Solved

Cannot connect to webserver externally

Posted on 2013-01-14
10
633 Views
Last Modified: 2013-01-15
I have a web server (it's an internal building automation system) at IP 192.168.0.31 that I can connect to internally at IP/login.html

I create the NAT on our ASA with 192.168.0.31 to an external IP, added the WAN access rule for HTTP/HTTPS for the external IP/internal IP to all any source and ASDM is showing the hits of me trying to access it.

However, the page isn't loading with http://externalIP/login.html - what am I doing wrong? Why cannot I not access the internal web server with the external IP? What am I missing? I was copying the rule for our internal mail server but to no avail.
0
Comment
Question by:pstiffsae
  • 5
  • 2
  • 2
  • +1
10 Comments
 
LVL 9

Expert Comment

by:pcchiu
Comment Utility
I assume you try the http://externalIP/login.html when you inside the company?  If so it may not work as you're inside the network and normally you can't access your own outside ip behind the firewall.  

Did you try to test it using your cell phone(make sure it's on 3g/4g and not on wireless) and see if it works?
0
 

Author Comment

by:pstiffsae
Comment Utility
Yes. Was trying On my iPhone. Nothing would connect
0
 
LVL 9

Expert Comment

by:pcchiu
Comment Utility
will you mind post your asa configuration?
0
 
LVL 6

Accepted Solution

by:
airwrck earned 500 total points
Comment Utility
Is the NAT completely 1 for 1 NAT or did you use some port address translation, or try to only get port 80 traffic translated for the external address?  If it's only port 80, then you'll have to make sure 100% that your web application doesn't use some other port in communicating with clients.
0
 
LVL 10

Expert Comment

by:mat1458
Comment Utility
Access-lists maybe? Do you need to allow the IP address in your outside-in access-list?
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:pstiffsae
Comment Utility
You want the print out of the running config?

@mat - can you tell me where I can access Access Lists?
0
 

Author Comment

by:pstiffsae
Comment Utility
@airwick - believe it's a complete 1 to 1 NAT
0
 
LVL 10

Expert Comment

by:mat1458
Comment Utility
Access-lists are part of the config (somehwhere after the interface section) or you find them in the ACL Manager in ASDM. Please send a sanitized printout of the running config, that would make things easier.
0
 

Author Comment

by:pstiffsae
Comment Utility
Result of the command: "show running-config"

: Saved
:
ASA Version 8.2(1)
!
hostname SAE-ASA1
domain-name sae.net
enable password Zguy3id9JCUVp7gW encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
name 192.168.0.0 SAE-Evanston-LAN
!
interface Ethernet0/0
 nameif WAN
 security-level 0
 ip address 12.200.135.2 255.255.255.248
!
interface Ethernet0/1
 nameif LAN
 security-level 100
 ip address 192.168.0.254 255.255.255.0
!
interface Ethernet0/2
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet0/3
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Management0/0
 shutdown
 nameif management
 security-level 100
 ip address 192.168.1.1 255.255.255.0
 management-only
!
boot system disk0:/asa821-k8.bin
ftp mode passive
clock timezone CST -6
clock summer-time CDT recurring
dns domain-lookup LAN
dns server-group DefaultDNS
 name-server 206.141.192.60
 name-server 206.141.193.55
 domain-name sae.net
same-security-traffic permit intra-interface
object-group service DM_INLINE_TCP_3 tcp
 port-object eq www
 port-object eq https
 port-object eq smtp
object-group service DM_INLINE_TCP_4 tcp
 port-object eq ftp
 port-object eq ftp-data
object-group service HTTP_86 tcp
 port-object eq 86
object-group service Windows_TCP_Traffic tcp
 port-object eq 135
 port-object range 137 netbios-ssn
 port-object eq 445
object-group service Windows_UDP_Traffic udp
 port-object eq 135
 port-object range netbios-ns 139
object-group network DM_INLINE_NETWORK_1
 network-object host 12.200.135.4
 network-object host 192.168.0.10
object-group service DM_INLINE_TCP_1 tcp
 port-object eq ftp
 port-object eq www
 port-object eq pop3
 port-object eq smtp
object-group service IBCS udp
 port-object eq 21068
 port-object eq 48808
object-group network DM_INLINE_NETWORK_2
 network-object host 192.168.0.31
 network-object host 12.200.135.3
object-group network DM_INLINE_NETWORK_3
 network-object host 192.168.0.31
 network-object host 12.200.135.3
object-group protocol TCPUDP
 protocol-object udp
 protocol-object tcp
object-group service DM_INLINE_TCP_2 tcp
 port-object eq www
 port-object eq https
access-list SAE-VPN1_splitTunnelAcl standard permit SAE-Evanston-LAN 255.255.255.0
access-list DefaultRAGroup_splitTunnelAcl standard permit SAE-Evanston-LAN 255.255.255.0
access-list WAN_cryptomap_65535.20 extended permit ip any SAE-Evanston-LAN 255.255.255.0
access-list WAN_cryptomap_65535.20 extended permit icmp any SAE-Evanston-LAN 255.255.255.0
access-list WAN_access_in extended permit tcp any object-group DM_INLINE_NETWORK_2 object-group DM_INLINE_TCP_2
access-list WAN_access_in extended permit udp any object-group DM_INLINE_NETWORK_3 object-group IBCS
access-list WAN_access_in extended permit tcp any object-group DM_INLINE_NETWORK_1 object-group DM_INLINE_TCP_3
access-list WAN_access_in extended permit tcp any any object-group DM_INLINE_TCP_4
access-list WAN_access_in extended permit tcp any any object-group HTTP_86
access-list WAN_access_in extended permit icmp any any
access-list LAN_access_in extended deny tcp any any object-group Windows_TCP_Traffic
access-list LAN_access_in extended deny udp any any object-group Windows_UDP_Traffic
access-list LAN_access_in extended permit ip any any
access-list LAN_access_in extended permit gre any any
access-list LAN_access_in extended permit icmp any any
access-list LAN_cryptomap_65535.1 extended permit ip any SAE-Evanston-LAN 255.255.255.0
access-list LAN_cryptomap_65535.1 extended permit icmp any SAE-Evanston-LAN 255.255.255.0
access-list LAN_nat0_outbound extended permit ip SAE-Evanston-LAN 255.255.255.0 192.168.0.192 255.255.255.192
access-list LAN_nat0_outbound extended permit ip SAE-Evanston-LAN 255.255.255.0 192.168.254.0 255.255.255.0
access-list WAN_mpc extended permit tcp any any object-group DM_INLINE_TCP_1
access-list netflow-export extended permit ip any any inactive
pager lines 24
logging enable
logging console errors
logging buffered errors
logging asdm warnings
no logging message 106015
no logging message 313001
no logging message 313008
no logging message 106023
no logging message 710003
no logging message 106100
no logging message 302015
no logging message 302014
no logging message 302013
no logging message 302018
no logging message 302017
no logging message 302016
no logging message 302021
no logging message 302020
flow-export destination LAN 192.168.0.82 2055
mtu WAN 1500
mtu LAN 1500
mtu management 1500
ip local pool L2TP-Pool 192.168.254.129-192.168.254.139 mask 255.255.255.128
ip local pool VPNPOOL 192.168.0.220-192.168.0.240 mask 255.255.255.0
ip local pool SSLvpn-Pool 192.168.254.151-192.168.254.200 mask 255.255.255.128
ip local pool SAEVPN-Pool 192.168.0.200-192.168.0.219 mask 255.255.255.0
ip verify reverse-path interface WAN
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-621.bin
no asdm history enable
arp timeout 14400
global (WAN) 101 interface
nat (LAN) 0 access-list LAN_nat0_outbound
nat (LAN) 101 0.0.0.0 0.0.0.0
nat (management) 101 0.0.0.0 0.0.0.0
static (LAN,WAN) 12.200.135.4 192.168.0.10 netmask 255.255.255.255
static (LAN,WAN) 12.200.135.3 192.168.0.31 netmask 255.255.255.255
access-group WAN_access_in in interface WAN
access-group LAN_access_in in interface LAN
route WAN 0.0.0.0 0.0.0.0 12.200.135.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
nac-policy DfltGrpPolicy-nac-framework-create nac-framework
 reval-period 36000
 sq-period 300
http server enable
http SAE-Evanston-LAN 255.255.255.0 LAN
http 192.168.1.0 255.255.255.0 management
snmp-server host LAN 192.168.0.82 poll community saepublic version 2c
no snmp-server location
no snmp-server contact
snmp-server community *****
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac
crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map WAN_dyn_map 20 match address WAN_cryptomap_65535.20
crypto dynamic-map WAN_dyn_map 20 set pfs
crypto dynamic-map WAN_dyn_map 20 set transform-set ESP-3DES-SHA
crypto dynamic-map WAN_dyn_map 40 set transform-set TRANS_ESP_3DES_SHA
crypto dynamic-map LAN_dyn_map 1 set pfs
crypto dynamic-map LAN_dyn_map 1 set transform-set ESP-3DES-SHA
crypto map WAN_map 65535 ipsec-isakmp dynamic WAN_dyn_map
crypto map WAN_map interface WAN
crypto map LAN_map 65535 ipsec-isakmp dynamic LAN_dyn_map
crypto map LAN_map interface LAN
crypto ca trustpoint ASDM_TrustPoint1
 enrollment self
 subject-name CN=sslvpn.sae.net
 keypair sslvpnkey
 crl configure
crypto ca trustpoint ASDM_TrustPoint0
 enrollment terminal
 subject-name CN=SAEVPN.sae.net
 keypair SAEVPN
 crl configure
crypto ca trustpoint ASDM_TrustPoint2
 enrollment terminal
 subject-name CN=SAEVPN.sae.net,OU=Domain Control Validate,O=Sigma Alpha Epsilon,C=US,St=IL,L=Evanston
 keypair SAEVPN
 crl configure
crypto ca certificate chain ASDM_TrustPoint1
 certificate 8562aa4a
    308201eb 30820154 a0030201 02020485 62aa4a30 0d06092a 864886f7 0d010104
    0500303a 31173015 06035504 03130e73 736c7670 6e2e7361 652e6e65 74311f30
    1d06092a 864886f7 0d010902 16105341 452d4153 41312e73 61652e6e 6574301e
    170d3039 30393131 31343435 32355a17 0d313930 39303931 34343532 355a303a
    31173015 06035504 03130e73 736c7670 6e2e7361 652e6e65 74311f30 1d06092a
    864886f7 0d010902 16105341 452d4153 41312e73 61652e6e 65743081 9f300d06
    092a8648 86f70d01 01010500 03818d00 30818902 818100c5 28119ce1 5aa6c966
    86d8b211 401cd911 3846e87a ebd08e00 d59a9366 3505c5cb e67a5e1e 7e224435
    e58af65f d41a0215 6b57688c 1f4bdc36 f92906e4 90c60ac4 8b725717 05c45fce
    479a0f82 09449012 6510c443 07b95635 39363047 85e367b7 9fad87dc 899a8b9c
    b83034c0 773e3c17 ba8e0b0d 258c6e59 e4c0dfcd 3ba71b02 03010001 300d0609
    2a864886 f70d0101 04050003 818100a1 50eba14b 0e7d1873 6c54ddd3 23fd106e
    9d985871 11c9ed3f 67d73291 015c662b 5c447986 36bdb93d d674ff3f d756085f
    28643233 069c8a78 2736b945 96d11718 82302ab9 a88f87ec 6bbd6dba 690a65d9
    91754f48 1e1d59fe 88b97492 c665e827 55f66bc8 c05b2bb9 05552cee 78994121
    8682869f 945f1559 7969644b a50b81
  quit
crypto ca certificate chain ASDM_TrustPoint0
 certificate 008715bca6b134
    30820562 3082044a a0030201 02020700 8715bca6 b134300d 06092a86 4886f70d
    01010505 003081ca 310b3009 06035504 06130255 53311030 0e060355 04081307
    4172697a 6f6e6131 13301106 03550407 130a5363 6f747473 64616c65 311a3018
    06035504 0a131147 6f446164 64792e63 6f6d2c20 496e632e 31333031 06035504
    0b132a68 7474703a 2f2f6365 72746966 69636174 65732e67 6f646164 64792e63
    6f6d2f72 65706f73 69746f72 79313030 2e060355 04031327 476f2044 61646479
    20536563 75726520 43657274 69666963 6174696f 6e204175 74686f72 69747931
    11300f06 03550405 13083037 39363932 3837301e 170d3039 30393131 32333137
    30335a17 0d313030 39313132 33313730 335a3055 31173015 06035504 0a130e53
    41455650 4e2e7361 652e6e65 74312130 1f060355 040b1318 446f6d61 696e2043
    6f6e7472 6f6c2056 616c6964 61746564 31173015 06035504 03130e53 41455650
    4e2e7361 652e6e65 74308201 22300d06 092a8648 86f70d01 01010500 0382010f
    00308201 0a028201 0100d870 1a846f7f a5ee8e44 db7271ff 275d4a77 5cfcadd8
    31f63f67 a74b8b78 10b54e29 818f9134 c5d17ec8 405e20ee 6a182316 00316124
    f69ac4f0 9e51fc0e 413a9652 3043ec8c b0c36cc3 2411fc19 31b5e5db 65aff7ab
    e0b29d5b c9789abc 4405a1c6 d859dce7 40d6e9ff 85271cfb cf4da201 9025fddf
    96705dad f3a7ab92 adfe3d15 0e3bd9de 1852c02b d92eafa6 f360a1fa da313440
    e07636e6 e3242b27 5a99a2ee 4cc72552 e516398f 683803fc 22c0b0bd 4127234d
    9b6189bd 183d6064 4eea7ce9 f4175342 57380fb8 9eca23ee b6feeb72 bc942562
    9a4c15c6 277ea8ec aa83f0c6 15398b87 35ddfb89 efea8d3e 5d5ad4fe ca04a395
    73ff391d 8ea7adbe 66370203 010001a3 8201bf30 8201bb30 0f060355 1d130101
    ff040530 03010100 301d0603 551d2504 16301406 082b0601 05050703 0106082b
    06010505 07030230 0e060355 1d0f0101 ff040403 0205a030 32060355 1d1f042b
    30293027 a025a023 86216874 74703a2f 2f63726c 2e676f64 61646479 2e636f6d
    2f676473 312d382e 63726c30 53060355 1d20044c 304a3048 060b6086 480186fd
    6d010717 01303930 3706082b 06010505 07020116 2b687474 703a2f2f 63657274
    69666963 61746573 2e676f64 61646479 2e636f6d 2f726570 6f736974 6f72792f
    30818006 082b0601 05050701 01047430 72302406 082b0601 05050730 01861868
    7474703a 2f2f6f63 73702e67 6f646164 64792e63 6f6d2f30 4a06082b 06010505
    07300286 3e687474 703a2f2f 63657274 69666963 61746573 2e676f64 61646479
    2e636f6d 2f726570 6f736974 6f72792f 67645f69 6e746572 6d656469 6174652e
    63727430 1f060355 1d230418 30168014 fdac6132 936c45d6 e2ee855f 9abae776
    9968cce7 302d0603 551d1104 26302482 0e534145 56504e2e 7361652e 6e657482
    12777777 2e534145 56504e2e 7361652e 6e657430 1d060355 1d0e0416 0414f0d1
    1e603504 76d37e55 d94d08ca 436e2134 2042300d 06092a86 4886f70d 01010505
    00038201 0100c279 abf40480 0e595401 8886da89 3c08468c 5134c90b 6534ac8d
    492226b4 066ed7c9 939ebc87 2f4dd94e 8cfd010c 03dcac57 d20fe0f0 409b0ed7
    6903f482 2894a361 c48d49b5 3140e417 dba605bf c9d5e4eb 1a677126 2a839dba
    aa8daa5f e8479c6d 625ed072 a1fa2485 0eb3a297 fd9b8670 8b8fae06 03a03252
    a01bfc2c c064c7ab 7bf42e89 5034db91 73929836 ba2e53c2 f7496663 4f344881
    1c16997e 76eb3774 90c33068 545298ce e40652bf 43280540 6b16b4ef 076cda6f
    d789af05 d63a22af a46a37c6 66f3c2a4 2a857f33 4a676047 2ef05e61 976b1bd5
    b44c8652 da3c9dd5 75fc39e3 4f1ba1fd 5fac506e 009d73b0 da4439c0 464c8ff9
    b53c791b 3465
  quit
crypto ca certificate chain ASDM_TrustPoint2
 certificate 07b75b629a59f3
    3082055d 30820445 a0030201 02020707 b75b629a 59f3300d 06092a86 4886f70d
    01010505 003081ca 310b3009 06035504 06130255 53311030 0e060355 04081307
    4172697a 6f6e6131 13301106 03550407 130a5363 6f747473 64616c65 311a3018
    06035504 0a131147 6f446164 64792e63 6f6d2c20 496e632e 31333031 06035504
    0b132a68 7474703a 2f2f6365 72746966 69636174 65732e67 6f646164 64792e63
    6f6d2f72 65706f73 69746f72 79313030 2e060355 04031327 476f2044 61646479
    20536563 75726520 43657274 69666963 6174696f 6e204175 74686f72 69747931
    11300f06 03550405 13083037 39363932 3837301e 170d3130 30383133 31383435
    32395a17 0d313530 39313132 33313730 335a3055 31173015 06035504 0a130e53
    41455650 4e2e7361 652e6e65 74312130 1f060355 040b1318 446f6d61 696e2043
    6f6e7472 6f6c2056 616c6964 61746564 31173015 06035504 03130e53 41455650
    4e2e7361 652e6e65 74308201 22300d06 092a8648 86f70d01 01010500 0382010f
    00308201 0a028201 0100d870 1a846f7f a5ee8e44 db7271ff 275d4a77 5cfcadd8
    31f63f67 a74b8b78 10b54e29 818f9134 c5d17ec8 405e20ee 6a182316 00316124
    f69ac4f0 9e51fc0e 413a9652 3043ec8c b0c36cc3 2411fc19 31b5e5db 65aff7ab
    e0b29d5b c9789abc 4405a1c6 d859dce7 40d6e9ff 85271cfb cf4da201 9025fddf
    96705dad f3a7ab92 adfe3d15 0e3bd9de 1852c02b d92eafa6 f360a1fa da313440
    e07636e6 e3242b27 5a99a2ee 4cc72552 e516398f 683803fc 22c0b0bd 4127234d
    9b6189bd 183d6064 4eea7ce9 f4175342 57380fb8 9eca23ee b6feeb72 bc942562
    9a4c15c6 277ea8ec aa83f0c6 15398b87 35ddfb89 efea8d3e 5d5ad4fe ca04a395
    73ff391d 8ea7adbe 66370203 010001a3 8201ba30 8201b630 0f060355 1d130101
    ff040530 03010100 301d0603 551d2504 16301406 082b0601 05050703 0106082b
    06010505 07030230 0e060355 1d0f0101 ff040403 0205a030 33060355 1d1f042c
    302a3028 a026a024 86226874 74703a2f 2f63726c 2e676f64 61646479 2e636f6d
    2f676473 312d3231 2e63726c 304d0603 551d2004 46304430 42060b60 86480186
    fd6d0107 17013033 30310608 2b060105 05070201 16256874 7470733a 2f2f6365
    7274732e 676f6461 6464792e 636f6d2f 7265706f 7369746f 72792f30 81800608
    2b060105 05070101 04743072 30240608 2b060105 05073001 86186874 74703a2f
    2f6f6373 702e676f 64616464 792e636f 6d2f304a 06082b06 01050507 3002863e
    68747470 3a2f2f63 65727469 66696361 7465732e 676f6461 6464792e 636f6d2f
    7265706f 7369746f 72792f67 645f696e 7465726d 65646961 74652e63 7274301f
    0603551d 23041830 168014fd ac613293 6c45d6e2 ee855f9a bae77699 68cce730
    2d060355 1d110426 3024820e 53414556 504e2e73 61652e6e 65748212 7777772e
    53414556 504e2e73 61652e6e 6574301d 0603551d 0e041604 14f0d11e 60350476
    d37e55d9 4d08ca43 6e213420 42300d06 092a8648 86f70d01 01050500 03820101
    004d0a98 bec7b3c6 000bdfe9 ba114629 5eee6850 92dc76d3 446eccab 9ba7b6f4
    ed77762d 1f6f7dce cd94f0c5 ac6224f7 b259d854 6feea0f0 3919505b 7f40f823
    e8f9df49 b03bce26 c2d128a0 05499bcf 3b6d28c1 1bed413b 9bebc8aa 34848048
    78745d7a 2ff2f3ec fdd19ef7 1ca52c7c e877796f 7d741471 b50d8d1f 8ebb908b
    f427592b 596b6eda 675d604e b9d1381a 31929b9a 8f047aff 36850682 f67ade79
    f00426f7 b1cef4d0 81b524e2 9c43d56a d7a9acd9 e2b7b1c5 dab82bfa c2d76460
    00d9a136 73e22fa4 a25818c7 918f3398 47cf35c4 3667d4e0 fde0ef82 24addf86
    95f25880 1df55fc7 ce9693f1 8ccd19b3 c213f5e4 43af7a32 1289ac82 e31c5ecf a8
  quit
crypto isakmp enable WAN
crypto isakmp policy 10
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
no vpn-addr-assign aaa
telnet SAE-Evanston-LAN 255.255.255.0 LAN
telnet timeout 5
ssh timeout 5
console timeout 0
management-access LAN
dhcpd address 192.168.1.2-192.168.1.254 management
!
threat-detection basic-threat
threat-detection scanning-threat
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
ssl trust-point ASDM_TrustPoint2 LAN
ssl trust-point ASDM_TrustPoint2 WAN
webvpn
 enable WAN
 svc image disk0:/anyconnect-win-2.5.3041-k9.pkg 1
 svc image disk0:/anyconnect-macosx-i386-2.5.3055-k9.pkg 2
 svc enable
 tunnel-group-list enable
group-policy SSLclientVPN internal
group-policy SSLclientVPN attributes
 dns-server value 192.168.0.2
 vpn-tunnel-protocol l2tp-ipsec svc
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value SAE-VPN1_splitTunnelAcl
 default-domain value sae.net
group-policy DefaultRAGroup internal
group-policy DefaultRAGroup_1 internal
group-policy DefaultRAGroup_1 attributes
 dns-server value 192.168.0.6
 vpn-tunnel-protocol l2tp-ipsec
 split-tunnel-policy tunnelall
 split-tunnel-network-list none
 default-domain value sae.net
group-policy SAE-VPN1 internal
group-policy SAE-VPN1 attributes
 dns-server value 192.168.0.2
 vpn-tunnel-protocol IPSec svc
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value SAE-VPN1_splitTunnelAcl
 default-domain value sae.net
 split-dns value sae.net
 client-firewall none
group-policy DfltGrpPolicy attributes
 dns-server value 192.168.0.6
 vpn-tunnel-protocol IPSec svc
 default-domain value sae.net
 nac-settings value DfltGrpPolicy-nac-framework-create
 webvpn
  svc keepalive none
  svc dpd-interval client none
  svc dpd-interval gateway none
  svc compression deflate
  customization value DfltCustomization
vpn-group-policy SAE-VPN1
tunnel-group DefaultRAGroup general-attributes
 address-pool L2TP-Pool
 default-group-policy DefaultRAGroup_1
tunnel-group DefaultRAGroup ipsec-attributes
 pre-shared-key *
tunnel-group DefaultRAGroup ppp-attributes
 no authentication chap
 no authentication ms-chap-v1
 authentication ms-chap-v2
tunnel-group SAE-VPN1 type remote-access
tunnel-group SAE-VPN1 general-attributes
 address-pool VPNPOOL
 default-group-policy SAE-VPN1
tunnel-group SAE-VPN1 ipsec-attributes
 pre-shared-key *
tunnel-group SAE-VPN1 ppp-attributes
 no authentication chap
 no authentication ms-chap-v1
 authentication ms-chap-v2
tunnel-group SSLclientProfile type remote-access
tunnel-group SSLclientProfile general-attributes
 address-pool SSLvpn-Pool
 default-group-policy SSLclientVPN
tunnel-group SSLclientProfile webvpn-attributes
 group-alias SSLVPN enable
!
class-map netflow-export-class
 match access-list netflow-export
class-map WAN-class
 match access-list WAN_mpc
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny  
  inspect sunrpc
  inspect xdmcp
  inspect sip  
  inspect netbios
  inspect tftp
policy-map netflow-export-policy
 class netflow-export-class
  flow-export event-type all destination 192.168.0.82
policy-map WAN-policy
 class WAN-class
  csc fail-open
!
service-policy global_policy global
service-policy WAN-policy interface WAN
prompt hostname context
Cryptochecksum:8953c57876518abce082b87db609c9d8
: end



Result of the command: "show running-config"

: Saved
:
ASA Version 8.2(1)
!
hostname SAE-ASA1
domain-name sae.net
enable password Zguy3id9JCUVp7gW encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
name 192.168.0.0 SAE-Evanston-LAN
!
interface Ethernet0/0
 nameif WAN
 security-level 0
 ip address 12.200.135.2 255.255.255.248
!
interface Ethernet0/1
 nameif LAN
 security-level 100
 ip address 192.168.0.254 255.255.255.0
!
interface Ethernet0/2
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet0/3
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Management0/0
 shutdown
 nameif management
 security-level 100
 ip address 192.168.1.1 255.255.255.0
 management-only
!
boot system disk0:/asa821-k8.bin
ftp mode passive
clock timezone CST -6
clock summer-time CDT recurring
dns domain-lookup LAN
dns server-group DefaultDNS
 name-server 206.141.192.60
 name-server 206.141.193.55
 domain-name sae.net
same-security-traffic permit intra-interface
object-group service DM_INLINE_TCP_3 tcp
 port-object eq www
 port-object eq https
 port-object eq smtp
object-group service DM_INLINE_TCP_4 tcp
 port-object eq ftp
 port-object eq ftp-data
object-group service HTTP_86 tcp
 port-object eq 86
object-group service Windows_TCP_Traffic tcp
 port-object eq 135
 port-object range 137 netbios-ssn
 port-object eq 445
object-group service Windows_UDP_Traffic udp
 port-object eq 135
 port-object range netbios-ns 139
object-group network DM_INLINE_NETWORK_1
 network-object host 12.200.135.4
 network-object host 192.168.0.10
object-group service DM_INLINE_TCP_1 tcp
 port-object eq ftp
 port-object eq www
 port-object eq pop3
 port-object eq smtp
object-group service IBCS udp
 port-object eq 21068
 port-object eq 48808
object-group network DM_INLINE_NETWORK_2
 network-object host 192.168.0.31
 network-object host 12.200.135.3
object-group network DM_INLINE_NETWORK_3
 network-object host 192.168.0.31
 network-object host 12.200.135.3
object-group protocol TCPUDP
 protocol-object udp
 protocol-object tcp
object-group service DM_INLINE_TCP_2 tcp
 port-object eq www
 port-object eq https
access-list SAE-VPN1_splitTunnelAcl standard permit SAE-Evanston-LAN 255.255.255.0
access-list DefaultRAGroup_splitTunnelAcl standard permit SAE-Evanston-LAN 255.255.255.0
access-list WAN_cryptomap_65535.20 extended permit ip any SAE-Evanston-LAN 255.255.255.0
access-list WAN_cryptomap_65535.20 extended permit icmp any SAE-Evanston-LAN 255.255.255.0
access-list WAN_access_in extended permit tcp any object-group DM_INLINE_NETWORK_2 object-group DM_INLINE_TCP_2
access-list WAN_access_in extended permit udp any object-group DM_INLINE_NETWORK_3 object-group IBCS
access-list WAN_access_in extended permit tcp any object-group DM_INLINE_NETWORK_1 object-group DM_INLINE_TCP_3
access-list WAN_access_in extended permit tcp any any object-group DM_INLINE_TCP_4
access-list WAN_access_in extended permit tcp any any object-group HTTP_86
access-list WAN_access_in extended permit icmp any any
access-list LAN_access_in extended deny tcp any any object-group Windows_TCP_Traffic
access-list LAN_access_in extended deny udp any any object-group Windows_UDP_Traffic
access-list LAN_access_in extended permit ip any any
access-list LAN_access_in extended permit gre any any
access-list LAN_access_in extended permit icmp any any
access-list LAN_cryptomap_65535.1 extended permit ip any SAE-Evanston-LAN 255.255.255.0
access-list LAN_cryptomap_65535.1 extended permit icmp any SAE-Evanston-LAN 255.255.255.0
access-list LAN_nat0_outbound extended permit ip SAE-Evanston-LAN 255.255.255.0 192.168.0.192 255.255.255.192
access-list LAN_nat0_outbound extended permit ip SAE-Evanston-LAN 255.255.255.0 192.168.254.0 255.255.255.0
access-list WAN_mpc extended permit tcp any any object-group DM_INLINE_TCP_1
access-list netflow-export extended permit ip any any inactive
pager lines 24
logging enable
logging console errors
logging buffered errors
logging asdm warnings
no logging message 106015
no logging message 313001
no logging message 313008
no logging message 106023
no logging message 710003
no logging message 106100
no logging message 302015
no logging message 302014
no logging message 302013
no logging message 302018
no logging message 302017
no logging message 302016
no logging message 302021
no logging message 302020
flow-export destination LAN 192.168.0.82 2055
mtu WAN 1500
mtu LAN 1500
mtu management 1500
ip local pool L2TP-Pool 192.168.254.129-192.168.254.139 mask 255.255.255.128
ip local pool VPNPOOL 192.168.0.220-192.168.0.240 mask 255.255.255.0
ip local pool SSLvpn-Pool 192.168.254.151-192.168.254.200 mask 255.255.255.128
ip local pool SAEVPN-Pool 192.168.0.200-192.168.0.219 mask 255.255.255.0
ip verify reverse-path interface WAN
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-621.bin
no asdm history enable
arp timeout 14400
global (WAN) 101 interface
nat (LAN) 0 access-list LAN_nat0_outbound
nat (LAN) 101 0.0.0.0 0.0.0.0
nat (management) 101 0.0.0.0 0.0.0.0
static (LAN,WAN) 12.200.135.4 192.168.0.10 netmask 255.255.255.255
static (LAN,WAN) 12.200.135.3 192.168.0.31 netmask 255.255.255.255
access-group WAN_access_in in interface WAN
access-group LAN_access_in in interface LAN
route WAN 0.0.0.0 0.0.0.0 12.200.135.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
nac-policy DfltGrpPolicy-nac-framework-create nac-framework
 reval-period 36000
 sq-period 300
http server enable
http SAE-Evanston-LAN 255.255.255.0 LAN
http 192.168.1.0 255.255.255.0 management
snmp-server host LAN 192.168.0.82 poll community saepublic version 2c
no snmp-server location
no snmp-server contact
snmp-server community *****
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac
crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map WAN_dyn_map 20 match address WAN_cryptomap_65535.20
crypto dynamic-map WAN_dyn_map 20 set pfs
crypto dynamic-map WAN_dyn_map 20 set transform-set ESP-3DES-SHA
crypto dynamic-map WAN_dyn_map 40 set transform-set TRANS_ESP_3DES_SHA
crypto dynamic-map LAN_dyn_map 1 set pfs
crypto dynamic-map LAN_dyn_map 1 set transform-set ESP-3DES-SHA
crypto map WAN_map 65535 ipsec-isakmp dynamic WAN_dyn_map
crypto map WAN_map interface WAN
crypto map LAN_map 65535 ipsec-isakmp dynamic LAN_dyn_map
crypto map LAN_map interface LAN
crypto ca trustpoint ASDM_TrustPoint1
 enrollment self
 subject-name CN=sslvpn.sae.net
 keypair sslvpnkey
 crl configure
crypto ca trustpoint ASDM_TrustPoint0
 enrollment terminal
 subject-name CN=SAEVPN.sae.net
 keypair SAEVPN
 crl configure
crypto ca trustpoint ASDM_TrustPoint2
 enrollment terminal
 subject-name CN=SAEVPN.sae.net,OU=Domain Control Validate,O=Sigma Alpha Epsilon,C=US,St=IL,L=Evanston
 keypair SAEVPN
 crl configure
crypto ca certificate chain ASDM_TrustPoint1
 certificate 8562aa4a
    308201eb 30820154 a0030201 02020485 62aa4a30 0d06092a 864886f7 0d010104
    0500303a 31173015 06035504 03130e73 736c7670 6e2e7361 652e6e65 74311f30
    1d06092a 864886f7 0d010902 16105341 452d4153 41312e73 61652e6e 6574301e
    170d3039 30393131 31343435 32355a17 0d313930 39303931 34343532 355a303a
    31173015 06035504 03130e73 736c7670 6e2e7361 652e6e65 74311f30 1d06092a
    864886f7 0d010902 16105341 452d4153 41312e73 61652e6e 65743081 9f300d06
    092a8648 86f70d01 01010500 03818d00 30818902 818100c5 28119ce1 5aa6c966
    86d8b211 401cd911 3846e87a ebd08e00 d59a9366 3505c5cb e67a5e1e 7e224435
    e58af65f d41a0215 6b57688c 1f4bdc36 f92906e4 90c60ac4 8b725717 05c45fce
    479a0f82 09449012 6510c443 07b95635 39363047 85e367b7 9fad87dc 899a8b9c
    b83034c0 773e3c17 ba8e0b0d 258c6e59 e4c0dfcd 3ba71b02 03010001 300d0609
    2a864886 f70d0101 04050003 818100a1 50eba14b 0e7d1873 6c54ddd3 23fd106e
    9d985871 11c9ed3f 67d73291 015c662b 5c447986 36bdb93d d674ff3f d756085f
    28643233 069c8a78 2736b945 96d11718 82302ab9 a88f87ec 6bbd6dba 690a65d9
    91754f48 1e1d59fe 88b97492 c665e827 55f66bc8 c05b2bb9 05552cee 78994121
    8682869f 945f1559 7969644b a50b81
  quit
crypto ca certificate chain ASDM_TrustPoint0
 certificate 008715bca6b134
    30820562 3082044a a0030201 02020700 8715bca6 b134300d 06092a86 4886f70d
    01010505 003081ca 310b3009 06035504 06130255 53311030 0e060355 04081307
    4172697a 6f6e6131 13301106 03550407 130a5363 6f747473 64616c65 311a3018
    06035504 0a131147 6f446164 64792e63 6f6d2c20 496e632e 31333031 06035504
    0b132a68 7474703a 2f2f6365 72746966 69636174 65732e67 6f646164 64792e63
    6f6d2f72 65706f73 69746f72 79313030 2e060355 04031327 476f2044 61646479
    20536563 75726520 43657274 69666963 6174696f 6e204175 74686f72 69747931
    11300f06 03550405 13083037 39363932 3837301e 170d3039 30393131 32333137
    30335a17 0d313030 39313132 33313730 335a3055 31173015 06035504 0a130e53
    41455650 4e2e7361 652e6e65 74312130 1f060355 040b1318 446f6d61 696e2043
    6f6e7472 6f6c2056 616c6964 61746564 31173015 06035504 03130e53 41455650
    4e2e7361 652e6e65 74308201 22300d06 092a8648 86f70d01 01010500 0382010f
    00308201 0a028201 0100d870 1a846f7f a5ee8e44 db7271ff 275d4a77 5cfcadd8
    31f63f67 a74b8b78 10b54e29 818f9134 c5d17ec8 405e20ee 6a182316 00316124
    f69ac4f0 9e51fc0e 413a9652 3043ec8c b0c36cc3 2411fc19 31b5e5db 65aff7ab
    e0b29d5b c9789abc 4405a1c6 d859dce7 40d6e9ff 85271cfb cf4da201 9025fddf
    96705dad f3a7ab92 adfe3d15 0e3bd9de 1852c02b d92eafa6 f360a1fa da313440
    e07636e6 e3242b27 5a99a2ee 4cc72552 e516398f 683803fc 22c0b0bd 4127234d
    9b6189bd 183d6064 4eea7ce9 f4175342 57380fb8 9eca23ee b6feeb72 bc942562
    9a4c15c6 277ea8ec aa83f0c6 15398b87 35ddfb89 efea8d3e 5d5ad4fe ca04a395
    73ff391d 8ea7adbe 66370203 010001a3 8201bf30 8201bb30 0f060355 1d130101
    ff040530 03010100 301d0603 551d2504 16301406 082b0601 05050703 0106082b
    06010505 07030230 0e060355 1d0f0101 ff040403 0205a030 32060355 1d1f042b
    30293027 a025a023 86216874 74703a2f 2f63726c 2e676f64 61646479 2e636f6d
    2f676473 312d382e 63726c30 53060355 1d20044c 304a3048 060b6086 480186fd
    6d010717 01303930 3706082b 06010505 07020116 2b687474 703a2f2f 63657274
    69666963 61746573 2e676f64 61646479 2e636f6d 2f726570 6f736974 6f72792f
    30818006 082b0601 05050701 01047430 72302406 082b0601 05050730 01861868
    7474703a 2f2f6f63 73702e67 6f646164 64792e63 6f6d2f30 4a06082b 06010505
    07300286 3e687474 703a2f2f 63657274 69666963 61746573 2e676f64 61646479
    2e636f6d 2f726570 6f736974 6f72792f 67645f69 6e746572 6d656469 6174652e
    63727430 1f060355 1d230418 30168014 fdac6132 936c45d6 e2ee855f 9abae776
    9968cce7 302d0603 551d1104 26302482 0e534145 56504e2e 7361652e 6e657482
    12777777 2e534145 56504e2e 7361652e 6e657430 1d060355 1d0e0416 0414f0d1
    1e603504 76d37e55 d94d08ca 436e2134 2042300d 06092a86 4886f70d 01010505
    00038201 0100c279 abf40480 0e595401 8886da89 3c08468c 5134c90b 6534ac8d
    492226b4 066ed7c9 939ebc87 2f4dd94e 8cfd010c 03dcac57 d20fe0f0 409b0ed7
    6903f482 2894a361 c48d49b5 3140e417 dba605bf c9d5e4eb 1a677126 2a839dba
    aa8daa5f e8479c6d 625ed072 a1fa2485 0eb3a297 fd9b8670 8b8fae06 03a03252
    a01bfc2c c064c7ab 7bf42e89 5034db91 73929836 ba2e53c2 f7496663 4f344881
    1c16997e 76eb3774 90c33068 545298ce e40652bf 43280540 6b16b4ef 076cda6f
    d789af05 d63a22af a46a37c6 66f3c2a4 2a857f33 4a676047 2ef05e61 976b1bd5
    b44c8652 da3c9dd5 75fc39e3 4f1ba1fd 5fac506e 009d73b0 da4439c0 464c8ff9
    b53c791b 3465
  quit
crypto ca certificate chain ASDM_TrustPoint2
 certificate 07b75b629a59f3
    3082055d 30820445 a0030201 02020707 b75b629a 59f3300d 06092a86 4886f70d
    01010505 003081ca 310b3009 06035504 06130255 53311030 0e060355 04081307
    4172697a 6f6e6131 13301106 03550407 130a5363 6f747473 64616c65 311a3018
    06035504 0a131147 6f446164 64792e63 6f6d2c20 496e632e 31333031 06035504
    0b132a68 7474703a 2f2f6365 72746966 69636174 65732e67 6f646164 64792e63
    6f6d2f72 65706f73 69746f72 79313030 2e060355 04031327 476f2044 61646479
    20536563 75726520 43657274 69666963 6174696f 6e204175 74686f72 69747931
    11300f06 03550405 13083037 39363932 3837301e 170d3130 30383133 31383435
    32395a17 0d313530 39313132 33313730 335a3055 31173015 06035504 0a130e53
    41455650 4e2e7361 652e6e65 74312130 1f060355 040b1318 446f6d61 696e2043
    6f6e7472 6f6c2056 616c6964 61746564 31173015 06035504 03130e53 41455650
    4e2e7361 652e6e65 74308201 22300d06 092a8648 86f70d01 01010500 0382010f
    00308201 0a028201 0100d870 1a846f7f a5ee8e44 db7271ff 275d4a77 5cfcadd8
    31f63f67 a74b8b78 10b54e29 818f9134 c5d17ec8 405e20ee 6a182316 00316124
    f69ac4f0 9e51fc0e 413a9652 3043ec8c b0c36cc3 2411fc19 31b5e5db 65aff7ab
    e0b29d5b c9789abc 4405a1c6 d859dce7 40d6e9ff 85271cfb cf4da201 9025fddf
    96705dad f3a7ab92 adfe3d15 0e3bd9de 1852c02b d92eafa6 f360a1fa da313440
    e07636e6 e3242b27 5a99a2ee 4cc72552 e516398f 683803fc 22c0b0bd 4127234d
    9b6189bd 183d6064 4eea7ce9 f4175342 57380fb8 9eca23ee b6feeb72 bc942562
    9a4c15c6 277ea8ec aa83f0c6 15398b87 35ddfb89 efea8d3e 5d5ad4fe ca04a395
    73ff391d 8ea7adbe 66370203 010001a3 8201ba30 8201b630 0f060355 1d130101
    ff040530 03010100 301d0603 551d2504 16301406 082b0601 05050703 0106082b
    06010505 07030230 0e060355 1d0f0101 ff040403 0205a030 33060355 1d1f042c
    302a3028 a026a024 86226874 74703a2f 2f63726c 2e676f64 61646479 2e636f6d
    2f676473 312d3231 2e63726c 304d0603 551d2004 46304430 42060b60 86480186
    fd6d0107 17013033 30310608 2b060105 05070201 16256874 7470733a 2f2f6365
    7274732e 676f6461 6464792e 636f6d2f 7265706f 7369746f 72792f30 81800608
    2b060105 05070101 04743072 30240608 2b060105 05073001 86186874 74703a2f
    2f6f6373 702e676f 64616464 792e636f 6d2f304a 06082b06 01050507 3002863e
    68747470 3a2f2f63 65727469 66696361 7465732e 676f6461 6464792e 636f6d2f
    7265706f 7369746f 72792f67 645f696e 7465726d 65646961 74652e63 7274301f
    0603551d 23041830 168014fd ac613293 6c45d6e2 ee855f9a bae77699 68cce730
    2d060355 1d110426 3024820e 53414556 504e2e73 61652e6e 65748212 7777772e
    53414556 504e2e73 61652e6e 6574301d 0603551d 0e041604 14f0d11e 60350476
    d37e55d9 4d08ca43 6e213420 42300d06 092a8648 86f70d01 01050500 03820101
    004d0a98 bec7b3c6 000bdfe9 ba114629 5eee6850 92dc76d3 446eccab 9ba7b6f4
    ed77762d 1f6f7dce cd94f0c5 ac6224f7 b259d854 6feea0f0 3919505b 7f40f823
    e8f9df49 b03bce26 c2d128a0 05499bcf 3b6d28c1 1bed413b 9bebc8aa 34848048
    78745d7a 2ff2f3ec fdd19ef7 1ca52c7c e877796f 7d741471 b50d8d1f 8ebb908b
    f427592b 596b6eda 675d604e b9d1381a 31929b9a 8f047aff 36850682 f67ade79
    f00426f7 b1cef4d0 81b524e2 9c43d56a d7a9acd9 e2b7b1c5 dab82bfa c2d76460
    00d9a136 73e22fa4 a25818c7 918f3398 47cf35c4 3667d4e0 fde0ef82 24addf86
    95f25880 1df55fc7 ce9693f1 8ccd19b3 c213f5e4 43af7a32 1289ac82 e31c5ecf a8
  quit
crypto isakmp enable WAN
crypto isakmp policy 10
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
no vpn-addr-assign aaa
telnet SAE-Evanston-LAN 255.255.255.0 LAN
telnet timeout 5
ssh timeout 5
console timeout 0
management-access LAN
dhcpd address 192.168.1.2-192.168.1.254 management
!
threat-detection basic-threat
threat-detection scanning-threat
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
ssl trust-point ASDM_TrustPoint2 LAN
ssl trust-point ASDM_TrustPoint2 WAN
webvpn
 enable WAN
 svc image disk0:/anyconnect-win-2.5.3041-k9.pkg 1
 svc image disk0:/anyconnect-macosx-i386-2.5.3055-k9.pkg 2
 svc enable
 tunnel-group-list enable
group-policy SSLclientVPN internal
group-policy SSLclientVPN attributes
 dns-server value 192.168.0.2
 vpn-tunnel-protocol l2tp-ipsec svc
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value SAE-VPN1_splitTunnelAcl
 default-domain value sae.net
group-policy DefaultRAGroup internal
group-policy DefaultRAGroup_1 internal
group-policy DefaultRAGroup_1 attributes
 dns-server value 192.168.0.6
 vpn-tunnel-protocol l2tp-ipsec
 split-tunnel-policy tunnelall
 split-tunnel-network-list none
 default-domain value sae.net
group-policy SAE-VPN1 internal
group-policy SAE-VPN1 attributes
 dns-server value 192.168.0.2
 vpn-tunnel-protocol IPSec svc
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value SAE-VPN1_splitTunnelAcl
 default-domain value sae.net
 split-dns value sae.net
 client-firewall none
group-policy DfltGrpPolicy attributes
 dns-server value 192.168.0.6
 vpn-tunnel-protocol IPSec svc
 default-domain value sae.net
 nac-settings value DfltGrpPolicy-nac-framework-create
 webvpn
  svc keepalive none
  svc dpd-interval client none
  svc dpd-interval gateway none
  svc compression deflate
  customization value DfltCustomization
vpn-group-policy SAE-VPN1
tunnel-group DefaultRAGroup general-attributes
 address-pool L2TP-Pool
 default-group-policy DefaultRAGroup_1
tunnel-group DefaultRAGroup ipsec-attributes
 pre-shared-key *
tunnel-group DefaultRAGroup ppp-attributes
 no authentication chap
 no authentication ms-chap-v1
 authentication ms-chap-v2
tunnel-group SAE-VPN1 type remote-access
tunnel-group SAE-VPN1 general-attributes
 address-pool VPNPOOL
 default-group-policy SAE-VPN1
tunnel-group SAE-VPN1 ipsec-attributes
 pre-shared-key *
tunnel-group SAE-VPN1 ppp-attributes
 no authentication chap
 no authentication ms-chap-v1
 authentication ms-chap-v2
tunnel-group SSLclientProfile type remote-access
tunnel-group SSLclientProfile general-attributes
 address-pool SSLvpn-Pool
 default-group-policy SSLclientVPN
tunnel-group SSLclientProfile webvpn-attributes
 group-alias SSLVPN enable
!
class-map netflow-export-class
 match access-list netflow-export
class-map WAN-class
 match access-list WAN_mpc
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny  
  inspect sunrpc
  inspect xdmcp
  inspect sip  
  inspect netbios
  inspect tftp
policy-map netflow-export-policy
 class netflow-export-class
  flow-export event-type all destination 192.168.0.82
policy-map WAN-policy
 class WAN-class
  csc fail-open
!
service-policy global_policy global
service-policy WAN-policy interface WAN
prompt hostname contex
0
 

Author Closing Comment

by:pstiffsae
Comment Utility
web server wasn't configured correctly to work externally - thanks for pointing me in the right direction
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now