CSCum96401 - Cisco ASA IKEv2 Denial of Service Vulnerability

Hi Everyone,
ASA is configured with ikev2 and below is config
5520# show running-config crypto ikev2 | include enable
crypto ikev2 enable outside client-services port 443
5520# show running-config crypto map | include interface
crypto map outside_map interface outside
I checked below weblink
CSCum96401 - Cisco ASA IKEv2 Denial of Service Vulnerability
Not Affected
Not Affected
Not Affected
8.4(7.15)
Not Affected
8.6(1.14)
Not Affected
9.0(4.8)
9.1(5.1)
Not Affected
Not Affected
https://tools.cisco.com/bugsearch/bug/CSCum96401
ASA which i am running has version Cisco Adaptive Security Appliance Software Version 8.4(7)
sh flash shows
asa847-k8.bin
Need to confirm if my ASA is not effected by this bug?
Regards
MAhesh

Hi Mahesh,
Your ASA code (asa847-k8.bin) is affected by this Bug, recommended release is 8.4(7.23) and later.
this bug is first fixed in 8.4(7.15).
Thanks,
Prashant Joshi

Similar Messages

CSCui88426 - Cisco IOS Software IKEv2 Denial of Service Vulnerability

Hi! I would appreciate if anyone can confirm for below.
For the routers using IPSEC tunnels with ISAKMP enabled (without any IKEv2 config), can the attacker exploit this vulnerability by sending malformed IKEv2 packets?
Both initiator and responder must have IKEv2 config to be able to trigger this vulnerability? We have many routers using IPSEC tunnels with IKEv1 and not sure whether this vulnerability is affected or not.
Thanks & Regards,

A device does not need to be configured with any IKEv2-specific features to be vulnerable?

Cisco works LMS 4.0 ,Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability

Cisco works LMS 4.0 ,Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
This vulnerability has been fixed in release apache 2.2.20 and further corrected
in 2.2.21. You are advised to upgrade to version 2.2.21 (or newer) or the
legacy 2.0.65 release,
Can any one give the steps to upgrade the apache http server 2.2.10 to 2.2.21 in windows 2008 server?

For the following PSIRT:
http://www.cisco.com/en/US/products/csa/cisco-sa-20110830-apache.html
Download the following patch "lms40-win-Oct2011-su1-0.zip" :
http://www.cisco.com/cisco/software/release.html?mdfid=283434800&flowid=19062&softwareid=280775103&os=Windows&release=4.0&relind=AVAILABLE&rellifecycle=&reltype=latest
The instructions should be in the zip file how to install the patch.
This should cover all theses bugs that you can query in the bug tool kit:
http://tools.cisco.com/Support/BugToolKit/action.do?hdnAction=searchBugs
CSCte45565
CSCto12712
CSCto23584
CSCto23622
CSCto35544
CSCto35577
CSCtq48990

DNS Inspection Denial of Service Vulnerability check

Hi Everyone,
I am checking this cisco link ---http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-asa for
DNS Inspection Denial of Service Vulnerability
Cisco ASA Software is affected by this vulnerability if the DNS Application Layer Protocol Inspection (ALPI) engine is configured to inspect DNS packets over TCP.
To verify if the DNS ALPI engine is inspecting DNS packets over TCP, use the
show running-config access-list <acl_name>
command where
acl_name
is the name of the access-list used in the
class-map
to which the DNS inspection is applied.
This can be found by using the
show running-config class-map
and
show running-config policy-map
commands.
The following example shows Cisco ASA Software with the DNS ALPI engine configured to inspect DNS packets over TCP.
ciscoasa# show running-config access-list
access-list DNS_INSPECT_ACL extended permit tcp any any
ORciscoasa# show running-config access-list
access-list DNS_INSPECT_ACL extended permit ip any any
ciscoasa# show running-config class-map
class-map DNS_INSPECT_CP
match access-list DNS_INSPECT
ciscoasa# show running-config policy-map
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect ftp
inspect h323 h225
class DNS_INSPECT_CP
inspect dns preset_dns_map
Note: Cisco ASA Software will not inspect DNS packets over TCP by default.
show running-config policy-map
DNS Inspection Denial of Service Vulnerability
Cisco ASA Software is affected by this vulnerability if the DNS Application Layer Protocol Inspection (ALPI) engine is configured to inspect DNS packets over TCP.
To verify if the DNS ALPI engine is inspecting DNS packets over TCP, use the show running-config access-list <acl_name>
command where acl_name
is the name of the access-list used in the class-map
to which the DNS inspection is applied.
This can be found by using the show running-config class-map
and show running-config policy-map
commands.
The following example shows Cisco ASA Software with the DNS ALPI engine configured to inspect DNS packets over TCP.
ciscoasa# show running-config access-list
access-list DNS_INSPECT_ACL extended permit tcp any any
ORciscoasa# show running-config access-list
access-list DNS_INSPECT_ACL extended permit ip any any
ciscoasa# show running-config class-map
class-map DNS_INSPECT_CP
match access-list DNS_INSPECT
ciscoasa# show running-config policy-map
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect ftp
inspect h323 h225
class DNS_INSPECT_CP
inspect dns preset_dns_map
Note: Cisco ASA Software will not inspect DNS packets over TCP by default.
I check my asa and ran the command
show running-config policy-map
policy-map global_policy
class inspection_default
inspect rsh
inspect rtsp
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect dns
inspect http
inspect ftp
policy-map type inspect dns migrated_dns_map_1
parameters
message-length maximum 512
policy-map map
class inspection_default
Does this confirm that this asa is vulnerabile?
Regards
Mahesh

Hi,
The post says this
Cisco ASA Software is affected by this vulnerability if the DNS Application Layer Protocol Inspection (ALPI) engine is configured to inspect DNS packets over TCP.
So it says that if the ASA is configured to inspect DNS over TCP then its vulnerable.
It also says
Note:Cisco ASA Software will not inspect DNS packets over TCP by default.
And it seems you have not made any special configurations related to DNS inspection therefore your ASA should not be inspecting DNS that is using TCP therefore it should not be vulnerable. Atleast that is how it seems to me.
- Jouni

Java Hash Collision Denial Of Service Vulnerability

There is Java Hash Collision Denial Of Service Vulnerability according to these sources:
http://tomcat.10.n6.nabble.com/SECURITY-Apache-Tomcat-and-the-hashtable-collision-DoS-vulnerability-td2405294.html
http://www.nruns.com/_downloads/advisory28122011.pdf
http://www.securityfocus.com/bid/51236
It mentions that Oracle is not going to release the fix for Java. Does anyone knows if Oracle has any plan to release the fix or intend to ever fix it or not?
Thanks,
kymeng
Edited by: user6992787 on Feb 10, 2012 12:08 PM

I don't really see this as an Oracle problem - more a Tomcat problem. Any collection algorithm will have limitations and in this case the Tomcat team use the Java hashtable to make use of the O(1) performance when the hashes of the keys are effectively random and have accepted the possible worst case O(n^2) performance. Either they should have used a TreeMap with O(nlogn) performance OR they should create their own implementation of Map that that does not permit the DOS attack.
I have never done any performance comparisons between HashMap and TreeMap but for many years now I pretty much always use a TreeMap since I rarely find performance a significant problem (of course I don't write high throughput applications such as Tomcat). I don't really see how Oracle should be involved in this problem; maybe the Tomcat team should be doing performance comparisons and/or research into algorithms that do not allow this DOS.

Denial of Service Vulnerability

Jdeveloper 11.1.1.4
We had an security audit on our ADF application and one of the vulnerabilities found was a XML recursive Entity Expansion vulnerability from the login button. AKA Billion laughs DoS attack.
The parser used is
weblogic.xml.jaxp.RegistryDocumentBuilder
Weblogic jvm is configured with these paramters
org.xml.sax.driver=weblogic.xml.jaxp.RegistryXMLReader
org.xml.sax.parser=weblogic.xml.jaxp.RegistryParser
Is there a weblogic configuration parameter that can be set to limit entity expansion?
weblogic.xml.jaxp.RegistryDocumentBuilder parse method is called from DefaultMarshalingService
Which expands this DOCTYPE entity to 300,000 characters
<!DOCTYPE foo [<!ENTITY lol "lol"><!ENTITY lol1 "&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;"><!ENTITY lol2 "&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;"><!ENTITY lol3 "&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;"><!ENTITY lol4 "&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;"><!ENTITY lol5 "&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;">]><m xmlns="http://oracle.com/richClient/comm"><k v="type"><s>&lol5;</s></k></m>
Details of the vulnerabiltiy
1 Unrestricted XML
Entity Expansion
CVSS: 7.1
Risk: High
The XML parser used by the application to process input fields allows user-supplied
document type declarations (DTDs). Consequently, an attacker can abuse this feature
to cause a denial service condition on the web server through the use of XML entity
expansion attacks.
An example modified request with the exploit inserted in red.
=&org.apache.myfaces.trinidad.faces.FORM=loginForm&javax.faces.ViewState=!4
i0dvg2x&oracle.adf.view.rich.DELTAS={d1%3a%3amsgDlg%3d{titleIcon
Source%3dhttps%3a//11.254.250.200/app/afr/error.png,title%3dEr
ror}}&event=loginBtn&event.loginBtn=<!DOCTYPE+foo+[<!ENTITY+lol+
"lol"><!ENTITY+lol1+"%26lol%3b%26lol%3b%26lol%3b%26lol%3b%26lol%
3b%26lol%3b%26lol%3b%26lol%3b%26lol%3b%26lol%3b"><!ENTITY+lol2+"
%26lol1%3b%26lol1%3b%26lol1%3b%26lol1%3b%26lol1%3b%26lol1%3b%26l
ol1%3b%26lol1%3b%26lol1%3b%26lol1%3b"><!ENTITY+lol3+"%26lol2%3b%
26lol2%3b%26lol2%3b%26lol2%3b%26lol2%3b%26lol2%3b%26lol2%3b%26lo
l2%3b%26lol2%3b%26lol2%3b"><!ENTITY+lol4+"%26lol3%3b%26lol3%3b%2
6lol3%3b%26lol3%3b%26lol3%3b%26lol3%3b%26lol3%3b%26lol3%3b%26lol
3%3b%26lol3%3b"><!ENTITY+lol5+"%26lol4%3b%26lol4%3b%26lol4%3b%26
lol4%3b%26lol4%3b%26lol4%3b%26lol4%3b%26lol4%3b%26lol4%3b%26lol4
%3b">]><m+xmlns%3d"http%3a//oracle.com/richClient/comm"><k+v%3d"
type"><s>%26lol5%3b</s></k></m>
The following screenshot demonstrates that the above login request takes
approximately 20 times longer to process than a normal login request. With
additional entity expansions, an attacker could bring down the web server
completely.
Best Practice
Configure the XML parser to not process DTDs in the <!DOCTYPE> declaration. In addition, URI
resolution should be disabled to prevent against external entity attacks and denial of service
conditions caused by hanged requests.
This issue appears to be a vulnerability in Oracle’s Application Development Framework (ADF). If
that is the case, consider using a web application firewall to block malicious requests until Oracle
issues a patch.

Don, I'm not sure that there is a parameter to do this. However you can do it in java like outlinded here https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing or https://gist.github.com/Prandium/dee14ea650ff7900f2c0
One other way is to implement a servelet filter which scans all parameters and rejects all xxe typ parameters.
Timo

DNS Inspection Denial of Service Vulnerability

Advisory ID: cisco-sa-20131009-asa
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-asa
I have a Pix running version 8.0.4 with the following configuration:
inside interface:      192.168.231.254/255.255.255.0
outside interface:     10.100.2.254/255.255.255.0
no nat-control
access-list test permit ip any any log
access-group test in interface outside
access-group test in interface inside
I have a window 2008R2 residing on the Internal interface of the firewall. The domain controller resides on the outside interface of the firewall.
I went ahead and implement the change recommended by Cisco
access-list DNS_INSPECT extended permit udp any any
class-map DNS_INSPECT_CP
   match access-list DNS_INSPECT
policy-map global_policy
   class DNS_INSPECT_CP
     inspect dns preset_dns_map
However, after implement the workaround, my windows 2008R2 machine on the inside network can NOT join with AD on the outside network.
on the log of the firewall I see this:
Oct 31 14:34:09 192.168.231.254 %PIX-4-410001: Dropped UDP DNS request from inside:192.168.231.180/61780 to outside:10.100.2.128/389; label length 132 bytes exceeds protocol limit of 63 bytes
Oct 31 14:34:17 192.168.231.254 %PIX-4-410001: Dropped UDP DNS request from inside:192.168.231.180/61780 to outside:10.100.2.128/389; label length 132 bytes exceeds protocol limit of 63 bytes
I even change the DNS maximum length to 8192 but it still does not work.
I remove the recommendation from the configuration, everything works fine after that.
Anyone knows why?
Thanks in advance

Julio Carvajal wrote:U do not have this command right available at the CLI rightmessage-length maximum client auto
     I do
CiscoPix# sh run policy-map
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 1024
message-length maximum client auto
policy-map global_policy
class inspection_default
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect sqlnet
inspect dns preset_dns_map
class class_sunrpc_tcp
inspect sunrpc
class DNS_INSPECT_CP
inspect dns preset_dns_map
CiscoPix#
Julio Carvajal wrote: Then clear-local host try one more time and provide the logs.Note:access-list test permit ip any any logaccess-group test in interface outsideaccess-group test in interface insideThat ACL means u have no firewall in place
I am very aware of this. At this point, it does not matter, it just want the firewall to function like a routing device.
It still does NOT work. Here is the log:
Oct 31 17:57:25 192.168.231.254 %PIX-6-106100: access-list test permitted udp inside/192.168.231.180(61982) -> outside/10.100.2.128(53) hit-cnt 1 first hit [0x63a9cac7, 0x0]
Oct 31 17:57:25 192.168.231.254 %PIX-6-106100: access-list test permitted udp inside/192.168.231.180(61983) -> outside/10.100.2.128(389) hit-cnt 1 first hit [0x63a9cac7, 0x0]
Oct 31 17:57:25 192.168.231.254 %PIX-4-410001: Dropped UDP DNS request from inside:192.168.231.180/61983 to outside:10.100.2.128/389; label length 132 bytes exceeds protocol limit of 63 bytes
Oct 31 17:57:32 192.168.231.254 %PIX-4-410001: Dropped UDP DNS request from inside:192.168.231.180/61983 to outside:10.100.2.128/389; label length 132 bytes exceeds protocol limit of 63 bytes
Oct 31 17:57:33 192.168.231.254 %PIX-6-106100: access-list test permitted udp inside/192.168.231.180(50955) -> outside/10.100.2.128(53) hit-cnt 1 first hit [0x63a9cac7, 0x0]

Cisco Security Advisory: Denial-of-Service of TCP-based Services in CatOS

Hi,
Anybody who is aware or is affected of this flaw? My problem is that, we have a couple of 6500s with CatOS here. I don't know how to evaluate if our box is affected or not. Catalyst 6000 running a CatOS versions are listed as affected. Anybody can help me?
Thank you.
jon
http://www.cisco.com/warp/public/707/cisco-sa-20030709-swtcp.shtml

Hi,
I have this CatOS version:
WS-C6509 Software, Version NmpSW: 6.3(3)
and Hardware version:
Hardware Version: 2.0 Model: WS-C6509
What i can't be sure of is, is 6500 the same family series as 6000 as what is listed on the advisory?
Thanks for your quick reply.
jon

Xerver Multiple Request Denial of Service Vulnerability

I developed my appln on JDev10.1.2 with Java and JSP and deployed it onto embeded OC4J. It was released on production and it is avilable to people working within our company network. We want it to be avilable for the public, so we wanted to open the firewall. But, our web admin told that the PCI scan found a vulenrability on the OC4J server. The webserver we use is Xerver. Please let me know if we can find any patch for this server to resolve the issue. Please help me as I need to resolve this ASAP.
Thanks.

Viani,
I, of course, was being tongue-in-cheek... anyway, are you looking for a patch to OC4J or for Xerver? I've not run into anyone on this forum using Xerver. If you're looking for OC4J information, you may have better luck on the OC4J forum: OC4J
Regards,
John

CSCum76937 - CUCM Distributed denial-of-service vulnerability on NTP server

I'd request that the built-in iptables on the CUCM, which we users can't adjust at all, could be autoadjusted by the CUCM itself to remove this DDOS vector, namely by restricting NTP to/from the CUCM only to these hosts:
the NTP server(s) it talks with, as configured in 'System>Phone NTP Reference'
the device(s) subscribed to it, who get their time from it.
why can that not be done?

thanks, Wes--that response helps to frame the sometime-conflicting tensions between preserving performance and providing security.
I've been thinking about that, and the really excellent Cymru 'secure NTP template' (see
http://www.team-cymru.org/ReadingRoom/Templates/secure-ntp-template.html)
, trying to think about what could be done to offer better protection from the NTP attacks with less dynamicness, thinking that it's still important to offer something--all of my CUCMs that are outside firewalls have been attacked and participated in NTP-amplification attacks--and offer these suggestions as to things that the iptables might be leveraged to protect the CUCM, and at least as importantly everyone else FROM the CUCM, in a more static way:
* turn off control queries TO the CM--these are the vector into the CM that results in the amplification DDOS
* permit NTP into the CM only from the configured NTP servers the CM is using--yes, that's slightly 'dynamic', but will only occur infrequently and can be discretely done--scale is very small.
* the remaining really-dynamic part would be "only serve ntp to configured clients", and I can (reluctantly) understand why you push back on that. but if the first two points could be provided for, particularly the control-query filter which is the vector for at least the present threat, that's a huge improvement now.
the Cyrmu template under Unix NTP endsystems has some useful suggestions that could be adapted for CUCM iptables:
(quote from Cyrmu):
You can use your standard host firewall filtering capabilities to limit who the NTP process talks to. If you're using Linux and the host is acting as an NTP client only, the following iptables rules could be adapted to shield your NTP listener from unwanted remote hosts.
-A INPUT -s 0/0 -d 0/0 -p udp --source-port 123:123 -m state --state ESTABLISHED -j ACCEPT
-A OUTPUT -s 0/0 -d 0/0 -p udp --destination-port 123:123 -m state --state NEW,ESTABLISHED -j
(end quote)

Cisco asa vulnerability

We might be affected by "Cisco ASA UDP Inspection Engine Denial of Service Vulnerability - CSCtq10441" per
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120314-asa#software
So we want to move to a release in 8.2 code series which has the fix for the above vulnerability. Per above list, fix should be in 8.2(5.5) code, however, I am not able to see this or any later code on cisco website. I see "Release 8.2.5.ED" on cisco site. Is 8.2(5.5) not available for download now, or is 8.2.5.ED is the one which has the fix? I don't see CSCtq10441 mentioned anywhere in the release notes for 8.2.5.ED
http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.html
We dont want to move to 8.3 onwards as there are lots of bugs in it.
Thanks,
Kashish

Hi Kanish,
Please use the latest 8.2.5 available on the website, it should be the most stable release.
Thanks.
Portu.
Please rate any helpful posts.

Is there any way to harden Dovecot against POP/IMAP denial of service attacks?

It doesn’t happen very often, but every so often a script kiddie on the Internet hits Dovecot's POP ports on our mail server hard enough to bring mail service to a crawl such that legit users can’t log in to retrieve their mail. I would say that with our 2.66GHz Intel Core 2 Duo Mac Mini Server, when we receive sustained POP login attacks that exceed ten logins per second, then eventually Dovecot gets swamped with so many requests that legit users are excluded. [Our server runs runs OS X Server 10.6.8-10K549, by the way, and Dovecot 1.1.2apple0.5 is installed as determined by running “dovecotd --version”. We keep the mail sever up to date with all available Apple software updates on a weekly basis, so we have the latest and greatest security updates.]
Here’s the problem: I’ve been studying the Dovecot 1.x Wiki at http://wiki1.dovecot.org/ and finding a number of parameters that *sort* of address this denial-of-service vulnerability, but none that appear to harden Dovecot in a similar fashion as ssh or sftp are hardened. By this, I mean that when ssh or sftp detect multiple login attempts originating from the same address above some threshold, then future login attempts are ignored for a solid fifteen minutes no matter what the login name was in the attempts. I’d like something similar for Dovecot.
I am aware of the “mail_max_userip_connections” setting which can be set independently for POP and IMAP service (see http://wiki1.dovecot.org/MainConfig?highlight=%28mail_max_userip_connections%29). This almost does what I want in that it indeed restricts the number of logins for a particular user coming from a single IP address. The problem is that the script kiddies typically scatter their attacks over hundreds of different login names and they may only attempt three or four logins per user name. What I really want is a parameter which starts to ignore logins no matter what the user name if too many come from a single IP address at the same time. Against this, I also need to balance my mail server restrictions to allow perhaps five or ten of my users with laptops to be behind a remote firewall, so all of their legit logins may hit my server perhaps three to ten at a time which could potentially look like an attack if my tuning parameter is set too low. What I’d really like to find is a tuning parameter that excludes concerted attacks without excluding my legitimate users. I also don’t want to invest in extremely expensive (>$10,000) “smart” firewalls that adaptively look for this type of attack, such as are offered by Netgear and other networking equipment manufacturers.
By examining /etc/dovecot/dovecot.conf on my mail server, it seems that Apple’s defaults are to set IMAP mail_max_userip_connections to 20, and for POP to leave the mail_max_userip_connections parameter commented out. Would there be any downside to enabling POP's mail_max_userip_connections to 20 as well? Offhand I can’t see how this would affect my users. Unfortunately, I also think that if I set the POP mail_max_userip_connections to 20 this won’t have any effect on the attackers since they typically won’t try 20 different passwords for the same login name in a given attack. I’ll post a segment of a log showing an actual attack that occurred today from the San Bernadino School District that I’ve since blocked in my network’s firewall, but it will illustrate the type of hard-core denial-of-service attack that I’m referring to. The login attempts were coming in fast, around forty-per-second, and my mail service went down in a matter of minutes as a result. [Yes: I will report this user… I haven’t gotten around to it yet with other issues.]
Any thoughts?

Here’s a ten second snippet from my mail server's log, showing how intense the login frequency was from the attacker, and also how (s)he was "scattering" the login names used which I suspect would be quite hard to filter out using POP's mail_max_userip_connections parameter. The attack lasted from 1:43:39 through a server restart at 1:50:18, and even about a minute later. The attack stopped at 1:51:36 before I was able to add a firewalling rule to my router or to exclude logins from the 163.150/16 subnet from my router [FYI — that's the San Bernadino Country School District, according to http://whois.arin.net/rest/net/NET-163-150-0-0-1/pft ].
Any thoughts on how to block this type of POP attack in Dovecot?
[FYI — I changed my actual server name to 'myserver' and the actual admin name to 'Administrator'.]
Jan 13 13:43:39 myserver dovecot[72]: auth(default): od(root,163.150.246.27): user account: root not enabled for mail
Jan 13 13:43:39 myserver dovecot[72]: auth(default): od[getpwnam_ext](admin,163.150.246.27): No record for user
Jan 13 13:43:39 myserver dovecot[72]: auth(default): od(admin,163.150.246.27): lookup failed for user: admin
Jan 13 13:43:39 myserver dovecot[72]: auth(default): od(webmaster,163.150.246.27): Credentials could not be verified username or password is invalid.
Jan 13 13:43:39 myserver dovecot[72]: auth(default): od[getpwnam_ext](user,163.150.246.27): No record for user
Jan 13 13:43:39 myserver dovecot[72]: auth(default): od(user,163.150.246.27): lookup failed for user: user
Jan 13 13:43:39 myserver dovecot[72]: auth(default): od[getpwnam_ext](test,163.150.246.27): No record for user
Jan 13 13:43:39 myserver dovecot[72]: auth(default): od(test,163.150.246.27): lookup failed for user: test
Jan 13 13:43:40 myserver dovecot[72]: auth(default): od[getpwnam_ext](web,163.150.246.27): No record for user
Jan 13 13:43:40 myserver dovecot[72]: auth(default): od(web,163.150.246.27): lookup failed for user: web
Jan 13 13:43:40 myserver dovecot[72]: auth(default): od(www,163.150.246.27): user account: _www not enabled for mail
Jan 13 13:43:40 myserver dovecot[72]: auth(default): od(administrator,163.150.246.27): user account: Administrator not enabled for mail
Jan 13 13:43:40 myserver dovecot[72]: auth(default): od[getpwnam_ext](oracle,163.150.246.27): No record for user
Jan 13 13:43:40 myserver dovecot[72]: auth(default): od(oracle,163.150.246.27): lookup failed for user: oracle
Jan 13 13:43:40 myserver dovecot[72]: auth(default): od(root,163.150.246.27): user account: root not enabled for mail
Jan 13 13:43:40 myserver dovecot[72]: auth(default): od[getpwnam_ext](admin,163.150.246.27): No record for user
Jan 13 13:43:40 myserver dovecot[72]: auth(default): od(admin,163.150.246.27): lookup failed for user: admin
Jan 13 13:43:40 myserver dovecot[72]: auth(default): od[getpwnam_ext](sybase,163.150.246.27): No record for user
Jan 13 13:43:40 myserver dovecot[72]: auth(default): od(sybase,163.150.246.27): lookup failed for user: sybase
Jan 13 13:43:40 myserver dovecot[72]: auth(default): od[getpwnam_ext](informix,163.150.246.27): No record for user
Jan 13 13:43:40 myserver dovecot[72]: auth(default): od(informix,163.150.246.27): lookup failed for user: informix
Jan 13 13:43:40 myserver dovecot[72]: auth(default): od(root,163.150.246.27): user account: root not enabled for mail
Jan 13 13:43:40 myserver dovecot[72]: auth(default): od(webmaster,163.150.246.27): Credentials could not be verified username or password is invalid.
Jan 13 13:43:40 myserver dovecot[72]: auth(default): od[getpwnam_ext](oracle8,163.150.246.27): No record for user
Jan 13 13:43:40 myserver dovecot[72]: auth(default): od(oracle8,163.150.246.27): lookup failed for user: oracle8
Jan 13 13:43:40 myserver dovecot[72]: auth(default): od(backup,163.150.246.27): user account: backup not enabled for mail
Jan 13 13:43:40 myserver dovecot[72]: auth(default): od(root,163.150.246.27): user account: root not enabled for mail
Jan 13 13:43:40 myserver dovecot[72]: auth(default): od(webmaster,163.150.246.27): Credentials could not be verified username or password is invalid.
Jan 13 13:43:40 myserver dovecot[72]: auth(default): od[getpwnam_ext](lizdy,163.150.246.27): No record for user
Jan 13 13:43:40 myserver dovecot[72]: auth(default): od(lizdy,163.150.246.27): lookup failed for user: lizdy
Jan 13 13:43:40 myserver dovecot[72]: auth(default): od[getpwnam_ext](test,163.150.246.27): No record for user
Jan 13 13:43:40 myserver dovecot[72]: auth(default): od(test,163.150.246.27): lookup failed for user: test
Jan 13 13:43:40 myserver dovecot[72]: auth(default): od[getpwnam_ext](user,163.150.246.27): No record for user
Jan 13 13:43:40 myserver dovecot[72]: auth(default): od(user,163.150.246.27): lookup failed for user: user
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od[getpwnam_ext](web,163.150.246.27): No record for user
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(web,163.150.246.27): lookup failed for user: web
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od[getpwnam_ext](admin,163.150.246.27): No record for user
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(admin,163.150.246.27): lookup failed for user: admin
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(www,163.150.246.27): user account: _www not enabled for mail
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od[getpwnam_ext](server,163.150.246.27): No record for user
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(server,163.150.246.27): lookup failed for user: server
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od[getpwnam_ext](test,163.150.246.27): No record for user
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(test,163.150.246.27): lookup failed for user: test
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od[getpwnam_ext](data,163.150.246.27): No record for user
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(data,163.150.246.27): lookup failed for user: data
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(administrator,163.150.246.27): user account: Administrator not enabled for mail
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od[getpwnam_ext](web,163.150.246.27): No record for user
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(web,163.150.246.27): lookup failed for user: web
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(webmaster,163.150.246.27): Credentials could not be verified username or password is invalid.
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od[getpwnam_ext](user,163.150.246.27): No record for user
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(user,163.150.246.27): lookup failed for user: user
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od[getpwnam_ext](account,163.150.246.27): No record for user
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(account,163.150.246.27): lookup failed for user: account
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(www,163.150.246.27): user account: _www not enabled for mail
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od[getpwnam_ext](oracle,163.150.246.27): No record for user
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(oracle,163.150.246.27): lookup failed for user: oracle
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od[getpwnam_ext](sybase,163.150.246.27): No record for user
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(sybase,163.150.246.27): lookup failed for user: sybase
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od[getpwnam_ext](test,163.150.246.27): No record for user
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(test,163.150.246.27): lookup failed for user: test
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od[getpwnam_ext](access,163.150.246.27): No record for user
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(access,163.150.246.27): lookup failed for user: access
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(administrator,163.150.246.27): user account: Administrator not enabled for mail
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od[getpwnam_ext](web,163.150.246.27): No record for user
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(web,163.150.246.27): lookup failed for user: web
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od[getpwnam_ext](pwrchute,163.150.246.27): No record for user
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(pwrchute,163.150.246.27): lookup failed for user: pwrchute
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od[getpwnam_ext](oracle,163.150.246.27): No record for user
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(oracle,163.150.246.27): lookup failed for user: oracle
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od[getpwnam_ext](informix,163.150.246.27): No record for user
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(informix,163.150.246.27): lookup failed for user: informix
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(www,163.150.246.27): user account: _www not enabled for mail
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od[getpwnam_ext](sybase,163.150.246.27): No record for user
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(sybase,163.150.246.27): lookup failed for user: sybase
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od[getpwnam_ext](oracle8,163.150.246.27): No record for user
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(oracle8,163.150.246.27): lookup failed for user: oracle8
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(administrator,163.150.246.27): user account: Administrator not enabled for mail
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od[getpwnam_ext](informix,163.150.246.27): No record for user
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(informix,163.150.246.27): lookup failed for user: informix
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od[getpwnam_ext](test,163.150.246.27): No record for user
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(test,163.150.246.27): lookup failed for user: test
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od[getpwnam_ext](admin,163.150.246.27): No record for user
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(admin,163.150.246.27): lookup failed for user: admin
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(backup,163.150.246.27): user account: backup not enabled for mail
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od[getpwnam_ext](user,163.150.246.27): No record for user
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(user,163.150.246.27): lookup failed for user: user
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(webmaster,163.150.246.27): Credentials could not be verified username or password is invalid.
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(root,163.150.246.27): user account: root not enabled for mail
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od[getpwnam_ext](oracle,163.150.246.27): No record for user
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(oracle,163.150.246.27): lookup failed for user: oracle
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od[getpwnam_ext](lizdy,163.150.246.27): No record for user
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(lizdy,163.150.246.27): lookup failed for user: lizdy
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od[getpwnam_ext](oracle8,163.150.246.27): No record for user
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(oracle8,163.150.246.27): lookup failed for user: oracle8
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od[getpwnam_ext](sybase,163.150.246.27): No record for user
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(sybase,163.150.246.27): lookup failed for user: sybase
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(backup,163.150.246.27): user account: backup not enabled for mail
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od[getpwnam_ext](server,163.150.246.27): No record for user
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(server,163.150.246.27): lookup failed for user: server
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od[getpwnam_ext](user,163.150.246.27): No record for user
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(user,163.150.246.27): lookup failed for user: user
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(root,163.150.246.27): user account: root not enabled for mail
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od[getpwnam_ext](admin,163.150.246.27): No record for user
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(admin,163.150.246.27): lookup failed for user: admin
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od[getpwnam_ext](informix,163.150.246.27): No record for user
Jan 13 13:43:41 myserver dovecot[72]: auth(default): od(informix,163.150.246.27): lookup failed for user: informix
Jan 13 13:43:42 myserver dovecot[72]: auth(default): od[getpwnam_ext](lizdy,163.150.246.27): No record for user
Jan 13 13:43:42 myserver dovecot[72]: auth(default): od(lizdy,163.150.246.27): lookup failed for user: lizdy
Jan 13 13:43:42 myserver dovecot[72]: auth(default): od[getpwnam_ext](admin,163.150.246.27): No record for user
Jan 13 13:43:42 myserver dovecot[72]: auth(default): od(admin,163.150.246.27): lookup failed for user: admin
Jan 13 13:43:42 myserver dovecot[72]: auth(default): od[getpwnam_ext](data,163.150.246.27): No record for user
Jan 13 13:43:42 myserver dovecot[72]: auth(default): od(data,163.150.246.27): lookup failed for user: data
Jan 13 13:43:42 myserver dovecot[72]: auth(default): od[getpwnam_ext](oracle8,163.150.246.27): No record for user
Jan 13 13:43:42 myserver dovecot[72]: auth(default): od(oracle8,163.150.246.27): lookup failed for user: oracle8
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od(webmaster,163.150.246.27): Credentials could not be verified username or password is invalid.
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od(backup,163.150.246.27): user account: backup not enabled for mail
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od[getpwnam_ext](user,163.150.246.27): No record for user
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od(user,163.150.246.27): lookup failed for user: user
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od[getpwnam_ext](access,163.150.246.27): No record for user
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od(access,163.150.246.27): lookup failed for user: access
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od[getpwnam_ext](pwrchute,163.150.246.27): No record for user
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od(pwrchute,163.150.246.27): lookup failed for user: pwrchute
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od[getpwnam_ext](server,163.150.246.27): No record for user
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od(server,163.150.246.27): lookup failed for user: server
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od[getpwnam_ext](server,163.150.246.27): No record for user
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od(server,163.150.246.27): lookup failed for user: server
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od[getpwnam_ext](data,163.150.246.27): No record for user
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od(data,163.150.246.27): lookup failed for user: data
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od[getpwnam_ext](lizdy,163.150.246.27): No record for user
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od(lizdy,163.150.246.27): lookup failed for user: lizdy
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od(root,163.150.246.27): user account: root not enabled for mail
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od[getpwnam_ext](account,163.150.246.27): No record for user
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od(account,163.150.246.27): lookup failed for user: account
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od[getpwnam_ext](test,163.150.246.27): No record for user
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od(test,163.150.246.27): lookup failed for user: test
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od[getpwnam_ext](web,163.150.246.27): No record for user
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od(web,163.150.246.27): lookup failed for user: web
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od[getpwnam_ext](access,163.150.246.27): No record for user
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od(access,163.150.246.27): lookup failed for user: access
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od[getpwnam_ext](admin,163.150.246.27): No record for user
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od(admin,163.150.246.27): lookup failed for user: admin
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od[getpwnam_ext](account,163.150.246.27): No record for user
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od(account,163.150.246.27): lookup failed for user: account
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od[getpwnam_ext](data,163.150.246.27): No record for user
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od(data,163.150.246.27): lookup failed for user: data
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od(www,163.150.246.27): user account: _www not enabled for mail
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od[getpwnam_ext](admin,163.150.246.27): No record for user
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od(admin,163.150.246.27): lookup failed for user: admin
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od(administrator,163.150.246.27): user account: Administrator not enabled for mail
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od(www,163.150.246.27): user account: _www not enabled for mail
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od[getpwnam_ext](oracle8,163.150.246.27): No record for user
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od(oracle8,163.150.246.27): lookup failed for user: oracle8
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od[getpwnam_ext](oracle,163.150.246.27): No record for user
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od(oracle,163.150.246.27): lookup failed for user: oracle
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od(administrator,163.150.246.27): user account: Administrator not enabled for mail
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od[getpwnam_ext](oracle8,163.150.246.27): No record for user
Jan 13 13:43:44 myserver dovecot[72]: auth(default): od(oracle8,163.150.246.27): lookup failed for user: oracle8
Jan 13 13:43:46 myserver dovecot[72]: auth(default): od(webmaster,163.150.246.27): Credentials could not be verified username or password is invalid.
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od[getpwnam_ext](oracle,163.150.246.27): No record for user
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od(oracle,163.150.246.27): lookup failed for user: oracle
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od[getpwnam_ext](data,163.150.246.27): No record for user
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od(data,163.150.246.27): lookup failed for user: data
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od[getpwnam_ext](lizdy,163.150.246.27): No record for user
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od(lizdy,163.150.246.27): lookup failed for user: lizdy
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od[getpwnam_ext](admin,163.150.246.27): No record for user
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od(admin,163.150.246.27): lookup failed for user: admin
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od(backup,163.150.246.27): user account: backup not enabled for mail
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od[getpwnam_ext](user,163.150.246.27): No record for user
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od(user,163.150.246.27): lookup failed for user: user
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od[getpwnam_ext](admin,163.150.246.27): No record for user
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od(admin,163.150.246.27): lookup failed for user: admin
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od[getpwnam_ext](test,163.150.246.27): No record for user
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od(test,163.150.246.27): lookup failed for user: test
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od[getpwnam_ext](web,163.150.246.27): No record for user
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od(web,163.150.246.27): lookup failed for user: web
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od[getpwnam_ext](account,163.150.246.27): No record for user
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od(account,163.150.246.27): lookup failed for user: account
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od(www,163.150.246.27): user account: _www not enabled for mail
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od[getpwnam_ext](admin,163.150.246.27): No record for user
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od(admin,163.150.246.27): lookup failed for user: admin
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od(backup,163.150.246.27): user account: backup not enabled for mail
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od[getpwnam_ext](oracle8,163.150.246.27): No record for user
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od(oracle8,163.150.246.27): lookup failed for user: oracle8
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od[getpwnam_ext](web,163.150.246.27): No record for user
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od(web,163.150.246.27): lookup failed for user: web
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od[getpwnam_ext](web,163.150.246.27): No record for user
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od(web,163.150.246.27): lookup failed for user: web
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od[getpwnam_ext](informix,163.150.246.27): No record for user
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od(informix,163.150.246.27): lookup failed for user: informix
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od[getpwnam_ext](oracle,163.150.246.27): No record for user
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od(oracle,163.150.246.27): lookup failed for user: oracle
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od[getpwnam_ext](test,163.150.246.27): No record for user
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od(test,163.150.246.27): lookup failed for user: test
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od[getpwnam_ext](lizdy,163.150.246.27): No record for user
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od(lizdy,163.150.246.27): lookup failed for user: lizdy
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od(backup,163.150.246.27): user account: backup not enabled for mail
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od(www,163.150.246.27): user account: _www not enabled for mail
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od[getpwnam_ext](sybase,163.150.246.27): No record for user
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od(sybase,163.150.246.27): lookup failed for user: sybase
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od(administrator,163.150.246.27): user account: Administrator not enabled for mail
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od(root,163.150.246.27): user account: root not enabled for mail
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od[getpwnam_ext](sybase,163.150.246.27): No record for user
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od(sybase,163.150.246.27): lookup failed for user: sybase
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od[getpwnam_ext](informix,163.150.246.27): No record for user
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od(informix,163.150.246.27): lookup failed for user: informix
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od[getpwnam_ext](sybase,163.150.246.27): No record for user
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od(sybase,163.150.246.27): lookup failed for user: sybase
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od[getpwnam_ext](server,163.150.246.27): No record for user
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od(server,163.150.246.27): lookup failed for user: server
Jan 13 13:43:48 myserver dovecot[72]: auth(default): od(www,163.150.246.27): user account: _www not enabled for mail

Cisco ASA 5545-X Running Bash shell service???

Hi,
May I check whether if currently Cisco ASA 5545-X is having/using Bash shell service?
If yes, how can I disable the service?
Thks and Rgds

Please reference this link
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash
As per Cisco, ASA not effected, but as a precaution, eliminate if not limit ssh/htpps connections to authorized hosts until browser patches have been distributed.

Is it recommend to have a vulnerability scan for Cisco ASA device.

Dear everyone.
I have a doubt on vulnerability scan for Cisco ASA device. Currently we have a vulnerability for network devices include firewall. But after run the vulnerability scan for cisco ASA, found nothing show in the scan report.
Is it recommend to have a vulnerability scan for Cisco ASA and will it be defeat the purpose of firewall?

Do I understand are you asking can you configure the ASA to allow an external user run a scan against the internal network?
If so, the answer is generally no. The ASA will, by default, not allow any inbound connections (or attempted connections) that are not explicitly allowed in an inbound access-list (applied to the outside interface). In most cases there would also need to be network address translation (NAT) rules configured.
If you had a remote access VPN, you could allow the external scanner to log in via that, Then they would then have the necessary access to scan the internal systems (assuming the VPN granted access to all the internal networks)

Cisco ASA 5505 Site to Site VPN

Hello All,
First time posting to the forums. I've been working with Cisco ASA 5505 for a number of months and recently I purchased a 2nd ASA with the goal of setting up Site to Site VPN tunnel. It look so simple from the number of videos that I have watched on the internet. But when I have done it suprise suprise it didn't work for me ... I have deleted the tunnels a number of times and attempted to recreate them. I am using the VPN wizard in the ADM to create the tunnel. Both the asa are 5505 and have the same same firmware etc.
I would appreciate any help that can be directed towards this issue please. Slowly losing my mind
Please see details below:
Both ADM are 7.1
IOS
ASA 1
aved
ASA Version 9.0(1)
hostname PAYBACK
enable password HSMurh79NVmatjY0 encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd 2KFQnbNIdI.2KYOU encrypted
names
ip local pool VPN1 192.168.50.1-192.168.50.254 mask 255.255.255.0
interface Ethernet0/0
switchport access vlan 2
speed 100
duplex full
interface Ethernet0/1
description Trunk link to SW1
switchport trunk allowed vlan 1,10,20,30,40
switchport trunk native vlan 1
switchport mode trunk
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
no nameif
no security-level
no ip address
interface Vlan2
nameif outside
security-level 0
ip address 92.51.193.158 255.255.255.252
interface Vlan10
nameif inside
security-level 100
ip address 192.168.10.1 255.255.255.0
interface Vlan20
nameif servers
security-level 100
ip address 192.168.20.1 255.255.255.0
interface Vlan30
nameif printers
security-level 100
ip address 192.168.30.1 255.255.255.0
interface Vlan40
nameif wireless
security-level 100
ip address 192.168.40.1 255.255.255.0
banner login line Welcome to Payback Loyalty Systems
boot system disk0:/asa901-k8.bin
ftp mode passive
clock summer-time GMT/IDT recurring last Sun Mar 1:00 last Sun Oct 2:00
dns domain-lookup outside
dns domain-lookup inside
dns domain-lookup servers
dns domain-lookup printers
dns domain-lookup wireless
dns server-group DefaultDNS
name-server 83.147.160.2
name-server 83.147.160.130
same-security-traffic permit inter-interface
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network ftp_server
object network Internal_Report_Server
host 192.168.20.21
description Automated Report Server Internal Address
object network Report_Server
host 89.234.126.9
description Automated Report Server
object service RDP
service tcp destination eq 3389
description RDP to Server
object network Host_QA_Server
host 89.234.126.10
description QA Host External Address
object network Internal_Host_QA
host 192.168.20.22
description Host of VM machine for QA
object network Internal_QA_Web_Server
host 192.168.20.23
description Web Server in QA environment
object network Web_Server_QA_VM
host 89.234.126.11
description Web server in QA environment
object service SQL_Server
service tcp destination eq 1433
object network Demo_Server
host 89.234.126.12
description Server set up to Demo Product
object network Internal_Demo_Server
host 192.168.20.24
description Internal IP Address of Demo Server
object network NETWORK_OBJ_192.168.20.0_24
subnet 192.168.20.0 255.255.255.0
object network NETWORK_OBJ_192.168.50.0_26
subnet 192.168.50.0 255.255.255.192
object network NETWORK_OBJ_192.168.0.0_16
subnet 192.168.0.0 255.255.0.0
object service MSSQL
service tcp destination eq 1434
description MSSQL port
object network VPN-network
subnet 192.168.50.0 255.255.255.0
object network NETWORK_OBJ_192.168.50.0_24
subnet 192.168.50.0 255.255.255.0
object service TS
service tcp destination eq 4400
object service TS_Return
service tcp source eq 4400
object network External_QA_3
host 89.234.126.13
object network Internal_QA_3
host 192.168.20.25
object network Dev_WebServer
host 192.168.20.27
object network External_Dev_Web
host 89.234.126.14
object network CIX_Subnet
subnet 192.168.100.0 255.255.255.0
object network NETWORK_OBJ_192.168.10.0_24
subnet 192.168.10.0 255.255.255.0
object network NETWORK_OBJ_84.39.233.50
host 84.39.233.50
object network NETWORK_OBJ_92.51.193.158
host 92.51.193.158
object network NETWORK_OBJ_192.168.100.0_24
subnet 192.168.100.0 255.255.255.0
object network NETWORK_OBJ_192.168.1.0_24
subnet 192.168.1.0 255.255.255.0
object-group service DM_INLINE_SERVICE_1
service-object tcp destination eq ftp
service-object tcp destination eq netbios-ssn
service-object tcp destination eq smtp
service-object object TS
object-group network Payback_Internal
network-object 192.168.10.0 255.255.255.0
network-object 192.168.20.0 255.255.255.0
network-object 192.168.40.0 255.255.255.0
object-group service DM_INLINE_SERVICE_3
service-object tcp destination eq www
service-object tcp destination eq https
service-object object TS
service-object object TS_Return
object-group service DM_INLINE_SERVICE_4
service-object object RDP
service-object tcp destination eq www
service-object tcp destination eq https
object-group service DM_INLINE_SERVICE_5
service-object object MSSQL
service-object object RDP
service-object object TS
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
object-group service DM_INLINE_SERVICE_6
service-object object TS
service-object object TS_Return
service-object tcp destination eq www
service-object tcp destination eq https
access-list outside_access_in remark This rule is allowing from internet to interal server.
access-list outside_access_in remark Allowed:
access-list outside_access_in remark FTP
access-list outside_access_in remark RDP
access-list outside_access_in remark SMTP
access-list outside_access_in remark Net Bios
access-list outside_access_in remark SQL
access-list outside_access_in remark TS - 4400
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_1 any4 object Internal_Report_Server
access-list outside_access_in remark Access rule to internal host QA
access-list outside_access_in remark Allowed:
access-list outside_access_in remark HTTP
access-list outside_access_in remark RDP
access-list outside_access_in extended permit tcp any4 object Internal_Host_QA eq www
access-list outside_access_in remark Access to INternal Web Server:
access-list outside_access_in remark Allowed:
access-list outside_access_in remark HTTP
access-list outside_access_in remark RDP
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_3 any4 object Internal_QA_Web_Server
access-list outside_access_in remark Rule for allowing access to Demo server
access-list outside_access_in remark Allowed:
access-list outside_access_in remark RDP
access-list outside_access_in remark MSSQL
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_4 any4 object Internal_Demo_Server
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_5 any object Internal_QA_3
access-list outside_access_in remark Access for Development WebServer
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_6 any object Dev_WebServer
access-list AnyConnect_Client_Local_Print extended deny ip any4 any4
access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq lpd
access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol
access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 631
access-list AnyConnect_Client_Local_Print remark Windows' printing port
access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 9100
access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol
access-list AnyConnect_Client_Local_Print extended permit udp any4 host 224.0.0.251 eq 5353
access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name Resolution protocol
access-list AnyConnect_Client_Local_Print extended permit udp any4 host 224.0.0.252 eq 5355
access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol
access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 137
access-list AnyConnect_Client_Local_Print extended permit udp any4 any4 eq netbios-ns
access-list Payback_VPN_splitTunnelAcl standard permit 192.168.20.0 255.255.255.0
access-list outside_cryptomap extended permit ip 192.168.10.0 255.255.255.0 192.168.100.0 255.255.255.0
pager lines 24
logging enable
logging console informational
logging asdm informational
logging from-address
[email protected]
logging recipient-address
[email protected]
level alerts
mtu outside 1500
mtu inside 1500
mtu servers 1500
mtu printers 1500
mtu wireless 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-711-52.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (inside,outside) source dynamic any interface
nat (wireless,outside) source dynamic any interface
nat (servers,outside) source dynamic any interface
nat (servers,outside) source static Internal_Report_Server Report_Server
nat (servers,outside) source static Internal_Host_QA Host_QA_Server
nat (servers,outside) source static Internal_QA_Web_Server Web_Server_QA_VM
nat (servers,outside) source static Internal_Demo_Server Demo_Server
nat (servers,outside) source static NETWORK_OBJ_192.168.20.0_24 NETWORK_OBJ_192.168.20.0_24 destination static NETWORK_OBJ_192.168.50.0_24 NETWORK_OBJ_192.168.50.0_24 no-proxy-arp route-lookup
nat (servers,outside) source static Internal_QA_3 External_QA_3
nat (servers,outside) source static Dev_WebServer External_Dev_Web
nat (inside,outside) source static NETWORK_OBJ_192.168.10.0_24 NETWORK_OBJ_192.168.10.0_24 destination static NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_192.168.1.0_24 no-proxy-arp route-lookup
nat (inside,outside) source static NETWORK_OBJ_192.168.10.0_24 NETWORK_OBJ_192.168.10.0_24 destination static NETWORK_OBJ_192.168.100.0_24 NETWORK_OBJ_192.168.100.0_24 no-proxy-arp route-lookup
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 92.51.193.157 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
http server enable
http 192.168.10.0 255.255.255.0 inside
http 192.168.40.0 255.255.255.0 wireless
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transport
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec security-association pmtu-aging infinite
crypto map outside_map 1 match address outside_cryptomap
crypto map outside_map 1 set pfs
crypto map outside_map 1 set peer 84.39.233.50
crypto map outside_map 1 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 1 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map outside_map interface outside
crypto ca trustpool policy
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5
prf sha
lifetime seconds 86400
crypto ikev2 enable outside client-services port 443
crypto ikev1 enable outside
crypto ikev1 policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh 77.75.100.208 255.255.255.240 outside
ssh 192.168.10.0 255.255.255.0 inside
ssh 192.168.40.0 255.255.255.0 wireless
ssh timeout 5
console timeout 0
dhcpd dns 192.168.0.1
dhcpd auto_config outside
dhcpd address 192.168.10.21-192.168.10.240 inside
dhcpd dns 192.168.20.21 83.147.160.2 interface inside
dhcpd option 15 ascii paybackloyalty.com interface inside
dhcpd enable inside
dhcpd address 192.168.40.21-192.168.40.240 wireless
dhcpd dns 192.168.20.21 83.147.160.2 interface wireless
dhcpd update dns interface wireless
dhcpd option 15 ascii paybackloyalty.com interface wireless
dhcpd enable wireless
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
group-policy Payback_VPN internal
group-policy Payback_VPN attributes
vpn-simultaneous-logins 10
vpn-tunnel-protocol ikev1
split-tunnel-policy tunnelspecified
split-tunnel-network-list value Payback_VPN_splitTunnelAcl
group-policy DfltGrpPolicy attributes
dns-server value 83.147.160.2 83.147.160.130
vpn-tunnel-protocol ikev1 ikev2 ssl-clientless
group-policy GroupPolicy_84.39.233.50 internal
group-policy GroupPolicy_84.39.233.50 attributes
vpn-tunnel-protocol ikev1 ikev2
username Noelle password XB/IpvYaATP.2QYm encrypted
username Noelle attributes
vpn-group-policy Payback_VPN
service-type remote-access
username Eanna password vXILR9ZZQIsd1Naw encrypted privilege 0
username Eanna attributes
vpn-group-policy Payback_VPN
service-type remote-access
username Michael password qpbleUqUEchRrgQX encrypted
username Michael attributes
vpn-group-policy Payback_VPN
service-type remote-access
username Danny password .7fEXdzESUk6S/cC encrypted privilege 0
username Danny attributes
vpn-group-policy Payback_VPN
service-type remote-access
username Aileen password tytrelqvV5VRX2pz encrypted privilege 0
username Aileen attributes
vpn-group-policy Payback_VPN
service-type remote-access
username Aidan password aDu6YH0V5XaxpEPg encrypted privilege 0
username Aidan attributes
vpn-group-policy Payback_VPN
service-type remote-access
username gordon password 6e6Djaz3W/XH59zX encrypted privilege 15
username shane.c password iqGMoWOnfO6YKXbw encrypted
username shane.c attributes
vpn-group-policy Payback_VPN
service-type remote-access
username Shane password uYePLcrFadO9pBZx encrypted
username Shane attributes
vpn-group-policy Payback_VPN
service-type remote-access
username James password TdYPv1pvld/hPM0d encrypted
username James attributes
vpn-group-policy Payback_VPN
service-type remote-access
username mark password yruxpddqfyNb.qFn encrypted
username mark attributes
service-type admin
username Mary password XND5FTEiyu1L1zFD encrypted
username Mary attributes
vpn-group-policy Payback_VPN
service-type remote-access
username Massimo password vs65MMo4rM0l4rVu encrypted privilege 0
username Massimo attributes
vpn-group-policy Payback_VPN
service-type remote-access
tunnel-group Payback_VPN type remote-access
tunnel-group Payback_VPN general-attributes
address-pool VPN1
default-group-policy Payback_VPN
tunnel-group Payback_VPN ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 84.39.233.50 type ipsec-l2l
tunnel-group 84.39.233.50 general-attributes
default-group-policy GroupPolicy_84.39.233.50
tunnel-group 84.39.233.50 ipsec-attributes
ikev1 pre-shared-key *****
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
class-map global-class
match default-inspection-traffic
policy-map global-policy
class global-class
inspect dns
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect pptp
inspect rsh
inspect rtsp
inspect sip
inspect snmp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect xdmcp
inspect icmp error
inspect icmp
service-policy global-policy global
smtp-server 192.168.20.21
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:d06974501eb0327a5ed229c8445f4fe1
ASA 2
ASA Version 9.0(1)
hostname Payback-CIX
enable password HSMurh79NVmatjY0 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Ethernet0/0
switchport access vlan 2
speed 100
duplex full
interface Ethernet0/1
description This port connects to VLAN 100
switchport access vlan 100
interface Ethernet0/2
interface Ethernet0/3
switchport access vlan 100
interface Ethernet0/4
switchport access vlan 100
interface Ethernet0/5
switchport access vlan 100
interface Ethernet0/6
switchport access vlan 100
interface Ethernet0/7
switchport access vlan 100
interface Vlan2
nameif outside
security-level 0
ip address 84.39.233.50 255.255.255.240
interface Vlan100
nameif inside
security-level 100
ip address 192.168.100.1 255.255.255.0
banner login line Welcome to Payback Loyalty - CIX
ftp mode passive
clock summer-time gmt/idt recurring last Sun Mar 1:00 last Sun Oct 2:00
dns domain-lookup outside
dns domain-lookup inside
dns server-group defaultDNS
name-server 8.8.8.8
name-server 8.8.4.4
same-security-traffic permit inter-interface
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network CIX-Host-1
host 192.168.100.2
description This is the host machine of the VM servers
object network External_CIX-Host-1
host 84.39.233.51
description This is the external IP address of the host server for the VM server
object service RDP
service tcp source range 1 65535 destination eq 3389
object network Payback_Office
host 92.51.193.158
object service MSQL
service tcp destination eq 1433
object network Development_OLTP
host 192.168.100.10
description VM for Eiresoft
object network External_Development_OLTP
host 84.39.233.52
description This is the external IP address for the VM for Eiresoft
object network Eiresoft
host 146.66.160.70
description DBA Contractor
object network External_TMC_Web
host 84.39.233.53
description Public Address of TMC Webserver
object network TMC_Webserver
host 192.168.100.19
description Internal Address of TMC Webserver
object network External_TMC_OLTP
host 84.39.233.54
description Targets OLTP external IP
object network TMC_OLTP
host 192.168.100.18
description Targets interal IP address
object network External_OLTP_Failover
host 84.39.233.55
description Public IP of OLTP Failover
object network OLTP_Failover
host 192.168.100.60
description Server for OLTP failover
object network Servers
subnet 192.168.20.0 255.255.255.0
object network Wired
subnet 192.168.10.0 255.255.255.0
object network Wireless
subnet 192.168.40.0 255.255.255.0
object network NETWORK_OBJ_192.168.100.0_24
subnet 192.168.100.0 255.255.255.0
object network NETWORK_OBJ_192.168.10.0_24
subnet 192.168.10.0 255.255.255.0
object network Eiresoft_2nd
host 137.117.217.29
description Eiresoft 2nd IP
object network Dev_Test_Webserver
host 192.168.100.12
description Dev Test Webserver Internal Address
object network External_Dev_Test_Webserver
host 84.39.233.56
description This is the PB Dev Test Webserver
object network NETWORK_OBJ_192.168.1.0_24
subnet 192.168.1.0 255.255.255.0
object-group service DM_INLINE_SERVICE_1
service-object object MSQL
service-object object RDP
object-group service DM_INLINE_SERVICE_2
service-object object MSQL
service-object object RDP
object-group service DM_INLINE_SERVICE_3
service-object object MSQL
service-object object RDP
object-group service DM_INLINE_SERVICE_4
service-object object MSQL
service-object object RDP
service-object tcp destination eq ftp
object-group service DM_INLINE_SERVICE_5
service-object object MSQL
service-object object RDP
service-object tcp destination eq ftp
object-group service DM_INLINE_SERVICE_6
service-object object MSQL
service-object object RDP
object-group network Payback_Intrernal
network-object object Servers
network-object object Wired
network-object object Wireless
object-group service DM_INLINE_SERVICE_7
service-object object MSQL
service-object object RDP
object-group service DM_INLINE_SERVICE_8
service-object object MSQL
service-object object RDP
object-group service DM_INLINE_SERVICE_9
service-object object MSQL
service-object object RDP
object-group service DM_INLINE_SERVICE_10
service-object object MSQL
service-object object RDP
service-object tcp destination eq ftp
object-group service DM_INLINE_SERVICE_11
service-object object RDP
service-object tcp destination eq ftp
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_1 object Payback_Office object CIX-Host-1
access-list outside_access_in remark Development OLTP from Payback Office
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_2 object Payback_Office object Development_OLTP
access-list outside_access_in remark Access for Eiresoft
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_3 object Eiresoft object Development_OLTP
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_4 object Payback_Office object TMC_Webserver
access-list outside_access_in remark Access to OLTP for target from Payback Office
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_5 object Payback_Office object TMC_OLTP
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_6 object Payback_Office object OLTP_Failover
access-list outside_access_in remark This is allowing access from Eiresoft to the OLTP Failover server
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_7 object Eiresoft object OLTP_Failover
access-list outside_access_in remark Access for the 2nd IP from Eiresoft
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_8 object Eiresoft_2nd object Development_OLTP
access-list outside_access_in remark Access from the 2nd Eiresoft IP
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_9 object Eiresoft_2nd object OLTP_Failover
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_10 object Payback_Office object Dev_Test_Webserver
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_11 object Payback_Office object External_TMC_OLTP
access-list outside_cryptomap extended permit ip 192.168.100.0 255.255.255.0 192.168.10.0 255.255.255.0
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (inside,outside) source dynamic any interface
nat (inside,outside) source static CIX-Host-1 External_CIX-Host-1
nat (inside,outside) source static Development_OLTP External_Development_OLTP
nat (inside,outside) source static TMC_Webserver External_TMC_Web
nat (inside,outside) source static TMC_OLTP External_TMC_OLTP
nat (inside,outside) source static OLTP_Failover External_OLTP_Failover
nat (inside,outside) source static Dev_Test_Webserver External_Dev_Test_Webserver
nat (inside,outside) source static NETWORK_OBJ_192.168.100.0_24 NETWORK_OBJ_192.168.100.0_24 destination static NETWORK_OBJ_192.168.10.0_24 NETWORK_OBJ_192.168.10.0_24 no-proxy-arp route-lookup
nat (inside,outside) source static NETWORK_OBJ_192.168.100.0_24 NETWORK_OBJ_192.168.100.0_24 destination static NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_192.168.1.0_24 no-proxy-arp route-lookup
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 84.39.233.49 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
http server enable
http 92.51.193.156 255.255.255.252 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transport
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec security-association pmtu-aging infinite
crypto map outside_map 1 match address outside_cryptomap
crypto map outside_map 1 set pfs
crypto map outside_map 1 set peer 92.51.193.158
crypto map outside_map 1 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 1 set ikev2 ipsec-proposal DES 3DES AES AES192 AES256
crypto map outside_map interface outside
crypto ca trustpool policy
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable outside
crypto ikev1 enable outside
crypto ikev1 policy 10
authentication crack
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 20
authentication rsa-sig
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 30
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 40
authentication crack
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 50
authentication rsa-sig
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 60
authentication pre-share
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 70
authentication crack
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 80
authentication rsa-sig
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 90
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 100
authentication crack
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 110
authentication rsa-sig
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 120
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 130
authentication crack
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 140
authentication rsa-sig
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 150
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh 77.75.100.208 255.255.255.240 outside
ssh 92.51.193.156 255.255.255.252 outside
ssh timeout 5
console timeout 0
dhcpd auto_config outside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
group-policy GroupPolicy_92.51.193.158 internal
group-policy GroupPolicy_92.51.193.158 attributes
vpn-tunnel-protocol ikev1 ikev2
username gordon password 6e6Djaz3W/XH59zX encrypted privilege 15
tunnel-group 92.51.193.158 type ipsec-l2l
tunnel-group 92.51.193.158 general-attributes
default-group-policy GroupPolicy_92.51.193.158
tunnel-group 92.51.193.158 ipsec-attributes
ikev1 pre-shared-key *****
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:83b2069fa311e6037163ae74f9b2bec2
: end

Hi,
Thanks for the help to date
I now have the Site to Site working but there is one little issue I have. If I try to RD to a server through the tunnel it will not allow connection on the first attempt however if I ping that host and then attempt to RD it will allow the connection. It looks like the host is asleep until it receives traffic through the tunnel. Is this thje correct behaviour.
See below the details:
ASA1:
hostname PAYBACK
enable password HSMurh79NVmatjY0 encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd 2KFQnbNIdI.2KYOU encrypted
names
ip local pool VPN1 192.168.50.1-192.168.50.254 mask 255.255.255.0
interface Ethernet0/0
switchport access vlan 2
speed 100
duplex full
interface Ethernet0/1
description Trunk link to SW1
switchport trunk allowed vlan 1,10,20,30,40
switchport trunk native vlan 1
switchport mode trunk
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
no nameif
no security-level
no ip address
interface Vlan2
nameif outside
security-level 0
ip address XX.XX.XX.XX 255.255.255.252
interface Vlan10
nameif inside
security-level 100
ip address 192.168.10.1 255.255.255.0
interface Vlan20
nameif servers
security-level 100
ip address 192.168.20.1 255.255.255.0
interface Vlan30
nameif printers
security-level 100
ip address 192.168.30.1 255.255.255.0
interface Vlan40
nameif wireless
security-level 100
ip address 192.168.40.1 255.255.255.0
banner login line Welcome to Payback Loyalty Systems
boot system disk0:/asa901-k8.bin
ftp mode passive
clock summer-time GMT/IDT recurring last Sun Mar 1:00 last Sun Oct 2:00
dns domain-lookup outside
dns domain-lookup inside
dns domain-lookup servers
dns domain-lookup printers
dns domain-lookup wireless
dns server-group DefaultDNS
name-server 83.147.160.2
name-server 83.147.160.130
same-security-traffic permit inter-interface
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network ftp_server
object network Internal_Report_Server
host 192.168.20.21
description Automated Report Server Internal Address
object network Report_Server
host 89.234.126.9
description Automated Report Server
object service RDP
service tcp destination eq 3389
description RDP to Server
object network Host_QA_Server
host 89.234.126.10
description QA Host External Address
object network Internal_Host_QA
host 192.168.20.22
description Host of VM machine for QA
object network Internal_QA_Web_Server
host 192.168.20.23
description Web Server in QA environment
object network Web_Server_QA_VM
host 89.234.126.11
description Web server in QA environment
object service SQL_Server
service tcp destination eq 1433
object network Demo_Server
host 89.234.126.12
description Server set up to Demo Product
object network Internal_Demo_Server
host 192.168.20.24
description Internal IP Address of Demo Server
object network NETWORK_OBJ_192.168.20.0_24
subnet 192.168.20.0 255.255.255.0
object network NETWORK_OBJ_192.168.50.0_26
subnet 192.168.50.0 255.255.255.192
object network NETWORK_OBJ_192.168.0.0_16
subnet 192.168.0.0 255.255.0.0
object service MSSQL
service tcp destination eq 1434
description MSSQL port
object network VPN-network
subnet 192.168.50.0 255.255.255.0
object network NETWORK_OBJ_192.168.50.0_24
subnet 192.168.50.0 255.255.255.0
object service TS
service tcp destination eq 4400
object service TS_Return
service tcp source eq 4400
object network External_QA_3
host 89.234.126.13
object network Internal_QA_3
host 192.168.20.25
object network Dev_WebServer
host 192.168.20.27
object network External_Dev_Web
host 89.234.126.14
object network NETWORK_OBJ_192.168.100.0_24
subnet 192.168.100.0 255.255.255.0
object network Wireless
subnet 192.168.40.0 255.255.255.0
description Wireless network
object network Servers
subnet 192.168.20.0 255.255.255.0
object-group service DM_INLINE_SERVICE_1
service-object tcp destination eq ftp
service-object tcp destination eq netbios-ssn
service-object tcp destination eq smtp
service-object object TS
service-object object SQL_Server
object-group service DM_INLINE_SERVICE_3
service-object tcp destination eq www
service-object tcp destination eq https
service-object object TS
service-object object TS_Return
object-group service DM_INLINE_SERVICE_4
service-object object RDP
service-object tcp destination eq www
service-object tcp destination eq https
object-group service DM_INLINE_SERVICE_5
service-object object MSSQL
service-object object RDP
service-object object TS
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
object-group service DM_INLINE_SERVICE_6
service-object object TS
service-object object TS_Return
service-object tcp destination eq www
service-object tcp destination eq https
object-group network DM_INLINE_NETWORK_1
network-object 192.168.10.0 255.255.255.0
network-object 192.168.20.0 255.255.255.0
network-object 192.168.40.0 255.255.255.0
object-group network Payback_Internal
network-object 192.168.10.0 255.255.255.0
network-object 192.168.20.0 255.255.255.0
network-object 192.168.40.0 255.255.255.0
access-list outside_access_in remark This rule is allowing from internet to interal server.
access-list outside_access_in remark Allowed:
access-list outside_access_in remark FTP
access-list outside_access_in remark RDP
access-list outside_access_in remark SMTP
access-list outside_access_in remark Net Bios
access-list outside_access_in remark SQL
access-list outside_access_in remark TS - 4400
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_1 any4 object Internal_Report_Server
access-list outside_access_in remark Access rule to internal host QA
access-list outside_access_in remark Allowed:
access-list outside_access_in remark HTTP
access-list outside_access_in remark RDP
access-list outside_access_in extended permit tcp any4 object Internal_Host_QA eq www
access-list outside_access_in remark Access to INternal Web Server:
access-list outside_access_in remark Allowed:
access-list outside_access_in remark HTTP
access-list outside_access_in remark RDP
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_3 any4 object Internal_QA_Web_Server
access-list outside_access_in remark Rule for allowing access to Demo server
access-list outside_access_in remark Allowed:
access-list outside_access_in remark RDP
access-list outside_access_in remark MSSQL
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_4 any4 object Internal_Demo_Server
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_5 any object Internal_QA_3
access-list outside_access_in remark Access for Development WebServer
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_6 any object Dev_WebServer
access-list AnyConnect_Client_Local_Print extended deny ip any4 any4
access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq lpd
access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol
access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 631
access-list AnyConnect_Client_Local_Print remark Windows' printing port
access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 9100
access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol
access-list AnyConnect_Client_Local_Print extended permit udp any4 host 224.0.0.251 eq 5353
access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name Resolution protocol
access-list AnyConnect_Client_Local_Print extended permit udp any4 host 224.0.0.252 eq 5355
access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol
access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 137
access-list AnyConnect_Client_Local_Print extended permit udp any4 any4 eq netbios-ns
access-list Payback_VPN_splitTunnelAcl standard permit 192.168.20.0 255.255.255.0
access-list outside_cryptomap extended permit ip object-group DM_INLINE_NETWORK_1 192.168.100.0 255.255.255.0
pager lines 24
logging enable
logging console informational
logging asdm informational
logging from-address [email protected]
logging recipient-address [email protected] level alerts
mtu outside 1500
mtu inside 1500
mtu servers 1500
mtu printers 1500
mtu wireless 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-711-52.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (inside,outside) source static DM_INLINE_NETWORK_1 DM_INLINE_NETWORK_1 destination static NETWORK_OBJ_192.168.100.0_24 NETWORK_OBJ_192.168.100.0_24 no-proxy-arp route-lookup
nat (wireless,outside) source static Wireless Wireless destination static NETWORK_OBJ_192.168.100.0_24 NETWORK_OBJ_192.168.100.0_24 no-proxy-arp route-lookup
nat (servers,outside) source static Servers Servers destination static NETWORK_OBJ_192.168.100.0_24 NETWORK_OBJ_192.168.100.0_24 no-proxy-arp route-lookup
nat (inside,outside) source dynamic any interface
nat (wireless,outside) source dynamic any interface
nat (servers,outside) source dynamic any interface
nat (servers,outside) source static Internal_Report_Server Report_Server
nat (servers,outside) source static Internal_Host_QA Host_QA_Server
nat (servers,outside) source static Internal_QA_Web_Server Web_Server_QA_VM
nat (servers,outside) source static Internal_Demo_Server Demo_Server
nat (servers,outside) source static NETWORK_OBJ_192.168.20.0_24 NETWORK_OBJ_192.168.20.0_24 destination static NETWORK_OBJ_192.168.50.0_24 NETWORK_OBJ_192.168.50.0_24 no-proxy-arp route-lookup
nat (servers,outside) source static Internal_QA_3 External_QA_3
nat (servers,outside) source static Dev_WebServer External_Dev_Web
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 92.51.193.157 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
http server enable
http 192.168.10.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transport
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map outside_map 1 match address outside_cryptomap
crypto map outside_map 1 set pfs
crypto map outside_map 1 set peer XX.XX.XX.XX
crypto map outside_map 1 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 1 set ikev2 ipsec-proposal DES 3DES AES AES192 AES256
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map inside_map interface inside
crypto map servers_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map servers_map interface servers
crypto ca trustpool policy
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5
prf sha
lifetime seconds 86400
crypto ikev2 enable outside client-services port 443
crypto ikev2 enable inside client-services port 443
crypto ikev1 enable outside
crypto ikev1 enable inside
crypto ikev1 enable servers
crypto ikev1 policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh 192.168.10.0 255.255.255.0 inside
ssh timeout 5
console timeout 0
dhcpd dns 192.168.0.1
dhcpd auto_config outside
dhcpd address 192.168.10.21-192.168.10.240 inside
dhcpd dns 192.168.20.21 83.147.160.2 interface inside
dhcpd option 15 ascii paybackloyalty.com interface inside
dhcpd enable inside
dhcpd address 192.168.40.21-192.168.40.240 wireless
dhcpd dns 192.168.20.21 83.147.160.2 interface wireless
dhcpd update dns interface wireless
dhcpd option 15 ascii paybackloyalty.com interface wireless
dhcpd enable wireless
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
group-policy Payback_VPN internal
group-policy Payback_VPN attributes
vpn-simultaneous-logins 10
vpn-tunnel-protocol ikev1
split-tunnel-policy tunnelspecified
split-tunnel-network-list value Payback_VPN_splitTunnelAcl
group-policy DfltGrpPolicy attributes
dns-server value 83.147.160.2 83.147.160.130
vpn-tunnel-protocol ikev1 ikev2 ssl-clientless
group-policy GroupPolicy_84.39.233.50 internal
group-policy GroupPolicy_84.39.233.50 attributes
vpn-tunnel-protocol ikev1 ikev2
username Noelle password XB/IpvYaATP.2QYm encrypted
username Noelle attributes
vpn-group-policy Payback_VPN
service-type remote-access
username Eanna password vXILR9ZZQIsd1Naw encrypted privilege 0
username Eanna attributes
vpn-group-policy Payback_VPN
service-type remote-access
username Michael password qpbleUqUEchRrgQX encrypted
username Michael attributes
vpn-group-policy Payback_VPN
service-type remote-access
username Danny password .7fEXdzESUk6S/cC encrypted privilege 0
username Danny attributes
vpn-group-policy Payback_VPN
service-type remote-access
username niamh password MlFlIlEiy8vismE0 encrypted
username niamh attributes
service-type admin
username Aileen password tytrelqvV5VRX2pz encrypted privilege 0
username Aileen attributes
vpn-group-policy Payback_VPN
service-type remote-access
username Aidan password aDu6YH0V5XaxpEPg encrypted privilege 0
username Aidan attributes
vpn-group-policy Payback_VPN
service-type remote-access
username gordon password 6e6Djaz3W/XH59zX encrypted privilege 15
username shane.c password iqGMoWOnfO6YKXbw encrypted
username shane.c attributes
vpn-group-policy Payback_VPN
service-type remote-access
username Shane password yQeVtvLLKqapoUje encrypted privilege 0
username Shane attributes
vpn-group-policy Payback_VPN
service-type remote-access
username James password TdYPv1pvld/hPM0d encrypted
username James attributes
vpn-group-policy Payback_VPN
service-type remote-access
username mark password yruxpddqfyNb.qFn encrypted
username mark attributes
service-type admin
username Mary password XND5FTEiyu1L1zFD encrypted
username Mary attributes
vpn-group-policy Payback_VPN
service-type remote-access
username Massimo password vs65MMo4rM0l4rVu encrypted privilege 0
username Massimo attributes
vpn-group-policy Payback_VPN
service-type remote-access
tunnel-group Payback_VPN type remote-access
tunnel-group Payback_VPN general-attributes
address-pool VPN1
default-group-policy Payback_VPN
tunnel-group Payback_VPN ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 84.39.233.50 type ipsec-l2l
tunnel-group 84.39.233.50 general-attributes
default-group-policy GroupPolicy_84.39.233.50
tunnel-group 84.39.233.50 ipsec-attributes
ikev1 pre-shared-key *****
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
class-map global-class
match default-inspection-traffic
policy-map global-policy
class global-class
inspect dns
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect pptp
inspect rsh
inspect rtsp
inspect sip
inspect snmp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect xdmcp
inspect icmp error
inspect icmp
service-policy global-policy global
smtp-server 192.168.20.21
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:83fa7ce1d93375645205f6e79b526381
ASA2:
ASA Version 9.0(1)
hostname Payback-CIX
enable password HSMurh79NVmatjY0 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Ethernet0/0
switchport access vlan 2
speed 100
duplex full
interface Ethernet0/1
description This port connects to VLAN 100
switchport access vlan 100
interface Ethernet0/2
interface Ethernet0/3
switchport access vlan 100
interface Ethernet0/4
switchport access vlan 100
interface Ethernet0/5
switchport access vlan 100
interface Ethernet0/6
switchport access vlan 100
interface Ethernet0/7
switchport access vlan 100
interface Vlan2
nameif outside
security-level 0
ip address X.X.X.X 255.255.255.240
interface Vlan100
nameif inside
security-level 100
ip address 192.168.100.1 255.255.255.0
banner login line Welcome to Payback Loyalty - CIX
ftp mode passive
clock timezone GMT 0
clock summer-time gmt/idt recurring last Sun Mar 1:00 last Sun Oct 2:00
dns domain-lookup outside
dns domain-lookup inside
dns server-group defaultDNS
name-server 8.8.8.8
name-server 8.8.4.4
same-security-traffic permit inter-interface
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network CIX-Host-1
host 192.168.100.2
description This is the host machine of the VM servers
object network External_CIX-Host-1
host 84.39.233.51
description This is the external IP address of the host server for the VM server
object service RDP
service tcp source range 1 65535 destination eq 3389
object network Payback_Office
host 92.51.193.158
object service MSQL
service tcp destination eq 1433
object network Development_OLTP
host 192.168.100.10
description VM for Eiresoft
object network External_Development_OLTP
host 84.39.233.52
description This is the external IP address for the VM for Eiresoft
object network External_TMC_Web
host 84.39.233.53
description Public Address of TMC Webserver
object network TMC_Webserver
host 192.168.100.19
description Internal Address of TMC Webserver
object network External_TMC_OLTP
host 84.39.233.54
description Targets OLTP external IP
object network TMC_OLTP
host 192.168.100.18
description Targets interal IP address
object network External_OLTP_Failover
host 84.39.233.55
description Public IP of OLTP Failover
object network OLTP_Failover
host 192.168.100.60
description Server for OLTP failover
object network Servers
subnet 192.168.20.0 255.255.255.0
object network Wired
subnet 192.168.10.0 255.255.255.0
object network Wireless
subnet 192.168.40.0 255.255.255.0
object network NETWORK_OBJ_192.168.100.0_24
subnet 192.168.100.0 255.255.255.0
object network NETWORK_OBJ_192.168.10.0_24
subnet 192.168.10.0 255.255.255.0
object network Eiresoft_2nd
host 137.117.217.29
description Eiresoft 2nd IP
object network Dev_Test_Webserver
host 192.168.100.12
description Dev Test Webserver Internal Address
object network External_Dev_Test_Webserver
host 84.39.233.56
description This is the PB Dev Test Webserver
object network NETWORK_OBJ_192.168.1.0_24
subnet 192.168.1.0 255.255.255.0
object network LAN
subnet 192.168.100.0 255.255.255.0
object network REMOTE-LAN
subnet 192.168.10.0 255.255.255.0
object network TargetMC
host 83.71.194.145
description This is Target Location that will be accessing the Webserver
object network Rackspace_OLTP
host 162.13.34.56
description This is the IP address of production OLTP
object service DB
service tcp destination eq 5022
object network Topaz_Target_VM
host 82.198.151.168
description This is Topaz IP that will be accessing Targets VM
object service DB_2
service tcp destination eq 5023
object network EireSoft_NEW_IP
host 146.66.161.3
description Eiresoft latest IP form ISP DHCP
object-group service DM_INLINE_SERVICE_1
service-object object MSQL
service-object object RDP
service-object icmp echo
service-object icmp echo-reply
object-group service DM_INLINE_SERVICE_2
service-object object MSQL
service-object object RDP
object-group service DM_INLINE_SERVICE_4
service-object object MSQL
service-object object RDP
service-object tcp destination eq ftp
service-object tcp destination eq www
object-group service DM_INLINE_SERVICE_5
service-object object MSQL
service-object object RDP
service-object tcp destination eq ftp
object-group service DM_INLINE_SERVICE_6
service-object object MSQL
service-object object RDP
object-group network Payback_Intrernal
network-object object Servers
network-object object Wired
network-object object Wireless
object-group service DM_INLINE_SERVICE_8
service-object object MSQL
service-object object RDP
object-group service DM_INLINE_SERVICE_9
service-object object MSQL
service-object object RDP
object-group service DM_INLINE_SERVICE_10
service-object object MSQL
service-object object RDP
service-object tcp destination eq ftp
service-object icmp echo
service-object icmp echo-reply
service-object object DB
object-group service DM_INLINE_SERVICE_11
service-object object RDP
service-object tcp destination eq ftp
object-group service DM_INLINE_SERVICE_12
service-object object MSQL
service-object icmp echo
service-object icmp echo-reply
service-object object DB
service-object object DB_2
object-group service DM_INLINE_SERVICE_13
service-object object MSQL
service-object object RDP
object-group service DM_INLINE_SERVICE_14
service-object object MSQL
service-object object RDP
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_1 object Payback_Office object CIX-Host-1
access-list outside_access_in remark Development OLTP from Payback Office
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_2 object Payback_Office object Development_OLTP
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_4 object Payback_Office object TMC_Webserver
access-list outside_access_in remark Access to OLTP for target from Payback Office
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_5 object Payback_Office object TMC_OLTP
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_6 object Payback_Office object OLTP_Failover
access-list outside_access_in remark Access for the 2nd IP from Eiresoft
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_8 object Eiresoft_2nd object Development_OLTP
access-list outside_access_in remark Access from the 2nd Eiresoft IP
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_9 object Eiresoft_2nd object OLTP_Failover
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_10 object Payback_Office object Dev_Test_Webserver
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_11 object Payback_Office object External_TMC_OLTP
access-list outside_access_in remark Access rules from Traget to CIX for testing
access-list outside_access_in extended permit tcp object TargetMC object TMC_Webserver eq www
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_12 object Rackspace_OLTP object OLTP_Failover
access-list outside_access_in remark Topaz access to Target VM
access-list outside_access_in extended permit tcp object Topaz_Target_VM object TMC_Webserver eq www
access-list outside_access_in remark Opened up for Target for the weekend. Closing on Monday 20th
access-list outside_access_in extended permit tcp any object TMC_Webserver eq www
access-list outside_access_in remark Access for Eiresoft after their ISP changed their IP Address
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_13 object EireSoft_NEW_IP object Development_OLTP
access-list outside_access_in remark Eiresoft Access after ISP changed their IP Address
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_14 object EireSoft_NEW_IP object OLTP_Failover
access-list outside_cryptomap extended permit ip 192.168.100.0 255.255.255.0 object-group Payback_Intrernal
pager lines 24
logging enable
logging console debugging
logging asdm informational
mtu outside 1500
mtu inside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (inside,outside) source static NETWORK_OBJ_192.168.100.0_24 NETWORK_OBJ_192.168.100.0_24 destination static Payback_Intrernal Payback_Intrernal no-proxy-arp route-lookup
nat (inside,outside) source static CIX-Host-1 External_CIX-Host-1
nat (inside,outside) source static Development_OLTP External_Development_OLTP
nat (inside,outside) source static TMC_Webserver External_TMC_Web
nat (inside,outside) source static TMC_OLTP External_TMC_OLTP
nat (inside,outside) source static OLTP_Failover External_OLTP_Failover
nat (inside,outside) source static Dev_Test_Webserver External_Dev_Test_Webserver
nat (inside,outside) source dynamic LAN interface
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 84.39.233.49 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
http server enable
http X.X.X.X 255.255.255.252 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transport
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec security-association pmtu-aging infinite
crypto map outside_map 1 match address outside_cryptomap
crypto map outside_map 1 set pfs
crypto map outside_map 1 set peer X.X.X.X
crypto map outside_map 1 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 1 set ikev2 ipsec-proposal DES 3DES AES AES192 AES256
crypto map outside_map interface outside
crypto ca trustpool policy
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable outside
crypto ikev1 enable outside
crypto ikev1 policy 10
authentication crack
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 20
authentication rsa-sig
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 30
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 40
authentication crack
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 50
authentication rsa-sig
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 60
authentication pre-share
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 70
authentication crack
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 80
authentication rsa-sig
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 90
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 100
authentication crack
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 110
authentication rsa-sig
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 120
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 130
authentication crack
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 140
authentication rsa-sig
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 150
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh X.X.X.X 255.255.255.240 outside
ssh X.X.X.X 255.255.255.252 outside
ssh 192.168.40.0 255.255.255.0 outside
ssh timeout 5
console timeout 0
dhcpd auto_config outside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
group-policy GroupPolicy_92.51.193.158 internal
group-policy GroupPolicy_92.51.193.158 attributes
vpn-tunnel-protocol ikev1 ikev2
username gordon password 6e6Djaz3W/XH59zX encrypted privilege 15
tunnel-group 92.51.193.158 type ipsec-l2l
tunnel-group 92.51.193.158 general-attributes
default-group-policy GroupPolicy_92.51.193.158
tunnel-group 92.51.193.158 ipsec-attributes
ikev1 pre-shared-key *****
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:78a7b9ccec2fa048306092eb29a2b769

CSCum96401 - Cisco ASA IKEv2 Denial of Service Vulnerability

Similar Messages

Maybe you are looking for