Denying all traffic on the inside unless specified

Hi Is there a way to configure my asa5505 to dent all traffic on the inside so i can specify what ip or host  can access specific protocol or ports via access list? im thinking mabe i ned to set the inside security level to 0 also and then specify any ideas.

Hi,
Well it is pretty simple,
You will have to use ACL and simply only allow the traffic you need to allow. Since the ACL automatically denies any traffic that isnt specifically permitted you dont really need any deny statements even.
You cant make specific rules with the "security-level" alone and using an interface ACL basically makes the "security-level" useless for the most part.
As soon as you configure an ACL like this for example
access-list INSIDE-IN permit tcp any host 1.1.1.1 eq 80
access-group INSIDE-IN in interface inside
It will mean that only traffic that is allowed is TCP/80 traffic to destination IP address 1.1.1.1. All other traffic will be blocked because of the Implicit Deny in every ACL. It wont show in the CLI configuration. Naturally if you want you can always add the deny rule to the ACL to see the hitcount of traffic that has not matched the previous rules
access-list INSIDE-IN permit tcp any host 1.1.1.1 eq 80
access-list INSIDE-IN deny ip any any
access-group INSIDE-IN in interface inside
You will have to make sure that you dont block any essential services your users might need like usually HTTP, HTTPS, DNS for example. It really depends on what you are trying to achieve.
- Jouni

Similar Messages

  • I have denied all access to the hard drive on my i mac what can i do to be able to use it again

    I have denied all acess to the hard drive on my Imac I purchased a refurbished imac about 6  months ago and im still not really familiar with every thing as i used to use a windows computer so ill try my best to describe what i have done. On the desk top it had a hard drive icon I open it. There was a section about allowing access. There were three different ones (now Im not exactly sure but i believe it looked something like this
    System     Read and Write
                    Read only
                   Write to drop box
    User    
                    Read and Write
                    Read only
                   Write to drop box
    Shared     Read only
                   deny access
    I then changed the bottom one to deny access, the middle one to write to drop box and then the top one to write to drop box ( I quickly realized how stupid this was) It then wouldn't let me do or open anything. I ended up turning it off by pressing the button on the back of the I MAC. When I turned it back on it asked for my password which i entered, then it went to the screen with the apple in the center and the loading icon underneath and has not changed.
    What can i do so i can use it again?
    I think it was OS 9.5.? I dont really know and cant even access this info anymore

    in the folders on the left your will have your mail account and local folders.
    Anything in local folders is stored only on your local hard disk.
    * Right click the mail account. Select settings
    * Select copies and folders for your university account
    * Click archive options and select the type of structure you want the archive in. (keep existing folder structure would be important to you think)
    * in the copies and folders, change the archive folder to other and select the archive folder for local folders (the local folders account entry in the list will expand if you hover the mouse over it)
    Now some other points. ''
    * Holding shift while clicking select everything in the list between clicks. Holding Ctrl while clicking will hold the selections and allow other entries to be toggles on and off by clicking them.
    * Ctrl+A will select the entire list
    Finally''
    Pressing the A key when mail is selected archives it.

  • Network analyzer sees all traffic on the switch

    /* Style Definitions */
    table.MsoNormalTable
    {mso-style-name:Standaardtabel;
    mso-tstyle-rowband-size:0;
    mso-tstyle-colband-size:0;
    mso-style-noshow:yes;
    mso-style-priority:99;
    mso-style-qformat:yes;
    mso-style-parent:"";
    mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
    mso-para-margin:0cm;
    mso-para-margin-bottom:.0001pt;
    mso-pagination:widow-orphan;
    font-size:11.0pt;
    font-family:"Calibri","sans-serif";
    mso-ascii-font-family:Calibri;
    mso-ascii-theme-font:minor-latin;
    mso-fareast-font-family:"Times New Roman";
    mso-fareast-theme-font:minor-fareast;
    mso-hansi-font-family:Calibri;
    mso-hansi-theme-font:minor-latin;
    mso-bidi-font-family:"Times New Roman";
    mso-bidi-theme-font:minor-bidi;}
    A client of us is having a very strange issue. They see a very load (initially just by watching the LEDs en got a software analyzer run on it. Now a software analyzer on a single port, even in promiscuous mode should only get its local data on a single switch port. The switch should only deliver local data to that port (thats why its switch, not a hub yes?) But to our surprise the analyze sees all the traffic, even the traffic that should get on to that specific switch, let a lone that port on the switch. It looks like everything is working like a big hub.
    Hereunder is a screenshot of the installed network analyser:
    v\:* {behavior:url(#default#VML);}
    o\:* {behavior:url(#default#VML);}
    w\:* {behavior:url(#default#VML);}
    .shape {behavior:url(#default#VML);}
    /* Style Definitions */
    table.MsoNormalTable
    {mso-style-name:Standaardtabel;
    mso-tstyle-rowband-size:0;
    mso-tstyle-colband-size:0;
    mso-style-noshow:yes;
    mso-style-priority:99;
    mso-style-qformat:yes;
    mso-style-parent:"";
    mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
    mso-para-margin:0cm;
    mso-para-margin-bottom:.0001pt;
    mso-pagination:widow-orphan;
    font-size:11.0pt;
    font-family:"Calibri","sans-serif";
    mso-ascii-font-family:Calibri;
    mso-ascii-theme-font:minor-latin;
    mso-fareast-font-family:"Times New Roman";
    mso-fareast-theme-font:minor-fareast;
    mso-hansi-font-family:Calibri;
    mso-hansi-theme-font:minor-latin;
    mso-bidi-font-family:"Times New Roman";
    mso-bidi-theme-font:minor-bidi;}
    Can anyone assist in finding where this is going wrong?
    units in use:
    SGE2000-EU
    SRW224G4-EU
    SRW224G4P-EU
    SRW248G4-EU
    Kind Regards

    Hi RONVER-Systems,
    I cannot see the first image, just doesn't want to come up.  Knowing the behavior of a switch I can imagine "broadcast' traffic being received on each port.
    It would be more relavvnt if you could use wireshark (a freeware 'sniffer' program)  and try the same capture again and post the capture file as a .cap file.
    But you obviously will see broadcast traffic arrive at each switch port. The switches will route at Layer 2 any unicast traffic.  But lets check out the capture file you send in again.
    Sorry for this bother, I just can't see the first image you posted.
    regards Dave

  • Rename SAP username - Find all references in the system

    Hi all,
    we want to rename (copy and create new sap user id) in our SAP system.
    Now we have to find all objects and relationships where the old users are specified.
    Is there a way how to find all program where the users are specified?
    Z-Programs where users are specified?
    Z-Customizing tables where users are specified?
    Customizing settings where users are specified?
    Any ideas?
    regards

    >
    CC_BC Team wrote:
    > we want to rename (copy and create new sap user id) in our SAP system.
    > Is there a way how to find all program where the users are specified?
    > Z-Programs where users are specified?
    > Z-Customizing tables where users are specified?
    > Customizing settings where users are specified?
    > Any ideas?
    > regards
    Last time one of our user changed her last name we create new user id for her and then locked and deleted old account.
    I don't think its possible to change username from all documents/objects/change documents which users has created under his/her id. The best, and the only way I think is to create new user id and delete/lock old one.
    Regards,
    Pawan.
    PS: profile parameters and favourites can be copied from old user id to new or any other user id.
    Edited by: Pawan Kesari on Aug 17, 2010 8:21 PM

  • RV016 Router Allow All Traffic For Outside IP

    Hi,
    I need to configure the firewall to allow all traffice for an IP address of a sever. What steps in the router do i need to configure this? This is a cloud based voip server and we have IP phones and we need to add an IP address of the phone server to allow all traffic for that IP.
    thanks.

    Hi Jonathan,
    I have a similar problem with VOIP traffic being dropped by my new RV016 v3 router.
    I have created one Firewall Rule, to allow ALL traffic from the external VOIP PBX provider (single IP) to connect to the internal VOIP phones, which have assigned addresses in a small IP Address range (eg. 10.1.2.50 - 10.1.2.59)
    The Aastra VOIP phones continually loose their  registration wtih the cloud-based PBX. If you make an outgoing call, it will work, but the PBX will lose connection with the phone, 3 or 4 minutes after you hang up,  and will mark it as offline. Incoming calls made within the 3 or 4 minutes will get through, but after that they go right to voicemail on the PBX system.
    We used to have an RV016 v2 router and VOIP traffic worked  OK,  with a similar Firewall Rule.  We replaced the v2 router  because its CPU crashed. 
    I tested the VOIP traffic with a WRT160 router with minimal Firewall Rules, and it works OK, as long as SIP-ALG is turned Off.   We want to use the RV016 because it provides a larger number of ports for our LAN.
    Any suggestions ?
    Kirk

  • Dmvpn - all traffic via tunnel ?

    Q: I have a dmvpn to a spoke connected via dsl.
    presently I have route 0.0.0.0 0.0.0.0 via pppoe (dslam) This allows me to find the home end of the tunnel and bring the tunnel up.
    How do I tell the spoke router to route all traffic via the tunnel?
    I have eigrp up at the spoke and have advertised 20 or so networks, but i need to provide internet access via this tunnel.
    Thanks

    I think in this case you can use "vrf"
    Just allocate all interfaces into VRF except one which is attached to the internet.

  • How can i use an existing vpn connection without using the option "Send all traffic over vpn connection"?

    I have been trying to get my computer (os x.7) to astablish a remote desktop connection to my work computer via a vpn tunnel. In fact I have just discovered that it works fine if i select to "send all traffic over vpn connection" from the options in the advanced setup of the vpn.
    If the option is selected microsofts "Remote desktop connection for mac" works just fine. However without selecting the option it is not taking advantage of the tunnel but tries to connect as if the tunnel would not exist.
    Now the question is how do I get program to use the vpn tunnel without checking the above option?
    Thanks for any hints and pointers.

    Then can her computer be authorized to both accounts?
    Absolutely. You can authorize any given computer to up to five iTunes Store accounts.
    If purchases are made on her account, to a computer authorized to my account, can I put those songs on my iPod?
    If you connect your iPod to her computer, yes. Tracks download only to the computer from which they're purchased, regardless of which iTunes Store account is used for the purchase. Or you could copy the tracks from her computer to yours and then authorize your computer to her iTunes Store account. But that's sort of defeating the original purpose, it would seem to me.
    is it better to buy music through Amazon downloads and/or actually purchasing CDs to avoid the security features iTunes puts on its music?
    That's certainly an option. If it's an entire album I want, I buy CDs. That way I can import them at the quality I want and to whichever of my systems I want. Amazon or one of the other download stores that offer tracks as MP3 are also an option, though for me download stores are best when you just want a couple of tracks off a given CD.

  • ASA 5505 site to site RTP traffic is hitting deny all rule

    Hello,
    Got an ASA5505 connected to another endpoint running IPsec and being NAT'd at each end to a 10.0.0.0/24 network. I can pass other types of traffic through the ASA 5505 but not RTP traffic. The moment it is NAT'd and hits the firewall rules it gets denied by the default deny at the bottom of the list.
    Currently the rules are as follows
    Incoming External
    allow ip any any
    allow tcp any any
    allow udp any any
    default deny
    Incoming Internal
    allow ip any any
    allow tcp any any
    allow udp any any
    default deny
    It wont allow us to setup a voip call...however when the same call manager sets up a voip call NOT using this ipsec tunnel it works just fine.

    Hi Daniel,
    I guess there is support feature issue with the ASA sending VOIP traffic over VPN
    The ASA Phone Proxy does not  support inspection of packets from phones connecting to it over a VPN  tunnel. Therefore, sending phone proxy traffic through a VPN tunnel is  not supported.
    Note The ASA 5500 appliances running version 8.4 can support the Phone Proxy feature when integrated with Unified CM 8.0(x) but do not support Phone Proxy with Unified CM versions 8.5(x) and 8.6(x).
    Please do rate if the given information helps.
    By
    Karthik

  • Just upgraded to lateste verison of Firefox and started using the Tab groups. Like them, but noticed that Save all bookmarks is now gone. How do I save all my bookmark stored inside the tab groups?

    I am using Firefox 6.0 (and still using windows XP ). I have a habit of opening tons of tabs and the new Tab group feature seems perfect for me. But I couldn't find anywhere to save all my tabs as the Save all bookmarks is now gone. How do I save all my bookmarks stored inside the tab groups?
    thanks

    I had to restart firefox because of an update and I saved all my tabs and when I restarted firefox it has lost all of my saved bookmarks...won't be using the new tab groups again..very disappointed

  • Query for getting all function and procedure inside the packages

    hi All
    Please provide me Query for getting all function and procedure inside the packages
    thanks

    As Todd said, you can use user_arguments data dictionary or you can join user_objects and user_procedures like below to get the name of the packaged function and procedure names.
    If you are looking for the packaged procedures and functions source then use user_source data dictionary
    select a.object_name,a.procedure_name from user_procedures a,
                  user_objects b
    where a.object_name is not null
    and a.procedure_name is not null
    and b.object_type='PACKAGE'        
    and a.object_name=b.object_name

  • Find the names of all open forms from inside a PJC

    Hi,
    is it possible to find the names of all open forms from inside a PJC (pluggable java bean)?
    I have tried the window bean but it retrieves currently open windows and reads the title of each window, but what i need is to find the form name not the window title.
    oracle forms version: 10g
    Thank you
    Edited by: user542352 on Jun 26, 2009 1:07 AM

    You don't need to know names of all open forms to close them.
    Try to do someting like this :
    When you need to close all forms, set some global variable flag and call exit_form
    in WHEN-WINDOW-ACTIVATED of each form check your global flag and if set, also exit_form.

  • I want to buy a book I created in iPhoto.  I want to leave blank some spaces in the photo layout, but the app won't let me "buy the book" unless all the layout spaces are filled.

    I want to buy a book I created in iPhoto.  I want to leave blank some spaces in the photo layout, but the app won't let me "buy the book" unless all the layout spaces are filled.

    That is correct - you must have a photo in every photo frame to order
    LN

  • The user has denied all applications access to their media

    OK, so I have had this problem before and solved it unknowingly and now it is reoccurring!
    "error:
    Error Domain=ALAssetsLibraryErrorDomain Code=-3312 "Global denied access" UserInfo=0x169aa0
    {NSLocalizedFailureReason=The user has denied all applications access to their media.,
    NSLocalizedRecoverySuggestion=This setting can be changed in Preferences.,
    NSLocalizedDescription=Global denied access}"
    Please NOTE://I do not get this issue in the simulator - my code for iterating assets works perfectly on the simulator.
    Surely this is an easy fix but be damned if I can find anything under 'Preferences' anywhere that assists.
    Please halp!

    - Location services must be enabled for the application...
    I realise that there is geotagging involved but what a joke!

  • Md5 checksums of all packages from the specified directory

    How to check md5 checksums of all packages from the specified directory with pacman?

    karol wrote:It's 4.30 AM, the sun comes up and I'm going to bed.
    Hmmm, the blue sky and violet-pink clouds remind me of Arch homepage ;P
    Hehe, it's a nice feeling, nevertheless.
    @dkorzhevin: here's a script I've made when I needed this:
    #!/bin/bash
    echo -n "" > pkgNotFound
    echo -n "" > pkgSums
    names=`pacman -Slq`
    for name in $names
    do
    versionLine=`pacman -Si $name | grep "Version : "`
    version=`echo -n $versionLine | sed -e 's/Version : //g'`
    md5Line=`pacman -Si $name | grep "MD5 Sum : "`
    md5=`echo -n $md5Line | sed -e 's/MD5 Sum : //g'`
    pkgPath=`find /var/cache/pacman/pkg/ -name $name"-"$version"*"`
    if [ "$pkgPath" = "" ]
    then
    echo "Error: "$name" package not found in cache." >> pkgNotFound
    else
    echo $md5" "$pkgPath >> pkgSums
    fi
    done
    exit 0
    So your output will be located in the file "pkgSums" and it will look like this, these are the checksums that pacman displays, and the paths of your local packages:
    4ce0d40359bfa1a4a0f47a0e53e65fa5 /var/cache/pacman/pkg/acl-2.2.49-1-x86_64.pkg.tar.xz
    24df396b3146d1a203e0d4f4d6edd67b /var/cache/pacman/pkg/ar9170-fw-1.0-2-any.pkg.tar.gz
    8454e0fc947f9c8ce4ac5c39ed6ef165 /var/cache/pacman/pkg/attr-2.4.44-1-x86_64.pkg.tar.gz
    9ef6b0ce43a4660170df21ead2f8e711 /var/cache/pacman/pkg/autoconf-2.65-2-any.pkg.tar.xz
    505fe675565601f6ca803779601837cf /var/cache/pacman/pkg/automake-1.11.1-1-any.pkg.tar.gz
    To check the checksums against the packages, just run md5 with the newly created file, if you get output then something stinks :
    # md5sum -c --quiet pkgSums
    There's another file "pkgNotFound" for the packages which are found in pacman but not on your disk. So make sure you don't have these two files already, in the current directory, containing important information - they will be overwritten.

  • Open firewall Ports despite DENY- ALL access rule

    Hi,
    See below my firewall rules.
    Despite the deny all, runnning nmap from outside still reveals open ports.
    name 202.1.53.41 fw1.outside.irc.com
    interface GigabitEthernet0/0
     nameif inside
     security-level 0
     ip address fw1.inside.irc.com 255.255.252.0 standby 172.16.86.219
    interface GigabitEthernet0/1
     nameif SSN-DMZ
     security-level 0
     ip address 10.20.2.1 255.255.255.0 standby 10.20.2.2
    interface GigabitEthernet0/2
     nameif Outside
     security-level 0
     ip address fw1.outside.irc.com 255.255.255.248 standby NAT-202.1.53.45
    interface GigabitEthernet0/3
     description Internet Access for Wireless clients on the guest network
     nameif GuestInternet
     security-level 0
     ip address 192.168.154.2 255.255.254.0
    interface Management0/0
     nameif management
     security-level 10
     ip address 10.10.200.14 255.255.255.0 standby 10.10.200.15
    access-list inside_access_in extended permit object-group DM_INLINE_SERVICE_2 any host WWW.IRC.COM-PRIV
    access-list inside_access_in remark Deny POP3, SSH, TELNET to Deny-Host-Group 172.16.86.246/249
    access-list inside_access_in extended deny object-group DENY-HOST-GROUP object-group DENY-HOST-GROUP-1 any
    access-list inside_access_in remark Allow SMTP external access to Mail Servers group
    access-list inside_access_in extended permit tcp object-group MAIL-GW-GROUP any eq smtp
    access-list inside_access_in remark Deny Any other Users from sending mails via smtp
    access-list inside_access_in extended deny tcp any any eq smtp
    access-list inside_access_in extended deny ip object-group Botnet_Blacklist any
    access-list inside_access_in extended deny ip any SPAM_MACHINE 255.255.255.0
    access-list inside_access_in extended deny ip any host SPAMIP
    access-list inside_access_in extended permit ip object-group Socialsites_Allowed object-group Facebook
    access-list inside_access_in extended deny object-group DM_INLINE_SERVICE_8 any object-group Facebook
    access-list inside_access_in remark Rule to block Internal users from accessing youtube
    access-list inside_access_in extended deny object-group DM_INLINE_SERVICE_9 any object-group YoutubeIPs
    access-list inside_access_in remark Suspected Virus Ports
    access-list inside_access_in extended deny tcp any any object-group DM_INLINE_TCP_17
    access-list inside_access_in remark Ports Commonly used by Botnet and Malwares
    access-list inside_access_in extended deny tcp any any object-group IRC
    access-list inside_access_in remark Allow Access to External DNS to ALL
    access-list inside_access_in extended permit object-group DNS-GROUP object-group DNS-SERVERS object-group External_DNS_Servers
    access-list inside_access_in remark Allow Any to Any on Custom TCP/UDP services
    access-list inside_access_in extended permit tcp any any object-group DM_INLINE_TCP_12
    access-list inside_access_in remark Allow Any to Any VPN Protocols group
    access-list inside_access_in extended permit object-group VPN-GROUP any any
    access-list inside_access_in extended permit ip any host pomttdbsvr
    access-list inside_access_in remark Allow Access to DMZ from Inside
    access-list inside_access_in extended permit tcp any any object-group DM_INLINE_TCP_10
    access-list inside_access_in extended permit object-group DM_INLINE_SERVICE_5 any 10.20.2.0 255.255.255.0
    access-list inside_access_in extended permit tcp any any eq pop3
    access-list inside_access_in extended permit object-group Web-Access-Group any any
    access-list inside_access_in remark DNS RATING SERVICE FOR BLUECOAT SG510 PROXY
    access-list inside_access_in extended permit tcp object-group DM_INLINE_NETWORK_11 object-group DM_INLINE_NETWORK_4 eq www inactive
    access-list inside_access_in extended permit tcp any host 202.165.193.134 object-group DM_INLINE_TCP_3
    access-list inside_access_in remark Yahoo Messenger Test
    access-list inside_access_in extended permit tcp any any object-group YahooMessenger
    access-list inside_access_in extended permit ip host AVIRUSMAN 192.168.254.0 255.255.255.0
    access-list inside_access_in extended permit tcp any any object-group smile
    access-list inside_access_in extended permit udp any host smile.telinet.com.pg object-group smile-udp
    access-list inside_access_in remark testing access for mobile phones behind wireless router
    access-list inside_access_in extended permit ip host Wireless-Router any inactive
    access-list inside_access_in extended permit tcp any any object-group FTP-Service-Group inactive
    access-list inside_access_in extended permit ip host mailgate.irc.com any
    access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 object-group DM_INLINE_NETWORK_2 any object-group NTP
    access-list inside_access_in extended permit tcp any any object-group web-email-services
    access-list inside_access_in remark Murray PC
    access-list inside_access_in extended permit ip host 10.100.20.36 any
    access-list inside_access_in extended permit tcp any any object-group Itec-Citrix
    access-list inside_access_in extended permit ip host EP200 any
    access-list inside_access_in extended permit tcp any any object-group TCP-SMTP
    access-list inside_access_in extended permit tcp any host 202.165.193.134 eq 3391
    access-list inside_access_in extended permit ip object-group IT-Servers any
    access-list inside_access_in extended permit tcp any any object-group DM_INLINE_TCP_1
    access-list inside_access_in extended permit ip object-group DM_INLINE_NETWORK_14 any inactive
    access-list inside_access_in extended permit ip host 10.100.20.23 any
    access-list inside_access_in extended permit tcp host NOC-NMS-CDMA host 202.165.193.134 object-group DM_INLINE_TCP_4
    access-list inside_access_in extended permit tcp object-group DM_INLINE_NETWORK_12 object-group Bluecoat-DNS-Rating eq www
    access-list inside_access_in extended permit ip object-group DM_INLINE_NETWORK_13 any
    access-list inside_access_in extended permit udp host solarwinds-server any eq snmp
    access-list inside_access_in extended permit tcp host kaikai any object-group test-u inactive
    access-list inside_access_in extended permit tcp any host fw1.outside.irc.com object-group TCP-88
    access-list inside_access_in extended permit udp host solarwinds-server any object-group DM_INLINE_UDP_1
    access-list inside_access_in extended permit ip host IN-WEB-APP-SERVER any
    access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 host KMS-Server any object-group KMS
    access-list inside_access_in extended permit tcp any any object-group TeamVIewer-TCP
    access-list inside_access_in extended permit icmp any any traceroute
    access-list inside_access_in extended permit ip host KMS-Server any
    access-list inside_access_in extended deny ip any host 87.255.51.229
    access-list inside_access_in extended deny ip any host 82.165.47.44
    access-list inside_access_in extended permit ip host InterConnect-BillingBox any
    access-list inside_access_in extended permit icmp any host fw1.outside.irc.com
    access-list inside_access_in extended permit icmp any any
    access-list inside_access_in remark For ACCESS MPLS team
    access-list inside_access_in extended permit tcp any host 202.165.193.134 object-group RDP-MPLS-Huawei
    access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 host mailgate.irc.com any eq domain
    access-list inside_access_in extended permit tcp any host 66.147.244.58 object-group SMTP-26
    access-list inside_access_in extended deny object-group DM_INLINE_PROTOCOL_1 any any object-group Airfiji-SW
    access-list inside_access_in extended permit tcp host chief.bula.irc.com any
    access-list inside_access_in extended permit ip host Avabill86.181 any
    access-list inside_access_in extended permit ip any object-group AVG
    access-list inside_access_in extended permit ip host solarwinds-server any
    access-list inside_access_in extended permit tcp host 172.16.87.219 any object-group TCP-4948
    access-list inside_access_in extended permit object-group DM_INLINE_SERVICE_10 any host Avabill_Consultant_IP_Sri-Lanka
    access-list inside_access_in extended permit tcp any host 69.164.201.123 eq smtp inactive
    access-list inside_access_in extended permit tcp any any object-group GMAIL inactive
    access-list inside_access_in extended permit tcp any any object-group NOC1
    access-list inside_access_in extended permit ip host solarwinds-server 10.10.200.0 255.255.255.0
    access-list inside_access_in extended permit tcp any host smile.telinet.com.fj object-group tcp-20080-30080
    access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 any any object-group SIP-5060-5062
    access-list inside_access_in extended permit ip host LYNC-2013-SERVER any
    access-list inside_access_in extended permit object-group DM_INLINE_SERVICE_7 object-group Lync_Servers any
    access-list inside_access_in extended permit object-group VPN-GROUP host 10.100.20.94 any inactive
    access-list inside_access_in remark Pocket Solutions -TEMP
    access-list inside_access_in extended permit ip host 10.100.20.121 any
    access-list inside_access_in extended permit tcp host John_sibunakau any object-group JohnTESTPort inactive
    access-list inside_access_in extended permit ip host CiscoRadiusTestPC any
    access-list inside_access_in extended permit ip any host HungaryServer inactive
    access-list Outside_access_in extended permit tcp any host fw1.outside.irc.com eq ssh
    access-list Outside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 any host fw1.outside.irc.com object-group itec-support-tcp-udp
    access-list Outside_access_in remark Allow All to NAT Address on SSL/SSH/SFTP(2222)
    access-list Outside_access_in extended permit tcp any host NAT-202.1.53.43 object-group DM_INLINE_TCP_9
    access-list Outside_access_in remark Allow All to Outside On Fujitsu and 777-7778 ports
    access-list Outside_access_in extended permit tcp any host fw1.outside.irc.com object-group DM_INLINE_TCP_8
    access-list Outside_access_in remark Allow all to Outside on Custom ports
    access-list Outside_access_in extended permit tcp any host fw1.outside.irc.com object-group DM_INLINE_TCP_7
    access-list Outside_access_in remark Allow Inbound HTTP to WWW.IRC.COM
    access-list Outside_access_in extended permit tcp any host fw1.outside.irc.com eq www
    access-list Outside_access_in extended permit icmp any host fw1.outside.irc.com
    access-list Outside_access_in extended permit object-group TCPUDP any host fw1.outside.irc.com object-group BrouardsGroup
    access-list Outside_access_in remark Allow ALL to RealVNC ports
    access-list Outside_access_in extended permit tcp any host fw1.outside.irc.com object-group RealVNC-TCP5900
    access-list Outside_access_in remark Allow ALL access to 202.1.53.43 on RealVNC ports
    access-list Outside_access_in extended permit tcp any host NAT-202.1.53.43 object-group RealVNC-TCP5900
    access-list Outside_access_in remark Allow DNS queries from Internet to DNS server
    access-list Outside_access_in extended permit object-group TCPUDP object-group ITEC-Group-Inbound host fw1.outside.irc.com object-group itec-sftp
    access-list Outside_access_in extended permit tcp any host NAT-202.1.53.43 object-group DM_INLINE_TCP_14
    access-list Outside_access_in extended permit object-group DM_INLINE_SERVICE_1 host SkyTel host fw1.outside.irc.com
    access-list Outside_access_in remark Telinet/Inomial temp access to test machine M.Orshansky
    access-list Outside_access_in extended permit tcp host 203.92.29.151 host fw1.outside.irc.com eq 3390
    access-list Outside_access_in extended permit tcp any host NAT-202.58.130.43 object-group RDP
    access-list Outside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 object-group ITEC-Group-Inbound host fw1.outside.telikompng.com.pg object-group INTEC-Service
    access-list Outside_access_in extended permit tcp host 220.233.157.98 host fw1.outside.irc.com eq ssh inactive
    access-list Outside_access_in extended permit ip any host fw1.outside.telikompng.com.pg
    access-list Outside_access_in extended permit tcp any host fw1.outside.telikompng.com.pg object-group CRM
    access-list Outside_access_in extended permit tcp any host fw1.outside.telikompng.com.pg object-group HTTP-8010-CRM
    access-list Outside_access_in extended permit tcp any host fw1.outside.telikompng.com.pg object-group HTTP-8005-CRM
    access-list Outside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 any any object-group NTP
    access-list Outside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 any host fw1.outside.irc.com object-group DNS
    access-list Outside_access_in remark Ultra VNC connection to 172.16.84.34@nadi Exchange
    access-list Outside_access_in extended permit tcp any host fw1.outside.irc.com object-group UVNC
    access-list Outside_access_in extended permit tcp any host fw1.outside.irc.com object-group UVNC-HTTP
    access-list Outside_access_in extended permit tcp any host fw1.outside.irc.com object-group POP3-SSL
    access-list Outside_access_in extended permit object-group EMAIL-SMARTPHONES any host fw1.outside.irc.com
    access-list Outside_access_in extended permit tcp any host fw1.outside.telikompng.com.pg object-group exchange-RPC
    access-list Outside_access_in extended permit tcp any host NAT-202.1.53.43 object-group exchange-RPC
    access-list Outside_access_in extended permit icmp any host NAT-202.1.53.43
    access-list Outside_access_in remark Access to Solarwinds Management box
    access-list Outside_access_in extended permit tcp any host NAT-202.1.53.43 object-group Solarwinds
    access-list SSN-DMZ_access_in remark Permit DNS Quiries out of DMZ
    access-list SSN-DMZ_access_in extended permit object-group TCPUDP any any eq domain
    access-list SSN-DMZ_access_in remark Allow SQL ports out of DMZ to Host 172.16.86.70
    access-list SSN-DMZ_access_in extended permit tcp any host HOST-172.16.86.70 object-group SQL-Group
    access-list SSN-DMZ_access_in remark Allow Custom protocols out of DMZ to host 172.16.86.27
    access-list SSN-DMZ_access_in extended permit tcp any host HOST-172.16.86.27 object-group DM_INLINE_TCP_2
    access-list SSN-DMZ_access_in extended permit tcp host suva-vdc-int2.suva.irc.com host WWW.IRC.COM=PRIV eq 3389
    access-list SSN-DMZ_access_in extended permit object-group Web-Access-Group host WWW.IRC.COM-PRIV any
    access-list SSN-DMZ_access_in extended permit tcp any host WWW.IRC.COM.-PRIV object-group DMZ-WebAccess
    access-list SSN-DMZ_access_in extended permit ip host pomlynedsvr01_access any
    access-list SSN-DMZ_access_in extended permit ip host pomlynedsvr01_webcon any
    access-list SSN-DMZ_access_in extended permit ip host pomlynedsvr01_AV any
    access-list inside_nat0_outbound extended permit ip any 192.168.254.0 255.255.255.0
    access-list inside_nat0_outbound extended permit ip object-group DM_INLINE_NETWORK_6 host 10.10.200.1
    access-list inside_nat0_outbound extended permit ip any host WWW.IRC.COM-PRIV
    access-list inside_nat0_outbound extended permit ip host ns.irc.com any
    access-list inside_nat0_outbound extended permit ip any 10.200.200.0 255.255.255.0
    access-list Outside_nat0_outbound extended permit ip 192.168.254.0 255.255.255.0 any
    access-list Outside_nat0_outbound extended permit ip mcr_Management 255.255.255.0 any
    access-list alcatel-my remark Allow Alcatel-my access to TIRC(1)
    access-list alcatel-my standard permit 172.16.24.0 255.255.252.0
    access-list alcatel-my remark Allow Alcatel-my access to TIRC(2)
    access-list alcatel-my standard permit 172.16.84.0 255.255.252.0
    access-list 131 extended permit ip host MICHAEL any
    access-list management_access_in extended permit ip 10.10.200.0 255.255.255.0 mcr_Management 255.255.255.0
    access-list management_access_in extended permit ip host 10.10.200.1 object-group DM_INLINE_NETWORK_5
    access-list management_access_in extended permit object-group Web-Access-Group host 10.10.200.1 any
    access-list management_access_in extended permit ip host 10.10.200.1 host 172.16.87.47
    access-list management_access_in extended permit ip host 10.10.200.1 host IN-WSC
    access-list management_access_in extended permit ip host 10.10.200.1 object-group DM_INLINE_NETWORK_8
    access-list management_access_in extended permit tcp host 10.10.200.1 object-group DM_INLINE_NETWORK_3 eq 3389
    access-list management_access_in remark To BlueCaot Appliances
    access-list management_access_in extended permit ip host 10.10.200.1 object-group DM_INLINE_NETWORK_1
    access-list management_access_in extended permit ip host 10.10.200.1 object-group DM_INLINE_NETWORK_7
    access-list management_access_in extended permit tcp 10.10.200.0 255.255.255.0 object-group Management_Hosts object-group RDP
    access-list management_access_in extended permit icmp host 10.10.200.1 any traceroute
    access-list management_access_in extended permit ip host 10.10.200.1 host NOC-NMS-CDMA
    access-list management_access_in extended permit object-group DM_INLINE_SERVICE_3 host 10.10.200.1 any
    access-list management_access_in extended permit tcp host 10.10.200.1 any eq ftp
    access-list management_access_in extended permit tcp host bula host 10.10.200.1 object-group RDP inactive
    access-list management_access_in extended permit tcp host 10.100.20.23 host 10.10.200.1 object-group RDP
    access-list management_access_in extended permit ip host 10.10.200.1 any
    access-list management_access_in extended permit ip host solarwinds-server 10.10.200.0 255.255.255.0
    access-list management_access_in extended permit ip 10.10.200.0 255.255.255.0 host solarwinds-server
    access-list management_access_in extended permit ip any any
    access-list management_access_in extended permit ip host 10.10.200.1 host bula inactive
    access-list management_access_in extended permit ip any host solarwinds-server
    access-list management_access_in extended permit ip host solarwinds-server any
    access-list management_access_in extended permit ip object-group PacketFence-Servers 10.10.200.0 255.255.255.0
    access-list management_access_in extended permit ip 10.10.200.0 255.255.255.0 object-group PacketFence-Servers
    access-list management_access_in extended permit ip object-group 3750-Switches host solarwinds-server
    access-list management_access_in extended permit ip 10.10.200.0 255.255.255.0 host 10.10.200.1
    access-list management_access_in extended permit ip host 10.10.200.1 10.10.200.0 255.255.255.0
    access-list Outside_access_in_1 extended permit ip any any
    access-list management_access_in_1 extended permit ip mcr_Management 255.255.255.0 any
    access-list inside-networks remark internal tpng corporate subnetwork
    access-list inside-networks standard permit 172.16.84.0 255.255.252.0
    access-list inside-networks remark dms10
    access-list inside-networks standard permit host 10.10.0.0
    access-list 84-subnet remark 84 subnet
    access-list 84-subnet standard permit 172.16.84.0 255.255.252.0
    access-list 84-subnet remark 4 subnet
    access-list 84-subnet standard permit inside-network-extra-subnet 255.255.252.0
    access-list split-tunnel remark 84 subnet
    access-list split-tunnel standard permit 172.16.84.0 255.255.252.0
    access-list split-tunnel remark 4 subnet
    access-list split-tunnel standard permit inside-network-extra-subnet 255.255.252.0
    access-list split-tunnel remark Access to internal POP3 server
    access-list split-tunnel standard permit host neptune.waigani.telikompng.com.pg
    access-list split-tunnel remark Access to internal SMTP server
    access-list split-tunnel standard permit host minerva.suva.irc.com
    access-list split-tunnel remark Allow access to the 24 subnet
    access-list split-tunnel standard permit 172.16.24.0 255.255.252.0
    access-list split-tunnel standard permit Cisco-VLans 255.255.0.0
    access-list inside_authentication extended permit tcp any object-group DM_INLINE_TCP_11 any object-group DM_INLINE_TCP_13 time-range WorkingHours inactive
    access-list itsupport standard permit NOC 255.255.252.0
    access-list itsupport standard permit 172.16.96.0 255.255.252.0
    access-list itsupport standard permit 10.20.2.0 255.255.255.0
    access-list itsupport standard permit 10.10.200.0 255.255.255.0
    access-list itsupport standard permit 172.16.84.0 255.255.252.0
    access-list itsupport standard permit inside-network-extra-subnet 255.255.252.0
    access-list itsupport standard permit 10.2.1.0 255.255.255.0
    access-list itsupport standard permit 172.16.88.0 255.255.252.0
    access-list itsupport standard permit Cisco-VLans 255.255.0.0
    access-list itsupport remark Access to IT-LAN-UPGRADE Network
    access-list itsupport standard permit IT-NETWORK-NEW 255.255.0.0
    access-list itsupport remark KWU Exchange subnet
    access-list itsupport standard permit 172.16.188.0 255.255.252.0
    access-list itsupport standard permit ATM-Network 255.255.0.0
    access-list global_mpc extended permit ip any any
    access-list management_nat0_outbound extended permit ip any inside-network-extra-subnet 255.255.252.0 inactive
    access-list management_nat0_outbound extended permit ip mcr_Management 255.255.255.0 any
    access-list management_nat0_outbound extended permit ip any object-group DM_INLINE_NETWORK_9
    access-list management_nat0_outbound extended permit ip host 10.10.200.1 object-group Management_Hosts
    access-list management_nat0_outbound extended permit ip any 172.16.84.0 255.255.252.0
    access-list management_nat0_outbound extended permit ip any MCR_POM 255.255.255.0
    access-list management_nat0_outbound extended permit ip host 10.10.200.1 object-group DM_INLINE_NETWORK_10
    access-list management_nat0_outbound extended permit ip any Cisco-VLans 255.255.0.0
    access-list management_nat0_outbound extended permit ip 10.10.200.0 255.255.255.0 host solarwinds-server
    access-list management_nat0_outbound extended permit ip 10.10.200.0 255.255.255.0 object-group DM_INLINE_NETWORK_15
    access-list Capture extended permit ip any host 192.118.82.140
    access-list Capture extended permit ip host 192.118.82.140 any
    access-list Capture extended permit ip host 192.118.82.160 any
    access-list Capture extended permit ip any host 192.118.82.160
    a
    access-list inside-network-access-only remark Allow Maggie Talig access to the 84 subnet only
    access-list inside-network-access-only standard permit 172.16.84.0 255.255.252.0
    access-list inside-network-access-only remark Allow Maggie Talig access to the 4 subnet only
    access-list inside-network-access-only standard permit inside-network-extra-subnet 255.255.252.0
    access-list SSN-DMZ_nat0_outbound extended permit ip host WWW.IRC.COM-PRIV object-group Internal-Networks
    access-list inside_nat0_outbound_1 extended permit ip host AVIRUSMAN 192.168.254.0 255.255.255.0
    access-list NETFLOW extended permit tcp any any
    access-list NETFLOW extended permit object-group DNS-GROUP any host fw1.outside.irc.com
    access-list NETFLOW extended permit object-group DM_INLINE_SERVICE_6 any host fw1.outside.irc.com
    access-list NETFLOW extended permit udp any host fw1.outside.irc.com
    access-list NETFLOW extended permit tcp any host fw1.outside.irc.com eq smtp
    access-list NETFLOW extended permit tcp any host fw1.outside.irc.com object-group DM_INLINE_TCP_5
    access-list NETFLOW extended permit tcp any host fw1.outside.irc.com object-group TCP-8080
    access-list NETFLOW extended permit object-group DM_INLINE_SERVICE_4 any host NAT-202.58.130.43
    access-list NETFLOW remark Reverse Proxy Inbound Rules from Internet- Lync 2013 Project - Lync Simple URLs
    access-list NETFLOW extended permit tcp any host 202.58.130.69 object-group DM_INLINE_TCP_6
    access-list NETFLOW remark Lync Edge Access Inbound Rule - Restricting Inbound
    access-list NETFLOW extended permit object-group pomlynedsvr01_access_Outside_to_DMZ any host 202.58.130.66
    access-list NETFLOW remark Lync Edge Outside to Inside for AV Interface
    access-list NETFLOW extended permit object-group pomlynedsvr01_webcon_outside_to_DMZ any host 202.58.130.67
    access-list NETFLOW extended permit object-group pomlynedsvr01_AV_Outside_to_DMZ any host 202.58.130.68
    access-list NETFLOW extended permit object-group DM_INLINE_SERVICE_11 any host NAT-fijiircdata
    access-list NETFLOW extended deny ip host SPAMIP any
    access-list NETFLOW extended deny ip SPAM_MACHINE 255.255.255.0 any
    access-list NETFLOW extended deny ip host 220.233.157.99 any log debugging
    access-list Huawei-Access-Networks remark HUawei-Network-Elements
    access-list Huawei-Access-Networks standard permit 192.168.200.0 255.255.255.0
    access-list Huawei-Access-Networks remark Access to Ela Beach MPLS network
    access-list Huawei-Access-Networks standard permit 10.100.70.0 255.255.255.0
    access-list Huawei-Access-Networks remark Huawei Network elements
    access-list Huawei-Access-Networks standard permit 192.168.210.0 255.255.255.0
    access-list Huawei-Access-Networks remark Huawei network elements
    access-list Huawei-Access-Networks standard permit 192.168.213.0 255.255.255.0
    access-list management_nat0_outbound_1 extended permit ip host solarwinds-server 10.10.200.0 255.255.255.0
    access-list Alcatel-NMS-ACL remark Access allowed to Alcatel NMS devices in NOC
    access-list Alcatel-NMS-ACL standard permit 10.2.1.0 255.255.255.0
    access-list Business-Systems-Access remark Mail Server 1
    access-list Business-Systems-Access standard permit host neptune.waigani.telikompng.com.pg
    access-list Business-Systems-Access remark Mail Server 2
    access-list Business-Systems-Access standard permit host minerva.waigani.telikompng.com.pg
    access-list Business-Systems-Access remark SAP PROD
    access-list Business-Systems-Access standard permit host SAP-SAPPROD
    access-list Business-Systems-Access remark Avabill Application Server
    access-list Business-Systems-Access standard permit host Avabill86.177
    access-list Business-Systems-Access remark Backup Avabill Application Server
    access-list Business-Systems-Access standard permit host Avabill84.170
    access-list Business-Systems-Access remark HRSelfcare
    access-list Business-Systems-Access standard permit host HOST-172.16.86.248
    access-list Business-Systems-Access remark Intranet Server
    access-list Business-Systems-Access standard permit host 172.16.85.32
    access-list IT-Systems-Support remark Access to inside network
    access-list IT-Systems-Support standard permit 172.16.84.0 255.255.252.0
    access-list IT-Systems-Support remark Access to IN netwwork
    access-list IT-Systems-Support standard permit 172.16.88.0 255.255.252.0
    access-list IT-Systems-Support standard permit Cisco-VLans 255.255.0.0
    access-list Systems-XS remark Access to 84 subnet
    access-list Systems-XS standard permit 172.16.84.0 255.255.252.0
    access-list Systems-XS remark Access to .4 subnet
    access-list Systems-XS standard permit inside-network-extra-subnet 255.255.252.0
    access-list Systems-XS remark Access to 10.100.x.x/24
    access-list Systems-XS standard permit Cisco-VLans 255.255.0.0
    access-list Huawei-NOC standard permit 172.16.84.0 255.255.252.0
    access-list Huawei-NOC standard permit Cisco-VLans 255.255.0.0
    access-list Huawei-NOC standard permit HASUT 255.255.255.0
    access-list Huawei-NOC standard permit IT-NETWORK-NEW 255.255.0.0
    access-list efdata remark Allow efdata access to above device as per request by chris mkao
    access-list efdata standard permit 172.16.92.0 255.255.252.0
    access-list test standard permit 172.16.92.0 255.255.252.0
    access-list Ghu_ES_LAN remark Allow efdata access to fij ES LAN
    access-list Ghu_ES_LAN extended permit ip any 172.16.92.0 255.255.252.0
    access-list GuestInternet_access_in extended permit ip any any
    global (inside) 1 interface
    global (SSN-DMZ) 1 interface
    global (Outside) 1 interface
    global (management) 1 interface
    nat (inside) 0 access-list inside_nat0_outbound
    nat (inside) 0 access-list inside_nat0_outbound_1 outside
    nat (inside) 1 0.0.0.0 0.0.0.0
    nat (SSN-DMZ) 0 access-list SSN-DMZ_nat0_outbound
    nat (SSN-DMZ) 1 WWW.IRC.COM-PRIV 255.255.255.255
    nat (Outside) 0 access-list Outside_nat0_outbound
    nat (GuestInternet) 1 0.0.0.0 0.0.0.0
    nat (management) 0 access-list management_nat0_outbound
    nat (management) 0 access-list management_nat0_outbound_1 outside
    nat (management) 1 10.10.200.1 255.255.255.255
    static (inside,Outside) tcp interface 10103 mailgate.irc.com 10103 netmask 255.255.255.255
    static (SSN-DMZ,Outside) tcp interface www WWW.IRC.COM-PRIV www netmask 255.255.255.255
    static (inside,Outside) tcp interface smtp mailgate.irc.com smtp netmask 255.255.255.255
    static (inside,Outside) tcp interface telnet HOST-172.16.84.144 telnet netmask 255.255.255.255
    static (inside,Outside) tcp interface pcanywhere-data HOST-192.168.1.14 pcanywhere-data netmask 255.255.255.255
    static (inside,Outside) udp interface pcanywhere-status HOST-192.168.1.14 pcanywhere-status netmask 255.255.255.255
    static (inside,Outside) tcp interface ssh InterConnect-BillingBox ssh netmask 255.255.255.255
    static (inside,Outside) udp interface ntp confusious.suva.irc.com ntp netmask 255.255.255.255
    static (inside,Outside) tcp interface 10002 HOST-172.16.200.121 10002 netmask 255.255.255.255
    static (inside,Outside) tcp interface 10003 HOST-172.16.200.122 10003 netmask 255.255.255.255
    static (inside,Outside) tcp interface 10004 HOST-172.16.41.26 10004 netmask 255.255.255.255
    static (inside,Outside) tcp interface 10005 HOST-172.16.41.27 10005 netmask 255.255.255.255
    static (inside,Outside) tcp interface https Avabill86.181 https netmask 255.255.255.255
    static (inside,Outside) tcp interface 7778 Avabill86.181 7778 netmask 255.255.255.255
    static (inside,Outside) tcp interface 8080 Avabill86.181 8080 netmask 255.255.255.255
    static (inside,Outside) tcp interface 7777 Avabill86.181 7777 netmask 255.255.255.255
    static (inside,Outside) tcp NAT-202.58.130.45 https Avabill86.177 https netmask 255.255.255.255
    static (inside,Outside) tcp NAT-202.58.130.43 2222 daywalker.suva.irc.com 2222 netmask 255.255.255.255
    static (inside,Outside) tcp NAT-202.58.130.43 ftp waigani-pdc-int2.suva.irc.com ftp netmask 255.255.255.255
    static (inside,Outside) tcp NAT-202.58.130.43 www neptune.suva.irc.com www netmask 255.255.255.255
    static (inside,Outside) tcp interface 5900 Primary1352CM 5900 netmask 255.255.255.255
    static (inside,Outside) tcp NAT-202.58.130.43 5900 Backup1352CM 5900 netmask 255.255.255.255
    static (inside,Outside) tcp NAT-202.58.130.43 https neptune.suva.irc.com https netmask 255.255.255.255
    static (inside,Outside) tcp interface 24 HOST-172.16.86.87 24 netmask 255.255.255.255
    static (inside,Outside) udp interface domain ns.irc.com domain netmask 255.255.255.255
    static (inside,Outside) tcp interface pop3 neptune.suva.irc.com pop3 netmask 255.255.255.255
    static (inside,Outside) tcp interface 7780 Apache-WebServer 7780 netmask 255.255.255.255
    static (inside,Outside) tcp interface 8000 CRM-SERVER2 8000 netmask 255.255.255.255
    static (inside,Outside) tcp interface 8010 CRM-SERVER4 8010 netmask 255.255.255.255
    static (inside,Outside) tcp interface 8005 CRM-SERVER3 8005 netmask 255.255.255.255
    static (inside,Outside) tcp interface 123 confusious.suva.irc.com 123 netmask 255.255.255.255
    static (inside,Outside) tcp interface imap4 neptune.suva.irc.com imap4 netmask 255.255.255.255
    static (inside,Outside) tcp interface domain ns.irc.com domain netmask 255.255.255.255
    static (inside,Outside) tcp interface ftp telitgate.irc.com ftp netmask 255.255.255.255
    static (inside,Outside) tcp interface 5901 uvnc-server 5901 netmask 255.255.255.255
    static (inside,Outside) tcp interface 5801 uvnc-server 5801 netmask 255.255.255.255
    static (inside,Outside) tcp interface 5902 172.16.84.200 5902 netmask 255.255.255.255
    static (inside,Outside) tcp interface 5802 172.16.84.200 5802 netmask 255.255.255.255
    static (inside,Outside) tcp interface 995 neptune.suva.irc.com 995 netmask 255.255.255.255
    static (inside,Outside) tcp interface 993 neptune.suva.irc.com 993 netmask 255.255.255.255
    static (inside,Outside) tcp NAT-202.58.130.43 6001 neptune.suva.irc.com 6001 netmask 255.255.255.255
    static (inside,Outside) tcp NAT-202.58.130.43 6002 neptune.suva.irc.com 6002 netmask 255.255.255.255
    static (inside,Outside) tcp NAT-202.58.130.43 6004 neptune.suva.irc.com 6004 netmask 255.255.255.255
    static (inside,Outside) tcp interface 6001 minerva.suva.irc.com 6001 netmask 255.255.255.255
    static (inside,Outside) tcp interface 6002 minerva.suva.irc.com 6002 netmask 255.255.255.255
    static (inside,Outside) tcp interface 6004 minerva.suva.irc.com 6004 netmask 255.255.255.255
    static (inside,Outside) tcp NAT-202.58.130.43 8720 solarwinds-server 8720 netmask 255.255.255.255
    static (inside,Outside) tcp NAT-202.58.130.43 9000 solarwinds-server 9000 netmask 255.255.255.255
    static (inside,Outside) tcp interface 2055 solarwinds-server 2055 netmask 255.255.255.255
    static (inside,Outside) tcp interface 88 A-10.100.20.250 88 netmask 255.255.255.255
    static (inside,Outside) tcp interface 10000 ns.irc.com 10000 netmask 255.255.255.255
    static (inside,Outside) udp Ext-R2-Outside-Interface 2055 solarwinds-server 2055 netmask 255.255.255.255
    static (inside,Outside) udp Ext-R2-Outside-Interface snmp solarwinds-server snmp netmask 255.255.255.255
    static (inside,Outside) tcp NAT-202.58.130.43 135 neptune.suva.irc.com 135 netmask 255.255.255.255
    static (inside,Outside) tcp NAT-202.58.130.43 3389 BT-DesktopPC 3389 netmask 255.255.255.255
    static (inside,Outside) tcp NAT-202.58.130.65 www IN-WSC www netmask 255.255.255.255
    static (inside,Outside) tcp NAT-202.58.130.65 https IN-WSC https netmask 255.255.255.255
    static (inside,Outside) tcp NAT-202.58.130.43 ssh Avabill86.176 ssh netmask 255.255.255.255
    static (Outside,inside) tcp 10.100.20.36 5432 smile.telinet.com.pg 5432 netmask 255.255.255.255
    static (inside,Outside) tcp interface 222 chief.suva.irc.com ssh netmask 255.255.255.255
    static (inside,Outside) tcp interface 5061 LYNC-2013-SERVER 5061 netmask 255.255.255.255
    static (inside,Outside) tcp interface 5432 10.100.20.36 5432 netmask 255.255.255.255
    static (inside,Outside) tcp NAT-202.58.130.43 182 dadbsvr www netmask 255.255.255.255
    static (SSN-DMZ,Outside) 202.58.130.69 pomlynrprx01 netmask 255.255.255.255
    static (SSN-DMZ,Outside) 202.58.130.66 pomlynedsvr01_access netmask 255.255.255.255
    static (SSN-DMZ,Outside) 202.58.130.67 pomlynedsvr01_webcon netmask 255.255.255.255
    static (SSN-DMZ,Outside) 202.58.130.68 pomlynedsvr01_AV netmask 255.255.255.255
    access-group inside_access_in in interface inside
    access-group SSN-DMZ_access_in in interface SSN-DMZ
    access-group Outside_access_in_1 in interface Outside control-plane
    access-group NETFLOW in interface Outside
    access-group GuestInternet_access_in in interface GuestInternet
    access-group management_access_in_1 in interface management control-plane
    access-group management_access_in in interface management
    route Outside 0.0.0.0 0.0.0.0 Ext-R1-Inside-Interface 1
    route inside 10.2.1.0 255.255.255.0 TFIJI-CORE-INT-ROUTER 1
    route inside 10.8.0.0 255.255.255.0 VPNGATE 1
    route inside 10.9.254.0 255.255.255.0 TFIJI-CORE-INT-ROUTER 1
    route inside 10.10.1.0 255.255.255.0 TFIJI-CORE-INT-ROUTER 1
    route inside 10.10.2.0 255.255.255.0 TFIJI-CORE-INT-ROUTER 1
    route inside 10.10.3.0 255.255.255.0 TFIJI-CORE-INT-ROUTER 1
    route inside 10.10.4.0 255.255.255.0 TFIJI-CORE-INT-ROUTER 1
    route inside 10.10.5.0 255.255.255.0 TFIJI-CORE-INT-ROUTER 1
    route inside 10.10.10.0 255.255.255.0 TFIJI-CORE-INT-ROUTER 1
    route inside 10.15.100.0 255.255.255.0 fw1.outside.irc.com 1
    route inside Cisco-VLans 255.255.0.0 Cisco7200 1
    route inside VLan20-2F 255.255.255.0 Cisco7200 1
    route inside 10.100.67.0 255.255.255.0 IPVPN-Router 1
    route inside 10.100.74.0 255.255.255.0 172.16.86.0 1
    route inside 10.100.75.0 255.255.255.0 172.16.86.0 1
    route inside 10.100.76.0 255.255.255.0 172.16.86.0 1
    route inside LAE 255.255.255.0 172.16.86.0 1
    route inside 10.100.91.0 255.255.255.0 172.16.86.0 1
    route inside 10.100.110.0 255.255.255.0 172.16.86.0 1
    route inside 10.100.111.0 255.255.255.0 172.16.86.0 1
    route inside 10.100.114.0 255.255.255.0 172.16.86.0 1
    route inside 10.200.200.0 255.255.255.0 Cisco7200 1
    route inside A-10.250.0.0 255.255.0.0 Cisco7200 1
    route inside 10.254.2.0 255.255.255.252 IPVPN-Router 1
    route inside 11.11.3.0 255.255.255.0 172.16.86.0 1
    route inside 11.11.4.0 255.255.255.0 172.16.86.0 1
    route inside 11.11.8.0 255.255.255.0 172.16.86.0 1
    route inside 11.11.9.0 255.255.255.0 172.16.86.0 1
    route inside 20.200.200.0 255.255.255.0 172.16.86.17 1
    route inside inside-network-extra-subnet 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.8.0 255.255.252.0 Cisco7200 1
    route inside 172.16.12.0 255.255.252.0 172.16.86.197 1
    route inside 172.16.24.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside NOC 255.255.252.0 172.16.87.187 1
    route inside 172.16.48.0 255.255.252.0 172.16.84.41 1
    route inside 172.16.52.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.56.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.60.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.64.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.68.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.72.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.76.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.80.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.84.185 255.255.255.255 172.16.86.217 1
    route inside CRM-SERVER1 255.255.255.255 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.88.0 255.255.252.0 Cisco7200 1
    route inside 172.16.92.0 255.255.252.0 Cisco7200 1
    route inside 172.16.96.0 255.255.252.0 172.16.87.172 1
    route inside 172.16.104.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.108.0 255.255.252.0 IPVPN-Router 1
    route inside 172.16.112.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.120.0 255.255.252.0 TFIJIG-CORE-INT-ROUTER 1
    route inside 172.16.124.0 255.255.252.0 IPVPN-Router 1
    route inside 172.16.128.0 255.255.252.0 172.16.86.185 1
    route inside 172.16.132.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.136.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.140.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.144.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.148.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.152.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.156.0 255.255.252.0 IPVPN-Router 1
    route inside 172.16.160.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.164.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.168.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.172.0 255.255.252.0 172.16.87.172 1
    route inside 172.16.180.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.184.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.188.0 255.255.252.0 172.16.86.85 1
    route inside 172.16.188.0 255.255.252.0 Cisco7200 1
    route inside 172.16.192.0 255.255.252.0 172.16.86.194 1
    route inside 172.16.200.0 255.255.252.0 172.16.87.11 1
    route inside 172.16.204.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.208.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.212.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.220.0 255.255.252.0 IPVPN-Router 1
    route inside 172.16.224.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.236.0 255.255.252.0 172.16.87.254 1
    route inside 172.16.240.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.248.0 255.255.252.0 IPVPN-Router 1
    route inside 172.17.84.0 255.255.255.224 IPVPN-Router 1
    route inside 172.18.252.0 255.255.252.0 172.16.84.15 1
    route inside 172.20.0.0 255.255.252.0 172.16.87.11 1
    route management 172.20.1.32 255.255.255.240 10.10.200.18 1
    route inside 192.167.5.0 255.255.255.0 172.16.86.42 1
    route inside 192.168.1.0 255.255.255.0 TFIJI-CORE-INT-ROUTER 1
    route inside 192.168.1.0 255.255.255.0 HOST-172.16.84.144 1
    route inside 192.168.1.96 255.255.255.224 TFIJI-CORE-INT-ROUTER 1
    route inside 192.168.1.128 255.255.255.224 TFIJI-CORE-INT-ROUTER 1
    route inside 192.168.2.0 255.255.255.0 172.16.87.192 1
    route inside 192.168.5.0 255.255.255.0 HOST-172.16.84.144 1
    route inside 192.168.11.0 255.255.255.0 TFIJI-CORE-INT-ROUTER 1
    route inside 192.168.150.0 255.255.255.0 IPVPN-Router 1
    route inside 192.168.200.0 255.255.255.0 TFIJI-CORE-INT-ROUTER 1
    route inside 192.168.201.0 255.255.255.0 TFIJI-CORE-INT-ROUTER 1
    route inside 192.168.202.0 255.255.255.0 TFIJI-CORE-INT-ROUTER 1
    route inside 192.168.210.0 255.255.255.0 Cisco7200 1
    route inside 192.168.213.0 255.255.255.0 Cisco7200 1
    route inside 192.168.254.0 255.255.255.0 fw1.outside.irc.com 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    class-map inspection_default
     match default-inspection-traffic
    class-map flow_export_class
     match access-list global_mpc
    policy-map global_policy
     class inspection_default
      inspect dns
      inspect esmtp
      inspect h323 h225
      inspect h323 ras
      inspect icmp error
      inspect ipsec-pass-thru
      inspect mgcp
      inspect rsh
      inspect sip  
      inspect skinny  
      inspect snmp
      inspect tftp
      inspect ftp strict
      inspect icmp
     class flow_export_class
      flow-export event-type all destination solarwinds-server
    policy-map type inspect dns migrated_dns_map_1
     parameters
      message-length maximum 512
    service-policy global_policy global
    smtp-server 172.16.86.16
    prompt hostname context
    Cryptochecksum:24270eebd6c941fb7b302b034e32bba1
    : end

    Hi,
    NMAP gives the report for the first firewall interface it hits. In your case you have allowed tcp any any where it allows all the ports. I have mentioned only one example.... There are many in your case....
    Also NMAP results will be effective once when you directly connect to outside interface or directly on to the outside LAN.
    Regards
    Karthik

Maybe you are looking for

  • EJB 3.0 - JSF APPLICATION: DATA DOES NOT PERSIST TO THE DATABASE

    Hi, I am developing a JSF - EJB application and the data that I send from JSP Page through JSF Managed Bean --> Session Bean --> Java Persistence does not persist in database. Here is my scenario ( Iam using JDeveloper IDE to create this application)

  • How to disable infobar for plugins (ask to activate)

    Allow (url) to run "Adobe Flash"? [Block Pligin] [Allow] X how to disable this infobar? plugins.hide_infobar_for_blocked_plugin or plugins.hide_infobar_for_outdated_plugin are not working. i need ask to activate function but dont need this infobar. F

  • Deskjet 1515 doesnt print bottom part of a page

    hello ahm would someone help me cause i dont know how to fix it. my  newly-bought deskjet 1515 all-in-one series doesnt print the bottom part of any page. for example i insert a border line and then when i press ctrl-p the print layout showed that th

  • Using iCloud Drive as a Time Machine drive?

    Hi, do you know if there is a way to use iCloud drive as a Time Machine drive. I mean, we can have more than one time machine drive, using iCloud Drive would be a nice option for off site backup no? I Currently use Crashplan for that, but using iClou

  • Color picker from swatches choosing random color (Illustrator CC 2014)...

    When I select a color from swatches, and use the color picker (i.e. double click fill color) for shades and whatnot, it initially shows a random color... anyone else getting this? Every single time you open the color picker it never stays at the curr