Override IS-IS LSP password on interface
I have a router which uses a Keychain for authentication, configured under the ISIS process, and i want to disable this on one interface.
Therefore all ISIS interfaces use this keychain. I now need to add another interface into the ISIS process, but this one needs the LSP password authentication disabling
under the interface settings.
The issue is that the router network uses all ASR9000 series kit, and all ISIS instancies are authenticated by the keychain. Now we need to add an ASR1001 router onto a new link, but cannot get the ISIS authentication to operate on that path. I wish to disable the authentication on this path, I'm away from site so dont have access to the routers, and the manuals don't indicate how to override the process setting at an interface level.
I'm back on site Monday morning to continue with this, can anyone tell me the commands for this?
The code version is 4.3.0
Hello aacole,
IS-IS Authentication can be configured under interface configuration (isis password ), under IS-IS process for an area (area-password ) or for an entire IS-IS domain (domain-password )
These three could be combined depending on your need. In this case, you have some options for disabling IS-IS Authentication in the link between the ASR9000 and ASR1001:
1-Disable IS-IS Domain Authentication on all routers: no domain-password under IS-IS process.
2-Option A: Disable IS-IS Area-Authentication on all routers within the area: no area-password under IS-IS process. Later you could configure IS-IS Interface-Authentication in the desired secured interfaces, excluding the link between ASR9000-ASR1001
2-Option B: Configure Multiarea IS-IS and disable IS-IS Area-Authentication in the area of the ASR1001. For this you'll need to configure ASR1001 in a different area and merge the areas by configuring multiple network entity titles (NETs) in the ASR9000
Note: Step one could be skipped if you configure the new ASR1001 on a separate VRF.
Here are some helpful references:
Configuring IS-IS Interface Authentication
http://www.cisco.com/en/US/docs/ios/12_2/ip/configuration/guide/1cfisis.html#wp1001158
Configuring Multiarea IS-IS
http://www.cisco.com/en/US/products/ps6599/products_data_sheet09186a00800e9780.html
IS-IS Support for an IS-IS Instance per VRF for IP.
http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/vrf_isis.html#wp1053917
Regards.
Similar Messages
-
How can I override my child's password on iphone4?
How do I override child's password on iPhone 4?
You can't override their password to unlock the phone. If they do not provide it, then the only thing you can do is confiscate the phone and restore it as a new device in iTunes.
-
SAP ECC 6.0 / Active Directory Password synchronization
Hello,
We have a need to synchronize our users Windows passwords (AD) to our SAP systems (ECC 6.0, BW 3.5, and SCM 5.0). We do not use CUA and currently do not use a Portal and are not looking at doing SSO. We simply want to have one repository (AD) that will manage passwords for our Windows apps as well as our SAP systems. So far, we have not found a way to do this. SAP Note 603208 says this kind of synchronizing is not possible due to encryptions, among other things. However, we did find a white paper that stated the following:
~snip
<i>The Management Agents delivered with MIIS generally support password management: <b>they can take a password from some source (either from a user password change from the Windows interface, or from a self-service web-based password reset interface) and can set the same password in the various connected systems</b>. The Management Agent developed by Oxford is no exception. To change a password in an R/3 System the Susr_User_Change_Password_Rfc function can be used, but this is only possible if the old password is known and the SAP system allows the password change for this user. In cases where the old password is not known (for example the setting of an initial password) the password can be reset using the BAPI_User_change function.</i>~snip
Does anyone have any information on how we can achieve the password synchronization between Active Directory and Abap-based SAP Systems?
I very much appreciate your time and help.
PaulPaul,
You can achieve this using "common authentication". Since Active Directory uses Kerberos, if you allow your SAP systems to support Kerberos authentication as well, then you will be able to logon to Windows workstation, and use the Kerberos credentials issued by Active Directory during this logon to log the user onto SAP.
This is common, and easy to acheive. You need to use the SNC capability which is provided in SAP GUI and also in SAP ABAP engine, and you also need a GSS-API library for both workstations and for the SAP servers that implements the Kerberos protocol. If your SAP server is running on Windows Servers then you can get this GSS-API library from SAP, but if (like many companies) you are running SAP ECC, BW, SCM etc. on UNIX or Linux servers then you need to license a third-party product which provides the GSS-API library etc. I represent a vendor (CyberSafe) that provides this exact product, but you can also find other vendors by looking on SAP partner website, under SNC certified products list. If you want to find out more about our product, please ask me offline by getting my email address from my business card.
I hope this helps. Of course, if there are any questions for me related to this which are appropriate for public viewing then please ask them via this forum instead of via email.
Regards,
Tim -
Setting management interface WLC 7.4.121.0
Hello.
I have a problem setting Management interface IP in new controller 5508. I get the error "Error in setting management interface IP".I can not place a management controller IP.
Starting IPv6 Services: ok
Starting Config Sync Manager : ok
Starting Hotspot Services: ok
Starting PMIP Services: ok
Starting Portal Server Services: ok
Starting mDNS Services: ok
Starting Management Services:
Web Server: CLI: ok
Secure Web: Web Authentication Certificate not found (error). If you cannot access management interface via HTTPS please reconfigure Virtual Interface.
License Agent: ok
(Cisco Controller)
Welcome to the Cisco Wizard Configuration Tool
Use the '-' character to backup
Would you like to terminate autoinstall? [yes]: -
Invalid response
Would you like to terminate autoinstall? [yes]: no
System Name [Cisco_bf:dd:c4] (31 characters max):
AUTO-INSTALL: process terminated -- no configuration loaded
Enter Administrative User Name (24 characters max): admin
Enter Administrative Password (3 to 24 characters): ********
Re-enter Administrative Password : ********
Service Interface IP Address Configuration [static][DHCP]: none
Service Interface IP Address: 1.1.1.1
Service Interface Netmask: 255.255.255.0
Enable Link Aggregation (LAG) [yes][NO]: no
Management Interface IP Address: 192.168.10.1
Management Interface Netmask: 255.255.255.0
Management Interface Default Router: 192.168.10.10
Error in setting management interface IP
Management Interface IP Address: 10.10.10.1
Management Interface Netmask: 255.255.255.0
Management Interface Default Router: 10.10.10.100
Error in setting management interface IP
Management Interface IP Address:
Does anyone faced this issue?
Thanks.Hi,
Try these:
1. With the WLC, Please set flow control(in SecureCRT or hperterminal) to none. Once the changes are made, CLI will start working as usual.
2. Another common reason can be related to the virtual interface configuration of the controller. In order to resolve this problem, remove the virtual interface and then re-generate it with this command:
WLC>config interface address virtual 1.1.1.1
Then, reboot the controller. After the controller is rebooted, re-generate the webauth certificate locally on the controller with this command:
WLC>config certificate generate webauth
In the output of this command, you should see this message: Web Authentication certificate has been generated.
Now, you should be able to access the secure web mode of the controller upon reboot.
3. Try to use some diff IP address for service interface don't use 1.1.1.1.
Regards
Dont forget to rate helpful posts -
Has ANYone found a way to override or reset forgotten passwords for Pages documents?
Message was edited by: BeckyJAKeep it in a safe place,
eat a lot of fish so that your memory will become better and will remind you of the password.
Yvan KOENIG (VALLAURIS, France) jeudi 23 septembre 2010 16:46:21 -
Registration key vs. password?
I'm trying to install 10g from a Course Technology student CD. The installation wants a registration key, which the interface advises will be emailed to me upon registration. I've registered the software and received a numerical "password" -- that interface tells me the password is needed for the install. The install will not accept the "password" as a valid registration, and the registration screen will not email me a "registration key." Any ideas?
AFAIK, none of the Oracle software requires any form of software key to install. You need to contact the Course Vendor to find out what they are doing.
And, of course, you could easily download Oracle DB 10g from http://otn.oracle.com (look for the 'Download > Database' menu item) without any key or cost. -
Can you help? Two dialer interfaces with IP SLA for default route failover - issues
I have an issue with a Cisco 2821, it has an ADSL2+ HWIC whose ATM interfaces is linked to dialer 1 and a Gi0/1 interface with a pppoe client which is linked to dialer 2. Both dialer interfaces are up with their respective IP addresses. If the ADSL on dialer 1 fails i want the IP SLA to kick and and replace the default route for dialer 1 with one for dialer 2.
This config works if you manually shut down the dialer 1 interface, it injects the default route for dialer 2 and then when you unshut the interface, the default route for dialer 1 comes back. The problem i have is if you take out the cable for the ATM interface and take it down, it does not take the route out the routing table and the default route for dialer2, which works if you just shut down dialer 1 does not appear.
whats the difference between shutting down dialer1 and it fails over the default route and taking the cable out then it does not?
Here is my config, i'm sure its something simple i'm doing wrong, can anyone help???
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname Router
boot-start-marker
boot-end-marker
logging message-counter syslog
enable secret 5 $1$qOOJ$HV5AH6US/YZMuCGPYp3pP.
no aaa new-model
dot11 syslog
ip source-route
ip cef
ip dhcp excluded-address 192.168.0.1
ip dhcp pool pool1
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1
dns-server 188.92.232.50 188.92.232.100
no ip domain lookup
no ipv6 cef
multilink bundle-name authenticated
voice-card 0
no dspfarm
archive
log config
hidekeys
track 1 ip sla 1 reachability
interface GigabitEthernet0/0
description Gi0/30 Local LAN
ip address 192.168.0.1 255.255.255.0
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly
no ip mroute-cache
duplex auto
speed auto
snmp trap ip verify drop-rate
no mop enabled
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 2
interface ATM0/2/0
description ATM0_DSL
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
logging event atm pvc state
logging event subif-link-status
no atm ilmi-keepalive
dsl operating-mode auto
dsl enable-training-log
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
interface Dialer1
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1492
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
keepalive 1 3
no cdp enable
ppp lcp predictive
ppp authentication pap chap callin
ppp chap hostname ********@ccsleeds.net
ppp chap password 0 ********
ppp pap sent-username *******@ccsleeds.net password 0 ********
interface Dialer2
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1492
encapsulation ppp
dialer pool 2
keepalive 1 3
no cdp enable
ppp lcp predictive
ppp authentication pap chap callin
ppp chap hostname **********@adsllogin.co.uk
ppp chap password 0 *********
ppp pap sent-username *********@adsllogin.co.uk password 0 ***********
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1 track 1
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 0.0.0.0 0.0.0.0 Dialer2 10
no ip http server
no ip http secure-server
ip nat inside source list 1 interface Dialer1 overload
ip sla 1
icmp-echo 8.8.8.8 source-interface di1
timeout 1000
threshold 100
frequency 3
ip sla schedule 1 life forever start-time now
access-list 1 permit 192.168.0.0 0.0.0.255
control-plane
gatekeeper
shutdown
line con 0
line aux 0
line vty 0 4
password test
login
scheduler allocate 20000 1000
endSure that EEM can shut/unshut interface...you have "event track" in EEM for monitoring track events...for example:
event manager applet test
event track 1 state down
action 1.0 command "enable"
action 1.1 command "conf t"
action 1.2 command "interfac dialer 1"
action 1.3 command "shut"
action 1.4 syslog "Dialer 1 down!!!"
action 1.5 end
This would be an example from head :)
You would need another EEM similar to this one for unshutting interface with "event track 1 state up" for bringing interface up again.
Again as I said you would need to test this before putting in production and you would maybe need to tweak this a little bit acording to your needs...
BR,
Dragan -
The @Override annotation behaviour
Hello!
Why does the @Override annotation work with abstract methods and doesn's work with interface methods?
For example:
public abstract class Base {
abstract public void foo();
public class Child extends Base {
@Override public void foo() { } // OK
public interface Interface {
void foo();
public class Implementation implements Interface {
@Override public void foo() { } // ERROR: method does not override a method from its superclass
}Thanks you!I am not sure what you mean by doesn't work, but ...
In the J2SE 1.5.0 documentation
http://java.sun.com/j2se/1.5.0/docs/api/java/lang/Override.html
Indicates that a method declaration is intended to override a method declaration in a
superclass. If a method is annotated with this annotation type but does not override a
superclass method, compilers are required to generate an error message.This specifically states that this is used to require the compiler to generate an error message when the annotated method does not override a superclass method.
Interfaces are not superclasses. In your example, the superclass of class Implementation is Object, not Interface.
� {� -
3G interface resets but signal looks good
Hi All,
can anyone explain what this means.I have enabled the following debugs. everytime I look at it there is no issue with the signal. But my guess is the router interface is resetting due to the signal. Can anyone explain if its due to 3G signalling
Router 881G
CELLULAR:
DATA debugging is on
DM debugging is on
ASYNC debugging is on
RDM debugging is on
CALLBACK debugging is on
PPP:
PPP authentication debugging is on
PPP protocol errors debugging is on
PPP protocol negotiation debugging is on
BAP:
BAP negotiation debugging is on
BAP error debugging is on
3688676: Mar 29 08:48:33.641 BRU: Ce0 PPP: Outbound ip packet dropped, line protocol not up
3688677: Mar 29 08:48:33.641 BRU: Ce0 PPP: Outbound ip packet dropped, line protocol not up
3688678: Mar 29 08:48:33.641 BRU: Ce0 PPP: Outbound ip packet dropped, line protocol not up
3688679: Mar 29 08:48:33.641 BRU: Ce0 PPP: Outbound ip packet dropped,
3688700: Mar 29 08:48:36.749 BRU: new DSR value received, 1
3688701: Mar 29 08:48:36.749 BRU: old value: handshakes->DSR= 1
3688702: Mar 29 08:48:38.741 BRU: %LINK-3-UPDOWN: Interface Cellular0, changed state to down
3688703: Mar 29 08:48:38.741 BRU: Ce0 PPP: Sending cstate DOWN notification
3688704: Mar 29 08:48:38.745 BRU: Ce0 PPP: Processing CstateDown message
3688705: Mar 29 08:48:49.326 BRU: new DSR value received, 1
3688706: Mar 29 08:48:49.326 BRU: old value: handshakes->DSR= 1
3688707: Mar 29 08:48:49.758 BRU: new DSR value received, 1
3688708: Mar 29 08:48:49.758 BRU: old value: handshakes->DSR= 1
3688709: Mar 29 08:48:56.582 BRU: %LINK-3-UPDOWN: Interface Cellular0, changed state to up
3688710: Mar 29 08:48:56.590 BRU: %DIALER-6-BIND: Interface Ce0 bound to profile Di1
3688711: Mar 29 08:48:56.590 BRU: Ce0 PPP: Sending cstate UP notification
3688712: Mar 29 08:48:56.594 BRU: Ce0 PPP: Processing CstateUp message
Cellular0 is up, line protocol is up
Hardware is 3G Modem-HSPA/UMTS/EDGE/GPRS-850/900/1800/1900/2100MHz / Global
Description: [cewan-phy]
MTU 1500 bytes, BW 5760 Kbit/sec, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, LCP Open
Open: IPCP, loopback not set
Keepalive not supported
Interface is bound to Di1 (Encapsulation PPP)
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters 2d03h
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: Class-based queueing
Output queue: 0/1000/0 (size/max total/drops)
30 second input rate 0 bits/sec, 0 packets/sec
30 second output rate 0 bits/sec, 0 packets/sec
53671 packets input, 15696493 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
62119 packets output, 13733542 bytes, 0 underruns
0 output errors, 0 collisions, 5 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
DCD=up DSR=up DTR=up RTS=up CTS=up
Hardware Information
====================
Modem Firmware Version = K2_0_7_19AP C:/WS/F
Modem Firmware built = 10/26/09
Hardware Version = 1.0
International Mobile Subscriber Identity (IMSI) = 206012210378433
International Mobile Equipment Identity (IMEI) = 359109030082750
Integrated Circuit Card ID (ICCID) = 8932002100084586363
Mobile Subscriber International Subscriber
IDentity Number (MSISDN) =
Factory Serial Number (FSN) = D57138003301002
Modem Status = Online
Current Modem Temperature = 46 deg C, State = Normal
PRI SKU ID = 9993165, SKU Rev. = 1.0
Profile Information
====================
Profile password Encryption level: 7
Profile 1 = ACTIVE*
PDP Type = IPv4
PDP address = <ip address masked>
Access Point Name (APN) = internet.proximus.be
Authentication = None
Username: , Password: 02
* - Default profile
Data Connection Information
===========================
Data Transmitted = 10775742 bytes, Received = 12294276 bytes
Profile 1, Packet Session Status = ACTIVE
IP address = <ip address masked>
Profile 2, Packet Session Status = INACTIVE
Inactivity Reason = Normal inactivate state
Profile 3, Packet Session Status = INACTIVE
Inactivity Reason = Normal inactivate state
Profile 4, Packet Session Status = INACTIVE
Inactivity Reason = Normal inactivate state
Profile 5, Packet Session Status = INACTIVE
Inactivity Reason = Normal inactivate state
Profile 6, Packet Session Status = INACTIVE
Inactivity Reason = Normal inactivate state
Profile 7, Packet Session Status = INACTIVE
Inactivity Reason = Normal inactivate state
Profile 8, Packet Session Status = INACTIVE
Inactivity Reason = Normal inactivate state
Profile 9, Packet Session Status = INACTIVE
Inactivity Reason = Normal inactivate state
Profile 10, Packet Session Status = INACTIVE
Inactivity Reason = Normal inactivate state
Profile 11, Packet Session Status = INACTIVE
Inactivity Reason = Normal inactivate state
Profile 12, Packet Session Status = INACTIVE
Inactivity Reason = Normal inactivate state
Profile 13, Packet Session Status = INACTIVE
Inactivity Reason = Normal inactivate state
Profile 14, Packet Session Status = INACTIVE
Inactivity Reason = Normal inactivate state
Profile 15, Packet Session Status = INACTIVE
Inactivity Reason = Normal inactivate state
Profile 16, Packet Session Status = INACTIVE
Inactivity Reason = Normal inactivate state
Network Information
===================
Current Service Status = Normal, Service Error = None
Current Service = Combined
Packet Service = HSPA (Attached)
Packet Session Status = Active
Current Roaming Status = Home
Network Selection Mode = Automatic
Country = BEL, Network = PROXI
Mobile Country Code (MCC) = 206
Mobile Network Code (MNC) = 1
Location Area Code (LAC) = 2603
Routing Area Code (RAC) = 208
Cell ID = 20324
Primary Scrambling Code = 466
PLMN Selection = Automatic
Registered PLMN = BEL PROXIMUS , Abbreviated = PROXI
Service Provider =
Radio Information
=================
Radio power mode = ON
Current Band = WCDMA 2100, Channel Number = 10588
Current RSSI = -84 dBm
Band Selected = Auto
Number of nearby cells = 1
Cell 1
Primary Scrambling Code = 0x1D2
RSCP = -84 dBm, ECIO = -2 dBm
Modem Security Information
==========================
Card Holder Verification (CHV1) = Disabled
SIM Status = OK
SIM User Operation Required = None
Number of Retries remaining = 3Hi Marco,
Connection goes down intermittently and it stays up for very long time, more than a day some time or some time certain no of hours. I am not running any ping. I am not sure about the timing it takes between IPCP is completed ("IPCP: State is Open") and the link is closed ("I TERMREQ").
IOS c880data-universalk9-mz.151-1.T1.bin
Model 881G
One of my friend said there is a bug on 881G router IOS not sure about it though, but he hasnt seen my debug output.
This is the bug he was saying but I am not sure if mine is related to that as my CHAT script dont seem to be time out.
Problem Code: Error Messages, Logs, Debugs Software Version: C880DATA-universalk9-mz.151-2. Problem Details: Customer is running traffic over the 3card in a 881G. It fails however I can see from "show cell 0 all" that the modem has 3G coverage and a good signal as the RSSI is good. However the chat script continues to timeout. The configuration has not changed and it has worked and fails intermi
Thanks in Advance for your help
I have attached the debug of the CHAT script when the link goes down and come back.
3706575: Apr 1 08:51:03.995 BRU: Ce0 PPP: Outbound ip packet dropped, line protocol not up
3706576: Apr 1 08:51:03.995 BRU: Ce0 PPP: Outbound ip packet dropped, line protocol not up
3706577: Apr 1 08:51:03.995 BRU: Ce0 PPP: Outbound ip packet dropped, line protocol not up
3706578: Apr 1 08:51:03.995 BRU: Ce0 PPP: Outbound ip packet dropped, line protocol not up
3706579: Apr 1 08:51:03.999 BRU: Ce0 PPP: No remote authentication for call-out
3706580: Apr 1 08:51:03.999 BRU: Ce0 LCP: Event[Timeout-] State[Closing to Closed]
3706581: Apr 1 08:51:03.999 BRU: Ce0 LCP: Event[DOWN] State[Closed to Initial]
3706582: Apr 1 08:51:03.999 BRU: Ce0 PPP: Phase is DOWN
3706583: Apr 1 08:51:04.007 BRU: %LINEPROTO-5-UPDOWN: Line protocol on Interface Cellular0, changed state to down
3706584: Apr 1 08:51:06.007 BRU: %LINK-5-CHANGED: Interface Cellular0, changed state to reset
3706585: Apr 1 08:51:06.011 BRU: Ce0 DDR: has total 0 call(s), dial_out 0, dial_in 0
3706586: Apr 1 08:51:06.011 BRU: %DIALER-6-UNBIND: Interface Ce0 unbound from profile Di1
3706587: Apr 1 08:51:06.011 BRU: Ce0 PPP: Sending cstate DOWN notification
3706588: Apr 1 08:51:06.011 BRU: Ce0 PPP: Processing CstateDown message
3706589: Apr 1 08:51:06.015 BRU: Di1 DDR: No free dialer - starting fast idle timer
3706590: Apr 1 08:51:07.015 BRU: Di1 DDR: No free dialer - starting fast idle timer
3706591: Apr 1 08:51:08.015 BRU: Di1 DDR: No free dialer - starting fast idle timer
3706592: Apr 1 08:51:09.083 BRU: Di1 DDR: No free dialer - starting fast idle timer
3706593: Apr 1 08:51:10.083 BRU: Di1 DDR: No free dialer - starting fast idle timer
3706594: Apr 1 08:51:11.083 BRU: %LINK-3-UPDOWN: Interface Cellular0, changed state to down
3706595: Apr 1 08:51:11.083 BRU: Ce0 PPP: Sending cstate DOWN notification
3706596: Apr 1 08:51:11.083 BRU: Di1 DDR: No free dialer - starting fast idle timer
3706597: Apr 1 08:51:11.087 BRU: Ce0 PPP: Processing CstateDown message
3706598: Apr 1 08:51:12.083 BRU: Di1 DDR: No free dialer - starting fast idle timer
3706599: Apr 1 08:51:13.083 BRU: Di1 DDR: No free dialer - starting fast idle timer
3706600: Apr 1 08:51:14.083 BRU: Di1 DDR: No free dialer - starting fast idle timer
3706601: Apr 1 08:51:15.083 BRU: Di1 DDR: No free dialer - starting fast idle timer
3706602: Apr 1 08:51:16.083 BRU: Di1 DDR: No free dialer - starting fast idle timer
3706603: Apr 1 08:51:17.083 BRU: Di1 DDR: No free dialer - starting fast idle timer
3706604: Apr 1 08:51:18.083 BRU: Di1 DDR: No free dialer - starting fast idle timer
3706605: Apr 1 08:51:19.083 BRU: Di1 DDR: No free dialer - starting fast idle timer
3706606: Apr 1 08:51:20.083 BRU: Di1 DDR: No free dialer - starting fast idle timer
3706607: Apr 1 08:51:21.011 BRU: Ce0 DDR: re-enable timeout
3706608: Apr 1 08:51:21.083 BRU: Ce0 DDR: rotor dialout [best] least recent failure is also most recent failure
3706609: Apr 1 08:51:21.083 BRU: Ce0 DDR: rotor dialout [best] also has most recent failure
3706610: Apr 1 08:51:21.083 BRU: Ce0 DDR: rotor dialout [best]
3706611: Apr 1 08:51:21.083 BRU: Di1 DDR: Nailing up the Dialer profile [attempt 16]
3706612: Apr 1 08:51:21.083 BRU: Di1 DDR: Dialer dialing - persistent dialer profile
3706613: Apr 1 08:51:21.083 BRU: Ce0 DDR: Dialing cause Persistent Dialer Profile
3706614: Apr 1 08:51:21.083 BRU: Ce0 DDR: Attempting to dial cellprofile1
3706615: Apr 1 08:51:21.083 BRU: CHAT3: Attempting async line dialer script
3706616: Apr 1 08:51:21.083 BRU: CHAT3: Dialing using Modem script: cellprofile1 & System script: none
3706617: Apr 1 08:51:21.083 BRU: CHAT3: process started
3706618: Apr 1 08:51:21.083 BRU: CHAT3: Asserting DTR
3706619: Apr 1 08:51:21.087 BRU: CHAT3: Chat script cellprofile1 started
3706620: Apr 1 08:51:21.087 BRU: CHAT3: Sending string: ATDT*99***1#
3706621: Apr 1 08:51:21.087 BRU: CHAT3: Expecting string: CONNECT
3706622: Apr 1 08:51:21.091 BRU: CHAT3: Completed match for expect: CONNECT
3706623: Apr 1 08:51:21.091 BRU: CHAT3: Chat script cellprofile1 finished, status = Success
3706624: Apr 1 08:51:23.171 BRU: %LINK-3-UPDOWN: Interface Cellular0, changed state to up
3706625: Apr 1 08:51:23.171 BRU: Ce0 DDR: Dialer statechange to up
3706626: Apr 1 08:51:23.175 BRU: %DIALER-6-BIND: Interface Ce0 bound to profile Di1
3706627: Apr 1 08:51:23.175 BRU: Ce0 DDR: Dialer call has been placed
3706628: Apr 1 08:51:23.175 BRU: Ce0 PPP: Sending cstate UP notification
3706629: Apr 1 08:51:23.179 BRU: Ce0 PPP: Processing CstateUp message
3706630: Apr 1 08:51:23.183 BRU: PPP: Alloc Context [852C2C68]
3706631: Apr 1 08:51:23.183 BRU: ppp23 PPP: Phase is ESTABLISHING
3706632: Apr 1 08:51:23.183 BRU: Ce0 PPP: Using dialer call direction
3706633: Apr 1 08:51:23.183 BRU: Ce0 PPP: Treating connection as a callout
3706634: Apr 1 08:51:23.183 BRU: Ce0 PPP: Session handle[AE000017] Session id[23]
3706635: Apr 1 08:51:23.183 BRU: Ce0 LCP: Event[OPEN] State[Initial to Starting]
3706636: Apr 1 08:51:23.183 BRU: Ce0 PPP: No remote authentication for call-out
3706637: Apr 1 08:51:23.183 BRU: Ce0 LCP: O CONFREQ [Starting] id 1 len 20
3706638: Apr 1 08:51:23.183 BRU: Ce0 LCP: ACCM 0x000A0000 (0x0206000A0000)
3706639: Apr 1 08:51:23.183 BRU: Ce0 LCP: MagicNumber 0xE74DCDE6 (0x0506E74DCDE6)
3706640: Apr 1 08:51:23.183 BRU: Ce0 LCP: PFC (0x0702)
3706641: Apr 1 08:51:23.183 BRU: Ce0 LCP: ACFC (0x0802)
3706642: Apr 1 08:51:23.183 BRU: Ce0 LCP: Event[UP] State[Starting to REQsent]
3706643: Apr 1 08:51:23.191 BRU: Ce0 LCP: I CONFREQ [REQsent] id 7 len 25
3706644: Apr 1 08:51:23.191 BRU: Ce0 LCP: ACCM 0x00000000 (0x020600000000)
3706645: Apr 1 08:51:23.191 BRU: Ce0 LCP: AuthProto CHAP (0x0305C22305)
3706646: Apr 1 08:51:23.191 BRU: Ce0 LCP: MagicNumber 0x813CA39C (0x0506813CA39C)
3706647: Apr 1 08:51:23.191 BRU: Ce0 LCP: PFC (0x0702)
3706648: Apr 1 08:51:23.191 BRU: Ce0 LCP: ACFC (0x0802)
3706649: Apr 1 08:51:23.191 BRU: Ce0 LCP: O CONFACK [REQsent] id 7 len 25
3706650: Apr 1 08:51:23.191 BRU: Ce0 LCP: ACCM 0x00000000 (0x020600000000)
3706651: Apr 1 08:51:23.191 BRU: Ce0 LCP: AuthProto CHAP (0x0305C22305)
3706652: Apr 1 08:51:23.191 BRU: Ce0 LCP: MagicNumber 0x813CA39C (0x0506813CA39C)
3706653: Apr 1 08:51:23.191 BRU: Ce0 LCP: PFC (0x0702)
3706654: Apr 1 08:51:23.191 BRU: Ce0 LCP: ACFC (0x0802)
3706655: Apr 1 08:51:23.191 BRU: Ce0 LCP: Event[Receive ConfReq+] State[REQsent to ACKsent]
3706656: Apr 1 08:51:23.191 BRU: Ce0 LCP: I CONFACK [ACKsent] id 1 len 20
3706657: Apr 1 08:51:23.191 BRU: Ce0 LCP: ACCM 0x000A0000 (0x0206000A0000)
3706658: Apr 1 08:51:23.191 BRU: Ce0 LCP: MagicNumber 0xE74DCDE6 (0x0506E74DCDE6)
3706659: Apr 1 08:51:23.191 BRU: Ce0 LCP: PFC (0x0702)
3706660: Apr 1 08:51:23.191 BRU: Ce0 LCP: ACFC (0x0802)
3706661: Apr 1 08:51:23.191 BRU: Ce0 LCP: Event[Receive ConfAck] State[ACKsent to Open]
3706662: Apr 1 08:51:23.199 BRU: Ce0 PPP: Queue CHAP code[1] id[1]
3706663: Apr 1 08:51:23.211 BRU: Ce0 PPP: Phase is AUTHENTICATING, by the peer
3706664: Apr 1 08:51:23.211 BRU: Ce0 CHAP: Redirect packet to Ce0
3706665: Apr 1 08:51:23.211 BRU: Ce0 CHAP: I CHALLENGE id 1 len 35 from "UMTS_CHAP_SRVR"
3706666: Apr 1 08:51:23.211 BRU: Ce0 PPP: Sent CHAP SENDAUTH Request
3706667: Apr 1 08:51:23.211 BRU: Ce0 LCP: State is Open
3706668: Apr 1 08:51:23.211 BRU: Ce0 PPP: Received SENDAUTH Response FAIL
3706669: Apr 1 08:51:23.211 BRU: Ce0 CHAP: Using hostname from interface CHAP
3706670: Apr 1 08:51:23.211 BRU: Ce0 CHAP: Using password from interface CHAP
3706671: Apr 1 08:51:23.211 BRU: Ce0 CHAP: O RESPONSE id 1 len 41 from
3706672: Apr 1 08:51:23.219 BRU: Ce0 CHAP: I SUCCESS id 1 len 4
3706673: Apr 1 08:51:23.219 BRU: Ce0 PPP: Phase is FORWARDING, Attempting Forward
3706674: Apr 1 08:51:23.223 BRU: Ce0 PPP: Phase is ESTABLISHING, Finish LCP
3706675: Apr 1 08:51:23.223 BRU: Ce0 PPP: Phase is UP
3706676: Apr 1 08:51:23.223 BRU: Ce0 IPCP: Protocol configured, start CP. state[Initial]
3706677: Apr 1 08:51:23.223 BRU: Ce0 IPCP: Event[OPEN] State[Initial to Starting]
3706678: Apr 1 08:51:23.223 BRU: Ce0 IPCP: O CONFREQ [Starting] id 1 len 22
3706679: Apr 1 08:51:23.223 BRU: Ce0 IPCP: Address 0.0.0.0 (0x030600000000)
3706680: Apr 1 08:51:23.223 BRU: Ce0 IPCP: PrimaryDNS 0.0.0.0 (0x810600000000)
3706681: Apr 1 08:51:23.223 BRU: Ce0 IPCP: SecondaryDNS 0.0.0.0 (0x830600000000)
3706682: Apr 1 08:51:23.223 BRU: Ce0 IPCP: Event[UP] State[Starting to REQsent]
3706683: Apr 1 08:51:23.227 BRU: %LINEPROTO-5-UPDOWN: Line protocol on Interface Cellular0, changed state to up
3706684: Apr 1 08:51:24.223 BRU: Ce0 IPCP: I CONFNAK [REQsent] id 1 len 16
3706685: Apr 1 08:51:24.223 BRU: Ce0 IPCP: PrimaryDNS (0x81060A0B0C0D)
3706686: Apr 1 08:51:24.223 BRU: Ce0 IPCP: SecondaryDNS (0x83060A0B0C0E)
3706687: Apr 1 08:51:24.223 BRU: Ce0 IPCP: O CONFREQ [REQsent] id 2 len 22
3706688: Apr 1 08:51:24.223 BRU: Ce0 IPCP: Address 0.0.0.0 (0x030600000000)
3706689: Apr 1 08:51:24.227 BRU: Ce0 IPCP: PrimaryDNS (0x81060A0B0C0D)
3706690: Apr 1 08:51:24.227 BRU: Ce0 IPCP: SecondaryDNS (0x83060A0B0C0E)
3706691: Apr 1 08:51:24.227 BRU: Ce0 IPCP: Event[Receive ConfNak/Rej] State[REQsent to REQsent]
3706692: Apr 1 08:51:25.231 BRU: Ce0 IPCP: I CONFNAK [REQsent] id 2 len 16
3706693: Apr 1 08:51:25.231 BRU: Ce0 IPCP: PrimaryDNS (0x81060A0B0C0D)
3706694: Apr 1 08:51:25.231 BRU: Ce0 IPCP: SecondaryDNS (0x83060A0B0C0E)
3706695: Apr 1 08:51:25.231 BRU: Ce0 IPCP: O CONFREQ [REQsent] id 3 len 22
3706696: Apr 1 08:51:25.231 BRU: Ce0 IPCP: Address 0.0.0.0 (0x030600000000)
3706697: Apr 1 08:51:25.231 BRU: Ce0 IPCP: PrimaryDNS (0x81060A0B0C0D)
3706698: Apr 1 08:51:25.231 BRU: Ce0 IPCP: SecondaryDNS (0x83060A0B0C0E)
3706699: Apr 1 08:51:25.231 BRU: Ce0 IPCP: Event[Receive ConfNak/Rej] State[REQsent to REQsent]
3706700: Apr 1 08:51:25.423 BRU: Ce0 IPCP: I CONFREQ [REQsent] id 2 len 4
3706701: Apr 1 08:51:25.423 BRU: Ce0 IPCP AUTHOR: Done. Her address 0.0.0.0, we want 0.0.0.0
3706702: Apr 1 08:51:25.423 BRU: Ce0 IPCP: O CONFACK [REQsent] id 2 len 4
3706703: Apr 1 08:51:25.427 BRU: Ce0 IPCP: Event[Receive ConfReq+] State[REQsent to ACKsent]
3706704: Apr 1 08:51:25.427 BRU: Ce0 IPCP: I CONFNAK [ACKsent] id 3 len 22
3706705: Apr 1 08:51:25.427 BRU: Ce0 IPCP: Address (0x0306B2904FF3)
3706706: Apr 1 08:51:25.427 BRU: Ce0 IPCP: PrimaryDNS (0x810651A93C6B)
3706707: Apr 1 08:51:25.427 BRU: Ce0 IPCP: SecondaryDNS (0x830651A93C6B)
3706708: Apr 1 08:51:25.427 BRU: Ce0 IPCP: O CONFREQ [ACKsent] id 4 len 22
3706709: Apr 1 08:51:25.427 BRU: Ce0 IPCP: Address (0x0306B2904FF3)
3706710: Apr 1 08:51:25.427 BRU: Ce0 IPCP: PrimaryDNS (0x810651A93C6B)
3706711: Apr 1 08:51:25.427 BRU: Ce0 IPCP: SecondaryDNS (0x830651A93C6B)
3706712: Apr 1 08:51:25.427 BRU: Ce0 IPCP: Event[Receive ConfNak/Rej] State[ACKsent to ACKsent]
3706713: Apr 1 08:51:25.443 BRU: Ce0 IPCP: I CONFACK [ACKsent] id 4 len 22
3706714: Apr 1 08:51:25.475 BRU: Ce0 IPCP: Address (0x0306B2904FF3)
3706715: Apr 1 08:51:25.475 BRU: Ce0 IPCP: PrimaryDNS (0x810651A93C6B)
3706716: Apr 1 08:51:25.475 BRU: Ce0 IPCP: SecondaryDNS (0x830651A93C6B)
3706717: Apr 1 08:51:25.475 BRU: Ce0 IPCP: Event[Receive ConfAck] State[ACKsent to Open]
3706718: Apr 1 08:51:25.475 BRU: Ce0 IPCP: State is Open
3706719: Apr 1 08:51:25.475 BRU: Di1 IPCP: Install negotiated IP interface address
3706720: Apr 1 08:51:25.479 BRU: Ce0 DDR: dialer protocol up
3706721: Apr 1 08:51:25.479 BRU: Di1 DDR: Persistent Dialer Profile nailed up successfully
Cheers
Raj -
Strange Wireshark Capture XR Span
Good afternoon. I am working on Inter-op with a brocade CER and an ASR 9001 and I am running into an issue getting ISIS adjacency up. I was able to solve this on our other systems by paying close attention to wireshark captures of the authentication of Hello and LSP adjacency.
However, when mirroring on the XR, I am getting some strange output. Here is my config:
monitor-session BROCADE ethernet
destination interface GigabitEthernet0/0/0/2
interface GigabitEthernet0/0/0/10
description UPLINK TO BOTTOM BROCADE ETHERNET 2
ipv4 address 10.9.0.94 255.255.255.252
monitor-session BROCADE ethernet
negotiation auto
Here is a screenshot of the packet capture:
http://goo.gl/7xDLxwHere is the brocade side:
router isis
net 49.0002.0100.0900.0200.00
auth-mode cleartext level-2
auth-key "********" level-2
bfd all-interfaces
log adjacency
log invalid-lsp-packets
set-overload-bit on-startup 30
address-family ipv4 unicast
default-metric 200
metric-style wide
exit-address-family
address-family ipv6 unicast
exit-address-family
interface ethernet 1/2
port-name P2P to West 9001
enable
route-only
ip router isis
ip address 10.9.0.93/30
isis auth-mode cleartext
isis auth-key "********"
isis circuit-type level-2
isis ipv6 metric 200
isis metric 200
isis point-to-point
Here is the Cisco side:
router isis lab
set-overload-bit on-startup 30
net 49.0002.0100.0900.0197.00
nsf ietf
lsp-gen-interval maximum-wait 30000 initial-wait 30000 secondary-wait 30000
lsp-password text encrypted 130232020F3901130F1D0C356205373D11362B425A level 2
address-family ipv4 unicast
metric-style wide
metric 16000000
ispf
default-information originate
address-family ipv6 unicast
metric-style wide
metric 16000000
interface Loopback0
passive
circuit-type level-2-only
address-family ipv4 unicast
metric 200
interface GigabitEthernet0/0/0/10
circuit-type level-2-only
point-to-point
hello-password text encrypted 121E2007163E093D0E12002E641206290023291555
address-family ipv4 unicast
metric 200
I have not disabled ISIS authentication because although it is a lab others are working in it and would interrupt some of what they are doing.
So far in the wireshark it looks like I can see hellos from the Cisco, but not from the brocade. Perhaps I am on the wrong support forums? :) -
Windows 8.1 Screen Locking at Display Turn Off (instead of only at Sleep)
Hi All,
I am having this issue with clients running Windows 8.1 Enterprise, which we are planning to deploy later on this summer.
We currently have a GPO setup for managing the power settings on our staff computers:
This GPO sets computers to sleep after 1 hour, but turn off the monitor after 5 minutes of inactivity
On our Windows 7 systems, the policy applies correctly and if our staff uses their computer before 60 minutes of inactvity (before they go to sleep),
the screens will just turn back on without prompting for login.
I have noticed however on our Windows 8.1 test computers, in the same OU, which receive this policy, that after 5 minutes when the screen goes off, if a staff member attempts to use their computer they will be prompted for a password even though the
unit was not in sleep mode.
Further more, I've noticed that on the Windows 8.1 Systems, I am able to override the "Require a Password on Wakeup" setting using the metro interface, as pictured below (the setting does change in power options as seen below), and does stay in
the No setting even if I run gupdate and reboot.
Any idea how to keep the Require Password for waking up, but not just for computer with the screen powered down?
(I should also not screen savers are not being used)Hi,
You can tried also set the item Sleep: After 60 min to see what's going on.
On my laptop, once I configure this, the display turns off without lock the computer.
Kate Li
TechNet Community Support -
Internet Connection Became Slow after Introduction of Cisco ASA 5505 to the Network
I configured a Cisco ASA 5505 (Version Cisco Adaptive Security Appliance Software Version 7.2(3)
Device Manager Version 5.2(3)
in transparent firewall mode and inserted after Cisco 1700 router. However, the internet connection became very slow and users are compaining that they cannot load any pages.
My setup looks like:
Internet --> Cisco 1700 --> Cisco ASA 5505 --> LAN
The license information is:
Licensed features for this platform:
Maximum Physical Interfaces : 8
VLANs : 3, DMZ Restricted
Inside Hosts : Unlimited
Failover : Disabled
VPN-DES : Enabled
VPN-3DES-AES : Enabled
VPN Peers : 10
WebVPN Peers : 2
Dual ISPs : Disabled
VLAN Trunk Ports : 0
This platform has a Base license.
The flash activation key is the SAME as the running key.
My running-config looks like:
ASA Version 7.2(3)
firewall transparent
hostname ciscoasa
domain-name default.domain.invalid
enable password 8Ry2YjIyt7RRXU24 encrypted
names
interface Vlan1
nameif inside
security-level 100
no shut
interface Vlan2
nameif outside
security-level 0
no shut
interface Ethernet0/0
switchport access vlan 2
no shut
interface Ethernet0/1
no shut
interface Ethernet0/2
no shut
interface Ethernet0/3
no shut
interface Ethernet0/4
no shut
interface Ethernet0/5
no shut
interface Ethernet0/6
no shut
interface Ethernet0/7
no shut
passwd 2KFQnbNIdI.2KYOU encrypted
regex urllist1 ".*\.([Ee][Xx][Ee]|[Cc][Oo][Mm]|[Bb][Aa][Tt]) HTTP/1.[01]"
regex urllist2 ".*\.([Pp][Ii][Ff]|[Vv][Bb][Ss]|[Ww][Ss][Hh]) HTTP/1.[01]"
regex urllist3 ".*\.([Dd][Oo][Cc]|[Xx][Ll][Ss]|[Pp][Pp][Tt]) HTTP/1.[01]"
regex urllist4 ".*\.([Zz][Ii][Pp]|[Tt][Aa][Rr]|[Tt][Gg][Zz]) HTTP/1.[01]"
regex domainlist1 "\.facebook\.com"
regex domainlist2 "\.diretube\.com"
regex domainlist3 "\.youtube\.com"
regex domainlist4 "\.vimeo\.com"
regex applicationheader "application/.*"
regex contenttype "Content-Type"
ftp mode passive
dns server-group DefaultDNS
domain-name default.domain.invalid
access-list outside_in extended permit ip any any
access-list inside_mpc extended permit tcp any any eq www
access-list inside_mpc extended permit tcp any any eq 8080
pager lines 24
mtu outside 1500
mtu inside 1500
ip address 192.168.1.254 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
access-group outside_in in interface outside
route outside 0.0.0.0 0.0.0.0 192.168.1.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
class-map type regex match-any DomainBlockList
match regex domainlist1
match regex domainlist2
match regex domainlist3
match regex domainlist4
class-map type inspect http match-all BlockDomainsClass
match request header host regex class DomainBlockList
class-map type regex match-any URLBlockList
match regex urllist1
match regex urllist2
match regex urllist3
match regex urllist4
class-map inspection_default
match default-inspection-traffic
class-map type inspect http match-all AppHeaderClass
match response header regex contenttype regex applicationheader
class-map httptraffic
match access-list inside_mpc
class-map type inspect http match-all BlockURLsClass
match request uri regex class URLBlockList
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map type inspect http http_inspection_policy
parameters
protocol-violation action drop-connection
class AppHeaderClass
drop-connection log
match request method connect
drop-connection log
class BlockDomainsClass
reset log
class BlockURLsClass
reset log
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
policy-map inside-policy
class httptraffic
inspect http http_inspection_policy
service-policy global_policy global
service-policy inside-policy interface inside
prompt hostname context
Cryptochecksum:8ab1a53df6ae3c202aee236d6080edfd
: end
Could the slow internet connection be due to license limitations? Or is there something wrong with my configuration?
Please see the configuration and help.
ThanksI have re-configured the ASA 5505 yesterday and so far it's working fine. I am not sure if the problem will re-appear later on. Anyways here is my sh tech-support
ciscoasa# sh tech-support
Cisco Adaptive Security Appliance Software Version 7.2(3)
Device Manager Version 5.2(3)
Compiled on Wed 15-Aug-07 16:08 by builders
System image file is "disk0:/asa723-k8.bin"
Config file at boot was "startup-config"
ciscoasa up 14 hours 16 mins
Hardware: ASA5505, 256 MB RAM, CPU Geode 500 MHz
Internal ATA Compact Flash, 128MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB
Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)
Boot microcode : CNlite-MC-Boot-Cisco-1.2
SSL/IKE microcode: CNlite-MC-IPSEC-Admin-3.03
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.04
0: Int: Internal-Data0/0 : address is 001f.9ee8.ffa2, irq 11
1: Ext: Ethernet0/0 : address is 001f.9ee8.ff9a, irq 255
2: Ext: Ethernet0/1 : address is 001f.9ee8.ff9b, irq 255
3: Ext: Ethernet0/2 : address is 001f.9ee8.ff9c, irq 255
4: Ext: Ethernet0/3 : address is 001f.9ee8.ff9d, irq 255
5: Ext: Ethernet0/4 : address is 001f.9ee8.ff9e, irq 255
6: Ext: Ethernet0/5 : address is 001f.9ee8.ff9f, irq 255
<--- More --->
7: Ext: Ethernet0/6 : address is 001f.9ee8.ffa0, irq 255
8: Ext: Ethernet0/7 : address is 001f.9ee8.ffa1, irq 255
9: Int: Internal-Data0/1 : address is 0000.0003.0002, irq 255
10: Int: Not used : irq 255
11: Int: Not used : irq 255
Licensed features for this platform:
Maximum Physical Interfaces : 8
VLANs : 3, DMZ Restricted
Inside Hosts : Unlimited
Failover : Disabled
VPN-DES : Enabled
VPN-3DES-AES : Enabled
VPN Peers : 10
WebVPN Peers : 2
Dual ISPs : Disabled
VLAN Trunk Ports : 0
This platform has a Base license.
Serial Number: JMX1211Z2N4
Running Activation Key: 0xaf0ed046 0xbcf18ebf 0x80b38508 0xba785cc0 0x05250493
Configuration register is 0x1
Configuration has not been modified since last system restart.
<--- More --->
------------------ show clock ------------------
18:32:58.254 UTC Tue Nov 26 2013
------------------ show memory ------------------
Free memory: 199837144 bytes (74%)
Used memory: 68598312 bytes (26%)
Total memory: 268435456 bytes (100%)
------------------ show conn count ------------------
1041 in use, 2469 most used
------------------ show xlate count ------------------
0 in use, 0 most used
------------------ show blocks ------------------
SIZE MAX LOW CNT
0 100 68 100
<--- More --->
4 300 299 299
80 100 92 100
256 100 94 100
1550 6174 6166 6174
2048 1124 551 612
------------------ show blocks queue history detail ------------------
History buffer memory usage: 2136 bytes (default)
------------------ show interface ------------------
Interface Internal-Data0/0 "", is up, line protocol is up
Hardware is y88acs06, BW 1000 Mbps
(Full-duplex), (1000 Mbps)
MAC address 001f.9ee8.ffa2, MTU not set
IP address unassigned
18491855 packets input, 11769262614 bytes, 0 no buffer
Received 213772 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 L2 decode drops, 0 demux drops
18185861 packets output, 11626494317 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 late collisions, 0 deferred
<--- More --->
0 input reset drops, 0 output reset drops
input queue (curr/max packets): hardware (0/0) software (0/0)
output queue (curr/max packets): hardware (0/55) software (0/0)
Control Point Interface States:
Interface number is unassigned
Interface Internal-Data0/1 "", is administratively down, line protocol is up
Hardware is 88E6095, BW 1000 Mbps
(Full-duplex), (1000 Mbps)
MAC address 0000.0003.0002, MTU not set
IP address unassigned
18184216 packets input, 11625360131 bytes, 0 no buffer
Received 206655 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 switch ingress policy drops
18490057 packets output, 11768078777 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
0 switch egress policy drops
Control Point Interface States:
Interface number is unassigned
Interface Loopback0 "_internal_loopback", is up, line protocol is up
Hardware is VirtualMAC address 0000.0000.0000, MTU 1500
IP address 127.1.0.1, subnet mask 255.255.0.0
<--- More --->
Traffic Statistics for "_internal_loopback":
1 packets input, 28 bytes
1 packets output, 28 bytes
1 packets dropped
1 minute input rate 0 pkts/sec, 0 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 0 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
Control Point Interface States:
Interface number is 28
Interface config status is active
Interface state is active
Interface Vlan1 "inside", is up, line protocol is up
Hardware is EtherSVI
MAC address 001f.9ee8.ffa2, MTU 1500
IP address 192.168.1.254, subnet mask 255.255.255.0
Traffic Statistics for "inside":
7742275 packets input, 903584114 bytes
10645034 packets output, 10347291114 bytes
184883 packets dropped
1 minute input rate 320 pkts/sec, 35404 bytes/sec
1 minute output rate 325 pkts/sec, 313317 bytes/sec
<--- More --->
1 minute drop rate, 17 pkts/sec
5 minute input rate 399 pkts/sec, 59676 bytes/sec
5 minute output rate 483 pkts/sec, 503200 bytes/sec
5 minute drop rate, 9 pkts/sec
Control Point Interface States:
Interface number is 1
Interface config status is active
Interface state is active
Interface Vlan2 "outside", is up, line protocol is up
Hardware is EtherSVI
MAC address 001f.9ee8.ffa3, MTU 1500
IP address 192.168.1.254, subnet mask 255.255.255.0
Traffic Statistics for "outside":
10750090 packets input, 10432619059 bytes
7541331 packets output, 870613684 bytes
109911 packets dropped
1 minute input rate 328 pkts/sec, 313770 bytes/sec
1 minute output rate 301 pkts/sec, 32459 bytes/sec
1 minute drop rate, 2 pkts/sec
5 minute input rate 485 pkts/sec, 503789 bytes/sec
5 minute output rate 387 pkts/sec, 57681 bytes/sec
5 minute drop rate, 2 pkts/sec
Control Point Interface States:
Interface number is 2
<--- More --->
Interface config status is active
Interface state is active
Interface Ethernet0/0 "", is up, line protocol is up
Hardware is 88E6095, BW 100 Mbps
Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
Available but not configured via nameif
MAC address 001f.9ee8.ff9a, MTU not set
IP address unassigned
10749794 packets input, 10630700889 bytes, 0 no buffer
Received 2506 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 L2 decode drops
3 switch ingress policy drops
7541070 packets output, 1028190148 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
0 rate limit drops
0 switch egress policy drops
Control Point Interface States:
Interface number is unassigned
Interface Ethernet0/1 "", is up, line protocol is up
Hardware is 88E6095, BW 100 Mbps
Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
<--- More --->
Available but not configured via nameif
MAC address 001f.9ee8.ff9b, MTU not set
IP address unassigned
7741977 packets input, 1064586806 bytes, 0 no buffer
Received 211282 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 L2 decode drops
0 switch ingress policy drops
10644663 packets output, 10543362751 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
0 rate limit drops
0 switch egress policy drops
Control Point Interface States:
Interface number is unassigned
Interface Ethernet0/2 "", is down, line protocol is down
Hardware is 88E6095, BW 100 Mbps
Auto-Duplex, Auto-Speed
Available but not configured via nameif
MAC address 001f.9ee8.ff9c, MTU not set
IP address unassigned
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
<--- More --->
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 L2 decode drops
0 switch ingress policy drops
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
0 rate limit drops
0 switch egress policy drops
Control Point Interface States:
Interface number is unassigned
Interface Ethernet0/3 "", is down, line protocol is down
Hardware is 88E6095, BW 100 Mbps
Auto-Duplex, Auto-Speed
Available but not configured via nameif
MAC address 001f.9ee8.ff9d, MTU not set
IP address unassigned
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 L2 decode drops
0 switch ingress policy drops
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
<--- More --->
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
0 rate limit drops
0 switch egress policy drops
Control Point Interface States:
Interface number is unassigned
Interface Ethernet0/4 "", is down, line protocol is down
Hardware is 88E6095, BW 100 Mbps
Auto-Duplex, Auto-Speed
Available but not configured via nameif
MAC address 001f.9ee8.ff9e, MTU not set
IP address unassigned
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 L2 decode drops
0 switch ingress policy drops
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
0 rate limit drops
0 switch egress policy drops
Control Point Interface States:
<--- More --->
Interface number is unassigned
Interface Ethernet0/5 "", is down, line protocol is down
Hardware is 88E6095, BW 100 Mbps
Auto-Duplex, Auto-Speed
Available but not configured via nameif
MAC address 001f.9ee8.ff9f, MTU not set
IP address unassigned
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 L2 decode drops
0 switch ingress policy drops
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
0 rate limit drops
0 switch egress policy drops
Control Point Interface States:
Interface number is unassigned
Interface Ethernet0/6 "", is down, line protocol is down
Hardware is 88E6095, BW 100 Mbps
Auto-Duplex, Auto-Speed
Available but not configured via nameif
<--- More --->
MAC address 001f.9ee8.ffa0, MTU not set
IP address unassigned
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 L2 decode drops
0 switch ingress policy drops
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
0 rate limit drops
0 switch egress policy drops
Control Point Interface States:
Interface number is unassigned
Interface Ethernet0/7 "", is down, line protocol is down
Hardware is 88E6095, BW 100 Mbps
Auto-Duplex, Auto-Speed
Available but not configured via nameif
MAC address 001f.9ee8.ffa1, MTU not set
IP address unassigned
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
<--- More --->
0 L2 decode drops
0 switch ingress policy drops
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
0 rate limit drops
0 switch egress policy drops
Control Point Interface States:
Interface number is unassigned
------------------ show cpu usage ------------------
CPU utilization for 5 seconds = 12%; 1 minute: 11%; 5 minutes: 11%
------------------ show cpu hogging process ------------------
Process: Dispatch Unit, NUMHOG: 1, MAXHOG: 133, LASTHOG: 140
LASTHOG At: 04:45:59 UTC Nov 26 2013
PC: 8be0f7
Traceback: 8bed19 8bf553 302b87 3030a5 2fad69 7674bf 75ca16
c6251d c62a4c c62f6c 75c653 767820 797f64 769c85
<--- More --->
------------------ show process ------------------
PC SP STATE Runtime SBASE Stack Process
Mwe 00c9bb24 01bb8700 013e3250 0 01733fc8 15616/16384 emweb/cifs
Lwe 001072ac 0176f9c4 013e32d0 0 0176d9f0 8132/8192 block_diag
Mrd 00223a67 01783d5c 013e33b0 314854 0177be18 25752/32768 Dispatch Unit
Msi 00f82847 01b07b84 013e3250 229 01b05bc0 7984/8192 y88acs06 OneSec Thread
Mwe 0011b1a5 01b09cfc 013e3250 0 01b07d88 7864/8192 Reload Control Thread
Mwe 00120606 01b1260c 013e5258 0 01b10988 7256/8192 aaa
Mwe 001486aa 01b19404 013e5ae8 0 01b15450 16020/16384 CMGR Server Process
Mwe 0014c3c5 01b1b4d4 013e3250 0 01b19570 7968/8192 CMGR Timer Process
Lwe 002227a1 01b239b4 013ee360 0 01b219f0 7524/8192 dbgtrace
Mwe 004e1ba5 01b29c34 013e3250 157 01b27d50 6436/8192 eswilp_svi_init
Mwe 01064b1d 01b4a7f4 013e3250 0 01b48890 7848/8192 Chunk Manager
Msi 008b61b6 01b52d54 013e3250 230 01b50da0 7856/8192 PIX Garbage Collector
Lsi 00ecb6ac 01b54e94 013e3250 12 01b52ec0 7552/8192 route_process
Mwe 008a5ddc 01b5dc04 0133b430 0 01b5bc40 8116/8192 IP Address Assign
Mwe 00acb779 01b60604 01346e10 0 01b5e640 8116/8192 QoS Support Module
Mwe 0091eba9 01b6275c 0133c530 0 01b60798 8116/8192 Client Update Task
Lwe 01083c8e 01b656d4 013e3250 123088 01b63770 7840/8192 Checkheaps
Mwe 00acfd7d 01b6b824 013e3250 623 01b69ad0 3476/8192 Quack process
Mwe 00b2a260 01b6dad4 013e3250 22 01b6bbf0 7364/8192 Session Manager
Mwe 00c55efd 01b78564 031d0478 4 01b74a50 14768/16384 uauth
<--- More --->
Mwe 00be3c9e 01b7aaec 0135c010 0 01b78b28 7524/8192 Uauth_Proxy
Mwe 00c52759 01b80e0c 01361770 0 01b7ee88 7712/8192 SMTP
Mwe 00c3f7b9 01b82eec 01361710 0 01b80fa8 7412/8192 Logger
Mwe 00c3fd26 01b8502c 013e3250 0 01b830c8 7492/8192 Thread Logger
Mwe 00f62272 01b9596c 013ac520 0 01b939c8 7188/8192 vpnlb_thread
Msi 00b4097c 01c598c4 013e3250 190 01c578f0 8000/8192 emweb/cifs_timer
Msi 005bd338 017a909c 013e3250 25855 017a7108 7412/8192 arp_timer
Mwe 005c76bc 01b486e4 013fba50 20643 01b46770 7348/8192 arp_forward_thread
Mwe 00c5a919 023fa5fc 013619e0 0 023f8648 7968/8192 tcp_fast
Mwe 00c5a6e5 023fc624 013619e0 0 023fa670 7968/8192 tcp_slow
Mwe 00c754d1 0240d42c 013628a0 0 0240b478 8100/8192 udp_timer
Mwe 0019cb17 01b404a4 013e3250 0 01b3e530 7984/8192 CTCP Timer process
Mwe 00efe8b3 0308c15c 013e3250 0 0308a208 7952/8192 L2TP data daemon
Mwe 00efef23 0308e194 013e3250 0 0308c230 7968/8192 L2TP mgmt daemon
Mwe 00eea02b 030c62ac 013a5c10 43 030c2338 16244/16384 ppp_timer_thread
Msi 00f62d57 030c82f4 013e3250 264 030c6360 7924/8192 vpnlb_timer_thread
Mwe 001b96e6 01b7cbbc 01b1e9c8 1 01b7ac48 7728/8192 IPsec message handler
Msi 001c9bac 01b8d4dc 013e3250 2917 01b8b548 7648/8192 CTM message handler
Mwe 00af93b8 031465b4 013e3250 0 03144640 7984/8192 ICMP event handler
Mwe 00831003 0314a724 013e3250 387 031467b0 16100/16384 IP Background
Mwe 0021b267 031a83c4 013123c0 31 03188450 123488/131072 tmatch compile thread
Mwe 009f2405 03290044 013e3250 0 0328c0c0 16072/16384 Crypto PKI RECV
Mwe 009f305a 03294144 013e3250 0 032901e0 16040/16384 Crypto CA
Mwe 0064d4fd 01b3e24c 013e3250 8 01b3c2f8 7508/8192 ESW_MRVL switch interrupt service
<--- More --->
Msi 00646f5c 032c134c 013e3250 3059378 032bf448 7184/8192 esw_stats
Lsi 008cbb80 032dc704 013e3250 3 032da730 7908/8192 uauth_urlb clean
Lwe 008afee7 034a0914 013e3250 197 0349e9b0 6636/8192 pm_timer_thread
Mwe 0052f0bf 034a35ac 013e3250 0 034a1648 7968/8192 IKE Timekeeper
Mwe 00520f6b 034a8adc 0132e2b0 0 034a4e38 15448/16384 IKE Daemon
Mwe 00bf5c78 034ac7ac 01360680 0 034aa7f8 8100/8192 RADIUS Proxy Event Daemon
Mwe 00bc32de 034ae79c 034dcbe0 0 034ac918 7208/8192 RADIUS Proxy Listener
Mwe 00bf5e0f 034b099c 013e3250 0 034aea38 7968/8192 RADIUS Proxy Time Keeper
Mwe 005aac4c 034b3154 013fb980 0 034b1250 7492/8192 Integrity FW Task
M* 008550a5 0009fefc 013e33b0 3183 034e3b20 24896/32768 ci/console
Msi 008eb694 034ed9d4 013e3250 2370 034ebc40 6176/8192 update_cpu_usage
Msi 008e6415 034f7dac 013e3250 1096 034f5eb8 6124/8192 NIC status poll
Mwe 005b63e6 03517d1c 013fbd10 1963 03515d78 7636/8192 IP Thread
Mwe 005becbe 03519e4c 013fbcb0 3 03517e98 7384/8192 ARP Thread
Mwe 004c2b36 0351befc 013fbae0 0 03519fe8 7864/8192 icmp_thread
Mwe 00c7722e 0351e06c 013e3250 0 0351c108 7848/8192 udp_thread
Mwe 00c5d126 0352008c 013fbd00 0 0351e228 7688/8192 tcp_thread
Mwe 00bc32de 03a6982c 03a5ee18 0 03a679b8 7512/8192 EAPoUDP-sock
Mwe 00266c15 03a6b614 013e3250 0 03a699e0 7032/8192 EAPoUDP
Mwe 005a6728 01b27b94 013e3250 0 01b25c30 7968/8192 Integrity Fw Timer Thread
- - - - 47686621 - - scheduler
- - - - 51253819 - - total elapsed
------------------ show failover ------------------
<--- More --->
ERROR: Command requires failover license
------------------ show traffic ------------------
inside:
received (in 51429.740 secs):
7749585 packets905087345 bytes
67 pkts/sec17013 bytes/sec
transmitted (in 51429.740 secs):
10653162 packets10355908020 bytes
40 pkts/sec201026 bytes/sec
1 minute input rate 412 pkts/sec, 51803 bytes/sec
1 minute output rate 475 pkts/sec, 522952 bytes/sec
1 minute drop rate, 24 pkts/sec
5 minute input rate 399 pkts/sec, 59676 bytes/sec
5 minute output rate 483 pkts/sec, 503200 bytes/sec
5 minute drop rate, 9 pkts/sec
outside:
received (in 51430.240 secs):
10758403 packets10441440193 bytes
42 pkts/sec203021 bytes/sec
transmitted (in 51430.240 secs):
7548339 packets872053854 bytes
<--- More --->
63 pkts/sec16037 bytes/sec
1 minute input rate 479 pkts/sec, 523680 bytes/sec
1 minute output rate 387 pkts/sec, 46796 bytes/sec
1 minute drop rate, 3 pkts/sec
5 minute input rate 485 pkts/sec, 503789 bytes/sec
5 minute output rate 387 pkts/sec, 57681 bytes/sec
5 minute drop rate, 2 pkts/sec
_internal_loopback:
received (in 51430.740 secs):
1 packets28 bytes
0 pkts/sec0 bytes/sec
transmitted (in 51430.740 secs):
1 packets28 bytes
0 pkts/sec0 bytes/sec
1 minute input rate 0 pkts/sec, 0 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 0 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
Aggregated Traffic on Physical Interface
<--- More --->
Ethernet0/0:
received (in 51431.740 secs):
10758462 packets10640075825 bytes
42 pkts/sec206042 bytes/sec
transmitted (in 51431.740 secs):
7548383 packets1029818127 bytes
63 pkts/sec20023 bytes/sec
1 minute input rate 485 pkts/sec, 537048 bytes/sec
1 minute output rate 395 pkts/sec, 54546 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 485 pkts/sec, 511723 bytes/sec
5 minute output rate 387 pkts/sec, 65495 bytes/sec
5 minute drop rate, 0 pkts/sec
Ethernet0/1:
received (in 51433.570 secs):
7749780 packets1066328930 bytes
67 pkts/sec20064 bytes/sec
transmitted (in 51433.570 secs):
10653359 packets10552787020 bytes
40 pkts/sec205006 bytes/sec
1 minute input rate 419 pkts/sec, 59621 bytes/sec
1 minute output rate 480 pkts/sec, 533950 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 399 pkts/sec, 67618 bytes/sec
<--- More --->
5 minute output rate 482 pkts/sec, 511073 bytes/sec
5 minute drop rate, 0 pkts/sec
Ethernet0/2:
received (in 51434.730 secs):
0 packets0 bytes
0 pkts/sec0 bytes/sec
transmitted (in 51434.730 secs):
0 packets0 bytes
0 pkts/sec0 bytes/sec
1 minute input rate 0 pkts/sec, 0 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 0 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
Ethernet0/3:
received (in 51434.730 secs):
0 packets0 bytes
0 pkts/sec0 bytes/sec
transmitted (in 51434.730 secs):
0 packets0 bytes
0 pkts/sec0 bytes/sec
1 minute input rate 0 pkts/sec, 0 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
<--- More --->
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 0 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
Ethernet0/4:
received (in 51434.870 secs):
0 packets0 bytes
0 pkts/sec0 bytes/sec
transmitted (in 51434.870 secs):
0 packets0 bytes
0 pkts/sec0 bytes/sec
1 minute input rate 0 pkts/sec, 0 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 0 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
Ethernet0/5:
received (in 51434.870 secs):
0 packets0 bytes
0 pkts/sec0 bytes/sec
transmitted (in 51434.870 secs):
0 packets0 bytes
0 pkts/sec0 bytes/sec
<--- More --->
1 minute input rate 0 pkts/sec, 0 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 0 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
Ethernet0/6:
received (in 51435.010 secs):
0 packets0 bytes
0 pkts/sec0 bytes/sec
transmitted (in 51435.010 secs):
0 packets0 bytes
0 pkts/sec0 bytes/sec
1 minute input rate 0 pkts/sec, 0 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 0 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
Ethernet0/7:
received (in 51435.010 secs):
0 packets0 bytes
0 pkts/sec0 bytes/sec
transmitted (in 51435.010 secs):
<--- More --->
0 packets0 bytes
0 pkts/sec0 bytes/sec
1 minute input rate 0 pkts/sec, 0 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 0 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
Internal-Data0/0:
received (in 51435.510 secs):
18513901 packets11784250044 bytes
25 pkts/sec229023 bytes/sec
transmitted (in 51435.510 secs):
18207269 packets11641332179 bytes
19 pkts/sec226078 bytes/sec
1 minute input rate 891 pkts/sec, 595715 bytes/sec
1 minute output rate 863 pkts/sec, 588935 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 885 pkts/sec, 584035 bytes/sec
5 minute output rate 870 pkts/sec, 580393 bytes/sec
5 minute drop rate, 0 pkts/sec
Internal-Data0/1:
received (in 51436.010 secs):
18207323 packets11641364184 bytes
<--- More --->
19 pkts/sec226076 bytes/sec
transmitted (in 51436.010 secs):
18513954 packets11784281987 bytes
25 pkts/sec229022 bytes/sec
1 minute input rate 855 pkts/sec, 575808 bytes/sec
1 minute output rate 884 pkts/sec, 582339 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 869 pkts/sec, 578350 bytes/sec
5 minute output rate 883 pkts/sec, 581924 bytes/sec
5 minute drop rate, 0 pkts/sec
------------------ show perfmon ------------------
PERFMON STATS: Current Average
Xlates 0/s 0/s
Connections 17/s 6/s
TCP Conns 8/s 2/s
UDP Conns 7/s 2/s
URL Access 0/s 0/s
URL Server Req 0/s 0/s
TCP Fixup 0/s 0/s
TCP Intercept 0/s 0/s
HTTP Fixup 0/s 0/s
<--- More --->
FTP Fixup 0/s 0/s
AAA Authen 0/s 0/s
AAA Author 0/s 0/s
AAA Account 0/s 0/s
------------------ show counters ------------------
Protocol Counter Value Context
IP IN_PKTS 168960 Summary
IP OUT_PKTS 169304 Summary
IP TO_ARP 61 Summary
------------------ show history ------------------
------------------ show firewall ------------------
Firewall mode: Transparent
------------------ show running-config ------------------
<--- More --->
: Saved
ASA Version 7.2(3)
firewall transparent
hostname ciscoasa
enable password
names
interface Vlan1
nameif inside
security-level 100
interface Vlan2
nameif outside
security-level 0
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
<--- More --->
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
passwd
regex domain1 ".facebook\.com"
regex domain2 ".fb\.com"
regex domain3 ".youtube\.com"
ftp mode passive
access-list ACL_IN extended permit ip any any
pager lines 24
mtu inside 1500
mtu outside 1500
ip address 192.168.1.254 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-523.bin
no asdm history enable
<--- More --->
arp timeout 14400
access-group ACL_IN in interface outside
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
class-map type regex match-any DomainBlockList
match regex domain1
match regex domain2
match regex domain3
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
<--- More --->
message-length maximum 512
match domain-name regex class DomainBlockList
drop-connection log
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
service-policy global_policy global
prompt hostname context
Cryptochecksum:bb5115ea1d14ee42e7961ef0c9aaed86
: end
<--- More --->
------------------ show startup-config errors ------------------
INFO: No configuration errors
------------------ console logs ------------------
Message #1 : Message #2 : Message #3 : Message #4 : Message #5 : Message #6 : Message #7 : Message #8 : Message #9 : Message #10 : Message #11 : Message #12 : Message #13 : Message #14 :
Total SSMs found: 0
Message #15 :
Total NICs found: 10
Message #16 : 88E6095 rev 2 Gigabit Ethernet @ index 09Message #17 : MAC: 0000.0003.0002
Message #18 : 88E6095 rev 2 Ethernet @ index 08Message #19 : MAC: 001f.9ee8.ffa1
Message #20 : 88E6095 rev 2 Ethernet @ index 07Message #21 : MAC: 001f.9ee8.ffa0
Message #22 : 88E6095 rev 2 Ethernet @ index 06Message #23 : MAC: 001f.9ee8.ff9f
Message #24 : 88E6095 rev 2 Ethernet @ index 05Message #25 : MAC: 001f.9ee8.ff9e
Message #26 : 88E6095 rev 2 Ethernet @ index 04Message #27 : MAC: 001f.9ee8.ff9d
Message #28 : 88E6095 rev 2 Ethernet @ index 03Message #29 : MAC: 001f.9ee8.ff9c
Message #30 : 88E6095 rev 2 Ethernet @ index 02Message #31 : MAC: 001f.9ee8.ff9b
Message #32 : 88E6095 rev 2 Ethernet @ index 01Message #33 : MAC: 001f.9ee8.ff9a
Message #34 : y88acs06 rev16 Gigabit Ethernet @ index 00 MAC: 001f.9ee8.ffa2
Message #35 :
Licensed features for this platform:
Message #36 : Maximum Physical Interfaces : 8
<--- More --->
Message #37 : VLANs : 3, DMZ Restricted
Message #38 : Inside Hosts : Unlimited
Message #39 : Failover : Disabled
Message #40 : VPN-DES : Enabled
Message #41 : VPN-3DES-AES : Enabled
Message #42 : VPN Peers : 10
Message #43 : WebVPN Peers : 2
Message #44 : Dual ISPs : Disabled
Message #45 : VLAN Trunk Ports : 0
Message #46 :
This platform has a Base license.
Message #47 :
Message #48 : Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)
Message #49 : Boot microcode : CNlite-MC-Boot-Cisco-1.2
Message #50 : SSL/IKE microcode: CNlite-MC-IPSEC-Admin-3.03
Message #51 : IPSec microcode : CNlite-MC-IPSECm-MAIN-2.04
Message #52 : --------------------------------------------------------------------------
Message #53 : . .
Message #54 : | |
Message #55 : ||| |||
Message #56 : .|| ||. .|| ||.
Message #57 : .:||| | |||:..:||| | |||:.
Message #58 : C i s c o S y s t e m s
Message #59 : --------------------------------------------------------------------------
<--- More --->
Message #60 :
Cisco Adaptive Security Appliance Software Version 7.2(3)
Message #61 :
Message #62 : ****************************** Warning *******************************
Message #63 : This product contains cryptographic features and is
Message #64 : subject to United States and local country laws
Message #65 : governing, import, export, transfer, and use.
Message #66 : Delivery of Cisco cryptographic products does not
Message #67 : imply third-party authority to import, export,
Message #68 : distribute, or use encryption. Importers, exporters,
Message #69 : distributors and users are responsible for compliance
Message #70 : with U.S. and local country laws. By using this
Message #71 : product you agree to comply with applicable laws and
Message #72 : regulations. If you are unable to comply with U.S.
Message #73 : and local laws, return the enclosed items immediately.
Message #74 :
Message #75 : A summary of U.S. laws governing Cisco cryptographic
Message #76 : products may be found at:
Message #77 : http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
Message #78 :
Message #79 : If you require further assistance please contact us by
Message #80 : sending email to [email protected].
Message #81 : ******************************* Warning *******************************
Message #82 :
<--- More --->
Message #83 : Copyright (c) 1996-2007 by Cisco Systems, Inc.
Message #84 : Restricted Rights Legend
Message #85 : Use, duplication, or disclosure by the Government is
Message #86 : subject to restrictions as set forth in subparagraph
Message #87 : (c) of the Commercial Computer Software - Restricted
Message #88 : Rights clause at FAR sec. 52.227-19 and subparagraph
Message #89 : (c) (1) (ii) of the Rights in Technical Data and Computer
Message #90 : Software clause at DFARS sec. 252.227-7013.
Message #91 : Cisco Systems, Inc.
Message #92 : 170 West Tasman Drive
Message #93 : San Jose, California 95134-1706
ciscoasa# -
AnyConnect to ASA 5505 ver 8.4 unable to ping/access Inside network
My AnyConnect VPN connect to the ASA, however I cannot access my inside network hosts (tried Split Tunnel and it didn't work either). I plan to use a Split Tunnel configuration but I thought I would get this working before I implemented that configuration. My inside hosts are on a 10.0.1.0/24 network and 10.1.0.0/16 networks. My AnyConnect hosts are using 192.168.60.0/24 addresses.
I have seen other people that appeared to have similar posts but none of those solutions have worked for me. I have also tried several NAT and ACL configurations to allow traffic form my Inside network to the ANYConnect hosts and back, but apparently I did it incorrectly. I undestand that this ver 8.4 is supposed to be easier to perform NAT and such, but I now in the router IOS it was much simpler.
My configuration is included below.
Thank you in advance for your assistance.
Jerry
ASA Version 8.4(4)
hostname mxfw
domain-name moxiefl.com
enable password (removed)
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
shutdown
interface Ethernet0/4
shutdown
interface Ethernet0/5
switchport trunk allowed vlan 20,22
switchport mode trunk
interface Ethernet0/6
shutdown
interface Ethernet0/7
shutdown
interface Vlan1
nameif inside
security-level 100
ip address 10.0.1.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
interface Vlan20
nameif dmz
security-level 50
ip address 172.26.20.1 255.255.255.0
interface Vlan22
nameif dmz2
security-level 50
ip address 172.26.22.1 255.255.255.0
ftp mode passive
dns domain-lookup inside
dns domain-lookup outside
dns server-group DefaultDNS
name-server 208.67.222.222
name-server 208.67.220.220
domain-name moxiefl.com
same-security-traffic permit inter-interface
object network Generic_All_Network
subnet 0.0.0.0 0.0.0.0
object network INSIDE_Hosts
subnet 10.1.0.0 255.255.0.0
object network AnyConnect_Hosts
subnet 192.168.60.0 255.255.255.0
object network NETWORK_OBJ_192.168.60.0_26
subnet 192.168.60.0 255.255.255.192
object network DMZ_Network
subnet 172.26.20.0 255.255.255.0
object network DMZ2_Network
subnet 172.26.22.0 255.255.255.0
pager lines 24
mtu inside 1500
mtu outside 1500
mtu dmz 1500
mtu dmz2 1500
ip local pool VPN_POOL 192.168.60.20-192.168.60.40 mask 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
nat (inside,outside) source dynamic Generic_All_Network interface
nat (inside,outside) source static INSIDE_Hosts INSIDE_Hosts destination static AnyConnect_Hosts AnyConnect_Hosts route-lookup
nat (inside,outside) source static any any destination static NETWORK_OBJ_192.168.60.0_26 NETWORK_OBJ_192.168.60.0_26 no-proxy-arp route-lookup
nat (dmz,outside) source dynamic Generic_All_Network interface
nat (dmz2,outside) source dynamic Generic_All_Network interface
route inside 10.1.0.0 255.255.0.0 10.0.1.2 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
aaa authentication http console LOCAL
http server enable
http 10.0.0.0 255.0.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto ca trustpoint ASDM_TrustPoint0
enrollment self
fqdn anyconnect.moxiefl.com
subject-name CN=AnyConnect.moxiefl.com
keypair AnyConnect
proxy-ldc-issuer
crl configure
crypto ca certificate chain ASDM_TrustPoint0
certificate 439a4452
3082026c 308201d5 a0030201 02020443 9a445230 0d06092a 864886f7 0d010105
05003048 311f301d 06035504 03131641 6e79436f 6e6e6563 742e6d6f 78696566
6c2e636f 6d312530 2306092a 864886f7 0d010902 1616616e 79636f6e 6e656374
2e6d6f78 6965666c 2e636f6d 301e170d 31333039 32373037 32353331 5a170d32
33303932 35303732 3533315a 3048311f 301d0603 55040313 16416e79 436f6e6e
6563742e 6d6f7869 65666c2e 636f6d31 25302306 092a8648 86f70d01 09021616
616e7963 6f6e6e65 63742e6d 6f786965 666c2e63 6f6d3081 9f300d06 092a8648
86f70d01 01010500 03818d00 30818902 8181009a d9f320ff e93d4fdd cb707a4c
b4664c47 6d2cc639 4dc45fed bfbc2150 7109fd81 5d6a5252 3d40dc43 696360d5
fbf92bcc 477d19b8 5301085c daf40de5 87d7e4aa f81b8d7f 8d364dfa 0a6f07d7
6a7c3e9b 56e69152 aa5492d8 e35537bd 567ccf29 7afbeae8 13da9936 9f890d76
1d56d11d da3d039a 0e714849 e6841ff2 5483b102 03010001 a3633061 300f0603
551d1301 01ff0405 30030101 ff300e06 03551d0f 0101ff04 04030201 86301f06
03551d23 04183016 80142f27 7096c4c5 e396e691 e07ef737 af61b71f 64f1301d
0603551d 0e041604 142f2770 96c4c5e3 96e691e0 7ef737af 61b71f64 f1300d06
092a8648 86f70d01 01050500 03818100 8f777196 bbe6a5e4 8af9eb9a 514a8348
5e62d6cd 47257243 e430a758 2b367543 065d4ceb 582bf666 08ff7be1 f89287a2
ac527824 b11c2048 7fd2b50d 35ca3902 6aa00675 e4df7859 f3590596 b1d52426
1e97a52c 4e77f4b0 226dec09 713f7ba9 80bdf7bb b52a7da2 4a68b91b 455cabba
0cc4c6f3 f244f7d9 0a6e32fb 31ce7e35
quit
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable outside client-services port 443
crypto ikev2 remote-access trustpoint ASDM_TrustPoint0
telnet timeout 5
ssh 10.0.0.0 255.0.0.0 inside
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
dhcpd dns 208.67.222.222 208.67.220.220
dhcpd auto_config outside
dhcpd address 10.0.1.20-10.0.1.40 inside
dhcpd dns 208.67.222.222 208.67.220.220 interface inside
dhcpd enable inside
dhcpd address 172.26.20.21-172.26.20.60 dmz
dhcpd dns 208.67.222.222 208.67.220.220 interface dmz
dhcpd enable dmz
dhcpd address 172.26.22.21-172.26.22.200 dmz2
dhcpd dns 208.67.222.222 208.67.220.220 interface dmz2
dhcpd enable dmz2
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl trust-point ASDM_TrustPoint0 outside
webvpn
enable outside
anyconnect-essentials
anyconnect image disk0:/anyconnect-win-3.0.2052-k9.pkg 1
anyconnect profiles AnyConnect_client_profile disk0:/AnyConnect_client_profile.xml
anyconnect enable
tunnel-group-list enable
group-policy GroupPolicy_AnyConnect internal
group-policy GroupPolicy_AnyConnect attributes
wins-server none
dns-server value 208.67.222.222 208.67.220.220
vpn-tunnel-protocol ikev2 ssl-client
default-domain value moxiefl.com
webvpn
anyconnect profiles value AnyConnect_client_profile type user
username user1 password $$$$$$$$$$$$$$$$$ encrypted privilege 15
username user2 password $$$$$$$$$$$$$$$$$ encrypted privilege 15
tunnel-group AnyConnect type remote-access
tunnel-group AnyConnect general-attributes
address-pool VPN_POOL
default-group-policy GroupPolicy_AnyConnect
tunnel-group AnyConnect webvpn-attributes
group-alias AnyConnect enable
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect icmp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:f2c7362097b71bcada023c6bbfc45121
: endHi,
Yes, I have saved the config and did a write erase and reloaded the config, no difference. I rebuilt it once a couple of weeks ago, but that was before I had gotten this far with your assistance. I'll include my ASA and switches configs after this. Here is a little background (took it form the Firewall section issue just because it gives a little insight for the network). I have 2 3560s, one as a L3 switch the other L2 with an etherchannel between them (one of the cables was bad so I am waiting on the replacement to have 2 - Gigabit channels between the switches).
I think our issue with the VPN not getting to the Inside is posibly related to my DMZ issue not getting to the internet.
I am using 2 VLANs on my switch for Guests - one is wired and the other is wireless. I am trying to keep them separate because the wireless are any guest that might be at our restaurant that is getting on WiFi. The wired is for our Private Dining Rooms that vendors may need access and I don't want the wireless being able to see the wired network in that situation.
I have ports on my 3560s that are assigned to VLAN 20 (Guest Wired) and VLAN 22 (Guest Wireless). I am not routing those addresses within the 3560s (one 3560 is setup as a L3 switch). Those VLANs are being L2 switched to the ASA via the trunk to save ports (I tried separating them and used 2 ports on the ASA and it still didn't work). The ASA is providing DCHP for those VLANs and the routing for the DMZ VLANs. I can ping each of the gateways (which are the VLANs on the ASA from devices on the 3560s - 172.26.20.1 and 172.26.22.1. I have those in my DMZ off the ASA so it can control and route the data.
The 3560 is routing for my Corp VLANs. So far I have tested the Wired VLAN 10 (10.1.10.0/24) and it is working and gets to the Internet. I have a default route (0.0.0.0 0.0.0.0) from the L3 switch to e0/1 on the ASA and e0/1 is an Inside interface.
E0/0 on the ASA is my Outside interface and gets it IP from the upstream router (will be an AT&T router/modem when I move it to the building).
So for a simple diagram:
PC (172.26.20.21/24) -----3560 (L2) ------Trunk----(VLAN 20 - DMZ/ VLAN 22 - DMZ2)---- ASA -----Outside ------- Internet (via router/modem)
I will be back at this tomorrow morning - I've been up since 4pm yesterday and it is almost 3pm.
Thank you for all of your assistance.
Jerry
Current ASA Config:
ASA Version 8.4(4)
hostname mxfw
domain-name moxiefl.com
enable password $$$$$$$$$$$$$$$ encrypted
passwd $$$$$$$$$$$$$$$$ encrypted
names
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
shutdown
interface Ethernet0/4
switchport access vlan 20
interface Ethernet0/5
switchport trunk allowed vlan 20,22
switchport mode trunk
interface Ethernet0/6
shutdown
interface Ethernet0/7
shutdown
interface Vlan1
nameif inside
security-level 100
ip address 10.0.1.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
interface Vlan20
nameif dmz
security-level 50
ip address 172.26.20.1 255.255.255.0
interface Vlan22
nameif dmz2
security-level 50
ip address 172.26.22.1 255.255.255.0
ftp mode passive
dns domain-lookup inside
dns domain-lookup outside
dns server-group DefaultDNS
name-server 208.67.222.222
name-server 208.67.220.220
domain-name moxiefl.com
same-security-traffic permit inter-interface
object network Generic_All_Network
subnet 0.0.0.0 0.0.0.0
object network INSIDE_Hosts
subnet 10.1.0.0 255.255.0.0
object network AnyConnect_Hosts
subnet 192.168.60.0 255.255.255.0
object network NETWORK_OBJ_192.168.60.0_26
subnet 192.168.60.0 255.255.255.192
object network DMZ_Network
subnet 172.26.20.0 255.255.255.0
object network DMZ2_Network
subnet 172.26.22.0 255.255.255.0
object network INSIDE
subnet 10.0.1.0 255.255.255.0
access-list capdmz extended permit icmp host 172.26.20.22 host 208.67.222.222
access-list capdmz extended permit icmp host 208.67.222.222 host 172.26.20.22
access-list capout extended permit icmp host 192.168.1.231 host 208.67.222.222
access-list capout extended permit icmp host 208.67.222.222 host 192.168.1.231
access-list capvpn extended permit icmp host 192.168.60.20 host 10.1.10.23
access-list capvpn extended permit icmp host 10.1.10.23 host 192.168.60.20
access-list AnyConnect_Client_Local_Print extended deny ip any any
access-list AnyConnect_Client_Local_Print extended permit tcp any any eq lpd
access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol
access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 631
access-list AnyConnect_Client_Local_Print remark Windows' printing port
access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 9100
access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol
access-list AnyConnect_Client_Local_Print extended permit udp any host 224.0.0.251 eq 5353
access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name Resolution protocol
access-list AnyConnect_Client_Local_Print extended permit udp any host 224.0.0.252 eq 5355
access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol
access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 137
access-list AnyConnect_Client_Local_Print extended permit udp any any eq netbios-ns
access-list SPLIT-TUNNEL standard permit 10.0.1.0 255.255.255.0
access-list SPLIT-TUNNEL standard permit 10.1.0.0 255.255.0.0
access-list capins extended permit icmp host 10.1.10.23 host 10.0.1.1
access-list capins extended permit icmp host 10.0.1.1 host 10.1.10.23
pager lines 24
mtu inside 1500
mtu outside 1500
mtu dmz 1500
mtu dmz2 1500
ip local pool VPN_POOL 192.168.60.20-192.168.60.40 mask 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
nat (inside,outside) source static INSIDE INSIDE destination static AnyConnect_Hosts AnyConnect_Hosts route-lookup
nat (inside,outside) source static INSIDE_Hosts INSIDE_Hosts destination static AnyConnect_Hosts AnyConnect_Hosts route-lookup
nat (dmz,outside) source dynamic Generic_All_Network interface
nat (dmz2,outside) source dynamic Generic_All_Network interface
nat (inside,outside) after-auto source dynamic Generic_All_Network interface
route inside 10.1.0.0 255.255.0.0 10.0.1.2 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
aaa authentication http console LOCAL
http server enable
http 10.0.0.0 255.0.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto ca trustpoint ASDM_TrustPoint0
enrollment self
fqdn anyconnect.moxiefl.com
subject-name CN=AnyConnect.moxiefl.com
keypair AnyConnect
proxy-ldc-issuer
crl configure
crypto ca certificate chain ASDM_TrustPoint0
certificate 439a4452
3082026c 308201d5 a0030201 02020443 9a445230 0d06092a 864886f7 0d010105
05003048 311f301d 06035504 03131641 6e79436f 6e6e6563 742e6d6f 78696566
6c2e636f 6d312530 2306092a 864886f7 0d010902 1616616e 79636f6e 6e656374
2e6d6f78 6965666c 2e636f6d 301e170d 31333039 32373037 32353331 5a170d32
33303932 35303732 3533315a 3048311f 301d0603 55040313 16416e79 436f6e6e
6563742e 6d6f7869 65666c2e 636f6d31 25302306 092a8648 86f70d01 09021616
616e7963 6f6e6e65 63742e6d 6f786965 666c2e63 6f6d3081 9f300d06 092a8648
86f70d01 01010500 03818d00 30818902 8181009a d9f320ff e93d4fdd cb707a4c
b4664c47 6d2cc639 4dc45fed bfbc2150 7109fd81 5d6a5252 3d40dc43 696360d5
fbf92bcc 477d19b8 5301085c daf40de5 87d7e4aa f81b8d7f 8d364dfa 0a6f07d7
6a7c3e9b 56e69152 aa5492d8 e35537bd 567ccf29 7afbeae8 13da9936 9f890d76
1d56d11d da3d039a 0e714849 e6841ff2 5483b102 03010001 a3633061 300f0603
551d1301 01ff0405 30030101 ff300e06 03551d0f 0101ff04 04030201 86301f06
03551d23 04183016 80142f27 7096c4c5 e396e691 e07ef737 af61b71f 64f1301d
0603551d 0e041604 142f2770 96c4c5e3 96e691e0 7ef737af 61b71f64 f1300d06
092a8648 86f70d01 01050500 03818100 8f777196 bbe6a5e4 8af9eb9a 514a8348
5e62d6cd 47257243 e430a758 2b367543 065d4ceb 582bf666 08ff7be1 f89287a2
ac527824 b11c2048 7fd2b50d 35ca3902 6aa00675 e4df7859 f3590596 b1d52426
1e97a52c 4e77f4b0 226dec09 713f7ba9 80bdf7bb b52a7da2 4a68b91b 455cabba
0cc4c6f3 f244f7d9 0a6e32fb 31ce7e35
quit
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable outside client-services port 443
crypto ikev2 remote-access trustpoint ASDM_TrustPoint0
telnet timeout 5
ssh 10.0.0.0 255.0.0.0 inside
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
dhcpd dns 208.67.222.222 208.67.220.220
dhcpd auto_config outside
dhcpd address 10.0.1.20-10.0.1.40 inside
dhcpd dns 208.67.222.222 208.67.220.220 interface inside
dhcpd enable inside
dhcpd address 172.26.20.21-172.26.20.60 dmz
dhcpd dns 208.67.222.222 208.67.220.220 interface dmz
dhcpd enable dmz
dhcpd address 172.26.22.21-172.26.22.200 dmz2
dhcpd dns 208.67.222.222 208.67.220.220 interface dmz2
dhcpd enable dmz2
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl trust-point ASDM_TrustPoint0 outside
webvpn
enable outside
anyconnect-essentials
anyconnect image disk0:/anyconnect-win-3.0.2052-k9.pkg 1
anyconnect profiles AnyConnect_client_profile disk0:/AnyConnect_client_profile.xml
anyconnect enable
tunnel-group-list enable
group-policy GroupPolicy_AnyConnect internal
group-policy GroupPolicy_AnyConnect attributes
wins-server none
dns-server value 208.67.222.222 208.67.220.220
vpn-tunnel-protocol ikev2 ssl-client
split-tunnel-policy tunnelspecified
split-tunnel-network-list value SPLIT-TUNNEL
default-domain value moxiefl.com
webvpn
anyconnect profiles value AnyConnect_client_profile type user
username user1 password $$$$$$$$$$$$$ encrypted privilege 15
username user2 password $$$$$$$$$$$ encrypted privilege 15
tunnel-group AnyConnect type remote-access
tunnel-group AnyConnect general-attributes
address-pool VPN_POOL
default-group-policy GroupPolicy_AnyConnect
tunnel-group AnyConnect webvpn-attributes
group-alias AnyConnect enable
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect icmp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:f6d9bbacca2a5c8b5af946a8ddc12550
: end
L3 3560 connects to ASA via port f0/3 routed port 10.0.1.0/24 network
Connects to second 3560 via G0/3 & G0/4
version 12.2
no service pad
no service timestamps debug uptime
no service timestamps log uptime
service password-encryption
hostname mx3560a
boot-start-marker
boot-end-marker
enable secret 5 $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
no aaa new-model
system mtu routing 1500
authentication mac-move permit
ip subnet-zero
ip routing
ip dhcp excluded-address 10.1.10.1 10.1.10.20
ip dhcp excluded-address 10.1.12.1 10.1.12.20
ip dhcp excluded-address 10.1.14.1 10.1.14.20
ip dhcp excluded-address 10.1.16.1 10.1.16.20
ip dhcp excluded-address 10.1.30.1 10.1.30.20
ip dhcp excluded-address 10.1.35.1 10.1.35.20
ip dhcp excluded-address 10.1.50.1 10.1.50.20
ip dhcp excluded-address 10.1.80.1 10.1.80.20
ip dhcp excluded-address 10.1.90.1 10.1.90.20
ip dhcp excluded-address 10.1.100.1 10.1.100.20
ip dhcp excluded-address 10.1.101.1 10.1.101.20
ip dhcp pool VLAN10
network 10.1.10.0 255.255.255.0
default-router 10.1.10.1
dns-server 208.67.222.222 208.67.220.220
ip dhcp pool VLAN12
network 10.1.12.0 255.255.255.0
default-router 10.1.12.1
dns-server 208.67.222.222 208.67.220.220
ip dhcp pool VLAN14
network 10.1.14.0 255.255.255.0
default-router 10.1.14.1
option 150 ip 10.1.13.1
ip dhcp pool VLAN16
network 10.1.16.0 255.255.255.0
default-router 10.1.16.1
dns-server 208.67.222.222 208.67.220.220
ip dhcp pool VLAN30
network 10.1.30.0 255.255.255.0
default-router 10.1.30.1
dns-server 208.67.222.222 208.67.220.220
ip dhcp pool VLAN35
network 10.1.35.0 255.255.255.0
default-router 10.1.35.1
dns-server 208.67.222.222 208.67.220.220
ip dhcp pool VLAN50
network 10.1.50.0 255.255.255.0
default-router 10.1.50.1
option 43 hex f104.0a01.6564
ip dhcp pool VLAN80
network 10.1.80.0 255.255.255.0
default-router 10.1.80.1
dns-server 208.67.222.222 208.67.220.220
ip dhcp pool VLAN90
network 10.1.90.0 255.255.255.0
default-router 10.1.90.1
dns-server 208.67.222.222 208.67.220.220
ip dhcp pool VLAN100
network 10.1.100.0 255.255.255.0
default-router 10.1.100.1
ip dhcp pool VLAN101
network 10.1.101.0 255.255.255.0
default-router 10.1.101.1
ip dhcp pool VLAN40
dns-server 208.67.222.222 208.67.220.220
port-channel load-balance src-dst-mac
spanning-tree mode pvst
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
vlan internal allocation policy ascending
interface Port-channel1
switchport trunk encapsulation dot1q
switchport mode trunk
link state group 1 downstream
interface FastEthernet0/1
switchport trunk encapsulation dot1q
switchport trunk native vlan 100
switchport mode trunk
power inline never
interface FastEthernet0/2
switchport access vlan 10
switchport mode access
power inline never
interface FastEthernet0/3
description Interface to MXFW E0/1
no switchport
ip address 10.0.1.2 255.255.255.0
power inline never
interface FastEthernet0/4
switchport mode access
shutdown
power inline never
interface FastEthernet0/5
switchport mode access
shutdown
power inline never
interface FastEthernet0/6
switchport mode access
shutdown
power inline never
interface FastEthernet0/7
switchport trunk encapsulation dot1q
switchport trunk native vlan 30
switchport mode trunk
switchport voice vlan 14
power inline never
spanning-tree portfast
interface FastEthernet0/8
switchport access vlan 30
switchport mode access
power inline never
interface FastEthernet0/9
switchport mode access
shutdown
power inline never
interface FastEthernet0/10
switchport mode access
shutdown
power inline never
interface FastEthernet0/11
switchport mode access
shutdown
power inline never
interface FastEthernet0/12
switchport access vlan 40
switchport mode access
interface FastEthernet0/13
switchport access vlan 40
switchport mode access
interface FastEthernet0/14
switchport access vlan 40
switchport mode access
interface FastEthernet0/15
switchport access vlan 40
switchport mode access
shutdown
interface FastEthernet0/16
switchport access vlan 40
switchport mode access
shutdown
interface FastEthernet0/17
switchport access vlan 50
switchport mode access
interface FastEthernet0/18
switchport mode access
shutdown
power inline never
interface FastEthernet0/19
switchport mode access
shutdown
power inline never
interface FastEthernet0/20
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 14
spanning-tree portfast
interface FastEthernet0/21
switchport mode access
shutdown
power inline never
interface FastEthernet0/22
switchport mode access
shutdown
power inline never
interface FastEthernet0/23
switchport trunk encapsulation dot1q
switchport trunk native vlan 30
switchport mode trunk
switchport voice vlan 14
spanning-tree portfast
interface FastEthernet0/24
switchport access vlan 35
switchport mode access
power inline never
interface FastEthernet0/25
switchport mode access
shutdown
power inline never
interface FastEthernet0/26
switchport mode access
shutdown
power inline never
interface FastEthernet0/27
switchport mode access
shutdown
power inline never
interface FastEthernet0/28
switchport access vlan 40
switchport mode access
interface FastEthernet0/29
switchport access vlan 40
switchport mode access
interface FastEthernet0/30
switchport access vlan 40
switchport mode access
interface FastEthernet0/31
switchport access vlan 40
switchport mode access
shutdown
interface FastEthernet0/32
switchport access vlan 40
switchport mode access
shutdown
interface FastEthernet0/33
switchport access vlan 50
switchport mode access
interface FastEthernet0/34
switchport mode access
shutdown
power inline never
interface FastEthernet0/35
switchport mode access
shutdown
power inline never
interface FastEthernet0/36
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 14
spanning-tree portfast
interface FastEthernet0/37
switchport mode access
shutdown
power inline never
interface FastEthernet0/38
switchport mode access
shutdown
power inline never
interface FastEthernet0/39
switchport access vlan 30
switchport mode access
power inline never
interface FastEthernet0/40
switchport access vlan 90
switchport mode access
power inline never
interface FastEthernet0/41
switchport mode access
shutdown
power inline never
interface FastEthernet0/42
switchport mode access
shutdown
power inline never
interface FastEthernet0/43
switchport mode access
shutdown
power inline never
interface FastEthernet0/44
switchport access vlan 40
switchport mode access
interface FastEthernet0/45
switchport access vlan 40
switchport mode access
interface FastEthernet0/46
switchport access vlan 40
switchport mode access
shutdown
interface FastEthernet0/47
switchport access vlan 40
switchport mode access
shutdown
interface FastEthernet0/48
switchport mode access
shutdown
power inline never
interface GigabitEthernet0/1
description Interface to MXC2911 Port G0/0
no switchport
ip address 10.1.13.2 255.255.255.0
interface GigabitEthernet0/2
shutdown
interface GigabitEthernet0/3
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 1 mode on
interface GigabitEthernet0/4
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 1 mode on
interface Vlan1
no ip address
shutdown
interface Vlan10
ip address 10.1.10.1 255.255.255.0
interface Vlan12
ip address 10.1.12.1 255.255.255.0
interface Vlan14
ip address 10.1.14.1 255.255.255.0
interface Vlan16
ip address 10.1.16.1 255.255.255.0
interface Vlan20
ip address 172.26.20.1 255.255.255.0
interface Vlan22
ip address 172.26.22.1 255.255.255.0
interface Vlan30
ip address 10.1.30.1 255.255.255.0
interface Vlan35
ip address 10.1.35.1 255.255.255.0
interface Vlan40
ip address 10.1.40.1 255.255.255.0
interface Vlan50
ip address 10.1.50.1 255.255.255.0
interface Vlan80
ip address 172.16.80.1 255.255.255.0
interface Vlan86
no ip address
shutdown
interface Vlan90
ip address 10.1.90.1 255.255.255.0
interface Vlan100
ip address 10.1.100.1 255.255.255.0
interface Vlan101
ip address 10.1.101.1 255.255.255.0
router eigrp 1
network 10.0.0.0
network 10.1.13.0 0.0.0.255
network 10.1.14.0 0.0.0.255
passive-interface default
no passive-interface GigabitEthernet0/1
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0/3 10.0.1.1
ip route 192.168.60.0 255.255.255.0 FastEthernet0/3 10.0.1.1 2
ip http server
ip sla enable reaction-alerts
line con 0
logging synchronous
line vty 0 4
login
line vty 5 15
login
end
L3 3560 Route Table (I added 192.168.60.0/24 instead of just using the default route just in case it wasn't routing for some reason - no change)
mx3560a#sho ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 10.0.1.1 to network 0.0.0.0
S 192.168.60.0/24 [2/0] via 10.0.1.1, FastEthernet0/3
172.16.0.0/24 is subnetted, 1 subnets
C 172.16.80.0 is directly connected, Vlan80
172.26.0.0/24 is subnetted, 2 subnets
C 172.26.22.0 is directly connected, Vlan22
C 172.26.20.0 is directly connected, Vlan20
10.0.0.0/8 is variably subnetted, 14 subnets, 2 masks
C 10.1.10.0/24 is directly connected, Vlan10
D 10.1.13.5/32 [90/3072] via 10.1.13.1, 4d02h, GigabitEthernet0/1
C 10.1.14.0/24 is directly connected, Vlan14
C 10.1.13.0/24 is directly connected, GigabitEthernet0/1
C 10.1.12.0/24 is directly connected, Vlan12
C 10.0.1.0/24 is directly connected, FastEthernet0/3
C 10.1.30.0/24 is directly connected, Vlan30
C 10.1.16.0/24 is directly connected, Vlan16
C 10.1.40.0/24 is directly connected, Vlan40
C 10.1.35.0/24 is directly connected, Vlan35
C 10.1.50.0/24 is directly connected, Vlan50
C 10.1.90.0/24 is directly connected, Vlan90
C 10.1.101.0/24 is directly connected, Vlan101
C 10.1.100.0/24 is directly connected, Vlan100
S* 0.0.0.0/0 [1/0] via 10.0.1.1, FastEthernet0/3
I have a C2911 for CME on G0/1 - using it only for that purpose at this time.
L2 3560 Config it connects to the ASA as a trunk on e0/5 of the ASA and port f0/3 of the switch - I am using L2 switching for the DMZ networks from the switches to the ASA and allowing the ASA to provide the DHCP and routing out of the network. DMZ networks: 172.26.20.0/24 and 172.26.22.0/24.
version 12.2
no service pad
no service timestamps debug uptime
no service timestamps log uptime
service password-encryption
hostname mx3560b
boot-start-marker
boot-end-marker
enable secret 5 $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
no aaa new-model
system mtu routing 1500
crypto pki trustpoint TP-self-signed-3877365632
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3877365632
revocation-check none
rsakeypair TP-self-signed-3877365632
crypto pki certificate chain TP-self-signed-3877365632
certificate self-signed 01
30820240 308201A9 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33383737 33363536 3332301E 170D3933 30333031 30303031
30395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 38373733
36353633 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100DF81 DA515E0B 7FC760CF 2CC98400 42DCA007 215E4DDE D0C3FBF2 D974CE85
C46A8700 6AE44C2C 79D9BD2A A9297FA0 2D9C2BE4 B3941A2F 435AC4EA 17E89DFE
34EC8E93 63BD4CDF 784E91D7 2EE0093F 06CC97FD 83CB818B 1ED624E6 F0F5DA51
1DE4B8A7 169EED2B 40575B81 BADDE052 85BA9D19 4C206DCB 00878FF3 89E74028
B3F30203 010001A3 68306630 0F060355 1D130101 FF040530 030101FF 30130603
551D1104 0C300A82 086D7833 35363062 2E301F06 03551D23 04183016 80147125
78CE8540 DB95D852 3C0BD975 5D9C6EB7 58FC301D 0603551D 0E041604 14712578
CE8540DB 95D8523C 0BD9755D 9C6EB758 FC300D06 092A8648 86F70D01 01040500
03818100 94B98410 2D9CD602 4BD16181 BCB7C515 77C8F947 7C4AF5B8 281E3131
59298655 B12FAB1D A6AAA958 8473483C E993D896 5251770B 557803C0 531DEB62
A349C057 CB473F86 DCEBF8B8 7DDE5728 048A49D0 AB18CE8C 8257C00A C2E06A63
B91F872C 5F169FF9 77DC523B AB1E3965 C6B67FCC 84AE11E9 02DD10F0 C45EAFEA 41D7FA6C
quit
port-channel load-balance src-dst-mac
spanning-tree mode pvst
spanning-tree extend system-id
vlan internal allocation policy ascending
interface Port-channel1
switchport trunk encapsulation dot1q
switchport mode trunk
interface FastEthernet0/1
switchport access vlan 50
switchport mode access
interface FastEthernet0/2
switchport access vlan 30
switchport mode access
power inline never
interface FastEthernet0/3
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 20,22
switchport mode trunk
power inline never
interface FastEthernet0/4
switchport mode access
shutdown
power inline never
interface FastEthernet0/5
shutdown
power inline never
interface FastEthernet0/6
shutdown
power inline never
interface FastEthernet0/7
switchport trunk encapsulation dot1q
switchport trunk native vlan 30
switchport mode trunk
switchport voice vlan 14
spanning-tree portfast
interface FastEthernet0/8
switchport access vlan 30
switchport mode access
power inline never
interface FastEthernet0/9
shutdown
power inline never
interface FastEthernet0/10
switchport access vlan 20
switchport mode access
power inline never
interface FastEthernet0/11
shutdown
power inline never
interface FastEthernet0/12
switchport access vlan 40
switchport mode access
interface FastEthernet0/13
switchport access vlan 40
switchport mode access
interface FastEthernet0/14
switchport access vlan 40
switchport mode access
shutdown
interface FastEthernet0/15
switchport access vlan 40
switchport mode access
shutdown
interface FastEthernet0/16
switchport access vlan 40
switchport mode access
shutdown
interface FastEthernet0/17
switchport access vlan 10
switchport mode access
power inline never
interface FastEthernet0/18
shutdown
power inline never
interface FastEthernet0/19
shutdown
power inline never
interface FastEthernet0/20
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 14
spanning-tree portfast
interface FastEthernet0/21
shutdown
power inline never
interface FastEthernet0/22
shutdown
power inline never
interface FastEthernet0/23
switchport access vlan 30
switchport mode access
power inline never
interface FastEthernet0/24
shutdown
power inline never
interface FastEthernet0/25
switchport access vlan 20
switchport mode access
power inline never
interface FastEthernet0/26
shutdown
power inline never
interface FastEthernet0/27
shutdown
power inline never
interface FastEthernet0/28
switchport access vlan 40
switchport mode access
interface FastEthernet0/29
switchport access vlan 40
switchport mode access
interface FastEthernet0/30
switchport access vlan 40
switchport mode access
shutdown
interface FastEthernet0/31
switchport access vlan 40
switchport mode access
shutdown
interface FastEthernet0/32
switchport access vlan 40
switchport mode access
shutdown
interface FastEthernet0/33
switchport access vlan 20
switchport mode access
power inline never
interface FastEthernet0/34
shutdown
power inline never
interface FastEthernet0/35
shutdown
power inline never
interface FastEthernet0/36
switchport mode access
switchport voice vlan 14
spanning-tree portfast
interface FastEthernet0/37
shutdown
power inline never
interface FastEthernet0/38
shutdown
power inline never
interface FastEthernet0/39
switchport access vlan 30
switchport mode access
power inline never
interface FastEthernet0/40
switchport access vlan 90
switchport mode access
power inline never
interface FastEthernet0/41
shutdown
power inline never
interface FastEthernet0/42
shutdown
power inline never
interface FastEthernet0/43
shutdown
power inline never
interface FastEthernet0/44
switchport access vlan 40
switchport mode access
interface FastEthernet0/45
switchport access vlan 40
switchport mode access
interface FastEthernet0/46
switchport access vlan 40
switchport mode access
shutdown
interface FastEthernet0/47
switchport access vlan 40
switchport mode access
shutdown
interface FastEthernet0/48
switchport access vlan 40
switchport mode access
shutdown
interface GigabitEthernet0/1
shutdown
interface GigabitEthernet0/2
switchport access vlan 40
switchport mode access
interface GigabitEthernet0/3
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 1 mode on
interface GigabitEthernet0/4
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 1 mode on
interface Vlan1
no ip address
ip classless
ip http server
ip http secure-server
ip sla enable reaction-alerts
line con 0
logging synchronous
line vty 0 4
login
line vty 5 15
login
end -
ASA 5505 ver 8.4 DMZ to Outside not working
I have an ASA 5505 ver 8.4. The configuration is provided below. My INSIDE hosts are able to get to the internet via the Outside interface. The DHCP for my INSIDE hosts are handled by my L3 3560 switch. My DMZ hosts DHCP is handled by the ASA 5505. I've included packet-tracer results for both from the DMZ to the Outside address (DNS server) and a return packet tracer from the Outside interface to the DMZ host address. I see that the return is failing, however everything I have tried so far hasn't worked. Thank you in advance for any assistance.
***************************************8
ASA Version 8.4(4)
hostname mxfw
domain-name moxiefl.com
enable password (removed)
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
shutdown
interface Ethernet0/4
shutdown
interface Ethernet0/5
switchport trunk allowed vlan 20,22
switchport mode trunk
interface Ethernet0/6
shutdown
interface Ethernet0/7
shutdown
interface Vlan1
nameif inside
security-level 100
ip address 10.0.1.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
interface Vlan20
nameif dmz
security-level 50
ip address 172.26.20.1 255.255.255.0
interface Vlan22
nameif dmz2
security-level 50
ip address 172.26.22.1 255.255.255.0
ftp mode passive
dns domain-lookup inside
dns domain-lookup outside
dns server-group DefaultDNS
name-server 208.67.222.222
name-server 208.67.220.220
domain-name moxiefl.com
same-security-traffic permit inter-interface
object network Generic_All_Network
subnet 0.0.0.0 0.0.0.0
object network INSIDE_Hosts
subnet 10.1.0.0 255.255.0.0
object network AnyConnect_Hosts
subnet 192.168.60.0 255.255.255.0
object network NETWORK_OBJ_192.168.60.0_26
subnet 192.168.60.0 255.255.255.192
object network DMZ_Network
subnet 172.26.20.0 255.255.255.0
object network DMZ2_Network
subnet 172.26.22.0 255.255.255.0
pager lines 24
mtu inside 1500
mtu outside 1500
mtu dmz 1500
mtu dmz2 1500
ip local pool VPN_POOL 192.168.60.20-192.168.60.40 mask 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
nat (inside,outside) source dynamic Generic_All_Network interface
nat (inside,outside) source static INSIDE_Hosts INSIDE_Hosts destination static AnyConnect_Hosts AnyConnect_Hosts route-lookup
nat (inside,outside) source static any any destination static NETWORK_OBJ_192.168.60.0_26 NETWORK_OBJ_192.168.60.0_26 no-proxy-arp route-lookup
nat (dmz,outside) source dynamic Generic_All_Network interface
nat (dmz2,outside) source dynamic Generic_All_Network interface
route inside 10.1.0.0 255.255.0.0 10.0.1.2 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
aaa authentication http console LOCAL
http server enable
http 10.0.0.0 255.0.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto ca trustpoint ASDM_TrustPoint0
enrollment self
fqdn anyconnect.moxiefl.com
subject-name CN=AnyConnect.moxiefl.com
keypair AnyConnect
proxy-ldc-issuer
crl configure
crypto ca certificate chain ASDM_TrustPoint0
certificate 439a4452
3082026c 308201d5 a0030201 02020443 9a445230 0d06092a 864886f7 0d010105
05003048 311f301d 06035504 03131641 6e79436f 6e6e6563 742e6d6f 78696566
6c2e636f 6d312530 2306092a 864886f7 0d010902 1616616e 79636f6e 6e656374
2e6d6f78 6965666c 2e636f6d 301e170d 31333039 32373037 32353331 5a170d32
33303932 35303732 3533315a 3048311f 301d0603 55040313 16416e79 436f6e6e
6563742e 6d6f7869 65666c2e 636f6d31 25302306 092a8648 86f70d01 09021616
616e7963 6f6e6e65 63742e6d 6f786965 666c2e63 6f6d3081 9f300d06 092a8648
86f70d01 01010500 03818d00 30818902 8181009a d9f320ff e93d4fdd cb707a4c
b4664c47 6d2cc639 4dc45fed bfbc2150 7109fd81 5d6a5252 3d40dc43 696360d5
fbf92bcc 477d19b8 5301085c daf40de5 87d7e4aa f81b8d7f 8d364dfa 0a6f07d7
6a7c3e9b 56e69152 aa5492d8 e35537bd 567ccf29 7afbeae8 13da9936 9f890d76
1d56d11d da3d039a 0e714849 e6841ff2 5483b102 03010001 a3633061 300f0603
551d1301 01ff0405 30030101 ff300e06 03551d0f 0101ff04 04030201 86301f06
03551d23 04183016 80142f27 7096c4c5 e396e691 e07ef737 af61b71f 64f1301d
0603551d 0e041604 142f2770 96c4c5e3 96e691e0 7ef737af 61b71f64 f1300d06
092a8648 86f70d01 01050500 03818100 8f777196 bbe6a5e4 8af9eb9a 514a8348
5e62d6cd 47257243 e430a758 2b367543 065d4ceb 582bf666 08ff7be1 f89287a2
ac527824 b11c2048 7fd2b50d 35ca3902 6aa00675 e4df7859 f3590596 b1d52426
1e97a52c 4e77f4b0 226dec09 713f7ba9 80bdf7bb b52a7da2 4a68b91b 455cabba
0cc4c6f3 f244f7d9 0a6e32fb 31ce7e35
quit
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable outside client-services port 443
crypto ikev2 remote-access trustpoint ASDM_TrustPoint0
telnet timeout 5
ssh 10.0.0.0 255.0.0.0 inside
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
dhcpd dns 208.67.222.222 208.67.220.220
dhcpd auto_config outside
dhcpd address 10.0.1.20-10.0.1.40 inside
dhcpd dns 208.67.222.222 208.67.220.220 interface inside
dhcpd enable inside
dhcpd address 172.26.20.21-172.26.20.60 dmz
dhcpd dns 208.67.222.222 208.67.220.220 interface dmz
dhcpd enable dmz
dhcpd address 172.26.22.21-172.26.22.200 dmz2
dhcpd dns 208.67.222.222 208.67.220.220 interface dmz2
dhcpd enable dmz2
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl trust-point ASDM_TrustPoint0 outside
webvpn
enable outside
anyconnect-essentials
anyconnect image disk0:/anyconnect-win-3.0.2052-k9.pkg 1
anyconnect profiles AnyConnect_client_profile disk0:/AnyConnect_client_profile.xml
anyconnect enable
tunnel-group-list enable
group-policy GroupPolicy_AnyConnect internal
group-policy GroupPolicy_AnyConnect attributes
wins-server none
dns-server value 208.67.222.222 208.67.220.220
vpn-tunnel-protocol ikev2 ssl-client
default-domain value moxiefl.com
webvpn
anyconnect profiles value AnyConnect_client_profile type user
username user1 password $$$$$$$$$$$$$$$$$ encrypted privilege 15
username user2 password $$$$$$$$$$$$$$$$$ encrypted privilege 15
tunnel-group AnyConnect type remote-access
tunnel-group AnyConnect general-attributes
address-pool VPN_POOL
default-group-policy GroupPolicy_AnyConnect
tunnel-group AnyConnect webvpn-attributes
group-alias AnyConnect enable
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect icmp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:f2c7362097b71bcada023c6bbfc45121
: end
Packet Tracer from DMZ to Outside
mxfw# packet-tracer input dmz icmp 172.26.20.22 8 0 208.67.222.222 detailed
Phase: 1
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 0.0.0.0 0.0.0.0 outside
Phase: 2
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0xac5bdb90, priority=0, domain=inspect-ip-options, deny=true
hits=22, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
input_ifc=dmz, output_ifc=any
Phase: 3
Type: INSPECT
Subtype: np-inspect
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0xacff7ee0, priority=70, domain=inspect-icmp, deny=false
hits=8, user_data=0xad253a68, cs_id=0x0, use_real_addr, flags=0x0, protocol=1
src ip/id=0.0.0.0, mask=0.0.0.0, icmp-type=0
dst ip/id=0.0.0.0, mask=0.0.0.0, icmp-code=0, dscp=0x0
input_ifc=dmz, output_ifc=any
Phase: 4
Type: INSPECT
Subtype: np-inspect
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0xac5bd768, priority=66, domain=inspect-icmp-error, deny=false
hits=8, user_data=0xac5bcd80, cs_id=0x0, use_real_addr, flags=0x0, protocol=1
src ip/id=0.0.0.0, mask=0.0.0.0, icmp-type=0
dst ip/id=0.0.0.0, mask=0.0.0.0, icmp-code=0, dscp=0x0
input_ifc=dmz, output_ifc=any
Phase: 5
Type: NAT
Subtype:
Result: ALLOW
Config:
nat (dmz,outside) source dynamic Generic_All_Network interface
Additional Information:
Dynamic translate 172.26.20.22/0 to 192.168.1.231/23136
Forward Flow based lookup yields rule:
in id=0xac63c0e8, priority=6, domain=nat, deny=false
hits=7, user_data=0xac6209f0, cs_id=0x0, use_real_addr, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
input_ifc=dmz, output_ifc=outside
Phase: 6
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Reverse Flow based lookup yields rule:
in id=0xac578bf0, priority=0, domain=inspect-ip-options, deny=true
hits=7510, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
input_ifc=outside, output_ifc=any
Phase: 7
Type: FLOW-CREATION
Subtype:
Result: ALLOW
Config:
Additional Information:
New flow created with id 7561, packet dispatched to next module
Module information for forward flow ...
snp_fp_tracer_drop
snp_fp_inspect_ip_options
snp_fp_inspect_icmp
snp_fp_translate
snp_fp_adjacency
snp_fp_fragment
snp_ifc_stat
Module information for reverse flow ...
snp_fp_tracer_drop
snp_fp_inspect_ip_options
snp_fp_translate
snp_fp_inspect_icmp
snp_fp_adjacency
snp_fp_fragment
snp_ifc_stat
Result:
input-interface: dmz
input-status: up
input-line-status: up
output-interface: outside
output-status: up
output-line-status: up
Action: allow
Packet Tracer for return from Outside:
mxfw(config)# packet-tracer input outside icmp 207.67.222.222 0 0 172.26.20.22$
Phase: 1
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 172.26.20.0 255.255.255.0 dmz
Phase: 2
Type: ACCESS-LIST
Subtype:
Result: DROP
Config:
Implicit Rule
Additional Information:
Forward Flow based lookup yields rule:
in id=0xacea45d8, priority=11, domain=permit, deny=true
hits=0, user_data=0x5, cs_id=0x0, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
input_ifc=outside, output_ifc=any
Result:
input-interface: outside
input-status: up
input-line-status: up
output-interface: dmz
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule
Settings of PC and PING & tracert results
C:\Users>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : MXW8DT01
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Wireless LAN adapter Local Area Connection* 11:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
Physical Address. . . . . . . . . : 68-94-23-20-FA-C5
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Wi-Fi:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Ralink RT5390R 802.11bgn Wi-Fi Adapter
Physical Address. . . . . . . . . : 68-94-23-20-FA-C3
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Ethernet:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 08-9E-01-3D-64-39
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 172.26.20.22(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, October 6, 2013 3:28:48 PM
Lease Expires . . . . . . . . . . : Sunday, October 6, 2013 4:28:48 PM
Default Gateway . . . . . . . . . : 172.26.20.1
DHCP Server . . . . . . . . . . . : 172.26.20.1
DNS Servers . . . . . . . . . . . : 208.67.222.222
208.67.220.220
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{9B004C7D-7A34-4A9C-BEDB-5212A582FAB1}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:3497:208a:53e5:ebe9(Pref
erred)
Link-local IPv6 Address . . . . . : fe80::3497:208a:53e5:ebe9%16(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
C:\Users>ping 208.67.222.222
Pinging 208.67.222.222 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 208.67.222.222:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
C:\Users>tracert 208.67.222.222
Tracing route to 208.67.222.222 over a maximum of 30 hops
1 1 ms <1 ms <1 ms 172.26.20.1
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.
8 * * * Request timed out.
9 * * * Request timed out.
10 * * * Request timed out.
11 * * * Request timed out.
12 * * * Request timed out.
13 * * * Request timed out.
14 * * * Request timed out.
15 * * * Request timed out.
16 * * * Request timed out.
17 * * * Request timed out.
18 * * * Request timed out.
19 * * * Request timed out.
20 * * * Request timed out.
21 * * * Request timed out.
22 * * * Request timed out.
23 * * * Request timed out.
24 * * * Request timed out.
25 * * * Request timed out.
26 * * * Request timed out.
27 * * * Request timed out.
28 * * * Request timed out.
29 * * * Request timed out.
30 * * * Request timed out.
Trace complete.Naveen & Julio,
The version is below along with the captures. The show cap asp | include 208.67.222.222 is fairly long.
Thank you again for your assistance.
Jerry
mxfw(config)# sho ver
Cisco Adaptive Security Appliance Software Version 8.4(4)
Device Manager Version 6.4(9)
Compiled on Mon 21-May-12 10:48 by builders
System image file is "disk0:/asa844-k8.bin"
Config file at boot was "startup-config"
mxfw up 23 hours 47 mins
Hardware: ASA5505, 1024 MB RAM, CPU Geode 500 MHz
Internal ATA Compact Flash, 32768MB
BIOS Flash M50FW016 @ 0xfff00000, 2048KB
Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)
Boot microcode : CN1000-MC-BOOT-2.00
SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.06
Number of accelerators: 1
0: Int: Internal-Data0/0 : address is 2c54.2df4.9c93, irq 11
1: Ext: Ethernet0/0 : address is 2c54.2df4.9c8b, irq 255
2: Ext: Ethernet0/1 : address is 2c54.2df4.9c8c, irq 255
3: Ext: Ethernet0/2 : address is 2c54.2df4.9c8d, irq 255
4: Ext: Ethernet0/3 : address is 2c54.2df4.9c8e, irq 255
5: Ext: Ethernet0/4 : address is 2c54.2df4.9c8f, irq 255
6: Ext: Ethernet0/5 : address is 2c54.2df4.9c90, irq 255
7: Ext: Ethernet0/6 : address is 2c54.2df4.9c91, irq 255
8: Ext: Ethernet0/7 : address is 2c54.2df4.9c92, irq 255
9: Int: Internal-Data0/1 : address is 0000.0003.0002, irq 255
10: Int: Not used : irq 255
11: Int: Not used : irq 255
Licensed features for this platform:
Maximum Physical Interfaces : 8 perpetual
VLANs : 20 DMZ Unrestricted
Dual ISPs : Enabled perpetual
VLAN Trunk Ports : 8 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Standby perpetual
VPN-DES : Enabled perpetual
VPN-3DES-AES : Enabled perpetual
AnyConnect Premium Peers : 25 perpetual
AnyConnect Essentials : 25 perpetual
Other VPN Peers : 25 perpetual
Total VPN Peers : 25 perpetual
Shared License : Enabled perpetual
AnyConnect for Mobile : Enabled perpetual
AnyConnect for Cisco VPN Phone : Enabled perpetual
Advanced Endpoint Assessment : Enabled perpetual
UC Phone Proxy Sessions : 24 perpetual
Total UC Proxy Sessions : 24 perpetual
Botnet Traffic Filter : Enabled perpetual
Intercompany Media Engine : Disabled perpetual
This platform has an ASA 5505 Security Plus license.
Serial Number: JMX1617Z2B0
Running Permanent Activation Key: 0x112dd960 0x68ba556a 0x9160b8f4 0xc4f49064 0x822ae087
Configuration register is 0x1
mxfw(config)# sho cap asp | include 208.67.222.222
1: 08:14:03.444953 802.1Q vlan#2 P0 192.168.60.20.50815 > 208.67.222.222.53: udp 38
4: 08:14:04.613920 802.1Q vlan#2 P0 192.168.60.20.49379 > 208.67.222.222.53: udp 36 Drop-reason: (unable-to-create-flow) Flow denied due to resource limitation
9: 08:14:05.456168 802.1Q vlan#2 P0 192.168.60.20.50815 > 208.67.222.222.53: udp 38 Drop-reason: (unable-to-create-flow) Flow denied due to resource limitation
19: 08:14:07.874283 802.1Q vlan#2 P0 192.168.60.20.52778 > 208.67.222.222.53: udp 39 Drop-reason: (unable-to-create-flow) Flow denied due to resource limitation
26: 08:14:09.464407 802.1Q vlan#2 P0 192.168.60.20.50815 > 208.67.222.222.53: udp 38 Drop-reason: (unable-to-create-flow) Flow denied due to resource limitation
31: 08:14:09.885559 802.1Q vlan#2 P0 192.168.60.20.52778 > 208.67.222.222.53: udp 39 Drop-reason: (unable-to-create-flow) Flow denied due to resource limitation
36: 08:14:11.228427 802.1Q vlan#2 P0 192.168.60.20.57817 > 208.67.222.222.53: udp 36
37: 08:14:12.240847 802.1Q vlan#2 P0 192.168.60.20.57817 > 208.67.222.222.53: udp 36 Drop-reason: (unable-to-create-flow) Flow denied due to resource limitation
38: 08:14:13.254533 802.1Q vlan#2 P0 192.168.60.20.57817 > 208.67.222.222.53: udp 36 Drop-reason: (unable-to-create-flow) Flow denied due to resource limitation
44: 08:14:13.893889 802.1Q vlan#2 P0 192.168.60.20.52778 > 208.67.222.222.53: udp 39 Drop-reason: (unable-to-create-flow) Flow denied due to resource limitation
51: 08:14:15.266374 802.1Q vlan#2 P0 192.168.60.20.57817 > 208.67.222.222.53: udp 36
63: 08:14:19.274750 802.1Q vlan#2 P0 192.168.60.20.57817 > 208.67.222.222.53: udp 36
68: 08:14:20.509312 802.1Q vlan#2 P0 192.168.60.20.50543 > 208.67.222.222.53: udp 39
69: 08:14:21.520816 802.1Q vlan#2 P0 192.168.60.20.50543 > 208.67.222.222.53: udp 39
70: 08:14:22.534548 802.1Q vlan#2 P0 192.168.60.20.50543 > 208.67.222.222.53: udp 39
76: 08:14:24.547228 802.1Q vlan#2 P0 192.168.60.20.50543 > 208.67.222.222.53: udp 39
83: 08:14:28.554826 802.1Q vlan#2 P0 192.168.60.20.50543 > 208.67.222.222.53: udp 39
89: 08:14:29.803150 802.1Q vlan#2 P0 192.168.60.20.54948 > 208.67.222.222.53: udp 38
91: 08:14:31.816089 802.1Q vlan#2 P0 192.168.60.20.54948 > 208.67.222.222.53: udp 38
102: 08:14:35.822894 802.1Q vlan#2 P0 192.168.60.20.54948 > 208.67.222.222.53: udp 38
116: 08:14:42.885604 802.1Q vlan#2 P0 192.168.60.20.62505 > 208.67.222.222.53: udp 34
118: 08:14:43.883926 802.1Q vlan#2 P0 192.168.60.20.62505 > 208.67.222.222.53: udp 34
123: 08:14:44.884491 802.1Q vlan#2 P0 192.168.60.20.62505 > 208.67.222.222.53: udp 34
127: 08:14:46.884521 802.1Q vlan#2 P0 192.168.60.20.62505 > 208.67.222.222.53: udp 34
133: 08:14:48.882721 802.1Q vlan#2 P0 192.168.60.20.52421 > 208.67.222.222.53: udp 34
135: 08:14:49.881942 802.1Q vlan#2 P0 192.168.60.20.52421 > 208.67.222.222.53: udp 34
138: 08:14:50.882858 802.1Q vlan#2 P0 192.168.60.20.52421 > 208.67.222.222.53: udp 34
140: 08:14:50.885620 802.1Q vlan#2 P0 192.168.60.20.62505 > 208.67.222.222.53: udp 34
145: 08:14:52.883590 802.1Q vlan#2 P0 192.168.60.20.52421 > 208.67.222.222.53: udp 34
149: 08:14:53.983790 802.1Q vlan#2 P0 192.168.60.20.56343 > 208.67.222.222.53: udp 38
151: 08:14:54.982981 802.1Q vlan#2 P0 192.168.60.20.56343 > 208.67.222.222.53: udp 38
156: 08:14:55.982844 802.1Q vlan#2 P0 192.168.60.20.56343 > 208.67.222.222.53: udp 38
161: 08:14:56.884811 802.1Q vlan#2 P0 192.168.60.20.52421 > 208.67.222.222.53: udp 34
180: 08:14:57.983408 802.1Q vlan#2 P0 192.168.60.20.56343 > 208.67.222.222.53: udp 38
197: 08:14:59.441017 802.1Q vlan#2 P0 192.168.60.20.55495 > 208.67.222.222.53: udp 34
198: 08:14:59.441764 802.1Q vlan#2 P0 192.168.60.20.52091 > 208.67.222.222.53: udp 42
199: 08:14:59.442756 802.1Q vlan#2 P0 192.168.60.20.52233 > 208.67.222.222.53: udp 40
200: 08:14:59.442985 802.1Q vlan#2 P0 192.168.60.20.57413 > 208.67.222.222.53: udp 40
201: 08:14:59.443794 802.1Q vlan#2 P0 192.168.60.20.65042 > 208.67.222.222.53: udp 40
202: 08:14:59.448753 802.1Q vlan#2 P0 192.168.60.20.62151 > 208.67.222.222.53: udp 34
204: 08:14:59.504978 802.1Q vlan#2 P0 192.168.60.20.60528 > 208.67.222.222.53: udp 33
206: 08:14:59.524234 802.1Q vlan#2 P0 192.168.60.20.54032 > 208.67.222.222.53: udp 34
213: 08:15:00.505161 802.1Q vlan#2 P0 192.168.60.20.60528 > 208.67.222.222.53: udp 33
214: 08:15:00.524066 802.1Q vlan#2 P0 192.168.60.20.54032 > 208.67.222.222.53: udp 34
225: 08:15:01.441124 802.1Q vlan#2 P0 192.168.60.20.55495 > 208.67.222.222.53: udp 34
229: 08:15:01.442893 802.1Q vlan#2 P0 192.168.60.20.57413 > 208.67.222.222.53: udp 40
230: 08:15:01.443168 802.1Q vlan#2 P0 192.168.60.20.52233 > 208.67.222.222.53: udp 40
235: 08:15:01.444663 802.1Q vlan#2 P0 192.168.60.20.65042 > 208.67.222.222.53: udp 40
241: 08:15:01.563584 802.1Q vlan#2 P0 192.168.60.20.49326 > 208.67.222.222.53: udp 32
242: 08:15:01.582458 802.1Q vlan#2 P0 192.168.60.20.64011 > 208.67.222.222.53: udp 33
244: 08:15:01.598983 802.1Q vlan#2 P0 192.168.60.20.55971 > 208.67.222.222.53: udp 33
246: 08:15:01.628278 802.1Q vlan#2 P0 192.168.60.20.54709 > 208.67.222.222.53: udp 37
248: 08:15:01.982920 802.1Q vlan#2 P0 192.168.60.20.56343 > 208.67.222.222.53: udp 38
254: 08:15:02.598861 802.1Q vlan#2 P0 192.168.60.20.55971 > 208.67.222.222.53: udp 33
256: 08:15:02.622785 802.1Q vlan#2 P0 192.168.60.20.54709 > 208.67.222.222.53: udp 37
266: 08:15:04.438301 802.1Q vlan#2 P0 192.168.60.20.57642 > 208.67.222.222.53: udp 34
267: 08:15:04.440040 802.1Q vlan#2 P0 192.168.60.20.49886 > 208.67.222.222.53: udp 40
268: 08:15:04.440284 802.1Q vlan#2 P0 192.168.60.20.64655 > 208.67.222.222.53: udp 40
269: 08:15:04.441078 802.1Q vlan#2 P0 192.168.60.20.57383 > 208.67.222.222.53: udp 40
279: 08:15:05.441551 802.1Q vlan#2 P0 192.168.60.20.55495 > 208.67.222.222.53: udp 34
285: 08:15:05.443168 802.1Q vlan#2 P0 192.168.60.20.52233 > 208.67.222.222.53: udp 40
286: 08:15:05.443443 802.1Q vlan#2 P0 192.168.60.20.57413 > 208.67.222.222.53: udp 40
293: 08:15:05.445396 802.1Q vlan#2 P0 192.168.60.20.65042 > 208.67.222.222.53: udp 40
314: 08:15:07.438911 802.1Q vlan#2 P0 192.168.60.20.57642 > 208.67.222.222.53: udp 34
318: 08:15:07.440040 802.1Q vlan#2 P0 192.168.60.20.49886 > 208.67.222.222.53: udp 40
322: 08:15:07.441322 802.1Q vlan#2 P0 192.168.60.20.64655 > 208.67.222.222.53: udp 40
326: 08:15:07.443412 802.1Q vlan#2 P0 192.168.60.20.57383 > 208.67.222.222.53: udp 40
335: 08:15:09.374400 802.1Q vlan#2 P0 192.168.60.20.59105 > 208.67.222.222.53: udp 38
362: 08:15:11.439399 802.1Q vlan#2 P0 192.168.60.20.57642 > 208.67.222.222.53: udp 34
363: 08:15:11.440101 802.1Q vlan#2 P0 192.168.60.20.49886 > 208.67.222.222.53: udp 40
370: 08:15:11.441627 802.1Q vlan#2 P0 192.168.60.20.64655 > 208.67.222.222.53: udp 40
374: 08:15:11.442543 802.1Q vlan#2 P0 192.168.60.20.57383 > 208.67.222.222.53: udp 40
381: 08:15:11.995279 802.1Q vlan#2 P0 192.168.60.20.58440 > 208.67.222.222.53: udp 34
382: 08:15:12.003127 802.1Q vlan#2 P0 192.168.60.20.63442 > 208.67.222.222.53: udp 40
383: 08:15:12.003356 802.1Q vlan#2 P0 192.168.60.20.65017 > 208.67.222.222.53: udp 40
384: 08:15:12.003585 802.1Q vlan#2 P0 192.168.60.20.62373 > 208.67.222.222.53: udp 40
387: 08:15:12.994989 802.1Q vlan#2 P0 192.168.60.20.58440 > 208.67.222.222.53: udp 34
388: 08:15:13.001922 802.1Q vlan#2 P0 192.168.60.20.63442 > 208.67.222.222.53: udp 40
389: 08:15:13.004455 802.1Q vlan#2 P0 192.168.60.20.65017 > 208.67.222.222.53: udp 40
390: 08:15:13.004974 802.1Q vlan#2 P0 192.168.60.20.62373 > 208.67.222.222.53: udp 40
391: 08:15:13.005660 802.1Q vlan#2 P0 192.168.60.20.59092 > 208.67.222.222.53: udp 33
392: 08:15:13.995065 802.1Q vlan#2 P0 192.168.60.20.58440 > 208.67.222.222.53: udp 34
394: 08:15:14.001922 802.1Q vlan#2 P0 192.168.60.20.63442 > 208.67.222.222.53: udp 40
396: 08:15:14.002868 802.1Q vlan#2 P0 192.168.60.20.62373 > 208.67.222.222.53: udp 40
397: 08:15:14.003082 802.1Q vlan#2 P0 192.168.60.20.65017 > 208.67.222.222.53: udp 40
400: 08:15:14.004104 802.1Q vlan#2 P0 192.168.60.20.59092 > 208.67.222.222.53: udp 33
418: 08:15:15.995416 802.1Q vlan#2 P0 192.168.60.20.58440 > 208.67.222.222.53: udp 34
422: 08:15:16.002334 802.1Q vlan#2 P0 192.168.60.20.63442 > 208.67.222.222.53: udp 40
426: 08:15:16.003570 802.1Q vlan#2 P0 192.168.60.20.62373 > 208.67.222.222.53: udp 40
427: 08:15:16.003738 802.1Q vlan#2 P0 192.168.60.20.65017 > 208.67.222.222.53: udp 40
446: 08:15:17.302062 802.1Q vlan#2 P0 192.168.60.20.63130 > 208.67.222.222.53: udp 34
451: 08:15:18.172003 802.1Q vlan#2 P0 192.168.60.20.63438 > 208.67.222.222.53: udp 39
466: 08:15:18.993829 802.1Q vlan#2 P0 192.168.60.20.62143 > 208.67.222.222.53: udp 34
467: 08:15:19.000717 802.1Q vlan#2 P0 192.168.60.20.62168 > 208.67.222.222.53: udp 40
468: 08:15:19.000945 802.1Q vlan#2 P0 192.168.60.20.53798 > 208.67.222.222.53: udp 40
469: 08:15:19.002670 802.1Q vlan#2 P0 192.168.60.20.49384 > 208.67.222.222.53: udp 40
474: 08:15:19.695703 802.1Q vlan#2 P0 192.168.60.20.60662 > 208.67.222.222.53: udp 45
478: 08:15:19.994882 802.1Q vlan#2 P0 192.168.60.20.58440 > 208.67.222.222.53: udp 34
486: 08:15:20.002120 802.1Q vlan#2 P0 192.168.60.20.63442 > 208.67.222.222.53: udp 40
490: 08:15:20.003066 802.1Q vlan#2 P0 192.168.60.20.62373 > 208.67.222.222.53: udp 40
492: 08:15:20.003539 802.1Q vlan#2 P0 192.168.60.20.65017 > 208.67.222.222.53: udp 40
500: 08:15:20.303008 802.1Q vlan#2 P0 192.168.60.20.63130 > 208.67.222.222.53: udp 34
504: 08:15:20.411660 802.1Q vlan#2 P0 192.168.60.20.55911 > 208.67.222.222.53: udp 38
510: 08:15:20.984369 802.1Q vlan#2 P0 192.168.60.20.50215 > 208.67.222.222.53: udp 38
511: 08:15:21.171850 802.1Q vlan#2 P0 192.168.60.20.63438 > 208.67.222.222.53: udp 39
525: 08:15:21.983744 802.1Q vlan#2 P0 192.168.60.20.50215 > 208.67.222.222.53: udp 38
526: 08:15:21.993555 802.1Q vlan#2 P0 192.168.60.20.62143 > 208.67.222.222.53: udp 34
530: 08:15:22.000366 802.1Q vlan#2 P0 192.168.60.20.54586 > 208.67.222.222.53: udp 34
531: 08:15:22.001602 802.1Q vlan#2 P0 192.168.60.20.62168 > 208.67.222.222.53: udp 40
532: 08:15:22.001846 802.1Q vlan#2 P0 192.168.60.20.53798 > 208.67.222.222.53: udp 40
539: 08:15:22.004150 802.1Q vlan#2 P0 192.168.60.20.49384 > 208.67.222.222.53: udp 40
547: 08:15:22.986216 802.1Q vlan#2 P0 192.168.60.20.50215 > 208.67.222.222.53: udp 38
549: 08:15:22.999444 802.1Q vlan#2 P0 192.168.60.20.54586 > 208.67.222.222.53: udp 34
565: 08:15:23.999170 802.1Q vlan#2 P0 192.168.60.20.54586 > 208.67.222.222.53: udp 34
576: 08:15:24.303252 802.1Q vlan#2 P0 192.168.60.20.63130 > 208.67.222.222.53: udp 34
584: 08:15:24.985254 802.1Q vlan#2 P0 192.168.60.20.50215 > 208.67.222.222.53: udp 38
592: 08:15:25.172186 802.1Q vlan#2 P0 192.168.60.20.63438 > 208.67.222.222.53: udp 39
604: 08:15:25.994012 802.1Q vlan#2 P0 192.168.60.20.62143 > 208.67.222.222.53: udp 34
608: 08:15:25.998926 802.1Q vlan#2 P0 192.168.60.20.54586 > 208.67.222.222.53: udp 34
610: 08:15:26.001953 802.1Q vlan#2 P0 192.168.60.20.62168 > 208.67.222.222.53: udp 40
611: 08:15:26.002441 802.1Q vlan#2 P0 192.168.60.20.53798 > 208.67.222.222.53: udp 40
618: 08:15:26.004226 802.1Q vlan#2 P0 192.168.60.20.49384 > 208.67.222.222.53: udp 40
643: 08:15:28.986582 802.1Q vlan#2 P0 192.168.60.20.50215 > 208.67.222.222.53: udp 38
657: 08:15:29.999307 802.1Q vlan#2 P0 192.168.60.20.54586 > 208.67.222.222.53: udp 34
681: 08:15:31.458914 802.1Q vlan#2 P0 192.168.60.20.63467 > 208.67.222.222.53: udp 37
685: 08:15:31.724190 802.1Q vlan#2 P0 192.168.60.20.53683 > 208.67.222.222.53: udp 39
691: 08:15:31.875671 802.1Q vlan#2 P0 192.168.60.20.54302 > 208.67.222.222.53: udp 37
700: 08:15:32.723961 802.1Q vlan#2 P0 192.168.60.20.53683 > 208.67.222.222.53: udp 39
706: 08:15:33.724877 802.1Q vlan#2 P0 192.168.60.20.53683 > 208.67.222.222.53: udp 39
712: 08:15:35.725670 802.1Q vlan#2 P0 192.168.60.20.53683 > 208.67.222.222.53: udp 39
724: 08:15:39.726814 802.1Q vlan#2 P0 192.168.60.20.53683 > 208.67.222.222.53: udp 39
732: 08:15:41.453269 802.1Q vlan#2 P0 192.168.60.20.64218 > 208.67.222.222.53: udp 34
754: 08:15:43.453315 802.1Q vlan#2 P0 192.168.60.20.64218 > 208.67.222.222.53: udp 34
764: 08:15:43.995737 802.1Q vlan#2 P0 192.168.60.20.53749 > 208.67.222.222.53: udp 34
786: 08:15:45.994760 802.1Q vlan#2 P0 192.168.60.20.53749 > 208.67.222.222.53: udp 34
795: 08:15:47.451194 802.1Q vlan#2 P0 192.168.60.20.64429 > 208.67.222.222.53: udp 34
797: 08:15:47.454276 802.1Q vlan#2 P0 192.168.60.20.64218 > 208.67.222.222.53: udp 34
806: 08:15:48.285110 802.1Q vlan#2 P0 192.168.60.20.55170 > 208.67.222.222.53: udp 39
821: 08:15:49.451209 802.1Q vlan#2 P0 192.168.60.20.64429 > 208.67.222.222.53: udp 34
826: 08:15:49.979868 802.1Q vlan#2 P0 192.168.60.20.53423 > 208.67.222.222.53: udp 38
828: 08:15:49.994058 802.1Q vlan#2 P0 192.168.60.20.53749 > 208.67.222.222.53: udp 34
830: 08:15:50.285217 802.1Q vlan#2 P0 192.168.60.20.55170 > 208.67.222.222.53: udp 39
845: 08:15:51.979777 802.1Q vlan#2 P0 192.168.60.20.53423 > 208.67.222.222.53: udp 38
856: 08:15:53.450660 802.1Q vlan#2 P0 192.168.60.20.64429 > 208.67.222.222.53: udp 34
864: 08:15:54.008330 802.1Q vlan#2 P0 192.168.60.20.58160 > 208.67.222.222.53: udp 34
865: 08:15:54.285507 802.1Q vlan#2 P0 192.168.60.20.55170 > 208.67.222.222.53: udp 39
872: 08:15:55.008437 802.1Q vlan#2 P0 192.168.60.20.58160 > 208.67.222.222.53: udp 34
876: 08:15:55.980250 802.1Q vlan#2 P0 192.168.60.20.53423 > 208.67.222.222.53: udp 38
880: 08:15:56.009185 802.1Q vlan#2 P0 192.168.60.20.58160 > 208.67.222.222.53: udp 34
886: 08:15:58.009902 802.1Q vlan#2 P0 192.168.60.20.58160 > 208.67.222.222.53: udp 34
902: 08:16:00.006957 802.1Q vlan#2 P0 192.168.60.20.58798 > 208.67.222.222.53: udp 34
908: 08:16:00.837679 802.1Q vlan#2 P0 192.168.60.20.58163 > 208.67.222.222.53: udp 39
910: 08:16:01.006377 802.1Q vlan#2 P0 192.168.60.20.58798 > 208.67.222.222.53: udp 34
914: 08:16:01.837221 802.1Q vlan#2 P0 192.168.60.20.58163 > 208.67.222.222.53: udp 39
915: 08:16:01.991724 802.1Q vlan#2 P0 192.168.60.20.55645 > 208.67.222.222.53: udp 34
916: 08:16:02.007217 802.1Q vlan#2 P0 192.168.60.20.58798 > 208.67.222.222.53: udp 34
918: 08:16:02.010161 802.1Q vlan#2 P0 192.168.60.20.58160 > 208.67.222.222.53: udp 34
923: 08:16:02.838182 802.1Q vlan#2 P0 192.168.60.20.58163 > 208.67.222.222.53: udp 39
925: 08:16:02.991007 802.1Q vlan#2 P0 192.168.60.20.55645 > 208.67.222.222.53: udp 34
931: 08:16:03.990885 802.1Q vlan#2 P0 192.168.60.20.55645 > 208.67.222.222.53: udp 34
932: 08:16:04.007842 802.1Q vlan#2 P0 192.168.60.20.58798 > 208.67.222.222.53: udp 34
938: 08:16:04.838823 802.1Q vlan#2 P0 192.168.60.20.58163 > 208.67.222.222.53: udp 39
945: 08:16:05.990610 802.1Q vlan#2 P0 192.168.60.20.55645 > 208.67.222.222.53: udp 34
957: 08:16:08.009215 802.1Q vlan#2 P0 192.168.60.20.58798 > 208.67.222.222.53: udp 34
964: 08:16:08.840425 802.1Q vlan#2 P0 192.168.60.20.58163 > 208.67.222.222.53: udp 39
970: 08:16:09.991052 802.1Q vlan#2 P0 192.168.60.20.55645 > 208.67.222.222.53: udp 34
1005: 08:16:16.981287 802.1Q vlan#2 P0 192.168.60.20.53038 > 208.67.222.222.53: udp 38
1008: 08:16:17.391352 802.1Q vlan#2 P0 192.168.60.20.49778 > 208.67.222.222.53: udp 39
1010: 08:16:18.981348 802.1Q vlan#2 P0 192.168.60.20.53038 > 208.67.222.222.53: udp 38
1015: 08:16:19.391428 802.1Q vlan#2 P0 192.168.60.20.49778 > 208.67.222.222.53: udp 39
1022: 08:16:22.982645 802.1Q vlan#2 P0 192.168.60.20.53038 > 208.67.222.222.53: udp 38
1027: 08:16:23.403650 802.1Q vlan#2 P0 192.168.60.20.49778 > 208.67.222.222.53: udp 39
1032: 08:16:24.014434 802.1Q vlan#2 P0 192.168.60.20.54274 > 208.67.222.222.53: udp 34
1059: 08:16:26.014113 802.1Q vlan#2 P0 192.168.60.20.54274 > 208.67.222.222.53: udp 34
1096: 08:16:29.956737 802.1Q vlan#2 P0 192.168.60.20.61328 > 208.67.222.222.53: udp 39
1097: 08:16:30.013381 802.1Q vlan#2 P0 192.168.60.20.54274 > 208.67.222.222.53: udp 34
1099: 08:16:30.939343 802.1Q vlan#2 P0 192.168.60.20.58681 > 208.67.222.222.53: udp 40
1100: 08:16:30.939572 802.1Q vlan#2 P0 192.168.60.20.51180 > 208.67.222.222.53: udp 40
1101: 08:16:30.939801 802.1Q vlan#2 P0 192.168.60.20.53388 > 208.67.222.222.53: udp 40
1102: 08:16:30.956081 802.1Q vlan#2 P0 192.168.60.20.61328 > 208.67.222.222.53: udp 39
1106: 08:16:31.938870 802.1Q vlan#2 P0 192.168.60.20.58681 > 208.67.222.222.53: udp 40
1107: 08:16:31.939099 802.1Q vlan#2 P0 192.168.60.20.51180 > 208.67.222.222.53: udp 40
1108: 08:16:31.939785 802.1Q vlan#2 P0 192.168.60.20.53388 > 208.67.222.222.53: udp 40
1109: 08:16:31.956890 802.1Q vlan#2 P0 192.168.60.20.61328 > 208.67.222.222.53: udp 39
1112: 08:16:32.938916 802.1Q vlan#2 P0 192.168.60.20.51180 > 208.67.222.222.53: udp 40
1113: 08:16:32.939145 802.1Q vlan#2 P0 192.168.60.20.58681 > 208.67.222.222.53: udp 40
1116: 08:16:32.940075 802.1Q vlan#2 P0 192.168.60.20.53388 > 208.67.222.222.53: udp 40
1140: 08:16:33.956401 802.1Q vlan#2 P0 192.168.60.20.61328 > 208.67.222.222.53: udp 39
1148: 08:16:34.939740 802.1Q vlan#2 P0 192.168.60.20.58681 > 208.67.222.222.53: udp 40
1149: 08:16:34.939999 802.1Q vlan#2 P0 192.168.60.20.51180 > 208.67.222.222.53: udp 40
1150: 08:16:34.940228 802.1Q vlan#2 P0 192.168.60.20.53388 > 208.67.222.222.53: udp 40
1161: 08:16:36.936810 802.1Q vlan#2 P0 192.168.60.20.59595 > 208.67.222.222.53: udp 40
1162: 08:16:36.937970 802.1Q vlan#2 P0 192.168.60.20.59578 > 208.67.222.222.53: udp 40
1163: 08:16:36.938244 802.1Q vlan#2 P0 192.168.60.20.64549 > 208.67.222.222.53: udp 40
1168: 08:16:37.936002 802.1Q vlan#2 P0 192.168.60.20.59595 > 208.67.222.222.53: udp 40
1169: 08:16:37.936948 802.1Q vlan#2 P0 192.168.60.20.59578 > 208.67.222.222.53: udp 40
1170: 08:16:37.938046 802.1Q vlan#2 P0 192.168.60.20.64549 > 208.67.222.222.53: udp 40
1171: 08:16:37.955883 802.1Q vlan#2 P0 192.168.60.20.61328 > 208.67.222.222.53: udp 39
1175: 08:16:38.936948 802.1Q vlan#2 P0 192.168.60.20.59595 > 208.67.222.222.53: udp 40
1177: 08:16:38.937817 802.1Q vlan#2 P0 192.168.60.20.59578 > 208.67.222.222.53: udp 40
1179: 08:16:38.938763 802.1Q vlan#2 P0 192.168.60.20.64549 > 208.67.222.222.53: udp 40
1181: 08:16:38.939709 802.1Q vlan#2 P0 192.168.60.20.58681 > 208.67.222.222.53: udp 40
1185: 08:16:38.941006 802.1Q vlan#2 P0 192.168.60.20.51180 > 208.67.222.222.53: udp 40
1186: 08:16:38.941220 802.1Q vlan#2 P0 192.168.60.20.53388 > 208.67.222.222.53: udp 40
1195: 08:16:40.937512 802.1Q vlan#2 P0 192.168.60.20.59578 > 208.67.222.222.53: udp 40
1196: 08:16:40.937741 802.1Q vlan#2 P0 192.168.60.20.59595 > 208.67.222.222.53: udp 40
1199: 08:16:40.939602 802.1Q vlan#2 P0 192.168.60.20.64549 > 208.67.222.222.53: udp 40
1208: 08:16:42.005874 802.1Q vlan#2 P0 192.168.60.20.61007 > 208.67.222.222.53: udp 38
1216: 08:16:43.005202 802.1Q vlan#2 P0 192.168.60.20.61007 > 208.67.222.222.53: udp 38
1229: 08:16:44.006026 802.1Q vlan#2 P0 192.168.60.20.61007 > 208.67.222.222.53: udp 38
1237: 08:16:44.939419 802.1Q vlan#2 P0 192.168.60.20.59595 > 208.67.222.222.53: udp 40
1238: 08:16:44.939908 802.1Q vlan#2 P0 192.168.60.20.59578 > 208.67.222.222.53: udp 40
1245: 08:16:44.941494 802.1Q vlan#2 P0 192.168.60.20.64549 > 208.67.222.222.53: udp 40
1275: 08:16:46.006011 802.1Q vlan#2 P0 192.168.60.20.61007 > 208.67.222.222.53: udp 38
1321: 08:16:50.007079 802.1Q vlan#2 P0 192.168.60.20.61007 > 208.67.222.222.53: udp 38
1398: 08:17:10.994073 802.1Q vlan#2 P0 192.168.60.20.63745 > 208.67.222.222.53: udp 38
1401: 08:17:12.992517 802.1Q vlan#2 P0 192.168.60.20.63745 > 208.67.222.222.53: udp 38
1426: 08:17:15.766638 802.1Q vlan#2 P0 192.168.60.20.64128 > 208.67.222.222.53: udp 39
1429: 08:17:16.992761 802.1Q vlan#2 P0 192.168.60.20.63745 > 208.67.222.222.53: udp 38
1433: 08:17:17.766729 802.1Q vlan#2 P0 192.168.60.20.64128 > 208.67.222.222.53: udp 39
1441: 08:17:21.767050 802.1Q vlan#2 P0 192.168.60.20.64128 > 208.67.222.222.53: udp 39
1452: 08:17:26.504170 802.1Q vlan#2 P0 192.168.60.20.51346 > 208.67.222.222.53: udp 39
1463: 08:17:27.504032 802.1Q vlan#2 P0 192.168.60.20.51346 > 208.67.222.222.53: udp 39
1465: 08:17:28.318953 802.1Q vlan#2 P0 192.168.60.20.49753 > 208.67.222.222.53: udp 39
1466: 08:17:28.504887 802.1Q vlan#2 P0 192.168.60.20.51346 > 208.67.222.222.53: udp 39
1468: 08:17:29.319212 802.1Q vlan#2 P0 192.168.60.20.49753 > 208.67.222.222.53: udp 39
1475: 08:17:30.319746 802.1Q vlan#2 P0 192.168.60.20.49753 > 208.67.222.222.53: udp 39
1479: 08:17:30.505512 802.1Q vlan#2 P0 192.168.60.20.51346 > 208.67.222.222.53: udp 39
1484: 08:17:32.320356 802.1Q vlan#2 P0 192.168.60.20.49753 > 208.67.222.222.53: udp 39
1493: 08:17:34.507297 802.1Q vlan#2 P0 192.168.60.20.51346 > 208.67.222.222.53: udp 39
1498: 08:17:35.987299 802.1Q vlan#2 P0 192.168.60.20.50211 > 208.67.222.222.53: udp 38
1504: 08:17:36.321623 802.1Q vlan#2 P0 192.168.60.20.49753 > 208.67.222.222.53: udp 39
1512: 08:17:36.986475 802.1Q vlan#2 P0 192.168.60.20.50211 > 208.67.222.222.53: udp 38
1513: 08:17:37.987406 802.1Q vlan#2 P0 192.168.60.20.50211 > 208.67.222.222.53: udp 38
1521: 08:17:39.988001 802.1Q vlan#2 P0 192.168.60.20.50211 > 208.67.222.222.53: udp 38
1940: 08:19:32.749732 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.65521: udp 91
2126: 08:19:46.482335 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.61347: udp 50
2169: 08:19:50.479681 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.61347: udp 50
2200: 08:19:54.485921 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.61347: udp 50
2235: 08:19:58.700113 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.57408: udp 50
2275: 08:20:02.700113 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.57408: udp 50
2300: 08:20:06.380931 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.61124: udp 139
2303: 08:20:06.697321 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.57408: udp 50
2310: 08:20:07.624113 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.59656: udp 184
2313: 08:20:08.222202 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.63181: udp 112
2314: 08:20:08.222263 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.50007: udp 70
2335: 08:20:09.764441 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.51040: udp 91
2345: 08:20:10.380839 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.61124: udp 139
2354: 08:20:11.624235 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.59656: udp 184
2361: 08:20:12.093821 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.56090: udp 131
2362: 08:20:12.202458 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.63181: udp 112
2363: 08:20:12.206364 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.50007: udp 70
2373: 08:20:12.696466 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.51948: udp 50
2384: 08:20:14.200886 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.64562: udp 112
2385: 08:20:14.205311 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.63143: udp 70
2387: 08:20:14.378062 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.61124: udp 139
2399: 08:20:22.627012 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.50607: udp 108
2407: 08:20:23.801136 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.51512: udp 195
2417: 08:20:24.940777 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.62374: udp 184
2423: 08:20:25.811771 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.61821: udp 91
2432: 08:20:26.646801 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.60226: udp 108
2433: 08:20:26.692606 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.54228: udp 50
2452: 08:20:27.801167 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.51512: udp 195
2461: 08:20:28.941510 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.62374: udp 184
2463: 08:20:29.230990 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.52123: udp 139
2465: 08:20:29.912260 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.61877: udp 65
2467: 08:20:30.000976 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.57311: udp 112
2474: 08:20:30.646664 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.60226: udp 108
2476: 08:20:30.689737 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.54228: udp 50
2491: 08:20:31.800678 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.51512: udp 195
2500: 08:20:32.938428 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.62374: udp 184
2503: 08:20:33.229037 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.52123: udp 139
2507: 08:20:33.444541 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.51060: udp 70
2512: 08:20:33.909590 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.61877: udp 65
2514: 08:20:34.001296 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.57311: udp 112
2522: 08:20:34.646511 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.60226: udp 108
2524: 08:20:34.690027 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.54228: udp 50
2530: 08:20:35.997705 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.52341: udp 112
2538: 08:20:37.228656 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.52123: udp 139
2540: 08:20:37.441886 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.51060: udp 70
2544: 08:20:37.909926 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.61877: udp 65
2548: 08:20:38.001113 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.57311: udp 112
2555: 08:20:38.651318 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.56407: udp 108
2561: 08:20:39.440818 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.53603: udp 70
2569: 08:20:39.997857 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.52341: udp 112
2575: 08:20:41.228519 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.63240: udp 185
2578: 08:20:41.446708 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.51060: udp 70
2589: 08:20:42.646664 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.56407: udp 108
2598: 08:20:43.440666 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.53603: udp 70
2604: 08:20:43.997354 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.52341: udp 112
2618: 08:20:45.163275 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.63149: udp 65
2619: 08:20:45.227817 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.63240: udp 185
2621: 08:20:45.251924 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.57764: udp 112
2626: 08:20:46.130547 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.61026: udp 195
2632: 08:20:46.643567 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.56407: udp 108
2638: 08:20:47.440742 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.53603: udp 70
2644: 08:20:48.162879 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.63149: udp 65
2646: 08:20:48.251512 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.57764: udp 112
2648: 08:20:48.694986 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.49312: udp 70
2652: 08:20:49.130867 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.61026: udp 195
2654: 08:20:49.228625 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.63240: udp 185
2663: 08:20:51.251146 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.61384: udp 112
2666: 08:20:51.647091 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.52622: udp 108
2667: 08:20:51.694589 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.49312: udp 70
2670: 08:20:52.160193 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.63149: udp 65
2674: 08:20:52.251360 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.57764: udp 112
2679: 08:20:53.100306 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.56042: udp 131
2680: 08:20:53.129448 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.61026: udp 195
2685: 08:20:54.250765 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.61384: udp 112
2687: 08:20:54.646161 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.52622: udp 108
2689: 08:20:54.696726 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.52496: udp 70
2691: 08:20:55.697412 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.49312: udp 70
2693: 08:20:56.097971 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.56042: udp 131
2700: 08:20:57.693369 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.52496: udp 70
2703: 08:20:58.250109 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.61384: udp 112
2705: 08:20:58.646008 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.52622: udp 108
2708: 08:21:00.097819 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.56042: udp 131
2713: 08:21:01.693308 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.52496: udp 70
2718: 08:21:02.823626 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.63251: udp 91
2719: 08:21:02.948177 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.51292: udp 70
2722: 08:21:03.646023 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.63250: udp 108
2729: 08:21:05.947399 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.51292: udp 70
2734: 08:21:06.648678 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.63250: udp 108
2743: 08:21:08.911467 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.61647: udp 195
2744: 08:21:08.946865 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.60298: udp 70
2748: 08:21:09.950069 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.51292: udp 70
2751: 08:21:10.643521 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.63250: udp 108
2754: 08:21:11.910627 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.61647: udp 195
2756: 08:21:11.946530 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.60298: udp 70
2767: 08:21:15.130623 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.61338: udp 117
2770: 08:21:15.646527 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.51375: udp 108
2774: 08:21:15.909453 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.61647: udp 195
2776: 08:21:15.943844 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.60298: udp 70
2783: 08:21:17.200947 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.64763: udp 70
2787: 08:21:18.130104 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.61338: udp 117
2790: 08:21:18.645565 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.51375: udp 108
2793: 08:21:20.198033 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.64763: udp 70
2799: 08:21:22.127434 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.61338: udp 117
2802: 08:21:22.513309 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.51759: udp 70
2803: 08:21:22.643460 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.51375: udp 108
2805: 08:21:23.197652 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.49516: udp 70
2811: 08:21:24.202885 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.64763: udp 70
2814: 08:21:24.904906 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.60682: udp 236
2817: 08:21:25.510471 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.51759: udp 70
2821: 08:21:26.196797 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.49516: udp 70
2825: 08:21:27.646023 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.59714: udp 108
2827: 08:21:27.883941 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.60682: udp 236
2833: 08:21:29.407174 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.60724: udp 65
2834: 08:21:29.510273 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.51759: udp 70
2838: 08:21:30.196629 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.49516: udp 70
2843: 08:21:30.645703 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.59714: udp 108
2844: 08:21:30.883072 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.53426: udp 236
2846: 08:21:31.451636 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.62205: udp 70
2848: 08:21:31.886230 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.60682: udp 236
2851: 08:21:32.406946 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.60724: udp 65
2858: 08:21:33.882171 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.53426: udp 236
2862: 08:21:34.451209 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.62205: udp 70
2864: 08:21:34.642941 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.59714: udp 108
2871: 08:21:35.948116 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.60127: udp 195
2872: 08:21:36.406595 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.60724: udp 65
2875: 08:21:36.909331 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.65140: udp 222
2877: 08:21:37.449866 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.59320: udp 70
2878: 08:21:37.880005 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.53426: udp 236
2883: 08:21:38.456137 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.62205: udp 70
2884: 08:21:38.944699 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.60127: udp 195
2886: 08:21:39.888427 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.65140: udp 222
2890: 08:21:40.449485 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.59320: udp 70
2893: 08:21:41.321714 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.62421: udp 237
2899: 08:21:42.885528 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.60796: udp 222
2900: 08:21:42.945065 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.60127: udp 195
2904: 08:21:43.657345 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.50140: udp 65
2906: 08:21:43.890731 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.65140: udp 222
2909: 08:21:44.298278 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.62421: udp 237
2912: 08:21:44.449531 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.59320: udp 70
2919: 08:21:45.704828 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.50687: udp 70
2920: 08:21:45.884658 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.60796: udp 222
2925: 08:21:46.657497 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.50140: udp 65
2928: 08:21:47.297958 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.57907: udp 237
2930: 08:21:48.300582 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.62421: udp 237
2934: 08:21:48.703653 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.50687: udp 70
2937: 08:21:49.831789 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.57908: udp 91
2938: 08:21:49.884491 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.60796: udp 222
2942: 08:21:50.297714 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.57907: udp 237
2943: 08:21:50.657299 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.50140: udp 65
2946: 08:21:51.703119 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.55290: udp 70
2950: 08:21:52.706308 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.50687: udp 70
2951: 08:21:53.303741 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.53899: udp 237
2952: 08:21:54.297363 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.57907: udp 237
2956: 08:21:54.702402 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.55290: udp 70
2960: 08:21:56.302810 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.53899: udp 237
2965: 08:21:57.908095 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.60934: udp 117
2968: 08:21:58.702035 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.55290: udp 70
2972: 08:21:59.302428 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.63799: udp 237
2975: 08:21:59.977564 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.51380: udp 76
2979: 08:22:00.307631 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.53899: udp 237
2984: 08:22:00.907667 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.60934: udp 117
2986: 08:22:01.284164 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.51226: udp 108
2990: 08:22:02.302688 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.63799: udp 237
2993: 08:22:02.956646 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.51380: udp 76
2995: 08:22:02.987848 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.55596: udp 195
3001: 08:22:04.283783 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.51226: udp 108
3004: 08:22:04.907072 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.60934: udp 117
3009: 08:22:05.955822 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.64295: udp 76
3010: 08:22:05.984934 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.55596: udp 195
3012: 08:22:06.301864 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.63799: udp 237
3016: 08:22:06.958934 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.51380: udp 76
3022: 08:22:08.280640 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.51226: udp 108
3029: 08:22:08.955440 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.64295: udp 76
3032: 08:22:09.910627 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.57632: udp 117
3033: 08:22:09.987238 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.55596: udp 195
3035: 08:22:10.246538 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.60678: udp 131
3042: 08:22:11.959514 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.62946: udp 76
3044: 08:22:12.909758 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.57632: udp 117
3046: 08:22:12.952709 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.64295: udp 76
3049: 08:22:13.245653 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.60678: udp 131
3056: 08:22:14.956554 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.62946: udp 76
3062: 08:22:16.906996 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.57632: udp 117
3065: 08:22:17.248507 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.60678: udp 131
3068: 08:22:17.957820 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.57216: udp 76
3071: 08:22:18.956493 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.62946: udp 76
3077: 08:22:20.958004 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.57216: udp 76
3083: 08:22:23.961543 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.64402: udp 76
3086: 08:22:24.957271 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.57216: udp 76
3089: 08:22:25.054562 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.60597: udp 237
3092: 08:22:26.958675 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.64402: udp 76
3096: 08:22:28.046246 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.60597: udp 237
3100: 08:22:29.960353 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.51515: udp 76
3102: 08:22:30.029570 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.51928: udp 195
3105: 08:22:30.958049 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.64402: udp 76
3108: 08:22:31.020689 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.54204: udp 70
3110: 08:22:31.032819 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.64172: udp 237
3113: 08:22:32.036069 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.60597: udp 237
3115: 08:22:32.960002 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.51515: udp 76
3117: 08:22:33.024214 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.51928: udp 195
3120: 08:22:34.019850 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.54204: udp 70
3122: 08:22:34.032392 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.64172: udp 237
3126: 08:22:35.963649 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.58593: udp 76
3127: 08:22:36.918943 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.52177: udp 117
3128: 08:22:36.957302 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.51515: udp 76
3131: 08:22:37.024031 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.51928: udp 195
3134: 08:22:38.020155 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.54204: udp 70
3137: 08:22:38.034971 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.64172: udp 237
3138: 08:22:38.963451 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.58593: udp 76
3141: 08:22:39.916075 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.52177: udp 117
3144: 08:22:41.962337 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.55848: udp 76
3147: 08:22:42.905608 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.54153: udp 260
3149: 08:22:42.965037 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.58593: udp 76
3153: 08:22:43.915739 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.52177: udp 117
3159: 08:22:44.961498 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.55848: udp 76
3162: 08:22:45.904860 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.54153: udp 260
3165: 08:22:46.842790 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.54154: udp 91
3169: 08:22:47.966121 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.50849: udp 76
3170: 08:22:48.894881 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.55040: udp 236
3171: 08:22:48.918317 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.63098: udp 117
3172: 08:22:48.959026 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.55848: udp 76
3177: 08:22:49.905165 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.54153: udp 260
3180: 08:22:50.965282 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.50849: udp 76
3182: 08:22:51.894179 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.55040: udp 236
3183: 08:22:51.917417 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.63098: udp 117
3188: 08:22:53.964839 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.64023: udp 76
3192: 08:22:54.893157 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.57213: udp 236
3193: 08:22:54.963039 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.50849: udp 76
3199: 08:22:55.898970 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.55040: udp 236
3200: 08:22:55.917707 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.63098: udp 117
3205: 08:22:56.963954 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.64023: udp 76
3207: 08:22:57.064953 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.56311: udp 195
3211: 08:22:57.892760 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.57213: udp 236
3219: 08:22:59.968089 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.63271: udp 76
3220: 08:23:00.064877 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.56311: udp 195
3223: 08:23:00.899382 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.52883: udp 222
3224: 08:23:00.918241 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.63492: udp 65
3225: 08:23:00.964015 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.64023: udp 76
3228: 08:23:01.892562 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.57213: udp 236
3233: 08:23:02.967235 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.63271: udp 76
3237: 08:23:03.898650 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.52883: udp 222
3240: 08:23:03.917433 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.63492: udp 65
3242: 08:23:04.061871 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.56311: udp 195
3248: 08:23:05.966853 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.49426: udp 76
3249: 08:23:06.105661 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.59421: udp 260
3250: 08:23:06.897582 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.54348: udp 222
3253: 08:23:06.969966 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.63271: udp 76
3254: 08:23:07.104395 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.59421: udp 260
3256: 08:23:07.900817 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.52883: udp 222
3258: 08:23:07.917188 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.63492: udp 65
3260: 08:23:08.121102 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.59421: udp 260
3262: 08:23:08.965968 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.49426: udp 76
3267: 08:23:09.894790 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.54348: udp 222
3269: 08:23:10.103510 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.59421: udp 260
3273: 08:23:12.966594 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.49426: udp 76
3276: 08:23:13.894591 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.54348: udp 222
3278: 08:23:14.105325 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.59421: udp 260
3283: 08:23:15.168524 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.64971: udp 65
3290: 08:23:18.168692 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.64971: udp 65
3297: 08:23:22.167975 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.64971: udp 65
3300: 08:23:24.102426 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.59518: udp 195
3304: 08:23:25.966487 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.63456: udp 70
3311: 08:23:27.101526 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.59518: udp 195
3317: 08:23:28.965602 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.63456: udp 70
3320: 08:23:29.418755 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.63330: udp 117
3326: 08:23:31.101343 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.59518: udp 195
3329: 08:23:31.919706 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.52792: udp 108
3330: 08:23:31.962825 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.51619: udp 70
3331: 08:23:32.415872 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.63330: udp 117
3337: 08:23:32.968532 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.63456: udp 70
3342: 08:23:34.921384 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.52792: udp 108
3343: 08:23:34.962093 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.51619: udp 70
3347: 08:23:36.416161 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.63330: udp 117
3355: 08:23:38.918653 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.52792: udp 108
3357: 08:23:38.961681 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.51619: udp 70
3362: 08:23:40.219242 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.52373: udp 70
3367: 08:23:41.420983 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.60196: udp 117
3368: 08:23:41.426140 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.52680: udp 70
3374: 08:23:43.218341 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.52373: udp 70
3378: 08:23:44.417840 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.60196: udp 117
3381: 08:23:44.422967 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.52680: udp 70
3391: 08:23:46.217991 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.51938: udp 70
3398: 08:23:47.220706 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.52373: udp 70
3403: 08:23:48.418160 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.60196: udp 117
3406: 08:23:48.423058 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.52680: udp 70
3411: 08:23:49.217655 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.51938: udp 70
3422: 08:23:51.141533 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.55883: udp 195
3433: 08:23:53.214939 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.51938: udp 70
3440: 08:23:54.145637 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.55883: udp 195
3441: 08:23:54.469442 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.53554: udp 70
3450: 08:23:57.469061 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.53554: udp 70
3455: 08:23:58.140999 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.55883: udp 195
3461: 08:24:00.468695 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.58757: udp 70
3464: 08:24:01.468969 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.53554: udp 70
3469: 08:24:03.467810 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.58757: udp 70
3480: 08:24:07.427132 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.51241: udp 117
3483: 08:24:07.467733 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.58757: udp 70
3487: 08:24:08.722130 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.53884: udp 70
3491: 08:24:10.430275 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.51241: udp 117
3496: 08:24:11.722237 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.53884: udp 70
3505: 08:24:14.426064 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.51241: udp 117
3507: 08:24:14.720864 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.59532: udp 70
3511: 08:24:14.906035 802.1Q vlan#2 P0 208.67.222.222 > 172.26.20.22: icmp: echo reply
3515: 08:24:15.724068 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.53884: udp 70
3521: 08:24:17.720498 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.59532: udp 70
3523: 08:24:18.181677 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.52120: udp 195
3526: 08:24:19.428612 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.58045: udp 117
3528: 08:24:19.887054 802.1Q vlan#2 P0 208.67.222.222 > 172.26.20.22: icmp: echo reply
3531: 08:24:21.178304 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.52120: udp 195
3535: 08:24:21.720299 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.59532: udp 70
3538: 08:24:22.428231 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.58045: udp 117
3540: 08:24:22.975321 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.55981: udp 70
3542: 08:24:24.885620 802.1Q vlan#2 P0 208.67.222.222 > 172.26.20.22: icmp: echo reply
3544: 08:24:25.178777 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.52120: udp 195
3549: 08:24:25.977915 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.55981: udp 70
3550: 08:24:26.428093 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.58045: udp 117
3553: 08:24:26.571671 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.54072: udp 108
3557: 08:24:28.974055 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.61441: udp 70
3558: 08:24:29.571351 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.54072: udp 108
3560: 08:24:29.885864 802.1Q vlan#2 P0 208.67.222.222 > 172.26.20.22: icmp: echo reply
3562: 08:24:29.979273 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.55981: udp 70
3564: 08:24:31.973139 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.61441: udp 70
3566: 08:24:33.573639 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.54072: udp 108
3572: 08:24:35.973963 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.61441: udp 70
3575: 08:24:37.225574 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.54778: udp 70
3578: 08:24:40.227695 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.54778: udp 70
3586: 08:24:43.224780 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.61415: udp 70
3588: 08:24:44.225009 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.54778: udp 70
3594: 08:24:45.218357 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.59345: udp 195
3599: 08:24:46.225909 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.61415: udp 70
3603: 08:24:48.217472 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.59345: udp 195
3605: 08:24:48.437309 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.64239: udp 117
3609: 08:24:50.223697 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.61415: udp 70
3612: 08:24:51.435310 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.64239: udp 117
3614: 08:24:51.478262 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.60625: udp 76
3616: 08:24:52.217807 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.59345: udp 195
3619: 08:24:52.798359 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.57029: udp 70
3622: 08:24:54.477926 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.60625: udp 76
3625: 08:24:55.433113 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.64239: udp 117
3629: 08:24:55.798222 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.57029: udp 70
3634: 08:24:57.477499 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.65124: udp 76
3638: 08:24:58.483281 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.60625: udp 76
3642: 08:24:59.797306 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.57029: udp 70
3645: 08:25:00.438408 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.50075: udp 117
3646: 08:25:00.478857 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.65124: udp 76
3651: 08:25:03.435371 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.50075: udp 117
3652: 08:25:03.480749 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.57210: udp 76
3654: 08:25:04.474020 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.65124: udp 76
3660: 08:25:06.480352 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.57210: udp 76
3662: 08:25:07.435066 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.50075: udp 117
3667: 08:25:09.479497 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.52037: udp 76
3670: 08:25:10.487187 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.57210: udp 76
3673: 08:25:12.258485 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.59263: udp 195
3674: 08:25:12.478612 802.1Q vlan#2 P0 208.67.222.222.53 > 172.26.20.22.52037: udp 76
mxfw(config)# sho cap capo
16 packets captured
1: 08:49:55.933347 802.1Q vlan#2 P0 192.168.1.231 > 208.67.222.222: icmp: echo request
2: 08:49:55.961345 802.1Q vlan#2 P0 208.67.222.222 > 192.168.1.231: icmp: echo reply
3: 08:50:00.697122 802.1Q vlan#2 P0 192.168.1.231 > 208.67.222.222: icmp: echo request
4: 08:50:00.723915 802.1Q vlan#2 P0 208.67.222.222 > 192.168.1.231: icmp: echo reply
5: 08:50:05.696283 802.1Q vlan#2 P0 192.168.1.231 > 208.67.222.222: icmp: echo request
6: 08:50:05.721947 802.1Q vlan#2 P0 208.67.222.222 > 192.168.1.231: icmp: echo reply
7: 08:50:10.695474 802.1Q vlan#2 P0 192.168.1.231 > 208.67.222.222: icmp: echo request
8: 08:50:10.722466 802.1Q vlan#2 P0 208.67.222.222 > 192.168.1.231: icmp: echo reply
9: 08:24:14.880508 802.1Q vlan#2 P0 192.168.1.231 > 208.67.222.222: icmp: echo request
10: 08:24:14.906004 802.1Q vlan#2 P0 208.67.222.222 > 192.168.1.231: icmp: echo reply
11: 08:24:19.860780 802.1Q vlan#2 P0 192.168.1.231 > 208.67.222.222: icmp: echo request
12: 08:24:19.887023 802.1Q vlan#2 P0 208.67.222.222 > 192.168.1.231: icmp: echo reply
13: 08:24:24.859971 802.1Q vlan#2 P0 192.168.1.231 > 208.67.222.222: icmp: echo request
14: 08:24:24.885574 802.1Q vlan#2 P0 208.67.222.222 > 192.168.1.231: icmp: echo reply
15: 08:24:29.859147 802.1Q vlan#2 P0 192.168.1.231 > 208.67.222.222: icmp: echo request
16: 08:24:29.885833 802.1Q vlan#2 P0 208.67.222.222 > 192.168.1.231: icmp: echo reply
16 packets shown
mxfw(config)# sho cap capdmz
ERROR: Capture does not exist
mxfw(config)# sho cap capd
0 packet captured
0 packet shown
mxfw(config)# -
VB6 source code cannot connect to Oracle database after compile to file.exe
Hi All,
I have a problem about VB6 connect with Oracle database. It can connect as normal when run on VB program. After compiled to file.exe and execute, it cannot connect to Oracle database. What's going on ? Please advise? Thank you.
Here is sample of my code connection.
Option Explicit
Private wsData As New ADODB.Connection
wsData.ConnectionString = _
"Provider=MSDAORA.1;User ID=lsp;Password=lsp2007;Data Source=prd01;Persist Security Info=False"
wsData.Open
End sub
Rgads,
Ats.Hi,
I believe you're in the wrong forum, this forum is for Oracle Application Express.
Maybe you are looking for
-
Message error during a transfer order posting
Hi, in WM, in storage type I set "WM check based on palletization accord to SUT1" now when I post a transfer order the system replies with the following error message: Maximum quantity for storage bin A-011 will be exceeded by 1.000,000 KG I didn't
-
IPod Touch not being recognized in iTunes
Hello Apple Discussions, my name is Wong Meng. iPod Details: iPod Touch 4G FW: 4.2.1 I just ran across a problem with my iTouch where it would be recognized in Windows under My Computer, but iTunes would freeze and lag when it loaded when my Touch wa
-
Use of alternative field label in TMW
Hi, I'm using a customer-specific field under IMG>Time Management>Time Manager's Workplace >Screen Areas>Time Data>Define Table for Time Events and I want to change the field description displayed in TMW under the Time Events tab. I've tried to use t
-
Ical won't start. Getting an "ical quit unexpectedly" before it even starts
This is the error I am getting, any help is greatly appreciated. Dyld Error Message: Symbol not found: _CalDAVErrVirtualHostKey Referenced from: /Applications/iCal.app/Contents/MacOS/iCal Expected in: /System/Library/Frameworks/CalendarStore.framewor
-
HI Expert, I want to create a new customer infotype for maintan the arabic data for personal information like the name and address in infotype 0002 first 1) I want to know what the prefered way to do that is by enhancement the existing one 0002 or by