Advertisement

04.25.2008 at 12:05PM PDT, ID: 23354598
[x]
Attachment Details
[x]
The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

  • The Grade of the Solution
  • The Zone Rank of the Expert Providing the Solution
  • The Number of Author and Expert Comments
  • The Number of Experts Contributing
  • The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!
9.9

Cannot access remote network when connected with Cisco VPN client to ASA5510

Asked by jimporcelli in Virtual Private Networking (VPN), Networking Hardware Firewalls, Cisco PIX Firewall

Tags: , , ,

I am connecting to an ASA55109Ver7.0(5) using the Cisco VPN client version 5.0.03.0530. I am able to authenticate and I get an IP address. I can also see that my remote network is listed under secure routes.

Start Free Trial 
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
71:
72:
73:
74:
75:
76:
77:
78:
79:
80:
81:
82:
83:
84:
85:
86:
87:
88:
89:
90:
91:
92:
93:
94:
95:
96:
97:
98:
99:
100:
101:
102:
103:
104:
105:
106:
107:
108:
109:
110:
111:
112:
113:
114:
115:
116:
117:
118:
119:
120:
121:
122:
123:
124:
125:
126:
127:
128:
129:
130:
131:
132:
133:
134:
135:
136:
137:
138:
139:
140:
141:
142:
143:
144:
145:
146:
147:
148:
149:
150:
151:
152:
153:
154:
155:
156:
157:
158:
159:
160:
161:
162:
163:
164:
165:
166:
167:
168:
169:
170:
171:

ASA Version 7.0(5)
!
hostname xxx
domain-name xxx
enable password cw1vXAXcO9 encrypted
names
dns-guard
!
interface Ethernet0/0
 nameif outside
 security-level 0
 ip address xxx.yyy.140.194 255.255.255.248
!
interface Ethernet0/1
 nameif inside
 security-level 100
 ip address 10.10.30.254 255.255.255.0
!
interface Ethernet0/2
 nameif DMZ
 security-level 0
 no ip address
!
interface Management0/0
 nameif management
 security-level 100
 ip address 192.168.1.1 255.255.255.0
 management-only
!
passwd 26/hhcX8iKS6km6Q encrypted
ftp mode passive
access-list internal extended permit icmp any any
access-list internal extended permit tcp any interface outside eq pptp
access-list internal extended permit tcp any host xxx.yyy.140.194 eq www
access-list internal extended permit tcp any host xxx.yyy.140.194 eq 8080
access-list internal extended permit tcp any host xxx.yyy.140.194 eq pop3
access-list internal extended permit gre any host xxx.yyy.140.194
access-list internal extended permit tcp any host xxx.yyy.140.194 eq https
access-list internal extended permit tcp 64.74.172.0 255.255.255.0 host xxx.yyy.140.194 eq smtp
access-list internal extended permit tcp 64.74.173.0 255.255.255.0 host xxx.yyy.140.194 eq smtp
access-list internal extended permit tcp 208.70.88.0 255.255.255.0 host xxx.yyy.140.194 eq smtp
access-list internal extended permit tcp 208.70.89.0 255.255.255.0 host xxx.yyy.140.194 eq smtp
access-list internal extended permit tcp 208.70.90.0 255.255.255.0 host xxx.yyy.140.194 eq smtp
access-list internal extended permit tcp 208.70.91.0 255.255.255.0 host xxx.yyy.140.194 eq smtp
access-list internal extended permit tcp 207.154.50.0 255.255.255.0 host xxx.yyy.140.194 eq smtp
access-list nonat extended permit ip any 172.50.10.0 255.255.255.0
access-list split_tunnel_list remark Coporate Network Behind the ASA
access-list Split_Tunnel_List standard permit 10.10.30.0 255.255.255.0
pager lines 24
logging enable
logging trap errors
logging asdm informational
logging host inside 10.10.30.5
mtu outside 1500
mtu inside 1500
mtu DMZ 1500
mtu management 1500
ip local pool vpn 172.50.10.10-172.50.10.15 mask 255.255.255.0
asdm image disk0:/asdm505.bin
no asdm history enable
arp timeout 14400
global (outside) 20 xxx.yyy.140.195-xxx.yyy.140.198 netmask 255.255.255.248
global (outside) 20 interface
nat (inside) 0 access-list nonat
nat (inside) 20 0.0.0.0 0.0.0.0
static (inside,outside) tcp interface pptp 10.10.30.5 pptp netmask 255.255.255.255
static (inside,outside) tcp xxx.yyy.140.194 https 10.10.30.7 https netmask 255.255.255.255
static (inside,outside) tcp xxx.yyy.140.194 smtp 10.10.30.7 smtp netmask 255.255.255.255
access-group internal in interface outside
route outside 0.0.0.0 0.0.0.0 xxx.yyy.140.193 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
group-policy DfltGrpPolicy attributes
 banner none
 wins-server none
 dns-server value 10.10.30.7 10.10.30.3
 dhcp-network-scope none
 vpn-access-hours none
 vpn-simultaneous-logins 3
 vpn-idle-timeout 30
 vpn-session-timeout none
 vpn-filter none
 vpn-tunnel-protocol IPSec webvpn
 password-storage disable
 ip-comp disable
 re-xauth disable
 group-lock none
 pfs disable
 ipsec-udp disable
 ipsec-udp-port 10000
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value Split_Tunnel_List
 default-domain value rim-ak.local
 split-dns none
 secure-unit-authentication disable
 user-authentication disable
 user-authentication-idle-timeout 30
 ip-phone-bypass disable
 leap-bypass disable
 nem disable
 backup-servers keep-client-config
 client-firewall none
 client-access-rule none
 webvpn
  functions url-entry
  port-forward-name value Application Access
username cfca password RuHvbzK3JEc885S0 encrypted privilege 15
aaa authentication ssh console LOCAL
http server enable
http 10.10.30.0 255.255.255.0 inside
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set admin esp-3des esp-sha-hmac
crypto dynamic-map dyn1 1 set transform-set admin
crypto dynamic-map dyn1 1 set reverse-route
crypto map mymap 1 ipsec-isakmp dynamic dyn1
crypto map mymap interface outside
isakmp enable outside
isakmp policy 1 authentication pre-share
isakmp policy 1 encryption 3des
isakmp policy 1 hash sha
isakmp policy 1 group 2
isakmp policy 1 lifetime 86400
tunnel-group admin type ipsec-ra
tunnel-group admin general-attributes
 address-pool vpn
tunnel-group admin ipsec-attributes
 pre-shared-key *
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 inside
ssh timeout 5
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd dns 209.112.130.2 209.112.160.2
dhcpd lease 3600
dhcpd ping_timeout 50
dhcpd enable management
!
class-map inspection_default
 match default-inspection-traffic
class-map class_pptp
 match port tcp range pptp 1724
!
!
policy-map global_policy
 class inspection_default
  inspect dns maximum-length 512
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
  inspect pptp
 class class_pptp
  inspect pptp
!
service-policy global_policy global
[+][-]04.25.2008 at 01:09PM PDT, ID: 21442850

View this solution now by starting your 7-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

 

About this solution

Zones: Virtual Private Networking (VPN), Networking Hardware Firewalls, Cisco PIX Firewall
Tags: Cisco, ASA, ASA5500, ASA5510, Cisco VPN Client
Sign Up Now!
Solution Provided By: batry_boy
Participating Experts: 1
Solution Grade: A
 
 
 
Loading Advertisement...
20080716-EE-VQP-32 / EE_QW_2_20070628