Top-Themen

AppleEntwicklungHardwareInternetLinuxMicrosoftMultimediaNetzwerkeOff TopicSicherheitSonstige SystemeVirtualisierungWeiterbildungZusammenarbeit

Aktuelle Themen

Administrator.de FeedbackApache ServerAppleAssemblerAudioAusbildungAuslandBackupBasicBatch & ShellBenchmarksBibliotheken & ToolkitsBlogsCloud-DiensteClusterCMSCPU, RAM, MainboardsCSSC und C++DatenbankenDatenschutzDebianDigitiales FernsehenDNSDrucker und ScannerDSL, VDSLE-BooksE-BusinessE-MailEntwicklungErkennung und -AbwehrExchange ServerFestplatten, SSD, RaidFirewallFlatratesGoogle AndroidGrafikGrafikkarten & MonitoreGroupwareHardwareHosting & HousingHTMLHumor (lol)Hyper-VIconsIDE & EditorenInformationsdiensteInstallationInstant MessagingInternetInternet DomäneniOSISDN & AnaloganschlüsseiTunesJavaJavaScriptKiXtartKVMLAN, WAN, WirelessLinuxLinux DesktopLinux NetzwerkLinux ToolsLinux UserverwaltungLizenzierungMac OS XMicrosoftMicrosoft OfficeMikroTik RouterOSMonitoringMultimediaMultimedia & ZubehörNetzwerkeNetzwerkgrundlagenNetzwerkmanagementNetzwerkprotokolleNotebook & ZubehörNovell NetwareOff TopicOpenOffice, LibreOfficeOutlook & MailPapierkorbPascal und DelphiPeripheriegerätePerlPHPPythonRechtliche FragenRedHat, CentOS, FedoraRouter & RoutingSambaSAN, NAS, DASSchriftartenSchulung & TrainingSEOServerServer-HardwareSicherheitSicherheits-ToolsSicherheitsgrundlagenSolarisSonstige SystemeSoziale NetzwerkeSpeicherkartenStudentenjobs & PraktikumSuche ProjektpartnerSuseSwitche und HubsTipps & TricksTK-Netze & GeräteUbuntuUMTS, EDGE & GPRSUtilitiesVB for ApplicationsVerschlüsselung & ZertifikateVideo & StreamingViren und TrojanerVirtualisierungVisual StudioVmwareVoice over IPWebbrowserWebentwicklungWeiterbildungWindows 7Windows 8Windows 10Windows InstallationWindows MobileWindows NetzwerkWindows ServerWindows SystemdateienWindows ToolsWindows UpdateWindows UserverwaltungWindows VistaWindows XPXenserverXMLZusammenarbeit
GELÖST

Cisco ASA 5545-X (Routing) - AnyConnect Verbindung und Internet klappt. Intranet (http und https) nicht.

Frage Netzwerke Router & Routing

Mitglied: edgar.tob

edgar.tob (Level 1) - Jetzt verbinden

03.07.2014, aktualisiert 16:19 Uhr, 1444 Aufrufe, 2 Kommentare

Hallo Zusammen,

ich habe ein Problem mit einem ASA 5545-X. Und zwar kann ich bei bestehender VPN-Verbindung (von außerhalb unseres IP-Bereiches) unsere Internetseiten im LAN-Adressbereich nicht erreichen. Die Adressen kann ich soweit alle anpingen (DNS-Auflösung funktioniert ebenfalls), allerdings funktioniert halt der Zugriff im Browser (http + https) nicht.
Alle anderen Seiten im Internet funktionieren, wenn ich mich via Anyconnect in das Netz eingewählt habe. Die User authentifizieren sich an unserm Radius-Server, und bekommen eine Adresse aus unserm Adresspool zugewiesen.

Die Routen sollten denke ich auch ok sein, da ich ja alles pingen kann. Die Traceroute - Ausgaben sehen ebenfalls gut aus.

Hat vielleicht einer ne Idee was das seien kann ? Ich finde aktuell den Fehler leider nicht.


01.
 
02.
ASA Version 9.2(1)  
03.
04.
hostname ********** 
05.
domain-name anyconnect.uni-*******.de 
06.
enable password 2WLH8Q4ppJ2r7cR8 encrypted 
07.
xlate per-session permit udp any4 any6 eq domain 
08.
xlate per-session permit tcp any4 any4 
09.
xlate per-session permit udp any4 any4 eq domain 
10.
xlate per-session permit udp any6 any4 eq domain 
11.
xlate per-session permit tcp any6 any6 
12.
xlate per-session permit udp any6 any6 eq domain 
13.
xlate per-session permit tcp any6 any4 
14.
xlate per-session permit tcp any4 any6 
15.
passwd FViwCES1DCeOTbKA encrypted 
16.
names 
17.
ip local pool 237 ***.250.237.2-***.250.237.249 mask 255.255.255.0 
18.
19.
interface GigabitEthernet0/0 
20.
 nameif Extern 
21.
 security-level 100 
22.
 ip address ***.250.184.209 255.255.255.240  
23.
 ospf cost 10 
24.
25.
interface GigabitEthernet0/1 
26.
 nameif Intern 
27.
 security-level 0 
28.
 ip address ***.250.184.153 255.255.255.248  
29.
 ospf cost 10 
30.
31.
interface GigabitEthernet0/2 
32.
 shutdown 
33.
 no nameif 
34.
 no security-level 
35.
 no ip address 
36.
37.
interface GigabitEthernet0/3 
38.
 shutdown 
39.
 no nameif 
40.
 no security-level 
41.
 no ip address 
42.
43.
interface GigabitEthernet0/4 
44.
 shutdown 
45.
 no nameif 
46.
 no security-level 
47.
 no ip address 
48.
49.
interface GigabitEthernet0/5 
50.
 shutdown 
51.
 no nameif 
52.
 no security-level 
53.
 no ip address 
54.
55.
interface GigabitEthernet0/6 
56.
 shutdown 
57.
 no nameif 
58.
 no security-level 
59.
 no ip address 
60.
61.
interface GigabitEthernet0/7 
62.
 shutdown 
63.
 no nameif 
64.
 no security-level 
65.
 no ip address 
66.
67.
interface Management0/0 
68.
 management-only 
69.
 nameif management 
70.
 security-level 100 
71.
 ip address ***.16.1.71 255.255.255.0  
72.
73.
boot system disk0:/asa921-smp-k8.bin 
74.
boot system disk0:/asa913-smp-k8.bin 
75.
boot system disk0:/asa912-smp-k8.bin 
76.
boot system disk0:/asa911-smp-k8.bin 
77.
ftp mode passive 
78.
clock timezone CEST 1 
79.
clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00 
80.
dns domain-lookup Extern 
81.
dns domain-lookup Intern 
82.
dns server-group DefaultDNS 
83.
 name-server ***.250.1.7 
84.
 name-server ***.250.3.10 
85.
 domain-name anyconnect.uni-*******.de 
86.
same-security-traffic permit inter-interface 
87.
same-security-traffic permit intra-interface 
88.
object network uni-duisburg 
89.
 subnet 134.91.0.0 255.255.0.0 
90.
object network uni-essen 
91.
 subnet ***.250.0.0 255.255.0.0 
92.
object network vpn-netz 
93.
 subnet ***.250.137.0 255.255.255.0 
94.
object-group protocol DM_INLINE_PROTOCOL_1 
95.
 protocol-object ip 
96.
 protocol-object icmp 
97.
object-group protocol DM_INLINE_PROTOCOL_2 
98.
 protocol-object ip 
99.
 protocol-object icmp 
100.
object-group protocol DM_INLINE_PROTOCOL_3 
101.
 protocol-object ip 
102.
 protocol-object icmp 
103.
object-group network uni-******* 
104.
 network-object object uni-duisburg 
105.
 network-object object uni-essen 
106.
object-group protocol DM_INLINE_PROTOCOL_5 
107.
 protocol-object ip 
108.
 protocol-object icmp 
109.
object-group protocol DM_INLINE_PROTOCOL_6 
110.
 protocol-object ip 
111.
 protocol-object icmp 
112.
object-group protocol DM_INLINE_PROTOCOL_7 
113.
 protocol-object ip 
114.
 protocol-object icmp 
115.
object-group protocol DM_INLINE_PROTOCOL_4 
116.
 protocol-object ip 
117.
 protocol-object icmp 
118.
object-group protocol DM_INLINE_PROTOCOL_8 
119.
 protocol-object ip 
120.
 protocol-object icmp 
121.
access-list Intern_access_in extended permit object-group DM_INLINE_PROTOCOL_3 any any  
122.
access-list Intern_access_out extended permit object-group DM_INLINE_PROTOCOL_4 any any  
123.
access-list Extern_access_out extended permit object-group DM_INLINE_PROTOCOL_2 any any  
124.
access-list Extern_access_out extended permit object-group DM_INLINE_PROTOCOL_6 object vpn-netz object-group uni-******* inactive  
125.
access-list Extern_access_out extended permit object-group DM_INLINE_PROTOCOL_8 object-group uni-******* object vpn-netz inactive  
126.
access-list Extern_access_in extended permit object-group DM_INLINE_PROTOCOL_1 any any  
127.
access-list Extern_access_in extended permit object-group DM_INLINE_PROTOCOL_5 object vpn-netz object-group uni-******* inactive  
128.
access-list Extern_access_in extended permit object-group DM_INLINE_PROTOCOL_7 object-group uni-******* object vpn-netz inactive  
129.
access-list global_access extended permit ip any any  
130.
pager lines 24 
131.
logging enable 
132.
logging asdm informational 
133.
no logging message 106015 
134.
no logging message 313001 
135.
no logging message 313008 
136.
no logging message 106023 
137.
no logging message 710003 
138.
no logging message 106100 
139.
no logging message 302015 
140.
no logging message 302014 
141.
no logging message 302013 
142.
no logging message 302018 
143.
no logging message 302017 
144.
no logging message 302016 
145.
no logging message 302021 
146.
no logging message 302020 
147.
flow-export destination management ***.16.1.249 9985 
148.
mtu Extern 1500 
149.
mtu Intern 1500 
150.
mtu management 1500 
151.
no failover 
152.
icmp unreachable rate-limit 1 burst-size 1 
153.
icmp permit any Intern 
154.
icmp permit any management 
155.
asdm image disk0:/asdm-721.bin 
156.
no asdm history enable 
157.
arp timeout 14400 
158.
no arp permit-nonconnected 
159.
access-group Extern_access_in in interface Extern 
160.
access-group Extern_access_out out interface Extern 
161.
access-group Intern_access_in in interface Intern 
162.
access-group Intern_access_out out interface Intern 
163.
access-group global_access global 
164.
route Extern 0.0.0.0 0.0.0.0 ***.250.184.222 1 
165.
route Intern ***.250.0.0 255.255.0.0 ***.250.184.158 1 
166.
route Intern 134.91.0.0 255.255.0.0 ***.250.184.158 1 
167.
timeout xlate 3:00:00 
168.
timeout pat-xlate 0:00:30 
169.
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 
170.
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 
171.
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 
172.
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute 
173.
timeout tcp-proxy-reassembly 0:01:00 
174.
timeout floating-conn 0:00:00 
175.
dynamic-access-policy-record DfltAccessPolicy 
176.
aaa-server RADIUS1 protocol radius 
177.
 interim-accounting-update 
178.
aaa-server RADIUS1 (Intern) host ***.250.181.92 
179.
 key ***** 
180.
 authentication-port 1812 
181.
 accounting-port 1813 
182.
aaa-server RADIUS1 (Intern) host 134.91.4.162 
183.
 key ***** 
184.
 authentication-port 1812 
185.
 accounting-port 1813 
186.
user-identity default-domain LOCAL 
187.
aaa authentication ssh console LOCAL  
188.
http server enable 
189.
http ***.16.1.0 255.255.255.0 management 
190.
http ***.250.164.0 255.255.255.0 Intern 
191.
http redirect Extern 80 
192.
snmp-server host management ***.16.1.249 community ***** version 2c 
193.
snmp-server host management ***.16.1.253 community ***** version 2c 
194.
no snmp-server location 
195.
no snmp-server contact 
196.
snmp-server community ***** 
197.
no sysopt connection permit-vpn 
198.
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac  
199.
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac  
200.
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac  
201.
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac  
202.
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac  
203.
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac  
204.
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac  
205.
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac  
206.
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac  
207.
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac  
208.
crypto ipsec ikev2 ipsec-proposal AES256 
209.
 protocol esp encryption aes-256 
210.
 protocol esp integrity sha-1 md5 
211.
crypto ipsec ikev2 ipsec-proposal AES192 
212.
 protocol esp encryption aes-192 
213.
 protocol esp integrity sha-1 md5 
214.
crypto ipsec ikev2 ipsec-proposal AES 
215.
 protocol esp encryption aes 
216.
 protocol esp integrity sha-1 md5 
217.
crypto ipsec ikev2 ipsec-proposal 3DES 
218.
 protocol esp encryption 3des 
219.
 protocol esp integrity sha-1 md5 
220.
crypto ipsec ikev2 ipsec-proposal DES 
221.
 protocol esp encryption des 
222.
 protocol esp integrity sha-1 md5 
223.
crypto ipsec security-association pmtu-aging infinite 
224.
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 
225.
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES 
226.
crypto map Extern_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP 
227.
crypto map Extern_map interface Extern 
228.
crypto map Intern_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP 
229.
crypto map Intern_map interface Intern 
230.
crypto ca trustpoint ASDM_TrustPoint0 
231.
 enrollment self 
232.
 subject-name CN=VPN1-1 
233.
 keypair Test 
234.
 proxy-ldc-issuer 
235.
 crl configure 
236.
crypto ca trustpoint ASDM_TrustPoint1 
237.
 enrollment terminal 
238.
 crl configure 
239.
crypto ca trustpoint ASDM_TrustPoint2 
240.
 enrollment terminal 
241.
 crl configure 
242.
crypto ca trustpoint ASDM_TrustPoint4 
243.
 enrollment terminal 
244.
 crl configure 
245.
crypto ca trustpoint VPN_UNI-*******_1 
246.
 crl configure 
247.
crypto ca trustpoint VPN_UNI-*******_PRIVATE 
248.
 crl configure 
249.
crypto ca trustpoint VPN_UNI_*******_1 
250.
 keypair VPN_UNI_******* 
251.
 crl configure 
252.
crypto ca trustpoint Test 
253.
 enrollment terminal 
254.
 crl configure 
255.
crypto ca trustpoint ASDM_TrustPoint3 
256.
 enrollment terminal 
257.
 crl configure 
258.
crypto ca trustpoint ASDM_TrustPoint5 
259.
 enrollment terminal 
260.
 crl configure 
261.
crypto ca trustpool policy 
262.
crypto ca certificate chain ASDM_TrustPoint0 
263.
 certificate 705a5f52 
264.
    30820331 30820219 a0030201 02020470 5a5f5230 0d06092a 864886f7 0d010105  
265.
    05003028 310f300d 06035504 03130656 504e312d 31311530 1306092a 864886f7  
266.
    0d010902 16065650 4e312d31 301e170d 31333131 31333131 34373435 5a170d32  
267.
        [abgeschnitten] 
268.
    be6402e7 c1bb7b0e 058cce75 d3ff99e1 cb0d99ea 8e93321d 409898b6 a8c16228  
269.
    86b3af2b 21f5a391 fba40ae6 8ce4c114 7ff067b0 27 
270.
  quit 
271.
crypto ca certificate chain VPN_UNI_*******_1 
272.
 certificate 17c7cd8ca97e8e 
273.
    30820758 30820640 a0030201 02020717 c7cd8ca9 7e8e300d 06092a86 4886f70d  
274.
    01010b05 003081c6 310b3009 06035504 06130244 45312430 22060355 040a131b  
275.
    556e6976 65727369 74616574 20447569 73627572 672d4573 73656e31 35303306  
276.
    0355040b ***c5a65 6e747275 6d206675 65722049 6e666f72 6d617469 6f6e732d  
277.
        [abgeschnitten] 
278.
    
279.
    8d0694dd c7b87559 8d0fb36f cb6ea1b0 341937e3 6173adea 6db47324 a55334ad  
280.
    9a699d2d 6ec5cc63 9ee03e2d 982e82dc 8e40c554 3de33368 f97169b5 
281.
  quit 
282.
crypto ca certificate chain Test 
283.
 certificate 17c7cd8ca97e8e 
284.
    30820758 30820640 a0030201 02020717 c7cd8ca9 7e8e300d 06092a86 4886f70d  
285.
    01010b05 003081c6 310b3009 06035504 06130244 45312430 22060355 040a131b  
286.
        [abgeschnitten] 
287.
    6404fe05 3276b873 6caafa3f b1f6e9d0 cf988b0d 665e1d8b 28d44e9b 300a39da  
288.
    8d0694dd c7b87559 8d0fb36f cb6ea1b0 341937e3 6173adea 6db47324 a55334ad  
289.
    9a699d2d 6ec5cc63 9ee03e2d 982e82dc 8e40c554 3de33368 f97169b5 
290.
  quit 
291.
crypto ca certificate chain ASDM_TrustPoint3 
292.
 certificate 17c7cd8ca97e8e 
293.
    30820758 30820640 a0030201 02020717 c7cd8ca9 7e8e300d 06092a86 4886f70d  
294.
    01010b05 003081c6 310b3009 06035504 06130244 45312430 22060355 040a131b  
295.
    [abgeschnitten] 
296.
    8d0694dd c7b87559 8d0fb36f cb6ea1b0 341937e3 6173adea 6db47324 a55334ad  
297.
    9a699d2d 6ec5cc63 9ee03e2d 982e82dc 8e40c554 3de33368 f97169b5 
298.
  quit 
299.
crypto ca certificate chain ASDM_TrustPoint5 
300.
 certificate 17c7cd8ca97e8e 
301.
    30820758 30820640 a0030201 02020717 c7cd8ca9 7e8e300d 06092a86 4886f70d  
302.
    01010b05 003081c6 310b3009 06035504 06130244 45312430 22060355 040a131b  
303.
        [abgeschnitten] 
304.
    6404fe05 3276b873 6caafa3f b1f6e9d0 cf988b0d 665e1d8b 28d44e9b 300a39da  
305.
    8d0694dd c7b87559 8d0fb36f cb6ea1b0 341937e3 6173adea 6db47324 a55334ad  
306.
    9a699d2d 6ec5cc63 9ee03e2d 982e82dc 8e40c554 3de33368 f97169b5 
307.
  quit 
308.
crypto ikev2 policy 1 
309.
 encryption aes-256 
310.
 integrity sha 
311.
 group 5 2 
312.
 prf sha 
313.
 lifetime seconds 86400 
314.
crypto ikev2 policy 10 
315.
 encryption aes-192 
316.
 integrity sha 
317.
 group 5 2 
318.
 prf sha 
319.
 lifetime seconds 86400 
320.
crypto ikev2 policy 20 
321.
 encryption aes 
322.
 integrity sha 
323.
 group 5 2 
324.
 prf sha 
325.
 lifetime seconds 86400 
326.
crypto ikev2 policy 30 
327.
 encryption 3des 
328.
 integrity sha 
329.
 group 5 2 
330.
 prf sha 
331.
 lifetime seconds 86400 
332.
crypto ikev2 policy 40 
333.
 encryption des 
334.
 integrity sha 
335.
 group 5 2 
336.
 prf sha 
337.
 lifetime seconds 86400 
338.
crypto ikev2 remote-access trustpoint ASDM_TrustPoint0 
339.
crypto ikev1 policy 10 
340.
 authentication crack 
341.
 encryption aes-256 
342.
 hash sha 
343.
 group 2 
344.
 lifetime 86400 
345.
crypto ikev1 policy 20 
346.
 authentication rsa-sig 
347.
 encryption aes-256 
348.
 hash sha 
349.
 group 2 
350.
 lifetime 86400 
351.
crypto ikev1 policy 30 
352.
 authentication pre-share 
353.
 encryption aes-256 
354.
 hash sha 
355.
 group 2 
356.
 lifetime 86400 
357.
crypto ikev1 policy 40 
358.
 authentication crack 
359.
 encryption aes-192 
360.
 hash sha 
361.
 group 2 
362.
 lifetime 86400 
363.
crypto ikev1 policy 50 
364.
 authentication rsa-sig 
365.
 encryption aes-192 
366.
 hash sha 
367.
 group 2 
368.
 lifetime 86400 
369.
crypto ikev1 policy 60 
370.
 authentication pre-share 
371.
 encryption aes-192 
372.
 hash sha 
373.
 group 2 
374.
 lifetime 86400 
375.
crypto ikev1 policy 70 
376.
 authentication crack 
377.
 encryption aes 
378.
 hash sha 
379.
 group 2 
380.
 lifetime 86400 
381.
crypto ikev1 policy 80 
382.
 authentication rsa-sig 
383.
 encryption aes 
384.
 hash sha 
385.
 group 2 
386.
 lifetime 86400 
387.
crypto ikev1 policy 90 
388.
 authentication pre-share 
389.
 encryption aes 
390.
 hash sha 
391.
 group 2 
392.
 lifetime 86400 
393.
crypto ikev1 policy 100 
394.
 authentication crack 
395.
 encryption 3des 
396.
 hash sha 
397.
 group 2 
398.
 lifetime 86400 
399.
crypto ikev1 policy 110 
400.
 authentication rsa-sig 
401.
 encryption 3des 
402.
 hash sha 
403.
 group 2 
404.
 lifetime 86400 
405.
crypto ikev1 policy 120 
406.
 authentication pre-share 
407.
 encryption 3des 
408.
 hash sha 
409.
 group 2 
410.
 lifetime 86400 
411.
crypto ikev1 policy 130 
412.
 authentication crack 
413.
 encryption des 
414.
 hash sha 
415.
 group 2 
416.
 lifetime 86400 
417.
crypto ikev1 policy 140 
418.
 authentication rsa-sig 
419.
 encryption des 
420.
 hash sha 
421.
 group 2 
422.
 lifetime 86400 
423.
crypto ikev1 policy 150 
424.
 authentication pre-share 
425.
 encryption des 
426.
 hash sha 
427.
 group 2 
428.
 lifetime 86400 
429.
telnet ***.250.2.0 255.255.255.0 management 
430.
telnet timeout 5 
431.
ssh stricthostkeycheck 
432.
ssh ***.250.164.0 255.255.255.0 Extern 
433.
ssh ***.250.164.0 255.255.255.0 Intern 
434.
ssh ***.250.2.0 255.255.255.0 management 
435.
ssh ***.16.1.0 255.255.255.0 management 
436.
ssh ***.250.164.0 255.255.255.0 management 
437.
ssh timeout 5 
438.
ssh version 2 
439.
ssh key-exchange group dh-group1-sha1 
440.
console timeout 0 
441.
442.
tls-proxy maximum-session 1000 
443.
444.
threat-detection basic-threat 
445.
threat-detection statistics access-list 
446.
no threat-detection statistics tcp-intercept 
447.
ntp server ***.250.184.185 source Intern prefer 
448.
ssl encryption aes256-sha1 aes128-sha1 3des-sha1 
449.
ssl trust-point VPN_UNI_*******_1 Extern 
450.
ssl trust-point VPN_UNI_*******_1 Intern 
451.
webvpn 
452.
 enable Extern 
453.
 enable Intern 
454.
 anyconnect-essentials 
455.
 anyconnect image disk0:/anyconnect-linux-64-3.1.05170-k9.pkg 5 regex "Linux" 
456.
 anyconnect image disk0:/anyconnect-linux-3.1.05170-k9.pkg 6 regex "Linux" 
457.
 anyconnect image disk0:/anyconnect-macosx-i386-3.1.05170-k9.pkg 7 regex "Intel Mac OS X" 
458.
 anyconnect image disk0:/anyconnect-win-3.1.05170-k9.pkg 8 
459.
 anyconnect profiles VPN2_client_profile disk0:/VPN2_client_profile.xml 
460.
 anyconnect profiles anyconnect_test2_client_profile disk0:/anyconnect_test2_client_profile.xml 
461.
 anyconnect profiles anyconnect_test_client_profile disk0:/anyconnect_test_client_profile.xml 
462.
 anyconnect enable 
463.
 tunnel-group-list enable 
464.
group-policy Web-VPN2 internal 
465.
group-policy Web-VPN2 attributes 
466.
 wins-server none 
467.
 dns-server value ***.250.184.130 ***.250.184.140 
468.
 vpn-tunnel-protocol ssl-client ssl-clientless 
469.
 default-domain value UNI-******* 
470.
 webvpn 
471.
  url-list none 
472.
group-policy DfltGrpPolicy attributes 
473.
 dns-server value ***.250.1.7 ***.250.3.10 
474.
group-policy Web-VPN internal 
475.
group-policy Web-VPN attributes 
476.
 vpn-tunnel-protocol ssl-client ssl-clientless 
477.
 webvpn 
478.
  url-list none 
479.
group-policy GroupPolicy_VPN2 internal 
480.
group-policy GroupPolicy_VPN2 attributes 
481.
 wins-server none 
482.
 dns-server value ***.250.1.7 ***.250.3.10 
483.
 vpn-tunnel-protocol ssl-client  
484.
 split-tunnel-policy tunnelall 
485.
 default-domain value anyconnect.uni-*******.de 
486.
 webvpn 
487.
  anyconnect keep-installer installed 
488.
  anyconnect profiles value VPN2_client_profile type user 
489.
group-policy GroupPolicy1 internal 
490.
group-policy GroupPolicy1 attributes 
491.
 wins-server none 
492.
 dns-server value ***.250.1.7 ***.250.3.10 
493.
 vpn-tunnel-protocol ikev2  
494.
 default-domain value ciscovpn.uni-*******.de 
495.
username username password Dluz2MaMawAkH2q. encrypted privilege 15 
496.
username username attributes 
497.
 vpn-group-policy Web-VPN2 
498.
username ***096 password plZYJRu2KNL1ZEpQ encrypted privilege 15 
499.
username ***096 attributes 
500.
 vpn-group-policy Web-VPN2 
501.
tunnel-group Web-VPN type remote-access 
502.
tunnel-group Web-VPN general-attributes 
503.
 default-group-policy Web-VPN 
504.
tunnel-group Web-VPN2 type remote-access 
505.
tunnel-group Web-VPN2 general-attributes 
506.
 address-pool 237 
507.
 default-group-policy Web-VPN2 
508.
tunnel-group VPN2 type remote-access 
509.
tunnel-group VPN2 general-attributes 
510.
 address-pool 237 
511.
 default-group-policy GroupPolicy_VPN2 
512.
tunnel-group VPN2 webvpn-attributes 
513.
 group-alias VPN2 disable 
514.
tunnel-group UNI-******* type remote-access 
515.
tunnel-group UNI-******* general-attributes 
516.
 address-pool 237 
517.
 authentication-server-group RADIUS1 
518.
 default-group-policy GroupPolicy_VPN2 
519.
tunnel-group UNI-******* webvpn-attributes 
520.
 group-alias UNI-******* enable 
521.
522.
523.
524.
policy-map type inspect dns preset_dns_map 
525.
 parameters 
526.
  message-length maximum client auto 
527.
  message-length maximum 512 
528.
529.
prompt hostname context  
530.
no call-home reporting anonymous 
531.
Cryptochecksum:b15de7baad8d0c38e4f688e93573628f 
532.
: end
</code>
Mitglied: Rubyous
03.07.2014 um 15:54 Uhr
Hallo erstmal,

Zeile 495 ist glaube ich noch rauszuzensieren.
Ansonsten würde ich auf eine Access Rule tippen oder evtl. auf eine Gruppenzuteilung der VPN-Verbindung(en). Ab Zeile 451 sieht das nach 2 VPN-Konfigurationen ein (464. group-policy Web-VPN2 internal ).

Sorry aber so spontan kann ich den Fehler dabei auch nicht erblicken. Kämpfe aktuell auch etwas mit VPNs über ASAs rum.

Grüße,

Rubyous
Bitte warten ..
Mitglied: edgar.tob
07.07.2014 um 15:46 Uhr
Hat sich erstmal erledigt. Ich habe nochmal etwas am Routing gedreht. Jetzt funktioniert die Kiste erstmal soweit.
Bitte warten ..
Neuester Wissensbeitrag
Humor (lol)

Linkliste für Adventskalender

(3)

Information von nikoatit zum Thema Humor (lol) ...

Ähnliche Inhalte
LAN, WAN, Wireless
gelöst Cisco hinter Fritz!box, vom VLAN kein Internet (3)

Frage von PharIT zum Thema LAN, WAN, Wireless ...

LAN, WAN, Wireless
Cisco ASA Priority Queue via ACL (2)

Frage von maxmax zum Thema LAN, WAN, Wireless ...

LAN, WAN, Wireless
gelöst Cisco ASA hinter Router mit NAT (2)

Frage von maxmax zum Thema LAN, WAN, Wireless ...

Heiß diskutierte Inhalte
Router & Routing
gelöst Ipv4 mieten (22)

Frage von homermg zum Thema Router & Routing ...

Windows Server
DHCP Server switchen (20)

Frage von M.Marz zum Thema Windows Server ...

Exchange Server
gelöst Exchange 2010 Berechtigungen wiederherstellen (20)

Frage von semperf1delis zum Thema Exchange Server ...

Hardware
gelöst Negative Erfahrungen LAN-Karten (19)

Frage von MegaGiga zum Thema Hardware ...