asked on
Users was able to get connected
VPN client configuration is done on PC .After entering the connection name and outside ip interface and the Group Authentication user name and password.Not able to connect vpn connection Its only initializing the connection and no error message is showing.
Attached the configu
User Access Verification
Password:
Password:
Password:
Type help or '?' for a list of available commands.
AL-Rajhi-Steel> en
Password: **********
AL-Rajhi-Steel# show run
: Saved
: Written by enable_15 at 02:43:44.807 UTC Sun Jul 20 2008
PIX Version 6.3(4)
interface ethernet0 100full
interface ethernet1 100full
interface ethernet2 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 DMZ security50
enable password encrypted
passwd wPorhkUgvPD5LG2A encrypted
hostname AL-Rajhi-Steel
domain-name ciscopix.com
fixup protocol dns maximum-length 512
fixup protocol ftp 20
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
no fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list NO_NAT permit ip A.B.50.0 X.Y.Z.0 A.B.52.0 X.Y.W.0
access-list NO_NAT permit ip A.B.50.0 X.Y.Z.0 A.B.53.0 X.Y.W.V
access-list NO_NAT permit ip A.B.50.0 X.Y.Z.0 E.F..10.0 X.Y.W.0
access-list NO_NAT permit ip A.B.50.0 X.Y.Z.0 A.B.71.0 X.Y.W.V
access-list NO_NAT permit ip A.B.53.0 X.Y.W.V L.M.N..0 X.Y.W.0
access-list NO_NAT permit ip A.B.50.0 X.Y.Z.0 A.B.71.128 X.Y.W.1
28
access-list NO_NAT permit ip A.B.56.0 X.Y.252.0 A.B.71.X.Y.W.1
28
access-list NO_NAT permit ip any E.F..10.0 X.Y.W.0
access-list outside permit tcp any host P.Q.R.245 eq smtp
access-list outside permit tcp any host P.Q.R.245 eq www
access-list outside permit tcp any host P.Q.R.245 eq pop3
access-list outside permit tcp any host P.Q.R.249 eq smtp
access-list outside permit tcp any host P.Q.R.249 eq www
access-list outside permit tcp any host P.Q.R.249 eq pop3
access-list outside permit tcp any host P.Q.R.249 eq https
access-list outside permit icmp any any
access-list outside permit tcp any host P.Q.R.246 eq telnet
access-list outside permit tcp any host P.Q.R.246 eq ftp-data
access-list outside permit tcp any host P.Q.R.246 eq ftp
access-list outside permit tcp any any eq 26675
access-list outside permit tcp any any eq 990
access-list outside permit tcp any any eq 999
access-list outside permit tcp any any eq 5678
access-list outside permit udp any any eq 5679
access-list outside permit tcp any any eq 5721
access-list outside permit tcp any host P.Q.R.245 eq https
access-list outside permit tcp any host P.Q.R.244 eq www
access-list outside permit tcp any host 212.17.202.17 eq pptp
access-list outside permit tcp any host 12.17.202.16 eq pptp
access-list acl-out permit icmp any any
access-list acl-out permit tcp any any
access-list acl-out permit ip any any
access-list acl-out permit udp any any
access-list vpn permit ip A.B.50.0 X.Y.Z.0 E.F..10.0 X.Y.W.0
access-list 120 permit ip A.B.50.0 X.Y.Z.0 A.B.53.0 X.Y.W.V
access-list 120 permit ip L.M.N..0 X.Y.W.0 A.B.53.0 X.Y.W.V
access-list 130 permit ip A.B.50.0 X.Y.Z.0 A.B.52.0 X.Y.W.0
access-list 140 permit ip A.B.50.0 X.Y.Z.0 A.B.71.0 X.Y.W.V
access-list 150 permit ip A.B.50.0 X.Y.Z.0 A.B.71.128 X.Y.W.V
access-list 150 permit ip A.B.56.0 255.255.252.0 A.B.71.128 X.Y.W.V
access-list outside_cryptomap_dyn_60 permit ip any E.F..10.0 X.Y.W.0
access-list outside_cryptomap_dyn_80 permit ip any E.F..10.0 X.Y.W.0
access-list outside_cryptomap_dyn_100 permit ip any E.F..10.0 X.Y.W.0
access-list outside_cryptomap_dyn_120 permit ip any E.F..10.0 X.Y.W.0
access-list outside_cryptomap_dyn_140 permit ip any E.F..10.0 X.Y.W.0
access-list outside_cryptomap_dyn_160 permit ip any A.B.50.192 X.Y.W.224
access-list outside_cryptomap_dyn_180 permit ip any J.K.0.0 X.Y.W.0
access-list inside permit tcp any any eq 990
access-list inside permit tcp any any eq 26675
access-list inside permit tcp any any eq 999
access-list inside permit tcp any any eq 5678
access-list inside permit tcp any any eq 5679
access-list inside permit tcp any any eq 5271
access-list (dmz) permit tcp any any eq 5271
access-list (dmz) permit tcp any any eq 5679
access-list (dmz) permit tcp any any eq 5678
access-list (dmz) permit tcp any any eq 999
access-list (dmz) permit tcp any any eq 990
access-list (dmz) permit tcp any any eq 26675
pager lines 24
logging console warnings
logging monitor warnings
logging history warnings
logging host inside A.B.50.13
logging host inside A.B.50.105 17/1111
mtu outside 1500
mtu inside 1500
mtu DMZ 1500
ip address outside P.Q.R.G X.Y.W.H
ip address inside A.B.a.b X.Y.Z.0
ip address DMZ L.M.N..1 X.Y.W.0
ip audit info action alarm
ip audit attack action alarm
ip local pool poolname E.F..10.1-E.F..10.254
ip local pool newpool A.B.50.200-A.B.50.210
ip local pool Pool_B J.K.0.1-J.K.0.254
failover
failover timeout 0:00:00
failover poll 15
failover ip address outside P.Q.R.I
failover ip address inside A.B.a.c
failover ip address DMZ L.M.N.10
pdm location L.M.N..0 X.Y.W.0 outside
pdm location A.B.50.0 X.Y.Z.0 outside
pdm location A.B.56.0 255.255.252.0 outside
pdm location A.B.71.0 X.Y.W.V outside
pdm location A.B.71.128 X.Y.W.V outside
pdm location E.F..10.1 X.Y.W.U inside
pdm location A.B.50.5 X.Y.W.U inside
pdm location A.B.50.8 X.Y.W.U inside
pdm location A.B.50.9 X.Y.W.U inside
pdm location A.B.50.13 X.Y.W.U inside
pdm location A.B.50.16 X.Y.W.U inside
pdm location A.B.50.23 X.Y.W.U inside
pdm location A.B.50.24 X.Y.W.U inside
pdm location A.B.50.25 X.Y.W.U inside
pdm location A.B.50.105 X.Y.W.U inside
pdm location A.B.50.107 X.Y.W.U inside
pdm location A.B.50.111 X.Y.W.U inside
pdm location A.B.50.112 X.Y.W.U inside
pdm location A.B.50.145 X.Y.W.U inside
pdm location A.B.53.0 X.Y.W.V inside
pdm location A.B.56.0 255.255.252.0 inside
pdm location L.M.N..4 X.Y.W.U DMZ
pdm location L.M.N..5 X.Y.W.U DMZ
pdm location L.M.N..6 X.Y.W.U DMZ
pdm location A.B.3.0 X.Y.W.0 DMZ
pdm location A.B.50.105 X.Y.W.U DMZ
pdm location A.B.50.107 X.Y.W.U DMZ
pdm location A.B.52.0 X.Y.W.0 DMZ
pdm location A.B.53.0 X.Y.W.V DMZ
pdm location A.B.53.0 X.Y.W.0 DMZ
pdm location A.B.54.0 X.Y.W.0 DMZ
pdm location A.B.56.0 X.Y.W.0 DMZ
pdm location A.B.58.0 X.Y.W.0 DMZ
pdm location A.B.60.0 X.Y.W.0 DMZ
pdm location A.B.61.0 X.Y.W.0 DMZ
pdm location A.B.62.0 X.Y.W.0 DMZ
pdm location A.B.63.0 X.Y.W.0 DMZ
pdm location A.B.64.0 X.Y.W.0 DMZ
pdm location A.B.52.0 X.Y.W.0 outside
pdm location A.B.53.0 X.Y.W.V outside
pdm location A.B.50.50 X.Y.W.U inside
pdm location A.B.200.0 X.Y.W.0 DMZ
pdm location A.B.51.139 X.Y.W.U inside
no pdm history enable
arp timeout 14400
global (outside) 1 P.Q.R.250-P.Q.R.254
global (outside) 1 P.Q.R.248
nat (inside) 0 access-list NO_NAT
nat (inside) 1 E.F..10.1 X.Y.W.U 0 0
nat (inside) 1 A.B.50.5 X.Y.W.U 0 0
nat (inside) 1 A.B.50.8 X.Y.W.U 0 0
nat (inside) 1 A.B.50.9 X.Y.W.U 0 0
nat (inside) 1 A.B.50.16 X.Y.W.U 0 0
nat (inside) 1 A.B.50.23 X.Y.W.U 0 0
nat (inside) 1 A.B.50.24 X.Y.W.U 0 0
nat (inside) 1 A.B.50.25 X.Y.W.U 0 0
nat (inside) 1 A.B.50.37 X.Y.W.U 0 0
nat (inside) 1 A.B.50.50 X.Y.W.U 0 0
nat (inside) 1 A.B.50.103 X.Y.W.U 0 0
nat (inside) 1 A.B.50.105 X.Y.W.U 0 0
nat (inside) 1 A.B.50.107 X.Y.W.U 0 0
nat (inside) 1 A.B.50.108 X.Y.W.U 0 0
nat (inside) 1 A.B.50.111 X.Y.W.U 0 0
nat (inside) 1 A.B.50.112 X.Y.W.U 0 0
nat (inside) 1 A.B.50.115 X.Y.W.U 0 0
nat (inside) 1 A.B.50.145 X.Y.W.U 0 0
nat (inside) 1 A.B.50.151 X.Y.W.U 0 0
nat (inside) 1 A.B.50.163 X.Y.W.U 0 0
nat (inside) 1 A.B.51.2 X.Y.W.U 0 0
nat (inside) 1 A.B.51.15 X.Y.W.U 0 0
nat (inside) 1 A.B.51.79 X.Y.W.U 0 0
nat (inside) 1 A.B.51.160 X.Y.W.U 0 0
nat (inside) 1 A.B.56.31 X.Y.W.U 0 0
nat (inside) 1 A.B.56.54 X.Y.W.U 0 0
nat (inside) 1 A.B.56.83 X.Y.W.U 0 0
nat (inside) 1 A.B.57.0 X.Y.W.0 0 0
nat (DMZ) 1 L.M.N..4 X.Y.W.U 0 0
nat (DMZ) 1 L.M.N..5 X.Y.W.U 0 0
nat (DMZ) 1 L.M.N..6 X.Y.W.U 0 0
nat (DMZ) 1 A.B.50.151 X.Y.W.U 0 0
nat (DMZ) 1 A.B.52.8 X.Y.W.U 0 0
nat (DMZ) 1 A.B.56.5 X.Y.W.U 0 0
nat (DMZ) 1 A.B.56.83 X.Y.W.U 0 0
static (inside,DMZ) A.B.50.0 A.B.50.0 netmask X.Y.Z.0 0 0
static (DMZ,outside) P.Q.R.249 L.M.N..5 netmask X.Y.W.U 0 0
static (DMZ,outside) P.Q.R.246 L.M.N..6 netmask X.Y.W.U 0 0
static (inside,outside) P.Q.R.245 A.B.50.24 netmask X.Y.W.U 0 0
access-group outside in interface outside
access-group acl-out in interface DMZ
established tcp 139 0 permitto tcp 1024-65535 permitfrom tcp 0
established tcp 135 0 permitto tcp 1024-65535 permitfrom tcp 0
route outside 0.0.0.0 0.0.0.0 P.Q.R.241 1
route DMZ A.B.3.0 X.Y.W.0 L.M.N..2 1
route DMZ A.B.52.0 X.Y.W.0 L.M.N..2 1
route DMZ A.B.53.0 X.Y.W.0 L.M.N..2 1
route DMZ A.B.54.0 X.Y.W.0 L.M.N..2 1
route DMZ A.B.56.0 X.Y.W.0 L.M.N..2 1
route DMZ A.B.57.0 X.Y.W.0 L.M.N..2 1
route DMZ A.B.58.0 X.Y.W.0 L.M.N..2 1
route DMZ A.B.59.0 X.Y.W.0 L.M.N..2 1
route DMZ A.B.60.0 X.Y.W.0 L.M.N..2 1
route DMZ A.B.61.0 X.Y.W.0 L.M.N..2 1
route DMZ A.B.62.0 X.Y.W.0 L.M.N..2 1
route DMZ A.B.63.0 X.Y.W.0 L.M.N..2 1
route DMZ A.B.64.0 X.Y.W.0 L.M.N..2 1
route DMZ A.B.100.0 X.Y.W.0 L.M.N..2 1
<--- More --->
route DMZ A.B.101.0 X.Y.W.0 L.M.N..2 1
route DMZ A.B.102.0 X.Y.W.0 L.M.N..2 1
route DMZ A.B.103.0 X.Y.W.0 L.M.N..2 1
route DMZ A.B.104.0 X.Y.W.0 L.M.N..2 1
route DMZ A.B.105.0 X.Y.W.0 L.M.N..2 1
route DMZ A.B.106.0 X.Y.W.0 L.M.N..2 1
route DMZ A.B.107.0 X.Y.W.0 L.M.N..2 1
route DMZ A.B.108.0 X.Y.W.0 L.M.N..2 1
route DMZ A.B.200.0 X.Y.W.0 L.M.N..2 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
http A.B.50.107 X.Y.W.U inside
http A.B.50.105 X.Y.W.U inside
http A.B.51.139 X.Y.W.U inside
snmp-server host inside A.B.50.13
snmp-server location Data Center
snmp-server contact Ali
snmp-server community Rajhi
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
crypto ipsec transform-set rajhisteel esp-des esp-md5-hmac
crypto dynamic-map rajhimap 40 set transform-set rajhisteel
crypto dynamic-map rajhimap 60 match address outside_cryptomap_dyn_60
crypto dynamic-map rajhimap 60 set transform-set rajhisteel
crypto dynamic-map rajhimap 80 match address outside_cryptomap_dyn_80
crypto dynamic-map rajhimap 80 set transform-set rajhisteel
crypto dynamic-map rajhimap 100 match address outside_cryptomap_dyn_100
crypto dynamic-map rajhimap 100 set transform-set rajhisteel
crypto dynamic-map rajhimap 120 match address outside_cryptomap_dyn_120
crypto dynamic-map rajhimap 120 set transform-set rajhisteel
crypto dynamic-map rajhimap 140 match address outside_cryptomap_dyn_140
crypto dynamic-map rajhimap 140 set transform-set rajhisteel
crypto dynamic-map rajhimap 160 set transform-set rajhisteel
crypto dynamic-map rajhimap 180 set transform-set rajhisteel
crypto dynamic-map inside_dyn_map 20 set transform-set rajhisteel
crypto dynamic-map inside_dyn_map 40 set transform-set rajhisteel
crypto map steel 5 ipsec-isakmp
crypto map steel 5 match address 120
crypto map steel 5 set peer 212.100.197.30
crypto map steel 5 set transform-set rajhisteel
crypto map steel 10 ipsec-isakmp
crypto map steel 10 match address 130
crypto map steel 10 set peer 10.126.2.26
crypto map steel 10 set transform-set rajhisteel
crypto map steel 15 ipsec-isakmp
crypto map steel 15 match address 140
crypto map steel 15 set peer 10.126.2.50
crypto map steel 15 set transform-set rajhisteel
crypto map steel 20 ipsec-isakmp
crypto map steel 20 match address 150
crypto map steel 20 set peer 10.126.2.86
crypto map steel 20 set transform-set rajhisteel
crypto map steel 40 ipsec-isakmp dynamic rajhimap
crypto map steel client configuration address initiate
crypto map steel client authentication LOCAL
crypto map steel interface outside
crypto map inside_map 65535 ipsec-isakmp dynamic inside_dyn_map
crypto map inside_map client authentication LOCAL
crypto map inside_map interface inside
isakmp enable outside
isakmp key ******** address 10.126.2.26 netmask X.Y.W.U no-xauth no-conf
ig-mode
isakmp key ******** address 10.126.2.50 netmask X.Y.W.U no-xauth no-conf
ig-mode
isakmp key ******** address 10.126.2.86 netmask X.Y.W.U no-xauth no-conf
ig-mode
isakmp policy 5 authentication pre-share
isakmp policy 5 encryption des
isakmp policy 5 hash md5
isakmp policy 5 group 1
isakmp policy 5 lifetime 86400
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
vpngroup vpngroup idle-time 1800
vpngroup Rajhisteels address-pool poolname
vpngroup Rajhisteels dns-server A.B.50.21 A.B.50.22
vpngroup Rajhisteels default-domain alrajhisteel.com
vpngroup Rajhisteels idle-time 1800
vpngroup Rajhisteels password ********
vpngroup Rajhi address-pool poolname
vpngroup Rajhi dns-server A.B.50.21 A.B.50.22
vpngroup Rajhi default-domain ciscopix.com
vpngroup Rajhi idle-time 1800
vpngroup Rajhi password ********
vpngroup aaaa address-pool newpool
vpngroup aaaa dns-server A.B.50.21 A.B.50.22
vpngroup aaaa default-domain alrajhisteel.com
vpngroup aaaa idle-time 1800
vpngroup aaaa password ********
vpngroup RajhiSteel address-pool Pool_B
vpngroup RajhiSteel dns-server A.B.50.21 A.B.50.22
vpngroup RajhiSteel default-domain alrajhisteel.com
vpngroup RajhiSteel idle-time 1800
vpngroup RajhiSteel password ********
telnet A.B.50.107 X.Y.W.U inside
telnet A.B.50.105 X.Y.W.U inside
telnet A.B.50.25 X.Y.W.U inside
telnet A.B.51.139 X.Y.W.U inside
telnet A.B.50.160 X.Y.W.U inside
telnet A.B.50.107 X.Y.W.U DMZ
telnet A.B.50.105 X.Y.W.U DMZ
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd auto_config outside
username bbbb password 45YAoBfq7CePBCyn encrypted privilege 15
username razak password lRjO62wjp2NOYX03 encrypted privilege 15
username RajhiSteel password d4/df7poyAavS4TQ encrypted privilege 15
username admin password 3la85Q2wVQPXY.eH encrypted privilege 15
username danis password ls6lG/sbW8YVecgJ encrypted privilege 15
username support password xlka4cPiHU08vL0A encrypted privilege 2
terminal width 80
Cryptochecksum:dc2d45d0b64
AL-Rajhi-Steel#
ration file.
FWconfig....txt
Attached the configu
User Access Verification
Password:
Password:
Password:
Type help or '?' for a list of available commands.
AL-Rajhi-Steel> en
Password: **********
AL-Rajhi-Steel# show run
: Saved
: Written by enable_15 at 02:43:44.807 UTC Sun Jul 20 2008
PIX Version 6.3(4)
interface ethernet0 100full
interface ethernet1 100full
interface ethernet2 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 DMZ security50
enable password encrypted
passwd wPorhkUgvPD5LG2A encrypted
hostname AL-Rajhi-Steel
domain-name ciscopix.com
fixup protocol dns maximum-length 512
fixup protocol ftp 20
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
no fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list NO_NAT permit ip A.B.50.0 X.Y.Z.0 A.B.52.0 X.Y.W.0
access-list NO_NAT permit ip A.B.50.0 X.Y.Z.0 A.B.53.0 X.Y.W.V
access-list NO_NAT permit ip A.B.50.0 X.Y.Z.0 E.F..10.0 X.Y.W.0
access-list NO_NAT permit ip A.B.50.0 X.Y.Z.0 A.B.71.0 X.Y.W.V
access-list NO_NAT permit ip A.B.53.0 X.Y.W.V L.M.N..0 X.Y.W.0
access-list NO_NAT permit ip A.B.50.0 X.Y.Z.0 A.B.71.128 X.Y.W.1
28
access-list NO_NAT permit ip A.B.56.0 X.Y.252.0 A.B.71.X.Y.W.1
28
access-list NO_NAT permit ip any E.F..10.0 X.Y.W.0
access-list outside permit tcp any host P.Q.R.245 eq smtp
access-list outside permit tcp any host P.Q.R.245 eq www
access-list outside permit tcp any host P.Q.R.245 eq pop3
access-list outside permit tcp any host P.Q.R.249 eq smtp
access-list outside permit tcp any host P.Q.R.249 eq www
access-list outside permit tcp any host P.Q.R.249 eq pop3
access-list outside permit tcp any host P.Q.R.249 eq https
access-list outside permit icmp any any
access-list outside permit tcp any host P.Q.R.246 eq telnet
access-list outside permit tcp any host P.Q.R.246 eq ftp-data
access-list outside permit tcp any host P.Q.R.246 eq ftp
access-list outside permit tcp any any eq 26675
access-list outside permit tcp any any eq 990
access-list outside permit tcp any any eq 999
access-list outside permit tcp any any eq 5678
access-list outside permit udp any any eq 5679
access-list outside permit tcp any any eq 5721
access-list outside permit tcp any host P.Q.R.245 eq https
access-list outside permit tcp any host P.Q.R.244 eq www
access-list outside permit tcp any host 212.17.202.17 eq pptp
access-list outside permit tcp any host 12.17.202.16 eq pptp
access-list acl-out permit icmp any any
access-list acl-out permit tcp any any
access-list acl-out permit ip any any
access-list acl-out permit udp any any
access-list vpn permit ip A.B.50.0 X.Y.Z.0 E.F..10.0 X.Y.W.0
access-list 120 permit ip A.B.50.0 X.Y.Z.0 A.B.53.0 X.Y.W.V
access-list 120 permit ip L.M.N..0 X.Y.W.0 A.B.53.0 X.Y.W.V
access-list 130 permit ip A.B.50.0 X.Y.Z.0 A.B.52.0 X.Y.W.0
access-list 140 permit ip A.B.50.0 X.Y.Z.0 A.B.71.0 X.Y.W.V
access-list 150 permit ip A.B.50.0 X.Y.Z.0 A.B.71.128 X.Y.W.V
access-list 150 permit ip A.B.56.0 255.255.252.0 A.B.71.128 X.Y.W.V
access-list outside_cryptomap_dyn_60 permit ip any E.F..10.0 X.Y.W.0
access-list outside_cryptomap_dyn_80 permit ip any E.F..10.0 X.Y.W.0
access-list outside_cryptomap_dyn_100 permit ip any E.F..10.0 X.Y.W.0
access-list outside_cryptomap_dyn_120 permit ip any E.F..10.0 X.Y.W.0
access-list outside_cryptomap_dyn_140 permit ip any E.F..10.0 X.Y.W.0
access-list outside_cryptomap_dyn_160 permit ip any A.B.50.192 X.Y.W.224
access-list outside_cryptomap_dyn_180 permit ip any J.K.0.0 X.Y.W.0
access-list inside permit tcp any any eq 990
access-list inside permit tcp any any eq 26675
access-list inside permit tcp any any eq 999
access-list inside permit tcp any any eq 5678
access-list inside permit tcp any any eq 5679
access-list inside permit tcp any any eq 5271
access-list (dmz) permit tcp any any eq 5271
access-list (dmz) permit tcp any any eq 5679
access-list (dmz) permit tcp any any eq 5678
access-list (dmz) permit tcp any any eq 999
access-list (dmz) permit tcp any any eq 990
access-list (dmz) permit tcp any any eq 26675
pager lines 24
logging console warnings
logging monitor warnings
logging history warnings
logging host inside A.B.50.13
logging host inside A.B.50.105 17/1111
mtu outside 1500
mtu inside 1500
mtu DMZ 1500
ip address outside P.Q.R.G X.Y.W.H
ip address inside A.B.a.b X.Y.Z.0
ip address DMZ L.M.N..1 X.Y.W.0
ip audit info action alarm
ip audit attack action alarm
ip local pool poolname E.F..10.1-E.F..10.254
ip local pool newpool A.B.50.200-A.B.50.210
ip local pool Pool_B J.K.0.1-J.K.0.254
failover
failover timeout 0:00:00
failover poll 15
failover ip address outside P.Q.R.I
failover ip address inside A.B.a.c
failover ip address DMZ L.M.N.10
pdm location L.M.N..0 X.Y.W.0 outside
pdm location A.B.50.0 X.Y.Z.0 outside
pdm location A.B.56.0 255.255.252.0 outside
pdm location A.B.71.0 X.Y.W.V outside
pdm location A.B.71.128 X.Y.W.V outside
pdm location E.F..10.1 X.Y.W.U inside
pdm location A.B.50.5 X.Y.W.U inside
pdm location A.B.50.8 X.Y.W.U inside
pdm location A.B.50.9 X.Y.W.U inside
pdm location A.B.50.13 X.Y.W.U inside
pdm location A.B.50.16 X.Y.W.U inside
pdm location A.B.50.23 X.Y.W.U inside
pdm location A.B.50.24 X.Y.W.U inside
pdm location A.B.50.25 X.Y.W.U inside
pdm location A.B.50.105 X.Y.W.U inside
pdm location A.B.50.107 X.Y.W.U inside
pdm location A.B.50.111 X.Y.W.U inside
pdm location A.B.50.112 X.Y.W.U inside
pdm location A.B.50.145 X.Y.W.U inside
pdm location A.B.53.0 X.Y.W.V inside
pdm location A.B.56.0 255.255.252.0 inside
pdm location L.M.N..4 X.Y.W.U DMZ
pdm location L.M.N..5 X.Y.W.U DMZ
pdm location L.M.N..6 X.Y.W.U DMZ
pdm location A.B.3.0 X.Y.W.0 DMZ
pdm location A.B.50.105 X.Y.W.U DMZ
pdm location A.B.50.107 X.Y.W.U DMZ
pdm location A.B.52.0 X.Y.W.0 DMZ
pdm location A.B.53.0 X.Y.W.V DMZ
pdm location A.B.53.0 X.Y.W.0 DMZ
pdm location A.B.54.0 X.Y.W.0 DMZ
pdm location A.B.56.0 X.Y.W.0 DMZ
pdm location A.B.58.0 X.Y.W.0 DMZ
pdm location A.B.60.0 X.Y.W.0 DMZ
pdm location A.B.61.0 X.Y.W.0 DMZ
pdm location A.B.62.0 X.Y.W.0 DMZ
pdm location A.B.63.0 X.Y.W.0 DMZ
pdm location A.B.64.0 X.Y.W.0 DMZ
pdm location A.B.52.0 X.Y.W.0 outside
pdm location A.B.53.0 X.Y.W.V outside
pdm location A.B.50.50 X.Y.W.U inside
pdm location A.B.200.0 X.Y.W.0 DMZ
pdm location A.B.51.139 X.Y.W.U inside
no pdm history enable
arp timeout 14400
global (outside) 1 P.Q.R.250-P.Q.R.254
global (outside) 1 P.Q.R.248
nat (inside) 0 access-list NO_NAT
nat (inside) 1 E.F..10.1 X.Y.W.U 0 0
nat (inside) 1 A.B.50.5 X.Y.W.U 0 0
nat (inside) 1 A.B.50.8 X.Y.W.U 0 0
nat (inside) 1 A.B.50.9 X.Y.W.U 0 0
nat (inside) 1 A.B.50.16 X.Y.W.U 0 0
nat (inside) 1 A.B.50.23 X.Y.W.U 0 0
nat (inside) 1 A.B.50.24 X.Y.W.U 0 0
nat (inside) 1 A.B.50.25 X.Y.W.U 0 0
nat (inside) 1 A.B.50.37 X.Y.W.U 0 0
nat (inside) 1 A.B.50.50 X.Y.W.U 0 0
nat (inside) 1 A.B.50.103 X.Y.W.U 0 0
nat (inside) 1 A.B.50.105 X.Y.W.U 0 0
nat (inside) 1 A.B.50.107 X.Y.W.U 0 0
nat (inside) 1 A.B.50.108 X.Y.W.U 0 0
nat (inside) 1 A.B.50.111 X.Y.W.U 0 0
nat (inside) 1 A.B.50.112 X.Y.W.U 0 0
nat (inside) 1 A.B.50.115 X.Y.W.U 0 0
nat (inside) 1 A.B.50.145 X.Y.W.U 0 0
nat (inside) 1 A.B.50.151 X.Y.W.U 0 0
nat (inside) 1 A.B.50.163 X.Y.W.U 0 0
nat (inside) 1 A.B.51.2 X.Y.W.U 0 0
nat (inside) 1 A.B.51.15 X.Y.W.U 0 0
nat (inside) 1 A.B.51.79 X.Y.W.U 0 0
nat (inside) 1 A.B.51.160 X.Y.W.U 0 0
nat (inside) 1 A.B.56.31 X.Y.W.U 0 0
nat (inside) 1 A.B.56.54 X.Y.W.U 0 0
nat (inside) 1 A.B.56.83 X.Y.W.U 0 0
nat (inside) 1 A.B.57.0 X.Y.W.0 0 0
nat (DMZ) 1 L.M.N..4 X.Y.W.U 0 0
nat (DMZ) 1 L.M.N..5 X.Y.W.U 0 0
nat (DMZ) 1 L.M.N..6 X.Y.W.U 0 0
nat (DMZ) 1 A.B.50.151 X.Y.W.U 0 0
nat (DMZ) 1 A.B.52.8 X.Y.W.U 0 0
nat (DMZ) 1 A.B.56.5 X.Y.W.U 0 0
nat (DMZ) 1 A.B.56.83 X.Y.W.U 0 0
static (inside,DMZ) A.B.50.0 A.B.50.0 netmask X.Y.Z.0 0 0
static (DMZ,outside) P.Q.R.249 L.M.N..5 netmask X.Y.W.U 0 0
static (DMZ,outside) P.Q.R.246 L.M.N..6 netmask X.Y.W.U 0 0
static (inside,outside) P.Q.R.245 A.B.50.24 netmask X.Y.W.U 0 0
access-group outside in interface outside
access-group acl-out in interface DMZ
established tcp 139 0 permitto tcp 1024-65535 permitfrom tcp 0
established tcp 135 0 permitto tcp 1024-65535 permitfrom tcp 0
route outside 0.0.0.0 0.0.0.0 P.Q.R.241 1
route DMZ A.B.3.0 X.Y.W.0 L.M.N..2 1
route DMZ A.B.52.0 X.Y.W.0 L.M.N..2 1
route DMZ A.B.53.0 X.Y.W.0 L.M.N..2 1
route DMZ A.B.54.0 X.Y.W.0 L.M.N..2 1
route DMZ A.B.56.0 X.Y.W.0 L.M.N..2 1
route DMZ A.B.57.0 X.Y.W.0 L.M.N..2 1
route DMZ A.B.58.0 X.Y.W.0 L.M.N..2 1
route DMZ A.B.59.0 X.Y.W.0 L.M.N..2 1
route DMZ A.B.60.0 X.Y.W.0 L.M.N..2 1
route DMZ A.B.61.0 X.Y.W.0 L.M.N..2 1
route DMZ A.B.62.0 X.Y.W.0 L.M.N..2 1
route DMZ A.B.63.0 X.Y.W.0 L.M.N..2 1
route DMZ A.B.64.0 X.Y.W.0 L.M.N..2 1
route DMZ A.B.100.0 X.Y.W.0 L.M.N..2 1
<--- More --->
route DMZ A.B.101.0 X.Y.W.0 L.M.N..2 1
route DMZ A.B.102.0 X.Y.W.0 L.M.N..2 1
route DMZ A.B.103.0 X.Y.W.0 L.M.N..2 1
route DMZ A.B.104.0 X.Y.W.0 L.M.N..2 1
route DMZ A.B.105.0 X.Y.W.0 L.M.N..2 1
route DMZ A.B.106.0 X.Y.W.0 L.M.N..2 1
route DMZ A.B.107.0 X.Y.W.0 L.M.N..2 1
route DMZ A.B.108.0 X.Y.W.0 L.M.N..2 1
route DMZ A.B.200.0 X.Y.W.0 L.M.N..2 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
http A.B.50.107 X.Y.W.U inside
http A.B.50.105 X.Y.W.U inside
http A.B.51.139 X.Y.W.U inside
snmp-server host inside A.B.50.13
snmp-server location Data Center
snmp-server contact Ali
snmp-server community Rajhi
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
crypto ipsec transform-set rajhisteel esp-des esp-md5-hmac
crypto dynamic-map rajhimap 40 set transform-set rajhisteel
crypto dynamic-map rajhimap 60 match address outside_cryptomap_dyn_60
crypto dynamic-map rajhimap 60 set transform-set rajhisteel
crypto dynamic-map rajhimap 80 match address outside_cryptomap_dyn_80
crypto dynamic-map rajhimap 80 set transform-set rajhisteel
crypto dynamic-map rajhimap 100 match address outside_cryptomap_dyn_100
crypto dynamic-map rajhimap 100 set transform-set rajhisteel
crypto dynamic-map rajhimap 120 match address outside_cryptomap_dyn_120
crypto dynamic-map rajhimap 120 set transform-set rajhisteel
crypto dynamic-map rajhimap 140 match address outside_cryptomap_dyn_140
crypto dynamic-map rajhimap 140 set transform-set rajhisteel
crypto dynamic-map rajhimap 160 set transform-set rajhisteel
crypto dynamic-map rajhimap 180 set transform-set rajhisteel
crypto dynamic-map inside_dyn_map 20 set transform-set rajhisteel
crypto dynamic-map inside_dyn_map 40 set transform-set rajhisteel
crypto map steel 5 ipsec-isakmp
crypto map steel 5 match address 120
crypto map steel 5 set peer 212.100.197.30
crypto map steel 5 set transform-set rajhisteel
crypto map steel 10 ipsec-isakmp
crypto map steel 10 match address 130
crypto map steel 10 set peer 10.126.2.26
crypto map steel 10 set transform-set rajhisteel
crypto map steel 15 ipsec-isakmp
crypto map steel 15 match address 140
crypto map steel 15 set peer 10.126.2.50
crypto map steel 15 set transform-set rajhisteel
crypto map steel 20 ipsec-isakmp
crypto map steel 20 match address 150
crypto map steel 20 set peer 10.126.2.86
crypto map steel 20 set transform-set rajhisteel
crypto map steel 40 ipsec-isakmp dynamic rajhimap
crypto map steel client configuration address initiate
crypto map steel client authentication LOCAL
crypto map steel interface outside
crypto map inside_map 65535 ipsec-isakmp dynamic inside_dyn_map
crypto map inside_map client authentication LOCAL
crypto map inside_map interface inside
isakmp enable outside
isakmp key ******** address 10.126.2.26 netmask X.Y.W.U no-xauth no-conf
ig-mode
isakmp key ******** address 10.126.2.50 netmask X.Y.W.U no-xauth no-conf
ig-mode
isakmp key ******** address 10.126.2.86 netmask X.Y.W.U no-xauth no-conf
ig-mode
isakmp policy 5 authentication pre-share
isakmp policy 5 encryption des
isakmp policy 5 hash md5
isakmp policy 5 group 1
isakmp policy 5 lifetime 86400
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
vpngroup vpngroup idle-time 1800
vpngroup Rajhisteels address-pool poolname
vpngroup Rajhisteels dns-server A.B.50.21 A.B.50.22
vpngroup Rajhisteels default-domain alrajhisteel.com
vpngroup Rajhisteels idle-time 1800
vpngroup Rajhisteels password ********
vpngroup Rajhi address-pool poolname
vpngroup Rajhi dns-server A.B.50.21 A.B.50.22
vpngroup Rajhi default-domain ciscopix.com
vpngroup Rajhi idle-time 1800
vpngroup Rajhi password ********
vpngroup aaaa address-pool newpool
vpngroup aaaa dns-server A.B.50.21 A.B.50.22
vpngroup aaaa default-domain alrajhisteel.com
vpngroup aaaa idle-time 1800
vpngroup aaaa password ********
vpngroup RajhiSteel address-pool Pool_B
vpngroup RajhiSteel dns-server A.B.50.21 A.B.50.22
vpngroup RajhiSteel default-domain alrajhisteel.com
vpngroup RajhiSteel idle-time 1800
vpngroup RajhiSteel password ********
telnet A.B.50.107 X.Y.W.U inside
telnet A.B.50.105 X.Y.W.U inside
telnet A.B.50.25 X.Y.W.U inside
telnet A.B.51.139 X.Y.W.U inside
telnet A.B.50.160 X.Y.W.U inside
telnet A.B.50.107 X.Y.W.U DMZ
telnet A.B.50.105 X.Y.W.U DMZ
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd auto_config outside
username bbbb password 45YAoBfq7CePBCyn encrypted privilege 15
username razak password lRjO62wjp2NOYX03 encrypted privilege 15
username RajhiSteel password d4/df7poyAavS4TQ encrypted privilege 15
username admin password 3la85Q2wVQPXY.eH encrypted privilege 15
username danis password ls6lG/sbW8YVecgJ encrypted privilege 15
username support password xlka4cPiHU08vL0A encrypted privilege 2
terminal width 80
Cryptochecksum:dc2d45d0b64
AL-Rajhi-Steel#
ration file.
FWconfig....txt
Cisco
Last Comment
Les Moore