Forwarding Traffic

Similar Messages

• How do I forward traffic to an IP Address from a gateway through an extreme?

  I have a DVR for a Camera system attached to a WiFi Ethernet device (becuase there is too far a distance between the DVR and Cable Gateway). When it was attached directly attached to the cable modem, I used Port Forwarding to route traffic to the DVR. That worked great. NOW I have to use the WiFi adapter and that is connecting to the Airport Extreme. The Aiport Extreme is connected to that cable modem.
  So I understand how to forward traffic from the modem to an IP address (the Extreme's IP perhaps ??) but then how do I send that traffic through the Extreme to the wifi-ethernet adapter connected to the DVR ?

  I am on my mobile phone getting an address of 10...83 through the router 10...1.
  Then the DVR setup on 10...69 IS accessible.
  When I switch my wifi off (on the mobile phone)  and I use the ip address (23…94) of the modem w/ port specification I do not get connected.
  When I plug DIRECTLY into the Cable Modem and get an IP address of 10…53, via (Mac OS X) I CAN access the DVR again with ip of 10…69.
  When I use WIFI (via the AE) I get an IP Address of 10…44 and CAN access the DVR as well.
  I have also confirmed traffic is port forwarding to .69:7000 as per the port specified on the DVR.
  So with all that it is confirmed, I tried it again and and still not working...
  THEN I reset the AE, Resset the Wifi Adapter, Reset the DVR and updated Firmwares, started with the basics outline from everyone and IT'S WORKING!!
  I believe it was actually all the AE and requiring a reset on that device.
  Thank you again for all the help, this was a fun challenge!

• Only system vlans forward traffic on 1000v

  I am trying to migrate to a Nexus 1000v vDS but only VM's in the system VLAN can forward traffic. I do not want to make my voice vlan a system VLAN but that is the only way I can get a VM in that VLAN to work properly. I have a host with its vmk in the L3Control port group. From the VSM, a show module shows the VEM 3 with an "ok" status. I currently only have 1 NIC under the vDS control. My VM's using the VM_Network port group work fine and can forward traffic normally. When I put a VM in the Voice_Network port group I lose communication with it. If I add vlan 5 as a system vlan to my Uplink port profile then the VM's in the Voice_Network work properly. I thought you shouldn't create system vlans for each vlan and only use it for critical management functions so I would rather not make it a system vlan. Below is my n1k config. The upstream switch is a 2960X with the "switchport mode trunk" command. Am I missing something that is not allowing VLAN 5 to communicate over the Uplink port profile?
  port-profile type ethernet Unused_Or_Quarantine_Uplink
    vmware port-group
    shutdown
    description Port-group created for Nexus1000V internal usage. Do not use.
    state enabled
  port-profile type vethernet Unused_Or_Quarantine_Veth
    vmware port-group
    shutdown
    description Port-group created for Nexus1000V internal usage. Do not use.
    state enabled
  port-profile type vethernet VM_Network
    vmware port-group
    switchport mode access
    switchport access vlan 1
    no shutdown
    system vlan 1
    max-ports 256
    description VLAN 1
    state enabled
  port-profile type vethernet L3-control-vlan1
    capability l3control
    vmware port-group L3Control
    switchport mode access
    switchport access vlan 1
    no shutdown
    system vlan 1
    state enabled
  port-profile type ethernet iSCSI-50
    vmware port-group "iSCSI Uplink"
    switchport mode trunk
    switchport trunk allowed vlan 50
    switchport trunk native vlan 50
    mtu 9000
    channel-group auto mode active
    no shutdown
    system vlan 50
    state enabled
  port-profile type vethernet iSCSI-A
    vmware port-group
    switchport access vlan 50
    switchport mode access
    capability iscsi-multipath
    no shutdown
    system vlan 50
    state enabled
  port-profile type vethernet iSCSI-B
    vmware port-group
    switchport access vlan 50
    switchport mode access
    capability iscsi-multipath
    no shutdown
    system vlan 50
    state enabled
  port-profile type ethernet Uplink
    vmware port-group
    switchport mode trunk
    switchport trunk allowed vlan 1,5
    no shutdown
    system vlan 1
    state enabled
  port-profile type vethernet Voice_Network
    vmware port-group
    switchport mode access
    switchport access vlan 5
    no shutdown
    max-ports 256
    description VLAN 5
    state enabled

  Below is the output you requested. Thank you.
  ~ # vemcmd show card
  Card UUID type  2: 4c4c4544-004c-5110-804a-b9c04f564831
  Card name: synergvm5
  Switch name: synergVSM
  Switch alias: DvsPortset-0
  Switch uuid: 7d e9 0d 50 b3 3b 25 47-64 14 61 c0 3f c0 7b d9
  Card domain: 4094
  Card slot: 3
  VEM Tunnel Mode: L3 Mode
  L3 Ctrl Index: 49
  L3 Ctrl VLAN: 1
  VEM Control (AIPC) MAC: 00:02:3d:1f:fe:02
  VEM Packet (Inband) MAC: 00:02:3d:2f:fe:02
  VEM Control Agent (DPA) MAC: 00:02:3d:4f:fe:02
  VEM SPAN MAC: 00:02:3d:3f:fe:02
  Primary VSM MAC : 00:50:56:aa:70:b9
  Primary VSM PKT MAC : 00:50:56:aa:70:bb
  Primary VSM MGMT MAC : 00:50:56:aa:70:ba
  Standby VSM CTRL MAC : 00:50:56:aa:70:b6
  Management IPv4 address: 172.30.2.64
  Management IPv6 address: 0000:0000:0000:0000:0000:0000:0000:0000
  Primary L3 Control IPv4 address: 172.30.100.1
  Secondary VSM MAC : 00:00:00:00:00:00
  Secondary L3 Control IPv4 address: 0.0.0.0
  Upgrade : Default
  Max physical ports: 32
  Max virtual ports: 216
  Card control VLAN: 1
  Card packet VLAN: 1
  Control type multicast: No
  Card Headless Mode : No
         Processors: 16
    Processor Cores: 8
  Processor Sockets: 2
    Kernel Memory:   62904468
  Port link-up delay: 5s
  Global UUFB: DISABLED
  Heartbeat Set: True
  PC LB Algo: source-mac
  Datapath portset event in progress : no
  Licensed: Yes
  ~ # vemcmd show port
    LTL   VSM Port  Admin Link  State  PC-LTL  SGID  Vem Port  Type
     24     Eth3/8     UP   UP    FWD       0          vmnic7
     49      Veth1     UP   UP    FWD       0            vmk1
     50      Veth2     UP   UP    FWD       0        XP-Voice.eth0
     51      Veth3     UP   UP    FWD       0        synergPresence.eth0
  ~ # vemcmd show port vlans
                            Native  VLAN   Allowed
    LTL   VSM Port  Mode    VLAN    State* Vlans
     24     Eth3/8   T          1   FWD    1
     49      Veth1   A          1   FWD    1
     50      Veth2   A          1   FWD    1
     51      Veth3   A          5   FWD    5
  * VLAN State: VLAN State represents the state of allowed vlans.
  ~ # vemcmd show bd
  Number of valid BDS: 10
  BD 1, vdc 1, vlan 1, swbd 1, 5 ports, ""
  Portlist:
  BD 2, vdc 1, vlan 3972, swbd 3972, 0 ports, ""
  Portlist:
  BD 3, vdc 1, vlan 3970, swbd 3970, 0 ports, ""
  Portlist:
  BD 4, vdc 1, vlan 3969, swbd 3969, 2 ports, ""
  Portlist:
        8
        9
  BD 5, vdc 1, vlan 3968, swbd 3968, 3 ports, ""
  Portlist:
        1  inban
        5  inband port securit
       11
  BD 6, vdc 1, vlan 3971, swbd 3971, 2 ports, ""
  Portlist:
       14
       15
  BD 7, vdc 1, vlan 5, swbd 5, 1 ports, ""
  Portlist:
       51  synergPresence.eth0
  BD 8, vdc 1, vlan 50, swbd 50, 0 ports, ""
  Portlist:
  BD 9, vdc 1, vlan 77, swbd 77, 0 ports, ""
  Portlist:
  BD 10, vdc 1, vlan 199, swbd 199, 0 ports, ""
  Portlist:
  ~ #

• How ASA forwarding traffic to AIP-SSM

  Hi All,
  Can someone help how ASA device forwarding traffic to AIP-SSM? I'm not taking abt Configuration part like Class-map, policy-map and service policy....want to understand the traffic flow from ASA once traffic matched with ACL to AIP-SSM.
  From one of Cisoc document, understood that the module using a Cisco Propietary protocol for communicating with ASA appliance.
  ================================================================================================================
  FYR from Cisco Website:
  Q. How does the Cisco ASA AIP-SSM plug into and communicate with the appliance?
  A. The Cisco ASA AIP-SSM plugs directly into the SSM slot in the Cisco ASA appliance's chassis. This provides a direct connection to the appliance's backplane. Once the module is installed, a proprietary protocol runs over the bus and controls data flow and messaging between the module and appliance.
  ================================================================================================================
  Regards,
  S.Vinoth

  Hey ,
  as you mentioned above , it uses a cisco Probietary protocol for that communication , there are two interfaces , control channel and data channnel , data channel is where the traffic being forwarded , the backplane is the connection between the ASA and the IPS interface .
  Hope that this helps .
  Mohammad.

• CCE 507 stops forwarding traffic to internet

  Our CE (which is our proxy server) constantly stops forwarding traffic to the internet. The engine does not freeze or lock up because I can telnet into it and reload and everything is fine then. This has starting happening in the last two weeks. The engine is integraded with Websense filtering. Could I be experiencing hardware issues? I did recently upgraded websense to the latest version and also upgraded the PIX 515 Firewall IOS to the latest. I am thinking maybe upgrade the IOS on the engine. Any guidance would be appreciated. Thanks in advance.

  Apparently the version of Websense that I was running was not making the CE very happy. I upgraded to a new version and ever since the problem has not arise. But I am having one issue with the CE. There is one website that generates errors when going through the CE proxy server. Although when bypassing the proxy server(CE), there are no errors generated. It is only when going through the proxy that the error is generated. The error does not reflect a Websense blocking page. So it only leads me to believe that the problem is on the CE. I would like to upgrade the IOS on the CE to the latest software in an effort to resolve this. If I upgrade, should I be aware of any problems with the configuration not working after the upgrade. The device is a CE 507 with software version 2.51. Any history on this type of problem? Any help would be appreciated. I have pasted the exact error generated from the site. Thanks again.
  Network Error
  The server yearbookavenue1.jostens.com returned an invalid response to your request for http://yearbookavenue1.jostens.com/cgi-bin/exe2004/year2004.exe?f_4194e967209

• CGS-2520-16S-8PC only half of SFP Ports forwarding Traffic

  HI all,
  we have two CGS-2520-16S-8PC with links in different directions. All SFP Ports are UP but only the half of it forwarding Traffic. We need all Ports .
  In one of the Cisco documents I found this hind : "The100BASE-FX SFP ports and the 10/100 PoE ports are grouped in pairs. The first member of the pair (port 1) is above the second member (port 2) on the left. Port 3 is above port 4, and so on. The dual-purpose ports are numbered 1 and 2. "
  But more about it is not found in the documemnts. So i have no clue how to bring all Ports to forward traffic.
  Have some one an idea ?
  Philipp

  Sorry but a gigabit-only transceiver will not work on 100 Mbps-only SFP ports.
  There's almost always a good reason why something is not listed in the compatibility table.

• ASA 5510 with Cisco 2811 Router Behind it - Not forwarding traffic

  Hi all,
  Some might know that I have been dealing with an issue where I cannot seem to get forwarded packets to reach their destinations behind an ASA 5510 that has a Cisco 2811 connected directly behind it.
  Some examples that work.
  I can SSH into the ASA.
  I can SSH to the Cisco Routers behind the ASA.
  I cannot reach items beind the Cisco Routers.
  My Configuration is this (I am sure I included a bunch of info I didn't need to, but I am hoping it'll help!):
  I have a static Ip assigned to my Ouside Interface Ethernet 0/1
  It has an IP address of 199.195.xxx.xxx
  I am trying to learn how to shape network traffic (this is all new to me) via the ASA and the Routers to specific devices.
  The Inside Interface on the ASA is 10.10.1.1 255.255.255.252
  The Outside Interface on the 2811 is 10.10.1.2 255.255.255.252
  I can ping the router from the ASA. I can SSH through the ASA to the router.
  BUT I CANNOT ACCESS DEVICES BEHIND THE ROUTER.
  So, I wanted to BAM that statement above because I just don't kjnow where the issue is. Is the issue on the router or the ASA, my guess is, the router, but I just don't know.
  Here are my configs, helpfully someone can help.
  ASA errors on the ASDM when I try and hit resources; specifically a web device behind the ASA and the 2811. It's Ip address 192.168.1.5 it's listening on port 80.Static IP, not assigned via DHCP.
  6
  Feb 14 2014
  19:38:56
  98.22.121.x
  41164
  192.168.1.5
  80
  Built inbound TCP connection 1922859 for Outside:98.22.121.x/41164 (98.22.121.x/41164) to Inside:192.168.1.5/80 (199.195.168.x/8080)
  6
  Feb 14 2014
  19:38:56
  10.10.1.2
  80
  98.22.121.x
  41164
  Deny TCP (no connection) from 10.10.1.2/80 to 98.22.121.x/41164 flags SYN ACK  on interface Inside
  ASA5510# sh nat
  Auto NAT Policies (Section 2)
  1 (DMZ) to (Outside) source static ROUTER-2821 interface   service tcp ssh 2222
      translate_hits = 1, untranslate_hits = 18
  2 (Inside) to (Outside) source static ROUTER-2811 interface   service tcp ssh 222
      translate_hits = 0, untranslate_hits = 13
  3 (VOIP) to (Outside) source static ROUTER-3745 interface   service tcp ssh 2223
      translate_hits = 0, untranslate_hits = 3
  4 (Inside) to (Outside) source static RDP-DC1 interface   service tcp 3389 3389
      translate_hits = 0, untranslate_hits = 236
  5 (Inside) to (Outside) source static WEBCAM-01 interface   service tcp www 8080
      translate_hits = 0, untranslate_hits = 162
  Manual NAT Policies (Section 3)
  1 (any) to (Outside) source dynamic PAT-SOURCE interface
      translate_hits = 1056862, untranslate_hits = 83506
  ASA5510# show access-list
  access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 4096)
              alert-interval 300
  access-list USERS; 1 elements; name hash: 0x50681c1e
  access-list USERS line 1 standard permit 10.10.1.0 255.255.255.0 (hitcnt=0) 0xdd6ba495
  access-list Outside_access_in; 5 elements; name hash: 0xe796c137
  access-list Outside_access_in line 1 extended permit tcp host 98.22.121.x object ROUTER-2811 eq ssh (hitcnt=37) 0x5a53778d
    access-list Outside_access_in line 1 extended permit tcp host 98.22.121.x host 10.10.1.2 eq ssh (hitcnt=37) 0x5a53778d
  access-list Outside_access_in line 2 extended permit tcp host 98.22.121.x object ROUTER-2821 eq ssh (hitcnt=8) 0x9f32bc21
    access-list Outside_access_in line 2 extended permit tcp host 98.22.121.x host 10.10.0.2 eq ssh (hitcnt=8) 0x9f32bc21
  access-list Outside_access_in line 3 extended permit tcp host 98.22.121.x interface Outside eq https (hitcnt=0) 0x385488b2
  access-list Outside_access_in line 4 extended permit tcp host 98.22.121.x object WEBCAM-01 eq www (hitcnt=60) 0xe66674ec
    access-list Outside_access_in line 4 extended permit tcp host 98.22.121.x host 192.168.1.5 eq www (hitcnt=60) 0xe66674ec
  access-list Outside_access_in line 5 extended permit tcp host 98.22.121.x object RDP-DC1 eq 3389 (hitcnt=3) 0x02f13f4e
    access-list Outside_access_in line 5 extended permit tcp host 98.22.121.x host 192.168.1.2 eq 3389 (hitcnt=3) 0x02f13f4e
  access-list dmz-access-vlan1; 1 elements; name hash: 0xc3450860
  access-list dmz-access-vlan1 line 1 extended permit ip 128.162.1.0 255.255.255.0 any (hitcnt=0) 0x429fedf1
  access-list dmz-access; 3 elements; name hash: 0xf53f5801
  access-list dmz-access line 1 remark Permit all traffic to DC1
  access-list dmz-access line 2 extended permit ip 128.162.1.0 255.255.255.0 host 192.168.1.2 (hitcnt=0) 0xd2dced0a
  access-list dmz-access line 3 remark Permit only DNS traffic to DNS server
  access-list dmz-access line 4 extended permit udp 128.162.1.0 255.255.255.0 host 192.168.1.2 eq domain (hitcnt=0) 0xbb21093e
  access-list dmz-access line 5 remark Permit ICMP to all devices in DC
  access-list dmz-access line 6 extended permit icmp 128.162.1.0 255.255.255.0 192.168.1.0 255.255.255.0 (hitcnt=0) 0x71269ef7
  CISCO-2811#show access-lists
  Standard IP access list 1
      10 permit any (1581021 matches)
  CISCO-2811#show translate
  CISCO-2811#show route
  CISCO-2811#show route-map
  CISCO-2811#show host
  CISCO-2811#show hosts
  Default domain is maladomini.int
  Name/address lookup uses domain service
  Name servers are 192.168.1.2, 199.195.168.4, 205.171.2.65, 205.171.3.65, 8.8.8.8
  Codes: UN - unknown, EX - expired, OK - OK, ?? - revalidate
         temp - temporary, perm - permanent
         NA - Not Applicable None - Not defined
  Host                      Port  Flags      Age Type   Address(es)
  api.mixpanel.com          None  (temp, OK)  2   IP    198.23.64.21
                                                        198.23.64.22
                                                        198.23.64.18
                                                        198.23.64.19
                                                        198.23.64.20
  ASA5510:
  ASA5510# sh run all
  : Saved
  ASA Version 9.1(4)
  command-alias exec h help
  command-alias exec lo logout
  command-alias exec p ping
  command-alias exec s show
  terminal width 80
  hostname ASA5510
  domain-name maladomini.int
  enable password x encrypted
  no fips enable
  xlate per-session deny tcp any4 any4
  xlate per-session deny tcp any4 any6
  xlate per-session deny tcp any6 any4
  xlate per-session deny tcp any6 any6
  xlate per-session deny udp any4 any4 eq domain
  xlate per-session deny udp any4 any6 eq domain
  xlate per-session deny udp any6 any4 eq domain
  xlate per-session deny udp any6 any6 eq domain
  xlate per-session permit tcp any4 any4
  xlate per-session permit tcp any4 any6
  xlate per-session permit tcp any6 any4
  xlate per-session permit tcp any6 any6
  xlate per-session permit udp any4 any4 eq domain
  xlate per-session permit udp any4 any6 eq domain
  xlate per-session permit udp any6 any4 eq domain
  xlate per-session permit udp any6 any6 eq domain
  passwd x encrypted
  names
  dns-guard
  lacp system-priority 32768
  interface Ethernet0/0
  description LAN Interface
  speed auto
  duplex auto
  no  flowcontrol send on
  nameif Inside
  security-level 100
  ip address 10.10.1.1 255.255.255.252
  delay 10
  interface Ethernet0/1
  description WAN Interface
  speed auto
  duplex auto
  no  flowcontrol send on
  nameif Outside
  security-level 0
  ip address 199.195.168.xxx 255.255.255.240
  delay 10
  interface Ethernet0/2
  description DMZ
  speed auto
  duplex auto
  no  flowcontrol send on
  nameif DMZ
  security-level 100
  ip address 10.10.0.1 255.255.255.252
  delay 10
  interface Ethernet0/3
  description VOIP
  speed auto
  duplex auto
  no  flowcontrol send on
  nameif VOIP
  security-level 100
  ip address 10.10.2.1 255.255.255.252
  delay 10
  interface Management0/0
  speed auto
  duplex auto
  management-only
  shutdown
  nameif management
  security-level 0
  no ip address
  delay 10
  regex _default_gator "Gator"
  regex _default_firethru-tunnel_2 "[/\\]cgi[-]bin[/\\]proxy"
  regex _default_shoutcast-tunneling-protocol "1"
  regex _default_http-tunnel "[/\\]HT_PortLog.aspx"
  regex _default_x-kazaa-network "[\r\n\t ]+[xX]-[kK][aA][zZ][aA][aA]-[nN][eE][tT][wW][oO][rR][kK]"
  regex _default_msn-messenger "[Aa][Pp][Pp][Ll][Ii][Cc][Aa][Tt][Ii][Oo][Nn][/\\][Xx][-][Mm][Ss][Nn][-][Mm][Ee][Ss][Ss][Ee][Nn][Gg][Ee][Rr]"
  regex _default_GoToMyPC-tunnel_2 "[/\\]erc[/\\]Poll"
  regex _default_gnu-http-tunnel_uri "[/\\]index[.]html"
  regex _default_aim-messenger "[Hh][Tt][Tt][Pp][.][Pp][Rr][Oo][Xx][Yy][.][Ii][Cc][Qq][.][Cc][Oo][Mm]"
  regex _default_gnu-http-tunnel_arg "crap"
  regex _default_icy-metadata "[\r\n\t ]+[iI][cC][yY]-[mM][eE][tT][aA][dD][aA][tT][aA]"
  regex _default_GoToMyPC-tunnel "machinekey"
  regex _default_windows-media-player-tunnel "NSPlayer"
  regex _default_yahoo-messenger "YMSG"
  regex _default_httport-tunnel "photo[.]exectech[-]va[.]com"
  regex _default_firethru-tunnel_1 "firethru[.]com"
  checkheaps check-interval 60
  checkheaps validate-checksum 60
  boot system disk0:/asa914-k8.bin
  ftp mode passive
  clock timezone UTC 0
  dns domain-lookup Outside
  dns server-group DefaultDNS
  name-server 199.195.168.4
  name-server 205.171.2.65
  name-server 205.171.3.65
  domain-name maladomini.int
  same-security-traffic permit inter-interface
  object service ah pre-defined
  service ah
  description This is a pre-defined object
  object service eigrp pre-defined
  service eigrp
  description This is a pre-defined object
  object service esp pre-defined
  service esp
  description This is a pre-defined object
  object service gre pre-defined
  service gre
  description This is a pre-defined object
  object service icmp pre-defined
  service icmp
  description This is a pre-defined object
  object service icmp6 pre-defined
  service icmp6
  description This is a pre-defined object
  object service igmp pre-defined
  service igmp
  description This is a pre-defined object
  object service igrp pre-defined
  service igrp
  description This is a pre-defined object
  object service ip pre-defined
  service ip
  description This is a pre-defined object
  object service ipinip pre-defined
  service ipinip
  description This is a pre-defined object
  object service ipsec pre-defined
  service esp
  description This is a pre-defined object
  object service nos pre-defined
  service nos
  description This is a pre-defined object
  object service ospf pre-defined
  service ospf
  description This is a pre-defined object
  object service pcp pre-defined
  service pcp
  description This is a pre-defined object
  object service pim pre-defined
  service pim
  description This is a pre-defined object
  object service pptp pre-defined
  service gre
  description This is a pre-defined object
  object service snp pre-defined
  service snp
  description This is a pre-defined object
  object service tcp pre-defined
  service tcp
  description This is a pre-defined object
  object service udp pre-defined
  service udp
  description This is a pre-defined object
  object service tcp-aol pre-defined
  service tcp destination eq aol
  description This is a pre-defined object
  object service tcp-bgp pre-defined
  service tcp destination eq bgp
  description This is a pre-defined object
  object service tcp-chargen pre-defined
  service tcp destination eq chargen
  description This is a pre-defined object
  object service tcp-cifs pre-defined
  service tcp destination eq cifs
  description This is a pre-defined object
  object service tcp-citrix-ica pre-defined
  service tcp destination eq citrix-ica
  description This is a pre-defined object
  object service tcp-ctiqbe pre-defined
  service tcp destination eq ctiqbe
  description This is a pre-defined object
  object service tcp-daytime pre-defined
  service tcp destination eq daytime
  description This is a pre-defined object
  object service tcp-discard pre-defined
  service tcp destination eq discard
  description This is a pre-defined object
  object service tcp-domain pre-defined
  service tcp destination eq domain
  description This is a pre-defined object
  object service tcp-echo pre-defined
  service tcp destination eq echo
  description This is a pre-defined object
  object service tcp-exec pre-defined
  service tcp destination eq exec
  description This is a pre-defined object
  object service tcp-finger pre-defined
  service tcp destination eq finger
  description This is a pre-defined object
  object service tcp-ftp pre-defined
  service tcp destination eq ftp
  description This is a pre-defined object
  object service tcp-ftp-data pre-defined
  service tcp destination eq ftp-data
  description This is a pre-defined object
  object service tcp-gopher pre-defined
  service tcp destination eq gopher
  description This is a pre-defined object
  object service tcp-ident pre-defined
  service tcp destination eq ident
  description This is a pre-defined object
  object service tcp-imap4 pre-defined
  service tcp destination eq imap4
  description This is a pre-defined object
  object service tcp-irc pre-defined
  service tcp destination eq irc
  description This is a pre-defined object
  object service tcp-hostname pre-defined
  service tcp destination eq hostname
  description This is a pre-defined object
  object service tcp-kerberos pre-defined
  service tcp destination eq kerberos
  description This is a pre-defined object
  object service tcp-klogin pre-defined
  service tcp destination eq klogin
  description This is a pre-defined object
  object service tcp-kshell pre-defined
  service tcp destination eq kshell
  description This is a pre-defined object
  object service tcp-ldap pre-defined
  service tcp destination eq ldap
  description This is a pre-defined object
  object service tcp-ldaps pre-defined
  service tcp destination eq ldaps
  description This is a pre-defined object
  object service tcp-login pre-defined
  service tcp destination eq login
  description This is a pre-defined object
  object service tcp-lotusnotes pre-defined
  service tcp destination eq lotusnotes
  description This is a pre-defined object
  object service tcp-nfs pre-defined
  service tcp destination eq nfs
  description This is a pre-defined object
  object service tcp-netbios-ssn pre-defined
  service tcp destination eq netbios-ssn
  description This is a pre-defined object
  object service tcp-whois pre-defined
  service tcp destination eq whois
  description This is a pre-defined object
  object service tcp-nntp pre-defined
  service tcp destination eq nntp
  description This is a pre-defined object
  object service tcp-pcanywhere-data pre-defined
  service tcp destination eq pcanywhere-data
  description This is a pre-defined object
  object service tcp-pim-auto-rp pre-defined
  service tcp destination eq pim-auto-rp
  description This is a pre-defined object
  object service tcp-pop2 pre-defined
  service tcp destination eq pop2
  description This is a pre-defined object
  object service tcp-pop3 pre-defined
  service tcp destination eq pop3
  description This is a pre-defined object
  object service tcp-pptp pre-defined
  service tcp destination eq pptp
  description This is a pre-defined object
  object service tcp-lpd pre-defined
  service tcp destination eq lpd
  description This is a pre-defined object
  object service tcp-rsh pre-defined
  service tcp destination eq rsh
  description This is a pre-defined object
  object service tcp-rtsp pre-defined
  service tcp destination eq rtsp
  description This is a pre-defined object
  object service tcp-sip pre-defined
  service tcp destination eq sip
  description This is a pre-defined object
  object service tcp-smtp pre-defined
  service tcp destination eq smtp
  description This is a pre-defined object
  object service tcp-ssh pre-defined
  service tcp destination eq ssh
  description This is a pre-defined object
  object service tcp-sunrpc pre-defined
  service tcp destination eq sunrpc
  description This is a pre-defined object
  object service tcp-tacacs pre-defined
  service tcp destination eq tacacs
  description This is a pre-defined object
  object service tcp-talk pre-defined
  service tcp destination eq talk
  description This is a pre-defined object
  object service tcp-telnet pre-defined
  service tcp destination eq telnet
  description This is a pre-defined object
  object service tcp-uucp pre-defined
  service tcp destination eq uucp
  description This is a pre-defined object
  object service tcp-www pre-defined
  service tcp destination eq www
  description This is a pre-defined object
  object service tcp-http pre-defined
  service tcp destination eq www
  description This is a pre-defined object
  object service tcp-https pre-defined
  service tcp destination eq https
  description This is a pre-defined object
  object service tcp-cmd pre-defined
  service tcp destination eq rsh
  description This is a pre-defined object
  object service tcp-sqlnet pre-defined
  service tcp destination eq sqlnet
  description This is a pre-defined object
  object service tcp-h323 pre-defined
  service tcp destination eq h323
  description This is a pre-defined object
  object service tcp-udp-cifs pre-defined
  service tcp-udp destination eq cifs
  description This is a pre-defined object
  object service tcp-udp-discard pre-defined
  service tcp-udp destination eq discard
  description This is a pre-defined object
  object service tcp-udp-domain pre-defined
  service tcp-udp destination eq domain
  description This is a pre-defined object
  object service tcp-udp-echo pre-defined
  service tcp-udp destination eq echo
  description This is a pre-defined object
  object service tcp-udp-kerberos pre-defined
  service tcp-udp destination eq kerberos
  description This is a pre-defined object
  object service tcp-udp-nfs pre-defined
  service tcp-udp destination eq nfs
  description This is a pre-defined object
  object service tcp-udp-pim-auto-rp pre-defined
  service tcp-udp destination eq pim-auto-rp
  description This is a pre-defined object
  object service tcp-udp-sip pre-defined
  service tcp-udp destination eq sip
  description This is a pre-defined object
  object service tcp-udp-sunrpc pre-defined
  service tcp-udp destination eq sunrpc
  description This is a pre-defined object
  object service tcp-udp-tacacs pre-defined
  service tcp-udp destination eq tacacs
  description This is a pre-defined object
  object service tcp-udp-www pre-defined
  service tcp-udp destination eq www
  description This is a pre-defined object
  object service tcp-udp-http pre-defined
  service tcp-udp destination eq www
  description This is a pre-defined object
  object service tcp-udp-talk pre-defined
  service tcp-udp destination eq talk
  description This is a pre-defined object
  object service udp-biff pre-defined
  service udp destination eq biff
  description This is a pre-defined object
  object service udp-bootpc pre-defined
  service udp destination eq bootpc
  description This is a pre-defined object
  object service udp-bootps pre-defined
  service udp destination eq bootps
  description This is a pre-defined object
  object service udp-cifs pre-defined
  service udp destination eq cifs
  description This is a pre-defined object
  object service udp-discard pre-defined
  service udp destination eq discard
  description This is a pre-defined object
  object service udp-domain pre-defined
  service udp destination eq domain
  description This is a pre-defined object
  object service udp-dnsix pre-defined
  service udp destination eq dnsix
  description This is a pre-defined object
  object service udp-echo pre-defined
  service udp destination eq echo
  description This is a pre-defined object
  object service udp-www pre-defined
  service udp destination eq www
  description This is a pre-defined object
  object service udp-http pre-defined
  service udp destination eq www
  description This is a pre-defined object
  object service udp-nameserver pre-defined
  service udp destination eq nameserver
  description This is a pre-defined object
  object service udp-kerberos pre-defined
  service udp destination eq kerberos
  description This is a pre-defined object
  object service udp-mobile-ip pre-defined
  service udp destination eq mobile-ip
  description This is a pre-defined object
  object service udp-nfs pre-defined
  service udp destination eq nfs
  description This is a pre-defined object
  object service udp-netbios-ns pre-defined
  service udp destination eq netbios-ns
  description This is a pre-defined object
  object service udp-netbios-dgm pre-defined
  service udp destination eq netbios-dgm
  description This is a pre-defined object
  object service udp-ntp pre-defined
  service udp destination eq ntp
  description This is a pre-defined object
  object service udp-pcanywhere-status pre-defined
  service udp destination eq pcanywhere-status
  description This is a pre-defined object
  object service udp-pim-auto-rp pre-defined
  service udp destination eq pim-auto-rp
  description This is a pre-defined object
  object service udp-radius pre-defined
  service udp destination eq radius
  description This is a pre-defined object
  object service udp-radius-acct pre-defined
  service udp destination eq radius-acct
  description This is a pre-defined object
  object service udp-rip pre-defined
  service udp destination eq rip
  description This is a pre-defined object
  object service udp-secureid-udp pre-defined
  service udp destination eq secureid-udp
  description This is a pre-defined object
  object service udp-sip pre-defined
  service udp destination eq sip
  description This is a pre-defined object
  object service udp-snmp pre-defined
  service udp destination eq snmp
  description This is a pre-defined object
  object service udp-snmptrap pre-defined
  service udp destination eq snmptrap
  description This is a pre-defined object
  object service udp-sunrpc pre-defined
  service udp destination eq sunrpc
  description This is a pre-defined object
  object service udp-syslog pre-defined
  service udp destination eq syslog
  description This is a pre-defined object
  object service udp-tacacs pre-defined
  service udp destination eq tacacs
  description This is a pre-defined object
  object service udp-talk pre-defined
  service udp destination eq talk
  description This is a pre-defined object
  object service udp-tftp pre-defined
  service udp destination eq tftp
  description This is a pre-defined object
  object service udp-time pre-defined
  service udp destination eq time
  description This is a pre-defined object
  object service udp-who pre-defined
  service udp destination eq who
  description This is a pre-defined object
  object service udp-xdmcp pre-defined
  service udp destination eq xdmcp
  description This is a pre-defined object
  object service udp-isakmp pre-defined
  service udp destination eq isakmp
  description This is a pre-defined object
  object service icmp6-unreachable pre-defined
  service icmp6 unreachable
  description This is a pre-defined object
  object service icmp6-packet-too-big pre-defined
  service icmp6 packet-too-big
  description This is a pre-defined object
  object service icmp6-time-exceeded pre-defined
  service icmp6 time-exceeded
  description This is a pre-defined object
  object service icmp6-parameter-problem pre-defined
  service icmp6 parameter-problem
  description This is a pre-defined object
  object service icmp6-echo pre-defined
  service icmp6 echo
  description This is a pre-defined object
  object service icmp6-echo-reply pre-defined
  service icmp6 echo-reply
  description This is a pre-defined object
  object service icmp6-membership-query pre-defined
  service icmp6 membership-query
  description This is a pre-defined object
  object service icmp6-membership-report pre-defined
  service icmp6 membership-report
  description This is a pre-defined object
  object service icmp6-membership-reduction pre-defined
  service icmp6 membership-reduction
  description This is a pre-defined object
  object service icmp6-router-renumbering pre-defined
  service icmp6 router-renumbering
  description This is a pre-defined object
  object service icmp6-router-solicitation pre-defined
  service icmp6 router-solicitation
  description This is a pre-defined object
  object service icmp6-router-advertisement pre-defined
  service icmp6 router-advertisement
  description This is a pre-defined object
  object service icmp6-neighbor-solicitation pre-defined
  service icmp6 neighbor-solicitation
  description This is a pre-defined object
  object service icmp6-neighbor-advertisement pre-defined
  service icmp6 neighbor-advertisement
  description This is a pre-defined object
  object service icmp6-neighbor-redirect pre-defined
  service icmp6 neighbor-redirect
  description This is a pre-defined object
  object service icmp-echo pre-defined
  service icmp echo
  description This is a pre-defined object
  object service icmp-echo-reply pre-defined
  service icmp echo-reply
  description This is a pre-defined object
  object service icmp-unreachable pre-defined
  service icmp unreachable
  description This is a pre-defined object
  object service icmp-source-quench pre-defined
  service icmp source-quench
  description This is a pre-defined object
  object service icmp-redirect pre-defined
  service icmp redirect
  description This is a pre-defined object
  object service icmp-alternate-address pre-defined
  service icmp alternate-address
  description This is a pre-defined object
  object service icmp-router-advertisement pre-defined
  service icmp router-advertisement
  description This is a pre-defined object
  object service icmp-router-solicitation pre-defined
  service icmp router-solicitation
  description This is a pre-defined object
  object service icmp-time-exceeded pre-defined
  service icmp time-exceeded
  description This is a pre-defined object
  object service icmp-parameter-problem pre-defined
  service icmp parameter-problem
  description This is a pre-defined object
  object service icmp-timestamp-request pre-defined
  service icmp timestamp-request
  description This is a pre-defined object
  object service icmp-timestamp-reply pre-defined
  service icmp timestamp-reply
  description This is a pre-defined object
  object service icmp-information-request pre-defined
  service icmp information-request
  description This is a pre-defined object
  object service icmp-information-reply pre-defined
  service icmp information-reply
  description This is a pre-defined object
  object service icmp-mask-request pre-defined
  service icmp mask-request
  description This is a pre-defined object
  object service icmp-mask-reply pre-defined
  service icmp mask-reply
  description This is a pre-defined object
  object service icmp-traceroute pre-defined
  service icmp traceroute
  description This is a pre-defined object
  object service icmp-conversion-error pre-defined
  service icmp conversion-error
  description This is a pre-defined object
  object service icmp-mobile-redirect pre-defined
  service icmp mobile-redirect
  description This is a pre-defined object
  object network ROUTER-2811
  host 10.10.1.2
  object network ROUTER-2821
  host 10.10.0.2
  object network WEBCAM-01
  host 192.168.1.5
  object network DNS-SERVER
  host 192.168.1.2
  object network ROUTER-3745
  host 10.10.2.2
  object network RDP-DC1
  host 192.168.1.2
  object-group network PAT-SOURCE
  network-object 10.10.1.0 255.255.255.252
  network-object 10.10.0.0 255.255.255.252
  network-object 10.10.2.0 255.255.255.252
  network-object 192.168.0.0 255.255.255.0
  network-object 172.16.10.0 255.255.255.0
  network-object 172.16.20.0 255.255.255.0
  network-object 128.162.1.0 255.255.255.0
  network-object 128.162.10.0 255.255.255.0
  network-object 128.162.20.0 255.255.255.0
  object-group network DM_INLINE_NETWORK_2
  network-object host 98.22.121.x
  object-group network Outside_access_in
  object-group protocol DM_INLINE_PROTOCOL_1
  protocol-object gre
  access-list USERS standard permit 10.10.1.0 255.255.255.0
  access-list Outside_access_in extended permit tcp host 98.22.121.x object ROUTER-2811 eq ssh
  access-list Outside_access_in extended permit tcp host 98.22.121.x object ROUTER-2821 eq ssh
  access-list Outside_access_in extended permit tcp host 98.22.121.x interface Outside eq https
  access-list Outside_access_in extended permit tcp host 98.22.121.x object WEBCAM-01 eq www
  access-list Outside_access_in extended permit tcp host 98.22.121.x object RDP-DC1 eq 3389
  access-list dmz-access-vlan1 extended permit ip 128.162.1.0 255.255.255.0 any
  access-list dmz-access remark Permit all traffic to DC1
  access-list dmz-access extended permit ip 128.162.1.0 255.255.255.0 host 192.168.1.2
  access-list dmz-access remark Permit only DNS traffic to DNS server
  access-list dmz-access extended permit udp 128.162.1.0 255.255.255.0 host 192.168.1.2 eq domain
  access-list dmz-access remark Permit ICMP to all devices in DC
  access-list dmz-access extended permit icmp 128.162.1.0 255.255.255.0 192.168.1.0 255.255.255.0
  pager lines 24
  logging enable
  logging buffer-size 4096
  logging asdm-buffer-size 100
  logging asdm informational
  logging flash-minimum-free 3076
  logging flash-maximum-allocation 1024
  logging rate-limit 1 10 message 747001
  logging rate-limit 1 1 message 402116
  logging rate-limit 1 10 message 620002
  logging rate-limit 1 10 message 717015
  logging rate-limit 1 10 message 717018
  logging rate-limit 1 10 message 201013
  logging rate-limit 1 10 message 201012
  logging rate-limit 1 1 message 313009
  logging rate-limit 100 1 message 750003
  logging rate-limit 100 1 message 750002
  logging rate-limit 100 1 message 750004
  logging rate-limit 1 10 message 419003
  logging rate-limit 1 10 message 405002
  logging rate-limit 1 10 message 405003
  logging rate-limit 1 10 message 421007
  logging rate-limit 1 10 message 405001
  logging rate-limit 1 10 message 421001
  logging rate-limit 1 10 message 421002
  logging rate-limit 1 10 message 337004
  logging rate-limit 1 10 message 337005
  logging rate-limit 1 10 message 337001
  logging rate-limit 1 10 message 337002
  logging rate-limit 1 60 message 199020
  logging rate-limit 1 10 message 337003
  logging rate-limit 2 5 message 199011
  logging rate-limit 1 10 message 199010
  logging rate-limit 1 10 message 337009
  logging rate-limit 2 5 message 199012
  logging rate-limit 1 10 message 710002
  logging rate-limit 1 10 message 209003
  logging rate-limit 1 10 message 209004
  logging rate-limit 1 10 message 209005
  logging rate-limit 1 10 message 431002
  logging rate-limit 1 10 message 431001
  logging rate-limit 1 1 message 447001
  logging rate-limit 1 10 message 110003
  logging rate-limit 1 10 message 110002
  logging rate-limit 1 10 message 429007
  logging rate-limit 1 10 message 216004
  logging rate-limit 1 10 message 450001
  flow-export template timeout-rate 30
  flow-export active refresh-interval 1
  mtu Inside 1500
  mtu Outside 1500
  mtu management 1500
  mtu DMZ 1500
  mtu VOIP 1500
  icmp unreachable rate-limit 1 burst-size 1
  icmp deny any Outside
  asdm image disk0:/asdm-715.bin
  no asdm history enable
  arp timeout 14400
  no arp permit-nonconnected
  object network ROUTER-2811
  nat (Inside,Outside) static interface service tcp ssh 222
  object network ROUTER-2821
  nat (DMZ,Outside) static interface service tcp ssh 2222
  object network WEBCAM-01
  nat (Inside,Outside) static interface service tcp www 8080
  object network ROUTER-3745
  nat (VOIP,Outside) static interface service tcp ssh 2223
  object network RDP-DC1
  nat (Inside,Outside) static interface service tcp 3389 3389
  nat (any,Outside) after-auto source dynamic PAT-SOURCE interface
  access-group Outside_access_in in interface Outside
  ipv6 dhcprelay timeout 60
  router rip
  network 10.0.0.0
  version 2
  no auto-summary
  route Outside 0.0.0.0 0.0.0.0 199.195.168.113 1
  route Inside 128.162.1.0 255.255.255.0 10.10.0.2 1
  route Inside 128.162.10.0 255.255.255.0 10.10.0.2 1
  route Inside 128.162.20.0 255.255.255.0 10.10.0.2 1
  route Inside 172.16.10.0 255.255.255.0 10.10.1.2 1
  route Inside 172.16.20.0 255.255.255.0 10.10.1.2 1
  route Inside 192.168.1.0 255.255.255.0 10.10.1.2 1
  timeout xlate 3:00:00
  timeout pat-xlate 0:00:30
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  dynamic-access-policy-record DfltAccessPolicy
  action continue
  no cts server-group
  no cts sxp enable
  no cts sxp default
  no cts sxp default source-ip
  cts sxp reconciliation period 120
  cts sxp retry period 120
  user-identity enable
  user-identity domain LOCAL
  user-identity default-domain LOCAL
  user-identity action mac-address-mismatch remove-user-ip
  user-identity inactive-user-timer minutes 60
  user-identity poll-import-user-group-timer hours 8
  user-identity ad-agent active-user-database full-download
  user-identity ad-agent hello-timer seconds 30 retry-times 5
  no user-identity user-not-found enable
  aaa authentication ssh console LOCAL
  http server enable 443
  http 0.0.0.0 0.0.0.0 Inside
  http 98.22.121.x 255.255.255.255 Outside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  no snmp-server enable traps syslog
  no snmp-server enable traps ipsec start stop
  no snmp-server enable traps entity config-change fru-insert fru-remove fan-failure power-supply power-supply-presence cpu-temperature chassis-temperature power-supply-temperature chassis-fan-failure
  no snmp-server enable traps memory-threshold
  no snmp-server enable traps interface-threshold
  no snmp-server enable traps remote-access session-threshold-exceeded
  no snmp-server enable traps connection-limit-reached
  no snmp-server enable traps cpu threshold rising
  no snmp-server enable traps ikev2 start stop
  no snmp-server enable traps nat packet-discard
  snmp-server enable
  snmp-server listen-port 161
  fragment size 200 Inside
  fragment chain 24 Inside
  fragment timeout 5 Inside
  no fragment reassembly full Inside
  fragment size 200 Outside
  fragment chain 24 Outside
  fragment timeout 5 Outside
  no fragment reassembly full Outside
  fragment size 200 management
  fragment chain 24 management
  fragment timeout 5 management
  no fragment reassembly full management
  fragment size 200 DMZ
  fragment chain 24 DMZ
  fragment timeout 5 DMZ
  no fragment reassembly full DMZ
  fragment size 200 VOIP
  fragment chain 24 VOIP
  fragment timeout 5 VOIP
  no fragment reassembly full VOIP
  no sysopt connection timewait
  sysopt connection tcpmss 1380
  sysopt connection tcpmss minimum 0
  sysopt connection permit-vpn
  sysopt connection reclassify-vpn
  no sysopt connection preserve-vpn-flows
  no sysopt radius ignore-secret
  no sysopt noproxyarp Inside
  no sysopt noproxyarp Outside
  no sysopt noproxyarp management
  no sysopt noproxyarp DMZ
  no sysopt noproxyarp VOIP
  service password-recovery
  no crypto ipsec ikev2 sa-strength-enforcement
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec security-association lifetime kilobytes 4608000
  crypto ipsec security-association replay window-size 64
  crypto ipsec security-association pmtu-aging infinite
  crypto ipsec fragmentation before-encryption Inside
  crypto ipsec fragmentation before-encryption Outside
  crypto ipsec fragmentation before-encryption management
  crypto ipsec fragmentation before-encryption DMZ
  crypto ipsec fragmentation before-encryption VOIP
  crypto ipsec df-bit copy-df Inside
  crypto ipsec df-bit copy-df Outside
  crypto ipsec df-bit copy-df management
  crypto ipsec df-bit copy-df DMZ
  crypto ipsec df-bit copy-df VOIP
  crypto ca trustpool policy
  revocation-check none
  crl cache-time 60
  crl enforcenextupdate
  crypto isakmp identity auto
  crypto isakmp nat-traversal 20
  crypto ikev2 cookie-challenge 50
  crypto ikev2 limit max-in-negotiation-sa 100
  no crypto ikev2 limit max-sa
  crypto ikev2 redirect during-auth
  crypto ikev1 limit max-in-negotiation-sa 20
  telnet timeout 5
  ssh 0.0.0.0 0.0.0.0 Inside
  ssh 98.22.121.x 255.255.255.255 Outside
  ssh timeout 60
  ssh version 2
  ssh key-exchange group dh-group1-sha1
  console timeout 0
  vpn-addr-assign aaa
  vpn-addr-assign dhcp
  vpn-addr-assign local reuse-delay 0
  ipv6-vpn-addr-assign aaa
  ipv6-vpn-addr-assign local reuse-delay 0
  no vpn-sessiondb max-other-vpn-limit
  no vpn-sessiondb max-anyconnect-premium-or-essentials-limit
  no remote-access threshold
  l2tp tunnel hello 60
  tls-proxy maximum-session 100
  threat-detection rate dos-drop rate-interval 600 average-rate 100 burst-rate 400
  threat-detection rate dos-drop rate-interval 3600 average-rate 80 burst-rate 320
  threat-detection rate bad-packet-drop rate-interval 600 average-rate 100 burst-rate 400
  threat-detection rate bad-packet-drop rate-interval 3600 average-rate 80 burst-rate 320
  threat-detection rate acl-drop rate-interval 600 average-rate 400 burst-rate 800
  threat-detection rate acl-drop rate-interval 3600 average-rate 320 burst-rate 640
  threat-detection rate conn-limit-drop rate-interval 600 average-rate 100 burst-rate 400
  threat-detection rate conn-limit-drop rate-interval 3600 average-rate 80 burst-rate 320
  threat-detection rate icmp-drop rate-interval 600 average-rate 100 burst-rate 400
  threat-detection rate icmp-drop rate-interval 3600 average-rate 80 burst-rate 320
  threat-detection rate scanning-threat rate-interval 600 average-rate 5 burst-rate 10
  threat-detection rate scanning-threat rate-interval 3600 average-rate 4 burst-rate 8
  threat-detection rate syn-attack rate-interval 600 average-rate 100 burst-rate 200
  threat-detection rate syn-attack rate-interval 3600 average-rate 80 burst-rate 160
  threat-detection rate fw-drop rate-interval 600 average-rate 400 burst-rate 1600
  threat-detection rate fw-drop rate-interval 3600 average-rate 320 burst-rate 1280
  threat-detection rate inspect-drop rate-interval 600 average-rate 400 burst-rate 1600
  threat-detection rate inspect-drop rate-interval 3600 average-rate 320 burst-rate 1280
  threat-detection rate interface-drop rate-interval 600 average-rate 2000 burst-rate 8000
  threat-detection rate interface-drop rate-interval 3600 average-rate 1600 burst-rate 6400
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  ntp server 24.56.178.140 source Outside prefer
  ssl server-version any
  ssl client-version any
  ssl encryption rc4-sha1 dhe-aes128-sha1 dhe-aes256-sha1 aes128-sha1 aes256-sha1 3des-sha1
  ssl certificate-authentication fca-timeout 2
  webvpn
  memory-size percent 50
  port 443
  dtls port 443
  character-encoding none
  no http-proxy
  no https-proxy
  default-idle-timeout 1800
  portal-access-rule none
  no csd enable
  no anyconnect enable
  no tunnel-group-list enable
  no tunnel-group-preference group-url
  rewrite order 65535 enable resource-mask *
  no internal-password
  no onscreen-keyboard
  no default-language
  no smart-tunnel notification-icon
  no keepout
  cache
    no disable
    max-object-size 1000
    min-object-size 0
    no cache-static-content enable
    lmfactor 20
    expiry-time 1
  no auto-signon
  no error-recovery disable
  no ssl-server-check
  no mus password
  mus host mus.cisco.com
  no hostscan data-limit
  : # show import webvpn customization
  : Template
  : DfltCustomization
  : # show import webvpn url-list
  : Template
  : # show import webvpn translation-table
  : Translation Tables' Templates:
  :   PortForwarder
  :   banners
  :   customization
  :   url-list
  :   webvpn
  : Translation Tables:
  :   fr                   PortForwarder
  :   fr                   customization
  :   fr                   webvpn
  :   ja                   PortForwarder
  :   ja                   customization
  :   ja                   webvpn
  :   ru                   PortForwarder
  :   ru                   customization
  :   ru                   webvpn
  : # show import webvpn mst-translation
  : No MS translation tables defined
  : # show import webvpn webcontent
  : No custom webcontent is loaded
  : # show import webvpn AnyConnect-customization
  : No OEM resources defined
  : # show import webvpn plug-in
  group-policy DfltGrpPolicy internal
  group-policy DfltGrpPolicy attributes
  banner none
  wins-server none
  dns-server none
  dhcp-network-scope none
  vpn-access-hours none
  vpn-simultaneous-logins 3
  vpn-idle-timeout 30
  vpn-idle-timeout alert-interval 1
  vpn-session-timeout none
  vpn-session-timeout alert-interval 1
  vpn-filter none
  ipv6-vpn-filter none
  vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec ssl-clientless
  password-storage disable
  ip-comp disable
  re-xauth disable
  group-lock none
  pfs disable
  ipsec-udp disable
  ipsec-udp-port 10000
  split-tunnel-policy tunnelall
  ipv6-split-tunnel-policy tunnelall
  split-tunnel-network-list none
  default-domain none
  split-dns none
  split-tunnel-all-dns disable
  intercept-dhcp 255.255.255.255 disable
  secure-unit-authentication disable
  user-authentication disable
  user-authentication-idle-timeout 30
  ip-phone-bypass disable
  client-bypass-protocol disable
  gateway-fqdn none
  leap-bypass disable
  nem disable
  backup-servers keep-client-config
  msie-proxy server none
  msie-proxy method no-modify
  msie-proxy except-list none
  msie-proxy local-bypass disable
  msie-proxy pac-url none
  msie-proxy lockdown enable
  vlan none
  nac-settings none
  address-pools none
  ipv6-address-pools none
  smartcard-removal-disconnect enable
  scep-forwarding-url none
  client-firewall none
  client-access-rule none
  webvpn
    url-list none
    filter none
    homepage none
    html-content-filter none
    port-forward name Application Access
    port-forward disable
    http-proxy disable
    sso-server none
    anyconnect ssl dtls enable
    anyconnect mtu 1406
    anyconnect firewall-rule client-interface private none
    anyconnect firewall-rule client-interface public none
    anyconnect keep-installer installed
    anyconnect ssl keepalive 20
    anyconnect ssl rekey time none
    anyconnect ssl rekey method none
    anyconnect dpd-interval client 30
    anyconnect dpd-interval gateway 30
    anyconnect ssl compression none
    anyconnect dtls compression none
    anyconnect modules none
    anyconnect profiles none
    anyconnect ask none
    customization none
    keep-alive-ignore 4
    http-comp gzip
    download-max-size 2147483647
    upload-max-size 2147483647
    post-max-size 2147483647
    user-storage none
    storage-objects value cookies,credentials
    storage-key none
    hidden-shares none
    smart-tunnel disable
    activex-relay enable
    unix-auth-uid 65534
    unix-auth-gid 65534
    file-entry enable
    file-browsing enable
    url-entry enable
    deny-message value Login was successful, but because certain criteria have not been met or due to some specific group policy, you do not have permission to use any of the VPN features. Contact your IT administrator for more information
    smart-tunnel auto-signon disable
    anyconnect ssl df-bit-ignore disable
    anyconnect routing-filtering-ignore disable
    smart-tunnel tunnel-policy tunnelall
    always-on-vpn profile-setting
  password-policy minimum-length 3
  password-policy minimum-changes 0
  password-policy minimum-lowercase 0
  password-policy minimum-uppercase 0
  password-policy minimum-numeric 0
  password-policy minimum-special 0
  password-policy lifetime 0
  no password-policy authenticate-enable
  quota management-session 0
  tunnel-group DefaultL2LGroup type ipsec-l2l
  tunnel-group DefaultL2LGroup general-attributes
  no accounting-server-group
  default-group-policy DfltGrpPolicy
  tunnel-group DefaultL2LGroup ipsec-attributes
  no ikev1 pre-shared-key
  peer-id-validate req
  no chain
  no ikev1 trust-point
  isakmp keepalive threshold 10 retry 2
  no ikev2 remote-authentication
  no ikev2 local-authentication
  tunnel-group DefaultRAGroup type remote-access
  tunnel-group DefaultRAGroup general-attributes
  no address-pool
  no ipv6-address-pool
  authentication-server-group LOCAL
  secondary-authentication-server-group none
  no accounting-server-group
  default-group-policy DfltGrpPolicy
  no dhcp-server
  no strip-realm
  no nat-assigned-to-public-ip
  no scep-enrollment enable
  no password-management
  no override-account-disable
  no strip-group
  no authorization-required
  username-from-certificate CN OU
  secondary-username-from-certificate CN OU
  authentication-attr-from-server primary
  authenticated-session-username primary
  tunnel-group DefaultRAGroup webvpn-attributes
  customization DfltCustomization
  authentication aaa
  no override-svc-download
  no radius-reject-message
  no proxy-auth sdi
  no pre-fill-username ssl-client
  no pre-fill-username clientless
  no secondary-pre-fill-username ssl-client
  no secondary-pre-fill-username clientless
  dns-group DefaultDNS
  no without-csd
  tunnel-group DefaultRAGroup ipsec-attributes
  no ikev1 pre-shared-key
  peer-id-validate req
  no chain
  no ikev1 trust-point
  no ikev1 radius-sdi-xauth
  isakmp keepalive threshold 300 retry 2
  ikev1 user-authentication xauth
  no ikev2 remote-authentication
  no ikev2 local-authentication
  tunnel-group DefaultRAGroup ppp-attributes
  no authentication pap
  authentication chap
  authentication ms-chap-v1
  no authentication ms-chap-v2
  no authentication eap-proxy
  tunnel-group DefaultWEBVPNGroup type remote-access
  tunnel-group DefaultWEBVPNGroup general-attributes
  no address-pool
  no ipv6-address-pool
  authentication-server-group LOCAL
  secondary-authentication-server-group none
  no accounting-server-group
  default-group-policy DfltGrpPolicy
  no dhcp-server
  no strip-realm
  no nat-assigned-to-public-ip
  no scep-enrollment enable
  no password-management
  no override-account-disable
  no strip-group
  no authorization-required
  username-from-certificate CN OU
  secondary-username-from-certificate CN OU
  authentication-attr-from-server primary
  authenticated-session-username primary
  tunnel-group DefaultWEBVPNGroup webvpn-attributes
  customization DfltCustomization
  authentication aaa
  no override-svc-download
  no radius-reject-message
  no proxy-auth sdi
  no pre-fill-username ssl-client
  no pre-fill-username clientless
  no secondary-pre-fill-username ssl-client
  no secondary-pre-fill-username clientless
  dns-group DefaultDNS
  no without-csd
  tunnel-group DefaultWEBVPNGroup ipsec-attributes
  no ikev1 pre-shared-key
  peer-id-validate req
  no chain
  no ikev1 trust-point
  no ikev1 radius-sdi-xauth
  isakmp keepalive threshold 300 retry 2
  ikev1 user-authentication xauth
  no ikev2 remote-authentication
  no ikev2 local-authentication
  tunnel-group DefaultWEBVPNGroup ppp-attributes
  no authentication pap
  authentication chap
  authentication ms-chap-v1
  no authentication ms-chap-v2
  no authentication eap-proxy
  class-map type inspect http match-all _default_gator
  match request header user-agent regex _default_gator
  class-map type inspect http match-all _default_msn-messenger
  match response header content-type regex _default_msn-messenger
  class-map type inspect http match-all _default_yahoo-messenger
  match request body regex _default_yahoo-messenger
  class-map type inspect http match-all _default_windows-media-player-tunnel
  match request header user-agent regex _default_windows-media-player-tunnel
  class-map type inspect http match-all _default_gnu-http-tunnel
  match request args regex _default_gnu-http-tunnel_arg
  match request uri regex _default_gnu-http-tunnel_uri
  class-map type inspect http match-all _default_firethru-tunnel
  match request header host regex _default_firethru-tunnel_1
  match request uri regex _default_firethru-tunnel_2
  class-map type inspect http match-all _default_aim-messenger
  match request header host regex _default_aim-messenger
  class-map type inspect http match-all _default_http-tunnel
  match request uri regex _default_http-tunnel
  class-map type inspect http match-all _default_kazaa
  match response header regex _default_x-kazaa-network count gt 0
  class-map type inspect http match-all _default_shoutcast-tunneling-protocol
  match request header regex _default_icy-metadata regex _default_shoutcast-tunneling-protocol
  class-map class-default
  match any
  class-map inspection_default
  match default-inspection-traffic
  class-map type inspect http match-all _default_GoToMyPC-tunnel
  match request args regex _default_GoToMyPC-tunnel
  match request uri regex _default_GoToMyPC-tunnel_2
  class-map type inspect http match-all _default_httport-tunnel
  match request header host regex _default_httport-tunnel
  policy-map type inspect rtsp _default_rtsp_map
  description Default RTSP policymap
  parameters
  policy-map type inspect ipv6 _default_ipv6_map
  description Default IPV6 policy-map
  parameters
    verify-header type
    verify-header order
  match header routing-type range 0 255
    drop log
  policy-map type inspect h323 _default_h323_map
  description Default H.323 policymap
  parameters
    no rtp-conformance
  policy-map type inspect dns migrated_dns_map_1
  parameters
    message-length maximum client auto
    message-length maximum 512
    no message-length maximum server
    dns-guard
    protocol-enforcement
    nat-rewrite
    no id-randomization
    no id-mismatch
    no tsig enforced
  policy-map type inspect esmtp _default_esmtp_map
  description Default ESMTP policy-map
  parameters
    mask-banner
    no mail-relay
    no special-character
    no allow-tls
  match cmd line length gt 512
    drop-connection log
  match cmd RCPT count gt 100
    drop-connection log
  match body line length gt 998
    log
  match header line length gt 998
    drop-connection log
  match sender-address length gt 320
    drop-connection log
  match MIME filename length gt 255
    drop-connection log
  match ehlo-reply-parameter others
    mask
  policy-map type inspect ip-options _default_ip_options_map
  description Default IP-OPTIONS policy-map
  parameters
    router-alert action allow
  policy-map global_policy
  class inspection_default
    inspect dns migrated_dns_map_1
    inspect ftp
    inspect h323 h225 _default_h323_map
    inspect h323 ras _default_h323_map
    inspect rsh
    inspect rtsp
    inspect esmtp _default_esmtp_map
    inspect sqlnet
    inspect skinny
    inspect sunrpc
    inspect xdmcp
    inspect sip
    inspect netbios
    inspect tftp
    inspect ip-options _default_ip_options_map
    inspect icmp
    inspect icmp error
    inspect pptp
  class class-default
  policy-map type inspect sip _default_sip_map
  description Default SIP policymap
  parameters
    im
    no ip-address-privacy
    traffic-non-sip
    no rtp-conformance
  policy-map type inspect dns _default_dns_map
  description Default DNS policy-map
  parameters
    no message-length maximum client
    no message-le

  I ran those commands while I had the nat off on the router and here are the results. note, i didn't make any changes to the ASA as you only said to remove the router RIP which I did and reloaded and no change.
  As long as the statements ip nat outside on the Fastethernet 0/0 is off and the ip nat inside is off on the vlan and the overload statement is taken out, I cannot hit the internet.
  CISCO-2811#conf t
  Enter configuration commands, one per line.  End with CNTL/Z.
  CISCO-2811(config)#int
  CISCO-2811(config)#interface f
  CISCO-2811(config)#interface fastEthernet 0/1.3
  CISCO-2811(config-subif)#no ip nat inside
  CISCO-2811(config-subif)#exit
  CISCO-2811(config)#inter
  CISCO-2811(config)#interface f
  CISCO-2811(config)#interface fastEthernet 0/0
  CISCO-2811(config-if)#no ip nat outside
  CISCO-2811(config-if)#exit
  CISCO-2811(config)#$nside source list 1 interface FastEthernet0/0 overload
  Dynamic mapping in use, do you want to delete all entries? [no]: y
  CISCO-2811(config)#exit
  CISCO-2811#sh ip arp
  Protocol  Address          Age (min)  Hardware Addr   Type   Interface
  Internet  10.10.1.1             202   c47d.4f3b.8ea6  ARPA   FastEthernet0/0
  Internet  10.10.1.2               -   0019.55a7.2ae8  ARPA   FastEthernet0/0
  Internet  172.16.10.1             -   0019.55a7.2ae9  ARPA   FastEthernet0/1.1
  Internet  172.16.10.3           238   0011.5c73.28c1  ARPA   FastEthernet0/1.1
  Internet  172.16.10.50           72   cc2d.8c78.065a  ARPA   FastEthernet0/1.1
  Internet  172.16.20.1             -   0019.55a7.2ae9  ARPA   FastEthernet0/1.2
  Internet  172.16.20.3           196   0011.5c73.28c2  ARPA   FastEthernet0/1.2
  Internet  192.168.1.1             -   0019.55a7.2ae9  ARPA   FastEthernet0/1.3
  Internet  192.168.1.2             0   0024.e864.01a8  ARPA   FastEthernet0/1.3
  Internet  192.168.1.3           155   0011.5c73.28c0  ARPA   FastEthernet0/1.3
  Internet  192.168.1.5            61   4802.2a4c.1c74  ARPA   FastEthernet0/1.3
  Internet  192.168.1.20            0   5cf9.dd52.5fa9  ARPA   FastEthernet0/1.3
  Internet  192.168.1.50            0   308c.fb47.f2d9  ARPA   FastEthernet0/1.3
  Internet  192.168.1.51            1   ec35.8677.4057  ARPA   FastEthernet0/1.3
  Internet  192.168.1.52            1   b418.d136.ef72  ARPA   FastEthernet0/1.3
  Internet  192.168.1.53            1   8853.9572.e113  ARPA   FastEthernet0/1.3
  Internet  192.168.1.54           12   0009.b044.9f23  ARPA   FastEthernet0/1.3
  Internet  192.168.1.55            0   f47b.5e9a.7ae5  ARPA   FastEthernet0/1.3
  Internet  192.168.1.149           0   001e.4fc5.a199  ARPA   FastEthernet0/1.3
  Internet  192.168.1.174           0   b8ac.6fff.af83  ARPA   FastEthernet0/1.3
  CISCO-2811#sh ip route
  Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
         D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
         N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
         E1 - OSPF external type 1, E2 - OSPF external type 2
         i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
         ia - IS-IS inter area, * - candidate default, U - per-user static route
         o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
         + - replicated route, % - next hop override
  Gateway of last resort is 10.10.1.1 to network 0.0.0.0
  S*    0.0.0.0/0 [1/0] via 10.10.1.1
        10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
  C        10.10.1.0/30 is directly connected, FastEthernet0/0
  L        10.10.1.2/32 is directly connected, FastEthernet0/0
        172.16.0.0/16 is variably subnetted, 4 subnets, 2 masks
  C        172.16.10.0/24 is directly connected, FastEthernet0/1.1
  L        172.16.10.1/32 is directly connected, FastEthernet0/1.1
  C        172.16.20.0/24 is directly connected, FastEthernet0/1.2
  L        172.16.20.1/32 is directly connected, FastEthernet0/1.2
        192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
  C        192.168.1.0/24 is directly connected, FastEthernet0/1.3
  L        192.168.1.1/32 is directly connected, FastEthernet0/1.3
  ASA
  ASA5510# sh arp
          Inside 10.10.1.2 0019.55a7.2ae8 12342
          Outside 199.195.168.113 000c.4243.581a 2
          Outside 199.195.168.116 e05f.b947.116b 2436
          Outside 199.195.168.120 0017.c58a.1123 9192
          DMZ 10.10.0.2 0025.849f.63e0 3192
          VOIP 10.10.2.2 000d.bcdc.fc40 7754
  ASA5510# sh route
  Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
         D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
         N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
         E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
         i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
         * - candidate default, U - per-user static route, o - ODR
         P - periodic downloaded static route
  Gateway of last resort is 199.195.168.113 to network 0.0.0.0
  S    172.16.20.0 255.255.255.0 [1/0] via 10.10.1.2, Inside
  S    172.16.10.0 255.255.255.0 [1/0] via 10.10.1.2, Inside
  S    128.162.1.0 255.255.255.0 [1/0] via 10.10.0.2, DMZ
  S    128.162.10.0 255.255.255.0 [1/0] via 10.10.0.2, DMZ
  S    128.162.20.0 255.255.255.0 [1/0] via 10.10.0.2, DMZ
  C    199.195.168.112 255.255.255.240 is directly connected, Outside
  C    10.10.0.0 255.255.255.252 is directly connected, DMZ
  C    10.10.1.0 255.255.255.252 is directly connected, Inside
  S    192.168.1.0 255.255.255.0 [1/0] via 10.10.1.2, Inside
  S*   0.0.0.0 0.0.0.0 [1/0] via 199.195.168.113, Outside
  ASA5510# show xlate
  35 in use, 784 most used
  Flags: D - DNS, e - extended, I - identity, i - dynamic, r - portmap,
         s - static, T - twice, N - net-to-net
  TCP PAT from DMZ:10.10.0.2 22-22 to Outside:199.195.168.x 2222-2222
      flags sr idle 481:54:14 timeout 0:00:00
  TCP PAT from Inside:10.10.1.2 22-22 to Outside:199.195.168.x 222-222
      flags sr idle 51:06:46 timeout 0:00:00
  TCP PAT from VOIP:10.10.2.2 22-22 to Outside:199.195.168.x 2223-2223
      flags sr idle 687:32:27 timeout 0:00:00
  TCP PAT from Inside:192.168.1.2 3389-3389 to Outside:199.195.168.x 3389-3389
      flags sr idle 457:17:01 timeout 0:00:00
  TCP PAT from Inside:192.168.1.5 80-80 to Outside:199.195.168.x 8080-8080
      flags sr idle 52:18:58 timeout 0:00:00
  NAT from Outside:0.0.0.0/0 to any:0.0.0.0/0
      flags sIT idle 353:10:21 timeout 0:00:00
  UDP PAT from any:10.10.1.2/52581 to Outside:199.195.168.x/52581 flags ri idle 0:00:00 timeout 0:00:30
  UDP PAT from any:10.10.1.2/55389 to Outside:199.195.168.x/55389 flags ri idle 0:00:03 timeout 0:00:30
  UDP PAT from any:10.10.1.2/51936 to Outside:199.195.168.x/51936 flags ri idle 0:00:04 timeout 0:00:30
  UDP PAT from any:10.10.1.2/51345 to Outside:199.195.168.x/51345 flags ri idle 0:00:09 timeout 0:00:30
  UDP PAT from any:10.10.1.2/55985 to Outside:199.195.168.x/55985 flags ri idle 0:00:18 timeout 0:00:30
  UDP PAT from any:10.10.1.2/49368 to Outside:199.195.168.x/49368 flags ri idle 0:00:22 timeout 0:00:30
  UDP PAT from any:10.10.1.2/52441 to Outside:199.195.168.x/52441 flags ri idle 0:00:23 timeout 0:00:30
  TCP PAT from any:10.10.1.2/57908 to Outside:199.195.168.x/57908 flags ri idle 0:08:37 timeout 0:00:30
  TCP PAT from any:10.10.1.2/57907 to Outside:199.195.168.x/57907 flags ri idle 0:08:37 timeout 0:00:30
  TCP PAT from any:10.10.1.2/57906 to Outside:199.195.168.x/57906 flags ri idle 0:08:37 timeout 0:00:30
  TCP PAT from any:10.10.1.2/57896 to Outside:199.195.168.x/57896 flags ri idle 0:09:09 timeout 0:00:30
  TCP PAT from any:10.10.1.2/57879 to Outside:199.195.168.x/57879 flags ri idle 0:10:23 timeout 0:00:30
  TCP PAT from any:10.10.1.2/49441 to Outside:199.195.168.x/49441 flags ri idle 0:20:52 timeout 0:00:30
  TCP PAT from any:10.10.1.2/57868 to Outside:199.195.168.x/57868 flags ri idle 0:25:28 timeout 0:00:30
  TCP PAT from any:10.10.1.2/60519 to Outside:199.195.168.x/60519 flags ri idle 0:44:11 timeout 0:00:30
  TCP PAT from any:10.10.1.2/60491 to Outside:199.195.168.x/60491 flags ri idle 0:44:20 timeout 0:00:30
  TCP PAT from any:10.10.1.2/60484 to Outside:199.195.168.x/60484 flags ri idle 0:44:35 timeout 0:00:30
  TCP PAT from any:10.10.1.2/60480 to Outside:199.195.168.x/60480 flags ri idle 0:44:51 timeout 0:00:30
  TCP PAT from any:10.10.1.2/53851 to Outside:199.195.168.x/53851 flags ri idle 0:54:14 timeout 0:00:30
  TCP PAT from any:10.10.1.2/57812 to Outside:199.195.168.x/57812 flags ri idle 0:58:30 timeout 0:00:30
  TCP PAT from any:10.10.1.2/57810 to Outside:199.195.168.x/57810 flags ri idle 0:58:32 timeout 0:00:30
  TCP PAT from any:10.10.1.2/53847 to Outside:199.195.168.x/53847 flags ri idle 1:00:18 timeout 0:00:30
  TCP PAT from any:10.10.1.2/57808 to Outside:199.195.168.x/57808 flags ri idle 1:07:58 timeout 0:00:30
  TCP PAT from any:10.10.1.2/60406 to Outside:199.195.168.x/60406 flags ri idle 1:42:13 timeout 0:00:30
  TCP PAT from any:10.10.1.2/49259 to Outside:199.195.168.x/49259 flags ri idle 7:39:44 timeout 0:00:30
  TCP PAT from any:10.10.1.2/49191 to Outside:199.195.168.x/49191 flags ri idle 7:42:39 timeout 0:00:30
  TCP PAT from any:10.10.1.2/55951 to Outside:199.195.168.x/55951 flags ri idle 23:11:40 timeout 0:00:30
  TCP PAT from any:10.10.1.2/55944 to Outside:199.195.168.x/55944 flags ri idle 23:15:19 timeout 0:00:30
  TCP PAT from any:10.10.1.2/55942 to Outside:199.195.168.x/55942 flags ri idle 23:15:24 timeout 0:00:30
  ASA5510# sh conn all
  149 in use, 815 most used
  TCP Outside  74.125.193.108:993 Inside  10.10.1.2:57879, idle 0:12:37, bytes 6398, flags UIO
  TCP Outside  174.35.24.74:80 Inside  192.168.1.20:53879, idle 0:00:01, bytes 0, flags saA
  TCP Outside  174.35.24.74:80 Inside  192.168.1.20:53878, idle 0:00:01, bytes 0, flags saA
  TCP Outside  17.149.36.177:5223 Inside  10.10.1.2:60480, idle 0:16:53, bytes 4539, flags UIO
  TCP Outside  98.22.121.19:443 Inside  192.168.1.20:53877, idle 0:00:02, bytes 0, flags saA
  TCP Outside  98.22.121.19:443 Inside  192.168.1.20:53876, idle 0:00:02, bytes 0, flags saA
  TCP Outside  98.22.121.19:443 Inside  192.168.1.20:53875, idle 0:00:05, bytes 0, flags saA
  TCP Outside  98.22.121.19:443 Inside  192.168.1.20:53874, idle 0:00:05, bytes 0, flags saA
  TCP Outside  98.22.121.19:443 Inside  192.168.1.20:53872, idle 0:00:11, bytes 0, flags saA
  TCP Outside  98.22.121.19:443 Inside  192.168.1.20:53871, idle 0:00:11, bytes 0, flags saA
  TCP Outside  98.22.121.19:443 Inside  192.168.1.20:53868, idle 0:00:08, bytes 0, flags saA
  TCP Outside  98.22.121.19:443 Inside  192.168.1.20:53867, idle 0:00:08, bytes 0, flags saA
  TCP Outside  98.22.121.19:443 Inside  192.168.1.20:53860, idle 0:00:17, bytes 0, flags saA
  TCP Outside  98.22.121.19:443 Inside  192.168.1.20:53859, idle 0:00:17, bytes 0, flags saA
  TCP Outside  17.172.233.95:5223 Inside  10.10.1.2:49191, idle 0:18:48, bytes 7384, flags UIO
  TCP Outside  17.178.100.43:443 Inside  10.10.1.2:57810, idle 0:56:21, bytes 5797, flags UFIO
  TCP Outside  23.206.216.93:80 Inside  10.10.1.2:53847, idle 0:54:15, bytes 2683, flags UFIO
  TCP Outside  143.127.93.90:80 Inside  10.10.1.2:49259, idle 0:12:20, bytes 13315, flags UIO
  TCP Outside  74.125.225.53:443 Inside  192.168.1.20:53864, idle 0:00:11, bytes 0, flags saA
  UDP Outside  199.195.168.4:53 Inside  192.168.1.2:49204, idle 0:00:04, bytes 67, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.174:50122, idle 0:00:07, bytes 43, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.2:63275, idle 0:00:08, bytes 54, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.2:63306, idle 0:00:18, bytes 51, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.2:65059, idle 0:00:22, bytes 46, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.2:64681, idle 0:00:30, bytes 54, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.2:64661, idle 0:00:30, bytes 51, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.20:55618, idle 0:00:32, bytes 43, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.2:65056, idle 0:00:33, bytes 48, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.55:59433, idle 0:00:41, bytes 33, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.20:52178, idle 0:00:42, bytes 33, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.174:61414, idle 0:00:43, bytes 34, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.2:65438, idle 0:00:44, bytes 44, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.2:63686, idle 0:00:44, bytes 51, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.2:65416, idle 0:00:45, bytes 45, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.52:53047, idle 0:00:47, bytes 32, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.52:62213, idle 0:00:46, bytes 74, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.52:52347, idle 0:00:46, bytes 92, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.52:58069, idle 0:00:46, bytes 64, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.52:50753, idle 0:00:46, bytes 74, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.2:65381, idle 0:00:50, bytes 50, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.2:65082, idle 0:00:50, bytes 51, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.2:64038, idle 0:00:50, bytes 54, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.2:49309, idle 0:00:51, bytes 43, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.2:64034, idle 0:00:51, bytes 54, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.2:49197, idle 0:00:51, bytes 50, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.2:64728, idle 0:00:51, bytes 49, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.2:64309, idle 0:00:51, bytes 54, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.2:63289, idle 0:00:51, bytes 51, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.2:64174, idle 0:00:52, bytes 54, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.55:39286, idle 0:01:09, bytes 33, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.2:63726, idle 0:01:09, bytes 54, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.2:65482, idle 0:01:12, bytes 51, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.2:65091, idle 0:01:13, bytes 61, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.2:64976, idle 0:01:13, bytes 57, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.2:63749, idle 0:00:51, bytes 103, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.2:64043, idle 0:01:14, bytes 52, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.2:64267, idle 0:01:24, bytes 45, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.2:64467, idle 0:01:26, bytes 45, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.2:65504, idle 0:01:26, bytes 46, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.55:38946, idle 0:01:35, bytes 33, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.2:63701, idle 0:01:38, bytes 51, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.2:63879, idle 0:01:46, bytes 45, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.174:58516, idle 0:01:49, bytes 51, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.2:63227, idle 0:01:51, bytes 62, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.174:65446, idle 0:01:53, bytes 43, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.2:49166, idle 0:01:55, bytes 54, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.55:56680, idle 0:02:01, bytes 33, flags -
  UDP Outside  192.55.83.30:53 Inside  192.168.1.2:65073, idle 0:00:44, bytes 50, flags -
  TCP Outside  74.125.193.109:993 Inside  10.10.1.2:57808, idle 0:39:33, bytes 6392, flags UFIO
  TCP Outside  74.125.225.54:443 Inside  192.168.1.20:53863, idle 0:00:13, bytes 0, flags saA
  TCP Outside  143.127.93.89:80 Inside  10.10.1.2:60519, idle 0:46:30, bytes 346, flags UO
  TCP Outside  74.125.225.32:443 Inside  192.168.1.20:53881, idle 0:00:01, bytes 0, flags saA
  TCP Outside  74.125.225.32:443 Inside  192.168.1.20:53880, idle 0:00:01, bytes 0, flags saA
  UDP Outside  205.171.3.65:53 Inside  192.168.1.52:60627, idle 0:00:39, bytes 78, flags -
  UDP Outside  205.171.3.65:53 Inside  192.168.1.52:52088, idle 0:00:39, bytes 86, flags -
  UDP Outside  205.171.3.65:53 Inside  192.168.1.52:50533, idle 0:00:39, bytes 76, flags -
  UDP Outside  205.171.3.65:53 Inside  192.168.1.52:63347, idle 0:00:39, bytes 80, flags -
  UDP Outside  205.171.3.65:53 Inside  192.168.1.52:62213, idle 0:00:40, bytes 37, flags -
  UDP Outside  205.171.3.65:53 Inside  192.168.1.52:52347, idle 0:00:40, bytes 46, flags -
  UDP Outside  205.171.3.65:53 Inside  192.168.1.52:58069, idle 0:00:40, bytes 32, flags -
  UDP Outside  205.171.3.65:53 Inside  192.168.1.52:50753, idle 0:00:40, bytes 37, flags -
  UDP Outside  205.171.3.65:53 Inside  192.168.1.174:52254, idle 0:01:09, bytes 43, flags -
  UDP Outside  205.171.3.65:53 Inside  192.168.1.174:50791, idle 0:01:25, bytes 35, flags -
  TCP Outside  74.125.225.46:443 Inside  192.168.1.20:53870, idle 0:00:08, bytes 0, flags saA
  TCP Outside  17.173.255.101:443 Inside  10.10.1.2:53851, idle 0:56:33, bytes 58, flags UfIO
  TCP Outside  64.4.23.147:33033 Inside  10.10.1.2:55944, idle 0:44:45, bytes 558164, flags UFIO
  TCP Outside  74.125.225.35:443 Inside  192.168.1.20:53869, idle 0:00:09, bytes 0, flags saA
  UDP Outside  64.4.23.175:33033 Inside  192.168.1.174:26511, idle 0:01:17, bytes 28, flags -
  UDP Outside  192.54.112.30:53 Inside  192.168.1.2:65380, idle 0:00:44, bytes 49, flags -
  TCP Outside  74.125.142.108:993 Inside  10.10.1.2:57908, idle 0:10:47, bytes 7895, flags UIO
  TCP Outside  74.125.142.108:993 Inside  10.10.1.2:57907, idle 0:10:49, bytes 20323, flags UIO
  TCP Outside  74.125.142.108:993 Inside  10.10.1.2:57906, idle 0:10:47, bytes 6539, flags UIO
  TCP Outside  74.125.142.108:993 Inside  10.10.1.2:57868, idle 0:27:44, bytes 6395, flags UIO
  TCP Outside  91.190.218.59:443 Inside  10.10.1.2:55942, idle 0:41:39, bytes 2727, flags UFIO
  TCP Outside  17.172.233.123:5223 Inside  10.10.1.2:49441, idle 0:23:10, bytes 4409, flags UIO
  TCP Outside  74.125.225.41:443 Inside  192.168.1.20:53862, idle 0:00:16, bytes 0, flags saA
  TCP Outside  74.125.225.41:443 Inside  192.168.1.20:53861, idle 0:00:16, bytes 0, flags saA
  TCP Outside  143.127.93.115:80 Inside  10.10.1.2:60406, idle 0:42:59, bytes 970, flags UFIO
  TCP Outside  143.127.93.118:80 Inside  10.10.1.2:60484, idle 0:46:54, bytes 328, flags UO
  TCP Outside  17.172.233.98:5223 Inside  10.10.1.2:57896, idle 0:11:28, bytes 5081, flags UIO
  UDP Outside  111.221.74.16:33033 Inside  192.168.1.174:26511, idle 0:01:18, bytes 31, flags -
  TCP Outside  17.149.36.103:5223 Inside  192.168.1.174:60729, idle 0:00:04, bytes 0, flags saA
  UDP Outside  192.5.6.30:53 Inside  192.168.1.2:65317, idle 0:00:44, bytes 51, flags -
  UDP Outside  192.12.94.30:53 Inside  192.168.1.2:65356, idle 0:00:44, bytes 54, flags -
  TCP Outside  17.149.36.180:5223 Inside  10.10.1.2:55951, idle 0:46:08, bytes 14059, flags UFIO
  UDP Outside  111.221.74.28:33033 Inside  192.168.1.174:26511, idle 0:01:20, bytes 33, flags -
  TCP Outside  63.235.20.160:80 Inside  192.168.1.20:53873, idle 0:00:08, bytes 0, flags saA
  TCP Outside  50.19.127.112:443 Inside  192.168.1.50:60678, idle 0:00:00, bytes 0, flags saA
  TCP Outside  65.55.122.234:80 Inside  192.168.1.174:60728, idle 0:00:14, bytes 0, flags saA
  TCP Outside  65.55.122.234:80 Inside  192.168.1.174:60727, idle 0:00:15, bytes 0, flags saA
  TCP Outside  65.55.122.234:80 Inside  192.168.1.174:60726, idle 0:00:15, bytes 0, flags saA
  TCP Outside  65.55.122.234:443 Inside  192.168.1.174:2492, idle 0:00:16, bytes 0, flags saA
  TCP Outside  65.55.122.234:2492 Inside  192.168.1.174:2492, idle 0:00:16, bytes 0, flags saA
  UDP Outside  157.55.56.170:33033 Inside  192.168.1.174:26511, idle 0:01:21, bytes 37, flags -
  TCP Outside  74.125.230.207:443 Inside  192.168.1.20:53866, idle 0:00:11, bytes 0, flags saA
  TCP Outside  74.125.230.207:443 Inside  192.168.1.20:53865, idle 0:00:11, bytes 0, flags saA
  UDP Outside  111.221.74.18:33033 Inside  192.168.1.174:26511, idle 0:01:17, bytes 29, flags -
  UDP Outside  8.8.8.8:53 Inside  192.168.1.20:55546, idle 0:00:06, bytes 46, flags -
  UDP Outside  8.8.8.8:53 Inside  192.168.1.20:60277, idle 0:00:06, bytes 46, flags -
  UDP Outside  8.8.8.8:53 Inside  192.168.1.20:55618, idle 0:00:34, bytes 43, flags -
  UDP Outside  8.8.8.8:53 Inside  192.168.1.52:60627, idle 0:00:36, bytes 78, flags -
  UDP Outside  8.8.8.8:53 Inside  192.168.1.52:52088, idle 0:00:36, bytes 86, flags -
  UDP Outside  8.8.8.8:53 Inside  192.168.1.52:50533, idle 0:00:36, bytes 76, flags -
  UDP Outside  8.8.8.8:53 Inside  192.168.1.52:63347, idle 0:00:36, bytes 80, flags -
  UDP Outside  8.8.8.8:53 Inside  192.168.1.20:56958, idle 0:01:24, bytes 34, flags -
  UDP Outside  8.8.8.8:53 Inside  192.168.1.20:51360, idle 0:01:26, bytes 34, flags -
  UDP Outside  8.8.8.8:53 Inside  192.168.1.174:50791, idle 0:01:27, bytes 35, flags -
  UDP Outside  8.8.8.8:53 Inside  192.168.1.20:54134, idle 0:01:46, bytes 34, flags -
  UDP Outside  8.8.8.8:53 Inside  192.168.1.174:58516, idle 0:01:50, bytes 51, flags -
  TCP Outside  23.207.7.46:80 Inside  192.168.1.55:59350, idle 0:00:02, bytes 0, flags saA
  TCP Outside  23.207.7.46:80 Inside  192.168.1.55:59349, idle 0:00:16, bytes 0, flags saA
  UDP Outside  205.171.2.65:53 Inside  192.168.1.174:50122, idle 0:00:09, bytes 43, flags -
  UDP Outside  205.171.2.65:53 Inside  192.168.1.55:48088, idle 0:00:42, bytes 33, flags -
  UDP Outside  205.171.2.65:53 Inside  192.168.1.52:62213, idle 0:00:45, bytes 74, flags -
  UDP Outside  205.171.2.65:53 Inside  192.168.1.52:52347, idle 0:00:45, bytes 92, flags -
  UDP Outside  205.171.2.65:53 Inside  192.168.1.52:58069, idle 0:00:45, bytes 64, flags -
  UDP Outside  205.171.2.65:53 Inside  192.168.1.52:50753, idle 0:00:45, bytes 74, flags -
  UDP Outside  205.171.2.65:53 Inside  192.168.1.174:61414, idle 0:00:47, bytes 34, flags -
  UDP Outside  205.171.2.65:53 Inside  192.168.1.55:54481, idle 0:01:08, bytes 33, flags -
  UDP Outside  205.171.2.65:53 Inside  192.168.1.174:52254, idle 0:01:09, bytes 43, flags -
  UDP Outside  205.171.2.65:53 Inside  192.168.1.55:40285, idle 0:01:34, bytes 33, flags -
  UDP Outside  205.171.2.65:53 Inside  192.168.1.174:65446, idle 0:01:55, bytes 43, flags -
  UDP Outside  205.171.2.65:53 Inside  192.168.1.55:46155, idle 0:02:00, bytes 33, flags -
  UDP Outside  66.104.81.70:5070 Inside  192.168.1.174:57609, idle 0:00:11, bytes 46, flags -
  UDP Outside  64.4.23.156:33033 Inside  192.168.1.174:26511, idle 0:01:14, bytes 38, flags -
  TCP Outside  65.54.167.15:12350 Inside  10.10.1.2:60491, idle 0:11:02, bytes 1405, flags UIO
  TCP Outside  17.172.192.35:443 Inside  10.10.1.2:57812, idle 0:56:11, bytes 6116, flags UFIO
  UDP Outside  157.55.56.176:33033 Inside  192.168.1.174:26511, idle 0:01:16, bytes 32, flags -
  TCP Inside  192.168.1.20:53667 NP Identity Ifc  10.10.1.1:22, idle 0:00:00, bytes 37555, flags UOB
  TCP Inside  10.10.1.2:53431 NP Identity Ifc  10.10.1.1:22, idle 0:09:03, bytes 20739, flags UOB
  Ran on the ASA while overload statements were down on the router:
  ASA5510#   packet-tracer input Inside tcp 192.168.1.100 12345 8.8.8.8 80
  Phase: 1
  Type: ROUTE-LOOKUP
  Subtype: input
  Result: ALLOW
  Config:
  Additional Information:
  in   0.0.0.0         0.0.0.0         Outside
  Phase: 2
  Type: NAT
  Subtype: per-session
  Result: ALLOW
  Config:
  Additional Information:
  Phase: 3
  Type: IP-OPTIONS
  Subtype:
  Result: ALLOW
  Config:
  Additional Information:
  Phase: 4
  Type: NAT
  Subtype: per-session
  Result: ALLOW
  Config:
  Additional Information:
  Phase: 5
  Type: IP-OPTIONS
  Subtype:
  Result: ALLOW
  Config:
  Additional Information:
  Phase: 6
  Type: FLOW-CREATION
  Subtype:
  Result: ALLOW
  Config:
  Additional Information:
  New flow created with id 1988699, packet dispatched to next module
  Result:
  input-interface: Inside
  input-status: up
  input-line-status: up
  output-interface: Outside
  output-status: up
  output-line-status: up
  Action: allow
  Had to put these back in to get to the internet:
  CISCO-2811#conf t
  Enter configuration commands, one per line.  End with CNTL/Z.
  CISCO-2811(config)#inter
  CISCO-2811(config)#interface f
  CISCO-2811(config)#interface fastEthernet 0/0
  CISCO-2811(config-if)#ip nat
  CISCO-2811(config-if)#ip nat Outside
  CISCO-2811(config-if)#exit
  CISCO-2811(config)#in
  CISCO-2811(config)#interface f
  CISCO-2811(config)#interface fastEthernet 0/1.3
  CISCO-2811(config-subif)#ip nat inside
  CISCO-2811(config-subif)#exit
  CISCO-2811(config)#$de source list 1 interface FastEthernet0/0 overload
  CISCO-2811(config)#
  Screenshot of ASDM:

• Little help please with forwarding traffic to proxy server!

  hi all, little help please with this error message
  i got this when i ran my code and requested only the home page of the google at my client side !!
  GET / HTTP/1.1
  Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-shockwave-flash, */*
  Accept-Language: en-us
  UA-CPU: x86
  Accept-Encoding: gzip, deflate
  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; InfoPath.2; .NET CLR 2.0.50727)
  Host: www.google.com
  Connection: Keep-Alive
  Cookie: PREF=ID=a21457942a93fc67:TB=2:TM=1212883502:LM=1213187620:GM=1:S=H1BYeDQt9622ONKF
  HTTP/1.0 200 OK
  Cache-Control: private, max-age=0
  Date: Fri, 20 Jun 2008 22:43:15 GMT
  Expires: -1
  Content-Type: text/html; charset=UTF-8
  Content-Encoding: gzip
  Server: gws
  Content-Length: 2649
  X-Cache: MISS from linux-e6p8
  X-Cache-Lookup: MISS from linux-e6p8:3128
  Via: 1.0
  Connection: keep-alive
  GET /8SE/11?MI=32d919696b43409cb90ec369fe7aab75&LV=3.1.0.146&AG=T14050&IS=0000&TE=1&TV=tmen-us%7Cts20080620224324%7Crf0%7Csq38%7Cwi133526%7Ceuhttp%3A%2F%2Fwww.google.com%2F HTTP/1.1
  User-Agent: MSN_SL/3.1 Microsoft-Windows/5.1
  Host: g.ceipmsn.com
  HTTP/1.0 403 Forbidden
  Server: squid/2.6.STABLE5
  Date: Sat, 21 Jun 2008 01:46:26 GMT
  Content-Type: text/html
  Content-Length: 1066
  Expires: Sat, 21 Jun 2008 01:46:26 GMT
  X-Squid-Error: ERR_ACCESS_DENIED 0
  X-Cache: MISS from linux-e6p8
  X-Cache-Lookup: NONE from linux-e6p8:3128
  Via: 1.0
  Connection: close
  java.net.SocketException: Broken pipe // this is the error message
  at java.net.SocketOutputStream.socketWrite0(Native Method)
  at java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:92)
  at java.net.SocketOutputStream.write(SocketOutputStream.java:115)
  at java.io.DataOutputStream.writeBytes(DataOutputStream.java:259)
  at SimpleHttpHandler.run(Test77.java:61)
  at java.lang.Thread.run(Thread.java:595)
  at Test77.main(Test77.java:13)

  please could just tell me what is wrong with my code ! this is the last idea in my G.p and am havin difficulties with that cuz this is the first time dealin with java :( the purpose of my code to forward the http traffic from client to Squid server ( proxy server ) then forward the response from squid server to the clients !
  thanx a lot,
  this is my code :
  import java.io.*;
  import java.net.*;
  public class Test7 {
  public static void main(String[] args) {
  try {
  ServerSocket serverSocket = new ServerSocket(1416);
  while(true){
  System.out.println("Waiting for request");
  Socket socket = serverSocket.accept();
  new Thread(new SimpleHttpHandler(socket)).run();
  socket.close();
  catch (Exception e) {
  e.printStackTrace();
  class SimpleHttpHandler implements Runnable{
  private final static String CLRF = "\r\n";
  private Socket client;
  private DataOutputStream writer;
  private DataOutputStream writer2;
  private BufferedReader reader;
  private BufferedReader reader2;
  public SimpleHttpHandler(Socket client){
  this.client = client;
  public void run(){
  try{
  this.reader = new BufferedReader(
  new InputStreamReader(
  this.client.getInputStream()
  InetAddress ipp=InetAddress.getByName("192.168.6.29"); \\ my squid server
  System.out.println(ipp);
  StringBuffer buffer = new StringBuffer();
  Socket ss=new Socket(ipp,3128);
  this.writer= new DataOutputStream(ss.getOutputStream());
  writer.writeBytes(this.read());
  this.reader2 = new BufferedReader(
  new InputStreamReader(
  ss.getInputStream()
  this.writer2= new DataOutputStream(this.client.getOutputStream());
  writer2.writeBytes(this.read2());
  this.writer2.close();
  this.writer.close();
  this.reader.close();
  this.reader2.close();
  this.client.close();
  catch(Exception e){
  e.printStackTrace();
  private String read() throws IOException{
  String in = "";
  StringBuffer buffer = new StringBuffer();
  while(!(in = this.reader.readLine()).trim().equals("")){
  buffer.append(in + "\n");
  buffer.append(in + "\n");
  System.out.println(buffer.toString());
  return buffer.toString();
  private String read2() throws IOException{
  String in = "";
  StringBuffer buffer = new StringBuffer();
  while(!(in = this.reader2.readLine()).trim().equals("")){
  buffer.append(in + "\n");
  System.out.println(buffer.toString());
  return buffer.toString();
  Edited by: Tareq85 on Jun 20, 2008 5:22 PM

• VPN stops forwarding traffic on subsequent connections (Cisco 861)

  Hello everyone,
  I have a very strange problem on 2 (independent) Cisco 861 routers in different places.
  They are both configured as easyVPN servers. One uses UDP, the other TCP. VPN clients connect by using Cisco VPN client software. This cannot be changed because the customer expects it this way. Both routers have the same problem:
  * the first VPN connection after a reset works fine. Traffic passes through and it is perfectly usable. I can ping the internal network interface on the router side from the client without problems.
  * the second connection (and all subsequent ones from different client machines etc.) connects fine, no errors on the client whatsoever (not sure I evaluated all possible debug output on the "server" side). However,  no traffic passes through. Pings do not come back from the 861 anymore through the VPN tunnel.
  I already enabled ICMP debugging and saw that pings are actually answered by the 861, but do not reach the client.The same seems to happen to any and all other packets as well.
  * If I restart the 861 the very same thing happens: first VPN connection works fine. You disconnect, try another connection from the very same client computer, and it does not work anymore until the next router reset.
  I append the configuration for sake of completeness. confidential parts are represented by XXX. Some ACLs are not in use right now; I used them for testing.
  Quite frankly, I am out of ideas (and desperate).
  Any ideas?
  Best Regards
  Mike
  version 15.0
  no service pad
  service tcp-keepalives-in
  service tcp-keepalives-out
  service timestamps debug datetime msec localtime show-timezone
  service timestamps log datetime msec localtime show-timezone
  service password-encryption
  service sequence-numbers
  hostname XXX
  boot-start-marker
  boot-end-marker
  logging buffered 51200
  logging console critical
  enable secret 5 XXX
  enable password 7 XXX
  aaa new-model
  aaa authentication login default local
  aaa authentication login ciscocp_vpn_xauth_ml_1 local
  aaa authorization exec default local
  aaa authorization network ciscocp_vpn_group_ml_1 local
  aaa session-id common
  memory-size iomem 10
  clock timezone Berlin 1
  crypto pki trustpoint TP-self-signed-2638506017
  enrollment selfsigned
  subject-name cn=IOS-Self-Signed-Certificate-2638506017
  revocation-check none
  rsakeypair TP-self-signed-2638506017
  no ip source-route
  ip cef
  no ip bootp server
  ip domain name local
  license udi pid CISCO861-K9 sn XXX
  archive
  log config
    hidekeys
  no spanning-tree vlan 1
  username root privilege 15 secret 5 XXX
  username remote secret 5 XXX
  crypto ctcp port 10000
  ip tcp synwait-time 10
  ip ssh time-out 60
  ip ssh authentication-retries 2
  crypto isakmp policy 1
  encr 3des
  authentication pre-share
  group 2
  crypto isakmp nat keepalive 20
  crypto isakmp client configuration group vpn
  key XXX
  pool SDM_POOL_1
  acl 104
  netmask 255.255.255.0
  crypto isakmp profile ciscocp-ike-profile-1
     match identity group vpn
     client authentication list ciscocp_vpn_xauth_ml_1
     isakmp authorization list ciscocp_vpn_group_ml_1
     client configuration address respond
     client configuration group vpn
     virtual-template 1
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto ipsec profile CiscoCP_Profile1
  set transform-set ESP-3DES-SHA
  set isakmp-profile ciscocp-ike-profile-1
  interface Loopback0
  ip address 192.168.234.1 255.255.255.0
  interface FastEthernet0
  interface FastEthernet1
  interface FastEthernet2
  interface FastEthernet3
  interface FastEthernet4
  ip address dhcp
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip flow ingress
  duplex auto
  speed auto
  interface Virtual-Template1 type tunnel
  ip unnumbered Loopback0
  tunnel mode ipsec ipv4
  tunnel protection ipsec profile CiscoCP_Profile1
  interface Vlan1
  description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
  ip address 192.168.233.1 255.255.255.0
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip flow ingress
  ip virtual-reassembly
  ip tcp adjust-mss 1452
  ip local pool SDM_POOL_1 192.168.234.2 192.168.234.127
  ip forward-protocol nd
  no ip http server
  ip http secure-server
  ip http timeout-policy idle 60 life 86400 requests 10000
  ip route 10.179.232.0 255.255.255.0 192.168.233.2
  ip route 172.16.0.0 255.255.0.0 192.168.233.2
  ip access-list log-update threshold 10
  logging trap debugging
  access-list 1 remark INSIDE_IF=Vlan1
  access-list 1 remark CCP_ACL Category=2
  access-list 1 permit 192.168.233.0 0.0.0.255
  access-list 100 remark XXX
  access-list 100 permit ip 192.168.233.0 0.0.0.255 any
  access-list 100 permit ip 192.168.234.0 0.0.0.255 any
  access-list 101 remark CCP_ACL Category=4
  access-list 101 permit ip 192.168.233.0 0.0.0.255 any
  access-list 101 permit ip 192.168.234.0 0.0.0.255 any
  access-list 102 permit ip 192.168.233.0 0.0.0.255 192.168.234.0 0.0.0.255
  access-list 103 permit ip 192.168.233.0 0.0.0.255 192.168.234.0 0.0.0.255 log
  access-list 103 permit ip 192.168.234.0 0.0.0.255 192.168.233.0 0.0.0.255 log
  access-list 104 permit ip 192.168.233.0 0.0.0.255 any log-input
  access-list 104 permit ip 192.168.234.0 0.0.0.255 any log-input
  no cdp run
  control-plane
  banner exec ^CCC
  XXX
  ^C
  banner login ^CCC
  XXX
  ^C
  line con 0
  no modem enable
  transport output telnet
  line aux 0
  transport output telnet
  line vty 0 4
  privilege level 15
  transport input ssh
  scheduler max-task-time 5000
  scheduler allocate 4000 1000
  scheduler interval 500
  end

  Hi,
  I addded a dynamic crypto map to the configuration according to the document you sent. However, it does not work yet.
  There must be some stupid mistake or mixup with the old config.
  The router logs:
  000038: *Mar  1 01:19:24.047 Berlin: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Aggressive mode failed with peer at XXX
  000039: *Mar  1 01:19:29.403 Berlin: CTCP: cTCP connection entry not found. Dropping the packet
  Correspondingly, the client retransmits a few times during a connection attempt and then fails.
  The current configuration is:
  version 15.0
  no service pad
  service tcp-keepalives-in
  service tcp-keepalives-out
  service timestamps debug datetime msec localtime show-timezone
  service timestamps log datetime msec localtime show-timezone
  service password-encryption
  service sequence-numbers
  hostname XXX
  boot-start-marker
  boot-end-marker
  logging buffered 51200
  logging console critical
  enable secret XXX
  enable password XXX
  aaa new-model
  aaa authentication login default local
  aaa authentication login ciscocp_vpn_xauth_ml_1 local
  aaa authorization exec default local
  aaa authorization network ciscocp_vpn_group_ml_1 local
  aaa session-id common
  memory-size iomem 10
  clock timezone Berlin 1
  crypto pki trustpoint TP-self-signed-2638506017
  enrollment selfsigned
  subject-name cn=IOS-Self-Signed-Certificate-2638506017
  revocation-check none
  rsakeypair TP-self-signed-2638506017
  no ip source-route
  no ip cef
  no ip bootp server
  ip domain name local
  license udi pid CISCO861-K9 sn XXX
  archive
  log config
    hidekeys
  no spanning-tree vlan 1
  username root privilege 15 secret 5 XXX
  username remote secret 5 XXX
  crypto ctcp keepalive 10
  crypto ctcp port 10000
  ip tcp synwait-time 10
  ip ssh time-out 60
  ip ssh authentication-retries 2
  crypto isakmp policy 1
  encr 3des
  authentication pre-share
  group 2
  crypto isakmp nat keepalive 20
  crypto isakmp client configuration group vpn
  key XXX
  pool SDM_POOL_1
  acl 105
  netmask 255.255.255.0
  crypto isakmp client configuration group testgroup
  key XXX
  pool SDM_POOL_1
  crypto isakmp profile ciscocp-ike-profile-1
     match identity group vpn
     client authentication list ciscocp_vpn_xauth_ml_1
     isakmp authorization list ciscocp_vpn_group_ml_1
     client configuration address respond
     client configuration group vpn
  crypto isakmp profile VPNclient
     description VPN clients profile
     match identity group testgroup
     client authentication list clientauth
     isakmp authorization list groupauthor
     client configuration address respond
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto ipsec profile CiscoCP_Profile1
  set transform-set ESP-3DES-SHA
  set isakmp-profile ciscocp-ike-profile-1
  crypto dynamic-map dynmap 5
  set transform-set ESP-3DES-SHA
  set isakmp-profile VPNclient
  crypto map mymap 10 ipsec-isakmp dynamic dynmap
  interface Loopback0
  ip address 192.168.234.1 255.255.255.0
  interface FastEthernet0
  interface FastEthernet1
  interface FastEthernet2
  interface FastEthernet3
  interface FastEthernet4
  mtu 1300
  ip address dhcp
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip flow ingress
  duplex auto
  speed auto
  interface Virtual-Template1 type tunnel
  ip unnumbered Loopback0
  tunnel mode ipsec ipv4
  crypto map mymap
  interface Vlan1
  description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
  ip address 192.168.233.1 255.255.255.0
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip flow ingress
  ip virtual-reassembly
  ip tcp adjust-mss 1452
  ip local pool SDM_POOL_1 192.168.234.2 192.168.234.127
  ip forward-protocol nd
  no ip http server
  ip http secure-server
  ip http timeout-policy idle 60 life 86400 requests 10000
  ip route 10.179.232.0 255.255.255.0 192.168.233.2
  ip route 172.16.0.0 255.255.0.0 192.168.233.2
  ip access-list log-update threshold 10
  logging trap debugging
  access-list 1 remark INSIDE_IF=Vlan1
  access-list 1 remark CCP_ACL Category=2
  access-list 1 permit 192.168.233.0 0.0.0.255
  access-list 100 remark XXX
  access-list 100 permit ip 192.168.233.0 0.0.0.255 any
  access-list 100 permit ip 192.168.234.0 0.0.0.255 any
  access-list 101 remark CCP_ACL Category=4
  access-list 101 permit ip 192.168.233.0 0.0.0.255 any
  access-list 101 permit ip 192.168.234.0 0.0.0.255 any
  access-list 102 permit ip 192.168.233.0 0.0.0.255 192.168.234.0 0.0.0.255
  access-list 103 permit ip 192.168.233.0 0.0.0.255 192.168.234.0 0.0.0.255 log
  access-list 103 permit ip 192.168.234.0 0.0.0.255 192.168.233.0 0.0.0.255 log
  access-list 104 permit ip 192.168.233.0 0.0.0.255 any log-input
  access-list 104 permit ip 192.168.234.0 0.0.0.255 any log-input
  access-list 105 permit ip 192.168.233.0 0.0.0.255 192.168.234.0 0.0.0.255
  no cdp run
  control-plane
  banner exec ^CCC
  XXX
  ^C
  banner login ^CCC
  XXX
  ^C
  line con 0
  no modem enable
  transport output telnet
  line aux 0
  transport output telnet
  line vty 0 4
  privilege level 15
  transport input ssh
  scheduler max-task-time 5000
  scheduler allocate 4000 1000
  scheduler interval 500
  end

• Forwarding Traffic based on Domain name(Google).

  Hello ,
  Please let me know if this is possible.
  I have a asa5520 firewall with 8.2 version.I have two ISP's coming into my firewall for Internet. Currently I am forwarding all my traffic to one of the ISP. I would like to forward only traffic to Google to the second ISP. The reason I am trying to do this is Google reports my primary IP. The message users get is "
  When Google detects that a computer or phone on your network may be sending automated traffic to Google we may show the following message: "Our systems have detected unusual traffic from your computer network." after this message users will have to enter a captcha code.
  This is an intermittent issue. I would like to test it by forwarding only google traffic to my second ISP. I cannot forward all the traffic to my secondary IPS the reason is I am having site to site tunnels going on my default primary route and If I do it all my tunnels would go down.
  Any help regarding this issue or workaround would be appreciated.
  OR if I can actually find an IP/user on my inside network which is generating hight traffic to google which is resulting in entering the captcha code and sometimes opening multiple tabs. or if I can ratelimit to allow fixed number of connections to google.
  Thanks.

  Hello,
  First of all the ASA does not support PBR so thats our first wall.
  There are some tweaks that we could do with NAT but that would be based on the destination IP address. In this case you will be trying to do the NAT based on the FQDN which does not work.
  You will need to determine all of the IP address of google (I know..I know ) and then configure the NAT policies to tweak the Firewall behavior.
  How does this sound to you?
  Looking for some Networking Assistance? 
  Contact me directly at [email protected]
  I will fix your problem ASAP.
  Cheers,
  Julio Carvajal Segura
  http://laguiadelnetworking.com

• Interface attempting to forward traffic before link is up

  We have 2 3745 routers. Each one has a single link to seperate 3725. The 3745s are also linked to each other as are the 3725s. Traffic is routing fine through one link when that link goes down the traffic switches to the other link with little or no loss. When the original link is brought back up, packets are lost until the interface is in a forwarding state. It appears that traffic is forwarded through the link as soon as the link gets power. It does not wait until the interface is in a full forwarding state. We are using static routes between the 3745s and 3725s.
  Thank you for any advice you maybe able to offer.

  Whether to post the configs or not depends on whether you want to persue this further. It may be that as long as you understand why the behavior is this way that you can live with the behavior. (It seems to me to be a somewhat minor problem - how often does the router go down and how many packets really get lost?)
  But if you want to work around this behavior I think there is an alternative to consider. There is a fairly new feature in IOS called Object Tracking which can be used to control static routes. If you use this feature it would test whether the next hop address was reachable and only let the route into the table when the next hop was reachable. This link will give you information to evaluate this technique:
  http://www.cisco.com/en/US/products/sw/iosswrel/ps5413/products_feature_guide09186a00801d862d.html
  Only you will be able to decide whether the additional complexity of configuring Object Tracking and the additional overhead of tracking the reachability of the next hop address are worth not losing packets when the router goes down and comes back up.
  HTH
  Rick

• SG500X-48 forwards traffic on all ports

  Hello to everybody!
  I have a problem with my SG500 which I do not understand: It is forwarding all traffic to all ports. So for
  me it looks like it behaves like a hub.
  Can anybody please help me?
  I have a SG500X-48 with firmware version 1.2.0.97 which is in "standalone" mode with this configuration:
  switch8d3012#sh run
  voice vlan oui-table add 0001e3 Siemens_AG_phone________
  voice vlan oui-table add 00036b Cisco_phone_____________
  voice vlan oui-table add 00096e Avaya___________________
  voice vlan oui-table add 000fe2 H3C_Aolynk______________
  voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
  voice vlan oui-table add 00d01e Pingtel_phone___________
  voice vlan oui-table add 00e075 Polycom/Veritel_phone___
  voice vlan oui-table add 00e0bb 3Com_phone______________
  no ip routing
  bonjour interface range vlan 1
  hostname switch8d3012
  management access-list XXX-ADM
  permit gigabitethernet1/48
  exit
  management access-class XXX-ADM
  passwords aging 0
  username cisco password encrypted *** privi
  lege 15
  no snmp-server server
  snmp-server location RZ1
  clock timezone " " 1
  interface vlan 1
   no ip address dhcp
  interface gigabitethernet1/48
   ip address 10.1.2.5 255.255.255.0
  switch8d3012#
  switch8d3012#

  Hi Wire Man,
  By the way those switches are now on 1.4 firmware and yours is still 1.2 so would suugest you to start with upgrade.
  Regards,
  Aleksandra

• How to make ASR9000 bridge domain forward traffic between sub interfaces of same physical interface?

  Hi,
  I regularly use bridge domains to connect sub interfaces on different vlans using this sort of configuration:
  interface GigabitEthernet0/0/0/5.21 l2transport
  description CUSTOMER A WAN
  encapsulation dot1q 21
  rewrite ingress tag pop 1 symmetric
  interface GigabitEthernet0/0/0/10.3122 l2transport
  description CUSTOMER A CORE
  encapsulation dot1q 3122
  rewrite ingress tag pop 1 symmetric
  l2vpn
  bridge group WANLINKS
    bridge-domain CUSTOMERA
     interface GigabitEthernet0/0/0/5.21
     interface GigabitEthernet0/0/0/10.3122
  When I try to use the same method to bridge two sub interfaces on the same physical interface so as to create a L2 VPN no data flows:
  interface GigabitEthernet0/0/0/5.21 l2transport
  description CUSTOMER A WAN
  encapsulation dot1q 21
  rewrite ingress tag pop 1 symmetric
  interface GigabitEthernet0/0/0/5.22 l2transport
  description CUSTOMER A WAN2
  encapsulation dot1q 22
  rewrite ingress tag pop 1 symmetric
  l2vpn
  bridge group WANLINKS
    bridge-domain CUSTOMERA
     interface GigabitEthernet0/0/0/5.21
     interface GigabitEthernet0/0/0/5.22
  If I add a BVI interface to the bridge domain then the CE devices at the remote end of the WAN interface can both ping the BVI IP but they remain unable to ping each other.
  Is this because tag rewrites are not happening since packets don't leave the physical interface?
  How can I work around this and establish a L2 connection between the two subinterfaces?
  Thank you

  a vlan is usually the equivalent of an l3 subnet, so linking 2 vlans together in the same bridge domain, likely needs to come with some sort of routing (eg a BVI interface).
  If these 2 vlans are still in the same subnet, then there is still arp going on, from one host to the other that traverses the bD.
  you will need to verify the state of the AC, the forwarding in the BD and see if something gets dropped somewhere and follow the generic packet troubleshooting guides (see support forums for that also).
  that might give a hint to what the precise issue in your forwarding is.
  regards
  xander

• Separating forwarded traffic from bounce back traffic

  Dear All,
  iMS sends bounce backs and forwarded email to tcp_local which then routes the email to the configured smarthost. Now because forwarded email is much more important than bounce back messages to fake senders, is it possible to separate them into different channels or at least to different smarthosts?
  Marwan,

  How will you be able to tell?
  If you can't tell, how can the server tell?

• Forwarding traffic question

  I must admit, I'm an absolute n00b when it comes to networking, so please forgive me.
  What I'm trying to do is this:
  Internet connection ---> Router --(wlan)---> Laptop --(lan)---> Desktop
  The problem is finding out how to bridge the laptop connection to output through my ethernet port. I've played around with bridge-utils, but to no avail. All help is greatly appreciated!

  This has been discussed a few times on this forum. Here's an article on the arch wiki: https://wiki.archlinux.org/index.php/Internet_Share
  Note that you can't bridge a wired interface with a wireless interface (at least it wasn't possible the last time I checked, and I doubt it is now), so both interfaces must be in a different LAN and you must do routing between them. See the wiki.