Port 23 Inactive
I periodically need to access my employer's mainframe from home to provide production support. We can access the company servers that use Aventail Remote access software from clients via the Internet, logging in with a user id, pin plus a randomly generated code from an RSA token. I can log into the company servers, access my email and the company's intranet, but I cannot connect to the mainframe computers. To connect, I need ports 23 and 10023 to be active. Using Mozilla Firefox, the diagnostics from the failed connect indicate that port 23 is inactive and 10023 is active. Using Safari, ports 23 and 10023 are both inactive.
I am just conducting a test of accessing my company's mainframe on my son's MacBook Pro because I would like to switch from Windows to OS X. After connecting, I would use TN3270 to work. How can I make the required ports to be active when I need them to connect to my company's mainframe without having to install Windows XP on a Mac?
You're welcome. Please keep me up-to-date with your
progress.
Mahalo for the
It turns out that I don't need port 23 after all, just port 10023. The latter port was successfully activated during the mainframe connection attempt in the Firefox browser. Port 23 was not. I then configured the TN3270 emulator to use port 10023 instead of 23, and the emulator successfully connected.
The Safari browser, however, cannot connect to the mainframe. The very first connection attempt with this browser displayed the status window but failed to open ports 23 and 10023. Subsequent connection attempts fail to even display the status window. Block pop-ups must be unchecked for this to happen but it is unchecked. The browser just hangs on the connection attempt. But, since Firefox works, so what.
Similar Messages
-
4500 SFP supervisor ports inactive
We need to use the SFP ports on the supervisor modules, problem is that they are on inactive rather than nonconnect.
Probably an easy one...
switch#sh mod
Chassis Type : WS-C4510R
Power consumed by backplane : 40 Watts
Mod Ports Card Type Model
---+-----+--------------------------------------+--------------
1 6 Sup V-10GE 10GE (X2), 1000BaseX (SFP) WS-X4516-10GE
2 6 Sup V-10GE 10GE (X2), 1000BaseX (SFP) WS-X4516-10GE
3 48 10/100BaseTX (RJ45)V, Cisco/IEEE WS-X4248-RJ45V
4 48 10/100BaseTX (RJ45)V, Cisco/IEEE WS-X4248-RJ45V
5 48 10/100BaseTX (RJ45)V, Cisco/IEEE WS-X4248-RJ45V
switch#sh int status mod 1
Port Name Status Vlan Duplex Speed Type
Te1/1 notconnect 1 full 10G No X2
Te1/2 inactive 1 full 10G No X2
Gi1/3 inactive 1 full 1000 1000BaseLH
Gi1/4 inactive 1 full 1000 1000BaseLH
Gi1/5 inactive 1 full 1000 1000BaseLH
Gi1/6 inactive 1 full 1000 1000BaseLHHi Mark,
Simply configure "hw-module uplink select gigabitethernet"
documented here:
http://www.cisco.com/en/US/partner/products/hw/switches/ps4324/products_command_reference_chapter09186a00803ff0cf.html#wp1505563
HTH,
Bobby
*Please rate helpful posts. -
Thunderbolt port inactive after yosemite upgrade
Hi, had my yosemite upgrade and everything was fine but I notice that Thunderbolt port has stopped working
Has anyone else faced this problem?
VikramThunderbolt Connection Problems
Thunderbolt Device not Working
Thunderbolt Ports and Displays - FAQ -
Cisco Clean Access Server eth0 port inactive on install
I am trying to learn how the Cisco NAC appliances work. I have created a small self-contained test network with a Server 2003 domain controller, a fake domain setup and some workstations joined to the domain.
I have two NAC appliances, one is the Server and one is the Manager.
When I follow the instructions from the manual to install the server from the CD everything seems to go fine. I plan to use it as a bridge in the network so I applied the same IP address to both the eth0 and eth1 interface (the eth1 interface is not connected to the network during install as per instructions)
Here is the issue I am having: After configuration is finished and the CCA server re-boots, I cannot ping the server when it is connected by eth0. If I swap the network cable over to eth1, however I can ping the device.
Is this normal?I have the same issue. But it gets even stranger; I had the CAM/CAS working in a test LAN enviroment, got the AD SSO to work by appllying VLANs based on AD group membership of the user logging on. Client was pleased.
Move the two NAC devices to their location and reloaded clean both CAM & CAS from CD, did the same configuration and now eth0 (Trusted) can't see the AD domain controller but can see the CAM. I ran nslookup on the CAS to test the network settings and the result is no server found - the DNS server is the AD domain controller. -
Speedgrade crashes when I try to launch the app.
I have uninstalled and reinstalled Twice. I also deleted my preferences by doing the following:
go to Users/Name/Documents/Adobe/SpeedGrade/7.0/settings and delete:
LastSession_backup
LastSession
User_Settings
I have restarted a handful of times.
I updated FxFactory.
I don't have an option for Automatic Graphic Switching under Energy Saver
I can open SG fine on my mac book pro.
I am working on a Mac Pro
Processor 2 x 2.4 GHz 6-Core Intel Xeon
Memory 32 GB 1333 MHz DDR3 ECC
Graphics ATI Radeon HD 5770 1024 MB
Software OS X 10.9.2 (13C64)
Creative Cloud Version 1.5.1.369 released on 3/21/2014
Any Ideas? Work around? Solutions?Yeah this is my set up:
ATI Radeon HD 5770:
Chipset Model: ATI Radeon HD 5770
Type: GPU
Bus: PCIe
Slot: Slot-1
PCIe Lane Width: x16
VRAM (Total): 1024 MB
Vendor: ATI (0x1002)
Device ID: 0x68b8
Revision ID: 0x0000
ROM Revision: 113-C0160C-180
EFI Driver Version: 01.00.436
ATI Radeon HD 5770:
Chipset Model: ATI Radeon HD 5770
Type: GPU
Bus: PCIe
Slot: Slot-2
PCIe Lane Width: x16
VRAM (Total): 1024 MB
Vendor: ATI (0x1002)
Device ID: 0x68b8
Revision ID: 0x0000
ROM Revision: 113-C0160C-180
EFI Driver Version: 01.00.436
From the other forms I have seen some reseponses that state there are some issues with dual GPU setups / cards with DualGPU chips. This is strange though becuase used speed grade just fine on the same set up a few months ago. Is there a way to make a PCI port inactive or disable a GPU with out physicaly removing it from the system? or is there a way to revert back to an older version of SG CC? -
Premier and Company Encryption Software
Hi, all.
I have attached to my work computer an external 320GB hard drive which I use for capturing and storing digital video. The drive has never been removed and is not intended to be used as portable media.
My company has recently installed software on all of our computers that requires any data sent to removable media to be encrypted in a way that can only be read by computers with this same software installed. This is to protect sensitive client information, which is completely reasonable and understandable. Unfortunately, since this new encryption software was installed, I have been unable to create new folders on this hard drive and Premier will not allow it to be designated as a scratch disc, telling me that I do not have access permissions. I also cannot save any projects opened from this disc back onto it.
If I unplug the drive and reattach it, I am prompted by the encryption software "wizard" to convert the drive into encrypted format. I am hesitant to do this, since I don't understand how it will affect the files currently on the drive or how the drive's performance will be affected afterward. I also fear that the encryption process might hinder the ability of my software to read from and write to it on the fly. The issue may be complicated further if the encryption process slows down the transfer rate, but that remains to be seen.
I have sent a ticket to the IT department to let them know of my concerns, but I wanted to get some input from other Adobe users before I have them do anything irreversible. Based on your experience, does anyone think Premier and After Effects will go batty if the video data has to be encrypted and unencrypted as it goes to and from the hard disc? Anyone else working in a secure environment who could share their experience with this kind of thing? The IT department doesn't know anything about video and I can't rely on them to know how this will affect my rig. Any insight or advice to share before they come a-knockin'?
Thanks in advance for any assistance!The simple fact that the drive "is" removable, whether you use it that way or not, is going to be problematic.
I would highly suggest you "social engineer" the following with the IT dep't:
Have them install an internal media drive (or 4 - see various configuration recommendation threads on this forum) without encryption software. If you are not working with client's excel spreadsheets or word documents, just video that will eventually be distributed in some format anyway, (e.g., it will have a presence outside the network computers even if it is still internal), then you can make a better case for being opted out of the encryption requirement.
As a compromise, ask them to make the NLE computer's USB ports inactive except for printing. This will help satisfy the security requirements they are trying to implement. Remember, it is probably not their idea to do all this. Whatever you can do to make it difficult or impossible for data to be removed from this computer will increase your chances of making a compelling argument against encryption.
Make the IT department responsible for creating a backup of all your unencrypted media before anything else - even if they have to uninstall the encryption software, make the backup and then reinstall it. Keep this backup separate and unencrypted until the dust has settled.
If they absolutely refuse to let you be exempted, find the video "wannabe" in the IT department and involve him in the process of making the NLE software work with the encryption software. Perhaps when he gives up you'll finally be able to do without. Or, maybe, it will be working properly.
Either way, sit back and wait for the howls of dismay when suddenly some critical files in another department are no longer accessible because of a conflict between the encryption and the some security update. -
Internet stops working frequently on OS X Lion
I had 10.6.X latesr version was OS X and I was happy with that. Now I have upgraded to this Lion OS and I am getting one very embarrasing issue.
Internet stops working frequently. The following will give you the feel of the issue:
- I am starting safari and will browse for sometime.
- Suddenly I wont be able to open any sites, internet will stop working.
- So I check wifi, it is online and showing correctly in my Mac Book Pro.
- I checked with my room mate his internet is working properly.
- I changed browser I am not able to browse site in Chrome too.
Solution restart MBP or on/off wifi and restart browser then internet will start working. I am fed up of this lion problem. Does any experienced this problem? Is this a bug? Why I upgraded to this Lion?I am facing the same issue, only with a slight difference. My entire system sort of hits a halt, apps still work, but they refuse to close.
I am using Internet Sharing to share my internet connection from my iMac's Ethernet port to the WiFi. After a while, not only the iMac's internet stops working, the internet sharing stops working too, not to my surprise. Restarting the computer seems to solve the problem but not 100% of the time, and everytime I try to restart the system, all my open apps seem to refuse to close and I have to either force quit them, which works sometimes, or do a force shutdown by holding the power button for a few seconds.
Making the Ethernet port inactive and reactivating it does not solve the problem, nor does disconnecting the ethernet cable and reconnecting it.
I have a little software installed that monitors my network activity and displays it in the menu bar. I have it currently monitoring my Ethernet port and what happens when the internet connection stops working is that the Ethernet port, although still connected and with a green light, just stops sending and receiving data, sometimes it does receive some data but it stays at 30-60 B/s.
I'm sure this is an issue with OS X Lion because I had never had this issue with Snow Leopard until I upgraded to Lion.
Realy hoping for some guidance from Apple here on how to tackle this issue, it's quite annoying to have to restart my iMac all the time. I am used to leaving my iMac on all the time cause I access it remotely often using LogMeIn on my iPad. As well as that, I have other network services running and it's quite annoying to try and access my iMac remotely and find out it is offline because Lion refuses to keep me connected to the internet. -
EEM and TcL Script to Disable Inactive Ports
I've browsed around to the other support strings to make sure I didn't miss anything, but I can't seem to get this to work. I have the latest sl_suspend_ports.tcl and tm_suspend_ports.tcl created by Joseph Clarke from strings that verified they worked as planned. Here are the commands I issued to register the scripts -
Directory of flash:/policies/
9 -rwx 3101 May 3 2013 07:58:03 +00:00 sl_suspend_ports.tcl
10 -rwx 4669 May 3 2013 07:58:44 +00:00 tm_suspend_ports.tcl
conf t
event manager directory user policy flash:/policies
event manager policy sl_suspend_ports.tcl
event manager environment suspend_ports_days 1
event manager environment suspend_ports_config flash:/susp_ports.dat
event manager policy tm_suspend_ports.tcl
#show run | inc event manager environment
event manager environment suspend_ports_days 1
event manager environment suspend_ports_config flash:/susp_ports.dat
It doesn't appear to work though. Essentially, we have a need to make sure all computers are always on and all ports not active for >24 hours to be shutdown and moved to a designated vlan (I added the 'lappend' statement to the script to specify the additional command of assigning the vlan)
I'm running 12.2(55)SE7 on Catalyst 3560s and 3750s
Is there a way to manually run the script? Did I miss anything in the configuration?
Thanks for your help!
ChrisSUCCESS! AWESOME!
I added one more line to the lappend statements to add a description with the time stamp, here's what happened -
Port Name Status Vlan Duplex Speed Type
Fa0/2 Disable by Inactiv disabled 666 auto auto 10/100BaseTX
Fa0/3 Disable by Inactiv disabled 666 auto auto 10/100BaseTX
Fa0/4 Disable by Inactiv disabled 666 auto auto 10/100BaseTX
Fa0/5 Disable by Inactiv disabled 666 auto auto 10/100BaseTX
Fa0/6 Disable by Inactiv disabled 666 auto auto 10/100BaseTX
Fa0/7 Disable by Inactiv disabled 666 auto auto 10/100BaseTX
Fa0/8 Disable by Inactiv disabled 666 auto auto 10/100BaseTX
Fa0/9 Disable by Inactiv disabled 666 auto auto 10/100BaseTX
Fa0/10 Disable by Inactiv disabled 666 auto auto 10/100BaseTX
#sh run int fa0/2
Building configuration...
Current configuration : 408 bytes
interface FastEthernet0/2
description Disable by Inactivity Script last used on Tue May 14 04:32:10 ZULU 2013
switchport access vlan 666
shutdown
end
So to recap for any future folks that stumble upon this thread and want to use this method.
1. Create a TACACS service account or use a TACACS/RADIUS account that has a high enough privilege to edit the config.
2. Create a "policies" directory on flash and copy the attached scripts to it.
3. Register the scripts using the following commands -
#conf t
(config)#event manager directory user policy flash:/policies
(config)#event manager policy sl_suspend_ports.tcl
(config)#event manager environment suspend_ports_days 1 "<--Or the number of days inactive you choose"
(config)#event manager environment suspend_ports_config flash:/susp_ports.dat
(config)#event manager policy tm_suspend_ports.tcl
(config)#event manager session cli username "svc.eemscript" "<---The account you created to run in step 1"
The output of "show event manager policy registered" should then show the following -
#show event manager policy registered
No. Class Type Event Type Trap Time Registered Secu Name
1 script user syslog Off Fri May 3 10:20:26 2013 2048 sl_suspend_ports.tcl
pattern {LINEPROTO-5-UPDOWN}
nice 0 queue-priority normal maxrun 600.000 scheduler rp_primary
2 script user timer cron Off Tue May 14 05:25:42 2013 2048 tm_suspend_ports.tcl
cron entry {0 0 * * *}
nice 0 queue-priority normal maxrun 600.000 scheduler rp_primary
NOTE: On lines 140-145 of the tm_suspend_ports.tcl file, you can edit the commands you want the script to execute to your liking. I have it adding a description as seen in the above output and moving to an isolated non-routable VLAN of my network.
Thanks Joe Clarke for the awesome script and assistance in getting it running! -
Hello good evening, I have a MacBook Pro and my problem is that one of the USB ports and the device does not detect this and inactive but can not find how to reactivate.
Help me please! greetings thanks!Do you have the Firefox new tab page but the actual sites are missing, or do you have some other page?
If you have some different page, try the quick fix in Fred McD's reply.
If the sites are missing, did you use the Reset feature? That will clear the storage associated with the new tab page. I'm not sure it's possible to recover from that; you probably need to rebuild your page from scratch as you browse.
For possible future reference, here is how to access the hidden setting for the page to display on new tabs:
(1) In a new tab, type or paste '''about:config''' in the address bar and press Enter. Click the button promising to be careful.
(2) In the search box above the list, type or paste '''newtab''' and pause while the list is filtered
(3) Double-click the '''browser.newtab.url''' preference and enter your preferred page:
* ''Page thumbnails (default)'' => about:newtab
* ''Blank tab'' => about:blank
* ''Built-in Firefox home page'' => about:home
* ''Any other page'' => full URL to the page
Press Ctrl+t to open a new tab and verify that it worked. Fixed?
Some gotchas:
''If Firefox won't let you edit this setting:'' you may have something called SearchProtect on your system.
''If Firefox lets you save your change but ignores it:'' one of your extensions may be overriding it. You can review, disable, and/or remove extensions on the add-ons page:
"3-bar" menu button (or Tools menu) > Add-ons > ''in the left column click'' Extensions
''If the change works during your session, but at the next startup is back to an unwanted page:'' you might have a user.js file in your personal Firefox settings folder (your Firefox profile folder). This article describes how to track down and remove the file: [[How to fix preferences that won't save]].
Any luck? -
WRT54G Closes inactive port on 10 minutes
Hi, my WRT54G (V8.00.2) closes a tcp port if inactive for 10 minutes.
This is a problem for FTP, as it uses port 21 as a command port, and a high port as a transfer port. So if the transfer takes longer than 10 minutes, it fails, as the router is closing the command port (21) on 10 minutes.
The work around is to use a keep alive feature on the ftp client, so it keep sending NOOP commands to keep the port open. But I would like the router not to close the port.
Is there a way to change this timeout configuration?
Shouldn't the router be more ftp friendly?
Thanks in advance,
EduardoHi Ricewind,
Thanks and I found the MTU setting. I just don't see how this would relate to the 10 minutes timeout based on its description:
MTU is the Maximum Transmission Unit. It specifies the largest packet size permitted for Internet transmission. Keep the default setting, Auto, to have the Router select the best MTU for your Internet connection. To specify a MTU size, select Manual, and enter the value desired (default is 1400). You should leave this value in the 1200 to 1500 range.
I will try it anyway and see what happens.
Thanks,
Eduardo -
Network ports stop responding with inactivity
We installed a 4510 a couple months ago and this past weekend there was a reported power surge on the floor. Since then I have specialized printers and thin clients that will stop responding to pings after periods of inactivity.
If I disconnect the ethernet and plug it into a laptop the network is functioning. When I look at the show interface it reports the interface is up and passing traffic.
If I keep a constant ping going to the ip address of one of these devices it will never drop.
Any ideas on what is going on?
here is an example of a port config:
interface GigabitEthernet7/47
switchport access vlan 1862
switchport mode access
switchport voice vlan 1861
switchport port-security maximum 8
switchport port-security maximum 7 vlan access
switchport port-security
switchport port-security aging time 10
switchport port-security violation restrict
switchport port-security aging type inactivity
load-interval 60
storm-control action shutdown
macro description HOST-DEFAULT
spanning-tree portfast
spanning-tree bpduguard enable
ip dhcp snooping limit rate 50I don't see anything in the config that would cause disconnects except
"storm-control action shutdown" command
so, I would delete the command and watch the behavior again.
HTH -
When can I expect the phone to be opperatible for incoming calls with my ported phone number?
Sorry this isn't a live chat room. This is a user to user technical forum. Not all questions will be replied to promptly.
the issue your having is a carrier issue, you will need to call T-mobile to resolve your issue. -
Cannot send email via Hotmail through port 587 with Secure Connection (SSL) set
Something is blocking my attempts to send email (with Outlook Express) via my hotmail.com account. The error I receive is as follows:
Your server has unexpectedly terminated the connection. Possible causes for this include server problems, network problems, or a long period of inactivity. Account: 'Hotmail', Server: 'smtp.live.com', Protocol: SMTP, Port: 587, Secure(SSL): Yes, Error Number: 0x800CCC0F
When Hotmail.com first changed over to a POP3 server (Sept 2009), I could send emails through them using port 587, which they require. But then something happened, with no changes on my part, to disable my ability to send.
I have checked and rechecked my Outlook Express account settings. I can send email through another third-party mail account (at 1&1 Internet.com) using port 587, which does not require setting SSL to yes. I can also ping the Hotmail SMTP server via port 587 and receive a response from it.
I connect to Verizon DSL via a Westell 327W modem/router. Clearly it is not blocking port 587 without SSL. Does it have the capability to block SSL traffic? Or is the Verizon server the culprit, not allowing emails to be sent via Hotmail.com?
Two different computers on my LAN have the same problem sending emails via Hotmail.com. I have tried everything the Hotmail people have suggested; at this point they think it is an ISP problem, hence this post. This problem doesn't make sense to me and is driving me crazy. Can anyone help me with this?
Thanks.You can still have your reply address set to your hotmail address. And you don't have to really remember to do anything. Configure your client for the HOTMAIL account with Verizon's outgoing server. It will automatically send via Verizon. You don't reveal your verizon.net address, you are just using their server to transmit.
If a forum member gives an answer you like, give them the Kudos they deserve. If a member gives you the answer to your question, mark the answer as Accepted Solution so others can see the solution to the problem.
"All knowledge is worth having." -
Problems with SMTP port forwarding on ASA 5505
Cannot telnet to port 25 to test for SMTP traffic. Packet trace indicates that the packet is dropped by the implicit rule, but I have tried an access rule specifically for SMTP, and the trace appears to skip the rule and drop the packet when it hits the implicit default drop rule. Can anyone help? Here is my configuration:
ASA Version 8.2(5)
hostname XXXXXXXXXXXXXXXXX
enable pXXXXXXXXXXXXXXXXXXXXX encrypted
passwd XXXXXXXXXXXXXXXXXX encrypted
names
name XXX.XXX.XXX.74 DNI-HOST1
name XXX.XXX.XXX.184 DNI-HOST2
name 192.168.1.2 Server
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address XXX.XXX.XXX.130 255.255.255.248
ftp mode passive
clock timezone CST -6
clock summer-time CDT recurring
object-group service rdp tcp
port-object eq 3389
access-list INBOUND extended permit icmp any any time-exceeded
access-list INBOUND extended permit icmp any any echo-reply inactive
access-list INBOUND extended permit icmp any any
access-list INBOUND extended permit tcp any any eq smtp
access-list INBOUND extended permit tcp any any eq https
access-list INBOUND extended permit tcp any eq 3389 any object-group rdp
pager lines 24
logging enable
logging buffered warnings
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 192.168.1.0 255.255.255.0
static (inside,outside) tcp interface smtp Server smtp netmask 255.255.255.255
access-group INBOUND in interface outside
route outside 0.0.0.0 0.0.0.0 XXX.XXX.XXX.129 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.1.0 255.255.255.0 inside
http DNI-HOST2 255.255.255.255 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto ca trustpoint _SmartCallHome_ServerCA
crl configure
crypto ca certificate chain _SmartCallHome_ServerCA
certificate ca [REDACTED]
quit
telnet 192.168.1.0 255.255.255.0 inside
telnet timeout 5
ssh 206.190.255.0 255.255.255.0 outside
ssh DNI-HOST2 255.255.255.255 outside
ssh DNI-HOST1 255.255.255.255 outside
ssh timeout 5
console timeout 0
management-access inside
threat-detection basic-threat
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
webvpn
username Administrator password XXXXXXXXXXXXXXXXXXXX encrypted
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
: endThanks. I made the suggested changes, here are the results of packer-tracer:
ASA# packet-tracer input outside tcp 1.2.3.4 1234 XXX.XXX.XXX.130 25
Phase: 1
Type: UN-NAT
Subtype: static
Result: ALLOW
Config:
static (inside,outside) tcp interface smtp Server smtp netmask 255.255.255.255
match tcp inside host Server eq 25 outside any
static translation to XXX.XXX.XXX.130/25
translate_hits = 0, untranslate_hits = 3
Additional Information:
NAT divert to egress interface inside
Untranslate XXX.XXX.XXX.130/25 to Server/25 using netmask 255.255.255.255
Phase: 2
Type: ACCESS-LIST
Subtype: log
Result: ALLOW
Config:
access-group INBOUND in interface outside
access-list INBOUND extended permit tcp any host XXX.XXX.XXX.130 eq smtp
Additional Information:
Phase: 3
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 4
Type: INSPECT
Subtype: inspect-smtp
Result: ALLOW
Config:
class-map inspection_default
match default-inspection-traffic
policy-map global_policy
class inspection_default
inspect esmtp _default_esmtp_map
service-policy global_policy global
Additional Information:
Phase: 5
Type: HOST-LIMIT
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 6
Type: NAT
Subtype: rpf-check
Result: ALLOW
Config:
static (inside,outside) tcp interface smtp Server smtp netmask 255.255.255.255
match tcp inside host Server eq 25 outside any
static translation to XXX.XXX.XXX.130/25
translate_hits = 0, untranslate_hits = 3
Additional Information:
Phase: 7
Type: NAT
Subtype: host-limits
Result: ALLOW
Config:
static (inside,outside) tcp interface smtp Server smtp netmask 255.255.255.255
match tcp inside host Server eq 25 outside any
static translation to XXX.XXX.XXX.130/25
translate_hits = 0, untranslate_hits = 3
Additional Information:
Phase: 8
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 9
Type: FLOW-CREATION
Subtype:
Result: ALLOW
Config:
Additional Information:
New flow created with id 24392, packet dispatched to next module
Result:
input-interface: outside
input-status: up
input-line-status: up
output-interface: inside
output-status: up
output-line-status: up
Action: allow
I'm not all that experienced with translating these results, but on the surface, it appears to be passing traffic. However, I still cannt telnet to the public IP using port 25. I am using Putty as my telnet client and it doesn't generate an error. At no time am I able to interact with the prompt in the putty window. The putty window just closes abruptly after about 10 seconds. Does the line in Phase 7 containing 'untranslate_hits=3' have anything to do with my issue?
Here is the new config:
NUGENT-ASA# show run
: Saved
ASA Version 8.2(5)
hostname NUGENT-ASA
enable password XXXXXXXXXXXXXXXXXXXX encrypted
passwd XXXXXXXXXXXXXXXXXX encrypted
names
name XXX.XXX.XXX.74 DNI-HOST1
name XXX.XXX.XXX.184 DNI-HOST2
name 192.168.1.2 Server
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address XXX.XXX.XXX.130 255.255.255.248
ftp mode passive
clock timezone CST -6
clock summer-time CDT recurring
object-group service rdp tcp
port-object eq 3389
access-list INBOUND extended permit icmp any any time-exceeded
access-list INBOUND extended permit icmp any any echo-reply inactive
access-list INBOUND extended permit icmp any any
access-list INBOUND extended permit tcp any host XXX.XXX.XXX.130 eq smtp
pager lines 24
logging enable
logging buffered warnings
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 192.168.1.0 255.255.255.0
static (inside,outside) tcp interface smtp Server smtp netmask 255.255.255.255
static (outside,inside) tcp interface smtp Server smtp netmask 255.255.255.255
access-group INBOUND in interface outside
route outside 0.0.0.0 0.0.0.0 XXX.XXX.XXX.129 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.1.0 255.255.255.0 inside
http DNI-HOST2 255.255.255.255 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto ca trustpoint _SmartCallHome_ServerCA
crl configure
crypto ca certificate chain _SmartCallHome_ServerCA
certificate ca [REDACTED]
quit
telnet 192.168.1.0 255.255.255.0 inside
telnet timeout 5
ssh 206.190.255.0 255.255.255.0 outside
ssh DNI-HOST2 255.255.255.255 outside
ssh DNI-HOST1 255.255.255.255 outside
ssh timeout 5
console timeout 0
management-access inside
dhcpd dns 8.8.8.8 4.2.2.2
dhcpd address 192.168.1.100-192.168.1.131 inside
dhcpd dns 8.8.8.8 4.2.2.2 interface inside
threat-detection basic-threat
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
webvpn
username Administrator password XXXXXXXXXXXXXXXXXXXXXXX encrypted
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:XXXXXXXXXXXXXXXXXXXXXXXXXXX
: end -
Open firewall Ports despite DENY- ALL access rule
Hi,
See below my firewall rules.
Despite the deny all, runnning nmap from outside still reveals open ports.
name 202.1.53.41 fw1.outside.irc.com
interface GigabitEthernet0/0
nameif inside
security-level 0
ip address fw1.inside.irc.com 255.255.252.0 standby 172.16.86.219
interface GigabitEthernet0/1
nameif SSN-DMZ
security-level 0
ip address 10.20.2.1 255.255.255.0 standby 10.20.2.2
interface GigabitEthernet0/2
nameif Outside
security-level 0
ip address fw1.outside.irc.com 255.255.255.248 standby NAT-202.1.53.45
interface GigabitEthernet0/3
description Internet Access for Wireless clients on the guest network
nameif GuestInternet
security-level 0
ip address 192.168.154.2 255.255.254.0
interface Management0/0
nameif management
security-level 10
ip address 10.10.200.14 255.255.255.0 standby 10.10.200.15
access-list inside_access_in extended permit object-group DM_INLINE_SERVICE_2 any host WWW.IRC.COM-PRIV
access-list inside_access_in remark Deny POP3, SSH, TELNET to Deny-Host-Group 172.16.86.246/249
access-list inside_access_in extended deny object-group DENY-HOST-GROUP object-group DENY-HOST-GROUP-1 any
access-list inside_access_in remark Allow SMTP external access to Mail Servers group
access-list inside_access_in extended permit tcp object-group MAIL-GW-GROUP any eq smtp
access-list inside_access_in remark Deny Any other Users from sending mails via smtp
access-list inside_access_in extended deny tcp any any eq smtp
access-list inside_access_in extended deny ip object-group Botnet_Blacklist any
access-list inside_access_in extended deny ip any SPAM_MACHINE 255.255.255.0
access-list inside_access_in extended deny ip any host SPAMIP
access-list inside_access_in extended permit ip object-group Socialsites_Allowed object-group Facebook
access-list inside_access_in extended deny object-group DM_INLINE_SERVICE_8 any object-group Facebook
access-list inside_access_in remark Rule to block Internal users from accessing youtube
access-list inside_access_in extended deny object-group DM_INLINE_SERVICE_9 any object-group YoutubeIPs
access-list inside_access_in remark Suspected Virus Ports
access-list inside_access_in extended deny tcp any any object-group DM_INLINE_TCP_17
access-list inside_access_in remark Ports Commonly used by Botnet and Malwares
access-list inside_access_in extended deny tcp any any object-group IRC
access-list inside_access_in remark Allow Access to External DNS to ALL
access-list inside_access_in extended permit object-group DNS-GROUP object-group DNS-SERVERS object-group External_DNS_Servers
access-list inside_access_in remark Allow Any to Any on Custom TCP/UDP services
access-list inside_access_in extended permit tcp any any object-group DM_INLINE_TCP_12
access-list inside_access_in remark Allow Any to Any VPN Protocols group
access-list inside_access_in extended permit object-group VPN-GROUP any any
access-list inside_access_in extended permit ip any host pomttdbsvr
access-list inside_access_in remark Allow Access to DMZ from Inside
access-list inside_access_in extended permit tcp any any object-group DM_INLINE_TCP_10
access-list inside_access_in extended permit object-group DM_INLINE_SERVICE_5 any 10.20.2.0 255.255.255.0
access-list inside_access_in extended permit tcp any any eq pop3
access-list inside_access_in extended permit object-group Web-Access-Group any any
access-list inside_access_in remark DNS RATING SERVICE FOR BLUECOAT SG510 PROXY
access-list inside_access_in extended permit tcp object-group DM_INLINE_NETWORK_11 object-group DM_INLINE_NETWORK_4 eq www inactive
access-list inside_access_in extended permit tcp any host 202.165.193.134 object-group DM_INLINE_TCP_3
access-list inside_access_in remark Yahoo Messenger Test
access-list inside_access_in extended permit tcp any any object-group YahooMessenger
access-list inside_access_in extended permit ip host AVIRUSMAN 192.168.254.0 255.255.255.0
access-list inside_access_in extended permit tcp any any object-group smile
access-list inside_access_in extended permit udp any host smile.telinet.com.pg object-group smile-udp
access-list inside_access_in remark testing access for mobile phones behind wireless router
access-list inside_access_in extended permit ip host Wireless-Router any inactive
access-list inside_access_in extended permit tcp any any object-group FTP-Service-Group inactive
access-list inside_access_in extended permit ip host mailgate.irc.com any
access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 object-group DM_INLINE_NETWORK_2 any object-group NTP
access-list inside_access_in extended permit tcp any any object-group web-email-services
access-list inside_access_in remark Murray PC
access-list inside_access_in extended permit ip host 10.100.20.36 any
access-list inside_access_in extended permit tcp any any object-group Itec-Citrix
access-list inside_access_in extended permit ip host EP200 any
access-list inside_access_in extended permit tcp any any object-group TCP-SMTP
access-list inside_access_in extended permit tcp any host 202.165.193.134 eq 3391
access-list inside_access_in extended permit ip object-group IT-Servers any
access-list inside_access_in extended permit tcp any any object-group DM_INLINE_TCP_1
access-list inside_access_in extended permit ip object-group DM_INLINE_NETWORK_14 any inactive
access-list inside_access_in extended permit ip host 10.100.20.23 any
access-list inside_access_in extended permit tcp host NOC-NMS-CDMA host 202.165.193.134 object-group DM_INLINE_TCP_4
access-list inside_access_in extended permit tcp object-group DM_INLINE_NETWORK_12 object-group Bluecoat-DNS-Rating eq www
access-list inside_access_in extended permit ip object-group DM_INLINE_NETWORK_13 any
access-list inside_access_in extended permit udp host solarwinds-server any eq snmp
access-list inside_access_in extended permit tcp host kaikai any object-group test-u inactive
access-list inside_access_in extended permit tcp any host fw1.outside.irc.com object-group TCP-88
access-list inside_access_in extended permit udp host solarwinds-server any object-group DM_INLINE_UDP_1
access-list inside_access_in extended permit ip host IN-WEB-APP-SERVER any
access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 host KMS-Server any object-group KMS
access-list inside_access_in extended permit tcp any any object-group TeamVIewer-TCP
access-list inside_access_in extended permit icmp any any traceroute
access-list inside_access_in extended permit ip host KMS-Server any
access-list inside_access_in extended deny ip any host 87.255.51.229
access-list inside_access_in extended deny ip any host 82.165.47.44
access-list inside_access_in extended permit ip host InterConnect-BillingBox any
access-list inside_access_in extended permit icmp any host fw1.outside.irc.com
access-list inside_access_in extended permit icmp any any
access-list inside_access_in remark For ACCESS MPLS team
access-list inside_access_in extended permit tcp any host 202.165.193.134 object-group RDP-MPLS-Huawei
access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 host mailgate.irc.com any eq domain
access-list inside_access_in extended permit tcp any host 66.147.244.58 object-group SMTP-26
access-list inside_access_in extended deny object-group DM_INLINE_PROTOCOL_1 any any object-group Airfiji-SW
access-list inside_access_in extended permit tcp host chief.bula.irc.com any
access-list inside_access_in extended permit ip host Avabill86.181 any
access-list inside_access_in extended permit ip any object-group AVG
access-list inside_access_in extended permit ip host solarwinds-server any
access-list inside_access_in extended permit tcp host 172.16.87.219 any object-group TCP-4948
access-list inside_access_in extended permit object-group DM_INLINE_SERVICE_10 any host Avabill_Consultant_IP_Sri-Lanka
access-list inside_access_in extended permit tcp any host 69.164.201.123 eq smtp inactive
access-list inside_access_in extended permit tcp any any object-group GMAIL inactive
access-list inside_access_in extended permit tcp any any object-group NOC1
access-list inside_access_in extended permit ip host solarwinds-server 10.10.200.0 255.255.255.0
access-list inside_access_in extended permit tcp any host smile.telinet.com.fj object-group tcp-20080-30080
access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 any any object-group SIP-5060-5062
access-list inside_access_in extended permit ip host LYNC-2013-SERVER any
access-list inside_access_in extended permit object-group DM_INLINE_SERVICE_7 object-group Lync_Servers any
access-list inside_access_in extended permit object-group VPN-GROUP host 10.100.20.94 any inactive
access-list inside_access_in remark Pocket Solutions -TEMP
access-list inside_access_in extended permit ip host 10.100.20.121 any
access-list inside_access_in extended permit tcp host John_sibunakau any object-group JohnTESTPort inactive
access-list inside_access_in extended permit ip host CiscoRadiusTestPC any
access-list inside_access_in extended permit ip any host HungaryServer inactive
access-list Outside_access_in extended permit tcp any host fw1.outside.irc.com eq ssh
access-list Outside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 any host fw1.outside.irc.com object-group itec-support-tcp-udp
access-list Outside_access_in remark Allow All to NAT Address on SSL/SSH/SFTP(2222)
access-list Outside_access_in extended permit tcp any host NAT-202.1.53.43 object-group DM_INLINE_TCP_9
access-list Outside_access_in remark Allow All to Outside On Fujitsu and 777-7778 ports
access-list Outside_access_in extended permit tcp any host fw1.outside.irc.com object-group DM_INLINE_TCP_8
access-list Outside_access_in remark Allow all to Outside on Custom ports
access-list Outside_access_in extended permit tcp any host fw1.outside.irc.com object-group DM_INLINE_TCP_7
access-list Outside_access_in remark Allow Inbound HTTP to WWW.IRC.COM
access-list Outside_access_in extended permit tcp any host fw1.outside.irc.com eq www
access-list Outside_access_in extended permit icmp any host fw1.outside.irc.com
access-list Outside_access_in extended permit object-group TCPUDP any host fw1.outside.irc.com object-group BrouardsGroup
access-list Outside_access_in remark Allow ALL to RealVNC ports
access-list Outside_access_in extended permit tcp any host fw1.outside.irc.com object-group RealVNC-TCP5900
access-list Outside_access_in remark Allow ALL access to 202.1.53.43 on RealVNC ports
access-list Outside_access_in extended permit tcp any host NAT-202.1.53.43 object-group RealVNC-TCP5900
access-list Outside_access_in remark Allow DNS queries from Internet to DNS server
access-list Outside_access_in extended permit object-group TCPUDP object-group ITEC-Group-Inbound host fw1.outside.irc.com object-group itec-sftp
access-list Outside_access_in extended permit tcp any host NAT-202.1.53.43 object-group DM_INLINE_TCP_14
access-list Outside_access_in extended permit object-group DM_INLINE_SERVICE_1 host SkyTel host fw1.outside.irc.com
access-list Outside_access_in remark Telinet/Inomial temp access to test machine M.Orshansky
access-list Outside_access_in extended permit tcp host 203.92.29.151 host fw1.outside.irc.com eq 3390
access-list Outside_access_in extended permit tcp any host NAT-202.58.130.43 object-group RDP
access-list Outside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 object-group ITEC-Group-Inbound host fw1.outside.telikompng.com.pg object-group INTEC-Service
access-list Outside_access_in extended permit tcp host 220.233.157.98 host fw1.outside.irc.com eq ssh inactive
access-list Outside_access_in extended permit ip any host fw1.outside.telikompng.com.pg
access-list Outside_access_in extended permit tcp any host fw1.outside.telikompng.com.pg object-group CRM
access-list Outside_access_in extended permit tcp any host fw1.outside.telikompng.com.pg object-group HTTP-8010-CRM
access-list Outside_access_in extended permit tcp any host fw1.outside.telikompng.com.pg object-group HTTP-8005-CRM
access-list Outside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 any any object-group NTP
access-list Outside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 any host fw1.outside.irc.com object-group DNS
access-list Outside_access_in remark Ultra VNC connection to 172.16.84.34@nadi Exchange
access-list Outside_access_in extended permit tcp any host fw1.outside.irc.com object-group UVNC
access-list Outside_access_in extended permit tcp any host fw1.outside.irc.com object-group UVNC-HTTP
access-list Outside_access_in extended permit tcp any host fw1.outside.irc.com object-group POP3-SSL
access-list Outside_access_in extended permit object-group EMAIL-SMARTPHONES any host fw1.outside.irc.com
access-list Outside_access_in extended permit tcp any host fw1.outside.telikompng.com.pg object-group exchange-RPC
access-list Outside_access_in extended permit tcp any host NAT-202.1.53.43 object-group exchange-RPC
access-list Outside_access_in extended permit icmp any host NAT-202.1.53.43
access-list Outside_access_in remark Access to Solarwinds Management box
access-list Outside_access_in extended permit tcp any host NAT-202.1.53.43 object-group Solarwinds
access-list SSN-DMZ_access_in remark Permit DNS Quiries out of DMZ
access-list SSN-DMZ_access_in extended permit object-group TCPUDP any any eq domain
access-list SSN-DMZ_access_in remark Allow SQL ports out of DMZ to Host 172.16.86.70
access-list SSN-DMZ_access_in extended permit tcp any host HOST-172.16.86.70 object-group SQL-Group
access-list SSN-DMZ_access_in remark Allow Custom protocols out of DMZ to host 172.16.86.27
access-list SSN-DMZ_access_in extended permit tcp any host HOST-172.16.86.27 object-group DM_INLINE_TCP_2
access-list SSN-DMZ_access_in extended permit tcp host suva-vdc-int2.suva.irc.com host WWW.IRC.COM=PRIV eq 3389
access-list SSN-DMZ_access_in extended permit object-group Web-Access-Group host WWW.IRC.COM-PRIV any
access-list SSN-DMZ_access_in extended permit tcp any host WWW.IRC.COM.-PRIV object-group DMZ-WebAccess
access-list SSN-DMZ_access_in extended permit ip host pomlynedsvr01_access any
access-list SSN-DMZ_access_in extended permit ip host pomlynedsvr01_webcon any
access-list SSN-DMZ_access_in extended permit ip host pomlynedsvr01_AV any
access-list inside_nat0_outbound extended permit ip any 192.168.254.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip object-group DM_INLINE_NETWORK_6 host 10.10.200.1
access-list inside_nat0_outbound extended permit ip any host WWW.IRC.COM-PRIV
access-list inside_nat0_outbound extended permit ip host ns.irc.com any
access-list inside_nat0_outbound extended permit ip any 10.200.200.0 255.255.255.0
access-list Outside_nat0_outbound extended permit ip 192.168.254.0 255.255.255.0 any
access-list Outside_nat0_outbound extended permit ip mcr_Management 255.255.255.0 any
access-list alcatel-my remark Allow Alcatel-my access to TIRC(1)
access-list alcatel-my standard permit 172.16.24.0 255.255.252.0
access-list alcatel-my remark Allow Alcatel-my access to TIRC(2)
access-list alcatel-my standard permit 172.16.84.0 255.255.252.0
access-list 131 extended permit ip host MICHAEL any
access-list management_access_in extended permit ip 10.10.200.0 255.255.255.0 mcr_Management 255.255.255.0
access-list management_access_in extended permit ip host 10.10.200.1 object-group DM_INLINE_NETWORK_5
access-list management_access_in extended permit object-group Web-Access-Group host 10.10.200.1 any
access-list management_access_in extended permit ip host 10.10.200.1 host 172.16.87.47
access-list management_access_in extended permit ip host 10.10.200.1 host IN-WSC
access-list management_access_in extended permit ip host 10.10.200.1 object-group DM_INLINE_NETWORK_8
access-list management_access_in extended permit tcp host 10.10.200.1 object-group DM_INLINE_NETWORK_3 eq 3389
access-list management_access_in remark To BlueCaot Appliances
access-list management_access_in extended permit ip host 10.10.200.1 object-group DM_INLINE_NETWORK_1
access-list management_access_in extended permit ip host 10.10.200.1 object-group DM_INLINE_NETWORK_7
access-list management_access_in extended permit tcp 10.10.200.0 255.255.255.0 object-group Management_Hosts object-group RDP
access-list management_access_in extended permit icmp host 10.10.200.1 any traceroute
access-list management_access_in extended permit ip host 10.10.200.1 host NOC-NMS-CDMA
access-list management_access_in extended permit object-group DM_INLINE_SERVICE_3 host 10.10.200.1 any
access-list management_access_in extended permit tcp host 10.10.200.1 any eq ftp
access-list management_access_in extended permit tcp host bula host 10.10.200.1 object-group RDP inactive
access-list management_access_in extended permit tcp host 10.100.20.23 host 10.10.200.1 object-group RDP
access-list management_access_in extended permit ip host 10.10.200.1 any
access-list management_access_in extended permit ip host solarwinds-server 10.10.200.0 255.255.255.0
access-list management_access_in extended permit ip 10.10.200.0 255.255.255.0 host solarwinds-server
access-list management_access_in extended permit ip any any
access-list management_access_in extended permit ip host 10.10.200.1 host bula inactive
access-list management_access_in extended permit ip any host solarwinds-server
access-list management_access_in extended permit ip host solarwinds-server any
access-list management_access_in extended permit ip object-group PacketFence-Servers 10.10.200.0 255.255.255.0
access-list management_access_in extended permit ip 10.10.200.0 255.255.255.0 object-group PacketFence-Servers
access-list management_access_in extended permit ip object-group 3750-Switches host solarwinds-server
access-list management_access_in extended permit ip 10.10.200.0 255.255.255.0 host 10.10.200.1
access-list management_access_in extended permit ip host 10.10.200.1 10.10.200.0 255.255.255.0
access-list Outside_access_in_1 extended permit ip any any
access-list management_access_in_1 extended permit ip mcr_Management 255.255.255.0 any
access-list inside-networks remark internal tpng corporate subnetwork
access-list inside-networks standard permit 172.16.84.0 255.255.252.0
access-list inside-networks remark dms10
access-list inside-networks standard permit host 10.10.0.0
access-list 84-subnet remark 84 subnet
access-list 84-subnet standard permit 172.16.84.0 255.255.252.0
access-list 84-subnet remark 4 subnet
access-list 84-subnet standard permit inside-network-extra-subnet 255.255.252.0
access-list split-tunnel remark 84 subnet
access-list split-tunnel standard permit 172.16.84.0 255.255.252.0
access-list split-tunnel remark 4 subnet
access-list split-tunnel standard permit inside-network-extra-subnet 255.255.252.0
access-list split-tunnel remark Access to internal POP3 server
access-list split-tunnel standard permit host neptune.waigani.telikompng.com.pg
access-list split-tunnel remark Access to internal SMTP server
access-list split-tunnel standard permit host minerva.suva.irc.com
access-list split-tunnel remark Allow access to the 24 subnet
access-list split-tunnel standard permit 172.16.24.0 255.255.252.0
access-list split-tunnel standard permit Cisco-VLans 255.255.0.0
access-list inside_authentication extended permit tcp any object-group DM_INLINE_TCP_11 any object-group DM_INLINE_TCP_13 time-range WorkingHours inactive
access-list itsupport standard permit NOC 255.255.252.0
access-list itsupport standard permit 172.16.96.0 255.255.252.0
access-list itsupport standard permit 10.20.2.0 255.255.255.0
access-list itsupport standard permit 10.10.200.0 255.255.255.0
access-list itsupport standard permit 172.16.84.0 255.255.252.0
access-list itsupport standard permit inside-network-extra-subnet 255.255.252.0
access-list itsupport standard permit 10.2.1.0 255.255.255.0
access-list itsupport standard permit 172.16.88.0 255.255.252.0
access-list itsupport standard permit Cisco-VLans 255.255.0.0
access-list itsupport remark Access to IT-LAN-UPGRADE Network
access-list itsupport standard permit IT-NETWORK-NEW 255.255.0.0
access-list itsupport remark KWU Exchange subnet
access-list itsupport standard permit 172.16.188.0 255.255.252.0
access-list itsupport standard permit ATM-Network 255.255.0.0
access-list global_mpc extended permit ip any any
access-list management_nat0_outbound extended permit ip any inside-network-extra-subnet 255.255.252.0 inactive
access-list management_nat0_outbound extended permit ip mcr_Management 255.255.255.0 any
access-list management_nat0_outbound extended permit ip any object-group DM_INLINE_NETWORK_9
access-list management_nat0_outbound extended permit ip host 10.10.200.1 object-group Management_Hosts
access-list management_nat0_outbound extended permit ip any 172.16.84.0 255.255.252.0
access-list management_nat0_outbound extended permit ip any MCR_POM 255.255.255.0
access-list management_nat0_outbound extended permit ip host 10.10.200.1 object-group DM_INLINE_NETWORK_10
access-list management_nat0_outbound extended permit ip any Cisco-VLans 255.255.0.0
access-list management_nat0_outbound extended permit ip 10.10.200.0 255.255.255.0 host solarwinds-server
access-list management_nat0_outbound extended permit ip 10.10.200.0 255.255.255.0 object-group DM_INLINE_NETWORK_15
access-list Capture extended permit ip any host 192.118.82.140
access-list Capture extended permit ip host 192.118.82.140 any
access-list Capture extended permit ip host 192.118.82.160 any
access-list Capture extended permit ip any host 192.118.82.160
a
access-list inside-network-access-only remark Allow Maggie Talig access to the 84 subnet only
access-list inside-network-access-only standard permit 172.16.84.0 255.255.252.0
access-list inside-network-access-only remark Allow Maggie Talig access to the 4 subnet only
access-list inside-network-access-only standard permit inside-network-extra-subnet 255.255.252.0
access-list SSN-DMZ_nat0_outbound extended permit ip host WWW.IRC.COM-PRIV object-group Internal-Networks
access-list inside_nat0_outbound_1 extended permit ip host AVIRUSMAN 192.168.254.0 255.255.255.0
access-list NETFLOW extended permit tcp any any
access-list NETFLOW extended permit object-group DNS-GROUP any host fw1.outside.irc.com
access-list NETFLOW extended permit object-group DM_INLINE_SERVICE_6 any host fw1.outside.irc.com
access-list NETFLOW extended permit udp any host fw1.outside.irc.com
access-list NETFLOW extended permit tcp any host fw1.outside.irc.com eq smtp
access-list NETFLOW extended permit tcp any host fw1.outside.irc.com object-group DM_INLINE_TCP_5
access-list NETFLOW extended permit tcp any host fw1.outside.irc.com object-group TCP-8080
access-list NETFLOW extended permit object-group DM_INLINE_SERVICE_4 any host NAT-202.58.130.43
access-list NETFLOW remark Reverse Proxy Inbound Rules from Internet- Lync 2013 Project - Lync Simple URLs
access-list NETFLOW extended permit tcp any host 202.58.130.69 object-group DM_INLINE_TCP_6
access-list NETFLOW remark Lync Edge Access Inbound Rule - Restricting Inbound
access-list NETFLOW extended permit object-group pomlynedsvr01_access_Outside_to_DMZ any host 202.58.130.66
access-list NETFLOW remark Lync Edge Outside to Inside for AV Interface
access-list NETFLOW extended permit object-group pomlynedsvr01_webcon_outside_to_DMZ any host 202.58.130.67
access-list NETFLOW extended permit object-group pomlynedsvr01_AV_Outside_to_DMZ any host 202.58.130.68
access-list NETFLOW extended permit object-group DM_INLINE_SERVICE_11 any host NAT-fijiircdata
access-list NETFLOW extended deny ip host SPAMIP any
access-list NETFLOW extended deny ip SPAM_MACHINE 255.255.255.0 any
access-list NETFLOW extended deny ip host 220.233.157.99 any log debugging
access-list Huawei-Access-Networks remark HUawei-Network-Elements
access-list Huawei-Access-Networks standard permit 192.168.200.0 255.255.255.0
access-list Huawei-Access-Networks remark Access to Ela Beach MPLS network
access-list Huawei-Access-Networks standard permit 10.100.70.0 255.255.255.0
access-list Huawei-Access-Networks remark Huawei Network elements
access-list Huawei-Access-Networks standard permit 192.168.210.0 255.255.255.0
access-list Huawei-Access-Networks remark Huawei network elements
access-list Huawei-Access-Networks standard permit 192.168.213.0 255.255.255.0
access-list management_nat0_outbound_1 extended permit ip host solarwinds-server 10.10.200.0 255.255.255.0
access-list Alcatel-NMS-ACL remark Access allowed to Alcatel NMS devices in NOC
access-list Alcatel-NMS-ACL standard permit 10.2.1.0 255.255.255.0
access-list Business-Systems-Access remark Mail Server 1
access-list Business-Systems-Access standard permit host neptune.waigani.telikompng.com.pg
access-list Business-Systems-Access remark Mail Server 2
access-list Business-Systems-Access standard permit host minerva.waigani.telikompng.com.pg
access-list Business-Systems-Access remark SAP PROD
access-list Business-Systems-Access standard permit host SAP-SAPPROD
access-list Business-Systems-Access remark Avabill Application Server
access-list Business-Systems-Access standard permit host Avabill86.177
access-list Business-Systems-Access remark Backup Avabill Application Server
access-list Business-Systems-Access standard permit host Avabill84.170
access-list Business-Systems-Access remark HRSelfcare
access-list Business-Systems-Access standard permit host HOST-172.16.86.248
access-list Business-Systems-Access remark Intranet Server
access-list Business-Systems-Access standard permit host 172.16.85.32
access-list IT-Systems-Support remark Access to inside network
access-list IT-Systems-Support standard permit 172.16.84.0 255.255.252.0
access-list IT-Systems-Support remark Access to IN netwwork
access-list IT-Systems-Support standard permit 172.16.88.0 255.255.252.0
access-list IT-Systems-Support standard permit Cisco-VLans 255.255.0.0
access-list Systems-XS remark Access to 84 subnet
access-list Systems-XS standard permit 172.16.84.0 255.255.252.0
access-list Systems-XS remark Access to .4 subnet
access-list Systems-XS standard permit inside-network-extra-subnet 255.255.252.0
access-list Systems-XS remark Access to 10.100.x.x/24
access-list Systems-XS standard permit Cisco-VLans 255.255.0.0
access-list Huawei-NOC standard permit 172.16.84.0 255.255.252.0
access-list Huawei-NOC standard permit Cisco-VLans 255.255.0.0
access-list Huawei-NOC standard permit HASUT 255.255.255.0
access-list Huawei-NOC standard permit IT-NETWORK-NEW 255.255.0.0
access-list efdata remark Allow efdata access to above device as per request by chris mkao
access-list efdata standard permit 172.16.92.0 255.255.252.0
access-list test standard permit 172.16.92.0 255.255.252.0
access-list Ghu_ES_LAN remark Allow efdata access to fij ES LAN
access-list Ghu_ES_LAN extended permit ip any 172.16.92.0 255.255.252.0
access-list GuestInternet_access_in extended permit ip any any
global (inside) 1 interface
global (SSN-DMZ) 1 interface
global (Outside) 1 interface
global (management) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 0 access-list inside_nat0_outbound_1 outside
nat (inside) 1 0.0.0.0 0.0.0.0
nat (SSN-DMZ) 0 access-list SSN-DMZ_nat0_outbound
nat (SSN-DMZ) 1 WWW.IRC.COM-PRIV 255.255.255.255
nat (Outside) 0 access-list Outside_nat0_outbound
nat (GuestInternet) 1 0.0.0.0 0.0.0.0
nat (management) 0 access-list management_nat0_outbound
nat (management) 0 access-list management_nat0_outbound_1 outside
nat (management) 1 10.10.200.1 255.255.255.255
static (inside,Outside) tcp interface 10103 mailgate.irc.com 10103 netmask 255.255.255.255
static (SSN-DMZ,Outside) tcp interface www WWW.IRC.COM-PRIV www netmask 255.255.255.255
static (inside,Outside) tcp interface smtp mailgate.irc.com smtp netmask 255.255.255.255
static (inside,Outside) tcp interface telnet HOST-172.16.84.144 telnet netmask 255.255.255.255
static (inside,Outside) tcp interface pcanywhere-data HOST-192.168.1.14 pcanywhere-data netmask 255.255.255.255
static (inside,Outside) udp interface pcanywhere-status HOST-192.168.1.14 pcanywhere-status netmask 255.255.255.255
static (inside,Outside) tcp interface ssh InterConnect-BillingBox ssh netmask 255.255.255.255
static (inside,Outside) udp interface ntp confusious.suva.irc.com ntp netmask 255.255.255.255
static (inside,Outside) tcp interface 10002 HOST-172.16.200.121 10002 netmask 255.255.255.255
static (inside,Outside) tcp interface 10003 HOST-172.16.200.122 10003 netmask 255.255.255.255
static (inside,Outside) tcp interface 10004 HOST-172.16.41.26 10004 netmask 255.255.255.255
static (inside,Outside) tcp interface 10005 HOST-172.16.41.27 10005 netmask 255.255.255.255
static (inside,Outside) tcp interface https Avabill86.181 https netmask 255.255.255.255
static (inside,Outside) tcp interface 7778 Avabill86.181 7778 netmask 255.255.255.255
static (inside,Outside) tcp interface 8080 Avabill86.181 8080 netmask 255.255.255.255
static (inside,Outside) tcp interface 7777 Avabill86.181 7777 netmask 255.255.255.255
static (inside,Outside) tcp NAT-202.58.130.45 https Avabill86.177 https netmask 255.255.255.255
static (inside,Outside) tcp NAT-202.58.130.43 2222 daywalker.suva.irc.com 2222 netmask 255.255.255.255
static (inside,Outside) tcp NAT-202.58.130.43 ftp waigani-pdc-int2.suva.irc.com ftp netmask 255.255.255.255
static (inside,Outside) tcp NAT-202.58.130.43 www neptune.suva.irc.com www netmask 255.255.255.255
static (inside,Outside) tcp interface 5900 Primary1352CM 5900 netmask 255.255.255.255
static (inside,Outside) tcp NAT-202.58.130.43 5900 Backup1352CM 5900 netmask 255.255.255.255
static (inside,Outside) tcp NAT-202.58.130.43 https neptune.suva.irc.com https netmask 255.255.255.255
static (inside,Outside) tcp interface 24 HOST-172.16.86.87 24 netmask 255.255.255.255
static (inside,Outside) udp interface domain ns.irc.com domain netmask 255.255.255.255
static (inside,Outside) tcp interface pop3 neptune.suva.irc.com pop3 netmask 255.255.255.255
static (inside,Outside) tcp interface 7780 Apache-WebServer 7780 netmask 255.255.255.255
static (inside,Outside) tcp interface 8000 CRM-SERVER2 8000 netmask 255.255.255.255
static (inside,Outside) tcp interface 8010 CRM-SERVER4 8010 netmask 255.255.255.255
static (inside,Outside) tcp interface 8005 CRM-SERVER3 8005 netmask 255.255.255.255
static (inside,Outside) tcp interface 123 confusious.suva.irc.com 123 netmask 255.255.255.255
static (inside,Outside) tcp interface imap4 neptune.suva.irc.com imap4 netmask 255.255.255.255
static (inside,Outside) tcp interface domain ns.irc.com domain netmask 255.255.255.255
static (inside,Outside) tcp interface ftp telitgate.irc.com ftp netmask 255.255.255.255
static (inside,Outside) tcp interface 5901 uvnc-server 5901 netmask 255.255.255.255
static (inside,Outside) tcp interface 5801 uvnc-server 5801 netmask 255.255.255.255
static (inside,Outside) tcp interface 5902 172.16.84.200 5902 netmask 255.255.255.255
static (inside,Outside) tcp interface 5802 172.16.84.200 5802 netmask 255.255.255.255
static (inside,Outside) tcp interface 995 neptune.suva.irc.com 995 netmask 255.255.255.255
static (inside,Outside) tcp interface 993 neptune.suva.irc.com 993 netmask 255.255.255.255
static (inside,Outside) tcp NAT-202.58.130.43 6001 neptune.suva.irc.com 6001 netmask 255.255.255.255
static (inside,Outside) tcp NAT-202.58.130.43 6002 neptune.suva.irc.com 6002 netmask 255.255.255.255
static (inside,Outside) tcp NAT-202.58.130.43 6004 neptune.suva.irc.com 6004 netmask 255.255.255.255
static (inside,Outside) tcp interface 6001 minerva.suva.irc.com 6001 netmask 255.255.255.255
static (inside,Outside) tcp interface 6002 minerva.suva.irc.com 6002 netmask 255.255.255.255
static (inside,Outside) tcp interface 6004 minerva.suva.irc.com 6004 netmask 255.255.255.255
static (inside,Outside) tcp NAT-202.58.130.43 8720 solarwinds-server 8720 netmask 255.255.255.255
static (inside,Outside) tcp NAT-202.58.130.43 9000 solarwinds-server 9000 netmask 255.255.255.255
static (inside,Outside) tcp interface 2055 solarwinds-server 2055 netmask 255.255.255.255
static (inside,Outside) tcp interface 88 A-10.100.20.250 88 netmask 255.255.255.255
static (inside,Outside) tcp interface 10000 ns.irc.com 10000 netmask 255.255.255.255
static (inside,Outside) udp Ext-R2-Outside-Interface 2055 solarwinds-server 2055 netmask 255.255.255.255
static (inside,Outside) udp Ext-R2-Outside-Interface snmp solarwinds-server snmp netmask 255.255.255.255
static (inside,Outside) tcp NAT-202.58.130.43 135 neptune.suva.irc.com 135 netmask 255.255.255.255
static (inside,Outside) tcp NAT-202.58.130.43 3389 BT-DesktopPC 3389 netmask 255.255.255.255
static (inside,Outside) tcp NAT-202.58.130.65 www IN-WSC www netmask 255.255.255.255
static (inside,Outside) tcp NAT-202.58.130.65 https IN-WSC https netmask 255.255.255.255
static (inside,Outside) tcp NAT-202.58.130.43 ssh Avabill86.176 ssh netmask 255.255.255.255
static (Outside,inside) tcp 10.100.20.36 5432 smile.telinet.com.pg 5432 netmask 255.255.255.255
static (inside,Outside) tcp interface 222 chief.suva.irc.com ssh netmask 255.255.255.255
static (inside,Outside) tcp interface 5061 LYNC-2013-SERVER 5061 netmask 255.255.255.255
static (inside,Outside) tcp interface 5432 10.100.20.36 5432 netmask 255.255.255.255
static (inside,Outside) tcp NAT-202.58.130.43 182 dadbsvr www netmask 255.255.255.255
static (SSN-DMZ,Outside) 202.58.130.69 pomlynrprx01 netmask 255.255.255.255
static (SSN-DMZ,Outside) 202.58.130.66 pomlynedsvr01_access netmask 255.255.255.255
static (SSN-DMZ,Outside) 202.58.130.67 pomlynedsvr01_webcon netmask 255.255.255.255
static (SSN-DMZ,Outside) 202.58.130.68 pomlynedsvr01_AV netmask 255.255.255.255
access-group inside_access_in in interface inside
access-group SSN-DMZ_access_in in interface SSN-DMZ
access-group Outside_access_in_1 in interface Outside control-plane
access-group NETFLOW in interface Outside
access-group GuestInternet_access_in in interface GuestInternet
access-group management_access_in_1 in interface management control-plane
access-group management_access_in in interface management
route Outside 0.0.0.0 0.0.0.0 Ext-R1-Inside-Interface 1
route inside 10.2.1.0 255.255.255.0 TFIJI-CORE-INT-ROUTER 1
route inside 10.8.0.0 255.255.255.0 VPNGATE 1
route inside 10.9.254.0 255.255.255.0 TFIJI-CORE-INT-ROUTER 1
route inside 10.10.1.0 255.255.255.0 TFIJI-CORE-INT-ROUTER 1
route inside 10.10.2.0 255.255.255.0 TFIJI-CORE-INT-ROUTER 1
route inside 10.10.3.0 255.255.255.0 TFIJI-CORE-INT-ROUTER 1
route inside 10.10.4.0 255.255.255.0 TFIJI-CORE-INT-ROUTER 1
route inside 10.10.5.0 255.255.255.0 TFIJI-CORE-INT-ROUTER 1
route inside 10.10.10.0 255.255.255.0 TFIJI-CORE-INT-ROUTER 1
route inside 10.15.100.0 255.255.255.0 fw1.outside.irc.com 1
route inside Cisco-VLans 255.255.0.0 Cisco7200 1
route inside VLan20-2F 255.255.255.0 Cisco7200 1
route inside 10.100.67.0 255.255.255.0 IPVPN-Router 1
route inside 10.100.74.0 255.255.255.0 172.16.86.0 1
route inside 10.100.75.0 255.255.255.0 172.16.86.0 1
route inside 10.100.76.0 255.255.255.0 172.16.86.0 1
route inside LAE 255.255.255.0 172.16.86.0 1
route inside 10.100.91.0 255.255.255.0 172.16.86.0 1
route inside 10.100.110.0 255.255.255.0 172.16.86.0 1
route inside 10.100.111.0 255.255.255.0 172.16.86.0 1
route inside 10.100.114.0 255.255.255.0 172.16.86.0 1
route inside 10.200.200.0 255.255.255.0 Cisco7200 1
route inside A-10.250.0.0 255.255.0.0 Cisco7200 1
route inside 10.254.2.0 255.255.255.252 IPVPN-Router 1
route inside 11.11.3.0 255.255.255.0 172.16.86.0 1
route inside 11.11.4.0 255.255.255.0 172.16.86.0 1
route inside 11.11.8.0 255.255.255.0 172.16.86.0 1
route inside 11.11.9.0 255.255.255.0 172.16.86.0 1
route inside 20.200.200.0 255.255.255.0 172.16.86.17 1
route inside inside-network-extra-subnet 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
route inside 172.16.8.0 255.255.252.0 Cisco7200 1
route inside 172.16.12.0 255.255.252.0 172.16.86.197 1
route inside 172.16.24.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
route inside NOC 255.255.252.0 172.16.87.187 1
route inside 172.16.48.0 255.255.252.0 172.16.84.41 1
route inside 172.16.52.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
route inside 172.16.56.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
route inside 172.16.60.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
route inside 172.16.64.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
route inside 172.16.68.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
route inside 172.16.72.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
route inside 172.16.76.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
route inside 172.16.80.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
route inside 172.16.84.185 255.255.255.255 172.16.86.217 1
route inside CRM-SERVER1 255.255.255.255 TFIJI-CORE-INT-ROUTER 1
route inside 172.16.88.0 255.255.252.0 Cisco7200 1
route inside 172.16.92.0 255.255.252.0 Cisco7200 1
route inside 172.16.96.0 255.255.252.0 172.16.87.172 1
route inside 172.16.104.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
route inside 172.16.108.0 255.255.252.0 IPVPN-Router 1
route inside 172.16.112.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
route inside 172.16.120.0 255.255.252.0 TFIJIG-CORE-INT-ROUTER 1
route inside 172.16.124.0 255.255.252.0 IPVPN-Router 1
route inside 172.16.128.0 255.255.252.0 172.16.86.185 1
route inside 172.16.132.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
route inside 172.16.136.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
route inside 172.16.140.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
route inside 172.16.144.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
route inside 172.16.148.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
route inside 172.16.152.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
route inside 172.16.156.0 255.255.252.0 IPVPN-Router 1
route inside 172.16.160.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
route inside 172.16.164.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
route inside 172.16.168.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
route inside 172.16.172.0 255.255.252.0 172.16.87.172 1
route inside 172.16.180.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
route inside 172.16.184.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
route inside 172.16.188.0 255.255.252.0 172.16.86.85 1
route inside 172.16.188.0 255.255.252.0 Cisco7200 1
route inside 172.16.192.0 255.255.252.0 172.16.86.194 1
route inside 172.16.200.0 255.255.252.0 172.16.87.11 1
route inside 172.16.204.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
route inside 172.16.208.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
route inside 172.16.212.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
route inside 172.16.220.0 255.255.252.0 IPVPN-Router 1
route inside 172.16.224.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
route inside 172.16.236.0 255.255.252.0 172.16.87.254 1
route inside 172.16.240.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
route inside 172.16.248.0 255.255.252.0 IPVPN-Router 1
route inside 172.17.84.0 255.255.255.224 IPVPN-Router 1
route inside 172.18.252.0 255.255.252.0 172.16.84.15 1
route inside 172.20.0.0 255.255.252.0 172.16.87.11 1
route management 172.20.1.32 255.255.255.240 10.10.200.18 1
route inside 192.167.5.0 255.255.255.0 172.16.86.42 1
route inside 192.168.1.0 255.255.255.0 TFIJI-CORE-INT-ROUTER 1
route inside 192.168.1.0 255.255.255.0 HOST-172.16.84.144 1
route inside 192.168.1.96 255.255.255.224 TFIJI-CORE-INT-ROUTER 1
route inside 192.168.1.128 255.255.255.224 TFIJI-CORE-INT-ROUTER 1
route inside 192.168.2.0 255.255.255.0 172.16.87.192 1
route inside 192.168.5.0 255.255.255.0 HOST-172.16.84.144 1
route inside 192.168.11.0 255.255.255.0 TFIJI-CORE-INT-ROUTER 1
route inside 192.168.150.0 255.255.255.0 IPVPN-Router 1
route inside 192.168.200.0 255.255.255.0 TFIJI-CORE-INT-ROUTER 1
route inside 192.168.201.0 255.255.255.0 TFIJI-CORE-INT-ROUTER 1
route inside 192.168.202.0 255.255.255.0 TFIJI-CORE-INT-ROUTER 1
route inside 192.168.210.0 255.255.255.0 Cisco7200 1
route inside 192.168.213.0 255.255.255.0 Cisco7200 1
route inside 192.168.254.0 255.255.255.0 fw1.outside.irc.com 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
class-map inspection_default
match default-inspection-traffic
class-map flow_export_class
match access-list global_mpc
policy-map global_policy
class inspection_default
inspect dns
inspect esmtp
inspect h323 h225
inspect h323 ras
inspect icmp error
inspect ipsec-pass-thru
inspect mgcp
inspect rsh
inspect sip
inspect skinny
inspect snmp
inspect tftp
inspect ftp strict
inspect icmp
class flow_export_class
flow-export event-type all destination solarwinds-server
policy-map type inspect dns migrated_dns_map_1
parameters
message-length maximum 512
service-policy global_policy global
smtp-server 172.16.86.16
prompt hostname context
Cryptochecksum:24270eebd6c941fb7b302b034e32bba1
: endHi,
NMAP gives the report for the first firewall interface it hits. In your case you have allowed tcp any any where it allows all the ports. I have mentioned only one example.... There are many in your case....
Also NMAP results will be effective once when you directly connect to outside interface or directly on to the outside LAN.
Regards
Karthik
Maybe you are looking for
-
ME59N - Conversion of Purchase Req to Purchase Order
Hi Gurus, I am trying to convert PR to PO through ME59N tcode. The vendor as cource of suppply is ERS vendor. When I do the conversion, I am getting an error " Tax code must be maintained for ERS vendor' . How can I interfere in this automatic
-
Locating Lost or Stolen iPad or iPhone
Basically, this is a posting for BOTH Apple and mobile device users. It contains suggestions for Apple and tips for user who have lost a trackable device (iPad, iPhone, iPod Touch, etc). Recently we misplaced an iPad in an Orlando airport. After se
-
Select query in Advanced SQL Filter
Hi All I am creating a shared filter and I need to write an sql statement for a column. Can I use string functions in the Advanced SQL Filter. My sql query is : select distinct "Exchange Rate"."Type" from "Credit" where substr(rtrim("Exchange Rate"."
-
External Content Type Page Number Filter
I have a External Content Type set up on a SQL Server view. My problem is when I use the content type as a external column in a SharePoint list the picker returns more than 200 items. I have tried to add the Page Number filter to allow users to page
-
Is it possible to link songs in itunes?
I'd like to be able to link certain songs together, as often heard on the radio for tunes like Train, Train, by Blackfoot; or Queen's Bohemian Rhapsody and We Are the Champions.