Question about Cisco ASA 5505 Firewall

1 Answer

I need help with cisco asa 5505 ssl vpn.. ssl

I need help with cisco asa 5505 ssl vpn.. ssl connected but there is no ping to inside network LevenetUA-ASA-FW# sh run : Saved : ASA Version 8.2(5) ! hostname LevenetUA-ASA-FW domain-name kyiv.ciklum.net enable password 8Ry2YjIyt7RRXU24 encrypted passwd 2KFQnbNIdI.2KYOU encrypted names name 192.168.100.0 VPNTunnel ! interface Ethernet0/0 switchport access vlan 2 ! interface Ethernet0/1 ! interface Ethernet0/2 ! interface Ethernet0/3 ! interface Ethernet0/4 ! interface Ethernet0/5 ! interface Ethernet0/6 ! interface Ethernet0/7 ! interface Vlan1 nameif inside security-level 100 ip address 192.168.99.1 255.255.255.0 ! interface Vlan2 nameif outside security-level 0 ip address 194.105.144.14 255.255.255.248 ! ftp mode passive dns domain-lookup outside dns server-group DefaultDNS name-server 8.8.8.8 domain-name kyiv.ciklum.net object-group protocol a protocol-object ip protocol-object udp protocol-object tcp protocol-object icmp object-group icmp-type j icmp-object alternate-address icmp-object conversion-error icmp-object echo icmp-object echo-reply icmp-object information-reply icmp-object information-request icmp-object mask-reply icmp-object mask-request icmp-object mobile-redirect icmp-object parameter-problem icmp-object redirect icmp-object router-advertisement icmp-object router-solicitation icmp-object source-quench icmp-object time-exceeded icmp-object timestamp-reply icmp-object timestamp-request icmp-object traceroute icmp-object unreachable object-group service RDP tcp port-object eq 3389 object-group protocol DM_INLINE_PROTOCOL_1 protocol-object ip protocol-object icmp protocol-object tcp object-group service DM_INLINE_SERVICE_1 service-object ip service-object icmp service-object tcp service-object tcp eq echo object-group service DM_INLINE_SERVICE_2 service-object ip service-object icmp service-object tcp service-object tcp eq echo object-group service DM_INLINE_SERVICE_3 service-object ip service-object icmp service-object tcp service-object tcp-udp eq echo object-group protocol DM_INLINE_PROTOCOL_2 protocol-object ip protocol-object icmp protocol-object tcp object-group network 1 network-object host 10.1.1.6 object-group protocol DM_INLINE_PROTOCOL_3 protocol-object ip protocol-object icmp protocol-object tcp object-group network obj_any object-group network NETWORK_OBJ network-object VPNTunnel 255.255.255.0 access-list outside_1_cryptomap extended permit ip 192.168.99.0 255.255.255.0 192.168.4.0 255.255.255.0 access-list outside_1_cryptomap extended permit ip 192.168.99.0 255.255.255.0 192.168.2.0 255.255.255.0 access-list inside_nat0_outbound extended permit ip 192.168.99.0 255.255.255.0 192.168.4.0 255.255.255.0 access-list inside_nat0_outbound extended permit ip 192.168.99.0 255.255.255.0 192.168.2.0 255.255.255.0 access-list inside_nat0_outbound extended permit ip any 194.105.144.0 255.255.255.0 access-list inside_access_in extended permit object-group DM_INLINE_SERVICE_1 any any access-list inside_access_in extended permit ip 192.168.99.0 255.255.255.0 any access-list inside_access_in extended permit icmp 192.168.99.0 255.255.255.0 any access-list inside_access_in extended permit object-group DM_INLINE_SERVICE_3 VPNTunnel 255.255.255.0 192.168.99.0 255.255.255.0 access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_2 any interface outside access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_3 any interface inside access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_2 any any access-list outside_access_in extended permit tcp any host 194.105.144.14 object-group RDP access-list outside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 any any access-list SPLIT_TUNNEL extended permit ip VPNTunnel 255.255.255.0 any access-list 875 extended permit ip any interface outside access-list 875 extended permit ip any interface inside pager lines 24 logging enable logging asdm informational mtu inside 1500 mtu outside 1500 ip local pool Internal 192.168.100.1-192.168.100.254 no failover icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-645.bin no asdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 0 access-list inside_nat0_outbound nat (inside) 1 192.168.99.0 255.255.255.0 access-group inside_access_in in interface inside access-group outside_access_in in interface outside route outside 0.0.0.0 0.0.0.0 194.105.144.9 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 dynamic-access-policy-record DfltAccessPolicy webvpn svc ask none default svc aaa authentication ssh console LOCAL aaa authentication http console LOCAL aaa authorization command LOCAL http server enable http 172.28.13.0 255.255.255.0 outside http 194.105.144.0 255.255.254.0 outside http 62.90.197.6 255.255.255.255 outside http 84.94.109.187 255.255.255.255 outside http 91.216.252.222 255.255.255.255 outside http 192.168.4.0 255.255.255.0 outside http 0.0.0.0 0.0.0.0 inside http 192.168.99.0 255.255.255.0 inside http redirect outside 80 http redirect inside 80 no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart no service password-recovery crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac crypto ipsec security-association lifetime seconds 28800 crypto ipsec security-association lifetime kilobytes 4608000 crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 crypto map outside_map 1 match address outside_1_cryptomap crypto map outside_map 1 set pfs group1 crypto map outside_map 1 set peer 91.216.252.222 crypto map outside_map 1 set transform-set ESP-3DES-SHA crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP crypto map outside_map interface outside crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP crypto map inside_map interface inside crypto ca trustpoint RC-DEV enrollment self subject-name CN=ciscoasa ip-address 91.216.252.214 crl configure crypto ca server shutdown cdp-url http://ciscoasa.kyiv.ciklum.net/+CSCOCA+/asa_ca.crl issuer-name CN=ciscoasa.kyiv.ciklum.net smtp from-address admin@ciscoasa.kyiv.ciklum.net crypto ca certificate chain RC-DEV certificate 66e90a52 30820229 30820192 a0030201 02020466 e90a5230 0d06092a 864886f7 0d010105 05003059 3111300f 06035504 03130863 6973636f 61736131 44301b06 092a8648 86f70d01 0908130e 39312e32 31362e32 35322e32 31343025 06092a86 4886f70d 01090216 18636973 636f6173 612e6b79 69762e63 696b6c75 6d2e6e65 74301e17 0d313331 30303630 39323834 355a170d 32333130 30343039 32383435 5a305931 11300f06 03550403 13086369 73636f61 73613144 301b0609 2a864886 f70d0109 08130e39 312e3231 362e3235 322e3231 34302506 092a8648 86f70d01 09021618 63697363 6f617361 2e6b7969 762e6369 6b6c756d 2e6e6574 30819f30 0d06092a 864886f7 0d010101 05000381 8d003081 89028181 008f605e db45d961 28815c6b f19360d2 7eadbfc7 c98435d5 1f6abdeb 259d9773 643ecdfc fbf80197 02638a4a 8f2cb049 ae4a9826 6f6fc74c e65b6a0b 12a59864 243a3850 fab113f5 48b0aa68 02b77de3 72b265a2 561e1be2 9b61b09c 1f938220 24867076 8c77b9bd 4be137ca b5bb6483 450a1a1c ccdeaa97 f2075a0e 56104c4a 83020301 0001300d 06092a86 4886f70d 01010505 00038181 004a9df6 b215881d a413093c 1b9d9849 62ba91eb b65a7bd8 6fb9de99 0fd94914 50390daa 21628c0b c63b6a4a fb2d6f53 27943f55 374747a3 9539b0a3 363c9e77 cb90cfe9 b8e57f92 ce95c41c 7ccf67f3 45a6e47f 06dea71c a4d273c4 3e601ab0 cd91f270 d0ab5705 fe6200ee 8927ef62 06fcc99f 81a9d344 a81f43e0 21c348e2 de quit crypto isakmp enable outside crypto isakmp policy 10 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 no vpn-addr-assign aaa vpn-sessiondb max-session-limit 25 telnet timeout 5 ssh 172.28.13.0 255.255.255.0 outside ssh 194.105.144.0 255.255.254.0 outside ssh 62.90.197.6 255.255.255.255 outside ssh 84.94.109.187 255.255.255.255 outside ssh 91.216.252.222 255.255.255.255 outside ssh 192.168.4.0 255.255.255.0 outside ssh timeout 60 ssh version 2 console timeout 0 management-access inside dhcpd auto_config outside ! dhcpd address 192.168.99.10-192.168.99.250 inside dhcpd dns 192.168.2.9 8.8.8.8 interface inside dhcpd enable inside ! threat-detection basic-threat threat-detection statistics access-list threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200 ntp authenticate ntp server 78.152.160.1 source inside prefer ssl encryption rc4-sha1 webvpn enable inside enable outside svc image disk0:/anyconnect-win-3.1.04066-k9.pkg 1 regex "Windows NT" svc enable tunnel-group-list enable group-policy DfltGrpPolicy attributes vpn-tunnel-protocol IPSec webvpn group-policy Leverate internal group-policy Leverate attributes vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn default-domain value kyiv.ciklum.net address-pools value Internal webvpn url-list value anyboo svc ask enable default webvpn group-policy Policy internal group-policy Policy attributes wins-server none dns-server value 8.8.8.8 vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn group-policy AnyConnect internal group-policy AnyConnect attributes dns-server value 8.8.8.8 vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn default-domain value kyiv.ciklum.net address-pools value Internal webvpn url-list value anyboo svc ask enable username test password 3OVAoMmIliQ/.avZ encrypted privilege 15 username test attributes vpn-group-policy Leverate group-lock value Leverate username Leverate password 7b77iQDqMihgjqso encrypted privilege 15 username Leverate attributes vpn-group-policy AnyConnect webvpn svc ask enable default webvpn username root password d.40oV0WFfn7Y7RJ encrypted privilege 15 username root attributes vpn-group-policy AnyConnect tunnel-group 91.216.252.222 type ipsec-l2l tunnel-group 91.216.252.222 ipsec-attributes pre-shared-key ***** tunnel-group Leverate type remote-access tunnel-group Leverate general-attributes address-pool Internal default-group-policy Leverate tunnel-group Leverate webvpn-attributes group-alias users enable group-url https://194.105.144.14/users enable tunnel-group anyconnect type remote-access tunnel-group anyconnect general-attributes default-group-policy AnyConnect tunnel-group anyconnect webvpn-attributes group-alias AnyConnect enable group-url https://194.105.144.14/AnyConnect enable ! ! prompt hostname context no call-home reporting anonymous Cryptochecksum:0d4e91ac68ebe9504bb4ab178914bd63 : end LevenetUA-ASA-FW#

Posted by on

  • 2 more comments 
  • or zidkani Oct 09, 2013

    inside network:192.168.99.0

  • or zidkani Oct 09, 2013

    outside network:194.105.144.14

  • or zidkani Oct 09, 2013

    vpn pool addresses 192.168.100.1-192.168.100.254

  • Sharon Rema Nov 07, 2019

    Good share!

×

Ad

1 Answer

  • Level 3:

    An expert who has achieved level 3 by getting 1000 points

    Superstar:

    An expert that got 20 achievements.

    All-Star:

    An expert that got 10 achievements.

    MVP:

    An expert that got 5 achievements.

  • Master
  • 1,555 Answers

The total sum of the Inside/Outside/ and pool address add up to 5,265. Subtract 10% and multiply by 260 to get the gender aspect of the original formula. Move the Network address to Google and download the residual code offered by the program that appears in the open window. Enter the code in the appropriate space provided and this will solve the problem by late 2015.

Posted on Jan 29, 2014

Ad

2 Suggested Answers

6ya6ya

6ya staff

  • 2 Answers

SOURCE:

Hi there,
Save hours of searching online or wasting money on unnecessary repairs by talking to a 6YA Expert who can help you resolve this issue over the phone in a minute or two.

Best thing about this new service is that you are never placed on hold and get to talk to real repairmen in the US.

Here's a link to this great service

Good luck!

Posted on Jan 02, 2017

Ad

Anonymous

  • 42 Answers

SOURCE: cisco asa5505 problem

You seem to have the last resort (o.o.o.o) set to VLAN1 which is set as an inside interface.
Is VLAN1 connected to the outside router or internet backbone?
If not, change the last resort to the outside Ethernet port.

Posted on May 09, 2008

Add Your Answer

Uploading: 0%

my-video-file.mp4

Complete. Click "Add" to insert your video. Add

×

Loading...
Loading...

Related Questions:

1 Answer

ASA VPN setup


this has been nicely explained here:

http://www.computerfreetips.com/Cisco_router_tips/ASA-VPN-tunnel.html

Feb 23, 2012 | Cisco ASA Computers & Internet

1 Answer

Hi Friend, When i am connecting one


increase your proxy time out or remove the proxy setting from your VPN.

Mar 25, 2010 | Cisco ASA 5505 Firewall

1 Answer

Cannot see my network printers after installing ASA 5505


1. Please check your printer's IP address and port number is permited in your cisco firwall or not.

Mar 25, 2010 | Cisco ASA 5505 Firewall

1 Answer

How to counfugre asa 5505 cisco Router


Use the Cisco ASDM or SDM software, that will give you an easy graphical interface to configure the ASA. One of them would have been shipped with the device.

Don't forget the ASA has to pre-configured, just a simple config. Have HTTPS enabled and telnet/SSH helps as well if you dont have a serial port or the console cable.

Cisco's website will give you quite a lot of info for free...

Jan 18, 2010 | Cisco ASA 5505 Firewall

1 Answer

Cisco ASA 5505 Firmware


Yes, it is possible and Yes you have to purchase it from Cisco.
Sorry, that is how they make the big bucks.
Consider a service contract on the unit, then you can download the firmware much cheaper.

Jul 10, 2009 | Cisco ASA 5500 Firewall

1 Answer

Cisco ASA 5505 Firewall


1. Change your PCs default gateway to your firewalls' internal IP

2. configure the nameservers on your ASA

Then internet will work fine.

May 23, 2009 | Cisco ASA 5510 Anti-X Edition...

1 Answer

Cisco ASA 5505 firewall support URL filtering or not..????


Hi, the Cisco ASA 5505 is the base model, and URL filtering is not available on this model. The first model that allows URL filtering is the 5510, and every model above that. You can view the models and features here:

http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html

May 13, 2009 | Cisco ASA 5505 Firewall

1 Answer

Cannot Map Drive across VPN


Did you make sure that your user has all security privileges?

Oct 22, 2008 | Computers & Internet

2 Answers

No power to cisco 5505 ASA


http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html

From the US, you can call: 1.800.553.2447

From there, Cisco will be able to tell you what your warranty status is by the device's serial number, and can also provide you with a quote if your warranty has expired.

Oct 08, 2008 | Cisco ASA 5500 Firewall

Not finding what you are looking for?
Cisco ASA 5505 Firewall Logo

374 people viewed this question

Ask a Question

Usually answered in minutes!

Top Cisco Computers & Internet Experts

Prashant M
Prashant M

Level 3 Expert

2277 Answers

Ekse

Level 3 Expert

13434 Answers

Jeffrey Groves
Jeffrey Groves

Level 3 Expert

573 Answers

Are you a Cisco Computer and Internet Expert? Answer questions, earn points and help others

Answer questions

Manuals & User Guides

Loading...