Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Cisco ASA 5510 VPN Error

Status
Not open for further replies.
FarmProgress

FarmProgress

MIS
Jul 24, 2003
2
US
I've converted to my new Cisco ASA 5510 and I'm having trouble with one of my VPN's dropping every 5 to 10 minutes.

The error messages are:
3 May 21 2007 14:36:34 713902 Group = 65.127.253.226, IP = 65.127.253.226, Removing peer from correlator table failed, no match!

3 May 21 2007 14:10:07 713902 Group = 203.3.70.5, IP = 203.3.70.5, QM FSM error (P2 struct &0x41faae0, mess id 0xa98d4f67)!

The VPN with the problem is 203.3.70.5

: Saved
:
ASA Version 7.2(2)
!
hostname FWCSIL
domain-name DOMAIN.COM
names
name in.si.de.2 MAIL-IN2 description mail SMTP Inside
name in.si.de.10 MAIL-IN10 description mail POP3 HTTP Inside
name in.si.de.18 FULFILLMENT-IN18 description Fulfillment PCA Inside
name in.si.de.25 FINANCE-IN25 description Financeserver Telnet Inside
name in.si.de.21 INKJET-IN21 description Inkjet PCA Inside
name in.si.de.20 SALES-IN20 description Sales HTTP Inside
name in.si.de.16 FARMDC-IN16 description FarmDC DC Proxy Inside
name in.si.de.8 TAPESERVER-IN8 description Tapeserver DC Inside
name in.si.de.4 SALES-IN4 description Sales FTP inside
name in.si.de.23 ADVANTAGEWS-IN23 description PCA Inside
name 152.160.104.253 ACS-PCAW description PCA VendorIP
name in.si.de.9 SERVER-IN9 description SERVER PCA Inside
name in.si.de.19 WAMNET-IN19 description Inside
name 63.201.122.61 APT-PCAW description APT PCA VenderIP
name out.si.de.153 ADVANTAGEWS-OUT153 description Advantage Workstation PCA Outside
name out.si.de.139 SERVER-OUT139 description SERVER PCA Outside
name out.si.de.155 FINANCE-OUT155 description Financeserver Telnet Outside
name out.si.de.148 FULFILLMENT-OUT18 description Fulfillment PCA Outside
name out.si.de.132 MAIL-OUT132 description mail SMTP Outside
name out.si.de.140 MAIL-OUT140 description mail POP3 Outside
name out.si.de.151 INKJET-OUT151 description Inkjet PCA Outside
name out.si.de.134 SALES-OUT134 description Sales FTP Outside
name out.si.de.150 SALES-OUT150 description Sales HTTP Outside
name out.si.de.133 WAMNET-OUT133 description WamNet Outside
name in.si.de.3 SALES-IN3 description Sales SNMP Inside
name out.si.de.149 SALES-OUT149 description Sales SNMP Outside
name 192.150.18.46 ADOBE-UPDATER description Adobe Updater IP
name ip.ad.ddress PT description
!
interface Ethernet0/0
description outside ip address
nameif outside
security-level 0
ip address out.si.de.135 255.255.255.192
!
interface Ethernet0/1
description Inside interface firewall in.si.de.x
nameif inside
security-level 100
ip address in.si.de.5 255.255.255.0
!
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
!
passwd 2KFQnbNIdI.2KYOU encrypted
banner login This router is private property. Restricted access only. Unauthorized access is not desired.
banner motd This router is private property. Restricted access only. Unauthorized access is not desired.
boot system disk0:/asa722-k8.bin
ftp mode passive
clock timezone CST -6
clock summer-time CDT recurring
dns domain-lookup inside
dns server-group DefaultDNS
name-server 205.171.3.65
name-server 205.171.2.65
domain-name domain.com
same-security-traffic permit intra-interface
object-group service LDAP500 tcp
description LDAP Port 500
port-object eq 500
object-group service SMTPAuth tcp
description SMTP Auth on 587
port-object eq 587
object-group service MAILCALENDAR8083 tcp
description Web calendart
port-object range 8083 8083
object-group icmp-type ICMP-Permit
description Permitted ibound ICMP
icmp-object echo
icmp-object echo-reply
icmp-object source-quench
icmp-object time-exceeded
icmp-object unreachable
object-group network partner.com
description partner.com Networks
network-object 10.0.0.0 255.0.0.0
network-object 172.18.0.0 255.255.0.0
network-object 172.19.0.0 255.255.0.0
object-group network NETWORK-RAS
description Carol Stream Dial In workstations
network-object in.si.de.248 255.255.255.248
object-group network NETWORK-VPN
description Carol Stream VPN Users
network-object in.si.de.232 255.255.255.248
network-object in.si.de.240 255.255.255.248
object-group network NETWORK-WORKSTATIONS
description Workstations in Carol Stream
network-object in.si.de.128 255.255.255.192
network-object in.si.de.192 255.255.255.224
object-group network NETWORK-ALL-WORKSTATIONS
description Carol Stream Workstations RAS VPN
group-object NETWORK-RAS
group-object NETWORK-VPN
group-object NETWORK-WORKSTATIONS
object-group network NETWORK-REMOTE
description Carol Stream RAS and VPN
group-object NETWORK-RAS
group-object NETWORK-VPN
object-group network NETWORK-IT
description IT Workstations
network-object in.si.de.88 255.255.255.248
object-group service WAMNET-UDP7000 udp
description Wamnet UDP Port 7000
port-object range 7000 7000
object-group service Rsync tcp
description Rsync Port 873
port-object range 873 873
object-group network DecaturIL-Network
network-object 192.168.230.0 255.255.255.0
object-group network LincolnNE-Network
network-object 192.168.220.0 255.255.255.0
object-group network MinnetonkaMN-network
network-object 192.168.200.0 255.255.255.0
object-group network UrbandaleIA-Network
network-object 192.168.210.0 255.255.255.0
object-group network All-VPN-Networks
description
group-object DecaturIL-Network
group-object LincolnNE-Network
group-object MinnetonkaMN-network
group-object partner.com
group-object UrbandaleIA-Network
object-group network NETWORK-SERVERS
description Servers in Carol Stream
network-object host MAIL-IN10
network-object host FARMDC-IN16
network-object host FULFILLMENT-IN18
network-object host WAMNET-IN19
network-object host SALES-IN20
network-object host INKJET-IN21
network-object host ADVANTAGEWS-IN23
network-object host FINANCE-IN25
network-object host MAIL-IN2
network-object host SALES-IN3
network-object host SALES-IN4
network-object host TAPESERVER-IN8
network-object host SERVER-IN9
access-list inside_access_in remark sniffer update
access-list inside_access_in extended permit tcp host MAIL-IN2 any eq www
access-list inside_access_in remark sniffer update
access-list inside_access_in extended permit tcp host MAIL-IN2 any eq https
access-list inside_access_in remark Symantec Client Security
access-list inside_access_in extended permit tcp host INKJET-IN21 any eq www
access-list inside_access_in remark proxy
access-list inside_access_in extended permit tcp host FARMDC-IN16 any eq https
access-list inside_access_in remark proxy
access-list inside_access_in extended permit tcp host FARMDC-IN16 any eq www
access-list inside_access_in remark Domain time server
access-list inside_access_in extended permit udp host FARMDC-IN16 any eq ntp
access-list inside_access_in remark email DNS
access-list inside_access_in extended permit udp host MAIL-IN2 any eq domain
access-list inside_access_in remark email DNS
access-list inside_access_in extended permit tcp host MAIL-IN2 any eq domain
access-list inside_access_in remark backup DNS
access-list inside_access_in extended permit tcp host TAPESERVER-IN8 any eq domain
access-list inside_access_in remark backup DNS
access-list inside_access_in extended permit udp host TAPESERVER-IN8 any eq domain
access-list inside_access_in remark primary DNS
access-list inside_access_in extended permit tcp host FARMDC-IN16 any eq domain
access-list inside_access_in remark primary DNS
access-list inside_access_in extended permit udp host FARMDC-IN16 any eq domain
access-list inside_access_in remark sniffer logs
access-list inside_access_in extended permit tcp host MAIL-IN2 any eq ftp
access-list inside_access_in remark sniffer logs
access-list inside_access_in extended permit tcp host MAIL-IN2 any eq ftp-data
access-list inside_access_in remark SCS updates
access-list inside_access_in extended permit tcp host INKJET-IN21 any eq ftp
access-list inside_access_in remark SCS updates
access-list inside_access_in extended permit tcp host INKJET-IN21 any eq ftp-data
access-list inside_access_in remark outbound email
access-list inside_access_in extended permit tcp host MAIL-IN2 any eq smtp
access-list inside_access_in extended permit icmp in.si.de.0 255.255.255.0 any
access-list inside_access_in extended permit udp in.si.de.0 255.255.255.0 any eq domain
access-list inside_access_in extended permit tcp in.si.de.0 255.255.255.0 any eq www
access-list inside_access_in remark RTSP outbound
access-list inside_access_in extended permit tcp object-group NETWORK-ALL-WORKSTATIONS any eq rtsp
access-list inside_access_in remark FTP outbound
access-list inside_access_in extended permit tcp object-group NETWORK-ALL-WORKSTATIONS any eq ftp
access-list inside_access_in remark FTP Data Outbound
access-list inside_access_in extended permit tcp object-group NETWORK-ALL-WORKSTATIONS any eq ftp-data
access-list inside_access_in remark http no proxy
access-list inside_access_in extended permit tcp object-group NETWORK-REMOTE any eq www
access-list inside_access_in remark https no proxy
access-list inside_access_in extended permit tcp object-group NETWORK-REMOTE any eq https
access-list inside_access_in remark Adobe Updater
access-list inside_access_in extended permit tcp object-group NETWORK-ALL-WORKSTATIONS host ADOBE-UPDATER eq www
access-list inside_access_in remark IT
access-list inside_access_in extended permit ip object-group NETWORK-IT any
access-list inside_access_in remark wamnet workstations transfer via ssh
access-list inside_access_in extended permit tcp object-group NETWORK-ALL-WORKSTATIONS host 12.96.58.133 eq ssh
access-list inside_access_in remark wamnet ssh
access-list inside_access_in extended permit tcp host WAMNET-IN19 host 64.240.158.70 eq ssh
access-list inside_access_in remark Wamnet server UDP 7000
access-list inside_access_in extended permit udp host WAMNET-IN19 host 209.83.194.251 object-group WAMNET-UDP7000
access-list inside_access_in remark
access-list inside_access_in extended permit tcp in.si.de.0 255.255.255.0 host PT eq https
access-list inside_access_in remark Allow Web Access to Cisco
access-list inside_access_in extended permit tcp object-group NETWORK-IT host in.si.de.5 eq www
access-list inside_access_in remark Allow https to Cisco ASA
access-list inside_access_in extended permit tcp object-group NETWORK-IT host in.si.de.5 eq https
access-list inside_access_in remark Allow Telnet access to Cisco ASA
access-list inside_access_in extended permit tcp object-group NETWORK-IT host in.si.de.5 eq telnet
access-list inside_access_in remark Allow Ping to partenr
access-list inside_access_in extended permit icmp host SALES-IN3 host 10.254.2.225
access-list inside_access_in remark http sales unknown
access-list inside_access_in extended permit tcp host SALES-IN3 any eq www
access-list inside_access_in remark Rsync
access-list inside_access_in extended permit tcp host MAIL-IN2 any object-group Rsync
access-list inside_access_in remark Wamnet Box out
access-list inside_access_in extended permit tcp host WAMNET-IN19 host 209.83.194.251 eq ssh
access-list inside_access_in remark Wamnet Box Out
access-list inside_access_in extended permit tcp host WAMNET-IN19 host 12.96.58.133 eq ssh
access-list inside_access_in remark
access-list inside_access_in extended permit tcp host in.si.de.199 any eq https
access-list inside_access_in remark Allow all Carol Stream to Outside VPN
access-list inside_access_in extended permit ip in.si.de.0 255.255.255.0 object-group All-VPN-Networks
access-list inside_access_in remark allow all Outside VPN Networks to Carol Stream
access-list inside_access_in extended permit ip object-group All-VPN-Networks in.si.de.0 255.255.255.0
access-list inside_access_in remark ICMP outbound
access-list inside_access_in extended permit icmp object-group NETWORK-SERVERS any object-group ICMP-Permit
access-list inside_access_in extended permit icmp object-group NETWORK-SERVERS object-group All-VPN-Networks
access-list outside_access_in extended permit tcp any host SALES-OUT134 eq ftp-data
access-list outside_access_in remark ftp.domain.com
access-list outside_access_in extended permit tcp any host SALES-OUT134 eq ftp
access-list outside_access_in remark intranet.domain.com
access-list outside_access_in extended permit tcp any host SALES-OUT150 eq www
access-list outside_access_in remark intranet.domain.com
access-list outside_access_in extended permit tcp any host SALES-OUT150 eq https
access-list outside_access_in remark ldap.domain.com
access-list outside_access_in extended permit tcp any host MAIL-OUT140 object-group LDAP500
access-list outside_access_in remark email.domain.com
access-list outside_access_in extended permit tcp any host MAIL-OUT140 eq https
access-list outside_access_in remark email.domain.com
access-list outside_access_in extended permit tcp any host MAIL-OUT140 eq www
access-list outside_access_in remark email.domain.com
access-list outside_access_in extended permit tcp any host MAIL-OUT140 object-group mailCALENDAR8083
access-list outside_access_in remark pop3.domain.com
access-list outside_access_in extended permit tcp any host MAIL-OUT140 eq pop3
access-list outside_access_in remark smtp.domain.com
access-list outside_access_in extended permit tcp any host MAIL-OUT132 object-group SMTPAuth
access-list outside_access_in remark smtp.domain.com
access-list outside_access_in extended permit tcp any host MAIL-OUT132 eq smtp
access-list outside_access_in remark APT PCAnywhere
access-list outside_access_in extended permit icmp host APT-PCAW host SERVER-OUT139 object-group ICMP-Permit
access-list outside_access_in remark APT PCAnywhere
access-list outside_access_in extended permit tcp host APT-PCAW host SERVER-OUT139 eq pcanywhere-data
access-list outside_access_in remark APT PCAnywhere
access-list outside_access_in extended permit udp host APT-PCAW host SERVER-OUT139 eq pcanywhere-status
access-list outside_access_in remark ACS PCAnywhere
access-list outside_access_in extended permit icmp host ACS-PCAW host FULFILLMENT-OUT18 object-group ICMP-Permit
access-list outside_access_in remark ACS PCAnywhere
access-list outside_access_in extended permit tcp host ACS-PCAW host FULFILLMENT-OUT18 eq pcanywhere-data
access-list outside_access_in remark ACS PCAnywhere
access-list outside_access_in extended permit udp host ACS-PCAW host FULFILLMENT-OUT18 eq pcanywhere-status
access-list outside_access_in remark ACS PCAnywhere
access-list outside_access_in extended permit icmp host ACS-PCAW host INKJET-OUT151 object-group ICMP-Permit
access-list outside_access_in remark ACS PCAnywhere
access-list outside_access_in extended permit tcp host ACS-PCAW host INKJET-OUT151 eq pcanywhere-data
access-list outside_access_in remark ACS PCAnywhere
access-list outside_access_in extended permit udp host ACS-PCAW host INKJET-OUT151 eq pcanywhere-status
access-list outside_access_in remark ACS PCAnywhere
access-list outside_access_in extended permit icmp host ACS-PCAW host ADVANTAGEWS-OUT153 object-group ICMP-Permit
access-list outside_access_in remark ACS PCAnywhere
access-list outside_access_in extended permit udp host ACS-PCAW host ADVANTAGEWS-OUT153 eq pcanywhere-status
access-list outside_access_in remark ACS PCAnywhere
access-list outside_access_in extended permit tcp host ACS-PCAW host ADVANTAGEWS-OUT153 eq pcanywhere-data
access-list outside_access_in remark ping to mail
access-list outside_access_in extended permit icmp any host MAIL-OUT132 object-group ICMP-Permit
access-list outside_access_in remark ping to ftp
access-list outside_access_in extended permit icmp any host SALES-OUT134 object-group ICMP-Permit
access-list outside_access_in remark ping to mail
access-list outside_access_in extended permit icmp any host MAIL-OUT140 object-group ICMP-Permit
access-list outside_access_in remark ping to intranet
access-list outside_access_in extended permit icmp any host SALES-OUT150 object-group ICMP-Permit
access-list outside_access_in remark Media Services Support
access-list outside_access_in extended permit icmp host 64.154.22.198 host FINANCE-OUT155 object-group ICMP-Permit
access-list outside_access_in remark Media Services Support
access-list outside_access_in extended permit tcp host 64.154.22.198 host FINANCE-OUT155 eq telnet
access-list outside_access_in remark In to Wamnet Box
access-list outside_access_in extended permit ip host 64.240.158.70 host WAMNET-OUT133
access-list outside_access_in remark qwest to tapeserver dns
access-list outside_access_in extended permit tcp host 205.171.3.65 eq domain host TAPESERVER-IN8 inactive
access-list outside_access_in remark qwest to tapeserver dns
access-list outside_access_in extended permit udp host 205.171.3.65 eq domain host TAPESERVER-IN8 inactive
access-list outside_access_in remark qwest to tapeserver dns
access-list outside_access_in extended permit tcp host 205.171.3.65 host TAPESERVER-IN8 eq domain
access-list outside_access_in remark qwest to tapeserver dns
access-list outside_access_in extended permit udp host 205.171.3.65 host TAPESERVER-IN8 eq domain
access-list outside_access_in remark qwest to farmdc dns
access-list outside_access_in extended permit udp host 205.171.3.65 eq domain host FARMDC-IN16 inactive
access-list outside_access_in remark qwest to farmdc dns
access-list outside_access_in extended permit tcp host 205.171.3.65 eq domain host FARMDC-IN16 inactive
access-list outside_access_in remark qwest to farmdc dns
access-list outside_access_in extended permit udp host 205.171.3.65 host FARMDC-IN16 eq domain
access-list outside_access_in remark qwest to farmdc dns
access-list outside_access_in extended permit tcp host 205.171.3.65 host FARMDC-IN16 eq domain
access-list outside_access_in remark qwest to mail dns
access-list outside_access_in extended permit tcp host 205.171.3.65 eq domain host MAIL-IN2 inactive
access-list outside_access_in remark qwest to mail dns
access-list outside_access_in extended permit udp host 205.171.3.65 eq domain host MAIL-IN2 inactive
access-list outside_access_in remark qwest to mail dns
access-list outside_access_in extended permit tcp host 205.171.3.65 host MAIL-IN2 eq domain
access-list outside_access_in remark qwest to mail dns
access-list outside_access_in extended permit udp host 205.171.3.65 host MAIL-IN2 eq domain
access-list outside_access_in remark Allow All VPN networks in
access-list outside_access_in extended permit ip object-group All-VPN-Networks in.si.de.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip in.si.de.0 255.255.255.0 192.168.168.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip in.si.de.0 255.255.255.0 192.168.210.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip in.si.de.0 255.255.255.0 192.168.220.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip in.si.de.0 255.255.255.0 192.168.200.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip in.si.de.0 255.255.255.0 192.168.230.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip in.si.de.0 255.255.255.0 10.0.0.0 255.0.0.0
access-list inside_nat0_outbound extended permit ip any in.si.de.232 255.255.255.248
access-list outside_40_cryptomap remark Urbandale, IA
access-list outside_40_cryptomap extended permit ip in.si.de.0 255.255.255.0 192.168.210.0 255.255.255.0
access-list outside_60_cryptomap remark Lincoln, NE
access-list outside_60_cryptomap extended permit ip in.si.de.0 255.255.255.0 192.168.220.0 255.255.255.0
access-list outside_80_cryptomap remark Minnetonka, MN
access-list outside_80_cryptomap extended permit ip in.si.de.0 255.255.255.0 192.168.200.0 255.255.255.0
access-list outside_100_cryptomap remark Decatur, IL
access-list outside_100_cryptomap extended permit ip in.si.de.0 255.255.255.0 192.168.230.0 255.255.255.0
access-list outside_120_cryptomap remark Australia Partnerr VPN
access-list outside_120_cryptomap extended permit ip in.si.de.0 255.255.255.0 object-group partner.com
pager lines 24
logging enable
logging timestamp
logging asdm-buffer-size 500
logging trap warnings
logging asdm warnings
logging from-address sfisher@domain.com
logging recipient-address sfisher@domain.com level errors
logging device-id hostname
logging host inside in.si.de.1 17/10514 format emblem
mtu outside 1492
mtu inside 1492
mtu dmz 1492
mtu management 1500
ip local pool VPNPool in.si.de.232-in.si.de.239 mask 255.255.255.248
ip local pool VPNPool2 in.si.de.240-in.si.de.247 mask 255.255.255.248
icmp unreachable rate-limit 1 burst-size 1
icmp permit any outside
icmp permit any inside
asdm image disk0:/asdm522.bin
asdm history enable
arp timeout 14400
nat-control
global (outside) 1 out.si.de.160-out.si.de.170 netmask 255.0.0.0
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 in.si.de.0 255.255.255.0
static (inside,outside) SALES-OUT150 SALES-IN20 netmask 255.255.255.255
static (inside,outside) SALES-OUT134 SALES-IN4 netmask 255.255.255.255
static (inside,outside) ADVANTAGEWS-OUT153 ADVANTAGEWS-IN23 netmask 255.255.255.255
static (inside,outside) SERVER-OUT139 SERVER-IN9 netmask 255.255.255.255
static (inside,outside) FINANCE-OUT155 FINANCE-IN25 netmask 255.255.255.255
static (inside,outside) INKJET-OUT151 INKJET-IN21 netmask 255.255.255.255
static (inside,outside) FULFILLMENT-OUT18 FULFILLMENT-IN18 netmask 255.255.255.255
static (inside,outside) WAMNET-OUT133 WAMNET-IN19 netmask 255.255.255.255
static (inside,outside) SALES-OUT149 SALES-IN3 netmask 255.255.255.255
static (inside,outside) MAIL-OUT132 MAIL-IN2 netmask 255.255.255.255
static (inside,outside) MAIL-OUT140 MAIL-IN10 netmask 255.255.255.255
access-group outside_access_in in interface outside
access-group inside_access_in in interface inside
route outside 0.0.0.0 0.0.0.0 out.si.de.129 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
group-policy DfltGrpPolicy attributes
banner none
wins-server none
dns-server none
dhcp-network-scope none
vpn-access-hours none
vpn-simultaneous-logins 3
vpn-idle-timeout none
vpn-session-timeout none
vpn-filter none
vpn-tunnel-protocol IPSec l2tp-ipsec webvpn
password-storage disable
ip-comp disable
re-xauth disable
group-lock none
pfs disable
ipsec-udp disable
ipsec-udp-port 10000
split-tunnel-policy tunnelall
split-tunnel-network-list none
default-domain none
split-dns none
intercept-dhcp 255.255.255.255 disable
secure-unit-authentication disable
user-authentication disable
user-authentication-idle-timeout 30
ip-phone-bypass disable
leap-bypass disable
nem disable
backup-servers keep-client-config
msie-proxy server none
msie-proxy method no-modify
msie-proxy except-list none
msie-proxy local-bypass disable
nac disable
nac-sq-period 300
nac-reval-period 36000
nac-default-acl none
address-pools none
client-firewall none
client-access-rule none
webvpn
functions url-entry
html-content-filter none
homepage none
keep-alive-ignore 4
http-comp gzip
filter none
url-list none
customization value DfltCustomization
port-forward none
port-forward-name value Application Access
sso-server none
deny-message value Login was successful, but because certain criteria have not been met or due to some specific group policy, you do not have permission to use any of the VPN features. Contact your IT administrator for more information
svc none
svc keep-installer installed
svc keepalive none
svc rekey time none
svc rekey method none
svc dpd-interval client none
svc dpd-interval gateway none
svc compression deflate
group-policy VPNREMOTEUSER internal
group-policy VPNREMOTEUSER attributes
wins-server value in.si.de.16 in.si.de.8
dns-server value in.si.de.16 in.si.de.8
vpn-tunnel-protocol IPSec
default-domain value domain.com
address-pools value VPNPool VPNPool2
http server enable
http 192.168.1.0 255.255.255.0 management
http in.si.de.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 set pfs
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto map outside_map 20 match address outside_80_cryptomap
crypto map outside_map 20 set peer 65.127.253.226
crypto map outside_map 20 set transform-set ESP-DES-MD5
crypto map outside_map 40 match address outside_120_cryptomap
crypto map outside_map 40 set pfs
crypto map outside_map 40 set peer 203.3.70.5
crypto map outside_map 40 set transform-set ESP-3DES-MD5
crypto map outside_map 60 match address outside_60_cryptomap
crypto map outside_map 60 set peer 216.170.18.34
crypto map outside_map 60 set transform-set ESP-DES-MD5
crypto map outside_map 80 match address outside_40_cryptomap
crypto map outside_map 80 set peer 63.227.71.161
crypto map outside_map 80 set transform-set ESP-DES-MD5
crypto map outside_map 100 match address outside_100_cryptomap
crypto map outside_map 100 set peer 66.72.13.17
crypto map outside_map 100 set transform-set ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption des
hash md5
group 2
lifetime 28800
crypto isakmp policy 30
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 28800
crypto isakmp policy 50
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 28800
tunnel-group 63.227.71.161 type ipsec-l2l
tunnel-group 63.227.71.161 ipsec-attributes
pre-shared-key *
tunnel-group 216.170.18.34 type ipsec-l2l
tunnel-group 216.170.18.34 ipsec-attributes
pre-shared-key *
tunnel-group 65.127.253.226 type ipsec-l2l
tunnel-group 65.127.253.226 ipsec-attributes
pre-shared-key *
tunnel-group 66.72.13.17 type ipsec-l2l
tunnel-group 66.72.13.17 ipsec-attributes
pre-shared-key *
tunnel-group 203.3.70.5 type ipsec-l2l
tunnel-group 203.3.70.5 ipsec-attributes
pre-shared-key *
tunnel-group VPNREMOTEUSER type ipsec-ra
tunnel-group VPNREMOTEUSER general-attributes
address-pool VPNPool
address-pool VPNPool2
default-group-policy VPNREMOTEUSER
tunnel-group VPNREMOTEUSER ipsec-attributes
pre-shared-key *
telnet timeout 5
ssh timeout 5
console timeout 0
management-access inside
l2tp tunnel hello 300
dhcpd dns 205.171.3.65 205.171.2.65 interface inside
dhcpd option 3 ip in.si.de.6 interface inside
!
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
!
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect icmp
inspect icmp error
!
service-policy global_policy global
ntp server 192.43.244.18 source outside prefer
smtp-server in.si.de.2
prompt hostname context
: end
asdm image disk0:/asdm522.bin
asdm history enable

Any help would be appreciated.
 
Sort by date Sort by votes
Usually this is related to a missing NAT exemption for the VPN tunnel. Do you have the same hosts or subnets defined on both sides of the tunnel?
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

intel233
  • Locked
  • Question
Cisco ASA 5510 -Static NAT Help
Replies
8
Views
960
intel233
intel233
intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
829
intel233
intel233
WhosYourDiffie
  • Locked
  • Question
Cisco ASA 5506 VPN for Avaya Phones
Replies
0
Views
268
WhosYourDiffie
WhosYourDiffie
AllenH12
  • Locked
  • Question
Bandwidth in Cisco ASA 5505
Replies
2
Views
440
AllenH12
AllenH12
PauS0n
  • Locked
  • Question
Need Help On Cisco ASA 5512 Running Version 9
Replies
0
Views
305
PauS0n
PauS0n

Part and Inventory Search

Sponsor

Back
Top