Cisco ASA 505 Site to Site Issue

Discussion in 'Cisco' started by dannyn, Oct 19, 2010.

  1. dannyn

    dannyn

    Joined:
    Oct 19, 2010
    Messages:
    1
    Likes Received:
    0
    Here is my config.... I am trying to go from 192.1681.0 is the local site, to 10.241.113.0 is the remote site. On the other end is a Cisco VPN 3000. I can VPN to that using the Cisco remote client just fine.



    ASA Version 7.2(3)

    !

    hostname ciscoasa

    domain-name comcast.net

    enable password 8Ry2YjIyt7RRXU24 encrypted

    names

    !

    interface Vlan1

    nameif inside

    security-level 100

    ip address 192.168.1.200 255.255.255.0

    !

    interface Vlan2

    nameif outside

    security-level 0

    ip address dhcp setroute

    !

    interface Ethernet0/0

    switchport access vlan 2

    !

    interface Ethernet0/1

    !

    interface Ethernet0/2

    !

    interface Ethernet0/3

    !

    interface Ethernet0/4

    !

    interface Ethernet0/5

    !

    interface Ethernet0/6

    !

    interface Ethernet0/7

    !

    passwd 4Wtw78CIa2UJQxhM encrypted

    ftp mode passive

    dns domain-lookup outside

    dns server-group DefaultDNS

    name-server 205.171.2.65

    name-server 205.171.3.65

    domain-name comcast.net

    access-list Home_Users_splitTunnelAcl standard permit any

    access-list inside_nat0_outbound extended deny ip any host 207.225.227.242

    access-list inside_nat0_outbound extended deny ip 192.168.1.0 255.255.255.0 any

    access-list inside_nat0_outbound extended permit ip any any

    access-list inside_nat0_outbound extended permit ip any 192.168.1.64 255.255.255.192

    access-list Home_Users_splitTunnelAcl_1 standard permit any

    access-list Home_Users_splitTunnelAcl_2 standard permit any

    access-list inside_nat0_outbound_1 extended permit ip 192.168.1.0 255.255.255.0 10.241.113.0 255.255.255.0

    access-list outside_1_cryptomap extended permit ip 192.168.1.0 255.255.255.0 10.241.113.0 255.255.255.0

    pager lines 24

    logging enable

    logging asdm informational

    mtu inside 1500

    mtu outside 1500

    ip local pool hoe_addressed 192.168.1.75-192.168.1.100 mask 255.255.255.0

    icmp unreachable rate-limit 1 burst-size 1

    asdm image disk0:/asdm-523.bin

    no asdm history enable

    arp timeout 14400

    global (outside) 1 interface

    nat (inside) 0 access-list inside_nat0_outbound_1

    nat (inside) 1 0.0.0.0 0.0.0.0

    timeout xlate 3:00:00

    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

    timeout uauth 0:05:00 absolute

    http server enable

    http 192.168.1.0 255.255.255.0 inside

    no snmp-server location

    no snmp-server contact

    snmp-server enable traps snmp authentication linkup linkdown coldstart

    crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

    crypto dynamic-map outside_dyn_map 20 set pfs

    crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA

    crypto dynamic-map outside_dyn_map 40 set pfs

    crypto dynamic-map outside_dyn_map 40 set transform-set ESP-3DES-SHA

    crypto dynamic-map outside_dyn_map 60 set pfs

    crypto dynamic-map outside_dyn_map 60 set transform-set ESP-3DES-SHA

    crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map

    crypto map outside_map0 1 match address outside_1_cryptomap

    crypto map outside_map0 1 set pfs

    crypto map outside_map0 1 set peer 1.1.1.1
    crypto map outside_map0 1 set transform-set ESP-3DES-SHA

    crypto map outside_map0 interface outside

    crypto isakmp enable outside

    crypto isakmp policy 10

    authentication pre-share

    encryption 3des

    hash sha

    group 2

    lifetime 86400

    telnet 0.0.0.0 0.0.0.0 inside

    telnet timeout 5

    ssh timeout 5

    console timeout 0

    dhcpd auto_config outside

    !

    dhcpd address 192.168.1.2-192.168.1.129 inside

    dhcpd enable inside

    !

    vpnclient server 1.1.1.1

    vpnclient mode client-mode

    vpnclient vpngroup test password ********

    vpnclient username test1 password ********

    !

    class-map inspection_default

    match default-inspection-traffic

    !

    !

    policy-map type inspect dns preset_dns_map

    parameters

    message-length maximum 512

    policy-map global_policy

    class inspection_default

    inspect dns preset_dns_map

    inspect ftp

    inspect h323 h225

    inspect h323 ras

    inspect rsh

    inspect rtsp

    inspect esmtp

    inspect sqlnet

    inspect skinny

    inspect sunrpc

    inspect xdmcp

    inspect sip

    inspect netbios

    inspect tftp

    inspect icmp

    inspect icmp error

    !

    service-policy global_policy global

    tunnel-group 1.1.1.1 type ipsec-l2l

    tunnel-group 1.1.1.1 ipsec-attributes

    pre-shared-key *

    prompt hostname context

    Cryptochecksum:98ac6f4e89af2535963c6a2de08d9132

    : end

    ciscoasa# show switch vlan
    VLAN Name Status Ports
    ---- -------------------------------- --------- -----------------------------
    1 inside up Et0/1, Et0/2, Et0/3, Et0/4
    Et0/5, Et0/6, Et0/7
    2 outside up Et0/0
    ciscoasa# show crypto ipsec sa

    There are no ipsec sas
    ciscoasa# show crypto isakmp sa

    There are no isakmp sas
    ciscoasa#

    Thank you so much for your time, I really appreciate anyone that can help me solve my issue.
     
    dannyn, Oct 19, 2010
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.