Solved

Cisco Any Connect VPN Client

Posted on 2010-08-18
5
1,248 Views
Last Modified: 2013-11-16
We have had several calls from remote VPN users regarding not being able to access the network unless they enable "allow local LAN access". I was under the impression that allow local lan access only allows them to access their local network while VPN'd into the corporate office. Any ideas why they can't access the corp network while VPN'd in unless they enable that feature? It's only been a handful of users over the past few weeks. All other remote VPN users are fine that don't have it enabled....
0
Comment
Question by:dtadmin
5 Comments
 

Author Comment

by:dtadmin
ID: 33465952
I forgot to add that they are using the Cisco Any Connect VPN client terminating to an ASA 5520.
0
 
LVL 14

Expert Comment

by:anoopkmr
ID: 33466208
can u post ur asa config
0
 

Author Comment

by:dtadmin
ID: 33466426
Cryptochecksum: 580d7d46 e6754f01 b6199f5e 8aecb68f
!
ASA Version 8.2(2)4
!
hostname ciscoasa
domain-name ad.davey-tree.com
enable password vOigZlIColYWIF/6 encrypted
passwd 7zBGpNWRF2JKXGlk encrypted
no names
dns-guard
!
interface GigabitEthernet0/0
 speed 100
 duplex full
 nameif outside
 security-level 0
 ip address 1.2.3.4 255.255.255.224 standby 1.2.3.5
!
interface GigabitEthernet0/1
 speed 1000
 duplex full
 nameif inside
 security-level 100
 ip address 10.0.0.254 255.255.255.0 standby 10.0.0.253
!
interface GigabitEthernet0/2
 nameif dmz
 security-level 50
 ip address 10.3.0.254 255.255.255.0 standby 10.3.0.253
!
interface GigabitEthernet0/3
 description LAN/STATE Failover Interface
!
interface Management0/0
 nameif management
 security-level 100
 no ip address
 management-only
!
!
time-range Business
 periodic daily 6:00 to 23:59
!
boot system disk0:/asa822-4-k8.bin
ftp mode passive
clock timezone utc -5
clock summer-time EDT recurring
dns domain-lookup outside
dns domain-lookup inside
dns domain-lookup dmz
dns domain-lookup management
dns server-group DefaultDNS
 name-server 10.1.200.16
 name-server 10.1.200.108
 name-server 10.1.200.17
 name-server 10.1.200.45
 domain-name ad.davey-tree.com
same-security-traffic permit intra-interface
object-group network Kent_File_Servers
 network-object host 10.1.200.60
 network-object host 10.1.200.61
 network-object host 10.1.200.62
object-group network Kent_SQL_Servers
 network-object host 10.1.200.12
 network-object host 10.1.200.13
 network-object host 10.1.200.161
object-group network Kent_Trend_Servers
 network-object host 10.1.200.116
object-group network SRI_Web_Servers
 network-object host 10.3.0.13
 network-object host 10.3.0.14
 network-object host 10.3.0.15
 network-object host 10.3.0.16
 network-object host 10.3.0.17
 network-object host 10.3.0.19
 network-object host 10.3.0.20
object-group service Trend_Ports tcp
 port-object eq 4343
 port-object eq 8080
object-group network Stow_DRG_Servers
 network-object host 10.3.0.10
 network-object host 10.3.0.11
 network-object host 10.3.0.8
 network-object host 10.3.0.9
object-group network iPass_Servers
 network-object host 208.212.202.21
 network-object host 216.239.101.125
 network-object host 216.239.102.125
 network-object host 216.239.103.125
 network-object host 216.239.104.125
 network-object host 216.239.105.125
 network-object host 216.239.107.125
 network-object host 216.239.108.125
 network-object host 216.239.109.125
 network-object host 216.239.110.125
 network-object host 216.239.111.125
 network-object host 216.239.98.125
 network-object host 216.239.99.125
object-group protocol TCPUDP
 protocol-object udp
 protocol-object tcp
object-group service sip-tls tcp
 description SIP over TLS
 port-object eq 5061
object-group network Kent_ADDS_Servers
 network-object host 10.1.200.108
 network-object host 10.1.200.16
 network-object host 10.1.200.17
 network-object host 10.1.200.45
object-group service DomainController_Ports
 description Ports required for AD domain member to communicate with a DC
 service-object tcp-udp eq 389
 service-object tcp-udp eq 636
 service-object tcp-udp eq 88
 service-object tcp-udp eq domain
 service-object tcp range 3268 3269
 service-object tcp eq 445
 service-object tcp range 49152 65535
 service-object udp eq ntp
 service-object tcp-udp eq 135
access-list outside extended permit esp any host x.x.x.x
access-list outside extended permit udp any host x.x.x.x eq 4500
access-list outside extended permit udp any host x.x.x.x eq isakmp
access-list outside extended permit tcp object-group iPass_Servers host x.x.x.x eq 577
access-list outside extended permit ip any host x.x.x.x
access-list outside extended permit tcp any host x.x.x.x eq ftp
access-list outside extended permit tcp any host x.x.x.x eq https
access-list outside extended permit tcp any host x.x.x.x eq www
access-list outside extended permit tcp any host x.x.x.x eq https
access-list outside extended permit tcp any host x.x.x.x eq www
access-list outside extended permit tcp any host x.x.x.x eq www
access-list outside extended permit tcp any host x.x.x.x eq ftp
access-list outside extended permit tcp any host x.x.x.x eq www
access-list outside extended permit tcp any host x.x.x.x eq ftp
access-list outside extended permit tcp any host x.x.x.x eq www
access-list outside extended permit tcp any host x.x.x.x eq ftp
access-list outside extended permit tcp any host x.x.x.x eq www
access-list outside extended permit tcp any host x.x.x.x eq https
access-list outside extended permit tcp any host x.x.x.x eq www
access-list outside extended permit tcp any host x.x.x.x eq https
access-list outside extended permit tcp any host x.x.x.x eq ftp
access-list outside extended permit tcp any host x.x.x.x eq www
access-list outside extended permit tcp any host x.x.x.x eq https
access-list outside extended permit tcp any host x.x.x.x eq ftp
access-list outside extended permit tcp any host x.x.x.x eq www
access-list outside extended permit tcp any host x.x.x.x eq https
access-list outside extended permit tcp any host x.x.x.x eq https
access-list outside extended permit tcp any host x.x.x.x eq www
access-list outside extended permit tcp any host x.x.x.x eq ftp
access-list outside extended permit tcp any host x.x.x.x eq www log
access-list outside extended permit tcp any host x.x.x.x eq 1600 log
access-list outside extended permit tcp any host x.x.x.x range rtsp 557 log
access-list outside extended permit tcp x.x.x.x 255.255.224.0 host x.x.x.x eq smtp
access-list outside extended permit tcp any host x.x.x.x eq https
access-list outside extended permit tcp any host x.x.x.x object-group sip-tls log notifications
access-list outside extended permit tcp any host x.x.x.x eq https log notifications
access-list outside remark Log denied packets on sip.davey.com
access-list outside extended deny ip any host x.x.x.x log notifications
access-list outside extended permit tcp any host x.x.x.x eq https log notifications
access-list outside remark Log denied packets on ocsrp.davey.com
access-list outside extended deny ip any host x.x.x.x log notifications
access-list outside extended permit tcp any host x.x.x.x eq www
access-list outside extended permit tcp any host x.x.x.x eq https
access-list outside extended permit tcp any host x.x.x.x eq ftp
access-list outside extended permit tcp any host x.x.x.x eq www log notifications
access-list outside extended permit tcp any host x.x.x.x eq https log notifications
access-list outside extended permit esp any host x.x.x.x log notifications
access-list outside extended permit udp any host x.x.x.x eq isakmp log notifications
access-list outside extended permit udp any host x.x.x.x eq 4500 log notifications
access-list outside extended permit udp any host x.x.x.x eq 10000 log notifications
access-list outside extended permit tcp any host x.x.x.x eq ftp
access-list outside remark Log denied packets to chat.davey.com
access-list outside extended deny ip any host x.x.x.x log notifications
access-list 100 extended permit ip host x.x.x.x x.x.x.x 255.255.255.252
access-list nonat-vpn extended permit ip any 10.3.2.0 255.255.255.0
access-list nonat-vpn extended permit ip 10.1.0.0 255.255.255.0 10.3.0.0 255.255.255.0
access-list nonat-vpn extended permit ip 10.3.0.0 255.255.255.0 10.3.2.0 255.255.255.0
access-list nonat-vpn extended permit ip 10.1.0.0 255.255.0.0 192.168.4.0 255.255.255.0
access-list nonat-vpn extended permit ip 10.3.0.0 255.255.255.0 10.3.5.0 255.255.255.0
access-list nonat-vpn extended permit ip any 10.3.5.0 255.255.255.0
access-list nonat-vpn extended permit ip 10.30.4.0 255.255.255.0 10.90.99.0 255.255.255.0
access-list nonat-vpn extended permit ip 10.30.4.0 255.255.255.0 10.90.101.0 255.255.255.0
access-list nonat-vpn extended permit ip 10.1.0.0 255.255.0.0 10.30.0.0 255.255.0.0
access-list nonat-vpn extended permit ip 10.90.0.0 255.255.0.0 10.30.4.0 255.255.255.0
access-list split-tunnel extended permit ip 10.0.0.0 255.0.0.0 10.3.2.0 255.255.255.0
access-list split-tunnel extended permit ip 169.254.1.0 255.255.255.0 10.3.2.0 255.255.255.0
access-list dmzTOinside extended permit tcp any host 10.1.200.44 eq 1500
access-list dmzTOinside extended permit tcp object-group Stow_DRG_Servers object-group Kent_Trend_Servers object-group Trend_Ports
access-list dmzTOinside extended permit tcp object-group Stow_DRG_Servers object-group Kent_File_Servers eq 445
access-list dmzTOinside extended permit tcp host 10.3.0.6 object-group Kent_Trend_Servers object-group Trend_Ports
access-list dmzTOinside extended permit tcp object-group SRI_Web_Servers object-group Kent_SQL_Servers eq 1433
access-list dmzTOinside extended permit tcp object-group SRI_Web_Servers object-group Kent_Trend_Servers object-group Trend_Ports
access-list dmzTOinside extended permit tcp object-group SRI_Web_Servers object-group Kent_File_Servers eq 445
access-list dmzTOinside extended permit tcp host 10.3.0.25 object-group Kent_Trend_Servers object-group Trend_Ports
access-list dmzTOinside extended permit tcp host 10.3.0.13 host 10.1.200.84 eq smtp
access-list dmzTOinside extended permit tcp host 10.3.0.13 host 10.1.200.39 eq https
access-list dmzTOinside extended permit tcp host 10.3.0.13 host 10.1.200.39 eq www
access-list dmzTOinside extended permit tcp host 10.3.0.16 host 10.1.200.84 eq smtp
access-list dmzTOinside extended permit tcp host 10.3.0.17 host 10.1.200.84 eq smtp
access-list dmzTOinside extended permit object-group DomainController_Ports host 10.3.0.42 object-group Kent_ADDS_Servers
access-list dmzTOinside extended permit tcp host 10.3.0.42 host 10.1.200.113 eq www
access-list dmzTOinside extended permit tcp host 10.3.0.42 object-group Kent_Trend_Servers object-group Trend_Ports
access-list dmzTOinside extended permit udp host 10.3.0.42 host 10.1.200.174 eq 1514
access-list dmzTOinside extended permit tcp host 10.3.0.42 host 10.1.200.100 eq 1433
access-list dmzTOinside extended permit tcp host 10.3.0.42 host 10.1.200.74 eq 1433
access-list dmzTOinside remark Permit DMZ web application server to talk with the domain controllers.
access-list dmzTOinside extended permit object-group DomainController_Ports host 10.3.0.41 object-group Kent_ADDS_Servers
access-list dmzTOinside remark Permit server queries to WSUS
access-list dmzTOinside extended permit tcp host 10.3.0.41 host 10.1.200.113 eq www
access-list dmzTOinside extended permit tcp host 10.3.0.41 object-group Kent_Trend_Servers object-group Trend_Ports
access-list dmzTOinside extended permit udp host 10.3.0.41 host 10.1.200.174 eq 1514
access-list dmzTOinside extended deny ip any 10.1.0.0 255.255.0.0 log notifications
access-list dmzTOinside extended permit ip any any log notifications
access-list COT_Corp extended permit ip 10.1.0.0 255.255.0.0 192.168.4.0 255.255.255.0
access-list COT_Corp extended permit ip host 10.3.0.21 192.168.4.0 255.255.255.0
access-list dynamic-filter_acl_techserv extended permit ip 10.1.3.0 255.255.255.0 any
access-list dynamic-filter_acl_techserv extended permit ip any 10.1.3.0 255.255.255.0
access-list ITVPN extended permit ip 10.0.0.0 255.0.0.0 10.3.5.0 255.255.255.0
access-list insideTOoutside extended permit udp any any eq 4500
access-list insideTOoutside extended permit udp any any eq isakmp
access-list insideTOoutside extended permit esp any any
access-list insideTOoutside extended permit ip host 10.90.84.64 any
access-list insideTOoutside extended deny tcp host 10.1.3.0 any eq smtp
access-list insideTOoutside extended deny tcp host 10.1.4.0 any eq smtp
access-list insideTOoutside extended deny tcp host 10.1.1.0 any eq smtp
access-list insideTOoutside extended deny tcp host 10.1.6.0 any eq smtp
access-list insideTOoutside extended deny tcp host 10.1.16.0 any eq smtp
access-list insideTOoutside extended deny tcp 10.10.0.0 255.255.0.0 any eq smtp
access-list insideTOoutside extended deny tcp 10.80.0.0 255.255.0.0 any eq smtp
access-list insideTOoutside extended deny tcp 10.90.0.0 255.255.0.0 any eq smtp
access-list insideTOoutside extended deny tcp 10.30.0.0 255.255.0.0 any eq smtp
access-list insideTOoutside extended deny tcp 10.75.0.0 255.255.0.0 any eq smtp
access-list insideTOoutside extended deny tcp 10.79.0.0 255.255.0.0 any eq smtp
access-list insideTOoutside extended permit ip any any
access-list outside_1_cryptomap extended permit ip 10.1.0.0 255.255.0.0 10.30.2.0 255.255.255.0
access-list outside_1_cryptomap extended permit ip 192.168.4.0 255.255.255.0 10.30.2.0 255.255.255.0
access-list netflow-export extended permit ip any any
access-list IPsec-traffic extended permit ip 10.30.4.0 255.255.255.0 10.90.99.0 255.255.255.0
access-list IPsec-traffic extended permit ip 10.30.4.0 255.255.255.0 10.90.101.0 255.255.255.0
access-list dynamic-filter_acl extended permit ip any any
pager lines 24
logging enable
logging timestamp
logging buffer-size 100000
logging monitor debugging
logging buffered debugging
logging trap notifications
logging host inside 10.1.200.174
logging host inside 10.1.200.32
no logging message 106015
no logging message 313001
no logging message 313008
no logging message 106023
no logging message 710003
no logging message 302015
no logging message 302014
no logging message 302013
no logging message 302018
no logging message 302017
no logging message 302016
no logging message 302021
no logging message 302020
logging message 304002 level informational
logging message 304001 level informational
flow-export destination inside 10.1.200.174 2055
flow-export destination inside 10.1.200.10 2055
flow-export template timeout-rate 1
flow-export delay flow-create 60
mtu outside 1500
mtu inside 1500
mtu dmz 1500
mtu management 1500
ip local pool Remote-Access 10.3.2.1-10.3.2.254 mask 255.255.255.0
ip local pool IT-Support 10.3.5.1-10.3.5.254 mask 255.255.255.0
ip verify reverse-path interface outside
ip verify reverse-path interface inside
ip verify reverse-path interface dmz
ip verify reverse-path interface management
failover
failover lan unit primary
failover lan interface failover GigabitEthernet0/3
failover polltime unit 1 holdtime 3
failover link failover GigabitEthernet0/3
failover interface ip failover 172.17.1.1 255.255.255.0 standby 172.17.1.7
icmp unreachable rate-limit 1 burst-size 1
icmp permit any outside
icmp permit any inside
asdm image disk0:/asdm-625.bin
asdm location 10.1.200.16 255.255.255.255 inside
asdm location 10.1.200.17 255.255.255.255 inside
asdm location 10.1.200.45 255.255.255.255 inside
asdm location 10.1.200.108 255.255.255.255 inside
no asdm history enable
arp timeout 14400
nat-control
global (outside) 1 interface
nat (inside) 0 access-list nonat-vpn
nat (inside) 1 0.0.0.0 0.0.0.0
nat (dmz) 0 access-list nonat-vpn
nat (dmz) 1 0.0.0.0 0.0.0.0
static (inside,outside) x.x.x.x 10.1.200.57 netmask 255.255.255.255
static (inside,outside) x.x.x.x 10.1.200.56 netmask 255.255.255.255 tcp 200 0
static (dmz,inside) 10.3.0.0 10.3.0.0 netmask 255.255.255.0
static (inside,dmz) 10.0.0.0 10.0.0.0 netmask 255.0.0.0
static (dmz,outside) x.x.x.x 10.3.0.6 netmask 255.255.255.255
static (dmz,outside) x.x.x.x 10.3.0.7 netmask 255.255.255.255
static (dmz,outside) x.x.x.x 10.3.0.10 netmask 255.255.255.255 dns
static (dmz,outside) x.x.x.x 10.3.0.11 netmask 255.255.255.255 dns
static (dmz,outside) x.x.x.x 10.3.0.8 netmask 255.255.255.255 dns
static (dmz,outside) x.x.x.x 10.3.0.19 netmask 255.255.255.255 dns
static (dmz,outside) x.x.x.x 10.3.0.20 netmask 255.255.255.255 dns
static (dmz,outside) x.x.x.x 10.3.0.17 netmask 255.255.255.255 dns
static (dmz,outside) x.x.x.x 10.3.0.30 netmask 255.255.255.255 dns
static (inside,outside) x.x.x.x 10.90.3.5 netmask 255.255.255.255 dns
static (inside,outside) x.x.x.x 10.1.200.84 netmask 255.255.255.255
static (dmz,outside) x.x.x.x 10.3.0.21 netmask 255.255.255.255 dns
static (dmz,outside) x.x.x.x 10.3.0.22 netmask 255.255.255.255 dns
static (dmz,outside) x.x.x.x 10.3.0.26 netmask 255.255.255.255 dns
static (dmz,outside) x.x.x.x 10.3.0.13 netmask 255.255.255.255 dns
static (dmz,outside) x.x.x.x 10.3.0.27 netmask 255.255.255.255 dns
static (dmz,outside) x.x.x.x 10.3.0.25 netmask 255.255.255.255 dns
access-group outside in interface outside
access-group insideTOoutside in interface inside
access-group dmzTOinside in interface dmz
route outside 0.0.0.0 0.0.0.0 207.136.182.1 1
route inside 10.0.0.0 255.0.0.0 10.0.0.1 1
route inside 10.10.17.0 255.255.255.0 10.0.0.1 1
route inside 10.10.20.0 255.255.255.0 10.0.0.1 1
route inside 10.10.21.0 255.255.255.0 10.0.0.1 1
route inside 10.10.22.0 255.255.255.0 10.0.0.1 1
route inside 10.10.23.0 255.255.255.0 10.0.0.1 1
route inside 10.10.24.0 255.255.255.0 10.0.0.1 1
route inside 10.10.25.0 255.255.255.0 10.0.0.1 1
route inside 147.179.0.192 255.255.255.192 10.0.0.1 1
route inside 169.254.1.0 255.255.255.0 10.1.200.34 1
route inside 172.16.0.0 255.255.0.0 10.0.0.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server TACACS+ protocol tacacs+
aaa-server remoteaccess protocol radius
 max-failed-attempts 5
aaa-server remoteaccess (inside) host 10.1.200.117
 key 1sh0t1kill
url-server (inside) vendor websense host 10.1.200.110 timeout 30 protocol TCP version 4 connections 5
url-cache dst 128
filter url except 10.1.201.47 255.255.255.255 0.0.0.0 0.0.0.0
filter url except 10.1.16.94 255.255.255.255 0.0.0.0 0.0.0.0
filter url except 10.1.200.174 255.255.255.255 0.0.0.0 0.0.0.0
filter url except 10.1.200.80 255.255.255.255 0.0.0.0 0.0.0.0
filter url except 10.1.201.53 255.255.255.255 0.0.0.0 0.0.0.0
filter url except 10.1.200.116 255.255.255.255 0.0.0.0 0.0.0.0
filter url except 10.1.200.102 255.255.255.255 0.0.0.0 0.0.0.0
filter url except 10.1.200.101 255.255.255.255 0.0.0.0 0.0.0.0
filter url except 10.1.200.113 255.255.255.255 0.0.0.0 0.0.0.0
filter url except 10.1.200.72 255.255.255.255 0.0.0.0 0.0.0.0
filter url except 10.1.200.110 255.255.255.255 0.0.0.0 0.0.0.0
filter url except 10.1.200.10 255.255.255.255 0.0.0.0 0.0.0.0
filter url except 10.1.3.3 255.255.255.255 0.0.0.0 0.0.0.0
filter url except 10.1.12.0 255.255.255.0 0.0.0.0 0.0.0.0
filter url except 10.2.0.0 255.255.255.0 0.0.0.0 0.0.0.0
filter url except 10.3.0.0 255.255.255.0 0.0.0.0 0.0.0.0
filter url except 10.10.22.0 255.255.255.0 0.0.0.0 0.0.0.0
filter url except 10.10.16.0 255.255.255.0 0.0.0.0 0.0.0.0
filter url except 10.10.20.0 255.255.255.0 0.0.0.0 0.0.0.0
filter url except 10.75.54.0 255.255.255.0 0.0.0.0 0.0.0.0
filter url except 10.10.17.0 255.255.255.0 0.0.0.0 0.0.0.0
filter url except 10.1.4.24 255.255.255.255 0.0.0.0 0.0.0.0
filter url except 10.79.1.4 255.255.255.255 0.0.0.0 0.0.0.0
filter url except 10.1.4.47 255.255.255.255 0.0.0.0 0.0.0.0
filter url except 10.1.4.21 255.255.255.255 0.0.0.0 0.0.0.0
filter url except 10.10.21.0 255.255.255.0 0.0.0.0 0.0.0.0
filter url http 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow longurl-truncate
filter url 443 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow
http server enable
http 10.1.200.10 255.255.255.255 inside
http 10.1.200.32 255.255.255.255 inside
http 10.1.3.0 255.255.255.0 inside
http 10.1.200.26 255.255.255.255 inside
http 10.1.16.40 255.255.255.255 inside
http 10.3.2.0 255.255.255.0 inside
snmp-server host inside 10.1.200.10 community dtxc!admn
snmp-server host inside 10.1.3.3 community dtxc!admn
no snmp-server location
no snmp-server contact
snmp-server community technology
snmp-server enable traps snmp authentication linkup linkdown coldstart
service resetoutside
crypto ipsec transform-set COT-set esp-des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ASAset esp-3des esp-md5-hmac
crypto ipsec transform-set vpn-3des esp-3des esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map remote-access 20 set transform-set vpn-3des
crypto dynamic-map remote-access 20 set security-association lifetime seconds 28800
crypto dynamic-map remote-access 20 set security-association lifetime kilobytes 4608000
crypto dynamic-map remote-access 20 set reverse-route
crypto dynamic-map ASAtest 5 set transform-set ASAset
crypto dynamic-map ASAtest 5 set security-association lifetime seconds 28800
crypto dynamic-map ASAtest 5 set security-association lifetime kilobytes 4608000
crypto dynamic-map ASAtest 5 set reverse-route
crypto dynamic-map IT-Support 25 set transform-set vpn-3des
crypto dynamic-map IT-Support 25 set security-association lifetime seconds 28800
crypto dynamic-map IT-Support 25 set security-association lifetime kilobytes 4608000
crypto dynamic-map IT-Support 25 set reverse-route
crypto map SAPmap 1 match address outside_1_cryptomap
crypto map SAPmap 1 set peer x.x.x.x
crypto map SAPmap 1 set transform-set vpn-3des
crypto map SAPmap 1 set security-association lifetime seconds 28800
crypto map SAPmap 1 set security-association lifetime kilobytes 4608000
crypto map SAPmap 13 set peer x.x.x.x
crypto map SAPmap 13 set transform-set COT-set
crypto map SAPmap 13 set security-association lifetime seconds 28800
crypto map SAPmap 13 set security-association lifetime kilobytes 4608000
crypto map SAPmap 14 match address COT_Corp
crypto map SAPmap 14 set peer x.x.x.x
crypto map SAPmap 14 set transform-set COT-set
crypto map SAPmap 14 set security-association lifetime seconds 28800
crypto map SAPmap 14 set security-association lifetime kilobytes 4608000
crypto map SAPmap 16 match address 100
crypto map SAPmap 16 set peer x.x.x.x
crypto map SAPmap 16 set transform-set vpn-3des
crypto map SAPmap 16 set security-association lifetime seconds 28800
crypto map SAPmap 16 set security-association lifetime kilobytes 4608000
crypto map SAPmap 20 ipsec-isakmp dynamic remote-access
crypto map SAPmap 25 ipsec-isakmp dynamic IT-Support
crypto map SAPmap interface outside
crypto ca trustpoint ASDM_TrustPoint0
 enrollment self
 subject-name CN=vpn.davey.com
 keypair sslvpnkeypair
 crl configure
crypto ca trustpoint ASDM_TrustPoint1
 enrollment terminal
 fqdn vpn.davey.com
 subject-name CN=vpn.davey.com,OU=Davey Tree,O=Davey Tree Expert Company,C=US,St=Ohio,L=Kent
 keypair DaveySSL
 crl configure
crypto ca trustpoint ASDM_TrustPoint2
 enrollment terminal
 crl configure
crypto ca trustpoint ASDM_TrustPoint3
 enrollment terminal
 crl configure
crypto ca certificate chain ASDM_TrustPoint0
 certificate 8b28414a
    308201fd 30820166 a0030201 0202048b 28414a30 0d06092a 864886f7 0d010104
    05003043 31163014 06035504 03130d76 706e2e64 61766579 2e636f6d 31293027
    06092a86 4886f70d 01090216 1a636973 636f6173 612e6164 2e646176 65792d74
    7265652e 636f6d30 1e170d30 39303632 33313931 3030335a 170d3139 30363231
    31393130 30335a30 43311630 14060355 0403130d 76706e2e 64617665 792e636f
    6d312930 2706092a 864886f7 0d010902 161a6369 73636f61 73612e61 642e6461
    7665792d 74726565 2e636f6d 30819f30 0d06092a 864886f7 0d010101 05000381
    8d003081 89028181 00aaf776 85890bfe b8cfc5b8 eddab2bc a4477e5e 328380de
    8d73a62a b3d1f310 c0a1643a 6536d309 06273084 d02a4919 f5f677a0 3b6de431
    4eb4f49f e9d086bb 6bb37f00 abebbb90 c243254d df34cb2c 3c4d3ba7 124b5cc1
    bff8ea14 4111d2af 4aa75092 351b1b39 e0d4b6fc 5098baf5 d513de5f 274f717f
    b2025eac 47d9801e 7b020301 0001300d 06092a86 4886f70d 01010405 00038181
    002e830c b2352dbc 3f438c3d 4ca899bd a3e9b6bd 33940b19 add02989 4ff04899
    16afee4a 574135c6 eca647d0 519d9f02 251d9730 f86be716 c0958199 b569d0f5
    afbaa92c a63d49fa a90f115a c37079d8 0ea0929e 884be853 94d55d4c b6883c01
    9cb0559e 310197c9 d2d34f1f 9303e94a 99d4d8d9 769281e0 14327f38 1cf52e11 b5
  quit
crypto ca certificate chain ASDM_TrustPoint1
 certificate ca 6e4ffab3c5e669c4d167c992abe858c4
    3082062c 30820595 a0030201 0202106e 4ffab3c5 e669c4d1 67c992ab e858c430
    0d06092a 864886f7 0d010105 05003081 c1310b30 09060355 04061302 55533117
    30150603 55040a13 0e566572 69536967 6e2c2049 6e632e31 3c303a06 0355040b
    1333436c 61737320 33205075 626c6963 20507269 6d617279 20436572 74696669
    63617469 6f6e2041 7574686f 72697479 202d2047 32313a30 38060355 040b1331
    28632920 31393938 20566572 69536967 6e2c2049 6e632e20 2d20466f 72206175
    74686f72 697a6564 20757365 206f6e6c 79311f30 1d060355 040b1316 56657269
    5369676e 20547275 7374204e 6574776f 726b301e 170d3039 30333235 30303030
    30305a17 0d313930 33323432 33353935 395a3081 b5310b30 09060355 04061302
    55533117 30150603 55040a13 0e566572 69536967 6e2c2049 6e632e31 1f301d06
    0355040b 13165665 72695369 676e2054 72757374 204e6574 776f726b 313b3039
    06035504 0b133254 65726d73 206f6620 75736520 61742068 74747073 3a2f2f77
    77772e76 65726973 69676e2e 636f6d2f 72706120 28632930 39312f30 2d060355
    04031326 56657269 5369676e 20436c61 73732033 20536563 75726520 53657276
    65722043 41202d20 47323082 0122300d 06092a86 4886f70d 01010105 00038201
    0f003082 010a0282 010100d4 568f573b 3728a640 63d295d5 0574dab5 196a96d6
    71572fe2 c0348ca0 95b38ce1 3724f32e ed434505 8e89d7fa da4ab5f8 3e8d4ec7
    f9495045 37409f74 aaa05155 61f16084 89a59e80 8d2fb021 aa4582c4 cfb4147f
    47152028 82b06812 c0ae5c07 d7f659cc cb62565c 4d49ff26 88ab5451 3a2f4ada
    0e98e289 72b9fcf7 683cc41f 397acb17 81f30cad 0fdc6162 1b100b04 1e291871
    5e62cb43 debe31ba 7102194e 26a951da 8c646903 de9cfd7d fd7b61bc fc847c88
    5cb4c37b ed5f2b46 12f1fd00 019a8b5b e9a3052e 8f2e5bde f31b78f8 669108c0
    5eced5b0 36cad4a8 7ba07df9 307abff8 dd19512b 20bafea7 cfa14eb0 67f580aa
    2b832ed2 8e54898e 1e290b02 03010001 a38202a9 308202a5 30340608 2b060105
    05070101 04283026 30240608 2b060105 05073001 86186874 74703a2f 2f6f6373
    702e7665 72697369 676e2e63 6f6d3012 0603551d 130101ff 04083006 0101ff02
    01003070 0603551d 20046930 67306506 0b608648 0186f845 01071703 30563028
    06082b06 01050507 0201161c 68747470 733a2f2f 7777772e 76657269 7369676e
    2e636f6d 2f637073 302a0608 2b060105 05070202 301e1a1c 68747470 733a2f2f
    7777772e 76657269 7369676e 2e636f6d 2f727061 30340603 551d1f04 2d302b30
    29a027a0 25862368 7474703a 2f2f6372 6c2e7665 72697369 676e2e63 6f6d2f70
    6361332d 67322e63 726c300e 0603551d 0f0101ff 04040302 0106306d 06082b06
    01050507 010c0461 305fa15d a05b3059 30573055 1609696d 6167652f 67696630
    21301f30 0706052b 0e03021a 04148fe5 d31a86ac 8d8e6bc3 cf806ad4 48182c7b
    192e3025 16236874 74703a2f 2f6c6f67 6f2e7665 72697369 676e2e63 6f6d2f76
    736c6f67 6f2e6769 66302906 03551d11 04223020 a41e301c 311a3018 06035504
    03131143 6c617373 33434132 3034382d 312d3532 301d0603 551d0e04 160414a5
    ef0b11ce c04103a3 4a659048 b21ce057 2d7d4730 81e70603 551d2304 81df3081
    dca181c7 a481c430 81c1310b 30090603 55040613 02555331 17301506 0355040a
    130e5665 72695369 676e2c20 496e632e 313c303a 06035504 0b133343 6c617373
    20332050 75626c69 63205072 696d6172 79204365 72746966 69636174 696f6e20
    41757468 6f726974 79202d20 4732313a 30380603 55040b13 31286329 20313939
    38205665 72695369 676e2c20 496e632e 202d2046 6f722061 7574686f 72697a65
    64207573 65206f6e 6c79311f 301d0603 55040b13 16566572 69536967 6e205472
    75737420 4e657477 6f726b82 107dd9fe 07cfa81e b7107967 fba78934 c6300d06
    092a8648 86f70d01 01050500 03818100 63742f3d 53aa2f97 ec261166 1afef1de
    412719d2 7fd8c11c f9e23856 3a1f90ae 39c52075 abf86c2d 671f29c2 21d71488
    634bb09b 276391f8 f0a30124 b6fb8fe3 3d020b6f 54fed4cc dbd685bf 7c951e5e
    6211c1d9 099c42b9 b2d4aa2d 983a2360 cca29af1 6ee8cf8e d11a3c5e 19c5d79b
    35b00223 24e505b8 d588e3e0 fab9f45f
  quit
 certificate 77a931fad71012fddf0fca79442d851e
    308205c5 308204ad a0030201 02021077 a931fad7 1012fddf 0fca7944 2d851e30
    0d06092a 864886f7 0d010105 05003081 b5310b30 09060355 04061302 55533117
    30150603 55040a13 0e566572 69536967 6e2c2049 6e632e31 1f301d06 0355040b
    13165665 72695369 676e2054 72757374 204e6574 776f726b 313b3039 06035504
    0b133254 65726d73 206f6620 75736520 61742068 74747073 3a2f2f77 77772e76
    65726973 69676e2e 636f6d2f 72706120 28632930 39312f30 2d060355 04031326
    56657269 5369676e 20436c61 73732033 20536563 75726520 53657276 65722043
    41202d20 4732301e 170d3039 31323032 30303030 30305a17 0d313231 32303132
    33353935 395a3081 b1310b30 09060355 04061302 5553310d 300b0603 55040813
    044f6869 6f310d30 0b060355 04071404 4b656e74 31223020 06035504 0a141944
    61766579 20547265 65204578 70657274 20436f6d 70616e79 31133011 06035504
    0b140a44 61766579 20547265 65313330 31060355 040b142a 5465726d 73206f66
    20757365 20617420 7777772e 76657269 7369676e 2e636f6d 2f727061 20286329
    30353116 30140603 55040314 0d76706e 2e646176 65792e63 6f6d3082 0122300d
    06092a86 4886f70d 01010105 00038201 0f003082 010a0282 010100a6 4ba664ea
    68523b5d b97847ef 3e1ce1d1 c848b8d1 6d3591a6 41d4deed 2a60eab9 5b65c94a
    0acc565f 270b949a 83635013 dab4c0bc f5e7a900 493c9cfb a8ced1a7 45ed1f15
    84c6234e f0fb6de6 fbf5dd79 33e795ff c4d11d24 38f75a88 aa90519d 317d4256
    ad8fe2ff 993baa81 1c4cd64c d7776e71 6810528e 13b58e49 fe364e29 07a0fd41
    7e7e487d adf26091 f20fd165 dc851512 033eacbd 69d11627 d33e059c 12579015
    b715aa8d 2c8b8827 a6cbdd9f 5e666b23 2c15b71c e099a4a7 e5adba64 15b095b7
    8caaa313 ad779285 19df7d46 9f28a27d f2fa73f7 7775f849 e8b1fe3e 96a2aa30
    fe26d467 a94a2b25 33233681 8d34561d 827e4274 35feefca f00c8f02 03010001
    a38201d1 308201cd 30090603 551d1304 02300030 0b060355 1d0f0404 030205a0
    30450603 551d1f04 3e303c30 3aa038a0 36863468 7474703a 2f2f5356 52536563
    7572652d 47322d63 726c2e76 65726973 69676e2e 636f6d2f 53565253 65637572
    6547322e 63726c30 44060355 1d20043d 303b3039 060b6086 480186f8 45010717
    03302a30 2806082b 06010505 07020116 1c687474 70733a2f 2f777777 2e766572
    69736967 6e2e636f 6d2f7270 61301d06 03551d25 04163014 06082b06 01050507
    03010608 2b060105 05070302 301f0603 551d2304 18301680 14a5ef0b 11cec041
    03a34a65 9048b21c e0572d7d 47307606 082b0601 05050701 01046a30 68302406
    082b0601 05050730 01861868 7474703a 2f2f6f63 73702e76 65726973 69676e2e
    636f6d30 4006082b 06010505 07300286 34687474 703a2f2f 53565253 65637572
    652d4732 2d616961 2e766572 69736967 6e2e636f 6d2f5356 52536563 75726547
    322e6365 72306e06 082b0601 05050701 0c046230 60a15ea0 5c305a30 58305616
    09696d61 67652f67 69663021 301f3007 06052b0e 03021a04 144b6bb9 2896060c
    bbd05238 9b29ac4b 078b2105 18302616 24687474 703a2f2f 6c6f676f 2e766572
    69736967 6e2e636f 6d2f7673 6c6f676f 312e6769 66300d06 092a8648 86f70d01
    01050500 03820101 0077c5c5 92f3eba1 8ef92f03 ef9d605a fcf35777 4a1911b6
    79a50fd0 4a223259 c3e30747 9c05f8a0 b51113b3 97ac8b51 94b4580c 7e8a25f5
    164929a1 48291bd4 3c6dff50 567bb058 1606c7ae c9df1020 cd68dd0b a972b49d
    ea2bb751 83e3217d 42b8a418 508e93e7 a755b1e0 21dd4b24 37e8a205 95912eba
    66163f6c 27afb36a 56c3544c c541976e 94c65c47 34759bee 76116bed d233a572
    09accea6 e913a966 38a15740 151f56e8 1419e0b9 59ec7635 abadc7a1 3d905f79
    77567b8c ad253451 0ec01d94 669da054 7331dddf 5f75b5d4 2f43426c d5aad8e1
    26036035 22703cd5 f72b14e8 197a77f1 4f806c92 e3f872f7 17d02bf3 c6e373b5
    103bb15b eeb14b31 19
  quit
crypto ca certificate chain ASDM_TrustPoint2
 certificate ca 7dd9fe07cfa81eb7107967fba78934c6
    30820302 3082026b 02107dd9 fe07cfa8 1eb71079 67fba789 34c6300d 06092a86
    4886f70d 01010505 003081c1 310b3009 06035504 06130255 53311730 15060355
    040a130e 56657269 5369676e 2c20496e 632e313c 303a0603 55040b13 33436c61
    73732033 20507562 6c696320 5072696d 61727920 43657274 69666963 6174696f
    6e204175 74686f72 69747920 2d204732 313a3038 06035504 0b133128 63292031
    39393820 56657269 5369676e 2c20496e 632e202d 20466f72 20617574 686f7269
    7a656420 75736520 6f6e6c79 311f301d 06035504 0b131656 65726953 69676e20
    54727573 74204e65 74776f72 6b301e17 0d393830 35313830 30303030 305a170d
    32383038 30313233 35393539 5a3081c1 310b3009 06035504 06130255 53311730
    15060355 040a130e 56657269 5369676e 2c20496e 632e313c 303a0603 55040b13
    33436c61 73732033 20507562 6c696320 5072696d 61727920 43657274 69666963
    6174696f 6e204175 74686f72 69747920 2d204732 313a3038 06035504 0b133128
    63292031 39393820 56657269 5369676e 2c20496e 632e202d 20466f72 20617574
    686f7269 7a656420 75736520 6f6e6c79 311f301d 06035504 0b131656 65726953
    69676e20 54727573 74204e65 74776f72 6b30819f 300d0609 2a864886 f70d0101
    01050003 818d0030 81890281 8100cc5e d1115d5c 69d0abd3 b96a4c99 1f599830
    8e168520 466d473f d4852084 e16db3f8 a4ed0cf1 170f3bf9 a7f925d7 c1cf8463
    f27c63cf a247f2c6 5b338e64 400468c1 80b9641c 4577c7d8 6ef59529 3c50e834
    d7781fa8 ba6d4391 958f4557 5e7ec5fb caa404eb ea973754 306fbb01 473233cd
    dc579b64 6961f89b 1d1c894f 5c670203 01000130 0d06092a 864886f7 0d010105
    05000381 8100514d cdbe5ccb 98199c15 b2013978 2e4d0f67 707099c6 105a94a4
    534d546d 2baf0d5d 408b64d3 d7eede56 61925fa6 c41d1061 36d32c27 3ce82909
    b9116474 ccb5739f 1c48a9bc 6101eee2 17a60ce3 40083b0e e7eb4473 2a9af169
    92ef7114 c339ac71 a791096f e47106b3 ba595726 7900f6f8 0da23330 28d4aa58
    a09d9d69 91fd
  quit
crypto ca certificate chain ASDM_TrustPoint3
 certificate ca 31e8af0821a2de9146d1c5e3579632a7
    30820381 30820269 a0030201 02021031 e8af0821 a2de9146 d1c5e357 9632a730
    0d06092a 864886f7 0d010105 05003053 310b3009 06035504 06130255 53312230
    20060355 040a1319 44617665 79205472 65652045 78706572 7420436f 6d70616e
    79312030 1e060355 04031317 44617665 7920436f 72706f72 61746520 526f6f74
    20434130 1e170d31 30303130 37313935 3032325a 170d3230 30313037 32303030
    32315a30 53310b30 09060355 04061302 55533122 30200603 55040a13 19446176
    65792054 72656520 45787065 72742043 6f6d7061 6e793120 301e0603 55040313
    17446176 65792043 6f72706f 72617465 20526f6f 74204341 30820122 300d0609
    2a864886 f70d0101 01050003 82010f00 3082010a 02820101 00b49f03 f505a875
    ffa86e15 5d187831 6a6cdef2 c8c6994e 04d5a16d 8c319ce4 8840d895 d34ac394
    720697f2 b001619d 1f801d62 119d3bbc ed268e57 de71b446 62e2132b cfd9df54
    ac5a7c2f 9c33e998 51490698 eb496fb6 8eb59119 6a73b013 7579f558 66b6c61b
    880662d1 5e60803a d8c054ce 4918d468 9016ad92 80ba327f 776907fe c2b02e0a
    028c1548 672ed8e0 aae468f8 6d504075 b4e1b4c3 eec75ec8 d83a267e c661d6a4
    2056785c 3c1efb20 f02a177d 5d4e94b8 3cf530ce 141564d6 8cd2c2cc bbfc8d2a
    ad10c987 a7548cc9 4640cabf 1eb2b2f3 aa97daa3 ebc46dcb 20d627e8 ba421a8c
    f0e958ed 983905bf 4eb3a275 3a0a93cc d364602e 82b3b66c 59020301 0001a351
    304f300b 0603551d 0f040403 02018630 0f060355 1d130101 ff040530 030101ff
    301d0603 551d0e04 1604146e de91a037 3c39cb1c e2d3cb14 c1ba73a5 261baf30
    1006092b 06010401 82371501 04030201 00300d06 092a8648 86f70d01 01050500
    03820101 00a349d0 d9462e5f 4ea1717d 9b56c50b 992e2a40 6167ee73 fd4c8b62
    358ea14e 10920b25 56c8ba08 0a02410d bf7f3c3f c56ef660 f130f25d b0b6f733
    0c59d990 f10cd046 808e7541 6f469e71 c77701fd e23b4262 9521a573 a579c231
    4a75dc58 f9052223 5b3203fc 01a9a879 f08b9244 ab8faacd c1b0232b c3b6584d
    dfe28d25 d1101874 f63d098b 7df0b97b 3a04a6d3 a033581c 0bf93523 e9d7eddb
    828e9bc1 79dbe8c1 d21232c8 7138bd53 7f65dc8f acead442 45ff0def 2a985333
    6ca3dc1d 8ff23e54 7657556e e88a89bb 8a0f5d66 a075e459 f58b3684 79175f2a
    c4a082dd 16873c84 4d2f76a2 026e397d c797b28d 68c559c7 0a722e58 42eebf21
    811d332f e5
  quit
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 1
 authentication pre-share
 encryption des
 hash md5
 group 1
 lifetime 86400
crypto isakmp policy 10
 authentication pre-share
 encryption 3des
 hash md5
 group 2
 lifetime 86400
crypto isakmp policy 65535
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
telnet timeout 5
ssh 10.1.200.10 255.255.255.255 inside
ssh 10.1.3.0 255.255.255.0 inside
ssh 10.1.200.32 255.255.255.255 inside
ssh timeout 10
console timeout 10
management-access inside
threat-detection basic-threat
no threat-detection statistics access-list
no threat-detection statistics tcp-intercept
url-block url-mempool 1500
url-block url-size 4
dynamic-filter updater-client enable
dynamic-filter use-database
dynamic-filter enable interface outside classify-list dynamic-filter_acl
dynamic-filter drop blacklist interface outside
ntp server 10.1.200.1 source inside prefer
ssl trust-point ASDM_TrustPoint1 outside
webvpn
 enable outside
 anyconnect-essentials
 svc image disk0:/anyconnect-win-2.3.0254-k9.pkg 1
 svc enable
 tunnel-group-list enable
group-policy SSLClientPolicy internal
group-policy SSLClientPolicy attributes
 wins-server value 10.1.200.17
 dns-server value 10.1.200.108 10.1.200.16
 vpn-tunnel-protocol svc webvpn
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value split-tunnel
 default-domain value ad.davey-tree.com
 address-pools value Remote-Access
 webvpn
  url-list value URLs
  svc ask enable default webvpn
  url-entry enable
group-policy DTVPN internal
group-policy DTVPN attributes
 wins-server value 10.1.200.17 10.1.200.16
 dns-server value 10.1.200.16 10.1.200.108
 vpn-idle-timeout 120
 vpn-tunnel-protocol IPSec
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value split-tunnel
group-policy split-tunnel internal
group-policy split-tunnel attributes
 vpn-idle-timeout 30
group-policy iPass-AfterHours internal
group-policy iPass-AfterHours attributes
 wins-server value 10.1.200.17 10.1.200.16
 dns-server value 10.1.200.16 10.1.200.108
 vpn-idle-timeout 120
 vpn-tunnel-protocol IPSec
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value split-tunnel
 default-domain value ad.davey-tree.com
group-policy ITVPN internal
group-policy ITVPN attributes
 wins-server value 10.1.200.17
 dns-server value 10.1.200.108 10.1.200.16
 vpn-tunnel-protocol IPSec
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value ITVPN
 default-domain value ad.davey-tree.com
username dtadmin password 1FIvQloFPMckzNHd encrypted
username desktop password JvBCKxF9Ot4KzGdf encrypted
tunnel-group DefaultL2LGroup ipsec-attributes
 pre-shared-key cisco123
tunnel-group DefaultRAGroup ipsec-attributes
 pre-shared-key 1sh0t1kill
tunnel-group idle-time type remote-access
tunnel-group x.x.x.x type ipsec-l2l
tunnel-group x.x.x.x ipsec-attributes
 pre-shared-key pdRg7iw3ATuh4db6pr132wT8Y957
tunnel-group DTVPN type remote-access
tunnel-group DTVPN general-attributes
 address-pool Remote-Access
 authentication-server-group remoteaccess
 default-group-policy DTVPN
 password-management password-expire-in-days 0
tunnel-group DTVPN ipsec-attributes
 pre-shared-key Iceman4
tunnel-group DTVPN ppp-attributes
 no authentication chap
 authentication ms-chap-v2
tunnel-group iPass-AfterHours type remote-access
tunnel-group iPass-AfterHours general-attributes
 address-pool Remote-Access
 authentication-server-group remoteaccess
 default-group-policy iPass-AfterHours
 password-management password-expire-in-days 0
tunnel-group iPass-AfterHours ipsec-attributes
 pre-shared-key s!nc31913
tunnel-group iPass-AfterHours ppp-attributes
 no authentication chap
 authentication ms-chap-v2
tunnel-group Consultant type remote-access
tunnel-group Consultant general-attributes
 address-pool Remote-Access
 default-group-policy iPass-AfterHours
 password-management password-expire-in-days 0
tunnel-group Consultant ipsec-attributes
 pre-shared-key Iceman5
tunnel-group Consultant ppp-attributes
 no authentication chap
 authentication ms-chap-v2
tunnel-group x.x.x.x type ipsec-l2l
tunnel-group x.x.x.x ipsec-attributes
 pre-shared-key p@ssw0rd123
 isakmp keepalive threshold 15 retry 2
tunnel-group x.x.x.x type ipsec-l2l
tunnel-group x.x.x.x ipsec-attributes
 pre-shared-key p@ssw0rd123
tunnel-group x.x.x.x type ipsec-l2l
tunnel-group x.x.x.x ipsec-attributes
 pre-shared-key p@ssw0rd123
 isakmp keepalive threshold 15 retry 2
tunnel-group ITVPN type remote-access
tunnel-group ITVPN general-attributes
 address-pool IT-Support
 authentication-server-group remoteaccess
 default-group-policy ITVPN
 password-management password-expire-in-days 0
tunnel-group ITVPN ipsec-attributes
 pre-shared-key 308hpbt
tunnel-group ITVPN ppp-attributes
 no authentication chap
 authentication ms-chap-v2
tunnel-group x.x.x.x type ipsec-l2l
tunnel-group x.x.x.x ipsec-attributes
 pre-shared-key p@ssw0rd123
 isakmp keepalive threshold 15 retry 2
tunnel-group x.x.x.x type ipsec-l2l
tunnel-group x.x.x.x ipsec-attributes
 pre-shared-key p@ssw0rd123
 isakmp keepalive threshold 15 retry 2
tunnel-group x.x.x.x type ipsec-l2l
tunnel-group x.x.x.x ipsec-attributes
 pre-shared-key cisco
tunnel-group SSLClientProfile type remote-access
tunnel-group SSLClientProfile general-attributes
 authentication-server-group remoteaccess
 default-group-policy SSLClientPolicy
 password-management password-expire-in-days 0
tunnel-group SSLClientProfile webvpn-attributes
 group-alias SSLVPNClient enable
tunnel-group SSLClientProfile ppp-attributes
 no authentication chap
 authentication ms-chap-v2
!
class-map netflow-export-class
 match access-list netflow-export
class-map dynamic-filter_snoop_class
 match port udp eq domain
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns migrated_dns_map_1
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns migrated_dns_map_1
  inspect ftp
  inspect rsh
  inspect rtsp
  inspect skinny  
  inspect sunrpc
  inspect xdmcp
  inspect sip  
  inspect netbios
  inspect tftp
  inspect icmp
 class netflow-export-class
  flow-export event-type all destination 10.1.200.10 10.1.200.174
 class class-default
  flow-export event-type all destination 10.1.200.10 10.1.200.174
policy-map netflow-export-policy
 class netflow-export-class
  flow-export event-type all destination 10.1.200.10 10.1.200.174
policy-map dynamic-filter_snoop_policy
 class dynamic-filter_snoop_class
  inspect dns dynamic-filter-snoop
!
service-policy global_policy global
service-policy dynamic-filter_snoop_policy interface outside
prompt hostname context
Cryptochecksum:580d7d46e6754f01b6199f5e8aecb68f

0
 
LVL 2

Accepted Solution

by:
j_coreil earned 250 total points
ID: 33466927
We have this issue when the remote network has the same subnet as the network they are connecting to using the VPN client. When they "allow local network traffic" it is basically allowing network access to the same IP range both locally and remotely.

At least that's the only way I've been able to explain it.
0
 
LVL 5

Assisted Solution

by:belowzerotech
belowzerotech earned 250 total points
ID: 33467093
I agree, we've had that problem here too. That's why I changed my internal subnet to 192.168.254.x most users have either a 10. 192.168.0.x or 192.168.1.x subnet and when trying to access systems on that subnet it will cause hiccups.
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
jump server vs push server 6 83
Cisco ASA -- weird connection issue 6 47
Route Summarization 2 32
Cisco iWAN 8 45
This article will cover setting up redundant ISPs for outbound connectivity on an ASA 5510 (although the same should work on the 5520s and up as well).  It’s important to note that this covers outbound connectivity only.  The ASA does not have built…
I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now