ACS 5.1, ASA 8.2.2, AD, Device Access. Can't get it to work...

Does anyone have any direction/pointers on how to configure ACS 5.1 to use AD to authenticate and authorize device admin access for Cisco ASA firewalls running 8.2.2? The only way I can seem to get it to work is to tell it to continue if authentication is failed (which means any user/password entered works). The events in the log are:
24408 User authentication against Active Directory failed since user has entered the wrong password
However, I know with 100% certainty that the username and password are good to go (it's the same username and password that works just fine with our old ACS 3.3 system). At this point I feel like I'm missing something really stupid, but for the life of me I can't find it (and the ACS 5.1 user guide leaves a LOT to be desired IMO). Any help is greatly appreciated. We are trying to pilot ACS 5.1 to see if we want to upgrade to it instead of ACS 4.2 but with it failing on what would seem to be such a basic use case, it's not looking promising... TIA.

I had this same issue and found out that my RADIUS keys did not match. I am migrating from ACS 4.2 to ACS version 5.4. I corrected my key on the the 5.4 installation and now access works perfectly. Hope that helps.

Similar Messages

Using ACS with PIX/ASA

Hi there,
We have an implementation of Cisco Secure ACS 4.1.4 using RSA SecurID as its authentication source to provide role-based access control and command level authorisation.
We have succesfully deployed this our routers/switches, and are now looking at configuring Cisco PIX/ASA devices to use ACS and have stubbled across issues.
Config on PIX/ASA (note we actually have 4 ACS servers defined for resilience etc):
aaa-server XXXXX protocol tacacs+
accounting-mode simultaneous
reactivation-mode depletion deadtime 1
max-failed-attempts 1
aaa-server XXXXX inside host <SERVER>
key <SECRET>
timeout 5
aaa authentication telnet console XXXXX LOCAL
aaa authentication enable console XXXXX LOCAL
aaa authentication ssh console XXXXX LOCAL
aaa authentication http console XXXXX LOCAL
aaa authentication serial console XXXXX LOCAL
aaa accounting command XXXXX
aaa accounting telnet console XXXXX
aaa accounting ssh console XXXXX
aaa accounting enable console XXXXX
aaa accounting serial console XXXXX
aaa authorization command XXXXX LOCAL
Problems:
Enter PASSCODE is NOT displayed on first attempt to logon to the PIX/ASA because it does not attempt to communicate with ACS until username/pass is sent.
Username with null password (e.g. CR) will correctly then display Enter PASSCODE prompt received from ACS.
PIX/ASA does not attempt to authenticate against all configured TACACS+ servers in one go, instead it tries each sequentially per authentication attemptâ¦.e.g.
1st Attempt = Server 1
2nd Attempt = Server 2
3rd Attempt = Server 3
4th Attempt = Server 4
This means that in total failure of ACS users will have to attempt authentication N+1 times before failing to LOCAL credentials depending on number of servers configured, this seems to be from setting "depletion deadtime 1" however the alternative is worse:
With âdepletion timedâ configured, by the time the user has attempted authentication to servers 2,3 and 4 the hard coded 30 second timeout has likely elapsed and the first server has been re-enabled by the PIX for authentication attempts, as such it will never fail to local authentication locking the user out of the device, the PIX itself does warn of this with the following error:
âWARNING: Fallback authentication is configured, but reactivation mode is set to
timed. Multiple aaa servers may prevent the appliance from ever invoking the fallback auth
mechanism.â
The next issue is that of accounting.....AAA Accounting does not record âSHOWâ commands or session accounting records (start/stop) or âENABLE".
The final issue is ASDM. We can login to ASDM successfully using ACS/RSA SecurID, however when a change is made to the configuration ASDM repeatedly sends the users logon credentials multiple times.
As RSA SecurID token can only be used once this fails and locks the account.
Any ideas on how to make two of Ciscos leading security products work together better?

Just re-reading the PIX/ASA 7.2 command reference guide below:
http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/crt_72.pdf
It appears some of the above are known issues.
PASSCODE issue, page 2-17 states:
We recommend that you use the same username and password in the local database as the
AAA server because the security appliance prompt does not give any indication which method is being used.
Failure to LOCAL, page 2-42 states:
You can have up to 15 server groups in single mode or 4 server groups per context in multiple mode. Each group can have up to 16 servers in single mode or 4 servers in multiple mode. When a user logs in, the servers are accessed one at a time starting with the first server you specify in the configuration, until a server responds.
AAA Accounting, page 2-2 states:
To send accounting messages to the TACACS+ accounting server when you enter any command other than show commands at the CLI, use the aaa accounting command command in global configuration mode.
ASDM issue, page 2-17 states:
HTTP management authentication does not support the SDI protocol for AAA server group
So looks like all my issues are known "features" of PIX/ASA integration with ACS, any ideas of how to achieve a "slicker" integration?
Is there a roadmap to improve this with later versions of the OS?
Will the PIX/ASA code ever properly support the same features as IOS?
Would it be better to look at using something like CSM instead of ASDM?

ASA 8.2 configuration for an ASA 9.1.(1) device

Hello, I have a configuration file from a 5510 running ASA ver 8.2
I have a brand new ASA5525 running ASA ver 9.1(1)
It is my understanding the configuration syntax is different between these versions
I need to take this config I have and somehow auto-format it to work with 9.1(1). Upgrade is not an option since the firewall is already on 9.1(1)
Anyone know how would I go about this?

Hi,
I think you can use this Document to understand the Syntax changes and you will find the corresponding syntax for ASA 9.x as well.
http://www.cisco.com/c/en/us/td/docs/security/asa/asa83/upgrading/migrating.html
Also , you can check out this Automated tool as well:-
http://www.tunnelsup.com/nat-converter
I would recommend going through and manually converting the configuration to prevent any errors.
Thanks and Regards,
Vibhor Amrodia

Can Teredo for Microsoft DirectAccess work in the DMZ of an ASA 5510?

I'd like to find some way to get Teredo to work with our DirectAccess implementation. To do that, the external facing NIC on the DirectAccess server needs to be configured with a routable public IP address.
We have an ASA 5510 (running 8.3 (2)) that has switches on the Internal and DMZ interfaces, but connects directly to our Internet router through the External interface.
So, I do not have a switch that will allow me to connect our DA server directly to the edge. Short of buying a new switch and putting it outside of the firewall, I wanted to see if there was a way to configure the ASA so that Teredo would work in the DMZ.
Our current DMZ has 2 barracuda devices (spam and web filters) using static NAT objects. The IPs are all 192.168.x.
Is there some way of getting the DirectAccess external interface to work in the DMZ with a public IP address (and our ISP's gateway) without mucking everything else up? I've read about transparency mode, but I cannot figure out if that would affect our other devices.
Thanks in advance!
-Brad

Hi. I'm not 100% sure.......... But I think With UAG service pack 1 or 2 you no longer require a publicly routatable address for the external interface of the UAG server. You can now add the UAG server to your existing DMZ without affecting the addressing. Then you allow the Teredo tunneling traffic to the server.
HTH

Where can i get the trial ACS

Recently I just major in the DRM solution. So i need a copy of trial ACS for research. But where can i get it? Is there somebody can answer my Q ? Thanks.

Remember that ACS is being phased out, so I doubt it's worth it.

ACS 5.3, ASA using TACACS+ forces to PAP?

As the title says I'm trying to have an ASA (8.2.3) auth against an ACS 5.3 using TACACS+. It only works if I have PAP enabled on the ACS. Obviously this concerns me. I've found the following reference in the configuration guides:
TACACS+ Server Support
The ASA supports TACACS+ authentication with ASCII, PAP, CHAP, and MS-CHAPv1.
I can't figure out how to make the ASA use MS-CHAPv1 though. Seems like it should be pretty simple.
Incidentally I was having the same problem with VPN auth's using RADIUS but I was able to fix that by enabling the password management option which is only available in CHAPv2. Seems that option isn't available under TACACS+.
Any suggestions?

As far as I am aware the asa will only use PAP to authenticate console exec logins. I wish it used chap-v2.
Sent from Cisco Technical Support iPhone App

Can't get traffic flowing between VLANs on an ASA 5505

I've got an ASA 5505 with the Security Plus license that I'm trying to configure.
So far I have setup NATing on two VLANs, one called 16jda (VLAN 16 - 10.16.2.0/24) and one called 16jdc (VLAN 11 - 10.105.11.0/24).
From each subnet I am able to connect to the internet, but I need these subnets to also be able to talk to each other.
I have each VLAN interface at security level 100 and enabled "same-security-traffic permit inter-interface", and I have setup static NAT mappings between the two subnets, but they still can't communicate.
When I try to ping there is no reply and the only log message is:
6 Aug 21 2012 09:00:54 302020 10.16.2.10 23336 10.105.11.6 0 Built inbound ICMP connection for faddr 10.16.2.10/23336 gaddr 10.105.11.6/0 laddr 10.105.11.6/0
I have attached a copy of the router config.

Hi Bro
I know your problem and I know exactly how to solve it too. You could refer to https://supportforums.cisco.com/message/3714412#3714412 for further details.
Moving forward, this is what you’re gonna paste in your FW. This should work like a charm.
access-list from-inside permit ip 10.105.1.0 255.255.255.0 10.105.11.0 255.255.255.0
access-list from-inside permit ip 10.105.1.0 255.255.255.0 10.16.2.0 255.255.255.0
access-list from-16jda permit ip 10.16.2.0 255.255.255.0 10.105.1.0 255.255.255.0
access-list from-16jda permit ip 10.16.2.0 255.255.255.0 10.105.11.0 255.255.255.0
access-list from-16jdc permit ip 10.105.11.0 255.255.255.0 10.105.1.0 255.255.255.0
access-list from-16jdc permit ip 10.105.11.0 255.255.255.0 10.16.2.0 255.255.255.0
nat (inside) 0 access-list from-inside
nat (16jdc) 0 access-list from-16jdc
nat (16jda) 0 access-list from-16jda
clear xlate
nat (inside) 1 10.105.1.0 255.255.255.0 <-- You forgot this!!
Basically, when inside wants to communicate with the other interfaces bearing security-level 100 e.g. 16jda or 16jdc or vice-versa, you’ll need to enable “NAT Exemption” i.e. nat (nameif) 0 . I know you have already enabled the same-security permit inter-interface command, but this command becomes useless once you’ve enable dynamic nat on one of those interfaces. It’s as if the same-security traffic command wasn't even entered in the first place. Hence, the Cisco ASA is behaving as expected as per Cisco's documentation. For further details on this, you could refer to the URLs below;
https://supportforums.cisco.com/thread/223898
http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/cfgnat.html#wp1042530

ASA 5505 & VPN Client will not access remote lan

I have an ASA 5505 that is on the parimeter of a hub & spoke vpn network, when I connect to this device using the VPN client I can connect to any device accross the VPN ifrastructure with the exception of the subnet that the client is connected to, for instance:
VPN client internal network connects to 192.168.113.0 /24 and is issued that ip address 192.168.113.200, the VPN client can be pinged from another device in this network however the client cannot access anyting on this subnet, all other sites can be accesed ie. main site 192.168.16.0/24, second site 192.168.110/24 and third site 192.168.112/24. The ACL Manager has a single entry of "Source 192.168.113.0/24 Destination 192.168.0.0/16 and the "Standared ACL 192.168.8.8./16 permit.
What am I doing wrong?

Thanks for getting back to me, I have carried out the steps as instructed, one interesting point is that the IP address that was issued to the VPN Client 192.168.113.200 does not appear in the output.
Result of the command: "show run all sysopt"
no sysopt connection timewait
sysopt connection tcpmss 1380
sysopt connection tcpmss minimum 0
sysopt connection permit-vpn
sysopt connection reclassify-vpn
no sysopt connection preserve-vpn-flows
no sysopt radius ignore-secret
no sysopt noproxyarp inside
no sysopt noproxyarp outside
========================================================================
Result of the command: "show capture drop"
3862 packets captured
   1: 16:20:12.552675 eb4f.1df5.0453 1503.0100.16d1 0x97da 27: Drop-reason: (np-socket-closed) Dropped pending packets in a closed socket
   2: 16:20:12.565980 802.1Q vlan#1 P0 192.168.113.2.1351 > 192.168.113.1.443: F 344642397:344642397(0) ack 2841808872 win 64834 Drop-reason: (tcp-not-syn) First TCP packet not SYN
   3: 16:20:18.108469 df4c.9238.6de4 1503.0100.1615 0x80e6 27: Drop-reason: (np-socket-closed) Dropped pending packets in a closed socket
   4: 16:20:49.326505 802.1Q vlan#1 P0 802.3 encap packet
   5: 16:20:50.326582 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000 Drop-reason: (l2_acl) FP L2 rule drop
   6: 16:20:51.326643 802.1Q vlan#1 P0 802.3 encap packet Drop-reason: (l2_acl) FP L2 rule drop
   7: 16:20:52.326734 802.1Q vlan#1 P0 802.3 encap packet Drop-reason: (l2_acl) FP L2 rule drop
   8: 16:20:53.326780 802.1Q vlan#1 P0 802.3 encap packet Drop-reason: (l2_acl) FP L2 rule drop
   9: 16:20:54.326811 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000
10: 16:20:55.326933 802.1Q vlan#1 P0 802.3 encap packet Drop-reason: (l2_acl) FP L2 rule drop
11: 16:20:56.327024 802.1Q vlan#1 P0 802.3 encap packet
12: 16:20:57.327116 802.1Q vlan#1 P0 802.3 encap packet Drop-reason: (l2_acl) FP L2 rule drop
13: 16:20:58.327131 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000 Drop-reason: (l2_acl) FP L2 rule drop
14: 16:20:59.327207 802.1Q vlan#1 P0 802.3 encap packet
15: 16:21:00.327253 802.1Q vlan#1 P0 802.3 encap packet
16: 16:21:46.298202 802.1Q vlan#2 P0 188.47.231.204.4804 > x.x.x.x: S 1269179881:1269179881(0) win 65535 Drop-reason: (acl-drop) Flow is denied by configured rule
17: 16:21:49.249971 802.1Q vlan#2 P0 188.47.231.204.4804 >x.x.x.x: S 1269179881:1269179881(0) win 65535 Drop-reason: (acl-drop) Flow is denied by configured rule
18: 16:22:01.331449 802.1Q vlan#1 P0 802.3 encap packet Drop-reason: (l2_acl) FP L2 rule drop
19: 16:22:02.331541 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000 Drop-reason: (l2_acl) FP L2 rule drop
20: 16:22:02.847002 802.1Q vlan#1 P0 192.168.113.102.3601 > 192.168.16.7.389: . ack 776344922 win 0 Drop-reason: (tcp-3whs-failed) TCP failed 3 way handshake
21: 16:22:03.331617 802.1Q vlan#1 P0 802.3 encap packet
22: 16:22:04.331693 802.1Q vlan#1 P0 802.3 encap packet Drop-reason: (l2_acl) FP L2 rule drop
23: 16:22:05.331769 802.1Q vlan#1 P0 802.3 encap packet Drop-reason: (l2_acl) FP L2 rule drop
24: 16:22:06.331830 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000
25: 16:22:07.331907 802.1Q vlan#1 P0 802.3 encap packet Drop-reason: (l2_acl) FP L2 rule drop
26: 16:22:08.331937 802.1Q vlan#1 P0 802.3 encap packet
27: 16:22:09.332029 802.1Q vlan#1 P0 802.3 encap packet
28: 16:22:10.332075 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000
29: 16:22:11.332136 802.1Q vlan#1 P0 802.3 encap packet
30: 16:22:12.332258 802.1Q vlan#1 P0 802.3 encap packet Drop-reason: (l2_acl) FP L2 rule drop
31: 16:22:24.346081 802.1Q vlan#2 P0 46.108.60.22.80 > x.x.x.x: S 3922541222:3922541222(0) ack 1002562688 win 8192 Drop-reason: (sp-security-failed) Slowpath security checks failed
32: 16:22:30.981119 802.1Q vlan#1 P0 192.168.113.102.3597 > 192.168.16.7.135: . ack 2880086683 win 0 Drop-reason: (tcp-3whs-failed) TCP failed 3 way handshake
33: 16:22:33.120583 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 209 Drop-reason: (sp-security-failed) Slowpath security checks failed
34: 16:22:55.556016 802.1Q vlan#1 P0 192.168.113.103.56162 > 192.168.16.6.135: . ack 1318982887 win 0 Drop-reason: (tcp-3whs-failed) TCP failed 3 way handshake
35: 16:23:13.102671 802.1Q vlan#2 P0 192.168.16.24.2222 > 192.168.113.2.1358: . ack 965718404 win 65103
36: 16:23:13.336423 802.1Q vlan#1 P0 802.3 encap packet Drop-reason: (l2_acl) FP L2 rule drop
37: 16:23:14.336515 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000 Drop-reason: (l2_acl) FP L2 rule drop
38: 16:23:15.336591 802.1Q vlan#1 P0 802.3 encap packet Drop-reason: (l2_acl) FP L2 rule drop
39: 16:23:16.336621 802.1Q vlan#1 P0 802.3 encap packet Drop-reason: (l2_acl) FP L2 rule drop
40: 16:23:17.336698 802.1Q vlan#1 P0 802.3 encap packet Drop-reason: (l2_acl) FP L2 rule drop
41: 16:23:18.336774 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000 Drop-reason: (l2_acl) FP L2 rule drop
42: 16:23:19.336850 802.1Q vlan#1 P0 802.3 encap packet Drop-reason: (l2_acl) FP L2 rule drop
43: 16:23:20.336911 802.1Q vlan#1 P0 802.3 encap packet Drop-reason: (l2_acl) FP L2 rule drop
44: 16:23:21.337033 802.1Q vlan#1 P0 802.3 encap packet Drop-reason: (l2_acl) FP L2 rule drop
45: 16:23:22.337033 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000 Drop-reason: (l2_acl) FP L2 rule drop
46: 16:23:23.337125 802.1Q vlan#1 P0 802.3 encap packet Drop-reason: (l2_acl) FP L2 rule drop
47: 16:23:24.337156 802.1Q vlan#1 P0 802.3 encap packet Drop-reason: (l2_acl) FP L2 rule drop
48: 16:23:25.838900 788c.24f4.af1e 1503.0100.1644 0x6336 27:
49: 16:23:25.902602 802.1Q vlan#1 P0 192.168.113.2.1360 > 192.168.113.1.443: F 1261179433:1261179433(0) ack 346419241 win 65535 Drop-reason: (tcp-not-syn) First TCP packet not SYN
50: 16:23:26.172491 8aa9.7eaf.b518 1503.0100.162a 0xcc22 27:
51: 16:23:26.183858 802.1Q vlan#1 P0 192.168.113.2.1361 > 192.168.113.1.443: F 3073385160:3073385160(0) ack 330255452 win 65535
52: 16:23:26.411447 ac6e.3686.6139 1503.0100.16aa 0x15c4 27:
53: 16:23:26.412225 802.1Q vlan#1 P0 192.168.113.2.1362 > 192.168.113.1.443: F 3114673537:3114673537(0) ack 2528250261 win 65535
54: 16:23:54.887695 802.1Q vlan#1 P0 192.168.113.100.53324 > 192.168.16.5.1433: . ack 2023126490 win 0
55: 16:23:55.944577 802.1Q vlan#1 P0 192.168.113.100.53325 > 192.168.16.5.1433: . ack 94487779 win 0
56: 16:23:58.797871 802.1Q vlan#1 P0 192.168.113.2.1364 > 192.168.113.1.443: F 1356011818:1356011818(0) ack 2268294164 win 64505
57: 16:23:58.799153 580a.0f16.0e1a 1503.0100.1625 0x6642 27:
58: 16:24:12.472265 802.1Q vlan#1 P0 192.168.113.2.1366 > 192.168.113.1.443: F 2587530253:2587530253(0) ack 997846426 win 64501
59: 16:24:12.473059 c38c.f9d3.267b 1503.0100.16c9 0xe516 27:
60: 16:24:20.997476 802.1Q vlan#2 P0 192.168.16.7.1025 > 192.168.113.100.53333: . ack 3487921852 win 64975
61: 16:24:25.341443 802.1Q vlan#1 P0 802.3 encap packet
62: 16:24:26.341443 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000
63: 16:24:27.341535 802.1Q vlan#1 P0 802.3 encap packet
64: 16:24:28.341565 802.1Q vlan#1 P0 802.3 encap packet
65: 16:24:29.341687 802.1Q vlan#1 P0 802.3 encap packet
66: 16:24:30.341748 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000
67: 16:24:31.341779 802.1Q vlan#1 P0 802.3 encap packet
68: 16:24:31.744285 802.1Q vlan#2 P0 192.168.16.6.88 > 192.168.113.103.56171: . ack 712258524 win 65535
69: 16:24:32.341870 802.1Q vlan#1 P0 802.3 encap packet
70: 16:24:33.209385 802.1Q vlan#1 P0 192.168.113.103.56173 > 192.168.16.6.389: . ack 154944525 win 0
71: 16:24:33.341916 802.1Q vlan#1 P0 802.3 encap packet
72: 16:24:34.341962 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000
73: 16:24:35.342084 802.1Q vlan#1 P0 802.3 encap packet
74: 16:24:36.342160 802.1Q vlan#1 P0 802.3 encap packet
75: 16:24:46.196843 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 218
76: 16:24:47.981196 802.1Q vlan#1 P0 192.168.113.101.138 > 192.168.113.255.138: udp 214
77: 16:25:24.513370 802.1Q vlan#1 P0 192.168.113.2.1370 > 192.168.113.1.443: F 2400826:2400826(0) ack 249202338 win 64383
78: 16:25:24.514377 8684.9fef.d151 1503.0100.1680 0xdf2e 27:
79: 16:25:37.346326 802.1Q vlan#1 P0 802.3 encap packet
80: 16:25:38.346417 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000
81: 16:25:39.230350 802.1Q vlan#1 P0 192.168.113.100.53340 > 192.168.16.6.135: . ack 188710898 win 0
82: 16:25:39.230395 802.1Q vlan#1 P0 192.168.113.100.53341 > 192.168.16.7.135: . ack 2767236437 win 0
83: 16:25:39.232257 802.1Q vlan#1 P0 192.168.113.100.53343 > 192.168.16.7.1025: . ack 689444713 win 0
84: 16:25:39.346478 802.1Q vlan#1 P0 802.3 encap packet
85: 16:25:40.346509 802.1Q vlan#1 P0 802.3 encap packet
86: 16:25:41.346631 802.1Q vlan#1 P0 802.3 encap packet
87: 16:25:42.346661 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000
88: 16:25:43.346738 802.1Q vlan#1 P0 802.3 encap packet
89: 16:25:44.346844 802.1Q vlan#1 P0 802.3 encap packet
90: 16:25:45.346936 802.1Q vlan#1 P0 802.3 encap packet
91: 16:25:46.346936 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000
92: 16:25:47.347043 802.1Q vlan#1 P0 802.3 encap packet
93: 16:25:48.347119 802.1Q vlan#1 P0 802.3 encap packet
94: 16:25:59.497197 802.1Q vlan#1 P0 192.168.113.100.53350 > 192.168.16.8.1168: . ack 1640347657 win 0
95: 16:26:09.189016 802.1Q vlan#2 P0 112.204.234.145.39894 >x.x.x.x.5900: S 3415732392:3415732392(0) win 65535
96: 16:26:09.192906 802.1Q vlan#2 P0 112.204.234.145.39893 > x.x.x.x.5900: S 4277351748:4277351748(0) win 65535
97: 16:26:09.415917 802.1Q vlan#2 P0 112.204.234.145.39902 > x.x.x.x.5900: S 2622006339:2622006339(0) win 65535
98: 16:26:12.062389 802.1Q vlan#2 P0 112.204.234.145.39894 > x.x.x.x.5900: S 3415732392:3415732392(0) win 65535
99: 16:26:12.176840 802.1Q vlan#2 P0 112.204.234.145.39893 >x.x.x.x.5900: S 4277351748:4277351748(0) win 65535
100: 16:26:12.277222 802.1Q vlan#2 P0 112.204.234.145.39902 >x.x.x.x.5900: S 2622006339:2622006339(0) win 65535
101: 16:26:18.090418 802.1Q vlan#2 P0 79.26.104.252.2960 > x.x.x.x.445: S 2362092149:2362092149(0) win 65535
102: 16:26:21.016097 802.1Q vlan#2 P0 79.26.104.252.2960 > x.x.x.x.445: S 2362092149:2362092149(0) win 65535
103: 16:26:29.047269 802.1Q vlan#1 P0 192.168.113.100.53349 > 192.168.16.8.135: . ack 1602664145 win 0
104: 16:26:29.047315 802.1Q vlan#1 P0 192.168.113.100.53351 > 192.168.16.6.135: . ack 2983532581 win 0
105: 16:26:30.854707 802.1Q vlan#1 P0 192.168.113.103.138 > 192.168.113.255.138: udp 201
106: 16:26:31.566697 802.1Q vlan#1 P0 192.168.113.100.138 > 192.168.113.255.138: udp 211
107: 16:26:49.351254 802.1Q vlan#1 P0 802.3 encap packet
108: 16:26:50.351269 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000
109: 16:26:51.351345 802.1Q vlan#1 P0 802.3 encap packet
110: 16:26:52.351391 802.1Q vlan#1 P0 802.3 encap packet
111: 16:26:53.351498 802.1Q vlan#1 P0 802.3 encap packet
112: 16:26:54.351529 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000
113: 16:26:55.351681 802.1Q vlan#1 P0 802.3 encap packet
114: 16:26:56.351696 802.1Q vlan#1 P0 802.3 encap packet
115: 16:26:57.351742 802.1Q vlan#1 P0 802.3 encap packet
116: 16:26:58.351910 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000
117: 16:26:59.351925 802.1Q vlan#1 P0 802.3 encap packet
118: 16:27:00.352002 802.1Q vlan#1 P0 802.3 encap packet
119: 16:27:40.086131 802.1Q vlan#1 P0 192.168.113.2.1376 > 192.168.113.1.443: F 66250328:66250328(0) ack 15807648 win 64600
120: 16:27:40.086665 c969.9bb4.8522 1503.0100.160b 0xaa70 27:
121: 16:27:49.601043 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
122: 16:27:56.085536 802.1Q vlan#2 P0 192.168.16.113.61369 > 192.168.113.2.3389: . 1356749934:1356750395(461) ack 2198032306 win 32768
123: 16:28:01.356106 802.1Q vlan#1 P0 802.3 encap packet
124: 16:28:02.356198 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000
125: 16:28:03.356274 802.1Q vlan#1 P0 802.3 encap packet
126: 16:28:04.356320 802.1Q vlan#1 P0 802.3 encap packet
127: 16:28:05.356426 802.1Q vlan#1 P0 802.3 encap packet
128: 16:28:06.356487 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000
129: 16:28:07.356533 802.1Q vlan#1 P0 802.3 encap packet
130: 16:28:08.356625 802.1Q vlan#1 P0 802.3 encap packet
131: 16:28:09.356671 802.1Q vlan#1 P0 802.3 encap packet
132: 16:28:10.356747 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000
133: 16:28:11.356808 802.1Q vlan#1 P0 802.3 encap packet
134: 16:28:11.623350 802.1Q vlan#2 P0 192.168.16.113.61370 > 192.168.113.2.3389: . ack 236838803 win 32764
135: 16:28:12.356884 802.1Q vlan#1 P0 802.3 encap packet
136: 16:28:13.517597 802.1Q vlan#1 P0 192.168.113.2.1384 > 192.168.16.24.2222: . ack 358563673 win 0
137: 16:28:36.442390 802.1Q vlan#2 P0 192.168.16.6.88 > 192.168.113.2.1388: . ack 3605529264 win 65535
138: 16:28:41.392862 802.1Q vlan#1 P0 192.168.113.2.1402 > 192.168.16.6.389: . ack 3155576226 win 0
139: 16:28:46.584808 802.1Q vlan#2 P0 192.168.16.113.61370 > 192.168.113.2.3389: . ack 236894788 win 32682
140: 16:28:54.008468 802.1Q vlan#2 P0 195.57.0.146.18831 >x.x.x.x.445: S 3177136782:3177136782(0) win 65535
141: 16:28:56.157813 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 174
142: 16:28:57.070537 802.1Q vlan#2 P0 195.57.0.146.18831 > x.x.x.47.445: S 3177136782:3177136782(0) win 65535
143: 16:29:00.678492 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
144: 16:29:01.428475 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
145: 16:29:02.178625 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
146: 16:29:03.067943 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
147: 16:29:03.180090 802.1Q vlan#1 P0 192.168.113.2.1409 > 255.255.255.255.1434: udp 1
148: 16:29:03.196950 802.1Q vlan#2 P0 195.57.0.146.18831 > x.x.x.47.445: S 3177136782:3177136782(0) win 65535
149: 16:29:10.270951 802.1Q vlan#1 P0 192.168.113.21.138 > 192.168.113.255.138: udp 201
150: 16:29:13.361080 802.1Q vlan#1 P0 802.3 encap packet
151: 16:29:14.361156 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000
152: 16:29:15.361202 802.1Q vlan#1 P0 802.3 encap packet
153: 16:29:16.361263 802.1Q vlan#1 P0 802.3 encap packet
154: 16:29:17.361370 802.1Q vlan#1 P0 802.3 encap packet
155: 16:29:18.361431 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000
156: 16:29:19.361462 802.1Q vlan#1 P0 802.3 encap packet
157: 16:29:20.361523 802.1Q vlan#1 P0 802.3 encap packet
158: 16:29:21.361645 802.1Q vlan#1 P0 802.3 encap packet
159: 16:29:22.361675 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000
160: 16:29:23.361767 802.1Q vlan#1 P0 802.3 encap packet
161: 16:29:24.361828 802.1Q vlan#1 P0 802.3 encap packet
162: 16:29:26.454276 802.1Q vlan#1 P0 192.168.113.2.1379 > 192.168.16.6.135: . ack 1950662540 win 0
163: 16:29:55.650326 802.1Q vlan#2 P0 192.168.16.6.88 > 192.168.113.2.1413: . ack 1437557360 win 65535
164: 16:30:06.193486 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
165: 16:30:06.275788 802.1Q vlan#1 P0 192.168.113.2.1419 > 192.168.113.1.443: F 2901932674:2901932674(0) ack 2194877438 win 65535
166: 16:30:06.276108 f51d.deb4.fe29 1503.0100.1667 0xef26 27:
167: 16:30:06.458624 802.1Q vlan#1 P0 192.168.113.101.63801 > 23.51.192.60.443: R 2143801199:2143801199(0) ack 856889377 win 0
168: 16:30:06.943447 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
169: 16:30:07.693857 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
170: 16:30:11.228595 802.1Q vlan#2 P0 192.168.16.6.88 > 192.168.113.101.60989: . ack 1672597860 win 65535
171: 16:30:11.300765 802.1Q vlan#2 P0 192.168.16.6.88 > 192.168.113.101.60990: . ack 3222644503 win 64285
172: 16:30:11.535677 802.1Q vlan#2 P0 192.168.16.6.88 > 192.168.113.101.60992: . ack 4073444089 win 65535
173: 16:30:12.626234 802.1Q vlan#2 P0 192.168.16.6.1026 > 192.168.113.2.1395: . ack 1607137060 win 64650
174: 16:30:12.626676 802.1Q vlan#1 P0 192.168.113.2.1414 > 192.168.16.6.135: . ack 1802016687 win 0
175: 16:30:14.321028 802.1Q vlan#1 P0 192.168.113.100.53382 > 192.168.16.8.1168: . ack 3656217567 win 0
176: 16:30:20.957622 802.1Q vlan#1 P0 192.168.113.101.138 > 192.168.113.255.138: udp 214
177: 16:30:22.886520 802.1Q vlan#1 P0 192.168.113.101.137 > 192.168.113.255.137: udp 50
178: 16:30:23.650906 802.1Q vlan#1 P0 192.168.113.101.137 > 192.168.113.255.137: udp 50
179: 16:30:24.415261 802.1Q vlan#1 P0 192.168.113.101.137 > 192.168.113.255.137: udp 50
180: 16:30:25.366024 802.1Q vlan#1 P0 802.3 encap packet
181: 16:30:26.366069 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000
182: 16:30:27.366192 802.1Q vlan#1 P0 802.3 encap packet
183: 16:30:28.366298 802.1Q vlan#1 P0 802.3 encap packet
184: 16:30:29.366314 802.1Q vlan#1 P0 802.3 encap packet
185: 16:30:30.366344 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000
186: 16:30:31.366405 802.1Q vlan#1 P0 802.3 encap packet
187: 16:30:32.366512 802.1Q vlan#1 P0 802.3 encap packet
188: 16:30:33.366588 802.1Q vlan#1 P0 802.3 encap packet
189: 16:30:34.366603 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000
190: 16:30:35.366726 802.1Q vlan#1 P0 802.3 encap packet
191: 16:30:36.366787 802.1Q vlan#1 P0 802.3 encap packet
192: 16:30:41.354550 802.1Q vlan#2 P2 86.144.206.150.4500 > x.x.x.42.4500: udp 1
193: 16:31:41.317641 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
194: 16:31:41.410135 802.1Q vlan#2 P2 86.144.206.150.4500 > x.x.x.42.4500: udp 1
195: 16:31:42.067531 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
196: 16:31:42.625211 802.1Q vlan#1 P0 192.168.113.2.1425 > 192.168.16.6.1026: . ack 324632995 win 0
197: 16:31:42.817447 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
198: 16:31:43.621641 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
199: 16:31:44.364391 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
200: 16:31:45.114373 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
201: 16:32:17.514194 802.1Q vlan#2 P0 192.168.16.8.1145 > 192.168.113.102.1106: P ack 705237681 win 64410
202: 16:32:17.712991 802.1Q vlan#2 P0 192.168.16.8.1145 > 192.168.113.102.1106: . ack 705237697 win 64394
203: 16:32:19.914289 802.1Q vlan#1 P0 192.168.113.2.1441 > 192.168.113.1.443: F 3616971343:3616971343(0) ack 2537053001 win 64501
204: 16:32:19.914976 0aee.f71f.4e9f 1503.0100.1693 0x6f0c 27:
205: 16:32:29.859559 802.1Q vlan#1 P0 192.168.113.2.1442 > 192.168.113.1.443: F 1397115987:1397115987(0) ack 4256161373 win 64503
206: 16:32:29.860749 dd44.a305.9308 1503.0100.1656 0x8911 27:
207: 16:32:37.739189 802.1Q vlan#1 P0 192.168.113.100.50120 > 192.168.16.5.1433: . ack 2902970569 win 0
208: 16:32:44.122887 802.1Q vlan#1 P0 192.168.113.2.1443 > 192.168.113.1.443: F 2657615761:2657615761(0) ack 4200892746 win 64503
209: 16:32:44.124062 f6a1.d7ab.e83a 1503.0100.1680 0xc43a 27:
210: 16:32:47.656719 802.1Q vlan#1 P0 192.168.113.100.49261 > 192.168.16.7.1025: . ack 3158609488 win 0
211: 16:33:04.969783 802.1Q vlan#1 P0 192.168.113.2.1445 > 192.168.113.1.443: F 814444399:814444399(0) ack 1634267102 win 64503
212: 16:33:04.970881 aa38.dfad.c613 1503.0100.1676 0x82be 27:
213: 16:33:12.628095 802.1Q vlan#2 P0 192.168.16.6.1026 > 192.168.113.2.1435: . ack 2283288029 win 65171
214: 16:33:27.120065 802.1Q vlan#2 P0 192.168.16.8.1145 > 192.168.113.102.1106: P 1127604049:1127604142(93) ack 2305443558 win 64394
215: 16:33:27.720421 802.1Q vlan#2 P0 192.168.16.8.1145 > 192.168.113.102.1106: P 1127604049:1127604142(93) ack 2305443558 win 64394
216: 16:33:28.925199 802.1Q vlan#2 P0 192.168.16.8.1145 > 192.168.113.102.1106: P 1127604049:1127604142(93) ack 2305443558 win 65535
217: 16:33:30.033689 802.1Q vlan#2 P0 192.168.16.8.1145 > 192.168.113.102.1106: P 1127604049:1127604142(93) ack 2305443558 win 65535
218: 16:33:31.240466 802.1Q vlan#2 P0 192.168.16.8.1145 > 192.168.113.102.1106: P 1127604049:1127604142(93) ack 2305443558 win 65535
219: 16:33:33.658123 802.1Q vlan#2 P0 192.168.16.8.1145 > 192.168.113.102.1106: P 1127604049:1127604142(93) ack 2305443558 win 65535
220: 16:34:28.894362 802.1Q vlan#2 P0 78.8.246.9.4932 > x.x.x.47.445: S 3906206304:3906206304(0) win 65535
221: 16:34:31.868103 802.1Q vlan#2 P0 78.8.246.9.4932 > x.x.x.47.445: S 3906206304:3906206304(0) win 65535
222: 16:34:39.949657 802.1Q vlan#1 P0 192.168.113.102.138 > 192.168.113.255.138: udp 201
223: 16:35:01.222492 802.1Q vlan#1 P0 192.168.113.100.68 > 255.255.255.255.67: udp 300
224: 16:35:01.650952 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
225: 16:35:02.400995 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
226: 16:35:03.151084 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
227: 16:35:04.022093 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
228: 16:35:04.772146 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
229: 16:35:05.522220 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
230: 16:35:20.168295 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
231: 16:35:20.524264 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
232: 16:35:20.918333 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
233: 16:35:21.274354 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
234: 16:35:21.668346 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
235: 16:35:22.024412 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
236: 16:35:41.391978 802.1Q vlan#1 P0 192.168.113.102.138 > 192.168.113.255.138: udp 201
237: 16:35:41.734932 802.1Q vlan#2 P0 192.168.16.10.445 > 192.168.113.102.3524: . ack 2927988043 win 63730
238: 16:35:44.540041 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
239: 16:35:45.290100 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
240: 16:35:45.678050 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
241: 16:35:46.040143 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
242: 16:35:46.220005 802.1Q vlan#1 P0 192.168.113.100.138 > 192.168.113.255.138: udp 211
243: 16:35:46.428124 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
244: 16:35:47.178213 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
245: 16:35:48.479345 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
246: 16:35:49.229373 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
247: 16:35:49.979380 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
248: 16:36:01.674388 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 180
249: 16:36:01.674952 802.1Q vlan#1 P0 192.168.113.103.138 > 192.168.113.255.138: udp 181
250: 16:36:01.675074 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 218
251: 16:36:31.389170 802.1Q vlan#2 P0 192.168.16.6.88 > 192.168.113.103.56182: . ack 1459294663 win 65535
252: 16:36:31.674174 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 180
253: 16:36:32.426354 802.1Q vlan#1 P0 192.168.113.103.56183 > 192.168.16.6.389: . ack 3653264448 win 0
254: 16:36:32.426384 802.1Q vlan#1 P0 192.168.113.103.56183 > 192.168.16.6.389: . ack 3653264448 win 0
255: 16:37:01.673808 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 180
256: 16:37:05.540468 802.1Q vlan#1 P0 192.168.113.103.56179 > 192.168.16.6.1026: . ack 2381360421 win 0
257: 16:37:29.018050 802.1Q vlan#1 P0 0.0.0.0.68 > 255.255.255.255.67: udp 323
258: 16:37:29.019545 802.1Q vlan#1 P0 192.168.113.2.67 > 255.255.255.255.68: udp 327
259: 16:37:31.263887 802.1Q vlan#2 P0 192.168.16.7.88 > 192.168.113.100.49158: . ack 978836481 win 65297
260: 16:37:31.442710 802.1Q vlan#2 P0 192.168.16.7.88 > 192.168.113.100.49167: . ack 4028718881 win 65221
261: 16:37:31.524920 802.1Q vlan#2 P0 192.168.16.7.88 > 192.168.113.100.49170: . ack 1787569991 win 65535
262: 16:37:31.631391 802.1Q vlan#2 P0 192.168.16.7.88 > 192.168.113.100.49171: . ack 1175931771 win 65221
263: 16:37:31.673472 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 180
264: 16:37:31.910536 802.1Q vlan#2 P0 192.168.16.7.88 > 192.168.113.100.49175: . ack 1489216443 win 65535
265: 16:37:32.324140 802.1Q vlan#2 P0 192.168.16.7.88 > 192.168.113.100.49173: . ack 3658936090 win 65458
266: 16:37:32.368785 802.1Q vlan#1 P0 192.168.113.100.49165 > 192.168.16.6.389: . ack 72233897 win 0
267: 16:37:32.483510 802.1Q vlan#1 P0 192.168.113.100.138 > 192.168.113.255.138: udp 211
268: 16:37:32.531146 802.1Q vlan#1 P0 192.168.113.100.49157 > 192.168.16.7.389: . ack 4263416637 win 0
269: 16:37:32.736488 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
270: 16:37:32.998788 802.1Q vlan#2 P0 192.168.16.7.88 > 192.168.113.100.49182: . ack 3004547102 win 64245
271: 16:37:33.069179 802.1Q vlan#2 P0 192.168.16.7.88 > 192.168.113.100.49184: . ack 3786025013 win 65535
272: 16:37:33.111429 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 209
273: 16:37:33.486501 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
274: 16:37:34.236529 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
275: 16:37:34.548982 802.1Q vlan#2 P0 192.168.16.7.88 > 192.168.113.100.49190: . ack 713312844 win 65535
276: 16:37:35.396524 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
277: 16:37:36.149940 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
278: 16:37:36.914289 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
279: 16:37:37.630094 802.1Q vlan#1 P0 192.168.113.100.55930 > 192.168.16.7.53: . ack 1516588584 win 0
280: 16:37:37.727364 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
281: 16:37:38.477529 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
282: 16:37:39.227527 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
283: 16:37:39.458716 802.1Q vlan#1 P0 192.168.113.100.138 > 192.168.113.255.138: udp 181
284: 16:37:39.458853 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 218
285: 16:37:39.499577 802.1Q vlan#1 P0 192.168.113.100.68 > 255.255.255.255.67: udp 300
286: 16:37:39.548280 802.1Q vlan#1 P0 192.168.113.100.138 > 192.168.113.255.138: udp 211
287: 16:37:39.972529 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
288: 16:37:40.040555 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
289: 16:37:40.722618 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
290: 16:37:40.790608 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
291: 16:37:41.332029 802.1Q vlan#2 P0 192.168.16.7.88 > 192.168.113.100.55936: . ack 764822756 win 65297
292: 16:37:41.472631 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
293: 16:37:41.540667 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
294: 16:37:41.864167 802.1Q vlan#2 P0 192.168.16.6.389 > 192.168.113.100.55934: . ack 181110485 win 64773
295: 16:37:42.355694 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
296: 16:37:43.105829 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
297: 16:37:43.855821 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
298: 16:37:58.170080 802.1Q vlan#1 P0 192.168.113.100.49155 > 192.168.16.7.135: . ack 1966960952 win 0
299: 16:37:58.172064 802.1Q vlan#1 P0 192.168.113.100.49156 > 192.168.16.7.1025: . ack 1273630770 win 0
300: 16:38:01.673198 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 180
301: 16:38:01.673549 802.1Q vlan#1 P0 192.168.113.100.138 > 192.168.113.255.138: udp 181
302: 16:38:01.673655 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 218
303: 16:38:01.739082 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
304: 16:38:07.355511 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
305: 16:38:08.105554 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
306: 16:38:08.855592 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
307: 16:38:09.680613 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
308: 16:38:10.430748 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
309: 16:38:11.180776 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
310: 16:38:12.134957 802.1Q vlan#2 P0 192.168.16.6.88 > 192.168.113.100.55944: . ack 2246367695 win 65237
311: 16:38:12.209217 802.1Q vlan#2 P0 192.168.16.7.88 > 192.168.113.100.55945: . ack 2494919019 win 64264
312: 16:38:12.561845 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
313: 16:38:12.966197 802.1Q vlan#2 P0 192.168.16.7.88 > 192.168.113.100.55948: . ack 2086593126 win 65535
314: 16:38:13.311949 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
315: 16:38:13.761389 802.1Q vlan#2 P0 192.168.16.7.88 > 192.168.113.100.55950: . ack 2045545802 win 65535
316: 16:38:14.061977 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
317: 16:38:14.223499 802.1Q vlan#2 P0 192.168.16.7.88 > 192.168.113.100.55953: . ack 1713858377 win 64292
318: 16:38:14.736351 802.1Q vlan#1 P0 192.168.113.2.1460 > 192.168.16.24.2222: . ack 1683177201 win 0
319: 16:38:14.932019 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
320: 16:38:15.682093 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
321: 16:38:16.432137 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
322: 16:38:22.554490 802.1Q vlan#2 P0 84.233.195.62.80 > x.x.x.42.41099: . ack 4144961094 win 4824
323: 16:38:22.590560 802.1Q vlan#2 P0 84.233.195.62.80 > x.x.x.42.41099: R 2988301725:2988301725(0) win 0
324: 16:38:28.171164 802.1Q vlan#1 P0 192.168.113.100.55946 > 192.168.16.6.135: . ack 1977991697 win 0
325: 16:38:28.696192 802.1Q vlan#1 P0 192.168.113.103.56188 > 192.168.16.24.2222: . ack 2408117423 win 0
326: 16:38:31.672877 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 180
327: 16:38:32.107965 802.1Q vlan#1 P0 192.168.113.103.138 > 192.168.113.255.138: udp 201
328: 16:38:35.048642 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 218
329: 16:38:36.682948 802.1Q vlan#2 P0 192.168.16.7.88 > 192.168.113.100.55960: . ack 4217273847 win 65535
330: 16:38:37.418145 802.1Q vlan#1 P0 192.168.113.100.55959 > 192.168.16.8.1168: . ack 2927102471 win 0
331: 16:38:39.650906 802.1Q vlan#2 P0 192.168.16.7.88 > 192.168.113.100.55965: . ack 3654544597 win 64245
332: 16:38:58.170798 802.1Q vlan#1 P0 192.168.113.100.55947 > 192.168.16.6.1026: . ack 2221560240 win 0
333: 16:39:39.647915 802.1Q vlan#2 P0 46.214.148.199.6237 > x.x.x.42.445: S 4290339150:4290339150(0) win 65535
334: 16:39:42.649868 802.1Q vlan#2 P0 46.214.148.199.6237 > x.x.x.42.445: S 4290339150:4290339150(0) win 65535
335: 16:40:05.249987 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
336: 16:40:06.000000 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
337: 16:40:06.749976 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
338: 16:40:07.344052 802.1Q vlan#1 P0 192.168.113.100.138 > 192.168.113.255.138: udp 211
339: 16:40:08.801716 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
340: 16:40:09.252031 802.1Q vlan#2 P0 192.168.16.6.139 > 192.168.113.2.1483: P 3217152810:3217152814(4) ack 4243483819 win 65463
341: 16:40:09.566087 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
342: 16:40:10.330564 802.1Q vlan#1 P0 192.168.113.100.137 > 192.168.113.255.137: udp 50
343: 16:40:11.073436 802.1Q vlan#2 P0 189.4.30.188.4049 > x.x.x.47.445: S 583807781:583807781(0) win 65535
344: 16:40:14.013030 802.1Q vlan#2 P0 189.4.30.188.4049 > x.x.x.47.445: S 583807781:583807781(0) win 65535
345: 16:40:21.073253 802.1Q vlan#2 P0 192.168.16.6.1026 > 192.168.113.2.1465: . ack 1572968133 win 64691
346: 16:40:53.498631 802.1Q vlan#2 P0 192.168.16.6.88 > 192.168.113.103.56193: . ack 2614204448 win 65535
347: 16:40:54.113168 802.1Q vlan#2 P0 192.168.16.6.88 > 192.168.113.103.56195: . ack 3619711523 win 65535
348: 16:42:05.264024 802.1Q vlan#1 P0 192.168.113.21.138 > 192.168.113.255.138: udp 201
349: 16:42:05.990610 802.1Q vlan#1 P0 802.3 encap packet
350: 16:42:06.582886 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000
351: 16:42:07.831057 802.1Q vlan#1 P0 802.3 encap packet
352: 16:42:08.623075 802.1Q vlan#1 P0 802.3 encap packet
353: 16:42:09.624509 802.1Q vlan#1 P0 802.3 encap packet
354: 16:42:10.593231 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000
355: 16:42:11.703485 802.1Q vlan#1 P0 802.3 encap packet
356: 16:42:12.813693 802.1Q vlan#1 P0 802.3 encap packet
357: 16:42:13.923383 802.1Q vlan#1 P0 802.3 encap packet
358: 16:42:14.963329 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000
359: 16:42:15.995477 802.1Q vlan#1 P0 802.3 encap packet
360: 16:42:17.103647 802.1Q vlan#1 P0 802.3 encap packet
361: 16:42:18.103495 802.1Q vlan#1 P0 802.3 encap packet
362: 16:42:19.203511 802.1Q vlan#1 P0 0000.74da.ed6f ffff.ffff.ffff 0x8100 64:
0001 8137 ffff 0022 0004 0000 0000 ffff
ffff ffff 0452 0000 0000 0000 74da ed6f
4100 0003 0004 0000 0000 0000 0000 0000
0000
363: 16:42:20.203572 802.1Q vlan#1 P0 802.3 encap packet
364: 16:42:21.203755 802.1Q vlan#1 P0 802.3 encap packet
365: 16:43:34.032896 802.1Q vlan#2 P0 210.4.15.147.1983 > x.x.x.42.445: S 4060018625:4060018625(0) win 65535
366: 16:43:36.924375 802.1Q vlan#2 P0 210.4.15.147.1983 > x.x.x.42.445: S 4060018625:4060018625(0) win 65535
367: 16:43:51.279053 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
368: 16:43:52.028944 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
369: 16:43:52.778905 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
370: 16:43:53.583481 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
371: 16:43:54.325849 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
372: 16:43:55.075771 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
373: 16:44:43.299133 802.1Q vlan#2 P0 84.46.240.12.4739 > x.x.x.42.445: S 2644276309:2644276309(0) win 65535
374: 16:44:46.355358 802.1Q vlan#2 P0 84.46.240.12.4739 > x.x.x.42.445: S 2644276309:2644276309(0) win 65535
375: 16:45:13.762640 802.1Q vlan#2 P0 14.136.113.23.58068 > x.x.x.42.23: S 628177666:628177666(0) win 5840
376: 16:45:13.764746 802.1Q vlan#2 P0 14.136.113.23.35631 > x.x.x.47.23: S 633610575:633610575(0) win 5840
377: 16:45:13.764914 802.1Q vlan#2 P0 14.136.113.23.36646 >x.x.x.x: S 627103517:627103517(0) win 5840
378: 16:46:47.038068 802.1Q vlan#1 P0 192.168.113.103.56196 > 192.168.16.6.135: . ack 1047348019 win 0
379: 16:47:35.921812 802.1Q vlan#2 P0 50.22.199.212.80 >x.x.x.x.48383: S 1930513355:1930513355(0) ack 1004916503 win 16384
380: 16:47:36.554201 802.1Q vlan#2 P0 66.231.182.111.80 > x.x.x.x.1024: S 2203310160:2203310160(0) ack 2592535424 win 5840
381: 16:48:57.603774 802.1Q vlan#2 P0 142.4.58.113.1859 >x.x.x.x.445: S 3585080814:3585080814(0) win 65535
382: 16:49:00.493123 802.1Q vlan#2 P0 142.4.58.113.1859 > x.x.x.x.445: S 3585080814:3585080814(0) win 65535
383: 16:49:23.626462 802.1Q vlan#1 P0 192.168.113.2.1536 > x.x.x.x.53: . ack 136785297 win 0
384: 16:49:26.492848 802.1Q vlan#2 P0 192.168.16.6.88 > 192.168.113.2.1537: . ack 2966267924 win 65535
385: 16:49:45.827883 802.1Q vlan#2 P0 62.75.244.214.80 > x.x.x.x.40215: S 2919672066:2919672066(0) ack 760938497 win 5840
386: 16:49:56.653225 802.1Q vlan#2 P0 220.132.215.144.4822 > x.x.x.x.23: S 2534918729:2534918729(0) win 5808
387: 16:49:56.655086 802.1Q vlan#2 P0 220.132.215.144.3935 > x.x.x.x.23: S 2538528904:2538528904(0) win 5808
388: 16:49:56.665477 802.1Q vlan#2 P0 220.132.215.144.3892 >x.x.x.x.23: S 2530221481:2530221481(0) win 5808
389: 16:50:05.196980 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
390: 16:50:05.946926 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
391: 16:50:06.696954 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
392: 16:50:33.087489 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 218
393: 16:50:34.330854 802.1Q vlan#1 P0 192.168.113.103.138 > 192.168.113.255.138: udp 201
394: 16:51:48.139961 802.1Q vlan#2 P0 41.84.159.34.3753 > x.x.x.x.445: S 1632777117:1632777117(0) win 65535
395: 16:51:51.117700 802.1Q vlan#2 P0 41.84.159.34.3753 >x.x.x.x.445: S 1632777117:1632777117(0) win 65535
396: 16:52:16.155723 802.1Q vlan#2 P0 118.157.40.230.17343 > x.x.x.x.45093: udp 30
397: 16:52:16.173620 802.1Q vlan#2 P0 118.157.40.230.17343 > x.x.x.x.45093: udp 20
398: 16:52:19.312148 802.1Q vlan#2 P0 118.157.40.230.17343 > x.x.x.x.45093: udp 20
399: 16:52:25.864243 802.1Q vlan#2 P0 118.157.40.230.17343 > x.x.x.x.45093: udp 20
400: 16:52:33.102457 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 209
401: 16:52:38.334028 802.1Q vlan#2 P0 118.157.40.230.17343 > x.x.x.x.45093: udp 20
402: 16:53:02.396128 802.1Q vlan#2 P0 118.157.40.230.17343 >x.x.x.x.45093: udp 20
403: 16:53:13.157355 802.1Q vlan#1 P0 192.168.113.2.1554 > 192.168.16.24.2222: . ack 460543479 win 0
404: 16:53:31.871552 802.1Q vlan#2 P0 118.157.40.230.17343 > x.x.x.x.45093: udp 20
405: 16:55:40.103220 802.1Q vlan#2 P0 79.13.79.231.2042 > x.x.x.x.445: S 3623912103:3623912103(0) win 65535
406: 16:55:42.940411 802.1Q vlan#2 P0 79.13.79.231.2042 > x.x.x.40.445: S 3623912103:3623912103(0) win 65535
407: 16:56:01.209049 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
408: 16:56:01.814548 802.1Q vlan#1 P0 192.168.113.2.1561 > 192.168.16.6.1026: . ack 3029302484 win 0
409: 16:56:01.958995 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
410: 16:56:02.709008 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
411: 16:56:03.515110 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
412: 16:56:04.255891 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
413: 16:56:05.005874 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
414: 16:56:35.329649 802.1Q vlan#2 P0 192.168.16.6.389 > 192.168.113.2.1573: . ack 2011530329 win 65280
415: 16:57:18.817050 802.1Q vlan#2 P0 192.168.16.6.88 > 192.168.113.103.56207: . ack 3180698784 win 65535
416: 16:57:18.887191 802.1Q vlan#2 P0 192.168.16.6.88 > 192.168.113.103.56208: . ack 2540987118 win 65535
417: 16:58:00.045529 802.1Q vlan#2 P0 192.168.16.6.135 > 192.168.113.2.1570: . ack 1936024672 win 65263
418: 16:58:03.923337 802.1Q vlan#1 P0 192.168.113.2.1571 > 192.168.16.6.1026: . ack 4000727925 win 0
419: 16:58:24.150276 802.1Q vlan#1 P0 192.168.113.2.1584 > 192.168.16.24.2222: . ack 1251414172 win 0
420: 16:58:39.814090 802.1Q vlan#2 P0 192.168.16.6.389 > 192.168.113.2.1231: R 3143068825:3143068825(0) win 0
421: 16:58:48.666560 802.1Q vlan#1 P0 192.168.113.103.56210 > 192.168.16.6.389: . ack 1501688799 win 0
422: 17:00:05.206547 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
423: 17:00:05.956508 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
424: 17:00:06.706506 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
425: 17:00:28.431206 802.1Q vlan#2 P0 71.244.82.240.4041 >x.x.x.x.445: S 362528713:362528713(0) win 65535
426: 17:00:31.485356 802.1Q vlan#2 P0 71.244.82.240.4041 > x.x.x.x.445: S 362528713:362528713(0) win 65535
427: 17:02:34.845735 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 218
428: 17:02:50.268998 802.1Q vlan#2 P0 128.68.207.98.1642 > x.x.x.x.445: S 3558079521:3558079521(0) win 65535
429: 17:02:51.441536 802.1Q vlan#2 P0 95.37.124.146.2470 > x.x.x.x.445: S 3847235035:3847235035(0) win 65535
430: 17:02:53.252779 802.1Q vlan#2 P0 128.68.207.98.1642 > x.x.x.x.445: S 3558079521:3558079521(0) win 65535
431: 17:02:54.298949 802.1Q vlan#2 P0 95.37.124.146.2470 > x.x.x.x.445: S 3847235035:3847235035(0) win 65535
432: 17:03:24.651104 802.1Q vlan#1 P0 192.168.113.2.1604 > 192.168.16.24.2222: . ack 927286160 win 0
433: 17:05:23.439979 802.1Q vlan#2 P0 221.132.33.39.3471 > x.x.x.x.445: S 2983629597:2983629597(0) win 65535
434: 17:05:25.237002 802.1Q vlan#2 P0 204.111.67.69.4533 > x.x.x.x.445: S 1412418025:1412418025(0) win 65535
435: 17:05:26.407663 802.1Q vlan#2 P0 221.132.33.39.3471 > x.x.x.x.445: S 2983629597:2983629597(0) win 65535
436: 17:05:28.156669 802.1Q vlan#2 P0 204.111.67.69.4533 >x.x.x.x.445: S 1412418025:1412418025(0) win 65535
437: 17:05:41.544069 802.1Q vlan#2 P0 106.3.103.188.40760 > x.x.x.x.445: S 1656511640:1656511640(0) win 65535
438: 17:05:44.548021 802.1Q vlan#2 P0 106.3.103.188.40760 > x.x.x.x.445: S 1656511640:1656511640(0) win 65535
439: 17:06:11.262620 802.1Q vlan#2 P0 95.51.201.5.2510 > x.x.x.x.445: S 3351917967:3351917967(0) win 65535
440: 17:06:14.298766 802.1Q vlan#2 P0 95.51.201.5.2510 > x.x.x.x.445: S 3351917967:3351917967(0) win 65535
441: 17:07:16.002975 802.1Q vlan#2 P0 37.59.0.72.22 > x.x.x.x.80: S 1208637086:1208637086(0) ack 1 win 14600
442: 17:07:33.093028 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 209
443: 17:08:11.139015 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
444: 17:08:11.888961 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
445: 17:08:12.638959 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
446: 17:08:13.446571 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
447: 17:08:14.185842 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
448: 17:08:14.935788 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
449: 17:10:05.434685 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
450: 17:10:06.184698 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
451: 17:10:06.934628 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
452: 17:13:48.562791 802.1Q vlan#2 P0 45.131.126.147.53949 >x.x.x.x.14768: . win 16384
453: 17:14:33.697626 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 218
454: 17:17:41.242846 802.1Q vlan#2 P0 174.138.175.180.5139 > x.x.x.x.5060: udp 417
455: 17:17:41.260789 802.1Q vlan#2 P0 174.138.175.180.5139 > x.x.x.x.5060: udp 418
456: 17:17:41.293014 802.1Q vlan#2 P0 174.138.175.180.5139 > x.x.x.x.5060: udp 418
457: 17:18:26.144813 802.1Q vlan#1 P0 192.168.113.2.1665 > 192.168.16.24.2222: . ack 3674161483 win 0
458: 17:18:47.300216 802.1Q vlan#2 P0 192.168.16.6.1026 > 192.168.113.2.1651: . ack 963481079 win 65535
459: 17:19:40.849702 802.1Q vlan#2 P0 93.63.181.21.62986 > x.x.x.x.445: S 274304149:274304149(0) win 65535
460: 17:19:43.733055 802.1Q vlan#2 P0 93.63.181.21.62986 > x.x.x.x.445: S 274304149:274304149(0) win 65535
461: 17:20:01.536120 802.1Q vlan#2 P0 31.47.40.58.2982 > x.x.x.x.445: S 2578199672:2578199672(0) win 16384
462: 17:20:04.582275 802.1Q vlan#2 P0 31.47.40.58.2982 > x.x.x.x.445: S 2578199672:2578199672(0) win 16384
463: 17:20:04.943875 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
464: 17:20:05.693888 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
465: 17:20:06.443900 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
466: 17:20:16.571320 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
467: 17:20:17.318800 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
468: 17:20:18.068798 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
469: 17:20:18.875885 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
470: 17:20:19.615645 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
471: 17:20:20.365627 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
472: 17:20:21.752738 802.1Q vlan#2 P0 192.168.16.6.139 > 192.168.113.2.1678: P 640741668:640741672(4) ack 2410017920 win 65463
473: 17:21:27.330320 802.1Q vlan#2 P0 109.3.51.11.80 >x.x.x.x.40328: R 0:0(0) ack 987376948 win 0
474: 17:22:33.083537 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 209
475: 17:23:13.037092 802.1Q vlan#1 P0 192.168.113.2.1686 > 192.168.16.24.2222: . ack 2164880831 win 0
476: 17:23:23.507862 802.1Q vlan#2 P0 192.168.16.24.2222 > 192.168.113.2.1687: . ack 3400485149 win 64451
477: 17:24:03.007293 802.1Q vlan#2 P0 114.34.110.185.35787 > x.x.x.x.23: S 475586745:475586745(0) win 5808
478: 17:24:03.013381 802.1Q vlan#2 P0 114.34.110.185.56372 > x.x.x.x.23: S 471207272:471207272(0) win 5808
479: 17:24:03.015410 802.1Q vlan#2 P0 114.34.110.185.37824 > x.x.x.x.23: S 470577274:470577274(0) win 5808
480: 17:25:10.359997 802.1Q vlan#2 P0 126.91.113.22.33902 > x.x.x.x.56490: udp 30
481: 17:25:10.379939 802.1Q vlan#2 P0 126.91.113.22.33902 > x.x.x.x..56490: udp 20
482: 17:25:13.498478 802.1Q vlan#2 P0 126.91.113.22.33902 > x.x.x.x.56490: udp 20
483: 17:25:19.907927 802.1Q vlan#2 P0 126.91.113.22.33902 > x.x.x.x.56490: udp 20
484: 17:25:32.359631 802.1Q vlan#2 P0 126.91.113.22.33902 > x.x.x.x.56490: udp 20
485: 17:25:56.363415 802.1Q vlan#2 P0 126.91.113.22.33902 > x.x.x.x.56490: udp 20
486: 17:26:25.632077 802.1Q vlan#2 P0 126.91.113.22.33902 > x.x.x.x.56490: udp 20
487: 17:26:36.299468 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 218
488: 17:29:27.531863 802.1Q vlan#2 P0 192.168.16.6.88 > 192.168.113.2.1703: . ack 3505140564 win 65535
489: 17:29:28.061977 802.1Q vlan#2 P0 192.168.16.6.88 > 192.168.113.2.1704: . ack 1723398161 win 65535
490: 17:30:04.984583 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
491: 17:30:05.734565 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
492: 17:30:06.484594 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
493: 17:31:08.448676 802.1Q vlan#1 P0 192.168.113.2.1705 > 192.168.16.6.135: . ack 329930795 win 0
494: 17:32:26.498753 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
495: 17:32:27.248720 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
496: 17:32:27.998681 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
497: 17:32:28.805210 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
498: 17:32:29.545565 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
499: 17:32:30.295669 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
500: 17:33:15.029081 802.1Q vlan#2 P0 37.59.0.72.22 > x.x.x.x.80: S 1846440469:1846440469(0) ack 1 win 14600
501: 17:34:32.666683 802.1Q vlan#2 P0 186.210.159.134.1497 >x.x.x.x.445: S 731294763:731294763(0) win 65535
502: 17:34:35.327314 802.1Q vlan#2 P0 192.168.16.6.88 > 192.168.113.2.1738: . ack 4248243050 win 65516
503: 17:34:35.604262 802.1Q vlan#2 P0 186.210.159.134.1497 > x.x.x.x.445: S 731294763:731294763(0) win 65535
504: 17:34:36.750998 802.1Q vlan#2 P0 192.168.16.6.88 > 192.168.113.2.1748: . ack 1292574253 win 65535
505: 17:34:37.026670 802.1Q vlan#1 P0 192.168.113.2.1741 > 192.168.16.6.389: . ack 3709459071 win 0
506: 17:34:53.094096 802.1Q vlan#2 P0 81.191.253.254.1679 > x.x.x.x.23: S 1795047884:1795047884(0) win 5840
507: 17:34:53.094126 802.1Q vlan#2 P0 81.191.253.254.1160 > x.x.x.x.23: S 1792069562:1792069562(0) win 5840
508: 17:34:53.102182 802.1Q vlan#2 P0 81.191.253.254.4513 > x.x.x.x.23: S 1799422964:1799422964(0) win 5840
509: 17:36:39.992441 802.1Q vlan#2 P0 192.168.16.6.1026 > 192.168.113.2.1739: . ack 577382098 win 64563
510: 17:36:43.723198 802.1Q vlan#2 P0 173.199.71.146.22 > x.x.x.x.80: R 0:0(0) ack 1 win 0
511: 17:37:33.073894 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 209
512: 17:38:24.955700 802.1Q vlan#1 P0 192.168.113.2.1761 > 192.168.16.24.2222: . ack 1222119482 win 0
513: 17:38:34.073040 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 218
514: 17:38:35.042249 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 218
515: 17:40:04.993661 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
516: 17:40:05.743674 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
517: 17:40:06.493718 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
518: 17:44:36.412759 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
519: 17:44:37.162757 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
520: 17:44:37.912886 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
521: 17:44:38.717217 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
522: 17:44:39.459616 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
523: 17:44:40.209766 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
524: 17:44:41.660412 802.1Q vlan#2 P0 46.108.60.22.80 > x.x.x.x.23736: S 1810069934:1810069934(0) ack 1517738109 win 8192
525: 17:46:36.157737 802.1Q vlan#1 P0 192.168.113.2.1789 > 192.168.16.6.135: . ack 89468705 win 0
526: 17:46:36.157782 802.1Q vlan#1 P0 192.168.113.2.1790 > 192.168.16.6.1026: . ack 3579387297 win 0
527: 17:47:40.965648 802.1Q vlan#2 P0 78.139.165.57.4297 > x.x.x.x.445: S 2908035217:2908035217(0) win 65535
528: 17:47:43.945385 802.1Q vlan#2 P0 78.139.165.57.4297 > x.x.x.x.445: S 2908035217:2908035217(0) win 65535
529: 17:49:57.610640 802.1Q vlan#2 P0 31.31.89.9.22 > x.x.x.x.80: S 1417858380:1417858380(0) ack 1 win 14600
530: 17:50:05.143699 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
531: 17:50:05.893630 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
532: 17:50:06.643658 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
533: 17:50:35.205967 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 218
534: 17:52:12.181204 802.1Q vlan#2 P0 91.227.122.90.80 > x.x.x.x.35714: S 3170841931:3170841931(0) ack 4036991100 win 5840
535: 17:52:33.064190 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 209
536: 17:53:09.887390 802.1Q vlan#2 P0 192.168.16.6.1026 > 192.168.113.2.1822: . ack 2934231246 win 65171
537: 17:53:12.554857 802.1Q vlan#1 P0 192.168.113.2.1826 > 192.168.16.24.2222: . ack 972433877 win 0
538: 17:56:46.342297 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
539: 17:56:47.092326 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
540: 17:56:47.842272 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
541: 17:56:48.648236 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
542: 17:56:49.389170 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
543: 17:56:50.139168 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
544: 17:57:13.840181 802.1Q vlan#2 P0 50.22.199.212.80 > x.x.x.x.56495: S 99028886:99028886(0) ack 4216075886 win 16384
545: 17:57:39.906081 802.1Q vlan#2 P0 114.26.202.181.4346 > x.x.x.x.445: S 1063524641:1063524641(0) win 65535
546: 17:57:43.000442 802.1Q vlan#2 P0 114.26.202.181.4346 > x.x.x.x.445: S 1063524641:1063524641(0) win 65535
547: 17:58:13.018858 802.1Q vlan#1 P0 192.168.113.2.1864 > 192.168.16.24.2222: . ack 4207183994 win 0
548: 17:59:39.260194 802.1Q vlan#2 P0 192.168.16.6.88 > 192.168.113.2.1872: . ack 1374926765 win 65535
549: 18:00:04.949566 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
550: 18:00:05.699579 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
551: 18:00:06.449576 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
552: 18:00:44.472158 802.1Q vlan#2 P0 212.70.128.163.2239 >x.x.x.x.445: S 490660798:490660798(0) win 65535
553: 18:00:47.456076 802.1Q vlan#2 P0 212.70.128.163.2239 > x.x.x.x.445: S 490660798:490660798(0) win 65535
554: 18:01:18.987894 802.1Q vlan#2 P0 114.43.54.76.3486 > x.x.x.x.445: S 4082553752:4082553752(0) win 65535
555: 18:01:21.981745 802.1Q vlan#2 P0 114.43.54.76.3486 > x.x.x.x.445: S 4082553752:4082553752(0) win 65535
556: 18:02:33.932477 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 218
557: 18:03:01.819980 802.1Q vlan#2 P0 46.108.60.22.80 > x.x.x.x.30843: S 1487269552:1487269552(0) ack 569782833 win 8192
558: 18:04:43.108270 802.1Q vlan#2 P0 192.168.16.6.389 > 192.168.113.2.1902: . ack 2909854688 win 65130
559: 18:05:26.707894 802.1Q vlan#2 P0 61.160.247.40.6000 > x.x.x.47.3389: S 476708864:476708864(0) win 16384
560: 18:05:26.715813 802.1Q vlan#2 P0 61.160.247.40.6000 > x.x.x.42.3389: S 983564288:983564288(0) win 16384
561: 18:05:26.731941 802.1Q vlan#2 P0 61.160.247.40.6000 > x.x.x.40.3389: S 1910964224:1910964224(0) win 16384
562: 18:06:12.440528 802.1Q vlan#2 P0 192.168.16.6.1026 > 192.168.113.2.1899: . ack 3842669121 win 64563
563: 18:07:27.736488 802.1Q vlan#2 P2 81.196.79.244.40632 > x.x.x.42.445: S 1550760725:1550760725(0) win 65535
564: 18:07:30.656155 802.1Q vlan#2 P2 81.196.79.244.40632 > x.x.x.42.445: S 1550760725:1550760725(0) win 65535
565: 18:07:33.054654 802.1Q vlan#1 P0 192.168.113.2.138 > 192.168.113.255.138: udp 209
566: 18:08:13.949017 802.1Q vlan#1 P0 192.168.113.2.1915 > 192.168.16.24.2222: . ack 1717558933 win 0
567: 18:08:56.271973 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
568: 18:08:57.021956 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
569: 18:08:57.771902 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
570: 18:08:58.593307 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
571: 18:08:59.334394 802.1Q vlan#1 P0 192.168.113.2.137 > 192.168.113.255.137: udp 50
572: 18:09:00.0843

Cisco ASA 5505 - 1st VPN works, 2nd VPN can't get traffic across

This is my first Cisco configuration ever so go easy on me. A lot of the commands that I used here I don't really understand. I got them from Googling configs. I have the need for more than one VPN on this thing, and I've been fighting with this thing for hours today without any luck.
The first VPN I setup, labeled vpn1 here works perfectly. I connect via the public IP on the DSL and I can get traffic to my 192.168.1.0/24 network without any problems.
I pretty much duplicated the configuration for the 2nd VPN, just replacing my 192.168.1.0/24 subnet w/ the network connected to a third interface on the ASA (10.4.0.0 255.255.240.0). I successfully make connection to this VPN, but I cannot get traffic to traverse the VPN. I'm using the address 10.4.0.1 to test pings. The ASA itself can ping 10.4.0.1 as that interface of the ASA has 10.4.13.10 255.255.240.0, which is the same subnet (range is 10.4.0.0 - 10.4.15.255).
Here is my config (edited for names and passwords)
ciscoasa# show run
: Saved
ASA Version 8.2(5)
hostname ciscoasa
enable password ********** encrypted
passwd ********** encrypted
names
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
switchport access vlan 3
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
pppoe client vpdn group ISP_DSL
ip address pppoe setroute
interface Vlan3
no forward interface Vlan1
nameif private
security-level 100
ip address 10.4.13.10 255.255.240.0
ftp mode passive
access-list 100 extended permit icmp any any
access-list nonat remark ACL for Nat Bypass
access-list nonat extended permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list nonat extended permit ip 10.4.0.0 255.255.240.0 192.168.3.0 255.255.255.0
access-list vpn_SplitTunnel remark ACL for VPN Split Tunnel
access-list vpn_SplitTunnel standard permit 192.168.1.0 255.255.255.0
access-list vpn_SplitTunnel standard permit 10.4.0.0 255.255.240.0
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1492
mtu private 1500
ip local pool vpn1pool 192.168.2.100-192.168.2.110
ip local pool vpn2pool 192.168.3.100-192.168.3.110
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list nonat
nat (inside) 1 0.0.0.0 0.0.0.0
nat (private) 0 access-list nonat
access-group 100 in interface outside
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set strong-des esp-3des esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map dynmap 30 set transform-set strong-des
crypto map vpn1 65535 ipsec-isakmp dynamic dynmap
crypto map vpn1 interface outside
crypto map vpn2 65535 ipsec-isakmp dynamic dynmap
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 11
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 inside
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 10
console timeout 0
vpdn group ISP_DSL request dialout pppoe
vpdn group ISP_DSL localname [email protected]
vpdn group ISP_DSL ppp authentication chap
vpdn username [email protected] password **********
dhcp-client update dns
dhcpd auto_config outside
dhcpd address 192.168.1.100-192.168.1.200 inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
group-policy vpn2 internal
group-policy vpn2 attributes
vpn-idle-timeout 120
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value vpn_SplitTunnel
group-policy vpn1 internal
group-policy vpn1 attributes
vpn-idle-timeout 120
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value vpn_SplitTunnel
username cssadmin password ********** encrypted
username vpn2user password ********** encrypted
username vpn1user password ********** encrypted
tunnel-group vpn1-VPN type remote-access
tunnel-group vpn1-VPN general-attributes
address-pool vpn1pool
default-group-policy vpn1
tunnel-group vpn1-VPN ipsec-attributes
pre-shared-key **********
tunnel-group vpn2-VPN type remote-access
tunnel-group vpn2-VPN general-attributes
address-pool vpn2pool
default-group-policy vpn2
tunnel-group vpn2-VPN ipsec-attributes
pre-shared-key *****
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:f5137c68c4b4a832c9dff8db808004ae
: end
Theories: after fighting with it for a while and having another guy in my office look at it, we decided that the problem is probably that even though the pings are probably reaching 10.4.0.1, they have no route back to my VPN subnet 192.168.3.0/24. I contacted the admins of the 10.4.0.0 network and asked if they could add a route to 192.168.3.0/24 via 10.4.13.10, but he said there is no router of default gateway on the network to even configure.
So, what do I do? Maybe NAT the VPN traffic? If that is the correct answer, what lines would I put/change in the config to NAT that traffic.
I'm assuming the reason the 1st VPN works is because the ASA is the default gateway for the inside 192.168.1.0/24 network.
Thanks in advance for any insight you can provide.

Hello Belnet,
What do the logs show from the ASA.
Can you post them ??
Any other question..Sure..Just remember to rate all of the community answers.
Julio

Can't get Internet working on ASA 5525X

Hello
i have a ASA 5525x
im in testing proccess and cant make internet routing working
im routing between 2 private ip cuz outside interface is connected to the lab switch.
im able to ping anything from ASDM als i tried packet tracer using the ip that assigned to the end-user and it is working fro asa but not on the win7 machine .
after enabing logging on asa i got asa teardown the icmp connection (when trying to ping 8.8.8.8)
any ideas why ?
ASA Version 9.0(2)
hostname MIKUNI-LA-ASA1
enable password nsi9HaIu8epX9MzI encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address 172.30.200.100 255.255.255.0
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 10.10.10.1 255.255.255.0
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/4
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/5
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/6
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/7
shutdown
no nameif
no security-level
no ip address
interface Management0/0
management-only
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
banner motd
banner motd !!!!!!!!!!!!!!!DO NOT LOGON!!!!!!!!!!!!!!!
boot system disk0:/asa902-smp-k8.bin
ftp mode passive
dns domain-lookup inside
dns domain-lookup outside
dns server-group DefaultDNS
name-server 8.8.8.8
same-security-traffic permit intra-interface
object network internet
host 172.30.200.100
pager lines 24
logging enable
logging trap errors
logging asdm informational
mtu management 1500
mtu inside 1500
mtu outside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-712-102.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (inside,inside) source dynamic any interface dns
route outside 0.0.0.0 0.0.0.0 172.30.200.1 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication http console LOCAL
aaa authentication serial console LOCAL
aaa authentication ssh console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
sysopt noproxyarp inside
sysopt noproxyarp outside
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl encryption rc4-sha1
username admin password y9JC1OmYlTqCYCh5 encrypted privilege 15
username neocomp password zEZJ79.tgPiYxCsz encrypted privilege 15
class-map inside-class
match default-inspection-traffic
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
policy-map inside-policy
class inside-class
inspect dns
inspect ftp
inspect h323 h225
inspect h323 ras
inspect http
inspect icmp
inspect ip-options
inspect ipsec-pass-thru
service-policy global_policy global
service-policy inside-policy interface inside
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:e8f3db05e9bce814811bac225d27ded8
: end

didnt work
Itried clean configuration but its still same thing cant get to the internet thru firewall
from asa i can ping everything but from end-user side it show DNS is not responding and i can not ping the outside interface on ASA
ASA Version 9.0(2)
hostname MIKUNI-LA-ASA2
enable password 8Ry2YjIyt7RRXU24 encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface GigabitEthernet0/0
nameif OUTSIDE
security-level 0
ip address dhcp setroute
interface GigabitEthernet0/1
nameif INSIDE
security-level 100
ip address 192.168.100.1 255.255.255.0
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/4
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/5
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/6
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/7
shutdown
no nameif
no security-level
no ip address
interface Management0/0
management-only
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
banner motd !!!!!!!!!!!!!!!DO NOT LOGON!!!!!!!!!!!!!!!
boot system disk0:/asa902-smp-k8.bin
ftp mode passive
dns domain-lookup OUTSIDE
dns domain-lookup INSIDE
dns server-group DefaultDNS
name-server 8.8.8.8
object network Internet
subnet 192.168.100.0 255.255.255.0
pager lines 24
logging enable
logging console warnings
logging asdm informational
mtu management 1500
mtu OUTSIDE 1500
mtu INSIDE 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-712-102.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
object network Internet
nat (any,OUTSIDE) dynamic interface dns
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication http console LOCAL
aaa authentication serial console LOCAL
aaa authentication ssh console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet timeout 5
ssh timeout 5
console timeout 0
dhcp-client client-id interface OUTSIDE
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl encryption rc4-sha1
username admin password y9JC1OmYlTqCYCh5 encrypted privilege 15
username neocomp password zEZJ79.tgPiYxCsz encrypted privilege 15
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:8659ad01179820e90e68d3725961dc2c

Cisco ACS 4.2.1.15 for Windows and Network Access Profiles

We are attempting to configure ACS 4.2.1.15 on Windows Server 2008 Member Server. Initially I only have the need to authenticate Network Admins for device administration and authenticate Windows AD groups using PEAP authentication. The general problem that I am having is that if I configure a Cisco 1200 Access Point for PEAP and also setup The Access Point for Radius authentication pointed to the ACS server it always maps to the the first Network Access Profile and rather than it trying the second it will error sayiing some condition is not met depending on what changes I make. Can someone tell me what the criteria that is used to determine what NAP is used? According to the manual if all 4 criteria are not met then the Profile will not apply.
I am using one ACS group that is mapped to an AD group for Wireless Access and a Second ACS group mapped to an AD group that includes the Net Admins. This group mapping appers to be working as the user group name seems to mapped correctly in the logs. In short I have tried only configuring the Wireless NAP to only Allow EAP authentication using PEAP EAP-MSCHAPv2 and the Netadmins profile to include all protocols. Bascially what happens is if I have the Wireless NAP first it works fine for PEAP authentication on Wireless but if I try to administer the access point and provide credentials I get a message in the failed log that the authentication profile is not allowed in this Network Access Profile. Why does this not just go onto the next Network Access profile?
I am familiar with version 3.2 but it does not seem to work the same.
Any help would be appreciated on what I am missing.
Thanks

Hi Surenda,
Thanks for your reply. Nop, there is no WLC yet, but the WLC will be installed shortly.
Thanks,
Jean Paul

ACS 4.2.1.15 Upgrade: no more web access

Hi,
I upgraded my ACS 4.2 on a Windows 2003 R2 Standard Edition SP2 Server to 4.2.1.15.9. The server seems to be running, I see that it is able to authenticate and authorize my logins and commands on Cisco devices. However when I try to launch the web access from the desktop of the server either with https://<ip adress>:2002 or https://127.0.0.1:2002 I get a message that the website cannot be displayed. When I nmap the server I see that port 2002 is open.
Does anybody have an idea or a special trick how to reenable my web access?
Thanks in advance.
Mat

Try http:// address>:2002 instead of https. ;-)
Regards,
Gurpreet S Puri
Keep Smiling, Peace :)
(Please Rate Helpful Post)

Cisco ACS - HOW ARE INTERNAL USER'S RESTRICTED IN THEIR ACCESS TO RESOURCES

Does anyone have any insight into this process. Please advise.

Hi Eduardoaliaga,
I believe that when we are using PAP as the authentication protocol, the ACS is able to strip the domian prefix. However, my side is using the PEAP MsChapv2 as the authentication protocol and I believe that the TLS tunnel is prevent the ACS from stripping the domain prefix/sufix. Thus, I have also posted another discussion on the issue of when the authentication protocol of PEAP MsChapv2 is used, ACS is not able to strip the domain prefix/sufix. Thus, would you be also able to advice on if that is correct. Please refer to the links below.
1) https://supportforums.cisco.com/thread/2061835
2) http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.3/user/guide/eap_pap_phase_ps9911_TSD_Products_User_Guide_Chapter.html#wp1031191
3) https://supportforums.cisco.com/message/3581951#3581951
Thks and Rgds

Can't get SNMP data from ASA's AIP 10 IPS module

Hi,
I have just had the AIP 10 IPS module installed onto my ASA 5520. I have now setup the SNMP and my SNMP server (solarwinds) can detect the CPU, Memory and sensors to monitor.
The problem I have is the SNMP server is getting data form the sensors but not data from the CPU or memory mibs, is something denying this from the IPS?

The following are some IDS mibs, Cisco forgot to link them on the MIBs page located at http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
ftp://ftp-sj.cisco.com/pub/mibs/v2/CISCO-ENHANCED-MEMPOOL-MIB.my
ftp://ftp-sj.cisco.com/pub/mibs/v2/CISCO-PROCESS-MIB.my
ftp://ftp-sj.cisco.com/pub/mibs/v2/CISCO-CIDS-MIB.my
ftp://ftp-sj.cisco.com/pub/mibs/oid/CISCO-CIDS-MIB.oid
ftp://ftp-sj.cisco.com/pub/mibs/oid/CISCO-ENHANCED-MEMPOOL-MIB.oid
Here is the forula we are using to get the memory utlization percentage(in BMC Dashboard):
average ( select 1.3.6.1.4.1.9.9.221.1.1.1.1.8 ) / ( average ( select 1.3.6.1.4.1.9.9.221.1.1.1.1.8 ) + average ( select 1.3.6.1.4.1.9.9.221.1.1.1.1.7 ) ) * 100
Which translates to:
average ( select cempmempoolfree ) / ( average ( select cempmempoolfree ) + average ( select cempmempoolused ) ) * 100
I'm unable to find the formula for the CPU, but try loading the PROCESS mib for that.
average ( select 1.3.6.1.4.1.9.9.109.1.1.1.1.5 )
Please rate if helpful.
Regards
Farrukh

ASA 5510 - how many concurrent VOIP calls can pass through?

Hi all,
I wonder how many concurrent VOIP calls can handle Cisco ASA 5510, any idea?
Gegham

hi Gegham,
Basically what the values of 50,000 and 130000 connections indicate are lab values tested with 80% TCP and 20% udp traffic. (according to table a-2 in the doc below)
http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/specs.html#wp1170941
RTP is udp traffic but in case of an asa and considering a customer scenario what happens is...
1 voip call = 1 control connection (h323,sip,sccp) + 2 or 4 rtp connections
-so a call will in total easily consume 5 or more connections depending on control connections you have set up .
-also this number differs depending on if the call is voice only or video.
So to simply answer your questions...
1>the number of connections that a call consumes depends on the above factors.
2>Also there is no hard number on the number of calls an asa can handle because this depends on the controls you use ...including nat and inspections.
Thanks,
Karthik

ACS 5.1, ASA 8.2.2, AD, Device Access. Can't get it to work...

Similar Messages

Maybe you are looking for