Solved

HP Switch and Cisco ASA with 2x vlans

Posted on 2013-11-07
10
679 Views
Last Modified: 2013-11-14
Hi

My network team have confirmed that fe0/2 on the ASA 5505 is configured as DGW 172.16.10.15 however my HP 2910al POE switch seems to only have the ability to add a single DGW for both vlan1 and vlan20.

Can i add a second DGW for vlan20 on the switch?

Thanks
0
Comment
Question by:CHI-LTD
  • 7
  • 3
10 Comments
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 39630097
What exactly are you trying to accomplish here?
The DG is for the switch itself, so you can have only one. On the machines in the VLANs you define the DG on the machines itself, so no need for the switch to know what gateway is used in what VLAN.

But perhaps you could elaborate a bit?
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 39630357
Voice on vlan20
data on vlan1

3x hp switches, 2x l2 and 1x l3 (vlan1 & 20)
a firewall cisco asa 5505 used to route traffic over vpn and via SIP
0
 
LVL 35

Accepted Solution

by:
Ernie Beek earned 500 total points
ID: 39630445
Well like I said, as long as you configure the devices within the VLANs with a DG and the ASA has a port in both VLANs, everything should be working.
Aside from the fact that you can have only one DG on the switch.

But I assume there's something not working because of your question here, so what is going wrong?
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 39632946
Ok, yes, all seems to be working, however the vlan20 interface on the ASA 172.16.10.15 should be the DGW of clients/switches on vlan20...

My concern is that all traffic will be going out through vlan1 interface on the ASA and will cause issues when prioritising...

?
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 39632950
and I cant ping vlan20 GW from vlan1.
and from vlan1 to GW of vlan20

Guess this is correct...
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 35

Assisted Solution

by:Ernie Beek
Ernie Beek earned 500 total points
ID: 39634333
Ok, yes, all seems to be working, however the vlan20 interface on the ASA 172.16.10.15 should be the DGW of clients/switches on vlan20
And it isn't?

My concern is that all traffic will be going out through vlan1 interface on the ASA and will cause issues when prioritising
Traffic won't go from one VLAN to the other unless you allow that on the ASA.

and I cant ping vlan20 GW from vlan1.
and from vlan1 to GW of vlan20

Guess this is correct


That is correct. In effect you have two separate(d) networks (virtual). But instead of having the networks on separate switches you have them on separate VLANs. So you're not separating the networks physically but virtually.

Am I making any sense here?
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 39638167
Sure you are.

We need to be able to get the hp 1910 & 2910 on vlan1 talking to vlan20 on the hp 2910.

I can ping between vlan1 and vlan20 on the hp 2910 but not from the 1910 to 2910 and back..
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 39638168
Running configuration:

; J9148A Configuration Editor; Created on release #W.15.08.0012
; Ver #02:11.05:16
hostname "HP-E2910al-48G-PoE"
module 1 type j9148a
power-over-ethernet pre-std-detect
ip default-gateway 172.16.10.15
no ip icmp redirects
ip route 0.0.0.0 0.0.0.0 172.16.10.15
interface 1
   name "to HP1910 (top)"
   no power-over-ethernet
   exit
interface 2
   name "tp HP1910 (bottom)"
   no power-over-ethernet
   exit
interface 3
   name "to ASA 5505 fe01"
   no power-over-ethernet
   exit
interface 4
   no power-over-ethernet
   exit
interface 5
   no power-over-ethernet
   exit
interface 6
   no power-over-ethernet
   exit
interface 7
   name "Shoretel E1k"
   speed-duplex 100-full
   exit
interface 8
   name "Shoretel SG90"
   speed-duplex 100-full
   exit
interface 9
   name "Shoretel SG90Bri"
   speed-duplex 100-full
   exit
interface 10
   name "Oaisys Port Mirror"
   exit
interface 11
   name "Shoretel HQ"
   exit
interface 12
   name "Ingate"
   exit
interface 48
   name "to ASA 5505 fe02"
   exit
snmp-server community "public" unrestricted
snmp-server contact "IT"
vlan 1
   name "DEFAULT_VLAN"
   no untagged 7-48
   untagged 1-6
   ip address 172.19.4.5 255.255.0.0
   exit
vlan 20
   name "Voice"
   untagged 7-48
   ip address 172.16.4.5 255.255.0.0
   ip helper-address 172.19.10.17
   exit
no autorun
password manager
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 39638235
ASA config:

ASA Version 8.4(2)
!
hostname ChurchHouse-Sherborne
domain-name abz0.ifb.net
enable password PR6HuOoK9pk.2W7I encrypted
passwd F70teQHVkT1RhJoL encrypted
names
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
 switchport access vlan 20
!
interface Ethernet0/3
 switchport access vlan 20
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan1
 description To LAN
 nameif inside
 security-level 100
 ip address 172.19.10.15 255.255.0.0
!
interface Vlan2
 description To Internet
 nameif outside
 security-level 0
 ip address 188.39.71.98 255.255.255.248
!
interface Vlan20
 nameif Voice
 security-level 100
 ip address 172.16.10.15 255.255.0.0
!
banner login
banner login This system is private property.
banner login Unauthorised users are prohibited and must disconnect now.
banner login All actions are logged.
banner login
boot system disk0:/asa842-k8.bin
no ftp mode passive
clock timezone GMT 0
clock summer-time BST recurring last Sun Mar 1:00 last Sun Oct 2:00
dns server-group DefaultDNS
 domain-name abz0.ifb.net
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network inside-network
 subnet 172.19.0.0 255.255.0.0
 description Inside network
object network 10.255.254.0_25
 subnet 10.255.254.0 255.255.255.128
 description Hounslow Roam VPN
object network 10.255.255.0_25
 subnet 10.255.255.0 255.255.255.128
 description Yeovil Roam VPN
object network 192.168.3.0_24
 subnet 192.168.3.0 255.255.255.0
 description London LAN
object network 172.19.10.21_pop3
 host 172.19.10.21
object network Mimecast_DC_1
 subnet 135.196.24.192 255.255.255.240
object network Mimecast_DC_2
 subnet 213.235.63.64 255.255.255.192
object network Mimecast_DC_3
 subnet 94.185.244.0 255.255.255.0
object network Mimecast_DC_4
 subnet 212.2.3.128 255.255.255.192
object network Mimecast_DC_5
 subnet 212.199.232.144 255.255.255.248
object network Mimecast_DC_6
 subnet 195.130.217.0 255.255.255.0
object network Mimecast_DC_7
 subnet 91.220.42.0 255.255.255.0
object network 172.19.10.21_smtp
 host 172.19.10.21
object network 192.168.2.0_24
 subnet 192.168.2.0 255.255.255.0
 description Hounslow LAN
object network Bloomberg_1
 subnet 160.43.250.0 255.255.255.0
object network Bloomberg_2
 subnet 205.216.112.0 255.255.255.0
object network Bloomberg_3
 subnet 206.156.53.0 255.255.255.0
object network Bloomberg_4
 subnet 208.22.56.0 255.255.255.0
object network Bloomberg_5
 subnet 208.22.57.0 255.255.255.0
object network Bloomberg_6
 subnet 69.191.192.0 255.255.192.0
object network Proquote_1
 host 195.26.26.140
object network Proquote_2
 host 195.26.26.150
object network Proquote_3
 host 195.26.26.16
object network Proquote_4
 host 195.26.27.141
object network Proquote_5
 host 195.26.27.150
object network Proquote_6
 host 212.47.180.32
object network Proquote_7
 host 213.38.100.13
object network Proquote_8
 host 213.38.100.4
object network Proquote_9
 host 213.38.100.5
object network Proquote_10
 host 213.38.100.6
object network proxy137.scansafe.net
 host 80.254.152.99
object network proxy411.scansafe.net
 host 80.254.147.163
object network obj-vpn-london
 subnet 192.168.3.0 255.255.255.0
object network Mimecast_DC_8
 subnet 94.185.240.0 255.255.255.0
object network 172.19.10.17_ldap
 host 172.19.10.17
object network proxy493.scansafe.net
 host 80.254.158.179
object network proxy494.scansafe.net
 host 80.254.158.187
object network proxy503.scansafe.net
 host 80.254.158.211
object network proxy504.scansafe.net
 host 80.254.158.219
object network 172.19.10.21_http
 host 172.19.10.21
object network 172.19.10.21_https
 host 172.19.10.21
object network INGATE
 host 172.160.10.35
object-group network Mimecast
 description Mimecast email filtering sources
 network-object object Mimecast_DC_1
 network-object object Mimecast_DC_2
 network-object object Mimecast_DC_3
 network-object object Mimecast_DC_4
 network-object object Mimecast_DC_5
 network-object object Mimecast_DC_6
 network-object object Mimecast_DC_7
 network-object object Mimecast_DC_8
object-group service DM_INLINE_TCP_1 tcp
 port-object eq ldap
 port-object eq pop3
 port-object eq smtp
object-group network DM_INLINE_NETWORK_1
 network-object object 10.255.254.0_25
 network-object object 10.255.255.0_25
 network-object object 192.168.2.0_24
 network-object object 192.168.3.0_24
object-group network Bloomberg
 network-object object Bloomberg_1
 network-object object Bloomberg_2
 network-object object Bloomberg_3
 network-object object Bloomberg_4
 network-object object Bloomberg_5
 network-object host 194.105.166.35
 network-object object Bloomberg_6
object-group network Proquote
 network-object object Proquote_1
 network-object object Proquote_2
 network-object object Proquote_3
 network-object object Proquote_4
 network-object object Proquote_5
 network-object object Proquote_6
 network-object object Proquote_7
 network-object object Proquote_8
 network-object object Proquote_9
 network-object object Proquote_10
object-group service DM_INLINE_SERVICE_1
 service-object tcp destination range 8194 8198
 service-object udp destination range 48129 48137
 service-object tcp destination range 8209 8294
object-group service DM_INLINE_TCP_2 tcp
 port-object range 2300 2400
 port-object eq 6969
object-group network DM_INLINE_NETWORK_2
 network-object object proxy137.scansafe.net
 network-object object proxy411.scansafe.net
 network-object object proxy493.scansafe.net
 network-object object proxy494.scansafe.net
 network-object object proxy503.scansafe.net
 network-object object proxy504.scansafe.net
object-group service DM_INLINE_SERVICE_2
 service-object tcp-udp destination eq domain
 service-object tcp destination eq 3101
 service-object tcp destination eq 4103
 service-object tcp destination eq 4105
 service-object tcp destination eq ftp
 service-object tcp destination eq www
 service-object tcp destination eq https
 service-object tcp destination range 49100 49200
object-group service DM_INLINE_TCP_3 tcp
 port-object range 1130 1132
 port-object eq 4800
 port-object eq 50110
 port-object range 50112 50115
 port-object range 50140 50142
 port-object range 50802 50803
 port-object range 50806 50808
object-group service DM_INLINE_TCP_4 tcp
 port-object eq ldap
 port-object eq pop3
 port-object eq smtp
object-group network DM_INLINE_NETWORK_4
 network-object object 192.168.2.0_24
 network-object 10.255.254.0 255.255.255.0
object-group network DM_INLINE_NETWORK_5
 network-object host 194.105.166.35
 group-object Mimecast
object-group network DM_INLINE_NETWORK_6
 network-object object proxy137.scansafe.net
 network-object object proxy411.scansafe.net
object-group network DM_INLINE_NETWORK_7
 network-object object inside-network
 network-object 10.255.254.0 255.255.255.0
object-group network DM_INLINE_NETWORK_3
 network-object 10.255.255.0 255.255.255.0
 network-object object inside-network
object-group network obj-CiscoCloud
 network-object 70.39.231.91 255.255.255.255
 network-object 70.39.231.107 255.255.255.255
 network-object 70.39.231.155 255.255.255.255
 network-object 70.39.231.171 255.255.255.255
 network-object 80.254.147.251 255.255.255.255
 network-object 80.254.158.35 255.255.255.255
 network-object 80.254.158.147 255.255.255.255
 network-object 80.254.158.155 255.255.255.255
object-group network DM_INLINE_NETWORK_8
 network-object object 10.255.254.0_25
 network-object object inside-network
object-group network DM_INLINE_NETWORK_9
 network-object 192.168.100.0 255.255.255.0
 network-object 192.168.3.0 255.255.255.0
object-group protocol TCPUDP
 protocol-object udp
 protocol-object tcp
access-list inbound extended permit object-group TCPUDP any range 1 65535 host 188.39.71.100 range 1 65535
access-list inbound extended permit object-group TCPUDP any range 6000 40000 host 188.39.71.100 range 6000 40000
access-list inbound extended permit object-group TCPUDP any range 1 65535 host 188.39.71.100 eq sip
access-list inbound extended permit icmp any host 80.76.122.145 echo-reply
access-list inbound extended permit icmp any host 80.76.122.145 source-quench
access-list inbound extended permit icmp any host 80.76.122.145 time-exceeded
access-list inbound extended permit icmp any host 80.76.122.145 unreachable
access-list inbound extended permit icmp any host 80.76.122.145 traceroute
access-list inbound extended permit icmp any object inside-network echo-reply
access-list inbound extended permit icmp any object inside-network time-exceeded
access-list inbound extended permit icmp any object inside-network unreachable
access-list inbound extended permit icmp any object inside-network traceroute
access-list inbound extended permit icmp any object inside-network source-quench
access-list inbound extended permit tcp object-group DM_INLINE_NETWORK_5 host 172.19.10.21 object-group DM_INLINE_TCP_1
access-list inbound extended permit tcp object-group DM_INLINE_NETWORK_5 host 172.19.10.4 object-group DM_INLINE_TCP_1 inactive
access-list inbound extended permit tcp object-group DM_INLINE_NETWORK_5 host 172.19.10.17 object-group DM_INLINE_TCP_1
access-list inbound extended permit tcp any object 172.19.10.21_http eq www
access-list inbound extended permit tcp any object 172.19.10.21_https eq https
access-list inbound extended permit ip any 172.16.0.0 255.255.0.0
access-list inbound extended permit udp any object INGATE eq sip
access-list inbound extended permit tcp any object INGATE eq sip
access-list inside_access_in extended permit ip 172.19.0.0 255.255.0.0 object-group DM_INLINE_NETWORK_1
access-list inside_access_in extended permit object-group DM_INLINE_SERVICE_1 172.19.0.0 255.255.0.0 object-group Bloomberg
access-list inside_access_in extended permit tcp 172.19.0.0 255.255.0.0 host 81.168.26.81 object-group DM_INLINE_TCP_2
access-list inside_access_in extended permit tcp 172.19.0.0 255.255.0.0 object-group Proquote object-group DM_INLINE_TCP_3
access-list inside_access_in extended permit tcp 172.19.0.0 255.255.0.0 object-group DM_INLINE_NETWORK_2 eq 8080
access-list inside_access_in extended permit tcp 172.19.0.0 255.255.0.0 object-group DM_INLINE_NETWORK_6 eq 8090
access-list inside_access_in extended permit object-group DM_INLINE_SERVICE_2 172.19.0.0 255.255.0.0 any
access-list inside_access_in extended permit tcp 172.19.0.0 255.255.0.0 host 77.73.1.127 eq ssh
access-list inside_access_in extended permit tcp host 172.19.10.17 object-group Mimecast object-group DM_INLINE_TCP_4
access-list inside_access_in extended permit tcp host 172.19.10.4 object-group Mimecast object-group DM_INLINE_TCP_4
access-list inside_access_in extended permit ip host 172.19.10.21 any
access-list inside_access_in extended permit tcp host 172.19.10.7 any eq 3101
access-list inside_access_in extended permit icmp 172.19.0.0 255.255.0.0 any
access-list inside_access_in extended permit ip any object-group obj-CiscoCloud
access-list inside_access_in extended permit tcp 172.19.0.0 255.255.0.0 host 212.102.222.248 eq 5677
access-list inside_access_in extended permit ip host 172.19.10.17 any
access-list inside_access_in extended permit tcp host 172.19.10.21 object-group Mimecast object-group DM_INLINE_TCP_4
access-list inside_access_in extended permit tcp host 172.19.10.28 any eq 3101
access-list outside_cryptomap extended permit ip object-group DM_INLINE_NETWORK_3 object-group DM_INLINE_NETWORK_4
access-list vpn-roam-split standard permit 172.19.0.0 255.255.0.0
access-list vpn-roam-split standard permit 192.168.3.0 255.255.255.0
access-list vpn-roam-split standard permit 192.168.2.0 255.255.255.0
access-list acl-vpn-london extended permit ip object inside-network object obj-vpn-london
access-list acl-vpn-london-dummy extended permit ip object-group DM_INLINE_NETWORK_7 object obj-vpn-london
access-list outside_cryptomap_1 extended permit ip object-group DM_INLINE_NETWORK_8 object-group DM_INLINE_NETWORK_9
pager lines 24
logging enable
logging timestamp
logging buffer-size 16000
logging buffered debugging
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu Voice 1500
ip local pool vpnpool 10.255.255.1-10.255.255.127 mask 255.255.255.128
ip verify reverse-path interface inside
ip verify reverse-path interface outside
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit 172.19.0.0 255.255.0.0 inside
icmp permit 194.105.167.0 255.255.255.192 outside
icmp permit host 194.105.166.224 outside
icmp permit 194.105.166.0 255.255.255.192 outside
icmp permit any outside
no asdm history enable
arp timeout 14400
nat (inside,any) source static inside-network inside-network destination static 192.168.2.0_24 192.168.2.0_24
nat (any,any) source static 10.255.255.0_25 10.255.255.0_25 destination static 192.168.2.0_24 192.168.2.0_24
nat (inside,any) source static inside-network inside-network destination static 10.255.255.0_25 10.255.255.0_25
nat (inside,outside) source static inside-network inside-network destination static obj-vpn-london obj-vpn-london
nat (inside,any) source static inside-network inside-network destination static 10.255.254.0_25 10.255.254.0_25
nat (outside,inside) source static any any destination static INGATE INGATE
!
object network 172.19.10.21_pop3
 nat (inside,outside) static interface service tcp pop3 pop3
object network 172.19.10.21_smtp
 nat (inside,outside) static interface service tcp smtp smtp
object network 172.19.10.17_ldap
 nat (inside,outside) static interface service tcp ldap ldap
object network 172.19.10.21_http
 nat (inside,outside) static interface service tcp www www
object network 172.19.10.21_https
 nat (inside,outside) static interface service tcp https https
object network INGATE
 nat (inside,outside) static 188.39.71.100 service udp sip sip
!
nat (any,outside) after-auto source dynamic any interface
access-group inside_access_in in interface inside
access-group inbound in interface outside
route outside 0.0.0.0 0.0.0.0 188.39.71.97 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
http server enable 8443
http 172.19.0.0 255.255.0.0 inside
http 0.0.0.0 0.0.0.0 outside
no snmp-server location
no snmp-server contact
sysopt noproxyarp inside
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 1 match address outside_cryptomap
crypto map outside_map 1 set pfs
crypto map outside_map 1 set peer 212.102.222.228
crypto map outside_map 1 set ikev1 transform-set ESP-AES-256-SHA
crypto map outside_map 2 match address outside_cryptomap_1
crypto map outside_map 2 set peer 188.39.121.250
crypto map outside_map 2 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 10 match address acl-vpn-london-dummy
crypto map outside_map 10 set pfs
crypto map outside_map 10 set peer 81.171.221.234
crypto map outside_map 10 set ikev1 transform-set ESP-3DES-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto ikev1 enable outside
crypto ikev1 policy 10
 authentication crack
 encryption aes-256
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 15
 authentication pre-share
 encryption aes-256
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 20
 authentication rsa-sig
 encryption aes-256
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 40
 authentication crack
 encryption aes-192
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 50
 authentication rsa-sig
 encryption aes-192
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 60
 authentication pre-share
 encryption aes-192
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 70
 authentication crack
 encryption aes
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 80
 authentication rsa-sig
 encryption aes
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 90
 authentication pre-share
 encryption aes
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 100
 authentication crack
 encryption 3des
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 110
 authentication rsa-sig
 encryption 3des
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 120
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
telnet timeout 5
ssh 172.19.0.0 255.255.0.0 inside
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 5
console timeout 0
no vpn-addr-assign aaa
no vpn-addr-assign dhcp
vpn-addr-assign local reuse-delay 5

dhcpd option 156 ascii ftpservers=172.16.10.30,layer2tagging=1,vlanid=20
!
dhcpd address 172.16.105.1-172.16.105.253 Voice
dhcpd dns 8.8.8.8 interface Voice
dhcpd enable Voice
!
!
tls-proxy maximum-session 12
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 194.105.167.1
ntp server 194.105.166.1
webvpn
group-policy DfltGrpPolicy attributes
 vpn-tunnel-protocol ikev1 ssl-clientless
group-policy GroupPolicy1 internal
group-policy GroupPolicy1 attributes
 vpn-tunnel-protocol ikev1
group-policy GroupPolicy_188.39.121.250 internal
group-policy GroupPolicy_188.39.121.250 attributes
 vpn-tunnel-protocol ikev1
group-policy VPN-Hounslow internal
group-policy VPN-Hounslow attributes
 vpn-tunnel-protocol ikev1
group-policy roam-vpn internal
group-policy roam-vpn attributes
 wins-server value 172.19.10.17 172.19.10.18
 dns-server value 172.19.10.17 172.19.10.18
 vpn-tunnel-protocol ikev1
 pfs enable
 ipsec-udp enable
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value vpn-roam-split
 split-dns none
username CommsAdmin password QcInhlcqc3PTxjrq encrypted privilege 15
tunnel-group 62.73.138.180 type ipsec-l2l
tunnel-group 62.73.138.180 general-attributes
 default-group-policy VPN-Hounslow
tunnel-group 62.73.138.180 ipsec-attributes
 ikev1 pre-shared-key *****
tunnel-group roam-vpn type remote-access
tunnel-group roam-vpn general-attributes
 address-pool vpnpool
 default-group-policy roam-vpn
tunnel-group roam-vpn ipsec-attributes
 ikev1 pre-shared-key *****
tunnel-group 81.171.221.234 type ipsec-l2l
tunnel-group 81.171.221.234 ipsec-attributes
 ikev1 pre-shared-key *****
tunnel-group 212.102.222.228 type ipsec-l2l
tunnel-group 212.102.222.228 general-attributes
 default-group-policy VPN-Hounslow
tunnel-group 212.102.222.228 ipsec-attributes
 ikev1 pre-shared-key *****
tunnel-group 188.39.121.250 type ipsec-l2l
tunnel-group 188.39.121.250 general-attributes
 default-group-policy GroupPolicy_188.39.121.250
tunnel-group 188.39.121.250 ipsec-attributes
 ikev1 pre-shared-key *****
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum client auto
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect ip-options
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip
  inspect xdmcp
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
 profile CiscoTAC-1
  no active
  destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
  destination address email callhome@cisco.com
  destination transport-method http
  subscribe-to-alert-group diagnostic
  subscribe-to-alert-group environment
  subscribe-to-alert-group inventory periodic monthly
  subscribe-to-alert-group configuration periodic monthly
  subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:7b997c85aa057e2b52a759c3ff214695
: end
0
 
LVL 1

Author Closing Comment

by:CHI-LTD
ID: 39648444
changed routing from asa to hp switch.
added static route on hp1910 to hp2910
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

I eventually solved a perplexing problem setting up telnet for a new switch.  I installed a new Cisco WS-03560X-24P switch connected to an existing Cisco 4506 running a WS-X4013-10GE Sup II-Plus. After configuring vlans and trunking,  I could no…
Hello All, I have been training on Multicast for a while now and whenever I start the topic , I find out that my friends /  Colleagues mention that they do not know how to test Multicast Joins. As most of the multicast would be video traffic and …
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now