Hoping someone can be of assistance. I am attempting to setup a site to site vpn with two cisco asas.Site A. 192.168.1.0, Static external IP, Cisco ASA 5520Site B. 10.0.0.0 Dynamic External IP, Cisco ASA 5505
After a few days of tinkering, I have the tunnel open and functioning, but I have a few issues that I can't pin down. I am sure its either a nat issue, or an acl, but I'm not sure which.
Site A cannot access any resources from site B, Site A cannot ping the asa at site B. Site B however, can access resources from site A. I also cannot access Site A's ASA from Site B(HTTP/ASDM).
Any thoughts? Any assistance appreciated.
Site A:
: Saved:: Serial Number: JMX1608X198: Hardware: ASA5520, 2048 MB RAM, CPU Pentium 4 Celeron 2000 MHz:ASA Version 9.1(7)16!hostname sm-inau-xasa01domain-name #################enable password ############## encryptedpasswd ################### encryptednamesip local pool VPN-Pool-4 192.168.1.175-192.168.1.199 mask 255.255.255.0!interface GigabitEthernet0/0 nameif outside security-level 0 ip address x.x.x.x.x 255.255.255.0!interface GigabitEthernet0/1 nameif inside security-level 100 ip address 192.168.1.1 255.255.255.0!interface GigabitEthernet0/2 shutdown no nameif no security-level no ip address!interface GigabitEthernet0/3 shutdown no nameif no security-level no ip address!interface Management0/0 management-only nameif management security-level 100 ip address 10.0.0.1 255.255.255.0!boot system disk0:/asa917-16-k8.binftp mode passiveclock timezone EST -5clock summer-time EDT recurringdns domain-lookup insidedns server-group DefaultDNS name-server 192.168.1.3 name-server 8.8.8.8 domain-name ww931.3759salem.comsame-security-traffic permit inter-interfacesame-security-traffic permit intra-interfaceobject network Gateway-Outside host 192.168.1.1 description IP Gatewayobject network WebTest host 192.168.1.200object network Web1 host 192.168.1.200object network Web host 192.168.1.200object service WebSR service tcp source eq wwwobject network NETWORK_OBJ_192.168.1.128_25 subnet 192.168.1.128 255.255.255.128object network 3759 subnet 192.168.1.0 255.255.255.0object network SiteB subnet 10.0.0.0 255.255.255.0object network Gateway host 192.168.0.1object network NETWORK_OBJ_192.168.1.0_24 subnet 192.168.1.0 255.255.255.0object-group service DM_INLINE_SERVICE_1 service-object tcp-udp destination eq www service-object tcp destination eq httpsobject-group protocol TCPUDP protocol-object udp protocol-object tcpobject-group service DM_INLINE_SERVICE_2 service-object icmp service-object icmp traceroute service-object icmp6 echo service-object icmp6 echo-reply service-object udp destination eq dnsixaccess-list outside_access_in extended permit object-group TCPUDP any object Web eq wwwaccess-list outside_access_in extended permit object-group DM_INLINE_SERVICE_1 any interface outsideaccess-list outside_access_in extended permit object-group DM_INLINE_SERVICE_2 any interface outsideaccess-list outside_access_in extended permit ip 192.168.1.0 255.255.255.0 object SiteBaccess-list Main standard permit 192.168.1.0 255.255.255.0access-list outside_cryptomap_65535.1_1 extended permit ip 192.168.1.0 255.255.255.0 object SiteBpager lines 24logging enablelogging asdm informationalmtu outside 1500mtu inside 1500mtu management 1500no failovericmp unreachable rate-limit 1 burst-size 1icmp permit any outsideicmp permit any insideicmp permit any managementasdm image disk0:/asdm-781.binno asdm history enablearp timeout 14400no arp permit-nonconnectednat (inside,outside) source static 3759 3759 destination static SiteB SiteB no-proxy-arp route-lookupnat (inside,outside) source static Web1 interface service any WebSRnat (any,outside) source dynamic any interfacenat (inside,outside) source static any any destination static NETWORK_OBJ_192.168.1.128_25 NETWORK_OBJ_192.168.1.128_25 no-proxy-arp route-lookup!nat (management,outside) after-auto source dynamic any interfaceaccess-group outside_access_in in interface outsideroute outside 0.0.0.0 0.0.0.0 192.168.0.1 1timeout xlate 3:00:00timeout pat-xlate 0:00:30timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolutetimeout tcp-proxy-reassembly 0:01:00timeout floating-conn 0:00:00ldap attribute-map anyconnectLDAP map-name memberOf Group-Policy map-value memberOf CN=vpnusers,CN=Users,DC=ww931,DC=3759salem,DC=com RemoteUsersdynamic-access-policy-record DfltAccessPolicyaaa-server WW931 protocol ldapaaa-server WW931 (inside) host 192.168.1.8 server-port 389 ldap-base-dn DC=domain,DC=com ldap-scope subtree ldap-naming-attribute samaccountname ldap-login-password ***** ldap-login-dn ciscoasavpn@domain.com server-type microsoft ldap-attribute-map anyconnectLDAPaaa-server DUO-LDAP protocol ldapaaa-server DUO-LDAP (outside) host api-dc6d7211.duosecurity.com timeout 60 server-port 636 ldap-base-dn dc=DITXENWKLNDVDHXAW6C5,dc=duosecurity,dc=com ldap-naming-attribute cn ldap-login-password ***** ldap-login-dn dc=DITXENWKLNDVDHXAW6C5,dc=duosecurity,dc=com ldap-over-ssl enable server-type auto-detectuser-identity default-domain LOCALaaa authentication ssh console LOCALhttp server enablehttp 10.0.0.0 255.255.255.0 managementhttp 192.168.1.0 255.255.255.0 insidehttp 10.0.0.0 255.255.255.255 insideno snmp-server locationno snmp-server contactcrypto ipsec ikev1 transform-set Main esp-aes-256 esp-sha-hmaccrypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmaccrypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmaccrypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmaccrypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmaccrypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmaccrypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmaccrypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmaccrypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transportcrypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmaccrypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transportcrypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmaccrypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transportcrypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmaccrypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transportcrypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmaccrypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transportcrypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmaccrypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transportcrypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmaccrypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmaccrypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmaccrypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transportcrypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmaccrypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transportcrypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmaccrypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmaccrypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmaccrypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transportcrypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmaccrypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transportcrypto ipsec ikev2 ipsec-proposal DES protocol esp encryption des protocol esp integrity sha-1 md5crypto ipsec ikev2 ipsec-proposal 3DES protocol esp encryption 3des protocol esp integrity sha-1 md5crypto ipsec ikev2 ipsec-proposal AES protocol esp encryption aes protocol esp integrity sha-1 md5crypto ipsec ikev2 ipsec-proposal AES192 protocol esp encryption aes-192 protocol esp integrity sha-1 md5crypto ipsec ikev2 ipsec-proposal AES256 protocol esp encryption aes-256 protocol esp integrity sha-1 md5crypto ipsec security-association pmtu-aging infinitecrypto dynamic-map outside_dyn_map 1 match address outside_cryptomap_65535.1_1crypto dynamic-map outside_dyn_map 1 set ikev1 transform-set Maincrypto dynamic-map outside_dyn_map 1 set reverse-routecrypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_mapcrypto map outside_map interface outsidecrypto ca trustpoint ASDM_TrustPoint0 enrollment self subject-name CN=sm-inau-xasa01 crl configurecrypto ca trustpoint ASDM_TrustPoint1 enrollment terminal subject-name CN=secure.blank.com,OU=IT,O=blank,C=US,St=IN,L=,EA=blank crl configurecrypto ca trustpoint ASDM_TrustPoint1_Pub enrollment terminal subject-name CN=secure.blank.com,OU=IT,O=blank,C=US,St=IN,L=,EA=blank keypair Public crl configurecrypto ca trustpoint AddTrustExt-Comodo enrollment terminal crl configurecrypto ca trustpoint ComodoRSACertA enrollment terminal crl configurecrypto ca trustpool policycrypto ca certificate chain ASDM_TrustPoint0 certificate bdcd1d5a 3082020f 30820178 a0030201 020204bd cd1d5a30 0d06092a 864886f7 0d010105 0500304c 31173015 06035504 03130e73 6d2d696e 61752d78 61736130 31313130 2f06092a 864886f7 0d010902 1622736d 2d696e61 752d7861 73613031 2e777739 33312e33 37353973 616c656d 2e636f6d 301e170d 31373131 32383233 35373337 5a170d32 37313132 36323335 3733375a 304c3117 30150603 55040313 0e736d2d 696e6175 2d786173 61303131 31302f06 092a8648 86f70d01 09021622 736d2d69 6e61752d 78617361 30312e77 77393331 2e333735 3973616c 656d2e63 6f6d3081 9f300d06 092a8648 86f70d01 01010500 03818d00 30818902 818100a6 0f809870 36c274f7 0017a34c 208e04d3 a02fef52 51c85edf 210c7bfd b7c2fa29 56dfa49c 6639b893 8824aad0 611fec95 822f6f23 da8bdd66 c2ccc62a 5f2c9dd3 3dedcfe0 bd22176d b7d8b452 a8083560 ab5daa41 c1095471 c0c9a316 aa782d37 6e3a33c6 19f654b2 21d44c9c 0d096358 61786b28 ac013b62 d5d4f7c5 82c4a502 03010001 300d0609 2a864886 f70d0101 05050003 818100a3 dbeba90a c7e98bb8 2ef3a128 4ce58f9a d94005b8 8ce2d5a4 8dd4aac7 0b8fd639 0af93e84 263d45ab cd163102 e9b53d98 044ef2c8 a4158afa d542d0dd 99fdd76d a288a85c 1d8bd7b8 7897e619 789510b0 2f234a93 33e707f2 69efcda4 148fd3fb cf51d5d8 f412a638 ba8dc486 32203329 811e427b 98fd71f2 396a7903 474fec quitcrypto ca certificate chain ASDM_TrustPoint1_Pub certificate 64816722b2a7363ab3bd4f2961522b9c 30820565 3082044d a0030201 02021064 816722b2 a7363ab3 bd4f2961 522b9c30 0d06092a 864886f7 0d01010b 05003081 90310b30 09060355 04061302 4742311b 30190603 55040813 12477265 61746572 204d616e 63686573 74657231 10300e06 03550407 13075361 6c666f72 64311a30 18060355 040a1311 434f4d4f 444f2043 41204c69 6d697465 64313630 34060355 0403132d 434f4d4f 444f2052 53412044 6f6d6169 6e205661 6c696461 74696f6e 20536563 75726520 53657276 65722043 41301e17 0d313731 31333030 30303030 305a170d 31383131 33303233 35393539 5a305d31 21301f06 0355040b 1318446f 6d61696e 20436f6e 74726f6c 2056616c 69646174 65643119 30170603 55040b13 10474753 534c2044 6f6d6169 6e205353 4c311d30 1b060355 04031314 73656375 72652e33 37353973 616c656d 2e636f6d 30820122 300d0609 2a864886 f70d0101 01050003 82010f00 3082010a 02820101 00900dc4 352eabdd 6df4b151 f4456e84 8b8aa157 9883b34c 786f962a 715b01bd 9b299ea0 29f7056c d6d16101 df93988e bd18cbc5 db5df756 18b32d58 35c51981 43b57f5b 5eed504c 89330e67 b731f506 042b14fc 88435540 b22ffa99 254fba92 6508b940 07950f8e 8f374bd5 f5c00a96 534abf8d 9403c8fc a626808f 4ac78d06 419ca2ab 9a463b33 ca25a601 333228c8 ae42c58d bd725968 8954b0cc 8e5389ba cf0ebc4a cbe96355 7b3db252 d935f85c e6a815c8 f8eb4da4 2eaaba28 57964a85 5271b096 7777ef3a bd7e6f11 139f7c3e 83415a83 ee0bbaec 8d0917ad 3bd29bc3 6cbaa84a c50113da 4eef823e d1a05564 d5154b20 fed1cb95 2687e5e5 dbe958ec 49020301 0001a382 01eb3082 01e7301f 0603551d 23041830 16801490 af6a3a94 5a0bd890 ea125673 df43b43a 28dae730 1d060355 1d0e0416 0414d873 88fb4667 5a0b3c29 992cf2c1 22e2dfa4 c592300e 0603551d 0f0101ff 04040302 05a0300c 0603551d 130101ff 04023000 301d0603 551d2504 16301406 082b0601 05050703 0106082b 06010505 07030230 4f060355 1d200448 3046303a 060b2b06 010401b2 31010202 07302b30 2906082b 06010505 07020116 1d687474 70733a2f 2f736563 7572652e 636f6d6f 646f2e63 6f6d2f43 50533008 06066781 0c010201 30540603 551d1f04 4d304b30 49a047a0 45864368 7474703a 2f2f6372 6c2e636f 6d6f646f 63612e63 6f6d2f43 4f4d4f44 4f525341 446f6d61 696e5661 6c696461 74696f6e 53656375 72655365 72766572 43412e63 726c3081 8506082b 06010505 07010104 79307730 4f06082b 06010505 07300286 43687474 703a2f2f 6372742e 636f6d6f 646f6361 2e636f6d 2f434f4d 4f444f52 5341446f 6d61696e 56616c69 64617469 6f6e5365 63757265 53657276 65724341 2e637274 30240608 2b060105 05073001 86186874 74703a2f 2f6f6373 702e636f 6d6f646f 63612e63 6f6d3039 0603551d 11043230 30821473 65637572 652e3337 35397361 6c656d2e 636f6d82 18777777 2e736563 7572652e 33373539 73616c65 6d2e636f 6d300d06 092a8648 86f70d01 010b0500 03820101 001fec6b 507b8493 714dc7aa fe3fc772 671aad0f c61bd33c a5b1a251 d0e61db3 e93d6a67 dce8a355 1dd370b4 bf32e1fe 0fba5dc6 69bcdb73 e702072f 125dada1 ad0dcf99 d7853bb1 b7d5b19d b00a7349 81b068c6 98d363f2 3f31346b 58e4c05e 15f54d1d 501daa96 4a9e5087 b1fb9fdc 74834ab7 c6205a6a faee5c89 323f3bbe 3284dda9 0a38bd99 538e4a3f 479a40c2 cc21c080 c548f5fe 4c01a710 9bab93cb 26fc42ae 558a1db8 a9d3e81e f53de5ea 86c7c8dd 5f686728 b8b47986 b8e12e8f 56a3a937 5fb2b433 f192e868 e0804702 76e1b491 dd99cd5d 2e046131 f3ff8939 6867cbcf efc5ad8b 5cb0641c b75ac10a e7dfc7c4 04a9dd77 12ad7c25 b371976b 5d quitcrypto ca certificate chain AddTrustExt-Comodo certificate ca 2766ee56eb49f38eabd770a2fc84de22 30820574 3082045c a0030201 02021027 66ee56eb 49f38eab d770a2fc 84de2230 0d06092a 864886f7 0d01010c 0500306f 310b3009 06035504 06130253 45311430 12060355 040a130b 41646454 72757374 20414231 26302406 0355040b 131d4164 64547275 73742045 78746572 6e616c20 54545020 4e657477 6f726b31 22302006 03550403 13194164 64547275 73742045 78746572 6e616c20 43412052 6f6f7430 1e170d30 30303533 30313034 3833385a 170d3230 30353330 31303438 33385a30 8185310b 30090603 55040613 02474231 1b301906 03550408 13124772 65617465 72204d61 6e636865 73746572 3110300e 06035504 07130753 616c666f 7264311a 30180603 55040a13 11434f4d 4f444f20 4341204c 696d6974 6564312b 30290603 55040313 22434f4d 4f444f20 52534120 43657274 69666963 6174696f 6e204175 74686f72 69747930 82022230 0d06092a 864886f7 0d010101 05000382 020f0030 82020a02 82020100 91e85492 d20a56b1 ac0d24dd c5cf4467 74992b37 a37d2370 0071bc53 dfc4fa2a 128f4b7f 1056bd9f 7072b761 7fc94b0f 17a73de3 b00461ee ff1197c7 f4863e0a fa3e5cf9 93e6347a d9146be7 9cb385a0 827a76af 7190d7ec fd0dfa9c 6cfadfb0 82f4147e f9bec4a6 2f4f7f99 7fb5fc67 4372bd0c 00d689eb 6b2cd3ed 8f981c14 ab7ee5e3 6efcd8a8 e49224da 436b62b8 55fdeac1 bc6cb68b f30e8d9a e49b6c69 99f87848 3045d5ad e10d3c45 60fc3296 5127bc67 c3ca2eb6 6bea46c7 c720a0b1 1f65de48 08baa44e a9f28346 3784ebe8 cc814843 674e722a 9b5cbd4c 1b288a5c 227bb4ab 98d9eee0 5183c309 464e6d3e 99fa9517 da7c3357 413c8d51 ed0bb65c af2c631a df57c83f bce95dc4 9baf4599 e2a35a24 b4baa956 3dcf6faa ff4958be f0a8fff4 b8ade937 fbbab8f4 0b3af9e8 43421e89 d884cb13 f1d9bbe1 8960b88c 2856ac14 1d9c0ae7 71ebcf0e dd3da996 a148bd3c f7afb50d 224cc011 81ec563b f6d3a2e2 5bb7b204 22529580 9369e88e 4c65f191 032d7074 02ea8b67 15296952 02bbd7df 506a5546 bfa0a328 617f70d0 c3a2aa2c 21aa47ce 289c0645 76bf8218 27b4d5ae b4cb50e6 6bf44c86 7130e9a6 df1686e0 d8ff40dd fbd04288 7fa3333a 2e5c1e41 118163ce 18716b2b eca68ab7 315c3a6a 47e0c379 59d6201a aff26a98 aa72bc57 4ad24b9d bb10fcb0 4c41e5ed 1d3d5e28 9d9cccbf b351daa7 47e58453 02030100 01a381f4 3081f130 1f060355 1d230418 30168014 adbd987a 34b426f7 fac42654 ef03bde0 24cb541a 301d0603 551d0e04 160414bb af7e023d faa6f13c 848eadee 3898ecd9 3232d430 0e060355 1d0f0101 ff040403 02018630 0f060355 1d130101 ff040530 030101ff 30110603 551d2004 0a300830 06060455 1d200030 44060355 1d1f043d 303b3039 a037a035 86336874 74703a2f 2f63726c 2e757365 72747275 73742e63 6f6d2f41 64645472 75737445 78746572 6e616c43 41526f6f 742e6372 6c303506 082b0601 05050701 01042930 27302506 082b0601 05050730 01861968 7474703a 2f2f6f63 73702e75 73657274 72757374 2e636f6d 300d0609 2a864886 f70d0101 0c050003 82010100 64bf83f1 5f9a85d0 cdb8a129 570de85a f7d1e93e f276046e f15270bb 1e3cff4d 0d746acc 818225d3 c3a02a5d 4cf5ba8b a16dc454 0975c7e3 270e5d84 79374013 77f5b4ac 1cd03bab 1712d6ef 34187e2b e979d3ab 57450caf 28fad0db e5509588 bbdf8557 697d92d8 52ca7381 bf1cf3e6 b86e6611 05b31e94 2d7f9195 9259f14c cea39171 4c7c470c 3b0b19f6 a1b16c86 3e5caac4 2e82cbf9 0796ba48 4d90f294 c8a973a2 eb067b23 9ddea2f3 4d559f7a 61459818 68c75e40 6b23f579 7aef8cb5 6b8bb76f 46f47bf1 3d4b04d8 9380595a e041241d b28f1560 5847dbef 6e46fd15 f5d95f9a b3dbd8b8 e440b3cd 9739ae85 bb1d8ebc dc879bd1 a6eff13b 6f10386f quitcrypto ca certificate chain ComodoRSACertA certificate ca 2b2e6eead975366c148a6edba37c8c07 30820608 308203f0 a0030201 0202102b 2e6eead9 75366c14 8a6edba3 7c8c0730 0d06092a 864886f7 0d01010c 05003081 85310b30 09060355 04061302 4742311b 30190603 55040813 12477265 61746572 204d616e 63686573 74657231 10300e06 03550407 13075361 6c666f72 64311a30 18060355 040a1311 434f4d4f 444f2043 41204c69 6d697465 64312b30 29060355 04031322 434f4d4f 444f2052 53412043 65727469 66696361 74696f6e 20417574 686f7269 7479301e 170d3134 30323132 30303030 30305a17 0d323930 32313132 33353935 395a3081 90310b30 09060355 04061302 4742311b 30190603 55040813 12477265 61746572 204d616e 63686573 74657231 10300e06 03550407 13075361 6c666f72 64311a30 18060355 040a1311 434f4d4f 444f2043 41204c69 6d697465 64313630 34060355 0403132d 434f4d4f 444f2052 53412044 6f6d6169 6e205661 6c696461 74696f6e 20536563 75726520 53657276 65722043 41308201 22300d06 092a8648 86f70d01 01010500 0382010f 00308201 0a028201 01008ec2 0219e1a0 59a4eb38 358d2cfd 01d0d349 c064c70b 62054516 3aa8a0c0 0c027f1d ccdbc4a1 6d7703a3 0f86f9e3 069c3e0b 818a9b49 1bad03be fa4bdb8c 20edd5ce 5e658e3e 0daf4cc2 b0b7455e 522f34de 482464b4 41ae0097 f7be67de 9ed07aa7 53803b7c adf59655 6f97470a 7c858b22 978db384 e09657d0 70186096 8fee2d07 939da1ba cad1cd7b e9c42a9a 2821914d 6f924f25 a5f27a35 dd26dc46 a5d0ac59 358cff4e 9143503f 59931e6c 5121ee58 14abfe75 50783e4c b01c8613 fa6b98bc e03b941e 8552dc03 9324186e cb275145 e670de25 43a40de1 4aa5edb6 7ec8cd6d ee2e1d27 735ddc45 3080aae3 b2410baf bd4487da b9e51b9d 7faee585 82a50203 010001a3 82016530 82016130 1f060355 1d230418 30168014 bbaf7e02 3dfaa6f1 3c848ead ee3898ec d93232d4 301d0603 551d0e04 16041490 af6a3a94 5a0bd890 ea125673 df43b43a 28dae730 0e060355 1d0f0101 ff040403 02018630 12060355 1d130101 ff040830 060101ff 02010030 1d060355 1d250416 30140608 2b060105 05070301 06082b06 01050507 0302301b 0603551d 20041430 12300606 04551d20 00300806 0667810c 01020130 4c060355 1d1f0445 30433041 a03fa03d 863b6874 74703a2f 2f63726c 2e636f6d 6f646f63 612e636f 6d2f434f 4d4f444f 52534143 65727469 66696361 74696f6e 41757468 6f726974 792e6372 6c307106 082b0601 05050701 01046530 63303b06 082b0601 05050730 02862f68 7474703a 2f2f6372 742e636f 6d6f646f 63612e63 6f6d2f43 4f4d4f44 4f525341 41646454 72757374 43412e63 72743024 06082b06 01050507 30018618 68747470 3a2f2f6f 6373702e 636f6d6f 646f6361 2e636f6d 300d0609 2a864886 f70d0101 0c050003 82020100 4e2b764f 921c6236 89ba77c1 2705f41c d6449da9 9a3eaad5 6666013e ea49e6a2 35bcfaf6 dd958e99 35980e36 1875b1dd dd50727c aedc7788 ce0ff790 20caa367 2e1f567f 7be144ea 4295c45d 0d015046 15f28189 596c8add 8cf112a1 8d3a428a 98f84b34 7b273b08 b46f243b 729d6374 583c1a6c 3f4fc711 9ac8a8f5 b537ef10 45c66cd9 e05e9526 b3ebada3 b9ee7f0c 9a663573 32604ee5 dd8a612c 6e521177 6896d318 75511500 1b7488dd e1c73804 4328e916 fdd905d4 5d472760 d6fb383b 6c72a294 f8421adf ed6f068c 45c20600 aae4e8dc d9b5e173 78ecf623 dcd1dd6c 8e1a8fa5 ea547c96 b7c3fe55 8e8d495e fc64bbcf 3ebd96eb 69cdbfe0 48f16282 10e50c46 57f233da d0c863ed c61f9405 964a1a91 d1f7ebcf 8f52ae0d 08d93ea8 a051e9c1 8774d5c9 f774ab2e 53fbbb7a fb97e2f8 1f268fb3 d2a0e037 5b283b31 e50e572d 5ab8ad79 ac5e2066 1aa5b9a6 b539c1f5 9843ffee f9a7a7fd eeca243d 8016c417 8f8ac160 a10cae5b 4347914b d59a175f f9d487c1 c28cb7e7 e20f3019 3786ace0 dc4203e6 94a89dae fd0f2451 94ce9208 d1fc50f0 03407b88 59ed0edd acd27782 34dc0695 02d890f9 2dea37d5 1a60d067 20d7d842 0b45af82 68dedd66 24379029 94194619 25b880d7 cbd48628 6a447026 2362a99f 866fbfba 9070d256 778578ef ea25a917 ce50728c 003aaae3 db63349f f8067101 e28220d4 fe6fbdb1 quitcrypto ikev2 policy 1 encryption aes-256 integrity sha group 5 2 prf sha lifetime seconds 86400crypto ikev2 policy 10 encryption aes-192 integrity sha group 5 2 prf sha lifetime seconds 86400crypto ikev2 policy 20 encryption aes integrity sha group 5 2 prf sha lifetime seconds 86400crypto ikev2 policy 30 encryption 3des integrity sha group 5 2 prf sha lifetime seconds 86400crypto ikev2 policy 40 encryption des integrity sha group 5 2 prf sha lifetime seconds 86400crypto ikev2 enable outsidecrypto ikev2 remote-access trustpoint ASDM_TrustPoint1_Pubcrypto ikev1 enable outsidecrypto ikev1 policy 10 authentication pre-share encryption aes-256 hash sha group 2 lifetime 86400crypto ikev1 policy 20 authentication rsa-sig encryption aes-256 hash sha group 2 lifetime 86400crypto ikev1 policy 40 authentication pre-share encryption aes-192 hash sha group 2 lifetime 86400crypto ikev1 policy 50 authentication rsa-sig encryption aes-192 hash sha group 2 lifetime 86400crypto ikev1 policy 70 authentication pre-share encryption aes hash sha group 2 lifetime 86400crypto ikev1 policy 80 authentication rsa-sig encryption aes hash sha group 2 lifetime 86400crypto ikev1 policy 100 authentication pre-share encryption 3des hash sha group 2 lifetime 86400crypto ikev1 policy 110 authentication rsa-sig encryption 3des hash sha group 2 lifetime 86400crypto ikev1 policy 130 authentication pre-share encryption des hash sha group 2 lifetime 86400crypto ikev1 policy 140 authentication rsa-sig encryption des hash sha group 2 lifetime 86400telnet 192.168.1.0 255.255.255.0 insidetelnet 10.0.0.0 255.255.255.0 managementtelnet timeout 5ssh stricthostkeycheckssh 192.168.1.0 255.255.255.0 insidessh 10.0.0.0 255.255.255.0 managementssh timeout 5ssh key-exchange group dh-group1-sha1console timeout 0management-access insidedhcpd dns 192.168.1.3 8.8.8.8dhcpd update dns both!dhcpd address 192.168.1.200-192.168.1.254 insidedhcpd dns 192.168.1.3 8.8.8.8 interface insidedhcpd enable inside!dhcpd address 10.0.0.2-10.0.0.254 managementdhcpd domain domain.com interface managementdhcpd enable management!threat-detection basic-threatthreat-detection statistics portthreat-detection statistics protocolno threat-detection statistics access-listthreat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200ssl trust-point ASDM_TrustPoint1_Pub outsidewebvpn enable outside no anyconnect-essentials anyconnect image disk0:/anyconnect-win-3.1.09013-k9.pkg 1 anyconnect image disk0:/anyconnect-macosx-i386-3.1.09013-k9.pkg 2 anyconnect image disk0:/anyconnect-linux-64-3.1.09013-k9.pkg 3 anyconnect image disk0:/anyconnect-linux-3.1.03103-k9.pkg 4 anyconnect profiles Main disk0:/main.xml anyconnect enable tunnel-group-list enable cache disablegroup-policy NOACCESS internalgroup-policy NOACCESS attributes wins-server none dns-server value 192.168.1.3 vpn-simultaneous-logins 0 vpn-tunnel-protocol ssl-client ssl-clientless default-domain value blank.comgroup-policy DfltGrpPolicy attributes vpn-tunnel-protocol ikev1 l2tp-ipsec default-domain value blank.comgroup-policy GroupPolicy_InternalVPN internalgroup-policy GroupPolicy_InternalVPN attributes wins-server none dns-server value 192.168.1.3 vpn-tunnel-protocol l2tp-ipsec default-domain value ww931.3759salem.comgroup-policy RemoteUsers internalgroup-policy RemoteUsers attributes vpn-simultaneous-logins 25 vpn-idle-timeout 999 vpn-session-timeout none vpn-tunnel-protocol ssl-client ssl-clientless split-tunnel-policy tunnelspecified split-tunnel-network-list value Main split-tunnel-all-dns disable webvpn anyconnect profiles value Main type userusername test password ######## encryptedusername local password ###### encrypted privilege 15tunnel-group DefaultL2LGroup ipsec-attributes ikev1 pre-shared-key ***** ikev2 local-authentication pre-shared-key *****tunnel-group InternalVPN type remote-accesstunnel-group InternalVPN general-attributes address-pool VPN-Pool-4 default-group-policy GroupPolicy_InternalVPNtunnel-group InternalVPN webvpn-attributes group-alias InternalVPN disabletunnel-group CORPVPN type remote-accesstunnel-group CORPVPN general-attributes address-pool VPN-Pool-4 authentication-server-group WW931 secondary-authentication-server-group DUO-LDAP use-primary-username default-group-policy NOACCESStunnel-group CORPVPN webvpn-attributes group-alias CorpVPN enable!class-map global-class match default-inspection-trafficclass-map inspection_default match default-inspection-traffic!!policy-map type inspect dns preset_dns_map parameters message-length maximum client auto message-length maximum 512policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect ip-optionspolicy-map global-policy class global-class inspect ftp inspect h323 h225 inspect h323 ras inspect icmp!service-policy global-policy globalprompt hostname contextno call-home reporting anonymoushpm topN enableCryptochecksum:e9c019392317c59180e16a0f1352cce0: endI am unable to add the Site B config directly to this post without removing part of the text, to keep its integrity, I am simply linking to it. If someone can provide another option, that would be much appreciated. https://pastebin.com/D8kpibsJ
