Link to home
Start Free TrialLog in
Avatar of Jeff
JeffFlag for United States of America

asked on

AnyConnect VPN - No LAN access

Yesterday everything was working great. Today I cannot access anything. I've tried so many changes with the AnyConnect that I don't know where I'm at anymore. Any chance someone can tell me where I am messing this up? I did run sysopt connection permit-vpn. Unfortunately I haven't configured a firewall since the PIX 515e. Things have changed a bit since then.

: Hardware: ASA5510, 1024 MB RAM, CPU Pentium 4 Celeron 1599 MHz
!
ASA Version 9.1(6)
!
hostname owgasa

xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain

names
ip local pool OfficeVPN 10.10.4.200-10.10.4.225 mask 255.255.252.0
!
interface Ethernet0/0
description CC Internet
speed 100
duplex full
nameif CC_Internet
security-level 0
ip address x.x.x.x 255.255.255.248
!
interface Ethernet0/1
description BKP network
speed 100
duplex full
nameif BKP
security-level 100
ip address 192.168.1.4 255.255.255.0
!
interface Ethernet0/2
description Office network
nameif Office
security-level 100
ip address 10.10.3.254 255.255.252.0
!
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
management-only
nameif management
security-level 100
ip address 172.16.1.1 255.255.255.0
!
boot system disk0:/asa916-k8.bin
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns domain-lookup CC_Internet
dns server-group DefaultDNS
name-server 8.8.4.4
name-server 8.8.8.8
domain-name xxxxx.com
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network Office_Network
subnet 10.10.0.0 255.255.252.0
object network BKP_Network
subnet 192.168.1.0 255.255.255.0
object network MobiServ-Inside
host 10.10.2.9
object network Public_IP_Address_xxx
host x.x.x.x
description Used as termination point for inbound access from outside
object network obj-10.10.2.35
host 10.10.2.35
object network obj-10.10.2.112
host 10.10.2.112
object network obj-10.10.2.102
host 10.10.2.102
object network obj-10.10.2.11
host 10.10.2.11
object network obj-10.10.2.195
host 10.10.2.195
object network obj-10.10.2.245
host 10.10.2.245
object network obj-10.10.2.176
host 10.10.2.176
object network obj-10.10.0.199
host 10.10.0.199
object network obj-10.10.2.104
host 10.10.2.104
object network obj-10.10.0.3
host 10.10.0.3
object network obj-10.10.2.144
host 10.10.2.144
object network obj-10.10.2.204
host 10.10.2.204
object network obj-10.10.2.23
host 10.10.2.23
object network obj-10.10.2.212
host 10.10.2.212
object network obj-10.10.2.114
host 10.10.2.114
object network obj-10.10.2.9
host 10.10.2.9
object service MobiServ_ports
service tcp source range 10610 10620
object network NCR_Remote_Net
subnet 192.168.185.0 255.255.255.0
object service Mobiserv_https
service tcp source eq https
object network obj-10.10.3.0
subnet 10.10.3.0 255.255.255.0
object network obj-10.10.0.0
subnet 10.10.0.0 255.255.255.0
object network NETWORK_OBJ_172.16.0.0_24
subnet 172.16.0.0 255.255.255.0
object network NETWORK_OBJ_10.10.0.0_24
subnet 10.10.0.0 255.255.255.0
object network NETWORK_OBJ_10.10.0.0_22
subnet 10.10.0.0 255.255.252.0
object network NETWORK_OBJ_10.10.1.240_28
subnet 10.10.1.240 255.255.255.240
object network NETWORK_OBJ_10.10.1.240_29
subnet 10.10.1.240 255.255.255.248
object network NETWORK_OBJ_10.10.1.224_27
subnet 10.10.1.224 255.255.255.224
object network obj-AnyConnectPool
range 10.10.4.200 10.10.4.225
description Nat statement for AnyConnect Split-Tunnel
object-group service IBM_iAccess tcp
description Ports to allow iAccess software communications
port-object eq 2001
port-object eq 2010
port-object eq 3000
port-object eq 397
port-object range 445 447
port-object eq 448
port-object eq 449
port-object eq 5010
port-object eq 5544
port-object eq 5555
port-object eq 5566
port-object eq 5577
port-object range 8470 8476
port-object eq 8480
port-object eq 942
port-object range 9470 9476
port-object eq 9480
port-object eq 992
port-object eq exec
port-object eq netbios-ssn
port-object eq telnet
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
object-group service SecCam tcp
description Security Cameras for Corp Stores
port-object eq 6800
port-object eq 7100
port-object eq 6801
object-group service RDP tcp
description Remote Desktop Protocol
port-object range 3380 3389
object-group service DM_INLINE_SERVICE_1
service-object tcp-udp destination eq domain
service-object tcp destination eq ftp
service-object tcp destination eq ftp-data
service-object tcp destination eq www
service-object tcp destination eq https
service-object tcp destination eq pop3
service-object tcp destination eq smtp
service-object tcp destination eq imap4
service-object icmp
service-object tcp destination range 8288 8289
service-object tcp destination range 9901 9903
object-group service DM_INLINE_SERVICE_2
service-object tcp-udp destination eq domain
service-object tcp destination eq ftp
service-object tcp destination eq ftp-data
service-object tcp destination eq www
service-object tcp destination eq https
service-object tcp destination eq imap4
service-object tcp destination eq pop3
service-object tcp destination eq smtp
service-object icmp
service-object tcp destination eq 465
service-object tcp destination eq 587
service-object tcp destination eq 993
service-object tcp destination eq 6800
service-object tcp destination eq 7100
service-object tcp destination eq 6801
service-object tcp destination eq 9901
service-object tcp destination eq 36617
service-object tcp destination eq 47460
service-object tcp destination eq 8100
service-object tcp destination eq 2083
service-object tcp destination eq telnet
object-group network DM_INLINE_NETWORK_1
network-object object Office_Network
network-object object BKP_Network
object-group service DM_INLINE_UDP_1 udp
port-object eq 443
port-object eq www
object-group service DM_INLINE_UDP_2 udp
port-object eq 443
port-object eq www
object-group service DM_INLINE_UDP_3 udp
port-object eq 443
port-object eq www
object-group service BKPPAY tcp

port-object range 8288 8289
port-object range 9901 9903
object-group service SSL tcp
description SSL Ports
port-object eq 465
port-object eq 587
port-object eq 993
object-group network NCR_Network
network-object 172.16.0.0 255.255.255.0
object-group service CPS tcp

port-object eq 36617
port-object eq 47460
object-group service IDT tcp

port-object eq 8100
object-group service GoDaddy tcp
description Management port
port-object eq 2083
object-group service PrintNetEnt tcp-udp
description Ports for PrintNet Enterprise
port-object eq 1030
port-object eq 135
port-object eq 389
port-object eq domain
access-list inside_access_in remark Limits access from BKP Network to Office network except for protocols in preceeding rule
access-list inside_access_in extended deny ip 192.168.1.0 255.255.255.0 10.10.0.0 255.255.252.0
access-list inside_access_in remark Default allowed protocols from BKP network to Internet
access-list inside_access_in remark Default allowed protocols from inside network to Internet
access-list inside_access_in remark Enables use of Google QUIC protocol
access-list inside_access_in extended permit udp 192.168.1.0 255.255.255.0 any object-group DM_INLINE_UDP_3
access-list inside_access_in extended permit object-group DM_INLINE_SERVICE_1 192.168.1.0 255.255.255.0 any
access-list inside_access_in remark Deny any other traffic
access-list inside_access_in extended deny ip 192.168.1.0 255.255.255.0 any
access-list inside_access_in remark Deny any other traffic
access-list inside2_access_in remark No access from Office Network to BKP
access-list inside2_access_in extended deny ip 10.10.0.0 255.255.252.0 192.168.1.0 255.255.255.0
access-list inside2_access_in remark Default allowed protocols from Office network to Internet
access-list inside2_access_in remark Default allowed protocols from BKP network to Internet
access-list inside2_access_in extended permit object-group DM_INLINE_SERVICE_2 10.10.0.0 255.255.252.0 any log disable
access-list inside2_access_in remark Enable use of Google QUIC protocol
access-list inside2_access_in extended permit udp 10.10.0.0 255.255.252.0 any object-group DM_INLINE_UDP_2
access-list inside2_access_in extended permit udp 10.10.0.0 255.255.252.0 any eq ntp
access-list inside2_access_in extended permit tcp 10.10.0.0 255.255.252.0 any object-group IBM_iAccess
access-list inside2_access_in remark Deny all other traffic
access-list inside2_access_in extended deny ip 10.10.0.0 255.255.252.0 any
access-list inside2_access_in remark Default allowed protocols from BKP network to Internet
access-list inside2_access_in remark Deny all other traffic
access-list CC_Internet_access_in remark Enables inbound Google QUIC protocol
access-list CC_Internet_access_in extended permit udp any object-group DM_INLINE_NETWORK_1 object-group DM_INLINE_UDP_1
access-list CC_Internet_access_in remark MobiServ access
access-list CC_Internet_access_in extended permit tcp any object MobiServ-Inside eq https
access-list CC_Internet_access_in remark MobiServ access
access-list CC_Internet_access_in extended permit tcp any object MobiServ-Inside range 10610 10620
access-list CC_Internet_access_in remark MobiServ access
access-list CC_Internet_access_in remark Remote desktop access
access-list CC_Internet_access_in extended permit tcp any object obj-10.10.2.114 eq 21591
access-list CC_Internet_access_in remark Remote desktop access
access-list CC_Internet_access_in extended permit tcp any object obj-10.10.2.212 eq 21590
access-list CC_Internet_access_in remark Remote desktop access
access-list CC_Internet_access_in extended permit tcp any object obj-10.10.2.23 eq 21589
access-list CC_Internet_access_in remark Remote desktop access
access-list CC_Internet_access_in extended permit tcp any object obj-10.10.2.204 eq 21588
access-list CC_Internet_access_in remark Remote desktop access
access-list CC_Internet_access_in extended permit tcp any object obj-10.10.2.144 eq 21587
access-list CC_Internet_access_in remark Remote desktop access
access-list CC_Internet_access_in extended permit tcp any object obj-10.10.0.3 eq 23389
access-list CC_Internet_access_in remark Remote desktop access
access-list CC_Internet_access_in extended permit tcp any object obj-10.10.2.104 eq 19182
access-list CC_Internet_access_in remark Remote desktop access
access-list CC_Internet_access_in extended permit tcp any object obj-10.10.0.199 eq 18172
access-list CC_Internet_access_in remark Remote desktop access
access-list CC_Internet_access_in extended permit tcp any object obj-10.10.2.176 eq 3384
access-list CC_Internet_access_in remark Remote desktop access
access-list CC_Internet_access_in extended permit tcp any object obj-10.10.2.245 eq 3378
access-list CC_Internet_access_in remark Remote desktop access
access-list CC_Internet_access_in extended permit tcp any object obj-10.10.2.195 eq 3379
access-list CC_Internet_access_in remark Remote desktop access
access-list CC_Internet_access_in extended permit tcp any object obj-10.10.2.11 eq 3380
access-list CC_Internet_access_in remark Remote desktop access
access-list CC_Internet_access_in extended permit tcp any object obj-10.10.2.102 eq 3385
access-list CC_Internet_access_in remark Remote desktop access
access-list CC_Internet_access_in extended permit tcp any object obj-10.10.2.112 eq 3388
access-list CC_Internet_access_in remark Remote desktop access
access-list CC_Internet_access_in extended permit tcp any object obj-10.10.2.35 eq 1587
access-list CC_Internet_access_in extended permit tcp any object obj-AnyConnectPool object-group IBM_iAccess inactive
access-list CC_Internet_access_in remark Denys all inbound connections from the Internet
access-list CC_Internet_access_in extended deny ip any any
access-list CC_Internet_cryptomap extended permit ip object Office_Network 172.16.0.0 255.255.255.0
access-list NCRVPN extended permit ip 10.10.0.0 255.255.252.0 172.16.0.0 255.255.255.0
access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol
access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 631
access-list AnyConnect_Client_Local_Print remark Windows' printing port
access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 9100
access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol
access-list AnyConnect_Client_Local_Print extended permit udp any4 host 224.0.0.251 eq 5353
access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name Resolution protocol
access-list AnyConnect_Client_Local_Print extended permit udp any4 host 224.0.0.252 eq 5355
access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol
access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 137
access-list split-tunnel remark Local Office Network
access-list split-tunnel standard permit 10.10.0.0 255.255.252.0
pager lines 50
logging enable
logging asdm informational
logging from-address xxx@xxxxx.com
logging recipient-address xxx@xxxxx.com level alerts
logging host Office 10.10.0.199 17/1514
logging class auth trap informational
mtu CC_Internet 1500
mtu BKP 1500
mtu Office 1500
mtu management 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-762-150.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (BKP,CC_Internet) source dynamic BKP_Network interface description Dynamic NAT (PAT) for general outside access
nat (Office,CC_Internet) source static Office_Network Office_Network destination static obj-AnyConnectPool obj-AnyConnectPool
nat (Office,CC_Internet) source static MobiServ-Inside Public_IP_Address_xxx service MobiServ_ports MobiServ_ports description PAT settings for Mobiserv ports
nat (Office,CC_Internet) source static obj-AnyConnectPool interface inactive description PAT settings for AnyConnect
nat (Office,CC_Internet) source static MobiServ-Inside Public_IP_Address_188 service Mobiserv_https Mobiserv_https description PAT settings for Mobiserv ports
nat (Office,CC_Internet) source static Office_Network Office_Network destination static NETWORK_OBJ_172.16.0.0_24 NETWORK_OBJ_172.16.0.0_24 no-proxy-arp route-lookup
nat (Office,CC_Internet) source dynamic any interface description Dynamic NAT (PAT) for general outside access
nat (Office,CC_Internet) source static NETWORK_OBJ_10.10.0.0_22 NETWORK_OBJ_10.10.0.0_22 destination static NETWORK_OBJ_10.10.1.240_28 NETWORK_OBJ_10.10.1.240_28 no-proxy-arp route-lookup inactive
nat (Office,CC_Internet) source static Office_Network Office_Network destination static NETWORK_OBJ_10.10.1.240_28 NETWORK_OBJ_10.10.1.240_28 no-proxy-arp route-lookup inactive
nat (Office,CC_Internet) source static Office_Network Office_Network destination static NETWORK_OBJ_10.10.1.240_29 NETWORK_OBJ_10.10.1.240_29 no-proxy-arp route-lookup inactive
nat (Office,CC_Internet) source static NETWORK_OBJ_10.10.0.0_22 NETWORK_OBJ_10.10.0.0_22 destination static NETWORK_OBJ_10.10.1.224_27 NETWORK_OBJ_10.10.1.224_27 no-proxy-arp route-lookup inactive
!
object network obj-10.10.2.35
nat (Office,CC_Internet) static x.x.x.x service tcp 1587 1587
object network obj-10.10.2.112
nat (Office,CC_Internet) static x.x.x.x service tcp 3388 3388
object network obj-10.10.2.102
nat (Office,CC_Internet) static x.x.x.x service tcp 3385 3385
object network obj-10.10.2.11
nat (Office,CC_Internet) static x.x.x.x service tcp 3380 3380
object network obj-10.10.2.195
nat (Office,CC_Internet) static x.x.x.x service tcp 3379 3379
object network obj-10.10.2.245
nat (Office,CC_Internet) static x.x.x.x service tcp 3378 3378
object network obj-10.10.2.176
nat (Office,CC_Internet) static x.x.x.x service tcp 3384 3384
object network obj-10.10.0.199
nat (Office,CC_Internet) static x.x.x.x service tcp 18172 18172
object network obj-10.10.2.104
nat (Office,CC_Internet) static x.x.x.x service tcp 19182 19182
object network obj-10.10.0.3
nat (Office,CC_Internet) static x.x.x.x service tcp 23389 23389
object network obj-10.10.2.144
nat (Office,CC_Internet) static x.x.x.x service tcp 21587 21587
object network obj-10.10.2.204
nat (Office,CC_Internet) static x.x.x.x service tcp 21588 21588
object network obj-10.10.2.23
nat (Office,CC_Internet) static x.x.x.x service tcp 21589 21589
object network obj-10.10.2.212
nat (Office,CC_Internet) static x.x.x.x service tcp 21590 21590
object network obj-10.10.2.114
nat (Office,CC_Internet) static x.x.x.x service tcp 21591 21591
object network obj-10.10.2.9
nat (Office,CC_Internet) static x.x.x.x service tcp 10620 10620
access-group CC_Internet_access_in in interface CC_Internet
access-group inside_access_in in interface BKP
access-group inside2_access_in in interface Office
route CC_Internet 0.0.0.0 0.0.0.0 x.x.x.x 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication enable console LOCAL
aaa authentication ssh console LOCAL
aaa local authentication attempts max-fail 8
http server enable
http 10.10.0.0 255.255.252.0 Office
http 172.16.1.0 255.255.255.0 management
http 10.10.4.0 255.255.252.0 Office
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transport
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec security-association pmtu-aging infinite
crypto map CC_Internet_map 1 match address CC_Internet_cryptomap
crypto map CC_Internet_map 1 set peer x.x.x.x
crypto map CC_Internet_map 1 set ikev1 transform-set ESP-3DES-MD5
crypto map CC_Internet_map interface CC_Internet
crypto ca trustpool policy
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable CC_Internet
crypto ikev1 enable CC_Internet
crypto ikev1 policy 10
authentication crack
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 20
authentication rsa-sig
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 30
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 40
authentication crack
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 50
authentication rsa-sig
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 60
authentication pre-share
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 70
authentication crack
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 80
authentication rsa-sig
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 90
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 100
authentication crack
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 110
authentication rsa-sig
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 120
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 130
authentication crack
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 140
authentication rsa-sig
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 150
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
telnet 10.10.0.0 255.255.252.0 Office
telnet 172.16.0.0 255.255.255.0 management
telnet timeout 5
ssh stricthostkeycheck
ssh x.x.x.x 255.255.255.0 CC_Internet
ssh x.x.x.x 255.255.255.255 CC_Internet
ssh 10.10.0.0 255.255.252.0 Office
ssh 0.0.0.0 0.0.0.0 Office
ssh timeout 30
ssh key-exchange group dh-group1-sha1
console timeout 0
management-access Office
vpn-sessiondb max-other-vpn-limit 250
vpn-sessiondb max-anyconnect-premium-or-essentials-limit 2
threat-detection basic-threat
threat-detection statistics host
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 131.107.13.100 source CC_Internet
webvpn
enable CC_Internet
anyconnect image disk0:/anyconnect-win-4.4.00243-webdeploy-k9.pkg 1
anyconnect enable
tunnel-group-list enable
group-policy DfltGrpPolicy attributes
dns-server value 8.8.4.4 8.8.8.8
vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-client ssl-clientless
default-domain value xxx.xxx.com
group-policy GroupPolicy_x.x.x.x internal
group-policy GroupPolicy_x.x.x.x attributes
vpn-tunnel-protocol ikev1
group-policy GroupPolicy_AnyConnect internal
group-policy GroupPolicy_AnyConnect attributes
wins-server none
dns-server value 8.8.4.4 10.10.2.7
vpn-tunnel-protocol ssl-client
split-tunnel-policy tunnelspecified
split-tunnel-network-list value split-tunnel
default-domain value xxx.xxxxxx.com
webvpn
anyconnect keep-installer installed
anyconnect ssl rekey time 30
anyconnect ssl rekey method ssl
anyconnect ask none default anyconnect
username xxxxxxxxxx password xxxxxxxxxxxxxxxx encrypted
tunnel-group DefaultWEBVPNGroup general-attributes
address-pool OfficeVPN
default-group-policy GroupPolicy_AnyConnect
tunnel-group x.x.x.x type ipsec-l2l
tunnel-group x.x.x.x general-attributes
default-group-policy GroupPolicy_x.x.x.x
tunnel-group x.x.x.x ipsec-attributes
ikev1 pre-shared-key xxxxxxx
ikev2 remote-authentication pre-shared-key xxxxxxx
ikev2 local-authentication pre-shared-key xxxxxxx
tunnel-group AnyConnect type remote-access
tunnel-group AnyConnect general-attributes
address-pool OfficeVPN
default-group-policy GroupPolicy_AnyConnect
tunnel-group AnyConnect webvpn-attributes
group-alias AnyConnect enable
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect ftp
class class-default
user-statistics accounting
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:xxxxxxxxxxxxxxxxxxxxxxxx
: end
ASKER CERTIFIED SOLUTION
Avatar of Lexan Tronix
Lexan Tronix
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial