- Posts: 10
- Thank you received: 0
WLAN (inside2) port to access the internet
13 years 3 months ago #37352
by Quen
WLAN (inside2) port to access the internet was created by Quen
Hi Guys,
I cannot get my WLAN port to access the internet. What am I mssing?
Thanx in advance!
Quen
The config:
: Saved
:
ASA Version 8.4(2)
!
hostname ciscoasa2
domain-name unknown.lo
enable password xxxxxxx encrypted
passwd xxxxxxx encrypted
names
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
switchport access vlan 12
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.135.253 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address xx.xx.xx.130 255.255.255.248
!
interface Vlan12
nameif WIFI
security-level 50
ip address 192.168.131.253 255.255.255.0
!
boot system disk0:/asa842-k8.bin
ftp mode passive
dns domain-lookup inside
dns domain-lookup outside
dns domain-lookup WIFI
dns server-group DefaultDNS
name-server xxxxxxxxxxxxxx
name-server xxxxxxxxxxxxxx
name-server 192.168.135.12
name-server 192.168.135.16
domain-name winbase.local
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network obj-192.168.135.0
subnet 192.168.135.0 255.255.255.0
object network obj-10.10.1.0
subnet 10.10.1.0 255.255.255.0
object network obj-192.168.135.17
host 192.168.135.17
object network obj-192.168.135.17-01
host 192.168.135.17
object network obj-192.168.135.3
host 192.168.135.3
object network obj-192.168.135.13
host 192.168.135.13
object network obj-192.168.135.13-01
host 192.168.135.13
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network NETWORK_OBJ_192.168.135.0_24
subnet 192.168.135.0 255.255.255.0
object network obj-192.168.135.5
host 192.168.135.5
description FTP
object network 192.168.135.5
host 192.168.135.5
description 192.168.135.5
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
access-list outside_access_out extended permit tcp any any eq www
access-list outside_access_out extended permit tcp any any eq https
access-list outside_access_out extended permit object-group TCPUDP any any eq domain
access-list outside_access_out extended permit tcp any any eq 3389
access-list outside_access_out remark DNS
access-list outside_access_out remark Remote Desktop Protocol
access-list outside_access_out extended permit tcp any any eq smtp
access-list outside_access_out extended permit tcp any any eq 8890
access-list outside_access_out remark FTP
access-list outside_access_out extended permit tcp any any eq ftp-data
access-list outside_access_out remark FTP
access-list outside_access_out extended permit tcp any any eq ftp
access-list outside_access_out remark SSH tbv CarePartners of SFTP
access-list outside_access_out extended permit tcp any any eq ssh
access-list outside_access_out remark PPTP VPN.
access-list outside_access_out extended permit tcp any any eq pptp
access-list outside_access_out extended permit tcp any any eq 2901
access-list outside_access_out remark SVN (Incura)
access-list outside_access_out extended permit tcp any any eq 8443
access-list outside_access_out extended permit tcp any any eq 8080
access-list outside_access_out remark L2TP VPN.
access-list outside_access_out extended permit tcp any any eq 1701
access-list outside_access_out remark email Annelies.
access-list outside_access_out extended permit tcp any any eq pop3
access-list outside_access_out remark Boekhouding Hoge Waerder RDP
access-list outside_access_out extended permit tcp any any eq 11135
access-list outside_access_out remark Cisco L2TP verbinding eis.
access-list outside_access_out extended permit udp any any eq isakmp
access-list outside_access_out remark Cisco L2TP verbinding eis.
access-list outside_access_out extended permit udp any any eq 4500
access-list outside_access_out remark Vital Health Kerio VPN
access-list outside_access_out extended permit tcp any any eq 4090
access-list outside_access_out remark Vital Health Kerio VPN
access-list outside_access_out extended permit udp any any eq 4090
access-list outside_access_out extended permit icmp any any echo
access-list outside_access_out extended permit gre any any
access-list outside_access_out extended permit esp any any
access-list outside_access_in remark http
access-list outside_access_in extended permit tcp any any eq www
access-list outside_access_in remark https
access-list outside_access_in extended permit tcp any any eq https
access-list outside_access_in remark naar WBG-VENUS
access-list outside_access_in extended permit tcp any interface outside eq https
access-list outside_access_in remark Inkomende Email
access-list outside_access_in extended permit tcp any interface outside eq smtp
access-list outside_access_in remark SVN (incura)
access-list outside_access_in extended permit tcp any any eq 8443
access-list outside_access_in remark Source Off Site (SOS)
access-list outside_access_in extended permit tcp any any eq 8080
access-list outside_access_in remark Incura TEST Website
access-list outside_access_in extended permit tcp any any eq 50000
access-list outside_access_in extended permit gre any any
access-list outside_access_in extended permit esp any any
access-list outside_access_in extended permit udp any any eq isakmp
access-list inside_nat0_outbound extended permit ip any 192.168.135.0 255.255.255.0
access-list inside_nat0_outbound remark DD VPN
access-list inside_nat0_outbound extended permit ip 192.168.135.0 255.255.255.0 10.10.1.0 255.255.255.0
access-list Local_LAN_Access standard permit 192.168.135.0 255.255.255.0
access-list http-list2 extended permit tcp any host xxxxxxxxxxxxx
access-list http-list2 extended permit tcp any host 87.233.171.160
access-list http-list2 extended permit tcp any xxxxxxxxxxxxx 255.255.255.248
access-list winbase2_splitTunnelAcl_2 standard permit 192.168.135.0 255.255.255.0
access-list winbase2_splitTunnelAcl standard permit any
!
tcp-map mss-map
!
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu WIFI 1500
ip local pool winbase 192.168.135.120-192.168.135.128 mask 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-645.bin
no asdm history enable
arp timeout 14400
nat (inside,outside) source static any any destination static NETWORK_OBJ_192.168.135.0_24 NETWORK_OBJ_192.168.135.0_24 no-proxy-arp route-lookup
!
object network obj-192.168.135.17
nat (inside,outside) static interface service tcp 8443 8443
object network obj-192.168.135.17-01
nat (inside,outside) static interface service tcp 8080 8080
object network obj-192.168.135.3
nat (inside,outside) static interface service tcp 50000 50000
object network obj-192.168.135.13
nat (inside,outside) static interface service tcp smtp smtp
object network obj_any
nat (inside,outside) dynamic interface
access-group outside_access_in in interface outside
access-group outside_access_out out interface outside
route outside 0.0.0.0 0.0.0.0 95.97.48.129 255
route inside 192.168.136.0 255.255.255.0 192.168.135.231 1
route inside 192.168.138.0 255.255.255.0 192.168.135.231 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server LDAP protocol ldap
aaa-server LDAP (inside) host 192.168.135.12
ldap-base-dn dc=winbase, dc=local
ldap-scope subtree
ldap-naming-attribute sAMAccountName
ldap-login-password *****
ldap-login-dn cn=administrator, cn=users, dc=winbase, dc=local
server-type microsoft
user-identity default-domain LOCAL
http server enable
http 192.168.135.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
auth-prompt prompt LET OP! Gebruik je domein gebruikersnaam en wachtwoord.
crypto ipsec ikev1 transform-set TRANS_ESP_AES-256_SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set TRANS_ESP_AES-256_SHA mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto dynamic-map outside_dyn_map 20 set pfs
crypto dynamic-map outside_dyn_map 20 set ikev1 transform-set ESP-AES-128-SHA
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map inside_map interface inside
crypto ca trustpoint _SmartCallHome_ServerCA
crl configure
crypto ca trustpoint ASDM_TrustPoint0
enrollment self
subject-name CN=ciscoasa2
proxy-ldc-issuer
crl configure
crypto ca certificate chain _SmartCallHome_ServerCA
certificate ca
quit
crypto ca certificate chain ASDM_TrustPoint0
certificate 914b544e
quit
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable inside client-services port 443
crypto ikev2 enable outside client-services port 443
crypto ikev2 remote-access trustpoint ASDM_TrustPoint0
crypto ikev1 enable inside
crypto ikev1 enable outside
crypto ikev1 ipsec-over-tcp port 10000
crypto ikev1 policy 10
authentication pre-share
encryption aes-256
hash sha
group 5
lifetime 86400
crypto ikev1 policy 30
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 50
authentication pre-share
encryption aes
hash sha
group 5
lifetime 86400
telnet 192.168.135.14 255.255.255.255 inside
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.131.100-192.168.131.200 WIFI
dhcpd dns xxxxxxxxxx xxxxxxxxxxx interface WIFI
dhcpd enable WIFI
!
threat-detection basic-threat
threat-detection statistics host
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl trust-point ASDM_TrustPoint0 outside
ssl trust-point ASDM_TrustPoint0 inside
webvpn
enable inside
enable outside
anyconnect image disk0:/anyconnect-dart-win-2.5.3054-k9.pkg 1
anyconnect profiles WinBaseAny_client_profile disk0:/WinBaseAny_client_profile.xml
anyconnect enable
tunnel-group-list enable
group-policy GroupPolicy_WinBaseAny internal
group-policy GroupPolicy_WinBaseAny attributes
wins-server none
dns-server value 192.168.135.12 192.168.135.16
vpn-tunnel-protocol ikev2 ssl-client
default-domain value winbase.local
webvpn
anyconnect profiles value WinBaseAny_client_profile type user
group-policy winbase2 internal
group-policy winbase2 attributes
dns-server value 192.168.135.12 192.168.135.16
vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value Local_LAN_Access
default-domain value winbase.local
username Quentin password q9jYlNNf8JCUNrdq encrypted
tunnel-group DefaultRAGroup ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group DefaultRAGroup ppp-attributes
authentication ms-chap-v2
tunnel-group winbase2 type remote-access
tunnel-group winbase2 general-attributes
address-pool winbase
authentication-server-group LDAP
default-group-policy winbase2
tunnel-group winbase2 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 195.93.224.30 type ipsec-l2l
tunnel-group 195.93.224.30 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group WinBaseAny type remote-access
tunnel-group WinBaseAny general-attributes
address-pool winbase
authentication-server-group LDAP
default-group-policy GroupPolicy_WinBaseAny
tunnel-group WinBaseAny webvpn-attributes
group-alias WinBaseAny enable
!
class-map global-class
match default-inspection-traffic
class-map inspection_default
match default-inspection-traffic
class-map http-map1
match access-list http-list2
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect h323 ras
inspect rsh
inspect rtsp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ftp
inspect pptp
inspect ipsec-pass-thru
inspect ip-options
policy-map global-policy
class global-class
inspect ftp
inspect h323 ras
inspect ipsec-pass-thru
inspect netbios
inspect pptp
inspect rsh
inspect rtsp
inspect sip
inspect skinny
inspect sqlnet
inspect sunrpc
inspect tftp
inspect xdmcp
class class-default
user-statistics accounting
policy-map http-map1
class http-map1
set connection advanced-options mss-map
!
service-policy global-policy global
service-policy http-map1 interface outside
prompt hostname context
call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http tools.cisco.com/its/service/oddce/services/DDCEService
destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:
: end
asdm image disk0:/asdm-645.bin
no asdm history enable
I cannot get my WLAN port to access the internet. What am I mssing?
Thanx in advance!
Quen
The config:
: Saved
:
ASA Version 8.4(2)
!
hostname ciscoasa2
domain-name unknown.lo
enable password xxxxxxx encrypted
passwd xxxxxxx encrypted
names
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
switchport access vlan 12
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.135.253 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address xx.xx.xx.130 255.255.255.248
!
interface Vlan12
nameif WIFI
security-level 50
ip address 192.168.131.253 255.255.255.0
!
boot system disk0:/asa842-k8.bin
ftp mode passive
dns domain-lookup inside
dns domain-lookup outside
dns domain-lookup WIFI
dns server-group DefaultDNS
name-server xxxxxxxxxxxxxx
name-server xxxxxxxxxxxxxx
name-server 192.168.135.12
name-server 192.168.135.16
domain-name winbase.local
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network obj-192.168.135.0
subnet 192.168.135.0 255.255.255.0
object network obj-10.10.1.0
subnet 10.10.1.0 255.255.255.0
object network obj-192.168.135.17
host 192.168.135.17
object network obj-192.168.135.17-01
host 192.168.135.17
object network obj-192.168.135.3
host 192.168.135.3
object network obj-192.168.135.13
host 192.168.135.13
object network obj-192.168.135.13-01
host 192.168.135.13
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network NETWORK_OBJ_192.168.135.0_24
subnet 192.168.135.0 255.255.255.0
object network obj-192.168.135.5
host 192.168.135.5
description FTP
object network 192.168.135.5
host 192.168.135.5
description 192.168.135.5
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
access-list outside_access_out extended permit tcp any any eq www
access-list outside_access_out extended permit tcp any any eq https
access-list outside_access_out extended permit object-group TCPUDP any any eq domain
access-list outside_access_out extended permit tcp any any eq 3389
access-list outside_access_out remark DNS
access-list outside_access_out remark Remote Desktop Protocol
access-list outside_access_out extended permit tcp any any eq smtp
access-list outside_access_out extended permit tcp any any eq 8890
access-list outside_access_out remark FTP
access-list outside_access_out extended permit tcp any any eq ftp-data
access-list outside_access_out remark FTP
access-list outside_access_out extended permit tcp any any eq ftp
access-list outside_access_out remark SSH tbv CarePartners of SFTP
access-list outside_access_out extended permit tcp any any eq ssh
access-list outside_access_out remark PPTP VPN.
access-list outside_access_out extended permit tcp any any eq pptp
access-list outside_access_out extended permit tcp any any eq 2901
access-list outside_access_out remark SVN (Incura)
access-list outside_access_out extended permit tcp any any eq 8443
access-list outside_access_out extended permit tcp any any eq 8080
access-list outside_access_out remark L2TP VPN.
access-list outside_access_out extended permit tcp any any eq 1701
access-list outside_access_out remark email Annelies.
access-list outside_access_out extended permit tcp any any eq pop3
access-list outside_access_out remark Boekhouding Hoge Waerder RDP
access-list outside_access_out extended permit tcp any any eq 11135
access-list outside_access_out remark Cisco L2TP verbinding eis.
access-list outside_access_out extended permit udp any any eq isakmp
access-list outside_access_out remark Cisco L2TP verbinding eis.
access-list outside_access_out extended permit udp any any eq 4500
access-list outside_access_out remark Vital Health Kerio VPN
access-list outside_access_out extended permit tcp any any eq 4090
access-list outside_access_out remark Vital Health Kerio VPN
access-list outside_access_out extended permit udp any any eq 4090
access-list outside_access_out extended permit icmp any any echo
access-list outside_access_out extended permit gre any any
access-list outside_access_out extended permit esp any any
access-list outside_access_in remark http
access-list outside_access_in extended permit tcp any any eq www
access-list outside_access_in remark https
access-list outside_access_in extended permit tcp any any eq https
access-list outside_access_in remark naar WBG-VENUS
access-list outside_access_in extended permit tcp any interface outside eq https
access-list outside_access_in remark Inkomende Email
access-list outside_access_in extended permit tcp any interface outside eq smtp
access-list outside_access_in remark SVN (incura)
access-list outside_access_in extended permit tcp any any eq 8443
access-list outside_access_in remark Source Off Site (SOS)
access-list outside_access_in extended permit tcp any any eq 8080
access-list outside_access_in remark Incura TEST Website
access-list outside_access_in extended permit tcp any any eq 50000
access-list outside_access_in extended permit gre any any
access-list outside_access_in extended permit esp any any
access-list outside_access_in extended permit udp any any eq isakmp
access-list inside_nat0_outbound extended permit ip any 192.168.135.0 255.255.255.0
access-list inside_nat0_outbound remark DD VPN
access-list inside_nat0_outbound extended permit ip 192.168.135.0 255.255.255.0 10.10.1.0 255.255.255.0
access-list Local_LAN_Access standard permit 192.168.135.0 255.255.255.0
access-list http-list2 extended permit tcp any host xxxxxxxxxxxxx
access-list http-list2 extended permit tcp any host 87.233.171.160
access-list http-list2 extended permit tcp any xxxxxxxxxxxxx 255.255.255.248
access-list winbase2_splitTunnelAcl_2 standard permit 192.168.135.0 255.255.255.0
access-list winbase2_splitTunnelAcl standard permit any
!
tcp-map mss-map
!
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu WIFI 1500
ip local pool winbase 192.168.135.120-192.168.135.128 mask 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-645.bin
no asdm history enable
arp timeout 14400
nat (inside,outside) source static any any destination static NETWORK_OBJ_192.168.135.0_24 NETWORK_OBJ_192.168.135.0_24 no-proxy-arp route-lookup
!
object network obj-192.168.135.17
nat (inside,outside) static interface service tcp 8443 8443
object network obj-192.168.135.17-01
nat (inside,outside) static interface service tcp 8080 8080
object network obj-192.168.135.3
nat (inside,outside) static interface service tcp 50000 50000
object network obj-192.168.135.13
nat (inside,outside) static interface service tcp smtp smtp
object network obj_any
nat (inside,outside) dynamic interface
access-group outside_access_in in interface outside
access-group outside_access_out out interface outside
route outside 0.0.0.0 0.0.0.0 95.97.48.129 255
route inside 192.168.136.0 255.255.255.0 192.168.135.231 1
route inside 192.168.138.0 255.255.255.0 192.168.135.231 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server LDAP protocol ldap
aaa-server LDAP (inside) host 192.168.135.12
ldap-base-dn dc=winbase, dc=local
ldap-scope subtree
ldap-naming-attribute sAMAccountName
ldap-login-password *****
ldap-login-dn cn=administrator, cn=users, dc=winbase, dc=local
server-type microsoft
user-identity default-domain LOCAL
http server enable
http 192.168.135.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
auth-prompt prompt LET OP! Gebruik je domein gebruikersnaam en wachtwoord.
crypto ipsec ikev1 transform-set TRANS_ESP_AES-256_SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set TRANS_ESP_AES-256_SHA mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto dynamic-map outside_dyn_map 20 set pfs
crypto dynamic-map outside_dyn_map 20 set ikev1 transform-set ESP-AES-128-SHA
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map inside_map interface inside
crypto ca trustpoint _SmartCallHome_ServerCA
crl configure
crypto ca trustpoint ASDM_TrustPoint0
enrollment self
subject-name CN=ciscoasa2
proxy-ldc-issuer
crl configure
crypto ca certificate chain _SmartCallHome_ServerCA
certificate ca
quit
crypto ca certificate chain ASDM_TrustPoint0
certificate 914b544e
quit
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable inside client-services port 443
crypto ikev2 enable outside client-services port 443
crypto ikev2 remote-access trustpoint ASDM_TrustPoint0
crypto ikev1 enable inside
crypto ikev1 enable outside
crypto ikev1 ipsec-over-tcp port 10000
crypto ikev1 policy 10
authentication pre-share
encryption aes-256
hash sha
group 5
lifetime 86400
crypto ikev1 policy 30
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 50
authentication pre-share
encryption aes
hash sha
group 5
lifetime 86400
telnet 192.168.135.14 255.255.255.255 inside
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.131.100-192.168.131.200 WIFI
dhcpd dns xxxxxxxxxx xxxxxxxxxxx interface WIFI
dhcpd enable WIFI
!
threat-detection basic-threat
threat-detection statistics host
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl trust-point ASDM_TrustPoint0 outside
ssl trust-point ASDM_TrustPoint0 inside
webvpn
enable inside
enable outside
anyconnect image disk0:/anyconnect-dart-win-2.5.3054-k9.pkg 1
anyconnect profiles WinBaseAny_client_profile disk0:/WinBaseAny_client_profile.xml
anyconnect enable
tunnel-group-list enable
group-policy GroupPolicy_WinBaseAny internal
group-policy GroupPolicy_WinBaseAny attributes
wins-server none
dns-server value 192.168.135.12 192.168.135.16
vpn-tunnel-protocol ikev2 ssl-client
default-domain value winbase.local
webvpn
anyconnect profiles value WinBaseAny_client_profile type user
group-policy winbase2 internal
group-policy winbase2 attributes
dns-server value 192.168.135.12 192.168.135.16
vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value Local_LAN_Access
default-domain value winbase.local
username Quentin password q9jYlNNf8JCUNrdq encrypted
tunnel-group DefaultRAGroup ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group DefaultRAGroup ppp-attributes
authentication ms-chap-v2
tunnel-group winbase2 type remote-access
tunnel-group winbase2 general-attributes
address-pool winbase
authentication-server-group LDAP
default-group-policy winbase2
tunnel-group winbase2 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 195.93.224.30 type ipsec-l2l
tunnel-group 195.93.224.30 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group WinBaseAny type remote-access
tunnel-group WinBaseAny general-attributes
address-pool winbase
authentication-server-group LDAP
default-group-policy GroupPolicy_WinBaseAny
tunnel-group WinBaseAny webvpn-attributes
group-alias WinBaseAny enable
!
class-map global-class
match default-inspection-traffic
class-map inspection_default
match default-inspection-traffic
class-map http-map1
match access-list http-list2
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect h323 ras
inspect rsh
inspect rtsp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ftp
inspect pptp
inspect ipsec-pass-thru
inspect ip-options
policy-map global-policy
class global-class
inspect ftp
inspect h323 ras
inspect ipsec-pass-thru
inspect netbios
inspect pptp
inspect rsh
inspect rtsp
inspect sip
inspect skinny
inspect sqlnet
inspect sunrpc
inspect tftp
inspect xdmcp
class class-default
user-statistics accounting
policy-map http-map1
class http-map1
set connection advanced-options mss-map
!
service-policy global-policy global
service-policy http-map1 interface outside
prompt hostname context
call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http tools.cisco.com/its/service/oddce/services/DDCEService
destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:
: end
asdm image disk0:/asdm-645.bin
no asdm history enable
13 years 3 months ago #37382
by Smurf
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
Replied by Smurf on topic Re: WLAN (inside2) port to access the internet
Does look like nat is setup from the wireless to external.
Cheers
Wayne
Cheers
Wayne
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
Time to create page: 0.126 seconds