[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 496
  • Last Modified:

grant vpn client access to remote tunnel

Hi,
I have a site to site vpn connection.
Site A to B.
On site A I have vpn client setup. Its subnet is 192.168.100.0
I want that subnet to have access to site B network - 10.14.1.0

I have configured site A (Cisco asa 5505) so that it will allow this. In my vpn client it shows 10.14.1.0 as a secured route.

On site B (Cisco 837) I think I am having difficulty configuring the access rules.. please see my config. Site A ip is 90.x.x162
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname rtr01
!
boot-start-marker
boot-end-marker
!
enable secret 5 
enable password password
!
username admin privilege 15 password 0 password
no aaa new-model
ip subnet-zero
ip dhcp excluded-address 10.14.1.1 10.14.1.49
ip dhcp excluded-address 10.14.1.101 10.14.1.254
!
ip dhcp pool default
   import all
   network 10.14.1.0 255.255.255.0
   dns-server 62.24.128.17 62.24.128.18
   default-router 10.14.1.1
!
!
ip name-server 62.24.128.18
ip name-server 62.24.128.17
ip audit notify log
ip audit po max-events 100
no ftp-server write-enable
no scripting tcl init
no scripting tcl encdir
!
!
!
!
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
crypto isakmp key password address 90.x.x.162
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
 description Tunnel to90.x.x.162
 set peer 90.x.x.162
 set transform-set ESP-3DES-SHA
 match address 102
!
!
!
!
interface Ethernet0
 description $FW_INSIDE$
 ip address 10.14.1.1 255.255.255.0
 ip access-group 100 in
 ip nat inside
 hold-queue 100 out
!
interface ATM0
 no ip address
 no atm ilmi-keepalive
 dsl operating-mode auto
!
interface ATM0.1 point-to-point
 pvc 0/38
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
!
interface FastEthernet1
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet2
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet3
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet4
 no ip address
 duplex auto
 speed auto
!
interface Dialer0
 description $FW_OUTSIDE$
 ip address 92.x.x.47 255.255.255.128
 ip access-group 101 in
 ip nat outside
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 ppp authentication chap pap callin
 ppp chap hostname username@isp
 ppp chap password 0 password
 ppp pap sent-username username@isp password 0 password
 crypto map SDM_CMAP_1
!
ip nat inside source route-map SDM_RMAP_1 interface Dialer0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
ip http server
ip http access-class 2
ip http secure-server
!
!
access-list 1 remark INSIDE_IF=Ethernet0
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.14.1.0 0.0.0.255
access-list 2 permit 82.x.x.157
access-list 2 remark Auto generated by SDM Management Access feature
access-list 2 remark SDM_ACL Category=1
access-list 2 permit 192.168.0.0
access-list 2 permit 90.x.x.162
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny   ip 92.24.4.0 0.0.0.127 any
access-list 100 deny   ip host 255.255.255.255 any
access-list 100 deny   ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 permit tcp host 192.168.0.0 host 92.x.x.47 eq telnet
access-list 101 permit tcp host 90.x.x.162 host 92.x.x.47 eq telnet
access-list 101 permit tcp host 82.x.x.157 host 92.x.x.47 eq telnet
access-list 101 permit tcp host 192.168.0.0 host 92.x.x.47 eq 22
access-list 101 permit tcp host 90.x.x.162 host 92.x.x.47 eq 22
access-list 101 permit tcp host 82.x.x.157 host 92.x.x.47 eq 22
access-list 101 permit tcp host 192.168.0.0 host 92.x.x.47 eq www
access-list 101 permit tcp host 90.x.x.162 host 92.x.x.47 eq www
access-list 101 permit tcp host 82.x.x.157 host 92.x.x.47 eq www
access-list 101 permit tcp host 192.168.0.0 host 92.x.x.47 eq 443
access-list 101 permit tcp host 90.x.x.162 host 92.x.x.47 eq 443
access-list 101 permit tcp host 82.x.x.157 host 92.x.x.47 eq 443
access-list 101 permit tcp host 192.168.0.0 host 92.x.x.47 eq cmd
access-list 101 permit tcp host 90.x.x.162 host 92.x.x.47 eq cmd
access-list 101 permit tcp host 82.x.x.157 host 92.x.x.47 eq cmd
access-list 101 deny   udp any host 92.x.x.47 eq snmp
access-list 101 permit ip 192.168.100.0 0.0.0.255 10.14.1.0 0.0.0.255
access-list 101 remark IPSec Rule
access-list 101 permit ip 192.168.0.0 0.0.0.255 10.14.1.0 0.0.0.255
access-list 101 permit udp host 90.x.x.162 host 92.x.x.47 eq non500-isakmp
access-list 101 permit udp host 90.x.x.162 host 92.x.x.47 eq isakmp
access-list 101 permit esp host 90.x.x.162 host 92.x.x.47
access-list 101 permit ahp host 90.x.x.162 host 92.x.x.47
access-list 101 permit udp host 62.24.128.17 eq domain any
access-list 101 permit udp host 62.24.128.18 eq domain any
access-list 101 deny   ip 10.14.1.0 0.0.0.255 any
access-list 101 permit icmp any host 92.x.x.47 echo-reply
access-list 101 permit icmp any host 92.x.x.47 time-exceeded
access-list 101 permit icmp any host 92.x.x.47 unreachable
access-list 101 deny   ip 10.0.0.0 0.255.255.255 any
access-list 101 deny   ip 172.16.0.0 0.15.255.255 any
access-list 101 deny   ip 192.168.0.0 0.0.255.255 any
access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
access-list 101 deny   ip host 255.255.255.255 any
access-list 101 deny   ip host 0.0.0.0 any
access-list 101 deny   ip any any log
access-list 101 permit ip 10.14.1.0 0.0.0.255 192.168.100.0 0.0.0.255
access-list 102 remark SDM_ACL Category=4
access-list 102 remark IPSec Rule
access-list 102 permit ip 10.14.1.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 102 permit ip 10.14.1.0 0.0.0.255 192.168.100.0 0.0.0.255
access-list 103 remark SDM_ACL Category=2
access-list 103 deny   ip 10.14.1.0 0.0.0.255 192.168.100.0 0.0.0.255
access-list 103 remark IPSec Rule
access-list 103 deny   ip 10.14.1.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 103 permit ip 10.14.1.0 0.0.0.255 any
access-list 104 remark Auto generated by SDM Management Access feature
access-list 104 remark SDM_ACL Category=1
access-list 104 permit ip host 192.168.0.0 any
access-list 104 permit ip host 90.x.x.162 any
access-list 104 permit ip host 82.x.x.157 any
dialer-list 1 protocol ip permit
route-map SDM_RMAP_1 permit 1
 match ip address 103
!
!
control-plane
!
!
line con 0
 no modem enable
 transport preferred all
 transport output all
line aux 0
 transport preferred all
 transport output all
line vty 0 4
 access-class 104 in
 password password
 login
 transport preferred all
 transport input all
 transport output all
!
scheduler max-task-time 5000
!
end

Open in new window

0
Dan560
Asked:
Dan560
  • 2
  • 2
1 Solution
 
lrmooreCommented:
access-list 103 deny   ip 10.14.1.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 103 deny   ip 10.14.1.0 0.0.0.255 192.168.100.0 0.0.0.255  <== add this
access-list 103 permit ip 10.14.1.0 0.0.0.255 any
0
 
Dan560Author Commented:
Didnt seem to work, maybe it could the config on the other device.
Result of the command: "show run"
 
: Saved
:
ASA Version 7.2(2) 
!
hostname company name-FWL001
domain-name company name.local
enable password encrypted
names
name 192.168.100.0 LAN-RASVPN
name 192.168.0.0 LAN-LUTON
name 10.10.10.0 LAN1
name 213.x.x.x WAN2
name 10.11.1.0 LAN2
name 10.12.1.0 LAN3
name 82.X.X.X WAN3
name 192.168.0.5 sbs server
name 10.13.1.0 LAN4
name 62.x.x.62 WAN4
name 10.13.1.6 
name 192.168.251.0 LAN5
name 62.x.x.181 WAN5
name 192.168.1.1 ESX01-Server
name 192.168.1.2 sbs server2
name 192.168.1.3 SP01-Server
name 10.14.1.0 LAN6
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.0.254 255.255.255.0 
 ospf cost 10
!
interface Vlan2
 nameif outside
 security-level 0
 ip address 90.x.x.162 255.255.255.252 
 ospf cost 10
!
interface Vlan3
 nameif dmz
 security-level 50
 ip address 192.168.1.254 255.255.255.0 
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
 switchport access vlan 3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
dns server-group DefaultDNS
 domain-name company name.local
same-security-traffic permit intra-interface
 
access-list company name-RASVPN_splitTunnelAcl standard permit LAN-LUTON 255.255.255.0 
access-list company name-RASVPN_splitTunnelAcl standard permit 192.168.1.0 255.255.255.0 
access-list company name-RASVPN_splitTunnelAcl standard permit LAN4 255.255.255.0 
access-list company name-RASVPN_splitTunnelAcl standard permit LAN2 255.255.255.0 
access-list company name-RASVPN_splitTunnelAcl standard permit LAN6 255.255.255.0 
access-list outside_20_cryptomap extended permit ip LAN-LUTON 255.255.255.0 LAN1 255.255.255.0 
access-list outside_20_cryptomap extended permit ip LAN-RASVPN 255.255.255.0 LAN1 255.255.255.0 
access-list inside_nat0_outbound extended permit ip LAN-LUTON 255.255.255.0 LAN1 255.255.255.0 
access-list inside_nat0_outbound extended permit ip LAN-LUTON 255.255.255.0 LAN2 255.255.255.0 
access-list inside_nat0_outbound extended permit ip LAN-LUTON 255.255.255.0 LAN-RASVPN 255.255.255.128 
access-list inside_nat0_outbound extended permit ip LAN-LUTON 255.255.255.0 LAN3 255.255.255.0 
access-list inside_nat0_outbound extended permit ip LAN-LUTON 255.255.255.0 LAN4 255.255.255.0 
access-list inside_nat0_outbound extended permit ip LAN-LUTON 255.255.255.0 LAN5 255.255.255.0 
access-list inside_nat0_outbound extended permit ip LAN-RASVPN 255.255.255.0 LAN4 255.255.255.0 
access-list inside_nat0_outbound extended permit ip LAN-RASVPN 255.255.255.0 LAN2 255.255.255.0 
access-list inside_nat0_outbound extended permit ip LAN-LUTON 255.255.255.0 LAN6 255.255.255.0 
access-list inside_nat0_outbound extended permit ip LAN-RASVPN 255.255.255.0 LAN6 255.255.255.0 
access-list outside_access_in extended permit ip LAN-RASVPN 255.255.255.0 LAN-LUTON 255.255.255.0 
access-list outside_access_in extended permit tcp any host 90.x.x.162 eq smtp 
access-list outside_access_in extended permit tcp any host 90.x.x.162 eq https 
access-list outside_access_in extended permit icmp LAN1 255.255.255.0 LAN-LUTON 255.255.255.0 
access-list outside_access_in extended permit icmp LAN2 255.255.255.0 LAN-LUTON 255.255.255.0 
access-list outside_access_in extended permit tcp any host 90.x.x.162 eq ftp 
access-list outside_access_in extended permit icmp LAN3 255.255.255.0 LAN-LUTON 255.255.255.0 
access-list outside_access_in extended permit tcp any host 90.x.x.162 eq 5900 
access-list outside_access_in extended permit icmp any any echo-reply 
access-list outside_access_in extended permit icmp any any time-exceeded 
access-list outside_access_in extended permit tcp any host 90.x.x.162 eq www 
access-list outside_access_in extended permit tcp any host 90.x.x.162 eq 444 
access-list outside_access_in extended permit tcp any host 90.x.x.162 eq 3389 
access-list outside_cryptomap_65535.20 extended permit ip any LAN-RASVPN 255.255.255.0 
access-list inside_access_in extended permit ip any any 
access-list inside_access_in extended permit tcp any eq https any eq https 
access-list outside_cryptomap_30 extended permit ip LAN-LUTON 255.255.255.0 LAN2 255.255.255.0 
access-list outside_cryptomap_30 extended permit ip LAN-RASVPN 255.255.255.0 LAN2 255.255.255.0 
access-list outside_cryptomap_1 extended permit ip LAN-LUTON 255.255.255.0 LAN2 255.255.255.0 
access-list outside_cryptomap_1 extended permit ip LAN-RASVPN 255.255.255.0 LAN2 255.255.255.0 
access-list outside_cryptomap_2 extended permit ip LAN-LUTON 255.255.255.0 LAN1 255.255.255.0 
access-list outside_cryptomap_3 extended permit ip LAN-RASVPN 255.255.255.0 LAN-LUTON 255.255.255.0 
access-list outside_50_cryptomap extended permit ip LAN-LUTON 255.255.255.0 LAN3 255.255.255.0 
access-list outside_cryptomap_50 extended permit ip LAN-RASVPN 255.255.255.0 LAN-LUTON 255.255.255.0 
access-list outside_nat0_outbound extended permit ip LAN-RASVPN 255.255.255.0 LAN-LUTON 255.255.255.0 
access-list outside_cryptomap_65535.1 extended permit ip any LAN-RASVPN 255.255.255.0 
access-list outside_50_cryptomap_1 extended permit ip LAN-LUTON 255.255.255.0 LAN3 255.255.255.0 
access-list outside_70_cryptomap extended permit ip LAN-LUTON 255.255.255.0 LAN4 255.255.255.0 
access-list outside_70_cryptomap extended permit ip LAN-RASVPN 255.255.255.0 LAN4 255.255.255.0 
access-list outside_70_cryptomap extended permit ip LAN-RASVPN 255.255.255.0 LAN2 255.255.255.0 
access-list outside_90_cryptomap extended permit ip LAN-LUTON 255.255.255.0 LAN5 255.255.255.0 
access-list dmz_interface extended permit icmp any any 
access-list dmz_interface extended permit ip any any 
access-list dmz_nat0 extended permit ip 192.168.2.0 255.255.255.0 LAN-RASVPN 255.255.255.0 
access-list dmz_nat0 extended permit ip 192.168.1.0 255.255.255.0 LAN-RASVPN 255.255.255.0 
access-list rasvpn_splitTunnelAcl standard permit 192.168.1.0 255.255.255.0 
access-list LAN-RASVPN_splitTunnelAcl standard permit LAN-LUTON 255.255.255.0 
access-list LAN-RASVPN_splitTunnelAcl standard permit 192.168.1.0 255.255.255.0 
access-list outside_110_cryptomap extended permit ip LAN-LUTON 255.255.255.0 LAN6 255.255.255.0 
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1400
mtu dmz 1500
ip local pool RASVPNPOOL 192.168.100.1-192.168.100.99 mask 255.255.255.0
no failover
monitor-interface inside
monitor-interface outside
monitor-interface dmz
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-522.bin
no asdm history enable
arp timeout 14400
global (inside) 1 interface
global (outside) 1 interface
global (dmz) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 LAN-LUTON 255.255.255.0
nat (outside) 0 access-list outside_nat0_outbound
nat (dmz) 0 access-list dmz_nat0
nat (dmz) 1 192.168.1.0 255.255.255.0
static (dmz,outside) tcp interface www SP01-Server www netmask 255.255.255.255 
static (dmz,outside) tcp interface 444 SP01-Server 444 netmask 255.255.255.255 
static (inside,outside) tcp interface 3389 192.168.0.2 3389 netmask 255.255.255.255  dns 
static (inside,outside) tcp interface smtp sbs server smtp netmask 255.255.255.255  dns 
static (inside,outside) tcp interface https sbs server https netmask 255.255.255.255  dns 
static (inside,outside) tcp interface ftp 192.168.0.2 ftp netmask 255.255.255.255 
access-group outside_access_in in interface outside
access-group dmz_interface in interface dmz
route outside 0.0.0.0 0.0.0.0 90.152.15.161 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
aaa-server RADIUS protocol radius
aaa-server RADIUS host 192.168.0.2
 timeout 5
 key password
group-policy company name-RASVPN internal
group-policy company name-RASVPN attributes
 dns-server value 192.168.0.2
 vpn-tunnel-protocol IPSec 
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value company name-RASVPN_splitTunnelAcl
 default-domain value company name.lan
http server enable 8443
http 88.x.x.160 255.255.255.255 outside
http 213.206.7.12 255.255.255.255 outside
http 217.34.159.17 255.255.255.255 outside
http 217.34.158.180 255.255.255.255 outside
http 193.130.51.66 255.255.255.255 outside
http 78.32.130.1 255.255.255.255 outside
http LAN-LUTON 255.255.255.0 inside
http 82.16.212.188 255.255.255.255 outside
http WAN2 255.255.255.255 outside
http WAN3 255.255.255.255 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac 
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac 
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac 
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac 
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac 
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac 
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac 
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac 
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac 
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac 
crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_65535.20
crypto dynamic-map outside_dyn_map 20 set pfs 
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map0 1 match address outside_cryptomap_65535.1
crypto dynamic-map outside_dyn_map0 1 set transform-set ESP-3DES-MD5
crypto map outside_map 20 match address outside_20_cryptomap
crypto map outside_map 20 set pfs 
crypto map outside_map 20 set peer 88.x.x.160 
crypto map outside_map 20 set transform-set ESP-3DES-SHA
crypto map outside_map 30 match address outside_cryptomap_30
crypto map outside_map 30 set peer WAN2 
crypto map outside_map 30 set transform-set ESP-3DES-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map inside_map 10 match address outside_cryptomap_3
crypto map inside_map 10 set pfs 
crypto map inside_map 10 set peer LAN-RASVPN 
crypto map inside_map 10 set transform-set ESP-3DES-SHA
crypto map inside_map 20 match address outside_cryptomap_2
crypto map inside_map 20 set peer 88.x.x.160 
crypto map inside_map 20 set transform-set ESP-3DES-SHA
crypto map inside_map 30 match address outside_cryptomap_1
crypto map inside_map 30 set peer WAN2 
crypto map inside_map 30 set transform-set ESP-3DES-SHA
crypto map inside_map 50 match address outside_50_cryptomap_1
crypto map inside_map 50 set pfs 
crypto map inside_map 50 set peer WAN3 
crypto map inside_map 50 set transform-set ESP-3DES-SHA
crypto map inside_map 70 match address outside_70_cryptomap
crypto map inside_map 70 set pfs 
crypto map inside_map 70 set peer WAN4 
crypto map inside_map 70 set transform-set ESP-3DES-SHA
crypto map inside_map 70 set security-association lifetime seconds 86400
crypto map inside_map 90 match address outside_90_cryptomap
crypto map inside_map 90 set pfs 
crypto map inside_map 90 set peer WAN5 
crypto map inside_map 90 set transform-set ESP-3DES-SHA
crypto map inside_map 110 match address outside_110_cryptomap
crypto map inside_map 110 set pfs 
crypto map inside_map 110 set peer 92.x.x.47 
crypto map inside_map 110 set transform-set ESP-3DES-SHA
crypto map inside_map 65535 ipsec-isakmp dynamic outside_dyn_map0
crypto map inside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime none
crypto isakmp nat-traversal  20
tunnel-group company name-RASVPN type ipsec-ra
tunnel-group company name-RASVPN general-attributes
 address-pool RASVPNPOOL
 authentication-server-group RADIUS
 default-group-policy company name-RASVPN
tunnel-group company name-RASVPN ipsec-attributes
 pre-shared-key *
tunnel-group 88.x.x.160 type ipsec-l2l
tunnel-group 88.x.x.160 ipsec-attributes
 pre-shared-key *
tunnel-group 213.x.x.x type ipsec-l2l
tunnel-group 213.x.x.x ipsec-attributes
 pre-shared-key *
tunnel-group 82.X.X.X type ipsec-l2l
tunnel-group 82.X.X.X ipsec-attributes
 pre-shared-key *
tunnel-group 62.x.x.62 type ipsec-l2l
tunnel-group 62.x.x.62 ipsec-attributes
 pre-shared-key *
tunnel-group 62.x.x.181 type ipsec-l2l
tunnel-group 62.x.x.181 ipsec-attributes
 pre-shared-key *
tunnel-group 92.x.x.47 type ipsec-l2l
tunnel-group 92.x.x.47 ipsec-attributes
 pre-shared-key *
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.0.100-192.168.0.149 inside
dhcpd dns 195.99.65.220 195.99.66.220 interface inside
dhcpd domain company name.lan interface inside
dhcpd enable inside
!
 
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map 
  inspect ftp 
  inspect h323 h225 
  inspect h323 ras 
  inspect netbios 
  inspect rsh 
  inspect rtsp 
  inspect skinny 
  inspect sqlnet 
  inspect sunrpc 
  inspect tftp 
  inspect sip 
  inspect xdmcp 
  inspect icmp error 
  inspect esmtp 
  inspect icmp 
!
service-policy global_policy global
ntp server 158.43.128.33
tftp-server inside 192.168.0.2 tftp-root
prompt hostname context 
Cryptochecksum:c28d0511ec8a7c1bb105eb61bc108e7a
: end

Open in new window

0
 
lrmooreCommented:
Try adding the following:

access-list outside_110_cryptomap extended permit ip LAN-LUTON 255.255.255.0 LAN6 255.255.255.0
access-list outside_110_cryptomap extended permit ip LAN-RASVPN 255.255.255.0 LAN6 255.255.255.0  <== add

0
 
Dan560Author Commented:
thanks it worked :)
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now