troubleshooting Question

Cisco ASA5505 programming

Avatar of ryan80
ryan80 asked on
CiscoVPNNetworking
2 Comments1 Solution1362 ViewsLast Modified:
I just got an Cisco ASA 5505 to use on my network.  I do not have experience in programming a Cisco device from scratch, I have made small changes on these devices before, but usually just to open a port.  I used the programming from another ASA 5505, and am trying to program it to work for our network.

We have about 15 desktops and 5 servers.  We have a T1 and a FIOS connection, the T1 being used for the servers and the FIOS for the desktops.  I have already been told that I will need to get a new router that can do policy based routing that will be in front of the ASA to make this work.  That will be the next step.  For now I am going to assume that all of the desktops will be using the T1.  (if anyone has any other suggestions on how to do this I am open, otherwise I will be getting an 1841 to do the policy based routing)

Here is the programming that I have so far.  If anyone can give me any information about it or a good place to go to get information on how to program it it would be appreciated.  I have put a ** infront of the lines that i am not sure what they are for or what I will need to do to get it to work.

As you can see, I have questions about most of the programming.  My boss thinks that I can program it just because I started studying for the 1st Cisco certification a few weeks ago.  Any help would be appreciated.  
Cisco-ASA> enable
Password: *********
Cisco-ASA# show running
: Saved
:
ASA Version 7.2(2)
!
hostname Cisco-ASA
domain-name CCSIGROUP.COM
enable password **************** level 12 encrypted
enable password **************** encrypted
names
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.222.4 255.255.255.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address **.168.117.138 255.255.255.240
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
passwd hYToTce21uaNCbdC encrypted
ftp mode passive
dns server-group DefaultDNS
 domain-name CCSIGROUP.COM
access-list 100 extended permit tcp any host **.168.116.140 eq https
**access-list nonat extended permit ip 10.218.96.0 255.255.255.0 172.21.66.0 255.2
55.255.0
**access-list vpncli extended permit ip 10.218.96.0 255.255.240.0 172.21.66.0 255.
255.255.0
pager lines 24
logging enable
logging timestamp
logging buffer-size 20480
logging buffered informational
logging asdm informational
**mtu inside 1500
**mtu outside 1500
**ip local pool pptp-pool 172.21.66.1-172.21.66.254 mask 255.255.255.0
no failover
**icmp unreachable rate-limit 1 burst-size 1
**asdm image disk0:/asdm-522.bin
**no asdm history enable
arp timeout 14400
**global (outside) 1 **.168.116.138 netmask 255.255.255.240
**nat (inside) 0 access-list nonat
**nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) **.168.116.140 192.168.222.22 netmask 255.255.255.255
**access-group 100 in interface outside
**route inside 10.10.10.0 255.255.255.0 10.218.96.1 1
**route outside 0.0.0.0 0.0.0.0 66.251.104.209 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
group-policy vpn3000 internal
group-policy vpn3000 attributes
 dns-server value 192.168.222.20
 vpn-idle-timeout 30
** split-tunnel-policy tunnelspecified
** split-tunnel-network-list value vpncli
 default-domain value ccsigroup.com	
** split-dns value ccsigroup.com
 nem enable
username *********** password ************* encrypted privilege 15
**aaa authentication ssh console LOCAL
**aaa authentication telnet console LOCAL
**http 12.145.167.212 255.255.255.255 outside
**http 192.168.1.0 255.255.255.0 inside
**http 12.145.167.222 255.255.255.255 outside
no snmp-server location
no snmp-server contact
**snmp-server community xIBMx4DyArlayNTro
**snmp-server enable traps snmp authentication linkup linkdown coldstart
**crypto ipsec transform-set myset esp-des esp-md5-hmac
**crypto ipsec transform-set transB esp-des esp-sha-hmac
**crypto dynamic-map dynmap 100 set transform-set myset
**crypto map mymap 40 match address ToMi
**crypto map mymap 40 set peer 66.255.199.120
**crypto map mymap 40 set transform-set transB
**crypto map mymap 100 ipsec-isakmp dynamic dynmap
**crypto map mymap interface outside
**crypto isakmp identity address
**crypto isakmp enable outside
**crypto isakmp policy 10
** authentication pre-share
** encryption des
** hash md5
** group 2
** lifetime 86400
**crypto isakmp policy 11
** authentication pre-share
** encryption des
** hash md5
** group 2
** lifetime 28800
**crypto isakmp policy 20
** authentication pre-share
** encryption des
** hash sha
** group 2
** lifetime 28800
**crypto isakmp nat-traversal  20
**tunnel-group DefaultRAGroup general-attributes
** authentication-server-group (outside) myradius
**tunnel-group vpn3000 type ipsec-ra
**tunnel-group vpn3000 general-attributes
** address-pool pptp-pool
** authentication-server-group (outside) myradius
** default-group-policy vpn3000
**tunnel-group vpn3000 ipsec-attributes
** pre-shared-key *
**tunnel-group **.255.199.120 type ipsec-l2l
**tunnel-group **.255.199.120 ipsec-attributes
** pre-shared-key *
**telnet 10.218.96.0 255.255.240.0 inside
**telnet 10.216.160.0 255.255.224.0 inside
**telnet 10.1.1.0 255.255.255.0 inside
telnet timeout 60
**ssh **.168.116.138 255.255.255.255 outside
**ssh 0.0.0.0 0.0.0.0 outside
**ssh timeout 30
**console timeout 0
**vpdn group 1 ppp authentication mschap
 
!
!
**privilege show level 2 mode exec command running-config
**privilege cmd level 1 mode configure command configure
**prompt hostname context
Cryptochecksum:261d3cbf974945e4baed88c91c28f210
: end
Cisco-ASA#
ASKER CERTIFIED SOLUTION
Join our community to see this answer!
Unlock 1 Answer and 2 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 2 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros