
Welcome,
Guest
|
TOPIC: adding a LAN port for WLAN (internet) traffic.
adding a LAN port for WLAN (internet) traffic. 7 years 5 months ago #37348
Hi Guys,
I cannot get my WLAN port to access the internet. What am I mssing? Thanx in advance! Quen The config: : Saved : ASA Version 8.4(2) ! hostname ciscoasa2 domain-name unknown.lo enable password xxxxxxx encrypted passwd xxxxxxx encrypted names ! interface Ethernet0/0 switchport access vlan 2 ! interface Ethernet0/1 ! interface Ethernet0/2 ! interface Ethernet0/3 ! interface Ethernet0/4 ! interface Ethernet0/5 ! interface Ethernet0/6 ! interface Ethernet0/7 switchport access vlan 12 ! interface Vlan1 nameif inside security-level 100 ip address 192.168.135.253 255.255.255.0 ! interface Vlan2 nameif outside security-level 0 ip address xx.xx.xx.130 255.255.255.248 ! interface Vlan12 nameif WIFI security-level 50 ip address 192.168.131.253 255.255.255.0 ! boot system disk0:/asa842-k8.bin ftp mode passive dns domain-lookup inside dns domain-lookup outside dns domain-lookup WIFI dns server-group DefaultDNS name-server xxxxxxxxxxxxxx name-server xxxxxxxxxxxxxx name-server 192.168.135.12 name-server 192.168.135.16 domain-name winbase.local same-security-traffic permit inter-interface same-security-traffic permit intra-interface object network obj-192.168.135.0 subnet 192.168.135.0 255.255.255.0 object network obj-10.10.1.0 subnet 10.10.1.0 255.255.255.0 object network obj-192.168.135.17 host 192.168.135.17 object network obj-192.168.135.17-01 host 192.168.135.17 object network obj-192.168.135.3 host 192.168.135.3 object network obj-192.168.135.13 host 192.168.135.13 object network obj-192.168.135.13-01 host 192.168.135.13 object network obj_any subnet 0.0.0.0 0.0.0.0 object network NETWORK_OBJ_192.168.135.0_24 subnet 192.168.135.0 255.255.255.0 object network obj-192.168.135.5 host 192.168.135.5 description FTP object network 192.168.135.5 host 192.168.135.5 description 192.168.135.5 object-group protocol TCPUDP protocol-object udp protocol-object tcp access-list outside_access_out extended permit tcp any any eq www access-list outside_access_out extended permit tcp any any eq https access-list outside_access_out extended permit object-group TCPUDP any any eq domain access-list outside_access_out extended permit tcp any any eq 3389 access-list outside_access_out remark DNS access-list outside_access_out remark Remote Desktop Protocol access-list outside_access_out extended permit tcp any any eq smtp access-list outside_access_out extended permit tcp any any eq 8890 access-list outside_access_out remark FTP access-list outside_access_out extended permit tcp any any eq ftp-data access-list outside_access_out remark FTP access-list outside_access_out extended permit tcp any any eq ftp access-list outside_access_out remark SSH tbv CarePartners of SFTP access-list outside_access_out extended permit tcp any any eq ssh access-list outside_access_out remark PPTP VPN. access-list outside_access_out extended permit tcp any any eq pptp access-list outside_access_out extended permit tcp any any eq 2901 access-list outside_access_out remark SVN (Incura) access-list outside_access_out extended permit tcp any any eq 8443 access-list outside_access_out extended permit tcp any any eq 8080 access-list outside_access_out remark L2TP VPN. access-list outside_access_out extended permit tcp any any eq 1701 access-list outside_access_out remark email Annelies. access-list outside_access_out extended permit tcp any any eq pop3 access-list outside_access_out remark Boekhouding Hoge Waerder RDP access-list outside_access_out extended permit tcp any any eq 11135 access-list outside_access_out remark Cisco L2TP verbinding eis. access-list outside_access_out extended permit udp any any eq isakmp access-list outside_access_out remark Cisco L2TP verbinding eis. access-list outside_access_out extended permit udp any any eq 4500 access-list outside_access_out remark Vital Health Kerio VPN access-list outside_access_out extended permit tcp any any eq 4090 access-list outside_access_out remark Vital Health Kerio VPN access-list outside_access_out extended permit udp any any eq 4090 access-list outside_access_out extended permit icmp any any echo access-list outside_access_out extended permit gre any any access-list outside_access_out extended permit esp any any access-list outside_access_in remark http access-list outside_access_in extended permit tcp any any eq www access-list outside_access_in remark https access-list outside_access_in extended permit tcp any any eq https access-list outside_access_in remark naar WBG-VENUS access-list outside_access_in extended permit tcp any interface outside eq https access-list outside_access_in remark Inkomende Email access-list outside_access_in extended permit tcp any interface outside eq smtp access-list outside_access_in remark SVN (incura) access-list outside_access_in extended permit tcp any any eq 8443 access-list outside_access_in remark Source Off Site (SOS) access-list outside_access_in extended permit tcp any any eq 8080 access-list outside_access_in remark Incura TEST Website access-list outside_access_in extended permit tcp any any eq 50000 access-list outside_access_in extended permit gre any any access-list outside_access_in extended permit esp any any access-list outside_access_in extended permit udp any any eq isakmp access-list inside_nat0_outbound extended permit ip any 192.168.135.0 255.255.255.0 access-list inside_nat0_outbound remark DD VPN access-list inside_nat0_outbound extended permit ip 192.168.135.0 255.255.255.0 10.10.1.0 255.255.255.0 access-list Local_LAN_Access standard permit 192.168.135.0 255.255.255.0 access-list http-list2 extended permit tcp any host xxxxxxxxxxxxx access-list http-list2 extended permit tcp any host 87.233.171.160 access-list http-list2 extended permit tcp any xxxxxxxxxxxxx 255.255.255.248 access-list winbase2_splitTunnelAcl_2 standard permit 192.168.135.0 255.255.255.0 access-list winbase2_splitTunnelAcl standard permit any ! tcp-map mss-map ! pager lines 24 logging enable logging asdm informational mtu inside 1500 mtu outside 1500 mtu WIFI 1500 ip local pool winbase 192.168.135.120-192.168.135.128 mask 255.255.255.0 no failover icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-645.bin no asdm history enable arp timeout 14400 nat (inside,outside) source static any any destination static NETWORK_OBJ_192.168.135.0_24 NETWORK_OBJ_192.168.135.0_24 no-proxy-arp route-lookup ! object network obj-192.168.135.17 nat (inside,outside) static interface service tcp 8443 8443 object network obj-192.168.135.17-01 nat (inside,outside) static interface service tcp 8080 8080 object network obj-192.168.135.3 nat (inside,outside) static interface service tcp 50000 50000 object network obj-192.168.135.13 nat (inside,outside) static interface service tcp smtp smtp object network obj_any nat (inside,outside) dynamic interface access-group outside_access_in in interface outside access-group outside_access_out out interface outside route outside 0.0.0.0 0.0.0.0 95.97.48.129 255 route inside 192.168.136.0 255.255.255.0 192.168.135.231 1 route inside 192.168.138.0 255.255.255.0 192.168.135.231 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 dynamic-access-policy-record DfltAccessPolicy aaa-server LDAP protocol ldap aaa-server LDAP (inside) host 192.168.135.12 ldap-base-dn dc=winbase, dc=local ldap-scope subtree ldap-naming-attribute sAMAccountName ldap-login-password ***** ldap-login-dn cn=administrator, cn=users, dc=winbase, dc=local server-type microsoft user-identity default-domain LOCAL http server enable http 192.168.135.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart auth-prompt prompt LET OP! Gebruik je domein gebruikersnaam en wachtwoord. crypto ipsec ikev1 transform-set TRANS_ESP_AES-256_SHA esp-aes-256 esp-sha-hmac crypto ipsec ikev1 transform-set TRANS_ESP_AES-256_SHA mode transport crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac crypto ipsec ikev2 ipsec-proposal DES protocol esp encryption des protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal 3DES protocol esp encryption 3des protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES protocol esp encryption aes protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES192 protocol esp encryption aes-192 protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES256 protocol esp encryption aes-256 protocol esp integrity sha-1 md5 crypto dynamic-map outside_dyn_map 20 set pfs crypto dynamic-map outside_dyn_map 20 set ikev1 transform-set ESP-AES-128-SHA crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP crypto map outside_map interface outside crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP crypto map inside_map interface inside crypto ca trustpoint _SmartCallHome_ServerCA crl configure crypto ca trustpoint ASDM_TrustPoint0 enrollment self subject-name CN=ciscoasa2 proxy-ldc-issuer crl configure crypto ca certificate chain _SmartCallHome_ServerCA certificate ca quit crypto ca certificate chain ASDM_TrustPoint0 certificate 914b544e quit crypto ikev2 policy 1 encryption aes-256 integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 10 encryption aes-192 integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 20 encryption aes integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 30 encryption 3des integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 40 encryption des integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 enable inside client-services port 443 crypto ikev2 enable outside client-services port 443 crypto ikev2 remote-access trustpoint ASDM_TrustPoint0 crypto ikev1 enable inside crypto ikev1 enable outside crypto ikev1 ipsec-over-tcp port 10000 crypto ikev1 policy 10 authentication pre-share encryption aes-256 hash sha group 5 lifetime 86400 crypto ikev1 policy 30 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 crypto ikev1 policy 50 authentication pre-share encryption aes hash sha group 5 lifetime 86400 telnet 192.168.135.14 255.255.255.255 inside telnet timeout 5 ssh timeout 5 console timeout 0 dhcpd address 192.168.131.100-192.168.131.200 WIFI dhcpd dns xxxxxxxxxx xxxxxxxxxxx interface WIFI dhcpd enable WIFI ! threat-detection basic-threat threat-detection statistics host threat-detection statistics port threat-detection statistics protocol threat-detection statistics access-list no threat-detection statistics tcp-intercept ssl trust-point ASDM_TrustPoint0 outside ssl trust-point ASDM_TrustPoint0 inside webvpn enable inside enable outside anyconnect image disk0:/anyconnect-dart-win-2.5.3054-k9.pkg 1 anyconnect profiles WinBaseAny_client_profile disk0:/WinBaseAny_client_profile.xml anyconnect enable tunnel-group-list enable group-policy GroupPolicy_WinBaseAny internal group-policy GroupPolicy_WinBaseAny attributes wins-server none dns-server value 192.168.135.12 192.168.135.16 vpn-tunnel-protocol ikev2 ssl-client default-domain value winbase.local webvpn anyconnect profiles value WinBaseAny_client_profile type user group-policy winbase2 internal group-policy winbase2 attributes dns-server value 192.168.135.12 192.168.135.16 vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec split-tunnel-policy tunnelspecified split-tunnel-network-list value Local_LAN_Access default-domain value winbase.local username Quentin password q9jYlNNf8JCUNrdq encrypted tunnel-group DefaultRAGroup ipsec-attributes ikev1 pre-shared-key ***** tunnel-group DefaultRAGroup ppp-attributes authentication ms-chap-v2 tunnel-group winbase2 type remote-access tunnel-group winbase2 general-attributes address-pool winbase authentication-server-group LDAP default-group-policy winbase2 tunnel-group winbase2 ipsec-attributes ikev1 pre-shared-key ***** tunnel-group 195.93.224.30 type ipsec-l2l tunnel-group 195.93.224.30 ipsec-attributes ikev1 pre-shared-key ***** tunnel-group WinBaseAny type remote-access tunnel-group WinBaseAny general-attributes address-pool winbase authentication-server-group LDAP default-group-policy GroupPolicy_WinBaseAny tunnel-group WinBaseAny webvpn-attributes group-alias WinBaseAny enable ! class-map global-class match default-inspection-traffic class-map inspection_default match default-inspection-traffic class-map http-map1 match access-list http-list2 ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect h323 ras inspect rsh inspect rtsp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect ftp inspect pptp inspect ipsec-pass-thru inspect ip-options policy-map global-policy class global-class inspect ftp inspect h323 ras inspect ipsec-pass-thru inspect netbios inspect pptp inspect rsh inspect rtsp inspect sip inspect skinny inspect sqlnet inspect sunrpc inspect tftp inspect xdmcp class class-default user-statistics accounting policy-map http-map1 class http-map1 set connection advanced-options mss-map ! service-policy global-policy global service-policy http-map1 interface outside prompt hostname context call-home reporting anonymous call-home profile CiscoTAC-1 no active destination address http tools.cisco.com/its/service/oddce/services/DDCEService destination address email This email address is being protected from spambots. You need JavaScript enabled to view it. destination transport-method http subscribe-to-alert-group diagnostic subscribe-to-alert-group environment subscribe-to-alert-group inventory periodic monthly subscribe-to-alert-group configuration periodic monthly subscribe-to-alert-group telemetry periodic daily Cryptochecksum: : end asdm image disk0:/asdm-645.bin no asdm history enable |
|
Time to create page: 0.108 seconds