[x]
Posted via EE Mobile

Search, ask, and monitor your questions on the go with EE Mobile. Visit Experts Exchange from your mobile device and never be out of touch again.
10/23/2008 at 11:59AM PDT, ID: 23842172
[x]
Attachment Details
[x]
The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

  • The Grade of the Solution
  • The Zone Rank of the Expert Providing the Solution
  • The Number of Author and Expert Comments
  • The Number of Experts Contributing
  • The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!
6.6

Can't ping though Site-2-Site VPN Tunnel between ASA 5510 and 5505

Asked by hmassertech in IPSec Security Protocol, Cisco PIX Firewall, Network Software Firewalls

Tags: Cisco, ASA, ASA 5510 and ASA 5505

I have succesfully established the VPN Tunnel between an ASA 5510 and an ASA 5505, but i can't pass any traffic through the tunnel. Please help, kind of in a hurry 
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
71:
72:
73:
74:
75:
76:
77:
78:
79:
80:
81:
82:
83:
84:
85:
86:
87:
88:
89:
90:
91:
92:
93:
94:
95:
96:
97:
98:
99:
100:
101:
102:
103:
104:
105:
106:
107:
108:
109:
110:
111:
112:
113:
114:
115:
116:
117:
118:
119:
120:
121:
122:
123:
124:
125:
126:
127:
128:
129:
130:
131:
132:
133:
134:
135:
136:
137:
138:
139:
140:
141:
142:
143:
144:
145:
146:
147:
148:
149:
150:
151:
152:
153:
154:
155:
156:
157:
158:
159:
160:
161:
162:
163:
164:
165:
166:
167:
168:
169:
170:
171:
172:
173:
174:
175:
176:
177:
178:
179:
180:
181:
182:
183:
184:
185:
186:
187:
188:
189:
190:
191:
192:
193:
194:
195:
196:
197:
198:
199:
200:
201:
202:
203:
204:
205:
206:
207:
208:
209:
210:
211:
212:
213:
214:
215:
216:
217:
218:
219:
220:
221:
222:
223:
224:
225:
226:
227:
228:
229:
230:
231:
232:
233:
234:
235:
236:
237:
238:
239:
240:
241:
242:
243:
244:
245:
246:
247:
248:
249:
250:
251:
252:
253:
254:
255:
256:
257:
258:
259:
260:
261:
262:
263:
264:
265:
266:
267:
268:
269:
270:
271:
272:
273:
274:
275:
276:
277:
278:
279:
280:
281:
282:
283:
284:
285:
286:
287:
288:
289:
290:
291:
292:
293:
294:
295:
296:
297:
298:
299:
300:
301:
302:
303:
304:
305:
306:
307:
308:
309:
310:
311:
312:
313:
314:
315:
316:
317:
318:
319:
320:
321:
322:
323:
324:
325:
326:
327:
328:
329:
330:
331:
332:
333:
334:
335:
336:
337:
338:
339:
340:
341:
342:
343:
344:
345:
346:
347:
348:
349:
350:
351:
352:
353:
354:
355:
356:
357:
358:
359:
360:
361:
362:
363:
364:
365:
366:
367:
368:
369:
370:
371:
372:
373:
374:
375:
376:
377:
378:
379:
380:
381:
382:
383:
384:
385:
386:
387:
388:
389:
390:
391:
392:
393:
394:
395:
396:
397:
398:
399:
400:
401:
402:
403:
404:
405:
406:
407:
408:
409:
410:
411:
412:
413:
414:
415:
416:
417:
418:
419:
420:
421:
422:
423:
424:
425:
426:
427:
428:
429:
430:
431:
432:
433:
434:
435:
436:
437:
438:
439:
440:
441:
442:
443:
444:
445:
446:
447:
448:
449:
450:
451:
452:
453:
454:
455:
456:
457:
458:
459:
460:
461:
462:
463:
464:
465:
466:
467:
468:
469:
470:
471:
472:
473:
474:
475:
476:
477:
478:
479:
480:
481:
482:
483:
484:
485:
486:
487:
488:
489:
490:
491:
492:
493:
494:
495:
496:
497:
498:
499:
500:
501:
502:
503:
504:
505:
506:
507:
508:
509:
510:
511:
512:
513:
514:
515:
516:
517:
518:
519:

**********************
ASA 5510 - SANITIZED
**********************
asdm image disk0:/asdm-508.bin
asdm location 192.168.50.48 255.255.255.240 outside
no asdm history enable
: Saved
:
ASA Version 7.0(8) 
!
hostname ciscoasa
domain-name xxxxx.net
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
dns-guard
!
interface Ethernet0/0
 nameif outside
 security-level 0
 ip address A.A.A.A 255.255.255.248 
!
interface Ethernet0/1
 nameif inside
 security-level 100
 ip address 192.168.5.150 255.255.255.0 
!
interface Ethernet0/2
 nameif DICOM
 security-level 100
 ip address 10.0.5.150 255.255.255.0 
!
interface Management0/0
 nameif management
 security-level 0
 ip address 192.168.1.1 255.255.255.0 
 management-only
!
ftp mode passive
same-security-traffic permit inter-interface
access-list inside_nat0_outbound extended permit ip any 192.168.50.48 255.255.255.240 
access-list inside_nat0_outbound extended permit ip 192.168.5.0 255.255.255.0 10.0.5.0 255.255.255.0 
access-list inside_nat0_outbound extended permit ip 192.168.5.0 255.255.255.0 192.168.15.0 255.255.255.0 
access-list remoteuser_splitTunnelAcl standard permit any 
access-list dicom_nat0_outbound extended permit ip 10.0.5.0 255.255.255.0 192.168.5.0 255.255.255.0 
access-list outside_cryptomap_dyn_20 extended permit ip 192.168.5.0 255.255.255.0 192.168.15.0 255.255.255.0 
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu DICOM 1500
mtu management 1500
ip local pool remoteusers 192.168.50.50-192.168.50.60 mask 255.255.255.0
icmp permit any outside
icmp permit any inside
icmp permit any DICOM
asdm image disk0:/asdm-508.bin
no asdm history enable
arp timeout 14400
global (outside) 10 interface
global (inside) 10 interface
global (DICOM) 10 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 10 0.0.0.0 0.0.0.0
nat (DICOM) 0 access-list dicom_nat0_outbound
nat (DICOM) 10 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 A.A.A.A 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
group-policy remoteuser internal
group-policy remoteuser attributes
 dns-server value 24.93.41.127 24.93.41.128
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value remoteuser_splitTunnelAcl
 webvpn
group-policy MTECH internal
group-policy MTECH attributes
 vpn-tunnel-protocol IPSec 
 webvpn
username mtech password V6B59GRyHeAuo8yI encrypted privilege 0
username mtech attributes
 vpn-group-policy remoteuser
 webvpn
http server enable
http 192.168.5.0 255.255.255.0 inside
http 10.0.5.0 255.255.255.0 DICOM
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac 
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_dyn_20
crypto dynamic-map outside_dyn_map 20 set pfs 
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 20 set security-association lifetime seconds 28800
crypto dynamic-map outside_dyn_map 20 set security-association lifetime kilobytes 4608000
crypto dynamic-map outside_dyn_map 20 set reverse-route
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
isakmp enable outside
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
tunnel-group remoteuser type ipsec-ra
tunnel-group remoteuser general-attributes
 address-pool remoteusers
 default-group-policy remoteuser
tunnel-group remoteuser ipsec-attributes
 pre-shared-key *
tunnel-group B.B.B.B type ipsec-l2l
tunnel-group B.B.B.B ipsec-attributes
 pre-shared-key *
telnet 192.168.5.0 255.255.255.0 inside
telnet 10.0.5.0 255.255.255.0 DICOM
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.5.20-192.168.5.25 inside
dhcpd address 10.0.5.50-10.0.5.60 DICOM
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd dns 207.191.50.10 207.191.1.10
dhcpd lease 3600
dhcpd ping_timeout 50
dhcpd auto_config inside
dhcpd enable management
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map global_policy
 class inspection_default
  inspect dns maximum-length 512 
  inspect ftp 
  inspect h323 h225 
  inspect h323 ras 
  inspect rsh 
  inspect rtsp 
  inspect esmtp 
  inspect sqlnet 
  inspect skinny 
  inspect sunrpc 
  inspect xdmcp 
  inspect sip 
  inspect netbios 
  inspect tftp 
!
service-policy global_policy global
Cryptochecksum:52ec086e41aa78714800f8c454cbad7c
: end
 
 
********************
ASA 5505 - SANITIZED
********************'
: Saved
:
ASA Version 7.2(3) 
!
hostname MTECH-ASA5505
domain-name xxxx.com
enable password MEYZflDSP3eDNoIU encrypted
names
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.15.1 255.255.255.0 
!
interface Vlan2
 nameif outside
 security-level 0
 ip address A.A.A.A 255.255.255.248 
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
passwd MEYZflDSP3eDNoIU encrypted
banner login Welcome to the XXXXXX Network
ftp mode passive
clock timezone MST -7
clock summer-time MDT recurring
dns server-group DefaultDNS
 domain-name xxxx.com
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group service Trixbox udp
 port-object range 10000 20000
 port-object range 5036 5036
 port-object range sip sip
object-group service TrixboxTCP tcp
 port-object range sip sip
 port-object range www www
access-list inside_nat0_outbound extended permit ip 192.168.15.0 255.255.255.0 172.20.0.0 255.255.254.0 
access-list inside_nat0_outbound extended permit ip 192.168.15.0 255.255.255.0 192.168.1.0 255.255.255.0 
access-list inside_nat0_outbound extended permit ip any 192.168.15.0 255.255.255.128 
access-list inside_nat0_outbound extended permit ip 192.168.15.0 255.255.255.0 192.168.0.0 255.255.255.0 
access-list inside_nat0_outbound extended permit ip 192.168.15.0 255.255.255.0 192.168.5.0 255.255.255.0 
access-list outside_2_cryptomap extended permit ip 192.168.15.0 255.255.255.0 172.20.0.0 255.255.254.0 
access-list outside_access_in extended permit ip 192.168.5.0 255.255.255.0 192.168.15.0 255.255.255.0 
access-list outside_access_in extended permit ip 192.168.1.0 255.255.255.0 192.168.15.0 255.255.255.0 
access-list outside_access_in extended permit tcp any interface outside eq www 
access-list outside_access_in extended permit tcp any interface outside eq https 
access-list outside_access_in extended permit tcp any interface outside eq ftp 
access-list outside_access_in extended permit udp any interface outside eq 3101 
access-list outside_access_in extended permit tcp any interface outside eq 3101 
access-list outside_access_in extended permit tcp any interface outside eq smtp 
access-list outside_access_in extended permit tcp any host x.x.x.x eq https 
access-list outside_access_in extended permit tcp any host y.y.y.y eq https 
access-list outside_access_in extended permit tcp any host z.z.z.z eq 5543 
access-list outside_access_in extended permit tcp any host z.z.z.z eq https 
access-list outside_access_in extended permit tcp any host y.y.y.y eq 10000 
access-list outside_access_in extended permit tcp any host w.w.w.w eq 10000 
access-list outside_access_in extended permit tcp any host y.y.y.y eq ssh 
access-list outside_access_in extended permit tcp any host w.w.w.w eq ssh 
access-list outside_access_in extended permit tcp any host x.x.x.x eq www 
access-list outside_access_in extended permit udp any host z.z.z.z object-group Trixbox 
access-list outside_access_in extended permit tcp any host x.x.x.x object-group TrixboxTCP 
access-list outside_access_in extended permit tcp any host x.x.x.x eq www 
access-list vpn_split_tunnel standard permit 192.168.15.0 255.255.255.0 
access-list egarcia_splitTunnelAcl standard permit any 
access-list outside_in extended permit tcp any interface outside eq https 
access-list outside_in extended permit tcp any interface outside eq www 
access-list hmasser_splitTunnelAcl standard permit any 
access-list vmasser_splitTunnelAcl standard permit any 
access-list outside_1_cryptomap extended permit ip 192.168.15.0 255.255.255.0 192.168.0.0 255.255.255.0 
access-list outside_3_cryptomap extended permit ip 192.168.15.0 255.255.255.0 192.168.5.0 255.255.255.0 
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool vpnclientpool 192.168.15.60-192.168.15.65 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-523.bin
no asdm history enable
arp timeout 14400
nat-control
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp interface smtp 192.168.15.30 smtp netmask 255.255.255.255 
static (inside,outside) tcp interface www 192.168.15.30 www netmask 255.255.255.255 
static (inside,outside) tcp interface https 192.168.15.30 https netmask 255.255.255.255 
static (inside,outside) tcp interface ftp 192.168.15.30 ftp netmask 255.255.255.255 
static (inside,outside) udp interface 3101 192.168.15.30 3101 netmask 255.255.255.255 
static (inside,outside) tcp interface 3101 192.168.15.30 3101 netmask 255.255.255.255 
static (inside,outside) a.a.a.a 192.168.15.95 netmask 255.255.255.255 
static (inside,outside) b.b.b.b 192.168.15.96 netmask 255.255.255.255 
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 75.19.70.182 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 192.168.15.0 255.255.255.0 outside
http 192.168.15.0 255.255.255.0 inside
snmp-server host inside 192.168.15.240 community mtechsnmp
snmp-server host outside 192.168.15.240 community mtechsnmp
snmp-server location Data Center
no snmp-server contact
snmp-server community mtechsnmp
snmp-server enable traps snmp authentication linkup linkdown coldstart
snmp-server enable traps syslog
snmp-server enable traps ipsec start stop
snmp-server enable traps entity config-change fru-insert fru-remove
snmp-server enable traps remote-access session-threshold-exceeded
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac 
crypto dynamic-map outside_dyn_map 20 set pfs 
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 20 set reverse-route
crypto dynamic-map outside_dyn_map 40 set pfs 
crypto dynamic-map outside_dyn_map 40 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 40 set reverse-route
crypto dynamic-map outside_dyn_map 60 set pfs 
crypto dynamic-map outside_dyn_map 60 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 60 set reverse-route
crypto dynamic-map outside_dyn_map 80 set pfs 
crypto dynamic-map outside_dyn_map 80 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 100 set pfs 
crypto dynamic-map outside_dyn_map 100 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 120 set pfs 
crypto dynamic-map outside_dyn_map 120 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 140 set pfs 
crypto dynamic-map outside_dyn_map 140 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 160 set pfs 
crypto dynamic-map outside_dyn_map 160 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 180 set pfs 
crypto dynamic-map outside_dyn_map 180 set transform-set ESP-3DES-SHA
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set pfs 
crypto map outside_map 1 set peer a.a.a.a
crypto map outside_map 1 set transform-set ESP-3DES-SHA
crypto map outside_map 2 match address outside_2_cryptomap
crypto map outside_map 2 set pfs 
crypto map outside_map 2 set peer a.a.a.a 
crypto map outside_map 2 set transform-set ESP-3DES-SHA
crypto map outside_map 3 match address outside_3_cryptomap
crypto map outside_map 3 set pfs 
crypto map outside_map 3 set peer a.a.a.a
crypto map outside_map 3 set transform-set ESP-3DES-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
crypto isakmp nat-traversal  20
no vpn-addr-assign aaa
no vpn-addr-assign dhcp
telnet 192.168.15.0 255.255.255.0 inside
telnet 192.168.15.0 255.255.255.0 outside
telnet timeout 5
ssh 192.168.15.0 255.255.255.0 inside
ssh 192.168.15.0 255.255.255.0 outside
ssh timeout 5
console timeout 0
dhcpd auto_config outside
!
 
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map 
  inspect ftp 
  inspect h323 h225 
  inspect h323 ras 
  inspect rsh 
  inspect rtsp 
  inspect esmtp 
  inspect sqlnet 
  inspect skinny 
  inspect sunrpc 
  inspect xdmcp 
  inspect sip 
  inspect netbios 
  inspect tftp 
!
service-policy global_policy global
group-policy egarcia internal
group-policy egarcia attributes
 dns-server value 192.168.15.30
 vpn-tunnel-protocol IPSec 
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value vpn_split_tunnel
group-policy DfltGrpPolicy attributes
 banner value Welcome to the Masser Technologies VPN Network
 wins-server none
 dns-server none
 dhcp-network-scope none
 vpn-access-hours none
 vpn-simultaneous-logins 3
 vpn-idle-timeout 30
 vpn-session-timeout none
 vpn-filter none
 vpn-tunnel-protocol IPSec l2tp-ipsec webvpn
 password-storage disable
 ip-comp disable
 re-xauth disable
 group-lock none
 pfs disable
 ipsec-udp disable
 ipsec-udp-port 10000
 split-tunnel-policy tunnelall
 split-tunnel-network-list value vpn_split_tunnel
 default-domain none
 split-dns none
 intercept-dhcp 255.255.255.255 disable
 secure-unit-authentication disable
 user-authentication disable
 user-authentication-idle-timeout 30
 ip-phone-bypass disable
 leap-bypass disable
 nem enable
 backup-servers keep-client-config
 msie-proxy server none
 msie-proxy method no-modify
 msie-proxy except-list none
 msie-proxy local-bypass disable
 nac disable
 nac-sq-period 300
 nac-reval-period 36000
 nac-default-acl none
 address-pools none
 smartcard-removal-disconnect enable
 client-firewall none
 client-access-rule none
 webvpn
  functions url-entry
  html-content-filter none
  homepage none
  keep-alive-ignore 4
  http-comp gzip
  filter none
  url-list none
  customization value DfltCustomization
  port-forward none
  port-forward-name value Application Access
  sso-server none
  deny-message value Login was successful, but because certain criteria have not been met or due to some specific group policy, you do not have permission to use any of the VPN features. Contact your IT administrator for more information
  svc none
  svc keep-installer installed
  svc keepalive none
  svc rekey time none
  svc rekey method none
  svc dpd-interval client none
  svc dpd-interval gateway none
  svc compression deflate
group-policy hmasser internal
group-policy hmasser attributes
 dns-server value 192.168.15.30
 vpn-tunnel-protocol IPSec 
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value vpn_split_tunnel
group-policy RestoreIT internal
group-policy RestoreIT attributes
 vpn-tunnel-protocol IPSec l2tp-ipsec 
 split-tunnel-policy tunnelall
 split-tunnel-network-list none
 default-domain none
 split-dns none
 secure-unit-authentication disable
 user-authentication disable
 user-authentication-idle-timeout none
 ip-phone-bypass disable
 leap-bypass disable
 nem enable
group-policy vmasser internal
group-policy vmasser attributes
 dns-server value 192.168.15.30
 vpn-tunnel-protocol IPSec 
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value vpn_split_tunnel
username user1 password 7fMghx1Qu1uKfopH encrypted privilege 0
username user1 attributes
 vpn-group-policy user1
username user2 password UR6H3WSGc3Yey/w6 encrypted privilege 0
username user2 attributes
 vpn-group-policy user2
username user3 password dj2cUCod9y4PQ7B. encrypted
username user3 attributes
 vpn-group-policy user3
 group-lock value user3
username user4 password FJ/fPC98CLzqISt9 encrypted privilege 0
username user4 attributes
 vpn-group-policy user4
tunnel-group A.A.A.A type ipsec-l2l
tunnel-group A.A.A.A ipsec-attributes
 pre-shared-key *
tunnel-group user5 type ipsec-ra
tunnel-group user5 general-attributes
 address-pool vpnclientpool
 default-group-policy user5
tunnel-group user5 ipsec-attributes
 pre-shared-key *
tunnel-group group1 type ipsec-ra
tunnel-group group1 general-attributes
 default-group-policy group1
tunnel-group group1 ipsec-attributes
 pre-shared-key *
 isakmp ikev1-user-authentication (outside) none
tunnel-group group3 type ipsec-ra
tunnel-group group3 general-attributes
 address-pool vpnclientpool
 default-group-policy group3
tunnel-group egarcia ipsec-attributes
 pre-shared-key *
tunnel-group group4 type ipsec-ra
tunnel-group group4 general-attributes
 address-pool vpnclientpool
 default-group-policy group4
tunnel-group group4 ipsec-attributes
 pre-shared-key *
tunnel-group A.A.A.A type ipsec-l2l
tunnel-group A.A.A.A  ipsec-attributes
 pre-shared-key *
tunnel-group B.B.B.B type ipsec-l2l
tunnel-group B.B.B.B ipsec-attributes
 pre-shared-key *
smtp-server 192.168.15.30
prompt hostname context 
Cryptochecksum:0c9b70033d5b3514a99e2bf9548e8d06
: end
asdm image disk0:/asdm-523.bin
no asdm history enable
[+][-]10/23/08 12:01 PM, ID: 22789489

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]10/23/08 04:10 PM, ID: 22791598

View this solution now by starting your 30-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

 

About this solution

Zones: IPSec Security Protocol, Cisco PIX Firewall, Network Software Firewalls
Tags: Cisco, ASA, ASA 5510 and ASA 5505
Sign Up Now!
Solution Provided By: hmassertech
Participating Experts: 1
Solution Grade: A
 
 
 
Loading Advertisement...
20090824-EE-VQP-74 - Hierarchy / EE_QW_2_20070628