Cisco asa- vpn established but cant ping

Similar Messages

• 3G VPN established but no traffic using ASA 5505

    Hi All,
  hoping that someone can help me here. We are able to esatblish VPN connection but we cannot pass traffic out.
  Here are the details.
  ISP has a range of 25.16.0.0/15 and they are doing Natting.
  We are using Raven X and ASA5505 is connected. Session is established but can't pass traffic or ping.
  router output:
  ASA Version 8.2(2)
  hostname DR-5505-50
  domain-name dont know
  enable password xxxxxx encrypted passwd kOuREZbrVpcZibgH encrypted names name 192.168.0.0 Corp name 10.10.0.0 device !
  interface Vlan1
  nameif inside
  security-level 100
  ip address 10.10.254.254 255.255.255.0
  interface Vlan2
  nameif outside
  security-level 0
  ip address dhcp setroute
  interface Ethernet0/0
  switchport access vlan 2
  interface Ethernet0/1
  interface Ethernet0/2
  interface Ethernet0/3
  interface Ethernet0/4
  interface Ethernet0/5
  interface Ethernet0/6
  interface Ethernet0/7
  ftp mode passive
  clock timezone EST -5
  clock summer-time EDT recurring
  dns server-group DefaultDNS
  domain-name network.comsame-security-traffic permit inter-interface same-security-traffic permit intra-interface object-group network never  network-object Jobsites 255.255.0.0  network-object Corp 255.255.0.0 access-list outside_1_cryptomap extended permit ip 10.10.254.0
  255.255.255.0 object-group network access-list inside_nat0_outbound extended permit ip 10.10.254.0
  255.255.255.0 object-group networkn
  access-list inside_access_in extended permit ip 10.10.254.0 255.255.255.0 any pager lines 24 logging asdm informational mtu inside 1500 mtu outside 1500 icmp unreachable rate-limit 1 burst-size 1 icmp permit any inside icmp permit any outside no asdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 0 access-list inside_nat0_outbound nat (inside) 1 0.0.0.0 0.0.0.0 access-group inside_access_in in interface inside access-group outside_access_in in interface outside timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat
  0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect
  0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 dynamic-access-policy-record DfltAccessPolicy aaa authentication ssh console LOCAL http server enable http 0.0.0.0 0.0.0.0 outside http 0.0.0.0 0.0.0.0 inside snmp-server host inside 192.168.152.28 community edsnmp version 2c no snmp-server location no snmp-server contact snmp-server community edsnmp snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec security-association lifetime seconds 28800 crypto ipsec security-association lifetime kilobytes 4608000 crypto map outside_map 1 match address outside_1_cryptomap crypto map outside_map 1 set pfs group1 crypto map outside_map 1 set peer 204.101.74.2 crypto map outside_map 1 set transform-set ESP-3DES-SHA crypto map outside_map interface outside crypto isakmp identity hostname crypto isakmp enable outside crypto isakmp policy 10  authentication pre-share  encryption 3des  hash sha  group 2  lifetime 86400 crypto isakmp policy 65535  authentication pre-share  encryption 3des  hash sha  group 2  lifetime 86400 no crypto isakmp nat-traversal telnet timeout 5 ssh 0.0.0.0 0.0.0.0 inside ssh 0.0.0.0 0.0.0.0 outside ssh timeout 60 console timeout 0 management-access inside dhcpd auto_config outside !
  dhcpd address 10.10.254.70-10.10.254.169 inside dhcpd dns 192.168.152.21 192.168.160.21 interface inside dhcpd lease 432000 interface inside dhcpd domain name.com interface inside dhcpd option 3 ip 10.10.254.254 interface inside dhcpd enable inside !
  vpnclient management clear
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept webvpn  tunnel-group-list enable username admin password Xhasdfuasdhsdfh encrypted privilege 15 tunnel-group x.x.x.x type ipsec-l2l tunnel-group x.x.x.xipsec-attributes  pre-shared-key dynamicvpn !
  prompt hostname context
  call-home
  profile CiscoTAC-1
    no active
    destination address http
  whatever.com
    destination address email [email protected]
    destination transport-method http
    subscribe-to-alert-group diagnostic
    subscribe-to-alert-group environment
    subscribe-to-alert-group inventory periodic monthly
    subscribe-to-alert-group configuration periodic monthly
    subscribe-to-alert-group telemetry periodic daily
  Cryptochecksum:
  Log file:
  6|May 06 2013|07:00:01|302016|192.168.160.21|53|10.10.254.70|57967|Teardown UDP connection 245 for outside:192.168.160.21/53 to inside:10.10.254.70/57967 duration 0:02:07 bytes 148
  6|May 06 2013|07:00:01|302016|192.168.152.21|53|10.10.254.70|57967|Teardown UDP connection 243 for outside:192.168.152.21/53 to inside:10.10.254.70/57967 duration 0:02:08 bytes 111
  6|May 06 2013|06:59:58|302021|192.168.152.21|0|10.10.254.70|1|Teardown ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
  6|May 06 2013|06:59:57|302015|192.168.160.21|53|10.10.254.70|52108|Built outbound UDP connection 349 for outside:192.168.160.21/53 (192.168.160.21/53) to inside:10.10.254.70/52108 (10.10.254.70/52108)
  6|May 06 2013|06:59:56|302015|192.168.160.21|53|10.10.254.70|50503|Built outbound UDP connection 348 for outside:192.168.160.21/53 (192.168.160.21/53) to inside:10.10.254.70/50503 (10.10.254.70/50503)
  6|May 06 2013|06:59:56|302016|192.168.160.21|53|10.10.254.70|54304|Teardown UDP connection 241 for outside:192.168.160.21/53 to inside:10.10.254.70/54304 duration 0:02:07 bytes 236
  6|May 06 2013|06:59:56|302016|192.168.152.21|53|10.10.254.70|54304|Teardown UDP connection 240 for outside:192.168.152.21/53 to inside:10.10.254.70/54304 duration 0:02:08 bytes 177
  6|May 06 2013|06:59:56|302020|10.10.254.70|1|192.168.152.21|0|Built outbound ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
  6|May 06 2013|06:59:56|302015|192.168.152.21|53|10.10.254.70|52108|Built outbound UDP connection 346 for outside:192.168.152.21/53 (192.168.152.21/53) to inside:10.10.254.70/52108 (10.10.254.70/52108)
  6|May 06 2013|06:59:55|302015|192.168.152.21|53|10.10.254.70|50503|Built outbound UDP connection 345 for outside:192.168.152.21/53 (192.168.152.21/53) to inside:10.10.254.70/50503 (10.10.254.70/50503)
  6|May 06 2013|06:59:55|302016|192.168.160.21|53|10.10.254.70|65422|Teardown UDP connection 238 for outside:192.168.160.21/53 to inside:10.10.254.70/65422 duration 0:02:07 bytes 136
  6|May 06 2013|06:59:55|302016|192.168.152.21|53|10.10.254.70|65422|Teardown UDP connection 237 for outside:192.168.152.21/53 to inside:10.10.254.70/65422 duration 0:02:08 bytes 102
  6|May 06 2013|06:59:54|302021|192.168.152.21|0|10.10.254.70|1|Teardown ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
  6|May 06 2013|06:59:54|302015|192.168.160.21|53|10.10.254.70|51008|Built outbound UDP connection 344 for outside:192.168.160.21/53 (192.168.160.21/53) to inside:10.10.254.70/51008 (10.10.254.70/51008)
  6|May 06 2013|06:59:53|302015|192.168.152.21|53|10.10.254.70|51008|Built outbound UDP connection 343 for outside:192.168.152.21/53 (192.168.152.21/53) to inside:10.10.254.70/51008 (10.10.254.70/51008)
  6|May 06 2013|06:59:53|302016|192.168.160.21|53|10.10.254.70|50300|Teardown UDP connection 236 for outside:192.168.160.21/53 to inside:10.10.254.70/50300 duration 0:02:07 bytes 152
  6|May 06 2013|06:59:53|302016|192.168.152.21|53|10.10.254.70|50300|Teardown UDP connection 234 for outside:192.168.152.21/53 to inside:10.10.254.70/50300 duration 0:02:08 bytes 114
  6|May 06 2013|06:59:53|302016|192.168.160.21|53|10.10.254.70|49286|Teardown UDP connection 235 for outside:192.168.160.21/53 to inside:10.10.254.70/49286 duration 0:02:07 bytes 152
  6|May 06 2013|06:59:53|302016|192.168.152.21|53|10.10.254.70|49286|Teardown UDP connection 233 for outside:192.168.152.21/53 to inside:10.10.254.70/49286 duration 0:02:08 bytes 114
  6|May 06 2013|06:59:52|302020|10.10.254.70|1|192.168.152.21|0|Built outbound ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
  6|May 06 2013|06:59:50|302016|192.168.160.21|53|10.10.254.70|57306|Teardown UDP connection 231 for outside:192.168.160.21/53 to inside:10.10.254.70/57306 duration 0:02:07 bytes 152
  6|May 06 2013|06:59:50|302016|192.168.152.21|53|10.10.254.70|57306|Teardown UDP connection 229 for outside:192.168.152.21/53 to inside:10.10.254.70/57306 duration 0:02:08 bytes 114
  6|May 06 2013|06:59:50|302021|192.168.152.21|0|10.10.254.70|1|Teardown ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
  6|May 06 2013|06:59:49|302014|129.22.177.79|31663|10.10.254.70|34470|Teardown TCP connection 322 for outside:129.22.177.79/31663 to inside:10.10.254.70/34470 duration 0:00:30 bytes 0 SYN Timeout
  6|May 06 2013|06:59:49|302016|192.168.160.21|53|10.10.254.70|54646|Teardown UDP connection 230 for outside:192.168.160.21/53 to inside:10.10.254.70/54646 duration 0:02:07 bytes 160
  6|May 06 2013|06:59:49|302016|192.168.152.21|53|10.10.254.70|54646|Teardown UDP connection 227 for outside:192.168.152.21/53 to inside:10.10.254.70/54646 duration 0:02:08 bytes 120
  6|May 06 2013|06:59:49|302016|192.168.160.21|53|10.10.254.70|64481|Teardown UDP connection 228 for outside:192.168.160.21/53 to inside:10.10.254.70/64481 duration 0:02:07 bytes 152
  6|May 06 2013|06:59:49|302016|192.168.152.21|53|10.10.254.70|64481|Teardown UDP connection 226 for outside:192.168.152.21/53 to inside:10.10.254.70/64481 duration 0:02:08 bytes 114
  6|May 06 2013|06:59:48|302020|10.10.254.70|1|192.168.152.21|0|Built outbound ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
  6|May 06 2013|06:59:47|305012|10.10.254.70|34468|192.168.13.100|55721|Teardown dynamic TCP translation from inside:10.10.254.70/34468 to outside:192.168.13.100/55721 duration 0:01:30
  6|May 06 2013|06:59:46|305012|10.10.254.70|34467|192.168.13.100|48446|Teardown dynamic TCP translation from inside:10.10.254.70/34467 to outside:192.168.13.100/48446 duration 0:01:30
  6|May 06 2013|06:59:46|302016|192.168.152.21|53|10.10.254.70|63417|Teardown UDP connection 224 for outside:192.168.152.21/53 to inside:10.10.254.70/63417 duration 0:02:07 bytes 111
  6|May 06 2013|06:59:46|302016|192.168.160.21|53|10.10.254.70|63417|Teardown UDP connection 223 for outside:192.168.160.21/53 to inside:10.10.254.70/63417 duration 0:02:08 bytes 148
  6|May 06 2013|06:59:46|302021|192.168.152.21|0|10.10.254.70|1|Teardown ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
  6|May 06 2013|06:59:44|302020|10.10.254.70|1|192.168.152.21|0|Built outbound ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
  6|May 06 2013|06:59:42|302021|192.168.152.21|0|10.10.254.70|1|Teardown ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
  6|May 06 2013|06:59:40|302015|192.168.152.21|53|10.10.254.70|62424|Built outbound UDP connection 339 for outside:192.168.152.21/53 (192.168.152.21/53) to inside:10.10.254.70/62424 (10.10.254.70/62424)
  6|May 06 2013|06:59:40|302020|10.10.254.70|1|192.168.152.21|0|Built outbound ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
  6|May 06 2013|06:59:39|302015|192.168.160.21|53|10.10.254.70|62424|Built outbound UDP connection 337 for outside:192.168.160.21/53 (192.168.160.21/53) to inside:10.10.254.70/62424 (10.10.254.70/62424)
  6|May 06 2013|06:59:38|302021|192.168.152.21|0|10.10.254.70|1|Teardown ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
  6|May 06 2013|06:59:37|302016|192.168.152.21|53|10.10.254.70|59943|Teardown UDP connection 219 for outside:192.168.152.21/53 to inside:10.10.254.70/59943 duration 0:02:07 bytes 108
  6|May 06 2013|06:59:37|302016|192.168.160.21|53|10.10.254.70|59943|Teardown UDP connection 218 for outside:192.168.160.21/53 to inside:10.10.254.70/59943 duration 0:02:08 bytes 144
  6|May 06 2013|06:59:37|302015|192.168.152.21|53|10.10.254.70|58710|Built outbound UDP connection 336 for outside:192.168.152.21/53 (192.168.152.21/53) to inside:10.10.254.70/58710 (10.10.254.70/58710)
  6|May 06 2013|06:59:36|302020|10.10.254.70|1|192.168.152.21|0|Built outbound ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
  6|May 06 2013|06:59:36|302015|192.168.160.21|53|10.10.254.70|58710|Built outbound UDP connection 334 for outside:192.168.160.21/53 (192.168.160.21/53) to inside:10.10.254.70/58710 (10.10.254.70/58710)
  6|May 06 2013|06:59:36|302016|192.168.152.21|53|10.10.254.70|51377|Teardown UDP connection 217 for outside:192.168.152.21/53 to inside:10.10.254.70/51377 duration 0:02:07 bytes 114
  6|May 06 2013|06:59:36|302016|192.168.160.21|53|10.10.254.70|51377|Teardown UDP connection 215 for outside:192.168.160.21/53 to inside:10.10.254.70/51377 duration 0:02:08 bytes 152
  6|May 06 2013|06:59:34|302016|192.168.152.21|53|10.10.254.70|56751|Teardown UDP connection 214 for outside:192.168.152.21/53 to inside:10.10.254.70/56751 duration 0:02:07 bytes 111
  6|May 06 2013|06:59:34|302016|192.168.160.21|53|10.10.254.70|56751|Teardown UDP connection 213 for outside:192.168.160.21/53 to inside:10.10.254.70/56751 duration 0:02:08 bytes 148
  6|May 06 2013|06:59:34|302021|192.168.152.21|0|10.10.254.70|1|Teardown ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
  6|May 06 2013|06:59:32|302020|10.10.254.70|1|192.168.152.21|0|Built outbound ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
  6|May 06 2013|06:59:32|302016|192.168.152.21|53|10.10.254.70|63965|Teardown UDP connection 212 for outside:192.168.152.21/53 to inside:10.10.254.70/63965 duration 0:02:07 bytes 114
  6|May 06 2013|06:59:32|302016|192.168.160.21|53|10.10.254.70|63965|Teardown UDP connection 210 for outside:192.168.160.21/53 to inside:10.10.254.70/63965 duration 0:02:08 bytes 152
  6|May 06 2013|06:59:30|302021|192.168.152.21|0|10.10.254.70|1|Teardown ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
  6|May 06 2013|06:59:28|302016|192.168.152.21|137|10.10.254.70|137|Teardown UDP connection 211 for outside:192.168.152.21/137 to inside:10.10.254.70/137 duration 0:02:04 bytes 150
  6|May 06 2013|06:59:28|302015|192.168.152.21|53|10.10.254.70|57795|Built outbound UDP connection 332 for outside:192.168.152.21/53 (192.168.152.21/53) to inside:10.10.254.70/57795 (10.10.254.70/57795)
  6|May 06 2013|06:59:28|302020|10.10.254.70|1|192.168.152.21|0|Built outbound ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
  6|May 06 2013|06:59:28|302016|192.168.152.21|53|10.10.254.70|60822|Teardown UDP connection 206 for outside:192.168.152.21/53 to inside:10.10.254.70/60822 duration 0:02:07 bytes 114
  6|May 06 2013|06:59:28|302016|192.168.160.21|53|10.10.254.70|60822|Teardown UDP connection 205 for outside:192.168.160.21/53 to inside:10.10.254.70/60822 duration 0:02:08 bytes 152
  6|May 06 2013|06:59:27|302015|192.168.160.21|53|10.10.254.70|57795|Built outbound UDP connection 330 for outside:192.168.160.21/53 (192.168.160.21/53) to inside:10.10.254.70/57795 (10.10.254.70/57795)
  6|May 06 2013|06:59:26|302015|192.168.152.21|53|10.10.254.70|54989|Built outbound UDP connection 329 for outside:192.168.152.21/53 (192.168.152.21/53) to inside:10.10.254.70/54989 (10.10.254.70/54989)
  6|May 06 2013|06:59:26|302021|192.168.152.21|0|10.10.254.70|1|Teardown ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
  6|May 06 2013|06:59:25|302015|192.168.160.21|53|10.10.254.70|54989|Built outbound UDP connection 328 for outside:192.168.160.21/53 (192.168.160.21/53) to inside:10.10.254.70/54989 (10.10.254.70/54989)
  6|May 06 2013|06:59:25|302015|192.168.152.21|53|10.10.254.70|58248|Built outbound UDP connection 327 for outside:192.168.152.21/53 (192.168.152.21/53) to inside:10.10.254.70/58248 (10.10.254.70/58248)
  6|May 06 2013|06:59:24|302020|10.10.254.70|1|192.168.152.21|0|Built outbound ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
  6|May 06 2013|06:59:24|302015|192.168.160.21|53|10.10.254.70|58248|Built outbound UDP connection 325 for outside:192.168.160.21/53 (192.168.160.21/53) to inside:10.10.254.70/58248 (10.10.254.70/58248)
  6|May 06 2013|06:59:22|302016|192.168.152.21|53|10.10.254.70|52148|Teardown UDP connection 204 for outside:192.168.152.21/53 to inside:10.10.254.70/52148 duration 0:02:07 bytes 111
  6|May 06 2013|06:59:22|302016|192.168.160.21|53|10.10.254.70|52148|Teardown UDP connection 201 for outside:192.168.160.21/53 to inside:10.10.254.70/52148 duration 0:02:08 bytes 148
  6|May 06 2013|06:59:22|302021|192.168.152.21|0|10.10.254.70|1|Teardown ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
  6|May 06 2013|06:59:20|302013|129.22.177.79|31663|10.10.254.70|34471|Built outbound TCP connection 324 for outside:129.22.177.79/31663 (129.22.177.79/31663) to inside:10.10.254.70/34471 (192.168.13.100/60918)
  6|May 06 2013|06:59:20|305011|10.10.254.70|34471|192.168.13.100|60918|Built dynamic TCP translation from inside:10.10.254.70/34471 to outside:192.168.13.100/60918
  6|May 06 2013|06:59:20|302020|10.10.254.70|1|192.168.152.21|0|Built outbound ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
  6|May 06 2013|06:59:20|302016|192.168.152.21|53|10.10.254.70|50470|Teardown UDP connection 200 for outside:192.168.152.21/53 to inside:10.10.254.70/50470 duration 0:02:07 bytes 135
  6|May 06 2013|06:59:20|302016|192.168.160.21|53|10.10.254.70|50470|Teardown UDP connection 199 for outside:192.168.160.21/53 to inside:10.10.254.70/50470 duration 0:02:08 bytes 180
  6|May 06 2013|06:59:20|302014|71.207.1.189|1761|10.10.254.70|34468|Teardown TCP connection 275 for outside:71.207.1.189/1761 to inside:10.10.254.70/34468 duration 0:01:02 bytes 376 TCP FINs
  6|May 06 2013|06:59:19|302013|129.22.177.79|31663|10.10.254.70|34470|Built outbound TCP connection 322 for outside:129.22.177.79/31663 (129.22.177.79/31663) to inside:10.10.254.70/34470 (192.168.13.100/64832)
  6|May 06 2013|06:59:19|305011|10.10.254.70|34470|192.168.13.100|64832|Built dynamic TCP translation from inside:10.10.254.70/34470 to outside:192.168.13.100/64832
  6|May 06 2013|06:59:18|302014|67.86.118.52|17365|10.10.254.70|34467|Teardown TCP connection 274 for outside:67.86.118.52/17365 to inside:10.10.254.70/34467 duration 0:01:02 bytes 453 TCP FINs
  6|May 06 2013|06:59:18|302013|173.164.60.149|12864|10.10.254.70|34469|Built outbound TCP connection 321 for outside:173.164.60.149/12864 (173.164.60.149/12864) to inside:10.10.254.70/34469 (192.168.13.100/39628)
  6|May 06 2013|06:59:18|305011|10.10.254.70|34469|192.168.13.100|39628|Built dynamic TCP translation from inside:10.10.254.70/34469 to outside:192.168.13.100/39628
  6|May 06 2013|06:59:18|302021|192.168.152.21|0|10.10.254.70|1|Teardown ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
  6|May 06 2013|06:59:17|302016|192.168.152.21|53|10.10.254.70|54536|Teardown UDP connection 198 for outside:192.168.152.21/53 to inside:10.10.254.70/54536 duration 0:02:07 bytes 114
  6|May 06 2013|06:59:17|302016|192.168.160.21|53|10.10.254.70|54536|Teardown UDP connection 197 for outside:192.168.160.21/53 to inside:10.10.254.70/54536 duration 0:02:08 bytes 152
  6|May 06 2013|06:59:16|302020|10.10.254.70|1|192.168.152.21|0|Built outbound ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
  6|May 06 2013|06:59:14|302021|192.168.152.21|0|10.10.254.70|1|Teardown ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
  6|May 06 2013|06:59:13|302016|192.168.152.21|53|10.10.254.70|57635|Teardown UDP connection 196 for outside:192.168.152.21/53 to inside:10.10.254.70/57635 duration 0:02:07 bytes 102
  6|May 06 2013|06:59:13|302016|192.168.160.21|53|10.10.254.70|57635|Teardown UDP connection 195 for outside:192.168.160.21/53 to inside:10.10.254.70/57635 duration 0:02:08 bytes 136
  6|May 06 2013|06:59:12|302015|192.168.152.21|53|10.10.254.70|60510|Built outbound UDP connection 319 for outside:192.168.152.21/53 (192.168.152.21/53) to inside:10.10.254.70/60510 (10.10.254.70/60510)
  6|May 06 2013|06:59:12|302020|10.10.254.70|1|192.168.152.21|0|Built outbound ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
  6|May 06 2013|06:59:12|302015|192.168.152.21|53|10.10.254.70|50779|Built outbound UDP connection 317 for outside:192.168.152.21/53 (192.168.152.21/53) to inside:10.10.254.70/50779 (10.10.254.70/50779)
  6|May 06 2013|06:59:11|302015|192.168.160.21|53|10.10.254.70|60510|Built outbound UDP connection 316 for outside:192.168.160.21/53 (192.168.160.21/53) to inside:10.10.254.70/60510 (10.10.254.70/60510)
  6|May 06 2013|06:59:11|302016|192.168.152.21|53|10.10.254.70|49716|Teardown UDP connection 194 for outside:192.168.152.21/53 to inside:10.10.254.70/49716 duration 0:02:07 bytes 111
  6|May 06 2013|06:59:11|302016|192.168.152.21|53|10.10.254.70|57570|Teardown UDP connection 193 for outside:192.168.152.21/53 to inside:10.10.254.70/57570 duration 0:02:07 bytes 156
  6|May 06 2013|06:59:11|302016|192.168.160.21|53|10.10.254.70|49716|Teardown UDP connection 192 for outside:192.168.160.21/53 to inside:10.10.254.70/49716 duration 0:02:08 bytes 148
  6|May 06 2013|06:59:11|302016|192.168.160.21|53|10.10.254.70|57570|Teardown UDP connection 191 for outside:192.168.160.21/53 to inside:10.10.254.70/57570 duration 0:02:08 bytes 208
  6|May 06 2013|06:59:11|302015|192.168.160.21|53|10.10.254.70|50779|Built outbound UDP connection 315 for outside:192.168.160.21/53 (192.168.160.21/53) to inside:10.10.254.70/50779 (10.10.254.70/50779)
  6|May 06 2013|06:59:10|302015|192.168.152.21|53|10.10.254.70|64783|Built outbound UDP connection 314 for outside:192.168.152.21/53 (192.168.152.21/53) to inside:10.10.254.70/64783 (10.10.254.70/64783)
  6|May 06 2013|06:59:10|302016|192.168.152.21|53|10.10.254.70|63136|Teardown UDP connection 190 for outside:192.168.152.21/53 to inside:10.10.254.70/63136 duration 0:02:07 bytes 111
  6|May 06 2013|06:59:10|302016|192.168.160.21|53|10.10.254.70|63136|Teardown UDP connection 189 for outside:192.168.160.21/53 to inside:10.10.254.70/63136 duration 0:02:08 bytes 148
  6|May 06 2013|06:59:10|302021|192.168.152.21|0|10.10.254.70|1|Teardown ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
  6|May 06 2013|06:59:09|302015|192.168.160.21|53|10.10.254.70|64783|Built outbound UDP connection 313 for outside:192.168.160.21/53 (192.168.160.21/53) to inside:10.10.254.70/64783 (10.10.254.70/64783)
  6|May 06 2013|06:59:08|302020|10.10.254.70|1|192.168.152.21|0|Built outbound ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
  6|May 06 2013|06:59:06|302021|192.168.152.21|0|10.10.254.70|1|Teardown ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
  6|May 06 2013|06:59:04|302020|10.10.254.70|1|192.168.152.21|0|Built outbound ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
  6|May 06 2013|06:59:03|305012|10.10.254.70|34458|192.168.13.100|26157|Teardown dynamic TCP translation from inside:10.10.254.70/34458 to outside:192.168.13.100/26157 duration 0:01:00
  6|May 06 2013|06:59:02|302016|192.168.160.21|53|10.10.254.70|54985|Teardown UDP connection 186 for outside:192.168.160.21/53 to inside:10.10.254.70/54985 duration 0:02:07 bytes 152
  6|May 06 2013|06:59:02|302016|192.168.152.21|53|10.10.254.70|54985|Teardown UDP connection 184 for outside:192.168.152.21/53 to inside:10.10.254.70/54985 duration 0:02:08 bytes 114
  6|May 06 2013|06:59:02|302021|192.168.152.21|0|10.10.254.70|1|Teardown ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
  6|May 06 2013|06:59:00|302020|10.10.254.70|1|192.168.152.21|0|Built outbound ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
  6|May 06 2013|06:58:58|305012|10.10.254.70|34457|192.168.13.100|43659|Teardown dynamic TCP translation from inside:10.10.254.70/34457 to outside:192.168.13.100/43659 duration 0:01:00
  6|May 06 2013|06:58:58|305012|10.10.254.70|34456|192.168.13.100|47534|Teardown dynamic TCP translation from inside:10.10.254.70/34456 to outside:192.168.13.100/47534 duration 0:01:00
  6|May 06 2013|06:58:58|302021|192.168.152.21|0|10.10.254.70|1|Teardown ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
  6|May 06 2013|06:58:57|305012|10.10.254.70|34455|192.168.13.100|4536|Teardown dynamic TCP translation from inside:10.10.254.70/34455 to outside:192.168.13.100/4536 duration 0:01:00
  6|May 06 2013|06:58:57|302016|192.168.160.21|53|10.10.254.70|57758|Teardown UDP connection 182 for outside:192.168.160.21/53 to inside:10.10.254.70/57758 duration 0:02:07 bytes 152
  6|May 06 2013|06:58:57|302016|192.168.160.21|53|10.10.254.70|56258|Teardown UDP connection 181 for outside:192.168.160.21/53 to inside:10.10.254.70/56258 duration 0:02:07 bytes 148
  6|May 06 2013|06:58:57|302016|192.168.152.21|53|10.10.254.70|57758|Teardown UDP connection 180 for outside:192.168.152.21/53 to inside:10.10.254.70/57758 duration 0:02:08 bytes 114
  6|May 06 2013|06:58:57|302016|192.168.152.21|53|10.10.254.70|56258|Teardown UDP connection 179 for outside:192.168.152.21/53 to inside:10.10.254.70/56258 duration 0:02:08 bytes 111
  6|May 06 2013|06:58:57|305012|10.10.254.70|34454|192.168.13.100|39886|Teardown dynamic TCP translation from inside:10.10.254.70/34454 to outside:192.168.13.100/39886 duration 0:01:00
  6|May 06 2013|06:58:56|302015|192.168.152.21|53|10.10.254.70|65123|Built outbound UDP connection 309 for outside:192.168.152.21/53 (192.168.152.21/53) to inside:10.10.254.70/65123 (10.10.254.70/65123)
  6|May 06 2013|06:58:56|305012|10.10.254.70|34453|192.168.13.100|34856|Teardown dynamic TCP translation from inside:10.10.254.70/34453 to outside:192.168.13.100/34856 duration 0:01:00
  6|May 06 2013|06:58:56|305012|10.10.254.70|34452|192.168.13.100|33908|Teardown dynamic TCP translation from inside:10.10.254.70/34452 to outside:192.168.13.100/33908 duration 0:01:00
  6|May 06 2013|06:58:56|302016|67.84.253.214|56426|10.10.254.70|64582|Teardown UDP connection 185 for outside:67.84.253.214/56426 to inside:10.10.254.70/64582 duration 0:02:01 bytes 44
  6|May 06 2013|06:58:56|302020|10.10.254.70|1|192.168.152.21|0|Built outbound ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
  6|May 06 2013|06:58:56|302015|192.168.152.21|53|10.10.254.70|65511|Built outbound UDP connection 307 for outside:192.168.152.21/53 (192.168.152.21/53) to inside:10.10.254.70/65511 (10.10.254.70/65511)
  6|May 06 2013|06:58:56|302016|192.168.160.21|53|10.10.254.70|54190|Teardown UDP connection 178 for outside:192.168.160.21/53 to inside:10.10.254.70/54190 duration 0:02:07 bytes 148
  6|May 06 2013|06:58:56|302016|192.168.152.21|53|10.10.254.70|54190|Teardown UDP connection 177 for outside:192.168.152.21/53 to inside:10.10.254.70/54190 duration 0:02:08 bytes 111
  6|May 06 2013|06:58:55|302015|192.168.160.21|53|10.10.254.70|65123|Built outbound UDP connection 306 for outside:192.168.160.21/53 (192.168.160.21/53) to inside:10.10.254.70/65123 (10.10.254.70/65123)
  6|May 06 2013|06:58:55|302015|192.168.160.21|53|10.10.254.70|65511|Built outbound UDP connection 305 for outside:192.168.160.21/53 (192.168.160.21/53) to inside:10.10.254.70/65511 (10.10.254.70/65511)
  6|May 06 2013|06:58:54|302021|192.168.152.21|0|10.10.254.70|1|Teardown ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
  6|May 06 2013|06:58:53|302016|192.168.160.21|53|10.10.254.70|57069|Teardown UDP connection 175 for outside:192.168.160.21/53 to inside:10.10.254.70/57069 duration 0:02:07 bytes 236
  6|May 06 2013|06:58:53|302016|192.168.152.21|53|10.10.254.70|57069|Teardown UDP connection 173 for outside:192.168.152.21/53 to inside:10.10.254.70/57069 duration 0:02:08 bytes 177
  6|May 06 2013|06:58:52|302020|10.10.254.70|1|192.168.152.21|0|Built outbound ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
  6|May 06 2013|06:58:51|302015|192.168.152.21|53|10.10.254.70|51914|Built outbound UDP connection 303 for outside:192.168.152.21/53 (192.168.152.21/53) to inside:10.10.254.70/51914 (10.10.254.70/51914)
  6|May 06 2013|06:58:51|302016|192.168.160.21|53|10.10.254.70|53582|Teardown UDP connection 169 for outside:192.168.160.21/53 to inside:10.10.254.70/53582 duration 0:02:07 bytes 120
  6|May 06 2013|06:58:51|302016|192.168.152.21|53|10.10.254.70|53582|Teardown UDP connection 166 for outside:192.168.152.21/53 to inside:10.10.254.70/53582 duration 0:02:08 bytes 90
  6|May 06 2013|06:58:50|302016|178.46.108.7|36497|10.10.254.70|64582|Teardown UDP connection 96 for outside:178.46.108.7/36497 to inside:10.10.254.70/64582 duration 0:02:34 bytes 108
  6|May 06 2013|06:58:50|302021|192.168.152.21|0|10.10.254.70|1|Teardown ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
  6|May 06 2013|06:58:50|302015|192.168.160.21|53|10.10.254.70|51914|Built outbound UDP connection 302 for outside:192.168.160.21/53 (192.168.160.21/53) to inside:10.10.254.70/51914 (10.10.254.70/51914)
  6|May 06 2013|06:58:48|302020|10.10.254.70|1|192.168.152.21|0|Built outbound ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
  6|May 06 2013|06:58:48|302015|192.168.152.21|53|10.10.254.70|65020|Built outbound UDP connection 300 for outside:192.168.152.21/53 (192.168.152.21/53) to inside:10.10.254.70/65020 (10.10.254.70/65020)
  6|May 06 2013|06:58:47|302014|50.72.9.170|12248|10.10.254.70|34454|Teardown TCP connection 252 for outside:50.72.9.170/12248 to inside:10.10.254.70/34454 duration 0:00:50 bytes 389 TCP FINs
  6|May 06 2013|06:58:47|302014|174.91.241.232|53766|10.10.254.70|34458|Teardown TCP connection 260 for outside:174.91.241.232/53766 to inside:10.10.254.70/34458 duration 0:00:44 bytes 384 TCP FINs
  6|May 06 2013|06:58:47|302014|24.202.182.58|43715|10.10.254.70|34452|Teardown TCP connection 249 for outside:24.202.182.58/43715 to inside:10.10.254.70/34452 duration 0:00:51 bytes 440 TCP FINs
  6|May 06 2013|06:58:47|302015|192.168.160.21|53|10.10.254.70|65020|Built outbound UDP connection 299 for outside:192.168.160.21/53 (192.168.160.21/53) to inside:10.10.254.70/65020 (10.10.254.70/65020)
  6|May 06 2013|06:58:46|302021|192.168.152.21|0|10.10.254.70|1|Teardown ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
  6|May 06 2013|06:58:45|305012|10.10.254.70|34448|192.168.13.100|53786|Teardown dynamic TCP translation from inside:10.10.254.70/34448 to outside:192.168.13.100/53786 duration 0:01:30
  6|May 06 2013|06:58:44|305012|10.10.254.70|34447|192.168.13.100|43394|Teardown dynamic TCP translation from inside:10.10.254.70/34447 to outside:192.168.13.100/43394 duration 0:01:30
  6|May 06 2013|06:58:44|302020|10.10.254.70|1|192.168.152.21|0|Built outbound ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
  6|May 06 2013|06:58:44|302016|192.168.152.21|53|10.10.254.70|62190|Teardown UDP connection 162 for outside:192.168.152.21/53 to inside:10.10.254.70/62190 duration 0:02:07 bytes 111
  6|May 06 2013|06:58:44|302016|192.168.160.21|53|10.10.254.70|62190|Teardown UDP connection 158 for outside:192.168.160.21/53 to inside:10.10.254.70/62190 duration 0:02:08 bytes 148
  6|May 06 2013|06:58:42|302015|192.168.152.21|53|10.10.254.70|57574|Built outbound UDP connection 297 for outside:192.168.152.21/53 (192.168.152.21/53) to inside:10.10.254.70/57574 (10.10.254.70/57574)
  6|May 06 2013|06:58:42|302016|192.168.152.21|53|10.10.254.70|52009|Teardown UDP connection 157 for outside:192.168.152.21/53 to inside:10.10.254.70/52009 duration 0:02:07 bytes 111
  6|May 06 2013|06:58:42|302016|192.168.152.21|53|10.10.254.70|56201|Teardown UDP connection 156 for outside:192.168.152.21/53 to inside:10.10.254.70/56201 duration 0:02:07 bytes 114
  6|May 06 2013|06:58:42|302016|192.168.160.21|53|10.10.254.70|56201|Teardown UDP connection 154 for outside:192.168.160.21/53 to inside:10.10.254.70/56201 duration 0:02:08 bytes 152
  6|May 06 2013|06:58:42|302016|192.168.160.21|53|10.10.254.70|52009|Teardown UDP connection 153 for outside:192.168.160.21/53 to inside:10.10.254.70/52009 duration 0:02:08 bytes 148
  6|May 06 2013|06:58:42|302021|192.168.152.21|0|10.10.254.70|1|Teardown ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
  6|May 06 2013|06:58:41|302015|192.168.152.21|53|10.10.254.70|54805|Built outbound UDP connection 296 for outside:192.168.152.21/53 (192.168.152.21/53) to inside:10.10.254.70/54805 (10.10.254.70/54805)
  6|May 06 2013|06:58:41|302015|192.168.160.21|53|10.10.254.70|57574|Built outbound UDP connection 295 for outside:192.168.160.21/53 (192.168.160.21/53) to inside:10.10.254.70/57574 (10.10.254.70/57574)
  6|May 06 2013|06:58:40|302015|192.168.160.21|53|10.10.254.70|54805|Built outbound UDP connection 294 for outside:192.168.160.21/53 (192.168.160.21/53) to inside:10.10.254.70/54805 (10.10.254.70/54805)
  6|May 06 2013|06:58:40|302020|10.10.254.70|1|192.168.152.21|0|Built outbound ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
  6|May 06 2013|06:58:39|302016|192.168.152.21|53|10.10.254.70|49838|Teardown UDP connection 149 for outside:192.168.152.21/53 to inside:10.10.254.70/49838 duration 0:02:07 bytes 165
  6|May 06 2013|06:58:39|302016|192.168.160.21|53|10.10.254.70|49838|Teardown UDP connection 142 for outside:192.168.160.21/53 to inside:10.10.254.70/49838 duration 0:02:08 bytes 220
  6|May 06 2013|06:58:38|302021|192.168.152.21|0|10.10.254.70|1|Teardown ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
  6|May 06 2013|06:58:37|302016|192.168.152.21|53|10.10.254.70|65386|Teardown UDP connection 138 for outside:192.168.152.21/53 to inside:10.10.254.70/65386 duration 0:02:07 bytes 105
  6|May 06 2013|06:58:37|302016|192.168.160.21|53|10.10.254.70|65386|Teardown UDP connection 136 for outside:192.168.160.21/53 to inside:10.10.254.70/65386 duration 0:02:08 bytes 140
  6|May 06 2013|06:58:36|302020|10.10.254.70|1|192.168.152.21|0|Built outbound ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
  6|May 06 2013|06:58:35|302016|76.119.99.25|62111|10.10.254.70|64582|Teardown UDP connection 140 for outside:76.119.99.25/62111 to inside:10.10.254.70/64582 duration 0:02:04 bytes 220
  6|May 06 2013|06:58:34|302021|192.168.152.21|0|10.10.254.70|1|Teardown ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
  6|May 06 2013|06:58:33|302016|192.168.1.134|34097|10.10.254.70|64582|Teardown UDP connection 143 for outside:192.168.1.134/34097 to inside:10.10.254.70/64582 duration 0:02:02 bytes 56
  6|May 06 2013|06:58:33|302015|192.168.152.21|53|10.10.254.70|64940|Built outbound UDP connection 291 for outside:192.168.152.21/53 (192.168.152.21/53) to inside:10.10.254.70/64940 (10.10.254.70/64940)
  6|May 06 2013|06:58:32|302016|213.199.179.150|443|10.10.254.70|64582|Teardown UDP connection 141 for outside:213.199.179.150/443 to inside:10.10.254.70/64582 duration 0:02:01 bytes 44
  6|May 06 2013|06:58:32|302015|192.168.160.21|53|10.10.254.70|64940|Built outbound UDP connection 290 for outside:192.168.160.21/53 (192.168.160.21/53) to inside:10.10.254.70/64940 (10.10.254.70/64940)
  6|May 06 2013|06:58:32|302020|10.10.254.70|1|192.168.152.21|0|Built outbound ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
  6|May 06 2013|06:58:32|302016|192.168.160.21|53|10.10.254.70|62327|Teardown UDP connection 133 for outside:192.168.160.21/53 to inside:10.10.254.70/62327 duration 0:02:07 bytes 148
  6|May 06 2013|06:58:32|302016|192.168.152.21|53|10.10.254.70|62327|Teardown UDP connection 131 for outside:192.168.152.21/53 to inside:10.10.254.70/62327 duration 0:02:08 bytes 111
  6|May 06 2013|06:58:31|302016|111.221.77.161|443|10.10.254.70|64582|Teardown UDP connection 101 for outside:111.221.77.161/443 to inside:10.10.254.70/64582 duration 0:02:14 bytes 88
  6|May 06 2013|06:58:31|302016|192.168.160.21|53|10.10.254.70|50601|Teardown UDP connection 132 for outside:192.168.160.21/53 to inside:10.10.254.70/50601 duration 0:02:07 bytes 136
  6|May 06 2013|06:58:31|302016|192.168.152.21|53|10.10.254.70|50601|Teardown UDP connection 130 for outside:192.168.152.21/53 to inside:10.10.254.70/50601 duration 0:02:08 bytes 102
  6|May 06 2013|06:58:31|302016|69.142.74.136|5370|10.10.254.70|64582|Teardown UDP connection 97 for outside:69.142.74.136/5370 to inside:10.10.254.70/64582 duration 0:02:14 bytes 88
  6|May 06 2013|06:58:30|302016|187.35.72.228|9426|10.10.254.70|64582|Teardown UDP connection 98 for outside:187.35.72.228/9426 to inside:10.10.254.70/64582 duration 0:02:13 bytes 36
  6|May 06 2013|06:58:30|302015|192.168.152.21|53|10.10.254.70|52963|Built outbound UDP connection 288 for outside:192.168.152.21/53 (192.168.152.21/53) to inside:10.10.254.70/52963 (10.10.254.70/52963)
  6|May 06 2013|06:58:30|302021|192.168.152.21|0|10.10.254.70|1|Teardown ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
  6|May 06 2013|06:58:30|302015|192.168.152.21|53|10.10.254.70|50141|Built outbound UDP connection 287 for outside:192.168.152.21/53 (192.168.152.21/53) to inside:10.10.254.70/50141 (10.10.254.70/50141)
  6|May 06 2013|06:58:30|302016|192.168.160.21|53|10.10.254.70|49975|Teardown UDP connection 129 for outside:192.168.160.21/53 to inside:10.10.254.70/49975 duration 0:02:07 bytes 160
  6|May 06 2013|06:58:30|302016|192.168.152.21|53|10.10.254.70|49975|Teardown UDP connection 127 for outside:192.168.152.21/53 to inside:10.10.254.70/49975 duration 0:02:08 bytes 120
  6|May 06 2013|06:58:29|302016|192.168.160.21|53|10.10.254.70|57658|Teardown UDP connection 128 for outside:192.168.160.21/53 to inside:10.10.254.70/57658 duration 0:02:07 bytes 136
  6|May 06 2013|06:58:29|302016|192.168.152.21|53|10.10.254.70|57658|Teardown UDP connection 126 for outside:192.168.152.21/53 to inside:10.10.254.70/57658 duration 0:02:08 bytes 102
  6|May 06 2013|06:58:29|302015|192.168.160.21|53|10.10.254.70|52963|Built outbound UDP connection 286 for outside:192.168.160.21/53 (192.168.160.21/53) to inside:10.10.254.70/52963 (10.10.254.70/52963)
  6|May 06 2013|06:58:29|302015|192.168.160.21|53|10.10.254.70|50141|Built outbound UDP connection 285 for outside:192.168.160.21/53 (192.168.160.21/53) to inside:10.10.254.70/50141 (10.10.254.70/50141)
  6|May 06 2013|06:58:28|302014|184.64.37.48|80|10.10.254.70|34457|Teardown TCP connection 257 for outside:184.64.37.48/80 to inside:10.10.254.70/34457 duration 0:00:30 bytes 0 SYN Timeout
  6|May 06 2013|06:58:28|302014|184.64.37.48|443|10.10.254.70|34456|Teardown TCP connection 256 for outside:184.64.37.48/443 to inside:10.10.254.70/34456 duration 0:00:30 bytes 0 SYN Timeout
  6|May 06 2013|06:58:28|302020|10.10.254.70|1|192.168.152.21|0|Built outbound ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
  6|May 06 2013|06:58:27|302014|184.64.37.48|53578|10.10.254.70|34455|Teardown TCP connection 254 for outside:184.64.37.48/53578 to inside:10.10.254.70/34455 duration 0:00:30 bytes 0 SYN Timeout
  6|May 06 2013|06:58:27|302015|192.168.152.21|53|10.10.254.70|57349|Built outbound UDP connection 283 for outside:192.168.152.21/53 (192.168.152.21/53) to inside:10.10.254.70/57349 (10.10.254.70/57349)
  6|May 06 2013|06:58:26|302015|192.168.152.21|53|10.10.254.70|54841|Built outbound UDP connection 282 for outside:192.168.152.21/53 (192.168.152.21/53) to inside:10.10.254.70/54841 (10.10.254.70/54841)
  6|May 06 2013|06:58:26|302014|184.64.37.48|53578|10.10.254.70|34453|Teardown TCP connection 250 for outside:184.64.37.48/53578 to inside:10.10.254.70/34453 duration 0:00:30 bytes 0 SYN Timeout
  6|May 06 2013|06:58:26|302021|192.168.152.21|0|10.10.254.70|1|Teardown ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
  6|May 06 2013|06:58:26|302015|192.168.160.21|53|10.10.254.70|57349|Built outbound UDP connection 281 for outside:192.168.160.21/53 (192.168.160.21/53) to inside:10.10.254.70/57349 (10.10.254.70/57349)
  6|May 06 2013|06:58:25|302015|192.168.160.21|53|10.10.254.70|54841|Built outbound UDP connection 280 for outside:192.168.160.21/53 (192.168.160.21/53) to inside:10.10.254.70/54841 (10.10.254.70/54841)
  6|May 06 2013|06:58:25|302016|192.168.160.21|53|10.10.254.70|63377|Teardown UDP connection 118 for outside:192.168.160.21/53 to inside:10.10.254.70/63377 duration 0:02:07 bytes 236
  6|May 06 2013|06:58:25|302016|192.168.152.21|53|10.10.254.70|63377|Teardown UDP connection 104 for outside:192.168.152.21/53 to inside:10.10.254.70/63377 duration 0:02:08 bytes 177
  6|May 06 2013|06:58:24|302016|192.168.160.21|53|10.10.254.70|53894|Teardown UDP connection 107 for outside:192.168.160.21/53 to inside:10.10.254.70/53894 duration 0:02:07 bytes 164
  6|May 06 2013|06:58:24|302016|192.168.160.21|53|10.10.254.70|53008|Teardown UDP connection 106 for outside:192.168.160.21/53 to inside:10.10.254.70/53008 duration 0:02:07 bytes 164
  6|May 06 2013|06:58:24|302016|192.168.160.21|53|10.10.254.70|62979|Teardown UDP connection 105 for outside:192.168.160.21/53 to inside:10.10.254.70/62979 duration 0:02:07 bytes 164
  6|May 06 2013|06:58:24|302016|192.168.152.21|53|10.10.254.70|53894|Teardown UDP connection 92 for outside:192.168.152.21/53 to inside:10.10.254.70/53894 duration 0:02:08 bytes 123
  6|May 06 2013|06:58:24|302016|192.168.152.21|53|10.10.254.70|53008|Teardown UDP connection 91 for outside:192.168.152.21/53 to inside:10.10.254.70/53008 duration 0:02:08 bytes 123
  6|May 06 2013|06:58:24|302016|192.168.152.21|53|10.10.254.70|62979|Teardown UDP connection 90 for outside:192.168.152.21/53 to inside:10.10.254.70/62979 duration 0:02:08 bytes 123
  6|May 06 2013|06:58:24|302020|10.10.254.70|1|192.168.152.21|0|Built outbound ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
  6|May 06 2013|06:58:24|302016|192.168.160.21|53|10.10.254.70|54579|Teardown UDP connection 100 for outside:192.168.160.21/53 to inside:10.10.254.70/54579 duration 0:02:07 bytes 128
  6|May 06 2013|06:58:24|302016|192.168.152.21|53|10.10.254.70|54579|Teardown UDP connection 86 for outside:192.168.152.21/53 to inside:10.10.254.70/54579 duration 0:02:08 bytes 96
  6|May 06 2013|06:58:22|302021|192.168.152.21|0|10.10.254.70|1|Teardown ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
  6|May 06 2013|06:58:22|302016|192.168.160.21|53|10.10.254.70|50518|Teardown UDP connection 94 for outside:192.168.160.21/53 to inside:10.10.254.70/50518 duration 0:02:05 bytes 80
  6|May 06 2013|06:58:22|302016|192.168.152.21|53|10.10.254.70|50518|Teardown UDP connection 93 for outside:192.168.152.21/53 to inside:10.10.254.70/50518 duration 0:02:05 bytes 80
  6|May 06 2013|06:58:22|302016|192.168.160.21|53|10.10.254.70|61054|Teardown UDP connection 89 for outside:192.168.160.21/53 to inside:10.10.254.70/61054 duration 0:02:06 bytes 74
  6|May 06 2013|06:58:22|302016|192.168.152.21|53|10.10.254.70|61054|Teardown UDP connection 88 for outside:192.168.152.21/53 to inside:10.10.254.70/61054 duration 0:02:06 bytes 74
  6|May 06 2013|06:58:20|302020|10.10.254.70|1|192.168.152.21|0|Built outbound ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
  6|May 06 2013|06:58:19|302016|192.168.160.21|53|10.10.254.70|49862|Teardown UDP connection 124 for outside:192.168.160.21/53 to inside:10.10.254.70/49862 duration 0:02:01 bytes 41
  6|May 06 2013|06:58:19|302016|192.168.160.21|53|10.10.254.70|52028|Teardown UDP connection 123 for outside:192.168.160.21/53 to inside:10.10.254.70/52028 duration 0:02:01 bytes 41
  6|May 06 2013|06:58:19|302016|192.168.152.21|53|10.10.254.70|52028|Teardown UDP connection 122 for outside:192.168.152.21/53 to inside:10.10.254.70/52028 duration 0:02:01 bytes 41
  6|May 06 2013|06:58:19|302016|192.168.152.21|53|10.10.254.70|49862|Teardown UDP connection 121 for outside:192.168.152.21/53 to inside:10.10.254.70/49862 duration 0:02:01 bytes 41
  6|May 06 2013|06:58:19|302016|192.168.160.21|53|10.10.254.70|63772|Teardown UDP connection 120 for outside:192.168.160.21/53 to inside:10.10.254.70/63772 duration 0:02:01 bytes 41
  6|May 06 2013|06:58:19|302016|192.168.152.21|53|10.10.254.70|63772|Teardown UDP connection 119 for outside:192.168.152.21/53 to inside:10.10.254.70/63772 duration 0:02:01 bytes 41
  6|May 06 2013|06:58:19|302016|192.168.160.21|53|10.10.254.70|55207|Teardown UDP connection 117 for outside:192.168.160.21/53 to inside:10.10.254.70/55207 duration 0:02:01 bytes 40
  6|May 06 2013|06:58:19|302016|192.168.152.21|53|10.10.254.70|55207|Teardown UDP connection 116 for outside:192.168.152.21/53 to inside:10.10.254.70/55207 duration 0:02:01 bytes 40
  6|May 06 2013|06:58:19|302016|192.168.160.21|53|10.10.254.70|51370|Teardown UDP connection 115 for outside:192.168.160.21/53 to inside:10.10.254.70/51370 duration 0:02:02 bytes 32
  6|May 06 2013|06:58:19|302016|192.168.152.21|53|10.10.254.70|51370|Teardown UDP connection 114 for outside:192.168.152.21/53 to inside:10.10.254.70/51370 duration 0:02:02 bytes 32
  6|May 06 2013|06:58:18|302016|192.168.160.21|53|10.10.254.70|54447|Teardown UDP connection 113 for outside:192.168.160.21/53 to inside:10.10.254.70/54447 duration 0:02:01 bytes 38
  6|May 06 2013|06:58:18|302016|192.168.152.21|53|10.10.254.70|54447|Teardown UDP connection 112 for outside:192.168.152.21/53 to inside:10.10.254.70/54447 duration 0:02:01 bytes 38
  6|May 06 2013|06:58:18|302016|192.168.160.21|53|10.10.254.70|53196|Teardown UDP connection 111 for outside:192.168.160.21/53 to inside:10.10.254.70/53196 duration 0:02:01 bytes 32
  6|May 06 2013|06:58:18|302016|192.168.152.21|53|10.10.254.70|53196|Teardown UDP connection 110 for outside:192.168.152.21/53 to inside:10.10.254.70/53196 duration 0:02:01 bytes 32
  6|May 06 2013|06:58:18|302016|192.168.160.21|53|10.10.254.70|59127|Teardown UDP connection 109 for outside:192.168.160.21/53 to inside:10.10.254.70/59127 duration 0:02:01 bytes 32
  6|May 06 2013|06:58:18|302016|192.168.152.21|53|10.10.254.70|59127|Teardown UDP connection 108 for outside:192.168.152.21/53 to inside:10.10.254.70/59127 duration 0:02:01 bytes 32
  6|May 06 2013|06:58:18|302016|157.55.130.158|443|10.10.254.70|64582|Teardown UDP connection 102 for outside:157.55.130.158/443 to inside:10.10.254.70/64582 duration 0:02:01 bytes 44
  6|May 06 2013|06:58:18|302016|126.159.50.221|5081|10.10.254.70|64582|Teardown UDP connection 95 for outside:126.159.50.221/5081 to inside:10.10.254.70/64582 duration 0:02:02 bytes 18
  6|May 06 2013|06:58:18|302015|192.168.152.21|53|10.10.254.70|57615|Built outbound UDP connection 277 for outside:192.168.152.21/53 (192.168.152.21/53) to inside:10.10.254.70/57615 (10.10.254.70/57615)
  6|May 06 2013|06:58:18|302021|192.168.152.21|0|10.10.254.70|1|Teardown ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
  6|May 06 2013|06:58:17|302015|192.168.160.21|53|10.10.254.70|57615|Built outbound UDP connection 276 for outside:192.168.160.21/53 (192.168.160.21/53) to inside:10.10.254.70/57615 (10.10.254.70/57615)
  6|May 06 2013|06:58:17|302014|65.183.143.163|10103|10.10.254.70|34448|Teardown TCP connection 203 for outside:65.183.143.163/10103 to inside:10.10.254.70/34448 duration 0:01:02 bytes 353 TCP FINs
  6|May 06 2013|06:58:17|302013|71.207.1.189|1761|10.10.254.70|34468|Built outbound TCP connection 275 for outside:71.207.1.189/1761 (71.207.1.189/1761) to inside:10.10.254.70/34468 (192.168.13.100/55721)
  6|May 06 2013|06:58:17|305011|10.10.254.70|34468|192.168.13.100|55721|Built dynamic TCP translation from inside:10.10.254.70/34468 to outside:192.168.13.100/55721
  6|May 06 2013|06:58:16|302014|184.37.189.185|60952|10.10.254.70|34447|Teardown TCP connection 202 for outside:184.37.189.185/60952 to inside:10.10.254.70/34447 duration 0:01:02 bytes 400 TCP FINs
  6|May 06 2013|06:58:16|302016|112.208.137.190|25040|10.10.254.70|64582|Teardown UDP connection 29 for outside:112.208.137.190/25040 to inside:10.10.254.70/64582 duration 0:02:08 bytes 184
  6|May 06 2013|06:58:16|302013|67.86.118.52|17365|10.10.254.70|34467|Built outbound TCP connection 274 for outside:67.86.118.52/17365 (67.86.118.52/17365) to inside:10.10.254.70/34467 (192.168.13.100/48446)
  6|May 06 2013|06:58:16|305011|10.10.254.70|34467|192.168.13.100|48446|Built dynamic TCP translation from inside:10.10.254.70/34467 to outside:192.168.13.100/48446
  6|May 06 2013|06:58:16|302020|10.10.254.70|1|192.168.152.21|0|Built outbound ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
  6|May 06 2013|06:58:16|302016|37.229.14.159|5806|10.10.254.70|64582|Teardown UDP connection 28 for outside:37.229.14.159/5806 to inside:10.10.254.70/64582 duration 0:02:07 bytes 184
  6|May 06 2013|06:58:15|305012|10.10.254.70|34441|192.168.13.100|33964|Teardown dynamic TCP translation from inside:10.10.254.70/34441 to outside:192.168.13.100/33964 duration 0:01:30
  6|May 06 2013|06:58:15|302015|192.168.152.21|53|10.10.254.70|55062|Built outbound UDP connection 272 for outside:192.168.152.21/53 (192.168.152.21/53) to inside:10.10.254.70/55062 (10.10.254.70/55062)
  6|May 06 2013|06:58:14|302015|192.168.160.21|53|10.10.254.70|55062|Built outbound UDP connection 271 for outside:192.168.160.21/53 (192.168.160.21/53) to inside:10.10.254.70/55062 (10.10.254.70/55062)
  6|May 06 2013|06:58:14|302021|192.168.152.21|0|10.10.254.70|1|Teardown ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
  6|May 06 2013|06:58:12|302015|192.168.152.21|53|10.10.254.70|61073|Built outbound UDP connection 270 for outside:192.168.152.21/53 (192.168.152.21/53) to inside:10.10.254.70/61073 (10.10.254.70/61073)
  6|May 06 2013|06:58:12|302020|10.10.254.70|1|192.168.152.21|0|Built outbound ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
  6|May 06 2013|06:58:11|302015|192.168.160.21|53|10.10.254.70|61073|Built outbound UDP connection 268 for outside:192.168.160.21/53 (192.168.160.21/53) to inside:10.10.254.70/61073 (10.10.254.70/61073)
  6|May 06 2013|06:58:10|302021|192.168.152.21|0|10.10.254.70|1|Teardown ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
  6|May 06 2013|06:58:10|302016|157.55.130.155|443|10.10.254.70|64582|Teardown UDP connection 31 for outside:157.55.130.155/443 to inside:10.10.254.70/64582 duration 0:02:01 bytes 18
  6|May 06 2013|06:58:10|302016|111.221.77.166|443|10.10.254.70|64582|Teardown UDP connection 30 for outside:111.221.77.166/443 to inside:10.10.254.70/64582 duration 0:02:01 bytes 18
  6|May 06 2013|06:58:08|302015|192.168.152.21|53|10.10.254.70|50088|Built outbound UDP connection 267 for outside:192.168.152.21/53 (192.168.152.21/53) to inside:10.10.254.70/50088 (10.10.254.70/50088)
  6|May 06 2013|06:58:08|302020|10.10.254.70|1|192.168.152.21|0|Built outbound ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
  6|May 06 2013|06:58:08|302016|10.10.254.70|68|10.10.254.254|67|Teardown UDP connection 19 for inside:10.10.254.70/68 to identity:10.10.254.254/67 duration 0:02:01 bytes 641
  6|May 06 2013|06:58:08|302016|255.255.255.255|68|10.10.254.254|67|Teardown UDP connection 17 for inside:255.255.255.255/68 to identity:10.10.254.254/67 duration 0:02:01 bytes 249
  6|May 06 2013|06:58:08|302016|0.0.0.0|68|255.255.255.255|67|Teardown UDP connection 16 for inside:0.0.0.0/68 to identity:255.255.255.255/67 duration 0:02:01 bytes 948
  6|May 06 2013|06:58:07|302015|192.168.160.21|53|10.10.254.70|50088|Built outbound UDP connection 265 for outside:192.168.160.21/53 (192.168.160.21/53) to inside:10.10.254.70/50088 (10.10.254.70/50088)
  6|May 06 2013|06:58:06|302015|192.168.152.21|53|10.10.254.70|63993|Built outbound UDP connection 264 for outside:192.168.152.21/53 (192.168.152.21/53) to inside:10.10.254.70/63993 (10.10.254.70/63993)
  6|May 06 2013|06:58:06|302021|192.168.152.21|0|10.10.254.70|1|Teardown ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
  6|May 06 2013|06:58:05|302015|192.168.160.21|53|10.10.254.70|63993|Built outbound UDP connection 263 for outside:192.168.160.21/53 (192.168.160.21/53) to inside:10.10.254.70/63993 (10.10.254.70/63993)
  6|May 06 2013|06:58:04|302016|70.171.138.105|9016|10.10.254.70|64582|Teardown UDP connection 5 for outside:70.171.138.105/9016 to inside:10.10.254.70/64582 duration 0:02:01 bytes 18
  6|May 06 2013|06:58:04|302020|10.10.254.70|1|192.168.152.21|0|Built outbound ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
  6|May 06 2013|06:58:03|302015|192.168.152.21|53|10.10.254.70|53734|Built outbound UDP connection 261 for outside:192.168.152.21/53 (192.168.152.21/53) to inside:10.10.254.70/53734 (10.10.254.70/53734)
  6|May 06 2013|06:58:03|302013|174.91.241.232|53766|10.10.254.70|34458|Built outbound TCP connection 260 for outside:174.91.241.232/53766 (174.91.241.232/53766) to inside:10.10.254.70/34458 (192.168.13.100/26157)
  6|May 06 2013|06:58:03|305011|10.10.254.70|34458|192.168.13.100|26157|Built dynamic TCP translation from inside:10.10.254.70/34458 to outside:192.168.13.100/26157
  6|May 06 2013|06:58:03|302014|10.10.225.18|443|10.10.254.70|34451|Teardown TCP connection 221 for outside:10.10.225.18/443 to inside:10.10.254.70/34451 duration 0:00:30 bytes 0 SYN Timeout
  6|May 06 2013|06:58:02|302015|192.168.160.21|53|10.10.254.70|53734|Built outbound UDP connection 259 for outside:192.168.160.21/53 (192.168.160.21/53) to inside:10.10.254.70/53734 (10.10.254.70/53734)
  6|May 06 2013|06:58:02|302021|192.168.152.21|0|10.10.254.70|1|Teardown ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
  6|May 06 2013|06:58:00|302020|10.10.254.70|1|192.168.152.21|0|Built outbound ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
  6|May 06 2013|06:57:58|302013|184.64.37.48|80|10.10.254.70|34457|Built outbound TCP connection 257 for outside:184.64.37.48/80 (184.64.37.48/80) to inside:10.10.254.70/34457 (192.168.13.100/43659)
  6|May 06 2013|06:57:58|305011|10.10.254.70|34457|192.168.13.100|43659|Built dynamic TCP translation from inside:10.10.254.70/34457 to outside:192.168.13.100/43659
  6|May 06 2013|06:57:58|302013|184.64.37.48|443|10.10.254.70|34456|Built outbound TCP connection 256 for outside:184.64.37.48/443 (184.64.37.48/443) to inside:10.10.254.70/34456 (192.168.13.100/47534)
  6|May 06 2013|06:57:58|305011|10.10.254.70|34456|192.168.13.100|47534|Built dynamic TCP translation from inside:10.10.254.70/34456 to outside:192.168.13.100/47534
  6|May 06 2013|06:57:58|305012|10.10.254.70|34446|192.168.13.100|3562|Teardown dynamic TCP translation from inside:10.10.254.70/34446 to outside:192.168.13.100/3562 duration 0:01:00
  6|May 06 2013|06:57:58|302021|192.168.152.21|0|10.10.254.70|1|Teardown ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
  6|May 06 2013|06:57:58|302015|192.168.152.21|53|10.10.254.70|56866|Built outbound UDP connection 255 for outside:192.168.152.21/53 (192.168.152.21/53) to inside:10.10.254.70/56866 (10.10.254.70/56866)
  6|May 06 2013|06:57:57|302013|184.64.37.48|53578|10.10.254.70|34455|Built outbound TCP connection 254 for outside:184.64.37.48/53578 (184.64.37.48/53578) to inside:10.10.254.70/34455 (192.168.13.100/4536)
  6|May 06 2013|06:57:57|305011|10.10.254.70|34455|192.168.13.100|4536|Built dynamic TCP translation from inside:10.10.254.70/34455 to outside:192.168.13.100/4536
  6|May 06 2013|06:57:57|302014|74.56.154.191|62152|10.10.254.70|34441|Teardown TCP connection 170 for outside:74.56.154.191/62152 to inside:10.10.254.70/34441 duration 0:01:11 bytes 6953 TCP FINs
  6|May 06 2013|06:57:57|302015|192.168.160.21|53|10.10.254.70|56866|Built outbound UDP connection 253 for outside:192.168.160.21/53 (192.168.160.21/53) to inside:10.10.254.70/56866 (10.10.254.70/56866)
  6|May 06 2013|06:57:57|302013|50.72.9.170|12248|10.10.254.70|34454|Built outbound TCP connection 252 for outside:50.72.9.170/12248 (50.72.9.170/12248) to inside:10.10.254.70/34454 (192.168.13.100/39886)
  6|May 06 2013|06:57:57|305011|10.10.254.70|34454|192.168.13.100|39886|Built dynamic TCP translation from inside:10.10.254.70/34454 to outside:192.168.13.100/39886
  6|May 06 2013|06:57:56|302014|96.228.226.64|48962|10.10.254.70|34446|Teardown TCP connection 188 for outside:96.228.226.64/48962 to inside:10.10.254.70/34446 duration 0:00:58 bytes 363 TCP FINs
  6|May 06 2013|06:57:56|302015|192.168.152.21|53|10.10.254.70|59590|Built outbound UDP connection 251 for outside:192.168.152.21/53 (192.168.152.21/53) to inside:10.10.254.70/59590 (10.10.254.70/59590)
  6|May 06 2013|06:57:56|302013|184.64.37.48|53578|10.10.254.70|34453|Built outbound TCP connection 250 for outside:184.64.37.48/53578 (184.64.37.48/53578) to inside:10.10.254.70/34453 (192.168.13.100/34856)
  6|May 06 2013|06:57:56|305011|10.10.254.70|34453|192.168.13.100|34856|Built dynamic TCP translation from inside:10.10.254.70/34453 to outside:192.168.13.100/34856
  6|May 06 2013|06:57:56|302013|24.202.182.58|43715|10.10.254.70|34452|Built outbound TCP connection 249 for outside:24.202.182.58/43715 (24.202.182.58/43715) to inside:10.10.254.70/34452 (192.168.13.100/33908)
  6|May 06 2013|06:57:56|305011|10.10.254.70|34452|192.168.13.100|33908|Built dynamic TCP translation from inside:10.10.254.70/34452 to outside:192.168.13.100/33908
  6|May 06 2013|06:57:56|302020|10.10.254.70|1|192.168.152.21|0|Built outbound ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
  6|May 06 2013|06:57:55|302015|192.168.160.21|53|10.10.254.70|59590|Built outbound UDP connection 247 for outside:192.168.160.21/53 (192.168.160.21/53) to inside:10.10.254.70/59590 (10.10.254.70/59590)
  6|May 06 2013|06:57:55|302015|192.168.152.21|53|10.10.254.70|63756|Built outbound UDP connection 246 for outside:192.168.152.21/53 (192.168.152.21/53) to inside:10.10.254.70/63756 (10.10.254.70/63756)
  6|May 06 2013|06:57:54|302021|192.168.152.21|0|10.10.254.70|1|Teardown ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
  6|May 06 2013|06:57:54|302015|192.168.160.21|53|10.10.254.70|57967|Built outbound UDP connection 245 for outside:192.168.160.21/53 (192.168.160.21/53) to inside:10.10.254.70/57967 (10.10.254.70/57967)
  6|May 06 2013|06:57:54|302014|10.10.225.18|443|10.10.254.70|34450|Teardown TCP connection 209 for outside:10.10.225.18/443 to inside:10.10.254.70/34450 duration 0:00:30 bytes 0 SYN Timeout
  6|May 06 2013|06:57:54|302014|10.10.225.18|443|10.10.254.70|34449|Teardown TCP connection 207 for outside:10.10.225.18/443 to inside:10.10.254.70/34449 duration 0:00:30 bytes 0 SYN Timeout
  6|May 06 2013|06:57:54|302015|192.168.160.21|53|10.10.254.70|63756|Built outbound UDP connection 244 for outside:192.168.160.21/53 (192.168.160.21/53) to inside:10.10.254.70/63756 (10.10.254.70/63756)
  6|May 06 2013|06:57:53|302015|192.168.152.21|53|10.10.254.70|57967|Built outbound UDP connection 243 for outside:192.168.152.21/53 (192.168.152.21/53) to inside:10.10.254.70/57967 (10.10.254.70/57967)
  6|May 06 2013|06:57:52|302020|10.10.254.70|1|192.168.152.21|0|Built outbound ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
  6|May 06 2013|06:57:50|302021|192.168.152.21|0|10.10.254.70|1|Teardown ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
  6|May 06 2013|06:57:49|302015|192.168.160.21|53|10.10.254.70|54304|Built outbound UDP connection 241 for outside:192.168.160.21/53 (192.168.160.21/53) to inside:10.10.254.70/54304 (10.10.254.70/54304)
  6|May 06 2013|06:57:48|302015|192.168.152.21|53|10.10.254.70|54304|Built outbound UDP connection 240 for outside:192.168.152.21/53 (192.168.152.21/53) to inside:10.10.254.70/54304 (10.10.254.70/54304)
  6|May 06 2013|06:57:48|302020|10.10.254.70|1|192.168.152.21|0|Built outbound ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
  6|May 06 2013|06:57:48|302015|192.168.160.21|53|10.10.254.70|65422|Built outbound UDP connection 238 for outside:192.168.160.21/53 (192.168.160.21/53) to inside:10.10.254.70/65422 (10.10.254.70/65422)
  6|May 06 2013|06:57:47|302015|192.168.152.21|53|10.10.254.70|65422|Built outbound UDP connection 237 for outside:192.168.152.21/53 (192.168.152.21/53) to inside:10.10.254.70/65422 (10.10.254.70/65422)
  6|May 06 2013|06:57:46|302021|192.168.152.21|0|10.10.254.70|1|Teardown ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
  6|May 06 2013|06:57:46|302015|192.168.160.21|53|10.10.254.70|50300|Built outbound UDP connection 236 for outside:192.168.160.21/53 (192.168.160.21/53) to inside:10.10.254.70/50300 (10.10.254.70/50300)
  6|May 06 2013|06:57:46|302015|192.168.160.21|53|10.10.254.70|49286|Built outbound UDP connection 235 for outside:192.168.160.21/53 (192.168.160.21/53) to inside:10.10.254.70/49286 (10.10.254.70/49286)
  6|May 06 2013|06:57:45|302015|192.168.152.21|53|10.10.254.70|50300|Built outbound UDP connection 234 for outside:192.168.152.21/53 (192.168.152.21/53) to inside:10.10.254.70/50300 (10.10.254.70/50300)
  6|May 06 2013|06:57:45|302015|192.168.152.21|53|10.10.254.70|49286|Built outbound UDP connection 233 for outside:192.168.152.21/53 (192.168.152.21/53) to inside:10.10.254.70/49286 (10.10.254.70/49286)
  6|May 06 2013|06:57:44|302020|10.10.254.70|1|192.168.152.21|0|Built outbound ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
  6|May 06 2013|06:57:43|305012|10.10.254.70|34440|192.168.13.100|17057|Teardown dynamic TCP translation from inside:10.10.254.70/34440 to outside:192.168.13.100/17057 duration 0:01:00
  6|May 06 2013|06:57:43|302015|192.168.160.21|53|10.10.254.70|57306|Built outbound UDP connection 231 for outside:192.168.160.21/53 (192.168.160.21/53) to inside:10.10.254.70/57306 (10.10.254.70/57306)
  6|May 06 2013|06:57:42|305012|10.10.254.70|34439|192.168.13.100|24448|Teardown dynamic TCP translation from inside:10.10.254.70/34439 to outside:192.168.13.100/24448 duration 0:01:00
  6|May 06 2013|06:57:42|305012|10.10.254.70|34438|192.168.13.100|20628|Teardown dynamic TCP translation from inside:10.10.254.70/34438 to outside:192.168.13.100/20628 duration 0:01:00
  6|May 06 2013|06:57:42|302015|192.168.160.21|53|10.10.254.70|54646|Built outbound UDP connection 230 for outside:192.168.160.21/53 (192.168.160.21/53) to inside:10.10.254.70/54646 (10.10.254.70/54646)
  6|May 06 2013|06:57:42|302015|192.168.152.21|53|10.10.254.70|57306|Built outbound UDP connection 229 for outside:192.168.152.21/53 (192.168.152.21/53) to inside:10.10.254.70/57306 (10.10.254.70/57306)
  6|May 06 2013|06:57:42|302021|192.168.152.21|0|10.10.254.70|1|Teardown ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
  6|May 06 2013|06:57:42|302015|192.168.160.21|53|10.10.254.70|64481|Built outbound UDP connection 228 for outside:192.168.160.21/53 (192.168.160.21/53) to inside:10.10.254.70/64481 (10.10.254.70/64481)
  6|May 06 2013|06:57:41|302015|192.168.152.21|53|10.1

  First, make sure you correct the mask in the crypto ACL, per my other post.
  You should check with the other admin and make sure your crypto ACLs are exact mirrors of each other. It wouldn't be a bad idea to put a sniffer on the WAN side to see if you can detect asymmetrical operation (packets that should be encapsulated, but are not).
  It looks like the pool (192.168.100.0 255.255.255.248) is not part of a policy push from the other crypto endpoint.
  Are they actually using a /24 mask on their side, or is that an assumption on your part?
  Could it be that they are actually using a mask greater than /24 so as to not have an overlap?
  My concern was how a host on the far side with a /24 mask would initiate/respond to a host on your side. The host on their side would ARP your host believing it was directly reachable, due to the mask.
  Perhaps this might be resolved with "ip proxy-arp" configured on the internal interface of their router.
  Is their 192.168.100.0 /? network the connected network on the inside of their router, or buried deeper in their topology?

• Cisco ASA -VPN Ping Question

  Hey guys, I have a Cisco ASA 5505 8.4 I have a Remote Access VPN up and working...for the most part. When I VPN in I would like to be able to access our Mitel phone manager which is just a internal IP you put in the browser. Here is the issue when I am connected I can't ping the address of 10.0.0.250. But I can ping my other servers 10.0.0.2 and 10.0.0.3. Why can I ping some address but not others.
  Thanks
  Nick

  Hi,
  Are you saying that the ASA replaced the previous device that acted as the default gateway for the phone system? And also the IP address was changed and this was not taken into consideration on the phone systems network configurations?
  This would indicate that the problem is with the phone system having the old gateway IP address configured and it doesnt know where to forward the traffic that is coming from a different network (for which it would require the correct default gateway)
  If the internal network that can ping and access the phone system means the hosts that are on the same internal network with the phone system (10.0.0.x) then this is expected as the default gateway is not needed between the hosts in the same network as they communicate directly.
  So would be the problem now simply be with the default gateway IP set on the phone system.
  - Jouni

• VPN client connect to CISCO 887 VPN Server but I can't ping Local LAN

  Hi
  my scenario is as follows
  SERVER1 on lan (192.168.1.4)
  |
  |
  CISCO-887 (192.168.1.254)
  |
  |
  INTERNET
  |
  |
  VPN Cisco client on windows 7 machine
  My connection have public ip address assegned by ISP, after ppp login.
  I've just configured (with Cisco Configuration Professional) the ADSL connection and VPN Server (Easy VPN).
  All the PC on LAN surf internet and remote PC connect to VPN Cisco server via cisco VPN client.
  But all remote PC after connection to Cisco VPN server don't ping SERVER1 in lan and therefore don't see SERVER1 and every other resource in LAN. I can't even ping the gateway 192.168.1.254
  I'm using Cisco VPN client (V5.0.07) with "IPSec over UDP NAT/PAT".
  What is wrong in my attached configuration? (I've alspo tried to bind Virtual-Template1 both to unnambered Dialer0 and to Loopback0 but without luck)
  Perhaps ACL problem?
  Building configuration...
  Current configuration : 4921 bytes
  ! Last configuration change at 14:33:06 UTC Sun Jan 26 2014 by NetasTest
  version 15.2
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname TestLab
  boot-start-marker
  boot-end-marker
  enable secret 4 5ioUNqNjoCPaFZIVNAyYuHFA2e9v8Ivuc7a7UlyQ3Zw
  aaa new-model
  aaa authentication login default local
  aaa authentication login ciscocp_vpn_xauth_ml_1 local
  aaa authentication login ciscocp_vpn_xauth_ml_2 local
  aaa authorization exec default local
  aaa authorization network ciscocp_vpn_group_ml_1 local
  aaa authorization network ciscocp_vpn_group_ml_2 local
  aaa session-id common
  memory-size iomem 10
  crypto pki trustpoint TP-self-signed-3013130599
  enrollment selfsigned
  subject-name cn=IOS-Self-Signed-Certificate-3013130599
  revocation-check none
  rsakeypair TP-self-signed-3013130599
  crypto pki certificate chain TP-self-signed-3013130599
  certificate self-signed 01
  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 33303133 31333035 3939301E 170D3134 30313236 31333333
  35305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 30313331
  33303539 3930819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100A873 940DE7B9 112D7C1E CEF53553 ED09B479 24721449 DBD6F559 1B9702B7
  9087E94B 50CBB29F 6FE9C3EC A244357F 287E932F 4AB30518 08C2EAC1 1DF0C521
  8D0931F7 6E7F7511 7A66FBF1 A355BB2A 26DAD318 5A5A7B0D A261EE22 1FB70FD1
  C20F1073 BF055A86 D621F905 E96BD966 A4E87C95 8222F1EE C3627B9A B5963DCE
  AE7F0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
  551D2304 18301680 14E37481 4AAFF252 197AC35C A6C1E8E1 E9DF5B35 27301D06
  03551D0E 04160414 E374814A AFF25219 7AC35CA6 C1E8E1E9 DF5B3527 300D0609
  2A864886 F70D0101 05050003 81810082 FEE61317 43C08637 F840D6F8 E8FA11D5
  AA5E49D4 BA720ECB 534D1D6B 1A912547 59FED1B1 2B68296C A28F1CD7 FB697048
  B7BF52B8 08827BC6 20B7EA59 E029D785 2E9E11DB 8EAF8FB4 D821C7F5 1AB39B0D
  B599ECC1 F38B733A 5E46FFA8 F0920CD8 DBD0984F 2A05B7A0 478A1FC5 952B0DCC
  CBB28E7A E91A090D 53DAD1A0 3F66A3
  quit
  no ip domain lookup
  ip cef
  no ipv6 cef
  license udi pid CISCO887VA-K9 sn ***********
  username ******* secret 4 5ioUNqNjoCPaFZIVNAyYuHFA2e9v8Ivuc7a7UlyQ3Zw
  username ******* secret 4 Qf/16YMe96arcCpYI46YRa.3.7HcUGTBeJB3ZyRxMtE
  controller VDSL 0
  crypto isakmp policy 1
  encr 3des
  authentication pre-share
  group 2
  crypto isakmp client configuration group EXTERNALS
  key NetasTest
  dns 8.8.4.4
  pool VPN-Pool
  acl 120
  crypto isakmp profile ciscocp-ike-profile-1
  match identity group EXTERNALS
  client authentication list ciscocp_vpn_xauth_ml_2
  isakmp authorization list ciscocp_vpn_group_ml_2
  client configuration address respond
  virtual-template 1
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  mode tunnel
  crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
  mode tunnel
  crypto ipsec profile CiscoCP_Profile1
  set transform-set ESP-3DES-SHA1
  set isakmp-profile ciscocp-ike-profile-1
  interface Ethernet0
  no ip address
  shutdown
  interface ATM0
  no ip address
  no atm ilmi-keepalive
  hold-queue 224 in
  pvc 8/35
  pppoe-client dial-pool-number 1
  interface FastEthernet0
  no ip address
  interface FastEthernet1
  no ip address
  interface FastEthernet2
  no ip address
  interface FastEthernet3
  no ip address
  interface Virtual-Template1 type tunnel
  ip address 192.168.2.1 255.255.255.0
  tunnel mode ipsec ipv4
  tunnel protection ipsec profile CiscoCP_Profile1
  interface Vlan1
  ip address 192.168.1.254 255.255.255.0
  ip nat inside
  ip virtual-reassembly in
  ip tcp adjust-mss 1452
  interface Dialer0
  ip address negotiated
  ip mtu 1452
  ip nat outside
  ip virtual-reassembly in
  encapsulation ppp
  dialer pool 1
  dialer-group 1
  ppp authentication chap pap callin
  ppp chap hostname ****
  ppp chap password 0 *********
  ppp pap sent-username ****** password 0 *******
  no cdp enable
  ip local pool VPN-Pool 192.168.2.210 192.168.2.215
  ip forward-protocol nd
  ip http server
  ip http authentication local
  ip http secure-server
  ip http timeout-policy idle 600 life 86400 requests 10000
  ip nat inside source list 100 interface Dialer0 overload
  ip route 0.0.0.0 0.0.0.0 Dialer0
  access-list 100 remark
  access-list 100 deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
  access-list 100 remark
  access-list 100 permit ip 192.168.1.0 0.0.0.255 any
  access-list 120 remark
  access-list 120 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
  line con 0
  exec-timeout 5 30
  password ******
  no modem enable
  line aux 0
  line vty 0 4
  password ******
  transport input all
  end
  Best Regards,

  I've updated ios to c870-advipservicesk9-mz.124-24.T8.bin  and tried to ping from rv320 to 871 and vice versa. Ping stil not working.
  router#sh crypto session detail 
  Crypto session current status
  Code: C - IKE Configuration mode, D - Dead Peer Detection     
  K - Keepalives, N - NAT-traversal, T - cTCP encapsulation     
  X - IKE Extended Authentication, F - IKE Fragmentation
  Interface: Dialer0
  Uptime: 00:40:37
  Session status: UP-ACTIVE     
  Peer: 93.190.178.205 port 500 fvrf: (none) ivrf: (none)
        Phase1_id: 192.168.1.100
        Desc: (none)
    IKE SA: local 93.190.177.103/500 remote 93.190.178.205/500 Active 
            Capabilities:(none) connid:2001 lifetime:07:19:22
    IPSEC FLOW: permit ip 10.1.1.0/255.255.255.0 10.1.2.0/255.255.255.0 
          Active SAs: 4, origin: dynamic crypto map
          Inbound:  #pkts dec'ed 0 drop 30 life (KB/Sec) 4500544/1162
          Outbound: #pkts enc'ed 5 drop 0 life (KB/Sec) 4500549/1162

• Cisco ASA VPN to Internet NAT

  stevemoores wrote:
  "interface" means just that, the IP address of the interface, so make an object with the x.x.x.100 address and try using that instead of interface.
  That is what I am thinking and trying now.

  Hi Everyone,
      Running 8.4 on Cisco ASA. When a user is connected via VPN a subset of internet traffic is required to go outside via our office internet connection. I have that working fine but it is using the outside interface IP instead of a particular IP I want to use. Below is my NAT statement but I am not sure how to amend so it uses the address I want. I assume I need to replace interface with something that specifies the NAT I want to use?
  Outside interface is x.x.x.99 and is what sites see when VPN traffic is routed out to internet.
  I want the traffic to show as x.x.x.100 
  nat (outside,outside) source dynamic NETWORK_OBJ_VPN_Pool interface
  This topic first appeared in the Spiceworks Community

• Cisco ASA 9.1(1) Cannot Ping Public Server

  Cisco ASA 9.1(1) I have defined a public server.  Ping from outside fails.  Packet Tracer shows the following:

  Thank you for responding, Vibhor:  Here are the pertinent NAT statements in my running configuration:
  object network Grede-Test-Server
  host xx.xx.xx.xx (Public IP Address)
  description Grede Test Server Menocon
  object network Grede-Test-Server-Private
  host 10.1.104.21
  description Grede-Test Server
  nat (Inside-Test,Outside) source static Grede-Test-Server-Private Grede-Test-Server
  Cheers,
  M.

• VPN connects but No Ping; AFP; or SMB

  Folks;
  All Mac's are fully updated Tiger or Tiger Server {running dual NIC's w/ NAT;DNS;DCHP;VPN;AFP;Firewall;Windows;DNS}
  I can connect using the client's IntenetConnet L2TP mechanism and the clock ticks away...
  But once connected I cannot mount shares or ping.
  I have verfied that these shares can be mounted if connected NOT thru the VPN.
  I have read a long thread here from last year and based on that have implemented firewall rules for allowing all traffic (TCP & UPD) (In or Out) for ppp* to 19.168.2.0/24 and for 192.168.2.0/24 to ppp* {4 rules total}
  I have not made any Network Routing Definitions in the VPN settings
  Help Please!
  How do you debug this? Where is the best documentation to read on this?
  I'm going nuts!
  Steve

  Start by enabling logging of denied packets in the firewall settings.
  Then: what IP are you trying to use to get at the server services (you should use the NATed LAN IP)?
  Also the remote client must not be connecting from a network which are using the same IP range as the server LAN.
  And VPN client IPs must be part of the LAN IP range.

• VPN Work but no ping

  I have a vpn tunner working but I can not ping the other side,
  Please help me, check this out
  RouterVPN1#show crypto ipsec sa
  interface: Ethernet0
      Crypto map tag: VPN1-VPN2, local addr 192.168.1.77
     protected vrf: (none)
     local  ident (addr/mask/prot/port): (192.168.200.0/255.255.255.0/0/0)
     remote ident (addr/mask/prot/port): (192.168.201.0/255.255.255.0/0/0)
     current_peer 192.168.1.78 port 500
       PERMIT, flags={origin_is_acl,}
     #pkts encaps: 1075, #pkts encrypt: 1075, #pkts digest: 1075
      #pkts decaps: 1045, #pkts decrypt: 1045, #pkts verify: 1045
  local  ident (addr/mask/prot/port): (192.168.200.0/255.255.255.0/0/0)
     remote ident (addr/mask/prot/port): (192.168.201.0/255.255.255.0/0/0)
     current_peer 192.168.1.78 port 500
       PERMIT, flags={origin_is_acl,}
      #pkts encaps: 1290, #pkts encrypt: 1290, #pkts digest: 1290
      #pkts decaps: 1260, #pkts decrypt: 1260, #pkts verify: 1260
  The tunne is working the packages going thru are the keepalive. but when I ping I get this,
  RouterVPN1#ping 192.168.201.1
  Sending 5, 100-byte ICMP Echos to 192.168.201.1, timeout is 2 seconds:
  Success rate is 0 percent (0/5)
  RouterVPN1#
  Please help

  I have a vpn tunner working but I can not ping the other side,
  Please help me, check this out
  RouterVPN1#show crypto ipsec sa
  interface: Ethernet0
      Crypto map tag: VPN1-VPN2, local addr 192.168.1.77
     protected vrf: (none)
     local  ident (addr/mask/prot/port): (192.168.200.0/255.255.255.0/0/0)
     remote ident (addr/mask/prot/port): (192.168.201.0/255.255.255.0/0/0)
     current_peer 192.168.1.78 port 500
       PERMIT, flags={origin_is_acl,}
     #pkts encaps: 1075, #pkts encrypt: 1075, #pkts digest: 1075
      #pkts decaps: 1045, #pkts decrypt: 1045, #pkts verify: 1045
  local  ident (addr/mask/prot/port): (192.168.200.0/255.255.255.0/0/0)
     remote ident (addr/mask/prot/port): (192.168.201.0/255.255.255.0/0/0)
     current_peer 192.168.1.78 port 500
       PERMIT, flags={origin_is_acl,}
      #pkts encaps: 1290, #pkts encrypt: 1290, #pkts digest: 1290
      #pkts decaps: 1260, #pkts decrypt: 1260, #pkts verify: 1260
  The tunne is working the packages going thru are the keepalive. but when I ping I get this,
  RouterVPN1#ping 192.168.201.1
  Sending 5, 100-byte ICMP Echos to 192.168.201.1, timeout is 2 seconds:
  Success rate is 0 percent (0/5)
  RouterVPN1#
  Please help

• Cisco ASA VPN question: %ASA-4-713903: IKE Receiver: Runt ISAKMP packet

  Dear community,
  quite frequently I am now receiving the following error message in my ASA 5502's log:
  Oct 17 12:52:17 <myASA> %ASA-4-713903: IKE Receiver: Runt ISAKMP packet discarded on Port 4500 from <some_ip>:<some_port>
  Oct 17 12:52:22 <myASA> %ASA-4-713903: IKE Receiver: Runt ISAKMP packet discarded on Port 4500 from <some_ip>:<some_port>
  Oct 17 12:52:27 <myASA> %ASA-4-713903: IKE Receiver: Runt ISAKMP packet discarded on Port 4500 from <some_ip>:<some_port>
  The VPN Clients (in the last case: A linux vpnc) disconnect with message
     vpnc[7736]: connection terminated by dead peer detection
  The ASA reports for that <some_ip> at around the same time:
  Oct 17 12:52:32 <myASA> %ASA-4-113019: Group = blah, Username = johndoe, IP = <some_ip>, Session disconnected. Session Type: IPSecOverNatT, Duration: 2h:40m:35s, Bytes xmt: 2410431, Bytes rcv: 23386708, Reason: User Requested    
  A google search did not reveal any explanation to the "%ASA-4-713903: IKE Receiver: Runt ISAKMP packet..." message -- so my questions would be
     1) What does the message exactly mean -- I know runts as a L2 problem so I d suppose it means the same: The ISAKMP packet is somehow
         crippled (I d suppose this happens during rekeying) ?
     2) Any idea where to look for the cause of this
            WAN related (however I d assume no -- why does this happen in these regular time frames as show above)?
            SW related (vpnc bug)?
  Thanks in advance for any pointer...
  Joachim

  Yes.  You need to eliminate the things I've said to eliminate with the other side.  Ensure your configs are matching exactly.  They probably are, whatever, just make sure of it because it's easy.  You both need to run packet captures on your interfaces both in and out to even begin to have an idea of where to look.
  The more info you can have just one person responsible for the better.  What I mean by that is, it's typically a nice step for the 'bigger end' to have the 'smaller end's' config file to look at.
  If you are seeing packets come in your inside, leave your outside, and never make it to his inside, then take it a step at a time.
  If you're seeing them come in his interface and never come back out, you know where to look.
  Set your caps to a single host to single host if need be, and generate traffic accordingly.
  You need to narrow down where NOT to look so that you know where TO look.  I would say then, and only then, do you get the ISP involved.  Once you're sure the problem exists between his edge device and your edge device.
  I do exactly this for a living on a daily basis...day after day after day.  I'm responsible for over 200 IPSec s2s connections and thousands of SSL VPN sessions.  I always start the exact same way...from the very bottom.

• Cant ping behind cisco router (site2site vpn)

  Dears;
  After configure site to site vpn between cisco router and fortigate firewall,
  site A : 10.0.0.0/24     behind fortigate
  site B: 10.10.10.0/24  behind cisco router
  the tunnel is up and I can ping 10.0.0.1 from site B and can ping 10.10.10.1 from site A but I cant ping any ip inside 10.0.0.0/24 form site B or network 10.10.10.0/24 from site A
  my cisco router configuration is
  Current configuration : 2947 bytes
  ! No configuration change since last restart
  version 15.1
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  boot-start-marker
  boot-end-marker
  enable secret 4 EE103as6FtdocdBefpgugX6P9eGaDKDyBvwz7AywH5Q
  no aaa new-model
  memory-size iomem 10
  clock timezone cairo 2 0
  crypto pki token default removal timeout 0
  ip source-route
  ip dhcp excluded-address 192.168.16.1
  ip dhcp excluded-address 10.10.10.1 10.10.10.10
  ip dhcp pool GUEST
   network 192.168.16.0 255.255.255.0
   default-router 192.168.16.1
   dns-server 8.8.8.8 8.8.4.4
  ip dhcp pool LAN
   network 10.10.10.0 255.255.255.0
   default-router 10.10.10.1
   dns-server 8.8.8.8 8.8.4.4
  ip cef
  controller VDSL 0
  ip ssh version 2
  crypto isakmp policy 10
   encr aes
   hash sha256
   authentication pre-share
   group 5
  crypto isakmp key 6 *********** address 4.x.x.x no-xauth
  crypto ipsec transform-set myset esp-aes esp-sha256-hmac
  crypto map kon-map 10 ipsec-isakmp
   set peer 4.x.x.x
   set transform-set myset
   set pfs group5
   match address 105
  interface Ethernet0
   no ip address
   no fair-queue
  interface ATM0
   no ip address
   ip mtu 1452
   ip tcp adjust-mss 1452
   no atm ilmi-keepalive
  interface ATM0.1 point-to-point
   ip flow ingress
   pvc 0/35
    encapsulation aal5snap
    pppoe-client dial-pool-number 1
  interface FastEthernet0
   switchport mode trunk
   no ip address
  interface FastEthernet1
   no ip address
  interface FastEthernet2
   switchport access vlan 2
   no ip address
  interface FastEthernet3
   no ip address
  interface Vlan1
   ip address 10.10.10.1 255.255.255.0
   ip nat inside
   ip virtual-reassembly in
  interface Vlan2
   ip address 192.168.16.1 255.255.255.0
   ip nat inside
   ip virtual-reassembly in
  interface Dialer1
   ip address negotiated
   ip mtu 1492
   ip nat outside
   ip virtual-reassembly in
   encapsulation ppp
   ip tcp adjust-mss 1452
   dialer pool 1
   ppp authentication chap pap callin
   ppp chap hostname
   ppp chap password 0
   ppp pap sent-username
   crypto map kon-map
  ip forward-protocol nd
  no ip http server
  no ip http secure-server
  ip nat inside source list 100 interface Dialer1 overload
  ip route 0.0.0.0 0.0.0.0 Dialer1
  access-list 100 deny   ip 10.10.10.0 0.0.0.255 10.0.0.0 0.0.0.255
  access-list 100 permit ip 10.10.10.0 0.0.0.255 any
  access-list 100 permit ip 192.168.16.0 0.0.0.255 any
  access-list 105 permit ip 10.10.10.0 0.0.0.255 10.0.0.0 0.0.0.255
  banner motd ^C^C
  end
  when ping from cisco router
  konsuler#ping 10.0.0.27 source vlan1
  Type escape sequence to abort.
  Sending 5, 100-byte ICMP Echos to 10.0.0.27, timeout is 2 seconds:
  Packet sent with a source address of 10.10.10.1
  Success rate is 0 percent (0/5)
  help please

  Thank you karsten
  I can ping interface of router from remote site but cant ping any device behind the router and can ping firewall interface but cant ping any device behind the firewall
  -counters in
  # sh crypto ipsec sa
  increased only while ping 10.0.0.1 or 10.10.10.1 from both sides
  r#show crypto session detail
  Crypto session current status
  Code: C - IKE Configuration mode, D - Dead Peer Detection     
  K - Keepalives, N - NAT-traversal, T - cTCP encapsulation     
  X - IKE Extended Authentication, F - IKE Fragmentation
  Interface: Dialer1
  Uptime: 00:03:12
  Session status: UP-ACTIVE     
  Peer: 4.x.x.x port 500 fvrf: (none) ivrf: (none)
        Phase1_id: 4.x.x.x
        Desc: (none)
    IKEv1 SA: local 6.x.x.x/500 remote 4.x.x.x/500 Active
            Capabilities:(none) connid:2001 lifetime:22:39:59
    IPSEC FLOW: permit ip 10.10.10.0/255.255.255.0 10.0.0.0/255.255.255.0
          Active SAs: 2, origin: crypto map
          Inbound:  #pkts dec'ed 9 drop 0 life (KB/Sec) 4605776/3407
          Outbound: #pkts enc'ed 14 drop 0 life (KB/Sec) 4605775/3407

• Problème ping cisco asa distant

  Bonjour tous le monde,
  Je rencontre actuellement avec mes routeurs cisco ASA un petit soucis de ping.
  Je possède un routeur ASA 5510 avec un réseau LAN 172.30.175.0 255.255.255.0 et un routeur ASA5505 avec le réseau 172.30.177.0 255.255.255.192. Les deux routeurs sont distants et reliés via un VPN site to site.
  Depuis les hôtes du réseau 172.30.175.0, j'arrive à pinger les hôtes distants du réseau 172.30.177.0 et vice versa.
  Depuis le routeur du réseau 172.30.175.0 j'arrive à pinger le routeur du réseau 172.30.177.0, mais pas l'inverse.
  Je n'arrive pas également avec un hôte du réseau 172.30.175.0 à pinger le routeur du réseau 172.30.177.0 et vice versa.
  Je souhaite via un hôte du réseau 175.30.175.0 pouvoir pinger le routeur du réseau 172.30.177.0 afin de pouvoir superviser ce routeur distant.
  Avez-vous une idée d'où pourrait provenir le problème ?

  Hi,
  Are you saying that the ASA replaced the previous device that acted as the default gateway for the phone system? And also the IP address was changed and this was not taken into consideration on the phone systems network configurations?
  This would indicate that the problem is with the phone system having the old gateway IP address configured and it doesnt know where to forward the traffic that is coming from a different network (for which it would require the correct default gateway)
  If the internal network that can ping and access the phone system means the hosts that are on the same internal network with the phone system (10.0.0.x) then this is expected as the default gateway is not needed between the hosts in the same network as they communicate directly.
  So would be the problem now simply be with the default gateway IP set on the phone system.
  - Jouni

• Cant Ping UC320W from 881 but can ping 881 from UC320w

  Hi,
  Wondering if soembody could help me here. I have a uc320 and router directly connected and I can ping the router from the 320 but cant ping the other way. As a result I only have SIP traffic working outbound but cant get and calls inbound. Im missing something here but cant figure out what
  Any ideas ?
  Thanks a million
  J-P

  Hi,
  Thanks for the response. The UC320 has the WAN Interface is statically assigned 192.160.160.2/30 and the gateway is
  192.160.160.1 there is no CLI on the 320 so cant provide any config. I can ping the 881 from the 320 no problem but it wont work the other way. Evrything looks like it up and running from show commands etc.
  The config of the 881 is below  have changed the wan address's etc for obviuos reasons -
  version 12.4
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname _Router
  boot-start-marker
  boot-end-marker
  logging message-counter syslog
  no aaa new-model
  dot11 syslog
  ip source-route
  ip cef
  ip name-server 83.147.160.2
  ip name-server 83.147.160.130
  no ipv6 cef
  multilink bundle-name authenticated
  archive
  log config
    hidekeys
  class-map match-any VOIP
  match protocol rtp audio
  class-map match-any WEB_TRAFFIC
  match protocol http
  match protocol ftp
  match protocol secure-http
  match protocol secure-ftp
  class-map match-any VIDEO
  match protocol rtp video
  policy-map QOS_POLICY
  class VOIP
      priority percent 15
    set dscp ef
  class WEB_TRAFFIC
      bandwidth percent 30
       random-detect
    set dscp af32
  class VIDEO
      bandwidth percent 20
    set dscp cs4
  class class-default
      bandwidth percent 30
       random-detect
    set dscp default
  interface FastEthernet0
  switchport trunk native vlan 100
  switchport mode trunk
  interface FastEthernet1
  interface FastEthernet2
  interface FastEthernet3
  switchport mode trunk
  interface FastEthernet4
  bandwidth 5000
  no ip address
  speed 100
  full-duplex
  service-policy output QOS_POLICY
  interface FastEthernet4.201
  description Voice_VLAN
  encapsulation dot1Q 201
  ip address 172.18.24.x 255.255.255.252
  ip nat outside
  ip virtual-reassembly
  interface FastEthernet4.202
  description DATA_VLAN
  encapsulation dot1Q 202
  ip address 92.51.19.x 255.255.255.252
  ip nat outside
  ip virtual-reassembly
  interface Vlan1
  ip address 192.168.160.1 255.255.255.0
  ip nat inside
  ip virtual-reassembly
  interface Vlan100
  ip address 192.160.160.1 255.255.255.0
  ip nat inside
  ip virtual-reassembly
  ip forward-protocol nd
  ip route 0.0.0.0 0.0.0.0 92.51.19.X
  ip route 172.18.24.x 255.255.255.255 172.18.24.x
  no ip http server
  no ip http secure-server
  ip nat sip-sbc
  ip nat inside source static udp 192.160.160.2 5060 interface FastEthernet4.201 5060
  ip nat inside source list 1 interface FastEthernet4.201 overload
  ip nat inside source list 2 interface FastEthernet4.202 overload
  access-list 1 permit 192.160.160.0 0.0.0.255
  access-list 2 permit 192.168.1.0 0.0.0.255
  banner login 
  Thanks again
  J-P

• Yet Another ASA VPN Licensing Question :)

  I have a pretty good understanding of ASA VPN concepts, but not sure about this scenario.  Two questions regarding 5525 VPN SSL Anyconnect Premium Licensing.
  1.  Assuming we already own a ASA 5525-x with 750 Anyconnect Essentials and Mobile ( p/n ASA5525VPN-EM750K9 ) and want the ability for 200 Clientless (Anyconnect Premium) VPN connections, including mobile devices, what part number do I need?  
  2.  Assuming we do not yet own a ASA5525, but want the same 200 clientless VPN connections plus mobile device connectivity, what part number do I need?   I'm assuming this is correct  >>  ASA5525VPN-PM250K9
  Thanks!

  It's no problem - I sometimes look for an answer to a question myself and find my own 2 year old post explaining the answer. As long as I don't find my 2 week old answer, I'm OK with that. :)
  Anyhow, no there's not a SKU to upgrade Essentials to Premium. All the Premium upgrade SKUs are between Premium licensed user tiers (10-25, 25-50, 50-100 etc.).
  If you're a persuasive customer and make a strong case with your reseller they may be able to get a deal with Cisco outside the normal channels to get some relief as a customer satisfaction issue. That's very much a case by case thing though and not the normal fulfillment method.

• Cisco ASA 5505 peculiarities

  I am just starting out using a Cisco ASA 5505 device, but have to say that I have encountered some peculiarities with the software.
  To start, when I try to connect to the device from my Microsoft Windows XP service pack 3 machine via the Cisco ASDM Launcher that it tries to connect and then fails with the typical error message saying to check the configuration or connection.
  After playing around with the settings on the GUI I discovered that clearing the internal log buffer would then enable the Launcher to connect to the device without a hitch.  Apparently garbage in the internal log buffer is interfering with connecting?
  Next I found that not only me, but other users were having problems using the ASA5505 with a static IP modem.  Initially I thought it was just me, but then did the Google search to discover that about a dozen other people had the same identical problem.  I didn't feel so bad then.  After some reading of other tips and information, after exhausting the Cisco documents dry, I did find one person who said to set the NAT table.
  That almost fixed the problem.  Things started working after I opened up the outside interface net mask.  (and strangely enough kept working after I narrowed back down from 255.255.255.240 to 255.255.255.248)
  Things were cruising along, until I saw a computer on the other side of my company's gateway try to connect to one in the LAN.  This forced me to create an access rule (or so I thought) and immediately all the local computers lost connectivity with the DNSs and thus with the internet.
  Strangely enough, while looking at the log file, I did see that the packets were being dropped due to an access list violation, but which access list??  I didn't create any, so I thought, and chasing down the access lists led to nothing.
  Slowly I realized that the Cisco firmware was creating its own internal access control lists, from the rules that I created in the Security rules section of the GUI.  How about letting the poor administrator see those access lists?  I would like to feel that I really can administer the machine, not be a hapless victim of some "user friendly" software.
  So I had to play around with the rules for awhile, until I was able to successfully allow access to the local group, but block any connection attempts from the sister LAN (thanks Microsoft for your windows browser protocols and file sharing which causes the computers to connect to every other MS OS computer in the world)
  Another nit pick that I had is when I saw the security rules that let the inside interface have access to every other low security interface.  Clicking upon that interface never showed just exactly how this is done.  Did someone forget to put some of the CLI software into the ASDM GUI software?  I strongly suspect that CLI was how all this originally started, but its feature rich command set just didn't quite make it into the GUI software?  Anyone listening?
  I do appreciate that Cisco did allow CLI from the GUI.
  The start up guide that came with the ASA was only 50% usable, due to the fact that I had to work into a static IP, not DHCP.  I would like to see Cisco add a section in Chapter 5 to address this type of configuration for their first time people.
  Finally, I would like to see that irritating internal log buffer flush problem fixed so my ASDM launcher will always connect the first time.
  Thanks for bearing with me, I would give the software overall a 80% rating.  More discussion needs to be shown about how the device is really working with the default settings, and I would like to some more administration control of those "automatic" access control lists.
  Randall

  I am just starting out using a Cisco ASA 5505 device, but have to say that I have encountered some peculiarities with the software.
  To start, when I try to connect to the device from my Microsoft Windows XP service pack 3 machine via the Cisco ASDM Launcher that it tries to connect and then fails with the typical error message saying to check the configuration or connection.
  After playing around with the settings on the GUI I discovered that clearing the internal log buffer would then enable the Launcher to connect to the device without a hitch.  Apparently garbage in the internal log buffer is interfering with connecting?
  Next I found that not only me, but other users were having problems using the ASA5505 with a static IP modem.  Initially I thought it was just me, but then did the Google search to discover that about a dozen other people had the same identical problem.  I didn't feel so bad then.  After some reading of other tips and information, after exhausting the Cisco documents dry, I did find one person who said to set the NAT table.
  That almost fixed the problem.  Things started working after I opened up the outside interface net mask.  (and strangely enough kept working after I narrowed back down from 255.255.255.240 to 255.255.255.248)
  Things were cruising along, until I saw a computer on the other side of my company's gateway try to connect to one in the LAN.  This forced me to create an access rule (or so I thought) and immediately all the local computers lost connectivity with the DNSs and thus with the internet.
  Strangely enough, while looking at the log file, I did see that the packets were being dropped due to an access list violation, but which access list??  I didn't create any, so I thought, and chasing down the access lists led to nothing.
  Slowly I realized that the Cisco firmware was creating its own internal access control lists, from the rules that I created in the Security rules section of the GUI.  How about letting the poor administrator see those access lists?  I would like to feel that I really can administer the machine, not be a hapless victim of some "user friendly" software.
  So I had to play around with the rules for awhile, until I was able to successfully allow access to the local group, but block any connection attempts from the sister LAN (thanks Microsoft for your windows browser protocols and file sharing which causes the computers to connect to every other MS OS computer in the world)
  Another nit pick that I had is when I saw the security rules that let the inside interface have access to every other low security interface.  Clicking upon that interface never showed just exactly how this is done.  Did someone forget to put some of the CLI software into the ASDM GUI software?  I strongly suspect that CLI was how all this originally started, but its feature rich command set just didn't quite make it into the GUI software?  Anyone listening?
  I do appreciate that Cisco did allow CLI from the GUI.
  The start up guide that came with the ASA was only 50% usable, due to the fact that I had to work into a static IP, not DHCP.  I would like to see Cisco add a section in Chapter 5 to address this type of configuration for their first time people.
  Finally, I would like to see that irritating internal log buffer flush problem fixed so my ASDM launcher will always connect the first time.
  Thanks for bearing with me, I would give the software overall a 80% rating.  More discussion needs to be shown about how the device is really working with the default settings, and I would like to some more administration control of those "automatic" access control lists.
  Randall

• Cisco ASA 5545-X Running Bash shell service???

  Hi,
  May I check whether if currently Cisco ASA 5545-X is having/using Bash shell service?
  If yes, how can I disable the service?
  Thks and Rgds

  Please reference this link
  http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash
  As per Cisco, ASA not effected, but as a precaution, eliminate if not limit ssh/htpps connections to authorized hosts until browser patches have been distributed.