[x]
Posted via EE Mobile

Search, ask, and monitor your questions on the go with EE Mobile. Visit Experts Exchange from your mobile device and never be out of touch again.
Question
[x]
Attachment Details
[x]
The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

  • The Grade of the Solution
  • The Zone Rank of the Expert Providing the Solution
  • The Number of Author and Expert Comments
  • The Number of Experts Contributing
  • The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!
9.2

ASA 5505 - VPN communication problem

Asked by fyr3byt3 in Networking Hardware Firewalls

I am trying to establish a VPN connection between 2 sites. With the config below, the sites establish a connection, but traffic isn't being delivered via the VPN, thus it's failing.

Site 1 = V.P.N.444
Site 2 = V.P.N.441.0

The debug logging for the VPN tunnel shows all the proper entries, completed w/ "PHASE 2 COMPLETED (msgid=####)".

The debug logging of ICMP attempts through the connection results in:
--- Connection Attempt from Main site to remote site --->
2009-02-17 17:43:03      Local4.Debug      %ASA-7-609001: Built local-host outside:V.P.N.441.1
2009-02-17 17:43:03      Local4.Error      %ASA-3-106014: Deny inbound icmp src inside:P.R.I.000.9 dst outside:V.P.N.441.1 (type 8, code 0)
2009-02-17 17:43:03      Local4.Debug      %ASA-7-609002: Teardown local-host outside:V.P.N.441.1 duration 0:00:00
<---
--- Connection Attempt from remote site to Main site --->
2009-02-12 15:35:28      Local4.Error      %ASA-3-313001: Denied ICMP type=8, code=0 from V.P.N.441.200 on interface outside

I initially setup the static route for the V.P.N.441 subnet as the inside interface, but the VPN wouldn't establish until I moved to the outside interface...

Any help is greatly appreciated.

Thanks. 
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
71:
72:
73:
74:
75:
76:
77:
78:
79:
80:
81:
82:
83:
84:
85:
86:
87:
88:
89:
90:
91:
92:
93:
94:
95:
96:
97:
98:
99:
100:
101:
102:
103:
104:
105:
106:
107:
108:
109:
110:
111:
112:
113:
114:
115:
116:
117:
118:
119:
120:
121:
122:
123:
124:
125:
126:
127:
128:
129:
130:
131:
132:
133:
134:
135:
136:
137:
138:
139:
140:
141:
142:
143:
144:
145:
146:
147:
148:
149:
150:
151:
152:
153:
154:
155:
156:
157:
158:
159:
160:
161:
162:
163:
164:
165:
166:
167:
168:
169:
170:
171:
172:
173:
174:
175:
176:
177:
178:
179:
180:
181:
182:
183:
184:
185:
186:
187:
188:
189:
190:
191:
192:
193:
194:
195:
196:
197:
198:
199:
200:
201:
202:
203:
204:
205:
206:
207:
208:
209:
210:
211:
212:
213:
214:
215:
216:
217:
218:
219:
220:
221:
222:
223:
224:
225:
226:
227:
228:
229:
230:
231:
232:
233:
234:
235:
236:
237:
238:
239:
240:
241:
242:
243:
244:
245:
246:
247:
248:
249:
250:
251:
252:
253:
254:
255:
256:
257:
258:
259:
260:
261:
262:
263:
264:
265:
266:
267:
268:
269:
270:
271:
272:
273:
274:
275:
276:
277:
278:
279:
280:
281:
282:
283:
284:
285:
286:
287:
288:
289:
290:
291:
292:
293:
294:
295:
296:
297:
298:
299:
300:
301:
302:
303:
304:
305:
306:
307:
308:
309:
310:
311:
312:
313:
314:
315:
316:
317:
318:
319:
320:
321:
322:
323:
324:
325:
326:
327:
328:
329:
330:
331:
332:
333:
334:
335:
336:
337:
338:
339:
340:
341:
342:
343:
344:
345:
346:
347:
348:
349:
350:
351:
352:
353:
354:
355:
356:
357:
358:
359:
360:
361:
362:
363:
364:
365:
366:
367:
368:
369:
370:
371:
372:
373:
374:
375:
376:
377:
378:
379:
380:
381:
382:

: Saved
:
ASA Version 8.0(2) 
!
hostname MY.ASA1
domain-name my.domain.info
enable password ---
names
name P.R.I.000.0 inside-network
name P.U.B.222 Mercy description VPN IP 2
name P.U.B.333 Chick description VPN IP 3
name P.U.B.444 South description VPN IP 4
!
interface Vlan1
 nameif inside
 security-level 100
 ip address P.R.I.000.254 255.255.255.0 
!
interface Vlan2
 nameif outside
 security-level 0
 ip address P.U.B.111 255.255.255.248 
!
interface Vlan12
 nameif DMZ
 security-level 50
 ip address D.M.Z.1 255.255.255.0 
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
 switchport access vlan 12
!
passwd ---
ftp mode passive
clock timezone CST -6
clock summer-time CDT recurring
dns server-group DefaultDNS
 domain-name my.domain.info
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group protocol TCPUDP
 protocol-object udp
 protocol-object tcp
object-group network DM_INLINE_NETWORK_1
 network-object inside-network 255.255.255.0
 network-object P.R.I.111.0 255.255.255.0
 network-object P.R.I.111.1.0 255.255.255.0
 network-object P.R.I.222.0 255.255.255.0
 network-object P.R.I.333.0 255.255.255.0
object-group network DM_INLINE_NETWORK_2
 network-object inside-network 255.255.255.0
 network-object P.R.I.111.0 255.255.255.0
 network-object P.R.I.111.1.0 255.255.255.0
 network-object P.R.I.222.0 255.255.255.0
 network-object P.R.I.333.0 255.255.255.0
object-group network DM_INLINE_NETWORK_3
 network-object inside-network 255.255.255.0
 network-object P.R.I.111.0 255.255.255.0
 network-object P.R.I.111.1.0 255.255.255.0
 network-object P.R.I.222.0 255.255.255.0
 network-object P.R.I.333.0 255.255.255.0
object-group network DM_INLINE_NETWORK_4
 network-object inside-network 255.255.255.0
 network-object P.R.I.111.1.0 255.255.255.0
object-group network DM_INLINE_NETWORK_6
 network-object inside-network 255.255.255.0
 network-object P.R.I.111.0 255.255.255.0
 network-object P.R.I.111.1.0 255.255.255.0
 network-object P.R.I.333.0 255.255.255.0
access-list outside_access_in extended permit esp host V.P.N.111 host P.U.B.111 log disable 
access-list outside_access_in extended permit esp host P.U.B.111 host V.P.N.111 log disable 
access-list outside_access_in extended permit udp host V.P.N.111 host P.U.B.111 log disable 
access-list outside_access_in extended permit udp host P.U.B.111 host V.P.N.111 log disable 
access-list outside_access_in extended permit tcp any host P.U.B.111 eq 10001 log disable 
access-list outside_access_in extended permit icmp any any 
access-list outside_access_in extended permit tcp host V.P.N.222 host P.U.B.111 eq 22339 log disable 
access-list outside_access_in extended permit udp any host P.U.B.111 eq domain 
access-list outside_access_in extended permit tcp any host P.U.B.111 eq domain 
access-list outside_access_in extended permit ip inside-network 255.255.255.0 P.R.I.111.1.0 255.255.255.0 
access-list outside_access_in extended permit ip P.R.I.111.1.0 255.255.255.0 inside-network 255.255.255.0 log disable 
access-list outside_access_in extended permit tcp any host P.U.B.111 eq www 
access-list outside_access_in extended permit tcp any host P.U.B.111 eq https 
access-list outside_access_in extended permit tcp any host P.U.B.111 eq ftp log disable inactive 
access-list outside_access_in extended permit ip 10.171.201.0 255.255.255.0 inside-network 255.255.255.0 log disable 
access-list outside_access_in extended permit ip inside-network 255.255.255.0 P.R.I.222.1.0 255.255.255.0 log disable inactive 
access-list outside_1_cryptomap extended permit ip host V.P.N.112 host V.P.N.113 
access-list outside_1_cryptomap extended permit ip host V.P.N.113 host V.P.N.112 
access-list outside_1_cryptomap extended permit ip host V.P.N.115 host V.P.N.114 
access-list outside_1_cryptomap extended permit ip host V.P.N.114 host V.P.N.115 
access-list outside_1_cryptomap extended permit ip host V.P.N.116 host V.P.N.113 
access-list outside_1_cryptomap extended permit ip host V.P.N.113 host V.P.N.116 
access-list outside_1_cryptomap extended permit ip host V.P.N.113 host V.P.N.114 
access-list outside_1_cryptomap extended permit ip host V.P.N.114 host V.P.N.113 
access-list outside_1_cryptomap extended permit ip any host V.P.N.111 
access-list nonat extended permit ip inside-network 255.255.255.0 P.R.I.444.0 255.255.0.0 
access-list nonat extended permit ip inside-network 255.255.255.0 V.P.N.333 255.255.254.0 
access-list nonat extended permit ip inside-network 255.255.255.0 P.R.I.111.0 255.255.255.0 
access-list nonat extended permit ip inside-network 255.255.255.0 P.R.I.333.0 255.255.255.0 
access-list nonat extended permit ip inside-network 255.255.255.0 P.R.I.222.0 255.255.255.0 
access-list nonat extended permit ip inside-network 255.255.255.0 inside-network 255.255.255.0 
access-list nonat extended permit ip inside-network 255.255.255.0 P.R.I.111.1.0 255.255.255.0 
access-list nonat extended permit ip any P.R.I.111.1.0 255.255.255.0 
access-list nonat extended permit ip P.R.I.111.1.0 255.255.255.0 inside-network 255.255.255.0 
access-list nonat extended permit ip P.R.I.111.1.0 255.255.255.0 P.R.I.111.0 255.255.255.0 
access-list nonat extended permit ip P.R.I.111.1.0 255.255.255.0 P.R.I.222.0 255.255.255.0 
access-list nonat extended permit ip P.R.I.111.1.0 255.255.255.0 P.R.I.333.0 255.255.255.0 
access-list nonat extended permit ip P.R.I.111.0 255.255.255.0 P.R.I.111.1.0 255.255.255.0 
access-list nonat extended permit ip P.R.I.222.0 255.255.255.0 P.R.I.111.1.0 255.255.255.0 
access-list nonat extended permit ip P.R.I.333.0 255.255.255.0 P.R.I.111.1.0 255.255.255.0 
access-list nonat extended permit ip P.R.I.444.0 255.255.0.0 inside-network 255.255.255.0 
access-list nonat extended permit ip object-group DM_INLINE_NETWORK_4 P.R.I.111.0 255.255.255.0 
access-list nonat extended permit ip 10.171.201.0 255.255.255.0 inside-network 255.255.255.0 
access-list nonat extended permit ip inside-network 255.255.255.0 10.171.201.0 255.255.255.0 
access-list inside_access_in extended permit icmp any any log disable 
access-list inside_access_in extended permit ip any inside-network 255.255.0.0 log disable 
access-list inside_access_in extended permit ip inside-network 255.255.0.0 10.171.201.0 255.255.255.0 log disable 
access-list inside_access_in extended permit ip inside-network 255.255.255.0 any log disable 
access-list inside_access_in extended permit ip any any log disable 
access-list inside_access_in extended permit tcp any any log disable 
access-list inside_access_in extended permit udp any any log disable 
access-list inside_access_in extended permit ip P.R.I.111.1.0 255.255.255.0 inside-network 255.255.255.0 log debugging 
access-list inside_access_in extended permit ip inside-network 255.255.255.0 P.R.I.111.1.0 255.255.255.0 log debugging 
access-list inside_access_in extended permit ip any P.R.I.222.0.0 255.255.255.0 log disable 
access-list inside_access_in extended permit ip P.R.I.222.0.0 255.255.255.0 any log disable 
access-list inside_access_in extended permit ip P.R.I.111.0 255.255.255.0 any 
access-list eVPN remark MAIN
access-list eVPN standard permit inside-network 255.255.255.0 
access-list eVPN remark SOUTH
access-list eVPN standard permit P.R.I.111.0 255.255.255.0 
access-list eVPN remark CHICK
access-list eVPN standard permit P.R.I.222.0 255.255.255.0 
access-list eVPN remark MERCY
access-list eVPN standard permit P.R.I.333.0 255.255.255.0 
access-list eVPN remark eVPN
access-list eVPN standard permit P.R.I.111.1.0 255.255.255.0 
access-list dmz extended permit tcp host D.M.Z.111 host P.R.I.000.200 eq 12110 
access-list dmz extended permit tcp host D.M.Z.111 host P.R.I.000.200 eq 12111 
access-list dmz extended permit tcp host D.M.Z.111 host P.R.I.000.200 eq 12112 
access-list dmz extended permit tcp host D.M.Z.111 host P.R.I.000.200 eq 12113 
access-list dmz extended permit tcp host D.M.Z.111 host P.R.I.000.200 eq 12114 
access-list dmz extended permit tcp host D.M.Z.111 host P.R.I.000.200 eq 12115 
access-list dmz extended permit tcp host D.M.Z.111 host P.R.I.000.200 eq 12116 
access-list dmz extended permit tcp host D.M.Z.111 host P.R.I.000.200 eq 12117 
access-list dmz extended permit tcp host D.M.Z.111 host P.R.I.000.200 eq 12118 
access-list dmz extended permit tcp host D.M.Z.111 host P.R.I.000.200 eq 12119 
access-list dmz extended permit object-group TCPUDP P.R.I.222.0.0 255.255.255.0 any eq domain 
access-list dmz extended permit object-group TCPUDP any P.R.I.222.0.0 255.255.255.0 eq domain 
access-list dmz extended permit tcp any any eq https 
access-list dmz extended deny ip any 10.0.0.0 255.0.0.0 
access-list dmz extended permit ip any any 
access-list SSLVPNTunnel extended permit ip P.R.I.111.1.0 255.255.255.0 inside-network 255.255.0.0 
access-list Branch_Access extended permit ip object-group DM_INLINE_NETWORK_2 object-group DM_INLINE_NETWORK_3 log disable 
access-list Branch_Access extended permit ip object-group DM_INLINE_NETWORK_1 any log disable 
access-list outside_cryptomap extended permit ip inside-network 255.255.255.0 P.R.I.222.0 255.255.255.0 
access-list outside_nat0_outbound extended permit ip P.R.I.111.1.0 255.255.255.0 any 
access-list outside_cryptomap_1 extended permit ip inside-network 255.255.255.0 P.R.I.333.0 255.255.255.0 
access-list outside_cryptomap_2 extended permit ip inside-network 255.255.255.0 P.R.I.111.0 255.255.255.0 
access-list outside_5_cryptomap extended permit ip object-group DM_INLINE_NETWORK_4 P.R.I.111.0 255.255.255.0 
access-list outside_6_cryptomap extended permit ip inside-network 255.255.0.0 10.171.201.0 255.255.255.0 
access-list CenturionVPN extended permit ip object-group DM_INLINE_NETWORK_6 10.171.201.0 255.255.255.0 log disable 
access-list MAIN webtype permit url any log informational interval 300
pager lines 24
logging enable
logging trap debugging
logging asdm informational
logging host inside P.R.I.000.9
mtu inside 1500
mtu outside 1500
mtu DMZ 1500
ip local pool SSL P.R.I.111.1.1 mask 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-602.bin
no asdm history enable
arp timeout 14400
nat-control
global (outside) 1 interface
global (DMZ) 1 D.M.Z.111-P.R.I.222.0.20 netmask 255.255.255.0
nat (inside) 0 access-list nonat
nat (inside) 1 inside-network 255.255.255.0
nat (outside) 0 access-list outside_nat0_outbound
static (inside,outside) tcp interface www P.R.I.000.203 www netmask 255.255.255.255 
static (inside,DMZ) tcp interface 12110 D.M.Z.111 12110 netmask 255.255.255.255 
static (inside,DMZ) tcp interface 12111 D.M.Z.111 12111 netmask 255.255.255.255 
static (inside,DMZ) tcp interface 12112 D.M.Z.111 12112 netmask 255.255.255.255 
static (inside,DMZ) tcp interface 12113 D.M.Z.111 12113 netmask 255.255.255.255 
static (inside,DMZ) tcp interface 12114 D.M.Z.111 12114 netmask 255.255.255.255 
static (inside,DMZ) tcp interface 12115 D.M.Z.111 12115 netmask 255.255.255.255 
static (inside,DMZ) tcp interface 12116 D.M.Z.111 12116 netmask 255.255.255.255 
static (inside,DMZ) tcp interface 12117 D.M.Z.111 12117 netmask 255.255.255.255 
static (inside,DMZ) tcp interface 12118 D.M.Z.111 12118 netmask 255.255.255.255 
static (inside,DMZ) tcp interface 12119 D.M.Z.111 12119 netmask 255.255.255.255 
static (inside,outside) tcp interface https P.R.I.000.203 https netmask 255.255.255.255 
static (inside,outside) V.P.N.112 P.R.I.000.200 netmask 255.255.255.255 
static (inside,outside) V.P.N.114 P.R.I.000.204 netmask 255.255.255.255 
static (inside,DMZ) inside-network inside-network netmask 255.255.255.0 
access-group inside_access_in in interface inside
access-group outside_access_in in interface outside
access-group dmz in interface DMZ
route outside 0.0.0.0 0.0.0.0 68.143.48.137 1
route inside P.R.I.444.0 255.255.0.0 P.R.I.000.1 1
route inside P.R.I.000.5 255.255.255.255 P.R.I.000.1 1
route inside P.R.I.000.6 255.255.255.255 P.R.I.000.1 1
route inside P.R.I.111.0 255.255.255.0 P.R.I.000.1 1
route inside P.R.I.222.0 255.255.255.0 P.R.I.000.1 1
route inside P.R.I.333.0 255.255.255.0 P.R.I.000.1 1
route inside 10.160.20.110 255.255.255.255 P.R.I.000.152 1
route inside 10.160.20.210 255.255.255.255 P.R.I.000.152 1
route inside 10.161.1.213 255.255.255.255 P.R.I.000.152 1
route outside 10.171.201.0 255.255.255.0 P.R.I.000.254 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
nac-policy DfltGrpPolicy-nac-framework-create nac-framework
 reval-period 36000
 sq-period 300
http server enable
http P.R.I.000.67 255.255.255.255 inside
http P.R.I.000.35 255.255.255.255 inside
http P.R.I.111.1.0 255.255.255.0 inside
http P.R.I.000.53 255.255.255.255 inside
http P.R.I.000.34 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac 
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac 
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac 
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac 
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac 
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac 
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac 
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac 
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac 
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac 
crypto dynamic-map Outside_dyn_map 10 set reverse-route
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
 
--- REMOVED UNNECESSARY INFO ---
 
crypto map outside_map 6 match address outside_6_cryptomap
crypto map outside_map 6 set peer V.P.N.444 
crypto map outside_map 6 set transform-set ESP-3DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
 
--- REMOVED UNNECESSARY INFO ---
 
crypto isakmp identity address 
crypto isakmp enable outside
crypto isakmp policy 5
 authentication pre-share
 encryption 3des
 hash md5
 group 2
 lifetime 86400
crypto isakmp policy 10
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
no crypto isakmp nat-traversal
telnet P.R.I.000.53 255.255.255.255 inside
telnet P.R.I.000.34 255.255.255.255 inside
telnet P.R.I.000.35 255.255.255.255 inside
telnet P.R.I.111.1.1 255.255.255.255 inside
telnet timeout 5
ssh timeout 5
console timeout 0
 
threat-detection basic-threat
threat-detection statistics access-list
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map 
  inspect ftp 
  inspect h323 h225 
  inspect h323 ras 
  inspect rsh 
  inspect rtsp 
  inspect esmtp 
  inspect sqlnet 
  inspect skinny  
  inspect sunrpc 
  inspect xdmcp 
  inspect sip  
  inspect netbios 
  inspect tftp 
!
service-policy global_policy global
ntp server P.R.I.000.5 source inside prefer
webvpn
 port 10001
 enable outside
 svc image disk0:/sslclient-win-1.1.4.176.pkg 1
 svc enable
group-policy Branches internal
group-policy Branches attributes
 vpn-filter value Branch_Access
 vpn-tunnel-protocol IPSec l2tp-ipsec 
group-policy Non-Admins internal
group-policy Non-Admins attributes
 vpn-tunnel-protocol svc 
group-policy DfltGrpPolicy attributes
 dns-server value P.R.I.000.5 P.R.I.222.5
 vpn-filter value SSLVPNTunnel
 vpn-tunnel-protocol IPSec l2tp-ipsec svc 
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value eVPN
 nac-settings value DfltGrpPolicy-nac-framework-create
 address-pools value SSL
 webvpn
  svc rekey method ssl
  svc dpd-interval client none
  svc dpd-interval gateway none
  svc ask none default svc
group-policy centurionvpn internal
group-policy centurionvpn attributes
 vpn-filter value CenturionVPN
 vpn-tunnel-protocol IPSec l2tp-ipsec 
group-policy symitarvpn internal
group-policy symitarvpn attributes
 vpn-filter none
 vpn-tunnel-protocol IPSec l2tp-ipsec 
 
--- REMOVED UNNECESSARY INFO ---
 
tunnel-group DefaultWEBVPNGroup general-attributes
 address-pool SSL
tunnel-group DefaultWEBVPNGroup webvpn-attributes
 nbns-server P.R.I.000.5 master timeout 2 retry 2
tunnel-group V.P.N.111 type ipsec-l2l
tunnel-group V.P.N.111 general-attributes
 default-group-policy symitarvpn
tunnel-group V.P.N.111 ipsec-attributes
 pre-shared-key *
tunnel-group Chick type ipsec-l2l
tunnel-group Chick general-attributes
 default-group-policy Branches
tunnel-group Chick ipsec-attributes
 pre-shared-key *
tunnel-group Mercy type ipsec-l2l
tunnel-group Mercy general-attributes
 default-group-policy Branches
tunnel-group Mercy ipsec-attributes
 pre-shared-key *
tunnel-group V.P.N.444 type ipsec-l2l
tunnel-group V.P.N.444 general-attributes
 default-group-policy centurionvpn
tunnel-group V.P.N.444 ipsec-attributes
 pre-shared-key *
prompt hostname context 
Cryptochecksum:5720f981f2cfd07025dc56ab7fda1c62
: end
asdm image disk0:/asdm-602.bin
no asdm history enable
[+][-]02/19/09 05:09 AM, ID: 23680846Accepted Solution

View this solution now by starting your 30-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

About this solution

Zone: Networking Hardware Firewalls
Sign Up Now!
Solution Provided By: JFrederick29
Participating Experts: 1
Solution Grade: A
 
[+][-]10/29/09 10:46 AM, ID: 25696212Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
 
Loading Advertisement...
20091021-EE-VQP-81 - Hierarchy / EE_QW_3_20080625