ASA 5505 - Outside Outbound Bandwidth Issue
ZyXel DSL modem (10MB download and 768Kbps or so upload)
DSL modem is operating in bridge mode
Cisco ASA 5505 in routed mode with ten users behind the ASA. Nothing fancy about the ASA setup.
Each user relies on their own FirePass or Cisco VPN client (outbound, no configuration required in the ASA) continously from 8am to 5pm. Outlook and light application usage over the VPN only.
On Friday, 05/17/13, the outbound connections were working well. Latency was good throughout the day (less than 40ms to Google). On the outside interface, output bandwidth was less than 500Kbps (much less for large portions of the day!). Three users were using streaming Internet radio.
On Monday, 05/20/13, the outbound connections were working poorly. Latency was bad (170ms and higher to Google). On the outside interface, output bandwidth was remaining steady throughout the day between 800Kbps and 850Kbps. Occasionally, the outside output bandwidth would drop to 40Kbps, then 600Kbps and then back to 800Kbps or so. No user on Monday was uploading any large files, no cloud backup or anything of the sort. No users were listening to Internet radio.
On Monday afternoon, I shut down five client machines and the outside output bandwidth was still around 800Kbps.
On Monday evening, I stopped by the office after each user had left the building and checked the outside interface output bandwidth and it was between 0Kbps and 45Kbps (virtually no load). I verified that all machines were powered on, but the VPN clients were disconnected.
On Friday and Monday, for the outside interface, the input bandwidth was between 200Kbps and 500Kbps with occasional higher spikes when users downloaded something.
What could cause the difference between Friday and Monday? Is the DSL upload simply maxed out? If the DSL upload is maxed out, why did it work well on Friday when I had a greater demand on the connection?
Thank you
Hello Modulus,
Did you take captures on the outside interface or the ASA ( This to check what is leaving the ASA ) as you are using VPN clients traffic will go encrypted so you will not be able to determine what is the traffic used for but at least you might notice some extra-traffic (outside the VPN traffic) as this does not look right or normal,
Regards
Julio
Similar Messages
-
Input and CRC errors on ASA 5505 outside interface
All,
I see input and crc errors on my ASA 5505 eth0/0(outside) interface and packet drops. There is very slow connection though we have 20mb line. ISP also sees the issue on the Lan interface side. We have the speed and duplex configured same on both ISP and our end.
I am suspecting if this is Physical cable issue. Please suggest.
Hardware is 88E6095, BW 100 Mbps, DLY 100 usec
Full-Duplex(Full-duplex), 100 Mbps(100 Mbps)
Input flow control is unsupported, output flow control is unsupported
Available but not configured via nameif
MAC address 001a.b4c9.f3d9, MTU not set
IP address unassigned
158138067 packets input, 141061681082 bytes, 0 no buffer
Received 183037 broadcasts, 0 runts, 0 giants
19642 input errors, 19642 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
0 L2 decode drops
144684 switch ingress policy drops
124291353 packets output, 38197278051 bytes, 0 underruns
0 pause output, 0 resume output
0 output errors, 0 collisions, 0 interface resets
0 late collisions, 0 deferred
0 rate limit drops
0 switch egress policy drops
0 input reset drops, 0 output reset dropsHello Ravi,
This kind of issues CRCs/ Input Errors are tipically known as L1 issues so make sure you check the cable and if that does not make a difference change the port on each side to see if there is a difference.
Unfortunetly the ASA does not support the Time-Domain Reflectometer feature so we must do the test of L1 by ourselfs.
Can you clear the counters of the interface, test the changes provided and provide us some feedback?
Looking for some Networking Assistance?
Contact me directly at [email protected]
I will fix your problem ASAP.
Cheers,
Julio Carvajal Segura
http://laguiadelnetworking.com -
How do I block pings from the outside to the ASA 5505 outside interface?
I was asked to block pings from the internet to the outside interface of our ASA-5505 firewall. I found a post that said to enter "icmp deny any outside", however that does not do it.
I created an ACL to try and do the trick, also to no avail:
access-list outside_in extended permit icmp any any echo-reply
access-list outside_in in interface outside
access-group outside_in in interface outside
Anyone have a clue what I'm doing wrong? I'm not the firewall guy as you can tell. :/
Thanks in advance...
Block / Deny ICMP Echo (Ping) on Cisco ASA Outside Interface
Most networks that you protect with a Cisco ASA device, will probably want to deny ICMP (maybe not all ICMP types, but a lot of network admins will want to block ICMP Echo, etc.) on the outside interface. This will make the network harder to find through external enumeration, but not impossible.
ASA5505(config)#icmp deny any outside
You will deny ICMP on the outside interface, but if you include ICMP as a protocol in the default global policy map, you can ping from the inside to any host on the outside, and it will be permitted back through the ASA, as it knows about the previous ICMP “connectionYou are allowing echo-reply, thus it will reply to a ping
try this ACL:
icmp deny any echo-reply outside
From:
https://supportforums.cisco.com/thread/223769
Eric -
ASA 5505: Outside Interface Becomes Inaccessible
Greetings --
I've been having occurrences of my ASA's 'outside' interface become inaccessible from the internet side. AnyConnect users that are logged in get kicked out ... can't ping to the IP address ... can't ssh into the ASA. Internally, I can ping the IP address and I can ssh into the ASA.
The 'lockout' typically occurs around 1PM, 7:30PM, and 10:30PM. To get the 'outside' interface working again, I would have to log into a host machine on the LAN (via TeamViewer) and then ssh into the ASA and reboot.
Any ideas why the lockouts are occuring? Is it possible my ISP is shutting down the IP?
Below is the configs to the ASA:
hostname psa-asa
enable password IqUJj3NwPkd63BO9 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
name 10.0.1.0 Net-10
name 192.168.1.20 dbserver
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
switchport access vlan 3
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.98 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address xxx.xxx.xxx.43 255.255.255.0
interface Vlan3
no nameif
security-level 50
ip address 192.168.5.1 255.255.255.0
ftp mode passive
object-group service RDP tcp
port-object eq 3389
access-list vpn_nat_inside extended permit ip Net-10 255.255.255.224 192.168.1.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip any Net-10 255.255.255.224
access-list inside_nat0_outbound extended permit ip host chewieOP-host Net-LabCorp 255.255.255.0
access-list inside_access_in extended permit ip any any
access-list Split_Tunnel_List standard permit Net-10 255.255.255.224
access-list outside_1_cryptomap extended permit ip host chewieOP-host Net-LabCorp 255.255.255.0
access-list outside_access_in extended permit ip host Mac any
pager lines 24
logging enable
logging timestamp
logging monitor errors
logging history errors
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool SSLClientPool-10 10.0.1.1-10.0.1.20 mask 255.255.255.128
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (inside) 10 interface
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
nat (outside) 10 access-list vpn_nat_inside outside
access-group inside_access_in in interface inside
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 xxx.xxx.xxx.41 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication enable console LOCAL
aaa authentication ssh console LOCAL
aaa authorization command LOCAL
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set peer 162.134.70.20
crypto map outside_map 1 set transform-set ESP-3DES-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto ca trustpoint ASDM_TrustPoint0
enrollment self
subject-name CN=pas-asa.null
keypair pasvpnkey
crl configure
crypto ca certificate chain ASDM_TrustPoint0
certificate fecf8751
308202da 308201c2 a0030201 020204fe cf875130 0d06092a 864886f7 0d010105
0500302f 31153013 06035504 03130c70 61732d61 73612e6e 756c6c31 16301406
092a8648 86f70d01 09021607 7061732d 61736130 1e170d31 33303530 36323134
3131365a 170d3233 30353034 32313431 31365a30 2f311530 13060355 0403130c
7061732d 6173612e 6e756c6c 31163014 06092a86 4886f70d 01090216 07706173
2d617361 30820122 300d0609 2a864886 f70d0101 01050003 82010f00 3082010a
02820101 00dc6f5c 584be603 1219ad4a 43085a97 b8fd7e33 c887933d 1b46dbca
deada1da 7689ab5e 9b6fa20b d6f7e5e3 049285e7 65778c15 a9447e1e 8ba749cb
61e0e985 9a90c09f b4c28af0 c6b5263c d2c13107 cce6c207 62f17cbe 99d9d5c2
86870084 25c035e4 ea9ab8ae 8b664464 40305c4d e40dd774 506f6c0a 6f4ca4d1
0c81d2dd bcdc8393 3f4fbcba 1b477d45 502063b8 af862bdf 50499615 7b9dac1b
67252db8 1473feec c39d9c32 9d9f3564 74fdf1bd 71ca9310 e5ad6cba 999ae711
c381347c a6508759 eb405cc0 a4adbe94 fb8204a2 382fad46 bc0fc43d 35df1b83
6379a040 90469661 63868410 e16bf23b 05b724a3 edbd13e1 caa49238 ee6d1024
a32a1003 af020301 0001300d 06092a86 4886f70d 01010505 00038201 010084b1
62698729 c96aeec0 4e65cace 395b9053 62909905 e6f2e325 df31fbeb 8d767c74
434c5fde 6b76779f 278270e0 10905abc a8f1e78e f2ad2cd9 6980f0be 56acfe53
f1d715b9 89da338b f5ac9726 34520055 2de50629 55d1fcc5 f59c1271 ad14cd7e
14adc454 f9072744 bf66ffb5 20c04069 375b858c 723999f8 5cc2ae38 4bb4013a
2bdf51b3 1a36b7e6 2ffa3bb7 025527e1 e12cb2b2 f4fc624a 143ff416 d31135ff
6c57d226 7d5330c4 c2fa6d3f a1472abc a6bd4d4c be7380b8 6214caa5 78d53ef0
f08b2946 be8e04d7 9d15ef96 2e511fc5 33987858 804c402b 46a7b473 429a1936
681a0caa b189d4f8 6cfe6332 8fc428df f07a21f8 acdb8594 0f57ffd4 376d
quit
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 28800
vpn-sessiondb max-session-limit 10
telnet timeout 5
ssh 192.168.1.100 255.255.255.255 inside
ssh 192.168.1.0 255.255.255.0 inside
ssh timeout 60
console timeout 0
dhcpd auto_config inside
dhcpd address 192.168.1.222-192.168.1.223 inside
dhcpd dns 64.238.96.12 66.180.96.12 interface inside
threat-detection basic-threat
threat-detection statistics host
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
ssl trust-point ASDM_TrustPoint0 outside
webvpn
enable outside
anyconnect-essentials
svc image disk0:/anyconnect-win-2.5.2014-k9.pkg 1
svc image disk0:/anyconnect-macosx-i386-2.5.2014-k9.pkg 2
svc enable
tunnel-group-list enable
group-policy SSLClientPolicy internal
group-policy SSLClientPolicy attributes
wins-server none
dns-server value 64.238.96.12 66.180.96.12
vpn-access-hours none
vpn-simultaneous-logins 3
vpn-idle-timeout none
vpn-session-timeout none
ipv6-vpn-filter none
vpn-tunnel-protocol svc
group-lock value PSA-SSL-VPN
default-domain none
vlan none
nac-settings none
webvpn
svc mtu 1200
svc keepalive 60
svc dpd-interval client none
svc dpd-interval gateway none
svc compression none
group-policy DfltGrpPolicy attributes
dns-server value 64.238.96.12 66.180.96.12
vpn-tunnel-protocol IPSec svc webvpn
username user1 password ks88YmM0AaUUmhfU encrypted privilege 0
username user1 attributes
vpn-group-policy SSLClientPolicy
service-type remote-access
username user2 password 1w1.F5oqiDOWdcll encrypted privilege 0
username user2 attributes
vpn-group-policy SSLClientPolicy
service-type remote-access
username user3 password lQ8frBN8p.5fQvth encrypted privilege 15
username user4 password w4USQXpU8Wj/RFt8 encrypted privilege 15
username user4 attributes
vpn-group-policy SSLClientPolicy
vpn-simultaneous-logins 3
vpn-idle-timeout none
vpn-session-timeout none
service-type admin
username user5 password PElMTjYTU7c1sXWr encrypted privilege 0
username user5 attributes
vpn-group-policy SSLClientPolicy
service-type remote-access
username user6 password /zt/9z7XUifQbEsA encrypted privilege 0
username user6 attributes
vpn-group-policy SSLClientPolicy
service-type remote-access
username user7 password aEGh.k89043.2NUa encrypted privilege 0
username user7 attributes
vpn-group-policy SSLClientPolicy
service-type remote-access
tunnel-group DefaultRAGroup general-attributes
address-pool SSLClientPool-10
tunnel-group DefaultRAGroup ipsec-attributes
pre-shared-key *****
tunnel-group PSA-SSL-VPN type remote-access
tunnel-group PSA-SSL-VPN general-attributes
address-pool SSLClientPool-10
default-group-policy SSLClientPolicy
tunnel-group PSA-SSL-VPN webvpn-attributes
group-alias PSA_VPN enable
group-url https://xxx.xxx.xxx.43/PSA_VPN enable
pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
service-policy global_policy global
privilege cmd level 3 mode exec command perfmon
privilege cmd level 3 mode exec command ping
privilege cmd level 3 mode exec command who
privilege cmd level 3 mode exec command logging
privilege cmd level 3 mode exec command failover
privilege cmd level 3 mode exec command packet-tracer
privilege show level 5 mode exec command import
privilege show level 5 mode exec command running-config
privilege show level 3 mode exec command reload
privilege show level 3 mode exec command mode
privilege show level 3 mode exec command firewall
privilege show level 3 mode exec command asp
privilege show level 3 mode exec command cpu
privilege show level 3 mode exec command interface
privilege show level 3 mode exec command clock
privilege show level 3 mode exec command dns-hosts
privilege show level 3 mode exec command access-list
privilege show level 3 mode exec command logging
privilege show level 3 mode exec command vlan
privilege show level 3 mode exec command ip
privilege show level 3 mode exec command ipv6
privilege show level 3 mode exec command failover
privilege show level 3 mode exec command asdm
privilege show level 3 mode exec command arp
privilege show level 3 mode exec command route
privilege show level 3 mode exec command ospf
privilege show level 3 mode exec command aaa-server
privilege show level 3 mode exec command aaa
privilege show level 3 mode exec command eigrp
privilege show level 3 mode exec command crypto
privilege show level 3 mode exec command vpn-sessiondb
privilege show level 3 mode exec command ssh
privilege show level 3 mode exec command dhcpd
privilege show level 3 mode exec command vpnclient
privilege show level 3 mode exec command vpn
privilege show level 3 mode exec command blocks
privilege show level 3 mode exec command wccp
privilege show level 3 mode exec command dynamic-filter
privilege show level 3 mode exec command webvpn
privilege show level 3 mode exec command module
privilege show level 3 mode exec command uauth
privilege show level 3 mode exec command compression
privilege show level 3 mode configure command interface
privilege show level 3 mode configure command clock
privilege show level 3 mode configure command access-list
privilege show level 3 mode configure command logging
privilege show level 3 mode configure command ip
privilege show level 3 mode configure command failover
privilege show level 5 mode configure command asdm
privilege show level 3 mode configure command arp
privilege show level 3 mode configure command route
privilege show level 3 mode configure command aaa-server
privilege show level 3 mode configure command aaa
privilege show level 3 mode configure command crypto
privilege show level 3 mode configure command ssh
privilege show level 3 mode configure command dhcpd
privilege show level 5 mode configure command privilege
privilege clear level 3 mode exec command dns-hosts
privilege clear level 3 mode exec command logging
privilege clear level 3 mode exec command arp
privilege clear level 3 mode exec command aaa-server
privilege clear level 3 mode exec command crypto
privilege clear level 3 mode exec command dynamic-filter
privilege cmd level 3 mode configure command failover
privilege clear level 3 mode configure command logging
privilege clear level 3 mode configure command arp
privilege clear level 3 mode configure command crypto
privilege clear level 3 mode configure command aaa-server
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:2298b0ae64f8ff7a5e25d97fe3f02841Hi,
I guess if you want to temporarily set up a software to receive the logs on some computer you could even use Tftpd (you will find it easily through Google search) The same software can be used for multiple different purposes.
I sometime use it personally when testing different stuff on my home ASA.
It naturally isnt a real option if you actuall setup a separate Syslog server.
You wouldnt really need to add much to your logging configuration
logging device-id hostname
logging trap informational
logging host
Where is the name of the interface behind which the server is and the is naturally the IP address of the server.
Though the above would generate a lot of logging.
I am not even 100% sure it would log anything when you are facing the problem.
Best would be to also troubleshoot while the problem is there.
Can you confirm that you use the Internet connection through the ASA when you are accessing the internal host behind the ASA? I assume that the host connects from the LAN to the Internet which enables you to have a remote connection to the host?
If this is so it makes it a wierd problem as the ASA and your ISP can clearly pass traffic to and from your network since that remote connections is working even if there is other problems.
- Jouni -
Cisco ASA 5505 - outside can't DHPC as router use same range
Hi
Im new to the ASA and is trying to setup at test net. The ASA is connected to my router on port zero using DHPC.
(Or i guess its not as the router use the same ip range as ASA does inside).
I tried to set a static IP in the same range (eg. 192.168.1.20) but then get the message "cannot overlap with the subnet of interface inside".
So I belive that is why it dont get a IP from my router - it does show up in the router DHPC table as 192.168.1.5 but ASDM home says outside "no IP address".
I tried to change the inside range of the ASA but if I change the inside IP i loose connection.
(Had to restore factory-default useing the console).
I guess I could setup another range using the console, but how?
How can I setup this test net?If I need to save I did not. (I have not used the console before).
Found the: "write memory" and reload command.
I cant connect to the asa using ADSM-IDM Launcher (from PC connected to the inside lan).
It seems that the asa DHPC server does not work.
And: show running-config
ciscoasa# show running-config
: Saved
ASA Version 8.2(5)
hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 192.168.2.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
no ip address
ftp mode passive
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
dhcp-client client-id interface outside
dhcpd auto_config outside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:5085ad55b43198c7490b2edfee450906
: end -
Cisco asa 5505 issues ( ROUTING AND PAT)
I have some issues with my cisco asa 5505 config. Please see details below:
NETWORK SETUP:
gateway( 192.168.223.191) - cisco asa 5505 ( outside - 192.168.223.200 , inside - 192.168.2.253, DMZ - 172.16.3.253 ) -
ISSUES:
1)
no route from DMZ to outside
example:
ping from 172.16.3201 to the gateway
6 Jan 27 2014 11:15:33 172.16.3.201 39728 Failed to locate egress interface for ICMP from outside:172.16.3.201/39728 to 172.16.3.253/0
2)
not working access from external to DMZ AT ALL
ASA DETAILS:
cisco asa5505
Device license Base
Maximum Physical Interfaces 8 perpetual
VLANs 3 DMZ Restricted
Inside Hosts Unlimited perpetual
configuration:
firewall200(config)# show run
: Saved
ASA Version 9.1(3)
hostname firewall200
domain-name test1.com
enable password xxxxxxxxxxx encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd XXXXXXXXXXX encrypted
names
interface Ethernet0/0
switchport access vlan 100
interface Ethernet0/1
switchport access vlan 200
interface Ethernet0/2
switchport access vlan 200
interface Ethernet0/3
switchport access vlan 200
interface Ethernet0/4
switchport access vlan 300
interface Ethernet0/5
switchport access vlan 300
interface Ethernet0/6
switchport access vlan 300
interface Ethernet0/7
switchport access vlan 300
interface Vlan100
nameif outside
security-level 0
ip address 192.168.223.200 255.255.255.0
interface Vlan200
mac-address 001b.539c.597e
nameif inside
security-level 100
ip address 172.16.2.253 255.255.255.0
interface Vlan300
no forward interface Vlan200
nameif DMZ
security-level 50
ip address 172.16.3.253 255.255.255.0
boot system disk0:/asa913-k8.bin
boot config disk0:/startup-config.cfg
ftp mode passive
clock timezone GMT/BST 0
clock summer-time GMT/BDT recurring last Sun Mar 1:00 last Sun Oct 2:00
dns server-group DefaultDNS
domain-name test1.com
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network office1-int
host 172.16.2.1
object network firewall-dmz-gateway
host 172.16.3.253
object network firewall-internal-gateway
host 172.16.2.253
object network com1
host 192.168.223.227
object network web2-ext
host 192.168.223.201
object network web2-int
host 172.16.3.201
object network gateway
host 192.168.223.191
object network office1-int
host 172.16.2.1
object-group network DMZ_SUBNET
network-object 172.16.3.0 255.255.255.0
object-group service www tcp
port-object eq www
port-object eq https
access-list DMZ_access_in extended permit icmp any any
access-list DMZ_access_in extended permit ip any any
access-list outside_access_in extended permit tcp any object web2-ext eq www
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu DMZ 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-714.bin
no asdm history enable
arp DMZ 172.16.4.199 001b.539c.597e alias
arp DMZ 172.16.3.199 001b.539c.597e alias
arp timeout 14400
no arp permit-nonconnected
object network web2-int
nat (DMZ,outside) static web2-ext service tcp www www
access-group outside_access_in in interface outside
access-group DMZ_access_in in interface DMZ
route inside 172.168.2.0 255.255.255.0 192.168.223.191 1
route inside 172.168.3.0 255.255.255.0 192.168.223.191 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
http server enable
http 192.168.223.227 255.255.255.255 outside
http 172.163.2.5 255.255.255.255 outside
http 172.163.2.5 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet timeout 5
ssh 192.168.223.227 255.255.255.255 outside
ssh 172.163.2.5 255.255.255.255 outside
ssh 172.163.2.5 255.255.255.255 inside
ssh timeout 60
ssh key-exchange group dh-group1-sha1
console timeout 0
dhcpd address 172.16.2.10-172.16.2.10 inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 176.58.109.199 source outside prefer
ntp server 81.150.197.169 source outside
ntp server 82.113.154.206
username xxxx password xxxxxxxxx encrypted
class-map DMZ-class
match any
policy-map global_policy
policy-map DMZ-policy
class DMZ-class
inspect icmp
service-policy DMZ-policy interface DMZ
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:9c73fa27927822d24c75c49f09c67c24
: endThank you one more time for everthing. It is workingin indeed
Reason why maybe sometimes I had some 'weird' results was because I had all devices connected to the same switch.Separtated all networks to a different switches helped.Anyway if you could take a look one last time to my configuration and let me know if it's good enough to deploy it on live ( only www for all , ssh restricted from outside, lan to dmz) .Thanks one more time.
show run
: Saved
ASA Version 9.1(3)
hostname firewall200
domain-name test1.com
enable password xxxxxxxxxx encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd xxxxxxxxxxxx encrypted
names
interface Ethernet0/0
switchport access vlan 100
interface Ethernet0/1
switchport access vlan 200
interface Ethernet0/2
switchport access vlan 200
interface Ethernet0/3
switchport access vlan 200
interface Ethernet0/4
switchport access vlan 300
interface Ethernet0/5
switchport access vlan 300
interface Ethernet0/6
switchport access vlan 300
interface Ethernet0/7
switchport access vlan 300
interface Vlan100
nameif outside
security-level 0
ip address 192.168.223.200 255.255.255.0
interface Vlan200
mac-address 001b.539c.597e
nameif inside
security-level 100
ip address 172.16.2.253 255.255.255.0
interface Vlan300
no forward interface Vlan200
nameif DMZ
security-level 50
ip address 172.16.3.253 255.255.255.0
boot system disk0:/asa913-k8.bin
boot config disk0:/startup-config.cfg
ftp mode passive
clock timezone GMT/BST 0
clock summer-time GMT/BDT recurring last Sun Mar 1:00 last Sun Oct 2:00
dns domain-lookup inside
dns domain-lookup DMZ
dns server-group DefaultDNS
name-server 8.8.8.8
name-server 8.8.4.4
domain-name test1.com
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network firewall-dmz-gateway
host 172.16.3.253
object network firewall-internal-gateway
host 172.16.2.253
object network com1
host 192.168.223.227
object network web2-ext
host 192.168.223.201
object network web2-int
host 172.16.3.201
object network gateway
host 192.168.223.191
object network office1-int
host 172.16.2.1
object-group network DMZ_SUBNET
network-object 172.16.3.0 255.255.255.0
object-group service www tcp
port-object eq www
port-object eq https
access-list DMZ_access_in extended permit icmp any any
access-list DMZ_access_in extended permit ip any any
access-list DMZ_access_in extended permit tcp 172.16.3.0 255.255.255.0 interface outside eq ssh
access-list outside_access_in extended permit tcp any object web2-int eq www
access-list outside_access_in extended permit tcp any object web2-int eq ssh
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu DMZ 1500
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
icmp permit any DMZ
asdm image disk0:/asdm-714.bin
no asdm history enable
arp DMZ 172.16.4.199 001b.539c.597e alias
arp DMZ 172.16.3.199 001b.539c.597e alias
arp timeout 14400
no arp permit-nonconnected
object network web2-int
nat (DMZ,outside) static web2-ext net-to-net
access-group outside_access_in in interface outside
access-group DMZ_access_in in interface DMZ
route outside 0.0.0.0 0.0.0.0 192.168.223.191 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
http server enable
http 192.168.223.227 255.255.255.255 outside
http 172.163.2.5 255.255.255.255 outside
http 172.163.2.5 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet timeout 5
ssh 192.168.223.227 255.255.255.255 outside
ssh 172.163.2.5 255.255.255.255 outside
ssh 172.16.3.253 255.255.255.255 outside
ssh 172.163.2.5 255.255.255.255 inside
ssh timeout 60
ssh key-exchange group dh-group1-sha1
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 176.58.109.199 source outside prefer
ntp server 81.150.197.169 source outside
ntp server 82.113.154.206
username xxxxx password xxxxxxxxx encrypted
class-map DMZ-class
match any
policy-map global_policy
policy-map DMZ-policy
class DMZ-class
inspect icmp
service-policy DMZ-policy interface DMZ
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:f264c94bb8c0dd206385a6b72afe9e5b
: end -
Asa 5505 transparent firewall issue
hi i am having uc560 with voice and data vlan and i am having 3560 layer3 switch and my network is working fine the dhcp for voice and data both are running in uc560.
now i add asa 5505 between uc560 and switch in transparent mode means from uc560 to asa 5505 outside interface and from asa inside interface to switch,
i conigured vlan1 -- inside and vlan 2 as outside in asa 5505
in my uc 560 data is vlan 1 and my voice is vlan 100.
when i connect my network with transparent mode firewall no dhcp amd no phones are working . but if i remove asa and i connect with uc560 to switch everything is fine.
is there anyway to work multiple voice and data vlan in asa 5505 transparent mode.hi rojas,
here is my problem,
my internet and voice all connected in the uc 560 so wat i am doing i am connecting firewall outside to uc 560 trunk port and the from inside to my switch.
when i connec to my switch it is giving message inconsistant vlan and it is port is blocked. and my phones are not working.
my data vlan1 is 192.168.123.x
and my voice vlan100 is 10.1.1.x
and the firewall ip 192.168.123.3 -
ASA 5505 - L2TP over IPsec - Remote Address shows outside interface address
Using an ASA 5505 for firewall and VPN. We've enabled L2TP over IPsec to allow Windows clients to connect without third party software.
The devices complete the connection and authenticate fine, but then are unable to hit any internal resources. Split tunneling seems to be working, as they can still hit outside resources. Packet tracer shows tcp flowing freely between VPN clients (192.168.102.0/24) and internal resources (192.168.100.0/24). Even the NAT translation looks good in packet tracer.
I pulled up the session details for one of the VPN clients in the ASDM and under the IPsecOverNatT details, it is showing the VPN client's remote address correctly, but displays the local address as the address assigned to the outside interface (which the client is using to connect.) This seems to be the problem, as viewing detailed connection logs shows the internal resources trying to send packets back to the outside interface rather than the VPN client's assigned internal addresses. Details:
Crypto map tag: SYSTEM_DEFAULT_CRYPTO_MAP, seq num: 65535, local addr: [OUTSIDE INTERFACE ADDRESS]
local ident (addr/mask/prot/port): ([OUTSIDE INTERFACE ADDRESS]/255.255.255.255/17/1701)
remote ident (addr/mask/prot/port): ([VPN CLIENT ADDRESS]/255.255.255.255/17/0)
current_peer: [VPN CLIENT ADDRESS], username: vpnuser
dynamic allocated peer ip: 192.168.102.1 [This is what I think it should be showing for local ident]
dynamic allocated peer ip(ipv6): 0.0.0.0
#pkts encaps: 16, #pkts encrypt: 16, #pkts digest: 16
#pkts decaps: 18, #pkts decrypt: 18, #pkts verify: 18
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 16, #pkts comp failed: 0, #pkts decomp failed: 0
#post-frag successes: 0, #post-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#TFC rcvd: 0, #TFC sent: 0
#Valid ICMP Errors rcvd: 0, #Invalid ICMP Errors rcvd: 0
#pkts no sa (send): 0, #pkts invalid sa (rcv): 0
#pkts encaps failed (send): 0, #pkts decaps failed (rcv): 0
#pkts invalid prot (rcv): 0, #pkts verify failed: 0
#pkts invalid identity (rcv): 0, #pkts invalid len (rcv): 0
#pkts invalid pad (rcv): 0,
#pkts invalid ip version (rcv): 0,
#pkts replay rollover (send): 0, #pkts replay rollover (rcv): 0
#pkts replay failed (rcv): 0
#pkts min mtu frag failed (send): 0, #pkts bad frag offset (rcv): 0
#pkts internal err (send): 0, #pkts internal err (rcv): 0
local crypto endpt.: [OUTSIDE INTERFACE ADDRESS]/4500, remote crypto endpt.: [VPN CLIENT ADDRESS]/8248
path mtu 1500, ipsec overhead 82(52), media mtu 1500
PMTU time remaining (sec): 0, DF policy: copy-df
ICMP error validation: disabled, TFC packets: disabled
current outbound spi: 05BFAE20
current inbound spi : CF85B895
inbound esp sas:
spi: 0xCF85B895 (3481647253)
transform: esp-aes esp-sha-hmac no compression
in use settings ={RA, Transport, NAT-T-Encaps, IKEv1, }
slot: 0, conn_id: 77824, crypto-map: SYSTEM_DEFAULT_CRYPTO_MAP
sa timing: remaining key lifetime (kB/sec): (4373998/3591)
IV size: 16 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x000FFFFD
outbound esp sas:
spi: 0x05BFAE20 (96448032)
transform: esp-aes esp-sha-hmac no compression
in use settings ={RA, Transport, NAT-T-Encaps, IKEv1, }
slot: 0, conn_id: 77824, crypto-map: SYSTEM_DEFAULT_CRYPTO_MAP
sa timing: remaining key lifetime (kB/sec): (4373999/3591)
IV size: 16 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x00000001
Any ideas? The remote clients connect but when internal resources try to send traffic to the VPN clients, the packets are directed to the outside interface address instead of the local address assigned to the VPN client.I have what I believe to be a similar issue. Site to site vpn is working well. That is site b can ping and send traffic to site A but Site A can not. Site B is a 3rd party vpn router. Site A is a Cisco 5505.
It appears that when the crypto map inserts the route into the routing table it shows the route via the outside IP of the outside interface and not the IP of Site B. in the crypto map I can see the proper ip address for the peer. I can't figure out why when it inserts the route that it uses the wrong ip address -
We have a Cisco 515 as a headend firewall with ~30 VPN connections to remote sites. The existing remote sites are using Cisco 506 firewalls and work fine. I am trying to setup an ASA 5505 as a rmote firewall as a future replacement for the PIX 506's. I am able to get the site to site tunnels up just fine. The issue is that once the tunnels are up I am not able to ping the inside interface of the remote ASA from the headend LAN. I am able to telnet to the ASA and run the ASDM but no ping. I am also not able to ping from the ASA to the headend LAN but I can ping from a device on the remote ASA LAN to the headend LAN. I have rebuilt the configs manually and with the ASDM with the same results. The remote Ipsec rules prtect the outside interface to headend LAN just like I do on the 506's. It is almost like the ASA will not build a tunnel from the outside interface to the remote LAN. Can anyone tell me what I am missing or what is different about the ASA over the PIX? Any help appreciated.
Thanks for your reply. This is already set allong with the following.
icmp permit any inside
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
When looking at the logs it looks like it builds an inbound connection and tears it down. On the PIX's it builds the inbound and outbound connection and then tears them down.
When I do an inspect on the ping packets from the remote LAN I get an interesting result.
Result:
input-interface: outside
input-status: up
input-line-status: up
output-interface: NP Identity Ifc
output-status: up
output-line-status: up
Action: drop
Drop-reason: (ipsec-spoof) IPSEC Spoof detected -
How to tracert to outside in ASA 5505/5520?
Hi,everybody
The tracert issue have troubled me for a long time. I don't know how to deal with it. Pls give me some advice. Thanks!
Following is the details.
The network have two firewall(ASA 5505,ASA 5520) placed in different cities. And all person inside can reach the internet.
The problem is that we can ping internet IP from inside but can not tracert outside IP. It always reply us "request time out".
Why?
Somebody know that?Hello,
I know this has been a long time ago, but I'm facing the same issue in the ASA. Weirdly enough, I can reach the destination using traceroute with no problem, but I can't see the path to it. I pasted the result below.
I also checked my ASA configuration and the only setting that is not present is the "match any " for the "class-map class_default", because when I enter "class-map class_default" I get the following warning:
ASA(config)# class-map class-default
ERROR: % class-default is a well-known class and is not configurable under class-map
Can you guys help me? I posted below the tracert output and the concerned configuration. I can't find the misfit and I already checked most of the configuration forums.
C:\>tracert www.google.com
Tracing route to www.google.com [173.194.79.104]
over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms 10.0.0.1
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.
8 * * * Request timed out.
9 * * * Request timed out.
10 * * * Request timed out.
11 * * * Request timed out.
12 * * * Request timed out.
13 * * * Request timed out.
14 * * * Request timed out.
15 * * * Request timed out.
16 * * * Request timed out.
17 * * * Request timed out.
18 * * * Request timed out.
19 * * * Request timed out.
20 * * * Request timed out.
21 * * * Request timed out.
22 * * * Request timed out.
23 212 ms 212 ms 212 ms pb-in-f104.1e100.net [173.194.79.104]
Trace complete.
---Router configuration
icmp unreachable rate-limit 10 burst-size 5
object-group service ICMP_Return
service-object icmp echo-reply
service-object icmp time-exceeded
service-object icmp traceroute
service-object icmp unreachable
service-object icmp6 echo-reply
service-object icmp6 time-exceeded
service-object icmp6 unreachable
access-list IF_outside_access_in remark ICMP Return
access-list IF_outside_access_in extended permit object-group ICMP_Return any any
access-group IF_outside_access_in in interface IF_outside
class-map class_default
!--- This does not exit -> match any
class-map inspection_default
match default-inspection-traffic
policy-map global_policy
class class-default
set connection decrement-ttl
service-policy global_policy global -
Hello,
I am using ASA 5505 as a transparent firewall. I have assigned ethernet 0/0 as outside interface and ethernet0/1-7 as inside interface. There are 3 departments in office. So, i connected ethernet 0/1 to Dept A, ethernet 0/2 to Dept B and ethernet 0/3 to Dept C.
Now, I want to limit bandwidth to each department, e.g, 1 Mbps download/upload to Dept A, 512 kbps download/upload to Dept B and 512 kbps download/upload to Dept C.
So, how can i do this in ASA 5505...? Please help me doing this configuration.
Your help will be much appreciable.
Thanks,Hello Robin,
When you talk about policing on the input direction you have to be aware that the traffic already hit your interface, So this is why you are still seeing a higher rate,
Different than from output direction where the traffic has not been send to the interface TX,
Regards,
Julio Carvajal -
ASA 5505 ver 8.4 DMZ to Outside not working
I have an ASA 5505 ver 8.4. The configuration is provided below. My INSIDE hosts are able to get to the internet via the Outside interface. The DHCP for my INSIDE hosts are handled by my L3 3560 switch. My DMZ hosts DHCP is handled by the ASA 5505. I've included packet-tracer results for both from the DMZ to the Outside address (DNS server) and a return packet tracer from the Outside interface to the DMZ host address. I see that the return is failing, however everything I have tried so far hasn't worked. Thank you in advance for any assistance.
***************************************8
ASA Version 8.4(4)
hostname mxfw
domain-name moxiefl.com
enable password (removed)
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
shutdown
interface Ethernet0/4
shutdown
interface Ethernet0/5
switchport trunk allowed vlan 20,22
switchport mode trunk
interface Ethernet0/6
shutdown
interface Ethernet0/7
shutdown
interface Vlan1
nameif inside
security-level 100
ip address 10.0.1.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
interface Vlan20
nameif dmz
security-level 50
ip address 172.26.20.1 255.255.255.0
interface Vlan22
nameif dmz2
security-level 50
ip address 172.26.22.1 255.255.255.0
ftp mode passive
dns domain-lookup inside
dns domain-lookup outside
dns server-group DefaultDNS
name-server 208.67.222.222
name-server 208.67.220.220
domain-name moxiefl.com
same-security-traffic permit inter-interface
object network Generic_All_Network
subnet 0.0.0.0 0.0.0.0
object network INSIDE_Hosts
subnet 10.1.0.0 255.255.0.0
object network AnyConnect_Hosts
subnet 192.168.60.0 255.255.255.0
object network NETWORK_OBJ_192.168.60.0_26
subnet 192.168.60.0 255.255.255.192
object network DMZ_Network
subnet 172.26.20.0 255.255.255.0
object network DMZ2_Network
subnet 172.26.22.0 255.255.255.0
pager lines 24
mtu inside 1500
mtu outside 1500
mtu dmz 1500
mtu dmz2 1500
ip local pool VPN_POOL 192.168.60.20-192.168.60.40 mask 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
nat (inside,outside) source dynamic Generic_All_Network interface
nat (inside,outside) source static INSIDE_Hosts INSIDE_Hosts destination static AnyConnect_Hosts AnyConnect_Hosts route-lookup
nat (inside,outside) source static any any destination static NETWORK_OBJ_192.168.60.0_26 NETWORK_OBJ_192.168.60.0_26 no-proxy-arp route-lookup
nat (dmz,outside) source dynamic Generic_All_Network interface
nat (dmz2,outside) source dynamic Generic_All_Network interface
route inside 10.1.0.0 255.255.0.0 10.0.1.2 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
aaa authentication http console LOCAL
http server enable
http 10.0.0.0 255.0.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto ca trustpoint ASDM_TrustPoint0
enrollment self
fqdn anyconnect.moxiefl.com
subject-name CN=AnyConnect.moxiefl.com
keypair AnyConnect
proxy-ldc-issuer
crl configure
crypto ca certificate chain ASDM_TrustPoint0
certificate 439a4452
3082026c 308201d5 a0030201 02020443 9a445230 0d06092a 864886f7 0d010105
05003048 311f301d 06035504 03131641 6e79436f 6e6e6563 742e6d6f 78696566
6c2e636f 6d312530 2306092a 864886f7 0d010902 1616616e 79636f6e 6e656374
2e6d6f78 6965666c 2e636f6d 301e170d 31333039 32373037 32353331 5a170d32
33303932 35303732 3533315a 3048311f 301d0603 55040313 16416e79 436f6e6e
6563742e 6d6f7869 65666c2e 636f6d31 25302306 092a8648 86f70d01 09021616
616e7963 6f6e6e65 63742e6d 6f786965 666c2e63 6f6d3081 9f300d06 092a8648
86f70d01 01010500 03818d00 30818902 8181009a d9f320ff e93d4fdd cb707a4c
b4664c47 6d2cc639 4dc45fed bfbc2150 7109fd81 5d6a5252 3d40dc43 696360d5
fbf92bcc 477d19b8 5301085c daf40de5 87d7e4aa f81b8d7f 8d364dfa 0a6f07d7
6a7c3e9b 56e69152 aa5492d8 e35537bd 567ccf29 7afbeae8 13da9936 9f890d76
1d56d11d da3d039a 0e714849 e6841ff2 5483b102 03010001 a3633061 300f0603
551d1301 01ff0405 30030101 ff300e06 03551d0f 0101ff04 04030201 86301f06
03551d23 04183016 80142f27 7096c4c5 e396e691 e07ef737 af61b71f 64f1301d
0603551d 0e041604 142f2770 96c4c5e3 96e691e0 7ef737af 61b71f64 f1300d06
092a8648 86f70d01 01050500 03818100 8f777196 bbe6a5e4 8af9eb9a 514a8348
5e62d6cd 47257243 e430a758 2b367543 065d4ceb 582bf666 08ff7be1 f89287a2
ac527824 b11c2048 7fd2b50d 35ca3902 6aa00675 e4df7859 f3590596 b1d52426
1e97a52c 4e77f4b0 226dec09 713f7ba9 80bdf7bb b52a7da2 4a68b91b 455cabba
0cc4c6f3 f244f7d9 0a6e32fb 31ce7e35
quit
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable outside client-services port 443
crypto ikev2 remote-access trustpoint ASDM_TrustPoint0
telnet timeout 5
ssh 10.0.0.0 255.0.0.0 inside
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
dhcpd dns 208.67.222.222 208.67.220.220
dhcpd auto_config outside
dhcpd address 10.0.1.20-10.0.1.40 inside
dhcpd dns 208.67.222.222 208.67.220.220 interface inside
dhcpd enable inside
dhcpd address 172.26.20.21-172.26.20.60 dmz
dhcpd dns 208.67.222.222 208.67.220.220 interface dmz
dhcpd enable dmz
dhcpd address 172.26.22.21-172.26.22.200 dmz2
dhcpd dns 208.67.222.222 208.67.220.220 interface dmz2
dhcpd enable dmz2
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl trust-point ASDM_TrustPoint0 outside
webvpn
enable outside
anyconnect-essentials
anyconnect image disk0:/anyconnect-win-3.0.2052-k9.pkg 1
anyconnect profiles AnyConnect_client_profile disk0:/AnyConnect_client_profile.xml
anyconnect enable
tunnel-group-list enable
group-policy GroupPolicy_AnyConnect internal
group-policy GroupPolicy_AnyConnect attributes
wins-server none
dns-server value 208.67.222.222 208.67.220.220
vpn-tunnel-protocol ikev2 ssl-client
default-domain value moxiefl.com
webvpn
anyconnect profiles value AnyConnect_client_profile type user
username user1 password $$$$$$$$$$$$$$$$$ encrypted privilege 15
username user2 password $$$$$$$$$$$$$$$$$ encrypted privilege 15
tunnel-group AnyConnect type remote-access
tunnel-group AnyConnect general-attributes
address-pool VPN_POOL
default-group-policy GroupPolicy_AnyConnect
tunnel-group AnyConnect webvpn-attributes
group-alias AnyConnect enable
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect icmp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:f2c7362097b71bcada023c6bbfc45121
: end
Packet Tracer from DMZ to Outside
mxfw# packet-tracer input dmz icmp 172.26.20.22 8 0 208.67.222.222 detailed
Phase: 1
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 0.0.0.0 0.0.0.0 outside
Phase: 2
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0xac5bdb90, priority=0, domain=inspect-ip-options, deny=true
hits=22, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
input_ifc=dmz, output_ifc=any
Phase: 3
Type: INSPECT
Subtype: np-inspect
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0xacff7ee0, priority=70, domain=inspect-icmp, deny=false
hits=8, user_data=0xad253a68, cs_id=0x0, use_real_addr, flags=0x0, protocol=1
src ip/id=0.0.0.0, mask=0.0.0.0, icmp-type=0
dst ip/id=0.0.0.0, mask=0.0.0.0, icmp-code=0, dscp=0x0
input_ifc=dmz, output_ifc=any
Phase: 4
Type: INSPECT
Subtype: np-inspect
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0xac5bd768, priority=66, domain=inspect-icmp-error, deny=false
hits=8, user_data=0xac5bcd80, cs_id=0x0, use_real_addr, flags=0x0, protocol=1
src ip/id=0.0.0.0, mask=0.0.0.0, icmp-type=0
dst ip/id=0.0.0.0, mask=0.0.0.0, icmp-code=0, dscp=0x0
input_ifc=dmz, output_ifc=any
Phase: 5
Type: NAT
Subtype:
Result: ALLOW
Config:
nat (dmz,outside) source dynamic Generic_All_Network interface
Additional Information:
Dynamic translate 172.26.20.22/0 to 192.168.1.231/23136
Forward Flow based lookup yields rule:
in id=0xac63c0e8, priority=6, domain=nat, deny=false
hits=7, user_data=0xac6209f0, cs_id=0x0, use_real_addr, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
input_ifc=dmz, output_ifc=outside
Phase: 6
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Reverse Flow based lookup yields rule:
in id=0xac578bf0, priority=0, domain=inspect-ip-options, deny=true
hits=7510, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
input_ifc=outside, output_ifc=any
Phase: 7
Type: FLOW-CREATION
Subtype:
Result: ALLOW
Config:
Additional Information:
New flow created with id 7561, packet dispatched to next module
Module information for forward flow ...
snp_fp_tracer_drop
snp_fp_inspect_ip_options
snp_fp_inspect_icmp
snp_fp_translate
snp_fp_adjacency
snp_fp_fragment
snp_ifc_stat
Module information for reverse flow ...
snp_fp_tracer_drop
snp_fp_inspect_ip_options
snp_fp_translate
snp_fp_inspect_icmp
snp_fp_adjacency
snp_fp_fragment
snp_ifc_stat
Result:
input-interface: dmz
input-status: up
input-line-status: up
output-interface: outside
output-status: up
output-line-status: up
Action: allow
Packet Tracer for return from Outside:
mxfw(config)# packet-tracer input outside icmp 207.67.222.222 0 0 172.26.20.22$
Phase: 1
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 172.26.20.0 255.255.255.0 dmz
Phase: 2
Type: ACCESS-LIST
Subtype:
Result: DROP
Config:
Implicit Rule
Additional Information:
Forward Flow based lookup yields rule:
in id=0xacea45d8, priority=11, domain=permit, deny=true
hits=0, user_data=0x5, cs_id=0x0, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
input_ifc=outside, output_ifc=any
Result:
input-interface: outside
input-status: up
input-line-status: up
output-interface: dmz
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule
Settings of PC and PING & tracert results
C:\Users>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : MXW8DT01
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Wireless LAN adapter Local Area Connection* 11:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
Physical Address. . . . . . . . . : 68-94-23-20-FA-C5
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Wi-Fi:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Ralink RT5390R 802.11bgn Wi-Fi Adapter
Physical Address. . . . . . . . . : 68-94-23-20-FA-C3
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Ethernet:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 08-9E-01-3D-64-39
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 172.26.20.22(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, October 6, 2013 3:28:48 PM
Lease Expires . . . . . . . . . . : Sunday, October 6, 2013 4:28:48 PM
Default Gateway . . . . . . . . . : 172.26.20.1
DHCP Server . . . . . . . . . . . : 172.26.20.1
DNS Servers . . . . . . . . . . . : 208.67.222.222
208.67.220.220
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{9B004C7D-7A34-4A9C-BEDB-5212A582FAB1}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:3497:208a:53e5:ebe9(Pref
erred)
Link-local IPv6 Address . . . . . : fe80::3497:208a:53e5:ebe9%16(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
C:\Users>ping 208.67.222.222
Pinging 208.67.222.222 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 208.67.222.222:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
C:\Users>tracert 208.67.222.222
Tracing route to 208.67.222.222 over a maximum of 30 hops
1 1 ms <1 ms <1 ms 172.26.20.1
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.
8 * * * Request timed out.
9 * * * Request timed out.
10 * * * Request timed out.
11 * * * Request timed out.
12 * * * Request timed out.
13 * * * Request timed out.
14 * * * Request timed out.
15 * * * Request timed out.
16 * * * Request timed out.
17 * * * Request timed out.
18 * * * Request timed out.
19 * * * Request timed out.
20 * * * Request timed out.
21 * * * Request timed out.
22 * * * Request timed out.
23 * * * Request timed out.
24 * * * Request timed out.
25 * * * Request timed out.
26 * * * Request timed out.
27 * * * Request timed out.
28 * * * Request timed out.
29 * * * Request timed out.
30 * * * Request timed out.
Trace complete.Naveen & Julio,
The version is below along with the captures. The show cap asp | include 208.67.222.222 is fairly long.
Thank you again for your assistance.
Jerry
mxfw(config)# sho ver
Cisco Adaptive Security Appliance Software Version 8.4(4)
Device Manager Version 6.4(9)
Compiled on Mon 21-May-12 10:48 by builders
System image file is "disk0:/asa844-k8.bin"
Config file at boot was "startup-config"
mxfw up 23 hours 47 mins
Hardware: ASA5505, 1024 MB RAM, CPU Geode 500 MHz
Internal ATA Compact Flash, 32768MB
BIOS Flash M50FW016 @ 0xfff00000, 2048KB
Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)
Boot microcode : CN1000-MC-BOOT-2.00
SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.06
Number of accelerators: 1
0: Int: Internal-Data0/0 : address is 2c54.2df4.9c93, irq 11
1: Ext: Ethernet0/0 : address is 2c54.2df4.9c8b, irq 255
2: Ext: Ethernet0/1 : address is 2c54.2df4.9c8c, irq 255
3: Ext: Ethernet0/2 : address is 2c54.2df4.9c8d, irq 255
4: Ext: Ethernet0/3 : address is 2c54.2df4.9c8e, irq 255
5: Ext: Ethernet0/4 : address is 2c54.2df4.9c8f, irq 255
6: Ext: Ethernet0/5 : address is 2c54.2df4.9c90, irq 255
7: Ext: Ethernet0/6 : address is 2c54.2df4.9c91, irq 255
8: Ext: Ethernet0/7 : address is 2c54.2df4.9c92, irq 255
9: Int: Internal-Data0/1 : address is 0000.0003.0002, irq 255
10: Int: Not used : irq 255
11: Int: Not used : irq 255
Licensed features for this platform:
Maximum Physical Interfaces : 8 perpetual
VLANs : 20 DMZ Unrestricted
Dual ISPs : Enabled perpetual
VLAN Trunk Ports : 8 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Standby perpetual
VPN-DES : Enabled perpetual
VPN-3DES-AES : Enabled perpetual
AnyConnect Premium Peers : 25 perpetual
AnyConnect Essentials : 25 perpetual
Other VPN Peers : 25 perpetual
Total VPN Peers : 25 perpetual
Shared License : Enabled perpetual
AnyConnect for Mobile : Enabled perpetual
AnyConnect for Cisco VPN Phone : Enabled perpetual
Advanced Endpoint Assessment : Enabled perpetual
UC Phone Proxy Sessions : 24 perpetual
Total UC Proxy Sessions : 24 perpetual
Botnet Traffic Filter : Enabled perpetual
Intercompany Media Engine : Disabled perpetual
This platform has an ASA 5505 Security Plus license.
Serial Number: JMX1617Z2B0
Running Permanent Activation Key: 0x112dd960 0x68ba556a 0x9160b8f4 0xc4f49064 0x822ae087
Configuration register is 0x1
mxfw(config)# sho cap asp | include 208.67.222.222
1: 08:14:03.444953 802.1Q vlan#2 P0 192.168.60.20.50815 > 208.67.222.222.53: udp 38
4: 08:14:04.613920 802.1Q vlan#2 P0 192.168.60.20.49379 > 208.67.222.222.53: udp 36 Drop-reason: (unable-to-create-flow) Flow denied due to resource limitation
9: 08:14:05.456168 802.1Q vlan#2 P0 192.168.60.20.50815 > 208.67.222.222.53: udp 38 Drop-reason: (unable-to-create-flow) Flow denied due to resource limitation
19: 08:14:07.874283 802.1Q vlan#2 P0 192.168.60.20.52778 > 208.67.222.222.53: udp 39 Drop-reason: (unable-to-create-flow) Flow denied due to resource limitation
26: 08:14:09.464407 802.1Q vlan#2 P0 192.168.60.20.50815 > 208.67.222.222.53: udp 38 Drop-reason: (unable-to-create-flow) Flow denied due to resource limitation
31: 08:14:09.885559 802.1Q vlan#2 P0 192.168.60.20.52778 > 208.67.222.222.53: udp 39 Drop-reason: (unable-to-create-flow) Flow denied due to resource limitation
36: 08:14:11.228427 802.1Q vlan#2 P0 192.168.60.20.57817 > 208.67.222.222.53: udp 36
37: 08:14:12.240847 802.1Q vlan#2 P0 192.168.60.20.57817 > 208.67.222.222.53: udp 36 Drop-reason: (unable-to-create-flow) Flow denied due to resource limitation
38: 08:14:13.254533 802.1Q vlan#2 P0 192.168.60.20.57817 > 208.67.222.222.53: udp 36 Drop-reason: (unable-to-create-flow) Flow denied due to resource limitation
44: 08:14:13.893889 802.1Q vlan#2 P0 192.168.60.20.52778 > 208.67.222.222.53: udp 39 Drop-reason: (unable-to-create-flow) Flow denied due to resource limitation
51: 08:14:15.266374 802.1Q vlan#2 P0 192.168.60.20.57817 > 208.67.222.222.53: udp 36
63: 08:14:19.274750 802.1Q vlan#2 P0 192.168.60.20.57817 > 208.67.222.222.53: udp 36
68: 08:14:20.509312 802.1Q vlan#2 P0 192.168.60.20.50543 > 208.67.222.222.53: udp 39
69: 08:14:21.520816 802.1Q vlan#2 P0 192.168.60.20.50543 > 208.67.222.222.53: udp 39
70: 08:14:22.534548 802.1Q vlan#2 P0 192.168.60.20.50543 > 208.67.222.222.53: udp 39
76: 08:14:24.547228 802.1Q vlan#2 P0 192.168.60.20.50543 > 208.67.222.222.53: udp 39
83: 08:14:28.554826 802.1Q vlan#2 P0 192.168.60.20.50543 > 208.67.222.222.53: udp 39
89: 08:14:29.803150 802.1Q vlan#2 P0 192.168.60.20.54948 > 208.67.222.222.53: udp 38
91: 08:14:31.816089 802.1Q vlan#2 P0 192.168.60.20.54948 > 208.67.222.222.53: udp 38
102: 08:14:35.822894 802.1Q vlan#2 P0 192.168.60.20.54948 > 208.67.222.222.53: udp 38
116: 08:14:42.885604 802.1Q vlan#2 P0 192.168.60.20.62505 > 208.67.222.222.53: udp 34
118: 08:14:43.883926 802.1Q vlan#2 P0 192.168.60.20.62505 > 208.67.222.222.53: udp 34
123: 08:14:44.884491 802.1Q vlan#2 P0 192.168.60.20.62505 > 208.67.222.222.53: udp 34
127: 08:14:46.884521 802.1Q vlan#2 P0 192.168.60.20.62505 > 208.67.222.222.53: udp 34
133: 08:14:48.882721 802.1Q vlan#2 P0 192.168.60.20.52421 > 208.67.222.222.53: udp 34
135: 08:14:49.881942 802.1Q vlan#2 P0 192.168.60.20.52421 > 208.67.222.222.53: udp 34
138: 08:14:50.882858 802.1Q vlan#2 P0 192.168.60.20.52421 > 208.67.222.222.53: udp 34
140: 08:14:50.885620 802.1Q vlan#2 P0 192.168.60.20.62505 > 208.67.222.222.53: udp 34
145: 08:14:52.883590 802.1Q vlan#2 P0 192.168.60.20.52421 > 208.67.222.222.53: udp 34
149: 08:14:53.983790 802.1Q vlan#2 P0 192.168.60.20.56343 > 208.67.222.222.53: udp 38
151: 08:14:54.982981 802.1Q vlan#2 P0 192.168.60.20.56343 > 208.67.222.222.53: udp 38
156: 08:14:55.982844 802.1Q vlan#2 P0 192.168.60.20.56343 > 208.67.222.222.53: udp 38
161: 08:14:56.884811 802.1Q vlan#2 P0 192.168.60.20.52421 > 208.67.222.222.53: udp 34
180: 08:14:57.983408 802.1Q vlan#2 P0 192.168.60.20.56343 > 208.67.222.222.53: udp 38
197: 08:14:59.441017 802.1Q vlan#2 P0 192.168.60.20.55495 > 208.67.222.222.53: udp 34
198: 08:14:59.441764 802.1Q vlan#2 P0 192.168.60.20.52091 > 208.67.222.222.53: udp 42
199: 08:14:59.442756 802.1Q vlan#2 P0 192.168.60.20.52233 > 208.67.222.222.53: udp 40
200: 08:14:59.442985 802.1Q vlan#2 P0 192.168.60.20.57413 > 208.67.222.222.53: udp 40
201: 08:14:59.443794 802.1Q vlan#2 P0 192.168.60.20.65042 > 208.67.222.222.53: udp 40
202: 08:14:59.448753 802.1Q vlan#2 P0 192.168.60.20.62151 > 208.67.222.222.53: udp 34
204: 08:14:59.504978 802.1Q vlan#2 P0 192.168.60.20.60528 > 208.67.222.222.53: udp 33
206: 08:14:59.524234 802.1Q vlan#2 P0 192.168.60.20.54032 > 208.67.222.222.53: udp 34
213: 08:15:00.505161 802.1Q vlan#2 P0 192.168.60.20.60528 > 208.67.222.222.53: udp 33
214: 08:15:00.524066 802.1Q vlan#2 P0 192.168.60.20.54032 > 208.67.222.222.53: udp 34
225: 08:15:01.441124 802.1Q vlan#2 P0 192.168.60.20.55495 > 208.67.222.222.53: udp 34
229: 08:15:01.442893 802.1Q vlan#2 P0 192.168.60.20.57413 > 208.67.222.222.53: udp 40
230: 08:15:01.443168 802.1Q vlan#2 P0 192.168.60.20.52233 > 208.67.222.222.53: udp 40
235: 08:15:01.444663 802.1Q vlan#2 P0 192.168.60.20.65042 > 208.67.222.222.53: udp 40
241: 08:15:01.563584 802.1Q vlan#2 P0 192.168.60.20.49326 > 208.67.222.222.53: udp 32
242: 08:15:01.582458 802.1Q vlan#2 P0 192.168.60.20.64011 > 208.67.222.222.53: udp 33
244: 08:15:01.598983 802.1Q vlan#2 P0 192.168.60.20.55971 > 208.67.222.222.53: udp 33
246: 08:15:01.628278 802.1Q vlan#2 P0 192.168.60.20.54709 > 208.67.222.222.53: udp 37
248: 08:15:01.982920 802.1Q vlan#2 P0 192.168.60.20.56343 > 208.67.222.222.53: udp 38
254: 08:15:02.598861 802.1Q vlan#2 P0 192.168.60.20.55971 > 208.67.222.222.53: udp 33
256: 08:15:02.622785 802.1Q vlan#2 P0 192.168.60.20.54709 > 208.67.222.222.53: udp 37
266: 08:15:04.438301 802.1Q vlan#2 P0 192.168.60.20.57642 > 208.67.222.222.53: udp 34
267: 08:15:04.440040 802.1Q vlan#2 P0 192.168.60.20.49886 > 208.67.222.222.53: udp 40
268: 08:15:04.440284 802.1Q vlan#2 P0 192.168.60.20.64655 > 208.67.222.222.53: udp 40
269: 08:15:04.441078 802.1Q vlan#2 P0 192.168.60.20.57383 > 208.67.222.222.53: udp 40
279: 08:15:05.441551 802.1Q vlan#2 P0 192.168.60.20.55495 > 208.67.222.222.53: udp 34
285: 08:15:05.443168 802.1Q vlan#2 P0 192.168.60.20.52233 > 208.67.222.222.53: udp 40
286: 08:15:05.443443 802.1Q vlan#2 P0 192.168.60.20.57413 > 208.67.222.222.53: udp 40
293: 08:15:05.445396 802.1Q vlan#2 P0 192.168.60.20.65042 > 208.67.222.222.53: udp 40
314: 08:15:07.438911 802.1Q vlan#2 P0 192.168.60.20.57642 > 208.67.222.222.53: udp 34
318: 08:15:07.440040 802.1Q vlan#2 P0 192.168.60.20.49886 > 208.67.222.222.53: udp 40
322: 08:15:07.441322 802.1Q vlan#2 P0 192.168.60.20.64655 > 208.67.222.222.53: udp 40
326: 08:15:07.443412 802.1Q vlan#2 P0 192.168.60.20.57383 > 208.67.222.222.53: udp 40
335: 08:15:09.374400 802.1Q vlan#2 P0 192.168.60.20.59105 > 208.67.222.222.53: udp 38
362: 08:15:11.439399 802.1Q vlan#2 P0 192.168.60.20.57642 > 208.67.222.222.53: udp 34
363: 08:15:11.440101 802.1Q vlan#2 P0 192.168.60.20.49886 > 208.67.222.222.53: udp 40
370: 08:15:11.441627 802.1Q vlan#2 P0 192.168.60.20.64655 > 208.67.222.222.53: udp 40
374: 08:15:11.442543 802.1Q vlan#2 P0 192.168.60.20.57383 > 208.67.222.222.53: udp 40
381: 08:15:11.995279 802.1Q vlan#2 P0 192.168.60.20.58440 > 208.67.222.222.53: udp 34
382: 08:15:12.003127 802.1Q vlan#2 P0 192.168.60.20.63442 > 208.67.222.222.53: udp 40
383: 08:15:12.003356 802.1Q vlan#2 P0 192.168.60.20.65017 > 208.67.222.222.53: udp 40
384: 08:15:12.003585 802.1Q vlan#2 P0 192.168.60.20.62373 > 208.67.222.222.53: udp 40
387: 08:15:12.994989 802.1Q vlan#2 P0 192.168.60.20.58440 > 208.67.222.222.53: udp 34
388: 08:15:13.001922 802.1Q vlan#2 P0 192.168.60.20.63442 > 208.67.222.222.53: udp 40
389: 08:15:13.004455 802.1Q vlan#2 P0 192.168.60.20.65017 > 208.67.222.222.53: udp 40
390: 08:15:13.004974 802.1Q vlan#2 P0 192.168.60.20.62373 > 208.67.222.222.53: udp 40
391: 08:15:13.005660 802.1Q vlan#2 P0 192.168.60.20.59092 > 208.67.222.222.53: udp 33
392: 08:15:13.995065 802.1Q vlan#2 P0 192.168.60.20.58440 > 208.67.222.222.53: udp 34
394: 08:15:14.001922 802.1Q vlan#2 P0 192.168.60.20.63442 > 208.67.222.222.53: udp 40
396: 08:15:14.002868 802.1Q vlan#2 P0 192.168.60.20.62373 > 208.67.222.222.53: udp 40
397: 08:15:14.003082 802.1Q vlan#2 P0 192.168.60.20.65017 > 208.67.222.222.53: udp 40
400: 08:15:14.004104 802.1Q vlan#2 P0 192.168.60.20.59092 > 208.67.222.222.53: udp 33
418: 08:15:15.995416 802.1Q vlan#2 P0 192.168.60.20.58440 > 208.67.222.222.53: udp 34
422: 08:15:16.002334 802.1Q vlan#2 P0 192.168.60.20.63442 > 208.67.222.222.53: udp 40
426: 08:15:16.003570 802.1Q vlan#2 P0 192.168.60.20.62373 > 208.67.222.222.53: udp 40
427: 08:15:16.003738 802.1Q vlan#2 P0 192.168.60.20.65017 > 208.67.222.222.53: udp 40
446: 08:15:17.302062 802.1Q vlan#2 P0 192.168.60.20.63130 > 208.67.222.222.53: udp 34
451: 08:15:18.172003 802.1Q vlan#2 P0 192.168.60.20.63438 > 208.67.222.222.53: udp 39
466: 08:15:18.993829 802.1Q vlan#2 P0 192.168.60.20.62143 > 208.67.222.222.53: udp 34
467: 08:15:19.000717 802.1Q vlan#2 P0 192.168.60.20.62168 > 208.67.222.222.53: udp 40
468: 08:15:19.000945 802.1Q vlan#2 P0 192.168.60.20.53798 > 208.67.222.222.53: udp 40
469: 08:15:19.002670 802.1Q vlan#2 P0 192.168.60.20.49384 > 208.67.222.222.53: udp 40
474: 08:15:19.695703 802.1Q vlan#2 P0 192.168.60.20.60662 > 208.67.222.222.53: udp 45
478: 08:15:19.994882 802.1Q vlan#2 P0 192.168.60.20.58440 > 208.67.222.222.53: udp 34
486: 08:15:20.002120 802.1Q vlan#2 P0 192.168.60.20.63442 > 208.67.222.222.53: udp 40
490: 08:15:20.003066 802.1Q vlan#2 P0 192.168.60.20.62373 > 208.67.222.222.53: udp 40
492: 08:15:20.003539 802.1Q vlan#2 P0 192.168.60.20.65017 > 208.67.222.222.53: udp 40
500: 08:15:20.303008 802.1Q vlan#2 P0 192.168.60.20.63130 > 208.67.222.222.53: udp 34
504: 08:15:20.411660 802.1Q vlan#2 P0 192.168.60.20.55911 > 208.67.222.222.53: udp 38
510: 08:15:20.984369 802.1Q vlan#2 P0 192.168.60.20.50215 > 208.67.222.222.53: udp 38
511: 08:15:21.171850 802.1Q vlan#2 P0 192.168.60.20.63438 > 208.67.222.222.53: udp 39
525: 08:15:21.983744 802.1Q vlan#2 P0 192.168.60.20.50215 > 208.67.222.222.53: udp 38
526: 08:15:21.993555 802.1Q vlan#2 P0 192.168.60.20.62143 > 208.67.222.222.53: udp 34
530: 08:15:22.000366 802.1Q vlan#2 P0 192.168.60.20.54586 > 208.67.222.222.53: udp 34
531: 08:15:22.001602 802.1Q vlan#2 P0 192.168.60.20.62168 > 208.67.222.222.53: udp 40
532: 08:15:22.001846 802.1Q vlan#2 P0 192.168.60.20.53798 > 208.67.222.222.53: udp 40
539: 08:15:22.004150 802.1Q vlan#2 P0 192.168.60.20.49384 > 208.67.222.222.53: udp 40
547: 08:15:22.986216 802.1Q vlan#2 P0 192.168.60.20.50215 > 208.67.222.222.53: udp 38
549: 08:15:22.999444 802.1Q vlan#2 P0 192.168.60.20.54586 > 208.67.222.222.53: udp 34
565: 08:15:23.999170 802.1Q vlan#2 P0 192.168.60.20.54586 > 208.67.222.222.53: udp 34
576: 08:15:24.303252 802.1Q vlan#2 P0 192.168.60.20.63130 > 208.67.222.222.53: udp 34
584: 08:15:24.985254 802.1Q vlan#2 P0 192.168.60.20.50215 > 208.67.222.222.53: udp 38
592: 08:15:25.172186 802.1Q vlan#2 P0 192.168.60.20.63438 > 208.67.222.222.53: udp 39
604: 08:15:25.994012 802.1Q vlan#2 P0 192.168.60.20.62143 > 208.67.222.222.53: udp 34
608: 08:15:25.998926 802.1Q vlan#2 P0 192.168.60.20.54586 > 208.67.222.222.53: udp 34
610: 08:15:26.001953 802.1Q vlan#2 P0 192.168.60.20.62168 > 208.67.222.222.53: udp 40
611: 08:15:26.002441 802.1Q vlan#2 P0 192.168.60.20.53798 > 208.67.222.222.53: udp 40
618: 08:15:26.004226 802.1Q vlan#2 P0 192.168.60.20.49384 > 208.67.222.222.53: udp 40
643: 08:15:28.986582 802.1Q vlan#2 P0 192.168.60.20.50215 > 208.67.222.222.53: udp 38
657: 08:15:29.999307 802.1Q vlan#2 P0 192.168.60.20.54586 > 208.67.222.222.53: udp 34
681: 08:15:31.458914 802.1Q vlan#2 P0 192.168.60.20.63467 > 208.67.222.222.53: udp 37
685: 08:15:31.724190 802.1Q vlan#2 P0 192.168.60.20.53683 > 208.67.222.222.53: udp 39
691: 08:15:31.875671 802.1Q vlan#2 P0 192.168.60.20.54302 > 208.67.222.222.53: udp 37
700: 08:15:32.723961 802.1Q vlan#2 P0 192.168.60.20.53683 > 208.67.222.222.53: udp 39
706: 08:15:33.724877 802.1Q vlan#2 P0 192.168.60.20.53683 > 208.67.222.222.53: udp 39
712: 08:15:35.725670 802.1Q vlan#2 P0 192.168.60.20.53683 > 208.67.222.222.53: udp 39
724: 08:15:39.726814 802.1Q vlan#2 P0 192.168.60.20.53683 > 208.67.222.222.53: udp 39
732: 08:15:41.453269 802.1Q vlan#2 P0 192.168.60.20.64218 > 208.67.222.222.53: udp 34
754: 08:15:43.453315 802.1Q vlan#2 P0 192.168.60.20.64218 > 208.67.222.222.53: udp 34
764: 08:15:43.995737 802.1Q vlan#2 P0 192.168.60.20.53749 > 208.67.222.222.53: udp 34
786: 08:15:45.994760 802.1Q vlan#2 P0 192.168.60.20.53749 > 208.67.222.222.53: udp 34
795: 08:15:47.451194 802.1Q vlan#2 P0 192.168.60.20.64429 > 208.67.222.222.53: udp 34
797: 08:15:47.454276 802.1Q vlan#2 P0 192.168.60.20.64218 > 208.67.222.222.53: udp 34
806: 08:15:48.285110 802.1Q vlan#2 P0 192.168.60.20.55170 > 208.67.222.222.53: udp 39
821: 08:15:49.451209 802.1Q vlan#2 P0 192.168.60.20.64429 > 208.67.222.222.53: udp 34
826: 08:15:49.979868 802.1Q vlan#2 P0 192.168.60.20.53423 > 208.67.222.222.53: udp 38
828: 08:15:49.994058 802.1Q vlan#2 P0 192.168.60.20.53749 > 208.67.222.222.53: udp 34
830: 08:15:50.285217 802.1Q vlan#2 P0 192.168.60.20.55170 > 208.67.222.222.53: udp 39
845: 08:15:51.979777 802.1Q vlan#2 P0 192.168.60.20.53423 > 208.67.222.222.53: udp 38
856: 08:15:53.450660 802.1Q vlan#2 P0 192.168.60.20.64429 > 208.67.222.222.53: udp 34
864: 08:15:54.008330 802.1Q vlan#2 P0 192.168.60.20.58160 > 208.67.222.222.53: udp 34
865: 08:15:54.285507 802.1Q vlan#2 P0 192.168.60.20.55170 > 208.67.222.222.53: udp 39
872: 08:15:55.008437 802.1Q vlan#2 P0 192.168.60.20.58160 > 208.67.222.222.53: udp 34
876: 08:15:55.980250 802.1Q vlan#2 P0 192.168.60.20.53423 > 208.67.222.222.53: udp 38
880: 08:15:56.009185 802.1Q vlan#2 P0 192.168.60.20.58160 > 208.67.222.222.53: udp 34
886: 08:15:58.009902 802.1Q vlan#2 P0 192.168.60.20.58160 > 208.67.222.222.53: udp 34
902: 08:16:00.006957 802.1Q vlan#2 P0 192.168.60.20.58798 > 208.67.222.222.53: udp 34
908: 08:16:00.837679 802.1Q vlan#2 P0 192.168.60.20.58163 > 208.67.222.222.53: udp 39
910: 08:16:01.006377 802.1Q vlan#2 P0 192.168.60.20.58798 > 208.67.222.222.53: udp 34
914: 08:16:01.837221 802.1Q vlan#2 P0 192.168.60.20.58163 > 208.67.222.222.53: udp 39
915: 08:16:01.991724 802.1Q vlan#2 P0 192.168.60.20.55645 > 208.67.222.222.53: udp 34
916: 08:16:02.007217 802.1Q vlan#2 P0 192.168.60.20.58798 > 208.67.222.222.53: udp 34
918: 08:16:02.010161 802.1Q vlan#2 P0 192.168.60.20.58160 > 208.67.222.222.53: udp 34
923: 08:16:02.838182 802.1Q vlan#2 P0 192.168.60.20.58163 > 208.67.222.222.53: udp 39
925: 08:16:02.991007 802.1Q vlan#2 P0 192.168.60.20.55645 > 208.67.222.222.53: udp 34
931: 08:16:03.990885 802.1Q vlan#2 P0 192.168.60.20.55645 > 208.67.222.222.53: udp 34
932: 08:16:04.007842 802.1Q vlan#2 P0 192.168.60.20.58798 > 208.67.222.222.53: udp 34
938: 08:16:04.838823 802.1Q vlan#2 P0 192.168.60.20.58163 > 208.67.222.222.53: udp 39
945: 08:16:05.990610 802.1Q vlan#2 P0 192.168.60.20.55645 > 208.67.222.222.53: udp 34
957: 08:16:08.009215 802.1Q vlan#2 P0 192.168.60.20.58798 > 208.67.222.222.53: udp 34
964: 08:16:08.840425 802.1Q vlan#2 P0 192.168.60.20.58163 > 208.67.222.222.53: udp 39
970: 08:16:09.991052 802.1Q vlan#2 P0 192.168.60.20.55645 > 208.67.222.222.53: udp 34
1005: 08:16:16.981287 802.1Q vlan#2 P0 192.168.60.20.53038 > 208.67.222.222.53: udp 38
1008: 08:16:17.391352 802.1Q vlan#2 P0 192.168.60.20.49778 > 208.67.222.222.53: udp 39
1010: 08:16:18.981348 802.1Q vlan#2 P0 192.168.60.20.53038 > 208.67.222.222.53: udp 38
1015: 08:16:19.391428 802.1Q vlan#2 P0 192.168.60.20.49778 > 208.67.222.222.53: udp 39
1022: 08:16:22.982645 802.1Q vlan#2 P0 192.168.60.20.53038 > 208.67.222.222.53: udp 38
1027: 08:16:23.403650 802.1Q vlan#2 P0 192.168.60.20.49778 > 208.67.222.222.53: udp 39
1032: 08:16:24.014434 802.1Q vlan#2 P0 192.168.60.20.54274 > 208.67.222.222.53: udp 34
1059: 08:16:26.014113 802.1Q vlan#2 P0 192.168.60.20.54274 > 208.67.222.222.53: udp 34
1096: 08:16:29.956737 802.1Q vlan#2 P0 192.168.60.20.61328 > 208.67.222.222.53: udp 39
1097: 08:16:30.013381 802.1Q vlan#2 P0 192.168.60.20.54274 > 208.67.222.222.53: udp 34
1099: 08:16:30.939343 802.1Q vlan#2 P0 192.168.60.20.58681 > 208.67.222.222.53: udp 40
1100: 08:16:30.939572 802.1Q vlan#2 P0 192.168.60.20.51180 > 208.67.222.222.53: udp 40
1101: 08:16:30.939801 802.1Q vlan#2 P0 192.168.60.20.53388 > 208.67.222.222.53: udp 40
1102: 08:16:30.956081 802.1Q vlan#2 P0 192.168.60.20.61328 > 208.67.222.222.53: udp 39
1106: 08:16:31.938870 802.1Q vlan#2 P0 192.168.60.20.58681 > 208.67.222.222.53: udp 40
1107: 08:16:31.939099 802.1Q vlan#2 P0 192.168.60.20.51180 > 208.67.222.222.53: udp 40
1108: 08:16:31.939785 802.1Q vlan#2 P0 192.168.60.20.53388 > 208.67.222.222.53: udp 40
1109: 08:16:31.956890 802.1Q vlan#2 P0 192.168.60.20.61328 > 208.67.222.222.53: udp 39
1112: 08:16:32.938916 802.1Q vlan#2 P0 192.168.60.20.51180 > 208.67.222.222.53: udp 40
1113: 08:16:32.939145 802.1Q vlan#2 P0 192.168.60.20.58681 > 208.67.222.222.53: udp 40
1116: 08:16:32.940075 802.1Q vlan#2 P0 192.168.60.20.53388 > 208.67.222.222.53: udp 40
1140: 08:16:33.956401 802.1Q vlan#2 P0 192.168.60.20.61328 > 208.67.222.222.53: udp 39
1148: 08:16:34.939740 802.1Q vlan#2 P0 192.168.60.20.58681 > 208.67.222.222.53: udp 40
1149: 08:16:34.939999 802.1Q vlan#2 P0 192.168.60.20.51180 > 208.67.222.222.53: udp 40
1150: 08:16:34.940228 802.1Q vlan#2 P0 192.168.60.20.53388 > 208.67.222.222.53: udp 40
1161: 08:16:36.936810 802.1Q vlan#2 P0 192.168.60.20.59595 > 208.67.222.222.53: udp 40
1162: 08:16:36.937970 802.1Q vlan#2 P0 192.168.60.20.59578 > 208.67.222.222.53: udp 40
1163: 08:16:36.938244 802.1Q vlan#2 P0 192.168.60.20.64549 > 208.67.222.222.53: udp 40
1168: 08:16:37.936002 802.1Q vlan#2 P0 192.168.60.20.59595 > 208.67.222.222.53: udp 40
1169: 08:16:37.936948 802.1Q vlan#2 P0 192.168.60.20.59578 > 208.67.222.222.53: udp 40
1170: 08:16:37.938046 802.1Q vlan#2 P0 192.168.60.20.64549 > 208.67.222.222.53: udp 40
1171: 08:16:37.955883 802.1Q vlan#2 P0 192.168.60.20.61328 > 208.67.222.222.53: udp 39
1175: 08:16:38.936948 802.1Q vlan#2 P0 192.168.60.20.59595 > 208.67.222.222.53: udp 40
1177: 08:16:38.937817 802.1Q vlan#2 P0 192.168.60.20.59578 > 208.67.222.222.53: udp 40
1179: 08:16:38.938763 802.1Q vlan#2 P0 192.168.60.20.64549 > 208.67.222.222.53: udp 40
1181: 08:16:38.939709 802.1Q vlan#2 P0 192.168.60.20.58681 > 208.67.222.222.53: udp 40
1185: 08:16:38.941006 802.1Q vlan#2 P0 192.168.60.20.51180 > 208.67.222.222.53: udp 40
1186: 08:16:38.941220 802.1Q vlan#2 P0 192.168.60.20.53388 > 208.67.222.222.53: udp 40
1195: 08:16:40.937512 802.1Q vlan#2 P0 192.168.60.20.59578 > 208.67.222.222.53: udp 40
1196: 08:16:40.937741 802.1Q vlan#2 P0 192.168.60.20.59595 > 208.67.222.222.53: udp 40
1199: 08:16:40.939602 802.1Q vlan#2 P0 192.168.60.20.64549 > 208.67.222.222.53: udp 40
1208: 08:16:42.005874 802.1Q vlan#2 P0 192.168.60.20.61007 > 208.67.222.222.53: udp 38
1216: 08:16:43.005202 802.1Q vlan#2 P0 192.168.60.20.61007 > 208.67.222.222.53: udp 38
1229: 08:16:44.006026 802.1Q vlan#2 P0 192.168.60.20.61007 > 208.67.222.222.53: udp 38
1237: 08:16:44.939419 802.1Q vlan#2 P0 192.168.60.20.59595 > 208.67.222.222.53: udp 40
1238: 08:16:44.939908 802.1Q vlan#2 P0 192.168.60.20.59578 > 208.67.222.222.53: udp 40
1245: 08:16:44.941494 802.1Q vlan#2 P0 192.168.60.20.64549 > 208.67.222.222.53: udp 40
1275: 08:16:46.006011 802.1Q vlan#2 P0 192.168.60.20.61007 > 208.67.222.222.53: udp 38
1321: 08:16:50.007079 802.1Q vlan#2 P0 192.168.60.20.61007 > 208.67.222.222.53: udp 38
1398: 08:17:10.994073 802.1Q vlan#2 P0 192.168.60.20.63745 > 208.67.222.222.53: udp 38
1401: 08:17:12.992517 802.1Q vlan#2 P0 192.168.60.20.63745 > 208.67.222.222.53: udp 38
1426: 08:17:15.766638 802.1Q vlan#2 P0 192.168.60.20.64128 > 208.67.222.222.53: udp 39
1429: 08:17:16.992761 802.1Q vlan#2 P0 192.168.60.20.63745 > 208.67.222.222.53: udp 38
1433: 08:17:17.766729 802.1Q vlan#2 P0 192.168.60.20.64128 > 208.67.222.222.53: udp 39
1441: 08:17:21.767050 802.1Q vlan#2 P0 192.168.60.20.64128 > 208.67.222.222.53: udp 39
1452: 08:17:26.504170 802.1Q vlan#2 P0 192.168.60.20.51346 > 208.67.222.222.53: udp 39
1463: 08:17:27.504032 802.1Q vlan#2 P0 192.168.60.20.51346 > 208.67.222.222.53: udp 39
1465: 08:17:28.318953 802.1Q vlan#2 P0 192.168.60.20.49753 > 208.67.222.222.53: udp 39
1466: 08:17:28.504887 802.1Q vlan#2 P0 192.168.60.20.51346 > 208.67.222.222.53: udp 39
1468: 08:17:29.319212 802.1Q vlan#2 P0 192.168.60.20.49753 > 208.67.222.222.53: udp 39
1475: 08:17:30.319746 802.1Q vlan#2 P0 192.168.60.20.49753 > 208.67.222.222.53: udp 39
1479: 08:17:30.505512 802.1Q vlan#2 P0 192.168.60.20.51346 > 208.67.222.222.53: udp 39
1484: 08:17:32.320356 802.1Q vlan#2 P0 192.168.60.20.49753 > 208.67.222.222.53: udp 39
1493: 08:17:34.507297 802.1Q vlan#2 P0 192.168.60.20.51346 > 208.67.222.222.53: udp 39
1498: 08:17:35.987299 802.1Q vlan#2 P0 192.168.60.20.50211 > 208.67.222.222.53: udp 38
1504: 08:17:36.321623 802.1Q vlan#2 P0 192.168.60.20.49753 > 208.67.222.222.53: udp 39
1512: 08:17:36.986475 802.1Q vlan#2 P0 192.168.60.20.50211 > 208.67.222.222.53: udp 38
1513: 08:17:37.987406 802.1Q vlan#2 P0 192.168.60.20.50211 > 208.67.222.222.53: udp 38
1521: 08:17:39.988001 802.1Q vlan#2 P0 192.168.60.20.50211 > 208.67.222.222.53: udp 38
1940: 08:19:32.749732 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.65521: udp 91
2126: 08:19:46.482335 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.61347: udp 50
2169: 08:19:50.479681 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.61347: udp 50
2200: 08:19:54.485921 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.61347: udp 50
2235: 08:19:58.700113 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.57408: udp 50
2275: 08:20:02.700113 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.57408: udp 50
2300: 08:20:06.380931 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.61124: udp 139
2303: 08:20:06.697321 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.57408: udp 50
2310: 08:20:07.624113 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.59656: udp 184
2313: 08:20:08.222202 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.63181: udp 112
2314: 08:20:08.222263 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.50007: udp 70
2335: 08:20:09.764441 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.51040: udp 91
2345: 08:20:10.380839 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.61124: udp 139
2354: 08:20:11.624235 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.59656: udp 184
2361: 08:20:12.093821 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.56090: udp 131
2362: 08:20:12.202458 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.63181: udp 112
2363: 08:20:12.206364 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.50007: udp 70
2373: 08:20:12.696466 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.51948: udp 50
2384: 08:20:14.200886 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.64562: udp 112
2385: 08:20:14.205311 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.63143: udp 70
2387: 08:20:14.378062 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.61124: udp 139
2399: 08:20:22.627012 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.50607: udp 108
2407: 08:20:23.801136 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.51512: udp 195
2417: 08:20:24.940777 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.62374: udp 184
2423: 08:20:25.811771 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.61821: udp 91
2432: 08:20:26.646801 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.60226: udp 108
2433: 08:20:26.692606 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.54228: udp 50
2452: 08:20:27.801167 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.51512: udp 195
2461: 08:20:28.941510 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.62374: udp 184
2463: 08:20:29.230990 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.52123: udp 139
2465: 08:20:29.912260 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.61877: udp 65
2467: 08:20:30.000976 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.57311: udp 112
2474: 08:20:30.646664 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.60226: udp 108
2476: 08:20:30.689737 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.54228: udp 50
2491: 08:20:31.800678 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.51512: udp 195
2500: 08:20:32.938428 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.62374: udp 184
2503: 08:20:33.229037 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.52123: udp 139
2507: 08:20:33.444541 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.51060: udp 70
2512: 08:20:33.909590 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.61877: udp 65
2514: 08:20:34.001296 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.57311: udp 112
2522: 08:20:34.646511 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.60226: udp 108
2524: 08:20:34.690027 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.54228: udp 50
2530: 08:20:35.997705 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.52341: udp 112
2538: 08:20:37.228656 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.52123: udp 139
2540: 08:20:37.441886 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.51060: udp 70
2544: 08:20:37.909926 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.61877: udp 65
2548: 08:20:38.001113 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.57311: udp 112
2555: 08:20:38.651318 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.56407: udp 108
2561: 08:20:39.440818 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.53603: udp 70
2569: 08:20:39.997857 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.52341: udp 112
2575: 08:20:41.228519 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.63240: udp 185
2578: 08:20:41.446708 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.51060: udp 70
2589: 08:20:42.646664 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.56407: udp 108
2598: 08:20:43.440666 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.53603: udp 70
2604: 08:20:43.997354 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.52341: udp 112
2618: 08:20:45.163275 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.63149: udp 65
2619: 08:20:45.227817 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.63240: udp 185
2621: 08:20:45.251924 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.57764: udp 112
2626: 08:20:46.130547 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.61026: udp 195
2632: 08:20:46.643567 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.56407: udp 108
2638: 08:20:47.440742 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.53603: udp 70
2644: 08:20:48.162879 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.63149: udp 65
2646: 08:20:48.251512 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.57764: udp 112
2648: 08:20:48.694986 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.49312: udp 70
2652: 08:20:49.130867 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.61026: udp 195
2654: 08:20:49.228625 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.63240: udp 185
2663: 08:20:51.251146 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.61384: udp 112
2666: 08:20:51.647091 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.52622: udp 108
2667: 08:20:51.694589 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.49312: udp 70
2670: 08:20:52.160193 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.63149: udp 65
2674: 08:20:52.251360 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.57764: udp 112
2679: 08:20:53.100306 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.56042: udp 131
2680: 08:20:53.129448 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.61026: udp 195
2685: 08:20:54.250765 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.61384: udp 112
2687: 08:20:54.646161 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.52622: udp 108
2689: 08:20:54.696726 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.52496: udp 70
2691: 08:20:55.697412 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.49312: udp 70
2693: 08:20:56.097971 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.56042: udp 131
2700: 08:20:57.693369 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.52496: udp 70
2703: 08:20:58.250109 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.61384: udp 112
2705: 08:20:58.646008 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.52622: udp 108
2708: 08:21:00.097819 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.56042: udp 131
2713: 08:21:01.693308 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.52496: udp 70
2718: 08:21:02.823626 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.63251: udp 91
2719: 08:21:02.948177 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.51292: udp 70
2722: 08:21:03.646023 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.63250: udp 108
2729: 08:21:05.947399 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.51292: udp 70
2734: 08:21:06.648678 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.63250: udp 108
2743: 08:21:08.911467 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.61647: udp 195
2744: 08:21:08.946865 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.60298: udp 70
2748: 08:21:09.950069 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.51292: udp 70
2751: 08:21:10.643521 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.63250: udp 108
2754: 08:21:11.910627 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.61647: udp 195
2756: 08:21:11.946530 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.60298: udp 70
2767: 08:21:15.130623 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.61338: udp 117
2770: 08:21:15.646527 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.51375: udp 108
2774: 08:21:15.909453 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.61647: udp 195
2776: 08:21:15.943844 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.60298: udp 70
2783: 08:21:17.200947 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.64763: udp 70
2787: 08:21:18.130104 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.61338: udp 117
2790: 08:21:18.645565 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.51375: udp 108
2793: 08:21:20.198033 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.64763: udp 70
2799: 08:21:22.127434 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.61338: udp 117
2802: 08:21:22.513309 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.51759: udp 70
2803: 08:21:22.643460 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.51375: udp 108
2805: 08:21:23.197652 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.49516: udp 70
2811: 08:21:24.202885 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.64763: udp 70
2814: 08:21:24.904906 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.60682: udp 236
2817: 08:21:25.510471 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.51759: udp 70
2821: 08:21:26.196797 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.49516: udp 70
2825: 08:21:27.646023 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.59714: udp 108
2827: 08:21:27.883941 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.60682: udp 236
2833: 08:21:29.407174 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.60724: udp 65
2834: 08:21:29.510273 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.51759: udp 70
2838: 08:21:30.196629 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.49516: udp 70
2843: 08:21:30.645703 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.59714: udp 108
2844: 08:21:30.883072 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.53426: udp 236
2846: 08:21:31.451636 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.62205: udp 70
2848: 08:21:31.886230 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.60682: udp 236
2851: 08:21:32.406946 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.60724: udp 65
2858: 08:21:33.882171 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.53426: udp 236
2862: 08:21:34.451209 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.62205: udp 70
2864: 08:21:34.642941 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.59714: udp 108
2871: 08:21:35.948116 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.60127: udp 195
2872: 08:21:36.406595 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.60724: udp 65
2875: 08:21:36.909331 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.65140: udp 222
2877: 08:21:37.449866 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.59320: udp 70
2878: 08:21:37.880005 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.53426: udp 236
2883: 08:21:38.456137 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.62205: udp 70
2884: 08:21:38.944699 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.60127: udp 195
2886: 08:21:39.888427 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.65140: udp 222
2890: 08:21:40.449485 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.59320: udp 70
2893: 08:21:41.321714 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.62421: udp 237
2899: 08:21:42.885528 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.60796: udp 222
2900: 08:21:42.945065 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.60127: udp 195
2904: 08:21:43.657345 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.50140: udp 65
2906: 08:21:43.890731 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.65140: udp 222
2909: 08:21:44.298278 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.62421: udp 237
2912: 08:21:44.449531 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.59320: udp 70
2919: 08:21:45.704828 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.50687: udp 70
2920: 08:21:45.884658 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.60796: udp 222
2925: 08:21:46.657497 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.50140: udp 65
2928: 08:21:47.297958 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.57907: udp 237
2930: 08:21:48.300582 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.62421: udp 237
2934: 08:21:48.703653 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.50687: udp 70
2937: 08:21:49.831789 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.57908: udp 91
2938: 08:21:49.884491 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.60796: udp 222
2942: 08:21:50.297714 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.57907: udp 237
2943: 08:21:50.657299 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.50140: udp 65
2946: 08:21:51.703119 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.55290: udp 70
2950: 08:21:52.706308 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.50687: udp 70
2951: 08:21:53.303741 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.53899: udp 237
2952: 08:21:54.297363 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.57907: udp 237
2956: 08:21:54.702402 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.55290: udp 70
2960: 08:21:56.302810 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.53899: udp 237
2965: 08:21:57.908095 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.60934: udp 117
2968: 08:21:58.702035 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.55290: udp 70
2972: 08:21:59.302428 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.63799: udp 237
2975: 08:21:59.977564 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.51380: udp 76
2979: 08:22:00.307631 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.53899: udp 237
2984: 08:22:00.907667 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.60934: udp 117
2986: 08:22:01.284164 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.51226: udp 108
2990: 08:22:02.302688 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.63799: udp 237
2993: 08:22:02.956646 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.51380: udp 76
2995: 08:22:02.987848 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.55596: udp 195
3001: 08:22:04.283783 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.51226: udp 108
3004: 08:22:04.907072 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.60934: udp 117
3009: 08:22:05.955822 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.64295: udp 76
3010: 08:22:05.984934 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.55596: udp 195
3012: 08:22:06.301864 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.63799: udp 237
3016: 08:22:06.958934 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.51380: udp 76
3022: 08:22:08.280640 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.51226: udp 108
3029: 08:22:08.955440 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.64295: udp 76
3032: 08:22:09.910627 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.57632: udp 117
3033: 08:22:09.987238 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.55596: udp 195
3035: 08:22:10.246538 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.60678: udp 131
3042: 08:22:11.959514 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.62946: udp 76
3044: 08:22:12.909758 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.57632: udp 117
3046: 08:22:12.952709 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.64295: udp 76
3049: 08:22:13.245653 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.60678: udp 131
3056: 08:22:14.956554 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.62946: udp 76
3062: 08:22:16.906996 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.57632: udp 117
3065: 08:22:17.248507 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.60678: udp 131
3068: 08:22:17.957820 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.57216: udp 76
3071: 08:22:18.956493 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.62946: udp 76
3077: 08:22:20.958004 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.57216: udp 76
3083: 08:22:23.961543 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.64402: udp 76
3086: 08:22:24.957271 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.57216: udp 76
3089: 08:22:25.054562 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.60597: udp 237
3092: 08:22:26.958675 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.64402: udp 76
3096: 08:22:28.046246 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.60597: udp 237
3100: 08:22:29.960353 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.51515: udp 76
3102: 08:22:30.029570 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.51928: udp 195
3105: 08:22:30.958049 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.64402: udp 76
3108: 08:22:31.020689 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.54204: udp 70
3110: 08:22:31.032819 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.64172: udp 237
3113: 08:22:32.036069 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.60597: udp 237
3115: 08:22:32.960002 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.51515: udp 76
3117: 08:22:33.024214 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.51928: udp 195
3120: 08:22:34.019850 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.54204: udp 70
3122: 08:22:34.032392 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.64172: udp 237
3126: 08:22:35.963649 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.58593: udp 76
3127: 08:22:36.918943 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.52177: udp 117
3128: 08:22:36.957302 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.51515: udp 76
3131: 08:22:37.024031 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.51928: udp 195
3134: 08:22:38.020155 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.54204: udp 70
3137: 08:22:38.034971 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.64172: udp 237
3138: 08:22:38.963451 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.58593: udp 76
3141: 08:22:39.916075 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.52177: udp 117
3144: 08:22:41.962337 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.55848: udp 76
3147: 08:22:42.905608 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.54153: udp 260
3149: 08:22:42.965037 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.58593: udp 76
3153: 08:22:43.915739 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.52177: udp 117
3159: 08:22:44.961498 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.55848: udp 76
3162: 08:22:45.904860 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.54153: udp 260
3165: 08:22:46.842790 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.54154: udp 91
3169: 08:22:47.966121 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.50849: udp 76
3170: 08:22:48.894881 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.55040: udp 236
3171: 08:22:48.918317 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.63098: udp 117
3172: 08:22:48.959026 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.55848: udp 76
3177: 08:22:49.905165 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.54153: udp 260
3180: 08:22:50.965282 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.50849: udp 76
3182: 08:22:51.894179 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.55040: udp 236
3183: 08:22:51.917417 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.63098: udp 117
3188: 08:22:53.964839 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.64023: udp 76
3192: 08:22:54.893157 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.57213: udp 236
3193: 08:22:54.963039 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.50849: udp 76
3199: 08:22:55.898970 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.55040: udp 236
3200: 08:22:55.917707 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.63098: udp 117
3205: 08:22:56.963954 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.64023: udp 76
3207: 08:22:57.064953 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.56311: udp 195
3211: 08:22:57.892760 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.57213: udp 236
3219: 08:22:59.968089 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.63271: udp 76
3220: 08:23:00.064877 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.56311: udp 195
3223: 08:23:00.899382 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.52883: udp 222
3224: 08:23:00.918241 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.63492: udp 65
3225: 08:23:00.964015 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.64023: udp 76
3228: 08:23:01.892562 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.57213: udp 236
3233: 08:23:02.967235 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.63271: udp 76
3237: 08:23:03.898650 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.52883: udp 222
3240: 08:23:03.917433 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.63492: udp 65
3242: 08:23:04.061871 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.56311: udp 195
3248: 08:23:05.966853 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.49426: udp 76
3249: 08:23:06.105661 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.59421: udp 260
3250: 08:23:06.897582 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.54348: udp 222
3253: 08:23:06.969966 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.63271: udp 76
3254: 08:23:07.104395 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.59421: udp 260
3256: 08:23:07.900817 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.52883: udp 222
3258: 08:23:07.917188 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.63492: udp 65
3260: 08:23:08.121102 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.59421: udp 260
3262: 08:23:08.965968 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.49426: udp 76
3267: 08:23:09.894790 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.54348: udp 222
3269: 08:23:10.103510 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.59421: udp 260
3273: 08:23:12.966594 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.49426: udp 76
3276: 08:23:13.894591 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.54348: udp 222
3278: 08:23:14.105325 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.59421: udp 260
3283: 08:23:15.168524 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.64971: udp 65
3290: 08:23:18.168692 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.64971: udp 65
3297: 08:23:22.167975 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.64971: udp 65
3300: 08:23:24.102426 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.59518: udp 195
3304: 08:23:25.966487 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.63456: udp 70
3311: 08:23:27.101526 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.59518: udp 195
3317: 08:23:28.965602 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.63456: udp 70
3320: 08:23:29.418755 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.63330: udp 117
3326: 08:23:31.101343 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.59518: udp 195
3329: 08:23:31.919706 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.52792: udp 108
3330: 08:23:31.962825 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.51619: udp 70
3331: 08:23:32.415872 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.63330: udp 117
3337: 08:23:32.968532 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.63456: udp 70
3342: 08:23:34.921384 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.52792: udp 108
3343: 08:23:34.962093 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.51619: udp 70
3347: 08:23:36.416161 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.63330: udp 117
3355: 08:23:38.918653 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.52792: udp 108
3357: 08:23:38.961681 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.51619: udp 70
3362: 08:23:40.219242 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.52373: udp 70
3367: 08:23:41.420983 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.60196: udp 117
3368: 08:23:41.426140 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.52680: udp 70
3374: 08:23:43.218341 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.52373: udp 70
3378: 08:23:44.417840 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.60196: udp 117
3381: 08:23:44.422967 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.52680: udp 70
3391: 08:23:46.217991 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.51938: udp 70
3398: 08:23:47.220706 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.52373: udp 70
3403: 08:23:48.418160 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.60196: udp 117
3406: 08:23:48.423058 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.52680: udp 70
3411: 08:23:49.217655 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.51938: udp 70
3422: 08:23:51.141533 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.55883: udp 195
3433: 08:23:53.214939 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.51938: udp 70
3440: 08:23:54.145637 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.55883: udp 195
3441: 08:23:54.469442 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.53554: udp 70
3450: 08:23:57.469061 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.53554: udp 70
3455: 08:23:58.140999 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.55883: udp 195
3461: 08:24:00.468695 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.58757: udp 70
3464: 08:24:01.468969 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.53554: udp 70
3469: 08:24:03.467810 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.58757: udp 70
3480: 08:24:07.427132 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.51241: udp 117
3483: 08:24:07.467733 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.58757: udp 70
3487: 08:24:08.722130 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.53884: udp 70
3491: 08:24:10.430275 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.51241: udp 117
3496: 08:24:11.722237 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.53884: udp 70
3505: 08:24:14.426064 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.51241: udp 117
3507: 08:24:14.720864 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.59532: udp 70
3511: 08:24:14.906035 802.1Q vlan#2 P0 208.67.222.222 > 172.26.20.22: icmp: echo reply
3515: 08:24:15.724068 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.53884: udp 70
3521: 08:24:17.720498 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.59532: udp 70
3523: 08:24:18.181677 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.52120: udp 195
3526: 08:24:19.428612 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.58045: udp 117
3528: 08:24:19.887054 802.1Q vlan#2 P0 208.67.222.222 > 172.26.20.22: icmp: echo reply
3531: 08:24:21.178304 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.52120: udp 195
3535: 08:24:21.720299 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.59532: udp 70
3538: 08:24:22.428231 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.58045: udp 117
3540: 08:24:22.975321 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.55981: udp 70
3542: 08:24:24.885620 802.1Q vlan#2 P0 208.67.222.222 > 172.26.20.22: icmp: echo reply
3544: 08:24:25.178777 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.52120: udp 195
3549: 08:24:25.977915 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.55981: udp 70
3550: 08:24:26.428093 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.58045: udp 117
3553: 08:24:26.571671 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.54072: udp 108
3557: 08:24:28.974055 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.61441: udp 70
3558: 08:24:29.571351 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.54072: udp 108
3560: 08:24:29.885864 802.1Q vlan#2 P0 208.67.222.222 > 172.26.20.22: icmp: echo reply
3562: 08:24:29.979273 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.55981: udp 70
3564: 08:24:31.973139 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.61441: udp 70
3566: 08:24:33.573639 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.54072: udp 108
3572: 08:24:35.973963 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.61441: udp 70
3575: 08:24:37.225574 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.54778: udp 70
3578: 08:24:40.227695 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.54778: udp 70
3586: 08:24:43.224780 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.61415: udp 70
3588: 08:24:44.225009 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.54778: udp 70
3594: 08:24:45.218357 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.59345: udp 195
3599: 08:24:46.225909 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.61415: udp 70
3603: 08:24:48.217472 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.59345: udp 195
3605: 08:24:48.437309 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.64239: udp 117
3609: 08:24:50.223697 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.61415: udp 70
3612: 08:24:51.435310 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.64239: udp 117
3614: 08:24:51.478262 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.60625: udp 76
3616: 08:24:52.217807 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.59345: udp 195
3619: 08:24:52.798359 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.57029: udp 70
3622: 08:24:54.477926 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.60625: udp 76
3625: 08:24:55.433113 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.64239: udp 117
3629: 08:24:55.798222 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.57029: udp 70
3634: 08:24:57.477499 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.65124: udp 76
3638: 08:24:58.483281 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.60625: udp 76
3642: 08:24:59.797306 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.57029: udp 70
3645: 08:25:00.438408 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.50075: udp 117
3646: 08:25:00.478857 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.65124: udp 76
3651: 08:25:03.435371 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.50075: udp 117
3652: 08:25:03.480749 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.57210: udp 76
3654: 08:25:04.474020 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.65124: udp 76
3660: 08:25:06.480352 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.57210: udp 76
3662: 08:25:07.435066 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.50075: udp 117
3667: 08:25:09.479497 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.52037: udp 76
3670: 08:25:10.487187 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.57210: udp 76
3673: 08:25:12.258485 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.59263: udp 195
3674: 08:25:12.478612 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.52037: udp 76
mxfw(config)# sho cap capo
16 packets captured
1: 08:49:55.933347 802.1Q vlan#2 P0 192.168.1.231 > 208.67.222.222: icmp: echo request
2: 08:49:55.961345 802.1Q vlan#2 P0 208.67.222.222 > 192.168.1.231: icmp: echo reply
3: 08:50:00.697122 802.1Q vlan#2 P0 192.168.1.231 > 208.67.222.222: icmp: echo request
4: 08:50:00.723915 802.1Q vlan#2 P0 208.67.222.222 > 192.168.1.231: icmp: echo reply
5: 08:50:05.696283 802.1Q vlan#2 P0 192.168.1.231 > 208.67.222.222: icmp: echo request
6: 08:50:05.721947 802.1Q vlan#2 P0 208.67.222.222 > 192.168.1.231: icmp: echo reply
7: 08:50:10.695474 802.1Q vlan#2 P0 192.168.1.231 > 208.67.222.222: icmp: echo request
8: 08:50:10.722466 802.1Q vlan#2 P0 208.67.222.222 > 192.168.1.231: icmp: echo reply
9: 08:24:14.880508 802.1Q vlan#2 P0 192.168.1.231 > 208.67.222.222: icmp: echo request
10: 08:24:14.906004 802.1Q vlan#2 P0 208.67.222.222 > 192.168.1.231: icmp: echo reply
11: 08:24:19.860780 802.1Q vlan#2 P0 192.168.1.231 > 208.67.222.222: icmp: echo request
12: 08:24:19.887023 802.1Q vlan#2 P0 208.67.222.222 > 192.168.1.231: icmp: echo reply
13: 08:24:24.859971 802.1Q vlan#2 P0 192.168.1.231 > 208.67.222.222: icmp: echo request
14: 08:24:24.885574 802.1Q vlan#2 P0 208.67.222.222 > 192.168.1.231: icmp: echo reply
15: 08:24:29.859147 802.1Q vlan#2 P0 192.168.1.231 > 208.67.222.222: icmp: echo request
16: 08:24:29.885833 802.1Q vlan#2 P0 208.67.222.222 > 192.168.1.231: icmp: echo reply
16 packets shown
mxfw(config)# sho cap capdmz
ERROR: Capture does not exist
mxfw(config)# sho cap capd
0 packet captured
0 packet shown
mxfw(config)# -
How can I map SSH from an outside network range to an internal host (ASA 5505)
Cisco Adaptive Security Appliance Software Version 7.2(4)
Device Manager Version 5.2(4)
- External network range that needs SSH access: 8.8.8.0/24
- Outside interface: 10.1.10.2 (NAT'd from 7.7.7.7)
- Inside Network: 192.168.100.0/24
- Inside host to redirect external SSH to: 192.168.100.98
Hi All,
I have a Cisco ASA 5505 (version above) and I have someone that needs to SSH into a box behind the ASA. I'm having a few issues trying to configure this access-list and NAT. I've tried many combinations and clearly my IOS is not as good as I thought.
Can anyone help with this? What commands should I enter to accomplish mapping SSH from an outside network range to an internal host?
Many thanks,
TarranThis may or may not work depending on how your modem handles the natting. On your firewall try this -
static (inside,outside) tcp interface 22 192.168.100.98 22
then add this to your acl on the outside interface of your ASA -
access-list outside_in permit tcp 8.8.8.0 255.255.255.0 host 10.1.10.2 eq 22
if you don't have an acl applied then add this extra step -
access-group outside_in in interface outside
Jon -
ASA 5505 Logging Issue - Warning: Configured logging host interface conflicts with route table entry
I am getting this warning on my ASA 5505 when I try to set up logging from my off site FW to the central FW, which is a 5510. What I am trying to do is send the FW logs through the VPN Tunnel into the central 5510 to our logging server at 192.168.22.99, but allow all other traffic out the outside interface so customers can hit our web servers down there. Here is an example of my config with fake IP's. I get this error when trying to do "logging inside host 192.168.22.99". If I try to put in "logging Tunnel host 192.168.22.99" I get the "Warning:Security Level is 1" message
5505
ethe0/0
desc To LA ISP (217.34.122.1)
switchport access vlan2
ethe0/1
desc To Redwood City HQ via VPN Tunnel
switchport access vlan1
ethe0/2
desc To Internal Web Server
switchport access vlan3
VLAN1
desc Tunnel to HQ
ifinterface Tunnel
security level 1
217.34.122.3 255.255.255.248
VLAN3
desc Internal Web Server
ifinterface inside
security level 100
192.168.0.1 255.255.255.0
access-list LosAngeles extended permit ip 192.168.0.0 255.255.255.0 192.168.22.0 255.255.255.0
(No access-group is performed, as I match from the crypto map instead since I have multiple sites going out of HQ - see HQ configs)
route Tunnel 192.168.22.0 255.255.255.0 65.29.211.198
crypto map TO-HQ 10 match address LosAngeles
crypto map TO-HQ set peer ip 65.29.211.198
5510 at HQ
access-list LA extended permit ip 192.168.22.0 255.255.255.0 192.168.0.0 255.255.255.0
(again no access-group, since I have a couple other off sites)
crypto map TO-LA 20 match address LA
crypto map TO-LA 20 set peer ip 217.34.122.3Hi Jouni,
I have the following configs in place with fake IPs
5505
1 outside interface with security level 0 (vlan1 direct connect to isp 217.33.122.2/30) - goes to ISP
1 Tunnel interface with security level 1 (vlan 2 direct connect to isp 217.33.122.6/30) - goes to Tunnel to our 5510
1 inside interface with security level 100 (servers connected to hub, with vlan3 ip of 192.168.0.1)
access-list LosAngeles extended permit ip 192.168.0.0 255.255.255.0 192.168.22.0 255.255.255.0 - acl to 5510 inside network
route outside 0.0.0.0 0.0.0.0 217.33.122.1 - route for all traffic (except for 192.168.22.0/24) to take the outside connection
route Tunnel 192.168.22.0 255.255.255.0 65.29.211.198 - route for 192.168.22.0 destined traffic to take the Tunnel connection
crypto map TO-HQ 10 match address LosAngeles
crypto map TO-HQ 10 set peer ip 65.29.211.198
tunnel-group 65.29.211.198 type ipsec-l2l
5510
1 outside interface with security level 0 (vlan1 direct connect to isp 65.29.211.198) - goes to isp
1 inside interface with security level 100 (vlan2 connection to corporate servers and SIP 192.168.22.0/24)
access-list LA extended permit ip 192.168.22.0 255.255.255.0 192.168.0.0 255.255.255.0
access-list OUTBOUND extended permit icmp host 217.33.122.6 host 192.168.22.99 (allows Nagios monitor to ping the DE interface
access-group OUTBOUND in interface outside
nat (inside,outside) static 192.168.22.99 interface destination static 217.33.122.6
route outside 192.168.0.0 255.255.255.0 217.33.122.6
crypto map TO-LA 20 match address LA
crypto map TO-LA 20 set peer ip 217.33.122.6
tunnel-group 217.33.122.6 type ipsec-l2l
I am mistaken on the 5510 interfaces. They do not have vlans, and the IP address is directly applied to the interfaces for outside and inside. -
Cisco ASA 5505 performance issues on downloads - data into the ASA from the Internet
I have having serious issues with performance on my ASA 5505s that I am testing with 9.2.3 code.
I stripped the config and removed as much stuff as I could - no VPN etc. and I am ONLY getting about 30-40Mbps downloads from sites but 95Mbps uploads???? Anyone else seeing these problems? If I remove the firewall my PC can hit 300/300Mbps to the same sites using the same switch and cable.
I installed 1Gb of mem on the ASA 5505 but it made no difference. The ASA has a UL IP Security license but I am only using and inside and outside address for these tests, no other ports configured.
Is anyone else seeing this performance problem with the 9.2.3 code? I went to this from 8.2.5 to try to resolve QOS failure bugs that I found in the 8.2.5 code. I did not expect to have a performance hit though and it is only on downloads TO the ASA from the Internet from all speed test sites that I try. Uploading speeds seem fine. No access-lists on my interfaces either...barebones config.
My FIOS and switch interfaces are fine...no errors on any interfaces and the same switch interface hits 300/300Mbps when my laptop is directly attached.
Anyone have a barebones config on their ASA 5505 that flies...I will try it on mine and see if some command somewhere (hidden) is causing the issue. I even cleared the config and started with a clean slate just in case I was missing some command from the older configs that may have impacted performance.After changing the switch with a high end switch my performance increased but I am still not happy with the throughput out of my ASA. I have about 50+ ASAs 5505s and a dozen 5510s. Most remote sites have 5505s. All my sites right now have 8.2.5-51 and I wanted to put 9.2.3 out there to solve issues I have uncovered on the 8.2.5 code with regards to QOS issues.
I get much better results using the Cisco 3750X attached to the FIOS (right around 300/300 with my laptop directly attached to the 3750x bypassing the ASA - my FIOS circuit rating is also 300/300). Going through the ASA to the same test site I get download speeds of 35 to 75. Changes randomly which really bothers me. My uploads speeds are ALWAYS faster then my download speeds. Example - best download I would ever get is 75Mb and my upload would usually hit 95Mb during the same test period.
I may have to live with it but the inconsistency is what really bothers me.
Here is the config I am currently using. Nothing going on during testing since only a single PC is attached. VPN tunnel to the main site can be up or down...doesn't seem to make any difference. PC does to site directly from outside interface of ASA...split tunneling. Even when I removed tunnels and tested with just the ASA as a firewall to the Internet I was still seeing the same inconsistencies.
Anything obviously missing - new command or anything? Xlates causing issues?
Maybe you are looking for
-
Function module to know in which EHP is the system
Hi, I am trying to find a Function Module which give me the release in which the system is. I need to know if it is ehp3 or ehp4. I know that I could use table CVERS. But I would like to know if the package is active or inactive. Thanks, Alejandro
-
I have a file-xi-mail scenario. I want to encrypt the message so I got the public key from the partner and imported the same into XI and used that in the receiver agreement. Now to decrypt the message, what should I do ?? Is there any tool so that I
-
Which airport utility do I need?
Okay a bit confused. I have a Time Capsule connected to an older version Airport Express (single band). I need to make some changes to the Airport Express. On my MBP 13" running 10.8.1 I have Airport Utility 6.1. I can reach the Time Capsule without
-
Adusting a dynamic page counter
I'm having a real headache getting a page counter to work in a module. It is a long course - 120 slides - and it features a dynamic menu and a sidebar menu that allows navigation to different sections from anywhere. It also has a glossary, available
-
Laserjet 200 color m251 install failed
I cannot get my LaserJet 200 Color M251 software to install. The first install screen gets to 100% and then instantly jumps to an Error message with no error code. I'm running Windows 7 (64bit) and successfully installed this on another computer ru