No Internet access

Hi everybody,
I am unable to access internet with one of the vlan. i have two vlans
VLAN 2   192.168.1.0
VLAN 8   172.168.1.0
When i am on vlan 2 i can access to internet. when i work with vlan 8, i cannot access to internet. As a matter of fact VLAN 8 (172.168.1.0) is new. I need to know what else i need to configure to get access. the following is the configuration of my cisco ASA firewall. Any help will be apprieciated.
Thanks
hostname abcASA1
domain-name abc.com
enable password .4rNnGSuheRe encrypted
passwd 2KFQnbNIdI.2K encrypted
names
name 192.168.1.3 Email_DNS
name 192.168.1.4 SQLServer
name 192.168.2.2 VPN_3005
name 192.168.2.0 DMZ_Subnet
name 192.168.3.0 VPN_Subnet
name 192.168.1.0 Inside_Subnet
name 192.168.3.5 VPNNET_DNS
name 128.8.10.90 D_Root
name 192.5.5.241 F_Root
name 198.41.0.10 J_Root
name 192.33.4.12 C_Root
name 193.0.14.129 K_Root
name 198.32.64.12 L_Root
name 192.36.148.17 I_Root
name 192.112.36.4 G_Root
name 128.63.2.53 H_Root
name 128.9.0.107 B_Root
name 198.41.0.4 A_Root
name 202.12.27.33 M_Root
name 192.203.230.10 E_Root
name 12.183.68.51 ATT_DNS_2
name 12.183.68.50 ATT_DNS_1
name 192.168.1.6 FileServer_NAS
name 192.168.2.6 abc_WEB
name 199.130.197.153 CA_Mgmt_USDA
name 199.130.197.19 CA_Roaming_USDA
name 199.130.214.49 CA_CRLChk_USDA
name 199.134.134.133 CA_Mgmt_USDA_
name 199.134.134.135 CA_Roaming_USDA2
name 192.168.2.9 PublicDNS2
name 192.168.2.8 PublicDNS
name 192.168.1.11 abc02EX2
name 162.140.109.7 GPO_PKI_DIR
name 162.140.9.10 GPO_PKI
name 192.168.1.12 Patchlink
name 192.168.1.10 abcSLIMPS1
name 192.168.1.7 FileServer_DNS
name 192.168.1.15 abc06ex2
name 192.168.101.0 NEW_VPN_SUBNET
name 192.168.77.0 NEW_VPN_POOL description NEW_VPN_POOL
name 192.168.1.16 VTC description LifeSize VTC
name 12.18.13.16 VTC_Outside
name 192.168.2.50 Email_Gateway
name 192.168.1.20 Exch10
name 192.168.1.8 SharePoint
name 192.168.1.19 abc09ic description Web Servr
name 192.168.1.180 ExternalDNS
name 192.168.2.223 abc11ids
name 192.168.50.0 inside_new_Network
dns-guard
interface Vlan1
nameif outside
security-level 0
ip address 12.18.13.20 255.255.255.0
interface Vlan2
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
interface Vlan3
nameif dmz
security-level 10
ip address 192.168.2.1 255.255.255.0
interface Vlan4
nameif vpnnet
security-level 75
ip address 192.168.3.1 255.255.255.0
interface Vlan5
nameif asainside
security-level 50
ip address 192.168.4.1 255.255.255.0
interface Vlan6
nameif testinside
security-level 50
ip address 192.168.5.1 255.255.255.0
ipv6 address 2001:ab1:5::/64 eui-64
interface Vlan7
description New Local Area Network for Server
nameif inside_new
security-level 50
ip address 192.168.50.1 255.255.255.0
interface Vlan8
description abcdone Server VLAN
nameif Internal_LAN
security-level 100
ip address 172.168.1.254 255.255.255.0
interface Vlan16
description out of band
nameif oobnet
security-level 100
ip address 172.16.1.1 255.255.255.0
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
speed 100
duplex full
interface Ethernet0/2
switchport access vlan 3
interface Ethernet0/3
switchport access vlan 7
interface Ethernet0/4
interface Ethernet0/5
switchport trunk allowed vlan 1-10
switchport mode trunk
interface Ethernet0/6
interface Ethernet0/7
boot system disk0:/asa802-k8.bin
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns domain-lookup inside
dns domain-lookup vpnnet
dns server-group DefaultDNS
name-server 192.168.1.2
name-server Email_DNS
domain-name abc.com
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group network Inside_Server_Group
description EmailServer, FileServer, SQLServer
network-object Email_DNS 255.255.255.255
network-object SQLServer 255.255.255.255
network-object 192.168.1.2 255.255.255.255
network-object FileServer_NAS 255.255.255.255
network-object host abc02EX2
network-object host abc06ex2
object-group network Inside_Server_Group_ref
network-object 192.168.3.73 255.255.255.255
network-object 192.168.3.74 255.255.255.255
network-object 192.168.3.72 255.255.255.255
network-object 192.168.3.76 255.255.255.255
object-group service DNS tcp-udp
description DNS Service both TCP/UDP
port-object eq domain
object-group network InternetDNS
network-object A_Root 255.255.255.255
network-object B_Root 255.255.255.255
network-object C_Root 255.255.255.255
network-object D_Root 255.255.255.255
network-object E_Root 255.255.255.255
network-object F_Root 255.255.255.255
network-object G_Root 255.255.255.255
network-object H_Root 255.255.255.255
network-object I_Root 255.255.255.255
network-object J_Root 255.255.255.255
network-object K_Root 255.255.255.255
network-object L_Root 255.255.255.255
network-object M_Root 255.255.255.255
network-object ATT_DNS_2 255.255.255.255
network-object ATT_DNS_1 255.255.255.255
object-group network USDA-PKI-Users
description GAO PKI User Group
network-object 192.168.1.51 255.255.255.255
network-object 192.168.1.52 255.255.255.255
network-object 192.168.1.53 255.255.255.255
network-object 192.168.1.54 255.255.255.255
network-object 192.168.1.55 255.255.255.255
network-object 192.168.1.56 255.255.255.255
network-object 192.168.1.57 255.255.255.255
network-object 192.168.1.58 255.255.255.255
network-object 192.168.1.59 255.255.255.255
network-object 192.168.1.60 255.255.255.255
network-object host 192.168.1.61
network-object host 192.168.1.62
network-object host 192.168.1.63
object-group network CITABCDAS
network-object 192.168.3.241 255.255.255.255
network-object 192.168.3.242 255.255.255.255
network-object 192.168.3.243 255.255.255.255
network-object 192.168.3.244 255.255.255.255
network-object 192.168.3.245 255.255.255.255
network-object VPNNET_DNS 255.255.255.255
object-group service Virginia.edu tcp
description blackboard java classroom
port-object range 8010 8012
object-group network PDASB1-VPN-Inside
network-object host abcPLIasd1
network-object host 192.168.3.10
object-group service http-https tcp
port-object range https https
port-object range www www
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
object-group service VTC tcp-udp
description LifeSize
port-object range 60000 64999
object-group service DM_INLINE_TCP_1 tcp
port-object eq 3268
port-object eq ldap
object-group service EmailGateway udp
description TrustManager
port-object eq 19200
port-object eq 8007
object-group service DM_INLINE_TCP_2 tcp
port-object eq 990
port-object eq ftp
port-object range 2000 5000
object-group service Barracuda tcp
port-object eq 5124
port-object eq 5126
object-group service barracuda udp
port-object eq 5124
port-object eq 5126
object-group service IMAP tcp
port-object eq 993
port-object eq imap4
object-group service DM_INLINE_SERVICE_0
service-object tcp eq domain
service-object udp eq domain
access-list inside_access_in extended permit ip any any
access-list inside_access_in extended permit object-group TCPUDP any object-group InternetDNS object-group DNS
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_0 any host 12.18.13.222
access-list outside_access_in remark Website
access-list outside_access_in extended permit tcp any host 12.18.13.19 eq 8090
access-list outside_access_in remark Allow ICMP replies to inside
access-list outside_access_in extended permit icmp any host 12.18.13.21 echo-reply
access-list outside_access_in remark VTC
access-list outside_access_in extended permit tcp any host VTC_Outside eq h323
access-list outside_access_in remark VTC
access-list outside_access_in extended permit object-group TCPUDP any host VTC_Outside eq sip
access-list outside_access_in extended permit icmp any host VTC_Outside
access-list outside_access_in remark Barracuda
access-list outside_access_in extended permit tcp any host 192.168.1.25 object-group Barracuda
access-list outside_access_in remark Barracuda
access-list outside_access_in extended permit udp any host 192.168.1.25 object-group barracuda
access-list outside_access_in remark VTC
access-list outside_access_in extended permit udp any host VTC_Outside range 60000 64999
access-list outside_access_in remark VTC
access-list outside_access_in extended permit tcp any host VTC_Outside range 60000 64999
access-list outside_access_in remark for Public DNS2
access-list outside_access_in extended permit udp any host 12.18.13.223 eq domain
access-list outside_access_in remark for Public DNS2
access-list outside_access_in extended permit tcp any host 12.18.13.223 eq domain
access-list outside_access_in extended permit tcp any gt 1023 host 12.18.13.224 eq www
access-list outside_access_in remark NTP from Router to DMZ
access-list outside_access_in extended permit udp host 12.18.13.1 host 12.18.13.15 eq ntp
access-list outside_access_in remark Syslog from Router
access-list outside_access_in extended permit udp host 12.18.13.1 gt 1023 host 12.18.13.13 eq syslog
access-list outside_access_in remark Inbound Email SMTP to DMZ Host 192.168.2.50
access-list outside_access_in extended permit tcp any gt 1023 host 12.18.13.13 eq smtp
access-list outside_access_in remark VPNNET IPSec ESP
access-list outside_access_in extended permit esp any host 12.18.13.31
access-list outside_access_in remark VPNNET IPSec AH
access-list outside_access_in extended permit ah any host 12.18.13.31
access-list outside_access_in remark VPNNET IPSec Port 4500
access-list outside_access_in extended permit udp any eq 4500 host 12.18.13.31 eq 4500
access-list outside_access_in remark VPNNET IPSec ISAKMP
access-list outside_access_in extended permit udp any eq isakmp host 12.18.13.31 eq isakmp
access-list outside_access_in remark VPNNET IPSec over UDP port 10000
access-list outside_access_in extended permit udp any eq 10000 host 12.18.13.31 eq 10000
access-list outside_access_in remark Sharepoint1
access-list outside_access_in extended permit tcp any gt 1023 host 12.18.13.42 eq https
access-list outside_access_in extended permit tcp any gt 1023 host 12.18.13.31 eq https
access-list outside_access_in remark Access Rule to Webmail
access-list outside_access_in extended permit tcp any gt 1023 host 12.18.13.32 eq https
access-list outside_access_in remark SLIMPSdev
access-list outside_access_in extended permit tcp any gt 1023 host 12.18.13.33 object-group http-https
access-list outside_access_in remark Inbound Website
access-list outside_access_in extended permit tcp any gt 1023 host 12.18.13.19 eq www
access-list outside_access_in remark Inbound SharePoint
access-list outside_access_in extended permit tcp any gt 1023 host 12.18.13.42 eq www
access-list outside_access_in remark Inbound WEb Traffic to ISA server-SLIMPS
access-list outside_access_in extended permit tcp any gt 1023 host 12.18.13.41 eq www
access-list outside_access_in remark Inbound Secure Web Traffic to ISA server-SLIMPS
access-list outside_access_in extended permit tcp any gt 1023 host 12.18.13.41 eq https
access-list outside_access_in remark Inbound FTP abc_web
access-list outside_access_in extended permit tcp any host 12.18.13.14 object-group DM_INLINE_TCP_2
access-list outside_access_in remark DNS1
access-list outside_access_in remark for Public DNS2
access-list outside_access_in remark for Public DNS2
access-list outside_access_in remark NTP from Router to DMZ
access-list outside_access_in remark Syslog from Router
access-list outside_access_in remark Inbound Email SMTP to DMZ Host 192.168.2.5
access-list outside_access_in remark VPNNET IPSec ESP
access-list outside_access_in remark VPNNET IPSec AH
access-list outside_access_in remark VPNNET IPSec Port 4500
access-list outside_access_in remark VPNNET IPSec ISAKMP
access-list outside_access_in remark VPNNET IPSec over UDP port 10000
access-list outside_access_in remark Inbound WEb Traffic to Facilitate Web Server in DMZ
access-list outside_access_in remark Inbound Secure Web Traffic to Facilitate Web Server in DMZ
access-list outside_access_in remark Access Rule to FE Server
access-list outside_access_in remark SLIMPSdev
access-list outside_access_in remark Inbound WEb Traffic to ISA server-SLIMPS
access-list outside_access_in remark Inbound Secure Web Traffic to ISA server-SLIMPS
access-list outside_access_in remark Inbound port 93 to ISA server-SLIMPS
access-list outside_access_in remark Explicit Deny All
access-list vpnnet_access_in remark Patrica RDP
access-list vpnnet_access_in extended permit tcp VPN_Subnet 255.255.255.0 host 192.168.1.53 eq 3389
access-list vpnnet_access_in remark Berry RDP
access-list vpnnet_access_in extended permit tcp VPN_Subnet 255.255.255.0 host 192.168.1.51 eq 3389
access-list vpnnet_access_in remark John Tsai RDP
access-list vpnnet_access_in extended permit tcp VPN_Subnet 255.255.255.0 host 192.168.1.156 eq 3389
access-list vpnnet_access_in remark Chopper RDP
access-list vpnnet_access_in extended permit tcp VPN_Subnet 255.255.255.0 host 192.168.1.128 eq 3389
access-list vpnnet_access_in remark Ms Ballard RDP
access-list vpnnet_access_in extended permit tcp VPN_Subnet 255.255.255.0 host 192.168.1.58 eq 3389
access-list vpnnet_access_in remark Wakita
access-list vpnnet_access_in extended permit tcp VPN_Subnet 255.255.255.0 host 192.168.1.153 eq 3389
access-list vpnnet_access_in remark Amy RDP
access-list vpnnet_access_in extended permit tcp VPN_Subnet 255.255.255.0 host 192.168.1.124 eq 3389
access-list vpnnet_access_in remark KC RDP
access-list vpnnet_access_in extended permit tcp VPN_Subnet 255.255.255.0 host 192.168.1.57 eq 3389
access-list vpnnet_access_in remark Eyang RDP
access-list vpnnet_access_in extended permit tcp VPN_Subnet 255.255.255.0 host 192.168.1.161 eq 3389
access-list vpnnet_access_in remark SLIMPS doc
access-list vpnnet_access_in extended permit tcp VPN_Subnet 255.255.255.0 host 192.168.1.13 eq 3389
access-list vpnnet_access_in extended deny ip any any
access-list vpnnet_access_in remark for SLIMPS APP
access-list vpnnet_access_in remark for SLIMPS APP
access-list vpnnet_access_in remark for SLIMPS APP
access-list vpnnet_access_in remark FOR SLIMPS Application
access-list vpnnet_access_in remark SLIMPS Production Workflow
access-list vpnnet_access_in remark SLIMPS
access-list vpnnet_access_in remark FOR SLIMPS Application
access-list vpnnet_access_in remark SLIMPS VPN access to SLIMPSTEST2 Alpha website
access-list vpnnet_access_in remark SLIMPS VPN access to abc02SLIMPS1
access-list vpnnet_access_in remark SLIMPS VPN access to abc02SLIMPS2
access-list vpnnet_access_in remark for abc06SLIMPS1
access-list vpnnet_access_in remark for abc06SLIMPS1
access-list vpnnet_access_in remark VPNNET Windows Port 135 Netbios
access-list vpnnet_access_in remark VPNNET Windows Port 137 Netbios Name Service
access-list vpnnet_access_in remark VPNNET Windows Port 138 Netbios Datagram
access-list vpnnet_access_in remark VPNNET Windows Port 139 Netbios Session Service
access-list vpnnet_access_in remark VPNNET Windows Port 445 Server Message Block
access-list vpnnet_access_in remark VPNNET Windows Port 389 Lightweight Directory Access Protocol
access-list vpnnet_access_in remark VPNNET Windows Port 389 Lightweight Directory Access Protocol
access-list vpnnet_access_in remark VPNNET Windows Port 88 Kerberos
access-list vpnnet_access_in remark VPNNET Windows Port 88 Kerberos
access-list vpnnet_access_in remark VPNNET Windows Port 1433 Windows Sql Server
access-list vpnnet_access_in remark VPNNET Windows Port 9000 Static RPC Port
access-list vpnnet_access_in remark VPNNET Windows Port 9000 Static RPC Port
access-list vpnnet_access_in remark VPNNET Windows Port 9001 Static RPC Port
access-list vpnnet_access_in remark VPNNET Windows Port 9001 Static RPC Port
access-list vpnnet_access_in remark VPNNET Windows Port 4000 Status NTDS Port
access-list vpnnet_access_in remark VPNNET Windows TCP Domain Name Service
access-list vpnnet_access_in remark VPNNET Windows UDP Domain Name Service
access-list vpnnet_access_in remark VPNNET DNS Forwarding to DMZ DNS
access-list vpnnet_access_in remark VPNNET DNS Forwarding to DMZ DNS
access-list vpnnet_access_in remark VPNNET DNS Forwarding to DMZ DNS
access-list vpnnet_access_in remark VPNNET DNS Forwarding to DMZ DNS
access-list vpnnet_access_in remark VPNNET Outbound Web
access-list vpnnet_access_in remark VPNNET Outbound Secure Web
access-list vpnnet_access_in remark VPNNET Outbound FTP
access-list vpnnet_access_in remark VPNNET ICMP Echo
access-list vpnnet_access_in remark VPNNET ICMP Echo-Reply
access-list vpnnet_access_in remark RDP for ISA
access-list vpnnet_access_in remark Allow access after Exemption from nat to inside network
access-list vpnnet_access_in remark talin test
access-list dmz_access_in remark isa to SLIMPS1 vote portal
access-list dmz_access_in extended permit tcp host 192.168.2.20 host 192.168.2.10 eq 8200
access-list dmz_access_in extended permit udp host 192.168.2.101 host 12.18.13.1 eq ntp
access-list dmz_access_in remark ISA to SLIMPS Dev
access-list dmz_access_in extended permit tcp host 192.168.2.14 host 12.18.13.33 eq www inactive
access-list dmz_access_in remark ClearSwift TRUSTmanager Reputations server &
access-list dmz_access_in remark Broadcasting of greylisting data to peer Gateway
access-list dmz_access_in extended permit udp host Email_Gateway any eq 8007
access-list dmz_access_in remark ClearSwift TRUSTmanager Reputations server &
access-list dmz_access_in remark Broadcasting of greylisting data to peer Gateway
access-list dmz_access_in extended permit udp host Email_Gateway any eq 19200
access-list dmz_access_in remark NTP Email Gateway
access-list dmz_access_in extended permit udp host Email_Gateway gt 1023 host FileServer_DNS eq ntp
access-list dmz_access_in remark FTP
access-list dmz_access_in extended permit tcp host Email_Gateway host FileServer_DNS eq ftp
access-list dmz_access_in remark ldap
access-list dmz_access_in extended permit udp host Email_Gateway gt 1023 host 192.168.2.78
access-list dmz_access_in remark ldap
access-list dmz_access_in extended permit udp host SharePoint gt 1023 host 192.168.2.78
access-list dmz_access_in remark HTTP for Email_Gateway
access-list dmz_access_in extended permit object-group TCPUDP host Email_Gateway host FileServer_DNS object-group DNS
access-list dmz_access_in remark HTTP for Email_Gateway
access-list dmz_access_in extended permit tcp host Email_Gateway host FileServer_DNS eq ldap
access-list dmz_access_in remark HTTP for Email_Gateway
access-list dmz_access_in extended permit tcp host Email_Gateway gt 1023 host 192.168.2.78 eq www inactive
access-list dmz_access_in remark HTTPS access to the Clearswift Update Server
access-list dmz_access_in extended permit tcp Inside_Subnet 255.255.255.0 gt 1023 host Email_Gateway eq https inactive
access-list dmz_access_in remark HTTP for SharePoint
access-list dmz_access_in extended permit tcp host SharePoint host FileServer_DNS eq ldap
access-list dmz_access_in remark LDAP Communication for Email Gateway
access-list dmz_access_in extended permit tcp host Email_Gateway gt 1023 host 192.168.2.78 object-group DM_INLINE_TCP_1
access-list dmz_access_in remark LDAP Communication
access-list dmz_access_in extended permit tcp host SharePoint gt 1023 host 192.168.2.78 eq 3268
access-list dmz_access_in remark DMZ DNS Forwarding to Outside
access-list dmz_access_in extended permit udp host PublicDNS object-group InternetDNS object-group DNS
access-list dmz_access_in remark DMZ DNS Forwarding to Outside for Email Gateway
access-list dmz_access_in extended permit udp host Email_Gateway gt 1023 object-group InternetDNS object-group DNS
access-list dmz_access_in remark DMZ ISA DNS Forwarding to Outside
access-list dmz_access_in extended permit udp host 192.168.2.15 gt 1023 object-group InternetDNS object-group DNS
access-list dmz_access_in remark DMZ DNS Forwarding to Outside
access-list dmz_access_in extended permit udp host SharePoint gt 1023 object-group InternetDNS object-group DNS
access-list dmz_access_in remark DMZ DNS Forwarding to UUNET DNS (Zone Tranfer)
access-list dmz_access_in extended permit udp host abc_WEB gt 1023 object-group InternetDNS object-group DNS
access-list dmz_access_in remark DMZ DNS Forwarding to Outside for Email Gateway
access-list dmz_access_in extended permit tcp host Email_Gateway gt 1023 object-group InternetDNS object-group DNS
access-list dmz_access_in remark DMZ DNS Forwarding to Outside
access-list dmz_access_in extended permit tcp host SharePoint gt 1023 object-group InternetDNS object-group DNS inactive
access-list dmz_access_in remark DMZ DNS Forwarding to UUNET DNS (Zone Tranfer)
access-list dmz_access_in extended permit tcp host PublicDNS gt 1023 any eq https
access-list dmz_access_in remark DMZ DNS Forwarding to UUNET DNS (Zone Tranfer)
access-list dmz_access_in extended permit tcp host PublicDNS2 gt 1023 any eq https
access-list dmz_access_in remark DMZ DNS Outbound https Web
access-list dmz_access_in extended permit tcp host abc_WEB gt 1023 object-group InternetDNS object-group DNS inactive
access-list dmz_access_in remark (DENY) DMZ DNS to DMZ Inside Email Static Address
access-list dmz_access_in extended permit udp host PublicDNS gt 1023 object-group InternetDNS object-group DNS
access-list dmz_access_in remark Public DNS server.
access-list dmz_access_in extended permit tcp host PublicDNS2 gt 1023 object-group InternetDNS object-group DNS
access-list dmz_access_in remark Public DNS Server
access-list dmz_access_in extended permit tcp host PublicDNS gt 1023 any eq www
access-list dmz_access_in remark Public DNS Server
access-list dmz_access_in extended permit tcp host PublicDNS2 gt 1023 any eq www
access-list dmz_access_in remark DMZ Public DNS Outbound Web
access-list dmz_access_in remark DMZ Public DNS Outbound Web
access-list dmz_access_in remark DMZ Public  DNS to Outside
access-list dmz_access_in remark DMZ DNS to Outside
access-list dmz_access_in remark DMZ Public DNS Outbound Web
access-list dmz_access_in extended deny tcp host SharePoint gt 1023 host 192.168.2.73 eq www
access-list dmz_access_in remark (DENY) DMZ DNS to DMZ Inside Email Static Address
access-list dmz_access_in extended deny tcp host abc_WEB gt 1023 host 192.168.2.73 eq www
access-list dmz_access_in remark (DENY) DMZ DNS to DMZ Inside Web Shield Static Address
access-list dmz_access_in extended deny tcp host SharePoint gt 1023 host 192.168.2.75 eq www
access-list dmz_access_in remark (DENY) DMZ DNS to DMZ Inside Web Shield Static Address
access-list dmz_access_in extended deny tcp host abc_WEB gt 1023 host 192.168.2.75 eq www
access-list dmz_access_in remark DMZ DNS FTP for Email Gateway
access-list dmz_access_in extended permit tcp host Email_Gateway gt 1023 any eq ftp
access-list dmz_access_in remark DMZ DNS Outbound Web for Email Gateway
access-list dmz_access_in extended permit tcp host Email_Gateway gt 1023 any eq www
access-list dmz_access_in remark DMZ ISA DNS Outbound Web
access-list dmz_access_in extended permit tcp host 192.168.2.15 gt 1023 any eq www
access-list dmz_access_in remark DMZ DNS Outbound Web
access-list dmz_access_in extended permit tcp host SharePoint gt 1023 any eq www
access-list dmz_access_in remark For Email  Gateway
access-list dmz_access_in extended permit icmp host Email_Gateway host 12.18.13.1
access-list dmz_access_in remark ISA
access-list dmz_access_in extended permit icmp host 192.168.2.15 host 12.18.13.1
access-list dmz_access_in extended permit icmp host SharePoint host 12.18.13.1
access-list dmz_access_in remark DMZ DNS Outbound Web
access-list dmz_access_in extended permit tcp host abc_WEB gt 1023 any eq www
access-list dmz_access_in extended permit tcp host 192.168.2.7 gt 1023 any eq www
access-list dmz_access_in remark (DENY) DMZ DNS Outbound to DMZ Inside Email Static Address
access-list dmz_access_in extended deny tcp host SharePoint gt 1023 host 192.168.2.73 eq ftp inactive
access-list dmz_access_in remark (DENY) DMZ DNS Outbound to DMZ Inside Email Static Address
access-list dmz_access_in extended deny tcp host abc_WEB gt 1023 host 192.168.2.73 eq ftp
access-list dmz_access_in remark DMZ DNS Outbound FTP
access-list dmz_access_in extended permit tcp host SharePoint gt 1023 any eq ftp inactive
access-list dmz_access_in remark DMZ DNS Outbound FTP
access-list dmz_access_in extended permit tcp host abc_WEB gt 1023 any eq ftp
access-list dmz_access_in remark DMZ DNS Inbound Email Relay SMTP
access-list dmz_access_in extended permit tcp host SharePoint host 192.168.2.73 eq smtp
access-list dmz_access_in remark DMZ DNS Inbound Email Gateway SMTP
access-list dmz_access_in extended permit tcp host Email_Gateway host 192.168.2.77 eq smtp
access-list dmz_access_in remark DMZ DNS Inbound Email Gateway SMTP
access-list dmz_access_in extended permit tcp host Email_Gateway host Exch10 eq smtp
access-list dmz_access_in remark DMZ DNS Inbound Email Gateway SMTP
access-list dmz_access_in extended permit tcp host Email_Gateway host abc06ex2 eq smtp
access-list dmz_access_in remark DMZ DNS Inbound Email Relay SMTP
access-list dmz_access_in extended permit tcp host SharePoint host abc06ex2 eq smtp inactive
access-list dmz_access_in remark DMZ DNS Inbound Web Shield Relay SMTP
access-list dmz_access_in extended permit tcp host SharePoint gt 1023 host 192.168.2.75 eq smtp inactive
access-list dmz_access_in remark Mailsweeper access to FE Server
access-list dmz_access_in extended permit tcp host SharePoint gt 1023 host 192.168.2.11 eq smtp inactive
access-list dmz_access_in extended permit tcp host 192.168.2.7 gt 1023 host 192.168.2.73 eq smtp
access-list dmz_access_in extended permit tcp host 192.168.2.7 gt 1023 host 192.168.2.75 eq smtp
access-list dmz_access_in remark DMZ EMail Gateway outbound delivery
access-list dmz_access_in extended permit tcp host Email_Gateway any eq smtp
access-list dmz_access_in remark DMZ Mail Sweeper outbound delivery
access-list dmz_access_in extended permit tcp host SharePoint any eq smtp inactive
access-list dmz_access_in remark (DENY) DMZ DNS Outbound to DMZ Inside Email Static Address
access-list dmz_access_in extended deny tcp host SharePoint gt 1023 host 192.168.2.73 eq https inactive
access-list dmz_access_in remark (DENY) DMZ DNS Outbound to DMZ Inside Email Static Address
access-list dmz_access_in extended deny tcp host abc_WEB gt 1023 host 192.168.2.73 eq https
access-list dmz_access_in remark DMZ DNS Outbound HTTPS for Email Gateway
access-list dmz_access_in extended permit udp host Email_Gateway object-group EmailGateway any eq 8007
access-list dmz_access_in remark DMZ DNS Outbound HTTPS for Email Gateway
access-list dmz_access_in extended permit tcp host Email_Gateway gt 1023 any eq https
access-list dmz_access_in remark DMZ DNS Outbound HTTPS
access-list dmz_access_in extended permit tcp host SharePoint gt 1023 any eq https
access-list dmz_access_in remark DMZ DNS Outbound HTTPS
access-list dmz_access_in extended permit tcp host abc_WEB gt 1023 any eq https inactive
access-list dmz_access_in extended permit tcp host 192.168.2.7 gt 1023 any eq https inactive
access-list dmz_access_in remark DMZ DNS Outbound SMTP to Internet
access-list dmz_access_in extended permit tcp host SharePoint gt 1023 any eq smtp inactive
access-list dmz_access_in remark for ISA
access-list dmz_access_in extended permit tcp host 192.168.2.20 gt 1023 any eq www
access-list dmz_access_in remark for ISA
access-list dmz_access_in extended permit tcp host 192.168.2.20 gt 1023 any eq https
access-list dmz_access_in extended permit object-group TCPUDP host SharePoint Inside_Subnet 255.255.255.0 eq domain
access-list dmz_access_in extended permit icmp host SharePoint Inside_Subnet 255.255.255.0
access-list dmz_access_in extended permit ip host abc11ids any
access-list dmz_access_in extended permit ip Inside_Subnet 255.255.255.0 any
access-list dmz_access_in remark Explicit Rule
access-list dmz_access_in extended deny ip any any
access-list dmz_access_in remark isa to SLIMPS1 vote portal
access-list dmz_access_in remark ISA to SLIMPS Dev
access-list dmz_access_in remark ldap
access-list dmz_access_in remark LDAP Communication
access-list dmz_access_in remark DMZ DNS Forwarding to Outside
access-list dmz_access_in remark DMZ DNS Forwarding to Outside
access-list dmz_access_in remark DMZ DNS Forwarding to UUNET DNS (Zone Tranfer)
access-list dmz_access_in remark DMZ DNS Forwarding to Outside
access-list dmz_access_in remark DMZ DNS Forwarding to UUNET DNS (Zone Tranfer)
access-list dmz_access_in remark DMZ DNS Forwarding to UUNET DNS (Zone Tranfer)
access-list dmz_access_in remark DMZ DNS Outbound https Web
access-list dmz_access_in remark (DENY) DMZ DNS to DMZ Inside Email Static Address
access-list dmz_access_in remark Public DNS server.
access-list dmz_access_in remark Public DNS Server
access-list dmz_access_in remark Public DNS Server
access-list dmz_access_in remark DMZ Public DNS Outbound Web
access-list dmz_access_in remark DMZ Public  DNS to Outside
access-list dmz_access_in remark DMZ DNS to Outside
access-list dmz_access_in remark DMZ Public DNS Outbound Web
access-list dmz_access_in remark (DENY) DMZ DNS to DMZ Inside Email Static Address
access-list dmz_access_in remark (DENY) DMZ DNS to DMZ Inside Web Shield Static Address
access-list dmz_access_in remark (DENY) DMZ DNS to DMZ Inside Web Shield Static Address
access-list dmz_access_in remark DMZ DNS Outbound Web
access-list dmz_access_in remark DMZ DNS Outbound Web
access-list dmz_access_in remark (DENY) DMZ DNS Outbound to DMZ Inside Email Static Address
access-list dmz_access_in remark (DENY) DMZ DNS Outbound to DMZ Inside Email Static Address
access-list dmz_access_in remark (DENY) DMZ DNS Outbound to DMZ Inside Web Shield Static Address
access-list dmz_access_in remark (DENY) DMZ DNS Outbound to DMZ Inside Web Shield Static Address
access-list dmz_access_in remark DMZ DNS Outbound FTP
access-list dmz_access_in remark DMZ DNS Outbound FTP
access-list dmz_access_in remark DMZ DNS Inbound Email Relay SMTP
access-list dmz_access_in remark DMZ DNS Inbound Email Relay SMTP
access-list dmz_access_in remark DMZ DNS Inbound Web Shield Relay SMTP
access-list dmz_access_in remark Mailsweeper access to FE Server
access-list dmz_access_in remark DMZ Mail Sweeper outbound delivery
access-list dmz_access_in remark (DENY) DMZ DNS Outbound to DMZ Inside Email Static Address
access-list dmz_access_in remark (DENY) DMZ DNS Outbound to DMZ Inside Email Static Address
access-list dmz_access_in remark (DENY) DMZ DNS Outbound to DMZ Inside Web Shield Static Address
access-list dmz_access_in remark (DENY) DMZ DNS Outbound to DMZ Inside Web Shield Static Address
access-list dmz_access_in remark DMZ DNS Outbound HTTPS
access-list dmz_access_in remark DMZ DNS Outbound HTTPS
access-list dmz_access_in remark DMZ DNS Outbound SMTP to Internet
access-list dmz_access_in remark for ISA
access-list dmz_access_in remark for ISA
access-list dmz_access_in remark Explicit Deny All
access-list testinside_access_in remark Deny IP Traffic from Test to Production DMZ
access-list testinside_access_in remark Allow all other Traffic to Outside
access-list testinside_access_in remark Deny IP Traffic from Test to Production DMZ
access-list testinside_access_in remark Allow all other Traffic to Outside
access-list vpnnet_nat0_outbound extended permit ip VPN_Subnet 255.255.255.0 Inside_Subnet 255.255.255.0
access-list vpnnet_nat0_outbound extended permit ip VPN_Subnet 255.255.255.0 NEW_VPN_POOL 255.255.255.0
access-list inside_nat0_outbound extended permit ip Inside_Subnet 255.255.255.0 host Email_Gateway
access-list inside_nat0_outbound remark SharePoint
access-list inside_nat0_outbound extended permit ip Inside_Subnet 255.255.255.0 host SharePoint
access-list inside_nat0_outbound extended permit ip Inside_Subnet 255.255.255.0 NEW_VPN_POOL 255.255.255.0
access-list dmz_nat0_outbound remark For Email Gateway
access-list dmz_nat0_outbound extended permit ip host Email_Gateway Inside_Subnet 255.255.255.0
access-list dmz_nat0_outbound remark Sharepoint
access-list dmz_nat0_outbound extended permit ip host SharePoint Inside_Subnet 255.255.255.0
access-list dmz_nat0_outbound extended permit ip DMZ_Subnet 255.255.255.0 NEW_VPN_SUBNET 255.255.255.0
access-list dmz_nat0_outbound extended permit ip DMZ_Subnet 255.255.255.0 NEW_VPN_POOL 255.255.255.0
access-list capture_acl extended permit ip host 12.18.13.33 host 12.18.13.180
access-list capture_acl extended permit ip host 12.18.13.180 host 12.18.13.33
access-list cap_acl extended permit ip host 192.168.2.14 host 12.18.13.180
access-list cap_acl extended permit ip host 12.18.13.180 host 192.168.2.14
access-list 213 extended permit ip host SharePoint host 192.168.2.21
access-list asainside_access_in remark permit traffic from the new ASA
access-list asainside_access_in extended permit ip 192.168.100.0 255.255.255.0 Inside_Subnet 255.255.255.0
access-list asainside_access_in extended permit ip 192.168.4.0 255.255.255.0 Inside_Subnet 255.255.255.0
access-list asainside_nat0_outbound extended permit ip 192.168.100.0 255.255.255.0 Inside_Subnet 255.255.255.0
access-list asainside_nat0_outbound extended permit ip 192.168.4.0 255.255.255.0 Inside_Subnet 255.255.255.0
access-list acl_cap extended permit ip host 192.168.100.1 host 192.168.4.1
access-list acl_cap extended permit ip host 192.168.4.1 host 192.168.100.1
access-list abcdONE_splitTunnelAcl standard permit Inside_Subnet 255.255.255.0
access-list abcdONE_splitTunnelAcl standard permit DMZ_Subnet 255.255.255.0
access-list abcdONE_splitTunnelAcl standard permit 172.16.1.0 255.255.255.0
access-list oobnet_access_in extended permit ip any Inside_Subnet 255.255.255.0
access-list VMman_nat0_outbound extended permit ip 172.16.1.0 255.255.255.0 Inside_Subnet 255.255.255.0
access-list Internal_LAN_access_in extended permit object-group TCPUDP any object-group InternetDNS object-group DNS
access-list Internal_LAN_access_in extended permit ip any any
snmp-map mysnmpmap
pager lines 30
logging enable
logging timestamp
logging monitor informational
logging buffered informational
logging trap debugging
logging history warnings
logging asdm debugging
logging mail informational
logging from-address [email protected]
logging recipient-address [email protected] level errors
logging device-id ipaddress outside
logging host vpnnet VPNNET_DNS
logging host inside abc09ic
logging host inside 192.168.1.60
mtu outside 1500
mtu inside 1500
mtu dmz 1500
mtu vpnnet 1500
mtu asainside 1500
mtu testinside 1500
mtu inside_new 1500
mtu Internal_LAN 1500
mtu oobnet 1500
ip local pool VPNPOOL 192.168.101.1-192.168.101.254 mask 255.255.255.0
ip local pool NEW_VPN_POOL 192.168.77.10-192.168.77.240 mask 255.255.255.0
ip verify reverse-path interface outside
ip verify reverse-path interface inside
ip verify reverse-path interface dmz
ip verify reverse-path interface vpnnet
ip verify reverse-path interface asainside
ip audit name Outside attack action drop
ip audit interface outside Outside
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any outside
asdm image disk0:/asdm-621.bin
asdm history enable
arp outside 12.18.13.20 0024.c4e9.4764
arp timeout 14400
global (outside) 1 12.18.13.21 netmask 255.255.255.255
global (outside) 2 12.18.13.22 netmask 255.255.255.255
global (outside) 3 12.18.13.23 netmask 255.255.255.255
global (outside) 4 12.18.13.24 netmask 255.255.255.255
global (outside) 5 12.18.13.25 netmask 255.255.255.255
global (inside) 1 interface
global (dmz) 1 192.168.2.21 netmask 255.255.255.255
global (dmz) 3 192.168.2.23 netmask 255.255.255.255
global (dmz) 4 192.168.2.24 netmask 255.255.255.255
global (dmz) 5 192.168.2.25 netmask 255.255.255.255
global (vpnnet) 1 192.168.3.21 netmask 255.255.255.255
nat (outside) 1 NEW_VPN_POOL 255.255.255.0
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 Inside_Subnet 255.255.255.0
nat (dmz) 0 access-list dmz_nat0_outbound
nat (dmz) 2 DMZ_Subnet 255.255.255.0
nat (vpnnet) 0 access-list vpnnet_nat0_outbound
nat (vpnnet) 3 VPN_Subnet 255.255.255.0
nat (asainside) 0 access-list asainside_nat0_outbound
nat (asainside) 1 192.168.4.0 255.255.255.0
nat (oobnet) 0 access-list VMman_nat0_outbound
static (dmz,outside) 12.18.13.31 VPN_3005 netmask 255.255.255.255
static (inside,vpnnet) 192.168.3.72 FileServer_DNS netmask 255.255.255.255
static (inside,vpnnet) 192.168.3.74 SQLServer netmask 255.255.255.255
static (inside,vpnnet) 192.168.3.73 Email_DNS netmask 255.255.255.255
static (inside,vpnnet) 192.168.3.76 FileServer_NAS netmask 255.255.255.255 dns
static (inside,vpnnet) 192.168.3.80 abcSLIMPS1 netmask 255.255.255.255 dns
static (inside,dmz) 192.168.2.73 Email_DNS netmask 255.255.255.255
static (inside,dmz) 192.168.2.77 abc06ex2 netmask 255.255.255.255
static (dmz,outside) 12.18.13.13 Email_Gateway netmask 255.255.255.255
static (dmz,outside) 12.18.13.14 abc_WEB netmask 255.255.255.255
static (outside,inside) VTC VTC_Outside netmask 255.255.255.255
static (dmz,outside) 12.18.13.15 192.168.2.101 netmask 255.255.255.255
static (inside,outside) 12.18.13.19 abc09ic netmask 255.255.255.255
static (inside,outside) 12.18.13.42 SharePoint netmask 255.255.255.255
static (inside,dmz) 192.168.2.78 FileServer_DNS netmask 255.255.255.255
static (inside,outside) 12.18.13.32 Exch10 netmask 255.255.255.255
static (inside,dmz) 192.168.2.10 abcSLIMPS1 netmask 255.255.255.255
static (inside,dmz) 192.168.2.11 abc02EX2 netmask 255.255.255.255
static (inside,vpnnet) 192.168.3.11 abc02EX2 netmask 255.255.255.255
static (inside,vpnnet) 192.168.3.81 192.168.1.155 netmask 255.255.255.255
static (inside,vpnnet) 192.168.3.82 192.168.1.28 netmask 255.255.255.255 dns
static (inside,dmz) 192.168.2.13 192.168.1.13 netmask 255.255.255.255
static (inside,outside) VTC_Outside VTC netmask 255.255.255.255
static (inside,outside) 12.18.13.33 192.168.1.13 netmask 255.255.255.255
static (inside,outside) 12.18.13.41 abcSLIMPS1 netmask 255.255.255.255
static (inside,outside) 12.18.13.222 ExternalDNS netmask 255.255.255.255
static (inside,Internal_LAN) Inside_Subnet Inside_Subnet netmask 255.255.255.0
static (Internal_LAN,inside) 172.168.1.0 172.168.1.0 netmask 255.255.255.255
access-group outside_access_in in interface outside
access-group inside_access_in in interface inside
access-group dmz_access_in in interface dmz
access-group vpnnet_access_in in interface vpnnet
access-group asainside_access_in in interface asainside
access-group Internal_LAN_access_in in interface Internal_LAN
access-group oobnet_access_in in interface oobnet
route outside 0.0.0.0 0.0.0.0 12.18.13.1 1
route asainside 192.168.100.0 255.255.255.0 192.168.4.2 1
timeout xlate 1:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server abc.com protocol nt
aaa-server abc.com (inside) host 192.168.1.2
nt-auth-domain-controller abc12dc1
aaa-server abc.com (inside) host Email_DNS
nt-auth-domain-controller abc12dc2
aaa authentication ssh console LOCAL
aaa authentication enable console LOCAL
http server enable
http 10.0.0.0 255.255.255.0 outside
http Inside_Subnet 255.255.255.0 outside
http Inside_Subnet 255.255.255.0 inside
http VPN_Subnet 255.255.255.0 vpnnet
snmp-server group Authentication_Only v3 auth
snmp-server group Authentication&Encryption v3 priv
snmp-server user mkaramat Authentication&Encryption v3 encrypted auth md5 25:57:33:8a:86:b0:fc:71:36:5f:de:3d:83:35:eb:d4 priv aes 128 25:57:33:8a:86:b0:fc:71:36:5f:de:3d:83:35:eb:d4
snmp-server host inside 192.168.1.60 version 3 mkaramat udp-port 161
no snmp-server location
no snmp-server contact
snmp-server community *****
snmp-server enable traps snmp authentication linkup linkdown coldstart
no service resetoutbound interface outside
no service resetoutbound interface inside
no service resetoutbound interface dmz
no service resetoutbound interface vpnnet
no service resetoutbound interface asainside
no service resetoutbound interface testinside
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map inside_map interface inside
crypto map oobnet_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map oobnet_map interface oobnet
crypto isakmp enable outside
crypto isakmp enable inside
crypto isakmp enable inside_new
crypto isakmp enable oobnet
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
no crypto isakmp nat-traversal
telnet 12.18.13.0 255.255.255.0 outside
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 outside
ssh Inside_Subnet 255.255.255.0 inside
ssh VPN_Subnet 255.255.255.0 vpnnet
ssh timeout 30
ssh version 1
console timeout 0
dhcpd auto_config inside
dhcpd dns 192.168.1.2 Email_DNS interface oobnet
dhcpd domain abc.com interface oobnet
dhcpd option 3 ip 172.16.0.1 interface oobnet
threat-detection basic-threat
threat-detection statistics
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
ntp server 192.43.244.18 source outside prefer
tftp-server vpnnet 192.168.3.10 /
webvpn
group-policy DfltGrpPolicy attributes
vpn-idle-timeout 60
group-policy abcdONEVPN internal
group-policy abcdONEVPN attributes
dns-server value 192.168.1.7 192.168.1.3
vpn-tunnel-protocol IPSec
default-domain value abc
group-policy abcdONE internal
group-policy abcdONE attributes
dns-server value 192.168.1.7 192.168.1.3
vpn-idle-timeout 30
vpn-tunnel-protocol IPSec l2tp-ipsec
split-tunnel-policy tunnelall
split-tunnel-network-list value abcdONE_splitTunnelAcl
default-domain value abc.com
service-type remote-access
service-type remote-access
tunnel-group abcdONE type remote-access
tunnel-group abcdONE general-attributes
address-pool NEW_VPN_POOL
default-group-policy abcdONE
tunnel-group abcdONE ipsec-attributes
pre-shared-key *
isakmp keepalive disable
tunnel-group abcdONE ppp-attributes
authentication pap
authentication ms-chap-v2
authentication eap-proxy
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
  message-length maximum 512
policy-map type inspect ipsec-pass-thru VPN
parameters
  esp
  ah
policy-map global_policy
class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect sqlnet
  inspect skinny 
  inspect sunrpc
  inspect xdmcp
  inspect sip 
  inspect netbios
  inspect tftp
  inspect http
  inspect icmp
policy-map type inspect dns migrated_dns_map_1
parameters
  message-length maximum 512
service-policy global_policy global
prompt hostname context
Cryptochecksum:02e178404b46bb8758b23aea638d2f24
: end
asdm image disk0:/asdm-621.bin
asdm location NEW_VPN_POOL 255.255.255.0 inside
asdm location abc09ic 255.255.255.255 inside
asdm location VTC 255.255.255.255 inside
asdm location Email_Gateway 255.255.255.255 inside
asdm location Exch10 255.255.255.255 inside
asdm location ExternalDNS 255.255.255.255 inside
asdm location abc11ids 255.255.255.255 inside
asdm history enable

Hi,
Could you let me know if you  have tried the configuration I originally suggested. I mean creating a  "nat" statement for the "Internal_LAN" thats ID number matches one of  the existing "global" or make a new "global" for  it. And also if the "Internal_LAN" needs to access "inside" you could  have added the "static" command suggested.
It seems there has been some  other suggestions in between that  have again suggested completely  different things. I would have been  interested to know what the  situation is after the suggested changes  before going and  doing something completely different.
If you are changing a lot of NAT configurations for the new "Internal_LAN" interface I would suggest checking the output of
show xlate | inc 172.168.1
To see if you need to use some  variant of the "clear xlate" command to clear old translations still  active on the firewall. You should not use the "clear xlate" without  additional parameters as otherwise it clears all  translations on the firewall in the mentioned form of the command
You can use
clear xlate ?
To view the different optional parameters for the command
- Jouni

Similar Messages

  • Guest Internet access in the Enterprise

    We have set up guest internet access in our enterprise using GRE tunneling with a PIX. I'm trying to determine the best way to do authentication for users on this guest network.
    I think I can do RADIUS (using ACS) with the PIX as an NAS. Question is can I use a different type of server (such as MS IAS)? Can I use either one to utilize an existing MS Active Directory database?
    If I use radius on the pix for authentication, a login prompt pops up when a user tries to use the web. Is there a way to redirect users to a web page first and have the login embedded on the page? This is done in hotels now and I don't know if there's a Cisco solution for this.

    The following documents lists all the supported Databases,
    http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs33/user/d.htm

  • JetPack 4G LTE connects but "no internet access" message

    Would appreciate any help.
    My JetPack 4G LTE mi-fi connects to the internet (3G or 4G) and shows that my devices are connected to it.  However, I cannot get on the internet.
    1)  I have three different devices - two laptops and a smartphone.  All three have the same problem.
    2)  I have a Sprint Mi-Fi that I use for a different business.  All three devices can and do connect to that device and work properly on the internet during the same sessions in which they cannot connect on the Verizon JetPack.  So it is not the devices I am trying to connect with.
    3)  The exact same thing has happened several times over the course of about 4 days and in two cities and two states - all three devices unable to connect via JetPack but connect fine through Sprint Mi-Fi.  So it is not location or local network issue.
    4)  LED display on JetPack, in all instances, show a strong 3G or 4G (depending on where I am) signal and also that all three devices are connected.
    5)  Message on laptop wireless area shows connection but says "no internet access".
    6)  Under the wireless status or details, it says (on the list of info):  "IPv4  no internet access" and "IPv6 no internet access".
    7)  I have done a battery pull with no effect.
    8)  I have done a factory reset (power up, remove cover, press reset button until long green light and short green light) with no effect.
    9)  After both battery pull and factory reset, I still show connected to 3G, all three devices connected, no internet access, and all three devices then work on the Sprint mi-fi.
    10)  Symptoms started about 4 days ago and have not changed since - it is not a come-and-go problem.  It is not working at any time.
    I am hoping to gosh to avoid a long ordeal with tech-support at Verizon.  This is a company-issued device, so I could ask my company to take it up with Verizon, but I work remotely and access to the IT department is not that simple either.  thought I would see if I am missing something simple.  I hope I've given enough info for someone brighter than myself here can spot something I could do.
    Thanks in advance for any help.

    Thank you for your response.  I am having trouble logging back into this site to respond (I never created a User ID and don't know my cell phone number as it is a mi-fi and not a cell).  I reregisterd for the forums only under a slight ID variation and will continue to do so for this dialog.  Thanks very much.
    The back of the Jetpack says SSID: "MiFI4620L Jetpack 89B4".   I am currently using the device (since the problems began last week) in zip codes 49504 and 49503 - same symptom both places.
    Thanks again.

  • Internet access problems and viewing video on internet

    I have very limited interet access most of the time.  I get a message: "You are not currently in an area that can handle data communication.  ..."  I have no problem with email and other features of the phone during this time.  The signal at the top of my phone says "GSM".  When I am able access the internet, it give me a different signal (can't remember what that is, however).  Even then, I cannot view most video clips, such as YouTube clips.  They will not load all the way.  It states, "Error has occurred in attempting to play media."  Help!

    I have unlimited internet access, so that's not the problem.  Right when I got the phone, I replaced the original data card with a 4G card and enabled mass storage.  I have (since my first post) had more access capability by enabling the WiFi (da) which finds my wireless connection at home.  I've also been able to view a video clip, not successfully all the way through, however.  During viewing, the phone appears to crash, i.e. the screen goes white and then it takes 3-5 minutes for it to reboot.  This has also happened when the phone has not even been being used.   Also, as I was surfing the net, the phone asked if I wanted to enable Javascript which I did.  Is there anything else that I need to enable or do to the phone in order to have a more pleasant experience using the internet and viewing video clips? 

  • Internet Access to Portal located in DMZ

    I've seen questions on the forum regarding gaing Internet access to the Oracle Portal located in the DMZ. This answer does not resolve the issue of having multple DADs to access your portal like abc.com and xyz.com. For that see note:162044.1 on metalink. http://metalink.oracle.com.
    If you registered a domain name e.g. abc.com and have the portal up and running in the DMZ. Your local network should be accessing the portal just fine. Your computer name for example is portal. The URL translates into http://portal.abc.com. You opened the ports in the DMZ to allow access and wonder why you get partial portal pages, no login, etc. It's becase users can't resolve the DNS entry for portal.abc.com. Call your ISP and get an "A Record" entry. After a few hours and propogation of the A Record, users on the Internet can successfuly access your site. This A Record should be free.
    Good luck
    Kellan

    Hi,
      You've to open the ITS for internet for accessing things from Portal too. As I've told you in previous post, the request goes directly to ITS server   (http://itsserver.com/scripts..) and not as  (http://myportal.com/scripts..). The idea of having it via Portal will be to mask the URL of ITS , which will not be visible (except for time you click on iview which will display in status bar). In any case, you can directly acces ITS as what you've told, however you give the proxy.
    Regards,
    Siva
    P.S: Award points if you find this useful.

  • Is it possible to be connected with a 3G modem for internet access and a WiFi router for printer sharing at the same time?

    For our only internet access we have a 3G wireless modem. I have since purchased a WiFi printer and router to connect all the comptuters to in the house. The PCs have no problem with using both the 3G connection and the WiFi signal at the same time to print, however, the MacBook Pro will not connect to the 3G network and the router, it will drop the internet access from the modem and attempt to connect via WiFi (which has no internet access). Is there a solution that is available to remedy this? I attempted to create an adhoc printer network, however, the macbooks again will not print off of this, only the PCs. And I'm getting a bit frustrated overall with this.

    The 3G wireless modem is on one of the PC's correct?
    Why don't you pass the Internet through the Ethernet port to the router via Cat5 cable, then have that transmit a Wifi signal that everything else can use, then connect the printer to the router for print sharing?
    You would have to turn off the wifi on the comptuer with the 3G modem as it's physically connected to the router and can't connect to the other machines as they are all connected to the router for sharing.
    The Mac has the ability to pass, Internet Sharing in the System Preferences.
    Do you have software for the Mac to run the 3G modem?

  • Safari and firefox stop working after a few minutes of browsing, regardless of what site I'm on. I have to restart my computer to get internet access again but it only works for a few more minutes, then I have to restart again. Please help!

    Safari and firefox stop working after a few minutes of browsing, regardless of what site I'm on. I have to restart my computer to get internet access again but it only works for a few more minutes, then I have to restart again. I don't get a spinning ball, it just stops working at whatever page it's on. I can close the program just fine but when I re-open it, either safari or firefox, it freezes trying to load the hompage. This started a few days ago after trying to stream a movie on my computer. I'm on a Mac Air OS X Version 10.6.8 and have downloaded all updates. When I go into finder, it says I have over 80 gigs available. Is there some other memory cache that I need to check? Thanks so much for your help.

    ejwoodall wrote:
    It's not a router problem as I explained in my post. If it was a router problem then I wouldn't have the problem everywhere I go. It is an issue with the software.
    Then I guess the millions of people running 10.5.7 with no issues are just hallucinating that their machines are working fine?
    I'm not trying to belittle your issues; you're certainly having them and I know first hand how annoying an intermittent AirPort issue can be. (In fact, mine was due to an AirPort driver bug that no one else seemed to suffer from.)
    The single best diagnostic you could do is take your system running 10.5.7 to an Apple Store, and try using their in-store network.
    If your machine performs flawlessly, it may be a router issue.
    If your machine has connectivity issues there, it may be a hardware problem with your machine.
    There have been numerous people in multiple threads over the years who swore that an update was buggy because things used to work, but returned later to sheepishly admit that they took their machine in, a problem was found and fixed, and now their Mac works flawlessly with the newer software.
    But simply reinstalling 10.5.5 in no way means the explanation of how firmware bugs may be at play here is incorrect.
    In the context of that explanation, all you've done is possibly reinstall software that asks to add "2 + 3."

  • Wireless internet access issues

    Hi All,
    Now that I have the back up battery issue resolved and my mac works again, need some help with my airport connectivity.
    I have a circa 2000 Imac DV, using OS 9.1. I just purchased and installed an airport card. I used to use dial up internet access and am now trying to access the internet via my Verizon wireless DSL. The little telephone icon appears on the tool bar. Is this correct?
    The computer won't recognize my secure WEP DSL password and seems to try to access the internet via the PPP connection.
    I have a secure WEP internet connection. Just a few days ago a friend of mine was able to access the internet from my DSL via her new powerbook. Her computer accepted my WEP password.
    Do I need to make any system configuration changes to turn off the PPP connectivity to use my airport card?
    Thanks, Ken

    kweiss66, Welcome to the discussion area!
    You are in completely the wrong discussion area. You need to post your question in the iMac CRT (G3) discussion area.

  • Wireless Internet Access (Cisco IP NGN or Cisco Wireless Mesh Networkin)??

    Dear Cisco Wireless Team
    Please educate us on where to start, or the CISCO product we might need to purchase
    We are trying to branch out a new Internet wireless access and wireless phone service business in our company, and presently looking for the right Cisco product solution to purchase to enable us offer this service in LAGOS, NIGERIA.
    The service will be rendered in Africa, the country NIGERIA, and the city LAGOS.
    We would like to mount or install the product in Lagos, Nigeria.
    As we are new to this kind of service. We would appreciate if the Cisco wireless team can work with us in pointing or directing on the right product to purchase and what are required. We understand the Cisco Wireless Mesh Networking Solution, Cisco IP Generation Network, Cisco 12416 or 7600 Series Router might be the right products to purchase, but we are not sure on what needed or what are required to meet our service need.
    Possibly we would like to offer Wireless Internet Access to unlimited subscribers, and also Wireless or Mobile Phone service to unlimited subscribers in Nigeria.
    Anticipating your reply

    I suppose Cisco Wireless Mesh Networking would be a good choice.The Cisco mesh architecture makes it easy to scale coverage as capacity needs dictate, including increasing access point density; adding wired connections, controllers, and radios; and using dual high-powered, high-sensitive radios and a selection of high-gain antennas.Refer the document for IP NGN in the following URL http://www.cisco.com/en/US/netsol/ns537/networking_solutions_solution_category.html

  • Wireless Internet access via requires unplugging cable modem -

    I have a brand new MacBook Pro with Snow Leopard (10.6.1) and Airport Express (7.4.2). I have high speed Internet via Comcast/cable modem. I spent 30 minutes with the Apple Tech Support folks and was finally able to get wireless internet access. However, after I shutdown and reboot, the only way I can wireless internet is to unplug the internet cable from both the wall plug and cable modem and unplug the modem, both for about two minutes. This isnt what I had in mind when I crossed over from the dark side (PC laptop world) and am having buyer's remorse. Does anyone know how I can fix this problem (i dont want to unplug cables before each session on the internet)?

    Mr. Timmons,
    Thank you so much for the response.  I thought the complete reboot would work, but apparently not.  I followed the directions precisely, even waiting a few minutes longer than suggested for each of the steps.  My air express is still blinking yellow.  I think the issue has something to do with the DHCP and the IP address which are diifferent. The IP address is one series of number (starts with 169), and the LAN IP address is another number (starts with 10). Status on airport express show yellow for internet connection, and yellow for no DSN servers. When I go to the internet tab of airport utility, it shows the iPv4 address starts wutg the 169 number. When I click on the network tab, the DHCP range starts with the 10 number.  When I open the Network Options window, the iPv4 DHCP range starts with the 10 number.  I am at a loss as to how to get them to match up (with either the 169 number or the 10 number).  V/R sjbgtmo

  • New to Networking - Verizon Wireless Broadband Internet Access

    Hello,
    Just setting up my home network with a router and printer server.  However, when I went to set it up, it is looking for a cable to connect from the laptop to the router.  I use a Verizon Broadband wireless card that I insert into the pcmia slot on the laptopr, therefore, no wires involved.
    Will this work with the router or do I need the cable connection for it to work.
    Also, in the setup it asks not only for the IP address (which I think I found) but also a subnet, gateway, dns, etc.  Any suggestions on where I can find this info.
    Or is this all just explained somewhere in an easy guide when using a wireless internet access card.
    Thanks in advance for any help.

    Thanks for the info.  Since I live in a rural location, the only options I have are either slow dial up with MSN or the broadband access card in my laptop with Verizon so I guess I will be limited to the internet only on my laptop if I want faster access.
    One thing, though, when I open the program for the verizon card (VZaccessmanager), it shows a symbol for linksys as an available network even though I didn't provide the ISP, etc. answers.
    The router that I am using is the WRT54GS and and a WPS54G print server. 
    And, yes, the ISP question was being asked during the final stages of router installation, along with the gateway question, etc.  Now that this isn't going to work with the access card, do I need to answer these questions? 
    Any help will be appreciated.  Thanks.

  • WRTP54G router: I have internet access wirelessly but a wired desktop doesn't.

    We have an excellent wireless network working in the house, but my desktop (which isn't wireless) can't get internet access.  It says that a network cable is unplugged - it's not.  When a cable is plugged into one of the 4 ethernet ports in the back of the router, the ethernet lights on the front don't light up or flash or anything.  I think that part isn't working.  Is there anything I can do?  Should I update the firmware?  Or just get a new router?  I have tried using different cables, but nothing changes.  The only way for the desktop to get online is to take the router out of the configuration, but then the wireless network and the Vonage phone are out.
    I went to ipconfig at the command prompt and under Ethernet adapter Local Area Connection: my Media State is Media disconnected.  So, I'm guessing the ethernet ports on the router are not working at all. 
    Thanks for your help.
    Message Edited by scraig8877 on 07-30-2009 12:41 PM
    Solved!
    Go to Solution.

    Do continuos ping ping 192.168.1.1 -t and check how many replies or RTO you will have. If you have replies even just a bit connect your PC to the modem to get internet connection and download the latest firmware and upgrade utility for your Router.
    FIRMWARE
    1. Go to www.linksys.com/downloads
    2. Enter the Model Number of your Router
    3. Choose Get Downloads
    4. Select the Device Version
    5. Check Downloads and Drivers then download the Firmware
    UPGRADE UTILITY
    1. Go to www.linksys.com/downloads
    2. Enter the Model Numner BEFSR41
    3. Choose Get Downloads
    4. Select Device Version - Version 4.0
    5. Check Downloads and Drivers then download the Utility
    After downloading those files.
    Connect your PC back to the Router then run the TFTP(Utlity) set Server = 192.168.1.1; Password = admin; then choose the firmware file that you have downloaded. Then Upgrade the firmware of your router.
    Note : Make sure the you have set the TCP/IP and DNS Server of you computer back to OBTAIN IP ADDRESS.
    Note : To run the TFTP Utility set the TCP/IP and DNS Server of your computer back to USE THE FOLLOWING IP ADDREESS.
    Just follow the previous posts to do this. Good Luck.
    Regards,
    Lord Maxthor

  • Networking problem (internet access)

    My host has no internet access, but the VMware guests do. Because the host has no access, the NAT over host doesn't work when I want to access the internet.
    Therefore I added a third bridged network card. With this card internet works fine, but the Oracle Cluster doesn't work any more. It seems to get confused by the added card.
    What must I do to make Oracle work again? - Or is there another way to access the internet from the guest if I don't want to let the host access it?

    My host has no internet access, but the VMware guests do. Because the host has no access, the NAT over host doesn't work when I want to access the internet.
    Therefore I added a third bridged network card. With this card internet works fine, but the Oracle Cluster doesn't work any more. It seems to get confused by the added card.
    What must I do to make Oracle work again? - Or is there another way to access the internet from the guest if I don't want to let the host access it?

  • WRT 120 Internet Access Control Problem for itouch

    I've just set up my router. Cannot seem to control access to the internet for my son's itouch. The router recognizes it on the map as a wireless device part of the network, but it will not show up in the menu that allows for internet access control. My lap top shows up, but no itouch. I'm running Windows XP home premium edition - not sure if this makes a difference.

    Open the linksys setup page...Under the Wireless tab,Change the Channel Width to 20MHz only,Channel to 11 and click on save settings...Under the Advanced Wireless Settings,Change the Beacon Interval to 75,Change the Fragmentation Threshold to 2304,Change the RTS Threshold to 2304 and Click on Save Settings... 
    On the I-Touch..Go to Settings>>>General>>>Reset>>>Now select Reset Network Settings.This will now reboot and restore you network connections.

  • E71 PC Internet Access DNS Problem

    Hi all,
    Got a bit of a problem which I hope someone knows the answer to.
    I'm currently triailing tethering on an E71 for our corporate network.  I've got the phone connected up and installed Nokia PC Internet Access on my machine; all good.
    The problem I'm having is that we use a private APN at the mobile carrier to connect back to our network, and this does not advertise automatic DNS settings to clients.  I can get connected to the APN no problem at all but without DNS servers on the connection, it's fairly useless.
    Now, I can see that the PCIA application uses Dial-Up Networking behind the scenes to actually connect up, and I have tried to specify manual DNS servers on that connection, but every time I reconnect using PCIA, it resets everything back to automatic, which doesn't work.
    Anyone got any ideas on forcing manual DNS servers on a connection when using PC Internet Access?
    Thanks all!

    Nobody? This is the way how Nokia does NOT care us. Nokia is now dead

  • Complete wireless internet access failure:(

    Ok everyone, here is the low down for the last month.
    I use a 2005 ibook G4, access internet and email set up w/ Mac Mail thru my airport card and jump on wireless cafe that i live next 2. For 3 whole months, i was set up and running internet and email perfectly. I didn't change any setting, service, etc. Except the network from cafe (from linksys to RGII).
    1st: as of 1/1, i lost my ability to send email thru Mac mail using wireless access (thru cafe). Error was "port 25 timed out". After spending 4 days with ISP, setting- resetting POP account and outgoing server, pinging port 25 to verify sent, scanning port 25 to verify, etc, etc, etc. This produced no resolution.
    2nd: as of 1/21, I have lost complete internet access. I have run the network diagnostic to fix, no go...
    SO, I took my ibook to the Genius bar at Apple store for a looksy. Sure enough some setting were off or changed, (by my own troubleshooting). After everything was checked and reset, all was A-OK (at the Store). I could access internet, received AND send email. Yippee!
    NOW here is the tricky part... as soon as i got home and turned her on, I could see the airport finding networks (RGII), But when I try to access email or internet (thru Mac Mail, safari) it says my ibook is not connected to internet, same for email. I run the network diagnostic, and it can't fix problem.
    When I go next door to see if the cafe is having router problems on there end...Nope everyone is accessing the internet just fine:(
    This is NOT a problem with password etc, As the cafe is set up with authentication as NONE. Plus everyone there is able to use the wireless access.
    So what do you propose is my problem? Remember this was all working fine for 3 months and started to fall apart this last month. In addition, to having eveything work just fine at the Apple store a mere 30mins before.
    Could this be an issue with the RGII network i am jumping on?
    Why would I be the only person effected and not everyone at the cafe?
    ibook   Mac OS X (10.4.3)   wireless access at cafes

    Though it doesn't solve your issue, I thought I'd
    share that I can access many non-Apple access points
    (Cisco 1200's, Linksys WAP54G's for example) with OS
    10.4.4. This being so, I think we're safe to assume
    the issue is not related to a recent OS update.
    I'm afraid I must disagree with this. Few months back, I lost my Airport connection when I installed the 10.4.3 System Update. Fixed by restoring from backup and going back to 10.4.3. Managed to upgrade to 10.4.4 successfully and maintain wireless connection to a Compex 802.11g base station. Then I made the mistake of accepting the Airport 2005-001 update. Immediately lost my Airport connection. Other PCs can connect to the base station, and I can access the internet by connecting my Powerbook to the router using Ethernet. Can even see the Airport network and login to the router's admin page over wireless. Only thing that doesn't work is connecting to the internet wirelessly.
    Once I changed my base station to an older one I had lying around, I can connect wirelessly again and all seems well.
    My conclusion is that Airport Update 2005-001 definitely broke compatibility between Airport Extreme and some 3rd party base stations. The irony is that this update was supposed to "improve" compatibility !

Maybe you are looking for