530 045504d8
  quit
  certificate 704708576aceddb2fc1c5af2ec47413c
    30820562 3082044a a0030201 02021070 4708576a ceddb2fc 1c5af2ec 47413c30
    0d06092a 864886f7 0d010105 05003081 cb310b30 09060355 04061302 55533117
    30150603 55040a13 0e566572 69536967 6e2c2049 6e632e31 30302e06 0355040b
    1327466f 72205465 73742050 7572706f 73657320 4f6e6c79 2e20204e 6f206173
    73757261 6e636573 2e314230 40060355 040b1339 5465726d 73206f66 20757365
    20617420 68747470 733a2f2f 7777772e 76657269 7369676e 2e636f6d 2f637073
    2f746573 74636120 28632930 35312d30 2b060355 04031324 56657269 5369676e
    20547269 616c2053 65637572 65205365 72766572 20546573 74204341 301e170d
    30373034 30393030 30303030 5a170d30 37303432 33323335 3935395a 3081b631
    0b300906 03550406 13025553 3110300e 06035504 08130746 6c6f7269 64613110
    300e0603 55040714 074a7570 69746572 3121301f 06035504 0a141844 79616469
    6320496e 7465726e 6174696f 6e616c20 496e6331 0c300a06 0355040b 14035226
    44313a30 38060355 040b1431 5465726d 73206f66 20757365 20617420 7777772e
    76657269 7369676e 2e636f6d 2f637073 2f746573 74636120 28632930 35311630
    14060355 0403140d 72642e64 79616469 632e636f 6d30819f 300d0609 2a864886
    f70d0101 01050003 818d0030 81890281 8100e8d2 3b9bdfe5 507126a2 d4f0d5d8
    c9815c3c c6ba9cd6 26ae248a 0405c50e 4e971d1e 983562db 34b2d85e a36bc15a
    4844bc26 2c71de80 5da75bf7 aa50a2be 449d66bd 08f3d3dd 646a5020 082d5f28
    f963a50d f547b5fe 8da7ea41 c0b3e3bf 3d878b26 0f5c2138 b0af67d8 ce402e67
    b5bc8d4a 9e19efed 1c75e8ae d0a83d05 90330203 010001a3 8201d730 8201d330
    09060355 1d130402 3000300b 0603551d 0f040403 0205a030 43060355 1d1f043c
    303a3038 a036a034 86326874 74703a2f 2f535652 53656375 72652d63 726c2e76
    65726973 69676e2e 636f6d2f 53565254 7269616c 32303035 2e63726c 304a0603
    551d2004 43304130 3f060a60 86480186 f8450107 15303130 2f06082b 06010505
    07020116 23687474 70733a2f 2f777777 2e766572 69736967 6e2e636f 6d2f6370
    732f7465 73746361 301d0603 551d2504 16301406 082b0601 05050703 0106082b
    06010505 07030230 1f060355 1d230418 30168014 66228e81 e03159dd 2a7fab46
    c5360206 7027875a 30780608 2b060105 05070101 046c306a 30240608 2b060105
    05073001 86186874 74703a2f 2f6f6373 702e7665 72697369 676e2e63 6f6d3042
    06082b06 01050507 30028636 68747470 3a2f2f53 56525365 63757265 2d616961
    2e766572 69736967 6e2e636f 6d2f5356 52547269 616c3230 30352d61 69612e63
    6572306e 06082b06 01050507 010c0462 3060a15e a05c305a 30583056 1609696d
    6167652f 67696630 21301f30 0706052b 0e03021a 04144b6b b9289606 0cbbd052
    389b29ac 4b078b21 05183026 16246874 74703a2f 2f6c6f67 6f2e7665 72697369
    676e2e63 6f6d2f76 736c6f67 6f312e67 6966300d 06092a86 4886f70d 01010505
    00038201 01004b46 0adeb753 7893c2c7 4a59bd55 59b986fe 5d5a4935 8fc15dc8
    1b65159b 936c855a b4f04e2f fca7e354 66f15522 fb8cf274 ef5e8c7d e3bc2a20
    b343a941 0e4a373d a7039afa 8474c52b 99a0c12b 149de78e 068575bb 6308e08a
    1aea495f 257581d8 a8813b2c 16cc6d96 f4deabff 02c52d9b 3a59b15a 1ff92d96
    e543bb84 459f52e5 0a014af9 082c9298 17c4f4ff b9d1892e 8da1ee1f dfd3e88d
    9ef33c9c b42e11df 14480eed b20f4e49 bdafa2fd 8fbf4205 b0dfc0c6 bfef1d6c
    04263ffa 07e81be6 90667222 7c318441 53ad044f 9954d1e6 b9c831c2 1afe7813
    5dd78ae0 c49eccc5 406f9b73 c7769a82 7519c189 bb320f1b 4e7c767b 21703449
    e81f4274 2766
  quit
crypto ca certificate chain rd-root-ca
  certificate ca 20a897aedb8202dec136a04e26bd8773
    30820298 30820201 021020a8 97aedb82 02dec136 a04e26bd 8773300d 06092a86
    4886f70d 01010205 0030818c 310b3009 06035504 06130255 53311730 15060355
    040a130e 56657269 5369676e 2c20496e 632e3130 302e0603 55040b13 27466f72
    20546573 74205075 72706f73 6573204f 6e6c792e 20204e6f 20617373 7572616e
    6365732e 31323030 06035504 03132956 65726953 69676e20 54726961 6c205365
    63757265 20536572 76657220 54657374 20526f6f 74204341 301e170d 30353032
    30393030 30303030 5a170d32 35303230 38323335 3935395a 30818c31 0b300906
    03550406 13025553 31173015 06035504 0a130e56 65726953 69676e2c 20496e63
    2e313030 2e060355 040b1327 466f7220 54657374 20507572 706f7365 73204f6e
    6c792e20 204e6f20 61737375 72616e63 65732e31 32303006 03550403 13295665
    72695369 676e2054 7269616c 20536563 75726520 53657276 65722054 65737420
    526f6f74 20434130 819f300d 06092a86 4886f70d 01010105 0003818d 00308189
    02818100 9f21f7c5 3b925699 1f97049f a09210a9 8659506c 4f01c868 c00056a1
    aa0949fb 43d0b5d2 c10e2070 739f22f2 7920e332 ce4cd670 bf88003b 2820127f
    fc87cf40 1d954fb5 2114a28f 01d317fd 9d612a13 4f13f618 29ad2f51 9ae22efe
    cc30e8d3 ce95efe3 62140189 8fe0987b 2e3bb9ee 176b7de8 ff860e03 d3c62fce
    e8a857bb 02030100 01300d06 092a8648 86f70d01 01020500 03818100 3aae38ee
    b3f9103a 85125def 84b8604d b9f26ac9 0d6303ef c64fb482 b9d0c830 38b05fea
    80af2716 59ef2e60 0e1770e6 7eea96e9 64abe33a 93633a70 98996c9f 8f0e9bfc
    968ab2fc 1ae5917e d8add8f3 b14df1d2 07c56647 e3d9c769 36e14816 519ca88c
    31b126d8 87777b63 09da8581 38ade0d2 b8dbd716 39c66b87 8ef178e2
  quit
crypto ca certificate chain Thawte
  certificate ca 01
    30820313 3082027c a0030201 02020101 300d0609 2a864886 f70d0101 04050030
    81c4310b 30090603 55040613 025a4131 15301306 03550408 130c5765 73746572
    6e204361 70653112 30100603 55040713 09436170 6520546f 776e311d 301b0603
    55040a13 14546861 77746520 436f6e73 756c7469 6e672063 63312830 26060355
    040b131f 43657274 69666963 6174696f 6e205365 72766963 65732044 69766973
    696f6e31 19301706 03550403 13105468 61777465 20536572 76657220 43413126
    30240609 2a864886 f70d0109 01161773 65727665 722d6365 72747340 74686177
    74652e63 6f6d301e 170d3936 30383031 30303030 30305a17 0d323031 32333132
    33353935 395a3081 c4310b30 09060355 04061302 5a413115 30130603 55040813
    0c576573 7465726e 20436170 65311230 10060355 04071309 43617065 20546f77
    6e311d30 1b060355 040a1314 54686177 74652043 6f6e7375 6c74696e 67206363
    31283026 06035504 0b131f43 65727469 66696361 74696f6e 20536572 76696365
    73204469 76697369 6f6e3119 30170603 55040313 10546861 77746520 53657276
    65722043 41312630 2406092a 864886f7 0d010901 16177365 72766572 2d636572
    74734074 68617774 652e636f 6d30819f 300d0609 2a864886 f70d0101 01050003
    818d0030 81890281 8100d3a4 506ec8ff 566be6cf 5db6ea0c 687547a2 aac2da84
    25fca8f4 4751da85 b5207494 861e0f75 c9e90861 f5066d30 6e151902 e952c062
    db4d999e e26a0c44 38cdfebe e3640970 c5feb16b 29b62f49 c83bd427 04251097
    2fe7906d c0284299 d74c43de c3f5216d 549f5dc3 58e1c0e4 d95bb0b8 dcb47bdf
    363ac2b5 662212d6 870d0203 010001a3 13301130 0f060355 1d130101 ff040530
    030101ff 300d0609 2a864886 f70d0101 04050003 81810007 fa4c695c fb95cc46
    ee85834d 21308eca d9a86f49 1ae6da51 e360706c 846111a1 1ac8483e 59437d4f
    953da18b b70b6298 7a758add 884e4e9e 40dba8cc 3274b96f 0dc6e3b3 440bd98a
    6f9a299b 9918283b d1e34028 9a5a3cd5 b5e7201b 8bcaa4ab 8de951d9 e24c2c59
    a9dab9b2 751bf642 f2efc7f2 18f989bc a3ff8a23 2e7047
  quit
  certificate 4c36b11ea7d08446731343cc637c3ad1
    3082039f 30820308 a0030201 0202104c 36b11ea7 d0844673 1343cc63 7c3ad130
    0d06092a 864886f7 0d010105 05003081 c4310b30 09060355 04061302 5a413115
    30130603 55040813 0c576573 7465726e 20436170 65311230 10060355 04071309
    43617065 20546f77 6e311d30 1b060355 040a1314 54686177 74652043 6f6e7375
    6c74696e 67206363 31283026 06035504 0b131f43 65727469 66696361 74696f6e
    20536572 76696365 73204469 76697369 6f6e3119 30170603 55040313 10546861
    77746520 53657276 65722043 41312630 2406092a 864886f7 0d010901 16177365
    72766572 2d636572 74734074 68617774 652e636f 6d301e17 0d303730 34313130
    30303030 305a170d 30393034 31303233 35393539 5a3081b4 311a3018 06035504
    0a131177 65627670 6e2e6479 61646963 2e636f6d 313b3039 06035504 0b133247
    6f20746f 20687474 70733a2f 2f777777 2e746861 7774652e 636f6d2f 7265706f
    7369746f 72792f69 6e646578 2e68746d 6c312230 20060355 040b1319 54686177
    74652053 534c3132 33206365 72746966 69636174 65311930 17060355 040b1310
    446f6d61 696e2056 616c6964 61746564 311a3018 06035504 03131177 65627670
    6e2e6479 61646963 2e636f6d 30819f30 0d06092a 864886f7 0d010101 05000381
    8d003081 89028181 00a21a6c 4b4eafa8 b3768821 5aa6208f a4d707fa b2fb4bed
    db8fe27d 27112aaa b421f4e2 3b704bfc 863ceb89 85d0b9f7 af436554 81db7b83
    77d063b3 ad2e9361 bdc57b7b b36adee9 fa34df01 93daae55 d4078c4d 977b6ae1
    d2fcdd2d b969400c e8fff024 fbf2e208 3c3c4749 c4dc8c4d 75ca89e9 9df30209
    d54a62b8 4537a7cb a7020301 0001a381 9f30819c 300c0603 551d1301 01ff0402
    30003039 0603551d 1f043230 30302ea0 2ca02a86 28687474 703a2f2f 63726c2e
    74686177 74652e63 6f6d2f54 68617774 65536572 76657243 412e6372 6c301d06
    03551d25 04163014 06082b06 01050507 03010608 2b060105 05070302 30320608
    2b060105 05070101 04263024 30220608 2b060105 05073001 86166874 74703a2f
    2f6f6373 702e7468 61777465 2e636f6d 300d0609 2a864886 f70d0101 05050003
    818100a9 5a85dada f753ff85 1d8d78cd 8800e270 5ec7176c 03de557c a1dcac15
    b4a153b5 ca10a7b0 6a160ead bc9f60cd 0c6ce76c 85c8fe8c d6623820 12ab8ca6
    fa3eac49 27451bd3 78c4aef8 0045517e 1944cefa 587ae3cf 5272ab17 c9efe384
    19c6a1d1 1dc629c3 5a13bf0a 838d335a 912af3ea 977a0a23 66bf4cfd
7aff6842 018396
  quit
crypto isakmp identity address
crypto isakmp enable Inside
crypto isakmp enable Outside
crypto isakmp enable management
crypto isakmp policy 1
  authentication pre-share
  encryption des
  hash md5
  group 2
  lifetime 28800
no crypto isakmp nat-traversal
crypto isakmp disconnect-notify
no vpn-addr-assign aaa
no vpn-addr-assign dhcp
telnet 10.10.0.3 255.255.255.255 Inside
telnet 10.10.0.4 255.255.255.255 Inside
telnet 10.10.0.2 255.255.255.255 Inside
telnet 192.168.1.0 255.255.255.0 management
telnet timeout 5
ssh 10.10.0.4 255.255.255.255 Inside
ssh 10.10.0.3 255.255.255.255 Inside
ssh 10.10.0.2 255.255.255.255 Inside
ssh 192.168.1.0 255.255.255.0 management
ssh timeout 20
console timeout 20
threat-detection basic-threat
threat-detection statistics
!
class-map global-class
  match default-inspection-traffic
!
!
policy-map global-policy
  class global-class
  inspect ftp
!
service-policy global-policy global
ntp server 10.10.0.2 source Inside
ssl encryption 3des-sha1 aes128-sha1 aes256-sha1 des-sha1 rc4-md5
ssl trust-point Thawte Outside
webvpn
  port 8080
  enable Outside
group-policy DfltGrpPolicy attributes
  dns-server value 10.10.0.2 10.10.0.6
  vpn-simultaneous-logins 1
  vpn-idle-timeout 60
  vpn-tunnel-protocol IPSec
  group-lock value DefaultRAGroup
  split-tunnel-policy tunnelspecified
  split-tunnel-network-list value 1
  default-domain value dyadic.local
  split-dns value dyadic.local
  nem enable
  address-pools value RA
  webvpn
  url-list value ServerList
  svc dpd-interval client none
  svc dpd-interval gateway none
group-policy WebVPNGroupPolicy internal
group-policy WebVPNGroupPolicy attributes
  wins-server none
  dns-server value 10.10.0.2 10.10.0.6
  dhcp-network-scope none
  vpn-access-hours none
  vpn-simultaneous-logins 1
  vpn-idle-timeout 30
  vpn-session-timeout none
  vpn-filter none
  vpn-tunnel-protocol webvpn
  password-storage disable
  ip-comp disable
  re-xauth disable
  group-lock none
  pfs disable
  ipsec-udp disable
  ipsec-udp-port 10000
  split-tunnel-policy tunnelall
  split-tunnel-network-list none
  default-domain none
  split-dns none
  intercept-dhcp disable
  secure-unit-authentication disable
  user-authentication disable
  user-authentication-idle-timeout none
  ip-phone-bypass disable
  leap-bypass disable
  nem disable
  backup-servers keep-client-config
  msie-proxy server none
  msie-proxy method no-modify
  msie-proxy except-list none
  msie-proxy local-bypass disable
  nac-settings value WebVPNGroupPolicy-nac-framework-create
  address-pools value RA
  client-firewall none
  client-access-rule none
  webvpn
  url-list value ServerList
  filter none
  homepage none
  html-content-filter none
  port-forward disable
  sso-server none
  svc keep-installer installed
  svc keepalive none
  svc rekey time none
  svc rekey method none
  svc dpd-interval client none
  svc dpd-interval gateway none
  svc compression deflate
  svc ask none
  customization value DfltCustomization
  keep-alive-ignore 4
  http-comp gzip
  deny-message value Login was successful, but because certain
criteria have not been met or due to some specific group policy, you
do not have permission to use any of the VPN features. Contact your IT
administrator for more information.
username admin password /WJ.IkftSEq3rji0 encrypted privilege 15
tunnel-group DefaultRAGroup general-attributes
  address-pool (Inside) RA
  address-pool RA
  authentication-server-group RadiusAuthor
  authentication-server-group (Inside) RadiusAuthor
  authorization-server-group RadiusAuthor
  accounting-server-group RadiusAuthor
  password-management
  authorization-dn-attributes use-entire-name
tunnel-group DefaultRAGroup ipsec-attributes
  pre-shared-key *
tunnel-group DefaultRAGroup ppp-attributes
  no authentication chap
  no authentication ms-chap-v1
  authentication ms-chap-v2
tunnel-group DefaultWEBVPNGroup general-attributes
  address-pool (Inside) RA
  address-pool RA
  authentication-server-group RadiusAuthor
  authentication-server-group (Outside) RadiusAuthor
  authorization-server-group RadiusAuthor
  accounting-server-group RadiusAuthor
  default-group-policy WebVPNGroupPolicy
  password-management
tunnel-group DefaultWEBVPNGroup webvpn-attributes
  hic-fail-group-policy WebVPNGroupPolicy
tunnel-group xx.xx.126.89 type ipsec-l2l
tunnel-group xx.xx.126.89 ipsec-attributes
  pre-shared-key *
smtp-server xx.xx.100.162 72.242.100.165
prompt hostname context
Cryptochecksum:0c791c2b3b1b217d08e415e4e83facb6
: end
asdm image disk0:/asdm-602.bin
asdm location 172.17.1.0 255.255.255.0 Outside
asdm location xx.xx.100.162 255.255.255.255 Inside
asdm history enable
Everyone's tags (5)
727
Views
0
Helpful
0
Replies
CreatePlease login to create content