BM39SP1 Blank Access Rules Page

Similar Messages

• Not showing top 10 access rule after upgrade to 9.1(5)

  Hi
  I have recently upgraded ASA 5505 from 8.2 to 9.1 and the ASDM to 7.3 but I can no longer can view the Top 10 Access Rules on the home tab. Is it a bug or do I have to enable anything?
  I hope someone can help.

  Hi Andre
  for security reasons I cannot give you the Access rules page. FYI the logging is enabled
  However in the home page , when I click on show rule it says the following
  Unable to determine corresponding access rule The configuration in ASDM may be out of sync with the device. Please refreah configuration and try again
  I refreshed the screen and no change. Welcome any advise.

• Cisco RV180W Access Rules

  Good Day,
  I have been using Access Rules Block by Schedule successfully on my RV180.  I block all outbound traffic to a single IP address with two rules, 1) from 21:30 to 23:59 Every Day and 2) from 00:00 to 07:30 Every Day.  This works fine.
  However I am wanting to refine this to include days of the week.  I have the following:
  1) from 21:30 to 23:59 Sunday through Thursday;
  2) from 00:00 to 07:30 Every Day;
  3) from 22:30 to 23:59 Friday through Saturday.
  They are in this order in the Access Rules page but as they are all unique I cannot see why the order would affect it.
  The default Outbound Policy is Allow.  I have not rebooted the router and maybe this is what I need to do but the help does not say this needs to be done.
  Rule 3 is not working and access is allowed well past 22:30.  As I have only implemented this on Friday I have not yet tested if the other rules are working or not.  I know I could change the time to test it and will do if necessary but thought I would ask the forum first if anyone has come across this issue.
  All the best,
  Karl

  Hello,
  I have found out one reason for the access rules not working that was the TCP session timeout period.  That is to say that the current TCP session would continue until the TCP timeout period expired even if it was after the cut off time had been passed.  But there are other issues where the web interface indicated a change was made but it hadn't updated the router configuration, i.e. wireless disabled but it continued to run.  The web interface is prone to freezing.  The spec sheet says it supports port mirror but it doesn't.  I am thoroughly disappointed in the unit.  I am in the process of asking for a refund as I need a router that does what it is advertised to do.
  This is not a Cisco product that they (Cisco) should be proud of.
  Regards,
  Karl Wraith

• Cannot display Access Control Rules page --- BUG REPORT

  iWS 4.1sp9 on Linux Admin GUI cannot display Access Control Rules page for Netscape browsers 4.7 and 6.2 or for IE 4.
  It does work for IE 5.5 (running this in Vmware).
  I'm reporting this bug here as I can't see anywhere else to put it.

  It could be a firmware bug, or it could be something else bugging out. If the router hasn't been factory reset and it's been through a few firmware upgrades, try resetting it to factory defaults. Take note of any custom settings you have, so you can go in and manually re-configure the router. I would avoid importing a backed up config file in case the config turns out to be the problem, but it doesn't hurt to download a copy of your config now.
  Give that a try. Others might have some more ideas.
  ========
  The first to bring me 1Gbps Fiber for $30/m wins!

• HTTP Error 405 - The HTTP verb used to access this page is not .....

  Goodmorning,
  I've installed BO XI R3 SP4 on a 2k3-server with IIS 6.0. I wanted to configurate the SSO. After changing the web.config file and restart of the IIS , I get the following error :
  HTTP Error 405 - The HTTP verb used to access this page is not allowed.
  Internet Information Services (IIS)
  The frame where you normally are using for authentication has this error, the frame around is normal.
  Hope someony can help, thx in advance

  I can't fin a upload button , so the file in plain text gepasted
  Hope it is readable :
  #Software: Microsoft Internet Information Services 6.0
  #Version: 1.0
  #Date: 2012-02-29 12:19:21
  #Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status
  2012-02-29 12:19:21 W3SVC1 10.13.0.119 GET /InfoViewApp/logon.aspx - 80 - 10.13.0.119 Mozilla/4.0(compatible;MSIE7.0;WindowsNT5.2;Trident/4.0;.NETCLR1.1.4322;.NETCLR2.0.50727;.NETCLR3.0.4506.2152;.NETCLR+3.5.30729) 200 0 0
  2012-02-29 12:19:21 W3SVC1 10.13.0.119 GET /InfoViewApp/res/schema.blue/default.css.ashx - 80 - 10.13.0.119 Mozilla/4.0(compatible;MSIE7.0;WindowsNT5.2;Trident/4.0;.NETCLR1.1.4322;.NETCLR2.0.50727;.NETCLR3.0.4506.2152;.NETCLR+3.5.30729) 200 0 0
  2012-02-29 12:19:21 W3SVC1 10.13.0.119 GET /InfoViewApp/js/utils.js.ashx - 80 - 10.13.0.119 Mozilla/4.0(compatible;MSIE7.0;WindowsNT5.2;Trident/4.0;.NETCLR1.1.4322;.NETCLR2.0.50727;.NETCLR3.0.4506.2152;.NETCLR+3.5.30729) 200 0 0
  2012-02-29 12:19:21 W3SVC1 10.13.0.119 GET /InfoViewApp/js/helpSystem.js.ashx - 80 - 10.13.0.119 Mozilla/4.0(compatible;MSIE7.0;WindowsNT5.2;Trident/4.0;.NETCLR1.1.4322;.NETCLR2.0.50727;.NETCLR3.0.4506.2152;.NETCLR+3.5.30729) 200 0 0
  2012-02-29 12:19:21 W3SVC1 10.13.0.119 GET /InfoViewApp/common/appService.aspx service=skinning&resource=img&img=img.banner.logon.pattern 80 - 10.13.0.119 Mozilla/4.0(compatible;MSIE7.0;WindowsNT5.2;Trident/4.0;.NETCLR1.1.4322;.NETCLR2.0.50727;.NETCLR3.0.4506.2152;.NETCLR+3.5.30729) 200 0 0
  2012-02-29 12:19:21 W3SVC1 10.13.0.119 GET /InfoViewApp/listing/blank.aspx - 80 - 10.13.0.119 Mozilla/4.0(compatible;MSIE7.0;WindowsNT5.2;Trident/4.0;.NETCLR1.1.4322;.NETCLR2.0.50727;.NETCLR3.0.4506.2152;.NETCLR+3.5.30729) 200 0 0
  2012-02-29 12:19:21 W3SVC1 10.13.0.119 GET /InfoViewApp/common/appService.aspx service=skinning&resource=img&img=img.banner.logo 80 - 10.13.0.119 Mozilla/4.0(compatible;MSIE7.0;WindowsNT5.2;Trident/4.0;.NETCLR1.1.4322;.NETCLR2.0.50727;.NETCLR3.0.4506.2152;.NETCLR+3.5.30729) 200 0 0
  2012-02-29 12:19:21 W3SVC1 10.13.0.119 GET /InfoViewApp/logon/logon.aspx parameter=logonService 80 - 10.13.0.119 Mozilla/4.0(compatible;MSIE7.0;WindowsNT5.2;Trident/4.0;.NETCLR1.1.4322;.NETCLR2.0.50727;.NETCLR3.0.4506.2152;.NETCLR+3.5.30729) 200 0 0
  2012-02-29 12:19:21 W3SVC1 10.13.0.119 POST /PlatformServices/Shared/Logon/Logon.aspx - 80 - 10.13.0.119 Mozilla/4.0(compatible;MSIE7.0;WindowsNT5.2;Trident/4.0;.NETCLR1.1.4322;.NETCLR2.0.50727;.NETCLR3.0.4506.2152;.NETCLR+3.5.30729) 405 0 1
  2012-02-29 12:32:05 W3SVC1 127.0.0.1 GET /InfoViewApp/logon.aspx - 80 - 127.0.0.1 Mozilla/4.0(compatible;MSIE8.0;WindowsNT5.2;Trident/4.0;.NETCLR1.1.4322;.NETCLR2.0.50727;.NETCLR3.0.4506.2152;.NETCLR+3.5.30729) 200 0 0
  2012-02-29 12:32:05 W3SVC1 127.0.0.1 GET /InfoViewApp/res/schema.blue/default.css.ashx - 80 - 127.0.0.1 Mozilla/4.0(compatible;MSIE8.0;WindowsNT5.2;Trident/4.0;.NETCLR1.1.4322;.NETCLR2.0.50727;.NETCLR3.0.4506.2152;.NETCLR+3.5.30729) 200 0 0
  2012-02-29 12:32:05 W3SVC1 127.0.0.1 GET /InfoViewApp/js/utils.js.ashx - 80 - 127.0.0.1 Mozilla/4.0(compatible;MSIE8.0;WindowsNT5.2;Trident/4.0;.NETCLR1.1.4322;.NETCLR2.0.50727;.NETCLR3.0.4506.2152;.NETCLR+3.5.30729) 200 0 0
  2012-02-29 12:32:05 W3SVC1 127.0.0.1 GET /InfoViewApp/js/helpSystem.js.ashx - 80 - 127.0.0.1 Mozilla/4.0(compatible;MSIE8.0;WindowsNT5.2;Trident/4.0;.NETCLR1.1.4322;.NETCLR2.0.50727;.NETCLR3.0.4506.2152;.NETCLR+3.5.30729) 200 0 0
  2012-02-29 12:32:05 W3SVC1 127.0.0.1 GET /InfoViewApp/listing/blank.aspx - 80 - 127.0.0.1 Mozilla/4.0(compatible;MSIE8.0;WindowsNT5.2;Trident/4.0;.NETCLR1.1.4322;.NETCLR2.0.50727;.NETCLR3.0.4506.2152;.NETCLR+3.5.30729) 200 0 0
  2012-02-29 12:32:05 W3SVC1 127.0.0.1 GET /InfoViewApp/common/appService.aspx service=skinning&resource=img&img=img.banner.logon.pattern 80 - 127.0.0.1 Mozilla/4.0(compatible;MSIE8.0;WindowsNT5.2;Trident/4.0;.NETCLR1.1.4322;.NETCLR2.0.50727;.NETCLR3.0.4506.2152;.NETCLR+3.5.30729) 200 0 0
  2012-02-29 12:32:05 W3SVC1 127.0.0.1 GET /InfoViewApp/common/appService.aspx service=skinning&resource=img&img=img.banner.logo 80 - 127.0.0.1 Mozilla/4.0(compatible;MSIE8.0;WindowsNT5.2;Trident/4.0;.NETCLR1.1.4322;.NETCLR2.0.50727;.NETCLR3.0.4506.2152;.NETCLR+3.5.30729) 200 0 0
  2012-02-29 12:32:05 W3SVC1 127.0.0.1 GET /InfoViewApp/logon/logon.aspx parameter=logonService 80 - 127.0.0.1 Mozilla/4.0(compatible;MSIE8.0;WindowsNT5.2;Trident/4.0;.NETCLR1.1.4322;.NETCLR2.0.50727;.NETCLR3.0.4506.2152;.NETCLR+3.5.30729) 200 0 0
  2012-02-29 12:32:05 W3SVC1 127.0.0.1 POST /PlatformServices/Shared/Logon/Logon.aspx - 80 - 127.0.0.1 Mozilla/4.0(compatible;MSIE8.0;WindowsNT5.2;Trident/4.0;.NETCLR1.1.4322;.NETCLR2.0.50727;.NETCLR3.0.4506.2152;.NETCLR+3.5.30729) 405 0 1
  2012-02-29 12:33:17 W3SVC1 10.13.0.119 OPTIONS /c$ - 80 - 10.13.8.13 Microsoft-WebDAV-MiniRedir/6.1.7601 200 0 0
  2012-02-29 12:33:17 W3SVC1 10.13.0.119 PROPFIND /c$ - 80 - 10.13.8.13 Microsoft-WebDAV-MiniRedir/6.1.7601 501 0 0
  2012-02-29 12:33:17 W3SVC1 10.13.0.119 PROPFIND /c$ - 80 - 10.13.8.13 Microsoft-WebDAV-MiniRedir/6.1.7601 501 0 0
  2012-02-29 12:33:17 W3SVC1 10.13.0.119 PROPFIND /c$ - 80 - 10.13.8.13 Microsoft-WebDAV-MiniRedir/6.1.7601 501 0 0
  2012-02-29 12:33:17 W3SVC1 10.13.0.119 PROPFIND /c$ - 80 - 10.13.8.13 Microsoft-WebDAV-MiniRedir/6.1.7601 501 0 0
  Thx in advance for your reply

• ASA 5505, error in Access Rule

  Hello.
  Tha ASA 5505 is working, but I try to allow http and https from internet to a server running 2012 Essentials. The server has the internal IP 192.168.0.100. I have created an Object called SERVER with IP 192.168.0.100
  The outside Interface is called ICE
  I have configured NAT:
  I have also configured Access Rules:
  But when I test it With the Packet Tracer I get an error:
  Whats wrong With the Access Rule?
  I do prefer the ASDM :)
  Best regards Andreas

  Hello Jeevak.
  This is the running config (Vlan 13 (Interface ICE) is the one in use:
  domain-name DOMAIN.local
  names
  name 192.168.0.150 Server1 description SBS 2003 Server
  name 192.168.10.10 IP_ICE
  name x.x.x.0 outside-network
  name x.x.x.7 IP_outside
  name 192.168.0.100 SERVER description Hovedserver
  interface Vlan1
   nameif inside
   security-level 100
   ip address 192.168.0.1 255.255.255.0
  interface Vlan2
   description Direct Connect
   backup interface Vlan13
   nameif outside
   security-level 0
   pppoe client vpdn group PPPoE_DirectConnect
   ip address pppoe
  interface Vlan3
   description Gjestenettet
   nameif dmz
   security-level 50
   ip address 10.0.0.1 255.255.255.0
  interface Vlan13
   description Backupnett ICE
   nameif ICE
   security-level 0
   ip address IP_ICE 255.255.255.0
  interface Vlan23
   description
   nameif USER
   security-level 50
   ip address 10.1.1.1 255.255.255.0
  interface Ethernet0/0
   switchport access vlan 2
  interface Ethernet0/1
   switchport access vlan 13
  interface Ethernet0/2
   switchport access vlan 23
  interface Ethernet0/3
  interface Ethernet0/4
  interface Ethernet0/5
  interface Ethernet0/6
   switchport access vlan 3
  interface Ethernet0/7
   switchport access vlan 3
  ftp mode passive
  clock timezone CEST 1
  clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
  dns domain-lookup dmz
  dns server-group DefaultDNS
   domain-name DOMAIN.local
  same-security-traffic permit inter-interface
  same-security-traffic permit intra-interface
  access-list outside_access_in extended permit tcp any host IP_outside eq https
  access-list outside_access_in extended permit tcp any host IP_outside eq www
  access-list outside_access_in extended permit icmp any host IP_outside echo-reply
  access-list outside_access_in remark For RWW
  access-list outside_access_in remark For RWW
  access-list outside_access_in remark For RWW
  access-list outside_access_in remark For RWW
  access-list outside_access_in remark For RWW
  access-list outside_access_in remark For RWW
  access-list outside_access_in remark For RWW
  access-list outside_access_in remark For RWW
  access-list outside_access_in remark For RWW
  access-list outside_access_in remark For RWW
  access-list outside_access_in remark For RWW
  access-list outside_access_in remark For RWW
  access-list DOMAINVPN_splitTunnelAcl standard permit any
  access-list inside_nat0_outbound extended permit ip any 192.168.0.192 255.255.255.192
  access-list inside_nat0_outbound extended permit ip 192.168.0.0 255.255.255.0 192.168.0.192 255.255.255.192
  access-list DOMAIN_VPN_splitTunnelAcl standard permit 192.168.0.0 255.255.255.0
  access-list ICE_access_in extended permit tcp any host IP_ICE eq https
  access-list ICE_access_in extended permit tcp any host IP_ICE eq www
  access-list ICE_access_in extended permit icmp any host IP_ICE echo-reply
  access-list ICE_access_in remark For RWW
  access-list ICE_access_in remark For RWW
  access-list USER_access_in extended permit ip any any
  pager lines 24
  logging enable
  logging asdm warnings
  mtu inside 1500
  mtu outside 1500
  mtu dmz 1500
  mtu ICE 1500
  mtu USER 1500
  ip local pool VPNPool 192.168.10.210-192.168.10.225 mask 255.255.255.0
  no failover
  monitor-interface inside
  monitor-interface outside
  monitor-interface dmz
  monitor-interface ICE
  monitor-interface USER
  icmp unreachable rate-limit 1 burst-size 1
  icmp permit outside-network 255.255.255.0 outside
  icmp permit 192.168.10.0 255.255.255.0 ICE
  asdm image disk0:/asdm-524.bin
  no asdm history enable
  arp timeout 14400
  global (outside) 1 interface
  global (ICE) 1 interface
  nat (inside) 0 access-list inside_nat0_outbound
  nat (inside) 1 0.0.0.0 0.0.0.0
  nat (dmz) 1 10.0.0.0 255.255.255.0
  nat (USER) 1 10.1.1.0 255.255.255.0
  static (inside,ICE) tcp interface www SERVER www netmask 255.255.255.255
  static (inside,outside) tcp interface www SERVER www netmask 255.255.255.255
  static (inside,ICE) tcp interface https SERVER https netmask 255.255.255.255
  static (inside,outside) tcp interface https SERVER https netmask 255.255.255.255
  access-group outside_access_in in interface outside
  access-group ICE_access_in in interface ICE
  access-group USER_access_in in interface USER
  route outside 0.0.0.0 0.0.0.0 x.x.x.1 1 track 123
  route ICE 0.0.0.0 0.0.0.0 192.168.10.1 254
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  http server enable
  http 192.168.0.0 255.255.255.0 inside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  sla monitor 1
   type echo protocol ipIcmpEcho x.x.x.1 interface outside
   num-packets 3
   frequency 10
  sla monitor schedule 1 life forever start-time now
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto dynamic-map outside_dyn_map 20 set pfs group1
  crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
  crypto dynamic-map outside_dyn_map 40 set pfs group1
  crypto dynamic-map outside_dyn_map 40 set transform-set ESP-3DES-SHA
  crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
  crypto map outside_map interface outside
  crypto isakmp enable outside
  crypto isakmp policy 10
   authentication pre-share
   encryption 3des
   hash sha
   group 2
   lifetime 86400
  track 123 rtr 1 reachability
  no vpn-addr-assign local
  telnet timeout 5
  ssh timeout 5
  console timeout 0
  management-access inside
  dhcpd auto_config outside
  dhcpd address 10.0.0.10-10.0.0.39 dmz
  dhcpd dns y.y.y.2 z.z.z.z interface dmz
  dhcpd lease 6000 interface dmz
  dhcpd enable dmz
  dhcpd address 10.1.1.100-10.1.1.120 USER
  dhcpd dns y.y.y.2 z.z.z.z interface USER
  dhcpd lease 6000 interface USER
  dhcpd domain USER interface USER
  dhcpd enable USER
  ntp server 64.0.0.2 source outside
  group-policy DOMAIN_VPN internal
  group-policy DOMAIN_VPN attributes
   dns-server value 192.168.0.150
   vpn-tunnel-protocol IPSec
   split-tunnel-policy tunnelspecified
   split-tunnel-network-list value DOMAIN_VPN_splitTunnelAcl
   default-domain value DOMAIN.local
  class-map inspection_default
   match default-inspection-traffic
  class-map imblock
   match any
  class-map P2P
   match port tcp eq www
  policy-map type inspect dns preset_dns_map
   parameters
    message-length maximum 512
  policy-map type inspect im impolicy
   parameters
   match protocol msn-im yahoo-im
    drop-connection log
  policy-map global_policy
   class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny
    inspect sunrpc
    inspect xdmcp
    inspect sip
    inspect netbios
    inspect tftp
    inspect pptp
  policy-map type inspect http P2P_HTTP
   parameters
   match request uri regex _default_gator
    drop-connection log
   match request uri regex _default_x-kazaa-network
    drop-connection log
   match request uri regex _default_msn-messenger
    drop-connection log
   match request uri regex _default_gnu-http-tunnel_arg
    drop-connection log
  policy-map IM_P2P
   class imblock
    inspect im impolicy
   class P2P
    inspect http P2P_HTTP
  service-policy global_policy global
  service-policy IM_P2P interface inside
  prompt hostname context
  : end
  asdm image disk0:/asdm-524.bin
  asdm location Server1 255.255.255.255 inside
  asdm location IP_ICE 255.255.255.255 inside
  asdm location outside-network 255.255.255.0 inside
  asdm location SERVER 255.255.255.255 inside
  no asdm history enable
  What is wrong? Everything Works well except port forwarding.
  Andreas

• Restrict Access To Page Not Working with Different Auth Levels

  I have just started playing with the idea of using different auth levels to allow different users access to certain pages on my site.
  Within my SQL database I have a authlevel table consisting of 3 possible levels (guest, user, admin)
  I am using the Dreamweaver "Log in user" to log in users based on username, pass, and auth level and "Restrict access to page" set to allow user levels 'user' and 'admin'.
  The problem, however, occurs when trying to log in.  No matter what auth level I try I am redirected to my page where users should be redirected if they are not allowed to enter that page.
  I have included below my code from my login page and the page where all authorized users (user and admin) should be directed upon entering the restricted area.
  Login Page:
  <?php require_once('../Connections/hondovfd.php'); ?>
  <?php
  if (!function_exists("GetSQLValueString")) {
  function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
    if (PHP_VERSION < 6) {
      $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
    $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
    switch ($theType) {
      case "text":
        $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
        break;   
      case "long":
      case "int":
        $theValue = ($theValue != "") ? intval($theValue) : "NULL";
        break;
      case "double":
        $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
        break;
      case "date":
        $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
        break;
      case "defined":
        $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
        break;
    return $theValue;
  ?>
  <?php
  // *** Validate request to login to this site.
  if (!isset($_SESSION)) {
    session_start();
  $loginFormAction = $_SERVER['PHP_SELF'];
  if (isset($_GET['accesscheck'])) {
    $_SESSION['PrevUrl'] = $_GET['accesscheck'];
  if (isset($_POST['username'])) {
    $loginUsername=$_POST['username'];
    $password=$_POST['password'];
    $MM_fldUserAuthorization = "authlevel";
    $MM_redirectLoginSuccess = "/membersonly/membersonly.php";
    $MM_redirectLoginFailed = "/membersonly/loginfailed.php";
    $MM_redirecttoReferrer = false;
    mysql_select_db($database_hondovfd, $hondovfd);
    $LoginRS__query=sprintf("SELECT username, password, authlevel FROM login WHERE username=%s AND password=%s",
    GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text"));
    $LoginRS = mysql_query($LoginRS__query, $hondovfd) or die(mysql_error());
    $loginFoundUser = mysql_num_rows($LoginRS);
    if ($loginFoundUser) {
      $loginStrGroup  = mysql_result($LoginRS,0,'authlevel');
      //declare two session variables and assign them
      $_SESSION['MM_Username'] = $loginUsername;
      $_SESSION['MM_UserGroup'] = $loginStrGroup;          
      if (isset($_SESSION['PrevUrl']) && false) {
        $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];    
      header("Location: " . $MM_redirectLoginSuccess );
    else {
      header("Location: ". $MM_redirectLoginFailed );
  ?>
  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  <html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templates/phptemplate.dwt" codeOutsideHTMLIsLocked="false" -->
  <head>
  <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
  <!-- InstanceBeginEditable name="Title" -->
  <title>Log In</title>
  <!-- InstanceEndEditable -->
  <meta name="description" content="Hondo Fire and Rescue serves the Arroyo Hondo and Canada Village areas of Santa Fe County, NM." />
  <meta name="keywords" content="hondo, hondo fire, hondo vfd, hondo fire department, santa fe county fire department, santa fe county, volunteer fire department, hondo volunteer fire department" />
  <link href="../stylesheet.css" type="text/css" rel="stylesheet" />
  <!--[if IE]>
  <style type="text/css">
  #mainContent, #sidebar1 { zoom: 1;}
  </style>
  <![endif]-->
  <script src="../SpryAssets/SpryMenuBar.js" type="text/javascript"></script>
  <link href="../SpryAssets/SpryMenuBarVertical.css" rel="stylesheet" type="text/css" />
  </head>
  <body class="thrColLiqHdr">
  <div id="container">
  <div id="header"></div>
    <div id="sidebar1">
    <h3>Navigation : </h3>
    <ul id="MenuBar1" class="MenuBarVertical">
    <li><a href="/index.php">Home</a></li>
  <li><a href="/support.php">Support Hondo</a></li>
    <li><a class="MenuBarItemSubmenu" href="#">Information Menu</a>
      <ul>
        <li><a href="/people.php">Our People</a></li>
        <li><a href="http://www.google.com/maps/ms?ie=UTF8&hl=en&msa=0&msid=101620713606637979698.00045b6ead4ab4ea70b78&z=11" target="_blank">Response Area</a></li>
        <li><a href="/medical.php">Medical</a></li>
        <li><a href="/apparatus.php">Apparatus</a></li>
        <li><a href="/training.php">Training</a></li>
        <li><a href="/volunteer.php">Volunteer</a></li>
        <li><a href="/statistics.php">Statistics</a></li>
        <li><a href="/patchtrading.php">Patch Trading</a></li>
      </ul>
    </li>
    <li><a href="/album.php">Photo Gallery</a></li>
    <li><a href="/calendar.php">Calendar</a></li>
    <li><a href="/news.php">Blog/News</a></li>
    <li><a href="/links.php">Links</a></li>
    <li><a href="/contact.php">Contact Us</a></li>
  </ul>
  <br />
  <form action="https://www.paypal.com/cgi-bin/webscr" method="post">
    <span class="lefttext">
  <input type="hidden" name="cmd" value="_s-xclick">
  <input type="hidden" name="hosted_button_id" value="8567201">
  <input type="image" src="https://www.paypal.com/en_US/i/btn/btn_donate_LG.gif" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!" />
  <img alt="" border="0" src="https://www.paypal.com/en_US/i/scr/pixel.gif" width="1" height="1">
  </img></input></input>
    </span>
  </form>
  <span class="lefttext"><br />
  </span>
  <center>
    <span class="lefttext"><a href="http://www.facebook.com/pages/Santa-Fe-NM/Hondo-Volunteer-Fire-Department/74284233488" target="_blank" class="lefttext">Hondo VFD on Facebook</a></span>
  </center>
    <!-- end #sidebar1 --></div>
    <div id="sidebar2"> 
      <p><a href="/membersonly/login.php">Log In</a> | <a href="/membersonly/logout.php">Log Out</a></p>
      <p>Call Statistics for <?php
  $myFile = "/var/home/hondovfd/hondovfd.org/www/membersonly/month.txt";
  $fh = fopen($myFile, 'r');
  $theData = fread($fh, filesize($myFile));
  fclose($fh);
  echo $theData;
  ?> as of <?php
  $myFile = "/var/home/hondovfd/hondovfd.org/www/membersonly/date.txt";
  $fh = fopen($myFile, 'r');
  $theData = fread($fh, filesize($myFile));
  fclose($fh);
  echo $theData;
  ?></p>
    <table width="90%" border="0" cellspacing="0" cellpadding="0">
    <tr>
      <td width="60%">EMS Calls</td>
      <td width="40%"><?php
  $myFile = "/var/home/hondovfd/hondovfd.org/www/membersonly/emscalls.txt";
  $fh = fopen($myFile, 'r');
  $theData = fread($fh, filesize($myFile));
  fclose($fh);
  echo $theData;
  ?></td>
    </tr>
    <tr>
      <td>Fire Calls</td>
      <td><?php
  $myFile = "/var/home/hondovfd/hondovfd.org/www/membersonly/firecalls.txt";
  $fh = fopen($myFile, 'r');
  $theData = fread($fh, filesize($myFile));
  fclose($fh);
  echo $theData;
  ?></td>
    </tr>
  </table>
    <hr />
      <div id="cse" style="width:100%;">Loading</div>
  <script src="http://www.google.com/jsapi" type="text/javascript"></script>
  <script type="text/javascript">
    google.load('search', '1');
    google.setOnLoadCallback(function(){
      new google.search.CustomSearchControl().draw('cse');
    }, true);
  </script>
       <!-- End Google Search Element -->
    </div>
    <!-- end #sidebar2 -->
    <div id="mainContent">
    <div class="top"></div><div class="wrap"><!-- InstanceBeginEditable name="Main Content" -->
  <table width="100%" border="0" cellspacing="0" cellpadding="0">
    <tr>
      <td height="47" class="h2">Members Only Login</td>
    </tr>
    <tr>
      <td><form ACTION="<?php echo $loginFormAction; ?>" id="login" name="login" method="POST">
      <table width="40%" border="0" cellspacing="0" cellpadding="0">
    <tr>
      <td width="31%">Username:</td>
      <td width="69%"><input name="username" type="text" /></td>
    </tr>
    <tr>
      <td>Password</td>
      <td><input name="password" type="password" /></td>
    </tr>
  </table>
  <input name="Submit" type="submit" />
      </form></td>
    </tr>
  </table>
    <!-- InstanceEndEditable -->
  </div>
  <div class="bottom"></div>
  </div>
       <!-- This clearing element should immediately follow the #mainContent div in order to force the #container div to contain all child floats --> <br class="clearfloat" />
    <div id="footer">
      <p align="center">&copy; Copyright 2009 Hondo Volunteer Fire Department | <a href="mailto:[email protected]">Contact Us</a><a href="http://www.legalhelpers.com/chapter-13-bankruptcy/chapter13.html"></a><br />Hosting provided by <a href="http://studiox.com/" target="_blank">Studio X</a></p>
    <!-- end #footer --></div>
  <!-- end #container --></div>
  <script type="text/javascript">
  <!--
  var MenuBar1 = new Spry.Widget.MenuBar("MenuBar1", {imgRight:"../SpryAssets/SpryMenuBarRightHover.gif"});
  //-->
  </script>
  <?php include_once("/var/home/hondovfd/hondovfd.org/www/analyticstracking.php"); ?>
  </body>
  <!-- InstanceEnd --></html>
  Other Page:
  <?php
  if (!isset($_SESSION)) {
    session_start();
  $MM_authorizedUsers = "user,admin";
  $MM_donotCheckaccess = "false";
  // *** Restrict Access To Page: Grant or deny access to this page
  function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) {
    // For security, start by assuming the visitor is NOT authorized.
    $isValid = False;
    // When a visitor has logged into this site, the Session variable MM_Username set equal to their username.
    // Therefore, we know that a user is NOT logged in if that Session variable is blank.
    if (!empty($UserName)) {
      // Besides being logged in, you may restrict access to only certain users based on an ID established when they login.
      // Parse the strings into arrays.
      $arrUsers = Explode(",", $strUsers);
      $arrGroups = Explode(",", $strGroups);
      if (in_array($UserName, $arrUsers)) {
        $isValid = true;
      // Or, you may restrict access to only certain users based on their username.
      if (in_array($UserGroup, $arrGroups)) {
        $isValid = true;
      if (($strUsers == "") && false) {
        $isValid = true;
    return $isValid;
  $MM_restrictGoTo = "/membersonly/loginfailed.php";
  if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {  
    $MM_qsChar = "?";
    $MM_referrer = $_SERVER['PHP_SELF'];
    if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
    if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0)
    $MM_referrer .= "?" . $QUERY_STRING;
    $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
    header("Location: ". $MM_restrictGoTo);
    exit;
  ?>
  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  <html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templates/phptemplate.dwt" codeOutsideHTMLIsLocked="false" -->
  <head>
  <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
  <!-- InstanceBeginEditable name="Title" -->
  <title>Members Only Area</title>
  <!-- InstanceEndEditable -->
  <meta name="description" content="Hondo Fire and Rescue serves the Arroyo Hondo and Canada Village areas of Santa Fe County, NM." />
  <meta name="keywords" content="hondo, hondo fire, hondo vfd, hondo fire department, santa fe county fire department, santa fe county, volunteer fire department, hondo volunteer fire department" />
  <link href="../stylesheet.css" type="text/css" rel="stylesheet" />
  <!--[if IE]>
  <style type="text/css">
  #mainContent, #sidebar1 { zoom: 1;}
  </style>
  <![endif]-->
  <script src="../SpryAssets/SpryMenuBar.js" type="text/javascript"></script>
  <link href="../SpryAssets/SpryMenuBarVertical.css" rel="stylesheet" type="text/css" />
  </head>
  <body class="thrColLiqHdr">
  <div id="container">
  <div id="header"></div>
    <div id="sidebar1">
    <h3>Navigation : </h3>
    <ul id="MenuBar1" class="MenuBarVertical">
    <li><a href="/index.php">Home</a></li>
  <li><a href="/support.php">Support Hondo</a></li>
    <li><a class="MenuBarItemSubmenu" href="#">Information Menu</a>
      <ul>
        <li><a href="/people.php">Our People</a></li>
        <li><a href="http://www.google.com/maps/ms?ie=UTF8&hl=en&msa=0&msid=101620713606637979698.00045b6ead4ab4ea70b78&z=11" target="_blank">Response Area</a></li>
        <li><a href="/medical.php">Medical</a></li>
        <li><a href="/apparatus.php">Apparatus</a></li>
        <li><a href="/training.php">Training</a></li>
        <li><a href="/volunteer.php">Volunteer</a></li>
        <li><a href="/statistics.php">Statistics</a></li>
        <li><a href="/patchtrading.php">Patch Trading</a></li>
      </ul>
    </li>
    <li><a href="/album.php">Photo Gallery</a></li>
    <li><a href="/calendar.php">Calendar</a></li>
    <li><a href="/news.php">Blog/News</a></li>
    <li><a href="/links.php">Links</a></li>
    <li><a href="/contact.php">Contact Us</a></li>
  </ul>
  <br />
  <form action="https://www.paypal.com/cgi-bin/webscr" method="post">
    <span class="lefttext">
  <input type="hidden" name="cmd" value="_s-xclick">
  <input type="hidden" name="hosted_button_id" value="8567201">
  <input type="image" src="https://www.paypal.com/en_US/i/btn/btn_donate_LG.gif" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!" />
  <img alt="" border="0" src="https://www.paypal.com/en_US/i/scr/pixel.gif" width="1" height="1">
  </img></input></input>
    </span>
  </form>
  <span class="lefttext"><br />
  </span>
  <center>
    <span class="lefttext"><a href="http://www.facebook.com/pages/Santa-Fe-NM/Hondo-Volunteer-Fire-Department/74284233488" target="_blank" class="lefttext">Hondo VFD on Facebook</a></span>
  </center>
    <!-- end #sidebar1 --></div>
    <div id="sidebar2"> 
      <p><a href="/membersonly/login.php">Log In</a> | <a href="/membersonly/logout.php">Log Out</a></p>
      <p>Call Statistics for <?php
  $myFile = "/var/home/hondovfd/hondovfd.org/www/membersonly/month.txt";
  $fh = fopen($myFile, 'r');
  $theData = fread($fh, filesize($myFile));
  fclose($fh);
  echo $theData;
  ?> as of <?php
  $myFile = "/var/home/hondovfd/hondovfd.org/www/membersonly/date.txt";
  $fh = fopen($myFile, 'r');
  $theData = fread($fh, filesize($myFile));
  fclose($fh);
  echo $theData;
  ?></p>
    <table width="90%" border="0" cellspacing="0" cellpadding="0">
    <tr>
      <td width="60%">EMS Calls</td>
      <td width="40%"><?php
  $myFile = "/var/home/hondovfd/hondovfd.org/www/membersonly/emscalls.txt";
  $fh = fopen($myFile, 'r');
  $theData = fread($fh, filesize($myFile));
  fclose($fh);
  echo $theData;
  ?></td>
    </tr>
    <tr>
      <td>Fire Calls</td>
      <td><?php
  $myFile = "/var/home/hondovfd/hondovfd.org/www/membersonly/firecalls.txt";
  $fh = fopen($myFile, 'r');
  $theData = fread($fh, filesize($myFile));
  fclose($fh);
  echo $theData;
  ?></td>
    </tr>
  </table>
    <hr />
      <div id="cse" style="width:100%;">Loading</div>
  <script src="http://www.google.com/jsapi" type="text/javascript"></script>
  <script type="text/javascript">
    google.load('search', '1');
    google.setOnLoadCallback(function(){
      new google.search.CustomSearchControl().draw('cse');
    }, true);
  </script>
       <!-- End Google Search Element -->
    </div>
    <!-- end #sidebar2 -->
    <div id="mainContent">
    <div class="top"></div><div class="wrap"><!-- InstanceBeginEditable name="Main Content" -->
      <table width="100%" border="0" cellspacing="0" cellpadding="0">
    <tr>
      <td height="47" class="h2">Members Only Area</td>
    </tr>
    <tr>
      <td><p><a href="/membersonly/documents.php">Useful Documents</a></p>
        <p><a href="/membersonly/IncidentCount01_08.pdf">Current Call Statistics</a> as of 9/3/09</p>
        </td>
    </tr>
  </table>
    <script type="text/javascript">
  <!--
  var MenuBar1 = new Spry.Widget.MenuBar("MenuBar1", {imgRight:"../SpryAssets/SpryMenuBarRightHover.gif"});
  //-->
  </script><!-- InstanceEndEditable -->
  </div>
  <div class="bottom"></div>
  </div>
       <!-- This clearing element should immediately follow the #mainContent div in order to force the #container div to contain all child floats --> <br class="clearfloat" />
    <div id="footer">
      <p align="center">&copy; Copyright 2009 Hondo Volunteer Fire Department | <a href="mailto:[email protected]">Contact Us</a><a href="http://www.legalhelpers.com/chapter-13-bankruptcy/chapter13.html"></a><br />Hosting provided by <a href="http://studiox.com/" target="_blank">Studio X</a></p>
    <!-- end #footer --></div>
  <!-- end #container --></div>
  <script type="text/javascript">
  <!--
  var MenuBar1 = new Spry.Widget.MenuBar("MenuBar1", {imgRight:"../SpryAssets/SpryMenuBarRightHover.gif"});
  //-->
  </script>
  <?php include_once("/var/home/hondovfd/hondovfd.org/www/analyticstracking.php"); ?>
  </body>
  <!-- InstanceEnd --></html>

  you don't need all that bloat.  set a session during login of some kind of uniquely identifying id.  i.e.
  $_SESSION['id'] = $row_rs['id'];
  then on the pages you need to protect, check it like this....
  <?php
  session_start();
  if (!(isset($_SESSION['id']) && $_SESSION['id'] != '')) {
  die(header("Location: http://www.notinprotectedareas.com")); }
  ?>
  you can use an include file i.e.
  <?php require_once('login_check.php'); ?>
  where file is name login_check.php to make your auth controls clean on your protected pages.

• Restrict Access to Page Issue...

  Hi this is my first time on Adobe forums, im regard myself as
  new to web design, im making my first proper website, for portfolio
  purposes. www.imaginationwebdesign.co.uk/port2 is the website..
  I am using Dreamweaver CS3 coding with HTML / PHP / MySQL
  My Issue:
  I have implemented Restrict Access to Page dependant upon
  User / Pass / Access Level.
  Access Levels are 1 and 3 and are stored on my MySQL
  Database.
  3 = Full Admin Rights
  1 = Minimal Admin Rights.
  Now, Whilst the Restrict access works, when Access Level 1
  attempts to display page only for Access Level 3, It's not
  redirecting to the "AccessDenied.php" page... instead a blank white
  page is being displayed and unless i press Back, it just stays
  blank and doesnt redirect.
  I have used the Server Behaviour Panel so the code is
  automatically generated but the source is:
  <?php
  if (!isset($_SESSION)) {
  session_start();
  $MM_authorizedUsers = "3";
  $MM_donotCheckaccess = "false";
  // *** Restrict Access To Page: Grant or deny access to this
  page
  function isAuthorized($strUsers, $strGroups, $UserName,
  $UserGroup) {
  // For security, start by assuming the visitor is NOT
  authorized.
  $isValid = False;
  // When a visitor has logged into this site, the Session
  variable MM_Username set equal to their username.
  // Therefore, we know that a user is NOT logged in if that
  Session variable is blank.
  if (!empty($UserName)) {
  // Besides being logged in, you may restrict access to only
  certain users based on an ID established when they login.
  // Parse the strings into arrays.
  $arrUsers = Explode(",", $strUsers);
  $arrGroups = Explode(",", $strGroups);
  if (in_array($UserName, $arrUsers)) {
  $isValid = true;
  // Or, you may restrict access to only certain users based
  on their username.
  if (in_array($UserGroup, $arrGroups)) {
  $isValid = true;
  if (($strUsers == "") && false) {
  $isValid = true;
  return $isValid;
  $MM_restrictGoTo = "AccessDeniedAdmin.php";
  if (!((isset($_SESSION['MM_Username'])) &&
  (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'],
  $_SESSION['MM_UserGroup'])))) {
  $MM_qsChar = "?";
  $MM_referrer = $_SERVER['PHP_SELF'];
  if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
  if (isset($QUERY_STRING) && strlen($QUERY_STRING)
  > 0)
  $MM_referrer .= "?" . $QUERY_STRING;
  $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar .
  "accesscheck=" . urlencode($MM_referrer);
  header("Location: ". $MM_restrictGoTo);
  exit;
  ?>
  any help would be great to get the redirection working...
  I've tried this on several pages and it still doesnt work.
  Thank you and sorry if this is posted in the wrong area.
  David.

  Davidbirkin wrote:
  > I finally managed to solve the issue.. although, to me
  it was a rather strange
  > issue..
  Strange to you, perhaps, but it's a very common issue.
  > Before the Validation to check for Access level i had
  this line of code...
  >
  > <?php require_once('Connections/con1.php'); ?>
  >
  > No, i have moved that line of code to appear AFTER the
  access level validation
  > check, and it's all working fine... maybe it's the order
  i added the dynamic
  > functions to the Page, but now it is working...
  As I said in my original reply, the problem was almost
  certainly caused
  by an error that you couldn't see because the display of
  errors is
  turned off for security reasons. The Restrict Access to Page
  server
  behavior uses session_start(), which must come before there
  is any
  output to the browser. "Output" includes new lines or
  whitespace outside
  PHP tags. There is almost certainly an extra line at the end
  of
  con1.php, which would prevent the session from starting. In
  turn, that
  would generate an error, resulting in your blank page.
  The problem is closely related to the "headers already sent"
  error
  message that confuses most PHP beginners. Read about it here:
  http://docs.php.net/manual/en/function.header.php
  By the way, it sounds as though you are testing everything on
  a remote
  server, rather than testing locally before deploying to a
  remote server.
  That's a very bad idea, particularly if the display of errors
  is turned
  off. You should test files in a safe, local environment with
  error
  reporting turned to the highest level, and eliminate all
  errors before
  deploying to a live server. If you're testing locally, make
  sure that
  error_reporting in php.ini is set to E_ALL, and that
  display_errors is on.
  David Powers, Adobe Community Expert
  Author, "The Essential Guide to Dreamweaver CS3" (friends of
  ED)
  Author, "PHP Solutions" (friends of ED)
  http://foundationphp.com/

• Cannot access web page anymore

  I can no longer access my banks web page anymore.  I was able to get to the page and sign in up to a few days ago.
  When I try to get to the page I get a message that says "Safari can’t open the page “https://www.essabank.com/index.cfm?” because the server where this page is located isn’t responding."
  I never had this issue before.
  I have Firefox and it does not work on that browser either.
  I have also tried RockMelt and Opera, again without any luck.
  I have searched on the web on several forums and the advice I saw there for similar issues did not work.
  I called my bank and they were not having any problems and told me the problem was on my end.
  I called Verizon and they tried to help, even took over the computer and they could not get the page to come up.
  I can access the page if I use Kproxy, but, I cannot access the bill pay feature that has a totally different error message.
  Does anybody know how I can fix this issue and gain access to my bank's page as I did before.
  This is extremely important as I need to get to the page and to my bill pay feature without any issues.
  As I said, this had been working fine up to about 2 or 3 days ago.
  I am using Safari Version 5.0.5 (6533.21.1)
  When I go to my bookmarks and previews, the preview for my bank is blank or black with the Safari logo and a lock on it, if this helps...
  Any help is greatly appreciated as we really need access to our banks page and features that we use all the time....
  Thank you in advance for any help with this problem.....

  Greetings,
  As you've tried multiple web browsers, try creating a new user account, log out of your current account, log in to the new account and try from the new user to see what happens: http://docs.info.apple.com/article.html?path=Mac/10.6/en/8235.html
  Cheers.

• 5520 to 5525 all access rules being ignored.

  I copied my config from my old 5520 to our new 5525 and when I cut over to it from the inside out I could get to the internet no problem but from the outside in none of our access rules were working.  Could someone take a look at our config and maybe inlighten me on the problem please.  Thanks,
  http://www.ebay.com/itm/290951611556?ssPageName=STRK:MEWNX:IT&_trksid=p3984.m1497.l2649
  : Saved
  : Written by admin at 02:33:30.875 EDT Mon Sep 30 2013
  ASA Version 8.6(1)2
  hostname ColASA01-HA
  domain-name corp.COMPANY.com
  names
  name 172.22.5.133 ColBarracuda description Colo Barracuda Internal
  name 74.XXX.XXX.133 ColBarracuda- description Colo Barracuda External
  name 74.XXX.XXX.132 ColVPN- description Colo VPN External
  name 172.22.5.138 ww2 description ww2 Internal
  name 74.XXX.XXX.138 ww2- description ww2 External
  name 172.22.5.139 www1 description www1 Internal
  name 74.XXX.XXX.139 www1- description www1 External
  name 172.22.5.140 www1-COMPANY.co.uk description www1 COMPANY.co.uk Internal
  name 172.22.5.143 ColSysAid description ColSysAid Internal
  name 74.XXX.XXX.143 ColSysAid- description ColSysAid External
  name 172.22.5.141 Colww3 description Colww3 Internal
  name 74.XXX.XXX.141 Colww3- description Colww3 External
  name 10.1.1.100 Facts description Facts Internal
  name 74.XXX.XXX.135 Facts- description Facts External
  name 74.XXX.XXX.144 ftp.boundree.co.uk- description ftp.COMPANY.co.uk External
  name 172.22.5.144 ftp.COMPANY.co.uk description ftp.COMPANY.co.uk Internal
  name 10.101.0.24 Dubmss01 description Voicemail Server - Internal
  name 74.XXX.XXX.145 Dubmss01- description Voicemail Sever - External
  name 172.22.5.146 ColBI01 description ColBI01 Internal
  name 74.XXX.XXX.146 ColBI01- description ColBI01 External
  name 172.22.5.147 ColMOSS01 description ColMOSS01 Internal
  name 74.XXX.XXX.147 ColMOSS01- description ColMOSS01 External
  name 172.22.5.149 ambutrak description AmbuTRAK Internal
  name 74.XXX.XXX.149 ambutrak- description AmbuTRAK External
  name 172.22.5.136 NSTrax description NSTrax Internal
  name 74.XXX.XXX.136 NSTrax- description NSTrax External
  name 172.22.5.150 btmu description BTMU Internal
  name 74.XXX.XXX.150 btmu- description BTMU External
  name 172.22.5.155 w2k-isoft description w2k-isoft Internal
  name 74.XXX.XXX.155 w2k-isoft- description w2k-isoft External
  name 172.22.5.142 Colexch01 description Colexch01 Internal
  name 172.22.5.151 Coltixdb description Coltxdb Internal
  name 74.XXX.XXX.151 Coltixdb- description Coltixdb External
  name 172.22.5.156 colexcas description colexcas Internal
  name 74.XXX.XXX.156 colexcas- description colexcas External
  name 172.22.3.74 colexcas01 description colexcas01 Internal
  name 172.22.3.75 colexcas02 description colexcas02 Internal
  name 172.22.5.157 ColFTP01 description ColFTP01 Internal
  name 74.XXX.XXX.157 ColFTP01- description ColFTP01 External
  name 172.22.5.158 www.COMPANY.com description www.COMPANY.com Internal
  name 74.XXX.XXX.158 www.COMPANY.com- description www.COMPANY.com External
  name 172.22.5.159 act.COMPANY.com description COMPANY ACT Internal - colww4
  name 74.XXX.XXX.159 act.COMPANY.com- description COMPANY ACT External
  name 172.22.3.93 test.COMPANY.com description test.COMPANY.com Internal
  name 172.22.5.161 ColdevAS2 description ColdevAS2 Internal
  name 74.XXX.XXX.160 Rewards.COMPANY.com- description COMPANY Rewards External
  name 74.XXX.XXX.153 as2.COMPANY.com- description as2.COMPANY.com External
  name 74.XXX.XXX.161 as2test.COMPANY.com- description as2test.COMPANY.com External
  name 172.22.5.153 colas2 description colas2 Internal
  name 172.22.5.160 colww5 description colww5 Internal
  name 172.22.3.91 colexcas01NLB description colexcas01 NLB Interface
  name 172.22.3.92 colexcas02NLB description colexcas02 NLB Interface
  name 172.22.3.100 ColVPN description Colo VPN Internal
  name 172.22.5.134 intra.COMPANY.com description on NewPortal
  name 74.XXX.XXX.134 intra.COMPANY.com- description It's on NewPortal
  name 10.1.0.80 asgard description asgard Internal
  name 74.XXX.XXX.163 www.COMPANY.net- description www.COMPANY.net External
  name 172.22.5.165 crmws.COMPANY.com description ColCrmRouter01 Internal
  name 74.XXX.XXX.165 crmws.COMPANY.com- description ColCrmRouter01 External
  name 10.1.5.137 dubngwt description Test Next Gen Web Farm Internal
  name 74.XXX.XXX.137 dubngwt- description Test Next Gen Web Farm External
  name 10.1.0.87 dubexcas description Dublin CAS NLB
  name 10.1.0.85 dubexcas01 description Dublin CAS Server
  name 10.1.0.86 dubexcas02 description Dublin CAS Server
  name 74.XXX.XXX.166 collync01- description Lync Edge Server External
  name 74.XXX.XXX.167 coltmg01- description TMG Server External
  name 172.23.2.166 collync01 description Lync Edge Server DMZ
  name 172.23.2.167 coltmg01 description TMG Server DMZ
  name 172.22.5.168 COMPANYfed.com description COMPANYfed.com Internal
  name 74.XXX.XXX.168 COMPANYfed.com- description COMPANYfed.com External
  name 172.22.3.60 www1.COMPANY.com description www1.COMPANY.com Internal
  name 74.XXX.XXX.169 www1.COMPANY.com- description www1.COMPANY.com External
  name 172.22.3.63 www1.COMPANYfed.com description www1.COMPANYfed.com Internal
  name 74.XXX.XXX.171 www1.COMPANYfed.com- description www1.COMPANYfed.com External
  name 172.22.3.61 www2.COMPANY.com description www2.COMPANY.com Internal
  name 74.XXX.XXX.170 www2.COMPANY.com- description www2.COMPANY.com External
  name 172.22.3.64 www2.COMPANYfed.com description www2.COMPANYfed.com Internal
  name 74.XXX.XXX.172 www2.COMPANYfed.com- description www2.COMPANYfed.com External
  name 172.22.5.154 COMPANY.com description COMPANY.com Web Farm Production
  name 74.XXX.XXX.154 COMPANY.com- description COMPANY.com Web Farm Outside
  name 184.XXX.XXX.226 PMISonicWALL description PMI SonicWALL
  name 10.10.0.0 PMI_SonicWALL-Subnet description PMI LAN
  name 10.1.0.0 DublinData description Dublin Data Network
  name 10.2.0.0 SouthavenData description Southaven Data Network
  name 10.0.0.0 BrentwoodData description Brentwood Data Network
  name 10.8.0.0 GilbertData description Gilbert Data Network
  name 10.101.0.0 DublinVoIP description Dublin VoIP Network
  name 10.110.0.0 PMI_SonicWALL-VOICSubnet
  name 172.24.3.50 ColUT04-PCITrust
  name 172.22.3.31 coldc01
  name 172.22.3.4 coldc02
  name 172.22.3.23 ColWSUS02 description Windows Update Server
  name 74.XXX.XXX.175 monitor.COMPANY.com- description PRTG Network Monitor
  name 172.22.3.150 ColPRTG01 description PRTG Monitor
  dns-guard
  interface GigabitEthernet0/0
  description Connected to Internet via COLRTR01
  speed 100
  duplex full
  shutdown
  nameif outside
  security-level 0
  ip address 74.XXX.XXX.130 255.255.255.192 standby 74.XXX.XXX.176
  ospf cost 10
  interface GigabitEthernet0/1
  description Connected to Colo LAN
  speed 100
  duplex full
  nameif inside
  security-level 100
  ip address 172.22.1.8 255.255.0.0 standby 172.22.1.50
  ospf cost 10
  authentication key eigrp 10 Fiyalt1 key-id 1
  authentication mode eigrp 10 md5
  interface GigabitEthernet0/2
  nameif DMZ
  security-level 10
  ip address 172.23.2.1 255.255.255.0 standby 172.23.2.50
  ospf cost 10
  interface GigabitEthernet0/3
  description Connected to COLSW01 port 9 - PCI Trust Area (no internet)
  nameif Colo_PCI_Trust
  security-level 100
  ip address 172.24.3.1 255.255.255.0 standby ColUT04-PCITrust
  ospf cost 10
  interface GigabitEthernet0/4
  shutdown
  no nameif
  no security-level
  no ip address
  interface GigabitEthernet0/5
  shutdown
  no nameif
  no security-level
  no ip address
  interface GigabitEthernet0/6
  shutdown
  no nameif
  no security-level
  no ip address
  interface GigabitEthernet0/7
  description LAN/STATE Failover Interface
  interface Management0/0
  nameif management
  security-level 100
  ip address 10.1.200.20 255.255.0.0 standby 10.1.200.21
  ospf cost 10
  management-only
  boot system disk0:/asa861-2-smp-k8.bin
  ftp mode passive
  clock timezone EST -5
  clock summer-time EDT recurring
  dns server-group DefaultDNS
  domain-name corp.COMPANY.com
  same-security-traffic permit inter-interface
  same-security-traffic permit intra-interface
  object network obj-172.22.255.0
  subnet 172.22.255.0 255.255.255.0
  object network PMI_SonicWALL-Subnet
  subnet 10.10.0.0 255.255.0.0
  object network obj-172.24.3.0
  subnet 172.24.3.0 255.255.255.0
  object network ColWSUS02
  host 172.22.3.23
  object network ambutrak
  host 172.22.5.149
  object network ambutrak-
  host 74.XXX.XXX.149
  object network btmu
  host 172.22.5.150
  object network btmu-
  host 74.XXX.XXX.150
  object network ColBarracuda
  host 172.22.5.133
  object network ColBarracuda-
  host 74.XXX.XXX.133
  object network ColBI01
  host 172.22.5.146
  object network ColBI01-
  host 74.XXX.XXX.146
  object network colexcas
  host 172.22.5.156
  object network colexcas-
  host 74.XXX.XXX.156
  object network ColMOSS01
  host 172.22.5.147
  object network ColMOSS01-
  host 74.XXX.XXX.147
  object network COMPANY.com
  host 172.22.5.154
  object network COMPANY.com-
  host 74.XXX.XXX.154
  object network Coltixdb
  host 172.22.5.151
  object network Coltixdb-
  host 74.XXX.XXX.151
  object network Colww3
  host 172.22.5.141
  object network Colww3-
  host 74.XXX.XXX.141
  object network ColSysAid
  host 172.22.5.143
  object network ColSysAid-
  host 74.XXX.XXX.143
  object network ColVPN
  host 172.22.3.100
  object network ColVPN-
  host 74.XXX.XXX.132
  object network colas2
  host 172.22.5.153
  object network as2.COMPANY.com-
  host 74.XXX.XXX.153
  object network Dubmss01
  host 10.101.0.24
  object network Dubmss01-
  host 74.XXX.XXX.145
  object network Facts
  host 10.1.1.100
  object network Facts-
  host 74.XXX.XXX.135
  object network ftp.COMPANY.co.uk
  host 172.22.5.144
  object network ftp.boundree.co.uk-
  host 74.XXX.XXX.144
  object network NSTrax
  host 172.22.5.136
  object network NSTrax-
  host 74.XXX.XXX.136
  object network w2k-isoft
  host 172.22.5.155
  object network w2k-isoft-
  host 74.XXX.XXX.155
  object network www1
  host 172.22.5.139
  object network www1-
  host 74.XXX.XXX.139
  object network ww2
  host 172.22.5.138
  object network ww2-
  host 74.XXX.XXX.138
  object network ColFTP01
  host 172.22.5.157
  object network ColFTP01-
  host 74.XXX.XXX.157
  object network www.COMPANY.com
  host 172.22.5.158
  object network www.COMPANY.com-
  host 74.XXX.XXX.158
  object network act.COMPANY.com
  host 172.22.5.159
  object network act.COMPANY.com-
  host 74.XXX.XXX.159
  object network colww5
  host 172.22.5.160
  object network Rewards.COMPANY.com-
  host 74.XXX.XXX.160
  object network ColdevAS2
  host 172.22.5.161
  object network as2test.COMPANY.com-
  host 74.XXX.XXX.161
  object network intra.COMPANY.com
  host 172.22.5.134
  object network intra.COMPANY.com-
  host 74.XXX.XXX.134
  object network asgard
  host 10.1.0.80
  object network www.COMPANY.net-
  host 74.XXX.XXX.163
  object network crmws.COMPANY.com
  host 172.22.5.165
  object network crmws.COMPANY.com-
  host 74.XXX.XXX.165
  object network dubngwt
  host 10.1.5.137
  object network dubngwt-
  host 74.XXX.XXX.137
  object network COMPANYfed.com
  host 172.22.5.168
  object network COMPANYfed.com-
  host 74.XXX.XXX.168
  object network www1.COMPANYfed.com
  host 172.22.3.63
  object network www1.COMPANYfed.com-
  host 74.XXX.XXX.171
  object network www2.COMPANYfed.com
  host 172.22.3.64
  object network www2.COMPANYfed.com-
  host 74.XXX.XXX.172
  object network www1.COMPANY.com
  host 172.22.3.60
  object network www1.COMPANY.com-
  host 74.XXX.XXX.169
  object network www2.COMPANY.com
  host 172.22.3.61
  object network www2.COMPANY.com-
  host 74.XXX.XXX.170
  object network ColPRTG01
  host 172.22.3.150
  object network monitor.COMPANY.com-
  host 74.XXX.XXX.175
  object network obj_any
  subnet 0.0.0.0 0.0.0.0
  object network collync01
  host 172.23.2.166
  object network collync01-
  host 74.XXX.XXX.166
  object network coltmg01
  host 172.23.2.167
  object network coltmg01-
  host 74.XXX.XXX.167
  object-group service DM_INLINE_SERVICE_1
  service-object gre
  service-object tcp destination eq pptp
  object-group service Barracuda tcp
  port-object eq 8000
  object-group service DM_INLINE_TCP_1 tcp
  port-object eq www
  port-object eq https
  port-object eq smtp
  port-object eq ssh
  group-object Barracuda
  object-group service DM_INLINE_TCP_2 tcp
  port-object eq www
  port-object eq https
  port-object eq smtp
  object-group service DM_INLINE_TCP_3 tcp
  port-object eq www
  port-object eq https
  port-object eq smtp
  object-group service DM_INLINE_TCP_5 tcp
  port-object eq www
  port-object eq https
  object-group service DM_INLINE_TCP_7 tcp
  port-object eq www
  port-object eq https
  object-group service mySQL tcp
  description mySQL Database
  port-object eq 3306
  object-group service DM_INLINE_TCP_9 tcp
  port-object eq www
  port-object eq https
  object-group service DM_INLINE_TCP_10 tcp
  port-object eq www
  port-object eq https
  object-group service DM_INLINE_TCP_11 tcp
  port-object eq www
  port-object eq https
  object-group service DM_INLINE_TCP_12 tcp
  port-object eq www
  port-object eq https
  object-group service as2 tcp
  description as2
  port-object eq 4080
  port-object eq 5080
  port-object eq https
  port-object eq 6080
  object-group network DM_INLINE_NETWORK_2
  network-object host ColBarracuda
  network-object host ww2
  network-object host www1
  network-object host colexcas01
  network-object host colexcas02
  network-object host colexcas
  network-object host test.COMPANY.com
  network-object host colexcas01NLB
  network-object host colexcas02NLB
  network-object host dubexcas01
  network-object host dubexcas02
  network-object host dubexcas
  object-group service SQLServer tcp
  description Microsoft SQL Server
  port-object eq 1433
  object-group service DM_INLINE_TCP_13 tcp
  port-object eq www
  port-object eq https
  port-object eq smtp
  object-group service DM_INLINE_TCP_14 tcp
  port-object eq www
  port-object eq https
  object-group service DM_INLINE_TCP_15 tcp
  port-object eq www
  port-object eq https
  object-group network DM_INLINE_NETWORK_1
  network-object host as2.COMPANY.com-
  network-object host as2test.COMPANY.com-
  object-group service DM_INLINE_TCP_6 tcp
  port-object eq www
  port-object eq https
  object-group service rdp tcp
  description Remote Desktop Protocol
  port-object eq 3389
  object-group service DM_INLINE_TCP_8 tcp
  port-object eq www
  port-object eq https
  object-group service DM_INLINE_TCP_16 tcp
  port-object eq www
  port-object eq https
  object-group service DM_INLINE_TCP_17 tcp
  port-object eq www
  port-object eq https
  object-group service DM_INLINE_TCP_4 tcp
  port-object eq www
  port-object eq https
  object-group service LyncEdge tcp-udp
  description sip-tls, 443, 444, rtp 50000-59999, stun udp 3478
  port-object eq 3478
  port-object eq 443
  port-object eq 444
  port-object range 50000 59999
  port-object eq 5061
  object-group protocol TCPUDP
  protocol-object udp
  protocol-object tcp
  object-group service DM_INLINE_TCP_18 tcp
  port-object eq www
  port-object eq https
  object-group service DM_INLINE_TCP_19 tcp
  port-object eq www
  port-object eq https
  object-group service DM_INLINE_TCP_20 tcp
  port-object eq www
  port-object eq https
  object-group service DM_INLINE_TCP_21 tcp
  port-object eq www
  port-object eq https
  object-group service DM_INLINE_TCP_22 tcp
  port-object eq www
  port-object eq https
  object-group network PMIVPNNetworks
  description VPN Networks to PMI
  network-object BrentwoodData 255.255.0.0
  network-object DublinData 255.255.0.0
  network-object SouthavenData 255.255.0.0
  network-object GilbertData 255.255.0.0
  network-object 172.22.0.0 255.255.0.0
  network-object DublinVoIP 255.255.0.0
  object-group network PMI_SonicWALL-Subnets
  network-object PMI_SonicWALL-Subnet 255.255.0.0
  network-object PMI_SonicWALL-VOICSubnet 255.255.0.0
  object-group network COLDCs
  network-object host coldc01
  network-object host coldc02
  access-list inside_access_in remark Allow SMTP from certain servers.
  access-list inside_access_in extended permit tcp object-group DM_INLINE_NETWORK_2 any eq smtp
  access-list inside_access_in remark No SMTP except from allowed servers
  access-list inside_access_in extended deny tcp any any eq smtp log errors
  access-list inside_access_in extended permit ip any any
  access-list inside_access_in remark For debugging (can enable logging)
  access-list inside_access_in extended deny ip any any
  access-list outside_access_in remark Allow Ping
  access-list outside_access_in extended permit icmp any any
  access-list outside_access_in remark Allow VPN
  access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_1 any object ColVPN-
  access-list outside_access_in remark Allow SMTP, HTTP, and HTTPS to the Exchange CAS NLB Cluster
  access-list outside_access_in extended permit tcp any object colexcas- object-group DM_INLINE_TCP_13
  access-list outside_access_in remark Allow SMTP, SSH, and Web
  access-list outside_access_in extended permit tcp any object ColBarracuda- object-group DM_INLINE_TCP_1
  access-list outside_access_in remark Allow HTTP and HTTPS to AmbuTRAK
  access-list outside_access_in extended permit tcp any object ambutrak- object-group DM_INLINE_TCP_10
  access-list outside_access_in remark Allow SMTP, HTTP and HTTPS to ww2
  access-list outside_access_in extended permit tcp any object ww2- object-group DM_INLINE_TCP_2
  access-list outside_access_in remark Allow SMTP, HTTP and HTTPS to www1
  access-list outside_access_in extended permit tcp any object www1- object-group DM_INLINE_TCP_3
  access-list outside_access_in remark Allow portal.bouindtree.com to COLMOSS01
  access-list outside_access_in extended permit tcp any object ColMOSS01- object-group DM_INLINE_TCP_9
  access-list outside_access_in remark Allow HTTP and HTTPS to ems.COMPANY.com
  access-list outside_access_in extended permit tcp any object Colww3- object-group DM_INLINE_TCP_5
  access-list outside_access_in remark Allow HTTP and HTTPS to helpdesk.COMPANY.com
  access-list outside_access_in extended permit tcp any object ColSysAid- object-group DM_INLINE_TCP_7
  access-list outside_access_in remark Allow SSH to Facts
  access-list outside_access_in extended permit tcp any object Facts- eq ssh inactive
  access-list outside_access_in remark Allow mySQL to NSTrax for IQ
  access-list outside_access_in extended permit tcp any object NSTrax- object-group mySQL inactive
  access-list outside_access_in remark Allow FTP to ftp.COMPANY.co.uk
  access-list outside_access_in extended permit tcp any object ftp.boundree.co.uk- eq ftp inactive
  access-list outside_access_in remark Allow IMAP to the Voice Mail Server
  access-list outside_access_in extended permit tcp any object Dubmss01- eq imap4
  access-list outside_access_in remark Permit HTTPS to ColBI01 for https://reports.COMPANY.com
  access-list outside_access_in extended permit tcp any object ColBI01- eq https inactive
  access-list outside_access_in remark Allow FTP to btmu.COMPANY.com
  access-list outside_access_in extended permit tcp any object btmu- eq ftp
  access-list outside_access_in remark Allow HTTP and HTTPS to colngwt - the Test Next Gen Web Farm
  access-list outside_access_in extended permit tcp any object dubngwt- object-group DM_INLINE_TCP_17 inactive
  access-list outside_access_in remark Allow HTTP and HTTPS to COMPANYfed.com
  access-list outside_access_in extended permit tcp any object COMPANYfed.com- object-group DM_INLINE_TCP_18
  access-list outside_access_in remark Allow HTTP and HTTPS to colngwp - the Next Gen Web Farm
  access-list outside_access_in extended permit tcp any object COMPANY.com- object-group DM_INLINE_TCP_11
  access-list outside_access_in remark Allow HTTP and HTTPS to Colww5, which is one of our web servers.
  access-list outside_access_in remark rewards.COMPANY.com is going live first on this web server.
  access-list outside_access_in extended permit tcp any object Rewards.COMPANY.com- object-group DM_INLINE_TCP_12
  access-list outside_access_in remark Allow HTTP and HTTPS to act.COMPANY.com
  access-list outside_access_in extended permit tcp any object act.COMPANY.com- object-group DM_INLINE_TCP_15
  access-list outside_access_in remark Allow AS2 (443, 4080, 5080, 6080) to the AS2 Production and Test Machines
  access-list outside_access_in extended permit tcp any object-group DM_INLINE_NETWORK_1 object-group as2
  access-list outside_access_in remark Allow HTTP and HTTPS to www.COMPANY.com
  access-list outside_access_in extended permit tcp any object www.COMPANY.com- object-group DM_INLINE_TCP_14
  access-list outside_access_in remark Allow AS2 to w2k-isoft
  access-list outside_access_in extended permit tcp any object w2k-isoft- object-group as2
  access-list outside_access_in remark All SQL Server (SSL) to Coltixdb
  access-list outside_access_in extended permit tcp any object Coltixdb- object-group SQLServer
  access-list outside_access_in remark Allow FTP to ColFTP01
  access-list outside_access_in extended permit tcp any object ColFTP01- eq ftp
  access-list outside_access_in remark allow http/https access in intra.COMPANY.com
  access-list outside_access_in extended permit tcp any object intra.COMPANY.com- object-group DM_INLINE_TCP_6
  access-list outside_access_in remark Allow http and https to asgard
  access-list outside_access_in extended permit tcp any object www.COMPANY.net- object-group DM_INLINE_TCP_8
  access-list outside_access_in remark Allow HTTP and HTTPS to ColCrmRouter01 (crmws.COMPANY.com)
  access-list outside_access_in extended permit tcp any object crmws.COMPANY.com- object-group DM_INLINE_TCP_16
  access-list outside_access_in remark Allow HTTP and HTTPS to coltmg01
  access-list outside_access_in extended permit tcp any object coltmg01- object-group DM_INLINE_TCP_4
  access-list outside_access_in remark Allow Lync Edgel traffic to collync01
  access-list outside_access_in extended permit object-group TCPUDP any object collync01- object-group LyncEdge
  access-list outside_access_in remark Allow HTTP and HTTPS to www1.COMPANY.com
  access-list outside_access_in extended permit tcp any object www1.COMPANY.com- object-group DM_INLINE_TCP_19
  access-list outside_access_in remark Allow HTTP and HTTPS to www2.COMPANY.com
  access-list outside_access_in extended permit tcp any object www2.COMPANY.com- object-group DM_INLINE_TCP_20
  access-list outside_access_in remark Allow HTTP and HTTPS to www1.COMPANYfed.com
  access-list outside_access_in extended permit tcp any object www1.COMPANYfed.com- object-group DM_INLINE_TCP_21
  access-list outside_access_in remark Allow HTTP and HTTPS to www2.COMPANYfed.com
  access-list outside_access_in extended permit tcp any object www2.COMPANYfed.com- object-group DM_INLINE_TCP_22
  access-list outside_access_in extended permit tcp any object monitor.COMPANY.com- eq www
  access-list outside_access_in remark For debugging (can enable logging)
  access-list outside_access_in extended deny ip any any
  access-list inside_nat0_outbound extended permit ip any 172.22.255.0 255.255.255.0
  access-list inside_nat0_outbound extended permit ip object-group PMIVPNNetworks object PMI_SonicWALL-Subnet
  access-list inside_nat0_outbound remark Domain Controller one to many rule so PCI Trust servers can reslove DNS names and authenticate.
  access-list inside_nat0_outbound extended permit ip object-group COLDCs 172.24.3.0 255.255.255.0
  access-list inside_nat0_outbound extended permit ip object ColWSUS02 172.24.3.0 255.255.255.0
  access-list outside_1_cryptomap extended permit ip object-group PMIVPNNetworks object-group PMI_SonicWALL-Subnets
  access-list Colo_PCI_Trust_access_in extended permit ip any any
  pager lines 24
  logging enable
  logging asdm warnings
  logging mail critical
  logging from-address [email protected]
  mtu outside 1500
  mtu inside 1500
  mtu DMZ 1500
  mtu Colo_PCI_Trust 1500
  mtu management 1500
  ip local pool vpnphone-ip-pool 172.22.255.1-172.22.255.254 mask 255.255.255.0
  failover
  failover lan unit primary
  failover lan interface HA GigabitEthernet0/7
  failover key Fiyalt!
  failover link HA GigabitEthernet0/7
  failover interface ip HA 172.16.200.1 255.255.255.248 standby 172.16.200.2
  no monitor-interface DMZ
  no monitor-interface Colo_PCI_Trust
  no monitor-interface management
  icmp unreachable rate-limit 1 burst-size 1
  icmp permit any inside
  icmp permit 172.24.3.0 255.255.255.0 Colo_PCI_Trust
  asdm image disk0:/asdm-66114.bin
  asdm location ColVPN- 255.255.255.255 inside
  asdm location ColBarracuda- 255.255.255.255 inside
  asdm location ColBarracuda 255.255.255.255 inside
  asdm location ww2- 255.255.255.255 inside
  asdm location www1- 255.255.255.255 inside
  asdm location ww2 255.255.255.255 inside
  asdm location www1 255.255.255.255 inside
  asdm location Colww3- 255.255.255.255 inside
  asdm location Colww3 255.255.255.255 inside
  asdm location ColSysAid- 255.255.255.255 inside
  asdm location ColSysAid 255.255.255.255 inside
  asdm location Facts 255.255.255.255 inside
  asdm location Facts- 255.255.255.255 inside
  asdm location NSTrax- 255.255.255.255 inside
  asdm location ftp.boundree.co.uk- 255.255.255.255 inside
  asdm location ftp.COMPANY.co.uk 255.255.255.255 inside
  asdm location Dubmss01 255.255.255.255 inside
  asdm location Dubmss01- 255.255.255.255 inside
  asdm location ColBI01- 255.255.255.255 inside
  asdm location ColBI01 255.255.255.255 inside
  asdm location ColMOSS01 255.255.255.255 inside
  asdm location ColMOSS01- 255.255.255.255 inside
  asdm location ambutrak- 255.255.255.255 inside
  asdm location ambutrak 255.255.255.255 inside
  asdm location NSTrax 255.255.255.255 inside
  asdm location btmu- 255.255.255.255 inside
  asdm location btmu 255.255.255.255 inside
  asdm location COMPANY.com- 255.255.255.255 inside
  asdm location COMPANY.com 255.255.255.255 inside
  asdm location as2.COMPANY.com- 255.255.255.255 inside
  asdm location colas2 255.255.255.255 inside
  asdm location w2k-isoft- 255.255.255.255 inside
  asdm location w2k-isoft 255.255.255.255 inside
  asdm location Coltixdb- 255.255.255.255 inside
  asdm location Coltixdb 255.255.255.255 inside
  asdm location colexcas- 255.255.255.255 inside
  asdm location colexcas01 255.255.255.255 inside
  asdm location colexcas02 255.255.255.255 inside
  asdm location colexcas 255.255.255.255 inside
  asdm location ColFTP01- 255.255.255.255 inside
  asdm location ColFTP01 255.255.255.255 inside
  asdm location www.COMPANY.com- 255.255.255.255 inside
  asdm location www.COMPANY.com 255.255.255.255 inside
  asdm location act.COMPANY.com- 255.255.255.255 inside
  asdm location act.COMPANY.com 255.255.255.255 inside
  asdm location Rewards.COMPANY.com- 255.255.255.255 inside
  asdm location colww5 255.255.255.255 inside
  asdm location as2test.COMPANY.com- 255.255.255.255 inside
  asdm location ColdevAS2 255.255.255.255 inside
  asdm location test.COMPANY.com 255.255.255.255 inside
  asdm location colexcas01NLB 255.255.255.255 inside
  asdm location colexcas02NLB 255.255.255.255 inside
  asdm location ColVPN 255.255.255.255 inside
  asdm location intra.COMPANY.com- 255.255.255.255 inside
  asdm location intra.COMPANY.com 255.255.255.255 inside
  asdm location asgard 255.255.255.255 inside
  asdm location www.COMPANY.net- 255.255.255.255 inside
  asdm location crmws.COMPANY.com- 255.255.255.255 inside
  asdm location crmws.COMPANY.com 255.255.255.255 inside
  asdm location dubngwt- 255.255.255.255 inside
  asdm location dubngwt 255.255.255.255 inside
  asdm location dubexcas01 255.255.255.255 inside
  asdm location dubexcas02 255.255.255.255 inside
  asdm location dubexcas 255.255.255.255 inside
  asdm location collync01- 255.255.255.255 inside
  asdm location coltmg01- 255.255.255.255 inside
  asdm location collync01 255.255.255.255 inside
  asdm location coltmg01 255.255.255.255 inside
  asdm location COMPANYfed.com- 255.255.255.255 inside
  asdm location COMPANYfed.com 255.255.255.255 inside
  asdm location www1.COMPANY.com- 255.255.255.255 inside
  asdm location www2.COMPANY.com- 255.255.255.255 inside
  asdm location www1.COMPANYfed.com- 255.255.255.255 inside
  asdm location www2.COMPANYfed.com- 255.255.255.255 inside
  asdm location www1.COMPANY.com 255.255.255.255 inside
  asdm location www2.COMPANY.com 255.255.255.255 inside
  asdm location www1.COMPANYfed.com 255.255.255.255 inside
  asdm location www2.COMPANYfed.com 255.255.255.255 inside
  asdm location PMI_SonicWALL-Subnet 255.255.0.0 inside
  asdm location PMISonicWALL 255.255.255.255 inside
  asdm location BrentwoodData 255.255.0.0 inside
  asdm location GilbertData 255.255.0.0 inside
  asdm location coldc01 255.255.255.255 inside
  asdm location coldc02 255.255.255.255 inside
  asdm location ColWSUS02 255.255.255.255 inside
  asdm location monitor.COMPANY.com- 255.255.255.255 inside
  asdm location ColPRTG01 255.255.255.255 inside
  no asdm history enable
  arp timeout 14400
  nat (inside,any) source static any any destination static obj-172.22.255.0 obj-172.22.255.0 no-proxy-arp
  nat (inside,any) source static PMIVPNNetworks PMIVPNNetworks destination static PMI_SonicWALL-Subnet PMI_SonicWALL-Subnet no-proxy-arp
  nat (inside,any) source static COLDCs COLDCs destination static obj-172.24.3.0 obj-172.24.3.0 no-proxy-arp
  nat (inside,any) source static ColWSUS02 ColWSUS02 destination static obj-172.24.3.0 obj-172.24.3.0 no-proxy-arp
  object network ambutrak
  nat (inside,outside) static ambutrak-
  object network btmu
  nat (inside,outside) static btmu-
  object network ColBarracuda
  nat (inside,outside) static ColBarracuda-
  object network ColBI01
  nat (inside,outside) static ColBI01-
  object network colexcas
  nat (inside,outside) static colexcas-
  object network ColMOSS01
  nat (inside,outside) static ColMOSS01-
  object network COMPANY.com
  nat (inside,outside) static COMPANY.com-
  object network Coltixdb
  nat (inside,outside) static Coltixdb-
  object network Colww3
  nat (inside,outside) static Colww3-
  object network ColSysAid
  nat (inside,outside) static ColSysAid-
  object network ColVPN
  nat (inside,outside) static ColVPN-
  object network colas2
  nat (inside,outside) static as2.COMPANY.com-
  object network Dubmss01
  nat (inside,outside) static Dubmss01-
  object network Facts
  nat (inside,outside) static Facts-
  object network ftp.COMPANY.co.uk
  nat (inside,outside) static ftp.COMPANY.co.uk-
  object network NSTrax
  nat (inside,outside) static NSTrax-
  object network w2k-isoft
  nat (inside,outside) static w2k-isoft-
  object network www1
  nat (inside,outside) static www1-
  object network ww2
  nat (inside,outside) static ww2-
  object network ColFTP01
  nat (inside,outside) static ColFTP01-
  object network www.COMPANY.com
  nat (inside,outside) static www.COMPANY.com-
  object network act.COMPANY.com
  nat (inside,outside) static act.COMPANY.com-
  object network colww5
  nat (inside,outside) static Rewards.COMPANY.com-
  object network ColdevAS2
  nat (inside,outside) static as2test.COMPANY.com-
  object network intra.COMPANY.com
  nat (inside,outside) static intra.COMPANY.com-
  object network asgard
  nat (inside,outside) static www.COMPANY.net-
  object network crmws.COMPANY.com
  nat (inside,outside) static crmws.COMPANY.com-
  object network dubngwt
  nat (inside,outside) static dubngwt-
  object network COMPANYfed.com
  nat (inside,outside) static COMPANYfed.com-
  object network www1.COMPANYfed.com
  nat (inside,outside) static www1.COMPANYfed.com-
  object network www2.COMPANYfed.com
  nat (inside,outside) static www2.COMPANYfed.com-
  object network www1.COMPANY.com
  nat (inside,outside) static www1.COMPANY.com-
  object network www2.COMPANY.com
  nat (inside,outside) static www2.COMPANY.com-
  object network ColPRTG01
  nat (inside,outside) static monitor.COMPANY.com-
  object network obj_any
  nat (inside,outside) dynamic 74.XXX.XXX.131
  object network collync01
  nat (DMZ,outside) static collync01-
  object network coltmg01
  nat (DMZ,outside) static coltmg01-
  access-group outside_access_in in interface outside
  access-group inside_access_in in interface inside
  access-group Colo_PCI_Trust_access_in in interface Colo_PCI_Trust
  router eigrp 10
  no auto-summary
  eigrp router-id 172.22.1.8
  network 172.22.0.0 255.255.0.0
  route outside 0.0.0.0 0.0.0.0 74.XXX.XXX.129 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  dynamic-access-policy-record DfltAccessPolicy
  aaa-server Colo protocol radius
  aaa-server Colo (inside) host coldc02
  timeout 5
  key Bound/\Tree
  radius-common-pw Bound/\Tree
  aaa-server Colo (inside) host coldc01
  timeout 5
  key Bound/\Tree
  user-identity default-domain LOCAL
  http server enable
  http 172.22.0.0 255.255.0.0 inside
  http DublinData 255.255.0.0 inside
  http DublinData 255.255.0.0 management
  snmp-server host inside 10.1.0.59 community public
  snmp-server host inside ColPRTG01 community public
  snmp-server location Columbus, OH - Colo
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
  crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
  crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
  crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
  crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
  crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
  crypto map outside_map 1 match address outside_1_cryptomap
  crypto map outside_map 1 set pfs
  crypto map outside_map 1 set peer PMISonicWALL
  crypto map outside_map 1 set ikev1 transform-set ESP-3DES-SHA
  crypto map outside_map 1 set nat-t-disable
  crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
  crypto map outside_map interface outside
  crypto ikev1 enable outside
  crypto ikev1 enable inside
  crypto ikev1 policy 30
  authentication pre-share
  encryption 3des
  hash sha
  group 2
  lifetime 28800
  telnet BrentwoodData 255.0.0.0 inside
  telnet coldc02 255.255.255.255 inside
  telnet DublinData 255.255.0.0 management
  telnet timeout 5
  ssh 172.22.0.0 255.255.0.0 inside
  ssh DublinData 255.255.0.0 inside
  ssh timeout 5
  console timeout 0
  threat-detection basic-threat
  threat-detection statistics
  threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
  ntp server 74.14.179.211 source outside prefer
  ntp server 69.64.72.238 source outside prefer
  ntp server coldc02 source inside
  ntp server 74.120.8.2 source outside prefer
  ntp server 108.61.56.35 source outside prefer
  ntp server coldc01 source inside
  webvpn
  group-policy GroupPolicy_74.XXX.XXX.130 internal
  group-policy GroupPolicy_74.XXX.XXX.130 attributes
  vpn-tunnel-protocol ikev1
  group-policy VPNPHONE internal
  group-policy VPNPHONE attributes
  dns-server value 172.22.3.4 172.22.3.31
  vpn-tunnel-protocol ikev1
  default-domain value corp.COMPANY.com
  tunnel-group VPNPHONE type remote-access
  tunnel-group VPNPHONE general-attributes
  address-pool vpnphone-ip-pool
  authentication-server-group Colo
  default-group-policy VPNPHONE
  tunnel-group VPNPHONE ipsec-attributes
  ikev1 pre-shared-key *
  tunnel-group 184.XXX.XXX.226 type ipsec-l2l
  tunnel-group 184.XXX.XXX.226 ipsec-attributes
  ikev1 pre-shared-key *
  peer-id-validate nocheck
  class-map inspection_default
  match default-inspection-traffic
  policy-map type inspect dns migrated_dns_map_1
  parameters
    message-length maximum 512
  policy-map global_policy
  class inspection_default
    inspect dns migrated_dns_map_1
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect sqlnet
    inspect skinny 
    inspect sunrpc
    inspect xdmcp
    inspect sip 
    inspect tftp
    inspect http
    inspect icmp
    inspect pptp
    inspect icmp error
    inspect ip-options
  class class-default
  service-policy global_policy global
  smtp-server 172.22.5.156
  prompt hostname context
  no call-home reporting anonymous
  call-home
  profile CiscoTAC-1
    no active
    destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
    destination address email [email protected]
    destination transport-method http
    subscribe-to-alert-group diagnostic
    subscribe-to-alert-group environment
    subscribe-to-alert-group inventory periodic monthly 18
    subscribe-to-alert-group configuration periodic monthly 18
    subscribe-to-alert-group telemetry periodic daily
  Cryptochecksum:65e78911eefb94bd98892700b143f716
  : end

  Hi,
  Any ASA using software 8.3 or above that does Static NAT between private and public IP addresses (or any NAT at all) and you want to allow traffic from public network to those Static NATed servers you will need to use the local/real IP address in the ACL statements.
  If your ASA5520 was running 8.3 or above software levels then there should be no major changes compared to an ASA5525-X running 8.6 software level.
  The only situation I can think of right now is if you had used ASA5520 with software 8.2 or below BUT in that case you WOULD NOT have been able to directly copy/paste the configuration to the ASA5525-X device as the lowest software level that the ASA5525-X supports is 8.6(1)
  So I am kind of wondering what the situation has actually been.
  But one thing is certain. You need to use the real/local IP address of the server in the ACL rules even if you are allowing traffic from the public/external network.
  The "packet-tracer" test used to simulate a connection coming to one of your Static NAT public IP address should also tell if your ACLs are configured correctly, among other things.
  - Jouni

• BM 3.9 Access Rules Work Only Once

  What I want:
  Access Rule that blocks ALL attempts to download in a browser any file that ends with a specific extension (.exe for example).
  What I have:
  Access Rule:
  Type: Port
  Source DNS Hostname: Any
  Destination DNS Hostname: *.exe
  Origin Server Port: 1-65535
  Action: Deny Access
  What is happening:
  I apply the rule and test and I am denied the first attempt.
  When another attempt is made, the action is allowed.
  Monitor shows the following error message when rules changes are applied:
  Unable to read configuration from NDS (error - -672)
  Note: I just removed ALL rules listed in iManager, saved and I am still able to access web pages. I though that by default access is denied?

  In article <[email protected]>, Johnefleming
  wrote:
  > I apply the rule and test and I am denied the first attempt.
  > When another attempt is made, the action is allowed.
  >
  > Monitor shows the following error message when rules changes are
  > applied:
  >
  > Unable to read configuration from NDS (error - -672)
  >
  Do you have a replica on the server?
  A 672 error sounds like something fundamentally wrong is going on with
  NDS on that server. You should have a replica on it that holds the
  server objects at least.
  Craig Johnson
  Novell Support Connection SysOp
  *** For a current patch list, tips, handy files and books on
  BorderManager, go to http://www.craigjconsulting.com ***

• Applying new access rules fails.

  Netware 6.5 SP6 BM 3.9
  Ok, new problem. I am trying to add some new access rules to the list in a particular container. When I have defined the rule and click apply I get the following message - Unknown system error. This doesnt happen on the other container which already has rules defined in it. Are the rules from the higher level container being propogated down the tree as I assumed they would be ?
  ---treename 2 explicit deny rules for the whole company
  ------it This container to be exempt. cant add rule to allow all.
  ------helpdesk
  ------etc
  Another aside seems to be that even though "Enforce Access Rules" is always on sometimes the rules do not work and sometimes they do.
  Any help much appreciated.

  JeffSheehan,
  It appears that in the past few days you have not received a response to your posting. That concerns us, and has triggered this automated reply.
  Has your problem been resolved? If not, you might try one of the following options:
  - Visit http://support.novell.com/ to search the knowledgebase and check the other support options available on that page under "Self Support" and "Support Programs".
  - You could also try posting your message again. Make sure it is posted in the correct newsgroup. (http://support.novell.com/forums)
  If this is a reply to a duplicate posting, please ignore and accept our apologies and rest assured we will issue a stern reprimand to our posting bot.
  Good luck!
  Your Novell Product Support Forums Team
  http://support.novell.com/forums/

• BM 3.9 Access Rules

  Hi!,
  Im having a problem with BM 3.9 access rules. When I create a Rule and
  then I try to modify the rule I only have a blank Screen and I couldn't
  modify the rules.
  and in Logger screen I see Device Choosen is null.
  Any Idea.
  I have BM 3.9 on Netware 6.5.6 and all teh post support pack required.
  I have Imanager 2.6 support pack 4.
  Thanks.

  Please have a look at the recent thread iManager Java Error in this
  newsgroup. Perhaps your issue is related.
  Craig Johnson
  Novell Support Connection SysOp
  *** For a current patch list, tips, handy files and books on
  BorderManager, go to http://www.craigjconsulting.com ***

• WRT54G unable to access random pages

  i have the WRT54G ver 5.1 and just upgraded the firmware from 1.00.6 to 1.01.1. some time after the update, i cannot access some pages - browser instantly shows the "page cannot be found" message and ping request instantly suggests to check the entered url, as if the router woun't even forward the requests and just drops them. then again, maybe 15 minutes later, i can access the same pages perfectly fine, yet some other pages stop working. sometimes DHCP RELEASE/RENEW helps, but also for a short period of time, then the router starts acting erratically again. i'm clueless.
  mihkelMessage Edited by mihkeltt on 12-26-200606:24 PM

   Hi……
           After upgrading the Firmware you need to reset the router by holding and pressing the reset in the back panel of the router for 30seconds. Then reconfigure the router.
  Then check your internet connection through the router.
  If the connection drops again then connect one your pc to the router and log into the setup page of the router http://192.168.1.1 username leave blank and the password is admin. On the setup screen lower the MTU to 1396 and then power cycle the whole network [unplug the power to the router and the modem and plug them back in]

• Difficulty editing access rules

  Hi all,
  The access rules I had set on my Bordermanager 3.9 server have disappeared, and when I try to add new ones I only get a blank screen in iManager. The entries below have been appearing in the iManager.log file:
  8/07/2008 10:45:55 com.volera.vcdn.webui.sc.dispatcher.ConfigXmlUpdat eDispatcher performElementCreate
  WARNING: Could NOT find /ACL
  8/07/2008 10:45:55
  com.volera.vcdn.webui.sc.dispatcher.ConfigXmlUpdat eDispatcher performExplicitSet
  WARNING: XPath NOT found = /ACL/AccessRule[last()]
  8/07/2008 10:45:55 com.volera.vcdn.webui.sc.dispatcher.ConfigXmlUpdat eDispatcher performExplicitSet
  WARNING: XPath NOT found = /ACL/AccessRule[last()]
  8/07/2008 10:45:55 com.volera.vcdn.webui.sc.dispatcher.ConfigXmlUpdat eDispatcher performExplicitSet
  WARNING: XPath NOT found = /ACL/AccessRule[last()]
  I think I may have accidently corrupted my ACL configuration (I realise now I should have done a config.xml backup when I freshly installed the server!)
  I thought that perhaps the ACL section of the config.xml backups I do now is missing.
  Is there any way I can roll back the Bordermanager 3.9 configuration to the way it was when it was first installed, or insert a basic ACL section into a config.xml file and restore it?
  Thanks in advance,
  Erik

  In article <[email protected]>, Earok wrote:
  > Is there any way I can roll back the Bordermanager 3.9 configuration to
  > the way it was when it was first installed, or insert a basic ACL
  > section into a config.xml file and restore it?
  >
  I suppose if you have a backup file, or one from a similar server, you
  could copy something in, but I haven't tried it yet to find out what sort
  of syntax issues one might encounter.
  Have you tried running FILLATTR.NCF again?
  Craig Johnson
  Novell Support Connection SysOp
  *** For a current patch list, tips, handy files and books on
  BorderManager, go to http://www.craigjconsulting.com ***