Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

VPN client, 2 networks

Hi Everyone,

 

I hope this is the right place to post this. I have an interesting, but hopefully simple problem. We are using an ASA 5510 with the Cisco Secure Mobility client for VPN access. I've setup split tunneling and the clients can sign in and access the "home" network of the ASA. But we'd also like them to be able to access the other networks that are conencted via other tunnels. Here's a quick example:

 

Cisco ASA Network: 10.0.0.0

VPN client Network: 10.0.3.0

Other Network: 10.0.1.0

 

So far I haven't been able to get the VPN network to talk to the Other Network. I'm sure it's a NAT or Firewall issue, but not sure what to do to get it corrected. Here's my configuration so far:

 

ASA Version 9.1(5)10
!
hostname Home-ASA
domain-name esi.local
enable password ABNjfKfRdz2FbrEX encrypted
passwd ABNjfKfRdz2FbrEX encrypted
names
dns-guard
ip local pool Home-VPN-IP 10.0.3.2-10.0.3.20 mask 255.255.255.0
!
interface Ethernet0/0
 speed 100
 duplex full
 nameif outside
 security-level 0
 ip address X.X.X.X X.X.X.X
!
interface Ethernet0/1
 nameif inside
 security-level 100
 ip address 10.0.0.1 255.255.255.0
!
interface Ethernet0/2
 nameif dmz
 security-level 50
 ip address 172.16.1.1 255.255.255.0
!
interface Ethernet0/3
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Management0/0
 shutdown
 nameif management
 security-level 100
 ip address 192.168.1.1 255.255.255.0
!
boot system disk0:/asa915-10-k8.bin
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns domain-lookup outside
dns domain-lookup inside
dns domain-lookup dmz
dns server-group DefaultDNS
 name-server 10.0.0.241
 domain-name home.local
same-security-traffic permit inter-interface
object network obj-10.0.0.0
 subnet 10.0.0.0 255.255.255.0
object network HomeVS01
 host 10.0.0.234
object network Documents
 host 10.0.0.12
object network HomeIntranet
 host 10.0.0.6
object network obj-10.0.0.80
 host 10.0.0.80
object network obj_any
 subnet 0.0.0.0 0.0.0.0
object network obj_any-01
 subnet 0.0.0.0 0.0.0.0
object network obj_any-02
 subnet 0.0.0.0 0.0.0.0
object network obj-0.0.0.0
 host 0.0.0.0
object network obj_any-04
 subnet 0.0.0.0 0.0.0.0
object network obj_any-09
 subnet 0.0.0.0 0.0.0.0
object network obj_any-10
 subnet 0.0.0.0 0.0.0.0
object network obj_any-11
 subnet 0.0.0.0 0.0.0.0
object network obj_any-13
 subnet 0.0.0.0 0.0.0.0
object network Inside-Network
 subnet 10.0.0.0 255.255.255.0
object network Host-1
 subnet 10.0.1.0 255.255.255.0
object network VPN-Client
 subnet 10.0.3.0 255.255.255.0
object network Host-2
 subnet 10.10.10.0 255.255.255.0
object network WorkCloud
 subnet 10.128.0.0 255.255.0.0
object network FTP
 host 10.0.0.11
object network Host-3
 subnet 10.0.4.0 255.255.255.0
object network HomeApache01
 host 10.0.0.12
object network obj-10.0.0.12
object network HomeDocuments-Documents
 host 10.0.0.12
 description HomeDocuments Documents
object network NETWORK_OBJ_10.0.0.0_24
 subnet 10.0.0.0 255.255.255.0
object-group service VPN udp
 description Ports designated for OPENVPN
 port-object range 50002 50007
object-group service FTPSERVER tcp
 description Inbound FTP traffic
 port-object eq ftp
 port-object eq ftp-data
 port-object eq 422
object-group service UBUNTU tcp
 description Allow for access to directory server
 port-object eq https
 port-object eq www
 port-object eq ssh
object-group protocol DM_INLINE_PROTOCOL_1
 protocol-object udp
 protocol-object tcp
object-group protocol TCPUDP
 protocol-object udp
 protocol-object tcp
access-list dmz_inside extended deny ip any4 10.0.0.0 255.255.255.0
access-list dmz_inside extended permit ip any4 any4
access-list outside_cryptomap extended permit ip 10.0.0.0 255.255.255.0 object Host-1
access-list Guest extended permit ip any4 any4
access-list outsidein extended permit udp any4 host 10.0.0.234 object-group VPN
access-list outsidein extended permit tcp any4 object HomeIntranet eq https
access-list outsidein extended permit tcp any4 object HomeApache01 object-group UBUNTU
access-list outsidein extended permit tcp any4 host 10.0.0.247 eq https
access-list outsidein extended permit tcp any4 host 10.0.0.247 eq www
access-list outsidein extended permit tcp any object FTP object-group FTPSERVER
access-list outsidein extended permit tcp any4 object Documents eq https
access-list outsidein extended permit icmp any any echo-reply
access-list outsidein extended permit icmp any any time-exceeded
access-list outsidein extended permit icmp any any unreachable
access-list outside_cryptomap_1 extended permit ip 10.0.0.0 255.255.255.0 object Host-2
access-list DefaultRAGroup_splitTunnelAcl standard permit 10.0.0.0 255.255.255.0
access-list DefaultRAGroup_splitTunnelAcl standard permit 10.0.1.0 255.255.255.0
access-list global_mpc extended permit ip any any
access-list inside_mpc extended permit ip 10.0.0.0 255.255.255.0 any
access-list inside_mpc extended permit icmp 10.0.0.0 255.255.255.0 any echo-reply
access-list inside_mpc extended permit icmp 10.0.0.0 255.255.255.0 any time-exceeded
access-list inside_mpc extended permit icmp 10.0.0.0 255.255.255.0 any unreachable
access-list outside_cryptomap_3 extended permit ip 10.0.0.0 255.255.255.0 object Host-3
access-list outside_cryptomap_2 extended permit ip 10.0.0.0 255.255.255.0 object WorkCloud
access-list netflow-export extended permit ip any any
pager lines 24
logging enable
logging timestamp
logging standby
logging console emergencies
logging monitor emergencies
logging buffered emergencies
logging trap notifications
logging asdm informational
logging mail alerts
logging facility 21
logging queue 2048
logging device-id hostname
no logging message 106015
no logging message 313001
no logging message 313008
no logging message 106023
no logging message 710003
no logging message 106100
no logging message 302015
no logging message 302014
no logging message 302013
no logging message 302018
no logging message 302017
no logging message 302016
no logging message 302021
no logging message 302020
flow-export destination inside 10.0.0.13 9996
flow-export template timeout-rate 1
flow-export delay flow-create 15
mtu outside 1500
mtu inside 1500
mtu dmz 1500
mtu management 1500
ip verify reverse-path interface outside
icmp unreachable rate-limit 1 burst-size 1
icmp permit any outside
icmp permit any inside
icmp permit any dmz
asdm image disk0:/asdm-722.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (inside,outside) source static NETWORK_OBJ_10.0.0.0_24 NETWORK_OBJ_10.0.0.0_24 destination static Host-2 Host-2 no-proxy-arp route-lookup
nat (inside,outside) source static NETWORK_OBJ_10.0.0.0_24 NETWORK_OBJ_10.0.0.0_24 destination static Host-1 Host-1 no-proxy-arp route-lookup
nat (inside,outside) source static NETWORK_OBJ_10.0.0.0_24 NETWORK_OBJ_10.0.0.0_24 destination static WorkCloud WorkCloud no-proxy-arp route-lookup
nat (inside,outside) source static NETWORK_OBJ_10.0.0.0_24 NETWORK_OBJ_10.0.0.0_24 destination static Host-3 Host-3 no-proxy-arp route-lookup
nat (inside,any) source static NETWORK_OBJ_10.0.0.0_24 NETWORK_OBJ_10.0.0.0_24 destination static VPN-Client VPN-Client no-proxy-arp route-lookup
nat (inside,outside) source static VPN-Client VPN-Client destination static Host-1 Host-1 no-proxy-arp
!
object network obj-10.0.0.0
 nat (dmz,inside) static 10.0.0.0
object network HomeVS01
 nat (inside,outside) static 209.119.172.37
object network HomeIntranet
 nat (inside,outside) static 209.119.172.35
object network obj_any
 nat (inside,outside) dynamic interface
object network obj_any-01
 nat (inside,dmz) dynamic interface
object network obj_any-02
 nat (inside,outside) dynamic obj-0.0.0.0
object network obj_any-04
 nat (inside,dmz) dynamic obj-0.0.0.0
object network obj_any-09
 nat (dmz,outside) dynamic interface
object network obj_any-10
 nat (dmz,outside) dynamic obj-0.0.0.0
object network obj_any-11
 nat (management,outside) dynamic obj-0.0.0.0
object network obj_any-13
 nat (management,dmz) dynamic obj-0.0.0.0
object network FTP
 nat (inside,outside) static 209.119.172.34
object network HomeDocuments-Documents
 nat (any,any) static 209.119.172.36
access-group outsidein in interface outside
access-group dmz_inside in interface dmz
route outside 0.0.0.0 0.0.0.0 209.119.171.17 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server Home protocol ldap
aaa-server Home (inside) host 10.0.0.241
 ldap-base-dn DC=HomeI,DC=com
 ldap-group-base-dn CN=Home VPN,OU=Groups,OU=Home,OU=Organization
 ldap-scope subtree
 ldap-naming-attribute sAMAccountName
 ldap-login-password *****
 ldap-login-dn opadmin@Homei.com
 server-type microsoft
aaa-server Host-1 protocol ldap
aaa-server Host-1 (inside) host X.X.X.X
 ldap-base-dn dc=esi,DC=local
 ldap-group-base-dn OU=Organization
 ldap-scope subtree
 ldap-naming-attribute sAMAccountName
 ldap-login-password *****
 ldap-login-dn opadmin@x.x.x
 server-type microsoft
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
http server enable
http 10.0.0.0 255.255.255.0 inside
http 0.0.0.0 0.0.0.0 outside
sysopt connection tcpmss 1387
sysopt noproxyarp inside
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set transform-amzn esp-aes esp-sha-hmac
crypto ipsec ikev2 ipsec-proposal DES
 protocol esp encryption des
 protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
 protocol esp encryption 3des
 protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
 protocol esp encryption aes
 protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
 protocol esp encryption aes-192
 protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES256
 protocol esp encryption aes-256
 protocol esp integrity sha-1 md5
crypto ipsec security-association lifetime seconds 3600
crypto ipsec security-association replay window-size 128
crypto ipsec security-association pmtu-aging infinite
crypto ipsec df-bit clear-df outside
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-192-SHA ESP-AES-256-SHA ESP-3DES-SHA ESP-DES-SHA ESP-AES-128-SHA-TRANS ESP-AES-192-SHA-TRANS ESP-AES-256-SHA-TRANS ESP-3DES-SHA-TRANS ESP-DES-SHA-TRANS
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map outside_map1 1 match address outside_cryptomap
crypto map outside_map1 1 set peer X.X.X.X
crypto map outside_map1 1 set ikev1 transform-set ESP-AES-128-SHA
crypto map outside_map1 1 set security-association lifetime kilobytes unlimited
crypto map outside_map1 1 set reverse-route
crypto map outside_map1 2 match address outside_cryptomap_1
crypto map outside_map1 2 set peer X.X.X.X
crypto map outside_map1 2 set ikev1 transform-set ESP-AES-128-SHA
crypto map outside_map1 2 set reverse-route
crypto map outside_map1 3 match address outside_cryptomap_2
crypto map outside_map1 3 set pfs
crypto map outside_map1 3 set peer X.X.X.X
crypto map outside_map1 3 set ikev1 transform-set ESP-AES-128-SHA
crypto map outside_map1 3 set reverse-route
crypto map outside_map1 4 match address outside_cryptomap_3
crypto map outside_map1 4 set peer X.X.X.X
crypto map outside_map1 4 set ikev1 transform-set ESP-AES-128-SHA
crypto map outside_map1 4 set reverse-route
crypto map outside_map1 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map1 interface outside
crypto ca trustpoint ASDM_TrustPoint0
 enrollment self
 fqdn vpn.Homei.com
 subject-name CN=Home-asa
 proxy-ldc-issuer
 crl configure
crypto ca trustpool policy
crypto ca certificate chain ASDM_TrustPoint0
 certificate 51acd452
    30820242 308201ab a0030201 02020451 acd45230 0d06092a 864886f7 0d010105
    05003033 31143012 06035504 03130b76 656e7475 72652d61 7361311b 30190609
    2a864886 f70d0109 02160c76 706e2e76 6765692e 636f6d30 1e170d31 34303132
    33313333 3032335a 170d3234 30313231 31333330 32335a30 33311430 12060355
    0403130b 76656e74 7572652d 61736131 1b301906 092a8648 86f70d01 0902160c
    76706e2e 76676569 2e636f6d 30819f30 0d06092a 864886f7 0d010101 05000381
    8d003081 89028181 00b94eac 2753ea40 a30276d9 766c4b0b 779cf167 6929d382
    b3700264 fbbcafa6 33129ea0 b1ef5541 02c365cf 84ca4f9a 00ba1d47 2bca71dc
    910ec225 6c75520a 49962d77 f7eeb45c 8a777b66 57c8c155 4f4eeee4 9c5e93bf
    3c14f34d ac05afb8 005b7c72 ff30c17b 7c6af71a 59aeea86 a03e61b2 75f9fd6d
    eecc0c6d 877001af 5f020301 0001a363 3061300f 0603551d 130101ff 04053003
    0101ff30 0e060355 1d0f0101 ff040403 02018630 1f060355 1d230418 30168014
    d6abe4c0 b63160e9 f95f07c6 57664931 b66bf4d6 301d0603 551d0e04 160414d6
    abe4c0b6 3160e9f9 5f07c657 664931b6 6bf4d630 0d06092a 864886f7 0d010105
    05000381 81004a20 bcdfebfa 194e8275 44d03562 10fdeaa6 5ecb954a 52243c9c
    a88f2ed4 c7cfa48c cd07b6f4 fecf5339 41b0dad0 7e5661b5 25254243 17cc861f
    c4975217 6aa8e94d 2e3eee9e b8bf95cb e6d09ffb c448f64c bf445dce f8f4ba51
    c4de4292 7a3fab04 e6f0a779 487a2c03 5aad8cde 2db9ffbe a075cb14 c651535f
    ddd51fd9 b435
  quit
crypto isakmp identity address
crypto ikev2 policy 1
 encryption aes-256
 integrity sha
 group 5 2
 prf sha
 lifetime seconds 86400
crypto ikev2 policy 10
 encryption aes-192
 integrity sha
 group 5 2
 prf sha
 lifetime seconds 86400
crypto ikev2 policy 20
 encryption aes
 integrity sha
 group 5 2
 prf sha
 lifetime seconds 86400
crypto ikev2 policy 30
 encryption 3des
 integrity sha
 group 5 2
 prf sha
 lifetime seconds 86400
crypto ikev2 policy 40
 encryption des
 integrity sha
 group 5 2
 prf sha
 lifetime seconds 86400
crypto ikev2 enable outside client-services port 443
crypto ikev2 remote-access trustpoint ASDM_TrustPoint0
crypto ikev1 enable outside
crypto ikev1 policy 10
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 201
 authentication pre-share
 encryption aes
 hash sha
 group 2
 lifetime 28800
!
track 1 rtr 1 reachability
Host-2 0.0.0.0 0.0.0.0 inside
Host-2 timeout 5
ssh stricthostkeycheck
ssh 0.0.0.0 0.0.0.0 outside
ssh 0.0.0.0 0.0.0.0 inside
ssh timeout 25
ssh key-exchange group dh-group1-sha1
console timeout 0
management-access inside
vpn-sessiondb max-other-vpn-limit 20
vpn-sessiondb max-anyconnect-premium-or-essentials-limit 20
priority-queue inside
threat-detection basic-threat
threat-detection statistics host
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl trust-point ASDM_TrustPoint0 outside
webvpn
 enable outside
 anyconnect-essentials
 anyconnect image disk0:/anyconnect-win-3.1.05178-k9.pkg 2
 anyconnect profiles HomeVPN_client_profile disk0:/HomeVPN_client_profile.xml
 anyconnect enable
 tunnel-group-list enable
group-policy DefaultRAGroup internal
group-policy DefaultRAGroup attributes
 dns-server value 10.0.0.241
 vpn-tunnel-protocol ikev1 ikev2 ssl-client ssl-clientless
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value DefaultRAGroup_splitTunnelAcl
 default-domain value Homei.local
group-policy DfltGrpPolicy attributes
 vpn-tunnel-protocol ikev1 ssl-client ssl-clientless
group-policy GroupPolicy_HomeVPN internal
group-policy GroupPolicy_HomeVPN attributes
 wins-server none
 dns-server value 10.0.0.241
 vpn-idle-timeout 30
 vpn-tunnel-protocol ikev1 ikev2 ssl-client ssl-clientless
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value DefaultRAGroup_splitTunnelAcl
 default-domain value Homei.com
 webvpn
  anyconnect dpd-interval client 180
  anyconnect dpd-interval gateway 180
  anyconnect profiles value HomeVPN_client_profile type user
group-policy GroupPolicy_EntelgentVPN internal
group-policy GroupPolicy_EntelgentVPN attributes
 wins-server none
 dns-server value 10.0.1.19
 vpn-idle-timeout 30
 vpn-tunnel-protocol ikev1 ikev2 ssl-client ssl-clientless
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value DefaultRAGroup_splitTunnelAcl
 default-domain value esi.local
 split-tunnel-all-dns disable
 webvpn
  anyconnect keep-installer none
  anyconnect profiles value HomeVPN_client_profile type user
group-policy GroupPolicy3 internal
group-policy GroupPolicy3 attributes
 vpn-tunnel-protocol ikev1
group-policy GroupPolicy2 internal
group-policy GroupPolicy2 attributes
 vpn-tunnel-protocol ikev1
group-policy GroupPolicy1 internal
group-policy GroupPolicy1 attributes
 vpn-tunnel-protocol ikev1
group-policy GroupPolicy_X.X.X.X internal
group-policy GroupPolicy_X.X.X.X attributes
 vpn-tunnel-protocol ikev1
username administrator password BWe5ImawVs1sIAp6 encrypted privilege 15
tunnel-group DefaultRAGroup general-attributes
 address-pool Home-VPN-IP
 default-group-policy DefaultRAGroup
tunnel-group DefaultRAGroup ipsec-attributes
 ikev1 pre-shared-key *****
tunnel-group X.X.X.X type ipsec-l2l
tunnel-group X.X.X.X general-attributes
 default-group-policy GroupPolicy_X.X.X.X
tunnel-group X.X.X.X ipsec-attributes
 ikev1 pre-shared-key *****
 ikev2 remote-authentication pre-shared-key *****
 ikev2 local-authentication pre-shared-key *****
tunnel-group X.X.X.X type ipsec-l2l
tunnel-group X.X.X.X general-attributes
 default-group-policy GroupPolicy3
tunnel-group X.X.X.X ipsec-attributes
 ikev1 pre-shared-key *****
tunnel-group HomeVPN type remote-access
tunnel-group HomeVPN general-attributes
 address-pool Home-VPN-IP
 authentication-server-group Home
 default-group-policy GroupPolicy_HomeVPN
tunnel-group HomeVPN webvpn-attributes
 group-alias HomeVPN enable
tunnel-group X.X.X.X type ipsec-l2l
tunnel-group X.X.X.X general-attributes
 default-group-policy GroupPolicy2
tunnel-group X.X.X.X ipsec-attributes
 ikev1 pre-shared-key *****
 isakmp keepalive threshold 10 retry 3
tunnel-group X.X.X.X type ipsec-l2l
tunnel-group X.X.X.X general-attributes
 default-group-policy GroupPolicy1
tunnel-group X.X.X.X ipsec-attributes
 ikev1 pre-shared-key *****
tunnel-group EnetelgentVPN type remote-access
tunnel-group EnetelgentVPN general-attributes
 address-pool Home-VPN-IP
 authentication-server-group Host-1
 default-group-policy GroupPolicy_EntelgentVPN
tunnel-group EnetelgentVPN webvpn-attributes
 group-alias Host-1 disable
 group-alias Host-1VPN enable
!
class-map netflow-export-class
 match access-list netflow-export
class-map global-class
 description NetFlow
 match any
class-map inside-class
 match access-list inside_mpc
class-map inspection_default
 match default-inspection-traffic
class-map global-class1
 match default-inspection-traffic
!
!
policy-map global_policy
 description Netflow
 class inspection_default
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
  inspect ftp
  inspect ip-options
  inspect icmp
  inspect icmp error
  inspect dns
 class netflow-export-class
  flow-export event-type all destination 10.0.0.13
 class class-default
  user-statistics accounting
policy-map global-policy
 description Bandwidth
 class global-class1
  inspect dns
  inspect ftp
  inspect icmp
 class global-class
  flow-export event-type all destination 10.0.0.13
policy-map type inspect dns migrated_dns_map_1
 parameters
  message-length maximum client auto
  message-length maximum 1500
!
service-policy global-policy global
prompt hostname context
no call-home reporting anonymous
call-home
 profile CiscoTAC-1
  no active
  destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
  destination address email callhome@cisco.com
  destination transport-method http
  subscribe-to-alert-group diagnostic
  subscribe-to-alert-group environment
  subscribe-to-alert-group inventory periodic monthly
  subscribe-to-alert-group configuration periodic monthly
  subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:baedc2cc969bb46f5a3b72ff7cfc9e3a
: end

 

  • VPN
60
Views
0
Helpful
0
Replies