Skip navigation
Cisco Learning Home > CCSP Study Group > Discussions
This Question is Answered 2 Helpful Answers available (2 pts)
2902 Views 2 Replies Latest reply: Apr 16, 2012 7:45 AM by Warren Sullivan - CCNP RSS

Currently Being Moderated

Site to Site VPN with Digital Certificates

Apr 14, 2012 11:19 PM

Warren Sullivan - CCNP 934 posts since
Jun 4, 2010

Hi guys,
Im setting up a lab in GNS3 as per below pic and im really hoping you can lend me a hand with getting this lab up an running.....please ask if you need screenies or outputs from any device.....

forcln.jpg

I have set up a Vbox Win 2003 server and all the ASA's have the CA's Cert and their own Identity Cert, but when i bring up the VPN by pinging from host 1 to host 3 i get nothing, no isakmp sa, i get an error in debug(at very bottom of post), i have been following Jeremy C's Video in the SNAA series....below are the configs of Brisbane and Melbourne and below that the debug i get from BrisbaneASA.....please help, my aim is to get this working and dicect the config to work out whats going on....all the config has been done via the ASDM as you can see, including the IPSEC Site to Site VPN......

 

By the way, im loving this stuff, i think ive found my true passion....security!

 

CA.jpg

thanks heaps in advance.....

BrisbaneASA# sh run

: Saved

:

ASA Version 8.0(2)

!

hostname BrisbaneASA

enable password 8Ry2YjIyt7RRXU24 encrypted

names

!

interface Ethernet0/0

nameif outside

security-level 0

ip address 1.1.1.1 255.255.255.0

!

interface Ethernet0/1

shutdown

no nameif

no security-level

no ip address

!

interface Ethernet0/2

shutdown

no nameif

no security-level

no ip address

!

interface Ethernet0/3

shutdown

no nameif

no security-level

no ip address

!

interface Ethernet0/4

shutdown

no nameif

no security-level

no ip address

!

interface Ethernet0/5

nameif inside

security-level 100

ip address 192.168.1.254 255.255.255.0

!

passwd 2KFQnbNIdI.2KYOU encrypted

ftp mode passive

access-list inbound_icmp extended permit icmp host 1.1.1.2 any

access-list inbound_icmp extended permit icmp host 1.1.1.3 any

access-list inbound_icmp extended permit icmp host 1.1.1.50 any

access-list outside_1_cryptomap extended permit ip 192.168.1.0 255.255.255.0 10.0.0.0 255.255.255.0

access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 10.0.0.0 255.255.255.0

pager lines 24

mtu outside 1500

mtu inside 1500

no failover

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-603.bin

no asdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 0 access-list inside_nat0_outbound

nat (inside) 1 192.168.1.0 255.255.255.0

access-group inbound_icmp in interface outside

route outside 0.0.0.0 0.0.0.0 1.1.1.50 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout uauth 0:05:00 absolute

dynamic-access-policy-record DfltAccessPolicy

http server enable

http 1.1.1.50 255.255.255.255 outside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac

crypto map outside_map 1 match address outside_1_cryptomap

crypto map outside_map 1 set pfs

crypto map outside_map 1 set peer 1.1.1.3

crypto map outside_map 1 set transform-set ESP-DES-SHA

crypto map outside_map 1 set trustpoint ASDM_TrustPoint5

crypto map outside_map interface outside

crypto ca trustpoint ASDM_TrustPoint0

enrollment url http://1.1.1.50:80/certsrv/mscep/mscep.dll

crl configure

crypto ca trustpoint ASDM_TrustPoint1

enrollment url http://1.1.1.50:80/certsrv/mscep/mscep.dll

crl configure

crypto ca trustpoint ASDM_TrustPoint2

enrollment url http://1.1.1.50:80/certsrv/mscep/mscep.dll

crl configure

crypto ca trustpoint ASDM_TrustPoint3

enrollment url http://1.1.1.50:80/certsrv/mscep/mscep.dll

crl configure

crypto ca trustpoint ASDM_TrustPoint4

enrollment url http://1.1.1.50:80/certsrv/mscep/mscep.dll

crl configure

crypto ca trustpoint ASDM_TrustPoint5

enrollment url http://1.1.1.50:80/certsrv/mscep/mscep.dll

fqdn BrisbaneASA

subject-name CN=BrisbaneASA

password *

keypair VPN

no client-types

crl configure

crypto ca certificate chain ASDM_TrustPoint4

certificate ca 57bffcff096dcbb94d3f61676b5973fd

    30820366 3082024e a0030201 02021057 bffcff09 6dcbb94d 3f61676b 5973fd30

    0d06092a 864886f7 0d010105 0500300f 310d300b 06035504 0313044d 79434130

    1e170d31 32303431 35323035 3534345a 170d3137 30343135 32313034 33385a30

    0f310d30 0b060355 04031304 4d794341 30820122 300d0609 2a864886 f70d0101

    01050003 82010f00 3082010a 02820101 00cb7ad5 8ba1fcd0 ffe5ad2b 61427eb2

    eeee9da4 d3288e90 e608613f d74e42cb e48458c4 963f03bb 0baab0dd 22e02493

    a5c69def 3f336d09 be4e331c 29e86c1b 32be8eb1 f92a669b c1595503 7cbefe6c

    d3b141f4 fef8c30d b9685900 3660c883 6d17df89 0b7908b9 559be9a4 25d88100

    cfe3b39c 39dc53c2 1e48e27d 228288ee 5105ad66 6e847223 1f5d8659 d18cb55d

    d0dc485d 4e47b6f5 c5d3f571 999a7b6a e8335919 532a40f2 1c7494d3 b4c3fcfb

    2fe09dc6 e4a0aeeb ddc6f8da 08c62c03 26eea554 c2e1165c 39d83861 7fc4a058

    0750c6cd aba512de 74658e30 c5faeb0e 18aa1729 8ec68de1 b695e9fa 24ebfe34

    70a3799a 0dea3981 f3649d5d 005f0e7f 61020301 0001a381 bd3081ba 300b0603

    551d0f04 04030201 86300f06 03551d13 0101ff04 05300301 01ff301d 0603551d

    0e041604 14079849 79b3c049 1e2749bd 71f2ebd8 9f51e9ca df306906 03551d1f

    04623060 305ea05c a05a862a 68747470 3a2f2f63 612d3061 66613766 35383730

    36382f43 65727445 6e726f6c 6c2f4d79 43412e63 726c862c 66696c65 3a2f2f5c

    5c63612d 30616661 37663538 37303638 5c436572 74456e72 6f6c6c5c 4d794341

    2e63726c 30100609 2b060104 01823715 01040302 0100300d 06092a86 4886f70d

    01010505 00038201 01001b69 4fa35ab1 325052f3 1b45c8a8 14ec1fe8 f67b9ffc

    cb5c0a00 10b3f29f c2e10b9c 02d13ca3 35712df3 d2ac610a c1414574 0833d602

    8e068774 799886ec bf49cf96 9e054b14 9c362935 a698bdd7 fc3a23ba dbc2211f

    2ef1caf1 b74ded06 cf043379 6239a702 26165227 6ebabdc5 34ec172d 0c71b501

    0c3e0ef1 474b0533 4a85e49f 52b41291 70f5bf61 5a05eb50 d2a6db87 7bfd94d6

    edce97b5 acb629e3 876e1b61 0866926d 9071f9ab 5863265c ee42797b a7858bae

    5bbbad77 b495507f 86d314a9 e99481dc 0cd50563 833dfe87 7bd6ea99 7380c4e0

    9498a078 07b93822 3a664e6b b691e4fa 053dcbbc 68ea0922 5eb1d4df 5db87097

    931af608 b1c26426 ec5f

  quit

crypto ca certificate chain ASDM_TrustPoint5

certificate 6111c94e000000000004

    308203fd 308202e5 a0030201 02020a61 11c94e00 00000000 04300d06 092a8648

    86f70d01 01050500 300f310d 300b0603 55040313 044d7943 41301e17 0d313230

    34313832 31303931 325a170d 31333034 31383231 31393132 5a303231 1a301806

    092a8648 86f70d01 0902130b 42726973 62616e65 41534131 14301206 03550403

    130b4272 69736261 6e654153 4130819f 300d0609 2a864886 f70d0101 01050003

    818d0030 81890281 8100e253 86458882 d5c41b09 a6c6666d 37a08819 5d33dc3a

    a34d37a1 b38eac12 67760cd2 4442fbd1 3b5892f3 a5c9fa5d d00e8462 6b75511c

    23869d52 3af3473d 832f25df 836fe6b8 fcce793c 5c8b8d8d 439dcc70 309d0530

    5efbe1c2 9bd769c3 4eaf4421 1c9ed8bd 48cdf185 d179cf2f 31fe9ba0 7bfda83b

    23be049b 2c4e9fc7 36150203 010001a3 8201ba30 8201b630 0b060355 1d0f0404

    030205a0 30160603 551d1104 0f300d82 0b427269 7362616e 65415341 301d0603

    551d0e04 160414c5 8d989c12 b226c902 612c08c0 71b31ff2 8acd2d30 1f060355

    1d230418 30168014 07984979 b3c0491e 2749bd71 f2ebd89f 51e9cadf 30690603

    551d1f04 62306030 5ea05ca0 5a862a68 7474703a 2f2f6361 2d306166 61376635

    38373036 382f4365 7274456e 726f6c6c 2f4d7943 412e6372 6c862c66 696c653a

    2f2f5c5c 63612d30 61666137 66353837 3036385c 43657274 456e726f 6c6c5c4d

    7943412e 63726c30 81a20608 2b060105 05070101 04819530 81923046 06082b06

    01050507 3002863a 68747470 3a2f2f63 612d3061 66613766 35383730 36382f43

    65727445 6e726f6c 6c2f6361 2d306166 61376635 38373036 385f4d79 43412e63

    72743048 06082b06 01050507 3002863c 66696c65 3a2f2f5c 5c63612d 30616661

    37663538 37303638 5c436572 74456e72 6f6c6c5c 63612d30 61666137 66353837

    3036385f 4d794341 2e637274 303f0609 2b060104 01823714 0204321e 30004900

    50005300 45004300 49006e00 74006500 72006d00 65006400 69006100 74006500

    4f006600 66006c00 69006e00 65300d06 092a8648 86f70d01 01050500 03820101

    0048dfaa 692a73fa daa650b1 f7729fbf 7cce9645 1a0d906b 96fea130 20a141d2

    3b9972b7 518a96c9 54924dca e90d9710 31af06cc 320d0b7c 98f7e2e6 13470fb8

    0efb31a3 bba4e712 c8ecac9f 7a8ce51a 263479cb 172ae0c9 bbfcbab9 589ebdae

    49a45dd9 a69f1c06 20a58a5a 733a7af2 4d1cd169 45647821 8a4881c3 11021fd6

    8dd0ded1 14590441 d489766a f0ebc0f6 16a8b212 1baa40bf 5221da68 4877dcee

    2c01ff22 877cc4f8 5f8bc728 e4c5f722 70879887 1c000fee 2bd6be5c 5a44d20b

    20e018ea 2cbc40c5 74b6a900 d9f2637f db0687b2 a87f095e ce8e6b63 5092b0df

    079e3e6f 736c05c6 6d427787 aa4b8e10 1643a128 643a5fa0 a98915d8 6e601ee7 55

  quit

certificate ca 57bffcff096dcbb94d3f61676b5973fd

    30820366 3082024e a0030201 02021057 bffcff09 6dcbb94d 3f61676b 5973fd30

    0d06092a 864886f7 0d010105 0500300f 310d300b 06035504 0313044d 79434130

    1e170d31 32303431 35323035 3534345a 170d3137 30343135 32313034 33385a30

    0f310d30 0b060355 04031304 4d794341 30820122 300d0609 2a864886 f70d0101

    01050003 82010f00 3082010a 02820101 00cb7ad5 8ba1fcd0 ffe5ad2b 61427eb2

    eeee9da4 d3288e90 e608613f d74e42cb e48458c4 963f03bb 0baab0dd 22e02493

    a5c69def 3f336d09 be4e331c 29e86c1b 32be8eb1 f92a669b c1595503 7cbefe6c

    d3b141f4 fef8c30d b9685900 3660c883 6d17df89 0b7908b9 559be9a4 25d88100

    cfe3b39c 39dc53c2 1e48e27d 228288ee 5105ad66 6e847223 1f5d8659 d18cb55d

    d0dc485d 4e47b6f5 c5d3f571 999a7b6a e8335919 532a40f2 1c7494d3 b4c3fcfb

    2fe09dc6 e4a0aeeb ddc6f8da 08c62c03 26eea554 c2e1165c 39d83861 7fc4a058

    0750c6cd aba512de 74658e30 c5faeb0e 18aa1729 8ec68de1 b695e9fa 24ebfe34

    70a3799a 0dea3981 f3649d5d 005f0e7f 61020301 0001a381 bd3081ba 300b0603

    551d0f04 04030201 86300f06 03551d13 0101ff04 05300301 01ff301d 0603551d

    0e041604 14079849 79b3c049 1e2749bd 71f2ebd8 9f51e9ca df306906 03551d1f

    04623060 305ea05c a05a862a 68747470 3a2f2f63 612d3061 66613766 35383730

    36382f43 65727445 6e726f6c 6c2f4d79 43412e63 726c862c 66696c65 3a2f2f5c

    5c63612d 30616661 37663538 37303638 5c436572 74456e72 6f6c6c5c 4d794341

    2e63726c 30100609 2b060104 01823715 01040302 0100300d 06092a86 4886f70d

    01010505 00038201 01001b69 4fa35ab1 325052f3 1b45c8a8 14ec1fe8 f67b9ffc

    cb5c0a00 10b3f29f c2e10b9c 02d13ca3 35712df3 d2ac610a c1414574 0833d602

    8e068774 799886ec bf49cf96 9e054b14 9c362935 a698bdd7 fc3a23ba dbc2211f

    2ef1caf1 b74ded06 cf043379 6239a702 26165227 6ebabdc5 34ec172d 0c71b501

    0c3e0ef1 474b0533 4a85e49f 52b41291 70f5bf61 5a05eb50 d2a6db87 7bfd94d6

    edce97b5 acb629e3 876e1b61 0866926d 9071f9ab 5863265c ee42797b a7858bae

    5bbbad77 b495507f 86d314a9 e99481dc 0cd50563 833dfe87 7bd6ea99 7380c4e0

    9498a078 07b93822 3a664e6b b691e4fa 053dcbbc 68ea0922 5eb1d4df 5db87097

    931af608 b1c26426 ec5f

  quit

crypto isakmp enable outside

crypto isakmp policy 10

authentication rsa-sig

encryption des

hash sha

group 2

lifetime 86400

telnet timeout 5

ssh timeout 5

console timeout 0

threat-detection basic-threat

threat-detection statistics access-list

!

!

username qqqq password DSgH0g93UD4kToYq encrypted privilege 15

tunnel-group 1.1.1.3 type ipsec-l2l

tunnel-group 1.1.1.3 ipsec-attributes

trust-point ASDM_TrustPoint5

prompt hostname context

Cryptochecksum:66086eaa80476a4c469c33c1ce4512ab

: end

BrisbaneASA#

 

MelbourneASA# sh run

: Saved

:

ASA Version 8.0(2)

!

hostname MelbourneASA

enable password 8Ry2YjIyt7RRXU24 encrypted

names

!

interface Ethernet0/0

nameif outside

security-level 0

ip address 1.1.1.3 255.255.255.0

!

interface Ethernet0/1

shutdown

no nameif

no security-level

no ip address

!

interface Ethernet0/2

shutdown

no nameif

no security-level

no ip address

!

interface Ethernet0/3

shutdown

no nameif

no security-level

no ip address

!

interface Ethernet0/4

shutdown

no nameif

no security-level

no ip address

!

interface Ethernet0/5

nameif inside

security-level 100

ip address 10.0.0.254 255.255.255.0

!

passwd 2KFQnbNIdI.2KYOU encrypted

ftp mode passive

access-list inbound_icmp extended permit icmp host 1.1.1.1 any

access-list inbound_icmp extended permit icmp host 1.1.1.2 any

access-list inbound_icmp extended permit icmp host 1.1.1.50 any

access-list outside_1_cryptomap extended permit ip 10.0.0.0 255.255.255.0 192.168.1.0 255.255.255.0

access-list inside_nat0_outbound extended permit ip 10.0.0.0 255.255.255.0 192.168.1.0 255.255.255.0

pager lines 24

mtu inside 1500

mtu outside 1500

no failover

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-603.bin

no asdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 0 access-list inside_nat0_outbound

nat (inside) 1 10.0.0.0 255.255.255.0

access-group inbound_icmp in interface outside

route outside 0.0.0.0 0.0.0.0 1.1.1.50 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout uauth 0:05:00 absolute

dynamic-access-policy-record DfltAccessPolicy

http server enable

http 1.1.1.50 255.255.255.255 outside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac

crypto map outside_map 1 match address outside_1_cryptomap

crypto map outside_map 1 set pfs

crypto map outside_map 1 set peer 1.1.1.1

crypto map outside_map 1 set transform-set ESP-DES-SHA

crypto map outside_map 1 set trustpoint ASDM_TrustPoint1

crypto map outside_map interface outside

crypto ca trustpoint ASDM_TrustPoint0

enrollment url http://1.1.1.50:80/certsrv/mscep/mscep.dll

crl configure

crypto ca trustpoint ASDM_TrustPoint1

enrollment url http://1.1.1.50:80/certsrv/mscep/mscep.dll

fqdn MelbourneASA

subject-name CN=MelbourneASA

password *

keypair VPN

no client-types

crl configure

crypto ca certificate chain ASDM_TrustPoint0

certificate ca 57bffcff096dcbb94d3f61676b5973fd

    30820366 3082024e a0030201 02021057 bffcff09 6dcbb94d 3f61676b 5973fd30

    0d06092a 864886f7 0d010105 0500300f 310d300b 06035504 0313044d 79434130

    1e170d31 32303431 35323035 3534345a 170d3137 30343135 32313034 33385a30

    0f310d30 0b060355 04031304 4d794341 30820122 300d0609 2a864886 f70d0101

    01050003 82010f00 3082010a 02820101 00cb7ad5 8ba1fcd0 ffe5ad2b 61427eb2

    eeee9da4 d3288e90 e608613f d74e42cb e48458c4 963f03bb 0baab0dd 22e02493

    a5c69def 3f336d09 be4e331c 29e86c1b 32be8eb1 f92a669b c1595503 7cbefe6c

    d3b141f4 fef8c30d b9685900 3660c883 6d17df89 0b7908b9 559be9a4 25d88100

    cfe3b39c 39dc53c2 1e48e27d 228288ee 5105ad66 6e847223 1f5d8659 d18cb55d

    d0dc485d 4e47b6f5 c5d3f571 999a7b6a e8335919 532a40f2 1c7494d3 b4c3fcfb

    2fe09dc6 e4a0aeeb ddc6f8da 08c62c03 26eea554 c2e1165c 39d83861 7fc4a058

    0750c6cd aba512de 74658e30 c5faeb0e 18aa1729 8ec68de1 b695e9fa 24ebfe34

    70a3799a 0dea3981 f3649d5d 005f0e7f 61020301 0001a381 bd3081ba 300b0603

    551d0f04 04030201 86300f06 03551d13 0101ff04 05300301 01ff301d 0603551d

    0e041604 14079849 79b3c049 1e2749bd 71f2ebd8 9f51e9ca df306906 03551d1f

    04623060 305ea05c a05a862a 68747470 3a2f2f63 612d3061 66613766 35383730

    36382f43 65727445 6e726f6c 6c2f4d79 43412e63 726c862c 66696c65 3a2f2f5c

    5c63612d 30616661 37663538 37303638 5c436572 74456e72 6f6c6c5c 4d794341

    2e63726c 30100609 2b060104 01823715 01040302 0100300d 06092a86 4886f70d

    01010505 00038201 01001b69 4fa35ab1 325052f3 1b45c8a8 14ec1fe8 f67b9ffc

    cb5c0a00 10b3f29f c2e10b9c 02d13ca3 35712df3 d2ac610a c1414574 0833d602

    8e068774 799886ec bf49cf96 9e054b14 9c362935 a698bdd7 fc3a23ba dbc2211f

    2ef1caf1 b74ded06 cf043379 6239a702 26165227 6ebabdc5 34ec172d 0c71b501

    0c3e0ef1 474b0533 4a85e49f 52b41291 70f5bf61 5a05eb50 d2a6db87 7bfd94d6

    edce97b5 acb629e3 876e1b61 0866926d 9071f9ab 5863265c ee42797b a7858bae

    5bbbad77 b495507f 86d314a9 e99481dc 0cd50563 833dfe87 7bd6ea99 7380c4e0

    9498a078 07b93822 3a664e6b b691e4fa 053dcbbc 68ea0922 5eb1d4df 5db87097

    931af608 b1c26426 ec5f

  quit     

crypto ca certificate chain ASDM_TrustPoint1

certificate 61160c35000000000006

    30820400 308202e8 a0030201 02020a61 160c3500 00000000 06300d06 092a8648

    86f70d01 01050500 300f310d 300b0603 55040313 044d7943 41301e17 0d313230

    34313832 31313335 315a170d 31333034 31383231 32333531 5a303431 1b301906

    092a8648 86f70d01 0902130c 4d656c62 6f75726e 65415341 31153013 06035504

    03130c4d 656c626f 75726e65 41534130 819f300d 06092a86 4886f70d 01010105

    0003818d 00308189 02818100 e01a9ee6 38975672 c6d06d3c 996993c0 317d7186

    4cd2ea8b 4ead2741 2e8e4338 09e8df68 c6f45bc9 88038460 62b3c979 f47f2316

    eebeb0fd a1d14bc6 569b7a48 aff79d1d 52d4d414 d108a178 c7abac8f 1b5f703e

    b32ca727 99364e99 bf729f43 a079e4ee 0f441e19 031985b8 00f9a76b a6e32eca

    394f819e b091e6b1 30955e73 02030100 01a38201 bb308201 b7300b06 03551d0f

    04040302 05a03017 0603551d 11041030 0e820c4d 656c626f 75726e65 41534130

    1d060355 1d0e0416 04148fc1 c0e7a8ae e9c476cc e472748d 14f19e47 933f301f

    0603551d 23041830 16801407 984979b3 c0491e27 49bd71f2 ebd89f51 e9cadf30

    69060355 1d1f0462 3060305e a05ca05a 862a6874 74703a2f 2f63612d 30616661

    37663538 37303638 2f436572 74456e72 6f6c6c2f 4d794341 2e63726c 862c6669

    6c653a2f 2f5c5c63 612d3061 66613766 35383730 36385c43 65727445 6e726f6c

    6c5c4d79 43412e63 726c3081 a206082b 06010505 07010104 81953081 92304606

    082b0601 05050730 02863a68 7474703a 2f2f6361 2d306166 61376635 38373036

    382f4365 7274456e 726f6c6c 2f63612d 30616661 37663538 37303638 5f4d7943

    412e6372 74304806 082b0601 05050730 02863c66 696c653a 2f2f5c5c 63612d30

    61666137 66353837 3036385c 43657274 456e726f 6c6c5c63 612d3061 66613766

    35383730 36385f4d 7943412e 63727430 3f06092b 06010401 82371402 04321e30

    00490050 00530045 00430049 006e0074 00650072 006d0065 00640069 00610074

    0065004f 00660066 006c0069 006e0065 300d0609 2a864886 f70d0101 05050003

    82010100 a2b01fab a6e4ad95 26945622 37e63e2f 68c30a98 3ce0894c b77bdaee

    dd425167 63c2c24b 700dfd4b 017abf42 75a83f84 749657a2 ff072cf2 88b5e2bb

    b0f4d732 e4611b84 a593ff9f 7a81b6cc b45ada81 d1561e55 fc5ac9bd bd37bdf9

    9069cc68 e3ca8d46 05e89f64 47bad2e7 bf37ee01 e2a21b41 2b3ce26c 6db3559a

    8dc796b7 122af936 5ad1fb45 ddd18d70 32ad80ce 7c9c411f 6a0ffc5e a7663f5d

    c40d69f6 7b4d790e bd7e2ba6 41b9af00 e2202244 75dab16c 32d69fdd 6d6ea53e

    4e202ece d9171512 387b5b3a eeac80fa becc8e2d 48e404cf ec815f51 acb597a0

    820dfbfe 75bb8c1f e4daadd7 ca0aab6a 6ee4e2a4 f36d32cf 8e848722 33ecf4a5 b38ea00f

  quit

certificate ca 57bffcff096dcbb94d3f61676b5973fd

    30820366 3082024e a0030201 02021057 bffcff09 6dcbb94d 3f61676b 5973fd30

    0d06092a 864886f7 0d010105 0500300f 310d300b 06035504 0313044d 79434130

    1e170d31 32303431 35323035 3534345a 170d3137 30343135 32313034 33385a30

    0f310d30 0b060355 04031304 4d794341 30820122 300d0609 2a864886 f70d0101

    01050003 82010f00 3082010a 02820101 00cb7ad5 8ba1fcd0 ffe5ad2b 61427eb2

    eeee9da4 d3288e90 e608613f d74e42cb e48458c4 963f03bb 0baab0dd 22e02493

    a5c69def 3f336d09 be4e331c 29e86c1b 32be8eb1 f92a669b c1595503 7cbefe6c

    d3b141f4 fef8c30d b9685900 3660c883 6d17df89 0b7908b9 559be9a4 25d88100

    cfe3b39c 39dc53c2 1e48e27d 228288ee 5105ad66 6e847223 1f5d8659 d18cb55d

    d0dc485d 4e47b6f5 c5d3f571 999a7b6a e8335919 532a40f2 1c7494d3 b4c3fcfb

    2fe09dc6 e4a0aeeb ddc6f8da 08c62c03 26eea554 c2e1165c 39d83861 7fc4a058

    0750c6cd aba512de 74658e30 c5faeb0e 18aa1729 8ec68de1 b695e9fa 24ebfe34

    70a3799a 0dea3981 f3649d5d 005f0e7f 61020301 0001a381 bd3081ba 300b0603

    551d0f04 04030201 86300f06 03551d13 0101ff04 05300301 01ff301d 0603551d

    0e041604 14079849 79b3c049 1e2749bd 71f2ebd8 9f51e9ca df306906 03551d1f

    04623060 305ea05c a05a862a 68747470 3a2f2f63 612d3061 66613766 35383730

    36382f43 65727445 6e726f6c 6c2f4d79 43412e63 726c862c 66696c65 3a2f2f5c

    5c63612d 30616661 37663538 37303638 5c436572 74456e72 6f6c6c5c 4d794341

    2e63726c 30100609 2b060104 01823715 01040302 0100300d 06092a86 4886f70d

    01010505 00038201 01001b69 4fa35ab1 325052f3 1b45c8a8 14ec1fe8 f67b9ffc

    cb5c0a00 10b3f29f c2e10b9c 02d13ca3 35712df3 d2ac610a c1414574 0833d602

    8e068774 799886ec bf49cf96 9e054b14 9c362935 a698bdd7 fc3a23ba dbc2211f

    2ef1caf1 b74ded06 cf043379 6239a702 26165227 6ebabdc5 34ec172d 0c71b501

    0c3e0ef1 474b0533 4a85e49f 52b41291 70f5bf61 5a05eb50 d2a6db87 7bfd94d6

    edce97b5 acb629e3 876e1b61 0866926d 9071f9ab 5863265c ee42797b a7858bae

    5bbbad77 b495507f 86d314a9 e99481dc 0cd50563 833dfe87 7bd6ea99 7380c4e0

    9498a078 07b93822 3a664e6b b691e4fa 053dcbbc 68ea0922 5eb1d4df 5db87097

    931af608 b1c26426 ec5f

  quit

crypto isakmp enable outside

crypto isakmp policy 10

authentication rsa-sig

encryption des

hash sha

group 2

lifetime 86400

crypto isakmp policy 65535

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400

telnet timeout 5

ssh timeout 5

console timeout 0

threat-detection basic-threat

threat-detection statistics access-list

!

!

username qqqq password DSgH0g93UD4kToYq encrypted privilege 15

username warren password 8d3z7ttxCec2qN.L encrypted privilege 15

tunnel-group 1.1.1.1 type ipsec-l2l

tunnel-group 1.1.1.1 ipsec-attributes

trust-point ASDM_TrustPoint1

prompt hostname context

Cryptochecksum:ae6245c22c6fa53ffd0119e7f43f9e8d

: end

MelbourneASA#

 

 

BrisbaneASA(config)# Apr 20 00:43:09 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0

Apr 20 00:43:09 [IKEv1]: Initiator failed to open cert context

Apr 20 00:43:09 [IKEv1]: Removing peer from peer table failed, no match!

Apr 20 00:43:09 [IKEv1]: Error: Unable to remove PeerTblEntry

Apr 20 00:43:11 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0

Apr 20 00:43:11 [IKEv1]: Initiator failed to open cert context

Apr 20 00:43:11 [IKEv1]: Removing peer from peer table failed, no match!

Apr 20 00:43:11 [IKEv1]: Error: Unable to remove PeerTblEntry

Apr 20 00:43:13 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0

Apr 20 00:43:13 [IKEv1]: Initiator failed to open cert context

Apr 20 00:43:13 [IKEv1]: Removing peer from peer table failed, no match!

Apr 20 00:43:13 [IKEv1]: Error: Unable to remove PeerTblEntry

Apr 20 00:43:15 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0

Apr 20 00:43:15 [IKEv1]: Initiator failed to open cert context

Apr 20 00:43:15 [IKEv1]: Removing peer from peer table failed, no match!

Apr 20 00:43:15 [IKEv1]: Error: Unable to remove PeerTblEntry

Apr 20 00:43:17 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0

Apr 20 00:43:17 [IKEv1]: Initiator failed to open cert context

Apr 20 00:43:17 [IKEv1]: Removing peer from peer table failed, no match!

Apr 20 00:43:17 [IKEv1]: Error: Unable to remove PeerTblEntry

 

 

BrisbaneASA(config)#

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)