Packet Loss after Reboot of ASA 5510

Similar Messages

• Wifi packet loss after upgrading to 10.7.4

  After upgrading all three macs (mb pro, mb air, imac) in the house to 10.7.4 they all experience wifi packet loss.  I ping to the local router.  I have connected to a multitude of wireless routers with similar result.
  But here is strong evidence that is a the OS X software problem.  I am running linux inside of vmware fusion.  I have run the exact same ping commands simultaneously in (1) mac and (2) vmware linux.  The linux ping experiences zero packet loss, not even a single packet.  The mac at its best will lose 1% packets, but can increase beyond that.
  We are suffering from slow internet in our corrent location as it is, and this has a noticable impact on our performance.  I am a bit afraid to upgrade to Mountain Lion for fear it may be even worse.
  Any thoughts?

  Your
  com.apple.systempreferences.plist
  file is likely corrupt in your
  (use the Finder > Go > Go To folder and paste & Go)
  ~/Library/Preferences
  folder, Trash the flle you can (may be two of them, one is a lock file) and reboot.
  Reset your system preferences again.
  Also see OnyX here: It has a plist checker for corruption
  Step by Step to fix your Mac

• ME3600 packet loss problem - reboot to fix.

  One of our ME3600 units has developed a problem where we would lose IPv6 Neighbours and OSPFv3 neighbours, followed by the device not passing MPLS traffic. IPv4 traffic suffering bad packet loss.
  I discovered that devices attached to the Gigabit ports were receiving errored frames so the ME3600 seemed to be sending out bad frames.
  rebooting the device would fix it for a while but it kept happening at regular intervals, usually when the box was carrying more ipv6 traffic.
  We have upgraded to the latest firmware which did not help, and performed a full hardware replacement from Cisco only to find we are still seeing the same issue!
  there was no configuration change that I could point as being a catalyst for the problem, the most recent thing was enabling ipv6 VRFs, but IPv6 is also carried in the global table while we move some services around.po
  Has anyone else experienced similar problems with the ME3600?

  This sounds very similar to a problem we have seen across multiple boxes.
  I've not noticed whether OSPFv3 neighcors drop, however have seen MPLS stop forwarding and heavy v4 loss.  Control plane for v4 seems to stay up (ie v4 OSPF neighbors keep their adjacany) so routes still advertised etc.  Performing a shut / no shut of one of the core interfaces will generally result in a complete failure of the interfaces on that ASIC (the two 10G ports in our case) - can't ping adjacent devices after the no shut, but the GE ports still work.
  10G ports are core facing on our boxes, and adjacent neighbors see increasing input errors when the issue occurs.
  Issue has only been seen during peak traffic times.  Reboot fixes the problem.
  Did you find any resolution?  We've been pointed at CSCui23725, and advised to use the command "platform acl egress-disable".  This appears to be working so far.

• Packet loss after bonding + vlan

  Hi, I am hoping someone may help me with this issue:
  I have a motherboard with 2 Intel NICs.
  I created a bonding interface, mode = 4 (LACP), and assigned no IP to it.
  create one vlan to internet (dhcp)
  another vlan to local network (static)
  both NICs are connected to the same switch, and LACP configured on the ports
  Problem:
  ping from this one to any other pingable hosts gave strange result, more or less half of the packets are lost.
  when I pulled of one cable, the ping returned to normal...
  something is definitively wrong here, tried to connect the ports to two diffrent switches, same result.
  other computers using LACP has no such problem in the same network.
  If someone has any idea, I will be very greatful. otherwise it seems to be a very time consuming problem to solve. (I have tried to google yesterday without success).
  Thanks,
  Last edited by leihuang (2013-09-17 06:19:42)

  I located the issue of the packet loss. I have a security system that uploads FTP images of the cameras and after the reboot of the network, the only computer that wasn't shut down was the security camera PC.
  So I think what happened was after I brought everything back up, it was saturating the outgoing bandwidth, causing packet loss and high latency. Once I determined what it was and shut off the FTP image upload, the pings stabilized and it is working fine now. Trace routes are still not functioning, but I can live without that for now.

• VPN not working after adding subinterface - ASA 5510

  Hello,
  Currently I want to add a second lan (vlan) in a customers network. The new network will be for a wireless infrastructure.
  There is also VPN Configured on the ASA - One with L2TP for Windows Clients and an IPsec for Cisco Clients.
  Former we only had one outside (Eth0/0) and one inside interface (Eth0/1) on the ASA.
  Now I want to use the Eth0/2 with subinterfaces, so that we will be flexible for future, when deploying more vlans.
  But now, when i turn the first subinterface Eth0/2.2 to no-shut the VPN Connections does not work any more.
  Bulding up the VPN connection works, but it seems that the traffic is not tunneled. (I checked this, because tracert to an internal adress goes to the internet)
  Below there is my config, i don't know whats wrong. I think split-tunnel is configured correctly (because it works when i delete eth0/2.2)
  TREV is the network of this location.
  Company1,2,3 are remote locations.
  : Saved
  ASA Version 8.2(5)
  hostname XXXXXXX
  domain-name domain.lan
  enable password XXXXXXXXXXX encrypted
  passwd XXXXXXXXXX encrypted
  names
  name 192.168.100.0 TREV
  name 192.168.200.0 COMPANY3
  name XXXXXXXX Company1
  name 192.168.1.0 Company2
  name XXXXXXXXX GCT
  name XXXXXXXX BMD
  name 192.168.110.0 Wireless
  name 192.168.201.0 COMPANY3-VPN
  name 192.168.11.0 COMPANY2-VPN
  name 192.168.101.0 TREV-VPN
  interface Ethernet0/0
  description Outside
  nameif outside
  security-level 0
  ip address XXXXX 255.255.255.248
  interface Ethernet0/1
  description Inside
  nameif inside
  security-level 100
  ip address 192.168.100.1 255.255.255.0
  interface Ethernet0/2
  description Trunk Interface
  no nameif
  no security-level
  no ip address
  interface Ethernet0/2.2
  description Wireless
  vlan 110
  nameif wlan
  security-level 100
  ip address 192.168.110.1 255.255.255.0
  interface Ethernet0/3
  shutdown
  no nameif
  no security-level
  no ip address
  interface Management0/0
  nameif management
  security-level 100
  ip address 192.168.1.1 255.255.255.0
  management-only
  ftp mode passive
  dns domain-lookup inside
  dns server-group DefaultDNS
  name-server 192.168.100.10
  domain-name domain.lan
  dns server-group COMPANY2
  name-server 192.168.1.16
  domain-name domain.local
  dns server-group COMPANY3
  name-server 192.168.200.1
  domain-name domain.local
  same-security-traffic permit inter-interface
  same-security-traffic permit intra-interface
  object-group network VPN_Networks
  network-object COMPANY3 255.255.255.0
  network-object COMPANY3-VPN 255.255.255.0
  network-object COMPANY2 255.255.255.0
  network-object COMPANY2-VPN 255.255.255.0
  network-object TREV 255.255.255.0
  network-object TREV-VPN 255.255.255.0
  object-group network DM_INLINE_NETWORK_1
  network-object COMPANY2 255.255.255.0
  network-object COMPANY3 255.255.255.0
  network-object COMPANY3-VPN 255.255.255.0
  network-object COMPANY2-VPN 255.255.255.0
  network-object Wireless 255.255.255.0
  access-list INCOMING remark *** ICMP Erlauben ***
  access-list INCOMING extended permit icmp any any echo-reply
  access-list INCOMING extended permit icmp any any time-exceeded
  access-list INCOMING extended permit icmp any any unreachable
  access-list INCOMING extended permit icmp any any parameter-problem
  access-list INCOMING extended permit icmp any any source-quench
  access-list INCOMING extended permit icmp any any echo
  access-list INCOMING remark *** Wartung Company1 ***
  access-list INCOMING remark *** Wartung BMD ***
  access-list INCOMING remark *** Mail ***
  access-list ......
  access-list Trev-nat0 remark *** NoNat ***
  access-list Trev-nat0 extended permit ip TREV 255.255.255.0 object-group VPN_Networks
  access-list Trev-nat0 extended permit ip object-group VPN_Networks TREV 255.255.255.0
  access-list Trev-nat0 extended permit ip TREV 255.255.255.0 object-group DM_INLINE_NETWORK_1
  access-list DefaultRAGroup_splitTunnelAcl standard permit TREV 255.255.255.0
  access-list outside_1_cryptomap extended permit ip TREV 255.255.255.0 object-group DM_INLINE_NETWORK_1
  access-list inside_debug extended permit tcp any host 192.168.100.5
  access-list inside_debug extended permit tcp any TREV 255.255.255.0
  access-list Wireless-nat0 extended permit ip Wireless 255.255.255.0 TREV 255.255.255.0
  pager lines 24
  logging asdm informational
  mtu outside 1500
  mtu inside 1500
  mtu management 1500
  mtu wlan 1500
  ip local pool VPN-Pool 192.168.101.1-192.168.101.31 mask 255.255.255.0
  no failover
  icmp unreachable rate-limit 1 burst-size 1
  asdm image disk0:/asdm-645.bin
  no asdm history enable
  arp timeout 14400
  global (outside) 1 interface
  global (outside) 2 XXXXXXXXXXX
  nat (inside) 0 access-list Trev-nat0
  nat (inside) 2 192.168.100.25 255.255.255.255
  nat (inside) 2 192.168.100.250 255.255.255.255
  nat (inside) 1 TREV 255.255.255.0
  nat (wlan) 0 access-list Wireless-nat0
  static (inside,outside) tcp interface 444 192.168.100.10 444 netmask 255.255.255.255
  static (inside,outside) tcp interface https 192.168.100.10 https netmask 255.255.255.255
  .... a lot of statics..............
  static (inside,outside) tcp XXXXXXXXXX pop3 192.168.100.25 pop3 netmask 255.255.255.255
  static (inside,outside) tcp XXXXXXXXXX  995 192.168.100.25 995 netmask 255.255.255.255
  access-group INCOMING in interface outside
  route outside 0.0.0.0 0.0.0.0 XXXXXXXXXX  1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  dynamic-access-policy-record DfltAccessPolicy
  aaa-server RADIUS protocol radius
  aaa-server RADIUS (inside) host 192.168.100.10
  timeout 5
  key *****
  radius-common-pw *****
  aaa-server RADIUS2 protocol radius
  aaa-server RADIUS2 (inside) host 192.168.100.10
  key *****
  radius-common-pw *****
  aaa authentication ssh console LOCAL
  http server enable 4430
  http COMPANY2 255.255.255.0 management
  http TREV 255.255.255.0 inside
  http Company1 255.255.255.224 outside
  http 0.0.0.0 0.0.0.0 outside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
  crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
  crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
  crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
  crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
  crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
  crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
  crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
  crypto ipsec transform-set TRANS_ESP_3DES_MD5 esp-3des esp-md5-hmac
  crypto ipsec transform-set TRANS_ESP_3DES_MD5 mode transport
  crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac
  crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport
  crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
  crypto ipsec transform-set TRANS_ESP_AES_128_SHA esp-aes esp-sha-hmac
  crypto ipsec transform-set TRANS_ESP_AES_128_SHA mode transport
  crypto ipsec transform-set TRANS_ESP_AES_256_SHA esp-aes-256 esp-sha-hmac
  crypto ipsec transform-set TRANS_ESP_AES_256_SHA mode transport
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec security-association lifetime kilobytes 4608000
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 TRANS_ESP_AES_128_SHA TRANS_ESP_AES_256_SHA TRANS_ESP_3DES_MD5 TRANS_ESP_3DES_SHA
  crypto map outside_map 1 match address outside_1_cryptomap
  crypto map outside_map 1 set pfs group1
  crypto map outside_map 1 set peer 178.188.202.78
  crypto map outside_map 1 set transform-set ESP-3DES-SHA
  crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
  crypto map outside_map interface outside
  crypto isakmp enable outside
  crypto isakmp policy 10
  authentication pre-share
  encryption 3des
  hash md5
  group 2
  lifetime 86400
  crypto isakmp policy 20
  authentication pre-share
  encryption des
  hash sha
  group 5
  lifetime 28800
  crypto isakmp policy 30
  authentication pre-share
  encryption 3des
  hash sha
  group 5
  lifetime 86400
  crypto isakmp policy 65535
  authentication pre-share
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  telnet timeout 5
  ssh bit-Studio 255.255.255.224 outside
  ssh 0.0.0.0 0.0.0.0 outside
  ssh TREV 255.255.255.0 inside
  ssh timeout 60
  console timeout 0
  management-access inside
  dhcpd address 192.168.1.2-192.168.1.254 management
  dhcprelay server 192.168.100.10 inside
  dhcprelay enable wlan
  dhcprelay setroute wlan
  dhcprelay timeout 90
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  webvpn
  group-policy DefaultRAGroup internal
  group-policy DefaultRAGroup attributes
  wins-server value 192.168.100.10
  dns-server value 192.168.100.10
  vpn-tunnel-protocol IPSec l2tp-ipsec
  split-tunnel-policy tunnelspecified
  split-tunnel-network-list value DefaultRAGroup_splitTunnelAcl
  default-domain value domain.lan
  intercept-dhcp enable
  group-policy IPsecVPN internal
  group-policy IPsecVPN attributes
  wins-server value 192.168.100.10
  dns-server value 192.168.100.10
  vpn-tunnel-protocol IPSec
  split-tunnel-policy tunnelspecified
  split-tunnel-network-list value DefaultRAGroup_splitTunnelAcl
  default-domain value domain.lan
  username admin password XXXXXXXXXX encrypted privilege 15
  username vpntest password XXXXXXXXX nt-encrypted
  tunnel-group DefaultRAGroup general-attributes
  address-pool VPN-Pool
  authentication-server-group RADIUS
  default-group-policy DefaultRAGroup
  tunnel-group DefaultRAGroup ipsec-attributes
  pre-shared-key *****
  tunnel-group DefaultRAGroup ppp-attributes
  no authentication chap
  authentication ms-chap-v2
  tunnel-group XXXXXXXXX type ipsec-l2l
  tunnel-group XXXXXXXXXXXX ipsec-attributes
  pre-shared-key *****
  tunnel-group IPsecVPN type remote-access
  tunnel-group IPsecVPN general-attributes
  address-pool VPN-Pool
  authentication-server-group RADIUS
  default-group-policy IPsecVPN
  tunnel-group IPsecVPN ipsec-attributes
  pre-shared-key *****
  class-map inspection_default
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum client auto
    message-length maximum 512
  policy-map global_policy
  class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect sqlnet
    inspect skinny
    inspect sunrpc
    inspect xdmcp
    inspect sip
    inspect netbios
    inspect tftp
    inspect ip-options
  service-policy global_policy global
  prompt hostname context
  no call-home reporting anonymous
  Cryptochecksum:f2041a5902e945a130fe25fbb8e5d368
  : end

  Hi,
  First I would go through all the NAT0/NAT Exempt rules you have for VPNs. They seem to contain useless lines where either destination or source network isnt correct.
  Lets look at the NAT0 ACL you have line by line
  access-list Trev-nat0 extended permit ip TREV 255.255.255.0 object-group VPN_Networks
  The above access-list has the correct source network configured Yet it has its destination addresses configured with an "object-group" which contains your LAN network
  You should probably remove the LAN network from the object-group VPN_Networks
  access-list Trev-nat0 extended permit ip object-group VPN_Networks TREV 255.255.255.0
  To my understanding the above ACL line doesnt serve any purpose as the networks configured under VPN_Networks arent located behind your "inside" interface (Other than the one I'm asking to remove from the object-group)
  access-list Trev-nat0 extended permit ip TREV 255.255.255.0 object-group DM_INLINE_NETWORK_1
  The above ACL overlap with the very first ACL lines configurations and needlesly makes the configuration harder to read. It also contains the Wireless network which it shouldnt
  I would suggest simplifying your NAT0 configurations for example in the following way (change the names if you want if youre going to try it out)
  object-group network TREV-LAN
    description Local networks
    network-object 192.168.100.0 255.255.255.0
  object-group network VPN-NETWORKS
  description Remote networks
  network-object 192.168.200.0 255.255.255.0
  network-object 192.168.201.0 255.255.255.0
  network-object 192.168.1.0 255.255.255.0
  network-object 192.168.11.0 255.255.255.0
  network-object 192.168.101.0 255.255.255.0
  access-list TREV-LAN-NAT0 remark NAT0 / NAT Exempt for VPN Connections
  access-list TREV-LAN-NAT0 permit ip object-group TREV-LAN object-group VPN-NETWORKS
  With the above configurations
  You have all NAT0 with a single line of access-list configuration (not counting the remark line as it doesnt affect anything)
  If there is changes in the VPN pools, VPN remote networks or LAN networks you can simply change them under the configured object-groups instead of touching the actual ACL. There might be situations where you should change the ACL from the above if there is some bigger changes to network
  So as I said, I would start with changing the above NAT configurations and then test the VPN again. If it doesnt work we will have to check some other things out.
  - Jouni

• ASA 5510 'bounces' UDP packets. Why?

  Hi. I hope to find someone who can shed a light on something that is bugging me for days now. We have an ASA (5510, running 7.2(2)) to connect our subnets to the backbone of the ISP. I received complaints about one specific connection, which I'll "draw" here:
  [ remote host 192.87.x.y (A) ] -- {"Internet"} -- [ Telecity Router ] -- [ Our ASA ] -- [ switch ] -- [ fibre ] -- [ switch ] -- [ our host 82.199.c.d (B) ]
  What happens is the following: I can successfully ping from A to B and back. I can also traceroute (UDP) from A to B and back. But a specific UDP packet sent by A (port 9001) to B (port 5432) is causing a problem. "Our ASA" does not route the packet to the correct interface, but sends it back to the Telecity router instead. Which in turn sends it back to "Our ASA" (since it is destined for our subnet). This goes back and forth for 60 times and then the TTL is expired.
  I have no idear what is happening here. The access-lists are correctly configured (as far as I know), but even if they weren't I would expect the packets to get dropped rather than put back on the sending interface. This packet is bounced (on ethernetlevel, the IP part remains the same apart from the TTL) to the sending router.
  Any pointers as to where to look for what is causing this and how to investigate this further are highly appreciated.
  Frank

  Hi Frederico. Of course I tried the packet tracer as one of the first tools :-). It showed a complete path (I used ASDM). Now I retried it (via the CLI) and something strange happens. This is a packet trace A to B with udp from port 9001 to 5431 (not 5432):
  Phase: 1
  Type: FLOW-LOOKUP / ALLOW / Found no matching flow, creating a new flow
  Phase: 2
  Type: ROUTE-LOOKUP / ALLOW / in   my_DMZ    255.255.255.240 my_DMZ
  Phase: 3
  Type: ACCESS-LIST / ALLOW / access-group my_backbone_access_in in interface my_backbone
                                                  access-list my_backbone_access_in extended permit ip any my_DMZ 255.255.255.240
  Phase: 4
  Type: IP-OPTIONS / ALLOW
  Phase: 5
  Type: ACCESS-LIST / ALLOW / access-group my_DMZ_access_out out interface my_DMZ
                                                  access-list my_DMZ_access_out extended permit ip any object-group host_group
                                                  object-group network host_group
                                                  network-object host myHost
  Phase: 6
  Type: IP-OPTIONS / ALLOW
  Phase: 7
  Type: FLOW-CREATION / ALLOW / New flow created with id 7342770, packet dispatched to next module
  Phase: 8
  Type: ROUTE-LOOKUP / ALLOW / found next-hop myHost using egress ifc my_DMZ
                                                      adjacency Active
                                                      next-hop mac address 00bb.ccdd.eeff hits 1
  Result:
  input-interface:   my_backbone / input-status: up / input-line-status: up
  output-interface: my_DMZ / output-status: up / output-line-status: up
  Action: allow
  As you can see it is a complete path. But this is what happens if I try it for A/9001 to B/5432:
  Phase: 1
  Type: FLOW-LOOKUP / ALLOW / Found flow with id 12, using existing flow
  Module information for forward flow: snp_fp_inspect_ip_options, snp_fp_adjacency, snp_fp_fragment, snp_ifc_stat
  Module information for reverse flow: snp_fp_inspect_ip_options, snp_fp_adjacency, snp_fp_fragment, snp_ifc_stat
  Result:
  input-interface: my_backbone / input-status: up / input-line-status: up / Action: allow
  Apparently the packet is send into an existing flow (is there a command to see what this flow is?) and that is where it ends. Now I need to find out why this is happening... This firewall has been reloaded a few times, but that did not solve the problem. Any pointers are highly appreciated as was this hint.
  Frank

• Packet Loss between ASA and 871

  We are running a Cisco ASA 5505 and remote clients are 871's. We currently use a EasyVPN configuration between the single ASA and our 13 871's.
  Today (1) out of the (13) tunnels is experiencing packet loss. I have power cycles the broadband router on the 871 end and the 871 and the situation still exists.
  Does anyone know what would cause this and how to troubleshoot it?
  Thanks,
  Jason

  Have you contact broadband provider on the 871 side to rule out any issues on the link? what broadband ADSLAM pppoa? start first rulling out physical issues WAN interface, LAN interface stats and work your way up, is this is something that suddenly developped? from what you post indicates it seems this tunnel have been fine, it could be broadband link issues but fist investigate with provider to go the next step.
  what do you see in 871 router logs in terms of links, turn on logging informational before staring debugg proceedures.
  HTH
  Jorge

• How to configure ASA 5510 V9.1(5) to send Netflow packets to Netflow Analyser 8.0

  Hi guys,
  I've configured my ASA 5510 Version 9.1(5) to send flow to Netflow Analyser. I think I've done it correctly but what happened is that I can see the ASA in netflow and netflow packets are receiving and increasing every time I refresh the page but there are no traffic as you can see in the attachment file. Also how can I figure out which ifindex is which interface to rename it? 
  BTW, my netflow version is 8.0 and below is the netflow config:
  access-list NETFLOWMONITOREDTRAFFIC extended permit ip any any
  flow-export destination INSIDE A.B.C.D 9996
  flow-export template timeout-rate 1
  flow-export delay flow-create 60
  flow-export active refresh-interval 2
  class-map NETFLOW
   match access-list NETFLOWMONITOREDTRAFFIC
  policy-map global_policy
   class inspection_default
    inspect dns preset_dns_map 
    inspect ftp 
    inspect h323 h225 
    inspect h323 ras 
    inspect ip-options 
    inspect netbios 
    inspect rsh 
    inspect rtsp 
    inspect skinny  
    inspect sqlnet 
    inspect sunrpc 
    inspect tftp 
    inspect sip  
    inspect xdmcp 
    inspect icmp 
    inspect icmp error 
   class NETFLOW
    flow-export event-type all destination A.B.C.D
   class class-default
    flow-export event-type all destination A.B.C.D
  Hope someone can help me here.
  Cheers,
  Joe

  I did find a workaround by keeping a connection open for communication between the client and server. However, I wish I did not have to do this. Ideally, I would like to be able to establish connections to the server only when needed and have the client JRE remember what certificate the user selected.
  Browsers have this feature based on a user session. (i.e. once a user offers up a certificate to a server, the browser will not ask the user which certificate to send for the duration of the session to a given server).

• How to Enable IP Accounting or capture packets in Cisco ASA 5510 (8.2)

  Hi All,
  How to Enable IP Accounting or capture packets in Cisco ASA 5510 (8.2)
  Thanks
  Roopesh

  Hi Roopesh,
  Please go through this document for detailed documentation on captures:
  https://supportforums.cisco.com/docs/DOC-17814
  Hope that helps.
  Thanks,
  Varun Rao
  Security Team,
  Cisco TAC

• Different filesize after transmission with packet loss

  HI!
  I'm simulating packet loss on audio streams which are transferred over a network by using the JMF.
  I'm doing the following:
  read audio-WAVE file --> transcode into DVI for instance and sending --> generating packet loss --> transmitting over RTP to remote device --> receiving and saving in WAVE-file (linear format)
  Now I'm wondering, why the size of the WAVE file on the receiver side is lesser than the size of the file of the sender side (about the amount of created packet loss in percent ). I think they have to be the same. If I play the received files in an audioplayer, the duration is logically the same, too. For each lost packet, JMF has to put a "silence" sample within the audio stream data. So this results in the same amount of samples and WAVE-file size.
  Can someony explain me, why do the files have a different size ?
  stefan

  HI!
  I'm simulating packet loss on audio streams which are transferred over a network by using the JMF.
  I'm doing the following:
  read audio-WAVE file --> transcode into DVI for instance and sending --> generating packet loss --> transmitting over RTP to remote device --> receiving and saving in WAVE-file (linear format)
  Now I'm wondering, why the size of the WAVE file on the receiver side is lesser than the size of the file of the sender side (about the amount of created packet loss in percent ). I think they have to be the same. If I play the received files in an audioplayer, the duration is logically the same, too. For each lost packet, JMF has to put a "silence" sample within the audio stream data. So this results in the same amount of samples and WAVE-file size.
  Can someony explain me, why do the files have a different size ?
  stefan

• ASA 5510 ACL Return Packet

  Hi,
  I've got a Problem with the ACL's on a ASA 5510 Cluster:
  the connected Client cannot resolve DNS; the Log says:
  %ASA-session-5-106100: access-list ACL-INSIDE denied udp inside/172.27.xxx.1(53) -> outside/192.168.xxx.8(59893) hit-cnt 1 first hit [0x932a8f72, 0x0]
  (this must be the Return-Paket of the DNS-Query)
  where 172.27.xxx.1 is the DNS-Server in the Inside-Network, and 192.168.xxx.8 is the virtual address.
  I've got an Access-List which permits the virtual address "ip" to the DNS-Server.
  The same Configuration on the Test-Machine (no Cluster) works!
  (It's a active/standby single Context failover Config)
  Could the Problem be caused by the Cluster?
  Thank you
  Karl

  rou-ara27-rz-12/act/pri# sh run access-group
  access-group ACL-INSIDE in interface inside
  access-group inside_access_out out interface inside
  access-group ACL-OUTSIDE in interface outside
  rou-ara27-rz-12/act/pri# show access-
  rou-ara27-rz-12/act/pri# show access-list ACL-INSIDE
  access-list ACL-INSIDE; 11 elements; name hash: 0xfb5f17a8
  access-list ACL-INSIDE line 1 extended permit icmp any any object-group ICMP-HARMLOS (hitcnt=0) 0x1a753992
    access-list ACL-INSIDE line 1 extended permit icmp any any echo (hitcnt=0) 0xc4ed471c
    access-list ACL-INSIDE line 1 extended permit icmp any any echo-reply (hitcnt=0) 0xd14f0043
    access-list ACL-INSIDE line 1 extended permit icmp any any unreachable (hitcnt=0) 0x92b03f68
    access-list ACL-INSIDE line 1 extended permit icmp any any time-exceeded (hitcnt=0) 0xaa821c16
  access-list ACL-INSIDE line 2 extended permit ip object VPN-NET object-group DM_INLINE_NETWORK_3 log debugging interval 300 0x658c9759
    access-list ACL-INSIDE line 2 extended permit ip 192.168.xxx.0 255.255.255.0 172.27.0.0 255.255.0.0 log debugging interval 300 (hitcnt=0) 0xc31eaf76
    access-list ACL-INSIDE line 2 extended permit ip 192.168.xxx.0 255.255.255.0 $DMZ1$ 255.255.255.0 log debugging interval 300 (hitcnt=0) 0x34d68ea6
    access-list ACL-INSIDE line 2 extended permit ip 192.168.xxx.0 255.255.255.0 $DMZ2$ 255.255.255.0 log debugging interval 300 (hitcnt=0) 0x7df14a53
    access-list ACL-INSIDE line 2 extended permit ip 192.168.xxx.0 255.255.255.0 $DMZ3$ 255.255.255.0 log debugging interval 300 (hitcnt=0) 0x1aa12e0c
  access-list ACL-INSIDE line 3 extended permit esp object VPN-NET object DMZ_III log debugging interval 300 (hitcnt=0) 0x2d7346ad
    access-list ACL-INSIDE line 3 extended permit esp 192.168.xxx.0 255.255.255.0 $DMZ3$ 255.255.255.0 log debugging interval 300 (hitcnt=0) 0x2d7346ad
  access-list ACL-INSIDE line 4 extended deny icmp any any log informational interval 300 (hitcnt=0) 0x2bcd80f1
  access-list ACL-INSIDE line 5 remark CleanUp Rule with raised log level
  access-list ACL-INSIDE line 6 extended deny ip any any log notifications interval 300 (hitcnt=0) 0x932a8f72
  rou-ara27-rz-12/act/pri#

• Loss of signal after reboot

  I am losing my iPhone's signal everytime it is rebooted, for example when it runs out of battery. Then, after boot up and after entering my PIN code, it keeps saying "no signal" and the only solution is to do a reset by pressing home+power buttons at same time.
  Can this problem be solved?
  P.S.: I've recently travelled to another country and used roaming.
           I've already done a reset to my network settings.
  Thank you all!

  Yes, alternate universe appears to be the most logical explanation. After months of no signal at all on the iMac, but great signal on the four other wireless connections, suddenly with no other changes or adjustments, simply doing a QuickTime update, causes the signal to re-appear during the update, to remain during multple reboots - even after rebooting in OS 9.2.2, and then rebooting again in OSX.4.6 the signal is still great - and even after five days the signal is still great - no signal fluctuating over the past five days (that had been a common phenomena before) - no signal drop offs during the past 5 days (that also had been a common phenomena). What? was it one of those wild coincidences, that at the precise moment that I was doing the QuickTime update, that actually an hideous, undetected RF Interference source chose that exact instant to stop interferring and to remain non-interferring until this present moment (doubtful) - or was it somehow related to software or to the update process? (I realize that this is not an attractive hypothesis, but is it remotely possible? - Of course, if it is in someway, that Apple wouldn't come out and say as much - not prudent -, but would attempt to correct it in a subsequent update)
  ---- So Gino, re-enter the real universe, don't speak these things, but be quiet and simply be satisfied that you have a good signal again - you'd be better off not even remembering that these other things even happened.

• ASA 5510 FireWall Problem

  Hi All
  After some advise and direction
  Our ASA firewall using ASA version 8.4 has recently started presenting us with a problem to one external website
  called http://partners.highnet.com/login/  ip address 62.233.82.181.
  Our firewall is letting everything on our inside Trusted site 192.168.254.0/24 out through our outside interface on x.x.x.x
  to any website and brings back the details
  However when we try to reach http://partners.highnet.com/login/ we recently started receiving (Internet Explorer cannot display the webpage)
  on checking the ASA under Home TAB       -       Firewall Dashboard    -    and then under     -      Top 10 protected Servers under SYN attack we are receiving the below error.
  Rank        Server IP-Port           Interface     Average          Current                    Total                           Source IP (Last Attack Time)
  5
             62.233.82.181:80
        INSIDE
              0
                   0
                          8
                            192.168.254.130 (1 mins ago)
  I have tried rebooting the ASA firewall (Still did not resolve).
  I have also  disabled basic threat detection and threat detection statistics and then re-enabled after a period of time under > configuration > Firewall > threat detection  (Still did not resolve).
  Have created a number of access list both from the inside to outside and outside to inside allowing TCP just to the specific IP address 62.233.82.181 (Still did not resolve).
  Tried editing Global Policy for Http configuration > connection settings TCP and UDP connections and also Embryonic connections (Still did not resolve).
  Also tried using the shun command on the ASA to clear connection and statistics and (Still did not resolve).
  So you see there is nothing else I can think of doing, so that is why I have asked you for some pointers maybe someone has come across this sort of issue before.
  If you can help or advise it is much appreciated.

  Hi,
  Are you sending logs from your ASA to any Syslog server from which you could pull all the connection logs for that destination IP address?
  On the ASA you can naturally use "packet-tracer" also to simulate one such packet coming from your LAN towards this WAN IP address (of the server) and confirm that all rules are correct.
  packet-tracer input INSIDE tcp 192.168.254.130 12345 62.233.82.181 80
  You could maybe also try to generate TCP SYNs directly from the ASA
  ping tcp 62.233.82.181 80
  And see if the server replies
  - Jouni

• Terrible Packet Loss in Game- Please help!

  Computing statistics for 100 seconds...
  Source to Here This Node/Link
  Hop RTT Lost/Sent = Pct Lost/Sent = Pct Address
  0 Sam-PC.home [192.168.1.5]
  0/ 25 = 0% |
  1 2ms 0/ 25 = 0% 0/ 25 = 0% Wireless_Broadband_Router.home [192.168.1.1]
  1/ 25 = 4% |
  2 13ms 1/ 25 = 4% 0/ 25 = 0% L100.WASHDC-VFTTP-126.verizon-gni.net [173.66.228.1]
  0/ 25 = 0% |
  3 11ms 1/ 25 = 4% 0/ 25 = 0% G1-5-0-4.WASHDC-LCR-21.verizon-gni.net [130.81.213.68]
  0/ 25 = 0% |
  4 20ms 1/ 25 = 4% 0/ 25 = 0% so-12-1-0-0.RES-BB-RTR1.verizon-gni.net [130.81.151.230]
  0/ 25 = 0% |
  5 12ms 1/ 25 = 4% 0/ 25 = 0% 0.xe-8-0-0.BR2.IAD8.ALTER.NET [152.63.38.129]
  0/ 25 = 0% |
  6 34ms 1/ 25 = 4% 0/ 25 = 0% ae17.edge1.washingtondc12.level3.net [4.68.62.137]
  0/ 25 = 0% |
  7 33ms 2/ 25 = 8% 1/ 25 = 4% vl-3503-ve-117.ebr1.Washington12.Level3.net [4.69.158.26]
  0/ 25 = 0% |
  8 29ms 3/ 25 = 12% 2/ 25 = 8% ae-6-6.ebr1.Atlanta2.Level3.net [4.69.148.105]
  0/ 25 = 0% |
  9 30ms 2/ 25 = 8% 1/ 25 = 4% ae-63-63.ebr3.Atlanta2.Level3.net [4.69.148.241]
  0/ 25 = 0% |
  10 50ms 1/ 25 = 4% 0/ 25 = 0% ae-7-7.ebr3.Dallas1.Level3.net [4.69.134.21]
  1/ 25 = 4% |
  11 56ms 2/ 25 = 8% 0/ 25 = 0% ae-63-63.csw1.Dallas1.Level3.net [4.69.151.133]
  0/ 25 = 0% |
  12 54ms 2/ 25 = 8% 0/ 25 = 0% ae-1-60.edge2.Dallas1.Level3.net [4.69.145.11]
  0/ 25 = 0% |
  13 54ms 2/ 25 = 8% 0/ 25 = 0% 4.59.197.34
  1/ 25 = 4% |
  14 50ms 3/ 25 = 12% 0/ 25 = 0% 64.25.32.9
  0/ 25 = 0% |
  15 --- 25/ 25 =100% 22/ 25 = 88% 64.25.32.26
  0/ 25 = 0% |
  16 48ms 3/ 25 = 12% 0/ 25 = 0% 64.25.39.1
  These are the results of a test I ran, but I don't know how to solve the problem. The game is unplayable because of the amount of packet loss. I know it is an issue of connection between the game and my router, so should I get a new router if mine is old?

  The router I would imagine to be okay for the first bit, but for the sake of things, reboot the router and also try giving your ONT a reboot by unplugging it from AC power and then disconnecting the battery. Re-connect it after 30 seconds by connecting the battery and then plugging it back into AC power.
  Also, see if the packet loss takes place during specific times of the day. If your router has a WAN connection over Coax (rather than an Ethernet connection) to your ONT, also consider checking your MoCa speeds based on this FAQ. Poor MoCa speeds can suggest shoddy coaxial causing some issues, too: https://secure.dslreports.com/faq/verizonfios/3.2_MOCA#16569
  ========
  The first to bring me 1Gbps Fiber for $30/m wins!

• ASA 5510 with Cisco 2811 Router Behind it - Not forwarding traffic

  Hi all,
  Some might know that I have been dealing with an issue where I cannot seem to get forwarded packets to reach their destinations behind an ASA 5510 that has a Cisco 2811 connected directly behind it.
  Some examples that work.
  I can SSH into the ASA.
  I can SSH to the Cisco Routers behind the ASA.
  I cannot reach items beind the Cisco Routers.
  My Configuration is this (I am sure I included a bunch of info I didn't need to, but I am hoping it'll help!):
  I have a static Ip assigned to my Ouside Interface Ethernet 0/1
  It has an IP address of 199.195.xxx.xxx
  I am trying to learn how to shape network traffic (this is all new to me) via the ASA and the Routers to specific devices.
  The Inside Interface on the ASA is 10.10.1.1 255.255.255.252
  The Outside Interface on the 2811 is 10.10.1.2 255.255.255.252
  I can ping the router from the ASA. I can SSH through the ASA to the router.
  BUT I CANNOT ACCESS DEVICES BEHIND THE ROUTER.
  So, I wanted to BAM that statement above because I just don't kjnow where the issue is. Is the issue on the router or the ASA, my guess is, the router, but I just don't know.
  Here are my configs, helpfully someone can help.
  ASA errors on the ASDM when I try and hit resources; specifically a web device behind the ASA and the 2811. It's Ip address 192.168.1.5 it's listening on port 80.Static IP, not assigned via DHCP.
  6
  Feb 14 2014
  19:38:56
  98.22.121.x
  41164
  192.168.1.5
  80
  Built inbound TCP connection 1922859 for Outside:98.22.121.x/41164 (98.22.121.x/41164) to Inside:192.168.1.5/80 (199.195.168.x/8080)
  6
  Feb 14 2014
  19:38:56
  10.10.1.2
  80
  98.22.121.x
  41164
  Deny TCP (no connection) from 10.10.1.2/80 to 98.22.121.x/41164 flags SYN ACK  on interface Inside
  ASA5510# sh nat
  Auto NAT Policies (Section 2)
  1 (DMZ) to (Outside) source static ROUTER-2821 interface   service tcp ssh 2222
      translate_hits = 1, untranslate_hits = 18
  2 (Inside) to (Outside) source static ROUTER-2811 interface   service tcp ssh 222
      translate_hits = 0, untranslate_hits = 13
  3 (VOIP) to (Outside) source static ROUTER-3745 interface   service tcp ssh 2223
      translate_hits = 0, untranslate_hits = 3
  4 (Inside) to (Outside) source static RDP-DC1 interface   service tcp 3389 3389
      translate_hits = 0, untranslate_hits = 236
  5 (Inside) to (Outside) source static WEBCAM-01 interface   service tcp www 8080
      translate_hits = 0, untranslate_hits = 162
  Manual NAT Policies (Section 3)
  1 (any) to (Outside) source dynamic PAT-SOURCE interface
      translate_hits = 1056862, untranslate_hits = 83506
  ASA5510# show access-list
  access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 4096)
              alert-interval 300
  access-list USERS; 1 elements; name hash: 0x50681c1e
  access-list USERS line 1 standard permit 10.10.1.0 255.255.255.0 (hitcnt=0) 0xdd6ba495
  access-list Outside_access_in; 5 elements; name hash: 0xe796c137
  access-list Outside_access_in line 1 extended permit tcp host 98.22.121.x object ROUTER-2811 eq ssh (hitcnt=37) 0x5a53778d
    access-list Outside_access_in line 1 extended permit tcp host 98.22.121.x host 10.10.1.2 eq ssh (hitcnt=37) 0x5a53778d
  access-list Outside_access_in line 2 extended permit tcp host 98.22.121.x object ROUTER-2821 eq ssh (hitcnt=8) 0x9f32bc21
    access-list Outside_access_in line 2 extended permit tcp host 98.22.121.x host 10.10.0.2 eq ssh (hitcnt=8) 0x9f32bc21
  access-list Outside_access_in line 3 extended permit tcp host 98.22.121.x interface Outside eq https (hitcnt=0) 0x385488b2
  access-list Outside_access_in line 4 extended permit tcp host 98.22.121.x object WEBCAM-01 eq www (hitcnt=60) 0xe66674ec
    access-list Outside_access_in line 4 extended permit tcp host 98.22.121.x host 192.168.1.5 eq www (hitcnt=60) 0xe66674ec
  access-list Outside_access_in line 5 extended permit tcp host 98.22.121.x object RDP-DC1 eq 3389 (hitcnt=3) 0x02f13f4e
    access-list Outside_access_in line 5 extended permit tcp host 98.22.121.x host 192.168.1.2 eq 3389 (hitcnt=3) 0x02f13f4e
  access-list dmz-access-vlan1; 1 elements; name hash: 0xc3450860
  access-list dmz-access-vlan1 line 1 extended permit ip 128.162.1.0 255.255.255.0 any (hitcnt=0) 0x429fedf1
  access-list dmz-access; 3 elements; name hash: 0xf53f5801
  access-list dmz-access line 1 remark Permit all traffic to DC1
  access-list dmz-access line 2 extended permit ip 128.162.1.0 255.255.255.0 host 192.168.1.2 (hitcnt=0) 0xd2dced0a
  access-list dmz-access line 3 remark Permit only DNS traffic to DNS server
  access-list dmz-access line 4 extended permit udp 128.162.1.0 255.255.255.0 host 192.168.1.2 eq domain (hitcnt=0) 0xbb21093e
  access-list dmz-access line 5 remark Permit ICMP to all devices in DC
  access-list dmz-access line 6 extended permit icmp 128.162.1.0 255.255.255.0 192.168.1.0 255.255.255.0 (hitcnt=0) 0x71269ef7
  CISCO-2811#show access-lists
  Standard IP access list 1
      10 permit any (1581021 matches)
  CISCO-2811#show translate
  CISCO-2811#show route
  CISCO-2811#show route-map
  CISCO-2811#show host
  CISCO-2811#show hosts
  Default domain is maladomini.int
  Name/address lookup uses domain service
  Name servers are 192.168.1.2, 199.195.168.4, 205.171.2.65, 205.171.3.65, 8.8.8.8
  Codes: UN - unknown, EX - expired, OK - OK, ?? - revalidate
         temp - temporary, perm - permanent
         NA - Not Applicable None - Not defined
  Host                      Port  Flags      Age Type   Address(es)
  api.mixpanel.com          None  (temp, OK)  2   IP    198.23.64.21
                                                        198.23.64.22
                                                        198.23.64.18
                                                        198.23.64.19
                                                        198.23.64.20
  ASA5510:
  ASA5510# sh run all
  : Saved
  ASA Version 9.1(4)
  command-alias exec h help
  command-alias exec lo logout
  command-alias exec p ping
  command-alias exec s show
  terminal width 80
  hostname ASA5510
  domain-name maladomini.int
  enable password x encrypted
  no fips enable
  xlate per-session deny tcp any4 any4
  xlate per-session deny tcp any4 any6
  xlate per-session deny tcp any6 any4
  xlate per-session deny tcp any6 any6
  xlate per-session deny udp any4 any4 eq domain
  xlate per-session deny udp any4 any6 eq domain
  xlate per-session deny udp any6 any4 eq domain
  xlate per-session deny udp any6 any6 eq domain
  xlate per-session permit tcp any4 any4
  xlate per-session permit tcp any4 any6
  xlate per-session permit tcp any6 any4
  xlate per-session permit tcp any6 any6
  xlate per-session permit udp any4 any4 eq domain
  xlate per-session permit udp any4 any6 eq domain
  xlate per-session permit udp any6 any4 eq domain
  xlate per-session permit udp any6 any6 eq domain
  passwd x encrypted
  names
  dns-guard
  lacp system-priority 32768
  interface Ethernet0/0
  description LAN Interface
  speed auto
  duplex auto
  no  flowcontrol send on
  nameif Inside
  security-level 100
  ip address 10.10.1.1 255.255.255.252
  delay 10
  interface Ethernet0/1
  description WAN Interface
  speed auto
  duplex auto
  no  flowcontrol send on
  nameif Outside
  security-level 0
  ip address 199.195.168.xxx 255.255.255.240
  delay 10
  interface Ethernet0/2
  description DMZ
  speed auto
  duplex auto
  no  flowcontrol send on
  nameif DMZ
  security-level 100
  ip address 10.10.0.1 255.255.255.252
  delay 10
  interface Ethernet0/3
  description VOIP
  speed auto
  duplex auto
  no  flowcontrol send on
  nameif VOIP
  security-level 100
  ip address 10.10.2.1 255.255.255.252
  delay 10
  interface Management0/0
  speed auto
  duplex auto
  management-only
  shutdown
  nameif management
  security-level 0
  no ip address
  delay 10
  regex _default_gator "Gator"
  regex _default_firethru-tunnel_2 "[/\\]cgi[-]bin[/\\]proxy"
  regex _default_shoutcast-tunneling-protocol "1"
  regex _default_http-tunnel "[/\\]HT_PortLog.aspx"
  regex _default_x-kazaa-network "[\r\n\t ]+[xX]-[kK][aA][zZ][aA][aA]-[nN][eE][tT][wW][oO][rR][kK]"
  regex _default_msn-messenger "[Aa][Pp][Pp][Ll][Ii][Cc][Aa][Tt][Ii][Oo][Nn][/\\][Xx][-][Mm][Ss][Nn][-][Mm][Ee][Ss][Ss][Ee][Nn][Gg][Ee][Rr]"
  regex _default_GoToMyPC-tunnel_2 "[/\\]erc[/\\]Poll"
  regex _default_gnu-http-tunnel_uri "[/\\]index[.]html"
  regex _default_aim-messenger "[Hh][Tt][Tt][Pp][.][Pp][Rr][Oo][Xx][Yy][.][Ii][Cc][Qq][.][Cc][Oo][Mm]"
  regex _default_gnu-http-tunnel_arg "crap"
  regex _default_icy-metadata "[\r\n\t ]+[iI][cC][yY]-[mM][eE][tT][aA][dD][aA][tT][aA]"
  regex _default_GoToMyPC-tunnel "machinekey"
  regex _default_windows-media-player-tunnel "NSPlayer"
  regex _default_yahoo-messenger "YMSG"
  regex _default_httport-tunnel "photo[.]exectech[-]va[.]com"
  regex _default_firethru-tunnel_1 "firethru[.]com"
  checkheaps check-interval 60
  checkheaps validate-checksum 60
  boot system disk0:/asa914-k8.bin
  ftp mode passive
  clock timezone UTC 0
  dns domain-lookup Outside
  dns server-group DefaultDNS
  name-server 199.195.168.4
  name-server 205.171.2.65
  name-server 205.171.3.65
  domain-name maladomini.int
  same-security-traffic permit inter-interface
  object service ah pre-defined
  service ah
  description This is a pre-defined object
  object service eigrp pre-defined
  service eigrp
  description This is a pre-defined object
  object service esp pre-defined
  service esp
  description This is a pre-defined object
  object service gre pre-defined
  service gre
  description This is a pre-defined object
  object service icmp pre-defined
  service icmp
  description This is a pre-defined object
  object service icmp6 pre-defined
  service icmp6
  description This is a pre-defined object
  object service igmp pre-defined
  service igmp
  description This is a pre-defined object
  object service igrp pre-defined
  service igrp
  description This is a pre-defined object
  object service ip pre-defined
  service ip
  description This is a pre-defined object
  object service ipinip pre-defined
  service ipinip
  description This is a pre-defined object
  object service ipsec pre-defined
  service esp
  description This is a pre-defined object
  object service nos pre-defined
  service nos
  description This is a pre-defined object
  object service ospf pre-defined
  service ospf
  description This is a pre-defined object
  object service pcp pre-defined
  service pcp
  description This is a pre-defined object
  object service pim pre-defined
  service pim
  description This is a pre-defined object
  object service pptp pre-defined
  service gre
  description This is a pre-defined object
  object service snp pre-defined
  service snp
  description This is a pre-defined object
  object service tcp pre-defined
  service tcp
  description This is a pre-defined object
  object service udp pre-defined
  service udp
  description This is a pre-defined object
  object service tcp-aol pre-defined
  service tcp destination eq aol
  description This is a pre-defined object
  object service tcp-bgp pre-defined
  service tcp destination eq bgp
  description This is a pre-defined object
  object service tcp-chargen pre-defined
  service tcp destination eq chargen
  description This is a pre-defined object
  object service tcp-cifs pre-defined
  service tcp destination eq cifs
  description This is a pre-defined object
  object service tcp-citrix-ica pre-defined
  service tcp destination eq citrix-ica
  description This is a pre-defined object
  object service tcp-ctiqbe pre-defined
  service tcp destination eq ctiqbe
  description This is a pre-defined object
  object service tcp-daytime pre-defined
  service tcp destination eq daytime
  description This is a pre-defined object
  object service tcp-discard pre-defined
  service tcp destination eq discard
  description This is a pre-defined object
  object service tcp-domain pre-defined
  service tcp destination eq domain
  description This is a pre-defined object
  object service tcp-echo pre-defined
  service tcp destination eq echo
  description This is a pre-defined object
  object service tcp-exec pre-defined
  service tcp destination eq exec
  description This is a pre-defined object
  object service tcp-finger pre-defined
  service tcp destination eq finger
  description This is a pre-defined object
  object service tcp-ftp pre-defined
  service tcp destination eq ftp
  description This is a pre-defined object
  object service tcp-ftp-data pre-defined
  service tcp destination eq ftp-data
  description This is a pre-defined object
  object service tcp-gopher pre-defined
  service tcp destination eq gopher
  description This is a pre-defined object
  object service tcp-ident pre-defined
  service tcp destination eq ident
  description This is a pre-defined object
  object service tcp-imap4 pre-defined
  service tcp destination eq imap4
  description This is a pre-defined object
  object service tcp-irc pre-defined
  service tcp destination eq irc
  description This is a pre-defined object
  object service tcp-hostname pre-defined
  service tcp destination eq hostname
  description This is a pre-defined object
  object service tcp-kerberos pre-defined
  service tcp destination eq kerberos
  description This is a pre-defined object
  object service tcp-klogin pre-defined
  service tcp destination eq klogin
  description This is a pre-defined object
  object service tcp-kshell pre-defined
  service tcp destination eq kshell
  description This is a pre-defined object
  object service tcp-ldap pre-defined
  service tcp destination eq ldap
  description This is a pre-defined object
  object service tcp-ldaps pre-defined
  service tcp destination eq ldaps
  description This is a pre-defined object
  object service tcp-login pre-defined
  service tcp destination eq login
  description This is a pre-defined object
  object service tcp-lotusnotes pre-defined
  service tcp destination eq lotusnotes
  description This is a pre-defined object
  object service tcp-nfs pre-defined
  service tcp destination eq nfs
  description This is a pre-defined object
  object service tcp-netbios-ssn pre-defined
  service tcp destination eq netbios-ssn
  description This is a pre-defined object
  object service tcp-whois pre-defined
  service tcp destination eq whois
  description This is a pre-defined object
  object service tcp-nntp pre-defined
  service tcp destination eq nntp
  description This is a pre-defined object
  object service tcp-pcanywhere-data pre-defined
  service tcp destination eq pcanywhere-data
  description This is a pre-defined object
  object service tcp-pim-auto-rp pre-defined
  service tcp destination eq pim-auto-rp
  description This is a pre-defined object
  object service tcp-pop2 pre-defined
  service tcp destination eq pop2
  description This is a pre-defined object
  object service tcp-pop3 pre-defined
  service tcp destination eq pop3
  description This is a pre-defined object
  object service tcp-pptp pre-defined
  service tcp destination eq pptp
  description This is a pre-defined object
  object service tcp-lpd pre-defined
  service tcp destination eq lpd
  description This is a pre-defined object
  object service tcp-rsh pre-defined
  service tcp destination eq rsh
  description This is a pre-defined object
  object service tcp-rtsp pre-defined
  service tcp destination eq rtsp
  description This is a pre-defined object
  object service tcp-sip pre-defined
  service tcp destination eq sip
  description This is a pre-defined object
  object service tcp-smtp pre-defined
  service tcp destination eq smtp
  description This is a pre-defined object
  object service tcp-ssh pre-defined
  service tcp destination eq ssh
  description This is a pre-defined object
  object service tcp-sunrpc pre-defined
  service tcp destination eq sunrpc
  description This is a pre-defined object
  object service tcp-tacacs pre-defined
  service tcp destination eq tacacs
  description This is a pre-defined object
  object service tcp-talk pre-defined
  service tcp destination eq talk
  description This is a pre-defined object
  object service tcp-telnet pre-defined
  service tcp destination eq telnet
  description This is a pre-defined object
  object service tcp-uucp pre-defined
  service tcp destination eq uucp
  description This is a pre-defined object
  object service tcp-www pre-defined
  service tcp destination eq www
  description This is a pre-defined object
  object service tcp-http pre-defined
  service tcp destination eq www
  description This is a pre-defined object
  object service tcp-https pre-defined
  service tcp destination eq https
  description This is a pre-defined object
  object service tcp-cmd pre-defined
  service tcp destination eq rsh
  description This is a pre-defined object
  object service tcp-sqlnet pre-defined
  service tcp destination eq sqlnet
  description This is a pre-defined object
  object service tcp-h323 pre-defined
  service tcp destination eq h323
  description This is a pre-defined object
  object service tcp-udp-cifs pre-defined
  service tcp-udp destination eq cifs
  description This is a pre-defined object
  object service tcp-udp-discard pre-defined
  service tcp-udp destination eq discard
  description This is a pre-defined object
  object service tcp-udp-domain pre-defined
  service tcp-udp destination eq domain
  description This is a pre-defined object
  object service tcp-udp-echo pre-defined
  service tcp-udp destination eq echo
  description This is a pre-defined object
  object service tcp-udp-kerberos pre-defined
  service tcp-udp destination eq kerberos
  description This is a pre-defined object
  object service tcp-udp-nfs pre-defined
  service tcp-udp destination eq nfs
  description This is a pre-defined object
  object service tcp-udp-pim-auto-rp pre-defined
  service tcp-udp destination eq pim-auto-rp
  description This is a pre-defined object
  object service tcp-udp-sip pre-defined
  service tcp-udp destination eq sip
  description This is a pre-defined object
  object service tcp-udp-sunrpc pre-defined
  service tcp-udp destination eq sunrpc
  description This is a pre-defined object
  object service tcp-udp-tacacs pre-defined
  service tcp-udp destination eq tacacs
  description This is a pre-defined object
  object service tcp-udp-www pre-defined
  service tcp-udp destination eq www
  description This is a pre-defined object
  object service tcp-udp-http pre-defined
  service tcp-udp destination eq www
  description This is a pre-defined object
  object service tcp-udp-talk pre-defined
  service tcp-udp destination eq talk
  description This is a pre-defined object
  object service udp-biff pre-defined
  service udp destination eq biff
  description This is a pre-defined object
  object service udp-bootpc pre-defined
  service udp destination eq bootpc
  description This is a pre-defined object
  object service udp-bootps pre-defined
  service udp destination eq bootps
  description This is a pre-defined object
  object service udp-cifs pre-defined
  service udp destination eq cifs
  description This is a pre-defined object
  object service udp-discard pre-defined
  service udp destination eq discard
  description This is a pre-defined object
  object service udp-domain pre-defined
  service udp destination eq domain
  description This is a pre-defined object
  object service udp-dnsix pre-defined
  service udp destination eq dnsix
  description This is a pre-defined object
  object service udp-echo pre-defined
  service udp destination eq echo
  description This is a pre-defined object
  object service udp-www pre-defined
  service udp destination eq www
  description This is a pre-defined object
  object service udp-http pre-defined
  service udp destination eq www
  description This is a pre-defined object
  object service udp-nameserver pre-defined
  service udp destination eq nameserver
  description This is a pre-defined object
  object service udp-kerberos pre-defined
  service udp destination eq kerberos
  description This is a pre-defined object
  object service udp-mobile-ip pre-defined
  service udp destination eq mobile-ip
  description This is a pre-defined object
  object service udp-nfs pre-defined
  service udp destination eq nfs
  description This is a pre-defined object
  object service udp-netbios-ns pre-defined
  service udp destination eq netbios-ns
  description This is a pre-defined object
  object service udp-netbios-dgm pre-defined
  service udp destination eq netbios-dgm
  description This is a pre-defined object
  object service udp-ntp pre-defined
  service udp destination eq ntp
  description This is a pre-defined object
  object service udp-pcanywhere-status pre-defined
  service udp destination eq pcanywhere-status
  description This is a pre-defined object
  object service udp-pim-auto-rp pre-defined
  service udp destination eq pim-auto-rp
  description This is a pre-defined object
  object service udp-radius pre-defined
  service udp destination eq radius
  description This is a pre-defined object
  object service udp-radius-acct pre-defined
  service udp destination eq radius-acct
  description This is a pre-defined object
  object service udp-rip pre-defined
  service udp destination eq rip
  description This is a pre-defined object
  object service udp-secureid-udp pre-defined
  service udp destination eq secureid-udp
  description This is a pre-defined object
  object service udp-sip pre-defined
  service udp destination eq sip
  description This is a pre-defined object
  object service udp-snmp pre-defined
  service udp destination eq snmp
  description This is a pre-defined object
  object service udp-snmptrap pre-defined
  service udp destination eq snmptrap
  description This is a pre-defined object
  object service udp-sunrpc pre-defined
  service udp destination eq sunrpc
  description This is a pre-defined object
  object service udp-syslog pre-defined
  service udp destination eq syslog
  description This is a pre-defined object
  object service udp-tacacs pre-defined
  service udp destination eq tacacs
  description This is a pre-defined object
  object service udp-talk pre-defined
  service udp destination eq talk
  description This is a pre-defined object
  object service udp-tftp pre-defined
  service udp destination eq tftp
  description This is a pre-defined object
  object service udp-time pre-defined
  service udp destination eq time
  description This is a pre-defined object
  object service udp-who pre-defined
  service udp destination eq who
  description This is a pre-defined object
  object service udp-xdmcp pre-defined
  service udp destination eq xdmcp
  description This is a pre-defined object
  object service udp-isakmp pre-defined
  service udp destination eq isakmp
  description This is a pre-defined object
  object service icmp6-unreachable pre-defined
  service icmp6 unreachable
  description This is a pre-defined object
  object service icmp6-packet-too-big pre-defined
  service icmp6 packet-too-big
  description This is a pre-defined object
  object service icmp6-time-exceeded pre-defined
  service icmp6 time-exceeded
  description This is a pre-defined object
  object service icmp6-parameter-problem pre-defined
  service icmp6 parameter-problem
  description This is a pre-defined object
  object service icmp6-echo pre-defined
  service icmp6 echo
  description This is a pre-defined object
  object service icmp6-echo-reply pre-defined
  service icmp6 echo-reply
  description This is a pre-defined object
  object service icmp6-membership-query pre-defined
  service icmp6 membership-query
  description This is a pre-defined object
  object service icmp6-membership-report pre-defined
  service icmp6 membership-report
  description This is a pre-defined object
  object service icmp6-membership-reduction pre-defined
  service icmp6 membership-reduction
  description This is a pre-defined object
  object service icmp6-router-renumbering pre-defined
  service icmp6 router-renumbering
  description This is a pre-defined object
  object service icmp6-router-solicitation pre-defined
  service icmp6 router-solicitation
  description This is a pre-defined object
  object service icmp6-router-advertisement pre-defined
  service icmp6 router-advertisement
  description This is a pre-defined object
  object service icmp6-neighbor-solicitation pre-defined
  service icmp6 neighbor-solicitation
  description This is a pre-defined object
  object service icmp6-neighbor-advertisement pre-defined
  service icmp6 neighbor-advertisement
  description This is a pre-defined object
  object service icmp6-neighbor-redirect pre-defined
  service icmp6 neighbor-redirect
  description This is a pre-defined object
  object service icmp-echo pre-defined
  service icmp echo
  description This is a pre-defined object
  object service icmp-echo-reply pre-defined
  service icmp echo-reply
  description This is a pre-defined object
  object service icmp-unreachable pre-defined
  service icmp unreachable
  description This is a pre-defined object
  object service icmp-source-quench pre-defined
  service icmp source-quench
  description This is a pre-defined object
  object service icmp-redirect pre-defined
  service icmp redirect
  description This is a pre-defined object
  object service icmp-alternate-address pre-defined
  service icmp alternate-address
  description This is a pre-defined object
  object service icmp-router-advertisement pre-defined
  service icmp router-advertisement
  description This is a pre-defined object
  object service icmp-router-solicitation pre-defined
  service icmp router-solicitation
  description This is a pre-defined object
  object service icmp-time-exceeded pre-defined
  service icmp time-exceeded
  description This is a pre-defined object
  object service icmp-parameter-problem pre-defined
  service icmp parameter-problem
  description This is a pre-defined object
  object service icmp-timestamp-request pre-defined
  service icmp timestamp-request
  description This is a pre-defined object
  object service icmp-timestamp-reply pre-defined
  service icmp timestamp-reply
  description This is a pre-defined object
  object service icmp-information-request pre-defined
  service icmp information-request
  description This is a pre-defined object
  object service icmp-information-reply pre-defined
  service icmp information-reply
  description This is a pre-defined object
  object service icmp-mask-request pre-defined
  service icmp mask-request
  description This is a pre-defined object
  object service icmp-mask-reply pre-defined
  service icmp mask-reply
  description This is a pre-defined object
  object service icmp-traceroute pre-defined
  service icmp traceroute
  description This is a pre-defined object
  object service icmp-conversion-error pre-defined
  service icmp conversion-error
  description This is a pre-defined object
  object service icmp-mobile-redirect pre-defined
  service icmp mobile-redirect
  description This is a pre-defined object
  object network ROUTER-2811
  host 10.10.1.2
  object network ROUTER-2821
  host 10.10.0.2
  object network WEBCAM-01
  host 192.168.1.5
  object network DNS-SERVER
  host 192.168.1.2
  object network ROUTER-3745
  host 10.10.2.2
  object network RDP-DC1
  host 192.168.1.2
  object-group network PAT-SOURCE
  network-object 10.10.1.0 255.255.255.252
  network-object 10.10.0.0 255.255.255.252
  network-object 10.10.2.0 255.255.255.252
  network-object 192.168.0.0 255.255.255.0
  network-object 172.16.10.0 255.255.255.0
  network-object 172.16.20.0 255.255.255.0
  network-object 128.162.1.0 255.255.255.0
  network-object 128.162.10.0 255.255.255.0
  network-object 128.162.20.0 255.255.255.0
  object-group network DM_INLINE_NETWORK_2
  network-object host 98.22.121.x
  object-group network Outside_access_in
  object-group protocol DM_INLINE_PROTOCOL_1
  protocol-object gre
  access-list USERS standard permit 10.10.1.0 255.255.255.0
  access-list Outside_access_in extended permit tcp host 98.22.121.x object ROUTER-2811 eq ssh
  access-list Outside_access_in extended permit tcp host 98.22.121.x object ROUTER-2821 eq ssh
  access-list Outside_access_in extended permit tcp host 98.22.121.x interface Outside eq https
  access-list Outside_access_in extended permit tcp host 98.22.121.x object WEBCAM-01 eq www
  access-list Outside_access_in extended permit tcp host 98.22.121.x object RDP-DC1 eq 3389
  access-list dmz-access-vlan1 extended permit ip 128.162.1.0 255.255.255.0 any
  access-list dmz-access remark Permit all traffic to DC1
  access-list dmz-access extended permit ip 128.162.1.0 255.255.255.0 host 192.168.1.2
  access-list dmz-access remark Permit only DNS traffic to DNS server
  access-list dmz-access extended permit udp 128.162.1.0 255.255.255.0 host 192.168.1.2 eq domain
  access-list dmz-access remark Permit ICMP to all devices in DC
  access-list dmz-access extended permit icmp 128.162.1.0 255.255.255.0 192.168.1.0 255.255.255.0
  pager lines 24
  logging enable
  logging buffer-size 4096
  logging asdm-buffer-size 100
  logging asdm informational
  logging flash-minimum-free 3076
  logging flash-maximum-allocation 1024
  logging rate-limit 1 10 message 747001
  logging rate-limit 1 1 message 402116
  logging rate-limit 1 10 message 620002
  logging rate-limit 1 10 message 717015
  logging rate-limit 1 10 message 717018
  logging rate-limit 1 10 message 201013
  logging rate-limit 1 10 message 201012
  logging rate-limit 1 1 message 313009
  logging rate-limit 100 1 message 750003
  logging rate-limit 100 1 message 750002
  logging rate-limit 100 1 message 750004
  logging rate-limit 1 10 message 419003
  logging rate-limit 1 10 message 405002
  logging rate-limit 1 10 message 405003
  logging rate-limit 1 10 message 421007
  logging rate-limit 1 10 message 405001
  logging rate-limit 1 10 message 421001
  logging rate-limit 1 10 message 421002
  logging rate-limit 1 10 message 337004
  logging rate-limit 1 10 message 337005
  logging rate-limit 1 10 message 337001
  logging rate-limit 1 10 message 337002
  logging rate-limit 1 60 message 199020
  logging rate-limit 1 10 message 337003
  logging rate-limit 2 5 message 199011
  logging rate-limit 1 10 message 199010
  logging rate-limit 1 10 message 337009
  logging rate-limit 2 5 message 199012
  logging rate-limit 1 10 message 710002
  logging rate-limit 1 10 message 209003
  logging rate-limit 1 10 message 209004
  logging rate-limit 1 10 message 209005
  logging rate-limit 1 10 message 431002
  logging rate-limit 1 10 message 431001
  logging rate-limit 1 1 message 447001
  logging rate-limit 1 10 message 110003
  logging rate-limit 1 10 message 110002
  logging rate-limit 1 10 message 429007
  logging rate-limit 1 10 message 216004
  logging rate-limit 1 10 message 450001
  flow-export template timeout-rate 30
  flow-export active refresh-interval 1
  mtu Inside 1500
  mtu Outside 1500
  mtu management 1500
  mtu DMZ 1500
  mtu VOIP 1500
  icmp unreachable rate-limit 1 burst-size 1
  icmp deny any Outside
  asdm image disk0:/asdm-715.bin
  no asdm history enable
  arp timeout 14400
  no arp permit-nonconnected
  object network ROUTER-2811
  nat (Inside,Outside) static interface service tcp ssh 222
  object network ROUTER-2821
  nat (DMZ,Outside) static interface service tcp ssh 2222
  object network WEBCAM-01
  nat (Inside,Outside) static interface service tcp www 8080
  object network ROUTER-3745
  nat (VOIP,Outside) static interface service tcp ssh 2223
  object network RDP-DC1
  nat (Inside,Outside) static interface service tcp 3389 3389
  nat (any,Outside) after-auto source dynamic PAT-SOURCE interface
  access-group Outside_access_in in interface Outside
  ipv6 dhcprelay timeout 60
  router rip
  network 10.0.0.0
  version 2
  no auto-summary
  route Outside 0.0.0.0 0.0.0.0 199.195.168.113 1
  route Inside 128.162.1.0 255.255.255.0 10.10.0.2 1
  route Inside 128.162.10.0 255.255.255.0 10.10.0.2 1
  route Inside 128.162.20.0 255.255.255.0 10.10.0.2 1
  route Inside 172.16.10.0 255.255.255.0 10.10.1.2 1
  route Inside 172.16.20.0 255.255.255.0 10.10.1.2 1
  route Inside 192.168.1.0 255.255.255.0 10.10.1.2 1
  timeout xlate 3:00:00
  timeout pat-xlate 0:00:30
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  dynamic-access-policy-record DfltAccessPolicy
  action continue
  no cts server-group
  no cts sxp enable
  no cts sxp default
  no cts sxp default source-ip
  cts sxp reconciliation period 120
  cts sxp retry period 120
  user-identity enable
  user-identity domain LOCAL
  user-identity default-domain LOCAL
  user-identity action mac-address-mismatch remove-user-ip
  user-identity inactive-user-timer minutes 60
  user-identity poll-import-user-group-timer hours 8
  user-identity ad-agent active-user-database full-download
  user-identity ad-agent hello-timer seconds 30 retry-times 5
  no user-identity user-not-found enable
  aaa authentication ssh console LOCAL
  http server enable 443
  http 0.0.0.0 0.0.0.0 Inside
  http 98.22.121.x 255.255.255.255 Outside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  no snmp-server enable traps syslog
  no snmp-server enable traps ipsec start stop
  no snmp-server enable traps entity config-change fru-insert fru-remove fan-failure power-supply power-supply-presence cpu-temperature chassis-temperature power-supply-temperature chassis-fan-failure
  no snmp-server enable traps memory-threshold
  no snmp-server enable traps interface-threshold
  no snmp-server enable traps remote-access session-threshold-exceeded
  no snmp-server enable traps connection-limit-reached
  no snmp-server enable traps cpu threshold rising
  no snmp-server enable traps ikev2 start stop
  no snmp-server enable traps nat packet-discard
  snmp-server enable
  snmp-server listen-port 161
  fragment size 200 Inside
  fragment chain 24 Inside
  fragment timeout 5 Inside
  no fragment reassembly full Inside
  fragment size 200 Outside
  fragment chain 24 Outside
  fragment timeout 5 Outside
  no fragment reassembly full Outside
  fragment size 200 management
  fragment chain 24 management
  fragment timeout 5 management
  no fragment reassembly full management
  fragment size 200 DMZ
  fragment chain 24 DMZ
  fragment timeout 5 DMZ
  no fragment reassembly full DMZ
  fragment size 200 VOIP
  fragment chain 24 VOIP
  fragment timeout 5 VOIP
  no fragment reassembly full VOIP
  no sysopt connection timewait
  sysopt connection tcpmss 1380
  sysopt connection tcpmss minimum 0
  sysopt connection permit-vpn
  sysopt connection reclassify-vpn
  no sysopt connection preserve-vpn-flows
  no sysopt radius ignore-secret
  no sysopt noproxyarp Inside
  no sysopt noproxyarp Outside
  no sysopt noproxyarp management
  no sysopt noproxyarp DMZ
  no sysopt noproxyarp VOIP
  service password-recovery
  no crypto ipsec ikev2 sa-strength-enforcement
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec security-association lifetime kilobytes 4608000
  crypto ipsec security-association replay window-size 64
  crypto ipsec security-association pmtu-aging infinite
  crypto ipsec fragmentation before-encryption Inside
  crypto ipsec fragmentation before-encryption Outside
  crypto ipsec fragmentation before-encryption management
  crypto ipsec fragmentation before-encryption DMZ
  crypto ipsec fragmentation before-encryption VOIP
  crypto ipsec df-bit copy-df Inside
  crypto ipsec df-bit copy-df Outside
  crypto ipsec df-bit copy-df management
  crypto ipsec df-bit copy-df DMZ
  crypto ipsec df-bit copy-df VOIP
  crypto ca trustpool policy
  revocation-check none
  crl cache-time 60
  crl enforcenextupdate
  crypto isakmp identity auto
  crypto isakmp nat-traversal 20
  crypto ikev2 cookie-challenge 50
  crypto ikev2 limit max-in-negotiation-sa 100
  no crypto ikev2 limit max-sa
  crypto ikev2 redirect during-auth
  crypto ikev1 limit max-in-negotiation-sa 20
  telnet timeout 5
  ssh 0.0.0.0 0.0.0.0 Inside
  ssh 98.22.121.x 255.255.255.255 Outside
  ssh timeout 60
  ssh version 2
  ssh key-exchange group dh-group1-sha1
  console timeout 0
  vpn-addr-assign aaa
  vpn-addr-assign dhcp
  vpn-addr-assign local reuse-delay 0
  ipv6-vpn-addr-assign aaa
  ipv6-vpn-addr-assign local reuse-delay 0
  no vpn-sessiondb max-other-vpn-limit
  no vpn-sessiondb max-anyconnect-premium-or-essentials-limit
  no remote-access threshold
  l2tp tunnel hello 60
  tls-proxy maximum-session 100
  threat-detection rate dos-drop rate-interval 600 average-rate 100 burst-rate 400
  threat-detection rate dos-drop rate-interval 3600 average-rate 80 burst-rate 320
  threat-detection rate bad-packet-drop rate-interval 600 average-rate 100 burst-rate 400
  threat-detection rate bad-packet-drop rate-interval 3600 average-rate 80 burst-rate 320
  threat-detection rate acl-drop rate-interval 600 average-rate 400 burst-rate 800
  threat-detection rate acl-drop rate-interval 3600 average-rate 320 burst-rate 640
  threat-detection rate conn-limit-drop rate-interval 600 average-rate 100 burst-rate 400
  threat-detection rate conn-limit-drop rate-interval 3600 average-rate 80 burst-rate 320
  threat-detection rate icmp-drop rate-interval 600 average-rate 100 burst-rate 400
  threat-detection rate icmp-drop rate-interval 3600 average-rate 80 burst-rate 320
  threat-detection rate scanning-threat rate-interval 600 average-rate 5 burst-rate 10
  threat-detection rate scanning-threat rate-interval 3600 average-rate 4 burst-rate 8
  threat-detection rate syn-attack rate-interval 600 average-rate 100 burst-rate 200
  threat-detection rate syn-attack rate-interval 3600 average-rate 80 burst-rate 160
  threat-detection rate fw-drop rate-interval 600 average-rate 400 burst-rate 1600
  threat-detection rate fw-drop rate-interval 3600 average-rate 320 burst-rate 1280
  threat-detection rate inspect-drop rate-interval 600 average-rate 400 burst-rate 1600
  threat-detection rate inspect-drop rate-interval 3600 average-rate 320 burst-rate 1280
  threat-detection rate interface-drop rate-interval 600 average-rate 2000 burst-rate 8000
  threat-detection rate interface-drop rate-interval 3600 average-rate 1600 burst-rate 6400
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  ntp server 24.56.178.140 source Outside prefer
  ssl server-version any
  ssl client-version any
  ssl encryption rc4-sha1 dhe-aes128-sha1 dhe-aes256-sha1 aes128-sha1 aes256-sha1 3des-sha1
  ssl certificate-authentication fca-timeout 2
  webvpn
  memory-size percent 50
  port 443
  dtls port 443
  character-encoding none
  no http-proxy
  no https-proxy
  default-idle-timeout 1800
  portal-access-rule none
  no csd enable
  no anyconnect enable
  no tunnel-group-list enable
  no tunnel-group-preference group-url
  rewrite order 65535 enable resource-mask *
  no internal-password
  no onscreen-keyboard
  no default-language
  no smart-tunnel notification-icon
  no keepout
  cache
    no disable
    max-object-size 1000
    min-object-size 0
    no cache-static-content enable
    lmfactor 20
    expiry-time 1
  no auto-signon
  no error-recovery disable
  no ssl-server-check
  no mus password
  mus host mus.cisco.com
  no hostscan data-limit
  : # show import webvpn customization
  : Template
  : DfltCustomization
  : # show import webvpn url-list
  : Template
  : # show import webvpn translation-table
  : Translation Tables' Templates:
  :   PortForwarder
  :   banners
  :   customization
  :   url-list
  :   webvpn
  : Translation Tables:
  :   fr                   PortForwarder
  :   fr                   customization
  :   fr                   webvpn
  :   ja                   PortForwarder
  :   ja                   customization
  :   ja                   webvpn
  :   ru                   PortForwarder
  :   ru                   customization
  :   ru                   webvpn
  : # show import webvpn mst-translation
  : No MS translation tables defined
  : # show import webvpn webcontent
  : No custom webcontent is loaded
  : # show import webvpn AnyConnect-customization
  : No OEM resources defined
  : # show import webvpn plug-in
  group-policy DfltGrpPolicy internal
  group-policy DfltGrpPolicy attributes
  banner none
  wins-server none
  dns-server none
  dhcp-network-scope none
  vpn-access-hours none
  vpn-simultaneous-logins 3
  vpn-idle-timeout 30
  vpn-idle-timeout alert-interval 1
  vpn-session-timeout none
  vpn-session-timeout alert-interval 1
  vpn-filter none
  ipv6-vpn-filter none
  vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec ssl-clientless
  password-storage disable
  ip-comp disable
  re-xauth disable
  group-lock none
  pfs disable
  ipsec-udp disable
  ipsec-udp-port 10000
  split-tunnel-policy tunnelall
  ipv6-split-tunnel-policy tunnelall
  split-tunnel-network-list none
  default-domain none
  split-dns none
  split-tunnel-all-dns disable
  intercept-dhcp 255.255.255.255 disable
  secure-unit-authentication disable
  user-authentication disable
  user-authentication-idle-timeout 30
  ip-phone-bypass disable
  client-bypass-protocol disable
  gateway-fqdn none
  leap-bypass disable
  nem disable
  backup-servers keep-client-config
  msie-proxy server none
  msie-proxy method no-modify
  msie-proxy except-list none
  msie-proxy local-bypass disable
  msie-proxy pac-url none
  msie-proxy lockdown enable
  vlan none
  nac-settings none
  address-pools none
  ipv6-address-pools none
  smartcard-removal-disconnect enable
  scep-forwarding-url none
  client-firewall none
  client-access-rule none
  webvpn
    url-list none
    filter none
    homepage none
    html-content-filter none
    port-forward name Application Access
    port-forward disable
    http-proxy disable
    sso-server none
    anyconnect ssl dtls enable
    anyconnect mtu 1406
    anyconnect firewall-rule client-interface private none
    anyconnect firewall-rule client-interface public none
    anyconnect keep-installer installed
    anyconnect ssl keepalive 20
    anyconnect ssl rekey time none
    anyconnect ssl rekey method none
    anyconnect dpd-interval client 30
    anyconnect dpd-interval gateway 30
    anyconnect ssl compression none
    anyconnect dtls compression none
    anyconnect modules none
    anyconnect profiles none
    anyconnect ask none
    customization none
    keep-alive-ignore 4
    http-comp gzip
    download-max-size 2147483647
    upload-max-size 2147483647
    post-max-size 2147483647
    user-storage none
    storage-objects value cookies,credentials
    storage-key none
    hidden-shares none
    smart-tunnel disable
    activex-relay enable
    unix-auth-uid 65534
    unix-auth-gid 65534
    file-entry enable
    file-browsing enable
    url-entry enable
    deny-message value Login was successful, but because certain criteria have not been met or due to some specific group policy, you do not have permission to use any of the VPN features. Contact your IT administrator for more information
    smart-tunnel auto-signon disable
    anyconnect ssl df-bit-ignore disable
    anyconnect routing-filtering-ignore disable
    smart-tunnel tunnel-policy tunnelall
    always-on-vpn profile-setting
  password-policy minimum-length 3
  password-policy minimum-changes 0
  password-policy minimum-lowercase 0
  password-policy minimum-uppercase 0
  password-policy minimum-numeric 0
  password-policy minimum-special 0
  password-policy lifetime 0
  no password-policy authenticate-enable
  quota management-session 0
  tunnel-group DefaultL2LGroup type ipsec-l2l
  tunnel-group DefaultL2LGroup general-attributes
  no accounting-server-group
  default-group-policy DfltGrpPolicy
  tunnel-group DefaultL2LGroup ipsec-attributes
  no ikev1 pre-shared-key
  peer-id-validate req
  no chain
  no ikev1 trust-point
  isakmp keepalive threshold 10 retry 2
  no ikev2 remote-authentication
  no ikev2 local-authentication
  tunnel-group DefaultRAGroup type remote-access
  tunnel-group DefaultRAGroup general-attributes
  no address-pool
  no ipv6-address-pool
  authentication-server-group LOCAL
  secondary-authentication-server-group none
  no accounting-server-group
  default-group-policy DfltGrpPolicy
  no dhcp-server
  no strip-realm
  no nat-assigned-to-public-ip
  no scep-enrollment enable
  no password-management
  no override-account-disable
  no strip-group
  no authorization-required
  username-from-certificate CN OU
  secondary-username-from-certificate CN OU
  authentication-attr-from-server primary
  authenticated-session-username primary
  tunnel-group DefaultRAGroup webvpn-attributes
  customization DfltCustomization
  authentication aaa
  no override-svc-download
  no radius-reject-message
  no proxy-auth sdi
  no pre-fill-username ssl-client
  no pre-fill-username clientless
  no secondary-pre-fill-username ssl-client
  no secondary-pre-fill-username clientless
  dns-group DefaultDNS
  no without-csd
  tunnel-group DefaultRAGroup ipsec-attributes
  no ikev1 pre-shared-key
  peer-id-validate req
  no chain
  no ikev1 trust-point
  no ikev1 radius-sdi-xauth
  isakmp keepalive threshold 300 retry 2
  ikev1 user-authentication xauth
  no ikev2 remote-authentication
  no ikev2 local-authentication
  tunnel-group DefaultRAGroup ppp-attributes
  no authentication pap
  authentication chap
  authentication ms-chap-v1
  no authentication ms-chap-v2
  no authentication eap-proxy
  tunnel-group DefaultWEBVPNGroup type remote-access
  tunnel-group DefaultWEBVPNGroup general-attributes
  no address-pool
  no ipv6-address-pool
  authentication-server-group LOCAL
  secondary-authentication-server-group none
  no accounting-server-group
  default-group-policy DfltGrpPolicy
  no dhcp-server
  no strip-realm
  no nat-assigned-to-public-ip
  no scep-enrollment enable
  no password-management
  no override-account-disable
  no strip-group
  no authorization-required
  username-from-certificate CN OU
  secondary-username-from-certificate CN OU
  authentication-attr-from-server primary
  authenticated-session-username primary
  tunnel-group DefaultWEBVPNGroup webvpn-attributes
  customization DfltCustomization
  authentication aaa
  no override-svc-download
  no radius-reject-message
  no proxy-auth sdi
  no pre-fill-username ssl-client
  no pre-fill-username clientless
  no secondary-pre-fill-username ssl-client
  no secondary-pre-fill-username clientless
  dns-group DefaultDNS
  no without-csd
  tunnel-group DefaultWEBVPNGroup ipsec-attributes
  no ikev1 pre-shared-key
  peer-id-validate req
  no chain
  no ikev1 trust-point
  no ikev1 radius-sdi-xauth
  isakmp keepalive threshold 300 retry 2
  ikev1 user-authentication xauth
  no ikev2 remote-authentication
  no ikev2 local-authentication
  tunnel-group DefaultWEBVPNGroup ppp-attributes
  no authentication pap
  authentication chap
  authentication ms-chap-v1
  no authentication ms-chap-v2
  no authentication eap-proxy
  class-map type inspect http match-all _default_gator
  match request header user-agent regex _default_gator
  class-map type inspect http match-all _default_msn-messenger
  match response header content-type regex _default_msn-messenger
  class-map type inspect http match-all _default_yahoo-messenger
  match request body regex _default_yahoo-messenger
  class-map type inspect http match-all _default_windows-media-player-tunnel
  match request header user-agent regex _default_windows-media-player-tunnel
  class-map type inspect http match-all _default_gnu-http-tunnel
  match request args regex _default_gnu-http-tunnel_arg
  match request uri regex _default_gnu-http-tunnel_uri
  class-map type inspect http match-all _default_firethru-tunnel
  match request header host regex _default_firethru-tunnel_1
  match request uri regex _default_firethru-tunnel_2
  class-map type inspect http match-all _default_aim-messenger
  match request header host regex _default_aim-messenger
  class-map type inspect http match-all _default_http-tunnel
  match request uri regex _default_http-tunnel
  class-map type inspect http match-all _default_kazaa
  match response header regex _default_x-kazaa-network count gt 0
  class-map type inspect http match-all _default_shoutcast-tunneling-protocol
  match request header regex _default_icy-metadata regex _default_shoutcast-tunneling-protocol
  class-map class-default
  match any
  class-map inspection_default
  match default-inspection-traffic
  class-map type inspect http match-all _default_GoToMyPC-tunnel
  match request args regex _default_GoToMyPC-tunnel
  match request uri regex _default_GoToMyPC-tunnel_2
  class-map type inspect http match-all _default_httport-tunnel
  match request header host regex _default_httport-tunnel
  policy-map type inspect rtsp _default_rtsp_map
  description Default RTSP policymap
  parameters
  policy-map type inspect ipv6 _default_ipv6_map
  description Default IPV6 policy-map
  parameters
    verify-header type
    verify-header order
  match header routing-type range 0 255
    drop log
  policy-map type inspect h323 _default_h323_map
  description Default H.323 policymap
  parameters
    no rtp-conformance
  policy-map type inspect dns migrated_dns_map_1
  parameters
    message-length maximum client auto
    message-length maximum 512
    no message-length maximum server
    dns-guard
    protocol-enforcement
    nat-rewrite
    no id-randomization
    no id-mismatch
    no tsig enforced
  policy-map type inspect esmtp _default_esmtp_map
  description Default ESMTP policy-map
  parameters
    mask-banner
    no mail-relay
    no special-character
    no allow-tls
  match cmd line length gt 512
    drop-connection log
  match cmd RCPT count gt 100
    drop-connection log
  match body line length gt 998
    log
  match header line length gt 998
    drop-connection log
  match sender-address length gt 320
    drop-connection log
  match MIME filename length gt 255
    drop-connection log
  match ehlo-reply-parameter others
    mask
  policy-map type inspect ip-options _default_ip_options_map
  description Default IP-OPTIONS policy-map
  parameters
    router-alert action allow
  policy-map global_policy
  class inspection_default
    inspect dns migrated_dns_map_1
    inspect ftp
    inspect h323 h225 _default_h323_map
    inspect h323 ras _default_h323_map
    inspect rsh
    inspect rtsp
    inspect esmtp _default_esmtp_map
    inspect sqlnet
    inspect skinny
    inspect sunrpc
    inspect xdmcp
    inspect sip
    inspect netbios
    inspect tftp
    inspect ip-options _default_ip_options_map
    inspect icmp
    inspect icmp error
    inspect pptp
  class class-default
  policy-map type inspect sip _default_sip_map
  description Default SIP policymap
  parameters
    im
    no ip-address-privacy
    traffic-non-sip
    no rtp-conformance
  policy-map type inspect dns _default_dns_map
  description Default DNS policy-map
  parameters
    no message-length maximum client
    no message-le

  I ran those commands while I had the nat off on the router and here are the results. note, i didn't make any changes to the ASA as you only said to remove the router RIP which I did and reloaded and no change.
  As long as the statements ip nat outside on the Fastethernet 0/0 is off and the ip nat inside is off on the vlan and the overload statement is taken out, I cannot hit the internet.
  CISCO-2811#conf t
  Enter configuration commands, one per line.  End with CNTL/Z.
  CISCO-2811(config)#int
  CISCO-2811(config)#interface f
  CISCO-2811(config)#interface fastEthernet 0/1.3
  CISCO-2811(config-subif)#no ip nat inside
  CISCO-2811(config-subif)#exit
  CISCO-2811(config)#inter
  CISCO-2811(config)#interface f
  CISCO-2811(config)#interface fastEthernet 0/0
  CISCO-2811(config-if)#no ip nat outside
  CISCO-2811(config-if)#exit
  CISCO-2811(config)#$nside source list 1 interface FastEthernet0/0 overload
  Dynamic mapping in use, do you want to delete all entries? [no]: y
  CISCO-2811(config)#exit
  CISCO-2811#sh ip arp
  Protocol  Address          Age (min)  Hardware Addr   Type   Interface
  Internet  10.10.1.1             202   c47d.4f3b.8ea6  ARPA   FastEthernet0/0
  Internet  10.10.1.2               -   0019.55a7.2ae8  ARPA   FastEthernet0/0
  Internet  172.16.10.1             -   0019.55a7.2ae9  ARPA   FastEthernet0/1.1
  Internet  172.16.10.3           238   0011.5c73.28c1  ARPA   FastEthernet0/1.1
  Internet  172.16.10.50           72   cc2d.8c78.065a  ARPA   FastEthernet0/1.1
  Internet  172.16.20.1             -   0019.55a7.2ae9  ARPA   FastEthernet0/1.2
  Internet  172.16.20.3           196   0011.5c73.28c2  ARPA   FastEthernet0/1.2
  Internet  192.168.1.1             -   0019.55a7.2ae9  ARPA   FastEthernet0/1.3
  Internet  192.168.1.2             0   0024.e864.01a8  ARPA   FastEthernet0/1.3
  Internet  192.168.1.3           155   0011.5c73.28c0  ARPA   FastEthernet0/1.3
  Internet  192.168.1.5            61   4802.2a4c.1c74  ARPA   FastEthernet0/1.3
  Internet  192.168.1.20            0   5cf9.dd52.5fa9  ARPA   FastEthernet0/1.3
  Internet  192.168.1.50            0   308c.fb47.f2d9  ARPA   FastEthernet0/1.3
  Internet  192.168.1.51            1   ec35.8677.4057  ARPA   FastEthernet0/1.3
  Internet  192.168.1.52            1   b418.d136.ef72  ARPA   FastEthernet0/1.3
  Internet  192.168.1.53            1   8853.9572.e113  ARPA   FastEthernet0/1.3
  Internet  192.168.1.54           12   0009.b044.9f23  ARPA   FastEthernet0/1.3
  Internet  192.168.1.55            0   f47b.5e9a.7ae5  ARPA   FastEthernet0/1.3
  Internet  192.168.1.149           0   001e.4fc5.a199  ARPA   FastEthernet0/1.3
  Internet  192.168.1.174           0   b8ac.6fff.af83  ARPA   FastEthernet0/1.3
  CISCO-2811#sh ip route
  Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
         D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
         N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
         E1 - OSPF external type 1, E2 - OSPF external type 2
         i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
         ia - IS-IS inter area, * - candidate default, U - per-user static route
         o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
         + - replicated route, % - next hop override
  Gateway of last resort is 10.10.1.1 to network 0.0.0.0
  S*    0.0.0.0/0 [1/0] via 10.10.1.1
        10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
  C        10.10.1.0/30 is directly connected, FastEthernet0/0
  L        10.10.1.2/32 is directly connected, FastEthernet0/0
        172.16.0.0/16 is variably subnetted, 4 subnets, 2 masks
  C        172.16.10.0/24 is directly connected, FastEthernet0/1.1
  L        172.16.10.1/32 is directly connected, FastEthernet0/1.1
  C        172.16.20.0/24 is directly connected, FastEthernet0/1.2
  L        172.16.20.1/32 is directly connected, FastEthernet0/1.2
        192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
  C        192.168.1.0/24 is directly connected, FastEthernet0/1.3
  L        192.168.1.1/32 is directly connected, FastEthernet0/1.3
  ASA
  ASA5510# sh arp
          Inside 10.10.1.2 0019.55a7.2ae8 12342
          Outside 199.195.168.113 000c.4243.581a 2
          Outside 199.195.168.116 e05f.b947.116b 2436
          Outside 199.195.168.120 0017.c58a.1123 9192
          DMZ 10.10.0.2 0025.849f.63e0 3192
          VOIP 10.10.2.2 000d.bcdc.fc40 7754
  ASA5510# sh route
  Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
         D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
         N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
         E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
         i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
         * - candidate default, U - per-user static route, o - ODR
         P - periodic downloaded static route
  Gateway of last resort is 199.195.168.113 to network 0.0.0.0
  S    172.16.20.0 255.255.255.0 [1/0] via 10.10.1.2, Inside
  S    172.16.10.0 255.255.255.0 [1/0] via 10.10.1.2, Inside
  S    128.162.1.0 255.255.255.0 [1/0] via 10.10.0.2, DMZ
  S    128.162.10.0 255.255.255.0 [1/0] via 10.10.0.2, DMZ
  S    128.162.20.0 255.255.255.0 [1/0] via 10.10.0.2, DMZ
  C    199.195.168.112 255.255.255.240 is directly connected, Outside
  C    10.10.0.0 255.255.255.252 is directly connected, DMZ
  C    10.10.1.0 255.255.255.252 is directly connected, Inside
  S    192.168.1.0 255.255.255.0 [1/0] via 10.10.1.2, Inside
  S*   0.0.0.0 0.0.0.0 [1/0] via 199.195.168.113, Outside
  ASA5510# show xlate
  35 in use, 784 most used
  Flags: D - DNS, e - extended, I - identity, i - dynamic, r - portmap,
         s - static, T - twice, N - net-to-net
  TCP PAT from DMZ:10.10.0.2 22-22 to Outside:199.195.168.x 2222-2222
      flags sr idle 481:54:14 timeout 0:00:00
  TCP PAT from Inside:10.10.1.2 22-22 to Outside:199.195.168.x 222-222
      flags sr idle 51:06:46 timeout 0:00:00
  TCP PAT from VOIP:10.10.2.2 22-22 to Outside:199.195.168.x 2223-2223
      flags sr idle 687:32:27 timeout 0:00:00
  TCP PAT from Inside:192.168.1.2 3389-3389 to Outside:199.195.168.x 3389-3389
      flags sr idle 457:17:01 timeout 0:00:00
  TCP PAT from Inside:192.168.1.5 80-80 to Outside:199.195.168.x 8080-8080
      flags sr idle 52:18:58 timeout 0:00:00
  NAT from Outside:0.0.0.0/0 to any:0.0.0.0/0
      flags sIT idle 353:10:21 timeout 0:00:00
  UDP PAT from any:10.10.1.2/52581 to Outside:199.195.168.x/52581 flags ri idle 0:00:00 timeout 0:00:30
  UDP PAT from any:10.10.1.2/55389 to Outside:199.195.168.x/55389 flags ri idle 0:00:03 timeout 0:00:30
  UDP PAT from any:10.10.1.2/51936 to Outside:199.195.168.x/51936 flags ri idle 0:00:04 timeout 0:00:30
  UDP PAT from any:10.10.1.2/51345 to Outside:199.195.168.x/51345 flags ri idle 0:00:09 timeout 0:00:30
  UDP PAT from any:10.10.1.2/55985 to Outside:199.195.168.x/55985 flags ri idle 0:00:18 timeout 0:00:30
  UDP PAT from any:10.10.1.2/49368 to Outside:199.195.168.x/49368 flags ri idle 0:00:22 timeout 0:00:30
  UDP PAT from any:10.10.1.2/52441 to Outside:199.195.168.x/52441 flags ri idle 0:00:23 timeout 0:00:30
  TCP PAT from any:10.10.1.2/57908 to Outside:199.195.168.x/57908 flags ri idle 0:08:37 timeout 0:00:30
  TCP PAT from any:10.10.1.2/57907 to Outside:199.195.168.x/57907 flags ri idle 0:08:37 timeout 0:00:30
  TCP PAT from any:10.10.1.2/57906 to Outside:199.195.168.x/57906 flags ri idle 0:08:37 timeout 0:00:30
  TCP PAT from any:10.10.1.2/57896 to Outside:199.195.168.x/57896 flags ri idle 0:09:09 timeout 0:00:30
  TCP PAT from any:10.10.1.2/57879 to Outside:199.195.168.x/57879 flags ri idle 0:10:23 timeout 0:00:30
  TCP PAT from any:10.10.1.2/49441 to Outside:199.195.168.x/49441 flags ri idle 0:20:52 timeout 0:00:30
  TCP PAT from any:10.10.1.2/57868 to Outside:199.195.168.x/57868 flags ri idle 0:25:28 timeout 0:00:30
  TCP PAT from any:10.10.1.2/60519 to Outside:199.195.168.x/60519 flags ri idle 0:44:11 timeout 0:00:30
  TCP PAT from any:10.10.1.2/60491 to Outside:199.195.168.x/60491 flags ri idle 0:44:20 timeout 0:00:30
  TCP PAT from any:10.10.1.2/60484 to Outside:199.195.168.x/60484 flags ri idle 0:44:35 timeout 0:00:30
  TCP PAT from any:10.10.1.2/60480 to Outside:199.195.168.x/60480 flags ri idle 0:44:51 timeout 0:00:30
  TCP PAT from any:10.10.1.2/53851 to Outside:199.195.168.x/53851 flags ri idle 0:54:14 timeout 0:00:30
  TCP PAT from any:10.10.1.2/57812 to Outside:199.195.168.x/57812 flags ri idle 0:58:30 timeout 0:00:30
  TCP PAT from any:10.10.1.2/57810 to Outside:199.195.168.x/57810 flags ri idle 0:58:32 timeout 0:00:30
  TCP PAT from any:10.10.1.2/53847 to Outside:199.195.168.x/53847 flags ri idle 1:00:18 timeout 0:00:30
  TCP PAT from any:10.10.1.2/57808 to Outside:199.195.168.x/57808 flags ri idle 1:07:58 timeout 0:00:30
  TCP PAT from any:10.10.1.2/60406 to Outside:199.195.168.x/60406 flags ri idle 1:42:13 timeout 0:00:30
  TCP PAT from any:10.10.1.2/49259 to Outside:199.195.168.x/49259 flags ri idle 7:39:44 timeout 0:00:30
  TCP PAT from any:10.10.1.2/49191 to Outside:199.195.168.x/49191 flags ri idle 7:42:39 timeout 0:00:30
  TCP PAT from any:10.10.1.2/55951 to Outside:199.195.168.x/55951 flags ri idle 23:11:40 timeout 0:00:30
  TCP PAT from any:10.10.1.2/55944 to Outside:199.195.168.x/55944 flags ri idle 23:15:19 timeout 0:00:30
  TCP PAT from any:10.10.1.2/55942 to Outside:199.195.168.x/55942 flags ri idle 23:15:24 timeout 0:00:30
  ASA5510# sh conn all
  149 in use, 815 most used
  TCP Outside  74.125.193.108:993 Inside  10.10.1.2:57879, idle 0:12:37, bytes 6398, flags UIO
  TCP Outside  174.35.24.74:80 Inside  192.168.1.20:53879, idle 0:00:01, bytes 0, flags saA
  TCP Outside  174.35.24.74:80 Inside  192.168.1.20:53878, idle 0:00:01, bytes 0, flags saA
  TCP Outside  17.149.36.177:5223 Inside  10.10.1.2:60480, idle 0:16:53, bytes 4539, flags UIO
  TCP Outside  98.22.121.19:443 Inside  192.168.1.20:53877, idle 0:00:02, bytes 0, flags saA
  TCP Outside  98.22.121.19:443 Inside  192.168.1.20:53876, idle 0:00:02, bytes 0, flags saA
  TCP Outside  98.22.121.19:443 Inside  192.168.1.20:53875, idle 0:00:05, bytes 0, flags saA
  TCP Outside  98.22.121.19:443 Inside  192.168.1.20:53874, idle 0:00:05, bytes 0, flags saA
  TCP Outside  98.22.121.19:443 Inside  192.168.1.20:53872, idle 0:00:11, bytes 0, flags saA
  TCP Outside  98.22.121.19:443 Inside  192.168.1.20:53871, idle 0:00:11, bytes 0, flags saA
  TCP Outside  98.22.121.19:443 Inside  192.168.1.20:53868, idle 0:00:08, bytes 0, flags saA
  TCP Outside  98.22.121.19:443 Inside  192.168.1.20:53867, idle 0:00:08, bytes 0, flags saA
  TCP Outside  98.22.121.19:443 Inside  192.168.1.20:53860, idle 0:00:17, bytes 0, flags saA
  TCP Outside  98.22.121.19:443 Inside  192.168.1.20:53859, idle 0:00:17, bytes 0, flags saA
  TCP Outside  17.172.233.95:5223 Inside  10.10.1.2:49191, idle 0:18:48, bytes 7384, flags UIO
  TCP Outside  17.178.100.43:443 Inside  10.10.1.2:57810, idle 0:56:21, bytes 5797, flags UFIO
  TCP Outside  23.206.216.93:80 Inside  10.10.1.2:53847, idle 0:54:15, bytes 2683, flags UFIO
  TCP Outside  143.127.93.90:80 Inside  10.10.1.2:49259, idle 0:12:20, bytes 13315, flags UIO
  TCP Outside  74.125.225.53:443 Inside  192.168.1.20:53864, idle 0:00:11, bytes 0, flags saA
  UDP Outside  199.195.168.4:53 Inside  192.168.1.2:49204, idle 0:00:04, bytes 67, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.174:50122, idle 0:00:07, bytes 43, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.2:63275, idle 0:00:08, bytes 54, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.2:63306, idle 0:00:18, bytes 51, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.2:65059, idle 0:00:22, bytes 46, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.2:64681, idle 0:00:30, bytes 54, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.2:64661, idle 0:00:30, bytes 51, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.20:55618, idle 0:00:32, bytes 43, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.2:65056, idle 0:00:33, bytes 48, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.55:59433, idle 0:00:41, bytes 33, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.20:52178, idle 0:00:42, bytes 33, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.174:61414, idle 0:00:43, bytes 34, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.2:65438, idle 0:00:44, bytes 44, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.2:63686, idle 0:00:44, bytes 51, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.2:65416, idle 0:00:45, bytes 45, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.52:53047, idle 0:00:47, bytes 32, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.52:62213, idle 0:00:46, bytes 74, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.52:52347, idle 0:00:46, bytes 92, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.52:58069, idle 0:00:46, bytes 64, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.52:50753, idle 0:00:46, bytes 74, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.2:65381, idle 0:00:50, bytes 50, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.2:65082, idle 0:00:50, bytes 51, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.2:64038, idle 0:00:50, bytes 54, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.2:49309, idle 0:00:51, bytes 43, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.2:64034, idle 0:00:51, bytes 54, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.2:49197, idle 0:00:51, bytes 50, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.2:64728, idle 0:00:51, bytes 49, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.2:64309, idle 0:00:51, bytes 54, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.2:63289, idle 0:00:51, bytes 51, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.2:64174, idle 0:00:52, bytes 54, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.55:39286, idle 0:01:09, bytes 33, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.2:63726, idle 0:01:09, bytes 54, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.2:65482, idle 0:01:12, bytes 51, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.2:65091, idle 0:01:13, bytes 61, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.2:64976, idle 0:01:13, bytes 57, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.2:63749, idle 0:00:51, bytes 103, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.2:64043, idle 0:01:14, bytes 52, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.2:64267, idle 0:01:24, bytes 45, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.2:64467, idle 0:01:26, bytes 45, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.2:65504, idle 0:01:26, bytes 46, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.55:38946, idle 0:01:35, bytes 33, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.2:63701, idle 0:01:38, bytes 51, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.2:63879, idle 0:01:46, bytes 45, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.174:58516, idle 0:01:49, bytes 51, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.2:63227, idle 0:01:51, bytes 62, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.174:65446, idle 0:01:53, bytes 43, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.2:49166, idle 0:01:55, bytes 54, flags -
  UDP Outside  199.195.168.4:53 Inside  192.168.1.55:56680, idle 0:02:01, bytes 33, flags -
  UDP Outside  192.55.83.30:53 Inside  192.168.1.2:65073, idle 0:00:44, bytes 50, flags -
  TCP Outside  74.125.193.109:993 Inside  10.10.1.2:57808, idle 0:39:33, bytes 6392, flags UFIO
  TCP Outside  74.125.225.54:443 Inside  192.168.1.20:53863, idle 0:00:13, bytes 0, flags saA
  TCP Outside  143.127.93.89:80 Inside  10.10.1.2:60519, idle 0:46:30, bytes 346, flags UO
  TCP Outside  74.125.225.32:443 Inside  192.168.1.20:53881, idle 0:00:01, bytes 0, flags saA
  TCP Outside  74.125.225.32:443 Inside  192.168.1.20:53880, idle 0:00:01, bytes 0, flags saA
  UDP Outside  205.171.3.65:53 Inside  192.168.1.52:60627, idle 0:00:39, bytes 78, flags -
  UDP Outside  205.171.3.65:53 Inside  192.168.1.52:52088, idle 0:00:39, bytes 86, flags -
  UDP Outside  205.171.3.65:53 Inside  192.168.1.52:50533, idle 0:00:39, bytes 76, flags -
  UDP Outside  205.171.3.65:53 Inside  192.168.1.52:63347, idle 0:00:39, bytes 80, flags -
  UDP Outside  205.171.3.65:53 Inside  192.168.1.52:62213, idle 0:00:40, bytes 37, flags -
  UDP Outside  205.171.3.65:53 Inside  192.168.1.52:52347, idle 0:00:40, bytes 46, flags -
  UDP Outside  205.171.3.65:53 Inside  192.168.1.52:58069, idle 0:00:40, bytes 32, flags -
  UDP Outside  205.171.3.65:53 Inside  192.168.1.52:50753, idle 0:00:40, bytes 37, flags -
  UDP Outside  205.171.3.65:53 Inside  192.168.1.174:52254, idle 0:01:09, bytes 43, flags -
  UDP Outside  205.171.3.65:53 Inside  192.168.1.174:50791, idle 0:01:25, bytes 35, flags -
  TCP Outside  74.125.225.46:443 Inside  192.168.1.20:53870, idle 0:00:08, bytes 0, flags saA
  TCP Outside  17.173.255.101:443 Inside  10.10.1.2:53851, idle 0:56:33, bytes 58, flags UfIO
  TCP Outside  64.4.23.147:33033 Inside  10.10.1.2:55944, idle 0:44:45, bytes 558164, flags UFIO
  TCP Outside  74.125.225.35:443 Inside  192.168.1.20:53869, idle 0:00:09, bytes 0, flags saA
  UDP Outside  64.4.23.175:33033 Inside  192.168.1.174:26511, idle 0:01:17, bytes 28, flags -
  UDP Outside  192.54.112.30:53 Inside  192.168.1.2:65380, idle 0:00:44, bytes 49, flags -
  TCP Outside  74.125.142.108:993 Inside  10.10.1.2:57908, idle 0:10:47, bytes 7895, flags UIO
  TCP Outside  74.125.142.108:993 Inside  10.10.1.2:57907, idle 0:10:49, bytes 20323, flags UIO
  TCP Outside  74.125.142.108:993 Inside  10.10.1.2:57906, idle 0:10:47, bytes 6539, flags UIO
  TCP Outside  74.125.142.108:993 Inside  10.10.1.2:57868, idle 0:27:44, bytes 6395, flags UIO
  TCP Outside  91.190.218.59:443 Inside  10.10.1.2:55942, idle 0:41:39, bytes 2727, flags UFIO
  TCP Outside  17.172.233.123:5223 Inside  10.10.1.2:49441, idle 0:23:10, bytes 4409, flags UIO
  TCP Outside  74.125.225.41:443 Inside  192.168.1.20:53862, idle 0:00:16, bytes 0, flags saA
  TCP Outside  74.125.225.41:443 Inside  192.168.1.20:53861, idle 0:00:16, bytes 0, flags saA
  TCP Outside  143.127.93.115:80 Inside  10.10.1.2:60406, idle 0:42:59, bytes 970, flags UFIO
  TCP Outside  143.127.93.118:80 Inside  10.10.1.2:60484, idle 0:46:54, bytes 328, flags UO
  TCP Outside  17.172.233.98:5223 Inside  10.10.1.2:57896, idle 0:11:28, bytes 5081, flags UIO
  UDP Outside  111.221.74.16:33033 Inside  192.168.1.174:26511, idle 0:01:18, bytes 31, flags -
  TCP Outside  17.149.36.103:5223 Inside  192.168.1.174:60729, idle 0:00:04, bytes 0, flags saA
  UDP Outside  192.5.6.30:53 Inside  192.168.1.2:65317, idle 0:00:44, bytes 51, flags -
  UDP Outside  192.12.94.30:53 Inside  192.168.1.2:65356, idle 0:00:44, bytes 54, flags -
  TCP Outside  17.149.36.180:5223 Inside  10.10.1.2:55951, idle 0:46:08, bytes 14059, flags UFIO
  UDP Outside  111.221.74.28:33033 Inside  192.168.1.174:26511, idle 0:01:20, bytes 33, flags -
  TCP Outside  63.235.20.160:80 Inside  192.168.1.20:53873, idle 0:00:08, bytes 0, flags saA
  TCP Outside  50.19.127.112:443 Inside  192.168.1.50:60678, idle 0:00:00, bytes 0, flags saA
  TCP Outside  65.55.122.234:80 Inside  192.168.1.174:60728, idle 0:00:14, bytes 0, flags saA
  TCP Outside  65.55.122.234:80 Inside  192.168.1.174:60727, idle 0:00:15, bytes 0, flags saA
  TCP Outside  65.55.122.234:80 Inside  192.168.1.174:60726, idle 0:00:15, bytes 0, flags saA
  TCP Outside  65.55.122.234:443 Inside  192.168.1.174:2492, idle 0:00:16, bytes 0, flags saA
  TCP Outside  65.55.122.234:2492 Inside  192.168.1.174:2492, idle 0:00:16, bytes 0, flags saA
  UDP Outside  157.55.56.170:33033 Inside  192.168.1.174:26511, idle 0:01:21, bytes 37, flags -
  TCP Outside  74.125.230.207:443 Inside  192.168.1.20:53866, idle 0:00:11, bytes 0, flags saA
  TCP Outside  74.125.230.207:443 Inside  192.168.1.20:53865, idle 0:00:11, bytes 0, flags saA
  UDP Outside  111.221.74.18:33033 Inside  192.168.1.174:26511, idle 0:01:17, bytes 29, flags -
  UDP Outside  8.8.8.8:53 Inside  192.168.1.20:55546, idle 0:00:06, bytes 46, flags -
  UDP Outside  8.8.8.8:53 Inside  192.168.1.20:60277, idle 0:00:06, bytes 46, flags -
  UDP Outside  8.8.8.8:53 Inside  192.168.1.20:55618, idle 0:00:34, bytes 43, flags -
  UDP Outside  8.8.8.8:53 Inside  192.168.1.52:60627, idle 0:00:36, bytes 78, flags -
  UDP Outside  8.8.8.8:53 Inside  192.168.1.52:52088, idle 0:00:36, bytes 86, flags -
  UDP Outside  8.8.8.8:53 Inside  192.168.1.52:50533, idle 0:00:36, bytes 76, flags -
  UDP Outside  8.8.8.8:53 Inside  192.168.1.52:63347, idle 0:00:36, bytes 80, flags -
  UDP Outside  8.8.8.8:53 Inside  192.168.1.20:56958, idle 0:01:24, bytes 34, flags -
  UDP Outside  8.8.8.8:53 Inside  192.168.1.20:51360, idle 0:01:26, bytes 34, flags -
  UDP Outside  8.8.8.8:53 Inside  192.168.1.174:50791, idle 0:01:27, bytes 35, flags -
  UDP Outside  8.8.8.8:53 Inside  192.168.1.20:54134, idle 0:01:46, bytes 34, flags -
  UDP Outside  8.8.8.8:53 Inside  192.168.1.174:58516, idle 0:01:50, bytes 51, flags -
  TCP Outside  23.207.7.46:80 Inside  192.168.1.55:59350, idle 0:00:02, bytes 0, flags saA
  TCP Outside  23.207.7.46:80 Inside  192.168.1.55:59349, idle 0:00:16, bytes 0, flags saA
  UDP Outside  205.171.2.65:53 Inside  192.168.1.174:50122, idle 0:00:09, bytes 43, flags -
  UDP Outside  205.171.2.65:53 Inside  192.168.1.55:48088, idle 0:00:42, bytes 33, flags -
  UDP Outside  205.171.2.65:53 Inside  192.168.1.52:62213, idle 0:00:45, bytes 74, flags -
  UDP Outside  205.171.2.65:53 Inside  192.168.1.52:52347, idle 0:00:45, bytes 92, flags -
  UDP Outside  205.171.2.65:53 Inside  192.168.1.52:58069, idle 0:00:45, bytes 64, flags -
  UDP Outside  205.171.2.65:53 Inside  192.168.1.52:50753, idle 0:00:45, bytes 74, flags -
  UDP Outside  205.171.2.65:53 Inside  192.168.1.174:61414, idle 0:00:47, bytes 34, flags -
  UDP Outside  205.171.2.65:53 Inside  192.168.1.55:54481, idle 0:01:08, bytes 33, flags -
  UDP Outside  205.171.2.65:53 Inside  192.168.1.174:52254, idle 0:01:09, bytes 43, flags -
  UDP Outside  205.171.2.65:53 Inside  192.168.1.55:40285, idle 0:01:34, bytes 33, flags -
  UDP Outside  205.171.2.65:53 Inside  192.168.1.174:65446, idle 0:01:55, bytes 43, flags -
  UDP Outside  205.171.2.65:53 Inside  192.168.1.55:46155, idle 0:02:00, bytes 33, flags -
  UDP Outside  66.104.81.70:5070 Inside  192.168.1.174:57609, idle 0:00:11, bytes 46, flags -
  UDP Outside  64.4.23.156:33033 Inside  192.168.1.174:26511, idle 0:01:14, bytes 38, flags -
  TCP Outside  65.54.167.15:12350 Inside  10.10.1.2:60491, idle 0:11:02, bytes 1405, flags UIO
  TCP Outside  17.172.192.35:443 Inside  10.10.1.2:57812, idle 0:56:11, bytes 6116, flags UFIO
  UDP Outside  157.55.56.176:33033 Inside  192.168.1.174:26511, idle 0:01:16, bytes 32, flags -
  TCP Inside  192.168.1.20:53667 NP Identity Ifc  10.10.1.1:22, idle 0:00:00, bytes 37555, flags UOB
  TCP Inside  10.10.1.2:53431 NP Identity Ifc  10.10.1.1:22, idle 0:09:03, bytes 20739, flags UOB
  Ran on the ASA while overload statements were down on the router:
  ASA5510#   packet-tracer input Inside tcp 192.168.1.100 12345 8.8.8.8 80
  Phase: 1
  Type: ROUTE-LOOKUP
  Subtype: input
  Result: ALLOW
  Config:
  Additional Information:
  in   0.0.0.0         0.0.0.0         Outside
  Phase: 2
  Type: NAT
  Subtype: per-session
  Result: ALLOW
  Config:
  Additional Information:
  Phase: 3
  Type: IP-OPTIONS
  Subtype:
  Result: ALLOW
  Config:
  Additional Information:
  Phase: 4
  Type: NAT
  Subtype: per-session
  Result: ALLOW
  Config:
  Additional Information:
  Phase: 5
  Type: IP-OPTIONS
  Subtype:
  Result: ALLOW
  Config:
  Additional Information:
  Phase: 6
  Type: FLOW-CREATION
  Subtype:
  Result: ALLOW
  Config:
  Additional Information:
  New flow created with id 1988699, packet dispatched to next module
  Result:
  input-interface: Inside
  input-status: up
  input-line-status: up
  output-interface: Outside
  output-status: up
  output-line-status: up
  Action: allow
  Had to put these back in to get to the internet:
  CISCO-2811#conf t
  Enter configuration commands, one per line.  End with CNTL/Z.
  CISCO-2811(config)#inter
  CISCO-2811(config)#interface f
  CISCO-2811(config)#interface fastEthernet 0/0
  CISCO-2811(config-if)#ip nat
  CISCO-2811(config-if)#ip nat Outside
  CISCO-2811(config-if)#exit
  CISCO-2811(config)#in
  CISCO-2811(config)#interface f
  CISCO-2811(config)#interface fastEthernet 0/1.3
  CISCO-2811(config-subif)#ip nat inside
  CISCO-2811(config-subif)#exit
  CISCO-2811(config)#$de source list 1 interface FastEthernet0/0 overload
  CISCO-2811(config)#
  Screenshot of ASDM: