MISLtd
asked on
Internal access to https & SMTP server after static Nat rules applied
I have applied two static NAT rules to my ASA 5510 to allow SMTP and HTTPS traffic to different internal ip addresses. I can now access thes services externaly. However internal traffic is generating the following messages:
portmap translation creation failed for tcp src inside:192.168.16.113/5626 7 dst inside:OWA/80
portmap translation creation failed for tcp src inside:192.168.16.9/2222 dst inside:SMTP/6805
this is generated when internal access is required to the mail server from outlook or web based access using Microsofts OWA client.
This is a reduced copy of my config
: Saved
:
ASA Version 8.0(3)
!
hostname ASA5510
domain-name misltd.local
enable password xRejrreNS5FwEE2d encrypted
names
name 192.168.16.4 FTP-HTTP description FTP-HTTP
name 192.168.16.11 OWA description Outlook Web Access
name 192.168.16.8 SMTP description Exchange Server
name 87.83.14.243 External-2 description Second External IP
name 87.83.14.244 External-3 description Third External IP
name 87.83.14.242 External-1 description First External IP
dns-guard
!
interface Ethernet0/0
nameif outside
security-level 0
ip address External-1 255.255.255.248
ospf cost 10
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 192.168.16.12 255.255.255.0
ospf cost 10
!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.2.1 255.255.255.0
ospf cost 10
management-only
!
passwd 2KFQnbNIdI.2KYOU encrypted
boot system disk0:/asa803-k8.bin
ftp mode passive
clock timezone GMT/BST 0
clock summer-time GMT/BDT recurring last Sun Mar 1:00 last Sun Oct 2:00
dns server-group DefaultDNS
domain-name misltd.local
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group service DM_INLINE_TCP_1 tcp
port-object eq ftp
port-object eq www
object-group network Webroot
description Webroot inbound mail servers
network-object 194.116.198.0 255.255.254.0
network-object 203.100.58.0 255.255.255.0
network-object 208.87.136.0 255.255.254.0
access-list outside_access_in extended permit tcp any host External-2 object-group DM_INLINE_TCP_1 inactive
access-list outside_access_in extended permit tcp any host External-3 eq https
access-list outside_access_in extended permit tcp object-group Webroot host External-2 eq smtp
access-list VPN-Users_splitTunnelAcl standard permit 192.168.0.0 255.255.0.0
access-list DefaultRAGroup_splitTunnel Acl standard permit 192.168.0.0 255.255.0.0
access-list outside_1_cryptomap extended permit ip 192.168.0.0 255.255.0.0 192.168.117.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.0.0 255.255.0.0 192.168.117.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.0.0 255.255.0.0 192.168.112.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip any 192.168.16.192 255.255.255.224
access-list inside_nat0_outbound extended permit ip 192.168.0.0 255.255.0.0 192.168.16.192 255.255.255.224
access-list inside_nat0_outbound extended permit ip 192.168.0.0 255.255.0.0 192.168.1.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.0.0 255.255.0.0 192.168.113.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.0.0 255.255.0.0 192.168.114.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.0.0 255.255.0.0 192.168.111.0 255.255.255.0
access-list outside_2_cryptomap extended permit ip 192.168.0.0 255.255.0.0 192.168.112.0 255.255.255.0
access-list VPN-Users_splitTunnelAcl_1 standard permit any
access-list outside_3_cryptomap extended permit ip 192.168.0.0 255.255.0.0 192.168.113.0 255.255.255.0
access-list outside_4_cryptomap extended permit ip 192.168.0.0 255.255.0.0 192.168.1.0 255.255.255.0
access-list outside_5_cryptomap extended permit ip 192.168.0.0 255.255.0.0 192.168.114.0 255.255.255.0
access-list outside_6_cryptomap extended permit ip 192.168.0.0 255.255.0.0 192.168.111.0 255.255.255.0
pager lines 24
logging enable
logging timestamp
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu management 1500
ip local pool VPN-Pool 192.168.16.205-192.168.16. 210 mask 255.255.255.0
ip verify reverse-path interface outside
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
asdm image disk0:/asdm-603.bin
asdm history enable
arp timeout 14400
nat-control
global (outside) 101 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 101 0.0.0.0 0.0.0.0
static (outside,inside) tcp OWA https External-3 https netmask 255.255.255.255
static (outside,inside) tcp SMTP smtp External-2 smtp netmask 255.255.255.255
static (inside,outside) tcp External-2 smtp SMTP smtp netmask 255.255.255.255
static (inside,outside) tcp External-3 https OWA https netmask 255.255.255.255
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 87.83.14.241 255
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
ldap attribute-map CISCOMAP
dynamic-access-policy-reco rd DfltAccessPolicy
aaa-server misltd protocol ldap
aaa-server misltd host 192.168.16.6
ldap-base-dn dc=misltd,dc=local
ldap-scope subtree
ldap-naming-attribute samAccountName
ldap-login-password *
ldap-login-dn cn=administrator,cn=users, dc=misltd, dc=local
server-type microsoft
aaa authentication telnet console LOCAL
http server enable
http 192.168.16.0 255.255.255.0 inside
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac
crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 TRANS_ESP_3DES_SHA
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map0 1 match address outside_1_cryptomap
crypto map outside_map0 1 set peer 78.86.109.149
crypto map outside_map0 1 set transform-set ESP-3DES-MD5
crypto map outside_map0 1 set nat-t-disable
crypto map outside_map0 1 set phase1-mode aggressive
crypto map outside_map0 2 match address outside_2_cryptomap
crypto map outside_map0 2 set peer 83.104.191.233
crypto map outside_map0 2 set transform-set ESP-3DES-SHA
crypto map outside_map0 2 set nat-t-disable
crypto map outside_map0 3 match address outside_3_cryptomap
crypto map outside_map0 3 set pfs
crypto map outside_map0 3 set peer 78.86.108.125
crypto map outside_map0 3 set transform-set ESP-3DES-SHA
crypto map outside_map0 3 set nat-t-disable
crypto map outside_map0 4 match address outside_4_cryptomap
crypto map outside_map0 4 set peer 78.86.111.232
crypto map outside_map0 4 set transform-set ESP-3DES-SHA
crypto map outside_map0 4 set nat-t-disable
crypto map outside_map0 4 set phase1-mode aggressive
crypto map outside_map0 5 match address outside_5_cryptomap
crypto map outside_map0 5 set peer 62.49.141.61
crypto map outside_map0 5 set transform-set ESP-3DES-SHA
crypto map outside_map0 5 set nat-t-disable
crypto map outside_map0 5 set phase1-mode aggressive
crypto map outside_map0 6 match address outside_6_cryptomap
crypto map outside_map0 6 set pfs
crypto map outside_map0 6 set peer 62.49.129.117
crypto map outside_map0 6 set transform-set ESP-3DES-SHA
crypto map outside_map0 6 set nat-t-disable
crypto map outside_map0 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map0 interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet 192.168.16.0 255.255.255.0 inside
telnet timeout 5
ssh 192.168.16.0 255.255.255.0 inside
ssh timeout 5
console timeout 0
management-access inside
dhcpd address 192.168.2.100-192.168.2.20 0 management
dhcpd dns 192.168.16.12 interface management
dhcpd enable management
!
threat-detection basic-threat
threat-detection statistics
ntp authenticate
ntp server 192.168.16.6 source inside prefer
ntp server 192.168.16.7 source inside
group-policy DefaultRAGroup internal
group-policy DefaultRAGroup attributes
wins-server value 192.168.16.6 192.168.16.7
dns-server value 192.168.16.6 192.168.16.7
vpn-tunnel-protocol l2tp-ipsec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value DefaultRAGroup_splitTunnel Acl
default-domain value misltd.local
group-policy VPN-Users internal
group-policy VPN-Users attributes
wins-server value 192.168.16.6 192.168.16.7
dns-server value 192.168.16.6 192.168.16.7
vpn-tunnel-protocol IPSec l2tp-ipsec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value VPN-Users_splitTunnelAcl
default-domain value misltd.local
username misadmin password FE9WV/Qmp1SHPUvH encrypted privilege 15
username g.kirby password BwsT2MWdgjYb/uMV encrypted privilege 0
username g.kirby attributes
vpn-group-policy VPN-Users
tunnel-group DefaultRAGroup general-attributes
address-pool VPN-Pool
default-group-policy DefaultRAGroup
tunnel-group DefaultRAGroup ipsec-attributes
pre-shared-key *
tunnel-group 78.86.109.149 type ipsec-l2l
tunnel-group 78.86.109.149 ipsec-attributes
pre-shared-key *
tunnel-group 83.104.191.233 type ipsec-l2l
tunnel-group 83.104.191.233 ipsec-attributes
pre-shared-key *
tunnel-group VPN-Users type remote-access
tunnel-group VPN-Users general-attributes
address-pool VPN-Pool
authentication-server-grou p misltd
default-group-policy VPN-Users
tunnel-group VPN-Users ipsec-attributes
pre-shared-key *
tunnel-group 78.86.108.125 type ipsec-l2l
tunnel-group 78.86.108.125 ipsec-attributes
pre-shared-key *
tunnel-group 78.86.111.232 type ipsec-l2l
tunnel-group 78.86.111.232 ipsec-attributes
pre-shared-key *
tunnel-group 62.49.141.61 type ipsec-l2l
tunnel-group 62.49.141.61 ipsec-attributes
pre-shared-key *
tunnel-group 62.49.129.117 type ipsec-l2l
tunnel-group 62.49.129.117 ipsec-attributes
pre-shared-key *
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:7db74770f11 fd56cc08e5 078478063b 0
: end
asdm image disk0:/asdm-603.bin
asdm location FTP-HTTP 255.255.255.255 inside
asdm location SMTP 255.255.255.255 inside
asdm location OWA 255.255.255.255 inside
asdm location External-2 255.255.255.255 inside
asdm location External-3 255.255.255.255 inside
asdm history enable
portmap translation creation failed for tcp src inside:192.168.16.113/5626
portmap translation creation failed for tcp src inside:192.168.16.9/2222 dst inside:SMTP/6805
this is generated when internal access is required to the mail server from outlook or web based access using Microsofts OWA client.
This is a reduced copy of my config
: Saved
:
ASA Version 8.0(3)
!
hostname ASA5510
domain-name misltd.local
enable password xRejrreNS5FwEE2d encrypted
names
name 192.168.16.4 FTP-HTTP description FTP-HTTP
name 192.168.16.11 OWA description Outlook Web Access
name 192.168.16.8 SMTP description Exchange Server
name 87.83.14.243 External-2 description Second External IP
name 87.83.14.244 External-3 description Third External IP
name 87.83.14.242 External-1 description First External IP
dns-guard
!
interface Ethernet0/0
nameif outside
security-level 0
ip address External-1 255.255.255.248
ospf cost 10
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 192.168.16.12 255.255.255.0
ospf cost 10
!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.2.1 255.255.255.0
ospf cost 10
management-only
!
passwd 2KFQnbNIdI.2KYOU encrypted
boot system disk0:/asa803-k8.bin
ftp mode passive
clock timezone GMT/BST 0
clock summer-time GMT/BDT recurring last Sun Mar 1:00 last Sun Oct 2:00
dns server-group DefaultDNS
domain-name misltd.local
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group service DM_INLINE_TCP_1 tcp
port-object eq ftp
port-object eq www
object-group network Webroot
description Webroot inbound mail servers
network-object 194.116.198.0 255.255.254.0
network-object 203.100.58.0 255.255.255.0
network-object 208.87.136.0 255.255.254.0
access-list outside_access_in extended permit tcp any host External-2 object-group DM_INLINE_TCP_1 inactive
access-list outside_access_in extended permit tcp any host External-3 eq https
access-list outside_access_in extended permit tcp object-group Webroot host External-2 eq smtp
access-list VPN-Users_splitTunnelAcl standard permit 192.168.0.0 255.255.0.0
access-list DefaultRAGroup_splitTunnel
access-list outside_1_cryptomap extended permit ip 192.168.0.0 255.255.0.0 192.168.117.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.0.0 255.255.0.0 192.168.117.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.0.0 255.255.0.0 192.168.112.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip any 192.168.16.192 255.255.255.224
access-list inside_nat0_outbound extended permit ip 192.168.0.0 255.255.0.0 192.168.16.192 255.255.255.224
access-list inside_nat0_outbound extended permit ip 192.168.0.0 255.255.0.0 192.168.1.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.0.0 255.255.0.0 192.168.113.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.0.0 255.255.0.0 192.168.114.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.0.0 255.255.0.0 192.168.111.0 255.255.255.0
access-list outside_2_cryptomap extended permit ip 192.168.0.0 255.255.0.0 192.168.112.0 255.255.255.0
access-list VPN-Users_splitTunnelAcl_1
access-list outside_3_cryptomap extended permit ip 192.168.0.0 255.255.0.0 192.168.113.0 255.255.255.0
access-list outside_4_cryptomap extended permit ip 192.168.0.0 255.255.0.0 192.168.1.0 255.255.255.0
access-list outside_5_cryptomap extended permit ip 192.168.0.0 255.255.0.0 192.168.114.0 255.255.255.0
access-list outside_6_cryptomap extended permit ip 192.168.0.0 255.255.0.0 192.168.111.0 255.255.255.0
pager lines 24
logging enable
logging timestamp
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu management 1500
ip local pool VPN-Pool 192.168.16.205-192.168.16.
ip verify reverse-path interface outside
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
asdm image disk0:/asdm-603.bin
asdm history enable
arp timeout 14400
nat-control
global (outside) 101 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 101 0.0.0.0 0.0.0.0
static (outside,inside) tcp OWA https External-3 https netmask 255.255.255.255
static (outside,inside) tcp SMTP smtp External-2 smtp netmask 255.255.255.255
static (inside,outside) tcp External-2 smtp SMTP smtp netmask 255.255.255.255
static (inside,outside) tcp External-3 https OWA https netmask 255.255.255.255
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 87.83.14.241 255
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
ldap attribute-map CISCOMAP
dynamic-access-policy-reco
aaa-server misltd protocol ldap
aaa-server misltd host 192.168.16.6
ldap-base-dn dc=misltd,dc=local
ldap-scope subtree
ldap-naming-attribute samAccountName
ldap-login-password *
ldap-login-dn cn=administrator,cn=users,
server-type microsoft
aaa authentication telnet console LOCAL
http server enable
http 192.168.16.0 255.255.255.0 inside
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac
crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 TRANS_ESP_3DES_SHA
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map0 1 match address outside_1_cryptomap
crypto map outside_map0 1 set peer 78.86.109.149
crypto map outside_map0 1 set transform-set ESP-3DES-MD5
crypto map outside_map0 1 set nat-t-disable
crypto map outside_map0 1 set phase1-mode aggressive
crypto map outside_map0 2 match address outside_2_cryptomap
crypto map outside_map0 2 set peer 83.104.191.233
crypto map outside_map0 2 set transform-set ESP-3DES-SHA
crypto map outside_map0 2 set nat-t-disable
crypto map outside_map0 3 match address outside_3_cryptomap
crypto map outside_map0 3 set pfs
crypto map outside_map0 3 set peer 78.86.108.125
crypto map outside_map0 3 set transform-set ESP-3DES-SHA
crypto map outside_map0 3 set nat-t-disable
crypto map outside_map0 4 match address outside_4_cryptomap
crypto map outside_map0 4 set peer 78.86.111.232
crypto map outside_map0 4 set transform-set ESP-3DES-SHA
crypto map outside_map0 4 set nat-t-disable
crypto map outside_map0 4 set phase1-mode aggressive
crypto map outside_map0 5 match address outside_5_cryptomap
crypto map outside_map0 5 set peer 62.49.141.61
crypto map outside_map0 5 set transform-set ESP-3DES-SHA
crypto map outside_map0 5 set nat-t-disable
crypto map outside_map0 5 set phase1-mode aggressive
crypto map outside_map0 6 match address outside_6_cryptomap
crypto map outside_map0 6 set pfs
crypto map outside_map0 6 set peer 62.49.129.117
crypto map outside_map0 6 set transform-set ESP-3DES-SHA
crypto map outside_map0 6 set nat-t-disable
crypto map outside_map0 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map0 interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet 192.168.16.0 255.255.255.0 inside
telnet timeout 5
ssh 192.168.16.0 255.255.255.0 inside
ssh timeout 5
console timeout 0
management-access inside
dhcpd address 192.168.2.100-192.168.2.20
dhcpd dns 192.168.16.12 interface management
dhcpd enable management
!
threat-detection basic-threat
threat-detection statistics
ntp authenticate
ntp server 192.168.16.6 source inside prefer
ntp server 192.168.16.7 source inside
group-policy DefaultRAGroup internal
group-policy DefaultRAGroup attributes
wins-server value 192.168.16.6 192.168.16.7
dns-server value 192.168.16.6 192.168.16.7
vpn-tunnel-protocol l2tp-ipsec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value DefaultRAGroup_splitTunnel
default-domain value misltd.local
group-policy VPN-Users internal
group-policy VPN-Users attributes
wins-server value 192.168.16.6 192.168.16.7
dns-server value 192.168.16.6 192.168.16.7
vpn-tunnel-protocol IPSec l2tp-ipsec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value VPN-Users_splitTunnelAcl
default-domain value misltd.local
username misadmin password FE9WV/Qmp1SHPUvH encrypted privilege 15
username g.kirby password BwsT2MWdgjYb/uMV encrypted privilege 0
username g.kirby attributes
vpn-group-policy VPN-Users
tunnel-group DefaultRAGroup general-attributes
address-pool VPN-Pool
default-group-policy DefaultRAGroup
tunnel-group DefaultRAGroup ipsec-attributes
pre-shared-key *
tunnel-group 78.86.109.149 type ipsec-l2l
tunnel-group 78.86.109.149 ipsec-attributes
pre-shared-key *
tunnel-group 83.104.191.233 type ipsec-l2l
tunnel-group 83.104.191.233 ipsec-attributes
pre-shared-key *
tunnel-group VPN-Users type remote-access
tunnel-group VPN-Users general-attributes
address-pool VPN-Pool
authentication-server-grou
default-group-policy VPN-Users
tunnel-group VPN-Users ipsec-attributes
pre-shared-key *
tunnel-group 78.86.108.125 type ipsec-l2l
tunnel-group 78.86.108.125 ipsec-attributes
pre-shared-key *
tunnel-group 78.86.111.232 type ipsec-l2l
tunnel-group 78.86.111.232 ipsec-attributes
pre-shared-key *
tunnel-group 62.49.141.61 type ipsec-l2l
tunnel-group 62.49.141.61 ipsec-attributes
pre-shared-key *
tunnel-group 62.49.129.117 type ipsec-l2l
tunnel-group 62.49.129.117 ipsec-attributes
pre-shared-key *
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:7db74770f11
: end
asdm image disk0:/asdm-603.bin
asdm location FTP-HTTP 255.255.255.255 inside
asdm location SMTP 255.255.255.255 inside
asdm location OWA 255.255.255.255 inside
asdm location External-2 255.255.255.255 inside
asdm location External-3 255.255.255.255 inside
asdm history enable
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for your help