Cisco PIX unable to route to second interface from VPN clients
I have been able to route to second interface (inf2) from inside LAN. remote VPN Clients are in same subnet and can access internal resources, access internet with split tunnel, but unable to contact anything on inf2.
I have tried adding static routes, also removed split_tunnel -but to no avail.
PIX Version 7.2(2)
!
hostname LSPFWDSL
domain-name xxxxxxx.com.au
enable password <removed>
names
.........
dns-guard
!
interface Ethernet0
nameif outside
security-level 0
ip address 10.0.0.5 255.255.255.0
ospf cost 10
!
interface Ethernet1
speed 100
duplex full
nameif inside
security-level 100
ip address 192.1.11.7 255.255.255.0
ospf cost 10
rip send version 2
!
interface Ethernet2
nameif intf2
security-level 4
ip address dhcp setroute
ospf cost 10
rip send version 2
!
passwd <removed>
!
time-range Daytime-Workweek
periodic Monday 14:00 to Friday 17:30
periodic Monday 17:30 to Friday 13:00
!
time-range PohTime
absolute start 09:30 04 October 2007 end 17:00 04 October 2007
!
time-range war
periodic Monday 16:51 to Friday 17:39
periodic daily 13:00 to 13:30
periodic daily 10:00 to 10:29
periodic daily 11:00 to 11:30
periodic daily 12:00 to 12:30
periodic daily 9:00 to 9:29
!
boot system flash:/image.bin
ftp mode passive
clock timezone EST 10
clock summer-time EDT recurring last Sun Oct 2:00 last Sun Mar 3:00
dns domain-lookup outside
dns domain-lookup intf2
dns server-group DefaultDNS
domain-name lspcoms.com.au
........
access-list lsp_splitTunnelAcl standard permit VPNACCESS 255.255.255.0
access-list lsp_splitTunnelAcl standard permit SecondIntranet 255.255.0.0
access-list intf2_nat0_outbound extended permit ip VPNACCESS 255.255.255.0 VPNACCESS 255.255.255.0
access-list intf2_nat0_outbound extended permit ip SecondIntranet 255.255.0.0 VPNACCESS 255.255.255.0
pager lines 24
logging enable
logging timestamp
logging trap warnings
logging asdm notifications
logging device-id hostname
logging host inside gcost
logging host inside syslog
mtu outside 1400
mtu inside 1500
mtu intf2 1500
ip local pool remotepool2 192.1.11.145-192.1.11.146
ip local pool SoftPhonePool 192.1.11.108-192.1.11.109
ip local pool vpnpool 192.1.11.112-192.1.11.139
ip verify reverse-path interface outside
ip verify reverse-path interface inside
ip audit name infodrop info action alarm drop reset
ip audit name attachlog attack action alarm
ip audit name dropandlog attack action alarm drop reset
ip audit interface outside dropandlog
ip audit interface inside attachlog
ip audit signature 1000 disable
ip audit signature 1001 disable
ip audit signature 2000 disable
ip audit signature 2001 disable
ip audit signature 2004 disable
ip audit signature 6050 disable
icmp unreachable rate-limit 1 burst-size 1
asdm image flash:/pdm
asdm history enable
arp timeout 14400
global (outside) 1 interface
global (inside) 2 ExchangeSrv
global (intf2) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0 dns
nat (intf2) 0 access-list intf2_nat0_outbound
static (inside,outside) ExchgeStaticMap ExchangeSrv netmask 255.255.255.255
static (inside,outside) 10.0.0.86 VDCBOX netmask 255.255.255.255 dns
static (inside,outside) 10.0.0.87 LSPCRM netmask 255.255.255.255
static (inside,outside) 10.0.0.20 VOIPSignalling netmask 255.255.255.255
static (inside,outside) 10.0.0.88 PBX7400MCP netmask 255.255.255.255
static (inside,outside) 10.0.0.89 PBX7400MGI netmask 255.255.255.255
access-group outside_access_in in interface outside
access-group inside_access_in in interface inside
access-group intf2_access_in in interface intf2
route outside 0.0.0.0 0.0.0.0 LSPRouter 1
route inside 192.168.60.0 255.255.255.0 192.1.11.1 1
route intf2 SecondIntranet 255.255.0.0 172.24.40.1 1
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
group-policy DfltGrpPolicy attributes
banner none
wins-server none
dns-server value 192.1.11.77 192.1.11.2
dhcp-network-scope none
vpn-access-hours none
vpn-simultaneous-logins 3
vpn-idle-timeout 30
vpn-session-timeout none
vpn-filter none
vpn-tunnel-protocol IPSec
password-storage disable
ip-comp disable
re-xauth disable
group-lock none
pfs disable
ipsec-udp disable
ipsec-udp-port 10000
split-tunnel-policy tunnelall
split-tunnel-network-list value lspryanmehlhopt_splitTunne
default-domain value lspcoms.com.au
split-dns none
intercept-dhcp 255.255.255.255 disable
secure-unit-authentication
user-authentication disable
user-authentication-idle-t
ip-phone-bypass disable
leap-bypass disable
nem disable
backup-servers keep-client-config
msie-proxy server none
msie-proxy method no-modify
msie-proxy except-list none
msie-proxy local-bypass disable
nac disable
nac-sq-period 300
nac-reval-period 36000
nac-default-acl none
address-pools none
client-firewall none
client-access-rule none
group-policy LSPVPN internal
group-policy LSPVPN attributes
vpn-idle-timeout 30
split-tunnel-policy tunnelspecified
split-tunnel-network-list value LSPVPN_splitTunnelAcl
default-domain value lspcoms.com.au
....
http server enable
http gcost 255.255.255.255 inside
http RaysNotebook 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server community public
snmp-server enable traps snmp authentication linkup linkdown coldstart
sysopt connection timewait
sysopt connection tcpmss 1360
sysopt noproxyarp inside
service internal
service resetinbound
service resetoutside
...
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto ca trustpoint LSPCRL
enrollment self
serial-number
crl configure
crypto ca certificate chain LSPCRL
certificate 31
....
quit
crypto isakmp identity hostname
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 5
lifetime 86400
crypto isakmp policy 20
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
crypto isakmp policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp nat-traversal 60
....
tunnel-group lsp type ipsec-ra
tunnel-group lsp general-attributes
address-pool vpnpool
default-group-policy lsp
tunnel-group lsp ipsec-attributes
pre-shared-key *
telnet timeout 5
ssh timeout 5
ssh version 1
console timeout 0
dhcpd ping_timeout 750
dhcpd auto_config outside
!
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns migrated_dns_map_1
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns migrated_dns_map_1
inspect ftp
inspect h323 h225
inspect h323 ras
inspect http
inspect ils
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
!
service-policy global_policy global
tftp-server inside xxxx /InternetPIX
smtp-server 192.1.11.2
prompt hostname context
: end
I have tried adding static routes, also removed split_tunnel -but to no avail.
PIX Version 7.2(2)
!
hostname LSPFWDSL
domain-name xxxxxxx.com.au
enable password <removed>
names
.........
dns-guard
!
interface Ethernet0
nameif outside
security-level 0
ip address 10.0.0.5 255.255.255.0
ospf cost 10
!
interface Ethernet1
speed 100
duplex full
nameif inside
security-level 100
ip address 192.1.11.7 255.255.255.0
ospf cost 10
rip send version 2
!
interface Ethernet2
nameif intf2
security-level 4
ip address dhcp setroute
ospf cost 10
rip send version 2
!
passwd <removed>
!
time-range Daytime-Workweek
periodic Monday 14:00 to Friday 17:30
periodic Monday 17:30 to Friday 13:00
!
time-range PohTime
absolute start 09:30 04 October 2007 end 17:00 04 October 2007
!
time-range war
periodic Monday 16:51 to Friday 17:39
periodic daily 13:00 to 13:30
periodic daily 10:00 to 10:29
periodic daily 11:00 to 11:30
periodic daily 12:00 to 12:30
periodic daily 9:00 to 9:29
!
boot system flash:/image.bin
ftp mode passive
clock timezone EST 10
clock summer-time EDT recurring last Sun Oct 2:00 last Sun Mar 3:00
dns domain-lookup outside
dns domain-lookup intf2
dns server-group DefaultDNS
domain-name lspcoms.com.au
........
access-list lsp_splitTunnelAcl standard permit VPNACCESS 255.255.255.0
access-list lsp_splitTunnelAcl standard permit SecondIntranet 255.255.0.0
access-list intf2_nat0_outbound extended permit ip VPNACCESS 255.255.255.0 VPNACCESS 255.255.255.0
access-list intf2_nat0_outbound extended permit ip SecondIntranet 255.255.0.0 VPNACCESS 255.255.255.0
pager lines 24
logging enable
logging timestamp
logging trap warnings
logging asdm notifications
logging device-id hostname
logging host inside gcost
logging host inside syslog
mtu outside 1400
mtu inside 1500
mtu intf2 1500
ip local pool remotepool2 192.1.11.145-192.1.11.146
ip local pool SoftPhonePool 192.1.11.108-192.1.11.109
ip local pool vpnpool 192.1.11.112-192.1.11.139
ip verify reverse-path interface outside
ip verify reverse-path interface inside
ip audit name infodrop info action alarm drop reset
ip audit name attachlog attack action alarm
ip audit name dropandlog attack action alarm drop reset
ip audit interface outside dropandlog
ip audit interface inside attachlog
ip audit signature 1000 disable
ip audit signature 1001 disable
ip audit signature 2000 disable
ip audit signature 2001 disable
ip audit signature 2004 disable
ip audit signature 6050 disable
icmp unreachable rate-limit 1 burst-size 1
asdm image flash:/pdm
asdm history enable
arp timeout 14400
global (outside) 1 interface
global (inside) 2 ExchangeSrv
global (intf2) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0 dns
nat (intf2) 0 access-list intf2_nat0_outbound
static (inside,outside) ExchgeStaticMap ExchangeSrv netmask 255.255.255.255
static (inside,outside) 10.0.0.86 VDCBOX netmask 255.255.255.255 dns
static (inside,outside) 10.0.0.87 LSPCRM netmask 255.255.255.255
static (inside,outside) 10.0.0.20 VOIPSignalling netmask 255.255.255.255
static (inside,outside) 10.0.0.88 PBX7400MCP netmask 255.255.255.255
static (inside,outside) 10.0.0.89 PBX7400MGI netmask 255.255.255.255
access-group outside_access_in in interface outside
access-group inside_access_in in interface inside
access-group intf2_access_in in interface intf2
route outside 0.0.0.0 0.0.0.0 LSPRouter 1
route inside 192.168.60.0 255.255.255.0 192.1.11.1 1
route intf2 SecondIntranet 255.255.0.0 172.24.40.1 1
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
group-policy DfltGrpPolicy attributes
banner none
wins-server none
dns-server value 192.1.11.77 192.1.11.2
dhcp-network-scope none
vpn-access-hours none
vpn-simultaneous-logins 3
vpn-idle-timeout 30
vpn-session-timeout none
vpn-filter none
vpn-tunnel-protocol IPSec
password-storage disable
ip-comp disable
re-xauth disable
group-lock none
pfs disable
ipsec-udp disable
ipsec-udp-port 10000
split-tunnel-policy tunnelall
split-tunnel-network-list value lspryanmehlhopt_splitTunne
default-domain value lspcoms.com.au
split-dns none
intercept-dhcp 255.255.255.255 disable
secure-unit-authentication
user-authentication disable
user-authentication-idle-t
ip-phone-bypass disable
leap-bypass disable
nem disable
backup-servers keep-client-config
msie-proxy server none
msie-proxy method no-modify
msie-proxy except-list none
msie-proxy local-bypass disable
nac disable
nac-sq-period 300
nac-reval-period 36000
nac-default-acl none
address-pools none
client-firewall none
client-access-rule none
group-policy LSPVPN internal
group-policy LSPVPN attributes
vpn-idle-timeout 30
split-tunnel-policy tunnelspecified
split-tunnel-network-list value LSPVPN_splitTunnelAcl
default-domain value lspcoms.com.au
....
http server enable
http gcost 255.255.255.255 inside
http RaysNotebook 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server community public
snmp-server enable traps snmp authentication linkup linkdown coldstart
sysopt connection timewait
sysopt connection tcpmss 1360
sysopt noproxyarp inside
service internal
service resetinbound
service resetoutside
...
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto ca trustpoint LSPCRL
enrollment self
serial-number
crl configure
crypto ca certificate chain LSPCRL
certificate 31
....
quit
crypto isakmp identity hostname
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 5
lifetime 86400
crypto isakmp policy 20
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
crypto isakmp policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp nat-traversal 60
....
tunnel-group lsp type ipsec-ra
tunnel-group lsp general-attributes
address-pool vpnpool
default-group-policy lsp
tunnel-group lsp ipsec-attributes
pre-shared-key *
telnet timeout 5
ssh timeout 5
ssh version 1
console timeout 0
dhcpd ping_timeout 750
dhcpd auto_config outside
!
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns migrated_dns_map_1
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns migrated_dns_map_1
inspect ftp
inspect h323 h225
inspect h323 ras
inspect http
inspect ils
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
!
service-policy global_policy global
tftp-server inside xxxx /InternetPIX
smtp-server 192.1.11.2
prompt hostname context
: end
straight of the config your vpn pool is in the same range as your lan -192.168.11.0-this always causes problems with accesiing the lan for vpn users-change it to something like 192.168.3.0
object-group VPNACCESS does not exist in your config. Type the networks you want to split tunnel instead.
split-tunnel-network-list value LSPVPN_splitTunnelAcl
access-list lsp_splitTunnelAcl
The split tunnel acl name you specified for your group policy does not match.
Lets say that x.x.x.x 255.255.255.0 is your network in intf2 (put your own values below instead)
ip local pool RAvpnpool 192.1.11.97-192.1.11.126
no access-list lsp_splitTunnelAcl standard permit VPNACCESS 255.255.255.0
no access-list lsp_splitTunnelAcl standard permit SecondIntranet 255.255.0.0
tunnel-group lsp general-attributes
address-pool RAvpnpool
default-group-policy LSPVPN
access-list LSPVPN_splitTunnelAcl standard permit SecondIntranet 255.255.0.0 (what is secondintranet?)
access-list LSPVPN_splitTunnelAcl extended permit ip 10.0.0.0 255.255.255.0 192.1.11.96 255.255.255.224
access-list LSPVPN_splitTunnelAcl extended permit ip x.x.x.x 255.255.255.0 192.1.11.96 255.255.255.224
no access-list intf2_nat0_outbound extended permit ip VPNACCESS 255.255.255.0 VPNACCESS 255.255.255.0
access-list intf2_nat0_outbound extended permit ip 192.1.11.96 255.255.255.224 x.x.x.x 255.255.255.0
either your configuration is missing or you didnt post the complete config. If you didn't please ignore my above recommendations and post all config.
Regards
split-tunnel-network-list value LSPVPN_splitTunnelAcl
access-list lsp_splitTunnelAcl
The split tunnel acl name you specified for your group policy does not match.
Lets say that x.x.x.x 255.255.255.0 is your network in intf2 (put your own values below instead)
ip local pool RAvpnpool 192.1.11.97-192.1.11.126
no access-list lsp_splitTunnelAcl standard permit VPNACCESS 255.255.255.0
no access-list lsp_splitTunnelAcl standard permit SecondIntranet 255.255.0.0
tunnel-group lsp general-attributes
address-pool RAvpnpool
default-group-policy LSPVPN
access-list LSPVPN_splitTunnelAcl standard permit SecondIntranet 255.255.0.0 (what is secondintranet?)
access-list LSPVPN_splitTunnelAcl extended permit ip 10.0.0.0 255.255.255.0 192.1.11.96 255.255.255.224
access-list LSPVPN_splitTunnelAcl extended permit ip x.x.x.x 255.255.255.0 192.1.11.96 255.255.255.224
no access-list intf2_nat0_outbound extended permit ip VPNACCESS 255.255.255.0 VPNACCESS 255.255.255.0
access-list intf2_nat0_outbound extended permit ip 192.1.11.96 255.255.255.224 x.x.x.x 255.255.255.0
either your configuration is missing or you didnt post the complete config. If you didn't please ignore my above recommendations and post all config.
Regards
correction
ip local pool RAvpnpool 192.1.12.97-192.1.12.126
do the 12 for other ACLs
ip local pool RAvpnpool 192.1.12.97-192.1.12.126
do the 12 for other ACLs
ASKER
Thanks poweruser32:a
I tried changing the range, but its not that simple unfortunately... Still wont route over the second network int.
Thanks Mr Husy:
I get cannot mix access types, I see now that you have a standard acl and an extended one called the same??? I did change the range from 192.1.11 to 192.1.12 and implemented the config in extended format but to no avail. It appears the inside mask (local lan) network range is missing.
So I have included the complete config here:
PIX Version 7.2(2)
!
hostname LSPFWDSL
domain-name lspcoms.com.au
enable password <removed>
names
name 192.1.11.48 gcost
name 10.0.0.1 LSPRouter
name 10.0.0.19 SyslogSvrMap
name 192.1.11.71 syslog
name 192.1.11.0 VPNACCESS
name 192.1.11.2 ExchangeSrv
name 192.1.11.89 JHemmett
name 203.30.164.240 popozhosting.com
name 192.1.11.18 raysmith
name 203.0.0.0 bigpondusers
name 192.1.11.99 joseph
name 192.1.11.16 Warehouse
name 192.1.11.77 Master1
name 192.1.11.22 PILLAI
name 192.1.11.5 RWYLIE
name 192.1.11.47 SMARTO
name 192.1.11.15 TomsNotebook
name 192.1.11.81 Celms
name 10.0.0.4 ExchgeStaticMap
name 10.0.0.2 LSPWebServer
name 192.1.11.36 ChrisChalkley
name 192.1.11.223 VDCBOX
name 192.1.11.50 CTIServer
name 192.1.11.25 RobAllan
name 144.0.0.0 Bigpond-TMNS
name 202.161.0.0 AlphalinkDialup
name 192.1.11.90 RONPC
name 210.50.3.43 bradwiprimus
name 192.1.11.44 Katherine
name 192.1.11.17 Margaret
name 192.1.11.94 PaulMitchell
name 192.1.11.14 VirginiaFreeman
name 203.254.221.9 SamsungDocs
name 211.45.27.198 SamsungDocs2
name 192.1.11.20 LSPSpare
name 207.46.156.121 MSUPDATE1
name 207.46.249.56 MSUPDATE2
name 207.46.197.59 MSUPDATE4
name 208.185.174.65 MSUPDATE3
name 207.46.156.252 MSUPDATE5
name 192.1.11.10 RaysNotebook
name 202.138.192.201 internetCafe
name 192.1.11.21 WayneWhitten
name 192.1.11.88 ValerieHatton
name 192.1.11.35 EarleR
name 192.1.11.13 MarkP
name 10.0.0.85 YahooIP
name 192.1.11.79 WhatsUpGold
name 192.168.20.2 InsideMaster1
name 192.1.11.3 LSPMASTERFW
name 192.1.11.54 Jennyl
name 203.26.24.213 Bradw_home
name 203.30.164.231 popozhostingcom1
name 147.0.0.0 BigpondDialin2
name 203.30.164.225 popozhosting3
name 203.59.135.81 MarkTempPerth
name 192.1.11.76 LSPCRM
name 203.100.229.223 customersystems
name 192.1.11.229 MGI2
name 192.1.11.74 RobAllanNotebook
name 192.1.11.73 NeilFreeman
name 192.1.11.30 ChrisLynch
name 192.1.11.12 JohnsIPVideoPh2
name 192.1.11.11 JohnsIPVideoPh
name 192.1.11.29 ldbaudit
name 192.1.11.110 markpnotebook
name 61.95.45.75 DanielO-Apollo
name 60.240.57.63 RyanMHome
name 138.217.168.23 JohnHemmettCable
name 192.1.11.176 SohoMaster
name 192.1.11.220 VOIPSignalling
name 192.1.11.38 RonS
name 192.1.11.26 LisaS
name 192.1.11.72 PrueBrooks
name 192.1.11.52 Mandeep
name 211.39.137.155 hotmail
name 210.50.6.166 MelodyIprimus
name 222.109.84.3 ChrisKorea
name 220.253.43.171 JennyHome
name 192.1.11.104 JohnsNotebook
name 192.1.11.34 EarlNotebook description Earles Notebook
name 192.1.11.86 JosephNotebook
name 192.1.11.37 PeterNNotebook description PeterNNotebook
name 58.168.100.86 JoeBHome description JoeBHome
name 192.1.11.27 pbailye description pbaileyPC
name 192.1.11.28 Craigsnote description Craigs Notebook
name 192.1.11.24 DanielR description DanielR
name 192.168.20.0 IP_PhoneDomain description 192.168.20.0
name 192.168.60.10 PBX7400MCP description 192.168.60.10
name 192.168.60.11 PBX7400MGI description 192.168.60.11
name 172.17.0.0 Connx
name 172.24.0.0 CommanderIntranet
name 210.50.107.80 MelodyHome description MelodyHome
dns-guard
!
interface Ethernet0
nameif outside
security-level 0
ip address 10.0.0.5 255.255.255.0
ospf cost 10
!
interface Ethernet1
speed 100
duplex full
nameif inside
security-level 100
ip address 192.1.11.7 255.255.255.0
ospf cost 10
rip send version 2
!
interface Ethernet2
nameif intf2
security-level 4
ip address dhcp setroute
ospf cost 10
rip send version 2
!
passwd <removed>
!
time-range Daytime-Workweek
periodic Monday 14:00 to Friday 17:30
periodic Monday 17:30 to Friday 13:00
!
time-range PohTime
absolute start 09:30 04 October 2007 end 17:00 04 October 2007
!
time-range war
periodic Monday 16:51 to Friday 17:39
periodic daily 13:00 to 13:30
periodic daily 10:00 to 10:29
periodic daily 11:00 to 11:30
periodic daily 12:00 to 12:30
periodic daily 9:00 to 9:29
!
boot system flash:/image.bin
ftp mode passive
clock timezone EST 10
clock summer-time EDT recurring last Sun Oct 2:00 last Sun Mar 3:00
dns domain-lookup outside
dns domain-lookup intf2
dns server-group DefaultDNS
domain-name lspcoms.com.au
object-group service PCAnywhereData tcp
port-object range pcanywhere-data pcanywhere-data
port-object eq 5800
port-object eq 5900
object-group service PCAnywhereStatus udp
port-object range pcanywhere-status pcanywhere-status
object-group service YahooMsgVoice tcp
port-object range 5000 5010
object-group service YahooMsgVideo tcp
port-object range 5100 5100
object-group service YahooMsgVoiceUDP udp
port-object range 5055 5055
port-object range 5000 5010
object-group service VOIPSignaling udp
description VOIP Signaling Channel
port-object range 6000 6000
port-object range 9000 9000
port-object eq sip
object-group service VOIPIPNetwork tcp
description VOIP IP Networking
port-object range h323 h323
port-object range 6100 6100
object-group service SamsungDocs tcp
port-object range 7000 7010
port-object eq www
port-object eq https
port-object range 5000 5001
port-object eq pop3
port-object eq imap4
port-object range 8888 8888
port-object eq telnet
object-group service VDCLinker tcp
description Licencing Server
port-object eq 6000
object-group service RemoteEmail tcp
port-object eq pop3
port-object eq https
port-object eq www
object-group service softphone udp
port-object range 6000 6001
port-object range 30000 30030
port-object range 9000 9001
object-group service m tcp
port-object range 6881 6890
object-group service VPNsOut udp
description VPNsOut
port-object eq 62515
port-object eq isakmp
port-object eq 18234
port-object eq 2746
port-object eq 4500
object-group network WIPAcc
description WIP Access Points
network-object host 192.1.11.140
network-object host 192.1.11.141
network-object host 192.1.11.142
network-object host 192.1.11.143
object-group service VoipChannels udp
description VoipChannels
port-object range 30000 30031
object-group network DCSLABSYSTEM
description DCS LAB SYSTEM
network-object host 192.1.11.209
network-object host 192.1.11.210
network-object host 192.1.11.211
network-object host 192.1.11.212
network-object host 192.1.11.213
network-object host 192.1.11.214
network-object host 192.1.11.215
network-object host 192.1.11.216
network-object host 192.1.11.217
network-object host 192.1.11.218
network-object host 192.1.11.219
object-group network PowerTel
description PowerTel
network-object host 202.92.64.18
network-object host 202.92.64.54
object-group network LSPVPNGROUP
description LSPVPNGROUP
network-object 192.168.11.0 255.255.255.0
access-list inside_access_in remark All dns access
access-list inside_access_in extended permit udp any any eq domain
access-list inside_access_in extended permit icmp any any echo
access-list inside_access_in extended permit tcp IP_PhoneDomain 255.255.255.0 any eq sip
access-list inside_access_in extended permit ip host ExchangeSrv any
access-list inside_access_in remark All dns access
access-list inside_access_in extended permit udp VPNACCESS 255.255.255.0 any object-group softphone
access-list inside_access_in extended permit udp object-group LSPVPNGROUP any
access-list inside_access_in extended permit udp host VOIPSignalling any object-group VOIPSignaling
access-list inside_access_in extended permit udp host 192.1.11.177 any object-group VOIPSignaling
access-list inside_access_in extended permit udp host 192.1.11.178 any
access-list inside_access_in extended permit tcp host VOIPSignalling any object-group VOIPIPNetwork
access-list inside_access_in extended permit tcp host 192.1.11.177 any object-group VOIPIPNetwork
access-list inside_access_in remark Voip Networking
access-list inside_access_in extended permit tcp host VOIPSignalling any eq h323
access-list inside_access_in extended permit ip host LSPCRM any
access-list inside_access_in extended permit tcp host SMARTO host VETSITE eq www
access-list inside_access_in extended permit tcp host 192.1.11.53 any object-group SamsungDocs
access-list inside_access_in extended permit tcp host raysmith any eq pop3
access-list inside_access_in extended permit tcp host raysmith any object-group YahooMsgVideo
access-list inside_access_in extended permit tcp host raysmith any object-group YahooMsgVoice
access-list inside_access_in extended permit udp host raysmith any object-group YahooMsgVoiceUDP
access-list inside_access_in remark pop.ozhosting.com
access-list inside_access_in extended permit tcp host raysmith any object-group SamsungDocs
access-list inside_access_in remark pop.ozhosting.com
access-list inside_access_in extended permit tcp host Craigsnote any object-group SamsungDocs
access-list inside_access_in remark pop.ozhosting.com
access-list inside_access_in extended permit tcp host RaysNotebook any object-group SamsungDocs
access-list inside_access_in remark pop.ozhosting.com
access-list inside_access_in extended permit ip host RaysNotebook any
access-list inside_access_in remark pop.ozhosting.com
access-list inside_access_in extended permit tcp host gcost any eq ftp
access-list inside_access_in extended permit tcp host JHemmett any object-group SamsungDocs
access-list inside_access_in extended deny ip host JohnsIPVideoPh any
access-list inside_access_in remark pop.ozhosting.com
access-list inside_access_in extended deny ip host JohnsIPVideoPh2 any
access-list inside_access_in remark pop.ozhosting.com
access-list inside_access_in extended permit tcp host gcost any eq telnet
access-list inside_access_in extended permit tcp host gcost any object-group SamsungDocs
access-list inside_access_in extended permit udp host gcost any eq tftp
access-list inside_access_in extended permit udp host gcost any object-group YahooMsgVoiceUDP
access-list inside_access_in extended permit tcp host gcost any object-group YahooMsgVideo
access-list inside_access_in extended permit tcp host gcost any object-group YahooMsgVoice
access-list inside_access_in extended permit tcp host gcost any eq pop3
access-list inside_access_in extended permit udp host gcost any eq snmp
access-list inside_access_in extended permit ip host gcost any
access-list inside_access_in extended permit tcp host Warehouse any eq ftp
access-list inside_access_in extended permit tcp host Warehouse any object-group SamsungDocs
access-list inside_access_in extended permit tcp host LSPSpare any object-group SamsungDocs
access-list inside_access_in extended permit tcp host JHemmett any eq ftp
access-list inside_access_in extended permit tcp host syslog any object-group SamsungDocs
access-list inside_access_in extended permit tcp host JHemmett any eq 8080
access-list inside_access_in extended permit tcp host SohoMaster any eq 8080
access-list inside_access_in extended permit tcp host SohoMaster any object-group SamsungDocs
access-list inside_access_in extended permit tcp host SohoMaster any eq ftp
access-list inside_access_in extended permit udp host Master1 any eq domain
access-list inside_access_in extended permit udp host LSPMASTERFW any eq domain
access-list inside_access_in extended permit tcp host joseph any object-group PCAnywhereData
access-list inside_access_in extended permit udp host joseph any object-group PCAnywhereStatus
access-list inside_access_in extended permit tcp host joseph any object-group SamsungDocs
access-list inside_access_in extended permit tcp host joseph any eq ftp
access-list inside_access_in extended permit udp host joseph any eq 2746
access-list inside_access_in extended permit udp host joseph any eq 4500
access-list inside_access_in extended permit udp host joseph any eq 62515
access-list inside_access_in extended permit udp host JHemmett any eq 62515
access-list inside_access_in extended permit udp host JHemmett any eq 18234
access-list inside_access_in extended permit udp host JohnsNotebook any eq 18234
access-list inside_access_in extended permit udp host joseph any eq 18234
access-list inside_access_in extended permit udp host JohnsNotebook any eq isakmp
access-list inside_access_in extended permit udp host joseph any eq isakmp
access-list inside_access_in extended permit udp host JHemmett any eq isakmp
access-list inside_access_in extended permit tcp host ChrisLynch any object-group SamsungDocs
access-list inside_access_in extended permit tcp host DanielR any object-group SamsungDocs
access-list inside_access_in extended permit tcp host EarleR any object-group SamsungDocs
access-list inside_access_in extended permit tcp host ChrisChalkley any object-group SamsungDocs
access-list inside_access_in remark Voip Networking
access-list inside_access_in extended permit tcp host Celms any eq telnet
access-list inside_access_in extended permit udp host Celms any eq snmp
access-list inside_access_in extended permit tcp host MarkP any object-group SamsungDocs
access-list inside_access_in extended permit tcp host Jennyl any object-group SamsungDocs
access-list inside_access_in extended permit tcp host PrueBrooks any object-group SamsungDocs
access-list inside_access_in extended permit tcp host Celms any object-group SamsungDocs
access-list inside_access_in extended permit tcp host RONPC any object-group SamsungDocs
access-list inside_access_in extended permit tcp host PeterNNotebook any object-group SamsungDocs
access-list inside_access_in extended permit tcp host Katherine any object-group SamsungDocs
access-list inside_access_in extended permit tcp host Margaret any object-group SamsungDocs
access-list inside_access_in extended permit tcp host PaulMitchell any object-group SamsungDocs
access-list inside_access_in extended permit tcp host PaulMitchell any eq 3389
access-list inside_access_in extended permit tcp host RobAllanNotebook any object-group SamsungDocs
access-list inside_access_in extended permit tcp host Mandeep any object-group SamsungDocs
access-list inside_access_in extended permit tcp host RobAllan any object-group SamsungDocs
access-list inside_access_in extended permit tcp host VirginiaFreeman any object-group SamsungDocs
access-list inside_access_in extended permit udp host JHemmett any object-group VPNsOut
access-list inside_access_in extended permit udp host joseph any object-group VPNsOut
access-list inside_access_in extended permit udp host JohnsNotebook any object-group VPNsOut
access-list inside_access_in extended permit udp host JosephNotebook any object-group VPNsOut
access-list inside_access_in extended permit tcp host TomsNotebook any object-group SamsungDocs
access-list inside_access_in extended permit tcp host JohnsNotebook any object-group SamsungDocs
access-list inside_access_in extended permit tcp host JohnsNotebook any eq sip
access-list inside_access_in extended permit tcp host ValerieHatton any object-group SamsungDocs
access-list inside_access_in extended permit tcp host WayneWhitten any object-group SamsungDocs
access-list inside_access_in extended permit tcp host WayneWhitten any eq ftp
access-list inside_access_in extended permit tcp host LisaS any object-group SamsungDocs
access-list inside_access_in extended permit tcp host PILLAI any object-group SamsungDocs
access-list inside_access_in extended permit tcp host RWYLIE any object-group SamsungDocs
access-list inside_access_in extended permit tcp host RonS any object-group SamsungDocs
access-list inside_access_in extended permit tcp host NeilFreeman any object-group SamsungDocs
access-list inside_access_in extended permit tcp host ldbaudit any object-group SamsungDocs
access-list inside_access_in extended permit tcp host ldbaudit any eq 3389
access-list inside_access_in extended permit tcp host JosephNotebook any object-group SamsungDocs
access-list inside_access_in extended permit tcp host pbailye any object-group SamsungDocs
access-list inside_access_in extended permit tcp host EarlNotebook any object-group SamsungDocs
access-list inside_access_in extended permit tcp host markpnotebook any object-group SamsungDocs
access-list inside_access_in extended permit ip host Master1 VPNACCESS 255.255.255.0
access-list inside_access_in extended permit ip host VDCBOX VPNACCESS 255.255.255.0
access-list inside_access_in extended permit ip host VOIPSignalling VPNACCESS 255.255.255.0
access-list inside_access_in extended permit udp host PBX7400MCP any object-group VOIPSignaling
access-list inside_access_in extended deny ip host LSPCRM host customersystems
access-list inside_access_in extended deny ip host LSPCRM any
access-list inside_access_in extended deny ip any any log disable
access-list inside_access_in extended deny ip object-group DCSLABSYSTEM any
access-list outside_access_in extended permit icmp any any echo-reply
access-list outside_access_in extended deny icmp object-group PowerTel any
access-list outside_access_in extended permit tcp host bradwiprimus host ExchgeStaticMap object-group RemoteEmail
access-list outside_access_in extended permit tcp host MelodyIprimus host ExchgeStaticMap object-group RemoteEmail
access-list outside_access_in extended permit tcp host JohnHemmettCable host ExchgeStaticMap object-group RemoteEmail
access-list outside_access_in extended permit tcp host Bradw_home host ExchgeStaticMap object-group RemoteEmail
access-list outside_access_in extended permit tcp host JennyHome host ExchgeStaticMap object-group RemoteEmail
access-list outside_access_in extended permit tcp host MelodyHome host ExchgeStaticMap object-group RemoteEmail
access-list outside_access_in extended permit tcp host JoeBHome host ExchgeStaticMap object-group RemoteEmail
access-list outside_access_in extended permit tcp bigpondusers 255.0.0.0 host ExchgeStaticMap object-group RemoteEmail
access-list outside_access_in extended permit tcp BigpondDialin2 255.0.0.0 host ExchgeStaticMap object-group RemoteEmail
access-list outside_access_in extended permit udp any host 10.0.0.20 object-group VOIPSignaling
access-list outside_access_in extended permit udp any host 10.0.0.88 object-group VOIPSignaling
access-list outside_access_in extended permit tcp Bigpond-TMNS 255.0.0.0 host ExchgeStaticMap object-group RemoteEmail
access-list outside_access_in extended permit tcp any host 10.0.0.20 object-group VOIPIPNetwork
access-list outside_access_in extended permit udp any host 10.0.0.89 object-group VoipChannels
access-list outside_access_in extended permit tcp any host 10.0.0.86 object-group VDCLinker
access-list outside_access_in extended permit tcp any host 10.0.0.20 eq h323
access-list outside_access_in extended permit tcp any host 10.0.0.88 eq h323
access-list outside_access_in extended permit ip host customersystems host 10.0.0.87 time-range PohTime
access-list outside_access_in extended deny tcp 138.0.0.0 255.0.0.0 host ExchgeStaticMap eq www
access-list outside_access_in extended deny tcp host 138.217.166.238 host ExchgeStaticMap eq www
access-list outside_access_in extended deny ip any any log disable
access-list inside_acinside_access_in extended permit tcp host gcost any object-group SamsungDocs
access-list outside_accesmanlsp_splitT
access-list outside_cryptomap_dyn_20 extended permit ip any any
access-list LSPVPN_splitTunnelAcl extended permit ip object-group LSPVPNGROUP interface intf2
access-list LSPVPN_splitTunnelAcl extended permit ip VPNACCESS 255.255.255.0 any
access-list outside_cryptomap_dyn_40 extended permit ip any 192.1.11.112 255.255.255.248
access-list intf2_access_in extended permit ip any VPNACCESS 255.255.255.0
access-list intf2_access_in extended permit ip any object-group LSPVPNGROUP
access-list intf2_access_in extended permit icmp any any
access-list default_out_rip_acl standard deny any
access-list 159 extended permit ip host popozhosting3 any
access-list 159 extended permit ip any host popozhosting3
access-list inside_nat0_outbound extended permit ip any VPNACCESS 255.255.255.0
access-list inside_nat0_outbound extended permit ip any 192.168.11.0 255.255.255.0
access-list webcap extended permit tcp host 220.245.199.125 eq www any
access-list lsp_splitTunnelAcl standard permit VPNACCESS 255.255.255.0
access-list lsp_splitTunnelAcl standard permit CommanderIntranet 255.255.0.0
access-list lsp_splitTunnelAcl standard permit Connx 255.255.0.0
access-list intf2_nat0_outbound extended permit ip 192.1.12.96 255.255.255.224 172.0.0.0 255.0.0.0
access-list testACL_ALL standard permit 192.168.11.0 255.255.255.0
pager lines 24
logging enable
logging timestamp
logging trap warnings
logging asdm notifications
logging device-id hostname
logging host inside gcost
logging host inside syslog
mtu outside 1400
mtu inside 1500
mtu intf2 1500
ip local pool remotepool JohnsIPVideoPh2-raysmith
ip local pool remotepool2 192.1.11.145-192.1.11.146
ip local pool SoftPhonePool 192.1.11.108-192.1.11.109
ip local pool vpnpool 192.1.11.112-192.1.11.139
ip local pool SamsungTest 192.1.11.23 mask 255.255.255.255
ip local pool LSPVPNPOOL 192.1.12.97-192.1.12.126 mask 255.255.255.0
ip verify reverse-path interface outside
ip verify reverse-path interface inside
ip audit name dropandlog attack action alarm drop reset
ip audit name attachlog attack action alarm
ip audit name infodrop info action alarm drop reset
ip audit interface outside dropandlog
ip audit interface inside attachlog
ip audit signature 1000 disable
ip audit signature 1001 disable
ip audit signature 2000 disable
ip audit signature 2001 disable
ip audit signature 2004 disable
ip audit signature 6050 disable
icmp unreachable rate-limit 1 burst-size 1
asdm image flash:/pdm
asdm history enable
arp timeout 14400
nat-control
global (outside) 1 interface
global (inside) 2 ExchangeSrv
global (intf2) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0 dns
nat (intf2) 0 access-list intf2_nat0_outbound
static (inside,outside) ExchgeStaticMap ExchangeSrv netmask 255.255.255.255
static (inside,outside) 10.0.0.86 VDCBOX netmask 255.255.255.255 dns
static (inside,outside) 10.0.0.87 LSPCRM netmask 255.255.255.255
static (inside,outside) 10.0.0.20 VOIPSignalling netmask 255.255.255.255
static (inside,outside) 10.0.0.88 PBX7400MCP netmask 255.255.255.255
static (inside,outside) 10.0.0.89 PBX7400MGI netmask 255.255.255.255
access-group outside_access_in in interface outside
access-group inside_access_in in interface inside
access-group intf2_access_in in interface intf2
route outside 0.0.0.0 0.0.0.0 LSPRouter 1
route inside 192.168.60.0 255.255.255.0 192.1.11.1 1
route intf2 CommanderIntranet 255.255.0.0 172.24.40.1 1
route intf2 Connx 255.255.0.0 172.24.40.1 1
!
router rip
version 2
!
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
group-policy DfltGrpPolicy attributes
banner none
wins-server none
dns-server value 192.1.11.77 192.1.11.2
dhcp-network-scope none
vpn-access-hours none
vpn-simultaneous-logins 3
vpn-idle-timeout 30
vpn-session-timeout none
vpn-filter none
vpn-tunnel-protocol IPSec
password-storage disable
ip-comp disable
re-xauth disable
group-lock none
pfs disable
ipsec-udp disable
ipsec-udp-port 10000
split-tunnel-policy tunnelall
split-tunnel-network-list value LSPVPN_splitTunnelAcl
default-domain value lspcoms.com.au
split-dns none
intercept-dhcp 255.255.255.255 disable
secure-unit-authentication
user-authentication disable
user-authentication-idle-t
ip-phone-bypass disable
leap-bypass disable
nem disable
backup-servers keep-client-config
msie-proxy server none
msie-proxy method no-modify
msie-proxy except-list none
msie-proxy local-bypass disable
nac disable
nac-sq-period 300
nac-reval-period 36000
nac-default-acl none
address-pools none
client-firewall none
client-access-rule none
group-policy raysmitht-tunnel internal
group-policy raysmitht-tunnel attributes
vpn-idle-timeout 30
group-policy raysmithlsp internal
group-policy raysmithlsp attributes
vpn-idle-timeout 30
split-tunnel-policy tunnelspecified
split-tunnel-network-list value LSPVPN_splitTunnelAcl
default-domain value lspcoms.com.au
group-policy lsp internal
group-policy lsp attributes
dns-server value 192.1.11.77 192.1.11.2
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value LSPVPN_splitTunnelAcl
default-domain value lspcoms.com.au
group-policy josephaulsp internal
group-policy josephaulsp attributes
split-tunnel-policy tunnelspecified
split-tunnel-network-list value LSPVPN_splitTunnelAcl
default-domain value lspcoms.com.au
group-policy peterniclsp internal
group-policy peterniclsp attributes
vpn-idle-timeout 30
split-tunnel-policy tunnelspecified
split-tunnel-network-list value LSPVPN_splitTunnelAcl
default-domain value lspcoms.com.au
group-policy johnhemmettlsp internal
group-policy johnhemmettlsp attributes
vpn-idle-timeout 30
split-tunnel-policy tunnelspecified
split-tunnel-network-list value LSPVPN_splitTunnelAcl
default-domain value lspcoms.com.au
group-policy GroupPolicy1 internal
group-policy melodyy internal
group-policy melodyy attributes
vpn-idle-timeout 30
split-tunnel-policy tunnelspecified
split-tunnel-network-list value LSPVPN_splitTunnelAcl
default-domain value lspcoms.com.au
group-policy chrislynchlsp internal
group-policy chrislynchlsp attributes
vpn-idle-timeout 30
split-tunnel-policy tunnelspecified
split-tunnel-network-list value LSPVPN_splitTunnelAcl
default-domain value lspcoms.com.au
group-policy neilfreemanlsp internal
group-policy neilfreemanlsp attributes
vpn-idle-timeout 30
split-tunnel-policy tunnelspecified
split-tunnel-network-list value LSPVPN_splitTunnelAcl
default-domain value lspcoms.com.au
group-policy tomdiconzalsp internal
group-policy tomdiconzalsp attributes
vpn-idle-timeout 30
split-tunnel-policy tunnelspecified
split-tunnel-network-list value LSPVPN_splitTunnelAcl
default-domain value lspcoms.com.au
group-policy ronslsp internal
group-policy ronslsp attributes
vpn-idle-timeout 30
split-tunnel-policy tunnelspecified
split-tunnel-network-list value LSPVPN_splitTunnelAcl
default-domain value lspcoms.com.au
group-policy lspjoeblsp internal
group-policy lspjoeblsp attributes
vpn-idle-timeout 30
split-tunnel-policy tunnelspecified
split-tunnel-network-list value LSPVPN_splitTunnelAcl
default-domain value lspcoms.com.au
group-policy lsppbaileylsp internal
group-policy lsppbaileylsp attributes
split-tunnel-policy tunnelspecified
split-tunnel-network-list value LSPVPN_splitTunnelAcl
default-domain value lspcoms.com.au
group-policy lspmarkplsp internal
group-policy lspearler internal
group-policy lspearler attributes
vpn-idle-timeout 30
split-tunnel-policy tunnelspecified
split-tunnel-network-list value LSPVPN_splitTunnelAcl
default-domain value lspcoms.com.au
group-policy lspdanielrimmer internal
group-policy lspdanielrimmer attributes
vpn-idle-timeout 30
split-tunnel-policy tunnelspecified
split-tunnel-network-list value LSPVPN_splitTunnelAcl
default-domain value lspcoms.com.au
group-policy lspgregcost internal
group-policy lspgregcost attributes
vpn-idle-timeout 30
split-tunnel-policy tunnelspecified
split-tunnel-network-list none
default-domain value lspcoms.com.au
group-policy lspbradwhyte internal
group-policy lspbradwhyte attributes
vpn-idle-timeout 30
split-tunnel-policy tunnelspecified
split-tunnel-network-list value LSPVPN_splitTunnelAcl
default-domain value lspcoms.com.au
group-policy lspwayne internal
group-policy lspwayne attributes
vpn-idle-timeout 30
split-tunnel-policy tunnelspecified
split-tunnel-network-list value LSPVPN_splitTunnelAcl
default-domain value lspcoms.com.au
group-policy lsppbailye internal
group-policy lsppbailye attributes
vpn-idle-timeout 30
split-tunnel-policy tunnelspecified
split-tunnel-network-list value LSPVPN_splitTunnelAcl
default-domain value lspcoms.com.au
group-policy lspericakaul internal
group-policy lspericakaul attributes
vpn-idle-timeout 30
split-tunnel-policy tunnelspecified
split-tunnel-network-list value LSPVPN_splitTunnelAcl
default-domain value lspcoms.com.au
group-policy lsppaulmitchell internal
group-policy lsppaulmitchell attributes
split-tunnel-policy tunnelspecified
split-tunnel-network-list value LSPVPN_splitTunnelAcl
default-domain value lspcoms.com.au
group-policy lsplawiebingham internal
group-policy lsplawiebingham attributes
vpn-idle-timeout 30
split-tunnel-policy tunnelspecified
split-tunnel-network-list value LSPVPN_splitTunnelAcl
default-domain value lspcoms.com.au
group-policy LSPVPN internal
group-policy LSPVPN attributes
vpn-idle-timeout 30
split-tunnel-policy tunnelspecified
split-tunnel-network-list value LSPVPN_splitTunnelAcl
default-domain value lspcoms.com.au
group-policy lspcraigsnowden internal
group-policy lspcraigsnowden attributes
vpn-idle-timeout 30
split-tunnel-policy tunnelspecified
split-tunnel-network-list value LSPVPN_splitTunnelAcl
default-domain value lspcoms.com.au
username csnowden password <removed> privilege 5
username scau password <removed> privilege 5
username pbailyelsp password <removed> privilege 5
username SamsungTest password <removed> privilege 5
username raysmith password <removed> privilege 5
username gcost password <removed> privilege 15
username davidwilsonlsp password <removed> privilege 5
username peternic password <removed> privilege 5
username joeb password <removed> privilege 5
username danielr password <removed> privilege 5
username chris password <removed> privilege 5
username tomdiconza password <removed> privilege 5
username neilf password <removed> privilege 5
username markp password <removed> privilege 5
username pmitch password <removed> privilege 5
username RobAllan password <removed> privilege 5
username ronslsp password <removed> privilege 5
username ekaul password <removed> privilege 5
username jennyl password <removed> privilege 5
username lspearler password <removed> privilege 5
username lspjohnhemmett password <removed> privilege 5
username lspbradwhyte password <removed> privilege 5
username lspmelody password <removed> privilege 5
username lsplawiebingham password <removed> privilege 5
username lspwaynewhitten password <removed> privilege 5
username lspmartinafagan password <removed> privilege 5
http server enable
http RaysNotebook 255.255.255.255 inside
http gcost 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server community public
snmp-server enable traps snmp authentication linkup linkdown coldstart
sysopt connection timewait
sysopt connection tcpmss 1360
sysopt noproxyarp inside
service internal
service resetinbound
service resetoutside
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-MD5
crypto dynamic-map outside_dyn_map 40 set transform-set ESP-3DES-MD5
crypto dynamic-map outside_dyn_map 60 set pfs
crypto dynamic-map outside_dyn_map 60 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 80 set pfs
crypto dynamic-map outside_dyn_map 80 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 100 set pfs
crypto dynamic-map outside_dyn_map 100 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 120 set pfs
crypto dynamic-map outside_dyn_map 120 set transform-set ESP-3DES-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto ca trustpoint LSPCRL
enrollment self
serial-number
crl configure
crypto ca certificate chain LSPCRL
certificate 31
XXXXXXXXXXXXXXXXXXXXXXXXXX
quit
crypto isakmp identity hostname
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 5
lifetime 86400
crypto isakmp policy 20
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
crypto isakmp policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp nat-traversal 60
tunnel-group DefaultRAGroup general-attributes
address-pool vpnpool
authentication-server-grou
tunnel-group LSPVPN type ipsec-ra
tunnel-group LSPVPN general-attributes
address-pool vpnpool
authentication-server-grou
default-group-policy LSPVPN
tunnel-group LSPVPN ipsec-attributes
pre-shared-key *
tunnel-group melodyy type ipsec-ra
tunnel-group melodyy general-attributes
address-pool vpnpool
authentication-server-grou
default-group-policy melodyy
tunnel-group melodyy ipsec-attributes
pre-shared-key *
tunnel-group raysmithlsp type ipsec-ra
tunnel-group raysmithlsp general-attributes
address-pool vpnpool
authentication-server-grou
default-group-policy raysmithlsp
tunnel-group raysmithlsp ipsec-attributes
pre-shared-key *
tunnel-group raysmitht-tunnel type ipsec-ra
tunnel-group raysmitht-tunnel general-attributes
authentication-server-grou
default-group-policy raysmitht-tunnel
tunnel-group lspbradwhyte type ipsec-ra
tunnel-group lspbradwhyte general-attributes
address-pool vpnpool
authentication-server-grou
default-group-policy lspbradwhyte
tunnel-group lspbradwhyte ipsec-attributes
pre-shared-key *
tunnel-group peterniclsp type ipsec-ra
tunnel-group peterniclsp general-attributes
address-pool vpnpool
authentication-server-grou
default-group-policy peterniclsp
tunnel-group peterniclsp ipsec-attributes
pre-shared-key *
tunnel-group johnhemmettlsp type ipsec-ra
tunnel-group johnhemmettlsp general-attributes
address-pool vpnpool
authentication-server-grou
default-group-policy johnhemmettlsp
tunnel-group johnhemmettlsp ipsec-attributes
pre-shared-key *
tunnel-group lsppaulmitchell type ipsec-ra
tunnel-group lsppaulmitchell general-attributes
address-pool vpnpool
default-group-policy lsppaulmitchell
tunnel-group lsppaulmitchell ipsec-attributes
pre-shared-key *
tunnel-group neilfreemanlsp type ipsec-ra
tunnel-group neilfreemanlsp general-attributes
address-pool vpnpool
authentication-server-grou
default-group-policy neilfreemanlsp
tunnel-group neilfreemanlsp ipsec-attributes
pre-shared-key *
tunnel-group chrislynchlsp type ipsec-ra
tunnel-group chrislynchlsp general-attributes
address-pool vpnpool
authentication-server-grou
default-group-policy chrislynchlsp
tunnel-group chrislynchlsp ipsec-attributes
pre-shared-key *
tunnel-group tomdiconzalsp type ipsec-ra
tunnel-group tomdiconzalsp general-attributes
address-pool vpnpool
authentication-server-grou
default-group-policy tomdiconzalsp
tunnel-group tomdiconzalsp ipsec-attributes
pre-shared-key *
tunnel-group lsplawiebingham type ipsec-ra
tunnel-group lsplawiebingham general-attributes
address-pool vpnpool
authentication-server-grou
default-group-policy lsplawiebingham
tunnel-group lsplawiebingham ipsec-attributes
pre-shared-key *
tunnel-group lspgregcost type ipsec-ra
tunnel-group lspgregcost general-attributes
address-pool vpnpool
authentication-server-grou
default-group-policy lspgregcost
tunnel-group lspgregcost ipsec-attributes
pre-shared-key *
tunnel-group lspericakaul type ipsec-ra
tunnel-group lspericakaul general-attributes
address-pool vpnpool
authentication-server-grou
default-group-policy lspericakaul
tunnel-group lspericakaul ipsec-attributes
pre-shared-key *
tunnel-group lspjoeblsp type ipsec-ra
tunnel-group lspjoeblsp general-attributes
address-pool vpnpool
authentication-server-grou
default-group-policy lspjoeblsp
tunnel-group lspjoeblsp ipsec-attributes
pre-shared-key *
tunnel-group ronslsp type ipsec-ra
tunnel-group ronslsp general-attributes
address-pool vpnpool
authentication-server-grou
default-group-policy ronslsp
tunnel-group ronslsp ipsec-attributes
pre-shared-key *
tunnel-group lspwayne type ipsec-ra
tunnel-group lspwayne general-attributes
address-pool vpnpool
authentication-server-grou
default-group-policy lspwayne
tunnel-group lspwayne ipsec-attributes
pre-shared-key *
tunnel-group TunnelGroup1 type ipsec-ra
tunnel-group TunnelGroup1 general-attributes
address-pool SamsungTest
default-group-policy GroupPolicy1
tunnel-group TunnelGroup1 ipsec-attributes
pre-shared-key *
tunnel-group earlerlsp type ipsec-ra
tunnel-group earlerlsp general-attributes
address-pool vpnpool
authentication-server-grou
default-group-policy lspearler
tunnel-group earlerlsp ipsec-attributes
pre-shared-key *
tunnel-group lsppbaileylsp type ipsec-ra
tunnel-group lsppbaileylsp general-attributes
address-pool vpnpool
default-group-policy lsppbaileylsp
tunnel-group lsppbaileylsp ipsec-attributes
pre-shared-key *
tunnel-group lspcraigsnowden type ipsec-ra
tunnel-group lspcraigsnowden general-attributes
address-pool vpnpool
default-group-policy lspcraigsnowden
tunnel-group lspcraigsnowden ipsec-attributes
pre-shared-key *
tunnel-group josephaulsp type ipsec-ra
tunnel-group josephaulsp general-attributes
address-pool vpnpool
default-group-policy josephaulsp
tunnel-group josephaulsp ipsec-attributes
pre-shared-key *
tunnel-group lspdanielrimmer type ipsec-ra
tunnel-group lspdanielrimmer general-attributes
address-pool vpnpool
default-group-policy lspdanielrimmer
tunnel-group lspdanielrimmer ipsec-attributes
pre-shared-key *
tunnel-group lsp type ipsec-ra
tunnel-group lsp general-attributes
address-pool LSPVPNPOOL
default-group-policy lsp
tunnel-group lsp ipsec-attributes
pre-shared-key *
tunnel-group lspmarkplsp type ipsec-ra
tunnel-group lspmarkplsp general-attributes
address-pool vpnpool
default-group-policy lspmarkplsp
tunnel-group lspmarkplsp ipsec-attributes
pre-shared-key *
telnet gcost 255.255.255.255 inside
telnet RaysNotebook 255.255.255.255 inside
telnet timeout 5
ssh timeout 5
ssh version 1
console timeout 0
dhcpd ping_timeout 750
dhcpd auto_config outside
!
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns migrated_dns_map_1
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns migrated_dns_map_1
inspect ftp
inspect h323 h225
inspect h323 ras
inspect http
inspect ils
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
!
service-policy global_policy global
tftp-server inside gcost /InternetPIX
smtp-server 192.1.11.2
prompt hostname context
: end
I tried changing the range, but its not that simple unfortunately... Still wont route over the second network int.
Thanks Mr Husy:
I get cannot mix access types, I see now that you have a standard acl and an extended one called the same??? I did change the range from 192.1.11 to 192.1.12 and implemented the config in extended format but to no avail. It appears the inside mask (local lan) network range is missing.
So I have included the complete config here:
PIX Version 7.2(2)
!
hostname LSPFWDSL
domain-name lspcoms.com.au
enable password <removed>
names
name 192.1.11.48 gcost
name 10.0.0.1 LSPRouter
name 10.0.0.19 SyslogSvrMap
name 192.1.11.71 syslog
name 192.1.11.0 VPNACCESS
name 192.1.11.2 ExchangeSrv
name 192.1.11.89 JHemmett
name 203.30.164.240 popozhosting.com
name 192.1.11.18 raysmith
name 203.0.0.0 bigpondusers
name 192.1.11.99 joseph
name 192.1.11.16 Warehouse
name 192.1.11.77 Master1
name 192.1.11.22 PILLAI
name 192.1.11.5 RWYLIE
name 192.1.11.47 SMARTO
name 192.1.11.15 TomsNotebook
name 192.1.11.81 Celms
name 10.0.0.4 ExchgeStaticMap
name 10.0.0.2 LSPWebServer
name 192.1.11.36 ChrisChalkley
name 192.1.11.223 VDCBOX
name 192.1.11.50 CTIServer
name 192.1.11.25 RobAllan
name 144.0.0.0 Bigpond-TMNS
name 202.161.0.0 AlphalinkDialup
name 192.1.11.90 RONPC
name 210.50.3.43 bradwiprimus
name 192.1.11.44 Katherine
name 192.1.11.17 Margaret
name 192.1.11.94 PaulMitchell
name 192.1.11.14 VirginiaFreeman
name 203.254.221.9 SamsungDocs
name 211.45.27.198 SamsungDocs2
name 192.1.11.20 LSPSpare
name 207.46.156.121 MSUPDATE1
name 207.46.249.56 MSUPDATE2
name 207.46.197.59 MSUPDATE4
name 208.185.174.65 MSUPDATE3
name 207.46.156.252 MSUPDATE5
name 192.1.11.10 RaysNotebook
name 202.138.192.201 internetCafe
name 192.1.11.21 WayneWhitten
name 192.1.11.88 ValerieHatton
name 192.1.11.35 EarleR
name 192.1.11.13 MarkP
name 10.0.0.85 YahooIP
name 192.1.11.79 WhatsUpGold
name 192.168.20.2 InsideMaster1
name 192.1.11.3 LSPMASTERFW
name 192.1.11.54 Jennyl
name 203.26.24.213 Bradw_home
name 203.30.164.231 popozhostingcom1
name 147.0.0.0 BigpondDialin2
name 203.30.164.225 popozhosting3
name 203.59.135.81 MarkTempPerth
name 192.1.11.76 LSPCRM
name 203.100.229.223 customersystems
name 192.1.11.229 MGI2
name 192.1.11.74 RobAllanNotebook
name 192.1.11.73 NeilFreeman
name 192.1.11.30 ChrisLynch
name 192.1.11.12 JohnsIPVideoPh2
name 192.1.11.11 JohnsIPVideoPh
name 192.1.11.29 ldbaudit
name 192.1.11.110 markpnotebook
name 61.95.45.75 DanielO-Apollo
name 60.240.57.63 RyanMHome
name 138.217.168.23 JohnHemmettCable
name 192.1.11.176 SohoMaster
name 192.1.11.220 VOIPSignalling
name 192.1.11.38 RonS
name 192.1.11.26 LisaS
name 192.1.11.72 PrueBrooks
name 192.1.11.52 Mandeep
name 211.39.137.155 hotmail
name 210.50.6.166 MelodyIprimus
name 222.109.84.3 ChrisKorea
name 220.253.43.171 JennyHome
name 192.1.11.104 JohnsNotebook
name 192.1.11.34 EarlNotebook description Earles Notebook
name 192.1.11.86 JosephNotebook
name 192.1.11.37 PeterNNotebook description PeterNNotebook
name 58.168.100.86 JoeBHome description JoeBHome
name 192.1.11.27 pbailye description pbaileyPC
name 192.1.11.28 Craigsnote description Craigs Notebook
name 192.1.11.24 DanielR description DanielR
name 192.168.20.0 IP_PhoneDomain description 192.168.20.0
name 192.168.60.10 PBX7400MCP description 192.168.60.10
name 192.168.60.11 PBX7400MGI description 192.168.60.11
name 172.17.0.0 Connx
name 172.24.0.0 CommanderIntranet
name 210.50.107.80 MelodyHome description MelodyHome
dns-guard
!
interface Ethernet0
nameif outside
security-level 0
ip address 10.0.0.5 255.255.255.0
ospf cost 10
!
interface Ethernet1
speed 100
duplex full
nameif inside
security-level 100
ip address 192.1.11.7 255.255.255.0
ospf cost 10
rip send version 2
!
interface Ethernet2
nameif intf2
security-level 4
ip address dhcp setroute
ospf cost 10
rip send version 2
!
passwd <removed>
!
time-range Daytime-Workweek
periodic Monday 14:00 to Friday 17:30
periodic Monday 17:30 to Friday 13:00
!
time-range PohTime
absolute start 09:30 04 October 2007 end 17:00 04 October 2007
!
time-range war
periodic Monday 16:51 to Friday 17:39
periodic daily 13:00 to 13:30
periodic daily 10:00 to 10:29
periodic daily 11:00 to 11:30
periodic daily 12:00 to 12:30
periodic daily 9:00 to 9:29
!
boot system flash:/image.bin
ftp mode passive
clock timezone EST 10
clock summer-time EDT recurring last Sun Oct 2:00 last Sun Mar 3:00
dns domain-lookup outside
dns domain-lookup intf2
dns server-group DefaultDNS
domain-name lspcoms.com.au
object-group service PCAnywhereData tcp
port-object range pcanywhere-data pcanywhere-data
port-object eq 5800
port-object eq 5900
object-group service PCAnywhereStatus udp
port-object range pcanywhere-status pcanywhere-status
object-group service YahooMsgVoice tcp
port-object range 5000 5010
object-group service YahooMsgVideo tcp
port-object range 5100 5100
object-group service YahooMsgVoiceUDP udp
port-object range 5055 5055
port-object range 5000 5010
object-group service VOIPSignaling udp
description VOIP Signaling Channel
port-object range 6000 6000
port-object range 9000 9000
port-object eq sip
object-group service VOIPIPNetwork tcp
description VOIP IP Networking
port-object range h323 h323
port-object range 6100 6100
object-group service SamsungDocs tcp
port-object range 7000 7010
port-object eq www
port-object eq https
port-object range 5000 5001
port-object eq pop3
port-object eq imap4
port-object range 8888 8888
port-object eq telnet
object-group service VDCLinker tcp
description Licencing Server
port-object eq 6000
object-group service RemoteEmail tcp
port-object eq pop3
port-object eq https
port-object eq www
object-group service softphone udp
port-object range 6000 6001
port-object range 30000 30030
port-object range 9000 9001
object-group service m tcp
port-object range 6881 6890
object-group service VPNsOut udp
description VPNsOut
port-object eq 62515
port-object eq isakmp
port-object eq 18234
port-object eq 2746
port-object eq 4500
object-group network WIPAcc
description WIP Access Points
network-object host 192.1.11.140
network-object host 192.1.11.141
network-object host 192.1.11.142
network-object host 192.1.11.143
object-group service VoipChannels udp
description VoipChannels
port-object range 30000 30031
object-group network DCSLABSYSTEM
description DCS LAB SYSTEM
network-object host 192.1.11.209
network-object host 192.1.11.210
network-object host 192.1.11.211
network-object host 192.1.11.212
network-object host 192.1.11.213
network-object host 192.1.11.214
network-object host 192.1.11.215
network-object host 192.1.11.216
network-object host 192.1.11.217
network-object host 192.1.11.218
network-object host 192.1.11.219
object-group network PowerTel
description PowerTel
network-object host 202.92.64.18
network-object host 202.92.64.54
object-group network LSPVPNGROUP
description LSPVPNGROUP
network-object 192.168.11.0 255.255.255.0
access-list inside_access_in remark All dns access
access-list inside_access_in extended permit udp any any eq domain
access-list inside_access_in extended permit icmp any any echo
access-list inside_access_in extended permit tcp IP_PhoneDomain 255.255.255.0 any eq sip
access-list inside_access_in extended permit ip host ExchangeSrv any
access-list inside_access_in remark All dns access
access-list inside_access_in extended permit udp VPNACCESS 255.255.255.0 any object-group softphone
access-list inside_access_in extended permit udp object-group LSPVPNGROUP any
access-list inside_access_in extended permit udp host VOIPSignalling any object-group VOIPSignaling
access-list inside_access_in extended permit udp host 192.1.11.177 any object-group VOIPSignaling
access-list inside_access_in extended permit udp host 192.1.11.178 any
access-list inside_access_in extended permit tcp host VOIPSignalling any object-group VOIPIPNetwork
access-list inside_access_in extended permit tcp host 192.1.11.177 any object-group VOIPIPNetwork
access-list inside_access_in remark Voip Networking
access-list inside_access_in extended permit tcp host VOIPSignalling any eq h323
access-list inside_access_in extended permit ip host LSPCRM any
access-list inside_access_in extended permit tcp host SMARTO host VETSITE eq www
access-list inside_access_in extended permit tcp host 192.1.11.53 any object-group SamsungDocs
access-list inside_access_in extended permit tcp host raysmith any eq pop3
access-list inside_access_in extended permit tcp host raysmith any object-group YahooMsgVideo
access-list inside_access_in extended permit tcp host raysmith any object-group YahooMsgVoice
access-list inside_access_in extended permit udp host raysmith any object-group YahooMsgVoiceUDP
access-list inside_access_in remark pop.ozhosting.com
access-list inside_access_in extended permit tcp host raysmith any object-group SamsungDocs
access-list inside_access_in remark pop.ozhosting.com
access-list inside_access_in extended permit tcp host Craigsnote any object-group SamsungDocs
access-list inside_access_in remark pop.ozhosting.com
access-list inside_access_in extended permit tcp host RaysNotebook any object-group SamsungDocs
access-list inside_access_in remark pop.ozhosting.com
access-list inside_access_in extended permit ip host RaysNotebook any
access-list inside_access_in remark pop.ozhosting.com
access-list inside_access_in extended permit tcp host gcost any eq ftp
access-list inside_access_in extended permit tcp host JHemmett any object-group SamsungDocs
access-list inside_access_in extended deny ip host JohnsIPVideoPh any
access-list inside_access_in remark pop.ozhosting.com
access-list inside_access_in extended deny ip host JohnsIPVideoPh2 any
access-list inside_access_in remark pop.ozhosting.com
access-list inside_access_in extended permit tcp host gcost any eq telnet
access-list inside_access_in extended permit tcp host gcost any object-group SamsungDocs
access-list inside_access_in extended permit udp host gcost any eq tftp
access-list inside_access_in extended permit udp host gcost any object-group YahooMsgVoiceUDP
access-list inside_access_in extended permit tcp host gcost any object-group YahooMsgVideo
access-list inside_access_in extended permit tcp host gcost any object-group YahooMsgVoice
access-list inside_access_in extended permit tcp host gcost any eq pop3
access-list inside_access_in extended permit udp host gcost any eq snmp
access-list inside_access_in extended permit ip host gcost any
access-list inside_access_in extended permit tcp host Warehouse any eq ftp
access-list inside_access_in extended permit tcp host Warehouse any object-group SamsungDocs
access-list inside_access_in extended permit tcp host LSPSpare any object-group SamsungDocs
access-list inside_access_in extended permit tcp host JHemmett any eq ftp
access-list inside_access_in extended permit tcp host syslog any object-group SamsungDocs
access-list inside_access_in extended permit tcp host JHemmett any eq 8080
access-list inside_access_in extended permit tcp host SohoMaster any eq 8080
access-list inside_access_in extended permit tcp host SohoMaster any object-group SamsungDocs
access-list inside_access_in extended permit tcp host SohoMaster any eq ftp
access-list inside_access_in extended permit udp host Master1 any eq domain
access-list inside_access_in extended permit udp host LSPMASTERFW any eq domain
access-list inside_access_in extended permit tcp host joseph any object-group PCAnywhereData
access-list inside_access_in extended permit udp host joseph any object-group PCAnywhereStatus
access-list inside_access_in extended permit tcp host joseph any object-group SamsungDocs
access-list inside_access_in extended permit tcp host joseph any eq ftp
access-list inside_access_in extended permit udp host joseph any eq 2746
access-list inside_access_in extended permit udp host joseph any eq 4500
access-list inside_access_in extended permit udp host joseph any eq 62515
access-list inside_access_in extended permit udp host JHemmett any eq 62515
access-list inside_access_in extended permit udp host JHemmett any eq 18234
access-list inside_access_in extended permit udp host JohnsNotebook any eq 18234
access-list inside_access_in extended permit udp host joseph any eq 18234
access-list inside_access_in extended permit udp host JohnsNotebook any eq isakmp
access-list inside_access_in extended permit udp host joseph any eq isakmp
access-list inside_access_in extended permit udp host JHemmett any eq isakmp
access-list inside_access_in extended permit tcp host ChrisLynch any object-group SamsungDocs
access-list inside_access_in extended permit tcp host DanielR any object-group SamsungDocs
access-list inside_access_in extended permit tcp host EarleR any object-group SamsungDocs
access-list inside_access_in extended permit tcp host ChrisChalkley any object-group SamsungDocs
access-list inside_access_in remark Voip Networking
access-list inside_access_in extended permit tcp host Celms any eq telnet
access-list inside_access_in extended permit udp host Celms any eq snmp
access-list inside_access_in extended permit tcp host MarkP any object-group SamsungDocs
access-list inside_access_in extended permit tcp host Jennyl any object-group SamsungDocs
access-list inside_access_in extended permit tcp host PrueBrooks any object-group SamsungDocs
access-list inside_access_in extended permit tcp host Celms any object-group SamsungDocs
access-list inside_access_in extended permit tcp host RONPC any object-group SamsungDocs
access-list inside_access_in extended permit tcp host PeterNNotebook any object-group SamsungDocs
access-list inside_access_in extended permit tcp host Katherine any object-group SamsungDocs
access-list inside_access_in extended permit tcp host Margaret any object-group SamsungDocs
access-list inside_access_in extended permit tcp host PaulMitchell any object-group SamsungDocs
access-list inside_access_in extended permit tcp host PaulMitchell any eq 3389
access-list inside_access_in extended permit tcp host RobAllanNotebook any object-group SamsungDocs
access-list inside_access_in extended permit tcp host Mandeep any object-group SamsungDocs
access-list inside_access_in extended permit tcp host RobAllan any object-group SamsungDocs
access-list inside_access_in extended permit tcp host VirginiaFreeman any object-group SamsungDocs
access-list inside_access_in extended permit udp host JHemmett any object-group VPNsOut
access-list inside_access_in extended permit udp host joseph any object-group VPNsOut
access-list inside_access_in extended permit udp host JohnsNotebook any object-group VPNsOut
access-list inside_access_in extended permit udp host JosephNotebook any object-group VPNsOut
access-list inside_access_in extended permit tcp host TomsNotebook any object-group SamsungDocs
access-list inside_access_in extended permit tcp host JohnsNotebook any object-group SamsungDocs
access-list inside_access_in extended permit tcp host JohnsNotebook any eq sip
access-list inside_access_in extended permit tcp host ValerieHatton any object-group SamsungDocs
access-list inside_access_in extended permit tcp host WayneWhitten any object-group SamsungDocs
access-list inside_access_in extended permit tcp host WayneWhitten any eq ftp
access-list inside_access_in extended permit tcp host LisaS any object-group SamsungDocs
access-list inside_access_in extended permit tcp host PILLAI any object-group SamsungDocs
access-list inside_access_in extended permit tcp host RWYLIE any object-group SamsungDocs
access-list inside_access_in extended permit tcp host RonS any object-group SamsungDocs
access-list inside_access_in extended permit tcp host NeilFreeman any object-group SamsungDocs
access-list inside_access_in extended permit tcp host ldbaudit any object-group SamsungDocs
access-list inside_access_in extended permit tcp host ldbaudit any eq 3389
access-list inside_access_in extended permit tcp host JosephNotebook any object-group SamsungDocs
access-list inside_access_in extended permit tcp host pbailye any object-group SamsungDocs
access-list inside_access_in extended permit tcp host EarlNotebook any object-group SamsungDocs
access-list inside_access_in extended permit tcp host markpnotebook any object-group SamsungDocs
access-list inside_access_in extended permit ip host Master1 VPNACCESS 255.255.255.0
access-list inside_access_in extended permit ip host VDCBOX VPNACCESS 255.255.255.0
access-list inside_access_in extended permit ip host VOIPSignalling VPNACCESS 255.255.255.0
access-list inside_access_in extended permit udp host PBX7400MCP any object-group VOIPSignaling
access-list inside_access_in extended deny ip host LSPCRM host customersystems
access-list inside_access_in extended deny ip host LSPCRM any
access-list inside_access_in extended deny ip any any log disable
access-list inside_access_in extended deny ip object-group DCSLABSYSTEM any
access-list outside_access_in extended permit icmp any any echo-reply
access-list outside_access_in extended deny icmp object-group PowerTel any
access-list outside_access_in extended permit tcp host bradwiprimus host ExchgeStaticMap object-group RemoteEmail
access-list outside_access_in extended permit tcp host MelodyIprimus host ExchgeStaticMap object-group RemoteEmail
access-list outside_access_in extended permit tcp host JohnHemmettCable host ExchgeStaticMap object-group RemoteEmail
access-list outside_access_in extended permit tcp host Bradw_home host ExchgeStaticMap object-group RemoteEmail
access-list outside_access_in extended permit tcp host JennyHome host ExchgeStaticMap object-group RemoteEmail
access-list outside_access_in extended permit tcp host MelodyHome host ExchgeStaticMap object-group RemoteEmail
access-list outside_access_in extended permit tcp host JoeBHome host ExchgeStaticMap object-group RemoteEmail
access-list outside_access_in extended permit tcp bigpondusers 255.0.0.0 host ExchgeStaticMap object-group RemoteEmail
access-list outside_access_in extended permit tcp BigpondDialin2 255.0.0.0 host ExchgeStaticMap object-group RemoteEmail
access-list outside_access_in extended permit udp any host 10.0.0.20 object-group VOIPSignaling
access-list outside_access_in extended permit udp any host 10.0.0.88 object-group VOIPSignaling
access-list outside_access_in extended permit tcp Bigpond-TMNS 255.0.0.0 host ExchgeStaticMap object-group RemoteEmail
access-list outside_access_in extended permit tcp any host 10.0.0.20 object-group VOIPIPNetwork
access-list outside_access_in extended permit udp any host 10.0.0.89 object-group VoipChannels
access-list outside_access_in extended permit tcp any host 10.0.0.86 object-group VDCLinker
access-list outside_access_in extended permit tcp any host 10.0.0.20 eq h323
access-list outside_access_in extended permit tcp any host 10.0.0.88 eq h323
access-list outside_access_in extended permit ip host customersystems host 10.0.0.87 time-range PohTime
access-list outside_access_in extended deny tcp 138.0.0.0 255.0.0.0 host ExchgeStaticMap eq www
access-list outside_access_in extended deny tcp host 138.217.166.238 host ExchgeStaticMap eq www
access-list outside_access_in extended deny ip any any log disable
access-list inside_acinside_access_in extended permit tcp host gcost any object-group SamsungDocs
access-list outside_accesmanlsp_splitT
access-list outside_cryptomap_dyn_20 extended permit ip any any
access-list LSPVPN_splitTunnelAcl extended permit ip object-group LSPVPNGROUP interface intf2
access-list LSPVPN_splitTunnelAcl extended permit ip VPNACCESS 255.255.255.0 any
access-list outside_cryptomap_dyn_40 extended permit ip any 192.1.11.112 255.255.255.248
access-list intf2_access_in extended permit ip any VPNACCESS 255.255.255.0
access-list intf2_access_in extended permit ip any object-group LSPVPNGROUP
access-list intf2_access_in extended permit icmp any any
access-list default_out_rip_acl standard deny any
access-list 159 extended permit ip host popozhosting3 any
access-list 159 extended permit ip any host popozhosting3
access-list inside_nat0_outbound extended permit ip any VPNACCESS 255.255.255.0
access-list inside_nat0_outbound extended permit ip any 192.168.11.0 255.255.255.0
access-list webcap extended permit tcp host 220.245.199.125 eq www any
access-list lsp_splitTunnelAcl standard permit VPNACCESS 255.255.255.0
access-list lsp_splitTunnelAcl standard permit CommanderIntranet 255.255.0.0
access-list lsp_splitTunnelAcl standard permit Connx 255.255.0.0
access-list intf2_nat0_outbound extended permit ip 192.1.12.96 255.255.255.224 172.0.0.0 255.0.0.0
access-list testACL_ALL standard permit 192.168.11.0 255.255.255.0
pager lines 24
logging enable
logging timestamp
logging trap warnings
logging asdm notifications
logging device-id hostname
logging host inside gcost
logging host inside syslog
mtu outside 1400
mtu inside 1500
mtu intf2 1500
ip local pool remotepool JohnsIPVideoPh2-raysmith
ip local pool remotepool2 192.1.11.145-192.1.11.146
ip local pool SoftPhonePool 192.1.11.108-192.1.11.109
ip local pool vpnpool 192.1.11.112-192.1.11.139
ip local pool SamsungTest 192.1.11.23 mask 255.255.255.255
ip local pool LSPVPNPOOL 192.1.12.97-192.1.12.126 mask 255.255.255.0
ip verify reverse-path interface outside
ip verify reverse-path interface inside
ip audit name dropandlog attack action alarm drop reset
ip audit name attachlog attack action alarm
ip audit name infodrop info action alarm drop reset
ip audit interface outside dropandlog
ip audit interface inside attachlog
ip audit signature 1000 disable
ip audit signature 1001 disable
ip audit signature 2000 disable
ip audit signature 2001 disable
ip audit signature 2004 disable
ip audit signature 6050 disable
icmp unreachable rate-limit 1 burst-size 1
asdm image flash:/pdm
asdm history enable
arp timeout 14400
nat-control
global (outside) 1 interface
global (inside) 2 ExchangeSrv
global (intf2) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0 dns
nat (intf2) 0 access-list intf2_nat0_outbound
static (inside,outside) ExchgeStaticMap ExchangeSrv netmask 255.255.255.255
static (inside,outside) 10.0.0.86 VDCBOX netmask 255.255.255.255 dns
static (inside,outside) 10.0.0.87 LSPCRM netmask 255.255.255.255
static (inside,outside) 10.0.0.20 VOIPSignalling netmask 255.255.255.255
static (inside,outside) 10.0.0.88 PBX7400MCP netmask 255.255.255.255
static (inside,outside) 10.0.0.89 PBX7400MGI netmask 255.255.255.255
access-group outside_access_in in interface outside
access-group inside_access_in in interface inside
access-group intf2_access_in in interface intf2
route outside 0.0.0.0 0.0.0.0 LSPRouter 1
route inside 192.168.60.0 255.255.255.0 192.1.11.1 1
route intf2 CommanderIntranet 255.255.0.0 172.24.40.1 1
route intf2 Connx 255.255.0.0 172.24.40.1 1
!
router rip
version 2
!
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
group-policy DfltGrpPolicy attributes
banner none
wins-server none
dns-server value 192.1.11.77 192.1.11.2
dhcp-network-scope none
vpn-access-hours none
vpn-simultaneous-logins 3
vpn-idle-timeout 30
vpn-session-timeout none
vpn-filter none
vpn-tunnel-protocol IPSec
password-storage disable
ip-comp disable
re-xauth disable
group-lock none
pfs disable
ipsec-udp disable
ipsec-udp-port 10000
split-tunnel-policy tunnelall
split-tunnel-network-list value LSPVPN_splitTunnelAcl
default-domain value lspcoms.com.au
split-dns none
intercept-dhcp 255.255.255.255 disable
secure-unit-authentication
user-authentication disable
user-authentication-idle-t
ip-phone-bypass disable
leap-bypass disable
nem disable
backup-servers keep-client-config
msie-proxy server none
msie-proxy method no-modify
msie-proxy except-list none
msie-proxy local-bypass disable
nac disable
nac-sq-period 300
nac-reval-period 36000
nac-default-acl none
address-pools none
client-firewall none
client-access-rule none
group-policy raysmitht-tunnel internal
group-policy raysmitht-tunnel attributes
vpn-idle-timeout 30
group-policy raysmithlsp internal
group-policy raysmithlsp attributes
vpn-idle-timeout 30
split-tunnel-policy tunnelspecified
split-tunnel-network-list value LSPVPN_splitTunnelAcl
default-domain value lspcoms.com.au
group-policy lsp internal
group-policy lsp attributes
dns-server value 192.1.11.77 192.1.11.2
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value LSPVPN_splitTunnelAcl
default-domain value lspcoms.com.au
group-policy josephaulsp internal
group-policy josephaulsp attributes
split-tunnel-policy tunnelspecified
split-tunnel-network-list value LSPVPN_splitTunnelAcl
default-domain value lspcoms.com.au
group-policy peterniclsp internal
group-policy peterniclsp attributes
vpn-idle-timeout 30
split-tunnel-policy tunnelspecified
split-tunnel-network-list value LSPVPN_splitTunnelAcl
default-domain value lspcoms.com.au
group-policy johnhemmettlsp internal
group-policy johnhemmettlsp attributes
vpn-idle-timeout 30
split-tunnel-policy tunnelspecified
split-tunnel-network-list value LSPVPN_splitTunnelAcl
default-domain value lspcoms.com.au
group-policy GroupPolicy1 internal
group-policy melodyy internal
group-policy melodyy attributes
vpn-idle-timeout 30
split-tunnel-policy tunnelspecified
split-tunnel-network-list value LSPVPN_splitTunnelAcl
default-domain value lspcoms.com.au
group-policy chrislynchlsp internal
group-policy chrislynchlsp attributes
vpn-idle-timeout 30
split-tunnel-policy tunnelspecified
split-tunnel-network-list value LSPVPN_splitTunnelAcl
default-domain value lspcoms.com.au
group-policy neilfreemanlsp internal
group-policy neilfreemanlsp attributes
vpn-idle-timeout 30
split-tunnel-policy tunnelspecified
split-tunnel-network-list value LSPVPN_splitTunnelAcl
default-domain value lspcoms.com.au
group-policy tomdiconzalsp internal
group-policy tomdiconzalsp attributes
vpn-idle-timeout 30
split-tunnel-policy tunnelspecified
split-tunnel-network-list value LSPVPN_splitTunnelAcl
default-domain value lspcoms.com.au
group-policy ronslsp internal
group-policy ronslsp attributes
vpn-idle-timeout 30
split-tunnel-policy tunnelspecified
split-tunnel-network-list value LSPVPN_splitTunnelAcl
default-domain value lspcoms.com.au
group-policy lspjoeblsp internal
group-policy lspjoeblsp attributes
vpn-idle-timeout 30
split-tunnel-policy tunnelspecified
split-tunnel-network-list value LSPVPN_splitTunnelAcl
default-domain value lspcoms.com.au
group-policy lsppbaileylsp internal
group-policy lsppbaileylsp attributes
split-tunnel-policy tunnelspecified
split-tunnel-network-list value LSPVPN_splitTunnelAcl
default-domain value lspcoms.com.au
group-policy lspmarkplsp internal
group-policy lspearler internal
group-policy lspearler attributes
vpn-idle-timeout 30
split-tunnel-policy tunnelspecified
split-tunnel-network-list value LSPVPN_splitTunnelAcl
default-domain value lspcoms.com.au
group-policy lspdanielrimmer internal
group-policy lspdanielrimmer attributes
vpn-idle-timeout 30
split-tunnel-policy tunnelspecified
split-tunnel-network-list value LSPVPN_splitTunnelAcl
default-domain value lspcoms.com.au
group-policy lspgregcost internal
group-policy lspgregcost attributes
vpn-idle-timeout 30
split-tunnel-policy tunnelspecified
split-tunnel-network-list none
default-domain value lspcoms.com.au
group-policy lspbradwhyte internal
group-policy lspbradwhyte attributes
vpn-idle-timeout 30
split-tunnel-policy tunnelspecified
split-tunnel-network-list value LSPVPN_splitTunnelAcl
default-domain value lspcoms.com.au
group-policy lspwayne internal
group-policy lspwayne attributes
vpn-idle-timeout 30
split-tunnel-policy tunnelspecified
split-tunnel-network-list value LSPVPN_splitTunnelAcl
default-domain value lspcoms.com.au
group-policy lsppbailye internal
group-policy lsppbailye attributes
vpn-idle-timeout 30
split-tunnel-policy tunnelspecified
split-tunnel-network-list value LSPVPN_splitTunnelAcl
default-domain value lspcoms.com.au
group-policy lspericakaul internal
group-policy lspericakaul attributes
vpn-idle-timeout 30
split-tunnel-policy tunnelspecified
split-tunnel-network-list value LSPVPN_splitTunnelAcl
default-domain value lspcoms.com.au
group-policy lsppaulmitchell internal
group-policy lsppaulmitchell attributes
split-tunnel-policy tunnelspecified
split-tunnel-network-list value LSPVPN_splitTunnelAcl
default-domain value lspcoms.com.au
group-policy lsplawiebingham internal
group-policy lsplawiebingham attributes
vpn-idle-timeout 30
split-tunnel-policy tunnelspecified
split-tunnel-network-list value LSPVPN_splitTunnelAcl
default-domain value lspcoms.com.au
group-policy LSPVPN internal
group-policy LSPVPN attributes
vpn-idle-timeout 30
split-tunnel-policy tunnelspecified
split-tunnel-network-list value LSPVPN_splitTunnelAcl
default-domain value lspcoms.com.au
group-policy lspcraigsnowden internal
group-policy lspcraigsnowden attributes
vpn-idle-timeout 30
split-tunnel-policy tunnelspecified
split-tunnel-network-list value LSPVPN_splitTunnelAcl
default-domain value lspcoms.com.au
username csnowden password <removed> privilege 5
username scau password <removed> privilege 5
username pbailyelsp password <removed> privilege 5
username SamsungTest password <removed> privilege 5
username raysmith password <removed> privilege 5
username gcost password <removed> privilege 15
username davidwilsonlsp password <removed> privilege 5
username peternic password <removed> privilege 5
username joeb password <removed> privilege 5
username danielr password <removed> privilege 5
username chris password <removed> privilege 5
username tomdiconza password <removed> privilege 5
username neilf password <removed> privilege 5
username markp password <removed> privilege 5
username pmitch password <removed> privilege 5
username RobAllan password <removed> privilege 5
username ronslsp password <removed> privilege 5
username ekaul password <removed> privilege 5
username jennyl password <removed> privilege 5
username lspearler password <removed> privilege 5
username lspjohnhemmett password <removed> privilege 5
username lspbradwhyte password <removed> privilege 5
username lspmelody password <removed> privilege 5
username lsplawiebingham password <removed> privilege 5
username lspwaynewhitten password <removed> privilege 5
username lspmartinafagan password <removed> privilege 5
http server enable
http RaysNotebook 255.255.255.255 inside
http gcost 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server community public
snmp-server enable traps snmp authentication linkup linkdown coldstart
sysopt connection timewait
sysopt connection tcpmss 1360
sysopt noproxyarp inside
service internal
service resetinbound
service resetoutside
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-MD5
crypto dynamic-map outside_dyn_map 40 set transform-set ESP-3DES-MD5
crypto dynamic-map outside_dyn_map 60 set pfs
crypto dynamic-map outside_dyn_map 60 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 80 set pfs
crypto dynamic-map outside_dyn_map 80 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 100 set pfs
crypto dynamic-map outside_dyn_map 100 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 120 set pfs
crypto dynamic-map outside_dyn_map 120 set transform-set ESP-3DES-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto ca trustpoint LSPCRL
enrollment self
serial-number
crl configure
crypto ca certificate chain LSPCRL
certificate 31
XXXXXXXXXXXXXXXXXXXXXXXXXX
quit
crypto isakmp identity hostname
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 5
lifetime 86400
crypto isakmp policy 20
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
crypto isakmp policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp nat-traversal 60
tunnel-group DefaultRAGroup general-attributes
address-pool vpnpool
authentication-server-grou
tunnel-group LSPVPN type ipsec-ra
tunnel-group LSPVPN general-attributes
address-pool vpnpool
authentication-server-grou
default-group-policy LSPVPN
tunnel-group LSPVPN ipsec-attributes
pre-shared-key *
tunnel-group melodyy type ipsec-ra
tunnel-group melodyy general-attributes
address-pool vpnpool
authentication-server-grou
default-group-policy melodyy
tunnel-group melodyy ipsec-attributes
pre-shared-key *
tunnel-group raysmithlsp type ipsec-ra
tunnel-group raysmithlsp general-attributes
address-pool vpnpool
authentication-server-grou
default-group-policy raysmithlsp
tunnel-group raysmithlsp ipsec-attributes
pre-shared-key *
tunnel-group raysmitht-tunnel type ipsec-ra
tunnel-group raysmitht-tunnel general-attributes
authentication-server-grou
default-group-policy raysmitht-tunnel
tunnel-group lspbradwhyte type ipsec-ra
tunnel-group lspbradwhyte general-attributes
address-pool vpnpool
authentication-server-grou
default-group-policy lspbradwhyte
tunnel-group lspbradwhyte ipsec-attributes
pre-shared-key *
tunnel-group peterniclsp type ipsec-ra
tunnel-group peterniclsp general-attributes
address-pool vpnpool
authentication-server-grou
default-group-policy peterniclsp
tunnel-group peterniclsp ipsec-attributes
pre-shared-key *
tunnel-group johnhemmettlsp type ipsec-ra
tunnel-group johnhemmettlsp general-attributes
address-pool vpnpool
authentication-server-grou
default-group-policy johnhemmettlsp
tunnel-group johnhemmettlsp ipsec-attributes
pre-shared-key *
tunnel-group lsppaulmitchell type ipsec-ra
tunnel-group lsppaulmitchell general-attributes
address-pool vpnpool
default-group-policy lsppaulmitchell
tunnel-group lsppaulmitchell ipsec-attributes
pre-shared-key *
tunnel-group neilfreemanlsp type ipsec-ra
tunnel-group neilfreemanlsp general-attributes
address-pool vpnpool
authentication-server-grou
default-group-policy neilfreemanlsp
tunnel-group neilfreemanlsp ipsec-attributes
pre-shared-key *
tunnel-group chrislynchlsp type ipsec-ra
tunnel-group chrislynchlsp general-attributes
address-pool vpnpool
authentication-server-grou
default-group-policy chrislynchlsp
tunnel-group chrislynchlsp ipsec-attributes
pre-shared-key *
tunnel-group tomdiconzalsp type ipsec-ra
tunnel-group tomdiconzalsp general-attributes
address-pool vpnpool
authentication-server-grou
default-group-policy tomdiconzalsp
tunnel-group tomdiconzalsp ipsec-attributes
pre-shared-key *
tunnel-group lsplawiebingham type ipsec-ra
tunnel-group lsplawiebingham general-attributes
address-pool vpnpool
authentication-server-grou
default-group-policy lsplawiebingham
tunnel-group lsplawiebingham ipsec-attributes
pre-shared-key *
tunnel-group lspgregcost type ipsec-ra
tunnel-group lspgregcost general-attributes
address-pool vpnpool
authentication-server-grou
default-group-policy lspgregcost
tunnel-group lspgregcost ipsec-attributes
pre-shared-key *
tunnel-group lspericakaul type ipsec-ra
tunnel-group lspericakaul general-attributes
address-pool vpnpool
authentication-server-grou
default-group-policy lspericakaul
tunnel-group lspericakaul ipsec-attributes
pre-shared-key *
tunnel-group lspjoeblsp type ipsec-ra
tunnel-group lspjoeblsp general-attributes
address-pool vpnpool
authentication-server-grou
default-group-policy lspjoeblsp
tunnel-group lspjoeblsp ipsec-attributes
pre-shared-key *
tunnel-group ronslsp type ipsec-ra
tunnel-group ronslsp general-attributes
address-pool vpnpool
authentication-server-grou
default-group-policy ronslsp
tunnel-group ronslsp ipsec-attributes
pre-shared-key *
tunnel-group lspwayne type ipsec-ra
tunnel-group lspwayne general-attributes
address-pool vpnpool
authentication-server-grou
default-group-policy lspwayne
tunnel-group lspwayne ipsec-attributes
pre-shared-key *
tunnel-group TunnelGroup1 type ipsec-ra
tunnel-group TunnelGroup1 general-attributes
address-pool SamsungTest
default-group-policy GroupPolicy1
tunnel-group TunnelGroup1 ipsec-attributes
pre-shared-key *
tunnel-group earlerlsp type ipsec-ra
tunnel-group earlerlsp general-attributes
address-pool vpnpool
authentication-server-grou
default-group-policy lspearler
tunnel-group earlerlsp ipsec-attributes
pre-shared-key *
tunnel-group lsppbaileylsp type ipsec-ra
tunnel-group lsppbaileylsp general-attributes
address-pool vpnpool
default-group-policy lsppbaileylsp
tunnel-group lsppbaileylsp ipsec-attributes
pre-shared-key *
tunnel-group lspcraigsnowden type ipsec-ra
tunnel-group lspcraigsnowden general-attributes
address-pool vpnpool
default-group-policy lspcraigsnowden
tunnel-group lspcraigsnowden ipsec-attributes
pre-shared-key *
tunnel-group josephaulsp type ipsec-ra
tunnel-group josephaulsp general-attributes
address-pool vpnpool
default-group-policy josephaulsp
tunnel-group josephaulsp ipsec-attributes
pre-shared-key *
tunnel-group lspdanielrimmer type ipsec-ra
tunnel-group lspdanielrimmer general-attributes
address-pool vpnpool
default-group-policy lspdanielrimmer
tunnel-group lspdanielrimmer ipsec-attributes
pre-shared-key *
tunnel-group lsp type ipsec-ra
tunnel-group lsp general-attributes
address-pool LSPVPNPOOL
default-group-policy lsp
tunnel-group lsp ipsec-attributes
pre-shared-key *
tunnel-group lspmarkplsp type ipsec-ra
tunnel-group lspmarkplsp general-attributes
address-pool vpnpool
default-group-policy lspmarkplsp
tunnel-group lspmarkplsp ipsec-attributes
pre-shared-key *
telnet gcost 255.255.255.255 inside
telnet RaysNotebook 255.255.255.255 inside
telnet timeout 5
ssh timeout 5
ssh version 1
console timeout 0
dhcpd ping_timeout 750
dhcpd auto_config outside
!
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns migrated_dns_map_1
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns migrated_dns_map_1
inspect ftp
inspect h323 h225
inspect h323 ras
inspect http
inspect ils
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
!
service-policy global_policy global
tftp-server inside gcost /InternetPIX
smtp-server 192.1.11.2
prompt hostname context
: end
ASKER
This questiion has been open with no additions for some time and I will be getting a cisco smartnet contract to resolve this one. Appreciate the help though.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Sorry debuggerau, I have totally forgotten this post :(
Closed, 500 points refunded.
Vee_Mod
Community Support Moderator
Vee_Mod
Community Support Moderator