Solved

urgent...Cisco firewall issue

Posted on 2014-01-23
8
429 Views
Last Modified: 2014-01-24
Hi Guys,

I am having a problem with a cisco firewall i basically cant get out on the internet with it, it was working fine a short while ago but now its not..I spoke to my ISP and i have ran some tests with them and it seems fine that end

Basically the cisco has 3 interfaces, the inside outside new and outside, (inside is connected to the LAN) Outside new is connected to a microtik router and then connected to the ISPs fibre and i dont know where Outside is supposed to go, I wonder if its a cable issue or its a rules issue

thank you  so much
0
Comment
Question by:jonathanduane2010
  • 5
  • 2
8 Comments
 
LVL 11

Expert Comment

by:Miftaul
ID: 39805522
where is NAT happening, on microtik or on your firewewall
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 39805536
Aside from just the interfaces you will need a number of other commands. Such as a GLOBAL statement, NAT statements and a ROUTE OUTSIDE statement. Can we get a look at your config? Be sure you remove any public IPs/confidential information.
0
 

Author Comment

by:jonathanduane2010
ID: 39805783
hi guys

will this do



: Saved
:
ASA Version 8.0(4) 
!
hostname test
domain-name default.domain.invalid
enable password password encrypted
passwd password encrypted
names
name 192.168.20.90 Cam
dns-guard
!
interface Ethernet0/0
 nameif outside
 security-level 0
 ip address 95.45.254.82 255.255.255.240 
!
interface Ethernet0/1
 nameif inside
 security-level 100
 ip address 192.168.20.254 255.255.255.0 
!
interface Ethernet0/2
 speed 100
 duplex full
 nameif OutsideNew
 security-level 0
 ip address 99.140.211.206 255.255.255.240 
!
interface Ethernet0/3
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Management0/0
 nameif management
 security-level 100
 ip address 192.168.1.1 255.255.255.0 
 management-only
!
!
time-range inter
 periodic daily 19:12 to 19:14
!
time-range li
 periodic daily 19:26 to 19:29
!
time-range newstime
 periodic daily 16:50 to 16:58
 periodic weekdays 9:50 to 9:58
 periodic daily 13:50 to 13:58
 periodic daily 14:50 to 14:58
 periodic daily 15:50 to 15:58
 periodic daily 9:50 to 9:58
 periodic daily 11:50 to 23:58
 periodic daily 8:50 to 8:58
 periodic daily 10:50 to 10:58
 periodic daily 20:12 to 20:15
 periodic daily 19:50 to 19:58
 periodic daily 12:50 to 12:58
 periodic daily 18:50 to 18:58
!
time-range test
 periodic daily 18:32 to 18:35
!
time-range uy
 periodic daily 18:40 to 18:43
!
boot system disk0:/asa804-k8.bin
ftp mode passive
clock timezone GMT/IST 0
clock summer-time GMT/IDT recurring last Sun Mar 1:00 last Sun Oct 2:00
dns server-group DefaultDNS
 domain-name default.domain.invalid
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group network mailserver
 network-object host 192.168.20.1
object-group service SERVICES tcp
 port-object eq www
 port-object eq smtp
 port-object eq pop3
 port-object eq 3000
 port-object eq 3389
 port-object eq imap4
object-group service UDPSERVICES udp
 port-object eq 3389
object-group network LAN
 network-object 192.168.20.0 255.255.255.0
object-group service WWW tcp
 port-object eq www
object-group service TIELINE tcp-udp
 port-object eq 9000
 port-object eq 9002
object-group network DM_INLINE_NETWORK_1
 network-object 0.0.0.0 0.0.0.0
 network-object host 192.168.20.189
object-group service cam tcp
 port-object eq 8081
access-list WAN_LAN extended permit tcp any host 95.45.254.84 object-group SERVICES log 
access-list WAN_LAN extended permit udp any host 95.45.254.84 object-group UDPSERVICES log 
access-list WAN_LAN extended permit tcp any host 95.45.254.85 object-group WWW log 
access-list WAN_LAN extended permit tcp any host 95.45.254.86 object-group TIELINE log 
access-list nonat extended permit ip 192.168.1.0 255.255.255.0 10.10.10.0 255.255.255.0 
access-list nonat extended permit ip 192.168.20.0 255.255.255.0 10.10.10.0 255.255.255.0 
access-list nonat extended permit ip 192.168.20.0 255.255.255.0 192.16.8.0 255.255.255.0 
access-list LAN-WAN extended permit tcp object-group LAN any object-group SERVICES 
access-list LAN-WAN extended permit ip object-group mailserver any 
access-list split standard permit 192.168.20.0 255.255.255.0 
access-list OutsideNew_access_in extended permit tcp any host 99.140.211.194 object-group SERVICES 
access-list OutsideNew_access_in extended permit udp any host 99.140.211.194 object-group UDPSERVICES 
access-list OutsideNew_access_in extended permit tcp any host 99.140.211.195 object-group WWW 
access-list OutsideNew_access_in extended permit tcp any host 99.140.211.199 object-group TIELINE 
access-list OutsideNew_access_in extended permit tcp 62.190.143.32 255.255.255.224 host 99.140.211.195 eq 3389 
access-list OutsideNew_access_in remark telnet
access-list OutsideNew_access_in extended permit tcp any host 99.140.211.194 eq telnet 
access-list OutsideNew_access_in extended permit tcp any host 99.140.211.194 object-group cam 
access-list inside_access_in extended permit ip any any inactive 
access-list inside_access_in extended permit tcp object-group DM_INLINE_NETWORK_1 host 95.131.90.85 object-group WWW 
access-list inside_access_in extended deny tcp host 192.168.20.231 any object-group WWW time-range newstime inactive 
pager lines 24
logging enable
logging asdm debugging
mtu outside 1500
mtu inside 1500
mtu OutsideNew 1500
mtu management 1500
ip local pool vpnpool 192.16.8.2-192.16.8.100
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-613.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
global (OutsideNew) 2 interface
nat (inside) 0 access-list nonat
nat (inside) 2 0.0.0.0 0.0.0.0
static (inside,outside) 95.45.254.85 192.168.20.2 netmask 255.255.255.255 
static (inside,outside) 95.45.254.86 192.168.20.52 netmask 255.255.255.255 
static (inside,outside) 95.45.254.84 192.168.20.1 netmask 255.255.255.255 dns 
static (inside,OutsideNew) 99.140.211.194 192.168.20.1 netmask 255.255.255.255 
static (inside,OutsideNew) 99.140.211.195 192.168.20.2 netmask 255.255.255.255 
static (inside,OutsideNew) 99.140.211.199 192.168.20.52 netmask 255.255.255.255 
static (inside,OutsideNew) 99.140.211.196 192.168.20.53 netmask 255.255.255.255 
static (inside,OutsideNew) 99.140.211.198 192.168.20.60 netmask 255.255.255.255 
static (inside,OutsideNew) 99.140.211.199 192.168.20.61 netmask 255.255.255.255 
static (inside,OutsideNew) 99.140.211.200 192.168.20.62 netmask 255.255.255.255 
access-group WAN_LAN in interface outside
access-group inside_access_in in interface inside
access-group OutsideNew_access_in in interface OutsideNew
route outside 0.0.0.0 0.0.0.0 95.45.254.81 1
route OutsideNew 0.0.0.0 0.0.0.0 99.140.211.193 2
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 213.94.194.99 255.255.255.255 outside
http 192.168.20.0 255.255.255.0 inside
http 192.168.1.0 255.255.255.0 management
http 62.190.143.32 255.255.255.224 OutsideNew
no snmp-server location
no snmp-server contact
snmp-server community public
snmp-server enable traps snmp authentication linkup linkdown coldstart
snmp-server enable traps syslog
snmp-server enable traps ipsec start
crypto ipsec transform-set vpnsettings esp-3des esp-md5-hmac 
crypto ipsec transform-set remotesettings esp-3des esp-md5-hmac 
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac 
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac 
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac 
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac 
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac 
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac 
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac 
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac 
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac 
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac 
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map remoteclient 20 set transform-set remotesettings
crypto dynamic-map remoteclient 20 set security-association lifetime seconds 28800
crypto dynamic-map remoteclient 20 set security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set security-association lifetime seconds 28800
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set security-association lifetime kilobytes 4608000
crypto map OutsideNew_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map OutsideNew_map interface OutsideNew
crypto isakmp identity address 
crypto isakmp enable OutsideNew
crypto isakmp policy 10
 authentication pre-share
 encryption aes-256
 hash sha
 group 5
 lifetime 86400
crypto isakmp policy 11
 authentication pre-share
 encryption 3des
 hash md5
 group 2
 lifetime 86400
crypto isakmp policy 65535
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
telnet timeout 5
ssh 159.134.222.0 255.255.254.0 outside
ssh 86.49.126.54 255.255.255.255 outside
ssh 213.94.194.99 255.255.255.255 outside
ssh 192.168.20.0 255.255.255.0 inside
ssh 62.190.43.32 255.255.255.224 OutsideNew
ssh timeout 5
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
!
threat-detection basic-threat
threat-detection statistics host
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
group-policy vpn3000 internal
group-policy vpn3000 attributes
 vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value split
 default-domain value test.ie

tunnel-group DefaultRAGroup ipsec-attributes
 isakmp keepalive threshold 10 retry 2
tunnel-group vpn3000 type remote-access
tunnel-group vpn3000 general-attributes
 address-pool vpnpool
 default-group-policy vpn3000
tunnel-group vpn3000 ipsec-attributes
 pre-shared-key *
 isakmp keepalive threshold 10 retry 2
 isakmp ikev1-user-authentication none
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns migrated_dns_map_1
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns migrated_dns_map_1 
  inspect ftp 
  inspect h323 h225 
  inspect h323 ras 
  inspect rsh 
  inspect rtsp 
  inspect esmtp 
  inspect sqlnet 
  inspect skinny  
  inspect sunrpc 
  inspect xdmcp 
  inspect sip  
  inspect netbios 
  inspect tftp 
!
service-policy global_policy global
prompt hostname context 
Cryptochecksum:42c999b269413f69b984f6158afc114d
: end
[OK]

Open in new window

0
 

Author Comment

by:jonathanduane2010
ID: 39805795
Hi Guys,

From THE ADSM launcher if i try to ping 8.8.8.8  from outside new interface it works, but none of the machines on the network are getting internet access?
0
Free camera licenses with purchase of My Cloud NAS

Milestone Arcus software is compatible with thousands of industry-leading cameras for added flexibility. Upon installation on your My Cloud NAS, you will receive two (2) camera licenses already enabled in the software. And for a limited time, get additional camera licenses FREE.

 
LVL 11

Accepted Solution

by:
Miftaul earned 500 total points
ID: 39805803
Can you ping isp1 next-hop from within ASA, also ISP2.
I suspect its a NAT issue. Please paste the NAT config.
0
 

Author Comment

by:jonathanduane2010
ID: 39805822
Hi Miftaul how do i get get the NAT config?
0
 

Author Comment

by:jonathanduane2010
ID: 39805829
i also think the outside interface is an old one? not in use
0
 

Author Comment

by:jonathanduane2010
ID: 39805869
hiya,

Icouldnt see the nat config so i tried show running config? under show running config was show startup config

Result of the command: "show running-config"

: Saved
:
ASA Version 8.0(4)
!
hostname IRadio
domain-name default.domain.invalid
enable password 4wFk0gVzH/NYZlGa encrypted
passwd sz5KGsLFNRWtU97z encrypted
names
name 192.168.20.90 Cam
dns-guard
!
interface Ethernet0/0
 nameif outside
 security-level 0
 ip address 95.45.254.82 255.255.255.240
!
interface Ethernet0/1
 nameif inside
 security-level 100
 ip address 192.168.20.254 255.255.255.0
!
interface Ethernet0/2
 speed 100
 duplex full
 nameif OutsideNew
 security-level 0
 ip address 79.140.211.206 255.255.255.240
!
interface Ethernet0/3
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Management0/0
 nameif management
 security-level 100
 ip address 192.168.1.1 255.255.255.0
 management-only
!
!
time-range inter
 periodic daily 19:12 to 19:14
!
time-range li
 periodic daily 19:26 to 19:29
!
time-range newstime
 periodic daily 16:50 to 16:58
 periodic weekdays 7:50 to 7:58
 periodic daily 13:50 to 13:58
 periodic daily 14:50 to 14:58
 periodic daily 15:50 to 15:58
 periodic daily 9:50 to 9:58
 periodic daily 11:50 to 23:58
 periodic daily 8:50 to 8:58
 periodic daily 10:50 to 10:58
 periodic daily 20:12 to 20:15
 periodic daily 17:50 to 17:58
 periodic daily 12:50 to 12:58
 periodic daily 18:50 to 18:58
!
time-range test
 periodic daily 18:32 to 18:35
!
time-range uy
 periodic daily 18:40 to 18:43
!
boot system disk0:/asa804-k8.bin
ftp mode passive
clock timezone GMT/IST 0
clock summer-time GMT/IDT recurring last Sun Mar 1:00 last Sun Oct 2:00
dns server-group DefaultDNS
 domain-name default.domain.invalid
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group network mailserver
 network-object host 192.168.20.1
object-group service SERVICES tcp
 port-object eq www
 port-object eq smtp
 port-object eq pop3
 port-object eq 3000
 port-object eq 3389
 port-object eq imap4
object-group service UDPSERVICES udp
 port-object eq 3389
object-group network LAN
 network-object 192.168.20.0 255.255.255.0
object-group service WWW tcp
 port-object eq www
object-group service TIELINE tcp-udp
 port-object eq 9000
 port-object eq 9002
object-group network DM_INLINE_NETWORK_1
 network-object 0.0.0.0 0.0.0.0
 network-object host 192.168.20.189
object-group service cam tcp
 port-object eq 8081
access-list WAN_LAN extended permit tcp any host 95.45.254.84 object-group SERVICES log
access-list WAN_LAN extended permit udp any host 95.45.254.84 object-group UDPSERVICES log
access-list WAN_LAN extended permit tcp any host 95.45.254.85 object-group WWW log
access-list WAN_LAN extended permit tcp any host 95.45.254.86 object-group TIELINE log
access-list nonat extended permit ip 192.168.1.0 255.255.255.0 10.10.10.0 255.255.255.0
access-list nonat extended permit ip 192.168.20.0 255.255.255.0 10.10.10.0 255.255.255.0
access-list nonat extended permit ip 192.168.20.0 255.255.255.0 172.16.8.0 255.255.255.0
access-list LAN-WAN extended permit tcp object-group LAN any object-group SERVICES
access-list LAN-WAN extended permit ip object-group mailserver any
access-list split standard permit 192.168.20.0 255.255.255.0
access-list OutsideNew_access_in extended permit tcp any host 79.140.211.194 object-group SERVICES
access-list OutsideNew_access_in extended permit udp any host 79.140.211.194 object-group UDPSERVICES
access-list OutsideNew_access_in extended permit tcp any host 79.140.211.195 object-group WWW
access-list OutsideNew_access_in extended permit tcp any host 79.140.211.197 object-group TIELINE
access-list OutsideNew_access_in extended permit tcp 62.190.143.32 255.255.255.224 host 79.140.211.195 eq 3389
access-list OutsideNew_access_in remark telnet
access-list OutsideNew_access_in extended permit tcp any host 79.140.211.194 eq telnet
access-list OutsideNew_access_in extended permit tcp any host 79.140.211.194 object-group cam
access-list inside_access_in extended permit ip any any
access-list inside_access_in extended permit tcp object-group DM_INLINE_NETWORK_1 host 95.131.70.85 object-group WWW
access-list inside_access_in extended deny tcp host 192.168.20.231 any object-group WWW time-range newstime inactive
pager lines 24
logging enable
logging asdm debugging
mtu outside 1500
mtu inside 1500
mtu OutsideNew 1500
mtu management 1500
ip local pool vpnpool 172.16.8.2-172.16.8.100
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-613.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
global (OutsideNew) 2 interface
nat (inside) 0 access-list nonat
nat (inside) 2 0.0.0.0 0.0.0.0
static (inside,outside) 95.45.254.85 192.168.20.2 netmask 255.255.255.255
static (inside,outside) 95.45.254.86 192.168.20.52 netmask 255.255.255.255
static (inside,outside) 95.45.254.84 192.168.20.1 netmask 255.255.255.255 dns
static (inside,OutsideNew) 79.140.211.194 192.168.20.1 netmask 255.255.255.255
static (inside,OutsideNew) 79.140.211.195 192.168.20.2 netmask 255.255.255.255
static (inside,OutsideNew) 79.140.211.197 192.168.20.52 netmask 255.255.255.255
static (inside,OutsideNew) 79.140.211.196 192.168.20.53 netmask 255.255.255.255
static (inside,OutsideNew) 79.140.211.198 192.168.20.60 netmask 255.255.255.255
static (inside,OutsideNew) 79.140.211.199 192.168.20.61 netmask 255.255.255.255
static (inside,OutsideNew) 79.140.211.200 192.168.20.62 netmask 255.255.255.255
access-group WAN_LAN in interface outside
access-group inside_access_in in interface inside
access-group OutsideNew_access_in in interface OutsideNew
route outside 0.0.0.0 0.0.0.0 95.45.254.81 1
route OutsideNew 0.0.0.0 0.0.0.0 79.140.211.193 2
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 62.190.143.32 255.255.255.224 OutsideNew
http 192.168.1.0 255.255.255.0 management
http 192.168.20.0 255.255.255.0 inside
http 213.94.194.97 255.255.255.255 outside
no snmp-server location
no snmp-server contact
snmp-server community public
snmp-server enable traps snmp authentication linkup linkdown coldstart
snmp-server enable traps syslog
snmp-server enable traps ipsec start
crypto ipsec transform-set vpnsettings esp-3des esp-md5-hmac
crypto ipsec transform-set remotesettings esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map remoteclient 20 set transform-set remotesettings
crypto dynamic-map remoteclient 20 set security-association lifetime seconds 28800
crypto dynamic-map remoteclient 20 set security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set security-association lifetime seconds 28800
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set security-association lifetime kilobytes 4608000
crypto map OutsideNew_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map OutsideNew_map interface OutsideNew
crypto isakmp identity address
crypto isakmp enable OutsideNew
crypto isakmp policy 10
 authentication pre-share
 encryption aes-256
 hash sha
 group 5
 lifetime 86400
crypto isakmp policy 11
 authentication pre-share
 encryption 3des
 hash md5
 group 2
 lifetime 86400
crypto isakmp policy 65535
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
telnet timeout 5
ssh 159.134.222.0 255.255.254.0 outside
ssh 86.47.126.54 255.255.255.255 outside
ssh 213.94.194.97 255.255.255.255 outside
ssh 192.168.20.0 255.255.255.0 inside
ssh 62.190.43.32 255.255.255.224 OutsideNew
ssh timeout 5
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
!
threat-detection basic-threat
threat-detection statistics host
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
group-policy vpn3000 internal
group-policy vpn3000 attributes
 vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value split
 default-domain value iradio.ie
username eoin password 7edxZswxPykfTxe8 encrypted privilege 15
username macaccess password UdZ.taxrUOGvP0DU encrypted
username roger password /ZkYI2x0xdAgDw.P encrypted privilege 15
username kevin password mz6JxJib/sQqvsw9 encrypted
tunnel-group DefaultRAGroup ipsec-attributes
 isakmp keepalive threshold 10 retry 2
tunnel-group vpn3000 type remote-access
tunnel-group vpn3000 general-attributes
 address-pool vpnpool
 default-group-policy vpn3000
tunnel-group vpn3000 ipsec-attributes
 pre-shared-key *
 isakmp keepalive threshold 10 retry 2
 isakmp ikev1-user-authentication none
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns migrated_dns_map_1
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns migrated_dns_map_1
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny  
  inspect sunrpc
  inspect xdmcp
  inspect sip  
  inspect netbios
  inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:42c797b269413f69b784f6158afc114d
: end
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Hi All,  Recently I have installed and configured a Sonicwall NS220 in the network as a firewall and Internet access gateway. All was working fine until users started reporting that they cannot use the Cisco VPN client to connect to the customer'…
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now