Guy accessed remote administration port 4567 on my router. Thanks, Verizon!
Some dude has been running botnet attacks to gain access to my Westell 9100 BHR router and this past weekend he was successful:
Oct 9 20:01:39 2010 Inbound Traffic Blocked - Default policy TCP 74.125.227.33:80->71.170.238.87:49396 on eth1
Oct 9 20:03:50 2010 Inbound Traffic Blocked - Default policy TCP 173.192.226.198:80->71.170.238.87:49487 on eth1
Oct 9 20:04:34 2010 Outbound Traffic Blocked - Default policy UDP 192.168.1.3:50018->65.55.158.118:3544 on eth1
Oct 9 20:04:36 2010 Inbound Traffic Blocked - Default policy TCP 65.60.38.194:80->71.170.238.87:49497 on eth1
Oct 9 20:04:37 2010 Outbound Traffic Blocked - Default policy UDP 192.168.1.3:50018->65.55.158.118:3544 on eth1
Oct 9 20:06:45 2010 Inbound Traffic Blocked - Default policy TCP 74.125.227.49:80->71.170.238.87:49534 on eth1
Oct 9 20:07:01 2010 Inbound Traffic Blocked - Default policy TCP 78.141.177.62:443->71.170.238.87:49540 on eth1
Oct 9 20:16:35 2010 Inbound Traffic Blocked - Packet invalid in connection TCP 77.67.87.105:80->71.170.238.87:49683 on eth1
Oct 9 20:16:37 2010 Firewall Info Rate Limit 1 messages of type [9] Packet invalid in connection suppressed in 1 second(s)
Oct 9 20:23:25 2010 Inbound Traffic Blocked - Default policy TCP 81.200.61.23:60289->71.170.238.87:2439 on eth1
Oct 9 20:23:25 2010 Inbound Traffic Accepted Traffic - Remote administration TCP 81.200.61.23:60289->71.170.238.87:4567 on eth1
Oct 9 20:23:25 2010 Firewall Info Rate Limit 17 messages of type [15] Default policy suppressed in 1 second(s)
Oct 9 20:23:25 2010 Inbound Traffic Blocked - Default policy TCP 81.200.61.23:60289->71.170.238.87:4964 on eth1
Oct 9 20:23:27 2010 Firewall Info Rate Limit 53 messages of type [15] Default policy suppressed in 1 second(s)
Oct 9 20:23:27 2010 Inbound Traffic Blocked - Default policy TCP 81.200.61.23:60290->71.170.238.87:4728 on eth1
Oct 9 20:23:27 2010 Inbound Traffic Accepted Traffic - Remote administration TCP 81.200.61.23:60296->71.170.238.87:4567 on eth1
Oct 9 20:23:27 2010 Firewall Info Rate Limit 59 messages of type [15] Default policy suppressed in 1 second(s)
Oct 9 20:23:27 2010 Inbound Traffic Blocked - Default policy TCP 81.200.61.23:60289->71.170.238.87:2000 on eth1
Oct 9 20:23:28 2010 Firewall Info Rate Limit 74 messages of type [15] Default policy suppressed in 1 second(s)
Oct 9 20:23:28 2010 Inbound Traffic Blocked - Default policy TCP 81.200.61.23:60290->71.170.238.87:2749 on eth1
Oct 9 20:23:29 2010 Inbound Traffic Accepted Traffic - Remote administration TCP 81.200.61.23:60297->71.170.238.87:4567 on eth1
Oct 9 20:23:29 2010 Firewall Info Rate Limit 74 messages of type [15] Default policy suppressed in 1 second(s)
I went ahead and reset whatever settings he changed, but how do I close this port to prevent this guy from gaining access to my router in the future?
whokebe1 wroteI'm pretty certain I didn't see that bottom entry the previous week. And if you'll notice, I can't undo it without resetting the router.
That certainly doesn't look like anything I've seen VZ add.
I have seen VZ add a UDP from from ANY address / ANY port to DVR port 63145 which effective blocks port forwarding needed for third party VOIP.
VZ recently encrypted the Actiontec config file. However the config file for Westells remains unencrypted.
If you want to block access to the CPE Management port.
Save your current configuration to a file.
Open it with a text editor.
About 3/4 of the way down the file you will see the following lines:
(cwmp
(enabled(1))
Change it to:
(cwmp
(enabled(0))
That should block remote CPU access.
Similar Messages
-
Air Port Extreme Remote Administration?
Is it possible to administer the Air Port Extreme remotely?
My Linksys router has been doing OK lately, but have been noticing issues like speed latency. I think this is true not only since another B or G Wifi device connected to the router causing the rest of the speeds to decrease, but also since I moved into a location that has many WiFi hotspots - specifically my condo complex. My conclusion is buying a dual band wireless router which probablt has a larger WiFi range too. I am debating on whether or not to buy the Apple Air Port Extreme Base Station or one of the top 3 Linksys E Seriers routers (E2500, E3200, E4200), since I have 2 iPads, an iMac, 2 iPhones, 2 Apple TVs, 2 Windows 7 laptops, 1 Windows XP desktop, XBox 360, Nintendo Wii, and 2 WiFi enablesd Blue Ray Players. I saw that I was able to access all of the devices with the Air Port Extreme Base Station - great! Air Port Extreme Base Station works great with all of the Apple devices, stops latency slow WiFi speeds and can have a USB hub attached to allow for a printer, multiple HDs [Time Machine Backups, YAY], etc. I am leaning towards the Air Port Extreme Base Station, but have two reservations:
(1) WEB BROWSER: I cannot administer the Air Port Extreme Base Station via a web browser and am forced to install the software and
(2) REMOTE ADMINISTRATION: I cannot make any changes to the Air Port Extreme Base Station remotely, say if I'm at work, forgot to open a few ports and NAT/PAT, to access my computer.
I would buy the Air Port Extreme Base Station if I can at least get through one of these two reservations.
Please help.<Yes, the newer AirPort Extremes running 7.4.1+ firmware, can be administered from a remote location ... of course, you would still require the AirPort Utility to do so.>
I am looking to set up remote access to my Airport Extreme that is running the latest firmware. Can you describe what I need to do to do so? I do not have a static IP so will have to use something like DynDNS I assume. My needs are pretty simple. From time to time my Airport drops out (I'm guessing after a power outage) and while the Cablevision modem restarts, my Airlort is often left flashing orange. This would be fine except that this is all at a weekend house that is 90 miles away and I need the wifi to be working so that I can access my Nest thermostat as well as my Insteon system for remote light management. -
What "ethernet port" does airport utility use for "remote administration"
I have a friend who was recently evangelized to Macs and bought a Macbook Pro and an Apple Airport Extreme (gigabit) Router, hereinafter called AE. The place where he lives has cable modem internet access and an older Linksys wireless-G router for the building, and I am trying to configure his new AE, prior to making it the primary router in the network (e.g. connected to the cable modem).
When the AE is completely configured the Linksys will be retired.
I remotely manage and maintain the network and some other computers in that house. The Linksys is configured for Remote Administration so I can manage it. I manage several PC's and Macs using Timbuktu Pro 8, with the necessary ports forwarded through to TB2 on those machines.
I am trying to configure the Airport so it also can be managed remotely, so from a workstation on that network (accessed from where I am using TB2) and running Airport Utility, I have checked "Allow setup over WAN" on the Airport/BaseStation page. Now I would like to test whether I can connect and remotely administer that Airport Extreme from Airport Utility on my Mac.
I assume that, if I can rout packets from my Airport Utility here through the internet to the public IP of the Linksys router there, I should be able to connect. But I can't.
My setup is this. The target AE has its WAN port connected to an ethernet port on the Linksys, as is the LAN in the remote building. Nothing is connected to the AE's ethernet ports at this time. The Linksys is the DHCP server, and the AE has an IP from it, as does all the other ethernet- and wireless-connected computers, printers, etc. The AE's wireless is active and the wireless-connected devices in the building can connect to either its base station or to that of the Linksys. When the Linksys is retired the AE will be the only wireless in the building.
I attempt to connect in the following way: On my Mac, I run Airport Utility. From the file menu I select "Configure other" and enter the public IP address of the remote Linksys, and give AE's password. There is a long wait
Reading the Airport wireless device configuration....
while Airport Utility tried to discover AE, and then
An error occurred while reading the configuration..... (-6753)
I suspect that my remote connection problem is due to the fact that the AE is behind the Linksys, and the proper port forwarding is not in place on it to pass the Airport Utility's packets through to the Wan port of the AE. This might be that I have not entered into the Linksys the correct port number to forward on to the AE. I've tried the three numbers in the list:
"Well known TCP and UDP ports used by Apple software products" found at
http://support.apple.com/kb/ts1629
that are mentioned as possibly being involved with Airport Utility; 192, 4500 and 5009.
Advice will be appreciated.
BobOne example, and there may be others, is the (free) DynDNS dynamic DNS service which publishes a domain name for the WAN port of your router which can then be resolved, like all other domain names, to the actual IP address of the WAn port of your router. This service provides a solution to the problem of having a proper domain name in cases where your public IP address changes over time. Unless you pay for a static IP address, virtually all ISPs change your public IP address over time.
So, you can register for a free DynDNS account at www.dyndns.com and that is how you come up with the User: and Password: information; use whatever User and Password you register at dyndns.com with.
The first part of the hostname you can define as you wish, subject only to someone else having used it previously, and the remaining parts of the domain name might be "dyndns.org" or one of the other domain names provided by the DynDNS service. So, you could publish, via DynDNS, the name of your public IP address as, for example, joehlam.dyndns.org however you might want something less descriptive or more vague. -
How do you guys do remote access?
Hi All,
I have a customer with a MAC at both office and home. When she is a home she would like to remote into her work computer (okay'ed by her boss) to work on various things (she is a graphics artist).
How do you guys do remote access? Do you have anything like Linux's XRDP?
What ports and what protocol (TCP, UDP) do you use?
Many thanks,
-TSo something like Goodreader or Dropbox would work...if the files are *.doc's you could use Quick Office Pro HD to edit them. An iPad probably isn't the place to do complicated edits, however...either of these apps will allow a file local to the iOS device to be stored, then sent to another app such as Quick Office Pro HD...or you could also have the files stored in an email folder in say, Outlook, and then have that folder sync to the iOS device OTA with the iOS Exchange client...
-
How to remotely access visual administrator in AIX system
Hi Friends
i want to remotely access visual administrator of my client system which is on AIX platform,can any one please tell me the step by step procedure of connecting to that system and then which command to use to start Visual administrator.
Like the way we do in windows remote desktop and run the go.bat file in the admin folder of the j2ee,similarly wat should i do to start this go.bat in this AIX system.
Any help would be appreciated and rewarded with points
Thanks and Regards
RashmiJust found the apex_access_control table in my schema.
Guess I'll just use that. -
Use of domain administration port breaks session access?
WLS 8.1.2;
We have a third-party app deployed in a pretty basic cluster setup (two managed servers, each on a separate machine). When accessing the main web app, it works fine. If/when we enable the domain-wide administration port (DAP)(after enabling SSL on each server), we can no longer access the application - we get the exception shown below.
Note - if we shut down one of the two managed servers with DAP enabled, the app works. If we disable DAP and run both managed servers using SSL, the app works.
What have done wrong?
tia,
Rick
<snip>
####<Jun 9, 2005 10:26:49 AM EDT> <Error> <HTTP Session> <OYARSA4> <ep01> <ExecuteThread: '9' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <BEA-100060> <An unexpected error occurred while retrieving the session for Web application: ServletContext(id=247422,name=eprovision-client,context-path=/eprovision-client).
java.lang.SecurityException: User <anonymous> does not have access to the administrator port.
at weblogic.rjvm.BasicOutboundRequest.sendReceive(BasicOutboundRequest.java:108)
at weblogic.rmi.internal.BasicRemoteRef.invoke(BasicRemoteRef.java:138)
at weblogic.cluster.replication.ReplicationManager_812_WLStub.create(Unknown Source)
at weblogic.cluster.replication.ReplicationManager.trySecondary(ReplicationManager.java:1064)
at weblogic.cluster.replication.ReplicationManager.createSecondary(ReplicationManager.java:997)
at weblogic.cluster.replication.ReplicationManager.register(ReplicationManager.java:391)
at weblogic.cluster.replication.ReplicationManager.register(ReplicationManager.java:376)
at weblogic.cluster.replication.ReplicationManager.register(ReplicationManager.java:370)
at weblogic.servlet.internal.session.ReplicatedSessionData.<init>(ReplicatedSessionData.java:95)
at weblogic.servlet.internal.session.ReplicatedSessionContext.getNewSession(ReplicatedSessionContext.java:304)
at weblogic.servlet.internal.ServletRequestImpl.getNewSession(ServletRequestImpl.java:2472)
at weblogic.servlet.internal.ServletRequestImpl.getSession(ServletRequestImpl.java:2169)
at weblogic.servlet.security.internal.SecurityModule$SessionRetrievalAction.run(SecurityModule.java:637)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:317)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:118)
at weblogic.servlet.security.internal.SecurityModule.getUserSession(SecurityModule.java:612)
at weblogic.servlet.security.internal.FormSecurityModule.stuffSession(FormSecurityModule.java:404)
at weblogic.servlet.security.internal.FormSecurityModule.checkUserPerm(FormSecurityModule.java:391)
at weblogic.servlet.security.internal.SecurityModule.beginCheck(SecurityModule.java:197)
at weblogic.servlet.security.internal.FormSecurityModule.checkA(FormSecurityModule.java:181)
at weblogic.servlet.security.internal.ServletSecurityManager.checkAccess(ServletSecurityManager.java:145)
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3539)
at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2585)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)
Caused by: java.lang.SecurityException: User <anonymous> does not have access to the administrator port.
at weblogic.rjvm.RJVMImpl.dispatchRequest(RJVMImpl.java:910)
at weblogic.rjvm.RJVMImpl.dispatch(RJVMImpl.java:844)
at weblogic.rjvm.ConnectionManagerServer.handleRJVM(ConnectionManagerServer.java:222)
at weblogic.rjvm.ConnectionManager.dispatch(ConnectionManager.java:794)
at weblogic.rjvm.t3.T3JVMConnection.dispatch(T3JVMConnection.java:570)
at weblogic.socket.SSLFilter.dispatch(SSLFilter.java:281)
at weblogic.socket.NTSocketMuxer.processSockets(NTSocketMuxer.java:105)
at weblogic.socket.SocketReaderRequest.execute(SocketReaderRequest.java:32)
</snip>An unexpected error occurred while retrieving the session for Web application: logContext.
Cause might Failed to retrieve the session from persistent store.
pl. check your configuration
Prasanna Yalam -
I can't access my IMAP port remotely. Why?
I can't access my IMAP port remotely. Why?
<p>
If you can access your IMAP port using telnet on the host, but not
remotely, this is most likely a DNS issue. IMAP is different from POP
and SMTP in that it does a DNS search. Check the DNS Service
Search Order, and delete any entries that are questionable
(i.e. an ISP that may not be reachable) and try connecting again.Please provide a little more information. What exactly are you trying to do? Bluetooth on iOS devices is not set up to share files and photos. If you can tell us what you want to accomplish we can tell you how to do it.
-
Remote administration can't be disabled
I've seen a couple of posts on this, but none that seemed to be properly resolved. I have a wag200g, and remote administration cannot be disabled. I'm not a moron so please don't give me some copy paste reply telling me what button to click, as someone did in a different thread on this problem.I'm on the latest firmware, so nothing on that either please. The only sensible solution is to route all incoming on port 80 to a dead ip address, same as I've had to do for the inexplicably open port 443 - another dangerous security hole.
Seriously, I think this is a HUGE problem that you've got, since I found the same on someone else with the same router. Difference being, they hadn't changed the admin password. Hence, just knowing the ip its possible to login with admin/admin and cause havoc.The login box for remote administration even helpfully gives you the make and model of the router..........sheer madness.
I'd like to say this is the last linksys router I'll ever buy, but it's not. I'm going to get one of those old ones on ebay so I can install dd-wrt on it and not have to worry about linksys firmware (seriously, javascript, on a router admin page? you got to be kidding)
Anyway, I'm not really looking for answers, just wanting to register the problem in a way that hopefully might make someone listen
(Mod note: Edited for guideline compliance.)
Message Edited by kent07 on 01-20-2010 05:43 PMHello, insaf_mohd and onlyregisteringtopostthis. I'm just your average network guy in the process of learning more from others, so bear with me on this. I also have a WAG200G and I've recently enabled Remote Access on it. Actually, I just followed the instructions on the link: http://kb.linksys.com/Linksys/ukp.aspx?vw=1&docid=58abe55b7a774a9181f60f2d1de937ff_4252.xml&pid=80&r...
I disabled and enabled Remote Management (Administration > Management > Remote Management) just to experiment on things. So far, it's working. Can you guys give me additional insights on other steps to do on the WAG200G to optimize its performance?
Information. Share it. Learn from it.
Help, learn and share -
Portal failed to access remote resource due to network failures
Hi,
We have a portlet that allows users to upload files to a SQL Server database and make it available for other users to access. The portlet code is on our remote servers. Everything works fine in dev environment, but certain files fail in pre-prod and prod within the portal, but work fine when the code is executed outside the portal.
I keep getting this error:
Error - Portal failed to access remote resource due to network failures. Try again later or contact your portal administrator.
What could the problem be?
Thank you for your help.
RadIf the Studio service looks good on the remote server where Studio is installed (check that
the service is started and look in the Studio logs for any warnings or errors), you should
also verify the configuration settings in the Studio remote server object. Is it properly
configured and pointing to the correct remote server?
If so, check the portal servers access to the Studio server via the port specified in the remote
server (default is 11935). You can test this by doing a telnet test on the portal server. In a cmd
prompt (Windows) or on the CLI (Unix), type 'telnet [studioserver] 11935', where "<servername> is
the name of your Studio remote server. The screen should just go blank, meaning that there is
something accepting connections on that port on the given server. (We would hope it's the Studio
app and not another service occupying that port.) If you get "Could not open connection to the host"
or some such similar result, check that the network between the portal and the Studio remote server
is open (ie, make sure there isn't any port blocking or a firewall in place that would hinder the
communication between the two servers). -
I would like to setup my eldery parents with an imac and ipad which I know will greatly help them in their daily life. The technology they love to play with whenever I visit, but they can never keep anything running or sync'ed unless I am around. Medical and other issues make this a real challenge for them. Unfortunately, I live in a different country and see them maybe once per year. I'm surrounded my apple products but never tried remote administration and wondered what I would need (software and hardware) to make this noble venture sucessful. Anyone out there has some experience or recommendations? I'm looking for something that is simple and reliable to implement ...
JokerGirl,
This is Scott J, I work for Intel and wanted to try and help you out. Sorry to hear about your current PC and your knee!
I agree with the bigger screen. I have the Samsung ATIV Smart PC with a screen 11.6" which is great to watch shows/movies! anything bigger is almost too big for a tablet (personal opinion).
Yes, most if not all tablets will have speakers and a headphone jack
You can watch YouTube
Only certain models have keyboards, you will want to specify this when making a purchase. Note: most keyboards are sold separately.
Covers are usually pretty easy to come buy, as well as screen protectors (clear plastic that covers and protects your screen from scratches, etc.)
Depending on the Operating System (Windows, Android, etc.) you will have access to an app store where you can buy and download content. Alternatively you can access your favorite sites to read news, get books, magazines, etc.
Hooking things to your tablet - different tablets will have different ports (USB, HDMI, etc.) Question to ask prior to making a purchase as some do not have ports (iPad). Back to my Samsung, I have several ports and do hook it to my TV
Tablets can run anywhere from $150-$1,000. The mid-range $400-$700 should fulfill all of your needs above and more!
Here's an article that might help you narrow down your search: http://electronics.howstuffworks.com/gadgets/high-tech-gadgets/5-tips-for-choosing-the-right-tablet....
Happy Holidays!
Scott
#IntelTablets -
Datasync and domain Wide administration port problem
Hi,
After enabling domain wide administration port in WLP 8.1, wee start to see following
exception on our managed servers log file. This happes in every mananaged server.
Datasync.war is deployed only in adminserver as the manual says. We see this error
every time we boot our managed servers.
Any ideas?
####<Nov 3, 2003 11:00:27 PM EET> <Error> <DataSync> <demomachine> <ManagedServer1>
<main> <<anonymous>> <> <BEA-400618> <Creation of the Master Data Repository failed.
Application data will not be available to services. Correct the problem and redeploy
the application.
java.lang.SecurityException: User <anonymous> does not have access to the administrator
port.
Regards, MikaCause might The managed server was given a URL to boot from that resolves to a managed server address. If the managed server is running on the same machine as the admin server, this can be caused by a failure to specify a unique admin port.
Inspect the address:port provided to the managed server from which to boot. This address should be changed to reference the admin server rather than resolving to a managed server. If the managed server is running on the same machine as the admin server, you must differentiate them by providing a unique port number.
Now we log a clear message that prints something like ,
The address provided to get to the admin server x.x.x.x resolves to a m
anaged server local address x.x.x.x:nnnn rather than a remote address as
expected, or the local managed server port might already be in use if you
have setup domain wide admin port, please check the configuration and correct
the problem.
Regards,
Prasanna Yalam -
How do I id software WSTL CPE 1.0 on WAP tcp port 4567
The system on my '08 13" macbook (10.6.8) failed a compliance scan done by a credible credit card processing co. This is for my small business to make sure my customers info is secure.
This is what they reported:
Protocol
Port
Special Notes
tcp
4567
Remote Access Software:HTTP service (WSTL CPE 1.0) running on WAP
No help from their tech support or my server. I tried to find the port in Little Snitch, looked all around in system preferences & Googled it with no results.
Any help will be much appreciated.http://www.dslreports.com/forum/r20511704-Westell-6100-F90-port-4567
This port might be open in the modem to allow the ISP to push updates. It is not actually a port open on your computer.. the fact that it returns as open is irrelevant. But talk to your ISP if you need it shut for running higher security card processing. -
Not able to access the Administrator Console 7001
Dear all,
We have installed weblogic server 11.1.2 in Aix 6.1.
Installation faced lot of FIXER problems finally we fixed all the required fixers and installation and configuration compleated without any error.
In the last page of Configuration summary we got the Admin consloe and Em console address.
When i try to connect those from my system using IE it says "internet explorer cannot Display the webpage" error comes.
While on Installation we used Humming bird for graphical installation[this is the first time am using this utlity]. And more over i do not have idea how to check about the admin server start and stop from the back end[AIX].
Kindly help me how to access the Administrator Console after Installation
"Administrator Console: http://emar:7001/console"
Exepecting all expects advice and guidance.
Regards,
PajaHi Paja,
Please check any weblogic process are running by using.
ps -ef | grep java
use " *kill -9 < pid >* "
Now under %Domain_Home%/ bin folder.
you will find startWebLogic.sh file.
start this one using following way.
./startWebLogic.sh
Once you provide your username and password
Check your last logging like this.
*<Notice> <Server> <BEA-002613> <Channel "Default" is now listening on 10.17.62.212:7001 for protocols iiop, t3, ldap, s*
in this case 10.17.62.212 is my IP address or listen address and 7001 is my http port.
if you enable SSL list port it will also show you that one.
now try to access console using http://<IP address>:port/console
provide username and password
Here we go to start your weblogic server.
Now in %Domain_Home%/ bin folder you will find one more .sh file says stopWebLogic.sh.
this will help you to stop the server.
Hope this is easy way to start and stop your server.
Regards,
kal -
Unable to Access Remote LAN over IPSec VPN
I have a Cisco ASA 5540 setup with Remote Access VPN for users. Suddenly no one can access the remote LAN over VPN. Below is my config:
ASA Version 7.0(8)
hostname DC2ASA
domain-name yorktel.com
enable password d2XdVlFOzleWlH1j encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
dns-guard
interface GigabitEthernet0/0
description outside/savvis
nameif outside
security-level 0
ip address 216.33.198.4 255.255.255.0 standby 216.33.198.5
interface GigabitEthernet0/1
description inside
nameif inside
security-level 100
ip address 10.203.204.1 255.255.254.0 standby 10.203.204.2
interface GigabitEthernet0/2
nameif insidesan
security-level 100
ip address 10.203.206.1 255.255.254.0 standby 10.203.206.2
interface GigabitEthernet0/3
description LAN/STATE Failover Interface
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
ftp mode passive
object-group service FileMaker tcp-udp
port-object range 16000 16001
access-list outside-in extended permit ip 65.123.204.0 255.255.254.0 216.33.198.0 255.255.255.0 log
access-list outside-in extended permit ip 216.33.198.0 255.255.255.0 216.33.198.0 255.255.255.0 log
access-list outside-in extended permit icmp 216.33.198.0 255.255.255.0 216.33.198.0 255.255.255.0 log
access-list outside-in extended permit icmp any any
access-list outside-in extended permit icmp any any echo
access-list outside-in extended permit ip any host 216.33.198.22 inactive
access-list outside-in extended permit tcp any host 216.33.198.19
access-list outside-in extended permit udp any host 216.33.198.19
access-list outside-in extended permit ip any host 216.33.198.19
access-list outside-in extended permit tcp any host 216.33.198.10 eq 3389
access-list outside-in extended permit tcp any host 216.33.198.10 eq ftp inactive
access-list outside-in extended permit tcp any host 216.33.198.10 eq ftp-data inactive
access-list outside-in extended permit tcp any host 216.33.198.10 eq ssh inactive
access-list outside-in extended permit tcp any host 216.33.198.19 eq www
access-list outside-in extended permit tcp any host 216.33.198.19 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.19 eq https
access-list outside-in extended permit tcp any host 216.33.198.19 eq ftp-data
access-list outside-in extended permit tcp any host 216.33.198.19 eq ftp
access-list outside-in extended permit tcp any host 216.33.198.19 eq smtp
access-list outside-in extended permit tcp any host 216.33.198.19 eq pop3
access-list outside-in extended permit tcp any host 216.33.198.19 eq 587
access-list outside-in extended permit tcp any host 216.33.198.16 eq www
access-list outside-in extended permit tcp any host 216.33.198.16 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.16 eq https
access-list outside-in extended permit tcp any host 216.33.198.16 eq ftp-data
access-list outside-in extended permit tcp any host 216.33.198.16 eq ftp
access-list outside-in extended permit tcp any host 216.33.198.16 eq 8094
access-list outside-in extended permit tcp any host 216.33.198.16 eq 8096
access-list outside-in extended permit tcp any host 216.33.198.16 eq 8097
access-list outside-in extended permit tcp any host 216.33.198.16 eq 8090
access-list outside-in extended permit tcp any host 216.33.198.38 eq www
access-list outside-in extended permit tcp any host 216.33.198.38 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.38 eq https
access-list outside-in extended permit tcp any host 216.33.198.38 eq ftp
access-list outside-in extended permit tcp any host 216.33.198.38 eq ftp-data
access-list outside-in extended permit tcp any host 216.33.198.38 eq 8094
access-list outside-in extended permit tcp any host 216.33.198.38 eq 8096
access-list outside-in extended permit tcp any host 216.33.198.38 eq 8097
access-list outside-in extended permit tcp any host 216.33.198.38 eq 8090
access-list outside-in extended permit tcp any host 216.33.198.25 eq www
access-list outside-in extended permit tcp any host 216.33.198.25 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.25 eq https
access-list outside-in extended permit tcp any host 216.33.198.25 eq ftp-data
access-list outside-in extended permit tcp any host 216.33.198.25 eq ftp
access-list outside-in extended permit tcp any host 216.33.198.25 eq 8094
access-list outside-in extended permit tcp any host 216.33.198.25 eq 8096
access-list outside-in extended permit tcp any host 216.33.198.25 eq 8097
access-list outside-in extended permit tcp any host 216.33.198.25 eq 8090
access-list outside-in extended permit tcp any host 216.33.198.22 eq www
access-list outside-in extended permit tcp any host 216.33.198.22 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.22 eq https
access-list outside-in extended permit tcp any host 216.33.198.22 eq ftp-data
access-list outside-in extended permit tcp any host 216.33.198.22 eq ftp
access-list outside-in extended permit tcp any host 216.33.198.22 eq 8094
access-list outside-in extended permit tcp any host 216.33.198.22 eq 8096
access-list outside-in extended permit tcp any host 216.33.198.22 eq 8097
access-list outside-in extended permit tcp any host 216.33.198.22 eq 8090
access-list outside-in extended permit tcp any host 216.33.198.17 eq www
access-list outside-in extended permit tcp any host 216.33.198.17 eq rtsp
access-list outside-in extended permit udp any host 216.33.198.17 eq 5005
access-list outside-in extended permit tcp any host 216.33.198.17 eq 1755
access-list outside-in extended permit udp any host 216.33.198.17 eq 1755
access-list outside-in extended permit tcp any host 216.33.198.17 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.17 eq https
access-list outside-in extended permit tcp any host 216.33.198.17 eq ftp
access-list outside-in extended permit tcp any host 216.33.198.17 eq ftp-data
access-list outside-in extended permit tcp any host 216.33.198.17 eq 989
access-list outside-in extended permit tcp any host 216.33.198.17 eq 990
access-list outside-in extended permit tcp any host 216.33.198.24 eq www
access-list outside-in extended permit tcp any host 216.33.198.24 eq rtsp
access-list outside-in extended permit udp any host 216.33.198.24 eq 5005
access-list outside-in extended permit tcp any host 216.33.198.24 eq 1755
access-list outside-in extended permit udp any host 216.33.198.24 eq 1755
access-list outside-in extended permit udp any host 216.33.198.24
access-list outside-in extended permit tcp any host 216.33.198.24 eq 8090
access-list outside-in extended permit tcp any host 216.33.198.24 eq https
access-list outside-in extended permit tcp 209.67.5.96 255.255.255.224 any inactive
access-list outside-in extended permit udp 209.67.5.96 255.255.255.224 any inactive
access-list outside-in extended permit udp any host 216.33.198.17 inactive
access-list outside-in extended permit tcp any host 216.33.198.18 eq 1433
access-list outside-in extended permit tcp any host 216.33.198.18 eq 1434
access-list outside-in extended permit tcp any host 216.33.198.100 eq www
access-list outside-in extended permit tcp any host 216.33.198.101 eq www
access-list outside-in extended permit tcp any host 216.33.198.102 eq www
access-list outside-in extended permit tcp any host 216.33.198.103 eq www
access-list outside-in extended permit tcp any host 216.33.198.104 eq www
access-list outside-in extended permit tcp any host 216.33.198.105 eq www
access-list outside-in extended permit tcp any host 216.33.198.106 eq www
access-list outside-in extended permit tcp any host 216.33.198.107 eq www
access-list outside-in extended permit tcp any host 216.33.198.108 eq www
access-list outside-in extended permit tcp any host 216.33.198.109 eq www
access-list outside-in extended permit tcp any host 216.33.198.110 eq www
access-list outside-in extended permit tcp any host 216.33.198.100 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.101 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.102 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.103 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.104 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.105 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.106 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.107 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.108 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.109 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.110 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.100 eq ftp
access-list outside-in extended permit tcp any host 216.33.198.101 eq ftp
access-list outside-in extended permit tcp any host 216.33.198.102 eq ftp
access-list outside-in extended permit tcp any host 216.33.198.103 eq ftp
access-list outside-in extended permit tcp any host 216.33.198.104 eq ftp
access-list outside-in extended permit tcp any host 216.33.198.105 eq ftp
access-list outside-in extended permit tcp any host 216.33.198.106 eq ftp
access-list outside-in extended permit tcp any host 216.33.198.107 eq ftp
access-list outside-in extended permit tcp any host 216.33.198.108 eq ftp
access-list outside-in extended permit tcp any host 216.33.198.109 eq ftp
access-list outside-in extended permit tcp any host 216.33.198.110 eq ftp
access-list outside-in extended permit tcp any host 216.33.198.100 eq ftp-data
access-list outside-in extended permit tcp any host 216.33.198.101 eq ftp-data
access-list outside-in extended permit tcp any host 216.33.198.102 eq ftp-data
access-list outside-in extended permit tcp any host 216.33.198.103 eq ftp-data
access-list outside-in extended permit tcp any host 216.33.198.104 eq ftp-data
access-list outside-in extended permit tcp any host 216.33.198.105 eq ftp-data
access-list outside-in extended permit tcp any host 216.33.198.106 eq ftp-data
access-list outside-in extended permit tcp any host 216.33.198.107 eq ftp-data
access-list outside-in extended permit tcp any host 216.33.198.108 eq ftp-data
access-list outside-in extended permit tcp any host 216.33.198.109 eq ftp-data
access-list outside-in extended permit tcp any host 216.33.198.110 eq ftp-data
access-list outside-in extended permit tcp host 12.71.134.4 any
access-list outside-in extended permit udp host 12.71.134.4 any
access-list outside-in remark Allow Mark to access remote desktop from home office.
access-list outside-in extended permit tcp host 96.255.220.240 any
access-list outside-in remark Allow Mark to access remote desktop from home office.
access-list outside-in extended permit udp host 96.255.220.240 any
access-list outside-in extended permit tcp host 67.81.54.83 any
access-list outside-in remark Allow Chris to access remote desktop from home office.
access-list outside-in extended permit tcp host 100.1.41.196 any
access-list outside-in remark Allow Chris to access remote desktop from home office.
access-list outside-in extended permit udp host 100.1.41.196 any
access-list outside-in extended permit udp host 67.81.54.83 any
access-list outside-in remark Allow Jim Johnstone to remote in from home office.
access-list outside-in extended permit tcp host 96.225.44.46 any
access-list outside-in remark Allow Jim Johnstone to remote in from home office.
access-list outside-in extended permit udp host 96.225.44.46 any
access-list outside-in extended permit tcp host 64.19.183.67 any
access-list outside-in extended permit udp host 64.19.183.67 any
access-list outside-in remark Allow Steve Fisher to remote in from home office.
access-list outside-in extended permit tcp host 173.67.0.16 any
access-list outside-in remark Allow Steve Fisher to remote in from home office.
access-list outside-in extended permit udp host 173.67.0.16 any
access-list outside-in remark Allow remote desktop connections to remote.yorkcast.com
access-list outside-in extended permit tcp any host 216.33.198.20 eq 3389
access-list outside-in remark Allow remote desktop connections to remote.yorkcast.com
access-list outside-in extended permit tcp any host 216.33.198.20 eq ftp-data
access-list outside-in remark Allow remote desktop connections to remote.yorkcast.com
access-list outside-in extended permit tcp any host 216.33.198.20 eq ftp
access-list outside-in remark Allow remote desktop connections to remote.yorkcast.com
access-list outside-in extended permit tcp any host 216.33.198.20 eq www
access-list outside-in remark Allow remote desktop connections to remote.yorkcast.com
access-list outside-in extended permit tcp any host 216.33.198.20 eq https
access-list outside-in remark Allow remote desktop connections to remote.yorkcast.com
access-list outside-in extended permit tcp any host 216.33.198.20 inactive
access-list outside-in remark Allow remote desktop connections to remote.yorkcast.com
access-list outside-in extended permit udp any host 216.33.198.20 inactive
access-list outside-in remark Allow remote desktop connections to remote.yorkcast.com
access-list outside-in extended permit ip any host 216.33.198.20 inactive
access-list outside-in remark Allow remote desktop connections to ftp.yorkcast.com
access-list outside-in extended permit tcp any host 216.33.198.19 eq 3389 inactive
access-list outside-in remark Allow remote desktop connections to BMS-TV
access-list outside-in extended permit tcp any host 216.33.198.21 eq 3389
access-list outside-in remark Allow remote desktop connections to BMS-TV
access-list outside-in extended permit tcp any host 216.33.198.21 eq www
access-list outside-in remark Allow remote desktop connections to BMS-TV
access-list outside-in extended permit tcp any host 216.33.198.21 eq https
access-list outside-in extended permit tcp any host 216.33.198.21 eq 8080
access-list outside-in remark Allow remote desktop connections to BMS-TV
access-list outside-in extended permit tcp any host 216.33.198.21 eq ftp
access-list outside-in remark Allow remote desktop connections to BMS-TV
access-list outside-in extended permit tcp any host 216.33.198.21 eq ftp-data
access-list outside-in extended permit tcp any host 216.33.198.19 eq 3306
access-list outside-in extended permit udp any host 216.33.198.19 eq 3306
access-list outside-in remark Allow remote desktop connections to ftp.yorkcast.com
access-list outside-in extended permit tcp any host 216.33.198.23 eq 3389
access-list outside-in remark Allow remote desktop connections to ftp.yorkcast.com
access-list outside-in extended permit tcp any host 216.33.198.23 eq ftp
access-list outside-in remark Allow remote desktop connections to ftp.yorkcast.com
access-list outside-in extended permit tcp any host 216.33.198.23 eq www
access-list outside-in remark Allow remote desktop connections to ftp.yorkcast.com
access-list outside-in extended permit tcp any host 216.33.198.23 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.18 eq 3389 inactive
access-list outside-in extended permit tcp any host 216.33.198.17 inactive
access-list outside-in extended permit ip any host 216.33.198.17 inactive
access-list outside-in extended permit tcp any host 216.33.198.18 inactive
access-list outside-in extended permit udp any host 216.33.198.17 eq 554
access-list outside-in extended permit udp any host 216.33.198.24 eq 554
access-list outside-in remark Allow any access from Treasury
access-list outside-in extended permit tcp host 64.241.196.50 any
access-list outside-in remark Allow any access from Treasury
access-list outside-in extended permit udp host 64.241.196.50 any
access-list outside-in remark Allow any access from Treasury
access-list outside-in extended permit ip host 64.241.196.50 any
access-list outside-in extended permit tcp any host 216.33.198.26 eq ftp-data
access-list outside-in extended permit tcp any host 216.33.198.26 eq www
access-list outside-in extended permit tcp any host 216.33.198.26 eq https
access-list outside-in extended permit tcp any host 216.33.198.27 eq https
access-list outside-in extended permit tcp any host 216.33.198.27 eq www
access-list outside-in extended permit tcp any host 216.33.198.27 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.27 eq ftp
access-list outside-in extended permit tcp any host 216.33.198.27 eq ftp-data
access-list outside-in extended permit tcp any host 216.33.198.27 eq 8094
access-list outside-in extended permit tcp any host 216.33.198.27 eq 8096
access-list outside-in extended permit tcp any host 216.33.198.27 eq 8097
access-list outside-in extended permit tcp any host 216.33.198.27 eq 8090
access-list outside-in extended permit tcp any host 216.33.198.26 eq ftp inactive
access-list outside-in extended permit tcp any host 216.33.198.26 eq ssh inactive
access-list outside-in extended permit tcp any host 216.33.198.28 eq 81
access-list outside-in extended permit tcp any host 216.33.198.28 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.28 eq www
access-list outside-in extended permit tcp any host 216.33.198.28 eq ssh
access-list outside-in extended permit tcp any host 216.33.198.29 eq www
access-list outside-in extended permit tcp any host 216.33.198.28 eq 3389
access-list outside-in extended permit tcp any host 216.33.198.29 eq ssh
access-list outside-in extended permit tcp any host 216.33.198.30 eq ssh
access-list outside-in extended permit tcp any host 216.33.198.31 eq ssh
access-list outside-in extended permit tcp any host 216.33.198.20 object-group FileMaker
access-list outside-in extended permit tcp any host 216.33.198.20 eq 5003
access-list outside-in extended permit udp any host 216.33.198.20 eq 5003
access-list outside-in extended permit tcp any host 216.33.198.33 eq www
access-list outside-in extended permit tcp any host 216.33.198.33 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.33 eq https
access-list outside-in extended permit tcp any host 216.33.198.33 eq ftp-data
access-list outside-in extended permit tcp any host 216.33.198.33 eq ftp
access-list outside-in extended permit tcp any host 216.33.198.33 eq 8094
access-list outside-in extended permit tcp any host 216.33.198.33 eq 8096
access-list outside-in extended permit tcp any host 216.33.198.33 eq 8097
access-list outside-in extended permit tcp any host 216.33.198.33 eq 8090
access-list outside-in extended permit tcp any host 216.33.198.34 eq www
access-list outside-in extended permit tcp any host 216.33.198.34 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.34 eq https
access-list outside-in extended permit tcp any host 216.33.198.34 eq ftp-data
access-list outside-in extended permit tcp any host 216.33.198.34 eq ftp
access-list outside-in extended permit tcp any host 216.33.198.34 eq 8094
access-list outside-in extended permit tcp any host 216.33.198.34 eq 8096
access-list outside-in extended permit tcp any host 216.33.198.34 eq 8097
access-list outside-in extended permit tcp any host 216.33.198.34 eq 8090
access-list outside-in extended permit tcp any host 216.33.198.36 eq www
access-list outside-in extended permit tcp any host 216.33.198.36 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.36 eq https
access-list outside-in extended permit tcp any host 216.33.198.36 eq ftp-data
access-list outside-in extended permit tcp any host 216.33.198.36 eq ftp
access-list outside-in extended permit tcp any host 216.33.198.36 eq 8094
access-list outside-in extended permit tcp any host 216.33.198.36 eq 8096
access-list outside-in extended permit tcp any host 216.33.198.36 eq 8097
access-list outside-in extended permit tcp any host 216.33.198.36 eq 8090
access-list outside-in extended permit tcp any host 216.33.198.37 eq www
access-list outside-in extended permit tcp any host 216.33.198.37 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.37 eq https
access-list outside-in extended permit tcp any host 216.33.198.37 eq ftp
access-list outside-in extended permit tcp any host 216.33.198.37 eq ftp-data
access-list outside-in extended permit tcp any host 216.33.198.37 eq 8094
access-list outside-in extended permit tcp any host 216.33.198.37 eq 8096
access-list outside-in extended permit tcp any host 216.33.198.37 eq 8097
access-list outside-in extended permit tcp any host 216.33.198.37 eq 8090
access-list outside-in extended permit tcp any host 216.33.198.39 eq www
access-list outside-in extended permit tcp any host 216.33.198.39 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.39 eq https
access-list outside-in extended permit tcp any host 216.33.198.39 eq ftp-data
access-list outside-in extended permit tcp any host 216.33.198.39 eq ftp
access-list outside-in extended permit tcp any host 216.33.198.39 eq 8094
access-list outside-in extended permit tcp any host 216.33.198.39 eq 8096
access-list outside-in extended permit tcp any host 216.33.198.39 eq 8097
access-list outside-in extended permit tcp any host 216.33.198.39 eq 8090
access-list outside-in extended permit tcp any host 216.33.198.41 eq 3389
access-list outside-in extended permit tcp any host 216.33.198.41 eq www
access-list outside-in extended permit tcp any host 216.33.198.41 eq ftp
access-list outside-in extended permit tcp any host 216.33.198.41 eq ftp-data
access-list outside-in extended permit tcp any host 216.33.198.41 eq https
access-list outside-in extended permit tcp any host 216.33.198.41 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.42 eq 3389
access-list outside-in extended permit tcp any host 216.33.198.42 eq www
access-list outside-in extended permit tcp any host 216.33.198.42 eq https
access-list outside-in extended permit tcp any host 216.33.198.42 eq ftp
access-list outside-in extended permit tcp any host 216.33.198.42 eq ftp-data
access-list outside-in extended permit tcp any host 216.33.198.42 eq 8080
access-list outside-in extended permit tcp any host 216.33.198.28
access-list inside-out extended permit tcp any host 216.33.198.17 eq rtsp
access-list inside-out extended permit udp any host 216.33.198.17 eq 5004
access-list inside-out extended permit udp any host 216.33.198.17 eq 5005
access-list inside-out extended permit tcp any host 216.33.198.17 eq 1755
access-list inside-out extended permit udp any host 216.33.198.17 eq 1755
access-list rtsp-acl extended deny tcp any host 216.33.198.17 eq rtsp
access-list rtsp-acl extended permit tcp any any eq rtsp
access-list inside_nat0_outbound extended permit ip 10.203.204.0 255.255.255.0 10.203.204.0 255.255.255.192
access-list inside_nat0_outbound extended permit ip any 10.203.204.48 255.255.255.240
access-list inside_nat0_outbound extended permit ip any 10.203.204.0 255.255.255.192
access-list inside_nat0_outbound extended permit ip host 10.203.204.19 10.203.204.32 255.255.255.224
access-list inside_nat0_outbound extended permit ip 10.203.204.0 255.255.255.0 192.168.250.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 10.203.204.0 255.255.255.0 192.168.252.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip any 10.203.204.144 255.255.255.240
access-list inside_nat0_outbound extended permit ip host 216.33.198.33 165.89.0.0 255.255.0.0
access-list inside_nat0_outbound extended permit ip host 216.33.198.19 165.89.0.0 255.255.0.0
access-list inside_nat0_outbound extended permit ip host 216.33.198.17 165.89.0.0 255.255.0.0
access-list inside_nat0_outbound extended permit ip host 216.33.198.24 165.89.0.0 255.255.0.0
access-list inside_nat0_outbound extended permit ip host 216.33.198.20 any inactive
access-list inside_nat0_outbound extended permit ip 216.33.198.0 255.255.255.0 165.89.0.0 255.255.0.0
access-list inside_nat0_outbound extended permit ip any 10.203.204.48 255.255.255.248
access-list inside_nat0_outbound extended permit ip any 216.33.198.56 255.255.255.248
access-list dc2vpn_splitTunnelAcl standard permit 10.203.204.0 255.255.255.0
access-list dc2vpn_splitTunnelAcl standard permit 192.168.250.0 255.255.255.0
access-list dc2vpn_splitTunnelAcl standard permit 192.168.252.0 255.255.255.0
access-list dc2vpn_splitTunnelAcl standard permit any
access-list outside_map standard permit any
access-list Split_Tunnel_List standard permit 10.203.204.0 255.255.255.0
access-list test_splitTunnelAcl standard permit any
access-list outside_access_out extended permit tcp any host 12.71.134.75 inactive
access-list outside_in extended permit tcp host 12.71.134.75 any eq smtp
access-list outside_nat0_inbound extended permit ip host 216.33.198.21 host 165.89.130.31
access-list outside_nat0_inbound extended permit ip host 216.33.198.21 host 165.89.18.102
access-list outside_nat0_inbound extended permit ip host 216.33.198.21 host 165.89.18.103
access-list outside_nat0_inbound extended permit ip host 216.33.198.21 host 165.89.18.104
access-list outside_nat0_inbound extended permit ip 216.33.198.0 255.255.255.0 165.89.0.0 255.255.0.0
access-list outside_cryptomap_80 extended permit ip 10.203.204.0 255.255.255.0 192.168.250.0 255.255.255.0
access-list outside_cryptomap_60 extended deny ip host 216.33.198.33 165.89.0.0 255.255.0.0
access-list outside_cryptomap_60 extended deny ip host 216.33.198.19 165.89.0.0 255.255.0.0
access-list outside_cryptomap_60 extended deny ip host 216.33.198.17 165.89.0.0 255.255.0.0
access-list outside_cryptomap_60 extended deny ip host 216.33.198.24 165.89.0.0 255.255.0.0
access-list outside_cryptomap_60 extended permit ip 216.33.198.0 255.255.255.0 165.89.0.0 255.255.0.0
access-list outside_cryptomap_100 extended permit ip 10.203.204.0 255.255.255.0 192.168.252.0 255.255.255.0
access-list dc2vpntest_splitTunnelAcl standard permit 10.203.204.0 255.255.255.0
pager lines 24
logging enable
logging asdm informational
logging ftp-bufferwrap
logging ftp-server 10.203.204.10 logs asa ****
mtu outside 1500
mtu inside 1500
mtu insidesan 1500
mtu management 1500
ip local pool vpnpool 10.203.204.60-10.203.204.65 mask 255.255.255.0
failover
failover lan unit secondary
failover lan interface failover GigabitEthernet0/3
failover polltime unit msec 999 holdtime 3
failover polltime interface 5
failover link failover GigabitEthernet0/3
failover interface ip failover 172.16.100.1 255.255.255.252 standby 172.16.100.2
monitor-interface outside
monitor-interface inside
monitor-interface insidesan
no monitor-interface management
icmp permit 65.123.204.0 255.255.254.0 outside
asdm image disk0:/asdm-508.bin
no asdm history enable
arp timeout 14400
nat-control
nat (outside) 0 access-list outside_nat0_inbound outside
nat (inside) 0 access-list inside_nat0_outbound
static (inside,outside) 216.33.198.10 10.203.204.10 netmask 255.255.255.255
static (inside,outside) 216.33.198.11 10.203.204.11 netmask 255.255.255.255
static (inside,outside) 216.33.198.12 10.203.204.12 netmask 255.255.255.255
static (inside,outside) 216.33.198.13 10.203.204.13 netmask 255.255.255.255
static (inside,outside) 216.33.198.14 10.203.204.14 netmask 255.255.255.255
static (inside,outside) 216.33.198.15 10.203.204.15 netmask 255.255.255.255
static (inside,outside) 216.33.198.16 10.203.204.16 netmask 255.255.255.255
static (inside,outside) 216.33.198.17 10.203.204.17 netmask 255.255.255.255
static (inside,outside) 216.33.198.18 10.203.204.18 netmask 255.255.255.255
static (inside,outside) 216.33.198.19 10.203.204.19 netmask 255.255.255.255
static (inside,outside) 216.33.198.20 10.203.204.20 netmask 255.255.255.255
static (inside,outside) 216.33.198.21 10.203.204.21 netmask 255.255.255.255
static (inside,outside) 216.33.198.22 10.203.204.22 netmask 255.255.255.255
static (inside,outside) 216.33.198.23 10.203.204.23 netmask 255.255.255.255
static (inside,outside) 216.33.198.24 10.203.204.24 netmask 255.255.255.255
static (inside,outside) 216.33.198.25 10.203.204.25 netmask 255.255.255.255
static (inside,outside) 216.33.198.26 10.203.204.26 netmask 255.255.255.255
static (inside,outside) 216.33.198.27 10.203.204.27 netmask 255.255.255.255
static (inside,outside) 216.33.198.28 10.203.204.28 netmask 255.255.255.255
static (inside,outside) 216.33.198.29 10.203.204.29 netmask 255.255.255.255
static (inside,outside) 216.33.198.30 10.203.204.30 netmask 255.255.255.255
static (inside,outside) 216.33.198.31 10.203.204.31 netmask 255.255.255.255
static (inside,outside) 216.33.198.32 10.203.204.32 netmask 255.255.255.255
static (inside,outside) 216.33.198.33 10.203.204.33 netmask 255.255.255.255
static (inside,outside) 216.33.198.34 10.203.204.34 netmask 255.255.255.255
static (inside,outside) 216.33.198.35 10.203.204.35 netmask 255.255.255.255
static (inside,outside) 216.33.198.36 10.203.204.36 netmask 255.255.255.255
static (inside,outside) 216.33.198.37 10.203.204.37 netmask 255.255.255.255
static (inside,outside) 216.33.198.38 10.203.204.38 netmask 255.255.255.255
static (inside,outside) 216.33.198.39 10.203.204.39 netmask 255.255.255.255
static (inside,outside) 216.33.198.40 10.203.204.40 netmask 255.255.255.255
static (inside,outside) 216.33.198.41 10.203.204.41 netmask 255.255.255.255
static (inside,outside) 216.33.198.42 10.203.204.42 netmask 255.255.255.255
static (inside,outside) 216.33.198.43 10.203.204.43 netmask 255.255.255.255
static (inside,outside) 216.33.198.44 10.203.204.44 netmask 255.255.255.255
static (inside,outside) 216.33.198.45 10.203.204.45 netmask 255.255.255.255
static (inside,outside) 216.33.198.46 10.203.204.46 netmask 255.255.255.255
static (inside,outside) 216.33.198.47 10.203.204.47 netmask 255.255.255.255
static (inside,outside) 216.33.198.48 10.203.204.48 netmask 255.255.255.255
static (inside,outside) 216.33.198.49 10.203.204.49 netmask 255.255.255.255
static (inside,outside) 216.33.198.50 10.203.204.50 netmask 255.255.255.255
static (inside,outside) 216.33.198.51 10.203.204.51 netmask 255.255.255.255
static (inside,outside) 216.33.198.52 10.203.204.52 netmask 255.255.255.255
static (inside,outside) 216.33.198.53 10.203.204.53 netmask 255.255.255.255
static (inside,outside) 216.33.198.54 10.203.204.54 netmask 255.255.255.255
static (inside,outside) 216.33.198.55 10.203.204.55 netmask 255.255.255.255
static (inside,outside) 216.33.198.56 10.203.204.56 netmask 255.255.255.255
static (inside,outside) 216.33.198.57 10.203.204.57 netmask 255.255.255.255
static (inside,outside) 216.33.198.58 10.203.204.58 netmask 255.255.255.255
static (inside,outside) 216.33.198.59 10.203.204.59 netmask 255.255.255.255
static (inside,outside) 216.33.198.60 10.203.204.60 netmask 255.255.255.255
static (inside,outside) 216.33.198.61 10.203.204.61 netmask 255.255.255.255
static (inside,outside) 216.33.198.62 10.203.204.62 netmask 255.255.255.255
static (inside,outside) 216.33.198.63 10.203.204.63 netmask 255.255.255.255
static (inside,outside) 216.33.198.64 10.203.204.64 netmask 255.255.255.255
static (inside,outside) 216.33.198.65 10.203.204.65 netmask 255.255.255.255
static (inside,outside) 216.33.198.66 10.203.204.66 netmask 255.255.255.255
static (inside,outside) 216.33.198.67 10.203.204.67 netmask 255.255.255.255
static (inside,outside) 216.33.198.68 10.203.204.68 netmask 255.255.255.255
static (inside,outside) 216.33.198.69 10.203.204.69 netmask 255.255.255.255
static (inside,outside) 216.33.198.70 10.203.204.70 netmask 255.255.255.255
static (inside,outside) 216.33.198.71 10.203.204.71 netmask 255.255.255.255
static (inside,outside) 216.33.198.100 10.203.204.100 netmask 255.255.255.255
static (inside,outside) 216.33.198.101 10.203.204.101 netmask 255.255.255.255
static (inside,outside) 216.33.198.102 10.203.204.102 netmask 255.255.255.255
static (inside,outside) 216.33.198.103 10.203.204.103 netmask 255.255.255.255
static (inside,outside) 216.33.198.104 10.203.204.104 netmask 255.255.255.255
static (inside,outside) 216.33.198.105 10.203.204.105 netmask 255.255.255.255
static (inside,outside) 216.33.198.106 10.203.204.106 netmask 255.255.255.255
static (inside,outside) 216.33.198.107 10.203.204.107 netmask 255.255.255.255
static (inside,outside) 216.33.198.108 10.203.204.108 netmask 255.255.255.255
static (inside,outside) 216.33.198.109 10.203.204.109 netmask 255.255.255.255
static (inside,outside) 216.33.198.110 10.203.204.110 netmask 255.255.255.255
static (inside,outside) 216.33.198.111 10.203.204.111 netmask 255.255.255.255
static (inside,outside) 216.33.198.112 10.203.204.112 netmask 255.255.255.255
static (inside,outside) 216.33.198.113 10.203.204.113 netmask 255.255.255.255
static (inside,outside) 216.33.198.114 10.203.204.114 netmask 255.255.255.255
static (inside,outside) 216.33.198.115 10.203.204.115 netmask 255.255.255.255
static (inside,outside) 216.33.198.116 10.203.204.116 netmask 255.255.255.255
static (inside,outside) 216.33.198.117 10.203.204.117 netmask 255.255.255.255
static (inside,outside) 216.33.198.118 10.203.204.118 netmask 255.255.255.255
static (inside,outside) 216.33.198.119 10.203.204.119 netmask 255.255.255.255
static (inside,outside) 216.33.198.120 10.203.204.120 netmask 255.255.255.255
static (inside,outside) 216.33.198.121 10.203.204.121 netmask 255.255.255.255
static (inside,outside) 216.33.198.122 10.203.204.122 netmask 255.255.255.255
static (inside,outside) 216.33.198.123 10.203.204.123 netmask 255.255.255.255
static (inside,outside) 216.33.198.124 10.203.204.124 netmask 255.255.255.255
static (inside,outside) 216.33.198.125 10.203.204.125 netmask 255.255.255.255
static (inside,outside) 216.33.198.126 10.203.204.126 netmask 255.255.255.255
static (inside,outside) 216.33.198.127 10.203.204.127 netmask 255.255.255.255
static (inside,outside) 216.33.198.128 10.203.204.128 netmask 255.255.255.255
static (inside,outside) 216.33.198.129 10.203.204.129 netmask 255.255.255.255
static (inside,outside) 216.33.198.130 10.203.204.130 netmask 255.255.255.255
static (inside,outside) 216.33.198.131 10.203.204.131 netmask 255.255.255.255
static (inside,outside) 216.33.198.132 10.203.204.132 netmask 255.255.255.255
static (inside,outside) 216.33.198.133 10.203.204.133 netmask 255.255.255.255
static (inside,outside) 216.33.198.134 10.203.204.134 netmask 255.255.255.255
static (inside,outside) 216.33.198.135 10.203.204.135 netmask 255.255.255.255
static (inside,outside) 216.33.198.136 10.203.204.136 netmask 255.255.255.255
static (inside,outside) 216.33.198.137 10.203.204.137 netmask 255.255.255.255
static (inside,outside) 216.33.198.138 10.203.204.138 netmask 255.255.255.255
static (inside,outside) 216.33.198.139 10.203.204.139 netmask 255.255.255.255
static (inside,outside) 216.33.198.140 10.203.204.140 netmask 255.255.255.255
static (inside,outside) 216.33.198.141 10.203.204.141 netmask 255.255.255.255
static (inside,outside) 216.33.198.142 10.203.204.142 netmask 255.255.255.255
static (inside,outside) 216.33.198.143 10.203.204.143 netmask 255.255.255.255
static (inside,outside) 216.33.198.144 10.203.204.144 netmask 255.255.255.255
static (inside,outside) 216.33.198.145 10.203.204.145 netmask 255.255.255.255
static (inside,outside) 216.33.198.146 10.203.204.146 netmask 255.255.255.255
static (inside,outside) 216.33.198.147 10.203.204.147 netmask 255.255.255.255
static (inside,outside) 216.33.198.148 10.203.204.148 netmask 255.255.255.255
static (inside,outside) 216.33.198.149 10.203.204.149 netmask 255.255.255.255
static (inside,outside) 216.33.198.150 10.203.204.150 netmask 255.255.255.255
static (inside,outside) 216.33.198.151 10.203.204.151 netmask 255.255.255.255
static (inside,outside) 216.33.198.152 10.203.204.152 netmask 255.255.255.255
static (inside,outside) 216.33.198.153 10.203.204.153 netmask 255.255.255.255
static (inside,outside) 216.33.198.154 10.203.204.154 netmask 255.255.255.255
static (inside,outside) 216.33.198.155 10.203.204.155 netmask 255.255.255.255
static (inside,outside) 216.33.198.156 10.203.204.156 netmask 255.255.255.255
static (inside,outside) 216.33.198.157 10.203.204.157 netmask 255.255.255.255
static (inside,outside) 216.33.198.158 10.203.204.158 netmask 255.255.255.255
static (inside,outside) 216.33.198.159 10.203.204.159 netmask 255.255.255.255
static (inside,outside) 216.33.198.160 10.203.204.160 netmask 255.255.255.255
static (inside,outside) 216.33.198.161 10.203.204.161 netmask 255.255.255.255
static (inside,outside) 216.33.198.162 10.203.204.162 netmask 255.255.255.255
static (inside,outside) 216.33.198.163 10.203.204.163 netmask 255.255.255.255
static (inside,outside) 216.33.198.164 10.203.204.164 netmask 255.255.255.255
static (inside,outside) 216.33.198.165 10.203.204.165 netmask 255.255.255.255
static (inside,outside) 216.33.198.166 10.203.204.166 netmask 255.255.255.255
static (inside,outside) 216.33.198.167 10.203.204.167 netmask 255.255.255.255
static (inside,outside) 216.33.198.168 10.203.204.168 netmask 255.255.255.255
static (inside,outside) 216.33.198.169 10.203.204.169 netmask 255.255.255.255
static (inside,outside) 216.33.198.170 10.203.204.170 netmask 255.255.255.255
static (inside,outside) 216.33.198.171 10.203.204.171 netmask 255.255.255.255
static (inside,outside) 216.33.198.172 10.203.204.172 netmask 255.255.255.255
static (inside,outside) 216.33.198.173 10.203.204.173 netmask 255.255.255.255
static (inside,outside) 216.33.198.174 10.203.204.174 netmask 255.255.255.255
static (inside,outside) 216.33.198.175 10.203.204.175 netmask 255.255.255.255
static (inside,outside) 216.33.198.176 10.203.204.176 netmask 255.255.255.255
static (inside,outside) 216.33.198.177 10.203.204.177 netmask 255.255.255.255
static (inside,outside) 216.33.198.178 10.203.204.178 netmask 255.255.255.255
static (inside,outside) 216.33.198.179 10.203.204.179 netmask 255.255.255.255
static (inside,outside) 216.33.198.180 10.203.204.180 netmask 255.255.255.255
static (inside,outside) 216.33.198.181 10.203.204.181 netmask 255.255.255.255
static (inside,outside) 216.33.198.182 10.203.204.182 netmask 255.255.255.255
static (inside,outside) 216.33.198.183 10.203.204.183 netmask 255.255.255.255
static (inside,outside) 216.33.198.184 10.203.204.184 netmask 255.255.255.255
static (inside,outside) 216.33.198.185 10.203.204.185 netmask 255.255.255.255
static (inside,outside) 216.33.198.186 10.203.204.186 netmask 255.255.255.255
static (inside,outside) 216.33.198.187 10.203.204.187 netmask 255.255.255.255
static (inside,outside) 216.33.198.188 10.203.204.188 netmask 255.255.255.255
static (inside,outside) 216.33.198.189 10.203.204.189 netmask 255.255.255.255
static (inside,outside) 216.33.198.190 10.203.204.190 netmask 255.255.255.255
static (inside,outside) 216.33.198.191 10.203.204.191 netmask 255.255.255.255
static (inside,outside) 216.33.198.192 10.203.204.192 netmask 255.255.255.255
static (inside,outside) 216.33.198.193 10.203.204.193 netmask 255.255.255.255
static (inside,outside) 216.33.198.194 10.203.204.194 netmask 255.255.255.255
static (inside,outside) 216.33.198.195 10.203.204.195 netmask 255.255.255.255
static (inside,outside) 216.33.198.196 10.203.204.196 netmask 255.255.255.255
static (inside,outside) 216.33.198.197 10.203.204.197 netmask 255.255.255.255
static (inside,outside) 216.33.198.198 10.203.204.198 netmask 255.255.255.255
static (inside,outside) 216.33.198.199 10.203.204.199 netmask 255.255.255.255
static (inside,outside) 216.33.198.200 10.203.204.200 netmask 255.255.255.255
access-group outside-in in interface outside
route outside 0.0.0.0 0.0.0.0 216.33.198.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
group-policy test internal
group-policy test attributes
dns-server value 10.203.204.14 10.203.204.15
split-tunnel-policy tunnelspecified
split-tunnel-network-list value test_splitTunnelAcl
default-domain value yorkmedia.local
webvpn
group-policy tunneltest internal
group-policy tunneltest attributes
dns-server value 10.203.204.14 4.2.2.2
default-domain value yorkmedia.local
webvpn
group-policy testpol internal
group-policy testpol attributes
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelall
split-tunnel-network-list value dc2vpn_splitTunnelAcl
webvpn
group-policy aes internal
group-policy aes attributes
dns-server value 10.203.204.14 10.203.204.15
vpn-tunnel-protocol IPSec
group-lock value aestest
webvpn
group-policy grouptest internal
group-policy grouptest attributes
dns-server value 10.203.204.14 4.2.2.2
default-domain value yorkmedia.local
webvpn
group-policy dc2vpntest internal
group-policy dc2vpntest attributes
split-tunnel-policy tunnelspecified
split-tunnel-network-list value dc2vpntest_splitTunnelAcl
webvpn
group-policy dc2vpn internal
group-policy dc2vpn attributes
dns-server value 10.203.204.14 10.203.204.15
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value dc2vpn_splitTunnelAcl
webvpn
group-policy BMSTV internal
group-policy BMSTV attributes
wins-server none
dns-server none
dhcp-network-scope none
vpn-access-hours none
vpn-simultaneous-logins 3
vpn-idle-timeout none
vpn-session-timeout none
vpn-filter none
vpn-tunnel-protocol IPSec
password-storage disable
ip-comp disable
re-xauth disable
group-lock none
pfs disable
ipsec-udp disable
ipsec-udp-port 10000
split-tunnel-policy tunnelall
split-tunnel-network-list none
default-domain none
split-dns none
secure-unit-authentication disable
user-authentication disable
user-authentication-idle-timeout none
ip-phone-bypass disable
leap-bypass disable
nem disable
backup-servers keep-client-config
client-firewall none
client-access-rule none
webvpn
username mmaxey password zSSKHLc.gx8szpy2 encrypted privilege 15
username mmaxey attributes
vpn-group-policy dc2vpn
webvpn
username jjohnstone password qElIg/rYW4OoTIEP encrypted privilege 15
username jjohnstone attributes
vpn-group-policy dc2vpntest
webvpn
username sragona password ZgCBom/StrITlFdU encrypted
username sragona attributes
vpn-group-policy dc2vpn
webvpn
username admin password 5zvQXQPrcnyHyGKm encrypted
username seng password PP8UcINDKi7BSsj2 encrypted
username seng attributes
vpn-group-policy dc2vpn
webvpn
username chauser password I3OIxCe8FBONQlhK encrypted
username chauser attributes
vpn-group-policy dc2vpn
webvpn
aaa authentication ssh console LOCAL
aaa authentication telnet console LOCAL
http server enable
http 65.123.204.0 255.255.254.0 outside
http 0.0.0.0 0.0.0.0 outside
http 10.203.204.0 255.255.254.0 inside
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map outside_dyn_map 20 set pfs group7
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-AES-256-SHA
crypto dynamic-map outside_dyn_map 20 set security-association lifetime seconds 28800
crypto dynamic-map outside_dyn_map 20 set security-association lifetime kilobytes 4608000
crypto map outside_map 60 match address outside_cryptomap_60
crypto map outside_map 60 set peer 165.89.240.1
crypto map outside_map 60 set transform-set ESP-3DES-SHA
crypto map outside_map 60 set security-association lifetime seconds 28800
crypto map outside_map 60 set security-association lifetime kilobytes 4608000
crypto map outside_map 80 match address outside_cryptomap_80
crypto map outside_map 80 set pfs
crypto map outside_map 80 set peer 64.19.183.67
crypto map outside_map 80 set transform-set ESP-3DES-SHA
crypto map outside_map 80 set security-association lifetime seconds 28800
crypto map outside_map 80 set security-association lifetime kilobytes 4608000
crypto map outside_map 100 match address outside_cryptomap_100
crypto map outside_map 100 set pfs
crypto map outside_map 100 set peer 64.241.196.50
crypto map outside_map 100 set transform-set ESP-3DES-SHA
crypto map outside_map 100 set security-association lifetime seconds 28800
crypto map outside_map 100 set security-association lifetime kilobytes 4608000
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
isakmp enable outside
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
isakmp policy 30 authentication pre-share
isakmp policy 30 encryption aes-256
isakmp policy 30 hash sha
isakmp policy 30 group 5
isakmp policy 30 lifetime 86400
isakmp policy 50 authentication pre-share
isakmp policy 50 encryption aes-256
isakmp policy 50 hash sha
isakmp policy 50 group 7
isakmp policy 50 lifetime 86400
isakmp nat-traversal 20
isakmp ipsec-over-tcp port 10000
tunnel-group DefaultRAGroup ipsec-attributes
pre-shared-key *
tunnel-group dc2vpn type ipsec-ra
tunnel-group dc2vpn general-attributes
address-pool vpnpool
default-group-policy dc2vpn
tunnel-group dc2vpn ipsec-attributes
pre-shared-key *
tunnel-group test type ipsec-ra
tunnel-group test general-attributes
default-group-policy test
tunnel-group test ipsec-attributes
pre-shared-key *
tunnel-group 165.89.240.1 type ipsec-l2l
tunnel-group 165.89.240.1 general-attributes
default-group-policy BMSTV
tunnel-group 165.89.240.1 ipsec-attributes
pre-shared-key *
isakmp keepalive threshold 3600 retry 2
tunnel-group 64.19.183.67 type ipsec-l2l
tunnel-group 64.19.183.67 ipsec-attributes
pre-shared-key *
tunnel-group 64.241.196.50 type ipsec-l2l
tunnel-group 64.241.196.50 ipsec-attributes
pre-shared-key *
isakmp keepalive disable
tunnel-group dc2vpntest type ipsec-ra
tunnel-group dc2vpntest general-attributes
default-group-policy dc2vpntest
tunnel-group dc2vpntest ipsec-attributes
pre-shared-key *
tunnel-group aestest type ipsec-ra
tunnel-group aestest general-attributes
address-pool vpnpool
default-group-policy aes
tunnel-group aestest ipsec-attributes
pre-shared-key *
tunnel-group TunnelGroup1 type ipsec-ra
tunnel-group TunnelGroup1 general-attributes
address-pool vpnpool
telnet 10.203.204.10 255.255.255.255 inside
telnet timeout 5
ssh 65.123.204.0 255.255.254.0 outside
ssh 10.203.204.0 255.255.254.0 inside
ssh timeout 5
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd lease 3600
dhcpd ping_timeout 50
class-map rtsp-traffic
match access-list rtsp-acl
class-map inspection_default
match default-inspection-traffic
policy-map global_policy
class inspection_default
inspect dns maximum-length 512
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect icmp
class rtsp-traffic
inspect rtsp
service-policy global_policy global
tftp-server inside 10.203.204.10 dc2asa01/config
Cryptochecksum:6d74d3994ea6764893c420f477568aac
: endYou have three site-site VPNs and a remote access VPN setup. so the statement "Suddenly no one can access the remote LAN over VPN. " is a bit ambiguous in that context.
From which source to what destination is not working for you? -
Hyper-V Cluster went wacky, ERROR_TIMEOUT (1460), Remote Administration, Remote Registry
Each Hyper-V host is a Windows 2012 Server
Each host is Connected to a Dell Powervault MD3260 via Dual SAS Cables.
We started getting Errors similar to the Following:
Log Name: System
Source: Microsoft-Windows-FailoverClustering
Date: 9/22/2014 12:01:24 PM
Event ID: 5142
Task Category: Cluster Shared Volume
Level: Error
Keywords:
User: SYSTEM
Computer: SVR-HBG-VM4.HAYDON-MILL.COM
Description:
Cluster Shared Volume 'VSVR_File_Data' ('VSVR_File_Data') is no longer accessible from this cluster node because
of error 'ERROR_TIMEOUT(1460)'. Please troubleshoot this node's connectivity to the storage device and network connectivity.
The CSV Resources that were giving the Timeout Errors were all managed on one specific host, other CSVs on the Powervault were all working fine form the Host reporting the timeout error.
Each of the Host then started to have issues with timeouts to other CSV. Dell Tech Support interrogated the Powervault and found no issued with the Connectivity and no events were present on the Powervault indicating an issue.
Each of the Host would then hand in Explorer, the Task bar would have no icons in the task bar and turn to hourglass when moving mouse to it.
Failover Cluster Manager would sometimes work, then stop working, It would not update the status of the VMs. They would jsut stay at "Loading..." Hyper-V Manager would have similar issues.
We ended up Shutting down all of the VMs and the Cluster and then bringing it back online. Though in the Process we had to tweak some things, the DNS settings on the Hosts were pointing to a VM that was Offline that was fixed. We could not reconnect to the
cluster after we turned on the Hosts. We were getting RPC server unavailable.
I ended up turning off the Firewalls, resetting the NICs and things started to get better.
8 Minutes prior to the Issues did make a few GPO Changes.
Windows Firewall: Allow inbound Remote Desktop Exception Domain Profile
was 10.0.0.0/8
Changed to 10.0.0.0/8,10.1.0.0/16
Windows Firewall: Allow inbound Remote Desktop Exception Standard Profile
10.1.0.0/16, localsubnet
Windows Firewall: Allow inbound Remote administration Exception Domain Profile
was localsubnet,10.0.0.0/8
Changed to localsubnet,10.0.0.0/8,10.1.0.0/16
Windows Firewall: Allow inbound Remote administration Exception Standard Profile
10.1.0.0/16, localsubnet
Remote Registry Service
Set to Manual Start
So my Question is, could these changes of Affected the Hyper-V Hosts in the Cluster?
Thanks!
Scott<-I guess I don't see why what I did caused this? The only Change that should of been a Limitation was the Remote Registry set to Manual. If the service on the Clusters was set to Automatic and I set it to Manual, I could see that happening. I removed
that setting in the GPO, though I never altered the service on the Cluster Hosts afterwards.
I Guess if in the Setup of the Cluster Hosts it Changed the Inbound Rules in the Firewall and then I limited them further, though I allowed the LocalSubnet and all of the Hosts are in the local subnet. 10.1.0.0/16.
One Host finally came back online and was able to start VMs and Connect to the cluster without stopping the firewall. Its firewall was only turned off later to match the other three hosts.
Do the Cluster Hosts use the ports for Remote Administration to Communicate to each other?
Here is another thought, Do they communicate to each other via the Management Port or the Redundant Network Link? the Redundant Channel Link is in 10.99.0.0/24 Though Each of the changes I made had either
10.0.0.0/8 which should be a super-set of 10.99.0.0/24 or it had LocalSubnet, which should be 10.99.0.0/24
I just want to be sure that was really the cause and turning off the firewalls was not just masking another issue.
Thanks,
Scott<-
Maybe you are looking for
-
Can Cover Flow view be limited to playback of only one album at a time?
Hi all, I've been using the Cover Flow view in my iTunes Library more and more lately (after years of suffering owning a slow machine). But there has been a question regarding playback that has been slightly nagging me for a little while. I couldn't
-
Pre-parsing user-entered query strings
I'm looking for a robust PL/SQL (or other) script for pre-parsing user-entered query strings, so I can make intermedia work like familiar search engines. (Think Yahoo/Alta Vista.) It has to deal gracefully and intuitively with embedded special charac
-
Hello all I currently own an ADS Pyro device to handle video previews between my computer and a HD TV. I am working all in HD now, and the device does not handle HD (it is 4 years old). While it worked well for SD and analog captures, I always had li
-
Blackberry bridge update 1.0.5.6 and PB update available 1.0.7.2942
Only minor bugs fixes though...
-
Hello, I' ve accidentally executed IDXPW transaction and activated IDOC Message Packages for specific Sender ID and Recever ID ! Now all IDOC messages stuck in status WAITING in SXMB_MONI until I enter IDXP transaction and execute a job which pro