Inspect other firewall traffic using ASA 5585-X IPS SSP
Is it possible to inspect traffic from other firewalls (say checkpoint firewall) apart from the one the ASA firewall the ASA IPS SSP is running on?
Any help will be appreciated
O.
Hello Amit,
Can you share :
show ips detail
show module 1 details
show service-policy
Now, can you explain a little about this:
on the switch end port tengig 1/8 is connected on nexus and specific vlans are monotored on that interface. But as of now i am not able to see any traffic on that interface. I dont know what wrong i am doing as this is the firstime on this IPS module. there is no ports connected on the firewall. only port connected is tengig 1/8 which is on the ips module which is in promisucs mode.
I mean the firewall is the one that will redirect the traffic to the IPS sensor so not sure I follow you!
Looking for some Networking Assistance?
Contact me directly at [email protected]
I will fix your problem ASAP.
Cheers,
Julio Carvajal Segura
http://laguiadelnetworking.com
Similar Messages
-
ASA 5585-X IPS SSP system image recovery?
SSP-10 in slot 0
IPS SSP-60 in slot 1
This is not a supported configuration but does it actually work?
On one chassis the system image is missing from IPS SSP-60. I attempted hw-module recovery from tftp but it just gets stuck in recovery mode. IPS SSP console says pretty much says its in boot loop because it does not have a valid image.
The procedure I used
http://www.cisco.com/en/US/docs/security/ips/7.1/installation/guide/hw_system_images.html#wp1371782
I can download the image via tftp to flash but the recovery for IPS SSP just does't load from tftp.
When there are two modules in the chassis, the management port for IPS SSP-60 comes up (green) but I don't see management 1/0 port. Is it still referenced by management 0/0 on IPS SSP console?It sounds surprisingly about ASA5515 and SCM 4.3
coz of following URLs:
http://www.cisco.com/c/en/us/td/docs/security/security_management/cisco_security_manager/security_manager/4-4/release/notes/csmrn44.html#wp70531
Cisco Security Manager 4.4
In addition to resolved caveats, this release includes the following new features and enhancements:
•The following devices are now supported in Security Manager 4.4:
–ASA 9.0(1).
–ASA 9.1 and its compatible ASDM.
–ASA 8.4(5).
–Cisco Catalyst 7600 Series ASA Services Modules (ASA-SM).
–ASR backward compatibility support.
http://www.cisco.com/c/en/us/td/docs/security/security_management/cisco_security_manager/security_manager/4-5/release/notes/csmrn45.html#wp362107
Support for additional devices (for detailed compatibility information, refer to Supported Devices and Software Versions for Cisco Security Manager 4.5 ):
–IPS 7.1(8) and 7.2(1)
–ASA 8.4(6)
–ASA 9.1(2) and 9.1(3) (both standalone ASA and ASA-SM)
–ISR 4451 with IOS-XE 3.9 image -
3G VPN established but no traffic using ASA 5505
Hi All,
hoping that someone can help me here. We are able to esatblish VPN connection but we cannot pass traffic out.
Here are the details.
ISP has a range of 25.16.0.0/15 and they are doing Natting.
We are using Raven X and ASA5505 is connected. Session is established but can't pass traffic or ping.
router output:
ASA Version 8.2(2)
hostname DR-5505-50
domain-name dont know
enable password xxxxxx encrypted passwd kOuREZbrVpcZibgH encrypted names name 192.168.0.0 Corp name 10.10.0.0 device !
interface Vlan1
nameif inside
security-level 100
ip address 10.10.254.254 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns server-group DefaultDNS
domain-name network.comsame-security-traffic permit inter-interface same-security-traffic permit intra-interface object-group network never network-object Jobsites 255.255.0.0 network-object Corp 255.255.0.0 access-list outside_1_cryptomap extended permit ip 10.10.254.0
255.255.255.0 object-group network access-list inside_nat0_outbound extended permit ip 10.10.254.0
255.255.255.0 object-group networkn
access-list inside_access_in extended permit ip 10.10.254.0 255.255.255.0 any pager lines 24 logging asdm informational mtu inside 1500 mtu outside 1500 icmp unreachable rate-limit 1 burst-size 1 icmp permit any inside icmp permit any outside no asdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 0 access-list inside_nat0_outbound nat (inside) 1 0.0.0.0 0.0.0.0 access-group inside_access_in in interface inside access-group outside_access_in in interface outside timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat
0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect
0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 dynamic-access-policy-record DfltAccessPolicy aaa authentication ssh console LOCAL http server enable http 0.0.0.0 0.0.0.0 outside http 0.0.0.0 0.0.0.0 inside snmp-server host inside 192.168.152.28 community edsnmp version 2c no snmp-server location no snmp-server contact snmp-server community edsnmp snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec security-association lifetime seconds 28800 crypto ipsec security-association lifetime kilobytes 4608000 crypto map outside_map 1 match address outside_1_cryptomap crypto map outside_map 1 set pfs group1 crypto map outside_map 1 set peer 204.101.74.2 crypto map outside_map 1 set transform-set ESP-3DES-SHA crypto map outside_map interface outside crypto isakmp identity hostname crypto isakmp enable outside crypto isakmp policy 10 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 crypto isakmp policy 65535 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 no crypto isakmp nat-traversal telnet timeout 5 ssh 0.0.0.0 0.0.0.0 inside ssh 0.0.0.0 0.0.0.0 outside ssh timeout 60 console timeout 0 management-access inside dhcpd auto_config outside !
dhcpd address 10.10.254.70-10.10.254.169 inside dhcpd dns 192.168.152.21 192.168.160.21 interface inside dhcpd lease 432000 interface inside dhcpd domain name.com interface inside dhcpd option 3 ip 10.10.254.254 interface inside dhcpd enable inside !
vpnclient management clear
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept webvpn tunnel-group-list enable username admin password Xhasdfuasdhsdfh encrypted privilege 15 tunnel-group x.x.x.x type ipsec-l2l tunnel-group x.x.x.xipsec-attributes pre-shared-key dynamicvpn !
prompt hostname context
call-home
profile CiscoTAC-1
no active
destination address http
whatever.com
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:
Log file:
6|May 06 2013|07:00:01|302016|192.168.160.21|53|10.10.254.70|57967|Teardown UDP connection 245 for outside:192.168.160.21/53 to inside:10.10.254.70/57967 duration 0:02:07 bytes 148
6|May 06 2013|07:00:01|302016|192.168.152.21|53|10.10.254.70|57967|Teardown UDP connection 243 for outside:192.168.152.21/53 to inside:10.10.254.70/57967 duration 0:02:08 bytes 111
6|May 06 2013|06:59:58|302021|192.168.152.21|0|10.10.254.70|1|Teardown ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
6|May 06 2013|06:59:57|302015|192.168.160.21|53|10.10.254.70|52108|Built outbound UDP connection 349 for outside:192.168.160.21/53 (192.168.160.21/53) to inside:10.10.254.70/52108 (10.10.254.70/52108)
6|May 06 2013|06:59:56|302015|192.168.160.21|53|10.10.254.70|50503|Built outbound UDP connection 348 for outside:192.168.160.21/53 (192.168.160.21/53) to inside:10.10.254.70/50503 (10.10.254.70/50503)
6|May 06 2013|06:59:56|302016|192.168.160.21|53|10.10.254.70|54304|Teardown UDP connection 241 for outside:192.168.160.21/53 to inside:10.10.254.70/54304 duration 0:02:07 bytes 236
6|May 06 2013|06:59:56|302016|192.168.152.21|53|10.10.254.70|54304|Teardown UDP connection 240 for outside:192.168.152.21/53 to inside:10.10.254.70/54304 duration 0:02:08 bytes 177
6|May 06 2013|06:59:56|302020|10.10.254.70|1|192.168.152.21|0|Built outbound ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
6|May 06 2013|06:59:56|302015|192.168.152.21|53|10.10.254.70|52108|Built outbound UDP connection 346 for outside:192.168.152.21/53 (192.168.152.21/53) to inside:10.10.254.70/52108 (10.10.254.70/52108)
6|May 06 2013|06:59:55|302015|192.168.152.21|53|10.10.254.70|50503|Built outbound UDP connection 345 for outside:192.168.152.21/53 (192.168.152.21/53) to inside:10.10.254.70/50503 (10.10.254.70/50503)
6|May 06 2013|06:59:55|302016|192.168.160.21|53|10.10.254.70|65422|Teardown UDP connection 238 for outside:192.168.160.21/53 to inside:10.10.254.70/65422 duration 0:02:07 bytes 136
6|May 06 2013|06:59:55|302016|192.168.152.21|53|10.10.254.70|65422|Teardown UDP connection 237 for outside:192.168.152.21/53 to inside:10.10.254.70/65422 duration 0:02:08 bytes 102
6|May 06 2013|06:59:54|302021|192.168.152.21|0|10.10.254.70|1|Teardown ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
6|May 06 2013|06:59:54|302015|192.168.160.21|53|10.10.254.70|51008|Built outbound UDP connection 344 for outside:192.168.160.21/53 (192.168.160.21/53) to inside:10.10.254.70/51008 (10.10.254.70/51008)
6|May 06 2013|06:59:53|302015|192.168.152.21|53|10.10.254.70|51008|Built outbound UDP connection 343 for outside:192.168.152.21/53 (192.168.152.21/53) to inside:10.10.254.70/51008 (10.10.254.70/51008)
6|May 06 2013|06:59:53|302016|192.168.160.21|53|10.10.254.70|50300|Teardown UDP connection 236 for outside:192.168.160.21/53 to inside:10.10.254.70/50300 duration 0:02:07 bytes 152
6|May 06 2013|06:59:53|302016|192.168.152.21|53|10.10.254.70|50300|Teardown UDP connection 234 for outside:192.168.152.21/53 to inside:10.10.254.70/50300 duration 0:02:08 bytes 114
6|May 06 2013|06:59:53|302016|192.168.160.21|53|10.10.254.70|49286|Teardown UDP connection 235 for outside:192.168.160.21/53 to inside:10.10.254.70/49286 duration 0:02:07 bytes 152
6|May 06 2013|06:59:53|302016|192.168.152.21|53|10.10.254.70|49286|Teardown UDP connection 233 for outside:192.168.152.21/53 to inside:10.10.254.70/49286 duration 0:02:08 bytes 114
6|May 06 2013|06:59:52|302020|10.10.254.70|1|192.168.152.21|0|Built outbound ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
6|May 06 2013|06:59:50|302016|192.168.160.21|53|10.10.254.70|57306|Teardown UDP connection 231 for outside:192.168.160.21/53 to inside:10.10.254.70/57306 duration 0:02:07 bytes 152
6|May 06 2013|06:59:50|302016|192.168.152.21|53|10.10.254.70|57306|Teardown UDP connection 229 for outside:192.168.152.21/53 to inside:10.10.254.70/57306 duration 0:02:08 bytes 114
6|May 06 2013|06:59:50|302021|192.168.152.21|0|10.10.254.70|1|Teardown ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
6|May 06 2013|06:59:49|302014|129.22.177.79|31663|10.10.254.70|34470|Teardown TCP connection 322 for outside:129.22.177.79/31663 to inside:10.10.254.70/34470 duration 0:00:30 bytes 0 SYN Timeout
6|May 06 2013|06:59:49|302016|192.168.160.21|53|10.10.254.70|54646|Teardown UDP connection 230 for outside:192.168.160.21/53 to inside:10.10.254.70/54646 duration 0:02:07 bytes 160
6|May 06 2013|06:59:49|302016|192.168.152.21|53|10.10.254.70|54646|Teardown UDP connection 227 for outside:192.168.152.21/53 to inside:10.10.254.70/54646 duration 0:02:08 bytes 120
6|May 06 2013|06:59:49|302016|192.168.160.21|53|10.10.254.70|64481|Teardown UDP connection 228 for outside:192.168.160.21/53 to inside:10.10.254.70/64481 duration 0:02:07 bytes 152
6|May 06 2013|06:59:49|302016|192.168.152.21|53|10.10.254.70|64481|Teardown UDP connection 226 for outside:192.168.152.21/53 to inside:10.10.254.70/64481 duration 0:02:08 bytes 114
6|May 06 2013|06:59:48|302020|10.10.254.70|1|192.168.152.21|0|Built outbound ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
6|May 06 2013|06:59:47|305012|10.10.254.70|34468|192.168.13.100|55721|Teardown dynamic TCP translation from inside:10.10.254.70/34468 to outside:192.168.13.100/55721 duration 0:01:30
6|May 06 2013|06:59:46|305012|10.10.254.70|34467|192.168.13.100|48446|Teardown dynamic TCP translation from inside:10.10.254.70/34467 to outside:192.168.13.100/48446 duration 0:01:30
6|May 06 2013|06:59:46|302016|192.168.152.21|53|10.10.254.70|63417|Teardown UDP connection 224 for outside:192.168.152.21/53 to inside:10.10.254.70/63417 duration 0:02:07 bytes 111
6|May 06 2013|06:59:46|302016|192.168.160.21|53|10.10.254.70|63417|Teardown UDP connection 223 for outside:192.168.160.21/53 to inside:10.10.254.70/63417 duration 0:02:08 bytes 148
6|May 06 2013|06:59:46|302021|192.168.152.21|0|10.10.254.70|1|Teardown ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
6|May 06 2013|06:59:44|302020|10.10.254.70|1|192.168.152.21|0|Built outbound ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
6|May 06 2013|06:59:42|302021|192.168.152.21|0|10.10.254.70|1|Teardown ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
6|May 06 2013|06:59:40|302015|192.168.152.21|53|10.10.254.70|62424|Built outbound UDP connection 339 for outside:192.168.152.21/53 (192.168.152.21/53) to inside:10.10.254.70/62424 (10.10.254.70/62424)
6|May 06 2013|06:59:40|302020|10.10.254.70|1|192.168.152.21|0|Built outbound ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
6|May 06 2013|06:59:39|302015|192.168.160.21|53|10.10.254.70|62424|Built outbound UDP connection 337 for outside:192.168.160.21/53 (192.168.160.21/53) to inside:10.10.254.70/62424 (10.10.254.70/62424)
6|May 06 2013|06:59:38|302021|192.168.152.21|0|10.10.254.70|1|Teardown ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
6|May 06 2013|06:59:37|302016|192.168.152.21|53|10.10.254.70|59943|Teardown UDP connection 219 for outside:192.168.152.21/53 to inside:10.10.254.70/59943 duration 0:02:07 bytes 108
6|May 06 2013|06:59:37|302016|192.168.160.21|53|10.10.254.70|59943|Teardown UDP connection 218 for outside:192.168.160.21/53 to inside:10.10.254.70/59943 duration 0:02:08 bytes 144
6|May 06 2013|06:59:37|302015|192.168.152.21|53|10.10.254.70|58710|Built outbound UDP connection 336 for outside:192.168.152.21/53 (192.168.152.21/53) to inside:10.10.254.70/58710 (10.10.254.70/58710)
6|May 06 2013|06:59:36|302020|10.10.254.70|1|192.168.152.21|0|Built outbound ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
6|May 06 2013|06:59:36|302015|192.168.160.21|53|10.10.254.70|58710|Built outbound UDP connection 334 for outside:192.168.160.21/53 (192.168.160.21/53) to inside:10.10.254.70/58710 (10.10.254.70/58710)
6|May 06 2013|06:59:36|302016|192.168.152.21|53|10.10.254.70|51377|Teardown UDP connection 217 for outside:192.168.152.21/53 to inside:10.10.254.70/51377 duration 0:02:07 bytes 114
6|May 06 2013|06:59:36|302016|192.168.160.21|53|10.10.254.70|51377|Teardown UDP connection 215 for outside:192.168.160.21/53 to inside:10.10.254.70/51377 duration 0:02:08 bytes 152
6|May 06 2013|06:59:34|302016|192.168.152.21|53|10.10.254.70|56751|Teardown UDP connection 214 for outside:192.168.152.21/53 to inside:10.10.254.70/56751 duration 0:02:07 bytes 111
6|May 06 2013|06:59:34|302016|192.168.160.21|53|10.10.254.70|56751|Teardown UDP connection 213 for outside:192.168.160.21/53 to inside:10.10.254.70/56751 duration 0:02:08 bytes 148
6|May 06 2013|06:59:34|302021|192.168.152.21|0|10.10.254.70|1|Teardown ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
6|May 06 2013|06:59:32|302020|10.10.254.70|1|192.168.152.21|0|Built outbound ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
6|May 06 2013|06:59:32|302016|192.168.152.21|53|10.10.254.70|63965|Teardown UDP connection 212 for outside:192.168.152.21/53 to inside:10.10.254.70/63965 duration 0:02:07 bytes 114
6|May 06 2013|06:59:32|302016|192.168.160.21|53|10.10.254.70|63965|Teardown UDP connection 210 for outside:192.168.160.21/53 to inside:10.10.254.70/63965 duration 0:02:08 bytes 152
6|May 06 2013|06:59:30|302021|192.168.152.21|0|10.10.254.70|1|Teardown ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
6|May 06 2013|06:59:28|302016|192.168.152.21|137|10.10.254.70|137|Teardown UDP connection 211 for outside:192.168.152.21/137 to inside:10.10.254.70/137 duration 0:02:04 bytes 150
6|May 06 2013|06:59:28|302015|192.168.152.21|53|10.10.254.70|57795|Built outbound UDP connection 332 for outside:192.168.152.21/53 (192.168.152.21/53) to inside:10.10.254.70/57795 (10.10.254.70/57795)
6|May 06 2013|06:59:28|302020|10.10.254.70|1|192.168.152.21|0|Built outbound ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
6|May 06 2013|06:59:28|302016|192.168.152.21|53|10.10.254.70|60822|Teardown UDP connection 206 for outside:192.168.152.21/53 to inside:10.10.254.70/60822 duration 0:02:07 bytes 114
6|May 06 2013|06:59:28|302016|192.168.160.21|53|10.10.254.70|60822|Teardown UDP connection 205 for outside:192.168.160.21/53 to inside:10.10.254.70/60822 duration 0:02:08 bytes 152
6|May 06 2013|06:59:27|302015|192.168.160.21|53|10.10.254.70|57795|Built outbound UDP connection 330 for outside:192.168.160.21/53 (192.168.160.21/53) to inside:10.10.254.70/57795 (10.10.254.70/57795)
6|May 06 2013|06:59:26|302015|192.168.152.21|53|10.10.254.70|54989|Built outbound UDP connection 329 for outside:192.168.152.21/53 (192.168.152.21/53) to inside:10.10.254.70/54989 (10.10.254.70/54989)
6|May 06 2013|06:59:26|302021|192.168.152.21|0|10.10.254.70|1|Teardown ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
6|May 06 2013|06:59:25|302015|192.168.160.21|53|10.10.254.70|54989|Built outbound UDP connection 328 for outside:192.168.160.21/53 (192.168.160.21/53) to inside:10.10.254.70/54989 (10.10.254.70/54989)
6|May 06 2013|06:59:25|302015|192.168.152.21|53|10.10.254.70|58248|Built outbound UDP connection 327 for outside:192.168.152.21/53 (192.168.152.21/53) to inside:10.10.254.70/58248 (10.10.254.70/58248)
6|May 06 2013|06:59:24|302020|10.10.254.70|1|192.168.152.21|0|Built outbound ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
6|May 06 2013|06:59:24|302015|192.168.160.21|53|10.10.254.70|58248|Built outbound UDP connection 325 for outside:192.168.160.21/53 (192.168.160.21/53) to inside:10.10.254.70/58248 (10.10.254.70/58248)
6|May 06 2013|06:59:22|302016|192.168.152.21|53|10.10.254.70|52148|Teardown UDP connection 204 for outside:192.168.152.21/53 to inside:10.10.254.70/52148 duration 0:02:07 bytes 111
6|May 06 2013|06:59:22|302016|192.168.160.21|53|10.10.254.70|52148|Teardown UDP connection 201 for outside:192.168.160.21/53 to inside:10.10.254.70/52148 duration 0:02:08 bytes 148
6|May 06 2013|06:59:22|302021|192.168.152.21|0|10.10.254.70|1|Teardown ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
6|May 06 2013|06:59:20|302013|129.22.177.79|31663|10.10.254.70|34471|Built outbound TCP connection 324 for outside:129.22.177.79/31663 (129.22.177.79/31663) to inside:10.10.254.70/34471 (192.168.13.100/60918)
6|May 06 2013|06:59:20|305011|10.10.254.70|34471|192.168.13.100|60918|Built dynamic TCP translation from inside:10.10.254.70/34471 to outside:192.168.13.100/60918
6|May 06 2013|06:59:20|302020|10.10.254.70|1|192.168.152.21|0|Built outbound ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
6|May 06 2013|06:59:20|302016|192.168.152.21|53|10.10.254.70|50470|Teardown UDP connection 200 for outside:192.168.152.21/53 to inside:10.10.254.70/50470 duration 0:02:07 bytes 135
6|May 06 2013|06:59:20|302016|192.168.160.21|53|10.10.254.70|50470|Teardown UDP connection 199 for outside:192.168.160.21/53 to inside:10.10.254.70/50470 duration 0:02:08 bytes 180
6|May 06 2013|06:59:20|302014|71.207.1.189|1761|10.10.254.70|34468|Teardown TCP connection 275 for outside:71.207.1.189/1761 to inside:10.10.254.70/34468 duration 0:01:02 bytes 376 TCP FINs
6|May 06 2013|06:59:19|302013|129.22.177.79|31663|10.10.254.70|34470|Built outbound TCP connection 322 for outside:129.22.177.79/31663 (129.22.177.79/31663) to inside:10.10.254.70/34470 (192.168.13.100/64832)
6|May 06 2013|06:59:19|305011|10.10.254.70|34470|192.168.13.100|64832|Built dynamic TCP translation from inside:10.10.254.70/34470 to outside:192.168.13.100/64832
6|May 06 2013|06:59:18|302014|67.86.118.52|17365|10.10.254.70|34467|Teardown TCP connection 274 for outside:67.86.118.52/17365 to inside:10.10.254.70/34467 duration 0:01:02 bytes 453 TCP FINs
6|May 06 2013|06:59:18|302013|173.164.60.149|12864|10.10.254.70|34469|Built outbound TCP connection 321 for outside:173.164.60.149/12864 (173.164.60.149/12864) to inside:10.10.254.70/34469 (192.168.13.100/39628)
6|May 06 2013|06:59:18|305011|10.10.254.70|34469|192.168.13.100|39628|Built dynamic TCP translation from inside:10.10.254.70/34469 to outside:192.168.13.100/39628
6|May 06 2013|06:59:18|302021|192.168.152.21|0|10.10.254.70|1|Teardown ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
6|May 06 2013|06:59:17|302016|192.168.152.21|53|10.10.254.70|54536|Teardown UDP connection 198 for outside:192.168.152.21/53 to inside:10.10.254.70/54536 duration 0:02:07 bytes 114
6|May 06 2013|06:59:17|302016|192.168.160.21|53|10.10.254.70|54536|Teardown UDP connection 197 for outside:192.168.160.21/53 to inside:10.10.254.70/54536 duration 0:02:08 bytes 152
6|May 06 2013|06:59:16|302020|10.10.254.70|1|192.168.152.21|0|Built outbound ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
6|May 06 2013|06:59:14|302021|192.168.152.21|0|10.10.254.70|1|Teardown ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
6|May 06 2013|06:59:13|302016|192.168.152.21|53|10.10.254.70|57635|Teardown UDP connection 196 for outside:192.168.152.21/53 to inside:10.10.254.70/57635 duration 0:02:07 bytes 102
6|May 06 2013|06:59:13|302016|192.168.160.21|53|10.10.254.70|57635|Teardown UDP connection 195 for outside:192.168.160.21/53 to inside:10.10.254.70/57635 duration 0:02:08 bytes 136
6|May 06 2013|06:59:12|302015|192.168.152.21|53|10.10.254.70|60510|Built outbound UDP connection 319 for outside:192.168.152.21/53 (192.168.152.21/53) to inside:10.10.254.70/60510 (10.10.254.70/60510)
6|May 06 2013|06:59:12|302020|10.10.254.70|1|192.168.152.21|0|Built outbound ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
6|May 06 2013|06:59:12|302015|192.168.152.21|53|10.10.254.70|50779|Built outbound UDP connection 317 for outside:192.168.152.21/53 (192.168.152.21/53) to inside:10.10.254.70/50779 (10.10.254.70/50779)
6|May 06 2013|06:59:11|302015|192.168.160.21|53|10.10.254.70|60510|Built outbound UDP connection 316 for outside:192.168.160.21/53 (192.168.160.21/53) to inside:10.10.254.70/60510 (10.10.254.70/60510)
6|May 06 2013|06:59:11|302016|192.168.152.21|53|10.10.254.70|49716|Teardown UDP connection 194 for outside:192.168.152.21/53 to inside:10.10.254.70/49716 duration 0:02:07 bytes 111
6|May 06 2013|06:59:11|302016|192.168.152.21|53|10.10.254.70|57570|Teardown UDP connection 193 for outside:192.168.152.21/53 to inside:10.10.254.70/57570 duration 0:02:07 bytes 156
6|May 06 2013|06:59:11|302016|192.168.160.21|53|10.10.254.70|49716|Teardown UDP connection 192 for outside:192.168.160.21/53 to inside:10.10.254.70/49716 duration 0:02:08 bytes 148
6|May 06 2013|06:59:11|302016|192.168.160.21|53|10.10.254.70|57570|Teardown UDP connection 191 for outside:192.168.160.21/53 to inside:10.10.254.70/57570 duration 0:02:08 bytes 208
6|May 06 2013|06:59:11|302015|192.168.160.21|53|10.10.254.70|50779|Built outbound UDP connection 315 for outside:192.168.160.21/53 (192.168.160.21/53) to inside:10.10.254.70/50779 (10.10.254.70/50779)
6|May 06 2013|06:59:10|302015|192.168.152.21|53|10.10.254.70|64783|Built outbound UDP connection 314 for outside:192.168.152.21/53 (192.168.152.21/53) to inside:10.10.254.70/64783 (10.10.254.70/64783)
6|May 06 2013|06:59:10|302016|192.168.152.21|53|10.10.254.70|63136|Teardown UDP connection 190 for outside:192.168.152.21/53 to inside:10.10.254.70/63136 duration 0:02:07 bytes 111
6|May 06 2013|06:59:10|302016|192.168.160.21|53|10.10.254.70|63136|Teardown UDP connection 189 for outside:192.168.160.21/53 to inside:10.10.254.70/63136 duration 0:02:08 bytes 148
6|May 06 2013|06:59:10|302021|192.168.152.21|0|10.10.254.70|1|Teardown ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
6|May 06 2013|06:59:09|302015|192.168.160.21|53|10.10.254.70|64783|Built outbound UDP connection 313 for outside:192.168.160.21/53 (192.168.160.21/53) to inside:10.10.254.70/64783 (10.10.254.70/64783)
6|May 06 2013|06:59:08|302020|10.10.254.70|1|192.168.152.21|0|Built outbound ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
6|May 06 2013|06:59:06|302021|192.168.152.21|0|10.10.254.70|1|Teardown ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
6|May 06 2013|06:59:04|302020|10.10.254.70|1|192.168.152.21|0|Built outbound ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
6|May 06 2013|06:59:03|305012|10.10.254.70|34458|192.168.13.100|26157|Teardown dynamic TCP translation from inside:10.10.254.70/34458 to outside:192.168.13.100/26157 duration 0:01:00
6|May 06 2013|06:59:02|302016|192.168.160.21|53|10.10.254.70|54985|Teardown UDP connection 186 for outside:192.168.160.21/53 to inside:10.10.254.70/54985 duration 0:02:07 bytes 152
6|May 06 2013|06:59:02|302016|192.168.152.21|53|10.10.254.70|54985|Teardown UDP connection 184 for outside:192.168.152.21/53 to inside:10.10.254.70/54985 duration 0:02:08 bytes 114
6|May 06 2013|06:59:02|302021|192.168.152.21|0|10.10.254.70|1|Teardown ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
6|May 06 2013|06:59:00|302020|10.10.254.70|1|192.168.152.21|0|Built outbound ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
6|May 06 2013|06:58:58|305012|10.10.254.70|34457|192.168.13.100|43659|Teardown dynamic TCP translation from inside:10.10.254.70/34457 to outside:192.168.13.100/43659 duration 0:01:00
6|May 06 2013|06:58:58|305012|10.10.254.70|34456|192.168.13.100|47534|Teardown dynamic TCP translation from inside:10.10.254.70/34456 to outside:192.168.13.100/47534 duration 0:01:00
6|May 06 2013|06:58:58|302021|192.168.152.21|0|10.10.254.70|1|Teardown ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
6|May 06 2013|06:58:57|305012|10.10.254.70|34455|192.168.13.100|4536|Teardown dynamic TCP translation from inside:10.10.254.70/34455 to outside:192.168.13.100/4536 duration 0:01:00
6|May 06 2013|06:58:57|302016|192.168.160.21|53|10.10.254.70|57758|Teardown UDP connection 182 for outside:192.168.160.21/53 to inside:10.10.254.70/57758 duration 0:02:07 bytes 152
6|May 06 2013|06:58:57|302016|192.168.160.21|53|10.10.254.70|56258|Teardown UDP connection 181 for outside:192.168.160.21/53 to inside:10.10.254.70/56258 duration 0:02:07 bytes 148
6|May 06 2013|06:58:57|302016|192.168.152.21|53|10.10.254.70|57758|Teardown UDP connection 180 for outside:192.168.152.21/53 to inside:10.10.254.70/57758 duration 0:02:08 bytes 114
6|May 06 2013|06:58:57|302016|192.168.152.21|53|10.10.254.70|56258|Teardown UDP connection 179 for outside:192.168.152.21/53 to inside:10.10.254.70/56258 duration 0:02:08 bytes 111
6|May 06 2013|06:58:57|305012|10.10.254.70|34454|192.168.13.100|39886|Teardown dynamic TCP translation from inside:10.10.254.70/34454 to outside:192.168.13.100/39886 duration 0:01:00
6|May 06 2013|06:58:56|302015|192.168.152.21|53|10.10.254.70|65123|Built outbound UDP connection 309 for outside:192.168.152.21/53 (192.168.152.21/53) to inside:10.10.254.70/65123 (10.10.254.70/65123)
6|May 06 2013|06:58:56|305012|10.10.254.70|34453|192.168.13.100|34856|Teardown dynamic TCP translation from inside:10.10.254.70/34453 to outside:192.168.13.100/34856 duration 0:01:00
6|May 06 2013|06:58:56|305012|10.10.254.70|34452|192.168.13.100|33908|Teardown dynamic TCP translation from inside:10.10.254.70/34452 to outside:192.168.13.100/33908 duration 0:01:00
6|May 06 2013|06:58:56|302016|67.84.253.214|56426|10.10.254.70|64582|Teardown UDP connection 185 for outside:67.84.253.214/56426 to inside:10.10.254.70/64582 duration 0:02:01 bytes 44
6|May 06 2013|06:58:56|302020|10.10.254.70|1|192.168.152.21|0|Built outbound ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
6|May 06 2013|06:58:56|302015|192.168.152.21|53|10.10.254.70|65511|Built outbound UDP connection 307 for outside:192.168.152.21/53 (192.168.152.21/53) to inside:10.10.254.70/65511 (10.10.254.70/65511)
6|May 06 2013|06:58:56|302016|192.168.160.21|53|10.10.254.70|54190|Teardown UDP connection 178 for outside:192.168.160.21/53 to inside:10.10.254.70/54190 duration 0:02:07 bytes 148
6|May 06 2013|06:58:56|302016|192.168.152.21|53|10.10.254.70|54190|Teardown UDP connection 177 for outside:192.168.152.21/53 to inside:10.10.254.70/54190 duration 0:02:08 bytes 111
6|May 06 2013|06:58:55|302015|192.168.160.21|53|10.10.254.70|65123|Built outbound UDP connection 306 for outside:192.168.160.21/53 (192.168.160.21/53) to inside:10.10.254.70/65123 (10.10.254.70/65123)
6|May 06 2013|06:58:55|302015|192.168.160.21|53|10.10.254.70|65511|Built outbound UDP connection 305 for outside:192.168.160.21/53 (192.168.160.21/53) to inside:10.10.254.70/65511 (10.10.254.70/65511)
6|May 06 2013|06:58:54|302021|192.168.152.21|0|10.10.254.70|1|Teardown ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
6|May 06 2013|06:58:53|302016|192.168.160.21|53|10.10.254.70|57069|Teardown UDP connection 175 for outside:192.168.160.21/53 to inside:10.10.254.70/57069 duration 0:02:07 bytes 236
6|May 06 2013|06:58:53|302016|192.168.152.21|53|10.10.254.70|57069|Teardown UDP connection 173 for outside:192.168.152.21/53 to inside:10.10.254.70/57069 duration 0:02:08 bytes 177
6|May 06 2013|06:58:52|302020|10.10.254.70|1|192.168.152.21|0|Built outbound ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
6|May 06 2013|06:58:51|302015|192.168.152.21|53|10.10.254.70|51914|Built outbound UDP connection 303 for outside:192.168.152.21/53 (192.168.152.21/53) to inside:10.10.254.70/51914 (10.10.254.70/51914)
6|May 06 2013|06:58:51|302016|192.168.160.21|53|10.10.254.70|53582|Teardown UDP connection 169 for outside:192.168.160.21/53 to inside:10.10.254.70/53582 duration 0:02:07 bytes 120
6|May 06 2013|06:58:51|302016|192.168.152.21|53|10.10.254.70|53582|Teardown UDP connection 166 for outside:192.168.152.21/53 to inside:10.10.254.70/53582 duration 0:02:08 bytes 90
6|May 06 2013|06:58:50|302016|178.46.108.7|36497|10.10.254.70|64582|Teardown UDP connection 96 for outside:178.46.108.7/36497 to inside:10.10.254.70/64582 duration 0:02:34 bytes 108
6|May 06 2013|06:58:50|302021|192.168.152.21|0|10.10.254.70|1|Teardown ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
6|May 06 2013|06:58:50|302015|192.168.160.21|53|10.10.254.70|51914|Built outbound UDP connection 302 for outside:192.168.160.21/53 (192.168.160.21/53) to inside:10.10.254.70/51914 (10.10.254.70/51914)
6|May 06 2013|06:58:48|302020|10.10.254.70|1|192.168.152.21|0|Built outbound ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
6|May 06 2013|06:58:48|302015|192.168.152.21|53|10.10.254.70|65020|Built outbound UDP connection 300 for outside:192.168.152.21/53 (192.168.152.21/53) to inside:10.10.254.70/65020 (10.10.254.70/65020)
6|May 06 2013|06:58:47|302014|50.72.9.170|12248|10.10.254.70|34454|Teardown TCP connection 252 for outside:50.72.9.170/12248 to inside:10.10.254.70/34454 duration 0:00:50 bytes 389 TCP FINs
6|May 06 2013|06:58:47|302014|174.91.241.232|53766|10.10.254.70|34458|Teardown TCP connection 260 for outside:174.91.241.232/53766 to inside:10.10.254.70/34458 duration 0:00:44 bytes 384 TCP FINs
6|May 06 2013|06:58:47|302014|24.202.182.58|43715|10.10.254.70|34452|Teardown TCP connection 249 for outside:24.202.182.58/43715 to inside:10.10.254.70/34452 duration 0:00:51 bytes 440 TCP FINs
6|May 06 2013|06:58:47|302015|192.168.160.21|53|10.10.254.70|65020|Built outbound UDP connection 299 for outside:192.168.160.21/53 (192.168.160.21/53) to inside:10.10.254.70/65020 (10.10.254.70/65020)
6|May 06 2013|06:58:46|302021|192.168.152.21|0|10.10.254.70|1|Teardown ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
6|May 06 2013|06:58:45|305012|10.10.254.70|34448|192.168.13.100|53786|Teardown dynamic TCP translation from inside:10.10.254.70/34448 to outside:192.168.13.100/53786 duration 0:01:30
6|May 06 2013|06:58:44|305012|10.10.254.70|34447|192.168.13.100|43394|Teardown dynamic TCP translation from inside:10.10.254.70/34447 to outside:192.168.13.100/43394 duration 0:01:30
6|May 06 2013|06:58:44|302020|10.10.254.70|1|192.168.152.21|0|Built outbound ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
6|May 06 2013|06:58:44|302016|192.168.152.21|53|10.10.254.70|62190|Teardown UDP connection 162 for outside:192.168.152.21/53 to inside:10.10.254.70/62190 duration 0:02:07 bytes 111
6|May 06 2013|06:58:44|302016|192.168.160.21|53|10.10.254.70|62190|Teardown UDP connection 158 for outside:192.168.160.21/53 to inside:10.10.254.70/62190 duration 0:02:08 bytes 148
6|May 06 2013|06:58:42|302015|192.168.152.21|53|10.10.254.70|57574|Built outbound UDP connection 297 for outside:192.168.152.21/53 (192.168.152.21/53) to inside:10.10.254.70/57574 (10.10.254.70/57574)
6|May 06 2013|06:58:42|302016|192.168.152.21|53|10.10.254.70|52009|Teardown UDP connection 157 for outside:192.168.152.21/53 to inside:10.10.254.70/52009 duration 0:02:07 bytes 111
6|May 06 2013|06:58:42|302016|192.168.152.21|53|10.10.254.70|56201|Teardown UDP connection 156 for outside:192.168.152.21/53 to inside:10.10.254.70/56201 duration 0:02:07 bytes 114
6|May 06 2013|06:58:42|302016|192.168.160.21|53|10.10.254.70|56201|Teardown UDP connection 154 for outside:192.168.160.21/53 to inside:10.10.254.70/56201 duration 0:02:08 bytes 152
6|May 06 2013|06:58:42|302016|192.168.160.21|53|10.10.254.70|52009|Teardown UDP connection 153 for outside:192.168.160.21/53 to inside:10.10.254.70/52009 duration 0:02:08 bytes 148
6|May 06 2013|06:58:42|302021|192.168.152.21|0|10.10.254.70|1|Teardown ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
6|May 06 2013|06:58:41|302015|192.168.152.21|53|10.10.254.70|54805|Built outbound UDP connection 296 for outside:192.168.152.21/53 (192.168.152.21/53) to inside:10.10.254.70/54805 (10.10.254.70/54805)
6|May 06 2013|06:58:41|302015|192.168.160.21|53|10.10.254.70|57574|Built outbound UDP connection 295 for outside:192.168.160.21/53 (192.168.160.21/53) to inside:10.10.254.70/57574 (10.10.254.70/57574)
6|May 06 2013|06:58:40|302015|192.168.160.21|53|10.10.254.70|54805|Built outbound UDP connection 294 for outside:192.168.160.21/53 (192.168.160.21/53) to inside:10.10.254.70/54805 (10.10.254.70/54805)
6|May 06 2013|06:58:40|302020|10.10.254.70|1|192.168.152.21|0|Built outbound ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
6|May 06 2013|06:58:39|302016|192.168.152.21|53|10.10.254.70|49838|Teardown UDP connection 149 for outside:192.168.152.21/53 to inside:10.10.254.70/49838 duration 0:02:07 bytes 165
6|May 06 2013|06:58:39|302016|192.168.160.21|53|10.10.254.70|49838|Teardown UDP connection 142 for outside:192.168.160.21/53 to inside:10.10.254.70/49838 duration 0:02:08 bytes 220
6|May 06 2013|06:58:38|302021|192.168.152.21|0|10.10.254.70|1|Teardown ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
6|May 06 2013|06:58:37|302016|192.168.152.21|53|10.10.254.70|65386|Teardown UDP connection 138 for outside:192.168.152.21/53 to inside:10.10.254.70/65386 duration 0:02:07 bytes 105
6|May 06 2013|06:58:37|302016|192.168.160.21|53|10.10.254.70|65386|Teardown UDP connection 136 for outside:192.168.160.21/53 to inside:10.10.254.70/65386 duration 0:02:08 bytes 140
6|May 06 2013|06:58:36|302020|10.10.254.70|1|192.168.152.21|0|Built outbound ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
6|May 06 2013|06:58:35|302016|76.119.99.25|62111|10.10.254.70|64582|Teardown UDP connection 140 for outside:76.119.99.25/62111 to inside:10.10.254.70/64582 duration 0:02:04 bytes 220
6|May 06 2013|06:58:34|302021|192.168.152.21|0|10.10.254.70|1|Teardown ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
6|May 06 2013|06:58:33|302016|192.168.1.134|34097|10.10.254.70|64582|Teardown UDP connection 143 for outside:192.168.1.134/34097 to inside:10.10.254.70/64582 duration 0:02:02 bytes 56
6|May 06 2013|06:58:33|302015|192.168.152.21|53|10.10.254.70|64940|Built outbound UDP connection 291 for outside:192.168.152.21/53 (192.168.152.21/53) to inside:10.10.254.70/64940 (10.10.254.70/64940)
6|May 06 2013|06:58:32|302016|213.199.179.150|443|10.10.254.70|64582|Teardown UDP connection 141 for outside:213.199.179.150/443 to inside:10.10.254.70/64582 duration 0:02:01 bytes 44
6|May 06 2013|06:58:32|302015|192.168.160.21|53|10.10.254.70|64940|Built outbound UDP connection 290 for outside:192.168.160.21/53 (192.168.160.21/53) to inside:10.10.254.70/64940 (10.10.254.70/64940)
6|May 06 2013|06:58:32|302020|10.10.254.70|1|192.168.152.21|0|Built outbound ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
6|May 06 2013|06:58:32|302016|192.168.160.21|53|10.10.254.70|62327|Teardown UDP connection 133 for outside:192.168.160.21/53 to inside:10.10.254.70/62327 duration 0:02:07 bytes 148
6|May 06 2013|06:58:32|302016|192.168.152.21|53|10.10.254.70|62327|Teardown UDP connection 131 for outside:192.168.152.21/53 to inside:10.10.254.70/62327 duration 0:02:08 bytes 111
6|May 06 2013|06:58:31|302016|111.221.77.161|443|10.10.254.70|64582|Teardown UDP connection 101 for outside:111.221.77.161/443 to inside:10.10.254.70/64582 duration 0:02:14 bytes 88
6|May 06 2013|06:58:31|302016|192.168.160.21|53|10.10.254.70|50601|Teardown UDP connection 132 for outside:192.168.160.21/53 to inside:10.10.254.70/50601 duration 0:02:07 bytes 136
6|May 06 2013|06:58:31|302016|192.168.152.21|53|10.10.254.70|50601|Teardown UDP connection 130 for outside:192.168.152.21/53 to inside:10.10.254.70/50601 duration 0:02:08 bytes 102
6|May 06 2013|06:58:31|302016|69.142.74.136|5370|10.10.254.70|64582|Teardown UDP connection 97 for outside:69.142.74.136/5370 to inside:10.10.254.70/64582 duration 0:02:14 bytes 88
6|May 06 2013|06:58:30|302016|187.35.72.228|9426|10.10.254.70|64582|Teardown UDP connection 98 for outside:187.35.72.228/9426 to inside:10.10.254.70/64582 duration 0:02:13 bytes 36
6|May 06 2013|06:58:30|302015|192.168.152.21|53|10.10.254.70|52963|Built outbound UDP connection 288 for outside:192.168.152.21/53 (192.168.152.21/53) to inside:10.10.254.70/52963 (10.10.254.70/52963)
6|May 06 2013|06:58:30|302021|192.168.152.21|0|10.10.254.70|1|Teardown ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
6|May 06 2013|06:58:30|302015|192.168.152.21|53|10.10.254.70|50141|Built outbound UDP connection 287 for outside:192.168.152.21/53 (192.168.152.21/53) to inside:10.10.254.70/50141 (10.10.254.70/50141)
6|May 06 2013|06:58:30|302016|192.168.160.21|53|10.10.254.70|49975|Teardown UDP connection 129 for outside:192.168.160.21/53 to inside:10.10.254.70/49975 duration 0:02:07 bytes 160
6|May 06 2013|06:58:30|302016|192.168.152.21|53|10.10.254.70|49975|Teardown UDP connection 127 for outside:192.168.152.21/53 to inside:10.10.254.70/49975 duration 0:02:08 bytes 120
6|May 06 2013|06:58:29|302016|192.168.160.21|53|10.10.254.70|57658|Teardown UDP connection 128 for outside:192.168.160.21/53 to inside:10.10.254.70/57658 duration 0:02:07 bytes 136
6|May 06 2013|06:58:29|302016|192.168.152.21|53|10.10.254.70|57658|Teardown UDP connection 126 for outside:192.168.152.21/53 to inside:10.10.254.70/57658 duration 0:02:08 bytes 102
6|May 06 2013|06:58:29|302015|192.168.160.21|53|10.10.254.70|52963|Built outbound UDP connection 286 for outside:192.168.160.21/53 (192.168.160.21/53) to inside:10.10.254.70/52963 (10.10.254.70/52963)
6|May 06 2013|06:58:29|302015|192.168.160.21|53|10.10.254.70|50141|Built outbound UDP connection 285 for outside:192.168.160.21/53 (192.168.160.21/53) to inside:10.10.254.70/50141 (10.10.254.70/50141)
6|May 06 2013|06:58:28|302014|184.64.37.48|80|10.10.254.70|34457|Teardown TCP connection 257 for outside:184.64.37.48/80 to inside:10.10.254.70/34457 duration 0:00:30 bytes 0 SYN Timeout
6|May 06 2013|06:58:28|302014|184.64.37.48|443|10.10.254.70|34456|Teardown TCP connection 256 for outside:184.64.37.48/443 to inside:10.10.254.70/34456 duration 0:00:30 bytes 0 SYN Timeout
6|May 06 2013|06:58:28|302020|10.10.254.70|1|192.168.152.21|0|Built outbound ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
6|May 06 2013|06:58:27|302014|184.64.37.48|53578|10.10.254.70|34455|Teardown TCP connection 254 for outside:184.64.37.48/53578 to inside:10.10.254.70/34455 duration 0:00:30 bytes 0 SYN Timeout
6|May 06 2013|06:58:27|302015|192.168.152.21|53|10.10.254.70|57349|Built outbound UDP connection 283 for outside:192.168.152.21/53 (192.168.152.21/53) to inside:10.10.254.70/57349 (10.10.254.70/57349)
6|May 06 2013|06:58:26|302015|192.168.152.21|53|10.10.254.70|54841|Built outbound UDP connection 282 for outside:192.168.152.21/53 (192.168.152.21/53) to inside:10.10.254.70/54841 (10.10.254.70/54841)
6|May 06 2013|06:58:26|302014|184.64.37.48|53578|10.10.254.70|34453|Teardown TCP connection 250 for outside:184.64.37.48/53578 to inside:10.10.254.70/34453 duration 0:00:30 bytes 0 SYN Timeout
6|May 06 2013|06:58:26|302021|192.168.152.21|0|10.10.254.70|1|Teardown ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
6|May 06 2013|06:58:26|302015|192.168.160.21|53|10.10.254.70|57349|Built outbound UDP connection 281 for outside:192.168.160.21/53 (192.168.160.21/53) to inside:10.10.254.70/57349 (10.10.254.70/57349)
6|May 06 2013|06:58:25|302015|192.168.160.21|53|10.10.254.70|54841|Built outbound UDP connection 280 for outside:192.168.160.21/53 (192.168.160.21/53) to inside:10.10.254.70/54841 (10.10.254.70/54841)
6|May 06 2013|06:58:25|302016|192.168.160.21|53|10.10.254.70|63377|Teardown UDP connection 118 for outside:192.168.160.21/53 to inside:10.10.254.70/63377 duration 0:02:07 bytes 236
6|May 06 2013|06:58:25|302016|192.168.152.21|53|10.10.254.70|63377|Teardown UDP connection 104 for outside:192.168.152.21/53 to inside:10.10.254.70/63377 duration 0:02:08 bytes 177
6|May 06 2013|06:58:24|302016|192.168.160.21|53|10.10.254.70|53894|Teardown UDP connection 107 for outside:192.168.160.21/53 to inside:10.10.254.70/53894 duration 0:02:07 bytes 164
6|May 06 2013|06:58:24|302016|192.168.160.21|53|10.10.254.70|53008|Teardown UDP connection 106 for outside:192.168.160.21/53 to inside:10.10.254.70/53008 duration 0:02:07 bytes 164
6|May 06 2013|06:58:24|302016|192.168.160.21|53|10.10.254.70|62979|Teardown UDP connection 105 for outside:192.168.160.21/53 to inside:10.10.254.70/62979 duration 0:02:07 bytes 164
6|May 06 2013|06:58:24|302016|192.168.152.21|53|10.10.254.70|53894|Teardown UDP connection 92 for outside:192.168.152.21/53 to inside:10.10.254.70/53894 duration 0:02:08 bytes 123
6|May 06 2013|06:58:24|302016|192.168.152.21|53|10.10.254.70|53008|Teardown UDP connection 91 for outside:192.168.152.21/53 to inside:10.10.254.70/53008 duration 0:02:08 bytes 123
6|May 06 2013|06:58:24|302016|192.168.152.21|53|10.10.254.70|62979|Teardown UDP connection 90 for outside:192.168.152.21/53 to inside:10.10.254.70/62979 duration 0:02:08 bytes 123
6|May 06 2013|06:58:24|302020|10.10.254.70|1|192.168.152.21|0|Built outbound ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
6|May 06 2013|06:58:24|302016|192.168.160.21|53|10.10.254.70|54579|Teardown UDP connection 100 for outside:192.168.160.21/53 to inside:10.10.254.70/54579 duration 0:02:07 bytes 128
6|May 06 2013|06:58:24|302016|192.168.152.21|53|10.10.254.70|54579|Teardown UDP connection 86 for outside:192.168.152.21/53 to inside:10.10.254.70/54579 duration 0:02:08 bytes 96
6|May 06 2013|06:58:22|302021|192.168.152.21|0|10.10.254.70|1|Teardown ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
6|May 06 2013|06:58:22|302016|192.168.160.21|53|10.10.254.70|50518|Teardown UDP connection 94 for outside:192.168.160.21/53 to inside:10.10.254.70/50518 duration 0:02:05 bytes 80
6|May 06 2013|06:58:22|302016|192.168.152.21|53|10.10.254.70|50518|Teardown UDP connection 93 for outside:192.168.152.21/53 to inside:10.10.254.70/50518 duration 0:02:05 bytes 80
6|May 06 2013|06:58:22|302016|192.168.160.21|53|10.10.254.70|61054|Teardown UDP connection 89 for outside:192.168.160.21/53 to inside:10.10.254.70/61054 duration 0:02:06 bytes 74
6|May 06 2013|06:58:22|302016|192.168.152.21|53|10.10.254.70|61054|Teardown UDP connection 88 for outside:192.168.152.21/53 to inside:10.10.254.70/61054 duration 0:02:06 bytes 74
6|May 06 2013|06:58:20|302020|10.10.254.70|1|192.168.152.21|0|Built outbound ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
6|May 06 2013|06:58:19|302016|192.168.160.21|53|10.10.254.70|49862|Teardown UDP connection 124 for outside:192.168.160.21/53 to inside:10.10.254.70/49862 duration 0:02:01 bytes 41
6|May 06 2013|06:58:19|302016|192.168.160.21|53|10.10.254.70|52028|Teardown UDP connection 123 for outside:192.168.160.21/53 to inside:10.10.254.70/52028 duration 0:02:01 bytes 41
6|May 06 2013|06:58:19|302016|192.168.152.21|53|10.10.254.70|52028|Teardown UDP connection 122 for outside:192.168.152.21/53 to inside:10.10.254.70/52028 duration 0:02:01 bytes 41
6|May 06 2013|06:58:19|302016|192.168.152.21|53|10.10.254.70|49862|Teardown UDP connection 121 for outside:192.168.152.21/53 to inside:10.10.254.70/49862 duration 0:02:01 bytes 41
6|May 06 2013|06:58:19|302016|192.168.160.21|53|10.10.254.70|63772|Teardown UDP connection 120 for outside:192.168.160.21/53 to inside:10.10.254.70/63772 duration 0:02:01 bytes 41
6|May 06 2013|06:58:19|302016|192.168.152.21|53|10.10.254.70|63772|Teardown UDP connection 119 for outside:192.168.152.21/53 to inside:10.10.254.70/63772 duration 0:02:01 bytes 41
6|May 06 2013|06:58:19|302016|192.168.160.21|53|10.10.254.70|55207|Teardown UDP connection 117 for outside:192.168.160.21/53 to inside:10.10.254.70/55207 duration 0:02:01 bytes 40
6|May 06 2013|06:58:19|302016|192.168.152.21|53|10.10.254.70|55207|Teardown UDP connection 116 for outside:192.168.152.21/53 to inside:10.10.254.70/55207 duration 0:02:01 bytes 40
6|May 06 2013|06:58:19|302016|192.168.160.21|53|10.10.254.70|51370|Teardown UDP connection 115 for outside:192.168.160.21/53 to inside:10.10.254.70/51370 duration 0:02:02 bytes 32
6|May 06 2013|06:58:19|302016|192.168.152.21|53|10.10.254.70|51370|Teardown UDP connection 114 for outside:192.168.152.21/53 to inside:10.10.254.70/51370 duration 0:02:02 bytes 32
6|May 06 2013|06:58:18|302016|192.168.160.21|53|10.10.254.70|54447|Teardown UDP connection 113 for outside:192.168.160.21/53 to inside:10.10.254.70/54447 duration 0:02:01 bytes 38
6|May 06 2013|06:58:18|302016|192.168.152.21|53|10.10.254.70|54447|Teardown UDP connection 112 for outside:192.168.152.21/53 to inside:10.10.254.70/54447 duration 0:02:01 bytes 38
6|May 06 2013|06:58:18|302016|192.168.160.21|53|10.10.254.70|53196|Teardown UDP connection 111 for outside:192.168.160.21/53 to inside:10.10.254.70/53196 duration 0:02:01 bytes 32
6|May 06 2013|06:58:18|302016|192.168.152.21|53|10.10.254.70|53196|Teardown UDP connection 110 for outside:192.168.152.21/53 to inside:10.10.254.70/53196 duration 0:02:01 bytes 32
6|May 06 2013|06:58:18|302016|192.168.160.21|53|10.10.254.70|59127|Teardown UDP connection 109 for outside:192.168.160.21/53 to inside:10.10.254.70/59127 duration 0:02:01 bytes 32
6|May 06 2013|06:58:18|302016|192.168.152.21|53|10.10.254.70|59127|Teardown UDP connection 108 for outside:192.168.152.21/53 to inside:10.10.254.70/59127 duration 0:02:01 bytes 32
6|May 06 2013|06:58:18|302016|157.55.130.158|443|10.10.254.70|64582|Teardown UDP connection 102 for outside:157.55.130.158/443 to inside:10.10.254.70/64582 duration 0:02:01 bytes 44
6|May 06 2013|06:58:18|302016|126.159.50.221|5081|10.10.254.70|64582|Teardown UDP connection 95 for outside:126.159.50.221/5081 to inside:10.10.254.70/64582 duration 0:02:02 bytes 18
6|May 06 2013|06:58:18|302015|192.168.152.21|53|10.10.254.70|57615|Built outbound UDP connection 277 for outside:192.168.152.21/53 (192.168.152.21/53) to inside:10.10.254.70/57615 (10.10.254.70/57615)
6|May 06 2013|06:58:18|302021|192.168.152.21|0|10.10.254.70|1|Teardown ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
6|May 06 2013|06:58:17|302015|192.168.160.21|53|10.10.254.70|57615|Built outbound UDP connection 276 for outside:192.168.160.21/53 (192.168.160.21/53) to inside:10.10.254.70/57615 (10.10.254.70/57615)
6|May 06 2013|06:58:17|302014|65.183.143.163|10103|10.10.254.70|34448|Teardown TCP connection 203 for outside:65.183.143.163/10103 to inside:10.10.254.70/34448 duration 0:01:02 bytes 353 TCP FINs
6|May 06 2013|06:58:17|302013|71.207.1.189|1761|10.10.254.70|34468|Built outbound TCP connection 275 for outside:71.207.1.189/1761 (71.207.1.189/1761) to inside:10.10.254.70/34468 (192.168.13.100/55721)
6|May 06 2013|06:58:17|305011|10.10.254.70|34468|192.168.13.100|55721|Built dynamic TCP translation from inside:10.10.254.70/34468 to outside:192.168.13.100/55721
6|May 06 2013|06:58:16|302014|184.37.189.185|60952|10.10.254.70|34447|Teardown TCP connection 202 for outside:184.37.189.185/60952 to inside:10.10.254.70/34447 duration 0:01:02 bytes 400 TCP FINs
6|May 06 2013|06:58:16|302016|112.208.137.190|25040|10.10.254.70|64582|Teardown UDP connection 29 for outside:112.208.137.190/25040 to inside:10.10.254.70/64582 duration 0:02:08 bytes 184
6|May 06 2013|06:58:16|302013|67.86.118.52|17365|10.10.254.70|34467|Built outbound TCP connection 274 for outside:67.86.118.52/17365 (67.86.118.52/17365) to inside:10.10.254.70/34467 (192.168.13.100/48446)
6|May 06 2013|06:58:16|305011|10.10.254.70|34467|192.168.13.100|48446|Built dynamic TCP translation from inside:10.10.254.70/34467 to outside:192.168.13.100/48446
6|May 06 2013|06:58:16|302020|10.10.254.70|1|192.168.152.21|0|Built outbound ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
6|May 06 2013|06:58:16|302016|37.229.14.159|5806|10.10.254.70|64582|Teardown UDP connection 28 for outside:37.229.14.159/5806 to inside:10.10.254.70/64582 duration 0:02:07 bytes 184
6|May 06 2013|06:58:15|305012|10.10.254.70|34441|192.168.13.100|33964|Teardown dynamic TCP translation from inside:10.10.254.70/34441 to outside:192.168.13.100/33964 duration 0:01:30
6|May 06 2013|06:58:15|302015|192.168.152.21|53|10.10.254.70|55062|Built outbound UDP connection 272 for outside:192.168.152.21/53 (192.168.152.21/53) to inside:10.10.254.70/55062 (10.10.254.70/55062)
6|May 06 2013|06:58:14|302015|192.168.160.21|53|10.10.254.70|55062|Built outbound UDP connection 271 for outside:192.168.160.21/53 (192.168.160.21/53) to inside:10.10.254.70/55062 (10.10.254.70/55062)
6|May 06 2013|06:58:14|302021|192.168.152.21|0|10.10.254.70|1|Teardown ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
6|May 06 2013|06:58:12|302015|192.168.152.21|53|10.10.254.70|61073|Built outbound UDP connection 270 for outside:192.168.152.21/53 (192.168.152.21/53) to inside:10.10.254.70/61073 (10.10.254.70/61073)
6|May 06 2013|06:58:12|302020|10.10.254.70|1|192.168.152.21|0|Built outbound ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
6|May 06 2013|06:58:11|302015|192.168.160.21|53|10.10.254.70|61073|Built outbound UDP connection 268 for outside:192.168.160.21/53 (192.168.160.21/53) to inside:10.10.254.70/61073 (10.10.254.70/61073)
6|May 06 2013|06:58:10|302021|192.168.152.21|0|10.10.254.70|1|Teardown ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
6|May 06 2013|06:58:10|302016|157.55.130.155|443|10.10.254.70|64582|Teardown UDP connection 31 for outside:157.55.130.155/443 to inside:10.10.254.70/64582 duration 0:02:01 bytes 18
6|May 06 2013|06:58:10|302016|111.221.77.166|443|10.10.254.70|64582|Teardown UDP connection 30 for outside:111.221.77.166/443 to inside:10.10.254.70/64582 duration 0:02:01 bytes 18
6|May 06 2013|06:58:08|302015|192.168.152.21|53|10.10.254.70|50088|Built outbound UDP connection 267 for outside:192.168.152.21/53 (192.168.152.21/53) to inside:10.10.254.70/50088 (10.10.254.70/50088)
6|May 06 2013|06:58:08|302020|10.10.254.70|1|192.168.152.21|0|Built outbound ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
6|May 06 2013|06:58:08|302016|10.10.254.70|68|10.10.254.254|67|Teardown UDP connection 19 for inside:10.10.254.70/68 to identity:10.10.254.254/67 duration 0:02:01 bytes 641
6|May 06 2013|06:58:08|302016|255.255.255.255|68|10.10.254.254|67|Teardown UDP connection 17 for inside:255.255.255.255/68 to identity:10.10.254.254/67 duration 0:02:01 bytes 249
6|May 06 2013|06:58:08|302016|0.0.0.0|68|255.255.255.255|67|Teardown UDP connection 16 for inside:0.0.0.0/68 to identity:255.255.255.255/67 duration 0:02:01 bytes 948
6|May 06 2013|06:58:07|302015|192.168.160.21|53|10.10.254.70|50088|Built outbound UDP connection 265 for outside:192.168.160.21/53 (192.168.160.21/53) to inside:10.10.254.70/50088 (10.10.254.70/50088)
6|May 06 2013|06:58:06|302015|192.168.152.21|53|10.10.254.70|63993|Built outbound UDP connection 264 for outside:192.168.152.21/53 (192.168.152.21/53) to inside:10.10.254.70/63993 (10.10.254.70/63993)
6|May 06 2013|06:58:06|302021|192.168.152.21|0|10.10.254.70|1|Teardown ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
6|May 06 2013|06:58:05|302015|192.168.160.21|53|10.10.254.70|63993|Built outbound UDP connection 263 for outside:192.168.160.21/53 (192.168.160.21/53) to inside:10.10.254.70/63993 (10.10.254.70/63993)
6|May 06 2013|06:58:04|302016|70.171.138.105|9016|10.10.254.70|64582|Teardown UDP connection 5 for outside:70.171.138.105/9016 to inside:10.10.254.70/64582 duration 0:02:01 bytes 18
6|May 06 2013|06:58:04|302020|10.10.254.70|1|192.168.152.21|0|Built outbound ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
6|May 06 2013|06:58:03|302015|192.168.152.21|53|10.10.254.70|53734|Built outbound UDP connection 261 for outside:192.168.152.21/53 (192.168.152.21/53) to inside:10.10.254.70/53734 (10.10.254.70/53734)
6|May 06 2013|06:58:03|302013|174.91.241.232|53766|10.10.254.70|34458|Built outbound TCP connection 260 for outside:174.91.241.232/53766 (174.91.241.232/53766) to inside:10.10.254.70/34458 (192.168.13.100/26157)
6|May 06 2013|06:58:03|305011|10.10.254.70|34458|192.168.13.100|26157|Built dynamic TCP translation from inside:10.10.254.70/34458 to outside:192.168.13.100/26157
6|May 06 2013|06:58:03|302014|10.10.225.18|443|10.10.254.70|34451|Teardown TCP connection 221 for outside:10.10.225.18/443 to inside:10.10.254.70/34451 duration 0:00:30 bytes 0 SYN Timeout
6|May 06 2013|06:58:02|302015|192.168.160.21|53|10.10.254.70|53734|Built outbound UDP connection 259 for outside:192.168.160.21/53 (192.168.160.21/53) to inside:10.10.254.70/53734 (10.10.254.70/53734)
6|May 06 2013|06:58:02|302021|192.168.152.21|0|10.10.254.70|1|Teardown ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
6|May 06 2013|06:58:00|302020|10.10.254.70|1|192.168.152.21|0|Built outbound ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
6|May 06 2013|06:57:58|302013|184.64.37.48|80|10.10.254.70|34457|Built outbound TCP connection 257 for outside:184.64.37.48/80 (184.64.37.48/80) to inside:10.10.254.70/34457 (192.168.13.100/43659)
6|May 06 2013|06:57:58|305011|10.10.254.70|34457|192.168.13.100|43659|Built dynamic TCP translation from inside:10.10.254.70/34457 to outside:192.168.13.100/43659
6|May 06 2013|06:57:58|302013|184.64.37.48|443|10.10.254.70|34456|Built outbound TCP connection 256 for outside:184.64.37.48/443 (184.64.37.48/443) to inside:10.10.254.70/34456 (192.168.13.100/47534)
6|May 06 2013|06:57:58|305011|10.10.254.70|34456|192.168.13.100|47534|Built dynamic TCP translation from inside:10.10.254.70/34456 to outside:192.168.13.100/47534
6|May 06 2013|06:57:58|305012|10.10.254.70|34446|192.168.13.100|3562|Teardown dynamic TCP translation from inside:10.10.254.70/34446 to outside:192.168.13.100/3562 duration 0:01:00
6|May 06 2013|06:57:58|302021|192.168.152.21|0|10.10.254.70|1|Teardown ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
6|May 06 2013|06:57:58|302015|192.168.152.21|53|10.10.254.70|56866|Built outbound UDP connection 255 for outside:192.168.152.21/53 (192.168.152.21/53) to inside:10.10.254.70/56866 (10.10.254.70/56866)
6|May 06 2013|06:57:57|302013|184.64.37.48|53578|10.10.254.70|34455|Built outbound TCP connection 254 for outside:184.64.37.48/53578 (184.64.37.48/53578) to inside:10.10.254.70/34455 (192.168.13.100/4536)
6|May 06 2013|06:57:57|305011|10.10.254.70|34455|192.168.13.100|4536|Built dynamic TCP translation from inside:10.10.254.70/34455 to outside:192.168.13.100/4536
6|May 06 2013|06:57:57|302014|74.56.154.191|62152|10.10.254.70|34441|Teardown TCP connection 170 for outside:74.56.154.191/62152 to inside:10.10.254.70/34441 duration 0:01:11 bytes 6953 TCP FINs
6|May 06 2013|06:57:57|302015|192.168.160.21|53|10.10.254.70|56866|Built outbound UDP connection 253 for outside:192.168.160.21/53 (192.168.160.21/53) to inside:10.10.254.70/56866 (10.10.254.70/56866)
6|May 06 2013|06:57:57|302013|50.72.9.170|12248|10.10.254.70|34454|Built outbound TCP connection 252 for outside:50.72.9.170/12248 (50.72.9.170/12248) to inside:10.10.254.70/34454 (192.168.13.100/39886)
6|May 06 2013|06:57:57|305011|10.10.254.70|34454|192.168.13.100|39886|Built dynamic TCP translation from inside:10.10.254.70/34454 to outside:192.168.13.100/39886
6|May 06 2013|06:57:56|302014|96.228.226.64|48962|10.10.254.70|34446|Teardown TCP connection 188 for outside:96.228.226.64/48962 to inside:10.10.254.70/34446 duration 0:00:58 bytes 363 TCP FINs
6|May 06 2013|06:57:56|302015|192.168.152.21|53|10.10.254.70|59590|Built outbound UDP connection 251 for outside:192.168.152.21/53 (192.168.152.21/53) to inside:10.10.254.70/59590 (10.10.254.70/59590)
6|May 06 2013|06:57:56|302013|184.64.37.48|53578|10.10.254.70|34453|Built outbound TCP connection 250 for outside:184.64.37.48/53578 (184.64.37.48/53578) to inside:10.10.254.70/34453 (192.168.13.100/34856)
6|May 06 2013|06:57:56|305011|10.10.254.70|34453|192.168.13.100|34856|Built dynamic TCP translation from inside:10.10.254.70/34453 to outside:192.168.13.100/34856
6|May 06 2013|06:57:56|302013|24.202.182.58|43715|10.10.254.70|34452|Built outbound TCP connection 249 for outside:24.202.182.58/43715 (24.202.182.58/43715) to inside:10.10.254.70/34452 (192.168.13.100/33908)
6|May 06 2013|06:57:56|305011|10.10.254.70|34452|192.168.13.100|33908|Built dynamic TCP translation from inside:10.10.254.70/34452 to outside:192.168.13.100/33908
6|May 06 2013|06:57:56|302020|10.10.254.70|1|192.168.152.21|0|Built outbound ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
6|May 06 2013|06:57:55|302015|192.168.160.21|53|10.10.254.70|59590|Built outbound UDP connection 247 for outside:192.168.160.21/53 (192.168.160.21/53) to inside:10.10.254.70/59590 (10.10.254.70/59590)
6|May 06 2013|06:57:55|302015|192.168.152.21|53|10.10.254.70|63756|Built outbound UDP connection 246 for outside:192.168.152.21/53 (192.168.152.21/53) to inside:10.10.254.70/63756 (10.10.254.70/63756)
6|May 06 2013|06:57:54|302021|192.168.152.21|0|10.10.254.70|1|Teardown ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
6|May 06 2013|06:57:54|302015|192.168.160.21|53|10.10.254.70|57967|Built outbound UDP connection 245 for outside:192.168.160.21/53 (192.168.160.21/53) to inside:10.10.254.70/57967 (10.10.254.70/57967)
6|May 06 2013|06:57:54|302014|10.10.225.18|443|10.10.254.70|34450|Teardown TCP connection 209 for outside:10.10.225.18/443 to inside:10.10.254.70/34450 duration 0:00:30 bytes 0 SYN Timeout
6|May 06 2013|06:57:54|302014|10.10.225.18|443|10.10.254.70|34449|Teardown TCP connection 207 for outside:10.10.225.18/443 to inside:10.10.254.70/34449 duration 0:00:30 bytes 0 SYN Timeout
6|May 06 2013|06:57:54|302015|192.168.160.21|53|10.10.254.70|63756|Built outbound UDP connection 244 for outside:192.168.160.21/53 (192.168.160.21/53) to inside:10.10.254.70/63756 (10.10.254.70/63756)
6|May 06 2013|06:57:53|302015|192.168.152.21|53|10.10.254.70|57967|Built outbound UDP connection 243 for outside:192.168.152.21/53 (192.168.152.21/53) to inside:10.10.254.70/57967 (10.10.254.70/57967)
6|May 06 2013|06:57:52|302020|10.10.254.70|1|192.168.152.21|0|Built outbound ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
6|May 06 2013|06:57:50|302021|192.168.152.21|0|10.10.254.70|1|Teardown ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
6|May 06 2013|06:57:49|302015|192.168.160.21|53|10.10.254.70|54304|Built outbound UDP connection 241 for outside:192.168.160.21/53 (192.168.160.21/53) to inside:10.10.254.70/54304 (10.10.254.70/54304)
6|May 06 2013|06:57:48|302015|192.168.152.21|53|10.10.254.70|54304|Built outbound UDP connection 240 for outside:192.168.152.21/53 (192.168.152.21/53) to inside:10.10.254.70/54304 (10.10.254.70/54304)
6|May 06 2013|06:57:48|302020|10.10.254.70|1|192.168.152.21|0|Built outbound ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
6|May 06 2013|06:57:48|302015|192.168.160.21|53|10.10.254.70|65422|Built outbound UDP connection 238 for outside:192.168.160.21/53 (192.168.160.21/53) to inside:10.10.254.70/65422 (10.10.254.70/65422)
6|May 06 2013|06:57:47|302015|192.168.152.21|53|10.10.254.70|65422|Built outbound UDP connection 237 for outside:192.168.152.21/53 (192.168.152.21/53) to inside:10.10.254.70/65422 (10.10.254.70/65422)
6|May 06 2013|06:57:46|302021|192.168.152.21|0|10.10.254.70|1|Teardown ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
6|May 06 2013|06:57:46|302015|192.168.160.21|53|10.10.254.70|50300|Built outbound UDP connection 236 for outside:192.168.160.21/53 (192.168.160.21/53) to inside:10.10.254.70/50300 (10.10.254.70/50300)
6|May 06 2013|06:57:46|302015|192.168.160.21|53|10.10.254.70|49286|Built outbound UDP connection 235 for outside:192.168.160.21/53 (192.168.160.21/53) to inside:10.10.254.70/49286 (10.10.254.70/49286)
6|May 06 2013|06:57:45|302015|192.168.152.21|53|10.10.254.70|50300|Built outbound UDP connection 234 for outside:192.168.152.21/53 (192.168.152.21/53) to inside:10.10.254.70/50300 (10.10.254.70/50300)
6|May 06 2013|06:57:45|302015|192.168.152.21|53|10.10.254.70|49286|Built outbound UDP connection 233 for outside:192.168.152.21/53 (192.168.152.21/53) to inside:10.10.254.70/49286 (10.10.254.70/49286)
6|May 06 2013|06:57:44|302020|10.10.254.70|1|192.168.152.21|0|Built outbound ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
6|May 06 2013|06:57:43|305012|10.10.254.70|34440|192.168.13.100|17057|Teardown dynamic TCP translation from inside:10.10.254.70/34440 to outside:192.168.13.100/17057 duration 0:01:00
6|May 06 2013|06:57:43|302015|192.168.160.21|53|10.10.254.70|57306|Built outbound UDP connection 231 for outside:192.168.160.21/53 (192.168.160.21/53) to inside:10.10.254.70/57306 (10.10.254.70/57306)
6|May 06 2013|06:57:42|305012|10.10.254.70|34439|192.168.13.100|24448|Teardown dynamic TCP translation from inside:10.10.254.70/34439 to outside:192.168.13.100/24448 duration 0:01:00
6|May 06 2013|06:57:42|305012|10.10.254.70|34438|192.168.13.100|20628|Teardown dynamic TCP translation from inside:10.10.254.70/34438 to outside:192.168.13.100/20628 duration 0:01:00
6|May 06 2013|06:57:42|302015|192.168.160.21|53|10.10.254.70|54646|Built outbound UDP connection 230 for outside:192.168.160.21/53 (192.168.160.21/53) to inside:10.10.254.70/54646 (10.10.254.70/54646)
6|May 06 2013|06:57:42|302015|192.168.152.21|53|10.10.254.70|57306|Built outbound UDP connection 229 for outside:192.168.152.21/53 (192.168.152.21/53) to inside:10.10.254.70/57306 (10.10.254.70/57306)
6|May 06 2013|06:57:42|302021|192.168.152.21|0|10.10.254.70|1|Teardown ICMP connection for faddr 192.168.152.21/0 gaddr 10.10.254.70/1 laddr 10.10.254.70/1
6|May 06 2013|06:57:42|302015|192.168.160.21|53|10.10.254.70|64481|Built outbound UDP connection 228 for outside:192.168.160.21/53 (192.168.160.21/53) to inside:10.10.254.70/64481 (10.10.254.70/64481)
6|May 06 2013|06:57:41|302015|192.168.152.21|53|10.1First, make sure you correct the mask in the crypto ACL, per my other post.
You should check with the other admin and make sure your crypto ACLs are exact mirrors of each other. It wouldn't be a bad idea to put a sniffer on the WAN side to see if you can detect asymmetrical operation (packets that should be encapsulated, but are not).
It looks like the pool (192.168.100.0 255.255.255.248) is not part of a policy push from the other crypto endpoint.
Are they actually using a /24 mask on their side, or is that an assumption on your part?
Could it be that they are actually using a mask greater than /24 so as to not have an overlap?
My concern was how a host on the far side with a /24 mask would initiate/respond to a host on your side. The host on their side would ARP your host believing it was directly reachable, due to the mask.
Perhaps this might be resolved with "ip proxy-arp" configured on the internal interface of their router.
Is their 192.168.100.0 /? network the connected network on the inside of their router, or buried deeper in their topology? -
Cisco ASA 5585-X SSP-20 8.4(2) - TCP Syslog problem
Hi,
We have a firewall service environment where logging is handled with UDP at the moment.
Recently we have noticed that some messages get lost on the way to the server (Since the server doesnt seem to be under huge stress from syslog traffic). We decided to try sending the syslog via TCP.
You can imagine my surprise when I enabled the "logging host <interface name> <server ip> tcp/1470" on an ASA Security context and find out that all the connections through that firewall are now being blocked. Granted, I could have checked the command reference for this specific command but I never even thought of the possibility of a logging command beeing able to stop all traffic on a firewall.
The TCP syslog connection failing was caused by a missmatched TCP port on the server which got corrected quickly. Even though I could now view log messages from the firewall in question in real time, the only message logged was the blocking of new connections with the following syslog message:
"%ASA-3-201008: Disallowing new connections."
Here start my questions:
- New connections are supposed to be blocked when the the TCP Syslog server aint reachable. How is it possible that I am seeing the TCP syslog sent to the server and the ASA Security Context is still blocking the traffic?
- I configured the "logging permit-hostdown" after I found the command and it supposedly should prevent the above problem/situation from happening. Yet after issuing this command on the Security Context in question, connections were still being blocked with the same syslog message. Why is this?
- Eventually I changed the logging back to UDP. This yet again caused no change to the situation. All the customer connections were still being blocked. Why is this?
- After all the above I removed all possible logging configurations from the Security Context. This had absolutely no effect on the situation either.
- As a last measure I changed to the system context of the ASA and totally removed the syslog interface from the Security Context. This also had absolutely no effect on the situation.
At the end I was forced to save the configuration on the ASAs Flash -memory, remove the Security Context, create the SC again, attach the interfaces again and load the configuration from the flash into the Security Context. This in the end corrected the problem.
Seems to me this is some sort of bug since the syslog server was receiving the syslog messages from the SC but the ASA was still blocking all new connections. Even the command "logging permit-hostdown" command didnt help or changing back to UDP.
It seems the Security Context in question just simply got stuck and continued blocking all connections even though in the end it didnt have ANY logging configurations on.
Seems to me that this is quite a risky configuration if you are possibly facing cutting all traffic for hundreds of customers when the syslog connection is lost or the above situation happens and isnt corrected by any of the above measures we took (like the command "logging permit-hostdown" which is supposed to avoid this situation alltogether).
- JouniHi,
I FINALLY had the time to look at this issue as I was testing something else in our lab too.
In short, here is what I did:
I configured the TCP logging in the same way as in the original post
I configured the TCP logging giving the commands in different order
Did some other tests related to the proble
Device used: ASA 5585-X
Software: 8.4(2)
Original Device and software : ASA 5585-X running 8.4(1)9
Heres the above scenarions and what actually happened
Original situation
Before doing any changes the test firewall context in question is working normally and the log sent by UDP/514 is arriving to the Syslog server as usual.
I now change the syslog to TCP by giving a command "logging host tcp/1471" (actual port being TCP/1470)
The firewall immediatly starts blocking all connections going through it.
I change the configuration to the correct port TCP/1470 after which log starts appearing in my realtime view on the syslog server. The firewall context in question is still sending only the message "Disallowing new connections" even though the TCP -port on the Syslog server is clearly reachable and the connection is active.
After this I try to do the suggest "clear local-host all" command. This has no effect on the firewall context. No connections are getting through. No connections/xlates are formed on the firewall. I can only see the firewall doing DNS queries with its outside interface (related to another configuration).
After this I try to start correcting the situation the same way as before. I add "logging permit-hostdown" command which has no effect on the situation. I remove all logging configurations and it doesnt have any effect on the situation.
After this I activate UDP logging and can see the logs arriving on the syslog server but again I can only see "Disallowing new connections" message.
In the end I have no other option (to my knowledge) other than to delete the Security Context and create it again with same interfaces and with the configuration saved to the Flash -memory of the ASA.
After this the connections work like usual. (UDP logging in the saved configuration)
Giving the configurations in different order
After I've created the firewall again and all is working I have another try in configuring the TCP Syslog while giving the commands in different order.
First I add the command "logging permit-hostdown" command
Then I add the command "logging host tcp/1470"
After this logs start arriving on the syslog server and connections work as usual. Seems giving the "logging permit-hostdown" first before any other configurations is the right way to go.
Removing the "logging permit-hostdown" command
After I saw that everything was working I tried to remove the "logging permit-hostdown" command and see what happens. Everything worked fine.
Configuring wrong TCP port to "logging host" command
I decide to try and change the TCP port used to a wrong one and see if anything happens. (logging permit-hostdown is active). Firewall works as usual. Naturally no logs can be viewed at the syslog server.
Configuring the TCP Syslogging without "logging permit-hostdown" but with correct port
Finally I tried to configure the TCP Syslogging on ASA with the correct TCP port without issuing the "logging permit-hostdown" command. Everything seemed to work fine after this.
So in conclusion it seems that IF you don't have the "logging permit-hostdown" command issued before you start configuring "logging host tcp/xxxx" , you might run into problems IF you don't have matching settings on the ASA sending the log and the Syslog server receiving the log.
There doesnt seem to be any easy way to correct the situation (with the connections getting blocked) after you have once messed up the configurations. Seems your only option is to reconfigure the Security Context (which is easy) or if this problem exists in the same way in a single ASA you will have to reboot the device which means longer downtime than reconfiguring a context.
There would still be a couple of things to test but at the moment I have no more time for this. I will update if there is any new information.
- Jouni -
Cisco ASA Stateuful inspection of encrypted traffic.
I have been looking for documentation for the ASA and how it handles stateful inspection of encrypted traffic. I find plenty of documentation for the ASA and stateful inspection of traffic, but none specifically referencing encrypted traffic. Can anyone supply me with documentation referencing this and/or a description of how it handles this type of traffic, and if it does this by default or if any special configuration is needed?
Thanks in advance.
MikeI'm not aware of the place in the documentation where it is mentioned, but also traffic entering or leaving a VPN that is terminated on the ASA is statefully inspected the same way it is with "normal" traffic.
I assumed that you mean this by "encrypted traffic". But if you are talking about encrypted traffic that flows through the ASA then the answer is "it depends":
Pure IPSec traffic is not statefully inspected as AH/ESP can not be inspected. IPSec with NAT-Traversal is inspected as it is encapsulated in UDP or TCP. Same for SSL-VPNs which is again UDP and/or TCP traffic.
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni -
Business Continuity features available in ASA-5585-x
Hi,
in Data Center environment using only one ASA-5585-x, what kind of business continuity features, a single 5585-x offers or can be configured to keep the business running, in case the firewall got failed.
Thanks
MikeHi,
I am not sure if I understood the question completely.
I am not really sure how any configuration on the device can help you if the actual device fails completely.
With regards to the hardware I think only the high end model with SSP-60 comes by default with 2 PSUs while others come with 1 PSUs though you can install a second PSU to the units and in this way provide some redundancy in the event of power failure though that naturally depends on other factors than the ASA alone.
To my understanding it is also possible to set up the single ASA 5585-X unit with dual SSPs. I have not had to set up such an environment so I am not sure how it exactly works. I am not sure how they handle together. I can't seem to find the document I was once reading about this. But I would imagine that this could provide redudancy to the firewall setup.
Then there is also Clustering ASAs (not same as Failover pair) units but again this naturally requires additional hardware and is something I have not setup up myself.
Then there is naturally configuring 2 identical ASA 5585-X units in Failover pair (Active/Standby or Active/Active) to provide redudancy in case of hardware failure.
We have some less critical environments set up with single ASA5585-X units and we naturally dont guarantee the same availability for those services as with setup where we have 2x ASA5585-X units in Failover. We do have replacement units for these and can naturally get replacements otherwise also.
- Jouni -
i am seeing a strange issue on 2 of my Cisco ASA 5585s
randomly the "Enable inbound VPN sessions to bypass interface access list. Group...." setting is getting unchecked.
i have verified that no one is logging into the system
is this a bug in the firmware or the ASDM ?Hi,
I have not run into this issue atleast.
First and only thing that comes to mind is that someone is using the ASDMs VPN Wizard to configure new VPN connections and during that changes this Global Setting that you mention.
On the CLI format the command is
sysopt connection permit-vpn
The above is the default setting and will mean that any traffic coming through a VPN connection will bypass the interface ACL of the interface where the VPN is connected to.
The below form of the command changes the behaviour of the ASA so that any connection will need to be allowed in the interface ACL of the interface where the VPN is connected to.
no sysopt connection permit-vpn
You can view the current setting (among all the other system option settings) with
show run all sysopt
- Jouni -
How many default virtual context counts with ASA 5585 Series
Hi All:
I prepare replace FWSM to ASA 5585 Series,but I confuse the default virtual context counts on ASA 5585.
I used 3 virtual contexts on my old FWSM(1 admin context with 2 contexts).According the ASA configuration guide below.
http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/mode_contexts.html#wp1188797
It state the ASA 5585 have default 2 contexts,Does it state the ASA 5585 just have 2 contexts or 1 admin context plus "2" context (3 contexts available)
thks fot your replyHi,
To my understanding the ASA with the most default lisence lets you use 2 Security Contexts to your own purposes. Admin context will always be there on the ASA when running in multiple context mode. Its created when you change your ASA from its default mode (single) to "mode multiple".
In my original post the latter part was just to mention that to my understanding if you use 2 ASAs (almost any model) in failover with a software 8.3 and above the ASA will combine their lisences regarding some values. For example connecting 2 ASAs in Failover which have limit of 2 Security Contexts, they will get combined and the failover will have 4 Security Context limit.
Atleast that is what I see with the "show version" command and this is also what we have been told by a Cisco employee. Ive also been told that if I for example (running 8.3+ OS) buy a 5 Security Context license for the other unit, It will combine the others base license (2 SC) to the others units new license (5 SC) resulting in the combined Security Context limit of 7.
This is what Cisco documentation mentions about Active/Standby and Active/Active Failover Licensing at version 8.3 and above:
Or you have two ASA 5540 adaptive security appliances, one with 20 contexts and the other with 10 contexts; the combined license allows 30 contexts. For Active/Active failover, for example, one unit can use 18 contexts and the other unit can use 12 contexts, for a total of 30; the combined usage cannot exceed the failover cluster license.
I've have had 2 ASA5585-X ASAs combined in A/A Failover running 8.4(2) and they have atleast showed that they have the combined Security Context limit of 4 Security Contexts
Heres a partial output of the "show version" command on the ASAs in question when they were just out of the box combined in Failover with no other configurations other than running in multiple context mode and management configuration in admin context.
Licensed features for this platform:Maximum Physical Interfaces : Unlimited perpetualMaximum VLANs : 1024 perpetualInside Hosts : Unlimited perpetualFailover : Active/Active perpetualVPN-DES : Enabled perpetualVPN-3DES-AES : Enabled perpetualSecurity Contexts : 2 perpetualGTP/GPRS : Disabled perpetualAnyConnect Premium Peers : 2 perpetualAnyConnect Essentials : Disabled perpetualOther VPN Peers : 10000 perpetualTotal VPN Peers : 10000 perpetualShared License : Disabled perpetualAnyConnect for Mobile : Disabled perpetualAnyConnect for Cisco VPN Phone : Disabled perpetualAdvanced Endpoint Assessment : Disabled perpetualUC Phone Proxy Sessions : 2 perpetualTotal UC Proxy Sessions : 2 perpetualBotnet Traffic Filter : Disabled perpetualIntercompany Media Engine : Disabled perpetual10GE I/O : Disabled perpetualFailover cluster licensed features for this platform:Maximum Physical Interfaces : Unlimited perpetualMaximum VLANs : 1024 perpetualInside Hosts : Unlimited perpetualFailover : Active/Active perpetualVPN-DES : Enabled perpetualVPN-3DES-AES : Enabled perpetualSecurity Contexts : 4 perpetualGTP/GPRS : Disabled perpetualAnyConnect Premium Peers : 4 perpetualAnyConnect Essentials : Disabled perpetualOther VPN Peers : 10000 perpetualTotal VPN Peers : 10000 perpetualShared License : Disabled perpetualAnyConnect for Mobile : Disabled perpetualAnyConnect for Cisco VPN Phone : Disabled perpetualAdvanced Endpoint Assessment : Disabled perpetualUC Phone Proxy Sessions : 4 perpetualTotal UC Proxy Sessions : 4 perpetualBotnet Traffic Filter : Disabled perpetualIntercompany Media Engine : Disabled perpetual10GE I/O : Disabled perpetual
Though I still suggest confirming all these things from the people/company that youre acquiring the ASA(s) from so you get what youre asking for. Or someone from Cisco could confirm this on these forums. -
Using ASA 5510 and router for dual WAN Connections.
Guys, neeed some help here:
Context:
1- My company has one ASA 5510 configured with Site-to-site VPN, Ipsec Cisco VPN and AnyConnect VPN.
2- We use ASA to connect to the single ISP (ISP 1) for internet access. ASA does all the NATing for internal users to go out.
3- A second link is coming in and we will be using ISP 2 to loadbalance traffic to internet (i.e. business traffic will go via ISP1 and “other” traffic will go via ISP2).
4- A router will be deployed in front of the ASA to terminate internet links.
5- No BGP should be used to implement policy (traffic X goes via ISP1, traffic Y goes via ISP2).
Questions:
How do I get this done, particularly, how do I tell the router, for traffic X use ISP1 and for traffic Y use ISP2? PBR is my friend?
Since I will be having 2 public Ip Addresses from the 2 ISPs, how do I NAT internal users to the 2 public Ip addresses ?.
Finally, which device should be doing the NATing? The ASA just like now or move NATing to the Router?
Thanks
NdaungweHi,
Check the below link, it gives information on trasperant fw config and limilations. Based on the doc, you may need to move the VPN /anyconnect to router as well. From the routr end you may be able to set up static routes pointing to diff ISP based on traffic needs but this will be compleicated setup and can break things. Wait for other suggestions or if possible stick to ASA to terminate both links and still route the traffic to diff ISPs (Saves the router cost as well).
http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps2030/products_configuration_example09186a008089f467.shtml
Thx
MS -
Block P2P software using ASA-AIP-SSM-20 module
Hello,
I have got a question about blocking P2P traffic on ASA AIP module. I have searched the forums and all I could find were solutions using regex, port block, MPF, but no AIP implementation example.
Could anyone point me in the right direction please ?
Many thanks,
MartinHello Paps,
Many thanks for your reply. I was searching the web like crazy for some solutions using IPS and it never occured to me that I could just simply look for the signature files on Cisco website.
Thank you very much again
With regards,
Martin -
Hi,
Is there any way to create vlans on cisco asa 5585 similar way we do for cisco switches.
The asa in this case is an interface for subsidary users to connect into this new network.
We require few vlans to be created for some servers on the firewall. the firewall should be the gateway for these servers.
eg. vlan 100 - 192.168.100.1/24 should be on the ASA firewall.
How do we achieve this?
Appreciate all help on this.Hi,
You will have to configure atleast one physical interface as a Trunk interface if you want to bring the Vlan all the way to the ASA. Essentially the configuration follows the same lines as configuring a Cisco router to act as the gateway for multiple Vlans behind a switch.
The actual configuration format depends on how you have set up the ASA. Is it Single Context or Multiple Context?
In Single Context the configuration would be something like this
interface GigabitEthernet0/0
description TRUNK
interface GigabitEthernet0/0.100
vlan 100
nameif LAN
security-level 100
ip add 10.10.10.1 255.255.255.0
interface GigabitEthernet0/0.200
vlan 200
nameif DMZ
security-level 50
ip add 192.168.10.1 255.255.255.0
If you are running Multiple Context mode the configuration could be something like this
interface GigabitEthernet0/0
description TRUNK
interface GigabitEthernet0/0.100
description LAN
vlan 100
interface GigabitEthernet0/0.200
description DMZ
vlan 200
context EXAMPLE-CONTEXT
allocate-interface GigabitEthernet0/0.100
allocate-interface GigabitEthernet0/0.200
config-url disk0:/EXAMPLE-CONTEXT.cfg
Or something along these lines
Hope this helps
Please do remember to mark a reply as the correct answer if it answered your question.
Feel free to ask more if needed.
- Jouni -
Filter Traffic using ISDM-2 Inline Mode and Inline VLAN Pairs
Hi Everyone,
I have a new ISDM-2 Module (Version 6.0(1)E1) and I?m thinking use Inline VLAN Pairs to bridge two vlans, in my case vlan 100 and vlan 101. Vlan 100 is the vlan used by MSFC and Vlan 101 is the vlan used by the outside of my FWSM . In this way, I think I can monitor all the traffic into and from Internet. My question is: can I choose what traffic I will analyze using this configuration ? Maybye with VACL or another way.
Thanks in Advanced
Andre LomonacoIf I understand your question correctly, I do not think you have the ability to selectively inspect the traffic with only a single pair of vlans. The IPS module is going to bridge your vlans together and you would want all traffic to go through that bridge...I don't know what mechanism you'd use to selectively direct traffic through some other bridge/route function.
Within the IPS software you can turn off (disable AND retire) signatures that inspect traffic that you wish to ignore, the IPS will just forward the traffic through, but you don't have a fine level of granularity there.
Scott -
Hi,
how can apply route-map rules to an interface ?
i set up some rules but i cannot apply these rules any interface.
Thanks a lot.Thank you Kanwal.
in a cisco router you can apply your route-map by using command ip policy map ... İ didnt find any command like this. İ set up some match and set conditions but i do not apply any interface.
can i use route-map to manipulate routing table İn asa 5585-x.?
sincerely -
ASA 5585-X TACACS+/RADIUS Server
All,
Can the ASA 5585-X's act as a AAA TACACS+ and/or RADIUS server for network infrastructure devices?
I've used Cisco Secure ACS for TACACS and RADIUS AAA..
My client has ordered a bunch of them. They don't have an AAA solution and were just told they will need to implement AAA on network infrastructure devices.
Thanks for any information.
StephanieAdding to Jan's correct answer.
The current Cisco RADIUS offerings are either the ACS product (RADIUS and TACACS+) or Identity Services Engine (ISE - RADIUS only). Both are offered in both appliance and VM formats.
Beside NPS on Windows server, there are also open source projects of both RADIUS and TACACS servers available. -
Symantec PKI on Cisco ASA 5585
I am using a Cisco ASA 5585 in my network, the decision was made to use Symantec PKIs for the certificates. My question is, what the correct syntex would be to implement these PKIs on the ASA. I am trying to get this on the first go, as I want to limit down time.
Hi,
250 virtual contexts and 1024 VLAN’s are supported.
Don't forget to rate helpfull posts.
Sajid Ali Pathan.
Maybe you are looking for
-
Why does my launchpad keep appearing automatically and how do I stop this?
I have just gotten this iMac a few days ago and everything was fine till i begin transferring files from my old laptop and downloading free software frmo the internet. The launchpad screen keep appearing and disappearing at free will and this is a pr
-
Hello, I am a user of the iPhone is not the place for bi çıkıcak turkey apple brand products and product support and equipment does not work as it used to fix and send back waiting for your help. Please support me in this regard quit
-
Transport Layer Security Cipher Suites in Safari
Does anyone happen to know which Transport Layer Security (TLS) Cipher Suites Safari 4 supports? Specifically, does it support the Elliptic Curve suites from RFC 4492? How about AES? Thanks!
-
NationalInstruments.Analysis.Dsp.SignalProcessing.Integrate method
Could you give me an example use of the NationalInstruments.Analysis.Dsp.SignalProcessing.Integrate method? I want to integrate a signal but I am not sure what to use for the boundary conditions (initialCondition and finalCondition).
-
I have a MIDlet that process a image to RGB array, hear is the code: int[] imgRgbData = new int[width * height]; img.getRGB( imgRgbData, 0, width, 0, 0, width, height ); ByteArrayOutputStream baos = new ByteArrayOutputStream(); Da