Announcement

Collapse
No announcement yet.

Remote Access On Cisco ASA 5520

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Remote Access On Cisco ASA 5520

    First,sorry my English bad,I'm Newbie in Cisco Configuration.
    somebody here please help me, i was configured remote access vpn on ASA 5520,i have trouble. When my user vpn clients connect to the cisco ASA 5520 i want to remote them using ultravnc.but i can't ping another user that log onto my vpn cisco ASA and i can't ping my inside network.Please help me how i can configure remote access vpn on asa 5520, i was follow step from cisco documentation but it's not work.Please give me some example how i can configure and please help me to fix my problem. Thanks a lot for your attention.

    This is my remote access VPN configuration :

    Internet----outside (ASA 5520) inside--- My Network


    : Saved
    :
    ASA Version 8.0(4)
    !
    hostname ciscoasa
    enable password 1QdyRDaqRKHZa5px encrypted
    passwd 2KFQnbNIdI.2KYOU encrypted
    names
    !
    interface GigabitEthernet0/0
    nameif outside
    security-level 0
    ip address 202.xxx.xxx.76 255.xxx.xxx.248
    !
    interface GigabitEthernet0/1
    nameif inside
    security-level 100
    ip address 10.234.8.3 255.255.254.0
    !
    interface GigabitEthernet0/2
    shutdown
    no nameif
    no security-level
    no ip address
    !
    interface GigabitEthernet0/3
    shutdown
    no nameif
    no security-level
    no ip address
    !
    interface Management0/0
    nameif management
    security-level 100
    ip address 192.168.1.1 255.255.255.0
    management-only
    !
    ftp mode passive
    access-list vpnsmn_splitTunnelAcl standard permit host 0.0.0.0
    access-list inside_nat0_outbound extended permit ip any 10.234.10.0 255.255.254.0
    pager lines 24
    logging asdm informational
    mtu management 1500
    mtu outside 1500
    mtu inside 1500
    no failover
    icmp unreachable rate-limit 1 burst-size 1
    asdm image disk0:/asdm-602.bin
    no asdm history enable
    arp timeout 14400
    global (outside) 1 interface
    nat (inside) 0 access-list inside_nat0_outbound
    nat (inside) 1 0.0.0.0 0.0.0.0
    route outside 0.0.0.0 0.0.0.0 202.xxx.xxx.73 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    dynamic-access-policy-record DfltAccessPolicy
    webvpn
    url-list none
    http server enable
    http 10.234.9.14 255.255.255.255 inside
    http 192.168.1.0 255.255.255.0 management
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
    crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
    crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
    crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
    crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
    crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
    crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
    crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
    crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
    crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
    crypto ipsec security-association lifetime seconds 28800
    crypto ipsec security-association lifetime kilobytes 4608000
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-3DES-MD5
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set security-association lifetime seconds 28800
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set security-association lifetime kilobytes 4608000
    crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
    crypto map outside_map interface outside
    crypto isakmp enable outside
    crypto isakmp policy 10
    authentication pre-share
    encryption 3des
    hash sha
    group 2
    lifetime 86400
    no crypto isakmp nat-traversal
    no vpn-addr-assign dhcp
    no vpn-addr-assign local
    telnet timeout 5
    ssh timeout 5
    console timeout 0
    dhcpd address 192.168.1.2-192.168.1.254 management
    dhcpd enable management
    !
    threat-detection basic-threat
    threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    group-policy vpnsmn internal
    group-policy vpnsmn attributes
    banner value ------------------------------------------------------------------------
    banner value Welcome To VPN
    banner value -----------------------------------------------------------------------
    vpn-tunnel-protocol IPSec
    ip-comp enable
    group-lock value vpnsmn
    ipsec-udp enable
    ipsec-udp-port 10000
    split-tunnel-policy excludespecified
    split-tunnel-network-list value vpnsmn_splitTunnelAcl
    address-pools none
    username joe password miuLgbNv0BOzy3Qv encrypted privilege 0
    username joe attributes
    vpn-group-policy vpnsmn
    vpn-tunnel-protocol IPSec
    vpn-framed-ip-address 10.234.10.2 255.255.254.0
    group-lock value vpnsmn
    username admin password vY3.YAMXd47.S44e encrypted privilege 15
    username zec password afGf5GGuJ0QfMA8k encrypted privilege 0
    username zec attributes
    vpn-group-policy vpnsmn
    vpn-tunnel-protocol IPSec
    vpn-framed-ip-address 10.234.10.1 255.255.254.0
    group-lock value vpnsmn
    tunnel-group vpnsmn type remote-access
    tunnel-group vpnsmn general-attributes
    address-pool ippool
    default-group-policy vpnsmn
    tunnel-group vpnsmn ipsec-attributes
    pre-shared-key *
    tunnel-group-map default-group vpnsmn
    !
    class-map inspection_default
    match default-inspection-traffic
    !
    !
    policy-map type inspect dns preset_dns_map
    parameters
    message-length maximum 512
    policy-map global_policy
    class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny
    inspect sunrpc
    inspect xdmcp
    inspect sip
    inspect netbios
    inspect tftp
    !
    service-policy global_policy global
    prompt hostname context
    Cryptochecksum:aac5686ff595f608734c1e2395bf13d6
    : end
    asdm image disk0:/asdm-602.bin
    no asdm history enable
Working...
X