Vuong Huu Dung

Members
  • Content count

    2
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Vuong Huu Dung

  • Rank
    Newbie
  1. Anybody help, please.
  2. I have configured a lab VPN Client to Site using Ipsec. When i connected to ASA Firewall via Cisco VPN Client, i can't access to Local Network. (192.168.2.x can't ping to 192.168.1.x) My topology : ASA Firewall - Cisco Router - Internet - Remote Users Sorry for my English. Cisco Router configuration : interface FastEthernet0/0 ip address 1.1.1.2 255.255.255.0 ip flow ingress ip flow egress ip nat outside ip virtual-reassembly duplex auto speed auto ! ! interface FastEthernet0/1 ip address 192.168.255.1 255.255.255.0 ip flow ingress ip flow egress ip nat inside ip virtual-reassembly duplex auto speed auto ! ! ip forward-protocol nd no ip http server no ip http secure-server ! ! ip nat inside source list internet interface FastEthernet0/0 overload ip nat inside source static tcp 192.168.255.2 443 interface FastEthernet0/0 443 ip nat inside source static udp 192.168.255.2 500 1.1.1.2 500 extendable ip nat inside source static udp 192.168.255.2 4500 1.1.1.2 4500 extendable ip nat inside source static tcp 192.168.255.2 10000 1.1.1.2 10000 extendable ip route 0.0.0.0 0.0.0.0 1.1.1.1 ip route 192.168.1.0 255.255.255.0 192.168.255.2 ! ip access-list extended internet permit ip 192.168.255.0 0.0.0.255 any permit ip 192.168.0.0 0.0.0.255 any permit ip 192.168.1.0 0.0.0.255 any deny ip any any ASA configuration below : interface GigabitEthernet0 nameif outside security-level 0 ip address 192.168.255.2 255.255.255.0 ! interface GigabitEthernet1 nameif inseide security-level 0 ip address 192.168.1.1 255.255.255.0 ! interface GigabitEthernet2 shutdown no nameif no security-level no ip address ! interface GigabitEthernet3 shutdown no nameif no security-level no ip address ! interface GigabitEthernet4 shutdown no nameif no security-level no ip address ! interface GigabitEthernet5 shutdown no nameif no security-level no ip address ! ftp mode passive object network NETWORK_OBJ_192.168.2.0_24 subnet 192.168.2.0 255.255.255.0 access-list LAN standard permit 192.168.1.0 255.255.255.0 access-list outside_access_in extended permit ip any any access-list inseide_access_in extended permit ip any any pager lines 24 logging enable logging asdm informational mtu outside 1500 mtu inseide 1500 ip local pool VPN-POOL 192.168.2.10-192.168.2.254 mask 255.255.255.0 no failover icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-661.bin no asdm history enable arp timeout 14400 nat (any,any) source static any any destination static NETWORK_OBJ_192.168.2.0_24 NETWORK_OBJ_192.168.2.0_24 access-group outside_access_in in interface outside access-group inseide_access_in in interface inseide route outside 0.0.0.0 0.0.0.0 192.168.255.1 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 dynamic-access-policy-record DfltAccessPolicy user-identity default-domain LOCAL http server enable http 1.1.2.1 255.255.255.255 outside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP crypto map outside_map interface outside crypto ikev1 enable outside crypto ikev1 policy 10 authentication crack encryption aes-256 hash sha group 2 lifetime 86400 crypto ikev1 policy 20 authentication rsa-sig encryption aes-256 hash sha group 2 lifetime 86400 crypto ikev1 policy 30 authentication pre-share encryption aes-256 hash sha group 2 lifetime 86400 crypto ikev1 policy 40 authentication crack encryption aes-192 hash sha group 2 lifetime 86400 crypto ikev1 policy 50 authentication rsa-sig encryption aes-192 hash sha group 2 lifetime 86400 crypto ikev1 policy 60 authentication pre-share encryption aes-192 hash sha group 2 lifetime 86400 crypto ikev1 policy 70 authentication crack encryption aes hash sha group 2 lifetime 86400 crypto ikev1 policy 80 authentication rsa-sig encryption aes hash sha group 2 lifetime 86400 crypto ikev1 policy 90 authentication pre-share encryption aes hash sha group 2 lifetime 86400 crypto ikev1 policy 100 authentication crack encryption 3des hash sha group 2 lifetime 86400 crypto ikev1 policy 110 authentication rsa-sig encryption 3des hash sha group 2 lifetime 86400 crypto ikev1 policy 120 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 crypto ikev1 policy 130 authentication crack encryption des hash sha group 2 lifetime 86400 crypto ikev1 policy 140 authentication rsa-sig encryption des hash sha group 2 lifetime 86400 crypto ikev1 policy 150 authentication pre-share encryption des hash sha group 2 lifetime 86400 telnet timeout 5 ssh timeout 5 console timeout 0 threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept webvpn group-policy RA_VPN internal group-policy RA_VPN attributes wins-server value 192.168.1.5 dns-server value 192.168.1.5 vpn-tunnel-protocol ikev1 split-tunnel-policy tunnelspecified split-tunnel-network-list value LAN default-domain value dungvh.com username vpnclient password UXU1JqgAdj2zRJuP encrypted privilege 0 username vpnclient attributes vpn-group-policy RA_VPN username cisco password 3USUcOPFUiMCO4Jk encrypted privilege 15 tunnel-group RA_VPN type remote-access tunnel-group RA_VPN general-attributes address-pool VPN-POOL default-group-policy RA_VPN tunnel-group RA_VPN ipsec-attributes ikev1 pre-shared-key 123456 ! ! prompt hostname context no call-home reporting anonymous call-home profile CiscoTAC-1 no active destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address email callhome@cisco.com destination transport-method http subscribe-to-alert-group diagnostic subscribe-to-alert-group environment subscribe-to-alert-group inventory periodic monthly subscribe-to-alert-group configuration periodic monthly subscribe-to-alert-group telemetry periodic daily crashinfo save disable Cryptochecksum:11f33a3aec383c8a166b05a1eb87b07b : end running-config asa.txt