# asa 5055 changed isp



## Nickyd123 (Jul 28, 2015)

here is my old configuration which worked fine. 
: Saved
: Written by enable_15 at 12:04:31.844 EDT Mon Jul 9 2012
!
ASA Version 8.2(5)
!
hostname ALHS-ASA
domain-name workgroup
enable password fnxvIPncUZgxhN0G encrypted
passwd fnxvIPncUZgxhN0G encrypted
names
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan1
nameif inside
security-level 100
ip address 172.20.1.30 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
pppoe client vpdn group ATTDSL
ip address 99.23.221.209 255.255.255.255 pppoe
!
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns server-group DefaultDNS
domain-name workgroup
access-list outside_access_in extended permit icmp any interface outside echo-reply
access-list outside_access_in extended permit icmp any interface outside unreachable
access-list outside_access_in extended permit icmp any interface outside time-exceeded
pager lines 24
logging timestamp
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
icmp permit any unreachable outside
icmp permit 66.162.9.0 255.255.255.0 echo outside
icmp deny any outside
no asdm history enable
arp timeout 14400
nat-control
global (outside) 1 interface
nat (inside) 1 172.20.1.0 255.255.255.0
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 99.23.221.214 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.1.0 255.255.255.0 inside
http 66.162.9.0 255.255.255.0 outside
http 172.20.1.0 255.255.255.0 inside
http 121.243.26.254 255.255.255.255 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set STRONG esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map DYN-MAP 20 set transform-set STRONG
crypto map OUTSIDE-MAP 65300 ipsec-isakmp dynamic DYN-MAP
crypto map OUTSIDE-MAP interface outside
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 1
authentication pre-share
encryption 3des
hash sha
group 1
lifetime 28800
crypto isakmp policy 2
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 28800
crypto isakmp policy 3
authentication pre-share
encryption 3des
hash md5
group 1
lifetime 28800
crypto isakmp policy 4
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 28800
telnet 172.20.1.0 255.255.255.0 inside
telnet timeout 25
ssh 66.162.9.0 255.255.255.0 outside
ssh 121.243.26.254 255.255.255.255 outside
ssh timeout 25
console timeout 0
vpdn group ATTDSL request dialout pppoe
vpdn group ATTDSL localname [email protected]
vpdn group ATTDSL ppp authentication pap
vpdn username [email protected] password uhy947 store-local
dhcpd auto_config outside
!
dhcpd address 172.20.1.100-172.20.1.140 inside
dhcpd dns 172.20.1.30 68.94.156.1 interface inside
dhcpd enable inside
!

threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 129.6.15.29 source outside
ntp server 129.6.15.28 source outside
ntp server 18.145.0.30 source outside
webvpn
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect pptp
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:163867678ccb118043cae9ec08f70abe
: end




here is the new one with the new gateway and new static. i also cant get asdm anymore. I would greatly appreciate anyones help with this matter, thank you ahead of time


----------



## Nickyd123 (Jul 28, 2015)

: Saved
:
ASA Version 8.2(5)
!
hostname ALHS-ASA
domain-name workgroup


names
name 10.88.6.0 Etrans-NET
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan1
nameif inside
security-level 100
ip address 172.20.1.30 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
pppoe client vpdn group ATTDSL
ip address 97.87.246.86 255.255.252.0 pppoe
!
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns server-group DefaultDNS
domain-name workgroup
access-list outside_access_in extended permit icmp any interface outside echo-reply
access-list outside_access_in extended permit icmp any interface outside unreachable
access-list outside_access_in extended permit icmp any interface outside time-exceeded
access-list InsideGlobal-2-Etrans extended permit ip 172.20.1.0 255.255.255.0 Etrans-NET 255.255.255.0
access-list NoNAT extended permit ip 172.20.1.0 255.255.255.0 Etrans-NET 255.255.255.0
pager lines 24
logging timestamp
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
icmp permit any unreachable outside
icmp permit 66.162.9.0 255.255.255.0 echo outside
icmp deny any outside
no asdm history enable
arp timeout 14400
nat-control
global (outside) 1 interface
nat (inside) 0 access-list NoNAT
nat (inside) 1 172.20.1.0 255.255.255.0
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 97.87.246.85 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.1.0 255.255.255.0 inside
http 66.162.9.0 255.255.255.0 outside
http 172.20.1.0 255.255.255.0 inside
http 121.243.26.254 255.255.255.255 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set STRONG esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map DYN-MAP 20 set transform-set STRONG
crypto map OUTSIDE-MAP 1 match address InsideGlobal-2-Etrans
crypto map OUTSIDE-MAP 1 set peer 66.203.81.2
crypto map OUTSIDE-MAP 1 set transform-set STRONG
crypto map OUTSIDE-MAP 65300 ipsec-isakmp dynamic DYN-MAP
crypto map OUTSIDE-MAP interface outside
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 1
authentication pre-share
encryption 3des
hash sha
group 1
lifetime 28800
crypto isakmp policy 2
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 28800
crypto isakmp policy 3
authentication pre-share
encryption 3des
hash md5
group 1
lifetime 28800
crypto isakmp policy 4
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 28800
telnet 172.20.1.0 255.255.255.0 inside
telnet timeout 25
ssh 66.162.9.0 255.255.255.0 outside
ssh 121.243.26.254 255.255.255.255 outside
ssh timeout 25
console timeout 0
vpdn group ATTDSL request dialout pppoe
vpdn group ATTDSL localname [email protected]
vpdn group ATTDSL ppp authentication pap
vpdn username [email protected] password uhy947 store-local
dhcpd auto_config outside
!
dhcpd address 172.20.1.100-172.20.1.140 inside
dhcpd dns 172.20.1.30 68.94.156.1 interface inside
dhcpd enable inside
!

threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 129.6.15.29 source outside
ntp server 129.6.15.28 source outside
ntp server 18.145.0.30 source outside
webvpn
tunnel-group 66.203.81.2 type ipsec-l2l
tunnel-group 66.203.81.2 ipsec-attributes
pre-shared-key Etrans#3Saginaw
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect pptp


----------



## MitchConner (May 8, 2015)

Is it inside or outside you're trying to get asdm access on mate?


----------



## Nickyd123 (Jul 28, 2015)

on inside, via ethernet cable, but my biggest concern is why im not getting connectivity with it when all i did was change isp's and set the new gateway except for that att&dsl stuff i just changed the I.P


----------



## MitchConner (May 8, 2015)

Can you post the output of the following and let me know your IP address please mate:

sh run | grep http


----------



## MitchConner (May 8, 2015)

Just reread your post, are you also not getting outside connectivity?


----------



## MitchConner (May 8, 2015)

While i'm waiting  a good tool for troubleshooting on the ASA is packet tracer:

e.g.

packet-tracer input inside tcp 172.20.1.1 1027 8.8.8.8 80


----------



## MitchConner (May 8, 2015)

If you've changed your ISP and also your public IP address (without rebooting the ASA), can you enter this command and re-test:

clear xlate

edit: This will clear all the NAT translations that were built using the old address.


----------



## Nickyd123 (Jul 28, 2015)

Result of the command: "sh run | grep http"

http server enable
http 192.168.1.0 255.255.255.0 inside
http 66.162.9.0 255.255.255.0 outside
http 172.20.1.0 255.255.255.0 inside
http 121.243.26.254 255.255.255.255 outside


----------



## Nickyd123 (Jul 28, 2015)

Result of the command: "packet-tracer input inside tcp 172.20.1.1 1027 8.8.8.8 80"

Phase: 1
Type: ACCESS-LIST
Subtype: 
Result: ALLOW
Config:
Implicit Rule
Additional Information:
MAC Access list

Result:
input-interface: inside
input-status: up
input-line-status: up
Action: drop
Drop-reason: (no-route) No route to host


----------



## MitchConner (May 8, 2015)

Can you ping the gateway address from the ASA?

This address: 97.87.246.85


----------



## MitchConner (May 8, 2015)

Can i see a show route as well please.


----------



## Nickyd123 (Jul 28, 2015)

Result of the command: "show route"

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route

Gateway of last resort is not set

C 192.168.1.0 255.255.255.0 is directly connected, inside


----------



## MitchConner (May 8, 2015)

And a show int ip brie

Your ISP has changed but your pppoe credentials have stayed the same as well.


----------



## Nickyd123 (Jul 28, 2015)

should i remove the pppoe and at&t lines? 



Result of the command: "show int"

Interface Ethernet0/0 "", is down, line protocol is down
Hardware is 88E6095, BW 100 Mbps, DLY 100 usec
Auto-Duplex, Auto-Speed
Input flow control is unsupported, output flow control is unsupported
Available but not configured via nameif
MAC address 0022.bdeb.b3bf, MTU not set
IP address unassigned
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
0 L2 decode drops
0 switch ingress policy drops
0 packets output, 0 bytes, 0 underruns
0 pause output, 0 resume output
0 output errors, 0 collisions, 0 interface resets
0 late collisions, 0 deferred
0 rate limit drops
0 switch egress policy drops
0 input reset drops, 0 output reset drops
Interface Ethernet0/1 "", is up, line protocol is up
Hardware is 88E6095, BW 100 Mbps, DLY 100 usec
Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
Input flow control is unsupported, output flow control is unsupported
Available but not configured via nameif
MAC address 0022.bdeb.b3c0, MTU not set
IP address unassigned
20265 packets input, 2034712 bytes, 0 no buffer
Received 2938 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
0 L2 decode drops
0 switch ingress policy drops
5759 packets output, 3202583 bytes, 0 underruns
0 pause output, 0 resume output
0 output errors, 0 collisions, 0 interface resets
0 late collisions, 0 deferred
0 rate limit drops
0 switch egress policy drops
0 input reset drops, 0 output reset drops
Interface Ethernet0/2 "", is down, line protocol is down
Hardware is 88E6095, BW 100 Mbps, DLY 100 usec
Auto-Duplex, Auto-Speed
Input flow control is unsupported, output flow control is unsupported
Available but not configured via nameif
MAC address 0022.bdeb.b3c1, MTU not set
IP address unassigned
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
0 L2 decode drops
0 switch ingress policy drops
0 packets output, 0 bytes, 0 underruns
0 pause output, 0 resume output
0 output errors, 0 collisions, 0 interface resets
0 late collisions, 0 deferred
0 rate limit drops
0 switch egress policy drops
0 input reset drops, 0 output reset drops
Interface Ethernet0/3 "", is down, line protocol is down
Hardware is 88E6095, BW 100 Mbps, DLY 100 usec
Auto-Duplex, Auto-Speed
Input flow control is unsupported, output flow control is unsupported
Available but not configured via nameif
MAC address 0022.bdeb.b3c2, MTU not set
IP address unassigned
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
0 L2 decode drops
0 switch ingress policy drops
0 packets output, 0 bytes, 0 underruns
0 pause output, 0 resume output
0 output errors, 0 collisions, 0 interface resets
0 late collisions, 0 deferred
0 rate limit drops
0 switch egress policy drops
0 input reset drops, 0 output reset drops
Interface Ethernet0/4 "", is down, line protocol is down
Hardware is 88E6095, BW 100 Mbps, DLY 100 usec
Auto-Duplex, Auto-Speed
Input flow control is unsupported, output flow control is unsupported
Available but not configured via nameif
MAC address 0022.bdeb.b3c3, MTU not set
IP address unassigned
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
0 L2 decode drops
0 switch ingress policy drops
0 packets output, 0 bytes, 0 underruns
0 pause output, 0 resume output
0 output errors, 0 collisions, 0 interface resets
0 late collisions, 0 deferred
0 rate limit drops
0 switch egress policy drops
0 input reset drops, 0 output reset drops
Interface Ethernet0/5 "", is down, line protocol is down
Hardware is 88E6095, BW 100 Mbps, DLY 100 usec
Auto-Duplex, Auto-Speed
Input flow control is unsupported, output flow control is unsupported
Available but not configured via nameif
MAC address 0022.bdeb.b3c4, MTU not set
IP address unassigned
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
0 L2 decode drops
0 switch ingress policy drops
0 packets output, 0 bytes, 0 underruns
0 pause output, 0 resume output
0 output errors, 0 collisions, 0 interface resets
0 late collisions, 0 deferred
0 rate limit drops
0 switch egress policy drops
0 input reset drops, 0 output reset drops
Interface Ethernet0/6 "", is down, line protocol is down
Hardware is 88E6095, BW 100 Mbps, DLY 100 usec
Auto-Duplex, Auto-Speed
Input flow control is unsupported, output flow control is unsupported
Available but not configured via nameif
MAC address 0022.bdeb.b3c5, MTU not set
IP address unassigned
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
0 L2 decode drops
0 switch ingress policy drops
0 packets output, 0 bytes, 0 underruns
0 pause output, 0 resume output
0 output errors, 0 collisions, 0 interface resets
0 late collisions, 0 deferred
0 rate limit drops
0 switch egress policy drops
0 input reset drops, 0 output reset drops
Interface Ethernet0/7 "", is down, line protocol is down
Hardware is 88E6095, BW 100 Mbps, DLY 100 usec
Auto-Duplex, Auto-Speed
Input flow control is unsupported, output flow control is unsupported
Available but not configured via nameif
MAC address 0022.bdeb.b3c6, MTU not set
IP address unassigned
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
0 L2 decode drops
0 switch ingress policy drops
0 packets output, 0 bytes, 0 underruns
0 pause output, 0 resume output
0 output errors, 0 collisions, 0 interface resets
0 late collisions, 0 deferred
0 rate limit drops
0 switch egress policy drops
0 input reset drops, 0 output reset drops
Interface Vlan1 "inside", is up, line protocol is up
Hardware is EtherSVI, BW 100 Mbps, DLY 100 usec
MAC address 0022.bdeb.b3c7, MTU 1500
IP address 192.168.1.1, subnet mask 255.255.255.0
Traffic Statistics for "inside":
17894 packets input, 1477855 bytes
5772 packets output, 3090286 bytes
14486 packets dropped
1 minute input rate 0 pkts/sec, 0 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 3 pkts/sec, 256 bytes/sec
5 minute output rate 2 pkts/sec, 432 bytes/sec
5 minute drop rate, 1 pkts/sec
Interface Vlan2 "outside", is down, line protocol is down
Hardware is EtherSVI, BW 100 Mbps, DLY 100 usec
MAC address 0022.bdeb.b3c7, MTU 1500
IP address unassigned
Traffic Statistics for "outside":
0 packets input, 0 bytes
0 packets output, 0 bytes
0 packets dropped
1 minute input rate 0 pkts/sec, 0 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 0 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec


----------



## MitchConner (May 8, 2015)

*show interface ip brief* mate


----------



## MitchConner (May 8, 2015)

What prompted the change mate, just new ISP or new circuit type?


----------



## Nickyd123 (Jul 28, 2015)

Result of the command: "show interface ip brief"

Interface IP-Address OK? Method Status Protocol
Ethernet0/0 unassigned YES unset down down
Ethernet0/1 unassigned YES unset up up 
Ethernet0/2 unassigned YES unset down down
Ethernet0/3 unassigned YES unset down down
Ethernet0/4 unassigned YES unset down down
Ethernet0/5 unassigned YES unset down down
Ethernet0/6 unassigned YES unset down down
Ethernet0/7 unassigned YES unset down down
Internal-Data0/0 unassigned YES unset up up 
Internal-Data0/1 unassigned YES unset up up 
Vlan1 192.168.1.1 YES CONFIG up up 
Vlan2 unassigned YES CONFIG down down
Virtual0 127.0.0.1 YES unset up up


----------



## MitchConner (May 8, 2015)

Can you do a no shut on e0 please mate:

int e0/0
no shut

then run show int ip brie again

And is the cable connected to the port?


----------



## MitchConner (May 8, 2015)

I need to know what circuit type you have at the moment as well please.


----------



## Nickyd123 (Jul 28, 2015)

Ethernet0/0 unassigned YES unset down down
Ethernet0/1 unassigned YES unset down down
Ethernet0/2 unassigned YES unset down down
Ethernet0/3 unassigned YES unset down down
Ethernet0/4 unassigned YES unset down down
Ethernet0/5 unassigned YES unset down down
Ethernet0/6 unassigned YES unset down down
Ethernet0/7 unassigned YES unset down down
Internal-Data0/0 unassigned YES unset up up
Internal-Data0/1 unassigned YES unset up up
Vlan1 192.168.1.1 YES CONFIG down down
Vlan2 unassigned YES CONFIG down down
Virtual0 127.0.0.1 YES unset up up
ALHS-ASA(config)#


----------



## Nickyd123 (Jul 28, 2015)

why does vlan 2 say unnasighned when i assigned that interface for the modem/internet


----------



## MitchConner (May 8, 2015)

Because the interface isn't up, so the SVI has no reason to be up.


----------



## Nickyd123 (Jul 28, 2015)

so, what would you recommend, they went from at&t to charter and im just having a little issues with just the site to site vpn now, they all have internet access through the device through dhcp on the inside interface. but still having hard time


----------



## MitchConner (May 8, 2015)

show crypto isa sa

please.


----------



## Nickyd123 (Jul 28, 2015)

crypto ipsec transform-set STRONG esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map DYN-MAP 20 set transform-set STRONG
crypto map OUTSIDE-MAP 1 match address InsideGlobal-2-Etrans
crypto map OUTSIDE-MAP 1 set peer 66.203.81.2
crypto map OUTSIDE-MAP 1 set transform-set STRONG
crypto map OUTSIDE-MAP 65300 ipsec-isakmp dynamic DYN-MAP
crypto map OUTSIDE-MAP interface outside
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 1
authentication pre-share
encryption 3des
hash sha
group 1
lifetime 28800
crypto isakmp policy 2
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 28800
crypto isakmp policy 3
authentication pre-share
encryption 3des
hash md5
group 1
lifetime 28800
crypto isakmp policy 4
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 28800


----------



## MitchConner (May 8, 2015)

I'm not sure if you're actually reading my posts or not.

Can you please enter, into the CLI of the ASA:

*show crypto isa sa*


----------

