Mail smtp using PAT instead of static NAT assigned
All, I am seeing some odd things in relation to how our smtp gateway is sending information out across the Internet. When I do a show xlate it shows that it is using the global PAT of our primary ISP. However, I have a static NAT assigned to it over our second ISP. When emails are sent to external email systems from us, it is showing it coming from our smtp gateway as the global PAT assigned on my primary ISP. Is there any specific way I can watch what's going on when the firewall does a NAT with a specific command on the ASA?
Hi,
I think you may find that routing is what is causing what you are explaining. i.e The destination of the connection you are describing means that the traffic exits via the primary ISP link which (for your mail server) only has a PAT to the firewall interface address.
In order to verify this, you can check the routes manually using the 'sh route' command, or you can trace the path a packet would take through the firewall device using the 'packet-tracer' command, paying specific attention to the last section.
Similar Messages
-
Revision: 7687
Author: [email protected]
Date: 2009-06-09 13:41:18 -0700 (Tue, 09 Jun 2009)
Log Message:
Forgot to have WindowedSystemManager use instance instead of static for mixins. (regular SystemManager was changed to use instance instead of static before checkin)
Also fix porting error in MarshallPlan.as
QE Notes: None
Doc Notes: None
Bugs: SDK-21461
Reviewer: darrell
tests: checkintests
Ticket Links:
http://bugs.adobe.com/jira/browse/SDK-21461
Modified Paths:
flex/sdk/trunk/frameworks/projects/airframework/src/mx/managers/WindowedSystemManager.as
flex/sdk/trunk/frameworks/projects/framework/src/mx/managers/systemClasses/MarshallPlan.a sHi Chris,
I tried removing and adding back the dialpeer 101 and adding .T to 501 but still the same result. Please help.
Please see the following:
SEC-HO-VGATEWAY01#show dial-peer voice summ
dial-peer hunt 1
AD PRE PASS OUT
TAG TYPE MIN OPER PREFIX DEST-PATTERN FER THRU SESS-TARGET STAT PORT KEEPALIVE
501 voip up up 0 syst
1001 voip up up 5... 1 syst ipv4:10.13.14.21
1002 voip up up 1...$ 1 syst ipv4:10.13.14.21
103 voip up up 911$ 1 syst dns:toronto2.voip.ms
102 voip up up 1[2-9]..[2-9]...- 1 syst dns:toronto2.voip.ms
...$
101 voip up up [2-9]..[2-9]....- 1 syst dns:toronto2.voip.ms
..$
SEC-HO-VGATEWAY01#show run | sec dial-peer voice 501
dial-peer voice 501 voip
incoming called-number .T
voice-class sip bind control source-interface Loopback0
voice-class sip bind media source-interface Loopback0
dtmf-relay rtp-nte
codec g711ulaw
no vad -
I can't send yahoo mail(SMTP)using a Mac?
I can't send yahoo mail(SMTP)using a Mac?
Listen I do not have any problem with the I cloud at all. When its come to setting up the..... Outgoing
mail serve (smtp) for yahoo I have tried every thing even I changed any other settings in my email accounts.
But doesn't responds. Just some one tell me please for yahoo account what should I put for Server Name and
Description ??? I already tried the (smtp.yahoo.com) or even this one. (smtp.mail.yahoo.com)
I believe do something wrong here . Is all of
this make sense what I try to tell you ? Im just so confessed
smtp.mail.yahoo.comI..
(It wont let me send any emaills)
Thank you for your response! -
Using both Dynamic and Static NAT with two Different Internet facing Subnets
We have two Class C Public Address subnets. We started with Subnet (A) and have many of our Internet accessible devices on it. It is running on a Cisco PIX 515R. We bought a new ASA 5510 8.3(2) and started Migrating the Users and new servers to it so I started with our second Class C Subnet (B). Later on down the road I found out that if the Firewalls Default Gateway is is set to a (B) Interface subnet, then the servers that are statically mapped to a (A) Address will have a (B) address when they communicate out to the internet. So they are receiving packets on their (A) Address, though replying to them with a (B) address.
It was mentioned that I should be able to combine static and dynamic NAT mapping to allow devices behind the firewall to have a fixed external Address when communicating outbound as well as inbound.
So For instance I want the Following: when the Internal Replies I want the reply to come from the mapped IP, not a IP from the Dynamic Pool.
Public IP: 192.168.1.100/24
Internal IP: 10.0.0.100/16
Public IP: 192.168.5.101/24
Internal IP: 10.0.0.101/16
interface Ethernet0/0
description 192.168.1.0/24 Network Outside IP
nameif outside-1
security-level 0
ip address 192.168.1.1 255.255.255.0
interface Ethernet0/1
description 192.168.5.0/24 Network Outside IP
nameif outside-5
security-level 0
ip address 192.168.5.1 255.255.255.0
interface Ethernet0/2
description inside 10.0.0.0/16
nameif inside
security-level 100
ip address 10.0.0.1 255.255.0.0
object network serverA_o
host 192.168.1.100
object network serverA_i
host 10.0.0.100
object network serverB_o
host 192.168.5.101
object network serverB_i
host 10.0.0.101
object network 192-168-1-NAT-POOL
range 192.168.1.50 192.168.1.239
nat (inside,outside-1) source static serverA_i serverA_o
nat (inside,outside-5) source static serverB_i serverB_o
nat (inside,outside-1) source dynamic any 192-168-1-NAT-POOL interface
object network serverA_i
nat (inside,outside-1) static serverA_o
object network serverB_i
nat (inside,outside-5) static serverB_o
route outside-1 0.0.0.0 0.0.0.0 192.168.1.1 1
route outside-5 0.0.0.0 0.0.0.0 192.168.5.1 2
When I set this up my serverB shows a Public IP of something in the 192-168-1-NAT-POOL Not 192.168.5.101
Any Suggestions?
Thanks!Not sure why I have Multiple Entries. )-: I did think it was Odd. I think it might be because I looking at examples of the new and old styles of NAT.
We have a Single ISP, though have 2 separate non-Contiguous Class C Addresses from them. We host some Servers on one subnet and some on the other.
I'm looking for a way to use both Subnets on the same ASA.
The Connection to the net looks like this:
Internet -> Edge Router Layer3 VLAN Switch
GE0/1.2 - 192.168.1.1 VLAN Tagged --> GE0 - VLAN Tagged
GE0/1.2 - 192.168.5.1 VLAN Tagged -^
Layer3 VLAN Switch Firewall
GE1 192.168.1.0/24 Untagged -> ASA Outside-1
GE2 192.168.5.0/24 Untagged -> ASA Outside-5
Firewall
ASA inside 10.0.0.0/16 -> Switch -> 10.0.0.100
Hope that helps clarify.
I could try to post some sanitized Configs of my PIX and ASA if needed. But the end result I'm trying to do is have the ASA do NAT for multiple Public Subnets. -
Issues with an LDAP server configured using DHCP instead of static.
Can anyone tell me if there is a known issue using a DHCP address instead of a static IP address to build a 10.4 MAC server that will is a LDAP master?
I have an LDAP master that is running 10.4 that has user account issues. Random users will suddenly not be able to authenticate against the server. I have been told this is because the server was originally built using a DHCP address and then migrated to a static IP. Being a UNIX geek this does not seem to make a lot of sense to me but I am new to MAC..... So?It absolutely could be the cause of the issue. Open Directory uses Kerberos (among other things) for authentication. Kerberos is VERY VERY VERY particular about DNS... and if your OD master changed the IP address, it could cause these problems. I wouldn't expect that it would ever work, but perhaps some days the IP is the same as it was during initial setup.
Do a 'sudo changeip -checkhostname' from the server and see if it says everything is okay. If not, you definitely have things you need to fix. Frankly, with DHCP on the server you are 100% guaranteed to have problems at some point. -
ASA 5510 Multiple Public IP - Static NAT Issue - Dynamic PAT - SMTP
Running into a little bit of a roadblock and hoping someone can help me figure out what the issue is. My guess right now is that it has something to do with dynamic PAT.
Essentially, I have a block of 5 static public IP's. I have 1 assigned to the interface and am using another for email/webmail. I have no problems accessing the internet, receving emails, etc... The issue is that the static NAT public IP for email is using the outside IP instead of the one assigned through the static NAT. I would really appreciate if anyone could help shed some light as to why this is happening for me. I always thought a static nat should take precidence in the order of things.
Recap:
IP 1 -- 10.10.10.78 is assigned to outside interface. Dynamic PAT for all network objects to use this address when going out.
IP 2 -- 10.10.10.74 is assgned through static nat to email server. Email server should respond to and send out using this IP address.
Email server gets traffic from 10.10.10.74 like it is supposed to, but when sending out shows as 10.10.10.78 instead of 10.10.10.74.
Thanks in advance for anyone that reads this and can lend a hand.
- Justin
Here is my running config (some items like IP's, domain names, etc... modified to hide actual values; ignore VPN stuff -- still work in progress):
ASA Version 8.4(3)
hostname MYHOSTNAME
domain-name MYDOMAIN.COM
enable password msTsgJ6BvY68//T7 encrypted
passwd msTsgJ6BvY68//T7 encrypted
names
interface Ethernet0/0
speed 100
duplex full
nameif outside
security-level 0
ip address 10.10.10.78 255.255.255.248
interface Ethernet0/1
nameif inside
security-level 100
ip address 192.168.2.2 255.255.255.0
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
boot system disk0:/asa843-k8.bin
ftp mode passive
clock timezone CST -6
clock summer-time CDT recurring
dns server-group DefaultDNS
domain-name MYDOMAIN.COM
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network inside-network
subnet 192.168.2.0 255.255.255.0
object network Email
host 192.168.2.7
object network Webmail
host 192.168.2.16
object network WebmailSecure
host 192.168.2.16
access-list inside_access_out extended permit ip any any
access-list inside_access_out extended permit icmp any any
access-list VPN_Split_Tunnel_List remark The corporate network behind the ASA (inside)
access-list VPN_Split_Tunnel_List standard permit 192.168.2.0 255.255.255.0
access-list outside_access_in extended deny icmp any any
access-list outside_access_in extended permit tcp any object Email eq smtp
access-list outside_access_in extended permit tcp any object Webmail eq www
access-list outside_access_in extended permit tcp any object WebmailSecure eq https
pager lines 24
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu management 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-647.bin
asdm history enable
arp timeout 14400
nat (inside,outside) source static inside-network inside-network destination static inside-network inside-network no-proxy-arp route-lookup
object network obj_any
nat (inside,outside) dynamic interface
object network Email
nat (inside,outside) static 10.10.10.74 service tcp smtp smtp
object network Webmail
nat (inside,outside) static 10.10.10.74 service tcp www www
object network WebmailSecure
nat (inside,outside) static 10.10.10.74 service tcp https https
access-group outside_access_in in interface outside
access-group inside_access_out out interface inside
route outside 0.0.0.0 0.0.0.0 10.10.10.73 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server MYDOMAIN protocol kerberos
aaa-server MYDOMAIN (inside) host 192.168.2.8
kerberos-realm MYDOMAIN.COM
aaa-server MYDOMAIN (inside) host 192.168.2.9
kerberos-realm MYDOMAIN.COM
aaa-server MY-LDAP protocol ldap
aaa-server MY-LDAP (inside) host 192.168.2.8
ldap-base-dn DC=MYDOMAIN,DC=com
ldap-group-base-dn DC=MYDOMAIN,DC=com
ldap-scope subtree
ldap-naming-attribute sAMAccountName
ldap-login-password *****
ldap-login-dn CN=SOMEUSER,CN=Users,DC=MYDOMAIN,DC=com
server-type microsoft
aaa-server MY-LDAP (inside) host 192.168.2.9
ldap-base-dn DC=MYDOMAIN,DC=com
ldap-group-base-dn DC=MYDOMAIN,DC=com
ldap-scope subtree
ldap-naming-attribute sAMAccountName
ldap-login-password *****
ldap-login-dn CN=SOMEUSER,CN=Users,DC=MYDOMAIN,DC=com
server-type microsoft
user-identity default-domain LOCAL
http server enable
http 192.168.1.0 255.255.255.0 management
http 192.168.2.0 255.255.255.0 inside
http redirect outside 80
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map inside_map interface inside
crypto ca trustpoint ASDM_TrustPoint0
enrollment self
email [email protected]
subject-name CN=MYHOSTNAME
ip-address 10.10.10.78
proxy-ldc-issuer
crl configure
crypto ca certificate chain ASDM_TrustPoint0
certificate e633854f
30820298 30820201 a0030201 020204e6 33854f30 0d06092a 864886f7 0d010105
0500305e 31143012 06035504 03130b47 46472d53 55532d41 53413146 301a0609
2a864886 f70d0109 08130d39 382e3130 302e3232 322e3738 30280609 2a864886
f70d0109 02161b47 46472d53 55532d41 53412e47 46472d50 4541424f 44592e43
4f4d301e 170d3132 30343131 30373431 33355a17 0d323230 34303930 37343133
355a305e 31143012 06035504 03130b47 46472d53 55532d41 53413146 301a0609
2a864886 f70d0109 08130d39 382e3130 302e3232 322e3738 30280609 2a864886
f70d0109 02161b47 46472d53 55532d41 53412e47 46472d50 4541424f 44592e43
4f4d3081 9f300d06 092a8648 86f70d01 01010500 03818d00 30818902 818100b4
aa6e27de fbf8492b 74ba91aa e0fd8361 e0e85a31 f95c380d 6e5f43ac a695a810
f50e893b 82b91870 a32f7e38 8f392607 7a69c814 36a71a9c 2dccca07 24fe7f88
0f3451ed c64e85fc 8359c87e 62ebf166 0a570ac5 f9f1c64b 262eca66 ea05ab65
78da1ac2 9867a115 b14a6ba1 cd82d04e 00fc6557 856f7c04 ab1b08a0 b9de8b02
03010001 a3633061 300f0603 551d1301 01ff0405 30030101 ff300e06 03551d0f
0101ff04 04030201 86301f06 03551d23 04183016 801430cf 97ef92bb 678e3ba3
0002069c 8130550a 2664301d 0603551d 0e041604 1430cf97 ef92bb67 8e3ba300
02069c81 30550a26 64300d06 092a8648 86f70d01 01050500 03818100 64c403bd
d75717ab 24383e77 63e10ba7 4fdef625 73c5a952 19ceecbd 75bd23ca 86dc0298
e6693a8a 2c7fb85f 096497a7 8d784ada a433ee0d d88e9219 f0615f3c 7814bf1c
5b4fe847 7d8894eb 18fe2da7 05f15ae9 bc2c17ec 3a7831ee f95d6ced 4799fba2
781c8228 48224843 dc07ebb5 d20abf2a b68cfa62 ac71a41b 1196a018
quit
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable outside client-services port 443
crypto ikev2 enable inside client-services port 443
crypto ikev2 remote-access trustpoint ASDM_TrustPoint0
crypto ikev1 policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet 192.168.2.0 255.255.255.0 inside
telnet 192.168.1.0 255.255.255.0 management
telnet timeout 20
ssh timeout 5
console timeout 0
management-access inside
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
threat-detection basic-threat
threat-detection statistics
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
ntp server 192.168.2.8 source inside prefer
ssl trust-point ASDM_TrustPoint0 inside
ssl trust-point ASDM_TrustPoint0 outside
webvpn
enable outside
enable inside
anyconnect-essentials
anyconnect image disk0:/anyconnect-win-3.0.5080-k9.pkg 1
anyconnect profiles VPN_client_profile disk0:/VPN_client_profile.xml
anyconnect enable
tunnel-group-list enable
group-policy DfltGrpPolicy attributes
vpn-tunnel-protocol ikev1 l2tp-ipsec
group-policy GroupPolicy_VPN internal
group-policy GroupPolicy_VPN attributes
wins-server value 192.168.2.8 192.168.2.9
dns-server value 192.168.2.8 192.168.2.9
vpn-filter value VPN_Split_Tunnel_List
vpn-tunnel-protocol ikev2 ssl-client
group-lock value VPN
split-tunnel-policy tunnelspecified
split-tunnel-network-list value VPN_Split_Tunnel_List
default-domain value MYDOMAIN.COM
webvpn
anyconnect profiles value VPN_client_profile type user
group-policy GroupPolicy-VPN-LAPTOP internal
group-policy GroupPolicy-VPN-LAPTOP attributes
wins-server value 192.168.2.8 192.168.2.9
dns-server value 192.168.2.8 192.168.2.9
vpn-filter value VPN_Split_Tunnel_List
vpn-tunnel-protocol ikev2
group-lock value VPN-LAPTOP
split-tunnel-policy tunnelspecified
split-tunnel-network-list value VPN_Split_Tunnel_List
default-domain value MYDOMAIN.COM
webvpn
anyconnect profiles value VPN_client_profile type user
tunnel-group VPN type remote-access
tunnel-group VPN general-attributes
authentication-server-group MYDOMAIN
default-group-policy GroupPolicy_VPN
dhcp-server 192.168.2.8
dhcp-server 192.168.2.9
dhcp-server 192.168.2.10
tunnel-group VPN webvpn-attributes
group-alias VPN enable
tunnel-group VPN-LAPTOP type remote-access
tunnel-group VPN-LAPTOP general-attributes
authentication-server-group MY-LDAP
default-group-policy GroupPolicy-VPN-LAPTOP
dhcp-server 192.168.2.8
dhcp-server 192.168.2.9
dhcp-server 192.168.2.10
tunnel-group VPN-LAPTOP webvpn-attributes
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
class class-default
user-statistics accounting
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
hpm topN enable
Cryptochecksum:951faceacf912d432fc228ecfcdffd3fHi ,
As per you config :
object network obj_any
nat (inside,outside) dynamic interface
object network Email
nat (inside,outside) static 10.10.10.74 service tcp smtp smtp
object network Webmail
nat (inside,outside) static 10.10.10.74 service tcp www www
object network WebmailSecure
nat (inside,outside) static 10.10.10.74 service tcp https https
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network inside-network
subnet 192.168.2.0 255.255.255.0
object network Email
host 192.168.2.7
object network Webmail
host 192.168.2.16
object network WebmailSecure
host 192.168.2.16
The flows from email server ( 192.168.2.7 ) , will be NATed to 10.10.10.74, only if the source port is TCP/25. Any other souce port will use the interface IP for NAT.
Are you saying that this is not happening ?
Dan -
Hello fellow engineers!
I have a puzzling situation implementing an Internet routing pilot project and I need someone with a fresh look at the matter because I cannot make-out what the problem is…
Scenario description:
2901 router with two (one used) DSL intf’s on board and its two GE ports connected to a switch via Port-Channel sub-int’f (router-on-a-stick is implemented). The router has two other WAN (Internet) connections via a Satelite link and a MetroEthernet link. These two are terminated on the switch on intf’s at the appropriate VLAN’s. At attached topology scheme I depict them all collocated on the router for “simplicity” (logical topology) since the router has intf’s at the corresponding networks. The aDSL and Metro links have an 8-IP public set, each.
Most servers/hosts utilize VLAN 10 (int port-channel 1.10) but they need to forward their internet traffic to corresponding Internet links so PBR is used. VLAN/subnet (all /24) pairs are:
VLAN 11 -> 10.0.1.x
VLAN 12 -> 10.0.2.x
VLAN 13 -> 10.0.3.x
VLAN 71 -> 192.168.17.x
VLAN 204 -> 172.16.204.x
and – last but not least ! – VLAN 10 -> 10.0.0.x
All servers use static 1-1 NAT while all other hosts/PC’s use the Metro link (PAT).
Situation: All PBR rules and static NAT’s of VLAN 10 behave as expected. So does the PAT for hosts of all other VLAN’s (11, 12, 13, …). The rest of the hosts of VLAN 10, i.e. PC’s with IP’s 10.0.0.x (in red), cannot get to the Internet !
What is puzzling is that traffic is matched (by ACL) and NAT does occur but all I see (via “sh ip nat tra”) are the translations of the DNS requests ! Nothing else ! To top that, tracerouting a public IP does lead to the target but when hitting that same public IP (not by name) on the browser can’t load the page !
Could pls someone spot what I’m missing !!
To help you I also attach the router config and some command outputs…
All help is appreciated.
Thanx
CostasThat last PBR statement
(route-map 10.0.0.X_hosts_PBR permit 70
description *** rest of 10.0.0.x net --> Oxygen ***
match ip address rest_of_10.0.0.x
set ip next-hop 212.251.64.153)
was not there in the first place - I got it there assuming it would help but it didn't. Actually - as mentioned - it does not get any hits !
(route-map 10.0.0.X_hosts_PBR, permit, sequence 255
Match clauses:
ip address (access-lists): rest_of_10.0.0.x
Set clauses:
ip next-hop 212.251.64.153
Policy routing matches: 0 packets, 0 bytes) -
I have an ASA configured with a server in our DMZ.
It is currently configured to be accessed via the internet on port 80. That works.
Now they want to initiate traffic from the DMZ to the internet.
I thought the static NAT would keep the IP. Its actually a No-nat.
We have registered IPs on the DMZ and wanted to use them for the internet.
I am seeing that when the server initiates communication to the internet it is picking up a global address from the global (outside) 1 x.x.230.1-x.x230.254.
Below is my current configuration.
(these first 2 lines allow access from outside to inside)
access-list acl_out extended permit tcp any host x.x.73.91 eq www
static (dmz1,outside) x.x.73.91 143.101.73.91 netmask 255.255.255.255
global (outside) 1 x.x.230.1-x.x.230.254
If i do a show xlate
it shows:
global x.x.73.91 local x.x.73.91
Which is why I thought I did not need to do anything to initiate from the dmz1 interface to outside!FW1(config)# sh run
: Saved
ASA Version 8.2(1)
hostname FW1
names
dns-guard
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address x.x.6.4 255.255.255.0
interface GigabitEthernet0/1
speed 100
duplex full
nameif inside
security-level 100
ip address 172.25.1.2 255.255.255.0
interface GigabitEthernet0/2
speed 100
duplex full
nameif dmz1
security-level 25
ip address x.x.0.5 255.255.255.0
interface GigabitEthernet0/3
speed 100
duplex full
nameif ServProv
security-level 50
ip address x.x.13.2 255.255.255.0
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
boot system disk0:/asa822-k8.bin
boot system disk0:/asa821-k8.bin
ftp mode passive
object-group icmp-type ICMP
icmp-object echo
icmp-object echo-reply
icmp-object unreachable
icmp-object time-exceeded
object-group network WEB-Servers
access-list acl_out extended permit tcp any host x.x.250.18 eq https
access-list acl_out extended permit tcp any host x.x.250.18 eq www
access-list acl_out extended permit tcp any host x.x.250.70 eq www
access-list acl_out extended permit udp any host x.x.112.2 eq domain
access-list acl_out extended permit tcp any host x.x.112.2 eq domain
access-list acl_out extended permit udp any host x.x.112.2 eq ntp
output - suppressed
access-list acl_dmz1 extended permit ip host x.x.75.90 172.24.28.0 255.255.255.0
access-list acl_dmz1 extended permit ip host x.x.75.91 172.24.28.0 255.255.255.0
access-list acl_dmz1 extended permit ip host x.x.75.90 172.24.73.0 255.255.255.0
access-list acl_dmz1 extended permit ip host x.x.75.91 172.24.73.0 255.255.255.0
access-list acl_dmz1 extended permit ip any 172.24.172.0 255.255.255.0
access-list acl_dmz1 extended permit ip any 172.24.17.0 255.255.255.0
access-list acl_dmz1 extended permit ip host x.x.250.18 172.24.21.0 255.255.255.0
access-list acl_dmz1 extended permit ip host x.x.250.18 172.24.28.0 255.255.255.0
access-list acl_dmz1 extended permit ip any host x.y.32.10
access-list acl_dmz1 extended permit ip any 172.24.20.0 255.255.255.0
access-list acl_dmz1 extended permit ip any 172.24.28.0 255.255.255.0
access-list acl_dmz1 extended permit ip any host 172.25.248.12
access-list acl_dmz1 extended permit ip x.x.125.0 255.255.255.0 10.11.17.0 255.255.255.0
access-list acl_dmz1 extended permit ip x.x.125.0 255.255.255.0 10.25.125.0 255.255.255.0
access-list acl_dmz1 extended permit ip x.x.130.0 255.255.255.0 10.25.125.0 255.255.255.0
access-list acl_dmz1 extended permit ip x.x.130.0 255.255.255.0 10.11.17.0 255.255.255.0
access-list acl_dmz1 extended permit tcp host x.x.75.142 host 172.24.76.76 eq 5000
access-list acl_dmz1 extended deny tcp any any eq 5000
access-list acl_dmz1 extended deny udp any any eq 1434
access-list acl_dmz1 extended deny udp any any eq 3127
access-list acl_dmz1 extended deny tcp any any eq 6346
access-list acl_dmz1 extended deny tcp any any eq 6699
access-list acl_dmz1 extended deny udp any any eq 1214
access-list acl_dmz1 extended deny ip any host 63.210.247.160
access-list acl_dmz1 extended deny ip any host 208.49.21.95
access-list acl_dmz1 extended deny ip any host 165.254.12.201
access-list acl_dmz1 extended deny ip any host 130.94.92.113
access-list acl_dmz1 extended deny ip any host 216.235.81.6
access-list acl_dmz1 extended deny ip any host 212.187.204.47
access-list acl_dmz1 extended deny ip any host 66.151.128.9
access-list acl_dmz1 extended deny ip any 64.124.45.0 255.255.255.0
access-list acl_dmz1 extended permit tcp any 172.24.0.0 255.255.0.0 eq 135
access-list acl_dmz1 extended permit tcp any 172.25.248.0 255.255.254.0
access-list acl_dmz1 extended permit tcp any 128.191.0.0 255.255.0.0 eq 135
access-list acl_dmz1 extended permit tcp any x.y.0.0 255.255.0.0 eq 135
access-list acl_dmz1 extended permit tcp any 157.123.0.0 255.255.0.0 eq 135
access-list acl_dmz1 extended permit tcp x.x.124.0 255.255.255.0 172.26.128.0 255.255.128.0
access-list acl_dmz1 extended permit tcp 172.16.64.0 255.255.255.0 172.26.128.0 255.255.128.0
access-list acl_dmz1 extended deny udp any any eq 135
access-list acl_dmz1 extended deny tcp any any eq 135
access-list acl_dmz1 extended deny udp any any eq 445
access-list acl_dmz1 extended deny tcp any any eq 138
access-list acl_dmz1 extended deny udp any any eq 139
access-list acl_dmz1 extended deny udp any any eq 2110
access-list acl_dmz1 extended deny tcp any any eq 2110
access-list acl_dmz1 extended deny tcp any any eq 3410
access-list acl_dmz1 extended permit tcp any host 172.24.20.60 eq smtp
access-list acl_dmz1 extended permit tcp host x.x.75.46 any eq smtp
access-list acl_dmz1 extended permit tcp host x.x.250.22 any eq smtp
access-list acl_dmz1 extended permit tcp host x.x.250.61 any eq smtp
access-list acl_dmz1 extended permit tcp host x.x.112.2 any eq smtp
access-list acl_dmz1 extended permit tcp host x.x.0.20 any eq smtp
access-list acl_dmz1 extended permit tcp host x.x.0.21 any eq smtp
access-list acl_dmz1 extended permit tcp host x.w.66.58 any eq smtp
access-list acl_dmz1 extended deny tcp any any eq 465
access-list acl_dmz1 extended permit tcp x.x.250.0 255.255.255.0 any eq smtp
access-list acl_dmz1 extended permit tcp x.x.129.0 255.255.255.0 host 172.25.144.5 eq smtp
access-list acl_dmz1 extended permit tcp x.x.129.0 255.255.255.0 host 172.25.145.5 eq smtp
access-list acl_dmz1 extended deny tcp any any eq smtp
access-list acl_dmz1 extended permit ip any any
access-list acl_dmz1 extended permit udp host x.x.157.12 any eq tftp
access-list acl_dmz1 extended permit tcp host x.x.157.12 any eq ftp
access-list acl_dmz1 extended permit tcp host x.x.157.12 any eq ftp-data
access-list acl_dmz1 extended permit ip any host x.x.24.62
access-list acl_dmz1 extended permit ip any 172.24.54.0 255.255.255.0
access-list acl_dmz1 extended permit ip any 172.24.21.0 255.255.255.0
access-list acl_dmz1 extended permit ip any 172.16.68.0 255.255.255.0
access-list acl_dmz1 extended permit ip host x.x.250.52 host 172.24.23.150
access-list acl_dmz1 extended permit icmp x.x.75.0 255.255.255.0 any echo
access-list acl_dmz1 extended permit icmp x.x.75.0 255.255.255.0 any echo-reply
access-list acl_dmz1 extended permit ip host x.x.75.90 host x.z.186.69
access-list acl_dmz1 extended permit ip 172.16.51.0 255.255.255.0 host 10.38.65.12
access-list acl_ServProv extended deny tcp any any eq 5000
access-list acl_ServProv extended deny tcp any any eq 465
access-list acl_ServProv extended permit tcp host x.x.159.56 172.24.130.0 255.255.254.0 eq 1044
access-list acl_ServProv extended permit tcp host x.x.159.56 172.24.132.0 255.255.254.0 eq 1044
access-list acl_ServProv extended permit tcp host x.x.159.56 172.24.130.0 255.255.254.0 eq 5690
access-list acl_ServProv extended permit tcp host x.x.159.56 172.24.132.0 255.255.254.0 eq 5690
access-list acl_in extended permit ip 172.24.20.0 255.255.255.0 any
access-list acl_in extended permit ip 172.24.17.0 255.255.255.0 any
access-list acl_in extended permit ip 172.24.172.0 255.255.255.0 any
access-list acl_in extended permit ip 172.24.28.0 255.255.255.0 any
access-list acl_in extended permit ip 172.24.35.0 255.255.255.0 x.x.200.0 255.255.255.0
access-list acl_in extended permit ip 172.24.35.0 255.255.255.0 172.16.53.0 255.255.255.0
access-list acl_in extended permit ip 172.24.73.0 255.255.255.0 any
access-list acl_in extended permit ip host x.y.32.10 any
access-list acl_in extended permit ip host 172.24.114.91 any
access-list acl_in extended permit tcp any host x.x.159.54 eq https
access-list acl_in extended permit tcp any host x.x.159.54 eq www
access-list acl_in extended permit udp any host x.x.159.54 eq 1935
access-list acl_in extended permit tcp any host x.x.159.54 eq 1935
access-list acl_in extended permit tcp any host x.x.159.50 eq 1434
access-list acl_in extended permit udp any host x.x.159.50 eq 1434
access-list acl_in extended permit udp 172.24.142.0 255.255.255.0 host x.x.159.55 eq 1434
access-list acl_in extended permit udp 172.24.142.0 255.255.255.0 host x.x.159.53 eq 1434
access-list acl_in extended permit udp 172.24.142.0 255.255.255.0 host x.x.159.52 eq 1434
access-list acl_in extended permit udp 172.24.142.0 255.255.255.0 host x.x.159.51 eq 1434
access-list acl_in extended permit tcp any host x.x.157.110 eq 1434
access-list acl_in extended permit udp any host x.x.157.110 eq 1434
access-list acl_in extended deny ip host 172.24.75.50 any
access-list acl_in extended deny ip host 172.24.21.51 any
access-list acl_in extended deny ip host 172.24.21.53 any
access-list acl_in extended deny ip host x.w.80.218 any
access-list acl_in extended deny ip host x.w.176.4 any
access-list acl_in extended deny ip host x.w.40.54 any
access-list acl_in extended deny ip host x.w.47.151 any
access-list acl_in extended deny udp any any eq tftp
access-list acl_in extended deny tcp any any eq 6346
access-list acl_in extended deny tcp any any eq 6699
access-list acl_in extended deny udp any any eq 1434
access-list acl_in extended deny ip any host x.x.128.9
access-list acl_in extended deny tcp any any eq 8998
access-list acl_in extended deny udp any any eq 8998
access-list acl_in extended deny tcp any any eq 17300
access-list acl_in extended deny udp any any eq 17300
access-list acl_in extended deny tcp any any eq 27374
access-list acl_in extended deny udp any any eq 27374
access-list acl_in extended deny udp any any eq 3127
access-list acl_in extended deny tcp any any eq 5000
access-list acl_in extended deny tcp any any eq 3410
access-list acl_in extended permit tcp x.x.0.0 255.255.0.0 any eq 1025
access-list acl_in extended deny tcp any any range 6881 6999
access-list acl_in extended permit tcp host x.w.66.68 any eq 1025
access-list acl_in extended deny tcp any any eq 1025
access-list acl_in extended permit ip any any
access-list acl_in extended permit tcp any host x.x.250.39 eq 5222
access-list acl_in extended permit ip any 172.24.54.0 255.255.255.0
access-list acl_in extended permit ip any 172.24.21.0 255.255.255.0
access-list acl_in extended permit ip any 172.16.68.0 255.255.255.0
access-list acl_in extended permit tcp 172.24.142.0 255.255.255.0 host x.x.159.51 eq 8002
access-list acl_in extended permit ip host x.x.250.18 172.24.21.0 255.255.255.0
pager lines 24
logging enable
logging timestamp
logging buffered warnings
logging trap warnings
logging history errors
logging asdm errors
logging from-address [email protected]
logging recipient-address [email protected] level emergencies
logging facility 23
logging queue 2056
logging host inside 172.24.20.73
mtu outside 1500
mtu inside 1500
mtu dmz1 1500
mtu ServProv 1500
mtu management 1500
ip verify reverse-path interface outside
ip verify reverse-path interface inside
ip verify reverse-path interface dmz1
ip verify reverse-path interface ServProv
ip audit name Out-attack attack action drop reset
ip audit name In-attack attack action drop reset
ip audit name dmz-attack attack action drop reset
ip audit name ServProv-attack attack action drop reset
ip audit interface outside Out-attack
ip audit interface inside In-attack
ip audit interface dmz1 dmz-attack
ip audit interface ServProv ServProv-attack
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-621.bin
no asdm history enable
arp timeout 14400
nat-control
global (outside) 1 x.x.230.1-x.x.230.254
global (outside) 1 x.x.231.1-x.x.231.254
global (outside) 2 x.x.243.1-x.x.243.254
global (outside) 3 x.x.241.1-x.x.241.20
global (dmz1) 1 x.x.242.1-x.x.242.254
global (ServProv) 2 x.x.244.1-x.x.244.254
nat (inside) 1 0.0.0.0 0.0.0.0 tcp 22000 0
nat (dmz1) 1 0.0.0.0 0.0.0.0 tcp 28000 0
nat (ServProv) 2 0.0.0.0 0.0.0.0 tcp 500 0
static (dmz1,outside) x.x.0.0 x.x.0.0 netmask 255.255.255.0
static (dmz1,outside) x.x.147.12 x.x.147.12 netmask 255.255.255.255
static (dmz1,outside) x.x.147.13 x.x.147.13 netmask 255.255.255.255
static (dmz1,outside) x.x.147.52 x.x.147.52 netmask 255.255.255.255
static (dmz1,outside) x.x.147.53 x.x.147.53 netmask 255.255.255.255
static (dmz1,outside) x.x.147.54 x.x.147.54 netmask 255.255.255.255
static (dmz1,outside) x.x.147.55 x.x.147.55 netmask 255.255.255.255
static (dmz1,outside) x.x.147.101 x.x.147.101 netmask 255.255.255.255
static (dmz1,outside) x.x.250.20 x.x.250.20 netmask 255.255.255.255
static (dmz1,outside) x.x.250.21 x.x.250.21 netmask 255.255.255.255
static (dmz1,outside) x.x.250.23 x.x.250.23 netmask 255.255.255.255
static (dmz1,outside) x.x.250.25 x.x.250.25 netmask 255.255.255.255
static (dmz1,outside) x.x.250.26 x.x.250.26 netmask 255.255.255.255
static (dmz1,outside) x.x.250.27 x.x.250.27 netmask 255.255.255.255
static (dmz1,outside) x.x.250.30 x.x.250.30 netmask 255.255.255.255
static (dmz1,outside) x.x.250.42 x.x.250.42 netmask 255.255.255.255
static (dmz1,outside) x.x.250.48 x.x.250.48 netmask 255.255.255.255
static (dmz1,outside) x.x.250.49 x.x.250.49 netmask 255.255.255.255
static (dmz1,outside) x.x.250.54 x.x.250.54 netmask 255.255.255.255
static (dmz1,outside) x.x.250.59 x.x.250.59 netmask 255.255.255.255
static (dmz1,outside) x.x.250.67 x.x.250.67 netmask 255.255.255.255
static (dmz1,outside) x.x.250.77 x.x.250.77 netmask 255.255.255.255
static (dmz1,outside) x.x.250.120 x.x.250.120 netmask 255.255.255.255
static (dmz1,outside) x.x.250.211 x.x.250.211 netmask 255.255.255.255
static (dmz1,outside) x.x.250.212 x.x.250.212 netmask 255.255.255.255
static (dmz1,outside) x.x.250.5 x.x.250.5 netmask 255.255.255.255
static (dmz1,outside) x.w.66.10 x.w.66.10 netmask 255.255.255.255
static (dmz1,outside) x.w.66.20 x.w.66.20 netmask 255.255.255.255
static (dmz1,outside) x.w.66.30 x.w.66.30 netmask 255.255.255.255
static (dmz1,outside) x.w.66.31 x.w.66.31 netmask 255.255.255.255
static (dmz1,outside) x.w.66.50 x.w.66.50 netmask 255.255.255.255
static (dmz1,outside) x.w.66.60 x.w.66.60 netmask 255.255.255.255
static (dmz1,outside) x.x.75.105 x.x.75.105 netmask 255.255.255.255
static (dmz1,outside) x.x.75.11 x.x.75.11 netmask 255.255.255.255
static (dmz1,outside) x.x.75.107 x.x.75.107 netmask 255.255.255.255
static (dmz1,outside) x.x.75.109 x.x.75.109 netmask 255.255.255.255
static (dmz1,outside) x.x.75.110 x.x.75.110 netmask 255.255.255.255
static (dmz1,outside) x.x.75.112 x.x.75.112 netmask 255.255.255.255
static (dmz1,outside) x.x.75.114 x.x.75.114 netmask 255.255.255.255
static (dmz1,outside) x.x.75.12 x.x.75.12 netmask 255.255.255.255
static (dmz1,outside) x.x.75.13 x.x.75.13 netmask 255.255.255.255
static (dmz1,outside) x.x.75.14 x.x.75.14 netmask 255.255.255.255
static (dmz1,outside) x.x.75.15 x.x.75.15 netmask 255.255.255.255
static (dmz1,outside) x.x.75.16 x.x.75.16 netmask 255.255.255.255
static (dmz1,outside) x.x.75.17 x.x.75.17 netmask 255.255.255.255
static (dmz1,outside) x.x.75.18 x.x.75.18 netmask 255.255.255.255
static (dmz1,outside) x.x.75.29 x.x.75.29 netmask 255.255.255.255
static (dmz1,outside) x.x.75.30 x.x.75.30 netmask 255.255.255.255
static (dmz1,outside) x.x.75.19 x.x.75.19 netmask 255.255.255.255
static (dmz1,outside) x.x.75.20 x.x.75.20 netmask 255.255.255.255
static (dmz1,outside) x.x.73.50 x.x.73.50 netmask 255.255.255.255
static (dmz1,outside) x.x.73.51 x.x.73.51 netmask 255.255.255.255
static (inside,dmz1) x.y.0.0 x.y.0.0 netmask 255.255.0.0
static (inside,dmz1) 198.170.2.0 198.170.2.0 netmask 255.255.255.0
static (inside,dmz1) x.x.30.0 x.x.30.0 netmask 255.255.255.0
static (inside,dmz1) 192.216.80.0 192.216.80.0 netmask 255.255.255.0
<--- More --->
static (inside,dmz1) x.x.146.0 x.x.146.0 netmask 255.255.255.0
static (inside,dmz1) x.x.224.0 x.x.224.0 netmask 255.255.255.0
static (inside,dmz1) x.x.44.0 x.x.44.0 netmask 255.255.255.0
static (inside,dmz1) x.x.86.0 x.x.86.0 netmask 255.255.255.0
static (inside,dmz1) x.x.145.0 x.x.145.0 netmask 255.255.255.0
static (inside,dmz1) x.x.130.0 x.x.130.0 netmask 255.255.255.0
static (inside,dmz1) 198.170.1.0 198.170.1.0 netmask 255.255.255.0
static (inside,dmz1) x.w.40.0 x.w.40.0 netmask 255.255.255.0
static (dmz1,outside) x.x.73.55 x.x.73.55 netmask 255.255.255.255
static (dmz1,outside) x.x.112.2 x.x.112.2 netmask 255.255.255.255
static (dmz1,outside) x.x.112.3 x.x.112.3 netmask 255.255.255.255
static (dmz1,outside) x.x.112.7 x.x.112.7 netmask 255.255.255.255
static (dmz1,outside) x.x.112.21 x.x.112.21 netmask 255.255.255.255
static (dmz1,outside) x.x.112.30 x.x.112.30 netmask 255.255.255.255
static (dmz1,outside) x.x.112.35 x.x.112.35 netmask 255.255.255.255
static (dmz1,outside) x.x.112.36 x.x.112.36 netmask 255.255.255.255
static (dmz1,outside) x.x.112.50 x.x.112.50 netmask 255.255.255.255
static (dmz1,outside) x.x.10.100 x.x.10.100 netmask 255.255.255.255
static (inside,dmz1) x.x.36.0 x.x.36.0 netmask 255.255.255.0
static (inside,dmz1) x.w.162.0 x.w.162.0 netmask 255.255.255.0
static (inside,dmz1) x.w.152.0 x.w.152.0 netmask 255.255.255.0
static (inside,dmz1) x.w.16.0 x.w.16.0 netmask 255.255.255.0
static (inside,dmz1) x.w.223.0 x.w.223.0 netmask 255.255.255.0
static (inside,dmz1) x.w.232.0 x.w.232.0 netmask 255.255.255.0
static (inside,dmz1) x.w.240.0 x.w.240.0 netmask 255.255.255.0
static (inside,dmz1) x.w.200.0 x.w.200.0 netmask 255.255.255.0
static (inside,dmz1) x.w.138.0 x.w.138.0 netmask 255.255.255.0
static (inside,dmz1) x.w.80.0 x.w.80.0 netmask 255.255.255.0
static (inside,dmz1) x.w.204.0 x.w.204.0 netmask 255.255.255.0
static (inside,dmz1) x.w.136.0 x.w.136.0 netmask 255.255.255.0
static (inside,dmz1) x.w.48.0 x.w.48.0 netmask 255.255.255.0
static (inside,dmz1) x.w.28.0 x.w.28.0 netmask 255.255.255.0
static (inside,dmz1) x.w.72.0 x.w.72.0 netmask 255.255.255.0
static (inside,dmz1) x.w.104.0 x.w.104.0 netmask 255.255.255.0
static (inside,dmz1) x.w.112.0 x.w.112.0 netmask 255.255.255.0
static (inside,dmz1) x.w.132.0 x.w.132.0 netmask 255.255.255.0
static (inside,dmz1) x.w.144.0 x.w.144.0 netmask 255.255.255.0
static (inside,dmz1) x.w.146.0 x.w.146.0 netmask 255.255.255.0
static (inside,dmz1) x.w.47.0 x.w.47.0 netmask 255.255.255.0
static (inside,dmz1) x.w.176.0 x.w.176.0 netmask 255.255.255.0
static (inside,dmz1) x.w.116.0 x.w.116.0 netmask 255.255.255.0
static (inside,dmz1) 172.25.0.0 172.25.0.0 netmask 255.255.0.0
static (inside,ServProv) 172.24.112.0 172.24.112.0 netmask 255.255.255.0
static (inside,ServProv) 172.24.113.0 172.24.113.0 netmask 255.255.255.0
static (inside,dmz1) 172.24.21.0 172.24.21.0 netmask 255.255.255.0
static (inside,ServProv) 172.24.21.0 172.24.21.0 netmask 255.255.255.0
static (inside,dmz1) 172.24.20.0 172.24.20.0 netmask 255.255.255.0
static (inside,dmz1) 172.24.32.0 172.24.32.0 netmask 255.255.224.0
static (inside,dmz1) 172.24.96.0 172.24.96.0 netmask 255.255.224.0
static (inside,ServProv) 172.24.232.0 172.24.232.0 netmask 255.255.255.0
static (inside,dmz1) 172.24.128.0 172.24.128.0 netmask 255.255.224.0
static (inside,dmz1) 172.24.160.0 172.24.160.0 netmask 255.255.224.0
static (inside,dmz1) 172.24.192.0 172.24.192.0 netmask 255.255.224.0
static (inside,dmz1) 172.24.224.0 172.24.224.0 netmask 255.255.224.0
static (inside,dmz1) 172.24.64.0 172.24.64.0 netmask 255.255.224.0
static (inside,dmz1) 172.24.25.0 172.24.25.0 netmask 255.255.255.0
static (inside,ServProv) 172.24.233.0 172.24.233.0 netmask 255.255.255.0
static (inside,ServProv) 172.24.20.0 172.24.20.0 netmask 255.255.255.0
static (inside,dmz1) 172.24.18.0 172.24.18.0 netmask 255.255.255.0
static (ServProv,dmz1) x.x.149.0 x.x.149.0 netmask 255.255.255.0
static (inside,dmz1) 10.0.0.0 10.0.0.0 netmask 255.0.0.0
static (dmz1,outside) x.x.147.51 x.x.147.51 netmask 255.255.255.255
static (inside,ServProv) 147.76.0.0 147.76.0.0 netmask 255.255.0.0
static (dmz1,outside) x.w.66.51 x.w.66.51 netmask 255.255.255.255
static (dmz1,outside) x.x.73.40 x.x.73.40 netmask 255.255.255.255
static (dmz1,outside) x.x.73.30 x.x.73.30 netmask 255.255.255.255
static (inside,dmz1) x.x.94.0 x.x.94.0 netmask 255.255.255.0
static (inside,dmz1) x.w.105.0 x.w.105.0 netmask 255.255.255.0
static (inside,dmz1) x.w.120.0 x.w.120.0 netmask 255.255.255.0
static (dmz1,outside) x.x.147.240 x.x.147.60 netmask 255.255.255.255
static (dmz1,outside) x.w.106.50 x.w.106.50 netmask 255.255.255.255
static (ServProv,dmz1) x.x.13.1 x.x.13.1 netmask 255.255.255.255
static (dmz1,outside) x.x.147.66 x.x.147.66 netmask 255.255.255.255
static (dmz1,outside) x.x.250.105 x.x.250.105 netmask 255.255.255.255
static (inside,dmz1) x.x.35.0 x.x.35.0 netmask 255.255.255.0
static (inside,dmz1) x.w.125.0 x.w.125.0 netmask 255.255.255.0
static (dmz1,outside) x.x.73.57 x.x.73.57 netmask 255.255.255.255
static (dmz1,outside) x.x.147.81 x.x.147.81 netmask 255.255.255.255
static (dmz1,outside) x.x.147.91 x.x.147.91 netmask 255.255.255.255
static (inside,dmz1) 157.123.160.0 157.123.160.0 netmask 255.255.252.0
static (inside,dmz1) 157.123.96.0 157.123.96.0 netmask 255.255.240.0
static (inside,dmz1) 157.123.136.0 157.123.136.0 netmask 255.255.252.0
static (inside,dmz1) 157.123.121.0 157.123.121.0 netmask 255.255.255.0
static (dmz1,outside) x.w.66.13 x.w.66.13 netmask 255.255.255.255
static (dmz1,outside) x.w.66.14 x.w.66.14 netmask 255.255.255.255
static (dmz1,outside) x.w.66.15 x.w.66.15 netmask 255.255.255.255
static (inside,dmz1) 172.24.6.0 172.24.6.0 netmask 255.255.255.0
static (inside,dmz1) 172.24.8.0 172.24.8.0 netmask 255.255.255.0
static (inside,dmz1) 172.24.4.0 172.24.4.0 netmask 255.255.255.0
static (inside,dmz1) 172.24.153.0 172.24.153.0 netmask 255.255.255.0
static (inside,dmz1) x.x.37.0 x.x.37.0 netmask 255.255.255.0
static (inside,dmz1) x.w.161.0 x.w.161.0 netmask 255.255.255.0
static (dmz1,outside) x.x.250.200 x.x.250.200 netmask 255.255.255.255
static (dmz1,outside) x.x.147.57 x.x.147.57 netmask 255.255.255.255
static (dmz1,outside) x.x.147.56 x.x.147.56 netmask 255.255.255.255
static (dmz1,outside) x.x.250.71 x.x.250.71 netmask 255.255.255.255
static (dmz1,outside) x.x.75.254 x.x.75.254 netmask 255.255.255.255
static (dmz1,outside) x.x.13.100 x.x.13.100 netmask 255.255.255.255
static (dmz1,outside) x.x.73.200 x.x.73.200 netmask 255.255.255.255
static (dmz1,outside) x.x.75.250 x.x.75.250 netmask 255.255.255.255
static (dmz1,outside) x.x.75.251 x.x.75.251 netmask 255.255.255.255
static (dmz1,outside) x.x.75.252 x.x.75.252 netmask 255.255.255.255
static (inside,dmz1) 172.24.17.100 172.24.17.100 netmask 255.255.255.255
static (inside,dmz1) 172.24.17.110 172.24.17.110 netmask 255.255.255.255
static (inside,dmz1) 203.127.246.0 203.127.246.0 netmask 255.255.255.0
static (dmz1,outside) x.x.92.0 x.x.92.0 netmask 255.255.255.0
static (dmz1,outside) x.x.250.221 x.x.250.221 netmask 255.255.255.255
static (dmz1,outside) x.x.250.222 x.x.250.222 netmask 255.255.255.255
static (inside,dmz1) 1x.15.200.0 1x.15.200.0 netmask 255.255.255.0
static (inside,dmz1) 1x.15.108.0 1x.15.108.0 netmask 255.255.255.0
static (inside,dmz1) 1x.191.172.0 1x.191.172.0 netmask 255.255.252.0
static (inside,dmz1) 172.28.4.0 172.28.4.0 netmask 255.255.255.0
static (dmz1,outside) x.x.75.35 x.x.75.35 netmask 255.255.255.255
static (inside,dmz1) 172.24.17.200 172.24.17.200 netmask 255.255.255.255
static (dmz1,outside) x.x.5.140 x.x.5.140 netmask 255.255.255.255
static (dmz1,outside) x.w.66.41 x.w.66.41 netmask 255.255.255.255
static (dmz1,outside) x.x.250.103 x.x.250.103 netmask 255.255.255.255
static (inside,dmz1) 172.24.17.51 172.24.17.51 netmask 255.255.255.255
static (dmz1,outside) x.x.75.121 x.x.75.121 netmask 255.255.255.255
static (dmz1,outside) x.x.147.83 x.x.147.83 netmask 255.255.255.255
static (inside,dmz1) x.x.1.250 x.x.1.250 netmask 255.255.255.255
static (dmz1,outside) x.x.147.15 x.x.147.15 netmask 255.255.255.255
static (inside,dmz1) 1x.15.110.1 1x.15.110.1 netmask 255.255.255.255
static (ServProv,dmz1) x.x.120.0 x.x.120.0 netmask 255.255.255.0
static (ServProv,dmz1) x.x.10.0 x.x.10.0 netmask 255.255.255.0
static (inside,ServProv) 172.24.17.0 172.24.17.0 netmask 255.255.255.0
static (dmz1,outside) x.x.176.17 x.x.176.17 netmask 255.255.255.255
static (dmz1,outside) x.x.176.15 x.x.176.15 netmask 255.255.255.255
static (dmz1,outside) x.x.250.113 x.x.250.113 netmask 255.255.255.255
static (ServProv,dmz1) x.x.154.0 x.x.154.0 netmask 255.255.255.0
static (dmz1,outside) x.x.250.56 x.x.250.56 netmask 255.255.255.255
static (dmz1,outside) x.x.250.61 x.x.250.61 netmask 255.255.255.255
static (dmz1,outside) x.x.250.60 x.x.250.60 netmask 255.255.255.255
static (dmz1,outside) x.x.250.58 x.x.250.58 netmask 255.255.255.255
static (dmz1,outside) x.x.250.57 x.x.250.57 netmask 255.255.255.255
static (inside,dmz1) 172.28.203.1 172.28.203.1 netmask 255.255.255.255
static (inside,dmz1) 172.28.203.2 172.28.203.2 netmask 255.255.255.255
static (inside,dmz1) 172.28.203.3 172.28.203.3 netmask 255.255.255.255
static (inside,dmz1) 172.28.203.4 172.28.203.4 netmask 255.255.255.255
static (dmz1,outside) x.x.95.20 x.x.95.20 netmask 255.255.255.255
static (dmz1,outside) x.x.95.21 x.x.95.21 netmask 255.255.255.255
static (dmz1,outside) x.x.250.191 x.x.250.191 netmask 255.255.255.255
static (inside,dmz1) 172.24.27.31 172.24.27.31 netmask 255.255.255.255
static (inside,dmz1) 172.24.27.19 172.24.27.19 netmask 255.255.255.255
static (inside,dmz1) 172.24.27.20 172.24.27.20 netmask 255.255.255.255
static (inside,dmz1) 172.24.27.22 172.24.27.22 netmask 255.255.255.255
static (inside,dmz1) 172.24.27.64 172.24.27.64 netmask 255.255.255.192
static (inside,dmz1) 172.24.27.128 172.24.27.128 netmask 255.255.255.128
static (inside,dmz1) 172.24.27.30 172.24.27.30 netmask 255.255.255.255
static (inside,dmz1) 172.24.27.15 172.24.27.15 netmask 255.255.255.255
static (inside,dmz1) 172.24.27.11 172.24.27.11 netmask 255.255.255.255
static (inside,dmz1) 172.24.27.10 172.24.27.10 netmask 255.255.255.255
static (inside,dmz1) 172.24.17.21 172.24.17.21 netmask 255.255.255.255
static (inside,dmz1) 192.168.106.0 192.168.106.0 netmask 255.255.255.0
static (dmz1,outside) x.x.250.69 x.x.250.69 netmask 255.255.255.255
static (inside,dmz1) 172.24.17.30 172.24.17.30 netmask 255.255.255.255
static (inside,dmz1) 128.191.160.0 128.191.160.0 netmask 255.255.252.0
static (inside,dmz1) 128.191.140.0 128.191.140.0 netmask 255.255.252.0
static (inside,dmz1) 172.24.27.32 172.24.27.32 netmask 255.255.255.224
static (dmz1,outside) x.x.147.58 x.x.147.58 netmask 255.255.255.255
static (inside,dmz1) 172.24.27.254 172.24.27.254 netmask 255.255.255.255
static (inside,ServProv) 172.24.27.254 172.24.27.254 netmask 255.255.255.255
static (dmz1,outside) x.x.147.84 x.x.147.84 netmask 255.255.255.255
static (dmz1,outside) x.x.176.76 x.x.176.76 netmask 255.255.255.255
static (ServProv,outside) x.x.120.144 x.x.120.144 netmask 255.255.255.240
static (ServProv,outside) x.x.120.160 x.x.120.160 netmask 255.255.255.240
static (ServProv,outside) x.x.120.192 x.x.120.192 netmask 255.255.255.224
static (ServProv,outside) x.x.120.224 x.x.120.224 netmask 255.255.255.240
static (ServProv,outside) x.x.120.252 x.x.120.252 netmask 255.255.255.255
static (inside,ServProv) 172.24.27.10 172.24.27.10 netmask 255.255.255.255
static (inside,dmz1) 203.127.254.7 203.127.254.7 netmask 255.255.255.255
static (dmz1,outside) x.x.112.5 x.x.112.5 netmask 255.255.255.255
static (dmz1,outside) x.x.112.4 x.x.112.4 netmask 255.255.255.255
static (dmz1,outside) x.x.75.122 x.x.75.122 netmask 255.255.255.255
static (inside,ServProv) 172.24.114.0 172.24.114.0 netmask 255.255.255.0
static (dmz1,outside) x.x.75.25 x.x.75.25 netmask 255.255.255.255
static (inside,dmz1) 172.24.27.13 172.24.27.13 netmask 255.255.255.255
static (ServProv,outside) x.x.120.0 x.x.120.0 netmask 255.255.255.128
static (inside,dmz1) 172.24.27.0 172.24.27.0 netmask 255.255.255.0
static (dmz1,outside) x.x.250.100 x.x.250.100 netmask 255.255.255.255
static (dmz1,outside) x.x.250.197 x.x.250.197 netmask 255.255.255.255
static (dmz1,outside) x.x.250.193 x.x.250.193 netmask 255.255.255.255
static (dmz1,outside) x.x.250.196 x.x.250.196 netmask 255.255.255.255
static (dmz1,outside) x.w.66.53 x.w.66.53 netmask 255.255.255.255
static (inside,dmz1) x.x.82.0 x.x.82.0 netmask 255.255.255.0
static (inside,dmz1) x.w.222.0 x.w.222.0 netmask 255.255.255.0
static (inside,ServProv) 172.24.27.11 172.24.27.11 netmask 255.255.255.255
static (inside,dmz1) 192.168.100.0 192.168.100.0 netmask 255.255.255.0
static (inside,dmz1) 192.168.101.0 192.168.101.0 netmask 255.255.255.0
static (inside,dmz1) x.x.99.0 x.x.99.0 netmask 255.255.255.0
static (dmz1,outside) x.x.229.67 x.x.147.67 netmask 255.255.255.255
static (dmz1,outside) x.x.10.196 x.x.10.196 netmask 255.255.255.255
static (inside,dmz1) x.w.102.0 x.w.102.0 netmask 255.255.255.0
static (dmz1,outside) x.x.75.115 x.x.75.115 netmask 255.255.255.255
static (ServProv,outside) x.x.10.196 x.x.10.196 netmask 255.255.255.255
static (inside,dmz1) 1x.1x.137.0 1x.1x.137.0 netmask 255.255.255.0
static (dmz1,outside) x.x.250.11 x.x.250.11 netmask 255.255.255.255
static (dmz1,outside) x.x.75.47 x.x.75.47 netmask 255.255.255.255
static (dmz1,outside) x.x.75.42 x.x.75.42 netmask 255.255.255.255
static (inside,ServProv) 172.24.27.20 172.24.27.20 netmask 255.255.255.255
static (inside,dmz1) 172.24.22.0 172.24.22.0 netmask 255.255.255.0
static (inside,ServProv) 172.24.22.0 172.24.22.0 netmask 255.255.255.0
static (dmz1,outside) x.x.75.50 x.x.75.50 netmask 255.255.255.255
static (inside,ServProv) 172.24.172.0 172.24.172.0 netmask 255.255.255.0
static (inside,ServProv) x.x.35.0 x.x.35.0 netmask 255.255.255.0
static (inside,ServProv) 172.24.160.0 172.24.160.0 netmask 255.255.255.0
static (inside,ServProv) 172.24.215.0 172.24.215.0 netmask 255.255.255.0
static (dmz1,outside) x.x.176.45 x.x.176.45 netmask 255.255.255.255
static (inside,ServProv) 172.24.25.0 172.24.25.0 netmask 255.255.255.0
static (ServProv,dmz1) x.x.13.10 x.x.13.10 netmask 255.255.255.255
static (ServProv,dmz1) x.x.13.20 x.x.13.20 netmask 255.255.255.255
static (ServProv,dmz1) x.x.164.0 x.x.164.0 netmask 255.255.255.0
static (inside,ServProv) 172.24.142.0 172.24.142.0 netmask 255.255.255.0
static (inside,ServProv) 172.24.72.0 172.24.72.0 netmask 255.255.255.0
static (dmz1,outside) x.x.250.202 x.x.250.202 netmask 255.255.255.255
static (dmz1,outside) x.x.112.112 x.x.112.112 netmask 255.255.255.255
static (inside,ServProv) 172.24.54.0 172.24.54.0 netmask 255.255.255.0
static (inside,ServProv) 172.24.161.0 172.24.161.0 netmask 255.255.255.0
static (dmz1,outside) x.w.66.100 x.w.66.100 netmask 255.255.255.255
static (dmz1,outside) x.x.75.150 x.x.75.150 netmask 255.255.255.255
static (dmz1,outside) x.x.75.152 x.x.75.152 netmask 255.255.255.255
static (dmz1,outside) x.x.75.153 x.x.75.153 netmask 255.255.255.255
static (dmz1,outside) x.x.75.154 x.x.75.154 netmask 255.255.255.255
static (inside,dmz1) 172.24.28.0 172.24.28.0 netmask 255.255.255.0
static (inside,dmz1) 172.26.144.0 172.26.144.0 netmask 255.255.240.0
static (inside,dmz1) 172.26.160.0 172.26.160.0 netmask 255.255.240.0
static (dmz1,outside) x.x.75.140 x.x.75.140 netmask 255.255.255.255
static (dmz1,outside) x.x.75.141 x.x.75.141 netmask 255.255.255.255
static (dmz1,outside) x.x.75.142 x.x.75.142 netmask 255.255.255.255
static (dmz1,outside) x.x.250.180 x.x.250.180 netmask 255.255.255.255
static (dmz1,outside) x.x.250.115 x.x.250.115 netmask 255.255.255.255
static (ServProv,outside) x.x.119.0 x.x.119.0 netmask 255.255.255.224
static (ServProv,dmz1) x.x.119.0 x.x.119.0 netmask 255.255.255.224
static (inside,ServProv) 172.24.134.0 172.24.134.0 netmask 255.255.255.0
static (dmz1,outside) x.x.250.190 x.x.250.190 netmask 255.255.255.255
static (dmz1,outside) x.x.250.95 x.x.250.95 netmask 255.255.255.255
static (inside,dmz1) 172.24.23.0 172.24.23.0 netmask 255.255.255.0
static (dmz1,outside) x.x.250.82 x.x.250.82 netmask 255.255.255.255
static (dmz1,outside) x.x.250.83 x.x.250.83 netmask 255.255.255.255
static (inside,dmz1) 172.24.17.40 172.24.17.40 netmask 255.255.255.255
static (dmz1,outside) x.x.250.84 x.x.250.84 netmask 255.255.255.255
static (dmz1,outside) x.x.250.85 x.x.250.85 netmask 255.255.255.255
static (inside,dmz1) 172.24.24.0 172.24.24.0 netmask 255.255.255.0
static (dmz1,outside) x.x.250.90 x.x.250.90 netmask 255.255.255.255
static (inside,ServProv) 172.25.74.0 172.25.74.0 netmask 255.255.255.0
static (dmz1,outside) x.x.250.80 x.x.250.80 netmask 255.255.255.255
static (dmz1,outside) x.x.250.81 x.x.250.81 netmask 255.255.255.255
static (dmz1,outside) x.x.250.93 x.x.250.93 netmask 255.255.255.255
static (dmz1,outside) x.x.250.65 x.x.250.65 netmask 255.255.255.255
static (dmz1,outside) x.x.250.101 x.x.250.101 netmask 255.255.255.255
static (ServProv,dmz1) x.x.156.0 x.x.156.0 netmask 255.255.255.0
static (inside,ServProv) 172.24.150.0 172.24.150.0 netmask 255.255.255.0
static (dmz1,outside) x.x.250.140 x.x.250.140 netmask 255.255.255.255
static (dmz1,outside) x.x.250.141 x.x.250.141 netmask 255.255.255.255
static (dmz1,outside) x.x.69.15 x.x.69.15 netmask 255.255.255.255
static (dmz1,outside) x.x.75.156 x.x.75.156 netmask 255.255.255.255
static (inside,ServProv) 172.24.24.0 172.24.24.0 netmask 255.255.255.0
static (dmz1,outside) x.x.75.157 x.x.75.157 netmask 255.255.255.255
static (dmz1,outside) x.x.250.86 x.x.250.86 netmask 255.255.255.255
static (dmz1,outside) x.x.250.87 x.x.250.87 netmask 255.255.255.255
static (inside,dmz1) 147.76.204.58 147.76.204.58 netmask 255.255.255.255
static (dmz1,outside) x.x.75.161 x.x.75.161 netmask 255.255.255.255
static (inside,dmz1) 172.24.17.41 172.24.17.41 netmask 255.255.255.255
static (inside,dmz1) 172.24.17.31 172.24.17.31 netmask 255.255.255.255
static (dmz1,outside) x.x.75.32 x.x.75.32 netmask 255.255.255.255
static (inside,ServProv) 172.26.168.0 172.26.168.0 netmask 255.255.254.0
static (dmz1,outside) x.x.75.60 x.x.75.60 netmask 255.255.255.255
static (inside,dmz1) 172.24.75.0 172.24.75.0 netmask 255.255.255.0
static (dmz1,outside) x.x.75.158 x.x.75.158 netmask 255.255.255.255
static (dmz1,outside) x.x.250.192 x.x.250.192 netmask 255.255.255.255
static (dmz1,outside) x.x.75.80 x.x.75.80 netmask 255.255.255.255
static (dmz1,outside) x.x.250.45 x.x.250.45 netmask 255.255.255.255
static (dmz1,outside) x.x.75.23 x.x.75.23 netmask 255.255.255.255
static (dmz1,outside) x.x.73.59 x.x.73.59 netmask 255.255.255.255
static (dmz1,outside) x.x.250.66 x.x.250.66 netmask 255.255.255.255
static (dmz1,outside) x.x.75.46 x.x.75.46 netmask 255.255.255.255
static (dmz1,outside) x.x.75.45 x.x.75.45 netmask 255.255.255.255
static (inside,dmz1) 172.28.32.230 172.28.32.230 netmask 255.255.255.255
static (dmz1,outside) x.x.251.15 x.x.251.15 netmask 255.255.255.255
static (dmz1,outside) x.x.250.158 x.x.250.158 netmask 255.255.255.255
static (inside,dmz1) 172.24.29.0 172.24.29.0 netmask 255.255.255.0
static (dmz1,outside) x.x.73.61 x.x.73.61 netmask 255.255.255.255
static (dmz1,outside) x.x.75.70 x.x.75.70 netmask 255.255.255.255
static (dmz1,outside) x.x.250.203 x.x.250.203 netmask 255.255.255.255
static (inside,dmz1) 1x.1x.169.6 1x.1x.169.6 netmask 255.255.255.255
static (inside,dmz1) 1x.1x.169.16 1x.1x.169.16 netmask 255.255.255.255
static (inside,dmz1) 1x.1x.169.9 1x.1x.169.9 netmask 255.255.255.255
static (inside,dmz1) 172.31.8.115 172.31.8.115 netmask 255.255.255.255
static (dmz1,outside) x.x.75.81 x.x.75.81 netmask 255.255.255.255
static (dmz1,outside) x.x.250.99 x.x.250.99 netmask 255.255.255.255
static (dmz1,outside) x.x.75.117 x.x.75.117 netmask 255.255.255.255
static (dmz1,outside) x.x.176.198 x.x.176.198 netmask 255.255.255.254
static (inside,ServProv) x.y.32.0 x.y.32.0 netmask 255.255.255.0
static (inside,ServProv) 172.24.130.0 172.24.130.0 netmask 255.255.255.0
static (inside,ServProv) 172.24.133.0 172.24.133.0 netmask 255.255.255.0
static (inside,dmz1) 172.24.30.0 172.24.30.0 netmask 255.255.255.0
static (dmz1,outside) x.x.75.74 x.x.75.74 netmask 255.255.255.255
static (inside,dmz1) 172.24.112.81 172.24.112.81 netmask 255.255.255.255
static (ServProv,outside) x.x.159.162 x.x.159.162 netmask 255.255.255.255
static (dmz1,outside) x.x.250.22 x.x.250.22 netmask 255.255.255.255
static (ServProv,outside) x.x.159.250 x.x.159.250 netmask 255.255.255.255
static (inside,dmz1) 1xx.1xx.170.143 1xx.1xx.170.143 netmask 255.255.255.255
static (inside,ServProv) 172.25.249.0 172.25.249.0 netmask 255.255.255.0
static (inside,ServProv) 172.24.23.0 172.24.23.0 netmask 255.255.255.0
static (dmz1,outside) x.x.75.113 x.x.75.113 netmask 255.255.255.255
static (dmz1,outside) x.x.250.50 x.x.250.50 netmask 255.255.255.255
static (dmz1,outside) x.x.75.171 x.x.75.171 netmask 255.255.255.255
static (dmz1,outside) x.x.75.172 x.x.75.172 netmask 255.255.255.255
static (dmz1,outside) x.x.75.175 x.x.75.175 netmask 255.255.255.255
static (dmz1,outside) x.x.75.177 x.x.75.177 netmask 255.255.255.255
static (dmz1,outside) x.x.75.179 x.x.75.179 netmask 255.255.255.255
static (dmz1,outside) x.x.75.180 x.x.75.180 netmask 255.255.255.255
static (dmz1,outside) x.x.75.181 x.x.75.181 netmask 255.255.255.255
static (dmz1,outside) x.x.75.182 x.x.75.182 netmask 255.255.255.255
static (dmz1,outside) x.x.75.183 x.x.75.183 netmask 255.255.255.255
static (dmz1,outside) x.x.75.184 x.x.75.184 netmask 255.255.255.255
static (dmz1,outside) x.x.75.143 x.x.75.143 netmask 255.255.255.255
static (dmz1,outside) x.x.75.21 x.x.75.21 netmask 255.255.255.255
static (dmz1,outside) x.x.250.110 x.x.250.110 netmask 255.255.255.255
static (dmz1,outside) x.x.75.185 x.x.75.185 netmask 255.255.255.255
static (dmz1,outside) x.x.75.174 x.x.75.174 netmask 255.255.255.255
static (dmz1,outside) x.x.75.176 x.x.75.176 netmask 255.255.255.255
static (dmz1,outside) x.x.75.178 x.x.75.178 netmask 255.255.255.255
static (ServProv,outside) x.x.120.205 x.x.120.205 netmask 255.255.255.255
static (dmz1,outside) x.x.250.44 x.x.250.44 netmask 255.255.255.255
static (inside,dmz1) 172.27.133.0 172.27.133.0 netmask 255.255.255.0
static (dmz1,outside) x.x.75.186 x.x.75.186 netmask 255.255.255.255
static (inside,ServProv) 1x.1x.172.0 1x.1x.172.0 netmask 255.255.252.0
static (inside,ServProv) 172.25.248.0 172.25.248.0 netmask 255.255.255.0
static (inside,dmz1) 172.24.17.90 172.24.17.90 netmask 255.255.255.255
static (dmz1,outside) x.x.75.187 x.x.75.187 netmask 255.255.255.255
static (dmz1,outside) x.x.75.163 x.x.75.163 netmask 255.255.255.255
static (inside,ServProv) 172.31.20.0 172.31.20.0 netmask 255.255.255.0
static (inside,ServProv) 172.31.30.0 172.31.30.0 netmask 255.255.255.0
static (inside,ServProv) 172.24.28.0 172.24.28.0 netmask 255.255.255.0
static (ServProv,outside) x.x.157.60 x.x.157.60 netmask 255.255.255.255
static (ServProv,outside) x.x.157.130 x.x.157.130 netmask 255.255.255.255
static (inside,ServProv) 172.24.132.0 172.24.132.0 netmask 255.255.255.0
static (ServProv,dmz1) x.x.157.0 x.x.157.0 netmask 255.255.255.0
static (inside,ServProv) 172.24.154.0 172.24.154.0 netmask 255.255.255.0
static (inside,ServProv) 172.24.193.0 172.24.193.0 netmask 255.255.255.0
static (inside,ServProv) 172.26.168.0 172.26.168.0 netmask 255.255.255.0
static (inside,ServProv) 172.26.169.0 172.26.169.0 netmask 255.255.255.0
static (inside,ServProv) 172.24.76.0 172.24.76.0 netmask 255.255.255.0
static (dmz1,outside) x.x.75.54 x.x.75.54 netmask 255.255.255.255
static (dmz1,outside) x.x.75.55 x.x.75.55 netmask 255.255.255.255
static (dmz1,outside) x.x.0.20 x.x.0.20 netmask 255.255.255.255 tcp 10000 100
static (inside,ServProv) 128.191.168.0 128.191.168.0 netmask 255.255.252.0
static (inside,dmz1) x.x.80.0 x.x.80.0 netmask 255.255.255.0
static (inside,dmz1) 172.25.2.0 172.25.2.0 netmask 255.255.255.0
static (dmz1,outside) x.x.80.10 x.x.80.10 netmask 255.255.255.255
static (inside,ServProv) x.x.152.0 x.x.152.0 netmask 255.255.255.0
static (dmz1,outside) x.x.0.21 x.x.0.21 netmask 255.255.255.255 tcp 10000 100
static (inside,ServProv) 172.31.43.0 172.31.43.0 netmask 255.255.255.0
static (inside,dmz1) 172.24.76.0 172.24.76.0 netmask 255.255.255.0
static (inside,dmz1) 172.24.77.0 172.24.77.0 netmask 255.255.255.0
static (inside,dmz1) 1x.1x.168.0 1x.1x.168.0 netmask 255.255.252.0
static (inside,dmz1) 1x.1x.169.0 1x.1x.169.0 netmask 255.255.255.0
static (dmz1,outside) x.x.75.33 x.x.75.33 netmask 255.255.255.255
static (ServProv,outside) x.x.152.110 x.x.152.110 netmask 255.255.255.255
static (dmz1,outside) x.w.66.61 x.w.66.61 netmask 255.255.255.255
static (dmz1,outside) x.x.75.188 x.x.75.188 netmask 255.255.255.255
static (dmz1,outside) x.x.75.57 x.x.75.57 netmask 255.255.255.255
static (inside,ServProv) 172.24.73.0 172.24.73.0 netmask 255.255.255.0
static (ServProv,outside) x.x.120.161 x.x.120.161 netmask 255.255.255.255
static (inside,dmz1) 172.24.17.60 172.24.17.60 netmask 255.255.255.255
static (inside,dmz1) 172.24.17.61 172.24.17.61 netmask 255.255.255.255
static (inside,dmz1) 172.27.129.0 172.27.129.0 netmask 255.255.255.0
static (inside,dmz1) 172.27.132.0 172.27.132.0 netmask 255.255.255.0
static (ServProv,outside) x.x.157.40 x.x.157.40 netmask 255.255.255.255
static (ServProv,outside) x.x.157.152 x.x.157.152 netmask 255.255.255.255
static (ServProv,outside) x.x.159.150 x.x.159.150 netmask 255.255.255.255
static (ServProv,outside) x.x.159.151 x.x.159.151 netmask 255.255.255.255
static (ServProv,outside) x.x.157.41 x.x.157.41 netmask 255.255.255.255
static (inside,ServProv) 172.24.144.0 172.24.144.0 netmask 255.255.255.0
static (inside,ServProv) 172.25.108.0 172.25.108.0 netmask 255.255.252.0
static (inside,ServProv) 172.25.181.0 172.25.181.0 netmask 255.255.255.0
static (dmz1,outside) x.x.176.196 x.x.176.196 netmask 255.255.255.255
static (dmz1,outside) x.x.176.197 x.x.176.197 netmask 255.255.255.255
static (dmz1,outside) x.w.66.70 x.w.66.70 netmask 255.255.255.255
static (dmz1,outside) x.x.75.111 x.x.75.111 netmask 255.255.255.255
static (inside,ServProv) 172.26.175.0 172.26.175.0 netmask 255.255.255.0
static (inside,dmz1) 172.16.80.0 172.16.80.0 netmask 255.255.255.0
static (inside,ServProv) 172.26.165.0 172.26.165.0 netmask 255.255.255.0
<--- More --->
static (inside,dmz1) 172.27.137.0 172.27.137.0 netmask 255.255.255.0
static (inside,dmz1) 172.27.136.0 172.27.136.0 netmask 255.255.255.0
static (dmz1,outside) x.x.75.145 x.x.75.145 netmask 255.255.255.255
static (dmz1,outside) x.x.75.146 x.x.75.146 netmask 255.255.255.255
static (dmz1,outside) x.x.250.31 x.x.250.31 netmask 255.255.255.255
static (dmz1,outside) x.w.66.64 x.w.66.64 netmask 255.255.255.255
static (dmz1,outside) x.w.66.65 x.w.66.65 netmask 255.255.255.255
static (dmz1,outside) x.x.75.144 x.x.75.144 netmask 255.255.255.255
static (ServProv,outside) x.x.165.12 x.x.165.12 netmask 255.255.255.255
static (dmz1,outside) x.x.75.147 x.x.75.147 netmask 255.255.255.255
static (dmz1,outside) x.x.90.91 x.x.90.91 netmask 255.255.255.255
static (dmz1,outside) x.x.250.156 x.x.250.156 netmask 255.255.255.255
static (ServProv,dmz1) x.x.165.0 x.x.165.0 netmask 255.255.255.0
static (ServProv,outside) x.x.159.52 x.x.159.52 netmask 255.255.255.255
static (dmz1,outside) x.x.75.190 x.x.75.190 netmask 255.255.255.255
static (inside,ServProv) 172.24.224.0 172.24.224.0 netmask 255.255.255.0
static (dmz1,outside) x.x.75.138 x.x.75.138 netmask 255.255.255.255
static (dmz1,outside) x.x.250.35 x.x.250.35 netmask 255.255.255.255
static (dmz1,outside) x.x.75.191 x.x.75.191 netmask 255.255.255.255
static (inside,ServProv) 172.26.160.0 172.26.160.0 netmask 255.255.255.0
static (dmz1,outside) x.x.75.162 x.x.75.162 netmask 255.255.255.255
static (dmz1,outside) x.w.66.59 x.w.66.59 netmask 255.255.255.255
static (dmz1,outside) x.x.75.166 x.x.75.166 netmask 255.255.255.255
static (dmz1,outside) x.w.66.80 x.w.66.80 netmask 255.255.255.255
static (dmz1,outside) x.w.66.81 x.w.66.81 netmask 255.255.255.255
static (dmz1,outside) x.w.66.82 x.w.66.82 netmask 255.255.255.255
static (inside,dmz1) 172.24.14.0 172.24.14.0 netmask 255.255.255.0
static (inside,dmz1) 172.24.13.0 172.24.13.0 netmask 255.255.255.0
static (dmz1,outside) x.x.73.63 x.x.73.63 netmask 255.255.255.255
static (ServProv,outside) x.x.159.53 x.x.159.53 netmask 255.255.255.255
static (inside,dmz1) 1x.x.111.0 1x.x.111.0 netmask 255.255.255.0
static (inside,ServProv) 172.16.22.0 172.16.22.0 netmask 255.255.255.0
static (dmz1,outside) x.x.250.225 x.x.250.225 netmask 255.255.255.255
static (dmz1,outside) x.x.73.70 x.x.73.70 netmask 255.255.255.255
static (dmz1,outside) x.x.85.12 x.x.85.12 netmask 255.255.255.255
static (dmz1,outside) x.x.148.10 x.x.148.10 netmask 255.255.255.255
static (inside,dmz1) x.x.118.0 x.x.118.0 netmask 255.255.255.0
static (dmz1,outside) x.x.168.0 x.x.168.0 netmask 255.255.255.192
static (ServProv,outside) x.x.159.51 x.x.159.51 netmask 255.255.255.255
static (inside,dmz1) 172.16.16.0 172.16.16.0 netmask 255.255.248.0
static (inside,dmz1) 172.27.135.0 172.27.135.0 netmask 255.255.255.0
static (dmz1,outside) x.x.250.112 x.x.250.112 netmask 255.255.255.255
static (dmz1,outside) x.x.250.109 x.x.250.109 netmask 255.255.255.255
static (ServProv,outside) x.x.159.200 x.x.159.200 netmask 255.255.255.255
static (ServProv,outside) x.x.159.201 x.x.159.201 netmask 255.255.255.255
static (ServProv,outside) x.x.159.202 x.x.159.202 netmask 255.255.255.255
static (ServProv,outside) x.x.159.203 x.x.159.203 netmask 255.255.255.255
static (ServProv,outside) x.x.159.204 x.x.159.204 netmask 255.255.255.255
static (ServProv,outside) x.x.159.205 x.x.159.205 netmask 255.255.255.255
static (ServProv,outside) x.x.159.206 x.x.159.206 netmask 255.255.255.255
static (ServProv,outside) x.x.159.207 x.x.159.207 netmask 255.255.255.255
static (ServProv,outside) x.x.159.208 x.x.159.208 netmask 255.255.255.255
static (ServProv,outside) x.x.159.209 x.x.159.209 netmask 255.255.255.255
static (ServProv,outside) x.x.159.210 x.x.159.210 netmask 255.255.255.255
static (dmz1,outside) x.x.250.36 x.x.250.36 netmask 255.255.255.255
static (dmz1,outside) x.x.73.75 x.x.73.75 netmask 255.255.255.255
static (dmz1,outside) x.w.66.58 x.w.66.58 netmask 255.255.255.255
static (dmz1,outside) x.x.73.76 x.x.73.76 netmask 255.255.255.255
static (ServProv,outside) x.x.120.216 x.x.120.216 netmask 255.255.255.255
static (dmz1,outside) x.w.66.57 x.w.66.57 netmask 255.255.255.255
static (inside,ServProv) 172.24.166.0 172.24.166.0 netmask 255.255.255.0
static (dmz1,outside) x.x.75.167 x.x.75.167 netmask 255.255.255.255
static (dmz1,outside) x.x.75.168 x.x.75.168 netmask 255.255.255.255
static (dmz1,outside) x.x.75.169 x.x.75.169 netmask 255.255.255.255
static (dmz1,outside) x.x.75.134 x.x.75.134 netmask 255.255.255.255
static (dmz1,outside) x.x.75.135 x.x.75.135 netmask 255.255.255.255
static (dmz1,outside) x.x.75.136 x.x.75.136 netmask 255.255.255.255
static (dmz1,outside) x.x.75.137 x.x.75.137 netmask 255.255.255.255
static (dmz1,outside) x.x.85.20 x.x.85.20 netmask 255.255.255.255
static (dmz1,outside) x.w.66.56 x.w.66.56 netmask 255.255.255.255
static (dmz1,outside) x.x.147.47 x.x.147.47 netmask 255.255.255.255
static (dmz1,outside) x.x.73.71 x.x.73.71 netmask 255.255.255.255
static (inside,dmz1) 172.24.17.120 172.24.17.120 netmask 255.255.255.255
static (inside,dmz1) 172.24.17.125 172.24.17.125 netmask 255.255.255.255
static (dmz1,outside) x.x.250.16 x.x.250.16 netmask 255.255.255.255
static (inside,ServProv) 172.16.18.0 172.16.18.0 netmask 255.255.255.0
static (inside,ServProv) 128.191.124.0 128.191.124.0 netmask 255.255.252.0
static (dmz1,outside) x.x.75.173 x.x.75.173 netmask 255.255.255.255
static (ServProv,outside) x.x.159.54 x.x.159.54 netmask 255.255.255.255
static (ServProv,outside) x.x.159.55 x.x.159.55 netmask 255.255.255.255
static (dmz1,outside) x.w.66.69 x.w.66.69 netmask 255.255.255.255
static (inside,ServProv) 172.24.141.0 172.24.141.0 netmask 255.255.255.0
static (dmz1,outside) x.x.147.110 x.x.147.110 netmask 255.255.255.255
static (dmz1,outside) x.x.147.112 x.x.147.112 netmask 255.255.255.255
static (dmz1,outside) x.x.147.111 x.x.147.111 netmask 255.255.255.255
static (dmz1,outside) x.x.147.113 x.x.147.113 netmask 255.255.255.255
static (dmz1,outside) x.x.147.114 x.x.147.114 netmask 255.255.255.255
static (dmz1,outside) x.x.147.115 x.x.147.115 netmask 255.255.255.255
static (dmz1,outside) x.x.147.116 x.x.147.116 netmask 255.255.255.255
static (dmz1,outside) x.x.250.72 x.x.250.72 netmask 255.255.255.255
static (dmz1,outside) x.x.250.76 x.x.250.76 netmask 255.255.255.255
static (dmz1,outside) x.x.250.73 x.x.250.73 netmask 255.255.255.255
static (inside,ServProv) 172.24.40.0 172.24.40.0 netmask 255.255.255.0
static (inside,ServProv) 172.24.41.0 172.24.41.0 netmask 255.255.255.0
static (dmz1,outside) x.x.250.74 x.x.250.74 netmask 255.255.255.255
static (dmz1,outside) x.x.250.75 x.x.250.75 netmask 255.255.255.255
static (dmz1,outside) x.x.250.78 x.x.250.78 netmask 255.255.255.255
static (dmz1,outside) x.x.250.79 x.x.250.79 netmask 255.255.255.255
static (dmz1,outside) x.w.66.68 x.w.66.68 netmask 255.255.255.255
static (inside,ServProv) 172.24.74.0 172.24.74.0 netmask 255.255.255.0
static (ServProv,dmz1) x.x.159.0 x.x.159.0 netmask 255.255.255.0
static (inside,ServProv) 172.26.172.0 172.26.172.0 netmask 255.255.255.0
static (dmz1,outside) x.x.75.200 x.x.75.200 netmask 255.255.255.255
static (dmz1,outside) x.x.75.189 x.x.75.189 netmask 255.255.255.255
static (dmz1,outside) x.x.250.121 x.x.250.121 netmask 255.255.255.255
static (dmz1,outside) x.x.200.11 x.x.200.11 netmask 255.255.255.255
static (dmz1,outside) x.x.200.12 x.x.200.12 netmask 255.255.255.255
static (dmz1,outside) x.x.200.13 x.x.200.13 netmask 255.255.255.255
static (dmz1,outside) x.x.200.14 x.x.200.14 netmask 255.255.255.255
static (dmz1,outside) x.x.200.15 x.x.200.15 netmask 255.255.255.255
static (dmz1,outside) x.x.200.16 x.x.200.16 netmask 255.255.255.255
static (dmz1,outside) x.x.75.56 x.x.75.56 netmask 255.255.255.255
static (inside,dmz1) 172.24.35.0 172.24.35.0 netmask 255.255.255.0
static (ServProv,outside) x.x.165.100 x.x.165.100 netmask 255.255.255.255
static (inside,dmz1) 172.26.176.0 172.26.176.0 netmask 255.255.255.0
static (inside,ServProv) 10.47.73.201 10.47.73.201 netmask 255.255.255.255
static (ServProv,outside) x.x.157.151 x.x.157.151 netmask 255.255.255.255
static (ServProv,outside) x.x.157.150 x.x.157.150 netmask 255.255.255.255
static (ServProv,outside) x.x.159.50 x.x.159.50 netmask 255.255.255.255
static (dmz1,outside) x.x.75.58 x.x.75.58 netmask 255.255.255.255
static (ServProv,outside) x.x.120.218 x.x.120.218 netmask 255.255.255.255
static (ServProv,outside) x.x.157.46 x.x.157.46 netmask 255.255.255.255
static (dmz1,outside) x.x.200.17 x.x.200.17 netmask 255.255.255.255
static (dmz1,outside) x.x.75.106 x.x.75.106 netmask 255.255.255.255
static (inside,ServProv) 172.24.75.0 172.24.75.0 netmask 255.255.255.0
static (inside,ServProv) 172.24.77.0 172.24.77.0 netmask 255.255.255.0
static (inside,ServProv) 172.24.78.0 172.24.78.0 netmask 255.255.255.0
static (ServProv,outside) x.x.157.11 x.x.157.11 netmask 255.255.255.255
static (inside,ServProv) 172.24.192.0 172.24.192.0 netmask 255.255.255.0
static (dmz1,outside) x.x.250.46 x.x.250.46 netmask 255.255.255.255
static (dmz1,outside) x.x.250.47 x.x.250.47 netmask 255.255.255.255
static (dmz1,outside) x.x.250.33 x.x.250.33 netmask 255.255.255.255
static (dmz1,outside) x.x.250.34 x.x.250.34 netmask 255.255.255.255
static (dmz1,outside) x.x.250.37 x.x.250.37 netmask 255.255.255.255
static (dmz1,outside) x.x.250.38 x.x.250.38 netmask 255.255.255.255
static (dmz1,outside) x.x.75.59 x.x.75.59 netmask 255.255.255.255
static (dmz1,outside) x.x.75.104 x.x.75.104 netmask 255.255.255.255
static (dmz1,outside) x.x.250.51 x.x.250.51 netmask 255.255.255.255
static (dmz1,outside) x.x.250.152 x.x.250.152 netmask 255.255.255.255
static (dmz1,outside) x.x.250.151 x.x.250.151 netmask 255.255.255.255
static (dmz1,outside) x.x.250.39 x.x.250.39 netmask 255.255.255.255
static (dmz1,outside) x.x.157.12 x.x.157.12 netmask 255.255.255.255
static (ServProv,outside) x.x.159.56 x.x.159.56 netmask 255.255.255.255
static (ServProv,outside) x.x.159.57 x.x.159.57 netmask 255.255.255.255
static (ServProv,outside) x.x.159.58 x.x.159.58 netmask 255.255.255.255
static (ServProv,outside) x.x.159.59 x.x.159.59 netmask 255.255.255.255
static (inside,ServProv) 172.24.169.0 172.24.169.0 netmask 255.255.255.0
static (inside,ServProv) 172.16.68.0 172.16.68.0 netmask 255.255.255.0
static (inside,ServProv) 172.24.156.0 172.24.156.0 netmask 255.255.255.0
static (ServProv,outside) x.x.157.224 x.x.157.224 netmask 255.255.255.255
static (ServProv,outside) x.x.159.60 x.x.159.60 netmask 255.255.255.255
static (ServProv,outside) x.x.159.61 x.x.159.61 netmask 255.255.255.255
static (ServProv,outside) x.x.157.100 x.x.157.100 netmask 255.255.255.255
static (dmz1,outside) x.x.105.246 x.x.105.246 netmask 255.255.255.255
static (dmz1,outside) x.x.24.62 x.x.24.62 netmask 255.255.255.255
static (ServProv,outside) x.x.157.9 x.x.157.9 netmask 255.255.255.255
static (inside,ServProv) 172.26.149.0 172.26.149.0 netmask 255.255.255.0
static (dmz1,outside) x.x.200.20 x.x.200.20 netmask 255.255.255.255
static (dmz1,outside) x.x.200.21 x.x.200.21 netmask 255.255.255.255
static (dmz1,outside) x.x.200.22 x.x.200.22 netmask 255.255.255.255
static (ServProv,outside) x.x.159.120 x.x.159.120 netmask 255.255.255.255
static (ServProv,outside) x.x.159.121 x.x.159.121 netmask 255.255.255.255
static (ServProv,outside) x.x.159.122 x.x.159.122 netmask 255.255.255.255
static (ServProv,outside) x.x.159.123 x.x.159.123 netmask 255.255.255.255
static (ServProv,outside) x.x.159.124 x.x.159.124 netmask 255.255.255.255
static (ServProv,outside) x.x.159.125 x.x.159.125 netmask 255.255.255.255
static (ServProv,outside) x.x.159.126 x.x.159.126 netmask 255.255.255.255
static (dmz1,inside) x.x.250.39 x.x.250.39 netmask 255.255.255.255
static (dmz1,outside) x.x.250.40 x.x.250.40 netmask 255.255.255.255
static (dmz1,outside) x.x.250.53 x.x.250.53 netmask 255.255.255.255
static (ServProv,outside) x.x.157.49 x.x.157.49 netmask 255.255.255.255
static (ServProv,outside) x.x.157.50 x.x.157.50 netmask 255.255.255.255
static (ServProv,outside) x.x.157.85 x.x.157.85 netmask 255.255.255.255
static (ServProv,outside) x.x.157.245 x.x.157.245 netmask 255.255.255.255
static (ServProv,outside) x.x.157.240 x.x.157.240 netmask 255.255.255.255
static (ServProv,outside) x.x.157.241 x.x.157.241 netmask 255.255.255.255
static (ServProv,outside) x.x.157.242 x.x.157.242 netmask 255.255.255.255
static (ServProv,outside) x.x.157.243 x.x.157.243 netmask 255.255.255.255
static (inside,ServProv) 172.24.71.0 172.24.71.0 netmask 255.255.255.0
static (ServProv,outside) x.x.157.238 x.x.157.238 netmask 255.255.255.255
static (ServProv,outside) x.x.157.239 x.x.157.239 netmask 255.255.255.255
static (ServProv,inside) x.x.159.51 x.x.159.51 netmask 255.255.255.255
static (inside,ServProv) 172.24.181.0 172.24.181.0 netmask 255.255.255.0
static (inside,ServProv) 172.24.131.0 172.24.131.0 netmask 255.255.255.0
static (inside,dmz1) 172.16.68.0 172.16.68.0 netmask 255.255.255.0
static (inside,ServProv) 172.24.35.0 172.24.35.0 netmask 255.255.255.0
static (ServProv,inside) x.x.159.54 x.x.159.54 netmask 255.255.255.255
static (dmz1,outside) x.x.250.102 x.x.250.102 netmask 255.255.255.255
static (dmz1,outside) x.x.250.18 x.x.250.18 netmask 255.255.255.255
static (ServProv,outside) x.x.157.127 x.x.157.127 netmask 255.255.255.255
static (dmz1,outside) x.x.55.0 x.x.55.0 netmask 255.255.255.0
static (dmz1,outside) x.x.56.0 x.x.56.0 netmask 255.255.255.0
static (ServProv,outside) x.x.157.51 x.x.157.51 netmask 255.255.255.255
static (ServProv,outside) x.x.157.52 x.x.157.52 netmask 255.255.255.255
static (dmz1,outside) x.x.75.48 x.x.75.48 netmask 255.255.255.255
static (dmz1,outside) x.x.250.55 x.x.250.55 netmask 255.255.255.255
static (dmz1,outside) x.x.75.90 x.x.75.90 netmask 255.255.255.255
static (dmz1,outside) x.x.250.70 x.x.250.70 netmask 255.255.255.255
static (dmz1,inside) 172.16.51.0 172.16.51.0 netmask 255.255.255.0
static (dmz1,outside) x.x.75.192 x.x.75.192 netmask 255.255.255.255
static (inside,ServProv) 172.26.158.0 172.26.158.0 netmask 255.255.255.0
static (dmz1,outside) x.x.250.122 x.x.250.122 netmask 255.255.255.255
static (dmz1,outside) x.x.75.193 x.x.75.193 netmask 255.255.255.255
static (dmz1,outside) x.x.250.131 x.x.250.131 netmask 255.255.255.255
static (dmz1,outside) x.x.250.132 x.x.250.132 netmask 255.255.255.255
static (dmz1,outside) x.x.75.195 x.x.75.195 netmask 255.255.255.255
static (dmz1,outside) x.x.75.194 x.x.75.194 netmask 255.255.255.255
static (inside,dmz1) 172.26.143.0 172.26.143.0 netmask 255.255.255.0
static (ServProv,inside) x.x.159.56 x.x.159.56 netmask 255.255.255.255
static (ServProv,inside) x.x.159.55 x.x.159.55 netmask 255.255.255.255
static (inside,ServProv) x.y.34.0 x.y.34.0 netmask 255.255.255.0
static (inside,ServProv) 172.27.132.0 172.27.132.0 netmask 255.255.255.0
static (dmz1,outside) x.x.75.91 x.x.75.91 netmask 255.255.255.255
static (inside,dmz1) 172.24.164.0 172.24.164.0 netmask 255.255.254.0
static (inside,ServProv) 172.24.164.0 172.24.164.0 netmask 255.255.254.0
static (dmz1,outside) x.x.250.210 x.x.250.210 netmask 255.255.255.255
static (dmz1,outside) x.x.250.62 x.x.250.62 netmask 255.255.255.255
static (dmz1,outside) x.x.250.63 x.x.250.63 netmask 255.255.255.255
static (dmz1,outside) x.x.250.68 x.x.250.68 netmask 255.255.255.255
static (dmz1,inside) x.x.75.91 x.x.75.91 netmask 255.255.255.255
static (dmz1,inside) x.x.75.90 x.x.75.90 netmask 255.255.255.255
static (inside,dmz1) 172.24.73.0 172.24.73.0 netmask 255.255.255.0
static (dmz1,outside) x.x.73.91 x.x.73.91 netmask 255.255.255.255
access-group acl_out in interface outside
access-group acl_in in interface inside
access-group acl_dmz1 in interface dmz1
access-group acl_ServProv in interface ServProv
route outside 0.0.0.0 0.0.0.0 x.x.6.1 1
route inside 10.0.0.0 255.0.0.0 172.25.1.1 1
route dmz1 10.52.109.125 255.255.255.255 x.x.0.1 1
route dmz1 10.207.0.0 255.255.0.0 x.x.0.1 1
route dmz1 10.222.0.0 255.255.255.0 x.x.0.1 1
route dmz1 x.x.179.160 255.255.255.224 x.x.0.1 1
route dmz1 x.x.54.0 255.255.255.0 x.x.0.1 1
route dmz1 x.x.3.25 255.255.255.255 x.x.0.1 1
route dmz1 x.x.48.76 255.255.255.255 x.x.0.1 1
route dmz1 x.x.237.0 255.255.255.0 x.x.0.1 1
route inside 1x.1x.0.0 255.255.0.0 172.25.1.1 1
route outside 1x.1x.16.0 255.255.252.0 x.x.6.1 1
route dmz1 1x.1x.128.0 255.255 -
Dynamic PAT and Static NAT issue ASA 5515
Hi All,
Recently we migrated our network to ASA 5515, since we had configured nat pool overload on our existing router the users are able to translated their ip's outside. Right now my issue was when I use the existing NAT configured to our router into firewall, it seems that the translation was not successful actually I used Dynamic NAT. When I use the Dynamic PAT(Hide) all users are able to translated to the said public IP's. I know that PAT is Port address translation but when I use static nat for specific server. The Static NAT was not able to translated. Can anyone explain if there's any conflict whit PAT to Static NAT? I appriciate their response. Thanks!
- BhalHi,
I would have to guess that you Dynamic PAT was perhaps configured as a Section 1 rule and Static NAT configured as Section 2 rule which would mean that the Dynamic PAT rule would always override the Static NAT for the said host.
The very basic configured for Static NAT and Default PAT I would do in the following way
object network STATIC
host
nat (inside,outside) static dns
object-group network DEFAULT-PAT-SOURCE
network-object
nat (inside,outside) after-auto source dynamic DEFAULT-PAT-SOURCE interface
The Static NAT would be configured as Network Object NAT (Section 2) and the Default PAT would be configured with Twice NAT / Manual NAT (after-auto specifies it as Section 3 rule)
This might sound confusing. Though it would be easier to say what the problem is if we saw the actual NAT configuration. Though I gave the reason that I think is probably one of the most likely reasons if there is some conflict with the 2 NAT rules
You can also check out a NAT document I made regarding the new NAT configuration format and its operation.
https://supportforums.cisco.com/docs/DOC-31116
Hope this helps
- Jouni -
Static NAT to two servers using same port
I have a small office network with a single public IP address. Currently we have a static nat for port 443 for the VPN. We just received new software that requires the server the software is on to be listening on port 443 across the internet. Thus, essentially I need to do natting (port forwarding) using port 443 to two different servers.
I believe that the usual way to accomplish this would be to have the second natting use a different public facing port, natted to 443 on the inside of the network (like using port 80 and 8080 for http). But, if the software company says that it must use port 443, is there any other way to go about this? If, for example, I know the IP address that the remote server will be connecting to our local server on, is there any way to add the source IP address into the rule? Could it work like, any port 443 traffic also from x.x.x.x, forward to local machine 192.168.0.2. Forward all other port 443 traffic not from x.x.x.x to 192.168.0.3.
Any help would be very much appreciated.
Thanks,
- MikeHi,
Using the same public/mapped port on software levels 8.2 and below would be impossible. Only one rule could apply. I think the Cisco FWSM accepts the second command while the ASA to my understanding simply rejects the second "static" statement with ERROR messages.
On the software levels 8.3 and above you have a chance to build a rule for the same public/mapped port WHEN you know where the connections to the other overlapping public/mapped port is coming from. This usually is not the case for public services but in your situation I gather you know the source address where connections to this server are going to come from?
I have not used this in production and would not wish to do so. I have only done a simple test in the past for a CSC user. I tested mapping port TCP/5900 for VNC twice while defining the source addresses the connections would be coming from in the "nat" configuration (8.4 software) and it seemed to work. I am not all that certain is this a stable solution. I would imagine it could not be recomended for a production environment setup.
But nevertheless its a possibility.
So you would need the newer software on your firewall but I am not sure what devce you are using and what software its using.
- Jouni -
How to set up two POP e-mail accounts using the same POP and SMTP servers
I have an e-mail address based on a domain I purchased which is based on my company name. Now retired, I have purchased a new domain with a simpler, personalised name. My original e-mail account uses the incoming (POP3) and outgoing (SMTP) mail servers operated by my ISP; mail.btinternet.com.
I have set up a new account on my PC in Microsoft Outlook, and have successfully sent and received emails using the new e-mail address taken from my new domain name.
I have now tried to mirror this on my iPhone, but every time I enter all the relevant data for the new e-mail address, user name, password, mail servers etc., and then press 'save', I get a pop-up which says: "xxxx" is Already Added This POP account has already been added to your iPhone. ("xxxx" is the name given to my original e-mail account). Nowhere have I input "xxxx" in the course of setting up the new account.
I need both accounts operational during an extended switch-over period as I alert everyone to the e-mail change over. Can anyone suggest a solution to this problem?What targeting the Mail.app preference file, do the following:
Quit the Mail.app first and using the Finder, go to Home > Library > Mail. Copy the Mail folder and place the copy on the Desktop for backup purposes.
Using the Finder, go to Home > Library > Preferences > com.apple.mail.plist. Move the com.apple.mail.plist file to the Desktop.
Note: Moving the com.apple.mail.plist file out of the Preferences folder will require re-entering all email account information when re-launching Mail.
The only exception to this is if you have a .Mac account which will be recreated automatically and/or if you created an email account as part of the computer setup assistant when first turning on the computer when new.
Launch Mail and decline any prompt to import mailboxes. After re-entering all email account information, the Mail.app should rediscover the existing account named folders and mailbox files at Home > Library > Mail.
After confirming all mailboxes were successfully rediscovered, you can delete the copy of the Mail folder and old com.apple.mail.plist file from the Desktop.
Test if this resolves the problem. -
Mail.app is COPYING instead of MOVING mail to folders (using IMAP)
Hi there,
I hope I can keep this simple, I'll go by the steps leading to my propblem:
1.
I've been using POP3 mail for a long time, mainly with Outlook on PC's and now that I have made the godly switch to Apple I've been using Mail.app for a couple months. I host my domains at GoDaddy.com and they offer decent mail servers including webmail, etc. Since I'm checking mail on multiple platforms (iPhone, iPad, MacBook and webmail) I decided to start using IMAP instead of POP3. GoDaddy set that up form me in seconds and I got IMAP working on Mail.app in no time (yes, I deleted the old POP accounts and started from zero creating new IMAP accounts).
2.
I've learned to keep mail filing easy so I have just two folders: "Inbox" and "archive". My inbox is... well... my inbox. If a mail is in my inbox it's because it's either a brand new unread mail or it is read and I'm keeping it there because action needs to be take upon it. Once action has been taken and I want to save the mail for future reference I just archive it. If I want to retreive mail I just make a search across all folders. Of course I also have the trash folder, sent items, junk, etc.
3. THE PROBLEM
As seen on the subject line, Mail.app is COPYING instead of MOVING mail to the IMAP server based folders. So when I click on archive, or manualy drag a mail to the "archive" folder it places a copy there but the email is still visible in the inbox on all my devices. I have tried creating other IMAP folders and giving them different names such as "saved mail" or "old mail" and still I get the same problem. To prove the problem is on the Mail.app side I loged into my webmail and moved messages to the "archive" folder from there, and guess what... it worked. The messages did not show up in the inbox of any of my devices any more.
PLEASE PLEASE HELP.... I'm talking about three email addresses which receive tons of business related mail every day... I'm flooded in mail.
THANKS in advance for your help!
Kinds regards,
WillemThanks wjosten,
I had already tried that. I even created a keyboard shortcut to do so. It doesn't work! As soon as I close down Mail.app and start it up again, the messages are back in the inbox. -
Static NAT entry disappears when using NVI on Cisco 1921 (Multiple versions)
We have a Cisco 1921 as an IPSec tunnel endpoint where we assign static NAT entries. It is a static one-to-one NAT putting each remote endpoint as a local /24 subnet. We are using NVI and we see some of these static entries disappear when packets are unable to reach the destination.
The production router is running 15.0(1r)M16 but we were able to reproduce this same behavior on 15.4(1)T2.
To reproduce, we add the static NVI entry:
ip nat source static X.X.X.X 172.30.250.11
And things look good for a bit:
ROUTER# sh ip nat nvi trans | i 172.30.250.11
gre 172.30.250.11:0 X.X.X>X:0 Y.Y.Y.Y:0 Y.Y.Y.Y:0
--- 172.30.250.11 138.54.32.9 --- ---
tcp Y.Y.Y.Y:60360 Z.Z.Z.Z:60360 172.30.250.11:22 X.X.X.X:22
There is a known issue with GRE traffic being dropped at this particular endpoint, so after generating GRE traffic, the entry completely disappears:
ROUTER# sh run | i 172.30.250.11
ROUTER#
ROUTER# sh ip nat nvi trans | i 172.30.250.11
gre 172.30.250.11:0 X.X.X>X:0 Y.Y.Y.Y:0 Y.Y.Y.Y:0
icmp Y.Y.Y.Y:59916 Z.Z.Z.Z:59916 172.30.250.11:59916 172.30.250.11:59916
tcp Y.Y.Y.Y:60360 Z.Z.Z.Z:60360 172.30.250.11:22 X.X.X.X:22
I can reproduce this by severing the tunnel to any other remote site, and after generating GRE traffic to the downed endpoint, the corresponding static NAT entry will disappear.
Debugging has not shown anything, and I have found some mentions of similar behavior on older versions. Has anyone seen this? We don't have support access to test all versions, so if it is known to be resolved in a particular one, we would love to know to work towards loading that version.
ThanksHi Ryan,
Asa cannot ahve 2 default routes, it can only have one. ASA also doesnt support PBR, so the setup that you are trying to configure would not work on the ASA. Router is the correct option for it.
Hope that helps.
Thanks,
Varun Rao
Security Team,
Cisco TAC -
We have web.mail system at our university based on Outlook, it has worked fine until upgraded to 8.01 the attachments always comes in ashx format (instead of word , pp pdf or whatever and are hard to open. If I use Safari instead everything is ok edit
Outlook Web Access sends an illegal Content-Dispositon header to Firefox. This is no longer allowed in Firefox 8. Firefox 9 will have a workaround for this so that Microsoft has time to fix their software.<br>
See http://support.mozilla.com/nl/questions/895024<br>
https://support.mozilla.com/en-US/search?q=attachement.ashx<br>
Bug 704989 - add workaround for broken Outlook Web App (OWA) attachment handling <br> -
Static NAT using access-lists?
Hi,
i have an ASA5520 and im having an issue with static nat configuration.
I have an inside host, say 1.1.1.1, that i want to be accessible from the outside as address 2.2.2.2.
This is working fine. The issue is that i have other clients who i would like to access the host using its real physical address of 1.1.1.1.
I have got this working using nat0 as an exemption, but as there will be more clients accessing the physical address than the nat address i would like to flip this logic if possible.
Can i create a nat rule that only matches an access list i.e. 'for clients from network x.x.x.x, use the nat from 2.2.2.2 -> 1.1.1.1' and for everyone else, dont nat?
My Pix cli skills arent the best, but the ASDM suggests that this is possible - on the nat rules page there is a section for the untranslated source to ANY, and if i could change ANY i would but dont see how to...
Thanks,
DesDes,
You need to create an access-list to be used with the nat 0 statement.
access-list inside_nonat extended permit ip 1.1.1.1 255.255.255.255 2.2.2.2 255.255.255.255
- this tells the pix/asa to NOT perform NAT for traffic going from 1.1.1.1 to 2.2.2.2
then use NAT 0 statement:
nat (inside) 0 access-list inside_nonat
to permit outside users to see inside addresses without NAT, flip this logic.
access-list outside_nonat extended permit ip 2.2.2.2 255.255.255.255 1.1.1.1 255.255.255.255
nat (outside) 0 access-list outside_nonat
you'll also have to permit this traffic through the ACL of the outside interface.
access-list inbound_acl extended permit ip 2.2.2.2 255.255.255.255 1.1.1.1 255.255.255.255
- Brandon
Maybe you are looking for
-
Is it possible to use several Apple TV in the same home network?
I´ve got the latest Apple TV (ver 2) and I´m impressed of it´s Airplay function. Is it possible to install an Apple TV in several different rooms of your home, each connected to a separate sound- and/or TV system of that room for playing the same or
-
In one of our workflow we create a PDF in SAP office with the request information that we send to the employee. If the request is approved, HR people archive this in the employee archive. This is done manually and takes lots of time. We want to do th
-
Static variable doubt !!!
why the following code throws an error (Illegal start of expression ) public class samp public static void main(String [] a) static int i=10; // error is occuring at this line .... System.out.println(i); }
-
Using American iPhone 5 in Europe
At the moment, I live in Sweden and want to buy an unlocked iPhone 5 from the US. Will it still work fine in Sweden? Can I use a Swedish charger for it or do I need to use the American charger with and adaptor?
-
How To Move Artist Heading To Far Left
I am wondering how I can move the "Artist" heading in iTunes to the far left. I have tried left clicking and this only lists the columns available. Currently I have the song name in the far left column and I would rather have the "Artist" column ther